Page MenuHomeFreeBSD
Files F87245294

No OneTemporary
Actions

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
This document is not UTF8. It was detected as ISO-8859-1 (Latin 1) and converted to UTF8 for display.
diff --git a/CACerts b/CACerts
index b5deb36b19b1..630707555657 100644
--- a/CACerts
+++ b/CACerts
@@ -1,198 +1,100 @@
-# $Id: CACerts,v 8.6 2013-01-18 15:14:17 ca Exp $
# This file contains some CA certificates that are used to sign the
# certificates of mail servers of members of the sendmail consortium
# who may reply to questions etc sent to sendmail.org.
# It is useful to allow connections from those MTAs that can present
# a certificate signed by one of these CA certificates.
#
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
- 92:91:67:de:e0:ef:2c:e4
+ 81:9d:41:0f:40:55:ac:4a
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
+ Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
Validity
- Not Before: Mar 2 19:15:29 2015 GMT
- Not After : Mar 1 19:15:29 2018 GMT
- Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
+ Not Before: Feb 27 02:30:55 2018 GMT
+ Not After : Feb 26 02:30:55 2021 GMT
+ Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
- 00:b9:1a:a1:56:ce:cb:16:af:4f:96:ba:2a:70:31:
- 70:d3:86:6c:7a:46:26:47:42:3f:de:49:57:3e:08:
- 1e:10:25:bf:06:8f:ca:fd:f4:5e:6a:01:7d:31:4d:
- 50:88:18:43:71:66:65:42:9c:90:97:0d:95:f2:14:
- ef:d7:5e:77:ef:7d:b5:49:3f:02:bb:83:20:f7:e6:
- fc:9a:cd:13:df:60:41:28:8e:39:07:a6:a4:40:98:
- 15:1e:46:b6:04:2e:f9:ab:32:d1:8b:fe:52:81:f1:
- d2:e1:c3:cf:bf:ab:40:a7:f0:e4:e5:a2:82:37:30:
- 8c:10:7d:aa:a8:7c:7e:76:cc:5f:1a:24:d0:8c:94:
- f6:f2:7f:4a:be:2f:38:67:c0:06:e6:9e:51:ad:55:
- d0:cb:26:71:cf:f4:af:7d:5a:41:81:16:fb:26:ec:
- f0:35:01:6e:db:f9:e9:00:d7:d0:89:7b:cf:88:16:
- 8b:1c:8f:77:1f:5d:ef:70:04:28:76:c5:1b:c6:23:
- 8d:49:6b:f0:b8:21:56:d6:7d:68:6c:be:21:e3:e6:
- e3:1d:6f:a5:ea:dc:83:e4:27:b3:6f:5f:1b:3d:33:
- a1:d5:d3:f0:73:1a:12:eb:d9:95:00:71:59:16:b4:
- e4:60:38:b2:2e:7f:b7:d4:c5:e9:3f:74:e4:48:38:
- 29:89
+ 00:b8:a3:8d:79:28:c1:1f:9c:11:74:43:26:e1:3b:
+ cc:14:87:5b:6b:64:4c:ed:79:1b:7f:2a:03:d0:7b:
+ ef:9e:88:b0:64:36:ee:58:ef:fd:d9:c7:20:b3:71:
+ e9:6d:1e:a7:bc:c1:7c:3b:fe:2a:e4:16:2f:bc:d6:
+ 2c:f5:98:f9:c4:21:1c:ca:c3:7e:57:89:c8:a9:2f:
+ da:6b:9b:52:d6:c9:9d:98:97:6d:08:7c:a6:37:4e:
+ d4:26:bb:db:73:b0:38:ef:7d:1e:dd:8e:dd:8e:17:
+ 2f:a0:3d:a9:0e:4d:f0:2b:b8:14:23:33:ad:c8:a0:
+ e5:9d:0f:27:ad:83:a2:78:90:05:ec:29:06:91:07:
+ 45:6c:5f:ba:8e:1d:f1:d7:1b:2d:f9:99:ba:2e:27:
+ e1:03:7d:e9:d2:54:35:cc:39:79:07:83:d8:93:9b:
+ d6:ef:72:ab:d4:63:8e:6b:f7:00:66:5f:77:e8:b6:
+ bc:de:5f:8c:d0:ce:1a:c4:db:03:9d:e4:ee:0a:ec:
+ 77:c5:f2:30:69:7e:70:12:e5:c2:4a:28:3f:e7:19:
+ eb:af:41:fb:e6:a6:1d:b5:fd:2b:99:03:f5:20:90:
+ 38:73:bd:43:70:da:cf:1f:34:5d:ab:17:4b:73:cf:
+ f9:3d:e1:a2:79:14:de:d8:40:85:82:c4:5a:84:82:
+ 32:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
- B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
+ 42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A
X509v3 Authority Key Identifier:
- keyid:B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
- DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
- serial:92:91:67:DE:E0:EF:2C:E4
-
+ keyid:42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A
+ DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
+ serial:81:9D:41:0F:40:55:AC:4A
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
- email:ca+ca-rsa2015@esmtp.org
+ email:ca+ca-rsa2018@esmtp.org
X509v3 Issuer Alternative Name:
- email:ca+ca-rsa2015@esmtp.org
+ email:ca+ca-rsa2018@esmtp.org
Signature Algorithm: sha1WithRSAEncryption
- 0a:ce:07:39:77:08:c5:3a:00:04:e8:a0:3b:f7:d2:4c:79:02:
- 23:0b:da:c0:55:39:82:71:0a:0c:83:e2:de:f2:3b:fe:23:bc:
- 9b:13:34:d1:29:0a:16:3f:01:7d:9f:fb:4b:aa:12:dc:3b:7e:
- b9:27:7b:ec:0c:3f:c0:d9:f5:d8:a8:a1:9c:1c:3a:2f:40:df:
- 27:1a:1a:a0:74:00:19:b7:82:0e:f9:45:86:bf:32:da:0e:72:
- 0a:4c:2c:39:21:63:c3:1f:61:6e:e2:4d:ba:7a:26:1a:15:ce:
- b1:f6:1a:59:04:70:ed:e8:72:05:4c:fc:84:c6:a5:f4:e2:4a:
- 40:e4:42:70:87:9a:a7:02:26:3a:47:34:09:e0:7b:88:ca:fb:
- 99:d9:9b:bb:0c:52:8a:93:d5:59:30:0b:55:42:b4:bb:d2:b1:
- 49:55:81:a4:70:a0:49:19:f2:4f:61:94:af:e9:d7:62:68:65:
- 97:67:00:26:b8:9b:b2:2c:d0:2c:83:7d:3e:b3:31:73:b9:55:
- 49:53:fa:a3:ad:1b:02:67:08:9e:ce:9e:eb:9f:47:0d:6c:95:
- e9:6c:30:92:c1:94:67:ad:d9:e3:b9:61:ea:a9:72:98:81:3a:
- 62:80:70:20:9a:3e:c4:1f:6f:bd:b4:00:ec:b1:fe:71:da:91:
- 15:89:f7:8f
------BEGIN CERTIFICATE-----
-MIIFJzCCBA+gAwIBAgIJAJKRZ97g7yzkMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
-VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx
-FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExIjAgBgNVBAMMGUNs
-YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTUxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
-YTIwMTVAZXNtdHAub3JnMB4XDTE1MDMwMjE5MTUyOVoXDTE4MDMwMTE5MTUyOVow
-gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhC
-ZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAKBgNVBAsMA01UQTEiMCAG
-A1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEmMCQGCSqGSIb3DQEJARYX
-Y2ErY2EtcnNhMjAxNUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC5GqFWzssWr0+WuipwMXDThmx6RiZHQj/eSVc+CB4QJb8Gj8r99F5q
-AX0xTVCIGENxZmVCnJCXDZXyFO/XXnfvfbVJPwK7gyD35vyazRPfYEEojjkHpqRA
-mBUeRrYELvmrMtGL/lKB8dLhw8+/q0Cn8OTlooI3MIwQfaqofH52zF8aJNCMlPby
-f0q+LzhnwAbmnlGtVdDLJnHP9K99WkGBFvsm7PA1AW7b+ekA19CJe8+IFoscj3cf
-Xe9wBCh2xRvGI41Ja/C4IVbWfWhsviHj5uMdb6Xq3IPkJ7NvXxs9M6HV0/BzGhLr
-2ZUAcVkWtORgOLIuf7fUxek/dORIOCmJAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
-sWnbXpvOGrQdsmr8WiKXtiQUbzIwgdoGA1UdIwSB0jCBz4AUsWnbXpvOGrQdsmr8
-WiKXtiQUbzKhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y
-bmlhMREwDwYDVQQHDAhCZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAK
-BgNVBAsMA01UQTEiMCAGA1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEm
-MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxNUBlc210cC5vcmeCCQCSkWfe4O8s
-5DAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAu
-b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAub3JnMA0GCSqGSIb3
-DQEBBQUAA4IBAQAKzgc5dwjFOgAE6KA799JMeQIjC9rAVTmCcQoMg+Le8jv+I7yb
-EzTRKQoWPwF9n/tLqhLcO365J3vsDD/A2fXYqKGcHDovQN8nGhqgdAAZt4IO+UWG
-vzLaDnIKTCw5IWPDH2Fu4k26eiYaFc6x9hpZBHDt6HIFTPyExqX04kpA5EJwh5qn
-AiY6RzQJ4HuIyvuZ2Zu7DFKKk9VZMAtVQrS70rFJVYGkcKBJGfJPYZSv6ddiaGWX
-ZwAmuJuyLNAsg30+szFzuVVJU/qjrRsCZwiezp7rn0cNbJXpbDCSwZRnrdnjuWHq
-qXKYgTpigHAgmj7EH2+9tADssf5x2pEVifeP
------END CERTIFICATE-----
+ 0b:4c:e5:c2:ed:0a:e5:7b:95:29:22:d4:8f:5f:cb:1b:b1:e3:
+ 4c:fc:90:e7:2e:97:87:87:a2:63:0d:6d:4d:f0:1f:0d:84:11:
+ dc:df:b7:fa:c3:c6:2e:07:e9:a0:e9:a6:9f:54:17:ad:1a:d0:
+ 36:be:31:cc:a5:85:a0:45:4a:87:45:80:7e:de:ea:97:68:e0:
+ 2b:09:5d:9a:31:6f:f5:78:22:c5:66:2a:99:70:9e:6d:c4:ab:
+ f6:90:01:70:53:07:66:6c:a6:b5:ce:4b:36:05:83:87:0c:a7:
+ e0:1e:34:d0:5e:76:a4:20:71:cd:9d:c1:ae:82:27:e0:6f:16:
+ 57:74:e7:63:9f:d0:3d:72:91:6d:97:a4:82:23:84:dd:6e:0d:
+ da:43:00:a7:ce:2f:f8:79:04:67:6a:e5:b0:ab:30:d8:f1:90:
+ 10:43:3b:09:77:27:34:a4:d4:c0:25:4e:21:32:a3:ab:60:1c:
+ 9d:6e:e2:65:39:51:7f:cd:9f:88:3a:7e:f4:38:af:7b:5b:a7:
+ bb:7b:70:97:21:59:fc:5c:55:a1:db:74:0a:37:1e:33:97:5f:
+ 70:32:98:b3:d9:99:4e:08:3c:de:01:82:17:9b:49:d7:fa:c9:
+ 45:8d:93:cc:42:d6:36:f2:39:3a:47:28:3f:6f:6a:e5:23:f3:
+ 5c:d4:a3:1b
-
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- f1:41:b3:3d:ba:bd:33:49
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
- Validity
- Not Before: Mar 10 02:47:46 2012 GMT
- Not After : Mar 10 02:47:46 2015 GMT
- Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:a2:80:fc:c6:ce:7f:60:38:65:f4:38:f9:7a:d9:
- 87:fd:47:eb:3f:2c:4a:c9:38:77:6a:77:94:92:7f:
- 83:3d:99:57:2c:5f:37:bb:ba:12:10:17:56:fa:eb:
- 43:a6:4b:4c:1e:30:32:07:94:2f:5a:d8:65:49:29:
- fa:24:d1:f0:0b:45:2d:e5:d5:cb:7d:60:dc:a6:ce:
- a4:47:35:30:ee:5e:8d:c2:30:e7:a7:63:32:b0:59:
- 80:cc:8c:99:64:77:8f:50:8e:88:51:47:36:ea:9a:
- f3:b4:c0:8c:a6:ab:c6:42:57:88:b9:5f:9f:61:15:
- bb:79:65:93:ca:a9:fd:17:eb:87:26:8b:eb:b7:2b:
- 7e:33:05:2b:ba:c0:46:f7:08:fd:da:c1:50:9b:3d:
- 26:83:5c:53:97:89:2c:cc:5f:f2:7b:a8:b7:3d:fb:
- f2:b4:89:0d:43:ef:18:5c:21:75:71:cc:f0:c2:a3:
- 84:69:c0:a7:f3:9b:de:c1:c7:5a:5c:7e:68:da:49:
- 71:af:58:a8:51:9f:bd:f9:3d:bb:a5:92:fa:7b:1d:
- 52:f5:fe:90:59:95:27:65:a4:af:97:9a:4f:01:39:
- 59:7d:08:6f:a1:8f:42:47:49:bf:12:52:53:39:74:
- 8d:62:3b:bd:4c:4f:05:0f:c4:b9:3e:da:a8:0e:96:
- 05:2d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 08:38:E3:88:92:53:6E:F1:56:69:27:44:B5:4C:A0:18:CA:06:97:EB
- X509v3 Authority Key Identifier:
- keyid:08:38:E3:88:92:53:6E:F1:56:69:27:44:B5:4C:A0:18:CA:06:97:EB
- DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
- serial:F1:41:B3:3D:BA:BD:33:49
-
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Alternative Name:
- email:ca+ca-rsa2012@esmtp.org
- X509v3 Issuer Alternative Name:
- email:ca+ca-rsa2012@esmtp.org
- Signature Algorithm: sha1WithRSAEncryption
- 9a:8f:4d:23:5b:30:80:e1:94:e4:66:9c:3a:17:8b:79:49:5b:
- ec:5d:e5:a1:22:2d:71:37:a1:51:e7:1d:b1:0d:a9:9b:aa:a9:
- 0d:c7:cd:d6:24:f9:e0:f0:57:be:4f:74:0c:4b:7a:42:4c:70:
- 19:2e:8e:eb:cb:1b:00:26:27:eb:1c:42:33:d5:ec:32:b4:6c:
- 7d:a3:04:a1:5c:00:49:c9:0d:4c:4d:28:37:06:22:77:ec:40:
- 15:25:3a:23:84:ae:1f:da:90:dd:c9:dc:27:ee:7c:ec:e5:df:
- b8:ba:1e:3f:ee:c2:91:a2:3f:22:92:1e:f3:06:7e:aa:e9:c3:
- 11:2d:3d:2f:85:f7:fc:d7:e2:f8:6d:70:a6:40:62:69:e7:52:
- ed:1b:19:38:72:86:08:a1:3d:47:c8:68:82:41:db:db:2a:52:
- 25:d7:49:aa:9e:c5:83:22:7d:2f:0b:df:8c:90:2d:b5:aa:33:
- c7:9b:e8:39:8f:bb:79:5b:13:2d:4e:a9:69:59:c7:09:26:e2:
- b5:53:80:86:72:bb:7c:be:e9:46:5b:d8:b2:78:42:d6:5d:c3:
- bb:3a:3b:5f:0f:e8:c3:60:fb:88:9f:3a:2b:9f:d3:7d:9f:c7:
- 32:aa:4d:34:a7:66:a1:25:16:95:a6:69:e7:86:a3:5c:b9:b9:
- df:58:05:e3
-----BEGIN CERTIFICATE-----
-MIIFJzCCBA+gAwIBAgIJAPFBsz26vTNJMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
-VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkx
-FDASBgNVBAoTC0VuZG1haWwgT3JnMQwwCgYDVQQLEwNNVEExIjAgBgNVBAMTGUNs
-YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTIxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
-YTIwMTJAZXNtdHAub3JnMB4XDTEyMDMxMDAyNDc0NloXDTE1MDMxMDAyNDc0Nlow
-gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhC
-ZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAKBgNVBAsTA01UQTEiMCAG
-A1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxMjEmMCQGCSqGSIb3DQEJARYX
-Y2ErY2EtcnNhMjAxMkBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCigPzGzn9gOGX0OPl62Yf9R+s/LErJOHdqd5SSf4M9mVcsXze7uhIQ
-F1b660OmS0weMDIHlC9a2GVJKfok0fALRS3l1ct9YNymzqRHNTDuXo3CMOenYzKw
-WYDMjJlkd49QjohRRzbqmvO0wIymq8ZCV4i5X59hFbt5ZZPKqf0X64cmi+u3K34z
-BSu6wEb3CP3awVCbPSaDXFOXiSzMX/J7qLc9+/K0iQ1D7xhcIXVxzPDCo4RpwKfz
-m97Bx1pcfmjaSXGvWKhRn735Pbulkvp7HVL1/pBZlSdlpK+Xmk8BOVl9CG+hj0JH
-Sb8SUlM5dI1iO71MTwUPxLk+2qgOlgUtAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
-CDjjiJJTbvFWaSdEtUygGMoGl+swgdoGA1UdIwSB0jCBz4AUCDjjiJJTbvFWaSdE
-tUygGMoGl+uhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
-bmlhMREwDwYDVQQHEwhCZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAK
-BgNVBAsTA01UQTEiMCAGA1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxMjEm
-MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxMkBlc210cC5vcmeCCQDxQbM9ur0z
-STAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTJAZXNtdHAu
-b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTJAZXNtdHAub3JnMA0GCSqGSIb3
-DQEBBQUAA4IBAQCaj00jWzCA4ZTkZpw6F4t5SVvsXeWhIi1xN6FR5x2xDambqqkN
-x83WJPng8Fe+T3QMS3pCTHAZLo7ryxsAJifrHEIz1ewytGx9owShXABJyQ1MTSg3
-BiJ37EAVJTojhK4f2pDdydwn7nzs5d+4uh4/7sKRoj8ikh7zBn6q6cMRLT0vhff8
-1+L4bXCmQGJp51LtGxk4coYIoT1HyGiCQdvbKlIl10mqnsWDIn0vC9+MkC21qjPH
-m+g5j7t5WxMtTqlpWccJJuK1U4CGcrt8vulGW9iyeELWXcO7OjtfD+jDYPuInzor
-n9N9n8cyqk00p2ahJRaVpmnnhqNcubnfWAXj
+MIIE4jCCA8qgAwIBAgIJAIGdQQ9AVaxKMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx
+FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNB
+MSYwJAYJKoZIhvcNAQkBFhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzAeFw0xODAy
+MjcwMjMwNTVaFw0yMTAyMjYwMjMwNTVaMIGOMQswCQYDVQQGEwJVUzETMBEGA1UE
+CAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkxFDASBgNVBAoMC0VuZG1h
+aWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNBMSYwJAYJKoZIhvcNAQkB
+FhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALijjXkowR+cEXRDJuE7zBSHW2tkTO15G38qA9B7756IsGQ27ljv
+/dnHILNx6W0ep7zBfDv+KuQWL7zWLPWY+cQhHMrDfleJyKkv2mubUtbJnZiXbQh8
+pjdO1Ca723OwOO99Ht2O3Y4XL6A9qQ5N8Cu4FCMzrcig5Z0PJ62DoniQBewpBpEH
+RWxfuo4d8dcbLfmZui4n4QN96dJUNcw5eQeD2JOb1u9yq9Rjjmv3AGZfd+i2vN5f
+jNDOGsTbA53k7grsd8XyMGl+cBLlwkooP+cZ669B++amHbX9K5kD9SCQOHO9Q3Da
+zx80XasXS3PP+T3honkU3thAhYLEWoSCMvECAwEAAaOCAT8wggE7MB0GA1UdDgQW
+BBRCN3XnjxLP2eshIn2K6Ekh/eI6OjCBwwYDVR0jBIG7MIG4gBRCN3XnjxLP2esh
+In2K6Ekh/eI6OqGBlKSBkTCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm
+b3JuaWExETAPBgNVBAcMCEJlcmtlbGV5MRQwEgYDVQQKDAtFbmRtYWlsIE9yZzEM
+MAoGA1UECwwDTVRBMQswCQYDVQQDDAJDQTEmMCQGCSqGSIb3DQEJARYXY2ErY2Et
+cnNhMjAxOEBlc210cC5vcmeCCQCBnUEPQFWsSjAMBgNVHRMEBTADAQH/MCIGA1Ud
+EQQbMBmBF2NhK2NhLXJzYTIwMThAZXNtdHAub3JnMCIGA1UdEgQbMBmBF2NhK2Nh
+LXJzYTIwMThAZXNtdHAub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQALTOXC7Qrle5Up
+ItSPX8sbseNM/JDnLpeHh6JjDW1N8B8NhBHc37f6w8YuB+mg6aafVBetGtA2vjHM
+pYWgRUqHRYB+3uqXaOArCV2aMW/1eCLFZiqZcJ5txKv2kAFwUwdmbKa1zks2BYOH
+DKfgHjTQXnakIHHNncGugifgbxZXdOdjn9A9cpFtl6SCI4Tdbg3aQwCnzi/4eQRn
+auWwqzDY8ZAQQzsJdyc0pNTAJU4hMqOrYBydbuJlOVF/zZ+IOn70OK97W6e7e3CX
+IVn8XFWh23QKNx4zl19wMpiz2ZlOCDzeAYIXm0nX+slFjZPMQtY28jk6Ryg/b2rl
+I/Nc1KMb
-----END CERTIFICATE-----
diff --git a/KNOWNBUGS b/KNOWNBUGS
index de8bd0e15638..d3c0a2ff416d 100644
--- a/KNOWNBUGS
+++ b/KNOWNBUGS
@@ -1,274 +1,273 @@
K N O W N B U G S I N S E N D M A I L
The following are bugs or deficiencies in sendmail that we are aware of
but which have not been fixed in the current release. You probably
want to get the most up to date version of this from ftp.sendmail.org
in /pub/sendmail/KNOWNBUGS. For descriptions of bugs that have been
fixed, see the file RELEASE_NOTES (in the root directory of the sendmail
distribution).
This list is not guaranteed to be complete.
* Header values which are too long may be truncated.
If a value of a structured header is longer than 256 (MAXNAME)
characters then it may be truncated during output. For example,
if a single address in the To: header is longer than 256 characters
then it will be truncated which may result in a syntactically
invalid address.
* Delivery to programs that generate too much output may cause problems
If e-mail is delivered to a program which generates too much
output, then sendmail may issue an error:
timeout waiting for input from local during Draining Input
Make sure that the program does not generate output beyond a
status message (corresponding to the exit status). This may
require a wrapper around the actual program to redirect output
to /dev/null.
Such a problem has been reported for bulk_mailer.
* Null bytes are not handled properly in headers.
Sendmail should handle full binary data. As it stands, it handles
all values in the body, but not 0x00 in the header. Changing
this would require a major restructuring of the code -- for
example, almost no C library support could be used to handle
strings.
* Header checks are not called if header value is too long or empty.
If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
characters or it contains a single word longer than 256 (MAXNAME)
characters then no header check is done even if one is configured for
the header.
* Header lines which are too long will be split incorrectly.
Header lines which are longer than 2045 characters will be split
but some characters might be lost. Fix: obey RFC (2)822 and do not
send lines that are longer than 1000 characters.
* milter communication fails if a single header is larger than 64K.
If a single header is larger than 64KB (which is not possible in the
default configuration) then it cannot be transferred in one block to
libmilter and hence the communication fails. This can be avoided by
increasing the constant MILTER_CHUNK_SIZE in
include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
all (statically linked) milters (or by using undocumented compile
time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to
read the source code in order to use these properly).
* Sender addresses whose domain part cause a temporary A record lookup
failure but have a valid MX record will be temporarily rejected in
the default configuration. Solution: fix the DNS at the sender side.
If that's not easy to achieve, possible workarounds are:
- add an entry to the access map:
dom.ain OK
- (only for advanced users) replace
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
with
# Resolve map (to check if a host exists in check_mail)
Kcanon host -a<OKR> -T<TEMP>
Kdnsmx dns -R MX -a<OKR> -T<TEMP>
Kresolve sequence dnsmx canon
* Duplicate error messages.
Sometimes identical, duplicate error messages can be generated. As
near as I can tell, this is rare and relatively innocuous.
* Misleading error messages.
If an illegal address is specified on the command line together
with at least one valid address and PostmasterCopy is set, the
DSN does not contain the illegal address, but only the valid
address(es).
* \231 considered harmful.
Header addresses that have the \231 character (and possibly others
in the range \201 - \237) behave in odd and usually unexpected ways.
* AuthRealm for Cyrus SASL may not work as expected. The man page
and the actual usage for sasl_server_new() seem to differ.
Feedback for the "correct" usage is welcome, a patch to match
the description of the man page is in contrib/AuthRealm.p0.
* accept() problem on SVR4.
Apparently, the sendmail daemon loop (doing accept()s on the network)
can get into a weird state on SVR4; it starts logging ``SYSERR:
getrequests: accept: Protocol Error''. The workaround is to kill
and restart the sendmail daemon. We don't have an SVR4 system at
Berkeley that carries more than token mail load, so I can't validate
this. It is likely to be a glitch in the sockets emulation, since
"Protocol Error" is not possible error code with Berkeley TCP/IP.
I've also had someone report the message ``sendmail: accept:
SIOCGPGRP failed errno 22'' on an SVR4 system. This message is
not in the sendmail source code, so I assume it is also a bug
in the sockets emulation. (Errno 22 is EINVAL "Invalid Argument"
on all the systems I have available, including Solaris 2.x.)
Apparently, this problem is due to linking -lc before -lsocket;
if you are having this problem, check your Makefile.
* accept() problem on Linux.
The accept() in sendmail daemon loop can return ETIMEDOUT. An
error is reported to syslog:
Jun 9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root):
getrequests: accept: Connection timed out
"Connection timed out" is not documented as a valid return from
accept(2) and this was believed to be a bug in the Linux kernel.
Later information from the Linux kernel group states that Linux
2.0 kernels follow RFC1122 while sendmail follows the original BSD
(now POSIX 1003.1g draft) specification. The 2.1.X and later kernels
will follow the POSIX draft.
* Excessive mailing list nesting can run out of file descriptors.
If you have a mailing list that includes lots of other mailing
lists, each of which has a separate owner, you can run out of
file descriptors. Each mailing list with a separate owner uses
one open file descriptor (prior to 8.6.6 it was three open
file descriptors per list). This is particularly egregious if
you have your connection cache set to be large.
* Connection caching breaks if you pass the port number as an argument.
If you have a definition such as:
Mport, P=[IPC], F=kmDFMuX, S=11/31, R=21,
M=2100000, T=DNS/RFC822/SMTP,
A=IPC [127.0.0.1] $h
(i.e., where $h is the port number instead of the host name) the
connection caching code will break because it won't notice that
two messages addressed to different ports should use different
connections.
* ESMTP SIZE underestimates the size of a message
Sendmail makes no allowance for headers that it adds, nor does it
account for the SMTP on-the-wire \r\n expansion. It probably doesn't
allow for 8->7 bit MIME conversions either.
* Client ignores SIZE parameter.
When sendmail acts as client and the server specifies a limit
for the mail size, sendmail will ignore this and try to send the
mail anyway. The server will usually reject the MAIL command
which specifies the size of the message and hence this problem
is not significant.
* Paths to programs being executed and the mode of program files are
not checked. Essentially, the RunProgramInUnsafeDirPath and
RunWritableProgram bits in the DontBlameSendmail option are always
set. This is not a problem if your system is well managed (that is,
if binaries and system directories are mode 755 instead of something
foolish like 777).
* 8-bit data in GECOS field
If the GECOS (personal name) information in the passwd file contains
8-bit characters, those characters can be included in the message
header, which can cause problems when sending SMTP to hosts that
only accept 7-bit characters.
* 8->7 bit MIME conversion
When sendmail is doing 8->7 bit MIME conversions, and the message
contains certain MIME body types that cannot be converted to 7-bit,
sendmail will pass the message as 8-bit.
* 7->8 bit MIME conversion
If a message that is encoded as 7-bit MIME is converted to 8-bit and
that message when decoded is illegal (e.g., because of long lines or
illegal characters), sendmail can produce an illegal message.
* MIME encoded full name phrases in the From: header
If a full name phrase includes characters from MustQuoteChars, sendmail
will quote the entire full name phrase. If MustQuoteChars includes
characters which are not special characters according to STD 11 (RFC
822), this quotation can interfere with MIME encoded full name phrases.
By default, sendmail includes the single quote character (') in
MustQuoteChars even though it is not listed as a special character in
STD 11.
* bestmx map with -z flag truncates the list of MX hosts
A bestmx map configured with the -z flag will truncate the list
of MX hosts. This prevents creation of strings which are too
long for ruleset parsing. This can have an adverse effect on the
relay_based_on_MX feature.
* Saving to ~sender/dead.letter fails if su'ed to root
If ErrorMode is set to print and an error in sending mail occurs,
the normal action is to print a message to the screen and append
the message to a dead.letter file in the sender's home directory.
In the case where the sender is using su to act as root, the file
safety checks prevent sendmail from saving the dead.letter file
because the sender's uid and the current real uid do not match.
* Berkeley DB 2.X race condition with fcntl() locking
There is a race condition for Berkeley DB 2.X databases on
operating systems which use fcntl() style locking, such as
Solaris. Sendmail locks the map before calling db_open() to
prevent others from modifying the map while it is being opened.
Unfortunately, Berkeley DB opens the map, closes it, and then
reopens it. fcntl() locking drops the lock when any file
descriptor pointing to the file is closed, even if it is a
different file descriptor than the one used to initially lock
the file. As a result there is a possibility that entries in a
map might not be found during a map rebuild. As a workaround,
you can use makemap to build a map with a new name and then
"mv" the new db file to replace the old one.
Sleepycat Software has added code to avoid this race condition to
Berkeley DB versions after 2.7.5.
* File open timeouts not available on hard mounted NFS file systems
Since SIGALRM does not interrupt an RPC call for hard mounted
NFS file systems, it is impossible to implement a timeout on a file
open operation. Therefore, while the NFS server is not responding,
attempts to open a file on that server will hang. Systems with
local mail delivery and NFS hard mounted home directories should be
avoided, as attempts to open the forward files could hang.
* Race condition for delivery to set-user-ID files
Sendmail will deliver to a file if the file is owned by the DefaultUser
or has the set-user-ID bit set. Unfortunately, some systems clear that bit
when a file is modified. Sendmail compensates by resetting the file mode
back to it's original settings. Unfortunately, there's still a
permission failure race as sendmail checks the permissions before locking
the file. This is unavoidable as sendmail must verify the file is safe
to open before opening it. A file can not be locked until it is open.
* MAIL_HUB always takes precedence over LOCAL_RELAY
Despite the information in the documentation, MAIL_HUB ($H) will always
be used if set instead of LOCAL_RELAY ($R). This will be fixed in a
future version.
-$Revision: 8.61 $, Last updated $Date: 2011-04-07 17:48:23 $
diff --git a/PGPKEYS b/PGPKEYS
index 361d3e7b8e15..03476f63a5ed 100644
--- a/PGPKEYS
+++ b/PGPKEYS
@@ -1,2794 +1,3718 @@
This file contains the PGP keys used to sign the various versions of
sendmail. You can add them to your PGP keyring using:
PGP 2.X: pgp -ka PGPKEYS
PGP 5.X: pgpk -a PGPKEYS
GPG: gpg --import PGPKEYS
Other versions of PGP may require you to separate each key into a
separate file and add them one at a time.
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0x16F4CCE9 1999-06-23 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 18 A4 51 78 CA 72 D4 A7 ED 80 BA 8A C4 98 71 1D
-uid Sendmail Security <sendmail-security@sendmail.org>
+Note that PGP 2.X and 5.X are deprecated and may not properly
+function with newer keys.
+
+pub 4096R/CA28E5A4 2016-03-04
+fingerprint: 8E6A 5575 0635 A7EA F56C FE80 3D67 CBA7 CA28 E5A4
+uid Sendmail Security <sendmail-security@sendmail.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
+Version: GnuPG v1
-mQCNAzdxaGsAAAEEALq7JPrdyXCm3DdJEKR9miP8/B9vrferOBoNimPFceDEqCpm
-0RiJtnGhUJwt/HZZhiGDWPYTIa7VajfxiEzJ7LZH+/uXgQFVN27fPwoNKCI+7sr3
-FnRs3Xapojn3d3LZSHagTh+VTuG5LxbP/m//sj2Rw1MMPw1b7sApykAW9MzpAAUR
+mQINBFbZrJQBEADf5e1nG0uJs97KLNWbm4NjA5QapVuDk9AsRN4/T3tXVhgK3rBO
+lDwQnKFXon/0W/zwXNG4/XLM9Izga0reb8INj1meDVNaqX2PaKqmjUFZWVqz1IAR
+HqCjnR/BDuN+6nLpIEETCSnCnOqK6gBhkzc41vU9HiiujVFlyJwcNLrJe5hpgIEX
+SW8RQsSja3+qbhZbGrI0izCk7OPJUwNhvs5yzXa3jpiIohfoFV017Ww+iuXu7c1n
+Gb9nGnWotI7FYTeWQLUs2A9zCDSZxLn2s7wtbJJlCezY7yUwhxdZm7zjFVf8f4/X
+VArmjJsyKZSfmX/l+0JRD0Uh45GFHFi1YuYlhZhGcx6aDYoY63cvREYLS7jHbXzr
+c+NDCmrqqIJCqj63ky/m57PCC8HuClREGTxOyAcRYtoA/A+i7X+hPx+E4RvJZxEf
+1wxAJJ2W13hq7+Bo1sF9NlKFpLKRCydpdfaP5++UpXSiIWNmQaPeNBmVm/nWDj0l
+eDPUKE1mIw1eVSLTLlXJy/jlZNCbQ6tgAJkvEUiylj43SE71FmFImrJHumOxlBXS
+5K028kIRJPHgqTrnZ9TDdeHoTBRGougZwe17S2nyyEZpi3rZgXxiwaTuNnLhxPv6
+p+lQuxPdfhdnXTD7EClCzOfTEyT9HvhMiCuepFhTB+qSmivQAHxEZxxmSwARAQAB
tDJTZW5kbWFpbCBTZWN1cml0eSA8c2VuZG1haWwtc2VjdXJpdHlAc2VuZG1haWwu
-b3JnPokAlQMFEDdxaGvAKcpAFvTM6QEB1bsD/jj+vTodXqoJphCrBLwFmwymopZp
-/HHu8o8FURlL6jQ6ihCruCw6PxNMzSdgmnOgyXxyRZIVO1pUyWf/RnS/r09tPLlq
-nZxdAPquhB2pkawvFp+Y///lb92SgfbS3/dtSDDAJ8FO+CDUKS5dKuZ6vSDU6ezH
-BDYjhd6pPYVd5hz3iQCVAwUQN3Fv9XxLZ22gDhVjAQH4BQQAuCNG977A4v0xjQi8
-AJsJmlS5mKMqn/Lw+sl1h4yQwF2vzNDdxhNWjZVziK3lUIUPh86u8m5CSdN2BB1Y
-1RawLvyfpl4b9KtyXxF4fh2BYmygJ4iG+WxhpaT5RS0eFvsSefO7/w13bx5U0Z7A
-YfHMt7+CKHm7bAx3l17g3I9aCMCJAJUDBRA3cXDdzx61AyIyegEBAeZmA/4zCJxF
-aathJ0soRJOcyRDzHKbAqlShF+Mx0tzcwbE3hAZrIqJ3TRK2MbrsBNnkFHPuPF0e
-eKr7TQsXOa+ig57wlHsCOc/fd9jLITjSYKxrQuZz3CrNefPKvv6v6Ctc6TT4GwhC
-zHglLC9Bfy9zgbv2wHswRvQBmRlCaERH3HLb1okAlQMFEDd41z8j5GLUv3ukIQEB
-9WcD/iFFF2kfSTyD+IfcLl4WCaYSeD/q/fAplpOOZWnC9PB1x3YrMHn/H8zd3S5B
-05D8+MR/QL8n8/5P+pyHa4VNRbeX8g8E34ocZf48y6FeqGi8qmcTBJDgqUTO5yMu
-t+b57G2pAIzasGcoZDqC3aJnFKwPjGRxnUFJaxlogrbUYCNOiQCVAwUQN3jwKW9S
-k9ijm6ZVAQEtugP/ewRrMCdhCbWsSUOrYn1a/pfN2KiJbhs0YyOyWbU6RvJiSFY1
-0BNAxYTbymHDOn2UhUhCrUpqatmgCuxmUsoH2Y4AAFC/94/oltwDUfnw6muqqn2K
-7AelRBbJ5wUs65pHu8kfzVB5wJh8eDacKFkK0lqgtRQCE0suhqCSFUfvtzuJAJUD
-BRA3fTCCXx7Ib4gMnlUBAWddA/oD0RKLIkLspmJC3ccmkncviMSv0rME4vY0NIfm
-IC0zsYITlU/E6H/CqVmU4Hmr5hmr5GUNNtrVZ0oLH1PUjobmZcTITJZbQSS2nY02
-N6JZT5BSAwQBfUfSMwURISRQBUOfi1kLqYk3f6UTee37/+Ig2kb388T6ClcXCv82
-FrZuwIg/AwUQN30wxNTeeNh4KRvYEQLtAACfaxVaX5D1r7hrfi/zbszQ7oekyssA
-n1suZQU7/6nIhFvdusr+/VG0RFrAiQCVAwUQN307ugDy2QnruxtBAQGKlwP/asS+
-h9ct4R66OSEjXepsMvl0So8djX15ugXb3EEJjWRH1epu7obhDymAgdQOD9NEr7BF
-0FSNCUOylASGszdcS1n5AlqV+TYihXVn265Azy+hg8g2ek97tD+x6JseKsx2nh8n
-/Es+zd3mACk21qvHB0U4FjdiQeSSirNrUHGYHZiIPwMFEDd9ihWDAqGhPt8C6hEC
-tSMAn0fo1QmxEoscgdF0esw7Bn/J+Bj6AKDNzo63lHEhUpf+JIGlfA2zzS01Z4kA
-lQMFEDd9lxoA/N7tSC51jQEBmvgD/ilLDoFPLbycEorpXFP6V0toEtTelueAeQty
-SoqD3YB+pSjTtXDqFenNWaBu0hZb7B5tg40YXqyxMEYQVpJh5coy6SlupmF2fzBi
-63++FHkxuGym9EeALPJixtM9r6pTzbX8rfvElKENiU9DBUXNhRkAocYs3pxmUge0
-9THHIyDPiQB1AwUQN32t3XLJQtjqWiN5AQEIYQL/QZEjtc1pMYlnO7i0IzvZX/mI
-RfX/0l+/+jneoSqP2EbmyvH3KMyl5SeuAifohkjK0SGRlygSMl8kceUHndeIynxg
-mM6hr9SKTByFiTy8SZeV8ovYyJ2vMk3OhUVpvGmAiD8DBRA3gbAczsKIjL9qTKER
-AhdDAJwKqcVkm9TBCmutXxwVTcffjINlBgCgrMqc6UOHlUtZps33xWZLgZh4awiJ
-AJUDBRA3g9C+TCpm+b/C9j0BAaJMBACskZxjnZbvDgm0qdvESy5+jcluxTh5fUeH
-DpnkfOP0AUAe8Ykwt8syWOQZ+3Midez8JqTAu+uvNbUckuR5XL8nMYpN06ogjg1T
-CgjLito6IptqYUZgWFvGDCdDgC+m8vw7pUbqh59mDTe0X5Q/x9Cu5JxfhxnXTNBQ
-+pI8lLAmsYkAlQMFEDeD0Jt3HZKuiXLHwQEBMZoD/2FaLFJ03tEAfNQhLmSgunWV
-akXz8udE+pY7IWi6LJGu5iwtIDJ/r0nCrJ6/aqzu9JLpGhfTnhPPCXlz4NfhriRz
-12cv2Rlg+gI3Y0Fiju5eo5TWnu+qB36vQsv73xpfQ7oCmoVY2ZntQVBaf8dyFrAd
-FBf1y33xWo58zRsg2u2hiQCVAwUQN695leHU/BTm0HRxAQGANwQAmIO4anB29bKY
-vm6ulYAm1yAyzTD5TibUnk2Ecne5st4AKGJdSrmaN7i5djxkCfimT6MnAIBRG8y9
-nXW4mCMGjfDkwve800HkrSGy8uWhHs4T8TiY8mZsIgkW5tBWnHfSyOVlc7QUbCDD
-7AzrIO3x9vYIdHMM3LAdnG9PKcLjNN6IRgQQEQIABgUCOCrZQgAKCRA/9E8kOH04
-7XJEAKC7Fzj0Mr7JxxwYEqwVgMhpbmhJkQCg7Sa+dR2qpuhYH80RPvtSEpBS6NWI
-RgQQEQIABgUCOCsObAAKCRDAz2v13mRiHprlAJ9z24xI7kHeunGE41pQ3eb32dSO
-iQCcDBmlk2RVM+ecYTwf5RyT0qyk9lqIRgQQEQIABgUCOCpmUQAKCRDUpU1Ixb5z
-WIjFAJ9lIJTH5y24d7TiWlspj8R49Wz/VQCg+EdEulY4h5A5wk1D8eCs5ar5gbCJ
-AJUDBRA4YClQmAfmW9hLWSEBAb+cA/4mRKQMyimXZDCr+0FPjazysN5/GXR9wK9F
-Q0Gb++nT2Hli/oWQ6F3t1mTLI4vprpiIaFK83HZjRHHU0FEELYL7Lg3F2mirYFNt
-Yx1Ag0jZKc+ernLLXEJK8weM7KMADWz1544eMpfb9PRNdmjRyrzBYVfR+vQ1/OBp
-zwm6aLAtb4kAlQMFEDjKizecHL3i41xWNQEBjYUD/06hAwd2PGvWynmZP6BxUHW1
-iJ5YnJC/Jlr3d7AyM4I0I1twKTDHLiqUoLvqOWPO4qqO1iFNkX6/8kCjqa6ERaBq
-j50vr84knCHc6tin/df+qTR5iOKeLTFkIZVWEHKusVgLN4jNdTUoavxAUgaZxcqv
-W7JzYEMIXJ6WyA+JRLDXiQCVAwUQO1XXe3xLZ22gDhVjAQENbgP9FStaWIfIhNEo
-JTkCgxd8QkJEc/yumlv7Cw46BmDqwZLwV6sE06YPL0jiPIu9Tv8I3HqlKcK6FBOq
-aAvv6ccA7mY6PPIVtk+EZQckSX1ALOcETDNYTOSMVxbq7b0ovvm4sG6D/A28k9b+
-s2ghGKVquYdnn6rEbr8bqmUTwN7RgiqJAJUDBRA7Vdd/1uCh/k++Kt0BAXoYA/9j
-jKJfxi4Km64nHG4PhM5bm+OPoymX3uPkyOYXzHerwGIRmVl29FxG0szDPsO0gK2h
-f3B2WOGxqMpZrzR4DIdNrtC+R3KO+3FJU0F6+T4dqAOhSvIbVQ8Ic3Wf1M69rJq2
-FID4zk6B4ymesNZVK9hoY7RuuMefUZS8cODoxWlz4Yg/AwUQOCo8e/1viMYh0Kcb
-EQJ+/ACfZCL7u2dfVhIfLYqoWqcuuBJeALQAn2pIu6Qg3R0uVJt+gSIH636QM5n/
-iEYEEBECAAYFAjtUu4QACgkQorv7JAz5VvfWuACgmY47eZClnIakMnE2bOaL161Y
-iqYAoI7/PnKgJT+LU/WjXwOZHGsoMXOUiQCVAwUQO1jKrwZ+Xti/tWVpAQEYaAQA
-pM5VPqRJqQ941YdezQ1jjE7nsLOQ6SJPVUeFguvVHWSTDEcPvp0TEKUTFRruwmKx
-yLCR9Ux3Olh0rqXHydT+k6f6++FKzXj/vtHTtNOPIVQisV7K1rDS9Mvj1WdTMJxF
-300EXlUpWtAADiEYqxxIeGJ1FWcxUjRCaqA0WUMFXe2JAJUDBRA8H4S+iWliuGeM
-CgMBAUo4A/0f+n2BvpudIcJVyVBxUZK9EGdDiZSYZWEUaXnvTWbS9FtjLTIWjzmP
-kbz9gnJ+KPcXr/5RpD5XCdCC1rjQ0EpNjWLHnsaTjTDsJ9NGkLPp0lASEdUMK9NW
-tG+CCGCMDo/MHhiw09tH5gzCR1KJTFuDiHiINrk5dS+IHIXzCYYB1ohGBBARAgAG
-BQI77DSdAAoJEL+2fm9BJ4pEGE8AoPniG1xspcy7o94D3yOKlXAq4wVoAKC6sDFu
-ZS2Lja5FbtL4Tl3sl7k7hYhGBBARAgAGBQI79sVoAAoJEPFmQMK+QtymVjgAoIB7
-dEOcSKt2fYJAEtgAiIoVtKHtAJ9S6bqdAT9Xgomd79JN1KPlXRVOJohGBBARAgAG
-BQI8+g9kAAoJEC+cdg2xRYLBiEwAn3S/QfwawMiDcpQm7K7q8BTxmcrQAKDaSfAd
-Zea7tsIsjVpL627gpCf1uIhGBBARAgAGBQI9hM4xAAoJEHrsMNJ+GHnpSWoAoOsf
-gbKx+mCMRbLOEYgAU9DB13qdAJ4zkAaZCijpqqvTi0XjnPMkq7RbpYhGBBIRAgAG
-BQI+W7nOAAoJEDBS/CoUw26Bv5wAnjvZsj0SetF/Jth5uvw+jHDLp1QuAJwKy8ZY
-e1E+7dOU8CQgYD1Zy5nuaohGBBIRAgAGBQI/aaJkAAoJEC27dr+t1MkzoLcAoLEq
-jwJzYeTGbrIfhc4t4/SJnuD2AJ4gIPGnbL6fl9+9TRMlAMHo4xNcVYhGBBMRAgAG
-BQI887P9AAoJEEq61lpJwpzCcmMAoKp4ZauTD+oEBfvXtL/eBSxTA0rKAJ9uADQB
-IiVBWy54UnhJ7F6NSb2R14hGBBARAgAGBQI+9wRgAAoJELghiQKdsrW873oAn15C
-080LnClmIjRoGKppUynk7LqTAJ0RXLkjiepVsgZCW/pXYy6wK5DkeYhGBBARAgAG
-BQI/1fplAAoJEFIY2mCt64GL6UAAn1FrBfweuTEy3p+i+ekJdKf4Je4bAKC8SrPC
-WVEl5Pr+XpuP92f3KxQJtohGBBARAgAGBQI/1ftLAAoJEKTWXDNQN2ZnOuYAn36o
-95rvUoSFIiTVytWm5go8arkYAKC9rUwywbYx49u/rdUtj396kocq9YhGBBARAgAG
-BQJAC08wAAoJEIHC9+viE7aStBkAn2DN85MEaydtxX1S0Sz22Qawre//AJ9NYpd/
-BKPMY3o80IuYy6k+E5e4cIhGBBARAgAGBQJAC09qAAoJEGtw7Nldw/RzMlYAoLeH
-NbcbFnINRaU3vJLp7ieZCUrKAKC/+N6FEM2JNJzkeRsHhOvOn7EXmYhGBBARAgAG
-BQJAkTWOAAoJEKn24r/sjo2pIp4AoISelNVVxuIBl2i3t7ajQaUpruJpAKCGDYPg
-RaGIuII/2fwEGzIpZzYE5IhGBBIRAgAGBQJCNCwxAAoJEFMx5x175C/jTPMAoKFG
-qbOkCtxD3edRmA3PzE+dg39xAKCCgjpb4Y0PXk8Xu9tvaDPZcul93ohGBBMRAgAG
-BQJAC07iAAoJEBhZ0B9ne6HsIlIAn0adP67A4L45/4m8xExRv4Uc6twdAJ9PTE4G
-X3XennlL+6cVXB961V1NL4kCHAQQAQIABgUCQX8prQAKCRCq4+bOZqFEaGUHEACf
-4Om9MDBS9SilmZ22Ssa8WtrUzUL1yOuO3+n/XhvJ5lGjUwi0oW4EcMJFCKZI7DOX
-aN7zlD5akd9N0ZNg8W23xz29nnp6/upeQRQ7ckqDL/+o8DgjwCyQVH+ZzDrBDsip
-PqtVTcogBx07CioJSX1jy7CVnsaZVH111hgghSsLM3S9KrlmwQ8zzN56FbwmDyoG
-Qi3oyH9Xh+1YeCxUM4hS6Gk1wCAFCYx7Y53dDALB0MvsFMSWDflJLhae652rSot3
-jjFzH4FOdKk2/1uSVOKS8YQtLBu/Vf83q/gacdxtkyj7zdUYtSg4OHuR9JVfF+Yx
-g9v+U5PkqVSymLEv523nEoq1LMPtWhPNb5Om/T/5H2N/x+z1jSxTCZajRoMchG0R
-9k9GtcGZQqfUrdC0lztB+03KzZRJvPRUV0m2Ia0fNPUvUlTcLCdk3/brYuxEC13h
-A9qh8dIwWrX60aHanrqmeH2RSEqbnBMn1g9NRvFkV9QbGofCezKAvvRq7vZ1vFC4
-5/X3NqqHm45ISN6MitDJhJOnD+ZoARVAnFpC6pdpAg1+Ld7v1PtEj7rRAVzGOVZr
-U55f3gBIx9Ezdeh6+7HfCFSv1sKkGcYlVvriCswpUrJn5sqaFYYZvjxin1D2kwvT
-aG/4sOQOooHBU+JpdGecir2Jme+ET41NZ7/Q+OuPGIkAlQMFEEQbRB44IttHzDdP
-LQEBlmYEANBwFJxl7HWGdKLSg3PD9rd/UuPsA2iS4EcMk9h1Mz8lm1WwmE9s4mvx
-0DmNtfSHwV/GF3TwfrkvofoqXxU+b0CkNIaHPkCKP+FzFTT1dC5ZBrGBqLi6Izu2
-wDmenjGMCosR9Xv/ss8CQ4L2XF2uCGyVEmel58UHx/StYvjEeL4MiQCVAwUQRBtE
-RSGD4bE5bweJAQEAywP6A0jdCALabHlRXk2mgfdqBKEWn1H8waZLgRjebwzn0lnK
-3a2pSYZOqaDg9x4TNrHi+FZ0RZJC1u+q/nBfQw9Fqr4tavnHXuEagTJhTpzBREIc
-fNEW0vhziJPpd1Cab8ErZKICCEiVu/CFG08M+benCSEAfJN9ZS1ER/mZMvqyY/OJ
-AJUDBRBEG0RRyNXtKZX2F3EBAb47A/9WlKsdMPQuTcekXtiyImUxMIw4isRkEw/o
-Hq7Xo/TiCfa+7CyvfZ26VXa+hdh+GTtUfQeb1QP8Q/S42qfuz5t+geT06phBy1lK
-lIf7zdeptHkEfqzQ1p4/PVul9YChMAzH+qZH6RN6jh0w/aSj28fhw67rHch62fAb
-Xnn0lXBdcokAlQMFEEQbRGdwoCRNHvmSUQEB9CUEALuAxKlHjjo0Cd0Wv+VnhDr5
-+fmR9vNgpvgt3t4qHNcgTVGZza6e+T7gk8daWDP/HhHNa5he7EpNeVK+yu3SCyiI
-Y9p+e+JSx2FnOLqqddG86l3cexFahlNuxfyCnC/2c3yGsLFIKtb3vZClwvyUzfGQ
-rTqPF6sqL4TU7uv0UplNiQCVAwUQRBtEdx57s8ivlZYlAQH0YQQAlsgJ6wcI37au
-F5hG5wHYhxGSv4YNIRWAgYNFIDnk90AsG7XPcuhgyuKVfcAn6jEdVjRLhogpxo+I
-PNOeIV3kiS9LFfLgWGrx7arnrmMPOP/0l32VCum5n06CM2G7D+o7uTAU8qul1nNN
-gpExpdV7qPrw9k01j5rod5PjZlG8zV0=
-=SR28
+b3JnPokCNwQTAQIAIQUCVtmslAIbAwYLCQgHAwIGFQgCCQoLAxYCAQIeAQIXgAAK
+CRA9Z8unyijlpL1XD/4yKdr8unh/OJ5ks0BcjUpJBNkYbdYt+B4hb1lqgaM+kqSD
+HRt0tgcsa+m6Kcwl8TVZY1NlJRl/L/V6xP9bN/hw3e6eijx4m1dC5DSZP0/GZ4L4
+u4pa349wj8jp33lMXQacrOgNcRPNfIrxww4bxOqlPwDbkfbn4HJVsdDvW8fZbsEM
+T+S8UnIOScwMov1zY+q/VO0kcFfCjTu9w3zrnOyz9vKkMj2QBbAm+kawW7fyt9vt
+kxwmLIx3XHczyFAiAqppvbqJV2AqTRdVy7rX79xkHUylnuAbZ+/6lBMc8kbQWdx/
+loQA2xFfbQxGRWKeOH/FpcpfcocD3PZbJ1/D5Bef5WegVXti6zHwHWZFhFRB1851
+ReM7RJiEJo76PpOc+aR6RKhYdfMtML/7dsnR51HWWuIfZbXbf836/SXHp3/MUOuC
+1qyBeDweOXRbBCHGhvwad47NBj3QwK+1IFMFlDwLgCtJZhkqCSy3v/UhnK/cV6u5
+npsLDJaQixU0kH5x1PbxoAsupeEo8VEUxlONOIMgrBwiaHIbwkL8/i02fHkA/hbQ
+AteZZ5vKi8Fapq60izQCvusybEA2Rx+Y7GMntXhjGthzTHL+E+A2KEq4lDrwmYzY
+jKVn5kJY9Wct9YQ8g8ytj3tPX9d8strSejrg6wBvPMNQXD9Hg+DXRd2nyog36IkB
+HAQQAQIABgUCVtmsuwAKCRAQkK8gpapb5saZCAC8ltCRFRCD/Bhva3y1WkYLFXeu
+zfG+L43rVEFfW+fQFCeiulK3y3hKijMARi6OjDhdZBK7cavstZec2CnOKmJRuprr
+Z9FwC9uUG9LfGEkpgwA6FMlje82C9B/wssVZiLNGuMGBg2BVaQKglw7loahMYdLO
+7DBtOEz2bPcC5v/tO80s2mtzrTOWW5WbUmIB8m/888W+/T3jUeP3v1FtAhk28urO
+fHUcbifEbvdLblWeYiTi/PMEjVWvcWfiQepy3mA+G6veH02BFTMozzlcisHdJNwn
+Uqi8xcU0fIU2j5gDvPJ5IgppEEfwfWg0qqglPRPCpz++dn+LFoXV0N4pWdn8iQEc
+BBABAgAGBQJW2a0lAAoJEG1M0ZQp+wPewsMH/1PXIE+F4DYq11ohmwPG+g8MFkL2
+y7rBGvsTdm7Y0JgWqo2BJ8sOpBhDduDJdlQRk/D5CWOxiPA7qGLmtBntpw3U1Wp1
+A9DtcpR0AVlUwuSer5k+uGIxJzmu8w29MMpFtqBLjx3kH12MOAqTrC6YgxXsQEYD
+yluFMRcp7KfrWoEU9AAfpuT4wk8P3U+8m7QGqNpfTeNFgHmUd0dDzT6+zZYdFzmn
+BxXgp+W5SgX68OA4QXk30fGt8/btHQF0/qM76xCLXvOvV2WvLgwh2k0gNVHdl9BR
+4Gos8SwOHKQZY9JtEAPu7vo66RGQ+jeNRYIDW+wVMHXLo0R1TkOg/r2Na+GInAQQ
+AQIABgUCVtmtYQAKCRDAKcpAFvTM6XVIA/4iLoL7GDztXgFzSzMC9dlrFGjxtnAo
+6N1ZsPE9U/JN9KjS7T7/8w1u6cmewLoDPNN9WDqaQ62P010DKe/VfmhoMDumH4Tj
+ngOH19+RBmD/f1Xb0NgbWbRbF4hYFXqGmyUoRUDl1MWyOa+KSMC4lKdr7HQXQF/0
+8EY9yfJLx6xymYicBBABAgAGBQJW2nCwAAoJEMGcHSUS00YdyXgD/jjlvEBq3wDP
+KT97+xy2RoTU6lNyrlkD+9Zu6PE5QSt8tbXpQ13nCWS5quegk0fJg/X9W+hpt8DR
+8WQ2F3LiBXZGR73hkRx0f+MQArx+O+J6cSjw6rUwELld8EF2Vi7bOuMgE33BVleT
+pvaCzB9yQd3+nKbgDb+ZynHZce7bJow5iJwEEAECAAYFAlbacNsACgkQ71iWZNQy
+4Z32JgQAqVRJVb3Y69KcQ+d9zEkTmTZutsntqP5lbCJgdW13FG4mXoyqT9ncmSck
+XuJMhWoaZOfdIrZw7STLSzKmAfFeQdMiSWo/KZxV++YezamNGPeqjyfGqNn6wxSp
+qutJ1b3L3OG9i0+yuv04YhKX8mdNF1GnD7lrPYHONnp8oZawFISInAQQAQIABgUC
+Vtpw4AAKCRBvUpPYo5umVRI5A/4vboBeKv1+JZNOWp1uP/JRBoC+ccdVAJW3hmAX
+aBHhI252KQRJ5j+WeZZGHOOVHJ4JEJS7m5GNsPBtXaSCy0N/y2Qxobwp9DZxTA50
+yVnsEVGOh2DaPRr6oJx4NC/65TGyExRNKCM+RMhGCf+x34nujoq3GI2bQf3Cy21t
+GDS30IicBBABAgAGBQJW2nDkAAoJEJwcveLjXFY1KSgD/iitVYxY9kxbIyiiEoDJ
+rjwtsRXYIHOHdUMXC1tiodzIuPfscyO/sSnYXgoxh8iz/9RJiyTIGSoePnd+rmw5
+fef7EKWRPJJ00qCnJrg8q3PVctQiYeH5/AZrVGSJrIbdyMoQelj0igNhPic7iQQe
+Ihns14avXv8bCwHvMxYmgtw2iJwEEAECAAYFAlbacOkACgkQOCLbR8w3Ty3+PQP+
+Kjuma4zB4nvwm5VxD3XQsJQEHF62W3pByUzSsOAJ5WXMbhVD+zV3P6ps/SbjZGlG
+74Rx21nTNbeSIZig9XlfBjl2RmGTXDItE6mNpOzPysJeDUERjKvYYBacskBwsiRb
+sNZ6pKPkoPUt5ALn2CJ+wZryWd6IdLW1tYBuPHr6uJGInAQQAQIABgUCVtpw7QAK
+CRCJaWK4Z4wKAz/OA/wNuEw1FLrCc5O57ohRuHIYMK5HI4Cw1XQO2zWz4M4Gn4Pv
+5ghJ9j3a5j5QiPbLSmKt3aWprPkIoGdKfiSMDlrW1Qtgj9J9Y6cf13Ja7NqGdNMM
+sHTPNEiKH2r9hkdg5aVyCai1J+Obi0ocF7wcxNHOXxBD2dvBn4wffCXeB6awGIic
+BBABAgAGBQJW2nD3AAoJECGD4bE5bweJnrQD/0OV/d3ykAAADy4fC6zyVFcbaaB5
+CmFO/rQUjMP96+0QVq6DT9q3Tv0TE3+0JyqdDS1RGM/mEGpijuoQO6upNnVlOudq
+kugJstOb5RNLq8GVJKMt/EXa09eRImdzQq4tagVSV8wIHsvQTItnmFjIK1dWqEJ7
+4Wr8Wpn+J7Y69So5iJwEEAECAAYFAlbacSYACgkQyNXtKZX2F3HzUQP+OBNaNNwW
+Z9iYqZ2j1beVn6R3F98qDZ1G8QA94FXMW24P7jid+N47DMH4R89t8yyvmcb9QweS
+jD4oaLRMOxjdzXEDnO8FcPQGtubtN9/54qPTNjSUYztLYVNCYcqlpqHP9WUUJN6G
+GT0aHBTaXTs4BggeYbnoexXmGfaUWPt9W2GInAQQAQIABgUCVtpxMQAKCRBwoCRN
+HvmSUe0PA/4m0COSkS89udfYSyhN7flXgtOB3fKraw219+dOUmBCxIRl8qInqWUM
++216u2q0NCh3MFBMRmk/FrCa59yBoP/ftibjAwKDm3TCUUre++kVwNPPCONPsaMZ
+zgP4Hu0U7pjrCyI8zRffN5obQr6v7xDyGwy5bpGH4UD216u+/UiDe4icBBABAgAG
+BQJW2nE1AAoJEB57s8ivlZYlpesD/i3Xoj2yR3UemnaYpYWEiKvHGzUKiVqyjz7x
+BVhDMDFJxFlJeQjxnzWcsdS15W79hl96kVHCHsHqnC0oGT/OdaXpUnvQIm2Ot/+f
+rU2AzXBm97VpdwAohxHIOzFFY9JUyZnzLV8ejoYngaQA764fpRgNSjVm1jIAxUse
+4cc4Na1qiJwEEAECAAYFAlbacT0ACgkQl0MBGHCTuEEn+AQA6H5I99ajHAMTMxfb
+JRZ5wxsCn1KvHo2S82UUDCC/Cwzpn6cT0b5ClTbz27EsLHouXsOqNUpJleLN/UZY
+vyiNc2skejTH2RUNrBhhbnrlpjfKsjldEbpRbfAeMlen+8mwiZKptjF2Wh2S+IvC
+8UUCNYBsLdcL99ft3GCxLBm0VsCInAQQAQIABgUCVtpxQQAKCRDYqvDK9rMHKZgo
+A/0eTw15SzWVMX8G/XJ87q+2GBaGHu1mGkv/CYbhFu+oqDLuLfVIH/QonHkIW+ql
+IPVnJt1f3sG2BBAo/bC/DhTTM5GsbLSDyZ0vf3Qn1JWYR9958+U7As5jRTZjLfxe
+rY4FW8is0xHwEHXz9/9i69h7Iz+CLZKTXmqNebkrHfedW4icBBABAgAGBQJW2nFG
+AAoJEBKJbpunfyQppAIEAJh9zjV/9qbsEAbJ/ecXY+rshTKe6Ed1LpQ24/b6N0Z3
+LuR3n5n4+qyXsojXLY/DpJaHQeIf0WHaUHhJn/lqtPhfg7NpGnjbJIqhTlvsEpy+
+pmIqo1OnB6Nkv6C+JRXfW6VLJzxAvCtoHwacPtetOWtY+VF1o0KIezvEMC2bZy7g
+iQEcBBABAgAGBQJW2nFLAAoJEGBN+/KFQQq+4M8IAJwzU6zpwIK/lk6ZuOSyBewU
+Y9dAEh6M8/vD1tFZ+o+vRagHjraHhw/rWLx+5f80hn84ymoD13YOONCjosO+w7JP
+PH5N/ehokBy3hb6A2jCzsZR1sMIwqeYvoG8+UOzBjqZ5CnUSYRRg0uPddS5S8Lyh
+vDBnKWGF8DfUUfKGF1YN/yoIB/E7QH+lRTWSnOaWdF1/h+/qV/e5V4nykzibcRGj
+VBa/H1qkmqk7DX+di66Dz4MtsCYOqIzmuz9wOYK8oDaH6qt0G+CigTo9Hs0CLt87
+ezq15CvnVhdVNpE6gt1Ye7tERO2EK1zNGvJXUETyQ2BSrqoybttFmxFM51X/fBuJ
+ARwEEAECAAYFAlbacU8ACgkQOaTHfal4hLBVHgf/djm9OmqzZC/LEmv5agNglqc1
+SCTjLvd/3hCxDeM5IGLdLQwDi3aIzZjW+aU0dCMgR3S9d7/MJcPsA47oYtqYRG4+
+V9xOCqCWvcJ8gC+Ra+h5PN+ESy4Qqo771fNThV4C5QMQ6t8I+JPiepI+H4U19zxb
+SjdoLkoswDfxcEF+PpoQcW1R2PxWvES6kQixmfIV27QZKeKXK2KJWK6sbLLn4m8Y
+SzKnCaIkISQhTgGlCkUivaSwSaUYo9epjRUPT8Xivcu1IuoV3f23qkx6NBCEdnpe
+WpZHmYG9v8XKdxSU3CHUBSVmWbUtIoo9kh6ArKyhuVVopayRmrByfQUdO1TblokB
+HAQQAQIABgUCVtpxUwAKCRCOWun7zu70O7zLB/96No2LT9tXlknLRth3Fg0MPLud
+SX4dnJJA8tA/c1Giu7O/PQS8NT07KoBerqCt355WA6ABdlnOX3lgKo/qm0EyeHU/
+17sJdUKWWEdaF7JcOdCSQCm7bzfIi4I7u3IrMAqvkiphFflaukVS8euBKMq7ljxi
+74wI/7tK85UtiuBK9p02Zrnkkln+VgQ5oLMiyHVyevpMY/YQSGT3ARwdJW7Povwt
+JxVCPZHDHumUqiTeFisLl6/WHyGPyzK0Zi83JRfPkr756iRfskTiCP7wN1L/T8lQ
+nJeugKG+XAwaxhh6T14j4TrA2E9A9reb+6636LLLdsS3jKG/wWyl6w9FgZcUiQEc
+BBABAgAGBQJW2nFYAAoJED1osl1SB8rTBawIALifXmm7e9kjDsuy1RCCZVRbv/7j
++0vOsw96gqbM0fuQV1qnt6uLppJgbFgXFJOKchoXRBYBFuZ6tcsU4IZ3itW0WYgh
+7Iv02LlWExFNlNFJpNOnRfK3k9md1jZIFwnLFIUMymmlHYAIuKX4zrD6XhWxX45i
+AmuWyORw+cyEiHjbY3hGFa9XMeM8ckvvlW9h65hcizNfnldrHUWz6s6sYTTQO4U7
+wBz1tMTL/1LNBxkQV/FYj9OorNQGrdPYOD+FmOm0K6dPQsMmK2QVsPk8rhohUnWI
+TAiPr+i49HZarHnX041wOeBB3rhSJ77A47jdgYnR/X1Fp94m5fq+N2wxWjmJARwE
+EAECAAYFAlbacV0ACgkQYd4R7OJ2OnPJfwgAt+xz05qqQksAhVtl4vCcDM3smP2N
+3iCoPJvI4hpYdfiPgA/UGe8cHTnQqCbfgZA9BPtGEMkK5Tk09p9ale9EK643VgD0
+ekI34YB7rje3QVhKudrhMeGO5WoSlrXOG6W6/8jucpHcYtjcSjgdB0pcBpA5IHRI
+7k4ntkkvWlXOllCioxPwscHKrkPWSDI83xXdnShmYnzwcOBQhHXiICyLo+zYU+bh
+FpwqcnItAKz2aI/hKSz8YWey5AGF9RH1Uwf7leGqVlD57f4BOkrhq27YgJzXri4W
+jfBkEXluWU2RhiknxL3K86WLeUvTeUgB2gZPGHMyFILD4YsSY+ZUIPqN7IkBHAQQ
+AQIABgUCVtpxYgAKCRCq9bXeBb3MU8QcCACquxGrkyuB9XRnlnMFhkZimaj9IU/o
+RGADeRU4TMxtZooXA9VQvU1o7Kdz5s+v+TKyFAyLoLbOs/SEb1rb8X1k1R1DiVzX
++EkKONk5sMSMiBE+/5vsQPMuR7bUxPYd4cpIM8sYUyiWGif3KFd6bnNS/hnh9ziE
+trgj9P9wjeztTQcPbCARZocMGOcnSsRZJPTWOuUiUdNykkDxBuyeXA7V45H1ozzF
+Qe7WYb+zmvm0bbPme7R+IFABaJoQYEUAYnDWkfRg12La+tpRTK0LA0rQ3DHQuQZ9
+CdBvTowO5QyA7TpKanJPFauMVaO8qrPJspw7NLpvWo9JyI55eNFZSYLUiEYEEBEC
+AAYFAlbacd4ACgkQGPUDgCTCeAJZNwCeLZStzZQKk4BB2L2MyxwhEy3ivdgAn2yt
+89G259NL0HO4UDdEjQmeRdYPiJwEEAECAAYFAlbaceUACgkQvdqP1j/qff1+7QP7
+BPaV9C2Jjsmd1epuxRE8wDKOUbgCOP0Wnz/RQcGtmLpE+b6gDyAkO04yJc5sgTOG
+vPwJIInvfmp9IeHSz3dpiTweUgwy40U8LJNm4rvI+LPaR6FTYtvgrtEn83jiXPvO
+n3p3NUF2AUgdpfW9jpQwlcU8kqO7U5FhNn0SwDbB+wKInAQQAQIABgUCVtpx7QAK
+CRB8S2dtoA4VY35sBACaR78j7jxTq/Y+wPNzmgGiY7Re97Ik2fJnUnldplVC1Kqe
+IRD1g1JX7f83/WbBmsYswTUEkP24mmWTIyyBZzZdMgcV/zC6OPn2myCPY4jt9HHA
+eYDgDCjy8JBlxDgb/zS6uT0IKPbO19hsO3nEsXX4ezTR5vGg6BsoUhOlFInnCIic
+BBABAgAGBQJW2nH0AAoJENbgof5PvirdcY8D/AlG/9+DrudG7GwRFmMLnpFqPJ0O
+vWFNVZtNvGVmsyi6yspY9nvKLyZiTkB80uOadljvcvAle7el9wTNtFgw0H7MKixO
+j7whiyX6c+I0qse2R8r65i458kuikNfVL3IRz+3LWNg1N4nevwrbIIT0GEZ7uz5L
+LLHKAK2UFD9XprgviEYEEBECAAYFAlbacf0ACgkQIfnFvPdqm/Xv9ACggz/E2KGa
+Wjs1eFGMHsDeixJV/icAnR518j9qLfnTXG81oDSg+LVi3qjIiQEcBBABAgAGBQJW
+2nIFAAoJEGKe+O4Mi4Mz6X8H/38qfHEQrWr1WaEoiZTsIq4qHqXHt5oK2fUt15mQ
+jDIutggOgSlG2sPAEmiKxl2Z+adGvCr/1p9xpFlMWIXql/aJXTQpgRwru8J33eLC
+B9Nofnkwvcr5FyUxKgvDE/mSeT/zlxDaBtTCx46SEizSNqR7y2oWb/HoYTu+1gcF
+8wRmKxF+UQLiNY62r5VHggBLdHz6ZLJw5Fuq2X/XNsto0b6XYF3TcL14WyWaIB/9
+gNVMvkFgNeTyfSrICnzcZLQwkCfPct4r9ekD4Sr7RLbnOnsjMnfsWbACgEV8wVsQ
+awMlDwWWxFMIWBiOo2Qw1Eqw+JFVq+UqVI0rRbXBBgqVshWJARwEEAECAAYFAlba
+cgsACgkQvSdtLm/PqIUMaAf/X8KWAvlfo81h3dkGsVLEGgs/SdhlrcMrkChcfMpF
+HhGaydcQG4VQy754GnclQGqbHkazFN2zB6/GtfJ0tqTG8UZNTYfsXjvOCOaCvHCr
+D8K6W6uL+PyFazvg4BpwZeHuOTUepHKVW+/YCkV5YA90w8VkK7TJYTQUOoqjY5rN
+ddE+UHA7669L2ApqvDFaKrRXIl0XARk7cVbmP+Rmd9lT3hAKAYLGqAoTBc9Ih27N
+erJG6YSRovEaYMyH6waYGu/sQokRcSs7tmW8NLXd9MKe7zqE1sn9s8+/3sQ7XVmn
+bk1IZKQRBvn+fah8x8lFNTFKtGbG771f7r6A1DiSwaZE7bkCDQRW2ayUARAAp3na
+YPI1BOJ2yNCgDwtcaTFKo6i+JEexl3YexJKO/gbvfITZpDNknOGYv1bbmPscHY8B
+dv+U0YOYwOYOpuGMnOFk4enHrayXYWEac6NxKHNwiw+1mktvpEyrXN6JsI9ys7zE
+0TA5t+7NpChIJ3uWX753P/wXuEcwiH1G7fnC1OarWMo98pRlXVUWSpQE8RXIxmCt
+IYisBBCfMIVcGBRd7wT/yMU9ADZBeXWX5wHxuN7R7BauDND08Vs2AxZ5bJpzKrr7
+PjpGUfB0LPcsZ0l02k/6nBnSymsybenYgRIpcP2WxLuY4P8ZfkPQy/ZH7XCcObXl
+yIBTBwEm2JTpfsV9pOdM9J9R41VAzq8Ljm6lMMv0i/sXT4f4v01bT40iuNa64mOC
+r0LJHghpF8q/CY0xwwoOSsRdDLOYUpQNdA4colxN5aSE37Wi4dSU46Sdp6WNJECn
+2HOdeJJJCBLVAPCgKXCHf54HqiZI2sh3sYCCQUk3GKKAJQCCKqP0uxtw9wdq4VNO
+DQaLQADR7uxZMnKT6M41XEvPwuvXFRyUj5VSCyUzNryMAkYyxScWncFzhxMzSWh4
+qlU1litNkho3xQFFpa4zNI1S4dSfzv7Sv5QcslUTuWGz+d5Ixl5/XajHceV4d7sy
+DlvQIXfVUzPfz73Kib/jhzrUGPFNF+BZ4Qe6IMMAEQEAAYkCHwQYAQIACQUCVtms
+lAIbDAAKCRA9Z8unyijlpH82EAC9jEAIX4MkulcI1EqZrh7K3TMHCCl9UE3YbbGl
+i+X97gI2yNQjQSL3FRMZAcqLqNq3I1PCXuSg5T7gITMNh1DpO3JjZ3TBLvw3tdCy
+/0sUtzcRkxmAN5afpRUUcxi6OA7s8Y9MPuWNnDtcG0CGEG7WX/bVXowue15SUXRv
+TShSVoalOxyra2/1QKp3fqYPRwfPP5cjEkZT19riWS0gH+k8GxKaYt6fhs2JuxiZ
+aOZTeSWr0wuFIemygi8jqBhOdsb8ialYeoWrbw2zOimeaIm/rLgT901nE6xF2zl9
+jVhMNPb7EmFOOIX65k0FerlDO6aiufxKfLNAfAp+AeM5jv1b6T1jFBOltkT/0dQ5
+NNSb4loz7zo3fRvZDyUowS/F5Zrdt6rsX0FcGJiPcpaPlC9W7kRw60jonMhhh8mR
+46GMO7kt3u9mMHVeSUd5HRQjFakeVwQwgiwCX/np8iI3t33oA21WUO9TzY6rKgJf
+znX+MOLRilfFaqSN/B1ZZqJX3S7wSkXdO77KSShZTFJVoY2XvyqLTaPVgTM7A/By
+KOlzghRF65ViVJnDZUQfQBxe+qYCplAYzcmxknQFeNBeaHbuV9fZ39sKX5I99arg
+mk6wxhyuojEHuR7it6IU5BP8vaAGrL1jb1c2EeAe+pdJwpAb1Aq6MU6uWqOGup8t
+9T92qg==
+=xY3m
+-----END PGP PUBLIC KEY BLOCK-----
+
+
+pub rsa4096/0xD583210EF51471A7 2020-04-08 [SC]
+ Key fingerprint = ADFD B709 FE1E A682 E585 5971 D583 210E F514 71A7
+uid [ full ] Sendmail Signing Key/2020 <sendmail@Sendmail.ORG>
+sub rsa4096/0x5C092A1B257B1C27 2020-04-08 [E]
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF6OACMBEACZTPTPsjrVvigeypzCc2FkC1vuAgD0IcGckcjFL6w8r9O9eG8C
+Y1ZGKF476MAY1EgXvCrUbDG7LPIi2y2SGStE8iZqhVBy188C5a7LPDjX6guHxL9m
++OX7TafOqS43BbXuG1fvWGdhnEY7ZdC/SFUR1mWwFz+pHYC2bTdUm+KGyqBdT163
+cSPycWOixVdxGg7CPJLSvaqJ9Ft5u/LalvLyf1m9vT8zLAn7YlkATvg/wuzzB0LW
+zCV65FDuda4kkJwelhT9kBbEkoyqLU4Y4J36X51vXGHFL3Uc3ck6FiLt1qw/Hs8h
+SfwSf9vgBSNhi45rYe6sfBTJN9PZ7l+tPZ20hU0N0+q3QodlbXPy23WdeT4cvp2E
+vAl6jUMp1rypEmgr2i+CMMt6g4itxbmk08SXC61XEPZqeV3qd+hqRSN9bicErJpE
+IZysXdO8SXw0NhomdwWncY6BWPY6GYbIhaCRyPEz2i6neUUZZb+qZNKH8KJwij1j
+jre2+TTTIWSUCSVXh5YuKR4Hr+faKU5+LXiC3K5GrmAIxFA1RHXvq68Nt3P4jFKI
+Bu+T19xC/R8Lqtc271BDlQxQW8uwhESZgp/56Sf5XTNyWSoEK1QoVChkn4vO7m+3
+Igyn8HUVHOXmNpYKXeXtbP6Y2ISAf5YHkdFtdstj0kg0GWCPlFupyD4diwARAQAB
+tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDIwIDxzZW5kbWFpbEBTZW5kbWFpbC5P
+Ukc+iQJVBBMBCgA/FiEErf23Cf4epoLlhVlx1YMhDvUUcacFAl6OACMCGwMLCwkN
+CAoMBwsEAwIGFQoJCAsDBRYCAwEAAh4BAheAAAoJENWDIQ71FHGnRssP/i0mBf7u
+Kn6ap7KOmJ/nwmhfd4enqGPITxPxVnwmnpffVv/XA7OuAHkCPql8jD7z0FPZkTEp
+Wgevj/mWX2imjEIS4sioQScA4Koqc8YczUoDTeg6D4KcZj9Px/t8OZ8ubCSU8n7+
+gZC3qY7bOnQca2Sdo7EIHn7xI4EgllSUzPkeZW9PTL8xLPGOjH6w4U4Xaabve/Ls
+R7RQW5lbsTboWJBis8n+we5TMgxTAIUavXVT7nlRO7F6YQuqZ8vLB1bHj+OLEaVl
+3iakFt00X84Ee/F7XD7a2YWYEBfvwp42sFC16ghdgPQN3E0keJZqKwnBiOa4sv0z
+3eiSJa3S+mgQXQ8syVg+IQFRgPq5z8RLyHdyTmdRcPHSxNX+uJIMP4+QgnrcH2Z4
+OiOEHoZKITOudIWNXmEZWNU/TQMzlYvQWMf9BRMQM7He1JCAPf20wzvNt0JuYdll
+wPbhFAdWps/ieHsQ+ApLMrEOoldfbZQKGSEgMCJkiSCb5hnc/z+X3zBjIi4H6lyU
+eFLX3a1gVg9j+uHpORn7y5q7Uw3HXkS/a6PExJOu5sfffdbfNzkAIQN4LcCTPwf7
+bH25aKnmIeXY2w0cxmuS5t/uT7hYaIZgGyg0nGGQ5TCJ/Zicop+7W4lcvyiKqvmd
+83SmETuY/S05ZqShQaeumdjn0CCBjGA8XYXoiQEzBBABCgAdFiEEsICXn00EPhnQ
+WjacYp747gyLgzMFAl6OAZEACgkQYp747gyLgzP4SwgAm9fa+gc9glqkijfd1tT/
+g5rXFU0jIr5vtqFZg+4MUQ3Gl8VUzduUQjAkO2oF9A4qS5XW7zaOQW8EMC/ioFsM
+aNHQMsWApGUwGdxnUL8psUROqJ6ry+vHkO5aiy0ovdvKMYr/G1N2jzf/5C/V3C/Q
+Yr6NMdAAdiFbe1eg/I2cCBifVN4jcg/rqIMD3j5Tej46WZ6Yh7mUeMbRSiacoyAw
+io7G+QOBF1MdnNpDX5d84g4LG3KX9fKErUaDlLvulnR13RvtIgePgyqBb3qAiwmz
+0/N4wFn2SyF9i/y8SfKZmNe9PKz5icxKaVH7sZoREc7BKYrEE8NDO4a1jGwH32HD
+gokBMwQQAQoAHRYhBK0g4aqLQTZwpkJS2L0nbS5vz6iFBQJejgGuAAoJEL0nbS5v
+z6iF/5QH/3hzctN4ADtQL4pQOLB6Fjfwk7kJJMJyMS1KsOQaVjfviB+v02dJ/3jY
+G8P/PGuGQhNTdOo5Sd1riMAs9qBrYTH1LAzbGJYKT7aU0ceqCq0BZA71YRY7GWv2
+8TuG6LLjcZZUXjj5a+4p66lHgvq+FK+moONqA445UxVqBgsUnbBxbmWQEiiIGZYw
+upSB3yAmKrMsXk8Hgqz+1yg0TtVuhfETB5L2dMlA/ZfO1WIzTQaU3TGbb8Q5m1dx
+kD19iD1oW5BkmKZHo5yzYHPP9h3kMynVgJjRMfW+u2tv8GnJMXxHkacbpgcsySiq
+fpK4Kb4H+fIdOViwufEBbdum+LO2DlSJATMEEAEKAB0WIQSxdZZEUwNdzt176Rlg
+TfvyhUEKvgUCXo4BtwAKCRBgTfvyhUEKvgO3B/0UqQwduX0jD00L3q6k5hYpjuir
++llK9XwBrfBehpYAwocLX9rjeBthVvB+epNBsacU8CmMbLgmvq7+ZG5Jh+wNhHx5
+iXK6rZvTjm0/CxdbqpqsvpKkNdNsj6m22c/zUu0eWxPUAomfSxfX0FgxNg8NjOZx
+RH+gi5FgItQY+hgLVHaSEQOqmm6Lk7qnt1KdhI42uCFxaBjAhB/nvv7lCeqDJltL
+Q8yHCtEKTt1Z99KvldJicAAcXtC4KmBQog6szmw8DdZcV+mzXNyvGMXxsssAaSOj
+QDjdXmCiGXnnxMWdmc0zjUdQJWWIgO6erwu5OCX0F2NuRE5tgIMSejNUAuYBiQEz
+BBABCgAdFiEEWHJiGKkTQA3mYDYBOaTHfal4hLAFAl6OAc4ACgkQOaTHfal4hLBj
+Zwf+JJ9rZ6YbR30sRSb8whxcXWDd0OhaBD675/y6BinZxPv7i8sxb996Pdz4wx9U
+f0WyBU/1NMsror11cdkoaIb66MHkicgTYpagdAnRxGYStoY7mGCqiVW6HZ4th8CD
+38PX7w8x4ct+9FnTTfdK01N566YrHKLiPoBLpPmeqVItzLRrHf6Rj283dYagxMfO
+hH7JAK544nNxRja99VrRYglozUNYPDE7OPiTyiG/7wXTDfPC2Y+oWyAxQGmA/vtR
+EApIhrKxV2YQq4YWm2X370y6FjjH32AhjixFChDmPA1ilLTZOjP+K6yTSmQ5JVTU
+lnbh41oyZeanMiZox063hyHa54kBMwQQAQoAHRYhBMp6jzmiQZ//sKmrJ45a6fvO
+7vQ7BQJejgHTAAoJEI5a6fvO7vQ7a4MH/34wrS091ePEsnmHR0bcUfuWY0fq7zko
+7wj2NIQLScha8mvgGCPDNR4GfGi97+Lqp/euuSIr30WVSrdMIH6ZNlFItnypdu+R
+8DrY4CjgaIc19h5HQlf8V0aL52NNlJ0dwSwMSKgDDUvmZCBnfIdrF0umUc8uMRxr
+bAHAq6TUaGOxbqF00God8q+TL0Rdb4xF+5UV2LERfNjJ796NSx2nIH9MzBRcrQrt
+PPsRE59m24yeLfMXC0G+pRVA6IsxVd7jX5shPhvXbu9VNCpPWyuATXRdMgMH/I4k
+qVVWV2UslgntrA/pPb8hlC9vm1Kila3yE8X6XdUv7KB7s6Rr7fiWqI+JATMEEAEK
+AB0WIQS4fUVphvGUhAflzLQ9aLJdUgfK0wUCXo4B2AAKCRA9aLJdUgfK039wCACD
+IgBkSGltFdWBgPmNeDUShaszPGeAplv8imjaJaHm0T3G671df28MTP+e2iZ63eqo
+cIwTYIQNBEPNfWa5FL5JkHMdGsOuvEH1UxowPOWDe3AfJHlBPOCtmo6oLro4ddin
+epLJMqOCLygDtM7vV2HAY8WqLC2206QhHeNE8bWryqTO2T/2IjrO28Pcbf5dFUPC
+o0EmtzQLw5WKOwa0BINb63Af7zzJAbXKC9erGoCyFQu1YyRmsn69hC6x4eYccijf
+Lzr7YfgJbWUJ76bJ7HhdKJccZUHhEln0u+onsQqKeHes143n34cBnq8nwLEWapIt
+23X9grK9H5KCNBss9ua6iQEzBBABCgAdFiEESfaovoRzOUlRkW87Yd4R7OJ2OnMF
+Al6OAd4ACgkQYd4R7OJ2OnNU/ggAuXwxh39YliN+AVi68JCkeYIuy+mrjBMK8lj5
+s5o9BY+KkiRMIlBcJq585iPJ3xYhPqqf+RbXWVJr4qiC7iFzD703x2GpRxJWssIQ
+dilRWRixAOGASc6em+NkTDnKFuj27bsM5aUx80yo3FUhxqwHawj7vp+ysx7XynYP
+lXZ1JdnD/uCM1YzMeZHGrQtO0L8aIDcqFx0+rz7KtIyUQ7kYdeZg9rjamfJdbBko
+cf+C2jWX9gF0AlXSBvnQ3Y/r/2uYgCqT6mKU0Nt6liC/nN1+R+AfIY5KhBd86gPN
+Qz8mCdLfOcO3EbKHWBl/1mLgNX/KcRrst4YnqdPvyaK56EPun4kBMwQQAQoAHRYh
+BDC8p0cF+kFUVXMde6r1td4FvcxTBQJejgHjAAoJEKr1td4FvcxTPMQH/A90Bhrs
+RdzhXXQ2cW3tqqWbwuphcFfIZr4kn2br9yNqt/vHjIHqvsrgiWMKQKJxX4/UoLyn
+8EHeDScyrsVzLIKZDKAoGmLU376PzpDJdlzeFZOaRG3iTz6Des2THBHbKCp3g3z/
+ALx0yWkW8TJWzx8CV3nhym3HNC/567OR6dfWa0J0CtC71KqfE93HB31Ac/SjNUF7
+qQSn00RWZWfW+n6hDL7GDr34RewajTpZg7HwkflY29XFUs6FuOb0Kpd31WxNO0vX
+yxsSzXH6rY/A4kvx+I4Y539rkfu9GdMXvefKUYBPKVMtn2a21LdsjM8RFm0kmusz
+jDta0WzzJxlAIrWJATMEEAEKAB0WIQQPXJauyOaenI5ULlxtTNGUKfsD3gUCXo4B
+6AAKCRBtTNGUKfsD3m7BB/9yn/GO7AvO+w8MCKmidVZZNLA5XPkwP5mQzkYwr9lM
+7Z2vzdLthohr8jPkX2LatKFsmzzLZuaapm3oKXQa6bRm3xZbGBkTCR5HbZ5eh7lt
+wrE5Ot6bzLTkQPdfMJVK0NERMVTSmpvZsrQPGSQlHg2CMH7D3xQh5Eoc+oQnMzPz
+ZVQMBtlprjrWQRRzSsOUS+mql89xuLAByS2SV4tW9WeZlJJc8dVwdZhoJQ/4osvP
+3p3ifA1pY5I9R4bV2gIgLKo9TtUWnGmPPnzqb1zeKVIdpbeqRkAwb6/boxroSNT4
+f49iqiPCNSOSuDB58PGcwJDdZKDSwimj5ATrWWYffMUuiQIzBBABCgAdFiEEPIoe
+jn9Eyt4RT+1GS8m9pmv3Jq0FAl6OAe0ACgkQS8m9pmv3Jq2RqA//TkwYzF3J7RN8
+8tZMQu4staXlu5Xlo8FNVtqe2mRhmkXtVTFsrrpyohawAwg9Kc55FcNzdaOjzpCM
+LNDo3huboh5VV2tUVJXhMj/Cs/KNWE3r5A87cGcDwMHhxYB5VAJANYmCNtManEvq
+rwIVIJx7MXIt4hWRBcCWf3Z04nEZDlAUdzmr/yZkjYFwA7GFuvw8tJI7ehBz3Y6v
+Rx0ms7OKlHKVQO9q9Qkw6kOrC79eY4dyEhXodi19Mg4Nq2D8ByhZMaxvujzvir2N
+z9TjEPHC2X3yI9ts76jPRqQvPZ6IDDRX1xyc2FBuU4dOnEeDp/1BA63adlQXRISD
+6Kv1PeobIY3eFzMWpyrZxwrCu4he9YdWWjZO/t0LkC2Y3CD1Pr/znCQwbsnQY/VZ
+YJoVUYUPGxaa/VZYLJ26thJuL8fX80ZiTJTWlopIxY6r8DTok0sRsDP50+GVn7Q/
+GzEhpA9muAJLu9cPFTOFxHy6klOX0oZ7SCE2kN4ZXePBugS43agOdihInHhgfKwB
+qXDZGDPNGWpqyzudgeYXC2qCooKf2Uln2CTiUa5eioPpl7KqKxwE5zl/byLa8fDy
+I25Aye1AQClaUP/5Ei10mCXWalZZT+4kkWVaT0UEECiYrFFTAVBoxmpOvnuFXtey
+Hzdc3jnb/M41WBUyNbLUUujbSqDknwmJAjMEEAEKAB0WIQSmhz0kpNbWKErkKnXw
+YFn9XcfMPwUCXo4B8gAKCRDwYFn9XcfMPwQOEACrqEL1pv7oYV/UDvhqeuRlA94c
+kMfrczDp3QXUjnVA74gLzsPDziWZmuFQ9Yl2+YV2CE1UlKMauJCvwFDM97AK8Qhd
+AzGcYR+sfKZtKdvciU6aLQ9eMSTOmIdIc+RSGVOKTRGWYxeVI8ynh4D7HDfrijAf
+MoLsEmvdgCm2/+jxoAKQw76TL4YsBWGLN/kGWTN1pQOPAUhin9np9edvq+qf5E5e
+YV80pYlhAPfM45cTqtiNXQDK7QFBnKxocpqPBrFsfwHQBkSlpa7uwwaBk89qp3Hg
+VBBj4g9bXAoDZcZ4YzLgutie8GPgJ9+S9j4ldQxh0KE2oV3VVuljPi5ucisfqWj2
+JEI2EwPpPNabRkRN02I/D5R4MW8Rg6JCyknAhPYS2sERS3w/DtOiFT6ynHN/K+PK
+x1clvEz1ZeUSCS0SpXVxHZ/gq9ZUiCR/2Sq9O4P8W14V9BJgiFWZNFLP6CBDobwu
+zsJoT2BYRbTu8hX2rhCnPTN7C9+1SXHYTbIRyPzCX164QWi86X7/FJIv9dqRb8t1
+pN5TUitQ26BcNMUNdB9Y6eCTRSYlq37LsWRTbUXPQ7IHZVb6BpsVX1BVF9vibmUp
+5yg7dTW3QRgrqmUc/A5P2no/QUgtL+svzGs4eGjyirQQ9kXXVQ9iXTcaa7xtRNQE
+NzE4pZOv8nWgDYRifokCMwQQAQoAHRYhBFCjAwmOot17y+4q2gngH6A8DFBOBQJe
+jgH2AAoJEAngH6A8DFBOGGEP/jod+csxUQ4r8Va52Zd+G9iPm/L9i3ZcjgJwyDbp
+6qCEPv2YqY1yQi/ING2HXjhcI0cMjz4bMG5gqYxEdbs6TNBqPqvhnkDiSIRedkjd
+3iFHucN3IRezQsnn/NC8Tsh+Kc8xCFZIa9VXaBqcJiihRkCkJLTlvT036k8JAfXo
+XDU9mjLlGsJpIs5Z6YNMlZQbO6mr1A0j6a6+p28aQd/64Znipf6nPKfLOcAnsVlp
+JHP2nFj3PFsbigPmRAsV/6LM5aidV4wDv04SuPVrE6j+//8Zl6YWLtca9gHBMxEe
+RJlfN1W8ULJNZ41MEaP7XGVAe4AEYZQD3ZWYYrC5w8TR0P6hpcOm6nJww2KwjYRV
+DOB2oePwvThr9XIKvQZeruVvqi36ZzzUjN/ggl8r/4Fp6A4LB9m3IIczPwId36ya
+tqC95jO+WAi59vcUozyF8+JHjDLBfHowvqQf8l7nFz2FVXTsVJisQh8A9vfWd41W
+fGkBh9ZG0I0KqqigCqB5+YDii6Q8ort5n0jCg75+87slLNPqdigVDg+tsii1ZMXV
+od3ezyi8nmQjyX8qV7jUz6tSY9ar5/3tt6G6qTtY22Xb/9i4aWcbfEZLEkixVAuf
+kUdo2Q7jDtdTKaYvJ/7l0XtnyxVbhlCzqUZg393hC58kDyP0yOtQTz5YoeKlvEJa
+6rTuiQIzBBABCgAdFiEEKWyU29AoAkW/05HXe1KWSO6FcmQFAl6OK5MACgkQe1KW
+SO6FcmTM7w/+Iq2OrevekUO55SM5uGLKBNgHvopIV3NRP0syVWdJNJ0qcOINz9Qx
+9ZD+G37QAt28a4Emwncg4jWQENx1xH+EUGX5ANlhnwt20AZwBICAcYsZMUZeBNkT
+Qi//+c5BUNLR1CqErYnktgDdb9rqOXAD1tsVFAAoWyPVuJVK2ooZmcpxSDYwWEz+
+mRafgu4vFMbx03soyESLqK4svUuMdEVaoGlm6Jy/BUYt/kZW2FTpRNLdQ7M+fYJn
+wp2gYKdrbA4pbIDn87Hr1bGkGkYMjS/9kPY1MzFG/lOVE4iIgrKJoKGaVgIpdZHc
+vrkKgysj6ohJdUwWJJYyOJL6KB6lV1OZmhrdsWAa2jf3gkoY7bXUhagioWYxBsxN
+zjQ3JsWXFeARut18Iqrwo05vqeofdz/yMAca3th76zfbPWBZQYhZEgPbHxOlzNp1
+VwnZcYMgQc2Dp+6ZaoFiEgQTItTw6pBrsyBecFHvqIGEhebw0MFubxueMs69jlSI
+hHhWVRBT88ISdQP16A0JC9VF8Pi5p3Infh9+cD4yfks1eRJ9iRFV2WdI0QwogCve
+Pcs+1Bk6un2ImLdV4JwhIBH/EXvKsj0jxREDxSP0GscykcbO2jP1F0hh7DPWb3+x
+A6u11cAxIk0MvUwBasQSf0jugH5uf+72RGiQKI0nyqwgB6PbJa4/2YqJARwEEAEC
+AAYFAl6O0EYACgkQEJCvIKWqW+Y0agf/UfGphCJvunLo54+Lgsx96jerdbamasCQ
+D5//1WLccOgxHIakrtoBfr5l2IhyNoqsvydWH1ek4yIQ1K5i3zQAX5qWDRFgLFuN
+FAwoLHR1sH7hwkeri7rya7GllnJ50MgflRMybgaCF7+t5xHvmu8UfLAFCZSNTDyn
+gLKx+pR9oTCMpQJ63P+zxokmuRhgXi640XHKUuCdq6o2TMdXkb1JRY5fponWTFBK
+jBMpbY0/5pAs8wMxgDYKBtIzh6t1GyUmqT6nk6m22QNFDJIPV9NKMS5LRpC7O7pD
+VRnsnH1bhbkchfQSI2Hd6UIt5mnrFi5G/Mbu31z721uKX766wGBc5YkCMwQQAQgA
+HRYhBP6PzR9csRnCENReoDEM9EqsvxFCBQJekmlzAAoJEDEM9EqsvxFCnssP+gPf
+586RLbf/61+aUce31CD0JZW6hEc0s7MTcVGeXJJkPHEHLP4rP77ghLrIU2d2mkP1
+td+b2w6q7rDNzZiNZEHpL/cue87+iLIVOncZxxwska8oxLFiPcnK2ft95Sgo/p86
+lgFsuMCy9JtzPgk5Md2tOVZ+Mi3uSI0E9HfRdKdTRBfnVJfnF1PTNN0/lC2VA9mM
+amaghgqyAnGI9dOcbJ6GNqyugEci8hMfjMoNZlciDcDA/88GEBUc1NQdbwYA0uli
+CtKx07wvMoVzEBQP9PeBWC9/Uv+i2mY0sNPJFuxYjUrESDpsvopRhkgCEZRgztMg
+XpOHgOMrzUg4GBCYAGsNR71B9DfltgX8mqSRCcRBuaGDKTN9sybr7QKCaHZde1Rh
+3X/gbqqmB71IFOluKyKwtT+ezr598SuC4Xp8K8X7fH8Yx9vAsw9oFMwPTQqzWC9M
+tKNjQRsZSIVoRNZ3JlcEzdM6IR5IOmuKhyV8Z+wp7Hcvd9DkSKyzgT4qiRU7aYHe
+Z50RU/M6usrGpCgV9DFdFLJ9w+TDqtUbtrY6SjkSgpawbwvcOali3Gp8N5uB0HyL
+dO5FUmJR/lo91nV/4rgx060la0QQF+rw3VzDH7tr5Hlasrede1ez5dtsnRflTWBo
+vxkYzzvdU7tSbItIrtxl6ve1+6SzwWPEa0DtMDB5iQIzBBABCgAdFiEEEsC24lup
+rSzxu0tC8Ar26sJF0gsFAl6TCkAACgkQ8Ar26sJF0gvs9g/+O1tvLLSOhiC/5ZuZ
+qbUKC//J+y1uahBG3Y4nT8fiyx55/U2Y7SG8g3WWxxwWX6gxe1ALWFstmc2C7Tip
+TIo9VenVV+nH3kYRYqsle0ImwrczFs6ZMRr+yEo5MxkZqAjm04Bl19i2mSyydUc+
+7yltn6I0XJ83NmUcx22ccyoSZrHpIzUTINMCYdQUxOjMsp9wAvaT7doROkt11dil
+SzUoJ91nCpy3woz1tMXVmyXq8axKbtBnEEvncF0iZQ7zIDrRhMQYHl/WTMZ0ejpD
+P3KA8fE57wLLvXEp5czc68Utj/nDIirgDN61Wm10qh9ucOMWp+ffruTan5oUNckV
+1PbCLVVPLy7tzjic3fL8fVLTNcfg2p9AbXzU0IS4pPTyv5ThdwdZwZm+EkvMeFwY
+AISsygWdt+bHOhGa8w9dKAGj5o9l8e1sFc7Vv1gBn9VY3waknkiTubv0FRHZtXsh
+znz2AU+JI/6c0VZT6hR0oLXI4m2g7RFAkESsAcRmZjGyJe56rWRvKyClecCxWyTd
+l7HDvD5COUsWvqnfROLlxJym4lNOpzDaBwtFFjBCo0ahBcDbvpV4zUSdloWGV4R0
++/tra0DizqTJCsRy6uA9My77OhHV6NELjsRzumfFzkJBfU3enCidApFtyLg7Jiz4
+LfJOf+JTHPL2JkLLX/bzkfWipH65Ag0EXo4AIwEQAPG+GGrflLiUzkB5aJEK8lJ5
+LCyPW6wau6xnX0rbngAvfAM3Lqolyof0FLPrecrXhJAKiyKZUlhTF/XAxWYwtgNb
+0a6Cfrp8v4aSI1Iv3JK1jsFVAULfdRznDnd5Z99+uT0M0kuHQhcoVYwoEUQg6fjV
+kuoBP6GC2aVw0j3jUSVri0nXrhHjVL2cRp06R93tPsrLwfYl4GisYKZ0qDN2SJx4
+zkOdq1CRTKQOIVr9m5M316Wu1nCzlB7yK8Bd4UgkPq8177yyKRrqcfyH52pBOYbJ
+/o/SVx03nNu52DYmdb9L2DShERt9vFw9CvyV0aAJBa4wVlVQWVUBOCQBqfLjClzl
+HqdcSLaBL9clcKfNnXfDp4qD7XrQlCXiIH0w4GmLL0+mJBTbg3tUTaOvRui9r0oS
+QSgbdcxxbb1bDNL5mhVNX9prARuSgVL5NDRLYQyKpru1xJT1P8E9bI4DAvXrq1wy
+6O1n02MzRbao29AR189HebfRmGVaotRP7LLuWKJY5zaA+cv2VZs6VwmyA4NOZcG5
+FhlzFyguLaC9lJp30fg/l614XSnxp8Mxt+vH0zlAeQSA71D1+w0c+y441YuYKgVr
+xqdwN2FwlsCjSdE1JkzQhOA7xeTd400dZU4LTm6zEV2cKbXRd/JZfqJ0BVAhYIII
+08JlYBZW/SAzXWq7wWvBABEBAAGJAjYEGAEKACAWIQSt/bcJ/h6mguWFWXHVgyEO
+9RRxpwUCXo4AIwIbDAAKCRDVgyEO9RRxpwr5D/0YyFqg+Y9+XqA8Qkc1uQelQN5i
+8nMBsga+t+rh1CJsLWxF/yATo3ohD8/qpaDhmEXKha3pvw0xF88WZzdOGk+Wvp7d
+GVCK3ZLVu/3XnVhvNJiL9jjJXuilkGA3lg8FPiD9VWN9jqs0R1Uqe4YqerQTajEJ
+336EbKQsp6gtat26dKigb5bLq3ZHqD/1OcXIxtBGBd/ayStxhxnHJKAymW4hmIiR
+CrjrQYCCCYv6l43N9uaHh+CWoJBYMcMsAHbGsolGLVakOm/IN1uuZgegAz3rb73r
+2T8LLZuYmdFKkt8ptbEwTMniIN2JQYvsehkcbSvdnGIHhiiOQQiCVqeiOSSR9bx+
+f0LYkKFdVFBukK/L/oQT6iyYQR8hcMavGBU1pQDKNHgZtVuQ0bDGv4FupSeaQGg7
+dYFt2wfFHWPK410QOQD7PxzFjxLl9EzCs7FXbIzJ7IVOxvfBwT6g1hab1FAZT787
+zQvrx4QdGe/3BoXOoV08tqaENc17terEaArBleNb+Flqc4gr/HOInlpT/BQ9fL9x
+0cOZmh4Gbu8nHSmhAOB422xn+XRum6LQT2E4u+ITFTOGLk31FXJ14xRS7CsKLd4F
+gmOJ78JKVfONBpmdVsw/emTMU5I/C/8m9l0nO0P4Q6diao23krgWk73x7dBoBqDn
+4XUsDQOZ8aKrTpMO+Q==
+=jgHV
+-----END PGP PUBLIC KEY BLOCK-----
+
+
+pub rsa4096/0x09E01FA03C0C504E 2019-01-09 [SC]
+ Key fingerprint = 50A3 0309 8EA2 DD7B CBEE 2ADA 09E0 1FA0 3C0C 504E
+uid Sendmail Signing Key/2019 <sendmail@Sendmail.ORG>
+sub rsa4096/0xEF9F24EFDC48FA66 2019-01-09 [E]
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFw2ic8BEADI+1rR04aRoVA2llbsWv2KQpLnItCL2vxBo/+7OdqC9LDnGa6/
+BA2KgTrykOv1YiAK6WBGHiapZx5Wrob5UPPjDERWX0a/O1ejHD6T5onIUklrS2VO
+ZxyUvNkqx0XMtdvt5zESVFJv81Ykp+6E0cF1211ew+5BC15RHnkiccrZWXcERb9r
+YRqCkVJC1ENd6B6fFjipjTM9Cn6WUck5kozW18ASBiT4ILjR2UjXV+wWrAKNoFny
+Yki3a4aYJ2qSo9509oFTqpb8nX3vTY9q9qvYa4xW65ZYi9ISdbDOJZFQMyo+rcGU
+ksvMMnsAnsebYBCmGj4A+9CQZGRY0GbUc7iLlFATwd7COq+rrlmXB2lnbBY55nH1
+fcCsmnG8oPGHtSTOeAaBkJKT3y5raIqHp/5pIzNbBpdbDkQR9QnrWtTxH605R1xo
+AO32/m69Q1gmeGbmmR96bjiNkdGHTTZsjOLg7+EpuWcE+lFbDJnSTUD5r5NCUHCY
+pR7nQCGdzle6/8OztmNL1fLYbOCHDnHZ+PknixjAj76VRmZYYyBf/nwAQfyhpzQC
+wLK9wyvuqyeIlYjBNYybqji/KgpC8DLI4T8d1rJAVlf0hy85DCGST9/Y8rdMGgVj
+HDJHOTZG1i+YXkFQccJOVIIDZcCIsLmY6xCaOp+208zTUXdW4cpwKbK9gQARAQAB
+tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDE5IDxzZW5kbWFpbEBTZW5kbWFpbC5P
+Ukc+iQJVBBMBCgA/FiEEUKMDCY6i3XvL7iraCeAfoDwMUE4FAlw2ic8CGwMLCwkN
+CAoMBwsEAwIGFQoJCAsDBRYCAwEAAh4BAheAAAoJEAngH6A8DFBO99UP/20PWjVr
+CiCGWWrxVkRcoRHTUnyqSCvpJGJwIoTNk+f/0K16xmDknai/fdWqGVsuVqTZwmQD
+KL81U8hjHlaDyVes8d1nQ2RDcwVpRyH//8U2mhD4Zyb+hZg4eJrQ73K//OQgZfJL
+fjxyjbsRD7UHITKwgdjlXCHFJjfu1tVBGUmUhv8ncjXBRgBB5Pe9vl8y3qga7IPg
+tcbbPqmobPCu7akHioG1/RwzruKKIHVUwlng3DFg/rgZaRQGGe2Hn+8ldFTB8iTE
+uivMZJT2M9p15/tO6qLG+SO1/pB6xuAeZROENtL4ZTnxKMgjm09v8ljntIkkfTmh
+hfoFooN2Im1WUYlU6TtCfcb9chG0a3r8suLTe68uH8VLhSoPaXwotWlpudGwSzDK
+jFwOPACN9QcCG9zLXD/wbpV+PO1vLTkZA6XkIuc9udW17LMo4kvxUOCmiJZAb5jk
+9TyjIKHvX804P/ONbTj6GP+mdxV7vQmTxw4fMTH6GVUlqgBKYBM9GWWiLOs+2iw8
+EMA3jq+9byKYQ3M8n9avg4BlCmyTMXHdeEyKsk2hBApg/nl2vfNASnDrcvwo6S7O
+sP11wL5OjGNI/BCp5LEO36HyUEZTENs6IkiyOp/xOjg97MUY+BrG7Y5hTnKWCYRh
+LEgF54o+ICkDKJAND9x54/59RyFXONoMFhJXiQIzBBABCgAdFiEEpoc9JKTW1ihK
+5Cp18GBZ/V3HzD8FAlw2jcsACgkQ8GBZ/V3HzD8aqg/7B8UooebTLXPgqPm6hYPQ
+5LbRAZtDhVGTMQ8QOlioLQYyqgt6Gn0XeM5E4ehPLMlHS5OjdClk2U3GzNQNheRx
+LpoGxHlscCsZQih3DH3bViQfEIGN0VSYlmn1l804263/Qgrv3iTkGKcW4KcwHJ7w
+fzDVl+NFCexLVBOK6FMz+DTZaOC0UifzsWzv2YAVc/2FV+WJpgfScjZHttzTWvZU
+o7QKVouQlJpJzzWjk3Z6Nm5TWKcqwT1XJxQRi/fcYPB1iAHp+4fN0xhiLhMeTguE
+K6WQ9JJDTgULMgXUlONX3vML00nX/u8Sk0CPKLXCAJxPouH8wohIQzUIKOSQMqtY
+59toRyRQgXMaKHQ4DL6NehkNxduFBAYt0wgnhi48ageFlAK2kKTQV5//obRfSks9
+UR/mLWYyrhZ8BwaFAjDds0oiZRZYr3LsGr4anJ4rHXzTW6G1Z1Css3M+8hnjjgru
+7i0yjkpYaR1mgGkXhbLED8x/B7vf5UvVhQYXZi6wnm9ujY/VtninXRUS0/6VtjEk
+k4Cwh7PZWvKzYpa7I6l5u8a9sjLCCgHCkuDkt+6F7vUaNx5NXrMHXFJMPy8hM6HD
+yzAoES4T3A+YIwU4ZIjneoE6WdfW0dosf40cXK6ufFwh2+ONg59a5ezbEWYAfyy2
+VnVOfiptJxDSV3ITaTih9h+JAjMEEAEKAB0WIQQpbJTb0CgCRb/Tkdd7UpZI7oVy
+ZAUCXDaN2AAKCRB7UpZI7oVyZO0+D/92wYw2cBuQun4hNwskVTrukH2QFN7NcFQY
+QWfwu5U+RumkZ39bY3u/f2pUB9mDLmFUY0PZ9Uk0z1ymJymSCmjhSifqYikYY2Z7
+dSHT1piS2RH51cy19r1c5lys6zucvAtyQAR2jyLExqiR3/Zul1XIapnmvZEv3V94
++PmMGC42gZa3BpUamXh8pMcnMDnrMJ8d4gxKUNbfagXkfXz/MGoldZtq1PU59k0e
+8Ef1vkL5IdiYLzdMprH10BoGyDEuFkKmkFZsIAvqaTla3zwklnqUxxdV9SLI1gCu
+Xnz1W/5B+qFZsiYrUd/VfJVHu1sZlo3pz70lMxbiJXCf8gzs2ezFft7BYDQ/vGjT
+Rm41EUs4Qy4fjSQYcTIobzd8DN8ZfoNtS/lcNpJE29kmCQxVn6rWLDSqYKqTFqka
+2Jgt+fjlrPWJwJrdt5M8y0HPXeBY2ydSdp5o9vFL8SJS7ItiTg4zUZoCnssIxQfz
+sg63SikTP1uZm55X6+3bKSae1wmAXsTi0I2wYEHMVHsbYwsSZrKstPpj/wOt10uV
+jt3mSYXqEZ4JUPlsVQ+OFK5QlhjinDJ7NIC0pu1sagkFCO1wzGs6hoicY6hB5wFS
+WPDfpgr3lkLQ5GB4+A9F8V5CaGta1ZBhnWNy4fQImWPrsvnPXswkH5NxqRL0ha+s
+10EQjVeGVYkBMwQQAQoAHRYhBK0g4aqLQTZwpkJS2L0nbS5vz6iFBQJcNo33AAoJ
+EL0nbS5vz6iF8QsH/ja45MCWmD5+bEpzRu6JvBrALwkAkSd25v6D7FiB5JZFof4a
+an8wGKmQwXvSbC6getI+djWGOg+/O0ios/ePqUW8DWEQqF7poAlzSmb/+dScl1LJ
+UR5erguFpLy9MvY3BwTh9kfZTY6hm17pOhgQ6xoV9dV2awIWB6EDOX/8XLwYFE9W
++blxfAVlJMY2l869Uiafor3ejA9rrJ8dgKlqS9kL+X77FBuoTcGPzWIzemJDKvR1
+eFmFhyrh1627fBoiaPbX7jJkBtaBubwN4gUb436+9SHhSvCdVisZ9CGND/iql/Mj
+gCwioUR36t3fqNca9vbP6gfSDqfRbU2ZACWn6MCJAjMEEAEKAB0WIQQ8ih6Of0TK
+3hFP7UZLyb2ma/cmrQUCXDaN/wAKCRBLyb2ma/cmrQIQD/oC9xA1K5AlOjiRrwI7
+hNsLqfabFfJrNJNhZM+UAQ6Ta1kzuSP/OhEBhwEJ4Oi+wjKr/iBeW1DwueuEFdIx
+tL8NtiGWSP2MK6J78azyUqwj0c3PfBtPsAcCvTpK7gGHfAbfwqgMSscQ12aJa/9z
+k+exoz8dJMM/7WTx39blJR9wGa5TSmIB/qeRlB+t9XZ1+qVzkPm3P0ZkLMj1tMGI
+yykC3C7eAiE1iwRchLfBC9MQkAZy1OPIJaLMaAOKjchUOWchaLoiVtb1fQRkbS4A
+WZxx/zO3++waQR3X11ZX6j3IjdPU+Mt8OuPrE70QY2+5Kj/+h1648ma9EfGhFfJX
+IMMoA/tIkVG1ujOoHHbk7526lkCzRpnX4rCiGWnaI+iDVWzQnud0yN/YwGsXse7a
+bf2gTB1i65VkDFqejBLSdwZC7MOtwKqGoU1pw3vT3NMmYFlyf1SzjTHZ8R2H5bwJ
+jCMlW2YUTGJBlFfeKYOG7FCnQ4FDbjt2ybM+1GuNbnvcx6VrtYBdRiUpje0rSLaM
+dxooTR8LqPM6PFI8HCFtH9IcO1U9/f9UpTN6eH5BoVFHcd+Ip5GYIPmHisPFYVBV
+yDJLdMNMZJCeGXJbyEo3LCpIxvUuxHsEhOKD/CHLNGWjlCdmGfkpo6GFZhnDilXH
+N5h6X/JXxhHKaz4ak4rMqxM1VokBMwQQAQoAHRYhBA9clq7I5p6cjlQuXG1M0ZQp
++wPeBQJcNo4DAAoJEG1M0ZQp+wPeEikIANxxso7vpCamTX6IhEX6JIyisGrY6FEk
+Ctea/tNX4GXdqW0tmQ51BOLApp6yMkJrTsbDjps9FEkg2rNiM1S8eDYyZVBl5CMU
+J/nVxyrF8KeoF8fd8im+hhxcDmZixw80935YaFTJfjgOnDnsbXJ+VpKEBv3Ri2P9
+0HswQMwqON5YOAnYV9z6Gzt9AgD1n4LGlB585G+XBmVxHvYti0G9CE5riViZ5dWs
+O0KLham9gjbzTp5d5ux51V8R+1pw/xeytisVkrbiGpURP+zw8Wzj2K8/eKGP69C8
+W4d8vMpTB7ivOG7sfsiVHnpbf/LsW/CFDF+iyvHt1O4B3DofYLceZsyJATMEEAEK
+AB0WIQQwvKdHBfpBVFVzHXuq9bXeBb3MUwUCXDaOBgAKCRCq9bXeBb3MU4liCACc
+Ib9dWDrQ/Hsoqzn0Y5b6Vcm4HZ9Kca9Ye1bZodfEEjCAT8FLLX2Y2h3EAafJL+d0
+K0A5o+0adgfXrtvlstFIgV2mPzqqJx3P/Gp+9wt/jtk5s5hY/S9Va+OqebHiJ2ga
+6z3yFhLhtpIN7hL0B2MS+k8YVAeQHQ3R1eWdoabMa4g8Ik2a118smeeKZAZiI+CT
+AnzkDPeIS4m6WAxvBJOyjzTEUK/wok3Zzyb0TV1EtE3fYq/V887vkm9g8dOza5Cg
+3hhgoogIgqFjw32Nv0skCJuL+N5GdGWt6hh0cmNkdYxHV1Yw0HLB0DknPgYlnqNN
+RQFHaqiS+fvetLGn2XpwiQEzBBABCgAdFiEESfaovoRzOUlRkW87Yd4R7OJ2OnMF
+Alw2jgoACgkQYd4R7OJ2OnP9Hgf9H4Cr45X3FhCb48kJYm/mtU9ph6S5m0zOIb+l
+IRTI1UP+S9MW4geNbw1Te0yy2z7Xsdot3Yydw8oWPv2OCasT7FEPFg2n2BeQqHZZ
+SEuUxXtHiSXv4Mfn0HKLxsUbeO0zMNAum+rwWGAv0yosQBmvfV7BfrwhflKFucFQ
+a+EowlQggC6xppLE/lajti6/GQY5j9qDjvsYEtYOcQy4dSJGRj37pCaiboXJbgo9
+/mRa7fvV1+MbJVS/WFTwvo/09R9r/OByrJiuzpWo/mLdcLQS+Tcf1pFOJFHPoCGt
+5nOKkYu4E2vCi4MAQdMOsshHw7GDunzY3T2gzTTjzqfCirgMm4kBMwQQAQoAHRYh
+BLh9RWmG8ZSEB+XMtD1osl1SB8rTBQJcNo4NAAoJED1osl1SB8rTLP4H/j6Ly/kP
+/pOxfqUSJ8DUzg88TyMDQmRxhmoVuoyR21eL0mf2sVpOgdczNyfysgXThoeTgRMN
+rFw+RCP0yyq5TdVWpL3x1ixtX/c5CUEt+oPSuUsEXh+oj41sRV9ZCzUTAi+ypUON
++LVHah3qko+vGEq0gMzlBIfmyAuboU3T7WK88JFHTD9bwL0Uv0D/xqDuEHtSM8Br
+oflQJruEI8xg3RblhURKobDL+b+G0pzP+LT6OAsgFzy33jvKpWxBP8HbmYISj15g
+dv/HY7yZiaumQIOyFejwT4ZqjxpWGX1IoWMzmDF59jBvxlQVa1LMHnopJ3Q+Q7tf
+wL5IYbQj6ANmY2qJATMEEAEKAB0WIQTKeo85okGf/7CpqyeOWun7zu70OwUCXDaO
+EAAKCRCOWun7zu70O3keB/9yVNUQrJP99jQqmKrTjMb44w+3uF+cRhDK/fXnbENC
+qIbRHA7vVmkQ57tQuUXRHX2BtWCSfEGwPiJ9INn4qY4vLocZqHZc/8+2rQESzrlv
+wwBVNdoshnBjaw2eVLBkDV8GhcYUEYlW0Z66+h19s4RW5LWQse0s5Ax8XPEFWzmO
+0McTGgStSOBBzL/0bb0nHJA67DUNMOzaC3i4DcO3m7psRTxiA5j/mAwpl5p/jnYf
+6CN+njzl272bFhU0TwxomoSG7c0X7QqTVh9hKqz6jbS3VhrkWT2CcZBWhi4QRlAL
+Ji7aKkMHQzjnZoIFAAmje8voB/+f1vkUuxfNpH3TMCMIiQEzBBABCgAdFiEEWHJi
+GKkTQA3mYDYBOaTHfal4hLAFAlw2jhQACgkQOaTHfal4hLBc7wgArGdtwiIPiyEL
+04Mr9AicdyxWnzeMcwNQZqD6quMUek5BzX3u02JpkZnnrfftZ2NXMTHcr0sbcCpI
+K+02+qz7uHf4pZqVIDMF97U2L2RRn1dKcpxO1rKzAZ1Yd3il0VeQ5dPVM+ocMb2U
+Vj7bJi856fZNnOEUFAJdThTRSS7e4tBsZJagi9YIEAYLYmE0a7AC6v9b2KOsrmp3
+yFZ6gVm7wdbNz1pyhvsMoSDMEIt0bUnZpFGzr/EnTS8MTSYGSHslGfEMFPJrULPi
+YohvxMYcBNZCSuJx+CM7VJ+Aroi05FOd5ax4mw2+eEZs+f4BYjLBQ1opNIfo6AjJ
+4n1kXz6gcYkBMwQQAQoAHRYhBLF1lkRTA13O3XvpGWBN+/KFQQq+BQJcNo4XAAoJ
+EGBN+/KFQQq+3b8H/0qTkD+TMuRGq+sApIhXIFZM6F656AooZZ3G+UFvSmk0R09b
+ywB7OJ35mAPIXaZWl0snp4pAjxFuK6SRsCRUtRnGJ1KNPblCycq2zF/l4/QsLKPA
+ROY9M2hTg+kOh0M8hzo384UHNrOwOFGnjwORaHmy5LkOHbAte2D2Dim2SDR8pUIv
+fhqHXMAjm8dPgSjAyfNO7lizmeYZ8ojlAb192snZPZhl4icJSc5QMfmyXvuWfg26
+i51bEVLIVExyk6sFwNs4JZkaDnIonogWHKipHq6oN2ETqWA71a7KwxdLnTk9kKuo
+x4GLDDnloXkm6bthFeZPwBZHgW8hCMB375PRIPGJATMEEAEKAB0WIQSwgJefTQQ+
+GdBaNpxinvjuDIuDMwUCXDaOUQAKCRBinvjuDIuDM4ZMCACssWBTzN5ZoyYvBljk
+XDWnzU+E8PP0rtWCIn9ACzzDTV1WSMYN3b9VISk/mGCfPL93E7bg96H1aziy273o
+U0cBAkqnneRHCzINp5dnKFDRmCraEQAwdogkNnnswACxUWkEwpInrvQTcOajtp1q
+F6jBAsCcFksE4nnrEnCzPaS7uisyk/zXhok9huqehcmqHR85y5/+ClOBN/mboPUy
+PgowlvA8F6NCo7PGegqSdDcMiYncbLdDMI+bsPVuB4Ieg0AweokGKD+mJcn9Wm7V
+ho46NOl+8zgkTZt/UrEUjgXia3jfz2x35Zo21KSgpwi1cLHq9OgEvl94s0Q/Jdek
+VGAziQEcBBABAgAGBQJcNplEAAoJEBCQryClqlvmI6wIAJLxiOGcajMQftn/rRpG
+SwA/Ep5ZVYuIMFrpatU9o9kgofHFWIQ43/BovpI/3MNSRrmgrwEGmAQq+3XEHTrn
+os/DIRN5mmMD4Mvh6uZ1IOLT+DTZjYMwiAz4jW8EtqO6/DU10d6LBABWeysTN1wt
+23Yh2WNhMQz/1hEfJii+Z3ejVeW9hymqVN0tWsmPZT157zZ5LuBfGHalGrfloftc
+VcTUN7yFx/pgdRJHNwr7HTimIinUqgOw8HfgSXOhrwmUsZXLUFBE81KU2olJyW7f
+Xu+SOjKrInPsRfQ1xTZ8H2f3+aHDlGviZ8E63KS1kJdQx+hHKaUjROelLZJ6yB2c
+2R+JAjMEEAEIAB0WIQSBHTq1tuMIw3uuUFMztQyapKHsYwUCXDin8AAKCRAztQya
+pKHsY1fKEACUhzbRpxFEwxuU4nV89QtIqqm+3YQ1Zk8n6aSGCyy405/9VM5z7ing
+v+UTrF97aQgByuwdm+EhjbHsV0IIsE4/5WfxSTjaSZK0/+Z4B/H+l2e+J+RtZl0t
+jocMYZxoKOTtA3Yd77DBI7TR3u0QaQgBhjNHSDO+ZdxY2XQ5K3/PAH0oVYSEOdDL
+zRCBnKWdti3EZbGSpnBtNdDjQc1/wBts8mDrzwHB3KQZYRinRQFx9iCqMb1ifRE2
+38KtZ49uXvk9Zt21TZyIS6GAPh4bIkE+pMaVck9kChQJuKJrK11IygV+HjRIBieo
+IEQzfhFV7dwUuzwIFHUv0ShTKRwFqz8eZURX0kDFqWvocoLMEXtSyj97kEAV+Smk
+R7sOr5vIdscWKY7D+nMAVTchGMFcX+er4DwTN1Ob2WLycy1ALOz4e/UHbMiIVT7u
+86NFluGcXnKMzQH4vFZZmM12UWTpgVqlLrnIzUwtUDoLz90VR7oUzYIR/6FLMtAq
+gc2Wk/S1FblvvcnqQ32yZVmPC5D5TJU/A3zE5w4K1xTkqnBAaUL08U/2UeTTrF+C
+XnGQghADL2LQZIS5rlAyVzZrbb1NzkmwGcI+5+QdCtOTif13Y9SGyJkmdBk81jO7
+f7eLmQL5v2nxA6YcRJFvgJti+WnUKPo/vwDmK14Z5wNXuBXGTH8wLIkCMwQQAQoA
+HRYhBBLAtuJbqa0s8btLQvAK9urCRdILBQJcOFJ7AAoJEPAK9urCRdILM1gP/1Td
+ZnjErH7OGiiav4Z0aX6zMud4Uommlea/em2Bcb1gtJ9aJqYVUBW8LL2ioNVGSjDs
+L///KA8jTNaopty5ux4wZhgx1e7KXSDXCeuM0VJGSjGbkUlnZW3DLbGUiDa89fU4
+Qf9g9hgE7ZADihvfpPcT4xQGA7fj5SEdGN+ApVXNsYenqPrmj89MpFQbQz0rq6bK
+atdKj0bNxdqCvSVCTgb5nhkjJ6XI02Rc7QbU/GooOtHTJISBMencfW868Mrp9f1g
+FAv0CixzbB6qtW6C17hIM4y+hzE6G3voPxIhVx6wP7q2Dd0WoE5ZiX1hISWHBxiR
+1XVkrGHI4ym/XTLjL2doeellvkGveOmTXOjjywIu4DyF2VudCaF1/9uPoQsH28UQ
+Jsi0XFYRol8ebFizLkenJECY3PT2Ndr9Zvs7/hKdpEFjIxBvk7MnSWdrkAqSbCvP
+hzXSKqk+EH1ouBhWOk5zFeEwAzaQ2viOVGvehifW3oW24gGmlUBvDb1tnVrAAfkp
+4JBunttjZnq/0NpdoK0DhrrVF4dW3rEEQI6NLfC+RlYAqDpxpemasLEoPQRvg0MP
+BM4si3ic7D3srhJwZi1Vz9kdDyvE7vZbELvvEKj8gMC9qzKTSvznn63x3IW1ZHLz
+bI/HDBHBOg5Qi8+6EMxB3PWhXQevZaqsTH8MvBbluQINBFw2ic8BEADNMdn1xiVK
+lCEtvmKHzKq2lfgzgBJWjtsYEnXDc6FvDhy88vU02sjMvmbCwfsvQAlvCpZUnfZQ
+gMbsa00Xh7VshOd9+DnAc5e4wcoSaafvWjwCy2ndiJo2ZkeGOH1JKrQLrXazQUlA
+LC3W6AXqG3vDlYUhG6poamqIyuUn3st29CuOnIsxfmLOghWI34L936WWZnkvnpjQ
+vE9WXJn8rndeEaQsGmUuBTT62nXvzIM2Y4ClVWdC6dNUm7jkIPVCF7sT4ozwyvDh
+O0reV/60LQhRpfswz75Hyqm6Pd7ZvE4uV26QBz3F76m+qTynKD5lmmcwiwM5Kkng
+hvJCTEUTC/ILAkHRK+dbJm9aYCi/tUPpCcv2jy7h1xykbUc2i6h1TboHhwYD0OEL
+hij/3AqjkARnQ8oROtyT223omfFZbZMU6YYfygSbN3vnmpxVscXcm3/Yy+vzRNjT
+pwhiZDvBd0zmi9BWXACoBUgKDlNYjXsOfVgZFcUQIpGmnpPdEFChnXSAd/Eidd1F
+V6fXX58/YiTD6VCmUVbVHei+WpyC+nJimmCK/dpV27/42dybSMI287qs1Y0HdAHE
+7pOsA6GBH0XndIX9x0FgREH97UjkHkmZo8b/bPzB7Hbpu+GWNIYI4GNWXwT1bQIw
+fn7BDi2bsuupEMv0jTWejAwMrEJpBHZdXwARAQABiQI2BBgBCgAgFiEEUKMDCY6i
+3XvL7iraCeAfoDwMUE4FAlw2ic8CGwwACgkQCeAfoDwMUE5E6Q/+KqteYu9PiYkJ
+YaXuN4rE2R6OxU9nb4dLVcDyNvePyO3mJ4Guw8zJrJdNKBrhzkQokFepxR0rR0+d
+Mh8iZBYrCEbpfLtpRgZOslHU3JvUiwdThKvNTtA+WI3C5rwM/h4WGXW9kVKmwwNN
+BO5ET63PoiH6xnKXo6J85z/qJDDr3u7/ALFltq5s1LV6ioQ75Rsc+yofQLn24JNL
+a1YwGeHRjG6jTjO33QVGXwRKnf+Mf+h9CM3sVUmoVW+rKklAZN2IQKrJtC4xF3GF
+YYGtbpmyqmEr9Gthi/kFI86Ehl88xA4a8u8gNZjDjwrANWa2J6T+3ufC6Nna4Vkb
+2WrwOwJ5JtJ6eM0rky2yjTfnlBERzY7eU2AvBqLJujXyediEY+8VDSicLhDaaD5b
+HLzFZai99wZmk/qG0P7LfGjKi+wZlLN78aSz+XshC41BqXekuUaUfQimkJEjU6py
+z3q8H+3OrZ62u0Q51PQAci/lkRpofeqhK5ElTsoMPEA/TLAYuQhfN/TCQhRcRynW
+zPA+uEgEveFTdBOPiVQkLHyWQP/5VTq/4lUYNMWDKmasDHEeqibW0hg3nA2++BXz
+8wKIgKyb4NguE0fD2aQgnFUgPQpKQhUftTfP/h7kAzcymESaXvACTyMUIjMJ7SP7
+HcRQfq7rqZkS3NE+iD9D/lUyXVYfH9A=
+=jN/3
+-----END PGP PUBLIC KEY BLOCK-----
+
+
+pub 4096R/0xF06059FD5DC7CC3F 2018-04-24 [SC]
+ Key fingerprint = A687 3D24 A4D6 D628 4AE4 2A75 F060 59FD 5DC7 CC3F
+uid Sendmail Signing Key/2018 <sendmail@Sendmail.ORG>
+sub rsa4096/0xC5A902D4AFC5E1F1 2018-04-24 [E]
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBFrevSIBEACxm52GYwJESogE55TvgxDNybP/6EEtdC+7I6/OqCdalNEcGNzo
+oAnF20biansEtCioTJA3QWrK2dyj0mbxSKK0EuwmJ+x/+m4TT1h6atPmer5/ndMN
+YJ/QloSFposkoZg73QyZAS1pJXMFF0m7cnWpzFHcrWbZHxQoLzalKPcUsjOlAaFF
+RlPXDFaKnFzDc0PLFuip2E51hKGr7GhKO5utPHsZ4TjvYKQEuo8Ibt80zmPdAn3+
+fIjovjWF4vgmIVqlqpWEiroXodNz3cf+CIJGwDqm/L+kL2xMZmeScxnodR8UzfvW
+Z1p021gLPnVx/ssztFZNUufqUMKTov+Dt7//4e/5lEGDNq5+t/vUokfuibTJjEeU
+m4Sh2kBnzFDLGNFIxwWUxE6NFv/oNFl9yEju0L8KtMcDCl/ZzOFSp91qO+e6FCU3
+mzkqRFtmTxdVwoeL/PZEdVJmcZLkJBkR+6kTB+RZwlbaPuLW66G/nNaEuWlXKUsr
+NAyfNHbT1A1dOHoNxu9Wm3JjcDDyiHCJC4B6YAiikv5lLRbF0QPTgpYtA8wtA7ht
+3wjdFn2xxnlXpW98VakM3asruRa76cy0HyZ+vbUSm0gKM+BsAOZOY/0uc7IwwLAD
+N+TOKRc7lAsa6jpGkG9MYyDAb7udjliex3AyhXE3M8goOIc369XA2iqq1QARAQAB
+tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDE4IDxzZW5kbWFpbEBTZW5kbWFpbC5P
+Ukc+iQJVBBMBCgA/FiEEpoc9JKTW1ihK5Cp18GBZ/V3HzD8FAlrevSICGwMLCwkN
+CAoMBwsEAwIGFQoJCAsDBRYCAwEAAh4BAheAAAoJEPBgWf1dx8w/ZF4P/AhRGoIU
+3SI6PTDwiQ6MDWKYK0Ffy/kKM3IYfiVT9KG0+Mh5fO+UFdkkDhFNBXfqRciorpbq
+eayUSl3j/x+xHr9AZ1bTp9u6EkB16x31qCnsOXmj8CFiyNZdP6alyNTKVduaj3xS
+kBl+I8reeXl7LJ0YWFKnIIuWWyLVnruiGOqLekmdz6vlO8kwHD88fBQpnp6p/uDD
+Q2JlrGnWEsq1okaaw9tdwYEmR9gOIEl84tSerDfS1BwhSGjMRYXxhdyXkeNcivFl
+YhNpef8Lhjc7T/tKOEQ+Wge1L7lLM0XmLrhNm8h2dixEqznPMjBYrcAsupBOxJHw
+m7LJqbfBLhnBbq4OD0Em6Dqw9qE5taZnPsENurQdtAa+wgL0gIqYLWG03A4j6UdX
+iTkhRKnxtplbBH/NvYgWIhsVf8wEzbTu0fX7vA7w4pMqSHLi9LJ3iY5Fz7grQYt7
+riV0LVbPbQF4sCavU+KiA/hU91al401Vl0HXbM6luUMQzjlcplSd7CTATZywA+j6
+ErtoO0052XwSsCRd40HFTdTIKQc/+roI1EILzi84S+K3lbBDjid3irQMOE8ZrUlj
+IQnnpKh+xJN+C6ZV9QEd0NJrtDusW2lA69fglOS3jVzaL7kOdE2ERioqTRS/9nDk
+gbBBGGtRT09XboNdR/wSkV4p5Rgwt16BdBw1iQIzBBABCgAdFiEEKWyU29AoAkW/
+05HXe1KWSO6FcmQFAlrfsXYACgkQe1KWSO6FcmSIvw//d3zeEY3SYIQLrYmnRm2x
+mzq0oH/VEMRzdJysStEukkcpHTn3TJQU0Iqi4MGG/Y7gx96ymxE9vxfcsnV59DIg
+yBvg8axawO3pGVgFY3on0GmyiG1meriAWh3trTT4GjM8ZsBde4tYtySpLueqU7fb
+GfCA+k0o+u7q761DNyhpTAGtgZwM9ucbheFOznpq9YaQo6wFjI+0wqRbysLMb7E9
+365k0aJHD6NMZPfQ+1HNQffFhnL4Ge1xkFMUiEWB3pUQwUy01f/GhdLyb9VQsNKX
+rELJo/U0WbtF3nJEdS85l0fOvfPeFEkhU7XnO6LDvzpV0+DtHTLA4brZi9kCD99C
+CS70Y1OY9oSt8adR5MdQZlQ6sAH4ovc1b8EKHBQIQ0iATQTHCVLFwBrTA+Ve5xk0
+6Mr0tj4DwJOVC/qAUHihMYGQMSr9h/GZ6QHF5NZRX6rjFhFPul9AfzT6ON3AqqnK
+oFGBE8I+A4+qo/HOOz0OrXul5KsTMyoymKsH7pF0UHrubRtphonXxyFz1kjnCarQ
+QuB5dlx/gmvzbIpiwJsKpydfi/aF8yklU83k4ZeL5UDoD2AOt3EeWQjSvAAIG8d7
+lgKf92ugY0Rct6+Yd98eTocHifsx1o2fI50+rG+svDvKpEkBTMm6KWYwHxjn2GSi
+K/s3obWgV7eRcrpsslNKrDWJATMEEAEKAB0WIQStIOGqi0E2cKZCUti9J20ub8+o
+hQUCWt+xogAKCRC9J20ub8+ohXS3B/9nKiYebxscdD3PCWmOqGoW76mPCny6DSaD
+De1pD6FD68V5X6T/LrBH+1xh+fYSOtkArXykOFtfkT7ddq/kP5B5Nu6JCTBp2Trm
+bmaXhj6wdZZMjrqr7bGLWQLI4UyjnZ2zMDs6RniDfsJ0HGjJt74kwZcrjMDabN5x
+y6XVfqyzI1ovxrfnp97utf9KFaXz629EWd/8iIgEAMLl6dWZfd+RLa2WkbKYpBW0
+GKN73rnUzO1z6gtAVyX7kCV9P3ib4TQy9MQ4Coq6bzASAJqp0woZq2oteP2zhmuv
+Nz+NIfCkKoWzRRN7wL1BBIqE3f+AbeB+IwvZDAc/RoGnawekbUbeiQIzBBABCgAd
+FiEEPIoejn9Eyt4RT+1GS8m9pmv3Jq0FAlrftzAACgkQS8m9pmv3Jq1MAhAA0kKL
+MMzJXNIREHCdsFTZmh7XPux0JqOJG2KPfAt7sRzTcTZjROKKEuGNCtoQ7IIz73X6
+Dd7on8P7Xys4l+x45/uhDnS3xvDbprxha2ikkDqWHviKHvKrtLu8Q3ECwF9DCQce
+uARbLTthbDajrw4SbqQWgQ4C8LZIHlyNc0h+0lcVZtCsbr8jxBDkKynhBEgbV55X
+WW+w58d7yzaobfIG/EeQUyezVUl6xQADiS/A+7axSW9Ii1Poo9PBqhzvpMlkn4gR
+KcjWOENTZ+Fwep1Xb4HuuvtuW3gdpopzTaBdx6A4v6u9g2JjgpINGwQh9zLg1+8k
+iZ/JdmOGzoIIFxI/tZrOl4O8sFlBajnnQBuE1nZvCUcIOjzNKeh/wOqg5hFV3wgo
+046FSMcgYARmuLZyx/ylvClgbw+rYYR0oAFu+8Y55nFpiOhbT3fCjVwpPdb8n9+E
+2GDzPNFkvgP+kj/JI+tPPUppjCFAisIH0ei/gTcFMxzkgA4SvG68QtYXAGFKL4tD
+BDDV39I92nQB6RFzecIP3IFGcTNbCSTLM1oLGzm1MHa5Xft6n8G2TdtoOxuSLbgA
+j/0+UQUWU+8TspEk+dhAV0rNhfKsHWqjS3JDZcDPNrUj9zt3AmlYm7Aky+amaiGH
+QrigKZalKJ8bJJIOmW0CYGr5PjXAMl/geUTK/66JATMEEAEKAB0WIQQPXJauyOae
+nI5ULlxtTNGUKfsD3gUCWt+3VwAKCRBtTNGUKfsD3kbtCACRMp9bYistKbh5Sjrb
+7fnJ2HXpQAcMyYMxzzAoCrR6i1o13X/lb3yuObB3EStCsjPOIIp15aIMQE1UPKSi
+7X0nKwj6Wxt8fph/9/VkKUDeMkXkFivM/rxLapVvaDJpQhrOWdIPq3G1pyGZYVxs
+MrA80jdqpcpjzFmdYwcTQ2Dz097iVSGsq2N2dNObzZsPzZ7gD07t32hJ0vrjqc19
+ia0JrqShLeF18ZSFl3DbdvTFX8VQLrC6kDt1atIMf4oQIwDzF+1EFx5ImosQTHSi
+qC6Cr41yCkEpjzvJkryKvgRmV6zjdROpsglzoqk5VuxPgK1TWgy5FtZde1LLUswl
+Kb27iQEzBBABCgAdFiEEMLynRwX6QVRVcx17qvW13gW9zFMFAlrf3zoACgkQqvW1
+3gW9zFO9lggAmNxo90dokXDyn+jDhddRA+pSAgcaEkBo1McfwQTDCGm8/lN3tC8j
+jenFVaLzg+PgTwa6XV7hp3MRYmCcKHMVzkDMx5uxsYqKDWGK13m3uIkOBI6gbKxt
+8Sy9a/zY/fDdFEa+znaGJZp01MQ/kqK4naoxvw1VwFrPT5hNtLB+8vwB25JCNa71
+mYE3cwjg2xr4YIy13b38iXGwL4XO/8EvCyHt5PeCIr9Reyy0ikVawfjLfzmC2QQ3
+q5a7ZiLwdNQpL5vA5Y4fyFTlj2s698ikcQHxeAmov4H1fEZdD2b+H7EBVqDNXO9n
+OEJ/GAvCWIhX028l1k1YTbP0z4YOz4tAlYkBMwQQAQoAHRYhBEn2qL6EczlJUZFv
+O2HeEezidjpzBQJa399QAAoJEGHeEezidjpz32sH/1CLIwp6Hu+m2y0Ae6IzYB+R
+ZbgJJsAGT5PnmWZXQZIuGkmT4Ctaoo2IMPh1oolzjg6Vgf0ueA+JT4959n7lUf8o
+v7xYMpms4uu1nk0uGLUF91E7Azu6nVZyYk4Pn9ClbTb0VbaxlI0eMKlr3JqEdNcF
+Un1xqYwdkc+JKE8x0BP3glcYqA0s5ehKW7e/qnFPraN4Rhl+HedxcQfl1JaxRITY
+7aOvSEZBN+2R+sEOHpEITf6sYAekQB09vjxMXNAoZbeVQcZso5Q6DwabvET5kDtS
+XIB4/e0xWWWwFdekYghZaVyPIpFJw3KHe3Foefote91ep1Uhpp5IBvUGC2eL8vyJ
+ATMEEAEKAB0WIQS4fUVphvGUhAflzLQ9aLJdUgfK0wUCWt/fVgAKCRA9aLJdUgfK
+08d6CACvBe7VddSM+6gKbUaY8c/5iopR4f8lISBwO9lMcoy743eLC5R0uRh7I8WJ
+aecmG5QzPGY96NcnlJLnFPlA7EApN/MVjEOLO6OPil8Te+N1f9IcqIrERMeqkVcg
+ekZ0ZA1hlwpPO1CikF8HGsUMvojr+PsO6JQNPDvqwnNtH5j1HNinwD4JYetK3PBU
+KsAMYM2gtU/TjRXTf6WX+O9bAJr/7F4e/bJF7GIbxbZ6M1opFibvZObcgKD7xbTD
+mHoOOjD03Fh1WsMUZMsBQGqXvyllhsU8Fwjddstsj2JUODWDSn9Apq+IICWIWNCY
+orwTxxjFOfROSjIH5ZzfnMkSSc01iQEzBBABCgAdFiEEynqPOaJBn/+wqasnjlrp
++87u9DsFAlrf31wACgkQjlrp+87u9Du9jgf/XM7SVrzLtALlkG36iZq9YhsInbrO
+Hh6Jh7M0HT+yYK3X4lRpvWJ6MsYi1CZitjErA4fUc7pwZgpPNPlvzNFcdMTngnr5
+ZtZbFuUZFFgqDHX+LgnDePzvibtUZL3ZCHaJFcVHGQox/lj4AawOlj61+nmST0S/
+CPGmP0pFs05wesMVZJAmYnbLyU6wWOIbcotNX9VmEd8QRAiCuvukYRyYKBc8iIuP
+uFBHJfhDkzUJGQuoMvFBIvYJPWVU75D84100P7oDv6dHhQVhWJ8URVfzJXBzacpn
+6R6xpefkWFW5GcGWCyR47/YnMLC8AwjtJwzFzv4eiLWJgkh5odiTQoxVJYkBMwQQ
+AQoAHRYhBFhyYhipE0AN5mA2ATmkx32peISwBQJa399hAAoJEDmkx32peISwsO0H
+/RTspeE5jaY49uTBGwySMFpC8vRMQ16zpJlRYC97iFExdZY6JYRWvYiV6rvoOTf2
++j5xJgeUjqNuFmqUDrqpTGxI4J4UNrXxDc52d4Vy8kV7aBsRAQWuTqn/2SXyMGMT
+TEKLV3a81ZqdTrvSbKf6wmIPHiRp00w3QWKw9dBW4VGQ39a7ojrH/KzZ1tIeRAfo
+80ZJbI2KAxVm1pzMS+gQrEOYcmYE12m0Slct12dRxjDvbJjwlrRl+ekGWxVsxeLE
+i0aHFUA9gAGfqrn0RhrIth4w4h6xVNztDK3OI6gZeTrMSDFntfCIr1wxpZBVr8Zm
+vOE3INqKFor7nQub8hXDCAaJATMEEAEKAB0WIQSxdZZEUwNdzt176RlgTfvyhUEK
+vgUCWt/fZgAKCRBgTfvyhUEKvqD6CACTT21nbX7cRG1MToFa7e3ktBdsug1dcdtc
+33Gd27FBU/BDYO/xKH2XvHDcZk+YpS8CR89GzFr6Y5/hfp4K0vp3pJaS24oxRMho
+lwByWVinA4ZCD8Irgr7TsAjKXESn80P48bkIPZWkGq9nJhQ4E9l7TF5L6dd7xR0h
+nml/JM7PAdLrtX9wYx4K+Ars7GHgoJ5bcJZuzl7zChEhRJ0jOq99AggsgYr2FXSp
+eFArLv3Smy6nMr7NQMQ1WIRKIMw01uHXuxAOWsKIk0+bpQHVgd4I8qLtg6RZYABZ
+dDyQAZ7R/zSR2xpDklsjK79Mk3TfhURbzLQ+Xp48VrzW79BenIhYiQEcBBABAgAG
+BQJa3/MGAAoJEBCQryClqlvmZ4oIAIz+tnXrCyBceUse2ganLrxQKrxENRXya6IF
+zJSi205YBoImvOoUnlSddnteWJcy7UFCdYclqvKzo/NQtcxuAn31aJCdOxE6rCjg
+5Ta1ovDExvbHiit4z64J53MzWOA/jDLwlgn59rVZHvjldn4z7bL3KfqRl2H3j1G4
+VXrUy5NR3ldcbvmiNr/J4S9oky2yqX1AC5diRZj1mwkf4filRT9/mUPG7NXhknPe
+860wV0aGpmip3N+Un4Uvaoc0es7eBl/NDnXmfVwDmDGpWSW13/KBHLQf/KGc96Db
+BiCBaX0VTzA80ccpNn4kBqS+il01Q+VjruEd17q0xWfOL3br/Q+InAQQAQIABgUC
+WuCLKwAKCRBfHshviAyeVZAfA/0btCG+re004G/YNNsc6FXg0/sOiOnDb6JoKFBA
+RCt9SOUc2zxHiPKO4Ne7cMKJzzX3mkYd/9OvanoSgFLGoHu7igGz0yev1JR9AcKp
+y/ayoVNPpc2zv5raXHNjT28krUdORJoBu+/4WxxkyEL831Ie8f/kRGTJMvijjgi8
+5mN0WLkCDQRa3r0iARAAtweA/YXT3KV6p5M8SYQOxdkLlaE/kqmfDaBXE+1Cxvh6
+Y9pvhgVi5z3ARbcL1ybxXviLUVC0FGDlBAbcp6IUOudBDbDzZk6PPz+GfvOgrvE4
+wNYCTSSoirvPX9zfZ/BoxNpLYgyiii5TBD8I/1H6QrLPcdJZ5ZaXi1y98Bbshjg5
+oUhsJrxUQ4Rgq6idhb9fDBQ9pYeGwYykwnbG8ZFXprjK8K42dMkDibHFQ6mIsW4B
+dDHj4PJrFGeLcTR5IwG9KPKwjjOad5mR6mOiwgTm1JGHthMwpNmI+gg274OmEq3c
+hqafgjHlDB1BwGE9lT+l/w1ufVNB9NC/TDX3LNl2+fquSN4knIwppArU2OiN8RIU
+7cIvukfu5FsUYyjY0xHfObf664CftCkrK/vnNtb+BNjKat0s8M15h0Ed2aQxxwYo
+NiqLP5of4RxD6UHT31m15PKCN277MYjKdZDn6l8nssGcyZMyzk7IMhvMDF6NVTpK
+4Y5B0W3nZODW/SwkFpHQo0Kc4vJAKF/nKS473jtdmLm0R8A/Ldp1rFQCV9VpbMAb
+tu5V0CKXdTjDRo6nNrH++oCjK44pAaB9qGHoEhJ1T8yXuy/lYdkIGqD+qAr7Vrn1
+B82y7oApt9tB+lKMr7qvZ13bdDFH2iWkx0wpjw4eRqV+lOrqu0ky+ZP+LZcZdoEA
+EQEAAYkCNgQYAQoAIBYhBKaHPSSk1tYoSuQqdfBgWf1dx8w/BQJa3r0iAhsMAAoJ
+EPBgWf1dx8w/vRUP/2LNRt3Oiun/QLtzYQSZX/bwhRkDFExV9kMhugHJwDq9fzKk
+HX2oMYRluEXYfVDFjmWlz+7tJBeIoiz8mA6PTUT/iR8xPasixhAxsD2kfPhwmF8k
+dpQMZSiHzmQiAHPo8w/ysHYZ6vljGZS5zImTgOb2kXlGAgfg8ozfNs+9V2PUThxL
+p8y8NVsA02DZ/pp2VdzaCTzojYuFcfemClDiIsg4JOWmQXTBei02UP7IWewp3TMD
+OnPoatbGYMZOKjSD4vXLfyCVHfo0Md0KmjG+sl+Lz1QLIe3VaQG9Idtc2pd8tf/E
+NNW8DGyefewnI7MNMT0z+oEfC9RuePK/Ku0wTvArmPwXb+PXTscfM0Jaiga1O0fT
+l7RYsrPuW3FssnvbaLiF2ruHRLRP6d7YpMCy3S3NtVKQfln1JVKd2XS5A0Ru9cnz
+EIkiNVwoVK8gbI7qWmJfrKFFuSYxcGu3A7ari7y/MnpDgzUt0BWqHKBIqevrqpCp
+4Dir49TlDkGuTXz6Sys/pn+rJsIyzwfgYGAtN4VU6Dz/dP88tM+nMJuNv2Ez8R7h
+qV4Sdj1WmtUd4DPZx89PxW+YF+ZnOx/bag4MNq0CMY0LijswENRV9v3jZwyy4r4p
+fvZ+LS/6hJ9C77uOaBqoDPmtpn0WDqc3oDeT81Ans73BZhwhFAjzpHp+XnJQ
+=K0Kz
+-----END PGP PUBLIC KEY BLOCK-----
+
+
+pub 4096R/6BF726AD 2016-12-31
+ Key fingerprint = 3C8A 1E8E 7F44 CADE 114F ED46 4BC9 BDA6 6BF7 26AD
+uid Sendmail Signing Key/2017 <sendmail@Sendmail.ORG>
+sub 4096R/18F184A2 2016-12-31
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFhoDCwBEADYQ95sJfLifvKQQvGoYKQ7xIs/7xaAZd776TG4HwfAkQxDDgDJ
+yl+14E0yijWPwVbNGohytOS3MLbBHD3HzlUmxJZRz2/yCuh63Ok49Yo/84g6r99D
+TSpXTZGvigglS+hdQ5C7Vt1N0JwP8FVoRxJHGpRXxHBSGamzrZthdBUSvIfLVlRf
+ULpcV/H2VyCAO5RxqFsEIoFnaXXfrHBordArWpb9D1GtCPsHKP4wqh5+vev4bBzH
+bpHgz/385dDmaw8PZmodlPV2JhqzHAbevjaIst32vnQRU4ElKCuVkTSGNyb6IZk6
+Y4sBd5VhzUCOqEKxTN8Wn4AOAWn2HRskZPRVwlCqjG4jjJCjHY5x8w9yjaFuUF0e
+J+OEN/ZPyXrv+qr0jzjAL5nNdi+P0tphDUUQp+cZNDAvBs8JNWQW5Ddtv2FJmmLb
+OvJe7fmtwD7cHXvQtAZWffu0JBT4A+8kq4IZAt6bCp64snxfLuYY8Iow3G1RfNAK
+X5uemQ9ME78irCuJpUgwPJeBkM3jrOQvrNyHrWXr//dnKjO4OXqFYKJMg87WF0Ae
+c/XKuQ+MltMyRPQh4+K2KQNYEtaLn9ryDK3JDE4DxCIU/ZxQbaj1GZYOdMlr0RKs
+gG+zVbTg4WMM1ru4aSHT3NzCLTTRmxXIkDsTt65/BVhDPuQqL7PL4Y+4wQARAQAB
+tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDE3IDxzZW5kbWFpbEBTZW5kbWFpbC5P
+Ukc+iQI4BBMBAgAiBQJYaAwsAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
+CRBLyb2ma/cmregGEADNyKfYq6z1WsFo5OEB0dwAUiW4fFWzlFT17xbvNAmau2g3
+EWv54uNrDdE0sEX1tp2piELc4+y4vKytMU23MnaWpubeTP5A400tA34+u8T7U1yu
+zQ3B35t6ZJCivoC/MTxn44QyqC42/oAvePGBsoh8EmaEnDYijO8R/2R1lb0z0BQG
+DMmclYZYwZ4DxVD2r5eOX7vT0eOxRWfmgDA3H+O5uOP3616znhVc4bTlWVznzmAn
+r1G5Fui6jZ/7GhlvB0pLwfZYJ5Y0G3sw8y8go0kkNgSh9J+xLmWOzUBKkKUlPeiw
+eMjrPBY2KUf5u+li/nDDyhILizJ80XwcYBRRHCulct4dripluecYOLQQx56nNGaD
+Nn+yYsWitFv20jnfh9Tjkp5yeesCykzoSubUqc2v4U1zSU2g+SRPVqU2bi6Ot6TC
+RdyW3vVkNMwyZEERIBQ8C8bjm6ORcKWaiX5cQ8K0ClauMjKwsSp4VzSiuuNvLN1C
+UrOpKv8Eq2RTbVCDHNwDN3Ynm5x9CuVzKlIrWz8T5vNYA8OF2d/u9v9XBwTI3S2t
+zNJpCqLXeGWZj1IYmrEdNNZOiWikUbjVTj6tbEOXRNi07U9D6VYSHT5H3n7lyBkE
+WLvEb/IsvMN/GXmJDdOrEa+jPoAv6s9QVl+dtPzcT5ar0Md9KSdsLipZlpQm3oic
+BBABAgAGBQJYaA55AAoJEMApykAW9MzpnXID/2PhP4QCHxxnxAGpetXGs60KsLVn
+HHpPb8RqBhfa8+FW+on2DqMOHCwSv+poVKf/JyA6vDUXdv7JU4dFPgK4FGittD0I
+g1VlDsY4gZqlPl1zAqL/8hF/Yoh0TCB9mYKj/6sswTKcAoAd60Kl0FEqqY3bLCxR
+8lOQks9HwvSiU6OYiQEcBBABAgAGBQJYaA6IAAoJEG1M0ZQp+wPeOmEIAIMy0TX0
+7/8Tgd/gSTmiM2YE0LT9iSaJuB/aHe9NVi+JooYpgBgp6Wj6k2jnl5LUpIuVcW+i
+Zw4YhpfsxjZDh3b5WYGV6NHQBTncII1A4yqIcYpKk++wYm7GlmRM8BcsYMscdfF3
+IzDStvbTCV1rylDHykYoio2uCyLRFTZoxtCaRUUzQmGzGG+FIYtw21ZDUzXY46/X
+91j9AQEHyXzjSGeKojTBVp/+eJZ7UyrvwXUR7CCxBX3QlLuHOIyXBwM55kOEIOzB
+VHCKbet+Tu5fcJCXBcWxefJe4u+jtjGjj7RcDjsH1WVfCZkT1nVohrOsZ9muksT7
+mIGlf7KoIVaDTeyJARwEEAECAAYFAlhoDp4ACgkQqvW13gW9zFO/wwf+PZq/fGGZ
+3HrjuiuThPtqmBLO1gOelNPRvDxrBIJ5ov0blSkdeeMfCzZYY6dfsp6BrO+XxDEh
+hcg9chQAa/PislHkSImJwN4AFkqHNrqyGJmiCxYDkSy5vvOBRtbqaHTf6LxbO8eE
+fqSBf4x2WotL+S/6sbOQj//O8srdI/hHIgU1LUGkbO7mMtYUOeKk/ivQc3TsJk8x
+yU3oE+fSGd43WqPMExPBWFx5FjJiHh6JCBL8hbeg8PMJcN3KBg94iIASh+9u/JCz
+jUV6QM+QsNFaK7xErv5FGNjZmbSiJgG+sf13xL1zBnclchDzPKSoSR07jXJSlwNj
+0N71dLCs2ijnzYkBHAQQAQIABgUCWGgOowAKCRBh3hHs4nY6c+6xB/wKmtQShDYZ
+iHQm35pD0osoQ07iY1n2mqKQFSPTiUcl7G3TfO6HWuQpAkQiUsMbGMXbl6Q7/YnX
+cA6/vkLf0S0uV0h1lXs1P3kNao8U7zKdt6vyWw3tYA4S+MHGKmNZSKM3anDW46mB
+cTxdvkeUogfw/qA1CqcpTJSq1RMuV8xNxU3bhEpdpbnUbXjpuMLuQ8XHYerg/D01
+npnee53/vvup8ZvGkONdPzxLj8aa714J7ugIz71VCenBvmv9oLDaiqhCfpVkxlan
+J5fEtJALXbM29JmCXD8ns/LSjlGJUfSHm8dOssNh6zCqdSYKrNV9pI/SZHNXLz9h
+T9Z1IgBR69MJiQEcBBABAgAGBQJYaA6mAAoJED1osl1SB8rT73cIAKjIZ3ZWATeo
+BJtdl/RUnp2zWRRYVDgQuAoRTeHGrnNaY2QWM9XaarcX7frUJKiTPfSKpFZWt7Zl
+u7OKMq5AzbnAkh+kYEYmYO0/fd7wdDaQ6IEXw1xSYrtGB7js/VzUGzsikZH3437/
+ix0FE12N8z5emLhO8progdJDq44jlJZGfdVs02TqvdweyfKBtqy7yQAcIthwlxMp
+ts2aVAF3Yh8jV0Wnof2QNrIuTpXD3MoH8hFodP0Yfj49F1NVvvnDBJ6w4L8sWl/+
+MzvsB7iLaEUz481fc+cg8kiOj/IdFapVthJQ5HBPI5SzLdTGzynLARltXihIvTgJ
+DOg1YYE9KVGJARwEEAECAAYFAlhoDqoACgkQjlrp+87u9Dt2cAf/ZUIDOtJfIMZg
+V1JpfnPeFYy/8U/9SRVbjggbSuEqjdL7T3QDvJm+ECABQeX0xuqQMFdfAqMH4jNa
+Kqm4aeujMGqcCrVg9+nrwM1lRo7gJfX6VXFL8DC9uss1sb+mhfG7ETRLdLN/w863
+tsslbmBVGNzrrEjBzMz+Kw8VFur/FLLsl89AMhkj0elu6uto2tGuuJTrCRtyPtXQ
+zRhTAHwU/xZO2xeVAlqa9r6b/qYee5gQhpfDfxWxMM7N0DtdMkBavZP9mtSaVraG
+g5/89oFlRxgYhNwb20pgBnKhlYiket5hn94feeWkzqXNJIuXWtfvxyfGRNzPUSxD
+fy1iqN6bz4kBHAQQAQIABgUCWGgOsAAKCRA5pMd9qXiEsLehB/96quvQvQeMdBPw
+rCAUv0TNgeF97HCCjLAuNB/2VrFJeyBipxBIwot4ba3uD5OHNMAzdwMcKizb4iwE
+KxiHWcalZSY8EBxaq3T9X7oBpLmrDwncqpA7HLVhCd8Po42W4AHurPDFuzvHpaYv
+bgusZl8rLDC3UmfhA/o3bKgq22EcwTb4uuMGUCfu89+wH4Dd+sXwU+hM1wSccqCK
+BlfMYVkLZf+r8dkwiIEdjesZjcmZVsYkZwLve6NNGmX2cYopBBTfFplKe3M8mfnf
+5+29cChN9zwDwUAnSLiIw37gzOoKnunXr3KF3GkaW365nciefiwDbnVrhSF9jmXJ
+J3PQW+SwiQEcBBABAgAGBQJYaA60AAoJEGBN+/KFQQq+svoH/joWMORd7D4zPTcr
+ytbCbmklEjk1eF+0ivtsUEizD+vYRjmEQAUgDQxIn4pC+oIgonzu0LLXrK7ksyN+
+MbYp3bp/4n6fU042XXglwsanpsuptD//fywa7ESNAwN9rMVKZfnDdYQH03rnX9El
+KT2SNmdC1mGknRvT5OYLgbEYxe2tzK7OIDQUfJdkE7KE8Lj8YySqXP+vuUsWpX9W
+6IKeNtNY1d1Yqxh6XQqPDh3au+9d6OpQe1THc6rosCh/2cW36WFJLEV6qFY+AW4x
+U+6tInWWCymo859rwPWRKukROD4hMDvwSNqZnH2Bc2awWrMwifDuiCghzXkpXUde
++nUhZEKInAQQAQIABgUCWGgOuAAKCRASiW6bp38kKVR8A/9rUMeDsUo2w4mRevgr
+KRuOib7fQsyBQ2tDfr1VmAC686fTTeVKziSuauCIiM5c4ZYlvnjo+wLm7HmpKmKq
+IOkJ+dpC9MAvRGXQ2z/Gr9C7pJ0p9EVgGNV2tlfKESxP1ADS+fdS+Zpw1x/JZcHy
+LRq36JeEWqd9SGnYQ8zkLtl0YIicBBABAgAGBQJYaA68AAoJENiq8Mr2swcpfIME
+AJyQU3wO3lRw/RRrtmgrnpoAL6wHGFI+kdiUZWUc2Q1qC92RsE2i0/wOLGquXla0
+LQ9GZWTW6kU9yB0+SrFs4unHuKbRGbLQRkuR/Z6m0Uk+/oeXVLmXAE1ID/q3s3Fc
+V6v/ojLLaPwX6Fg32Ns01aNyQbxnWzCZSGMZ3QeeJwcLiJwEEAECAAYFAlhoDr8A
+CgkQl0MBGHCTuEFezgP/Sb7C7rMa+x3JSjpHDyYokOTVVc4d/RF5L0dQvM/voQg9
+aCec9CNHtUSPSzW68lEI59WzpSFv1HkpiPrRFiim/t1twaw97uU/0qFqdHjmS9st
+qK54XsEX0UbhefLA/esVpKRk0F+XJvb8XdxKLUkpkfFQO2izdkzNN5bsDPqfdjOI
+nAQQAQIABgUCWGgOwwAKCRAee7PIr5WWJRSKBACaWQj0KI6L+jBMhwfR4fRMtePO
+PcqDyWvRolu4XcqgwxVIVPGE647ItuRjHt6byHeGz7psBWnJo4oilYD5B+uC7Voe
+Bsf8nK0hzbEoKE/Gle6/O0i4Uf1f88efhYTvfvCD0E48HEy7qV92xs5sXKiU2K9a
+dGvGmZ4YyMvUx3TUVoicBBABAgAGBQJYaA7HAAoJEHCgJE0e+ZJRt+sD/RYutdJY
+TxM2n2WtW9qU2mxNhqpg2gPrKSCa1ecXkSG2nwOLhAtYYMJ2Mmw95MAVsJel0LQB
+YO4yjIsM/kBwkcvRzFfgMab05Iine9lMEsIAe2NtPpLNGnJBZyo8e9nWoPWko0Qd
+Y2W7WkoXH5XFP6Ab+BlgoyGAS3X6Ux7niPjriJwEEAECAAYFAlhoDssACgkQyNXt
+KZX2F3F0RQP/QGqxK59oyA4WTKoaVDKm91ZE48oCN0QH3mRiC+eLcmrHaDrQcWVT
+Y+Q2F3a8ZQpCQDWq46t/OR2G6R0zt3Uvqrgy9tqNuzs30NGWfDpQoDZJiWitJEIi
+9emmJ1lWSa2OE47vO29/Tka0jr4t9o4w6mh6+LvAVy391NmInktb0JKInAQQAQIA
+BgUCWGgOzwAKCRAhg+GxOW8HiUd1BAC+T4PhWhZCl1UKmBpqcFzR0FuMXbKxbfN5
+nFPQmaUoxm7EaTbTqSh0iNXgOOpPt+W5C31+eATVmv3t8oMOmk2qt93lbAoexPpk
+yETfqLgeA7AkfcPVEu5zLAlSlqpWbWmocy0+RWLRr/vgdrOTu6Ncf8Y0ujoFNITM
+LvDhFPVY/IicBBABAgAGBQJYaA7TAAoJEIlpYrhnjAoDEfID/0YCPh7GyoYO3MH9
+xR5oNLIm33FKpg48OIt2nq3vW6Kq0CHeWo6MjiKbpL86zbxvluvKWYRymC7uUPDZ
+pimbvzXDuwOvmBsyX6Q+YpMaagBVQair//ywWoVLQz3+2ror0ng4BlDpLYzuvDrL
+25c9FEqbYoagGHdlsmEe0APb8mBziJwEEAECAAYFAlhoDtYACgkQOCLbR8w3Ty1k
+lQQAw2Zr1AVvTeq3h9tjI8uTVHTvqJVvObiXIaQBy6gvnRgBiFmvtjySSl/N8Pwf
+17IIFTVIG3JvhAYTO4Sv2D9D/8l29C2sDXq9wJyL+uWMRywZ+3c1IyP7VVt3m5t6
+8tZqElt1mljKrriGlWC/9HHHqip/rR7xdBxiIqgBm1QL9E6InAQQAQIABgUCWGgO
+2gAKCRCcHL3i41xWNVWKA/4pr4MfBe0bDk8ycaeiinbaUSFXsY5z1JfZAk5SrZ9T
+CR5gHxcB9ejR8WAPFfVeKJYyeFCP6tWGwUjFih54zHtary3MAfiUVMv1RfrsPys/
+TnBolnupYgQZVQgiEVIshO652I64OIbMAMji0XUNBbI5gaG3JlcIjFx3z8mcM+ew
+e4ibBBABAgAGBQJYaA7gAAoJEG9Sk9ijm6ZVtEwD+NlQFU+rQXoqiN8wRfGZInbz
+H+rD79xZjOUVh+MOCsvJVEyv/RpZH6zVomufx+/QCaUZSBhllPxfNSEOW66dxxca
+QE9tf30u4K+dsVXthZFqkmFxMiyAneTgSxYvCgz3XJJr0MoHdMBfGdANy0zbdeCG
+mVNdBcoRb5VBJNyaj9OInAQQAQIABgUCWGgO5AAKCRDvWJZk1DLhnVFNA/4mmbKZ
+8I9Id+gOPzflFHNpzxCS3Rj4mSmK9ZLgbhYeLoOb5Ts+sHPG20m1Yt1HP4PlWBP1
+CtfB2YjGUiXIEPvmfM/MwjEPQFmn/nK+YS4fRLcFhOnEGr9eoSdPc/9d/9QkHqrt
+wDY6xX3XCJwnYz78bwfeayHpADY/yQyvhOp3SYicBBABAgAGBQJYaA7nAAoJEMGc
+HSUS00YdAR8EAKWwdq9f4n+PDYvQZOd5N8OY5Rp/L0HB5iLTh173DKBmVBirlWtC
+b2147CHekJFxZ662TGzocm9oxV6ixZXOcprXlEmAXDJyOidLGg7vaUigeBCy5lSm
+gvJ2tXd9GQpO74sWAfk0j6+WpBbfXHsZIaK+SIYAx/ezo0qrcPxb6xiyiEYEEBEC
+AAYFAlhoDusACgkQGPUDgCTCeAJ+RACg+FC+FF1fN6tMpJmwJ41+moGazbkAoNe2
+fHaFwQOXy9xb8SE+MD9iTSGiiJwEEAECAAYFAlhoDvIACgkQfEtnbaAOFWPtAwQA
+sThm+i1k07SjzuwgVFLOxEupI222bMxOLo5Gq4lyd7LRGrSSdANM6Sia1gHfzfxy
+ZFG39Gux08m3J6D30OrOXojTYJAHbfADqTxVclrv9XqsQD5CnjwpLC1cB+tkzTS8
+/BhZnZ0+DH963LRdsiipdOVAPkhHMKj+xFjNb1tYEKmInAQQAQIABgUCWGgPBAAK
+CRDW4KH+T74q3fk7A/0fjkO+xcRDUZVt1mOQm53HBJEQ7hNAYbs2Ma2+j49MRPb3
+pVvcfSfAD36JRq6dAx4XvK/nXFxF2l96UQTaBBOvmK3KCGOqHFyB6YD+zoNioK2/
+MoezyU2cWhTSpLRQFmnaw+m948mx7lAIAx9X17OKxmF+bZ/jHnq2Ih0TwFdFSohF
+BBARAgAGBQJYaA8KAAoJECH5xbz3apv1E6AAoLP9r1b7OPxluSz/VowXbiHP8diO
+AJMHsRpr/Tx+SrE8Mo3czvVD5GIHiQEcBBABAgAGBQJYaA8PAAoJEL0nbS5vz6iF
+9CAH/j6casIOBJTVSOezY+Yuf/ZFsVFqRVgxlzDflrUpfG5GDoFlohXmbrUNJKl2
+0z6vnV8rnsx9t6P7OOuD9QqvP6mu5Lb0GDJNb91qVgdNFAdoMWk8GRVbZBwzIRKQ
+C+ptri1BjOCmUZz+/ZYAtrnDT+CYFj5XYkAWKUqfxUcJE6jXT8LcXEKn1ozL6bR1
+eYsUzxG+AYdC95CRL4LtpsqdaZWzOTig6ZfqYUELcy6bnb+Zjya4xmxVGm85TsL4
+S9FAzjhyOmxblkDEEqHn3KqUYmNPsCtJHvfbptXoZvemrE/fJBBaTHU9C8BoI6Fw
+mkm17l3w6qnpe5qUcb9sOaRUu2KInAQQAQIABgUCWGgPFQAKCRC92o/WP+p9/XSo
+A/9Fgw6ckFK7W60ObceuA27So9/va5egW9h0Ll2zQSiWJxY1I0RVZxkfLa0OpyIP
+M9ynQGLnLKIPsxiTrTtj/t9vIQOerQ5tpZsO13HSRyvu4PWQ3/BNnMCCq5hIE33v
+jpcUz0/iG58D3oiNKzwl5UdROIaZhjF6JljqLkZq3E5iYYkBHAQQAQIABgUCWGhS
+4QAKCRAQkK8gpapb5nb+CAChSJWFiL88T8AZ/hPp0v0KO1MDtkki1P9GaT/SwS2v
+AYHiwsUFdgvBeiNKpUVjEgbLR0pqGS3neCwJL+4g+rnOT3NMmExjr+dGIFkH50ws
+snkJRZifGFzvDf9++38vp998YsQuWp75UiM/2pzJc8ucUa/qgXpntNhdyAR0GQZa
+HhBhtrMI1AgQEMQ/c5UYYDyXgrrJiuo+VoF+PVRhwWtWVy1ughDvHI053NM2wG+s
+Dc6apU1Ibl2VQCd6moYqBv0PNhJQiXUo5OUFJmNmbt+c0eFFpN+BWPDLj7sT+JH/
+G6N0SZGlBt819UiZUiGti4EtXpSu+SixxGg1JcrbxDcPiJwEEAECAAYFAlhtOJ4A
+CgkQXx7Ib4gMnlXF5gQAoG11bTOfJnnZSuKG5TnZWgJOHTIt85T8DGALITZ11S3w
+/jA7U1sgNlYybJIlttVdzUMxsqEz7oTLIEV1peSSQ/vqVoI6Kql7CVyRt776Vwcj
+IXFvFP5Daxmz6WElzElysddhN4/50whJ2Y+arQsXV3XNswqMTmh0JHK80DF5GoSJ
+AjMEEAEKAB0WIQQSwLbiW6mtLPG7S0LwCvbqwkXSCwUCWHCyggAKCRDwCvbqwkXS
+C/vjEACDCx1RQXgw0VV464doou7d8dagHlEhvMQC6EKDqzPjwt6Y1ok8vN3sMlmt
+xI5xdMUr+zk7iZ28TGw6mjvicljdTzXqrL1yrnJbsjvx/1odukoqjv+KnudMDbDB
+nmgcvlHlLc4CeF7rfEMV6pSUuFuNtHMv1fK03pUmA+e+ogtSbdIDlrHmnQllKtdt
+QnXxQBltV7bUG6MMc5+MDQaH+AD+dvHifg7j2Uq08edckEBlJpTiOffb8qzfeWVV
+HPxPpgZsQkAI4kOhHVxpTziSZkYoKsAMGXQvGuiNnXpZT5AGhsZNq5jmFFqOKCD3
+Gzmz2rjnEe2RtF8NxGnyqwXuO0EyCa0pyWhfozuvlCXE81QAilN022dCRk8yoyct
+9eEcpypfkVESKdmwL+nWGzeMbUKjJVYCOmdYeK6lU7pv4g4WTLIlNUK5Z0CsyR9z
+vWOKLTBaif4NOpXbLQBew3J/5Uye54xTpo+xc4E1Ys2Z5tGcXonkwN/JM4Ah5o/Q
+es1pBsqdZBsr6P59Dc8zljIHdBy4kT4M5F7cA34YmWZmXAPrHFitMeHSXIdI7jFu
+zVNBptJwJhaloB8D7oVu6ZbKaSCxI0rBFkImk/vbgwvsa0laAmfvIpnCs9441SLv
+fcdnpeRmOZwUMDO12Kgl9ysEWb0m0+j6wrEtfdR6rC1t15/dB7kCDQRYaAwsARAA
+nLdbByiQ46eVtCXp47UCiMOHnltX3Np0KxBTEZccVR8an/G7ZJHA47jBbQb+ZKMJ
+KW9FYYIChrcMO2oclnSZpIB0EUkGC9P+cgr2Oh75Pl8gkRwcS2WQkJ+ytEJ2HYhS
+TJI+HaZV3JJ95L5NROsR/b7A97iT3QhPyXbzwlNhMK23SfeVWzbRrTol+mdWgZGJ
+q2qXOYZURi8jyiTXDiBZcmiLna7x9boKrJ6kZVP+MNI1CMWAmXrINas4HpTLxxSu
+btJgbYVom6bimv19U0X+NgkDLKv5oUIXYapjXn5xXW3LS/VxAdvHlSsj0IyfTFg3
+2rP8eAt0/YLaqRK5ekX+WNvpU3hnePKJgNLyXC21oL389tpgWHp9RBR/H+3cVOpx
+9CKqJAQpdWSs57wVcYLVpklxONsWEcVc1OV7VIFdXdNfEyetIYP+241VeEokOOFp
+U5CHD1eCYQQpzBpLLHeKAAexxVkwVzUyLcsZWZJcPvOnOGPin5wROcO/bh+HQMjN
+q5LuKHZdCitrwu/A4dtC3aZ6FjfTYb9n8vdVFHZt7FZfUqW2p2zjrcKLEyz1mF87
+0PRhfP0/jxB2ca0victgkCJzyKdHopnbDnAetbtgTNyzMT/RbH4lx4sxGUVILQce
+8oX1RjnyMJx6/5Cv/0mKtDnGDx7aN8cuSf1CHddRYiMAEQEAAYkCHwQYAQIACQUC
+WGgMLAIbDAAKCRBLyb2ma/cmrYEzEACkwcL57TyHTTpS4c+tYurga+8rNYX6UUl7
+TvyhhXPrzQT9Z335zymHMFuWRwdBHYuOPcxTDgwtP/wR17csc2Azn8zU4GuX1WLz
+Hy9sbD8HwBe5fAyEND4YxJAlMQjU/BYqRxYJ49erW51ezg4WzBDOGVySm+kYXh9V
+eYNFI/S58GxleiaEkdv5g8LofLopX/tzb22nKT00vtA9ectsKMgGyuui1/SvcWJe
+mqgdr7X1IAM5+SSU4faQtJM9QKJOCHYKgc260pb1qcQx91Y2KKpcF2cB9bcoOvbA
+QVfE5uo4srgtKJf8iOFZ4tE9FyCiCq8Qt+YxQywJzNiwdjcM+FCqhRife5xXDNtL
+ybq4HbrXN4L+aLSSFTorWrPEeAnx+6EMwQpsbdMsHlje7SySktj5CND2+T2qosUG
+HvMsbSP0t7SGo0qjf2ofwle3279cCF3qVueFcnznRJ2WfffUaGhlTw3X4i3vGu+H
+HDWMfe3KNr9cKBJamyzJr1WipBETmzyMrKl4Z6RU/eCmQEbJaEvc6FhnubXLEMrC
+FtJxkIHVIx/VvvBqS3HEm8QCRvr+o10/Ue7NljolDV13B7fljxgvLFyJ8T91jWsz
+6MGjay1ZpIYzCFSZkwVaJsS60P2PmdkUweXkeyYQCeYcgBFVEUmqDTk6cni/i4W0
+9M1ae1yHng==
+=Lt+h
+-----END PGP PUBLIC KEY BLOCK-----
+
+
+pub 2048R/29FB03DE 2016-01-04
+fingerprint: 0F5C 96AE C8E6 9E9C 8E54 2E5C 6D4C D194 29FB 03DE
+uid Sendmail Signing Key/2016 <sendmail@Sendmail.ORG>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFaJ0W0BCADkmhq72NAOGm9U3TO2frUeYaHXm9+hROoboLnIfYp7W7CHGdRA
+g8tTDBVYFD8JFAeCIzI+Ahvergbo6QG4xsOOtffXPClJbGgJuzed+ve45sCY1EFy
+h2DIBrxvAIaqgOk5YZSYyLrX4eG7iDOxSNai5j0g+ykb5ZwZCrE1eYWmJlFqJV7X
+17+I41fk90ZR3uch7jA7GqOgbBWHk21odSWCAzxf1Eaby8bv875YJU3WxIpfWP0v
+XHLP6Cd+uXX9+khvAIYfpDeOuihAxxLXZ9ukOaOpKWwxua8jsJftfxTox+qdMONi
+BJ0J7KQn3E+dC+napjez/BTK130Xe07qnZ8zABEBAAG0MVNlbmRtYWlsIFNpZ25p
+bmcgS2V5LzIwMTYgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATgEEwECACIFAlaJ
+0W0CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEG1M0ZQp+wPeU6kH/0/W
+Hjo58Ag8A8TRVonAKKv1dPoffc4DYsDIqeGSLrnMWjrToUE6U96Q8krsexfvHBGb
+1Pn5YPGb3ijIYcGgkPAFnGs2GYcO3IF2SSNE0hQKT8YHNDRVmVJkw8pbfqLLWvSQ
+Sgxf8ZYTuinJKlAVjHlc89EPe0jE956oa7MaN5zE37EXYgsLZqRqkZpNZKkONA6w
+BKFmXe1KpcBMqSltPV/z4G9CCJzvg/64BaxXzyzVr9YRFREYPhTGgmrLA5Sb6Z8h
+xQ81YvarJbqJwfwMO6q2IF+boAgOIUiNOmNuvDoIMUoihNxK7aXFHcMdB2/pMR7i
+lL9gV+MeZ8ASDuaaYH6JARwEEAECAAYFAlaJ0skACgkQqvW13gW9zFMWWAf/brPa
+8Nx4lHZ7mGm4B1oF5jwJPEP/2jtV1OJwlki2AMDIxY/1UZMgiPUxzDzAylgxLWPf
+bHmojcRypi18hH3iybAQA/DUQlK467ot0BsF2e1QYyQMOe+bIBfDVYD6wGUpfNO8
+JBRpibr3lnUGO1LDB1xK8dvBJ8jLSYfh3BJAKY66AgYAS3vKlBMnL4Tfok5X0fvF
+U0/nGnZu3A4h2bO7teqjH8IJJAzpFTCNqeGHwONPaioQl4W1T6UevaW+fKrBg68H
+pr9MSUbGZVLLIHvrD7CQWyIcoPkz1VIZxFX1fBTgt5vyJ4tun3X5NQ4yT3NW3273
+CtzeUDzXneU6GvKdJokBHAQQAQIABgUCVonXkgAKCRBh3hHs4nY6c6b4B/93lHVD
+AO0C9jnarZ3EuqDCFNgsLukOWUTBcGuwqhSLJP9KG+lP6zkevPIRoOMUC18/brli
+H+rJo5DtWBJ9OOUT6Xdv/0gllzO9gFkfQSEUE2NW4K/68krAUJBNYif++EfqsZH0
+gXZrNvG5cyfXgataNWTLgTg5jMto1O1ixjPHt7ATznYorE1/ChAvP5nkq+VXjdbF
+hpL1ZXT7lJqgRY21a97njI7SiBMmeQMoJl/QQjQJz1445N0YHa99Zdw+tQZU7S29
+8wIEuCcQJqW0liNN4a/JCnxJYL68z9zmHGYpFlQYmcaeYc8RnkqwYMcUvYIQHeTr
+oCtWIGljdXWfGpxdiQEcBBABAgAGBQJWideoAAoJED1osl1SB8rTVn8IAJcgDth6
+JMtz2mX3eT912GGM6mrUj3of5db3PM6jh3hl9cp3KS1TAhiCEx1c76x1Bviyfer+
+OonsjhLzc/E2/TJu628N5964kJAuPCodlzSZgoj9oZ/WThlInZQvtQwO8cXQ3UCB
+Pyz/FQQ3qMOW3Bh/9YJHyBAbOqp9AcIw4V41o7egbyMEDtZpJZTrTSptV/QIYj4J
+B/RJIUtdVruoDX2ELFWzeiI69rQoggqy3c9FuQKb52rRP3/bKWpr2DtrqiOuAOML
+dJd6al0qGi1oqZXWcHA5snklo3BNTehtC+d9sFJJNpHjgLtJ2lUVCLD57wPhCmvy
++9vKtnkt6D/X25WJARwEEAECAAYFAlaJ16wACgkQjlrp+87u9DslEgf/WWZawl68
+/8cf+1auJnuutLgTep87UQ9UgT5Q1f9APfxO/M3LS1olkWujS4/IV1tJdn0tMrLU
+CRIso0IkxWHxFg1ZEiw3zIZVWZT2kP9y0paqfKEer6Tbw7kooKAgPD1z69wiINQf
+9DDo84CXWQ8zTCZbzNxIu8ggj+NnXzOS7Wcngevo0TEnFdY2IHbfDrFWKNisx/Uq
+j7yb7jb57wJfRCf+r4hWDWcWtuCOSBpdcqNGDEEoUwHCLIf29d4XWPV4+xqq56IJ
+CcdJOCFB74FvDvNWrw92xr3Wegq4qpRK0XX9PEXiHPFjSOUt7zaK1xaXU3wNN22n
+peAPeIxROS+LOIkBHAQQAQIABgUCVonXrwAKCRA5pMd9qXiEsNo4B/wO/jChEmQL
+66pIQ+k3egWmpOOa1ERPrCOofkmHcKGvbbUXSj+4Re1XpKylouV62i4yK5lRDeio
+rl5dd68bnyNaxmpvDMw6HuTlHOLO1EDBIHXF7JZIkG8plUo+uHU7tOF2oYfdR9I0
+M4DiuSjCgJEDtkCWz2cqE7U8KnsQuR7FkS+7eJBVjuX0CAeoHcahDW6JIZGsnZ+4
+LWxk+RG/bVgzG+Zabtx8+4xatSVVa+QvyP1CzXSNEErO6spI4BtvfSA9xx63Lwms
+YqQ3wJQPyuEsx8odtLCOW1bPNUQi5dAJESfjvgY5noiLe58tKeIgKOuMcA9AwuHA
+58gkvg45wzmTiQEcBBABAgAGBQJWidezAAoJEGBN+/KFQQq+neMIAKCOcg7l88qh
+X5QXCZZyVzDNnQjycYgx7ZZoKiEJREQEzQEMdrWk6jp2R4trzrvFSH7sLjsEfh/W
+d0frPNsO5QXOZzxVDzH6BYSJJbeLA82ig9Fq6/LIswJLoxPv/O3ircoLfkw5NW5a
+rOYOXih2ghPFIJPqivMOOV/q9DbX+LDBWZ/czrdXy/NZ+d31hDw06b402VPCPuQG
+Fg3rc2ZcGJfYdt9tTweXmwFCoiwQ0dBVQg/1r1K0CwjG/8gn/PFq98/dBe1Bbsa0
+ggJ+/H3I2iAC3ftjR3eMzsbKCJpzLcwWn598dnEbg5fG0G6OPD5lNUAAMhMqlbyC
+bmvnfisQpSGInAQQAQIABgUCVonXtwAKCRASiW6bp38kKSOPA/9aaiuJC+gncFV9
+9j/30zfDwlsqHHts1XQvjpVMuVZ/1A1aUUuimvTRI4L1L2zqNsVYv10OORnCdT5k
+kOJt2IqV7EtPQahJUtO8KmfTD/Z26wDyNSTeu5YAFR23KbaDvvb+nSsCUUj6OrDT
++Q5oM8zRg2W16l63rZ1+41g+QHt5lYicBBABAgAGBQJWide+AAoJENiq8Mr2swcp
++e0D/2kyXod/pTfUpnC4mzFGUDkaAf8m0aHsuIxpWD2OeB2WHweHAd1qXcuai7e2
+KvOLqf98UUs1AXcSon1NllveDw9Z2+E+lp87DOeeTTocBH1Y52f3z+2mdF9KA151
+nvV6RI71BAMEK03u/AZmHIk/i4XLPxRh651Gs3QCT8eJLvFziJwEEAECAAYFAlaJ
+18gACgkQl0MBGHCTuEFpZwQA6Mltr4rYb8OlwyRyf2ROknA6hVD7B0JurMPI/5DE
+V1l8fXeRFRC6WRIMk3DAAFs8uv6VejaqSiznteLZgYzZmpPN8L68y+KFVZJBq1uN
+YRNGW6J6WQJsNsHFMqC54HfdlEOJM+T6cflVKcMZsN5yxlWUe4+awdgKnhlNH6OO
+ebyInAQQAQIABgUCVonXzQAKCRAee7PIr5WWJaw+A/9FEF5x1oB3dG64VH63hFEJ
+no7sD84D3bTf3GBTuAkxOi/uGlKx4Xd3QuJSPXphJvA+I6FMRl5VfpNO6fc5OBIc
+KXXBOuBoMBuWDS+aTR8nPd+llNWjBVICZT9qcNMDeCkueRZBobq8rs7RIsMEbLoR
+GXyUn4V/ICYr1IdKLn79IYicBBABAgAGBQJWidfRAAoJEHCgJE0e+ZJRKE8D+wWN
+dXh+/u1W3LEMVmlaQ+9Aq4/Nu7i2rH+e6nG8KYQrOSmI3hA1c4Ho3Q6gf9V3WKQw
+DdUfY49ZOdN5CtDwskAiQhv439NUQqxxdz3EeOlC/SPIWhcw6NMRkg6hUUObt+jV
+JyZ2GKKbSGjvUkfMwtzAUssA/9nLWCinemEKLsDpiJwEEAECAAYFAlaJ19YACgkQ
+yNXtKZX2F3FsLgP+JLQbaSDwCMcnUGVcijbi2qAvKar0txWxqwI0ZIbZdIq4IO7t
+f4Kmek0hoBQBQg5esMiU6ea5gUhAvuCgNb+lrF03EXpILuO9AIs4rU2qvE3wW4a8
+RXVylnO+tGvacsn6gOJi+CWZm/m3wEMFcgBmbG/VTBP5N7iNu0aY6YMW5d6InAQQ
+AQIABgUCVonX2wAKCRAhg+GxOW8HiWhrA/41ZxURZ3Piq5N+7S0npeAdyC+nemw0
+J9VK7fErx9gAo6gbgSzCU8D2isBbr2Gxqe/YE+W3WTkM60YeghWS21bahjryvgf8
+kXlAV+obJvOUpDS7JX381AzCTzEorz1PQIhy1/ItJ8ijZ4giRKl1ToqeuxDlmw6E
+7l78ujX3qXHfToicBBABAgAGBQJWidfeAAoJEIlpYrhnjAoDEvsD/3U81GrzKOtL
+KeCQn9iQZ2c1WolscovaQZULFuigvUa0TK2053fgEhPpQSUrzuj3IQuN232Amwhg
+Y6aJMIA4wwwRMCPYePNZRd2t9p+qq5OHR28p+MZFp8QIWq8tHtLozjL2uyCupcV8
+c9fl1tukdtuBsLSgE4JdnKuBGFb4NQtAiJwEEAECAAYFAlaJ1+IACgkQOCLbR8w3
+Ty0kAgQAq2isDrkRE83FPVbAfxIJ4w9ZcBGmXoZ+Vwlv4bgy7GN1a8zOpJtGcd+c
+I7U0ys91WI3ArvLpHx+dXid13bKTJQA81WvZR62Tt9Tqm/zIxxl/5zFlAAjeW7DJ
+o3h+cPEzKzbgVan6cpb9IOXD46vZKsBH/P6CnFZxTEJOu+zZZRyInAQQAQIABgUC
+VonX6QAKCRCcHL3i41xWNZasA/4jKcnBLRs3d3EPcsvnrjspYHHltrgl/L1WJGTt
+sEYNSgYbLKlyKSP8V5fw84aKWcWMo/ybFphoWlhxNzgD9WQbSmdIuG8yr9H584nB
+xmLF27rVy5Y9RRRfT8SkrpLzaHwNMB/GLj32bBFeVybkBeLOPvLnZRinJ1xTRg9Y
+p7XC9YicBBABAgAGBQJWidftAAoJEG9Sk9ijm6ZV6fQD/imLBVwFAL3Ia8N5X9BP
+Bpj+lmWy+6nn4zgfFuckqlc1GdUtXrYdyMHyVBRk2EqF6nDMH0YX0N4kSiMTqu5P
+gQbdkHbWh4XGcdULBnbkBCaoKrW6vYFbaDWO/P3GhlNcv7BMzbpOY2FyZsQ1cReE
+QuFeKKTbYv1VPFjVXdvdrui9iJwEEAECAAYFAlaJ1/EACgkQ71iWZNQy4Z3SSAP/
+UajwhakNQR9+sd1nkk6tTy3yVI7tcp3Do/+r8+t5B8k3+z4JL5nO3hRQiSQ6MD7x
+LqyJ6TZorBFX0zKoH/ztFLVB2iNYzAn5vhRPBTYrwJjFUC01vPbMPj4ti7/Ag60k
+ZhTWpjviluuLoft8mYimE4aOwG+KzKtA2ClqZLr9k+6InAQQAQIABgUCVonX9QAK
+CRDBnB0lEtNGHe0+BACLJTAjo8rQOJShKAO++vOtIUwkCxgbtWlQS+jT2BL5c6bM
+OrT9jmMlN0w7KPks+tBvdKo65F4Ug2n0nTHGy3uPWHf5mRjFzqdYUbMDUPHvOVnX
+ufZVSAMZsJB6wVWUfyabq+Wt3Mj2QgW8FzphabhxLTNgBMh8lNLIqapfyjQzWIhG
+BBARAgAGBQJWidgIAAoJEBj1A4AkwngCG2IAoLOPIwc/55fNRdzEoUgpzMERrGuG
+AJ0VSfxXMBYkP+ymIR5Jw2pSdMLH2YicBBABAgAGBQJWidgdAAoJEHxLZ22gDhVj
+zTUD/iiVFIREJNK14WbEGlPdifD+tERp0y82sI9YSGmfUD5ClMWN1e42+5E1kP2d
+9s315xMwK/QTf9JkkYiz02m4NjqLIskN8/eXhvA0ZK3MGlr5F0BjiJe6kJWv6Pcv
+9ZYKXqR9uRr7J2Ep3/9X2tpYch04X5blN+fQkRakFmpHvArxiJwEEAECAAYFAlaJ
+2CMACgkQ1uCh/k++Kt2AtQP/YuRNeeJQhMgWiFWqKsxjrNk3vBnOdLNzUsMPJhIa
+BTestCw57mYZrbuJ6Yp2MTbTKx6OMOf/EV646bwdE6E5FjbzE5Idyltc7OeWJTl4
+mCTiyDK/8IAfKwDX06U7GMwCctGZiAB6pCIy0P/nGRD1xG74/0BsfG2bJdOxbBCk
+bomIRgQQEQIABgUCVonYKAAKCRAh+cW892qb9fNPAKC9Qk4QoSREh+xNu6n3yDLL
+GDA/9gCg5AD6MR4MAMwfCWlSxnk/ElROWXKJARwEEAECAAYFAlaJ2DsACgkQvSdt
+Lm/PqIVFzwf+MFD70H5eMnFgELQKRExUJMwDYm8O17eMsPIAFAhM7UPIbvIy9yVh
+E26a2BVYpQplwI6MkyNMkqwW9gd5JeWfV225bcrLwbhEJwz4P+GoMrigiWhMueqx
+vpxQlNVJHdytGHp/4Twe5ckziVaHVpnbbMzBBL7sW8Ia3VdGF0PKxhPbh+N0H/mo
+Jwrcf+SHXOalzEjVEpv/Q8C32qGntPKo/1tRom+GVa6p0iQc2sZfD2Xproi4Fb1Y
+xLylv3m//FyiV8x8R5by1EVbgNtENPPsHRn1vN9xQFPqyAztwvpCGe9hicR13hfN
+ioSRVIozr+NVE0NisZFTVD3OLioyYOhknYicBBABAgAGBQJWidhNAAoJEMApykAW
+9MzpH+MD/iPC1C2kO/zM6oIo6YArUJON9kq8yRRh4JpT0yNldCD3VKFN68SA7VTK
+3Ba7e/2I2m5DvJXRPxDELhj3hkN/ebrKFp4LEzGwVAl4/vLJKimdmSH0RUtjmvZt
+QwDvv5ww9oHzorrllT+NTA2DK1neCS+nXg55vCwUKk7sp4o6MNNoiJwEEAECAAYF
+AlaJ2QEACgkQvdqP1j/qff3bkAQAhKrpj9/l2adizocP4B4IAhnK87UjbZDBn3Zs
+KqVIJzatPbkyHusaNx7V5x5/5QzjRYG1trpbgZovKPePATJs0osr4CKWe8PQHoVQ
+Jyn3r1aoUdLyekSbSh/QLEMUn8/l6PbW7xML+gYmFmomRmFH1psEp2eaebKSJ/Ln
++ZVRY66JARwEEAECAAYFAlaNA4UACgkQEJCvIKWqW+bDWAf+JXXs8Zww0VJpQoq3
+ALO7e81JkJp1QPZ9D2pw0nRApV9hF0eArzH4rpWNImdkEiU1+S/LFbFaSW+SNZSo
+sVWU3JTM7AO50AbkxHWO+FdpCydEOVl7CKkZO6oGWnbajImtOO5GbipHRM2j6kcF
+1bX6uLvkke08d3Z3hO3mHsNRFHzOBn6x/DWW03yiY/33qVfPGfddoOtQ3RqovY8C
+Grq/KBej9ffpBlePp11K18RNxBi+e+p2PelE4NsuGT/pybtnKf2r7cixzgga6kPX
+KmKZ1b1qtdoWGTp9MXYv/l1xBuPqg/IoXSUJyagDEhLNWelU1mQaeucOIMD3789d
+vmqi44kCIgQSAQoADAUCVo0UxQWDB4YfgAAKCRBmGzrW2Cq70AwLD/47HS4uD9/g
+OItwMYIPhkhJlrtef/fHCrP29MztyBObmTRslDhF1e3A6BkEBd57w7ArB+bWE5Le
+fIxkxOOwf1rT535xajRitgRptL4CmjTvuryQqD7Qm6lSRzes61xBRVZVRlKI4nF6
+pIb7CLddZDAb1u47aOiPyDEVZ5L1RVs9qwpkc5u/TWrpXzgEUvvjMDtLGTwLb3Dc
+4X6+bqw89sEydWpim0YaYaQuPWfB1LsZ4+A1TzM6nGo/9+UJAenILuNF7H1BGhyk
+nt7Qk/BRjqR9+Qn2z/xqik7OxIlEMy9bJ93DKa/AaMIWmI0qK2FrtEknPSbA1G4O
+1vnzD+OdqLr7vjedeP6ySqip9EldpToFePG+MkHT1kY7Ziy86Bpa4lM9In1Z0sBx
+BS2w4suT4jUsKnPWPz9OrJGoG9tMvf0rZxeI4KQ6S54gdBQqzwKspHoTVY6GF9gp
+E5N+qWpi5G4Ej/R0WI3yT1qsSbWQ5tDAsNDEsS4U+dhDi4su2VMONLcEtKkZ5d2k
+u5swZp0mvXuU0iPbJvqM9vTrQpSPZ9W5TDLini+OcyS1Lb5I4XKIZwEh78i5RgMJ
+LZ0G8zJnbKtPsbSadTle0pXpEmi6Kcc5sJW09/Fo8iqMs6GiA9e0LOAFolOvU3VZ
+Y/Mgd4K9mta8WZls47vfc7EVNok6ype0a4icBBABAgAGBQJWjReqAAoJEF8eyG+I
+DJ5VFoQD+gMNSC7BW7IL8MgldIIeHDyxZSIFTSaTmcfuIbqhQKaYs6MHnOD5qXNm
+I63vgg6hsXMWP1PsnFD1mJS5IUkWsw+M7x5RTOEbtMZx7p5ToORLfpnlk9RrSvUX
+pxDFReYIsv5gKVtTGTFrPwIiZ66mtxlT3OYlT1c5i6/02WMUBKV/iQEiBBIBCgAM
+BQJWjS1MBYMHhh+AAAoJENv35Jw7dvIsmy8H/j4slUmA2pYNu4jxd4vlcHsjkFA6
+KR1jeLs6FVbcsQUGZrP9wK6khpEq95aTK3t+cSk5XTsBJ3flviEauICT6g1aoflg
+TEwsSY1FZL2ILnmMBVP/1MMGsvzAMd5AVVCkJet3LtixggYxUaeYj/9kBvy3zqzT
+2szgKkM4q3k43PzErB5YejwCB0F4K/nj8bxCbyq3rzNdo8P2LgckGoi377i4z9S0
+b2dSLx3ztTl/Qb3/JUc7hSQkgDv5q1aMHa5PdO1EDqG5SCcHdYARYADpWuLPa08u
+WC8lmUV2PECIGjWB4rRC/h3vaPs2zrKQEYOpI9pm+BYdLnEyj7t2gwI7IWiJAhwE
+EAEKAAYFAlaMr98ACgkQ8Ar26sJF0gt/cw//XGfqrJsRsSupi8ARl8uJ/fRDBHWH
+aXc+HAJXwEN6OdeOH3ihZxRkkS6JDEVHhxUX8R86GDTxv9u49CalMVPYZUbDc3qi
++PxC+noFiEuooqxDXnokDDryDluQUdBmRUMzgll5H0AbqtJGJNefDJvN1+Cx1K2N
+jOPAtk3HN7DLRTBtwg4cy0Nok4c78uw7D9pBTOQKvwECrkmLJ3lmm0JBFPk8MQ+n
+z2JkAYhd9mEZ2pEU7YA/9IBnMEkN5BSafA7UZxX0o/UUCg5nuGWkiVM/9KjwhnwY
+jIGtncfHMCOxmG8RNXI3+rC95Y+RnQ63wD5AnubXs3el+f6fUoard9GvHhftKBwx
+SzHWB514BGzuuJwglM03MRZWj0ZEguSLUr9uukehcu3rB/4xrG4Gx4wCo/zYFDjF
+q/WQ9SJO6wXjQALLD2QJQWP7zX+88Bagi4HsX6zL71FcZWSjUnePGq2v+FZ1w5yO
+H2OPYt2TXvWsUCuXnBwhIGSJk/gA+vAivFDU6Q8ANTWWk8j2sn4GuutIFef5YMGg
+rjF4rxog1S/1MhWQwKFGU4mutKek6bvp4xzUtBmw4mrZ4e+a2UjcM+i/X16T5HY3
+y9yK1T241gTrEr8ItgbAXtUq1bF15hwZAiFXtXkTE/6YgglvZZgZ2NxRODc85lz2
+HMWFYuBHoFEYA1+JAhwEEAEKAAYFAlaMsBYACgkQmCG1FbHtKaTn2Q//QIstvcA/
+S9dpTOZpMX4Qfg94sKERW60oNKha+ibCujFRW2fXi/I5fJ/C+pi9xApj+a5Fch0A
+OlZ9fkr0tm6ja9YoMCpYyQwwzMyADzDUPNO9LAie1r+tiMuZG748Y1WrJajufTZS
+WSXQ2LWNt+A2SgcZk6pCsqsxJB7iwamhzb3BNhcAFRtJxss9lsyqUJu6eAewZN30
+EFEHYAgqFGE3kF7YoCNpUjAwiMpmsYpToRmue6cH6s6xRtTIkeQWdi5ZUYPkzW0y
+O6Hg8A5ZCfoZAsmDQ+hnyoHtwbh2kXo6Zr8WFVCnZKjjtFVkdSp1wIVrQJra3fAi
+lZbO/KiC3p4hwCisrg8ACbejaWSkzLZl2JqQuk/xYYCKcHVNY+TZfOQbwIRCrdtv
+ClLu9K+4Xma9a83QRXhkzCsHQt1FW7GP0mLnRsIZf2WUqoEW3wtD2jfirKTUKz8G
+qaKSXztljqgAvcSkw7a+sFwwyFgCwGfsoeqSqsHtBRvRmbX9E+XF7U0+K3XR5Vse
+i30vtS4/NeEGuo+zIwMcHg3eFcXM+Ryk3iqr6LaQRwm7ymY96SkVvSx0rsdXlq/t
+Xh313qvY2XOHkQ+1mu4A59G4BnHyRhBf0q1aYnx8tVSETlF7F9cVFmQX8PiuGTQh
+bhK8/AZD+ea0R69RsnaaEaENxIeMaV9MznmIRgQSEQIABgUCVpD7bgAKCRDEsQeY
+hXlqIwpBAKDPscvvmpsiF83qhzLvBwDXthPnRwCfZj0b5dNkYU6j9saK5zGmHMUC
+q1CJAhwEEAEIAAYFAlaRcrAACgkQi+h5sChzHhxylBAAsfmP2c8PNbTJNYq7T0rQ
+bFYdLw2eORL/Xo+Tp4/bBGCtvw1F4+fenm2811FDGAND/gwdGJqgK77twqD0Dhi/
+gM1+o5Cd4O5oCsIP6gZQBWR9mJze2OaENuwy3U/zfCSZ9VWPKXiBQ3VaCG8bnoF8
+rHOf8G3tkWEYDhGUfkQXzzoSW87umb8wWmxpcq6VBignr5zAIv+A/A2TZjpJDooB
+a+7foZr+pj0FPIQdDtOJFJT3r1MjaNrU4edy6ngcAp+at8GAVPuJU8hS0DMntA8z
+sUo3SjRc6YCpPenGCW51aBXPzRJxX5i3a3r1RlZM5R0TyJy2aIF9gnJs0GFien3k
+0TsMElJYXohnhN7dX3MWIhsJJ5oQlCoYfgXJPeWZpUUYvI0HagU97vtl2RYV0n8w
+bIZIt+B8cpKYaoc+GQmYvvieREH2d0LlW9UBbBdSl6XhmLE6GMLklMp/+ciLs+PS
+H076mQN5iKDP5BjDLs68SN8FOrKgXegCzFG2SPeCb+NQll1GRqluDp64mwdauPRn
+SpJTKhaGm/P41QOb3ecdq+NsG5IkD7KcHCdWj+IR9xVJ8BaRijTuTGyzbrcrKFt4
+Uc1SX93UxE194a2yRS+cncprF7Kr0tx0C9hO70BR/9Q0Ftk7RW8EXSia2mQol2uQ
+jowLuqJw9fEtFiv2z1xiCiW5AQ0EVonRbQEIAK8VvUV7p6VMSKrUUngF9xxVjfZp
+d8aSgZKtunfZN32caGcy/JLOzL3zwoqOX7aUswfpURoaFrWChKD6sg6MwKaOLyIz
+1DuE+oF/JM0/d6GpoNS2HRl2ubiq6OOhaLOCSFyfh9IosyEk5trbJyFBHt84BMmu
+9Imlcuj+OLHTvR9QlqiBWWucplxtuevKKEhbhDkuHTiWgp/I8bi0QXj08dQ83XYY
+FKfiOEVqdteTt2u9oo+znLwTqEZmiYdS3AXLVY8XkxyQ2hIp+IEnKFUGxWj+IZun
+39rH6HJpwHvWveLJSiecz7lpwyAIuUaWYUX/Ds44caJwx2P6Zf1fdC48y50AEQEA
+AYkBHwQYAQIACQUCVonRbQIbDAAKCRBtTNGUKfsD3uWGB/9DjVbh5esM1127K2ab
+rwn+y6D+kwzNakJ/e10EF9Z85xb/0Lhsl0TPLLuc+WrIFL/p0ljaWKWW2CeqD5zr
+rK/CTeRFcvEr+1VH53622u+f8WtOnrfTPdp/5HhthmhZgt6Tsk6ZvHe2WbtIcgY5
+WFeQx9w3uflYHkD9nrcmYJ9IaHieu+RKLrfr9W5gnUMIEyHPvP5rcIzN+ch0Gcy2
+pHSi3VRAkS8tAD+XCIrtuhnn1rI9O727h3ZXTR+IX7cRspbaRjKfIrThKPxmlbEI
+98u9R3acGnQYo++KfwokzE21O6Rrr99hpG+SzTLBoXcmGG1AqK/02SN6wzBPPYDG
+j68I
+=MdUt
-----END PGP PUBLIC KEY BLOCK-----
pub 2048R/0xAAF5B5DE05BDCC53 2015-01-02
fingerprint: 30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53
uid Sendmail Signing Key/2015 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFSl4rQBCADRCzgFSJkzyoOHw9/9L/+G3mzA1fWR7TgCE0WxGX7PDzyLDaUS
a4XpCDtadjXyr7c5YPo1T7ybxUH39yvUgEHBiPQDssik+bbpOiHL7V0sUDAYfKSq
YC8/MG42Oj/zd+0WUhnI+RckFYPBNDQ+sZC6ErLDxCYDZMYhG4vhJOGqAKpglNTb
w4Fdx4LNmL3e4t3z4IEtnzAqeGVxIZm8MGGFhKkb8ufpgh8Jiz4Q6cOis0ZD9K6f
LvMPRJXSBy9jBtmS2oI2e9Q5LLhmzd1PVyA8jwAlK0QfJLmlRrgRUfHFKhkf+EuW
tTi592OYCZ9bw7QVSiGVQUK+7VACfM+FQR81ABEBAAG0MVNlbmRtYWlsIFNpZ25p
bmcgS2V5LzIwMTUgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATgEEwECACIFAlSl
4rQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKr1td4FvcxTTPMH/29J
kNmt6EGNo/eLQySB8HTenfJjZaQxwPRhq22kWgr/7WP1BR2411bopyNk4IZ0rcDr
tnyeJj4UWKJljVuXyTDQPtU8uUlgiOT8QiHEbge7MOzxrn0cy6KIOgKq+vtuxa28
McaxjENR7XVIDFkesQ7P/yLkcCjlE6jaD4r9OIKpqEVMPs1WUFff+rsgTo7mdcgR
QowQOgYqNil5awQ5Y2Gol71hZ6oRcpqMwSd6w4dEEx2U8rF8oqJuoxeUTgNCSv0n
iFtewLznocmxlrxe1mQAeLfRmUAG4LSL6p5wx1lRjJA3gtyWRjY0404jGxkATLG4
AtK2OkHj8MbrWLP7PKyJARwEEAECAAYFAlSl5AQACgkQYd4R7OJ2OnPHXAf/Y6Rk
rROF45+SgbsEIiDXQBcBOoO1GKe0nFTc1jfAKUHAQ94fqcDxNeFRA9fNIA2d7XNI
0Lw6W7X3RcEkF58xytIe/Y+EXDmOt/BUbpch9KIz6J9pqBhPdyHvG+ZeyA3A+TGT
ZGnnnAxNFtCjt2IID9lzZSLuWhH8+DNC2Vp15NngDTa1VIk17n5iIvi7r3V5cdIE
MblKLGm+ZaiTeccVLjwMKIUSgrLP87+yF/aaZH2kotuI7f3tD1ycN0sVZJxcFS+c
GFw7uvOarDBSm0Q/FgfhDUOJLy4w5SqVmgPEIAeogz94q0JXxSSr1XWQBD8X9XwF
f3+dPXmgMHXLGRWclYkBHAQQAQIABgUCVKXkPAAKCRA9aLJdUgfK08cnB/96BV+v
xyBx35TPg8eI/WIskdQAIpCQsm6FoO1ejbMzfWn9bImCewOp1UMlowdfQC52Hdp8
EXnuwCpJ3rtnZctRld5dNM/clbZ+r3lr78wX7hqPUajlvxe+TMpyZbJirLn1f5Ba
yoysE4oICfzJivPfixZd7oFVr9EkftbatYenl0rgf/0lJTKRDIqNGezeeyfxaKdX
qd545wqis7PrrXDOrEq815aosG09KQBhIoPgti2us1R95nSm9z6dVCY/nSDOxL+a
Vyq/XD5KSUqbZVocY+fbR3dNX5haTvawuG0GPvl+YvYb2lW4hhi7Q4aUL7Dd4c9c
vk5+WAvfJwHtbxrgiQEcBBABAgAGBQJUpeREAAoJEI5a6fvO7vQ7OWUH/2NNxhlI
JEtvD+Nj2oPGgVQJrlFI1pbzyMCtD+6iy8Lfnp2DK+qKPMjBw96LUqcXC32VFPQr
17iyZDv26MSb/acmdIfTPpPTwJ6zEmMI8mXradeuoiWxeVHSg7n+D3u0xtikmb9Y
uRKv0yx43fcL70bqV5DzyXQte0chfRnOiwMrImWdgDekkmxE9udbtgK24rifNVGa
TBB6eHJAsFVu5Y38hsZLe10bCKyUCqT6Qywfy3RCMpXYeo6fXOk0fKatG2oi3CZp
LI+AnjmAJ0t2oMkrwUxogkK3LkShJT/aJYIR24eZm0GdzwRHZxXKClGFvdJslIea
TKHSXNK41eEIfreJARwEEAECAAYFAlSl5EgACgkQOaTHfal4hLAXfwf+M0YmlHd4
1sfvckYhOYf99n1BGnfQx5RJn+X+EBjGyOfPKMBPQuZIlwAI20T+cFnR3WmgrmlO
IBG8qVcSDoValzNPcr0V3WGDrT75fYhf5iYj2ZsZDBUqE1VF3dAVUw40x2c1n+98
7lbq3NtolSPYk07h5rhEhmkjdNcixv/exVCTGVwaT4X9ZHY8heETmF5tsCtPavpr
i/DjcDQQQ0sQ8um1eX41j2bhrN4MERUC5oadvSULaA2QUoWgCrzVG8zx715Au77N
jLtfA31hJI0GP/dpSREaYlqA0nwVDR5tz1TyTNwPN1ylxjQmjKXtJwx3jUtlT9Zh
qxRf+ngYHpWArokBHAQQAQIABgUCVKXkTAAKCRBgTfvyhUEKvl11B/9aYJBEEQZp
JWAT6HPmQK//i2x4y1euQfaHsjqJALvvPrgiTp/ZE3o6dKHhs+SbawsB57RtootN
maQr7x2drvBojWhJJdaouAh345qOfZYb0bD9klkr6W+Mjl5T0xWIKFEyIZn0Tcbr
8ekHgSIx2trL8LduSJou2bdPMh46PORzEpuQQ4IAyV0uRyBdNFOPwTy2OdXs51fr
M7lp1hJp84+y2a6z3vz3VCs2A9LzlnXKZ6bXljpd5dQfrmrSNXltPKA3jVLkWi8+
rh9f1rAGsj1e6N1aVF2uJ1Y3u+U0XQ/dwa1vDF3y4KVObxYM9eNGbF4J8lGkUy2a
gZ1s1X8QzEDUiJwEEAECAAYFAlSl5FAACgkQEolum6d/JCmUSQP+KEz6xSvPSbFP
Hip4JiX1Wbvd+t3TyL0u9Fv/POwUrFIHVpTkCwOz6jsBH3TdGGiYOP5F8k/US2jU
3WB0J1mK5Rn3GwLhUGNTEeuaJZCuKE+j3qwMFmDqC/2IxEvlWtrIbTqkgf7cRv/O
O7VNv+EL0axtsrOcwZlUWe6Lc4571oaInAQQAQIABgUCVKXkUwAKCRDYqvDK9rMH
KX7xBACUFTBRCmboY/GRTHMZW1DGfcO2vMxwnYKqWomuzi/YonDCWtoTpeMDaAhY
NnIchC1mlYteIE94/+ZsoYsZeaR3fe7CN6h/deBu4tW/dQ+TW1ZPF6EuVhoviKgz
rd3rb+gcS0f0PgSPyg5LGtoMGMD9/gx1NJOTFec83jmBI95Gb4icBBABAgAGBQJU
peRXAAoJEJdDARhwk7hBAUED/0oyeD2Z4wMQ6IQEprOAWbR+vIRzaThemmCGobRw
UlM44nUXqKSM1+naLEVz/JzBuKWG00zTz6Su3NesWoFzDDUGYcIJggbOm39Pc+V8
eXV86An64/v3P6gypJc+q9P+FFGGO884wFmYN634Mi4SDBVFUzffcghueAFcxtzt
0mH5iJwEEAECAAYFAlSl5FoACgkQHnuzyK+VliVGdwP/fmdK9MdWIzPD/6eYm6JZ
zbksaGWiqpwgp9IEr/OhSmGkXuwUsP35PFJ8FsJbEV5x/y6pP3UNp6EFRN/116ue
jp5vVM7nnj2K3V8f85J4dXCRbv+kek+Ufo1Qzm5kgvRuBxX1sXpxFX6yBM0Y6WuV
gszdbTVNlS04q6bnPFE9L4uInAQQAQIABgUCVKXkXgAKCRBwoCRNHvmSUZ/7A/9W
yQJrrdrs2SuYtoxov/pL/TVMejbnxsF8Y0dRtM/KiquP57PMQSmLqy4fTRzAMHBv
XK1aKfewTVfGKLcHIzfMfv2XcPpWfwcyMeZKtcSr25lWl9GJZP221rCok76XYwqk
BPPp0pjSwdy0Qq4sd3N3ESZmqAMWJ7ouMmlQ7VWReYicBBABAgAGBQJUpeRhAAoJ
EMjV7SmV9hdxLv0EALX3yjI2KDNG1mo5ctCSYlIlhXHQ6csHuUK9lzj9R1gVEzDU
0dEZH0+a5UXh5xf8nyTDLytUe8PxTtPit3AOP6TvTJlANULh/3MKS6317RwUe2e0
OitWbhQAOYfpYAkSdXZACzPacxrefkxmSM3Pq+SYoumZTI2N6AvVu8MeCS0GiJwE
EAECAAYFAlSl5GQACgkQIYPhsTlvB4mWJgP/XAlvlBityADJkdN+3mp/OtdYzw04
+dBdNtmLqWUiMZg6rPPHUQi7dfBKi95FFe2U8hxSRk8oLzSzmh/M/CP72mxKh4pi
PbmEkmKHYlNdyfCCNqXdjkBXFAKXAes/4DaBlZwvLjPtrupEaW2eYdU8cSrdeGuv
1PMLRPxRr3nPCb+InAQQAQIABgUCVKXkaAAKCRCJaWK4Z4wKA3ZVA/4iYD+xrYv0
8I+0GZJRdEL5f7T97a7Vtf5xSxUhHDww4xC9gs8LzEGWZXoNaZEVl4j+63EnCIbY
o4g+c4m81D5NWFqeJWhWpcyvejo9hfGM3ZK/XbiF+ZTzznU5YJclGaZ7t8TY8gcx
GSWxUzxBJQcSEzAKKi286ielMAXocNx10oicBBABAgAGBQJUpeRrAAoJEDgi20fM
N08tDkwD/2F5j5irsDw+MQyLKpfPv3GRJ5J3ebOPpLQkQ5T34+qeIw4LkcXW9OJA
ohW47JLb7R8zwAlUoqmmNXtxTM0r0FlTYGPOVEnSEkMqqa3KR68B3jWAGXXdqig9
yBxYRleawQ4ltnegBn8q7gC4MwnIAZxzK+Y8cM0Rk/FjC9+NhwrviJwEEAECAAYF
AlSl5G8ACgkQnBy94uNcVjUfvgQAlQijnoE3de1CanB0JqIN+h+XOLOpalFti+B7
Swc2ZlnlQ9mofYPK5UHlbsiC7/TilD6xm4YEFKim9sOIMi8FNka8+EH+/d1DmS4M
qVPDssxTG6VOzn7tYOuC9qIw15IpfbHW2bk/YIImwP9nViKCMLIGw+ZgK+uiRQx9
fT8O1NqInAQQAQIABgUCVKXkcgAKCRBvUpPYo5umVYKeA/9n63K1nF3DNY3Hckvz
tN8OrPmyCIOh+7t4sc5NHhTK0+BQTv+cgG6ig7K2cdI6VBAovs/c/u7+RrcMhp7l
45AVnycfKcNaMHKFyMHDk9FZgpRG/bv1zwDxdh+scUc3IekqkSiQ2wTjDQ5Q/BMK
L5zfOSnTOoltWjpVgsjdM75Ol4icBBABAgAGBQJUpeR2AAoJEO9YlmTUMuGd8R0D
/3mhriMu/cp3DXHnlDykqLJI1q5K4xCHOWwFYZ8DxW116AVjluJYYW1HmWcJrjK3
cwuN3FUcsIjafanIJWCsdeZaPAyFEfUBEW0YXIIpBXRw2N7jNtrd5X6Zjptd+zW+
4dUzvT1pqVtdPHjova3fcGLSmcdZYbddotaGi7xi7kXviJwEEAECAAYFAlSl5HoA
CgkQwZwdJRLTRh0iwwP/Y/pwp9ttAMuQUz6oH71BTkUrzu9LiI7vhrYxEquFdzCO
dE4jBNB3LGfwzjhJRtjmQ/gVhjXWWrDYnOXt3gNxb9KzmTHmSDu65cBxX54Un0pZ
+MXjjWOT2l8+GA1lXeICIoZjJL88/zEZAiaH67ch2LEix1fOaJmXJzUSmP1pR3KI
nAQQAQIABgUCVKXkfgAKCRDAKcpAFvTM6XVwA/9Eb+Dwn2lmEFFo64gj8ocpWzP8
/sD86PP5KkZ+b/HQnGB3lsQTwsGytDvJfutLDa05sS/HWZ9wXPltX/G3omp/A1G5
qEKzVSe0vEWedpf9wn82Ll6hzaiS5qX7r0+FpyUjY8arNrze5S4Q6Q2kjl8YduXl
wG877igRHkGpAtApxYhGBBARAgAGBQJUpeSHAAoJEBj1A4AkwngCRCMAnjHfd5db
KK6DJxrWVnEbyXs/QJGKAJsErKkiUX55B8k/P3cyzyXIaOujBYicBBABAgAGBQJU
peSOAAoJEHxLZ22gDhVjCDQD/j7DE5wyhpjHrtf0hsQcaQoVHWZb2JTLZUMRAQyj
zKMTSs0GslamlxLZmyV1HqkB+41zuJeBQtRV4gjqa5DQmWDRC2mHl7o9A40v4SDa
O1jmfU5hfJSMecucPyEcfaAG4BIMvBo6TL484uHBi45SN4Ik3f2wc6D1XOluD1vB
gIwpiJwEEAECAAYFAlSl5JMACgkQ1uCh/k++Kt2s6gP/RNcMKtx4u61vz+Aji/Fa
H9q03JxQaRgmN1q2AvZQ/NTWTXU7Y5GnH4kW/8rOoUQiR+agJsvTt4ciM+y33pZ/
ZZLkAuo0uKelEHhdQhtRbSktKBHSgDWbiqaJJIxazeLpxcSgaoM6RW/7aIFdMtEl
ALAzTACYlTN/nKWWICn8GnGIRgQQEQIABgUCVKXkmAAKCRAh+cW892qb9aWOAKCg
aznvUX8PIvKPzoHld39xWlJ+FgCg76wrEc1h9IiIgUoqH5NWVCxcHneInAQQAQIA
BgUCVKXkngAKCRC92o/WP+p9/ancA/0Z4JHZT7NRBMr47zQvSwE4eLpSE5QDGXi7
RNmOUgZxrxsFWRZLJCVupXDBQVZEhOBRZYqXPw1eDglOU952oj5OjaHsYnSEu7jz
VUwlp2BxZQ3mnepdUcQz1A3k2cPZ0I6KFP9hP88GU+77nubB7IqRH/Q3QKMgO0eW
yd5kYugyYYkBHAQQAQIABgUCVKXkpwAKCRC9J20ub8+ohR46CADMEvAns+L+BkVN
d9INsiR1rONrNRPT6w4dnBeTLaykkuMjc6+7s+UuXm6AMAelI28pG+fJyt/lZAGx
QLS9zFgREge0lVbOZVeAYeC1YyFsrJE4Lr2quq3fajj23tnsHmCv16znMHrh/E1m
Udm4145NprijrZn+PsjuVWYV+pxiLpLM0YBdGNwCEMi/KCQ1fcaiAZZWSqLmHIe0
ubWDdqq8/5JRQ22SEnqP2FT/lfOmKTxMNmE0uEr4+C4fG2nd38BvzpHu9eN/4Nwx
IwzK5DhbAj+I57+VDncgkNGe1q4QY/5LaZQh/nHIcmX1ln23f9Lxkr6EYYZ1ptq+
A8buvD+XiQEcBBABAgAGBQJUp+zrAAoJEBCQryClqlvm6AgIAKAR8HY4G9AD2jDb
ouS4Al4QICagwQ0Y7Rc2/fHyPQEAP714EimakPFVFDbSD6SW569Qtdxr+ggH4wFI
bzd21pCgIUC6nVoDotIjplMdYkNfq8AODpxn3HTBnNQ7e609xnWxFo/+httKoWok
fEP9qZk4MJq7lE75iX+wohjLwoF6v0tCB8CrBFJcfKrDvXQSGvKiaEp4g0sEfyXv
gL6X0xKMflupofdnFLJliV0WqGhBOGUghPdLsA02E3e1utj6WABmudMytRxWB8is
SWGaywaEKLSdCgi+XlQVypKeWNMbZZZcftVZ91r4iNTAkw4cv5Wea+YnngfurGCq
J/jUq7aJAiIEEgEKAAwFAlSn7r4FgweGH4AACgkQZhs61tgqu9C9Aw/+JMTXzwni
NPwBxkbcNWbnWODVEElmDloHNpr3z+ryF1XNgbiOY8dn7uwRnPoeCDhIDwvNkK+x
h4xmjH0970v1ltbzcZv0wnK6UeHQssqN9NGsXM9rbodYRIam4yxbwd1ddOC9QZFM
ToRVWiqCzGOVYL50a24OYKClGjm4ncRznXJrNwYMEjxQ3j5FOkXIn0096z3szWCY
6yDpPzOsl2TPwdjMKZWoMEDh/SvY3AxAXo1XqDCj2/+C8dDwO7kn+QAl3fUGmkI6
dUHCAJm/WtSyvINdphzhZ1ZdkPhqDUKcR0JTX03QJ6bnu5vmmOncWm2NA7rP74fq
KE9XzT808xP0GBwR1co7Eq+/751j2TA33JSlt/hIgi5aEWc4laCingJ02yaW8tUS
DCoVNITaXcF/B47hjBgovQk8TOTsQ0nkSYvOoh05OYBmzl17G57QuPx1stRJ29QA
VLGem1v1mXAuNdHH0kNE+/Rv0A2vGqauLx9ba84RfbXMM4SJw8CjhX6OxhAM8xoU
tO6T56XZS8qLtWLkNQNZNdNlAo6tYk/cTrjdX1M63nYjoVbuc0nic6Wp+dQk/DEb
wsiIpFoisvMK6EH49v70/c9Gtg6rk5z2yBHMZsjo2Y0TheTKwKIUEz0MuTncH8jD
yB/NtQkrbiBdEqRJUoKKUtS0B4cUYTUyd+SJAhwEEAEKAAYFAlSn8agACgkQ8Ar2
6sJF0gs2yA//cgc+g1wPRFzJeQGv5UFR3TCAMtS+/bzY3UU/eG2Jmbv2qwPbn+kx
RH5dYlZ72VHXEggBaEweCBrBWsweX5dGEMNDLNlI9ArAjjhBAZFFUQKj55EzIZpp
YTbvgxOD2ENKU2HfeQYCGFYZr3L2DXQ1k0U7VnaElBQV3o88CMi7bIsQq2aWk+c6
Cy15UVr0niVLm95EUZM4yYm2gOGJXUeaGIExSBtiwuzvAiDEGaqfPGAi1ePkNmLJ
3UzYfgiQumSh1kDVlQkCc8UQiF6ckEma618cmmaHs5vZvHsTX5O2/qPkLpXunA/7
5yM/Jde8a5VbNGWyZ4rmstlWR5rPd7r3uP85miHn7Arait3aGo8RQeAHzOdTvMqS
n3oCotQlOvBhOo7qA8oYQVlU0+77gOfZZeEXDZG13lU95ptFhdsGstIQH67jPQ6z
TpVnd28ip92ysrwvxPhOzO74yKcYoKtzwLctcvptlKTkrFMHP3wJwqbaSfJGK4JE
rjT8WnnWyHY465nTDN9AKkoH4WQNozniWX8OkF3CpPj7ow8roFXlPOxXH4QsaQu3
Kk31APn/A925d4xyYuWYHZ7A/FzsHafFHPMoG3iwZyuFhfl1UXVvEd8w9mEcxXoh
2iCy87TdpesG0GDzSmWwEYEPkg20BD2+vdc0EekALDjAGM+lfBxN67KIRgQQEQIA
BgUCVKgM0gAKCRAJp6JK0eWCB94UAJ98O6S6r1hFnCLrbU3GeqrA4DCtBQCfcza/
WoVLc3/+bOf1jzjJ/eJ20IyJAiIEEwEKAAwFAlSoCRMFgweGH4AACgkQhS2G+DXA
JIrWURAAvgl1LkqB9pRPViK1U+xa3b5zt0O/fLbov59aLhA4uPJ10BgaKptflLim
aE2EsS4Mnk0DQgGEBjlywJ5Ft3aMk3vbRz7lDE3zQ3oWa7+N4fcG7WWsAxmh0NtX
Ak7orN6rQcyGgWgpF7wOau79i4VO7oLHKeS7QNs7X59CW+k64TAJabxi74PRoVMz
843qWPjsuFIYM7n/nF0vdECwhSE8zUgcYG2n5CdA0Lq7XRE+II11VOT2XEXFMyR/
Qh2m7l+jy12MEzHQfGC1HYBo/Zi/MRIN53Rd2LLJWQdMxz/BDiuSxZhKVeCRe7gT
Mc2k3VrmfViBoaUE0zqMbx0j29XUbNQNU3afE8MOBkmyd6AQjoswBEsgU9uyCJYD
Jq3V1stwSVBm9G7X/l8GFlPawLg/uM9gTYb2JYUYPlphTAwVcL469rKQNMhPj2ww
zT7NzjwFb9XrmyiIrqH5z2ieG+LRjajOPVPwBsqZ3gOA+z9QkU1lRYEJOTlEYCkv
8oA6ZeFm31S4JoeogbCDaMiqDszkFtYGBUgGEbnHoCgXi7aINSb17VZ8LTzpD4V9
vGdFVuE3vJf2POMERP+buLV8OiG38cBJXb+JVSC+pkpm+32nY0UR5ccDPwAC3cGq
SbI6ftKlQeaYp3UEncFUaB8NNZings3jzRexPjzUzo0vhRkkIs2InAQQAQIABgUC
VKg5iQAKCRBfHshviAyeVbEVBACL9Vve0dF0UqO+DN4PzrTOx2JzRw7ujhcrZ6I/
TCXjANGLWUheylRWhvxMojvbhZEg2835+9l6tpD7BVnrfkBE+LYIKFTusye+WYre
dAaHFpuN6XfmsXmhXaSodhH9gKS+oftYX61qUmiE7L98nvINNBMnFVkptCQVDl8o
GWiMRYhGBBMRAgAGBQJUqBAmAAoJEMSxB5iFeWojCtoAoLa2/SUyfC5EiKdvEbap
49v6XPyxAJ9mPvhe75aTOU7uWoa+c0wn6fXIcrkBDQRUpeK0AQgA7ctg3cJD4eTw
j4sQ94AtSYjwT+Yp7r2s6h4cHUge6AMZy9ixtyg87JnviRFob2zeo2JFDAwtl7Zs
GHo+py/mJwfQKmUsXUmQqgHJFXDiiux+4+dYOXZyVYKP5bTV0JVlKjRjSWNnh7Bv
yZNUZlrLz5ZKF1NAYKJAw4fx3TFbC4K3hvDwHQW3croPQYq0wNq6as956LHYjUOB
Q5K0uy4TXY2EcIyAy253UX9MAFgacuP1jf3ITEVZpcebzl+gcaB54gXqOfmgQQP5
PmQDyb96ZxFsKa5UfsS3Kh0PeERa5TDlgiw55O55pUSGKKfYfOXvqpJ/ZKYl+ado
wgsmbq09UwARAQABiQEfBBgBAgAJBQJUpeK0AhsMAAoJEKr1td4FvcxTNO0IAJ2b
V48mulcdCS8G3t8qRHlEXGbxgYBQRa500M9fdgRyIWBxubP7r6/nLFDGiIpdUVmT
g9F3r1JsyK6Q7+VUp9XLirj/gT1kwxXT/UHHIQO8ObtPbfFtqISaBjaklTOUPCud
+nOpzRIfct6CZM0xAVIoqm4kaRFaWefxRiyeosDQ7tCD4lDRwxNJE2deE1WmOeN1
YCJHa8QaewJXtUvqMq6pRmTlzSn+5/w3gV3XVF+CHjGD/COeSm7CGazLmlypN4n8
ib9eRg0K2rAqKfUbn+aFwmqSBhBcw/UhOoXnteNQvd9KNdKiHERJEI3qZ2rLAlYf
uYT6oSAR9rPSpsZpyTI=
=Jib4
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 2048 E2763A73 2014-01-02 ------- RSA Sign & Encrypt
fingerprint: 49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73
uid Sendmail Signing Key/2014 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFLGB58BCADFOlIYbhlAZ1URaoyfEHLgrm/bHeZufZO3jp2eeuDIkt4Z8csa
eLkwomo/UtmUNXkn5rlUacRjyuhrDgVyuhYVeqq+tVbGccrjq4TM+5dkDTtQvLE5
sEF3pbNYiPNJwPnqMfGTVmSouR9gGJGgttPubFDp/2jTpuFYZbcDSo+hoI9m5RAH
aWe+MhFC0r7RZTv5pY1CG3GSODaoz2XIQ/dDJ4WKZFeEvDPQnpLY4t0cb0hVcxYO
XVZZs1YmS2sEJirwJ+rpxivX4eyVKSO9Vjidh6cvmg2UdKfNoXXd+G9r0DR5FSo7
hQHlOCrLFQQ5YJ3thGNl/fw7wVXVs34Nj7QfABEBAAG0MVNlbmRtYWlsIFNpZ25p
bmcgS2V5LzIwMTQgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATgEEwECACIFAlLG
B58CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGHeEezidjpzcRgIAJUZ
4J6yvykcpgrIS8ZjDz1ab2sXtBx0ZjI5TxxnIwg9RQb5YkEk2/9tPo0ZwNUTDwz6
eVENR++Bv3VXs32RnRiFNy1Mm2hhULh4ifgqT6Sy7zRk/kwiKuj6xkjAGZV71QmD
ukFIpVaWAQwiFkDgqM3LbxZ1sisbvvA8M/zJq66uGg09Lu9CKcwjKDfy+UW1E8Ub
SRzStTRrpvCH400q/Pwv3mOA43+H6Un4fZfCOcZeo22rSgT6D/FEY4LMdNnMLYuU
zPkpx7cKvQa/AcMdjoGu38g364JxlDjxjE6M+XBym8Tx6j4res7o0W8TGW5g+rEv
8X9i7uxdnEfYBlNAElGJARwEEAECAAYFAlLGCCIACgkQPWiyXVIHytM4QggAtF+W
cXu8pJi3+OAoPmj+etgIuLhJ2GOp8qNK8yvwTEwiNwtenjennlW3ETHiCbtfQ0/T
Z9rq5elhANsfp8LsXGoJ4ic6KJlDEhCrKa76jwEeECI74E60TpG0z64pHMmUhk7l
eAUckCOvW7iHIBJVA7ZM8oII04ipPz6qJfJrUWkJbfZh8VV5DRp7zKAFT+URgSUc
bdAbLjyC7AohynNVxir90UoT+wo06GPMDpeA5+fS0VZxKAwKv2P0mRZAK63yzEJz
+VK3GCHLPCWJvHoqx4KSutk2mIpZ406T/BJEphkGN0BHHiUmIr9qfX/87klA4i9K
dHvzFr6qFBxD78XfuIkBHAQQAQIABgUCUsYIMAAKCRCOWun7zu70Ox9XB/9IP99U
LScSFiDgoZQr3eMztpc2NLIS2bGO1iX7L+9VInPCob7Se53MpaFrDWNna53Xehwf
NbaqsCQrG+OIMMwhRc0x3QCoXQUchA/JyAUIojfOyoFUZvlyZStRGOp2TBRrJnmb
l3iWz3pStqqtvqag2d3YxowqGqUvlRzAXTFmgjcnfMcJrxb9f3n6Nf84QpxLHxB2
MgOgxUCHXMtJ4WxFHAoINize+P/P99U9mpyn4ewTnSaFzcmemqoVT9yZUDYUYrap
Bm4Xp0Y92IzoNpJgKBZLwXihisuI4alY/hBopo5L89vms2BwesQuh/4Tr6SELwFx
zX63E++tz1TqHleWiQEcBBABAgAGBQJSxghsAAoJEDmkx32peISwXiIH/3suKuiQ
+KqQT10UdBoNg6m0XinG4IG2MghRRcdg2Q8ncCfMFJPsKQcPdjiUuuUIYtD7CE+O
SwQ9N+6vZlsk3Zq2I8rPEwrUTmZ1gDcMK93MafNS32Xt7FmCY6wpMCkpmCLd9sjb
7rj3uZdv/aI6Is76z6dKTfxJWBrbsUQNncASn5JyCXrYj9eeGP8gHX2KCkyPBF4u
kHFPgdzYevCfZeP/+f/cdRwF6bAVaHiEZ2S/Vg6r3Z89vgd+wNKnNsljEiacYWuS
zxouEn0eWQj9kC3bXJgqXH+HLrEY8NAQ5EQWjd8bzIhzCTA9MtL+N1b0Ep36gNiw
YFB5b/b7KlbEPsSJARwEEAECAAYFAlLGCG8ACgkQYE378oVBCr4XDAf/auf1ljzq
w2khe1L/1ANvtnugMP3sVJEPU2nDUnCK2+c0G5INnWc+c7DEFsaLHgcs2eN/w80a
adInDn9lFw7DtcvZr3xL8q+b6j4i4jucjT5WVfYHbvc0xcKfpEjRge4oV3XR73SU
ztdTWZZAlds4Xvh9pojjM90fBu5uDqfpRM3/vNTQ9EWvjcCGKusWRTwgdfF94cHN
CeSe8PCo7sil6MtBBoujmLldCKZaLC08NLPX3yTGzNmuLyNZj9WgwPoK++XTxJly
0j9EJsO28ZxmNCxsZyGA+1D1NuRurQ5FXIUHUfz6taP8FHSDt95cOiirmCMOAjT4
UFtGAZFlbhzxroicBBABAgAGBQJSxghyAAoJEBKJbpunfyQpyFwD/1fp8qgb6zvn
dIoTUoVWahI41Clt65cA2d1Ib1IbJJ4ms9cxNbFMTvbpPQ4AXOz1t7x2uS3YDmq5
IxdWLr6YPSMkGmtpF2CD1HwSLcUwtKcIFrb8a0EN8Z+sRKu7yYg1vMxc7LmmOBUX
x+j9fm/1OFGIHYnUEb9GeKFf91cK0VAIiJwEEAECAAYFAlLGCHUACgkQ2Krwyvaz
BylxvAP+JuZQFPnk6l4SKHR/3ZWz56fOqZ6Qv8cgUCFY5AY9OdSE7aU2zVjZTjd1
dJzVD7xc/9h8OW4HakfwcNnfAqdQ4eNdox5+uydXwU0CXJqU8QxGPaCSRkB1Thb5
aMik5S01lzra4s6dF0iMC15I5v0PAznykJO9Sq4qhMLUCYTxFiqInAQQAQIABgUC
UsYIeAAKCRCXQwEYcJO4QeDXBAC2hVO1j2dyQfkHr8eLAg/P+2qwZ1ZaG4jxItol
vF91lfGNCaG3RWB9iPRIkz5B+lSoh4mSPGzJ3cFDgB53rRMpFUa0qhiUpVaNuPMY
BSrkxYb00amJcFoXX+yE8soeu6BZ1cazg8GEkbjFbboqJMts2M39dD3c4ikbU4Op
v9ag1YicBBABAgAGBQJSxgh7AAoJEB57s8ivlZYl1w0D/1AySnzhz5PKQo4Wh9QX
qX+yMVBT3rgVO6EgR8ShsyMhZX8GwEEGPueDAh8MLGPqQZbjXq81QMeVk6TSUCQx
XbhHxyGJJTVDxxJxFJZ7f8y05PjppTA6TL2aKYsZLkWUPEq5vKocE2VAmYldwvRS
Ez4oNLWQD5dw05DPzVsJ2/49iJwEEAECAAYFAlLGCH4ACgkQcKAkTR75klFOVwP/
fxmc8/ckreAjz7C3oarAHlWgAUHrJAAtG1MEgXN6FtzGZyzj7jsC4HI8A5nfwIWx
A67jktU+6OpySrvIv3gRF1OAV168Q9IE8KszvnJgl6Gknf/KuiwpthWHpKztn9lF
vealu7JKqI+3D5m33SqcWUg8SThfnGBoZOZGOnGrw4aInAQQAQIABgUCUsYIggAK
CRDI1e0plfYXcf9oA/44QISEfFkqab+NIIgKW0SHqJDmI5QvVkcCO1Ct+/TkhGVO
I68XKLMaNbzerl+BF26gU2IYCs0axa9hlkl8IJLokZhEPSRPDuSP2PG3GjaFsgnE
5OK6aaVvjrEwaXe8v6rOYLmavnhZtOKg3H8pOl74KhFy1i/ZwM9oVfD4sfLhxIic
BBABAgAGBQJSxgiFAAoJECGD4bE5bweJnYsEAJUX07KH5tI+OfmhQ+WCFuU2as+r
I39oH1BB0W44fEhTj/yJFVqGSt4e3OBlP+SYqIM4DxPttxNtfQ9448rbzWLCdL0c
KGOM2y9NT/LoDi1JQ/IVLYvuIyNnPViAF5JQ96NrmJH+3SaC6goK6HY6D2Oh3iyO
1VGIhjOWyJr2+5ZjiJwEEAECAAYFAlLGCIwACgkQiWliuGeMCgNvkwQAjrrAjFyh
pMepbLnRlxi2gcLqdmLcaub6AaRzCGDaYQxNFtBd+vLt0CtgY7sILahcMX6hLT53
z4zCHoM93DM3jBoJehC0lH6/qd3ZAcW9vcSxk5ws97K6sbMXWIfqDgTUXaArOvKG
GHE3vsgaLvAQ8nz0QaVkwgSIQfz+vBDjlM6InAQQAQIABgUCUsYIjwAKCRA4IttH
zDdPLdPdBACoapJIpeNLyL9szztPzznIIxNbeuFJVfJRAE+pZ08y5YKVtGWArUcb
GBXlZC5FrVTqV3ptIa72ALApIZ/M4Awnk3C3XyjMioKemv7I+cOj5DqRgkR/hsAF
7YSAg718twgv8W2Ssy8i2vOlAoazxzN9bhVl5cSny5aeUnpLwK0WMYicBBABAgAG
BQJSxgiSAAoJEJwcveLjXFY1DnoD/iFZ3zhzwIyWUl17pESa7H79tbcpmRyelH5M
vH51sEBl27yRRKrsx4oayaumUT7W4JVoQTEYH54unN6fSBqKK9VyxzlA+v8PJjTG
43MhtMG5lc5B1fKXFer1SpxuoR5h3Qdi4KSz3yh8K8g5KKtciPBx5kEXSTm6Nycu
wkrCRYZLiJwEEAECAAYFAlLGCJcACgkQb1KT2KObplUY2QP/T2Zt5U2cl0usnYck
wmMF3ZAzmcfhsxMkVgxxL9AkVJh9dHhLSYFWN6qhlkZwiW6UhhKoINfEpb8gOcBz
rdb4u8yrWqIS726GqE/gnjYUf5CX22mOPWry8CPuWesRVpr832TzS5wxlBQzRMSS
MVn39IPfIQnC6UQ3tPChruwwZh2InAQQAQIABgUCUsYImgAKCRDvWJZk1DLhnUOZ
A/4qp/HD/+V1zpewexP4wL+bLA9Y6X+y2UWAh7eZCBQvXOhVAYcHxpmWgEfHuS+c
iHYqCc7hz+1AiKV8AfVk6RX0k9Oli/IMbM3ijv3uIl+5JF765oXUAB3RWg6V+MlJ
VhOVkBHXmBuhFnfVPeR5wNPpQ58d9LwsZtU11/Y76xzOUYicBBABAgAGBQJSxgie
AAoJEMGcHSUS00YdL7MEAK/BtyOdoFA/8SBA+8EOG8nd5NSlGNZUBnTlpWqdphkR
SLRrb1gLGr41ND2yvg/ElTti7m1D7+7VUnwCXM5wUO/RZuZx2uDYRCdDXj5WBhcg
3wsHO3IPGGTbCukp9fLcthBQ46PDewlUVo6gPWhjWG/oC04XYeB3+f1f1zGAai+s
iJwEEAECAAYFAlLGCKMACgkQwCnKQBb0zOm0CAQAhwRycBvn1kZB8cjBVw0a74Xu
rjQrMVqmKM0LW/UzoVscB0W2KxZnvCLcw8N87CnnoSAO3MSnb/vPPhtnQxVe0IBA
4yoe9acWJvmtIjw4JFDKioVPtEy+pcg5EDlyqNHj0He/Cmbirxbvy2XiGB/Y/lxu
t1kad5ZYY/F5+X4hbyOIRgQQEQIABgUCUsYIsQAKCRAY9QOAJMJ4ArQbAJ414QQw
60cTU3tVbBTT/l/sRysTXACg1ggZJszRL0P8Yy6WOryQ+r5Fg8yInAQQAQIABgUC
UsYItwAKCRB8S2dtoA4VY3VvA/4i7bKzYElfVdTIj0IgHfd1zneeDjJoJP5tmf7F
ElWIkENFVkKQ+tUBO2d/qMK8h+aj3brDcve5A1LUIsD5leE+igke8SjVF9/fwN4U
8Mpqrvaw+CX7zGMnt6J075OD7mfU7hZkSpDhmOEMaEzaviei2rovBgaNv7tOlgrk
J5nCo4icBBABAgAGBQJSxgi8AAoJENbgof5PvirdqiMEAKp3kzOjTetlDWAqK0BY
u1kSTCLzO8jFIq620dT0BqorZ5nvxwKovog/FgrZ0LlywsjlwOGCAFo3aW7WTEyt
7AwlQvUScAbPuZZcyZxKwQ9h2O6C2K2RPVIIHQusLRVcr+oGgqMoNjpSxOOxfJuj
hT6fXHK5SayZSQEiZyeKme12iEYEEBECAAYFAlLGCMEACgkQIfnFvPdqm/UiSwCf
d7Y5AR2m6vK5drJEaqbnv2tmXzcAoMhOg7eUPnYXr0Uwpo/61oHAPUTwiJwEEAEC
AAYFAlLGCMcACgkQvdqP1j/qff1p6QP/TkEC+SJr4YUPy/0cLsSr9j0uPfvke+Qx
U0RWynv4BMU05TKaBeZiVG25iFsGERW0drxiisPkcgMTq98wE7Q23Qtk+Fg8amDn
6c0qEj0S4xd/DfHPhcznHjjkhiTftSmeMGHDMF8M5+ZBSlJyM6M1dtTlceU88ZYu
Vv89Iz9nnmaJARwEEAECAAYFAlLGCMsACgkQvSdtLm/PqIVOHwgAvKy116ykGuvC
LlxCVx+RfIjhaXa5OTtZhLc7YkXgaNr4UmcvNZtGwQLUEjDO4fVCF/7bSrryZ6Fr
PZBNTKQRwbqH8UksQ+6hIbTBb5ZGcpKQPdIqEWjRjCoDah2EI1ln/JI8WY5NoA+V
iuBd07msr49qevHgGEex5dX7NKOu6nuvefaasVDODNsiMp2QZmIlP7XJw7VKkiEx
ov93DGImxD4o8r2Etzo1Lt5/soNzw26etSRFhoGHRdW2mlS5QFjebV+PNAxwvRrI
a+5CjoA/vFfwxV+RZlvCLhzuEsBIzw6yenfNEd37bzqJq/7Jp7kQCe463o7ujG00
k+ObGvq/YokBNwQTAQIAIQIbAwIeAQIXgAUCUsYZQgYLCQgHAwIGFQgCCQoLAxYC
AQAKCRBh3hHs4nY6c/AjB/4rt17ezRHDxuDuS7+waPC9N6eXAQCbwdvkYd/v0bWe
5jHgknMHR9OyGU9JKA4boJCtJNUvceAmzBtynqxy4hR6rmCwCmFW3AIK31iu3frz
Zqq84XK791voKMMrvnux0OHqq2l2mYOSNXUeVNQeyDE6HbKXFUiWhRZl36UndVaE
XhdDnKpxseMpYZsECW1+x1GxbUHFRx6tSiqzgLSNU/SsgwgttHwyqEdW0sr63r66
7XSoMKvEgIhb36hJ7AIaFNWasLnnLOTOWR74IHnJ68FpordYm7lnmT5Vg/ju9y29
JDwfOcNroCao6tTjyXcM6KmIssQPavTDLK/I6XgVr9QziQEcBBABAgAGBQJSxwGo
AAoJEBCQryClqlvmWGgH/3CsqpTEKQW3FL/jughz3Yt8vmgqmlj7ZbTaVehIKRU4
iL2XOlgAu3JISxCLPkdz79qcMSkZsOJtTGwA1yjvw/yx7oSznvW+jgNZ+fNOuT9w
c6YKGSm0KbGGOFzjzoCsnIpoVEVuJwOS/zqGY349WR5dyaY4pEL42StfqLLtHO7I
IJMKRcubedgZSogT9iwhin+sAGi60Wjq0pX240UQG0bgSB7n+/+7NT64u9yRyPwZ
9B7Y11smlCw0jIlJD/P51rFgFciG/BdYyPfRHToe5CjOI+1sFxJYuOQI25o9/Syg
7MMzp3ym2IEjIi3poBwfqZRlPDb5nHfu4vnSntPrwcWJAhwEEAEKAAYFAlLHCkcA
CgkQ8Ar26sJF0gu9AA/9EXGIp5BwAYXNtlrI66nuPBwbPXHIVXocnlu2O2Kfzc9W
Lvl3e5eSi61/TCOPNM4ParKUT9utxq9Sd01WO4GuepQFOiSfhMfKb7ORd0cKfWuM
9shAKHsTbuAopO9R43jv1QnE+yL1xpM85JaGxI2pWf4XIpL32ZZ0s7s3x1fklNMG
7ObB5dHr66M/V/GXZSx6rTBWhODm34W07HcXqDdwjVT8J/fo+3kkY9eXYuVfpl8t
bVV6g8DK1zMkQiQBHpN0DCZUYB9WoJgCKFsTvVUElRyMY5sd2bkyAktA2df1EBSH
kMXzqn3py+n3YzRY3VpsNUV3WkDRfU9SIdJd8g88muZeL9namSr/3eHTjdaMoCyL
GyyUpy5LrD56k3QWeXDWVynU9lXuxaiJDntP6A81d6vaIBtm8AFVihtJFoufHot4
crmPqKtH+MQ9G6xwN5Az9okXKg7HGG9ZD82s4D/X5plN0OH5pMeYLrOQI+oEhjn2
uK67y0Zl/eqoQcnVDy9PFrynuSVBC5/BTGNbebQrTDrIsQo0m0LMYO3mUzMBA7SO
j9iA0vmXxIGsPzf8lRu26odcahKWswRE492MZiTJlul+HWYmun1b0XJz/4YDWL5l
+kUVLnl53o2aHVlTkmPEMg/mwufkxTayJrtl3kL6oun7e6jUjaCRao9eLFZWtGWI
mwQQAQIABgUCUscuQwAKCRBfHshviAyeVYy3A/ig6XKOyU+RC/+4HtFxvL5osE9T
w/9JlY78umlNish7CJo0Sbka4nFipd6Iw/xcYiAQ06TuS5NDwdmcuoZoUpDAqbLP
r/pWpBy9IAUIzAa1UnyvYTDBp2NS3nxcWnzEpXk/dDyYMKX0gUsrDjE9ZTpsKeMq
70Kgq7lPtH6EfekmiQIcBBABAgAGBQJSx12BAAoJEG8PnXiV/JnUMB4QAJu5xu2F
ej5QSiIXlZw8LD/uzx3UEQocQy4eGPtwTxeYogt9FtbdblRYb6Y8qc+Uyk6fLBxB
E+gclk3I2GnKnpqjtdG5utJnAbvynqfgoE81tuC7hjxKYPaqGTJotwX4IsV8MZZN
D6hduw1hxCWsnckS/6jnVrJxThKqlKEnnFqLE14W1WTnKIqh+dXYdnqn+MEMXZhK
7z68TLteASvT1S9i91Kof7gmfe6hL2wbzPAtils6+gJr0ZfxxUTDzFL5hFulypzX
GgW4VemsZLRz6hhevPiWSRIGCG6xO/boGPnlOQt6Fv2mReBiuIidSia9S1G7G8KF
36ya41RrS6157dgAeSGGUOAzGkvamqlJozlTo1dl8eD08x5G2cHKL/H2oviaE1hr
CgZypLuhPisW2Yd99WMndMV+jrbkNXcORVdYQO/T0aP0vA7zNrTv96shcpNoT3q7
nWDuGvxjOic8sSX/MxR7F+4UqZO9eZGziPnKDrv1fp17CWWmBBvJHWhFXfPF9nPu
vej6q3Eq49pq3oDuIbtV+1GaMKLre1fzMzqyz1hQ+esByOKi/cAH+QzkbXUC4KyL
q45O/UfNR3hYZms36n05729qF+hW6tO2ZGd43k7kSVgYHj55BIr942dzWMvg7BUY
aWQqYiahIfDxfBXz+WvW5gihr8In24L6dYXDiEYEEBECAAYFAlLHhgUACgkQCaei
StHlggeAhgCdG3L6GRFUho2VtUOx+uaGsvj7vvUAoIahAtf5fb8mSfzceNr5neXd
FgnpiEYEEBECAAYFAlLINaMACgkQxLEHmIV5aiNLbgCgoJYeWDcldLWYU1MH+uvo
Ll4ThV0An0PZNMtCd6gwGGhGd9iMRqHzVpQQiQIcBBABCAAGBQJSyoYqAAoJEIvo
ebAocx4cLO8P/jO9GWX7PSI+k21P4NIjSc6VHYv8MMa5H36NWe8wnoUSUr8FKvUh
uLOI1bDamRZBdCWSuMf3gcWNiwVi3FKJqH/tAdjD4Mc9NaL2DJwKgHH3IlSwV+jF
Hz9OvkEzfo8RT0zVkbt61tMhrNCK7wRw/QrjchixNyJH9YIifV2huppwbgHl5YH7
7wYJ1thhIgyw8kSSKHFi3yJzy2q1qZ6hwcCCkUw2K9VgYV+0Y2plSkkc/OsoBUsU
JSNdCOSAzpwAmFuSpT3YVlwWnknJu0vV5BPUL/dJTeYLbhyxfXWiWDiF1tiBWHMS
KvUJowbW9r2CZ/FQx4V5hXKMfCupuDJpmCvIiDfRPGfuD4+4vJ+EhAp2TEyRL3HX
7BAlQ/95TiS22AhcFqn7Zl+9tS1vUcj4xLmakPQ2REKgBqiUrVDu+GvzZY0A6V6k
J6LNc+ncaLX+B9lYqqMQmxLyRK3JySpHWgC2ZPoyje8GR4ksf0IlvrRufFMj1Qyt
/a8Jc1Z2mXJR3PRrsL7EBDdp7Xl8BGqnjShZgIvKPDt6+nCIqsv13OjWaUBl+CKg
eZcDMt2nZGUfu4KJD6ktJ9nvthrocWxL4dRhFM7s/R9ad1IdmySoBH9SnUuMgM8e
bKQ5FnVqNiy1Z+JrsigPvb671KJ1MA9n2rPaBhY1cNYaaavIbKkBzDDTuQENBFLG
B58BCACe6UEcbxy5q6rIPXZikT4WCg6bw3AtdT/MeLUCmxWhhP9g+T3i0t7zU6bu
Zcw1uFxjnKsMEeDBHwdI0Bg9r5EVtp77GVf1EGrveKvISURlktkBtcezTVRfukEM
mTXBt/3vMGLg+AadFGZTU2ciKdO22AxLBZWVgz0ICoO/ljtvEFokrrzwDoF6ySHX
3Taiq/aMqI/RjIRXXMq6u+/oVC6droj10eZRYXGPMl7og5MRSUU8waV2fYgtfLmw
BtVEFbd0LPO5L1BNgIIMBx1X/QzMeBTldT+XcDSYh9ELfMJoynnVz0smZbeQ2PZ/
DhGsVsLvJc+cx5cDnBKsPrejCTXBABEBAAGJAR8EGAECAAkFAlLGB58CGwwACgkQ
Yd4R7OJ2OnMzXAf+LxzrPplcEyIDKOoGW21320AwH5NqjInqj49K0gGhOL/xNkfs
C1wsiFFESdN7eL1+aDdk68CF1ClJagDKkH3U5o5PiPSjCsGBoGpdI6f7mRlxbUT2
jQv0QC9Qav+9t4QcyBC/1BvwO1e7fgrpFLvBrXJpj4utHBP/R3WUo04kAp+sPbVk
tOEByvXAHkDDe0KAG2G9A0dLqF7kfydoSaioFmoJlkAu7LCwFLFbFZ3JRFAaYEQO
DfwkgPDDOA6k9Y1o+nbk/TgyEj7PtpzkiWh0aK5BRI8mjA/s0XNZKpuY1sghyASo
XvRQkAGPLcqS1D4k+kW3MLWpxjbSwGi8FCdsfg==
=d3FT
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 2048 5207CAD3 2013-01-02 ------- RSA Sign & Encrypt
fingerprint: B87D 4569 86F1 9484 07E5 CCB4 3D68 B25D 5207 CAD3
uid Sendmail Signing Key/2013 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.13 (Darwin)
mQENBFDkiE4BCAC7jVxyAGrnqq7bW4lAe83CxIUT4YHb+Ai49cecSCeOGqPSdlcg
NYdNzi7KKpF9r4ShSctw2mHqWkwE7AimgJL3w5Iw026YtFrGfB5KHnBIC3dWKiJu
ZM20qKx0Y5KqLjZStlajHL/gfhzhHEZXMcgFbYMGQ57Yuug8eEdmBb9ihgQgosdT
RmdNH5zqch4G3Yf246JqeyESBCi8NHbOHzdfEWze3H2mGRmGeKfcnKRPlZV9OEdG
E6ZEN6FBMghthZRa0f0AWw34YGxtvIAXOm/as64qpzJ2ebbH4HWvNRAaWetARG/I
4OwCkvcpqFROXXFOALlFJiAiXkK1RRPcPWyJABEBAAG0MVNlbmRtYWlsIFNpZ25p
bmcgS2V5LzIwMTMgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATkEEwECACMFAlDk
iE4CGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRA9aLJdUgfK02WeB/9r
tNy5h/ouE9ixuzIDd7q5/n5ApIu0dnjLrieoOIgKPKLUwQMO18cjueKtRcAk1NP/
BTYodw1rPOuZrtlgIltoAz4EN14SDGqiVVhgNkJVazOQ/4V0/zVAg+AZAngC3IFY
MXI99/HOnhTTZ+lHwDbvZdNu/yY0LDOl0VO41atRD9A/ujbRbjQL+QCkabi+M0Vr
Boz/4JKxbidsG41JFGQMTJxXuglZOWagB/T30/pYR5kxlTT5w7Y++JTGpOsvfAoP
B5wp1rTtsA5d7+oxmmwHBBIlDFidWTt2y8Hk1E+Fx+zHLvqdG6qZuxgtdA1g+DSx
MBbgmUztfAJsRKAJw91RiQEcBBABAgAGBQJQ5Ij4AAoJEI5a6fvO7vQ7IVwH/2U+
K1L0/wP+Qgbb6Ge+Q6Px0x5YltJE56AoDgjAQof0jVgXXXJXb7uy+KIZnvBRdDeU
4z25qLFCAAoI1Coeu+DStv3q1MauQ6i05EG4qnK0h/VHRKsaGpgBpU6Q0HUzCeUj
+jedYsBxUjKlIQgbNbKh8rc/q38q8zGP5gswH+gbiO4gfLE5vUD+c/j3Bk7vTwjH
wcS82QznXDxFu92M9pe9cjz4OlMhT3KqA9ek/3X0FgkxX8LdIajWXUXrVbxeYEbv
0mrctI0SDMpy7TU8m1fc+87tbUsAC6lZx39dB+6CgYWcegLZGkwBYNhI5FtGSfml
Z7QloikEjxhADUqtHL+JARwEEAECAAYFAlDkiRMACgkQOaTHfal4hLBIyQf+JsMO
NKuvzLXB9jVrvVZE9Eyngomj4j4wVEK2ugFcf4lryi800rUaqO8R7mgR4iIqK9NU
EEwazvyBU+57Qcn5CfxrRTrVWz3GUET3qjsUPOihmSnIg7V9nremQzQG7wWcraJe
Abm1mG0cwXA1Gasak5Z4wD4Q5FmoKTWBYvP8l8lnHmnG12cbDiKCwn1qW6parkW/
HlAaItO5N7Or58gpKSDrbaLBV0l2jxlOk9eeWkeYdnrF5PAmOf2/32AGRrGC+YI9
vgqK34Hslxf00v5yjw7wYiYNu4Yq9eCKCXw7cIWzHRAoE951tpQ0AciNS15TWNc4
MMiK4mUMY/9+YKwllokBHAQQAQIABgUCUOSJGAAKCRBgTfvyhUEKvuC0B/4iqq2K
hZiA5RWoxfXrwJwfaOtAHNgUpuDC51JX48vZB0Ie5lgARjqyCLbVPTIj/A+oRpll
z0FHQuCpYDTzSJs2X3Ol04COrsuWNRanNm2/Jh10m9vubyX1Ge0pGvhm3yFClFKS
O/LoioYWZ370PdQrVkccp5cfEHjiiCqVh3PLzbhPDj9Js9HKRNi0aQ34uJlZc+VK
1lAihymzO23fklJg3heL5HXH+btuJxkyi8aQ1p4meHVFYFqcjO/S7PyNJeMd0gwu
6ykWuL0N7Hq2WDfSYorDKf6fZMm/jQwkAJo26/Nmq0SSkMkviy0aowgjsR0zTudO
Tnpun4pNcYKSkbK9iJwEEAECAAYFAlDkiRsACgkQEolum6d/JCmgvQP7BjbE1xC9
EFequc5ixwcrKbyvel8JZR4QaMfjZ/YltFJEAtNpiUmyI1s5CVqPnPoMqGJSxbkH
eTiIinsj/lxgImE8sDAdzxfIQc9sUFwm/SZmYnLPBxd0FtziaNPxVY1zHbpBiC4R
vYTBGrYwKDxkMIkI26mQ3C+6jpQHZjCq+ZiInAQQAQIABgUCUOSJHwAKCRDYqvDK
9rMHKT9CBACU3RGc9MLTbgXuA4F/jjbQ98I4Ei61y5i0jAt4Wk9qi3WLCpIEorVA
9LzyqClIioS4HoLLIH944Dr6Q7nC+SwifBGgxWVogEPl8vcMUfmUIkUa/KD9N9Wn
t8nSyaYNYYDefjzBy4veyrZF/zTl9RUjD3Y5h6VRSpVqox3pb3g0QoicBBABAgAG
BQJQ5IkjAAoJEJdDARhwk7hB9oUD/19C8pRVgzlM4aCjbh1DhmF23C6eegE7Z82f
9ZByKKKZscahOXp0vdWHuKvQ/j09rfROcb08k+6EofVg/lyT5yj3+SFy7Md+6RKB
oJVfX4Q3d1kWjawwYoTinMAbiANgEbiERZt9OUvxFq1zB3XjfD/DtsTDXO0Jb9nL
an8Eu9KPiJwEEAECAAYFAlDkiSYACgkQHnuzyK+VliVdngP+IhF8I7YICl7LYK8t
eYHHSQuR0HGRJAY2Sm6AgDvS8d2d6BWHovzhcXWmZt5t4qtO9JoO3arEJPFLi+sM
4zltrZ0G2w2iLuK8puGh4PM2V2PjRVWlhmwVdY4yERdqCwD9+TpgPudxDaOpCpD5
pry2zkHzgtRVnKaB5wUxQSX/9+2InAQQAQIABgUCUOSJKQAKCRBwoCRNHvmSUT5j
A/0RNa+Q73G4STet1vUxJWyufNOOag82ziISGFX5qZ5HnvVheJuUYlplfx3pLGZs
VyxNPJ86vgdobNXG2dJYn/y/3C/9jIp0NiKJYEMVNlOrDvqoh3/7LdDCQC4dPKj/
T4nSKgK/ny3Bvz8RHf874fnZZt6xjo+DFTzvktChYBSBh4icBBABAgAGBQJQ5Iks
AAoJEMjV7SmV9hdxzAYEAJ6iOI1YzJlNzZptUsCcBR+40sAL43UaaDXCjhEtRgpy
+EQSpGVEzCvN5sxF4z8QXo82x9zQJWZmYV974KXqIq8jFEuSLZAuVuPs2RlfRyAl
P5lATnXdGzrTXgoNLoXEt/vQqYuqFwqXkVvZcLkGHPwTOysyFH/vy8xLXmRI58RZ
iJwEEAECAAYFAlDkiaAACgkQIYPhsTlvB4lMRgP/b5lffwl6KwYI2d/ZoQVaMN+r
aun6ziVCLqMQRiUR03H06fFo31RmGdPRuQ97jxS8EZPNabygjAfKq3F74DPoSlvL
/8AXhj3UXoERf2XIj03o8we5SG0Tg6zLSNB65NoGR1whRgxwAxCgIRaRfudREYQR
6Vd7WpTHeRWttXLyiIiImwQQAQIABgUCUOSJvAAKCRCJaWK4Z4wKA+BYA/jBXOD2
4pBFFELiCyFW+iTlzsJt5vwyTLolm8Ez77DkepkYOr6ZGiDb1cp3AL1e2ynwbSxq
NeAvwVfIm5TOO8w+xEYplciupd12QfXVa9MiQwDJm4FOP+Nb6X9MSqlHL8E8XoJv
NPjJoY3zFEYn2OGZrD8UpVdU5Y+pKZtCYxc0iJwEEAECAAYFAlDkicMACgkQOCLb
R8w3Ty3mvQP/e97V+BsqxV9HeqJHnmi4NJYaKpP2HBuXntLSDxyqO8YGa3qKkYjj
/LAXp2QfBpwCWn8D0pQSoUF5jayoeNviKs1cfcuq4dyfdoiVBcWOgJQeUHSO8w/r
hevqzclCuWz1TqW7HKlljUbpvP9LDR9De9T6izc3eR9WuLcqBwV73ZyInAQQAQIA
BgUCUOSJxwAKCRCcHL3i41xWNXa+A/9GD14quBksQf6iWg2CbHufCyUqquvN4IbI
YlskEHvjTtaZ20SC0cGMMPe/X2VbfWOR4UjEdlSGQdLWZ8FjKj0hjSSUf28OcbSd
xXryuFFt0skY2dBW1LHgVDUnHTlK1m9p9k887tL31YUGmA7apZVSILhSnd1jI+G7
NN3ni31Wo4icBBABAgAGBQJQ5InKAAoJEG9Sk9ijm6ZVMLQD/3BWsllRiwFCsiiL
KBJqnjRCdFTuHOl75g86IniLMXu11r+K4LR9mXbi2bduAzkwP7c9HSAFWli3bhfV
fgf68sogGcHAtQgjgjTg3NvjOPkeMT24PVJzgIUkbgFBmOoe30L7/YyKl7B53FrX
dIcuI0d47bXoUOvjzNueBKzLkA3WiJwEEAECAAYFAlDkic0ACgkQ71iWZNQy4Z18
0AP/cNp30lU/1dMF4bXbmbYG/dwxzFa8K1RsxJJD/HGFTsPs30o5tp7IpHAA3wiP
QI13HhDA9hfRsuWHyNztL6uHDD4HRiab1j1hNgorzXMYp+EmFSX+LYfd/GPBHX6B
xzGy6HuhurF1cPcvEbdlmcdr50YLaO4WJbHfU+p/9eEMZKOInAQQAQIABgUCUOSJ
0AAKCRDBnB0lEtNGHeMQBACWhsL8KCmh+2XwIweQOboaGA6ShwDHx8CfPxcqv9ZJ
4jsRoHSjiSRK+Gbqh0/5aOppeO6Pg8CppuDJ7jN/l212ZfhR0JUWfC3ySb71BIr/
NpKw3PqbdPK6ugcfVHd2JkHSqZvDXUgMHftzVZEeD+OSfCMo/ED0QcC+3M3eO4fX
a4icBBABAgAGBQJQ5InUAAoJEMApykAW9MzpXkwD/AgrFlIVjYGNSelqRgl+eaxK
ujeRUwcZOjKvleOa4U5QekaI1pTsbk7whbzABa4i+TS3AWwlhVOuKanJJqWmVLrW
dJY6PgVGhUGdSk+FwXji8MA2aqdfcTCT3L2V6QyqXMEP8K3KAOKdBDIFAd31pap4
ICuaj09nuybr2UNyOh9KiEYEEBECAAYFAlDki9QACgkQGPUDgCTCeAJMiACfbkQT
VU4gsRwDHBMRB1de9s7cS94An2ObpRui9RhHBRE+FONdzwV7LT+oiJwEEAECAAYF
AlDki+MACgkQfEtnbaAOFWM1RQQAwzWY32cZMx6MYBB40elalCqcwS0sGPG+BLOd
+7qmRPFUk7r/IC56mPgvRMAB3Hk4EF2m8YDfYIT/3u0r9M85tvKfzaB9svbn9xIg
s43a5m6EZRs8O/oeEpGJA5B+ypSMMXj67HrS6UzShGiNVJHD1FQABEYLEIPXOpML
99ko0KKInAQQAQIABgUCUOSL6QAKCRDW4KH+T74q3eJ/A/kBmDLoDkOJqZaIUCgm
DEebLXmh72vglflntChfOZFoJgIRJt+1gH8GTfWL4fecpxv7l3VD32eo14mUIvIl
9EIGinr0iE5jz2sJNLEk+9TQL4oWA2khr1AOsw0+Pq6ju8BYKG9ImM/pUpCX0g+s
YUwkB0pwWpldcrEiWgVg8NfuQ4hGBBARAgAGBQJQ5IvuAAoJECH5xbz3apv1JV0A
nR1zsfcDOhe0eA6LzDCUvkj+GTZmAJ9OdU37HRmxpokcL1YT2vU8fYItmYicBBAB
AgAGBQJQ5Zm8AAoJEM8etQMiMnoB1VUD/2Ee+hUtbUiVsrCTtgyxMh3GYHxSRlsR
DmZ3Ic49V3fPmadCRDpw1I6iKLgeg3qCB/Fg+1pvZ4E09a2knr02wVybe1hvRVsN
6QZnDa5Sp7SYoMj+PGAj1Jv2JcTggBxBpFeHFOElZi0Sc0J8TjzsLWph/SYbiwSr
GGz3QCya5dP/iEYEEBECAAYFAlDl9uwACgkQCaeiStHlggfR0wCeORnxx6UraAW0
VEphoedU+22CyVcAn1QWbw6Bgktk3+UIN4vzW6YQbGpHiJwEEAECAAYFAlDl+9EA
CgkQXx7Ib4gMnlUD3QP/fan4d5+L3LVrOkAtmQovwZqpB6+fOy671RO3SaE1+lr4
/twHmKGC1h8jVZzkqRVRQ3tBPvG9lPlweUN9wA2+jpoe8LaqJ2hClDw1gP3EPz0U
lIfJAoeZQOpbTY4DWUFy/vxnHcpQh5H+aJDlhKzSB4E/C/le9ViOzzqPRh4K29yI
RgQQEQIABgUCUOcGZAAKCRDEsQeYhXlqI/CyAJ9WHdCZwVdeFcgjVqv42sy+7d14
XgCfd2c4qU9ZacQmoZDSU7P5kIrf8xuJASIEEwECAAwFAlDnimMFgweGH4AACgkQ
dZbk85mBCRgEyAf+LgY3QOdXa/9YDdbZXvBQ4myyJH6LD8OnFglI/u1gz/yP5ngm
SeWsODQAm4UzYQxc4fDHDnmVjpTyqyoY70gO9zsMg3eociDtaEi4/J7ZQRlvI5cu
PFreqLe9CivEzSFsuBYsNRmkxsQHAUg59wqhaefjul94RtWLhUXu20Er3CfE4B7I
AXK4ncWgySyCtWxtK2SygOaxKY/enGqtVC2a/ZecB7o1KJ3ghx1w9CzXxRyEtmtT
qaQpoGs40sshQgY9EDUApFU/cXIZmMlmcFEtL8e9R9pptY7FdoeuINwB8nS7epxy
kavIjSW30ALAshGpXrTHWxnOipzey8pbtOrL4okCHAQQAQIABgUCUOlleQAKCRBQ
g+yIQOhvcYDlD/4v2PjuxnM53WVDOABTkxax2dPQ94ErEf01cAr4SZ4UE0j8pH03
WKKCDGnE+xkX0N9NworDEpkyGAjbTxbpidOWC4r1P526Nhhr+B/4yiybyXg5oR5F
rAQaxdj5dvk3HUSfUoqAaag9P6w/wBEIQcRvZ5L+2eTBYwrsHaRfDoP6ce6fmJic
veYhYDQ3qxx6l3qeRwchTKLEdy0jLdbZl1AFNLRQGU4XOFM3UxKTk4XofEdEK8B0
L83NjsE1S9IJleQiNM41fNte0SXTJ8J//SGRnKAyMtlclanX2KazTPKGu69pZQRY
om9xH7vJZIRv0pCjQbEc9Caw/mvSNlQWJ5589cLVfaWrQpSmzf6oAoVyzhC4tiWw
s2FmfzUYvvSKX1dpVMWIkYyCLyS7E+px6zFy1e77Pc+uhmAsNDgfTTfwJbBoLAFQ
42f/5mqKhQktiplM6ZzMNB49zwjsFK9Vt1OA9ggHtvo/LzAIoMnQUvijObnE3/+a
PUNKAaqggVJUQgK2htPjyAkUIq1HQ35WzvpaTUn7ADBezTo6Zhl9UbKW9+IuCmwN
w4ZFhhKC5VsWSVZGFVMwRNilSXpyPVYAWkkrEiNreLW7R/OwXUqA3fvK4lFRWpVV
AEcmL5Cygmrv+0SMUgJrymf/HSl6/JVNP0GMZ5l8WvKZ4usxsc0Yt+gjTrkBDQRQ
5IhOAQgAxmVBSjFMrpl+oMm7SG97BeBG/ApRkWyzHoYLXSWoq/lpYWZUyfRxPyvV
kMEnVSerTMfiq80yX/8niFm7SezXBzCFwxjt5d6v1BIs0p1qnEmN6ze9i1wz26fT
Eix+qtFewBbE31+bxCOxFQoIaCGWrR7gq7clNfkLKRjBbJcb/vkPc0S6l5+xaM/j
Zt19a4uBDzy6DfFOjJ/ZWzKCioqPeswJrElszGqB3Wvwip1iOA4Ec379s8mSCzqq
PoQ98jIhqW/vD6eHDdzkEdQJZKwzSVgClHcLehQMCtsGChf+cxCgFQSf+7ZOyu+Y
YbIK06IC/lJG7LGBWOd28+LqKAXamQARAQABiQEfBBgBAgAJBQJQ5IhOAhsMAAoJ
ED1osl1SB8rT698H/Ap1PMyHWdDZxIP7PkJKAGuXjSE3JAw+dNh3vaxF24NFBUvj
J6F5UwZiegCAIatKVF15SycuIDT6TG1NBQPD8Udp5w0lK+sZH0ViZGs5hNggBdiR
uv6yMpaPf6IbO6Of0OInrcni9UQVt1G6o7MseZBnxejuPX0E6CMbB578XfSrdliI
jwcHNo5TEc0IjPw4qpUYRd/cWlo8Cprqu7I6LTDUdXOl01peaGqkGhyUgoY83JyS
xIhNOUZG9qZ7p7MTpngmXX8brCg4ivylPLveAsbhgLLlRQO1ME/j4zyBvM5vWEPB
x4XQOkQ96TXgQoe/dvARKuUcAQl7RvZOIZcBTPs=
=kpXE
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 2048 CEEEF43B 2011-12-14 ------- RSA Sign & Encrypt
fingerprint: CA7A 8F39 A241 9FFF B0A9 AB27 8E5A E9FB CEEE F43B
uid Sendmail Signing Key/2012 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (OpenBSD)
mQENBE7pIE8BCACutGAvfg9rwfaVBRb6EKjcWABZUFsLt1yF+hzrhR6llVVAv/P9
aYiSwJHYUSu/GfZ53HL12NhowhhmjkFt4MeIo67gmVmxlTkMVXrb+TROqr67f3H8
pM/vCKMnc9iCBNXgv0QjeM4qr8gz+TIroxq3ip3RNcZXOMvSOEmflK3Ts56vhnMK
nzWMlfIhKXmXG6o57Qb6pwYLcT9Sp1rrJaal/GnkwEScDmFv90jBIk/RWVao1NAG
8sJruv4kLUTRwwddvd954/cC6S/3F3VNxisVXNEagNTaedTc+pBVXWv9yn2P4Jvm
gSYzrvq3QP8PH8hJdtiWvgOnm2YkrZ+Xz37TABEBAAG0MVNlbmRtYWlsIFNpZ25p
bmcgS2V5LzIwMTIgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATkEEwECACMFAk7p
IE8CGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCOWun7zu70O4MSCACN
dAjK+prDB6YdIQZdjn1rV0Ba8pWX0PSv2HY7wlduBlec5HOV1s0Yram6yOQwv6Uj
Ns/3t/7+ikA5/HpvSHo5uuxKLjL+duprCUSQko8XlLVZCiKjpFyD/ZFsCBlbaVCc
u2OjjJ2Kg1FRwijIJdZfers4fbm9Aa+gLcMqdtmSa+gI7mkpEJJWIz3rPHbIcYPe
Hy2wMSSpk3eSQtU5JzA18vUhdVujzwcRvs925JOT6g3VZ7Qhf53QSo7IaoPPPEVT
g3BW3iQKaXz94k4EDhODBL3g2Q7zYOhxceNnL23vNxs+yWPcyg645nrcsfcK9osM
sHxlsh0zLl8dm6HnkUAxiQEcBBABAgAGBQJO6SCWAAoJEDmkx32peISwEUkH+wXg
N4/NlcKJwRgmXRqiiADEI8L3otyWI/v2Yp/8nFCyxzhSH8p+4ggDNDgngPHJuV5l
WGQuGr+UbqDAicIOPeyKD2/EAUFm41aN8ATN/KlAhxeW7iK4LxPWUlPLkfQu1Gng
dj0vzaYMR7v5B8y3bg0yJCo3PlHIkWmYhEJmv5xajKLMpz3+K6igrjH8GzUfoMp3
Q6VrIdvVd+E6/wm/qZw3xu0bXclip/YYDxOLvKF/vpVfiHiLpI3lBoGQig1keHOw
0TD0ol3WwifqarwlMWdaLQCH41CnjMT01mkHd2ew78dAlfNkW4OiHxJd0AcQrqAO
WgxFMOX9JowFlIeCjoSJARwEEAECAAYFAk7pIK8ACgkQYE378oVBCr4dwAf9GOKz
d1CAGJgKtu3crfUvS6xBd66pFpsnGOm6xwjG+QSTIIRayev5i50LcYUr2LU0unnS
ZsSwYQiZ27wC2l3Y4WFVSrViif1x4CoDSM9CGleh8FBdctzeUU9huQmBHftq0Q3j
WzZSBoiDJBGT/Ug1rKiyN5J5eAufGIkSS/WQGvJaBirL0QtGBWSeHhTjpMKGp/ox
dJ+zvT2ZsHxsCROaA64jceNQOt+jrTGt043ABxdUaF2Pqr4CC7myRIhrVWlkPfs0
V1N3SSQJsx8MgWUD5OeJLuQ10HjZ0GgYvofOo+ysG8/SEz3ltwvDwJwkrGsjM8y0
DFcqosySncFHOcijC4icBBABAgAGBQJO6SC0AAoJEBKJbpunfyQpqX0EAJH2pzz0
Vp5gGBVhyuJ5NKQe8rC7m6oj4p/2OAVee/+6/3YEA8v6J43iuuoIMhNH8nHGJxhJ
Xmh5Ho3RVgZE+G/Vyr63JwMZ/tMwaUX+Deh5czKW60A/bpX+CFAU7caqBZhbjNoq
yVdN/3f356xIJk0CXgCfkYywRg+h+KtwD1xciJwEEAECAAYFAk7pILgACgkQ2Krw
yvazBykUTAP/R4bhldibVY/6Q8ctxCA3DEnBK0d6qeA1kFydee3cu0fgBqrh70C0
XFJIhuHW/bdkJdh41XYVWACANBY+1Uvt4GyoE+DB9Z779i2P4JG/bpl67D7/bjLg
gLuO8zze0NiKlylEWPtO5o1CFGi0O13HbzjF1UxY16OdnKPK1KJA2ZOInAQQAQIA
BgUCTukguwAKCRCXQwEYcJO4QctmA/0RRMOn5GA88kp70hF29HLMgB5zAw3ZjMC2
p/pC/SiuPSzh9n8Fkode3qCeQ8Fm7z3UVrywV3373litYMcl+TG6Q3c14qo0BDIT
H6EZUjP4Msoo2fAkMM6XrBdyLYSCKilJGsqDS25Ox2BuJGKIbMHFnJy4SR5rrIAB
J1c/PIqNO4icBBABAgAGBQJO6SC/AAoJEB57s8ivlZYlILcD/j9DxcUcJbDeFDxj
KsuQpN2cWU+KItF6hPWgP+n4VXokPzCWQOxKZ72BoERukQB0zVuogUbFrDwPIVjp
bNK+n9A/CC+FvfBkm4nMBpnZRFRRaafcT3IwiqmWa21/hzvDqZI50NwBn7ev57sM
rCtg4n5uiNejGwwTQCgff48bd7aZiJwEEAECAAYFAk7pIMQACgkQcKAkTR75klE/
8gP9G7BjyxYUDg+2F+GrLQGZEq8ijpMK930o3Vc8O33zhZFQqqCuUX3RRvHSDzqL
JI/7J5xIiAjWVo/8QyP7HKScLTiBV0r1iB6JTjVy/Y73GvInTi6y6jrlfpqg4lTw
b375/8ijdG9uCH6go5F0PH1vPI+ibrwgLVgpx552edzRbkaInAQQAQIABgUCTukg
xwAKCRDI1e0plfYXcVQYA/4svozwEiTmCvNGr22IOMqL1vr12sgzymIeISzjAXeR
9/kxwyi9Ah5UX4orLwQqXzOB7IZ+SEN4WRo6dCO8QzMG6alx2A+gU/14j0jvPhxk
jCtO+CBMoMc9lQ0yEpz0XIcO/FGJX3RUex8L4/mYyP4LTijseU8D8F3kqry/Iaxc
qYicBBABAgAGBQJO6SDKAAoJECGD4bE5bweJAhoEAJYXG6BkWixVK8XZw6oNIs/b
48oumiCgHxErlaT64QLQ/7qknzmJ+nF3VvkqHqxk0u+zQRf2+oOQlgAnFxwTBvAm
E5Zf3bzqOGcq2aKyQpyaOi40+lIZTV3mpjB4fRtWCiF52TVdh8dtZ156CkjpOupb
g7sKqV0h79X+x1FhiukYiJwEEAECAAYFAk7pINYACgkQiWliuGeMCgOx7wP9GXqz
C9Q2JhgNA/jig8SqtIn2EVHqtvNv5OYuxrgh6Xiy/5ZoBfghDfZP46cffsSUFrI6
QI17QEg9t0rUIdipXRn7S7sUfz99lKGqKMszCqvECdnfuwnsYBO73XF89MDgIAH8
Clm06seRjSPwqxOY2BU9egBHsWg7sIEqbQCGY1iInAQQAQIABgUCTukg2QAKCRA4
IttHzDdPLfRuA/40Mk8Q6uw8IfWxNZh9q/tOMIo2Qzy0QIpTx5CyuuzlA9qUgZ8f
NpT9S7z78WLj+TuWoHrtFVRZaDkbMafT9VLDMPdveI62FI2z2mCaBHFGr3kOPo04
xrRvwgdMCgbm/63fJl5264xfjS3b/iuNGAgOOcMPnV4WWdhBTmtTUXHVMoicBBAB
AgAGBQJO6SDcAAoJEJwcveLjXFY1bVsD/1FkSDWMeet7ZGjLplUHbyudbTqqq2Lk
tpBhOHANXvffJSLHVIcPiEIkUCtyCW1jsAWbNH5th/e08aNjNuHnA9sfoG+stlNc
9pAyd2c8MMXpe4DP1osggEKLSCJf7u3xU7SUsM86n5r9s4pNiZldWmMqYKkWOtyk
6HOWyaVeK7k4iJwEEAECAAYFAk7pIN8ACgkQb1KT2KObplUSQAQAqcAwuZnx+uZW
pKiT/FYUs/vCC3XFrnJ0iK/Sv6ScQiDZ8cdTk96ipCSEpV1i7iaTDK5PhpNhP9p6
HQgyWme/w0I3s4g//3SYH9fmSAjm9m/U8v3tJjs/mRQIr3HUXck3K7oC71jANnhH
A0xlM2eT76EvN0ShnuZ0Ph5GL4umk/aInAQQAQIABgUCTukg4wAKCRDvWJZk1DLh
nSDQA/9pE5yzmw/S5hPN2n1u8CpWtyi1cDT0rmEe5Oc2cmcgNj++rMi6hOtUKnoM
y1A3GTkLiVnx9BhOAW4xGANRBTsuPfM7QOxBZKmDSsiH4Mgy+olbfW55Kgj1R4jF
bFOj8vDrS6toBUeFDA0WB6kHCjhhkE+xLypYN+xTQGrTeLsMKoicBBABAgAGBQJO
6SDmAAoJEMGcHSUS00YdIqYD/2mady6csrrS2myjDkom+r5P/LvA8fsGI5MyCRhQ
Rv1eRL0QFgbnl0dWw4Q1AKAl3XB9GTYssWk7orbgxrO+4ciWIjC2Btnkq1hZtc5C
boXvQXbX5vzW7xat7twh2lkhUi46x+qrIHrQ3vR3D9EbsuPDlxDqTg4v/u39xmFo
yFabiJwEEAECAAYFAk7pIOkACgkQwCnKQBb0zOlxWwP/SNfpUlVER1Rj2uoy24J/
7k26lBxc84uqVRq+fowz7EYB/knQ+aL40AUsypXpSnJesDjAmx2Eyuz2nBuFjws7
UZt8v6ALFJbLP3MFrfeM/mD2hijGOeVuGsord4OaAZ/9isuToMZijcOW2Fgdyc7c
HYPikO6FtNswXuKea2e4numIRgQQEQIABgUCTuo/DwAKCRAY9QOAJMJ4Amt/AKDv
QsB9bhJOfhCzMonD4LYq3bpmHgCgoW9RYrPyb7iSD1tHx0hM4n0sA6CInAQQAQIA
BgUCTuo/FgAKCRB8S2dtoA4VY0gwA/9LI9Kf/eXItmItIoCO51KmeG3w+twehwUp
Mgc3RI5hxF0J11nSRInuwKS5hC6jO8QnpWMjrL57JmwK+VTjJje+zjigt3tJVO+Q
rFdOE5Atla4yChjsXn++ffEI92ZFIhalYEEs5bWzOrBjcOQOkkZz84G3rHRbG49d
m2N8iY9ndoicBBABAgAGBQJO6j8aAAoJENbgof5PvirdNqgEAK2oImfkowMelxfb
WTLvHx2yX0vN56fpLgjAsZIcLKUJ8N9fm95vpG0Zz2J/KyXphTlcsJO/Hm+oHeos
7mx/9MjXsO+tmDmU7kI+0PFxWmucZR6wBoMbPmZtuC/GqIk9wFeKGtkEgr2+En10
hChgGqIvE5LsmlVfaD2R8jFNs2jOiEYEEBECAAYFAk7qPx8ACgkQIfnFvPdqm/U5
AgCgxe+sFly6JTaO1N2EwjLVxI8ErvYAnAj8lhOAkBEqnzVpeSt8mNw+sywFiEYE
EBECAAYFAk7qTvMACgkQCaeiStHlggd6IgCcCK5KjbY2e72mtDMne6VQwr2F/sAA
n3hBsophnhJjLGxEfblJc0XihWcriJwEEAECAAYFAk7qXhgACgkQzx61AyIyegE+
+gP/blnJpgybp/4Swsrfqw5jnBzFzyvyOkQ2stAtmyCiEYJLhDQDZIYIc5viy4ay
i5D6f4yAUUaA5/V4dWGv1aEDiO27GU5tzUuUnBmzz6KJcAN0kmkiSG4eMwdAcspI
zZbGI16OpZVhO2N762Qfhf9yi6VQy7v5/b7FCqoHP1uAG3iInAQQAQIABgUCTutf
5gAKCRBfHshviAyeVTu8A/9rWm+tqZTM2Nb5lWh4H8XAYXH24TdXY3dWpEIFYy8r
vudLF/RhIx6UzMwMDiN7NEnb93ota78HQf6uRVIHBkCR8oHzhR7TCrSEC59IKGXL
IONCbF9IQOR+Yc0rT/Gz3lN53flSorhs6LIfXDLiiGmlOi13BIEhDbJ2f1ZZyiR5
gYkCHAQQAQIABgUCTuyeYAAKCRBQg+yIQOhvcUvTD/9RagF2zavJM9PX2aQ6C/s7
BcjF77n1Vt++H4NJ6wpAkVxlfY1v+y8b21F668R9DhFYNLepSvrasDgc8XAdnn9H
l/Mn66YVFyUDOYoTr96b/zk+GnBYPcFso/XkIBgmSOfNNs6n0WweR8QfDY4q0yHT
2nUSUGre0Hxs4awA1/dMHlAumSS4p7nqc7+q3b7LXKaxqGUVoShsokoYF+bsj1X+
dI7c9R3kt2LmVtof0POn1P9sNf/FZrE/eKDYP8wYyJhhonMZAnlbWHxxMJJevXdQ
Bk6HF9UMx7R7a0cctZJQ013BIejGLZmR7kPZhLAyQabp6ILqJzNO3W+ckk+y6Z6/
sqnC9bSEw21TDgk3q4+1wD/0Dqt+pddRtNyag1Ru3zFRYS6ok6g6smlrp/RVbpVg
cdXWps39LX7+UI8XoUyNQgxIYQ2xd0eMpFtFrgLAllIU7cCpD6w7Q7B+/C4ZwjCn
/Yt5jAtMsOJ121kfuUIAC4vnNwRYn0iGmkN86Ti7PSdR4rbn/5SpIU/FUUYwFNln
Jwy0As/+DhuBXmtEdb/AMvI2n3P1rrTvcEYycfCqAXGNO98i8jCSVOzjml3PTQfz
chhe8F74q/L3iOzFaS7FC2t/bZ9FaCWYJzMH6blSZ+yPK5x5KxedfQJo32c1oXnM
N7BO+MXyq4iTddCaRuIIYohGBBARAgAGBQJO6l4HAAoJEDEZgFHPGk0sYBMAoPhW
UodY6dFC+jbfua4wCm0SDxibAJ9cH0ocPU84mrTJUls6/05f5wKhiYkCHAQQAQIA
BgUCTvCQGAAKCRBvD514lfyZ1JLkEACODPksw2LebOLPjzqnEihvaf4FUHwSKYQ6
VSn6ojZdNz2L1FJK1qTBEsFXfmqe5GiweVKk1N+AeTHFYXKoSmBfU4SgAOT3Q6ti
UHtyKuJhhzANUe0RjFT/LA1c2fOZrJYWkavqusA1nmOy6/AeCMjg44QIiSEF5ALJ
UYZp4npkU8nzAatdzMMVseKEDqKrUfSe+YC9N/P6yCxLdYYidlyg4MYsNBT+f4kl
mpJJk+RVi3AHKH5a+QShFJZMfHD6/rd2yOEq2DFAIO/wPIi4Emq1O96g4FBfwD9r
6FyTqiNcz8Y1SJsVa+1ScSDBlM5JcOWKj+JCoox6a5qjyr34i4o/TNOesEVtXVVw
bvSoikA2sQb5aVVTw0r0rGTy2V5ksN8rTXD8n5mGOKSVwQ88crHUI2JZkXapvWp3
/jmwHUhjCZxBnOUUtnsILV7gB8ohCxLaTu2pt1obbHH8DPZ3kHBA6rrmyvyBM22U
Xmx92/XjbtrTHGUzdzGrxrxZHISwaFtneVCCAHhTYgESzwNZr61rA6DrCn3mRR9N
JuwZvhC0u42kGkC2ulEoAu/OgFjarmu/6dbgwYfvLAi3y7BAL+otrjjq5cJB8oQj
C80N1LqLuWfsatMOlgk1annhh/i5RdXiOmlg1WbW9zh9jRM1Sha7d7BlkoJ2LJzQ
ySc/sELhHIkBIgQTAQIADAUCTwWTigWDB4YfgAAKCRDvHmkz/z+rnHJyCACaELza
3TxkZtLhZlJxxorWt/AHZS2Uui5BRU36+A7plALIdgIqH7cah47EK/kG/AJH9uiX
Zd0cBM/QaigfSBVPdk+s9WBn1A9c7zAbUG5/VbR975g5txMhA5SC4LTVRIsw0Lau
tFHnlWSXs3ga/11oxEsOvplayFeNDDlZHo7bqNsKmL7PjbAqKola3zSy+/ARIQ4P
UpDEyAgUp/OAP0qZarzCQnZY884dzXcXMbaoyyYa8D2cDrrHFDAh5nlcv0jpRvGK
ze6i1ONwoW77QajoaJaRE3DPSG3LahFSeZassN4540cA7r6oS3q1fUkL6yfbFbN2
8tTIWWWkYsFtZT0TuQENBE7pIE8BCADSaPflswYkibLPKss2XiKNpvBF66rDLuv7
Y2dIRic38H0gVjBeFbGowesobgnKgTIe+zFtAzS1tw170Gp5osZNg1fLhXZezA02
wbBuPZ7QIh1/Kxum9mP1uiB7ZYx3cu48zB3Ajf3GjGdsn7o92gXx1P+y71N6QZ1g
PtK2Wi871zT+J236LZUPhHfdG9zxsYKcGbPHWDI7iVlIl3/IU1kmQAjX74hbdLMN
erE5kEHfYqwQRBXUx299e4kjYWmPQcQqCOiWve016KwyJ19FzYcJM3PbRf/UO0aX
+KoYEkQqDqj4UHJpL9V5/8I6evI5Bx6I+e0GC4RxXyYN+2XL+MHFABEBAAGJAR8E
GAECAAkFAk7pIE8CGwwACgkQjlrp+87u9DsU7ggAkJ24CSgtqc2pWnQFGHAiyFHS
iYfaGQbg1evtI7nLtk4Wyskabu3FRQRyFGxOUSoBx9H6MlBlbxjRrQljKU7b6WCy
DSUcKW6IfcvKP5NXqArDnnBf1J454DRzip33CW3vKUROvgWPcxi+2wdj2yXcqM23
nG/2klg4JJHEsvKH89fuu5wMf/gE/7opVpxm3G2tQw51rb0oNyCrReDHUnlvnWsZ
+7BKywQ6vFb9LrCWmnwuqOLkFqNQo4XB0HcHjGa3AY4+y/RXNuWNcL886FwD6R5G
qrpfZZmSAqWA5sdTeBXeJTOCvPrRgvDQod1kpyVNQHn0VFR4dT8XDGk2TBgmtA==
=qHzF
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 2048 A97884B0 2011-01-04 ------- RSA Sign & Encrypt
fingerprint: 5872 6218 A913 400D E660 3601 39A4 C77D A978 84B0
uid Sendmail Signing Key/2011 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (OpenBSD)
mQENBE0ios4BCAC0mjr+Fljl/LRvhI3sI29bM146dWJFr+oJVTHuafDuKQS5ICeU
89LewVL6Pjp8RureijfbqZC51Z2v5v6GxAizr/LlD9FohjQXiAaA1vgPChBdzvLg
4TzEVnQOGFuDUnuucQH82I7ysQkK7z1GpFkofKHHgwmcfFpOiRLoUR7YVP7yDpfv
Zx3EPvRoFtR22kWlhms49J7zgRpXUCH9ggrtcl1QCXkPOlZ+VspUPrZaZEZy8RTA
3W5l0yhnGVgnJHBfOo2svFurukQ7LAU4U6yCG5AFogcD3sgEvuFAkmWBJZ2rnOBn
yCL658zfAJlmrni8kLQp6yBuEsUrT6jdRgRBABEBAAG0MVNlbmRtYWlsIFNpZ25p
bmcgS2V5LzIwMTEgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATkEEwECACMFAk0i
os4CGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRA5pMd9qXiEsHIXB/0S
PFGPpoJzQqcEUHZ8w21mJOhoB6eO3GYRXBBLODQbu3x5qMXgTXT2fZgsSO5zkKBD
QCm4lMns+cJCds1+ggAZLywNM1SUvctXJYIaHnSLEnEbxIgRMM+HdULlJn3xgT6w
HUVZhzjamXOLospz5BfIXx9NynvjxvjcZ/NI8Cas1WFPvP+89fT+VCzLw0eC1bAo
puv2CA384i7pqeCvw13taksA0QnpHeN9c2xjWA6LTbLBrDLoTkfxvas0H9WzgNTF
DpzSuIHyDFonrkSvdgyOCIUYWJ0qkzDYnJzaOd7ku+4YjcF1bw5FhbvXAvcBY8OA
Ilr9WaR2TGj7//OylOjNiQEcBBABAgAGBQJNIqNLAAoJEGBN+/KFQQq+gDEH/i7x
aOd7L+QV5rIYyujJdirVoO/9s1+YJkKmFAKltUPcj8vOulQrxjK1E4Wul1qzMclr
TpZnIb9lyoqIKlGFwx345iHFhDHdWeGFxMxeQBopyOmAZcfMIX2C22+EYGNZNUsO
xVxpNV0CzKTdbfPHmBFSbA4lWnkyFxZsTR0GmGXRluwc1kT3i98QJbqNudKzUSU4
f0+3Uda3xrnLtmChSEc57PRSDV4jHdILxORcuHh3xi50y0J3JJ2Yj0utNZ/W2KWX
guO0WSaNxv7lcKv5ilTWA5WWRt42SZfHlTiBJVpWydRBTZQGJLR6GTWpMoMs5jwP
9BGlbcR9J5+wmOFT9BmInAQQAQIABgUCTSKjbwAKCRASiW6bp38kKRGJBAC+VwW2
/kXhV70FPyny4RErQDtyovkyS4rqFLdTNWNu80xbgEZJZY9ZcxT8YLjePsPmDZ0R
d4omumo5M35/gAastE5UMC4JCFM4v/iUUZwm5LRQNn0UtSKsSdHf32OqJx0FBr5k
GAe9LAd6gIqkPMw4AaK5H+C3H9VbR4sWHr3AEYicBBABAgAGBQJNIqN3AAoJENiq
8Mr2swcpK94D/A30eBH+qNleOIlwocxV+Fu7g6rvIPdULeYSNLhi/cuXUzo0HREs
FowErSD9gSabBkHbAUUhz8gBIXBATUKDgPfoqUqzYZmWRz15jgbKv2vVF36v6uuj
C/xgVZJsgw5uaZkJM5TI7FCEIs8EfjtPGD3AG1zBYw1+cmls6x+sq6tsiJwEEAEC
AAYFAk0io40ACgkQl0MBGHCTuEEeRwP/eaawZ80/BoQLdlgz6nNsIhomtFZSPhMS
/AFMo+cd4G777R1VJijNiD2ou3/2QbcPfu8OPENFYMLAOcYxYTzCL7XgSWkMxAmF
l2S1/xNUIteUwReoWpp/TZfCaTyro1VrX5pbTf3EYRlkF1qStBwmFfwSIZazhabi
XjlG/rDXL4WInAQQAQIABgUCTSKjlwAKCRAee7PIr5WWJfQsBACcJNvwXwHZVaf3
+7f2wvqk1HxQk/3x2A/kMBSl1KuWFHV/WGu7Abj8hrjdrBffeCo27TpOhNt5946X
dwBLl4LYNL2Ogi8lH4nR1DsLTcJKICzxveFN1pRafd7+raVqsg/pIVQnagjxbuTa
6ClKEqGnF23kfnjMmlkQgQqupXh6kYicBBABAgAGBQJNIqOfAAoJEHCgJE0e+ZJR
RKYD/17M7wr4tyR+cO1vEJWftFbVCuyKnlUGH4yqjvZhFI0G3NhGnHcjXtl5Tntu
6gUOzObitN1vL/n0BYOPX4ppQ52Ocv6I87geOXC9EDREy5fJU8kX9lGkDRwWJEcg
i88ap0L/8Z3ihtr73hKZp3V6zfBIKdR/RfxxjV3xe5AevuooiJwEEAECAAYFAk0i
o6YACgkQyNXtKZX2F3G35wQApLZxcOkchrNplG4YJMucVcPFyNzeUFL6yhV6PMIQ
Vz8/ktBYF3LK2QQBxIFBEINF8EslKZ7LSfiFTSvsAxb8OiXGV23qHnglfN2zLFrA
CR9wvZ7jtDHHFfhHoDN8d9PA2LQR7M9qJzf1ltTaSETm9bSEZ/wC+VHvw+EVQU2S
OlSInAQQAQIABgUCTSKjrgAKCRAhg+GxOW8HiYOzBACR7nqyHOXspyNy0k2iKkEN
yAaorX32AecPpwyee7G2+QLxbK8jGGcmh5NR/GUx3ZbdKroyMZHK6OrQi42NwC7Q
n9xnzzgUgSdKRwnsA1IyP7DpiBSXMdk0kCc6UJy2L9fanHbamAe0oSZAACt9ePYD
jjq4Jmf25ObWv16Hyv83N4icBBABAgAGBQJNIqPIAAoJEIlpYrhnjAoDa9sD/inn
1dFkBlDPlPtGwHbw3+qCk8y6h3HpZubae7FxdE1pzsh/G00pB7Wy5K/EHL3MKlul
TxtetwQhSrYBmsPD5t3BhDKIyU2MQuec8dbJw/O1/7xGYmG1O4gGwq9vM4C2g+wz
atMl2pQnmi9DhhxFTwxhTgeorQ7nXrTclbuaqyLSiJwEEAECAAYFAk0io9EACgkQ
OCLbR8w3Ty1JCgQAjkZe0O9GZko22lkc7/3eql8zKwBx3Fpugt1NZ9nyOxeS2WpO
FfuiAiruA+p1L7b/dC60BUu+z6pgGIs05vIvPzzqjxnPBhqeYwWeW3ABa4JMVDi1
RkR4TK6PsEj6IE7ZatzqiPST/GNRrjvpqtNyLsEbybPdY13hZSmxb780d1mInAQQ
AQIABgUCTSKj2gAKCRCcHL3i41xWNXseA/93476LuPukf9rKz9hvf88HrK5O0YPc
jG/CU2nFLhRbo5gkGFyf7540pODGBaCHyqwT46etzVY+WtZ1fETN0ALIJwoXkbwM
QE637pwnCLUO6ZTixa6CwceWXXAIc5/hiuQn0uKL8x4kHUcMUZqggYvqrjG1ZEDG
ZCVuTes1yhalDYicBBABAgAGBQJNIqPnAAoJEG9Sk9ijm6ZVpFYD/1OyjV5+9N/2
rGbKcfaDXqTM0cvBjs1vBvFJfmDCy3fcOv590SboiCwY6dt5Sd6eRruY4FaTnosI
V4MZZnvMq1W3KfbT6fvcli/hgTKwYfJM7Mj+Tdp3uOGXN1u+cvKEfY3YHwDb4NAc
G3jPSslu1nrZq84bsokhnE+en8du7mKPiJwEEAECAAYFAk0io+8ACgkQ71iWZNQy
4Z1jiQP8CdqzrpIpNuKOs1nVcMsX+T1ZdiNbqbPYbjhQx7isUoaarDk/tQZZGxDE
dEXayRuNobRzQXltAKOhBrXlN2yFP9d9BR1y8B3dVBO9vsThuQ1BtMrtLrAL5In9
4RyAvpuKcOhWnf9kJLis2MGghhIllJMuXOFeyujE3A4HSHFqGDWInAQQAQIABgUC
TSKj+gAKCRDBnB0lEtNGHaOHA/4+zClhAJappAYqATHLCs8mgzYa0/9RvI+e6iV8
OD8/BOJl4DnHya0ijX7Kt78VJymcmdXge1ypBnq4D2b/vTo18asDfzysPhAmPoCK
FTlerV9xV/TW/QBZ7EkPW3BwOQW7LYnFd/NnoiX4z+KWh9FwOVWlXPz8xKgBgX3V
yoz3l4icBBABAgAGBQJNIqQhAAoJEMApykAW9MzppmsD/1HonMTzk4X9qvhvaLTU
/OKvOzxIdX6b/62DA0WZxN3Duyh2S8OLZzryI9SASesk5vgb2uSMC3dVCwOcfsiz
QWqStOLG5eyYJh0/iiRZ2K4YM/FrFBo3+AmQ2IeL3qRftBWGyIf11l1ZFS3Uzp8t
uzIxUFcQU2bJpy7GjHcq989qiJwEEAECAAYFAk0ipIwACgkQvdqP1j/qff3gwwP/
WTAZ3r8UYbMoIN+ES8A9xLvUZRh/aT7TtiFCLxmJXIk3e+XKHw57DO3WUgZEo99d
PYNm/Q3tTqT+fj1rIDH9VdxhiSVw2lq/7qoIoYFb1fyCtuMQ+27jF/AFqbkDQJYx
gcnalClseYEsA9+GYKYfY0UAQePuDuWBMSPMkM+m+e+InAQQAQIABgUCTSKkqgAK
CRB8S2dtoA4VY+t1A/922nF4Apuc162UVBiP+v67PeXLgekdkjqlDACxqqgWWerW
6e41VaznDZjIGx76pQSbguCq7XbQXkiqO3E7bHcbjC8OEZ1Glju13GZG3heaoc23
4n5pNctLmBWSdrp/4RCaf1BAgZ0UAYPO9fR7ZJyenp3vID8vwKTufoy0nR8/MIic
BBABAgAGBQJNIqS6AAoJENbgof5PvirdRDID/39vOWdqbvu17vX2n3GBI4RYseA2
1pmvDqvzQcLLDJAXr1auTY7uiotYlXA8qPd4KTy0hCcj2r+7lZMhY1mCumG/0Sp+
CahRkvUk/rVgWLeK0WGEsCV4IcayKc6ARJVKW+JHUNc1eAScMDAlMOyg0cNtQeDA
huCt6hxL1YGTPpPSiJwEEAECAAYFAk0on/MACgkQzx61AyIyegHYdAP/c4bKqid9
lK7ciLbuo7RD0ZngCy+mE+xI4EQV+5LEhFVrqT+fMzSlHKLZGbPPJ2yP1ksBJITw
cYh7wGN7Dc1xA5bnB0CtjUWYqGRcQoifbgetdee2AfRs0+RvnEo5FMJIBlJOPc2X
o5eDTxmoSrt7cxnh7PEZnbxZi1gp/wJ+E+iIRgQQEQIABgUCTTHB2wAKCRAJp6JK
0eWCBxuyAJkBu7Qu46EFKyVyC8eUFwLJkghR2gCdHQUS7eF9pXHFr6aN3J2VrGFe
mFiIRgQQEQIABgUCTTUNYgAKCRDCeBwaRrHv4ROhAJ99EeU9KWWDnd2RjCN7uex5
S6u3rQCeLUshZhe/NCehUnaaC8LJ1kwj/5yIRgQQEQIABgUCTTWM/AAKCRCWnNph
S7Y2S8bjAJ9bOB/fFGyPgTuwQIEakXITRILLgwCgvrjaVZagTRwQW2BM1uH+vk9j
yDuIRgQQEQIABgUCTUMwnwAKCRCiu/skDPlW91hCAJ0eizb5bxByUpXY0qsbcupw
H3kiBwCg1Yc7cur+Yz2dhPuRreaPk4QeVrWIRgQQEQIABgUCTUMxEgAKCRD7VAFa
+haI7RKlAKCGogTWoJdDbetwBdRpRJ72d9qUgACfUehPWCmq2A/mIaMFlPI+F3k3
Lk25AQ0ETSKizgEIALV2tE8RtEgC1fjw4zHrZVUChXKm1uVEkRkeoaASrAI4IiK+
qtgbNEzhLEQavQaIZECQLCaQb5qzvKLCEvuo5tClU+2P4/YjnikdBDFXUwHznSmd
N27SsX6gNoeX/ZwaEJUNpMd/v+/Gu9QmMBIFUhtXXZyeBBpCyi6CP5jw66KjjH1g
OXCQvSYJVlutIGtzvHolvQ2I+h6Ztwy9d7pFIVlr7EymFI+x0oI/i4UwF3FZPVWO
C1OZD7suXSre+eLzYXGBYyHkvGldhA/hvKLs3Z6udcirTMtX27xL6C5WKaCsuQPu
ZiYWxJ2A9UgP6zTuBzmAJ4XXKo7QgamAbxHT0sMAEQEAAYkBHwQYAQIACQUCTSKi
zgIbDAAKCRA5pMd9qXiEsI/1CACv83SSDOBt6HZcg7ucOZJ7Wkb5EJG6Mseh/K33
CFDwWgYa20YeUUzPWD3ZRKY4irNL3ipnB3tJUF4yaasTPpI0owpcdCkOhpDw9S7M
AOnUACuv3JIZ17892ZLjXalNGMY/23qPxbQIaAidNh02ouZ6Md+NUvgh22+oDa+v
kxTkXmKiBGFpqY2myzzPvg84TMTpRBU372CZpmjjHK8duObUr9I0iIbVzshdnWuR
MKGu+n4hSU3SIYl6xLsdBGpiDOQJ3C1YHIduhDrQlyAjDVEgzgw20DUxUzKIpn2b
KH6d5q94eHcPD56A4cYD275DIZzAYqRpwzmB9O845HrHAPmQ
=pDAG
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 2048 85410ABE 2010-02-19 ------- RSA Sign
fingerprint: B175 9644 5303 5DCE DD7B E919 604D FBF2 8541 0ABE
uid Sendmail Signing Key/2010 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (OpenBSD)
mQENBEt+6goBCAC95sVPzf4AWFmUklHO9yGBq6K135Tlt9JaX3frj6PCBjkLNn97
J5WDAoLqE9wB7WgiBzs2lu8OPZZcf+6syd97SojEze5bj2uv84DBv2juupbHEBys
9OH52QqYWG+1yuwAHY2gjKLYcvNgaOKLp5hoHZ2rakRc4a2ypLTPazsGFBO9/qBA
+v6qkP70/lOZeN9HX/yipbygAE+Y9elptW6ohvdGW8jbtllFqYFebB+lIaclkQnK
pldnQfktnJDB+XmLOc5m/1BsultlI5IH9HXCeskXxLcxXq+ldg+it1DgzxmHpHTK
dIhgOKY3MvTgxkcXiwIGcHBMnov6ESL1KaU5ABEBAAG0MVNlbmRtYWlsIFNpZ25p
bmcgS2V5LzIwMTAgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATkEEwECACMFAkt+
6goCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBgTfvyhUEKvi4qB/0T
Em3whttGoUrxdZd1gYKI9SY1/4dHOhD+xJQQgIoQSRpOEA7xQ6TTAYvG8sYdsF5K
9/lWjOTEy5w6wBcu4e9F7aO/TUzue/7p0c2UKJTrEOw4HsRrENfQHx1TAXudQHHn
5+PgBCQCSr36ktuSXnlOo2bGbZ4FUwNCu0ztmoEEca8ZgY6ciEXbva1kRj6Eumul
MkqtVYEAtjzdIga6M3xYuJlus+qi/uEj5kivtf2LUDxXpGE6XFrArum0za/URiW8
wxt5zBbTbne3tDr2yg6GC046+f1Wr02xWYapGyNRU6yrPciWOu0tpaxJ7CwEIMRq
6HzbSVdZkqOdSoZ3ufqYiJwEEAECAAYFAkt+6lkACgkQEolum6d/JClfWAP/VBVb
VYBQKV+NQyXl6ULJI91iIpEAR/T3nRoemGVPhbB8a7zRRkz1h4ou6VAMJeS4BxSC
fm2iOHCYMAOMSQ03VaEM2F13b8PtsGaKjuAwDf2pHARYbOj4DRCY0dUmwPXze3Tp
7S5ui/fk9t+NhQQa6IZHFkqdnQ+xZ88hhoF5slmInAQQAQIABgUCS37q1AAKCRDv
WJZk1DLhnTPYA/0VhRNooc2csxwvxBG6HiS8wp2k+kbGbbtlQ4JFg59p4EUnT2Ld
P9eUzFtj6fRkU/bZcIKgOn37M4GOXEoNvMT6NfmpTKeofg7hwp+pMdHlq4y9Em55
TSC+rK2g6rAaSxMvDzasBouQqfxirj3nBI65zVHK98Zaj9vrpWCVCBIoZoicBBAB
AgAGBQJLfurtAAoJEG9Sk9ijm6ZVjcoEAJdB5kzFWHsvf0u/Oe+LWQwowL5SjQ6W
uhKgTDJ5IqFbDlCT/V33mpLEC9us4wNRT6Bff5agInCKfcUXdJijExkEbDB9ErZc
WmZqtquxQJN3xH+fIoIorxjWD0RMPmMvwQRgjn/puXwichQP9PafTgd9YsQ3aWAU
DGvx1U8pkloCiJwEEAECAAYFAkt+6vIACgkQnBy94uNcVjWGswQAhqDOQ8Os3gOo
UAGm/Oju6t6JG4wxLyl7vlMZ2eQHAX8rJ99Q4kyJB9xR4uaZ42BwbPx3s25N67qb
6z/ZAMrtqsXuK90+WlwykxG1uq4FOznHU6QT7cyO48Yeoq2PO1kFgQuRESPCRxXV
8dmDgeoDQ0EDO1Ykm003AKCd0N7+n1CInAQQAQIABgUCS37q9wAKCRA4IttHzDdP
LXmrA/4r9bzS6YnAHE0MFzByA2uZq0HeyrHI/Q6ELzqeMjuu/CwKdki/8gzz6Zt3
KkXbqd9mPidsi/nqfUwQlqMHCFSRTyqw3FkGzQ/wk9fk4G+AF+5A//xGFIACHd54
a/1+k0iVM5GNQkrknltYps0TmW8priU1uzmzAHpsCh0e4xFDIYicBBABAgAGBQJL
fur9AAoJEIlpYrhnjAoD9mQD/0s7tHTX+Mzt7iwZzsAZEqoxSQS5dUAKK+j6GR5K
8/cWcdiDJwCABViIn+TT7/GDmTlA4EUKQzIMPDfuagqa1SPxKXgivUnfhmpJVAma
MUmZeGFQyfTBjp4qZ+Agk15Ulnz7arqmOmeAWSvdsJ/vCm44TCEDO1gIjLzgyOIc
ktU5iJwEEAECAAYFAkt+6wQACgkQIYPhsTlvB4lH8wQAyqIKclShWxxaXi6YpS/k
H+susHMVePzBPyEmv93UkSOj2bdMWuhVENPXlBn1UnFt0vKPOL+krF3+zIAjg6N6
zFlasBUL9p2HqRI35Sq4cn3S3Im4vZIPwWNYgtQY41Hc1Gx2pIxmKtIz+9+sUiTE
DGrTxnzUAohPaTzUVXPtWOuInAQQAQIABgUCS37rCgAKCRDI1e0plfYXcQXaA/9D
+sQJdEc1orgN/aTVGKkKoNyMmJhtNLECYIsfAYcE9lMGtymkkli0BrvrtNN1Co6P
qmR+oaZSmeyq0qNVdV8AnoyFI5Dk3Nir82ISOtvzuNzn8NrosSed0nyVmg88amTa
WoJS7as6s6/lCxuarGwRuHA7vXaxDg92lCYeTw09I4icBBABAgAGBQJLfusSAAoJ
EHCgJE0e+ZJRWiMD/i65FDmbZo0srV01XwSUb8EF/70RF0uOxrGfunMin93cR8VW
mNSzcydfH/mKR1Rf4Snsz9hp9NWryZpjVXrPJx6GOBzzwgyUtzAxH6OElv7rlK2Y
XJ+Xi94djsyB56e6PKHA1uB30g2l5beh0bDUEa9mLfstTidMWGXRdtnVtW5KiJwE
EAECAAYFAkt+6yAACgkQHnuzyK+VliU0OQQApyvdx0YKiDL7EuLf/QkOk64DRAKf
7rxZSlN5jHnNJSQeX7cMRBcklbl/GlZH2oyHdDuahrZ62MT/mCneRIH58lf8c91h
WLFjkpU/j8Md8ahFQDWpCwNSSwz4tqZyhKfeP/w0OaHC4ttAwbjKk6mn0wFpWxpH
sYFc08L5PoUyaQaInAQQAQIABgUCS37rJAAKCRCXQwEYcJO4QR+cA/9EEv5UJCgt
0glLmhIzpvGxlEyzhVqhtfDE8CI06lOSGWhYy4VCcOCho8ig+atxU1+/zPaJGIbI
mvR+kuPZ9kmtd+LtV6fWtp7U6FrAZSXV6paWHc9ZCLJeKSNwmRrcOqaBEjj3MqNA
pwXO3gCiuylHzgIo05+FxRho91AS/mciI4icBBABAgAGBQJLfusoAAoJENiq8Mr2
swcppz4EALJ3JQOIPsvgptuPdq8XZuxxuFonjcr8RaLB89a9MDduFBM8zw/Q0qcA
asltDtQidMwn+VCDQavkrpEM2QbNxFfhbdnw5c97CvovgmTATPaR2XZ7LaeIwE36
HLL5e5/k0BThiqymD3tjaFbx7uTK2o3ZTyMvbjtqMOdt0eLqFvHRiJwEEAECAAYF
Akt+6ywACgkQwCnKQBb0zOnn+AP+OdZu4BowBVYzmygmM1O7XyiEMd5TB3MxwkZR
8+rGW8Xcl4JtLY9iiXzfakTHuP3OrINrhXnMQLAY46kAcUc+VcHvLdMth6btsltE
Jjc33aZovPRabCeKVCnDKcEPRYclsXgGStXlFMoacI2KUUENZeGCUr0NJb7RnAk5
Pfuib+mInAQQAQIABgUCS37rVgAKCRDBnB0lEtNGHcMMA/9mYtgCaK/zihws7d4V
p+uQXKjnfhKZx4XX33BoUFgxC2N5/TB6qd0sBnaUYby/DDGh6W3721dGTw66i9vF
Wn2IJ6JUj4CpLCCFVb9FxPdjrt/F1eKg8N1SOfVQg0D9Nkl48Y81tIf0xcMa9yuV
8qssX8baTDhatDGFIZlYPfGpZIicBBABAgAGBQJLg2FTAAoJEM8etQMiMnoByVwD
/3iim8IBm3ssOFJ58RR9wFPgH7INTiE28vO5yO+f2i0/cEdWwJDwmqOpKhUM7DWy
LeK7LaZWzViuxh83ZI2KlcJJksdFtohuzyJul/phyaQYDPGlgu7AIthNm49pdDnR
0AAQl98ccn0iT69Zp3Fi5fRMHVC4ChBsBir5JjJBh0aliJwEEAECAAYFAkuDdtQA
CgkQvdqP1j/qff0GMwQAqgbWFQsOoEzzwSDo/SEun8gmRRLUH8vWx5Us659x2nQy
BPtp8w2HpqKsyMn2E4TavKjyzUZPINziPVszXhG+dtCFuOQvRFFZzFQccdhAIB8o
KJ7y/LRa7MpvIMRFJOURBnJgQ3asUojRcksd+rgMqujFrwyYN5J+LeXwBXS9eMSI
nAQQAQIABgUCS4N2+gAKCRB8S2dtoA4VY6KoA/91U29DqRR0XRlk+KdRs6Qjo/R0
lQp7uUtuP55xJkv+UMPVhABbMOR+/sjE8eUJdMpHfaQmdG89M5VZ+Ck2MZrhjveE
acNH/sIWCDvIFV5gheNZycpp+wH2VO7+i9bWmMVl4JKK0grFRYQMqiqT+tHYfXS3
MVQH8U4EhwnFuwFrgoicBBABAgAGBQJLg3cQAAoJENbgof5PvirdPboD/jUU/UV7
7jGtnW9+xrsUUDcHeU8Ha/VKXfKts4Z0KifWYnjUOH5jR/OqYzHy7vAOyGpyrziN
eJHLM/I8AuTtmsCY3IpfhaeRg4ZkJYRqx5QkhfUesOpPfKVPYtoF53Uw04iu0dtv
2bFftaX0tX/hKhWmzobllBGM9b5E4G+kHCRZiEYEEBECAAYFAkuEoagACgkQCaei
StHlggfktQCgjyKOB4tlm9WnufcJaYIbchyZVSQAn3thzs5akheaVsVwBHSmpJyk
PDRbiJwEEAECAAYFAkuFS4UACgkQXx7Ib4gMnlUZEQP9HoutmYz6pAB8XEADTKrR
wTWGqu/S4V6zhSJbIYSDIFAY+WeKCTUdVO8eFfrPIrS459z8yQ3PgFKL3QMp1VgX
jMGPcvfHOjWh1jSw5W1aLcJX428T0oybgLZLvPT7QXpIwKcY8TtS/jjVTaepIqIG
9tmQupstoaw/h9b1vHY7R7uIRgQQEQIABgUCS4Uc9QAKCRCWnNphS7Y2SyT5AKCE
1AR60B2GDZ75U2kaNe/SyOQJ3ACfVtndQ22edDOB1INak6SyfYv9ZuSIRgQQEQIA
BgUCS4TumQAKCRCiu/skDPlW9we5AKC6dNVZjpg/yDQiepI2E0XZ222vzACeJ7Ds
41t2z3BT4qGJyZrpGK8G3kKIRgQQEQIABgUCS4TuuQAKCRD7VAFa+haI7WniAKCY
mNr9FG/180EcUY/tgaHNuUDXtwCfX0DYjxL9ExvQ7wB2uXB2M7AwGxSIRgQQEQIA
BgUCS4Ts4wAKCRCgT/sbfcrp09HnAJ0dELKCp7WoOoAPVBHez/sfHAmgAwCdG64t
bjYwj5CamCOhDvuNjfbUpBSIRgQQEQIABgUCS4W+PgAKCRDCeBwaRrHv4S4EAKCV
LKV3q7PiVV5rb9T+s5uyrETBsgCfUVhchd+Ha5nbduvnF25C0Eswouq5AQ0ES37q
CgEIAK8GnjvPPqWqcNCmLyuscuTKPjqTyaA3xVVYNX+8hMD1iK4VAGf3QfKExVnN
QLvLpnknnKK/caaXFME9t4L0BTjCJRYJiDpoWImwu5fTRIyfIIy4vv5vPErqqKen
7dII6gptC2i538ntj7k8qkhewKJuTOVpE1eLHe3RxuP8rsv1AsvjJ+6WGZlFYINZ
+d0pxSOhdPN9WoTCl9JfkTQrnoVPClzG/euOkF5fUThL90gt31iN+RjB5DeWTPB/
jDrq6t5spA8hTKvQ+UB65chI6TzrCr+k8f5D9AR0Fkf9KPFOL7+U9o6Ap9yur5sn
njDP4fFVhazVyljUwwPvJ5jjS1cAEQEAAYkBHwQYAQIACQUCS37qCgIbDAAKCRBg
TfvyhUEKvpWAB/0YnkJx6/5rIwDh1u5iFdboUCEsX92n9eOilPWw1NWbq/Gdx7+Z
xoRjrGl8e8SxOZJbfyehgPX8NxOrkBfcAOOXmOvXSO1i3HSo2gaQxVh1urXojzID
raUMcltcNeQagdtDfPhYnS25vJnj+H29Dal2FwLJb9wp8QH1DdhUBoqeRQH34REu
fWu0LjF87JjUELhZe0Op4B8HnQV9oGo7W4IYw/3Ek6c5As+WIWSaz0NmHP2Xw+kI
kpC4BVIwG0l2mChAT8Ds+rDLGYA2dxYK39mFSApem2KiXFhAanDBb5XgilmeDepk
A4NAZlDwxoivB/5PTy67pX+AC1JgvPPafUMu
=6Xeh
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0xA77F2429 2009-01-01 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 33 3A 62 61 2C F3 21 AA 4E 87 47 F2 2F 2C 40 4D
uid Sendmail Signing Key/2009 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.8 (OpenBSD)
mQCNA0lcVHwAAAEEAM7aXDJHNH3g0oxbsSUjqRiKh47W4srnfEYREj2Q26AXWzXE
BSyfl6QMRLbSVNIiPOWlMPbZWjCx4c1TNsj3TiiklCcievlvbAPVa3kY2hZ6pmyU
czJq4S/mT1lt+uPOCjvKxo8OLQoFuJMTIS+Ya7LVjW7fJD5yrhKJbpunfyQpAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA5IDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQSVxUfBKJbpunfyQpAQHirwP+JvK4cBqtw9rxSZ0whmC1N4a2r24f
SH2WDC1zNNeiCHg93udKs3PKLPm688U+WxiaSsrGQXQlGojx7jn1XggTPOG+SteJ
JP/Ea9buJK9KaLaniUm84XxHxa71y3v3+SfhJMpJioY4G6qKqfLZFzmpiwUTvtLR
B9LfWvzvUUHJSTyJAJUDBRBJXFY9wZwdJRLTRh0BAcrBBACYcnhE8cx5eA8WqTR4
2CVZgxxrIMOrqda+hdpSgsRjUEWRpb5+Es1hfM3OLXqbsywCTUvxeoymVYQr3aSP
sbm+rQ4l6gf7ibpiVZA6vDxh0EfwNYE+aI3AoW03ODoCAaj+utOjGdqzIcec0RpS
zXPI1gWW3sBck95KsiDUYmXYTIkAlQMFEElcVkzvWJZk1DLhnQEByUIEAKOdWew/
M75xyVbugMGUZnAJrTZPKu9y3V3TLqyET3rGYfLjt6M4R+99j+mkhmi2rOckM9VV
30kvjW9BBarnr13XoMVTtLneoLaVrbMw4aZHRkTdRL14LIj+w1jzEKXDwYylJbGZ
UlmZn7lFkJrLIaBDmQl7GswBJRJvFLQbdzzMiQCVAwUQSVxWVW9Sk9ijm6ZVAQHr
DQP9ECF56TGI8YRPVOzZJzUyOmiMAouRoJ74aWfM8TA2Q8gVtedDc6IHiNzcVjq4
jOZuMgb1KTPPF/TwWL5MHIFldsMdJ/i0Rml+x4h3Ff+8ZYlJgFBylUmx++nW1rbc
nn9RS/Es+zKsDOnTN5fTFo3br1z2saLnuXNB+SuJmSC8i2CJAJUDBRBJXFZgnBy9
4uNcVjUBAcdaA/9ur7HbueufNbvr0HoDbhBijagbeqRrzmYtsOtYUfBGEtc5JiNH
r7NIAM66Tog8p9ZZA+qOaGHvujecBOTlokLpPKvcQngOz7c53z3Yop90TnMytUL2
IExcuCdH4BMy72R5nH5YY5pMqb7pFjcyGDDIM8cxMgbZ3gzvbPDHZMUQ6okAlQMF
EElcVmc4IttHzDdPLQEBJ/0EANME79+Z/BItRKlSgzH52JBGGQZrZi57Pz+hJ+du
K7RgSkhpsXnk1kELvig5TCd2YaDZXoZwUrJLObVKAMI4lpGNTkZlzRRrFXcx4Q14
YPJ/nay5jkqHvR9neKTsifzdsPVLi9nUDBMtURIQo5yn5AYMloiDzw/HpNGvkk92
ITqwiQCVAwUQSVxWbolpYrhnjAoDAQHLDgP+L+Od/CoHaVUpsZld1SJKwvelIe1S
wT8SBqppQyDbKw0ZczetUSASt+g8OqJKD88I2no5mjEmHx0lncoKJ06qxpJBIu7A
lbByeE9i8Bn52YKhPGka4AwA3DOm5yR967BncOf/zY65t83hocZL1uKQeHW8wnpR
x3o+RBz2354phxyJAJUDBRBJXFZ2IYPhsTlvB4kBARKHA/sHFkKAvCo5Hto2CJWF
gyBCJUsUuHCaQTkfL4IspkIBjmrsr2KKe0WQUqIlebhhWzVhgYsc8AXZil+pLahC
L9CNQVQpoPKD3mit2+Vsi8254QxQjeYD3jUQT1C6uq6l9IORdIxYah9DNBNHCgwX
PuTMmpU1JQj6haKhGa1kbaQq2IkAlQMFEElcVn3I1e0plfYXcQEB2TYD+wYXb+sU
0vmG51lVWj2BPMvv/lbfzU6KnqXNCD2ra0yu6C83WHNFXEz+JuLYlzLnaKm8DJI/
SFBZZIxpUaoaFHyGrjbWrDI6oMfvp/dMnJjfibNbmZuVIl2z0TKO98jiJ/+/9e/5
AtCsSFfyZ6FSTtAHbG1ZOJvhPBub9aELiUCiiQCVAwUQSVxWknCgJE0e+ZJRAQHz
NQP7BYHJwViDWqp9c5DmxM6vHrVq/wsDyPgm52+QpopErCRt2iTpocldHQG/9ZdE
0ENn6PhI49xobh+m0HfoZZ+Cr4LPU7g2ftmEtrxtDN1BYdNQHZLZStUp7A8SsLgL
2IvYSI9iKAmQoWQTAOECDD41o1BOnnM1eraeUyqdmZaFm8iJAJUDBRBJXFaZHnuz
yK+VliUBAVgdBACmbsAKzbNnvfaTCJxqhaJI5uNDCdH7rgoCHEJR4aefPY89Do7b
ixLCyW4wUr7pxqvf/xbEGJHNCG5WnmncXBCnoEVqmHb7J9vQw1o3K6pRPqtTjVBR
VEUUK4xe6ZIOft3FOI5fKAPO5Vc9NlxPDjSJcjR6+B//TpecZ2L9A/Dp+4kAlQMF
EElcVqGXQwEYcJO4QQEBl1YD/AsMu6g/4KiwelIz2rDzm4wzvsQm+cYm47hv2IHV
Fkx5f8mS6um39+4J/FHni7i2bfSuHpRn1RdURR7Gebu7HKYfGTNLNYyKt7U/6VFb
ylDxUTS32sier3GlDrlJrBQ+VDIG4dUaioKoKUXxBhEVzAZrvkYhaiGWIl/K4zz5
C1qdiQCVAwUQSVxWqdiq8Mr2swcpAQFzwgP9FJOM0MysHIjq/KihatPjerxhud6j
bd1Zo/tIKybvPsJNaeTeR+0IKm+vbAWtYL5oBc2wxgdQAs8tUi5SryK1otMAJ6sj
KNN+QxIp2FEumzReGRo+hCETiusjD9Abbh1L9L7FOkhGhH+m6fBVQIYUytmMFpnQ
qn17I9DVPxpwob+JAJUDBRBJXFa9wCnKQBb0zOkBAd0BA/9yRRB2waP3duE2rYKF
Obsbs3XXOQHEl/rjpIHVmYIqqRSglmlTEXwjKJeCEN9q0PRiazhztEhVJWP8ORRP
fkjlscP25T4A4tMC1F49biMak5MI2ffawVkUVsjIWFF/vFQIqKl4JG8SI/r4Oxep
yaozkowCJX3zZtkEfB2Id1nU9IkAlQMFEElcV0e92o/WP+p9/QEBxQID/R4E3pRI
isTe5RJotQKcsQKo3y+8KkmvfZQ6d3h/n4anq6bs1rRrWKqL6XoM7Nc5teLR3QaW
CVTssPtt3P06WqMm8Ct25iZ8dIyqRN0d0k5dJ6d5Qp4WSCL0TmTQ7wO4q9aCOhGK
YFKCP3i2v8zCOhuqk2pLeOYxl6f912COvmwSiQCVAwUQSVxXVXxLZ22gDhVjAQFU
WAP/TjyHxNVsptLRcFRfMCi9fjkrftbma00pzIaj9d6Ybxt6nMQ8C8TCTrurkXpq
9kGIrFVndsovql8++Y9VsDeh/vLX65mZl8FEVFvbl38+YSYeB44upadibU6uB0iL
zFz6da6gZmm/NENX3UCldIWv35L33EFotQ9GxTn8b0MQnY2JAJUDBRBJXFdl1uCh
/k++Kt0BAQ39BACfVZaig8loIuKosYh5Ydcefe0NZTZOCgPZ+mAzShEeBIN/btA0
+jMXfu6tEgqUKQnyKCXZcPoZwY9Y0hOqGT2AIkWmZHJ/uKrzXIAcwUTS0TQV1k5x
mHPkZmvr55JDYp/JIbxIZ8QTpTuEzlymow12qMOUhPkL/wOQET9duDMKzokAlQMF
EEli68zPHrUDIjJ6AQEBzacD/RPBzReBSsVar0+B4xEW0i11LKV2Q7gH+y256IDX
3SxML4+GZM9FmEMVhlTbHPOE2rfwFvLrMxCmIqGHjMccJRZpV9OFpXa8z15FRDmJ
U01qOITDcIAiIPgGamifxMOYG4+spaj2sxLGnY/6aowhjh1XNbQPuJ6laNq7bz50
wzfu
=RCyv
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0xF6B30729 2008-01-18 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 07 FB 9A F9 F7 94 4B E4 0F 28 D1 8E 23 6F A2 B0
uid Sendmail Signing Key/2008 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.8 (Darwin)
mQCNA0eP9NsAAAEEAM5xPc5UXm01Mnqad8NPc5RkbeWcotxNOZXwrz4qQM6sr/E2
lEMGgo5FOjWJX3tjtys8gfXZJihz3XMD5RleniW3RIhc2tbTJotNq9Qq9+LmiuBs
lT32O3ZSKsQtHQSfZ0j2bIabC/aQ4Dhfz13wz7x6VvRGwDbX3Niq8Mr2swcpAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA4IDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQR4/029iq8Mr2swcpAQGa3QP+O6q/DvRLzM03AwIrEPRjdswejima
4BjKYYVQ1Qa7m4pyQeY/0CJScqu5A7p+kCrLqznmHu5aeezvjZy1mW7OCScPrCN9
yC3IJdu7oX6mGZwPdUnsEyJvtHmiRXkumJtncmhcTZyplmt9ZDHVADQUQWRnyuex
oToSOeMPjS8YBpSJAJUDBRBHj/Xol0MBGHCTuEEBAYnzBAC5U2c8RtxNwwV4wh7V
Q4isNyXcYqUlUL5ZjtsP5+vuHz4d1CtT/tD4jGagy6J30xUuwUcF7AlNLIcn4z98
GqF/aMCANut3dpGbzzvLYg+SkKkrZKH6fF4QPbdotp8NWKeiihoqD+hD6sVNc3zZ
/JymsmD1T346VpRTwKf4JzkJG4kAlQMFEEeP9hEee7PIr5WWJQEBP1sD/3I5VeiC
lW9fmwaAyOt/BrPIfsieL2TLysXCQbXFObNqqdR9APPlmQAtFdERjopQZu+VKvZd
pInWGaIegibPr4ZyGHmGxmJwYyHCt0MNvjY2oA1WPVRvXz2dno7Q5SFDR0sQaFKe
4knKfzGu8fngy//R1vlO+UE3vTQ3cgTaIpDsiQCVAwUQR4/2GXCgJE0e+ZJRAQEH
6QP9FVDSFnXCSPy+tNFlLhtpjVOEqREG30iezAVZlx+yJVSb3/sG0LRCvXB1w3td
jzW7A1iCvEQVb1yuNSFPb6Dq7TKoSpS8XZyCIetCpzab06D319Ubfcs2lHaDioY6
ibSaysDrBDETyXg1eQBIUQ+9iltfkI6HRpm5vgz8d4iwieqJAJUDBRBHj/YgyNXt
KZX2F3EBASjtBACNzoDfjET153Zd3PQlj2X6b9BzjS8XHsjMuo+F04u9o3g78MSt
+g2HW5Xi1ORh/LFSrkK7Qi9jLREr3dKQM9jjhfvxidN80H8jNyUIUJ3d1/K123rP
z7GuXhXCfDCq/tjveUiVkoxQ1Q5h2OsXKqC0p7C7qpXKTg2CHLdbYTg/rIkAlQMF
EEeP9mAhg+GxOW8HiQEBRpAEAI9MQwE6xoG08vdkrn8/tZEfK/h3zc3UgT5sjME3
NPbWD9o0W/KlIA7JKIpIYbX1M3GgGU5rlWmFyuRD5XVvu4NJ761PXAHenhg3wEk9
TySAwH7Edlhr0M1goALxpjiAzrh+hc0x2rz2jMcuRQlSh19MMe9sc9pDgUaXl7QJ
Z51oiQCVAwUQR4/2colpYrhnjAoDAQHWPAP6AlqqzMhKJtWxVP4k10r06MwuUkOn
tAeuPL4semoKb8lTtuBG14vADXsoavifuq2iv4KQCncGn3yWglCUjG46DKLluZyG
uWjE44PEEiIs1zYzWo9F1Nw2C5VDR41/rzLqNctqr+bXac0lO3aRLgW1SkqJLI41
M+yXMYkf99dM4cuJAJUDBRBHj/Z6OCLbR8w3Ty0BAUwaBACH9QViBa/sejJULNu8
3i8B5tq0HOKvAzAQp/a79MxdFnhL8XrIhsTrprh3+/JvljrWLkfMe2tsVBTdTMJf
snjjCijgtuCKaR5ESyu1Kl2E8mhp1A032LWRYYrxSyJqklqNem4HeZAN4N1CzMoS
Iw5ELNeocuNmkBQn1xmkMYXiC4kAlQMFEEeP9pKcHL3i41xWNQEBqjgD/i9sEpQo
0YTW77za+n2rQD3141UZwql/F4cO0ds4sLSwJ3h4Ba8OkATHU1W2LbpogvpfvL6B
1H+4D7vo/VY/fSiNGUb8TjZfcj65ACToYokxK6PwBHL85jaWGh83kMS8pYDBL7zP
sJ3sCyayKwAXOFpT7doaZU5FsC7tNMwlnRCuiQCVAwUQR4/2t29Sk9ijm6ZVAQGP
TQP/Qbj1ZsqZfQn+7SXPmW0Y9+xUUQ351ecD1UX3yhuL195djP/O7ebeTiCBFkaG
gWfMZtNCtaPQr1BhXBF9Xkum4IseUlRz1mTsdrhbAVtL6mGWMYcxQFTx13pHiGYS
IaJhc+XQIxc7wmfW2LjOZpcHi0E2dhcjMEoWZGyEzKI/cJ2JAJUDBRBHj/bE71iW
ZNQy4Z0BAe8aA/4oiv/MRmiRdDrVY8kTIZWb4whGYLqKEScOEuqir0PrMtyEUkzP
YpkM1u3Cf4+zbtmgN16sx6DfyHAVGyI0U14hvnQhuVrrBs23dxGj2iciu14BvNJU
YVaAoAWSp8qA14fDOAGd1H/InQmDZJrAiH61wQwjLrU1oI44Dr+55KHgO4kAlQMF
EEeP9s3BnB0lEtNGHQEBxk4D/2WTAGSVuwDUGeIaHM1NVrgRcFFqrz37farxYNKx
7jZ1EqJXZXTqtSAUVc5LB8ko7V0P8w7CLso3Jj3hvFdYOt+6howpI/FO1Ur6RbTC
ik6RUMbHRvIxpcTzZvRmWlMGcMdJFcCxsliOG7cyjpeuisaGJFIhyqfpAdqMKRn2
jOrqiQCVAwUQR4/5GcApykAW9MzpAQFuCgQAjaPwttPvJNegPa/KqZFVVO/VDaRm
9Aeiktw8lWlTE7BJ9SIePdsTEbKIzER/gVt85bOptJo6xpXaodoIjXWiSD+PHbdz
tuEp88zv0B0mJcKSRIPt/u+baAgR2dKR1jlNvEjbpCm9rei+vqRNREpdrk32ls5d
VwtrkbnFDuzLcgKJAJUDBRBHj/r11uCh/k++Kt0BAQvcBACq594Jrh+y+Pqf4bCL
8LrBqspvPL9MTMWDdwWvT7Yoaa+cyApuUWqpkyh8alWAwxnJmyw9I14zBr219862
0Rb1oCo2TDL/pMz8WVpyjD0RIxs4FcoJODD52kYxhLadKk0OrCXfrpWvIcp4sRJa
kOWK3QzpD/0NtFJLZ+BnNq39h4kAlQMFEEeP+wK92o/WP+p9/QEBtVID/1AxNsk7
/ktDwz/khcTsCLILgtuKh+7jZa6K8FhhoqNXbjyUhZYjGne6No72KJ52P6P7iPLu
SPDOmhu+z0kNTTm0KsWRSzQeUD08qyoB3qNcdxcRgAOJHl0MCXUwSxumfBb4iJq2
5282RCnsKroyWAhV8KjoJer1hTKCsu58Lqrv
=jDs3
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0x7093B841 2006-12-16 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6
uid Sendmail Signing Key/2007 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (OpenBSD)
mQCNA0WDjKsAAAEEAOoLs+uE8cm6SP0S4gvfZrUHd74I9DWSbbiYCwsLoYUm0gcp
Tp+rTcLBDTrw93cti1vpEAlIz7f/kH+J+OoU0WNAZgBMsSCFZecJvmkrSldCsRJf
UwBh5FWgDWmb/iNZSAwUpisCa+BGnpKhUkC9g09h7Ss683GApJdDARhwk7hBAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA3IDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQRYOMq5dDARhwk7hBAQFdSAQAuS8Etdrnf9+50VYoFC66SUsf8MLi
hvH2k8GeAH11weE/8Aij7eR7MerlnyJ5NJVupVDeqK+q7ToaGlb5hq0ya3rbYgwx
CpzxWTHfvS4/DWs15ajlR3QHkDRZC5pUBAHO0MqC1YskcbndWkmpMhlExb3YVvC6
5+RyKUmxqw1Rp96JAJUDBRBFg44uHnuzyK+VliUBAcjWA/4kZeVmOOikqAzGRm3i
coFOr5BUnhxFWTcO5DtnKSvEBPRaj1b7Xz9O0sfEwrGARDigcH2V4yMSxQLJ9Tyx
S4xjFryTXYPX3+HPLmU97c8VyDF/ANCgdldVW761hXd4i3JCfHm9LMWQBWz4XQaD
iz56GHoFwvn/nrGmBi/3K+1+/YkAlQMFEEWDjnC92o/WP+p9/QEBIoQEAKitPCB9
Lab/vs6QhHEW4UdoPTK8EcgsRQTjx+xZ0/XPC3PiLjTXM7cZk7o+oQrp5PGX1RqM
RV8bzPtJCNiwCctuYpKuYuGjljw8IhZmVxChH/5ifOo7Bw1cxGMWPGlex9x3Xel1
P4BGi7cOvGGRasEBs5gjtpq795+tDjexh0MwiQCVAwUQRYOOfnxLZ22gDhVjAQHV
IAQAhE48oNTvzCPAyFf5EEGOsnZBDazqujZS84eAiFvIQfcDcBHCFOaK4wAKsZa4
YhuYBxu8bz20Kecqfbfnsqyh4b3iJmXiHiL8gIpUzEBBOKesswlzAd7+6hA3/JqN
8a6djrSo/+GEC6QExnLk98qTnfrfHNbTk/hk4Pxf9343uziJAJUDBRBFg46u1uCh
/k++Kt0BAS3ZA/9FxlTjvDfI+ujW/Bj+OoWnwCm2OGiLjuWKoiVZjoz2Msp6ZE6I
1YbqJOwchBpqaHLNyY8x0eiXLYqbrk2kwST1PCAaGQoizK9ClPyptf2V/LUjyyCi
ppmRNH0rG+WSKsdof4rXRP8FmMicQAW4cme3n5/bq7Z7yQQ4RvSTCMru4IkAlQMF
EEWDjsuJaWK4Z4wKAwEBKOMEAIRl9rOD0eDvtDe5Uv7j4lIYGxe8xSRKstLzIl6T
K9spRcrqJk+6OmZHU6MMzkf44z8CB9VWcmozXFxjV+ZkO4SgyJKLZdRc0KGOB+ua
HL8q5WGMAJ2bLpmJPVoR0PK1Vf97e1kSOWdvIOfwxe8Y1IqoxnGAJmdQh6IJyBc0
tF6MiQCVAwUQRYOO/XCgJE0e+ZJRAQHhGwP/az5s1kZ6HoJRqg1v/8DOSZEeWECP
wBw5mgW5dGfPNZ0/Ot9lOy95jlHMu80/YDmpQ6WqsqpnV1hTmj+hYOSPRTqun72l
IiPh1l0vLl00kw+LxR7T7jPSWvX2l8SjZ176KIFqj3jZpPvMk2W5cE4sjYpvOxRA
BhheDkERTnUIY+iJAJUDBRBFg48VwCnKQBb0zOkBAVKaBACEb12dzj1pQDFog8h+
aN9spewVBI0vrxu/3PPZY0tVZJl3S71TXRVmXLYEgeVi5BL8uDuiM14NylUk0lgT
bVL/VxPsKf9HJVjdfZSbFjUBxxClTIvayTwtMSebO2AcjCiFbMpp2R6VDc791Fp/
xvuLVr3plYLSQIL9FcBG2wJR1IkAlQMFEEWDj3PvWJZk1DLhnQEBS80D/j05Rlv3
98Zt+L0hR0+R3qyuf1cFMNyxU5l4Iaf7qr9JRHltHo7iGE8fCGiX1Z3f5BGL03XA
r1QLusj7nk41W0K5tr3r33qSMjFWLpcOziLbzEAMDQbX0qJQmqCXT+cafiVpao0u
MqT84L2rKLQxldQM/fvOWExuioiZPKGyE3YuiQCVAwUQRYOPicGcHSUS00YdAQEU
PwP/Z4PmlZZIhle8P9Bv4c6pkuFkU6LBjF4bWf5bJ675s9Xyh6YwZ5SfFw0deaDZ
IPXQJQsjcHvbVGoTOxiQtm7y3ae+0TMDbuZSgFD6Fl/IdIdwP2Ob5yoBr1+q353C
qyLSEI6mX1P4sQwkI272ndSpHowJpuBv6lPr+sZ2uEFzVQSJAJUDBRBFg4+Qb1KT
2KObplUBAcTnA/9ueiH0gfV1H+8WOm6vUAcvaJ7aCBJ9gdUjheIEY/KDUH/pkGAg
3E8NDxojTWe88COlIOSqa61UQThSwrtTIx0oWc0E3Bza0cL2xR4apKfNPGWM1/Tp
kyoD+WYLoVpomT1MA8dBPYUKNuLVunohVscRwmHuUsz8bTTaE4abEnUmwYkAlQMF
EEWDj5qcHL3i41xWNQEBOJIEALestUaN+JpQ6JvH2zqBFIXPsBoISVuTP/CNlez0
LSSg9Oi1anMISRNj6cpu8iYYWJxInL05pDCV5MYySB2SzVT8HgrR+3yUdVFgJGBN
2RYdfXdFqC/d68/50muZzPo+LIwKX+G33B4y0uMSdmK76UhGNW9rfWdQgce7sBph
1Z1YiQCVAwUQRYOPqTgi20fMN08tAQE7KAQAtYpp2c7OzXPXNJRbodNihpRq1RXd
qo1nJ7qVHuLVb663GMfy4TwcXytdzJjXAaMf/Rn50skQ+4YGrbIxXC3UbY9NK3xw
UzebQlzFrjEtPmS0UVyf8GJl6yQ3xuBYZ4Pe+X2hioBDDFZ+Gjn1DA2IQjoZitE5
B0c9nlknPcv644SJAJUDBRBFg4+zIYPhsTlvB4kBAefCBADFjYutzx72jDt26otM
k44ZLD6Szv90TKLtRYM5FNhtw9VKFkg+hSo15WzUHKBsnyqBT8Qq6YKz50Wx2vts
8g2hJ8+g0A+3YuAgNnDp7h7xGS6Fgc5yGnqC0bG7T7TE/YSLfGz97vC0vbm6S6HG
9Pg+IwKl9dtoE2fkU/BMU2XO+YkAlQMFEEWDj7rI1e0plfYXcQEBi4EEAJ1tRaXf
aKj9+hVE9lTRbDukb9dsVtAKHP/rRixumf6+v5SCh4g0FzMURJ3jqlwfj2/rPrq2
MQh1NwhLjVjaEziDCLGxV/TqpK1Yn0vpjmdsaOe01XOxi2+uy/7uo/ArGqtjHSen
7TmYODY3aKQR19eVehId4TCR1sLO9GmhnYDjiQCVAwUQRY71+s8etQMiMnoBAQGq
ygP+NdG19Qz0Tf4F4pBRAZiJdIz9hGEzx/Z7rjQhLgzaaGxOQmv2iG/92Fw9/H+M
ATmTMfbz5gxpLkBsiULI15tgKQWsFwY/pphRKcL9z4+WeTmUkv+tPxVfRYE3YuUc
QS/3A3DMIv/mcJYA6fiwsf3omzEU8VCyH0uARSJrwQcdmwCJAJUDBRBFjvsM4dT8
FObQdHEBAeC5A/98yBTBWjhCYvB2XLbbL9dN0DKtV9oqXKhrPI9BAjRi/IeAi04b
ktzwUC45TLQXlVB1EK27b2mjNwPFcOtM+IrO00gIf1lNh222lSJUISv5rLnHp02j
xmyQfblYVQ9iPNiJMWNzID59+ntX+MXO71NwyA7UovMTvCcaFWhTrfGk4okAlQMF
EEWPCSBfHshviAyeVQEBS3wD/04nsshuG5NkdqgL8+E0RycXqXchIJ9GP+Vu9sxB
aGAh8qzp6xDh6r7A36JCwuUpZWCOC10z4/+QjMwZBQiLH4+deQk7j7L5LxDAWIs6
DImewMQsg2zF3XlD/Sz+TjKUA1HMwmDOagrygwpbZRYlhJscov/aUeBmUTmaEsP4
cETBiEYEEBECAAYFAkWPz+8ACgkQOIoVOB4I2B3ysQCgoPb3snzfJrbqM6T/Y+tu
YfUd59IAnifkpVQIfhZf1aWIPNYXnlYnpVrZiEYEEBECAAYFAkWPshcACgkQorv7
JAz5Vve5KACg7oh+VFz6UxqjfkiimQ6l/8uI9msAnRB9DBRE6Ebh9CjV15bvm7Y7
as8y
=w7F1
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0xAF959625 2005-12-31 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = E3 F4 97 BC 9F DF 3F 1D 9B 0D DF D5 77 9A C9 79
uid Sendmail Signing Key/2006 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNA0O3FKgAAAEEALUfKjFiXc8T2XS4C8N/jJQkProkzyl7mdN0xVKqokMy9/rx
nbji5dG7WlxyJX3jI9eypZV/d5+KpXljvyC+cBIxhhmsEhVT6AsOkxlg/Y8Gmb5Q
bn2mAiyeaylvcFeHLjBA+CaMByDms97M6FbiSzdXx6JtLP1Tdx57s8ivlZYlAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA2IDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQQ7cUqB57s8ivlZYlAQEn6gQApe1I5DhI/Y+fwI8hjx7Ydd8LQ553
CoBYnvoqrxybSZtOc3D7LHoKIb01R2hx71O282soxjL6N9SGnGQMcVPINXAcJ0Z0
mTCpUZc+QtItS44R3aqp27q0C8FTt885/pkKT0cQM/9EjWRv3kI+f39gl+MwcA3I
AV4NJmTpi6ASzmmJAJUDBRBDtxYm71iWZNQy4Z0BAbnQA/wIfK6PT+zTefydUovI
G3dDLGGxMowpdG5yQwPwkAEIPFlbLhYsk8E9t8sLsLI1briqKaqxZkHo9ggPNkZU
6Kojwrs7imUZj4AMVL7HDqOlb+jHeYsg3yq/KzKIy3i1fmyUYA/cddSJOp3a0zjy
IISZ9VPR6/KaOj8cLKTQqZG6tYkAlQMFEEO3FjvBnB0lEtNGHQEBJWgD/RkJuAVQ
LL0cEe/VBUi4CmW3iGF+mAokJZn750ibVQg25SjDUc0UScxyvSnl8ehu3fjWmsEu
ckHbzBWkMx/cnCb7xG5Ve1HGgzsBjFpvcQUM07y4JCFOfTOl3WiYP311EKBp2tnL
2i/kdD1IVITswAEQ7XId1NBIuf4P71v16rj/iQCVAwUQQ7cWRL3aj9Y/6n39AQGO
uAQApQ5v6HZkgFNKT+SaXJOsqtk+xQQd19QfQQ2U13uaJ0nQ0i4O11WUTM9qfdWF
utTlDTZKeEdz+Zb67KnuIi8PHyMpBPV1BGvWNqeiEN0Q5TmkxmaXBXTWtGeHoWw4
Jxaic4LdunSNDIpE0A9zfeaj9YJGX87I3KMf1DQ3h+FCRRWJAJUDBRBDtxZZfEtn
baAOFWMBAVi/A/0bQQvU747R5bMC0vQLRMVOtq6rDwNPlXoFhzW26AU2Pb+mKCkU
ugVqjFaAWm2ILxKvkjgDyfw6b62IvEK4rHJbfwH/FeIfi6e0+ye+TpXcCzXkARTm
FHld0IERIXpaUA6XarNlWfiqaZN0YLpCQH0M29kTFvIfyoUHn9LgvBLe1YkAlQMF
EEO3Fl9vUpPYo5umVQEBVtwEAIaSvlhM+gIKnlxN/1hpcG9639bLlUTkAt2gtn2w
4hPDZxMpblkQhcn3JcO9GD0BHNrV5qYBn3bLFwTG2FIoaROS4XyH8GPbEBWGNg9d
IGm3kLdLTWsRVCtlkLKE74ipiiaN8JhPRGAtFUjcDVSSkGNzw2jBHP0hrQEKga9R
wElSiQCVAwUQQ7cWepwcveLjXFY1AQFA/AP7BRC5j+Hed/B/RjbsbX3mxk4DprEh
6IijxC/2XAZbk1e25GspBO9Pbqs/2GufGCFX60Jj1FQJ2+vq8vg7chNNZ5XNEJse
6GrQtUx2/mEKMtvWGbWGSn53ET+AzmLne/u+f3bIh1OtXXro7w8OUkK9J+ZdG/9V
J/a0nYTlPUw6o3KJAJUDBRBDtxaE1uCh/k++Kt0BAf14BAC4mGT1gE0aoW8rn7kk
XJ3an4hThBZVuR2GS+rvwioEsIk2xe4NEFwJPGKmKq+C4vb0OWSiRev5l1fPx13x
tWDGcm2k3SukDOHB0le6gS0RQx/WHCTe/lRKiQ3w/IuhLmrDfmoOOkDj6KVb5fA0
x0Uvd4ycXUPSoJcBq7dwNg0f8YkAlQMFEEO3Foo4IttHzDdPLQEB6N0D/3LRqVT4
Dhw6UmDIre9Tag8EmqTu3R8wFTmmEYDQ+7CxW+ZbJyYEDZp/WU/6xmOE2TSHaFPQ
lgFEAaN1Cp4N9IXAM2EqeNK3fJOAsv4F5NOXbVtGJhyqG4aDUBZPvr/p123cpiiH
2yVIvHDkaacX1Tq/kECpKLj4k5D+dQYrUVdCiQCVAwUQQ7cWl4lpYrhnjAoDAQG9
pQQAg78+p2O+g7qPh1dAMcnQrI1eW3fTntWbadoKPXO5oFr/n+a74Go0D9+8J9Tt
iW3C11KR3w1q+af5wp+viJfe8YDEwvm5gcmoCxPnwOeSAzdquujnQZRE5lynr6r7
QzJOFZv457qzndC2P5qSODCkmVC6uAsRxo4Xq/zflzRXmzCJAJUDBRBDtxaeIYPh
sTlvB4kBAcvhA/9LBX9mskFW9IpA3Y5slRV1G2GFv0DXV79295p8OCKlZhEfk1y+
JyvT2hdnseD3Id2cyoMlEk57gJBuDrKdjeOLBMIJ2lOKGE6dLAsywSYkyFnngXu7
6QvoTS0mE+ahJlT9VDz79Jl6W+118cIeYzzt1TP8c1WkWBCJJcvge390BYkAlQMF
EEO3FqXI1e0plfYXcQEB7W0D/AjxxjEMuS3UedxXI8VQzTB2o3c0o5DdlK2SXgHP
SFxr9feksucCanCoYfuTWgxm/Ioy7cxtVNZT1dAHfn2MSrGN+2Adoep8E/o6PyiD
t3pCzowtXFS1wjq1j/MX5SJoDrGl0VT1sQXsWh2uOFaeMfH1w9/r9Zkl1RYXYOEn
/jkmiQCVAwUQQ7cWunCgJE0e+ZJRAQGTqgQAtdhMXLTw+tBCshX/CdLhrD0byRN5
omeib2QWmxdi7Djyz1wbDMBhnssM3SHUj/kRiorTnjv7qU8TS4z9r9zXw9U7XjCO
T/CRepb3siiHzMU4KI5bxdg0ZAsauCVDel5MItT7OlK2Fjv4vCYam/jHGYXe6AEY
dbARTWInDsFK7VCJAJUDBRBDtxgXwCnKQBb0zOkBAQHXA/47Mvt5oI8f2JbOMLkV
E14upGU+zXYeWH7j9L4AYRzjl/Lg7tT+LBTjh+HEdl2UIMdYASrC6WbKEbatb4dr
nu/pxd7/QaeSMV00P9j+Cfa3uIWn6HFUi+TH5fkLwERfkcLHKZ5SshZal9KTbjzv
uwZsArnsNN0A/d1gUqljdDI/K4kAlQMFEEO7cAXPHrUDIjJ6AQEBYWMEAIJ5g1oG
cL28orl4J7SxhOMyQODgaPRHusnWTBsa/ufUugVSR0g+3a2Pzyuq9xWqYStHf50N
hdFx45JtPmkAiWuiBsyycVbBq/ursCeL2SCQPBCcbIfB+4BUbWoU62QA0a+sY5bW
mitsU1FB2Mxd7QWqIBW4jqwB0nsAVxShRdWliJwEEAECAAYFAkO7mAoACgkQ+IYW
ZdmHE1gcHAQAkMZ2julBDdx5TeQ3rrFus44snaHiq5exlN1wIJrVIhJzmOcHq5i5
ysfoKSha0cYf6F+6kTFxNL/Y9mneisg+rWfgRYmHDzNvXcuyAY/g6rwkRoyVN70q
XhWXdY6nA29E5VH52pKCdjQgpbdyO6JDglLzfq7jVljCuPq8+PXqN+OIRgQQEQIA
BgUCQ7uYzAAKCRDEsQeYhXlqI6AlAJ48z/+X/bUYIu1yekM+Wa3uN1SgSQCePzZl
iV3/rvMdwqhHZPfM00GQQxOIRgQQEQIABgUCQ7vkHwAKCRAJp6JK0eWCB903AJ9x
Jkm4hmDjMy8+ynBwFrnKzmGUgQCdGoOE+xbNHN2kArmTHDvzd80yQAeJAJUDBRJD
u9CCXx7Ib4gMnlUBAfFkA/wP/qNyveNU4ZyJt+Ft/1xIYV4Gk/FJ4MOfpRlDYaN7
z2FXCjXtWeoxEJ8hqtWUMBuQHSm5T49Zv7Tb+6jtflscL3E/Kz3nIIr3Tzu1iNIM
m3dzI37Qdk/7tnP2fp1fO2VbrQC7CtQTYODko6vTUSLap4+NWbidGNQMSEXAFfBK
2okAlQMFEEO776zh1PwU5tB0cQEBZrEEAMjAS0ahmy5KzFgRMrrI3RkrcKwi+Hnj
Vuw6UowvW7tUhIkdFuXpd/a2YczU2Enivu7uSJgUD/2KzurD60ahJjSkC/l8xDNs
v5wvbB+nYCOVDEvL32tvGiyLyT72MpkwT3ECYXFdlwpk2P7bk87tA9isuue0Nqvr
TlO5vpTGYrPoiEYEEBECAAYFAkO9OlsACgkQorv7JAz5Vve2KACdGpTb2FWBtvXB
cyIoyLoYGLWwtSYAoLDtcY9f816jYC3awv42YCMLuKuE
=bh1L
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0x1EF99251 2004-12-30 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 4B 38 0E 0B 41 E8 FC 79 E9 7E 82 9B 04 23 EC 8A
uid Sendmail Signing Key/2005 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNA0HULI4AAAEEAMA3Tq8fneEtiNHeTU/i5YqaoV1g6oq26sZpCPjvdUnC2ebK
A4GwHv+HHDs/4nDhuRR42f/HRaSt8xzAIaYp9H/gAhY9J9OMTVvohv0vISMJOxNF
GdcNrBfUupnvkobe/Muizof+d+xT+Clik6Qh902nCOriXkWcRnCgJE0e+ZJRAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA1IDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQQdQsjnCgJE0e+ZJRAQGUQAP+NzZIG06+vs1qEcZezheGPE4zMf8m
2v7XqAa5d9Wz9xKyZUwOaY3UXbP1qFpbqq2BQDapFE7nMLi06Z3Dgt7i0jqWWEdr
bPbFPEejgbujjLHXkDlMOnGs17n0Bvkov/+irTvT3ONVGxypsIc2hA8pRfldCZ90
BnpOvEVpAX/XDK6JAJUDBRNB1C+MyNXtKZX2F3EBAeGwA/wKTBsoaBTt5YPDIxOc
d2f0uBlPdMyjmZ5OPLfkJj3wnYSnJWYLPX2JrBydSaE1ZlRXNBn90rqTQgqbmPU+
r5IIXVf8UWL068yV1+G43PR7btuj7f1NTXOL77r5FfI6v12wnqZdC20W4ZJiLQ3A
veW00r6jQeVrofaTnY++Fg5cUIkAlQMFE0HUL5zvWJZk1DLhnQEBBi8D/2w0AGLz
vBlqPWQfZaj3jcEQhoiIGp0HyFPPicS7pM3NSQ3R8itF7AgSgqh37QhbBHV+g0Y9
wcDsSvZg2WqAil9KZccKbqumt2DyxIrYyHY9Z3FJDBPb7zQEMUN9AoHvr4YTYuhY
FivXEAjdzpAluSjpbXtUyl7IPCGUiBSSOHF6iQCVAwUTQdQv1m9Sk9ijm6ZVAQFD
EQQApeIanx771wuf9T6hXxhfK591zKcLjQ4fUT34SbJgqt434lWwv4j7cr4eJ5ni
g3AJAU4Fa5mR09R4dmGFxEEJNYxVtK71ylmP5vKx+sj6kmBDNvzsIT69juFdtWCE
ojCRVwlNMl3xJ6tECdy2BdyecE21+f3qFbn8IOLv+ODClZyJAJUDBRNB1C/pnBy9
4uNcVjUBAerHA/0ceUV3mPPM/41N64oon5bkzy+ZHUrF/35OglT2hbo68u3D5M/s
XrPbm1FKKlW2zfeQX3j1cSwqsTsrOFPPRmUkR35WX/3G1Nk/2Nbq/n9wJOHDGnn2
Rz07i5/NIiAvQ0r5WeGH1v1tpXv08sTlvr+BhQ9flQoPG94sys6hUzo7hIkAlQMF
E0HUMBM4IttHzDdPLQEBgWYEAImlnypvC72A7RIpPUlVasE6KAWTC1KSqF7mNo4w
zzdrztkONepBT8wZ+PNShWO1ZvK5Dpm6/1B+he9FDVwLyA9oQgDptHDvnQbSSc4P
NuA4e3F8jabeHKcQaYXODN66roy6IuI8W2kfX8AJTcr+YnJRNljk3ZeLavwzidzI
+tqMiQCVAwUTQdQwHolpYrhnjAoDAQHu/gP+JaFLkI4L22YZJYckxxuRoP+tM5Y/
wQvUJO5EhSqAmxUyMY6mAG1TqnHDBD6o++PoAY+ZsjJ9/RherLlWmdUNAnvEln61
QUYsZA7jZ8RxaejfEAQi2jIKVUanNax86lZayhQFsJNeDMVEVaftdFQGbK45Sxe7
6IQrNM6yGKjVNbCJAJUDBRNB1DAvIYPhsTlvB4kBASCMBACiwv8V3TxoMgJi5Gse
IBW26T8R48Hl2x8v09xFWcjl1b2nDo/f8f3GwqgUykmyEZlsBC0tjZIA0iX0SvNT
uOrTxxi7iAKI0AeVoCthFX3O2FSax2rHMqqO7addL4aOmTDztOEbIn1fheVU8RSc
vJEhj5HZpQnDdjJ9HADCaK2v8YkAlQMFE0HUMErAKcpAFvTM6QEBFL4D/jAi7xsz
qM3dmWGT2klGmeOttAZJLJscfsDusdc2WpFQgJqFXOz1jo5r4AhfeHn5jYrqa+V2
OpOW9BYn5hkkdeghaDYYvewAGLRvzYGK8zQMBnhGYtfWi4DaadWSCbdKUuCKctOC
GxDQKj0hR419/aC6Om16JYTrqFjpefqeScZqiQCVAwUTQdQwX8GcHSUS00YdAQFE
CgP/RT2QYuNzLqYa/6JLFHW+fXxydNjumBlEQk87Oc9V4O1VpaYdYrgv7MEAHafZ
uzRjJbDUW2phB+2kH8fErFPdJpCYwjVS9BvZMUD04UDY7GTxcYR6fUgjF3uzXNcD
6GDaveh8+xEDACrgM/n/UYy4rG8WVDHQU4q7SrF8ZvtBksGJAJUDBRNB1DB+fEtn
baAOFWMBASdMBACmoFq4r4cFsB/UTw/vLJJyaiKqicVGVUSm4tWyk0uieY64QvUT
FieuAa/2cVJ561KBor38kw3w23O8giFzQL+jWPycGPSthwK0o62EaDS2EbvUdrdE
qP3rJ6BQj6ZtDpQwJT1ZisSUIw6Qu6pYX6VHNFXEQZrR9Kn3jT5l1NU92okAlQMF
E0HUMIrW4KH+T74q3QEBbMcD/RO9NdesEUG7BOOL5nODyiKQZwcDBG2NwffViNUW
ul2VYMvO/JGFu0yePNar/exsi85T4gh/ZDDCgpR1HuwkXAu89ErTFpx/Uypjmjag
aCBGSHRjRZ3Tdua4xzw7tngiKXxgr3k4frZMn8xp0WOwkFp2jBRNmrHvKPa2RN2v
NRleiQCVAwUTQdTjQM8etQMiMnoBAQHupwP/TDjFRNDqX4oiVqhN2RShKi6OrXVg
Ek6C5xtBMs0aeXZCsS5hOxAYk9oAPf45ZFcQ5Nyeq+pFnUZOlyi9aM/uJ5z7Tck/
5tPoKhtu7rDf9z0+kjJ8tVk2rLhS5a1/5CKcLZ6IjeFJnZ69cgmgHfCFDHY48USc
mQj/mna2duSQgoGIRgQTEQIABgUCQdbPRAAKCRCiu/skDPlW95a2AJ95TApVR+to
4w0cbwxw5E5TtbCh0ACeOX99Ulbune6K7HbHRAhIBmv/+UeIRgQQEQIABgUCQojJ
rQAKCRCL2C5vMLlLXDu5AJ96HITaeeoQxCOpwiXhcoAmdL316wCfZ8tyfBhs6a11
PGTfx0MVGQGG30+IRgQQEQIABgUCQeV+cQAKCRBrcOzZXcP0c9xxAKC/zoCm86F1
R5NhWIAwiviIKF8+QgCfR/6apFqfmy4+tSTpfPyH383zia6JAhwEEAECAAYFAkHl
fo8ACgkQquPmzmahRGiazw//cNEkAWlHb19w2Je8KbGZB7GBpyJMjXLcmeTGBtNq
7IZEF1cqjfdN3NXmrTg8l96V86Hf1klyj8H+PZX8GEahkB77cD6qUmOpFldIrq0O
piosIfAzwClReh8NOYP5SClP3Ry2keOQAh/W6a5Bi7Bxf8kUDmQ1SabmpgirPXDt
4lhx31Rv2Y3GfqwjQqToWtNIZ8navR2mOq6ab4EdYAE7BafE/a+rpQJ9HA3fpUYz
YinJ6C3Pxnua/ldDhjFEtU0MgVdlw9+GcSkpWKefMapgD6Y5FTNWOmtBGnccX0CI
CuDEl20hLvpumAbnUR/4upQjvdCj36j7rXz337E055K/76rRSwbZlwh7BSRrmhpF
WYZNuAJGhlyIpk1vC1EJ6OdPaHhOrOqLRqnAWmbo9GZEliCK7aEyFbe73NknWKv6
NIVluYqDtGyYzj+f8RUU+v6UGgKJ88hb6KrhcW5wvWHftLnm6x4u/dwc2Gj7H/Be
ah2/MM10W+1kXKVLmNGOryakAthHDN2LYz+JHPPs5DVooUy+GahK7hBJY2SsfT22
ctGceJUQCSIGNaiYcjIWM4v4K2S4npvnD99iyXvZhHqUkz0+k+Rz0lJ4HhQxvhgR
EZcS+llunMw6CiOqPNAObu7DTd9NcS1Mv+pNEE2WH4TFwsCokZZ10FqNBwtDZiWx
m4eIRgQQEQIABgUCQeV+LQAKCRAYWdAfZ3uh7CMvAJ9HC6MVsJXAh9SX+HDeaN+G
CKjlAQCcC8Lo764I0dEn3t6uF/6xTIrupYGIRgQSEQIABgUCQjQqvAAKCRBTMecd
e+Qv41IOAJ9FeWHeSoVyBOFZp++wPF+sJipdxwCeP0uZ449pA4jwIAkaTPRNVOJL
j9mIRgQSEQIABgUCQdm5PQAKCRCgT/sbfcrp0xCVAKDA9UaqZidYEK0djxJGJiIH
d8rCJQCfR/OXYRtuops92kZK7tfsvec/DFWIRgQSEQIABgUCQdaiaAAKCRDEsQeY
hXlqI6HKAJ954GDwN6wIPrqQXon+VXGb3RGDqACfUwTFi3LnL2GCqIxjePsrsMxI
vwOJAJUDBRJB1dhHXx7Ib4gMnlUBASpAA/9+GcUKvOBzCY1ATn2LhCG/FifCh719
0DhEgBdVgntlIHFXVgMtD1pXXIF2JwQMxiVOO7olbyLSQoILN1n3OwwUGpIaZ1e3
DBOdG+6m6yML35FCfQzL9HWUwWcSui4vv0t6Cmf6KDR4Y1b8PQWj+Q69Zsbw+xbN
NhKKxbpbOwQGxIhGBBIRAgAGBQJCqRS/AAoJECCOHPSmTnJ6CjsAn3pMlFLA3PnV
n9A/xRU/7wk8/+OzAKCOGLu4DaUkm71Uo63LhkgfNyutjYkAlQMFEEHeAd4Gfl7Y
v7VlaQEB2UUD/0wZWCGGOaNJbHEyWP+bZHFaquJ/gU/wZUlg/YI5N6EqtP3SbXvl
EImndhWT26Jg1887nnYetHnXpol4F5CZZKydkkmLk0j+3J1IV5yFfUT9yFXK4/i/
MHvheaD1nUpWAqeriS/kArCMyBTX1ry40d/JiGLE6nT03R81bte3usI2iEYEExEC
AAYFAkHoAgoACgkQMRmAUc8aTSyB2QCgvIikC015MRxspSahYSiMKpw0VCIAni2w
3yqj3fFJ7j9BBrr20adsbdsfiEYEEhECAAYFAkHVvlAACgkQCaeiStHlggeZVACe
M7lmJChu9B1opqv1oHF7qBwprdgAoJGA6Gk5KhljLqh9Whs9/VZQHiIgiEUEEBEC
AAYFAkHlaPEACgkQsYn2tNI6Qcg0HwCXchbgvBb9od6J9YUTDoOTrnQ3oACfXrss
El43bc13LTzSTSW++eRPoxqIRgQQEQIABgUCQeV+TwAKCRCBwvfr4hO2kt9rAJoC
YUsYZpX0v1kxvQD5SHwVNHmWqgCfeEwWNWGjBhZ2WqHaG1OT/HWHyiuJAJUDBRBB
1cgi4dT8FObQdHEBAW9OA/9lokAoFOu8JMzjZO+9xOmBNMtLTJ54KTKDJuMtXKqJ
u583Q9szgbaOjEMHcxzGuiLsyNiyIEl3d0vNdFM4FHq5xxSOIWQ9k3IqsdKP5P6u
G/FbDHdgzvJiu6Silw7L40dBJuRsGRtUrhOBYwl7lWWT6M1F70tT8M67Tlrs1UAe
Zg==
=LVEV
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0x95F61771 2003-12-10 ---------- RSA Sign & Encrypt
Key fingerprint = 46 FE 81 99 48 75 30 B1 3E A9 79 43 BB 78 C1 D4
uid Sendmail Signing Key/2004 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAz/XbhgAAAEEANMR0MZRcYSFEWLDwtwdVaRl5K2te70fuZ1EsZxOn1C7XO6G
udhw0hwJeq7AD0S3Tv8AofH8X8GrNVosfKJwJ+ttq0W9ivjBSm4nzOD+5mYmzsap
0Uh1Io+Wg8kDf04O+f7PZ1tct44UZlr0F6hL+YE3/+4wpFA4S8jV7SmV9hdxAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDA0IDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQP9duGMjV7SmV9hdxAQGFYAQApMXWH0Okwfeb6OPLv45ngSqzq1Ka
C3dpuVmd1S5mD85Npgj5B5O/uoHhu57VXRcM7GCeRqbaezzCL3G0jKzI5y52qb4Z
LJkK4/Pbq1DzbRL6GGV954NR9xR9d0A7MOo05K7NYa6RM+WyIk7KNeHZCKX2V/BZ
+FVDcCDwmMd0YQmJAJUDBRM/32RP71iWZNQy4Z0BAdYhA/9IcKx9yZ6vOdf+2q8J
XP+CKYkgTpq3O8s/jNXoqTEJikpj5vrHcaxbP5UAHJlaLbn9Z9zj4V2LrgDJOiT2
UaCGy+4IfD7t9MgVpMjyKBXMbdV0LII/SESYV1QpzVAaqKR97ScMxCMV5/wS0GxZ
+UplQOBUlvVfYVci5V6UkWFINokAlQMFEz/fZHJvUpPYo5umVQEBtm8D/iuOVnqW
mQS7bN2aQp2K/jCLWx3YXG86U7r/urPeeKFRKBI9nF47pyjd84t+utkAM17yCIrS
8pOdal3nzhRWkqLj3s+hBTeUJ1HR+rNuYHbgusIPkUF+sShEivOEfS8iQo7ZbcrT
zU/neobWzf9X+ihcT5i5a5F12V6o1PiIq01HiQCVAwUTP99umZwcveLjXFY1AQFU
hwP9Gf9Pr47nYyXaxb0naxuYEz9EDgzOwHgZ99yRgnkLiMHgLdfpZQWywIEHrG8M
2py2Bc7+gQgsOT8SuBgHa1II8Y6bH9Xzu89EUoJFF5TlO3vBJlELg+aJehKqk7pW
TOWkNppP9bcb/JgLci+/wSqiI0acBBe9LL8p0DGb5lyP1yqJAJUDBRM/326oOCLb
R8w3Ty0BAU5mA/9z8BoeFzoNVEU10+FqLSBEYObq5AQPI8TZgHSE+H6EeGIO/clQ
d+RMcWMedOWXtajglfx1UhF/fSn1Y/woWlJhNy7ebqBqscKVhTlCNeJHT6yLme1a
/w3KOxnPleoT66EnyREyxR3O9s09VnKpGGf/g3223+k3VcFpn7qw3a2pQIkAlQMF
Ez/fbr6JaWK4Z4wKAwEB/84D/3ssrF6teu739smXiRqLZxB+WppHO1yzr+Ylsir3
RICwU3y9ayUtAIQzkwJ5qC+V8iMTVMSdJiwV2Yg8xBp0CzRXcdqntgRzJQWzWq2r
HEHhcM8NOVtR0TCbPF8iw4htBAc+rEMOhT001xQ2zPL8k8HXqVrLHh84y5XxZx7J
xOK6iQCVAwUTP99u0iGD4bE5bweJAQH7OgQAhzzTt7CqBezWb+pCY648W1NSzAgG
ANUcybCJBaM+olkkO2SA9pSPXEIGfEg8qXh4jJhFmk6OLdeaaPJd084PiG3M3IAt
B7QHE8DBBcnTPNWsZseTxn1dMZDWDddBGEqplUQivwNF0iAoLHUhySmqwi1PBPQe
4NZeeLWjAJ6yV4KJAJUDBRM/327uwCnKQBb0zOkBATEzBACxvB0EivpyF6DiY9zs
LhGkPwoRabteqvvZ3sSCtIxQWpxq3lyX8MgkeSEAUlJL38YGXHhBWbTfEUz8VQHe
P8obxXBiEj0JxfqnzEmUvnTWF39dYXCQsAXp8+vjS1xYCrtYFMBmUjTg20pNRgzX
y48UyDM33Zvr/7hsZ0iXGZ6ysYkAlQMFEz/fbxXBnB0lEtNGHQEBasAD/17V89bg
Cj7Wh35BBB6Hq/eVHDLL1klGJRDX5BGP6v3rKpvercCSZEFlb9JSNVDmSefcTYpC
NH6oNZux23EmOjTC6ZzDgrcCiADtTkfPotBL23dthLyiwL0yz24SKVqlBadzyNrK
SDlXiz5pLHmvS0wuexJlHtaB4bRuBo0j5YaziQCVAwUTP99vSXxLZ22gDhVjAQE+
uwQAqOey4/yVuMHfTVMDpAwWDMJJ1rWoRuiXPdn0lRAQSefu7A/TAe32Gcpm7xXH
HlvGXEcqxMxXtSIK/TkFlVde9gPaQmRVvt/p77lT8eWkd7Le4vfftl1HGe6TSRVp
CjP/QOkIYVuL1OcH1ZHZaOEKtGKbiG1TabJNsNJF3/4Go+KJAJUDBRM/329X1uCh
/k++Kt0BAfwxA/9LDEkvCb9YP++5MQalpKe+CDvPJPf916HNjBF1XqIyh/0Ygy6d
oYB6AiT9ch/dRc85s67rXeSHclabdcb4CudDAB+7wK7o7EGs/FQbsWlixftdoJ0I
A+uCCMYc4ZVPBRiY3nEoEQYs05brfTih0iF3Pe0GQtv1PbCX6sy8xCGfiIkAlQMF
Ez/f8ArPHrUDIjJ6AQEBsc8D+wcjK1zS+AT1QJ23atbNpX++1fhjVK0qF8d3SfH6
Y5p+2uzWT5PpEfVfMtn5O7U9SUptGt3QUStM8bc1YYqL8XQvN8tO+TimK8PZ8J4n
z6bp6R6qsbidvo12O4WkhCBQS/b1E0ech+0Yrkp/bpT5L5Mbzv/L4qc1+Qp9Brfw
1XuaiEYEEBECAAYFAkACLjMACgkQiMunpwt8HzvhzgCeITpqUq5Ts7HQxeoLTyT5
k5SclRsAn200QVvSoEAHkfM2AsqnK4zn5PD/iEYEEhECAAYFAkAC4YoACgkQorv7
JAz5VvcTMACgjybvljlMqGtrTy6wMNDJYeBB4ocAoOCaH12bx7YJNmT3E8RQCy5x
Z5rpiEYEExECAAYFAkBuLL8ACgkQi9gubzC5S1xGvACffF4XiYgKOKQ3t7GCLpPf
xEGMXTYAoJ3abBhbGO+YHmFScTXYO3HAtQV0iEYEEhECAAYFAkACOI0ACgkQoE/7
G33K6dPA7wCgk5yo2wUatoZuPruzhlypwmvF0HYAnjdMM4kN0jyUgUQt95lOX7E/
K9G3iEYEExECAAYFAkACj2wACgkQJLk85YJw6RrI7gCff1Mxq4rHz3lRhmFEinLQ
P++LdQMAoMVItpk5hX8pSKcZ/E76Gi3wlUpfiEYEEhECAAYFAkACYIoACgkQxLEH
mIV5aiPmVACeOSDsOjt601csNXlkvoBq9bKu7zgAnj6jObAkNbXB/rOluT8Yj/4I
RGnjiQCVAwUSQAKb6F8eyG+IDJ5VAQEP6gP9HIAOJGlJ/Lm4PhmsgIJjnUtEtmHc
n4QD3ERB3RwgJDh5K3Xq+wjnXYvZtKoqoSBwdvp1mEAOg1gJS+4zis7Q0WOnoBNj
CD3Xpq6OxiY1LrFspL5fH9dY+oX1kMiZGhjPvfauAgS5KfmKGdeG/AwlZR9p1NET
pUfxKy8SjO/NA7KIRgQSEQIABgUCQB/IlAAKCRDk5U0RmgzamfVNAKCbo4pq7X1j
rDUK6HjpcDAwKtPgKgCfWLazpsQMbNrZuzoWGj8fN1APKEaIRgQTEQIABgUCQAI9
NwAKCRBwLeVZtNPXsKHzAJ9oaQL9JqxTb3Pdqjh1YGbUeBeXIACggTyw9xhtIJTB
LIkSIcotiYmp1TGIRgQSEQIABgUCQAIiGQAKCRAJp6JK0eWCByRYAJ42JQ7xf7zV
EV7Bav/YeI5XT75YPACfYjdnZdatI98TPa1bww6lk5TYMmiJAJUDBRBAAfcW4dT8
FObQdHEBAQn9A/wKVRhHHc4iWt261OI9zMjM2DpNgIqhlHZsxQ8uRZTMfkF2Ri9j
3aBbclxT9ktqHS9c6txg+BD6ETcek2vFDWmGsm/ZnJSiHokgno/yYbMSvKw59tl4
6VqSDEt6aO4ZdlwDuAljMUE/M5wK3d0JzR0fMdtI3gJ5SSL8D3Lpb9uYIYhGBBAR
AgAGBQJAC1C/AAoJEIHC9+viE7aSbC4AninGVdeUlR8BiWNKSk5y5jW/kidKAJ9g
0t4cbWydd1ZrcZWgK/K+oUynk4hGBBARAgAGBQJAC1EAAAoJEGtw7Nldw/RzZ90A
oLn1YgnHvCYPVJvR9lPahRiv6n4FAKC5hoOZHCOheOOZZv21aDVZf45bXohGBBAR
AgAGBQJA4IssAAoJEPxVuVR5zJGzclsAoO+uOWSBmj+wWgmDRr1pAL6hUgmhAJwK
jYaNXwivBn/SuLpi74wFPw4vfYhGBBMRAgAGBQJAC1B0AAoJEBhZ0B9ne6Hs+68A
n1sUSGThp+SIBGZdi0HpirC6/gvGAJ9KEHjz1PWHnCspxhzjqU2F3674zYkCHAQQ
AQIABgUCQX8pbQAKCRCq4+bOZqFEaIWID/4kIGmWDh4L4yOAHgnX0/XZdefJ20PS
BUYPgOHz0SOFtnxbr//L+t2FIcjX0QUDIB2qK5iw41L9hXJkr41GPekJT6f6cLHI
n87HC6O/fdraPkvoq4xzMEir2sjUWwGqZTwHfRBJ8VF1jcs2x8tTwkjuoyQLxo4+
jtu9X4YTqX8DI6aYBiZiizS74/4x9qU2HxBPJhd3bAS1hh4cj/vK+C2WSc9IUkJw
molL9fZJAHVh/lQw65nlJCUox8gPgew+ZYCJqVm+7Mo+isXvzv3YHdliMQ5H4Ovp
xJo3TCrRjMIlPC0OQSVut4j7YN95Om2L/7wXPf5UPJYiN3ChErIHqkWXt4JYYSCg
iu/1Y6xLGLQ98XwCcl/8fzzdfd0N+q6vOC/bau/zrbT2eQtwzI8gRqvI6LLnQRyH
VpfkslmA3NOIrmabEvLjeAmRfSnpkQvz5/Vr1I8Zur4pr4X6EP88eeJBFPiWYlNN
B5YxPButWtHTZud3E6O7/MmrBTHOLe6WkPnl9LnMydcu4Lv6O4ZYvrauL/EPMwWw
4yl08f4TwY2aQ20/XCsx8kwMwGPTWY8pyc0Ka+jCJziBF8SsKDWk6VgnZcm5A2sW
xuB262JP/+n52prf+PmN96Ob7uQPYpX5Pc9xfV+9y7J87Oqc0zIfsfVUyKCNyDeP
Dhl1CXPwZ/GWUw==
=Ehw6
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0x396F0789 2003-01-15 ---------- RSA Sign & Encrypt
Key fingerprint = C4 73 DF 4A 97 9C 27 A9 EE 4F B2 BD 55 B5 E0 0F
uid Sendmail Signing Key/2003 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAz4ktksAAAEEAM9Vrk1RpJV8oPwEUPPbqUY14VYc/LY5JQYV8ZU704C4c65D
L7VRxnO1U2FcJsd8IXz0Dd8xf5r5x3HMj00zEYe4x89gUEBW8bUODL3oH5Ww9064
2Cxlq7qK3nNPtct4QrXTadg378CJrsgVQ3V/L1Zaj1Tt7J2PByGD4bE5bweJAAUT
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAzIDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQPiS2SyGD4bE5bweJAQHbfAQAixSSHRd464OikvI7cPBkCVG7v/jo
n3/jc3fbOD3Y2jO+1L5K7SswDh2DwHfSx1BiUvhJutQPLbHv0SmrJwPQwR/DTi2e
PQV0dCx1rv+ztRjXaE7tLA5XsS8RTiBXfQRNamxUqPVA1hCAl6ulBbZ+uIGG8F6H
LgRV8jvNqjDxcKyJAJUDBRM+JLd071iWZNQy4Z0BATagBACq7IebGrBRDJtwPcps
O2K9eb1PPkMg57MYE5OmnNgMnMtVWBnMz+V+7Dg+72Hh+B8AL+0tRLNFxCWCr8Q0
iW08kzgKA891NyZcvGyYCGr1vbaxGpHcb8wdgLE/2nu5E5poksA1x+Bo+ojJga17
r5XKiOoSIR3ubyAtm4PrXlo14okAlQMFEz4kt8bBnB0lEtNGHQEBa6oEALajY9IY
M8zZkuuGNvZvjYKX1wt+TQwobFPOucx8RPT2NENF2jg+tstaansWBEXtFBbJO4Pw
MkbGrSirdUMjy20SZKZV9SbVUtT3JbZjrD844N7emc97DNZNd5p52FjSX3518U8A
e8p0K8+L4/o/P0UnEJodz+u6gTDPSlPJwJamiQCVAwUTPiS37m9Sk9ijm6ZVAQH4
mAP/ZccU08EeDnjwGXAIYXNRTxxdfmlyR1GvCinrDrKBfdoNSzzHkwHIwWsXuMkg
mEcGeXNlXxBsEJTiBuXbKOyxnjMhxBX02mFgMNyYjcy9Vu7+zXiJSUgSAVlwontm
083bNqH1yoE+fwF9xWQX3UVMvkQXS1yAKuE457GvflnEkjGJAJUDBRM+JLgFnBy9
4uNcVjUBAfSZBACZAHhb+RCbihhAvk5LMgNznUkKEU+p002FQpk5+hMSDI+nVwTK
D/2XdZe1P6hrKxJGWXjp0BXmZAonZB15b8DgdLDyCqTv+RLVPKTnpj+sGsBaq972
ZU4CiWVeXzxUoqV81lrHrox1kdgJ1vZ6015Xhnk8WdHrFGmB6s/l9ixTqYkAlQMF
Ez4kuA44IttHzDdPLQEBsbsD/iKHrN0wAUWjxEMWvuH4KhtBgJc2D6B+tU1iMaVc
Fx9rKPMAgNrufOwMyFd/QaRHwQHPZx64FDlmyUEMiTw3VDNkPuqqjKJ+Cp8Bbzyt
Xgqnlqv3b2UhVB6hZhiMZAhlR/EqBNdEY6nYy2t8YS9zX0O6tjY+0bNU5uadXkYr
7D3YiQCVAwUTPiS4GolpYrhnjAoDAQEstQP8C4jFy6PVU9Hu71pVQJ6BemCi2c4M
WzktX//DPcJOR/rVyDAdxqTMnq8BRRDGwoNgcd3RYEhXriVWxlIqioSVgRPQHRxS
lLk11k0Hdt0W485XxXDU/1omxdeHWo+tNU0XBNEW3yn5h8SQLpla2ZpBxspKpiMa
TrlBLymoNi8MzruJAJUDBRM+JLgkfEtnbaAOFWMBATxFA/9XNnyggYxIsdfO2Q2s
Ea3/G/qLuq6Yh3xFE3dWdWiAglXrrqRaDN07UPI1gSOX+ZLxwxhsBQg0l6+gNQ/A
RYKzO8e9mHaNSJBHTeb+j/6+ku8KNeAa6RBkWDi0OgMl1uVzc+Mmc08huOS78UJI
c76tDuFvf86HlIEXLHeKE9xwwIkAlQMFEz4kuD7AKcpAFvTM6QEBAlYEAJ17jgMR
241DJIiYRp/VSEBOHb6YMqQCX5MQy2nFlg54Sv6cnEbbBh75McM3t11q10pBHqZH
8Tld6RQIXwmtSRxmORxpitPDl2L5IybqpBj1TzdxwPC6CL4dGJLTDAp3+U9OLdvG
12GCKplT9viigapaOUdjG188rAYH8yExwNv8iQCVAwUTPiS4ldbgof5PvirdAQF9
PgP8DrP0iuPCCK09P56ICm6zydYZ3WbU75zquW501Q55Q/GHWyDXS68YlJr5LyBG
vZqVhxjmtSqM2T0Rmsg/xz443kEwvu5AYRZNIdOwCAuU6hnZJGPIWqZ+e6oAFQK3
yA0WPZiRKE5lciWqgWlan38jN/JkzwOeUsExJjRmj2AF7cKIRgQTEQIABgUCPiTD
4gAKCRAkuTzlgnDpGhL/AJ4lmiFuIbCTDVrKsqIFstaTl61xJQCfUgr8vtgH2k0P
uaywr3gphNB7leCIRgQQEQIABgUCPiTEiAAKCRDBbFIvcyFx1YlRAJ46pZp5CLNT
sceTb/CUiLy93qSZvwCfbUygbMCNzRc+QomiBlJoWAFFM6KJAJUDBRM+JMV/zx61
AyIyegEBAbrSA/9vPZfmqlX0MlL2qZACKVfUxO7BYEwnWvknrhJhDm9jE0DTQj8c
U12mSI8FYnyOZ3UI74s4dBWqv8IrMdzcYt389tC5GBjQoRTUyR9zpwxXjqQ9IG4Z
x7mtbSAc8U9dIaNBE461MUT1zcq8NtlFTusmAuhoUlrX8GsRbJ6fgHzoXohGBBIR
AgAGBQI+JMtPAAoJEAmnokrR5YIHzYkAoIxfhY2mgwt8BRAn7x+ldjiAXn28AJ47
NK20+7vyNIlY/edIEoxlU9FTcIkAlQMFED4k06nh1PwU5tB0cQEB5i8D/RCvipmV
3rkwNegZvqbRRI5U+zZesjlfD3vFKLCafC7rWB3D7YsWI08EkrOa3D9RrcWNH8Hd
h5MtmZDrwu5IAUDeBZZ7GAfDTrBMm59KA8dZQUxucAXzuGkUZ2XTEVV0ybzG8atx
OGl8ukmza7PXXpdkh8zvwIvRcWWlM0zMXdtBiEYEExECAAYFAj4k5mQACgkQcC3l
WbTT17AxTACfRsOJFoappZnyPNeKB+Le1/m2vW4AoM5ztfURp4hgIoTntkauAOgr
LYFpiEYEExECAAYFAj4k88YACgkQorv7JAz5Vve3JgCcDgmySU5q81glYvuFgTlP
n4tV7uIAoJbgCYdiNBsdU3Jid02d0ld/M9v1iEYEEhECAAYFAj4k/78ACgkQoE/7
G33K6dPgnwCfduyCaoDAVa5fL6jKRlMLRyeNyL4An1De48wO8NHv1mx+wzKbQP+h
WDIqiQCVAwUQPiUAMADy2QnruxtBAQH+MQP/dJsgNIFj/aNtdrwTXgmSlmNRq++Y
2MaNUhdT1DhXGmhCS5DY54vroipZ+BpyJUEFJicIhnWdf9W6sxlaDHIbZD+psIhg
umd7CmEIj1TjWGmNokXsDQ4KQ+ZfhhTfYG13oTSO6HYCt1PixVneUeVO5XT1lios
fCE7jRHEM7/IyU2JAJUDBRM+JXUvXx7Ib4gMnlUBAaVlA/9CY51e16TSqBUQB7jT
I119joBrSLAzWOoNRTgNQa59r+DW+Rf+Kl0KDTINObb95N1cCJx/4OqefQn6CvCk
jyf8qHiL3zjj/ofuN1ebWuFbAxZhcPOZqpz3qzJTSGOCZy0ao6Is3T7sUxDEvub+
jLW9BU1Z/hRh648syknjJwlr14kAlQMFED4l92JiRmrs0ZfX0QEBd4cEALQ3CnKz
Ta9/LStigTo/gwCt9piyRTeUUmFf3oOfotybhiduguPEFsGhgahQHnR4ONFGkHp5
yBFxfKMUwKyqOytvLKMmlC5LIAczIIfiZJHkhWrekbIXvpsz8/iCc8D4Dqf7iyyg
v0e6BLnL2r8W0ky1+y6WWyZvvlmqUa/yQ9jciEYEEhECAAYFAj4r9z4ACgkQxLEH
mIV5aiNQKgCgoxZIAyzdSIk5YbSRAmjgbfc2srsAoKfguDpXQp++QL376+SnApCw
6A/IiEYEEBECAAYFAj+yfqQACgkQ7vRVUBn5/kuKhgCffp/7sfIVTVlNKLqKUxm9
PKNeBOMAnioXZjbGFsXTVIPX2Y/p4T6Zi3EiiEYEExECAAYFAj5kImEACgkQi9gu
bzC5S1z9NACfQD6usanzkHgeMgAxg8EQfK3QHrwAnjSIqNta+un2xVIZoicMaiBM
b9pgiEYEEBECAAYFAj4nwhgACgkQO14FiEE/vMvy2gCfUjuGVRkJdtELhb3j3SX+
e2JvolQAoKNfvJYD6v/3DgOQFJFVEehRzEd5iEYEEBECAAYFAj5kce8ACgkQX0GF
pW7qTI5HQgCfa7EluhouinhzGMvfbGKswZebfFoAoJ2IGPnfwLOqUWxFZIv/tE1v
gj/CiQEVAwUQPoHkLHAwZJyAyUshAQHCrQgAhP+JwDlmBCy/lld8iYZKae4buBvc
0jAAx8RG9lchEGsctKMGDHGyxJk+JCe20LqEn53CGq9RiZW02xJGsaN9tuHv1Ekh
cyD3jxhoEoPWinTihgq2VY3qnt+nmjS8ps7+Ov9awIQIaqNuIG/s+fD0K5kYJ7/R
0RtUdnKCetbGczpeqDgYGsbgovjp9+m0G/xTwlL664xtXR1+1xYxgIqxDozRFXXj
0vsoB2p2as3aGBWJP5qZYVPEuUbv73mtUEAenP6KM+JLu+t7TDxWDe7K/1paa1UI
1qAcMERo8N/39WYRQHJryLS1Cl3tFe1erEem4cWlNjyWdPbkYToKk14PGohGBBMR
AgAGBQI+ZO59AAoJENjDuVLpGrm5/2kAoIK0Y0DKAYw10+8Bd9mIgCcBw1R7AJ9e
vqWqDcoA6tdcgRoPw+b+ORPDXYhGBBARAgAGBQI+hvCcAAoJEPjp8+GIQvVJEhoA
n16i0uFYSZoCWgGxZFMav608+x4HAJ0XB0XraMQJToOZAXSpaSWhdXy7pYhGBBAR
AgAGBQI+9wRgAAoJELghiQKdsrW8eX8AoMuOL/iHpizRjrBEC6IZ9FqgC8IdAKD4
NVlVY7peK4/vIy41g6deuYTCXIhGBBARAgAGBQI+9wSQAAoJEFIY2mCt64GL9n8A
nicB4gNl4ziY6HArLJZBcVYpUPlRAJ948hOKxlPeHue9VBxkfz3wK0D9fIhGBBAR
AgAGBQI/janPAAoJEKTWXDNQN2Znh0UAn2Nsb5LBZywdGIlUtfRyBLA5zvf6AJ0a
pimLnGjRdZZY4LUFa75D63EeCYhGBBARAgAGBQJABH7NAAoJEIHC9+viE7aSrJMA
n2WOXw53qZ57aRQV6j5FLLoirW+FAJ4gTGBWeAyWU9qWvD1CGi8SWIost4hGBBAR
AgAGBQJAC1AqAAoJEGtw7Nldw/RzIiYAn250CHTZPf7KTGvep6n+ESJRcT83AKC8
GjwcuGUfM1Ukh/BIEEHwHhjS6IhGBBERAgAGBQI+0xpqAAoJELL9knZIGOnVyekA
nRqtOk0TrmBKjolOKUmp5C1dUCiFAJ9+GeEDAtdhA1ReRKj1osnTQ1I+0YhGBBMR
AgAGBQI/StFiAAoJEBhZ0B9ne6HsjmkAnjIXl6SvMcKdm0swC8xI9Mup9ovRAJ94
yDgY6w5RdAC1HsFufiEHZ1Shp4kCHAQQAQIABgUCQX8pjAAKCRCq4+bOZqFEaPGO
D/9n5I0921vpls/oOoFu8OR/NApHYvYxKmTcv1lH5QazUP2F7F7drXlQ9yjriY2B
ufjU01bFmR6yskvfZpmsXfPmDzTktZRqGiR4mcxGlDrwW1cKphPWcVLXFoVIax7g
UEK+wy8PNiv5G6+oy1ukTguwMXeqLbb4qxcDbHTx9GL6Z9E8HR88KdgHtRGZ1L6n
oKRK4y4nt9PxJzep5RkT4deV1oncr6TS3gvmJCb3+F5gvQueWhZBnCdQHtFb3Y9F
uEsHI8RxrXENCacpZYpBYKtv/umQbRyVphwO+HUU4bGy1A3rTy9KKkWjycqx1tat
CH7wz3ebqvZy8sfibhUO9PeDfZ33+e6CrPvqOptGXdyHiHm7QltGhjF3TTjRoGnt
DWvu8q+F6/GspzUVwbqBH7zbaV9a8h8L9fkyVmgq03+y7NIP1SSQxGLEv/qqBflB
o/9MachU71OhDp42qCyfXul+NR/4qtYmj81+5zGz6vSWwCJ77VMVFZQIN40rEHnA
40xl5r9pf3hDZWrj2yg+mChlqcICJAnDfNtYaOve8rMXJ5F22VoWGaAJiAkQdH1W
ZNSR6KHm3A2ICdH9y0fM14u2NAlZuC0QzqbUotpwSXgDMwm3P4He9CwO7IEp0e1l
+nbkE3BfxahWNiCSF+RF93kvSoeFf7FenAF4BkBzyP62kw==
=ZdQs
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
-sec+ 1024 0x678C0A03 2001-12-18 ---------- RSA Sign & Encrypt
+sec+ 1024 0x678C0A03 2001-12-18 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45
uid Sendmail Signing Key/2002 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAzwfgwEAAAEEALejONfYzPrNw5IhjBfjpkj1hCwVGCa91d0Pr9SyMgFdrEam
v4jWiz80rFoKdm3dr1bDqBhdiq4tH49Rul+RLLEXLyiPiLyRoldl54cPeOUoGafp
PvcCihSgWM2tFO1saYtf+/oM5/9S/TA+pb4hpXAZE4CfL4e7X4lpYrhnjAoDAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAyIDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQPB+DAYlpYrhnjAoDAQFKqQP/YG77bGGhCqr8PxSpWSNxDuIPAmX4
VJdLsIQNUBqI/3noPfTec3553EsXMUvJh/4iiI/+6CYExQi4WQELZDPmfUUWQWUA
aiv6upSOKOAmuiVO2cjZzNaETswwyabk2rOE0RzmCuzMDCrkbFugoBRofuUjXwq6
FAnTaM5LkAgprfaJAJUDBRA8H4OufEtnbaAOFWMBAWP3A/9Y4JqmHQtcz0t/kIcE
ZwGwYd8+kyeo0/0voW07STq/C60hX3eFiegoqO6bqILIaswZ6djnYOMdOYhMtM+f
VzcMNTyJCRe3KcWvY4xRQMYc+zmwqqxY1cW6F1mWLT6fwZ6hlIRG/A91OfIDbnuh
WqNFOJR3NNMmC97nB3D36e4vWYkAlQMFEDwfg/jBnB0lEtNGHQEB9+sD/R6kEta/
JNgmBhnVRheM5+4ijQpz9csP0Y2Ccd5C2BFkURQztRxgldaTRdmzAltjG49ZmgAj
C15v0S5CunWI2gHNvNzh0odyKD5+FEcU2arz2TEqnEIzoDdAq4B6Qwf48EVBqtOa
rIY6LoLV2/POFqTZvP2fzdp1kju6KpfMLgeniQCVAwUQPB+EB+9YlmTUMuGdAQEp
fQP/faSN6UtxXPrEtnqF+9V+pEc77BJO6oa9lpI9Qdbupo1wqNtFH6ZmYhnLPD65
qAFnyKZU6VW58ulobd5nZqISdTV0CorPJ1I+7zTS4IuZkiDg6/YCTzWdcgs7M7W5
sI4mnDt4bPdIRvz0ffM8r6WmVQISuI78+9usnZMLGoJn2P+JAJUDBRA8H4Qmb1KT
2KObplUBAduAA/oDRlld+jlosLu1TDZD9J9srEK7mdT3+HIVohcfkqpAhXXcZrvd
avKucihNrCa+dj1u03A0xxMPQoeuFQRlL587M1sEtowVGuyMTyiVtut7zsta/eEQ
nkp0MYTqNftkRxoc7vMx98tqO4Xlfe2mLekV8w7TUQxGVi9JFIBx6ZATUYkAlQMF
EDwfhDWcHL3i41xWNQEBoGED+gIvGFmUUu7fkdEmaT559dapdxCCEJkV/dUZUrbo
EmYtllCo0yNxzfBdXVwlBlHFV7fAW+QZRhCQx9TBv0JrNf/AJp4XIo837PmKhoJr
C5UsbT5SIypBi9Ai8AX4HQrB5SQQMd53efjmsdOITtdM0Cp+/uMUVuO+7oFeEWtW
MvxaiQCVAwUQPB+ESDgi20fMN08tAQHyUAP/ajusqW//1Z6622HWr8GTVpTua/YG
H3qGW0ZdXoqnzUNBIc9lksOV62JL91pzfDWaTCqMTEYzT6W94e7n8SYFtbroemxb
kdSb8DO3C4bOa1w1dJsQfTeRYEuIMVHtjJmqw43J7pNn2HazVcnPf95YkMhGvs4b
P2zfvyWwhgRCbWOJAJUDBRA8H4SLwCnKQBb0zOkBAddvBACYxaTZc+HsPEMLpoHW
QIsntukJgdT/onZcTFZiVNmA6bYyQ0VPTiZ27HN7LjHkVgtdyEQceKq4T3iQ670h
/Pp0gwk4ZDpmA/k2oqgs4aE/C6KDy6nMCGaucJhC9I0/0EFD32skvkQ5fj65oeoC
2r/coIoA44Jp6ikzGA8i5aXuyIkAlQMFEDwfhK7W4KH+T74q3QEBwXED/1TiGmh1
lnvOLIyn2lG+HIM4fzjlU4EmEm9we+lTi/zKOz+3w/O+jZKPEeYXvhjFjEbWIYI7
XGtJQalipU4+Uhwv+bIliwWpYlFs0Roi6L/mN3CKXN8S62TI8RdArRKtPH9OxvGv
1AXnEM0DRFuvcRVEBkUlnZKEit+8ttu5rIx5iQCVAwUQPB+Igs8etQMiMnoBAQE7
hwQAtxoIqHHKs2IG8tTiNcjgfReeXovMeGttNua6rd6m2f8hA/UNt3U9houeGEsb
62iU4ahd3zRRrQyof2ZshLZ6kSNM/5KrRSP2YlpzLSGbXJjuQQdc6rbQItOxo2rz
lkQ4IlBj1XgYqO67GimlXk5GxpsTLhCFh2dfONxcgj3/P2OJAJUDBRA8H44OI+Ri
1L97pCEBARSeA/9Ep+EhBQUhnr0lq5PX/35uSfyaSFYVNnJ6KQqgoGJXIsktW47a
CIlGNireedg6t1TpjC6O4mWLZbromFYX6tq3ItNJopoMEN7kQjG+joWgYeBb5e3u
qDCThHonW552ev9HNGtCROG6Dvb8gDbjutlcKQMNygJdAdQquLdxAMWeeIkAlQMF
EDwfjdV3HZKuiXLHwQEBe74EAI8cKrwohEOLVUNRZSCmNpttwPQ1UddzPF0JtFLy
1CdaQWQpR85jarWCzYGioWWMpKrOHjQC2dzezaXbbaegWgC+NNylcgSuPlbAgexY
KCHy8zARQQR87XzRFyfSgG3eJaChSpqNxZ38MS81P3BXpLoKeUA7LOyQbLOAK9Dz
NCSqiEYEEBECAAYFAjwfjfkACgkQ00k+8NKXq46yrgCggAqQ8JF+Fjg79QxaWwIm
pf91jsMAmwathlgkBg4za7KLtRWk0zheulwpiQCVAwUQPB+OlV8eyG+IDJ5VAQF0
2QP/YP25VZ4P1EPp47VUusxq0N+pGuNUVrtLS0qQlIfa/Yp16z1y4V5QBdJEs627
uSc+Ia6f74B9gJYKXquvzSwIe1PYB/zgLuuEpIiaR5OXFQ4FiJ3mz0aI0Aleftst
lkFjKV90at1TbAV4tQtGE288HuFKYxI6WgO6WAk+TbRjsl+JAJUDBRA8H488pVOS
weT0SUUBARWQBACcT8qt9igIx4Qe9tLQxWgK5WM+9vCyFbNQXeQf2EoIb7SkhGWa
8xctG0DHwM/ZHF8KvMAxq3IvzR93690COHdMr5NeEmbRIr4ptiNuTw+E/EM3zmWY
mTJsydQoCKuMpx3KKAIAojO9zfQ3Jp0vKrTyYZpg+OsrrUu4vGv3Uo4pJYhGBBAR
AgAGBQI8H5EoAAoJEAJuFNqj63mKkCUAoOlz2//un2X5LHBpQMqliApr9yK/AKDH
WhmadZB/dNfhqphAPcgJvBVZ84hGBBARAgAGBQI8H5GqAAoJEKK7+yQM+Vb3czEA
n2OCdDNEGlJt0wwUi37vvNJJXAvtAJ0SAOrKsE+jH0Hq/0Y181nCcjWafokAlQMF
EDwfnYXh1PwU5tB0cQEBlS0D/jnLmHQtNmKxV/CXWgyHwcfHP5QcbgGYJfLE9SDV
ARN+VJnFQqXDAPI5qwcdAEOJal8AVs4cnoTwuJm5dnKSjPOPsPEVALFPyX2vLZv3
M/QF+FMuaUowqAM4HCIqPT+ksd+j4jBSRwGvYI6BeBYIWdmHvrIVkh9Cy6Mzz8+s
AZ4WiEYEEBECAAYFAjwfnmYACgkQcC3lWbTT17DpKgCg9AfAjRUwSi66dkOQz+JY
x0o84uoAn37GFkdEINOpqqs5xRXouS8oDO/FiQCVAwUQPCAxAADy2QnruxtBAQER
RwP9E7NcJd6a0C6LpZONEpdvDRqbHtdPG9tFaaEX1Dd3U46BYxZDgsCzgkaKsV0K
M+fWyX+gNMu9TlgBSlGP8S71cbGpOW8leg4TgZ+HVQw+hLErsIh67NBSAnzwkJEa
bK0qeC6nNDWjRqAA6wH3pszwf1QmIH+ajyKoeKOi1VtqCe2IRgQQEQIABgUCPCCB
EAAKCRDbzEgBadC1vvP6AKCIBs4JI5uc3jpRwpd73Xh+yDCguACfQ4NlT5NKLr09
94HNAtZb6hzrljOJAJUDBRA8IuosBn5e2L+1ZWkBAW2qA/9QpFIyvrnaE0FAxzic
yYDXRhv9DV9cEfXzx4A3Wud1X8OFY8L8oQtaxqmhMmh1h+WhxrndZ2VRKpoVt9Uz
xcVK3UpxSOohYUiKYD+4dna39DjT3bXu2k2eTYYGOuy+GsL4qJmxyK0YJqmIxpQ4
JYbcl4VykuJxT7y+YuSwuFpoiIhGBBARAgAGBQI8M1lpAAoJEL+2fm9BJ4pEUGsA
oLQJ0uJwDu23Of5pU4ysFHiq0jhXAKDV9OEqZlHIVOeAj7EHnbe8BL1USIhGBBAR
AgAGBQI9hM4xAAoJEHrsMNJ+GHnp26sAoO4GxzEI2uTijIndTZg6e1fWq6w3AJ4w
o4EgaD0+qvvknsDdVZnqZiTKu4hGBBARAgAGBQI9t8krAAoJEJ+qc26EFy0RmysA
oLE4thJXG+6toTS89svJZR0LO8jBAJ9G+DFp7OaSqxfzBTMG0TUAsBdnGYhGBBAR
AgAGBQI95qcFAAoJECFzMZDXkQ304zMAnRo8FOW39GbbWgqKorNSVe9u+6oeAKDx
tOeZHk9J02e1C36NmNcwFhXNl4hGBBARAgAGBQI+D+jAAAoJEL1UBo1/MvNhXagA
nR8Sl12kfqgwg3d/qDySaw4X+cldAJ9FNeaK9ZNnfIHOez+2pDYk9j/pQIhGBBMR
AgAGBQI9L9yPAAoJEIvYLm8wuUtcIBQAoJrZL8ErmkFcAybHB/pZI0xL5zGzAJ9C
S+oAuaNNgV7Lo4RkV3QKvk8F0IhGBBMRAgAGBQI9o0/lAAoJEK/kxkBlwh7EFSMA
oI7cPlI6hdufiSGe39zEoad9DtStAJ9nXypMUhlIRuMsAfwzTgO8JeZP3ohGBBAR
AgAGBQI8SYznAAoJEMFkD/uIpvQ2DAwAn20jGQn4rGjVQXK4+tivmfidjTnPAJ4+
ZpDiDhFJnx07g39g2/1UumNm9ohGBBARAgAGBQI+9wRgAAoJELghiQKdsrW85RcA
oIRyFTtMGoLdMn6YW2PUf4ikS6zMAJ9A7HGWWGUkWsQrJTUOAvJgGGWDEYhGBBAR
AgAGBQI+9wSQAAoJEFIY2mCt64GLgdcAn0Dhkkxvlc1XC1ZENuEjnSfnn8ajAKDd
lTXhE3IrbgFYh3Zllr42FCjkn4hGBBARAgAGBQI/jamjAAoJEKTWXDNQN2ZnQLYA
oJ+8UtPRlAweLDI/dI+VFUpe6AdBAJ41fl5AMhDdUuvHMA4lLV95i3CjJIhGBBIR
AgAGBQJCGjKcAAoJEA8Ne4Mg5YjtoAQAoIvQpUF9X4yoHZWEONKNd0xTHg9dAJ9P
/EKFyOJWbfpUkVFOs0BhLhkspg==
=lzX6
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0xCC374F2D 2000-12-14 ---------- RSA Sign & Encrypt
+pub 1024 0xCC374F2D 2000-12-14 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1
uid Sendmail Signing Key/2001 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAzo5SykAAAEEANNKa1jxgODYsmC5w2FJj14JFX3MnF9yt+NblOrqXvjzs8fp
l4qWCoEOsN6tueeNRAytrGTUFe5M+fJ/ddx9yRKuzjv6WxSeYsWHzXxMD2M6WWyn
eCK43LhCAd1uuNoYrTdJFnADOrz7YiMu/N8+8IvBhM5ozEH7pzgi20fMN08tAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAxIDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQOjlLKTgi20fMN08tAQF1YgP7BmBeA8wCY8sNlENCgMbYcgkqrmtO
aDzCRwALiIDEC63i317iiopRq8wH8ZQcJewvmQDQKWgdZnpJbpAONLR8gzk0t995
0wKHRgtGtzR8x8RtSXZ9yiC4AjxkLXogaOYtJk+ZXayX1VFCJ0lMoxRsNtTfXyHK
RN0lMnJwaRPE3FqJAJUDBRA6OU38nBy94uNcVjUBARTzA/9rapch15EjSgZIywSY
e53l0EfoqsUqKzCSoRGZqv+hJzpRVQ+R+D037pSV07OItK2q0nYGLZqH5ApLgXAG
/SPlEYPnUzCooijIr/RsLU954lp1HDNuqUZfUs1ukk/f7wHmshsP3LS6zyvqnHR+
va9fzU3wo5ZRv1ItWIL3b68+uIkAlQMFEDo5TglvUpPYo5umVQEBbqAD/Aj63aIn
4f6W57E7APvhkP0FhWcrCp9sGu0+EdUP2lnn7KEn02D1hwx4mDLcJcFxikfXXVvh
+Cfpr54oP0CWNpcpXVssS5CZoYoC8e8W0YoVkvYnxmHFDjnGRzwKDT88FdZYnbiS
JWxlUkcOs45bOdOTE7pIeBwe9MJK/zCwrbmYiQCVAwUQOjlOGO9YlmTUMuGdAQGy
YwP/fVIA/Y7SH+MxlALWNHOVOiPF6KdrZxOoB/Ya1G8uNCS5PttePZm/ZSoyVLSX
QsJG1Xe/3YPXDobuPdRuC+Kpzli6upCHG0jbsH7/m/EPyATxPP6GvpU/eVK1a3el
8aLl7J0m6NSEh349AbFAzCRhrRl9N/jIPt7rys61ELIMp/GJAJUDBRA6OU4wfEtn
baAOFWMBAYELBACtu0kG7v4QYs2lJXIpdw7Bwl2/WNyH8mFhrqNgbAE9+Fsh4HAP
nCBHf3qbjH4/Q3j4QNkDLor2HYIhnW8Hz21At//5/eEm/uJj2vsOjfKFYpGtwf/L
VHQCQDbNFrxi8pLtwQARNL8M0ONT1rxNg5xyv0/3IWeo9GblkV3hdKO1sYkAlQMF
EDo5TlnAKcpAFvTM6QEB9s4D/23DDLInFj4NoaO0MI+ZLWo1M8SXd/sWC32IYY+P
dqABtONUNvVnaz2wSZxb2tKXcuju4DtsMrZFttcEQ6W4zaaGpcg6Hq6UqHGL0UAE
2tkcJePvkIhJ/FokoEQnoAlj8IdxjK56gCT4Z7OOSmQEcNTcjmH5Z1AZUnTkIImT
hFRuiQCVAwUQOjlOqNbgof5PvirdAQGzAQP7BtqC0bhCybf+P4ESP7XwSYVuSZvM
LLrpkA017MQgf5BCHfh6x/r7NxGH4OOTnZwcKQJHJ0NzAxtmWCe3YjxLHMUlfRcK
MIBQF5UhPTOkCo2XFDNIuQ/Tayj1D3Go1JHSRqfxe8et2U1SZi74JMMo+B7o+utX
dUNzbv5QbD7yydGJAJUDBRA6OWaRmAfmW9hLWSEBAegOBACgsFNvkidMRX08xGEN
oX3elJj5Ib/zYYvR7Ui/b27haw9KtuUNct0aRtb+MAb9sXb+0hphDR2W//AxSDgG
Qh6ZiEO9c0xw74XX7MrSpwcgom4jJLxGN0fEx1YGmMF1LGmmlE8UWC+FJdVVnW8v
m98v3zEmRaHvDnklGvFsgItw3okAlQMFEDo5anTObntw7cbX6wEBKGUD/0aIxmvb
kwPlV27sCl6QGy+C3hIJTtz0go6wRh+X0wrP0G5c5OBlg12GqOYP/WlGEs7Qy8GU
exXFZxF5kBtFgUiHLq5XxWsAv4DVyrtu3wtpFu9P+smKuMQWvUah5x2R5AdsyH2/
/nn2tMcHqwsgwK/l2cd7ObtfZXoYyH4ZU+3SiQCVAwUQOjrpa88etQMiMnoBAQHp
JgP9ENhWpB1jv9xrUDy6XCIEdx8hoSVFT/+PaiPhyRwEY1+sW6L68NeTPWnDAcuF
y95sZlBl6xKIykf5sG0Cb8/Y8HMIIjuiet3nYTd4ehKE6/byOwwVNwe4zu65+kGz
YT0NF8CaZ2zBFV9wM8JnM+BHshxu1X+4u57oTbenXCNBOmGIRgQQEQIABgUCOjrv
RgAKCRACbhTao+t5iuX1AJ9EUHSEkOsMJaO5VMVd0SDv9Hu4pgCfYCqfYMnl5qJD
kkeECdji5LyI6JyJAJUDBRA6O3qFXx7Ib4gMnlUBAQyUBACIxSY0YSZhxfvhIsQs
PjqiUDQLEyU4EBEUIV3tI4be9jwgqyEc2vwP19iHPoy6UY58mXRdetxZYNbwrBIs
+wkwgAHc1J7aH9kSqc6ngDgT4CU1knIauY/CEGg2ziOxdLOVlN47GHcZMmsKIxip
72/00mSe2aOu5vJR7Qdmszm2SYkAlQMFEDo6+r7h1PwU5tB0cQEB870D/10/WrVu
lthFPbemoks9aNcMqqV3l3BonLpIPKqLeQP6O3NayYDqtFNa4DliSr9SCPUIQ2Wz
9uCm0V3fy4wOHoXhYek4YxxfHs4qpPPCWbzswGe5n+uOokN/4fAlZzCp5uH0AMST
ZpwmNAE86w46Y9q1uc5IoaHwlsr9eeDtkYcFiD8DBRA6O5QPzsKIjL9qTKERArsa
AKD64s8528lhdZBRks1joz1nSJHTJgCfcV62uKYFdbgCq0WBNcyDgqekw3KJAHUD
BRA6O5cHrOFcwQTbex0BAYr1Av4kZOv17HrZjltkT6hCLzr5XmUsjbZoJHjL2vkO
eybNYwzQOg2U6Xq325ejMLdHlZ2cR+fZe2qUlsJe2RrLpuQI2a9HLlsl/oDIN8AS
yOnRtWtPsuLQpwSnzxw0k6qjChmIRgQQEQIABgUCOjuApgAKCRDbzEgBadC1viYI
AJ90YPSCIMcIhcyzzdqwVSlpIMSp+wCdFZH4YnjW1eFfzfym5tSbxiRVWCaJAJUD
BRA6POfsAPLZCeu7G0EBAUUoBACQdVkXeAia2QuOD0J0OH5lSILg3xTam1VpJXpj
70m/kmlzAR71BIgCFTeTsg1IhY/08cLBqEwksv7nLt+1FSxHCNt8o+SLkA24iMIB
b7JeOHxkP8QZdiBbLSEvEE+4Dak9LaxqlLvw+u+fxCmw9er610OTr5zUq5cbPOpM
dl91r4kAlQMFEDtV14N8S2dtoA4VYwEBIhkD/jYYYvHbEBiDHPXnjnLuOMu+bxrQ
h853osuruoR/bYCNu8DiGUFAukjTK9pkaDsAsMfLOZOpWiPn/kN+luE3YT+5+SGG
R4ui7+dqtyk6Z2sDDQleHl8hSoRxr09/u4K9jQ+kPgfZi5wT4jGYvQe58AE1v7gX
J4TbIr9uEI9oKYf2iQCVAwUQO1XXh9bgof5PvirdAQE7ngP/YUqHel44yPfoOqgx
uuqVNMM2gCqOQDCovuKIoSTudO1DU6+bxVoNXV39/dDZQa6eEDCCVQx8OY3DWK7u
WcxxangOnO4VaJZxC9tBiiOer4RbYoQPMjEkklewAWe542cjBpkamfRyKZklc2HU
txuBHFtue5vWmH1Xf7ehg90/y9KJAJUDBRA6PTb4Bn5e2L+1ZWkBAXSdBACz4VYH
W9SJDSoHeUAjNax89Uql1R+NLTqzLkseoNXluUr9RIPscGLAsfYyAs1RZ7V2YnNd
aFlKhFVeonLymdtO82lk1UJ3gRhAWV2tavvFsWsT03wYMYbsRe4ilQUNiTs4z6PC
uN8B32VT/dIsBVSR5oyeriFI+BHTFSdVsB23xohGBBARAgAGBQI7VLsdAAoJEKK7
+yQM+Vb3OkwAnRJPIfGWX8u16iYG4C7r+qjtgRQ+AJ9owLK9AVpET9PcenwgZiwv
7NM5lokAlQMFEDtp0Poj5GLUv3ukIQEB8wIEAIFDIncAdm7nVZn6SaSp3hE4/c/T
xloQNT6tOTs5mO5lv/JqEkDiZKc2CiU+ejgRMTNTcP+uhb2oHDgqu64aZ2C4KlYK
xma6fGmUxSMvMhdJs7FTep+FYp7u+YbP4burf7PWgsrQnSUn7cAREj5K7/Hcuef2
XUdvXUMSqXRClo61iQEVAwUQO2/01ApZC1ZHD/lLAQFniAf/UQMOfgIsIrW+s2/k
E5Y+7I1Qd0xKIhBomQOOyABjQOz+C8JPQ5myr9birCK2/q0g9JjvBMy2qkxhUmqf
/v9JrOfzK6EJ7MNYFqXi0C/QvgTItRbryL4NXHq1MjXjmzCZC0MUy9I1IzTa7M8b
aurvjVofGIohoCKLkDTO8ueEwVg5RLv2k4lSwgnO8od5SfZGjuvm9soaMx9JBmzp
mm0wmmiNfdDavx1Gh6A43agJSEgKeZmJtxCVepkspyp0F/LoOM/5hpJhJ1Vc8xZ2
9gAQW770CjWtIvq23Do3ysDrt/1ZldVkE86OxROfyNwNWMU/vE/Eid4+aGUJC3u3
t2+AfIhGBBARAgAGBQI7Qys2AAoJEJFoqRmvfNykeksAoIUmqJpAfL6YYeX4sKLB
fLM1d6+KAJ9FlqjJEiBl8UoeGroen846Zw3i2ohGBBARAgAGBQI7lQW3AAoJEJAt
vZGMOKkK1fkAn1/++P63hYiCyWo14Nmj/KWvjJQgAKCO65R9yrJFjJaDDF6T0Yr8
8s2R54hGBBARAgAGBQI7oc/vAAoJELymmQeGwEBXt2UAnRaJwn33WoIbI+lnBuEc
kplGXhLAAJ4hXCx1Jemn7HXI2EK0sX3T7NtLsIhGBBARAgAGBQI73t7GAAoJEIeo
vXamM4UaEtEAoLn3FDk/IovqUtcTmslCJV3BPRhFAJwLShkY9zhsTIukXBaLh99A
kDEPKIhGBBARAgAGBQI77DTJAAoJEL+2fm9BJ4pE/c8AoJd6xTH1hkRo+V287uJf
xYareEavAJ9Qma49ilWbJKhTAhTBhpnTuTOVE4hGBBARAgAGBQI79sXXAAoJEPFm
QMK+Qtym//IAnA43baemHDsSrfI1DsVDWZTP+glbAJ9oAN6qMzR86M1RD+GkTVUV
F2+7KYhGBBARAgAGBQI8OpI+AAoJECQDiafuTpyZIvoAoPAyqTQRhHMLLNd45daR
f/6MCXd8AKCBc9Zx0k3/q+tlHgicaddIVHDMBIhMBBARAgAMBQI73qoJBQMAUw6A
AAoJEOM8pwiOYn6kBi4An1Blrn/HWp0f/4k+pisBYSuBsE/9AKCoPfvusuOOY34F
NC5QCyckD6bGl4hGBBARAgAGBQI7psgNAAoJEMj6RZFuNvzL/lYAoIArRm6OWsCt
hhr6jKClwc5bquCnAJ9yDDi8EiAGItgxgKJ6oOjBSorLWohGBBARAgAGBQI+9wRg
AAoJELghiQKdsrW8cJ0AoOYME2dv76+4jOdfgbpglb02gjpxAJ4rJ6fAQpg2+1Wi
NsWQax0DR1DG4YhGBBARAgAGBQI+9wSQAAoJEFIY2mCt64GL5x4AoLbyhS97/IRT
uhPIJs3z/cqJRaa4AJ4guC8x4aiJksWdO6Str1/2kJ4JmYhGBBARAgAGBQI/jalx
AAoJEKTWXDNQN2Zn0xcAn3Z6KT4OMPMNWLF9SCLNrbBDpSzpAKDG+JrrOtdklEyi
RFljVEUVKZ/GGg==
=Fv9l
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0xE35C5635 1999-12-13 ---------- RSA Sign & Encrypt
+pub 1024 0xE35C5635 1999-12-13 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 81 8C 58 EA 7A 9D 7C 1B 09 78 AC 5E EB 99 08 5D
uid Sendmail Signing Key/2000 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAzhVRnYAAAEEALjBKz/mDHemTNA+hNjGcruAJm6Blc9ZIGHPthQWkFt0ca70
w0U8TBbK/m03WdMvq+PaZAb8EG5uqXctZKwmWIIGB7nRBLLnj42er8XwUfAT8KNJ
PQ1p9x9zFWZc3byC8ekg8l+CK/hJLFhGTSGjx8nHv+LvPis/mpwcveLjXFY1AAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAwIDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQOFVGdpwcveLjXFY1AQG2vgP/QRG6TqsmJgixf27F2IFgoJLUU+7C
ZmD1qNT9yL/1JMbE8pnzxOk64w8D47ZiDwr9dp3EzH8EpmV/eIpxLNYV7/Y+W59J
8+EY2T9mzVmp0YGOMFYt8lLVw6NKqya19adQ80dDzkkmwRHfY514+9+DPbc6TvHR
jNzo0SuetBiWW+2JAJUDBRA4VUa8b1KT2KObplUBAbtYA/491EG5lsbr09oV0g/e
RSfxliLj+lCJdQiicwYeqHX5dZeB04yz3wUFovIff8dY01KcITXBL9TtDfarz5Pl
nelUg5cIlKn7kxCeUP0ggA/tz6Zlg3v/LkoIqsUqrodqscjLPt2JTWPJYWYaVjM9
fqXiXRXlVcy2urx6uEucvkjYY4kAlQMFEDhVRs3vWJZk1DLhnQEBwoYD/1zxfMMP
pqj3HV3d9q1esyvZdPACiAH+1CJVmtcIV8TjO5qYulxz2TEtd/JLqdYsgUgf2N8T
/ClMtfEReSTmVNWIsINAA75P16uIkDYZ8Tmo4XYOf80voeOhWlAwpyLQGIN3GVX+
gLmC/9Fw2wo0E3LsCrUfXREZQTSXMqIe3YPJiQCVAwUQOFVG8XxLZ22gDhVjAQEA
SwQAuIEC9CZfKcxAImFBvwqfJYrnKtWPorEV3QtqAN4WaCLFvI8jZJEPJJEf61N9
aucpO/qj6x/iwu2k92E/T5FRVUiFKzXZb5bWm+qI5c+ynBZq34s+qvAq7Sx0gXxJ
qimu4ZekACORdeRsILzgRYwGHA45SRONvTY5t9xGoRrsQcuJAJUDBRA4VUm8zx61
AyIyegEBAczRA/0UjYKC81NSK+a9XNl83ANI/o0TZfqpsjotHl+Gagb3NWQTFe/3
AjkDovLk24fB7cPEwcj7Y4oX0g61pH3DAyPK+Zo1VbYTPSEU9ljVB042YLz12EMe
c+eD6k2yC//vVK8BJ6Iefh/gXg7Mb+Dis1YBMg9d+23p901DJi6OeZqJK4kAlQMF
EDhVTYtuAhsP7LmozwEBBGgEAIVaUCZ3hplEkX5yBBPOccaTV4uioK/8tzahAC9h
kN8slolrnvj9fQFMFEltDZSzIqn2855JCT8+ZoIdmGsJ6SyIfv2vlunMIsNfZiy1
jE3jTJ3KEX98fg1h0SBGyzsaMHJd/NzdRiXbmqC/yQOj8eO/RRK3okAPdliVzNx1
BjpaiQCVAwUQOFVRDAx2JIpOldm1AQFRvQP/RquJhO+TZJI2nZPUiGsjwHVe/WNT
SQM3nIVyO/mwCFqIPmzywqwn3OsC50S68Bif7PwMToFQKcgNUOwQtZNyp4aico2v
VLkxjbpAorqdNDkALdwFWziWIHZRZQ1BVEQDXj5sRoHpsQCmNjrYHh8mFYeVcMv/
QMRebEt4BRQDXgaJAJUDBRA4VVFnXx7Ib4gMnlUBAXANA/9tmgZGCOUtMC2Xwa1W
iLhYPiq1aSKOuErkalryTUg98qEOQuRxGyunJOZ5cR6ynfJcZwV1N5CXlb7kv1el
M4iixtcBcytgauH/hgmBOt3oG5jhDoVTaFhFwCXaKOLQJueKeV4AslohDRY4oRhk
WIVt3oue1nGpNxzSNRIRE3Mgi4g/AwUQOFVRrQSARzl+O0g6EQIU3ACgo47QpRZ6
Ecy8iSR62/Sz3bXeiOQAoKmnqAyk1FvP3QUfrOgz2exd3cfaiQCVAwUQOFVTLxKm
NjwVK4clAQGyxwP/f8/V078OiECxTHp7TbgAigCqP48VlfCGPWGQ3pShFGAPQizH
zX6gNKu6SEGUy+FFwYwQCdSW0eToUFeAhdo49zx1sXJMR3gbDKjQcfVoXGJLcs5y
zviG7FZokbNZjyjmEcYi1n+wtGGsLm3dHNrzu0xdGoFQ0aYV4lsiRomLhN2JAJUD
BRA4VVXXAPLZCeu7G0EBAUpSA/9K7n1nDuma2r2+prFhPYkU/Q8GVJGkzh0DqFkx
+RnNdMtC1QzjFn8JN0x4t3MHiGG5jVkVewDQUbGuZ+nVgFgRAK9KEVAFdp8y0pSC
iJ/AmN/as6RyD9pbXlmxwmKUzVJeb5UUzQNHUtPedJ4W5zBGGr2Lb21CBO5a2+Mp
EsNEOYkAlQMFEDhVXhMA/N7tSC51jQEBFrwEAK9ZQQ3soWHviucZ/45UEz/irSKt
69N2njmqYy2hHtQDWtT175+5y/ej21bVEuPPrR4wJeoISxV8yGqJKiSzMIgQ1T+f
RUlC/b/xupSSKW8kPgvq/KLEJS3sqIhIgmO9zmZJp5FGK4491roiGsEkCtT4OS+q
UJ0zvwfhcSAY+gCyiQCVAwUQOFVkNy1ZDtHS0qyNAQFajAP9GoB7sYGZK3duKj/A
0pvF9M81BglbmxwrZeQD7qJKUGYz2RXFUt33+Fiui9ZYcBpWO3aaYDrQr3zG5fmv
2gu2wBXYJbDb7MAx4KJwqpLH7hCfwKX+W6OP8oh0QemGvWANqLQcFzN4LCxApfXP
yfVhbPO0Gsa4V+lZ7EW5yFH8qceJAJUDBRA4VWf6dx2Srolyx8EBAZecBACQXnuL
xvn2kiXGon3zBoO2bIU95uP6i0/0cQapR2KfYSploXQPfAql6YlTkI+9CITv7xAW
WVWfcNBPUWRuZKYUC7qj9PUBjE2UlSzqW2z7dEE0HamBbYqD+OAMjxNp0S3jSdWx
a5qW67fDC/j/US5ECuYKFlljDjy4SzVJ3slWsog/AwUQOFVoXoMCoaE+3wLqEQJb
MQCeKzgFCHQgkxsu7y5tI65CEAbIG9wAoIQ+xz2QEz7vXRFjfbvoiHrEUHKviQCV
AwUQOFVrEZgH5lvYS1khAQHztQP9HEJHJojmwUk+5DKJHC2laFeGoKwVHEoLeLHx
GI2Q9icGv8k3A/0OYjxAb7FPNr7ksTIM50EM0OWv4kOM6N2guKQiXWFi3ex7HzW+
WBmVvEJNsMAASH2h/KdOOwJHH4OkMqIUhgg4vl7SsmHNGlf6rMnnUja6yMLrfjvA
UBS9kUyIRgQQEQIABgUCOFV7rgAKCRBBmwi5FiBlLDWSAJ4nAq0EdKIqZ9bXhmaM
ODm9mIDlDwCcDskeOGPiG8JQXPquafgc/PucTUqJAJUDBRA4VX174dT8FObQdHEB
ARU5A/9O/D/OGOqH/mn4kZT1qIEh/jBMvTvHov0NhBq1HlPplhe5iZcG8hM9N94z
P1hZmsYJg4dn+DFw21LVEWQ8y0TbygA4YyxbLq4El40GXAN9/LvVuelY4LucCNoq
JKUrRR2Pd+PLEvZEcIqeDu0+dVS0uuXptMPqHYD2UMoNbl7q14kBFQMFEDhVYDaD
yJl8YW+H3QEBuFMH+wRYTwfWgXJDQJ4v7T9zOvkdAVfZs0AgZUPSRKowwcV7rKUa
zJ9CwmdKUCVBpMPgePYy8x5Wc8tkScvAxlCV+wPhyn/V5cbDdL80QduMLVFWBILN
wAkviNFPpEdjxZvCpBxG9pQIp/8YI7fRaCkJR5Q5bp++/2VbWa7YHGiWjLVW6T2z
8dCxAplxC517qzQlo7i4pX34W7qNz0b89+RAgwWJXaFjXPQDv0sTwnRZBwrVq/V9
TA/LY7qmVspylvu0w64NdtiUqnTa5jS/9BZtFf3eyOezqSIEwRkQC6My/JQxBKvX
spdbJDnrJxD0D0B2eTWa3MQD7BK+WC1RRkTjvyqJAJUDBRA4Vt0jBn5e2L+1ZWkB
AekjA/47X/leujEhaUEjj9hMyDY6/8HbgxwNyUd+Sx6i9FK+vhAGq8s07dTty9br
ozqixmHCGYPyvvVkcsVpeQlEWoXc750hbj5a/Et1m3C1J6vGn979f0do144ZiiVp
zTCh1LZHH5rALd5tuaNcD5MbOYQeP0vDVcJm2GQzm+IdjGtzP4kBFQMFEDlU6+1R
idpgCr+sGQEBeVYIAJ1YGxnhVIibC1ucCCAhZH3NlvGmQpmjEXvI9e0EVKfddrli
+DpArasN0a0xZTZl7Utm7Atql7/LG1JvlT+DpnfTrCqDlvjlqiYd+9050e0scrUi
DWZDYt1jaWTvH1Hd44WE8RUksWQH9iWW6SPiIFOVzA0cdRRHM5BJ2qU1/rRWWyi+
+CVTY0pZ3DylbuItNoKFqzaWQQY+oXkI3XS5csG+ea89/n8zNsW257oBNV96PEzt
AwQh8fAklSe3n8XZdEKVaMvnM9zLGytbdRKgJd6NnXGvOIFaPCKiNklH5Yrt0JeY
Pp4AlibRmXP0gOaBgf7Naf7GhCZ7i/15pIS0hXqIRgQQEQIABgUCOM+ahwAKCRDf
1pYxtHF81XfqAJ0SIYFjg2AKnrBhnBhKU0shCw/kRACglz9mEfajFVPi9obylPuc
G6QRyIKIRgQQEQIABgUCOOIMFgAKCRDmgewkqlkhz57RAKDuZ5RS6cD44X5Y1S2Z
HALuguo3BQCfWcUnI3qOtjsRlPadeixb/d31omGIRgQQEQIABgUCOVOiMgAKCRA0
0QUrP30YUb85AKDaU5wZbwb2PTtRp0YZir/jGyxULwCfQf270gjROiMsrE5g9QmV
yTu21OOIRgQQEQIABgUCP9X7TwAKCRCk1lwzUDdmZyF3AKCiqP3E0WOIB29y/4bn
NM/crb6x7ACgvtBojMcjmSZT4ErVjhLvJPmS2tKIRgQQEQIABgUCPvcEYAAKCRC4
IYkCnbK1vCHUAKDTzdZqDKSLs1ziG0JObX8Ew0UbRwCgimxikMeoz/vKXOJGJ6C3
xg95keGIRgQQEQIABgUCP9X6ZgAKCRBSGNpgreuBi6xGAKDtHnKAwUlNdltYMzYf
/tsXVdsdUQCdHWZaQyXqjOc46HDAvpUMY79Xr6s=
=DfZ7
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0xA39BA655 1999-01-04 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 25 73 4C 8E 94 B1 E8 EA EA 9B A4 D6 00 51 C3 71
uid Sendmail Signing Key/1999 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAzaRMIoAAAEEAMWVJpGkwKWD6GFDUHtV6AUDzwSAXiWc6UinY7EpCLwFdYu9
Le06VwQt8H9Xtb/2jrXDV61Wu0IDJub6g7PZxWxU8WHVnMX4aBT5WOCBpwFRme3u
idwCAbHuEJs12FQ3Tf+4CZ3R9uxlAovRaY6g3fJ7gtAc9HAjMW9Sk9ijm6ZVAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk5IDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQNpEwi29Sk9ijm6ZVAQF3LQQAgpuD3UA69w5FjCAfY1iYBsaGJ31V
1IyFQbo5fAnVo8PMQzioqbsn2U1y1rRkf//gt8T5oVo6Q3e5oWQF/vcruEP2WUSZ
1BkV7zDWLsa6octYIEt4Rdr6gBxokzP0/Z7Ck0WOfSxEAGXbHZ6NpbcfNdIZAxhZ
WPqcem3zEwoK/l2JAJUDBRA2kTK271iWZNQy4Z0BAQltA/9b1Xtp6Sqr8LtBAUax
ziRYYmlIENgkYJGPrF5iB17d1M+aMyJ1IzdjKHaoa2+WpWYhzT7RalcxkrvXZEN7
hTC5XqsmkGXeg2oiwJPCVTUoJY0goJKiMXI/zYcLGAxTnYr3rUevr+vOQyXPx6Ld
AUCXcsD8LFQWR9iQTgTOBVSOhYkAlQMFEDaRMloj5GLUv3ukIQEBjh4D/RbqKENF
51C6DrwE5IJrpIZ227mQwFzu3olcF3v0sOoHv9Iqw0iebEM8D9z2t6XiGNSgfmQy
EUhQ2gTLfbkz9lSUjUaH+ziN10SXSd0x63n2xqrk9XaG8YCWJOcMe+N5Gh7UGniS
UD9XQNBLoqnOL1FpScAC3F+KsH4kCKLQD1KJiQCVAwUQNpEwwXxLZ22gDhVjAQEC
GAP8Cle48mxG5TcrAglAXs25YBLhHK21tnSWrd8j0PdID7+9AKongjZOKxyAnFkZ
RNXDArmG+FVA0DAJatiFXikqpgyHAM/QKSCSjBEOru3Og+3qV/oFQjAVPfLQbFPb
6i1TIWzvYTp9L4TlzqUM3OF51Mx07W1S+qCciozA/0GqFGiJAJUDBRA2kTthAPLZ
Ceu7G0EBARPzBACbuAlTHMobN3Lw3YvsOUgwWHFLqKXLNTu59ozZUL4da/E+Aszj
MgE8343pV9Nwm/aHGXRNiAEOftrb+DdU1jcaFgwsrWnXK9NmnpAYbMkoOb8Om1Nx
E/5u0dIxypXO8ziyQIfkElsOVzhPzct9wZKh4qt2uLGcVWXeFnf23VRb4IkAlAMF
EDaRU60Gfl7Yv7VlaQEB46QD+IGxaViR7rQv6r1sAZJzxC6vMpMK5tgk/47gC6jm
8STb2DYvz/5KNYTkUDRB/85Uy8jY8jabkalWBNN6z/Cpod9ysSjSOKNBQ+6MMhXc
qXWKakxZIa0rIVNEYaRTAbVU4J1aXRdh7BtC2nEqf3SQD3c9HDLA3p1W8g8ZyHwr
QXqJAJUDBRA2kVJAXx7Ib4gMnlUBAX7IA/4mKF8EGahmbNXA8wcH4K2r6LzRLXsE
f444U7hWQRW1fCxDJz4DOodUO3aENzzWjfxL8BtoosuDTJeKGXoa+5S9bCmtaksm
86G20UuDx/vt1Ol+hZFW8q+bSS2bsAKLvXZVDnURtDu6nzdNR6Lt61ahsUDo4nLw
iiKUZeMdE2S+H4kAdQMFEDaRV+is4VzBBNt7HQEBLbMC/2wuZQqaLrLUm5raynph
rllKT+mQQSTedTACKjnpT4LE65YYGGFDrIMS151lQ1OVvu0DpGzmQ5b9kFNGp0GZ
giXndPbvmwPpOn4ONmCo/zZFWryNQKuqPn2EN4rPhngjRog/AwUQNpFuE9TeeNh4
KRvYEQIucwCfe3wiwfbKv6937Uhay1cwJTDMFmcAoK2rmX7TT8Rh4fw9eGuEghL0
Sq5OiQB1AwUQNpG8CnLJQtjqWiN5AQFBrwMAsSbDxIi8KPCjnnK72nbpzO3+iGcP
Uh0k96l/Uflf5Bj32RSmzFv4KyfPlVJ83Pt1InG+HCwHSAmK3KT9hfy45wR++wo2
wAFI399wsKfOXA7RI0YM8lzgodMVcd9XLhKAiQCVAwUQNqjzQs9zyPJiVAEJAQFo
dQP+Mz9EbM0cv7Gb443rLGeo0WB9CaXSOW5tHfgXWJualdPoFYBwIIqOQUBLgqyT
qgQLN0R8Bk3QPGQETjHYgBqhIfaJkZfwbyY6wwZZTyzXQn6QTzCzkc4nTA8bRbQs
qDMrQqBjUZEBihUrxeY2YM1Ly/aUr6+UBjdIPbU9hRcj/QWIPwMFEDd9XZSDAqGh
Pt8C6hECO0UAoM1r1VbVgpp4oVH0vGKu2IJQnyUSAKD+YomxwnuUu3xDCdL6AURl
onTfZ4hGBBARAgAGBQI3L4BOAAoJEHlwE/5CaaTy2V0An3tCNkR6qFVPULvo2hxq
eGhtY1L5AJ0W5u/dd+7S8upDzbfzh7hOQ5NoEYhGBBARAgAGBQI4Em4hAAoJEDrQ
bg2RZy5OjxAAniHUaEOaOA+O1oYbjSxUf7nJMrl6AKCmkWSriDk4i0KAaveOtSE2
9DS5pohGBBARAgAGBQI5U6I8AAoJEDTRBSs/fRhRR2gAoIafxUUnWEF05lzy+ETl
N58c43U9AKCkprsmqzJmRD0W8BldNuUMOElt9IhGBBARAgAGBQI+9wRgAAoJELgh
iQKdsrW8gG8AoNxWbMkigT4z8ooZSgiPstcpBaIZAKDw01I+jzm7wjnMdch/E6t5
lCKtm4hGBBARAgAGBQI/1fpoAAoJEFIY2mCt64GLR/wAnjDLofOiQ5cTy2yg2cDo
+uhUr+w1AJ9+/ZarbSyJZowegsHv3pHNBok694hGBBARAgAGBQI/1ftRAAoJEKTW
XDNQN2Zn+ZEAnRglo2vBvbh2FKZzofxm9OVRTtRtAKDKvLvi2eA0aJlk0rsZ8W/6
9wrG5w==
=ghHr
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0xD432E19D 1998-03-14 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = F9 32 40 A1 3B 3A B6 DE B2 98 6A 70 AF 54 9D 26
uid Sendmail Signing Key/1998 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAzUKkdIAAAEEAKvdxY+iy7eLqxP5StbpZuxYNPWLye98bXA8oKwrEm1vy7Xq
LBg3uNXjlMtwcNW/r+oFu5A++2R+1qC7w/0867C+52D2zkfGRH3hn9Lh6YaA5uIP
LPbMGB3Tepbtj/lAtOJb7JKdybF7fkxkEUmwhuA5kAo1rKKWNu9YlmTUMuGdAAUT
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk4IDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQNQqUqXxLZ22gDhVjAQHaYQQAiFITCRAEKhLlgjcFlehTDmVMFb92
1jiclN6377xe+A2zEtq4p3R8IwwiVTGeBzs0Zmnrlo+fAdVFYBjIYCtwKVTwd72U
v6kxX40CjNkx6q264hUjILOumQ2P85/Aqg7wmnK9vM85CkmhKwu7b1OHsY+EFAlo
U9CWyVjwSQqzHnaJAJUDBRA1CpJ4I+Ri1L97pCEBAcRtA/0czuj3hK7YiVL3zZaV
EUnqw30auexjm0D+LhPpsHN7OM3im3z4+/4Pv2O2CH7nZhAsgRN9N+qdf3fCVGHq
Y/ULkdsxKNbPEjSEWI+dqUWj6EyMSewKvBo7Zvljii6tBsM48ohtkWTo4B1/SuJb
FM5TgXu2PMTgWHsT2DFb82wb/YkAlQMFEDUKkmfBnB0lEtNGHQEBmCwEALZgc6V1
mvRL/dqtGwdt38Uuw430cdM1Nk0FlkQsGXVWY49A1yrLAcuPQi8wzx4GS0LhtIeo
vmrQ91DBaKxvxkboqM4orYf7PB5exSS9RQlTN2ezaf6IT9hVJHtXoYxU51Iny7hp
r5t8L7od0gue9SNsLWjW9PZH1eKz83/g5VJZiQCVAwUQNQqSVu9YlmTUMuGdAQEv
nwP9GvBao9wPX0r1aplZgkUItDwWGBbF8qQLgX5rM8b8IAxvHboIp8fbCkzhVxI7
v0IdYc0u1hrY3YfCNNbELu09JEcvtsl3hhmXnalOxCEdjoMUiHSb5f04sTBNOhD6
IWQqixDizoVzW5XljHBvgxWJhBus/dPJ6hdZPahioVd0oLiJAJUDBRA1CqZRAPLZ
Ceu7G0EBAYlJBACumnB7zeAOpuj0y9h0Cgh0DleNWnqpHzTus4lbt3vw/cMpKmXt
nGxMb4HE9rp6CHuuy3NumH9JHa9lwgb0T6bc0Zbc+LX1j0tKMC4BIsfEbFiOMSXU
P+meyMUGY67VysVEeTqCgG4FqK7yOhnJsxjwDxJTIlrMoYwSSmsF4/R8Y4kAlQMF
EDULPLgGfl7Yv7VlaQEBWZ0EALAGPhQbVEPTp2Hfm76ZRWjYJ8iDn98znfsHRYhS
A/yIXF17eDtSkYU/ANOPNT8g5fOCWKjfLTJX4Al78rbHeGeKS+eO21WQCh8AF7Bv
vZZWJZ0CyNnO++hzyamsOG1Z5Lrt/WQQPK4Jv5ZyqK3f2nGDufHuyQuIXxsdd+BX
oqp3iQEVAwUQNQwe/ReiaPz3pQGjAQFowAgAk2fARyp4iyRl89ZZHGY09HpRbwQS
4jeDIEkBPBpSCBXIELgR7UonSoTwHD0nGHuwgdil5Zjl3PAlQJdo47Sh+hLCMoN/
mg0aI0vSnOxnnVgIcAigzlEAe03R12frWp32SjXJE1GdeFQWlzkk/6BoujKybvI1
oRr8OeAb8WzwmUr0c4VITEdb/J5c85yriHIuWpqYWIq5gb7evdj6JTKXly3gFp9R
bwwd2tjlHYu6O7dHuEsmm4n4iK3rEglILvWIoS4kVV80v6IUE3xgLAVf7tnF5iNc
nXcA386xUBB17zNvJDiUrciX17TuZsIVvIQnB519NN/ZVr1KpHSbLgMyZokBFQMF
EDUMH1shtWni44zO8QEBGOEH+gKn6blq8L2AJ7Q2Pcw26Do4J9xlRPFKrDgAgy6y
U9x509y4BeAZ6yn9RV0iGwhgzbdd57QrUpgcYNKGXSC/tJZZj2h3CZ06m1zaGtJ0
ig0dN7MU9gqZZMLy9f1EZmCwXeZHXL8t8lUMv8KEoq8+vvghCRvDNUgyQpkwcIOh
rSu9yJ+OeJ8SpucL0ebJE3MmP2JYmqBCBg3pbr8bWvzjZ2Ny40OiyRnuXFP/jC2f
ll6oMi8rOpWhjTTuHyrWEG9AxI8xeI5WsEOrJHH6stlmXJM1NtlJQ0D3qCdLn81M
vitLgTPb/xUepRkFdBhZESG5BPDwT5hm1w7m7yhVohcH8AOJAJUDBRA1C3M0THwE
EmD/AfUBAbzlA/9nDPPyBD9T1ygEHBsS2ZztO7enSk9DaYmt2jsqQ413UnpbhybR
zZiuHXpqgG1p5GkYjP2Cw1DtT/dHu2nrD6Mf9j/4QYaRi0sdWLMTKVFPDlT+j1G0
Ag7/yCMhPv2xr3JOLPppCFiYPkdqRfmKnCWdCtrXmBvu4EiLTj1IXtc1WIkAlQMF
EDUMLbdfHshviAyeVQEBQOUD/0QsDaDnzgcQHbtvJvDM0x+JYuejbvQEXh6k/cDP
dLIC8XLZMd0uuAWE12SL1pm6J0q6+csKELascFKyOWTRoNrkWC5m1ltgRuyfXq3z
Ur9SfL0KlfWFLXRsmGRd5V37u5H9kRjeTRlyiOeAcAMzaLunI9dK8sWet4p03GLy
GOHQiQCVAwUQNQrIVW2DN4pRurLtAQG7gQP6AxTbsJ3Az+bwEgymYYo7EWADJGoB
e1r48/0YjocxddhcXJSGL5dRNqY8NURSyvw/dDtjH81mVIbRlZR0QS4D2Jp94Q5/
mrWyqBW6Ah1EFtihncY3o/g1sxEC0hIj0/CklQmNttxeIGt1rRVyKxHa0tYkDtNW
w+y5xZQSkE0yin2JAJUDBRA1CrJtdMsnjUUcGpkBAQ11A/4rp8Oy2cVbkrHHIxxM
2dML/tqNOgOGaB5tEISgtpv9xy1sVuEEA5T6rQJefeC0K00M3Mb3Sy4uumSaX3Io
yTQr3XD3FZ4Q0n0AWR0ppRBvepqINfn/yeNF7268SDIMstQjlD9GzyCobqrR+VLT
pxF7wXqyHcLyfqQjRiM9ZNTzAokAlQMFEDUKyAd3HZKuiXLHwQEB0+cEAJ308jCg
rgWPcSstZH8Q8AoQajdxYMqImoQaqxC8zWjX7BK57pEFLelI3uXqkeEyqIGH0Yqc
SvHQSSe2vLe3DohfGraCL2VK+b3Dw9IOaff4+ZFlxLVsqNiq13Z6aqRuKJ5uNjhI
0q9PPBZ8xzOMGfa3cMmW18INJvrVyTu3ENXUiQCVAgUQNQqcZHfUAfkkYu7tAQFr
tAQA45cSUfYgq3d0RGx3RLUL0H+Bku5xMH2YuRJfpEI/Oc0Z1l/G7AfoR0pTqo9p
uCu21glCUWm4TvUEaGJjT7q2pmcoLO3LCavNVAZHNTPQvjJgu/Z8+290yR9Ln/f8
4F1/zcRe4Gakq2weDM+h3gH914vXW7FoGJePc1X+azQ7pYCJARUDBRA1DBz15mc5
PORZW/UBATL3B/0aknENUHmJ6+axITL1ZODUe/KqFmLRgvCl2g///FtMHlMCUyWy
q+MkyiHyjbgh1eN6gsCHUSHiROQdXMRRSxZm4FVsjznisjybCqzd93lBQQyKJ6XX
KWu9SjJq/b6yg83byTgHZRW6kwjmDal97kVyHtV1WZBGDJ+v9nCY2tSvqujtNQbJ
LWrHp447BSIXBBpMkF/J+cbl7yZLiUN8I1SnLYYttmKOtfD33eL41oKT2LK+j8sI
kCd4XbcGoMJ+DExDVhFeiwwXWzomvTP42Wv0b8DYI+xeuE+AyARxJ5AVbGUBl4sZ
qVuNMDZWhc0GLpT10RUeJ5HJVAGIWB2fLIsEiEYEEBECAAYFAjYOsI8ACgkQkKql
f7AyFqOJ+gCfUIx3JYVnHib7dOfK9XbWXj9P6CoAn0Dd1JFMfXzHz0HODBhkMmJ3
7zKfiEYEEBECAAYFAjlTojoACgkQNNEFKz99GFEFXQCfR02mflvmFNb8uGlhOvxi
Nt12kpAAn0uA3cx9aug8PHcqPcezdwPSWYWeiEYEEBECAAYFAj73BGAACgkQuCGJ
Ap2ytbwliACgtmjNLo38Xv0KZXlU5tx54BQY+t8AnRsFftvOUwMJVA59oKrl3I5c
I3SmiEYEEBECAAYFAj/V+mQACgkQUhjaYK3rgYsKgQCeIyf51Q8863lVdKLUDzTd
jSK1rvsAn2ZxBCocmQh4YCvwRz1w4qqNZx04iEYEEBECAAYFAj/V+0sACgkQpNZc
M1A3Zmf+qQCghIFSHbIMvME4+5Cucw08WL75mvEAmQEclbF5ShaYfcBxx+OZXDhV
opS3
=j99z
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0x12D3461D 1997-05-07 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = CA AE F2 94 3B 1D 41 3C 94 7B 72 5F AE 0B 6A 11
uid Sendmail Signing Key/1997 <sendmail@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAzNwqnIAAAEEAL1KqbRgVm9kp9OHLkKGb1tbT8rwEIeeh8KKSKJyDFiV6lZG
wbEa8OC5vokXvjsJtJvvhMfrG5OYc1Q1sLzPXXBYzenzXFrPaXDO8F9DE8B5VTuy
yY7g3LVr0VZYfi+ZsNdOFGNLdwLz6a8GHBHdmAn6z+FKjMSbdMGcHSUS00YdAAUR
tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk3IDxzZW5kbWFpbEBTZW5kbWFpbC5P
Ukc+iQCVAwUQM3D1KcGcHSUS00YdAQGKTgP9E9r2jv1hB+q5yvJKyTWHiIS8oU5W
eLzdoFlRJUw74M5WBh0/AkcTMfv0BpCDMxu4zskDJ7L+urFRIsf9op5w6YjdsM15
AvuCtWqgExRkdoac9WRCFNZ77WPQ4ul018k9EIpurIPaojLs5j2Q0+9vOXrtJmXj
S72Ol9nQFU/hl46JAHUDBRAzcoIxrOFcwQTbex0BAXvAAv4yS5fkL38pJTUJrijI
XhaHLV1Rq3XfTdQ2HuMG+rF9nxdBCz3a/YCWJSPvE11sINDTSni43BwbsXWqaxvs
UKD2fqgXB88zueY7rOt8rqi+PRMZ95QUFTgUP0kAN2+U2SmJAJUDBRAzcYIwAPLZ
Ceu7G0EBAdysBAClk5f+3LazjkjGZiEVRPBKyUYJDqx0j9phgVkqWRje9ot/ya4z
N+Zm8e+MGyIk6BfMi1QluMJUqPGY1p/mvLPMkiKhwYXHG3kymto8CMSF415mLxIP
/6P3SwCyRzJeEcBxKgXlwDwelj2joa1fWZH+rC1ZuZ5FCaiiyKvjSCqb5okAlQMF
EDNx7IPhx4Y6UUEd4QEBrfED/0tP5eMU4G4CDEAyV6susGl8WUSJCkfGjK8Z22V1
vM4TLiVLSf7cec5tE6iau8IzumBgRV2kQWOz0+q1VBOStUOJQCGfwC81ou+74eTt
ThL8m9oJ44Y0JrQpztW7iBqU0KYsAgf95BtArvTqKqG2kLTlBVbjwb6PBqkyzm3C
6ZbMiQCVAwUQM3Gq0iluPWNaXACpAQFikwQAxYQKEPFIzF/5SyMiktsuNNLMYolh
UsNEUpU63+Yxhr9ofK7dMZFwaTHaEnCZ/zhjRRA6R+BjBOmnkD/W7fG/i94naJRV
rMejqJhfZhHYqbMN07yxGdjV47neghSoN4zddZdfLq4gEPD+MN3rVTDnO+xpHzLP
4jxqAda/0eKSFQyJAHUDBRAzcZsLcslC2OpaI3kBAX9cAv9K9QaxgI8kjyVJkVxY
KJuYE9PPXgjmQvqx7gS+HFm97ZTROEYhhNek7EFD+XJpVQ62KlQxNUaWe4VnNmZN
2QQyvRhNvE0bPC+rBKoi6np6Vha0NqWDA80xos3oswpj/+iJAJUDBRAzcRiTBn5e
2L+1ZWkBAY5YBACLvAw9AoqvMqnUVR4aXSkzK+s5aQG9hDDHac2FWsG66HLhh+Ux
HI5Cvnke7CF+qglNzDU7HpoIdDFovRgQkfGnB/I7Cy6ax1aRJpLc+JNXkwbDDcZw
9sXnMMymNl4xn0vUOyrnT2GIwLwFL/t5JIUqovm3mZ2SpL3FxKNWyxgDX4kAlQMF
EDNw+VVfHshviAyeVQEBrtsD/AtwAvvAduNZMFL9du224fvVZ16of9P5vLVB6tF3
WKvo39FsFjOLr1xgZn5TWc09i1sVK6swi8O+IgcNLq7CLxRYaXpTjObbphktDVnU
2uWwc3wHzFA7nNAT9ACEa7gDc1GxFrJQ6QyjJVK4f2n3EyJxc9E1rBIoCSNnmBHh
vqJViQCVAwUQM3D6ZHcdkq6JcsfBAQGNFQP8CeATNOacSrL+x7JaFf2AlANLwZAo
G68VE/JMcUgGBCZdo6cptg1uBFgzWaOVq+aQU7AKkwLmbyMvCX04PS0tswnkSl5w
DTLgSmmOH5elIWWrv5J9MXrlsniIzc1MSokENMOaKIEWuC4yCgE00nBj8q2GfDRh
J816g1ndGU9zErmJAJUDBRAzcZZKH9vgQ8ZSyXEBAT6zBACDaXRCrBqqCmjIZ/xN
EQcXQF6VKoDFfMUXSgvRaJP0LRuBmbRuWQRZe+OIGA7vKWtvPti40bm3O4b8rESG
MMAxARn2PS7VPfOhrRNaVGV/s3NX8GkrPxYD+MuFVHoI3QKiKa/fzxDYMX3rTh6X
4ISe4cS5O/J6VCEKIjPvoVVFF4kAlQMFEDNxljgoffu9cgNgzQEBEyoD/3Ca0oBU
AuCJUsrPyFYVr5r9FYOWtvOZ/b8IynIXjxD2Lin9AlX2ijLFDJR0lbDoBVPM4IVt
4rb/yr9D71LU3plxKn+G9JdFpNK9IWJGqsn8iRmbnoERbbVzvZHVx6qA4qvRTt8s
TJYN+ueKng42DVvZVZQLWZv9mdDUKH9i7r7/iQCVAwUQM3EH4IY/IR3IPsbJAQG+
pgP7B8mo+OP0lN6KRK83pje5wctThDHF7OMW9tSKXMqGUMEa8+GWrOrazyT+5R30
cOHUnz3iNkjHaO2/3jLZ7VZTrewYGD7VSg5d5RW9PMCSm+MaJiHLVWKxS3exHHWK
b62c3mao1zRz5Oj468cRXnHABNaLt3CmMVvKUpAi3d/W7V2JARUDBRAzcQGwIbVp
4uOMzvEBAZc6B/0eqipGA88c3bxT0NXZoQtePdVen6Ub3BJiR72E3YA2kZx4Bi1B
pcJIAw/HhRx9vkc3EmwJkPCn1o1pnYnuMZTgGYH3KAV6WFsT/Yqp0KaHYLzHLCJP
CVKI29DClbI+LOw3sHWuG9ZHK/y26ue3Bd16dJzs7Wa3ryyqeZGi3gWijHbtVcgA
laNicb0QuWcMXsNYy2E62kP7tZIRR88cv3KVOlbEB/qEOZ8tYbk5UaI6ccZfIO2c
Oyo2xakKmw92DyqRdbNKbf6yFZLPYJbGZHsJeI89m+MyU+av7iIhh/ky1mSrZW63
dPnQvE6sw2BpFS6L3hmtArLHWJKBSm8N3vobiQCVAwUQM3D5Rb3aj9Y/6n39AQGw
owP+Iu/HfZLks9GdaTXata1YEwC42GJFxB3+8Pgy+ZOimffkF/CFlYWBthD9Zwqb
NEQanNqQGLOtHgCX4JFLia+FktAX2hy92ciTcSFG9sVsaEHrWnjQRfh4OhqJa/D6
rtud9sPWjx7TY2s+8BDZxjgNnq+gTCDnhRKvpsLHl9BogAyJAJUDBRAzcPU2I+Ri
1L97pCEBAYxXA/0cleagkyPhJZoZ2PfqtB3iN9/OcFLZCC4HDTdtpdOundLMTZe3
WtjCdETnLCXQGOMghdf9fnuU6Em5xPDnXRi+xvMo1/WN+m5n/xfui6qZtUBrZp2D
35OUFjD6Wr2DGthKb1263P0pbdcCUAZkvqgTHasJfMeSDZR9bAcz77o7YYkAlQMF
EDUKj4B8S2dtoA4VYwEBHSkEAMOsCwolhlXpbhG1tz35lxdMa/dBCB+JokHvGH5B
JZNEARGpjlA7Q6oEYGtpTuIwj2lRqgiS7d3M/qCKL0HlrlMDOcBbNdjC6JZuVgnA
LEG2m+r6YZlLratpkK9rI/SeSpwz2AfmrC89PI+C9Pcysj+EH4hV8WyETjcNA0le
5UANiD8DBRA02DSrUX4eqU/cq8ERAhWeAKC4UOIE7dklH1E30vRWaD7/IxfsowCf
a1Iux/3y5K0dJA7NugTQqCCGPJuJAJUDBRAzzCuczufOCV03LMUBAV8YA/wNZI5H
kQtN09S6BWAHboVK1xp0xLjiKzUlbBFPw2RGJ7AE/Vy9XBLdzrNLvmp1c2gDPeBS
SVfD3T8J6+Ioc0DXAc66mwwLHA+rL3VSjlI5Pj29M64dnkdDFjXtZ9OAVdRQXHtF
BMH6Br0GkZ50erQWbmR+8fgvgV2fW86kSaxqSIg/AwUQNPKIn7gZOcVkC104EQLb
ZwCgyFyGnj8s8Fo8FvLO3zFGOtlEiqAAoKy0AsMQXVFut1EBaSu0QIgf+BikiQCV
AwUQM/vPi2Vgqaw0+fnVAQGPNwP8DHZCQkRoXD2Z6TuDeqa6Vy0tI6YJ8660Tc2w
2siBd/F+QuCHHZ7SszyWQZ+Anuy8xaF9V94JoTxA+VFuUByewD1vYKgxa586GLUj
2dRibUQfoH5FcY9wPQA6eq5OIUYXYtU4JBy8WGRxwjKzis04WNQS7oRgVfPVOLvx
syefabaIRgQQEQIABgUCOVOiOwAKCRA00QUrP30YUVfeAJ4r6k4vnaLPthfR7FSR
s3pmXrC6gQCg7jXhrRfNQh2mnQWxUBowCAk/Xo6IRgQQEQIABgUCPvcEYAAKCRC4
IYkCnbK1vAqMAKCnn3HwbLwS+K+7+DalTQAa06uXUgCcCTZgU3roH3xvPep5stqK
X4YZEVSIRgQQEQIABgUCP9X6ZQAKCRBSGNpgreuBi5JbAKCxdKVCyh4KNgwaxHNu
aBteGdu18ACeNXYmxUhQN/ogZuSaBhd/51aBD8SIRgQQEQIABgUCP9X7SwAKCRCk
1lwzUDdmZ5f2AJ4g86/sZKvZr117lFJsyeCCxmGjCACg9ihcPO3ZXxWtFwrWwOSA
/g4qSHU=
=6cVF
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 2048 0x0C8B8333 2011-12-14 ---------- RSA Sign & Encrypt
f20 Fingerprint20 = B080 979F 4D04 3E19 D05A 369C 629E F8EE 0C8B 8333
sub 2048 0x6763ED11 2011-12-14 ---------- RSA
uid Sendmail, Inc. Security Officer <security-officer@sendmail.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (Darwin)
mQENBE7o89QBCADOc3//yYNlUk1zTEPaiskclluwz6o+kkKp+k2x/rGYm+UYHMl1
w5B1sLs3greR7eGNBmE3Eftr94v/YZrDqcq4mBzQL4qoS+4Bvrjl9GEbAc7Ke08s
ZG0QC5en6mdn0QY3ZSb98GTlImPjiGC0tVCBylJLeyvBSgUTSkkLmp4lsmH6aa2G
IhTatCIV7I/mAB2lM/KyfwmTf2/q8GsyszC4dwVRUSwfkQDfS+dxc60Krf8GNDsj
bPolwAQi+YWMb6renYV2pNA7n9A5nKAE0oq9pe43fv9Pvek+07JJ3YnP0nS2yS4P
PVewsRhEYllEYSmYmEwwCb0682A3HIVZWkalABEBAAG0P1NlbmRtYWlsLCBJbmMu
IFNlY3VyaXR5IE9mZmljZXIgPHNlY3VyaXR5LW9mZmljZXJAc2VuZG1haWwuY29t
PokBOQQTAQIAIwUCTujz1AIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJ
EGKe+O4Mi4Mz80MH/0h6qv/sca1mTjy8vYSRYZiIWyYXpuHFUlr31+wF3cBmwCI1
4qHoRI6MWj4JBnwQq2bAzglgY7GvXXn6TYEFju3gCs6hlvlE8/1z7+Ku/LVsyiCh
3T8tVAxBVeEandnJJgmOP7/dbLBq22/WI7tNi4UOmnqx9n2e2HpBSKk82a2+Z2Mi
9yI6StgTn1osKWTXxyauVJkNKnsoOm/pfH0aR2BbK4K+XtW8B55diGmgKn7o5dN+
2A+tHqPeioTRgTnzywoSniQ2qOkODKjpNr8UVPVOUFHcO4upT6CQa2hijp3f57ns
GAJs9m/JJDSd8l98nbQZP7G4nZY6RK/NIEkWhECInAQQAQIABgUCTuj0XAAKCRDA
KcpAFvTM6fG9A/9Z9GL5OlfyBYP7XKzFadtg7MReYdcA67DiYpkmiIKnJPSN0X4v
H6Qr/mIjisAGm16UIMQTAIUPJCOm2et+55AA5INWiWrU4TKuCfOUJABMbdyvh5vI
HmBmXdmVartyZj99fCDWOwai1cpm+KQMWvO6FDopPAN+3xJiumIQ6KfO0YkBHAQQ
AQIABgUCTuj0fwAKCRA5pMd9qXiEsL51B/0QR4xgoCCaTzTYKTDYwNanLBa+J+Gm
wO7qU6jK6nnLT1TNyMoElCziVh+rGLELD3Nfw64p0ZG8F4bIJhVLTCpipmXsXnGj
86FrPXV2l/jglNIRv7CD12dBKuYN9AkGJz1Wt6NnaENu9GBciUyIkpVCpSEYTgD2
jRhkyCqqOSGVj93ze39VPzw6xAGUEQl7+uVUm09lkONDHq4TDr3QcdpyfwntYKib
DfbwmamVwYias6cMxjxT9GPH2Fu0LF9564CGxW3/AUbr9s/Ze85cysAo9JrIHzAL
M9akedEg9Y/VVKH3d634OOXqRuddPjajDcohRZSg9PSrXRquvONR7LjIiJwEEAEC
AAYFAk7pOe0ACgkQzx61AyIyegG9DgQAs6RL4lY2LGaSWrMIHMmsHXEkUT4SNP9n
J8YFAqzhR88dEMC7s6OeCVGniAPnou07pHAez+hNqOvvqJ0HSsJAMaH7IaQKGvCM
6+/VDTBnOJz56r2yVlWqbeTwGKuwwK+nIn4Pdm1DogsN3YMsdfbP4gCcK86mCMef
aEbs75MGJOKIRgQQEQIABgUCTuo+sQAKCRAY9QOAJMJ4Ap/6AJ0W+lZpo0/ttlwI
CCfzyaABwLCRggCg3lKOKjbw52dM/fGQkuVv6VX/OrGInAQQAQIABgUCTuo+uwAK
CRB8S2dtoA4VYwPBA/9A7rXUPQep6yGORpF6KbIGUMNeotPkZp0FES5XbnGFAPJl
P6qUDbM9sPyupk3b+askqHanusmMXQsyKcbTsFzLgoRPU8gjkquEhrwnpWAOz85N
vvHNCNSo7U6Qnyo8B42wXOtumaOTWpko2PC/SkGh4dYA6J2LEftmkVRqZgA6xIic
BBABAgAGBQJO6j7CAAoJENbgof5PvirdnkQD/i8GBLaY97zgOXuoilxq3mQK0cn6
TWIorrG2J9f1JZGZX6K3mv2G3KsjGs4cXzaFkp2hgD9yqTO/+BBQg0+OiCNxvs+l
zrkP7yIXk7uiUxMMHkXaKwxDUuQbf4V72LJqr5eLZiWNwuWJ2VdsVYoS9/gT4enw
YkZr2hdH/07k4TpDiEYEEBECAAYFAk7qPsgACgkQIfnFvPdqm/XkBQCgjDEuvinF
5lcGIWrERV4wqrgF+JMAoNbS0PaMoXJrVZYHIHhKxHABLP1ZiQEcBBABAgAGBQJO
6j7NAAoJEI5a6fvO7vQ7g8QIAI9j2FkhUN7J6Wk42i/z9vSXCcbXwOnntq8awUz+
se7Bw1eSLmJs3oxWlL2vhHJVEbvNejh1lReRKDHb6vXZ+YkN/f8TXsj/q+mbCHe9
NisN5a3BTawAgzVE/E3XvGneQVY1cgC8As8ZoYfRRTdtsEHdicYoCjHWMw1LXfo3
+hBMsQNvsU1tuPQXjU/qsalfP9qRJe9OVNLo3fkxFSAcalNibB5PS86tyAes+T0k
/5LT30nbeX6ZfY98qDIoRGj7dBWpu73oi4aS713iy0AIyy/Kip5AERtGv+B0llTC
Y21AY0K2JXJGAS7IfVw2BrvbBZevzXe0AursqiLGMZ9Nokm5AQ0ETujz1AEIAM++
iXuJkoVVvgEb7gxUbJurVDaedOjKVM2pHLuOorQBYI+gQYOZh+r7ZX3PpIGyoLWZ
dlpwEhrEsd/2+TY3nMPzkcfW1D+wkP6MIuD+Y8y1efNeBC7IzNnS5gG3+IItgzEX
Fuql/MMkwQ2xOybYvjzFB5I5cWEkGv1S2xp6uQvIhlD5bWT9R8/1A+9ZZYcP2Ozq
IWQKeBljDEolz7rTd04UgfQK6ROMNYQghTwWZxmBjsdBa7jtWlfjssqngLiuxP5N
XQVwN/vUEbryMfNNS4Stz7/ZrbCwtu9bHfx7sLn7fpcgJso14e42+PAXfnuoXtGm
32o4yUdJPMqwFIMnLS8AEQEAAYkBHwQYAQIACQUCTujz1AIbDAAKCRBinvjuDIuD
MxdPB/91RSXgG8IQDsOroKYNiZbeEHC75vxP3Rl0XOxU3IsN0mzz4ZjS7khLC1Pa
ATCIkx3GwNTjvJkiePpc4knc3ZlKx9fKJz0a+pt0ideMmzYwdcX3enG+Z6z0hEL3
GJzNC6v7WnV0DsSp7hcT8l9hnqY6HkV497jJG8ztGK3KH943/6YL90RlXqaoRTgq
+bSXhbxHueImhjyYUrmJFTZ0ElSAcuVtJpCHnAEouTQAtshzyUnDXwgoQk9extth
Sn/xUlHB9VGWBAXlq6qJcx2jqWGrmRfz8gMBAwfLTUyNNeixt3TReTtos/HaZK3X
G09zJuZGoDdC9KhhogEVj4Ow+ydV
=qF87
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0xA0F8AA0C 2006-03-17 ---------- DSA Sign & Encrypt
f20 Fingerprint20 = 770E 4AC8 8A97 B69E 6E75 0605 1043 2518 A0F8 AA0C
sub 2048 0x6E613854 2006-03-17 ---------- Diffie-Hellman
uid Sendmail, Inc. Security Officer <security-officer@sendmail.com> [REVOKED]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (Darwin)
mQGiBEQbQzgRBAC7QmIW2r0oJ9Ixk1ewPxfwN1CU15k2ORBzRVIcO1UcLm6I5t3Z
Gorbj22J8xNyY67yQ3pi5O+pffl5LujEKTco3D3sHhHnpz8vIaBiLyVUG3dCHZwU
FP1jh9l5UqZ+QzXGAi969PMKkVyuWCHvUWNYLG+2RTwj8Ju7+NIzmv9RMwCg5nGw
ftSHOf/hnfujlcHCLWtV1IsD/3NpxdobEobm+Zlkjk2nH1NtqwMDdnbBbj5U8jku
LuhwZsvHbzie42JoroT/WI713JU3z1LrcwBYPxQGgVXlsyQi1ilJmd/JCsp9SpFN
kqbog8zz7lZKD7PwRIduicPlXVft063DbABwTIi7YGv8xFnLt9vIix2gSco766KY
rjPOA/9dlGIXq2HP6BGqYtZE6A6RwL2ujAXfene8hYLaMg8t52XyHvJDeay3siKy
EhXt2tn+CyheTzKHXE7WdYGVIZq8OUBoJy/6eaL/paVbzw0SlhCuXNEP6J8SQClA
rXDAwbl2SODl9T9eVUUbm7bQxdD942qCv+jhvBzAJrrHmZ0KPYhJBCARAgAJBQJE
G1GyAh0DAAoJEBBDJRig+KoM86gAmgNUdUqrkiyji3OrzgzJOvvvGgPJAJ9mbH/M
PYHevtf0D4/YGAWDKIEkNrQ/U2VuZG1haWwsIEluYy4gU2VjdXJpdHkgT2ZmaWNl
ciA8c2VjdXJpdHktb2ZmaWNlckBzZW5kbWFpbC5jb20+iGEEExECACEFAkQbQzgC
GwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AACgkQEEMlGKD4qgwt0QCdHD2sFnc1
cKILKClUR2Ad3x+OyysAoMTKNOPxq/burquoqt0rN8QnPkctiEYEEBECAAYFAkQb
S9wACgkQGPUDgCTCeAKDiwCfae3NkBOnjSBa6E6ftmrDbzQYC9YAoN2Z8jaq1kM2
pXmC0s/QTIIsPc3iiJwEEAECAAYFAkQbS+sACgkQfEtnbaAOFWNKEQQAgIKzIX/E
vAj4BaG13i3EYdvcSG0mfYsV4NVIdrDPnV3UmgbGBskgjkUyWHlUTJZ/AExcYyuT
QNuivkH8pQKsXNUpm020PXvJg7t0/ZKTTv0tXyz2OT3OLKhw1O+qUOOrkxgSpfg7
UgQLTbZ0Ol1faP8iSTM5649rAOpqbPi8tneInAQQAQIABgUCRBtL9QAKCRDAKcpA
FvTM6cCsA/45MgCAYIr08/GKnFlBTZhAXQ6pZvV4OCdtgMIwcJXJtB2E+HSjOsn9
Ismyy9n19Z5j961oGwyfZ/uYoRp1Q5rMEs/sDmFyq0TAl3vRoblwuOKtOp2bvGah
/TzdkMztMrftErM9MhddQDEIoS3PQ0QkSODRCi/m8eMtGLPX/m+Fu4icBBABAgAG
BQJEG0wEAAoJENbgof5PvirdmR0EAJNHIszZZnGx7jqUB2+tRLCsLctrm8Hpeltc
2XkMeT0nx3K8XSDs/cigdQqTHq5oD2P/6Vp9e8X2UE/RfEhCDre9ADnSWzqASRtX
ktDVnFZZHuYnXl1d74bqS5RlWpbQUJ5VjAFuZaB1nhFRcRWuhl8UIqN9OKygtUAg
zlR/FfiziEYEEBECAAYFAkQbTBwACgkQIfnFvPdqm/XFxgCg8x357MlaxcLbnsbK
ZFN26nLDBqQAnAxqbkNoRKqF+IRV9aMBz0vSt+baiJwEEAECAAYFAkQbTCgACgkQ
HnuzyK+VliXMAAP+NGQ+3rPnGHUyT02C5K9ksuqWt+7q0ZWHR3NP66H1XQCqrEUX
qmcWtZpd0xTY8XWcyEzYntXje3epQMnA6/52ohFNehiGQG4FENsusTzu7+GNdpSq
YTPcdUrUp6zOc3o5C30q+Y1tvBtyYlfeQSvH3x47Ai8PrnVmHjJCltkGtgiIRgQT
EQIABgUCRBtU7QAKCRAxGYBRzxpNLE6WAKCACCj678P/8pn+vG9JpgQWQgV7zgCf
Q5409UHS5itySiyQ/atuUOAG0QiJASIEEAECAAwFAko7qxAFAwASdQAACgkQlxC4
m8pXrXxfsAf+LBylo0S6W+hExP3s9jso7TJTM4hJGrVjRKZpVF/zj5Qk0Nocxo4D
YitmT08e+iBZerO7OcYvy16uiaTBQ2PCSYoLhen2AMjkKp7EPG+TF1VBrp7jj5aZ
GYROu8NZTKr28rCL8a2Ge+KrohjEeIJ80IZo7gSZRprQnO5LzDtBMp2T4HV6Gj4d
g2aa4tDhTj2EiU3ZOQ/A9AbOYBKAqipxXdBR20HdeJU8looTv5p7jZloawgblXqv
bvvSBXYGT7uJjx7tOl6yxPrjuu82PyauHI6bUUbrJcvuk9zd3mrvyS9OL9pTeR2A
VDK3PfX3g9z0OzR7owHZT627T36Jogult7kCDQREG0NOEAgAsvSdf2lG3k0OqLTC
TVEhcAY8kJqE8nyHnYKAAlSb8UCyZd0IhUdq+kMqQeC9wXt2LG2b7wmji+FqRCiX
tdlmBTkERNxKAGM1zAEmEXEC4H4qb9O2JcwrlT7fo0ZJRLkSpHz28GIKG2Hfcoy9
BmBD85+mZaTTmUyEjT/+jWxf7RAAZNs72rtEYx/vtXgIcnEtNTlliC5Jr4gtX0aD
j4pIsYeqTTctE6fXcrRxMR5YdYpFygW0uuiSZioN34WphoBNr5JUJ5Lw9gNDjlHV
lpcns3Xl9GDRczikqxjgoARQfljVl9p08V3QvIN/W+HKx6iAlCklzO+y1QBGM5DH
vIPwnwADBQf/X1OCP8dgTIFcpf0DCdvedlZgZqnebbmID9tb/+5RYqNitzmghP+o
nlAxxIGbI4C5yWt/9UZJhAhEA6WleZlByN2dS5UOWJLA/vtPh24yR82I2CrxECcz
txVQQmmVu0YjkRqkcU7yrzzKraiXz+6tkjPlBzdVroct6W9bXOEUBynuUlF+4sBa
rxBrp/c+ba7NJx1pAhitL6+ZdfBs6qXKC5ycjxsGHQthMCNCqwbxgeSW9eWuN8SN
JqzeXlQ7jlrjwNaJJNcbKvlOx69KB9HrJptIdrydQo6BsYXhRTV/U2fbFpqwxEyJ
kRHa4ijYazXM/AuV5HDBUCNpQ5bBG6nH/ohJBBgRAgAJBQJEG0NOAhsMAAoJEBBD
JRig+KoM/lIAniL3Zn4X1s9WhfbtRlLzFyYU5rHBAKDemVaMCQriMYNWeRxW/Z4w
Z9M/bQ==
=nJIt
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0xBF7BA421 1995-02-23 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = C0 28 E6 7B 13 5B 29 02 6F 7E 43 3A 48 4F 45 29
uid Eric P. Allman <eric@Sendmail.ORG>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAy9MzZsAAAEEAK3o3N9W8Ynb47vNtIqUvdjYYl/nEt/hddhumsDNqt/icanP
7x9VTS1bCfKmAEQ86DSkWRWZmhIpExbcqmuRtixn/RfDHzJ4hU/wAd6kAzUTVIfY
wLC5NinszKoaqlBWlQkWKW/2GbryLmYIRhIDOKkIBxSgskpShSPkYtS/e6QhAAUR
tCVFcmljIFAuIEFsbG1hbiA8ZXJpY0BDUy5CZXJrZWxleS5FRFU+iQDVAwUQMT5g
jkkkqUax7f6FAQFXaQX/X1wyl9t5tJiN+X8vBpB9p+qfto/q+X0wrCa9EobVwNRP
AUt10WfcDz24vduVKE9LgXPGwGYUsDDF9fYVSsr6PLY5st50YYY3zmSk6a4wBhwz
kJ33HlGNlEYZjNhC5CoqGN41WJ6E0oi+bS1w1H4ov368BBu2WN9S1tWBKwijJeJa
pWbnClxe5+4Io0z3mxgGHJFNlz9ctJ+WGazauFkAb/usIAw+MKrQ4sghtfzto4e3
idVAxdxbwzhH3XICqCA9iQCVAwUQL23Mt4N7eH6kQJ9lAQFtpwQAl4O7UsjFPiY/
TQa44Ay52BKClldBfvnVh6jNForAzgsFPr+dQVD/1SXahMFnOgnVK2zW0xwlQhv9
w9LHrQ7r5pMQSqQbJYze4MQ031BDHIgq3bZRIf4yeWGdaH0ro8SB42GejiYP+MfQ
IHSeThLA1LytnxCN/nRRkWK8Nl1DqnqJAFUDBRAvUm31HlLTF1zSxhkBAc+fAfwL
hnGFP5jYsa0eUGJ3SVZmq8P9HsH0STF82Fwp/vUxWMvILpfSujLt/8792dgcwfdr
HbG1Qq15XGsza0f4HnTBiQCVAwUQL1JtpSPkYtS/e6QhAQHQ4QP/WD/CqFA6f2Jk
npDAVOJsoUqRbAluRbOiNOwsJ/OEP4ZGfZshvqxsVJbQa8tmewjHMEAAWvQ9ueBY
1fwUenlSIAA0gSEdlNw0qxIEj9KhnU+chQq2z+RzoHuff2/9ApJwZQ7wSyw9x1vj
q8DmkHBf+IAVJ2zCdNYGRGN+iBYF7L6JAHUDBRAv4F4MapsJyFgmz40BAUMCAwCU
YvPrVm3u4EKVuWUq4g27LOid/3Xf1g7KQ+Fp8J6IjTBSs1Q1UW2RgDI7EqrCwiUs
sHSLrD+3i7NJGsgsdKL+1HBfzujdDGMP48ujZBbYkjQ+k6rSez3NkmXI3rW6SJCJ
AJUDBRAzcuWqH9vgQ8ZSyXEBAXxIA/0VUrS3TdBT5aPgApMImvP8yHH9CGfIjQ42
48ss99nIr7DVskyq42g5EbUDTQl032iHc9eoEvvOKQ1BUauKGAvg8ZYImhHd20ZL
vPqGKt7mXJsbq1syG/Zbt4FYzwrVgwToZ1zjvjBnhOXYzjSmmjytZ9A4bLXdqr59
59iqlrZS7IhGBBARAgAGBQI1B0w6AAoJEOguzwTcZlABtoYAoOduT0nD8TmVetVV
VfzQtBhpofPQAJ4gD4J5XDyTmG+nsm4ecpKwcdd9eohGBBARAgAGBQI3eQevAAoJ
EPebODJBSYlfPZ4An1+PwxSKSQ4ZFxPKnaQzk0POEEvnAKC6IxaifUFCbNMq5ejq
WPXPAR7aBYkAlQMFEDRaMzgmJUFp5Gpj/QEBhhsD/0APxfVCUniRRja4hgJYVqXQ
L18Uc7BwDetpxDm21+HL3kCj0YpRnU6H0GN2usFdoQit2dejDzbUSKSYDZT2LcW5
XQ+daMNvan73tWKw9ycMy0Kd7DKLbOS8tvc45Wg5m7x/Zv3rH1e5R+9gHlzSzzXr
kzhmsMuKTkqqZ+ROE3OuiEYEEBECAAYFAjs8tRIACgkQg2i7WWb7wYx+PACfRs3B
YsCJhwfvAhsfE9u8v5WNsl0Aniyr/yzPHCHetrcfVG42jaN2azfoiQCVAwUQO1kP
MAZ+Xti/tWVpAQEtWAQAhFmMzQfxl8zg0xqWwgVC64btvdMFTaQP37olYZbQsyy6
2Xf2gsuM1U+4dD0dhilGL9qax87X8hmRJki3y756weoZfghku13ueVNJqOD88Ya8
usXNDS5P/q4lAH9UvFh5IylpksFHf08vsrTLUneVOCvgAREh76PpIHzTjw9bsd2I
RgQQEQIABgUCPEy0nwAKCRAtu3a/rdTJMy8MAKCmtqbtWoXMp/EZDH+UYZMK43pn
mQCgnJBlggj1SMV99i+iBb30nMIGrcyIRgQQEQIABgUCO+w2lgAKCRC/tn5vQSeK
RJFpAJ9YGGDUWZm97XcPos4p4wsE3uhbsQCggs/Z0938yd7jvU39rEKXTvEjZ/2J
AJUDBRA7WDiezx61AyIyegEBAaiHBACBjdUAiU+Ni/5MHypmXKn9x1t2xmsaBNlA
vkHvWcGvRImmr9oq7idOMH0OtVpsskCvdJq1x6TO2akdtxtTnEtRJv54sw5OrBVB
7HULGgQa6QySL6t10fG0BQAULCVbnt6ubrLogwD4ATcYykHpL0SJZyOULmxaDb6g
IOgxn9gws4hGBBARAgAGBQJAC0r2AAoJEBhZ0B9ne6HsVfAAnROVE/UJSrNLplJl
LBuazZvvjT3sAJ4vZcunwcus0xq79qGFPJgI4cmmiohGBBARAgAGBQJAC0sfAAoJ
EIHC9+viE7aSm20An2/cqEmQ+KootRdNNP7l+oHvjVamAJ9T9yBM1QM3cFMOiY1z
ajQV5XfxOIhGBBARAgAGBQJAC0tSAAoJEGtw7Nldw/Rzd/AAoKSyT5c028xiJ2Li
W163tN5MiCy9AKDZp10knjSiiIS2/s/zuJDfEvgET4hGBBARAgAGBQJCNb+JAAoJ
EA+Rlt5uUsKeiPIAn0fxZdmUdo0r/nH3ZeAeW3EXIhx5AJ9k19QpIYEP5AlyGn41
q7N7KJgyc4hGBBIRAgAGBQJCNC8KAAoJEFMx5x175C/jhrgAnimIvdY94XEoOfm0
12LfYTd66x1AAJ4ttaySHJJR6C7+WpLahXYyjZhYf4hGBBMRAgAGBQI990Q5AAoJ
EPuPJWT12mvjuiQAoJ7MdyBGjrEM6yz/FFgpLpyKySWUAJ9ENQMKMr6FQXLPaeME
8/8XoYCJ1ohGBBMRAgAGBQJC9AUPAAoJEHu7RcYqQ9NMucYAoLfFYRlLsIvmEaRZ
hRelDMX4wuq/AKDJzv7iF+xpS5ZlT5XHdAJM6KCh2IkAlQMFEDACrUC7EIKQsT90
BQEBXosD/Apakw5p9sWEP0+vVguPqpp+MwCfGJpWiQKXRbNJTO+a4GtLU+yPXXOC
7NvlgsgPpfuFbVRjLlrxHNBQKEe8SxQ3uM/On9ojyGj91cI1rXhycIqksIGPyGbG
84hrtT/PMbau8Eq7yYhaNFae9EfDTAUs+ypPGDhjbKhKBq7E4mtAiQCVAwUTQMyo
wzfj9F/uZeMhAQGZkAP/Y6HCzk/2Y/5bzje0t7QxohaHxKipoUIrK2FgCUOYuWrx
YSUfHK8DwzOMh3xzoDvlFcGCnxMl2sgrrgHR6fILobv8gPS763qu63doS3ZwY5hR
5NbwmQu8IF7S8A0E6QpBa9EciH84T90Jg3U0UFstbxDBdXTCRcsQ2GZ3B170l6uJ
AhwEEAECAAYFAkF+tc0ACgkQquPmzmahRGhziRAAl0RfoEr9vcHFkGJpoXzn4cIi
LOrbXcMa34H7WghD66NVNuhracw9CF/rvVvinkoKxfCBkZ/KUZW+fmotyoeDEORZ
oJVLN1uvqBBSlaEQZzqOVl58ISZvXxZeHpS4CwtgYPz97uNYmukPU0MKxAHqcLDv
e9Id1coukD+L7NQXHYVbxIIx86wV9kPKXvdESh0KyWZKgRi4K6ZKwhqQXaLKxvNU
Pz3P2uGyZQf8YSKyES3+3F0lOs8JYWRdahb0/2h8ZecMH8ACcNU57L3f7iEfNF3P
cfqr8jLn0ulfn7JuMBqDtXM2DDjLYuwuPxcTKwflvwLF4SyN1IgMcjyIHcJBHJZU
PuUTvGi3opQzfkPSFvQRDnJnPoUwAnxbWO36a7s8Rqw6S6sRM4VjHgm8i7C86vGw
0HtSzckUL1bWFWgXTmzQt2PKTp88iJUBbMxwxDSjkzr5V/sPYbr+3bmbivTVdhlR
TW9Sw1qsLe7uVIB9rdF1yJrwXtTKwcowQlHmSwfOSPBRdvghINeNWJ4ZBvKIrqZ0
RGlnbvg7lhViPLDWSl43XQtD+ZiZyDvJ5UOuNTwxXEMTsgLxNaQTMNZh0s4BypVn
2J4BYUGIFOLfJvDRY2Dc/sx0oouhqB5U170F6IPpcYM6d9c65WVs1HZ2MrJ9MPLB
q+1XY+V030LgjiE8qqK0HkVyaWMgQWxsbWFuIDxlcmljQGFsbG1hbi5uYW1lPohG
BBARAgAGBQJCNb+FAAoJEA+Rlt5uUsKeVQMAoNbRCOQWVERZzCC0I3A82Dar2B4r
AJwJqIoskfpatcKkN5ar5Tj6xkK5vYhGBBMRAgAGBQJC9AUVAAoJEHu7RcYqQ9NM
Gv4AoJz+Qkj21ztaZc/BtofhihoQLOUXAKCv2fefjGmx7xt07MSbelv/L3ZFKIkA
lQMFEz3RK7Ej5GLUv3ukIQEBf+wD/A7BAKI8Jt7ZfG/js6IQibYU4E3C0z+0WB0G
diJAZKEE8bYGZJTD9xRda9jOSW4q2NTyjTPJfSPYJ1MyM4K+20qSHgrCMRvuAWHs
/CDKy7ev0VjImB5J5ucFMlc8jghgruJrcQYKNB1mBRDThAxnOLwfu+iU4DjN8nDi
UHOSRllZiQCVAwUTQMyouzfj9F/uZeMhAQHrygQA2alGdUJiVJ1694wKsA7NXdah
ea+VCpGgxxMM0mqXEXwHgMRKOjALCrC0o8r/et0qwOwUcduPwRDsVEyBPB8FmSG3
6Xnr11b/s5gy501Ms7p97Y66fajPi7591BuBsW8YNPvztHAaztaWgsNQ8VOo9MwT
62cmufuFbszpPJ+f7Y+0IkVyaWMgUC4gQWxsbWFuIDxlcmljQFNlbmRtYWlsLkNP
TT6IRgQQEQIABgUCQjW/iQAKCRAPkZbeblLCnnrNAKDUOt94rDAqQX2TcvTFHDur
0vNpnQCfcww7SwwdlBzkSAsYCnpXoLd6Z5qIRgQTEQIABgUCQvQFFQAKCRB7u0XG
KkPTTJYLAKCWB4W0dNGjUtGW+IgOCt1ipANe1QCgoeyb504WmcyY97mSfIqiECMV
LqmJAJUDBRA2cfcr5MnqS0+2zR0BAXAuA/9mBEs7R02FaUptY0G6DLiaAQikTJ48
AOTKYXzIKV4FSkm7rW6htrC+M5K1bun3MekBSUSVymOcRiAnA7hpncbfHBf2INQL
EU0Xxijf4F6cJMzRYONxPXDTaAROVaYhqzmgzhmLXSv7OBV+G5bzZKjoQAuPKUEe
R+LIS2LhPMYBKokAlQMFEDtV2CvW4KH+T74q3QEBuIYD/jhUow70mr+OxDnmFUfu
l77iS8yfWDB9U7aAg0472gsnpwhr9H2PTzDID2veU1tszOmFEILC7KxvaFX++BSl
p+nqqYoWYqGZmdPHB28zdgiOq4MuLLDDO29r4sDWTo/8xEMl8uM+XBS2yA2O11If
mjrS6GwlObaFMe0XzRNBcwm+iQCVAwUQO1XYW3xLZ22gDhVjAQH0LQP/fdC+951h
P6KFtWkJDuWCbercTtg/0vZ5BkWVZxVL8vcF/ca+NNNQZzriG7dT5pC6Zy0ZnFuI
Cxwps5Xebuio3mr4i+nNDknShCZfsXxWV9dhkdzTQyyVMcYaPhgtCFWqCn2ftHMU
knwLQ+yyqDRDqsg5NteNHUZnPDbcq8wbSmiJAJUDBRA7V0Bf4dT8FObQdHEBAQ1O
BADDPj52cMF708Ee12P3GHY+t6k3CK+buq2ga9JC1IfjDoB1MT0XSnazhiTjEykt
kUY833wjSvGHIajsT/bh48YR3LVQO1UDiqnHwTCCtWLXZuHw425TcZeea24Wofzc
GYDfTxCeasemU4PzelqUZMEzF1U0uWzMkGnNM7+2COV44okAlQMFEz0ctVoj5GLU
v3ukIQEBgd0D+waikMQDMYFeZrTQyfijz8ZsWEIAreruUpuNvdM1oHp39W5yBsr+
eDOFmOG0/Lsm3BOcIzKekgcTK2jFOzTg87OlOeSyzLJFKiK4lJ5Y2WUavbCPSo+M
FTAYRUxOtjwvaNy0i61wLuB6fZ6aAQn/kVbTZz0/P+hoBUZa5MJg/6kIiQCVAwUT
QMyoxDfj9F/uZeMhAQFWPQP/dTHQrC6hSXbG4nbbztZxh4sG/HS1EgF8LNSQJfQC
BqqwKl2a7k9l95i2bi9NVBFjvQRqkrhayVMhG9NxVOQZrUDDKJvvA1khXRIgN8z4
JPu4lUOJ8HiQ9aLbC8x/rdtCh3UkmyO30Cs/ykkwaE0u/gO7H6f4PB6WMnr0xerd
H4O0IkVyaWMgUC4gQWxsbWFuIDxlcmljQFNlbmRtYWlsLk9SRz6IPwMFEDSqIBpe
2lrbOY1YUBECQxsAn2xIpvoCPV/AXxDIMfmsCvOhY5diAKCPQ5yABVOMwdXUFoAo
O+r518BIoYg/AwUQNQwAQv9OLU/BcyvDEQITMwCgnylcm2XpD+xyDRXmgaZQZ7ze
JYEAoMpTevluysbysvib2bAhu4w1JMi3iEYEEBECAAYFAj/V6rYACgkQuCGJAp2y
tbyW7gCg6VaLmEYc7k7V0N9lRNPD/Tn8pXUAnREmdNNhgvyPwGdPc3FjvrR768E0
iEYEEBECAAYFAj/V+lYACgkQUhjaYK3rgYu+xACghoPcXYc5WO7ujNONIWZy3BdE
7s8AoJoFQGJiktKiWvGTo9Y7qqyi0piviEYEEBECAAYFAj/V+z8ACgkQpNZcM1A3
Zmem0gCfVzLYHqM7Cv82e/MEeYRS4rGP6z0AniSqIcRQrUK5y2xUTtr//Hu9MXTF
iEYEEBECAAYFAkI1v4kACgkQD5GW3m5Swp7fnwCgnlbPPJXa1xoMCyApkIbQ/3Hh
AocAoKGUZ/+J0e/8WHxn3OPlCeOO0fHNiEYEExECAAYFAkL0BRUACgkQe7tFxipD
00wGdACfbAOf5Svoefyegn9jVk2s4KZY/pgAnicIj0Q+41plRlbxAPJXK72QbJkz
iQCVAwUQM4me9iPkYtS/e6QhAQFNvwQAlf1JIVvpn+ayzJhCpdex7b7s3Ercgwic
3e+22plo9mmkkolxJfyr6qGKR7BJleSksYui2rmnbG6hP+nZR4lUY1BZEmVDkVmV
UFl1QWq//V4lysKIK2uHjasi6f9ZQ1tzcB10rWebDm2JUeowEv+8vjL7LpfWGTpA
fQyNGHux/c6JAJUDBRA2cdqc5MnqS0+2zR0BAQIlBACHEDxjVe81AkvGLfRtwQsr
3+/bQqIbTnzjINSr/9RUAYepV7mNOD8hQGEcihgaEoAudz0LXuN7YXcWXMS7fjU4
iW0fwaDekZzHY+Eq8BLl1cohWPT4oiNxTK5NTedAKJQ/Y5OH927l4r+oax6A0wGK
8hvhK9B3hxPsT20dqcfLUIkAlQMFEDtV15V8S2dtoA4VYwEBbToD/1+2lkg6uv9G
c+RTSwZMIles+grZ1qFAlU8yRwB1rnCabTpGDa9vP279lZtlLM9Ee3BUdMp2aoAn
uwSMpbDIRM1YDnff4gXJ2Ch6pR/a4kF3qgMrU+b1urWinvD3XirNY2AwEAt+eGqk
bHbTmScYpe1ONJFYERCen0963+b44l+ziQCVAwUQO1XXntbgof5PvirdAQHoawP+
ONzw7wlnB5Tm88OHe+Rii0RrIbes5tojKsYHmYNolRzLo6P6Ka+F0Ruidnj7whMS
RUDRjocXl7zIBIz99tpZXzT92Nte1IWMRI+NjtIpth+HdBwdMP1KDE6hMnVDZyd3
3diGUfy4SwZGpHHZmB3S2IehAnd2n4+mCls6QRuaEd+JAJUDBRA7Vz7i4dT8FObQ
dHEBAUpmA/4ns1sCtShblVNm/WVO0zGaguN815GZ1VYKOV7aT7ymA04T/IfD0eph
Ng4w5WEGB+XJY2iN5KfDUgZMjvm5zjO4vUEKGKpoJGu940B8bt75QajbQU+pYFuq
dpcLhySBVVVh7kapviyXM9jNuN9kk8BPknef4Y1jJ2h+8r/wg4w7v4kAlQMFEz0c
tZ4j5GLUv3ukIQEBcNMD+wThB2AOYB7cnl7xWdfxXBDn6zZ9FfezUQy5KtdL4suy
lLVQ+4RCQBvuvjrgCy3htWJ3KkTCoHui2WjmIaKsI+QweTcOXkZyvu1JFEmSO22C
TQQBfFAULfpWmk7NYr0FjWaFHmzOQNbFHtL/BL7WbgKedOUTlhJ7PBIY3EDc0Sci
iQCVAwUTQMyoxDfj9F/uZeMhAQFYWQP/UKjl+nBZsFxIaB8eRahB5QhKMD7VJ2uI
zrT9uEAQgPq3hohQDo67UDan4PBfWy5Vum3Vb+lX5smaxVqZchI5z9Ii4yWA9Is6
mHSwO4dNrEaOiWzcu76wbVk8qQYfXVjmo/n56MeYJ/5vaAgosJzQt9KvWykvxXFO
eom15MJLTQq0I0VyaWMgUC4gQWxsbWFuIDxlcmljQE5lb3BoaWxpYy5DT00+iEYE
EBECAAYFAkI1v4kACgkQD5GW3m5Swp4LXACg2Wb3e3plOES69yE+yXy5Cj/TvIMA
n003ajQmlAb6Vt37c+O2K29QhAJriEYEExECAAYFAkL0BRUACgkQe7tFxipD00wB
2gCgndzGMm6P9f4p5Q1kbdsyhzUpOe0AoKHCy8LGBD/9mJEm6cZQPV/RcdDOiQCV
AwUTPaHoIyPkYtS/e6QhAQHm/wQAjnLnTDgI9fxz/cNkPGmI5+et58zt7FdsMMSZ
1C8pxNYqZX/xEAL1anZWpyDbrLKzkx+11xCbvBn1Ot3IAd6jy1PabazbMtU1yHMa
/zwGYc8E06beYhHMnnhu5y8L7Fqxegc2tQECdNfQTl6QhvtRX1Z8Gl/Xm2nymJ5n
0dQK8+CJAJUDBRNAzKjEN+P0X+5l4yEBAWYHA/9sPSKzuRpC9MUw6MFc6Kr9aT4t
VfTo00L6fHOpQX1llpMclYH48g39PN9OtHtvb48IS/l8h8Qb48w54FnqH/ZgOyJ/
+dcwoCOvTu7mYzMlwJuoV89cg+4wmFFtBipA08ga4kJ8Gfum1U5S5wvQFnV0QPEo
0Qg0kzeGssNK0n6OoA==
=pWwn
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
sec+ 1024 0xA00E1563 1998-03-07 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 66 39 58 9A 83 5F 52 26 88 E4 59 36 5A 94 D9 48
uid Gregory Neil Shapiro <gshapiro@sendmail.org>
uid Gregory Neil Shapiro <gshapiro@sendmail.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (Darwin)
mQCNAzUB04kAAAEEANHOOWZH9BdsPi8071kHB49qWAWL7OjoUk2NpItw5D9o/sRa
jZbBwtvPSjx+/cC1Nka+apIuXGccjBzpu71DJFLxIYEk+MW33bSgymI19utPS1b7
yHetCa6T3ggBsdSH3+gLbyK0bt+suRxxiAC6719HqHvUxuGWnHxLZ22gDhVjAAUR
tCxHcmVnb3J5IE5laWwgU2hhcGlybyA8Z3NoYXBpcm9Ac2VuZG1haWwub3JnPokA
lQMFEDUB04l8S2dtoA4VYwEBL7gEAIcDsmzwlzI5+KYILkeUmoOWeoOunDZ7ZRv9
KvATWccEJdcdjGk4VPKtAGYWgPJBweLAaeZBHo5+cB/w4Ho+sPavHJoaXqk20u5T
AtIv/DUKcPcE6MVvOYuWUsnHGuWDeSke/KKA1uRw7KEn8vDlBYktUres8ifHLGy0
JM+aEs26iQCVAwUQNQnbcr3aj9Y/6n39AQGzkgQAhcwsoDO9Rl2oQSUYZpvcxUHF
rroqSQFejRRfTCT2a3ejQDckeFTqT2VcLGv+QH+7sQFnRAlJrTWU6U/BoLsf3qnu
dSijd2DiiCTQ5F88SBQjlRyxvXpQXOWGlmemmkV6kry/px4MaFAyF/35HCo0Rzd9
S0brLFgrCiTzAS7/wRCJAJUDBRA1Cd2jI+Ri1L97pCEBAYw4BACh5m75gsGcClEX
LUcxIOaANG2YNSr9r1lmHxcDq0V3Gpv02IauADL1+DX6o3sD+dX+WJxyAM7F8QBC
up2ZtADL1uxiGz+AarDT4qzXyUeQnB47tkhPTnlcO60srtgkRKNex+lAuzzbWSAT
vZpS4C90ZJASwMGr+M73V/66cwKA/4kAlQMFEDUVydtfHshviAyeVQEBwUMD/AoR
E9p0DSgbPpSdojFok7BEe8fHLwJR31fBWetLOk5nsHuAHWBCasO9bmjgG8vls8YS
iTkoJAMxXN03i1bRNL5X3F5Ex1HzrkjEsn51Fcx4Jyp3blXlf4yOBN2t+2DM8DfR
vy1yVrvKtZ1TEhjM0zoG1DqjN8zf/hG23t+1rGZ3iQEVAwUQNRXjouNaWM2W6V8r
AQEHowf/ZTBh0jzRC+oJHb/uewa/vnufEFeWoGZt5U9KZoKooUcZZ82RyZhzJzC2
/5zQQQI9vY+Gh/bL+o7Eaj8+FlbXN9N31E/BhxTtR/v2FTr0HHn/kXKriG/Wjwpr
Rj2hF9fu5HTVD0Bp3A/uQ4bUO9xT7edKGtQWgXEN77/xbD+LGrZ8CTFSohA+WIyr
tgwL214ASBDv8j++V4lpTkzyJSjuFTL019hsjkeE4FvCXbELfvsVX0SOZK9Q45I+
sgvsAZ0BBpasfaY47WShYGhTvvp2r/Z8xgy2erw4vhKz3jJCVmkK1cmAM0IvhwFn
LSYfxI/T/1zEUj+56XTMc4C3dltXfYkAlQMFEDUV9Q08YShHTKshIQEBY7cD/2Rw
Bu6ZJAoJaGKzbBOwEQG2JV3/o5W0Z/Tfy9x3kUDecgqEKN2M0b9zCkzCprotGNhJ
3KXvva3XL2H9AlJd5aorcmvNSph38rPlP35Tt3xWXMBrB1CNR79WMZU+Wx1TlJMf
i8EFURUkjD9WXRsn5P9ncPPKBGcCJ3MfA4LQvvvqiQCVAwUQNRZkreTJ6ktPts0d
AQGsMwP/beohoVn7bcp9kkYW0d3mAlbZyrDzbi6Q+C0lS9s67g4k/QzWLY8vZAYc
ywC2KDQjoc1mnw1bJ+S6u5WmMTnfrmXs8vUMpmM3no+ZIlk8FB6tdkKcIu3yuAd9
CFz62uxnekRRCoIFnWadeZSyxOmdxtO99MUaM9D8Ob1fOH6vPWOJAJUDBRA1GUPT
vFYqkcU0pUkBAXQVA/42rM5+DyOA2VoCCkYa0VgIuA5ECROFnwigcY8mxQx9D/Xv
30Z0ePR4Bigur/eXqCC0Tt0cy213SUpED38xsXtmchK2lpCH5RlIwbr2SZKNWGSZ
jGlSCRbLT2xo+WYxvXcUL0q4NYgG5gXG4lXUf8yyuo/MztQlBkPsoO2SLLX3MIkA
dQMFEDVqLI6s4VzBBNt7HQEB/asC/igF9ebzNWnIlug1gienj8d31znRL1YKcn0h
e5b5N2XPIXQ3cOBQxlufuHVZKL0Cir5MSozxnEsavqKSGhGQuEnvv6lbYh0/OJgo
eB40EDPnPGjv6kcexzOB4rUOYr46w4kAlQMFEDVq3TUpbj1jWlwAqQEBqKQEAL9n
C6RFsBFabbAw0ScsmW9ir/0Zz28pBmxMkUY8RL9Kk6jEkwCa3phztMao3qGajqXd
iw5hzfAOdY+eWPXq/sqE2f81uU2TaFCsVq++rAcDqxhZ1p47xfGcBtVBTpgAl+9s
8h33IsggglCumuhBkyCwOBFZ2JiN+BUAv6LbUvBWiQCVAwUQNYgrcJqnRzvJFyx1
AQGiCgP+LLh7c6FxqVQbgm3qpwgReYryaQQx8sdksX1gZ6jIEC5gYTDh+vHmUJdi
16I7Pz02e9R2yOsKU6e+zhCTauHtSM0CGYn9OdLx96WpJv6nul/KI8eztyV6Dl4k
T8rFbuo0qs8Ib9exDmkdRh78Ihbask69R1w/OwLIlKesOiLo04eJAJUDBRA1x/fK
P2UweumbYhUBAZCzA/0UQ5AB890HbWnvVHP9PdDT8KpIQYg7wm5aStpinY2/jfwA
zl+kvaAwL6nTsTJiWNLfZj4rLn0JsG8176/lyl4Lk6QLkbGyBD+/u8tD6yL0NzYW
lLIBwhxL8W8Fw889OKci72b6rrTcQNNEw2eZiSeTGJBQdZ4quDQZOthwtMEEe4kA
lQMFEDXQKC8offu9cgNgzQEBXYAEAJSZ+CEGKswFmmQqO2t0WaO9SKZxxXtnGe/Z
+M8emTESQecZ5oC4Sc+M9c6YE8jSH5CgDD4R5EHKeWXsVfFMV8wetcjgB9AicCnl
ki2hVT38Rf+b1go4lbKpPjKf+V32Xs/s/kblZ3SX11aOF7pkQCV2W1ebkZ+Tnim2
Ec+pwLKyiQCVAwUQNQnY3AMljPu+uSCxAQFgDwP9HfUvdT2mQq5AXhZ6/ARNemWI
wHb3OjP/Q9A9uxMnpIXIr42QW/jhQYqau2nkhdqbOBCjvOmRvOt7BGYfjzUJkaCN
zv5m84Ptxn/HiFYkQUHZO+Y52nZ/eTdtpjWNLkmDtTusfK2v6G5gArMpKv/VhN+6
5DNWVPOwLucihYGINjeJAJUDBRA2qPJqz3PI8mJUAQkBATVeA/49kg6YZ5NR93/u
gqXtjbhpdWi/YEpWDHYqdMQIAWaJSum4P9tWA5XoTToqP2bQTIXs8k8Vw4W1h+tz
ZUI0P+lGVOAyS/MQXVgo6hvKJSq79cHtR8ue++tBD+ng/OUzuHZ2UFAO79EOX4EN
V/o6dcwQO1qzdZkKiGy8M2hsgPKf1IkAlQMFEDbDNrLPOEYPxdAmiQEBC8ED/210
XIlOS7wKECMEAtGjSaHzA3T8sOFad0FsolSYr50SUNgq9ZTk+PIMwJ8lhl+EuHvb
chhyREg1IaSU0Bg1JQIyUZ1LQwY9tb0bnvS6r4bko1j0FU9pKhQ6iRtOrVNlVZpw
fc+ErvV9R+yHx+aoAhjosAC9fxBSC5R3Kdw+Pdp2iQCVAwUQNvAB7sUtR20Nv5Bt
AQF67wP/RH9H4fHv9p//009HwP76/3LnxsUDq9kcbYrW0LWkkHC9iRHi5+Lks3z+
q5spNmiw235CpGxzeiMX476lelOO8Yam1EmCdRxxkopBhMQVcrEuMGER0p6O1qWj
OnNs89bKgpP79g/LGx3Cz1ZWtZvv5PqQc9cv6z+k1xItRhpaxiaJAJUDBRA2hTtV
pFCQLAnT5k0BAZtSA/944wg38sIcRu/Odo94mCoIBbjcTQUeA6v2KXCD9tQ8JySR
eAGlvPEwRNBVx3fICnJQQ6ClmBikJbANstFc4hrK971KOj7zRCS4IB/N4pEfCbeZ
05d3Mz1iBvEZKtbRtwbrqx6Vxi3JWwsTyPAfz9QR1IofW2SWUq3pnHBROdGKBIkA
lQMFEDaFO2ny5WVM5g4qbQEBAMwEAIPX4OJqCG+LnbReaFem4hP4IN7MT47B3xXX
3l/1CMMiVWbbk2/rIdkPuPuayE+w8ypEY/gqMKnlwRFFp01BW4Cod370h5pJkaZt
44PnVM/NrnsB/Xhgb+IS1vIV4vOhLCZXBlpGAKysOt5hKX3myStNiu0sXXrtvnTv
OvvKf/ABiQCVAwUQNoU7hbCxcYNNuhCRAQH5LQP/ck50e2ZhJOVhg7poSmSaCer0
yDcRH8u4Z91ymKvXtXrIXYUjXfetUlDjQ/5AZvuZjejnC6Bjzpcw3Ft3OUdWuR8/
84qj5IK3cwXAMsUiKTtSJeW9VHSaYinqCQLb0nOV75wkabR+iiIAcNX7uTQZYOog
HFakhmc/TvxviRh2woqIRgQQEQIABgUCNvCUzQAKCRCKO6sOwF13o2vHAJ96Gl3l
rG45GZNXYYePHNhIbsCV+ACgrKj35e7VzunNxsWHc4RjTDjmOvGIRgQQEQIABgUC
NvCXlwAKCRCdqctLsW3isbGvAKDq0Slo3oY74pqi4VUA8TlwaHxLjACgsW1KipwR
yzhJ8N2FbhISt0g5RMmJAJUDBRA286RwFQW7a+L1ZmkBAVVkA/0bpmeT/tOkLdjV
IhWUBfDwDJgUR9m7vKhf8tL2r/SpV/tflpbw+5DjX+pa099XADkPCPDVLFyDowLt
FWUc6dcncBpG9nhqcjOsvyCuKAT7PvijPqZ2LRwiQnzjAlRRSFgPGlnPnzM9/iMe
zdW08JB9kv9luzbdZgJu9x5hytcd+okAlAMFEDb0TXR3HZKuiXLHwQEBBY0D92xI
14X3jkT+xs2QH3DU3OczIKbdRvEdoBAgek88xUU25mMXObnYbkc687lS2Fh6gbLV
vBU5hzU+/R5fdxDfnxm0hENyBJRN+3ZxRCXBOLDEmTTQIAfQArDhmWYHYL64PD2I
qUp0SHou7fdHsSAp4+YnSWO3o7QaP68c/ZdHraSJAJUDBRA3EnhMDHYkik6V2bUB
AVowA/9sm58IKKgzxiB9Xq+qC5k7Hh6B7ApkBmw4HO6GdHxu28Iosij2cUsz77cB
RQSH1Un6XWGtOVwUfjZXAmpi18x26msPTyvLAYacjdFl/OL8+CcDwRLWirydPjU+
TAop8+0N4qjC3XvpajFU/s/6KmxhLL6u2ipIzCAVGpWevg9SmIkAlQMFEDcSPci5
3A5J2ODMAQEBixwD/0KVQYiXD0tyHEUqrlHwErIAB+ZYT/2kfx2PkmAc/xbNO9al
yBz297H29JvrqXyYLBKkd8w3hY5e2TK7kagMkTicXtDvnCqnB/EnyTyHbDkCpV9n
by8ThZEDxYopfnoENYjASUZvzBwb+QjY0bEaSg8fP2qiRdtrYzVQjvGlQdFziD8D
BRA3HiUvIOQkY7cMoxURAvLEAJ9MoLW+73pmmP2+RL6psGX043LUVgCgho6nr2q6
12UdJiAArMIMsnmwC+SJAJUDBRA3VZ82zx61AyIyegEBAb0NA/9SGnzvfNMbF+Ri
w5URct6Jwg6YCUAYtuoE4S8eRxX93bsjzBot05t8w+FY1uGDSnCSQQ0GRTK2mtbO
8nQOSwbSHtEBbNy9mfjUnX8tMDHoY6v2laFO1Hq1G6u74cjruQoW5a8fS4Y5BaZx
AFMYeSnWjmMfkByqSS7vQcHrw+nSd4hGBBARAgAGBQI3fwEDAAoJEGsBYgkJ6xG+
aQMAn30+AZsc8AMk/L5s5StkQo5+3YTNAKDUSkcMC7DJbipIfQLnk9teS/3x14hG
BBARAgAGBQI4Em4XAAoJEDrQbg2RZy5OcP0An0H6L08cCmEMpCQdV7fY8twtnuQ3
AJ0To49TCQpQ6vWS9NBtDuPkgYLjCohGBBARAgAGBQI4OeNpAAoJED/0TyQ4fTjt
gqAAn1ZhYkiXzr1UlgqNoyR8ElgQm446AJwJebmpAnpkBZAgLeT50Q3VonSvCIhG
BBARAgAGBQI4KmSTAAoJENSlTUjFvnNYwGYAn0ZIiQevTcP63dNvYy12UqfF7pGm
AKCYiUztvhVFl/QP7LSnlwUFuJ69MIhGBBARAgAGBQI5ZAX7AAoJEMN1Z4b84RmY
TY4AoNE83txQ7urSKnMHBljVvLYhslUYAJ9UeeWyBn5MEQRipAmBOFCyWJGBcokA
lQMFEDnug7Iff6kIA1j8vQEBzH0EAK8wm6LI6oegVCuBdWoOTFJEjtP29BYoebvK
MirjgatuUaIaxOH+BNJD3aZ6DjVLdyac2gF8gu4hsl23iAABSBO7H4DXa6cEYJ+U
R3dXXC6LCQHsw26VTvqG3ugSmljtYU2ZqVK1MlhygjNyusrqOtPRcvF80k5MXVk2
ctBwF2BFiQCVAwUQOfXCbKjOOi0j7CY9AQH/awP+KzR1nOnyBATlshEP3bs40Bzu
BDOXiUx/S46q62pphA/D4xEdzcPD84bCEZlIgpvBTaQGKL9AXGoMvyZbK9vjiNHn
5sfBEWgBe+2m52iN7KKZlkMx4l3eG4UonAQUZbHQbIfsOZtnqxi3ZJfbj/kU5qtz
OywHF2zal22nAb1UxbqIRgQQEQIABgUCOrotxgAKCRADEujDXYzae6EdAJ9S/zWn
s7wFnaCMtcN1eXc79YHgyQCdFffNTVMfenyZ4u7hUo4RFK+S7u6IRgQQEQIABgUC
OrpFywAKCRAsbbJ87KtMILU6AKCDQgEueYAMj+hwxuMyaYAhYbvjbwCfWLJoX5fp
I+GBrbk7NtjhjI4J6fuIRgQQEQIABgUCOrmLFAAKCRDSD9QFytUJxl3GAJ97z/kq
ZtiT4LkUVMqzPtigENu5vACgkZrpeEUYK7+ASmowQ+kn3FNjNGGIRgQQEQIABgUC
OrozSgAKCRDa1acZvMEx3uqHAJ0X+14UBto1WQqeu+TZdwoLaMgugwCfc9Y1RCwl
DpY7PNcwud6/a8cdAXmJAJUDBRA6uluR9u84uPhDcHEBAV0JA/9+SQjQNuMxrTox
MK18hU+xFvaSFbvQ+ToI6SH6IZqn/i5EcH5w8xndZDyVNUwkBER3aRj0k83YFNNL
IirdrQeZUidvYIbBFISpL9v9O44FYvB6Nfs3gL6V7pPzZbqvA/6sdUnkWSwpfMkZ
aK3/BHP9Zy9jgMXjY4RmKGID0XmEIYkAlQMFEDtV13XW4KH+T74q3QEB7+sD/i8p
hy36SXsqqHMO5UKI3d4KR1zMCxLonKeMh3Q6fBFzWbpS7U6kWQo2xfMs+f/R0009
UGhGtNL3tCWkINmYu3b+xS4fTfXe0bU+QbwzEkYndigKG0xQVg4A3wIqf+EirMj4
lC3ufD/+aFN6bwk6Fzrao7CcepJtjD8mgXiAH+mviEYEEBECAAYFAjq6nqoACgkQ
S9ihXhFq3adNJgCdFrQQOHysyoWZobUH4yoFdDVEcYUAn3M85fzDPftJ5DMpzvvl
kIr2vzydiEYEEBECAAYFAjq6nhgACgkQaoNFyDTeLy89tACdF3g5owMLD4vz0jjV
SBitY0EWPysAnRDW1c0KOvZD17bAVZBxQ2eWwVA8iEYEEBECAAYFAjtUufcACgkQ
orv7JAz5VveHYQCgrUeccfmKd4HZL3U7eY/q+gk4htoAn2PZyw+6pgM+4BhsY4we
92GVNpuFiQCVAwUQOSdrzuHU/BTm0HRxAQEfGQP+MDXjIvXdVL3t8t6Woj9BctVk
7Fwn8HICugaYdmrYkqi8v1Za0QcLpJ7vYW6HFfabHmD5JZOP8g6Kg2Nw7/+xUrmk
/pm3Ha2XZec5PkChK/zp4Riz8uyohCesHSlBfohR6YuSgbWjrwW3JRt0UoU0rt9O
JpQVMvlp2i8PbLzsfKuJAJUDBRA4VWZtLVkO0dLSrI0BAYi2A/90fMGElNgYFb7Y
GqSbbWjurq2p3kAfrd9b6wVdGbPckmu66jQu431sYnCgI3DiDV1E34pPv3x0eG3S
Srlzk+1qb3dEKcGUpy903/IegJLqHDuhuxJOUfUrlIWlUOdF6QM11Rlwlf59s/Rq
huilK/ZG6umDbjT5gAqsf00L4UZN2okAlQMFEDtqIsaYB+Zb2EtZIQEBSmgD/Rmv
PSbk/rYDA0M+DwDh6iiWdEJJlFO0tN3m5jstrKRuBztUJqgYrh29LvUqxanHaQQi
eq+Cj7x6MUyn/hIIUpSf6rBjaEz7GjVuL/k27ooWGladsERkFafq3kE1ulJ43PIe
SquSVXvt/QkcxtKFaV2M1TkelJ7/Vx6IyXoEe4TuiEYEEBECAAYFAjwRHwMACgkQ
IgvIgzMMSnWKxQCcC+9T8Gs+o3LSRQL9ZDvAAWkyYoIAoOAGUxXVqBHm/iMGltSO
R0ByYY/xiEYEEBECAAYFAjq6EWgACgkQD4SEoFpiW2avOwCghBbvmzjWBSFrEjz8
6xotkCncjOgAoOAs/WG1hqmPxdFP5gQFThyyref/iQCVAwUQO7iKqZRUn1EgN49x
AQFXxQP/YSzGp2Xz2LLsdpUAehoLZqXZbZqTykncQFAS/w6GVpYayyk4SQXOTOcp
gVgAGPP2knWQrZad6YmIIWOyUjM4eSIR/XUM/dz07/4lmShJuJFMAuESzc2k/u3d
/Ks1XlWMpk+Sb7UWXMZeS3mrp8OJt4iBB5oEEmnQy7VDqKl81XSIRgQQEQIABgUC
OrmRCQAKCRCdtd0xUlm+yXFIAJwOHfmOFrv2oZCmlJVh5XOA6gMsrgCgk8Dq0FbS
uG77YvYvbvysciIlf7eIRgQQEQIABgUCOyPiKQAKCRAeFaGjj2WOgq0tAJ9JjWvv
eD5hZ9wMchni95qJDaGpHgCgge2zN+afIPmfTB8W016+oS9A5amIRgQQEQIABgUC
O+w3bQAKCRC/tn5vQSeKRMh+AJwMdyui1UmkiI+Oz5z66rwM94sayQCg5ksP/oLC
2Um+3naAtu/s+QUAGteIRgQTEQIABgUCPQen8wAKCRAgFTHVhF3+3ZiyAJ9gB8AK
WFHNa8Y9R8UjthkTpDOodQCdHGYT+IlIH5Md6BjhwDOylf9dg4aIRgQTEQIABgUC
PQesugAKCRBdjovp8jga1NyWAJ9F88COz7flGr4V6jojooPuFfmhdACeMeymmpEC
cknjZcGMSXHq2lWjX9mJAJUDBRM9B7hxtoTxfMEKh00BAeiiA/wKoJFN111VwGLC
xdHLUKWjF8u0XdXJiW1a+gnMhjYOBXGUkOVpEHXTCSHsZnnnzGAIXTHiGHckwNf1
RMIEWmJBGXLcGgLBZnn2/GmnYycggZGcZ/77XCN4X0lLIOnIDMeYwmbgOWR2NFls
QokwCUHq8h+IHwDxYk9MIKEs5Z0gcIhGBBMRAgAGBQI9B9wqAAoJEBj1A4AkwngC
VdEAoNPqjHVqS0IvHRsLKnrYkeqeFaccAJoDf5sV4WL2KBFdCi7wof6KbL9dG4hG
BBMRAgAGBQI9B9zsAAoJECH5xbz3apv11UEAoP4etDXLjDr00ytaoSQlDVd59wTK
AJ9Fjrey9e+fHTjVcSw3OllNI788E4hGBBMRAgAGBQI9B92jAAoJEEbtrfQ1fWX7
t/8AmwSidgzuP35OIvWg6EX90I2K40WqAJ9Lk6a6p4GrpgTkBOjneKKMxjelmYhG
BBARAgAGBQI9B6tbAAoJELVSsEN3OQXWCqwAniS19wmrk8si6aMR2GFD4KFiv2hl
AJ0XfhFxNpHqgsSoENB3VrdaKXpRh4hGBBMRAgAGBQI9CCkXAAoJENjKMXFboFLD
6xEAnj8wOc6J8TLVTfxex5GTJe4vqnaMAKCOKYR+jOR0mt8GFyAhVaPfYnFs3YhG
BBARAgAGBQI9t8krAAoJEJ+qc26EFy0RzXYAn3HfFo7qvhADKs5Jv7RlDzAcFuYW
AJ0WDxU+6IwkQhLOSvlP1RteUGp+tYhGBBMRAgAGBQI+TC8pAAoJEI1Og5a9UkqW
rZwAnRwKmzooWXTCRrP9GCOYw4IXDzviAJ96l4J9JLtSe+7amY46niXPsPCOmIhG
BBMRAgAGBQI/HteVAAoJEA0VSkszaizlfVsAn1pwxjrNGg6bMEg74sHeN1sHvgKi
AJ4mWclV61hr0tbkAKSDybVC2Ydyy4hGBBARAgAGBQI+9wRgAAoJELghiQKdsrW8
5+gAniOL/7fN28qsAm0gjUsQrfA8Wj/vAJsHS6LCNH5kcOxJl6XbQf60Hy6pMIhG
BBARAgAGBQI+9wSQAAoJEFIY2mCt64GLrdEAoMJF819q7/BeqggWZY5Ljs0Svp+4
AKCfwM2fDU+MEemFuPsOw9gl2e7/ZYhGBBARAgAGBQI/1ftRAAoJEKTWXDNQN2Zn
5SUAn3AnjtKazFCvt300gC/ONSddHjmMAKDXGvP5KzX7MT1lrCKn59gDa8B0Eohz
BBARAgAzBQJChBp3BYMB4TOAJhpodHRwOi8vd3d3LmNhY2VydC5vcmcvaW5kZXgu
cGhwP2lkPTEwAAoJENK7DQFl0P1YI18AoJsCg/sw0gEmXUfrYr2MiK/czbptAJ9G
kTxQSVAZjhXla/iVR/ZJjXR+3YhGBBIRAgAGBQJCNCzqAAoJEFMx5x175C/jgkcA
n36YbOwCbS+cLFPNTxX6UTq3eYIGAJ9rfz+bzc1E2uOITgD+/a/cGTXycohGBBMR
AgAGBQJAC0zsAAoJEBhZ0B9ne6HsSxcAn1k8p8GxancHCX/fjPDc3OjREcm7AKCH
0nUMgDieOO02xjVPbr+3mqfe0ohGBBMRAgAGBQJAC02xAAoJEIHC9+viE7aSBkMA
ni74G/7rlmiSNOdMtFjvYk+W67uFAJ4xXZ0pVKl6OCGQTjZflGhn6J3gc4hGBBMR
AgAGBQJAC05UAAoJEGtw7Nldw/RzIrsAn23FM2Ws1i5UaXyv1mTOGRNEqb66AJ97
uprcGOQYyHEU1oxE1GdgK/1k94hiBBABAgAMBQJBgjKxBQM+ZT4AAAoJEPiFAGex
HsLOL5sB/3feKat6T2m+zxDKW3soO3q/29BMBsO8vJjuDfgbPnvw4AZao2GiMTzE
4x6OgCIVtZdiZ9EiDj6GLoq2c2KWkMaJAJUDBRA1zw8pU2npLW1qNDkBAY9YA/43
6/vWJHs6r0UvDO1cjJ6IN/kLRda1z9DPjSo6ZdyzlfsJzCCDHP0AbM+fvgvKQSMD
2qvneIAO1xXsRgdcxXqp+3SQNdciWjMOUE5tMy1hTx22T4Sbb+uuhZilpnf6lhIQ
62PkdhVmvu3TNIIUfnGdgwuo9PfzAucQI+E/huFsRokCHAQQAQIABgUCQX8t7wAK
CRCq4+bOZqFEaHUgD/9RkV6kTobCLxLCaXSz6iRCaXY5dWHfs98m0ebUjy0lhOxH
Jluc/4h+FRmbQFHNtHiOKhEkHZOhjk6eSYND9ED2vE6gpK1WhmQeToDSbYNzm2e6
NzUrjJBa5jqLFG+VP0LEXqDGfVrVIYLnnUBeqeE580vCIE+cxgilBXB0wcOUYYaY
0CKFSoapGaRboxwWOzjTcdvMv3zRzLUCZD0z8Aj+Bbl5psw4cfgjgj5qL/uzS/vk
0meMVbGd3HxEfO+8UTTC4GWLqqxa3hxPfE4sWsCLCSyHg8YDY7I3XWp0V85teuMZ
srfNHL6TTqwJOeoxYv/G14CJd++ZNr6wc0gOqeAQDfGPPP+tsdf7P053Fh1gQHMZ
cv2vEZmKh8Yn5OqDYvQmU+WRlxExmZPJHZhsNifGMW0eLMcppc+J1/KzRyawNtSh
cXFoWBgben+8JFPKohVzHUHrbXKaS0N5EVpThmFCDF3wqLhtAjqYq7ViLcQuLlVH
y8l6W9vJskHvDihyRDrqdhaHIIKk7IFRg9CH5UyfZVF3ZkFNf6VOC9nC6JhVhXqd
XgnYyiJ8D6HEJyh3Da9kYlgmkIFhoDHLOX2r+GOXbj2ZCKD1P5Tqo/SDDMZQ+pi2
jHc0l98gAubSiM+54fsLwX/LDgzqVICvnnft07D8ELwSJk272rgWSgtlnuo0ybQs
R3JlZ29yeSBOZWlsIFNoYXBpcm8gPGdzaGFwaXJvQHNlbmRtYWlsLmNvbT6JAJUD
BRA1FKtufEtnbaAOFWMBAa00A/wPLDXtNmFsA8EMdbBzKA3gjd4Y1fZQnVpT2tQI
+FrMOCYH90Ncfp9pZgFLaL9tLV1cbV6IQowtHTTchmZSDijlzf0fIOoNypHQIRDW
qx/RYm8P12lwv1U5777+UEFjU91RlA6fZTI/61LvC468TcADVnEn1OZo1INHdAhZ
mE6saokAlQMFEDUUq+i92o/WP+p9/QEB9KwD/1PIjI2bsFxq9vNLghbRKRJEqpTb
8RVvguCvvPY5bitqPus4VLvze95yTOxx7e5AONBWh/UyX8Z00d1Q0Sm5KZmdcz36
5IH/nxP60ICp/Hp5PH1gjAXRA044go1yKDTSytT8r9P8dMlrfp/JGEWkuBlf3eZ4
pSu5Rcf7iEjmZkN7iQEVAwUQNRXj2uNaWM2W6V8rAQGGDAgAiDH+jzoNEYEEtUFa
Ra5VEds0AhCL/4qFjRnVw+NxQ1pLsj5jhozmPI6SGIuyNhwS7aW10VjZdNIoJxln
DIRs3WaiviueXMg0yAteLxhXO0lCjHEFDhFX8jLcrTGLza/veRARjKpX1GMYaKn5
ILgt2Qpmb7tnsXRp3Ul7sQwPHdCnI8Q0QLiKn4e4HpEExJCC3+V5H50sLBHRcLYV
v7wFl2EjTRfy/EOUl1Yt+Xs9KqjCU2ta0s6ERpASnMaZSWe2EH5wbs6duS2noheu
lE/f+rQIICjn5Kg/6+1MH1R2BivOh7swHX3qTr/oSK4aLmWYl4ZBUOMqQJBYGl49
QDoBU4kAlQMFEDUWZMHkyepLT7bNHQEBzKoD/A8CbFiVD+8hCwzsXMfGYdhGO/MN
SfeAk3GED6hfPsWlaRXQLdbcNT+vyltJI6tmq3zFvsZXl0Yb3IQf5fJM45qHAyEM
egu8dK3+K8Bu2cbpWYKiNTawfBJyD8zwQXgT+GinbRjoPEvOfOYh+M61qVumfyjl
0HAxoHt+KXTeyVfbiQCVAwUQNRZrsjxhKEdMqyEhAQHLAgQAoU2Z0J0uj2AGKfDj
ge/9HrzEroPtD0hpMRM2GVXK/1lIIo37Gfg31TmLV8Cr7i9zvslHiqD91KrPcCjE
6/LVSL/IHqBWKMS7hw9z+BDmMYziPGJPf2zUU+BNDaBCUIufDiM8MzkQc7RIQhS1
s/0ggaaF3zKS5qZZsRFHB5I9K8qJAJUDBRA1GUPfvFYqkcU0pUkBAZioA/4m2znf
4kSfnL2hks57NIbM+J0hSXZ9gtPQc+Dj5SBerrJWnhuxkf35u6fEIDz3efdO5rzE
UrWivoGC794edDc/XJFLzwd3q1v18u7cQpNYnSNtW9kGgG5gGENa9R6xUF6IA2Pz
25Y9qTGFwtLF+Hn0Em3OTk0a+luoo6sUVzSUJIkAlQMFEDUfrmwj5GLUv3ukIQEB
4osEAJfbBlxv08cBsmnI64BusEwM/z2IYftAhgxY8gtMD10IxPyAiOv5I5en2DYR
UHUTT2IX2OPE1pPYqiIiJ6cpZOYni8yQ+tsq1JVwmR+ccfzANz8w+cXM0Tu+EfuJ
VcbiP8xl3UDBpvj9MncwJmt4DocjfvOV88xcv0DrTzIoX3y3iQB1AwUQNWoszKzh
XMEE23sdAQGT/AL9HfhWPc8UtaJBtq10Bbm5A6AURAoVpyjEjvsvhSo9qwxMaEre
xF5+OA0FnfGt58+ObtgrK/ybJ7Tfc69jozgNwFBLF8h5hx4w0UJWo2uRu2hw0c+M
2gg68RoiDDuXdQH6iQCVAwUQNWrljSluPWNaXACpAQHLUQP+Jy7BnfjdjgIkYSbw
mcy7usYVBIzB8GCb8bWM3Kdkd3RXM27YFipfARpHgPdRsJthEruudFjsk+X/RgtU
/s0mXPI9L6GSThDAcXn6wgOI5cEQOdQqZWJu52wWh5NTlREe81GAgaJWS5IKgo1A
N/R7zGf1oUKCAF6SjKVNs0grUz2JAJUDBRA1iC0MmqdHO8kXLHUBAUxEBACBJSVF
oqqCk/V+05xx5SB00g4alW7EHTY4QfYP4bOUaZf6YA0Ql9aN9gtiU29TpI5VjHdk
bShXEgkmE6gysJp8UH8b6P0oDNBr91eXaU5TXN+YNIJLICRoqMxCDv+h5+hh460Y
eH6UZr/Mkh383iSauvibbS8vLkZr8sAuBUn6f4kAlQMFEDXH95A/ZTB66ZtiFQEB
rtgD/jI55V14bVB/otVfNo/wM+TfqsFiiW20CtkHfeaBONwSPBEvvNDALj+fKAPV
4pJHBV+i6rp779hUQuYbIvkrEl8eu6aDLEM5O9ZqsQ0fnWPogsN+jgSytjbSE8cQ
CCkMI+/cTas4LH5t3KbYt9rfgv5BpGGzjaJ2R8+boQBvjdI0iQCVAwUQNRbZnwMl
jPu+uSCxAQGO4gP/REXVFS4pDcwBmmZYIFUAJSw2cNDi47vBh//DhQWGXwzrvTLn
Q/o5qUYDBjDJsZtb2uPDZJ1lPj8oYhn9fCJGBbea8Bh9jxxQUDEraLd3LcD1FsLz
gWbYy6yHOxP6OmN45KYzVazy4Pdj+LTKuUlG49wXlJpTu5AA51bzbBEdvXSJAJUD
BRA2PGmQKkR102trdqEBAWPSBACqoNyF2Eswn+TXnYJJE8xJKBaqsEel8LHyxtO+
fAFzbUD0812S+aZ4gA9XUZP4CB+lr00Xbx1H1f0xM0m7NJ+HiWK37kYxpythMLqx
agw1OG4mp5ZADAPUfC8HiMXYeQe815ufzLFd/eG4w91wD4BF0WsTfuy1Sows8UZv
DAuXQIkAlQMFEDao8lzPc8jyYlQBCQEBDUgD/0WJlIGafmsmUSBmbnyFn76WjE26
sxfJJJSJn6epEFDSP+km4UVyFdHjj+Ri/Q8HzJHRh+uvRtgfqe/wXrAc1Zhk3Pd4
lIF9BN72ducE0pXjZz64mrZR6/VOca6aib7UtvGHrmdGSfrRLL9qMfx+e+Ysd1yy
IUh2JHk3obkIao1qiQCVAwUQNsM4js84Rg/F0CaJAQEwbwQAwiX57DisYMxVEOOk
RBsAeAUVveyjBEOzNJ6q2bgst39hAu3bZEspXP1EFNX9mm/77gxlYwDh/JBPqmYM
DJyJfym0nsBQQOaj7OiObDxkpk3ZUGyljvBn7IX00d5IykeoOdP/jilJOCmeuAGX
veEgs3kDmHYFL9VQkvjgVnJSSEOJAJUDBRA28AINxS1HbQ2/kG0BASGjA/4/OX2S
Onqu4M/wpYs17rKPOLt0fe1/bMqwzfumu0dbTKUl4dAXWqIDFF1WMlFk0Qx9id89
AcLDKz/lD95O9djYTRpw65obytWKNA32Tvn6k0TKM8nlW8GOjvo34JCO7rkW9Swe
sewp71YcqxCASg198Vcd4JbTVxdbGZO6sxL+uIkAlQMFEDaFO1WkUJAsCdPmTQEB
wxIEAJcZyacu/eg3bX9EBD8cj7R2UorZyhC6eaWiFvwTu0NO6yUlmFeF0R0dYgPp
YwMEAzbviJKFlLwH1GbevH+Q0+aCBIJttkxUP4Mzlfq4wBh5u22YqKl/N3dKXBqV
TyPMnLjNeMXDpEc5rXeHFoZOgIoumj0Rx5qk93LbN3a2VavaiQCVAwUQNoU7afLl
ZUzmDiptAQEwQgQAkEs3DVDOR6Ge8lt2u9oDRj/G8lfPjrTKYBqid9PdD6+pXFTw
Sm289IjIW7UW/iBTrr/LVmsiYd1G7e86/ps3bpuGlBzEiNbYqC5mbrfmKFdAIZc5
RnQKpL3vNz7mQWUxXj/nT73aluUTyb3Hg2aFVNUaNZ34sAB2zjxZzk3v49GJAJUD
BRA2hTuFsLFxg026EJEBAZ3dBACMv9QR7DzAcN5GZhWCnaE9DFUcg5+hCPhrIcCI
5YqZAx1MAE8pVTtBQoFImELkBrs0rJnVhDIqmgkVApRmT6ecF5SD9IPpm/iympgL
SuKBOP3s2d0V848P8BPrFS4kQ2eq7uWh0iENPTRQVenA6ZUZ2yMwI+oKxkKMFrvT
0HnZyIkAlQMFEDbzpJ0VBbtr4vVmaQEBbFoD/RmGIsUhBh6Gx9R8o7SYwwdDb0ry
6v/624ihcFMiLgI6T2D0zB2ol0XTbYYyUZFa2XkoTjq40fWOqA7DIor+MkQpDrxB
pNPlRktoe94YPyx+M6b+O9yhx3U/8W+UP2ABgXR85NUCDxDTnsKmxJDkkinJ3rGA
/Vv+fl5wdw3YVAgKiQCVAwUQNxJ38gx2JIpOldm1AQEeFgQAmK75xIhzb84Qfh9O
LiFlHG38Ej2xnWgeqmO5VjL/JVYKyUTM6hzO5vQ/WhuSm7dDd1db4aN0Um/ySvmT
oaI1Ct4UQfuenUmhWCEpdVPteDHBsvfzPCTMp9ezdR9kCXzri/YmpbtG8d32Q2FR
/pEphCz9Y+R62IfHzBroe8qZpZuJAJUDBRA3Ej3hudwOSdjgzAEBAV0xA/4ru7K9
M9wahHN9w2522CU8F0IL4PXeMtESANxyLnjNXF1MJiRAL3yGaAEPwNp6cPzJ5ogx
BQGWSdHnP6htzsTZFRRrkFkzzYVh2WdVDV3P9+x6v7C1Gx21xpNkrmlQkbwyhlxP
SOJVJdj3e6B7+L4Ttqjz3nafaWBGEuUL642bSIkAlQMFEDdUXQ/PHrUDIjJ6AQEB
Y08D/0SXXMzYt2EESh/kzd1O3SO3Jpcn3O8+6Ggr7hm13mM+GxqjoBlbH04FtNP1
01FdZWe4ti3V7R/JT+MY/Mpr6SuHqb9JcVFlDnzuvD57GqAcNcw9CAEwDMtBoGOd
o7TPzUhykW9BXr2Nv7EUo/t5Q57bKKDjC116+S63Ej1uh8jriEYEEBECAAYFAjd+
/lIACgkQawFiCQnrEb4BdwCff7heOPbXdtoqEJBL2U4zxWkgmfUAnRHdMmpcQiNs
iBA6CwArw65vgqVziD8DBRA4Id1XRRnWk29yqT8RAnveAJ0YzBmJ3QcpKw2pDy7f
FlmW9010kwCgjTFfi9g4oM/q2wCcKLO2sw761kWJAJUDBRA59cJzqM46LSPsJj0B
AWF8A/9/UFdyqewGR2sHRpyqRmNvfGfUbxOO86csB+4XFZ2cimc0Sod9N+gNT7W9
GFH6QHhZqF/uDkZm7zInb2AtCuj31T5Q6EgCNkv9x5PE8IxwH2FFNLby/cZrf+ve
s5Uavp/Wkb9uY5GaAZgC7gq2KMMlFucHBTKAD3/mXJSIZv/zbIhGBBARAgAGBQI6
uYsaAAoJENIP1AXK1QnGSm8Ani03N1EJszyqDX7RstHomoQxp1o3AJ4oEHSYTWwz
ZYbJFQKZ/1fcutFBUIkAlQMFEDq6W5T27zi4+ENwcQEBRngD/0wkW9qleK7VAuVB
f39bDy6Ff79GfZEuV8vEHHuc0q4kajM8ZZ7oC7NBwm+N9rTz7YWmF6ZiqE11zDUv
ydnkNyz6fTR80tD0aUA8LAOvhWLdBRac90NeCKXAuBRVOD0CQWXzLYBiWcJOKAfN
K4vZukVdyTpXerAKY15f6KNejHNCiQCVAwUQO1XYO9bgof5PvirdAQFiVwP/UoUN
zGm7AL2CugIIRuAXYGZY/GX3OgZwNwAw0ckNajm+lPjHnA0VP/+8EaT/XWlfoLAe
q9lhUq6oQZNvuU+zw2/muY34jokGTq1Tvft7UHxfiNuS6U0693wbNh2++ziWSx6T
9JZ5v0EcGgIX3A4AmV5dQCv6h+yuY5UyrMIV9KCIRgQQEQIABgUCOrqerAAKCRBL
2KFeEWrdpybyAJ46GW57+Hjq8YIO2sk04o2F/T0zogCg0KlVWRC/HddImQF+kkvp
wsLJRzyIRgQQEQIABgUCOrqeGgAKCRBqg0XINN4vL7iuAJ9AErWJU78dUK7lGZIf
64HKpONLegCfcfd5rLM7PMZR4oW8yN5h3pGsVByIRgQQEQIABgUCO1S5+wAKCRCi
u/skDPlW93b1AJ4zsWpNxu4GoRERovK2JZHA+LE2AQCeNTkbmTBLayBo8XUs4ZfI
fxK0SEWJAJUDBRA7V0WQ4dT8FObQdHEBASViBACx2nb4Hbl58MTqLf/txnAcG8bl
9pIGfS17BF+J8vyi0HhiEi/NaNzEQtvWVG7ZsEAosAUg4DloNzf1uKJCk2cktxbM
htUTz6dCF+sqMpVtcFYs0oaHW+5UjbIj1Rvz8oGyE5+2swTdDnUaTfUxskRY53Ju
M4HJSbnbedH1OFzuqokAlQMFEDtZEEMGfl7Yv7VlaQEBcxEEAJ4I41zohad49XTz
jOlU0TKPhDL4Xpe0riQQdAniKzB57IILSBRXOejXGjEVOwcZQP5Naj3WBnI1cxyb
qJPKxL5olNi47xfhxf59LgWLByO8NSgk2bYApyOxGVCD3+ftfg/02B6KPs8sQ7x1
z76H1ERRn7r90nBmYO4c7Aq7PI8TiEYEEBECAAYFAjwRHwUACgkQIgvIgzMMSnVB
1ACdF2mIpA38PvfqS4FXxlqVnVdhnl0AnA+xFPyj14WS5IorJCS1qCxmd3M0iEYE
EBECAAYFAjsj4iwACgkQHhWho49ljoIRugCfRkwThbWMldAOp1Lgtez+7bwxx2gA
oIOZIhQGDH/toEBG5csUH0FzWXD3iEYEEBECAAYFAjvsN3IACgkQv7Z+b0EnikRL
nQCdHzq6KDoeb22oKb0hZY58yDPvoHIAoL2CvjMWh/yL/9iL87yoozP9XU3SiEYE
ExECAAYFAj0Hp/UACgkQIBUx1YRd/t3nUwCfSqOgkUdx1dh6Yztl42pEtcz+H/wA
nj4UkKFkISvZDPLoYkj0lSBy3N5jiEYEExECAAYFAj0HrLwACgkQXY6L6fI4GtQR
dgCfQJEKqq2eDiIE6Z/l2KZF8YtWsHgAoL04I6SS8/7yVZDFcwqbrZKBb/nQiQCV
AwUTPQe4dbaE8XzBCodNAQEhAAP+MPRqolmwo0kdrdYCi862RchI2txhhotI3dZz
6npVsxy5Ilbr7fOS6hbn1ORKg0cPpOt3mxDan6cJD3bFrFPXcMYaq9gSF+PkHeyN
HO50o/e40T8IuS1mbLQeRVPIo66HIVM/PW0njy0as+r53a/EUQwSKpK+O2yYxZ/v
3HM1YUCIRgQTEQIABgUCPQfcLQAKCRAY9QOAJMJ4AmDcAJ9c7hQ+SGFYpsfGrlDD
UWWrKInMvwCgnme05M5csK3gCJR6WGVnr6JHlSuIRgQTEQIABgUCPQfc7gAKCRAh
+cW892qb9dDGAKCHJldAMb4TVYHcB3woq4AFUGg9GQCeJxuPrqWyLOl93dnj9LiL
16iDDieIRgQTEQIABgUCPQfdvgAKCRBG7a30NX1l+9AmAKCrC01ev05bLOQe9xQf
tkgTsAJLVACfT4RGoxQiP9bSVXXc2DPnGyk9mbmIRgQQEQIABgUCPQerYQAKCRC1
UrBDdzkF1j9oAJ90ewyqESUjUSNfxx67nRf7Bf/iwQCfRxsgP/H5kNxxO6zdvDmF
P0CnaAuIRgQTEQIABgUCPQgpGgAKCRDYyjFxW6BSwxvcAKCcciX5v/zG9JJK+l2c
aSg4299xCwCgyBxtWKCGX5DyU10MXMdULz4RYnGIRgQTEQIABgUCPx7XmwAKCRAN
FUpLM2os5bUTAJ9P7VepCWX8qVaOQR/n955a9r91RwCfRssn6/is7V1qVV7Ee3NO
c76RRAiIcwQQEQIAMwUCQoQadwWDAeEzgCYaaHR0cDovL3d3dy5jYWNlcnQub3Jn
L2luZGV4LnBocD9pZD0xMAAKCRDSuw0BZdD9WDroAJ9AKRizGzwsKagEtLw7SkKx
R4A0IACfRXvXahL3rLXXJH4daIRTFLoOfouIRgQSEQIABgUCQjQs5QAKCRBTMecd
e+Qv43TBAJ4gvecTZP53Enhw5LKxe3Yn2NaUJACgg5dM2hEtHtA2APVewU+PifZi
Bq2IRgQTEQIABgUCQAtM5AAKCRAYWdAfZ3uh7DMDAJ0fWKmQ0pzgBjv7f51mn9yw
H9XsLgCeKNXyDfFPROiUezxSq8z6G1NgFTWIRgQTEQIABgUCQAtNqAAKCRCBwvfr
4hO2kquOAJ9PuYi3o9pazwVWcaNaVXkyWgeT7ACcDPr/KVgw26+RZc5bhFYQwxSV
On+IRgQTEQIABgUCQAtORwAKCRBrcOzZXcP0c/99AKC0s00mJCxM578qEFD0NoQ3
QNYcMwCfQLVGqxtIdLpok/wzbw5rzcShIE+JAhwEEAECAAYFAkF/LeUACgkQquPm
zmahRGgFdg/+OBnbqk6PQlWXqm9aKDpyqtToEwYDPzueWuvIM+OzFuz+B8En7RK1
IMwcsKUj0VzLgNtX81xoJd+c/1JOIxQrJOtLbPKAk6ToNX8fXr8MqeHuTCvyYGWQ
NChCyIfmvBrwIHjxWpeAEaJNzTC0y8vXEpOcveownXqV1XmcOD/BDFYky4/F7xAU
Cf98WAwTpAq6vGclgvfDqOjB67V+ZXw5EqRDRwha9vjsI6P2Tc8CSWGh25IfmhIp
TjP58AiFdKuO1Uh91XEU4t/ETOGMHnw3lQuIBCyj9o5p3N/nd4J8Re1lOs2qhhOg
kubrNsrRw0oaenGbJZclALBd7vdYq5kM85sQfr2QbLNYXtXKsQerjNpMfkLjZXMn
+6Le+MR28vAAoIoEBB3H4sqO99bLaPB4E6cdHKMnFJhlnNiaXJJKNrAD1dU0mwz2
uxoNeYEu/MTdRYBZZdEEsmbORHOSbvamGAl/eUQA85K5QGXz0hArgZ9HRkY41Wrh
tPEhTPhQIbX7CAZb0R+KV73wZjelEV9hpPz2IyHb2V5gJJOhdrXOLzdEJacMllHY
p9fUmfxDnIsaJW72va6WxdDGIdI7FtFtv6ued4ACgzc4T7w2u24MVpD36gDWWC7W
ThUt9uNU6kU29eAHZEBI4WheX5e2wu1BxgjVAn1LqiPRyPK3jr9kzy4=
=eOEB
-----END PGP PUBLIC KEY BLOCK-----
-Type Bits KeyID Created Expires Algorithm Use
-pub 1024 0x22327A01 1999-05-30 ---------- RSA Sign & Encrypt
-f16 Fingerprint16 = 03 3D 49 6D E4 D9 D6 01 F8 9D B0 3A 3D 68 6A 86
-uid Claus Assmann (PGP2) <ca+pgp2@Sendmail.ORG>
+pub 2048R/A5AA5BE6 2013-09-06
+fingerprint: D0EF B47E 909D 1550 525E 9DF5 1090 AF20 A5AA 5BE6
+uid Claus Assmann <ca+gpg@sendmail.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.4 (Darwin)
+Version: GnuPG v1
-mQCNAzdQxmkAAAEEAL9u1z33O6eZtDdHyhLP58+gXXxXnUR11rZ5jccPp5NkgXa7
-Mg1B4E8CNrs0WeRlXe9Yiyd3sgtS9oIYGhpw2YXs+CDoX5QYl9spiYeDN9lxox3g
-XGdVYtxChCOOnD0iLxbsgO485zkAR/xcyC2z8RpOYzf2sTSgf88etQMiMnoBAAUR
-tCtDbGF1cyBBc3NtYW5uIChQR1AyKSA8Y2ErcGdwMkBTZW5kbWFpbC5PUkc+iQCV
-AwUQN1DHlabmDSw+b5glAQEgBgQAjHLOkeHu9yg/6iefhesoCz/w4kgETjcuxa4m
-Chun2ELJqtn6oi3Xd3LBNCttSDj09u1rVLK2YlWKtV6gB3FAU5KD6JtkGenN/2mx
-KAczz/zfj4eT6STHIBxTUe408T/0oQex6Y//U3nD69KMCtb4Zg8YxJPEAfwHQNep
-ABwni/mJAJUDBRA3UMd8z3PI8mJUAQkBAWNTA/4s8blaNZ/U+zVHhEIVzM03QXr4
-3hoc8s4zZyQ1CNPJaPaZvFUn7QoiQOUyWMGk04BEecbi/ByKxhISS4Fu2ONOUcK2
-AlPcpMeBDU2GItE3JFY84UGl9EPQ7F5ZN53X2YgRvtTPxk4gEc9CU+cuz2KkAy3j
-u7bnC4upiIl28Vlr44kAlQMFEDdQxmrPHrUDIjJ6AQEBg28EAJL58R2EIDh+UIzb
-7WGfzmzeBxUFYvh+OSaIKZl/M25IZjF6lR+RugzAPlZjlhodzvk2Hrulp6jXHelp
-Fnd5XcWZbLWfSl+C+T1zdE8bnIKxWPKbvHyjvxE6URWbf1gY9qNCeGQ4IqKyRYLS
-xqwi/jGPN72lgC7+Ias8I9ACKBttiQCVAwUQN1WXf3xLZ22gDhVjAQELWwQAn1HI
-NXHF9DZWi/WCzHvgtEYn8yrGBXfQWjZWIvJTBBaIZv/aAqNhtZrwdtXvoNVGg/+V
-DFFL4PmHsKcLGFh8REIP7wOl+N99DsQDDJEwPBYS3aXNypz4wtC+iHF6qLeMapv2
-gZK7xrn9Bckg3CS+bQxEKC/tWWr8y2r0+C5djQ2JAJUDBRA3VKawechJ6GUP6GkB
-AeYfA/4yqbrPQ23kk31Pl3b0RID2MkyB/Ib4fpe5URYDx37Y+fQIGbXI11NqqKDH
-5TiO3WlvwscbCFEYS3Gu2/6WiJZ4Bn6oU34umAS0UwbNxNbeUUWYxce+u/Tkqt7v
-7/NRY01uBvWdB15uIS7fenCFBokV9FpTfCHa093H3vjd70dOtIkAlQMFEDdgM49u
-AhsP7LmozwEBH68D/iFfvhk1mzRg324gqWlqR9xxlFWvcKO5QF8hcNnuu27cUSET
-8tRnt3dSQOil6HSV+yM+ZSG+q8476Q2yC+B/tntdtCyNdJCXlsaXAOmIp2WC8Nki
-n8ia0dw7PYxhoPeYG79mVMOcy5HPfbkd6fr4TYTb4xbVehE4O+dIuCA/QQpviQCV
-AwUQO1XXU9bgof5PvirdAQH2AAP/YxBriSGcc3VMPN33UdAEV+5s+sSqQRNy1RmR
-qe51F1fiMMRutqpUgfsMUj2ckUgPiMeDxF69mUN1ls5egnptUVoM3APOlAMned5K
-/5vyTrP3smgJJ0NvLj2pf3ScLoRp7bKe66eY1WQLSgykTIkjoyRtX9Wo3Ou3PovY
-5shrpDKJAJUDBRA5J2t94dT8FObQdHEBARsfA/9/ilJBvkT52/+b5ylmw0OBExi1
-BYmoPwXVbA0slhrX5deIN5QobE5Zc7lydUfBa/CI/4KsqFcHH97pYEXxTw25/iuo
-eoJ2PVvBDfWVLKbCAkZlX23zq4kiv2boJO6wtKNEUhvaPY0E2pMoDONi6R/NurQ0
-pApPjBLLOXA5YdFwDIhGBBARAgAGBQI7VK6OAAoJEKK7+yQM+Vb3zZYAoJCqpiXc
-+k3SD7Qrgk5cCyYnf70rAKCk0SNyD7KauCUCjULUNc42TjIbGIkAlQMFEDtYywsG
-fl7Yv7VlaQEBMfgEAIi1anL/NDvkNSU1memJ5rrnOdFVVs0KPMrqON5bvT4nZ54m
-j4FvftCY2AmQasS6AVsUnFbx11HpEvFVGs8dVfrvAeNy6RiRhlLKQJOncmECalfh
-SIXqPke2iCW6+zdG1T/gS5T9T9/Lf2c9FQf0FjURAi3ynDA2RBLA5FDsI8v3iEYE
-EBECAAYFAjvsNnUACgkQv7Z+b0EnikT5AwCgz/MKoVVRzKZrQqBUfaR1fRZEk/UA
-oMfykSYtxU2vtTn/apyZ+pOuLHRNiEYEEBECAAYFAj23ySsACgkQn6pzboQXLRHC
-lwCfZamY7M1fQX/9f6wQGq5sKi9EHkYAmwaDRCa9o4rHVjogkl4XVBp48jq2iEYE
-EBECAAYFAj73BGEACgkQuCGJAp2ytbwo8wCfZOFd6B+62j/dAIzQ1FIdhcAFJfoA
-nA/Pp6NUFLzo5mfbdxwqcLYwfDSLiEYEEBECAAYFAj/V+mQACgkQUhjaYK3rgYu4
-wgCgteBhYhYRwtKbmpu8cH7mqpPoypMAoKPPA0id1LpOsvbFuzspwMYET/lhiEYE
-EBECAAYFAj/V+0sACgkQpNZcM1A3ZmehNQCgv3iGcnVQrzG2y2AdooU3WzukoSMA
-oMk4mNBNs50XMJaxUEL0A5DHTXGviEYEEBECAAYFAkALSVUACgkQGFnQH2d7oewC
-6gCfcpu1YGWFRnCrwNWRQAJA/AKR/Y0An1ZOpTKjhGKTX7Pc4sBDWULr6/AEiEYE
-EBECAAYFAkALSYUACgkQgcL36+ITtpLEOgCeKB+Ms1jRlAG0jOa6pszx7AqmB4cA
-niO2Ewctj86NRPQ1ihvosesJD9+QiEYEEBECAAYFAkALScoACgkQa3Ds2V3D9HNq
-SgCeIXXFJIevu3l/mVOQ1EHAJQpxJMsAn03ESc9ps6rITIjUT+8QtXSbMu2qiEYE
-EhECAAYFAkI0Lo4ACgkQUzHnHXvkL+OtSwCcCnP+FkbPwoOaLnaRZmpGrboGIocA
-n25jiOYVuqz9nQhdwBxycwBx4MDniEYEExECAAYFAj6IR3gACgkQ2MO5UukaubkY
-6ACcDolFeHT3Gr9tnkmsOgTNk3RapusAniFhht4QVOYPmyXlMk2XzHzuzLEuiGIE
-EAECAAwFAkGCMuMFAz5lPgAACgkQ+IUAZ7Eews4XxwH/eKhCQL0kShEQjr1aMtwX
-RpEKed88kbC+KXLr4Jnly96l9qNMO7WL+bhPfa2JYQHUeNf2u3YeJF+JaHmvzKFL
-sokAlQMFEDtpzf0j5GLUv3ukIQEB2C8D/0sFqS90GMEyPKVtrFgjq+ARQ2Ko/otc
-/OIIndguYjv3G+bdRpVynEk/Dedt/RRn/M1jAC2IKQDawSB9c6lY8UKkAEhD0nwd
-I+w2qnGpiHsGm2UhsYGwp+BRp1HKPtpriyvwyMRtyrgf2H3v5g2TsR+VXbEZ9fhf
-gCszm+1aGukziQCVAwUQO2ojRpgH5lvYS1khAQHBHwQAvGlE1z+C6G385T5lSFF9
-MNW1qXmpzQ7xtGLYHJSo+xCRQbKYk6Ewm8hcH6Qi9GQnNH2zGU1E5zwJUPEQN7dO
-xKNAn8+57gl4KyG2qDpeeAwu1VHSyi7bTo7WEw1tOm3oAK93F/AjsHrFc5oKhM8H
-jJ4I911BawgT7wUSSMyyRPaJAhwEEAECAAYFAkF+tPsACgkQquPmzmahRGiOCA//
-ZcA0aE7UTcR1kduVRMtqZejIXviujY8SEAyk2F+hymP1esphc1vnw1RksuNPXswA
-XeZtSiUESwKcr4z3gaYUPaH8G5acQ5eT5zNzWTVXFR/1Ys6uetNxLTFITjzf+4kE
-uaODW++NIrYBWVs54cA2ZqyDWijG+d3dbhtBbmtNIYnA/P8qgaC5x3f06fgtPaZP
-gUTend1s0uUez7LrHXx4J1Hftz/UnfNaGidbQtlSB2eQdi1ejrhiAFtmcVykGibK
-/N5QdsroJu551BBl6yl9Q/ymdf7fHgcFLuxDjqiB9Sd3SsY7i4M6EzN8tC4XnOgQ
-EbLQU8YcY//ZgYYJG6BFZBW9GUp52SZMOsrLj6I5DQSPBuejoJrCsCAeJ5kaV+li
-pKW4sUVGmVWYuo2PQ+FqsUBhI5vei2sTMAWO0v65revDoaL86i9UtwIZ5iToID0w
-PE86SUpypUC/sqrDdRBjG+JO3GWR+/UNdm7OzyxryhCEq/KY7yN8bjB7T8DjCRCo
-7PTucFo2QCfagwpdf1VPuvIaesLy25R/9K8+tAVrAOllCqP8pA20d2GJGGbC99GF
-xsagVq0PL8eq1KeeWO8LRC6R4LU//Gee8fWO27Xi/1h/vlh0SJUYppCeM6I7hfsx
-DnF3FZZEzV7oqPwC2jzv/1dD6GFhtgy0cnyoPGUJCyc=
-=nES8
+mQENBFIpKtgBCAC+QSzX64hPzap1qLn0JB0nxCFJ68U8rkqv4OatMN3bGZ2V4Qv2
+va1zRxoE+MpxQayLe/VFjyAP+hPHtVOAgHzTUGYNIxt8nGXnfzL9C3KBgGLoh00X
+PV2RiXvRXoo8b5kamHTpe6c5i6KOT+6YjSnpnSgDebN/PSco9JdnMRwsOGwHQaQz
+Sm2HND7jYPj6lWUqea2U66efNYG9ir9Jxsgi58oyrMryX7lA2DGScUU/RPrqF0P7
+jRi5y6zgewMuuptmBxCb62NJRX208ZFQ75qOwtsZ+Yh3PnEj9hGjy6YNy5YJX2Qe
+e+neWj/2UYKfqIiOX5AHkbK5Z3Q/AEeX1bDDABEBAAG0IENsYXVzIEFzc21hbm4g
+PGNhK2dwZ0Blc210cC5vcmc+iQE3BBMBAgAhBQJSKSrYAhsDBgsJCAcDAgYVCAIJ
+CgsDFgIBAh4BAheAAAoJEBCQryClqlvmEWQH/irkPN9Br2kJUN3Vt1/Vg7kxssZS
+g8EIeNeUI99lMmW/4MsmwtisWa/+n45it/mVvS8wIIHy36N8mRTr8gRTDQ3UU4Tm
+moD6s8RCauPHvogVFCue0+D894TLqMYf9MSFjjyDwOZHWGyLQ5VMWcPCrYJe9jGH
+njZ7gojfqIBfJ39dc73cyBTppfGW5A1Tgf7vtmwBcbzSpq1PM5g/uJgIc6Q27eLa
+WMMuY+orsdqEyHagH+ZObVq/ej498VNimSZe8kVsYzU7UXa+9dWsP9uEczIvxs5n
+R95WgLIrMxucJ8oIvMro2VCs1+gCm5fIRye6QEn6p9R1VEpDZJB5RN6EGMyInAQQ
+AQIABgUCUikq7QAKCRDPHrUDIjJ6AamUBACClQmgowKP9/MiCaiL7vtjeeMBXFzT
+zdbQrzsGF7T7Db0IsKPc1aSX0mQrASDY+ogibkOiN8ueZQDASCQlzQukM2x+Cp52
+PVYYbuMf2RBCMQ5uCxVbBXg7viPs/x1+S+y+v+2Ynn96zotseMHH/BTBTSd3ly/e
+j0koq7fuF35DcokBHAQQAQIABgUCUikvHAAKCRChbtHAE+6gQafaB/sFhAcHa2Pe
+xI5x7Q/TmbNagwpuVzUK0rlLVrJJdD3Pm+qBBPWy9LdoOfw1lQsPNLZeGu1WpAOV
+SozwlAA4ZWJGOgqZIqneN76EjR7SQgVIswyfs3R4LESX1bC+kDpxBFu8kKb3+NKj
++dXYDvPWduRz96Ei5BqWkD1CyY2MRTAPDKdNCtreNP3ot9O0K+Y7y720PaP0sNOI
+jmD1dZVcUbyQXcI4OPSCOc1QObnTGU6G9GxJrp4sN2r9SzC1Xw8kPd4xLn3Y1wzP
+d5We+9j0NeHBsk5hgx3LwLNs229x3tXL43m/dlS09l40U0bh1go5hvhLvJPN0UZI
+dIWz4g1iYuFltCNDbGF1cyBBc3NtYW5uIDxjYStncGdAc2VuZG1haWwub3JnPokB
+NwQTAQIAIQUCUkzkGQIbAwYLCQgHAwIGFQgCCQoLAxYCAQIeAQIXgAAKCRAQkK8g
+papb5unjB/9pq8J3/qZGIIpL5JQJCWuyuQUVze/qsGitLmnYecej1njcXDpAfglG
+prCx0xEDWnSPKLgbnPmWmIP4Dz4gwhBAxg03MK1es7kj0P0HcqYb/vMGdfyX/vkf
+RK956b6LfuMtvEjmQqKP/My4vU+vF2y/bTsg58tbeBXzoS0+BZyMVjvHTOBQlR9B
+dbYqCDW/Rj56xwULFnwjHXVteqZ+DgBy2Hs9zBDPRpogRYks27ugaO+YDG/SYPGb
+jlZeTkfSfTGZBUAJnCdla4fR+ytIO5XSJZbYULO5cJbnsmFcn/hESdSfYTlkVdKQ
+yyR9uMLs9QD+ZSiXq5lbHwxxHkiVMafNuQENBFIpKtgBCADRVVY4ct/tk4++hjUS
+B7c6XR20jjFhePxSIVpokE8fqEzO22jrA9/pSQX8ZaDXTFEs/0hmstVcy7MQtgh+
+zEClNRLK20EseF8t9PjP15BDGg2SC/xCdk0j33ERzeXaReID7+3//Td+ASH8IX6K
+p2dM+xLYVqOIpoYR3QmFuSd3Gja2hsdsY6oA1wkvow1ctp+QGguJgpuOpoJFyhOw
+oJC0mDarawREtJs60iN8ZGfyn0zscGAZbPmY6FZ4hwlFEaA4fho8xRVmZRLrH+WL
+xuzquFjeoZAvEN40GoYs3y1fR39/okM2A7HLJ0guezV2CHBLmqxxCSIN5G31/BKj
+mQO5ABEBAAGJAR8EGAECAAkFAlIpKtgCGwwACgkQEJCvIKWqW+bQNggAslc2YoRv
+WI1SBd13e9+ztEVyic7uBNdPHJO1MBE1XRg6Kv01IHA+Dj2LwM2EcAaq+9LTEjiY
+RGI836in2IsHMynDAUybXgJ5zL/KRrXbbnPGBbGK9wxELMtNzcDEuonjVzlgJIdC
+nlFEU1xI8u1T9IByigU/4k7Gyr7t0L57UAE5uJtTYGjJpLz6LUDhEsg2pPx1taTk
+Nq5nZ04BGHdVToZvUf2ABdQnWx94uOCRJp2bLJiEepNtaL2OPqe2EQVF7ia2Y0PT
+4xu4WMmAF33GA/SoxTGXsRIM3BPfW/1veyGGS35+/c3k05VPwuRnqYlOy4dXJIGL
+q8WNeh9erYZriQ==
+=VuMX
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/README b/README
index a87989846590..5b11d025b866 100644
--- a/README
+++ b/README
@@ -1,450 +1,448 @@
SENDMAIL RELEASE 8
This directory has the latest sendmail(TM) software from Proofpoint, Inc.
Report any bugs to sendmail-bugs-YYYY@support.sendmail.org
where YYYY is the current year, e.g., 2005.
There is a web site at http://www.sendmail.org/ -- see that site for
the latest updates.
+--------------+
| INTRODUCTION |
+--------------+
0. The vast majority of queries about sendmail are answered in the
README files noted below.
1. Read this README file, especially this introduction, and the DIRECTORY
PERMISSIONS sections.
2. Read the INSTALL file in this directory.
3. Read sendmail/README, especially:
a. the introduction
b. the BUILDING SENDMAIL section
c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
You may also find these useful:
d. sendmail/SECURITY
e. devtools/README
f. devtools/Site/README
g. libmilter/README
h. mail.local/README
i. smrsh/README
4. Read cf/README.
Sendmail is a trademark of Proofpoint, Inc.
US Patent Numbers 6865671, 6986037.
+-----------------------+
| DIRECTORY PERMISSIONS |
+-----------------------+
Sendmail often gets blamed for many problems that are actually the
result of other problems, such as overly permissive modes on directories.
For this reason, sendmail checks the modes on system directories and
files to determine if they can be trusted. For sendmail to run without
complaining, you MUST execute the following command:
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
You will probably have to tweak this for your environment (for example,
some systems put the spool directory into /usr/spool instead of
/var/spool). If you set the RunAsUser option in your sendmail.cf, the
/var/spool/mqueue directory will have to be owned by the RunAsUser user.
As a general rule, after you have compiled sendmail, run the command
sendmail -v -bi
to initialize the alias database. If it gives messages such as
WARNING: writable directory /etc
WARNING: writable directory /var/spool/mqueue
then the directories listed have inappropriate write permissions and
should be secured to avoid various possible security attacks.
Beginning with sendmail 8.9, these checks have become more strict to
prevent users from being able to access files they would normally not
be able to read. In particular, .forward and :include: files in unsafe
directory paths (directory paths which are group or world writable) will
no longer be allowed. This would mean that if user joe's home directory
was writable by group staff, sendmail would not use his .forward file.
This behavior can be altered, at the expense of system security, by
setting the DontBlameSendmail option. For example, to allow .forward
files in group writable directories:
O DontBlameSendmail=forwardfileingroupwritabledirpath
Or to allow them in both group and world writable directories:
O DontBlameSendmail=forwardfileinunsafedirpath
Items from these unsafe .forward and :include: files will be marked
as unsafe addresses -- the items can not be deliveries to files or
programs. This behavior can also be altered via DontBlameSendmail:
O DontBlameSendmail=forwardfileinunsafedirpath,
forwardfileinunsafedirpathsafe
The first flag allows the .forward file to be read, the second allows
the items in the file to be marked as safe for file and program
delivery.
Other files affected by this strengthened security include class
files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
and the files specified by the ErrorHeader and HelpFile options. Similar
DontBlameSendmail flags are available for the class, ErrorHeader, and
HelpFile files.
If you have an unsafe configuration of .forward and :include:
files, you can make it safe by finding all such files, and doing
a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for
each directory in the file's path.
+--------------------------+
| FILE AND MAP PERMISSIONS |
+--------------------------+
Any application which uses either flock() or fcntl() style locking or
other APIs that use one of these locking methods (such as open() with
O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users
may be susceptible to local denial of service attacks.
File locking is used throughout sendmail for a variety of files
including aliases, maps, statistics, and the pid file. Any user who
can open one of these files can prevent sendmail or it's associated
utilities, e.g., makemap or newaliases, from operating properly. This
can also affect sendmail's ability to update status files such as
statistics files. For system which use flock() for file locking, a
user's ability to obtain an exclusive lock prevents other sendmail
processes from reading certain files such as alias or map databases.
A workaround for this problem is to protect all sendmail files such
that they can't be opened by untrusted users. As long as users can
not open a file, they can not lock it. Since queue files should
already have restricted permissions, the only files that need
adjustment are alias, map, statistics, and pid files. These files
should be owned by root or the trusted user specified in the
TrustedUser option. Changing the permissions to be only readable and
writable by that user is sufficient to avoid the denial of service.
For example, depending on the paths you use, these commands would be
used:
chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
chmod 0640 /etc/mail/*.{db,pag,dir}
chmod 0640 /etc/mail/statistics /var/log/sendmail.st
chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
If the permissions 0640 are used, be sure that only trusted users belong
to the group assigned to those files. Otherwise, files should not even
be group readable. As of sendmail 8.12.4, the permissions shown above
are the default permissions for newly created files.
Note that the denial of service on the plain text aliases file
(/etc/mail/aliases) only prevents newaliases from rebuilding the
aliases file. The same is true for the database files on systems which
use fcntl() style locking. Since it does not interfere with normal
operations, sites may chose to leave these files readable. Also, it is
not necessary to protect the text files associated with map databases
as makemap does not lock those files.
+-----------------------+
| RELATED DOCUMENTATION |
+-----------------------+
There are other files you should read. Rooted in this directory are:
FAQ
The FAQ (frequently answered questions) is no longer maintained
with the sendmail release. It is available at
http://www.sendmail.org/faq/ . The file FAQ is a reminder of
this and a pointer to the web page.
INSTALL
Installation instructions for building and installing sendmail.
KNOWNBUGS
Known bugs in the current release.
RELEASE_NOTES
A detailed description of the changes in each version. This
is quite long, but informative.
sendmail/README
Details on compiling and installing sendmail.
cf/README
Details on configuring sendmail.
doc/op/op.me
The sendmail Installation & Operations Guide. In addition
to the shipped PostScript version, plain text and PDF versions
can be generating using (assuming the required conversion software
is installed on your system, see doc/op/Makefile):
cd doc/op && make op.txt op.pdf
Be warned: on some systems calling make in doc/op/ will cause
errors due to nroff/groff problems. Known problems are:
- running this off on systems with an old version of -me, you
need to add the following macro to the macros:
.de sm
\s-1\\$1\\s0\\$2
..
This sets a word in a smaller pointsize.
- with new groff versions (1.18 seems affected)
GROFF_NO_SGR=1
needs to be set, e.g., in doc/op/Makefile:
ROFF_CMD= GROFF_NO_SGR=1 groff
+--------------+
| RELATED RFCS |
+--------------+
There are several related RFCs that you may wish to read -- they are
available from several sites, see
http://www.rfc-editor.org/
http://www.ietf.org/
Important RFCs for electronic mail are:
RFC821 SMTP protocol
RFC822 Mail header format
RFC974 MX routing
RFC976 UUCP mail format
RFC1123 Host requirements (modifies 821, 822, and 974)
RFC1344 Implications of MIME for Internet Mail Gateways
RFC1413 Identification server
RFC1428 Transition of Internet Mail from Just-Send-8 to
8-bit SMTP/MIME
RFC1652 SMTP Service Extension for 8bit-MIMEtransport
RFC1869 SMTP Service Extensions (ESMTP spec)
RFC1870 SMTP Service Extension for Message Size Declaration
RFC1891 SMTP Service Extension for Delivery Status Notifications
RFC1892 Multipart/Report Content Type for the Reporting of
Mail System Administrative Messages
RFC1893 Enhanced Mail System Status Codes
RFC1894 An Extensible Message Format for Delivery Status
Notifications
RFC1985 SMTP Service Extension for Remote Message Queue Starting
RFC2033 Local Mail Transfer Protocol (LMTP)
RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
Format of Internet Message Bodies
RFC2476 Message Submission
RFC2487 SMTP Service Extension for Secure SMTP over TLS
RFC2554 SMTP Service Extension for Authentication
RFC2821 Simple Mail Transfer Protocol
RFC2822 Internet Message Format
RFC2852 Deliver By SMTP Service Extension
RFC2920 SMTP Service Extension for Command Pipelining
Other standards that may be of interest (but which are less directly
relevant to sendmail) are:
RFC987 Mapping between RFC822 and X.400
RFC1049 Content-Type header field (extension to RFC822)
Warning to AIX users: this version of sendmail does not implement
MB, MR, or MG DNS resource records, as defined (as experiments) in
RFC1035.
+---------+
| WARNING |
+---------+
Since sendmail 8.11 and later includes hooks to cryptography, the
following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
If you use OpenSSL then make sure you read their README file which
contains information about patents etc.
+-------------------+
| DATABASE ROUTINES |
+-------------------+
IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT ****
use the version that was on the Net2 tape -- it has a number of
nefarious bugs that were bad enough when I got them; you shouldn't have
to go through the same thing. Instead, get a new version via the web at
http://www.sleepycat.com/. This software is highly recommended; it gets
rid of several stupid limits, it's much faster, and the interface is
nicer to animals and plants. If the Berkeley DB include files
are installed in a location other than those which your compiler searches,
you will need to provide that directory when building:
./Build -I/path/to/include/directory
If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
urged to upgrade to DB version 2 or later, available from
http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to
be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
and can cause sendmail to dump core. In addition, the newest versions of
gcc and the Solaris compilers perform optimizations in those versions that
may cause fairly random core dumps.
If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
and ndbm.o from the DB library after building it. You should also apply
all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
(see http://www.sleepycat.com/db.185.html), as they fix some of the known
problems.
If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
from the DB library after building it. No other changes are necessary.
If you are using Berkeley DB version 2.3.15 or greater, no changes are
necessary.
The underlying database file formats changed between Berkeley DB versions
1.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
DB 2.X and 3.X. If you are upgrading from one of those versions, you must
recreate your database file(s). Do this by rebuilding all maps with
makemap and rebuilding the alias file with newaliases.
+--------------------+
| HOST NAME SERVICES |
+--------------------+
If you are using NIS or /etc/hosts, it is critical that you
list the long (fully qualified) name somewhere (preferably first) in
the /etc/hosts file used to build the NIS database. For example, the
line should read
128.32.149.68 mastodon.CS.Berkeley.EDU mastodon
**** NOT ****
128.32.149.68 mastodon
If you do not include the long name, sendmail will complain loudly
about ``unable to qualify my own domain name (mastodon) -- using
short name'' and conclude that your canonical name is the short
version and use that in messages. The name "mastodon" doesn't mean
much outside of Berkeley, and so this creates incorrect and unreplyable
messages.
+-------------+
| USE WITH MH |
+-------------+
This version of sendmail notices and reports certain kinds of SMTP
protocol violations that were ignored by older versions. If you
are running MH you may wish to install the patch in contrib/mh.patch
that will prevent these warning reports. This patch also works
with the old version of sendmail, so it's safe to go ahead and
install it.
+----------------+
| USE WITH IDENT |
+----------------+
Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
Note that the RFC states a client should wait at least 30 seconds
for a response. As of 8.10.0, the default Timeout.ident is 5 seconds
as many sites have adopted the practice of dropping IDENT queries.
This has lead to delays processing mail.
No ident server is included with this distribution. It is available
from:
ftp://ftp.lysator.liu.se/pub/ident/servers/
http://sf.www.lysator.liu.se/~pen/pidentd/
+-------------------------+
| INTEROPERATION PROBLEMS |
+-------------------------+
Microsoft Exchange Server 5.0
We have had a report that ``about 7% of messages from Sendmail
to Exchange were not being delivered with status messages of
"connection reset" and "I/O error".'' Upgrading Exchange from
Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
CommuniGate Pro
CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
the MAIL FROM command if the client is not authenticated. Use
define(`confAUTH_OPTIONS', `A')
in .mc file if you have compiled sendmail with Cyrus SASL
and you communicate with CommuniGate Pro servers.
+---------------------+
| DIRECTORY STRUCTURE |
+---------------------+
The structure of this directory tree is:
cf Source for sendmail configuration files. These are
different than what you've seen before. They are a
fairly dramatic rewrite, requiring the new sendmail
(since they use new features).
contrib Some contributed tools to help with sendmail. THESE
ARE NOT SUPPORTED by sendmail -- contact the original
authors if you have problems. (This directory is not
on the 4.4BSD tape.)
devtools Build environment. See devtools/README.
doc Documentation. If you are getting source, read
op.me -- it's long, but worth it.
editmap A program to edit and query maps that have been created
with makemap, e.g., adding and deleting entries.
include Include files used by multiple programs in the distribution.
libsmdb sendmail database library with support for Berkeley DB 1.X,
Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
libsmutil sendmail utility library with functions used by different
programs.
mail.local The source for the local delivery agent used for 4.4BSD.
THIS IS NOT PART OF SENDMAIL! and may not compile
everywhere, since it depends on some 4.4-isms. Warning:
it does mailbox locking differently than other systems.
mailstats Statistics printing program.
makemap A program that creates the keyed maps used by the $( ... $)
construct in sendmail. It is primitive but effective.
It takes a very simple input format, so you will probably
expect to preprocess must human-convenient formats
using sed scripts before this program will like them.
But it should be functionally complete.
-praliases A program to print the DBM or NEWDB version of the
- aliases file.
+praliases A program to print the map version of the aliases file.
rmail Source for rmail(8). This is used as a delivery
agent for for UUCP, and could presumably be used by
other non-socket oriented mailers. Older versions of
rmail are probably deficient. RMAIL IS NOT PART OF
SENDMAIL!!! The 4.4BSD source is included for you to
look at or try to port to your system. There is no
guarantee it will even compile on your operating system.
smrsh The "sendmail restricted shell", which can be used as
a replacement for /bin/sh in the prog mailer to provide
increased security control. NOT PART OF SENDMAIL!
sendmail Source for the sendmail program itself.
test Some test scripts (currently only for compilation aids).
vacation Source for the vacation program. NOT PART OF SENDMAIL!
-$Revision: 8.96 $, Last updated $Date: 2013-11-22 20:51:01 $
diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 18a7cae9faca..6a0f0c52f844 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,10741 +1,10859 @@
SENDMAIL RELEASE NOTES
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
+8.16.1/8.16.1 2020/07/05
+ SECURITY: If sendmail tried to reuse an SMTP session which had
+ already been closed by the server, then the connection
+ cache could have invalid information about the session.
+ One possible consequence was that STARTTLS was not
+ used even if offered. This problem has been fixed
+ by clearing out all relevant status information
+ when a closed session is encountered.
+ OpenSSL versions before 0.9.8 are no longer supported.
+ OpenSSL version 1.1.0 and 1.1.1 are supported.
+ Initial support for DANE (see RFC 7672 et.al.) is available if
+ the compile time option DANE is set. Only TLSA RR 3-1-x
+ is currently implemented.
+ New options SSLEngine and SSLEnginePath to support OpenSSL engines.
+ Note: this feature has so far only been tested with the
+ "chil" engine; please report problems with other engines
+ if you encounter any.
+ New option CRLPath to specify a directory which contains
+ hashes pointing to certificate revocations files.
+ Based on patch from Al Smith.
+ New rulesets tls_srv_features and tls_clt_features which
+ can return a (semicolon separated) list of TLS related
+ options, e.g., CipherList, CertFile, KeyFile,
+ see doc/op/op.me for details.
+ To automatically handle TLS interoperability problems for outgoing
+ mail, sendmail can now immediately try a connection again
+ without STARTTLS after a TLS handshake failure.
+ This can be configured globally via the option
+ TLSFallbacktoClear or per session via the 'C' flag
+ of tls_clt_features.
+ This also adds the new value "CLEAR" for the macro
+ {verify}: STARTTLS has been disabled internally for
+ a clear text delivery attempt.
+ Apply Timeout.starttls also to the server waiting for the TLS
+ handshake to begin. Based on patch from Simon Hradecky.
+ New compile time option TLS_EC to enable the use of elliptic
+ curve cryptography in STARTTLS (previously available as
+ _FFR_TLS_EC).
+ Handle MIME boundaries specified in headers which contain CRLF.
+ Fix detection of loopback net (it was broken when compiled
+ with NETINET6) and only set the macros {if_addr_out}
+ and {if_family_out} if the interface of the outgoing
+ connection does not belong to the loopback net.
+ Fix logic to enable a milter to delete a recipient in
+ DeliveryMode=interactive even if it might be subject
+ to alias expansion.
+ Log name of a milter making changes (this was missing for
+ some functions).
+ Log the actual reply of a server when an SMTP delivery problem
+ occurs in a "reply=" field if possible.
+ Log user= for failed AUTH attempts if possible. Based on
+ patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
+ and Joe Quinn.
+ Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
+ no changes can be made after it is created, hence it
+ does not work with vacation(1) nor editmap(8) (except
+ for query mode).
+ Fix some memory leaks (mostly in error cases) and properly handle
+ copied varargs in sm_io_vfprintf(). The issues were found
+ using Coverity Scan and reported (including patches) by
+ Ondřej Lysoněk of Red Hat.
+ Do not override ServerSSLOptions and ClientSSLOptions when they
+ are specified on the command line. Based on patch from
+ Hiroki Sato.
+ Add RFC7505 Null MX support for domains that declare they do not
+ accept mail.
+ New compile time option LDAP_NETWORK_TIMEOUT which is set
+ automatically when LDAPMAP is used and
+ LDAP_OPT_NETWORK_TIMEOUT is available to enable the
+ new -c option for LDAP maps to specify the network timeout.
+ CONFIG: New FEATURE(`tls_session_features') to enable standard
+ rules for tls_srv_features and tls_clt_features; for
+ details see cf/README.
+ CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
+ for SSLEngine and SSLEnginePath, respectively.
+ CONFIG: New options confDANE to enable DANE support.
+ CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
+ CONFIG: New extension CITag: for TLS restrictions, see cf/README
+ for details.
+ CONFIG: FEATURE(`blacklist_recipients') renamed to
+ FEATURE(`blocklist_recipients').
+ CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
+ canonicalize IPv6 addresses; if cidrexpand is used with IPv6
+ addresses then UseCompressedIPv6Addresses must be disabled.
+ DOC: The dns map can return multiple values in a single result
+ if the -z option is used.
+ DOC: Note to set MustQuoteChars=. due to DKIM signatures.
+ LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
+ of Alcatel-Lucent.
+ LIBMILTER: Fix reference in xxfi_negotiate documentation.
+ Patch from Sven Neuhaus.
+ LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
+ Patch from G.W. Haywood.
+ LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
+ Patch from Martin Svec.
+ MAKEMAP: New map type "implicit" refers to the first available type,
+ i.e., it depends on the compile time options NEWDB, DBM,
+ and CDB. This can be used in conjunction with the
+ "implicit" map type in sendmail.cf.
+ Note: makemap, libsmdb, and sendmail must be compiled
+ with the same options (and library versions of course).
+ Portability:
+ Add support for Darwin 14-18 (Mac OS X 10.x).
+ New option HAS_GETHOSTBYNAME2: set if your system
+ supports gethostbyname2(2).
+ Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
+ changes in sys/sem.h
+ On Linux set MAXHOSTNAMELEN (the maximum length
+ of a FQHN) to 256 if it is less than that value.
+ Added Files:
+ cf/feature/blocklist_recipients.m4
+ cf/feature/tls_failures.m4
+ devtools/OS/Darwin.14.x
+ devtools/OS/Darwin.15.x
+ devtools/OS/Darwin.16.x
+ libsmdb/smcdb.c
+ sendmail/ratectrl.h
+
8.15.2/8.15.2 2015/07/03
If FEATURE(`nopercenthack') is used then some bogus input triggered
a recursion which was caught and logged as
SYSERR: rewrite: excessive recursion (max 50) ...
Fix based on patch from Ondrej Holas.
DHParameters now by default uses an included 2048 bit prime.
The value 'none' previously caused a log entry claiming
there was an error "cannot read or set DH parameters".
Also note that this option applies to the server side only.
The U= mailer field didn't accept group names containing hyphens,
underbars, or periods. Based on patch from David Gwynne
of the University of Queensland.
CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
Patch from Lars-Johan Liman of Netnod Internet Exchange.
CONFIG: New option UseCompressedIPv6Addresses to select between
compressed and uncompressed IPv6 addresses. The default
value depends on the compile-time option IPV6_FULL:
For 1 the default is False, for 0 it is True, thus
preserving the current behaviour. Based on patch from
John Beck of Oracle.
CONFIG: Account for IPv6 localhost addresses in
FEATURE(`block_bad_helo'). Suggested by Andrey Chernov
from FreeBSD and Robert Scheck from the Fedora Project.
CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
LIBMILTER: Deal with more invalid protocol data to avoid potential
crashes. Problem noted by Dimitri Kirchner.
LIBMILTER: Allow a milter to specify an empty macro list ("", not
NULL) in smfi_setsymlist() so no macro is sent for the
selected stage.
MAKEMAP: A change to check TrustedUser in fewer cases which was
made in 2013 caused a potential regression when makemap
was run as root (which should not be done anyway).
Note: sendmail often contains options "For Future Releases"
(prefix _FFR_) which might be enabled in a subsequent
version or might simply be removed as they turned out not
to be really useful. These features are usually not
documented but if they are, then the required (FFR)
options are listed in
- doc/op/op.* for rulesets and macros,
- cf/README for mc/cf options.
8.15.1/8.15.1 2014/12/06
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
If header rewriting fails due to a temporary map lookup failure,
queue the mail for later retry instead of sending it
without rewriting the header. Note: this is done
while the mail is being sent and hence the transaction
is aborted, which only works for SMTP/LMTP mailers
hence the handling of temporary map failures is
suppressed for other mailers. SMTP/LMTP servers may
complain about aborted transactions when this problem
occurs.
See also "DNS Lookups" in sendmail/TUNING.
Incompatible Change: Use uncompressed IPv6 addresses by default,
i.e., they will not contain "::". For example,
instead of ::1 it will be 0:0:0:0:0:0:0:1. This
permits a zero subnet to have a more specific match,
such as different map entries for IPv6:0:0 vs IPv6:0.
This change requires that configuration data
(including maps, files, classes, custom ruleset,
etc) must use the same format, so make certain such
configuration data is updated before using 8.15.
As a very simple check search for patterns like
'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
the prior format can be retained by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
in your devtools/Site/site.config.m4 file.
If debugging is turned on (-d0.14) also print the OpenSSL
versions, both build time and run time
(provided STARTTLS is compiled in).
If a connection to the MTA is dropped by the client before its
hostname can be validated, treat it as "may be forged",
so that the unvalidated hostname is not passed to a
milter in xxfi_connect().
Add a timeout for communication with socket map servers
which can be specified using the -d option.
Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
numeric logins even if HESIOD is enabled.
The new option CertFingerprintAlgorithm specifies the finger-
print algorithm (digest) to use for the presented cert.
If the option is not set, md5 is used and the macro
{cert_md5} contains the cert fingerprint.
However, if the option is set, the specified algorithm
(e.g., sha1) is used and the macro {cert_fp} contains
the cert fingerprint.
That is, as long as the option is not set, the behaviour
does not change, but otherwise, {cert_md5} is superseded
by {cert_fp} even if you set CertFingerprintAlgorithm
to md5.
The options ServerSSLOptions and ClientSSLOptions can be used
to set SSL options for the server and client side
respectively. See SSL_CTX_set_options(3) for a list.
Note: this change turns on SSL_OP_NO_SSLv2 and
SSL_OP_NO_TICKET for the client. See doc/op/op.me
for details.
The option CipherList sets the list of ciphers for STARTTLS.
See ciphers(1) for possible values.
Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
- if a CRLFfile is in use (and LogLevel is 14 or higher.)
+ if a CRLFile is in use (and LogLevel is 14 or higher.)
Store a more specific TLS protocol version in ${tls_version}
instead of a generic one, e.g., TLSv1 instead of
TLSv1/SSLv3.
Properly set {client_port} value on little endian machines.
Patch from Kelsey Cummings of Sonic.net.
Per RFC 3848, indicate in the Received: header whether SSL or
SMTP AUTH was negotiated by setting the protocol clause
to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.
If the 'C' flag is listed as TLSSrvOptions the requirement for the
TLS server to have a cert is removed. This only works
under very specific circumstances and should only be used
if the consequences are understood, e.g., clients
may not work with a server using this.
The options ClientCertFile, ClientKeyFile, ServerCertFile, and
ServerKeyFile can take a second file name, which must be
separated from the first with a comma (note: do not use
any spaces) to set up a second cert/key pair. This can
be used to have certs of different types, e.g., RSA
and DSA.
A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
address. It returns the string for the PTR lookup, but
without trailing {ip6,in-addr}.arpa.
- New operation mode 'C' just checks the configuration file, e.g.,
+ New operation mode 'C' just checks the configuration file, e.g.,
sendmail -C new.cf -bC
will perform a basic syntax/consistency check of new.cf.
The mailer flag 'I' is deprecated and will be removed in a
future version.
Allow local (not just TCP) socket connections to the server, e.g.,
O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
can be used.
If the new option MaxQueueAge is set to a value greater than zero,
entries in the queue will be retried during a queue run
only if the individual retry time has been reached which
is doubled for each attempt. The maximum retry time is
limited by the specified value.
New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
to relax requirement for DefaultAuthInfo file.
Reset timeout after receiving a message to appropriate value if
STARTTLS is in use. Based on patch by Kelsey Cummings
of Sonic.net.
Report correct error messages from the LDAP library for a range of
small negative return values covering those used by OpenLDAP.
Fix compilation with Berkeley DB 5.0 and 6.0. Patch from
Allan E Johannesen of Worcester Polytechnic Institute.
CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
nospecial which describes whether to disallow "%" in the
local part of an address.
DEVTOOLS: Fix regression in auto-detection of libraries when only
shared libraries are available. Problem reported by
Bryan Costales.
LIBMILTER: Mark communication socket as close-on-exec in case
a user's filter starts other applications.
Based on patch from Paul Howarth.
Portability:
SunOS 5.12 has changed the API for sigwait(2) to conform
with XPG7. Based on patch from Roger Faulkner of Oracle.
Deleted Files:
libsm/path.c
8.14.9/8.14.9 2014/05/21
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
Fix a misformed comment in conf.c: "/*" within comment
which may cause a compilation error on some systems.
Problem reported by John Beck of Oracle.
DEVTOOLS: Fix regression in auto-detection of libraries when only
shared libraries are available. Problem reported by
Bryan Costales.
8.14.8/8.14.8 2014/01/26
Properly initialize all OpenSSL algorithms for versions before
OpenSSL 0.9.8o. Without this SHA2 algorithms may not
work properly, causing for example failures for certs
that use sha256WithRSAEncryption as signature algorithm.
When looking up hostnames, ensure only to return those records
for the requested family (AF_INET or AF_INET6).
On system that have NEEDSGETIPNODE and NETINET6
this may have failed and cause delivery problems.
Problem noted by Kees Cook.
A new mailer flag '!' is available to suppress an MH hack
that drops an explicit From: header if it is the
same as what sendmail would generate.
Add an FFR (for future release) to use uncompressed IPv6 addresses,
i.e., they will not contain "::". For example, instead
of ::1 it will be 0:0:0:0:0:0:0:1. This means that
configuration data (including maps, files, classes,
custom ruleset, etc) have to use the same format.
This will be turned on in 8.15. It can be enabled in 8.14
by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL')
in your devtools/Site/site.config.m4 file.
Add an additional case for the WorkAroundBrokenAAAA check when
dealing with broken nameservers by ignoring SERVFAIL
errors returned on T_AAAA (IPv6) lookups at delivery time.
Problem noted by Pavel Timofeev of OCS.
If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to
setusercontext() on deliveries as a different user.
Patch from Edward Tomasz Napierala from FreeBSD.
Avoid compiler warnings from a change in Cyrus-SASL 2.1.25.
Patch from Hajimu UMEMOTO from FreeBSD.
Add support for DHParameters 2048-bit primes.
CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument
in FEATURE(`block_bad_helo'). Suggested by Andrey Chernov.
LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c.
Patch from Bill Parker.
LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations
fail. Patch from John Beck of Oracle.
Portability:
Add support for Darwin 12.x and 13.x (Mac OS X 10.8 and 10.9).
On Linux use socklen_t as the type for the 3rd argument
for getsockname/getpeername if the glibc version is at
least 2.1.
Added Files:
devtools/OS/Darwin.12.x
devtools/OS/Darwin.13.x
8.14.7/8.14.7 2013/04/21
Drop support for IPv4-mapped IPv6 addresses to prevent the MTA
from using a mapped address over a legitimate IPv6 address
and to enforce the proper semantics over the IPv6
connection. Problem noted by Ulrich Sporlein.
Fix a regression introduced in 8.14.6: the wrong list of
macros was sent to a milter in the EHLO stage.
Problem found by Fabrice Bellet, reported via RedHat
(Jaroslav Skarvada).
Fix handling of ORCPT parameter for DSNs: xtext decoding
was not performed and a wrong syntax check was applied
to the "addr-type" field. Problem noted by Dan Lukes
of Obludarium.
Fix handling of NUL characters in the MIME conversion functions
so that message bodies containing them will be sent
on properly. Note: this usually also affects mails
that are not converted as those functions are used
for other purposes too. Problem noted by Elchonon
Edelson of Lockheed Martin.
Do not perform "duplicate" elimination of recipients if they
resolve to the error mailer using a temporary failure
(4xy) via ruleset 0. Problem noted by Akira Takahashi
of IIJ.
CONTRIB: Updated version of etrn.pl script from John Beck
of Oracle.
Portability:
Unlike gcc, clang doesn't apply full prototypes to K&R
definitions.
8.14.6/8.14.6 2012/12/23
Fix a regression introduced in 8.14.5: if a server offers
two AUTH lines, the MTA would not read them after
STARTTLS has been used and hence SMTP AUTH for
the client side would fail. Problem noted by Lena.
Do not cache hostnames internally in a non case sensitive way
as that may cause addresses to change from lower case
to upper case or vice versa. These header modifications
can cause problems with milters that rely on receiving
headers in the same way as they are being sent out such
as a DKIM signing milter.
If MaxQueueChildren is set then it was possible that new queue
runners could not be started anymore because an
internal counter was subject to a race condition.
If a milter decreases the timeout it waits for a communication
with the MTA, the MTA might experience a write() timeout.
In some situations, the resulting error might have been
ignored. Problem noted by Werner Wiethege.
Note: decreasing the communication timeout in a milter
should not be done without considering the potential
problems.
smfi_setsymlist() now properly sets the list of macros for
the milter which invoked it, instead of a global
list for all milters. Problem reported by
David Shrimpton of the University of Queensland.
If Timeout.resolver.retrans is set to a value larger than 20,
then resolver.retry was temporarily set to 0 for
gethostbyaddr() lookups. Now it is set to 1 instead.
Patch from Peter.
If sendmail could not lock the statistics file due to a system
error, and sendmail later sends a DSN for a mail that
triggered such an error, then sendmail tried to access
memory that was freed before (causing a crash on some
systems). Problem reported by Ryan Stone.
Do not log negative values for size= nor pri= to avoid confusing
log parsers, instead limit the values to LONG_MAX.
Account for an API change in newer versions of Cyrus-SASL.
Patch from Hajimu UMEMOTO from FreeBSD.
Do not try to resolve link-local addresses for IPv4 (just as it
is done for IPv6). Patch from John Beck of Oracle.
Improve logging of client and server STARTTLS connection failures
that may be due to incompatible cipher lists by including
the reason for the failure in a single log line. Suggested
by James Carey of Boeing.
Portability:
Add support for Darwin 11.x (Mac OS X 10.7).
Add support for SunOS 5.12 (aka Solaris 12). Patch from
John Beck of Oracle.
Added Files:
devtools/OS/Darwin.11.x
devtools/OS/SunOS.5.12
8.14.5/8.14.5 2011/05/17
Do not cache SMTP extensions across connections as the cache
is based on hostname which may not be a unique identifier
for a server, i.e., different machines may have the
same hostname but provide different SMTP extensions.
Problem noted by Jim Hermann.
Avoid an out-of-bounds access in case a resolver reply for a DNS
map lookup returns a size larger than 1K. Based on a
patch from Dr. Werner Fink of SuSE.
If a job is aborted using the interrupt signal (e.g., control-C from
the keyboard), perform minimal cleanup to avoid invoking
functions that are not signal-safe. Note: in previous
versions the mail might have been queued up already
and would be delivered subsequently, now an interrupt
will always remove the queue files and thus prevent
delivery.
Per RFC 6176, when operating as a TLS client, do not offer SSLv2.
Since TLS session resumption is never used as a client, disable
use of RFC 4507-style session tickets.
Work around gcc4 versions which reverse 25 years of history and
no longer align char buffers on the stack, breaking calls
to resolver functions on strict alignment platforms.
Found by Stuart Henderson of OpenBSD.
Read at most two AUTH lines from a server greeting (up to two
lines are read because servers may use "AUTH mechs" and
"AUTH=mechs"). Otherwise a malicious server may exhaust
the memory of the client. Bug report by Nils of MWR
InfoSecurity.
Avoid triggering an assertion in the OpenLDAP code when the
connection to an LDAP server is lost while making a query.
Problem noted and patch provided by Andy Fiddaman.
If ConnectOnlyTo is set and sendmail is compiled with NETINET6
it would try to use an IPv6 address if an IPv4 (or
unparseable) address is specified.
If SASLv2 is used, make sure that the macro {auth_authen} is
stored in xtext format to avoid problems with parsing
it. Problem noted by Christophe Wolfhugel.
CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing
-T<TMPF> that is required, but failed for some cases
that did not use LDAP. This change has been undone
until a better solution can be implemented. Problem
found by Andy Fiddaman.
CONFIG: Add cf/ostype/solaris11.m4 for Solaris11 support.
Contributed by Casper Dik of Oracle.
CONTRIB: qtool.pl: Deal with H entries that do not have a
letter between the question marks. Patch from
Stefan Christensen.
DOC: Use a better description for the -i option in sendmail.
Patch from Mitchell Berger.
Portability:
Add support for Darwin 10.x (Mac OS X 10.6).
Enable HAVE_NANOSLEEP for FreeBSD 3 and later. Patch
from John Marshall.
Enable HAVE_NANOSLEEP for OpenBSD 4.3 and later.
Use new directory "/system/volatile" for PidFile on
Solaris 11. Patch from Casper Dik of Oracle.
Fix compilation on Solaris 11 (and maybe some other
OSs) when using OpenSSL 1.0. Based on patch from
Jan Pechanec of Oracle.
Set SOCKADDR_LEN_T and SOCKOPT_LEN_T to socklen_t
for Solaris 11. Patch from Roger Faulkner of Oracle.
New Files:
cf/ostype/solaris11.m4
8.14.4/8.14.4 2009/12/30
SECURITY: Handle bogus certificates containing NUL characters
in CNs by placing a string indicating a bad certificate
in the {cn_subject} or {cn_issuer} macro. Patch inspired
by Matthias Andree's changes for fetchmail.
During the generation of a queue identifier an integer overflow
could occur which might result in bogus characters
being used. Based on patch from John Vannoy of
Pepperdine University.
The value of headers, e.g., Precedence, Content-Type, et.al.,
was not processed correctly. Patch from Per Hedeland.
Between 8.11.7 and 8.12.0 the length limitation on a return
path was erroneously reduced from MAXNAME (256) to
MAXSHORTSTR (203). Patch from John Gardiner Myers
of Proofpoint; the problem was also noted by Steve
Hubert of University of Washington.
Prevent a crash when a hostname lookup returns a seemingly
valid result which contains a NULL pointer (this seems
to be happening on some Linux versions).
The process title was missing the current load average when
the MTA was delaying connections due to DelayLA.
Patch from Dick St.Peters of NetHeaven.
Do not reset the number of queue entries in shared memory if
only some of them are processed.
Fix overflow of an internal array when parsing some replies
from a milter. Problem found by Scott Rotondo
of Sun Microsystems.
If STARTTLS is turned off in the server (via M=S) then it
would not be initialized for use in the client either.
Patch from Kazuteru Okahashi of IIJ.
If a Diffie-Hellman cipher is selected for STARTTLS, the
handshake could fail with some TLS implementations
because the prime used by the server is not long enough.
Note: the initialization of the DSA/DH parameters for
the server can take a significant amount of time on slow
machines. This can be turned off by setting DHParameters
to none or a file (see doc/op/op.me). Patch from
Petr Lampa of the Brno University of Technology.
Fix handling of `b' modifier for DaemonPortOptions on little
endian machines for loopback address. Patch from
John Beck of Sun Microsystems.
Fix a potential memory leak in libsmdb/smdb1.c found by parfait.
Based on patch from Jonathan Gray of OpenBSD.
If a milter sets the reply code to "421" during the transfer
of the body, the SMTP server will terminate the SMTP session
with that error to match the behavior of the other callbacks.
Return EX_IOERR (instead of 0) if a mail submission fails due to
missing disk space in the mail queue. Based on patch
from Martin Poole of RedHat.
CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would
cause addresses not found in LDAP to be misparsed.
CONFIG: Using a CN restriction did not work for TLS_Clt as it
referred to a wrong macro. Patch from John Gardiner
Myers of Proofpoint.
CONFIG: The option relaytofulladdress of FEATURE(`access_db')
did not work if FEATURE(`relay_hosts_only') is used too.
Problem noted by Kristian Shaw.
CONFIG: The internal function lower() was broken and hence
strcasecmp() did not work either, which could cause
problems for some FEATURE()s if upper case arguments
were used. Patch from Vesa-Matti J Kari of the
University of Helsinki.
LIBMILTER: Fix internal check whether a milter application
is compiled against the same version of libmilter as
it is linked against (especially useful for dynamic
libraries).
LIBMILTER: Fix memory leak that occurred when smfi_setsymlist()
was used. Based on patch by Dan Lukes.
LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters
which add, insert, or replace headers. From Benjamin
Pineau.
LIBMILTER: Fix error messages which refer to "select()" to be
correct if SM_CONF_POLL is used. Based on patch from
John Nemeth.
LIBSM: Fix handling of LDAP search failures where the error is
carried in the search result itself, such as seen with
OpenLDAP proxy servers.
VACATION: Do not refer to a local variable outside its scope.
Based on patch from Mark Costlow of Southwest Cyberport.
Portability:
Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from
John Beck of Sun Microsystems.
Drop NISPLUS from default SunOS 5.11 map definitions.
Patch from John Beck of Sun Microsystems.
8.14.3/8.14.3 2008/05/03
During ruleset processing the generation of a key for a map
lookup and the parsing of the default value was broken
for some macros, e.g., $|, which caused the BlankSub
character to be inserted into the workspace and thus
failures, e.g., rules that should have matched did not.
8.14.2 caused a regression: it accessed (macro) storage which was
freed before. First instance of the problem reported by
Matthew Dillon of DragonFlyBSD; variations of the same
bug reported by Todd C. Miller of OpenBSD, Moritz
Jodeit, and Dave Hayes.
Improve pathname length checks for persistent host status. Patch
from Joerg Sonnenberger of DragonFlyBSD.
Reword misleading SMTP reply text for FEATURE(`badmx'). Problem
noted by Beth Halsema.
The read timeout was fixed to be Timeout.datablock if STARTTLS
was activated. This may cause problems if that value
is lowered from its default. Problem noted by Jens Elkner.
CONFIG: Using LOCAL_TLS_CLIENT caused the tls_client ruleset
to operate incorrectly. Problem found by Werner Wiethege.
LIBMILTER: Omitting some protocol steps via the xxfi_negotiate()
callback did not work properly. The patchlevel of
libmilter has been set to 1 so a milter can determine
whether libmilter contains this fix.
MAKEMAP: If a delimiter is specified (-t) use that also when
dumping a map. Patch from Todd C. Miller of OpenBSD.
Portability:
Add support for Darwin 9.x (Mac OS X 10.5).
Support shared libraries in Darwin 8 and 9. Patch from
Chris Behrens of Concentric.
Add support for SCO OpenServer 6, patch from Boyd Gerber.
DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing slash.
Added Files:
devtools/OS/Darwin.9.x
devtools/OS/OSR.i386
8.14.2/8.14.2 2007/11/01
If a message was queued and it contained 8 bit characters in
a From: or To: header, then those characters could be
"mistaken" for internal control characters during a queue
run and trigger various consistency checks. Problem
noted by Neil Rickert of Northern Illinois University.
If MaxMimeHeaderLength is set to a value greater than 0 (which
it is by default) then even if the Linelimit parameter
is 0, sendmail corrupted in the non-transfer-encoding
case every MAXLINE-1 characters. Patch from John Gardiner
Myers of Proofpoint.
Setting the suboption DeliveryMode for DaemonPortOptions did not
work in earlier 8.14 versions.
Note: DeliveryMode=interactive is silently converted to
background if a milter can reject or delete a recipient.
Prior to 8.14 this happened only if milter could delete
recipients.
ClientRate should trigger when the limit was exceeded (as
documented), not when it was reached. Patch from
John Beck of Sun Microsystems.
Force a queue run for -qGqueuegroup even if no runners are
specified (R=0) and forking (F=f) is requested.
When multiple results are requested for a DNS map lookup
(-z and -Z), return only those that are relevant for
the query (not also those in the "additional section".)
If the message transfer time to sendmail (when acting as server)
exceeds Timeout.queuewarn or Timeout.queuereturn and
the message is refused (by a milter), sendmail previously
created a delivery status notification (DSN). Patch
from Doug Heath of The Hertz Corporation.
A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires
the MTA to deal with some input (i.e., "=") itself.
Problem noted by Eliot Lear.
sendmail counted a delivery as successful if PIPELINING is
compiled in but not offered by the server and the
delivery failed temporarily. Patch from Werner Wiethege.
If getting the result of an LDAP query times out then close the
map so it will be reopened on the next lookup. This
should help "failover" configurations that specify more
than one LDAP server.
If check_compat returns $#discard then a "savemail panic" could
be triggered under some circumstances (e.g., requiring
a system which does not have the compile time flag
HASFLOCK set). Based on patch by Motonori Nakamura
of National Institute of Informatics, Japan.
If a milter rejected a recipient, the count for nrcpts= in the
logfile entry might have been wrong. Problem found by
Petra Humann of TU Dresden.
If a milter invoked smfi_chgfrom() where ESMTP arguments are not
NULL, the message body was lost. Patch from Motonori
Nakamura of National Institute of Informatics, Japan.
sendmail(8) had a bogus space in -qGname. Patch from Peng Haitao.
CONTRIB: buildvirtuser: Preserve ownership and permissions when
replacing files.
CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
reading the /etc/mail/virtusers/ directory.
CONTRIB: buildvirtuser: Emit warnings instead of exiting where
appropriate.
LIBMILTER: Fix ABI backwards compatibility so milters compiled
against an older libmilter.so shared library can use an
8.14 libmilter.so shared library.
LIBMILTER: smfi_version() did not properly extract the patchlevel
from the version number, however, the returned value was
correct for the current libmilter version.
8.14.1/8.14.1 2007/04/03
Even though a milter rejects a recipient the MTA will still keep
it in its list of recipients and deliver to it if the
transaction is accepted. This is a regression introduced
in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
found by Andy Fiddaman.
The new DaemonPortOptions which begin with a lower case character
could not be set in 8.14.0.
If a server shut down the connection in response to a STARTTLS
command, sendmail would log a misleading error message
due to an internal inconsistency. Problem found by
Werner Wiethege.
Document how some sendmail.cf options change the behavior of mailq.
Noted by Paul Menchini of the North Carolina School of
Science and Mathematics.
CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
m4 options for setting MaxNOOPCommands and
SharedMemoryKeyFile.
CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
options for setting Milter.macros.eoh and Milter.macros.data.
CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
Patch from Daniel Carroll of Mesa State College.
LIBMILTER: Make sure an unknown command does not affect the
currently available macros. Problem found by Andy Fiddaman.
LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
negotiation. Problem reported by Bryan Costales.
LIBMILTER: Fix several minor errors in the documentation.
Patches from Bryan Costales.
PORTABILITY FIXES:
AIX 5.{1,2}: libsm/util.c failed to compile due to
redefinition of several macros, e.g., SIG_ERR.
Patch from Jim Pirzyk with assistance by Bob
Booth, University of Illinois at Urbana-Champaign.
Add support for QNX.6. Patch from Sean Boudreau of QNX
Software Systems.
New Files:
devtools/M4/depend/QNX6.m4
devtools/OS/QNX.6.x
include/sm/os/sm_os_qnx.h
New Files added in 8.14.0, but not shown in the release notes entry:
libmilter/docs/smfi_chgfrom.html
libmilter/docs/smfi_version.html
8.14.0/8.14.0 2007/01/31
Header field values are now 8 bit clean. Notes:
- header field names are still restricted to 7 bit.
- RFC 2822 allows only 7 bit (US-ASCII) characters in
headers.
Preserve spaces after the colon in a header. Previously, any
number of spaces after the colon would be changed to
exactly one space.
In some cases of deeply nested aliases/forwarding, mail can
be silently lost. Moreover, the MaxAliasRecursion
limit may be reached too early, e.g., the counter
may be off by a factor of 4 in case of a sequence of
.forward files that refer to others. Patch from
Motonori Nakamura of Kyoto University.
Fix a regression in 8.13.8: if InputMailFilters is set then
"sendmail -bs" can trigger an assertion because the
hostname of the client is undefined. It is now set
to "localhost" for the xxfi_connect() callback.
Avoid referencing a freed variable during cleanup when terminating.
Problem reported and diagnosed by Joe Maimon.
New option HeloName to set the name for the HELO/EHLO command.
Patch from Nik Clayton.
New option SoftBounce to issue temporary errors (4xy) instead of
permanent errors (5xy). This can be useful for testing.
New suboptions for DaemonPortOptions to set them individually
per daemon socket:
DeliveryMode DeliveryMode
refuseLA RefuseLA
delayLA DelayLA
queueLA QueueLA
children MaxDaemonChildren
New option -K for LDAP maps to replace %1 through %9 in the
lookup key with the LDAP escaped contents of the
arguments specified in the map lookup. Loosely based
on patch from Wolfgang Hottgenroth.
Log the time after which a greet_pause delay triggered. Patch
from Nik Clayton.
If a client is rejected via TCP wrapper or some other check
performed by validate_connection() (in conf.c) then do
not also invoke greet_pause. Problem noted by Jim Pirzyk
of the University of Illinois at Urbana-Champaign.
If a client terminates the SMTP connection during a pause
introduced by greet_pause, then a misleading message
was logged previously. Problem noted by Vernon Schryver
et.al., patch from Matej Vela.
New command "mstat" for control socket to provide "machine
readable" status.
New named config file rule check_eom which is called at the end
of a message, its parameter is the size of the message.
If the macro {addr_type} indicates that the current address
is a header address it also distinguishes between
recipient and sender addresses (as it is done for
envelope addresses).
When a macro is set in check_relay, then its value is accessible
by all transactions in the same SMTP session.
Increase size of key for ldap lookups to 1024 (MAXKEY).
New option MaxNOOPCommands to override default of 20 for the
number of "useless" commands before the SMTP server will
slow down responding.
New option SharedMemoryKeyFile: if shared memory support is
enabled, the MTA can be asked to select a shared memory
key itself by setting SharedMemoryKey to -1 and specifying
a file where to store the selected key.
Try to deal with open HTTP proxies that are used to send spam
by recognizing some commands from them. If the first command
from the client is GET, POST, CONNECT, or USER, then the
connection is terminated immediately.
New PrivacyOptions noactualrecipient to avoid putting
X-Actual-Recipient lines in DSNs revealing the actual
account that addresses map to. Patch from Dan Harkless.
New options B, z, and Z for DNS maps:
-B: specify a domain that is always appended to queries.
-z: specify the delimiter at which to cut off the result of
a query if it is too long.
-Z: specify the maximum number of entries to be concatenated
to form the result of a lookup.
New target "check" in the Makefile of libsm: instead of running tests
implicitly while building libsm, they must be explicitly
started by using "make check".
Fixed some inconsistent checks for NULL pointers that have been
reported by the SATURN tool which has been developed by
Isil Dillig and Thomas Dillig of Stanford University.
Fix a potential race condition caused by a signal handler for
terminated child processes. Problem noted by David F. Skoll.
When a milter deleted a recipient, that recipient could cause a
queue group selection. This has been disabled as it was not
intended.
New operator 'r' for the arith map to return a random number.
Patch from Motonori Nakamura of Kyoto University.
New compile time option MILTER_NO_NAGLE to turn off the Nagle
algorithm for communication with libmilter ("cork" on Linux),
which may improve the communication performance on some
operating systems. Patch from John Gardiner Myers of
Proofpoint.
If sendmail received input that contained a CR without subsequent LF
(thus violating RFC 2821 (2.3.7)), it could previously
generate an additional blank line in the output as the last
line.
Restarting persistent queue runners by sending a HUP signal to
the "queue control process" (QCP) works now.
Increase the length of an input line to 12288 to deal with
really long lines during SMTP AUTH negotiations.
Problem noted by Werner Wiethege.
If ARPANET mode (-ba) was selected STARTTLS would fail (due to
a missing initialization call for that case). Problem
noted by Neil Rickert of Northern Illinois University.
If sendmail is linked against a library that initializes Cyrus-SASL
before sendmail did it (such as libnss-ldap), then SMTP AUTH
could fail for the sendmail client. A patch by Moritz Both
works around the API design flaw of Cyrus-SASLv2.
CONFIG: Make it possible to unset the StatusFile option by
undefining STATUS_FILE. By not setting StatusFile,
the MTA will not attempt to open a statistics file on
each delivery.
CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
clients whose IP address does not have proper reverse DNS.
Contributed by Neil Rickert of Northern Illinois University
and John Beck of Sun Microsystems.
CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
clients which provide a HELO/EHLO argument which is either
unqualified, or is one of our own names (i.e., the server
name instead of the client name). Contributed by Neil
Rickert of Northern Illinois University and John Beck of
Sun Microsystems.
CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
(MAIL) whose domain part resolves to a "bad" MX record.
Based on contribution from William Dell Wisner.
CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
the maximum line length of the smtp mailers.
CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
to allow entries in the access map to be of the form
To:user@example.com RELAY
CONFIG: New subsuboptions eoh and data to specify the list of
macros a milter should receive at those stages in the
SMTP dialogue.
CONFIG: New option confHELO_NAME for HeloName to set the name
for the HELO/EHLO command.
CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
messages by using those values as second argument.
Patches from Nelson Fung.
CONTRIB: cidrexpand uses a hash symbol as comment character and
ignores everything after it unless it is in quotes or
- preceeded by a backslash.
+ preceded by a backslash.
DEVTOOLS: New macro confMKDIR: if set to a program that creates
directories, then it used for "make install" to create
the required installation directories.
DEVTOOLS: New macro confCCLINK to specify the linker to use for
executables (defaults to confCC).
LIBMILTER: A new version of the milter API has been created that
has several changes which are listed below and documented
in the webpages reachable via libmilter/docs/index.html.
LIBMILTER: The meaning of the version macro SMFI_VERSION has been
changed. It now refers only to the version of libmilter,
not to the protocol version (which is used only internally,
it is not user/milter-programmer visible). Additionally,
a version function smfi_version() has been introduced such
that a milter program can check the libmilter version also
at runtime which is useful if a shared library is used.
LIBMILTER: A new callback xxfi_negotiate() can be used to
dynamically (i.e., at runtime) determine the available
protocol actions and features of the MTA and also to
specify which of these a milter wants to use. This allows
for more flexibility than hardcoding these flags in the
xxfi_flags field of the smfiDesc structure.
LIBMILTER: A new callback xxfi_data() is available so milters
can act on the DATA command.
LIBMILTER: A new callback xxfi_unknown() is available so milters
can receive also unknown SMTP commands.
LIBMILTER: A new return code SMFIS_NOREPLY has been added which
can be used by the xxfi_header() callback provided the
milter requested the SMFIP_NOHREPL protocol action.
LIBMILTER: The new return code SMFIS_SKIP can be used in the
xxfi_body() callback to skip over further body chunks
and directly advance to the xxfi_eom() callback. This
is useful if a milter can make a decision based on the
body chunks it already received without reading the entire
rest of the body and the milter wants to invoke functions
that are only available from the xxfi_eom() callback.
LIBMILTER: A new function smfi_addrcpt_par() can be used to add
new recipients including ESMTP parameters.
LIBMILTER: A new function smfi_chgfrom() can be used to change the
envelope sender including ESMTP parameters.
LIBMILTER: A milter can now request to be informed about rejected
recipients (RCPT) too. This requires to set the protocol
flag SMFIP_RCPT_REJ during option negotiation. Whether
a RCPT has been rejected can be checked by comparing the
value of the macro {rcpt_mailer} with "error".
LIBMILTER: A milter can now override the list of macros that it
wants to receive from the MTA for each protocol step
by invoking the function smfi_setsymlist() during option
negotiation.
LIBMILTER: A milter can receive header field values with all
leading spaces by requesting the SMFIP_HDR_LEADSPC
protocol action. Also, if the flag is set then the MTA
does not add a leading space to headers that are added,
inserted, or replaced.
LIBMILTER: If a milter sets the reply code to "421" for the HELO
callback, the SMTP server will terminate the SMTP session
with that error to match the behavior of all other callbacks.
New Files:
cf/feature/badmx.m4
cf/feature/block_bad_helo.m4
cf/feature/require_rdns.m4
devtools/M4/UNIX/check.m4
include/sm/misc.h
include/sm/sendmail.h
include/sm/tailq.h
libmilter/docs/smfi_addrcpt_par.html
libmilter/docs/smfi_setsymlist.html
libmilter/docs/xxfi_data.html
libmilter/docs/xxfi_negotiate.html
libmilter/docs/xxfi_unknown.html
libmilter/example.c
libmilter/monitor.c
libmilter/worker.c
libsm/memstat.c
libsm/t-memstat.c
libsm/t-qic.c
libsm/util.c
sendmail/daemon.h
sendmail/map.h
8.13.8/8.13.8 2006/08/09
Fix a regression in 8.13.7: if shared memory is activated, then
the server can erroneously report that there is
insufficient disk space. Additionally make sure that
an internal variable is set properly to avoid those
misleading errors. Based on patch from Steve Hubert
of University of Washington.
Fix a regression in 8.13.7: the PidFile could be removed after
the process that forks the daemon exited, i.e., if
sendmail -bd is invoked. Problem reported by Kan Sasaki
of Fusion Communications Corp. and Werner Wiethege.
Avoid opening qf files if QueueSortOrder is "none". Patch from
David F. Skoll.
Avoid a crash when finishing due to referencing a freed variable.
Problem reported and diagnosed by Moritz Jodeit.
CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4
range (0..255).
LIBMILTER: The "hostname" argument of the xxfi_connect() callback
previously was the equivalent of {client_ptr}. However,
this did not match the documentation of the function, hence
it has been changed to {client_name}. See doc/op/op.me
about these macros.
8.13.7/8.13.7 2006/06/14
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s). This
happens because the recursion of the function mime8to7()
was not restricted. The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
Problem noted by Frank Sheiness.
The changes to the I/O layer in 8.13.6 caused a regression for
SASL mechanisms that use the security layer, e.g.,
DIGEST-MD5. Problem noted by Robert Stampfli.
If a timeout occurs while reading a message (during the DATA phase)
a df file might have been left behind in the queue.
This was another side effect of the changes to the I/O
layer made in 8.13.6.
Several minor problems have been fixed that were found by a
Coverity scan of sendmail 8 as part of the NetBSD
distribution. See http://scan.coverity.com/
Note: the scan generated also a lot of "false positives",
e.g., "error" reports about situations that cannot happen.
Most of those code places are marked with lint(1) comments
like NOTREACHED, but Coverity does not understand those.
Hence an explicit assertion has been added in some cases
to avoid those false positives.
If the start of the sendmail daemon fails due to a configuration
error then in some cases shared memory segments or pid
files were not removed.
If DSN support is disabled via access_db, then related ESMTP
parameters for MAIL and RCPT should be rejected. Problem
reported by Akihiro Sagawa.
Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
bug work-around. Hence if sendmail is linked against
either of these versions and compression is available,
the padding bug work-around is turned off. Based on
patch from Victor Duchovni of Morgan Stanley.
CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
blackholes.mail-abuse.org as default domain for lookups,
however, that list is no longer available. To avoid
further problems, no default value is available anymore,
but an argument must be specified.
Portability:
Fix compilation on OSF/1 for sfsasl.c. Patch from
Pieter Bowman of the University of Utah.
8.13.6/8.13.6 2006/03/22
SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
and client side of sendmail with timeouts in the libsm I/O
layer and fix problems in that code. Also fix handling of
a buffer in sm_syslog() which could have been used as an
attack vector to exploit the unsafe handling of
setjmp(3)/longjmp(3) in combination with signals.
Problem detected by Mark Dowd of ISS X-Force.
Handle theoretical integer overflows that could triggered if
the server accepted headers larger than the maximum
(signed) integer value. This is prevented in the default
configuration by restricting the size of a header, and on
most machines memory allocations would fail before reaching
those values. Problems found by Phil Brass of ISS.
If a server returns 421 for an RSET command when trying to start
another transaction in a session while sending mail, do
not trigger an internal consistency check. Problem found
by Allan E Johannesen of Worcester Polytechnic Institute.
If a server returns a 5xy error code (other than 501) in response
to a STARTTLS command despite the fact that it advertised
STARTTLS and that the code is not valid according to RFC
2487 treat it nevertheless as a permanent failure instead
of a protocol error (which has been changed to a
temporary error in 8.13.5). Problem reported by Jeff
A. Earickson of Colby College.
Clear SMTP state after a HELO/EHLO command. Patch from John
Myers of Proofpoint.
Observe MinQueueAge option when gathering entries from the queue
for sorting etc instead of waiting until the entries are
processed. Patch from Brian Fundakowski Feldman.
Set up TLS session cache to properly handle clients that try to
resume a stored TLS session.
Properly count the number of (direct) child processes such that
a configured value (MaxDaemonChildren) is not exceeded.
Based on patch from Attila Bruncsak.
LIBMILTER: Remove superfluous backslash in macro definition
(libmilter.h). Based on patch from Mike Kupfer of
Sun Microsystems.
LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
This generates an error message from libmilter on
Solaris, though other systems appear to just discard the
request silently.
LIBMILTER: Deal with sigwait(2) implementations that return
-1 and set errno instead of returning an error code
directly. Patch from Chris Adams of HiWAAY Informations
Services.
Portability:
Fix compilation checks for closefrom(3) and statvfs(2)
in NetBSD. Problem noted by S. Moonesamy, patch from
Andrew Brown.
8.13.5/8.13.5 2005/09/16
Store the filesystem identifier of the df/ subdirectory (if it
exists) in an internal structure instead of the base
directory. This structure is used decide whether there
is enough free disk space when selecting a queue, hence
without this change queue selection could fail if a df/
subdirectory exists and is on a different filesystem
than the base directory.
Use the queue index of the df file (instead of the qf file) for
checking whether a link(2) operation can be used to split
an envelope across queue groups. Problem found by
Werner Wiethege.
If the list of items in the queue is larger than the maximum
number of items to process, sort the queue first and
then cut the list off instead of the other way around.
Patch from Matej Vela of Rudjer Boskovic Institute.
Fix helpfile to show full entry for ETRN. Problem noted by
Penelope Fudd, patch from Neil Rickert of Northern Illinois
University.
FallbackSmartHost should also be tried on temporary errors.
From John Beck of Sun Microsystems.
When a server responds with 421 to the STARTTLS command then treat
it as a temporary error, not as protocol error. Problem
noted by Andrey J. Melnikoff.
Properly define two functions in libsm as static because their
prototype used static too. Patch from Peter Klein.
Fix syntax errors in helpfile for MAIL and RCPT commands.
LIBMILTER: When smfi_replacebody() is called with bodylen equals
zero then do not silently ignore that call. Patch from
Gurusamy Sarathy of Active State.
LIBMILTER: Recognize "421" also in a multi-line reply to terminate
the SMTP session with that error. Fix from Brian Kantor.
Portability: New option HASSNPRINTF which can be set if the OS
has a properly working snprintf(3) to get rid
of the last two (safe) sprintf(3) calls in the
source code.
Add support for AIX 5.3.
Add support for SunOS 5.11 (aka Solaris 11).
Add support for Darwin 8.x. Patch from Lyndon Nerenberg.
OpenBSD 3.7 has removed support for NETISO.
CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X.
Set DontBlameSendmail to AssumeSafeChown and
GroupWritableDirPathSafe for OSTYPE(darwin).
Patch from Lyndon Nerenberg.
Some features still used 4.7.1 as enhanced status code which
was supposed to be eliminated in 8.13.0 because some
broken systems misinterpret it as a permanent error.
Patch from Matej Vela of Rudjer Boskovic Institute.
Some default values in a generated cf file did not match
the defaults in the sendmail binary. Problem noted
by Mike Pechkin.
New Files:
cf/ostype/freebsd6.m4
devtools/OS/AIX.5.3
devtools/OS/Darwin.8.x
devtools/OS/SunOS.5.11
include/sm/time.h
8.13.4/8.13.4 2005/03/27
The bug fixes in 8.13.3 for connection handling uncovered a
different error which could result in connections that
stay in CLOSE_WAIT state due to a variable that was not
properly initialized. Problem noted by Michael Sims.
Deal with empty hostnames in hostsignature(). This bug could lead
to an endless loop when doing LMTP deliveries to another
host. Problem first reported by Martin Lathoud and
tracked down by Gael Roualland.
Make sure return parameters are initialized in getmxrr(). Problem
found by Gael Roualland using valgrind.
If shared memory is used and the RunAsUser option is set, then the
owner and group of the shared memory segment is set to
the ids specified RunAsUser and the access mode is set
to 0660 to allow for updates by sendmail processes.
The number of queue entries that is (optionally) kept in shared
memory was wrong in some cases, e.g., envelope splitting
and bounce generation.
Undo a change made in 8.13.0 to silently truncate long strings
in address rewriting because the message can be triggered
for header checks where long strings are legitimate.
Problem reported by Mary Verge DeSisto, and tracked
down with the help of John Beck of Sun Microsystems.
The internal stab map did not obey the -m flag. Patch from
Rob McMahon of Warwick University, England.
The socket map did not obey the -f flag. Problem noted by
Dan Ringdahl, forwarded by Andrzej Filip.
The addition of LDAP recursion in 8.13.0 broke enforcement of
the LDAP map -1 argument which tells the MTA to only
return success if and only if a single LDAP match is found.
Add additional error checks in the MTA for milter communication
to avoid a possible segmentation fault. Based on patch
by Joe Maimon.
Do not trigger an assertion if X509_digest() returns success but
does not assign a value to its output parameter. Based
on patch by Brian Kantor.
Add more checks when resetting internal AUTH data (applies only
to Cyrus SASL version 2). Otherwise an SMTP session might
be dropped after an AUTH failure.
Portability:
Add LA_LONGLONG as valid LA_TYPE type for systems that use
"long long" to read load average data, e.g.,
AIX 5.1 in 32 bit mode. Note: this has to be set
"by hand", it is not (yet) automatically detected.
Problem noted by Burak Bilen.
Use socklen_t for accept(), etc. on AIX 5.x. This should
fix problems when compiling in 64 bit mode.
Problem first reported by Harry Meiert of
University of Bremen.
New Files:
include/sm/sem.h
libsm/sem.c
libsm/t-sem.c
8.13.3/8.13.3 2005/01/11
Enhance handling of I/O errors, especially EOF, when STARTTLS
is active.
Make sure a connection is not reused after it has been closed
due to a 421 error. Problem found by Allan E Johannesen
of Worcester Polytechnic Institute.
Avoid triggering an assertion when sendmail is interrupted while
closing a connection. Problem found by Allan E Johannesen
of Worcester Polytechnic Institute.
Regression: a change in 8.13.2 caused sendmail not to try the
next MX host (or FallbackMXhost if configured) when, at
connection open, the current server returns a 4xy or 5xy
SMTP reply code. Problem noted by Mark Tranchant.
8.13.2/8.13.2 2004/12/15
Do not split the first header even if it exceeds the internal
buffer size. Previously a part of such a header would
end up in the body of the message. Problem noted by
Simple Nomad of BindView.
Do not complain about "cataddr: string too long" when checking
headers that do not contain RFC 2822 addresses.
Problem noted by Rich Graves of Brandeis University.
If a server returns a 421 reply to the RSET command between
message deliveries, do not attempt to deliver any more
messages on that connection. This prevents bogus "Bad
file number" recipient status. Problem noted by
Allan E Johannesen of Worcester Polytechnic Institute.
Allow trailing white space in EHLO command as recommended by RFC
2821. Problem noted by Ralph Santagato of SBC Services.
Deal with clients which use AUTH but negotiate a smaller buffer size
for data exchanges than the value used by sendmail, e.g.,
Cyrus IMAP lmtp server. Based on patch by Jamie Clark.
When passing ESMTP arguments for RCPT to a milter, do not cut
them off at a comma. Problem noted by Krzysztof Oledzki.
Add more logging to milter change header functions to
complement existing logging. Based on patch from
Gurusamy Sarathy of Active State.
Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
Patch from Edgar Hoch of the University of Stuttgart.
Fix DNS lookup if IPv6 is enabled when converting an IP address
to a hostname for use with SASL. Problem noted by Ken Jones;
patch from Hajimu UMEMOTO.
CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
mailer. Patch from John Beck of Sun Microsystems.
LIBMILTER: It was possible that xxfi_abort() was called after
xxfi_eom() for a message if some timeouts were triggered.
Patch from Alexey Kravchuk.
LIBMILTER: Slightly rearrange mutex use in listener.c to allow
different threads to call smfi_opensocket() and smfi_main().
Patch from Jordan Ritter of Cloudmark.
MAIL.LOCAL: Properly terminate MBDB before exiting. Problem
noted by Nelson Fung.
MAIL.LOCAL: make strip-mail.local used a wrong path to access
mail.local. Problem noted by William Park.
VACATION: Properly terminate MBDB before exiting. Problem noted
by Nelson Fung.
Portability:
Add support for DragonFly BSD.
New Files:
cf/ostype/dragonfly.m4
devtools/OS/DragonFly
include/sm/os/sm_os_dragonfly.h
Deleted Files:
libsm/vsscanf.c
8.13.1/8.13.1 2004/07/30
Using the default AliasFile ldap: specification would cause the
objectClasses of the LDAP response to be included in the
alias expansion. Problem noted by Brenden Conte of
Rensselaer Polytechnic Institute.
Fix support for a fallback smart host for system where DNS is
(partially) available. From John Beck of Sun Microsystems.
Fix SuperSafe=PostMilter behavior when a milter replaces a body
but the data file is not yet stored on disk because it is
smaller than the size of the memory buffer. Problem noted
by David Russell.
Fix certificate revocation list support; if a CRL was specified
but the other side presented a cert that was signed by
a different (trusted) CA than the one which issued the CRL,
verification would always fail. Problem noted by Al Smith.
Run mailer programs as the RunAsUser when RunAsUser is set and
the F=S mailer flag is set without a U= mailer equate.
Problem noted by John Gardiner Myers of Proofpoint.
${nbadrcpts} was off by one if BadRcptThrottle is zero.
Patch from Sung-hoon Choi of DreamWiz Inc.
CONFIG: Emit a warning if FEATURE(`access_db') is used after
FEATURE(`greet_pause') because then the latter will not
use the access map. Note: if no default value is given
for FEATURE(`greet_pause') then it issues an error if
FEATURE(`access_db') is not specified before it.
Problem noted by Alexander Dalloz of University of
Bielefeld.
CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause')
is used to give more flexibility for local changes.
Portability:
Fix a 64 bit problem in the socket map code. Problem
noted by Geoff Adams.
NetBSD 2.0F has closefrom(3). Patch from Andrew Brown.
NetBSD can use sysctl(3) to get the number of CPUs in
a system. Patch from Andrew Brown.
Add a README file in doc/op/ to explain potential
incompatibilities with various *roff related
tools. Problem tracked down by Per Hedeland.
New Files:
doc/op/README
8.13.0/8.13.0 2004/06/20
Do not include AUTH data in a bounce to avoid leaking confidential
information. See also cf/README about MSP and the section
"Providing SMTP AUTH Data when sendmail acts as Client".
Problem noted by Neil Rickert of Northern Illinois
University.
Fix compilation error in libsm/clock.c for -D_FFR_SLEEP_USE_SELECT=n
and -DSM_CONF_SETITIMER=0. Problem noted by Juergen Georgi
of RUS University of Stuttgart.
Fix bug in conversion from 8bit to quoted-printable. Problem found
by Christof Haerens, patch from Per Hedeland.
Add support for LDAP recursion based on types given to attribute
specifications in an LDAP map definition. This allows
LDAP queries to return a new query, a DN, or an LDAP
URL which will in turn be queried. See the ``LDAP
Recursion'' section of doc/op/op.me for more information.
Based on patch from Andrew Baucom.
Extend the default LDAP specifications for AliasFile
(O AliasFile=ldap:) and file classes (F{X}@LDAP) to
include support for LDAP recursion via new attributes.
See ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section
of cf/README for more information.
New option for LDAP maps: the -w option allows you to specify the
LDAP API/protocol version to use. The default depends on
the LDAP library.
New option for LDAP maps: the -H option allows you to specify an
LDAP URI instead of specifying the LDAP server via -h host
and -p port. This also allows for the use of LDAP over
SSL and connections via named sockets if your LDAP
library supports it.
New compile time flag SM_CONF_LDAP_INITIALIZE: set this if
ldap_initialize(3) is available (and LDAPMAP is set).
If MaxDaemonChildren is set and a command is repeated too often
during a SMTP session then terminate it just like it is
done for too many bad SMTP commands.
Basic connection rate control support has been added: the daemon
maintains the number of incoming connections per client
IP address and total in the macros {client_rate} and
{total_rate}, respectively. These macros can be used
in the cf file to impose connection rate limits.
A new option ConnectionRateWindowSize (default: 60s)
determines the length of the interval for which the
number of connections is stored. Based on patch from
Jose Marcio Martins da Cruz, Ecole des Mines de Paris.
Add optional protection from open proxies and SMTP slammers which
send SMTP traffic without waiting for the SMTP greeting.
If enabled by the new ruleset greet_pause (see
FEATURE(`greet_pause')), sendmail will wait the specified
amount of time before sending the initial 220 SMTP
greeting. If any traffic is received before then, a 554
SMTP response is sent and all SMTP commands are rejected
during that connection.
If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP
server could sleep for a very long time. Fix based on
patch from Tadashi Kobayashi of IIJ.
Fix a potential memory leak in persistent queue runners if the
number of entries in the queue exceeds the limit of jobs.
Problem noted by Steve Hubert of University of Washington.
Do not use 4.7.1 as enhanced status code because some broken systems
misinterpret it as a permanent error.
New value for SuperSafe: PostMilter which will delay fsync() until
all milters accepted the mail. This can increase
performance if many mails are rejected by milters due to
body scans. Based on patch from David F. Skoll.
New macro {msg_id} which contains the value of the Message-Id:
header, whether provided by the client or generated by
sendmail.
New macro {client_connections} which contains the number of open
connections in the SMTP server for the client IP address.
Based on patch from Jose Marcio Martins da Cruz, Ecole des
Mines de Paris.
sendmail will now remove its pidfile when it exits. This was done
to prevent confusion caused by running sendmail stop
scripts two or more times, where the second and subsequent
runs would report misleading error messages about sendmail's
pid no longer existing. See section 1.3.15 of doc/op/op.me
for a discussion of the implications of this, including
how to correct broken scripts which may have depended on
the old behavior. From John Beck of Sun Microsystems.
Support per-daemon input filter lists which override the default
filter list specified in InputMailFilters. The filters
can be listed in the I= equate of DaemonPortOptions.
Do not add all domain prefixes of the hostname to class 'w'. If
your configuration relies on this behavior, you have to
add those names to class 'w' yourself. Problem noted
by Sander Eerkes.
Support message quarantining in the mail queue. Quarantined
messages are not run on normal queue displays or runs
unless specifically requested with -qQ. Quarantined queue
files are named with an hf prefix instead of a qf prefix.
The -q command line option now can specify which queue to display
or run. -qQ operates on quarantined queue items. -qL
operates on lost queue items.
Restricted mail queue runs and displays can be done based on the
quarantined reason using -qQtext to run or display
quarantined items if the quarantine reason contains the
given text. Similarly, -q!Qtext will run or display
quarantined items which do not have the given text in the
quarantine reason.
Items in the queue can be quarantined or unquarantined using the
new -Q option. See doc/op/op.me for more information.
When displaying the quarantine mailq with 'mailq -qQ', the
quarantine reason is shown in a new line prefixed by
"QUARANTINE:".
A new error code for the $#error mailer, $@ quarantine, can be used
to quarantine messages in check_* (except check_compat) and
header check rulesets. The $: of the mailer triplet will
be used for the quarantine reason.
Add a new quarantine count to the mailstats collected.
Add a new macro ${quarantine} which is the quarantine reason for a
message if it is quarantined.
New map type "socket" for a trivial query protocol over UNIX domain
or TCP sockets (requires compile time option SOCKETMAP).
See sendmail/README and doc/op/op.me for details as well as
socketmapServer.pl and socketmapClient.pl in contrib.
Code donated by Bastiaan Bakker of LifeLine Networks.
Define new macro ${client_ptr} which holds the result of the PTR
lookup for the client IP address. Note: this is the same
as ${client_name} if and only if ${client_resolve} is OK.
Add a new macro ${nbadrcpts} which contains the number of bad
recipients received so far in a transaction.
Call check_relay with the value of ${client_name} to deal with bogus
DNS entries. See also FEATURE(`use_client_ptr'). Problem
noted by Kai Schlichting.
Treat Delivery-Receipt-To: headers the same as Return-Receipt-To:
headers (turn them into DSNs). Delivery-Receipt-To: is
apparently used by SIMS (Sun Internet Mail System).
Enable connection caching for LPC mailers. Patch from Christophe
Wolfhugel of France Telecom Oleane.
Do not silently truncate long strings in address rewriting.
Add support for Cyrus SASL version 2. From Kenneth Murchison of
Oceana Matrix Ltd.
Add a new AuthOption=m flag to require the use of mechanisms which
support mutual authentication. From Kenneth Murchison of
Oceana Matrix Ltd.
Fix logging of TLS related problems (introduced in 8.12.11).
The macros {auth_author} and {auth_authen} are stored in xtext
format just like the STARTTLS related macros to avoid
problems with parsing them. Problem noted by Pierangelo
Masarati of SysNet s.n.c.
New option AuthRealm to set the authentication realm that is
passed to the Cyrus SASL library. Patch from Gary Mills
of the University of Manitoba.
Enable AUTH mechanism EXTERNAL if STARTTLS verification was
successful, otherwise relaying would be allowed if
EXTERNAL is listed in TRUST_AUTH_MECH() and STARTTLS
is active.
Add basic support for certificate revocation lists. Note: if a
CRLFile is specified but the file is unusable, STARTTLS
is disabled. Based on patch by Ralf Hornik.
Enable workaround for inconsistent Cyrus SASLv1 API for mechanisms
DIGEST-MD5 and LOGIN.
Write pid to file also if sendmail only acts as persistent queue
runner. Proposed by Gary Mills of the University of Manitoba.
Keep daemon pid file(s) locked so other daemons don't try to
overwrite each other's pid files.
Increase maximum length of logfile fields for {cert_subject} and
{cert_issuer} from 128 to 256. Requested by Christophe
Wolfhugel of France Telecom.
Log the TLS verification message on the STARTTLS= log line at
LogLevel 12 or higher.
If the MSP is invoked with the verbose option (-v) then it will
try to use the SMTP command VERB to propagate this option
to the MTA which in turn will show the delivery just like
it was done before the default 8.12 separation of MSP and
MTA. Based on patch by Per Hedeland.
If a daemon is refusing connections for longer than the time specified
by the new option RejectLogInterval (default: 3 hours) due
to high load, log this information. Patch from John Beck
of Sun Microsystems.
Remove the ability for non-trusted users to raise the value of
CheckpointInterval on the command line.
New mailer flag 'B' to strip leading backslashes, which is a
subset of the functionality of the 's' flag.
New mailer flag 'W' to ignore long term host status information.
Patch from Juergen Georgi of RUS University of Stuttgart.
Enable generic mail filter API (milter) by default. To turn
it off, add -DMILTER=0 to the compile time options.
An internal SMTP session discard flag was lost after an RSET/HELO/EHLO
causing subsequent messages to be sent instead of being
discarded. This also caused milter callbacks to be called
out of order after the SMTP session was reset.
New option RequiresDirfsync to turn off the compile time flag
REQUIRES_DIR_FSYNC at runtime. See sendmail/README for
further information.
New command line option -D logfile to send debug output to
the indicated log file instead of stdout.
Add Timeout.queuereturn.dsn and Timeout.queuewarn.dsn to control
queue return and warning times for delivery status
notifications.
New queue sort order option: 'n'one for not sorting the queue entries
at all.
Several more return values for ruleset srv_features have been added
to enable/disable certain features in the server per
connection. See doc/op/op.me for details.
Support for SMTP over SSL (smtps), activated by Modifier=s
for DaemonPortOptions.
Continue with DNS lookups on ECONNREFUSED and TRY_AGAIN when
trying to canonify hostnames. Suggested by Neil Rickert
of Northern Illinois University.
Add support for a fallback smart host (option FallbackSmartHost) to
be tried as a last resort after all other fallbacks. This
is designed for sites with partial DNS (e.g., an accurate
view of inside the company, but an incomplete view of
outside). From John Beck of Sun Microsystems.
Enable timeout for STARTTLS even if client does not start the TLS
handshake. Based on patch by Andrey J. Melnikoff.
Remove deprecated -v option for PH map, use -k instead. Patch from
Mark Roth of the University of Illinois at Urbana-Champaign.
libphclient is version 1.2.x by default, if version 1.1.x is required
then compile with -DNPH_VERSION=10100. Patch from Mark Roth
of the University of Illinois at Urbana-Champaign.
Add Milter.macros.eom, allowing macros to be sent to milter
applications for use in the xxfi_eom() callback.
New macro {time} which contains the output of the time(3) function,
i.e., the number of seconds since 0 hours, 0 minutes,
0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
If check_relay sets the reply code to "421" the SMTP server will
terminate the SMTP session with a 421 error message.
Get rid of dead code that tried to access the environment variable
HOSTALIASES.
Deprecate the use of ErrorMode=write. To enable this in 8.13
compile with -DUSE_TTYPATH=1.
Header check rulesets using $>+ (do not strip comments) will get
the header value passed in without balancing quotes,
parentheses, and angle brackets. Based on patch from
Oleg Bulyzhin.
Do not complain and fix up unbalanced quotes, parentheses, and
angle brackets when reading in rulesets. This allows
rules to be written for header checks to catch strings
that contain quotes, parentheses, and/or angle brackets.
Based on patch from Oleg Bulyzhin.
Do not close socket when accept(2) in the daemon encounters
some temporary errors like ECONNABORTED.
Added list of CA certificates that are used by members of the
sendmail consortium, see CACerts.
Portability:
Two new compile options have been added:
HASCLOSEFROM System has closefrom(3).
HASFDWALK System has fdwalk(3).
Based on patch from John Beck of Sun Microsystems.
The Linux kernel version 2.4 series has a broken flock() so
change to using fcntl() locking until they can fix
it. Be sure to update other sendmail related
programs to match locking techniques.
New compile time option NEEDINTERRNO which should be set
if <errno.h> does not declare errno itself.
Support for UNICOS/mk and UNICOS/mp added, some changes for
UNICOS. Patches contributed by Aaron Davis and
Brian Ginsbach, Cray Inc., and Manu Mahonen of
Center for Scientific Computing.
Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
Extend support to Darwin 7.x/Mac OS X 10.3 (a.k.a. Panther).
Remove path from compiler definition for Interix because
Interix 3.0 and 3.5 put gcc in different locations.
Also use <sys/mkdev.h> to get the correct
major()/minor() definitions. Based on feedback
from Mark Funkenhauser.
CONFIG: Add support for LDAP recursion to the default LDAP searches
for maps via new attributes. See the ``USING LDAP FOR
ALIASES, MAPS, and CLASSES'' section of cf/README and
cf/sendmail.schema for more information.
CONFIG: Make sure confTRUSTED_USER is valid even if confRUN_AS_USER
is of the form "user:group" when used for submit.mc.
Problem noted by Carsten P. Gehrke, patch from Neil Rickert
of Northern Illinois University.
CONFIG: Add a new access DB value of QUARANTINE:reason which
instructs the check_* (except check_compat) to quarantine
the message using the given reason.
CONFIG: Use "dns -R A" as map type for dnsbl (just as for enhdnsbl)
instead of "host" to avoid problem with looking up other
DNS records than just A.
CONFIG: New option confCONNECTION_RATE_WINDOW_SIZE to define the
length of the interval for which the number of incoming
connections is maintained.
CONFIG: New FEATURE(`ratecontrol') to set the limits for connection
rate control for individual hosts or nets.
CONFIG: New FEATURE(`conncontrol') to set the limits for the
number of open SMTP connections for individual hosts or nets.
CONFIG: New FEATURE(`greet_pause') enables open proxy and SMTP
slamming protection described above. The feature can
take an argument specifying the milliseconds to wait and/or
use the access database to look the pause time based on
client hostname, domain, IP address, or subnet.
CONFIG: New FEATURE(`use_client_ptr') to have check_relay use
$&{client_ptr} as its first argument. This is useful for
rejections based on the unverified hostname of client,
which turns on the same behavior as in earlier sendmail
versions when delay_checks was not in use. See also entry
above about check_relay being invoked with ${client_name}.
CONFIG: New option confREJECT_LOG_INTERVAL to specify the log
interval when refusing connections for this long.
CONFIG: Remove quotes around usage of confREJECT_MSG; in some cases
this requires a change in a mc file. Requested by
Ted Roberts of Electronic Data Systems.
CONFIG: New option confAUTH_REALM to set the authentication realm
that is passed to the Cyrus SASL library. Patch from
Gary Mills of the University of Manitoba.
CONFIG: Rename the (internal) classes {tls}/{src} to {Tls}/{Src}
to follow the naming conventions.
CONFIG: Add a third optional argument to local_lmtp to specify
the A= argument.
CONFIG: Remove the f flag from the default mailer flags of
local_lmtp.
CONFIG: New option confREQUIRES_DIR_FSYNC to turn off the compile
time flag REQUIRES_DIR_FSYNC at runtime.
CONFIG: New LOCAL_UUCP macro to insert rules into the generated
cf file at the same place where MAILER(`uucp') inserts
its rules.
CONFIG: New options confTO_QUEUERETURN_DSN and confTO_QUEUEWARN_DSN
to control queue return and warning times for delivery
status notifications.
CONFIG: New option confFALLBACK_SMARTHOST to define FallbackSmartHost.
CONFIG: Add the mc file which has been used to create the cf
file to the end of the cf file when using make in cf/cf/.
Patch from Richard Rognlie.
CONFIG: FEATURE(nodns) has been removed, it was a no-op since 8.9.
Use ServiceSwitchFile to turn off DNS lookups, see
doc/op/op.me.
CONFIG: New option confMILTER_MACROS_EOM (sendmail Milter.macros.eom
option) defines macros to be sent to milter applications for
use in the xxfi_eom() callback.
CONFIG: New option confCRL to specify file which contains
certificate revocations lists.
CONFIG: Add a new value (sendertoo) for the third argument to
FEATURE(`ldap_routing') which will reject the SMTP
MAIL From: command if the sender address doesn't exist
in LDAP. See cf/README for more information.
CONFIG: Add a fifth argument to FEATURE(`ldap_routing') which
instructs the rulesets on whether or not to do a domain
lookup if a full address lookup doesn't match. See cf/README
for more information.
CONFIG: Add a sixth argument to FEATURE(`ldap_routing') which
instructs the rulesets on whether or not to queue the mail
or give an SMTP temporary error if the LDAP server can't be
reached. See cf/README for more information. Based on
patch from Billy Ray Miller of Caterpillar.
CONFIG: Experimental support for MTAMark, see cf/README for details.
CONFIG: New option confMESSAGEID_HEADER to define a different
Message-Id: header format. Patch from Bastiaan Bakker
of LifeLine Networks.
CONTRIB: New version of cidrexpand which uses Net::CIDR. From
Derek J. Balling.
CONTRIB: oldbind.compat.c has been removed due to security problems.
Found by code inspection done by Reasoning, Inc.
DEVTOOLS: Add an example file for devtools/Site/, contributed
by Neil Rickert of Northern Illinois University.
LIBMILTER: Add new function smfi_quarantine() which allows the
filter's EOM routine to quarantine the current message.
Filters which use this function must include the
SMFIF_QUARANTINE flag in the registered smfiDesc structure.
LIBMILTER: If a milter sets the reply code to "421", the SMTP server
will terminate the SMTP session with that error.
LIBMILTER: Upon filter shutdown, libmilter will not remove a
named socket in the file system if it is running as root.
LIBMILTER: Add new function smfi_progress() which allows the filter
to notify the MTA that an EOM operation is still in progress,
resetting the timeout.
LIBMILTER: Add new function smfi_opensocket() which allows the filter
to attempt to establish the interface socket, and detect
failure to do so before calling smfi_main().
LIBMILTER: Add new function smfi_setmlreply() which allows the
filter to return a multi-line SMTP reply.
LIBMILTER: Deal with more temporary errors in accept() by ignoring
them instead of stopping after too many occurred.
Suggested by James Carlson of Sun Microsystems.
LIBMILTER: Fix a descriptor leak in the sample program found in
docs/sample.html. Reported by Dmitry Adamushko.
LIBMILTER: The sample program also needs to use SMFIF_ADDRCPT.
Reported by Carl Byington of 510 Software Group.
LIBMILTER: Document smfi_stop() and smfi_setdbg(). Patches
from Bryan Costales.
LIBMILTER: New compile time option SM_CONF_POLL; define this if
poll(2) should be used instead of select(2).
LIBMILTER: New function smfi_insheader() and related protocol
amendments to support header insertion operations.
MAIL.LOCAL: Add support for hashed mail directories, see
mail.local/README. Contributed by Chris Adams of HiWAAY
Informations Services.
MAILSTATS: Display quarantine message counts.
MAKEMAP: Add new flag -D to specify the comment character to use
instead of '#'.
VACATION: Add new flag -j to auto-respond to messages regardless of
whether or not the recipient is listed in the To: or Cc:
headers.
VACATION: Add new flag -R to specify the envelope sender address
for the auto-response message.
New Files:
CACerts
cf/feature/conncontrol.m4
cf/feature/greet_pause.m4
cf/feature/mtamark.m4
cf/feature/ratecontrol.m4
cf/feature/use_client_ptr.m4
cf/ostype/unicos.m4
cf/ostype/unicosmk.m4
cf/ostype/unicosmp.m4
contrib/socketmapClient.pl
contrib/socketmapServer.pl
devtools/OS/Darwin.7.0
devtools/OS/UNICOS-mk
devtools/OS/UNICOS-mp
devtools/Site/site.config.m4.sample
include/sm/os/sm_os_unicos.h
include/sm/os/sm_os_unicosmk.h
include/sm/os/sm_os_unicosmp.h
libmilter/docs/smfi_insheader.html
libmilter/docs/smfi_progress.html
libmilter/docs/smfi_quarantine.html
libmilter/docs/smfi_setdbg.html
libmilter/docs/smfi_setmlreply.html
libmilter/docs/smfi_stop.html
sendmail/ratectrl.c
Deleted Files:
cf/feature/nodns.m4
contrib/oldbind.compat.c
devtools/OS/CRAYT3E.2.0.x
devtools/OS/CRAYTS.10.0.x
libsm/vsprintf.c
Renamed Files:
devtools/OS/Darwin.7.0 => devtools/OS/Darwin.7.x
8.12.11/8.12.11 2004/01/18
Use QueueFileMode when opening qf files. This error was a
regression in 8.12.10. Problem detected and diagnosed
Lech Szychowski of the Polish Power Grid Company.
Properly count the number of queue runners in a work group and
make sure the total limit of MaxQueueChildren is not
exceeded. Based on patch from Takayuki Yoshizawa of
Techfirm, Inc.
Take care of systems that can generate time values where the
seconds can exceed the usual range of 0 to 59.
Problem noted by Randy Diffenderfer of EDS.
Avoid regeneration of identical queue identifiers by processes
whose process id is the same as that of the initial
sendmail process that was used to start the daemon.
Problem noted by Randy Diffenderfer of EDS.
When a milter invokes smfi_delrcpt() compare the supplied
recipient address also against the printable addresses
of the current list to deal with rewritten addresses.
Based on patch from Sean Hanson of The Asylum.
BadRcptThrottle now also works for addresses which return the
error mailer, e.g., virtusertable entries with the
right hand side error:. Patch from Per Hedeland.
Fix printing of 8 bit characters as octals in log messages.
Based on patch by Andrey J. Melnikoff.
Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit
text that has been introduced in 8.12.3. There are some
examples where the new code fails, but the old code works.
To get the 8.12.3-8.12.10 version, compile sendmail with
-DMIME7TO8_OLD=0. If you have an example of improper
7 to 8 bit conversion please send it to us.
Return normal error code for unknown SMTP commands instead of
the one specified by check_relay or a milter for a
connection. Problem noted by Andrzej Filip.
Some ident responses contain data after the terminating CRLF which
causes sendmail to log "POSSIBLE ATTACK...newline in string".
To avoid this everything after LF is ignored.
If the operating system supports O_EXLOCK and HASFLOCK is set
then a possible race condition for creating qf files
can be avoided. Note: the race condition does not
exist within sendmail, but between sendmail and an
external application that accesses qf files.
Log the proper options name for TLS related mising files for
the CACertPath, CACertFile, and DHParameters options.
Do not split an envelope if it will be discarded, otherwise df
files could be left behind. Problem found by Wolfgang
Breyha.
The use of the environment variables HOME and HOSTALIASES has been
deprecated and will be removed in version 8.13. This only
effects configuration which preserve those variable via the
'E' command in the cf file as sendmail clears out its entire
environment.
Portability:
Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
Solaris 10 has unsetenv(), patch from Craig Mohrman of
Sun Microsystems.
LIBMILTER: Add extra checks in case a broken MTA sends bogus data
to libmilter. Based on code review by Rob Grzywinski.
SMRSH: Properly assemble commands that contain '&&' or '||'.
Problem noted by Eric Lee of Talking Heads.
New Files:
devtools/OS/Darwin.7.0
8.12.10/8.12.10 2003/09/24 (Released: 2003/09/17)
SECURITY: Fix a buffer overflow in address parsing. Problem
detected by Michal Zalewski, patch from Todd C. Miller
of Courtesan Consulting.
Fix a potential buffer overflow in ruleset parsing. This problem
is not exploitable in the default sendmail configuration;
only if non-standard rulesets recipient (2), final (4), or
mailer-specific envelope recipients rulesets are used then
a problem may occur. Problem noted by Timo Sirainen.
Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength.
Problem noted by Thomas Schulz.
Add several checks to avoid (theoretical) buffer over/underflows.
Properly count message size when performing 7->8 or 8->7 bit MIME
conversions. Problem noted by Werner Wiethege.
Properly compute message priority based on size of entire message,
not just header. Problem noted by Axel Holscher.
Reset SevenBitInput to its configured value between SMTP
transactions for broken clients which do not properly
announce 8 bit data. Problem noted by Stefan Roehrich.
Set {addr_type} during queue runs when processing recipients.
Based on patch from Arne Jansen.
Better error handling in case of (very unlikely) queue-id conflicts.
Perform better error recovery for address parsing, e.g., when
encountering a comment that is too long. Problem noted by
Tanel Kokk, Union Bank of Estonia.
Add ':' to the allowed character list for bogus HELO/EHLO
checking. It is used for IPv6 domain literals. Patch from
Iwaizako Takahiro of FreeBit Co., Ltd.
Reset SASL connection context after a failed authentication attempt.
Based on patch from Rob Siemborski of CMU.
Check Berkeley DB compile time version against run time version
to make sure they match.
Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled
in the kernel.
When a milter adds recipients and one of them causes an error,
do not ignore the other recipients. Problem noted by
Bart Duchesne.
CONFIG: Use specified SMTP error code in mailertable entries which
lack a DSN, i.e., "error:### Text". Problem noted by
Craig Hunt.
CONFIG: Call Local_trust_auth with the correct argument. Patch
from Jerome Borsboom.
CONTRIB: Better handling of temporary filenames for doublebounce.pl
and expn.pl to avoid file overwrites, etc. Patches from
Richard A. Nelson of Debian and Paul Szabo.
MAIL.LOCAL: Fix obscure race condition that could lead to an
improper mailbox truncation if close() fails after the
mailbox is fsync()'ed and a new message is delivered
after the close() and before the truncate().
MAIL.LOCAL: If mail delivery fails, do not leave behind a
stale lockfile (which is ignored after the lock timeout).
Patch from Oleg Bulyzhin of Cronyx Plus LLC.
Portability:
Port for AIX 5.2. Thanks to Steve Hubert of University
of Washington for providing access to a computer
with AIX 5.2.
setreuid(2) works on OpenBSD 3.3. Patch from
Todd C. Miller of Courtesan Consulting.
Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH
on all operating systems. Patch from Robert Harker
of Harker Systems.
Use strerror(3) on Linux. If this causes a problem on
your Linux distribution, compile with
-DHASSTRERROR=0 and tell sendmail.org about it.
Added Files:
devtools/OS/AIX.5.2
8.12.9/8.12.9 2003/03/29
SECURITY: Fix a buffer overflow in address parsing due to
a char to int conversion problem which is potentially
remotely exploitable. Problem found by Michal Zalewski.
Note: an MTA that is not patched might be vulnerable to
data that it receives from untrusted sources, which
includes DNS.
To provide partial protection to internal, unpatched sendmail MTAs,
8.12.9 changes by default (char)0xff to (char)0x7f in
headers etc. To turn off this conversion compile with
-DALLOW_255 or use the command line option -d82.101.
To provide partial protection for internal, unpatched MTAs that may be
performing 7->8 or 8->7 bit MIME conversions, the default
for MaxMimeHeaderLength has been changed to 2048/1024.
Note: this does have a performance impact, and it only
protects against frontal attacks from the outside.
To disable the checks and return to pre-8.12.9 defaults,
set MaxMimeHeaderLength to 0/0.
Do not complain about -ba when submitting mail. Problem noted
by Derek Wueppelmann.
Fix compilation with Berkeley DB 1.85 on systems that do not
have flock(2). Problem noted by Andy Harper of Kings
College London.
Properly initialize data structure for dns maps to avoid various
errors, e.g., looping processes. Problem noted by
Maurice Makaay of InterNLnet B.V.
CONFIG: Prevent multiple application of rule to add smart host.
Patch from Andrzej Filip.
CONFIG: Fix queue group declaration in MAILER(`usenet').
CONTRIB: buildvirtuser: New option -t builds the virtusertable
text file instead of the database map.
Portability:
Revert wrong change made in 8.12.7 and actually use the
builtin getopt() version in sendmail on Linux.
This can be overridden by using -DSM_CONF_GETOPT=0
in which case the OS supplied version will be used.
8.12.8/8.12.8 2003/02/11
SECURITY: Fix a remote buffer overflow in header parsing by
dropping sender and recipient header comments if the
comments are too long. Problem noted by Mark Dowd
of ISS X-Force.
Fix a potential non-exploitable buffer overflow in parsing the
.cf queue settings and potential buffer underflow in
parsing ident responses. Problem noted by Yichen Xie of
Stanford University Compilation Group.
Fix ETRN #queuegroup command: actually start a queue run for
the selected queue group. Problem noted by Jos Vos.
If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
log the fixup as "Fixed MIME header" instead of "Truncated
MIME header". Problem noted by Ian J Hart.
CONFIG: Fix regression bug in proto.m4 that caused a bogus
error message: "FEATURE() should be before MAILER()".
MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
a mailbox has more than one link or whether it is not
a regular file. Patch from John Beck of Sun Microsystems.
8.12.7/8.12.7 2002/12/29
Properly clean up macros to avoid persistence of session data
across various connections. This could cause session
oriented restrictions, e.g., STARTTLS requirements,
to erroneously allow a connection. Problem noted
by Tim Maletic of Priority Health.
Do not lookup MX records when sorting the MSP queue. The MSP
only needs to relay all mail to the MTA. Problem found
by Gary Mills of the University of Manitoba.
Do not restrict the length of connection information to 100
characters in some logging statements. Problem noted by
Erik Parker.
When converting an enhanced status code to an exit status, use
EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
is used.
Reset macro $x when receiving another MAIL command. Problem
noted by Vlado Potisk of Wigro s.r.o.
Don't bother setting the permissions on the build area statistics
file, the proper permissions will be put on the file at
install time. This fixes installation over NFS for some
users. Problem noted by Martin J. Dellwo of 3-Dimensional
Pharmaceuticals, Inc.
Fix problem of decoding SASLv2 encrypted data. Problem noted by
Alex Deiter of Mobile TeleSystems, Komi Republic.
Log milter socket open errors at MilterLogLevel 1 or higher instead
of 11 or higher.
Print early system errors to the console instead of silently
exiting. Problem noted by James Jong of IBM.
Do not process a queue group if Runners is set to 0, regardless
of whether F=f or sendmail is run in verbose mode (-v).
The use of -qGname will still force queue group "name"
to be run even if Runners=0.
Change the level for logging the fact that a daemon is refusing
connections due to high load from LOG_INFO to LOG_NOTICE.
Patch from John Beck of Sun Microsystems.
Use location information for submit.cf from NetInfo
(/locations/sendmail/submit.cf) if available.
Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
Neil Rickert of Northern Illinois University.
Make behavior of /canon in debug mode consistent with usage in
rulesets. Patch from Shigeno Kazutaka of IIJ.
Fix a potential memory leak in envelope splitting. Problem noted
by John Majikes of IBM.
Do not try to share an mailbox database LDAP connection across
different processes. Problem noted by Randy Kunkee.
Fix logging for undelivered recipients when the SMTP connection
times out during message collection. Problem noted by Neil
Rickert of Northern Illinois University.
Avoid problems with QueueSortOrder=random due to problems with
qsort() on Solaris (and maybe some other operating systems).
Problem noted by Stephan Schulz of Gruner+Jahr..
If -f "" is specified, set the sender address to "<>". Problem
noted by Matthias Andree.
Fix formatting problem of footnotes for plain text output on some
versions of tmac. Patch from Per Hedeland.
Portability:
Berkeley DB 4.1 support (requires at least 4.1.25).
Some getopt(3) implementations in GNU/Linux are broken
and pass a NULL pointer to an option which requires
an argument, hence the builtin version of
sendmail is used instead. This can be overridden
by using -DSM_CONF_GETOPT=0. Problem noted by
Vlado Potisk of Wigro s.r.o.
Support for nph-1.2.0 from Mark D. Roth of the University
of Illinois at Urbana-Champaign.
Support for FreeBSD 5.0's MAC labeling from Robert Watson
of the TrustedBSD Project.
Support for reading the number of processors on an IRIX
system from Michel Bourget of SGI.
Support for UnixWare 7.1 based on input from Larry Rosenman.
Interix support from Nedelcho Stanev of Atlantic Sky
Corporation.
Update Mac OS X/Darwin portability from Wilfredo Sanchez.
CONFIG: Enforce tls_client restrictions even if delay_checks
is used. Problem noted by Malte Starostik.
CONFIG: Deal with an empty hostname created via bogus
DNS entries to get around access restrictions.
Problem noted by Kai Schlichting.
CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
to avoid problems with hostname resolution for localhost
which on many systems does not resolve to 127.0.0.1 (or
::1 for IPv6). If you do not use IPv4 but only IPv6 then
you need to change submit.mc accordingly, see the comment
in the file itself.
CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
error messages from initgroups(3) on AIX 4.3 when sending
mail to non-existing users. Problem noted by Mark Roth of
the University of Illinois at Urbana-Champaign.
CONFIG: Allow local_procmail to override local_lmtp settings.
CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
relay.
CONTRIB: cidrexpand: Deal with the prefix tags that may be included
in access_db.
CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
LIBMILTER: On Solaris libmilter may get into an endless loop if
an error in the communication from/to the MTA occurs.
Patch from Gurusamy Sarathy of Active State.
LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
Patch from from Jose Marcio Martins da Cruz of Ecole
Nationale Superieure des Mines de Paris.
MAIL.LOCAL: Fix a truncation race condition if the close() on
the mailbox fails. Problem noted by Tomoko Fukuzawa of
Sun Microsystems.
MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
fails. Patch from John Beck of Sun Microsystems.
SMRSH: SECURITY: Only allow regular files or symbolic links to be
used for a command. Problem noted by David Endler of
iDEFENSE, Inc.
New Files:
devtools/OS/Interix
include/sm/bdb.h
8.12.6/8.12.6 2002/08/26
Do not add the FallbackMXhost (or its MX records) to the list
returned by the bestmx map when -z is used as option.
Otherwise sendmail may act as an open relay if FallbackMXhost
and FEATURE(`relay_based_on_MX') are used together.
Problem noted by Alexander Ignatyev.
Properly split owner- mailing list messages when SuperSafe is set
to interactive. Problem noted by Todd C. Miller of
Courtesan Consulting.
Make sure that an envelope is queued in the selected queue group
even if some recipients are deleted or invalid. Problem
found by Chris Adams of HiWAAY Informations Services.
Do not send a bounce message if a message is completely collected
from the SMTP client. Problem noted by Kari Hurtta of the
Finnish Meteorological Institute.
Provide an 'install-submit-st' target for sendmail/Makefile to
install the MSP statistics file using the file named in the
confMSP_STFILE devtools variable. Requested by Jeff
Earickson of Colby College.
Queue up mail with a temporary error if setusercontext() fails
during a delivery attempt. Patch from Todd C. Miller of
Courtesan Consulting.
Fix handling of base64 encoded client authentication data for
SMTP AUTH. Patch from Elena Slobodnik of life medien GmbH.
Set the OpenLDAP option LDAP_OPT_RESTART so the client libraries
restart interrupted system calls. Problem noted by Luiz
Henrique Duma of BSIOne.
Prevent a segmentation fault if a program passed a NULL envp using
execve().
Document a problem with the counting of queue runners that may
cause delays if MaxQueueChildren is set too low. Problem
noted by Ian Duplisse of Cable Television Laboratories, Inc.
If discarding a message based on a recipient, don't try to look up
the recipient in the mailbox database if F=w is set. This
allows users to discard bogus recipients when dealing with
spammers without tipping them off. Problem noted by Neil
Rickert of Northern Illinois University.
If applying a header check to a header with unstructured data,
e.g., Subject:, then do not run syntax checks that are
supposed for addresses on the header content.
Count messages rejected/discarded via the check_data ruleset.
Portability:
Fix compilation on systems which do not allow simple
copying of the variable argument va_list. Based on
fix from Scott Walters.
Fix NSD map open bug. From Michel Bourget of SGI.
Add some additional IRIX shells to the default shell
list. From Michel Bourget of SGI.
Fix compilation issues on Mac OS X 10.2 (Darwin 6.0).
NETISO support has been dropped.
CONFIG: There was a seemingly minor change in 8.12.4 with respect
to handling entries of IP nets/addresses with RHS REJECT.
These would be rejected in check_rcpt instead of only
being activated in check_relay. This change has been made to
avoid potential bogus temporary rejection of relay attempts
"450 4.7.1 Relaying temporarily denied. Cannot resolve PTR
record for ..." if delay_checks is enabled. However, this
modification causes a change of behavior if an IP net/address
is listed in the access map with REJECT and a host/domain
name is listed with OK or RELAY, hence it has been reversed
such that the behavior of 8.12.3 is restored. The original
change was made on request of Neil Rickert of Northern
Illinois University, the side effect has been found by
Stefaan Van Hoornick.
CONFIG: Make sure delay_checks works even for sender addresses
using the local hostname ($j) or domains in class {P}.
Based on patch from Neil Rickert of Northern Illinois
University.
CONFIG: Fix temporary error handling for LDAP Routing lookups.
Fix from Andrzej Filip.
CONTRIB: New version of etrn.pl script and external man page
(etrn.0) from John Beck of Sun Microsystems.
LIBMILTER: Protect a free(3) operation from being called with a
NULL pointer. Problem noted by Andrey J. Melnikoff.
LIBMILTER: Protect against more interrupted select() calls. Based
on patch from Jose Marcio Martins da Cruz of Ecole Nationale
Superieure des Mines de Paris.
New Files:
contrib/etrn.0
8.12.5/8.12.5 2002/06/25
SECURITY: The DNS map can cause a buffer overflow if the user
specifies a dns map using TXT records in the configuration
file and a rogue DNS server is queried. None of the
sendmail supplied configuration files use this option hence
they are not vulnerable. Problem noted independently by
Joost Pol of PINE Internet and Anton Rang of Sun Microsystems.
Unprintable characters in responses from DNS servers for the DNS
map type are changed to 'X' to avoid potential problems
with rogue DNS servers.
Require a suboption when setting the Milter option. Problem noted
by Bryan Costales.
Do not silently overwrite command line settings for
DirectSubmissionModifiers. Problem noted by Bryan
Costales.
Prevent a segmentation fault when clearing the event list by
turning off alarms before checking if event list is
empty. Problem noted by Allan E Johannesen of Worcester
Polytechnic Institute.
Close a potential race condition in transitioning a memory buffered
file onto disk. From Janani Devarajan of Sun Microsystems.
Portability:
Include paths.h on Linux systems running glibc 2.0 or later
to get the definition for _PATH_SENDMAIL, used by
rmail and vacation. Problem noted by Kevin
A. McGrail of Peregrine Hardware.
NOTE: Linux appears to have broken flock() again. Unless
the bug is fixed before sendmail 8.13 is shipped,
8.13 will change the default locking method to
fcntl() for Linux kernel 2.4 and later. You may
want to do this in 8.12 by compiling with
-DHASFLOCK=0. Be sure to update other sendmail
related programs to match locking techniques.
8.12.4/8.12.4 2002/06/03
SECURITY: Inherent limitations in the UNIX file locking model
can leave systems open to a local denial of service
attack. Be sure to read the "FILE AND MAP PERMISSIONS"
section of the top level README for more information.
Problem noted by lumpy.
Use TempFileMode (defaults to 0600) for the permissions of PidFile
instead of 0644.
Change the default file permissions for new alias database files
from 0644 to 0640. This can be overridden at compile time
by setting the DBMMODE macro.
Fix a potential core dump problem if the environment variable
NAME is set. Problem noted by Beth A. Chaney of
Purdue University.
Expand macros before passing them to libmilter. Problem noted
by Jose Marcio Martins da Cruz of Ecole Nationale
Superieure des Mines de Paris.
Rewind the df (message body) before truncating it when libmilter
replaces the body of a message. Problem noted by Gisle Aas
of Active State.
Change SMTP reply code for AUTH failure from 500 to 535 and the
initial zero-length response to "=" per RFC 2554. Patches
from Kenneth Murchison of Oceana Matrix Ltd.
Do not try to fix broken message/rfc822 MIME attachments by
inserting a MIME-Version: header when MaxMimeHeaderLength
is set and no 8 to 7 bit conversion is needed. Based on
patch from Rehor Petr of ICZ (Czech Republic).
Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection
is rejected anyway. Noted by Chris Loelke.
Mention the submission mail queue in the mailq man page. Requested
by Bill Fenner of AT&T.
Set ${msg_size} macro when reading a message from the command line
or the queue.
Detach from shared memory before dropping privileges back to
user who started sendmail.
If AllowBogusHELO is set to false (default) then also complain if
the argument to HELO/EHLO contains white space. Suggested
by Seva Gluschenko of Cronyx Plus.
Allow symbolicly linked forward files in writable directory paths
if both ForwardFileInUnsafeDirPath and
LinkedForwardFileInWritableDir DontBlameSendmail options
are set. Problem noted by Werner Spirk of
Leibniz-Rechenzentrum Munich.
Portability:
Operating systems that lack the ftruncate() call will not
be able to use Milter's body replacement feature.
This only affects Altos, Maxion, and MPE/iX.
Digital UNIX 5.0 has changed flock() semantics to be
non-compliant. Problem noted by Martin Mokrejs of
Charles University in Prague.
The sparc64 port of FreeBSD 5.0 now supports shared
memory.
CONFIG: FEATURE(`preserve_luser_host') needs the macro map.
Problem noted by Andrzej Filip.
CONFIG: Using 'local:' as a mailertable value with
FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail
to be misaddressed. Problem noted by Andrzej Filip.
CONFIG: Provide a workaround for DNS based rejection lists that
fail for AAAA queries. Problem noted by Chris Boyd.
CONFIG: Accept the machine's hostname as resolvable when checking
the sender address. This allows locally submitted mail to
be accepted if the machine isn't connected to a nameserver
and doesn't have an /etc/hosts entry for itself. Problem
noted by Robert Watson of the TrustedBSD Project.
CONFIG: Use deferred expansion for checking the ${deliveryMode}
macro in case the SMTP VERB command is used. Problem
noted by Bryan Costales.
CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no
matches are found. Fix from Andrzej Filip.
CONFIG: Fix wording in default dnsbl rejection message. Suggested
by Lou Katz of Metron Computerware, Ltd.
CONFIG: Add mailer cyrusv2 for Cyrus V2. Contributed by
Kenneth Murchison of Oceana Matrix Ltd.
CONTRIB: Fix wording in default dnsblaccess rejection message to
match dnsbl change.
DEVTOOLS: Add new option for access mode of statistics file,
confSTMODE, which specifies the permissions when initially
installing the sendmail statistics file.
LIBMILTER: Mark the listening socket as close-on-exec in case
a user's filter starts other applications.
LIBSM: Allow the MBDB initialize, lookup, and/or terminate
functions in SmMbdbTypes to be set to NULL.
MAKEMAP: Change the default file permissions for new databases from
0644 to 0640. This can be overridden at compile time
by setting the DBMMODE macro.
SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR.
Problem noted by Dave Alden of Ohio State University.
VACATION: When listing the vacation database (-l), don't show
bogus timestamps for excluded (-x) addresses. Problem
noted by Bryan Costales.
New Files:
cf/mailer/cyrusv2.m4
8.12.3/8.12.3 2002/04/05
NOTICE: In general queue files should not be moved if queue groups
are used. In previous versions this could cause mail
not to be delivered if a queue file is repeatedly moved
by an external process whenever sendmail moved it back
into the right place. Some precautions have been taken
to avoid moving queue files if not really necessary.
sendmail may use links to refer to queue files and it
may store the path of data files in queue files. Hence
queue files should not be moved unless those internals
are understood and the integrity of the files is not
compromised. Problem noted by Anne Bennett of Concordia
University.
If an error mail is created, and the mail is split across different
queue directories, and SuperSafe is off, then write the mail
to disk before splitting it, otherwise an assertion is
triggered. Problem tracked down by Henning Schmiedehausen
of INTERMETA.
Fix possible race condition that could cause sendmail to forget
running queues. Problem noted by Jeff Wasilko of smoe.org.
Handle bogus qf files better without triggering assertions.
Problem noted by Guy Feltin.
Protect against interrupted select() call when enforcing Milter
read and write timeouts. Patch from Gurusamy Sarathy of
ActiveState.
Matching queue IDs with -qI should be case sensitive. Problem
noted by Anne Bennett of Concordia University.
If privileges have been dropped, don't try to change group ID to
the RunAsUser group. Problem noted by Neil Rickert of
Northern Illinois University.
Fix SafeFileEnvironment path munging when the specified path
contains a trailing slash. Based on patch from Dirk Meyer
of Dinoex.
Do not limit sendmail command line length to SM_ARG_MAX (usually
4096). Problem noted by Allan E Johannesen of Worcester
Polytechnic Institute.
Clear full name of sender for each new envelope to avoid bogus data
if several mails are sent in one session and some of them
do not have a From: header. Problem noted by Bas Haakman.
Change timeout check such that cached information about a connection
will be immediately invalid if ConnectionCacheTimeout is zero.
Based on patch from David Burns of Portland State University.
Properly count message size for mailstats during mail collection.
Problem noted by Werner Wiethege.
Log complete response from LMTP delivery agent on failure. Based on
patch from Motonori Nakamura of Kyoto University.
Provide workaround for getopt() implementations that do not catch
missing arguments.
Fix the message size calculation if the message body is replaced by
a milter filter and buffered file I/O is being used.
Problem noted by Sergey Akhapkin of Dr.Web.
Do not honor SIGUSR1 requests if running with extra privileges.
Problem noted by Werner Wiethege.
Prevent a file descriptor leak on mail delivery if the initial
connect fails and DialDelay is set. Patch from Servaas
Vandenberghe of Katholieke Universiteit Leuven.
Properly deal with a case where sendmail is called by root running
a set-user-ID (non-root) program. Problem noted by Jon
Lusky of ISS Atlanta.
Avoid leaving behind stray transcript (xf) files if multiple queue
directories are used and mail is sent to a mailing list
which has an owner- alias. Problem noted by Anne Bennett
of Concordia University.
Fix class map parsing code if optional key is specified. Problem
found by Mario Nigrovic.
The SMTP daemon no longer tries to fix up improperly dot-stuffed
incoming messages. A leading dot is always stripped by the
SMTP receiver regardless of whether or not it is followed by
another dot. Problem noted by Jordan Ritter of darkridge.com.
Fix corruption when doing automatic MIME 7-bit quoted-printable or
base64 encoding to 8-bit text. Problem noted by Mark
Elvers.
Correct the statistics gathered for total number of connections.
Instead of being the exact same number as the total number
of messages (T line in mailstats) it now represents the
total number of TCP connections.
Be more explicit about syntax errors in addresses, especially
non-ASCII characters, and properly create DSNs if necessary.
Problem noted by Leena Heino of the University of Tampere.
Prevent small timeouts from being lost on slow machines if itimers
are used. Problem noted by Suresh Ramasubramanian.
Prevent a race condition on child cleanup for delivery to files.
Problem noted by Fletcher Mattox of the University of
Texas.
Change the SMTP error code for temporary map failures from 421
to 451.
Do not assume that realloc(NULL, size) works on all OS (this was
only done in one place: queue group creation). Based on
patch by Bryan Costales.
Initialize Timeout.iconnect in the code to prevent randomly short
timeouts. Problem noted by Bradley Watts of AT&T Canada.
Do not try to send a second SMTP QUIT command if the remote
responds to a MAIL command with a 421 reply or on I/O
errors. By doing so, the host was marked as having a
temporary problem and other mail destined for that host was
queued for the next queue run. Problem noted by Fletcher
Mattox of the University of Texas, Allan E Johannesen of
Worcester Polytechnic Institute, Larry Greenfield of CMU,
and Neil Rickert of Northern Illinois University.
Ignore error replies from the SMTP QUIT command (including servers
which drop the connection instead of responding to the
command).
Portability:
Check LDAP_API_VERSION to determine if ldap_memfree() is
available.
Define HPUX10 when building on HP-UX 10.X. That platform
now gets the proper _PATH_SENDMAIL and SMRSH_CMDDIR
settings. Patch from Elias Halldor Agustsson of
Skyrr.
Fix dependency building on Mac OS X and Darwin. Problem
noted by John Beck.
Preliminary support for the sparc64 port of FreeBSD 5.0.
Add /sbin/sh as an acceptable user shell on HP-UX. From
Rajesh Somasund of Hewlett-Packard.
CONFIG: Add FEATURE(`authinfo') to allow a separate database for
SMTP AUTH information. This feature was actually added in
8.12.0 but a release note was not included.
CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
parameter is set and the LDAP lookup returns a temporary
error.
CONFIG: Honor FEATURE(`relay_hosts_only') when using
FEATURE(`relay_mail_from', `domain'). Problem noted by
Krzysztof Oledzki.
CONFIG: FEATURE(`msp') now disables any type of alias
initialization as aliases are not needed for the MSP.
CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp')
is in use. Patch from Andrzej Filip.
CONFIG: FEATURE(`msp') uses `[localhost]' as default instead of
`localhost' and turns on MX lookups for the SMTP mailers.
This will only have an effect if a parameter is specified,
i.e., an MX lookup will be performed on the hostname unless
it is embedded in square brackets. Problem noted by
Theo Van Dinter of Collective Technologies.
CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in
submit.cf) to use $TZ for time stamps. This is a compromise
to allow for the proper time zone on systems where the
default results in misleading time stamps. That is, syslog
time stamps and Date headers on submitted mail will use the
user's $TZ setting. Problem noted by Mark Roth of the
University of Illinois at Urbana-Champaign, solution proposed
by Neil Rickert of Northern Illinois University.
CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID
binary. Adjust local mailer flags accordingly. Problem
noted by John Beck.
CONTRIB: Add a warning to qtool.pl to not move queue files around
if queue groups are used.
CONTRIB: buildvirtuser: Add -f option to force rebuild.
CONTRIB: smcontrol.pl: Add -f option to specify control socket.
CONTRIB: smcontrol.pl: Add support for 'memdump' command.
Suggested by Bryan Costales.
DEVTOOLS: Add dependency generation for test programs.
LIBMILTER: Remove conversion of port number for the socket
structure that is passed to xxfi_connect(). Notice:
this fix requires that sendmail and libmilter both have
this change; mixing versions may lead to wrong port
values depending on the endianness of the involved systems.
Problem noted by Gisle Aas of ActiveState.
LIBMILTER: If smfi_setreply() sets a custom reply code of '4XX' but
SMFI_REJECT is returned, ignore the custom reply. Do the
same if '5XX' is used and SMFI_TEMPFAIL is returned.
LIBMILTER: Install include files in ${INCLUDEDIR}/libmilter/ as
required by mfapi.h. Problem noted by Jose Marcio Martins
da Cruz of Ecole Nationale Superieure des Mines de Paris.
LIBSM: Add SM_CONF_LDAP_MEMFREE as a configuration define. Set
this to 1 if your LDAP client libraries include
ldap_memfree().
LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
and NDBM on systems with the O_EXLOCK open(2) flag.
SMRSH: Fix compilation problem on some operating systems. Problem
noted by Christian Krackowizer of schuler technodat GmbH.
VACATION: Allow root to operate on user vacation databases. Based
on patch from Greg Couch of the University of California,
San Francisco.
VACATION: Don't ignore -C option. Based on patch by Bryan Costales.
VACATION: Clarify option usage in the man page. Problem noted by
Joe Barbish.
New Files:
libmilter/docs/smfi_setbacklog.html
8.12.2/8.12.2 2002/01/13
Don't complain too much if stdin, stdout, or stderr are missing
at startup, only log an error message.
Fix potential problem if an unknown operation mode (character
following -b) has been specified.
Prevent purgestat from looping even if someone changes the
permissions or owner of hoststatus files. Problem noted
by Kari Hurtta of the Finnish Meteorological Institute.
Properly record dropped connections in persistent host status.
Problem noted by Ulrich Windl of the Universitat
Regensburg.
Remove newlines from recipients read via sendmail -t to prevent
SMTP protocol errors when sending the RCPT command.
Problem noted by William D. Colburn of the New Mexico
Institute of Mining and Technology.
Only log milter body replacements once instead of for each body
chunk sent by a filter. Problem noted by Kari Hurtta of
the Finnish Meteorological Institute.
In 8.12.0 and 8.12.1, the headers were mistakenly not included in
the message size calculation. Problem noted by Kari Hurtta
of the Finnish Meteorological Institute.
Since 8.12 no longer forks at the SMTP MAIL command, the daemon
needs to collect children status to avoid zombie processes.
Problem noted by Chris Adams of HiWAAY Informations Services.
Shut down "nullserver" and ETRN-only connections after 25 bad
commands are issued. This makes it consistent with normal
SMTP connections.
Avoid duplicate logging of milter rejections. Problem noted by
William D. Colburn of the New Mexico Institute of Mining
and Technology.
Error and delay DSNs were being sent to postmaster instead of the
message sender if the sender had used a deprecated RFC822
source route. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
Fix FallbackMXhost behavior for temporary errors during address
parsing. Problem noted by Jorg Bielak from Coastal Web
Online.
For systems on which stat(2) does not return a value for st_blksize
that is the "optimal blocksize for I/O" three new compile
time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF,
and SM_IO_MAX_BUF, which define an upper limit for
regular files, and a lower and upper limit for other file
types, respectively.
Fix a potential deadlock if two events are supposed to occur at
exactly the same time. Problem noted by Valdis Kletnieks
of Virginia Tech.
Perform envelope splitting for aliases listed directly in the
alias file, not just for include/.forward files.
Problem noted by John Beck of Sun Microsystems.
Allow selection of queue group for mailq using -qGgroup.
Based on patch by John Beck of Sun Microsystems.
Make sure cached LDAP connections used my multiple maps in the same
process are closed. Patch from Taso N. Devetzis.
If running as root, allow reading of class files in protected
directories. Patch from Alexander Talos of the University
of Vienna.
Correct a few LDAP related memory leaks. Patch from David Powell
of Sun Microsystems.
Allow specification of an empty realm via the authinfo ruleset.
This is necessary to interoperate as an SMTP AUTH client
with servers that do not support realms when using
CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin.
Avoid a potential information leak if AUTH PLAIN is used and the
server gets stuck while processing that command. Problem
noted by Chris Adams from HiWAAY Informations Services.
In addition to printing errors when parsing recipients during
command line invocations log them to make it simpler
to understand possible DSNs to postmaster.
Do not use FallbackMXhost on mailers which have the F=0 flag set.
Allow local mailers (F=l) to specify a host for TCP connections
instead of forcing localhost.
Obey ${DESTDIR} for installation of the client mail queue and
submit.cf. Patch from Peter 'Luna' Runestig.
Re-enable support for -M option which was broken in 8.12.1. Problem
noted by Neil Rickert of Northern Illinois University.
If a remote server violates the SMTP standard by unexpectedly
dropping the connection during an SMTP transaction, stop
sending commands. This prevents bogus "Bad file number"
recipient status. Problem noted by Allan E Johannesen of
Worcester Polytechnic Institute.
Do not use a size estimate of 100 for postmaster bounces, it's
almost always too small; do not guess the size at all.
New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of
Compaq Computer Corp.
Fix DaemonPortOptions IPv6 address parsing such that ::1 works
properly. Problem noted by Valdis Kletnieks of Virginia
Tech.
Portability:
Fix IPv6 network interface probing on HP-UX 11.X. Based on
patch provided by HP.
Mac OS X (aka Darwin) has a broken setreuid() call, but a
working seteuid() call. From Daniel J. Luke.
Use proper type for a 32-bit integer on SINIX. From Ganu
Sachin of Siemens.
Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX.
Reduce optimization from +O3 to +O2 on HP-UX 11. This
fixes a problem that caused additional bogus
characters to be written to the qf file. Problem
noted by Tapani Tarvainen.
Set LDA_USE_LOCKF by default for UnixWare. Problem noted
by Boyd Lynn Gerber.
Add support for HP MPE/iX. See sendmail/README for port
information. From Mark Bixby of Hewlett-Packard.
New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON,
USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README
for more information. From Mark Bixby of
Hewlett-Packard.
If an OS doesn't have a method of finding free disk space
(SFS_NONE), lie and say there is plenty of space.
From Mark Bixby of Hewlett-Packard.
Add support for AIX 5.1. From Valdis Kletnieks of
Virginia Tech.
Fix man page location for NeXTSTEP. From Hisanori Gogota
of the NTT/InterCommunication Center.
Do not assume that strerror() always returns a string.
Problem noted by John Beck of Sun Microsystems.
CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed
UUCP from the base operating system. From Mark Murray of
FreeBSD Services, Ltd.
CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX
systems. From Mark Bixby of Hewlett-Packard.
CONFIG: Add support for selecting a queue group for all mailers.
Based on proposal by Stephen L. Ulmer of the University of
Florida.
CONFIG: Fix error reporting for compat_check.m4. Problem noted by
Altin Waldmann.
CONFIG: Do not override user selections for confRUN_AS_USER and
confTRUSTED_USER in FEATURE(msp). From Mark Bixby of
Hewlett-Packard.
LIBMILTER: Fix bug that prevented the removal of a socket after
libmilter terminated. Problem reported by Andrey V. Pevnev
of MSFU.
LIBMILTER: Fix configuration error that required libsm for linking.
Problem noted by Kari Hurtta of the Finnish Meteorological
Institute.
LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman.
LIBMILTER: Fix a theoretical memory leak and a possible attempt
to free memory twice.
LIBSM: Fix a potential segmentation violation in the I/O library.
Problem found and analyzed by John Beck and Tim Haley
of Sun Microsystems.
LIBSM: Do not clear the LDAP configuration information when
terminating the mailbox database connection in the LDAP
example code. Problem noted by Nikos Voutsinas of the
University of Athens.
New Files:
cf/cf/generic-mpeix.cf
cf/cf/generic-mpeix.mc
cf/ostype/freebsd5.m4
cf/ostype/mpeix.m4
devtools/OS/AIX.5.1
devtools/OS/MPE-iX
include/sm/os/sm_os_mpeix.h
libsm/mpeix.c
8.12.1/8.12.1 2001/10/01
SECURITY: Check whether dropping group privileges actually succeeded
to avoid possible compromises of the mail system by
supplying bogus data. Add configuration options for
different set*gid() calls to reset saved gid. Problem
found by Michal Zalewski.
PRIVACY: Prevent information leakage when sendmail has extra
privileges by disabling debugging (command line -d flag)
during queue runs and disabling ETRN when sendmail -bs is
used. Suggested by Michal Zalewski.
Avoid memory corruption problems resulting from bogus .cf files.
Problem found by Michal Zalewski.
Set the ${server_addr} macro to name of mailer when doing LMTP
delivery. LMTP systems may offer SMTP Authentication or
STARTTLS causing sendmail to use this macro in rulesets.
If debugging is turned on (-d0.10) print not just the default
values for configuration file and pid file but also the
selected values. Problem noted by Brad Chapman.
Continue dealing with broken nameservers by ignoring SERVFAIL
errors returned on T_AAAA (IPv6) lookups at delivery time
if ResolverOptions=WorkAroundBrokenAAAA is set. Previously
this only applied to hostname canonification. Problem
noted by Bill Fenner of AT&T Research.
Ignore comments in NIS host records when trying to find the
canonical name for a host.
When sendmail has extra privileges, limit mail submission command
line flags (i.e., -G, -h, -F, etc.) to mail submission
operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on
suggestion from Michal Zalewski.
Portability:
AIX: Use `oslevel` if available to determine OS version.
`uname` does not given complete information.
Problem noted by Keith Neufeld of the Cessna
Aircraft Company.
OpenUNIX: Use lockf() for LDA delivery (affects mail.local).
Problem noticed by Boyd Lynn Gerber of ZENEX.
Avoid compiler warnings by not using pointers to pass
integers. Problem noted by Todd C. Miller of
Courtesan Consulting.
CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize
problems with potential misconfigurations.
CONFIG: Fix comment showing default value of MaxHopCount. Problem
noted by Greg Robinson of the Defence Science and
Technology Organisation of Australia.
CONFIG: dnsbl: If an argument specifies an error message in case
- of temporary lookup failures for DNS based blacklists
+ of temporary lookup failures for DNS based blocklists
then use it.
LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by
Richard A. Nelson of Debian.
LIBMILTER: Add __P definition for OS that lack it. Problem noted
by Chris Adams from HiWAAY Informations Services.
LIBSMDB: Fix a lock race condition that affects makemap, praliases,
and vacation.
MAKEMAP: Avoid going beyond the end of an input line if it does
not contain a value for a key. Based on patch from
Mark Bixby from Hewlett-Packard.
New Files:
test/Build
test/Makefile
test/Makefile.m4
test/README
test/t_dropgid.c
test/t_setgid.c
Deleted Files:
include/sm/stdio.h
include/sm/sysstat.h
8.12.0/8.12.0 2001/09/08
*NOTICE*: The default installation of sendmail does not use
set-user-ID root anymore. You need to create a new user and
a new group before installing sendmail (both called smmsp by
default). The installation process tries to install
/etc/mail/submit.cf and creates /var/spool/clientmqueue by
default. Please see sendmail/SECURITY for details.
SECURITY: Check for group and world writable forward and :include:
files. These checks can be turned off if absolutely
necessary using the DontBlameSendmail option and the new
flags:
GroupWritableForwardFile
WorldWritableForwardFile
GroupWritableIncludeFile
WorldWritableIncludeFile
Problem noted by Slawek Zak of Politechnika Warszawska,
SECURITY: Drop privileges when using address test mode. Suggested
by Michal Zalewski of the "Internet for Schools" project
(IdS).
Fixed problem of a global variable being used for a timeout jump
point where the variable could become overused for more than
one timeout concurrently. This erroneous behavior resulted in
a corrupted stack causing a core dump. The timeout is now
handled via libsm. Problem noted by Michael Shapiro,
John Beck, and Carl Smith of Sun Microsystems.
If sendmail is set-group-ID then that group ID is used for permission
checks (group ID of RunAsUser). This allows use of a
set-group-ID sendmail binary for initial message submission
and no set-user-ID root sendmail is needed. For details
see sendmail/SECURITY.
Log a warning if a non-trusted user changes the syslog label.
Based on notice from Bryan Costales of SL3D, Inc.
If sendmail is called for initial delivery, try to use submit.cf
with a fallback of sendmail.cf as configuration file. See
sendmail/SECURITY.
New configuration file option UseMSP to allow group writable queue
files if the group is the same as that of a set-group-ID
sendmail binary. See sendmail/SECURITY.
The .cf file is chosen based on the operation mode. For -bm (default),
-bs, and -t it is submit.cf if it exists for all others it
is sendmail.cf (to be backward compatible). This selection
can be changed by the new option -Ac or -Am (alternative .cf
file: client or mta). See sendmail/SECURITY.
The SMTP server no longer forks on each MAIL command. The ONEX
command has been removed.
Implement SMTP PIPELINING per RFC 2920. It can be turned off
at compile time or per host (ruleset).
New option MailboxDatabase specifies the type of mailbox database
used to look up local mail recipients; the default value
is "pw", which means to use getpwnam(). New mailbox database
types can be added by adding custom code to libsm/mbdb.c.
Queue file names are now 15 characters long, rather than 14 characters
- long, to accomodate envelope splitting. File systems with
+ long, to accommodate envelope splitting. File systems with
a 14 character file name length limit are no longer
supported.
Recipient list used for delivery now gets internally ordered by
hostsignature (character string version of MX RR). This orders
recipients for the same MX RR's together meaning smaller
portions of the list need to be scanned (instead of the whole
list) each delivery() pass to determine piggybacking. The
significance of the change is better the larger the recipient
list. Hostsignature is now created during recipient list
creation rather than just before delivery.
Enhancements for more opportunistic piggybacking. Previous
piggybacking (called coincidental) extended to coattail
piggybacking. Rather than complete MX RR matching
(coincidental) piggybacking is done if just the lowest value
preference matches (coattail).
If sendmail receives a temporary error on a RCPT TO: command, it will
try other MX hosts if available.
DefaultAuthInfo can contain a list of mechanisms to be used for
outgoing (client-side) SMTP Authentication.
New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable
AUTH (overrides 'a' modifier in DaemonPortOptions). Based
on patch from Lyndon Nerenberg of Messaging Direct.
Enable AUTH mechanism EXTERNAL if STARTTLS is used.
A new ruleset authinfo can be used to return client side
authentication information for AUTH instead of DefaultAuthInfo.
Therefore the DefaultAuthInfo option is deprecated and will be
removed in future versions.
Accept any SMTP continuation code 3xy for AUTH even though RFC 2554
requires 334. Mercury 1.48 is a known offender.
Add new option AuthMaxBits to limit the overall encryption strength
for the security layer in SMTP AUTH (SASL). See
doc/op/op.me for details.
Introduce new STARTTLS related macros {cn_issuer}, {cn_subject},
{cert_md5} which hold the CN (common name) of the CA that
signed the presented certificate, the CN and the MD5 hash
of the presented certificate, respectively.
New ruleset try_tls to decide whether to try (as client) STARTTLS.
New ruleset srv_features to enable/disable certain features in the
server per connection. See doc/op/op.me for details.
New ruleset tls_rcpt to decide whether to send e-mail to a particular
- recipient; useful to decide whether a conection is secure
+ recipient; useful to decide whether a connection is secure
enough on a per recipient basis.
New option TLSSrvOptions to modify some aspects of the server
for STARTTLS.
If no certificate has been requested, the macro {verify} has the
value "NOT".
New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off
using/offering STARTTLS when delivering/receiving e-mail.
Macro expand filenames/directories for certs and keys in the .cf file.
Proposed by Neil Rickert of Northern Illinois University.
Generate an ephemeral RSA key for a STARTTLS connection only if
- really required. This change results in a noticable
+ really required. This change results in a noticeable
performance gains on most machines. Moreover, if shared
memory is in use, reuse the key several times.
Add queue groups which can be used to group queue directories with
the same behavior together. See doc/op/op.me for details.
If the new option FastSplit (defaults to one) has a value greater
than zero, it suppresses the MX lookups on addresses when they
are initially sorted which may result in faster envelope
splitting. If the mail is submitted directly from the
command line, then the value also limits the number of
processes to deliver the envelopes; if more envelopes are
created they are only queued up and must be taken care of
by a queue run.
The check for 'enough disk space' now pays attention to which file
system each queue directory resides in.
All queue runners can be cleanly terminated via SIGTERM to parent.
New option QueueFileMode for the default permissions of queue files.
Add parallel queue runner code. Allows multiple queue runners per work
group (one or more queues in a multi-queue environment
collected together) to process the same work list at the
same time.
Option MaxQueueChildren added to limit the number of concurrently
active queue runner processes.
New option MaxRunnersPerQueue to specify the maximum number of queue
runners per queue group.
Queue member selection by substring pattern matching now allows
the pattern to be negated. For -qI, -qR and -qS it is
permissible for -q!I, -q!R and -q!S to mean remove members
of the queue that match during processing.
New -qp[time] option is similar to -qtime, except that instead of
periodically forking a child to process the queue, a single
child is forked for each queue that sleeps between queue
runs. A SIGHUP signal can be sent to restart this
persistent queue runner.
The SIGHUP signal now restarts a timed queue run process (i.e., a
sendmail process which only runs the queue at an interval:
sendmail -q15m).
New option NiceQueueRun to set the priority of queue runners.
Proposed by Thom O'Connor.
sendmail will run the queue(s) in the background when invoked with -q
unless the new -qf option or -v is used.
QueueSortOrder=Random sorts the queue randomly, which is useful if
several queue runners are started by hand to avoid contention.
QueueSortOrder=Modification sorts the queue by the modification time
of the qf file (older entries first).
Support Deliver By SMTP Service Extension (RFC 2852) which allows
a client to specify an amount of time within which an e-mail
should be delivered. New option DeliverByMin added to set the
minimum amount of time or disable the extension.
Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are
not allowed unless escaped or quoted.
Add support for a generic DNS map. Based on a patch contributed
by Leif Johansson of Stockholm University, which was based on
work by Assar Westerlund of Swedish Institute of Computer
Science, Kista, and Johan Danielsson of Royal Institute of
Technology, Stockholm, Sweden.
MX records will be looked up for FallBackMXhost. To use the old
behavior (no MX lookups), put the name in square brackets.
Proposed by Thom O'Connor.
Use shared memory to store free space of filesystems that are used
for queues, if shared memory is available and if a key is set
via SharedMemoryKey. This minimizes the number of system
calls to check the available space. See doc/op/op.me for
details.
If shared memory is compiled in the option -bP can be used to print
the number of entries in the queue(s).
Enable generic mail filter API (milter). See libmilter/README
and the usual documentation for details.
Remove AutoRebuildAliases option, deprecated since 8.10.
Remove '-U' (initial user submission) command line option as
announced in 8.10.
Remove support for non-standard SMTP command XUSR. Use an MSA instead.
New macro {addr_type} which contains whether the current address is
an envelope sender or recipient address. Suggested by
Neil Rickert of Northern Illinois University.
Two new options for host maps: -d (retransmission timeout),
-r (number of retries).
New option for LDAP maps: the -V<sep> allows you to specify a
separator such that a lookup can return both an attribute
and value separated by the given separator.
Add new operators '%', '|', '&' (modulo, binary or, binary and)
to map class arith.
If DoubleBounceAddress expands to an empty string, ``double bounces''
(errors that occur when sending an error message) are dropped.
New DontBlameSendmail options GroupReadableSASLDBFile and
GroupWritableSASLDBFile to relax requirements for sasldb files.
New DontBlameSendmail options GroupReadableKeyFile to relax
requirements for files containing secret keys. This is
necessary for the MSP if client authentification is used.
Properly handle quoted filenames for class files (to allow for
filenames with spaces).
Honor the resolver option RES_NOALIASES when canonifying hostnames.
Add macros to avoid the reuse of {if_addr} etc:
{if_name_out} hostname of interface of outgoing connection.
{if_addr_out} address of interface of outgoing connection.
{if_family_out} family of interface of outgoing connection.
The latter two are only set if the interface does not belong
to the loopback net.
Add macro {nrcpts} which holds the number of (validated) recipients.
DialDelay option applies only to mailers with flag 'Z'. Patch from
Juergen Georgi of RUS University of Stuttgart.
New Timeout.lhlo,auth,starttls options to limit the time waiting for
an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command.
New Timeout.aconnect option to limit the overall waiting time for
all connections for a single delivery attempt to succeed.
Limit the rate recipients in the SMTP envelope are accepted once
a threshold number of recipients has been rejected (option
BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD
Development Group.
New option DelayLA to delay connections if the load averages
exceeds the specified value. The default of 0 does not
change the previous behavior. A value greater than 0
will cause sendmail to sleep for one second on most
SMTP commands and before accepting connections if that
load average is exceeded.
Use a dynamic (instead of fixed-size) buffer for the list of
recipients that are sent during a connection to a mailer.
This also introduces a new mailer field 'r' which defines
the maximum number of recipients (defaults to 100).
Based on patch by Motonori Nakamura of Kyoto University.
Add new F=1 mailer flag to disable sending of null characters ('\0').
Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead.
The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC]
instead.
IPC is no longer available as first mailer argument (A=) for [IPC]
builtin mailer pathnames. Use TCP instead.
PH map code updated to use the new libphclient API instead of the
old libqiapi library. Contributed by Mark Roth of the
University of Illinois at Urbana-Champaign.
New option DirectSubmissionModifiers to define {daemon_flags}
for direct (command line) submissions.
New M=O modifier for DaemonPortOptions to ignore the socket in
case of failures. Based on patch by Jun-ichiro itojun
Hagino of the KAME Project.
Add Disposition-Notification-To: (RFC 2298) to the list of headers
whose content is rewritten similar to Reply-To:.
Proposed by Andrzej Filip.
Use STARTTLS/AUTH=server/client for logging incoming/outgoing
STARTTLS/AUTH connections; log incoming connections at level
9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP
AUTH/STARTTLS related logfile entries.
Convert unprintable characters (and backslash) into octal or C format
before logging.
Log recipients if no message is transferred but QUIT/RSET is given
(at LogLevel 9/10 or higher).
Log discarded recipients at LogLevel 10 or higher.
Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections
in which most commands are rejected due to check_relay or
TCP Wrappers if the host tries one of those commands anyway.
Change logging format for cloned envelopes to be similar to that for
DSNs ("old id: new id: clone"). Suggested by Ulrich Windl
of the Universitat Regensburg.
Added libsm, a C library of general purpose abstractions including
assertions, tracing and debugging with named debug categories,
exception handling, malloc debugging, resource pools,
portability abstractions, and an extensible buffered I/O
package. It will at some point replace libsmutil.
See libsm/index.html for details.
Fixed most memory leaks in sendmail which were previously taken
care of by fork() and exit().
Use new sm_io*() functions in place of stdio calls. Allows for
more consistent portablity amongst different platforms
new and old (from new libsm).
Common I/O pkg means just one buffering method needed instead of two
('bf_portable' and 'bf_torek' now just 'bf').
Sfio no longer needed as SASL/TLS code uses sm_io*() API's.
New possible value 'interactive' for SuperSafe which can be used
together with DeliveryMode=interactive is to avoid some disk
synchronizations calls.
Add per-recipient status information to mailq -v output.
T_ANY queries are no longer used by sendmail.
When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
too (see include/sm/cdefs.h for more info).
sendmail -d now has general support for named debug categories.
See libsm/debug.html and section 3.4 of doc/op/op.me
for details.
Eliminate the "postmaster warning" DSNs on address parsing errors
such as unbalanced angle brackets or parentheses. The DSNs
generated by this condition were illegal (not RFC conform).
Problem noted by Ulrich Windl of the Universitaet Regensburg.
Do not issue a DSN if the ruleset localaddr resolves to the $#error
mailer and the recipient has hence been rejected during the
SMTP dialogue. Problem reported by Larry Greenfield of CMU.
Deal with a case of multiple deliveries on misconfigured systems
that do not have postmaster defined. If an email was sent
from an address to which a DSN cannot be returned and
in which at least one recipient address is non-deliverable,
then that email had been delivered in each queue run.
Problem reported by Matteo HCE Valsasna of Universita
degli Studi dell'Insubria.
The compilation options SMTP, DAEMON, and QUEUE have been removed,
i.e., the corresponding code is always compiled in now.
Log the command line in daemon/queue-run mode at LogLevel 10 and
higher. Suggested by Robert Harker of Harker Systems.
New ResolverOptions setting: WorkAroundBrokenAAAA. When
attempting to canonify a hostname, some broken nameservers
will return SERVFAIL (a temporary failure) on T_AAAA (IPv6)
lookups. If you want to excuse this behavior, use this new
flag. Suggested by Chris Foote of SE Network Access and
Mark Roth of the University of Illinois at
Urbana-Champaign.
Free the memory allocated by getipnodeby{addr,name}(). Problem
noted by Joy Latten of IBM.
ConnectionRateThrottle limits the number of connections per second
to each daemon individually, not the overall number of
connections.
Specifying only "ldap:" as an AliasFile specification will force
sendmail to use a default alias schema as outlined in the
``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of
cf/README.
Add a new syntax for the 'F' (file class) sendmail.cf command. If
the first character after the class name is not a '/' or a
'|' and it contains an '@' (e.g., F{X}key@class:spec), the
rest of the line will be parsed as a map lookup. This
allows classes to be filled via a map lookup. See op.me
for more syntax information. Specifically, this can be
used for commands such as VIRTUSER_DOMAIN_FILE() to read
the list of domains via LDAP (see the ``USING LDAP FOR
ALIASES, MAPS, and CLASSES'' section of cf/README for an
example).
The new macro ${sendmailMTACluster} determines the LDAP cluster for
the default schema used in the above two items.
Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a
warning if a program being run from a mailer or file class
(e.g., F|/path/to/prog) is in an unsafe directory path.
Unless DontBlameSendmail=RunWritableProgram is set, log a warning
if a program being run from a mailer or file class
(e.g., F|/path/to/prog) is group or world writable.
Loopback interfaces (e.g., "lo0") are now probed for class {w}
hostnames. Setting DontProbeInterfaces to "loopback"
(without quotes) will disable this and return to the
pre-8.12 behavior of only probing non-loopback interfaces.
Suggested by Bryan Stansell of GNAC.
In accordance with RFC 2821 section 4.1.4, accept multiple
HELO/EHLO commands.
Multiple ClientPortOptions settings are now allowed, one for each
possible protocol family which may be used for outgoing
connections. Restrictions placed on one family only affect
outgoing connections on that particular family. Because of
this change, the ${client_flags} macro is not set until the
connection is established. Based on patch from Motonori
Nakamura of Kyoto University.
PrivacyOptions=restrictexpand instructs sendmail to drop privileges
when the -bv option is given by users who are neither root
nor the TrustedUser so users can not read private aliases,
forwards, or :include: files. It also will override the -v
(verbose) command line option.
If the M=b modifier is set in DaemonPortOptions and the interface
address can't be used for the outgoing connection, fall
back to the settings in ClientPortOptions (if set).
Problem noted by John Beck of Sun Microsystems.
New named config file rule check_data for DATA command (input:
number of recipients). Based on patch from Mark Roth of
the University of Illinois at Urbana-Champaign.
Add support for ETRN queue selection per RFC 1985. The queue group
can be specified using the '#' option character. For
example, 'ETRN #queuegroup'.
If an LDAP server times out or becomes unavailable, close the
current connection and reopen to get to one of the fallback
servers. Patch from Paul Hilchey of the University of
British Columbia.
Make default error number on $#error messages 550 instead of 501
because 501 is not allowed on all commands.
The .cf file option UnsafeGroupWrites is deprecated, it should be
replaced with the settings GroupWritableForwardFileSafe
and GroupWritableIncludeFileSafe in DontBlameSendmail
if required.
The deprecated ldapx map class has been removed. Use the ldap map
class instead.
Any IPv6 addresses used in configuration should be prefixed by the
"IPv6:" tag to identify the address properly. For example,
if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to
class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4].
Change the $&{opMode} macro if the operation mode changes while the
MTA is running. For example, during a queue run.
Add "use_inet6" as a new ResolverOptions flag to control the
RES_USE_INET6 resolver option. Based on patch from Rick
Nelson of IBM.
The maximum number of commands before the MTA slows down when too
many "light weight" commands have been received are now
configurable during compile time. The current values and
their defaults are:
MAXBADCOMMANDS 25 unknown commands
MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
MAXHELOCOMMANDS 3 HELO, EHLO
MAXVRFYCOMMANDS 6 VRFY, EXPN
MAXETRNCOMMANDS 8 ETRN
Setting a value to 0 disables the check. Patch from Bryan
Costales of SL3D, Inc.
The header syntax H?${MyMacro}?X-My-Header: now not only checks if
${MyMacro} is defined but also that it is not empty.
Properly quote usernames with special characters if they are used
in headers. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
Be sure to include the proper Final-Recipient: DSN header in bounce
messages for messages for mailing list expanded addresses
which are not delivered on the initial attempt.
Do not treat errors as sticky when doing delivery via LMTP after
the final dot has been sent to avoid affecting future
deliveries. Problem reported by Larry Greenfield of CMU.
New compile time flag REQUIRES_DIR_FSYNC which turns on support for
file systems that require to call fsync() for a directory
if the meta-data in it has been changed. This should be
set at least for ReiserFS; it is enabled by default for Linux.
See sendmail/README for further information.
Avoid file locking deadlock when updating the statistics file if
sendmail is signaled to terminate. Problem noted by
Christophe Wolfhugel of France Telecom.
Set the $c macro (hop count) as it is being set instead of when the
envelope is initialized. Problem noted by Kari Hurtta of
the Finnish Meteorological Institute.
Properly count recipients for DeliveryMode defer and queue. Fix
from Peter A. Friend of EarthLink.
Treat invalid hesiod lookups as permanent errors instead of
temporary errors. Problem noted by Russell McOrmond of
flora.ca.
Portability:
Remove support for AIX 2, which supports only 14 character
filenames and is outdated anyway. Suggested by
Valdis Kletnieks of Virginia Tech.
Change several settings for Irix 6: remove confSBINDIR,
i.e., use default /usr/sbin, change owner/group
of man pages and user-executable to root/sys, set
optimization limit to 0 (unlimited). Based on patch
from Ayamura Kikuchi, M.D, and proposal from Kari
Hurtta of the Finnish Meteorological Institute.
Do not assume LDAP support is installed by default under
Solaris 8 and later.
Add support for OpenUNIX.
CONFIG: Increment version number of config file to 10.
CONFIG: Add an install target and a README file in cf/cf.
CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc.
CONFIG: Reject empty recipient addresses (in check_rcpt).
CONFIG: The access map uses an option of -T<TMPF> to deal with
temporary lookup failures.
CONFIG: New value for access map: SKIP, which causes the default
action to be taken by aborting the search for domain names
or IP nets.
CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or
relay address as long as the other part allows the email
to get through.
CONFIG: Entries for virtusertable can make use of a third parameter
"%3" which contains "+detail" of a wildcard match, i.e., an
entry like user+*@domain. This allows handling of details by
using %1%3 as the RHS. Additionally, a "+" wildcard has been
introduced to match only non-empty details of addresses.
CONFIG: Numbers for rulesets used by MAILERs have been removed
and hence there is no required order within the MAILER
section anymore except for MAILER(`uucp') which must come
after MAILER(`smtp') if uucp-dom and uucp-uudom are used.
CONFIG: Hosts listed in the generics domain class {G}
(GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated
as canonical. Suggested by Per Hedeland of Ericsson.
CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup
in the access map which returns OK or RELAY actually
terminates check_* ruleset checking.
CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset
tls_rcpt, see cf/README for details.
CONFIG: Change format of Received: header line which reveals whether
STARTTLS has been used to "(version=${tls_version}
cipher=${cipher} bits=${cipher_bits} verify=${verify})".
CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks')
options friends/haters instead of "To:" and enable
specification of whole domains instead of just users.
Notice: this change is not backward compatible.
Suggested by Chris Adams from HiWAAY Informations Services.
CONFIG: Allow for local extensions for most new rulesets, see
cf/README for details.
CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in
the access map. Proposed by Randall Winchester of the
University of Maryland.
CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for
the local mailer. Proposed by Ingo Brueckl of Wupper Online.
CONFIG: confRELAY_MSG/confREJECT_MSG can override the default
messages for an unauthorized relaying attempt/for access
map entries with RHS REJECT, respectively.
CONFIG: FEATURE(`always_add_domain') takes an optional argument
to specify another domain to be added instead of the local one.
Suggested by Richard H. Gumpertz of Computer Problem
Solving.
CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific
options, see doc/op/op.me for details.
CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for
the security layer in SMTP AUTH (SASL).
CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated
immediately.
CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which
allows checking of the return values of the DNS lookups.
See cf/README for details.
CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for
temporary lookup failures.
CONFIG: New option confDELIVER_BY_MIN to specify minimum time for
Deliver By (RFC 2852) or to turn off the extension.
CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared
memory use.
CONFIG: New FEATURE(`compat_check') to look up a key consisting
of the sender and the recipient address delimited by the
string "<@>", e.g., sender@sdomain<@>recipient@rdomain,
in the access map. Based on code contributed by Mathias
Koerber of Singapore Telecommunications Ltd.
CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user
file. Suggested by John Beck of Sun Microsystems.
CONFIG: Don't use MAILER-DAEMON for error messages delivered
via LMTP. Problem reported by Larry Greenfield of CMU.
CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of
the recipient host if LUSER_RELAY is used.
CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the
+detail portion of the address when passing address to
local delivery agent. Disables alias and .forward +detail
stripping. Only use if LDA supports this.
CONFIG: Removed deprecated FEATURE(`rbl').
CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE()
which allow you to specify 'equivalent' hosts for LDAP
Routing lookups. Equivalent hostnames are replaced by the
masquerade domain name for lookups. See cf/README for
additional details.
CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which
instructs the rulesets on what to do if the address being
looked up has +detail information. See cf/README for more
information.
CONFIG: When chosing a new destination via LDAP Routing, also look
up the new routing address/host in the mailertable. Based
on patch from Don Badrak of the United States Census Bureau.
CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing
is in use and the bounce option is enabled. Only reject
recipients as user unknown.
CONFIG: Provide LDAP support for the remaining database map
features. See the ``USING LDAP FOR ALIASES AND MAPS''
section of cf/README for more information.
CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster}
macro used for LDAP searches as described above in ``USING
LDAP FOR ALIASES, MAPS, AND CLASSES''.
CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(),
which takes the options as argument and can be used
multiple times; see cf/README for details.
CONFIG: Add configuration macros for new options:
confBAD_RCPT_THROTTLE BadRcptThrottle
confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
confMAILBOX_DATABASE MailboxDatabase
confMAX_QUEUE_CHILDREN MaxQueueChildren
confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
confNICE_QUEUE_RUN NiceQueueRun
confQUEUE_FILE_MODE QueueFileMode
confFAST_SPLIT FastSplit
confTLS_SRV_OPTIONS TLSSrvOptions
See above (and related documentation) for further information.
CONFIG: Add configuration variables for new timeout options:
confTO_ACONNECT Timeout.aconnect
confTO_AUTH Timeout.auth
confTO_LHLO Timeout.lhlo
confTO_STARTTLS Timeout.starttls
CONFIG: Add configuration macros for mail filter API:
confINPUT_MAIL_FILTERS InputMailFilters
confMILTER_LOG_LEVEL Milter.LogLevel
confMILTER_MACROS_CONNECT Milter.macros.connect
confMILTER_MACROS_HELO Milter.macros.helo
confMILTER_MACROS_ENVFROM Milter.macros.envfrom
confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
Mail filters can be defined via INPUT_MAIL_FILTER() and
MAIL_FILTER(). See libmilter/README, cf/README, and
doc/op/op.me for details.
CONFIG: Add support for accepting temporarily unresolvable domains.
See cf/README for details. Based on patch by Motonori
Nakamura of Kyoto University.
CONFIG: confDEQUOTE_OPTS can be used to specify options for the
dequote map.
CONFIG: New macro QUEUE_GROUP() to define queue groups.
CONFIG: New FEATURE(`queuegroup') to select a queue group based
on the full e-mail address or the domain of the recipient.
CONFIG: Any IPv6 addresses used in configuration should be prefixed
by the "IPv6:" tag to identify the address properly. For
example, if you want to use the IPv6 address
2002:c0a8:51d2::23f4 in the access database, you would need
to use IPv6:2002:c0a8:51d2::23f4 on the left hand side.
This affects the access database as well as the
relay-domains and local-host-names files.
CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux).
CONFIG: Avoid expansion of m4 keywords in SMART_HOST.
CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading
exceptions from a file. Suggested by Trey Breckenridge of
Mississippi State University.
CONFIG: Add LOCAL_USER_FILE() for reading local users
(LOCAL_USER() -- $={L}) entries from a file.
CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4
which allows to lookup error codes in the access map.
Contributed by Neil Rickert of Northern Illinois University.
DEVTOOLS: Add new options for installation of include and library
files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP,
confLIBMODE, confLIBOWN.
DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off
installation of the the formatted man pages on operating
systems which don't include cat directories.
EDITMAP: New program for editing maps as supplement to makemap.
MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up
local mail recipients. New option -D mbdb specifies the
mailbox database type.
MAIL.LOCAL: New option "-h filename" which instructs mail.local to
deliver the mail to the named file in the user's home
directory instead of the system mail spool area. Based on
patch from Doug Hardie of the Los Angeles Free-Net.
MAILSTATS: New command line option -P which acts the same as -p but
doesn't truncate the statistics file.
MAKEMAP: Add new option -t to specify a different delimiter
instead of white space.
RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
submission. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later.
VACATION: Change Auto-Submitted: header value from auto-generated to
auto-replied. From Kenneth Murchison of Oceana Matrix Ltd.
VACATION: New option -d to send error/debug messages to stdout
instead of syslog.
VACATION: New option -U which prevents the attempt to lookup login
in the password file. The -f and -m options must be used
to specify the database and message file since there is no
home directory for the default settings for these options.
VACATION: Vacation now uses the libsm mbdb package to look up
local mail recipients; it reads the MailboxDatabase option
from the sendmail.cf file. New option -C cffile which
specifies the path of the sendmail.cf file.
New Directories:
libmilter/docs
New Files:
cf/cf/README
cf/cf/submit.cf
cf/cf/submit.mc
cf/feature/authinfo.m4
cf/feature/compat_check.m4
cf/feature/enhdnsbl.m4
cf/feature/msp.m4
cf/feature/local_no_masquerade.m4
cf/feature/lookupdotdomain.m4
cf/feature/preserve_luser_host.m4
cf/feature/preserve_local_plus_detail.m4
cf/feature/queuegroup.m4
cf/sendmail.schema
contrib/dnsblaccess.m4
devtools/M4/UNIX/sm-test.m4
devtools/OS/OpenUNIX.5.i386
editmap/*
include/sm/*
libsm/*
libsmutil/cf.c
libsmutil/err.c
sendmail/SECURITY
sendmail/TUNING
sendmail/bf.c
sendmail/bf.h
sendmail/sasl.c
sendmail/sm_resolve.c
sendmail/sm_resolve.h
sendmail/tls.c
Deleted Files:
cf/feature/rbl.m4
cf/ostype/aix2.m4
devtools/OS/AIX.2
include/sendmail/cdefs.h
include/sendmail/errstring.h
include/sendmail/useful.h
libsmutil/errstring.c
sendmail/bf_portable.c
sendmail/bf_portable.h
sendmail/bf_torek.c
sendmail/bf_torek.h
sendmail/clock.c
Renamed Files:
cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc
cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf
cf/ostype/aux.m4 => cf/ostype/a-ux.m4
8.11.7/8.11.7 2003/03/29
SECURITY: Fix a remote buffer overflow in header parsing by
dropping sender and recipient header comments if the
comments are too long. Problem noted by Mark Dowd
of ISS X-Force.
SECURITY: Fix a buffer overflow in address parsing due to
a char to int conversion problem which is potentially
remotely exploitable. Problem found by Michal Zalewski.
Note: an MTA that is not patched might be vulnerable to
data that it receives from untrusted sources, which
includes DNS.
To provide partial protection to internal, unpatched sendmail MTAs,
8.11.7 changes by default (char)0xff to (char)0x7f in
headers etc. To turn off this conversion compile with
-DALLOW_255 or use the command line option -d82.101.
To provide partial protection for internal, unpatched MTAs that may be
performing 7->8 or 8->7 bit MIME conversions, the default
for MaxMimeHeaderLength has been changed to 2048/1024.
Note: this does have a performance impact, and it only
protects against frontal attacks from the outside.
To disable the checks and return to pre-8.11.7 defaults,
set MaxMimeHeaderLength to 0/0.
Properly clean up macros to avoid persistence of session data
across various connections. This could cause session
oriented restrictions, e.g., STARTTLS requirements,
to erroneously allow a connection. Problem noted
by Tim Maletic of Priority Health.
Ignore comments in NIS host records when trying to find the
canonical name for a host.
Fix a memory leak when closing Hesiod maps.
Set ${msg_size} macro when reading a message from the command line
or the queue.
Prevent a segmentation fault when clearing the event list by
turning off alarms before checking if event list is
empty. Problem noted by Allan E Johannesen of Worcester
Polytechnic Institute.
Fix a potential core dump problem if the environment variable
NAME is set. Problem noted by Beth A. Chaney of
Purdue University.
Prevent a race condition on child cleanup for delivery to files.
Problem noted by Fletcher Mattox of the University of
Texas.
CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
parameter is set and the LDAP lookup returns a temporary
error.
CONFIG: Fix a syntax error in the try_tls ruleset if
FEATURE(`access_db') is not enabled.
LIBSMDB: Fix a lock race condition that affects makemap, praliases,
and vacation.
LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
and NDBM on systems with the O_EXLOCK open(2) flag.
MAKEMAP: Avoid going beyond the end of an input line if it does
not contain a value for a key. Based on patch from
Mark Bixby from Hewlett-Packard.
MAIL.LOCAL: Fix a truncation race condition if the close() on
the mailbox fails. Problem noted by Tomoko Fukuzawa of
Sun Microsystems.
SMRSH: SECURITY: Only allow regular files or symbolic links to be
used for a command. Problem noted by David Endler of
iDEFENSE, Inc.
8.11.6/8.11.6 2001/08/20
SECURITY: Fix a possible memory access violation when specifying
out-of-bounds debug parameters. Problem detected by
Cade Cairns of SecurityFocus.
Avoid leaking recipient information in unrelated DSNs. This could
happen if a connection is aborted, several mails had been
scheduled for delivery via that connection, and the timeout
is reached such that several DSNs are sent next. Problem
noted by Dileepan Moorkanat of Hewlett-Packard.
Fix a possible segmentation violation when specifying too many
wildcard operators in a rule. Problem detected by
Werner Wiethege.
Avoid a segmentation fault on non-matching Hesiod lookups. Problem
noted by Russell McOrmond of flora.ca
8.11.5/8.11.5 2001/07/31
Fix a possible race condition when sending a HUP signal to restart
the daemon. This could terminate the current process without
starting a new daemon. Problem reported by Wolfgang Breyha
of SE Netway Communications.
Only apply MaxHeadersLength when receiving a message via SMTP or
the command line. Problem noted by Andrey J. Melnikoff.
When finding the system's local hostname on an IPv6-enabled system
which doesn't have any IPv6 interface addresses, fall back
to looking up only IPv4 addresses. Problem noted by Tim
Bosserman of EarthLink.
When commands were being rejected due to check_relay or TCP
Wrappers, the ETRN command was not giving a response.
Incoming IPv4 connections on a Family=inet6 daemon (using
IPv4-mapped addresses) were incorrectly labeled as "may be
forged". Problem noted by Per Steinar Iversen of Oslo
University College.
Shutdown address test mode cleanly on SIGTERM. Problem noted by
Greg King of the OAO Corporation.
Restore the original real uid (changed in main() to prevent
out of band signals) before invoking a delivery agent.
Some delivery agents use this for the "From " envelope
"header". Problem noted by Leslie Carroll of the
University at Albany.
Mark closed file descriptors properly to avoid reuse. Problem
noted by Jeff Bronson of J.D. Bronson, Inc.
Setting Timeout options on the command line will also override
their sub-suboptions in the .cf file, e.g., -O
Timeout.queuereturn=2d will set all queuereturn timeouts
to 2 days. Problem noted by Roger B.A. Klorese.
Portability:
BSD/OS has a broken setreuid() implementation. Problem
noted by Vernon Schryver of Rhyolite Software.
BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?).
Noted by Vernon Schryver of Rhyolite Software.
BSD/OS has fchown(2). Noted by Dave Yadallee of Netline
2000 Internet Solutions Inc.
Solaris 2.X and later have strerror(3). From Sebastian
Hagedorn of Cologne University.
CONFIG: Fix parsing for IPv6 domain literals in addresses
(user@[IPv6:address]). Problem noted by Liyuan Zhou.
8.11.4/8.11.4 2001/05/28
Clean up signal handling routines to reduce the chances of heap
corruption and other potential race conditions.
Terminating and restarting the daemon may not be
instantaneous due to this change. Also, non-root users can
no longer send out-of-band signals. Problem reported by
Michal Zalewski of BindView.
If LogLevel is greater than 9 and SASL fails to negotiate an
encryption layer, avoid core dump logging the encryption
strength. Problem noted by Miroslav Zubcic of Crol.
If a server offers "AUTH=" and "AUTH " and the list of mechanisms is
different in those two lines, sendmail might not have
recognized (and used) all of the offered mechanisms.
Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch
from Kenji Miyake.
This time, really don't use the .. directory when expanding
QueueDirectory wildcards.
If a process is interrupted while closing a map, don't try to close
the same map again while exiting.
Allow local mailers (F=l) to contact remote hosts (e.g., via
LMTP). Problem noted by Norbert Klasen of the University
of Tuebingen.
If Timeout.QueueReturn was set to a value less the time it took
to write a new queue file (e.g., 0 seconds), the bounce
message would be lost. Problem noted by Lorraine L Goff of
Oklahoma State University.
Pass map argument vector into map rewriting engine for the regex
and prog map types. Problem noted by Stephen Gildea of
InTouch Systems, Inc.
When closing an LDAP map due to a temporary error, close all of the
other LDAP maps which share the original map's connection
to the LDAP server. Patch from Victor Duchovni of
Morgan Stanley.
To detect changes of NDBM aliases files check the timestamp of the
.pag file instead of the .dir file. Problem noted by Neil
Rickert of Northern Illinois University.
Don't treat temporary hesiod lookup failures as permanent. Patch
from Werner Wiethege.
If ClientPortOptions is set, make sure to create the outgoing socket
with the family set in that option. Patch from Sean Farley.
Avoid a segmentation fault trying to dereference a NULL pointer
when logging a MaxHopCount exceeded error with an empty
recipient list. Problem noted by Chris Adams of HiWAAY
Internet Services.
Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich
Windl of the Universitaet Regensburg.
Fix DSN for "mail loops back to me" bounces. Problem noticed by
Kari Hurtta of the Finnish Meteorological Institute.
Portability:
OpenBSD has a broken setreuid() implementation.
CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back
to 553 since it is allowed by DRUMS.
CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X.
DEVTOOLS: install.sh did not properly handle paths in the source
file name argument. Noted by Kari Hurtta of the Finnish
Meteorological Institute.
DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD
since it generates random process ids.
PRALIASES: Add back adaptive algorithm to deal with different endings
of entries in the database (with/without trailing '\0').
Patch from John Beck of Sun Microsystems.
New Files:
cf/ostype/freebsd4.m4
8.11.3/8.11.3 2001/02/27
Prevent a segmentation fault when a bogus value was used in the
LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus
option was used. Problem noted by Allan E Johannesen of
Worcester Polytechnic Institute.
Prevent "token too long" message by shortening {currHeader} which
could be too long if the last copied character was a quote.
Problem detected by Jan Krueger of digitalanswers
communications consulting gmbh.
Additional IPv6 check for unspecified addresses. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Do not ignore the ClientPortOptions setting if DaemonPortOptions
Modifier=b (bind to same interface) is set and the
connection came in from the command line.
Do not bind to the loopback address if DaemonPortOptions
Modifier=b (bind to same interface) is set. Patch from
John Beck of Sun Microsystems.
Properly deal with open failures on non-optional maps used in
check_* rulesets by returning a temporary failure.
Buffered file I/O files were not being properly fsync'ed to disk
when they were committed.
Properly encode '=' for the AUTH= parameter of the MAIL command.
Problem noted by Hadmut Danisch.
Under certain circumstances the macro {server_name} could be set
to the wrong hostname (of a previous connection), which may
cause some rulesets to return wrong results. This would
usually cause mail to be queued up and delivered later on.
Ignore F=z (LMTP) mailer flag if $u is given in the mailer A=
equate. Problem noted by Motonori Nakamura of Kyoto
University.
Work around broken accept() implementations which only partially
fill in the peer address if the socket is closed before
accept() completes.
Return an SMTP "421" temporary failure if the data file can't be
opened where the "354" reply would normally be given.
Prevent a CPU loop in trying to expand a macro which doesn't exist
in a queue run. Problem noted by Gordon Lack of Glaxo
Wellcome.
If delivering via a program and that program exits with EX_TEMPFAIL,
note that fact for the mailq display instead of just showing
"Deferred". Problem noted by Motonori Nakamura of Kyoto
University.
If doing canonification via /etc/hosts, try both the fully
qualified hostname as well as the first portion of the
hostname. Problem noted by David Bremner of the
University of New Brunswick.
Portability:
Fix a compilation problem for mail.local and rmail if SFIO
is in use. Problem noted by Auteria Wally
Winzer Jr. of Champion Nutrition.
IPv6 changes for platforms using KAME. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and
higher has BSDI-style login classes. Patch from
Todd C. Miller of Courtesan Consulting.
Unixware 7.1.1 doesn't allow h_errno to be set directly if
sendmail is being compiled with -kthread. Problem
noted by Orion Poplawski of CQG, Inc.
CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and
current left hand side for $LHS in virtuser files.
DEVTOOLS: Do not pass make targets to recursive Build invocations.
Problem noted by Jeff Bronson of J.D. Bronson, Inc.
MAIL.LOCAL: In LMTP mode, do not return errors regarding problems
storing the temporary message file until after the remote
side has sent the final DATA termination dot. Problem
noted by Allan E Johannesen of Worcester Polytechnic
Institute.
MAIL.LOCAL: If LMTP mode is set, give a temporary error if users
are also specified on the command line. Patch from
Motonori Nakamura of Kyoto University.
PRALIASES: Skip over AliasFile specifications which aren't based on
database files (i.e., only show dbm, hash, and btree).
Renamed Files:
devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x
8.11.2/8.11.2 2000/12/29
Prevent a segmentation fault when trying to set a class in
address test mode due to a negative array index. Audit
other array indexing. This bug is not believed to be
exploitable. Noted by Michal Zalewski of the "Internet for
Schools" project (IdS).
Add an FFR (for future release) to drop privileges when using
address test mode. This will be turned on in 8.12. It can
be enabled by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
in your devtools/Site/site.config.m4 file. Suggested by
Michal Zalewski of the "Internet for Schools" project (IdS).
Fix potential problem with Cyrus-SASL security layer which may have
caused I/O errors, especially for mechanism DIGEST-MD5.
When QueueSortOrder was set to host, sendmail might not read
enough of the queue file to determine the host, making the
sort sub-optimal. Problem noted by Jeff Earickson of
Colby College.
Don't issue DSNs for addresses which use the NOTIFY parameter (per
RFC 1891) but don't have FAILURE as value.
Initialize Cyrus-SASL library before the SMTP daemon is started.
This implies that every change to SASL related files requires
a restart of the daemon, e.g., Sendmail.conf, new SASL
mechanisms (in form of shared libraries).
Properly set the STARTTLS related macros during a queue run for
a cached connection. Bug reported by Michael Kellen of
NxNetworks, Inc.
Log the server name in relay= for ruleset tls_server instead of the
client name.
Include original length of bad field/header when reporting
MaxMimeHeaderLength problems. Requested by Ulrich Windl of
the Universitat Regensburg.
Fix delivery to set-user-ID files that are expanded from aliases in
DeliveryMode queue. Problem noted by Ric Anderson of the
University of Arizona.
Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano
of Collective Technologies.
Avoid using a negative argument for sleep() calls when delaying answers
to EXPN/VRFY commands on systems which respond very slowly.
Problem noted by Mikolaj J. Habryn of Optus Internet
Engineering.
Make sure the F=u flag is set in the default prog mailer
definition. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
Fix IPv6 check for unspecified addresses. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish
Meteorological Institute.
Fix parsing of DaemonPortOptions and ClientPortOptions. Read all
of the parameters to find Family= setting before trying to
interpret Addr= and Port=. Problem noted by Valdis
Kletnieks of Virginia Tech.
When delivering to a file directly from an alias, do not call
initgroups(); instead use the DefaultUser group information.
Problem noted by Marc Schaefer of ALPHANET NF.
RunAsUser now overrides the ownership of the control socket, if
created. Otherwise, sendmail can not remove it upon
close. Problem noted by Werner Wiethege.
Fix ConnectionRateThrottle counting as the option is the number of
overall connections, not the number of connections per
socket. A future version may change this to per socket
counting.
Portability:
Clean up libsmdb so it functions properly on platforms
where sizeof(u_int32_t) != sizeof(size_t). Problem
noted by Rein Tollevik of Basefarm AS.
Fix man page formatting for compatibility with Solaris'
whatis. From Stephen Gildea of InTouch Systems, Inc.
UnixWare 7 includes snprintf() support. From Larry
Rosenman.
IPv6 changes for platforms using KAME. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Avoid a typedef compile conflict with Berkeley DB 3.X and
Solaris 2.5 or earlier. Problem noted by Bob Hughes
of Pacific Access.
Add preliminary support for AIX 5. Contributed by
Valdis Kletnieks of Virginia Tech.
Solaris 9 load average support from Andrew Tucker of Sun
Microsystems.
CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
is used. Problem noted by Phil Homewood of Asia Online,
patch from Neil Rickert of Northern Illinois University.
- CONFIG: Change the default DNS based blacklist server for
+ CONFIG: Change the default DNS based blocklist server for
FEATURE(`dnsbl') to blackholes.mail-abuse.org.
CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
implicitly assume canonical host names.
CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on
patch by Motonori Nakamura of Kyoto University.
CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of
Virginia Tech.
CONFIG: Pass the illegal header form <list:;> through untouched
instead of making it worse. Problem noted by Motonori
Nakamura of Kyoto University.
CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`).
CONTRIB: qtool.pl: An empty queue is not an error. Problem noted
by Jan Krueger of digitalanswers communications consulting
gmbh.
CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark
Roth of the University of Illinois at Urbana-Champaign.
DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4
variables into bldOS, bldREL, and bldARCH to prevent
namespace collisions. Problem noted by Motonori Nakamura
of Kyoto University.
RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It
causes some changes in behavior and may break rmail for
installations where sendmail is actually a wrapper to
another MTA. The change will re-appear in a future
version.
SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X,
and SunOS 5.8. Requested by Jeff A. Earickson of Colby
College and John Beck of Sun Microsystems.
VACATION: Fix pattern matching for addresses to ignore.
VACATION: Don't reply to addresses of the form owner-*
or *-owner.
New Files:
cf/ostype/aix5.m4
contrib/buildvirtuser
devtools/OS/AIX.5.0
8.11.1/8.11.1 2000/09/27
Fix SMTP EXPN command output if the address expands to a single
name. Fix from John Beck of Sun Microsystems.
Don't try STARTTLS in the client if the PRNG has not been properly
seeded. This problem only occurs on systems without
/dev/urandom. Problem detected by Jan Krueger of
digitalanswers communications consulting gmbh and
Neil Rickert of Northern Illinois University.
Don't use the . and .. directories when expanding QueueDirectory
wildcards.
Do not try to cache LDAP connections across processes as a parent
process may close the connection before the child process
has completed. Problem noted by Lai Yiu Fai of the Hong
Kong University of Science and Technology and Wolfgang
Hottgenroth of UUNET.
Use Timeout.fileopen to limit the amount of time spent trying to
read the LDAP secret from a file.
Prevent SIGTERM from removing a command line submitted item after
the user submits the message and before the first delivery
attempt completes. Problem noted by Max France of AlphaNet.
Fix from Neil Rickert of Northern Illinois University.
Deal correctly with MaxMessageSize restriction if message size is
greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman
of EarthLink.
Turn off queue checkpointing if CheckpointInterval is set to zero.
Treat an empty home directory (from getpw*() or $HOME) as
non-existent instead of treating it as /. Problem noted by
Todd C. Miller of Courtesan Consulting.
Don't drop duplicate headers when reading a queued item. Problem
noted by Motonori Nakamura of Kyoto University.
Avoid bogus error text when logging the savemail panic "cannot
save rejected email anywhere". Problem noted by Marc G.
Fournier of Acadia University.
If an LDAP search fails because the LDAP server went down, close
the map so subsequent searches reopen the map. If there are
multiple LDAP servers, the down server will be skipped and
one of the others may be able to take over.
Set the ${load_avg} macro to the current load average, not the
previous load average query result.
If a non-optional map used in a check_* ruleset can't be opened,
return a temporary failure to the remote SMTP client
instead of ignoring the map. Problem noted by Allan E
Johannesen of Worcester Polytechnic Institute.
Avoid a race condition when queuing up split envelopes by saving
the split envelopes before the original envelope.
Fix a bug in the PH_MAP code which caused mail to bounce instead of
defer if the PH server could not be contacted. From Mark
Roth of the University of Illinois at Urbana-Champaign.
Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and
ETRN. Problem noted by Erik R. Leo of SoVerNet.
Change error code for unrecognized parameters to the SMTP MAIL and
RCPT commands from 501 to 555 per RFC 1869. Problem
reported to Postfix by Robert Norris of Monash University.
Prevent overwriting the argument of -B on certain OS. Problem
noted by Matteo Gelosa of I.NET S.p.A.
Use the proper routine for freeing memory with Netscape's LDAP
client libraries. Patch from Paul Hilchey of the
University of British Columbia.
Portability:
Move the NETINET6 define to devtools/OS/SunOS.5.{8,9}
instead of defining it in conf.h so users can
override the setting. Suggested by
Henrik Nordstrom of Ericsson.
On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of
/usr/lib/sendmail for rmail and vacation. From
Jeff A. Earickson of Colby College.
On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which
does not exist). From Jeff A. Earickson of Colby
College.
Avoid using the UCB subsystem on NCR MP-RAS 3.x. From
Tom Moore of NCR.
NeXT 3.X and 4.X installs man pages in /usr/man. From
Hisanori Gogota of NTT/InterCommunicationCenter.
Solaris 8 and later include /var/run. The default PID file
location is now /var/run/sendmail.pid. From John
Beck of Sun Microsystems.
SFIO includes snprintf() for those operating systems
which do not. From Todd C. Miller of Courtesan
Consulting.
CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}.
Problem noted by Kaspar Brand of futureLab AG.
CONFIG: Change 553 SMTP reply code to 501 to avoid problems with
errors in the MAIL address.
CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem
noted by Ron Jarrell of Virginia Tech.
CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8).
Contributed by John Beck of Sun Microsystems.
CONFIG: Set confFROM_HEADER such that the mail hub can possibly add
GECOS information for an address. This more closely
matches pre-8.10 nullclient behavior. From Per Hedeland of
Ericsson.
CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for
SMTP to all *smtp* mailers and those for RELAY to the relay
mailer as described in cf/README.
MAIL.LOCAL: Open the mailbox as the recipient not root so quotas
are obeyed. Problem noted by Damian Kuczynski of NIK.
MAKEMAP: Do not change a map's owner to the TrustedUser if using
makemap to 'unmake' the map.
RMAIL: Avoid overflowing the list of recipients being passed to
sendmail.
RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
submission. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
VACATION: Read the complete message to avoid "broken pipe" signals.
VACATION: Do not cut off vacation.msg files which have a single
dot as the only character on the line.
New Files:
cf/ostype/solaris8.m4
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.me.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.me.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Crossbar Security.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
8.10.2/8.10.2 2000/06/07
SECURITY: Work around broken Linux setuid() implementation.
On Linux, a normal user process has the ability to subvert
the setuid() call such that it is impossible for a root
process to drop its privileges. Problem noted by Wojciech
Purczynski of elzabsoft.pl.
SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(),
initgroups(), and chroot() calls.
Added Files:
test/t_setuid.c
8.10.1/8.10.1 2000/04/06
SECURITY: Limit the choice of outgoing (client-side) SMTP
Authentication mechanisms to those specified in
AuthMechanisms to prevent information leakage. We do not
recommend use of PLAIN for outgoing mail as it sends the
password in clear text to possibly untrusted servers. See
cf/README's DefaultAuthInfo section for additional information.
Copy the ident argument for openlog() to avoid problems on some
OSs. Based on patch from Rob Bajorek from Webhelp.com.
Avoid bogus error message when reporting an alias line as too long.
Avoid bogus socket error message if sendmail.cf version level is
greater than sendmail binary supported version. Patch
from John Beck of Sun Microsystems.
Prevent a malformed ruleset (missing right hand side) from causing
a segmentation fault when using address test mode. Based on
patch from John Beck of Sun Microsystems.
Prevent memory leak from use of NIS maps and yp_match(3). Problem
noted by Gil Kloepfer of the University of Texas at Austin.
Fix queue file permission checks to allow for TrustedUser ownership.
Change logging of errors from the trust_auth ruleset to LogLevel 10
or higher.
Avoid simple password cracking attacks against SMTP AUTH by using
exponential delay after too many tries within one connection.
Encode an initial empty AUTH challenge as '=', not as empty string.
Avoid segmentation fault on EX_SOFTWARE internal error logs.
Problem noted by Allan E Johannesen of Worcester
Polytechnic Institute.
Ensure that a header check which resolves to $#discard actually
discards the message.
Emit missing value warnings for aliases with no right hand side
when newaliases is run instead of only when delivery is
attempted to the alias.
Remove AuthOptions missing value warning for consistency with other
flag options.
Portability:
SECURITY: Specify a run-time shared library search path for
AIX 4.X instead of using the dangerous AIX 4.X
linker semantics. AIX 4.X users should consult
sendmail/README for further information. Problem
noted by Valdis Kletnieks of Virginia Tech.
Avoid use of strerror(3) call. Problem noted by Charles
Levert of Ecole Polytechnique de Montreal.
DGUX requires -lsocket -lnsl and has a non-standard install
program. From Tim Boyer of Denman Tire Corporation.
HPUX 11.0 has a broken res_search() function.
Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X
from J. P. McCann of E I A.
Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3).
Problem noted by Michael Long of Info Avenue Internet
Services, LLC.
Modern (post-199912) OpenBSD versions include working
strlc{at,py}(3) functions. From Todd C. Miller of
Courtesan Consulting.
SINIX doesn't have random(3). From Gerald Rinske of
Siemens Business Services.
CONFIG: Change error message about unresolvable sender domain to
include the sender address. Proposed by Wolfgang Rupprecht
of WSRCC.
CONFIG: Fix usenet mailer calls.
CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS
to be backward compatible with 8.9.
CONFIG: Change handling of default case @domain for virtusertable
to allow for +*@domain to deal with +detail.
CONTRIB: Remove converting.sun.configs -- it is obsolete.
DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki
of NEC.
DEVTOOLS: Add to NCR platform list and include the architecture
(i486). From Tom J. Moore of NCR.
DEVTOOLS: SECURITY: Change method of linking with sendmail utility
libraries to work around the AIX 4.X and SunOS 4.X linker's
overloaded -L option. Problem noted by Valdis Kletnieks of
Virginia Tech.
DEVTOOLS: configure.sh was overriding the user's choice for
confNROFF. Problem noted by Glenn A. Malling of Syracuse
University.
DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added
for other internal projects but included in the open source
release.
LIBSMDB: Check for ".db" instead of simply "db" at the end of the
map name to determine whether or not to add the extension.
This fixes makemap when building the userdb file. Problem
noted by Andrew J Cole of the University of Leeds.
LIBSMDB: Allow a database to be opened for updating and created if
it doesn't already exist. Problem noted by Rand Wacker of
Sendmail.
LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are
available, fall back to NDBM if NEWDB open fails. This
fixes praliases. Patch from John Beck of Sun Microsystems.
LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted
as SFF_NOWRFILES.
OP.ME: Clarify some issues regarding mailer flags. Suggested by
Martin Mokrejs of The Charles University and Neil Rickert of
Northern Illinois University.
PRALIASES: Restore 8.9.X functionality of being able to search for
particular keys in a database by specifying the keys on the
command line. Man page updated accordingly. Patch from
John Beck of Sun Microsystems.
VACATION: SunOS 4.X portability from Charles Levert of Ecole
Polytechnique de Montreal.
VACATION: Fix -t option which is ignored but available for
compatibility with Sun's version, based on patch from
Volker Dobler of Infratest Burke.
Added Files:
devtools/M4/UNIX/smlib.m4
devtools/OS/OSF1.V5.0
Deleted Files:
contrib/converting.sun.configs
Deleted Directories (already done in 8.10.0 but not listed):
doc/intro
doc/usenix
doc/changes
8.10.0/8.10.0 2000/03/01
*************************************************************
* The engineering department at Sendmail, Inc. has suffered *
* the tragic loss of a key member of our engineering team. *
* Julie Van Bourg was the Vice President of Engineering *
* at Sendmail, Inc. during the development and deployment *
* of this release. It was her vision, dedication, and *
* support that has made this release a success. Julie died *
* on October 26, 1999 of cancer. We have lost a leader, a *
* coach, and a friend. *
* *
* This release is dedicated to her memory and to the joy, *
* strength, ideals, and hope that she brought to all of us. *
* Julie, we miss you! *
*************************************************************
SECURITY: The safe file checks now back track through symbolic
links to make sure the files can't be compromised due
to poor permissions on the parent directories of the
symbolic link target.
SECURITY: Only root, TrustedUser, and users in class t can rebuild
the alias map. Problem noted by Michal Zalewski of the
"Internet for Schools" project (IdS).
SECURITY: There is a potential for a denial of service attack if
the AutoRebuildAliases option is set as a user can kill the
sendmail process while it is rebuilding the aliases file
(leaving it in an inconsistent state). This option and
its use is deprecated and will be removed from a future
version of sendmail.
SECURITY: Make sure all file descriptors (besides stdin, stdout, and
stderr) are closed before restarting sendmail. Problem noted
by Michal Zalewski of the "Internet for Schools" project
(IdS).
Begin using /etc/mail/ for sendmail related files. This affects
a large number of files. See cf/README for more details.
The directory structure of the distribution has changed slightly
for easier code sharing among the programs.
Support SMTP AUTH (see RFC 2554). New macros for this purpose
are ${auth_authen}, ${auth_type}, and ${auth_author}
which hold the client's authentication credentials,
the mechanism used for authentication, and the
authorization identity (i.e., the AUTH= parameter if
supplied). Based on code contributed by Tim Martin of CMU.
On systems which use the Torek stdio library (all of the BSD
distributions), use memory-buffered files to reduce
file system overhead by not creating temporary files on
disk. Contributed by Exactis.com, Inc.
New option DataFileBufferSize to control the maximum size of a
memory-buffered data (df) file before a disk-based file is
used. Contributed by Exactis.com, Inc.
New option XscriptFileBufferSize to control the maximum size of a
memory-buffered transcript (xf) file before a disk-based
file is used. Contributed by Exactis.com, Inc.
sendmail implements RFC 2476 (Message Submission), e.g., it can
now listen on several different ports. Use:
O DaemonPortOptions=Name=MSA, Port=587, M=E
to run a Message Submission Agent (MSA); this is turned
on by default in m4-generated .cf files; it can be turned
off with FEATURE(`no_default_msa').
The 'XUSR' SMTP command is deprecated. Mail user agents should
begin using RFC 2476 Message Submission for initial user
message submission. XUSR may disappear from a future release.
The new '-G' (relay (gateway) submission) command line option
indicates that the message being submitted from the command
line is for relaying, not initial submission. This means
the message will be rejected if the addresses are not fully
qualified and no canonicalization will be done. Future
releases may even reject improperly formed messages.
The '-U' (initial user submission) command line option is
deprecated and may be removed from a future release.
Mail user agents should begin using '-G' to indicate that
this is a relay submission (the inverse of -U).
The next release of sendmail will assume that any message submitted
from the command line is an initial user submission and act
accordingly.
If sendmail doesn't have enough privileges to run a .forward
program or deliver to file as the owner of that file, the
address is marked as unsafe. This means if RunAsUser is
set, users won't be able to use programs or delivery to
files in their .forward files. Administrators can override
this by setting the DontBlameSendmail option to the new
setting NonRootSafeAddr.
Allow group or world writable directories if the sticky bit is set
on the directory and DontBlameSendmail is set to
TrustStickyBit. Based on patch from Chris Metcalf of
InCert Software.
Prevent logging of unsafe directory paths for non-existent forward
files if the new DontWarnForwardFileInUnsafeDirPath bit is
set in the DontBlameSendmail option. Requested by many.
New Timeout.control option to limit the total time spent satisfying
a control socket request.
New Timeout.resolver options for controlling BIND resolver
settings:
Timeout.resolver.retrans
Sets the resolver's retransmission time interval (in
seconds). Sets both Timeout.resolver.retrans.first
and Timeout.resolver.retrans.normal.
Timeout.resolver.retrans.first
Sets the resolver's retransmission time interval (in
seconds) for the first attempt to deliver a message.
Timeout.resolver.retrans.normal
Sets the resolver's retransmission time interval (in
seconds) for all resolver lookups except the first
delivery attempt.
Timeout.resolver.retry
Sets the number of times to retransmit a resolver
query. Sets both Timeout.resolver.retry.first
and Timeout.resolver.retry.normal.
Timeout.resolver.retry.first
Sets the number of times to retransmit a resolver
query for the first attempt to deliver a message.
Timeout.resolver.retry.normal
Sets the number of times to retransmit a resolver
query for all resolver lookups except the first
delivery attempt.
Contributed by Exactis.com, Inc.
Support multiple queue directories. To use multiple queues, supply
a QueueDirectory option value ending with an asterisk. For
example, /var/spool/mqueue/q* will use all of the
directories or symbolic links to directories beginning with
'q' in /var/spool/mqueue as queue directories. Keep in
mind, the queue directory structure should not be changed
while sendmail is running. Queue runs create a separate
process for running each queue unless the verbose flag is
given on a non-daemon queue run. New items are randomly
assigned to a queue. Contributed by Exactis.com, Inc.
Support different directories for qf, df, and xf queue files; if
subdirectories or symbolic links to directories of those names
exist in the queue directories, they are used for the
corresponding queue files. Keep in mind, the queue
directory structure should not be changed while sendmail is
running. Proposed by Mathias Koerber of Singapore
Telecommunications Ltd.
New queue file naming system which uses a filename guaranteed to be
unique for 60 years. This allows queue IDs to be assigned
without fancy file system locking. Queued items can be
moved between queues easily. Contributed by Exactis.com,
Inc.
Messages which are undeliverable due to temporary address failures
(e.g., DNS failure) will now go to the FallBackMX host, if
set. Contributed by Exactis.com, Inc.
New command line option '-L tag' which sets the identifier used for
syslog. Contributed by Exactis.com, Inc.
QueueSortOrder=Filename will sort the queue by filename. This
avoids opening and reading each queue file when preparing
to run the queue. Contributed by Exactis.com, Inc.
Shared memory counters and microtimers functionality has been
donated by Exactis.com, Inc.
The SCCS ID tags have been replaced with RCS ID tags.
Allow trusted users (those on a T line or in $=t) to set the
QueueDirectory (Q) option without an X-Authentication-Warning:
being added. Suggested by Michael K. Sanders.
IPv6 support based on patches from John Kennedy of Cal State
University, Chico, Motonori Nakamura of Kyoto University,
and John Beck of Sun Microsystems.
In low-disk space situations, where sendmail would previously refuse
connections, still accept them, but only allow ETRN commands.
Suggested by Mathias Koerber of Singapore Telecommunications
Ltd.
The [IPC] builtin mailer now allows delivery to a UNIX domain socket
on systems which support them. This can be used with LMTP
local delivery agents which listen on a named socket. An
example mailer might be:
Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n,
S=10, R=20/40, T=DNS/RFC822/X-Unix,
A=FILE /var/run/lmtpd
Code contributed by Lyndon Nerenberg of Messaging Direct.
The [TCP] builtin mailer name is now deprecated. Use [IPC]
instead.
The first mailer argument in the [IPC] mailer is now checked for a
legitimate value. Possible values are TCP (for TCP/IP
connections), IPC (which will be deprecated in a future
version), and FILE (for UNIX domain socket delivery).
PrivacyOptions=goaway no longer includes the noetrn and the noreceipts
flags.
PrivacyOptions=nobodyreturn instructs sendmail not to include the
body of the original message on delivery status
notifications.
Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted
by Dan Bernstein, fix from Robert Harker of Harker Systems.
Accept the SMTP RSET command even when rejecting commands due to TCP
Wrappers or the check_relay ruleset. Problem noted by
Steve Schweinhart of America Online.
Warn if OperatorChars is set multiple times. OperatorChars should
not be set after rulesets are defined. Suggested by
Mitchell Blank Jr of Exec-PC.
Do not report temporary failure on delivery to files. In
interactive delivery mode, this would result in two SMTP
responses after the DATA command. Problem noted by
Nik Conwell of Boston University.
Check file close when mailing to files. Problem noted by Nik
Conwell of Boston University.
Avoid a segmentation fault when using the LDAP map. Patch from
Curtis W. Hillegas of Princeton University.
Always bind to the LDAP server regardless of whether you are using
ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of
@Home Network.
New ruleset trust_auth to determine whether a given AUTH=
parameter of the MAIL command should be trusted. See SMTP
AUTH, cf/README, and doc/op/op.ps.
Allow new named config file rules check_vrfy, check_expn, and
check_etrn for VRFY, EXPN, and ETRN commands, respectively,
similar to check_rcpt etc.
Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr},
${mail_mailer}, ${mail_host}, ${mail_addr} that hold
the results of parsing the RCPT and MAIL arguments, i.e.
the resolved triplet from $#mailer $@host $:addr.
From Kari Hurtta of the Finnish Meteorological Institute.
New macro ${client_resolve} which holds the result of the resolve
call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed
by Kari Hurtta of the Finnish Meteorological Institute.
New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold
the corresponding DSN parameter values. Proposed by
Mathias Herberts.
New macro ${msg_size} which holds the value of the SIZE= parameter,
i.e., usually the size of the message (in an ESMTP dialogue),
before the message has been collected, thereafter it holds
the message size as computed by sendmail (and can be used
in check_compat).
The macro ${deliveryMode} now specifies the current delivery mode
sendmail is using instead of the value of the DeliveryMode
option.
New macro ${ntries} holds the number of delivery attempts.
Drop explicit From: if same as what would be generated only if it is
a local address. From Motonori Nakamura of Kyoto University.
Write pid to file also if sendmail only processes the queue.
Proposed by Roy J. Mongiovi of Georgia Tech.
Log "low on disk space" only when necessary.
New macro ${load_avg} can be used to check the current load average.
Suggested by Scott Gifford of The Internet Ramp.
Return-Receipt-To: header implies DSN request if option RrtImpliesDsn
is set.
Flag -S for maps to specify the character which is substituted
for spaces (instead of the default given by O BlankSub).
Flag -D for maps: perform no lookup in deferred delivery mode.
This flag is set by default for the host map. Based on a
proposal from Ian MacPhedran of the University of Saskatchewan.
Open maps only on demand, not at startup.
Log warning about unsupported IP address families.
New option MaxHeadersLength allows to specify a maximum length
of the sum of all headers. This can be used to prevent
a denial-of-service attack.
New option MaxMimeHeaderLength which limits the size of MIME
headers and parameters within those headers. This option
is intended to protect mail user agents from buffer
overflow attacks.
Added option MaxAliasRecursion to specify the maximum depth of
alias recursion.
New flag F=6 for mailers to strip headers to seven bit.
Map type syslog to log the key via syslogd.
Entries in the alias file can be continued by putting a backslash
directly before the newline.
New option DeadLetterDrop to define the location of the system-wide
dead.letter file, formerly hardcoded to
/usr/tmp/dead.letter. If this option is not set (the
default), sendmail will not attempt to save to a
system-wide dead.letter file if it can not bounce the mail
to the user nor postmaster. Instead, it will rename the qf
file as it has in the past when the dead.letter file
could not be opened.
New option PidFile to define the location of the pid file. The
value of this option is macro expanded.
New option ProcessTitlePrefix specifies a prefix string for the
process title shown in 'ps' listings.
New macros for use with the PidFile and ProcessTitlePrefix options
(along with the already existing macros):
${daemon_info} Daemon information, e.g.
SMTP+queueing@00:30:00
${daemon_addr} Daemon address, e.g., 0.0.0.0
${daemon_family} Daemon family, e.g., inet, inet6, etc.
${daemon_name} Daemon name, e.g., MSA.
${daemon_port} Daemon port, e.g., 25
${queue_interval} Queue run interval, e.g., 00:30:00
New macros especially for virtual hosting:
${if_name} hostname of interface of incoming connection.
${if_addr} address of interface of incoming connection.
The latter is only set if the interface does not belong to the
loopback net.
If a message being accepted via a method other than SMTP and
would be rejected by a header check, do not send the message.
Suggested by Phil Homewood of Mincom Pty Ltd.
Don't strip comments for header checks if $>+ is used instead of $>.
Provide header value as quoted string in the macro
${currHeader} (possibly truncated to MAXNAME). Suggested by
Jan Krueger of Unix-AG of University of Hannover.
The length of the header value is stored in ${hdrlen}.
H*: allows to specify a default ruleset for header checks. This
ruleset will only be called if the individual header does
not have its own ruleset assigned. Suggested by Jan
Krueger of Unix-AG of University of Hannover.
The name of the header field stored in ${hdr_name}.
Comments (i.e., text within parentheses) in rulesets are not
removed if the config file version is greater than or equal
to 9. For example, "R$+ ( 1 ) $@ 1" matches the
input "token (1)" but does not match "token".
Avoid removing the Content-Transfer-Encoding MIME header on
MIME messages. Problem noted by Sigurbjorn B. Larusson of
Multimedia Consumer Services. Fix from Per Hedeland of
Ericsson.
Avoid duplicate Content-Transfer-Encoding MIME header on
messages with 8-bit text in headers. Problem noted by
Per Steinar Iversen of Oslo College. Fix from Per Hedeland
of Ericsson.
Avoid keeping maps locked longer than necessary when re-opening a
modified database map file. Problem noted by Chris Adams
of Renaissance Internet Services.
Resolving to the $#error mailer with a temporary failure code (e.g.,
$#error $@ tempfail $: "400 Temporary failure") will now
queue up the message instead of bouncing it.
Be more liberal in acceptable responses to an SMTP RSET command as
standard does not provide any indication of what to do when
something other than 250 is received. Based on a patch
from Steve Schweinhart of America Online.
New option TrustedUser allows to specify a user who can own
important files instead of root. This requires HASFCHOWN.
Fix USERDB conditional so compiling with NEWDB or HESIOD and
setting USERDB=0 works. Fix from Jorg Zanger of Schock.
Fix another instance (similar to one in 8.9.3) of a network failure
being mis-logged as "Illegal Seek" instead of whatever
really went wrong. From John Beck of Sun Microsystems.
$? tests also whether the macro is non-null.
Print an error message if a mailer definition contains an invalid
equate name.
New mailer equate /= to specify a directory to chroot() into before
executing the mailer program. Suggested by Igor Vinokurov.
New mailer equate W= to specify the maximum time to wait for the
mailer to return after sending all data to it.
Only free memory from the process list when adding a new process
into a previously filled slot. Previously, the memory was
freed at removal time. Since removal can happen in a
signal handler, this may leave the memory map in an
inconsistent state. Problem noted by Jeff A. Earickson and
David Cooley of Colby College.
When using the UserDB @hostname catch-all, do not try to lookup
local users in the passwd file. The UserDB code has
already decided the message will be passed to another host
for processing. Fix from Tony Landells of Burdett
Buckeridge Young Limited.
Support LDAP authorization via either a file containing the
password or Kerberos V4 using the new map options
'-ddistinguished_name', '-Mmethod', and '-Pfilename'. The
distinguished_name is who to login as. The method can be
one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or
LDAP_AUTH_KRBV4. The filename is the file containing the
secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos
ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense
of Stanford University.
The ldapx map has been renamed to ldap. The use of ldapx is
deprecated and will be removed in a future version.
If the result of an LDAP search returns a multi-valued attribute
and the map has the column delimiter set, it turns that
response into a delimiter separated string. The LDAP map
will traverse multiple entries as well. LDAP alias maps
automatically set the column delimiter to the comma.
Based on patch from Booker Bense of Stanford University and
idea from Philip A. Prindeville of Mirapoint, Inc.
Support return of multiple values for a single LDAP lookup. The
values to be returned should be in a comma separated string.
For example, `-v "email,emailother"'. Patch from
Curtis W. Hillegas of Princeton University.
Allow the use of LDAP for alias maps.
If no LDAP attributes are specified in an LDAP map declaration, all
attributes found in the match will be returned.
Prevent commas in quoted strings in the AliasFile value from
breaking up a single entry into multiple entries. This is
needed for LDAP alias file specifications to allow for
comma separated key and value strings.
Keep connections to LDAP server open instead of opening and closing
for each lookup. To reduce overhead, sendmail will cache
connections such that multiple maps which use the same
host, port, bind DN, and authentication will only result in
a single connection to that host.
Put timeout in the proper place for USE_LDAP_INIT.
Be more careful about checking for errors and freeing memory on
LDAP lookups.
Use asynchronous LDAP searches to save memory and network
resources.
Do not copy LDAP query results if the map's match only flag is set.
Increase portability to the Netscape LDAP libraries.
Change the parsing of the LDAP filter specification. '%s' is still
replaced with the literal contents of the map lookup key --
note that this means a lookup can be done using the LDAP
special characters. The new '%0' token can be used instead
of '%s' to encode the key buffer according to RFC 2254.
For example, if the LDAP map specification contains '-k
"(user=%s)"' and a lookup is done on "*", this would be
equivalent to '-k "(user=*)"' -- matching ANY record with a
user attribute. Instead, if the LDAP map specification
contains '-k "(user=%0)"' and a lookup is done on "*", this
would be equivalent to '-k "(user=\2A)"' -- matching a user
with the name "*".
New LDAP map flags: "-1" requires a single match to be returned, if
more than one is returned, it is equivalent to no records
being found; "-r never|always|search|find" sets the LDAP
alias dereference option; "-Z size" limits the number of
matches to return.
New option LDAPDefaultSpec allows a default map specification for
LDAP maps. The value should only contain LDAP specific
settings such as "-h host -p port -d bindDN", etc. The
settings will be used for all LDAP maps unless they are
specified in the individual map specification ('K'
command). This option should be set before any LDAP maps
are defined.
Prevent an NDBM alias file opening loop when the NDBM open
continually fails. Fix from Roy J. Mongiovi of Georgia
Tech.
Reduce memory utilization for smaller symbol table entries. In
particular, class entries get much smaller, which can be
important if you have large classes.
On network-related temporary failures, record the hostname which
gave error in the queued status message. Requested by
Ulrich Windl of the Universitat Regensburg.
Add new F=% mailer flag to allow for a store and forward
configuration. Mailers which have this flag will not attempt
delivery on initial receipt of a message or on queue runs
unless the queued message is selected using one of the
-qI/-qR/-qS queue run modifiers or an ETRN request. Code
provided by Philip Guenther of Gustavus Adolphus College.
New option ControlSocketName which, when set, creates a daemon
control socket. This socket allows an external program to
control and query status from the running sendmail daemon
via a named socket, similar to the ctlinnd interface to the
INN news server. Access to this interface is controlled by
the UNIX file permissions on the named socket on most UNIX
systems (see sendmail/README for more information). An
example control program is provided as contrib/smcontrol.pl.
Change the default values of QueueLA from 8 to (8 * numproc) and
RefuseLA from 12 to (12 * numproc) where numproc is the
number of processors online on the system (if that can be
determined). For single processor machines, this change
has no effect.
Don't return body of message to postmaster on "Too many hops" bounces.
Based on fix from Motonori Nakamura of Kyoto University.
Give more detailed DSN descriptions for some cases. Patch from
Motonori Nakamura of Kyoto University.
Logging of alias, forward file, and UserDB expansion now happens
at LogLevel 11 or higher instead of 10 or higher.
Logging of an envelope's complete delivery (the "done" message) now
happens at LogLevel 10 or higher instead of 11 or higher.
Logging of TCP/IP or UNIX standard input connections now happens at
LogLevel 10 or higher. Previously, only TCP/IP connections
were logged, and on at LogLevel 12 or higher. Setting
LogLevel to 10 will now assist users in tracking frequent
connection-based denial of service attacks.
Log basic information about authenticated connections at LogLevel
10 or higher.
Log SMTP Authentication mechanism and author when logging the sender
information (from= syslog line).
Log the DSN code for each recipient if one is available as a new
equate (dsn=).
Macro expand PostmasterCopy and DoubleBounceAddress options.
New "ph" map for performing ph queries in rulesets, see
sendmail/README for details. Contributed by Mark Roth
of the University of Illinois at Urbana-Champaign.
Detect temporary lookup failures in the host map if looking up a
bracketed IP address. Problem noted by Kari Hurtta of the
Finnish Meteorological Institute.
Do not report a Remote-MTA on local deliveries. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
When a forward file points to an alias which runs a program, run
the program as the default user and the default group, not
the forward file user. This change also assures the
:include: directives in aliases are also processed using
the default user and group. Problem noted by Sergiu
Popovici of DNT Romania.
Prevent attempts to save a dead.letter file for a user with
no home directory (/no/such/directory). Problem noted by
Michael Brown of Finnigan FT/MS.
Include message delay and number of tries when logging that a
message has been completely delivered (LogLevel of 10 or
above). Suggested by Nick Hilliard of Ireland Online.
Log the sender of a message even if none of the recipients were
accepted. If some of the recipients were rejected, it is
helpful to know the sender of the message.
Check the root directory (/) when checking a path for safety.
Problem noted by John Beck of Sun Microsystems.
Prevent multiple responses to the DATA command if DeliveryMode is
interactive and delivering to an alias which resolves to
multiple files.
Macros in the helpfile are expanded if the helpfile version is 2 or
greater (see below); the help function doesn't print the
version of sendmail any longer, instead it is placed in
the helpfile ($v). Suggested by Chuck Foster of UUNET
PIPEX. Additionally, comment lines (starting with #) are
skipped and a version line (#vers) is introduced. The
helpfile version for 8.10.0 is 2, if no version or an older
version is found, a warning is logged. The '#vers'
directive should be placed at the top of the help file.
Use fsync() when delivering to a file to guarantee the delivery to
disk succeeded. Suggested by Nick Christenson.
If delivery to a file is unsuccessful, truncate the file back to its
length before the attempt.
If a forward points to a filename for delivery, change to the
user's uid before checking permissions on the file. This
allows delivery to files on NFS mounted directories where
root is remapped to nobody. Problem noted by Harald
Daeubler of Universitaet Ulm.
purgestat and sendmail -bH purge only expired (Timeout.hoststatus)
host status files, not all files.
Any macros stored in the class $={persistentMacros} will be saved
in the queue file for the message and set when delivery
is attempted on the queued item. Suggested by Kyle Jones of
Wonderworks Inc.
Add support for storing information between rulesets using the new
macro map class. This can be used to store information
between queue runs as well using $={persistentMacros}.
Based on an idea from Jan Krueger of Unix-AG of University
of Hannover.
New map class arith to allow for computations in rules. The
operation (+, -, *, /, l (for less than), and =) is given
as key. The two operands are specified as arguments; the
lookup returns the result of the computation. For example,
"$(arith l $@ 4 $@ 2 $)" will return "FALSE" and
"$(arith + $@ 4 $@ 2 $)" will return "6".
Add new syntax for header declarations which decide whether to
include the header based on a macro rather than a mailer
flag:
H?${MyMacro}?X-My-Header: ${MyMacro}
This should be used along with $={persistentMacros}.
It can be used for adding headers to a message based on
the results of check_* and header check rulesets.
Allow new named config file rule check_eoh which is called after
all of the headers have been collected. The input to the
ruleset the number of headers and the size of all of the
headers in bytes separated by $|. This ruleset along with
the macro storage map can be used to correlate information
gathered between headers and to check for missing headers.
See cf/README or doc/op/op.ps for an example.
Change the default for the MeToo option to True to correspond
to the clarification in the DRUMS SMTP Update spec. This
option is deprecated and will be removed from a future
version.
Change the sendmail binary default for SendMimeErrors to True.
Change the sendmail binary default for SuperSafe to True.
Display ruleset names in debug and address test mode output
if referencing a named ruleset.
New mailer equate m= which will limit the number of messages
delivered per connection on an SMTP or LMTP mailer.
Improve QueueSortOrder=Host by reversing the hostname before
using it to sort. Now all the same domains are really run
through the queue together. If they have the same MX host,
then they will have a much better opportunity to use the
connection cache if available. This should be a reasonable
performance improvement. Patch from Randall Winchester of
the University of Maryland.
If a message is rejected by a header check ruleset, log who would
have received the message if it had not been rejected.
New "now" value for Timeout.queuereturn to bounce entries from the
queue immediately. No delivery attempt is made.
Increase sleeping time exponentially after too many "bad" commands
up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}-
COMMANDS).
New option ClientPortOptions similar to DaemonPortOptions
but for outgoing connections.
New suboptions for DaemonPortOptions: Name (a name used for
error messages and logging) and Modifiers, i.e.
a require authentication
b bind to interface through which mail has
been received
c perform hostname canonification
f require fully qualified hostname
h use name of interface for outgoing HELO
command
C don't perform hostname canonification
E disallow ETRN (see RFC 2476)
New suboption for ClientPortOptions: Modifiers, i.e.
h use name of interface for HELO command
The version number for queue files (qf) has been incremented to 4.
Log unacceptable HELO/EHLO domain name attempts if LogLevel is set
to 10 or higher. Suggested by Rick Troxel of the National
Institutes of Health.
If a mailer dies, print the status in decimal instead of octal
format. Suggested by Michael Shapiro of Sun Microsystems.
Limit the length of all MX records considered for delivery to 8k.
Move message priority from sender to recipient logging. Suggested by
Ulrich Windl of the Universitat Regensburg.
Add support for Berkeley DB 3.X.
Add fix for Berkeley DB 2.X fcntl() locking race condition.
Requires a post-2.7.5 version of Berkeley DB.
Support writing traffic log (sendmail -X option) to a FIFO.
Patch submitted by Rick Heaton of Network Associates, Inc.
Do not ignore Timeout settings in the .cf file when a Timeout
sub-options is set on the command line. Problem noted by
Graeme Hewson of Oracle.
Randomize equal preference MX records each time delivery is
attempted via a new connection to a host instead of once per
session. Suggested by Scott Salvidio of Compaq.
Implement enhanced status codes as defined by RFC 2034.
Add [hostname] to class w for the names of all interfaces unless
DontProbeInterfaces is set. This is useful for sending mails
to hosts which have dynamically assigned names.
If a message is bounced due to bad MIME conformance, avoid bouncing
the bounce for the same reason. If the body is not 8-bit
clean, and EightBitMode isn't set to pass8, the body will
not be included in the bounce. Problem noted by Valdis
Kletnieks of Virginia Tech.
The timeout for sending a message via SMTP has been changed from
'${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which
simply checks for progress on sending data every 5 minutes.
This will detect the inability to send information quicker
and reduce the number of processes simply waiting to
timeout.
Prevent a segmentation fault on systems which give a partial filled
interface address structure when loading the system network
interface addresses. Fix from Reinier Bezuidenhout of
Nanoteq.
Add a compile-time configuration macro, MAXINTERFACES, which
indicates the number of interfaces to read when probing
for hostnames and IP addresses for class w ($=w). The
default value is 512. Based on idea from Reinier
Bezuidenhout of Nanoteq.
If the RefuseLA option is set to 0, do not reject connections based
on load average.
Allow ruleset 0 to have a name. Problem noted by Neil Rickert of
Northern Illinois University.
Expand the Return-Path: header at delivery time, after "owner-"
envelope splitting has occurred.
Don't try to sort the queue if there are no entries. Patch from
Luke Mewburn from RMIT University.
Add a "/quit" command to address test mode.
Include the proper sender in the UNIX "From " line and Return-Path:
header when undeliverable mail is saved to ~/dead.letter.
Problem noted by Kari Hurtta of the Finnish Meteorological
Institute.
The contents of a class can now be copied to another class using
the syntax: "C{Dest} $={Source}". This would copy all of
the items in class $={Source} into the class $={Dest}.
Include original envelope's error transcript in bounces created for
split (owner-) envelopes to see the original errors when
the recipients were added. Based on fix from Motonori
Nakamura of Kyoto University.
Show reason for permanent delivery errors directly after the
addresses. From Motonori Nakamura of Kyoto University.
Prevent a segmentation fault when bouncing a split-envelope
message. Patch from Motonori Nakamura of Kyoto University.
If the specification for the queue run interval (-q###) has a
syntax error, consider the error fatal and exit.
Pay attention to CheckpointInterval during LMTP delivery. Problem
noted by Motonori Nakamura of Kyoto University.
On operating systems which have setlogin(2), use it to set the
login name to the RunAsUserName when starting as a daemon.
This is for delivery to programs which use getlogin().
Based on fix from Motonori Nakamura of Kyoto University.
Differentiate between "command not implemented" and "command
unrecognized" in the SMTP dialogue.
Strip returns from forward and include files. Problem noted by
Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a core dump when using 'sendmail -bv' on an address which
resolves to the $#error mailer with a temporary failure.
Based on fix from Neil Rickert of Northern Illinois
University.
Prevent multiple deliveries of a message with a "non-local alias"
pointing to a local user, if canonicalization fails
the message was requeued *and* delivered to the alias.
If an invalid ruleset is declared, the ruleset name could be
ignored and its rules added to S0. Instead, ignore the
ruleset lines as well.
Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient
success DSN fields as well as duplicate entries for a
single address due to S5 and UserDB processing. Problems
noted by Kari Hurtta of the Finnish Meteorological
Institute.
Turn off timeouts when exiting sendmail due to an interrupt signal
to prevent the timeout from firing during the exit process.
Problem noted by Michael Shapiro of Sun Microsystems.
Do not append @MyHostName to non-RFC822 addresses output by the EXPN
command or on Final-Recipient: and X-Actual-Recipient: DSN
headers. Non-RFC822 addresses include deliveries to
programs, file, DECnet, etc.
Fix logic for determining if a local user is using -f or -bs to
spoof their return address. Based on idea from Neil Rickert
of Northern Illinois University and patch from Per Hedeland
of Ericsson.
Report the proper UID in the bounce message if an :include: file is
owned by a uid that doesn't map to a username and the
:include: file contains delivery to a file or program.
Problem noted by John Beck of Sun Microsystems.
Avoid the attempt of trying to send a second SMTP QUIT command if
the remote server responds to the first QUIT with a 4xx
response code and drops the connection. This behavior was
noted by Ulrich Windl of the Universitat Regensburg when
sendmail was talking to the Mercury 1.43 MTA.
If a hostname lookup times out and ServiceSwitchFile is set but the
file is not present, the lookup failure would be marked as
a permanent failure instead of a temporary failure. Fix
from Russell King of the ARM Linux Project.
Handle aliases or forwards which deliver to programs using tabs
instead of spaces between arguments. Problem noted by Randy
Wormser. Fix from Neil Rickert of Northern Illinois
University.
Allow MaxRecipientsPerMessage option to be set on the command line
by normal users (e.g., sendmail won't drop its root
privileges) to allow overrides for message submission via
'sendmail -bs'.
Set the names for help file and statistics file to "helpfile" and
"statistics", respectively, if no parameters are given for
them in the .cf file.
Avoid bogus 'errbody: I/O Error -7' log messages when sending
success DSN messages for messages relayed to non-DSN aware
systems. Problem noted by Juergen Georgi of RUS University
of Stuttgart and Kyle Tucker of Parexel International.
Prevent +detail information from interfering with local delivery to
multiple users in the same transaction (F=m).
Add H_FORCE flag for the X-Authentication-Warning: header, so it
will be added even if one already exists. Problem noted
by Michal Zalewski of Marchew Industries.
Stop processing SMTP commands if the SMTP connection is dropped.
This prevents a remote system from flooding the connection
with commands and then disconnecting. Previously, the
server would process all of the buffered commands. Problem
noted by Michal Zalewski of Marchew Industries.
Properly process user-supplied headers beginning with '?'. Problem
noted by Michal Zalewski of Marchew Industries.
If multiple header checks resolve to the $#error mailer, use the
last permanent (5XX) failure if any exist. Otherwise, use
the last temporary (4XX) failure.
RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch
from Ronald F. Guilmette of Infinite Monkeys & Co.
Timeout.ident now defaults to 5 seconds instead of 30 seconds to
prevent the now common delays associated with mailing to a
site which drops IDENT packets. Suggested by many.
Persistent host status data is not reloaded disk when current data
is available in the in-memory cache. Problem noted by Per
Hedeland of Ericsson.
mailq displays unprintable characters in addresses as their octal
representation and a leading backslash. This avoids problems
with "unprintable" characters. Problem noted by Michal
Zalewski of the "Internet for Schools" project (IdS).
The mail line length limit (L= equate) was adding the '!' indicator
one character past the limit. This would cause subsequent
hops to break the line again. The '!' is now placed in
the last column of the limit if the line needs to be broken.
Problem noted by Joe Pruett of Q7 Enterprises. Based on fix
from Per Hedeland of Ericsson.
If a resolver ANY query is larger than the UDP packet size, the
resolver will fall back to TCP. However, some
- misconfigured firewalls black 53/TCP so the ANY lookup
+ misconfigured firewalls block 53/TCP so the ANY lookup
fails whereas an MX or A record might succeed. Therefore,
don't fail on ANY queries.
If an SMTP recipient is rejected due to syntax errors in the
address, do not send an empty postmaster notification DSN
to the postmaster. Problem noted by Neil Rickert of
Northern Illinois University.
Allow '_' and '.' in map names when parsing a sequence map
specification. Patch from William Setzer of North Carolina
State University.
Fix hostname in logging of read timeouts for the QUIT command on
cached connections. Problem noted by Neil Rickert of
Northern Illinois University.
Use a more descriptive entry to log "null" connections, i.e.,
"host did not issue MAIL/EXPN/VRFY/ETRN during connection".
Fix a file descriptor leak in ONEX mode.
Portability:
Reverse signal handling logic such that sigaction(2) with
the SA_RESTART flag is the preferred method and the
other signal methods are only tried if SA_RESTART
is not available. Problem noted by Allan E
Johannesen of Worcester Polytechnic Institute.
AIX 4.x supports the sa_len member of struct sockaddr.
This allows network interface probing to work
properly. Fix from David Bronder of the
University of Iowa.
AIX 4.3 has snprintf() support.
Use "PPC" as the architecture name when building under
AIX. This will be reflected in the obj.* directory
name.
Apple Darwin support based on Apple Rhapsody port.
Fixed AIX 'make depend' method from Valdis Kletnieks of
Virginia Tech.
Digital UNIX has uname(2).
GNU Hurd updates from Mark Kettenis of the University of
Amsterdam.
Improved HPUX 11.0 portability.
Properly determine the number of CPUs on FreeBSD 2.X,
FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X.
Remove special IRIX ABI cases from Build script and the OS
files. Use the standard 'cc' options used by SGI
in building the operating system. Users can
override the defaults by setting confCC and
confLIBSEARCHPATH appropriately.
IRIX nsd map support from Bob Mende of SGI.
Minor devtools fixes for IRIX from Bob Mende of SGI.
Linux patch for IP_SRCROUTE support from Joerg Dorchain
of MW EDV & ELECTRONIC.
Linux now uses /usr/sbin for confEBINDIR in the build
system. From MATSUURA Takanori of Osaka University.
Remove special treatment for Linux PPC in the build
system. From MATSUURA Takanori of Osaka University.
Motorolla UNIX SYSTEM V/88 Release 4.0 support from
Sergey Rusanov of the Republic of Udmurtia.
NCR MP-RAS 3.x includes regular expression support. From
Tom J. Moore of NCR.
NEC EWS-UX/V series settings for _PATH_VENDOR_CF and
_PATH_SENDMAILPID from Oota Toshiya of
NEC Computers Group Planning Division.
Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D.
NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and
1024 in conf.h. Since confENVDEF would be used,
use that value in conf.h.
Use NeXT's NETINFO to get domain name. From Gerd Knops of
BITart Consulting.
Use NeXT's NETINFO for alias and hostname resolution if
AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are
defined. Patch from Wilfredo Sanchez of Apple
Computer, Inc.
NeXT portability tweaks. Problems reported by Dragan
Milicic of the University of Utah and J. P. McCann
of E I A.
New compile flag FAST_PID_RECYCLE: set this if your system
can reuse the same PID in the same second.
New compile flag HASFCHOWN: set this if your OS has
fchown(2).
New compile flag HASRANDOM: set this to 0 if your OS does
not have random(3). rand() will be used instead.
New compile flag HASSRANDOMDEV: set this if your OS has
srandomdev(3).
New compile flag HASSETLOGIN: set this if your OS has
setlogin(2).
Replace SINIX and ReliantUNIX support with version
specific SINIX files. From Gerald Rinske of
Siemens Business Services.
Use the 60-second load average instead of the 5 second load
average on Compaq Tru64 UNIX (formerly Digital
UNIX). From Chris Teakle of the University of Qld.
Use ANSI C by default for Compaq Tru64 UNIX. Suggested by
Randall Winchester of Swales Aerospace.
Correct setgroups() prototype for Compaq Tru64 UNIX.
Problem noted by Randall Winchester of Swales
Aerospace.
Hitachi 3050R/3050RX and 3500 Workstations running
HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori
NAKAMURA of Kyoto University.
New compile flag NO_GETSERVBYNAME: set this to disable
use of getservbyname() on systems which can
not lookup a service by name over NIS, such as
HI-UX. Patch from Motonori NAKAMURA of Kyoto
University.
Use devtools/bin/install.sh on SCO 5.x. Problem noted
by Sun Wenbing of the China Engineering and
Technology Information Network.
make depend didn't work properly on UNIXWARE 4.2. Problem
noted by Ariel Malik of Netology, Ltd.
Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD,
and OpenBSD.
A recent Compaq Ultrix 4.5 Y2K patch has broken detection
of local_hostname_length(). See sendmail/README
for more details. Problem noted by Allan E
Johannesen of Worcester Polytechnic Institute.
CONFIG: Begin using /etc/mail/ for sendmail related files. This
affects a large number of files. See cf/README for more
details.
CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including
trailing slash) for the mail settings directory.
CONFIG: Increment version number of config file to 9.
CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been
deprecated and may be removed from a future release.
BSD/OS users should begin using OSTYPE(`bsdi').
CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This
requires a new OSTYPE(`openbsd'). From Todd C. Miller of
Courtesan Consulting.
CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X.
CONFIG: A syntax error in check_mail would cause fake top-level
domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to
be improperly rejected as unresolvable.
CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of
DNS server, rejection message) and can be included
multiple times.
CONFIG: New FEATURE(`relay_mail_from') allows relaying if the
mail sender is listed as RELAY in the access map (and tagged
with From:).
CONFIG: Optional tagging of LHS in the access map (Connect:,
From:, To:) to enable finer control.
CONFIG: New FEATURE(`ldap_routing') implements LDAP address
routing. See cf/README for a complete description of the
new functionality.
CONFIG: New variables for the new sendmail options:
confAUTH_MECHANISMS AuthMechanisms
confAUTH_OPTIONS AuthOptions
confCLIENT_OPTIONS ClientPortOptions
confCONTROL_SOCKET_NAME ControlSocketName
confDEAD_LETTER_DROP DeadLetterDrop
confDEF_AUTH_INFO DefaultAuthInfo
confDF_BUFFER_SIZE DataFileBufferSize
confLDAP_DEFAULT_SPEC LDAPDefaultSpec
confMAX_ALIAS_RECURSION MaxAliasRecursion
confMAX_HEADERS_LENGTH MaxHeadersLength
confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
confPID_FILE PidFile
confPROCESS_TITLE_PREFIX ProcessTitlePrefix
confRRT_IMPLIES_DSN RrtImpliesDsn
confTO_CONTROL Timeout.control
confTO_RESOLVER_RETRANS Timeout.resolver.retrans
confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
confTO_RESOLVER_RETRY Timeout.resolver.retry
confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
confTRUSTED_USER TrustedUser
confXF_BUFFER_SIZE XscriptFileBufferSize
CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(),
which takes the options as argument and can be used
multiple times; see cf/README for details.
CONFIG: Add a fifth mailer definition to MAILER(`smtp') called
"dsmtp". This mail provides on-demand delivery using the
F=% mailer flag described above. The "dsmtp" mailer
definition uses the new DSMTP_MAILER_ARGS which defaults
to "IPC $h".
CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS,
and RELAY_MAILER_MAXMSGS for setting the m= equate for the
local, smtp, and relay mailers respectively.
CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting
the DSN Diagnostic-Code type for the local mailer. The
value should be changed with care.
CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type
for the local mailer to the proper value of "SMTP".
CONFIG: All included maps are no longer optional by default; if
there there is a problem with a map, sendmail will
complain.
CONFIG: Removed root from class E; use EXPOSED_USER(`root')
to get the old behavior. Suggested by Joe Pruett
of Q7 Enterprises.
CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which
will not be masqueraded. Proposed by Arne Wichmann
of MPI Saarbruecken, Griff Miller of PGS Tensor,
Jayme Cox of Broderbund Software Inc.
CONFIG: A list of exceptions for FEATURE(`nocanonify') can be
specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
i.e., a list of domains which are passed to $[ ... $]
for canonification. Based on an idea from Neil Rickert
of Northern Illinois University.
CONFIG: If `canonify_hosts' is specified as parameter for
FEATURE(`nocanonify') then addresses which have only
a hostname, e.g., <user@host>, will be canonified.
CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is
nevertheless added to addresses with more than one component
in it.
CONFIG: Canonification is no longer attempted for any host or domain
in class 'P' ($=P).
CONFIG: New class for matching virtusertable entries $={VirtHost} that
can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE.
FEATURE(`virtuser_entire_domain') can be used to apply this
class also to entire subdomains. Hosts in this class are
treated as canonical in SCanonify2, i.e., a trailing dot
is added.
CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used,
include $={VirtHost} in $=R (hosts allowed to relay).
CONFIG: FEATURE(`generics_entire_domain') can be used to apply the
genericstable also to subdomains of $=G.
CONFIG: Pass "+detail" as %2 for virtusertable lookups.
Patch from Noam Freedman from University of Chicago.
CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested
by Raymond S Brand of rsbx.net.
CONFIG: Allow @domain in genericstable to override masquerading.
Suggested by Owen Duffy from Owen Duffy & Associates.
CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve
Hubert of University of Washington.
CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as
GNU is now the canonical system name. From Mark
Kettenis of the University of Amsterdam.
CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman.
CONFIG: Do not include '=' in option expansion if there is no value
associated with the option. From Andrew Brown of
Graffiti World Wide, Inc.
CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed
by Philip A. Prindeville of Enteka Enterprise Technology
Services.
CONFIG: MAILER(`cyrus') was not preserving case for mail folder
names. Problem noted by Randall Winchester of Swales
Aerospace.
CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags
for the relay mailer. Suggested by Doug Hughes of Auburn
University and Brian Candler.
CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path:
header) by default. Suggested by Per Hedeland of Ericsson.
CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host].
Suggested by Kari Hurtta of the Finnish Meteorological
Institute.
CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS;
i.e., to set, add, or delete flags.
CONFIG: If SMTP AUTH is used then relaying is allowed for any user
who authenticated via a "trusted" mechanism, i.e., one that
is defined via TRUST_AUTH_MECH(`list of mechanisms').
CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay
after check_rcpt and allows for exceptions from the checks.
CONFIG: Map declarations have been moved into their associated
feature files to allow greater flexibility in use of
sequence maps. Suggested by Per Hedeland of Ericsson.
CONFIG: New macro LOCAL_MAILER_EOL to override the default end of
line string for the local mailer. Requested by Il Oh of
Willamette Industries, Inc.
CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is
converted to <user@d>
CONFIG: Reject bogus return address of <@@hostname>, generated by
Sun's older, broken configuration files.
CONFIG: FEATURE(`nullclient') now provides the full rulesets of a
normal configuration, allowing anti-spam checks to be
performed.
CONFIG: Don't return a permanent error (Relaying denied) if
${client_name} can't be resolved just temporarily.
Suggested by Kari Hurtta of the Finnish Meteorological
Institute.
CONFIG: Change numbered rulesets into named (which still can
be accessed by their numbers).
CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial
which describes whether to disallow "!" in the local part
of an address.
CONFIG: Call Local_localaddr from localaddr (S5) which can be used
to rewrite an address from a mailer which has the F=5 flag
set. If the ruleset returns a mailer, the appropriate
action is taken, otherwise the returned tokens are ignored.
CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4
and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4.
The latter is kept around for backward compatibility.
CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries,
where "D.S.N" is an RFC 1893 compliant error code.
CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
CONFIG: Remove second space between username and date in UNIX From_
line. Noted by Allan E Johannesen of Worcester Polytechnic
Institute.
CONFIG: Make sure all of the mailers have complete T= equates.
CONFIG: Extend FEATURE(`local_procmail') so it can now take
arguments overriding the mailer program, arguments, and
mailer definition flags. This makes it possible to use
other programs such as maildrop for local delivery.
CONFIG: Emit warning if FEATURE(`local_lmtp') or
FEATURE(`local_procmail') is given after MAILER(`local').
Patch from Richard A. Nelson of IBM.
CONFIG: Add SMTP Authentication information to Received: header
default value (confRECEIVED_HEADER).
CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a
local mailer. Problem noted by Per Hedeland of Ericsson.
CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the
University of California at Berkeley.
CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of
Illinois at Urbana-Champaign.
CONTRIB: etrn.pl now recognizes bogus host names. Patch from
Bruce Barnett of GE's R&D Lab.
CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle
Corporation UK.
CONTRIB: Added qtool.pl to assist in managing the queues.
DEVTOOLS: Prevent user environment variables from interfering with
the Build scripts. Problem noted by Ezequiel H. Panepucci of
Yale University.
DEVTOOLS: 'Build -M' will display the obj.* directory which will
be used for building.
DEVTOOLS: 'Build -A' will display the architecture that would be
used for a fresh build.
DEVTOOLS: New variable confRANLIB, set automatically by configure.sh.
DEVTOOLS: New variable confRANLIBOPTS for the options to send to
ranlib.
DEVTOOLS: 'Build -O <path>' will have the object files build in
<path>/obj.*. Suggested by Bryan Costales of Exactis.
DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the
building of the man pages when defined. Suggested by Bryan
Costales.
DEVTOOLS: New variables confNO_HELPFILE_INSTALL and
confNO_STATISTICS_INSTALL which will prevent the
installation of the sendmail helpfile and statistics file
respectively. Suggested by Bryan Costales.
DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske
of Siemens Business Services.
DEVTOOLS: New variable confSTDIO_TYPE which defines the type of
stdio library. The new buffered file I/O depends on the
Torek stdio library. This option can be either portable or
torek.
DEVTOOLS: New variables confSRCADD and confSMSRCADD which
correspond to confOBJADD and confSMOBJADD respectively.
They should contain the C source files for the object files
listed in confOBJADD and confSMOBJADD. These file names
will be passed to the 'make depend' stage of compilation.
DEVTOOLS: New program specific variables for each of the programs
in the sendmail distribution. Each has the form
`conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'.
The new variables are conf_prog_ENVDEF, conf_prog_LIBS,
conf_prog_SRCADD, and conf_prog_OBJADD.
DEVTOOLS: Build system redesign. This should have little affect on
building the distribution, but documentation on the changes
are in devtools/README.
DEVTOOLS: Don't allow 'Build -f file' if an object directory already
exists. Suggested by Valdis Kletnieks of Virginia Tech.
DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies
the path to the sendmail source directory. confSRCDIR is a
new variable which identifies the root of the source
directories for all of the programs in the distribution.
DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build
time. They can both still be overridden by setting the m4
macro.
DEVTOOLS: confSBINGRP now defaults to bin instead of kmem.
DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for
build configurations, and places objects in obj.prefix.*/.
Complains as 'Build -f file' does for existing object
directories. Suggested by Tom Smith of Digital Equipment
Corporation.
DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted
manual pages in the directory tree specified by
confMANROOTMAN.
DEVTOOLS: If formatting the manual pages fails, copy in the
preformatted pages from the distribution. The new variable
confCOPY specifies the copying program.
DEVTOOLS: Defining confFORCE_RMAIL will install rmail without
question. Suggested by Terry Lambert of Whistle
Communications.
DEVTOOLS: confSTFILE and confHFFILE can be used to change the names
of the installed statistics and help files, respectively.
DEVTOOLS: Remove spaces in `uname -r` output when determining
operating system identity. Problem noted by Erik
Wachtenheim of Dartmouth College.
DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that
will be search for the libraries specified in confLIBSEARCH.
Defaults to "/lib /usr/lib /usr/shlib".
DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying
how to strip binaries. These are used by the new
install-strip target.
DEVTOOLS: New config file site.post.m4 which is included after
the others (if it exists).
DEVTOOLS: Change order of LIBS: first product specific libraries
then the default ones.
MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local
as local delivery agent without LMTP mode, use
MODIFY_MAILER_FLAGS(`LOCAL', `+S')
to set the S flag.
MAIL.LOCAL: Do not reject addresses which would otherwise be
accepted by sendmail. Suggested by Neil Rickert of
Northern Illinois University.
MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise
8BITMIME in the LHLO response. Suggested by Kari Hurtta of
the Finnish Meteorological Institute.
MAIL.LOCAL: Add support for the maillock() routines by defining
MAILLOCK when compiling. Also requires linking with
-lmail. Patch from Neil Rickert of Northern Illinois
University.
MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is
defined when compiling. Automatically set for Solaris 2.3
and later. Patch from Neil Rickert of Northern Illinois
University.
MAIL.LOCAL: Move the initialization of the 'notifybiff' address
structure to the beginning of the program. This ensures that
the getservbyname() is done before any seteuid to a possibly
unauthenticated user. If you are using NIS+ and secure RPC
on a Solaris system, this avoids syslog messages such as,
"authdes_refresh: keyserv(1m) is unable to encrypt session
key." Patch from Neil Rickert of Northern Illinois
University.
MAIL.LOCAL: Support group writable mail spool files when MAILGID is
set to the gid to use (-DMAILGID=6) when compiling.
Patch from Neil Rickert of Northern Illinois University.
MAIL.LOCAL: When a mail message included lines longer than 2046
characters (in LMTP mode), mail.local split the incoming
line up into 2046-character output lines (excluding the
newline). If an input line was 2047 characters long
(excluding CR-LF) and the last character was a '.',
- mail.local saw it as the end of input, transfered it to the
+ mail.local saw it as the end of input, transferred it to the
user mailbox and tried to write an `ok' back to sendmail.
If the message was much longer, both sendmail and
mail.local would deadlock waiting for each other to read
what they have written. Problem noted by Peter Jeremy of
Alcatel Australia Limited.
MAIL.LOCAL: New option -b to return a permanent error instead of a
temporary error if a mailbox exceeds quota. Suggested by
Neil Rickert of Northern Illinois University.
MAIL.LOCAL: The creation of a lockfile is subject to a global
timeout to avoid starvation.
MAIL.LOCAL: Properly parse addresses with multiple quoted
local-parts. Problem noted by Ronald F. Guilmette of
Infinite Monkeys & Co.
MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR.
MAILSTATS: New -p option to invoke program mode in which stats are
printed in a machine readable fashion and the stats file
is reset. Patch from Kevin Hildebrand of the University
of Maryland.
MAKEMAP: If running as root, automatically change the ownership of
generated maps to the TrustedUser as specified in the
sendmail configuration file.
MAKEMAP: New -C option to accept an alternate sendmail
configuration file to use for finding the TrustedUser
option.
MAKEMAP: New -u option to dump (unmap) a database. Based on
code contributed by Roy Mongiovi of Georgia Tech.
MAKEMAP: New -e option to allow empty values. Suggested by Philip
A. Prindeville of Enteka Enterprise Technology Services.
MAKEMAP: Compile cleanly on 64-bit operating systems. Problem
noted by Gerald Rinske of Siemens Business Services.
OP.ME: Correctly document interaction between F=S and U= mailer
equates. Problem noted by Bob Halley of Internet Engines.
OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle
Corporation UK.
OP.ME: The Timeout [r] option was incorrectly listed as "safe"
(e.g., sendmail would not drop root privileges if the
option was specified on the command line). Problem noted
by Todd C. Miller of Courtesan Consulting.
PRALIASES: Handle the hash and btree map specifications for
Berkeley DB. Patch from Brian J. Coan of the
Institute for Global Communications.
PRALIASES: Read the sendmail.cf file for the location(s) of the
alias file(s) if the -f option is not used. Patch from
John Beck of Sun Microsystems.
PRALIASES: New -C option to specify an alternate sendmail
configuration file to use for finding alias file(s). Patch
from John Beck of Sun Microsystems.
SMRSH: allow shell commands echo, exec, and exit. Allow command
lists using || and &&. Based on patch from Brian J. Coan
of the Institute for Global Communications.
SMRSH: Update README for the new Build system. From Tim Pierce
of RootsWeb Genealogical Data Cooperative.
VACATION: Added vacation auto-responder to sendmail distribution.
LIBSMDB: Added abstracted database library. Works with Berkeley
DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
Changed Files:
The Build script in the various program subdirectories are
no longer symbolic links. They are now scripts
which execute the actual Build script in
devtools/bin.
All the manual pages are now written against -man and not
-mandoc as they were previously.
Add a simple Makefile to every directory so make instead
of Build will work (unless parameters are
required for Build).
New Directories:
devtools/M4/UNIX
include
libmilter
libsmdb
libsmutil
vacation
Renamed Directories:
BuildTools => devtools
src => sendmail
Deleted Files:
cf/m4/nullrelay.m4
devtools/OS/Linux.ppc
devtools/OS/ReliantUNIX
devtools/OS/SINIX
sendmail/ldap_map.h
New Files:
INSTALL
PGPKEYS
cf/cf/generic-linux.cf
cf/cf/generic-linux.mc
cf/feature/delay_checks.m4
cf/feature/dnsbl.m4
cf/feature/generics_entire_domain.m4
cf/feature/no_default_msa.m4
cf/feature/relay_mail_from.m4
cf/feature/virtuser_entire_domain.m4
cf/mailer/qpage.m4
cf/ostype/bsdi.m4
cf/ostype/hpux11.m4
cf/ostype/openbsd.m4
contrib/bounce-resender.pl
contrib/domainmap.m4
contrib/qtool.8
contrib/qtool.pl
devtools/M4/depend/AIX.m4
devtools/M4/list.m4
devtools/M4/string.m4
devtools/M4/subst_ext.m4
devtools/M4/switch.m4
devtools/OS/Darwin
devtools/OS/GNU
devtools/OS/SINIX.5.43
devtools/OS/SINIX.5.44
devtools/OS/m88k
devtools/bin/find_in_path.sh
mail.local/Makefile
mailstats/Makefile
makemap/Makefile
praliases/Makefile
rmail/Makefile
sendmail/Makefile
sendmail/bf.h
sendmail/bf_portable.c
sendmail/bf_portable.h
sendmail/bf_torek.c
sendmail/bf_torek.h
sendmail/shmticklib.c
sendmail/statusd_shm.h
sendmail/timers.c
sendmail/timers.h
smrsh/Makefile
vacation/Makefile
Renamed Files:
cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4
sendmail/cdefs.h => include/sendmail/cdefs.h
sendmail/sendmail.hf => sendmail/helpfile
sendmail/mailstats.h => include/sendmail/mailstats.h
sendmail/pathnames.h => include/sendmail/pathnames.h
sendmail/safefile.c => libsmutil/safefile.c
sendmail/snprintf.c => libsmutil/snprintf.c
sendmail/useful.h => include/sendmail/useful.h
cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4
Copied Files:
cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4
8.9.3/8.9.3 1999/02/04
SECURITY: Limit message headers to a maximum of 32K bytes (total
of all headers in a single message) to prevent a denial of
service attack. This limit will be configurable in 8.10.
Problem noted by Michal Zalewski of the "Internet for
Schools" project (IdS).
Prevent segmentation fault on an LDAP lookup if the LDAP map
was closed due to an earlier failure. Problem noted by
Jeff Wasilko of smoe.org. Fix from Booker Bense of
Stanford University and Per Hedeland of Ericsson.
Preserve the order of the MIME headers in multipart messages
when performing the MIME header length check. This
will allow PGP signatures to function properly. Problem
noted by Lars Hecking of University College, Cork, Ireland.
If ruleset 5 rewrote the local address to an :include: directive,
the delivery would fail with an "aliasing/forwarding loop
broken" error. Problem noted by Eric C Hagberg of Morgan
Stanley. Fix from Per Hedeland of Ericsson.
Allow -T to work for bestmx maps. Fix from Aaron Schrab of
ExecPC Internet Systems.
During the transfer of a message in an SMTP transaction, if a
TCP timeout occurs, the message would be properly queued
for later retry but the failure would be logged as
"Illegal Seek" instead of a timeout. Problem noted by
Piotr Kucharski of the Warsaw School of Economics (SGH)
and Carles Xavier Munyoz Baldo of CTV Internet.
Prevent multiple deliveries on a self-referencing alias if the
F=w mailer flag is not set. Problem noted by Murray S.
Kucherawy of Concentric Network Corporation and Per
Hedeland of Ericsson.
Do not strip empty headers but if there is no value and a
default is defined in sendmail.cf, use the default.
Problem noted by Philip Guenther of Gustavus Adolphus
College and Christopher McCrory of Netus, Inc.
Don't inherit information about the sender (notably the full name)
in SMTP (-bs) mode, since this might be called from inetd.
Accept any 3xx reply code in response to DATA command instead of
requiring 354. This change will match the wording to be
published in the updated SMTP specification from the DRUMS
group of the IETF.
Portability:
AIX 4.2.0 or 4.2.1 may become updated by the fileset
bos.rte.net level 4.2.0.2. This introduces the
softlink /usr/lib/libbind.a which should
not be used. It conflicts with the resolver
built into libc.a. "bind" has been removed
from the confLIBSEARCH BuildTools variable.
Users who have installed BIND 8.X will have
to add it back in their site.config.m4 file.
Problem noted by Ole Holm Nielsen of the
Technical University of Denmark.
CRAY TS 10.0.x from Sven Nielsen of San Diego
Supercomputer Center.
Improved LDAP version 3 integration based on input
from Kurt D. Zeilenga of the OpenLDAP Foundation,
John Beck of Sun Microsystems, and Booker Bense
of Stanford University.
Linux doesn't have a standard way to get the timezone
between different releases. Back out the
change in 8.9.2 and don't attempt to derive
a timezone. Problem reported by Igor S. Livshits
of the University of Illinois at Urbana-Champaign
and Michael Dickens of Tetranet Communications.
Reliant UNIX, the new name for SINIX, from Gert-Jan Looy
of Siemens/SNI.
SunOS 5.8 from John Beck of Sun Microsystems.
CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper
timezone. Problem noted by Petr Lampa of Technical
University of Brno.
CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly
when using FEATURE(bestmx_is_local). Patch from Neil W.
Rickert of Northern Illinois University.
CONFIG: Properly handle source routed and %-hack addresses on
hosts which the mailertable remaps to local:. Patch from
Neil W. Rickert of Northern Illinois University.
CONFIG: Internal fixup of mailertable local: map value. Patch from
Larry Parmelee of Cornell University.
CONFIG: Only add back +detail from host portion of mailer triplet
on local mailer triplets if it was originally +detail.
Patch from Neil W. Rickert of Northern Illinois University.
CONFIG: The bestmx_is_local checking done in check_rcpt would
cause later checks to fail. Patch from Paul J Murphy of
MIDS Europe.
New Files:
BuildTools/OS/CRAYTS.10.0.x
BuildTools/OS/ReliantUNIX
BuildTools/OS/SunOS.5.8
8.9.2/8.9.2 1998/12/30
SECURITY: Remove five second sleep on accepting daemon connections
due to an accept() failure. This sleep could be used
for a denial of service attack.
Do not silently ignore queue files with names which are too long.
Patch from Bryan Costales of InfoBeat, Inc.
Do not store failures closing an SMTP session in persistent
host status. Reported by Graeme Hewson of Oracle
Corporation UK.
Allow symbolic link forward files if they are in safe directories.
Problem noted by Andreas Schott of the Max Planck Society.
Missing columns in a text map could cause a segmentation fault.
Fix from David Lee of the University of Durham.
Note that for 8.9.X, PrivacyOptions=goaway also includes the
noetrn flag. This is scheduled to change in a future
version of sendmail. Problem noted by Theo Van Dinter of
Chrysalis Symbolic Designa and Alan Brown of Manawatu
Internet Services.
When trying to do host canonification in a Wildcard MX
environment, try an MX lookup of the hostname without the
default domain appended. Problem noted by Olaf Seibert of
Polderland Language & Speech Technology.
Reject SMTP RCPT To: commands with only comments (i.e.
'RCPT TO: (comment)'. Problem noted by Earle Ake of
Hassler Communication Systems Technology, Inc.
Handle any number of %s in the LDAP filter spec. Patch from
Per Hedeland of Ericsson.
Clear ldapx open timeouts even if the map open failed to prevent
a segmentation fault. Patch from Wayne Knowles of the
National Institute of Water & Atmospheric Research Ltd.
Do not syslog envelope clone messages when using address
verification (-bv). Problem noted by Kari Hurtta of the
Finnish Meteorological Institute.
Continue to perform queue runs while in daemon mode even if the
daemon is rejecting connections due to a disk full
condition. Problem noted by JR Oldroyd of TerraNet
Internet Services.
Include full filename on installation of the sendmail.hf file
in case the $HFDIR directory does not exist. Problem
noted by Josef Svitak of Montana State University.
Close all maps when exiting the process with one exception.
Berkeley DB can use internal shared memory locking for
its memory pool. Closing a map opened by another process
will interfere with the shared memory and locks of the
parent process leaving things in a bad state. For
Berkeley DB, only close the map if the current process
is also the one that opened the map, otherwise only close
the map file descriptor. Thanks to Yoseff Francus of
Collective Technologies for volunteering his system for
extended testing.
Avoid null pointer dereference on XDEBUG output for SMTP reply
failures. Problem noted by Carlos Canau of EUnet Portugal.
On mailq and hoststat listings being piped to another program, such
as more, if the pipe closes (i.e., the user quits more),
stop sending output and exit. Patch from Allan E Johannesen
of Worcester Polytechnic Institute.
In accordance with the documentation, LDAP map lookup failures
are now considered temporary failures instead of permanent
failures unless the -t flag is used in the map definition.
Problem noted by Booker Bense of Stanford University and
Eric C. Hagberg of Morgan Stanley.
Fix by one error reporting on long alias names. Problem noted by
H. Paul Hammann of the Missouri Research and Education
Network.
Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem
noted by Barry S. Finkel of Argonne National Laboratory.
When automatically converting from 8 bit to quoted printable MIME,
be careful not to miss a multi-part boundary if that
boundary is preceded by a boundary-like line. Problem
noted by Andreas Raschle of Ansid Inc. Fix from
Kari Hurtta of the Finnish Meteorological Institute.
Avoid bogus reporting of "LMTP tobuf overflow" when the buffer
has enough space for the additional address. Problem
noted by Steve Cliffe of the University of Wollongong.
Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem
noted by Alex Vorobiev of Swarthmore College.
If the check_compat ruleset resolves to the $#discard mailer,
discard the current recipient. Unlike check_relay,
check_mail, and check_rcpt, the entire envelope is not
discarded. Problem noted by RZ D. Rahlfs. Fix from
Claus Assmann of Christian-Albrechts-University of Kiel.
Avoid segmentation fault when reading ServiceSwitchFile files with
bogus formatting. Patch from Kari Hurtta of the Finnish
Meteorological Institute.
Support Berkeley DB 2.6.4 API change.
OP.ME: Pages weren't properly output on duplexed printers. Fix
from Matthew Black of CSU Long Beach.
Portability:
Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc.
Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase
option structure. Problem noted by Ashley M.
Kirchner of Photo Craft Laboratories, Inc.
Break out IP address to hostname translation for
reading network interface addresses into
class 'w'. Patch from John Kennedy of
Cal State University, Chico.
AIX 4.x use -qstrict with -O3 to prevent the optimized
from changing the semantics of the compiled
program. From Simon Travaglia of the
University of Waikato, New Zealand.
FreeBSD 2.2.2 and later support setusercontext(). From
Peter Wemm of DIALix.
FreeBSD 3.x fix from Peter Wemm of DIALix.
IRIX 5.x has a syslog buffer size of 512 bytes. From
Nao NINOMIYA of Utsunomiya University.
IRIX 6.5 64-bit Build support.
LDAP Version 3 support from John Beck and Ravi Iyer
of Sun Microsystems.
Linux does not implement seteuid() properly. From
John Kennedy of Cal State University, Chico.
Linux timezone type was set improperly. From Takeshi Itoh
of Bits Co., Ltd.
NCR MP-RAS 3.x needs -lresolv for confLIBS. From
Tom J. Moore of NCR.
NeXT 4.x correction to man page path. From J. P. McCann
of E I A.
System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs)
from Paul Gampe of the Asia Pacific Network
Information Center.
ULTRIX now requires an optimization limit of 970 from
Allan E Johannesen of Worcester Polytechnic
Institute.
Fix extern declaration for sm_dopr(). Fix from Henk
van Oers of Algemeen Nederlands Persbureau.
CONFIG: Catch @hostname,user@anotherhost.domain as relaying.
Problem noted by Mark Rogov of AirMedia, Inc. Fix from
Claus Assmann of Christian-Albrechts-University of Kiel.
CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as
there are multiple RBL's available and the MAPS RBL may
not be the one in use. Suggested by Alan Brown of
Manawatu Internet Services.
CONFIG: Properly strip route addresses (i.e., @host1:user@host2)
when stripping down a recipient address to check for
relaying. Patch from Claus Assmann of
Christian-Albrechts-University of Kiel and Neil W Rickert
of Northern Illinois University.
CONFIG: Allow the access database to override RBL lookups. Patch
from Claus Assmann of Christian-Albrechts-University of
Kiel.
CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch
Dot Com.
CONFIG: Fixed check for deferred delivery mode warning. Patch
from Claus Assmann of Christian-Albrechts-University of
Kiel and Per Hedeland of Ericsson.
CONFIG: If a recipient using % addressing is used, e.g.
user%site@othersite, and othersite's MX records are now
checked for local hosts if FEATURE(relay_based_on_MX) is
used. Problem noted by Alexander Litvin of Lucky Net Ltd.
Patch from Alexander Litvin of Lucky Net Ltd and
Claus Assmann of Christian-Albrechts-University of Kiel.
MAIL.LOCAL: Prevent warning messages from appearing in the LMTP
stream. Do not allow more than one response per recipient.
MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix
from John Beck of Sun Microsystems.
MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from
John Beck of Sun Microsystems.
MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in
the envelope From header.
MAIL.LOCAL: Accept underscores in hostnames in LMTP mode.
Problem noted by Glenn A. Malling of Syracuse University.
MAILSTATS: Document msgsrej and msgsdis fields in the man page.
Problem noted by Richard Wong of Princeton University.
MAKEMAP: Build group list so group writable files are allowed with
the -s flag. Problem noted by Curt Sampson of Internet
Portal Services, Inc.
PRALIASES: Automatically handle alias files created without the
NULL byte at the end of the key. Patch from John Beck of
Sun Microsystems.
PRALIASES: Support Berkeley DB 2.6.4 API change.
New Files:
BuildTools/OS/IRIX64.6.5
BuildTools/OS/UnixWare.5.i386
cf/ostype/unixware7.m4
contrib/smcontrol.pl
src/control.c
8.9.1/8.9.1 1998/07/02
If both an OS specific site configuration file and a generic
site.config.m4 file existed, only the latter was used
instead of both. Problem noted by Geir Johannessen of
the Norwegian University of Science and Technology.
Fix segmentation fault while converting 8 bit to 7 bit MIME
multipart messages by trying to write to an unopened
file descriptor. Fix from Kari Hurtta of the Finnish
Meteorological Institute.
Do not assume Message: and Text: headers indicate the end of
the header area when parsing MIME headers. Problem noted
by Kari Hurtta of the Finnish Meteorological Institute.
Setting the confMAN#SRC Build variable would only effect the
installation commands. The man pages would still be
built with .0 extensions. Problem noted by Bryan
Costales of InfoBeat, Inc.
Installation of manual pages didn't honor the DESTDIR environment
variable. Problem noted by Bryan Costales of InfoBeat, Inc.
If the check_relay ruleset resolved to the discard mailer, messages
were still delivered. Problem noted by Mirek Luc of NASK.
Mail delivery to files would fail with an Operating System Error
if sendmail was not running as root, i.e., RunAsUser was set.
Problem noted by Leonard N. Zubkoff of Dandelion Digital.
Prevent MinQueueAge from interfering from queued items created
in the future, i.e., if the system clock was set ahead
and then back. Problem noted by Michael Miller of the
University of Natal, Pietermaritzburg.
Do not advertise ETRN support in ESTMP EHLO reply if noetrn is
set in the PrivacyOptions option. Fix from Ted Rule of
Flextech TV.
Log invalid persistent host status file lines instead of
bouncing the message. Problem noted by David Lindes of
DaveLtd Enterprises.
Move creation of empty sendmail.st file from installation to
compilation. Installation may be done from a read-only
mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric
Anderson of the Oasis Research Center, Inc.
Enforce the maximum number of User Database entries limit. Problem
noted by Gary Buchanan of Credence Systems Inc.
Allow dead.letter files in root's home directory. Problem noted
by Anna Ullman of Sun Microsystems.
Program deliveries in forward files could be marked unsafe if
any directory listed in the ForwardPath option did not
exist. Problem noted by Jorg Bielak of Coastal Web Online.
Do not trust the length of the address structure returned by
gethostbyname(). Problem noted by Chris Evans of Oxford
University.
If the SIZE= MAIL From: ESMTP parameter is too large, use the
5.3.4 DSN status code instead of 5.2.2. Similarly, for
non-local deliveries, if the message is larger than the
mailer maximum message size, use 5.3.4 instead of 5.2.3.
Suggested by Antony Bowesman of
Fujitsu/TeaWARE Mail/MIME System.
Portability:
Fix the check for an IP address reverse lookup for
use in $&{client_name} on 64 bit platforms.
From Gilles Gallot of Institut for Development
and Resources in Intensive Scientific computing.
BSD-OS uses .0 for man page extensions. From Jeff Polk
of BSDI.
DomainOS detection for Build. Also, version 10.4 and later
ship a unistd.h. Fixes from Takanobu Ishimura of
PICT Inc.
NeXT 4.x uses /usr/lib/man/cat for its man pages. From
J. P. McCann of E I A.
SCO 4.X and 5.X include NDBM support. From Vlado Potisk
of TEMPEST, Ltd.
CONFIG: Do not pass spoofed PTR results through resolver for
qualification. Problem noted by Michiel Boland of
Digital Valley Internet Professionals; fix from
Kari Hurtta of the Finnish Meteorological Institute.
CONFIG: Do not try to resolve non-DNS hostnames such as UUCP,
BITNET, and DECNET addresses for resolvable senders.
Problem noted by Alexander Litvin of Lucky Net Ltd.
CONFIG: Work around Sun's broken configuration which sends bounce
messages as coming from @@hostname instead of <>. LMTP
would not accept @@hostname.
OP.ME: Corrections to complex sendmail startup script from Rick
Troxel of the National Institutes of Health.
RMAIL: Do not install rmail by default, require 'make force-install'
as this rmail isn't the same as others. Suggested by
Kari Hurtta of the Finnish Meteorological Institute.
New Files:
BuildTools/OS/DomainOS.10.4
8.9.0/8.9.0 1998/05/19
SECURITY: To prevent users from reading files not normally
readable, sendmail will no longer open forward, :include:,
class, ErrorHeader, or HelpFile files located in unsafe
(i.e., group or world writable) directory paths. Sites
which need the ability to override security can use the
DontBlameSendmail option. See the README file for more
information.
SECURITY: Problems can occur on poorly managed systems, specifically,
if maps or alias files are in world writable directories.
This fixes the change added to 8.8.6 to prevent links in these
world writable directories.
SECURITY: Make sure ServiceSwitchFile option file is not a link if
it is in a world writable directory.
SECURITY: Never pass a tty to a mailer -- if a mailer can get at the
tty it may be able to push bytes back to the senders input.
Unfortunately this breaks -v mode. Problem noted by
Wietse Venema of the Global Security Analysis Lab at
IBM T.J. Watson Research.
SECURITY: Empty group list if DontInitGroups is set to true to
prevent program deliveries from picking up extra group
privileges. Problem reported by Wolfgang Ley of DFN-CERT.
SECURITY: The default value for DefaultUser is now set to the uid and
gid of the first existing user mailnull, sendmail, or daemon
that has a non-zero uid. If none of these exist, sendmail
reverts back to the old behavior of using uid 1 and gid 1.
This is a security problem for Linux which has chosen that
uid and gid for user bin instead of daemon. If DefaultUser
is set in the configuration file, that value overrides this
default.
SECURITY: Since 8.8.7, the check for non-set-user-ID binaries
interfered with setting an alternate group id for the
RunAsUser option. Problem noted by Randall Winchester of
the University of Maryland.
Add support for Berkeley DB 2.X. Based on patch from John Kennedy
of Cal State University, Chico.
Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users
which previously defined OLD_NEWDB=1 must now upgrade to the
current version of Berkeley DB.
Added support for regular expressions using the new map class regex.
From Jan Krueger of Unix-AG of University of Hannover.
Support for BIND 8.1.1's hesiod for hesiod maps and hesiod
UserDatabases from Randall Winchester of the University
of Maryland.
Allow any shell for user shell on program deliveries on V1
configurations for backwards compatibility on machines which
do not have getusershell(). Fix from John Beck of Sun
Microsystems.
On operating systems which change the process title by reusing the
argument vector memory, sendmail could corrupt memory if the
last argument was either "-q" or "-d". Problem noted by
Frank Langbein of the University of Stuttgart.
Support Local Mail Transfer Protocol (LMTP) between sendmail and
mail.local on the F=z flag.
Macro-expand the contents of the ErrMsgFile. Previously this was
only done if you had magic characters (0x81) to indicate
macro expansion. Now $x will be expanded. This means that
real dollar signs have to be backslash escaped.
TCP Wrappers expects "unknown" in the hostname argument if the
reverse DNS lookup for the incoming connection fails.
Problem noted by Randy Grimshaw of Syracuse University and
Wietse Venema of the Global Security Analysis Lab at
IBM T.J. Watson Research.
DSN success bounces generated from an invocation of sendmail -t
would be sent to both the sender and MAILER-DAEMON.
Problem noted by Claus Assmann of
Christian-Albrechts-University of Kiel.
Avoid "Error 0" messages on delivery mailers which exit with a
valid exit value such as EX_NOPERM. Fix from Andreas Luik
of ISA Informationssysteme GmbH.
Tokenize $&x expansions on right hand side of rules. This eliminates
the need to use tricks like $(dequote "" $&{client_name} $)
to cause the ${client_name} macro to be properly tokenized.
Add the MaxRecipientsPerMessage option: this limits the number of
recipients that will be accepted in a single SMTP
transaction. After this number is reached, sendmail
starts returning "452 Too many recipients" to all RCPT
commands. This can be used to limit the number of recipients
per envelope (in particular, to discourage use of the server
for spamming). Note: a better approach is to restrict
relaying entirely.
Fixed pointer initialization for LDAP lmap struct, fixed -s option
to ldapx map and added timeout for ldap_open call to
avoid hanging sendmail in the event of hung LDAP servers.
Patch from Booker Bense of Stanford University.
Allow multiple -qI, -qR, or -qS queue run limiters. For example,
'-qRfoo -qRbar' would deliver mail to recipients with foo or
bar in their address. Patch from Allan E Johannesen of
Worcester Polytechnic Institute.
The bestmx map will now return a list of the MX servers for a host if
passed a column delimiter via the -z map flag. This can be
used to check if the server is an MX server for the recipient
of a message. This can be used to help prevent relaying.
Patch from Mitchell Blank Jr of Exec-PC.
Mark failures for the *file* mailer and return bounce messages to the
sender for those failures.
Prevent bogus syslog timestamps on errors in sendmail.cf by
preserving the TZ environment variable until TimeZoneSpec
has been determined. Problem noted by Ralf Hildebrandt of
Technical University of Braunschweig. Patch from Per Hedeland
of Ericsson.
Print test input in address test mode when input is not from the tty
when the -v flag is given (i.e., sendmail -bt -v) to make
output easier to decipher. Problem noted by Aidan Nichol
of Procter & Gamble.
The LDAP map -s flag was not properly parsed and the error message
given included the remainder of the arguments instead of
solely the argument in error. Problem noted by Aidan Nichol
of Procter & Gamble.
New DontBlameSendmail option. This option allows administrators to
bypass some of sendmail's file security checks at the expense
of system security. This should only be used if you are
absolutely sure you know the consequences. The available
DontBlameSendmail options are:
Safe
AssumeSafeChown
ClassFileInUnsafeDirPath
ErrorHeaderInUnsafeDirPath
GroupWritableDirPathSafe
GroupWritableForwardFileSafe
GroupWritableIncludeFileSafe
GroupWritableAliasFile
HelpFileinUnsafeDirPath
WorldWritableAliasFile
ForwardFileInGroupWritableDirPath
IncludeFileInGroupWritableDirPath
ForwardFileInUnsafeDirPath
IncludeFileInUnsafeDirPath
ForwardFileInUnsafeDirPathSafe
IncludeFileInUnsafeDirPathSafe
MapInUnsafeDirPath
LinkedAliasFileInWritableDir
LinkedClassFileInWritableDir
LinkedForwardFileInWritableDir
LinkedIncludeFileInWritableDir
LinkedMapInWritableDir
LinkedServiceSwitchFileInWritableDir
FileDeliveryToHardLink
FileDeliveryToSymLink
WriteMapToHardLink
WriteMapToSymLink
WriteStatsToHardLink
WriteStatsToSymLink
RunProgramInUnsafeDirPath
RunWritableProgram
New DontProbeInterfaces option to turn off the inclusion of all the
interface names in $=w on startup. In particular, if you
have lots of virtual interfaces, this option will speed up
startup. However, unless you make other arrangements, mail
sent to those addresses will be bounced.
Automatically create alias databases if they don't exist and
AutoRebuildAliases is set.
Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command.
Suggested by Christophe Wolfhugel of the Institut Pasteur.
Add PrivacyOptions=noverb flag to disable the SMTP VERB command.
When determining the client host name ($&{client_name} macro), do
a forward (A) DNS lookup on the result of the PTR lookup
and compare results. If they differ or if the PTR lookup
fails, &{client_name} will contain the IP address
surrounded by square brackets (e.g., [127.0.0.1]).
New map flag: -Tx appends "x" to lookups that return temporary failure
(i.e, it is like -ax for the temporary failure case, in
contrast to the success case).
New syntax to do limited checking of header syntax. A config line
of the form:
HHeader: $>Ruleset
causes the indicated Ruleset to be invoked on the Header
when read. This ruleset works like the check_* rulesets --
that is, it can reject mail on the basis of the contents.
Limit the size of the HELO/EHLO parameter to prevent spammers
from hiding their connection information in Received:
headers.
When SingleThreadDelivery is active, deliveries to locked hosts
are skipped. This will cause the delivering process to
try the next MX host or queue the message if no other MX
hosts are available. Suggested by Alexander Litvin.
The [FILE] mailer type now delivers to the file specified in the
A= equate of the mailer definition instead of $u. It also
obeys all of the F= mailer flags such as the MIME
7/8 bit conversion flags. This is useful for defining
a mailer which delivers to the same file regardless of the
recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail).
Do not assume the identity of a remote connection is root@localhost
if the remote connection closes the socket before the
remote identity can be queried.
Change semantics of the F=S mailer flag back to 8.7.5 behavior.
Some mailers, including procmail, require that the real
uid is left unchanged by sendmail. Problem noted by Per
Hedeland of Ericsson.
No longer is the src/obj*/Makefile selected from a large list -- it
is now generated using the information in BuildTools/OS/ --
some of the details are determined dynamically via
BuildTools/bin/configure.sh.
The other programs in the sendmail distribution -- mail.local,
mailstats, makemap, praliases, rmail, and smrsh -- now use
the new Build method which creates an operating system
specific Makefile using the information in BuildTools.
Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e.,
a failure on one message won't affect future messages to the
same host). This is necessary if the remote host sends
a 451 error if the domain of the sender does not resolve
as is common in anti-spam configurations. Problem noted
by Mitchell Blank Jr of Exec-PC.
New "discard" mailer for check_* rulesets and header checking
rulesets. If one of the above rulesets resolves to the
$#discard mailer, the commands will be accepted but the
message will be completely discarded after it is accepting.
This means that even if only one of the recipients
resolves to the $#discard mailer, none of the recipients
will receive the mail. Suggested by Brian Kantor.
All but the last cloned envelope of a split envelope were queued
instead of being delivered. Problem noted by John Caruso
of CNET: The Computer Network.
Fix deadlock situation in persistent host status file locking.
Syslog an error if a user forward file could not be read due to
an error. Patch from John Beck of Sun Microsystems.
Use the first name returned on machine lookups when canonifying a
hostname via NetInfo. Patch from Timm Wetzel of GWDG.
Clear the $&{client_addr}, $&{client_name}, and $&{client_port}
macros when delivering a bounce message to prevent
rejection by a check_compat ruleset which uses these macros.
Problem noted by Jens Hamisch of AgiX Internetservices GmbH.
If the check_relay ruleset resolves to the the error mailer, the
error in the $: portion of the resolved triplet is used
in the rejection message given to the remote machine.
Suggested by Scott Gifford of The Internet Ramp.
Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros
before calling the check_relay ruleset. Suggested by Scott
Gifford of The Internet Ramp.
Sendmail would get a segmentation fault if a mailer exited with an
exit code of 79. Problem noted by Aaron Schrab of ExecPC
Internet. Fix from Christophe Wolfhugel of the Pasteur
Institute.
Separate snprintf/vsnprintf routines into separate file for use by
mail.local.
Allow multiple map lookups on right hand side, e.g.,
R$* $( host $1 $) $| $( passwd $1 $). Patch from
Christophe Wolfhugel of the Pasteur Institute.
Properly generate success DSN messages if requested for aliases
which have owner- aliases. Problem noted by Kari Hurtta
of the Finnish Meteorological Institute.
Properly display delayed-expansion macros ($&{macroname}) in
address test mode (-bt). Problem noted by Bryan Costales
of InfoBeat, Inc.
-qR could sometimes match names incorrectly. Problem noted by
Lutz Euler of Lavielle EDV Systemberatung GmbH & Co.
Include a magic number and version in the StatusFile for the
mailstats command.
Record the number of rejected and discarded messages in the
StatusFile for display by the mailstats command. Patch
from Randall Winchester of the University of Maryland.
IDENT returns where the OSTYPE field equals "OTHER" now list the
user portion as IDENT:username@site instead of
username@site to differentiate the two. Suggested by
Kari Hurtta of the Finnish Meteorological Institute.
Enforce timeout for LDAP queries. Patch from Per Hedeland of
Ericsson.
Change persistent host status filename substitution so '/' is
replaced by ':' instead of '|' to avoid clashes. Also
avoid clashes with hostnames with leading dots. Fix from
Mitchell Blank Jr. of Exec-PC.
If the system lock table is full, only attempt to create a new
queue entry five times before giving up. Previously, it
was attempted indefinitely which could cause the partition
to run out of inodes. Problem noted by Suzie Weigand of
Stratus Computer, Inc.
In verbose mode, warn if the sendmail.cf version is less than the
currently supported version.
Sorting for QueueSortOrder=host is now case insensitive. Patch
from Randall S. Winchester of the University of Maryland.
Properly quote a full name passed via the -F command line option,
the Full-Name: header, or the NAME environment variable if
it contains characters which must be quoted. Problem noted
by Kari Hurtta of the Finnish Meteorological Institute.
Avoid possible race condition that unlocked a mail job before
releasing the transcript file on systems that use flock(2).
In some cases, this might result in a "Transcript Unavailable"
message in error bounces.
Accept SMTP replies which contain only a reply code and no
accompanying text. Problem noted by Fernando Fraticelli of
Digital Equipment Corporation.
Portability:
AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura
of Kyoto University.
AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from
Randall S. Winchester of the University of
Maryland.
AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS.
CRAY T3E from Manu Mahonen of Center for Scientific Computing
in Finland.
Digital UNIX now uses statvfs for determining free
disk space. Patch from Randall S. Winchester of
the University of Maryland.
HP-UX 11.x from Richard Allen of Opin Kerfi HF and
Regis McEwen of Progress Software Corporation.
IRIX 64 bit fixes from Kari Hurtta of the Finnish
Meteorological Institute.
IRIX 6.2 configuration fix for mail.local from Michael Kyle
of CIC/Advanced Computing Laboratory.
IRIX 6.5 from Thomas H Jones II of SGI.
IRIX 6.X load average code from Bob Mende of SGI.
QNX from Glen McCready <glen@qnx.com>.
SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links
to sendmail. Install with group bin instead of kmem
as kmem does not exist. From Guillermo Freige of
Gobernacion de la Pcia de Buenos Aires and Paul
Fischer of BTG, Inc.
SunOS 4.X does not include memmove(). Patch from
Per Hedeland of Ericsson.
SunOS 5.7 includes getloadavg() function for determining
load average. Patch from John Beck of Sun
Microsystems.
CONFIG: Increment version number of config file.
CONFIG: add DATABASE_MAP_TYPE to set the default type of database
map for the various maps. The default is hash. Patch from
Robert Harker of Harker Systems.
CONFIG: new confEBINDIR m4 variable for defining the executable
directory for certain programs.
CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for
local mail delivery. By the default, /usr/libexec/mail.local
is used. This is expected to be the mail.local shipped
with 8.9 which is LMTP capable. The path is based on the
new confEBINDIR m4 variable.
CONFIG: Use confEBINDIR in determining path to smrsh for
FEATURE(smrsh). Note that this changes the default from
/usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the
old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh).
CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to
include $z/.forward.$w+$h and $z/.forward+$h which allow
the user to setup different .forward files for
user+detail addressing.
CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES,
and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
DontProbeInterfaces, and DontBlameSendmail options.
CONFIG: by default do not allow relaying (that is, accepting mail
from outside your domain and sending it to another host
outside your domain).
CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from
any site to any site.
CONFIG: new FEATURE(relay_entire_domain) allows any host in your
domain as defined by the 'm' class ($=m) to relay.
CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on
the MX records of the host portion of an incoming recipient.
CONFIG: new FEATURE(access_db) which turns on the access database
feature. This database gives you the ability to allow
or refuse to accept mail from specified domains for
administrative reasons. By default, names that are listed
as "OK" in the access db are domain names, not host names.
CONFIG: new confCR_FILE m4 variable for defining the name of the file
used for class 'R'. Defaults to /etc/mail/relay-domains.
CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file)
to add items to class 'R' ($=R) for hosts allowed to relay.
CONFIG: new FEATURE(relay_hosts_only) to change the behavior
of FEATURE(access_db) and class 'R' to lookup individual
host names only.
CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient
using % addressing is used, e.g. user%site@othersite,
and othersite is in class 'R', the check_rcpt ruleset
will strip @othersite and recheck user@site for relaying.
This feature changes that behavior. It should not be
needed for most installations.
CONFIG: new FEATURE(relay_local_from) to allow relaying if the
domain portion of the mail sender is a local host. This
should only be used if absolutely necessary as it opens
a window for spammers. Patch from Randall S. Winchester of
the University of Maryland.
CONFIG: new FEATURE(blacklist_recipients) turns on the ability to
block incoming mail destined for certain recipient
usernames, hostnames, or addresses.
CONFIG: By default, MAIL FROM: commands in the SMTP session will be
refused if the host part of the argument to MAIL FROM: cannot
be located in the host name service (e.g., DNS).
CONFIG: new FEATURE(accept_unresolvable_domains) accepts
unresolvable hostnames in MAIL FROM: SMTP commands.
CONFIG: new FEATURE(accept_unqualified_senders) accepts
MAIL FROM: senders which do not include a domain.
CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the
Realtime Blackhole List. You can specify the RBL name
server to contact by specifying it as an optional argument.
The default is rbl.maps.vix.com. For details, see
http://maps.vix.com/rbl/.
CONFIG: Call Local_check_relay, Local_check_mail, and
Local_check_rcpt from check_relay, check_mail, and
check_rcpt. Users with local rulesets should place the
rules using LOCAL_RULESETS. If a Local_check_* ruleset
returns $#OK, the message is accepted. If the ruleset
returns a mailer, the appropriate action is taken, else
the return of the ruleset is ignored.
CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by
default to support file, :include:, and program deliveries.
CONFIG: Remove the default for confDEF_USER_ID so the binary can
pick the proper default value. See the SECURITY note
above for more information.
CONFIG: FEATURE(nodns) now warns the user that the feature is a
no-op. Patch from Kari Hurtta of the Finnish
Meteorological Institute.
- CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to
+ CONFIG: OSTYPE(osf1) now sets DefaultUser (confDEF_USER_ID) to
daemon since DEC's /bin/mail will drop the envelope
sender if run as mailnull. See the Digital UNIX section
of src/README for more information. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
CONFIG: .cf files are now stored in the same directory with the
.mc files instead of in the obj directory.
CONFIG: New options confSINGLE_LINE_FROM_HEADER,
confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for
setting SingleLineFromHeader, AllowBogusHELO, and
MustQuoteChars respectively.
MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This
SMTP-like protocol allows detailed reporting of delivery
status on a per-user basis. Code donated by John Myers of
CMU (now of Netscape).
MAIL.LOCAL: HP-UX support from Randall S. Winchester of the
University of Maryland. NOTE: mail.local is not
compatible with the stock HP-UX mail format. Be sure to
read mail.local/README.
MAIL.LOCAL: Prevent other mail delivery agents from stealing a
mailbox lock. Patch from Randall S. Winchester of the
University of Maryland.
MAIL.LOCAL: glibc portability from John Kennedy of Cal State
University, Chico.
MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish
Meteorological Institute.
MAILSTATS: Display the number of rejected and discarded messages
in the StatusFile. Patch from Randall Winchester of the
University of Maryland.
MAKEMAP: New -s flag to ignore safety checks on database map files
such as linked files in world writable directories.
MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support.
PRALIASES: Add support for Berkeley DB 2.X.
PRALIASES: Do not automatically include NDBM support. Problem
noted by Ralf Hildebrandt of the Technical University of
Braunschweig.
RMAIL: Improve portability for other platforms. Patches from
Randall S. Winchester of the University of Maryland and
Kari Hurtta of the Finnish Meteorological Institute.
Changed Files:
src/Makefiles/Makefile.* files have been modified to use
the new build mechanism and are now BuildTools/OS/*.
src/makesendmail changed to symbolic link to src/Build.
New Files:
BuildTools/M4/header.m4
BuildTools/M4/depend/BSD.m4
BuildTools/M4/depend/CC-M.m4
BuildTools/M4/depend/NCR.m4
BuildTools/M4/depend/Solaris.m4
BuildTools/M4/depend/X11.m4
BuildTools/M4/depend/generic.m4
BuildTools/OS/AIX.4.2
BuildTools/OS/AIX.4.x
BuildTools/OS/CRAYT3E.2.0.x
BuildTools/OS/HP-UX.11.x
BuildTools/OS/IRIX.6.5
BuildTools/OS/NEXTSTEP.4.x
BuildTools/OS/NeXT.4.x
BuildTools/OS/NetBSD.8.3
BuildTools/OS/QNX
BuildTools/OS/SunOS.5.7
BuildTools/OS/dcosx.1.x.NILE
BuildTools/README
BuildTools/Site/README
BuildTools/bin/Build
BuildTools/bin/configure.sh
BuildTools/bin/find_m4.sh
BuildTools/bin/install.sh
Makefile
cf/cf/Build
cf/cf/generic-hpux10.cf
cf/feature/accept_unqualified_senders.m4
cf/feature/accept_unresolvable_domains.m4
cf/feature/access_db.m4
cf/feature/blacklist_recipients.m4
cf/feature/loose_relay_check.m4
cf/feature/local_lmtp.m4
cf/feature/promiscuous_relay.m4
cf/feature/rbl.m4
cf/feature/relay_based_on_MX.m4
cf/feature/relay_entire_domain.m4
cf/feature/relay_hosts_only.m4
cf/feature/relay_local_from.m4
cf/ostype/qnx.m4
contrib/doublebounce.pl
mail.local/Build
mail.local/Makefile.m4
mail.local/README
mailstats/Build
mailstats/Makefile.m4
makemap/Build
makemap/Makefile.m4
praliases/Build
praliases/Makefile.m4
rmail/Build
rmail/Makefile.m4
rmail/rmail.0
smrsh/Build
smrsh/Makefile.m4
src/Build
src/Makefile.m4
src/snprintf.c
Deleted Files:
cf/cf/Makefile (replaced by Makefile.dist)
mail.local/Makefile
mail.local/Makefile.dist
mailstats/Makefile
mailstats/Makefile.dist
makemap/Makefile
makemap/Makefile.dist
praliases/Makefile
praliases/Makefile.dist
rmail/Makefile
smrsh/Makefile
smrsh/Makefile.dist
src/Makefile
src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2)
src/Makefiles/Makefile.SMP_DC.OSx.NILE
(renamed BuildTools/OS/dcosx.1.x.NILE)
src/Makefiles/Makefile.Utah (obsolete platform)
Renamed Files:
READ_ME => README
cf/cf/Makefile.dist => Makefile
cf/cf/obj/* => cf/cf/*
src/READ_ME => src/README
8.8.8/8.8.8 1997/10/24
If the check_relay ruleset failed, the relay= field was logged
incorrectly. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
If /usr/tmp/dead.letter already existed, sendmail could not
add additional bounces to it. Problem noted by Thomas J.
Arseneault of SRI International.
If an SMTP mailer used a non-standard port number for the outgoing
connection, it would be displayed incorrectly in verbose mode.
Problem noted by John Kennedy of Cal State University, Chico.
Log the ETRN parameter specified by the client before altering them
to internal form. Suggested by Bob Kupiec of GES-Verio.
EXPN and VRFY SMTP commands on malformed addresses were logging as
User unknown with bogus delay= values. Change them to log
the same as compliant addresses. Problem noted by Kari E.
Hurtta of the Finnish Meteorological Institute.
Ignore the debug resolver option unless using sendmail debug trace
option for resolver. Problem noted by Greg Nichols of Wind
River Systems.
If SingleThreadDelivery was enabled and the remote server returned a
protocol error on the DATA command, the connection would be
closed but the persistent host status file would not be
unlocked so other sendmail processes could not deliver to
that host. Problem noted by Peter Wemm of DIALix.
If queueing up a message due to an expensive mailer, don't increment
the number of delivery attempts or set the last delivery
attempt time so the message will be delivered on the next
queue run regardless of MinQueueAge. Problem noted by
Brian J. Coan of the Institute for Global Communications.
Authentication warnings of "Processed from queue _directory_" and
"Processed by _username_ with -C _filename_" would be logged
with the incorrect timestamp. Problem noted by Kari E. Hurtta
of the Finnish Meteorological Institute.
Use a better heuristic for detecting GDBM.
Log null connections on dropped connections. Problem noted by
Jon Lewis of Florida Digital Turnpike.
If class dbm maps are rebuilt, sendmail will now detect this and
reopen the map. Previously, they could give stale
results during a single message processing (but would
recover when the next message was received). Fix from
Joe Pruett of Q7 Enterprises.
Do not log failures such as "User unknown" on -bv or SMTP VRFY
requests. Problem noted by Kari E. Hurtta of the
Finnish Meteorological Institute.
Do not send a bounce message back to the sender regarding bad
recipients if the SMTP connection is dropped before the
message is accepted. Problem noted by Kari E. Hurtta of the
Finnish Meteorological Institute.
Use "localhost" instead of "[UNIX: localhost]" when connecting to
sendmail via a UNIX pipe. This will allow rulesets using
$&{client_name} to process without sending the string through
dequote. Problem noted by Alan Barrett of Internet Africa.
A combination of deferred delivery mode, a double bounce situation,
and the inability to save a bounce message to
/var/tmp/dead.letter would cause sendmail to send a bounce
to postmaster but not remove the offending envelope from the
queue causing it to create a new bounce message each time the
queue was run. Problem noted by Brad Doctor of Net Daemons
Associates.
Remove newlines from hostname information returned via DNS. There are
no known security implications of newlines in hostnames as
sendmail filters newlines in all vital areas; however, this
could cause confusing error messages.
Starting with sendmail 8.8.6, mail sent with the '-t' option would be
rejected if any of the specified addresses were bad. This
behavior was modified to only reject the bad addresses and not
the entire message. Problem noted by Jozsef Hollosi of
SuperNet, Inc.
Use Timeout.fileopen when delivering mail to a file. Suggested by
Bryan Costales of InfoBeat, Inc.
Display the proper Final-Recipient on DSN messages for non-SMTP
mailers. Problem noted by Kari E. Hurtta of the
Finnish Meteorological Institute.
An error in calculating the available space in the list of addresses
for logging deliveries could cause an address to be silently
dropped.
Include the initial user environment if sendmail is restarted via
a HUP signal. This will give room for the process title.
Problem noted by Jon Lewis of Florida Digital Turnpike.
Mail could be delivered without a body if the machine does not
support flock locking and runs out of processes during
delivery. Fix from Chuck Lever of the University of Michigan.
Drop recipient address from 251 and 551 SMTP responses per RFC 821.
Problem noted by Kari E. Hurtta of the Finnish Meteorological
Institute.
Make sure non-rebuildable database maps are opened before the
rebuildable maps (i.e., alias files) in case the database maps
are needed for verifying the left hand side of the aliases.
Problem noted by Lloyd Parkes of Victoria University.
Make sure sender RFC822 source route addresses are alias expanded for
bounce messages. Problem noted by Juergen Georgi of
RUS University of Stuttgart.
Minor lint fixes.
Return a temporary error instead of a permanent error if an LDAP map
search returns an error. This will allow sequenced maps which
use other LDAP servers to be checked. Fix from Booker Bense
of Stanford University.
When automatically converting from quoted printable to 8bit text do
not pad bare linefeeds with a space. Problem noted by Theo
Nolte of the University of Technology Aachen, Germany.
Portability:
Non-standard C compilers may have had a problem compiling
conf.c due to a standard C external declaration of
setproctitle(). Problem noted by Ted Roberts of
Electronic Data Systems.
AUX: has a broken O_EXCL implementation. Reported by Jim
Jagielski of jaguNET Access Services.
BSD/OS: didn't compile if HASSETUSERCONTEXT was defined.
Digital UNIX: Digital UNIX (and possibly others) moves
loader environment variables into the loader memory
area. If one of these environment variables (such as
LD_LIBRARY_PATH) was the last environment variable,
an invalid memory address would be used by the process
title routine causing memory corruption. Problem
noted by Sam Hartman of Mesa Internet Systems.
GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused
chownsafe() to always return 0 even if the OS does
not permit file giveaways. Problem noted by
Yasutaka Sumi of The University of Tokyo.
IRIX6: Syslog buffer size set to 512 bytes. Reported by
Gerald Rinske of Siemens Business Services VAS.
Linux: Pad process title with NULLs. Problem noted by
Jon Lewis of Florida Digital Turnpike.
SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an
incorrect value for the number of interfaces.
Problem noted by Chris Loelke of JetStream Internet
Services.
SINIX: Update for Makefile and syslog buffer size from Gerald
Rinske of Siemens Business Services VAS.
Solaris: Make sure HASGETUSERSHELL setting for SunOS is not
used on a Solaris machine. Problem noted by
Stephen Ma of Jtec Pty Limited.
CONFIG: SINIX: Update from Gerald Rinske of Siemens Business
Services VAS.
MAKEMAP: Use a better heuristic for detecting GDBM.
CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff.
OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of
Ericsson.
8.8.7/8.8.7 1997/08/03
If using Berkeley DB on systems without O_EXLOCK (open a file with
an exclusive lock already set -- i.e., almost all systems
except 4.4-BSD derived systems), the initial attempt at
rebuilding aliases file if the database didn't already
exist would fail. Patch from Raymund Will of LST Software
GmbH.
Bogus incoming SMTP commands would reset the SMTP conversation.
Problem noted by Fredrik Jönsson of the Royal Institute
of Technology, Stockholm.
Since TCP Wrappers includes setenv(), unsetenv(), and putenv(),
some environments could give "multiple definitions" for these
routines during compilation. If using TCP Wrappers, assume
that these routines are included as though they were in the
C library. Patch from Robert La Ferla.
When a NEWDB database map was rebuilt at the same time it was being
used by a queue run, the maps could be left locked for the
duration of the queue run, causing other processes to hang.
Problem noted by Kendall Libby of Shore.NET.
In some cases, NoRecipientAction=add-bcc was being ignored, so the
mail was passed on without any recipient header. This could
cause problems downstream. Problem noted by Xander Jansen
of SURFnet ExpertiseCentrum.
Give error when GDBM is used with sendmail. GDBM's locking and
linking of the .dir and .pag files interferes with sendmail's
locking and security checks. Problems noted by Fyodor
Yarochkin of the Kyrgyz Republic FreeNet.
Don't fsync qf files if SuperSafe option is not set.
Avoid extra calls to gethostbyname for addresses for which a
gethostbyaddr found no value. Also, ignore any returns
from gethostbyaddr that look like a dotted quad.
If PTR lookup fails when looking up an SMTP peer, don't tag it as
"may be forged", since at the network level we pretty much
have to assume that the information is good.
In some cases, errors during an SMTP session could leave files
open or locked.
Better handling of missing file descriptors (0, 1, 2) on startup.
Better handling of non-set-user-ID binaries -- avoids certain obnoxious
errors during testing.
Errors in file locking of NEWDB maps had the incorrect file name
printed in the error message.
If the AllowBogusHELO option were set and an EHLO with a bad or
missing parameter were issued, the EHLO behaved like a HELO.
Load limiting never kicked in for incoming SMTP transactions if the
DeliveryMode=background and any recipient was an alias or
had a .forward file. From Nik Conwell of Boston University.
On some non-Posix systems, the decision of whether chown(2) permits
file giveaway was undefined. From Tetsu Ushijima of the
Tokyo Institute of Technology.
Fix race condition that could cause the body of a message to be
lost (so only the header was delivered). This only occurs
on systems that do not use flock(2), and only when a queue
runner runs during a critical section in another message
delivery. Based on a patch from Steve Schweinhart of
Results Computing.
If a qf file was found in a mail queue directory that had a problem
(wrong ownership, bad format, etc.) and the file name was
exactly MAXQFNAME bytes long, then instead of being tried
once, it would be tried on every queue run. Problem noted
by Bryan Costales of Mercury Mail.
If the system supports an st_gen field in the status structure,
include it when reporting that a file has changed after open.
This adds a new compile flag, HAS_ST_GEN (0/1 option).
This out to be checked as well as reported, since it is
theoretically possible for an attacker to remove a file after
it is opened and replace it with another file that has the
same i-number, but some filesystems (notably AFS) return
garbage in this field, and hence always look like the file
has changed. As a practical matter this is not a security
problem, since the files can be neither hard nor soft links,
and on no filesystem (that I am aware of) is it possible to
have two files on the same filesystem with the same i-number
simultaneously.
Delete the root Makefile from the distribution -- it is only for
use internally, and does not work at customer sites.
Fix botch that caused the second MAIL FROM: command in a single
transaction to clear the entire transaction. Problem
noted by John Kennedy of Cal State University, Chico.
Work properly on machines that have _PATH_VARTMP defined without
a trailing slash. (And a pox on vendors that decide to
ignore the established conventions!) Problem noted by
Gregory Neil Shapiro of WPI.
Internal changes to make it easier to add another protocol family
(intended for IPv6). Patches are from John Kennedy of
CSU Chico.
In certain cases, 7->8 bit MIME decoding of Base64 text could leave
an extra space at the beginning of some lines. Problem
noted by Charles Karney of Princeton University; fix based
on a patch from Christophe Wolfhugel.
Portability:
Allow _PATH_VENDOR_CF to be set in Makefile for consistency
with the _Sendmail_ book, 2nd edition. Note that
the book is actually wrong: _PATH_SENDMAILCF should
be used instead.
AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow
of Argonne National Laboratory.
OpenBSD from from Paul DuBois of the University of Wisconsin.
RISC/os 4.0 from Paul DuBois of the University of Wisconsin.
SunOS: Include <memory.h> to fix warning from util.c. From
James Aldridge of EUnet Ltd.
Solaris: Change STDIR (location of status file) to /etc/mail
in Makefiles.
Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
Makefiles. Use NEWDB on Linux instead.
NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
exists but behaves differently than other OSes.
Add SIOCGIFNUM_IS_BROKEN compile flag to get
around the problem. Problem noted by Tom Moore of
NCR Corp.
HP-UX 9.x: fix compile warnings for old select API. Problem
noted by Tom Smith of Digital Equipment Corp.
UnixWare 2.x: compile warnings on offsetof macro. Problem
noted by Tom Good of the Community Access Information
Resource Network
SCO 4.2: compile problems caused by a change in the type of
the "length" parameters passed to accept, getpeername,
getsockname, and getsockopt. Adds new compile flags
SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported
by Tom Good of St. Vincent's North Richmond Community
Mental Health Center Residential Services.
AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.
Suggested by Brett Hogden of Rochester Gas & Electric
Corp.
Linux: avoid compile problem for versions of <setjmp.h> that
#define both setjmp and longjmp. Problem pointed out
by J.R. Oldroyd of TerraNet.
CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
from Christopher Durham of SCO.
CONFIG: NEXTSTEP: define confCW_FILE to
/etc/sendmail/sendmail.cw to match the usual
configuration. Patch from Dennis Glatting of
PlainTalk.
CONFIG: MAILER(fax) called a program that hasn't existed for a long
time. Convert to use the HylaFAX 4.0 conventions. Suggested
by Harry Styron.
CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These
are the rulesets in use on sendmail.org.
MAKEMAP: give error on GDBM files.
MAIL.LOCAL: Make error messages a bit more explicit, for example,
telling more details on what actually changed when "file
changed after open".
CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw
files.
CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
NEW FILES:
src/Makefiles/Makefile.OpenBSD
src/Makefiles/Makefile.RISCos.4_0
test/t_exclopen.c
cf/ostype/sco-uw-2.1.m4
DELETED FILES:
Makefile
8.8.6/8.8.6 1997/06/14
*************************************************************
* The extensive assistance of Gregory Neil Shapiro of WPI *
* in preparing this release is gratefully appreciated. *
* Sun Microsystems has also provided resources toward *
* continued sendmail development. *
*************************************************************
SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open
mode bits set to create a file that is a symbolic link that
points nowhere. This makes it possible to create a root
owned file in an arbitrary directory by inserting the symlink
into a writable directory after the initial lstat(2) check
determined that the file did not exist. The only verified
example of a system having these odd semantics for O_EXCL
and symbolic links was HP-UX prior to version 9.07. Most
systems do not have the problem, since a exclusive create
of a file disallows symbolic links. Systems that have been
verified to NOT have the problem include AIX 3.x, *BSD,
DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris,
and Ultrix. This is a potential exposure on systems that
have this bug and which do not have a MAILER-DAEMON alias
pointing at a legitimate account, since this will cause old
mail to be dropped in /var/tmp/dead.letter.
SECURITY: Problems can occur on poorly managed systems, specifically,
if maps or alias files are in world writable directories.
If your system has alias maps in writable directories, it
is potentially possible for an attacker to replace the .db
(or .dir and .pag) files by symbolic links pointing at
another database; this can be used either to expose
information (e.g., by pointing an alias file at /etc/spwd.db
and probing for accounts), or as a denial-of-service attack
(by trashing the password database). The fix disallows
symbolic links entirely when rebuilding alias files or on
maps that are in writable directories, and always warns on
writable directories; 8.9 will probably consider writable
directories to be fatal errors. This does not represent an
exposure on systems that have alias files in unwritable
system directories.
SECURITY: disallow .forward or :include: files that are links (hard
or soft) if the parent directory (or any directory in the
path) is writable by anyone other than the owner. This is
similar to the previous case for user files. This change
should not affect most systems, but is necessary to prevent
an attacker who can write the directory from pointing such
files at other files that are readable only by the owner.
SECURITY: Tighten safechown rules: many systems will say that they
have a safe (restricted to root) chown even on files that
are mounted from another system that allows owners to give
away files. The new rules are very strict, trusting file
ownership only in those few cases where the system has
been verified to be at least as paranoid as necessary.
However, it is possible to relax the rules to partially
trust the ownership if the directory path is not world or
group writable. This might allow someone who has a legitimate
:include: file (referenced directly from /etc/aliases) to
become another non-root user if the :include: file is in a
non-writable directory on an NFS-mounted filesystem where
the local system says that giveaway is denied but it is
actually permitted. I believe this to be a very small set
of cases. If in doubt, do not point :include: aliases at
NFS-mounted filesystems.
SECURITY: When setting a numeric group id using the RunAsUser option
(e.g., "O RunAsUser=10:20", the group id would not be set.
Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha
group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine.
The user id was still set properly. Problem noted by Uli
Pralle of the Technical University of Berlin.
Save the initial gid set for use when checking for if the
PrivacyOptions=restrictmailq option is set. Problem reported
by Wolfgang Ley of DFN-CERT.
Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a
failure on one message won't affect future messages to the
same host).
IP source route printing had an "off by one" error that would
affect any options that came after the route option. Patch
from Theo de Raadt.
The "Message is too large" error didn't successfully bounce the error
back to the sender. Problem reported by Stephen More of
PSI; patch from Gregory Neil Shapiro of WPI.
Change SMTP status code 553 to map into Extended code 5.1.0 (instead
of 5.1.3); it apparently gets used in multiple ways.
Suggested by John Myers of Portola Communications.
Fix possible extra null byte generated during collection if errors
occur at the beginning of the stream. Patch contributed by
Andrey A. Chernov and Gregory Neil Shapiro.
Code changes to avoid possible reentrant call of malloc/free within
a signal handler. Problem noted by John Beck of Sun
Microsystems.
Move map initialization to be earlier so that check_relay ruleset
will have the latest version of the map data. Problem noted
by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro.
If there are fatal errors during the collection phase (e.g., message
too large) don't send the bogus message.
Avoid "cannot open xfAAA00000" messages when sending to aliases that
have errors and have owner- aliases. Problem noted by Michael
Barber of MTU; fix from Gregory Neil Shapiro of WPI.
Avoid null pointer dereference on illegal Boundary= parameters in
multipart/mixed Content-Type: header. Problem noted by
Richard Muirden of RMIT University.
Always print error messages during newaliases (-bi) even if the
ErrorMode is not set to "print". Fix from Gregory Neil
Shapiro.
Test mode could core dump if you did a /map lookup in an optional map
that could not be opened. Based on a fix from John Beck of
Sun Microsystems.
If DNS is misconfigured so that the last MX record tried points to
a host that does not have an A record, but other MX records
pointed to something reasonable, don't bounce the message
with a "host unknown" error. Note that this should really
be fixed in the zone file for the domain. Problem noted by
Joe Rhett of Navigist, Inc.
If a map fails (e.g., DNS times out) on all recipient addresses, mark
the message as having been tried; otherwise the next queue
run will not realize that this is a second attempt and will
retry immediately. Problem noted by Bryan Costales of
Mercury Mail.
If the clock is set backwards, and a MinQueueAge is set, no jobs
will be run until the later setting of the clock is reached.
"Problem" (I use the term loosely) noted by Eric Hagberg of
Morgan Stanley.
If the load average rises above the cutoff threshold (above which
sendmail will not process the queue at all) during a queue
run, abort the queue run immediately. Problem noted by
Bryan Costales of Mercury Mail.
The variable queue processing algorithm (based on the message size,
number of recipients, message precedence, and job age) was
non-functional -- either the entire queue was processed or
none of the queue was processed. The updated algorithm
does no queue run if a single recipient zero size job will
not be run.
If there is a fatal ("panic") message that will cause sendmail to
die immediately, never hold the error message for future
printing.
Force ErrorMode=print in -bt mode so that all errors are printed
regardless of the setting of the ErrorMode option in the
configuration file. Patch from Gregory Neil Shapiro.
New compile flag HASSTRERROR says that this OS has the strerror(3)
routine available in one of the libraries. Use it in conf.h.
The -m (match only) flag now works on host class maps.
If class hash or btree maps are rebuilt, sendmail will now detect
this and reopen the map. Previously, they could give
erroneous results during a single message processing
(but would recover when the next message was received).
Don't delete zero length queue files when doing queue runs until the
files are at least ten minutes old. This avoids a potential
race condition: the creator creates the qf file, getting back
a file descriptor. The queue runner locks it and deletes it
because it is zero length. The creator then writes the
descriptor that is now for a disconnected file, and the
job goes away. Based on a suggestion by Bryan Costales.
When determining the "validated" host name ($_ macro), do a forward
(A) DNS lookup on the result of the PTR lookup and compare
results. If they differ or if the PTR lookup fails, tag the
address as "may be forged".
Log null connections (i.e., hosts that connect but do not do any
substantive activity on the connection before disconnecting;
"substantive" is defined to be MAIL, EXPN, VRFY, or ETRN.
Always permit "writes" to /dev/null regardless of the link count.
This is safe because /dev/null is special cased, and no open
or write is ever actually attempted. Patch from Villy Kruse
of TwinCom.
If a message cannot be sent because of a 552 (exceeded storage
allocation) response to the MAIL FROM:<>, and a SIZE= parameter
was given, don't return the body in the bounce, since there
is a very good chance that the message will double-bounce.
Fix possible line truncation if a quoted-printable had an =00 escape
in the body. Problem noted by Charles Karney of the Princeton
Plasma Physics Laboratory.
Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses.
Problem noted by Kari Hurtta of the Finnish Meteorological
Institute.
The MaxDaemonChildren option wasn't applying to queue runs as
documented. Note that this increases the potential denial
of service problems with this option: an attacker can
connect many times, and thereby lock out queue runs as well
as incoming connections. If you use this option, you should
run the "sendmail -bd" and "sendmail -q30m" jobs separately
to avoid this attack. Failure to limit noted by Matthew
Dillon of BEST Internet Communications.
Always give a message in newaliases if alias files cannot be
opened instead of failing silently. Suggested by Gregory
Neil Shapiro. This change makes the code match the O'Reilly
book (2nd edition).
Some older versions of the resolver could return with h_errno == -1
if no name server could be reached, causing mail to bounce
instead of queueing. Treat this like TRY_AGAIN. Fix from
John Beck of SunSoft.
If a :include: file is owned by a user that does not have an entry
in the passwd file, sendmail could dereference a null pointer.
Problem noted by Satish Mynam of Sun Microsystems.
Take precautions to make sure that the SMTP protocol cannot get out
of sync if (for example) an alias file cannot be opened.
Fix a possible race condition that can cause a SIGALRM to come in
immediately after a SIGHUP, causing the new sendmail to die.
Avoid possible hang on SVr3 systems when doing child reaping. Patch
from Villy Kruse of TwinCom.
Ignore improperly formatted SMTP reply codes. Previously these were
partially processed, which could cause confusing error
returns.
Fix possible bogus pointer dereference when doing ldapx map lookups
on some architectures.
Portability:
A/UX: from Jim Jagielski of NASA/GSFC.
glibc: SOCK_STREAM was changed from a #define to an enum,
thus breaking #ifdef SOCK_STREAM. Only option seems
to be to assume SOCK_STREAM if __GNU_LIBRARY__ is
defined. Problem reported by A Sun of the University
of Washington.
Solaris: use SIOCGIFNUM to get the number of interfaces on
the system rather than guessing at compile time.
Patch contributed by John Beck of Sun Microsystems.
Intel Paragon: from Wendy Lin of Purdue University.
GNU Hurd: from Miles Bader of the GNU project.
RISC/os 4.50 from Harlan Stenn of PFCS Corporation.
ISC Unix: wait never returns if SIGCLD signals are blocked.
Unfortunately releasing them opens a race condition,
but there appears to be no fix for this. Patch from
Gregory Neil Shapiro.
BIND 8.1 for IPv6 compatibility from John Kennedy.
Solaris: a bug in strcasecmp caused characters with the
high order bit set to apparently randomly match
letters -- for example, $| (0233) matches "i" and "I".
Problem noted by John Gregson of the University of
Cambridge.
IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From
Kari Hurtta.
IRIX 6.x: Create Makefiles for systems that claim to be
IRIX64 but are 6.2 or higher (so use the regular
IRIX Makefile).
IRIX 6.x: Fix load average computation on 64 bit kernels.
Problem noted by Eric Hagberg of Morgan Stanley.
CONFIG: Some canonification was still done for UUCP-like addresses
even if FEATURE(nocanonify) was set. Problem pointed out by
Brian Candler.
CONFIG: In some cases UUCP mailers wouldn't properly recognize all
local names as local. Problem noted by Jeff Polk of BSDI;
fix provided by Gregory Neil Shapiro.
CONFIG: The "local:user" syntax entries in mailertables and other
"mailer:user" syntax locations returned an incorrect value
for the $h macro. Problem noted by Gregory Neil Shapiro.
CONFIG: Retain "+detail" information when forwarding mail to a
MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip
Guenther of Gustavus Adolphus College.
CONFIG: Make sure user+detail works for FEATURE(virtusertable);
rules are the same as for aliasing. Based on a patch from
Gregory Neil Shapiro.
CONFIG: Break up parsing rules into several pieces; this should
have no functional change in this release, but makes it
possible to have better anti-spam rulesets in the future.
CONFIG: Disallow double dots in host names to avoid having the
HostStatusDirectory store status under the wrong name.
In some cases this can be used as a denial-of-service attack.
Problem noted by Ron Jarrell of Virginia Tech, patch from
Gregory Neil Shapiro.
CONFIG: Don't use F=m (multiple recipients per invocation) for
MAILER(procmail), but do pass F=Pn9 (include Return-Path:,
don't include From_, and convert to 8-bit). Suggestions
from Kimmo Suominen and Roderick Schertler.
CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were
being masqueraded as though FEATURE(masquerade_entire_domain)
was specified, even when it wasn't.
MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft.
MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't
"slip in" a symbolic link between the lstat(2) call and the
exclusive open. This is only a problem on System V derived
systems that allow an exclusive create on files that are
symbolic links pointing nowhere.
MAIL.LOCAL: If the final mailbox close() failed, the user id was
not reset back to root, which on some systems would cause
later mailboxes to fail. Also, any partial message would
not be truncated, which could result in repeated deliveries.
Problem noted by Bruce Evans via Peter Wemm (FreeBSD
developers).
MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar
change to the sendmail map code was made in 8.8.3. Problem
noted by Gregory Neil Shapiro.
MAKEMAP: Give warnings on file problems such as map files that are
symbolic links; although makemap is not set-user-ID root, it is
often run as root and hence has the potential for the same
sorts of problems as alias rebuilds.
MAKEMAP: Change compilation so that it will link properly on
NEXTSTEP.
CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf.
Accept an optional list of arguments following the server
name for the ETRN arguments to use (instead of $=w). Other
miscellaneous bug fixes. From Christian von Roques via
John Beck of Sun Microsystems.
CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This
Perl script converts GECOS information in the /etc/passwd
file into aliases, allowing for faster access to full name
lookups; it is also clever about adding aliases (to root)
for system accounts.
NEW FILES:
src/safefile.c
cf/ostype/gnuhurd.m4
cf/ostype/irix6.m4
contrib/passwd-to-alias.pl
src/Makefiles/Makefile.IRIX64.6.1
src/Makefiles/Makefile.IRIX64.6.x
RENAMED FILES:
src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x
src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0
8.8.5/8.8.5 1997/01/21
SECURITY: Clear out group list during startup. Without this, sendmail
will continue to run with the group permissions of the caller,
even if RunAsUser is specified.
SECURITY: Make purgestat (-bH) be root-only. This is not in response
to any known attack, but it's best to be conservative.
Suggested by Peter Wemm of DIALix.
SECURITY: Fix buffer overrun problem in MIME code that has possible
security implications. Patch from Alex Garthwaite of the
University of Pennsylvania.
Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'")
would truncate the address after "Full". Although the -f
syntax is incorrect (since it is in the envelope, it
shouldn't have comments and full names), the failure mode
was unnecessarily awful.
Fix a possible null pointer dereference when converting 8-bit data
to a 7-bit format. Problem noted by Jim Hutchins of
Sandia National Labs and David James of British Telecom.
Clear out stale state that affected F=9 on SMTP mailers in queue
runs. Although this really shouldn't be used (F=9 is for
final delivery only, and using it on an SMTP mailer makes
it possible for a message to be converted from 8->7->8->7
bits several times), it shouldn't have failed with a syserr.
Problem noted by Eric Hagberg of Morgan Stanley.
_Really_ fix the multiple :maildrop code in the user database
module. Patch from Roy Mongiovi of Georgia Tech.
Let F lines in the configuration file actually read root-only
files if the configuration file is safe. Based on a
patch from Keith Reynolds of SCO.
ETRN followed by QUIT would hold the connection open until the queue
run completed. Problem noted by Truck Lewis of TDK
Semiconductor Corp.
It turns out that despite the documentation, the TCP wrappers library
does _not_ log rejected connections. Do the logging ourselves.
Problem noted by Fletcher Mattox of the University of Texas
at Austin.
If sendmail finds a qf file in its queue directory that is an unknown
version (e.g., when backing out to an old version), the
error is reported on every queue run. Change it to only
give the error once (and rename the qf => Qf). Patch from
William A. Gianopoulos of Raytheon Company.
Start a new session when doing background delivery; currently it
ignored signals but didn't start a new signal, that caused
some problems if a background process tried to send mail
under certain circumstances. Problem noted by Eric Hagberg
of Morgan Stanley; fix from Kari Hurtta.
Simplify test for skipping a queue run to just check if the current
load average is >= the queueing load average. Previously
the check factored in some other parameters that caused it
to essentially never skip the queue run. Patch from Bryan
Costales.
If the SMTP server is running in "nullserver" mode (that is, it is
rejecting all commands), start sleeping after MAXBADCOMMAND
(25) commands; this helps prevent a bad guy from putting
you into a tight loop as a denial-of-service attack. Based
on an e-mail conversation with Brad Knowles of AOL.
Slow down when too many "light weight" commands have been issued;
this helps prevent a class of denial-of-service attacks.
The current values and defaults are:
MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
MAXHELOCOMMANDS 3 HELO, EHLO
MAXVRFYCOMMANDS 6 VRFY, EXPN
MAXETRNCOMMANDS 8 ETRN
These will probably be configurable in a future release.
On systems that have uid_t typedefed to be an unsigned short, programs
that had the F=S flag and no U= equate would be invoked with
the real uid set to 65535 rather than being left unchanged.
In some cases, NOTIFY=NEVER was not being honored. Problem noted
by Steve Hubert of the University of Washington, Seattle.
Mail that was Quoted-Printable encoded and had a soft line break on
the last line (i.e., an incomplete continuation) had the last
line dropped. Since this appears to be illegal it isn't
clear what to do with it, but flushing the last line seems
to be a better "fail soft" approach. Based on a patch from
Eric Hagberg.
If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a
bogus HELO command still causes the "Polite people say HELO
first" error message. Problem pointed out by Chris Thomas
of UCLA; patch from John Beck of SunSoft.
Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set
in PrivacyOptions. The -q shouldn't turn this command off.
Problem noted by Murray Kucherawy of Pacific Bell Internet;
based on a patch from Gregory Neil Shapiro of WPI.
Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation)
in a DATA transaction to be sticky; these can occur because
a message is too large, and smaller messages should still go
through. Problem noted by Matt Dillon of Best Internet
Communications.
In some cases bounces were saved in /var/tmp/dead.letter even if they
had been successfully delivered to the envelope sender.
Problem noted Eric Hagberg of Morgan Stanley; solution from
Gregory Neil Shapiro of WPI.
Give better diagnostics on long alias lines. Based on code contributed
by Patrick Gosling of the University of Cambridge.
Increase the number of virtual interfaces that will be probed for
alternate names. Problem noted by Amy Rich of Shore.Net.
PORTABILITY:
UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from
Toshiaki Nomura of Fujitsu Limited.
SunOS with LDAP support: compile problems with struct timeval.
Patch from Nick Cuccia of TCSI Corporation.
SCO: from Keith Reynolds of SCO.
Solaris: kstat load average computation wasn't being used.
Fixes from Michael Ju. Tokarev of Telecom Service, JSC
(Moscow).
OpenBSD: from Jason Downs of teeny.org.
Altos System V: from Tim Rice.
Solaris 2.5: from Alan Perry of SunSoft.
Solaris 2.6: from John Beck of SunSoft.
Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli
of Pratt & Whitney <miorelli@pweh.com>.
CONFIG: It seems that I hadn't gotten the Received: line syntax
_just_right_ yet. Tweak it again. I'll omit the names
of the "contributors" (quantity two) in this one case.
As of now, NO MORE DISCUSSION about the syntax of the
Received: line.
CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E),
it never inserts that class into the output file. Fix it
so it will honor EXPOSED_USER but will _not_ include root
automatically in this class. Problem noted by Ronan KERYELL
of Centre de Recherche en Informatique de l'École Nationale
Supérieure des Mines de Paris (CRI-ENSMP).
CONFIG: Clean up handling of "local:" syntax in relay specifications
such as LUSER_RELAY. This change permits the following
syntaxes: ``local:'' will send to the same user on the
local machine (e.g., in a mailertable entry for "host",
``local:'' will cause an address addressed to user@host to
go to user on the local machone). ``local:user'' will send
to the named user on the local machine. ``local:user@host''
is equivalent to ``local:user'' (the host is ignored). In
all cases, the original user@host is passed in $@ (i.e., the
detail information). Inspired by a report from Michael Fuhr.
CONFIG: Strip quotes from the first word of an "error:" host
indication. This lets you set (for example) the LUSER_RELAY
to be ``error:\"5.1.1\" Your Message Here''. Note the use
of the \" so that the resulting string is properly quoted.
Problem noted by Gregory Neil Shapiro of WPI.
OP.ME: documentation was inconsistent about whether sendmail did a
NOOP or a RSET to probe the connection (it does a RSET).
Inconsistency noted by Deeran Peethamparam.
OP.ME: insert additional blank pages so it will print properly on
a duplex printer. From Matthew Black of Cal State University,
Long Beach.
8.8.4/8.8.4 1996/12/02
SECURITY: under some circumstances, an attacker could get additional
permissions by hard linking to files that were group
writable by the attacker. The solution is to disallow any
files that have hard links -- this will affect .forward,
:include:, and output files. Problem noted by Terry
Kyriacopoulos of Interlog Internet Services. As a
workaround, set UnsafeGroupWrites -- always a good idea.
SECURITY: the TryNullMXList (w) option should not be safe -- if it
is, it is possible to do a denial-of-service attack on
MX hosts that rely on the use of the null MX list. There
is no danger if you have this option turned off (the default).
Problem noted by Dan Bernstein. Also, make the DontInitGroups
unsafe. I know of no specific attack against this, although
a denial-of-service attack is probably possible, but in theory
you should not be able to safely tweak anything that affects
the permissions that are used when mail is delivered.
Purgestat could go into an infinite loop if one of the host status
directories somehow became empty. Problem noted by Roy
Mongiovi of Georgia Tech.
Processes got "lost" when counting children due to a race condition.
This caused "proc_list_probe: lost pid" messages to be logged.
Problem noted by several people.
On systems with System V SIGCLD child signal semantics (notably AIX
and HP-UX), mail transactions would print the message "451
SMTP-MAIL: lost child: No child processes". Problem noted
by several people.
Miscellaneous compiler warnings on picky compilers (or when setting
gcc to high warning levels). From Tom Moore of NCR Corp.
SMTP protocol errors, and most errors on MAIL FROM: lines should
not be persistent between runs, since they are based on the
message rather than the host. Problem noted by Matt Dillon
of Best Internet Communications.
The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore
of NCR (a.k.a., AT&T Global Information Solutions).
Avoid the possibility of having a child daemon run to completion
(including closing the SMTP socket) before the parent has
had a chance to close the socket; this can cause the parent
to hang for a long time waiting for the socket to drain.
Patch from Don Lewis of TDK Semiconductor.
If the fork() failed in a queue run, the queue runners would not be
rescheduled (so queue runs would stop). Patch from Don Lewis.
Some error conditions in ETRN could cause output without an SMTP
status code. Problem noted by Don Lewis.
Multiple :maildrop addresses in the user database didn't work properly.
Patch from Roy Mongiovi of Georgia Tech.
Add ".db" automatically onto any user database spec that does not
already have it; this is for consistency with makemap, the
K line, and the documentation. Inconsistency pointed out
by Roy Mongiovi.
Allow sendmail to be properly called in nohup mode. Patch from
Kyle Jones of UUNET.
Change ETRN to ignore but still update host status files; previously
it would ignore them and not save the updated status, which
caused stale information to be maintained. Based on a patch
from Christopher Davis of Kapor Enterprises Inc. Also, have
ETRN ignore the MinQueueAge option.
Patch long term host status to recover more gracefully from an empty
host status file condition. Patch from NAKAMURA Motonori
of Kyoto University.
Several patches to signal handling code to fix potential race
conditions from Don Lewis.
Make it possible to compile with -DDAEMON=0 (previously it had some
compile errors). This turns DAEMON, QUEUE, and SMTP into
0/1 compilation flags. Note that DAEMON is an obsolete
compile flag; use NETINET instead. Solution based on a
patch from Bryan Costales.
PORTABILITY FIXES:
AIX4: getpwnam() and getpwuid() do a sequential scan of the
/etc/security/passwd file when called as root. This
is very slow on some systems. To speed it up, use the
(undocumented) _getpw{nam,uid}_shadow() routines.
Patch from Chris Thomas of UCLA/OAC Systems Group.
SCO 5.x: include -lprot in the Makefile. Patch from Bill
Glicker of Burrelle's Information Service.
NEWS-OS 4.x: need a definition for MODE_T to compile. Patch
from Makoto MATSUSHITA of Osaka University.
SunOS 4.0.3: compile problems. Patches from Andrew Cole of
Leeds University and SASABE Tetsuro of the University
of Tokyo.
DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support
Services, Inc.
Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp.
I believe this to have only been a problem if you
compiled with -DUSE_VENDOR_CF_PATH -- another reason
to stick with /etc/sendmail.cf as your One True Path.
Digital UNIX (OSF/1 on Alpha) load average computation from
Martin Laubach of the Technischen Universität Wien.
CONFIG: change default Received: line to be multiple lines rather
than one long one. By popular demand.
MAIL.LOCAL: warnings weren't being logged on some systems. Patch
from Jerome Berkman of U.C. Berkeley.
MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs
to take a very long time. Problem noted by Yoshiro YONEYA
of NTT Software Corporation.
CONTRIB: add etrn.pl, contributed by John Beck.
NEW FILES:
contrib/etrn.pl
8.8.3/8.8.3 1996/11/17
SECURITY: it was possible to get a root shell by lying to sendmail
about argv[0] and then sending it a signal. Problem noted
by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the
best-of-security list.
Log sendmail binary version number in "Warning: .cf version level
(%d) exceeds program functionality (%d) message" -- this
should make it clearer to people that they are running
the wrong binary.
Fix a problem that occurs when you open an SMTP connection and then
do one or more ETRN commands followed by a MAIL command; at
the end of the DATA phase sendmail would incorrectly report
"451 SMTP-MAIL: lost child: No child processes". Problem
noted by Eric Bishop of Virginia Tech.
When doing text-based host canonification (typically /etc/hosts
lookup), a null host name would match any /etc/hosts entry
with space at the end of the line. Problem noted by Steve
Hubert of the University of Washington, Seattle.
7 to 8 bit BASE64 MIME conversions could duplicate bits of text.
Problem reported by Tom Smith of Digital Equipment Corp.
Increase the size of the DNS answer buffer -- the standard UDP packet
size PACKETSZ (512) is not sufficient for some nameserver
answers containing very many resource records. The resolver
may also switch to TCP and retry if it detects UDP packet
overflow. Also, allow for the fact that the resolver
routines res_query and res_search return the size of the
*un*truncated answer in case the supplied answer buffer it
not big enough to accommodate the entire answer. Patch from
Eric Wassenaar.
Improvements to MaxDaemonChildren code. If you think you have too
many children, probe the ones you have to verify that they
are still around. Suggested by Jared Mauch of CICnet, Inc.
Also, do this probe before growing the vector of children
pids; this previously caused the vector to grow indefinitely
due to a race condition. Problem reported by Kyle Jones of
UUNET.
On some architectures, <db.h> (from the Berkeley DB library) defines
O_EXLOCK to zero; this fools the map compilation code into
thinking that it can avoid race conditions by locking on open.
Change it to check for O_EXLOCK non-zero. Problem noted by
Leif Erlingsson of Data Lege.
Always call res_init() on startup (if compiled in, of course) to
allow the sendmail.cf file to tweak resolver flags; without
it, flag tweaks in ResolverOptions are ignored. Patch from
Andrew Sun of Merrill Lynch.
Improvements to host status printing code. Suggested by Steve Hubert
of the University of Washington, Seattle.
Change MinQueueAge option processing to do the check for the job age
when reading the queue file, rather than at the end; this
avoids parsing the addresses, which can do DNS lookups.
Problem noted by John Beck of InReference, Inc.
When MIME was being 7->8 bit decoded, "From " lines weren't being
properly escaped. Problem noted by Peter Nilsson of the
University of Linkoping.
In some cases, sendmail would retain root permissions during queue
runs even if RunAsUser was set. Problem noted by Mark
Thomas of Mark G. Thomas Consulting.
If the F=l flag was set on an SMTP mailer to indicate that it is
actually local delivery, and NOTIFY=SUCCESS is specified in
the envelope, and the receiving SMTP server speaks DSN, then
the DSN would be both generated locally and propagated to the
other end.
The U= mailer field didn't correctly extract the group id if the
user id was numeric. Problem noted by Kenneth Herron of
MCI Telecommunications Communications.
If a message exceeded the fixed maximum size on input, the body of
the message was included in the bounce. Note that this did
not occur if it exceeded the maximum _output_ size. Problem
reported by Kyle Jones of UUNET.
PORTABILITY FIXES:
AIX4: 4.1 doesn't have a working setreuid(2); change the
AIX4 defines to use seteuid(2) instead, which
works on 4.1 as well as 4.2. Problem noted by
Håkan Lindholm of interAF, Sweden.
AIX4: use tzname[] vector to determine time zone name.
Patch from NAKAMURA Motonori of Kyoto University.
MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support.
Contributed by Paul DuBois <dubois@primate.wisc.edu>.
Solaris: kstat(3k) support for retrieving the load average.
This adds the LA_KSTAT definition for LA_TYPE.
The outline of the implementation was contributed
by Michael Tokarev of Telecom Service, JSC, Moscow.
HP-UX 10.0 gripes about the (perfectly legal!) forward
declaration of struct rusage at the top of conf.h;
change it to only be included if you are using gcc,
which is apparently the only compiler that requires
it in the first place. Problem noted by Jeff
Earickson of Colby College.
IRIX: don't default to using gcc. IRIX is a civilized
operating system that comes with a decent compiler
by default. Problem noted by Barry Bouwsma and
Kari Hurtta.
CONFIG: specify F=9 as default in FEATURE(local_procmail) for
consistency with other local mailers. Inconsistency
pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>.
CONFIG: if the "limited best mx" feature is used (to reduce DNS
overhead) as part of the bestmx_is_local feature, the
domain part was dropped from the name. Patch from Steve
Hubert of the University of Washington, Seattle.
CONFIG: catch addresses of the form "user@.dom.ain"; these could
end up being translated to the null host name, which would
return any entry in /etc/hosts that had a space at the end
of the line. Problem noted by Steve Hubert of the
University of Washington, Seattle.
CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer
Polytechnic Institute.
MAKEMAP: tweak hash and btree parameters for better performance.
Patch from Matt Dillon of Best Internet Communications.
NEW FILES:
src/Makefiles/Makefile.Linux.ppc
cf/ostype/aix4.m4
cf/ostype/mklinux.m4
8.8.2/8.8.2 1996/10/18
SECURITY: fix a botch in the 7-bit MIME patch; the previous patch
changed the code but didn't fix the problem.
PORTABILITY FIXES:
Solaris: Don't use the system getusershell(3); it can
apparently corrupt the heap in some circumstances.
Problem found by Ken Pizzini of Spry, Inc.
OP.ME: document several mailer flags that were accidentally omitted
from this document. These flags were F=d, F=j, F=R, and F=9.
CONFIG: no changes.
8.8.1/8.8.1 1996/10/17
SECURITY: unset all environment variables that the resolver will
examine during queue runs and daemon mode. Problem noted
by Dan Bernstein of the University of Illinois at Chicago.
SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain
message could overflow a buffer if it was converted back
to 8 bits. This caused core dumps and has the potential
for a remote attack. Problem first noted by Gregory Shapiro
of WPI.
Avoid duplicate deliveries of error messages on systems that don't
have flock(2) support. Patch from Motonori Nakamura of
Kyoto University.
Ignore null FallBackMX (V) options. If this option is null (as
opposed to undefined) it can cause "null signature" syserrs
on illegal host names.
If a Base64 encoded text/plain message has no trailing newline in
the encoded text, conversion back to 8 bits will drop the
final line. Problem noted by Pierre David.
If running with a RunAsUser, sendmail would give bogus "cannot
setuid" (or seteuid, or setreuid) messages on some systems.
Problem pointed out by Jordan Mendelson of Web Services, Inc.
Always print error messages in -bv mode -- previously, -bv would
be absolutely silent on errors if the error mode was sent
to (say) mail-back. Problem noted by Kyle Jones of UUNET.
If -qI/R/S is set (or the ETRN command is used), ignore all long
term host status. This is necessary because it is common
to do this when you know a host has just come back up.
Disallow duplicate HELO/EHLO commands as required by RFC 1651 section
4.2. Excessive permissiveness noted by Lee Flight of the
University of Leicester.
If a service (such as NIS) is specified as the last entry in the
service switch, but that service is not compiled in, sendmail
would return a temporary failure when an entry was not found
in the map. This caused the message to be queued instead of
bouncing immediately. Problem noted by Harry Edmon of the
University of Washington.
PORTABILITY FIXES:
Solaris 2.3 had compilation problems in conf.c. Several
people pointed this out.
NetBSD from Charles Hannum of MIT.
AIX4 improvements based on info from Steve Bauer of South
Dakota School of Mines & Technology.
CONFIG: ``error:code message'' syntax was broken in virtusertable.
Patch from Gil Kloepfer Jr.
CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set
using MASQUERADE_DOMAIN) were not masqueraded unless they
were also in $=w. Problem noted by Zoltan Basti of
Softec.
MAIL.LOCAL: patches to compile and link cleanly on AIX. Based
on a patch from Eric Hagberg of Morgan Stanley.
MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan
of Stanford via Robert La Ferla.
8.8.0/8.8.0 1996/09/26
Under some circumstances, Bcc: headers would not be properly
deleted. Pointed out by Jonathan Kamens of OpenVision.
Log a warning if the sendmail daemon is invoked without a full
pathname, which prevents "kill -1" from working. I was
urged to put this in by Andrey A. Chernov of DEMOS (Russia).
Fix small buffer overflow. Since the data in this buffer was not
read externally, there was no security problem (and in fact
probably wouldn't really overflow on most compilers). Pointed
out by KIZU takashi of Osaka University.
Fix problem causing domain literals such as [1.2.3.4] to be ignored
if a FallbackMXHost was specified in the configuration file
-- all mail would be sent to the fallback even if the original
host was accessible. Pointed out by Munenari Hirayama of
NSC (Japan).
A message that didn't terminate with a newline would (sometimes) not
have the trailing "." added properly in the SMTP dialogue,
causing SMTP to hang. Patch from Per Hedeland of Ericsson.
The DaemonPortOptions suboption to bind to a particular address was
incorrect and nonfunctional due to a misunderstanding of the
semantics of binding on a passive socket. Patch from
NIIBE Yutaka of Mitsubishi Research Institute.
Increase the number of MX hosts for a single name to 100 to better
handle the truly huge service providers such as AOL, which
has 13 at the moment (and climbing). In order to avoid
trashing memory, the buffer for all names has only been
slightly increased in size, to 12.8K from 10.2K -- this means
that if a single name had 100 MX records, the average size
of those records could not exceed 128 bytes. Requested by
Brad Knowles of America On Line.
Restore use of IDENT returns where the OSTYPE field equals "OTHER".
Urged by Dan Bernstein of U.C. Berkeley.
Print q_statdate and q_specificity in address structure debugging
printout.
Expand MCI structure flag bits for debugging output.
Support IPv6-style domain literals, which can have colons between
square braces.
Log open file descriptors for the "cannot dup" messages in deliver();
this is an attempt to track down a bug that one person seems
to be having (it may be a Solaris bug!).
DSN NOTIFY parameters were not properly propagated across queue runs;
this caused the NOTIFY info to sometimes be lost. Problem
pointed out by Claus Assmann of the
Christian-Albrechts-University of Kiel.
The statistics gathered in the sendmail.st file were too high; in
some cases failures (e.g., user unknown or temporary failure)
would count as a delivery as far as the statistics were
concerned. Problem noted by Tom Moore of AT&T GIS.
Systems that don't have flock() would not send split envelopes in
the initial run. Problem pointed out by Leonard Zubkoff of
Dandelion Digital.
Move buffer overflow checking -- these primarily involve distrusting
results that may come from NIS and DNS.
4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't
include <paths.h> and hence had the wrong pathnames for a few
things like /var/tmp. Reported by Matthew Green.
Conditions were reversed for the Priority: header, resulting in all
values being interpreted as non-urgent except for non-urgent,
which was interpreted as normal. Patch from Bryan Costales.
The -o (optional) flag was being ignored on hash and btree maps
since 8.7.2. Fix from Bryan Costales.
Content-Types listed in class "q" will always be encoded as
Quoted-Printable (or more accurately, will never be encoded
as base64). The class can have primary types (e.g., "text")
or full types (e.g., "text/plain"). Based on a suggestion by
Marius Olafsson of the University of Iceland.
Define ${envid} to be the original envelope id (from the ESMTP DSN
dialogue) so it can be passed to programs in mailers.
Define ${bodytype} to be the body type (from the -B flag or the
BODY= ESMTP parameter) so it can be passed to programs in
mailers.
Cause the VRFY command to return 252 instead of 250 unless the F=q
flag is set in the mailer descriptor. Suggested by John
Myers of CMU.
Implement ESMTP ETRN command to flush the queue for a specific host.
The command takes a host name; data for that host is
immediately (and asynchronously) flushed. Because this shares
the -qR implementation, other hosts may be attempted, but
there should be no security implications. Implementation
from John Beck of InReference, Inc. See RFC 1985 for details.
Add three new command line flags to pass in DSN parameters: -V envid
(equivalent to ENVID=envid on the MAIL command), -R ret
(equivalent to RET=ret on the MAIL command), and -Nnotify
(equivalent to NOTIFY=notify on the RCPT command). Note
that the -N flag applies to all recipients; there is no way
to specify per-address notifications on the command line,
nor is there an equivalent for the ORCPT= per-address
parameter.
Restore LogLevel option to be safe (it can only be increased);
apparently I went into paranoid mode between 8.6 and 8.7
and made it unsafe. Pointed out by Dabe Murphy of the
University of Maryland.
New logging on log level 15: all SMTP traffic. Patches from
Andrew Gross of San Diego Supercomputer Center.
NetInfo property value searching code wasn't stopping when it found
a match. This was causing the wrong values to be found (and
had a memory leak). Found by Bastian Schleuter of TU-Berlin.
Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed
out by Bill Wisner of Electronics for Imaging that you can't
use the bracket address form for the MAIL_HUB macro, since
that causes the brackets to remain in the envelope recipient
address used for delivery. The simple fix (stripping off the
brackets in the config file) breaks the use of IP literal
addresses. This flag will solve that problem.
Add MustQuoteChars option. This is a list of characters that must
be quoted if they are found in the phrase part of an address
(that is, the full name part). The characters @,;:\()[] are
always in this list and cannot be removed. The default is
this list plus . and ' to match RFC 822.
Add AllowBogusHELO option; if set, sendmail will allow HELO commands
that do not include a host name for back compatibility with
some stupid SMTP clients. Setting this violates RFC 1123
section 5.2.5.
Add MaxDaemonChildren option; if this is set, sendmail will start
rejecting connections if it has more than this many
outstanding children accepting mail. Note that you may
see more processes than this because of outgoing mail; this
is for incoming connections only.
Add ConnectionRateThrottle option. If set to a positive value, the
number of incoming SMTP connections that will be permitted
in a single second is limited to this number. Connections are
not refused during this time, just deferred. The intent is to
flatten out demand so that load average limiting can kick in.
It is less radical than MaxDaemonChildren, which will stop
accepting connections even if all the connections are idle
(e.g., due to connection caching).
Add Timeout.hoststatus option. This interval (defaulting to 30m)
specifies how long cached information about the state of a
host will be kept before they are considered stale and the
host is retried. If you are using persistent host status
(i.e., the HostStatusDirectory option is set) this will apply
between runs; otherwise, it applies only within a single queue
run and hence is useful only for hosts that have large queues
that take a very long time to run.
Add SingleLineFromHeader option. If set, From: headers are coerced
into being a single line even if they had newlines in them
when read. This is to get around a botch in Lotus Notes.
Text class maps were totally broken -- if you ever retrieved the last
item in a table it would be truncated. Problem noted by
Gregory Neil Shapiro of WPI.
Extend the lines printed by the mailq command (== the -bp flag) when
-v is given to 120 characters; this allows more information
to be displayed. Suggested by Gregory Neil Shapiro of WPI.
Allow macro definitions (`D' lines) with unquoted commas; previously
this was treated as end-of-input. Problem noted by Bryan
Costales.
The RET= envelope parameter (used for DSNs) wasn't properly written
to the queue file. Fix from John Hughes of Atlantic
Technologies, Inc.
Close /var/tmp/dead.letter after a successful write -- otherwise
if this happens in a queue run it can cause nasty delays.
Problem noted by Mark Horton of AT&T.
If userdb entries pointed to userdb entries, and there were multiple
values for a given key, the database cursor would get
trashed by the recursive call. Problem noted by Roy Mongiovi
of Georgia Tech. Fixed by reading all the values and creating
a comma-separated list; thus, the -v output will be somewhat
different for this case.
Fix buffer allocation problem with Hesiod-based userdb maps when
HES_GETMAILHOST is defined. Based on a patch by Betty Lee
of Stanford University.
When envelopes were split due to aliases with owner- aliases, and
there was some error on one of the lists, more than one of
the owners would get the message. Problem pointed out by
Roy Mongiovi of Georgia Tech.
Detect excessive recursion in macro expansions, e.g., $X defined
in terms of $Y which is defined in terms of $X. Problem
noted by Bryan Costales; patch from Eric Wassenaar.
When using F=U to get "ugly UUCP" From_ lines, a buffer could in
some cases get trashed causing bogus From_ lines. Fix from
Kyle Jones of UUNET.
When doing load average initialization, if the nlist call for avenrun
failed, the second and subsequent lookups wouldn't notice
that fact causing bogus load averages to be returned. Noted
by Casper Dik of Sun Holland.
Fix problem with incompatibility with some versions of inet_aton that
have changed the return value to unsigned, so a check for an
error return of -1 doesn't work. Use INADDR_NONE instead.
This could cause mail to addresses such as [foo.com] to bounce
or get dropped. Problem noted by Christophe Wolfhugel of the
Pasteur Institute.
DSNs were inconsistent if a failure occurred during the DATA phase
rather than the RCPT phase: the Action: would be correct, but
the detailed status information would be wrong. Problem noted
by Bob Snyder of General Electric Company.
Add -U command line flag and the XUSR ESMTP extension, both indicating
that this is the initial MUA->MTA submission. The flag current
does nothing, but in future releases (when MUAs start using
these flags) it will probably turn on things like DNS
canonification.
Default end-of-line string (E= specification on mailer [M] lines)
to \r\n on SMTP mailers. Default remains \n on non-SMTP
mailers.
Change the internal definition for the *file* and *include* mailers
to have $u in the argument vectors so that they aren't
misinterpreted as SMTP mailers and thus use \r\n line
termination. This will affect anyone who has redefined
either of these in their configuration file.
Don't assume that IDENT servers close the connection after a query;
responses can be newline terminated. From Terry Kennedy of
St. Peter's College.
Avoid core dumps on erroneous configuration files that have
$#mailer with nothing following. From Bryan Costales.
Avoid null pointer dereference with high debug values in unlockqueue.
Fix from Randy Martin of Clemson University.
Fix possible buffer overrun when expanding very large macros. Fix
from Kyle Jones of UUNET.
After 25 EXPN or VRFY commands, start pausing for a second before
processing each one. This avoids a certain form of denial
of service attack. Potential attack pointed out by Bryan
Costales.
Allow new named (not numbered!) config file rules to do validity
checking on SMTP arguments: check_mail for MAIL commands and
check_rcpt for RCPT commands. These rulesets can do anything
they want; their result is ignored unless they resolve to the
$#error mailer, in which case the indicated message is printed
and the command is rejected. Similarly, the check_compat
ruleset is called before delivery with "from_addr $| to_addr"
(the $| is a meta-symbol used to separate the two addresses);
it can give a "this sender can't send to this recipient"
notification. Note that this patch allows $| to stand alone
in rulesets.
Define new macros ${client_name}, ${client_addr}, and ${client_port}
that have the name, IP address, and port number (respectively)
of the SMTP client (that is, the entity at the other end of
the connection. These can be used in (e.g.) check_rcpt to
verify that someone isn't trying to relay mail through your
host inappropriately. Be sure to use the deferred evaluation
form, for example $&{client_name}, to avoid having these bound
when sendmail reads the configuration file.
Add new config file rule check_relay to check the incoming connection
information. Like check_compat, it is passed the host name
and host address separated by $| and can reject connections
on that basis.
Allow IDA-style recursive function calls. Code contributed by Mark
Lovell and Paul Vixie.
Eliminate the "No ! in UUCP From address!" message" -- instead, create
a virtual UUCP address using either a domain address or the $k
macro. Based on code contributed by Mark Lovell and Paul
Vixie.
Add Stanford LDAP map. Requires special libraries that are not
included with sendmail. Contributed by Booker C. Bense
<bbense@networking.stanford.edu>; contact him for support.
See also the src/READ_ME file.
Allow -dANSI to turn on ANSI escape sequences in debug output; this
puts metasymbols (e.g., $+) in reverse video. Really useful
only for debugging deep bits of code where it is important to
distinguish between the single-character metasymbol $+ and the
two characters $, +.
Changed ruleset 89 (executed in dumpstate()) to a named ruleset,
debug_dumpstate.
Add new UnsafeGroupWrites option; if set, .forward and :include:
files that are group writable are considered "unsafe" -- that
is, programs and files referenced from such files are not
valid recipients.
Delete bogosity test for FallBackMX host; this prevented it to be a
name that was not in DNS or was a domain-literal. Problem
noted by Tom May.
Change the introduction to error messages to more clearly delineate
permanent from temporary failures; if both existed in a
single message it could be confusing. Suggested by John
Beck of InReference, Inc.
The IngoreDot (i) option didn't work for lines that were terminated
with CRLF. Problem noted by Ted Stockwell of Secure
Computing Corporation.
Add a heuristic to improve the handling of unbalanced `<' signs in
message headers. Problem reported by Matt Dillon of Best
Internet Communications.
Check for bogus characters in the 0200-0237 range; since these are
used internally, very strange errors can occur if those
characters appear in headers. Problem noted by Anders Gertz
of Lysator.
Implement 7 -> 8 bit MIME conversions. This only takes place if the
recipient mailer has the F=9 flag set, and only works on
text/plain body types. Code contributed by Marius Olafsson
of the University of Iceland.
Special case "postmaster" name so that it is always treated as lower
case in alias files regardless of configuration settings;
this prevents some potential problems where "Postmaster" or
"POSTMASTER" might not match "postmaster". In most cases
this change is a no-op.
The -o map flag was ignored for text maps. Problem noted by Bryan
Costales.
The -a map flag was ignored for dequote maps. Problem noted by
Bryan Costales.
Fix core dump when a lookup of a class "prog" map returns no
response. Patch from Bryan Costales.
Log instances where sendmail is deferring or rejecting connections
on LogLevel 14. Suggested by Kyle Jones of UUNET.
Include port number in process title for network daemons. Suggested
by Kyle Jones of UUNET.
Send ``double bounces'' (errors that occur when sending an error
message) to the address indicated in the DoubleBounceAddress
option (default: postmaster). Previously they were always
sent to postmaster. Suggested by Kyle Jones of UUNET.
Add new mode, -bD, that acts like -bd in all respects except that
it runs in foreground. This is useful for using with a
wrapper that "watches" system services. Suggested by Kyle
Jones of UUNET.
Fix botch in spacing around (parenthesized) comments in addresses
when the comment comes before the address. Patch from
Motonori Nakamura of Kyoto University.
Use the prefix "Postmaster notify" on the Subject: lines of messages
that are being bounced to postmaster, rather than "Returned
mail". This permits the person who is postmaster more
easily determine what messages are to their role as
postmaster versus bounces to mail they actually sent. Based
on a suggestion by Motonori Nakamura.
Add new value "time" for QueueSortOrder option; this causes the queue
to be sorted strictly by the time of submission. Note that
this can cause very bad behavior over slow lines (because
large jobs will tend to delay small jobs) and on nodes with
heavy traffic (because old things in the queue for hosts that
are down delay processing of new jobs). Also, this does not
guarantee that jobs will be delivered in submission order
unless you also set DeliveryMode=queue. In general, it should
probably only be used on the command line, and only in
conjunction with -qRhost.domain. In fact, there are very few
cases where it should be used at all. Based on an
implementation by Motonori Nakamura.
If a map lookup in ruleset 5 returns tempfail, queue the message in
the same manner as other rulesets. Previously a temporary
failure in ruleset 5 was ignored. Patch from Booker Bense
of Stanford University.
Don't proceed to the next MX host if an SMTP MAIL command returns a
5yz (permanent failure) code. The next MX host will still be
tried if the connection cannot be opened in the first place
or if the MAIL command returns a 4yz (temporary failure) code.
(It's hard to know what to do here, since neither RFC 974 nor
RFC 1123 specify when to proceed to the next MX host.)
Suggested by Jonathan Kamens of OpenVision, Inc.
Add new "-t" flag for map definitions (the "K" line in the .cf file).
This causes map lookups that get a temporary failure (e.g.,
name server failure) to _not_ defer the delivery of the
message. This should only be used if your configuration file
is prepared to do something sensible in this case. Based on
an idea by Gregory Shapiro of WPI.
Fix problem finding network interface addresses. Patch from
Motonori Nakamura.
Don't reject qf entries that are not owned by your effective uid if
you are not running set-user-ID; this makes management of
certain kinds of firewall setups difficult. Patch
suggested by Eamonn Coleman of Qualcomm.
Add persistent host status. This keeps the information normally
maintained within a single queue run in disk files that are
shared between sendmail instances. The HostStatusDirectory
is the directory in which the information is maintained. If
not set, persistent host status is turned off. If not a full
pathname, it is relative to the queue directory. A common
value is ".hoststat".
There are also two new operation modes:
* -bh prints the status of hosts that have had recent
connections.
* -bH purges the host statuses. No attempt is made to save
recent status information.
This feature was originally written by Paul Vixie of Vixie
Enterprises for KJS and adapted for V8 by Mark Lovell of
Bigrock Consulting. Paul's funding of Mark and Mark's patience
with my insistence that things fit cleanly into the V8
framework is gratefully appreciated.
New SingleThreadDelivery option (requires HostStatusDirectory to
operate). Avoids letting two sendmails on the local machine
open connections to the same remote host at the same time.
This reduces load on the other machine, but can cause mail to
be delayed (for example, if one sendmail is delivering a huge
message, other sendmails won't be able to send even small
messages). Also, it requires another file descriptor (for the
lock file) per connection, so you may have to reduce
ConnectionCacheSize to avoid running out of per-process
file descriptors. Based on the persistent host status code
contributed by Paul Vixie and Mark Lovell.
Allow sending to non-simple files (e.g., /dev/null) even if the
SafeFileEnvironment option is set. Problem noted by Bryan
Costales.
The -qR flag mistakenly matched flags in the "R" line of the queue
file. Problem noted by Bryan Costales.
If a job was aborted using the interrupt signal (e.g., control-C from
the keyboard), on some occasions an empty df file would be
left around; these would collect in the queue directory.
Problem noted by Bryan Costales.
Change the makesendmail script to enhance the search for Makefiles
based on release number. For example, on SunOS 5.5.1, it will
search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then
Makefile.SunOS.5.x (in addition to the other rules, e.g.,
adding $arch). Problem noted by Jason Mastaler of Atlanta
Webmasters.
When creating maps using "newaliases", always map the keys to lower
case when creating the map unless the -f flag is specified on
the map itself. Previously this was done based on the F=u
flag in the local mailer, which meant you could create aliases
that you could never access. Problem noted by Bob Wu of DEC.
When a job was read from the queue, the bits causing notification on
failure or delay were always set. This caused those
notifications to be sent even if NOTIFY=NEVER had been
specified. Problem noted by Steve Hubert of the University
of Washington, Seattle.
Add new configurable routine validate_connection (in conf.c). This
lets you decide if you are willing to accept traffic from
this host. If it returns FALSE, all SMTP commands will return
"550 Access denied". -DTCPWRAPPERS will include support for
TCP wrappers; you will need to add -lwrap to the link line.
(See src/READ_ME for details.)
Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster
bounces. Some people seemed to think that this could be
confusing (even though it is true). Suggested by Motonori
Nakamura.
Add new RunAsUser option; this causes sendmail to do a setuid to that
user early in processing to avoid potential security problems.
However, this means that all .forward and :include: files must
be readable by that user, and all files to be written must be
writable by that user and all programs will be executed by that
user. It is also incompatible with the SafeFileEnvironment
option. In other words, it may not actually add much to
security. However, it should be useful on firewalls and other
places where users don't have accounts and the aliases file is
well constrained.
Add Timeout.iconnect. This is like Timeout.connect except it is used
only on the first attempt to delivery to an address. It could
be set to be lower than Timeout.connect on the principle that
the mail should go through quickly to responsive hosts; less
responsive hosts get to wait for the next queue run.
Fix a problem on Solaris that occasionally causes programs
(such as vacation) to hang with their standard input connected
to a UDP port. It also created some signal handling problems.
The problems turned out to be an interaction between vfork(2)
and some of the libraries, particularly NIS/NIS+. I am
indebted to Tor Egge <tegge@idt.ntnu.no> for this fix.
Change user class map to do the same matching that actual delivery
will do instead of just a /etc/passwd lookup. This adds
fuzzy matching to the user map. Patch from Dan Oscarsson.
The Timeout.* options are not safe -- they can be used to create a
denial-of-service attack. Problem noted by Christophe
Wolfhugel.
Don't send PostmasterCopy messages in the event of a "delayed"
notification. Suggested by Barry Bouwsma.
Don't advertise "VERB" ESMTP extension if the "noexpn" privacy
option is set, since this disables VERB mode. Suggested
by John Hawkinson of MIT.
Complain if the QueueDirectory (Q) option is not set. Problem noted
by Motonori Nakamura of Kyoto University.
Only queue messages on transient .forward open failures if there
were no successful opens. The previous behavior caused it
to queue even if a "fall back" .forward was found. Problem
noted by Ann-Kian Yeo of the Dept. of Information Systems
and Computer Science (DISCS), NUS, Singapore.
Don't do 8->7 bit conversions when bouncing a MIME message that
is bouncing because of a MIME error during 8->7 bit conversion;
the encapsulated message will bounce again, causing a loop.
Problem noted by Steve Hubert of the University of Washington.
Create xf (transcript) files using the TempFileMode option value
instead of 0644. Suggested by Ann-Kian Yeo of the
National University of Singapore.
Print errors if setgid/setuid/etc. fail during delivery. This helps
- detect cases where DefaultUid is set to something that the
+ detect cases where DefaultUser is set to something that the
system can't cope with.
PORTABILITY FIXES:
Support for AIX/RS 2.2.1 from Mark Whetzel of Western
Atlas International.
Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell
<bicknell@ufp.org>.
On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only
work on the first recipient of a message due to a
bug in the getpwent family. If this is something you
use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a
workaround. From Maximum Entropy of Sanford C.
Bernstein and Associates.
FreeBSD 1.1.5.1 uname -r returns a string containing
parentheses, which breaks makesendmail. Reported
by Piero Serini <piero@strider.ibenet.it>.
Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of
Systems and Computer Technology Corporation.
Solaris 2.x: omit the UUCP grade parameter (-g flag) because
it is system-dependent. Problem noted by J.J. Bailey
of Bailey Computer Consulting.
Pyramid NILE running DC/OSx support from Earle F. Ake of
Hassler Communication Systems Technology, Inc.
HP-UX 10.x compile glitches, reported by Anne Brink of the
U.S. Army and James Byrne of Harte & Lyne Limited.
NetBSD from Matthew Green of the NetBSD crew.
SCO 5.x from Keith Reynolds of SCO.
IRIX 6.2 from Robert Tarrall of the University of
Colorado and Kari Hurtta of the Finnish Meteorological
Institute.
UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R.
Lopez, CICA (Seville).
NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR.
PTX 3.2.0 from Kenneth Stailey of the US Department of Labor
Employment Standards Administration.
Altos System V (5.3.1) from Tim Rice of Multitalents.
Concurrent Systems Corporation Maxion from Donald R. Laster
Jr.
NetInfo maps (improved debugging and multi-valued aliases)
from Adrian Steinmann of Steinmann Consulting.
ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler)
from Eric Schnoebelen of Convex.
Linux 2.0 mail.local patches from Horst von Brand.
NEXTSTEP 3.x compilation from Robert La Ferla.
NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT.
Solaris 2.5 configuration fixes for mail.local by Jim Davis
of the University of Arizona.
Solaris 2.5 has a working setreuid. Noted by David Linn of
Vanderbilt University.
Solaris changes for praliases, makemap, mailstats, and smrsh.
Previously you had to add -DSOLARIS in Makefile.dist;
this auto-detects. Based on a patch from Randall
Winchester of the University of Maryland.
CONFIG: add generic-nextstep3.3.mc file. Contributed by
Robert La Ferla of Hot Software.
CONFIG: allow mailertables to resolve to ``error:code message''
(where "code" is an exit status) on domains (previously
worked only on hosts). Patch from Cor Bosman of Xs4all
Foundation.
CONFIG: hooks for IPv6-style domain literals.
CONFIG: predefine ALIAS_FILE and change the prototype file so that
if it is undefined the AliasFile option is never set; this
should be transparent for most everyone. Suggested by John
Myers of CMU.
CONFIG: add FEATURE(limited_masquerade). Without this feature, any
domain listed in $=w is masqueraded. With it, only those
domains listed in a MASQUERADE_DOMAIN macro are masqueraded.
CONFIG: add FEATURE(masquerade_entire_domain). This causes
masquerading specified by MASQUERADE_DOMAIN to apply to all
hosts under those domains as well as the domain headers
themselves. For example, if a configuration had
MASQUERADE_DOMAIN(foo.com), then without this feature only
foo.com would be masqueraded; with it, *.foo.com would be
masqueraded as well. Based on an implementation by Richard
(Pug) Bainter of U. Texas.
CONFIG: add FEATURE(genericstable) to do a more general rewriting of
outgoing addresses. Defaults to ``hash -o /etc/genericstable''.
Keys are user names; values are outgoing mail addresses. Yes,
this does overlap with the user database, and figuring out
just when to use which one may be tricky. Based on code
contributed by Richard (Pug) Bainter of U. Texas with updates
from Per Hedeland of Ericsson.
CONFIG: add FEATURE(virtusertable) to do generalized rewriting of
incoming addresses. Defaults to ``hash -o /etc/virtusertable''.
Keys are either fully qualified addresses or just the host
part (with the @ sign). For example, a table containing:
info@foo.com foo-info
info@bar.com bar-info
@baz.org jane@elsewhere.net
would send all mail destined for info@foo.com to foo-info
(which is presumably an alias), mail addressed to info@bar.com
to bar-info, and anything addressed to anyone at baz.org will
be sent to jane@elsewhere.net. The names foo.com, bar.com,
and baz.org must all be in $=w. Based on discussions with
a great many people.
CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS.
Suggested by Richard Bainter.
CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the
"fax" mailer.
CONFIG: allow mailertable entries to resolve to local:user; this
passes the original user@host in to procmail-style local
mailers as the "detail" information to allow them to do
additional clever processing. From Joe Pruett of
Teleport Corporation. Delivery to the original user can
be done by specifying "local:" (with nothing after the colon).
CONFIG: allow any context that takes "mailer:domain" to also take
"mailer:user@domain" to force mailing to the given user;
"local:user" can also be used to do local delivery. This
applies on *_RELAY and in the mailertable entries. Based
on a suggestion by Ribert Kiessling of Easynet.
CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that
limits the possible domains; this reduces the number of DNS
lookups required to support this feature. For example,
FEATURE(bestmx_is_local, my.site.com) limits the lookups
to domains under my.site.com. Code contributed by Anthony
Thyssen <anthony@cit.gu.edu.au>.
CONFIG: LOCAL_RULESETS introduces any locally defined rulesets,
such as the check_rcpt ruleset. Suggested by Gregory Shapiro
of WPI.
CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the
event you have to define local mailers. Suggested by
Gregory Shapiro of WPI.
CONFIG: fix cases where a three- (or more-) stage route-addr could
be misinterpreted as a list:...; syntax. Based on a patch by
Vlado Potisk <Vlado_Potisk@tempest.sk>.
CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is
remotely connected. The address host!user was being
converted to host!user@thishost instead of host!user@uurelay.
Problem noted by William Gianopoulos of Raytheon Company.
CONFIG: add confTO_ICONNECT to set Timeout.iconnect.
CONFIG: change FEATURE(redirect) message from "User not local" to
"User has moved"; the former wording was confusing if the
new address is still on the local host. Based on a suggestion
by Andreas Luik.
CONFIG: add support in FEATURE(nullclient) for $=E (exposed users).
However, the class is not pre-initialized to contain root.
Suggested by Gregory Neil Shapiro.
CONTRIB: Remove XLA code at the request of the author, Christophe
Wolfhugel.
CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm.
MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note
well: this produces a slightly different mailbox format (no
Content-Length: headers), file ownerships and modes are
different (not owned by group mail; mode 600 instead of 660),
and the local mailer flags will have to be tweaked (make them
match bsd4.4) in order to use this mailer. Patches from Paul
Hammann of the Missouri Research and Education Network.
MAIL.LOCAL: in some cases it could return EX_OK even though there
was a delivery error, such as if the ownership on the file
was wrong or the mode changed between the initial stat and
the open. Problem reported by William Colburn of the New
Mexico Institute of Mining and Technology.
MAILSTATS: handle zero length files more reliably. Patch from Bryan
Costales.
MAILSTATS: add man page contributed by Keith Bostic of BSDI.
MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't
honored. Fix from Michael Scott Shappe.
PRALIASES: add man page contributed by Keith Bostic of BSDI.
NEW FILES:
src/Makefiles/Makefile.AIX.2
src/Makefiles/Makefile.IRIX.6.2
src/Makefiles/Makefile.maxion
src/Makefiles/Makefile.NCR.MP-RAS.3.x
src/Makefiles/Makefile.SCO.5.x
src/Makefiles/Makefile.UXPDSV20
mailstats/mailstats.8
praliases/praliases.8
cf/cf/generic-nextstep3.3.mc
cf/feature/genericstable.m4
cf/feature/limited_masquerade.m4
cf/feature/masquerade_entire_domain.m4
cf/feature/virtusertable.m4
cf/ostype/aix2.m4
cf/ostype/altos.m4
cf/ostype/maxion.m4
cf/ostype/solaris2.ml.m4
cf/ostype/uxpds.m4
contrib/re-mqueue.pl
DELETED FILES:
src/Makefiles/Makefile.Solaris
contrib/xla/README
contrib/xla/xla.c
RENAMED FILES:
src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x
src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2
src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10
src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x
src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x
8.7.6/8.7.3 1996/09/17
SECURITY: It is possible to force getpwuid to fail when writing the
queue file, causing sendmail to fall back to running programs
as the default user. This is not exploitable from off-site.
Workarounds include using a unique user for the DefaultUser
(old u & g options) and using smrsh as the local shell.
SECURITY: fix some buffer overruns; in at least one case this allows
a local user to get root. This is not known to be exploitable
from off-site. The workaround is to disable chfn(1) commands.
8.7.5/8.7.3 1996/03/04
Fix glitch in 8.7.4 when putting certain internal lines; this can
in some case cause connections to hang or messages to have
extra spaces in odd places. Patch from Eric Wassenaar;
reports from Eric Hall of Chiron Corporation, Stephen
Hansen of Stanford University, Dean Gaudet of HotWired,
and others.
8.7.4/8.7.3 1996/02/18
SECURITY: In some cases it was still possible for an attacker to
insert newlines into a queue file, thus allowing access to
any user (except root).
CONFIG: no changes -- it is not a bug that the configuration
version number is unchanged.
8.7.3/8.7.3 1995/12/03
Fix botch in name server timeout in RCPT code; this problem caused
two responses in SMTP, which breaks things horribly. Fix
from Gregory Neil Shapiro of WPI.
Verify that L= value on M lines cannot be negative, which could cause
negative array subscripting. Not a security problem since
this has to be in the config file, but it could have caused
core dumps. Pointed out by Bryan Costales.
Fix -d21 debug output for long macro names. Pointed out by Bryan
Costales.
PORTABILITY FIXES:
SCO doesn't have ftruncate. From Bill Aten of Computerizers.
IBM's version of arpa/nameser.h defaults to the wrong byte
order. Tweak it to work properly. Based on fixes
from Fletcher Mattox of UTexas and Betty Lee of
Stanford University.
CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option.
Deficiency pointed out by Bryan Costales of ICSI.
8.7.2/8.7.2 1995/11/19
REALLY fix the backslash escapes in SmtpGreetingMessage,
OperatorChars, and UnixFromLine options. They were not
properly repaired in 8.7.1.
Completely delete the Bcc: header if and only if there are other
valid recipient headers (To:, Cc: or Apparently-To:, the
last being a historic botch, of course). If Bcc: is the
only recipient header in the message, its value is tossed,
but the header name is kept. The old behavior (always keep
the header name and toss the value) allowed primary recipients
to see that a Bcc: went to _someone_.
Include queue id on ``Authentication-Warning: <host>: <user> set
sender to <address> using -f'' syslog messages. Suggested
by Kari Hurtta.
If a sequence or switch map lookup entry gets a tempfail but then
continues on to another map type, but the name is not found,
return a temporary failure from the sequence or switch map.
For example, if hosts search ``dns files'' and DNS fails
with a tempfail, the hosts map will go on and search files,
but if it fails the whole thing should be a tempfail, not
a permanent (host unknown) failure, even though that is the
failure in the hosts.files map. This error caused hard
bounces when it should have requeued.
Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo
owned by bar mode 700 and inbox being set-user-ID bar stopped
working properly due to excessive paranoia. Pointed out by
John Hawkinson of Panix.
An SMTP RCPT command referencing a host that gave a nameserver
timeout would return a 451 command (8.6 accepted it and
queued it locally). Revert to the 8.6 behavior in order
to simplify queue management for clustered systems. Suggested
by Gregory Neil Shapiro of WPI. The same problem could break
MH, which assumes that the SMTP session will succeed (tsk, tsk
-- mail gets lost!); this was pointed out by Stuart Pook of
Infobiogen.
Fix possible buffer overflow in munchstring(). This was not a security
problem because you couldn't specify any argument to this
without first giving up root privileges, but it is still a
good idea to avoid future problems. Problem noted by John
Hawkinson and Sam Hartman of MIT.
``452 Out of disk space for temp file'' messages weren't being
printed. Fix from David Perlin of Nanosoft.
Don't advertise the ESMTP DSN extension if the SendMimeErrors option
is not set, since this is required to get the actual DSNs
created. Problem pointed out by John Gardiner Myers of CMU.
Log permission problems that cause .forward and :include: files to
be untrusted or ignored on log level 12 and higher. Suggested
by Randy Martin of Clemson University.
Allow user ids in U= clauses of M lines to have hyphens and
underscores.
Fix overcounting of recipients -- only happened when sending to an
alias. Pointed out by Mark Andrews of SGI and Jack Woolley
of Systems and Computer Technology Corporation.
If a message is sent to an address that fails, the error message that
is returned could show some extraneous "success" information
included even if the user did not request success notification,
which was confusing. Pointed out by Allan Johannesen of WPI.
Config files that had no AliasFile definition were defaulting to
using /etc/aliases; this caused problems with nullclient
configurations. Change it back to the 8.6 semantics of
having no local alias file unless it is declared. Problem
noted by Charles Karney of Princeton University.
Fix compile problem if NOTUNIX is defined. Pointed out by Bryan
Costales of ICSI.
Map lookups of class "userdb" maps were always case sensitive; they
should be controlled by the -f flag like other maps. Pointed
out by Bjart Kvarme <bjart.kvarme@usit.uio.no>.
Fix problem that caused some addresses to be passed through ruleset 5
even when they were tagged as "sticky" by prefixing the
address with an "@". Patch from Thomas Dwyer III of Michigan
Technological University.
When converting a message to Quoted-Printable, prevent any lines with
dots alone on a line by themselves. This is because of the
preponderance of broken mailers that still get this wrong.
Code contributed by Per Hedeland of Ericsson.
Fix F{macro}/file construct -- it previously did nothing. Pointed
out by Bjart Kvarme of USIT/UiO (Norway).
Announce whether a cached connection is SMTP or ESMTP (in -v mode).
Requested by Allan Johannesen.
Delete check for text format of alias files -- it should be legal
to have the database format of the alias files without the
text version. Problem pointed out by Joe Rhett of Navigist,
Inc.
If "Ot" was specified with no value, the TZ variable was not properly
imported from the environment. Pointed out by Frank Crawford
<frank@ansto.gov.au>.
Some architectures core dumped on "program" maps that didn't have
extra arguments. Patch from Booker C. Bense of Stanford
University.
Queue run processes would re-spawn daemons when given a SIGHUP; only
the parent should do this. Fix from Brian Coan of the
Association for Progressive Communications.
If MinQueueAge was set and a message was considered but not run
during a queue run and the Timeout.queuereturn interval was
reached, a "timed out" error message would be returned that
didn't include the failed address (and claimed to be a warning
even though it was fatal). The fix is to not return such
messages until they are actually tried, i.e., in the next
MinQueueAge interval. Problem noted by Rein Tollevik of
SINTEF RUNIT, Oslo.
Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions
that have the hes_getmailhost() routine. DEC Hesiod
distributions do not have this routine. Based on a patch
from Betty Lee of Stanford University.
Extensive cleanups to map open code to handle a locking race condition
in ndbm, hash, and btree format database files on some (most
non-4.4-BSD based) OS architectures. This should solve the
occasional "user unknown" problem during alias rebuilds that
has plagued me for quite some time. Based on a patch from
Thomas Dwyer III of Michigan Technological University.
PORTABILITY FIXES:
Solaris: Change location of newaliases and mailq from
/usr/ucb to /usr/bin to match Sun settings. From
James B. Davis of TCI.
DomainOS: Makefile.DomainOS doesn't require -ldbm. From
Don Lewis of Silicon Systems.
HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x
so that the makesendmail script will find it. Pointed
out by Richard Allen of the University of Iceland.
Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which
isn't supported on all compilers.
UXPDS: compilation fixes from Diego R. Lopez.
CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless
you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE.
CONFIG: Minor glitch in S21 -- attachment of local domain name
didn't have trailing dot. From Jim Hickstein of Teradyne.
CONFIG: Fix best_mx_is_local feature to allow nested addresses such as
user%host@thishost. From Claude Scarpelli of Infobiogen
(France).
CONFIG: OSTYPE(hpux10) failed to define the location of the help file.
Pointed out by Hannu Martikka of Nokia Telecommunications.
CONFIG: Diagnose some inappropriate ordering in configuration files,
such as FEATURE(smrsh) listed after MAILER(local). Based on
a bug report submitted by Paul Hoffman of Proper Publishing.
CONFIG: Make OSTYPE files consistently not override settings that
have already been set. Previously it worked differently
for different files.
CONFIG: Change relay mailer to do masquerading like 8.6 did. My take
is that this is wrong, but the change was causing problems
for some people. From Per Hedeland of Ericsson.
CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>;
portability changes for Posix environments (no functional
changes).
8.7.1/8.7.1 1995/10/01
Old macros that have become options (SmtpGreetingMessage,
OperatorChars, and UnixFromLine) didn't allow backslash
escapes in the options, where they previously had. Bug
pointed out by John Hawkinson of MIT.
Fix strange case of an executable called by a program map that
returns a value but also a non-zero exit status; this
would give contradictory results in the higher level; in
particular, the default clause in the map lookup would be
ignored. Change to ignore the value if the program returns
non-zero exit status. From Tom Moore of AT&T GIS.
Shorten parameters passed to syslog() in some contexts to avoid a
bug in many vendors' implementations of that routine. Although
this isn't really a bug in sendmail per se, and my solution
has to assume that syslog() has at least a 1K buffer size
internally (I know some vendors have shortened this
dramatically -- they're on their own), sendmail is a popular
target. Also, limit the size of %s arguments in sprintf.
These both have possible security implications. Solutions
suggested by Casper Dik of Sun's Network Security Group
(Holland), Mark Seiden, and others.
Fix a problem that might cause a non-standard -B (body type)
parameter to be passed to the next server with undefined
results. This could have security implications.
If a filesystem was at > 100% utilization, the freediskspace()
routine incorrectly returned an error rather than zero.
Problem noted by G. Paul Ziemba of Alantec.
Change MX sort order so that local hostnames (those in $=w) always
sort first within a given preference. This forces the bestmx
map to always return the local host first, if it is included
in the list of highest priority MX records. From K. Robert
Elz.
Avoid some possible null pointer dereferences. Fixes from Randy
Martin <WOLF@CLEMSON.EDU>
When sendmail starts up on systems that have no fully qualified
domain name (FQDN) anywhere in the first matching host map
(e.g., /etc/hosts if the hosts service searches "files dns"),
sendmail would sleep to try to find a FQDN, which it really
really needs. This has been changed to fall through to the
next map type if it can't find a FQDN -- i.e., if the hosts
file doesn't have a FQDN, it will try dns even though the
short name was found in /etc/hosts. This is probably a crock,
but many people have hosts files without FQDNs. Remember:
domain names are your friends.
Log a high-priority message if you can't find your FQDN during startup.
Suggested by Simon Barnes of Schlumberger Limited.
When using Hesiod, initialize it early to improve error reporting.
Patch from Don Lewis of Silicon Systems, Inc.
Apparently at least some versions of Linux have a 90 !minute! TCP
connection timeout in the kernel. Add a new "connect" timeout
to limit this time. Defaults to zero (use whatever the
kernel provides). Based on code contributed by J.R. Oldroyd
of TerraNet.
Under some circumstances, a failed message would not be properly
removed from the queue, causing tons of bogus error messages.
(This fix eliminates the problematic EF_KEEPQUEUE flag.)
Problem noted by Allan E Johannesen and Gregory Neil Shapiro
of WPI.
PORTABILITY FIXES:
On IRIX 5.x, there was an inconsistency in the setting
of sendmail.st location. Change the Makefile to
install it in /var/sendmail.st to match the OSTYPE
file and SGI standards. From Andre
<andre@curry.zfe.siemens.de>.
Support for Fujitsu/ICL UXP/DS (For the DS/90 Series)
from Diego R. Lopez <drlopez@cica.es>.
Linux compilation patches from J.R. Oldroyd of TerraNet, Inc.
LUNA 2 Mach patches from Motonori Nakamura.
SunOS Makefile was including -ldbm, which is for the old
dbm library. The ndbm library is part of libc.
CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with
``local configuration error'' in nullclient configuration.
Patch from Gregory Neil Shapiro of WPI.
CONFIG: don't allow an alias file in nullclient configurations --
since all addresses are relayed, they give errors during
rebuild. Suggested by Per Hedeland of Ericsson.
CONFIG: local mailer on Solaris 2 should always get a -f flag because
otherwise the F=S causes the From_ line to imply that root is
the sender. Problem pointed out by Claude Scarpelli of
Infobiogen (France).
NEW FILES:
cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake)
src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake)
src/Makefiles/Makefile.UXPDS
8.7/8.7 1995/09/16
Fix a problem that could cause sendmail to run out of file
descriptors due to a trashed data structure after a
vfork. Fix from Brian Coan of the Institute for
Global Communications.
Change the VRFY response if you have disabled VRFY -- some
people seemed to think that it was too rude.
Avoid reference to uninitialized file descriptor if HASFLOCK
was not defined. This was used "safely" in the sense
that it only did a stat, but it would have set the
map modification time improperly. Problem pointed out
by Roy Mongiovi of Georgia Tech.
Clean up the Subject: line on warning messages and return
receipts so that they don't say "Returned mail:"; this
can be confusing.
Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is
useful enough to make it worthwhile printing on "-d".
Avoid logging alias statistics every time you read the alias
file on systems with no database method compiled in.
If you have a name with a trailing dot, and you try looking it
up using gethostbyname without the dot (for /etc/hosts
compatibility), be sure to turn off RES_DEFNAMES and
RES_DNSRCH to avoid finding the wrong name accidentally.
Problem noted by Charles Amos of the University of
Maryland.
Don't do timeouts in collect if you are not running SMTP.
There is nothing that says you can't have a long
running program piped into sendmail (possibly via
/bin/mail, which just execs sendmail). Problem reported
by Don "Truck" Lewis of Silicon Systems.
Try gethostbyname() even if the DNS lookup fails iff option I
is not set. This allows you to have hosts listed in
NIS or /etc/hosts that are not known to DNS. It's normally
a bad idea, but can be useful on firewall machines. This
should really be broken out on a separate flag, I suppose.
Avoid compile warnings against BIND 4.9.3, which uses function
prototypes. From Don Lewis of Silicon Systems.
Avoid possible incorrect diagnosis of DNS-related errors caused
by things like attempts to resolve uucp names using
$[ ... $] -- the fix is to clear h_errno at appropriate
times. From Kyle Jones of UUNET.
SECURITY: avoid denial-of-service attacks possible by destroying
the alias database file by setting resource limits low.
This involves adding two new compile-time options:
HASSETRLIMIT (indicating that setrlimit(2) support is
available) and HASULIMIT (indicating that ulimit(2) support
is available -- the Release 3 form is used). The former
is assumed on BSD-based systems, the latter on System
V-based systems. Attack noted by Phil Brandenberger of
Swarthmore University.
New syntaxes in test (-bt) mode:
``.Dmvalue'' will define macro "m" to "value".
``.Ccvalue'' will add "value" to class "c".
``=Sruleset'' will dump the contents of the indicated
ruleset.
``=M'' will display the known mailers.
``-ddebug-spec'' is equivalent to the command-line
-d debug flag.
``$m'' will print the value of macro $m.
``$=c'' will print the contents of class $=c.
``/mx host'' returns the MX records for ``host''.
``/parse address'' will parse address, returning the value of
crackaddr (essentially, the comment information)
and the parsed address.
``/try mailer address'' will rewrite address into the form
it will have when presented to the indicated mailer.
``/tryflags flags'' will set flags used by parsing. The
flags can be `H' for header or `E' for envelope,
and `S' for sender or `R' for recipient. These
can be combined, so `HR' sets flags for header
recipients.
``/canon hostname'' will try to canonify hostname and
return the result.
``/map mapname key'' will look up `key' in the indicated
`mapname' and return the result.
Somewhat better handling of UNIX-domain socket addresses -- it
should show the pathname rather than hex bytes.
Restore ``-ba'' mode -- this reads a file from stdin and parses
the header for envelope sender information and uses
CR-LF as message terminators. It was thought to be
obsolete (used only for Arpanet NCP protocols), but it
turns out that the UK ``Grey Book'' protocols require
that functionality.
Fix a fix in previous release -- if gethostname and gethostbyname
return a name without dots, and if an attempt to canonify
that name fails, wait one minute and try again. This can
result in an extra 60 second delay on startup if your system
hostname (as returned by hostname(1)) has no dot and no names
listed in /etc/hosts or your NIS map have a dot.
Check for proper domain name on HELO and EHLO commands per
RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III
of Michigan Technological University.
Relax chownsafe rules slightly -- old version said that if you
can't tell if _POSIX_CHOWN_RESTRICTED is set (that is,
if fpathconf returned EINVAL or ENOSYS), assume that
chown is not safe. The new version falls back to whether
you are on a BSD system or not. This is important for
SunOS, which apparently always returns one of those
error codes. This impacts whether you can mail to files
or not.
Syntax errors such as unbalanced parentheses in the configuration
file could be omitted if you had "Oem" prior to the
syntax error in the config file. Change to always print
the error message. It was especially weird because it
would cause a "warning" message to be sent to the Postmaster
for every message sent (but with no transcript). Problem
noted by Gregory Paris of Motorola.
Rewrite collect and putbody to handle full 8-bit data, including
zero bytes. These changes are internally extensive, but
should have minimal impact on external function.
Allow full words for option names -- if the option letter is
(apparently) a space, then take the word following -- e.g.,
O MatchGECOS=TRUE
The full list of old and new names is as follows:
7 SevenBitInput
8 EightBitMode
A AliasFile
a AliasWait
B BlankSub
b MinFreeBlocks/MaxMessageSize
C CheckpointInterval
c HoldExpensive
D AutoRebuildAliases
d DeliveryMode
E ErrorHeader
e ErrorMode
f SaveFromLine
F TempFileMode
G MatchGECOS
H HelpFile
h MaxHopCount
i IgnoreDots
I ResolverOptions
J ForwardPath
j SendMimeErrors
k ConnectionCacheSize
K ConnectionCacheTimeout
L LogLevel
l UseErrorsTo
m MeToo
n CheckAliases
O DaemonPortOptions
o OldStyleHeaders
P PostmasterCopy
p PrivacyOptions
Q QueueDirectory
q QueueFactor
R DontPruneRoutes
r, T Timeout
S StatusFile
s SuperSafe
t TimeZoneSpec
u DefaultUser
U UserDatabaseSpec
V FallbackMXHost
v Verbose
w TryNullMXList
x QueueLA
X RefuseLA
Y ForkEachJob
y RecipientFactor
z ClassFactor
Z RetryFactor
The old macros that passed information into sendmail have
been changed to options; those correspondences are:
$e SmtpGreetingMessage
$l UnixFromLine
$o OperatorChars
$q (deleted -- not necessary)
To avoid possible problems with an older sendmail,
configuration level 6 is accepted by this version of
sendmail; any config file using the new names should
specify "V6" in the configuration.
Change address parsing to properly note that a phrase before a
colon and a trailing semicolon are essentially the same
as text outside of angle brackets (i.e., sendmail should
treat them as comments). This is to handle the
``group name: addr1, addr2, ..., addrN;'' syntax (it will
assume that ``group name:'' is a comment on the first
address and the ``;'' is a comment on the last address).
This requires config file support to get right. It does
understand that :: is NOT this syntax, and can be turned
off completely by setting the ColonOkInAddresses option.
Level 6 config files added with new mailer flags:
A Addresses are aliasable.
i Do udb rewriting on envelope as well as header
sender lines. Applies to the from address mailer
flags rather than the recipient mailer flags.
j Do udb rewriting on header recipient addresses.
Applies to the sender mailer flags rather than the
recipient mailer flags.
k Disable check for loops when doing HELO command.
o Always run as the mail recipient, even on local
delivery.
w Check for an /etc/passwd entry for this user.
5 Pass addresses through ruleset 5.
: Check for :include: on this address.
| Check for |program on this address.
/ Check for /file on this address.
@ Look up sender header addresses in the user
database. Applies to the mailer flags for the
mailer corresponding to the envelope sender
address, rather than to recipient mailer flags.
Pre-level 6 configuration files set A, w, 5, :, |, /, and @
on the "local" mailer, the o flag on the "prog" and "*file*"
mailers, and the ColonOkInAddresses option.
Eight-to-seven bit MIME conversions. This borrows ideas from
John Beck of Hewlett-Packard, who generously contributed
their implementation to me, which I then didn't use (see
mime.c for an explanation of why). This adds the
EightBitMode option (a.k.a. `8') and an F=8 mailer flag
to control handling of 8-bit data. These have to cope with
two types of 8-bit data: unlabelled 8-bit data (that is,
8-bit data that is entered without declaring it as 8-bit
MIME -- technically this is illegal according to the
specs) and labelled 8-bit data (that is, it was declared
as 8BITMIME in the ESMTP session or by using the
-B8BITMIME command line flag). If the F=8 mailer flag is
set then 8-bit data is sent to non-8BITMIME machines
instead of converting to 7 bit (essentially using
just-send-8 semantics). The values for EightBitMode are:
m convert unlabelled 8-bit input to 8BITMIME, and do
any necessary conversion of 8BITMIME to 7BIT
(essentially, the full MIME option).
p pass unlabelled 8-bit input, but convert labelled
8BITMIME input to 7BIT as required (default).
s strict adherence: reject unlabelled 8-bit input,
convert 8BITMIME to 7BIT as required. The F=8
flag is ignored.
Unlabelled 8-bit data is rejected in mode `s' regardless of
the setting of F=8.
Add new internal class 'n', which is the set of MIME Content-Types
which can not be 8 to 7 bit encoded because of other
considerations. Types "multipart/*" and "message/*" are
never directly encoded (although their components can be).
Add new internal class 's', which is the set of subtypes of the
MIME message/* content type that can be treated as though
they are an RFC822 message. It is predefined to have
"rfc822". Suggested By Kari Hurtta.
Add new internal class 'e'. This is the set of MIME
Content-Transfer-Encodings that can be converted to
a seven bit format (Quoted-Printable or Base64). It is
preinitialized to contain "7bit", "8bit", and "binary".
Add C=charset mailer parameter and the the DefaultCharSet option (no
short name) to set the default character set to use in the
Content-Type: header when doing encoding of an 8-bit message
which isn't marked as MIME into MIME format. If the C=
parameter is set on the Envelope From address, use that as
the default encoding; else use the DefaultCharSet option.
If neither is set, it defaults to "unknown-8bit" as
suggested by RFC 1428 section 3.
Allow ``U=user:group'' field in mailer definition to set a default
user and group that a mailer will be executed as. This
overrides the 'u' and 'g' options, and if the `F=S' flag is
also set, it is the uid/gid that will always be used (that
is, the controlling address is ignored). The values may be
numeric or symbolic; if only a symbolic user is given (no
group) that user's default group in the passwd file is used
as the group. Based on code donated by Chip Rosenthal of
Unicom.
Allow `u' option to also accept user:group as a value, in the same
fashion as the U= mailer option.
Add the symbolic time zone name in the Arpanet format dates (as
a comment). This adds a new compile-time configuration
flag: TZ_TYPE can be set to TZ_TM_NAME (use the value
of (struct tm *)->tm_name), TZ_TM_ZONE (use the value
of (struct tm *)->tm_zone), TZ_TZNAME (use extern char
*tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use
timezone()), or TZ_NONE (don't include the comment). Code
from Chip Rosenthal.
The "Timeout" option (formerly "r") is extended to allow suboptions.
For example,
O Timeout.helo = 2m
There are also two new suboptions "queuereturn" and
"queuewarn"; these subsume the old T option. Thus, to
set them both the preferred new syntax is
O Timeout.queuereturn = 5d
O Timeout.queuewarn = 4h
Sort queue by host name instead of by message priority if the
QueueSortOrder option (no short name) is set is set to
``host''. This makes better use of the connection cache,
but may delay more ``interactive'' messages behind large
backlogs under some circumstances. This is probably a
good option if you have high speed links or don't do lots
of ``batch'' messages, but less good if you are using
something like PPP on a 14.4 modem. Based on code
contributed by Roy Mongiovi of Georgia Tech (my main
contribution was to make it configurable).
Save i-number of df file in qf file to simplify rebuilding of queue
after disastrous disk crash. Suggested by Kyle Jones of
UUNET; closely based on code from KJS DECWRL code written
by Paul Vixie. NOTA BENE: The qf files produced by 8.7
are NOT back compatible with 8.6 -- that is, you can convert
from 8.6 to 8.7, but not the other direction.
Add ``F=d'' mailer flag to disable all use of angle brackets in
route-addrs in envelopes; this is because in some cases
they can be sent to the shell, which interprets them as
I/O redirection.
Don't include error file (option E) with return-receipts; this
can be confusing.
Don't send "Warning: cannot send" messages to owner-* or
*-request addresses. Suggested by Christophe Wolfhugel
of the Institut Pasteur, Paris.
Allow -O command line flag to set long form options.
Add "MinQueueAge" option to set the minimum time between attempts
to run the queue. For example, if the queue interval
(-q value) is five minutes, but the minimum queue age
is fifteen minutes, jobs won't be tried more often than
once every fifteen minutes. This can be used to give
you more responsiveness if your delivery mode is set to
queue-only.
Allow "fileopen" timeout (default: 60 seconds) for opening
:include: and .forward files.
Add "-k", "-v", and "-z" flags to map definitions; these set the
key field name, the value field name, and the field
delimiter. The field delimiter can be a single character
or the sequence "\t" or "\n" for tab or newline.
These are for use by NIS+ and similar access methods.
Change maps to always strip quotes before lookups; the -q flag
turns off this behavior. Suggested by Motonori Nakamura.
Add "nisplus" map class. Takes -k and -v flags to choose the
key and value field names respectively. Code donated by
Sun Microsystems.
Add "hesiod" map class. The "file name" is used as the
"HesiodNameType" parameter to hes_resolve(3). Returns the
first value found for the match. Code donated by Scott
Hutton of Indiana University.
Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to
specify the name of the property that is searched as the
key and a -v flag to specify the name of the property that
is returned as the value (defaults to "members"). The
default map is "/aliases". Some code based on code
contributed by Robert La Ferla of Hot Software.
Add "text" map class. This does slow, linear searches through
text files. The -z flag specifies a column delimiter
(defaults to any sequence of white space), the -k flag
sets the key column number, and the -v flag sets the
value column number. Lines beginning with `#' are treated
as comments.
Add "program" map class to execute arbitrary programs. The search
key is presented as the last argument; the output is one
line read from the programs standard output. Exit statuses
are from sysexits.h.
Add "sequence" map class -- searches maps in sequence until it
finds a match. For example, the declarations:
Kmap1 ...
Kmap2 ...
Kmapseq sequence map1 map2
defines a map "mapseq" that first searches map1; if the
value is found it is returned immediately, otherwise
map2 is searched and the value returned.
Add "switch" map class. This is much like "sequence" except that
the ordering is fetched from an external file, usually
the system service switch. The parameter is the name of
the service to switch on, and the maps that it will use
are the name of the switch map followed by ".service_type".
For example, if the declaration of the map is
Ksample switch hosts
and the system service switch specifies that hosts are
looked up using dns and nis in that order, then this is
equivalent to
Ksample sequence sample.dns sample.nis
The subordinate maps (sample.*) must already be defined.
Add "user" map class -- looks up users using getpwnam. Takes a
"-v field" flag on the definition that tells what passwd
entry to return -- legal values are name, passwd, uid, gid,
gecos, dir, and shell. Generally expected to be used with
the -m (matchonly) flag.
Add "bestmx" map class -- returns the best MX value for the host
listed as the value. If there are several "best" MX records
for this host, one will be chosen at random.
Add "userdb" map class -- looks up entries in the user database.
The "file name" is actually the tag that will be used,
typically "mailname". If there are multiple entries
matching the name, the one chosen is undefined.
Add multiple queue timeouts (both return and warning). These are
set by the Precedence: or Priority: header fields to one of
three values. If a Priority: is set and has value "normal",
"urgent", or "non-urgent" the corresponding timeouts are
used. If no priority is set, the Precedence: is consulted;
if negative, non-urgent timeouts are used; if greater than
zero, urgent timeouts are used. Otherwise, normal timeouts
are used. The timeouts are set by setting the six timeouts
queue{warn,return}.{urgent,normal,non-urgent}.
Fix problem when a mail address is resolved to a $#error mailer
with a temporary failure indication; it works in SMTP,
but when delivering locally the mail is silently discarded.
This patch, from Kyle Jones of UUNET, bounces it instead
of queueing it (queueing is very hard).
When using /etc/hosts or NIS-style lookups, don't assume that
the first name in the list is the best one -- instead,
search for the first one with a dot. For example, if
an /etc/hosts entry reads
128.32.149.68 mammoth mammoth.CS.Berkeley.EDU
this change will use the second name as the canonical
machine name instead of the initial, unqualified name.
Change dequote map to replace spaces in quoted text with a value
indicated by the -s flag on the dequote map definition.
For example, ``Mdequote dequote -s_'' will change
"Foo Bar" into an unquoted Foo_Bar instead of leaving it
quoted (because of the space character). Suggested by Dan
Oscarsson for use in X.400 addresses.
Implement long macro names as ${name}; long class names can
be similarly referenced as $={name} and $~{name}.
Definitions are (e.g.) ``D{name}value''. Names that have
a leading lower case letter or punctuation characters are
reserved for internal use by sendmail; i.e., config files
should use names that begin with a capital letter. Based
on code contributed by Dan Oscarsson.
Fix core dump if getgrgid returns a null group list (as opposed
to an empty group list, that is, a pointer to a list
with no members). Fix from Andrew Chang of Sun Microsystems.
Fix possible core dump if malloc fails -- if the malloc in xalloc
failed, it called syserr which called newstr which called
xalloc.... The newstr is now avoided for "panic" messages.
Reported by Stuart Kemp of James Cook University.
Improve connection cache timeouts; previously, they were not even
checked if you were delivering to anything other than an
IPC-connected host, so a series of (say) local mail
deliveries could cause cached connections to be open
much longer than the specified timeout.
If an incoming message exceeds the maximum message size, stop
writing the incoming bytes to the queue data file, since
this can fill your mqueue partition -- this is a possible
denial-of-service attack.
Don't reject all numeric local user names unless HESIOD is
defined. It turns out that Posix allows all-numeric
user names. Fix from Tony Sanders of BSDI.
Add service switch support. If the local OS has a service
switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf
on DEC systems) that will be used; otherwise, it falls back
to using a local mechanism based on the ServiceSwitchFile
option (default: /etc/service.switch). For example, if the
service switch lists "files" and "nis" for the aliases
service, that will be the default lookup order. the "files"
("local" on DEC) service type expands to any alias files
you listed in the configuration file, even if they aren't
actually file lookups.
Option I (NameServerOptions) no longer sets the "UseNameServer"
variable which tells whether or not DNS should be considered
canonical. This is now determined based on whether or not
"dns" is in the service list for "hosts".
Add preliminary support for the ESMTP "DSN" extension (Delivery
Status Notifications). DSN notifications override
Return-Receipt-To: headers, which are bogus anyhow --
support for them has been removed.
Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer
definitions to define the types used in DSN returns for
MTA names, addresses, and diagnostics respectively.
Extend heuristic to force running in ESMTP mode to look for the
five-character string "ESMTP" anywhere in the 220 greeting
message (not just the second line). This is to provide
better compatibility with other ESMTP servers.
Print sequence number of job when running the queue so you can
easily see how much progress you have made. Suggested
by Peter Wemm of DIALix.
Map newlines to spaces in logged message-ids; some versions of
syslog truncate the rest of the line after newlines.
Suggested by Fletcher Mattox of U. Texas.
Move up forking for job runs so that if a message is split into
multiple envelopes you don't get "fork storms" -- this
also improves the connection cache utilization.
Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for
the purposes of refusing to send error returns. Suggested
by Motonori Nakamura of Ritsumeikan University.
Relax rules on when a file can be written when referenced from
the aliases file: use the default uid/gid instead of the
real uid/gid. This allows you to create a file owned by
and writable only by the default uid/gid that will work
all the time (without having the set-user-ID bit set). Change
suggested by Shau-Ping Lo and Andrew Cheng of Sun
Microsystems.
Add "DialDelay" option (no short name) to provide an "extra"
delay for dial on demand systems. If this is non-zero
and a connect fails, sendmail will wait this long and
then try again. If it takes longer than the kernel
timeout interval to establish the connection, this
option can give the network software time to establish
the link. The default units are seconds.
Move logging of sender information to be as early as possible;
previously, it could be delayed a while for SMTP mail
sent to aliases. Suggested by Brad Knowles of the
Defense Information Systems Agency.
Call res_init() before setting RES_DEBUG; this is required by
BIND 4.9.3, or so I'm told. From Douglas Anderson of
the National Computer Security Center.
Add xdelay= field in logs -- this is a transaction delay, telling
you how long it took to deliver to this address on the
last try. It is intended to be used for sorting mailing
lists to favor "quick" addresses. Provided for use by
the mailprio scripts (see below).
If a map cannot be opened, and that map is non-optional, and
an address requires that map for resolution, queue the
map instead of bouncing it. This involves creating a
pseudo-class of maps called "bogus-map" -- if a required
map cannot be opened, the class is changed to bogus-map;
all queries against bogus-map return "tempfail". The
bogus-map class is not directly accessible. A sample
implementation was donated by Jem Taylor of Glasgow
University Computing Service.
Fix a possible core dump when mailing to a program that talks
SMTP on its standard input. Fix from Keith Moore of
the University of Kentucky.
Make it possible to resolve filenames to $#local $: @ /filename;
previously, the "@" would cause it to not be recognized
as a file. Problem noted by Brian Hill of U.C. Davis.
Accept a -1 signal to re-exec the daemon. This only works if
argv[0] is a full path to sendmail.
Fix bug in "addr=..." field in O option on little-endian machines
-- the network number wasn't being converted to network
byte order. Patch from Kurt Lidl of Pix Technologies
Corporation.
Pre-initialize the resolver early on; this is to avoid a bug with
BIND 4.9.3 that can cause the _res.retry field to get
reset to zero, causing all name server lookups to time
out. Fix from Matt Day of Artisoft.
Restore T line (trusted users) in config file -- but instead of
locking out the -f flag, they just tell whether or not
an X-Authentication-Warning: will be added. This really
just creates new entries in class 't', so "Ft/file/name"
can be used to read trusted user names from a file.
Trusted users are also allowed to execute programs even
if they have a shell that isn't in /etc/shells.
Improve NEWDB alias file rebuilding so it will create them
properly if they do not already exist. This had been
a MAYBENEXTRELEASE feature in 8.6.9.
Check for @:@ entry in NIS maps before starting up to avoid
(but not prevent, sigh) race conditions. This ought to
be handled properly in ypserv, but isn't. Suggested by
Michael Beirne of Motorola.
Refuse connections if there isn't enough space on the filesystem
holding the queue. Contributed by Robert Dana of Wolf
Communications.
Skip checking for directory permissions in the path to a file
when checking for file permissions iff setreuid()
succeeded -- it is unnecessary in that case. This avoids
significant performance problems when looking for .forward
files. Based on a suggestion by Win Bent of USC.
Allow symbolic ruleset names. Syntax can be "Sname" to get an
arbitrary ruleset number assigned or "Sname = integer"
to assign a specific ruleset number. Reference is
$>name_or_number. Names can be composed of alphas, digits,
underscore, or hyphen (first character must be non-numeric).
Allow -o flag on AliasFile lines to make the alias file optional.
From Bryan Costales of ICSI.
Add NoRecipientAction option to handle the case where there is
no legal recipient header in the message. It can take
on values:
None Leave the message as is. The
message will be passed on even
though it is in technically
illegal syntax.
Add-To Add a To: header with any
recipients that it can find from
the envelope. This risks exposing
Bcc: recipients.
Add-Apparently-To Add an Apparently-To: header. This
has almost no redeeming social value,
and is provided only for back
compatibility.
Add-To-Undisclosed Add a header reading
To: undisclosed-recipients:;
which will have the effect of
making the message legal without
exposing Bcc: recipients.
Add-Bcc To add an empty Bcc: header.
There is a chance that mailers down
the line will delete this header,
which could cause exposure of Bcc:
recipients.
The default is NoRecipientAction=None.
Truncate (rather than delete) Bcc: lines in the header. This
should prevent later sendmails (at least, those that don't
themselves delete Bcc:) from considering this message to
be non-conforming -- although it does imply that non-blind
recipients can see that a Bcc: was sent, albeit not to whom.
Add SafeFileEnvironment option. If declared, files named as delivery
targets must be regular files in addition to the regular
checks. Also, if the option is non-null then it is used as
the name of a directory that is used as a chroot(2)
environment for the delivery; the file names listed in an
alias or forward should include the name of this root.
For example, if you run with
O SafeFileEnvironment=/arch
then aliases should reference "/arch/rest/of/path". If a
value is given, sendmail also won't try to save to
/usr/tmp/dead.letter (instead it just leaves the job in the
queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit.
Support -A flag for alias files; this will comma concatenate like
entries. For example, given the aliases:
list: member1
list: member2
and an alias file declared as:
OAhash:-A /etc/aliases
the final alias inserted will be "list: member1,member2";
without -A you will get an error on the second and subsequent
alias for "list". Contributed by Bryan Costales of ICSI.
Line-buffer transcript file. Suggested by Liudvikas Bukys.
Fix a problem that could cause very long addresses to core dump in
some special circumstances. Problem pointed out by Allan
Johannesen.
(Internal change.) Change interface to expand() (macro expansion)
to be simpler and more consistent.
Delete check for funny qf file names. This didn't really give
any extra security and caused some people some problems.
(If you -really- want this, define PICKY_QF_NAME_CHECK
at compile time.) Suggested by Kyle Jones of UUNET.
(Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and
merge with DSN code; this is simpler and more consistent.
This may affect some people who have written their own
checkcompat() routine.
(Internal change.) Eliminate `D' line in qf file. The df file
is now assumed to be the same name as the qf file (with
the `q' changed to a `d', of course).
Avoid forking for delivery if all recipient mailers are marked as
"expensive" -- this can be a major cost on some systems.
Essentially, this forces sendmail into "queue only" mode
if all it is going to do is queue anyway.
Avoid sending a null message in some rather unusual circumstances
(specifically, the RCPT command returns a temporary
failure but the connection is lost before the DATA
command). Fix from Scott Hammond of Secure Computing
Corporation.
Change makesendmail to use a somewhat more rational naming scheme:
Makefiles and obj directories are named $os.$rel.$arch,
where $os is the operating system (e.g., SunOS), $rel is
the release number (e.g., 5.3), and $arch is the machine
architecture (e.g., sun4). Any of these can be omitted,
and anything after the first dot in a release number can
be replaced with "x" (e.g., SunOS.4.x.sun4). The previous
version used $os.$arch.$rel and was rather less general.
Change makesendmail to do a "make depend" in the target directory
when it is being created. This involves adding an empty
"depend:" entry in most Makefiles.
Ignore IDENT return value if the OSTYPE field returns "OTHER",
as indicated by RFC 1413. Pointed out by Kari Hurtta
of the Finnish Meteorological Institute.
Fix problem that could cause multiple responses to DATA command
on header syntax errors (e.g., lines beginning with colons).
Problem noted by Jens Thomassen of the University of Oslo.
Don't let null bytes in headers cause truncation of the rest of
the header.
Log Authentication-Warning:s. Suggested by Motonori Nakamura.
Increase timeouts on message data puts to allow time for receivers
to canonify addresses in headers on the fly. This is still
a rather ugly heuristic. From Motonori Nakamura.
Add "HasWildcardMX" suboption to ResolverOptions; if set, MX
records are not used when canonifying names, and when MX
lookups are done for addressing they must be fully
qualified. This is useful if you have a wildcard MX record,
although it may cause other problems. In general, don't use
wildcard MX records. Patch from Motonori Nakamura.
Eliminate default two-line SMTP greeting message. Instead of
adding an extra "ESMTP spoken here" line, the word "ESMTP"
is added between the first and second word of the first
line of the greeting message (i.e., immediately after the
host name). This eliminates the need for the BROKEN_SMTP_PEERS
compile flag. Old sendmails won't see the ESMTP, but that's
acceptable because SIZE was the only useful extension that
old sendmails understand.
Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1
invoked state dumps. From Masaharu Onishi.
Allow on-line comments in .forward and :include: files; they are
introduced by the string "<LWSP>#@#<LWSP>", where <LWSP>
is a space or a tab. This is intended for native
representation of non-ASCII sets such as Japanese, where
existing encodings would be unreadable or would lose
data -- for example,
<motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori
(romanized/less information)
<motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?=
=?ISO-2022-JP?B?GyRCQUdFNRsoQg==?=
(with MIME encoding, not human readable)
<motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B
(native encoding with ISO-2022-JP)
The last form is human readable in the Japanese environment.
Based on a fix from (surprise!) Motonori Nakamura.
Don't make SMTP error returns on MAIL FROM: line be "sticky" for all
messages to that host; these are most frequently associated
with addresses rather than the host, with the exception of
421 (service shutting down). The effect was to cause queues
to sometimes take an excessive time to flush. Reported by
Robert Sargent of Southern Geographics Technologies and
Eric Prestemon of American University.
Add Nice=N mailer option to set the niceness at which a mailer will
run. This is actually a relative niceness (that is, an
increment on the background value).
Log queue runs that are skipped due to high loads. They are logged
at LOG_INFO priority iff the log level is > 8. Contributed
by Bruce Nagel of Data General.
Allow the error mailer to accept a DSN-style error status code
instead of an sysexits status code in the host part.
Anything with a dot will be interpreted as a DSN-style code.
Add new mailer flag: F=3 will tell translations to Quoted-Printable
to encode characters that might be munged by an EBCDIC system
in addition to the set required by RFC 1521. The additional
characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~.
(Think of "IBM 360" as the mnemonic for this flag.)
Change check for mailing to files to look for a pathname of [FILE]
rather than looking for the mailer named *file*. The mapping
of leading slashes still goes to the *file* mailer. This
allows you to implement the *file* mailer as a separate
program, for example, to insert a Content-Length: header
or do special security policy. However, note that the usual
initial checking for the file permissions is still done, and
the program in question needs to be very careful about how
it does the file write to avoid security problems.
Be able to read ~root/.forward even if the path isn't accessible to
regular users. This is disrecommended because sendmail
sometimes does not run as root (e.g., when an unsafe option
is specified on the command line), but should otherwise be
safe because .forward files must be owned by the user for
whom mail is being forwarded, and cannot be a symbolic link.
Suggested by Forrest Aldrich of Wang Laboratories.
Add new "HostsFile" option that is the pathname to the /etc/hosts
file. This is used for canonifying hostnames when the
service type is "files".
Implement programs on F (read class from file) line. The syntax is
Fc|/path/to/program to read the output from the program
into class "c".
Probe the network interfaces to find alternate names for this
host. Requires the SIOCGIFCONF ioctl call. Code
contributed by SunSoft.
Add "E" configuration line to set or propagate environment
variables into children. "E<envar>" will propagate
the named variable from the environment when sendmail
was invoked into any children it calls; "E<envar>=<value>"
sets the named variable to the indicated value. Any
variables not explicitly named will not be in the child
environment. However, sendmail still forces an
"AGENT=sendmail" environment variable, in part to enforce
at least one environment variable, since many programs and
libraries die horribly if this is not guaranteed.
Change heuristic for rebuilding both NEWDB and NDBM versions of
alias databases -- new algorithm looks for the substring
"/yp/" in the file name. This is more portable and involves
less overhead. Suggested by Motonori Nakamura.
Dynamically allocate the queue work list so that you don't lose
jobs in large queue runs. The old QUEUESIZE compile parameter
is replaced by QUEUESEGSIZE (the unit of allocation, which
should not need to be changed) and the MaxQueueRunSize option,
which is the absolute maximum number of jobs that will ever
be handled in a single queue run. Based on code contributed
by Brian Coan of the Institute for Global Communications.
Log message when a message is dropped because it exceeds the maximum
message size. Suggested by Leo Bicknell of Virginia Tech.
Allow trusted users (those on a T line or in $=t) to use -bs without
an X-Authentication-Warning: added. Suggested by Mark Thomas
of Mark G. Thomas Consulting.
Announce state of compile flags on -d0.1 (-d0.10 throws in the
OS-dependent defines). The old semantic of -d0.1 to not
run the daemon in background has been moved to -d99.100,
and the old 52.5 flag (to avoid disconnect() from closing
all output files) has been moved to 52.100. This makes
things more consistent (flags below .100 don't change
semantics) and separates out the backgrounding so that
it doesn't happen automatically on other unrelated debugging
flags.
If -t is used but no addresses are found in the header, give an
error message rather than just doing nothing. Fix from
Motonori Nakamura.
On systems (like SunOS) where the effective gid is not necessarily
included in the group list returned by getgroups(), the
`restrictmailq' option could sometimes cause an authorized
user to not be able to use `mailq'. Fix from Charles Hannum
of MIT.
Allow symbolic service names for [IPC] mailers. Suggested by
Gerry Magennis of Logica International.
Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs
when running DNS. For example, if the name FTP.Foo.ORG is
a CNAME for Cruft.Foo.ORG, then when sitting on a machine in
the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG"
if this option is not set, or "FTP.Foo.ORG" if it is set.
This is technically illegal under RFC 822 and 1123, but the
IETF is moving toward legalizing it. Note that turning on
this option is not sufficient to guarantee that a downstream
neighbor won't rewrite the address for you.
Add "-m" flag to makesendmail script -- this tells you what object
directory and Makefile it will use, but doesn't actually do
the make.
Do some additional checking on the contents of the qf file to try
to detect attacks against the qf file. In particular,
abort on any line beginning "From ", and add an "end of
file" line -- any data after that line is prohibited.
Always use /etc/sendmail.cf, regardless of the arbitrary vendor
choices. This can be overridden in the Makefile by using
either -DUSE_VENDOR_CF_PATH to get the vendor location
(to the extent that we know it) or by defining
_PATH_SENDMAILCF (which is a "hard override"). This allows
sendmail 8 to have more consistent installation instructions.
Allow macros on `K' line in config file. Suggested by Andrew Chang
of Sun Microsystems.
Improved symbol table hash function from Eric Wassenaar. This one
is at least 50% faster.
Fix problem that didn't notice that timeout on file open was a
transient error. Fix from Larry Parmelee of Cornell
University.
Allow comments (lines beginning with a `#') in files read for
classes. Suggested by Motonori Nakamura.
Make SIGINT (usually ^C) in test mode return to the prompt instead
of dropping out entirely. This makes testing some of the
name server lookups easier to deal with when there are
hung servers. From Motonori Nakamura.
Add new ${opMode} macro that is set to the current operation mode
(e.g., `s' for -bs, `t' for -bt, etc.). Suggested by
Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>.
Add new delivery mode (Odd) that defers all map lookups to queue runs.
Kind of like queue-only mode (Odq) except it tries to avoid
any external service requests; for dial-on-demand hosts that
want to minimize DNS lookups when mail is being queued. For
this to work you will also have to make sure that gethostbyname
of your local host name does not do a DNS lookup.
Improved handling of "out of space" conditions from John Myers of
Carnegie Mellon.
Improved security for mailing to files on systems that have fchmod(2)
support.
Improve "cannot send message for N days" message -- now says "could
not send for past N days". Suggested by Tom Moore of AT&T
Global Information Solutions.
Less misleading Subject: line on messages sent to postmaster only.
From Motonori Nakamura.
Avoid duplicate error messages on bad command line flags. From
Motonori Nakamura.
Better error message for case where ruleset 0 falls off the end
or otherwise does not resolve to a canonical triple.
Fix a problem that could cause multiple bounce messages if a bad
address was sent along with a good address to an SMTP
site where that SMTP site returned a 4yz code in response
to the final dot of the data. Problem reported by David
James of British Telecom.
Add "volatile" declarations so that gcc -O2 will work. Patches
from Alexander Dupuy of System Management ARTS.
Delete duplicates in MX lists -- believe it or not, there are sites
that list the same host twice in an MX list. This deletion
only works on adjacent preferences, so an MX list that
had A=5, B=10, A=15 would leave both As, but one that had
A=5, A=10, B=15 would reduce to A, B. This is intentional,
just in case there is something weird I haven't thought of.
Suggested by Barry Shein of Software Tool & Die.
SECURITY: .forward files cannot be symbolic links. If they are,
a bad guy can read your private files.
PORTABILITY FIXES:
Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>.
System V Release 4 from Motonori Nakamura of Ritsumeikan
University. This expands the disk size
checking to include all (?) SVR4 configurations.
System V Release 4 from Kimmo Suominen -- initgroups(3)
and setrlimit(2) are both available.
System V Release 4 from sob@sculley.ffg.com -- some versions
apparently "have EX_OK defined in other headerfiles."
Linux Makefile typo.
Linux getusershell(3) is broken in Slackware 2.0 --
from Andrew Pam of Xanadu Australia.
More Linux tweaking from John Kennedy of California State
University, Chico.
Cray changes from Eric Wassenaar: ``On Cray, shorts,
ints, and longs are all 64 bits, and all structs
are multiples of 64 bits. This means that the
sizeof operator returns only multiples of 8.
This requires adaptation of code that really
deals with 32 bit or 16 bit fields, such as IP
addresses or nameserver fields.''
DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To
get the old behavior, use -DDGUX_5_4_2.
DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment
variable to fix bogus /bin/mail behavior.
Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>.
This also cleans up some System V Release 4 compile
problems.
Solaris 2: sendmail.cw file should be in /etc/mail to
match all the other configuration files. Fix
from Glenn Barry of Emory University.
Solaris 2.3: compile problem in conf.c. Fix from Alain
Nissen of the University of Liege, Belgium.
Ultrix: freespace calculation was incorrect. Fix from
Takashi Kizu of Osaka University.
SVR4: running in background gets a SIGTTOU because the
emulation code doesn't realize that "getpeername"
doesn't require reading the file. Fix from Peter
Wemm of DIALix.
Solaris 2.3: due to an apparent bug in the socket emulation
library, sockets can get into a "wedged" state where
they just return EPROTO; closing and re-opening the
socket clears the problem. Fix from Bob Manson
of Ohio State University.
Hitachi 3050R & 3050RX running HI-UX/WE2: portability
fixes from Akihiro Hashimoto ("Hash") of Chiba
University.
AIX changes to allow setproctitle to work from Rainer Schöpf
of Zentrum für Datenverarbeitung der Universität
Mainz.
AIX changes for load average from Ed Ravin of NASA/Goddard.
SCO Unix from Chip Rosenthal of Unicom (code was using the
wrong statfs call).
ANSI C fixes from Adam Glass (NetBSD project).
Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers
University.
DG-UX fixes from Bruce Nagel of Data General.
IRIX64 updates from Mark Levinson of the University of
Rochester Medical Center.
Altos System V (``the first UNIX/XENIX merge the Altos
did for their Series 1000 & Series 2000 line;
their merged code was licensed back to AT&T and
Microsoft and became System V release 3.2'') from
Tim Rice <timr@crl.com>.
OSF/1 running on Intel Paragon from Jeff A. Earickson
<jeff@ssd.intel.com> of Intel Scalable Systems
Division.
Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson
<janet@dialix.oz.au>.
System V Release 4 (statvfs semantic fix) from Alain
Durand of I.M.A.G.
HP-UX 10.x multiprocessor load average changes from
Scott Hutton and Jeff Sumler of Indiana University.
Cray CSOS from Scott Bolte of Cray Computer Corporation.
Unicos 8.0 from Douglas K. Rand of the University of North
Dakota, Scientific Computing Center.
Solaris 2.4 fixes from Sanjay Dani of Dani Communications.
ConvexOS 11.0 from Christophe Wolfhugel.
IRIX 4.0.5 from David Ashton-Reader of CADcentre.
ISC UNIX from J. J. Bailey.
HP-UX 9.xx on the 8xx series machines from Remy Giraud
of Meteo France.
HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>.
IRIX 5.2 and 5.3 from Kari E. Hurtta.
FreeBSD 2.0 from Mike Hickey of Federal Data Corporation.
Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura.
Omron LUNA unios-b, mach from Motonori Nakamura.
NEC EWS-UX/V 4.2 from Motonori Nakamura.
NeXT 2.1 from Bryan Costales.
AUX patch thanks to Mike Erwin of Apple Computer.
HP-UX 10.0 from John Beck of Hewlett-Packard.
Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a
non-DEC resolver. Suggested by Allan Johannesen.
UnixWare 2.0 fixes from Petr Lampa of the Technical
University of Brno (Czech Republic).
KSR OS 1.2.2 support from Todd Miller of the University
of Colorado.
UX4800 support from Kazuhisa Shimizu of NEC.
MAKEMAP: allow -d flag to allow insertion of duplicate aliases
in type ``btree'' maps. The semantics of this are undefined
for regular maps, but it can be useful for the user database.
MAKEMAP: lock database file while rebuilding to avoid sendmail
lookups while the rebuild is going on. There is a race
condition between the open(... O_TRUNC ...) and the lock
on the file, but it should be quite small.
SMRSH: sendmail restricted shell added to the release. This can
be used as an alternative to /bin/sh for the "prog" mailer,
giving the local administrator more control over what
programs can be run from sendmail.
MAIL.LOCAL: add this local mailer to the tape. It is not really
part of the release proper, and isn't fully supported; in
particular, it does not run on System V based systems and
never will.
CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon
to allow rmail to compile on systems that don't have
function prototypes and systems that don't have snprintf.
CONTRIB: add the "mailprio" scripts that will help you sort mailing
lists by transaction delay times so that addresses that
respond quickly get sent first. This is to prevent very
sluggish servers from delaying other peoples' mail.
Contributed by Tony Sanders of BSDI.
CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders
of BSDI. This has a lot of comments to help people out.
CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead,
put this on the m4 command line. On GNU m4 (which
supports the __file__ primitive) you can run m4 in an
arbitrary directory -- use either:
m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
or
m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf
On other versions of m4 that don't support __file__, you
can use:
m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ...
(Note the trailing slash on the _CF_DIR_ definition.)
Old versions of m4 will default to _CF_DIR_=.. for back
compatibility.
CONFIG: fix mail from <> so it will properly convert to
MAILER-DAEMON on local addresses.
CONFIG: fix code that was supposed to catch colons in host
names. Problem noted by John Gardiner Myers of CMU.
CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration.
From Paul Riddle of the University of Maryland, Baltimore
County.
CONFIG: Catch and reject "." as a host address.
CONFIG: Generalize domaintable to look up all domains, not
just unqualified ones.
CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it
was never used and didn't work anyway.
CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer
and d on all mailers in the UUCP class.
CONFIG: Allow "user+detail" to be aliased specially: it will first
look for an alias for "user+detail", then for "user+*", and
finally for "user". This is intended for forwarding mail
for system aliases such as root and postmaster to a
centralized hub.
CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above).
CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set.
The F=8 flag is also set on the "relay" mailer, since
this is expected to be another sendmail.
CONFIG: avoid qualifying all UUCP addresses sent via SMTP with
the name of the UUCP_RELAY -- in some cases, this is the
wrong value (e.g., when we have local UUCP connections),
and this can create unreplyable addresses. From Chip
Rosenthal of Unicom.
CONFIG: add confRECEIVED_HEADER to change the format of the
Received: header inserted into all messages. Suggested by
Gary Mills of the University of Manitoba.
CONFIG: Make "notsticky" the default; use FEATURE(stickyhost)
to get the old behavior. I did this upon observing
that almost everyone needed this feature, and that the
concept I was trying to make happen didn't work with
some user agents anyway. FEATURE(notsticky) still works,
but it is a no-op.
CONFIG: Add LUSER_RELAY -- the host to which unrecognized user
names are sent, rather than immediately diagnosing them
as User Unknown.
CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS,
and RELAY_MAILER_ARGS to set the arguments for the
indicated mailers. All default to "IPC $h". Patch from
Larry Parmelee of Cornell University.
CONFIG: pop mailer needs F=n flag to avoid "annoying side effects
on the client side" and F=P to get an appropriate
return-path. From Kimmo Suominen.
CONFIG: add FEATURE(local_procmail) to use the procmail program
as the local mailer. For addresses of the form "user+detail"
the "detail" part is passed to procmail via the -a flag.
Contributed by Kimmo Suominen.
CONFIG: add MAILER(procmail) to add an interface to procmail for
use from mailertables. This lets you execute arbitrary
procmail scripts. Contributed by Kimmo Suominen.
CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers.
CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From
Paul Southworth of CICNet Systems Support.
CONFIG: use -a$g as default to UUCP mailers, instead of -a$f.
This causes the null return path to be rewritten as
MAILER-DAEMON; otherwise UUCP gets horribly confused.
From Michael Hohmuth of Technische Universitat Dresden.
CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that
list us as the best possible MX record to be treated as
though they were local (essentially, assume that they
are included in $=w). This can cause additional DNS
traffic, but is easier to administer if this fits your
local model. It does not work reliably if there are
multiple hosts that share the best MX preference.
Code contributed by John Oleynick of Rutgers.
CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted
SHell) instead of /bin/sh as the program used for delivery
to programs. If an argument is included, it is used as
the path to smrsh; otherwise, /usr/local/etc/smrsh is
assumed.
CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the
size of messages to the local and procmail mailers
respectively. Contributed by Brad Knowles of the Defense
Information Systems Agency.
CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments
(just like text outside of angle brackets) in order to
properly deal with ``group: addr1, ... addrN;'' syntax.
CONFIG: Require OSTYPE macro (the defaults really don't apply to
any real systems any more) and tweak the DOMAIN macro
so that it is less likely that users will accidentally use
the Berkeley defaults. Also, create some generic files
that really can be used in the real world.
CONFIG: Add new configuration macros to set character sets for
messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET,
SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET.
CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency.
The old name will still be accepted for a while at least.
CONFIG: Implement DECNET_RELAY as spec for host to which DECNET
mail (.DECNET pseudo-domain or node::user) will be sent.
As with all relays, it can be ``mailer:hostname''. Suggested
by Scott Hutton.
CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed
by Barb Dijker of Labyrinth Computer Services.
CONFIG: change confCHECK_ALIASES to default to False -- it has poor
performance for large alias files, and this confused many
people.
CONFIG: Add confCF_VERSION to append local information to the
configuration version number displayed during SMTP startup.
CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it
would only work when locally addressed. Fix from
Edvard Tuinder of Cistron Internet Services.
CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option
"n" (CheckAliases) is set when rebuilding alias database.
Based on code contributed by Claude Marinier.
CONFIG: Allow mailertable to have values of the form
``error:code message''. The ``code'' is a status code
derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE.
Contributed by David James <dwj@agw.bt.co.uk>.
CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of
sender domains that will be replaced with the masquerade name.
These domains will not be treated as local, but if mail passes
through with sender addresses in those domains they will be
replaced by the masquerade name. These can also be specified
in a file using MASQUERADE_DOMAIN_FILE(filename).
CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope
as well as the header. Substantial improvements to this
code were contributed by Per Hedeland.
CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be
accessed from a mailertable to do CCSO ph lookups. Contributed
by Kimmo Suominen.
CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be
used to define cyrus and cyrusbb mailers (for IMAP support).
Contributed by John Gardiner Myers of Carnegie Mellon.
CONFIG: add confUUCP_MAILER to select default mailer to use for
UUCP addressing. Suggested by Tom Moore of AT&T GIS.
NEW FILES:
cf/cf/cs-hpux10.mc
cf/cf/cs-solaris2.mc
cf/cf/cyrusproto.mc
cf/cf/generic-bsd4.4.mc
cf/cf/generic-hpux10.mc
cf/cf/generic-hpux9.mc
cf/cf/generic-osf1.mc
cf/cf/generic-solaris2.mc
cf/cf/generic-sunos4.1.mc
cf/cf/generic-ultrix4.mc
cf/cf/huginn.cs.mc
cf/domain/berkeley-only.m4
cf/domain/generic.m4
cf/feature/bestmx_is_local.m4
cf/feature/local_procmail.m4
cf/feature/masquerade_envelope.m4
cf/feature/smrsh.m4
cf/feature/stickyhost.m4
cf/feature/use_ct_file.m4
cf/m4/cfhead.m4
cf/mailer/cyrus.m4
cf/mailer/mail11.m4
cf/mailer/phquery.m4
cf/mailer/procmail.m4
cf/ostype/amdahl-uts.m4
cf/ostype/bsdi2.0.m4
cf/ostype/hpux10.m4
cf/ostype/irix5.m4
cf/ostype/isc4.1.m4
cf/ostype/ptx2.m4
cf/ostype/unknown.m4
contrib/bsdi.mc
contrib/mailprio
contrib/rmail.oldsys.patch
mail.local/mail.local.0
makemap/makemap.0
smrsh/README
smrsh/smrsh.0
smrsh/smrsh.8
smrsh/smrsh.c
src/Makefiles/Makefile.CSOS
src/Makefiles/Makefile.EWS-UX_V
src/Makefiles/Makefile.HP-UX.10
src/Makefiles/Makefile.IRIX.5.x
src/Makefiles/Makefile.IRIX64
src/Makefiles/Makefile.ISC
src/Makefiles/Makefile.KSR
src/Makefiles/Makefile.NEWS-OS.4.x
src/Makefiles/Makefile.NEWS-OS.6.x
src/Makefiles/Makefile.NEXTSTEP
src/Makefiles/Makefile.NonStop-UX
src/Makefiles/Makefile.Paragon
src/Makefiles/Makefile.SCO.3.2v4.2
src/Makefiles/Makefile.SunOS.5.3
src/Makefiles/Makefile.SunOS.5.4
src/Makefiles/Makefile.SunOS.5.5
src/Makefiles/Makefile.UNIX_SV.4.x.i386
src/Makefiles/Makefile.uts.systemV
src/Makefiles/Makefile.UX4800
src/aliases.0
src/mailq.0
src/mime.c
src/newaliases.0
src/sendmail.0
test/t_seteuid.c
RENAMED FILES:
cf/cf/alpha.mc => cf/cf/s2k-osf1.mc
cf/cf/chez.mc => cf/cf/chez.cs.mc
cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc
cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc
cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc
cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc
cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc
cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc
cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4
cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4
cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4
cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4
cf/ostype/hpux.m4 => cf/ostype/hpux9.m4
cf/ostype/irix.m4 => cf/ostype/irix4.m4
cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4
src/Makefile.* => src/Makefiles/Makefile.*
src/Makefile.AUX => src/Makefiles/Makefile.A-UX
src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS
src/Makefile.DGUX => src/Makefiles/Makefile.dgux
src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS
src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0
OBSOLETED FILES:
cf/cf/cogsci.mc
cf/cf/cs-exposed.mc
cf/cf/cs-hidden.mc
cf/cf/hpux-cs-hidden.mc
cf/cf/knecht.mc
cf/cf/osf1-cs-hidden.mc
cf/cf/sunos3.5-cs-exposed.mc
cf/cf/sunos3.5-cs-hidden.mc
cf/cf/sunos4.1-cs-hidden.mc
cf/cf/ultrix4.1-cs-hidden.mc
cf/domain/cs-hidden.m4
contrib/rcpt-streaming
src/Makefiles/Makefile.SunOS.5.x
8.6.13/8.6.12 1996/01/25
SECURITY: In some cases it was still possible for an attacker to
insert newlines into a queue file, thus allowing access to
any user (except root).
CONFIG: no changes -- it is not a bug that the configuration
version number is unchanged.
8.6.12/8.6.12 1995/03/28
Fix to IDENT code (it was getting the size of the reply buffer
too small, so nothing was ever accepted). Fix from several
people, including Allan Johannesen, Shane Castle of the
Boulder County Information Services, and Jeff Smith of
Warwick University (all arrived within a few hours of
each other!).
Fix a problem that could cause large jobs to run out of
file descriptors on systems that use vfork() rather
than fork().
8.6.11/8.6.11 1995/03/08
The ``possible attack'' message would be logged more often
than necessary if you are using Pine as a user agent.
The wrong host would be reported in the ``possible attack''
message when attempted from IDENT.
In some cases the syslog buffer could be overflowed when
reporting the ``possible attack'' message. This can
cause denial of service attacks. Truncate the message
to 80 characters to prevent this problem.
When reading the IDENT response a loop is needed around the
read from the network to ensure that you don't get
partial lines.
Password entries without any shell listed (that is, a null
shell) wouldn't match as "ok". Problem noted by
Rob McMahon.
When running BIND 4.9.x a problem could occur because the
_res.options field is initialized differently than it
was historically -- this requires that sendmail call
res_init before it tweaks any bits.
Fix an incompatibility in openxscript() between the file open mode
and the stdio mode passed to fdopen. This caused UnixWare
2.0 to have conniptions. Fix from Martin Sohnius of
Novell Labs Europe.
Fix problem with static linking of local getopt routine when
using GNU's ld command. Fix from John Kennedy of
Cal State Chico.
It was possible to turn off privacy flags. Problem noted by
*Hobbit*.
Be more paranoid about writing files. Suggestions by *Hobbit*
and Liudvikas Bukys.
MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
from Spider Boardman.
CONFIG: No changes (version number only, to keep it in sync
with the binaries).
8.6.10/8.6.10 1995/02/10
SECURITY: Diagnose bogus values to some command line flags that
could allow trash to get into headers and qf files.
Validate the name of the user returned by the IDENT protocol.
Some systems that really dislike IDENT send intentionally
bogus information. Problem pointed out by Michael Bushnell
of the Free Software Foundation. Has some security
implications.
Fix a problem causing error messages about DNS problems when
the host name contained a percent sign to act oddly
because it was passed as a printf-style format string.
In some cases this could cause core dumps.
Avoid possible buffer overrun in returntosender() if error
message is quite long. From Fletcher Mattox of the
University of Texas.
Fix a problem that would silently drop "too many hops" error
messages if and only if you were sending to an alias.
From Jon Giltner of the University of Colorado and
Dan Harton of Oak Ridge National Laboratory.
Fix a bug that caused core dumps on some systems if -d11.2 was
set and e->e_message was null. Fix from Bruce Nagel of
Data General.
Fix problem that can still cause df files to be left around
after "hop count exceeded" messages. Fix from Andrew
Chang and Shau-Ping Lo of SunSoft.
Fix a problem that can cause buffer overflows on very long
user names (as might occur if you piped to a program
with a lot of arguments).
Avoid returning an error and re-queueing if the host signature
is null; this can occur on addresses like ``user@.''.
Problem noted by Wesley Craig and the University of
Michigan.
Avoid possible calls to malloc(0) if MCI caching is turned
off. Bug fix from Pierre David of the Laboratoire
Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
Universite de Versailles - St Quentin, and Jacky
Thibault.
Make a local copy of the line being sent via senttolist() -- in
some cases, buffers could get trashed by map lookups
causing it to do unexpected things. This also simplifies
some of the map code.
CONFIG: No changes (version number only, to keep it in sync
with the binaries).
8.6.9/8.6.9 1994/04/19
Do all mail delivery completely disconnected from any terminal.
This provides consistency with daemon delivery and
may have some security implications.
Make sure that malloc doesn't get called with zero size,
since that fails on some systems. Reported by Ed
Hill of the University of Iowa.
Fix multi-line values for $e (SMTP greeting message). Reported
by Mike O'Connor of Ford Motor Company.
Avoid syserr if no NIS domain name is defined, but the map it
is trying to open is optional. From Win Bent of USC.
Changes for picky compilers from Ed Gould of Digital Equipment.
Hesiod support for UDB from Todd Miller of the University of
Colorado. Use "hesiod" as the service name in the U
option.
Fix a problem that failed to set the "authentic" host name (that
is, the one derived from the socket info) if you called
sendmail -bs from inetd. Based on code contributed by
Todd Miller (this problem was also reported by Guy Helmer
of Dakota State University). This also fixes a related
problem reported by Liudvikas Bukys of the University of
Rochester.
Parameterize "nroff -h" in all the Makefiles so people with
variant versions can use them easily. Suggested by
Peter Collinson of Hillside Systems.
SMTP "MAIL" commands with multiple ESMTP parameters required two
spaces between parameters instead of one. Reported by
Valdis Kletnieks of Virginia Tech.
Reduce the number of system calls during message collection by
using global timeouts around the collect() loop. This
code was contributed by Eric Wassenaar.
If the initial hostname name gathering results in a name
without a dot (usually caused by NIS misconfiguration)
and BIND is compiled in, directly access DNS to get
the canonical name. This should make life easier for
Solaris systems. If it still can't be resolved, and
if the name server is listed as "required", try again
in 30 seconds. If that also fails, exit immediately to
avoid bogus "config error: mail loops back to myself"
messages.
Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error
message to explain how much space was available and
sound a bit less threatening. Suggested by Stan Janet
of the National Institute of Standards and Technology.
If mail is delivered to an alias that has an owner, deliver any
requested return-receipt immediately, and strip the
Return-Receipt-To: header from the subsequent message.
This prevents a certain class of denial of service
attack, arguably gives more reasonable semantics, and
moves things more towards what will probably become a
network standard. Suggested by Christopher Davis of
Kapor Enterprises.
Add a "noreceipts" privacy flag to turn off all return receipts
without recompiling.
Avoid printing ESMTP parameters as part of the error message
if there are errors during parsing. This change is
purely cosmetic.
Avoid sending out error messages during the collect phase of
SMTP; there is an MVS mailer from UCLA that gets
confused by this. Of course, I think it's their bug....
Check for the $j macro getting undefined, losing a dot, or getting
lost from $=w in the daemon before accepting a connection;
if it is, it dumps state, prints a LOG_ALERT message,
and drops core for debugging. This is an attempt to
track down a bug that I thought was long since gone.
If you see this, please forward the log fragment to
sendmail@sendmail.ORG.
Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
with -DOLD_NEWDB=0 on the command line. From Christophe
Wolfhugel.
Instead of trying to truncate the listen queue for the server
SMTP port when the load average is too high, just close
the port completely and reopen it later as needed.
This ensures that the other end gets a quick "connection
refused" response, and that the connection can be
recovered later. In particular, some socket emulations
seem to get confused if you tweak the listen queue
size around and can never start listening to connections
again. The down side is that someone could start up
another daemon process in the interim, so you could
have multiple daemons all not listening to connections;
this could in turn cause the sendmail.pid file to be
incorrect. A better approach might be to accept the
connection and give a 421 code, but that could break
other mailers in mysterious ways and have paging behavior
implications.
Fix a glitch in TCP-level debugging that caused flag 16.101 to
set debugging on the wrong socket. From Eric Wassenaar.
When creating a df* temporary file, be sure you truncate any
existing data in the file -- otherwise system crashes
and the like could result in extra data being sent.
DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
doc directory. This includes some additional
information.
CONFIG: change UUCP rules to never add $U! or $k! on the front
of recipient envelope addresses. This should have been
handled by the $&h trick, but broke if people were
mixing domainized and UUCP addresses. They should
probably have converted all the way over to uucp-uudom
instead of uucp-{new,old}, but the failure mode was to
loop the mail, which was bad news.
Portability fixes:
Newer BSDI systems (several people).
Older BSDI systems from Christophe Wolfhugel.
Intergraph CLIX, from Paul Southworth of CICNet.
UnixWare, from Evan Champion.
NetBSD from Adam Glass.
Solaris from Quentin Campbell of the University of
Newcastle upon Tyne.
IRIX from Dean Cookson and Bill Driscoll of Mitre
Corporation.
NCR 3000 from Kevin Darcy of Chrysler Financial Corporation.
SunOS (it has setsid() and setvbuf() calls) from
Jonathan Kamens of OpenVision Technologies.
HP-UX from Tor Lillqvist.
New Files:
src/Makefile.CLIX
src/Makefile.NCR3000
doc/changes/Makefile
doc/changes/changes.me
doc/changes/changes.ps
8.6.8/8.6.6 1994/03/21
SECURITY: it was possible to read any file as root using the
E (error message) option. Reported by Richard Jones;
fixed by Michael Corrigan and Christophe Wolfhugel.
8.6.7/8.6.6 1994/03/14
SECURITY: it was possible to get root access by using weird
values to the -d flag. Thanks to Alain Durand of
INRIA for forwarding me the notice from the bugtraq
list.
8.6.6/8.6.6 1994/03/13
SECURITY: the ability to give files away on System V-based
systems proved dangerous -- don't run as the owner
of a :include: file on a system that allows giveaways.
Unfortunately, this also applies to determining a
valid shell.
IMPORTANT: Previous versions weren't expiring old connections
in the connection cache for a long time under some
circumstances. This could result in resource exhaustion,
both at your end and at the other end. This checks the
connections for timeouts much more frequently. From
Doug Anderson of NCSC.
Fix a glitch that snuck in that caused programs to be run as
the sender instead of the recipient if the mail was
from a local user to another local user. From
Motonori Nakamura of Kyoto University.
Fix "wildcard" on /etc/shells matching -- instead of looking
for "*", look for "/SENDMAIL/ANY/SHELL/". From
Bryan Costales of ICSI.
Change the method used to declare the "statfs" availability;
instead of HASSTATFS and/or HASUSTAT with a ton of
tweaking in conf.c, there is a single #define called
SFS_TYPE which takes on one of six values (SFS_NONE
for no statfs availability, SFS_USTAT for the ustat(2)
syscall, SFS_4ARGS for a four argument statfs(2) call,
and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument
statfs(2) call with the declarations in <sys/vfs.h>,
<sys/mount.h>, or <sys/statfs.h> respectively).
Fix glitch in NetInfo support that could return garbage if
there was no "/locations/sendmail" property. From
David Meyer of the University of Virginia.
Change HASFLOCK from defined/not-defined to a 0/1 definition
to allow Linux to turn it off even though it is a
BSD-like system.
Allow setting of "ident" timeout to zero to turn off the ident
protocol entirely.
Make 7-bit stripping local to a connection (instead of to a
mailer); this allows you to specify that SMTP is a
7-bit channel, but revert to 8-bit should it advertise
that it supports 8BITMIME. You still have to specify
mailer flag 7 to get this stripping at all.
Improve makesendmail script so it handles more cases automatically.
Tighten up restrictions on taking ownership of :include: files
to avoid problems on systems that allow you to give away
files.
Fix a problem that made it impossible to rebuild the alias
file if it was on a read-only file system. From
Harry Edmon of the University of Washington.
Improve MX randomization function. From John Gardiner Myers
of CMU.
Fix a minor glitch causing a bogus message to be printed (used
%s instead of %d in a printf string for the line number)
when a bad queue file was read. From Harry Edmon.
Allow $s to remain NULL on locally generated mail. I'm not
sure this is necessary, but a lot of people have complained
about it, and there is a legitimate question as to whether
"localhost" is legal as an 822-style domain.
Fix a problem with very short line lengths (mailer L= flag) in
headers. This causes a leading space to be added onto
continuation lines (including in the body!), and also
tries to wrap headers containing addresses (From:, To:,
etc) intelligently at the shorter line lengths. Problem
Reported by Lars-Johan Liman of SUNET Operations Center.
Log the real user name when logging syserrs, since these can have
security implications. Suggested by several people.
Fix address logging of cached connections -- it used to always
log the numeric address as zero. This is a somewhat
bogus implementation in that it does an extra system
call, but it should be an inexpensive one. Fix from
Motonori Nakamura.
Tighten up handling of short syslog buffers even more -- there
were cases where the outgoing relay= name was too long
to share a line with delay= and mailer= logging.
Limit the overhead on split envelopes to one open file descriptor
per envelope -- previously the overhead was three
descriptors. This was in response to a problem reported
by P{r (Pell) Emanuelsson.
Fixes to better handle the case of unexpected connection closes;
this redirects the output to the transcript so the info
is not lost. From Eric Wassenaar.
Fix potential string overrun if you macro evaluate a string that
has a naked $ at the end. Problem noted by James Matheson
<jmrm@eng.cam.ac.uk>.
Make default error number on $#error messages 553 (``Requested
action not taken: mailbox name not allowed'') instead of
501 (``Syntax error in parameters or arguments'') to
avoid bogus "protocol error" messages.
Strip off any existing trailing dot on names during $[ ... $]
lookup. This prevents it from ending up with two dots
on the end of dot terminated names. From Wesley Craig
of the University of Michigan and Bryan Costales of ICSI.
Clean up file class reading so that the debugging information is
more informative. It hadn't been using setclass, so you
didn't see the class items being added.
Avoid core dump if you are running a version of sendmail where
NIS is compiled in, and you specify an NIS map, but
NIS is not running. Fix from John Oleynick of
Rutgers.
Diagnose bizarre case where res_search returns a failure value,
but sets h_errno to a success value.
Make sure that "too many hops" messages are considered important
enough to send an error to the Postmaster (that is, the
address specified in the P option). This fix should
help problems that cause the df file to be left around
sometimes -- unfortunately, I can't seem to reproduce
the problem myself.
Avoid core dump (null pointer reference) on EXPN command; this
only occurred if your log level was set to 10 or higher
and the target account was an alias or had a .forward file.
Problem noted by Janne Himanka.
Avoid "denial of service" attacks by someone who is flooding your
SMTP port with bad commands by shutting the connection
after 25 bad commands are issued. From Kyle Jones of
UUNET.
Fix core dump on error messages with very long "to" buffers;
fmtmsg overflows the message buffer. Fixed by trimming
the to address to 203 characters. Problem reported by
John Oleynick.
Fix configuration for HASFLOCK -- there were some spots where
a #ifndef was incorrectly #ifdef. Pointed out by
George Baltz of the University of Maryland.
Fix a typo in savemail() that could cause the error message To:
lists to be incorrect in some places. From Motonori
Nakamura.
Fix a glitch that can cause duplicate error messages on split
envelopes where an address on one of the lists has a
name server failure. Fix from Voradesh Yenbut of the
University of Washington.
Fix possible bogus pointer reference on ESMTP parameters that
don't have an ``=value'' part.
CNAME loops caused an error message to be generated, but also
re-queued the message. Changed to just re-queue the
message (it's really hard to just bounce it because
of the weird way the name server works in the presence
of CNAME loops). Problem noted by James M.R.Matheson
of Cambridge University.
Avoid giving ``warning: foo owned process doing -bs'' messages
if they use ``MAIL FROM:<foo>'' where foo is their true
user name. Suggested by Andreas Stolcke of ICSI.
Change the NAMED_BIND compile flag to be a 0/1 flag so you can
override it easily in the Makefile -- that is, you can
turn it off using -DNAMED_BIND=0.
If a gethostbyname(...) of an address with a trailing dot fails,
try it without the trailing dot. This is because if
you have a version of gethostbyname() that falls back
to NIS or the /etc/hosts file it will fail to find
perfectly reasonable names that just don't happen to
be dot terminated in the hosts file. You don't want to
strip the dot first though because we're trying to ensure
that country names that match one of your subdomains get
a chance.
PRALIASES: fix bogus output on non-null-terminated strings.
From Bill Gianopoulos of Raytheon.
CONFIG: Avoid rewriting anything that matches $w to be $j.
This was in code intended to only catch the self-literal
address (that is, [1.2.3.4], where 1.2.3.4 is your
IP address), but the code was broken. However, it will
still do this if $M is defined; this is necessary to
get client configurations to work (sigh). Note that this
means that $M overrides :mailname entries in the user
database! Problem noted by Paul Southworth.
CONFIG: Fix definition of Solaris help file location. From
Steve Cliffe <steve@gorgon.cs.uow.edu.au>.
CONFIG: Fix bug that broke news.group.USENET mappings.
CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX,
and USENET_MAILER_MAX to tweak the maximum message
size for various mailers.
CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0]
instead of assuming that it is "inews" for consistency
with other mailers. From Michael Corrigan of UC San Diego.
CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB,
qualify the address in the SMTP envelope as user@{relay|hub}
instead of user@$j. From Bill Wisner of The Well.
CONFIG: Fix route-addr syntax in nullrelay configuration set.
CONFIG: Don't turn off case mapping of user names in the local
mailer for IRIX. This was different than most every other
system.
CONFIG: Avoid infinite loops on certainly list:; syntaxes in
envelope. Noted by Thierry Besancon
<besancon@excalibur.ens.fr>.
CONFIG: Don't include -z by default on uux line -- most systems
don't want it set by default. Pointed out by Philippe
Michel of Thomson CSF.
CONFIG: Fix some bugs with mailertables -- for example, if your
host name was foo.bar.ray.com and you matched against
".ray.com", the old implementation bound %1 to "bar"
instead of "foo.bar". Also, allow "." in the mailertable
to match anything -- essentially, take over SMART_HOST.
This also moves matching of explicit local host names
before the mailertable so they don't have to be special
cased in the mailertable data. Reported by Bill
Gianopoulos of Raytheon; the fix for the %1 binding
problem was contributed by Nicholas Comanos of the
University of Sydney.
CONFIG: Don't include "root" in class $=L (users to deliver
locally, even if a hub or relay exists) by default.
This is because of the known bug where definition of
both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore
both and deliver into the local mailbox.
CONFIG: Move up bitdomain and uudomain handling so that they
are done before .UUCP class matching; uudomain was
reported as ineffective before. This also frees up
diversion 8 for future use. Problem reported by Kimmo
Suominen.
CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4])
into host names. As pointed out by Jonathan Kamens,
these are often used because either the forward or reverse
mapping is broken; this translation makes it broken again.
DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo
Suominen.
Portability fixes:
Unicos from David L. Kensiski of Sterling Software.
DomainOS from Don Lewis of Silicon Systems.
GNU m4 1.0.3 from Karst Koymans of Utrecht University.
Convex from Kimmo Suominen <kim@tac.nyc.ny.us>.
NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>.
BSD/386 from Tony Sanders of BSDI.
Apollo from Eric Wassenaar.
DGUX from Doug Anderson.
Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent.
NEW FILES:
src/Makefile.DomainOS
src/Makefile.PTX
src/Makefile.SunOS.5.1
src/Makefile.SunOS.5.2
src/Makefile.SunOS.5.x
src/mailq.1
cf/ostype/domainos.m4
doc/op/Makefile
doc/intro/Makefile
doc/usenix/Makefile
8.6.5/8.6.5 1994/01/13
Security fix: /.forward could be owned by anyone (the test
to allow root to own any file was backwards). From
Bob Campbell at U.C. Berkeley.
Security fix: group ids were not completely set when programs
were invoked. This caused programs to have group
permissions they should not have had (usually group
daemon instead of their own group). In particular,
Perl scripts would refuse to run.
Security: check to make sure files that are written are not
symbolic links (at least under some circumstances).
Although this does not respond to a specific known
attack, it's just a good idea. Suggested by
Christian Wettergren.
Security fix: if a user had an NFS mounted home directory on
a system with a restricted shell listed in their
/etc/passwd entry, they could still execute any
program by putting that in their .forward file.
This fix prevents that by insisting that their shell
appear in /etc/shells before allowing a .forward to
execute a program or write a file. You can disable
this by putting "*" in /etc/shells. It also won't
permit world-writable :include: files to reference
programs or files (there's no way to disable this).
These behaviors are only one level deep -- for
example, it is legal for a world-writable :include:
file to reference an alias that writes a file, on
the assumption that the alias file is well controlled.
Security fix: root was not treated suspiciously enough when
looking into subdirectories. This would potentially
allow a cracker to examine files that were publicly
readable but in a non-publicly searchable directory.
Fix a problem that causes an error on QUIT on a cached
connection to create problems on the current job.
These are typically unrelated, so errors occur in
the wrong place.
Reset CurrentLA in sendall() -- this makes sendmail queue
runs more responsive to load average, and fixes a
problem that ignored the load average in locally
generated mail. From Eric Wassenaar.
Fix possible core dump on aliases with null LHS. From
John Orthoefer of BB&N.
Revert to using flock() whenever possible -- there are just
too many bugs in fcntl() locking, particularly over
NFS, that cause sendmail to fail in perverse ways.
Fix a bug that causes the connection cache to get confused
when sending error messages. This resulted in
"unexpected close" messages. It should fix itself
on the following queue run. Problem noted by
Liudvikas Bukys of the University of Rochester.
Include $k in $=k as documented in the Install & Op Guide.
This seems odd, but it was documented.... From
Michael Corrigan of UCSD.
Fix problem that caused :include:s from alias files to be
forced to be owned by root instead of daemon
(actually DefUid). From Tim Irvin.
Diagnose unrecognized I option values -- from Mortin Forssen
of the Chalmers University of Technology.
Make "error" mailer work consistently when there is no error
code associated with it -- previously it returned OK
even though there was a real problem. Now it assumes
EX_UNAVAILABLE.
Fix bug that caused the last header line of messages that had
no body and which were terminated with EOF instead of
"." to be discarded. Problem noted by Liudvikas Bukys.
Fix core dump on SMTP mail to programs that failed -- it tried
to go to a "next MX host" when none existed, causing
a core dump. From der Mouse at McGill University.
Change IDENTPROTO from a defined/not defined to a 0/1 switch;
this makes it easier to turn it off (using
-DIDENTPROTO=0 in the Makefile). From der Mouse.
Fix YP_MASTER_NAME store to use the unupdated result of
gethostname() (instead of myhostname(), which tries
to fully qualify the name) to be consistent with
SunOS. If your hostname is unqualified, this fixes
- transfers to slave servers. Bug noted by Keith
+ transfers to secondary servers. Bug noted by Keith
McMillan of Ameritech Services, Inc.
Fix Ultrix problem: gethostbyname() can return a very large
(> 500) h_length field, which causes the sockaddr
to be trashed. Use the size of the sockaddr instead.
Fix from Bob Manson of Ohio State.
Don't assume "-a." on host lookups if NAMED_BIND is not
defined -- this confuses gethostbyname on hosts
file lookups, which doesn't understand the trailing
dot convention.
Log SMTP server subprocesses that die with a signal instead
of from a clean exit.
If you don't have option "I" set, don't assume that a DNS
"host unknown" message is authoritative -- it
might still be found in /etc/hosts.
Fix a problem that would cause Deferred: messages to be sent
as the subject of an error message, even though the
actual cause of a message was more severe than that.
Problem noted by Chris Seabrook of OSSI.
Fix race condition in DBM alias file locking. From Kyle
Jones of UUNET.
Limit delivery syslog line length to avoid bugs in some
versions of syslog(3). This adds a new compile time
variable SYSLOG_BUFSIZE. From Jay Plett of Princeton
University, which is in turn derived from IDA.
Fix quotes inside of comments in addresses -- previously
it insisted that they be balanced, but the 822 spec
says that they should be ignored.
Dump open file state to syslog upon receiving SIGUSR1 (for
debugging). This also evaluates ruleset 89, if set
(with the null input), and logs the result. This
should be used sparingly, since the rewrite process
is not reentrant.
Change -qI, -qR, and -qS flags to be case-insensitive as
documented in the Bat Book.
If the mailer returned EX_IOERR or EX_OSERR, sendmail did not
return an error message and did not requeue the message.
Fix based on code from Roland Dirlewanger of
Reseau Regional Aquarel, Bordeaux, France.
Fix a problem that caused a seg fault if you got a 421 error
code during some parts of connection initialization.
I've only seen this when talking to buggy mailers on
the other end, but it shouldn't give a seg fault in
any case. From Amir Plivatsky.
Fix core dump caused by a ruleset call that returns null.
Fix from Bryan Costales of ICSI.
Full-Name: field was being ignored. Fix from Motonori Nakamura
of Kyoto University.
Fix a possible problem with very long input lines in setproctitle.
From P{r Emanuelsson.
Avoid putting "This is a warning message" out on return receipts.
Suggested by Douglas Anderson.
Detect loops caused by recursive ruleset calls. Suggested by
Bryan Costales.
Initialize non-alias maps during alias rebuilds -- they may be
needed for parsing. Problem noted by Douglas Anderson.
Log sender address even if no message was collected in SMTP
(e.g., if all RCPTs failed). Suggested by Motonori
Nakamura.
Don't reflect the owner-list contents into the envelope sender
address if the value contains ", :, /, or | (to avoid
illegal addresses appearing there).
Efficiency hack for toktype macro -- from Craig Partridge of
BB&N.
Clean up DNS error printing so that a host name is always
included.
Remember to set $i during queue runs. Reported by Stephen
Campbell of Dartmouth University.
If the environment variable HOSTALIASES is set, use it during
canonification as the name of a file with per-user host
translations so that headers are properly mapped. Reported
by Anne Bennett of Concordia University.
Avoid printing misleading error message if SMTP mailer (not
using [IPC]) should die on a core dump.
Avoid incorrect diagnosis of "file 1 closed" when it is caused
by the other end closing the connection. From
Dave Morrison of Oracle.
Improve several of the error messages printed by "mailq"
to include a host name or other useful information.
Add NetInfo preliminary support for NeXT systems. From Vince
DeMarco.
Fix a glitch that sometimes caused :include:s that pointed to
NFS filesystems that were down to give an "aliasing/
forwarding loop broken" message instead of queueing
the message for retry. Noted by William C Fenner of
the NRL Connection Machine Facility.
Fix a problem that could cause a core dump if the input sequence
had (or somehow acquired) a \231 character.
Make sure that route-addrs always have <angle brackets> around
them in non-SMTP envelopes (SMTP envelopes already do
this properly).
Avoid weird headers on unbalanced punctuation of the form:
``Joe User <user)'' -- this caused reference to the
null macro. Fix from Rick McCarty of IO.COM.
Fix a problem that caused an alias "user: user@local.host" to
not have the QNOTREMOTE bit set; this caused configs
to act as if FEATURE(notsticky) was defined even when
it was not. The effect of the problem was to make it
very hard to to set up satellite sites that had a few
local accounts, with everything else forwarded to a
corporate hub. Reported by Detlef Drewanz of the
University of Rostock and Mark Frost of NCD.
Change queuing to not call rulesets 3, {1 or 2}, 4 on header
addresses. This is more efficient (fewer name server
calls) and fixes certain unusual configurations, such
as those that have ruleset 4 do something that is
non-idempotent unless a mailer-specific ruleset did
something else. Problem reported by Brian J. Coan
of the Institute for Global Communications.
Fix the "obsolete argument" routine in main to better understand
new arguments. For example, if you used ``sendmail
-C config -v -q'' it would choke on the -q because
the -C would stop looking for old-format arguments.
Fix the code that was intended to allow two users to forward their
mail to the same program and have them appear unique.
Portability fixes for:
SCO UNIX from Murray Kucherawy.
SCO Open Server 3.2v4 from Philippe Brand.
System V Release 4 from Rick Ellis and others.
OSF/1 from Steve Campbell.
DG/UX from Ben Mesander of the USGS and Bryan Curnutt
of Stoner Associates.
Motorola SysV88 from Kevin Johnson of Motorola.
Solaris 2.3 from Casper H.S. Dik of the University
of Amsterdam and John Caruso of University
of Maryland.
FreeBSD from Ollivier Robert.
NetBSD from Adam Glass.
TitanOS from Kate Hedstrom of Rutgers University.
Irix from Bryan Curnutt.
Dynix from Jim Davis of the University of Arizona.
RISC/os.
Linux from John Kennedy of California State University
at Chico.
Solaris 2.x from Tony Boner of the U.S. Air Force.
NEXTSTEP 3.x from Vince DeMarco.
HP-UX from various people. NOTA BENE: the location
of the config file has moved to /usr/lib
to match the HP-UX version of sendmail.
CONFIG: Don't do any recipient rewriting on relay mailer;
since this is intended only for internal use, the
usual RFC 821/822/1123 rules can be relaxed. The
main point of this is to avoid munging (ugh) UUCP
addresses when relaying internally.
CONFIG: fix typo in mailer/uucp.m4 that mutilates list:;
syntax addresses delivered via UUCP. Solution
provided by Peter Wemm.
CONFIG: fix thumb-fumble in default UUCP relaying in ruleset
zero; it caused double @ signs in addresses. From
Irving Reid of the University of Toronto.
CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1
from Markku Toijala of ICL Personal Systems Oy.
CONFIG: Add trailing "." on pseudo-domains for consistency;
this fixes a problem (noted by Al Whaley of Sunnyside)
that made it hard to recognize your own pseudodomain
names.
CONFIG: catch "@host" syntax errors (i.e., null local-parts)
rather than letting them get "local configuration
error"s. Problem noted by John Gardiner Myers.
CONFIG: add uucp-uudom mailer variant, based on code posted
by Spider Boardman <spider@Orb.Nashua.NH.US>; this
has uucp-dom semantics but old UUCP syntax. This
also permits "uucp-old" as an alias for "uucp" and
"uucp-new" as a synonym for "suucp" for consistency.
CONFIG: add POP mailer support (from Kimmo Suominen
<kim@grendel.lut.fi>).
CONFIG: drop CSNET_RELAY support -- CSNET is long gone.
CONFIG: fix bug caused with domain literal addresses (e.g.,
``[128.32.131.12]'') when FEATURE(allmasquerade)
was set; it would get an additional @masquerade.host
added to the address. Problem noted by Peter Wan
of Georgia Tech.
CONFIG: make sure that the local UUCP name is in $=w. From
Jim Murray of Stratus.
CONFIG: changes to UUCP rewriting to simulate IDA-style "V"
mailer flag. Briefly, if you are sending to host
"foo", then it rewrites "foo!...!baz" to "...!baz",
"foo!baz" remains "foo!baz", and anything else has
the local name prepended.
CONFIG: portability fixes for HP-UX.
DOC: several minor problems fixed in the Install & Op Guide.
MAKEMAP: fix core dump problem on lines that are too long or
which lack newline. From Mark Delany.
MAILSTATS: print sums of columns (total messages & kbytes
in and out of the system). From Tom Ferrin of UC
San Francisco Computer Graphics Lab.
SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES:
On HP-UX, /etc/sendmail.cf has been moved to
/usr/lib/sendmail.cf to match HP sendmail.
Permissions have been tightened up on world-writable
:include: files and accounts that have shells
that are not listed in /etc/shells. This may
cause some .forward files that have worked
before to start failing.
SIGUSR1 dumps some state to the log.
NEW FILES:
src/Makefile.DGUX
src/Makefile.Dynix
src/Makefile.FreeBSD
src/Makefile.Mach386
src/Makefile.NetBSD
src/Makefile.RISCos
src/Makefile.SCO
src/Makefile.SVR4
src/Makefile.Titan
cf/mailer/pop.m4
cf/ostype/bsdi1.0.m4
cf/ostype/dgux.m4
cf/ostype/dynix3.2.m4
cf/ostype/sco3.2.m4
makemap/Makefile.dist
praliases/Makefile.dist
8.6.4/8.6.4 1993/10/31
Repair core-dump problem (write to read-only memory segment)
if you fall back to the return-to-Postmaster case in
savemail. Problem reported by Richard Liu.
Immediately diagnose bogus sender addresses in SMTP. This
makes quite certain that crackers can't use this
class of attack.
Reliability Fix: check return value from fclose() and fsync()
in a few critical places.
Minor problem in initsys() that reversed a condition for
redirecting the output channel on queue runs. It's
not clear this code even does anything. From Eric
Wassenaar of the Dutch National Institute for Nuclear
and High-Energy Physics.
Fix some problems that caused queue runs to do "too much work",
such as double-reading the Errors-To: header. From
Eric Wassenaar.
Error messages on writing the temporary file (including the
data file) were getting suppressed in SMTP -- this
fix causes them to be properly reported. From Eric
Wassenaar.
Some changes to support AF_UNIX sockets -- this will only
really become relevant in the next release, but some
people need it for local patches. From Michael
Corrigan of UC San Diego.
Use dynamically allocated memory (instead of static buffers)
for macros defined in initsys() and settime(); since
these can have different values depending on which
envelope they are in. From Eric Wassenaar.
Improve logging to show ctladdr on to= logging; this tells you
what uid/gid processes ran as.
Fix a problem that caused error messages to be discarded if
the sender address was unparseable for some reason;
this was supposed to fall back to the "return to
postmaster" case.
Improve aliaswait backoff algorithm.
Portability patches for Linux (8.6.3 required another header
file) (from Karl London) and SCO UNIX.
CONFIG: patch prog mailer to not strip host name off of envelope
addresses (so that it matches local again). From
Christopher Davis.
CONFIG: change uucp-dom mailer so that "<>" translates to $n;
this prevents uux from seeing lines with null names like
``From Sat Oct 30 14:55:31 1993''. From Motonori
Nakamura of Kyoto University.
CONFIG: handle <list:;> syntax correctly. This isn't legal, but
it shouldn't fail miserably. From Motonori Nakamura.
8.6.2/8.6.2 1993/10/15
Put a "successful delivery" message in the transcript for
addresses that get return-receipts.
Put a prominent "this is only a warning" message in warning
messages -- some people don't read carefully enough
and end up sending the message several times.
Include reason for temporary failure in the "warning" return
message. Currently, it just says "cannot send for
four hours".
Fix the "Original message received" time generated for
returntosender messages. It was previously listed as
the current time. Bug reported by Eric Hagberg of
Cornell University Medical College.
If there is an error when writing the body of a message,
don't send the trailing dot and wait for a response
in sender SMTP, as this could cause the connection to
hang up under some bizarre circumstances. From Eric
Wassenaar.
Fix some server SMTP synchronization problems caused when
connections fail during message collection. From
Eric Wassenaar.
Fix a problem that can cause srvrsmtp to reject mail if the
name server is down -- it accepts the RCPT but rejects
the DATA command. Problem reported by Jim Murray of
Stratus.
Fix a problem that can cause core dumps if the config file
incorrectly resolves to a null hostname. Reported by
Allan Johannesen of WPI.
Non-root use of -C flag, dangerous -f flags, and use of -oQ
by non-root users were not put into
X-Authentication-Warning:s as intended because the
config file hadn't set the PrivacyOptions yet. Fix
from Sven-Ove Westberg of the University of Lulea.
Under very odd circumstances, the alias file rebuild code
could get confused as to whether a database was
open or not.
Check "vendor code" on the end of V lines -- this is
intended to provide a hook for vendor-specific
configuration syntax. (This is a "new feature",
but I've made an exception to my rule in a belief
that this is a highly exceptional case.)
Portability fixes for DG/UX (from Douglas Anderson of NCSC),
SCO Unix (from Murray Kucherawy), A/UX, and OSF/1
(from Jon Forrest of UC Berkeley)
CONFIG: fix ``mailer:host'' form of UUCP relay naming.
8.6.1/8.6 1993/10/08
Portability fixes for A/UX and Encore UMAX V.
Fix error message handling -- if you had a name server down
causing an error during parsing, that message was never
propagated to the queue file.
8.6/8.6 1993/10/05
Configuration cleanup: make it easier to undo IDENTPROTO in
conf.h (other systems have the same bug).
If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume
getdtablesize() instead of sysconf(); a disturbingly
large number of systems defined _SC_OPEN_MAX in the
header files but don't have the syscall.
Another patch to really truly ignore MX records in getcanonname
if trymx == FALSE.
Fix problem that caused the "250 IAA25499 Message accepted for
delivery" message to be omitted if there was an error
in the header of the message (e.g., a bad Errors-To:
line). Pointed out by Michael Corrigan of UCSD.
Announce name of host we are chatting when we get errors; this
is an IDA-ism suggested by Christophe Wolfhugel.
Portability fixes for Alpha OSF/1 (from Anthony Baxter of the
Australian Artificial Intelligence Institute), SCO Unix
(from Murray Kucherawy of Hookup Communication Corp.),
NeXT (from Vince DeMarco and myself), Linux (from
Karl London <karl@borg.demon.co.uk>), BSDI (from
Christophe Wolfhugel, and SVR4 on Dell (from Kimmo
Suominen), AUX 3.0 on Macintosh, and ANSI C compilers.
Some changes to get around gcc optimizer bugs. From Takahiro
Kanbe.
Fix error recovery in queueup if another tf file of the same
name already exists. Problem stumbled over by Bill
Wisner of The Well.
Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes.
Problem noted by Keith McMillan of Ameritech Services.
Deal with group permissions properly when opening .forward and
:include: files. This relaxes the 8.1C restrictions
slightly more. This includes proper setting of groups
when reading :include: files, allowing you to read some
files that you should be able to read but have previously
been denied unless you owned them or they had "other"
read permission.
Make certain that $j is in $=w (after the .cf is read) so that
if the user is forced to override some silly system,
MX suppression will still work.
Fix a couple of efficiency problems where newstr was double-
calling expensive routines. In at least one case, it
wasn't guaranteed that they would always return the
same result. Problem noted by Christophe Wolfhugel.
Fix null pointer dereference in putoutmsg -- only on an error
condition from a non-SMTP mailer. From Motonori
Nakamura.
Macro expand "C" line class definitions before scanning so that
"CX $Z" works.
Fix problem that caused error message to be sent while still
trying to send the original message if the connection
is closed during a DATA command after getting an error
on an RCPT command (pretty obscure). Problem reported
by John Myers of CMU.
Fix reply to NOOP to be 250 instead of 200 -- this is a long
term bug.
Fix a nasty bug causing core dumps when returning the "warning:
cannot deliver for N hours -- will keep trying" message;
it only occurred if you had PostmasterCopy set and
only on some architectures. Although sendmail would
keep trying, it would send error messages on each
queue interval. This is an important fix.
Allow u and g options to take user and group names respectively.
Don't do a chdir into the queue directory in -bt mode to make
ruleset testing a bit easier.
Don't allow users to turn off logging (using -oL) on the command
line -- command line can only raise, not lower, logging
level.
Set $u to the original recipient on the SMTP transaction or on
the command line. This is only done if there is exactly
one recipient. Technically, this does not meet the
specs, because it does not guarantee a domain on the
address.
Fix a problem that dumped error messages on bad addresses if
you used the -t flag. Problem noted by Josh Smith of
Harvey Mudd College.
Given an address such as ``<foo> <bar>'', auto-quote the first
``<foo>'' part, giving ``"<foo>" <bar>''. This is to
avoid the problem of people who use angle brackets in
their full name information.
Fix a null pointer dereference if you set option "l", have
an Errors-To: header in the message, and have Errors-To:
defined in the config file H lines. From J.R. Oldroyd.
Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get
wrong when compiling. Suggested by Rick McCarty of TI.
Fix a problem that could pass negative SIZE parameter if the
df file got lost; this would cause servers to always
give a temporary failure, making the problem even worse.
Problem noted by Allan Johannesen of WPI.
Add "ident" timeout (one of the "r" option selectors) for IDENT
protocol timeouts (30s default). Requested by Murray
Kucherawy of HookUp Communication Corp. to handle bogus
PC TCP/IP implementations.
Change $w default definition to be just the first component of
the domain name on config level 5. The $j macro defaults
to the FQDN; $m remains as before. This lets well-behaved
config files use any of the short, long, or subdomain
names.
Add makesendmail script in src to try to automate multi-architecture
builds. I know, this is sub-optimal, but it is still
helpful.
Fix very obscure race condition that can cause a queue run to
get a queue file for an already completed job. This
problem has existed for years. Problem noted by the
long suffering Allan Johannesen of WPI.
Fix a problem that caused the raw sender name to be passed to
udbsender instead of the canonified name -- this caused
it to sometimes miss records that it should have found.
Relax check of name on HELO packet so that a program using -bs
that claims to be itself works properly.
Restore rewriting of $: part of address through 2, R, 4 in
buildaddr -- this requires passing a lot of flags to get
it right. Unlike old versions, this ONLY rewrites
recipient addresses, not sender addresses.
Fix a bug that caused core dumps in config files that cannot
resolve /file/name style addresses. Fix from Jonathan
Kamens of OpenVision Technologies.
Fix problem with fcntl locking that can cause error returns to
be lost if the lock is lost; this required fully
queueing everything, dropping the envelope (so errors
would get returned), and then re-reading the queue from
scratch.
Fix a problem that caused aliases that redefine an otherwise
true address to still send to the original address
if and only if the alias failed in certain bizarre
ways (e.g, if they pointed at a list:; syntax address).
Problem pointed out by Jonathan Kamens.
Remove support for frozen configuration files. They caused
more trouble than it was worth.
Fix problem that can cause error messages to get ignored when
using both -odb and -t flags. Problem noted by Rob
McNicholas at U.C. Berkeley.
Include all "normal" variations on hostname in $=w. For example,
if the host name is vangogh.cs.berkeley.edu, $=w will
contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu.
Add "restrictqrun" privacy flag -- without this, anyone can run
the queue.
Reset SmtpPhase global on initial connection creation so that
messages don't come out with stale information.
Pass an "ext" argument to lockfile so that error/log messages
will properly reflect the true filename being locked.
Put all [...] address forms into $=w -- this eliminates the need
for MAXIPADDR in conf.h. Suggested by John Gardiner
Myers of CMU.
Fix a bug that can cause qf files to be left around even after
an SMTP RSET command. Problem and fix from Michael
Corrigan.
Don't send a PostmasterCopy to errors when the Precedence: is
negative. Error reports still go to the envelope
sender address.
Add LA_SHORT for load averages.
Lock sendmail.st file when posting statistics.
Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to
set the size of the TCP send and receive buffers; if you
run over a slow slip line you may need to set these down
(although it would be better to fix the SLIP implementation
so that it's not necessary to recompile every program
that does bulk data transfer).
Allow null defaults on $( ... $) lookups. Problem reported by
Amir Plivatsky.
Diagnose crufty S and V config lines. This resulted from an
observation that some people were using the SITE macro
without the SITECONFIG macro first, which was causing
bogus config files that were not caught.
Fix makemap -f flag to turn off case folding (it was turning it
on instead). THIS IS A USER VISIBLE CHANGE!!!
Fix a problem that caused multiple error messages to be sent if
you used "sendmail -t -oem -odb", your system uses fcntl
locking, and one of the recipient addresses is unknown.
Reset uid earlier in include() so that recursive .forwards or
:include:s don't use the wrong uid.
If file descriptor 0, 1, or 2 was closed when sendmail was
called, the code to recover the descriptor was broken.
This sometimes (only sometimes) caused problems with the
alias file. Fix from Motonori Nakamura.
Fix a problem that caused aliaswait to go into infinite recursion
if the @:@ metasymbol wasn't found in the alias file.
Improve error message on newaliases if database files cannot be
opened or if running with no database format defined.
Do a better estimation of the size of error messages when NoReturn
is set. Problem noted by P{r (Pell) Emanuelsson.
Fix a problem causing the "c" option (don't connect to expensive
mailers) to be ignored in SMTP. Problem noted and the
solution suggested by Robert Elz of The University of
Melbourne.
Improve connection caching algorithm by passing "[host]" to
hostsignature, which strips the square brackets and
returns the real name. This allows mailertable entries
to match regular entries.
Re-enable Return-Receipt-To: -- people seem to want this stupid
feature, even if it doesn't work right.
Catch and log attempts to try the "wiz" command in server SMTP.
This also ups the log level from LOG_NOTICE to LOG_CRIT.
Be more generous at assigning $z to the home directory -- do this
for programs that are specified through a .forward file.
Fix from Andrew Chang of Sun Microsystems.
Always save a fatal error message in preference to a non-fatal
error message so that the "subject" line of return
messages is the best possible.
CONFIG: reduce the number of quotes needed to quote configuration
parameters with commas: two quotes should work now, e.g.,
define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local'').
CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom
connections (domain-ized UUCP).
CONFIG: fix bug in default maps (-o must be before database file
name). Pointed out by Christophe Wolfhugel.
CONFIG: add FEATURE(nodns) to state that we are not relying on
DNS. This would presumably be used in UUCP islands.
CONFIG: add OSTYPE(nextstep) and OSTYPE(linux).
CONFIG: log $u in Received: line. This is in technical violation
of the standards, since it doesn't guarantee a domain
on the address.
CONFIG: don't assume "m" in local mailer flags -- this means that
if you redefine LOCAL_MAILER_FLAGS you will have to include
the "m" flag should you want it. Apparently some Solaris 2.2
installations can't handle multiple local recipients.
Problem noted by Josh Smith.
CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults).
CONFIG: change default version level from 4 to 5.
CONFIG: add FEATURE(nullclient) to create a config file that
forwards all mail to a hub without ever looking at the
addresses in any detail.
CONFIG: properly strip mailer: information off of relays when
used to change .BITNET form into %-hack form.
CONFIG: fix a problem that caused infinite loops if presented
with an address such as "!foo".
CONFIG: check for self literal (e.g., [128.32.131.12]) even if
the reverse "PTR" mapping is broken. There's a better
way to do this, but the change is fairly major and I
want to hold it for another release. Problem noted by
Bret Marquis.
8.5/8.5 1993/07/23
Serious bug: if you used a command line recipient that was unknown
sendmail would not send a return message (it was treating
everything as though it had an SMTP-style client that
would do the return itself). Problem noted by Josh Smith.
Change "trymx" option in getcanonname() to ignore all MX data,
even during a T_ANY query. This actually didn't break
anything, because the only time you called getcanonname
with !trymx was if you already knew there were no MX
records, but it is somewhat cleaner. From Motonori
Nakamura.
Don't call getcanonname from getmxrr if you already know there
are no DNS records matching the name.
Fix a problem causing error messages to always include "The
original message was received ... from localhost".
The correct original host information is now included.
Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their
version of "test" doesn't have the -x flag). Change it
to use -f instead. From John Myers.
CONFIG: 8.4 mistakenly set the default SMTP-style mailer to
esmtp -- it should be smtp.
CONFIG: send all relayed mail using confRELAY_MAILER (defaults
to "relay" (a variant of "smtp") if MAILER(smtp) is used,
else "suucp" if MAILER(uucp) is used, else "unknown");
this cleans up the configs somewhat. This fixes a serious
problem that caused route-addrs to get mistaken as relays,
pointed out by John Myers. WARNING: this also causes
the default on SMART_HOST to change from "suucp" to
"relay" if you have MAILER(smtp) specified.
8.4/8.4 1993/07/22
Add option `w'. If you receive a message that comes to you because
you are the best (lowest preference) target of an MX, and
you haven't explicitly recognized the source MX host in
your .cf file, this option will cause you to try the target
host directly (as if there were no MX for it at all). If
`w' is not set, this case is a configuration error.
Beware: if `w' is set, senders may get bogus errors like
"message timed out" or "host unknown" for problems that
are really configuration errors. This option is
disrecommended, provided only for compatibility with
UIUC sendmail.
Fix a problem that caused the incoming socket to be left open
when sendmail forks after the DATA command. This caused
calling systems to wait in FIN_WAIT_2 state until the
entire list was processed and the child closed -- a
potentially prodigious amount of time. Problem noted
by Neil Rickert.
Fix problem (created in 6.64) that caused mail sent to multiple
addresses, one of which was a bad address, to completely
suppress the sending of the message. This changes
handling of EF_FATALERRS somewhat, and adds an
EF_GLOBALERRS flag. This also fixes a potential problem
with duplicate error messages if there is a syntax error
in the header of a message that isn't noticed until late
in processing. Original problem pointed out by Josh Smith
of Harvey Mudd College. This release includes quite a bit
of dickering with error handling (see below).
Back out SMTP transaction if MAIL gets nested 501 error. This
will only hurt already-broken software and should help
humans.
Fix a problem that broke aliases when neither NDBM nor NEWDB were
compiled in. It would never read the alias file.
Repair unbalanced `)' and `>' (the "open" versions are already
repaired).
Logging of "done" in dropenvelope() was incorrect: it would
log this even when the queue file still existed. Change
this to only log "done" (at log level 11) when the
queue file is actually removed. From John Myers.
Log "lost connection" in server SMTP at log level 20 if there
is no pending transaction. Some senders just close the
connection rather than sending QUIT.
Fix a bug causing getmxrr to add a dot to the end of unqualified
domains that do not have MX records -- this would cause
the subsequent host name lookup to fail. The problem
only occurred if you had FEATURE(nocanonify) set.
Problem noted by Rick McCarty of Texas Instruments.
Fix invocation of setvbuf when passed a -X flag -- I had
unwittingly used an ANSI C extension, and this caused
core dumps on some machines.
Diagnose self-destructive alias loops on RCPT as well as EXPN.
Previously it just gave an empty send queue, which
then gave either "Need RCPT (recipient)" at the DATA
(confusing, since you had given an RCPT command which
returned 250) or just dropped the email, depending on
whether you were running VERBose mode. Now it usually
diagnoses this case as "aliasing/forwarding loop broken".
Unfortunately, it still doesn't adequately diagnose
some true error conditions.
Add internal concept of "warning messages" using 6xx codes.
These are not reported only to Postmaster. Unbalanced
parens, brackets, and quotes are printed as 653 codes.
They are always mapped to 5xx codes before use in SMTP.
Clean up error messages to tell both the actual address that
failed and the alias they arose from. This makes it
somewhat easier to diagnose problems. Difficulty noted
by Motonori Nakamura.
Fix a problem that inappropriately added a ctladdr to addresses
that shouldn't have had one during a queue run. This
caused error messages to be handled differently during
a queue run than a direct run.
Don't print the qf name and line number if you get errors during
the direct run of the queue from srvrsmtp -- this was
just extra stuff for users to crawl through.
Put command line flags on second line of pid file so you can
auto-restart the daemon with all appropriate arguments.
Use "kill `head -1 /etc/sendmail.pid`" to stop the
daemon, and "eval `tail -1 /etc/sendmail.pid`" to
restart it.
Remove the ``setuid(getuid())'' in main -- this caused the
IDENT daemon to screw up. This required that I change
HASSETEUID to HASSETREUID and complicate the mode
changing somewhat because both Ultrix and SunOS seem
to have a bug causing seteuid() to set the saved uid
as well as the effective. The program test/t_setreuid.c
will test to see if your implementation of setreuid(2)
is appropriately functional.
The FallBackMX (option V) handling failed to properly identify
fallback to yourself -- most of the code was there,
but it wasn't being enabled. Problem noted by Murray
Kucherawy of the University of Waterloo.
Change :include: open timeout from ETIMEDOUT to an internal
code EOPENTIMEOUT; this avoids adding "during SmtpPhase
with CurHostName" in error messages, which can be
confusing. Reported by Jonathan Kamens of OpenVision
Technologies.
Back out setpgrp (setpgid on POSIX systems) call to reset the
process group id. The original fix was to get around
some problems with recalcitrant MUAs, but it breaks
any call from a shell that creates a process group id
different from the process id. I could try to fix
this by diddling the tty owner (using tcsetpgrp or
equivalent) but this is too likely to break other
things.
Portability changes:
Support -M as equivalent to -oM on Ultrix -- apparently
DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs
instead of using standard flags. Oh joy. This
behavior reported by Jon Giltner of University
of Colorado.
SGI IRIX -- this includes several changes that should
help other strict ANSI compilers.
SCO Unix -- from Murray Kucherawy of HookUp Communication
Corporation.
Solaris running the Sun C compiler (which despite the
documentation apparently doesn't define
__STDC__ by default).
ConvexOS from Eric Schnoebelen of Convex.
Sony NEWS workstations and Omron LUNA workstations from
Motonori Nakamura.
CONFIG: add confTRY_NULL_MX_LIST to set option `w'.
CONFIG: delete `C' and `e' from default SMTP mailers flags;
several people have made a good argument that this
creates more problems than it solves (although this
may prove painful in the short run).
CONFIG: generalize all the relays to accept a "mailer:host"
format.
CONFIG: move local processing in ruleset 0 into a new ruleset
98 (8 on old sendmail). Domain literal [a.b.c.d]
addresses are also passed through this ruleset.
CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined,
internet-style addresses would "fall off the end" of
ruleset zero and be interpreted as local -- however,
the angle brackets confused the recursive call.
These are now diagnosed as "Unrecognized host name".
CONFIG: USENET rules weren't included in S0 because of a mistaken
ifdef(`_MAILER_USENET_') instead of
ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik
of SINTEF RUNIT, Oslo.
CONFIG: move up LOCAL_RULE_0 processing so that it happens very
early in ruleset 0; this allows .mc authors to bypass
things like the "short circuit" code for local addresses.
Prompted by a comment by Bill Wisner of The Well.
CONFIG: add confSMTP_MAILER to define the mailer used (smtp or
esmtp) to send SMTP mail. This allows you to default
to esmtp but use a mailertable or other override to
deal with broken servers. This logic was pointed out
to me by Bill Wisner. Ditto for confLOCAL_MAILER.
Changes to cf/sh/makeinfo.sh to make it portable to SVR4
environments. Ugly as sin.
8.3/8.3 1993/07/13
Fix setuid problems introduced in 8.2 that caused messages
like "Cannot create qfXXXXXX: Invalid argument"
or "Cannot reopen dfXXXXXX: Permission denied". This
involved a new compile flag "HASSETEUID" that takes
the place of the old _POSIX_SAVED_IDS -- it turns out
that the POSIX interface is broken enough to break
some systems badly. This includes some fixes for
HP-UX. Also fixes problems where the real uid is
not reset properly on startup (from Neil Rickert).
Fix a problem that caused timed out messages to not report the
addresses that timed out. Error messages are also more
"user friendly".
Drop required bandwidth on connections from 64 bytes/sec to
16 bytes/sec.
Further Solaris portability changes -- doesn't require the BSD
compatibility library. This also adds a new
"HASGETDTABLESIZE" compile flag which can be used if
you want to use getdtablesize(2) instead of sysconf(2).
These are loosely based on changes from David Meyer at
University of Oregon. This now seems to work, at least
for quick test cases.
Fix a problem that can cause duplicate error messages to be
sent if you are in SMTP, you send to multiple addresses,
and at least one of those addresses is good and points
to an account that has a .forward file (whew!).
Fix a problem causing messages to be discarded if checkcompat()
returned EX_TEMPFAIL (because it didn't properly mark
the "to" address). Problem noted by John Myers.
Fix dfopen to return NULL if the open failed; I was depending
on fdopen(-1) returning NULL, which isn't the case. This
isn't serious, but does result in weird error diagnoses.
From Michael Corrigan.
CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of
messages sent through UUCP-family mailers. Suggested
by Bill Wisner of The Well.
CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified,
include a "uucp-dom" mailer that uses domain-style
addressing. Suggested by Bill Wisner.
CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match
LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by
Christophe Wolfhugel.
CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel.
8.2/8.2 1993/07/11
Don't drop out on config file parse errors in -bt mode.
On older configuration files, assume option "l" (use Errors-To
header) for back compatibility. NOTE: this DOES NOT
imply an endorsement of the Errors-To: header in any way.
Accept -x flag on AIX-3 as well as OSF/1. Why, why, why???
Don't log errors on EHLO -- it isn't a "real" error for an old
SMTP server to give an error on this command, and
logging it in the transcript can be confusing. Fix
from Bill Wisner.
IRIX compatibility changes provided by Dan Rich
<drich@sandman.lerc.nasa.gov>.
Solaris 2 compatibility changes. Provided by Bob Cunningham
<bob@kahala.soest.hawaii.edu>, John Oleynick
<juo@klinzhai.rutgers.edu>
Debugging: -d17 was overloaded (hostsignature and usersmtp.c);
move usersmtp (smtpinit and smtpmailfrom) to -d18 to
match the other flags in that file.
Flush transcript before fork in mailfile(). From Eric Wassenaar.
Save h_errno in mci struct and improve error message display.
Changes from Eric Wassenaar.
Open /dev/null for the transcript if the create of the xf file
failed; this avoids at least one possible null pointer
reference in very weird cases. From Eric Wassenaar.
Clean up statistics gathering; it was over-reporting because of
forks. From Eric Wassenaar.
Fix problem that causes old Return-Path: line to override new
Return-Path: line (conf.c needs H_FORCE to avoid
re-using old value). From Motonori Nakamura.
Fix broken -m flag in K definition -- even if -m (match only)
was specified, it would still replace the key with the
value. Noted by Rick McCarty of Texas Instruments.
If the name server timed out over several days, no "timed out"
message would ever be sent back. The timeout code
has been moved from markfailure() to dropenvelope()
so that all such failures should be diagnosed. Pointed
out by Christophe Wolfhugel and others.
Relax safefile() constraints: directories in an include or
forward path must be readable by self if the controlling
user owns the entry, readable by all otherwise (e.g.,
when reading your .forward file, you have to own and
have X permission in it; everyone needs X permission in
the root and directories leading up to your home);
include files must be readable by anyone, but need not
be owned by you.
If _POSIX_SAVED_IDS is defined, setuid to the owner before
reading a .forward file; this gets around some problems
on NFS mounts if root permission is not exported and
the user's home directory isn't x'able.
Additional NeXT portability enhancements from Axel Zinser.
Additional HP-UX portability enhancements from Brian Bullen.
Add a timeout around SMTP message writes; this assumes you can
get throughput of at least 64 bytes/second. Note that
this does not impact the "datafinal" default, which
is separate; this is just intended to work around
network clogs that will occur before the final dot
is sent. From Eric Wassenaar.
Change map code to set the "include null" flag adaptively --
it initially tries both, but if it finds anything
matching without a null it never tries again with a
null and vice versa. If -N is specified, it never
tries without the null and creates new maps with a
null byte. If -O is specified, it never tries with
the null (for efficiency). If -N and -O are specified,
you get -NO (get it?) lookup at all, so this would
be a bad idea. If you don't specify either -N or -O,
it adapts.
Fix recognition of "same from address" so that MH submissions
will insert the appropriate full name information;
this used to work and got broken somewhere along the
way.
Some changes to eliminate some unnecessary SYSERRs in the
log. For example, if you lost a connection, don't
bother reporting that fact on the connection you lost.
Add some "extended debugging" flags to try to track down
why we get occasional problems with file descriptor
one being closed when execing a mailer; it seems to
only happen when there has been another error in the
same transaction. This requires XDEBUG, defined
by default in conf.h.
Add "-X filename" command line flag, which logs both sides of
all SMTP transactions. This is intended ONLY for
debugging bad implementations of other mailers; start
it up, send a message from a mailer that is failing,
and then kill it off and examine the indicated log.
This output is not intended to be particularly human
readable. This also adds the HASSETVBUF compile
flag, defaulted on if your compiler defines __STDC__.
CONFIG: change SMART_HOST to override an SMTP mailer. If you
have a local net that should get direct connects, you
will need to use LOCAL_NET_CONFIG to catch these hosts.
See cf/README for an example.
CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle
sites that don't use the -d flag.
CONFIG: hide recipient addresses as well as sender addresses
behind $M if FEATURE(allmasquerade) is specified; this
has been requested by several people, but can break
local aliases. For example, if you mail to "localalias"
this will be rewritten as "localalias@masqueradehost";
although initial delivery will work, replies will be
broken. Use it sparingly.
CONFIG: add FEATURE(domaintable). This maps unqualified domains
to qualified domains in headers. I believe this is
largely equivalent to the IDA feature of the same name.
CONFIG: use $U as UUCP name instead of $k. This permits you
to override the "system name" as your UUCP name --
in particular, to use domain-ized UUCP names. From
Bill Wisner of The Well.
CONFIG: create new mailer "esmtp" that always tries EHLO
first. This is currently unused in the config files,
but could be used in a mailertable entry.
8.1C/8.1B 1993/06/27
Serious security bug fix: it was possible to read any file on
the system, regardless of ownership and permissions.
If a subroutine returns a fully qualified address, return it
immediately instead of feeding it back into rewriting.
This fixes a problem with mailertable lookups.
CONFIG: fix some M4 frotz (concat => CONCAT)
8.1B/8.1A 1993/06/12
Serious bug fix: pattern matching backup algorithm stepped by
two tokens in classes instead of one. Found by Claus
Assmann at University of Kiel, Germany.
8.1A/8.1A 1993/06/08
Another mailertable fix....
8.1/8.1 1993/06/07
4.4BSD freeze. No semantic changes.
diff --git a/cf/README b/cf/README
index 91e69a918223..983aa2821a1a 100644
--- a/cf/README
+++ b/cf/README
@@ -1,4805 +1,4816 @@
SENDMAIL CONFIGURATION FILES
This document describes the sendmail configuration files. It
explains how to create a sendmail.cf file for use with sendmail.
It also describes how to set options for sendmail which are explained
in the Sendmail Installation and Operation guide (doc/op/op.me).
To get started, you may want to look at tcpproto.mc (for TCP-only
sites) and clientproto.mc (for clusters of clients using a single
mail host), or the generic-*.mc files as operating system-specific
examples.
Table of Content:
INTRODUCTION AND EXAMPLE
A BRIEF INTRODUCTION TO M4
FILE LOCATIONS
OSTYPE
DOMAINS
MAILERS
FEATURES
HACKS
SITE CONFIGURATION
USING UUCP MAILERS
TWEAKING RULESETS
MASQUERADING AND RELAYING
USING LDAP FOR ALIASES, MAPS, AND CLASSES
LDAP ROUTING
ANTI-SPAM CONFIGURATION CONTROL
CONNECTION CONTROL
STARTTLS
SMTP AUTHENTICATION
ADDING NEW MAILERS OR RULESETS
ADDING NEW MAIL FILTERS
QUEUE GROUP DEFINITIONS
NON-SMTP BASED CONFIGURATIONS
WHO AM I?
ACCEPTING MAIL FOR MULTIPLE NAMES
USING MAILERTABLES
USING USERDB TO MAP FULL NAMES
MISCELLANEOUS SPECIAL FEATURES
SECURITY NOTES
TWEAKING CONFIGURATION OPTIONS
MESSAGE SUBMISSION PROGRAM
FORMAT OF FILES AND MAPS
DIRECTORY LAYOUT
ADMINISTRATIVE DETAILS
+--------------------------+
| INTRODUCTION AND EXAMPLE |
+--------------------------+
Configuration files are contained in the subdirectory "cf", with a
suffix ".mc". They must be run through "m4" to produce a ".cf" file.
You must pre-load "cf.m4":
m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
Alternatively, you can simply:
cd ${CFDIR}/cf
./Build config.cf
where ${CFDIR} is the root of the cf directory and config.mc is the
name of your configuration file. If you are running a version of M4
that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
this, but the versions distributed with 4.4BSD and derivatives do not)
or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example:
m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
Let's examine a typical .mc file:
divert(-1)
#
# Copyright (c) 1998-2005 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
# This is a Berkeley-specific configuration file for HP-UX 9.x.
# It applies only to the Computer Science Division at Berkeley,
# and should not be used elsewhere. It is provided on the sendmail
# distribution as a sample only. To create your own configuration
# file, create an appropriate domain file in ../domain, change the
# `DOMAIN' macro below to reference that file, and copy the result
# to a name of your own choosing.
#
divert(0)
The divert(-1) will delete the crud in the resulting output file.
The copyright notice can be replaced by whatever your lawyers require;
our lawyers require the one that is included in these files. A copyleft
is a copyright by another name. The divert(0) restores regular output.
VERSIONID(`<SCCS or RCS version id>')
VERSIONID is a macro that stuffs the version information into the
resulting file. You could use SCCS, RCS, CVS, something else, or
omit it completely. This is not the same as the version id included
in SMTP greeting messages -- this is defined in m4/version.m4.
OSTYPE(`hpux9')dnl
You must specify an OSTYPE to properly configure things such as the
pathname of the help and status files, the flags needed for the local
mailer, and other important things. If you omit it, you will get an
error when you try to build the configuration. Look at the ostype
directory for the list of known operating system types.
DOMAIN(`CS.Berkeley.EDU')dnl
This example is specific to the Computer Science Division at Berkeley.
You can use "DOMAIN(`generic')" to get a sufficiently bland definition
that may well work for you, or you can create a customized domain
definition appropriate for your environment.
MAILER(`local')
MAILER(`smtp')
These describe the mailers used at the default CS site. The local
mailer is always included automatically. Beware: MAILER declarations
should only be followed by LOCAL_* sections. The general rules are
that the order should be:
VERSIONID
OSTYPE
DOMAIN
FEATURE
local macro definitions
MAILER
LOCAL_CONFIG
LOCAL_RULE_*
LOCAL_RULESETS
There are a few exceptions to this rule. Local macro definitions which
influence a FEATURE() should be done before that feature. For example,
a define(`PROCMAIL_MAILER_PATH', ...) should be done before
FEATURE(`local_procmail').
*******************************************************************
*** BE SURE YOU CUSTOMIZE THESE FILES! They have some ***
*** Berkeley-specific assumptions built in, such as the name ***
*** of their UUCP-relay. You'll want to create your own ***
*** domain description, and use that in place of ***
*** domain/Berkeley.EDU.m4. ***
*******************************************************************
Note:
Some rulesets, features, and options are only useful if the sendmail
binary has been compiled with the appropriate options, e.g., the
ruleset tls_server is only invoked if sendmail has been compiled
with STARTTLS. This is usually obvious from the context and hence
not further specified here.
There are also so called "For Future Releases" (FFR) compile time
options which might be included in a subsequent version or might
simply be removed as they turned out not to be really useful.
These are generally not documented but if they are, then the required
compile time options are listed in doc/op/op.* for rulesets and
macros, and for mc/cf specific options they are usually listed here.
In addition to compile time options for the sendmail binary, there
can also be FFRs for mc/cf which in general can be enabled when the
configuration file is generated by defining them at the top of your
.mc file:
define(`_FFR_NAME_HERE', 1)
+----------------------------+
| A BRIEF INTRODUCTION TO M4 |
+----------------------------+
Sendmail uses the M4 macro processor to ``compile'' the configuration
files. The most important thing to know is that M4 is stream-based,
that is, it doesn't understand about lines. For this reason, in some
places you may see the word ``dnl'', which stands for ``delete
through newline''; essentially, it deletes all characters starting
at the ``dnl'' up to and including the next newline character. In
most cases sendmail uses this only to avoid lots of unnecessary
blank lines in the output.
Other important directives are define(A, B) which defines the macro
``A'' to have value ``B''. Macros are expanded as they are read, so
one normally quotes both values to prevent expansion. For example,
define(`SMART_HOST', `smart.foo.com')
One word of warning: M4 macros are expanded even in lines that appear
to be comments. For example, if you have
# See FEATURE(`foo') above
it will not do what you expect, because the FEATURE(`foo') will be
expanded. This also applies to
# And then define the $X macro to be the return address
because ``define'' is an M4 keyword. If you want to use them, surround
them with directed quotes, `like this'.
Since m4 uses single quotes (opening "`" and closing "'") to quote
arguments, those quotes can't be used in arguments. For example,
it is not possible to define a rejection message containing a single
quote. Usually there are simple workarounds by changing those
messages; in the worst case it might be ok to change the value
directly in the generated .cf file, which however is not advised.
Notice:
-------
This package requires a post-V7 version of m4; if you are running the
4.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or
BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works.
Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
Net/2 or GNU version. GNU m4 is available from
ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU
m4 on this platform.
+----------------+
| FILE LOCATIONS |
+----------------+
sendmail 8.9 has introduced a new configuration directory for sendmail
related files, /etc/mail. The new files available for sendmail 8.9 --
the class {R} /etc/mail/relay-domains and the access database
/etc/mail/access -- take advantage of this new directory. Beginning with
8.10, all files will use this directory by default (some options may be
set by OSTYPE() files). This new directory should help to restore
uniformity to sendmail's file locations.
Below is a table of some of the common changes:
Old filename New filename
------------ ------------
/etc/bitdomain /etc/mail/bitdomain
/etc/domaintable /etc/mail/domaintable
/etc/genericstable /etc/mail/genericstable
/etc/uudomain /etc/mail/uudomain
/etc/virtusertable /etc/mail/virtusertable
/etc/userdb /etc/mail/userdb
/etc/aliases /etc/mail/aliases
/etc/sendmail/aliases /etc/mail/aliases
/etc/ucbmail/aliases /etc/mail/aliases
/usr/adm/sendmail/aliases /etc/mail/aliases
/usr/lib/aliases /etc/mail/aliases
/usr/lib/mail/aliases /etc/mail/aliases
/usr/ucblib/aliases /etc/mail/aliases
/etc/sendmail.cw /etc/mail/local-host-names
/etc/mail/sendmail.cw /etc/mail/local-host-names
/etc/sendmail/sendmail.cw /etc/mail/local-host-names
/etc/sendmail.ct /etc/mail/trusted-users
/etc/sendmail.oE /etc/mail/error-header
/etc/sendmail.hf /etc/mail/helpfile
/etc/mail/sendmail.hf /etc/mail/helpfile
/usr/ucblib/sendmail.hf /etc/mail/helpfile
/etc/ucbmail/sendmail.hf /etc/mail/helpfile
/usr/lib/sendmail.hf /etc/mail/helpfile
/usr/share/lib/sendmail.hf /etc/mail/helpfile
/usr/share/misc/sendmail.hf /etc/mail/helpfile
/share/misc/sendmail.hf /etc/mail/helpfile
/etc/service.switch /etc/mail/service.switch
/etc/sendmail.st /etc/mail/statistics
/etc/mail/sendmail.st /etc/mail/statistics
/etc/mailer/sendmail.st /etc/mail/statistics
/etc/sendmail/sendmail.st /etc/mail/statistics
/usr/lib/sendmail.st /etc/mail/statistics
/usr/ucblib/sendmail.st /etc/mail/statistics
Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
to create the pathnames. The default value of this variable is
`/etc/mail/'. If you set this macro to a different value, you MUST include
a trailing slash.
Notice: all filenames used in a .mc (or .cf) file should be absolute
(starting at the root, i.e., with '/'). Relative filenames most
likely cause surprises during operations (unless otherwise noted).
+--------+
| OSTYPE |
+--------+
You MUST define an operating system environment, or the configuration
file build will puke. There are several environments available; look
at the "ostype" directory for the current list. This macro changes
things like the location of the alias file and queue directory. Some
of these files are identical to one another.
It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
In general, the OSTYPE macro should go immediately after any version
information, and MAILER definitions should always go last.
Operating system definitions are usually easy to write. They may define
the following variables (everything defaults, so an ostype file may be
empty). Unfortunately, the list of configuration-supported systems is
not as broad as the list of source-supported systems, since many of
the source contributors do not include corresponding ostype files.
ALIAS_FILE [/etc/mail/aliases] The location of the text version
of the alias file(s). It can be a comma-separated
list of names (but be sure you quote values with
commas in them -- for example, use
define(`ALIAS_FILE', `a,b')
to get "a" and "b" both listed as alias files;
otherwise the define() primitive only sees "a").
HELP_FILE [/etc/mail/helpfile] The name of the file
containing information printed in response to
the SMTP HELP command.
QUEUE_DIR [/var/spool/mqueue] The directory containing
queue files. To use multiple queues, supply
a value ending with an asterisk. For
example, /var/spool/mqueue/qd* will use all of the
directories or symbolic links to directories
beginning with 'qd' in /var/spool/mqueue as queue
directories. The names 'qf', 'df', and 'xf' are
reserved as specific subdirectories for the
corresponding queue file types as explained in
doc/op/op.me. See also QUEUE GROUP DEFINITIONS.
MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing
queue files for the MSP (Mail Submission Program,
see sendmail/SECURITY).
STATUS_FILE [/etc/mail/statistics] The file containing status
information.
LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The
flags lsDFMAw5:/|@q are always included.
LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local
mail.
LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local
mail that you are willing to accept.
LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of
messages to deliver in a single connection. Only
useful for LMTP local mailers.
LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to the
local mailer and which are converted to MIME will be
labeled with this character set.
LOCAL_MAILER_EOL [undefined] If defined, the string to use as the
end of line for the local mailer.
LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
[X-Unix] The DSN Diagnostic-Code value for the
local mailer. This should be changed with care.
LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email.
LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The
flags lsDFM are always included.
LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
mail.
LOCAL_SHELL_DIR [$z:/] The directory search path in which the
shell should run.
LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer.
USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program
used to submit news.
USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer.
USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
usenet mailer. NOTE: Some versions of inews
(such as those shipped with newer versions of INN)
use different flags. Double check the defaults
against the inews man page.
USENET_MAILER_MAX [undefined] The maximum size of messages that will
be accepted by the usenet mailer.
USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer.
SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
flags are `mDFMuX' for all SMTP-based mailers; the
"esmtp" mailer adds `a'; "smtp8" adds `8'; and
"dsmtp" adds `%'.
RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default
flags are `mDFMuX' for all SMTP-based mailers; the
relay mailer adds `a8'. If this is not defined,
then SMTP_MAILER_FLAGS is used.
SMTP_MAILER_MAX [undefined] The maximum size of messages that will
be transported using the smtp, smtp8, esmtp, or dsmtp
mailers.
SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
messages to deliver in a single connection for the
smtp, smtp8, esmtp, or dsmtp mailers.
SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
- recipients to deliver in a single connection for the
+ recipients to deliver in a single envelope for the
smtp, smtp8, esmtp, or dsmtp mailers.
SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
About the only reason you would want to change this
would be to change the default port.
ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer.
SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer.
DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer.
RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer.
SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer.
ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer.
SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer.
DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer.
RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer.
RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of
messages to deliver in a single connection for the
relay mailer.
SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to one of
the SMTP mailers and which are converted to MIME will
be labeled with this character set.
RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to the
relay mailers and which are converted to MIME will
be labeled with this character set.
SMTP_MAILER_LL [990] The maximum line length for SMTP mailers
(except the relay mailer).
RELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail.
UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default
flags are `DFMhuU' (and `m' for uucp-new mailer,
minus `U' for uucp-dom mailer).
UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
passed to the UUCP mailer.
UUCP_MAILER_MAX [100000] The maximum size message accepted for
transmission by the UUCP mailers.
UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to one of
the UUCP mailers and which are converted to MIME will
be labeled with this character set.
UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers.
FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to
submit FAX messages.
FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX
mailer.
FAX_MAILER_MAX [100000] The maximum size message accepted for
transmission by FAX.
POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer.
POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq
are always added.
POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer.
POP_MAILER_QGRP [undefined] The queue group for the pop mailer.
PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
program. This is also used by
FEATURE(`local_procmail').
PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags
DFM are always set. This is NOT used by
FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
instead.
PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
the Procmail mailer. This is NOT used by
FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
instead.
PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
will be accepted by the procmail mailer.
PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer.
MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer.
MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer.
MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11
mailer.
MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer.
PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery
program.
PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM
are always set.
PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
PH_MAILER_QGRP [undefined] The queue group for the ph mailer.
CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The
flags lsDFMnPq are always included.
CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver
cyrus mail.
CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed
to deliver cyrus mail.
CYRUS_MAILER_MAX [undefined] If set, the maximum size message that
will be accepted by the cyrus mailer.
CYRUS_MAILER_USER [cyrus:mail] The user and group to become when
running the cyrus mailer.
CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer.
CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer.
The flags lsDFMnP are always included.
CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
to deliver cyrusbb mail.
CYRUSV2_MAILER_FLAGS [A@/:|m] The flags used by the cyrusv2 mailer. The
flags lsDFMnqXz are always included.
CYRUSV2_MAILER_MAXMSGS [undefined] If defined, the maximum number of
messages to deliver in a single connection for the
cyrusv2 mailer.
CYRUSV2_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
recipients to deliver in a single connection for the
cyrusv2 mailer.
CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed
to the cyrusv2 mailer. This can be used to
change the name of the Unix domain socket, or
to switch to delivery via TCP (e.g., `TCP $h lmtp')
CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer.
CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to one the
Cyrus mailer and which are converted to MIME will
be labeled with this character set.
confEBINDIR [/usr/libexec] The directory for executables.
Currently used for FEATURE(`local_lmtp') and
FEATURE(`smrsh').
QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer.
QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver
qpage mail.
QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed
to deliver qpage mail.
QPAGE_MAILER_MAX [4096] If set, the maximum size message that
will be accepted by the qpage mailer.
QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer.
LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer.
Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part
of the macro Name_MAILER_FLAGS (note: that means Name is entirely in
upper case) and change can be: flags that should be used directly
(thus overriding the default value), or if it starts with `+' (`-')
then those flags are added to (removed from) the default value.
Example:
MODIFY_MAILER_FLAGS(`LOCAL', `+e')
will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are
several smtp mailers all of which are manipulated individually.
See the section MAILERS for the available mailer names.
WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
unconditionally, i.e., without respecting any definitions in an
OSTYPE setting.
+---------+
| DOMAINS |
+---------+
You will probably want to collect domain-dependent defines into one
file, referenced by the DOMAIN macro. For example, the Berkeley
domain file includes definitions for several internal distinguished
hosts:
UUCP_RELAY The host that will accept UUCP-addressed email.
If not defined, all UUCP sites must be directly
connected.
BITNET_RELAY The host that will accept BITNET-addressed email.
If not defined, the .BITNET pseudo-domain won't work.
DECNET_RELAY The host that will accept DECNET-addressed email.
If not defined, the .DECNET pseudo-domain and addresses
of the form node::user will not work.
FAX_RELAY The host that will accept mail to the .FAX pseudo-domain.
The "fax" mailer overrides this value.
LOCAL_RELAY The site that will handle unqualified names -- that
is, names without an @domain extension.
Normally MAIL_HUB is preferred for this function.
LOCAL_RELAY is mostly useful in conjunction with
FEATURE(`stickyhost') -- see the discussion of
stickyhost below. If not set, they are assumed to
belong on this machine. This allows you to have a
central site to store a company- or department-wide
alias database. This only works at small sites,
and only with some user agents.
LUSER_RELAY The site that will handle lusers -- that is, apparently
local names that aren't local accounts or aliases. To
specify a local user instead of a site, set this to
``local:username''.
Any of these can be either ``mailer:hostname'' (in which case the
mailer is the internal mailer name, such as ``uucp-new'' and the hostname
is the name of the host as appropriate for that mailer) or just a
``hostname'', in which case a default mailer type (usually ``relay'',
a variant on SMTP) is used. WARNING: if you have a wildcard MX
record matching your domain, you probably want to define these to
have a trailing dot so that you won't get the mail diverted back
to yourself.
The domain file can also be used to define a domain name, if needed
(using "DD<domain>") and set certain site-wide features. If all hosts
at your site masquerade behind one email name, you could also use
MASQUERADE_AS here.
You do not have to define a domain -- in particular, if you are a
single machine sitting off somewhere, it is probably more work than
it's worth. This is just a mechanism for combining "domain dependent
knowledge" into one place.
+---------+
| MAILERS |
+---------+
There are fewer mailers supported in this version than the previous
version, owing mostly to a simpler world. As a general rule, put the
MAILER definitions last in your .mc file.
local The local and prog mailers. You will almost always
need these; the only exception is if you relay ALL
your mail to another site. This mailer is included
automatically.
smtp The Simple Mail Transport Protocol mailer. This does
not hide hosts behind a gateway or another other
such hack; it assumes a world where everyone is
running the name server. This file actually defines
five mailers: "smtp" for regular (old-style) SMTP to
other servers, "esmtp" for extended SMTP to other
servers, "smtp8" to do SMTP to other servers without
converting 8-bit data to MIME (essentially, this is
your statement that you know the other end is 8-bit
clean even if it doesn't say so), "dsmtp" to do on
demand delivery, and "relay" for transmission to the
RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
defines two mailers, "uucp-old" (a.k.a. "uucp") and
"uucp-new" (a.k.a. "suucp"). The latter is for when you
know that the UUCP mailer at the other end can handle
multiple recipients in one transfer. If the smtp mailer
is included in your configuration, two other mailers
("uucp-dom" and "uucp-uudom") are also defined [warning: you
MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you
include the uucp mailer, sendmail looks for all names in
class {U} and sends them to the uucp-old mailer; all
names in class {Y} are sent to uucp-new; and all
names in class {Z} are sent to uucp-uudom. Note that
this is a function of what version of rmail runs on
the receiving end, and hence may be out of your control.
See the section below describing UUCP mailers in more
detail.
usenet Usenet (network news) delivery. If this is specified,
an extra rule is added to ruleset 0 that forwards all
local email for users named ``group.usenet'' to the
``inews'' program. Note that this works for all groups,
and may be considered a security problem.
fax Facsimile transmission. This is experimental and based
on Sam Leffler's HylaFAX software. For more information,
see http://www.hylafax.org/.
pop Post Office Protocol.
procmail An interface to procmail (does not come with sendmail).
This is designed to be used in mailertables. For example,
a common question is "how do I forward all mail for a given
domain to a single person?". If you have this mailer
defined, you could set up a mailertable reading:
host.com procmail:/etc/procmailrcs/host.com
with the file /etc/procmailrcs/host.com reading:
:0 # forward mail for host.com
! -oi -f $1 person@other.host
This would arrange for (anything)@host.com to be sent
to person@other.host. In a procmail script, $1 is the
name of the sender and $2 is the name of the recipient.
If you use this with FEATURE(`local_procmail'), the FEATURE
should be listed first.
Of course there are other ways to solve this particular
problem, e.g., a catch-all entry in a virtusertable.
mail11 The DECnet mail11 mailer, useful only if you have the mail11
program from gatekeeper.dec.com:/pub/DEC/gwtools (and
DECnet, of course). This is for Phase IV DECnet support;
if you have Phase V at your site you may have additional
problems.
phquery The phquery program. This is somewhat counterintuitively
referenced as the "ph" mailer internally. It can be used
to do CCSO name server lookups. The phquery program, which
this mailer uses, is distributed with the ph client.
cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
a local cyrus user. this mailer can make use of the
"user+detail@local.host" syntax (see
FEATURE(`preserve_local_plus_detail')); it will deliver the
mail to the user's "detail" mailbox if the mailbox's ACL
permits. The cyrusbb mailer delivers to a system-wide
cyrus mailbox if the mailbox's ACL permits. The cyrus
mailer must be defined after the local mailer.
cyrusv2 The mailer for Cyrus v2.x. The cyrusv2 mailer delivers to
local cyrus users via LMTP. This mailer can make use of the
"user+detail@local.host" syntax (see
FEATURE(`preserve_local_plus_detail')); it will deliver the
mail to the user's "detail" mailbox if the mailbox's ACL
permits. The cyrusv2 mailer must be defined after the
local mailer.
qpage A mailer for QuickPage, a pager interface. See
http://www.qpage.org/ for further information.
The local mailer accepts addresses of the form "user+detail", where
the "+detail" is not used for mailbox matching but is available
to certain local mail programs (in particular, see
FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and
"eric+sww" all indicate the same user, but additional arguments <null>,
"sendmail", and "sww" may be provided for use in sorting mail.
+----------+
| FEATURES |
+----------+
Special features can be requested using the "FEATURE" macro. For
example, the .mc line:
FEATURE(`use_cw_file')
tells sendmail that you want to have it read an /etc/mail/local-host-names
file to get values for class {w}. A FEATURE may contain up to 9
optional parameters -- for example:
FEATURE(`mailertable', `dbm /usr/lib/mailertable')
The default database map type for the table features can be set with
define(`DATABASE_MAP_TYPE', `dbm')
which would set it to use ndbm databases. The default is the Berkeley DB
hash database format. Note that you must still declare a database map type
if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
if no argument is given for the FEATURE. It must be specified before any
feature that uses a map.
Also, features which can take a map definition as an argument can also take
the special keyword `LDAP'. If that keyword is used, the map will use the
LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
CLASSES'' section below.
Available features are:
use_cw_file Read the file /etc/mail/local-host-names file to get
alternate names for this host. This might be used if you
were on a host that MXed for a dynamic set of other hosts.
If the set is static, just including the line "Cw<name1>
<name2> ..." (where the names are fully qualified domain
names) is probably superior. The actual filename can be
overridden by redefining confCW_FILE.
use_ct_file Read the file /etc/mail/trusted-users file to get the
names of users that will be ``trusted'', that is, able to
set their envelope from address using -f without generating
a warning message. The actual filename can be overridden
by redefining confCT_FILE.
redirect Reject all mail addressed to "address.REDIRECT" with
a ``551 User has moved; please try <address>'' message.
If this is set, you can alias people who have left
to their new address with ".REDIRECT" appended.
nouucp Don't route UUCP addresses. This feature takes one
parameter:
`reject': reject addresses which have "!" in the local
part unless it originates from a system
that is allowed to relay.
`nospecial': don't do anything special with "!".
Warnings: 1. See the notice in the anti-spam section.
2. don't remove "!" from OperatorChars if `reject' is
given as parameter.
nopercenthack Don't treat % as routing character. This feature takes one
parameter:
`reject': reject addresses which have % in the local
part unless it originates from a system
that is allowed to relay.
`nospecial': don't do anything special with %.
Warnings: 1. See the notice in the anti-spam section.
2. Don't remove % from OperatorChars if `reject' is
given as parameter.
nocanonify Don't pass addresses to $[ ... $] for canonification
by default, i.e., host/domain names are considered canonical,
except for unqualified names, which must not be used in this
mode (violation of the standard). It can be changed by
setting the DaemonPortOptions modifiers (M=). That is,
FEATURE(`nocanonify') will be overridden by setting the
'c' flag. Conversely, if FEATURE(`nocanonify') is not used,
it can be emulated by setting the 'C' flag
(DaemonPortOptions=Modifiers=C). This would generally only
be used by sites that only act as mail gateways or which have
user agents that do full canonification themselves. You may
also want to use
"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
the usual resolver options that do a similar thing.
An exception list for FEATURE(`nocanonify') can be
specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
i.e., a list of domains which are nevertheless passed to
$[ ... $] for canonification. This is useful to turn on
canonification for local domains, e.g., use
CANONIFY_DOMAIN(`my.domain my') to canonify addresses
which end in "my.domain" or "my".
Another way to require canonification in the local
domain is CANONIFY_DOMAIN(`$=m').
A trailing dot is added to addresses with more than
one component in it such that other features which
expect a trailing dot (e.g., virtusertable) will
still work.
If `canonify_hosts' is specified as parameter, i.e.,
FEATURE(`nocanonify', `canonify_hosts'), then
addresses which have only a hostname, e.g.,
<user@host>, will be canonified (and hopefully fully
qualified), too.
stickyhost This feature is sometimes used with LOCAL_RELAY,
although it can be used for a different effect with
MAIL_HUB.
When used without MAIL_HUB, email sent to
"user@local.host" are marked as "sticky" -- that
is, the local addresses aren't matched against UDB,
don't go through ruleset 5, and are not forwarded to
the LOCAL_RELAY (if defined).
With MAIL_HUB, mail addressed to "user@local.host"
is forwarded to the mail hub, with the envelope
address still remaining "user@local.host".
Without stickyhost, the envelope would be changed
to "user@mail_hub", in order to protect against
mailing loops.
mailertable Include a "mailer table" which can be used to override
routing for particular domains (which are not in class {w},
i.e. local host names). The argument of the FEATURE may be
the key definition. If none is specified, the definition
used is:
hash /etc/mail/mailertable
Keys in this database are fully qualified domain names
or partial domains preceded by a dot -- for example,
"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a
special case of the latter, "." matches any domain not
covered by other keys. Values must be of the form:
mailer:domain
where "mailer" is the internal mailer name, and "domain"
is where to send the message. These maps are not
reflected into the message header. As a special case,
the forms:
local:user
will forward to the indicated user using the local mailer,
local:
will forward to the original user in the e-mail address
using the local mailer, and
error:code message
error:D.S.N:code message
will give an error message with the indicated SMTP reply
code and message, where D.S.N is an RFC 1893 compliant
error code.
domaintable Include a "domain table" which can be used to provide
domain name mapping. Use of this should really be
limited to your own domains. It may be useful if you
change names (e.g., your company changes names from
oldname.com to newname.com). The argument of the
FEATURE may be the key definition. If none is specified,
the definition used is:
hash /etc/mail/domaintable
The key in this table is the domain name; the value is
the new (fully qualified) domain. Anything in the
domaintable is reflected into headers; that is, this
is done in ruleset 3.
bitdomain Look up bitnet hosts in a table to try to turn them into
internet addresses. The table can be built using the
bitdomain program contributed by John Gardiner Myers.
The argument of the FEATURE may be the key definition; if
none is specified, the definition used is:
hash /etc/mail/bitdomain
Keys are the bitnet hostname; values are the corresponding
internet hostname.
uucpdomain Similar feature for UUCP hosts. The default map definition
is:
hash /etc/mail/uudomain
At the moment there is no automagic tool to build this
database.
always_add_domain
Include the local host domain even on locally delivered
mail. Normally it is not added on unqualified names.
However, if you use a shared message store but do not use
the same user name space everywhere, you may need the host
name on local names. An optional argument specifies
another domain to be added than the local.
allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
feature will cause recipient addresses to also masquerade
as being from the masquerade host. Normally they get
the local hostname. Although this may be right for
ordinary users, it can break local aliases. For example,
if you send to "localalias", the originating sendmail will
find that alias and send to all members, but send the
message with "To: localalias@masqueradehost". Since that
alias likely does not exist, replies will fail. Use this
feature ONLY if you can guarantee that the ENTIRE
namespace on your masquerade host supersets all the
local entries.
limited_masquerade
Normally, any hosts listed in class {w} are masqueraded. If
this feature is given, only the hosts listed in class {M} (see
below: MASQUERADE_DOMAIN) are masqueraded. This is useful
if you have several domains with disjoint namespaces hosted
on the same machine.
masquerade_entire_domain
If masquerading is enabled (using MASQUERADE_AS) and
MASQUERADE_DOMAIN (see below) is set, this feature will
cause addresses to be rewritten such that the masquerading
domains are actually entire domains to be hidden. All
hosts within the masquerading domains will be rewritten
to the masquerade name (used in MASQUERADE_AS). For example,
if you have:
MASQUERADE_AS(`masq.com')
MASQUERADE_DOMAIN(`foo.org')
MASQUERADE_DOMAIN(`bar.com')
then *foo.org and *bar.com are converted to masq.com. Without
this feature, only foo.org and bar.com are masqueraded.
NOTE: only domains within your jurisdiction and
current hierarchy should be masqueraded using this.
local_no_masquerade
This feature prevents the local mailer from masquerading even
if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
on addresses of mail going outside the local domain.
masquerade_envelope
If masquerading is enabled (using MASQUERADE_AS) or the
genericstable is in use, this feature will cause envelope
addresses to also masquerade as being from the masquerade
host. Normally only the header addresses are masqueraded.
genericstable This feature will cause unqualified addresses (i.e., without
a domain) and addresses with a domain listed in class {G}
to be looked up in a map and turned into another ("generic")
form, which can change both the domain name and the user name.
Notice: if you use an MSP (as it is default starting with
8.12), the MTA will only receive qualified addresses from the
MSP (as required by the RFCs). Hence you need to add your
domain to class {G}. This feature is similar to the userdb
functionality. The same types of addresses as for
masquerading are looked up, i.e., only header sender
addresses unless the allmasquerade and/or masquerade_envelope
features are given. Qualified addresses must have the domain
part in class {G}; entries can be added to this class by the
macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
The argument of FEATURE(`genericstable') may be the map
definition; the default map definition is:
hash /etc/mail/genericstable
The key for this table is either the full address, the domain
(with a leading @; the localpart is passed as first argument)
or the unqualified username (tried in the order mentioned);
the value is the new user address. If the new user address
does not include a domain, it will be qualified in the standard
manner, i.e., using $j or the masquerade name. Note that the
address being looked up must be fully qualified. For local
mail, it is necessary to use FEATURE(`always_add_domain')
for the addresses to be qualified.
The "+detail" of an address is passed as %1, so entries like
old+*@foo.org new+%1@example.com
gen+*@foo.org %1@example.com
and other forms are possible.
generics_entire_domain
If the genericstable is enabled and GENERICS_DOMAIN or
GENERICS_DOMAIN_FILE is used, this feature will cause
addresses to be searched in the map if their domain
parts are subdomains of elements in class {G}.
virtusertable A domain-specific form of aliasing, allowing multiple
virtual domains to be hosted on one machine. For example,
if the virtuser table contains:
info@foo.com foo-info
info@bar.com bar-info
joe@bar.com error:nouser 550 No such user here
jax@bar.com error:5.7.0:550 Address invalid
@baz.org jane@example.net
then mail addressed to info@foo.com will be sent to the
address foo-info, mail addressed to info@bar.com will be
delivered to bar-info, and mail addressed to anyone at baz.org
will be sent to jane@example.net, mail to joe@bar.com will
be rejected with the specified error message, and mail to
jax@bar.com will also have a RFC 1893 compliant error code
5.7.0.
The username from the original address is passed
as %1 allowing:
@foo.org %1@example.com
meaning someone@foo.org will be sent to someone@example.com.
Additionally, if the local part consists of "user+detail"
then "detail" is passed as %2 and "+detail" is passed as %3
when a match against user+* is attempted, so entries like
old+*@foo.org new+%2@example.com
gen+*@foo.org %2@example.com
+*@foo.org %1%3@example.com
X++@foo.org Z%3@example.com
@bar.org %1%3
and other forms are possible. Note: to preserve "+detail"
for a default case (@domain) %1%3 must be used as RHS.
There are two wildcards after "+": "+" matches only a non-empty
detail, "*" matches also empty details, e.g., user+@foo.org
matches +*@foo.org but not ++@foo.org. This can be used
to ensure that the parameters %2 and %3 are not empty.
All the host names on the left hand side (foo.com, bar.com,
and baz.org) must be in class {w} or class {VirtHost}. The
latter can be defined by the macros VIRTUSER_DOMAIN or
VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
VIRTUSER_DOMAIN_FILE is used, then the entries of class
{VirtHost} are added to class {R}, i.e., relaying is allowed
to (and from) those domains, which by default includes also
all subdomains (see relay_hosts_only). The default map
definition is:
hash /etc/mail/virtusertable
A new definition can be specified as the second argument of
the FEATURE macro, such as
FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
virtuser_entire_domain
If the virtusertable is enabled and VIRTUSER_DOMAIN or
VIRTUSER_DOMAIN_FILE is used, this feature will cause
addresses to be searched in the map if their domain
parts are subdomains of elements in class {VirtHost}.
ldap_routing Implement LDAP-based e-mail recipient routing according to
the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
This provides a method to re-route addresses with a
domain portion in class {LDAPRoute} to either a
different mail host or a different address. Hosts can
be added to this class using LDAPROUTE_DOMAIN and
LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
MASQUERADE_DOMAIN_FILE, see below).
See the LDAP ROUTING section below for more information.
nullclient This is a special case -- it creates a configuration file
containing nothing but support for forwarding all mail to a
central hub via a local SMTP-based network. The argument
is the name of that hub.
The only other feature that should be used in conjunction
with this one is FEATURE(`nocanonify'). No mailers
should be defined. No aliasing or forwarding is done.
local_lmtp Use an LMTP capable local mailer. The argument to this
feature is the pathname of an LMTP capable mailer. By
default, mail.local is used. This is expected to be the
mail.local which came with the 8.9 distribution which is
LMTP capable. The path to mail.local is set by the
confEBINDIR m4 variable -- making the default
LOCAL_MAILER_PATH /usr/libexec/mail.local.
If a different LMTP capable mailer is used, its pathname
can be specified as second parameter and the arguments
passed to it (A=) as third parameter, e.g.,
FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
i.e., without respecting any definitions in an OSTYPE setting.
local_procmail Use procmail or another delivery agent as the local mailer.
The argument to this feature is the pathname of the
delivery agent, which defaults to PROCMAIL_MAILER_PATH.
Note that this does NOT use PROCMAIL_MAILER_FLAGS or
PROCMAIL_MAILER_ARGS for the local mailer; tweak
LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
specify the appropriate parameters. When procmail is used,
the local mailer can make use of the
"user+indicator@local.host" syntax; normally the +indicator
is just tossed, but by default it is passed as the -a
argument to procmail.
This feature can take up to three arguments:
1. Path to the mailer program
[default: /usr/local/bin/procmail]
2. Argument vector including name of the program
[default: procmail -Y -a $h -d $u]
3. Flags for the mailer [default: SPfhn9]
Empty arguments cause the defaults to be taken.
Note that if you are on a system with a broken
setreuid() call, you may need to add -f $f to the procmail
argument vector to pass the proper sender to procmail.
For example, this allows it to use the maildrop
(http://www.flounder.net/~mrsam/maildrop/) mailer instead
by specifying:
FEATURE(`local_procmail', `/usr/local/bin/maildrop',
`maildrop -d $u')
or scanmails using:
FEATURE(`local_procmail', `/usr/local/bin/scanmails')
WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
i.e., without respecting any definitions in an OSTYPE setting.
bestmx_is_local Accept mail as though locally addressed for any host that
lists us as the best possible MX record. This generates
additional DNS traffic, but should be OK for low to
medium traffic hosts. The argument may be a set of
domains, which will limit the feature to only apply to
these domains -- this will reduce unnecessary DNS
traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
WILDCARD MX RECORDS!!! If you have a wildcard MX record
that matches your domain, you cannot use this feature.
smrsh Use the SendMail Restricted SHell (smrsh) provided
with the distribution instead of /bin/sh for mailing
to programs. This improves the ability of the local
system administrator to control what gets run via
e-mail. If an argument is provided it is used as the
pathname to smrsh; otherwise, the path defined by
confEBINDIR is used for the smrsh binary -- by default,
/usr/libexec/smrsh is assumed.
promiscuous_relay
By default, the sendmail configuration files do not permit
mail relaying (that is, accepting mail from outside your
local host (class {w}) and sending it to another host than
your local host). This option sets your site to allow
mail relaying from any site to any site. In almost all
cases, it is better to control relaying more carefully
with the access map, class {R}, or authentication. Domains
can be added to class {R} by the macros RELAY_DOMAIN or
RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
MASQUERADE_DOMAIN_FILE, see below).
relay_entire_domain
This option allows any host in your domain as defined by
class {m} to use your server for relaying. Notice: make
sure that your domain is not just a top level domain,
e.g., com. This can happen if you give your host a name
like example.com instead of host.example.com.
relay_hosts_only
By default, names that are listed as RELAY in the access
db and class {R} are treated as domain names, not host names.
For example, if you specify ``foo.com'', then mail to or
from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
will all be accepted for relaying. This feature changes
the behaviour to look up individual host names only.
relay_based_on_MX
Turns on the ability to allow relaying based on the MX
records of the host portion of an incoming recipient; that
is, if an MX record for host foo.com points to your site,
you will accept and relay mail addressed to foo.com. See
description below for more information before using this
feature. Also, see the KNOWNBUGS entry regarding bestmx
map lookups.
FEATURE(`relay_based_on_MX') does not necessarily allow
routing of these messages which you expect to be allowed,
if route address syntax (or %-hack syntax) is used. If
this is a problem, add entries to the access-table or use
FEATURE(`loose_relay_check').
relay_mail_from
Allows relaying if the mail sender is listed as RELAY in
the access map. If an optional argument `domain' (this
is the literal word `domain', not a placeholder) is given,
relaying can be allowed just based on the domain portion
of the sender address. This feature should only be used if
absolutely necessary as the sender address can be easily
forged. Use of this feature requires the "From:" tag to
be used for the key in the access map; see the discussion
of tags and FEATURE(`relay_mail_from') in the section on
anti-spam configuration control.
relay_local_from
Allows relaying if the domain portion of the mail sender
is a local host. This should only be used if absolutely
necessary as it opens a window for spammers. Specifically,
they can send mail to your mail server that claims to be
from your domain (either directly or via a routed address),
and you will go ahead and relay it out to arbitrary hosts
on the Internet.
accept_unqualified_senders
Normally, MAIL FROM: commands in the SMTP session will be
refused if the connection is a network connection and the
sender address does not include a domain name. If your
setup sends local mail unqualified (i.e., MAIL FROM:<joe>),
you will need to use this feature to accept unqualified
sender addresses. Setting the DaemonPortOptions modifier
'u' overrides the default behavior, i.e., unqualified
addresses are accepted even without this FEATURE.
If this FEATURE is not used, the DaemonPortOptions modifier
'f' can be used to enforce fully qualified addresses.
accept_unresolvable_domains
Normally, MAIL FROM: commands in the SMTP session will be
refused if the host part of the argument to MAIL FROM:
cannot be located in the host name service (e.g., an A or
MX record in DNS). If you are inside a firewall that has
only a limited view of the Internet host name space, this
could cause problems. In this case you probably want to
use this feature to accept all domains on input, even if
they are unresolvable.
access_db Turns on the access database feature. The access db gives
you the ability to allow or refuse to accept mail from
specified domains for administrative reasons. Moreover,
it can control the behavior of sendmail in various situations.
By default, the access database specification is:
hash -T<TMPF> /etc/mail/access
See the anti-spam configuration control section for further
important information about this feature. Notice:
"-T<TMPF>" is meant literal, do not replace it by anything.
-blacklist_recipients
+blocklist_recipients
Turns on the ability to block incoming mail for certain
recipient usernames, hostnames, or addresses. For
example, you can block incoming mail to user nobody,
host foo.mydomain.com, or guest@bar.mydomain.com.
These specifications are put in the access db as
described in the anti-spam configuration control section
later in this document.
delay_checks The rulesets check_mail and check_relay will not be called
when a client connects or issues a MAIL command, respectively.
Instead, those rulesets will be called by the check_rcpt
ruleset; they will be skipped under certain circumstances.
See "Delay all checks" in the anti-spam configuration control
section. Note: this feature is incompatible to the versions
in 8.10 and 8.11.
use_client_ptr If this feature is enabled then check_relay will override
its first argument with $&{client_ptr}. This is useful for
rejections based on the unverified hostname of client,
which turns on the same behavior as in earlier sendmail
versions when delay_checks was not in use. See doc/op/op.*
about check_relay, {client_name}, and {client_ptr}.
dnsbl Turns on rejection, discarding, or quarantining of hosts
found in a DNS based list. The first argument is used as
the domain in which blocked hosts are listed. A second
argument can be used to change the default error message,
or select one of the operations `discard' and `quarantine'.
Without that second argument, the error message will be
Rejected: IP-ADDRESS listed at SERVER
where IP-ADDRESS and SERVER are replaced by the appropriate
information. By default, temporary lookup failures are
ignored. This behavior can be changed by specifying a
third argument, which must be either `t' or a full error
message. See the anti-spam configuration control section for
an example. The dnsbl feature can be included several times
to query different DNS based rejection lists. See also
enhdnsbl for an enhanced version.
Set the DNSBL_MAP mc option to change the default map
definition from `host'. Set the DNSBL_MAP_OPT mc option
to add additional options to the map specification used.
Some DNS based rejection lists cause failures if asked
for AAAA records. If your sendmail version is compiled
with IPv6 support (NETINET6) and you experience this
problem, add
define(`DNSBL_MAP', `dns -R A')
before the first use of this feature. Alternatively you
can use enhdnsbl instead (see below). Moreover, this
statement can be used to reduce the number of DNS retries,
e.g.,
define(`DNSBL_MAP', `dns -R A -r2')
See below (EDNSBL_TO) for an explanation.
enhdnsbl Enhanced version of dnsbl (see above). Further arguments
(up to 5) can be used to specify specific return values
from lookups. Temporary lookup failures are ignored unless
a third argument is given, which must be either `t' or a full
error message. By default, any successful lookup will
generate an error. Otherwise the result of the lookup is
compared with the supplied argument(s), and only if a match
occurs an error is generated. For example,
FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
will reject the e-mail if the lookup returns the value
``127.0.0.2.'', or generate a 451 response if the lookup
temporarily failed. The arguments can contain metasymbols
as they are allowed in the LHS of rules. As the example
shows, the default values are also used if an empty argument,
i.e., `', is specified. This feature requires that sendmail
has been compiled with the flag DNSMAP (see sendmail/README).
Set the EDNSBL_TO mc option to change the DNS retry count
from the default value of 5, this can be very useful when
a DNS server is not responding, which in turn may cause
clients to time out (an entry stating
did not issue MAIL/EXPN/VRFY/ETRN
will be logged).
ratecontrol Enable simple ruleset to do connection rate control
checking. This requires entries in access_db of the form
ClientRate:IP.ADD.RE.SS LIMIT
The RHS specifies the maximum number of connections
(an integer number) over the time interval defined
by ConnectionRateWindowSize, where 0 means unlimited.
Take the following example:
ClientRate:10.1.2.3 4
ClientRate:127.0.0.1 0
ClientRate: 10
10.1.2.3 can only make up to 4 connections, the
general limit it 10, and 127.0.0.1 can make an unlimited
number of connections per ConnectionRateWindowSize.
See also CONNECTION CONTROL.
conncontrol Enable a simple check of the number of incoming SMTP
connections. This requires entries in access_db of the
form
ClientConn:IP.ADD.RE.SS LIMIT
The RHS specifies the maximum number of open connections
(an integer number).
Take the following example:
ClientConn:10.1.2.3 4
ClientConn:127.0.0.1 0
ClientConn: 10
10.1.2.3 can only have up to 4 open connections, the
general limit it 10, and 127.0.0.1 does not have any
explicit limit.
See also CONNECTION CONTROL.
mtamark Experimental support for "Marking Mail Transfer Agents in
Reverse DNS with TXT RRs" (MTAMark), see
draft-stumpf-dns-mtamark-01. Optional arguments are:
1. Error message, default:
550 Rejected: $&{client_addr} not listed as MTA
2. Temporary lookup failures are ignored unless a second
argument is given, which must be either `t' or a full
error message.
3. Lookup prefix, default: _perm._smtp._srv. This should
not be changed unless the draft changes it.
Example:
FEATURE(`mtamark', `', `t')
lookupdotdomain Look up also .domain in the access map. This allows to
match only subdomains. It does not work well with
FEATURE(`relay_hosts_only'), because most lookups for
subdomains are suppressed by the latter feature.
loose_relay_check
Normally, if % addressing is used for a recipient, e.g.
user%site@othersite, and othersite is in class {R}, the
check_rcpt ruleset will strip @othersite and recheck
user@site for relaying. This feature changes that
behavior. It should not be needed for most installations.
authinfo Provide a separate map for client side authentication
information. See SMTP AUTHENTICATION for details.
By default, the authinfo database specification is:
hash /etc/mail/authinfo
preserve_luser_host
Preserve the name of the recipient host if LUSER_RELAY is
used. Without this option, the domain part of the
recipient address will be replaced by the host specified as
LUSER_RELAY. This feature only works if the hostname is
passed to the mailer (see mailer triple in op.me). Note
that in the default configuration the local mailer does not
receive the hostname, i.e., the mailer triple has an empty
hostname.
preserve_local_plus_detail
Preserve the +detail portion of the address when passing
address to local delivery agent. Disables alias and
.forward +detail stripping (e.g., given user+detail, only
that address will be looked up in the alias file; user+* and
user will not be looked up). Only use if the local
delivery agent in use supports +detail addressing.
Moreover, this will most likely not work if the 'w' flag
for the local mailer is set as the entire local address
including +detail is passed to the user lookup function.
compat_check Enable ruleset check_compat to look up pairs of addresses
with the Compat: tag -- Compat:sender<@>recipient -- in the
access map. Valid values for the RHS include
DISCARD silently discard recipient
TEMP: return a temporary error
ERROR: return a permanent error
In the last two cases, a 4xy/5xy SMTP reply code should
follow the colon.
no_default_msa Don't generate the default MSA daemon, i.e.,
DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
To define a MSA daemon with other parameters, use this
FEATURE and introduce new settings via DAEMON_OPTIONS().
msp Defines config file for Message Submission Program.
See sendmail/SECURITY for details and cf/cf/submit.mc how
to use it. An optional argument can be used to override
the default of `[localhost]' to use as host to send all
e-mails to. Note that MX records will be used if the
specified hostname is not in square brackets (e.g.,
[hostname]). If `MSA' is specified as second argument then
port 587 is used to contact the server. Example:
FEATURE(`msp', `', `MSA')
Some more hints about possible changes can be found below
in the section MESSAGE SUBMISSION PROGRAM.
Note: Due to many problems, submit.mc uses
FEATURE(`msp', `[127.0.0.1]')
by default. If you have a machine with IPv6 only,
change it to
FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]')
If you want to continue using '[localhost]', (the behavior
up to 8.12.6), use
FEATURE(`msp')
queuegroup A simple example how to select a queue group based
on the full e-mail address or the domain of the
recipient. Selection is done via entries in the
access map using the tag QGRP:, for example:
QGRP:example.com main
QGRP:friend@some.org others
QGRP:my.domain local
where "main", "others", and "local" are names of
queue groups. If an argument is specified, it is used
as default queue group.
Note: please read the warning in doc/op/op.me about
queue groups and possible queue manipulations.
greet_pause Adds the greet_pause ruleset which enables open proxy
and SMTP slamming protection. The feature can take an
argument specifying the milliseconds to wait:
FEATURE(`greet_pause', `5000') dnl 5 seconds
If FEATURE(`access_db') is enabled, an access database
lookup with the GreetPause tag is done using client
hostname, domain, IP address, or subnet to determine the
pause time:
GreetPause:my.domain 0
GreetPause:example.com 5000
GreetPause:10.1.2 2000
GreetPause:127.0.0.1 0
When using FEATURE(`access_db'), the optional
FEATURE(`greet_pause') argument becomes the default if
nothing is found in the access database. A ruleset called
Local_greet_pause can be used for local modifications, e.g.,
LOCAL_RULESETS
SLocal_greet_pause
R$* $: $&{daemon_flags}
R$* a $* $# 0
block_bad_helo Reject messages from SMTP clients which provide a HELO/EHLO
argument which is either unqualified, or is one of our own
names (i.e., the server name instead of the client name).
This check is performed at RCPT stage and disabled for the
following cases:
- authenticated sessions,
- connections from IP addresses in class $={R}.
Currently access_db lookups can not be used to
(selectively) disable this test, moreover,
FEATURE(`delay_checks')
is required. Note, the block_bad_helo feature automatically
adds the IPv6 and IPv4 localhost IP addresses to $={w} (local
host names) and $={R} (relay permitted).
require_rdns Reject mail from connecting SMTP clients without proper
rDNS (reverse DNS), functional gethostbyaddr() resolution.
Note: this feature will cause false positives, i.e., there
are legitimate MTAs that do not have proper DNS entries.
Rejecting mails from those MTAs is a local policy decision.
The basic policy is to reject message with a 5xx error if
the IP address fails to resolve. However, if this is a
temporary failure, a 4xx temporary failure is returned.
If the look-up succeeds, but returns an apparently forged
value, this is treated as a temporary failure with a 4xx
error code.
EXCEPTIONS:
Exceptions based on access entries are discussed below.
Any IP address matched using $=R (the "relay-domains" file)
is excepted from the rules. Since we have explicitly
allowed relaying for this host, based on IP address, we
ignore the rDNS failure.
The philosophical assumption here is that most users do
not control their rDNS. They should be able to send mail
through their ISP, whether or not they have valid rDNS.
The class $=R, roughly speaking, contains those IP addresses
and address ranges for which we are the ISP, or are acting
as if the ISP.
If `delay_checks' is in effect (recommended), then any
sender who has authenticated is also excepted from the
restrictions. This happens because the rules produced by
this FEATURE() will not be applied to authenticated senders
(assuming `delay_checks').
ACCESS MAP ENTRIES:
Entries such as
Connect:1.2.3.4 OK
Connect:1.2 RELAY
- will whitelist IP address 1.2.3.4, so that the rDNS
+ will allowlist IP address 1.2.3.4, so that the rDNS
blocking does apply to that IP address
Entries such as
Connect:1.2.3.4 REJECT
will have the effect of forcing a temporary failure for
that address to be treated as a permanent failure.
badmx Reject envelope sender addresses (MAIL) whose domain part
resolves to a "bad" MX record. By default these are
MX records which resolve to A records that match the
regular expression:
^(127\.|10\.|0\.0\.0\.0)
This default regular expression can be overridden by
specifying an argument, e.g.,
FEATURE(`badmx', `^127\.0\.0\.1')
Note: this feature requires that the sendmail binary
has been compiled with the options MAP_REGEX and
DNSMAP.
+-------+
| HACKS |
+-------+
Some things just can't be called features. To make this clear,
they go in the hack subdirectory and are referenced using the HACK
macro. These will tend to be site-dependent. The release
includes the Berkeley-dependent "cssubdomain" hack (that makes
sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU;
this is intended as a short-term aid while moving hosts into
subdomains.
+--------------------+
| SITE CONFIGURATION |
+--------------------+
*****************************************************
* This section is really obsolete, and is preserved *
* only for back compatibility. You should plan on *
* using mailertables for new installations. In *
* particular, it doesn't work for the newer forms *
* of UUCP mailers, such as uucp-uudom. *
*****************************************************
Complex sites will need more local configuration information, such as
lists of UUCP hosts they speak with directly. This can get a bit more
tricky. For an example of a "complex" site, see cf/ucbvax.mc.
The SITECONFIG macro allows you to indirectly reference site-dependent
configuration information stored in the siteconfig subdirectory. For
example, the line
SITECONFIG(`uucp.ucbvax', `ucbvax', `U')
reads the file uucp.ucbvax for local connection information. The
second parameter is the local name (in this case just "ucbvax" since
it is locally connected, and hence a UUCP hostname). The third
parameter is the name of both a macro to store the local name (in
this case, {U}) and the name of the class (e.g., {U}) in which to store
the host information read from the file. Another SITECONFIG line reads
SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W')
This says that the file uucp.ucbarpa contains the list of UUCP sites
connected to ucbarpa.Berkeley.EDU. Class {W} will be used to
store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that
is, the name of the relay to which the hosts listed in uucp.ucbarpa
are connected. [The machine ucbarpa is gone now, but this
out-of-date configuration file has been left around to demonstrate
how you might do this.]
Note that the case of SITECONFIG with a third parameter of ``U'' is
special; the second parameter is assumed to be the UUCP name of the
local site, rather than the name of a remote site, and the UUCP name
is entered into class {w} (the list of local hostnames) as $U.UUCP.
The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing
more than a sequence of SITE macros describing connectivity. For
example:
SITE(`cnmat')
SITE(`sgi olympus')
The second example demonstrates that you can use two names on the
same line; these are usually aliases for the same host (or are at
least in the same company).
The macro LOCAL_UUCP can be used to add rules into the generated
cf file at the place where MAILER(`uucp') inserts its rules. This
should only be used if really necessary.
+--------------------+
| USING UUCP MAILERS |
+--------------------+
It's hard to get UUCP mailers right because of the extremely ad hoc
nature of UUCP addressing. These config files are really designed
for domain-based addressing, even for UUCP sites.
There are four UUCP mailers available. The choice of which one to
use is partly a matter of local preferences and what is running at
the other end of your UUCP connection. Unlike good protocols that
define what will go over the wire, UUCP uses the policy that you
should do what is right for the other end; if they change, you have
to change. This makes it hard to do the right thing, and discourages
people from updating their software. In general, if you can avoid
UUCP, please do.
The major choice is whether to go for a domainized scheme or a
non-domainized scheme. This depends entirely on what the other
end will recognize. If at all possible, you should encourage the
other end to go to a domain-based system -- non-domainized addresses
don't work entirely properly.
The four mailers are:
uucp-old (obsolete name: "uucp")
This is the oldest, the worst (but the closest to UUCP) way of
sending messages across UUCP connections. It does bangify
everything and prepends $U (your UUCP name) to the sender's
address (which can already be a bang path itself). It can
only send to one address at a time, so it spends a lot of
time copying duplicates of messages. Avoid this if at all
possible.
uucp-new (obsolete name: "suucp")
The same as above, except that it assumes that in one rmail
command you can specify several recipients. It still has a
lot of other problems.
uucp-dom
This UUCP mailer keeps everything as domain addresses.
Basically, it uses the SMTP mailer rewriting rules. This mailer
is only included if MAILER(`smtp') is specified before
MAILER(`uucp').
Unfortunately, a lot of UUCP mailer transport agents require
bangified addresses in the envelope, although you can use
domain-based addresses in the message header. (The envelope
shows up as the From_ line on UNIX mail.) So....
uucp-uudom
This is a cross between uucp-new (for the envelope addresses)
and uucp-dom (for the header addresses). It bangifies the
envelope sender (From_ line in messages) without adding the
local hostname, unless there is no host name on the address
at all (e.g., "wolf") or the host component is a UUCP host name
instead of a domain name ("somehost!wolf" instead of
"some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
is also specified earlier.
Examples:
On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
summarizes the sender rewriting for various mailers.
Mailer sender rewriting in the envelope
------ ------ -------------------------
uucp-{old,new} wolf grasp!wolf
uucp-dom wolf wolf@grasp.insa-lyon.fr
uucp-uudom wolf grasp.insa-lyon.fr!wolf
uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
uucp-dom wolf@fr.net wolf@fr.net
uucp-uudom wolf@fr.net fr.net!wolf
uucp-{old,new} somehost!wolf grasp!somehost!wolf
uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
If you are using one of the domainized UUCP mailers, you really want
to convert all UUCP addresses to domain format -- otherwise, it will
do it for you (and probably not the way you expected). For example,
if you have the address foo!bar!baz (and you are not sending to foo),
the heuristics will add the @uucp.relay.name or @local.host.name to
this address. However, if you map foo to foo.host.name first, it
will not add the local hostname. You can do this using the uucpdomain
feature.
+-------------------+
| TWEAKING RULESETS |
+-------------------+
For more complex configurations, you can define special rules.
The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
the names. Any modifications made here are reflected in the header.
A common use is to convert old UUCP addresses to SMTP addresses using
the UUCPSMTP macro. For example:
LOCAL_RULE_3
UUCPSMTP(`decvax', `decvax.dec.com')
UUCPSMTP(`research', `research.att.com')
will cause addresses of the form "decvax!user" and "research!user"
to be converted to "user@decvax.dec.com" and "user@research.att.com"
respectively.
This could also be used to look up hosts in a database map:
LOCAL_RULE_3
R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3
This map would be defined in the LOCAL_CONFIG portion, as shown below.
Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
For example, new rules are needed to parse hostnames that you accept
via MX records. For example, you might have:
LOCAL_RULE_0
R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.>
You would use this if you had installed an MX record for cnmat.Berkeley.EDU
pointing at this host; this rule catches the message and forwards it on
using UUCP.
You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
These rulesets are normally empty.
A similar macro is LOCAL_CONFIG. This introduces lines added after the
boilerplate option setting but before rulesets. Do not declare rulesets in
the LOCAL_CONFIG section. It can be used to declare local database maps or
whatever. For example:
LOCAL_CONFIG
Khostmap hash /etc/mail/hostmap
Kyplocal nis -m hosts.byname
+---------------------------+
| MASQUERADING AND RELAYING |
+---------------------------+
You can have your host masquerade as another using
MASQUERADE_AS(`host.domain')
This causes mail being sent to be labeled as coming from the
indicated host.domain, rather than $j. One normally masquerades as
one of one's own subdomains (for example, it's unlikely that
Berkeley would choose to masquerade as an MIT site). This
behaviour is modified by a plethora of FEATUREs; in particular, see
masquerade_envelope, allmasquerade, limited_masquerade, and
masquerade_entire_domain.
The masquerade name is not normally canonified, so it is important
that it be your One True Name, that is, fully qualified and not a
CNAME. However, if you use a CNAME, the receiving side may canonify
it for you, so don't think you can cheat CNAME mapping this way.
Normally the only addresses that are masqueraded are those that come
from this host (that is, are either unqualified or in class {w}, the list
of local domain names). You can augment this list, which is realized
by class {M} using
MASQUERADE_DOMAIN(`otherhost.domain')
The effect of this is that although mail to user@otherhost.domain
will not be delivered locally, any mail including any user@otherhost.domain
will, when relayed, be rewritten to have the MASQUERADE_AS address.
This can be a space-separated list of names.
If these names are in a file, you can use
MASQUERADE_DOMAIN_FILE(`filename')
to read the list of names from the indicated file (i.e., to add
elements to class {M}).
To exempt hosts or subdomains from being masqueraded, you can use
MASQUERADE_EXCEPTION(`host.domain')
This can come handy if you want to masquerade a whole domain
except for one (or a few) host(s). If these names are in a file,
you can use
MASQUERADE_EXCEPTION_FILE(`filename')
Normally only header addresses are masqueraded. If you want to
masquerade the envelope as well, use
FEATURE(`masquerade_envelope')
There are always users that need to be "exposed" -- that is, their
internal site name should be displayed instead of the masquerade name.
Root is an example (which has been "exposed" by default prior to 8.10).
You can add users to this list using
EXPOSED_USER(`usernames')
This adds users to class {E}; you could also use
EXPOSED_USER_FILE(`filename')
You can also arrange to relay all unqualified names (that is, names
without @host) to a relay host. For example, if you have a central
email server, you might relay to that host so that users don't have
to have .forward files or aliases. You can do this using
define(`LOCAL_RELAY', `mailer:hostname')
The ``mailer:'' can be omitted, in which case the mailer defaults to
"relay". There are some user names that you don't want relayed, perhaps
because of local aliases. A common example is root, which may be
locally aliased. You can add entries to this list using
LOCAL_USER(`usernames')
This adds users to class {L}; you could also use
LOCAL_USER_FILE(`filename')
If you want all incoming mail sent to a centralized hub, as for a
shared /var/spool/mail scheme, use
define(`MAIL_HUB', `mailer:hostname')
Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY
and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
Note: there is a (long standing) bug which keeps this combination from
working for addresses of the form user+detail.
Names in class {L} will be delivered locally, so you MUST have aliases or
.forward files for them.
For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
FEATURE(`stickyhost'), the following combinations of settings will have the
indicated effects:
email sent to.... eric eric@mastodon.CS.Berkeley.EDU
LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally)
mail.CS.Berkeley.EDU (no local aliasing) (aliasing done)
MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done)
Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU
MAIL_HUB set as above (no local aliasing) (aliasing done)
If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
MAIL_HUB act identically, with MAIL_HUB taking precedence.
If you want all outgoing mail to go to a central relay site, define
SMART_HOST as well. Briefly:
LOCAL_RELAY applies to unqualified names (e.g., "eric").
MAIL_HUB applies to names qualified with the name of the
local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
SMART_HOST applies to names qualified with other hosts or
bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
or "eric@[127.0.0.1]").
However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
really want absolutely everything to go to a single central site you will
need to unset all the other relays -- or better yet, find or build a
minimal config file that does this.
For duplicate suppression to work properly, the host name is best
specified with a terminal dot:
define(`MAIL_HUB', `host.domain.')
note the trailing dot ---^
+-------------------------------------------+
| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
+-------------------------------------------+
LDAP can be used for aliases, maps, and classes by either specifying your
own LDAP map specification or using the built-in default LDAP map
specification. The built-in default specifications all provide lookups
which match against either the machine's fully qualified hostname (${j}) or
a "cluster". The cluster allows you to share LDAP entries among a large
number of machines without having to enter each of the machine names into
each LDAP entry. To set the LDAP cluster name to use for a particular
machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
unique name. For example:
define(`confLDAP_CLUSTER', `Servers')
Here, the word `Servers' will be the cluster name. As an example, assume
that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
to the Servers cluster.
Some of the LDAP LDIF examples below show use of the Servers cluster.
Every entry must have either a sendmailMTAHost or sendmailMTACluster
attribute or it will be ignored. Be careful as mixing clusters and
individual host records can have surprising results (see the CAUTION
sections below).
See the file cf/sendmail.schema for the actual LDAP schemas. Note that
this schema (and therefore the lookups and examples below) is experimental
at this point as it has had little public review. Therefore, it may change
in future versions. Feedback via sendmail-YYYY@support.sendmail.org is
encouraged (replace YYYY with the current year, e.g., 2005).
-------
Aliases
-------
The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
lookups. To use the default schema, simply use:
define(`ALIAS_FILE', `ldap:')
By doing so, you will use the default schema which expands to a map
declared as follows:
ldap -k (&(objectClass=sendmailMTAAliasObject)
(sendmailMTAAliasGrouping=aliases)
(|(sendmailMTACluster=${sendmailMTACluster})
(sendmailMTAHost=$j))
(sendmailMTAKey=%0))
-v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
used when the binary expands the `ldap:' token as the AliasFile option is
not actually macro-expanded when read from the sendmail.cf file.
Example LDAP LDIF entries might be:
dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAAlias
objectClass: sendmailMTAAliasObject
sendmailMTAAliasGrouping: aliases
sendmailMTAHost: etrn.sendmail.org
sendmailMTAKey: sendmail-list
sendmailMTAAliasValue: ca@example.org
sendmailMTAAliasValue: eric
sendmailMTAAliasValue: gshapiro@example.com
dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAAlias
objectClass: sendmailMTAAliasObject
sendmailMTAAliasGrouping: aliases
sendmailMTAHost: etrn.sendmail.org
sendmailMTAKey: owner-sendmail-list
sendmailMTAAliasValue: eric
dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAAlias
objectClass: sendmailMTAAliasObject
sendmailMTAAliasGrouping: aliases
sendmailMTACluster: Servers
sendmailMTAKey: postmaster
sendmailMTAAliasValue: eric
Here, the aliases sendmail-list and owner-sendmail-list will be available
only on etrn.sendmail.org but the postmaster alias will be available on
every machine in the Servers cluster (including etrn.sendmail.org).
CAUTION: aliases are additive so that entries like these:
dn: sendmailMTAKey=bob, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAAlias
objectClass: sendmailMTAAliasObject
sendmailMTAAliasGrouping: aliases
sendmailMTACluster: Servers
sendmailMTAKey: bob
sendmailMTAAliasValue: eric
dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAAlias
objectClass: sendmailMTAAliasObject
sendmailMTAAliasGrouping: aliases
sendmailMTAHost: etrn.sendmail.org
sendmailMTAKey: bob
sendmailMTAAliasValue: gshapiro
would mean that on all of the hosts in the cluster, mail to bob would go to
eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
gshapiro.
If you prefer not to use the default LDAP schema for your aliases, you can
specify the map parameters when setting ALIAS_FILE. For example:
define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
----
Maps
----
FEATURE()'s which take an optional map definition argument (e.g., access,
mailertable, virtusertable, etc.) can instead take the special keyword
`LDAP', e.g.:
FEATURE(`access_db', `LDAP')
FEATURE(`virtusertable', `LDAP')
When this keyword is given, that map will use LDAP lookups consisting of
the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
with the map name, a search attribute of sendmailMTAKey, and the value
attribute sendmailMTAMapValue.
The values for sendmailMTAMapName are:
FEATURE() sendmailMTAMapName
--------- ------------------
access_db access
authinfo authinfo
bitdomain bitdomain
domaintable domain
genericstable generics
mailertable mailer
uucpdomain uucpdomain
virtusertable virtuser
For example, FEATURE(`mailertable', `LDAP') would use the map definition:
Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
(sendmailMTAMapName=mailer)
(|(sendmailMTACluster=${sendmailMTACluster})
(sendmailMTAHost=$j))
(sendmailMTAKey=%0))
-1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
An example LDAP LDIF entry using this map might be:
dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAMap
sendmailMTACluster: Servers
sendmailMTAMapName: mailer
dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAMap
objectClass: sendmailMTAMapObject
sendmailMTAMapName: mailer
sendmailMTACluster: Servers
sendmailMTAKey: example.com
sendmailMTAMapValue: relay:[smtp.example.com]
CAUTION: If your LDAP database contains the record above and *ALSO* a host
specific record such as:
dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAMap
objectClass: sendmailMTAMapObject
sendmailMTAMapName: mailer
sendmailMTAHost: etrn.sendmail.org
sendmailMTAKey: example.com
sendmailMTAMapValue: relay:[mx.example.com]
then these entries will give unexpected results. When the lookup is done
on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
require a single match. Since the host etrn.sendmail.org is also in the
Servers cluster, LDAP would return two answers for the example.com map key
in which case sendmail would treat this as no match at all.
If you prefer not to use the default LDAP schema for your maps, you can
specify the map parameters when using the FEATURE(). For example:
FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
-------
Classes
-------
Normally, classes can be filled via files or programs. As of 8.12, they
can also be filled via map lookups using a new syntax:
F{ClassName}mapkey@mapclass:mapspec
mapkey is optional and if not provided the map key will be empty. This can
be used with LDAP to read classes from LDAP. Note that the lookup is only
done when sendmail is initially started. Use the special value `@LDAP' to
use the default LDAP schema. For example:
RELAY_DOMAIN_FILE(`@LDAP')
would put all of the attribute sendmailMTAClassValue values of LDAP records
with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
'R' into class $={R}. In other words, it is equivalent to the LDAP map
specification:
F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
(sendmailMTAClassName=R)
(|(sendmailMTACluster=${sendmailMTACluster})
(sendmailMTAHost=$j)))
-v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
used when the binary expands the `@LDAP' token as class declarations are
not actually macro-expanded when read from the sendmail.cf file.
This can be used with class related commands such as RELAY_DOMAIN_FILE(),
MASQUERADE_DOMAIN_FILE(), etc:
Command sendmailMTAClassName
------- --------------------
CANONIFY_DOMAIN_FILE() Canonify
EXPOSED_USER_FILE() E
GENERICS_DOMAIN_FILE() G
LDAPROUTE_DOMAIN_FILE() LDAPRoute
LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv
LOCAL_USER_FILE() L
MASQUERADE_DOMAIN_FILE() M
MASQUERADE_EXCEPTION_FILE() N
RELAY_DOMAIN_FILE() R
VIRTUSER_DOMAIN_FILE() VirtHost
You can also add your own as any 'F'ile class of the form:
F{ClassName}@LDAP
^^^^^^^^^
will use "ClassName" for the sendmailMTAClassName.
An example LDAP LDIF entry would look like:
dn: sendmailMTAClassName=R, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAClass
sendmailMTACluster: Servers
sendmailMTAClassName: R
sendmailMTAClassValue: sendmail.org
sendmailMTAClassValue: example.com
sendmailMTAClassValue: 10.56.23
CAUTION: If your LDAP database contains the record above and *ALSO* a host
specific record such as:
dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
objectClass: sendmailMTA
objectClass: sendmailMTAClass
sendmailMTAHost: etrn.sendmail.org
sendmailMTAClassName: R
sendmailMTAClassValue: example.com
the result will be similar to the aliases caution above. When the lookup
is done on etrn.sendmail.org, $={R} would contain all of the entries (from
both the cluster match and the host match). In other words, the effective
is additive.
If you prefer not to use the default LDAP schema for your classes, you can
specify the map parameters when using the class command. For example:
VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
Remember, macros can not be used in a class declaration as the binary does
not expand them.
+--------------+
| LDAP ROUTING |
+--------------+
FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
LDAP Schema for Intranet Mail Routing
(draft-lachman-laser-ldap-mail-routing-01). This feature enables
LDAP-based rerouting of a particular address to either a different host
or a different address. The LDAP lookup is first attempted on the full
address (e.g., user@example.com) and then on the domain portion
(e.g., @example.com). Be sure to setup your domain for LDAP routing using
LDAPROUTE_DOMAIN(), e.g.:
LDAPROUTE_DOMAIN(`example.com')
Additionally, you can specify equivalent domains for LDAP routing using
LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent'
hostnames are mapped to $M (the masqueraded hostname for the server) before
the LDAP query. For example, if the mail is addressed to
user@host1.example.com, normally the LDAP lookup would only be done for
'user@host1.example.com' and '@host1.example.com'. However, if
LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
done on 'user@example.com' and '@example.com' after attempting the
host1.example.com lookups.
By default, the feature will use the schemas as specified in the draft
and will not reject addresses not found by the LDAP lookup. However,
this behavior can be changed by giving additional arguments to the FEATURE()
command:
FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
<detail>, <nodomain>, <tempfail>)
where <mailHost> is a map definition describing how to look up an alternative
mail host for a particular address; <mailRoutingAddress> is a map definition
describing how to look up an alternative address for a particular address;
the <bounce> argument, if present and not the word "passthru", dictates
that mail should be bounced if neither a mailHost nor mailRoutingAddress
is found, if set to "sendertoo", the sender will be rejected if not
found in LDAP; and <detail> indicates what actions to take if the address
contains +detail information -- `strip' tries the lookup with the +detail
and if no matches are found, strips the +detail and tries the lookup again;
`preserve', does the same as `strip' but if a mailRoutingAddress match is
found, the +detail information is copied to the new address; the <nodomain>
argument, if present, will prevent the @domain lookup if the full
address is not found in LDAP; the <tempfail> argument, if set to
"tempfail", instructs the rules to give an SMTP 4XX temporary
error if the LDAP server gives the MTA a temporary failure, or if set to
"queue" (the default), the MTA will locally queue the mail.
The default <mailHost> map definition is:
ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
(mailLocalAddress=%0))
The default <mailRoutingAddress> map definition is:
ldap -1 -T<TMPF> -v mailRoutingAddress
-k (&(objectClass=inetLocalMailRecipient)
(mailLocalAddress=%0))
Note that neither includes the LDAP server hostname (-h server) or base DN
(-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that
your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
these settings. If this is not the case, the map definitions should be
changed as described above. The "-T<TMPF>" is required in any user
specified map definition to catch temporary errors.
The following possibilities exist as a result of an LDAP lookup on an
address:
mailHost is mailRoutingAddress is Results in
----------- --------------------- ----------
set to a set mail delivered to
"local" host mailRoutingAddress
set to a not set delivered to
"local" host original address
set to a set mailRoutingAddress
remote host relayed to mailHost
set to a not set original address
remote host relayed to mailHost
not set set mail delivered to
mailRoutingAddress
not set not set delivered to
original address *OR*
bounced as unknown user
The term "local" host above means the host specified is in class {w}. If
the result would mean sending the mail to a different host, that host is
looked up in the mailertable before delivery.
Note that the last case depends on whether the third argument is given
to the FEATURE() command. The default is to deliver the message to the
original address.
The LDAP entries should be set up with an objectClass of
inetLocalMailRecipient and the address be listed in a mailLocalAddress
attribute. If present, there must be only one mailHost attribute and it
must contain a fully qualified host name as its value. Similarly, if
present, there must be only one mailRoutingAddress attribute and it must
contain an RFC 822 compliant address. Some example LDAP records (in LDIF
format):
dn: uid=tom, o=example.com, c=US
objectClass: inetLocalMailRecipient
mailLocalAddress: tom@example.com
mailRoutingAddress: thomas@mailhost.example.com
This would deliver mail for tom@example.com to thomas@mailhost.example.com.
dn: uid=dick, o=example.com, c=US
objectClass: inetLocalMailRecipient
mailLocalAddress: dick@example.com
mailHost: eng.example.com
This would relay mail for dick@example.com to the same address but redirect
the mail to MX records listed for the host eng.example.com (unless the
mailertable overrides).
dn: uid=harry, o=example.com, c=US
objectClass: inetLocalMailRecipient
mailLocalAddress: harry@example.com
mailHost: mktmail.example.com
mailRoutingAddress: harry@mkt.example.com
This would relay mail for harry@example.com to the MX records listed for
the host mktmail.example.com using the new address harry@mkt.example.com
when talking to that host.
dn: uid=virtual.example.com, o=example.com, c=US
objectClass: inetLocalMailRecipient
mailLocalAddress: @virtual.example.com
mailHost: server.example.com
mailRoutingAddress: virtual@example.com
This would send all mail destined for any username @virtual.example.com to
the machine server.example.com's MX servers and deliver to the address
virtual@example.com on that relay machine.
+---------------------------------+
| ANTI-SPAM CONFIGURATION CONTROL |
+---------------------------------+
The primary anti-spam features available in sendmail are:
* Relaying is denied by default.
* Better checking on sender information.
* Access database.
* Header checks.
Relaying (transmission of messages from a site outside your host (class
{w}) to another site except yours) is denied by default. Note that this
changed in sendmail 8.9; previous versions allowed relaying by default.
If you really want to revert to the old behaviour, you will need to use
FEATURE(`promiscuous_relay'). You can allow certain domains to relay
through your server by adding their domain name or IP address to class
{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
(described below). Note that IPv6 addresses must be prefaced with "IPv6:".
The file consists (like any other file based class) of entries listed on
separate lines, e.g.,
sendmail.org
128.32
IPv6:2002:c0a8:02c7
IPv6:2002:c0a8:51d2::23f4
host.mydomain.com
[UNIX:localhost]
Notice: the last entry allows relaying for connections via a UNIX
socket to the MTA/MSP. This might be necessary if your configuration
doesn't allow relaying by other means in that case, e.g., by having
localhost.$m in class {R} (make sure $m is not just a top level
domain).
If you use
FEATURE(`relay_entire_domain')
then any host in any of your local domains (that is, class {m})
will be relayed (that is, you will accept mail either to or from any
host in your domain).
You can also allow relaying based on the MX records of the host
portion of an incoming recipient address by using
FEATURE(`relay_based_on_MX')
For example, if your server receives a recipient of user@domain.com
and domain.com lists your server in its MX records, the mail will be
accepted for relay to domain.com. This feature may cause problems
if MX lookups for the recipient domain are slow or time out. In that
case, mail will be temporarily rejected. It is usually better to
maintain a list of hosts/domains for which the server acts as relay.
Note also that this feature will stop spammers from using your host
to relay spam but it will not stop outsiders from using your server
as a relay for their site (that is, they set up an MX record pointing
to your mail server, and you will relay mail addressed to them
without any prior arrangement). Along the same lines,
FEATURE(`relay_local_from')
will allow relaying if the sender specifies a return path (i.e.
MAIL FROM:<user@domain>) domain which is a local domain. This is a
dangerous feature as it will allow spammers to spam using your mail
server by simply specifying a return address of user@your.domain.com.
It should not be used unless absolutely necessary.
A slightly better solution is
FEATURE(`relay_mail_from')
which allows relaying if the mail sender is listed as RELAY in the
access map. If an optional argument `domain' (this is the literal
word `domain', not a placeholder) is given, the domain portion of
the mail sender is also checked to allowing relaying. This option
only works together with the tag From: for the LHS of the access
map entries. This feature allows spammers to abuse your mail server
by specifying a return address that you enabled in your access file.
This may be harder to figure out for spammers, but it should not
be used unless necessary. Instead use SMTP AUTH or STARTTLS to
allow relaying for roaming users.
If source routing is used in the recipient address (e.g.,
RCPT TO:<user%site.com@othersite.com>), sendmail will check
user@site.com for relaying if othersite.com is an allowed relay host
in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
or the access database if FEATURE(`access_db') is used. To prevent
the address from being stripped down, use:
FEATURE(`loose_relay_check')
If you think you need to use this feature, you probably do not. This
should only be used for sites which have no control over the addresses
that they provide a gateway for. Use this FEATURE with caution as it
can allow spammers to relay through your server if not setup properly.
NOTICE: It is possible to relay mail through a system which the
anti-relay rules do not prevent: the case of a system that does use
FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
(system A) and relays local messages to a mail hub (e.g., via
LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the
same feature (nouucp / nopercenthack) at all, addresses of the form
<example.net!user@local.host> / <user%example.net@local.host>
would be relayed to <user@example.net>.
System A doesn't recognize `!' / `%' as an address separator and
therefore forwards it to the mail hub which in turns relays it
because it came from a trusted local host. So if a mailserver
allows UUCP (bang-format) / %-hack addresses, all systems from which
it allows relaying should do the same or reject those addresses.
As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
an unresolvable domain (i.e., one that DNS, your local name service,
or special case rules in ruleset 3 cannot locate). This also applies
to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
IP address can't be mapped to a host name. If you want to continue
to accept such domains, e.g., because you are inside a firewall that
has only a limited view of the Internet host name space (note that you
will not be able to return mail to them unless you have some "smart
host" forwarder), use
FEATURE(`accept_unresolvable_domains')
Alternatively, you can allow specific addresses by adding them to
the access map, e.g.,
From:unresolvable.domain OK
From:[1.2.3.4] OK
From:[1.2.4] OK
Notice: domains which are temporarily unresolvable are (temporarily)
rejected with a 451 reply code. If those domains should be accepted
(which is discouraged) then you can use
LOCAL_CONFIG
C{ResOk}TEMP
sendmail will also refuse mail if the MAIL FROM: parameter is not
fully qualified (i.e., contains a domain as well as a user). If you
want to continue to accept such senders, use
FEATURE(`accept_unqualified_senders')
Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
i.e., unqualified addresses are accepted even without this FEATURE. If
this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
to enforce fully qualified domain names.
An ``access'' database can be created to accept or reject mail from
selected domains. For example, you may choose to reject all mail
originating from known spammers. To enable such a database, use
FEATURE(`access_db')
Notice: the access database is applied to the envelope addresses
and the connection information, not to the header.
The FEATURE macro can accept as second parameter the key file
definition for the database; for example
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
Notice: If a second argument is specified it must contain the option
`-T<TMPF>' as shown above. The optional parameters may be
`skip' enables SKIP as value part (see below).
`lookupdotdomain' another way to enable the feature of the
same name (see above).
`relaytofulladdress' enable entries of the form
To:user@example.com RELAY
to allow relaying to just a specific
e-mail address instead of an entire domain.
Remember, since /etc/mail/access is a database, after creating the text
file as described below, you must use makemap to create the database
map. For example:
makemap hash /etc/mail/access < /etc/mail/access
The table itself uses e-mail addresses, domain names, and network
numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:".
For example,
From:spammer@aol.com REJECT
From:cyberspammer.com REJECT
Connect:cyberspammer.com REJECT
Connect:TLD REJECT
Connect:192.168.212 REJECT
Connect:IPv6:2002:c0a8:02c7 RELAY
Connect:IPv6:2002:c0a8:51d2::23f4 REJECT
would refuse mail from spammer@aol.com, any user from cyberspammer.com
(or any host within the cyberspammer.com domain), any host in the entire
top level domain TLD, 192.168.212.* network, and the IPv6 address
2002:c0a8:51d2::23f4. It would allow relay for the IPv6 network
2002:c0a8:02c7::/48.
Entries in the access map should be tagged according to their type.
Three tags are available:
Connect: connection information (${client_addr}, ${client_name})
From: envelope sender
To: envelope recipient
Notice: untagged entries are deprecated.
If the required item is looked up in a map, it will be tried first
with the corresponding tag in front, then (as fallback to enable
backward compatibility) without any tag, unless the specific feature
requires a tag. For example,
From:spammer@some.dom REJECT
To:friend.domain RELAY
Connect:friend.domain OK
Connect:from.domain RELAY
From:good@another.dom OK
From:another.dom REJECT
This would deny mails from spammer@some.dom but you could still
-send mail to that address even if FEATURE(`blacklist_recipients')
+send mail to that address even if FEATURE(`blocklist_recipients')
is enabled. Your system will allow relaying to friend.domain, but
not from it (unless enabled by other means). Connections from that
domain will be allowed even if it ends up in one of the DNS based
rejection lists. Relaying is enabled from from.domain but not to
it (since relaying is based on the connection information for
outgoing relaying, the tag Connect: must be used; for incoming
relaying, which is based on the recipient address, To: must be
used). The last two entries allow mails from good@another.dom but
reject mail from all other addresses with another.dom as domain
part.
The value part of the map can contain:
OK Accept mail even if other rules in the running
ruleset would reject it, for example, if the domain
name is unresolvable. "Accept" does not mean
"relay", but at most acceptance for local
recipients. That is, OK allows less than RELAY.
RELAY Accept mail addressed to the indicated domain
(or address if `relaytofulladdress' is set) or
received from the indicated domain for relaying
through your SMTP server. RELAY also serves as
an implicit OK for the other checks.
REJECT Reject the sender or recipient with a general
purpose message.
DISCARD Discard the message completely using the
$#discard mailer. If it is used in check_compat,
it affects only the designated recipient, not
the whole message as it does in all other cases.
This should only be used if really necessary.
SKIP This can only be used for host/domain names
and IP addresses/nets. It will abort the current
search for this entry without accepting or rejecting
it but causing the default action.
### any text where ### is an RFC 821 compliant error code and
"any text" is a message to return for the command.
The entire string should be quoted to avoid
surprises:
"### any text"
Otherwise sendmail formats the text as email
addresses, e.g., it may remove spaces.
This type is deprecated, use one of the two
ERROR: entries below instead.
ERROR:### any text
as above, but useful to mark error messages as such.
If quotes need to be used to avoid modifications
(see above), they should be placed like this:
ERROR:"### any text"
ERROR:D.S.N:### any text
where D.S.N is an RFC 1893 compliant error code
and the rest as above. If quotes need to be used
to avoid modifications, they should be placed
like this:
ERROR:D.S.N:"### any text"
QUARANTINE:any text
Quarantine the message using the given text as the
quarantining reason.
For example:
From:cyberspammer.com ERROR:"550 We don't accept mail from spammers"
From:okay.cyberspammer.com OK
Connect:sendmail.org RELAY
To:sendmail.org RELAY
Connect:128.32 RELAY
Connect:128.32.2 SKIP
Connect:IPv6:1:2:3:4:5:6:7 RELAY
Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
Connect:[127.0.0.3] OK
Connect:[IPv6:1:2:3:4:5:6:7:8] OK
would accept mail from okay.cyberspammer.com, but would reject mail
from all other hosts at cyberspammer.com with the indicated message.
It would allow relaying mail from and to any hosts in the sendmail.org
domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
and from the 128.32.*.* network except for the 128.32.2.* network,
which shows how SKIP is useful to exempt subnets/subdomains. The
last two entries are for checks against ${client_name} if the IP
address doesn't resolve to a hostname (or is considered as "may be
forged"). That is, using square brackets means these are host
names, not network numbers.
Warning: if you change the RFC 821 compliant error code from the default
value of 550, then you should probably also change the RFC 1893 compliant
error code to match it. For example, if you use
To:user@example.com ERROR:450 mailbox full
the error returned would be "450 5.0.0 mailbox full" which is wrong.
Use "ERROR:4.2.2:450 mailbox full" instead.
Note, UUCP users may need to add hostname.UUCP to the access database
or class {R}.
If you also use:
FEATURE(`relay_hosts_only')
then the above example will allow relaying for sendmail.org, but not
hosts within the sendmail.org domain. Note that this will also require
hosts listed in class {R} to be fully qualified host names.
You can also use the access database to block sender addresses based on
the username portion of the address. For example:
From:FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted
Note that you must include the @ after the username to signify that
this database entry is for checking only the username portion of the
sender address.
If you use:
- FEATURE(`blacklist_recipients')
+ FEATURE(`blocklist_recipients')
then you can add entries to the map for local users, hosts in your
domains, or addresses in your domain which should not receive mail:
To:badlocaluser@ ERROR:550 Mailbox disabled for badlocaluser
To:host.my.TLD ERROR:550 That host does not accept mail
To:user@other.my.TLD ERROR:550 Mailbox disabled for this recipient
This would prevent a recipient of badlocaluser in any of the local
domains (class {w}), any user at host.my.TLD, and the single address
user@other.my.TLD from receiving mail. Please note: a local username
must be now tagged with an @ (this is consistent with the check of
the sender address, and hence it is possible to distinguish between
hostnames and usernames). Enabling this feature will keep you from
sending mails to all addresses that have an error message or REJECT
as value part in the access map. Taking the example from above:
spammer@aol.com REJECT
cyberspammer.com REJECT
Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
That's why tagged entries should be used.
-There are several DNS based blacklists which can be found by
+There are several DNS based blocklists which can be found by
querying a search engine. These are databases of spammers
maintained in DNS. To use such a database, specify
FEATURE(`dnsbl', `dnsbl.example.com')
This will cause sendmail to reject mail from any site listed in the
-DNS based blacklist. You must select a DNS based blacklist domain
+DNS based blocklist. You must select a DNS based blocklist domain
to check by specifying an argument to the FEATURE. The default
error message is
Rejected: IP-ADDRESS listed at SERVER
where IP-ADDRESS and SERVER are replaced by the appropriate
information. A second argument can be used to specify a different
text or action. For example,
FEATURE(`dnsbl', `dnsbl.example.com', `quarantine')
would quarantine the message if the client IP address is listed
at `dnsbl.example.com'.
By default, temporary lookup failures are ignored
and hence cause the connection not to be rejected by the DNS based
rejection list. This behavior can be changed by specifying a third
argument, which must be either `t' or a full error message. For
example:
FEATURE(`dnsbl', `dnsbl.example.com', `',
`"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
If `t' is used, the error message is:
451 Temporary lookup failure of IP-ADDRESS at SERVER
where IP-ADDRESS and SERVER are replaced by the appropriate
information.
This FEATURE can be included several times to query different
DNS based rejection lists.
Notice: to avoid checking your own local domains against those
-blacklists, use the access_db feature and add:
+blocklists, use the access_db feature and add:
Connect:10.1 OK
Connect:127.0.0.1 RELAY
to the access map, where 10.1 is your local network. You may
want to use "RELAY" instead of "OK" to allow also relaying
-instead of just disabling the DNS lookups in the blacklists.
+instead of just disabling the DNS lookups in the blocklists.
The features described above make use of the check_relay, check_mail,
and check_rcpt rulesets. Note that check_relay checks the SMTP
client hostname and IP address when the connection is made to your
server. It does not check if a mail message is being relayed to
another server. That check is done in check_rcpt. If you wish to
include your own checks, you can put your checks in the rulesets
Local_check_relay, Local_check_mail, and Local_check_rcpt. For
example if you wanted to block senders with all numeric usernames
(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
regex map:
LOCAL_CONFIG
Kallnumbers regex -a@MATCH ^[0-9]+$
LOCAL_RULESETS
SLocal_check_mail
# check address against various regex checks
R$* $: $>Parse0 $>3 $1
R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
R@MATCH $#error $: 553 Header Error
These rules are called with the original arguments of the corresponding
check_* ruleset. If the local ruleset returns $#OK, no further checking
is done by the features described above and the mail is accepted. If
the local ruleset resolves to a mailer (such as $#error or $#discard),
the appropriate action is taken. Other results starting with $# are
interpreted by sendmail and may lead to unspecified behavior. Note: do
NOT create a mailer with the name OK. Return values that do not start
with $# are ignored, i.e., normal processing continues.
Delay all checks
----------------
By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
will not be called when a client connects or issues a MAIL command,
respectively. Instead, those rulesets will be called by the check_rcpt
ruleset; they will be skipped if a sender has been authenticated using
a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
If check_mail returns an error then the RCPT TO command will be rejected
with that error. If it returns some other result starting with $# then
check_relay will be skipped. If the sender address (or a part of it) is
listed in the access map and it has a RHS of OK or RELAY, then check_relay
will be skipped. This has an interesting side effect: if your domain is
my.domain and you have
my.domain RELAY
in the access map, then any e-mail with a sender address of
<user@my.domain> will not be rejected by check_relay even though
it would match the hostname or IP address. This allows spammers
-to get around DNS based blacklist by faking the sender address. To
+to get around DNS based blocklist by faking the sender address. To
avoid this problem you have to use tagged entries:
To:my.domain RELAY
Connect:my.domain RELAY
if you need those entries at all (class {R} may take care of them).
FEATURE(`delay_checks') can take an optional argument:
FEATURE(`delay_checks', `friend')
enables spamfriend test
FEATURE(`delay_checks', `hater')
enables spamhater test
If such an argument is given, the recipient will be looked up in the
access map (using the tag Spam:). If the argument is `friend', then
the default behavior is to apply the other rulesets and make a SPAM
friend the exception. The rulesets check_mail and check_relay will be
skipped only if the recipient address is found and has RHS FRIEND. If
the argument is `hater', then the default behavior is to skip the rulesets
check_mail and check_relay and make a SPAM hater the exception. The
other two rulesets will be applied only if the recipient address is
found and has RHS HATER.
This allows for simple exceptions from the tests, e.g., by activating
the friend option and having
Spam:abuse@ FRIEND
in the access map, mail to abuse@localdomain will get through (where
"localdomain" is any domain in class {w}). It is also possible to
specify a full address or an address with +detail:
Spam:abuse@my.domain FRIEND
Spam:me+abuse@ FRIEND
Spam:spam.domain FRIEND
Note: The required tag has been changed in 8.12 from To: to Spam:.
This change is incompatible to previous versions. However, you can
(for now) simply add the new entries to the access map, the old
ones will be ignored. As soon as you removed the old entries from
the access map, specify a third parameter (`n') to this feature and
the backward compatibility rules will not be in the generated .cf
file.
Header Checks
-------------
You can also reject mail on the basis of the contents of headers.
This is done by adding a ruleset call to the 'H' header definition command
in sendmail.cf. For example, this can be used to check the validity of
a Message-ID: header:
LOCAL_CONFIG
HMessage-Id: $>CheckMessageId
LOCAL_RULESETS
SCheckMessageId
R< $+ @ $+ > $@ OK
R$* $#error $: 553 Header Error
The alternative format:
HSubject: $>+CheckSubject
that is, $>+ instead of $>, gives the full Subject: header including
comments to the ruleset (comments in parentheses () are stripped
by default).
A default ruleset for headers which don't have a specific ruleset
defined for them can be given by:
H*: $>CheckHdr
Notice:
1. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
That may cause problems with simple header checks due to the
tokenization. It might be simpler to use a regex map and apply it
to $&{currHeader}.
2. There are no default rulesets coming with this distribution of
sendmail. You can write your own, can search the WWW for examples,
or take a look at cf/cf/knecht.mc.
3. When using a default ruleset for headers, the name of the header
currently being checked can be found in the $&{hdr_name} macro.
After all of the headers are read, the check_eoh ruleset will be called for
any final header-related checks. The ruleset is called with the number of
headers and the size of all of the headers in bytes separated by $|. One
example usage is to reject messages which do not have a Message-Id:
header. However, the Message-Id: header is *NOT* a required header and is
not a guaranteed spam indicator. This ruleset is an example and should
probably not be used in production.
LOCAL_CONFIG
Kstorage macro
HMessage-Id: $>CheckMessageId
LOCAL_RULESETS
SCheckMessageId
# Record the presence of the header
R$* $: $(storage {MessageIdCheck} $@ OK $) $1
R< $+ @ $+ > $@ OK
R$* $#error $: 553 Header Error
Scheck_eoh
# Check the macro
R$* $: < $&{MessageIdCheck} >
# Clear the macro for the next message
R$* $: $(storage {MessageIdCheck} $) $1
# Has a Message-Id: header
R< $+ > $@ OK
# Allow missing Message-Id: from local mail
R$* $: < $&{client_name} >
R< > $@ OK
R< $=w > $@ OK
# Otherwise, reject the mail
R$* $#error $: 553 Header Error
+--------------------+
| CONNECTION CONTROL |
+--------------------+
The features ratecontrol and conncontrol allow to establish connection
limits per client IP address or net. These features can limit the
rate of connections (connections per time unit) or the number of
incoming SMTP connections, respectively. If enabled, appropriate
rulesets are called at the end of check_relay, i.e., after DNS
-blacklists and generic access_db operations. The features require
+blocklists and generic access_db operations. The features require
FEATURE(`access_db') to be listed earlier in the mc file.
Note: FEATURE(`delay_checks') delays those connection control checks
after a recipient address has been received, hence making these
connection control features less useful. To run the checks as early
as possible, specify the parameter `nodelay', e.g.,
FEATURE(`ratecontrol', `nodelay')
In that case, FEATURE(`delay_checks') has no effect on connection
control (and it must be specified earlier in the mc file).
An optional second argument `terminate' specifies whether the
rulesets should return the error code 421 which will cause
sendmail to terminate the session with that error if it is
returned from check_relay, i.e., not delayed as explained in
the previous paragraph. Example:
FEATURE(`ratecontrol', `nodelay', `terminate')
+----------+
| STARTTLS |
+----------+
In this text, cert will be used as an abbreviation for X.509 certificate,
DN (CN) is the distinguished (common) name of a cert, and CA is a
certification authority, which signs (issues) certs.
For STARTTLS to be offered by sendmail you need to set at least
these variables (the file names and paths are just examples):
define(`confCACERT_PATH', `/etc/mail/certs/')
define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
On systems which do not have the compile flag HASURANDOM set (see
sendmail/README) you also must set confRAND_FILE.
See doc/op/op.{me,ps,txt} for more information about these options,
especially the sections ``Certificates for STARTTLS'' and ``PRNG for
STARTTLS''.
Macros related to STARTTLS are:
${cert_issuer} holds the DN of the CA (the cert issuer).
${cert_subject} holds the DN of the cert (called the cert subject).
${cn_issuer} holds the CN of the CA (the cert issuer).
${cn_subject} holds the CN of the cert (called the cert subject).
${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
TLSv1/SSLv3, SSLv3, SSLv2.
${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
used for the connection.
${verify} holds the result of the verification of the presented cert.
Possible values are:
OK verification succeeded.
NO no cert presented.
NOT no cert requested.
FAIL cert presented but could not be verified,
e.g., the cert of the signing CA is missing.
NONE STARTTLS has not been performed.
TEMP temporary error occurred.
PROTOCOL protocol error occurred (SMTP level).
SOFTWARE STARTTLS handshake failed.
${server_name} the name of the server of the current outgoing SMTP
connection.
${server_addr} the address of the server of the current outgoing SMTP
connection.
Relaying
--------
SMTP STARTTLS can allow relaying for remote SMTP clients which have
successfully authenticated themselves. If the verification of the cert
failed (${verify} != OK), relaying is subject to the usual rules.
Otherwise the DN of the issuer is looked up in the access map using the
tag CERTISSUER. If the resulting value is RELAY, relaying is allowed.
If it is SUBJECT, the DN of the cert subject is looked up next in the
access map using the tag CERTSUBJECT. If the value is RELAY, relaying
is allowed.
To make things a bit more flexible (or complicated), the values for
${cert_issuer} and ${cert_subject} can be optionally modified by regular
expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
rulesets and map lookups, they are modified as follows: each non-printable
character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
by their HEX value with a leading '+'. For example:
-/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
+/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/emailAddress=
darth+cert@endmail.org
is encoded as:
/C=US/ST=California/O=endmail.org/OU=private/CN=
-Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
+Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
(line breaks have been inserted for readability).
The macros which are subject to this encoding are ${cert_subject},
${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
Examples:
To allow relaying for everyone who can present a cert signed by
/C=US/ST=California/O=endmail.org/OU=private/CN=
-Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
+Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
simply use:
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
-Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY
+Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org RELAY
To allow relaying only for a subset of machines that have a cert signed by
/C=US/ST=California/O=endmail.org/OU=private/CN=
-Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
+Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
use:
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
-Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT
+Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org SUBJECT
CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
-DeathStar/Email=deathstar@endmail.org RELAY
+DeathStar/emailAddress=deathstar@endmail.org RELAY
-Notes:
-- line breaks have been inserted after "CN=" for readability,
- each tagged entry must be one (long) line in the access map.
-- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
- is replaced by "emailAddress=".
+Note: line breaks have been inserted after "CN=" for readability,
+each tagged entry must be one (long) line in the access map.
Of course it is also possible to write a simple ruleset that allows
relaying for everyone who can present a cert that can be verified, e.g.,
LOCAL_RULESETS
SLocal_check_rcpt
R$* $: $&{verify}
ROK $# OK
Allowing Connections
--------------------
The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
an SMTP connection is accepted (or should continue).
tls_server is called when sendmail acts as client after a STARTTLS command
(should) have been issued. The parameter is the value of ${verify}.
tls_client is called when sendmail acts as server, after a STARTTLS command
has been issued, and from check_mail. The parameter is the value of
${verify} and STARTTLS or MAIL, respectively.
Both rulesets behave the same. If no access map is in use, the connection
will be accepted unless ${verify} is SOFTWARE, in which case the connection
is always aborted. For tls_server/tls_client, ${client_name}/${server_name}
is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
with the ruleset LookUpDomain. If no entry is found, ${client_addr}
(${server_addr}) is looked up in the access map (same tag, ruleset
LookUpAddr). If this doesn't result in an entry either, just the tag is
looked up in the access map (included the trailing colon). Notice:
requiring that e-mail is sent to a server only encrypted, e.g., via
TLS_Srv:secure.domain ENCR:112
doesn't necessarily mean that e-mail sent to that domain is encrypted.
If the domain has multiple MX servers, e.g.,
secure.domain. IN MX 10 mail.secure.domain.
secure.domain. IN MX 50 mail.other.domain.
then mail to user@secure.domain may go unencrypted to mail.other.domain.
tls_rcpt can be used to address this problem.
tls_rcpt is called before a RCPT TO: command is sent. The parameter is the
current recipient. This ruleset is only defined if FEATURE(`access_db')
is selected. A recipient address user@domain is looked up in the access
map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
and TLS_Rcpt:; the first match is taken.
The result of the lookups is then used to call the ruleset TLS_connection,
which checks the requirement specified by the RHS in the access map against
the actual parameters of the current TLS connection, esp. ${verify} and
${cipher_bits}. Legal RHSs in the access map are:
VERIFY verification must have succeeded
VERIFY:bits verification must have succeeded and ${cipher_bits} must
be greater than or equal bits.
ENCR:bits ${cipher_bits} must be greater than or equal bits.
The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
or permanent error. The default is a temporary error code (403 4.7.0)
unless the macro TLS_PERM_ERR is set during generation of the .cf file.
If a certain level of encryption is required, then it might also be
possible that this level is provided by the security layer from a SASL
algorithm, e.g., DIGEST-MD5.
Furthermore, there can be a list of extensions added. Such a list
starts with '+' and the items are separated by '++'. Allowed
extensions are:
CN:name name must match ${cn_subject}
CN ${client_name}/${server_name} must match ${cn_subject}
CS:name name must match ${cert_subject}
CI:name name must match ${cert_issuer}
+CITag:MYTag look up MYTag:${cert_issuer} in access map; the check
+ only succeeds if it is found with a RHS of OK.
Example: e-mail sent to secure.example.com should only use an encrypted
connection. E-mail received from hosts within the laptop.example.com domain
should only be accepted if they have been authenticated. The host which
receives e-mail for darth@endmail.org must present a cert that uses the
-CN smtp.endmail.org.
+CN smtp.endmail.org. E-mail sent to safe.example.com must be verified,
+have a matching CN, and must present a cert signed by a CA with one of
+the listed DNs.
-TLS_Srv:secure.example.com ENCR:112
-TLS_Clt:laptop.example.com PERM+VERIFY:112
+TLS_Srv:secure.example.com ENCR:112
+TLS_Clt:laptop.example.com PERM+VERIFY:112
TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
+TLS_Srv:safe.example.net VERIFY+CN++CITag:MyCA
+MyCA:/C=US/ST=CA/O=safe/CN=example.net/ OK
+MyCA:/C=US/ST=CA/O=secure/CN=example.net/ OK
TLS Options per Session
-----------------------
By default STARTTLS is used whenever possible. However, there are
MTAs with STARTTLS interoperability issues. To be able to send to
(or receive from) those MTAs several features are available:
1) Various TLS options be be set per IP/domain.
2) STARTTLS can be turned off for specific IP addresses/domains.
About 1): the rulesets tls_srv_features and tls_clt_features can
be used to return a (semicolon separated) list of TLS related
options:
- Options: compare {Server,Client}SSLOptions.
- CipherList: same as the global option.
- CertFile, KeyFile: {Server,Client}{Cert,Key}File
+- Flags: see doc/op/op.me for details.
If FEATURE(`tls_session_features') is used, then default rulesets
are activated which look up entries in the access map with the tags
TLS_Srv_features and TLS_Clt_features, respectively.
For example, these entries:
TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA;
TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT
specify a cipherlist with MEDIUM strength ciphers that use RSA
certificates only for the client with the IP address 10.0.2.4,
and turn off TLSv1.2 when connecting to the server with the IP
address 10.1.0.1 as well as setting a specific cipherlist.
If FEATURE(`tls_session_features') is not used the user can provide
their own rulesets which must return the appropriate data.
If the rulesets are not defined or do not return a value, the
default TLS options are not modified.
-(These rulesets require the sendmail binary to be built with
-_FFR_TLS_SE_OPTS enabled.)
-About 2): the ruleset try_tls (srv_features) can be used that work
-together with the access map. Entries for the access map must be
-tagged with Try_TLS (Srv_Features) and refer to the hostname or IP
-address of the connecting system. A default case can be specified
-by using just the tag. For example, the following entries in the
-access map:
+About 2): the ruleset try_tls (srv_features) can be used together
+with the access map. Entries for the access map must be tagged
+with Try_TLS (Srv_Features) and refer to the hostname or IP address
+of the connecting system. A default case can be specified by using
+just the tag. For example, the following entries in the access map:
Try_TLS:broken.server NO
Srv_Features:my.domain v
Srv_Features: V
will turn off STARTTLS when sending to broken.server (or any host
in that domain), and request a client certificate during the TLS
handshake only for hosts in my.domain. The valid entries on the RHS
for Srv_Features are listed in the Sendmail Installation and
Operations Guide.
Received: Header
----------------
The Received: header reveals whether STARTTLS has been used. It contains an
extra line:
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
+---------------------+
| SMTP AUTHENTICATION |
+---------------------+
The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
used in anti-relay rulesets to allow relaying for those users that
authenticated themselves. A very simple example is:
SLocal_check_rcpt
R$* $: $&{auth_type}
R$+ $# OK
which checks whether a user has successfully authenticated using
any available mechanism. Depending on the setup of the Cyrus SASL
library, more sophisticated rulesets might be required, e.g.,
SLocal_check_rcpt
R$* $: $&{auth_type} $| $&{auth_authen}
RDIGEST-MD5 $| $+@$=w $# OK
to allow relaying for users that authenticated using DIGEST-MD5
and have an identity in the local domains.
The ruleset trust_auth is used to determine whether a given AUTH=
parameter (that is passed to this ruleset) should be trusted. This
ruleset may make use of the other ${auth_*} macros. Only if the
ruleset resolves to the error mailer, the AUTH= parameter is not
trusted. A user supplied ruleset Local_trust_auth can be written
to modify the default behavior, which only trust the AUTH=
parameter if it is identical to the authenticated user.
Per default, relaying is allowed for any user who authenticated
via a "trusted" mechanism, i.e., one that is defined via
TRUST_AUTH_MECH(`list of mechanisms')
For example:
TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')
If the selected mechanism provides a security layer the number of
bits used for the key of the symmetric cipher is stored in the
macro ${auth_ssf}.
Providing SMTP AUTH Data when sendmail acts as Client
-----------------------------------------------------
If sendmail acts as client, it needs some information how to
authenticate against another MTA. This information can be provided
by the ruleset authinfo or by the option DefaultAuthInfo. The
authinfo ruleset looks up {server_name} using the tag AuthInfo: in
the access map. If no entry is found, {server_addr} is looked up
in the same way and finally just the tag AuthInfo: to provide
default values. Note: searches for domain parts or IP nets are
only performed if the access map is used; if the authinfo feature
is used then only up to three lookups are performed (two exact
matches, one default).
Note: If your daemon does client authentication when sending, and
if it uses either PLAIN or LOGIN authentication, then you *must*
prevent ordinary users from seeing verbose output. Do NOT install
sendmail set-user-ID. Use PrivacyOptions to turn off verbose output
("goaway" works for this).
Notice: the default configuration file causes the option DefaultAuthInfo
to fail since the ruleset authinfo is in the .cf file. If you really
want to use DefaultAuthInfo (it is deprecated) then you have to
remove the ruleset.
The RHS for an AuthInfo: entry in the access map should consists of a
list of tokens, each of which has the form: "TDstring" (including
the quotes). T is a tag which describes the item, D is a delimiter,
either ':' for simple text or '=' for a base64 encoded string.
Valid values for the tag are:
U user (authorization) id
I authentication id
P password
R realm
M list of mechanisms delimited by spaces
Example entries are:
AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"
User id or authentication id must exist as well as the password. All
other entries have default values. If one of user or authentication
id is missing, the existing value is used for the missing item.
If "R:" is not specified, realm defaults to $j. The list of mechanisms
defaults to those specified by AuthMechanisms.
Since this map contains sensitive information, either the access
map must be unreadable by everyone but root (or the trusted user)
or FEATURE(`authinfo') must be used which provides a separate map.
Notice: It is not checked whether the map is actually
group/world-unreadable, this is left to the user.
+--------------------------------+
| ADDING NEW MAILERS OR RULESETS |
+--------------------------------+
Sometimes you may need to add entirely new mailers or rulesets. They
should be introduced with the constructs MAILER_DEFINITIONS and
LOCAL_RULESETS respectively. For example:
MAILER_DEFINITIONS
Mmymailer, ...
...
LOCAL_RULESETS
Smyruleset
...
Local additions for the rulesets srv_features, try_tls, tls_rcpt,
tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
respectively. For example, to add a local ruleset that decides
whether to try STARTTLS in a sendmail client, use:
LOCAL_TRY_TLS
R...
Note: you don't need to add a name for the ruleset, it is implicitly
defined by using the appropriate macro.
+-------------------------+
| ADDING NEW MAIL FILTERS |
+-------------------------+
Sendmail supports mail filters to filter incoming SMTP messages according
to the "Sendmail Mail Filter API" documentation. These filters can be
configured in your mc file using the two commands:
MAIL_FILTER(`name', `equates')
INPUT_MAIL_FILTER(`name', `equates')
The first command, MAIL_FILTER(), simply defines a filter with the given
name and equates. For example:
MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
This creates the equivalent sendmail.cf entry:
Xarchive, S=local:/var/run/archivesock, F=R
The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
of the filter such that the filter will actually be called by sendmail.
For example, the two commands:
INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
are equivalent to the three commands:
MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
In general, INPUT_MAIL_FILTER() should be used unless you need to define
more filters than you want to use for `confINPUT_MAIL_FILTERS'.
Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
commands will clear the list created by the prior INPUT_MAIL_FILTER()
commands.
+-------------------------+
| QUEUE GROUP DEFINITIONS |
+-------------------------+
In addition to the queue directory (which is the default queue group
called "mqueue"), sendmail can deal with multiple queue groups, which
are collections of queue directories with the same behaviour. Queue
groups can be defined using the command:
QUEUE_GROUP(`name', `equates')
For details about queue groups, please see doc/op/op.{me,ps,txt}.
+-------------------------------+
| NON-SMTP BASED CONFIGURATIONS |
+-------------------------------+
These configuration files are designed primarily for use by
SMTP-based sites. They may not be well tuned for UUCP-only or
UUCP-primarily nodes (the latter is defined as a small local net
connected to the rest of the world via UUCP). However, there is
one hook to handle some special cases.
You can define a ``smart host'' that understands a richer address syntax
using:
define(`SMART_HOST', `mailer:hostname')
In this case, the ``mailer:'' defaults to "relay". Any messages that
can't be handled using the usual UUCP rules are passed to this host.
If you are on a local SMTP-based net that connects to the outside
world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
For example:
define(`SMART_HOST', `uucp-new:uunet')
LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
This will cause all names that end in your domain name ($m) to be sent
via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
If you have FEATURE(`nocanonify'), you may need to omit the dots after
the $m. If you are running a local DNS inside your domain which is
not otherwise connected to the outside world, you probably want to
use:
define(`SMART_HOST', `smtp:fire.wall.com')
LOCAL_NET_CONFIG
R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3
That is, send directly only to things you found in your DNS lookup;
anything else goes through SMART_HOST.
You may need to turn off the anti-spam rules in order to accept
UUCP mail with FEATURE(`promiscuous_relay') and
FEATURE(`accept_unresolvable_domains').
+-----------+
| WHO AM I? |
+-----------+
Normally, the $j macro is automatically defined to be your fully
qualified domain name (FQDN). Sendmail does this by getting your
host name using gethostname and then calling gethostbyname on the
result. For example, in some environments gethostname returns
only the root of the host name (such as "foo"); gethostbyname is
supposed to return the FQDN ("foo.bar.com"). In some (fairly rare)
cases, gethostbyname may fail to return the FQDN. In this case
you MUST define confDOMAIN_NAME to be your fully qualified domain
name. This is usually done using:
Dmbar.com
define(`confDOMAIN_NAME', `$w.$m')dnl
+-----------------------------------+
| ACCEPTING MAIL FOR MULTIPLE NAMES |
+-----------------------------------+
If your host is known by several different names, you need to augment
class {w}. This is a list of names by which your host is known, and
anything sent to an address using a host name in this list will be
treated as local mail. You can do this in two ways: either create the
file /etc/mail/local-host-names containing a list of your aliases (one per
line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified
name of the host, rather than a short name.
If you want to have different address in different domains, take
a look at the virtusertable feature, which is also explained at
http://www.sendmail.org/virtual-hosting.html
+--------------------+
| USING MAILERTABLES |
+--------------------+
To use FEATURE(`mailertable'), you will have to create an external
database containing the routing information for various domains.
For example, a mailertable file in text format might be:
.my.domain xnet:%1.my.domain
uuhost1.my.domain uucp-new:uuhost1
.bitnet smtp:relay.bit.net
This should normally be stored in /etc/mail/mailertable. The actual
database version of the mailertable is built using:
makemap hash /etc/mail/mailertable < /etc/mail/mailertable
The semantics are simple. Any LHS entry that does not begin with
a dot matches the full host name indicated. LHS entries beginning
with a dot match anything ending with that domain name (including
the leading dot) -- that is, they can be thought of as having a
leading ".+" regular expression pattern for a non-empty sequence of
characters. Matching is done in order of most-to-least qualified
-- for example, even though ".my.domain" is listed first in the
above example, an entry of "uuhost1.my.domain" will match the second
entry since it is more explicit. Note: e-mail to "user@my.domain"
does not match any entry in the above table. You need to have
something like:
my.domain esmtp:host.my.domain
The RHS should always be a "mailer:host" pair. The mailer is the
configuration name of a mailer (that is, an M line in the
sendmail.cf file). The "host" will be the hostname passed to
that mailer. In domain-based matches (that is, those with leading
dots) the "%1" may be used to interpolate the wildcarded part of
the host name. For example, the first line above sends everything
addressed to "anything.my.domain" to that same host name, but using
the (presumably experimental) xnet mailer.
In some cases you may want to temporarily turn off MX records,
particularly on gateways. For example, you may want to MX
everything in a domain to one machine that then forwards it
directly. To do this, you might use the DNS configuration:
*.domain. IN MX 0 relay.machine
and on relay.machine use the mailertable:
.domain smtp:[gateway.domain]
The [square brackets] turn off MX records for this host only.
If you didn't do this, the mailertable would use the MX record
again, which would give you an MX loop. Note that the use of
wildcard MX records is almost always a bad idea. Please avoid
using them if possible.
+--------------------------------+
| USING USERDB TO MAP FULL NAMES |
+--------------------------------+
The user database was not originally intended for mapping full names
to login names (e.g., Eric.Allman => eric), but some people are using
it that way. (it is recommended that you set up aliases for this
purpose instead -- since you can specify multiple alias files, this
is fairly easy.) The intent was to locate the default maildrop at
a site, but allow you to override this by sending to a specific host.
If you decide to set up the user database in this fashion, it is
imperative that you not use FEATURE(`stickyhost') -- otherwise,
e-mail sent to Full.Name@local.host.name will be rejected.
To build the internal form of the user database, use:
makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
As a general rule, it is an extremely bad idea to using full names
as e-mail addresses, since they are not in any sense unique. For
example, the UNIX software-development community has at least two
well-known Peter Deutsches, and at one time Bell Labs had two
Stephen R. Bournes with offices along the same hallway. Which one
will be forced to suffer the indignity of being Stephen_R_Bourne_2?
The less famous of the two, or the one that was hired later?
Finger should handle full names (and be fuzzy). Mail should use
handles, and not be fuzzy.
+--------------------------------+
| MISCELLANEOUS SPECIAL FEATURES |
+--------------------------------+
Plussed users
Sometimes it is convenient to merge configuration on a
centralized mail machine, for example, to forward all
root mail to a mail server. In this case it might be
useful to be able to treat the root addresses as a class
of addresses with subtle differences. You can do this
using plussed users. For example, a client might include
the alias:
root: root+client1@server
On the server, this will match an alias for "root+client1".
If that is not found, the alias "root+*" will be tried,
then "root".
+----------------+
| SECURITY NOTES |
+----------------+
A lot of sendmail security comes down to you. Sendmail 8 is much
more careful about checking for security problems than previous
versions, but there are some things that you still need to watch
for. In particular:
* Make sure the aliases file is not writable except by trusted
system personnel. This includes both the text and database
version.
* Make sure that other files that sendmail reads, such as the
mailertable, are only writable by trusted system personnel.
* The queue directory should not be world writable PARTICULARLY
if your system allows "file giveaways" (that is, if a non-root
user can chown any file they own to any other user).
-* If your system allows file giveaways, DO NOT create a publically
+* If your system allows file giveaways, DO NOT create a publicly
writable directory for forward files. This will allow anyone
to steal anyone else's e-mail. Instead, create a script that
copies the .forward file from users' home directories once a
night (if you want the non-NFS-mounted forward directory).
* If your system allows file giveaways, you'll find that
sendmail is much less trusting of :include: files -- in
particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
/etc/shells before they will be trusted (that is, before
files and programs listed in them will be honored).
In general, file giveaways are a mistake -- if you can turn them
off, do so.
+--------------------------------+
| TWEAKING CONFIGURATION OPTIONS |
+--------------------------------+
There are a large number of configuration options that don't normally
need to be changed. However, if you feel you need to tweak them,
you can define the following M4 variables. Note that some of these
variables require formats that are defined in RFC 2821 or RFC 2822.
Before changing them you need to make sure you do not violate those
(and other relevant) RFCs.
This list is shown in four columns: the name you define, the default
value for that definition, the option or macro that is affected
(either Ox for an option or Dx for a macro), and a brief description.
Greater detail of the semantics can be found in the Installation
and Operations Guide.
Some options are likely to be deprecated in future versions -- that is,
the option is only included to provide back-compatibility. These are
marked with "*".
Remember that these options are M4 variables, and hence may need to
be quoted. In particular, arguments with commas will usually have to
be ``double quoted, like this phrase'' to avoid having the comma
confuse things. This is common for alias file definitions and for
the read timeout.
M4 Variable Name Configuration [Default] & Description
================ ============= =======================
confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used
for internally generated outgoing
messages.
confDOMAIN_NAME $j macro If defined, sets $j. This should
only be done if your system cannot
determine your local domain name,
and then it should be set to
$w.Foo.COM, where Foo.COM is your
domain name.
confCF_VERSION $Z macro If defined, this is appended to the
configuration version name.
confLDAP_CLUSTER ${sendmailMTACluster} macro
If defined, this is the LDAP
cluster to use for LDAP searches
as described above in ``USING LDAP
FOR ALIASES, MAPS, AND CLASSES''.
confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
internally generated From: address.
confRECEIVED_HEADER Received:
[$?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated)
$.by $j ($v/$Z)$?r with $r$. id $i$?u
for $u; $|;
$.$b]
The format of the Received: header
in messages passed through this host.
It is unwise to try to change this.
confMESSAGEID_HEADER Message-Id: [<$t.$i@$j>] The format of an
internally generated Message-Id:
header.
confCW_FILE Fw class [/etc/mail/local-host-names] Name
of file used to get the local
additions to class {w} (local host
names).
confCT_FILE Ft class [/etc/mail/trusted-users] Name of
file used to get the local additions
to class {t} (trusted users).
confCR_FILE FR class [/etc/mail/relay-domains] Name of
file used to get the local additions
to class {R} (hosts allowed to relay).
confTRUSTED_USERS Ct class [no default] Names of users to add to
the list of trusted users. This list
always includes root, uucp, and daemon.
See also FEATURE(`use_ct_file').
confTRUSTED_USER TrustedUser [no default] Trusted user for file
ownership and starting the daemon.
Not to be confused with
confTRUSTED_USERS (see above).
confSMTP_MAILER - [esmtp] The mailer name used when
SMTP connectivity is required.
One of "smtp", "smtp8",
"esmtp", or "dsmtp".
confUUCP_MAILER - [uucp-old] The mailer to be used by
default for bang-format recipient
addresses. See also discussion of
class {U}, class {Y}, and class {Z}
in the MAILER(`uucp') section.
confLOCAL_MAILER - [local] The mailer name used when
local connectivity is required.
Almost always "local".
confRELAY_MAILER - [relay] The default mailer name used
for relaying any mail (e.g., to a
BITNET_RELAY, a SMART_HOST, or
whatever). This can reasonably be
"uucp-new" if you are on a
UUCP-connected site.
confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits?
confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling
confALIAS_WAIT AliasWait [10m] Time to wait for alias file
rebuild until you get bored and
decide that the apparently pending
rebuild failed.
confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on
queue filesystem to accept SMTP mail.
(Prior to 8.7 this was minfree/maxsize,
where minfree was the number of free
blocks and maxsize was the maximum
message size. Use confMAX_MESSAGE_SIZE
for the second value now.)
confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages
that will be accepted (in bytes).
confBLANK_SUB BlankSub [.] Blank (space) substitution
character.
confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately
to mailers marked expensive.
confCHECKPOINT_INTERVAL CheckpointInterval
[10] Checkpoint queue files every N
recipients.
confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
confERROR_MODE ErrorMode [print] Error message mode.
confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode.
confMATCH_GECOS MatchGECOS [False] Match GECOS field.
confMAX_HOP MaxHopCount [25] Maximum hop count.
confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd
mode] Ignore dot as terminator for
incoming messages?
confBIND_OPTS ResolverOptions [undefined] Default options for DNS
resolver.
confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME-
encapsulated messages per RFC 1344.
confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward]
The colon-separated list of places to
search for .forward files. N.B.: see
the Security Notes section.
confMCI_CACHE_SIZE ConnectionCacheSize
[2] Size of open connection cache.
confMCI_CACHE_TIMEOUT ConnectionCacheTimeout
[5m] Open connection cache timeout.
confHOST_STATUS_DIRECTORY HostStatusDirectory
[undefined] If set, host status is kept
on disk between sendmail runs in the
named directory tree. This need not be
a full pathname, in which case it is
interpreted relative to the queue
directory.
confSINGLE_THREAD_DELIVERY SingleThreadDelivery
[False] If this option and the
HostStatusDirectory option are both
set, single thread deliveries to other
hosts. That is, don't allow any two
sendmails on this host to connect
simultaneously to any other single
host. This can slow down delivery in
some cases, in particular since a
cached but otherwise idle connection
to a host will prevent other sendmails
from connecting to the other host.
confUSE_COMPRESSED_IPV6_ADDRESSES
UseCompressedIPv6Addresses
[undefined] If set, use the compressed
form of IPv6 addresses, such as
IPV6:::1, instead of the uncompressed
form, such as IPv6:0:0:0:0:0:0:0:1.
confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to
deliver error messages. This should
not be necessary because of general
acceptance of the envelope/header
distinction.
confLOG_LEVEL LogLevel [9] Log level.
confME_TOO MeToo [True] Include sender in group
expansions. This option is
deprecated and will be removed from
a future version.
confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
running newaliases. Since this does
DNS lookups on every address, it can
slow down the alias rebuild process
considerably on large alias files.
confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
special chars are old style.
confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
copies of all error messages.
confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for
queue files (octal). If not set,
sendmail uses 0600 unless its real
and effective uid are different in
which case it uses 0644.
confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
syntax addresses to the minimum
possible.
confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk
before forking.
confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response
on the initial connect.
confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial
connect() to complete. This can only
shorten connection timeouts; the kernel
silently enforces an absolute maximum
(which varies depending on the system).
confTO_ICONNECT Timeout.iconnect
[undefined] Like Timeout.connect, but
applies only to the very first attempt
to connect to a host in a message.
This allows a single very fast pass
followed by more careful delivery
attempts in the future.
confTO_ACONNECT Timeout.aconnect
[0] The overall timeout waiting for
all connection for a single delivery
attempt to succeed. If 0, no overall
limit is applied.
confTO_HELO Timeout.helo [5m] The timeout waiting for a response
to a HELO or EHLO command.
confTO_MAIL Timeout.mail [10m] The timeout waiting for a
response to the MAIL command.
confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response
to the RCPT command.
confTO_DATAINIT Timeout.datainit
[5m] The timeout waiting for a 354
response from the DATA command.
confTO_DATABLOCK Timeout.datablock
[1h] The timeout waiting for a block
during DATA phase.
confTO_DATAFINAL Timeout.datafinal
[1h] The timeout waiting for a response
to the final "." that terminates a
message.
confTO_RSET Timeout.rset [5m] The timeout waiting for a response
to the RSET command.
confTO_QUIT Timeout.quit [2m] The timeout waiting for a response
to the QUIT command.
confTO_MISC Timeout.misc [2m] The timeout waiting for a response
to other SMTP commands.
confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout
waiting for a command to be issued.
confTO_IDENT Timeout.ident [5s] The timeout waiting for a
response to an IDENT query.
confTO_FILEOPEN Timeout.fileopen
[60s] The timeout waiting for a file
(e.g., :include: file) to be opened.
confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response
to an LMTP LHLO command.
confTO_AUTH Timeout.auth [10m] The timeout waiting for a
response in an AUTH dialogue.
confTO_STARTTLS Timeout.starttls
[1h] The timeout waiting for a
response to an SMTP STARTTLS command.
confTO_CONTROL Timeout.control
[2m] The timeout for a complete
control socket transaction to complete.
confTO_QUEUERETURN Timeout.queuereturn
[5d] The timeout before a message is
returned as undeliverable.
confTO_QUEUERETURN_NORMAL
Timeout.queuereturn.normal
[undefined] As above, for normal
priority messages.
confTO_QUEUERETURN_URGENT
Timeout.queuereturn.urgent
[undefined] As above, for urgent
priority messages.
confTO_QUEUERETURN_NONURGENT
Timeout.queuereturn.non-urgent
[undefined] As above, for non-urgent
(low) priority messages.
confTO_QUEUERETURN_DSN
Timeout.queuereturn.dsn
[undefined] As above, for delivery
status notification messages.
confTO_QUEUEWARN Timeout.queuewarn
[4h] The timeout before a warning
message is sent to the sender telling
them that the message has been
deferred.
confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal
[undefined] As above, for normal
priority messages.
confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent
[undefined] As above, for urgent
priority messages.
confTO_QUEUEWARN_NONURGENT
Timeout.queuewarn.non-urgent
[undefined] As above, for non-urgent
(low) priority messages.
confTO_QUEUEWARN_DSN
Timeout.queuewarn.dsn
[undefined] As above, for delivery
status notification messages.
confTO_HOSTSTATUS Timeout.hoststatus
[30m] How long information about host
statuses will be maintained before it
is considered stale and the host should
be retried. This applies both within
a single queue run and to persistent
information (see below).
confTO_RESOLVER_RETRANS Timeout.resolver.retrans
[varies] Sets the resolver's
retransmission time interval (in
seconds). Sets both
Timeout.resolver.retrans.first and
Timeout.resolver.retrans.normal.
confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
[varies] Sets the resolver's
retransmission time interval (in
seconds) for the first attempt to
deliver a message.
confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
[varies] Sets the resolver's
retransmission time interval (in
seconds) for all resolver lookups
except the first delivery attempt.
confTO_RESOLVER_RETRY Timeout.resolver.retry
[varies] Sets the number of times
to retransmit a resolver query.
Sets both
Timeout.resolver.retry.first and
Timeout.resolver.retry.normal.
confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
[varies] Sets the number of times
to retransmit a resolver query for
the first attempt to deliver a
message.
confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
[varies] Sets the number of times
to retransmit a resolver query for
all resolver lookups except the
first delivery attempt.
confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be
USE_SYSTEM to use the system's idea,
USE_TZ to use the user's TZ envariable,
or something else to force that value.
confDEF_USER_ID DefaultUser [1:1] Default user id.
confUSERDB_SPEC UserDatabaseSpec
[undefined] User database
specification.
confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
confFALLBACK_SMARTHOST FallbackSmartHost
[undefined] Fallback smart host.
+confTLS_FALLBACK_TO_CLEAR TLSFallbacktoClear
+ [undefined] If set, immediately try
+ a connection again without STARTTLS
+ after a TLS handshake failure.
confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
for a host and other arrangements
haven't been made, try connecting
to the host directly; normally this
would be a config error.
confQUEUE_LA QueueLA [varies] Load average at which
queue-only function kicks in.
Default values is (8 * numproc)
where numproc is the number of
processors online (if that can be
determined).
confREFUSE_LA RefuseLA [varies] Load average at which
incoming SMTP connections are
refused. Default values is (12 *
numproc) where numproc is the
number of processors online (if
that can be determined).
confREJECT_LOG_INTERVAL RejectLogInterval [3h] Log interval when
refusing connections for this long.
confDELAY_LA DelayLA [0] Load average at which sendmail
will sleep for one second on most
SMTP commands and before accepting
connections. 0 means no limit.
confMAX_ALIAS_RECURSION MaxAliasRecursion
[10] Maximum depth of alias recursion.
confMAX_DAEMON_CHILDREN MaxDaemonChildren
[undefined] The maximum number of
children the daemon will permit. After
this number, connections will be
rejected. If not set or <= 0, there is
no limit.
confMAX_HEADERS_LENGTH MaxHeadersLength
[32768] Maximum length of the sum
of all headers.
confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
[undefined] Maximum length of
certain MIME header field values.
confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
[undefined] The maximum number of
connections permitted per second per
daemon. After this many connections
are accepted, further connections
will be delayed. If not set or <= 0,
there is no limit.
confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
[60s] Define the length of the
interval for which the number of
incoming connections is maintained.
confWORK_RECIPIENT_FACTOR
RecipientFactor [30000] Cost of each recipient.
confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
separate process.
confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
Priority, Host, Filename, Random,
Modification, or Time.
confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater
than zero, entries in the queue
will be retried during a queue run
only if the individual retry time
has been reached which is doubled
for each attempt. The maximum retry
time is limited by the specified value.
confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
must sit in the queue between queue
runs. This allows you to set the
queue run interval low for better
responsiveness without trying all
jobs in each run.
confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting
unlabeled 8 bit input to MIME, the
character set to use by default.
confSERVICE_SWITCH_FILE ServiceSwitchFile
[/etc/mail/service.switch] The file
to use for the service switch on
systems that do not have a
system-defined switch.
confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing
"file" type access of hosts names.
confDIAL_DELAY DialDelay [0s] If a connection fails, wait this
long and try again. Zero means "don't
retry". This is to allow "dial on
demand" connections to have enough time
to complete a connection.
confNO_RCPT_ACTION NoRecipientAction
[none] What to do if there are no legal
recipient fields (To:, Cc: or Bcc:)
in the message. Legal values can
be "none" to just leave the
nonconforming message as is, "add-to"
to add a To: header with all the
known recipients (which may expose
blind recipients), "add-apparently-to"
to do the same but use Apparently-To:
instead of To: (strongly discouraged
in accordance with IETF standards),
"add-bcc" to add an empty Bcc:
header, or "add-to-undisclosed" to
add the header
``To: undisclosed-recipients:;''.
confSAFE_FILE_ENV SafeFileEnvironment
[undefined] If set, sendmail will do a
chroot() into this directory before
writing files.
confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6]
If set, colons are treated as a regular
character in addresses. If not set,
they are treated as the introducer to
the RFC 822 "group" syntax. Colons are
handled properly in route-addrs. This
option defaults on for V5 and lower
configuration files.
confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
any given queue run to this number of
entries. Essentially, this will stop
reading each queue directory after this
number of entries are reached; it does
_not_ pick the highest priority jobs,
so this should be as large as your
system can tolerate. If not set, there
is no limit.
confMAX_QUEUE_CHILDREN MaxQueueChildren
[undefined] Limits the maximum number
of concurrent queue runners active.
This is to keep system resources used
within a reasonable limit. Relates to
Queue Groups and ForkEachJob.
confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
[1] Only active when MaxQueueChildren
defined. Controls the maximum number
of queue runners (aka queue children)
active at the same time in a work
group. See also MaxQueueChildren.
confDONT_EXPAND_CNAMES DontExpandCnames
[False] If set, $[ ... $] lookups that
do DNS based lookups do not expand
CNAME records. This currently violates
the published standards, but the IETF
seems to be moving toward legalizing
this. For example, if "FTP.Foo.ORG"
is a CNAME for "Cruft.Foo.ORG", then
with this option set a lookup of
"FTP" will return "FTP.Foo.ORG"; if
clear it returns "Cruft.FOO.ORG". N.B.
you may not see any effect until your
downstream neighbors stop doing CNAME
lookups as well.
confFROM_LINE UnixFromLine [From $g $d] The From_ line used
when sending to files or programs.
confSINGLE_LINE_FROM_HEADER SingleLineFromHeader
[False] From: lines that have
embedded newlines are unwrapped
onto one line.
confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that
does not include a host name.
confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full
name phrase (@,;:\()[] are automatic).
confOPERATORS OperatorChars [.:%@!^/[]+] Address operator
characters.
confSMTP_LOGIN_MSG SmtpGreetingMessage
[$j Sendmail $v/$Z; $b]
The initial (spontaneous) SMTP
greeting message. The word "ESMTP"
will be inserted between the first and
second words to convince other
sendmails to try to speak ESMTP.
confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3)
routine will never be invoked. You
might want to do this if you are
running NIS and you have a large group
map, since this call does a sequential
scan of the map; in a large site this
can cause your ypserv to run
essentially full time. If you set
this, agents run on behalf of users
will only have their primary
(/etc/passwd) group permissions.
confUNSAFE_GROUP_WRITES UnsafeGroupWrites
[True] If set, group-writable
:include: and .forward files are
considered "unsafe", that is, programs
and files cannot be directly referenced
from such files. World-writable files
are always considered unsafe.
Notice: this option is deprecated and
will be removed in future versions;
Set GroupWritableForwardFileSafe
and GroupWritableIncludeFileSafe in
DontBlameSendmail if required.
confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection
address (for testing).
confCONTROL_SOCKET_NAME ControlSocketName
[undefined] Control socket for daemon
management.
confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
[postmaster] If an error occurs when
sending an error message, send that
"double bounce" error message to this
address. If it expands to an empty
string, double bounces are dropped.
confSOFT_BOUNCE SoftBounce [False] If set, issue temporary errors
(4xy) instead of permanent errors
(5xy). This can be useful during
testing of a new configuration to
avoid erroneous bouncing of mails.
confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
messages which could not be returned
to the user or sent to postmaster.
If not set, the queue file will
be renamed.
confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header
implies DSN request.
confRUN_AS_USER RunAsUser [undefined] If set, become this user
when reading and delivering mail.
Causes all file reads (e.g., .forward
and :include: files) to be done as
this user. Also, all programs will
be run as this user, and all output
files will be written as this user.
confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
[infinite] If set, allow no more than
the specified number of recipients in
an SMTP envelope. Further recipients
receive a 452 error code (i.e., they
are deferred for the next delivery
attempt).
confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and the specified
number of recipients in a single SMTP
transaction have been rejected, sleep
for one second after each subsequent
RCPT command in that transaction.
confDONT_PROBE_INTERFACES DontProbeInterfaces
[False] If set, sendmail will _not_
insert the names and addresses of any
local interfaces into class {w}
(list of known "equivalent" addresses).
If you set this, you must also include
some support for these addresses (e.g.,
in a mailertable entry) -- otherwise,
mail to addresses in this list will
bounce with a configuration error.
If set to "loopback" (without
quotes), sendmail will skip
loopback interfaces (e.g., "lo0").
confPID_FILE PidFile [system dependent] Location of pid
file.
confPROCESS_TITLE_PREFIX ProcessTitlePrefix
[undefined] Prefix string for the
process title shown on 'ps' listings.
confDONT_BLAME_SENDMAIL DontBlameSendmail
[safe] Override sendmail's file
safety checks. This will definitely
compromise system security and should
not be used unless absolutely
necessary.
confREJECT_MSG - [550 Access denied] The message
given if the access database contains
REJECT in the value portion.
confRELAY_MSG - [550 Relaying denied] The message
given if an unauthorized relaying
attempt is rejected.
confDF_BUFFER_SIZE DataFileBufferSize
[4096] The maximum size of a
memory-buffered data (df) file
before a disk-based file is used.
confXF_BUFFER_SIZE XScriptFileBufferSize
[4096] The maximum size of a
memory-buffered transcript (xf)
file before a disk-based file is
used.
confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
CRAM-MD5] List of authentication
mechanisms for AUTH (separated by
spaces). The advertised list of
authentication mechanisms will be the
intersection of this list and the list
of available mechanisms as determined
by the Cyrus SASL library.
confAUTH_REALM AuthRealm [undefined] The authentication realm
that is passed to the Cyrus SASL
library. If no realm is specified,
$j is used. See KNOWNBUGS.
confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
authentication information for
outgoing connections. This file must
contain the user id, the authorization
id, the password (plain text), the
realm to use, and the list of
mechanisms to try, each on a separate
line and must be readable by root (or
the trusted user) only. If no realm
is specified, $j is used. If no
mechanisms are given in the file,
AuthMechanisms is used. Notice: this
option is deprecated and will be
removed in future versions; it doesn't
work for the MSP since it can't read
the file. Use the authinfo ruleset
instead. See also the section SMTP
AUTHENTICATION.
confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A'
then the AUTH= parameter for the
MAIL FROM command is only issued
when authentication succeeded.
See doc/op/op.me for more options
and details.
confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption
strength for the security layer in
SMTP AUTH (SASL). Default is
essentially unlimited.
confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
verification is performed, i.e.,
the server doesn't ask for a
certificate.
confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related
options for server side. See
SSL_CTX_set_options(3) for a list.
confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related
options for client side. See
SSL_CTX_set_options(3) for a list.
confCIPHER_LIST CipherList [undefined] Cipher list for TLS.
See ciphers(1) for possible values.
confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
specification for LDAP maps. The
value should only contain LDAP
specific settings such as "-h host
-p port -d bindDN", etc. The
settings will be used for all LDAP
maps unless they are specified in
the individual map specification
('K' command).
confCACERT_PATH CACertPath [undefined] Path to directory with
certificates of CAs which must contain
their hashes as filenames or links.
confCACERT CACertFile [undefined] File containing at least
one CA certificate.
confSERVER_CERT ServerCertFile [undefined] File containing the
cert of the server, i.e., this cert
is used when sendmail acts as
server.
confSERVER_KEY ServerKeyFile [undefined] File containing the
private key belonging to the server
cert.
confCLIENT_CERT ClientCertFile [undefined] File containing the
cert of the client, i.e., this cert
is used when sendmail acts as
client.
confCLIENT_KEY ClientKeyFile [undefined] File containing the
private key belonging to the client
cert.
confCRL CRLFile [undefined] File containing certificate
revocation status, useful for X.509v3
- authentication. Note that CRL requires
- at least OpenSSL version 0.9.7.
+ authentication.
+confCRL_PATH CRLPath [undefined] Directory containing
+ hashes pointing to certificate
+ revocation status files.
confDH_PARAMETERS DHParameters [undefined] File containing the
DH parameters.
+confDANE DANE [false] Enable DANE support.
confRAND_FILE RandFile [undefined] File containing random
data (use prefix file:) or the
name of the UNIX socket if EGD is
used (use prefix egd:). STARTTLS
requires this option if the compile
flag HASURANDOM is not set (see
sendmail/README).
confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
[undefined] The fingerprint algorithm
(digest) to use for the presented
cert.
+confSSL_ENGINE SSLEngine [undefined] Name of SSLEngine.
+confSSL_ENGINE_PATH SSLEnginePath [undefined] Path to dynamic library
+ for SSLEngine.
confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
queue runners is set the given value
(nice(3)).
confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
[undefined] Defines {daemon_flags}
for direct submissions.
confUSE_MSP UseMSP [undefined] Use as mail submission
program, see sendmail/SECURITY.
confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By
SMTP Service Extension (RFC 2852).
confREQUIRES_DIR_FSYNC RequiresDirfsync [true] RequiresDirfsync can
be used to turn off the compile time
flag REQUIRES_DIR_FSYNC at runtime.
See sendmail/README for details.
confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory.
confSHARED_MEMORY_KEY_FILE
SharedMemoryKeyFile
[undefined] File where the
automatically selected key for
shared memory is stored.
confFAST_SPLIT FastSplit [1] If set to a value greater than
zero, the initial MX lookups on
addresses is suppressed when they
are sorted which may result in
faster envelope splitting. If the
mail is submitted directly from the
command line, then the value also
limits the number of processes to
deliver the envelopes.
confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find
information about local mailboxes.
confDEQUOTE_OPTS - [empty] Additional options for the
dequote map.
confMAX_NOOP_COMMANDS MaxNOOPCommands [20] Maximum number of "useless"
commands before the SMTP server
will slow down responding.
confHELO_NAME HeloName If defined, use as name for EHLO/HELO
command (instead of $j).
confINPUT_MAIL_FILTERS InputMailFilters
A comma separated list of filters
which determines which filters and
the invocation sequence are
contacted for incoming SMTP
messages. If none are set, no
filters will be contacted.
confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter
actions, defaults to LogLevel.
confMILTER_MACROS_CONNECT Milter.macros.connect
[j, _, {daemon_name}, {if_name},
{if_addr}] Macros to transmit to
milters when a session connection
starts.
confMILTER_MACROS_HELO Milter.macros.helo
[{tls_version}, {cipher},
{cipher_bits}, {cert_subject},
{cert_issuer}] Macros to transmit to
milters after HELO/EHLO command.
confMILTER_MACROS_ENVFROM Milter.macros.envfrom
[i, {auth_type}, {auth_authen},
{auth_ssf}, {auth_author},
{mail_mailer}, {mail_host},
{mail_addr}] Macros to transmit to
milters after MAIL FROM command.
confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
[{rcpt_mailer}, {rcpt_host},
{rcpt_addr}] Macros to transmit to
milters after RCPT TO command.
confMILTER_MACROS_EOM Milter.macros.eom
[{msg_id}] Macros to transmit to
milters after the terminating
DATA '.' is received.
confMILTER_MACROS_EOH Milter.macros.eoh
Macros to transmit to milters
after the end of headers.
confMILTER_MACROS_DATA Milter.macros.data
Macros to transmit to milters
after DATA command is received.
See also the description of OSTYPE for some parameters that can be
tweaked (generally pathnames to mailers).
ClientPortOptions and DaemonPortOptions are special cases since multiple
clients/daemons can be defined. This can be done via
CLIENT_OPTIONS(`field1=value1,field2=value2,...')
DAEMON_OPTIONS(`field1=value1,field2=value2,...')
Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
ClientPortOptions settings) are allowed in order to give settings for each
protocol family (e.g., one for Family=inet and one for Family=inet6). A
restriction placed on one family only affects outgoing connections on that
particular family.
If DAEMON_OPTIONS is not used, then the default is
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
If you use one DAEMON_OPTIONS macro, it will alter the parameters
of the first of these. The second will still be defaulted; it
represents a "Message Submission Agent" (MSA) as defined by RFC
2476 (see below). To turn off the default definition for the MSA,
use FEATURE(`no_default_msa') (see also FEATURES). If you use
additional DAEMON_OPTIONS macros, they will add additional daemons.
Example 1: To change the port for the SMTP listener, while
still using the MSA default, use
DAEMON_OPTIONS(`Port=925, Name=MTA')
Example 2: To change the port for the MSA daemon, while still
using the default SMTP port, use
FEATURE(`no_default_msa')
DAEMON_OPTIONS(`Name=MTA')
DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
Note that if the first of those DAEMON_OPTIONS lines were omitted, then
there would be no listener on the standard SMTP port.
Example 3: To listen on both IPv4 and IPv6 interfaces, use
DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
A "Message Submission Agent" still uses all of the same rulesets for
processing the message (and therefore still allows message rejection via
the check_* rulesets). In accordance with the RFC, the MSA will ensure
that all domains in envelope addresses are fully qualified if the message
is relayed to another MTA. It will also enforce the normal address syntax
rules and log error messages. Additionally, by using the M=a modifier you
can require authentication before messages are accepted by the MSA.
Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally,
the M=E modifier shown above disables ETRN as required by RFC 2476.
Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
commands:
INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
same order they were specified by also setting confINPUT_MAIL_FILTERS. A
filter can be defined without adding it to the input filter list by using
MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
Alternatively, you can reset the list of filters and their order by setting
confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
your .mc file.
+----------------------------+
| MESSAGE SUBMISSION PROGRAM |
+----------------------------+
The purpose of the message submission program (MSP) is explained
in sendmail/SECURITY. This section contains a list of caveats and
a few hints how for those who want to tweak the default configuration
for it (which is installed as submit.cf).
Notice: do not add options/features to submit.mc unless you are
absolutely sure you need them. Options you may want to change
include:
- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
avoiding X-Authentication warnings.
- confTIME_ZONE to change it from the default `USE_TZ'.
- confDELIVERY_MODE is set to interactive in msp.m4 instead
of the default background mode.
- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
to the LOCAL_RELAY instead of the default relay.
- confRAND_FILE if you use STARTTLS and sendmail is not compiled with
the flag HASURANDOM.
The MSP performs hostname canonicalization by default. As also
explained in sendmail/SECURITY, mail may end up for various DNS
related reasons in the MSP queue. This problem can be minimized by
using
FEATURE(`nocanonify', `canonify_hosts')
define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
See the discussion about nocanonify for possible side effects.
Some things are not intended to work with the MSP. These include
features that influence the delivery process (e.g., mailertable,
aliases), or those that are only important for a SMTP server (e.g.,
virtusertable, DaemonPortOptions, multiple queues). Moreover,
relaxing certain restrictions (RestrictQueueRun, permissions on
queue directory) or adding features (e.g., enabling prog/file mailer)
can cause security problems.
Other things don't work well with the MSP and require tweaking or
workarounds. For example, to allow for client authentication it
is not just sufficient to provide a client certificate and the
corresponding key, but it is also necessary to make the key group
(smmsp) readable and tell sendmail not to complain about that, i.e.,
define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
If the MSP should actually use AUTH then the necessary data
should be placed in a map as explained in SMTP AUTHENTICATION:
FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
/etc/mail/msp-authinfo should contain an entry like:
AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"
The file and the map created by makemap should be owned by smmsp,
its group should be smmsp, and it should have mode 640. The database
used by the MTA for AUTH must have a corresponding entry.
Additionally the MTA must trust this authentication data so the AUTH=
part will be relayed on to the next hop. This can be achieved by
adding the following to your sendmail.mc file:
LOCAL_RULESETS
SLocal_trust_auth
R$* $: $&{auth_authen}
Rsmmsp $# OK
Note: the authentication data can leak to local users who invoke
the MSP with debug options or even with -v. For that reason either
an authentication mechanism that does not show the password in the
AUTH dialogue (e.g., DIGEST-MD5) or a different authentication
method like STARTTLS should be used.
feature/msp.m4 defines almost all settings for the MSP. Most of
those should not be changed at all. Some of the features and options
can be overridden if really necessary. It is a bit tricky to do
this, because it depends on the actual way the option is defined
in feature/msp.m4. If it is directly defined (i.e., define()) then
the modified value must be defined after
FEATURE(`msp')
If it is conditionally defined (i.e., ifdef()) then the desired
value must be defined before the FEATURE line in the .mc file.
To see how the options are defined read feature/msp.m4.
+--------------------------+
| FORMAT OF FILES AND MAPS |
+--------------------------+
Files that define classes, i.e., F{classname}, consist of lines
each of which contains a single element of the class. For example,
/etc/mail/local-host-names may have the following content:
my.domain
another.domain
Maps must be created using makemap(8) , e.g.,
makemap hash MAP < MAP
In general, a text file from which a map is created contains lines
of the form
key value
where 'key' and 'value' are also called LHS and RHS, respectively.
By default, the delimiter between LHS and RHS is a non-empty sequence
of white space characters.
+------------------+
| DIRECTORY LAYOUT |
+------------------+
Within this directory are several subdirectories, to wit:
m4 General support routines. These are typically
very important and should not be changed without
very careful consideration.
cf The configuration files themselves. They have
".mc" suffixes, and must be run through m4 to
become complete. The resulting output should
have a ".cf" suffix.
ostype Definitions describing a particular operating
system type. These should always be referenced
using the OSTYPE macro in the .mc file. Examples
include "bsd4.3", "bsd4.4", "sunos3.5", and
"sunos4.1".
domain Definitions describing a particular domain, referenced
using the DOMAIN macro in the .mc file. These are
site dependent; for example, "CS.Berkeley.EDU.m4"
describes hosts in the CS.Berkeley.EDU subdomain.
mailer Descriptions of mailers. These are referenced using
the MAILER macro in the .mc file.
sh Shell files used when building the .cf file from the
.mc file in the cf subdirectory.
feature These hold special orthogonal features that you might
want to include. They should be referenced using
the FEATURE macro.
hack Local hacks. These can be referenced using the HACK
macro. They shouldn't be of more than voyeuristic
interest outside the .Berkeley.EDU domain, but who knows?
siteconfig Site configuration -- e.g., tables of locally connected
UUCP sites.
+------------------------+
| ADMINISTRATIVE DETAILS |
+------------------------+
The following sections detail usage of certain internal parts of the
sendmail.cf file. Read them carefully if you are trying to modify
the current model. If you find the above descriptions adequate, these
should be {boring, confusing, tedious, ridiculous} (pick one or more).
RULESETS (* means built in to sendmail)
0 * Parsing
1 * Sender rewriting
2 * Recipient rewriting
3 * Canonicalization
4 * Post cleanup
5 * Local address rewrite (after aliasing)
1x mailer rules (sender qualification)
2x mailer rules (recipient qualification)
3x mailer rules (sender header qualification)
4x mailer rules (recipient header qualification)
5x mailer subroutines (general)
6x mailer subroutines (general)
7x mailer subroutines (general)
8x reserved
90 Mailertable host stripping
96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
98 Local part of ruleset 0 (ruleset 8 in old sendmail)
MAILERS
0 local, prog local and program mailers
1 [e]smtp, relay SMTP channel
2 uucp-* UNIX-to-UNIX Copy Program
3 netnews Network News delivery
4 fax Sam Leffler's HylaFAX software
5 mail11 DECnet mailer
MACROS
A
B Bitnet Relay
C DECnet Relay
D The local domain -- usually not needed
E reserved for X.400 Relay
F FAX Relay
G
H mail Hub (for mail clusters)
I
J
K
L Luser Relay
M Masquerade (who you claim to be)
N
O
P
Q
R Relay (for unqualified names)
S Smart Host
T
U my UUCP name (if you have a UUCP connection)
V UUCP Relay (class {V} hosts)
W UUCP Relay (class {W} hosts)
X UUCP Relay (class {X} hosts)
Y UUCP Relay (all other hosts)
Z Version number
CLASSES
A
B domains that are candidates for bestmx lookup
C
D
E addresses that should not seem to come from $M
F hosts this system forward for
G domains that should be looked up in genericstable
H
I
J
K
L addresses that should not be forwarded to $R
M domains that should be mapped to $M
N host/domains that should not be mapped to $M
O operators that indicate network operations (cannot be in local names)
P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
Q
R domains this system is willing to relay (pass anti-spam filters)
S
T
U locally connected UUCP hosts
V UUCP hosts connected to relay $V
W UUCP hosts connected to relay $W
X UUCP hosts connected to relay $X
Y locally connected smart UUCP hosts
Z locally connected domain-ized UUCP hosts
. the class containing only a dot
[ the class containing only a left bracket
M4 DIVERSIONS
1 Local host detection and resolution
2 Local Ruleset 3 additions
3 Local Ruleset 0 additions
4 UUCP Ruleset 0 additions
5 locally interpreted names (overrides $R)
6 local configuration (at top of file)
7 mailer definitions
- 8 DNS based blacklists
+ 8 DNS based blocklists
9 special local rulesets (1 and 2)
-$Revision: 8.730 $, Last updated $Date: 2014-01-16 15:55:51 $
diff --git a/cf/cf/Makefile b/cf/cf/Makefile
index efec478cb95a..bf6f031b2f11 100644
--- a/cf/cf/Makefile
+++ b/cf/cf/Makefile
@@ -1,214 +1,214 @@
#
# Makefile for configuration files.
#
# $Id: Makefile,v 8.60 2005-06-14 02:16:34 gshapiro Exp $
#
#
# Create configuration files using "m4 ../m4/cf.m4 file.mc > file.cf";
# this may be easier than tweaking the Makefile. You do need to
# have a fairly modern M4 available (GNU m4 works). On SunOS, use
# /usr/5bin/m4.
#
# name of source for sendmail.cf (without extension)
CF= sendmail
# name of source for submit.cf (without extension)
SUBMIT= submit
# directory for .cf files
MAILDIR=/etc/mail
M4= m4
CFDIR= ..
SED= sed
ECHO= echo
CHMOD= chmod
ROMODE= 444
RM= rm -f
# use our own install program; should be really confINSTALL
INSTALL=../../devtools/bin/install.sh
# CF file ownership/permissions
CFOWN=root
CFGRP=bin
CFMODE=0444
.SUFFIXES: .mc .cf
.mc.cf:
$(RM) $@
$(M4) ${CFDIR}/m4/cf.m4 $*.mc > $@ || ( $(RM) $@ && exit 1 )
$(ECHO) "### $*.mc ###" >>$@
$(SED) -e 's/^/# /' $*.mc >>$@
$(CHMOD) $(ROMODE) $@
GENERIC=generic-bsd4.4.cf generic-hpux9.cf generic-hpux10.cf \
generic-linux.cf generic-mpeix.cf generic-nextstep3.3.cf \
generic-osf1.cf generic-solaris.cf \
generic-sunos4.1.cf generic-ultrix4.cf
BERKELEY=cs-hpux9.cf cs-hpux10.cf cs-osf1.cf cs-solaris.cf \
cs-sunos4.1.cf cs-ultrix4.cf \
s2k-osf1.cf s2k-ultrix4.cf \
chez.cs.cf huginn.cs.cf mail.cs.cf mail.eecs.cf mailspool.cs.cf \
python.cs.cf ucbarpa.cf ucbvax.cf vangogh.cs.cf
OTHER= knecht.cf
ALL= submit.cf $(GENERIC) $(OTHER)
all: $(ALL)
berkeley: $(BERKELEY)
generic: $(GENERIC)
other: $(OTHER)
clean cleandir:
$(RM) $(ALL) core
install:
@echo "Before installing the .cf files please make sure you have read the"
@echo "instructions in the file ../../INSTALL. You should have prepared the"
@echo "files \"submit.mc\" (supplied) and \"sendmail.mc\". Then you can use"
@echo ""
@echo " make install-cf"
@echo ""
@echo "If you use a different name than \"sendmail\" for your main .mc file"
@echo "then you should use"
@echo ""
@echo " make install-cf CF=config"
@echo ""
@echo "where \"config\" is the name of your main .mc file."
install-cf: install-sendmail-cf install-submit-cf
install-sendmail-cf: $(CF).cf
$(INSTALL) -c -o $(CFOWN) -g $(CFGRP) -m $(CFMODE) $(CF).cf ${DESTDIR}$(MAILDIR)/sendmail.cf
install-submit-cf: $(SUBMIT).cf
$(INSTALL) -c -o $(CFOWN) -g $(CFGRP) -m $(CFMODE) $(SUBMIT).cf ${DESTDIR}$(MAILDIR)/submit.cf
depend:
# this is overkill, but....
M4FILES=\
${CFDIR}/domain/Berkeley.EDU.m4 \
${CFDIR}/domain/CS.Berkeley.EDU.m4 \
${CFDIR}/domain/EECS.Berkeley.EDU.m4 \
${CFDIR}/domain/S2K.Berkeley.EDU.m4 \
${CFDIR}/domain/berkeley-only.m4 \
${CFDIR}/domain/generic.m4 \
${CFDIR}/feature/accept_unqualified_senders.m4 \
${CFDIR}/feature/accept_unresolvable_domains.m4 \
${CFDIR}/feature/access_db.m4 \
${CFDIR}/feature/allmasquerade.m4 \
${CFDIR}/feature/always_add_domain.m4 \
${CFDIR}/feature/bcc.m4 \
${CFDIR}/feature/bestmx_is_local.m4 \
${CFDIR}/feature/bitdomain.m4 \
- ${CFDIR}/feature/blacklist_recipients.m4 \
+ ${CFDIR}/feature/blocklist_recipients.m4 \
${CFDIR}/feature/conncontrol.m4 \
${CFDIR}/feature/dnsbl.m4 \
${CFDIR}/feature/domaintable.m4 \
${CFDIR}/feature/generics_entire_domain.m4 \
${CFDIR}/feature/genericstable.m4 \
${CFDIR}/feature/ldap_routing.m4 \
${CFDIR}/feature/limited_masquerade.m4 \
${CFDIR}/feature/local_lmtp.m4 \
${CFDIR}/feature/local_procmail.m4 \
${CFDIR}/feature/loose_relay_check.m4 \
${CFDIR}/feature/mailertable.m4 \
${CFDIR}/feature/masquerade_entire_domain.m4 \
${CFDIR}/feature/masquerade_envelope.m4 \
${CFDIR}/feature/no_default_msa.m4 \
${CFDIR}/feature/nocanonify.m4 \
${CFDIR}/feature/nopercenthack.m4 \
${CFDIR}/feature/notsticky.m4 \
${CFDIR}/feature/nouucp.m4 \
${CFDIR}/feature/nullclient.m4 \
${CFDIR}/feature/prefixmod.m4 \
${CFDIR}/feature/promiscuous_relay.m4 \
${CFDIR}/feature/redirect.m4 \
${CFDIR}/feature/ratecontrol.m4 \
${CFDIR}/feature/relay_based_on_MX.m4 \
${CFDIR}/feature/relay_entire_domain.m4 \
${CFDIR}/feature/relay_hosts_only.m4 \
${CFDIR}/feature/relay_local_from.m4 \
${CFDIR}/feature/relay_mail_from.m4 \
${CFDIR}/feature/smrsh.m4 \
${CFDIR}/feature/stickyhost.m4 \
${CFDIR}/feature/tls_session_features.m4 \
${CFDIR}/feature/use_ct_file.m4 \
${CFDIR}/feature/use_cw_file.m4 \
${CFDIR}/feature/uucpdomain.m4 \
${CFDIR}/feature/virtuser_entire_domain.m4 \
${CFDIR}/feature/virtusertable.m4 \
${CFDIR}/hack/cssubdomain.m4 \
${CFDIR}/hack/xconnect.m4 \
${CFDIR}/m4/cf.m4 \
${CFDIR}/m4/cfhead.m4 \
${CFDIR}/m4/proto.m4 \
${CFDIR}/m4/version.m4 \
${CFDIR}/mailer/cyrus.m4 \
${CFDIR}/mailer/fax.m4 \
${CFDIR}/mailer/local.m4 \
${CFDIR}/mailer/mail11.m4 \
${CFDIR}/mailer/phquery.m4 \
${CFDIR}/mailer/pop.m4 \
${CFDIR}/mailer/procmail.m4 \
${CFDIR}/mailer/qpage.m4 \
${CFDIR}/mailer/smtp.m4 \
${CFDIR}/mailer/usenet.m4 \
${CFDIR}/mailer/uucp.m4 \
${CFDIR}/ostype/aix3.m4 \
${CFDIR}/ostype/aix4.m4 \
${CFDIR}/ostype/altos.m4 \
${CFDIR}/ostype/amdahl-uts.m4 \
${CFDIR}/ostype/a-ux.m4 \
${CFDIR}/ostype/bsd4.3.m4 \
${CFDIR}/ostype/bsd4.4.m4 \
${CFDIR}/ostype/bsdi.m4 \
${CFDIR}/ostype/bsdi1.0.m4 \
${CFDIR}/ostype/bsdi2.0.m4 \
${CFDIR}/ostype/dgux.m4 \
${CFDIR}/ostype/domainos.m4 \
${CFDIR}/ostype/dragonfly.m4 \
${CFDIR}/ostype/dynix3.2.m4 \
${CFDIR}/ostype/freebsd4.m4 \
${CFDIR}/ostype/freebsd5.m4 \
${CFDIR}/ostype/freebsd6.m4 \
${CFDIR}/ostype/gnu.m4 \
${CFDIR}/ostype/hpux10.m4 \
${CFDIR}/ostype/hpux11.m4 \
${CFDIR}/ostype/hpux9.m4 \
${CFDIR}/ostype/irix4.m4 \
${CFDIR}/ostype/irix5.m4 \
${CFDIR}/ostype/irix6.m4 \
${CFDIR}/ostype/isc4.1.m4 \
${CFDIR}/ostype/linux.m4 \
${CFDIR}/ostype/maxion.m4 \
${CFDIR}/ostype/mklinux.m4 \
${CFDIR}/ostype/mpeix.m4 \
${CFDIR}/ostype/nextstep.m4 \
${CFDIR}/ostype/openbsd.m4 \
${CFDIR}/ostype/osf1.m4 \
${CFDIR}/ostype/powerux.m4 \
${CFDIR}/ostype/ptx2.m4 \
${CFDIR}/ostype/qnx.m4 \
${CFDIR}/ostype/riscos4.5.m4 \
${CFDIR}/ostype/sco-uw-2.1.m4 \
${CFDIR}/ostype/sco3.2.m4 \
${CFDIR}/ostype/sinix.m4 \
${CFDIR}/ostype/solaris2.m4 \
${CFDIR}/ostype/solaris2.ml.m4 \
${CFDIR}/ostype/solaris2.pre5.m4 \
${CFDIR}/ostype/solaris8.m4 \
${CFDIR}/ostype/sunos3.5.m4 \
${CFDIR}/ostype/sunos4.1.m4 \
${CFDIR}/ostype/svr4.m4 \
${CFDIR}/ostype/ultrix4.m4 \
${CFDIR}/ostype/unixware7.m4 \
${CFDIR}/ostype/unknown.m4 \
${CFDIR}/ostype/uxpds.m4
$(ALL): $(M4FILES)
$(BERKELEY): $(M4FILES)
$(GENERIC): $(M4FILES)
$(OTHER): $(M4FILES)
diff --git a/cf/cf/generic-bsd4.4.cf b/cf/cf/generic-bsd4.4.cf
index ef642a4aa7b8..c1c9ce64751d 100644
--- a/cf/cf/generic-bsd4.4.cf
+++ b/cf/cf/generic-bsd4.4.cf
@@ -1,1496 +1,1508 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:56 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-bsd4.4.mc,v 8.11 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: bsd4.4.m4,v 8.15 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
O StatusFile=/var/log/sendmail.st
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qPrmn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail -d $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-bsd4.4.mc ###
# divert(-1)
# #
# # Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# # Copyright (c) 1988, 1993
# # The Regents of the University of California. All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for 4.4 BSD-based systems,
# # including 4.4-Lite, BSDi, NetBSD, and FreeBSD.
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-bsd4.4.mc,v 8.11 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(bsd4.4)dnl
# DOMAIN(generic)dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/generic-hpux10.cf b/cf/cf/generic-hpux10.cf
index 827e77d0411d..7442b076a85a 100644
--- a/cf/cf/generic-hpux10.cf
+++ b/cf/cf/generic-hpux10.cf
@@ -1,1496 +1,1508 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:56 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-hpux10.mc,v 8.14 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: hpux10.m4,v 8.20 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
#O StatusFile
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/usr/bin/rmail, F=lsDFMAw5:/|@qm9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=rmail -d $u
Mprog, P=/usr/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-hpux10.mc ###
# divert(-1)
# #
# # Copyright (c) 1998, 1999, 2001 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# # Copyright (c) 1988, 1993
# # The Regents of the University of California. All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for HP-UX 10.x.
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-hpux10.mc,v 8.14 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(hpux10)dnl
# DOMAIN(generic)dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/generic-hpux9.cf b/cf/cf/generic-hpux9.cf
index dbd7fe595eee..2f39b3d8f5c4 100644
--- a/cf/cf/generic-hpux9.cf
+++ b/cf/cf/generic-hpux9.cf
@@ -1,1496 +1,1508 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:56 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-hpux9.mc,v 8.12 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: hpux9.m4,v 8.25 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/usr/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
#O StatusFile
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/bin/rmail, F=lsDFMAw5:/|@qm9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=rmail -d $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-hpux9.mc ###
# divert(-1)
# #
# # Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# # Copyright (c) 1988, 1993
# # The Regents of the University of California. All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for HP-UX 9.x.
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-hpux9.mc,v 8.12 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(hpux9)dnl
# DOMAIN(generic)dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/generic-linux.cf b/cf/cf/generic-linux.cf
index 1eff0fa117f0..17bf46e49866 100644
--- a/cf/cf/generic-linux.cf
+++ b/cf/cf/generic-linux.cf
@@ -1,1500 +1,1512 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:56 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-linux.mc,v 8.2 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: linux.m4,v 8.14 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: local_procmail.m4,v 8.23 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
#O StatusFile
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=procmail -Y -a $h -d $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-linux.mc ###
# divert(-1)
# #
# # Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# # Copyright (c) 1988, 1993
# # The Regents of the University of California. All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for Linux.
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-linux.mc,v 8.2 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(linux)dnl
# DOMAIN(generic)dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/generic-mpeix.cf b/cf/cf/generic-mpeix.cf
index 149826d56ef8..f0520de5d0ef 100644
--- a/cf/cf/generic-mpeix.cf
+++ b/cf/cf/generic-mpeix.cf
@@ -1,1494 +1,1506 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:56 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-mpeix.mc,v 8.2 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: mpeix.m4,v 1.2 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
O DontBlameSendmail=ForwardFileInGroupWritableDirPath
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
#O StatusFile
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
O TimeZoneSpec=
# default UID (can be username or userid:groupid)
O DefaultUser=SERVER.SENDMAIL
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
O TrustedUser=SERVER.SENDMAIL
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/bin/tsmail, F=lsDFMAw5:/|@qmu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=tsmail $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-mpeix.mc ###
# divert(-1)
# #
# # Copyright (c) 2001 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for HP MPE/iX.
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-mpeix.mc,v 8.2 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(mpeix)dnl
# DOMAIN(generic)dnl
# define(`confFORWARD_PATH', `$z/.forward')dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/generic-nextstep3.3.cf b/cf/cf/generic-nextstep3.3.cf
index c997dc8f3f4f..b51bbf80487a 100644
--- a/cf/cf/generic-nextstep3.3.cf
+++ b/cf/cf/generic-nextstep3.3.cf
@@ -1,1495 +1,1507 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:56 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-nextstep3.3.mc,v 8.11 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: nextstep.m4,v 8.22 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/usr/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
#O StatusFile
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/bin/mail, F=lsDFMAw5:/|@qPrmn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail -d $u
Mprog, P=/bin/sh, F=lsDFMoqeuP, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-nextstep3.3.mc ###
# divert(-1)
# #
# # Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# # Copyright (c) 1988, 1993
# # The Regents of the University of California. All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for NEXTSTEP 3.3 systems.
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-nextstep3.3.mc,v 8.11 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(nextstep)dnl
# DOMAIN(generic)dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/generic-osf1.cf b/cf/cf/generic-osf1.cf
index 103a3616bb2f..2c9c7a5911e3 100644
--- a/cf/cf/generic-osf1.cf
+++ b/cf/cf/generic-osf1.cf
@@ -1,1496 +1,1508 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:57 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-osf1.mc,v 8.12 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: osf1.m4,v 8.17 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
O StatusFile=/usr/adm/sendmail/sendmail.st
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=
# default UID (can be username or userid:groupid)
O DefaultUser=daemon
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/bin/mail, F=lsDFMAw5:/|@qPrmn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail -d $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-osf1.mc ###
# divert(-1)
# #
# # Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# # Copyright (c) 1988, 1993
# # The Regents of the University of California. All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for OSF/1.
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-osf1.mc,v 8.12 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(osf1)dnl
# DOMAIN(generic)dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/generic-solaris.cf b/cf/cf/generic-solaris.cf
index 538d84f63491..0c4c232ecbbe 100644
--- a/cf/cf/generic-solaris.cf
+++ b/cf/cf/generic-solaris.cf
@@ -1,1497 +1,1509 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:57 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-solaris.mc,v 8.14 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: solaris2.m4,v 8.23 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
#O StatusFile
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/usr/lib/mail.local, F=lsDFMAw5:/|@qfSmn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail.local -d $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-solaris.mc ###
# divert(-1)
# #
# # Copyright (c) 1998, 1999, 2001 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# # Copyright (c) 1988, 1993
# # The Regents of the University of California. All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for SunOS 5.x (a.k.a. Solaris 2.x
# # and Solaris 7 through the present version).
# #
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-solaris.mc,v 8.14 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(solaris2)dnl
# DOMAIN(generic)dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/generic-sunos4.1.cf b/cf/cf/generic-sunos4.1.cf
index 3d1482cfe16e..98a6084d6a75 100644
--- a/cf/cf/generic-sunos4.1.cf
+++ b/cf/cf/generic-sunos4.1.cf
@@ -1,1496 +1,1508 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:57 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-sunos4.1.mc,v 8.12 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: sunos4.1.m4,v 8.11 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
#O StatusFile
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/bin/mail, F=lsDFMAw5:/|@qPrmn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail -d $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-sunos4.1.mc ###
# divert(-1)
# #
# # Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# # Copyright (c) 1988, 1993
# # The Regents of the University of California. All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for SunOS 4.1.x.
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-sunos4.1.mc,v 8.12 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(sunos4.1)dnl
# DOMAIN(generic)dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/generic-ultrix4.cf b/cf/cf/generic-ultrix4.cf
index 84c74b8e84ba..0e3a8e89c216 100644
--- a/cf/cf/generic-ultrix4.cf
+++ b/cf/cf/generic-ultrix4.cf
@@ -1,1496 +1,1508 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:57 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: generic-ultrix4.mc,v 8.12 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: ultrix4.m4,v 8.12 2013-11-22 20:51:15 ca Exp $ #####
##### $Id: generic.m4,v 8.16 2013-11-22 20:51:10 ca Exp $ #####
##### $Id: redirect.m4,v 8.16 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: use_cw_file.m4,v 8.12 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{E}root
# my name for error messages
DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
-DZ8.15.2
+DZ8.16.1
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=background
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
#O QueueFileMode=0600
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
#O UseMSP
# privacy flags
O PrivacyOptions=authwarnings
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/mqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
#O StatusFile
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups=False
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
#O TrustedUser=root
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
#O PidFile=/var/run/sendmail.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
# addresses sent to foo@host.REDIRECT will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=/bin/mail, F=lsDFMAw5:/|@qPrmn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail -d $u
Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=sh -c $u
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### generic-ultrix4.mc ###
# divert(-1)
# #
# # Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# # Copyright (c) 1988, 1993
# # The Regents of the University of California. All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is a generic configuration file for Ultrix 4.x.
# # It has support for local and SMTP mail only. If you want to
# # customize it, copy it to a name appropriate for your environment
# # and do the modifications there.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: generic-ultrix4.mc,v 8.12 2013-11-22 20:51:08 ca Exp $')
# OSTYPE(ultrix4)dnl
# DOMAIN(generic)dnl
# MAILER(local)dnl
# MAILER(smtp)dnl
diff --git a/cf/cf/knecht.mc b/cf/cf/knecht.mc
index 720389189eb4..2b79eb227927 100644
--- a/cf/cf/knecht.mc
+++ b/cf/cf/knecht.mc
@@ -1,275 +1,275 @@
divert(-1)
#
# Copyright (c) 1998-2001, 2004, 2005 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
#
# This is specific to Eric's home machine.
#
# Run daemon with -bd -q5m
#
divert(0)
VERSIONID(`$Id: knecht.mc,v 8.63 2013-11-22 20:51:08 ca Exp $')
OSTYPE(bsd4.4)
DOMAIN(generic)
define(`ALIAS_FILE', ``/etc/mail/aliases, /etc/mail/lists/sendmail.org/aliases, /var/listmanager/aliases'')
define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')
define(`confDEF_USER_ID', `mailnull')
define(`confHOST_STATUS_DIRECTORY', `.hoststat')
define(`confTO_ICONNECT', `10s')
define(`confTO_QUEUEWARN', `8h')
define(`confMIN_QUEUE_AGE', `27m')
define(`confTRUSTED_USER', `smtrust')
define(`confTRUSTED_USERS', ``www listmgr'')
define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/CAcert.pem')
define(`confSERVER_CERT', `CERT_DIR/MYcert.pem')
define(`confSERVER_KEY', `CERT_DIR/MYkey.pem')
define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')
define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')
define(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver')
define(`CYRUS_MAILER_FLAGS', `fAh5@/:|')
FEATURE(`access_db')
-FEATURE(`blacklist_recipients')
+FEATURE(`blocklist_recipients')
FEATURE(`local_lmtp')
FEATURE(`virtusertable')
FEATURE(`mailertable')
FEATURE(`nocanonify', `canonify_hosts')
CANONIFY_DOMAIN(`sendmail.org')
CANONIFY_DOMAIN_FILE(`/etc/mail/canonify-domains')
dnl # at most 10 queue runners
define(`confMAX_QUEUE_CHILDREN', `20')
define(`confMAX_RUNNERS_PER_QUEUE', `5')
dnl # run at most 10 concurrent processes for initial submission
define(`confFAST_SPLIT', `10')
dnl # 10 runners, split into at most 15 recipients per envelope
QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f')
dnl # enable spam assassin
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
dnl # enable DomainKeys and DKIM
INPUT_MAIL_FILTER(`dkim-filter', `S=unix:/var/run/smtrust/dkim.sock, F=T, T=R:2m')
dnl INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/run/smtrust/dk.sock, F=T, T=R:2m')
define(`confMILTER_MACROS_CONNECT', `j, {daemon_name}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_type}')
dnl # enable some DNSBLs
dnl FEATURE(`dnsbl', `dnsbl.sorbs.net', `"550 Mail from " $`'&{client_addr} " refused - see http://www.dnsbl.sorbs.net/"')
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"')
FEATURE(`dnsbl', `list.dsbl.org', `"550 Mail from " $`'&{client_addr} " refused - see http://dsbl.org/"')
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
MAILER(`local')
MAILER(`smtp')
MAILER(`cyrus')
LOCAL_RULE_0
Rcyrus.$+ + $+ < @ $=w . > $#cyrus $@ $2 $: $1
Rcyrus.$+ < @ $=w . > $#cyrus $: $1
LOCAL_CONFIG
#
# Regular expression to reject:
# * numeric-only localparts from aol.com and msn.com
# * localparts starting with a digit from juno.com
#
Kcheckaddress regex -a@MATCH
^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?>
######################################################################
#
# Names that won't be allowed in a To: line (local-part and domains)
#
C{RejectToLocalparts} friend you
C{RejectToDomains} public.com
LOCAL_RULESETS
HTo: $>CheckTo
SCheckTo
R$={RejectToLocalparts}@$* $#error $: "553 Header error"
R$*@$={RejectToDomains} $#error $: "553 Header error"
######################################################################
HMessage-Id: $>CheckMessageId
SCheckMessageId
# Record the presence of the header
R$* $: $(storage {MessageIdCheck} $@ OK $) $1
# validate syntax
R< $+ @ $+ > $@ OK
R$* $#error $: "554 Header error"
######################################################################
HReceived: $>CheckReceived
SCheckReceived
# Record the presence of any Received header
R$* $: $(storage {ReceivedCheck} $@ OK $) $1
# check syntax
R$* ......................................................... $*
$#error $: "554 Header error"
######################################################################
#
# Reject advertising subjects
#
Kadvsubj regex -b -a@MATCH ±?°í
HSubject: $>+CheckSubject
SCheckSubject
R$* $: $(advsubj $&{currHeader} $: OK $)
ROK $@ OK
R$* $#error $@ 5.7.0 $: 550 5.7.0 spam rejected.
######################################################################
#
# Reject certain senders
# Regex match to catch things in quotes
#
HFrom: $>+CheckFrom
KCheckFrom regex -a@MATCH
[^a-z]?(Net-Pa)[^a-z]
SCheckFrom
R$* $: $( CheckFrom $1 $)
R@MATCH $#error $: "553 Header error"
LOCAL_RULESETS
SLocal_check_mail
# check address against various regex checks
R$* $: $>Parse0 $>3 $1
R$+ $: $(checkaddress $1 $)
R@MATCH $#error $: "553 Header error"
#
# Following code from Anthony Howe <achowe@snert.com>. The check
# for the Outlook Express marker may hit some legal messages, but
# the Content-Disposition is clearly illegal.
#
#########################################################################
#
# w32.sircam.worm@mm
#
# There are serveral patterns that appear common ONLY to SirCam worm and
# not to Outlook Express, which claims to have sent the worm. There are
# four headers that always appear together and in this order:
#
# X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
# X-Mailer: Microsoft Outlook Express 5.50.4133.2400
# Content-Type: multipart/mixed; boundary="----27AA9124_Outlook_Express_message_boundary"
# Content-Disposition: Multipart message
#
# Empirical study of the worm message headers vs. true Outlook Express
# (5.50.4133.2400 & 5.50.4522.1200) messages with multipart/mixed attachments
# shows Outlook Express does:
#
# a) NOT supply a Content-Disposition header for multipart/mixed messages.
# b) NOT specify the header X-MimeOLE header name in all-caps
# c) NOT specify boundary tag with the expression "_Outlook_Express_message_boundary"
#
# The solution below catches any one of this three issues. This is not an ideal
# solution, but a temporary measure. A correct solution would be to check for
# the presence of ALL three header attributes. Also the solution is incomplete
# since Outlook Express 5.0 and 4.0 were not compared.
#
# NOTE regex keys are first dequoted and spaces removed before matching.
# This caused me no end of grief.
#
#########################################################################
LOCAL_RULESETS
KSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary
HContent-Type: $>CheckContentType
######################################################################
SCheckContentType
R$+ $: $(SirCamWormMarker $1 $)
RSUSPECT $#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html"
HContent-Disposition: $>CheckContentDisposition
######################################################################
SCheckContentDisposition
R$- $@ OK
R$- ; $+ $@ OK
R$* $#error $: "553 Illegal Content-Disposition"
#
# Sobig.F
#
LOCAL_CONFIG
Kstorage macro
LOCAL_RULESETS
######################################################################
-### check for the existance of the X-MailScanner Header
+### check for the existence of the X-MailScanner Header
HX-MailScanner: $>+CheckXMSc
D{SobigFPat}Found to be clean
D{SobigFMsg}This message may contain the Sobig.F virus.
SCheckXMSc
### if it exists, and the defined value is set, record the presence
R${SobigFPat} $* $: $(storage {SobigFCheck} $@ SobigF $) $1
R$* $@ OK
######################################################################
Scheck_eoh
# Check if a Message-Id was found
R$* $: < $&{MessageIdCheck} >
# If Message-Id was found clear the X-MailScanner store and return with OK
R< $+ > $@ OK $>ClearStorage
# Are we the first Hop?
R$* $: < $&{ReceivedCheck} >
R< $+ > $@ OK $>ClearStorage
# no Message-Id->check X-Mailscanner presence, too
R$* $: < $&{SobigFCheck} >
# clear store
R$* $: $>ClearStorage $1
# no msgid, first hop and Header found? -> reject the message
R < SobigF > $#error $: 553 ${SobigFMsg}
# No Header! Fine, take the message
R$* $@ OK
######################################################################
SClearStorage
R$* $: $(storage {SobigFCheck} $) $1
R$* $: $(storage {ReceivedCheck} $) $1
R$* $: $(storage {MessageIdCheck} $) $1
R$* $@ $1
diff --git a/cf/cf/submit.cf b/cf/cf/submit.cf
index 6295d32db006..63d7cb720eb7 100644
--- a/cf/cf/submit.cf
+++ b/cf/cf/submit.cf
@@ -1,1495 +1,1507 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
-##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
+##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:57 PDT 2020
+##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
##### $Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: cf.m4,v 8.33 2013-11-22 20:51:13 ca Exp $ #####
##### $Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $ #####
##### $Id: msp.m4,v 1.34 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: no_default_msa.m4,v 8.3 2013-11-22 20:51:11 ca Exp $ #####
##### $Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $ #####
# level 10 config file format
V10/Berkeley
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
#O DontBlameSendmail=safe
# default LDAP map specification
# need to set this now before any LDAP maps are defined
#O LDAPDefaultSpec=-h localhost
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m
Cwlocalhost
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
# host/domain names ending with a token in class P are canonical
CP.
# "Smart" relay host (may be null)
DS
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
# arithmetic map
Karith arith
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
# my name for error messages
DnMAILER-DAEMON
D{MTAHost}[127.0.0.1]
# Configuration version number
-DZ8.15.2/Submit
+DZ8.16.1/Submit
###############
# Options #
###############
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
#O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
#O AliasFile=/etc/mail/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=0
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=False
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# default delivery mode
O DeliveryMode=i
# error message header/file
#O ErrorHeader=/etc/mail/error-header
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine=False
# queue file mode (qf files)
O QueueFileMode=0660
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS=False
# maximum hop count
#O MaxHopCount=25
# location of help file
O HelpFile=/etc/mail/helpfile
# ignore dots as terminators in incoming messages?
#O IgnoreDots=False
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery=False
# use Errors-To: header?
O UseErrorsTo=False
# use compressed IPv6 address format?
#O UseCompressedIPv6Addresses
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo=True
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E
# SMTP client options
#O ClientPortOptions=Family=inet, Address=0.0.0.0
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
# Use as mail submission program? See sendmail/SECURITY
O UseMSP=True
# privacy flags
O PrivacyOptions=goaway,noetrn,restrictqrun
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# limit on number of concurrent queue runners
#O MaxQueueChildren
# maximum number of queue-runners per queue-grouping with multiple queues
#O MaxRunnersPerQueue=1
# priority of queue runners (nice(3))
#O NiceQueueRun
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
# perform initial split of envelope without checking MX records
#O FastSplit=1
# queue directory
O QueueDirectory=/var/spool/clientmqueue
# key for shared memory; 0 to turn off, -1 to auto-select
#O SharedMemoryKey=0
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
#O SharedMemoryKeyFile
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.aconnect=0s
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
#O Timeout.ident=5s
#O Timeout.fileopen=60s
#O Timeout.control=2m
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
#O Timeout.queuereturn.dsn=5d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.queuewarn.dsn=4h
#O Timeout.hoststatus=30m
#O Timeout.resolver.retrans=5s
#O Timeout.resolver.retrans.first=5s
#O Timeout.resolver.retrans.normal=5s
#O Timeout.resolver.retry=4
#O Timeout.resolver.retry.first=4
#O Timeout.resolver.retry.normal=4
#O Timeout.lhlo=2m
#O Timeout.auth=10m
#O Timeout.starttls=1h
# time for DeliverBy; extension disabled if less than 0
#O DeliverByMin=0
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes=False
# queue up everything before forking?
O SuperSafe=True
# status file
O StatusFile=/var/spool/clientmqueue/sm-client.st
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
O TimeZoneSpec=
# default UID (can be username or userid:groupid)
#O DefaultUser=mailnull
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/mail/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# fallback smart host
#O FallbackSmartHost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList=False
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# log interval when refusing connections for this long
#O RejectLogInterval=3h
# load average at which we delay connections; 0 means no limit
#O DelayLA=0
# maximum number of children we allow at one time
#O MaxDaemonChildren=0
# maximum number of new connections per second
#O ConnectionRateThrottle=0
# Width of the window
#O ConnectionRateWindowSize=60s
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob=False
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# default character set
#O DefaultCharSet=unknown-8bit
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=0s
# action to take if there are no recipients in the message
#O NoRecipientAction=none
# chrooted environment for writing to files
#O SafeFileEnvironment
# are colons OK in addresses?
#O ColonOkInAddr=True
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames=False
# SMTP initial login message (old $e macro)
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# From: lines that have embedded newlines are unwrapped onto one line
#O SingleLineFromHeader=False
# Allow HELO SMTP command that does not include a host name
#O AllowBogusHELO=False
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
#O MustQuoteChars=.
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
O DontInitGroups=True
# are group-writable :include: and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
#O UnsafeGroupWrites=True
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=postmaster
# issue temporary errors (4xy) instead of permanent errors (5xy)?
#O SoftBounce=False
# where to save bounces if all else fails
#O DeadLetterDrop=/var/tmp/dead.letter
# what user id do we assume for the majority of the processing?
O RunAsUser=smmsp
# maximum number of recipients per SMTP envelope
#O MaxRecipientsPerMessage=0
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
# shall we get local names from our installed interfaces?
O DontProbeInterfaces=True
# Return-Receipt-To: header implies DSN request
#O RrtImpliesDsn=False
# override connection address (for testing)
#O ConnectOnlyTo=0.0.0.0
# Trusted user for file ownership and starting the daemon
O TrustedUser=smmsp
# Control socket for daemon management
#O ControlSocketName=/var/spool/mqueue/.control
# Maximum MIME header length to protect MUAs
#O MaxMimeHeaderLength=0/0
# Maximum length of the sum of all headers
#O MaxHeadersLength=32768
# Maximum depth of alias recursion
#O MaxAliasRecursion=10
# location of pid file
O PidFile=/var/spool/clientmqueue/sm-client.pid
# Prefix string for the process title shown on 'ps' listings
#O ProcessTitlePrefix=prefix
# Data file (df) memory-buffer file maximum size
#O DataFileBufferSize=4096
# Transcript file (xf) memory-buffer file maximum size
#O XscriptFileBufferSize=4096
# lookup type to find information about local mailboxes
#O MailboxDatabase=pw
# override compile time flag REQUIRES_DIR_FSYNC
#O RequiresDirfsync=true
# list of authentication mechanisms
#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
+# SSL Engine
+#O SSLEngine
+# Path to dynamic library for SSLEngine
+#O SSLEnginePath
+# TLS: fall back to clear text after handshake failure?
+#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
# CA directory
#O CACertPath
# CA file
#O CACertFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
+# Directory containing hashes pointing to certificate revocation status files
+#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
+# enable DANE?
+#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:include: $* <@> $: :include: $1 unmark :include:...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
R@ [ $* ] : $+ $2
R@ $+ : $+ $2
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
# convert node::user addresses into a domain-based address
R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names
R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr
# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
# if really UUCP, handle it immediately
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
# put DECnet back in :: form
R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
R$* $: <> $1
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
# handle numeric address spec
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
# short circuit local delivery so forwarded email works
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
# resolve remotely connected UUCP links (if any)
# resolve fake top level domains by forwarding to other hosts
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
# handle locally delivered names
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
# deal with plussed users so aliases work nicely
R$+ + * $#local $@ $&h $: $1
R$+ + $* $#local $@ + $2 $: $1 + *
# prepend an empty "forward host" on the front
R$+ $: <> $1
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
R< > $+ $#local $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
R< $+ > $* $#local $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
R$* < @ *LOCAL* > $@ $1 < @ $j . >
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
R$* $: <?> $>CanonAddr $1
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
R<?> $* $@ $1
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
SLocal_check_relay
Scheck_relay
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
SLocal_check_mail
Scheck_mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1
R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
...remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
R$* $| @ $#TEMP $+ $: $1 $| T $2
R$* $| @ $#$* $#$2
R$* $| @ RELAY $@ RELAY
R$* $| @ $* $: O $| $>"Relay_ok" $1
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
R$* $| $#TEMP $+ $#error $2
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
######################################################################
### Rcpt_ok: is the recipient ok?
######################################################################
SRcpt_ok
R$* $: $>ParseRecipient $1 strip relayable hosts
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
R$* $| $# $* $# $2
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
R$* $| $: $1
R$* $| $={TrustAuthMech} $# RELAY
R$* $| $* $: $1
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
R<?> $+ $@ RELAY
R<$+> $* $: $2
######################################################################
### Relay_ok: is the relay/sender ok?
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
# check client name: first: did it resolve?
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
R$* $: <@> $&{client_name}
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
R$* $| $* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
Stls_server
+
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
### ${verify}
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
######################################################################
Sauthinfo
SLocal_localaddr
R$+ $: $>ParseRecipient $1
R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3
# DECnet
R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2
R$* $#relay $@ ${MTAHost} $: $1 < @ $j >
#
######################################################################
######################################################################
#####
##### MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################
#
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
##################################################
### Local and Program Mailer specification ###
##################################################
##### $Id: local.m4,v 8.60 2013-11-22 20:51:14 ca Exp $ #####
#
# Envelope sender rewriting
#
SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqEnv $1 do masquerading
#
# Envelope recipient rewriting
#
SEnvToL
R$+ < @ $* > $: $1 strip host part
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
R< $* > $+ $: $2 else remove mark
#
# Header sender rewriting
#
SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
R$* $: $>MasqHdr $1 do masquerading
#
# Header recipient rewriting
#
SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
Mlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/SMTP,
A=TCP $h
Mprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
T=X-Unix/X-Unix/X-Unix,
A=TCP $h
#####################################
### SMTP Mailer specification ###
#####################################
##### $Id: smtp.m4,v 8.66 2013-11-22 20:51:14 ca Exp $ #####
#
# common sender and masquerading recipient rewriting
#
SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
#
# envelope sender rewriting
#
SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqEnv $1 do masquerading
#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>MasqSMTP $1 qualify unqual'ed names
R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=mDFMuXk5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mesmtp, P=[IPC], F=mDFMuXak5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Msmtp8, P=[IPC], F=mDFMuX8k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mdsmtp, P=[IPC], F=mDFMuXa%k5, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
T=DNS/RFC822/SMTP,
A=TCP $h
Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
T=DNS/RFC822/SMTP,
A=TCP $h
### submit.mc ###
# divert(-1)
# #
# # Copyright (c) 2001-2003, 2014 Proofpoint, Inc. and its suppliers.
# # All rights reserved.
# #
# # By using this file, you agree to the terms and conditions set
# # forth in the LICENSE file which can be found at the top level of
# # the sendmail distribution.
# #
# #
#
# #
# # This is the prototype file for a set-group-ID sm-msp sendmail that
# # acts as a initial mail submission program.
# #
#
# divert(0)dnl
# VERSIONID(`$Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $')
# define(`confCF_VERSION', `Submit')dnl
# define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
# define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
# define(`confTIME_ZONE', `USE_TZ')dnl
# define(`confDONT_INIT_GROUPS', `True')dnl
# dnl
# dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1]
# FEATURE(`msp', `[127.0.0.1]')dnl
diff --git a/cf/feature/bcc.m4 b/cf/feature/bcc.m4
index 9454143f2060..5bb754bd04a3 100644
--- a/cf/feature/bcc.m4
+++ b/cf/feature/bcc.m4
@@ -1,90 +1,90 @@
divert(-1)
#
# Copyright (c) 2014 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(-1)
# Arguments:
# 1: Map to use
# - empty/none: default map bcctable
# - `access': to use access_db (with bcc: as tag)
# - map definition
# The map contains domain names and the RHS should be simply "ok".
# If the access map is used, then its lookup algorithm is used.
# Otherwise:
# domain ok
# matches anything@domain
# .domain ok
# matches any subdomain, e.g., l@sub.domain and l@sub.dom.domain
# On a match, the original address will be used as bcc address unless
# argument 3 is set.
# 2: Name of host ([mailer:]host)
# 3: Default bcc address: if set, this will be always used.
# Only one of 2/3 can be empty.
# Note: if Bcc address is used then only one copy will be sent!
# (due to duplicate elimination)
# 4: Map definition for canonicalRcpt map of address rewriting to
# apply to the added bcc envelope recipients.
# The option -T<TMPF> is required to handle temporary map failures.
#
# The ruleset must return either
# - an e-mail address (user@dom.ain) which is then added as "bcc" recipient.
# - an empty string: do not add a "bcc" recipient, or
# - $#error: fail the SMTP transaction (e.g., temporary lookup failure)
#
# This feature sets O AddBcc=true
ifelse(lower(_ARG_),`access',`define(`_BCC_ACCESS_', `1')')
define(`_ADD_BCC_', `1')
ifdef(`_BCC_ACCESS_', `dnl
ifdef(`_ACCESS_TABLE_', `',
`errprint(`*** ERROR: FEATURE(`bcc') requires FEATURE(`access_db')
')')')
ifdef(`_BCC_ACCESS_', `', `
LOCAL_CONFIG
Kbcctable ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`bcctable', `_ARG_')')
LOCAL_CONFIG
O AddBcc=true
ifelse(len(X`'_ARG2_),`1', `', `
DA`'_ARG2_')
ifelse(len(X`'_ARG4_), `1', `',
`define(`_CANONIFY_BCC_', `1')dnl
define(`_NEED_SMTPOPMODES_', `1')dnl
# canonical address look up for AddBcc recipients
KcanonicalRcpt _ARG4_
')dnl
LOCAL_RULESETS
Sbcc
R< $+ > $1
ifdef(`_BCC_ACCESS_', `dnl
R$+ @ $+ $: $1@$2 $| $>SearchList <! bcc> $| <D:$2> <>',
`R$+ @ $+ $: $1@$2 $| $>BCC $2')
R$* $| <?> $@
R$* $| $* $: ifelse(len(X`'_ARG3_),`1', `$1', `_ARG3_')
ifdef(`_CANONIFY_BCC_', `dnl
R$+ @ $+ $: $1@$2 $| <$(canonicalRcpt $1 @ $2 $: $)>
R$* $| <> $@
-R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: _TMPFMSG_(`BCC')
R$* $| <$+> $@ $2 map matched?
')
ifdef(`_BCC_ACCESS_', `', `
SBCC
R$+ $: $1 < $(bcctable $1 $: ? $) >
R$- . $+ <?> $: $2 < $(bcctable .$2 $: ? $) >
R$- . $+ <?> $: $>BCC $2
R$* <$*> $: <$2>
')
diff --git a/cf/feature/blacklist_recipients.m4 b/cf/feature/blacklist_recipients.m4
index 706d11754393..5312a2e50687 100644
--- a/cf/feature/blacklist_recipients.m4
+++ b/cf/feature/blacklist_recipients.m4
@@ -1,19 +1,18 @@
divert(-1)
#
# Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
VERSIONID(`$Id: blacklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $')
divert(-1)
-ifdef(`_ACCESS_TABLE_',
- `define(`_BLACKLIST_RCPT_', 1)',
- `errprint(`*** ERROR: FEATURE(blacklist_recipients) requires FEATURE(access_db)
-')')
+errprint(`WARNING: FEATURE(blacklist_recipients) is deprecated; use FEATURE(blocklist_recipients.m4).
+')
+FEATURE(`blocklist_recipients')
diff --git a/cf/feature/blacklist_recipients.m4 b/cf/feature/blocklist_recipients.m4
similarity index 68%
copy from cf/feature/blacklist_recipients.m4
copy to cf/feature/blocklist_recipients.m4
index 706d11754393..7c5a1df02218 100644
--- a/cf/feature/blacklist_recipients.m4
+++ b/cf/feature/blocklist_recipients.m4
@@ -1,19 +1,19 @@
divert(-1)
#
# Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
-VERSIONID(`$Id: blacklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $')
+VERSIONID(`$Id: blocklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $')
divert(-1)
ifdef(`_ACCESS_TABLE_',
- `define(`_BLACKLIST_RCPT_', 1)',
- `errprint(`*** ERROR: FEATURE(blacklist_recipients) requires FEATURE(access_db)
+ `define(`_BLOCKLIST_RCPT_', 1)',
+ `errprint(`*** ERROR: FEATURE(blocklist_recipients) requires FEATURE(access_db)
')')
diff --git a/cf/feature/check_cert_altnames.m4 b/cf/feature/check_cert_altnames.m4
new file mode 100644
index 000000000000..9fae74ef0a3c
--- /dev/null
+++ b/cf/feature/check_cert_altnames.m4
@@ -0,0 +1,17 @@
+divert(-1)
+#
+# Copyright (c) 2019 Proofpoint, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)dnl
+VERSIONID(`$Id: block_bad_helo.m4,v 1.2 2013-11-22 20:51:11 ca Exp $')
+divert(-1)
+define(`_FFR_TLS_ALTNAMES', `1')
+divert(6)dnl
+O SetCertAltnames=true
diff --git a/cf/feature/dnsbl.m4 b/cf/feature/dnsbl.m4
index 63b86759c320..dd8fd52583f9 100644
--- a/cf/feature/dnsbl.m4
+++ b/cf/feature/dnsbl.m4
@@ -1,39 +1,39 @@
divert(-1)
#
# Copyright (c) 1998-2002, 2005-2007 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
ifdef(`DNSBL_MAP', `', `define(`DNSBL_MAP', `dns -R A')')
divert(0)
ifdef(`_DNSBL_R_',`dnl',`dnl
VERSIONID(`$Id: dnsbl.m4,v 8.34 2013-11-22 20:51:11 ca Exp $')
define(`_DNSBL_R_',`')
ifelse(defn(`_ARG_'), `',
`errprint(`*** ERROR: missing argument for FEATURE(`dnsbl')')')
LOCAL_CONFIG
-# map for DNS based blacklist lookups
+# map for DNS based blocklist lookups
Kdnsbl DNSBL_MAP -T<TMP>ifdef(`DNSBL_MAP_OPT',` DNSBL_MAP_OPT')')
divert(-1)
define(`_DNSBL_SRV_', `_ARG_')dnl
define(`_DNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_DNSBL_SRV_`"',`_ARG2_')')dnl
define(`_DNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_DNSBL_SRV_`"',`_ARG3_')')dnl
divert(8)
# DNS based IP address spam list _DNSBL_SRV_
R$* $: $&{client_addr}
R$-.$-.$-.$- $: <?> $(dnsbl $4.$3.$2.$1._DNSBL_SRV_. $: OK $)
R<?>OK $: OKSOFAR
ifelse(len(X`'_ARG3_),`1',
`R<?>$+<TMP> $: TMPOK',
`R<?>$+<TMP> $#error $@ 4.4.3 $: _DNSBL_MSG_TMP_')
ifelse(`X'_ARG2_,`Xquarantine',
`R<?>$+ $#error $@ quarantine $: _DNSBL_SRV_',
`X'_ARG2_,`Xdiscard',
`R<?>$+ $#discard $: _DNSBL_SRV_',
`R<?>$+ $#error $@ 5.7.1 $: _DNSBL_MSG_')
divert(-1)
diff --git a/cf/feature/enhdnsbl.m4 b/cf/feature/enhdnsbl.m4
index b3a86b969c26..f0ba5c50d482 100644
--- a/cf/feature/enhdnsbl.m4
+++ b/cf/feature/enhdnsbl.m4
@@ -1,53 +1,53 @@
divert(-1)
#
# Copyright (c) 2000-2002, 2005-2007 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
ifelse(defn(`_ARG_'), `',
`errprint(`*** ERROR: missing argument for FEATURE(`enhdnsbl')')')
divert(0)
ifdef(`_EDNSBL_R_',`dnl',`dnl
VERSIONID(`$Id: enhdnsbl.m4,v 1.13 2013-11-22 20:51:11 ca Exp $')
LOCAL_CONFIG
define(`_EDNSBL_R_',`')dnl
-# map for enhanced DNS based blacklist lookups
+# map for enhanced DNS based blocklist lookups
Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
')
divert(-1)
define(`_EDNSBL_SRV_', `_ARG_')dnl
define(`_EDNSBL_MSG_',
`ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',
X`'_ARG2_,`Xquarantine',`_EDNSBL_SRV_',
`_ARG2_')')dnl
define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl
define(`_EDNSBL_MATCH_', `ifelse(len(X`'_ARG4_),`1',`$`'+',_ARG4_)')dnl
define(`_EDNSBL_ACTION_',
`ifelse(X`'_ARG2_,`Xquarantine',`$`'#error $`'@ quarantine',
X`'_ARG2_,`Xdiscard',`$`'#discard',
`$`'#error $`'@ 5.7.1')')dnl
divert(8)
# DNS based IP address spam list _EDNSBL_SRV_
R$* $: $&{client_addr}
R$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $)
R<?>OK $: OKSOFAR
ifelse(len(X`'_ARG3_),`1',
`R<?>$+<TMP> $: TMPOK',
`R<?>$+<TMP> $#error $@ 4.4.3 $: _EDNSBL_MSG_TMP_')
R<?>_EDNSBL_MATCH_ _EDNSBL_ACTION_ $: _EDNSBL_MSG_
ifelse(len(X`'_ARG5_),`1',`dnl',
`R<?>_ARG5_ _EDNSBL_ACTION_ $: _EDNSBL_MSG_')
ifelse(len(X`'_ARG6_),`1',`dnl',
`R<?>_ARG6_ _EDNSBL_ACTION_ $: _EDNSBL_MSG_')
ifelse(len(X`'_ARG7_),`1',`dnl',
`R<?>_ARG7_ _EDNSBL_ACTION_ $: _EDNSBL_MSG_')
ifelse(len(X`'_ARG8_),`1',`dnl',
`R<?>_ARG8_ _EDNSBL_ACTION_ $: _EDNSBL_MSG_')
ifelse(len(X`'_ARG9_),`1',`dnl',
`R<?>_ARG9_ _EDNSBL_ACTION_ $: _EDNSBL_MSG_')
divert(-1)
diff --git a/cf/feature/tls_failures.m4 b/cf/feature/tls_failures.m4
new file mode 100644
index 000000000000..94982110f0b8
--- /dev/null
+++ b/cf/feature/tls_failures.m4
@@ -0,0 +1,13 @@
+divert(-1)
+#
+# Copyright (c) 2020 Proofpoint, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+
+errprint(`*** ERROR: FEATURE(tls_failures) has been replaced by confTLS_FALLBACK_TO_CLEAR
+')
+define(`confTLS_FALLBACK_TO_CLEAR', `true')
diff --git a/cf/m4/cfhead.m4 b/cf/m4/cfhead.m4
index eacdfb72f0ae..6d12e8582627 100644
--- a/cf/m4/cfhead.m4
+++ b/cf/m4/cfhead.m4
@@ -1,310 +1,319 @@
#
# Copyright (c) 1998-2004, 2009, 2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
######################################################################
######################################################################
#####
##### SENDMAIL CONFIGURATION FILE
#####
ifdef(`_NO_MAKEINFO_', `dnl', `dnl
ifdef(`TEMPFILE', `dnl', `define(`TEMPFILE', maketemp(/tmp/cfXXXXXX))dnl
syscmd(sh _CF_DIR_`'sh/makeinfo.sh _CF_DIR_ > TEMPFILE)dnl
include(TEMPFILE)dnl
syscmd(rm -f TEMPFILE)dnl')')
#####
######################################################################
#####
##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
#####
######################################################################
######################################################################
divert(-1)
changecom()
undefine(`format')
undefine(`hpux')
ifdef(`pushdef', `',
`errprint(`You need a newer version of M4, at least as new as
System V or GNU')
include(NoSuchFile)')
define(`PUSHDIVERT', `pushdef(`__D__', divnum)divert($1)')
define(`POPDIVERT', `divert(__D__)popdef(`__D__')')
define(`OSTYPE',
`PUSHDIVERT(-1)
ifdef(`__OSTYPE__', `errprint(`duplicate OSTYPE'($1)
)')
define(`__OSTYPE__', $1)
define(`_ARG_', $2)
include(_CF_DIR_`'ostype/$1.m4)POPDIVERT`'')
## helpful functions
define(`lower', `translit(`$1', `ABCDEFGHIJKLMNOPQRSTUVWXYZ', `abcdefghijklmnopqrstuvwxyz')')
define(`strcasecmp', `ifelse(lower($1), lower($2), `1', `0')')
## access to further arguments in FEATURE/HACK
define(`_ACC_ARG_1_',`$1')
define(`_ACC_ARG_2_',`$2')
define(`_ACC_ARG_3_',`$3')
define(`_ACC_ARG_4_',`$4')
define(`_ACC_ARG_5_',`$5')
define(`_ACC_ARG_6_',`$6')
define(`_ACC_ARG_7_',`$7')
define(`_ACC_ARG_8_',`$8')
define(`_ACC_ARG_9_',`$9')
define(`_ARG1_',`_ACC_ARG_1_(_ARGS_)')
define(`_ARG2_',`_ACC_ARG_2_(_ARGS_)')
define(`_ARG3_',`_ACC_ARG_3_(_ARGS_)')
define(`_ARG4_',`_ACC_ARG_4_(_ARGS_)')
define(`_ARG5_',`_ACC_ARG_5_(_ARGS_)')
define(`_ARG6_',`_ACC_ARG_6_(_ARGS_)')
define(`_ARG7_',`_ACC_ARG_7_(_ARGS_)')
define(`_ARG8_',`_ACC_ARG_8_(_ARGS_)')
define(`_ARG9_',`_ACC_ARG_9_(_ARGS_)')
dnl define if not yet defined: if `$1' is not defined it will be `$2'
define(`_DEFIFNOT',`ifdef(`$1',`',`define(`$1',`$2')')')
dnl ----------------------------------------
+dnl Use a "token" for this error message to make them unique?
+dnl Note: this is not a documented option. To enable it, use:
+dnl define(`_USETMPFTOKEN_', `1')dnl
+ifdef(`_USETMPFTOKEN_', `
+define(_TMPFMSG_, `"451 Temporary system failure $1. Please try again later."')
+', `dnl
+define(_TMPFMSG_, `"451 Temporary system failure. Please try again later."')
+')
+dnl ----------------------------------------
dnl add a char $2 to a string $1 if it is not there
define(`_ADDCHAR_',`define(`_I_',`eval(index(`$1',`$2') >= 0)')`'ifelse(_I_,`1',`$1',`$1$2')')
dnl ----
dnl delete a char $2 from a string $1 if it is there
define(`_DELCHAR_',`define(`_IDX_',`index(`$1',`$2')')`'define(`_I_',`eval(_IDX_ >= 0)')`'ifelse(_I_,`1',`substr(`$1',0,_IDX_)`'substr(`$1',eval(_IDX_+1))',`$1')')
dnl ----
dnl apply a macro to a whole string by recursion (one char at a time)
dnl $1: macro
dnl $2: first argument to macro
dnl $3: list that is split up into characters
define(`_AP_',`ifelse(`$3',`',`$2',`_AP_(`$1',$1(`$2',substr(`$3',0,1)),substr(`$3',1))')')
dnl ----
dnl MODIFY_MAILER_FLAGS: append tail of $2 to $1_MF_A/D_
dnl A if head($2) = +
dnl D if head($2) = -
dnl $1_MF_ is set otherwise; set _A/D_ to `'
define(`MODIFY_MAILER_FLAGS',`define(`_hd_',`substr(`$2',0,1)')define(`_tl_',`substr(`$2',1)')`'ifelse(_hd_,`+',`ifdef($1`'_MF_A_, `define($1`'_MF_A_,$1_MF_A_`'_tl_)', `define($1`'_MF_A_, _tl_)')',_hd_,`-',`ifdef($1`'_MF_D_, `define($1`'_MF_D_,$1_MF_D_`'_tl_)', `define($1`'_MF_D_,_tl_)')',`define($1`'_MF_,`$2')define($1`'_MF_A_,`')define($1`'_MF_D_,`')')')
dnl ----
dnl actually modify flags:
dnl $1: flags (strings) to modify
dnl $2: name of flags (just first part) to modify
dnl WARNING: the order might be important: if someone adds and delete the
dnl same characters, he does not deserve any better, does he?
dnl this could be coded more efficiently... (do not apply the macro if _MF_A/D_ is undefined)
define(`_MODMF_',`ifdef($2`'_MF_,`$2_MF_',`_AP_(`_ADDCHAR_',_AP_(`_DELCHAR_',$1,ifdef($2`'_MF_D_,`$2_MF_D_',`')),ifdef($2`'_MF_A_,`$2_MF_A_',`'))')')
dnl usage:
dnl MODIFY_MAILER_FLAGS(`LOCAL',`+FlaGs')dnl
dnl in MAILER.m4: _MODMF_(LMF,`LOCAL')
dnl ----------------------------------------
define(`MAILER',
`define(`_M_N_', `ifelse(`$2', `', `$1', `$2')')dnl
ifdef(`_MAILER_DEFINED_', `', `define(`_MAILER_DEFINED_', `1')')dnl
ifdef(_MAILER_`'_M_N_`'_,
`errprint(`*** ERROR: MAILER('_M_N_`) already included
')',
`define(_MAILER_`'_M_N_`'_, `')define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')PUSHDIVERT(7)include(_CF_DIR_`'mailer/$1.m4)POPDIVERT`'')')
define(`DOMAIN', `PUSHDIVERT(-1)define(`_ARG_', `$2')include(_CF_DIR_`'domain/$1.m4)POPDIVERT`'')
define(`FEATURE', `PUSHDIVERT(-1)ifdef(`_MAILER_DEFINED_',`errprint(`*** ERROR: FEATURE() should be before MAILER()
')')define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')include(_CF_DIR_`'feature/$1.m4)POPDIVERT`'')
define(`HACK', `PUSHDIVERT(-1)define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')include(_CF_DIR_`'hack/$1.m4)POPDIVERT`'')
define(`_DPO_',`')
define(`DAEMON_OPTIONS', `define(`_DPO_', defn(`_DPO_')
O DaemonPortOptions=`$1')')
define(`_CPO_',`')
define(`CLIENT_OPTIONS', `define(`_CPO_', defn(`_CPO_')
O ClientPortOptions=`$1')')
define(`_MAIL_FILTERS_', `')
define(`_MAIL_FILTERS_DEF', `')
define(`MAIL_FILTER', `define(`_MAIL_FILTERS_', defn(`_MAIL_FILTERS_')
X`'$1`, '`$2')
define(`_MAIL_FILTERS_DEF', defn(`_MAIL_FILTERS_DEF')`X')')
define(`INPUT_MAIL_FILTER', `MAIL_FILTER(`$1', `$2')
ifelse(defn(`confINPUT_MAIL_FILTERS')X, `X',
`define(`confINPUT_MAIL_FILTERS', $1)',
`define(`confINPUT_MAIL_FILTERS', defn(`confINPUT_MAIL_FILTERS')`, '`$1')')')
define(`_QUEUE_GROUP_', `')
define(`QUEUE_GROUP', `define(`_QUEUE_GROUP_', defn(`_QUEUE_GROUP_')
Q`'$1`, '`$2')')
define(`CF_LEVEL', `10')dnl
define(`VERSIONID', ``##### $1 #####'')
define(`LOCAL_RULE_0', `divert(3)')
dnl for UUCP...
define(`LOCAL_UUCP', `divert(4)')
define(`LOCAL_RULE_1',
`divert(9)dnl
#######################################
### Ruleset 1 -- Sender Rewriting ###
#######################################
Ssender=1
')
define(`LOCAL_RULE_2',
`divert(9)dnl
##########################################
### Ruleset 2 -- Recipient Rewriting ###
##########################################
Srecipient=2
')
define(`LOCAL_RULESETS',
`divert(9)
')
define(`LOCAL_SRV_FEATURES',
`define(`_LOCAL_SRV_FEATURES_')
ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_SRV_FEATURES
')')
divert(9)
SLocal_srv_features')
define(`LOCAL_TRY_TLS',
`define(`_LOCAL_TRY_TLS_')
ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_TRY_TLS
')')
divert(9)
SLocal_try_tls')
define(`LOCAL_TLS_RCPT',
`define(`_LOCAL_TLS_RCPT_')
ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_TLS_RCPT
')')
divert(9)
SLocal_tls_rcpt')
define(`LOCAL_TLS_CLIENT',
`define(`_LOCAL_TLS_CLIENT_')
ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_TLS_CLIENT
')')
divert(9)
SLocal_tls_client')
define(`LOCAL_TLS_SERVER',
`define(`_LOCAL_TLS_SERVER_')
ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_TLS_SERVER
')')
divert(9)
SLocal_tls_server')
define(`LOCAL_RULE_3', `divert(2)')
define(`LOCAL_CONFIG', `divert(6)')
define(`MAILER_DEFINITIONS', `divert(7)')
define(`LOCAL_DNSBL', `divert(8)')
define(`LOCAL_NET_CONFIG', `define(`_LOCAL_RULES_', 1)divert(1)')
define(`UUCPSMTP', `R DOL(*) < @ $1 .UUCP > DOL(*) DOL(1) < @ $2 > DOL(2)')
define(`CONCAT', `$1$2$3$4$5$6$7')
define(`DOL', ``$'$1')
define(`SITECONFIG',
`CONCAT(D, $3, $2)
define(`_CLASS_$3_', `')dnl
ifelse($3, U, C{w}$2 $2.UUCP, `dnl')
define(`SITE', `ifelse(CONCAT($'2`, $3), SU,
CONCAT(CY, $'1`),
CONCAT(C, $3, $'1`))')
sinclude(_CF_DIR_`'siteconfig/$1.m4)')
define(`EXPOSED_USER', `PUSHDIVERT(5)C{E}$1
POPDIVERT`'dnl`'')
define(`EXPOSED_USER_FILE', `PUSHDIVERT(5)F{E}$1
POPDIVERT`'dnl`'')
define(`LOCAL_USER', `PUSHDIVERT(5)C{L}$1
POPDIVERT`'dnl`'')
define(`LOCAL_USER_FILE', `PUSHDIVERT(5)F{L}$1
POPDIVERT`'dnl`'')
define(`MASQUERADE_AS', `define(`MASQUERADE_NAME', $1)')
define(`MASQUERADE_DOMAIN', `PUSHDIVERT(5)C{M}$1
POPDIVERT`'dnl`'')
define(`MASQUERADE_EXCEPTION', `PUSHDIVERT(5)C{N}$1
POPDIVERT`'dnl`'')
define(`MASQUERADE_DOMAIN_FILE', `PUSHDIVERT(5)F{M}$1
POPDIVERT`'dnl`'')
define(`MASQUERADE_EXCEPTION_FILE', `PUSHDIVERT(5)F{N}$1
POPDIVERT`'dnl`'')
define(`LOCAL_DOMAIN', `PUSHDIVERT(5)C{w}$1
POPDIVERT`'dnl`'')
define(`CANONIFY_DOMAIN', `PUSHDIVERT(5)C{Canonify}$1
POPDIVERT`'dnl`'')
define(`CANONIFY_DOMAIN_FILE', `PUSHDIVERT(5)F{Canonify}$1
POPDIVERT`'dnl`'')
define(`GENERICS_DOMAIN', `PUSHDIVERT(5)C{G}$1
POPDIVERT`'dnl`'')
define(`GENERICS_DOMAIN_FILE', `PUSHDIVERT(5)F{G}$1
POPDIVERT`'dnl`'')
define(`LDAPROUTE_DOMAIN', `PUSHDIVERT(5)C{LDAPRoute}$1
POPDIVERT`'dnl`'')
define(`LDAPROUTE_DOMAIN_FILE', `PUSHDIVERT(5)F{LDAPRoute}$1
POPDIVERT`'dnl`'')
define(`LDAPROUTE_EQUIVALENT', `PUSHDIVERT(5)C{LDAPRouteEquiv}$1
POPDIVERT`'dnl`'')
define(`LDAPROUTE_EQUIVALENT_FILE', `PUSHDIVERT(5)F{LDAPRouteEquiv}$1
POPDIVERT`'dnl`'')
define(`VIRTUSER_DOMAIN', `PUSHDIVERT(5)C{VirtHost}$1
define(`_VIRTHOSTS_')
POPDIVERT`'dnl`'')
define(`VIRTUSER_DOMAIN_FILE', `PUSHDIVERT(5)F{VirtHost}$1
define(`_VIRTHOSTS_')
POPDIVERT`'dnl`'')
define(`RELAY_DOMAIN', `PUSHDIVERT(5)C{R}$1
POPDIVERT`'dnl`'')
define(`RELAY_DOMAIN_FILE', `PUSHDIVERT(5)F{R}$1
POPDIVERT`'dnl`'')
define(`TRUST_AUTH_MECH', `_DEFIFNOT(`_USE_AUTH_',`1')PUSHDIVERT(5)C{TrustAuthMech}$1
POPDIVERT`'dnl`'')
define(`_OPTINS', `ifdef(`$1', `$2$1$3')')
m4wrap(`include(_CF_DIR_`m4/proto.m4')')
# default location for files
ifdef(`MAIL_SETTINGS_DIR', , `define(`MAIL_SETTINGS_DIR', `/etc/mail/')')
# set our default hashed database type
define(`DATABASE_MAP_TYPE', `hash')
# set up default values for options
define(`ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
define(`confMAILER_NAME', ``MAILER-DAEMON'')
define(`confFROM_LINE', `From $g $d')
define(`confOPERATORS', `.:%@!^/[]+')
define(`confSMTP_LOGIN_MSG', `$j Sendmail $v/$Z; $b')
define(`_REC_AUTH_', `$.$?{auth_type}(authenticated')
define(`_REC_FULL_AUTH_', `$.$?{auth_type}(user=${auth_authen} $?{auth_author}author=${auth_author} $.mech=${auth_type}')
define(`_REC_HDR_', `$?sfrom $s $.$?_($?s$|from $.$_)')
define(`_REC_END_', `for $u; $|;
$.$b')
define(`_REC_TLS_', `(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u')
define(`_REC_BY_', `$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}')
define(`confRECEIVED_HEADER', `_REC_HDR_
_REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
_REC_BY_
_REC_TLS_
_REC_END_')
define(`confSEVEN_BIT_INPUT', `False')
define(`confALIAS_WAIT', `10')
define(`confMIN_FREE_BLOCKS', `100')
define(`confBLANK_SUB', `.')
define(`confCON_EXPENSIVE', `False')
define(`confDELIVERY_MODE', `background')
define(`confTEMP_FILE_MODE', `0600')
define(`confMCI_CACHE_SIZE', `2')
define(`confMCI_CACHE_TIMEOUT', `5m')
define(`confUSE_ERRORS_TO', `False')
define(`confLOG_LEVEL', `9')
define(`confCHECK_ALIASES', `False')
define(`confOLD_STYLE_HEADERS', `True')
define(`confPRIVACY_FLAGS', `authwarnings')
define(`confSAFE_QUEUE', `True')
define(`confTO_QUEUERETURN', `5d')
define(`confTO_QUEUEWARN', `4h')
define(`confTIME_ZONE', `USE_SYSTEM')
define(`confCW_FILE', `MAIL_SETTINGS_DIR`'local-host-names')
define(`confMIME_FORMAT_ERRORS', `True')
define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward')
define(`confCR_FILE', `-o MAIL_SETTINGS_DIR`'relay-domains')
define(`confMILTER_MACROS_CONNECT', ``j, _, {daemon_name}, {if_name}, {if_addr}'')
define(`confMILTER_MACROS_HELO', ``{tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}'')
define(`confMILTER_MACROS_ENVFROM', ``i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr}'')
define(`confMILTER_MACROS_ENVRCPT', ``{rcpt_mailer}, {rcpt_host}, {rcpt_addr}'')
define(`confMILTER_MACROS_EOM', `{msg_id}')
divert(0)dnl
VERSIONID(`$Id: cfhead.m4,v 8.122 2013-11-22 20:51:13 ca Exp $')
diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4
index 696bf36a5357..618dde00e24a 100644
--- a/cf/m4/proto.m4
+++ b/cf/m4/proto.m4
@@ -1,3081 +1,3110 @@
divert(-1)
#
# Copyright (c) 1998-2010 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
VERSIONID(`$Id: proto.m4,v 8.762 2013-11-22 20:51:13 ca Exp $')
# level CF_LEVEL config file format
V`'CF_LEVEL`'ifdef(`NO_VENDOR',`', `/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')')
divert(-1)
dnl if MAILER(`local') not defined: do it ourself; be nice
dnl maybe we should issue a warning?
ifdef(`_MAILER_local_',`', `MAILER(local)')
# do some sanity checking
ifdef(`__OSTYPE__',,
`errprint(`*** ERROR: No system type defined (use OSTYPE macro)
')')
# pick our default mailers
ifdef(`confSMTP_MAILER',, `define(`confSMTP_MAILER', `esmtp')')
ifdef(`confLOCAL_MAILER',, `define(`confLOCAL_MAILER', `local')')
ifdef(`confRELAY_MAILER',,
`define(`confRELAY_MAILER',
`ifdef(`_MAILER_smtp_', `relay',
`ifdef(`_MAILER_uucp', `uucp-new', `unknown')')')')
ifdef(`confUUCP_MAILER',, `define(`confUUCP_MAILER', `uucp-old')')
define(`_SMTP_', `confSMTP_MAILER')dnl for readability only
define(`_LOCAL_', `confLOCAL_MAILER')dnl for readability only
define(`_RELAY_', `confRELAY_MAILER')dnl for readability only
define(`_UUCP_', `confUUCP_MAILER')dnl for readability only
# back compatibility with old config files
ifdef(`confDEF_GROUP_ID',
`errprint(`*** confDEF_GROUP_ID is obsolete.
Use confDEF_USER_ID with a colon in the value instead.
')')
ifdef(`confREAD_TIMEOUT',
`errprint(`*** confREAD_TIMEOUT is obsolete.
Use individual confTO_<timeout> parameters instead.
')')
ifdef(`confMESSAGE_TIMEOUT',
`define(`_ARG_', index(confMESSAGE_TIMEOUT, /))
ifelse(_ARG_, -1,
`define(`confTO_QUEUERETURN', confMESSAGE_TIMEOUT)',
`define(`confTO_QUEUERETURN',
substr(confMESSAGE_TIMEOUT, 0, _ARG_))
define(`confTO_QUEUEWARN',
substr(confMESSAGE_TIMEOUT, eval(_ARG_+1)))')')
ifdef(`confMIN_FREE_BLOCKS', `ifelse(index(confMIN_FREE_BLOCKS, /), -1,,
`errprint(`*** compound confMIN_FREE_BLOCKS is obsolete.
Use confMAX_MESSAGE_SIZE for the second part of the value.
')')')
# Sanity check on ldap_routing feature
# If the user doesn't specify a new map, they better have given as a
# default LDAP specification which has the LDAP base (and most likely the host)
ifdef(`confLDAP_DEFAULT_SPEC',, `ifdef(`_LDAP_ROUTING_WARN_', `errprint(`
WARNING: Using default FEATURE(ldap_routing) map definition(s)
without setting confLDAP_DEFAULT_SPEC option.
')')')dnl
# clean option definitions below....
define(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl
dnl required to "rename" the check_* rulesets...
define(`_U_',ifdef(`_DELAY_CHECKS_',`',`_'))
dnl default relaying denied message
ifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG',
ifdef(`_USE_AUTH_', `"550 Relaying denied. Proper authentication required."', `"550 Relaying denied"'))')
ifdef(`confRCPTREJ_MSG', `', `define(`confRCPTREJ_MSG', `"550 Mailbox disabled for this recipient"')')
define(`_CODE553', `553')
divert(0)dnl
# override file safeties - setting this option compromises system security,
# addressing the actual file configuration problem is preferred
# need to set this before any file actions are encountered in the cf file
_OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', `safe')
# default LDAP map specification
# need to set this now before any LDAP maps are defined
_OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost')
##################
# local info #
##################
# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
ifdef(`confLDAP_CLUSTER', `D{sendmailMTACluster}`'confLDAP_CLUSTER', `#D{sendmailMTACluster}$m')
Cwlocalhost
ifdef(`USE_CW_FILE',
`# file containing names of hosts for which we receive email
Fw`'confCW_FILE',
`dnl')
# my official domain name
# ... `define' this only if sendmail cannot automatically determine your domain
ifdef(`confDOMAIN_NAME', `Dj`'confDOMAIN_NAME', `#Dj$w.Foo.COM')
# host/domain names ending with a token in class P are canonical
CP.
ifdef(`UUCP_RELAY',
`# UUCP relay host
DY`'UUCP_RELAY
CPUUCP
')dnl
ifdef(`BITNET_RELAY',
`# BITNET relay host
DB`'BITNET_RELAY
CPBITNET
')dnl
ifdef(`DECNET_RELAY',
`define(`_USE_DECNET_SYNTAX_', 1)dnl
# DECnet relay host
DC`'DECNET_RELAY
CPDECNET
')dnl
ifdef(`FAX_RELAY',
`# FAX relay host
DF`'FAX_RELAY
CPFAX
')dnl
# "Smart" relay host (may be null)
DS`'ifdef(`SMART_HOST', `SMART_HOST')
ifdef(`LUSER_RELAY', `dnl
# place to which unknown users should be forwarded
Kuser user -m -a<>
DL`'LUSER_RELAY',
`dnl')
# operators that cannot be in local usernames (i.e., network indicators)
CO @ ifdef(`_NO_PERCENTHACK_', `', `%') ifdef(`_NO_UUCP_', `', `!')
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
ifdef(`_ACCESS_TABLE_', `dnl
# access_db acceptance class
C{Accept}OK RELAY
ifdef(`_DELAY_COMPAT_8_10_',`dnl
-ifdef(`_BLACKLIST_RCPT_',`dnl
+ifdef(`_BLOCKLIST_RCPT_',`dnl
# possible access_db RHS for spam friends/haters
C{SpamTag}SPAMFRIEND SPAMHATER')')',
`dnl')
dnl mark for "domain is ok" (resolved or accepted anyway)
define(`_RES_OK_', `OKR')dnl
ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl
# Resolve map (to check if a host exists in check_mail)
Kresolve host -a<_RES_OK_> -T<TEMP>')
C{ResOk}_RES_OK_
ifdef(`_NEED_MACRO_MAP_', `dnl
ifdef(`_MACRO_MAP_', `', `# macro storage map
define(`_MACRO_MAP_', `1')dnl
Kmacro macro')', `dnl')
ifdef(`confCR_FILE', `dnl
# Hosts for which relaying is permitted ($=R)
FR`'confCR_FILE',
`dnl')
define(`TLS_SRV_TAG', `"TLS_Srv"')dnl
define(`TLS_CLT_TAG', `"TLS_Clt"')dnl
define(`TLS_RCPT_TAG', `"TLS_Rcpt"')dnl
define(`TLS_TRY_TAG', `"Try_TLS"')dnl
define(`SRV_FEAT_TAG', `"Srv_Features"')dnl
dnl this may be useful in other contexts too
ifdef(`_ARITH_MAP_', `', `# arithmetic map
define(`_ARITH_MAP_', `1')dnl
Karith arith')
ifdef(`_ACCESS_TABLE_', `dnl
ifdef(`_MACRO_MAP_', `', `# macro storage map
define(`_MACRO_MAP_', `1')dnl
Kmacro macro')
# possible values for TLS_connection in access map
-C{Tls}VERIFY ENCR', `dnl')
+C{Tls}VERIFY ENCR
+C{TlsVerified}OK TRUSTED
+dnl', `dnl')
ifdef(`_CERT_REGEX_ISSUER_', `dnl
# extract relevant part from cert issuer
KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl')
ifdef(`_CERT_REGEX_SUBJECT_', `dnl
# extract relevant part from cert subject
KCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl')
ifdef(`LOCAL_RELAY', `dnl
# who I send unqualified names to if `FEATURE(stickyhost)' is used
# (null means deliver locally)
DR`'LOCAL_RELAY')
ifdef(`MAIL_HUB', `dnl
# who gets all local email traffic
# ($R has precedence for unqualified names if `FEATURE(stickyhost)' is used)
DH`'MAIL_HUB')
# dequoting map
Kdequote dequote`'ifdef(`confDEQUOTE_OPTS', ` confDEQUOTE_OPTS', `')
divert(0)dnl # end of nullclient diversion
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
undivert(5)dnl
ifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl')
ifdef(`MASQUERADE_NAME', `dnl
# who I masquerade as (null for no masquerading) (see also $=M)
DM`'MASQUERADE_NAME')
# my name for error messages
ifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON')
undivert(6)dnl LOCAL_CONFIG
include(_CF_DIR_`m4/version.m4')
###############
# Options #
###############
ifdef(`confAUTO_REBUILD',
`errprint(WARNING: `confAUTO_REBUILD' is no longer valid.
There was a potential for a denial of service attack if this is set.
)')dnl
# strip message body to 7 bits on input?
_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False')
# 8-bit data handling
_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8')
# wait for alias file rebuild (default units: minutes)
_OPTION(AliasWait, `confALIAS_WAIT', `5m')
# location of alias file
_OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases')
# minimum number of free blocks on filesystem
_OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100')
# maximum message size
_OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `0')
# substitution for space (blank) characters
_OPTION(BlankSub, `confBLANK_SUB', `_')
# avoid connecting to "expensive" mailers on initial submission?
_OPTION(HoldExpensive, `confCON_EXPENSIVE', `False')
# checkpoint queue runs after every N successful deliveries
_OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10')
# default delivery mode
_OPTION(DeliveryMode, `confDELIVERY_MODE', `background')
# error message header/file
_OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header')
# error mode
_OPTION(ErrorMode, `confERROR_MODE', `print')
# save Unix-style "From_" lines at top of header?
_OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False')
# queue file mode (qf files)
_OPTION(QueueFileMode, `confQUEUE_FILE_MODE', `0600')
# temporary file mode
_OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600')
# match recipients against GECOS field?
_OPTION(MatchGECOS, `confMATCH_GECOS', `False')
# maximum hop count
_OPTION(MaxHopCount, `confMAX_HOP', `25')
# location of help file
O HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile')
# ignore dots as terminators in incoming messages?
_OPTION(IgnoreDots, `confIGNORE_DOTS', `False')
# name resolver options
_OPTION(ResolverOptions, `confBIND_OPTS', `+AAONLY')
# deliver MIME-encapsulated error messages?
_OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS', `True')
# Forward file search path
_OPTION(ForwardPath, `confFORWARD_PATH', `/var/forward/$u:$z/.forward.$w:$z/.forward')
# open connection cache size
_OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', `2')
# open connection cache timeout
_OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', `5m')
# persistent host status directory
_OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', `.hoststat')
# single thread deliveries (requires HostStatusDirectory)?
_OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY', `False')
# use Errors-To: header?
_OPTION(UseErrorsTo, `confUSE_ERRORS_TO', `False')
# use compressed IPv6 address format?
_OPTION(UseCompressedIPv6Addresses, `confUSE_COMPRESSED_IPV6_ADDRESSES', `')
# log level
_OPTION(LogLevel, `confLOG_LEVEL', `10')
# send to me too, even in an alias expansion?
_OPTION(MeToo, `confME_TOO', `True')
# verify RHS in newaliases?
_OPTION(CheckAliases, `confCHECK_ALIASES', `False')
# default messages to old style headers if no special punctuation?
_OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS', `False')
# SMTP daemon options
ifelse(defn(`confDAEMON_OPTIONS'), `', `dnl',
`errprint(WARNING: `confDAEMON_OPTIONS' is no longer valid.
Use `DAEMON_OPTIONS()'; see cf/README.
)'dnl
`DAEMON_OPTIONS(`confDAEMON_OPTIONS')')
ifelse(defn(`_DPO_'), `',
`ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-v4, Family=inet
O DaemonPortOptions=Name=MTA-v6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_')
ifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E')
# SMTP client options
ifelse(defn(`confCLIENT_OPTIONS'), `', `dnl',
`errprint(WARNING: `confCLIENT_OPTIONS' is no longer valid. See cf/README for more information.
)'dnl
`CLIENT_OPTIONS(`confCLIENT_OPTIONS')')
ifelse(defn(`_CPO_'), `',
`#O ClientPortOptions=Family=inet, Address=0.0.0.0', `_CPO_')
# Modifiers to `define' {daemon_flags} for direct submissions
_OPTION(DirectSubmissionModifiers, `confDIRECT_SUBMISSION_MODIFIERS', `')
# Use as mail submission program? See sendmail/SECURITY
_OPTION(UseMSP, `confUSE_MSP', `')
# privacy flags
_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings')
# who (if anyone) should get extra copies of error messages
_OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster')
# slope of queue-only function
_OPTION(QueueFactor, `confQUEUE_FACTOR', `600000')
# limit on number of concurrent queue runners
_OPTION(MaxQueueChildren, `confMAX_QUEUE_CHILDREN', `')
# maximum number of queue-runners per queue-grouping with multiple queues
_OPTION(MaxRunnersPerQueue, `confMAX_RUNNERS_PER_QUEUE', `1')
# priority of queue runners (nice(3))
_OPTION(NiceQueueRun, `confNICE_QUEUE_RUN', `')
# shall we sort the queue by hostname first?
_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority')
# minimum time in queue before retry
_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m')
# maximum time in queue before retry (if > 0; only for exponential delay)
_OPTION(MaxQueueAge, `confMAX_QUEUE_AGE', `')
# how many jobs can you process in the queue?
_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `0')
# perform initial split of envelope without checking MX records
_OPTION(FastSplit, `confFAST_SPLIT', `1')
# queue directory
O QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue')
# key for shared memory; 0 to turn off, -1 to auto-select
_OPTION(SharedMemoryKey, `confSHARED_MEMORY_KEY', `0')
# file to store auto-selected key for shared memory (SharedMemoryKey = -1)
_OPTION(SharedMemoryKeyFile, `confSHARED_MEMORY_KEY_FILE', `')
# timeouts (many of these)
_OPTION(Timeout.initial, `confTO_INITIAL', `5m')
_OPTION(Timeout.connect, `confTO_CONNECT', `5m')
_OPTION(Timeout.aconnect, `confTO_ACONNECT', `0s')
_OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m')
_OPTION(Timeout.helo, `confTO_HELO', `5m')
_OPTION(Timeout.mail, `confTO_MAIL', `10m')
_OPTION(Timeout.rcpt, `confTO_RCPT', `1h')
_OPTION(Timeout.datainit, `confTO_DATAINIT', `5m')
_OPTION(Timeout.datablock, `confTO_DATABLOCK', `1h')
_OPTION(Timeout.datafinal, `confTO_DATAFINAL', `1h')
_OPTION(Timeout.rset, `confTO_RSET', `5m')
_OPTION(Timeout.quit, `confTO_QUIT', `2m')
_OPTION(Timeout.misc, `confTO_MISC', `2m')
_OPTION(Timeout.command, `confTO_COMMAND', `1h')
_OPTION(Timeout.ident, `confTO_IDENT', `5s')
_OPTION(Timeout.fileopen, `confTO_FILEOPEN', `60s')
_OPTION(Timeout.control, `confTO_CONTROL', `2m')
_OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d')
_OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d')
_OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d')
_OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d')
_OPTION(Timeout.queuereturn.dsn, `confTO_QUEUERETURN_DSN', `5d')
_OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h')
_OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h')
_OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h')
_OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h')
_OPTION(Timeout.queuewarn.dsn, `confTO_QUEUEWARN_DSN', `4h')
_OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m')
_OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s')
_OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s')
_OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s')
_OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4')
_OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4')
_OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4')
_OPTION(Timeout.lhlo, `confTO_LHLO', `2m')
_OPTION(Timeout.auth, `confTO_AUTH', `10m')
_OPTION(Timeout.starttls, `confTO_STARTTLS', `1h')
# time for DeliverBy; extension disabled if less than 0
_OPTION(DeliverByMin, `confDELIVER_BY_MIN', `0')
# should we not prune routes in route-addr syntax addresses?
_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False')
# queue up everything before forking?
_OPTION(SuperSafe, `confSAFE_QUEUE', `True')
# status file
_OPTION(StatusFile, `STATUS_FILE')
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
ifelse(confTIME_ZONE, `USE_SYSTEM', `#O TimeZoneSpec=',
confTIME_ZONE, `USE_TZ', `O TimeZoneSpec=',
`O TimeZoneSpec=confTIME_ZONE')
# default UID (can be username or userid:groupid)
_OPTION(DefaultUser, `confDEF_USER_ID', `mailnull')
# list of locations of user database file (null means no lookup)
_OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb')
# fallback MX host
_OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net')
# fallback smart host
_OPTION(FallbackSmartHost, `confFALLBACK_SMARTHOST', `fall.back.host.net')
# if we are the best MX host for a site, try it directly instead of config err
_OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False')
# load average at which we just queue messages
_OPTION(QueueLA, `confQUEUE_LA', `8')
# load average at which we refuse connections
_OPTION(RefuseLA, `confREFUSE_LA', `12')
# log interval when refusing connections for this long
_OPTION(RejectLogInterval, `confREJECT_LOG_INTERVAL', `3h')
# load average at which we delay connections; 0 means no limit
_OPTION(DelayLA, `confDELAY_LA', `0')
# maximum number of children we allow at one time
_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `0')
# maximum number of new connections per second
_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `0')
# Width of the window
_OPTION(ConnectionRateWindowSize, `confCONNECTION_RATE_WINDOW_SIZE', `60s')
# work recipient factor
_OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000')
# deliver each queued job in a separate process?
_OPTION(ForkEachJob, `confSEPARATE_PROC', `False')
# work class factor
_OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800')
# work time factor
_OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000')
# default character set
_OPTION(DefaultCharSet, `confDEF_CHAR_SET', `unknown-8bit')
# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch')
# hosts file (normally /etc/hosts)
_OPTION(HostsFile, `confHOSTS_FILE', `/etc/hosts')
# dialup line delay on connection failure
_OPTION(DialDelay, `confDIAL_DELAY', `0s')
# action to take if there are no recipients in the message
_OPTION(NoRecipientAction, `confNO_RCPT_ACTION', `none')
# chrooted environment for writing to files
_OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `')
# are colons OK in addresses?
_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True')
# shall I avoid expanding CNAMEs (violates protocols)?
_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False')
# SMTP initial login message (old $e macro)
_OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG', `$j Sendmail $v ready at $b')
# UNIX initial From header format (old $l macro)
_OPTION(UnixFromLine, `confFROM_LINE', `From $g $d')
# From: lines that have embedded newlines are unwrapped onto one line
_OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', `False')
# Allow HELO SMTP command that does not `include' a host name
_OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', `False')
# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
_OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', `.')
# delimiter (operator) characters (old $o macro)
_OPTION(OperatorChars, `confOPERATORS', `.:@[]')
# shall I avoid calling initgroups(3) because of high NIS costs?
_OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False')
# are group-writable `:include:' and .forward files (un)trustworthy?
# True (the default) means they are not trustworthy.
_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True')
ifdef(`confUNSAFE_GROUP_WRITES',
`errprint(`WARNING: confUNSAFE_GROUP_WRITES is deprecated; use confDONT_BLAME_SENDMAIL.
')')
# where do errors that occur when sending errors get sent?
_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster')
# issue temporary errors (4xy) instead of permanent errors (5xy)?
_OPTION(SoftBounce, `confSOFT_BOUNCE', `False')
# where to save bounces if all else fails
_OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter')
# what user id do we assume for the majority of the processing?
_OPTION(RunAsUser, `confRUN_AS_USER', `sendmail')
# maximum number of recipients per SMTP envelope
_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `0')
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `0')
# shall we get local names from our installed interfaces?
_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False')
# Return-Receipt-To: header implies DSN request
_OPTION(RrtImpliesDsn, `confRRT_IMPLIES_DSN', `False')
# override connection address (for testing)
_OPTION(ConnectOnlyTo, `confCONNECT_ONLY_TO', `0.0.0.0')
# Trusted user for file ownership and starting the daemon
_OPTION(TrustedUser, `confTRUSTED_USER', `root')
# Control socket for daemon management
_OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control')
# Maximum MIME header length to protect MUAs
_OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `0/0')
# Maximum length of the sum of all headers
_OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768')
# Maximum depth of alias recursion
_OPTION(MaxAliasRecursion, `confMAX_ALIAS_RECURSION', `10')
# location of pid file
_OPTION(PidFile, `confPID_FILE', `/var/run/sendmail.pid')
# Prefix string for the process title shown on 'ps' listings
_OPTION(ProcessTitlePrefix, `confPROCESS_TITLE_PREFIX', `prefix')
# Data file (df) memory-buffer file maximum size
_OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096')
# Transcript file (xf) memory-buffer file maximum size
_OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096')
# lookup type to find information about local mailboxes
_OPTION(MailboxDatabase, `confMAILBOX_DATABASE', `pw')
# override compile time flag REQUIRES_DIR_FSYNC
_OPTION(RequiresDirfsync, `confREQUIRES_DIR_FSYNC', `true')
# list of authentication mechanisms
_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5')
# Authentication realm
_OPTION(AuthRealm, `confAUTH_REALM', `')
# default authentication information for outgoing connections
_OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info')
# SMTP AUTH flags
_OPTION(AuthOptions, `confAUTH_OPTIONS', `')
# SMTP AUTH maximum encryption strength
_OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `')
# SMTP STARTTLS server options
_OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `')
# SSL cipherlist
_OPTION(CipherList, `confCIPHER_LIST', `')
# server side SSL options
_OPTION(ServerSSLOptions, `confSERVER_SSL_OPTIONS', `')
# client side SSL options
_OPTION(ClientSSLOptions, `confCLIENT_SSL_OPTIONS', `')
+# SSL Engine
+_OPTION(SSLEngine, `confSSL_ENGINE', `')
+# Path to dynamic library for SSLEngine
+_OPTION(SSLEnginePath, `confSSL_ENGINE_PATH', `')
+# TLS: fall back to clear text after handshake failure?
+_OPTION(TLSFallbacktoClear, `confTLS_FALLBACK_TO_CLEAR', `')
# Input mail filters
_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
ifelse(len(X`'_MAIL_FILTERS_DEF), `1', `dnl', `dnl
# Milter options
_OPTION(Milter.LogLevel, `confMILTER_LOG_LEVEL', `')
_OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `')
_OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `')
_OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `')
_OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')
_OPTION(Milter.macros.eom, `confMILTER_MACROS_EOM', `')
_OPTION(Milter.macros.eoh, `confMILTER_MACROS_EOH', `')
_OPTION(Milter.macros.data, `confMILTER_MACROS_DATA', `')')
# CA directory
_OPTION(CACertPath, `confCACERT_PATH', `')
# CA file
_OPTION(CACertFile, `confCACERT', `')
# Server Cert
_OPTION(ServerCertFile, `confSERVER_CERT', `')
# Server private key
_OPTION(ServerKeyFile, `confSERVER_KEY', `')
# Client Cert
_OPTION(ClientCertFile, `confCLIENT_CERT', `')
# Client private key
_OPTION(ClientKeyFile, `confCLIENT_KEY', `')
# File containing certificate revocation lists
_OPTION(CRLFile, `confCRL', `')
+# Directory containing hashes pointing to certificate revocation status files
+_OPTION(CRLPath, `confCRL_PATH', `')
# DHParameters (only required if DSA/DH is used)
_OPTION(DHParameters, `confDH_PARAMETERS', `')
# Random data source (required for systems without /dev/urandom under OpenSSL)
_OPTION(RandFile, `confRAND_FILE', `')
# fingerprint algorithm (digest) to use for the presented cert
_OPTION(CertFingerprintAlgorithm, `confCERT_FINGERPRINT_ALGORITHM', `')
+# enable DANE?
+_OPTION(DANE, `confDANE', `false')
# Maximum number of "useless" commands before slowing down
_OPTION(MaxNOOPCommands, `confMAX_NOOP_COMMANDS', `20')
# Name to use for EHLO (defaults to $j)
_OPTION(HeloName, `confHELO_NAME')
ifdef(`_NEED_SMTPOPMODES_', `dnl
# SMTP operation modes
C{SMTPOpModes} s d D')
############################
`# QUEUE GROUP DEFINITIONS #'
############################
_QUEUE_GROUP_
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#####################
# Trusted users #
#####################
# this is equivalent to setting class "t"
ifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, `MAIL_SETTINGS_DIR`'trusted-users')
Troot
Tdaemon
ifdef(`_NO_UUCP_', `dnl', `Tuucp')
ifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl')
#########################
# Format of headers #
#########################
ifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl
ifdef(`confMESSAGEID_HEADER',, `define(`confMESSAGEID_HEADER', `<$t.$i@$j>')')dnl
H?P?Return-Path: <$g>
HReceived: confRECEIVED_HEADER
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: confFROM_HEADER
H?F?From: confFROM_HEADER
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: confMESSAGEID_HEADER
H?M?Message-Id: confMESSAGEID_HEADER
#
######################################################################
######################################################################
#####
##### REWRITING RULES
#####
######################################################################
######################################################################
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
Scanonify=3
# handle null input (translate to <@> special case)
R$@ $@ <@>
# strip group: syntax (not inside angle brackets!) and trailing semicolon
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:`include': $* <@> $: :`include': $1 unmark :`include':...
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
R$* ; $1 strip trailing semi
R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
R$* < $* ; > $1 < $2 > bogus bracketed semi
# null input now results from list:; syntax
R$@ $@ :; <@>
# strip angle brackets -- note RFC733 heuristic to get innermost item
R$* $: < $1 > housekeeping <>
R$+ < $* > < $2 > strip excess on left
R< $* > $+ < $1 > strip excess on right
R<> $@ < @ > MAIL FROM:<> case
R< $+ > $: $1 remove housekeeping <>
ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
# make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later
R@ $+ , $+ @ $1 : $2 change all "," to ":"
# localize and dispose of route-based addresses
dnl XXX: IPv6 colon conflict
ifdef(`NO_NETINET6', `dnl',
`R@ [$+] : $+ $@ $>Canonify2 < @ [$1] > : $2 handle <route-addr>')
R@ $+ : $+ $@ $>Canonify2 < @$1 > : $2 handle <route-addr>
dnl',`dnl
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
ifdef(`NO_NETINET6', `dnl',
`R@ [ $* ] : $+ $2')
R@ $+ : $+ $2
dnl')
# find focus for list syntax
R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
R $+ : $* ; $@ $1 : $2; list syntax
# find focus for @ syntax addresses
R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
dnl This is flagged as an error in S0; no need to silently fix it here.
dnl # do some sanity checking
dnl R$* < @ $~[ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs
ifdef(`_NO_UUCP_', `dnl',
`# convert old-style addresses to a domain-based address
R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
')
ifdef(`_USE_DECNET_SYNTAX_',
`# convert node::user addresses into a domain-based address
R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names
R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr
',
`dnl')
ifdef(`_NO_PERCENTHACK_', `dnl',
`# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
')
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
################################################
### Ruleset 96 -- bottom half of ruleset 3 ###
################################################
SCanonify2=96
# handle special cases for local names
R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
ifdef(`_NO_UUCP_', `dnl',
`R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain')
# check for IPv4/IPv6 domain literal
R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
ifdef(`_DOMAIN_TABLE_', `dnl
# look up domains in the domain table
R$* < @ $+ > $* $: $1 < @ $(domaintable $2 $) > $3', `dnl')
undivert(2)dnl LOCAL_RULE_3
ifdef(`_BITDOMAIN_TABLE_', `dnl
# handle BITNET mapping
R$* < @ $+ .BITNET > $* $: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl')
ifdef(`_UUDOMAIN_TABLE_', `dnl
# handle UUCP mapping
R$* < @ $+ .UUCP > $* $: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl')
ifdef(`_NO_UUCP_', `dnl',
`ifdef(`UUCP_RELAY',
`# pass UUCP addresses straight through
R$* < @ $+ . UUCP > $* $@ $1 < @ $2 . UUCP . > $3',
`# if really UUCP, handle it immediately
ifdef(`_CLASS_U_',
`R$* < @ $=U . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
ifdef(`_CLASS_V_',
`R$* < @ $=V . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
ifdef(`_CLASS_W_',
`R$* < @ $=W . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
ifdef(`_CLASS_X_',
`R$* < @ $=X . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
ifdef(`_CLASS_Y_',
`R$* < @ $=Y . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl')
ifdef(`_NO_CANONIFY_', `dnl', `dnl
# try UUCP traffic as a local address
R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3')
')')
# hostnames ending in class P are always canonical
R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
dnl apply the next rule only for hostnames not in class P
dnl this even works for phrases in class P since . is in class P
dnl which daemon flags are set?
R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
dnl the other rules in this section only apply if the hostname
dnl does not end in class P hence no further checks are done here
dnl if this ever changes make sure the lookups are "protected" again!
ifdef(`_NO_CANONIFY_', `dnl
dnl do not canonify unless:
dnl domain ends in class {Canonify} (this does not work if the intersection
dnl with class P is non-empty)
dnl or {daemon_flags} has c set
# pass to name server to make hostname canonical if in class {Canonify}
R$* $| $* < @ $* $={Canonify} > $* $: $2 < @ $[ $3 $4 $] > $5
# pass to name server to make hostname canonical if requested
R$* c $* $| $* < @ $* > $* $: $3 < @ $[ $4 $] > $5
dnl trailing dot? -> do not apply _CANONIFY_HOSTS_
R$* $| $* < @ $+ . > $* $: $2 < @ $3 . > $4
# add a trailing dot to qualified hostnames so other rules will work
R$* $| $* < @ $+.$+ > $* $: $2 < @ $3.$4 . > $5
ifdef(`_CANONIFY_HOSTS_', `dnl
dnl this should only apply to unqualified hostnames
dnl but if a valid character inside an unqualified hostname is an OperatorChar
dnl then $- does not work.
# lookup unqualified hostnames
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4', `dnl')', `dnl
dnl _NO_CANONIFY_ is not set: canonify unless:
dnl {daemon_flags} contains CC (do not canonify)
dnl but add a trailing dot to qualified hostnames so other rules will work
dnl should we do this for every hostname: even unqualified?
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
ifdef(`_FFR_NOCANONIFY_HEADERS', `dnl
# do not canonify header addresses
R$* $| $* < @ $* $~P > $* $: $&{addr_type} $| $2 < @ $3 $4 > $5
R$* h $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* h $* $| $* $: $3', `dnl')
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4')
dnl remove {daemon_flags} for other cases
R$* $| $* $: $2
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
ifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
`R$* < @ $* $=M > $* $: $1 < @ $2 $3 . > $4',
`R$* < @ $=M > $* $: $1 < @ $2 . > $3')
ifdef(`_VIRTUSER_TABLE_', `dnl
dnl virtual hosts are also canonical
ifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
`R$* < @ $* $={VirtHost} > $* $: $1 < @ $2 $3 . > $4',
`R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3')',
`dnl')
ifdef(`_GENERICS_TABLE_', `dnl
dnl hosts for genericstable are also canonical
ifdef(`_GENERICS_ENTIRE_DOMAIN_',
`R$* < @ $* $=G > $* $: $1 < @ $2 $3 . > $4',
`R$* < @ $=G > $* $: $1 < @ $2 . > $3')',
`dnl')
dnl remove superfluous dots (maybe repeatedly) which may have been added
dnl by one of the rules before
R$* < @ $* . . > $* $1 < @ $2 . > $3
##################################################
### Ruleset 4 -- Final Output Post-rewriting ###
##################################################
Sfinal=4
R$+ :; <@> $@ $1 : handle <list:;>
R$* <@> $@ handle <> and list:;
# strip trailing dot off possibly canonical name
R$* < @ $+ . > $* $1 < @ $2 > $3
# eliminate internal code
R$* < @ *LOCAL* > $* $1 < @ $j > $2
# externalize local domain info
R$* < $+ > $* $1 $2 $3 defocus
R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
R@ $* $@ @ $1 ... and exit
ifdef(`_NO_UUCP_', `dnl',
`# UUCP must always be presented in old form
R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u')
ifdef(`_USE_DECNET_SYNTAX_',
`# put DECnet back in :: form
R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u',
`dnl')
# delete duplicate local names
R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
##############################################################
### Ruleset 97 -- recanonicalize and call ruleset zero ###
### (used for recursive calls) ###
##############################################################
SRecurse=97
R$* $: $>canonify $1
R$* $@ $>parse $1
######################################
### Ruleset 0 -- Parse Address ###
######################################
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#_LOCAL_ $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
#
# Parse0 -- do initial syntax checking and eliminate local addresses.
# This should either return with the (possibly modified) input
# or return with a #error mailer. It should not return with a
# #mailer other than the #error mailer.
#
SParse0
R<@> $@ <@> special case error msgs
R$* : $* ; <@> $#error $@ 5.1.3 $: "_CODE553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
R<@ $+> $#error $@ 5.1.3 $: "_CODE553 User address required"
R$+ <@> $#error $@ 5.1.3 $: "_CODE553 Hostname required"
R$* $: <> $1
dnl allow tricks like [host1]:[host2]
R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
dnl but no a@[b]c
R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid address"
R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "_CODE553 Colon illegal in host name part"
R<> $* $1
R$* < @ . $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name"
R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name"
dnl no a@b@
R$* < @ $* @ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid route address"
dnl no a@b@c
R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address"
dnl comma only allowed before @; this check is not complete
R$* , $~O $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address"
ifdef(`_STRICT_RFC821_', `# more RFC 821 checks
R$* . < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not end with a dot"
R. $* < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not begin with a dot"
dnl', `dnl')
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
R< @ $+ > $#error $@ 5.1.3 $: "_CODE553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
R< @ *LOCAL* > $#error $@ 5.1.3 $: "_CODE553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
ifdef(`_ADD_BCC_', `dnl
R$+ $: $>ParseBcc $1', `dnl')
ifdef(`_PREFIX_MOD_', `dnl
dnl do this only for addr_type=e r?
R _PREFIX_MOD_ $+ $: $1 $(macro {rcpt_flags} $@ _PREFIX_FLAGS_ $)
')dnl
#
# Parse1 -- the bottom half of ruleset 0.
#
SParse1
ifdef(`_LDAP_ROUTING_', `dnl
# handle LDAP routing for hosts in $={LDAPRoute}
R$+ < @ $={LDAPRoute} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2> <>
R$+ < @ $={LDAPRouteEquiv} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $M> <>',
`dnl')
ifdef(`_MAILER_smtp_',
`# handle numeric address spec
dnl there is no check whether this is really an IP number
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $: $1 < @ [ $2 ] : $S > $3 Add smart host to path
R$* < @ [ $+ ] : > $* $#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#_SMTP_ $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer',
`dnl')
ifdef(`_VIRTUSER_TABLE_', `dnl
# handle virtual users
ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
dnl this is not a documented option
dnl it stops looping in virtusertable mapping if input and output
dnl are identical, i.e., if address A is mapped to A.
dnl it does not deal with multi-level recursion
# handle full domains in RHS of virtusertable
R$+ < @ $+ > $: $(macro {RecipientAddress} $) $1 < @ $2 >
R$+ < @ $+ > $: <?> $1 < @ $2 > $| $>final $1 < @ $2 >
R<?> $+ $| $+ $: $1 $(macro {RecipientAddress} $@ $2 $)
R<?> $+ $| $* $: $1',
`dnl')
R$+ $: <!> $1 Mark for lookup
dnl input: <!> local<@domain>
ifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
`R<!> $+ < @ $* $={VirtHost} . > $: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >',
`R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >')
dnl input: <result-of-lookup | @> local<@domain> | <!> local<@domain>
R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
dnl if <@> local<@domain>: no match but try lookup
dnl user+detail: try user++@domain if detail not empty
R<@> $+ + $+ < @ $* . >
$: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
dnl user+detail: try user+*@domain
R<@> $+ + $* < @ $* . >
$: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
dnl user+detail: try user@domain
R<@> $+ + $* < @ $* . >
$: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
dnl try default entry: @domain
dnl ++@domain
R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
dnl +*@domain
R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
dnl @domain if +detail exists
dnl if no match, change marker to prevent a second @domain lookup
R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
dnl without +detail
R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
dnl no match
R<@> $+ $: $1
dnl remove mark
R<!> $+ $: $1
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
# check virtuser input address against output address, if same, skip recursion
R< $+ > $+ < @ $+ > $: < $1 > $2 < @ $3 > $| $1
# it is the same: stop now
R< $+ > $+ < @ $+ > $| $&{RecipientAddress} $: $>ParseLocal $>Parse0 $>canonify $1
R< $+ > $+ < @ $+ > $| $* $: < $1 > $2 < @ $3 >
dnl', `dnl')
dnl this is not a documented option
dnl it performs no looping at all for virtusertable
ifdef(`_NO_VIRTUSER_RECURSION_',
`R< $+ > $+ < @ $+ > $: $>ParseLocal $>Parse0 $>canonify $1',
`R< $+ > $+ < @ $+ > $: $>Recurse $1')
dnl', `dnl')
# short circuit local delivery so forwarded email works
ifdef(`_MAILER_usenet_', `dnl
R$+ . USENET < @ $=w . > $#usenet $@ usenet $: $1 handle usenet specially', `dnl')
ifdef(`_STICKY_LOCAL_DOMAIN_',
`R$+ < @ $=w . > $: < $H > $1 < @ $2 . > first try hub
R< $+ > $+ < $+ > $>MailerToTriple < $1 > $2 < $3 > yep ....
dnl $H empty (but @$=w.)
R< > $+ + $* < $+ > $#_LOCAL_ $: $1 + $2 plussed name?
R< > $+ < $+ > $#_LOCAL_ $: @ $1 nope, local address',
`R$=L < @ $=w . > $#_LOCAL_ $: @ $1 special local names
R$+ < @ $=w . > $#_LOCAL_ $: $1 regular local name')
ifdef(`_MAILER_TABLE_', `dnl
# not local -- try mailer table lookup
R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
R< $+ . > $* $: < $1 > $2 strip trailing dot
R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
R< $+ > $* $: $>Mailertable <$1> $2 try domain',
`dnl')
undivert(4)dnl UUCP rules from `MAILER(uucp)'
ifdef(`_NO_UUCP_', `dnl',
`# resolve remotely connected UUCP links (if any)
ifdef(`_CLASS_V_',
`R$* < @ $=V . UUCP . > $* $: $>MailerToTriple < $V > $1 <@$2.UUCP.> $3',
`dnl')
ifdef(`_CLASS_W_',
`R$* < @ $=W . UUCP . > $* $: $>MailerToTriple < $W > $1 <@$2.UUCP.> $3',
`dnl')
ifdef(`_CLASS_X_',
`R$* < @ $=X . UUCP . > $* $: $>MailerToTriple < $X > $1 <@$2.UUCP.> $3',
`dnl')')
# resolve fake top level domains by forwarding to other hosts
ifdef(`BITNET_RELAY',
`R$*<@$+.BITNET.>$* $: $>MailerToTriple < $B > $1 <@$2.BITNET.> $3 user@host.BITNET',
`dnl')
ifdef(`DECNET_RELAY',
`R$*<@$+.DECNET.>$* $: $>MailerToTriple < $C > $1 <@$2.DECNET.> $3 user@host.DECNET',
`dnl')
ifdef(`_MAILER_pop_',
`R$+ < @ POP. > $#pop $: $1 user@POP',
`dnl')
ifdef(`_MAILER_fax_',
`R$+ < @ $+ .FAX. > $#fax $@ $2 $: $1 user@host.FAX',
`ifdef(`FAX_RELAY',
`R$*<@$+.FAX.>$* $: $>MailerToTriple < $F > $1 <@$2.FAX.> $3 user@host.FAX',
`dnl')')
ifdef(`UUCP_RELAY',
`# forward non-local UUCP traffic to our UUCP relay
R$*<@$*.UUCP.>$* $: $>MailerToTriple < $Y > $1 <@$2.UUCP.> $3 uucp mail',
`ifdef(`_MAILER_uucp_',
`# forward other UUCP traffic straight to UUCP
R$* < @ $+ .UUCP. > $* $#_UUCP_ $@ $2 $: $1 < @ $2 .UUCP. > $3 user@host.UUCP',
`dnl')')
ifdef(`_MAILER_usenet_', `
# addresses sent to net.group.USENET will get forwarded to a newsgroup
R$+ . USENET $#usenet $@ usenet $: $1',
`dnl')
ifdef(`_LOCAL_RULES_',
`# figure out what should stay in our local mail system
undivert(1)', `dnl')
# pass names that still have a host to a smarthost (if defined)
R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
# deal with other remote names
ifdef(`_MAILER_smtp_',
`R$* < @$* > $* $#_SMTP_ $@ $2 $: $1 < @ $2 > $3 user@host.domain',
`R$* < @$* > $* $#error $@ 5.1.2 $: "_CODE553 Unrecognized host name " $2')
# handle locally delivered names
R$=L $#_LOCAL_ $: @ $1 special local names
R$+ $#_LOCAL_ $: $1 regular local names
ifdef(`_ADD_BCC_', `dnl
SParseBcc
R$+ $: $&{addr_type} $| $&A $| $1
Re b $| $+ $| $+ $>MailerToTriple < $1 > $2 copy?
R$* $| $* $| $+ $@ $3 no copy
')
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
ifdef(`_PRESERVE_LUSER_HOST_', `dnl
# Preserve rcpt_host in {Host}
R$+ $: $1 $| $&h $| $&{Host} check h and {Host}
R$+ $| $| $: $(macro {Host} $@ $) $1 no h or {Host}
R$+ $| $| $+ $: $1 h not set, {Host} set
R$+ $| +$* $| $* $: $1 h is +detail, {Host} set
R$+ $| $* @ $+ $| $* $: $(macro {Host} $@ @$3 $) $1 set {Host} to host in h
R$+ $| $+ $| $* $: $(macro {Host} $@ @$2 $) $1 set {Host} to h
')dnl
ifdef(`_FFR_5_', `dnl
# Preserve host in a macro
R$+ $: $(macro {LocalAddrHost} $) $1
R$+ @ $+ $: $(macro {LocalAddrHost} $@ @ $2 $) $1')
ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', `dnl
# deal with plussed users so aliases work nicely
R$+ + * $#_LOCAL_ $@ $&h $: $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')
R$+ + $* $#_LOCAL_ $@ + $2 $: $1 + *`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')
')
# prepend an empty "forward host" on the front
R$+ $: <> $1
ifdef(`LUSER_RELAY', `dnl
# send unrecognized local users to a relay host
ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
R< > $+ + $* $: < ? $L > <+ $2> $(user $1 $) look up user+
R< > $+ $: < ? $L > < > $(user $1 $) look up user
R< ? $* > < $* > $+ <> $: < > $3 $2 found; strip $L
R< ? $* > < $* > $+ $: < $1 > $3 $2 not found', `
R< > $+ $: < $L > $(user $1 $) look up user
R< $* > $+ <> $: < > $2 found; strip $L')
ifdef(`_PRESERVE_LUSER_HOST_', `dnl
R< $+ > $+ $: < $1 > $2 $&{Host}')
dnl')
ifdef(`MAIL_HUB', `dnl
R< > $+ $: < $H > $1 try hub', `dnl')
ifdef(`LOCAL_RELAY', `dnl
R< > $+ $: < $R > $1 try relay', `dnl')
ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
R< > $+ $@ $1', `dnl
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
ifdef(`_PRESERVE_LUSER_HOST_', `dnl
R< > < $+ @ $+ <> + $* > $: < > < $1 + $3 @ $2 > check whether +detail')
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#_LOCAL_ $@ $2 $: @ $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
ifdef(`_PRESERVE_LUSER_HOST_', `dnl
R$+ @ $+ <> + $* $: $1 + $3 @ $2 check whether +detail')
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard')
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
ifdef(`_PRESERVE_LUSER_HOST_', `dnl
dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
R< $~[ : $+ > $+ @ $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $4 >')
R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
ifdef(`_PRESERVE_LUSER_HOST_', `dnl
R< $+ > $+ @ $+ $@ $>MailerToTriple < $1 > $2 < @ $3 >')
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
ifdef(`_MAILER_TABLE_', `dnl
ifdef(`_LDAP_ROUTING_', `dnl
###################################################################
### Ruleset LDAPMailertable -- mailertable lookup for LDAP ###
dnl input: <Domain> FullAddress
###################################################################
SLDAPMailertable
R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check resolved?
R< $+ > $* $: < $1 > $>Mailertable <$1> $2 try domain
R< $+ > $#$* $#$2 found
R< $+ > $* $#_RELAY_ $@ $1 $: $2 not found, direct relay',
`dnl')
###################################################################
### Ruleset 90 -- try domain part of mailertable entry ###
dnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress
###################################################################
SMailertable=90
dnl shift and check
dnl %2 is not documented in cf/README
R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
dnl is $2 always empty?
R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
dnl return full address
R< $* > $* $@ $2 no mailertable match',
`dnl')
###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
dnl input: in general: <[mailer:]host> lp<@domain>rest
dnl <> address -> address
dnl <error:d.s.n:text> -> error
dnl <error:keyword:text> -> error
dnl <error:text> -> error
dnl <mailer:user@host> lp<@domain>rest -> mailer host user
dnl <mailer:host> address -> mailer host address
dnl <localdomain> address -> address
dnl <host> address -> relay host address
###################################################################
SMailerToTriple=95
R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- : $+ > $* $#error $@ $(dequote $1 $) $: $2
R< error : $+ > $* $#error $: $1
R< local : $* > $* $>CanonLocal < $1 > $2
dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
R< $+ > $* $#_RELAY_ $@ $1 $: $2 use unqualified mailer
###################################################################
### Ruleset CanonLocal -- canonify local: syntax ###
dnl input: <user> address
dnl <x> <@host> : rest -> Recurse rest
dnl <x> p1 $=O p2 <@host> -> Recurse p1 $=O p2
dnl <> user <@host> rest -> local user@host user
dnl <> user -> local user user
dnl <user@host> lp <@domain> rest -> <user> lp <@host> [cont]
dnl <user> lp <@host> rest -> local lp@host user
dnl <user> lp -> local lp user
###################################################################
SCanonLocal
# strip local host from routed addresses
R< $* > < @ $+ > : $+ $@ $>Recurse $3
R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
# strip trailing dot from any host name that may appear
R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
# handle local: syntax -- use old user, either with or without host
R< > $* < @ $* > $* $#_LOCAL_ $@ $1@$2 $: $1
R< > $+ $#_LOCAL_ $@ $1 $: $1
# handle local:user@host syntax -- ignore host part
R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
# handle local:user syntax
R< $+ > $* <@ $* > $* $#_LOCAL_ $@ $2@$3 $: $1
R< $+ > $* $#_LOCAL_ $@ $2 $: $1
###################################################################
### Ruleset 93 -- convert header names to masqueraded form ###
###################################################################
SMasqHdr=93
ifdef(`_GENERICS_TABLE_', `dnl
# handle generics database
ifdef(`_GENERICS_ENTIRE_DOMAIN_',
dnl if generics should be applied add a @ as mark
`R$+ < @ $* $=G . > $: < $1@$2$3 > $1 < @ $2$3 . > @ mark',
`R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark')
R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark
dnl workspace: either user<@domain> or <user@domain> user <@domain> @
dnl ignore the first case for now
dnl if it has the mark lookup full address
dnl broken: %1 is full address not just detail
R< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 >
dnl workspace: ... or <match|@user@domain> user <@domain>
dnl no match, try user+detail@domain
R<@$+ + $* @ $+> $+ < @ $+ >
$: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 >
R<@$+ + $* @ $+> $+ < @ $+ >
$: < $(generics $1@$3 $: $) > $4 < @ $5 >
dnl no match, remove mark
R<@$+ > $+ < @ $+ > $: < > $2 < @ $3 >
dnl no match, try @domain for exceptions
R< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . >
dnl workspace: ... or <match> user <@domain>
dnl no match, try local part
R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 >
R< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 >
R< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 >
R< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified
R< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified
R< > $* $: $1 not found',
`dnl')
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
ifdef(`MASQUERADE_NAME', `dnl
# special case the users that should be exposed
R$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed
ifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
`R$=E < @ $* $=M . > $@ $1 < @ $2 $3 . >',
`R$=E < @ $=M . > $@ $1 < @ $2 . >')
ifdef(`_LIMITED_MASQUERADE_', `dnl',
`R$=E < @ $=w . > $@ $1 < @ $2 . >')
# handle domain-specific masquerading
ifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
`R$* < @ $* $=M . > $* $: $1 < @ $2 $3 . @ $M > $4 convert masqueraded doms',
`R$* < @ $=M . > $* $: $1 < @ $2 . @ $M > $3 convert masqueraded doms')
ifdef(`_LIMITED_MASQUERADE_', `dnl',
`R$* < @ $=w . > $* $: $1 < @ $2 . @ $M > $3')
R$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2
R$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null
R$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null
dnl', `dnl no masquerading
dnl just fix *LOCAL* leftovers
R$* < @ *LOCAL* > $@ $1 < @ $j . >')
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
###################################################################
SMasqEnv=94
ifdef(`_MASQUERADE_ENVELOPE_',
`R$+ $@ $>MasqHdr $1',
`R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2')
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
undivert(3)dnl LOCAL_RULE_0
ifdef(`_LDAP_ROUTING_', `dnl
######################################################################
### LDAPExpand: Expand address using LDAP routing
###
### Parameters:
### <$1> -- parsed address (user < @ domain . >) (pass through)
### <$2> -- RFC822 address (user @ domain) (used for lookup)
### <$3> -- +detail information
###
### Returns:
### Mailer triplet ($#mailer $@ host $: address)
### Parsed address (user < @ domain . >)
######################################################################
SLDAPExpand
# do the LDAP lookups
R<$+><$+><$*> $: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> <$3>
# look for temporary failures and...
R<$* <TMPF>> <$*> <$+> <$+> <$*> $: $&{opMode} $| TMPF <$&{addr_type}> $| $3
R<$*> <$* <TMPF>> <$+> <$+> <$*> $: $&{opMode} $| TMPF <$&{addr_type}> $| $3
ifelse(_LDAP_ROUTE_MAPTEMP_, `_TEMPFAIL_', `dnl
# ... temp fail RCPT SMTP commands
-R$={SMTPOpModes} $| TMPF <e r> $| $+ $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."')
+R$={SMTPOpModes} $| TMPF <e r> $| $+ $#error $@ 4.3.0 $: _TMPFMSG_(`OPM')')
# ... return original address for MTA to queue up
R$* $| TMPF <$*> $| $+ $@ $3
# if mailRoutingAddress and local or non-existant mailHost,
# return the new mailRoutingAddress
ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
R<$+@$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $6 @ $2
R<$+@$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $5 @ $2')
R<$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1
R<$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1
# if mailRoutingAddress and non-local mailHost,
# relay to mailHost with new mailRoutingAddress
ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
ifdef(`_MAILER_TABLE_', `dnl
# check mailertable for host, relay from there
R<$+@$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$3> $>canonify $1 $6 @ $2',
`R<$+@$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $3 $: $>canonify $1 $6 @ $2')')
ifdef(`_MAILER_TABLE_', `dnl
# check mailertable for host, relay from there
R<$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$2> $>canonify $1',
`R<$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $2 $: $>canonify $1')
# if no mailRoutingAddress and local mailHost,
# return original address
R<> <$=w> <$+> <$+> <$*> $@ $2
# if no mailRoutingAddress and non-local mailHost,
# relay to mailHost with original address
ifdef(`_MAILER_TABLE_', `dnl
# check mailertable for host, relay from there
R<> <$+> <$+> <$+> <$*> $>LDAPMailertable <$1> $2',
`R<> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $1 $: $2')
ifdef(`_LDAP_ROUTE_DETAIL_',
`# if no mailRoutingAddress and no mailHost,
# try without +detail
R<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl
ifdef(`_LDAP_ROUTE_NODOMAIN_', `
# pretend we did the @domain lookup
R<> <> <$+> <$+ @ $+> <$*> $: <> <> <$1> <@ $3> <$4>', `
# if still no mailRoutingAddress and no mailHost,
# try @domain
ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
R<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <@ $4> <+$3>')
R<> <> <$+> <$+ @ $+> <$*> $@ $>LDAPExpand <$1> <@ $3> <$4>')
# if no mailRoutingAddress and no mailHost and this was a domain attempt,
ifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl
# user does not exist
R<> <> <$+> <@ $+> <$*> $: <?> < $&{addr_type} > < $1 >
# only give error for envelope recipient
R<?> <e r> <$+> $#error $@ nouser $: "550 User unknown"
ifdef(`_LDAP_SENDER_MUST_EXIST_', `dnl
# and the sender too
R<?> <e s> <$+> $#error $@ nouser $: "550 User unknown"')
R<?> <$*> <$+> $@ $2',
`dnl
# return the original address
R<> <> <$+> <@ $+> <$*> $@ $1')
')
ifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode.
')')
ifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
######################################################################
### D: LookUpDomain -- search for domain in access database
###
### Parameters:
### <$1> -- key (domain name)
### <$2> -- default (what to return if not found in db)
dnl must not be empty
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed unchanged through)
dnl returns: <default> <passthru>
dnl <result> <passthru>
######################################################################
SD
dnl workspace <key> <default> <passthru> <mark>
dnl lookup with tag (in front, no delimiter here)
dnl 2 3 4 5
R<$*> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
dnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark>
dnl lookup without tag?
dnl 1 2 3 4
R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
ifdef(`_LOOKUPDOTDOMAIN_', `dnl omit first component: lookup .rest
dnl XXX apply this also to IP addresses?
dnl currently it works the wrong way round for [1.2.3.4]
dnl 1 2 3 4 5 6
R<?> <$+.$+> <$+> <$- $-> <$*> $: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4 $5> <$6>
dnl 1 2 3 4 5
R<?> <$+.$+> <$+> <+ $-> <$*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <+ $4> <$5>', `dnl')
ifdef(`_ACCESS_SKIP_', `dnl
dnl found SKIP: return <default> and <passthru>
dnl 1 2 3 4 5
R<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl')
dnl not found: IPv4 net (no check is done whether it is an IP number!)
dnl 1 2 3 4 5 6
R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
ifdef(`NO_NETINET6', `dnl',
`dnl not found: IPv6 net
dnl (could be merged with previous rule if we have a class containing .:)
dnl 1 2 3 4 5 6
R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>')
dnl not found, but subdomain: try again
dnl 1 2 3 4 5 6
R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
ifdef(`_FFR_LOOKUPTAG_', `dnl lookup Tag:
dnl 1 2 3 4
R<?> <$+> <$+> <! $-> <$*> $: < $(access $3`'_TAG_DELIM_ $: ? $) > <$1> <$2> <! $3> <$4>', `dnl')
dnl not found, no subdomain: return <default> and <passthru>
dnl 1 2 3 4 5
R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
ifdef(`_ATMPF_', `dnl tempfail?
dnl 2 3 4 5 6
R<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl')
dnl return <result of lookup> and <passthru>
dnl 2 3 4 5 6
R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
######################################################################
### A: LookUpAddress -- search for host address in access database
###
### Parameters:
### <$1> -- key (dot quadded host address)
### <$2> -- default (what to return if not found in db)
dnl must not be empty
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed through)
dnl returns: <default> <passthru>
dnl <result> <passthru>
######################################################################
SA
dnl lookup with tag
dnl 2 3 4 5
R<$+> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
dnl lookup without tag
dnl 1 2 3 4
R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
dnl workspace <result-of-lookup|?> <key> <default> <mark> <passthru>
ifdef(`_ACCESS_SKIP_', `dnl
dnl found SKIP: return <default> and <passthru>
dnl 1 2 3 4 5
R<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl')
ifdef(`NO_NETINET6', `dnl',
`dnl no match; IPv6: remove last part
dnl 1 2 3 4 5 6
R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>')
dnl no match; IPv4: remove last part
dnl 1 2 3 4 5 6
R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
dnl no match: return default
dnl 1 2 3 4 5
R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
ifdef(`_ATMPF_', `dnl tempfail?
dnl 2 3 4 5 6
R<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl')
dnl match: return result
dnl 2 3 4 5 6
R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
dnl endif _ACCESS_TABLE_
divert(0)
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed address, not in source route form
dnl user%host%host<@domain>
dnl host!user<@domain>
######################################################################
SCanonAddr
R$* $: $>Parse0 $>canonify $1 make domain canonical
ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
R< @ $+ > : $* @ $* < @ $1 > : $2 % $3 change @ to % in src route
R$* < @ $+ > : $* : $* $3 $1 < @ $2 > : $4 change to % hack.
R$* < @ $+ > : $* $3 $1 < @ $2 >
dnl')
######################################################################
### ParseRecipient -- Strip off hosts in $=R as well as possibly
### $* $=m or the access database.
### Check user portion for host separators.
###
### Parameters:
### $1 -- full recipient address
###
### Returns:
### parsed, non-local-relaying address
######################################################################
SParseRecipient
dnl mark and canonify address
R$* $: <?> $>CanonAddr $1
dnl workspace: <?> localpart<@domain[.]>
R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
dnl workspace: <?> localpart<@domain>
R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
# if no $=O character, no host in the user portion, we are done
R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
dnl no $=O in localpart: return
R<?> $* $@ $1
dnl workspace: <NO> localpart<@domain>, where localpart contains $=O
dnl mark everything which has an "authorized" domain with <RELAY>
ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
# if we relay, check username portion for user%host so host can be checked also
R<NO> $* < @ $* $=m > $: <RELAY> $1 < @ $2 $3 >', `dnl')
dnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O
dnl if mark is <NO> then change it to <RELAY> if domain is "authorized"
dnl what if access map returns something else than RELAY?
dnl we are only interested in RELAY entries...
-dnl other To: entries: blacklist recipient; generic entries?
+dnl other To: entries: blocklist recipient; generic entries?
dnl if it is an error we probably do not want to relay anyway
ifdef(`_RELAY_HOSTS_ONLY_',
`R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 >
ifdef(`_ACCESS_TABLE_', `dnl
R<NO> $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 >
R<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')',
`R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
ifdef(`_ACCESS_TABLE_', `dnl
R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
R<$+> <$+> $: <$1> $2',`dnl')')
ifdef(`_RELAY_MX_SERVED_', `dnl
dnl do "we" ($=w) act as backup MX server for the destination domain?
R<NO> $* < @ $+ > $: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > >
R<MX> < : $* <TEMP> : > $* $#TEMP $@ 4.4.0 $: "450 Can not check MX records for recipient host " $1
dnl yes: mark it as <RELAY>
R<MX> < $* : $=w. : $* > < $+ > $: <RELAY> $4
dnl no: put old <NO> mark back
R<MX> < : $* : > < $+ > $: <NO> $2', `dnl')
dnl do we relay to this recipient domain?
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
dnl something else
R<$+> $* $@ $2
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
ifdef(`_CONTROL_IMMEDIATE_',`dnl
Scheck_relay
ifdef(`_RATE_CONTROL_IMMEDIATE_',`dnl
dnl workspace: ignored...
R$* $: $>"RateControl" dummy', `dnl')
ifdef(`_CONN_CONTROL_IMMEDIATE_',`dnl
dnl workspace: ignored...
R$* $: $>"ConnControl" dummy', `dnl')
dnl')
SLocal_check_relay
Scheck`'_U_`'relay
ifdef(`_USE_CLIENT_PTR_',`dnl
R$* $| $* $: $&{client_ptr} $| $2', `dnl')
R$* $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$* $#$3
R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
SBasic_check_relay
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
ifdef(`_ACCESS_TABLE_', `dnl
dnl workspace: {client_name} $| {client_addr}
R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
dnl workspace: <result-of-lookup> <{client_addr}>
dnl OR $| $+ if client_name is empty
R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
dnl workspace: <result-of-lookup> <{client_addr}>
R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
dnl workspace: <result-of-lookup> (<>|<{client_addr}>)
R<?> <$*> $: OK found nothing
dnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK
R<$={Accept}> <$*> $@ $1 return value of lookup
R<REJECT> <$*> $#error ifdef(`confREJECT_MSG', `$: confREJECT_MSG', `$@ 5.7.1 $: "550 Access denied"')
R<DISCARD> <$*> $#discard $: discard
R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
dnl error tag
R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> <$*> $#error $: $1
-ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: _TMPFMSG_(`CR')', `dnl')
dnl generic error from access map
R<$+> <$*> $#error $: $1', `dnl')
ifdef(`_RBL_',`dnl
# DNS based IP address spam list
dnl workspace: ignored...
R$* $: $&{client_addr}
R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._RBL_. $: OK $)
R<?>OK $: OKSOFAR
R<?>$+ $#error $@ 5.7.1 $: "550 Rejected: " $&{client_addr} " listed at _RBL_"',
`dnl')
ifdef(`_RATE_CONTROL_',`dnl
ifdef(`_RATE_CONTROL_IMMEDIATE_',`', `dnl
dnl workspace: ignored...
R$* $: $>"RateControl" dummy')', `dnl')
ifdef(`_CONN_CONTROL_',`dnl
ifdef(`_CONN_CONTROL_IMMEDIATE_',`',`dnl
dnl workspace: ignored...
R$* $: $>"ConnControl" dummy')', `dnl')
undivert(8)dnl LOCAL_DNSBL
ifdef(`_REQUIRE_RDNS_', `dnl
R$* $: $&{client_addr} $| $&{client_resolve}
R$=R $* $@ RELAY We relay for these
R$* $| OK $@ OK Resolves.
R$* $| FAIL $#error $@ 5.7.1 $: 550 Fix reverse DNS for $1
R$* $| TEMP $#error $@ 4.1.8 $: 451 Client IP address $1 does not resolve
R$* $| FORGED $#error $@ 4.1.8 $: 451 Possibly forged hostname for $1
', `dnl')
######################################################################
### check_mail -- check SMTP ``MAIL FROM:'' command argument
######################################################################
SLocal_check_mail
Scheck`'_U_`'mail
R$* $: $1 $| $>"Local_check_mail" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_mail" $1
SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
# authenticated?
dnl done first: we can require authentication for every mail transaction
dnl workspace: address as given by MAIL FROM: (sender)
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
dnl undo damage: remove result of tls_client call
R$* $| $* $: $1
dnl workspace: address as given by MAIL FROM:
R<> $@ <OK> we MUST accept <> (RFC 1123)
ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
dnl do some additional checks
dnl no user@host
dnl no user@localhost (if nonlocal sender)
dnl this is a pretty simple canonification, it will not catch every case
dnl just make sure the address has <> around it (which is required by
dnl the RFC anyway, maybe we should complain if they are missing...)
dnl dirty trick: if it is user@host, just add a dot: user@host. this will
dnl not be modified by host lookups.
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
dnl workspace: <@> <address>
dnl prepend daemon_flags
R$* $: $&{daemon_flags} $| $1
dnl workspace: ${daemon_flags} $| <@> <address>
dnl do not allow these at all or only from local systems?
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
dnl accept unqualified sender: change mark to avoid test
R$* u $* $| <@> < $* > $: <?> < $3 >
dnl workspace: ${daemon_flags} $| <@> <address>
dnl or: <? ${client_name} > <address>
dnl or: <?> <address>
dnl remove daemon_flags
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] >
$: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] >
R<@> < $* @ [IPv6:::1] >
$: < ? $&{client_name} > < $1 @ [IPv6:::1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
ifdef(`_NO_UUCP_', `dnl',
`R<@> < $* @ localhost.UUCP >
$: < ? $&{client_name} > < $1 @ localhost.UUCP >')
dnl workspace: < ? $&{client_name} > <user@localhost|host>
dnl or: <@> <address>
dnl or: <?> <address> (thanks to u in ${daemon_flags})
R<@> $* $: $1 no localhost as domain
dnl workspace: < ? $&{client_name} > <user@localhost|host>
dnl or: <address>
dnl or: <?> <address> (thanks to u in ${daemon_flags})
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "_CODE553 Real domain name required for sender address"
dnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags})
R<?> $* $: $1')
dnl workspace: address (or <address>)
R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
dnl workspace: <?> CanonicalAddress (i.e. address in canonical form localpart<@host>)
dnl there is nothing behind the <@host> so no trailing $* needed
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <_RES_OK_> $1 < @ $2 $3 >
dnl workspace <mark> CanonicalAddress where mark is ? or OK
dnl A sender address with my local host name ($j) is safe
R<?> $* < @ $j > $: <_RES_OK_> $1 < @ $j >
ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',
`R<?> $* < @ $+ > $: <_RES_OK_> $1 < @ $2 > ... unresolvable OK',
`R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >')
dnl workspace <mark> CanonicalAddress where mark is ?, _RES_OK_, PERM, TEMP
dnl mark is ? iff the address is user (wo @domain)
ifdef(`_ACCESS_TABLE_', `dnl
# check sender address: user@address, user@, address
dnl should we remove +ext from user?
dnl workspace: <mark> CanonicalAddress where mark is: ?, _RES_OK_, PERM, TEMP
R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
R<$+> $+ $: @<$1> <$2> $| <U:$2@>
dnl workspace: @<mark> <CanonicalAddress> $| <@type:address> ....
dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
dnl will only return user<@domain when "reversing" the args
R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
dnl workspace: <@><mark> <CanonicalAddress> $| <result>
R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
dnl workspace: <result> <mark> <CanonicalAddress>
# retransform for further use
dnl required form:
dnl <ResultOfLookup|mark> CanonicalAddress
R<?> <$+> <$*> $: <$1> $2 no match
R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it', `dnl')
dnl workspace <ResultOfLookup|mark> CanonicalAddress
dnl mark is ? iff the address is user (wo @domain)
ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
# handle case of no @domain on address
dnl prepend daemon_flags
R<?> $* $: $&{daemon_flags} $| <?> $1
dnl accept unqualified sender: change mark to avoid test
R$* u $* $| <?> $* $: <_RES_OK_> $3
dnl remove daemon_flags
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <_RES_OK_> ...local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "_CODE553 Domain name required for sender address " $&f
...remote is not')
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "_CODE553 Domain of sender address " $&f " does not exist"
ifdef(`_ACCESS_TABLE_', `dnl
R<$={Accept}> $* $# $1 accept from access map
R<DISCARD> $* $#discard $: discard
R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
R<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: confREJECT_MSG', `$@ 5.7.1 $: "550 Access denied"')
dnl error tag
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1
-ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: _TMPFMSG_(`CM')', `dnl')
dnl generic error from access map
R<$+> $* $#error $: $1 error from access db',
`dnl')
dnl workspace: @ CanonicalAddress (i.e. address in canonical form localpart<@host>)
ifdef(`_BADMX_CHK_', `dnl
R@ $*<@$+>$* $: $1<@$2>$3 $| $>BadMX $2
R$* $| $#$* $#$2
SBadMX
# Look up MX records and ferret away a copy of the original address.
# input: domain part of address to check
R$+ $:<MX><$1><:$(mxlist $1$):><:>
# workspace: <MX><domain><: mxlist-result $><:>
R<MX><$+><:$*<TEMP>:><$*> $#error $@ 4.1.2 $: "450 MX lookup failure for "$1
# workspace: <MX> <original destination> <unchecked mxlist> <checked mxlist>
# Recursively run badmx check on each mx.
R<MX><$*><:$+:$*><:$*> <MX><$1><:$3><: $4 $(badmx $2 $):>
# See if any of them fail.
R<MX><$*><$*><$*<BADMX>:$*> $#error $@ 5.1.2 $:"550 Illegal MX record for host "$1
# Reverse the mxlists so we can use the same argument order again.
R<MX><$*><$*><$*> $:<MX><$1><$3><$2>
R<MX><$*><:$+:$*><:$*> <MX><$1><:$3><:$4 $(dnsA $2 $) :>
# Reverse the lists so we can use the same argument order again.
R<MX><$*><$*><$*> $:<MX><$1><$3><$2>
R<MX><$*><:$+:$*><:$*> <MX><$1><:$3><:$4 $(BadMXIP $2 $) :>
R<MX><$*><$*><$*<BADMXIP>:$*> $#error $@ 5.1.2 $:"550 Invalid MX record for host "$1',
`dnl')
######################################################################
### check_rcpt -- check SMTP ``RCPT TO:'' command argument
######################################################################
SLocal_check_rcpt
Scheck`'_U_`'rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
# empty address?
R<> $#error $@ nouser $: "553 User address required"
R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
dnl this code checks for user@host where host is not a FQHN.
dnl it is not activated.
dnl notice: code to check for a recipient without a domain name is
dnl available down below; look for the same macro.
dnl this check is done here because the name might be qualified by the
dnl canonicalization.
# require fully qualified domain part?
dnl very simple canonification: make sure the address is in < >
R$+ $: <?> $1
R<?> <$+> $: <@> <$1>
R<?> $+ $: <@> <$1>
R<@> < postmaster > $: postmaster
R<@> < $* @ $+ . $+ > $: < $1 @ $2 . $3 >
dnl prepend daemon_flags
R<@> $* $: $&{daemon_flags} $| <@> $1
dnl workspace: ${daemon_flags} $| <@> <address>
dnl _r_equire qual.rcpt: ok
R$* r $* $| <@> < $+ @ $+ > $: < $3 @ $4 >
dnl do not allow these at all or only from local systems?
R$* r $* $| <@> < $* > $: < ? $&{client_name} > < $3 >
R<?> < $* > $: <$1>
R<? $=w> < $* > $: <$1>
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Fully qualified domain name required"
dnl remove daemon_flags for other cases
R$* $| <@> $* $: $2', `dnl')
dnl ##################################################################
dnl call subroutines for recipient and relay
dnl possible returns from subroutines:
dnl $#TEMP temporary failure
dnl $#error permanent failure (or temporary if from access map)
dnl $#other stop processing
dnl RELAY RELAYing allowed
dnl other otherwise
######################################################################
R$* $: $1 $| @ $>"Rcpt_ok" $1
dnl temporary failure? remove mark @ and remember
R$* $| @ $#TEMP $+ $: $1 $| T $2
dnl error or ok (stop)
R$* $| @ $#$* $#$2
ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
R$* $| @ RELAY $@ RELAY
dnl something else: call check sender (relay)
R$* $| @ $* $: O $| $>"Relay_ok" $1
dnl temporary failure: call check sender (relay)
R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
dnl temporary failure? return that
R$* $| $#TEMP $+ $#error $2
dnl error or ok (stop)
R$* $| $#$* $#$2
R$* $| RELAY $@ RELAY
dnl something else: return previous temp failure
R T $+ $| $* $#error $1
# anything else is bogus
R$* $#error $@ 5.7.1 $: confRELAY_MSG
divert(0)
######################################################################
### Rcpt_ok: is the recipient ok?
dnl input: recipient address (RCPT TO)
dnl output: see explanation at call
######################################################################
SRcpt_ok
ifdef(`_LOOSE_RELAY_CHECK_',`dnl
R$* $: $>CanonAddr $1
R$* < @ $* . > $1 < @ $2 > strip trailing dots',
`R$* $: $>ParseRecipient $1 strip relayable hosts')
ifdef(`_BESTMX_IS_LOCAL_',`dnl
ifelse(_BESTMX_IS_LOCAL_, `', `dnl
# unlimited bestmx
R$* < @ $* > $* $: $1 < @ $2 @@ $(bestmx $2 $) > $3',
`dnl
# limit bestmx to $=B
R$* < @ $* $=B > $* $: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4')
R$* $=O $* < @ $* @@ $=w . > $* $@ $>"Rcpt_ok" $1 $2 $3
R$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4
R$* < @ $* @@ $* > $* $: $1 < @ $2 > $4')
-ifdef(`_BLACKLIST_RCPT_',`dnl
+ifdef(`_BLOCKLIST_RCPT_',`dnl
ifdef(`_ACCESS_TABLE_', `dnl
-# blacklist local users or any host from receiving mail
+# blocklist local users or any host from receiving mail
R$* $: <?> $1
dnl user is now tagged with @ to be consistent with check_mail
dnl and to distinguish users from hosts (com would be host, com@ would be user)
R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
R<?> $+ $: <> <$1> $| <U:$1@>
dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
dnl will only return user<@domain when "reversing" the args
R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
R<@> <$*> $| <$*> $: <$2> <$1> reverse result
R<?> <$*> $: @ $1 mark address as no match
dnl we may have to filter here because otherwise some RHSs
dnl would be interpreted as generic error messages...
dnl error messages should be "tagged" by prefixing them with error: !
dnl that would make a lot of things easier.
R<$={Accept}> <$*> $: @ $2 mark address as no match
ifdef(`_ACCESS_SKIP_', `dnl
R<SKIP> <$*> $: @ $1 mark address as no match', `dnl')
ifdef(`_DELAY_COMPAT_8_10_',`dnl
dnl compatility with 8.11/8.10:
dnl we have to filter these because otherwise they would be interpreted
dnl as generic error message...
dnl error messages should be "tagged" by prefixing them with error: !
dnl that would make a lot of things easier.
dnl maybe we should stop checks already here (if SPAM_xyx)?
R<$={SpamTag}> <$*> $: @ $2 mark address as no match')
R<REJECT> $* $#error $@ 5.2.1 $: confRCPTREJ_MSG
R<DISCARD> $* $#discard $: discard
R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
dnl error tag
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1
-ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: _TMPFMSG_(`ROK1')', `dnl')
dnl generic error from access map
R<$+> $* $#error $: $1 error from access db
R@ $* $1 remove mark', `dnl')', `dnl')
ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
R$* $| $* $: $1 no
R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
dnl workspace: localpart<@domain> $| result of Local_Relay_Auth
R$* $| $# $* $# $2
dnl if Local_Relay_Auth returns NO then do not check $={TrustAuthMech}
R$* $| NO $: $1
R$* $| $* $: $1 $| $&{auth_type}
dnl workspace: localpart<@domain> [ $| ${auth_type} ]
dnl empty ${auth_type}?
R$* $| $: $1
dnl mechanism ${auth_type} accepted?
dnl use $# to override further tests (delay_checks): see check_rcpt below
R$* $| $={TrustAuthMech} $# RELAY
dnl remove ${auth_type}
R$* $| $* $: $1
dnl workspace: localpart<@domain> | localpart
ifelse(defn(`_NO_UUCP_'), `r',
`R$* ! $* < @ $* > $: <REMOTE> $2 < @ BANG_PATH >
R$* ! $* $: <REMOTE> $2 < @ BANG_PATH >', `dnl')
ifelse(defn(`_NO_PERCENTHACK_'), `r',
`R$* % $* < @ $* > $: <REMOTE> $1 < @ PERCENT_HACK >
R$* % $* $: <REMOTE> $1 < @ PERCENT_HACK >', `dnl')
# anything terminating locally is ok
ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
R$+ < @ $* $=m > $@ RELAY', `dnl')
R$+ < @ $=w > $@ RELAY
ifdef(`_RELAY_HOSTS_ONLY_',
`R$+ < @ $=R > $@ RELAY
ifdef(`_ACCESS_TABLE_', `dnl
ifdef(`_RELAY_FULL_ADDR_', `dnl
R$+ < @ $+ > $: <$(access To:$1@$2 $: ? $)> <$1 < @ $2 >>
R<?> <$+ < @ $+ >> $: <$(access To:$2 $: ? $)> <$1 < @ $2 >>',`
R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >>')
dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
R<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')',
`R$+ < @ $* $=R > $@ RELAY
ifdef(`_ACCESS_TABLE_', `dnl
ifdef(`_RELAY_FULL_ADDR_', `dnl
R$+ < @ $+ > $: $1 < @ $2 > $| $>SearchList <+ To> $| <F:$1@$2> <D:$2> <F:$1@> <>
R$+ < @ $+ > $| <$*> $: <$3> <$1 <@ $2>>
R$+ < @ $+ > $| $* $: <$3> <$1 <@ $2>>',
`R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>')')')
ifdef(`_ACCESS_TABLE_', `dnl
dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
R<RELAY> $* $@ RELAY
-ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`ROK2')', `dnl')
R<$*> <$*> $: $2',`dnl')
ifdef(`_RELAY_MX_SERVED_', `dnl
# allow relaying for hosts which we MX serve
R$+ < @ $+ > $: < : $(mxserved $2 $) : > $1 < @ $2 >
dnl this must not necessarily happen if the client is checked first...
R< : $* <TEMP> : > $* $#TEMP $@ 4.4.0 $: "450 Can not check MX records for recipient host " $1
R<$* : $=w . : $*> $* $@ RELAY
R< : $* : > $* $: $2',
`dnl')
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
# local user is ok
dnl is it really? the standard requires user@domain, not just user
dnl but we should accept it anyway (maybe making it an option:
dnl RequireFQDN ?)
dnl postmaster must be accepted without domain (DRUMS)
ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
R<?> postmaster $@ OK
# require qualified recipient?
dnl prepend daemon_flags
R<?> $+ $: $&{daemon_flags} $| <?> $1
dnl workspace: ${daemon_flags} $| <?> localpart
dnl do not allow these at all or only from local systems?
dnl r flag? add client_name
R$* r $* $| <?> $+ $: < ? $&{client_name} > <?> $3
dnl no r flag: relay to local user (only local part)
# no qualified recipient required
R$* $| <?> $+ $@ RELAY
dnl client_name is empty
R<?> <?> $+ $@ RELAY
dnl client_name is local
R<? $=w> <?> $+ $@ RELAY
dnl client_name is not local
R<? $+> $+ $#error $@ 5.5.4 $: "553 Domain name required"', `dnl
dnl no qualified recipient required
R<?> $+ $@ RELAY')
dnl it is a remote user: remove mark and then check client
R<$+> $* $: $2
dnl currently the recipient address is not used below
######################################################################
### Relay_ok: is the relay/sender ok?
dnl input: ignored
dnl output: see explanation at call
######################################################################
SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
R$@ $@ RELAY originated locally
R0 $@ RELAY originated locally
R127.0.0.1 $@ RELAY originated locally
RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally
dnl if compiled with IPV6_FULL=0
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
ifdef(`_ACCESS_TABLE_', `dnl
R$* $: $>A <$1> <?> <+ Connect> <$1>
R<RELAY> $* $@ RELAY relayable IP address
ifdef(`_FFR_REJECT_IP_IN_CHECK_RCPT_',`dnl
dnl this will cause rejections in cases like:
dnl Connect:My.Host.Domain RELAY
dnl Connect:My.Net REJECT
dnl since in check_relay client_name is checked before client_addr
R<REJECT> $* $@ REJECT rejected IP address')
-ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK1')', `dnl')
R<$*> <$*> $: $2', `dnl')
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
ifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
ifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
ifdef(`_RELAY_MAIL_FROM_', `dnl
dnl input: {client_addr} or something "broken"
dnl just throw the input away; we do not need it.
# check whether FROM is allowed to use system as relay
R$* $: <?> $>CanonAddr $&f
R<?> $+ < @ $+ . > <?> $1 < @ $2 > remove trailing dot
ifdef(`_RELAY_LOCAL_FROM_', `dnl
# check whether local FROM is ok
R<?> $+ < @ $=w > $@ RELAY FROM local', `dnl')
ifdef(`_RELAY_DB_FROM_', `dnl
R<?> $+ < @ $+ > $: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_HOSTS_ONLY_', `<E:$2>', `<D:$2>')) <>
R<@> <RELAY> $@ RELAY RELAY FROM sender ok
-ifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+ifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK2')', `dnl')
', `dnl
ifdef(`_RELAY_DB_FROM_DOMAIN_',
`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_
')',
`dnl')
dnl')', `dnl')
dnl notice: the rulesets above do not leave a unique workspace behind.
dnl it does not matter in this case because the following rule ignores
dnl the input. otherwise these rules must "clean up" the workspace.
# check client name: first: did it resolve?
dnl input: ignored
R$* $: < $&{client_resolve} >
R<TEMP> $#TEMP $@ 4.4.0 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
dnl ${client_resolve} should be OK, so go ahead
R$* $: <@> $&{client_name}
dnl should not be necessary since it has been done for client_addr already
dnl this rule actually may cause a problem if {client_name} resolves to ""
dnl however, this should not happen since the forward lookup should fail
dnl and {client_resolve} should be TEMP or FAIL.
dnl nevertheless, removing the rule doesn't hurt.
dnl R<@> $@ RELAY
dnl workspace: <@> ${client_name} (not empty)
# pass to name server to make hostname canonical
R<@> $* $=P $:<?> $1 $2
R<@> $+ $:<?> $[ $1 $]
dnl workspace: <?> ${client_name} (canonified)
R$* . $1 strip trailing dots
ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
R<?> $* $=m $@ RELAY', `dnl')
R<?> $=w $@ RELAY
ifdef(`_RELAY_HOSTS_ONLY_',
`R<?> $=R $@ RELAY
ifdef(`_ACCESS_TABLE_', `dnl
R<?> $* $: <$(access Connect:$1 $: ? $)> <$1>
R<?> <$*> $: <$(access $1 $: ? $)> <$1>',`dnl')',
`R<?> $* $=R $@ RELAY
ifdef(`_ACCESS_TABLE_', `dnl
R<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')')
ifdef(`_ACCESS_TABLE_', `dnl
R<RELAY> $* $@ RELAY
-ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK3')', `dnl')
R<$*> <$*> $: $2',`dnl')
dnl end of _PROMISCUOUS_RELAY_
divert(0)
ifdef(`_DELAY_CHECKS_',`dnl
# turn a canonical address in the form user<@domain>
# qualify unqual. addresses with $j
dnl it might have been only user (without <@domain>)
SFullAddr
R$* <@ $+ . > $1 <@ $2 >
R$* <@ $* > $@ $1 <@ $2 >
R$+ $@ $1 <@ $j >
SDelay_TLS_Clt
# authenticated?
dnl code repeated here from Basic_check_mail
dnl only called from check_rcpt in delay mode if checkrcpt returns $#
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
dnl return result from checkrcpt
R$* $| $* $# $1
R$* $# $1
SDelay_TLS_Clt2
# authenticated?
dnl code repeated here from Basic_check_mail
dnl only called from check_rcpt in delay mode if stopping due to Friend/Hater
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
dnl return result from friend/hater check
R$* $| $* $@ $1
R$* $@ $1
# call all necessary rulesets
Scheck_rcpt
dnl this test should be in the Basic_check_rcpt ruleset
dnl which is the correct DSN code?
# R$@ $#error $@ 5.1.3 $: "553 Recipient address required"
R$+ $: $1 $| $>checkrcpt $1
dnl now we can simply stop checks by returning "$# xyz" instead of just "ok"
dnl on error (or discard) stop now
R$+ $| $#error $* $#error $2
R$+ $| $#discard $* $#discard $2
dnl otherwise call tls_client; see above
R$+ $| $#$* $@ $>"Delay_TLS_Clt" $2
R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1
ifdef(`_SPAM_FH_',
`dnl lookup user@ and user@address
ifdef(`_ACCESS_TABLE_', `',
`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db')
')')dnl
dnl one of the next two rules is supposed to match
-dnl this code has been copied from BLACKLIST... etc
+dnl this code has been copied from BLOCKLIST... etc
dnl and simplified by omitting some < >.
R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
dnl R<?> $@ something_is_very_wrong_here
# lookup the addresses only with Spam tag
R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
R<@> $* $| $* $: $2 $1 reverse result
dnl', `dnl')
ifdef(`_SPAM_FRIEND_',
`# is the recipient a spam friend?
ifdef(`_SPAM_HATER_',
`errprint(`*** ERROR: define either Hater or Friend -- not both.
')', `dnl')
R<FRIEND> $+ $@ $>"Delay_TLS_Clt2" SPAMFRIEND
R<$*> $+ $: $2',
`dnl')
ifdef(`_SPAM_HATER_',
`# is the recipient no spam hater?
R<HATER> $+ $: $1 spam hater: continue checks
R<$*> $+ $@ $>"Delay_TLS_Clt2" NOSPAMHATER everyone else: stop
dnl',`dnl')
dnl run further checks: check_mail
dnl should we "clean up" $&f?
ifdef(`_FFR_MAIL_MACRO',
`R$* $: $1 $| $>checkmail $&{mail_from}',
`R$* $: $1 $| $>checkmail <$&f>')
dnl recipient (canonical format) $| result of checkmail
R$* $| $#$* $#$2
dnl run further checks: check_relay
R$* $| $* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
R$* $| $#$* $#$2
R$* $| $* $: $1
', `dnl')
ifdef(`_BLOCK_BAD_HELO_', `dnl
R$* $: $1 $| <$&{auth_authen}> Get auth info
dnl Bypass the test for users who have authenticated.
R$* $| <$+> $: $1 skip if auth
R$* $| <$*> $: $1 $| <$&{client_addr}> [$&s] Get connection info
dnl Bypass for local clients -- IP address starts with $=R
R$* $| <$=R $*> [$*] $: $1 skip if local client
dnl Bypass a "sendmail -bs" session, which use 0 for client ip address
R$* $| <0> [$*] $: $1 skip if sendmail -bs
dnl Reject our IP - assumes "[ip]" is in class $=w
R$* $| <$*> $=w $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
dnl Reject our hostname
R$* $| <$*> [$=w] $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
dnl Pass anything else with a "." in the domain parameter
R$* $| <$*> [$+.$+] $: $1 qualified domain ok
dnl Pass IPv6: address literals
R$* $| <$*> [IPv6:$+] $: $1 qualified domain ok
dnl Reject if there was no "." or only an initial or final "."
R$* $| <$*> [$*] $#error $@ 5.7.1 $:"550 bogus HELO name used: " $&s
dnl Clean up the workspace
R$* $| $* $: $1
', `dnl')
ifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
######################################################################
### F: LookUpFull -- search for an entry in access database
###
### lookup of full key (which should be an address) and
### variations if +detail exists: +* and without +detail
###
### Parameters:
### <$1> -- key
### <$2> -- default (what to return if not found in db)
dnl must not be empty
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed unchanged through)
dnl returns: <default> <passthru>
dnl <result> <passthru>
######################################################################
SF
dnl workspace: <key> <def> <o tag> <thru>
dnl full lookup
dnl 2 3 4 5
R<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
dnl no match, try without tag
dnl 1 2 3 4
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
dnl no match, +detail: try +*
dnl 1 2 3 4 5 6 7
R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
$: <$(access $6`'_TAG_DELIM_`'$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
dnl no match, +detail: try +* without tag
dnl 1 2 3 4 5 6
R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
$: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
dnl no match, +detail: try without +detail
dnl 1 2 3 4 5 6 7
R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
$: <$(access $6`'_TAG_DELIM_`'$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
dnl no match, +detail: try without +detail and without tag
dnl 1 2 3 4 5 6
R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
$: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
dnl no match, return <default> <passthru>
dnl 1 2 3 4 5
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
ifdef(`_ATMPF_', `dnl tempfail?
dnl 2 3 4 5
R<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl')
dnl match, return <match> <passthru>
dnl 2 3 4 5
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
######################################################################
### E: LookUpExact -- search for an entry in access database
###
### Parameters:
### <$1> -- key
### <$2> -- default (what to return if not found in db)
dnl must not be empty
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed unchanged through)
dnl returns: <default> <passthru>
dnl <result> <passthru>
######################################################################
SE
dnl 2 3 4 5
R<$*> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
dnl no match, try without tag
dnl 1 2 3 4
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
dnl no match, return default passthru
dnl 1 2 3 4 5
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
ifdef(`_ATMPF_', `dnl tempfail?
dnl 2 3 4 5
R<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl')
dnl match, return <match> <passthru>
dnl 2 3 4 5
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
######################################################################
### U: LookUpUser -- search for an entry in access database
###
### lookup of key (which should be a local part) and
### variations if +detail exists: +* and without +detail
###
### Parameters:
### <$1> -- key (user@)
### <$2> -- default (what to return if not found in db)
dnl must not be empty
### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
### <$4> -- passthru (additional data passed unchanged through)
dnl returns: <default> <passthru>
dnl <result> <passthru>
######################################################################
SU
dnl user lookups are always with trailing @
dnl 2 3 4 5
R<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
dnl no match, try without tag
dnl 1 2 3 4
R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
dnl do not remove the @ from the lookup:
dnl it is part of the +detail@ which is omitted for the lookup
dnl no match, +detail: try +*
dnl 1 2 3 4 5 6
R<?> <$+ + $* @> <$*> <$- $-> <$*>
$: <$(access $5`'_TAG_DELIM_`'$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
dnl no match, +detail: try +* without tag
dnl 1 2 3 4 5
R<?> <$+ + $* @> <$*> <+ $-> <$*>
$: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
dnl no match, +detail: try without +detail
dnl 1 2 3 4 5 6
R<?> <$+ + $* @> <$*> <$- $-> <$*>
$: <$(access $5`'_TAG_DELIM_`'$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
dnl no match, +detail: try without +detail and without tag
dnl 1 2 3 4 5
R<?> <$+ + $* @> <$*> <+ $-> <$*>
$: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
dnl no match, return <default> <passthru>
dnl 1 2 3 4 5
R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
ifdef(`_ATMPF_', `dnl tempfail?
dnl 2 3 4 5
R<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl')
dnl match, return <match> <passthru>
dnl 2 3 4 5
R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
######################################################################
### SearchList: search a list of items in the access map
### Parameters:
### <exact tag> $| <mark:address> <mark:address> ... <>
dnl maybe we should have a @ (again) in front of the mark to
dnl avoid errorneous matches (with error messages?)
dnl if we can make sure that tag is always a single token
dnl then we can omit the delimiter $|, otherwise we need it
dnl to avoid errorneous matchs (first rule: D: if there
dnl is that mark somewhere in the list, it will be taken).
dnl moreover, we can do some tricks to enforce lookup with
dnl the tag only, e.g.:
### where "exact" is either "+" or "!":
### <+ TAG> lookup with and w/o tag
### <! TAG> lookup with tag
dnl Warning: + and ! should be in OperatorChars (otherwise there must be
dnl a blank between them and the tag.
### possible values for "mark" are:
### D: recursive host lookup (LookUpDomain)
dnl A: recursive address lookup (LookUpAddress) [not yet required]
### E: exact lookup, no modifications
### F: full lookup, try user+ext@domain and user@domain
### U: user lookup, try user+ext and user (input must have trailing @)
### return: <RHS of lookup> or <?> (not found)
######################################################################
# class with valid marks for SearchList
dnl if A is activated: add it
C{Src}E F D U ifdef(`_FFR_SRCHLIST_A', `A')
SSearchList
# just call the ruleset with the name of the tag... nice trick...
dnl 2 3 4
R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
dnl workspace: <o tag> $| <rest> $| <result of lookup> <>
dnl no match and nothing left: return
R<$+> $| <> $| <?> <> $@ <?>
dnl no match but something left: continue
R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
dnl match: return
R<$+> $| <$*> $| <$+> <> $@ <$3>
dnl return result from recursive invocation
R<$+> $| <$+> $@ <$2>
dnl endif _ACCESS_TABLE_
divert(0)
######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
### $1: AUTH= parameter from MAIL command
######################################################################
dnl empty ruleset definition so it can be called
SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
dnl seems to be useful...
R$* $| $&{auth_authen} $@ identical
R$* $| <$&{auth_authen}> $@ identical
dnl call user supplied code
R$* $| $* $: $1 $| $>"Local_trust_auth" $2
R$* $| $#$* $#$2
dnl default: error
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
######################################################################
### Relay_Auth: allow relaying based on authentication?
###
### Parameters:
### $1: ${auth_type}
######################################################################
SLocal_Relay_Auth
######################################################################
### srv_features: which features to offer to a client?
### (done in server)
######################################################################
Ssrv_features
ifdef(`_LOCAL_SRV_FEATURES_', `dnl
R$* $: $1 $| $>"Local_srv_features" $1
R$* $| $#$* $#$2
R$* $| $* $: $1', `dnl')
ifdef(`_ACCESS_TABLE_', `dnl
R$* $: $>D <$&{client_name}> <?> <! SRV_FEAT_TAG> <>
R<?>$* $: $>A <$&{client_addr}> <?> <! SRV_FEAT_TAG> <>
R<?>$* $: <$(access SRV_FEAT_TAG`'_TAG_DELIM_ $: ? $)>
R<?>$* $@ OK
ifdef(`_ATMPF_', `dnl tempfail?
R<$* _ATMPF_>$* $#temp', `dnl')
R<$+>$* $# $1')
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
ifdef(`_LOCAL_TRY_TLS_', `dnl
R$* $: $1 $| $>"Local_try_tls" $1
R$* $| $#$* $#$2
R$* $| $* $: $1', `dnl')
ifdef(`_ACCESS_TABLE_', `dnl
R$* $: $>D <$&{server_name}> <?> <! TLS_TRY_TAG> <>
R<?>$* $: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <>
R<?>$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)>
R<?>$* $@ OK
ifdef(`_ATMPF_', `dnl tempfail?
-R<$* _ATMPF_>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+R<$* _ATMPF_>$* $#error $@ 4.3.0 $: _TMPFMSG_(`TT')', `dnl')
R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"')
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
dnl called from deliver() before RCPT command
###
### Parameters:
### $1: recipient
######################################################################
Stls_rcpt
ifdef(`_LOCAL_TLS_RCPT_', `dnl
R$* $: $1 $| $>"Local_tls_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $: $1', `dnl')
ifdef(`_ACCESS_TABLE_', `dnl
dnl store name of other side
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
dnl canonify recipient address
R$+ $: <?> $>CanonAddr $1
dnl strip trailing dots
R<?> $+ < @ $+ . > <?> $1 <@ $2 >
dnl full address?
R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
dnl only localpart?
R<?> $+ $: $1 $| <U:$1@> <E:>
dnl look it up
dnl also look up a default value via E:
R$* $| $+ $: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <>
dnl found nothing: stop here
R$* $| <?> $@ OK
ifdef(`_ATMPF_', `dnl tempfail?
-R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TR')', `dnl')
dnl use the generic routine (for now)
R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>')
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
###
### Parameters:
### ${verify} $| (MAIL|STARTTLS)
######################################################################
dnl MAIL: called from check_mail
dnl STARTTLS: called from smtp() after STARTTLS has been accepted
Stls_client
ifdef(`_LOCAL_TLS_CLIENT_', `dnl
R$* $: $1 <?> $>"Local_tls_client" $1
R$* <?> $#$* $#$2
R$* <?> $* $: $1', `dnl')
ifdef(`_ACCESS_TABLE_', `dnl
dnl store name of other side
R$* $: $(macro {TLS_Name} $@ $&{client_name} $) $1
dnl ignore second arg for now
dnl maybe use it to distinguish permanent/temporary error?
dnl if MAIL: permanent (STARTTLS has not been offered)
dnl if STARTTLS: temporary (offered but maybe failed)
R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! TLS_CLT_TAG> <>
R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <>
dnl do a default lookup: just TLS_CLT_TAG
R$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)>
ifdef(`_ATMPF_', `dnl tempfail?
-R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TC')', `dnl')
R$* $@ $>"TLS_connection" $1', `dnl
R$* $| $* $@ $>"TLS_connection" $1')
######################################################################
### tls_server: is connection with server "good" enough?
### (done in client)
###
### Parameter:
### ${verify}
######################################################################
dnl i.e. has the server been authenticated and is encryption active?
dnl called from deliver() after STARTTLS command
Stls_server
ifdef(`_LOCAL_TLS_SERVER_', `dnl
R$* $: $1 $| $>"Local_tls_server" $1
R$* $| $#$* $#$2
R$* $| $* $: $1', `dnl')
+ifdef(`_TLS_FAILURES_',`dnl
+R$* $: $(macro {saved_verify} $@ $1 $) $1')
ifdef(`_ACCESS_TABLE_', `dnl
dnl store name of other side
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
R$* $: $1 $| $>D <$&{server_name}> <?> <! TLS_SRV_TAG> <>
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <>
dnl do a default lookup: just TLS_SRV_TAG
R$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)>
ifdef(`_ATMPF_', `dnl tempfail?
-R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TS')', `dnl')
R$* $@ $>"TLS_connection" $1', `dnl
R$* $@ $>"TLS_connection" $1')
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
ifdef(`_ACCESS_TABLE_', `dnl
### ${verify} $| <Requirement> [<>]', `dnl
### ${verify}')
### Requirement: RHS from access map, may be ? for none.
dnl syntax for Requirement:
dnl [(PERM|TEMP)+] (VERIFY[:bits]|ENCR:bits) [+extensions]
dnl extensions: could be a list of further requirements
dnl for now: CN:string {cn_subject} == string
######################################################################
STLS_connection
ifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error
dnl deal with TLS handshake failures: abort
RSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."
+RDANE_FAIL $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') DANE check failed."
divert(-1)')
dnl common ruleset for tls_{client|server}
dnl input: ${verify} $| <ResultOfLookup> [<>]
dnl remove optional <>
R$* $| <$*>$* $: $1 $| <$2>
dnl workspace: ${verify} $| <ResultOfLookup>
# create the appropriate error codes
dnl permanent or temporary error?
R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
dnl default case depends on TLS_PERM_ERR
R$* $| <$={Tls} $*> $: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3>
dnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup>
# deal with TLS handshake failures: abort
RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
-dnl no <reply:dns> i.e. not requirements in the access map
+dnl no <reply:dns> i.e. no requirements in the access map
dnl use default error
RSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed."
# deal with TLS protocol errors: abort
RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
-dnl no <reply:dns> i.e. not requirements in the access map
+dnl no <reply:dns> i.e. no requirements in the access map
dnl use default error
RPROTOCOL $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') STARTTLS failed."
+# deal with DANE errors: abort
+RDANE_FAIL $| <$-:$+> $* $#error $@ $2 $: $1 " DANE check failed."
+dnl no <reply:dns> i.e. no requirements in the access map
+dnl use default error
+RDANE_FAIL $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') DANE check failed."
R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
dnl separate optional requirements
R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
dnl separate optional requirements
R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
dnl some other value in access map: accept
dnl this also allows to override the default case (if used)
R$* $| $* $@ OK
# authentication required: give appropriate error
# other side did authenticate (via STARTTLS)
dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify}
dnl only verification required and it succeeded
-R<$*><VERIFY> <> OK $@ OK
+R<$*><VERIFY> <> $={TlsVerified} $@ OK
dnl verification required and it succeeded but extensions are given
dnl change it to <SMTP:ESC> <REQ:0> <extensions>
-R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
+R<$*><VERIFY> <$+> $={TlsVerified} $: <$1> <REQ:0> <$2>
dnl verification required + some level of encryption
-R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
+R<$*><VERIFY:$-> <$*> $={TlsVerified} $: <$1> <REQ:$2> <$3>
dnl just some level of encryption required
R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
dnl workspace:
-dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!= OK)
+dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!~ $={TlsVerified})
dnl 2. <SMTP:ESC> <REQ:bits> <[extensions]>
dnl verification required but ${verify} is not set (case 1.)
R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
+R<$-:$+><VERIFY $*> <$*> CLEAR $#error $@ $2 $: $1 " STARTTLS disabled locally"
dnl some other value for ${verify}
R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
dnl some level of encryption required: get the maximum level (case 2.)
R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
dnl compare required bits with actual bits
R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
dnl strength requirements fulfilled
dnl TLS Additional Requirements Separator
dnl this should be something which does not appear in the extensions itself
dnl @ could be part of a CN, DN, etc...
dnl use < > ? those are encoded in CN, DN, ...
define(`_TLS_ARS_', `++')dnl
dnl workspace:
dnl <SMTP:ESC> <REQ:bits> <extensions> result-of-compare
R<$-:$+><$-:$-> <$*> $* $: <$1:$2 _TLS_ARS_ $5>
dnl workspace: <SMTP:ESC _TLS_ARS_ extensions>
dnl continue: check extensions
R<$-:$+ _TLS_ARS_ > $@ OK
dnl split extensions into own list
R<$-:$+ _TLS_ARS_ $+ > $: <$1:$2> <$3>
R<$-:$+> < $+ _TLS_ARS_ $+ > <$1:$2> <$3> <$4>
R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
######################################################################
### TLS_req: check additional TLS requirements
###
### Parameters: [<list> <of> <req>] $| <$-:$+>
### $-: SMTP reply code
### $+: Enhanced Status Code
dnl further requirements for this ruleset:
dnl name of "other side" is stored is {TLS_name} (client/server_name)
dnl
-dnl currently only CN[:common_name] is implemented
dnl right now this is only a logical AND
dnl i.e. all requirements must be true
dnl how about an OR? CN must be X or CN must be Y or ..
dnl use a macro to compute this as a trivial sequential
dnl operations (no precedences etc)?
######################################################################
STLS_req
dnl no additional requirements: ok
R $| $+ $@ OK
dnl require CN: but no CN specified: use name of other side
R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
+ifdef(`_FFR_TLS_ALTNAMES', `dnl
+R<CN:$={cert_altnames}> $* $| <$+> $@ $>"TLS_req" $2 $| <$3>
+R<CN:$-.$+> $* $| <$+> $: <CN:*.$2> $3 $| <$4>
+R<CN:$={cert_altnames}> $* $| <$+> $@ $>"TLS_req" $3 $| <$3>
+R<CN:$*> $* $| <$+> $: <CN:$&{TLS_Name}> $2 $| <$3>', `dnl')
dnl match, check rest
R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl CN does not match
dnl 1 2 3 4
R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
dnl cert subject
R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl CS does not match
dnl 1 2 3 4
R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
dnl match, check rest
R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl CI does not match
dnl 1 2 3 4
R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
+dnl
+R<CITag:$-> $* $| <$+> $: <$(access $1:$&{cert_issuer} $: ? $)> $2 $| <$3>
+R<?> $* $| <$-:$+> $#error $@ $3 $: $2 " Cert Issuer " $&{cert_issuer} " not acceptable"
+R<OK> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl return from recursive call
ROK $@ OK
######################################################################
### max: return the maximum of two values separated by :
###
### Parameters: [$-]:[$-]
######################################################################
Smax
R: $: 0
R:$- $: $1
R$-: $: $1
R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
RTRUE:$-:$- $: $2
R$-:$-:$- $: $2
dnl endif _ACCESS_TABLE_
divert(0)
ifdef(`_TLS_SESSION_FEATURES_', `dnl
Stls_srv_features
ifdef(`_ACCESS_TABLE_', `dnl
R$* $| $* $: $>D <$1> <?> <! TLS_Srv_Features> <$2>
R<?> <$*> $: $>A <$1> <?> <! TLS_Srv_Features> <$1>
R<?> <$*> $@ ""
R<$+> <$*> $@ $1
', `dnl
R$* $@ ""')
Stls_clt_features
ifdef(`_ACCESS_TABLE_', `dnl
R$* $| $* $: $>D <$1> <?> <! TLS_Clt_Features> <$2>
R<?> <$*> $: $>A <$1> <?> <! TLS_Clt_Features> <$1>
R<?> <$*> $@ ""
R<$+> <$*> $@ $1
', `dnl
R$* $@ ""')
')
######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
### none
######################################################################
SRelayTLS
# authenticated?
dnl we do not allow relaying for anyone who can present a cert
dnl signed by a "trusted" CA. For example, even if we put verisigns
dnl CA in CertPath so we can authenticate users, we do not allow
dnl them to abuse our server (they might be easier to get hold of,
dnl but anyway).
dnl so here is the trick: if the verification succeeded
dnl we look up the cert issuer in the access map
dnl (maybe after extracting a part with a regular expression)
dnl if this returns RELAY we relay without further questions
dnl if it returns SUBJECT we perform a similar check on the
dnl cert subject.
ifdef(`_ACCESS_TABLE_', `dnl
R$* $: <?> $&{verify}
-R<?> OK $: OK authenticated: continue
+R<?> $={TlsVerified} $: OK authenticated: continue
R<?> $* $@ NO not authenticated
ifdef(`_CERT_REGEX_ISSUER_', `dnl
R$* $: $(CERTIssuer $&{cert_issuer} $)',
`R$* $: $&{cert_issuer}')
R$+ $: $(access CERTISSUER`'_TAG_DELIM_`'$1 $)
dnl use $# to stop further checks (delay_check)
RRELAY $# RELAY
ifdef(`_CERT_REGEX_SUBJECT_', `dnl
RSUBJECT $: <@> $(CERTSubject $&{cert_subject} $)',
`RSUBJECT $: <@> $&{cert_subject}')
R<@> $+ $: <@> $(access CERTSUBJECT`'_TAG_DELIM_`'$1 $)
R<@> RELAY $# RELAY
R$* $: NO', `dnl')
######################################################################
### authinfo: lookup authinfo in the access map
###
### Parameters:
### $1: {server_name}
### $2: {server_addr}
dnl both are currently ignored
dnl if it should be done via another map, we either need to restrict
dnl functionality (it calls D and A) or copy those rulesets (or add another
dnl parameter which I want to avoid, it's quite complex already)
######################################################################
dnl omit this ruleset if neither is defined?
dnl it causes DefaultAuthInfo to be ignored
dnl (which may be considered a good thing).
Sauthinfo
ifdef(`_AUTHINFO_TABLE_', `dnl
R$* $: <$(authinfo AuthInfo:$&{server_name} $: ? $)>
R<?> $: <$(authinfo AuthInfo:$&{server_addr} $: ? $)>
R<?> $: <$(authinfo AuthInfo: $: ? $)>
R<?> $@ no no authinfo available
R<$*> $# $1
dnl', `dnl
ifdef(`_ACCESS_TABLE_', `dnl
R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
R$* $| <?>$* $: $1 $| <$(access AuthInfo`'_TAG_DELIM_ $: ? $)> <>
R$* $| <?>$* $@ no no authinfo available
R$* $| <$*> <> $# $2
dnl', `dnl')')
ifdef(`_RATE_CONTROL_',`dnl
######################################################################
### RateControl:
### Parameters: ignored
### return: $#error or OK
######################################################################
SRateControl
ifdef(`_ACCESS_TABLE_', `dnl
R$* $: <A:$&{client_addr}> <E:>
dnl also look up a default value via E:
R$+ $: $>SearchList <! ClientRate> $| $1 <>
dnl found nothing: stop here
R<?> $@ OK
ifdef(`_ATMPF_', `dnl tempfail?
-R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+R<$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`RC')', `dnl')
dnl use the generic routine (for now)
R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_rate} $)
dnl log this? Connection rate $&{client_rate} exceeds limit $1.
R<$+> $| TRUE $#error $@ 4.3.2 $: _RATE_CONTROL_REPLY Connection rate limit exceeded.
')')
ifdef(`_CONN_CONTROL_',`dnl
######################################################################
### ConnControl:
### Parameters: ignored
### return: $#error or OK
######################################################################
SConnControl
ifdef(`_ACCESS_TABLE_', `dnl
R$* $: <A:$&{client_addr}> <E:>
dnl also look up a default value via E:
R$+ $: $>SearchList <! ClientConn> $| $1 <>
dnl found nothing: stop here
R<?> $@ OK
ifdef(`_ATMPF_', `dnl tempfail?
-R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+R<$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`CC')', `dnl')
dnl use the generic routine (for now)
R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_connections} $)
dnl log this: Open connections $&{client_connections} exceeds limit $1.
R<$+> $| TRUE $#error $@ 4.3.2 $: _CONN_CONTROL_REPLY Too many open connections.
')')
undivert(9)dnl LOCAL_RULESETS
#
######################################################################
######################################################################
#####
`##### MAIL FILTER DEFINITIONS'
#####
######################################################################
######################################################################
_MAIL_FILTERS_
#
######################################################################
######################################################################
#####
`##### MAILER DEFINITIONS'
#####
######################################################################
######################################################################
undivert(7)dnl MAILER_DEFINITIONS
diff --git a/cf/m4/version.m4 b/cf/m4/version.m4
index 8d2680534a4a..dadff627bb2e 100644
--- a/cf/m4/version.m4
+++ b/cf/m4/version.m4
@@ -1,18 +1,18 @@
divert(-1)
#
-# Copyright (c) 1998-2015 Proofpoint, Inc. and its suppliers.
+# Copyright (c) 1998-2016 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
VERSIONID(`$Id: version.m4,v 8.237 2014-01-27 12:55:17 ca Exp $')
#
divert(0)
# Configuration version number
-DZ8.15.2`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.16.1`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/cf/ostype/hpux10.m4 b/cf/ostype/hpux10.m4
index c59828cedaa1..423bd5bb16d1 100644
--- a/cf/ostype/hpux10.m4
+++ b/cf/ostype/hpux10.m4
@@ -1,27 +1,27 @@
divert(-1)
#
# Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
VERSIONID(`$Id: hpux10.m4,v 8.20 2013-11-22 20:51:15 ca Exp $')
ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /var/spool/mqueue)')dnl
ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/bin/rmail)')dnl
_DEFIFNOT(`LOCAL_MAILER_FLAGS', `m9')dnl
ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `rmail -d $u')')dnl
ifdef(`LOCAL_SHELL_PATH',, `define(`LOCAL_SHELL_PATH', /usr/bin/sh)')dnl
ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')dnl
define(`confTIME_ZONE', `USE_TZ')dnl
dnl
-dnl For maximum compability with HP-UX, use:
+dnl For maximum compatibility with HP-UX, use:
dnl define(`confME_TOO', True)dnl
diff --git a/cf/ostype/hpux9.m4 b/cf/ostype/hpux9.m4
index d9fa69faf7d0..76c2258183cb 100644
--- a/cf/ostype/hpux9.m4
+++ b/cf/ostype/hpux9.m4
@@ -1,27 +1,27 @@
divert(-1)
#
# Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
VERSIONID(`$Id: hpux9.m4,v 8.25 2013-11-22 20:51:15 ca Exp $')
ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', `/bin/rmail')')dnl
_DEFIFNOT(`LOCAL_MAILER_FLAGS', `m9')dnl
ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `rmail -d $u')')dnl
ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')dnl
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confEBINDIR', `/usr/lib')dnl
dnl
-dnl For maximum compability with HP-UX, use:
+dnl For maximum compatibility with HP-UX, use:
dnl define(`confME_TOO', True)dnl
diff --git a/contrib/cidrexpand b/contrib/cidrexpand
index efa5323a010c..ee24ee865275 100755
--- a/contrib/cidrexpand
+++ b/contrib/cidrexpand
@@ -1,138 +1,181 @@
#!/usr/bin/perl -w
-
-# $Id: cidrexpand,v 8.8 2006-08-07 17:18:37 ca Exp $
+#
+# usage:
+# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access
#
# v 0.4
#
# 17 July 2000 Derek J. Balling (dredd@megacity.org)
-#
+#
# Acts as a preparser on /etc/mail/access_db to allow you to use address/bit
-# notation.
+# notation.
#
# If you have two overlapping CIDR blocks with conflicting actions
# e.g. 10.2.3.128/25 REJECT and 10.2.3.143 ACCEPT
# make sure that the exceptions to the more general block are specified
# later in the access_db.
#
# the -r flag to makemap will make it "do the right thing"
#
# Modifications
# -------------
# 26 Jul 2001 Derek Balling (dredd@megacity.org)
# Now uses Net::CIDR because it makes life a lot easier.
#
# 5 Nov 2002 Richard Rognlie (richard@sendmail.com)
# Added code to deal with the prefix tags that may now be included in
# the access_db
#
-# Added clarification in the notes for what to do if you have
+# Added clarification in the notes for what to do if you have
# exceptions to a larger CIDR block.
#
-# 26 Jul 2006 Richard Rognlie (richard@sendmail.com>
+# 26 Jul 2006 Richard Rognlie (richard@sendmail.com)
# Added code to strip "comments" (anything after a non-escaped #)
# # characters after a \ or within quotes (single and double) are
-# left intact.
+# left intact.
#
# e.g.
# From:1.2.3.4 550 Die spammer # spammed us 2006.07.26
# becomes
-# From:1.2.3.4 550 Die spammer
+# From:1.2.3.4 550 Die spammer
#
# 3 August 2006
-#
# Corrected a bug to have it handle the special case of "0.0.0.0/0"
# since Net::CIDR doesn't handle it properly.
#
-# usage:
-# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access
+# 27 April 2016
+# Corrected IPv6 handling. Note that UseCompressedIPv6Addresses must
+# be turned off for this to work; there are three reasons for this:
+# 1) if the MTA uses compressed IPv6 addresses then CIDR 'cuts'
+# in the compressed range *cannot* be matched, as the MTA simply
+# won't look for them. E.g., there's no way to accurately
+# match "IPv6:fe80::/64" when for the address "IPv6:fe80::54ad"
+# the MTA doesn't lookup up "IPv6:fe80:0:0:0"
+# 2) cidrexpand only generates uncompressed addresses, so CIDR
+# 'cuts' to the right of the compressed range won't be matched
+# either. Why doesn't it generate compressed address output?
+# Oh, because:
+# 3) compressed addresses are ambiguous when colon-groups are
+# chopped off! You want an access map entry for
+# IPv6:fe80::0:5420
+# but not for
+# IPv6:fe80::5420:1234
+# ? Sorry, the former is really
+# IPv6:fe80::5420
+# which will also match the latter!
#
+# 25 July 2016
+# Since cidrexpand already requires UseCompressedIPv6Addresses to be
+# turned off, it can also canonicalize non-CIDR IPv6 addresses to the
+# format that sendmail looks up, expanding compressed addresses and
+# trimming superfluous leading zeros.
#
# Report bugs to: <dredd@megacity.org>
#
use strict;
-use Net::CIDR;
+use Net::CIDR qw(cidr2octets cidrvalidate);
use Getopt::Std;
-our ($opt_c,$opt_t);
-getopts('ct:');
+sub print_expanded_v4network;
+sub print_expanded_v6network;
-my $spaceregex = '\s+';
-if ($opt_t)
-{
- $spaceregex = $opt_t;
-}
+our %opts;
+getopts('ct:', \%opts);
+
+# Delimiter between the key and value
+my $space_re = exists $opts{t} ? $opts{t} : '\s+';
+
+# Regexp that matches IPv4 address literals
+my $ipv4_re = qr"(?:\d+\.){3}\d+";
+
+# Regexp that matches IPv6 address literals, plus a lot more.
+# Further checks are required for verifying that it's really one
+my $ipv6_re = qr"[0-9A-Fa-f:]{2,39}(?:\.\d+\.\d+\.\d+)?";
while (<>)
{
chomp;
- my ($prefix,$left,$right,$space);
+ my ($prefix, $network, $len, $right);
- if ( (/\#/) && $opt_c )
+ if ( (/\#/) && $opts{c} )
{
# print "checking...\n";
my $i;
my $qtype='';
- for ($i=0 ; $i<length($_) ; $i++)
+ for ($i=0 ; $i<length($_) ; $i++)
{
my $ch = substr($_,$i,1);
- if ($ch eq '\\')
+ if ($ch eq '\\')
{
$i++;
next;
}
- elsif ($qtype eq '' && $ch eq '#')
+ elsif ($qtype eq '' && $ch eq '#')
{
substr($_,$i) = '';
last;
}
- elsif ($qtype ne '' && $ch eq $qtype)
+ elsif ($qtype ne '' && $ch eq $qtype)
{
$qtype = '';
}
- elsif ($qtype eq '' && $ch =~ /[\'\"]/)
+ elsif ($qtype eq '' && $ch =~ /[\'\"]/)
{
$qtype = $ch;
}
}
- }
-
- if (! /^(|\S\S*:)(\d+\.){3}\d+\/\d\d?$spaceregex.*/ )
+ }
+
+ if (($prefix, $network, $len, $right) =
+ m!^(|\S+:)(${ipv4_re})/(\d+)(${space_re}.*)$!)
{
- print "$_\n";
+ print_expanded_v4network($network, $len, $prefix, $right);
+ }
+ elsif ((($prefix, $network, $len, $right) =
+ m!^((?:\S+:)?[Ii][Pp][Vv]6:)(${ipv6_re})(?:/(\d+))?(${space_re}.*)$!) &&
+ (!defined($len) || $len <= 128) &&
+ defined(cidrvalidate($network)))
+ {
+ print_expanded_v6network($network, $len // 128, $prefix, $right);
}
else
{
- ($prefix,$left,$space,$right) =
- /^(|\S\S*:)((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/;
-
- my @new_lefts = expand_network($left);
- foreach my $nl (@new_lefts)
- {
- print "$prefix$nl$space$right\n";
- }
+ print "$_\n";
}
}
-
-sub expand_network
+
+sub print_expanded_v4network
{
- my $left_input = shift;
- my @rc = ($left_input);
- my ($network,$mask) = split /\//, $left_input;
- if (defined $mask)
+ my ($network, $len, $prefix, $suffix) = @_;
+
+ # cidr2octets() doesn't handle a prefix-length of zero, so do
+ # that ourselves
+ foreach my $nl ($len == 0 ? (0..255) : cidr2octets("$network/$len"))
{
- return (0..255) if $mask == 0;
+ print "$prefix$nl$suffix\n";
+ }
+}
+
+sub print_expanded_v6network
+{
+ my ($network, $len, $prefix, $suffix) = @_;
- my @parts = split /\./, $network;
- while ($#parts < 3)
+ # cidr2octets() doesn't handle a prefix-length of zero, so do
+ # that ourselves. Easiest is to just recurse on bottom and top
+ # halves with a length of 1
+ if ($len == 0) {
+ print_expanded_v6network("::", 1, $prefix, $suffix);
+ print_expanded_v6network("8000::", 1, $prefix, $suffix);
+ }
+ else
+ {
+ foreach my $nl (cidr2octets("$network/$len"))
{
- push @parts, "0";
+ # trim leading zeros from each group
+ $nl =~ s/(^|:)0+(?=[^:])/$1/g;
+ print "$prefix$nl$suffix\n";
}
- my $clean_input = join '.', @parts;
- $clean_input .= "/$mask";
- my @octets = Net::CIDR::cidr2octets($clean_input);
- @rc = @octets;
}
- return @rc;
}
diff --git a/contrib/dnsblaccess.m4 b/contrib/dnsblaccess.m4
index da8e13a0a6a7..0075dba92fe8 100644
--- a/contrib/dnsblaccess.m4
+++ b/contrib/dnsblaccess.m4
@@ -1,94 +1,94 @@
divert(-1)
#
# Copyright (c) 2001-2002, 2005 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
dnl ## This is a modified enhdnsbl, loosely based on the
dnl ## original.
dnl ##
dnl ## Use it as follows
dnl ##
dnl ## HACK(dnsblaccess, domain, optional-message, tempfail-message, keytag)
dnl ##
dnl ## The first argument (domain) is required. The other arguments
dnl ## are optional and have reasonable defaults. The
dnl ## optional-message is the error message given in case of a
dnl ## match. The default behavior for a tempfail is to accept the
dnl ## email. A tempfail-message value of `t' temporarily rejects
dnl ## with a default message. Otherwise the value should be your
dnl ## own message. The keytag is used to lookup the access map to
dnl ## further refine the result. I recommend a qualified keytag
-dnl ## (containing a ".") as less likely to accidently conflict with
+dnl ## (containing a ".") as less likely to accidentally conflict with
dnl ## other access tags.
dnl ##
dnl ## This is best illustrated with an example. Please do not use
dnl ## the example, as it refers to a bogus lookup list.
dnl ##
dnl ## Suppose that you use
dnl ##
dnl ## HACK(dnsblaccess, `rbl.bogus.org',`',`t',bogus.tag)
dnl ##
dnl ## and suppose that your access map contains the entries
dnl ##
dnl ## bogus.tag:127.0.0.2 REJECT
dnl ## bogus.tag:127.0.0.3 error:dialup mail from %1: listed at %2
dnl ## bogus.tag:127.0.0.4 OK
dnl ## bogus.tag:127 REJECT
dnl ## bogus.tag: OK
dnl ##
dnl ## If an SMTP connection is received from 123.45.6.7, sendmail
dnl ## will lookup the A record for 7.6.45.123.bogus.org. If there
dnl ## is a temp failure for the lookup, sendmail will generate a
dnl ## temporary failure with a default message. If there is no
dnl ## A-record for this lookup, then the mail is treated as if the
dnl ## HACK line were not present. If the lookup returns 127.0.0.2,
dnl ## then a default message rejects the mail. If it returns
dnl ## 127.0.0.3, then the message
dnl ## "dialup mail from 123.45.6.7: listed at rbl.bogus.org"
dnl ## is used to reject the mail. If it returns 127.0.0.4, the
dnl ## mail is processed as if there were no HACK line. If the
dnl ## address returned is something else beginning with 127.*, the
dnl ## mail is rejected with a default error message. If the
dnl ## address returned does not begin 127, then the mail is
dnl ## processed as if the HACK line were not present.
divert(0)
VERSIONID(`$Id: dnsblaccess.m4,v 1.7 2013-11-22 20:51:18 ca Exp $')
ifdef(`_ACCESS_TABLE_', `dnl',
`errprint(`*** ERROR: dnsblaccess requires FEATURE(`access_db')
')')
ifdef(`_EDNSBL_R_',`dnl',`dnl
define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map.
LOCAL_CONFIG
-# map for enhanced DNS based blacklist lookups
+# map for enhanced DNS based blocklist lookups
Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
')
divert(-1)
define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl
define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl
define(`_EDNSBL_KEY_', `ifelse(len(X`'_ARG4_),`1',`dnsblaccess',_ARG4_)')dnl
divert(8)
# DNS based IP address spam list _EDNSBL_SRV_
R$* $: $&{client_addr}
dnl IPv6?
R$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $) <>$1.$2.$3.$4
R<?>OK<>$* $: OKSOFAR
R<?>$+<TMP><>$* $: <? <TMPF>>
R<?>$* $- .<>$* <$(access _EDNSBL_KEY_`:'$1$2 $@$3 $@`'_EDNSBL_SRV_ $: ? $)> $1 <>$3
R<?>$* <>$* $:<$(access _EDNSBL_KEY_`:' $@$2 $@`'_EDNSBL_SRV_ $: ? $)> <>$2
ifelse(len(X`'_ARG3_),`1',
`R<$*<TMPF>>$* $: TMPOK',
`R<$*<TMPF>>$* $#error $@ 4.4.3 $: _EDNSBL_MSG_TMP_')
R<$={Accept}>$* $: OKSOFAR
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1
R<DISCARD> $* $#discard $: discard
R<$*> $* $#error $@ 5.7.1 $: _EDNSBL_MSG_
divert(-1)
diff --git a/contrib/expn.pl b/contrib/expn.pl
index 85de08a7f419..317391238685 100755
--- a/contrib/expn.pl
+++ b/contrib/expn.pl
@@ -1,1360 +1,1360 @@
#!/usr/bin/perl
'di ';
'ds 00 \\"';
'ig 00 ';
#
# THIS PROGRAM IS ITS OWN MANUAL PAGE. INSTALL IN man & bin.
#
use 5.001;
use IO::Socket;
use Fcntl;
# system requirements:
# must have 'nslookup' and 'hostname' programs.
# $OrigHeader: /home/muir/bin/RCS/expn,v 3.11 1997/09/10 08:14:02 muir Exp muir $
# TODO:
# less magic should apply to command-line addresses
# less magic should apply to local addresses
# add magic to deal with cross-domain cnames
# disconnect & reconnect after 25 commands to the same sendmail 8.8.* host
# Checklist: (hard addresses)
# 250 Kimmo Suominen <"|/usr/local/mh/lib/slocal -user kim"@grendel.tac.nyc.ny.us>
# harry@hofmann.cs.Berkeley.EDU -> harry@tenet (.berkeley.edu) [dead]
# bks@cs.berkeley.edu -> shiva.CS (.berkeley.edu) [dead]
# dan@tc.cornell.edu -> brown@tiberius (.tc.cornell.edu)
#############################################################################
#
# Copyright (c) 1993 David Muir Sharnoff
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
# must display the following acknowledgement:
# This product includes software developed by the David Muir Sharnoff.
# 4. The name of David Sharnoff may not be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE DAVID MUIR SHARNOFF ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL DAVID MUIR SHARNOFF BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# This copyright notice derrived from material copyrighted by the Regents
# of the University of California.
#
# Contributions accepted.
#
#############################################################################
# overall structure:
# in an effort to not trace each address individually, but rather
# ask each server in turn a whole bunch of questions, addresses to
# be expanded are queued up.
#
# This means that all accounting w.r.t. an address must be stored in
# various arrays. Generally these arrays are indexed by the
# string "$addr *** $server" where $addr is the address to be
# expanded "foo" or maybe "foo@bar" and $server is the hostname
# of the SMTP server to contact.
#
# important global variables:
#
# @hosts : list of servers still to be contacted
# $server : name of the current we are currently looking at
# @users = $users{@hosts[0]} : addresses to expand at this server
# $u = $users[0] : the current address being expanded
# $names{"$users[0] *** $server"} : the 'name' associated with the address
# $mxbacktrace{"$users[0] *** $server"} : record of mx expansion
# $mx_secondary{$server} : other mx relays at the same priority
# $domainify_fallback{"$users[0] *** $server"} : alternative names to try
# instead of $server if $server doesn't work
# $temporary_redirect{"$users[0] *** $server"} : when trying alternates,
# temporarily channel all tries along current path
# $giveup{$server} : do not bother expanding addresses at $server
# $verbose : -v
# $watch : -w
# $vw : -v or -w
# $debug : -d
# $valid : -a
# $levels : -1
# $S : the socket connection to $server
$have_nslookup = 1; # we have the nslookup program
$port = 'smtp';
$av0 = $0;
$ENV{'PATH'} .= ":/usr/etc" unless $ENV{'PATH'} =~ m,/usr/etc,;
$ENV{'PATH'} .= ":/usr/ucb" unless $ENV{'PATH'} =~ m,/usr/ucb,;
select(STDERR);
$0 = "$av0 - running hostname";
chop($name = `hostname || uname -n`);
$0 = "$av0 - lookup host FQDN and IP addr";
($hostname,$aliases,$type,$len,$thisaddr) = gethostbyname($name);
$0 = "$av0 - parsing args";
$usage = "Usage: $av0 [-1avwd] user[\@host] [user2[host2] ...]";
for $a (@ARGV) {
die $usage if $a eq "-";
while ($a =~ s/^(-.*)([1avwd])/$1/) {
eval '$'."flag_$2 += 1";
}
next if $a eq "-";
die $usage if $a =~ /^-/;
&expn(&parse($a,$hostname,undef,1));
}
$verbose = $flag_v;
$watch = $flag_w;
$vw = $flag_v + $flag_w;
$debug = $flag_d;
$valid = $flag_a;
$levels = $flag_1;
die $usage unless @hosts;
if ($valid) {
if ($valid == 1) {
$validRequirement = 0.8;
} elsif ($valid == 2) {
$validRequirement = 1.0;
} elsif ($valid == 3) {
$validRequirement = 0.9;
} else {
$validRequirement = (1 - (1/($valid-3)));
print "validRequirement = $validRequirement\n" if $debug;
}
}
HOST:
while (@hosts) {
$server = shift(@hosts);
@users = split(' ',$users{$server});
delete $users{$server};
# is this server already known to be bad?
$0 = "$av0 - looking up $server";
if ($giveup{$server}) {
&giveup('mx domainify',$giveup{$server});
next;
}
# do we already have an mx record for this host?
next HOST if &mxredirect($server,*users);
# look it up, or try for an mx.
$0 = "$av0 - gethostbyname($server)";
($name,$aliases,$type,$len,$thataddr) = gethostbyname($server);
# if we can't get an A record, try for an MX record.
unless($thataddr) {
&mxlookup(1,$server,"$server: could not resolve name",*users);
next HOST;
}
# get a connection, or look for an mx
$0 = "$av0 - socket to $server";
$S = new IO::Socket::INET (
'PeerAddr' => $server,
'PeerPort' => $port,
'Proto' => 'tcp');
if (! $S || ($debug == 10 && $server =~ /relay\d.UU.NET$/i)) {
$0 = "$av0 - $server: could not connect: $!\n";
$emsg = $!;
unless (&mxlookup(0,$server,"$server: could not connect: $!",*users)) {
&giveup('mx',"$server: Could not connect: $emsg");
}
next HOST;
}
$S->autoflush(1);
# read the greeting
$0 = "$av0 - talking to $server";
&alarm("greeting with $server",'');
while(<$S>) {
alarm(0);
print if $watch;
if (/^(\d+)([- ])/) {
if ($1 != 220) {
$0 = "$av0 - bad numeric response from $server";
&alarm("giving up after bad response from $server",'');
&read_response($2,$watch);
alarm(0);
print STDERR "$server: NOT 220 greeting: $_"
if ($debug || $vw);
if (&mxlookup(0,$server,"$server: did not respond with a 220 greeting",*users)) {
close($S);
next HOST;
}
}
last if ($2 eq " ");
} else {
$0 = "$av0 - bad response from $server";
print STDERR "$server: NOT 220 greeting: $_"
if ($debug || $vw);
unless (&mxlookup(0,$server,"$server: did not respond with SMTP codes",*users)) {
&giveup('',"$server: did not talk SMTP");
}
close($S);
next HOST;
}
&alarm("greeting with $server",'');
}
alarm(0);
# if this causes problems, remove it
$0 = "$av0 - sending helo to $server";
&alarm("sending helo to $server","");
&ps("helo $hostname");
while(<$S>) {
print if $watch;
last if /^\d+ /;
}
alarm(0);
# try the users, one by one
USER:
while(@users) {
$u = shift(@users);
$0 = "$av0 - expanding $u [\@$server]";
# do we already have a name for this user?
$oldname = $names{"$u *** $server"};
print &compact($u,$server)." ->\n" if ($verbose && ! $valid);
if ($valid) {
#
# when running with -a, we delay taking any action
# on the results of our query until we have looked
# at the complete output. @toFinal stores expansions
# that will be final if we take them. @toExpn stores
# expnansions that are not final. @isValid keeps
# track of our ability to send mail to each of the
# expansions.
#
@isValid = ();
@toFinal = ();
@toExpn = ();
}
# ($ecode,@expansion) = &expn_vrfy($u,$server);
(@foo) = &expn_vrfy($u,$server);
($ecode,@expansion) = @foo;
if ($ecode) {
&giveup('',$ecode,$u);
last USER;
}
for $s (@expansion) {
$s =~ s/[\n\r]//g;
$0 = "$av0 - parsing $server: $s";
$skipwatch = $watch;
if ($s =~ /^[25]51([- ]).*<(.+)>/) {
print "$s" if $watch;
print "(pretending 250$1<$2>)" if ($debug && $watch);
print "\n" if $watch;
$s = "250$1<$2>";
$skipwatch = 0;
}
if ($s =~ /^250([- ])(.+)/) {
print "$s\n" if $skipwatch;
($done,$addr) = ($1,$2);
($newhost, $newaddr, $newname) = &parse($addr,$server,$oldname, $#expansion == 0);
print "($newhost, $newaddr, $newname) = &parse($addr, $server, $oldname)\n" if $debug;
if (! $newhost) {
# no expansion is possible w/o a new server to call
if ($valid) {
push(@isValid, &validAddr($newaddr));
push(@toFinal,$newaddr,$server,$newname);
} else {
&verbose(&final($newaddr,$server,$newname));
}
} else {
$newmxhost = &mx($newhost,$newaddr);
print "$newmxhost = &mx($newhost)\n"
if ($debug && $newhost ne $newmxhost);
$0 = "$av0 - parsing $newaddr [@$newmxhost]";
print "levels = $levels, level{$u *** $server} = ".$level{"$u *** $server"}."\n" if ($debug > 1);
# If the new server is the current one,
# it would have expanded things for us
# if it could have. Mx records must be
# followed to compare server names.
# We are also done if the recursion
# count has been exceeded.
if (&trhost($newmxhost) eq &trhost($server) || ($levels && $level{"$u *** $server"} >= $levels)) {
if ($valid) {
push(@isValid, &validAddr($newaddr));
push(@toFinal,$newaddr,$newmxhost,$newname);
} else {
&verbose(&final($newaddr,$newmxhost,$newname));
}
} else {
# more work to do...
if ($valid) {
push(@isValid, &validAddr($newaddr));
push(@toExpn,$newmxhost,$newaddr,$newname,$level{"$u *** $server"});
} else {
&verbose(&expn($newmxhost,$newaddr,$newname,$level{"$u *** $server"}));
}
}
}
last if ($done eq " ");
next;
}
# 550 is a known code... Should the be
# included in -a output? Might be a bug
# here. Does it matter? Can assume that
# there won't be UNKNOWN USER responses
# mixed with valid users?
if ($s =~ /^(550)([- ])/) {
if ($valid) {
print STDERR "\@$server:$u ($oldname) USER UNKNOWN\n";
} else {
&verbose(&final($u,$server,$oldname,"USER UNKNOWN"));
}
last if ($2 eq " ");
next;
}
# 553 is a known code...
if ($s =~ /^(553)([- ])/) {
if ($valid) {
print STDERR "\@$server:$u ($oldname) USER AMBIGUOUS\n";
} else {
&verbose(&final($u,$server,$oldname,"USER AMBIGUOUS"));
}
last if ($2 eq " ");
next;
}
# 252 is a known code...
if ($s =~ /^(252)([- ])/) {
if ($valid) {
print STDERR "\@$server:$u ($oldname) REFUSED TO VRFY\n";
} else {
&verbose(&final($u,$server,$oldname,"REFUSED TO VRFY"));
}
last if ($2 eq " ");
next;
}
&giveup('',"$server: did not grok '$s'",$u);
last USER;
}
if ($valid) {
#
# now we decide if we are going to take these
# expansions or roll them back.
#
$avgValid = &average(@isValid);
print "avgValid = $avgValid\n" if $debug;
if ($avgValid >= $validRequirement) {
print &compact($u,$server)." ->\n" if $verbose;
while (@toExpn) {
&verbose(&expn(splice(@toExpn,0,4)));
}
while (@toFinal) {
&verbose(&final(splice(@toFinal,0,3)));
}
} else {
print "Tossing some valid to avoid invalid ".&compact($u,$server)."\n" if ($avgValid > 0.0 && ($vw || $debug));
print &compact($u,$server)." ->\n" if $verbose;
&verbose(&final($u,$server,$newname));
}
}
}
&alarm("sending 'quit' to $server",'');
$0 = "$av0 - sending 'quit' to $server";
&ps("quit");
while(<$S>) {
print if $watch;
last if /^\d+ /;
}
close($S);
alarm(0);
}
$0 = "$av0 - printing final results";
print "----------\n" if $vw;
select(STDOUT);
for $f (sort @final) {
print "$f\n";
}
unlink("/tmp/expn$$");
exit(0);
# abandon all attempts deliver to $server
# register the current addresses as the final ones
sub giveup
{
local($redirect_okay,$reason,$user) = @_;
local($us,@so,$nh,@remaining_users);
local($pk,$file,$line);
($pk, $file, $line) = caller;
$0 = "$av0 - giving up on $server: $reason";
#
# add back a user if we gave up in the middle
#
push(@users,$user) if $user;
#
# don't bother with this system anymore
#
unless ($giveup{$server}) {
$giveup{$server} = $reason;
print STDERR "$reason\n";
}
print "Giveup at $file:$line!!! redirect okay = $redirect_okay; $reason\n" if $debug;
#
# Wait!
# Before giving up, see if there is a chance that
# there is another host to redirect to!
# (Kids, don't do this at home! Hacking is a dangerous
# crime and you could end up behind bars.)
#
for $u (@users) {
if ($redirect_okay =~ /\bmx\b/) {
next if &try_fallback('mx',$u,*server,
*mx_secondary,
*already_mx_fellback);
}
if ($redirect_okay =~ /\bdomainify\b/) {
next if &try_fallback('domainify',$u,*server,
*domainify_fallback,
*already_domainify_fellback);
}
push(@remaining_users,$u);
}
@users = @remaining_users;
for $u (@users) {
print &compact($u,$server)." ->\n" if ($verbose && $valid && $u);
&verbose(&final($u,$server,$names{"$u *** $server"},$reason));
}
}
#
# This routine is used only within &giveup. It checks to
# see if we really have to giveup or if there is a second
# chance because we did something before that can be
# backtracked.
#
# %fallback{"$user *** $host"} tracks what is able to fallback
# %fellback{"$user *** $host"} tracks what has fallen back
#
# If there is a valid backtrack, then queue up the new possibility
#
sub try_fallback
{
local($method,$user,*host,*fall_table,*fellback) = @_;
local($us,$fallhost,$oldhost,$ft,$i);
if ($debug > 8) {
print "Fallback table $method:\n";
for $i (sort keys %fall_table) {
print "\t'$i'\t\t'$fall_table{$i}'\n";
}
print "Fellback table $method:\n";
for $i (sort keys %fellback) {
print "\t'$i'\t\t'$fellback{$i}'\n";
}
print "U: $user H: $host\n";
}
$us = "$user *** $host";
if (defined $fellback{$us}) {
#
# Undo a previous fallback so that we can try again
# Nested fallbacks are avoided because they could
# lead to infinite loops
#
$fallhost = $fellback{$us};
print "Already $method fell back from $us -> \n" if $debug;
$us = "$user *** $fallhost";
$oldhost = $fallhost;
} elsif (($method eq 'mx') && (defined $mxbacktrace{$us}) && (defined $mx_secondary{$mxbacktrace{$us}})) {
print "Fallback an MX expansion $us -> \n" if $debug;
$oldhost = $mxbacktrace{$us};
} else {
print "Oldhost($host, $us) = " if $debug;
$oldhost = $host;
}
print "$oldhost\n" if $debug;
if (((defined $fall_table{$us}) && ($ft = $us)) || ((defined $fall_table{$oldhost}) && ($ft = $oldhost))) {
print "$method Fallback = ".$fall_table{$ft}."\n" if $debug;
local(@so,$newhost);
@so = split(' ',$fall_table{$ft});
$newhost = shift(@so);
print "Falling back ($method) $us -> $newhost (from $oldhost)\n" if $debug;
if ($method eq 'mx') {
if (! defined ($mxbacktrace{"$user *** $newhost"})) {
if (defined $mxbacktrace{"$user *** $oldhost"}) {
print "resetting oldhost $oldhost to the original: " if $debug;
$oldhost = $mxbacktrace{"$user *** $oldhost"};
print "$oldhost\n" if $debug;
}
$mxbacktrace{"$user *** $newhost"} = $oldhost;
print "mxbacktrace $user *** $newhost -> $oldhost\n" if $debug;
}
$mx{&trhost($oldhost)} = $newhost;
} else {
$temporary_redirect{$us} = $newhost;
}
if (@so) {
print "Can still $method $us: @so\n" if $debug;
$fall_table{$ft} = join(' ',@so);
} else {
print "No more fallbacks for $us\n" if $debug;
delete $fall_table{$ft};
}
if (defined $create_host_backtrack{$us}) {
$create_host_backtrack{"$user *** $newhost"}
= $create_host_backtrack{$us};
}
$fellback{"$user *** $newhost"} = $oldhost;
&expn($newhost,$user,$names{$us},$level{$us});
return 1;
}
delete $temporary_redirect{$us};
$host = $oldhost;
return 0;
}
# return 1 if you could send mail to the address as is.
sub validAddr
{
local($addr) = @_;
$res = &do_validAddr($addr);
print "validAddr($addr) = $res\n" if $debug;
$res;
}
sub do_validAddr
{
local($addr) = @_;
local($urx) = "[-A-Za-z_.0-9+]+";
# \u
return 0 if ($addr =~ /^\\/);
# ?@h
return 1 if ($addr =~ /.\@$urx$/);
# @h:?
return 1 if ($addr =~ /^\@$urx\:./);
# h!u
return 1 if ($addr =~ /^$urx!./);
# u
return 1 if ($addr =~ /^$urx$/);
# ?
print "validAddr($addr) = ???\n" if $debug;
return 0;
}
# Some systems use expn and vrfy interchangeably. Some only
# implement one or the other. Some check expn against mailing
# lists and vrfy against users. It doesn't appear to be
# consistent.
#
# So, what do we do? We try everything!
#
#
# Ranking of result codes: good: 250, 251/551, 252, 550, anything else
#
# Ranking of inputs: best: user@host.domain, okay: user
#
# Return value: $error_string, @responses_from_server
sub expn_vrfy
{
local($u,$server) = @_;
local(@c) = ('expn', 'vrfy');
local(@try_u) = $u;
local(@ret,$code);
if (($u =~ /(.+)@(.+)/) && (&trhost($2) eq &trhost($server))) {
push(@try_u,$1);
}
TRY:
for $c (@c) {
for $try_u (@try_u) {
&alarm("${c}'ing $try_u on $server",'',$u);
&ps("$c $try_u");
alarm(0);
$s = <$S>;
if ($s eq '') {
return "$server: lost connection";
}
if ($s !~ /^(\d+)([- ])/) {
return "$server: garbled reply to '$c $try_u'";
}
if ($1 == 250) {
$code = 250;
@ret = ("",$s);
push(@ret,&read_response($2,$debug));
return (@ret);
}
if ($1 == 551 || $1 == 251) {
$code = $1;
@ret = ("",$s);
push(@ret,&read_response($2,$debug));
next;
}
if ($1 == 252 && ($code == 0 || $code == 550)) {
$code = 252;
@ret = ("",$s);
push(@ret,&read_response($2,$watch));
next;
}
if ($1 == 550 && $code == 0) {
$code = 550;
@ret = ("",$s);
push(@ret,&read_response($2,$watch));
next;
}
&read_response($2,$watch);
}
}
return "$server: expn/vrfy not implemented" unless @ret;
return @ret;
}
# sometimes the old parse routine (now parse2) didn't
# reject funky addresses.
sub parse
{
local($oldaddr,$server,$oldname,$one_to_one) = @_;
local($newhost, $newaddr, $newname, $um) = &parse2($oldaddr,$server,$oldname,$one_to_one);
if ($newaddr =~ m,^["/],) {
return (undef, $oldaddr, $newname) if $valid;
return (undef, $um, $newname);
}
return ($newhost, $newaddr, $newname);
}
# returns ($new_smtp_server,$new_address,$new_name)
# given a response from a SMTP server ($newaddr), the
# current host ($server), the old "name" and a flag that
# indicates if it is being called during the initial
# command line parsing ($parsing_args)
sub parse2
{
local($newaddr,$context_host,$old_name,$parsing_args) = @_;
local(@names) = $old_name;
local($urx) = "[-A-Za-z_.0-9+]+";
local($unmangle);
#
# first, separate out the address part.
#
#
# [NAME] <ADDR [(NAME)]>
# [NAME] <[(NAME)] ADDR
# ADDR [(NAME)]
# (NAME) ADDR
# [(NAME)] <ADDR>
#
if ($newaddr =~ /^\<(.*)\>$/) {
print "<A:$1>\n" if $debug;
($newaddr) = &trim($1);
print "na = $newaddr\n" if $debug;
}
if ($newaddr =~ /^([^\<\>]*)\<([^\<\>]*)\>([^\<\>]*)$/) {
# address has a < > pair in it.
print "N:$1 <A:$2> N:$3\n" if $debug;
($newaddr) = &trim($2);
unshift(@names, &trim($3,$1));
print "na = $newaddr\n" if $debug;
}
if ($newaddr =~ /^([^\(\)]*)\(([^\(\)]*)\)([^\(\)]*)$/) {
# address has a ( ) pair in it.
print "A:$1 (N:$2) A:$3\n" if $debug;
unshift(@names,&trim($2));
local($f,$l) = (&trim($1),&trim($3));
if (($f && $l) || !($f || $l)) {
# address looks like:
# foo (bar) baz or (bar)
# not allowed!
print STDERR "Could not parse $newaddr\n" if $vw;
return(undef,$newaddr,&firstname(@names));
}
$newaddr = $f if $f;
$newaddr = $l if $l;
print "newaddr now = $newaddr\n" if $debug;
}
#
# @foo:bar
# j%k@l
# a@b
# b!a
# a
#
$unmangle = $newaddr;
if ($newaddr =~ /^\@($urx)\:(.+)$/) {
print "(\@:)" if $debug;
# this is a bit of a cheat, but it seems necessary
return (&domainify($1,$context_host,$2),$2,&firstname(@names),$unmangle);
}
if ($newaddr =~ /^(.+)\@($urx)$/) {
print "(\@)" if $debug;
return (&domainify($2,$context_host,$newaddr),$newaddr,&firstname(@names),$unmangle);
}
if ($parsing_args) {
if ($newaddr =~ /^($urx)\!(.+)$/) {
return (&domainify($1,$context_host,$newaddr),$newaddr,&firstname(@names),$unmangle);
}
if ($newaddr =~ /^($urx)$/) {
return ($context_host,$newaddr,&firstname(@names),$unmangle);
}
print STDERR "Could not parse $newaddr\n";
}
print "(?)" if $debug;
return(undef,$newaddr,&firstname(@names),$unmangle);
}
# return $u (@$server) unless $u includes reference to $server
sub compact
{
local($u, $server) = @_;
local($se) = $server;
local($sp);
$se =~ s/(\W)/\\$1/g;
$sp = " (\@$server)";
if ($u !~ /$se/i) {
return "$u$sp";
}
return $u;
}
# remove empty (spaces don't count) members from an array
sub trim
{
local(@v) = @_;
local($v,@r);
for $v (@v) {
$v =~ s/^\s+//;
$v =~ s/\s+$//;
push(@r,$v) if ($v =~ /\S/);
}
return(@r);
}
# using the host part of an address, and the server name, add the
# servers' domain to the address if it doesn't already have a
# domain. Since this sometimes fails, save a back reference so
# it can be unrolled.
sub domainify
{
local($host,$domain_host,$u) = @_;
local($domain,$newhost);
# cut of trailing dots
$host =~ s/\.$//;
$domain_host =~ s/\.$//;
if ($domain_host !~ /\./) {
#
# domain host isn't, keep $host whatever it is
#
print "domainify($host,$domain_host) = $host\n" if $debug;
return $host;
}
#
# There are several weird situtations that need to be
# accounted for. They have to do with domain relay hosts.
#
# Examples:
# host server "right answer"
#
# shiva.cs cs.berkeley.edu shiva.cs.berkeley.edu
# shiva cs.berkeley.edu shiva.cs.berekley.edu
# cumulus reed.edu @reed.edu:cumulus.uucp
# tiberius tc.cornell.edu tiberius.tc.cornell.edu
#
# The first try must always be to cut the domain part out of
# the server and tack it onto the host.
#
# A reasonable second try is to tack the whole server part onto
# the host and for each possible repeated element, eliminate
# just that part.
#
# These extra "guesses" get put into the %domainify_fallback
# array. They will be used to give addresses a second chance
# in the &giveup routine
#
local(%fallback);
local($long);
$long = "$host $domain_host";
$long =~ tr/A-Z/a-z/;
print "long = $long\n" if $debug;
if ($long =~ s/^([^ ]+\.)([^ ]+) \2(\.[^ ]+\.[^ ]+)/$1$2$3/) {
# matches shiva.cs cs.berkeley.edu and returns shiva.cs.berkeley.edu
print "condensed fallback $host $domain_host -> $long\n" if $debug;
$fallback{$long} = 9;
}
local($fh);
$fh = $domain_host;
while ($fh =~ /\./) {
print "FALLBACK $host.$fh = 1\n" if $debug > 7;
$fallback{"$host.$fh"} = 1;
$fh =~ s/^[^\.]+\.//;
}
$fallback{"$host.$domain_host"} = 2;
($domain = $domain_host) =~ s/^[^\.]+//;
$fallback{"$host$domain"} = 6
if ($domain =~ /\./);
if ($host =~ /\./) {
#
# Host is already okay, but let's look for multiple
# interpretations
#
print "domainify($host,$domain_host) = $host\n" if $debug;
delete $fallback{$host};
$domainify_fallback{"$u *** $host"} = join(' ',sort {$fallback{$b} <=> $fallback{$a};} keys %fallback) if %fallback;
return $host;
}
$domain = ".$domain_host"
if ($domain !~ /\..*\./);
$newhost = "$host$domain";
$create_host_backtrack{"$u *** $newhost"} = $domain_host;
print "domainify($host,$domain_host) = $newhost\n" if $debug;
delete $fallback{$newhost};
$domainify_fallback{"$u *** $newhost"} = join(' ',sort {$fallback{$b} <=> $fallback{$a};} keys %fallback) if %fallback;
if ($debug) {
print "fallback = ";
print $domainify_fallback{"$u *** $newhost"}
if defined($domainify_fallback{"$u *** $newhost"});
print "\n";
}
return $newhost;
}
# return the first non-empty element of an array
sub firstname
{
local(@names) = @_;
local($n);
while(@names) {
$n = shift(@names);
return $n if $n =~ /\S/;
}
return undef;
}
# queue up more addresses to expand
sub expn
{
local($host,$addr,$name,$level) = @_;
if ($host) {
$host = &trhost($host);
if (($debug > 3) || (defined $giveup{$host})) {
unshift(@hosts,$host) unless $users{$host};
} else {
push(@hosts,$host) unless $users{$host};
}
$users{$host} .= " $addr";
$names{"$addr *** $host"} = $name;
$level{"$addr *** $host"} = $level + 1;
print "expn($host,$addr,$name)\n" if $debug;
return "\t$addr\n";
} else {
return &final($addr,'NONE',$name);
}
}
# compute the numerical average value of an array
sub average
{
local(@e) = @_;
return 0 unless @e;
local($e,$sum);
for $e (@e) {
$sum += $e;
}
$sum / @e;
}
# print to the server (also to stdout, if -w)
sub ps
{
local($p) = @_;
print ">>> $p\n" if $watch;
print $S "$p\n";
}
# return case-adjusted name for a host (for comparison purposes)
sub trhost
{
# treat foo.bar as an alias for Foo.BAR
local($host) = @_;
local($trhost) = $host;
$trhost =~ tr/A-Z/a-z/;
if ($trhost{$trhost}) {
$host = $trhost{$trhost};
} else {
$trhost{$trhost} = $host;
}
$trhost{$trhost};
}
# re-queue users if an mx record dictates a redirect
# don't allow a user to be redirected more than once
sub mxredirect
{
local($server,*users) = @_;
local($u,$nserver,@still_there);
$nserver = &mx($server);
if (&trhost($nserver) ne &trhost($server)) {
$0 = "$av0 - mx redirect $server -> $nserver\n";
for $u (@users) {
if (defined $mxbacktrace{"$u *** $nserver"}) {
push(@still_there,$u);
} else {
$mxbacktrace{"$u *** $nserver"} = $server;
print "mxbacktrace{$u *** $nserver} = $server\n"
if ($debug > 1);
&expn($nserver,$u,$names{"$u *** $server"});
}
}
@users = @still_there;
if (! @users) {
return $nserver;
} else {
return undef;
}
}
return undef;
}
# follow mx records, return a hostname
-# also follow temporary redirections comming from &domainify and
+# also follow temporary redirections coming from &domainify and
# &mxlookup
sub mx
{
local($h,$u) = @_;
for (;;) {
if (defined $mx{&trhost($h)} && $h ne $mx{&trhost($h)}) {
$0 = "$av0 - mx expand $h";
$h = $mx{&trhost($h)};
return $h;
}
if ($u) {
if (defined $temporary_redirect{"$u *** $h"}) {
$0 = "$av0 - internal redirect $h";
print "Temporary redirect taken $u *** $h -> " if $debug;
$h = $temporary_redirect{"$u *** $h"};
print "$h\n" if $debug;
next;
}
$htr = &trhost($h);
if (defined $temporary_redirect{"$u *** $htr"}) {
$0 = "$av0 - internal redirect $h";
print "temporary redirect taken $u *** $h -> " if $debug;
$h = $temporary_redirect{"$u *** $htr"};
print "$h\n" if $debug;
next;
}
}
return $h;
}
}
# look up mx records with the name server.
# re-queue expansion requests if possible
# optionally give up on this host.
sub mxlookup
{
local($lastchance,$server,$giveup,*users) = @_;
local(*T);
local(*NSLOOKUP);
local($nh, $pref,$cpref);
local($o0) = $0;
local($nserver);
local($name,$aliases,$type,$len,$thataddr);
local(%fallback);
return 1 if &mxredirect($server,*users);
if ((defined $mx{$server}) || (! $have_nslookup)) {
return 0 unless $lastchance;
&giveup('mx domainify',$giveup);
return 0;
}
$0 = "$av0 - nslookup of $server";
sysopen(T,"/tmp/expn$$",O_RDWR|O_CREAT|O_EXCL,0600) || die "open > /tmp/expn$$: $!\n";
print T "set querytype=MX\n";
print T "$server\n";
close(T);
$cpref = 1.0E12;
undef $nserver;
open(NSLOOKUP,"nslookup < /tmp/expn$$ 2>&1 |") || die "open nslookup: $!";
while(<NSLOOKUP>) {
print if ($debug > 2);
if (/mail exchanger = ([-A-Za-z_.0-9+]+)/) {
$nh = $1;
if (/preference = (\d+)/) {
$pref = $1;
if ($pref < $cpref) {
$nserver = $nh;
$cpref = $pref;
} elsif ($pref) {
$fallback{$pref} .= " $nh";
}
}
}
if (/Non-existent domain/) {
#
# These addresss are hosed. Kaput! Dead!
# However, if we created the address in the
# first place then there is a chance of
# salvation.
#
1 while(<NSLOOKUP>);
close(NSLOOKUP);
return 0 unless $lastchance;
&giveup('domainify',"$server: Non-existent domain",undef,1);
return 0;
}
}
close(NSLOOKUP);
unlink("/tmp/expn$$");
unless ($nserver) {
$0 = "$o0 - finished mxlookup";
return 0 unless $lastchance;
&giveup('mx domainify',"$server: Could not resolve address");
return 0;
}
# provide fallbacks in case $nserver doesn't work out
if (defined $fallback{$cpref}) {
$mx_secondary{$server} = $fallback{$cpref};
}
$0 = "$av0 - gethostbyname($nserver)";
($name,$aliases,$type,$len,$thataddr) = gethostbyname($nserver);
unless ($thataddr) {
$0 = $o0;
return 0 unless $lastchance;
&giveup('mx domainify',"$nserver: could not resolve address");
return 0;
}
print "MX($server) = $nserver\n" if $debug;
print "$server -> $nserver\n" if $vw && !$debug;
$mx{&trhost($server)} = $nserver;
# redeploy the users
unless (&mxredirect($server,*users)) {
return 0 unless $lastchance;
&giveup('mx domainify',"$nserver: only one level of mx redirect allowed");
return 0;
}
$0 = "$o0 - finished mxlookup";
return 1;
}
# if mx expansion did not help to resolve an address
# (ie: foo@bar became @baz:foo@bar, then undo the
# expansion).
# this is only used by &final
sub mxunroll
{
local(*host,*addr) = @_;
local($r) = 0;
print "looking for mxbacktrace{$addr *** $host}\n"
if ($debug > 1);
while (defined $mxbacktrace{"$addr *** $host"}) {
print "Unrolling MX expnasion: \@$host:$addr -> "
if ($debug || $verbose);
$host = $mxbacktrace{"$addr *** $host"};
print "\@$host:$addr\n"
if ($debug || $verbose);
$r = 1;
}
return 1 if $r;
$addr = "\@$host:$addr"
if ($host =~ /\./);
return 0;
}
# register a completed expnasion. Make the final address as
# simple as possible.
sub final
{
local($addr,$host,$name,$error) = @_;
local($he);
local($hb,$hr);
local($au,$ah);
if ($error =~ /Non-existent domain/) {
#
# If we created the domain, then let's undo the
# damage...
#
if (defined $create_host_backtrack{"$addr *** $host"}) {
while (defined $create_host_backtrack{"$addr *** $host"}) {
print "Un&domainifying($host) = " if $debug;
$host = $create_host_backtrack{"$addr *** $host"};
print "$host\n" if $debug;
}
$error = "$host: could not locate";
} else {
#
# If we only want valid addresses, toss out
# bad host names.
#
if ($valid) {
print STDERR "\@$host:$addr ($name) Non-existent domain\n";
return "";
}
}
}
MXUNWIND: {
$0 = "$av0 - final parsing of \@$host:$addr";
($he = $host) =~ s/(\W)/\\$1/g;
if ($addr !~ /@/) {
# addr does not contain any host
$addr = "$addr@$host";
} elsif ($addr !~ /$he/i) {
# if host part really something else, use the something
# else.
if ($addr =~ m/(.*)\@([^\@]+)$/) {
($au,$ah) = ($1,$2);
print "au = $au ah = $ah\n" if $debug;
if (defined $temporary_redirect{"$addr *** $ah"}) {
$addr = "$au\@".$temporary_redirect{"$addr *** $ah"};
print "Rewrite! to $addr\n" if $debug;
next MXUNWIND;
}
}
# addr does not contain full host
if ($valid) {
if ($host =~ /^([^\.]+)(\..+)$/) {
# host part has a . in it - foo.bar
($hb, $hr) = ($1, $2);
if ($addr =~ /\@([^\.\@]+)$/ && ($1 eq $hb)) {
# addr part has not .
# and matches beginning of
# host part -- tack on a
# domain name.
$addr .= $hr;
} else {
&mxunroll(*host,*addr)
&& redo MXUNWIND;
}
} else {
&mxunroll(*host,*addr)
&& redo MXUNWIND;
}
} else {
$addr = "${addr}[\@$host]"
if ($host =~ /\./);
}
}
}
$name = "$name " if $name;
$error = " $error" if $error;
if ($valid) {
push(@final,"$name<$addr>");
} else {
push(@final,"$name<$addr>$error");
}
"\t$name<$addr>$error\n";
}
sub alarm
{
local($alarm_action,$alarm_redirect,$alarm_user) = @_;
alarm(3600);
$SIG{ALRM} = 'handle_alarm';
}
# this involves one great big ugly hack.
# the "next HOST" unwinds the stack!
sub handle_alarm
{
&giveup($alarm_redirect,"Timed out during $alarm_action",$alarm_user);
next HOST;
}
# read the rest of the current smtp daemon's response (and toss it away)
sub read_response
{
local($done,$watch) = @_;
local(@resp);
print $s if $watch;
while(($done eq "-") && ($s = <$S>) && ($s =~ /^\d+([- ])/)) {
print $s if $watch;
$done = $1;
push(@resp,$s);
}
return @resp;
}
# print args if verbose. Return them in any case
sub verbose
{
local(@tp) = @_;
print "@tp" if $verbose;
}
# to pass perl -w:
@tp;
$flag_a;
$flag_d;
$flag_1;
%already_domainify_fellback;
%already_mx_fellback;
&handle_alarm;
################### BEGIN PERL/TROFF TRANSITION
.00 ;
'di
.nr nl 0-1
.nr % 0
.\\"'; __END__
.\" ############## END PERL/TROFF TRANSITION
.TH EXPN 1 "March 11, 1993"
.AT 3
.SH NAME
expn \- recursively expand mail aliases
.SH SYNOPSIS
.B expn
.RI [ -a ]
.RI [ -v ]
.RI [ -w ]
.RI [ -d ]
.RI [ -1 ]
.IR user [@ hostname ]
.RI [ user [@ hostname ]]...
.SH DESCRIPTION
.B expn
will use the SMTP
.B expn
and
.B vrfy
commands to expand mail aliases.
It will first look up the addresses you provide on the command line.
If those expand into addresses on other systems, it will
connect to the other systems and expand again. It will keep
doing this until no further expansion is possible.
.SH OPTIONS
The default output of
.B expn
can contain many lines which are not valid
email addresses. With the
.I -aa
flag, only expansions that result in legal addresses
are used. Since many mailing lists have an illegal
address or two, the single
.IR -a ,
address, flag specifies that a few illegal addresses can
be mixed into the results. More
.I -a
flags vary the ratio. Read the source to track down
the formula. With the
.I -a
option, you should be able to construct a new mailing
list out of an existing one.
.LP
If you wish to limit the number of levels deep that
.B expn
will recurse as it traces addresses, use the
.I -1
option. For each
.I -1
another level will be traversed. So,
.I -111
will traverse no more than three levels deep.
.LP
The normal mode of operation for
.B expn
is to do all of its work silently.
The following options make it more verbose.
It is not necessary to make it verbose to see what it is
doing because as it works, it changes its
.BR argv [0]
variable to reflect its current activity.
To see how it is expanding things, the
.IR -v ,
verbose, flag will cause
.B expn
to show each address before
and after translation as it works.
The
.IR -w ,
watch, flag will cause
.B expn
to show you its conversations with the mail daemons.
Finally, the
.IR -d ,
debug, flag will expose many of the inner workings so that
it is possible to eliminate bugs.
.SH ENVIRONMENT
No environment variables are used.
.SH FILES
.PD 0
.B /tmp/expn$$
.B temporary file used as input to
.BR nslookup .
.SH SEE ALSO
.BR aliases (5),
.BR sendmail (8),
.BR nslookup (8),
RFC 823, and RFC 1123.
.SH BUGS
Not all mail daemons will implement
.B expn
or
.BR vrfy .
It is not possible to verify addresses that are served
by such daemons.
.LP
When attempting to connect to a system to verify an address,
.B expn
only tries one IP address. Most mail daemons
will try harder.
.LP
It is assumed that you are running domain names and that
the
.BR nslookup (8)
program is available. If not,
.B expn
will not be able to verify many addresses. It will also pause
for a long time unless you change the code where it says
.I $have_nslookup = 1
to read
.I $have_nslookup =
.IR 0 .
.LP
Lastly,
.B expn
does not handle every valid address. If you have an example,
please submit a bug report.
.SH CREDITS
In 1986 or so, Jon Broome wrote a program of the same name
that did about the same thing. It has since suffered bit rot
and Jon Broome has dropped off the face of the earth!
(Jon, if you are out there, drop me a line)
.SH AVAILABILITY
The latest version of
.B expn
is available through anonymous ftp at
.IR ftp://ftp.idiom.com/pub/muir-programs/expn .
.SH AUTHOR
.I David Muir Sharnoff\ \ \ \ <muir@idiom.com>
diff --git a/contrib/mmuegel b/contrib/mmuegel
index 6db4a45189c1..e1610efa8606 100644
--- a/contrib/mmuegel
+++ b/contrib/mmuegel
@@ -1,2079 +1,2079 @@
From: "Michael S. Muegel" <mmuegel@cssun6.corp.mot.com>
Message-Id: <199307280818.AA08111@cssun6.corp.mot.com>
Subject: Re: contributed software
To: eric@cs.berkeley.edu (Eric Allman)
Date: Wed, 28 Jul 1993 03:18:02 -0500 (CDT)
In-Reply-To: <199307221853.LAA04266@mastodon.CS.Berkeley.EDU> from "Eric Allman" at Jul 22, 93 11:53:47 am
X-Mailer: ELM [version 2.4 PL22]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 69132
OK. Here is a new shell archive.
Cheers,
-Mike
---- Cut Here and feed the following to sh ----
#!/bin/sh
# This is a shell archive (produced by shar 3.49)
# To extract the files from this archive, save it to a file, remove
# everything above the "!/bin/sh" line above, and type "sh file_name".
#
# made 07/28/1993 08:13 UTC by mmuegel@mot.com (Michael S. Muegel)
# Source directory /home/ustart/NeXT/src/mail-tools/dist/foo
#
# existing files will NOT be overwritten unless -c is specified
#
# This shar contains:
# length mode name
# ------ ---------- ------------------------------------------
# 4308 -r--r--r-- README
# 12339 -r--r--r-- libs/date.pl
# 3198 -r--r--r-- libs/elapsed.pl
# 4356 -r--r--r-- libs/mail.pl
# 6908 -r--r--r-- libs/mqueue.pl
# 7024 -r--r--r-- libs/newgetopts.pl
# 4687 -r--r--r-- libs/strings1.pl
# 1609 -r--r--r-- libs/timespec.pl
# 5212 -r--r--r-- man/cqueue.1
# 2078 -r--r--r-- man/postclip.1
# 6647 -r-xr-xr-x src/cqueue
# 1836 -r-xr-xr-x src/postclip
#
# ============= README ==============
if test -f 'README' -a X"$1" != X"-c"; then
echo 'x - skipping README (File already exists)'
else
echo 'x - extracting README (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'README' &&
-------------------------------------------------------------------------------
Document Revision Control Information:
X mmuegel
X /usr/local/ustart/src/mail-tools/dist/foo/README,v
X 1.1 of 1993/07/28 08:12:53
-------------------------------------------------------------------------------
X
1. Introduction
---------------
X
These tools may be of use to those sites using sendmail. Both are written in
Perl. Our site, Mot.COM, receives a ton of mail being a top-level domain
gateway. We have over 24 domains under us. Needless to say, we must have
a robust mail system or my head, and others, would be on the chopping block.
X
2. Description
--------------
X
The first tool, cqueue, checks the sendmail queue for problems. We use
it to flag problems with subdomain mail servers (and even our own servers
once in a while ;-). We run it via a cron job every hour during the day.
You may find this too frequent, however.
X
The other program, postclip, is used to "filter" non-deliverable NDNs that
get sent to our Postmaster account now and then. This ensures privacy of
e-mail and helps avoid disk problems from huge NDNs. It is different than
a brute force "just keep the header" approach because it tries hard to keep
other parts of the message that look like non-delivery information.
X
Both have been used for some time at our site with no problems. Everything
you need should be in this distribution: source, manual pages, and support
libs. See the manual pages for a complete description of each tool.
X
3. Installation
---------------
X
No fancy Makefile simply because these tools are all under a large
hierarchy at my site. Installation should be a snap, however. Install
the nroff(1) man(5) manual pages from the man subdirectory to the
appropriate directory on your system. This might be something like
/usr/local/man/man1.
X
Next, install all of the Perl libraries located in the lib subdirectory
to your Perl library area. /usr/local/lib/perl is a good bet. The person
who installed Perl at your site will be able to tell you for sure.
X
Finally, you need to install the programs. Note that cqueue wants to
run setuid root by default. This is because the sendmail queue is normally
only readable by root or some special group. In order to let any user
run this suidperl is used. suidperl allows a Perl program to run with the
privileges of another user.
X
You will have to edit both the cqueue and postclip programs to change
the #! line at the top of each. Just change the pathname to whatever is
appropriate on your system. Note that Larry Wall's fixin program from
the Camel book can also be used to do this. It is very handy. It changes
#! lines by looking at your PATH.
X
If you do not have suidperl on your system change the #! line in cqueue
to reference perl instead of suidperl.
X
You may also wish to change some constants in cqueue. $DEF_QUEUE should be
changed to your queue directory if it is not /usr/spool/mqueue. $DEF_TIME
could be changed easy enough also. It is the time spec for the time duration
after which a mail message will be reported on if the -a option has not been
specified. See the manual page for more information and the format of this
constant (same as the -t argument). Then again, neither of these has to
be changed. Command line options are there to override their default
values.
X
After you have edited the programs as necessary, all that remains is to
install them to some executable directory. Install postclip mode 555
and cqueue mode 4555 with owner root (if using suidperl) or mode 555
(if not using suidperl).
X
4. Gripes, Comments, Etc
------------------------
X
If you start using either of these let me know. I have other mail tools I
will likely post in the future if these prove useful. Also, if you think
something is just plain dumb/wrong/stupid let me know!
X
Cheers,
-Mike
X
--
+----------------------------------------------------------------------------+
| Michael S. Muegel | Internet E-Mail: mmuegel@mot.com |
| UNIX Applications Startup Group | Moto Dist E-Mail: X10090 |
| Corporate Information Office | Voice: (708) 576-0507 |
| Motorola | Fax: (708) 576-4153 |
+----------------------------------------------------------------------------+
SHAR_EOF
chmod 0444 README ||
echo 'restore of README failed'
Wc_c="`wc -c < 'README'`"
test 4308 -eq "$Wc_c" ||
echo 'README: original size 4308, current size' "$Wc_c"
fi
# ============= libs/date.pl ==============
if test ! -d 'libs'; then
echo 'x - creating directory libs'
mkdir 'libs'
fi
if test -f 'libs/date.pl' -a X"$1" != X"-c"; then
echo 'x - skipping libs/date.pl (File already exists)'
else
echo 'x - extracting libs/date.pl (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'libs/date.pl' &&
;#
;# Name
;# date.pl - Perl emulation of (the output side of) date(1)
;#
;# Synopsis
;# require "date.pl";
;# $Date = &date(time);
;# $Date = &date(time, $format);
;#
;# Description
;# This package implements the output formatting functions of date(1) in
;# Perl. The format options are based on those supported by Ultrix 4.0
;# plus a couple of additions from SunOS 4.1.1 and elsewhere:
;#
;# %a abbreviated weekday name - Sun to Sat
;# %A full weekday name - Sunday to Saturday
;# %b abbreviated month name - Jan to Dec
;# %B full month name - January to December
;# %c date and time in local format [+]
;# %C date and time in long local format [+]
;# %d day of month - 01 to 31
;# %D date as mm/dd/yy
;# %e day of month (space padded) - ` 1' to `31'
;# %E day of month (with suffix: 1st, 2nd, 3rd...)
;# %f month of year (space padded) - ` 1' to `12'
;# %h abbreviated month name - Jan to Dec
;# %H hour - 00 to 23
;# %i hour (space padded) - ` 1' to `12'
;# %I hour - 01 to 12
;# %j day of the year (Julian date) - 001 to 366
;# %k hour (space padded) - ` 0' to `23'
;# %l date in ls(1) format
;# %m month of year - 01 to 12
;# %M minute - 00 to 59
;# %n insert a newline character
;# %p ante-meridiem or post-meridiem indicator (AM or PM)
;# %r time in AM/PM notation
;# %R time as HH:MM
;# %S second - 00 to 59
;# %t insert a tab character
;# %T time as HH:MM:SS
;# %u date/time in date(1) required format
;# %U week number, Sunday as first day of week - 00 to 53
;# %V date-time in SysV touch format (mmddHHMMyy)
;# %w day of week - 0 (Sunday) to 6
;# %W week number, Monday as first day of week - 00 to 53
;# %x date in local format [+]
;# %X time in local format [+]
;# %y last 2 digits of year - 00 to 99
;# %Y all 4 digits of year ~ 1700 to 2000 odd ?
;# %z time zone from TZ environment variable w/ a trailing space
;# %Z time zone from TZ environment variable
;# %% insert a `%' character
;# %+ insert a `+' character
;#
;# [+]: These may need adjustment to fit local conventions, see below.
;#
;# For the sake of compatibility, a leading `+' in the format
;# specificaiton is removed if present.
;#
;# Remarks
;# This is version 3.4 of date.pl
;#
;# An extension of `ctime.pl' by Waldemar Kebsch (kebsch.pad@nixpbe.UUCP),
;# as modified by Marion Hakanson (hakanson@ogicse.ogi.edu).
;#
;# Unlike date(1), unknown format tags are silently replaced by "".
;#
;# defaultTZ is a blatant hack, but I wanted to be able to get date(1)
;# like behaviour by default and there does'nt seem to be an easy (read
;# portable) way to get the local TZ name back...
;#
;# For a cheap date, try...
;#
;# #!/usr/local/bin/perl
;# require "date.pl";
;# exit print (&date(time, shift @ARGV) . "\n") ? 0 : 1;
;#
;# This package is redistributable under the same terms as apply to
;# the Perl 4.0 release. See the COPYING file in your Perl kit for
;# more information.
;#
;# Please send any bug reports or comments to tmcgonigal@gallium.com
;#
;# Modification History
;# Nmemonic Version Date Who
;#
;# NONE 1.0 02feb91 Terry McGonigal (tmcgonigal@gallium.com)
;# Created from ctime.pl
;#
;# NONE 2.0 07feb91 tmcgonigal
;# Added some of Marion Hakanson (hakanson@ogicse.ogi.edu)'s ctime.pl
;# TZ handling changes.
;#
;# NONE 2.1 09feb91 tmcgonigal
;# Corrected week number calculations.
;#
;# NONE 2.2 21oct91 tmcgonigal
;# Added ls(1) date format, `%l'.
;#
;# NONE 2.3 06nov91 tmcgonigal
;# Added SysV touch(1) date-time format, `%V' (pretty thin as
;# mnemonics go, I know, but `t' and `T' were both gone already!)
;#
;# NONE 2.4 05jan92 tmcgonigal
;# Corrected slight (cosmetic) problem with %V replacment string
;#
;# NONE 3.0 09jul92 tmcgonigal
;# Fixed a couple of problems with &ls as pointed out by
;# Thomas Richter (richter@ki1.chemie.fu-berlin.de), thanks Thomas!
;# Also added a couple of SunOS 4.1.1 strftime-ish formats, %i and %k
-;# for space padded hours (` 1' to `12' and ` 0' to `23' respectivly),
+;# for space padded hours (` 1' to `12' and ` 0' to `23' respectively),
;# and %C for locale long date/time format. Changed &ampmH to take a
;# pad char parameter to make to evaled code for %i and %k simpler.
;# Added %E for suffixed day-of-month (ie 1st, 3rd, 4th etc).
;#
;# NONE 3.1 16jul92 tmcgonigal
;# Added `%u' format to generate date/time in date(1) required
;# format (ie '%y%m%d%H%M.%S').
;#
;# NONE 3.2 23jan93 tmcgonigal
;# Added `%f' format to generate space padded month numbers, added
;# `%E' to the header comments, it seems to have been left out (and
;# I'm sure I wanted to use it at some point in the past...).
;#
;# NONE 3.3 03feb93 tmcgonigal
;# Corrected some problems with AM/PM handling pointed out by
;# Michael S. Muegel (mmuegel@mot.com). Thanks Michael, I hope
;# this is the behaviour you were looking for, it seems more
;# correct to me...
;#
;# NONE 3.4 26jul93 tmcgonigal
;# Incorporated some fixes provided by DaviD W. Sanderson
;# (dws@ssec.wisc.edu): February was spelled incorrectly and
;# &wkno() was always using the current year while calculating
;# week numbers, regardless of year implied by the time value
;# passed to &date(). DaviD also contributed an improved &date()
;# test script, thanks DaviD, I appreciate the effort. Finally,
;# changed my mailling address from @gvc.com to @gallium.com
;# to reflect, well, my new address!
;#
;# SccsId = "%W% %E%"
;#
require 'timelocal.pl';
package date;
X
# Months of the year
@MoY = ('January', 'February', 'March', 'April', 'May', 'June',
X 'July', 'August', 'September','October', 'November', 'December');
X
# days of the week
@DoW = ('Sunday', 'Monday', 'Tuesday', 'Wednesday',
X 'Thursday', 'Friday', 'Saturday');
X
# CUSTOMIZE - defaults
$defaultTZ = 'CST'; # time zone (hack!)
$defaultFMT = '%a %h %e %T %z%Y'; # format (ala date(1))
X
# CUSTOMIZE - `local' formats
$locTF = '%T'; # time (as HH:MM:SS)
$locDF = '%D'; # date (as mm/dd/yy)
$locDTF = '%a %b %d %T %Y'; # date/time (as dow mon dd HH:MM:SS yyyy)
$locLDTF = '%i:%M:%S %p %A %B %E %Y'; # long date/time (as HH:MM:SS a/p day month dom yyyy)
X
# Time zone info
$TZ; # wkno needs this info too
X
# define the known format tags as associative keys with their associated
# replacement strings as values. Each replacement string should be
# an eval-able expresion assigning a value to $rep. These expressions are
# eval-ed, then the value of $rep is substituted into the supplied
# format (if any).
%Tags = ( '%a', q|($rep = $DoW[$wday])=~ s/^(...).*/\1/|, # abbr. weekday name - Sun to Sat
X '%A', q|$rep = $DoW[$wday]|, # full weekday name - Sunday to Saturday
X '%b', q|($rep = $MoY[$mon]) =~ s/^(...).*/\1/|, # abbr. month name - Jan to Dec
X '%B', q|$rep = $MoY[$mon]|, # full month name - January to December
X '%c', q|$rep = $locDTF; 1|, # date/time in local format
X '%C', q|$rep = $locLDTF; 1|, # date/time in local long format
X '%d', q|$rep = &date'pad($mday, 2, "0")|, # day of month - 01 to 31
X '%D', q|$rep = '%m/%d/%y'|, # date as mm/dd/yy
X '%e', q|$rep = &date'pad($mday, 2, " ")|, # day of month (space padded) ` 1' to `31'
X '%E', q|$rep = &date'dsuf($mday)|, # day of month (w/suffix) `1st' to `31st'
X '%f', q|$rep = &date'pad($mon+1, 2, " ")|, # month of year (space padded) ` 1' to `12'
X '%h', q|$rep = '%b'|, # abbr. month name (same as %b)
X '%H', q|$rep = &date'pad($hour, 2, "0")|, # hour - 00 to 23
X '%i', q|$rep = &date'ampmH($hour, " ")|, # hour (space padded ` 1' to `12'
X '%I', q|$rep = &date'ampmH($hour, "0")|, # hour - 01 to 12
X '%j', q|$rep = &date'pad($yday+1, 3, "0")|, # Julian date 001 - 366
X '%k', q|$rep = &date'pad($hour, 2, " ")|, # hour (space padded) ` 0' to `23'
X '%l', q|$rep = '%b %d ' . &date'ls($year)|, # ls(1) style date
X '%m', q|$rep = &date'pad($mon+1, 2, "0")|, # month of year - 01 to 12
X '%M', q|$rep = &date'pad($min, 2, "0")|, # minute - 00 to 59
X '%n', q|$rep = "\n"|, # insert a newline
X '%p', q|$rep = &date'ampmD($hour)|, # insert `AM' or `PM'
X '%r', q|$rep = '%I:%M:%S %p'|, # time in AM/PM notation
X '%R', q|$rep = '%H:%M'|, # time as HH:MM
X '%S', q|$rep = &date'pad($sec, 2, "0")|, # second - 00 to 59
X '%t', q|$rep = "\t"|, # insert a tab
X '%T', q|$rep = '%H:%M:%S'|, # time as HH:MM:SS
X '%u', q|$rep = '%y%m%d%H%M.%S'|, # daaate/time in date(1) required format
X '%U', q|$rep = &date'wkno($year, $yday, 0)|, # week number (weeks start on Sun) - 00 to 53
X '%V', q|$rep = '%m%d%H%M%y'|, # SysV touch(1) date-time format (mmddHHMMyy)
X '%w', q|$rep = $wday; 1|, # day of week - Sunday = 0
X '%W', q|$rep = &date'wkno($year, $yday, 1)|, # week number (weeks start on Mon) - 00 to 53
X '%x', q|$rep = $locDF; 1|, # date in local format
X '%X', q|$rep = $locTF; 1|, # time in local format
X '%y', q|($rep = $year) =~ s/..(..)/\1/|, # last 2 digits of year - 00 to 99
X '%Y', q|$rep = "$year"; 1|, # full year ~ 1700 to 2000 odd
X '%z', q|$rep = $TZ eq "" ? "" : "$TZ "|, # time zone from TZ env var (w/trail. space)
X '%Z', q|$rep = $TZ; 1|, # time zone from TZ env. var.
X '%%', q|$rep = '%'; $adv=1|, # insert a `%'
X '%+', q|$rep = '+'| # insert a `+'
);
X
sub main'date {
X local($time, $format) = @_;
X local($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst);
X local($pos, $tag, $rep, $adv) = (0, "", "", 0);
X
X # default to date/ctime format or strip leading `+'...
X if ($format eq "") {
X $format = $defaultFMT;
X } elsif ($format =~ /^\+/) {
X $format = $';
X }
X
X # Use local time if can't find a TZ in the environment
X $TZ = defined($ENV{'TZ'}) ? $ENV{'TZ'} : $defaultTZ;
X ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =
X &gettime ($TZ, $time);
X
X # Hack to deal with 'PST8PDT' format of TZ
X # Note that this can't deal with all the esoteric forms, but it
X # does recognize the most common: [:]STDoff[DST[off][,rule]]
X if ($TZ =~ /^([^:\d+\-,]{3,})([+-]?\d{1,2}(:\d{1,2}){0,2})([^\d+\-,]{3,})?/) {
X $TZ = $isdst ? $4 : $1;
X }
X
X # watch out in 2070...
X $year += ($year < 70) ? 2000 : 1900;
X
-X # now loop throught the supplied format looking for tags...
+X # now loop through the supplied format looking for tags...
X while (($pos = index ($format, '%')) != -1) {
X
X # grab the format tag
X $tag = substr($format, $pos, 2);
X $adv = 0; # for `%%' processing
X
X # do we have a replacement string?
X if (defined $Tags{$tag}) {
X
X # trap dead evals...
X if (! eval $Tags{$tag}) {
X print STDERR "date.pl: internal error: eval for $tag failed: $@\n";
X return "";
X }
X } else {
X $rep = "";
X }
X
X # do the substitution
X substr ($format, $pos, 2) =~ s/$tag/$rep/;
X $pos++ if ($adv);
X }
X
X $format;
}
X
# dsuf - add `st', `nd', `rd', `th' to a date (ie 1st, 22nd, 29th)
sub dsuf {
X local ($mday) = @_;
X
X return $mday . 'st' if ($mday =~ m/.*1$/);
X return $mday . 'nd' if ($mday =~ m/.*2$/);
X return $mday . 'rd' if ($mday =~ m/.*3$/);
X return $mday . 'th';
}
X
# weekno - figure out week number
sub wkno {
X local ($year, $yday, $firstweekday) = @_;
X local ($jan1, @jan1, $wks);
X
X # figure out the `time' value for January 1 of the given year
X $jan1 = &maketime ($TZ, 0, 0, 0, 1, 0, $year-1900);
X
X # figure out what day of the week January 1 was
X @jan1= &gettime ($TZ, $jan1);
X
X # and calculate the week number
X $wks = (($yday + ($jan1[6] - $firstweekday)) + 1)/ 7;
X $wks += (($wks - int($wks) > 0.0) ? 1 : 0);
X
X # supply zero padding
X &pad (int($wks), 2, "0");
}
X
# ampmH - figure out am/pm (1 - 12) mode hour value, padded with $p (0 or ' ')
sub ampmH { local ($h, $p) = @_; &pad($h>12 ? $h-12 : ($h ? $h : 12), 2, $p); }
X
# ampmD - figure out am/pm designator
sub ampmD { shift @_ >= 12 ? "PM" : "AM"; }
X
# gettime - get the time via {local,gmt}time
sub gettime { ((shift @_) eq 'GMT') ? gmtime(shift @_) : localtime(shift @_); }
X
# maketime - make a time via time{local,gmt}
sub maketime { ((shift @_) eq 'GMT') ? &main'timegm(@_) : &main'timelocal(@_); }
X
# ls - generate the time/year portion of an ls(1) style date
sub ls {
X return ((&gettime ($TZ, time))[5] == @_[0]) ? "%R" : " %Y";
}
X
-# pad - pad $in with leading $pad until lenght $len
+# pad - pad $in with leading $pad until length $len
sub pad {
X local ($in, $len, $pad) = @_;
X local ($out) = "$in";
X
X $out = $pad . $out until (length ($out) == $len);
X return $out;
}
X
1;
SHAR_EOF
chmod 0444 libs/date.pl ||
echo 'restore of libs/date.pl failed'
Wc_c="`wc -c < 'libs/date.pl'`"
test 12339 -eq "$Wc_c" ||
echo 'libs/date.pl: original size 12339, current size' "$Wc_c"
fi
# ============= libs/elapsed.pl ==============
if test -f 'libs/elapsed.pl' -a X"$1" != X"-c"; then
echo 'x - skipping libs/elapsed.pl (File already exists)'
else
echo 'x - extracting libs/elapsed.pl (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'libs/elapsed.pl' &&
;# NAME
;# elapsed.pl - convert seconds to elapsed time format
;#
;# AUTHOR
;# Michael S. Muegel <mmuegel@mot.com>
;#
;# RCS INFORMATION
;# mmuegel
;# /usr/local/ustart/src/mail-tools/dist/foo/libs/elapsed.pl,v
;# 1.1 of 1993/07/28 08:07:19
X
package elapsed;
X
# Time field types
$DAYS = 1;
$HOURS = 2;
$MINUTES = 3;
$SECONDS = 4;
X
# The array contains four records each with four fields. The fields are,
# in order:
#
# Type Specifies what kind of time field this is. Once of
# $DAYS, $HOURS, $MINUTES, or $SECONDS.
#
# Multiplier Specifies what time field this is via the minimum
# number of seconds this time field may specify. For
# example, the minutes field would be non-zero
# when there are 60 or more seconds.
#
# Separator How to separate this time field from the next
# *greater* field.
#
# Format sprintf() format specifier on how to print this
# time field.
@MULT_AND_SEPS = ($DAYS, 60 * 60 * 24, "+", "%d",
X $HOURS, 60 * 60, ":", "%d",
X $MINUTES, 60, ":", "%02d",
X $SECONDS, 1, "", "%02d"
X );
X
;###############################################################################
;# Seconds_To_Elapsed
;#
;# Coverts a seconds count to form [d+]h:mm:ss. If $Collapse
;# is true then the result is compacted somewhat. The string returned
;# will be of the form [d+][[h:]mm]:ss.
;#
;# Arguments:
;# $Seconds, $Collapse
;#
;# Examples:
;# &Seconds_To_Elapsed (0, 0) -> 0:00:00
;# &Seconds_To_Elapsed (0, 1) -> :00
;#
;# &Seconds_To_Elapsed (119, 0) -> 0:01:59
;# &Seconds_To_Elapsed (119, 1) -> 01:59
;#
;# &Seconds_To_Elapsed (3601, 0) -> 1:00:01
;# &Seconds_To_Elapsed (3601, 1) -> 1:00:01
;#
;# &Seconds_To_Elapsed (86401, 0) -> 1+0:00:01
;# &Seconds_To_Elapsed (86401, 1) -> 1+:01
;#
;# Returns:
;# $Elapsed
;###############################################################################
sub main'Seconds_To_Elapsed
{
X local ($Seconds, $Collapse) = @_;
X local ($Type, $Multiplier, @Multipliers, $Separator, $DHMS_Used,
X $Elapsed, @Mult_And_Seps, $Print_Field);
X
X $Multiplier = 1;
X @Mult_And_Seps = @MULT_AND_SEPS;
X
X # Keep subtracting the number of seconds corresponding to a time field
X # from the number of seconds passed to the function.
X while (1)
X {
X ($Type, $Multiplier, $Separator, $Format) = splice (@Mult_And_Seps, 0, 4);
X last if (! $Multiplier);
X $Seconds -= $DHMS_Used * $Multiplier
X if ($DHMS_Used = int ($Seconds / $Multiplier));
X
X # Figure out if we should print this field
X if ($Type == $DAYS)
X {
X $Print_Field = $DHMS_Used;
X }
X
X elsif ($Collapse)
X {
X if ($Type == $HOURS)
X {
X $Print_Field = $DHMS_Used;
X }
X elsif ($Type == $MINUTES)
X {
X $Print_Field = $DHMS_Used || $Printed_Field {$HOURS};
X }
X else
X {
X $Format = ":%02d"
X if (! $Printed_Field {$MINUTES});
X $Print_Field = 1;
X };
X }
X
X else
X {
X $Print_Field = 1;
X };
X
X $Printed_Field {$Type} = $Print_Field;
X $Elapsed .= sprintf ("$Format%s", $DHMS_Used, $Separator)
X if ($Print_Field);
X };
X
X return ($Elapsed);
};
X
1;
SHAR_EOF
chmod 0444 libs/elapsed.pl ||
echo 'restore of libs/elapsed.pl failed'
Wc_c="`wc -c < 'libs/elapsed.pl'`"
test 3198 -eq "$Wc_c" ||
echo 'libs/elapsed.pl: original size 3198, current size' "$Wc_c"
fi
# ============= libs/mail.pl ==============
if test -f 'libs/mail.pl' -a X"$1" != X"-c"; then
echo 'x - skipping libs/mail.pl (File already exists)'
else
echo 'x - extracting libs/mail.pl (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'libs/mail.pl' &&
;# NAME
;# mail.pl - perl function(s) to handle mail processing
;#
;# AUTHOR
;# Michael S. Muegel (mmuegel@mot.com)
;#
;# RCS INFORMATION
;# mmuegel
;# /usr/local/ustart/src/mail-tools/dist/foo/libs/mail.pl,v 1.1 1993/07/28 08:07:19 mmuegel Exp
X
package mail;
X
# Mailer statement to eval. $Users, $Subject, and $Verbose are substituted
# via eval
$BIN_MAILER = "/usr/ucb/mail \$Verbose -s '\$Subject' \$Users";
X
# Sendmail command to use when $Use_Sendmail is true.
$SENDMAIL = '/usr/lib/sendmail $Verbose $Users';
X
;###############################################################################
;# Send_Mail
;#
;# Sends $Message to $Users with a subject of $Subject. If $Message_Is_File
;# is true then $Message is assumed to be a filename pointing to the mail
;# message. This is a new option and thus the backwards-compatible hack.
;# $Users should be a space separated list of mail-ids.
;#
;# If everything went OK $Status will be 1 and $Error_Msg can be ignored;
;# otherwise, $Status will be 0 and $Error_Msg will contain an error message.
;#
;# If $Use_Sendmail is 1 then sendmail is used to send the message. Normally
-;# a mailer such as Mail is used. By specifiying this you can include
+;# a mailer such as Mail is used. By specifying this you can include
;# headers in addition to text in either $Message or $Message_Is_File.
;# If either $Message or $Message_Is_File contain a Subject: header then
;# $Subject is ignored; otherwise, a Subject: header is automatically created.
;# Similar to the Subject: header, if a To: header does not exist one
;# is automatically created from the $Users argument. The mail is still
;# sent, however, to the recipients listed in $Users. This is keeping with
;# normal sendmail usage (header vs. envelope).
;#
;# In both bin mailer and sendmail modes $Verbose will turn on verbose mode
;# (normally just sendmail verbose mode output).
;#
;# Arguments:
;# $Users, $Subject, $Message, $Message_Is_File, $Verbose, $Use_Sendmail
;#
;# Returns:
;# $Status, $Error_Msg
;###############################################################################
sub main'Send_Mail
{
X local ($Users, $Subject, $Message, $Message_Is_File, $Verbose,
X $Use_Sendmail) = @_;
X local ($BIN_MAILER_HANDLE, $Mailer_Command, $Header_Found, %Header_Map,
X $Header_Extra, $Mailer);
X
X # If the message is contained in a file read it in so we can have one
X # consistent interface
X if ($Message_Is_File)
X {
X undef $/;
X $Message_Is_File = 0;
X open (Message) || return (0, "error reading $Message: $!");
X $Message = <Message>;
X close (Message);
X };
X
X # If sendmail mode see if we need to add some headers
X if ($Use_Sendmail)
X {
X # Determine if a header block is included in the message and what headers
X # are there
X foreach (split (/\n/, $Message))
X {
X last if ($_ eq "");
X $Header_Found = $Header_Map {$1} = 1 if (/^([A-Z]\S*): /);
X };
X
X # Add some headers?
X if (! $Header_Map {"To"})
X {
X $Header_Extra .= "To: " . join (", ", $Users) . "\n";
X };
X if (($Subject ne "") && (! $Header_Map {"Subject"}))
X {
X $Header_Extra .= "Subject: $Subject\n";
X };
X
X # Add the required blank line between header/body if there where no
X # headers to begin with
X if ($Header_Found)
X {
X $Message = "$Header_Extra$Message";
X }
X else
X {
X $Message = "$Header_Extra\n$Message";
X };
X };
X
X # Get a string that is the mail command
X $Verbose = ($Verbose) ? "-v" : "";
X $Mailer = ($Use_Sendmail) ? $SENDMAIL : $BIN_MAILER;
X eval "\$Mailer = \"$Mailer\"";
X return (0, "error setting \$Mailer: $@") if ($@);
X
X # need to catch SIGPIPE in case the $Mailer call fails
X $SIG {'PIPE'} = "mail'Cleanup";
X
X # Open mailer
X return (0, "can not open mail program: $Mailer") if (! open (MAILER, "| $Mailer"));
X
X # Send off the mail!
X print MAILER $Message;
X close (MAILER);
X return (0, "error running mail program: $Mailer") if ($?);
X
X # Everything must have went AOK
X return (1);
};
X
;###############################################################################
;# Cleanup
;#
;# Simply here so we can catch SIGPIPE and not exit.
;#
;# Globals:
;# None
;#
;# Arguments:
;# None
;#
;# Returns:
;# Nothing exciting
;###############################################################################
sub Cleanup
{
};
X
1;
SHAR_EOF
chmod 0444 libs/mail.pl ||
echo 'restore of libs/mail.pl failed'
Wc_c="`wc -c < 'libs/mail.pl'`"
test 4356 -eq "$Wc_c" ||
echo 'libs/mail.pl: original size 4356, current size' "$Wc_c"
fi
# ============= libs/mqueue.pl ==============
if test -f 'libs/mqueue.pl' -a X"$1" != X"-c"; then
echo 'x - skipping libs/mqueue.pl (File already exists)'
else
echo 'x - extracting libs/mqueue.pl (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'libs/mqueue.pl' &&
;# NAME
;# mqueue.pl - functions to work with the sendmail queue
;#
;# DESCRIPTION
;# Both Get_Queue_IDs and Parse_Control_File are available to get
;# information about the sendmail queue. The cqueue program is a good
;# example of how these functions work.
;#
;# AUTHOR
;# Michael S. Muegel (mmuegel@mot.com)
;#
;# RCS INFORMATION
;# mmuegel
;# /usr/local/ustart/src/mail-tools/dist/foo/libs/mqueue.pl,v
;# 1.1 of 1993/07/28 08:07:19
X
package mqueue;
X
;###############################################################################
;# Get_Queue_IDs
;#
;# Will figure out the queue IDs in $Queue that have both control and data
;# files. They are returned in @Valid_IDs. Those IDs that have a
;# control file and no data file are saved to the array globbed by
;# *Missing_Control_IDs. Likewise, those IDs that have a data file and no
;# control file are saved to the array globbed by *Missing_Data_IDs.
;#
;# If $Skip_Locked is true they a message that has a lock file is skipped
;# and will not show up in any of the arrays.
;#
;# If everything went AOK then $Status is 1; otherwise, $Status is 0 and
;# $Msg tells what went wrong.
;#
;# Globals:
;# None
;#
;# Arguments:
;# $Queue, $Skip_Locked, *Missing_Control_IDs, *Missing_Data_IDs
;#
;# Returns:
;# $Status, $Msg, @Valid_IDs
;###############################################################################
sub main'Get_Queue_IDs
{
X local ($Queue, $Skip_Locked, *Missing_Control_IDs,
X *Missing_Data_IDs) = @_;
X local (*QUEUE, @Files, %Lock_IDs, %Data_IDs, %Control_IDs, $_);
X
X # Make sure that the * argument @arrays ar empty
X @Missing_Control_IDs = @Missing_Data_IDs = ();
X
X # Save each data, lock, and queue file in @Files
X opendir (QUEUE, $Queue) || return (0, "error getting directory listing of $Queue");
X @Files = grep (/^(df|lf|qf)/, readdir (QUEUE));
X closedir (QUEUE);
X
X # Create indexed list of data and control files. IF $Skip_Locked is true
X # then skip either if there is a lock file present.
X if ($Skip_Locked)
X {
X grep ((s/^lf//) && ($Lock_IDs {$_} = 1), @Files);
X grep ((s/^df//) && (! $Lock_IDs {$_}) && ($Data_IDs {$_} = 1), @Files);
X grep ((s/^qf//) && (! $Lock_IDs {$_}) && ($Control_IDs {$_} = 1), @Files);
X }
X else
X {
X grep ((s/^df//) && ($Data_IDs {$_} = 1), @Files);
X grep ((s/^qf//) && ($Control_IDs {$_} = 1), @Files);
X };
X
X # Find missing control and data files and remove them from the lists of each
X @Missing_Control_IDs = sort (grep ((! $Control_IDs {$_}) && (delete $Data_IDs {$_}), keys (%Data_IDs)));
X @Missing_Data_IDs = sort (grep ((! $Data_IDs {$_} && (delete $Control_IDs {$_})), keys (%Control_IDs)));
X
X
X # Return the IDs in an appartently random order
X return (1, "", keys (%Control_IDs));
};
X
X
;###############################################################################
;# Parse_Control_File
;#
;# Will pase a sendmail queue control file for useful information. See the
;# Sendmail Installtion and Operation Guide (SMM:07) for a complete
;# explanation of each field.
;#
;# The following globbed variables are set (or cleared) by this function:
;#
;# $Sender The sender's address.
;#
;# @Recipients One or more addresses for the recipient of the mail.
;#
;# @Errors_To One or more addresses for addresses to which mail
;# delivery errors should be sent.
;#
;# $Creation_Time The job creation time in time(3) format. That is,
;# seconds since 00:00:00 GMT 1/1/70.
;#
;# $Priority An integer representing the current message priority.
;# This is used to order the queue. Higher numbers mean
;# lower priorities.
;#
;# $Status_Message The status of the mail message. It can contain any
;# text.
;#
;# @Headers Message headers unparsed but in their original order.
;# Headers that span multiple lines are not mucked with,
;# embedded \ns will be evident.
;#
;# In all e-mail addresses bounding <> pairs are stripped.
;#
;# If everything went AOK then $Status is 1. If the message with queue ID
;# $Queue_ID just does not exist anymore -1 is returned. This is very
;# possible and should be allowed for. Otherwise, $Status is 0 and $Msg
;# tells what went wrong.
;#
;# Globals:
;# None
;#
;# Arguments:
;# $Queue, $Queue_ID, *Sender, *Recipients, *Errors_To, *Creation_Time,
;# *Priority, *Status_Message, *Headers
;#
;# Returns:
;# $Status, $Msg
;###############################################################################
sub main'Parse_Control_File
{
X local ($Queue, $Queue_ID, *Sender, *Recipients, *Errors_To, *Creation_Time,
X *Priority, *Status_Message, *Headers) = @_;
X local (*Control, $_, $Not_Empty);
X
X # Required variables and the associated control. If empty at the end of
X # parsing we return a bad status.
X @REQUIRED_INFO = ('$Creation_Time', 'T', '$Sender', 'S', '@Recipients', 'R',
X '$Priority', 'P');
X
X # Open up the control file for read
X $Control = "$Queue/qf$Queue_ID";
X if (! open (Control))
X {
X return (-1) if ((-x $Queue) && (! -f "$Queue/qf$Queue_ID") &&
X (! -f "$Queue/df$Queue_ID"));
X return (0, "error opening $Control for read: $!");
X };
X
X # Reset the globbed variables just in case
X $Sender = $Creation_Time = $Priority = $Status_Message = "";
X @Recipients = @Errors_To = @Headers = ();
X
X # Look for a few things in the control file
X READ: while (<Control>)
X {
X $Not_Empty = 1;
X chop;
X
X PARSE:
X {
X if (/^T(\d+)$/)
X {
X $Creation_Time = $1;
X }
X elsif (/^S(<)?([^>]+)/)
X {
X $Sender = $2;
X }
X elsif (/^R(<)?([^>]+)/)
X {
X push (@Recipients, $2);
X }
X elsif (/^E(<)?([^>]+)/)
X {
X push (@Errors_To, $2);
X }
X elsif (/^M(.*)/)
X {
X $Status_Message = $1;
X }
X elsif (/^P(\d+)$/)
X {
X $Priority = $1;
X }
X elsif (/^H(.*)/)
X {
X $Header = $1;
X while (<Control>)
X {
X chop;
X last if (/^[A-Z]/);
X $Header .= "\n$_";
X };
X push (@Headers, $Header);
X redo PARSE if ($_);
X last if (eof);
X };
X };
X };
X
X # If the file was empty scream bloody murder
X return (0, "empty control file") if (! $Not_Empty);
X
X # Yell if we could not find a required field
X while (($Var, $Control) = splice (@REQUIRED_INFO, 0, 2))
X {
X eval "return (0, 'required control field $Control not found')
X if (! $Var)";
X return (0, "error checking \$Var: $@") if ($@);
X };
X
X # Everything went AOK
X return (1);
};
X
1;
SHAR_EOF
chmod 0444 libs/mqueue.pl ||
echo 'restore of libs/mqueue.pl failed'
Wc_c="`wc -c < 'libs/mqueue.pl'`"
test 6908 -eq "$Wc_c" ||
echo 'libs/mqueue.pl: original size 6908, current size' "$Wc_c"
fi
# ============= libs/newgetopts.pl ==============
if test -f 'libs/newgetopts.pl' -a X"$1" != X"-c"; then
echo 'x - skipping libs/newgetopts.pl (File already exists)'
else
echo 'x - extracting libs/newgetopts.pl (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'libs/newgetopts.pl' &&
;# NAME
;# newgetopts.pl - a better newgetopt (which is a better getopts which is
;# a better getopt ;-)
;#
;# AUTHOR
;# Mike Muegel (mmuegel@mot.com)
;#
;# mmuegel
;# /usr/local/ustart/src/mail-tools/dist/foo/libs/newgetopts.pl,v 1.1 1993/07/28 08:07:19 mmuegel Exp
X
;###############################################################################
;# New_Getopts
;#
;# Does not care about order of switches, options, and arguments like
;# getopts.pl. Thus all non-switches/options will be kept in ARGV even if they
-;# are not at the end. If $Pass_Invalid is set all unkown options will be
+;# are not at the end. If $Pass_Invalid is set all unknown options will be
;# passed back to the caller by keeping them in @ARGV. This is useful when
;# parsing a command line for your script while ignoring options that you
;# may pass to another script. If this is set New_Getopts tries to maintain
-;# the switch clustering on the unkown switches.
+;# the switch clustering on the unknown switches.
;#
;# Accepts the special argument -usage to print the Usage string. Also accepts
;# the special option -version which prints the contents of the string
-;# $VERSION. $VERSION may or may not have an embeded \n in it. If -usage
+;# $VERSION. $VERSION may or may not have an embedded \n in it. If -usage
;# or -version are specified a status of -1 is returned. Note that the usage
;# option is only accepted if the usage string is not null.
;#
;# $Switches is just like the formal arguemnt of getopts.pl. $Usage is a usage
;# string with or without a trailing \n. *Switch_To_Order is an optional
;# pointer to the name of an associative array which will contain a mapping of
;# switch names to the order in which (if at all) the argument was entered.
;#
;# For example, if @ARGV contains -v, -x, test:
;#
;# $Switch_To_Order {"v"} = 1;
;# $Switch_To_Order {"x"} = 2;
;#
-;# Note that in the case of multiple occurances of an option $Switch_To_Order
-;# will store each occurance of the argument via a string that emulates
+;# Note that in the case of multiple occurrences of an option $Switch_To_Order
+;# will store each occurrence of the argument via a string that emulates
;# an array. This is done by using join ($;, ...). You can retrieve the
;# array by using split (/$;/, ...).
;#
;# *Split_ARGV is an optional pointer to an array which will conatin the
;# original switches along with their values. For the example used above
;# Split_ARGV would contain:
;#
;# @Split_ARGV = ("v", "", "x", "test");
;#
;# Another exciting ;-) feature that newgetopts has. Along with creating the
;# normal $opt_ scalars for the last value of an argument the list @opt_ is
;# created. It is an array which contains all the values of arguments to the
-;# basename of the variable. They are stored in the order which they occured
+;# basename of the variable. They are stored in the order which they occurred
;# on the command line starting with $[. Note that blank arguments are stored
;# as "". Along with providing support for multiple options on the command
;# line this also provides a method of counting the number of times an option
;# was specified via $#opt_.
;#
;# Automatically resets all $opt_, @opt_, %Switch_To_Order, and @Split_ARGV
;# variables so that New_Getopts may be called more than once from within
;# the same program. Thus, if $opt_v is set upon entry to New_Getopts and
;# -v is not in @ARGV $opt_v will not be set upon exit.
;#
;# Arguments:
;# $Switches, $Usage, $Pass_Invalid, *Switch_To_Order, *Split_ARGV
;#
;# Returns:
;# -1, 0, or 1 depending on status (printed Usage/Version, OK, not OK)
;###############################################################################
sub New_Getopts
{
X local($taint_argumentative, $Usage, $Pass_Invalid, *Switch_To_Order,
X *Split_ARGV) = @_;
X local(@args,$_,$first,$rest,$errs, @leftovers, @current_leftovers,
X %Switch_Found);
X local($[, $*, $Script_Name, $argumentative);
X
X # Untaint the argument cluster so that we can use this with taintperl
X $taint_argumentative =~ /^(.*)$/;
X $argumentative = $1;
X
X # Clear anything that might still be set from a previous New_Getopts
X # call.
X @Split_ARGV = ();
X
X # Get the basename of the calling script
X ($Script_Name = $0) =~ s/.*\///;
X
X # Make Usage have a trailing \n
X $Usage .= "\n" if ($Usage !~ /\n$/);
X
X @args = split( / */, $argumentative );
X
X # Clear anything that might still be set from a previous New_Getopts call.
X foreach $first (@args)
X {
X next if ($first eq ":");
X delete $Switch_Found {$first};
X delete $Switch_To_Order {$first};
X eval "undef \@opt_$first; undef \$opt_$first;";
X };
X
X while (@ARGV)
X {
X # Let usage through
X if (($ARGV[0] eq "-usage") && ($Usage ne "\n"))
X {
X print $Usage;
X exit (-1);
X }
X
X elsif ($ARGV[0] eq "-version")
X {
X if ($VERSION)
X {
X print $VERSION;
X print "\n" if ($VERSION !~ /\n$/);
X }
X else
X {
X warn "${Script_Name}: no version information available, sorry\n";
X }
X exit (-1);
X }
X
X elsif (($_ = $ARGV[0]) =~ /^-(.)(.*)/)
X {
X ($first,$rest) = ($1,$2);
X $pos = index($argumentative,$first);
X
X $Switch_To_Order {$first} = join ($;, split (/$;/, $Switch_To_Order {$first}), ++$Order);
X
X if($pos >= $[)
X {
X if($args[$pos+1] eq ':')
X {
X shift(@ARGV);
X if($rest eq '')
X {
X $rest = shift(@ARGV);
X }
X
X eval "\$opt_$first = \$rest;";
X eval "push (\@opt_$first, \$rest);";
X push (@Split_ARGV, $first, $rest);
X }
X else
X {
X eval "\$opt_$first = 1";
X eval "push (\@opt_$first, '');";
X push (@Split_ARGV, $first, "");
X
X if($rest eq '')
X {
X shift(@ARGV);
X }
X else
X {
X $ARGV[0] = "-$rest";
X }
X }
X }
X
X else
X {
X # Save any other switches if $Pass_Valid
X if ($Pass_Invalid)
X {
X push (@current_leftovers, $first);
X }
X else
X {
X warn "${Script_Name}: unknown option: $first\n";
X ++$errs;
X };
X if($rest ne '')
X {
X $ARGV[0] = "-$rest";
X }
X else
X {
X shift(@ARGV);
X }
X }
X }
X
X else
X {
X push (@leftovers, shift (@ARGV));
X };
X
X # Save any other switches if $Pass_Valid
X if ((@current_leftovers) && ($rest eq ''))
X {
X push (@leftovers, "-" . join ("", @current_leftovers));
X @current_leftovers = ();
X };
X };
X
X # Automatically print Usage if a warning was given
X @ARGV = @leftovers;
X if ($errs != 0)
X {
X warn $Usage;
X return (0);
X }
X else
X {
X return (1);
X }
X
}
X
1;
SHAR_EOF
chmod 0444 libs/newgetopts.pl ||
echo 'restore of libs/newgetopts.pl failed'
Wc_c="`wc -c < 'libs/newgetopts.pl'`"
test 7024 -eq "$Wc_c" ||
echo 'libs/newgetopts.pl: original size 7024, current size' "$Wc_c"
fi
# ============= libs/strings1.pl ==============
if test -f 'libs/strings1.pl' -a X"$1" != X"-c"; then
echo 'x - skipping libs/strings1.pl (File already exists)'
else
echo 'x - extracting libs/strings1.pl (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'libs/strings1.pl' &&
;# NAME
;# strings1.pl - FUN with strings #1
;#
;# NOTES
;# I wrote Format_Text_Block when I just started programming Perl so
;# it is probably not very Perlish code. Center is more like it :-).
;#
;# AUTHOR
;# Michael S. Muegel (mmuegel@mot.com)
;#
;# RCS INFORMATION
;# mmuegel
;# /usr/local/ustart/src/mail-tools/dist/foo/libs/strings1.pl,v 1.1 1993/07/28 08:07:19 mmuegel Exp
X
package strings1;
X
;###############################################################################;# Center
;#
;# Center $Text assuming the output should be $Columns wide. $Text can span
;# multiple lines, of course :-). Lines within $Text that contain only
;# whitespace are not centered and are instead collapsed. This may save time
;# when printing them later.
;#
;# Arguments:
;# $Text, $Columns
;#
;# Returns:
;# $Centered_Text
;###############################################################################
sub main'Center
{
X local ($_, $Columns) = @_;
X local ($*) = 1;
X
X s@^(.*)$@" " x (($Columns - length ($1)) / 2) . $1@eg;
X s/^[\t ]*$//g;
X return ($_);
};
X
;###############################################################################
;# Format_Text_Block
;#
;# Formats a text string to be printed to the display or other similar device.
;# Text in $String will be fomratted such that the following hold:
;#
;# + $String contains the (possibly) multi-line text to print. It is
;# automatically word-wrapped to fit in $Columns.
;#
;# + \n'd are maintained and are not folded.
;#
;# + $Offset is pre-pended before each separate line of text.
;#
;# + If $Offset_Once is $TRUE $Offset will only appear on the first line.
;# All other lines will be indented to match the amount of whitespace of
;# $Offset.
;#
-;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the begining
-;# of lines as they occured in the original $String. Lines that are created
+;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the beginning
+;# of lines as they occurred in the original $String. Lines that are created
;# by this routine will always be indented by blank spaces.
;#
;# + If $Columns is 0 no word-wrap is done. This might be useful to still
;# to offset each line in a buffer.
;#
;# + If $Split_Expr is supplied the string is split on it. If not supplied
;# the string is split on " \t\/\-\,\." by default.
;#
;# + If $Offset_Blank is $TRUE then empty lines will have $Offset pre-pended
;# to them. Otherwise, they will still empty.
;#
-;# This is a realy workhorse routine that I use in many places because of its
+;# This is a really workhorse routine that I use in many places because of its
;# veratility.
;#
;# Arguments:
;# $String, $Offset, $Offset_Once, $Bullet_Indent, $Columns, $Split_Expr,
;# $Offset_Blank
;#
;# Returns:
;# $Buffer
;###############################################################################
sub main'Format_Text_Block
{
X local ($String, $Real_Offset, $Offset_Once, $Bullet_Indent, $Columns,
X $Split_Expr, $Offset_Blank) = @_;
X
X local ($New_Line, $Line, $Chars_Per_Line, $Space_Offset, $Buffer,
X $Next_New_Line, $Num_Lines, $Num_Offsets, $Offset);
X local ($*) = 0;
X local ($BLANK_TAG) = "__FORMAT_BLANK__";
X local ($Blank_Offset) = $Real_Offset if ($Offset_Blank);
X
X # What should we split on?
X $Split_Expr = " \\t\\/\\-\\,\\." if (! $Split_Expr);
X
X # Pre-process the string - convert blank lines to __FORMAT_BLANK__ sequence
X $String =~ s/\n\n/\n$BLANK_TAG\n/g;
X $String =~ s/^\n/$BLANK_TAG\n/g;
X $String =~ s/\n$/\n$BLANK_TAG/g;
X
X # If bad $Columns/$Offset combo or no $Columns make a VERRRYYY wide $Column
X $Offset = $Real_Offset;
X $Chars_Per_Line = 16000 if (($Chars_Per_Line = $Columns - length ($Offset)) <= 0);
X $Space_Offset = " " x length ($Offset);
X
X # Get a buffer
X foreach $Line (split ("\n", $String))
X {
X $Offset = $Real_Offset if ($Bullet_Indent);
X
X # Find where to split the line
X if ($Line ne $BLANK_TAG)
X {
X $New_Line = "";
X while ($Line =~ /^([$Split_Expr]*)([^$Split_Expr]+)/)
X {
X if (length ("$New_Line$&") >= $Chars_Per_Line)
X {
X $Next_New_Line = $+;
X $New_Line = "$Offset$New_Line$1";
X $Buffer .= "\n" if ($Num_Lines++);
X $Buffer .= $New_Line;
X $Offset = $Space_Offset if (($Offset) && ($Offset_Once));
X $New_Line = $Next_New_Line;
X ++$Num_Lines;
X }
X else
X {
X $New_Line .= $&;
X };
X $Line = $';
X };
X
X $Buffer .= "\n" if ($Num_Lines++);
X $Buffer .= "$Offset$New_Line$Line";
X $Offset = $Space_Offset if (($Offset) && ($Offset_Once));
X }
X
X else
X {
X $Buffer .= "\n$Blank_Offset";
X };
X };
X
X return ($Buffer);
X
};
X
1;
SHAR_EOF
chmod 0444 libs/strings1.pl ||
echo 'restore of libs/strings1.pl failed'
Wc_c="`wc -c < 'libs/strings1.pl'`"
test 4687 -eq "$Wc_c" ||
echo 'libs/strings1.pl: original size 4687, current size' "$Wc_c"
fi
# ============= libs/timespec.pl ==============
if test -f 'libs/timespec.pl' -a X"$1" != X"-c"; then
echo 'x - skipping libs/timespec.pl (File already exists)'
else
echo 'x - extracting libs/timespec.pl (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'libs/timespec.pl' &&
;# NAME
;# timespec.pl - convert a pre-defined time specifyer to seconds
;#
;# AUTHOR
;# Michael S. Muegel (mmuegel@mot.com)
;#
;# RCS INFORMATION
;# mmuegel
;# /usr/local/ustart/src/mail-tools/dist/foo/libs/timespec.pl,v 1.1 1993/07/28 08:07:19 mmuegel Exp
X
package timespec;
X
%TIME_SPEC_TO_SECONDS = ("s", 1,
X "m", 60,
X "h", 60 * 60,
X "d", 60 * 60 * 24
X );
X
$VALID_TIME_SPEC_EXPR = "[" . join ("", keys (%TIME_SPEC_TO_SECONDS)) . "]";
X
;###############################################################################
;# Time_Spec_To_Seconds
;#
;# Converts a string of the form:
;#
;# (<number>(s|m|h|d))+
;#
;# to seconds. The second part of the time spec specifies seconds, minutes,
;# hours, or days, respectfully. The first part is the number of those untis.
;# There can be any number of such specifiers. As an example, 1h30m means 1
;# hour and 30 minutes.
;#
;# If the parsing went OK then $Status is 1, $Msg is undefined, and $Seconds
;# is $Time_Spec converted to seconds. If something went wrong then $Status
;# is 0 and $Msg explains what went wrong.
;#
;# Arguments:
;# $Time_Spec
;#
;# Returns:
;# $Status, $Msg, $Seconds
;###############################################################################
sub main'Time_Spec_To_Seconds
{
X $Time_Spec = $_[0];
X
X $Seconds = 0;
X while ($Time_Spec =~ /^(\d+)($VALID_TIME_SPEC_EXPR)/)
X {
X $Seconds += $1 * $TIME_SPEC_TO_SECONDS {$2};
X $Time_Spec = $';
X };
X
X return (0, "error parsing time spec: $Time_Spec") if ($Time_Spec ne "");
X return (1, "", $Seconds);
X
};
X
X
1;
SHAR_EOF
chmod 0444 libs/timespec.pl ||
echo 'restore of libs/timespec.pl failed'
Wc_c="`wc -c < 'libs/timespec.pl'`"
test 1609 -eq "$Wc_c" ||
echo 'libs/timespec.pl: original size 1609, current size' "$Wc_c"
fi
# ============= man/cqueue.1 ==============
if test ! -d 'man'; then
echo 'x - creating directory man'
mkdir 'man'
fi
if test -f 'man/cqueue.1' -a X"$1" != X"-c"; then
echo 'x - skipping man/cqueue.1 (File already exists)'
else
echo 'x - extracting man/cqueue.1 (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'man/cqueue.1' &&
.TH CQUEUE 1L
\"
\" mmuegel
\" /usr/local/ustart/src/mail-tools/dist/foo/man/cqueue.1,v 1.1 1993/07/28 08:08:25 mmuegel Exp
\"
.ds mp \fBcqueue\fR
.de IB
.IP \(bu 2
..
.SH NAME
\*(mp - check sendmail queue for problems
.SH SYNOPSIS
.IP \*(mp 7
[ \fB-abdms\fR ] [ \fB-q\fR \fIqueue-dir\fI ] [ \fB-t\fR \fItime\fR ]
[ \fB-u\fR \fIusers\fR ] [ \fB-w\fR \fIwidth\fR ]
.SH DESCRIPTION
Reports on problems in the sendmail queue. With no options this simply
means listing messages that have been in the queue longer than a default
period along with a summary of queue mail by host and status message.
.SH OPTIONS
.IP \fB-a\fR 14
Report on all messages in the queue. This is equivalent to saying \fB-t\fR 0s.
You may like this command so much that you use it as a replacement for
\fBmqueue\fR. For example:
.sp 1
.RS
.RS
\fBalias mqueue cqueue -a\fR
.RE
.RE
.IP \fB-b\fR 14
Also report on bogus queue files. Those are files that
have data files and no control files or vice versa.
.IP \fB-d\fR
Print a detailed report of mail messages that have been queued longer than
the specified or default time. Information that is presented includes:
.RS
.RS
.IB
Sendmail queue identifier.
.IB
Date the message was first queued.
.IB
Sender of the message.
.IB
One or more recipients of the message.
.IB
An optional status of the message. This usually indicates why the message
has not been delivered.
.RE
.RE
.IP \fB-m\fR 14
Mail off the results if any problems were found.
Normaly results are printed to stdout. If this option
is specified they are mailed to one or more users. Results
are not printed to stdout in this case. Results are \fBonly\fR
mailed if \*(mp found something wrong.
.IP "\fB-q\fR \fIqueue-dir\fI"
The sendmail mail queue directory. Default is \fB/usr/spool/mqueue\fR or
some other site configured value.
.IP "\fB-t\fR \fItime\fR"
List messages that have been in the queue longer than
\fItime\fR. Time should of the form:
.sp 1
.RS
.RS
(<number>(s|m|h|d))+
.sp 1
.RE
.RE
.RS 14
The second portion of the above definition
specifies seconds, minutes, hours, or
days, respectfully. The first portion is the number of
those units. There can be any number of such specifiers.
As an example, 1h30m means 1 hour and 30 minutes.
.sp 1
The default is 2 hours.
.RE
.IP \fB-s\fR 14
Print a summary of messages that have been queued longer than
the specified or default time. Two separate types of summaries are printed.
The first summarizes the queue messages by destination host. The host name
is gleaned from the recipient addresses for each message.
Thus the actual host names for this summary should be taken with a grain
of salt since ruleset 0 has not been applied to the address the host was
taken from nor were MX records consulted. It would be possible to add
this; however, the execution time of the script would increase
dramatically. The second summary is by status message.
.IP "\fB-u\fR \fIusers\fR"
Specify list of users to send a mail report to other than
the invoker. This option is only valid when \fB-m\fR has been
specified. Multiple recipients may be separated by spaces.
.IP "\fB-w\fR \fIwidth\fR"
Specify the page width to which the output should tailored. \fIwidth\fR
should be an integer representing some character position. The default is
80 or some other site configured value. Output is folded neatly to match
\fIwidth\fR.
.SH EXAMPLES
.nf
% \fBdate\fR
Tue Jan 19 12:07:20 CST 1993
X
% \fBcqueue -t 21h45m -w 70\fR
X
Summary of messages in queue longer than 21:45:00 by destination
host:
X
X Number of
X Messages Destination Host
X --------- ----------------
X 2 cigseg.rtsg.mot.com
X 1 mnesouth.corp.mot.com
X ---------
X 3
X
Summary of messages in queue longer than 21:45:00 by status message:
X
X Number of
X Messages Status Message
X --------- --------------
X 1 Deferred: Connection refused by mnesouth.corp.mot.com
X 2 Deferred: Host Name Lookup Failure
X ---------
X 3
X
Detail of messages in queue longer than 21:45:00 sorted by creation
date:
X
X ID: AA20573
X Date: 02:09:27 PM 01/18/93
X Sender: melrose-place-owner@ferkel.ucsb.edu
X Recipient: pbaker@cigseg.rtsg.mot.com
X Status: Deferred: Host Name Lookup Failure
X
X ID: AA20757
X Date: 02:11:30 PM 01/18/93
X Sender: 90210-owner@ferkel.ucsb.edu
X Recipient: pbaker@cigseg.rtsg.mot.com
X Status: Deferred: Host Name Lookup Failure
X
X ID: AA21110
X Date: 02:17:01 PM 01/18/93
X Sender: rd_lap_wg@mdd.comm.mot.com
X Recipient: jim_mathis@mnesouth.corp.mot.com
X Status: Deferred: Connection refused by mnesouth.corp.mot.com
.fi
.SH AUTHOR
.nf
Michael S. Muegel (mmuegel@mot.com)
UNIX Applications Startup Group
Corporate Information Office, Schaumburg, IL
Motorola, Inc.
.fi
.SH COPYRIGHT NOTICE
Copyright 1993, Motorola, Inc.
.sp 1
Permission to use, copy, modify and distribute without charge this
software, documentation, etc. is granted, provided that this
comment and the author's name is retained. The author nor Motorola assume any
responsibility for problems resulting from the use of this software.
.SH SEE ALSO
.nf
\fBsendmail(8)\fR
\fISendmail Installation and Operation Guide\fR.
.fi
SHAR_EOF
chmod 0444 man/cqueue.1 ||
echo 'restore of man/cqueue.1 failed'
Wc_c="`wc -c < 'man/cqueue.1'`"
test 5212 -eq "$Wc_c" ||
echo 'man/cqueue.1: original size 5212, current size' "$Wc_c"
fi
# ============= man/postclip.1 ==============
if test -f 'man/postclip.1' -a X"$1" != X"-c"; then
echo 'x - skipping man/postclip.1 (File already exists)'
else
echo 'x - extracting man/postclip.1 (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'man/postclip.1' &&
.TH POSTCLIP 1L
\"
\" mmuegel
\" /usr/local/ustart/src/mail-tools/dist/foo/man/postclip.1,v 1.1 1993/07/28 08:08:25 mmuegel Exp
\"
.ds mp \fBpostclip\fR
.SH NAME
\*(mp - send only the headers to Postmaster
.SH SYNOPSIS
\*(mp [ \fB-v\fR ] [ \fIto\fR ... ]
.SH DESCRIPTION
\*(mp will forward non-delivery reports to a postmaster after deleting the body
of the message. This keeps bounced mail private and helps to avoid disk space problems. \*(mp tries its best to keep as much of the header trail as possible.
Hopefully only the original body of the message will be filtered. Only messages
that have a subject that begins with 'Returned mail:' are filtered. This
-ensures that other mail is not accidently mucked with. Finally, note that
+ensures that other mail is not accidentally mucked with. Finally, note that
\fBsendmail\fR is used to deliver the message after it has been (possibly)
filtered. All of the original headers will remain intact.
.sp 1
You can use this with any \fBsendmail\fR by modifying the Postmaster alias.
If you use IDA \fBsendmail\fR you could add the following to <machine>.m4:
.sp 1
.RS
define(POSTMASTERBOUNCE, mailer-errors)
.RE
.sp 1
In the aliases file, add a line similar to the following:
.sp 1
.RS
mailer-errors: "|/usr/local/bin/postclip postmaster"
.RE
.SH OPTIONS
.IP \fB-v\fR
Be verbose about delivery. Probably only useful when debugging \*(mp.
.IP \fIto\fR
A list of one or more e-mail ids to send the modified
Postmaster messages to. If none are specified postmaster
is used.
.SH AUTHOR
.nf
Michael S. Muegel (mmuegel@mot.com)
UNIX Applications Startup Group
Corporate Information Office, Schaumburg, IL
Motorola, Inc.
.fi
.SH CREDITS
The original idea to filter Postmaster mail was taken from a script by
Christopher Davis <ckd@eff.org>.
.SH COPYRIGHT NOTICE
Copyright 1992, Motorola, Inc.
.sp 1
Permission to use, copy, modify and distribute without charge this
software, documentation, etc. is granted, provided that this
comment and the author's name is retained. The author nor Motorola assume any
responsibility for problems resulting from the use of this software.
.SH SEE ALSO
.nf
\fBsendmail(8)\fR
.fi
SHAR_EOF
chmod 0444 man/postclip.1 ||
echo 'restore of man/postclip.1 failed'
Wc_c="`wc -c < 'man/postclip.1'`"
test 2078 -eq "$Wc_c" ||
echo 'man/postclip.1: original size 2078, current size' "$Wc_c"
fi
# ============= src/cqueue ==============
if test ! -d 'src'; then
echo 'x - creating directory src'
mkdir 'src'
fi
if test -f 'src/cqueue' -a X"$1" != X"-c"; then
echo 'x - skipping src/cqueue (File already exists)'
else
echo 'x - extracting src/cqueue (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'src/cqueue' &&
#!/usr/local/ustart/bin/suidperl
X
# NAME
# cqueue - check sendmail queue for problems
#
# SYNOPSIS
# Type cqueue -usage
#
# AUTHOR
# Michael S. Muegel <mmuegel@mot.com>
#
# RCS INFORMATION
# mmuegel
# /usr/local/ustart/src/mail-tools/dist/foo/src/cqueue,v 1.1 1993/07/28 08:09:02 mmuegel Exp
X
# So that date.pl does not yell (Domain/OS version does a ``)
$ENV{'PATH'} = "";
X
# A better getopts routine
require "newgetopts.pl";
require "timespec.pl";
require "mail.pl";
require "date.pl";
require "mqueue.pl";
require "strings1.pl";
require "elapsed.pl";
X
($Script_Name = $0) =~ s/.*\///;
X
# Some defaults you may want to change
$DEF_TIME = "2h";
$DEF_QUEUE = "/usr/spool/mqueue";
$DEF_COLUMNS = 80;
$DATE_FORMAT = "%r %D";
X
# Constants that probably should not be changed
$USAGE = "Usage: $Script_Name [ -abdms ] [ -q queue-dir ] [ -t time ] [ -u user ] [ -w width ]\n";
$VERSION = "${Script_Name} by mmuegel; 1.1 of 1993/07/28 08:09:02";
$SWITCHES = "abdmst:u:q:w:";
$SPLIT_EXPR = '\s,\.@!%:';
$ADDR_PART_EXPR = '[^!@%]+';
X
# Let getopts parse for switches
$Status = &New_Getopts ($SWITCHES, $USAGE);
exit (0) if ($Status == -1);
exit (1) if (! $Status);
X
# Check args
die "${Script_Name}: -u only valid with -m\n" if (($opt_u) && (! $opt_m));
die "${Script_Name}: -a not valid with -t option\n" if ($opt_a && $opt_t);
$opt_u = getlogin || (getpwuid ($<))[0] || $ENV{"USER"} || die "${Script_Name}: can not determine who you are!\n" if (! $opt_u);
X
# Set defaults
$opt_t = "0s" if ($opt_a);
$opt_t = $DEF_TIME if ($opt_t eq "");
$opt_w = $DEF_COLUMNS if ($opt_w eq "");
$opt_q = $DEF_QUEUE if ($opt_q eq "");
$opt_s = $opt_d = 1 if (! ($opt_s || $opt_d));
X
# Untaint the users to mail to
$opt_u =~ /^(.*)$/;
$Users = $1;
X
# Convert time option to seconds and seconds to elapsed form
die "${Script_Name}: $Msg\n" if (! (($Status, $Msg, $Seconds) = &Time_Spec_To_Seconds ($opt_t))[0]);
$Elapsed = &Seconds_To_Elapsed ($Seconds, 1);
$Time_Info = " longer than $Elapsed" if ($Seconds);
X
# Get the current time
$Current_Time = time;
$Current_Date = &date ($Current_Time, $DATE_FORMAT);
X
($Status, $Msg, @Queue_IDs) = &Get_Queue_IDs ($opt_q, 1, @Missing_Control_IDs,
X @Missing_Data_IDs);
die "$Script_Name: $Msg\n" if (! $Status);
X
# Yell about missing data/control files?
if ($opt_b)
{
X
X $Report = "\nMessages missing control files:\n\n " .
X join ("\n ", @Missing_Control_IDs) .
X "\n"
X if (@Missing_Control_IDs);
X
X $Report .= "\nMessages missing data files:\n\n " .
X join ("\n ", @Missing_Data_IDs) .
X "\n"
X if (@Missing_Data_IDs);
};
X
# See if any mail messages are older than $Seconds
foreach $Queue_ID (@Queue_IDs)
{
X # Get lots of info about this sendmail message via the control file
X ($Status, $Msg) = &Parse_Control_File ($opt_q, $Queue_ID, *Sender,
X *Recipients, *Errors_To, *Creation_Time, *Priority, *Status_Message,
X *Headers);
X next if ($Status == -1);
X if (! $Status)
X {
X warn "$Script_Name: $Queue_ID: $Msg\n";
X next;
X };
X
X # Report on message if it is older than $Seconds
X if ($Current_Time - $Creation_Time >= $Seconds)
X {
X # Build summary by host information. Keep track of each host destination
X # encountered.
X if ($opt_s)
X {
X %Host_Map = ();
X foreach (@Recipients)
X {
X if ((/@($ADDR_PART_EXPR)$/) || (/($ADDR_PART_EXPR)!$ADDR_PART_EXPR$/))
X {
X ($Host = $1) =~ tr/A-Z/a-z/;
X $Host_Map {$Host} = 1;
X }
X else
X {
X warn "$Script_Name: could not find host part from $_; contact author\n";
X };
X };
X
X # For each unique target host add to its stats
X grep ($Host_Queued {$_}++, keys (%Host_Map));
X
X # Build summary by message information.
X $Message_Queued {$Status_Message}++ if ($Status_Message);
X };
X
X # Build long report information for this creation time (there may be
X # more than one message created at the same time)
X if ($opt_d)
X {
X $Creation_Date = &date ($Creation_Time, $DATE_FORMAT);
X $Recipient_Info = &Format_Text_Block (join (", ", @Recipients),
X " Recipient: ", 1, 0, $opt_w, $SPLIT_EXPR);
X $Time_To_Report {$Creation_Time} .= <<"EOS";
X
X ID: $Queue_ID
X Date: $Creation_Date
X Sender: $Sender
$Recipient_Info
EOS
X
X # Add the status message if available to long report
X if ($Status_Message)
X {
X $Time_To_Report {$Creation_Time} .= &Format_Text_Block ($Status_Message,
X " Status: ", 1, 0, $opt_w, $SPLIT_EXPR) . "\n";
X };
X };
X };
X
};
X
# Add the summary report by target host?
if ($opt_s)
{
X foreach $Host (sort (keys (%Host_Queued)))
X {
X $Host_Report .= &Format_Text_Block ($Host,
X sprintf (" %-9d ", $Host_Queued{$Host}), 1, 0, $opt_w,
X $SPLIT_EXPR) . "\n";
X $Num_Hosts += $Host_Queued{$Host};
X };
X if ($Host_Report)
X {
X chop ($Host_Report);
X $Report .= &Format_Text_Block("\nSummary of messages in queue$Time_Info by destination host:\n", "", 0, 0, $opt_w);
X
X $Report .= <<"EOS";
X
X Number of
X Messages Destination Host
X --------- ----------------
$Host_Report
X ---------
X $Num_Hosts
EOS
X };
};
X
# Add the summary by message report?
if ($opt_s)
{
X foreach $Message (sort (keys (%Message_Queued)))
X {
X $Message_Report .= &Format_Text_Block ($Message,
X sprintf (" %-9d ", $Message_Queued{$Message}), 1, 0, $opt_w,
X $SPLIT_EXPR) . "\n";
X $Num_Messages += $Message_Queued{$Message};
X };
X if ($Message_Report)
X {
X chop ($Message_Report);
X $Report .= &Format_Text_Block ("\nSummary of messages in queue$Time_Info by status message:\n", "", 0, 0, $opt_w);
X
X $Report .= <<"EOS";
X
X Number of
X Messages Status Message
X --------- --------------
$Message_Report
X ---------
X $Num_Messages
EOS
X };
};
X
# Add the detailed message reports?
if ($opt_d)
{
X foreach $Time (sort { $a <=> $b} (keys (%Time_To_Report)))
X {
X $Report .= &Format_Text_Block ("\nDetail of messages in queue$Time_Info sorted by creation date:\n","", 0, 0, $opt_w) if (! $Detailed_Header++);
X $Report .= $Time_To_Report {$Time};
X };
};
X
# Now mail or print the report
if ($Report)
{
X $Report .= "\n";
X if ($opt_m)
X {
X ($Status, $Msg) = &Send_Mail ($Users, "sendmail queue report for $Current_Date", $Report, 0);
X die "${Script_Name}: $Msg" if (! $Status);
X }
X
X else
X {
X print $Report;
X };
X
};
X
# I am outta here...
exit (0);
SHAR_EOF
chmod 0555 src/cqueue ||
echo 'restore of src/cqueue failed'
Wc_c="`wc -c < 'src/cqueue'`"
test 6647 -eq "$Wc_c" ||
echo 'src/cqueue: original size 6647, current size' "$Wc_c"
fi
# ============= src/postclip ==============
if test -f 'src/postclip' -a X"$1" != X"-c"; then
echo 'x - skipping src/postclip (File already exists)'
else
echo 'x - extracting src/postclip (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'src/postclip' &&
#!/usr/local/bin/perl
X
# NAME
# postclip - send only the headers to Postmaster
#
# SYNOPSIS
# postclip [ -v ] [ to ... ]
#
# AUTHOR
# Michael S. Muegel <mmuegel@mot.com>
#
# RCS INFORMATION
# /usr/local/ustart/src/mail-tools/dist/foo/src/postclip,v
# 1.1 of 1993/07/28 08:09:02
X
# We use this to send off the mail
require "newgetopts.pl";
require "mail.pl";
X
# Get the basename of the script
($Script_Name = $0) =~ s/.*\///;
X
# Some famous constants
$USAGE = "Usage: $Script_Name [ -v ] [ to ... ]\n";
$VERSION = "${Script_Name} by mmuegel; 1.1 of 1993/07/28 08:09:02";
$SWITCHES = "v";
X
# Let getopts parse for switches
$Status = &New_Getopts ($SWITCHES, $USAGE);
exit (0) if ($Status == -1);
exit (1) if (! $Status);
X
# Who should we send the modified mail to?
@ARGV = ("postmaster") if (! @ARGV);
$Users = join (" ", @ARGV);
@ARGV = ();
X
# Suck in the original header and save a few interesting lines
while (<>)
{
X $Buffer .= $_ if (! /^From /);
X $Subject = $1 if (/^Subject:\s+(.*)$/);
X $From = $1 if (/^From:\s+(.*)$/);
X last if (/^$/);
};
X
# Do not filter the message unless it has a subject and the subject indicates
# it is an NDN
if ($Subject && ($Subject =~ /^returned mail/i))
{
X # Slurp input by paragraph. Keep track of the last time we saw what
X # appeared to be NDN text. We keep this.
X $/ = "\n\n";
X $* = 1;
X while (<>)
X {
X push (@Paragraphs, $_);
X $Last_Error_Para = $#Paragraphs
X if (/unsent message follows/i || /was not delivered because/);
X };
X
X # Now save the NDN text into $Buffer
X $Buffer .= join ("", @Paragraphs [0..$Last_Error_Para]);
}
X
else
{
X undef $/;
X $Buffer .= <>;
};
X
# Send off the (possibly) modified mail
($Status, $Msg) = &Send_Mail ($Users, "", $Buffer, 0, $opt_v, 1);
die "$Script_Name: $Msg\n" if (! $Status);
SHAR_EOF
chmod 0555 src/postclip ||
echo 'restore of src/postclip failed'
Wc_c="`wc -c < 'src/postclip'`"
test 1836 -eq "$Wc_c" ||
echo 'src/postclip: original size 1836, current size' "$Wc_c"
fi
exit 0
--
+----------------------------------------------------------------------------+
| Michael S. Muegel | Internet E-Mail: mmuegel@mot.com |
| UNIX Applications Startup Group | Moto Dist E-Mail: X10090 |
| Corporate Information Office | Voice: (708) 576-0507 |
| Motorola | Fax: (708) 576-4153 |
+----------------------------------------------------------------------------+
"I'm disturbed, I'm depressed, I'm inadequate -- I've got it all!"
-- George from _Seinfeld_
diff --git a/devtools/M4/header.m4 b/devtools/M4/header.m4
index 4ecc4f01f2de..bc19392bba2a 100644
--- a/devtools/M4/header.m4
+++ b/devtools/M4/header.m4
@@ -1,37 +1,37 @@
#
# Copyright (c) 1998, 1999, 2014 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
# Definitions for Makefile construction for sendmail
#
# $Id: header.m4,v 8.29 2014-01-26 20:40:45 gshapiro Exp $
#
changecom(^A)
undefine(`format')
undefine(`hpux')
undefine(`unix')
ifdef(`pushdef', `',
`errprint(`You need a newer version of M4, at least as new as
System V or GNU')
include(NoSuchFile)')
define(`confABI', `')
define(`confCC', `cc')
define(`confSHELL', `/bin/sh')
define(`confBEFORE', `')
define(`confLIBDIRS', `')
define(`confINCDIRS', `')
-define(`confLIBSEARCH', `db bind resolv 44bsd')
+define(`confLIBSEARCH', `db bind resolv 44bsd cdb')
define(`confLIBSEARCHPATH', `/lib /usr/lib /usr/shlib')
define(`confSHAREDLIB_EXT', `.so')
define(`confSITECONFIG', `site.config')
define(`confBUILDBIN', `${SRCDIR}/devtools/bin')
define(`confRANLIB', `echo')
define(`PUSHDIVERT', `pushdef(`__D__', divnum)divert($1)')
define(`POPDIVERT', `divert(__D__)popdef(`__D__')')
define(`APPENDDEF', `define(`$1', ifdef(`$1', `$1 $2', `$2'))')
define(`PREPENDDEF', `define(`$1', ifdef(`$1', `$2 $1', `$2'))')
diff --git a/devtools/OS/Darwin.14.x b/devtools/OS/Darwin.14.x
new file mode 100644
index 000000000000..a34e90146e37
--- /dev/null
+++ b/devtools/OS/Darwin.14.x
@@ -0,0 +1,25 @@
+# $Id: Darwin.13.x,v 1.1 2013-12-02 22:11:06 gshapiro Exp $
+
+dnl DO NOT EDIT THIS FILE.
+dnl Place personal settings in devtools/Site/site.config.m4
+
+#
+define(`confCC', `cc -pipe ${Extra_CC_Flags}')
+define(`confMAPDEF', `-DNEWDB -DNIS -DMAP_REGEX')
+define(`confENVDEF', `-DDARWIN=140000 -DBIND_8_COMPAT -DNETINET6')
+define(`confLDOPTS', `${Extra_LD_Flags}')
+define(`confMTLDOPTS', `-lpthread')
+define(`confMILTER_STATIC', `')
+define(`confDEPEND_TYPE', `CC-M')
+define(`confOPTIMIZE', `-O3')
+define(`confRANLIBOPTS', `-c')
+define(`confHFDIR', `/usr/share/sendmail')
+define(`confINSTALL_RAWMAN')
+define(`confMANOWN', `root')
+define(`confMANGRP', `wheel')
+define(`confUBINOWN', `root')
+define(`confUBINGRP', `wheel')
+define(`confSBINOWN', `root')
+define(`confSBINGRP', `wheel')
+define(`confLDOPTS_SO', `-dynamiclib -flat_namespace -undefined suppress -single_module')
+define(`confSHAREDLIB_EXT', `.dylib')
diff --git a/devtools/OS/Darwin.15.x b/devtools/OS/Darwin.15.x
new file mode 100644
index 000000000000..c2de69c8266a
--- /dev/null
+++ b/devtools/OS/Darwin.15.x
@@ -0,0 +1,23 @@
+dnl DO NOT EDIT THIS FILE.
+dnl Place personal settings in devtools/Site/site.config.m4
+
+#
+define(`confCC', `cc -pipe ${Extra_CC_Flags}')
+define(`confMAPDEF', `-DNEWDB -DNIS -DMAP_REGEX')
+define(`confENVDEF', `-DDARWIN=150000 -DBIND_8_COMPAT -DNETINET6')
+define(`confLDOPTS', `${Extra_LD_Flags}')
+define(`confMTLDOPTS', `-lpthread')
+define(`confMILTER_STATIC', `')
+define(`confDEPEND_TYPE', `CC-M')
+define(`confOPTIMIZE', `-O3')
+define(`confRANLIBOPTS', `-c')
+define(`confHFDIR', `/usr/share/sendmail')
+define(`confINSTALL_RAWMAN')
+define(`confMANOWN', `root')
+define(`confMANGRP', `wheel')
+define(`confUBINOWN', `root')
+define(`confUBINGRP', `wheel')
+define(`confSBINOWN', `root')
+define(`confSBINGRP', `wheel')
+define(`confLDOPTS_SO', `-dynamiclib -flat_namespace -undefined suppress -single_module')
+define(`confSHAREDLIB_EXT', `.dylib')
diff --git a/devtools/OS/Darwin.16.x b/devtools/OS/Darwin.16.x
new file mode 100644
index 000000000000..e153e1d52239
--- /dev/null
+++ b/devtools/OS/Darwin.16.x
@@ -0,0 +1,23 @@
+dnl DO NOT EDIT THIS FILE.
+dnl Place personal settings in devtools/Site/site.config.m4
+
+#
+define(`confCC', `cc -pipe ${Extra_CC_Flags}')
+define(`confMAPDEF', `-DNEWDB -DNIS -DMAP_REGEX')
+define(`confENVDEF', `-DDARWIN=160000 -DBIND_8_COMPAT -DNETINET6')
+define(`confLDOPTS', `${Extra_LD_Flags}')
+define(`confMTLDOPTS', `-lpthread')
+define(`confMILTER_STATIC', `')
+define(`confDEPEND_TYPE', `CC-M')
+define(`confOPTIMIZE', `-O3')
+define(`confRANLIBOPTS', `-c')
+define(`confHFDIR', `/usr/share/sendmail')
+define(`confINSTALL_RAWMAN')
+define(`confMANOWN', `root')
+define(`confMANGRP', `wheel')
+define(`confUBINOWN', `root')
+define(`confUBINGRP', `wheel')
+define(`confSBINOWN', `root')
+define(`confSBINGRP', `wheel')
+define(`confLDOPTS_SO', `-dynamiclib -flat_namespace -undefined suppress -single_module')
+define(`confSHAREDLIB_EXT', `.dylib')
diff --git a/devtools/OS/Darwin.17.x b/devtools/OS/Darwin.17.x
new file mode 100644
index 000000000000..ef3ab555c4d9
--- /dev/null
+++ b/devtools/OS/Darwin.17.x
@@ -0,0 +1,23 @@
+dnl DO NOT EDIT THIS FILE.
+dnl Place personal settings in devtools/Site/site.config.m4
+
+#
+define(`confCC', `cc -pipe ${Extra_CC_Flags}')
+define(`confMAPDEF', `-DNEWDB -DNIS -DMAP_REGEX')
+define(`confENVDEF', `-DDARWIN=170000 -DBIND_8_COMPAT -DNETINET6')
+define(`confLDOPTS', `${Extra_LD_Flags}')
+define(`confMTLDOPTS', `-lpthread')
+define(`confMILTER_STATIC', `')
+define(`confDEPEND_TYPE', `CC-M')
+define(`confOPTIMIZE', `-O3')
+define(`confRANLIBOPTS', `-c')
+define(`confHFDIR', `/usr/share/sendmail')
+define(`confINSTALL_RAWMAN')
+define(`confMANOWN', `root')
+define(`confMANGRP', `wheel')
+define(`confUBINOWN', `root')
+define(`confUBINGRP', `wheel')
+define(`confSBINOWN', `root')
+define(`confSBINGRP', `wheel')
+define(`confLDOPTS_SO', `-dynamiclib -flat_namespace -undefined suppress -single_module')
+define(`confSHAREDLIB_EXT', `.dylib')
diff --git a/devtools/OS/Darwin.18.x b/devtools/OS/Darwin.18.x
new file mode 100644
index 000000000000..9a93b96cb0fb
--- /dev/null
+++ b/devtools/OS/Darwin.18.x
@@ -0,0 +1,23 @@
+dnl DO NOT EDIT THIS FILE.
+dnl Place personal settings in devtools/Site/site.config.m4
+
+#
+define(`confCC', `cc -pipe ${Extra_CC_Flags}')
+define(`confMAPDEF', `-DNEWDB -DNIS -DMAP_REGEX')
+define(`confENVDEF', `-DDARWIN=180000 -DBIND_8_COMPAT -DNETINET6')
+define(`confLDOPTS', `${Extra_LD_Flags}')
+define(`confMTLDOPTS', `-lpthread')
+define(`confMILTER_STATIC', `')
+define(`confDEPEND_TYPE', `CC-M')
+define(`confOPTIMIZE', `-O3')
+define(`confRANLIBOPTS', `-c')
+define(`confHFDIR', `/usr/share/sendmail')
+define(`confINSTALL_RAWMAN')
+define(`confMANOWN', `root')
+define(`confMANGRP', `wheel')
+define(`confUBINOWN', `root')
+define(`confUBINGRP', `wheel')
+define(`confSBINOWN', `root')
+define(`confSBINGRP', `wheel')
+define(`confLDOPTS_SO', `-dynamiclib -flat_namespace -undefined suppress -single_module')
+define(`confSHAREDLIB_EXT', `.dylib')
diff --git a/devtools/README b/devtools/README
index 04f808e640e3..986e2461bd6b 100644
--- a/devtools/README
+++ b/devtools/README
@@ -1,398 +1,399 @@
This directory contains tools. Do not attempt to actually build
anything in this directory.
The Build script allows you to specify a base location for the object
files by using the -O flag:
./Build -O /tmp
will put the object files in /tmp/obj.*/. Also, if the SENDMAIL_SUFFIX
environment variable is set, its value will be used in the obj.* directory
name.
The Build script allows you to specify a site configuration file by using
the -f flag:
./Build -f siteconfig.m4
You can put such site configuration files in the Site sub-directory;
see Site/README for details.
If you need to support multiple build configurations from the same tree,
you can use prefixes to differentiate your configurations. Use the -Q
flag to Build:
./Build -Q prefix
Build will select a prefix.*.m4 file instead of the site.*.m4 file according
to the conventions in Site/README, and use it to modify the build
configuration. The object directory used will be obj.prefix.*/. Your
prefix.*.m4 files should reside in the Site directory. You may not use
-Q and -f simultaneously.
While building a site configuration file, beyond using define() to set
variables, you can also add to a definition using the APPENDDEF() and
PREPENDDEF() macros. For example:
APPENDDEF(`confINCDIRS', `-I/usr/local/bind/include')
will add -I/usr/local/bind/include to the already existing confINCDIRS.
Note: There must be no trailing spaces after the last quote mark and
before the closing parenthesis. Also you may need to properly quote
m4 reserved words as specified by your vendor's m4 command.
By default, sendmail will search your system for include and library
directories as well as certain libraries (libdb.* for Berkeley DB and
libbind.a or libresolv.* for name resolution). You can turn off this
configuration step by specifying the -S flag with the Build command.
The OS subtree contains definitions for variations on a standard
model for system installation. The M4 variables that can be defined
and their defaults before referencing the appropriate OS definitions
are listed below. Note that variables preceded by an asterisk (*)
are currently not used in the open source distribution.
confBEFORE [empty] Files to create before sendmail is
compiled. The methods must be defined
in the Makefile using PUSHDIVERT(3).
confBLDVARIANT OPTIMIZED This controls which object variant will
be built and is controlled with the
-v flag to the Build
script. Internally, this macro is
used to select compiler options in
the devtools/OS/*.m4 files. Valid
arguments for the Build -v flag are
"optimized", "debug", and "purify"
which map to confBLDVARIANT values
of "OPTIMIZED", "DEBUG", and
"PURIFY". This is a work in
progress, and as such not all
devtools/OS/*.m4 have been updated
yet. (See Linux for an example of
one that has.) Also, in the future
it may be desirable to append a
variant identifier to the object
directory name to allow different
variants to independently co-exist
on a given target platform. Note:
the PURIFY variant has not been
fully implemented on any platforms
yet. Other variants can be added as
needed in the future. Changing this
macro from its default will affect
other default values.
confBUILDBIN ../../devtools/bin The location of the build support
binaries, relative to the obj.*
directory.
confCC cc The C compiler to use.
confCCOPTS [empty] Additional options to pass to confCC.
*confCCOPTS_SO [empty] Additional options for compiling
shared object libraries.
confCCLINK confCC Linker to use (for executables).
confCOPY cp A program that copies files.
confMKDIR [empty] A program that creates directories
(mkdir) and takes the -p parameter
to create also intermediate directories
as required. If this macro is set,
then it used by "make install" to
create the required installation
directories.
confDEPEND_TYPE generic How to build dependencies. This should
be the name of a file in
devtools/M4/depend
confDEPLIBS [empty] Dependent libraries when building
shared objects.
confDONT_INSTALL_CATMAN [undefined] Don't install the formatted manual
pages.
confEBINDIR /usr/libexec The location for binaries executed
from other binaries, e.g., mail.local
or smrsh.
confENVDEF [empty] -D flags passed to C compiler.
confFORCE_RMAIL [undefined] If defined, install the rmail program
without question.
confGBINGRP smmsp The group for set-group-ID binaries.
confGBINMODE 2555 The mode for set-group-ID binaries.
confGBINOWN root The owner for set-group-ID binaries.
confMSPQOWN smmsp The owner of the MSP queue.
confMSP_QUEUE_DIR /var/spool/clientmqueue The MSP queue directory.
confMSP_STFILE sm-client.st Name of the MSP statistics file.
confHFDIR /etc/mail Location of the sendmail helpfile.
confHFFILE helpfile Name of the installed helpfile.
confINCDIRS [empty] -I flags passed to C compiler.
confINCGRP bin The group for include files.
confINCMODE 444 The mode of installed include files.
confINCOWN root The owner for include files.
confINCLUDEDIR /usr/include Where to install include files.
confINSTALL install The BSD-compatible install program.
Use ${BUILDBIN}/install.sh if none
is available on your system.
confINSTALL_RAWMAN [undefined] Install the unformatted manual pages.
*confLD confCC Linker to use (for libraries).
confLDOPTS [empty] Linker options.
*confLDOPTS_SO [empty] Additional linker options for
linking shared object libraries.
confLIBDIR /usr/lib Where to install library files.
confLIBDIRS [empty] -L flags passed to ld.
confLIBGRP bin The group for libraries.
confLIBMODE 444 The mode of installed libraries.
confLIBOWN root The owner for libraries.
confLIBS [varies] -l flags passed to ld.
-confLIBSEARCH db bind resolv 44bsd
+confLIBSEARCH db bind resolv 44bsd cdb
Search for these libraries for
linking with programs.
confLIBSEARCHPATH /lib /usr/lib /usr/shlib
Locations to search for the
libraries specified by confLIBSEARCH.
confLINKS ${UBINDIR}/newaliases ${UBINDIR}/mailq \
${UBINDIR}/hoststat ${UBINDIR}/purgestat
Names of links to sendmail.
confLN ln The command used to create links.
confLNOPTS -f -s The parameters for confLN.
confMAN1 confMANROOT 1 The location of man1 files.
confMAN1EXT 1 The extension on files in confMAN1.
confMAN1SRC 0 The source for man pages installed
in confMAN1.
confMAN3 confMANROOT 3 The location of man3 files.
confMAN3EXT 3 The extension on files in confMAN3.
confMAN3SRC 0 The source for man pages installed
in confMAN3.
confMAN4 confMANROOT 4 The location of man4 files.
confMAN4EXT 4 The extension on files in confMAN4.
confMAN4SRC 0 The source for man pages installed
in confMAN4.
confMAN5 confMANROOT 5 The location of man5 files.
confMAN5EXT 5 The extension on files in confMAN5.
confMAN5SRC 0 The source for man pages installed
in confMAN5.
confMAN8 confMANROOT 8 The location of man8 files.
confMAN8EXT 8 The extension on files in confMAN8.
confMAN8SRC 0 The source for man pages installed
in confMAN8.
confMANDOC -man The macros used to format man pages.
confMANGRP bin The group of installed man pages.
confMANMODE 444 The mode of installed man pages.
confMANOWN bin The owner of installed man pages.
confMANROOT /usr/share/man/cat The root of the man subtree.
confMANROOTMAN /usr/share/man/man The root of the man subtree, for
unformatted manual pages.
confMAPDEF [varies] The map definitions, e.g.,
-DNDBM -DNEWDB. -DNEWDB is always
- added if libdb.* can be found.
+ added if libdb.* can be found,
+ -DCDB is added if libcdb.* is found.
confMBINDIR /usr/sbin The location of the MTA (sm-mta,
sendmail) binary.
confMBINGRP bin The group of the MTA binary (sm-mta).
confMBINMODE 550 The mode of the MTA binary (sm-mta).
confMBINOWN root The owner of the MTA binary (sm-mta).
confMTCCOPTS [empty] Additional options for compiling
multi-threaded object files.
confMTLDOPTS [empty] Additional linker options for
linking multithreaded binaries.
confNO_HELPFILE_INSTALL [undefined] If defined, don't install the sendmail
helpfile by default.
confNO_MAN_BUILD [undefined] If defined, don't build the man
pages.
confNO_MAN_INSTALL [undefined] If defined, don't install the man
pages by default.
confNO_STATISTICS_INSTALL [undefined] If defined, don't install the sendmail
statistics file by default.
confNROFF groff -Tascii The command to format man pages.
confOBJADD [empty] Objects that should be included in
when linking sendmail and the
associated utilities. See also
confSRCADD.
confOPTIMIZE -O Flags passed to C compiler as ${O}.
confRANLIB echo The path to the program to use
as ranlib.
confRANLIBOPTS [empty] Options to pass to ranlib.
confREQUIRE_LIBSM [empty] Define if libsm is required.
confSBINDIR /usr/sbin The location of root-oriented
commands, such as makemap.
confSBINGRP bin The group for set-user-ID binaries.
confSBINMODE 4555 The mode for set-user-ID binaries.
confSBINOWN root The owner for set-user-ID binaries.
confSETUSERID_INSTALL [undefined] Needs to be defined to enable the
install-set-user-id target for
sendmail. See sendmail/SECURITY.
confSHAREDLIB_EXT .so Shared library file extenion name.
confSHAREDLIB_SUFFIX [empty] Shared object version suffix.
confSHAREDLIBDIR /usr/lib/ Directory for installing shared
library. Note: if the value is
not empty, it must end with a
slash ('/') otherwise it will not
be taken as a directory (but as
the beginning of a path).
confSHELL /bin/sh The shell to use inside make.
confSM_OS_HEADER [varies] The name of the platform specific
include file. Undefine this if
libsm is not used.
confSMOBJADD [empty] Objects that should be included in
when linking sendmail. See also
confSMSRCADD.
confSMSRCADD [empty] C source files which correspond to
objects listed in confSMOBJADD.
confSMSRCDIR [varies] The sendmail source directory
relative to support program obj.*
directories. If not set, the
Makefile will use a path set by the
Build script.
confSRCADD [empty] C source files which correspond to
objects listed in confOBJADD.
confSRCDIR [varies] The root of the source directories
relative to support program obj.*
directories. If not set, the
Makefile will use a path set by the
Build script.
confSONAME [empty] ld flag for recording the shared object
name into shared object.
confSTDIR /etc/mail The directory in which to store the
sendmail statistics file.
confSTFILE statistics Name of the installed statistics file.
confSTMODE 0600 Mode of the installed statistics file.
confSTRIP strip What program to use for stripping
executables.
confSTRIPOPTS [empty] Options to pass to the strip program.
confUBINDIR /usr/bin The directory for user-executable
binaries.
confUBINGRP bin The group for user-executable binaries.
confUBINMODE 555 The mode for user-executable binaries.
confUBINOWN bin The owner for user-executable binaries.
There are also program specific variables for each of the programs
in the sendmail distribution. Each has the form `conf_prog_ENVDEF',
for example, `conf_sendmail_ENVDEF'. If the program name contains
a '.' it must be replaced by '_' first, e.g., use `conf_mail_local_LIBS'
instead of `conf_mail.local_LIBS'. The variables are:
conf_prog_ENVDEF [empty] -D flags passed to C compiler when
compiling prog.
conf_prog_LIB_POST [empty] -l flags passed to ld when linking
prog (after other libraries).
conf_prog_LIBS [varies] -l flags passed to ld when linking
prog (before other libraries).
conf_prog_OBJADD [empty] Additional object files given to ld
when linking prog.
conf_prog_SRCADD [empty] C source files to compile and link
for prog.
The order of the different conf*LIBS* is as follows:
conf_prog_LIBS confLIBS conf_prog_LIB_POST
----------------------------------------------------------------
----------------
New build system
----------------
Sendmail's build system has undergone some rearrangement to accommodate
future development. To the end user building sendmail from a distribution,
this should have little effect. All the same configuration files and macros
should still behave the same.
If you need to make some radical changes to a Makefile.m4 or are adding new
libraries or utilities, you may want to read the rest of this document on
how to work with the new system.
--------
Overview
--------
The purpose of the redesign is twofold. First, it cuts down massively on
replicated information. Second, the new design should lend itself better to
working on platforms with somewhat different build tools than on standard
unix.
The main idea is to have the Makefile.m4 in each subdirectory contain the
minimum amount of information needed to describe the elements needed for
the build process and the products produced.
Each product has a type and each type has a template that provides a basic
makefile for that type. Right now the templates are organized by the broad
type of the operating system. The two existing types are UNIX and NT.
------------------
Makefile.m4 basics
------------------
Each Makefile.m4 is split into separate products. For the most part, the
products are considered totally separate from other products in the
Makefile.m4. Each products is delineated by two macros: bldPRODUCT_START and
bldPRODUCT_END.
The form for bldPRODUCT_START is:
bldPRODUCT_START(<product_type>, <product_name>)
where <product_type> is the type of product to be produced (e.g., executable,
library, manpage) and <product_name> is a unique identifier within the
product_type name space for this Makefile.m4
The form for bldPRODUCT_END is:
bldPRODUCT_END
This is marks the end of all the information for the current product.
There is one other macro required in any Makefile.m4 and that is bldFINISH
which takes no arguments and must appear after all the products have been
defined.
When the actual makefile is generated each product appears in two sections.
The first is where makefile variables are set (e.g., CFLAGS=-O). The second
is where the targets appear (e.g., foo.o: foo.c). Anything diverted to
bldTARGETS_SECTION ends up in the second part of the makefile. Anything
else turns up in the header part where variables are defined.
As always, any straight text put into Makefile.m4 will just show up as is
in the finished makefile.
-------------
Product Types
-------------
executable
----------
This means an executable created from C sources. The name of the executable
is derived from the product_name in the bldPRODUCT_START macro.
bldSOURCES - This should be defined to a space separated list of source
files that make up the executable.
bldBIN_TYPE - This determines where the binaries will be installed and what
permissions they will have. Available types are `M', `U', `K', `S', and `E'.
See M4/UNIX/make/executable.m4 for what the different types mean.
bldTARGET_LINKS - This determines where additional symbolic links to the
executable are placed. These should be full pathnames, separated by
spaces.
test
----
This is just like 'executable', but is used for test programs.
The program cannot be installed. Each time it is built, it is executed
by make with no arguments.
manpage
-------
This builds manpages from source using *roff.
bldSOURCES - This should be defined to a space separated list of man source
files.
library
-------
This builds a static library from C sources.
bldSOURCES - This should be defined to a space separated list of C source
files that make up the library.
bldINSTALLABLE - This should be set if the library should be installed in
confLIBDIR.
$Revision: 8.104 $, Last updated $Date: 2012-01-21 00:07:06 $
diff --git a/devtools/bin/Build b/devtools/bin/Build
index 4a1604c489f1..5f03a02e10cf 100755
--- a/devtools/bin/Build
+++ b/devtools/bin/Build
@@ -1,824 +1,826 @@
#!/bin/sh
# Copyright (c) 1998-2002, 2008 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1993, 1996-1997 Eric P. Allman. All rights reserved.
# Copyright (c) 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
# $Id: Build,v 8.189 2013-12-02 22:11:07 gshapiro Exp $
#
#
# A quick-and-dirty script to compile sendmail and related programs
# in the presence of multiple architectures. To use, just use
# "sh Build".
#
trap "rm -f $obj/.settings$$; exit" 1 2 3 15
cflag=""
mflag=""
Mflag=""
Aflag=""
sflag=""
makeargs=""
libdirs=""
incdirs=""
libsrch=""
libpath=""
siteconfig=""
pfx=""
obj=""
oscf=""
arch=""
os=""
rel=""
mkdir="mkdir -p"
SENDMAIL_BUILD_FLAGS=""
EX_OK=0
EX_USAGE=64
EX_NOINPUT=66
EX_UNAVAILABLE=69
SHELL=/bin/sh
# default to a optimized build to behave like the old system.
build_variant="optimized"
full_src_dir=`pwd`
if [ -z "$src_dir" ]
then
src_dir=`basename ${full_src_dir}`
fi
absolute_base_dir=`echo ${full_src_dir} | sed "s#${src_dir}\\$##"`
obj_rel_base_dir='../..'
while [ ! -z "$1" ]
do
case $1
in
-src) # Specify pathname of source directory relative to
# root of cvs tree. This relative pathname may have
# multiple components, as in 'foo/bar/baz', and will also
# be used to form the pathname of the object directory.
shift
arg=$1
if [ -z "$arg" ]
then
echo "Missing arg for -src" >&2
exit $EX_USAGE
fi
case $arg
in
/*) echo "Arg for -src must not begin with / ($arg)" >&2
exit $EX_USAGE
;;
esac
src_dir="$arg"
absolute_base_dir=`echo ${full_src_dir} | sed "s;/${src_dir}$;;"`
obj_rel_base_dir=`echo x/${src_dir} | sed "s;[^/][^/]*;..;g"`
SMROOT=${absolute_base_dir}
shift
;;
-c) # clean out existing $obj tree
cflag=1
SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS $1"
shift
;;
-m) # show Makefile name only
mflag=1
shift
;;
-M) # show the name of the obj. directory
Mflag=1
shift
;;
-A) # show the name of the architecture
Aflag=1
shift
;;
-E*) # environment variables to pass into Build
arg=`echo $1 | sed 's/^-E//'`
if [ -z "$arg" ]
then
shift # move to argument
arg=$1
fi
if [ -z "$arg" ]
then
echo "Empty -E flag" >&2
exit $EX_USAGE
else
case $arg
in
*=*) # check format
eval $arg
export `echo $arg | sed 's;=.*;;'`
SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS -E \"$arg\""
;;
*) # bad format
echo "Bad format for -E argument ($arg)" >&2
exit $EX_USAGE
;;
esac
shift
fi
;;
-L*) # set up LIBDIRS
libdirs="$libdirs $1"
SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS $1"
shift
;;
-I*) # set up INCDIRS
incdirs="$incdirs $1"
SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS $1"
shift
;;
-f*) # select site config file
arg=`echo $1 | sed 's/^-f//'`
if [ -z "$arg" ]
then
shift # move to argument
arg=$1
fi
if [ "$pfx" ]
then
echo "May not use -f and -Q together"
exit $EX_USAGE
fi
if [ "$siteconfig" ]
then
echo "Only one -f flag allowed" >&2
exit $EX_USAGE
else
siteconfig=$arg
if [ -z "$siteconfig" ]
then
echo "Missing argument for -f flag" >&2
exit $EX_USAGE
elif [ ! -f "$siteconfig" ]
then
echo "${siteconfig}: File not found"
exit $EX_NOINPUT
else
shift # move past argument
case $arg
in
/*)
SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS -f \"$siteconfig\""
;;
*)
SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS -f \"${full_src_dir}/$siteconfig\""
;;
esac
fi
fi
;;
-O*) # Set object directory manually.
arg="`echo $1 | sed 's/^-O//'`"
if [ -z "$arg" ]
then
shift # move to argument
arg="$1"
fi
case $arg
in
/*)
OBJ_ROOT="$arg"
SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS -O \"$OBJ_ROOT\""
obj_rel_base_dir=$absolute_base_dir
;;
*)
echo "Absolute directory path required for -O flag" >&2
exit $EX_USAGE
;;
esac
shift
;;
-S) # skip auto-configure
sflag="-s"
SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS $1"
shift
;;
-Q*) # Select a prefix for the Site/*.config.m4 file
arg=`echo $1 | sed 's/^-Q//'`
if [ -z "$arg" ]
then
shift # move to argument
arg=$1
fi
if [ -z "$arg" ]
then
echo "Empty -Q flag" >&2
exit $EX_USAGE
elif [ "$siteconfig" ]
then
echo "May not use -Q and -f together" >&2
exit $EX_USAGE
elif [ "$pfx" ]
then
echo "Only one -Q allowed" >&2
exit $EX_USAGE
else
pfx=$arg
SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS -Q \"$pfx\""
fi
shift
;;
-v) # Select a build variant: debug, optimized, purify, whatever.
shift
build_variant=$1
if [ -z "$build_variant" ]
then
echo "Usage error with \"-v\" <build_variant>" >&2
echo "You must specify exactly one build variant of debug|optimized|purify" >&2
exit $EX_USAGE
fi
shift
;;
*) # pass argument to make
makeargs="$makeargs \"$1\""
#SENDMAIL_BUILD_FLAGS="$SENDMAIL_BUILD_FLAGS \"$1\""
shift
;;
esac
done
# process selected build variant.
case $build_variant in
debug)
M4_BLDVARIANT_FLAGS="-DconfBLDVARIANT=DEBUG"
;;
optimized)
M4_BLDVARIANT_FLAGS="-DconfBLDVARIANT=OPTIMIZED"
;;
purify)
M4_BLDVARIANT_FLAGS="-DconfBLDVARIANT=PURIFY"
echo "Sorry, the purify build variant has not been plumbed yet. (Bummer.)" >&2
exit $EX_USAGE
;;
*)
exit $EX_USAGE
;;
esac
#
# Do heuristic guesses !ONLY! for machines that do not have uname
#
if [ -d /NextApps -a ! -f /bin/uname -a ! -f /usr/bin/uname ]
then
# probably a NeXT box
arch=`hostinfo | sed -n 's/.*Processor type: \([^ ]*\).*/\1/p'`
os=NeXT
rel=`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`
elif [ -f /usr/sony/bin/machine -a -f /etc/osversion ]
then
# probably a Sony NEWS 4.x
os=NEWS-OS
rel=`awk '{ print $3}' /etc/osversion`
arch=`/usr/sony/bin/machine`
elif [ -d /usr/omron -a -f /bin/luna ]
then
# probably a Omron LUNA
os=LUNA
if [ -f /bin/luna1 ] && /bin/luna1
then
rel=unios-b
arch=luna1
elif [ -f /bin/luna2 ] && /bin/luna2
then
rel=Mach
arch=luna2
elif [ -f /bin/luna88k ] && /bin/luna88k
then
rel=Mach
arch=luna88k
fi
elif [ -d /usr/apollo -a -d \`node_data ]
then
# probably a Apollo/DOMAIN
os=DomainOS
arch=$ISP
rel=`/usr/apollo/bin/bldt | grep Domain | awk '{ print $4 }' | sed -e 's/,//g'`
fi
if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
then
arch=`uname -m | sed -e 's/ //g' -e 's/\//-/g'`
os=`uname -s | sed -e 's/\//-/g' -e 's/ //g'`
rel=`uname -r | sed -e 's/(/-/g' -e 's/)//g' -e 's/ //g'`
fi
#
# Tweak the values we have already got. PLEASE LIMIT THESE to
# tweaks that are absolutely necessary because your system uname
# routine doesn't return something sufficiently unique. Don't do
# it just because you don't like the name that is returned. You
# can combine the architecture name with the os name to create a
# unique Makefile name.
#
# tweak machine architecture
case $arch
in
sun4*) arch=sun4;;
9000/*) arch=`echo $arch | sed -e 's/9000.//' -e 's/..$/xx/'`;;
DS/907000) arch=ds90;;
NILE*) arch=NILE
os=`uname -v`;;
CRAYT3E) os=UNICOS-mk;;
CRAY[CJT]90*|CRAYTS|CRAYSV1*|CRAYY-MP)
os=UNICOS;;
esac
# tweak operating system type and release
node=`uname -n | sed -e 's/\//-/g' -e 's/ //g'`
if [ "$os" = "$node" -a "$arch" = "i386" -a "$rel" = 3.2 -a "`uname -v`" = 2 ]
then
# old versions of SCO UNIX set uname -s the same as uname -n
os=SCO_SV
fi
if [ "$rel" = 4.0 ]
then
case $arch in
3[34]??|3[34]??,*|3[34]??[A-Z]|4[48]??|56??)
if [ -d /usr/sadm/sysadm/add-ons/WIN-TCP ]
then
os=NCR.MP-RAS
rel=2.x
arch=i486
elif [ -d /usr/sadm/sysadm/add-ons/inet ]
then
os=NCR.MP-RAS
rel=3.x
arch=i486
fi
;;
esac
fi
case $os
in
DYNIX-ptx) os=PTX;;
Paragon*) os=Paragon;;
HP-UX) rel=`echo $rel | sed -e 's/^[^.]*\.0*//'`;;
AIX) osl=""
if [ -x /bin/lslpp ]
then
osl=`/bin/lslpp -Lcq bos.rte | cut -f3 -d: | cut -f1-3 -d. 2>/dev/null`
if [ $? = 0 -a -n "$osl" ]
then
rel=$osl
else
# command failed; fall back to old method
osl=""
fi
fi
# check whether it worked
if [ -z "$osl" ]
then
rela=$rel
rel=`uname -v`
rel=$rel.$rela
fi
arch=PPC
;;
BSD-386) os=BSD-OS;;
SCO_SV) rel=`uname -X | sed -n 's/Release = //p'`
if [ "$rel" = "5v6.0.0" ]
then
os=OSR; rel=`uname -X | sed -n 's/Release = //p'`
else
os=SCO; rel=`uname -X | sed -n 's/Release = 3.2v//p'`
fi;;
UNIX_System_V) if [ "$arch" = "ds90" ]
then
os="UXPDS"
rel=`uname -v | sed -e 's/\(V.*\)L.*/\1/'`
fi;;
ReliantUNIX-?|SINIX-?) os=SINIX;;
DomainOS) case $rel in
10.4*) rel=10.4;;
esac
;;
IRIX*) rel=`echo $rel | sed -e 's/-.*$//'`;;
NeXT) mkdir="mkdirs";;
UNICOSMK) rel=`echo $rel | sed -e 's/\(.*\)\.\(.*\)\.\(.*\)\..*$/\1.\2.\3/'`;;
UNICOS*) rel=`echo $rel | sed -e 's/\(.*\)\.\(.*\)\..*$/\1.\2/'`;;
esac
# get "base part" of operating system release
rroot=`echo $rel | sed -e 's/\.[^.]*$//'`
rbase=`echo $rel | sed -e 's/\..*//'`
if [ "$rroot" = "$rbase" ]
then
rroot=$rel
fi
# heuristic tweaks to clean up names -- PLEASE LIMIT THESE!
if [ "$os" = "unix" ]
then
# might be Altos System V
case $rel
in
5.3*) os=Altos;;
esac
elif [ -r /unix -a -r /usr/lib/libseq.a -a -r /lib/cpp ]
then
# might be a DYNIX/ptx 2.x system, which has a broken uname
if strings /lib/cpp | grep _SEQUENT_ > /dev/null
then
os=PTX
fi
elif [ -d /usr/nec ]
then
# NEC machine -- what is it running?
if [ "$os" = "UNIX_System_V" ]
then
os=EWS-UX_V
elif [ "$os" = "UNIX_SV" ]
then
os=UX4800
fi
elif [ "$arch" = "mips" ]
then
case $rel
in
4_*)
if [ `uname -v` = "UMIPS" ]
then
os=RISCos
fi;;
esac
fi
# see if there is a "user suffix" specified
if [ "${SENDMAIL_SUFFIX-}x" = "x" ]
then
sfx=""
else
sfx=".${SENDMAIL_SUFFIX}"
fi
if [ ! -n "$Mflag" -a ! -n "$Aflag" ]
then
echo "Configuration: pfx=$pfx, os=$os, rel=$rel, rbase=$rbase, rroot=$rroot, arch=$arch, sfx=$sfx, variant=$build_variant"
fi
SMROOT=${SMROOT-`(cd ..;pwd)`}
BUILDTOOLS=${BUILDTOOLS-$SMROOT/devtools}
export SMROOT BUILDTOOLS
# see if we are in a Build-able directory
if [ ! -f Makefile.m4 -a ! -n "$Aflag" ]; then
echo "Makefile.m4 not found. Build can only be run from a source directory."
exit $EX_UNAVAILABLE
fi
incdirs="$incdirs -I\${SRCDIR}/include"
if [ -z "$OBJ_ROOT" ]; then
OBJ_ROOT=${SMROOT}
fi
if [ "${pfx}x" = "x" ]
then
prefix=""
else
prefix=".$pfx"
fi
# Print out the architecture (to build up an obj dir path) and exit
if [ -n "$Aflag" ]
then
echo "$os.$rel.$arch$sfx"
exit $EX_OK
fi
# now try to find a reasonable object directory
if [ -r ${OBJ_ROOT}/obj${prefix}.$os.$rel.$arch$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$os.$rel.$arch$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$os.$rroot.$arch$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$os.$rroot.$arch$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$os.$rbase.x.$arch$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$os.$rbase.x.$arch$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$os.$rel$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$os.$rel$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$os.$rbase.x$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$os.$rbase.x$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$os.$arch$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$os.$arch$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$rel.$arch$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$rel.$arch$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$rbase.x.$arch$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$rbase.x.$arch$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$os$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$os$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$arch$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$arch$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$rel$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$rel$sfx
elif [ -r ${OBJ_ROOT}/obj${prefix}.$sfx ]; then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$sfx
+elif [ -r ${OBJ_ROOT}/obj${prefix}$sfx ]; then
+ abs_obj_dir=${OBJ_ROOT}/obj${prefix}$sfx
fi
if [ -n "$abs_obj_dir" ]
then
obj=${abs_obj_dir}/${src_dir}
fi
# Print the directory which would be used for the build and exit
if [ -n "$Mflag" ]
then
if [ ! -n "$obj" ]
then
obj=${OBJ_ROOT}/obj.$os.$rel.$arch$sfx/${src_dir}
fi
echo "$obj"
exit $EX_OK
fi
# Check if trying to use -f with an existing obj directory
if [ -n "$siteconfig" -a -n "$obj" -a -d "$obj" -a -z "$cflag" ]
then
echo "Can not use Build's -f flag with an existing object tree."
echo "If you wish to change configuration information, use the -c flag to clear"
echo "the existing $obj tree."
exit $EX_USAGE
fi
# Check if trying to use -Q with an existing obj directory
if [ -n "$pfx" -a -n "$obj" -a -d "$obj" -a -z "$cflag" ]
then
echo "Can not use Build's -Q flag with an existing object tree."
echo "If you wish to change configuration information, use the -c flag to clear"
echo "the existing $obj tree."
exit $EX_USAGE
fi
# Clean out the directory before building.
if [ "$cflag" ]
then
if [ -n "$obj" ]
then
echo "Clearing out existing $obj tree"
rm -rf $obj
fi
fi
# If we didn't detect an existing obj directory, makeup a new obj name.
if [ -z "$obj" ]
then
abs_obj_dir=${OBJ_ROOT}/obj${prefix}.$os.$rel.$arch$sfx
obj=${abs_obj_dir}/${src_dir}
fi
# Check if obj directory exists
if [ ! -r "$obj" ]
then
if [ -r $BUILDTOOLS/OS/$os.$rel.$arch$sfx ]; then
oscf=$os.$rel.$arch$sfx
elif [ -r $BUILDTOOLS/OS/$os.$rel.$arch ]; then
oscf=$os.$rel.$arch
elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch$sfx ]; then
oscf=$os.$rroot.$arch$sfx
elif [ -r $BUILDTOOLS/OS/$os.$rroot.$arch ]; then
oscf=$os.$rroot.$arch
elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch$sfx ]; then
oscf=$os.$rbase.x.$arch$sfx
elif [ -r $BUILDTOOLS/OS/$os.$rbase.x.$arch ]; then
oscf=$os.$rbase.x.$arch
elif [ -r $BUILDTOOLS/OS/$os.$rel$sfx ]; then
oscf=$os.$rel$sfx
elif [ -r $BUILDTOOLS/OS/$os.$rel ]; then
oscf=$os.$rel
elif [ -r $BUILDTOOLS/OS/$os.$rroot$sfx ]; then
oscf=$os.$rroot$sfx
elif [ -r $BUILDTOOLS/OS/$os.$rroot ]; then
oscf=$os.$rroot
elif [ -r $BUILDTOOLS/OS/$os.$rbase.x$sfx ]; then
oscf=$os.$rbase.x$sfx
elif [ -r $BUILDTOOLS/OS/$os.$rbase.x ]; then
oscf=$os.$rbase.x
elif [ -r $BUILDTOOLS/OS/$os.$arch$sfx ]; then
oscf=$os.$arch$sfx
elif [ -r $BUILDTOOLS/OS/$os.$arch ]; then
oscf=$os.$arch
elif [ -r $BUILDTOOLS/OS/$rel.$arch$sfx ]; then
oscf=$rel.$arch$sfx
elif [ -r $BUILDTOOLS/OS/$rel.$arch ]; then
oscf=$rel.$arch
elif [ -r $BUILDTOOLS/OS/$rroot.$arch$sfx ]; then
oscf=$rroot.$arch$sfx
elif [ -r $BUILDTOOLS/OS/$rroot.$arch ]; then
oscf=$rroot.$arch
elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch$sfx ]; then
oscf=$rbase.x.$arch$sfx
elif [ -r $BUILDTOOLS/OS/$rbase.x.$arch ]; then
oscf=$rbase.x.$arch
elif [ -r $BUILDTOOLS/OS/$os$sfx ]; then
oscf=$os$sfx
elif [ -r $BUILDTOOLS/OS/$os ]; then
oscf=$os
elif [ -r $BUILDTOOLS/OS/$arch$sfx ]; then
oscf=$arch$sfx
elif [ -r $BUILDTOOLS/OS/$arch ]; then
oscf=$arch
elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
oscf=$rel$sfx
elif [ -r $BUILDTOOLS/OS/$rel ]; then
oscf=$rel
elif [ -r $BUILDTOOLS/OS/$rel$sfx ]; then
oscf=$rel$sfx
else
echo "Cannot determine how to support $os.$rel.$arch" >&2
exit $EX_UNAVAILABLE
fi
M4=`$SHELL $BUILDTOOLS/bin/find_m4.sh`
ret=$?
if [ $ret -ne 0 ]
then
exit $ret
fi
echo "Using M4=$M4"
export M4
if [ "$mflag" ]
then
echo "Will run in virgin $obj using $BUILDTOOLS/OS/$oscf"
exit $EX_OK
fi
echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
${mkdir} $obj
ln="ln -s"
(cd $obj
# This glob doesn't actually glob to something everywhere,
# thus the protective measures.
for i in ${obj_rel_base_dir}/${src_dir}/*.[chly13458]
do
if [ -f $i ]
then
$ln $i .
fi
done
# This glob doesn't actually glob to something everywhere,
# thus the protective measures.
for i in ${obj_rel_base_dir}/${src_dir}/*.0
do
if [ -f $i ]
then
$ln $i `basename $i`.dist
fi
done)
if [ -f helpfile ]
then
(cd $obj; $ln ${obj_rel_base_dir}/${src_dir}/helpfile .)
fi
rm -f $obj/.settings$$
echo 'divert(-1)' > $obj/.settings$$
cat $BUILDTOOLS/M4/header.m4 >> $obj/.settings$$
echo "define(\`bldOS', \`\`$os'')" >> $obj/.settings$$
echo "define(\`bldREL', \`\`$rel'')" >> $obj/.settings$$
echo "define(\`bldARCH', \`\`$arch'')" >> $obj/.settings$$
cat $BUILDTOOLS/OS/$oscf >> $obj/.settings$$
cur_dir=`pwd`
cd $obj/..
absolute_obj_dir=`pwd`
cd $cur_dir
echo "ifdef(\`bldABS_OBJ_DIR',,\`define(\`bldABS_OBJ_DIR', \`$absolute_obj_dir')')" >> $obj/.settings$$
rel_src_dir="$obj_rel_base_dir/$src_dir"
echo "define(\`bldSRC_NAME', \`$src_dir')" >> $obj/.settings$$
echo "define(\`bldREL_SRC_DIR', \`$rel_src_dir')" >> $obj/.settings$$
if [ ! -z "$pfx" ]
then
# They gave us a specific prefix, let's try it out.
if [ -f $BUILDTOOLS/Site/$pfx.$oscf$sfx.m4 ]
then
siteconfig=$BUILDTOOLS/Site/$pfx.$oscf$sfx.m4
elif [ -f $BUILDTOOLS/Site/$pfx.$oscf.m4 ]
then
siteconfig=$BUILDTOOLS/Site/$pfx.$oscf.m4
fi
if [ -f $BUILDTOOLS/Site/$pfx.config.m4 ]
then
siteconfig="$BUILDTOOLS/Site/$pfx.config.m4 $siteconfig"
fi
elif [ -z "$siteconfig" ]
then
# none specified, use defaults
if [ -f $BUILDTOOLS/Site/site.$oscf$sfx.m4 ]
then
siteconfig=$BUILDTOOLS/Site/site.$oscf$sfx.m4
elif [ -f $BUILDTOOLS/Site/site.$oscf.m4 ]
then
siteconfig=$BUILDTOOLS/Site/site.$oscf.m4
fi
if [ -f $BUILDTOOLS/Site/site.config.m4 ]
then
siteconfig="$BUILDTOOLS/Site/site.config.m4 $siteconfig"
fi
if [ -f $BUILDTOOLS/Site/site.post.m4 ]
then
siteconfig="$siteconfig $BUILDTOOLS/Site/site.post.m4"
fi
fi
if [ ! -z "$siteconfig" ]
then
echo "Including $siteconfig"
cat $siteconfig >> $obj/.settings$$
fi
if [ "$libdirs" ]
then
echo "define(\`confLIBDIRS', confLIBDIRS \`\`$libdirs'')" >> $obj/.settings$$
fi
if [ "$incdirs" ]
then
echo "define(\`confINCDIRS', \`\`$incdirs'' confINCDIRS)" >> $obj/.settings$$
fi
echo "define(\`_SRC_PATH_', \`\`$obj_rel_base_dir'')" >> $obj/.settings$$
echo "define(\`bldSRC_PATH', \`\`$obj_rel_base_dir'')" >> $obj/.settings$$
echo 'divert(0)dnl' >> $obj/.settings$$
libdirs=`(cat $obj/.settings$$; echo "_SRIDBIL_= confLIBDIRS" ) | \
sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
${M4} ${M4_BLDVARIANT_FLAGS} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
grep "^_SRIDBIL_=" | \
sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_SRIDBIL_=//"`
libsrch=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCH" ) | \
sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
${M4} ${M4_BLDVARIANT_FLAGS} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
grep "^_HCRSBIL_=" | \
sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
libpath=`(cat $obj/.settings$$; echo "_HCRSBIL_= confLIBSEARCHPATH" ) | \
sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
${M4} ${M4_BLDVARIANT_FLAGS} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
grep "^_HCRSBIL_=" | \
sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_HCRSBIL_=//"`
soext=`(cat $obj/.settings$$; echo "_EMANOS_= confSHAREDLIB_EXT" ) | \
sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' | \
${M4} ${M4_BLDVARIANT_FLAGS} -DconfBUILDTOOLSDIR=$BUILDTOOLS - | \
grep "^_EMANOS_=" | \
sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e "s/^_EMANOS_=//" -e 's/^ //'`
echo 'divert(-1)' >> $obj/.settings$$
LIBDIRS="$libdirs" LIBSRCH="$libsrch" LIBPATH="$libpath" SITECONFIG="$siteconfig" SOEXT="$soext" $SHELL $BUILDTOOLS/bin/configure.sh $sflag $oscf >> $obj/.settings$$
echo 'divert(0)dnl' >> $obj/.settings$$
sed -e 's/\(.\)include/\1_include_/g' -e 's/#define/#_define_/g' -e 's/ //g' $obj/.settings$$ | \
${M4} ${M4_BLDVARIANT_FLAGS} -DconfBUILDTOOLSDIR=$BUILDTOOLS - Makefile.m4 | \
sed -e 's/#_define_/#define/g' -e 's/_include_/include/g' -e 's/ //g' > $obj/Makefile
# That ^M up there was added by quoting it in emacs.
# Make has problems if lines end in ^M^M, but not in ^M apparently
if [ $? -ne 0 -o ! -s $obj/Makefile ]
then
echo "ERROR: ${M4} failed; You may need a newer version of M4, at least as new as System V or GNU" 1>&2
rm -rf $obj
exit $EX_UNAVAILABLE
fi
rm -f $obj/.settings$$
echo "Making dependencies in $obj"
(cd $obj; ${MAKE-make} depend)
fi
if [ "$mflag" ]
then
makefile=`ls -l $obj/Makefile | sed 's/.* //'`
if [ -z "$makefile" ]
then
echo "ERROR: $obj exists but has no Makefile" >&2
exit $EX_NOINPUT
fi
echo "Will run in existing $obj using $makefile"
exit $EX_OK
fi
echo "Making in $obj"
cd $obj
eval exec ${MAKE-make} SENDMAIL_BUILD_FLAGS=\"$SENDMAIL_BUILD_FLAGS\" $makeargs
diff --git a/devtools/bin/configure.sh b/devtools/bin/configure.sh
index daa951551bc4..db85c9df2862 100755
--- a/devtools/bin/configure.sh
+++ b/devtools/bin/configure.sh
@@ -1,190 +1,192 @@
#!/bin/sh
# Copyright (c) 1998-2001 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
# $Id: configure.sh,v 8.48 2013-12-02 22:11:07 gshapiro Exp $
#
# Special script to autoconfigure for M4 generation of Makefile
#
SHELL=/bin/sh
os=""
resolver=""
sflag=""
bin_dir=`echo $0 | sed -e 's%\/[^/]*$%%'`
if [ ! -d $bin_dir ]
then
bin_dir="."
fi
find_prog=$bin_dir/find_in_path.sh
while [ ! -z "$1" ]
do
case $1
in
-s) # skip auto-configure
sflag=1
shift
;;
*) # OS definition
os=$1
shift
;;
esac
done
usewhoami=0
usehostname=0
for p in `echo $PATH | sed 's/:/ /g'`
do
if [ "x$p" = "x" ]
then
p="."
fi
if [ -f $p/whoami ]
then
usewhoami=1
if [ $usehostname -ne 0 ]
then
break;
fi
fi
if [ -f $p/hostname ]
then
usehostname=1
if [ $usewhoami -ne 0 ]
then
break;
fi
fi
done
if [ $usewhoami -ne 0 ]
then
user=`whoami`
else
user=$LOGNAME
fi
if [ $usehostname -ne 0 ]
then
host=`hostname`
else
host=`uname -n`
fi
if [ -z "$SOEXT" ]
then
SOEXT=".so"
fi
echo "PUSHDIVERT(0)"
echo "####################################################################"
echo "##### This file is automatically generated -- edit at your own risk"
echo '#####' Built by $user@$host
echo '#####' on `date` using template OS/$os
if [ ! -z "$SITECONFIG" ]
then
echo '#####' including $SITECONFIG
fi
echo '#####' in `pwd` | sed 's/\/tmp_mnt//'
echo "####################################################################"
echo ""
echo "POPDIVERT"
echo "define(\`__HOST__', \`$host')dnl"
echo "ifdef(\`confMAPDEF',, \`define(\`confMAPDEF', \`')')dnl"
echo "ifdef(\`confLIBS',, \`define(\`confLIBS', \`')')dnl"
LIBDIRS="$LIBDIRS $LIBPATH"
libs=""
mapdef=""
for l in $LIBSRCH
do
for p in `echo $LIBDIRS | sed -e 's/:/ /g' -e 's/^-L//g' -e 's/ -L/ /g'`
do
if [ "x$p" = "x" ]
then
p = "."
fi
if [ -f $p/lib$l.a -o -f $p/lib$l$SOEXT ]
then
- case $l
- in
+ case $l in
db)
mapdef="$mapdef -DNEWDB"
;;
+ cdb)
+ mapdef="$mapdef -DCDB"
+ ;;
bind|resolv)
if [ -n "$resolver" ]
then
continue
else
resolver=$l
fi
;;
44bsd)
if [ "x$resolver" != "xresolv" ]
then
continue
fi
;;
esac
libs="$libs -l$l"
break
fi
done
done
for p in `echo $PATH | sed 's/:/ /g'`
do
pbase=`echo $p | sed -e 's,/bin,,'`
if [ "x$p" = "x" ]
then
p="."
fi
if [ -f $p/mkdep ]
then
echo "ifdef(\`confDEPEND_TYPE',, \`define(\`confDEPEND_TYPE', \`BSD')')dnl"
fi
done
if [ -z "$sflag" ]
then
echo "define(\`confMAPDEF', \`$mapdef' confMAPDEF)dnl"
echo "define(\`confLIBS', \`$libs' confLIBS)dnl"
fi
if [ ! -z "`$SHELL $find_prog ranlib`" ]
then
echo "define(\`confRANLIB', \`ranlib')dnl"
fi
roff_progs="groff nroff"
for roff_prog in $roff_progs
do
if [ ! -z "`$SHELL $find_prog $roff_prog`" ]
then
found_roff=$roff_prog
break;
fi
done
case $found_roff
in
groff)
echo "ifdef(\`confNROFF',,\`define(\`confNROFF', \`$found_roff -Tascii')')dnl"
;;
nroff)
echo "ifdef(\`confNROFF',,\`define(\`confNROFF', \`$found_roff')')dnl"
;;
*)
echo "ifdef(\`confNROFF',,\`define(\`confNO_MAN_BUILD')')dnl"
;;
esac
diff --git a/doc/op/op.me b/doc/op/op.me
index 57e25cd0940f..4d7ead30d4bb 100644
--- a/doc/op/op.me
+++ b/doc/op/op.me
@@ -1,11760 +1,11938 @@
.\" Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.
.\" All rights reserved.
.\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
.\" Copyright (c) 1983, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" By using this file, you agree to the terms and conditions set
.\" forth in the LICENSE file which can be found at the top level of
.\" the sendmail distribution.
.\"
.\"
.\" $Id: op.me,v 8.759 2014-01-13 14:40:05 ca Exp $
.\"
.\" eqn op.me | pic | troff -me
.\"
.\" Define \(sc if not defined (for text output)
.\"
.if !c \(sc .char \(sc S
.\"
.\" Define \(dg as "*" for text output and create a new .DG macro
.\" which describes the symbol.
.\"
.if n .ds { [
.if n .ds } ]
.ie !c \(dg \{\
.char \(dg *
.de DG
an asterick
..
.\}
.el \{\
.de DG
a dagger
..
.\}
.\"
.\" Define \(dd as "#" for text output and create a new .DD macro
.\" which describes the symbol.
.\"
.ie !c \(dd \{\
.char \(dd #
.de DD
a pound sign
..
.\}
.el \{\
.de DD
a double dagger
..
.\}
.eh 'SMM:08-%''Sendmail Installation and Operation Guide'
.oh 'Sendmail Installation and Operation Guide''SMM:08-%'
.\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
.ds SD sbin
.\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb
.ds SB bin
.nr si 3n
.de $0
.(x
.in \\$3u*3n
.ti -3n
\\$2. \\$1
.)x
..
.de $C
.(x
.in 0
\\$1 \\$2. \\$3
.)x
..
.+c
.(l C
.sz 16
.b SENDMAIL\u\s-6TM\s0\d
.sz 12
.sp
.b "INSTALLATION AND OPERATION GUIDE"
.(f
.b DISCLAIMER:
This documentation is under modification.
.)f
.sz 10
.sp
.r
Eric Allman
Claus Assmann
Gregory Neil Shapiro
Proofpoint, Inc.
.sp
.de Ve
Version \\$2
..
-.Ve $Revision: 8.759 $
.rm Ve
.sp
-For Sendmail Version 8.15
+For Sendmail Version 8.16
.)l
.(f
Sendmail is a trademark of Proofpoint, Inc.
US Patent Numbers 6865671, 6986037.
.)f
.sp 2
.pp
.i Sendmail \u\s-2TM\s0\d
implements a general purpose internetwork mail routing facility
under the UNIX\(rg
operating system.
It is not tied to any one transport protocol \*-
its function may be likened to a crossbar switch,
relaying messages from one domain into another.
In the process,
it can do a limited amount of message header editing
to put the message into a format that is appropriate
for the receiving domain.
All of this is done under the control of a configuration file.
.pp
Due to the requirements of flexibility
for
.i sendmail ,
the configuration file can seem somewhat unapproachable.
However, there are only a few basic configurations
for most sites,
for which standard configuration files have been supplied.
Most other configurations
can be built by adjusting an existing configuration file
incrementally.
.pp
.i Sendmail
is based on
RFC 821 (Simple Mail Transport Protocol),
RFC 822 (Internet Mail Headers Format),
RFC 974 (MX routing),
RFC 1123 (Internet Host Requirements),
RFC 1413 (Identification server),
RFC 1652 (SMTP 8BITMIME Extension),
RFC 1869 (SMTP Service Extensions),
RFC 1870 (SMTP SIZE Extension),
RFC 1891 (SMTP Delivery Status Notifications),
RFC 1892 (Multipart/Report),
RFC 1893 (Enhanced Mail System Status Codes),
RFC 1894 (Delivery Status Notifications),
RFC 1985 (SMTP Service Extension for Remote Message Queue Starting),
RFC 2033 (Local Message Transmission Protocol),
RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes),
RFC 2045 (MIME),
RFC 2476 (Message Submission),
RFC 2487 (SMTP Service Extension for Secure SMTP over TLS),
RFC 2554 (SMTP Service Extension for Authentication),
RFC 2821 (Simple Mail Transfer Protocol),
RFC 2822 (Internet Message Format),
RFC 2852 (Deliver By SMTP Service Extension),
+RFC 2920 (SMTP Service Extension for Command Pipelining),
and
-RFC 2920 (SMTP Service Extension for Command Pipelining).
+RFC 7505 (A "Null MX" No Service Resource Record for Domains That Accept No Mail).
However, since
.i sendmail
is designed to work in a wider world,
in many cases it can be configured to exceed these protocols.
These cases are described herein.
.pp
Although
.i sendmail
is intended to run
without the need for monitoring,
it has a number of features
that may be used to monitor or adjust the operation
under unusual circumstances.
These features are described.
.pp
Section one describes how to do a basic
.i sendmail
installation.
Section two
explains the day-to-day information you should know
to maintain your mail system.
If you have a relatively normal site,
these two sections should contain sufficient information
for you to install
.i sendmail
and keep it happy.
Section three
has information regarding the command line arguments.
Section four
describes some parameters that may be safely tweaked.
Section five
contains the nitty-gritty information about the configuration
file.
This section is for masochists
and people who must write their own configuration file.
Section six
describes configuration that can be done at compile time.
The appendixes give a brief
but detailed explanation of a number of features
not described in the rest of the paper.
.bp 7
.sh 1 "BASIC INSTALLATION"
.pp
There are two basic steps to installing
.i sendmail .
First, you have to compile and install the binary.
If
.i sendmail
has already been ported to your operating system
that should be simple.
Second, you must build a run-time configuration file.
This is a file that
.i sendmail
reads when it starts up
that describes the mailers it knows about,
how to parse addresses,
how to rewrite the message header,
and the settings of various options.
Although the configuration file can be quite complex,
a configuration can usually be built
using an M4-based configuration language.
Assuming you have the standard
.i sendmail
distribution, see
.i cf/README
for further information.
.pp
The remainder of this section will describe the installation of
.i sendmail
assuming you can use one of the existing configurations
and that the standard installation parameters are acceptable.
All pathnames and examples
are given from the root of the
.i sendmail
subtree,
normally
.i /usr/src/usr.\*(SD/sendmail
on 4.4BSD-based systems.
.pp
Continue with the next section if you need/want to compile
.i sendmail
yourself.
If you have a running binary already on your system,
you should probably skip to section 1.2.
.sh 2 "Compiling Sendmail"
.pp
All
.i sendmail
source is in the
.i sendmail
subdirectory.
To compile sendmail,
.q cd
into the
.i sendmail
directory and type
.(b
\&./Build
.)b
This will leave the binary in an appropriately named subdirectory,
e.g.,
obj.BSD-OS.2.1.i386.
It works for multiple object versions
compiled out of the same directory.
.sh 3 "Tweaking the Build Invocation"
.pp
You can give parameters on the
.i Build
command.
In most cases these are only used when the
.i obj.*
directory is first created.
To restart from scratch, use
.i -c .
These commands include:
.nr ii 0.5i
.ip "\-L \fIlibdirs\fP"
A list of directories to search for libraries.
.ip "\-I \fIincdirs\fP"
A list of directories to search for include files.
.ip "\-E \fIenvar\fP=\fIvalue\fP"
Set an environment variable to an indicated
.i value
before compiling.
.ip "\-c"
Create a new
.i obj.*
tree before running.
.ip "\-f \fIsiteconfig\fP"
Read the indicated site configuration file.
If this parameter is not specified,
.i Build
includes
.i all
of the files
.i $BUILDTOOLS/Site/site.$oscf.m4
and
.i $BUILDTOOLS/Site/site.config.m4 ,
where $BUILDTOOLS is normally
.i \&../devtools
and $oscf is the same name as used on the
.i obj.*
directory.
See below for a description of the site configuration file.
.ip "\-S"
Skip auto-configuration.
.i Build
will avoid auto-detecting libraries if this is set.
All libraries and map definitions must be specified
in the site configuration file.
.lp
Most other parameters are passed to the
.i make
program; for details see
.i $BUILDTOOLS/README .
.sh 3 "Creating a Site Configuration File"
.\"XXX
.pp
-(This section is not yet complete.
-For now, see the file devtools/README for details.)
-See sendmail/README for various compilation flags that can be set.
+See sendmail/README for various compilation flags that can be set,
+and devtools/README for details how to set them.
.sh 3 "Tweaking the Makefile"
.pp
.\" .b "XXX This should all be in the Site Configuration File section."
.i Sendmail
supports two different formats
for the local (on disk) version of databases,
notably the
.i aliases
database.
At least one of these should be defined if at all possible.
.nr ii 1i
+.ip CDB
+Constant DataBase (tinycdb).
.ip NDBM
The ``new DBM'' format,
available on nearly all systems around today.
This was the preferred format prior to 4.4BSD.
It allows such complex things as multiple databases
and closing a currently open database.
.ip NEWDB
The Berkeley DB package.
If you have this, use it.
It allows
long records,
multiple open databases,
real in-memory caching,
and so forth.
You can define this in conjunction with
.sm NDBM ;
if you do,
old alias databases are read,
but when a new database is created it will be in NEWDB format.
As a nasty hack,
if you have NEWDB, NDBM, and NIS defined,
and if the alias file name includes the substring
.q /yp/ ,
.i sendmail
will create both new and old versions of the alias file
during a
.i newalias
command.
This is required because the Sun NIS/YP system
reads the DBM version of the alias file.
It's ugly as sin,
but it works.
.lp
If neither of these are defined,
.i sendmail
reads the alias file into memory on every invocation.
This can be slow and should be avoided.
There are also several methods for remote database access:
.ip LDAP
Lightweight Directory Access Protocol.
.ip NIS
Sun's Network Information Services (formerly YP).
.ip NISPLUS
Sun's NIS+ services.
.ip NETINFO
NeXT's NetInfo service.
.ip HESIOD
Hesiod service (from Athena).
.lp
Other compilation flags are set in
.i conf.h
and should be predefined for you
unless you are porting to a new environment.
For more options see
.i sendmail/README .
.sh 3 "Compilation and installation"
.pp
After making the local system configuration described above,
You should be able to compile and install the system.
The script
.q Build
is the best approach on most systems:
.(b
\&./Build
.)b
This will use
.i uname (1)
to create a custom Makefile for your environment.
.pp
If you are installing in the standard places,
you should be able to install using
.(b
\&./Build install
.)b
This should install the binary in
/usr/\*(SD
and create links from
/usr/\*(SB/newaliases
and
/usr/\*(SB/mailq
to
/usr/\*(SD/sendmail.
On most systems it will also format and install man pages.
Notice: as of version 8.12
.i sendmail
will no longer be installed set-user-ID root by default.
If you really want to use the old method, you can specify it as target:
.(b
\&./Build install-set-user-id
.)b
.sh 2 "Configuration Files"
.pp
.i Sendmail
cannot operate without a configuration file.
The configuration defines the mail delivery mechanisms understood at this site,
how to access them,
how to forward email to remote mail systems,
and a number of tuning parameters.
This configuration file is detailed
in the later portion of this document.
.pp
The
.i sendmail
configuration can be daunting at first.
The world is complex,
and the mail configuration reflects that.
The distribution includes an m4-based configuration package
that hides a lot of the complexity.
See
.i cf/README
for details.
.pp
Our configuration files are processed by
.i m4
to facilitate local customization;
the directory
.i cf
of the
.i sendmail
distribution directory
contains the source files.
This directory contains several subdirectories:
.nr ii 1i
.ip cf
Both site-dependent and site-independent descriptions of hosts.
These can be literal host names
(e.g.,
.q ucbvax.mc )
when the hosts are gateways
or more general descriptions
(such as
.q "generic-solaris2.mc"
as a general description of an SMTP-connected host
running Solaris 2.x.
Files ending
.b \&.mc
(``M4 Configuration'')
are the input descriptions;
the output is in the corresponding
.b \&.cf
file.
The general structure of these files is described below.
.ip domain
Site-dependent subdomain descriptions.
These are tied to the way your organization wants to do addressing.
For example,
.b domain/CS.Berkeley.EDU.m4
is our description for hosts in the CS.Berkeley.EDU subdomain.
These are referenced using the
.sm DOMAIN
.b m4
macro in the
.b \&.mc
file.
.ip feature
Definitions of specific features that some particular host in your site
might want.
These are referenced using the
.sm FEATURE
.b m4
macro.
An example feature is
use_cw_file
(which tells
.i sendmail
to read an /etc/mail/local-host-names file on startup
to find the set of local names).
.ip hack
Local hacks, referenced using the
.sm HACK
.b m4
macro.
Try to avoid these.
The point of having them here is to make it clear that they smell.
.ip m4
Site-independent
.i m4 (1)
include files that have information common to all configuration files.
This can be thought of as a
.q #include
directory.
.ip mailer
Definitions of mailers,
referenced using the
.sm MAILER
.b m4
macro.
The mailer types that are known in this distribution are
fax,
local,
smtp,
uucp,
and usenet.
For example, to include support for the UUCP-based mailers,
use
.q MAILER(uucp) .
.ip ostype
Definitions describing various operating system environments
(such as the location of support files).
These are referenced using the
.sm OSTYPE
.b m4
macro.
.ip sh
Shell files used by the
.b m4
build process.
You shouldn't have to mess with these.
.ip siteconfig
Local UUCP connectivity information.
This directory has been supplanted by the mailertable feature;
any new configurations should use that feature to do UUCP
(and other) routing.
The use of this directory is deprecated.
.pp
If you are in a new domain
(e.g., a company),
you will probably want to create a
cf/domain
file for your domain.
This consists primarily of relay definitions
and features you want enabled site-wide:
for example, Berkeley's domain definition
defines relays for
BitNET
and UUCP.
These are specific to Berkeley,
and should be fully-qualified internet-style domain names.
Please check to make certain they are reasonable for your domain.
.pp
Subdomains at Berkeley are also represented in the
cf/domain
directory.
For example,
the domain
CS.Berkeley.EDU
is the Computer Science subdomain,
EECS.Berkeley.EDU
is the Electrical Engineering and Computer Sciences subdomain,
and
S2K.Berkeley.EDU
is the Sequoia 2000 subdomain.
You will probably have to add an entry to this directory
to be appropriate for your domain.
.pp
You will have to use or create
.b \&.mc
files in the
.i cf/cf
subdirectory for your hosts.
This is detailed in the
cf/README
file.
.sh 2 "Details of Installation Files"
.pp
This subsection describes the files that
comprise the
.i sendmail
installation.
.sh 3 "/usr/\*(SD/sendmail"
.pp
The binary for
.i sendmail
is located in /usr/\*(SD\**.
.(f
\**This is usually
/usr/sbin
on 4.4BSD and newer systems;
many systems install it in
/usr/lib.
I understand it is in /usr/ucblib
on System V Release 4.
.)f
It should be set-group-ID smmsp as described in
sendmail/SECURITY.
For security reasons,
/, /usr, and /usr/\*(SD
should be owned by root, mode 0755\**.
.(f
\**Some vendors ship them owned by bin;
this creates a security hole that is not actually related to
.i sendmail .
Other important directories that should have restrictive ownerships
and permissions are
/bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
.)f
.sh 3 "/etc/mail/sendmail.cf"
.pp
This is the main configuration file for
.i sendmail \**.
.(f
\**Actually, the pathname varies depending on the operating system;
/etc/mail is the preferred directory.
Some older systems install it in
.b /usr/lib/sendmail.cf ,
and I've also seen it in
.b /usr/ucblib .
If you want to move this file,
add -D_PATH_SENDMAILCF=\e"/file/name\e"
to the flags passed to the C compiler.
Moving this file is not recommended:
other programs and scripts know of this location.
.)f
This is one of the two non-library file names compiled into
.i sendmail \**,
the other is /etc/mail/submit.cf.
.(f
\**The system libraries can reference other files;
in particular, system library subroutines that
.i sendmail
calls probably reference
.i /etc/passwd
and
.i /etc/resolv.conf .
.)f
.pp
The configuration file is normally created
using the distribution files described above.
If you have a particularly unusual system configuration
you may need to create a special version.
The format of this file is detailed in later sections
of this document.
.sh 3 "/etc/mail/submit.cf"
.pp
This is the configuration file for
.i sendmail
when it is used for initial mail submission, in which case
it is also called ``Mail Submission Program'' (MSP)
in contrast to ``Mail Transfer Agent'' (MTA).
Starting with version 8.12,
.i sendmail
uses one of two different configuration files based on its operation mode
(or the new
.b \-A
option).
For initial mail submission, i.e., if one of the options
.b \-bm
(default),
.b \-bs ,
or
.b \-t
is specified, submit.cf is used (if available),
for other operations sendmail.cf is used.
Details can be found in
.i sendmail/SECURITY .
submit.cf is shipped with sendmail (in cf/cf/) and is installed by default.
If changes to the configuration need to be made, start with
cf/cf/submit.mc and follow the instruction in cf/README.
.sh 3 "/usr/\*(SB/newaliases"
.pp
The
.i newaliases
command should just be a link to
.i sendmail :
.(b
rm \-f /usr/\*(SB/newaliases
ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
.)b
This can be installed in whatever search path you prefer
for your system.
.sh 3 "/usr/\*(SB/hoststat"
.pp
The
.i hoststat
command should just be a link to
.i sendmail ,
in a fashion similar to
.i newaliases .
This command lists the status of the last mail transaction
with all remote hosts. The
.b \-v
flag will prevent the status display from being truncated.
It functions only when the
.b HostStatusDirectory
option is set.
.sh 3 "/usr/\*(SB/purgestat"
.pp
This command is also a link to
.i sendmail .
It flushes expired (Timeout.hoststatus) information that is stored in the
.b HostStatusDirectory
tree.
.sh 3 "/var/spool/mqueue"
.pp
The directory
.i /var/spool/mqueue
should be created to hold the mail queue.
This directory should be mode 0700
and owned by root.
.pp
The actual path of this directory
is defined by the
.b QueueDirectory
option of the
.i sendmail.cf
file.
To use multiple queues,
supply a value ending with an asterisk.
For example,
.i /var/spool/mqueue/qd*
will use all of the directories or symbolic links to directories
beginning with `qd' in
.i /var/spool/mqueue
as queue directories.
Do not change the queue directory structure
while sendmail is running.
.pp
If these directories have subdirectories or symbolic links to directories
named `qf', `df', and `xf', then these will be used for the different
queue file types.
That is, the data files are stored in the `df' subdirectory,
the transcript files are stored in the `xf' subdirectory, and
all others are stored in the `qf' subdirectory.
.pp
If shared memory support is compiled in,
.i sendmail
stores the available diskspace in a shared memory segment
to make the values readily available to all children without
incurring system overhead.
In this case, only the daemon updates the data;
i.e., the sendmail daemon creates the shared memory segment
and deletes it if it is terminated.
To use this,
.i sendmail
must have been compiled with support for shared memory
(-DSM_CONF_SHM)
and the option
.b SharedMemoryKey
must be set.
Notice: do not use the same key for
.i sendmail
invocations with different queue directories
or different queue group declarations.
Access to shared memory is not controlled by locks,
i.e., there is a race condition when data in the shared memory is updated.
However, since operation of
.i sendmail
does not rely on the data in the shared memory, this does not negatively
influence the behavior.
.sh 3 "/var/spool/clientmqueue"
.pp
The directory
.i /var/spool/clientmqueue
should be created to hold the mail queue.
This directory should be mode 0770
and owned by user smmsp, group smmsp.
.pp
The actual path of this directory
is defined by the
.b QueueDirectory
option of the
.i submit.cf
file.
.sh 3 "/var/spool/mqueue/.hoststat"
.pp
This is a typical value for the
.b HostStatusDirectory
option,
containing one file per host
that this sendmail has chatted with recently.
It is normally a subdirectory of
.i mqueue .
.sh 3 "/etc/mail/aliases*"
.pp
The system aliases are held in
.q /etc/mail/aliases .
A sample is given in
.q sendmail/aliases
which includes some aliases which
.i must
be defined:
.(b
cp sendmail/aliases /etc/mail/aliases
.i "edit /etc/mail/aliases"
.)b
You should extend this file with any aliases that are apropos to your system.
.pp
Normally
.i sendmail
looks at a database version of the files,
stored either in
.q /etc/mail/aliases.dir
and
.q /etc/mail/aliases.pag
or
.q /etc/mail/aliases.db
depending on which database package you are using.
The actual path of this file
is defined in the
.b AliasFile
option of the
.i sendmail.cf
file.
.pp
The permissions of the alias file and the database versions
should be 0640 to prevent local denial of service attacks
as explained in the top level
.b README
in the sendmail distribution.
If the permissions 0640 are used, be sure that only trusted users belong
to the group assigned to those files. Otherwise, files should not even
be group readable.
.sh 3 "/etc/rc or /etc/init.d/sendmail"
.pp
It will be necessary to start up the
.i sendmail
daemon when your system reboots.
This daemon performs two functions:
it listens on the SMTP socket for connections
(to receive mail from a remote system)
and it processes the queue periodically
to insure that mail gets delivered when hosts come up.
.pp
If necessary, add the following lines to
.q /etc/rc
(or
.q /etc/rc.local
as appropriate)
in the area where it is starting up the daemons
on a BSD-base system,
or on a System-V-based system
in one of the startup files, typically
.q /etc/init.d/sendmail :
.(b
if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
(cd /var/spool/mqueue; rm \-f xf*)
/usr/\*(SD/sendmail \-bd \-q30m &
echo \-n ' sendmail' >/dev/console
fi
.)b
The
.q cd
and
.q rm
commands insure that all transcript files have been removed;
extraneous transcript files may be left around
if the system goes down in the middle of processing a message.
The line that actually invokes
.i sendmail
has two flags:
.q \-bd
causes it to listen on the SMTP port,
and
.q \-q30m
causes it to run the queue every half hour.
.pp
Some people use a more complex startup script,
removing zero length qf/hf/Qf files and df files for which there is no
qf/hf/Qf file.
Note this is not advisable.
For example, see Figure 1
for an example of a complex script which does this clean up.
.(z
.hl
#!/bin/sh
# remove zero length qf/hf/Qf files
for qffile in qf* hf* Qf*
do
if [ \-r $qffile ]
then
if [ ! \-s $qffile ]
then
echo \-n " <zero: $qffile>" > /dev/console
rm \-f $qffile
fi
fi
done
# rename tf files to be qf if the qf does not exist
for tffile in tf*
do
qffile=`echo $tffile | sed 's/t/q/'`
if [ \-r $tffile \-a ! \-f $qffile ]
then
echo \-n " <recovering: $tffile>" > /dev/console
mv $tffile $qffile
else
if [ \-f $tffile ]
then
echo \-n " <extra: $tffile>" > /dev/console
rm \-f $tffile
fi
fi
done
# remove df files with no corresponding qf/hf/Qf files
for dffile in df*
do
qffile=`echo $dffile | sed 's/d/q/'`
hffile=`echo $dffile | sed 's/d/h/'`
Qffile=`echo $dffile | sed 's/d/Q/'`
if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ]
then
echo \-n " <incomplete: $dffile>" > /dev/console
mv $dffile `echo $dffile | sed 's/d/D/'`
fi
done
# announce files that have been saved during disaster recovery
for xffile in [A-Z]f*
do
if [ \-f $xffile ]
then
echo \-n " <panic: $xffile>" > /dev/console
fi
done
.sp
.ce
Figure 1 \(em A complex startup script
.hl
.)z
.sh 3 "/etc/mail/helpfile"
.pp
This is the help file used by the SMTP
.b HELP
command.
It should be copied from
.q sendmail/helpfile :
.(b
cp sendmail/helpfile /etc/mail/helpfile
.)b
The actual path of this file
is defined in the
.b HelpFile
option of the
.i sendmail.cf
file.
.sh 3 "/etc/mail/statistics"
.pp
If you wish to collect statistics
about your mail traffic,
you should create the file
.q /etc/mail/statistics :
.(b
cp /dev/null /etc/mail/statistics
chmod 0600 /etc/mail/statistics
.)b
This file does not grow.
It is printed with the program
.q mailstats/mailstats.c.
The actual path of this file
is defined in the
.b S
option of the
.i sendmail.cf
file.
.sh 3 "/usr/\*(SB/mailq"
.pp
If
.i sendmail
is invoked as
.q mailq,
it will simulate the
.b \-bp
flag
(i.e.,
.i sendmail
will print the contents of the mail queue;
see below).
This should be a link to /usr/\*(SD/sendmail.
.sh 3 "sendmail.pid"
.pp
.i sendmail
stores its current pid in the file specified by the
.b PidFile
option (default is _PATH_SENDMAILPID).
.i sendmail
uses
.b TempFileMode
(which defaults to 0600) as
the permissions of that file
to prevent local denial of service attacks
as explained in the top level
.b README
in the sendmail distribution.
If the file already exists, then it might be necessary to
change the permissions accordingly, e.g.,
.(b
chmod 0600 /var/run/sendmail.pid
.)b
Note that as of version 8.13, this file is unlinked when
.i sendmail
exits.
As a result of this change, a script such as the following,
which may have worked prior to 8.13, will no longer work:
.(b
# stop & start sendmail
PIDFILE=/var/run/sendmail.pid
kill `head -1 $PIDFILE`
`tail -1 $PIDFILE`
.)b
because it assumes that the pidfile will still exist even
after killing the process to which it refers.
Below is a script which will work correctly
on both newer and older versions:
.(b
# stop & start sendmail
PIDFILE=/var/run/sendmail.pid
pid=`head -1 $PIDFILE`
cmd=`tail -1 $PIDFILE`
kill $pid
$cmd
.)b
This is just an example script, it does not perform any error checks,
e.g., whether the pidfile exists at all.
.sh 3 "Map Files"
.pp
To prevent local denial of service attacks
as explained in the top level
.b README
in the sendmail distribution,
the permissions of map files created by
.i makemap
should be 0640.
The use of 0640 implies that only trusted users belong to the group
assigned to those files.
If those files already exist, then it might be necessary to
change the permissions accordingly, e.g.,
.(b
cd /etc/mail
chmod 0640 *.db *.pag *.dir
.)b
.sh 1 "NORMAL OPERATIONS"
.sh 2 "The System Log"
.pp
The system log is supported by the
.i syslogd \|(8)
program.
All messages from
.i sendmail
are logged under the
.sm LOG_MAIL
facility\**.
.(f
\**Except on Ultrix,
which does not support facilities in the syslog.
.)f
.sh 3 "Format"
.pp
Each line in the system log
consists of a timestamp,
the name of the machine that generated it
(for logging from several machines
over the local area network),
the word
.q sendmail: ,
and a message\**.
.(f
\**This format may vary slightly if your vendor has changed
the syntax.
.)f
Most messages are a sequence of
.i name \c
=\c
.i value
pairs.
.pp
The two most common lines are logged when a message is processed.
The first logs the receipt of a message;
there will be exactly one of these per message.
Some fields may be omitted if they do not contain interesting information.
Fields are:
.ip from
The envelope sender address.
.ip size
The size of the message in bytes.
.ip class
The class (i.e., numeric precedence) of the message.
.ip pri
The initial message priority (used for queue sorting).
.ip nrcpts
The number of envelope recipients for this message
(after aliasing and forwarding).
.ip msgid
The message id of the message (from the header).
.ip bodytype
The message body type (7BIT or 8BITMIME),
as determined from the envelope.
.ip proto
The protocol used to receive this message (e.g., ESMTP or UUCP)
.ip daemon
The daemon name from the
.b DaemonPortOptions
setting.
.ip relay
The machine from which it was received.
.lp
There is also one line logged per delivery attempt
(so there can be several per message if delivery is deferred
or there are multiple recipients).
Fields are:
.ip to
A comma-separated list of the recipients to this mailer.
.ip ctladdr
The ``controlling user'', that is, the name of the user
whose credentials we use for delivery.
.ip delay
The total delay between the time this message was received
and the current delivery attempt.
.ip xdelay
The amount of time needed in this delivery attempt
(normally indicative of the speed of the connection).
.ip mailer
The name of the mailer used to deliver to this recipient.
.ip relay
The name of the host that actually accepted (or rejected) this recipient.
.ip dsn
The enhanced error code (RFC 2034) if available.
.ip stat
The delivery status.
.lp
Not all fields are present in all messages;
for example, the relay is usually not listed for local deliveries.
.sh 3 "Levels"
.pp
If you have
.i syslogd \|(8)
or an equivalent installed,
you will be able to do logging.
There is a large amount of information that can be logged.
The log is arranged as a succession of levels.
At the lowest level
only extremely strange situations are logged.
At the highest level,
even the most mundane and uninteresting events
are recorded for posterity.
As a convention,
log levels under ten
are considered generally
.q useful;
log levels above 64
are reserved for debugging purposes.
Levels from 11\-64 are reserved for verbose information
that some sites might want.
.pp
A complete description of the log levels
is given in section ``Log Level''.
.sh 2 "Dumping State"
.pp
You can ask
.i sendmail
to log a dump of the open files
and the connection cache
by sending it a
.sm SIGUSR1
signal.
The results are logged at
.sm LOG_DEBUG
priority.
.sh 2 "The Mail Queues"
.pp
Mail messages may either be delivered immediately or be held for later
delivery.
Held messages are placed into a holding directory called a mail queue.
.pp
A mail message may be queued for these reasons:
.bu
If a mail message is temporarily undeliverable, it is queued
and delivery is attempted later.
If the message is addressed to multiple recipients, it is queued
only for those recipients to whom delivery is not immediately possible.
.bu
If the SuperSafe option is set to true,
all mail messages are queued while delivery is attempted.
.bu
If the DeliveryMode option is set to queue-only or defer,
all mail is queued, and no immediate delivery is attempted.
.bu
If the load average becomes higher than the value of the QueueLA option
and the
.b QueueFactor
(\c
.b q )
option divided by the difference in the current load average and the
.b QueueLA
option plus one
is less than the priority of the message,
messages are queued rather than immediately delivered.
.bu
One or more addresses are marked as expensive and delivery is postponed
until the next queue run or one or more address are marked as held via
mailer which uses the hold mailer flag.
.bu
The mail message has been marked as quarantined via a mail filter or
rulesets.
.sh 3 "Queue Groups and Queue Directories"
.pp
There are one or more mail queues.
Each mail queue belongs to a queue group.
There is always a default queue group that is called ``mqueue''
(which is where messages go by default unless otherwise specified).
The directory or directories which comprise the default queue group
are specified by the QueueDirectory option.
There are zero or more
additional named queue groups declared using the
.b Q
command in the configuration file.
.pp
By default, a queued message is placed in the queue group
associated with the first recipient in the recipient list.
A recipient address is mapped to a queue group as follows.
First, if there is a ruleset called ``queuegroup'',
and if this ruleset maps the address to a queue group name,
then that queue group is chosen.
-That is, the argument for the ruleset is the recipient address
+That is, the argument for the ruleset is
+the recipient address
+(i.e., the address part of the resolved triple)
and the result should be
.b $#
followed by the name of a queue group.
Otherwise, if the mailer associated with the address specifies
a queue group, then that queue group is chosen.
Otherwise, the default queue group is chosen.
.pp
A message with multiple recipients will be split
if different queue groups are chosen
by the mapping of recipients to queue groups.
.pp
When a message is placed in a queue group, and the queue group has
more than one queue, a queue is selected randomly.
.pp
If a message with multiple recipients is placed into a queue group
with the 'r' option (maximum number of recipients per message)
set to a positive value
.i N ,
and if there are more than
.i N
recipients
in the message, then the message will be split into multiple messages,
each of which have at most
.i N
recipients.
.pp
Notice: if multiple queue groups are used, do
.b not
move queue files around, e.g., into a different queue directory.
This may have weird effects and can cause mail not to be delivered.
Queue files and directories should be treated as opaque
and should not be manipulated directly.
.sh 3 "Queue Runs"
.pp
.i sendmail
has two different ways to process the queue(s).
The first one is to start queue runners after certain intervals
(``normal'' queue runners),
the second one is to keep queue runner processes around
(``persistent'' queue runners).
How to select either of these types is discussed in the appendix
``COMMAND LINE FLAGS''.
Persistent queue runners have the advantage that no new processes
need to be spawned at certain intervals; they just sleep for
a specified time after they finished a queue run.
Another advantage of persistent queue runners is that only one process
belonging to a workgroup (a workgroup is a set of queue groups)
collects the data for a queue run
and then multiple queue runner may go ahead using that data.
This can significantly reduce the disk I/O necessary to read the
queue files compared to starting multiple queue runners directly.
Their disadvantage is that a new queue run is only started
after all queue runners belonging to a group finished their tasks.
In case one of the queue runners tries delivery to a slow recipient site
at the end of a queue run, the next queue run may be substantially delayed.
In general this should be smoothed out due to the distribution of
those slow jobs, however, for sites with small number of
-queue entries this might introduce noticable delays.
+queue entries this might introduce noticeable delays.
In general, persistent queue runners are only useful for
sites with big queues.
.sh 3 "Manual Intervention"
.pp
Under normal conditions the mail queue will be processed transparently.
However, you may find that manual intervention is sometimes necessary.
For example,
if a major host is down for a period of time
the queue may become clogged.
Although
.i sendmail
ought to recover gracefully when the host comes up,
you may find performance unacceptably bad in the meantime.
In that case you want to check the content of the queue
and manipulate it as explained in the next two sections.
.sh 3 "Printing the queue"
.pp
The contents of the queue(s) can be printed
using the
.i mailq
command
(or by specifying the
.b \-bp
flag to
.i sendmail ):
.(b
mailq
.)b
This will produce a listing of the queue id's,
the size of the message,
the date the message entered the queue,
and the sender and recipients.
If shared memory support is compiled in,
the flag
.b \-bP
can be used to print the number of entries in the queue(s),
provided a process updates the data.
However, as explained earlier, the output might be slightly wrong,
since access to the shared memory is not locked.
For example,
``unknown number of entries''
might be shown.
The internal counters are updated after each queue run
to the correct value again.
.sh 3 "Forcing the queue"
.pp
.i Sendmail
should run the queue automatically at intervals.
When using multiple queues,
a separate process will by default be created to
run each of the queues
unless the queue run is initiated by a user
with the verbose flag.
The algorithm is to read and sort the queue,
and then to attempt to process all jobs in order.
When it attempts to run the job,
.i sendmail
first checks to see if the job is locked.
If so, it ignores the job.
.pp
There is no attempt to insure that only one queue processor
exists at any time,
since there is no guarantee that a job cannot take forever
to process
(however,
.i sendmail
does include heuristics to try to abort jobs
that are taking absurd amounts of time;
technically, this violates RFC 821, but is blessed by RFC 1123).
Due to the locking algorithm,
it is impossible for one job to freeze the entire queue.
However,
an uncooperative recipient host
or a program recipient
that never returns
can accumulate many processes in your system.
Unfortunately,
there is no completely general way to solve this.
.pp
In some cases,
you may find that a major host going down
for a couple of days
may create a prohibitively large queue.
This will result in
.i sendmail
spending an inordinate amount of time
sorting the queue.
This situation can be fixed by moving the queue to a temporary place
and creating a new queue.
The old queue can be run later when the offending host returns to service.
.pp
To do this,
it is acceptable to move the entire queue directory:
.(b
cd /var/spool
mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue
.)b
You should then kill the existing daemon
(since it will still be processing in the old queue directory)
and create a new daemon.
.pp
To run the old mail queue, issue the following command:
.(b
/usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
.)b
The
.b \-C
flag specifies an alternate configuration file
.b queue.cf
which should refer to the moved queue directory
.(b
O QueueDirectory=/var/spool/omqueue
.)b
and the
.b \-q
flag says to just run every job in the queue.
You can also specify the moved queue directory on the command line
.(b
/usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
.)b
but this requires that you do not have
queue groups in the configuration file,
because those are not subdirectories of the moved directory.
See the section about ``Queue Group Declaration'' for details;
you most likely need a different configuration file to correctly deal
with this problem.
However, a proper configuration of queue groups should avoid
filling up queue directories, so you shouldn't run into
this problem.
If you have a tendency toward voyeurism,
you can use the
.b \-v
flag to watch what is going on.
.pp
When the queue is finally emptied,
you can remove the directory:
.(b
rmdir /var/spool/omqueue
.)b
.sh 3 "Quarantined Queue Items"
.pp
It is possible to "quarantine" mail messages,
otherwise known as envelopes.
Envelopes (queue files) are stored but not considered for delivery or
display unless the "quarantine" state of the envelope is undone or
delivery or display of quarantined items is requested.
Quarantined messages are tagged by using a different name for the queue
file, 'hf' instead of 'qf', and by adding the quarantine reason to the
queue file.
.pp
Delivery or display of quarantined items can be requested using the
.b \-qQ
flag to
.i sendmail
or
.i mailq .
Additionally, messages already in the queue can be quarantined or
unquarantined using the new
.b \-Q
flag to sendmail.
For example,
.(b
sendmail -Qreason -q[!][I|R|S][matchstring]
.)b
Quarantines the normal queue items matching the criteria specified by the
.b "-q[!][I|R|S][matchstring]"
using the reason given on the
.b \-Q
flag.
Likewise,
.(b
sendmail -qQ -Q[reason] -q[!][I|R|S|Q][matchstring]
.)b
Change the quarantine reason for the quarantined items matching the
criteria specified by the
.b "-q[!][I|R|S|Q][matchstring]"
using the reason given on the
.b \-Q
flag.
If there is no reason,
unquarantine the matching items and make them normal queue items.
Note that the
.b \-qQ
flag tells sendmail to operate on quarantined items instead of normal items.
.sh 2 "Disk Based Connection Information"
.pp
.i Sendmail
stores a large amount of information about each remote system it
has connected to in memory. It is possible to preserve some
of this information on disk as well, by using the
.b HostStatusDirectory
option, so that it may be shared between several invocations of
.i sendmail .
This allows mail to be queued immediately or skipped during a queue run if
there has been a recent failure in connecting to a remote machine.
Note: information about a remote system is stored in a file
whose pathname consists of the components of the hostname in reverse order.
For example, the information for
.b host.example.com
is stored in
.b com./example./host .
For top-level domains like
.b com
this can create a large number of subdirectories
which on some filesystems can exhaust some limits.
Moreover, the performance of lookups in directory with thousands of entries
can be fairly slow depending on the filesystem implementation.
.pp
Additionally enabling
.b SingleThreadDelivery
has the added effect of single-threading mail delivery to a destination.
This can be quite helpful
if the remote machine is running an SMTP server that is easily overloaded
or cannot accept more than a single connection at a time,
but can cause some messages to be punted to a future queue run.
It also applies to
.i all
hosts, so setting this because you have one machine on site
that runs some software that is easily overrun
can cause mail to other hosts to be slowed down.
If this option is set,
you probably want to set the
.b MinQueueAge
option as well and run the queue fairly frequently;
this way jobs that are skipped because another
.i sendmail
is talking to the same host will be tried again quickly
rather than being delayed for a long time.
.pp
The disk based host information is stored in a subdirectory of the
.b mqueue
directory called
.b \&.hoststat \**.
.(f
\**This is the usual value of the
.b HostStatusDirectory
option;
it can, of course, go anywhere you like in your filesystem.
.)f
Removing this directory and its subdirectories has an effect similar to
the
.i purgestat
command and is completely safe.
However,
.i purgestat
only removes expired (Timeout.hoststatus) data.
The information in these directories can
be perused with the
.i hoststat
command, which will indicate the host name, the last access, and the
status of that access.
An asterisk in the left most column indicates that a
.i sendmail
process currently has the host locked for mail delivery.
.pp
The disk based connection information is treated the same way as memory based
connection information for the purpose of timeouts.
By default, information about host failures is valid for 30 minutes.
This can be adjusted with
the
.b Timeout.hoststatus
option.
.pp
The connection information stored on disk may be expired at any time
with the
.i purgestat
command or by invoking sendmail with the
.b \-bH
switch.
The connection information may be viewed with the
.i hoststat
command or by invoking sendmail with the
.b \-bh
switch.
.sh 2 "The Service Switch"
.pp
The implementation of certain system services
such as host and user name lookup
is controlled by the service switch.
If the host operating system supports such a switch,
and sendmail knows about it,
.i sendmail
will use the native version.
Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
.(f
\**HP-UX 10 has service switch support,
but since the APIs are apparently not available in the libraries
.i sendmail
does not use the native service switch in this release.
.)f
.pp
If the underlying operating system does not support a service switch
(e.g., SunOS 4.X, HP-UX, BSD)
then
.i sendmail
will provide a stub implementation.
The
.b ServiceSwitchFile
option points to the name of a file that has the service definitions.
Each line has the name of a service
and the possible implementations of that service.
For example, the file:
.(b
hosts dns files nis
aliases files nis
.)b
will ask
.i sendmail
to look for hosts in the Domain Name System first.
If the requested host name is not found, it tries local files,
and if that fails it tries NIS.
Similarly, when looking for aliases
it will try the local files first followed by NIS.
.pp
Notice: since
.i sendmail
must access MX records for correct operation, it will use
DNS if it is configured in the
.b ServiceSwitchFile
file.
Hence an entry like
.(b
hosts files dns
.)b
will not avoid DNS lookups even if a host can be found
in /etc/hosts.
.pp
Service switches are not completely integrated.
For example, despite the fact that the host entry listed in the above example
specifies to look in NIS,
on SunOS this won't happen because the system implementation of
.i gethostbyname \|(3)
doesn't understand this.
.sh 2 "The Alias Database"
.pp
After recipient addresses are read from the SMTP connection
or command line
they are parsed by ruleset 0,
which must resolve to a
{\c
.i mailer ,
.i host ,
.i address }
triple.
If the flags selected by the
.i mailer
include the
.b A
(aliasable) flag,
the
.i address
part of the triple is looked up as the key
(i.e., the left hand side)
in the alias database.
If there is a match, the address is deleted from the send queue
and all addresses on the right hand side of the alias
are added in place of the alias that was found.
This is a recursive operation,
so aliases found in the right hand side of the alias
are similarly expanded.
.pp
The alias database exists in two forms.
One is a text form,
maintained in the file
.i /etc/mail/aliases.
The aliases are of the form
.(b
name: name1, name2, ...
.)b
Only local names may be aliased;
e.g.,
.(b
eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
.)b
will not have the desired effect
(except on prep.ai.MIT.EDU,
and they probably don't want me)\**.
.(f
\**Actually, any mailer that has the `A' mailer flag set
will permit aliasing;
this is normally limited to the local mailer.
.)f
Aliases may be continued by starting any continuation lines
with a space or a tab or by putting a backslash directly before
the newline.
Blank lines and lines beginning with a sharp sign
(\c
.q # )
are comments.
.pp
The second form is processed by the
.i ndbm \|(3)\**
.(f
\**The
.i gdbm
package does not work.
.)f
or the Berkeley DB library.
This form is in the file
.i /etc/mail/aliases.db
(if using NEWDB)
or
.i /etc/mail/aliases.dir
and
.i /etc/mail/aliases.pag
(if using NDBM).
This is the form that
.i sendmail
actually uses to resolve aliases.
This technique is used to improve performance.
.pp
The control of search order is actually set by the service switch.
Essentially, the entry
.(b
O AliasFile=switch:aliases
.)b
is always added as the first alias entry;
also, the first alias file name without a class
(e.g., without
.q nis:
on the front)
will be used as the name of the file for a ``files'' entry
in the aliases switch.
For example, if the configuration file contains
.(b
O AliasFile=/etc/mail/aliases
.)b
and the service switch contains
.(b
aliases nis files nisplus
.)b
then aliases will first be searched in the NIS database,
then in /etc/mail/aliases,
then in the NIS+ database.
.pp
You can also use
.sm NIS -based
alias files.
For example, the specification:
.(b
O AliasFile=/etc/mail/aliases
O AliasFile=nis:mail.aliases@my.nis.domain
.)b
will first search the /etc/mail/aliases file
and then the map named
.q mail.aliases
in
.q my.nis.domain .
Warning: if you build your own
.sm NIS -based
alias files,
be sure to provide the
.b \-l
flag to
.i makedbm (8)
to map upper case letters in the keys to lower case;
otherwise, aliases with upper case letters in their names
won't match incoming addresses.
.pp
Additional flags can be added after the colon
exactly like a
.b K
line \(em for example:
.(b
O AliasFile=nis:\-N mail.aliases@my.nis.domain
.)b
will search the appropriate NIS map and always include null bytes in the key.
Also:
.(b
O AliasFile=nis:\-f mail.aliases@my.nis.domain
.)b
will prevent sendmail from downcasing the key before the alias lookup.
.sh 3 "Rebuilding the alias database"
.pp
The
.i hash
or
.i dbm
version of the database
may be rebuilt explicitly by executing the command
.(b
newaliases
.)b
This is equivalent to giving
.i sendmail
the
.b \-bi
flag:
.(b
/usr/\*(SD/sendmail \-bi
.)b
.pp
If you have multiple aliases databases specified,
the
.b \-bi
flag rebuilds all the database types it understands
(for example, it can rebuild NDBM databases but not NIS databases).
.sh 3 "Potential problems"
.pp
There are a number of problems that can occur
with the alias database.
They all result from a
.i sendmail
process accessing the DBM version
while it is only partially built.
This can happen under two circumstances:
One process accesses the database
while another process is rebuilding it,
or the process rebuilding the database dies
(due to being killed or a system crash)
before completing the rebuild.
.pp
Sendmail has three techniques to try to relieve these problems.
First, it ignores interrupts while rebuilding the database;
this avoids the problem of someone aborting the process
leaving a partially rebuilt database.
Second,
it locks the database source file during the rebuild \(em
but that may not work over NFS or if the file is unwritable.
Third,
at the end of the rebuild
it adds an alias of the form
.(b
@: @
.)b
(which is not normally legal).
Before
.i sendmail
will access the database,
it checks to insure that this entry exists\**.
.(f
\**The
.b AliasWait
option is required in the configuration
for this action to occur.
This should normally be specified.
.)f
.sh 3 "List owners"
.pp
If an error occurs on sending to a certain address,
say
.q \fIx\fP ,
.i sendmail
will look for an alias
of the form
.q owner-\fIx\fP
to receive the errors.
This is typically useful
for a mailing list
where the submitter of the list
has no control over the maintenance of the list itself;
in this case the list maintainer would be the owner of the list.
For example:
.(b
unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
sam@matisse
owner-unix-wizards: unix-wizards-request
unix-wizards-request: eric@ucbarpa
.)b
would cause
.q eric@ucbarpa
to get the error that will occur
when someone sends to
unix-wizards
due to the inclusion of
.q nosuchuser
on the list.
.pp
List owners also cause the envelope sender address to be modified.
The contents of the owner alias are used if they point to a single user,
otherwise the name of the alias itself is used.
For this reason, and to obey Internet conventions,
the
.q owner-
address normally points at the
.q -request
address; this causes messages to go out with the typical Internet convention
of using ``\c
.i list -request''
as the return address.
.sh 2 "User Information Database"
.pp
This option is deprecated, use virtusertable and genericstable instead
as explained in
.i cf/README .
If you have a version of
.i sendmail
with the user information database
compiled in,
and you have specified one or more databases using the
.b U
option,
the databases will be searched for a
.i user :maildrop
entry.
If found, the mail will be sent to the specified address.
.sh 2 "Per-User Forwarding (.forward Files)"
.pp
As an alternative to the alias database,
any user may put a file with the name
.q .forward
in his or her home directory.
If this file exists,
.i sendmail
redirects mail for that user
to the list of addresses listed in the .forward file.
Note that aliases are fully expanded before forward files are referenced.
For example, if the home directory for user
.q mckusick
has a .forward file with contents:
.(b
mckusick@ernie
kirk@calder
.)b
then any mail arriving for
.q mckusick
will be redirected to the specified accounts.
.pp
Actually, the configuration file defines a sequence of filenames to check.
By default, this is the user's .forward file,
but can be defined to be more generally using the
.b ForwardPath
option.
If you change this,
you will have to inform your user base of the change;
\&.forward is pretty well incorporated into the collective subconscious.
.sh 2 "Special Header Lines"
.pp
Several header lines have special interpretations
defined by the configuration file.
Others have interpretations built into
.i sendmail
that cannot be changed without changing the code.
These built-ins are described here.
.sh 3 "Errors-To:"
.pp
If errors occur anywhere during processing,
this header will cause error messages to go to
the listed addresses.
This is intended for mailing lists.
.pp
The Errors-To: header was created in the bad old days
when UUCP didn't understand the distinction between an envelope and a header;
this was a hack to provide what should now be passed
as the envelope sender address.
It should go away.
It is only used if the
.b UseErrorsTo
option is set.
.pp
The Errors-To: header is officially deprecated
and will go away in a future release.
.sh 3 "Apparently-To:"
.pp
RFC 822 requires at least one recipient field
(To:, Cc:, or Bcc: line)
in every message.
If a message comes in with no recipients listed in the message
then
.i sendmail
will adjust the header based on the
.q NoRecipientAction
option.
One of the possible actions is to add an
.q "Apparently-To:"
header line for any recipients it is aware of.
.pp
The Apparently-To: header is non-standard
and is both deprecated and strongly discouraged.
.sh 3 "Precedence"
.pp
The Precedence: header can be used as a crude control of message priority.
It tweaks the sort order in the queue
and can be configured to change the message timeout values.
The precedence of a message also controls how
delivery status notifications (DSNs)
are processed for that message.
.sh 2 "IDENT Protocol Support"
.pp
.i Sendmail
supports the IDENT protocol as defined in RFC 1413.
Note that the RFC states
a client should wait at least 30 seconds for a response.
The default Timeout.ident is 5 seconds
as many sites have adopted the practice of dropping IDENT queries.
This has lead to delays processing mail.
Although this enhances identification
of the author of an email message
by doing a ``call back'' to the originating system to include
the owner of a particular TCP connection
in the audit trail
it is in no sense perfect;
a determined forger can easily spoof the IDENT protocol.
The following description is excerpted from RFC 1413:
.ba +5
.lp
6. Security Considerations
.lp
The information returned by this protocol is at most as trustworthy
as the host providing it OR the organization operating the host. For
example, a PC in an open lab has few if any controls on it to prevent
a user from having this protocol return any identifier the user
wants. Likewise, if the host has been compromised the information
returned may be completely erroneous and misleading.
.lp
The Identification Protocol is not intended as an authorization or
access control protocol. At best, it provides some additional
auditing information with respect to TCP connections. At worst, it
can provide misleading, incorrect, or maliciously incorrect
information.
.lp
The use of the information returned by this protocol for other than
auditing is strongly discouraged. Specifically, using Identification
Protocol information to make access control decisions - either as the
primary method (i.e., no other checks) or as an adjunct to other
methods may result in a weakening of normal host security.
.lp
An Identification server may reveal information about users,
entities, objects or processes which might normally be considered
private. An Identification server provides service which is a rough
analog of the CallerID services provided by some phone companies and
many of the same privacy considerations and arguments that apply to
the CallerID service apply to Identification. If you wouldn't run a
"finger" server due to privacy considerations you may not want to run
this protocol.
.ba
.lp
In some cases your system may not work properly with IDENT support
due to a bug in the TCP/IP implementation.
The symptoms will be that for some hosts
the SMTP connection will be closed
almost immediately.
If this is true or if you do not want to use IDENT,
you should set the IDENT timeout to zero;
this will disable the IDENT protocol.
.sh 1 "ARGUMENTS"
.pp
The complete list of arguments to
.i sendmail
is described in detail in Appendix A.
Some important arguments are described here.
.sh 2 "Queue Interval"
.pp
The amount of time between forking a process
to run through the queue is defined by the
.b \-q
flag.
If you run with delivery mode set to
.b i
or
.b b
this can be relatively large, since it will only be relevant
when a host that was down comes back up.
If you run in
.b q
mode it should be relatively short,
since it defines the maximum amount of time that a message
may sit in the queue.
(See also the MinQueueAge option.)
.pp
RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
(although that probably doesn't make sense if you use ``queue-only'' mode).
.pp
Notice: the meaning of the interval time depends on whether normal
queue runners or persistent queue runners are used.
For the former, it is the time between subsequent starts of a queue run.
For the latter, it is the time sendmail waits after a persistent queue
runner has finished its work to start the next one.
Hence for persistent queue runners this interval should be very low,
typically no more than two minutes.
.sh 2 "Daemon Mode"
.pp
If you allow incoming mail over an IPC connection,
you should have a daemon running.
This should be set by your
.i /etc/rc
file using the
.b \-bd
flag.
The
.b \-bd
flag and the
.b \-q
flag may be combined in one call:
.(b
/usr/\*(SD/sendmail \-bd \-q30m
.)b
.pp
An alternative approach is to invoke sendmail from
.i inetd (8)
(use the
.b \-bs \ \-Am
flags to ask sendmail to speak SMTP on its standard input and output
and to run as MTA).
This works and allows you to wrap
.i sendmail
in a TCP wrapper program,
but may be a bit slower since the configuration file
has to be re-read on every message that comes in.
If you do this, you still need to have a
.i sendmail
running to flush the queue:
.(b
/usr/\*(SD/sendmail \-q30m
.)b
.sh 2 "Forcing the Queue"
.pp
In some cases you may find that the queue has gotten clogged for some reason.
You can force a queue run
using the
.b \-q
flag (with no value).
It is entertaining to use the
.b \-v
flag (verbose)
when this is done to watch what happens:
.(b
/usr/\*(SD/sendmail \-q \-v
.)b
.pp
You can also limit the jobs to those with a particular queue identifier,
recipient, sender, quarantine reason, or queue group
using one of the queue modifiers.
For example,
.q \-qRberkeley
restricts the queue run to jobs that have the string
.q berkeley
somewhere in one of the recipient addresses.
Similarly,
.q \-qSstring
limits the run to particular senders,
.q \-qIstring
limits it to particular queue identifiers, and
.q \-qQstring
limits it to particular quarantined reasons and only operated on
quarantined queue items, and
.q \-qGstring
limits it to a particular queue group.
The named queue group will be run even if it is set to have 0 runners.
You may also place an
.b !
before the
.b I
or
.b R
or
.b S
or
.b Q
to indicate that jobs are limited to not including a particular queue
identifier, recipient or sender.
For example,
.q \-q!Rseattle
limits the queue run to jobs that do not have the string
.q seattle
somewhere in one of the recipient addresses.
Should you need to terminate the queue jobs currently active then a SIGTERM
to the parent of the process (or processes) will cleanly stop the jobs.
.sh 2 "Debugging"
.pp
There are a fairly large number of debug flags
built into
.i sendmail .
Each debug flag has a category and a level.
Higher levels increase the level of debugging activity;
in most cases, this means to print out more information.
The convention is that levels greater than nine are
.q absurd,
i.e.,
they print out so much information that you wouldn't normally
want to see them except for debugging that particular piece of code.
.pp
You should
.b never
run a production sendmail server in debug mode.
Many of the debug flags will result in debug output being sent over the
SMTP channel unless the option
.b \-D
is used.
This will confuse many mail programs.
However, for testing purposes, it can be useful
when sending mail manually via
telnet to the port you are using while debugging.
.pp
A debug category is either an integer, like 42,
or a name, like ANSI.
You can specify a range of numeric debug categories
using the syntax 17-42.
You can specify a set of named debug categories using
a glob pattern like
.q sm_trace_* .
At present, only
.q *
and
.q ?
are supported in these glob patterns.
.pp
Debug flags are set using the
.b \-d
option;
the syntax is:
.(b
.ta \w'debug-categories:M 'u
debug-flag: \fB\-d\fP debug-list
debug-list: debug-option [ , debug-option ]*
debug-option: debug-categories [ . debug-level ]
debug-categories: integer | integer \- integer | category-pattern
category-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]*
debug-level: integer
.)b
where spaces are for reading ease only.
For example,
.(b
\-d12 Set category 12 to level 1
\-d12.3 Set category 12 to level 3
\-d3\-17 Set categories 3 through 17 to level 1
\-d3\-17.4 Set categories 3 through 17 to level 4
\-dANSI Set category ANSI to level 1
\-dsm_trace_*.3 Set all named categories matching sm_trace_* to level 3
.)b
For a complete list of the available debug flags
you will have to look at the code
and the
.i TRACEFLAGS
file in the sendmail distribution
(they are too dynamic to keep this document up to date).
For a list of named debug categories in the sendmail binary, use
.(b
ident /usr/sbin/sendmail | grep Debug
.)b
.sh 2 "Changing the Values of Options"
.pp
Options can be overridden using the
.b \-o
or
.b \-O
command line flags.
For example,
.(b
/usr/\*(SD/sendmail \-oT2m
.)b
sets the
.b T
(timeout) option to two minutes
for this run only;
the equivalent line using the long option name is
.(b
/usr/\*(SD/sendmail -OTimeout.queuereturn=2m
.)b
.pp
Some options have security implications.
Sendmail allows you to set these,
but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
.(f
\**That is, it sets its effective uid to the real uid;
thus, if you are executing as root,
as from root's crontab file or during system startup
the root permissions will still be honored.
.)f
.sh 2 "Trying a Different Configuration File"
.pp
An alternative configuration file
can be specified using the
.b \-C
flag; for example,
.(b
/usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
.)b
uses the configuration file
.i test.cf
instead of the default
.i /etc/mail/sendmail.cf.
If the
.b \-C
flag has no value
it defaults to
.i sendmail.cf
in the current directory.
.pp
.i Sendmail
gives up set-user-ID root permissions
(if it has been installed set-user-ID root)
when you use this flag, so it is common to use a publicly writable directory
(such as /tmp)
as the queue directory (QueueDirectory or Q option) while testing.
.sh 2 "Logging Traffic"
.pp
Many SMTP implementations do not fully implement the protocol.
For example, some personal computer based SMTPs
do not understand continuation lines in reply codes.
These can be very hard to trace.
If you suspect such a problem, you can set traffic logging using the
.b \-X
flag.
For example,
.(b
/usr/\*(SD/sendmail \-X /tmp/traffic \-bd
.)b
will log all traffic in the file
.i /tmp/traffic .
.pp
This logs a lot of data very quickly and should
.b NEVER
be used
during normal operations.
After starting up such a daemon,
force the errant implementation to send a message to your host.
All message traffic in and out of
.i sendmail ,
including the incoming SMTP traffic,
will be logged in this file.
.sh 2 "Testing Configuration Files"
.pp
When you build a configuration table,
you can do a certain amount of testing
using the
.q "test mode"
of
.i sendmail .
For example,
you could invoke
.i sendmail
as:
.(b
sendmail \-bt \-Ctest.cf
.)b
which would read the configuration file
.q test.cf
and enter test mode.
In this mode,
you enter lines of the form:
.(b
rwset address
.)b
where
.i rwset
is the rewriting set you want to use
and
.i address
is an address to apply the set to.
Test mode shows you the steps it takes
as it proceeds,
finally showing you the address it ends up with.
You may use a comma separated list of rwsets
for sequential application of rules to an input.
For example:
.(b
3,1,21,4 monet:bollard
.)b
first applies ruleset three to the input
.q monet:bollard.
Ruleset one is then applied to the output of ruleset three,
followed similarly by rulesets twenty-one and four.
.pp
If you need more detail,
you can also use the
.q \-d21
flag to turn on more debugging.
For example,
.(b
sendmail \-bt \-d21.99
.)b
turns on an incredible amount of information;
a single word address
is probably going to print out several pages worth of information.
.pp
You should be warned that internally,
.i sendmail
applies ruleset 3 to all addresses.
In test mode
you will have to do that manually.
For example, older versions allowed you to use
.(b
0 bruce@broadcast.sony.com
.)b
This version requires that you use:
.(b
3,0 bruce@broadcast.sony.com
.)b
.pp
As of version 8.7,
some other syntaxes are available in test mode:
.nr ii 1i
.ip \&.D\|x\|value
defines macro
.i x
to have the indicated
.i value .
This is useful when debugging rules that use the
.b $& \c
.i x
syntax.
.ip \&.C\|c\|value
adds the indicated
.i value
to class
.i c .
.ip \&=S\|ruleset
dumps the contents of the indicated ruleset.
.ip \-d\|debug-spec
is equivalent to the command-line flag.
.lp
Version 8.9 introduced more features:
.nr ii 1i
.ip ?
shows a help message.
.ip =M
display the known mailers.
.ip $m
print the value of macro m.
.ip $=c
print the contents of class c.
.ip /mx\ host
returns the MX records for `host'.
.ip /parse\ address
parse address, returning the value of
.i crackaddr ,
and the parsed address.
.ip /try\ mailer\ addr
rewrite address into the form it will have when
presented to the indicated mailer.
.ip /tryflags\ flags
set flags used by parsing. The flags can be `H' for
Header or `E' for Envelope, and `S' for Sender or `R'
for Recipient. These can be combined, `HR' sets
flags for header recipients.
.ip /canon\ hostname
try to canonify hostname.
.ip /map\ mapname\ key
look up `key' in the indicated `mapname'.
.ip /quit
quit address test mode.
.lp
.sh 2 "Persistent Host Status Information"
.pp
When
.b HostStatusDirectory
is enabled,
information about the status of hosts is maintained on disk
and can thus be shared between different instantiations of
.i sendmail .
The status of the last connection with each remote host
may be viewed with the command:
.(b
sendmail \-bh
.)b
This information may be flushed with the command:
.(b
sendmail \-bH
.)b
Flushing the information prevents new
.i sendmail
processes from loading it,
but does not prevent existing processes from using the status information
that they already have.
.sh 1 "TUNING"
.pp
There are a number of configuration parameters
you may want to change,
depending on the requirements of your site.
Most of these are set
using an option in the configuration file.
For example,
the line
.q "O Timeout.queuereturn=5d"
sets option
.q Timeout.queuereturn
to the value
.q 5d
(five days).
.pp
Most of these options have appropriate defaults for most sites.
However,
sites having very high mail loads may find they need to tune them
as appropriate for their mail load.
In particular,
sites experiencing a large number of small messages,
many of which are delivered to many recipients,
may find that they need to adjust the parameters
dealing with queue priorities.
.pp
All versions of
.i sendmail
prior to 8.7
had single character option names.
As of 8.7,
options have long (multi-character names).
Although old short names are still accepted,
most new options do not have short equivalents.
.pp
This section only describes the options you are most likely
to want to tweak;
read section
.\"XREF
5
for more details.
.sh 2 "Timeouts"
.pp
All time intervals are set
using a scaled syntax.
For example,
.q 10m
represents ten minutes, whereas
.q 2h30m
represents two and a half hours.
The full set of scales is:
.(b
.ta 4n
s seconds
m minutes
h hours
d days
w weeks
.)b
.sh 3 "Queue interval"
.pp
The argument to the
.b \-q
flag specifies how often a sub-daemon will run the queue.
This is typically set to between fifteen minutes and one hour.
If not set, or set to zero,
the queue will not be run automatically.
RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
Should you need to terminate the queue jobs currently active then a SIGTERM
to the parent of the process (or processes) will cleanly stop the jobs.
.sh 3 "Read timeouts"
.pp
Timeouts all have option names
.q Timeout.\fIsuboption\fP .
Most of these control SMTP operations.
The recognized
.i suboption s,
their default values, and the minimum values
allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are:
.nr ii 1i
.ip connect
The time to wait for an SMTP connection to open
(the
.i connect (2)
system call)
[0, unspecified].
If zero, uses the kernel default.
In no case can this option extend the timeout
longer than the kernel provides, but it can shorten it.
This is to get around kernels that provide an absurdly long connection timeout
(90 minutes in one case).
.ip iconnect
The same as
.i connect,
except it applies only to the initial attempt to connect to a host
for a given message
[0, unspecified].
The concept is that this should be very short (a few seconds);
hosts that are well connected and responsive will thus be serviced immediately.
Hosts that are slow will not hold up other deliveries in the initial
delivery attempt.
.ip aconnect
[0, unspecified]
The overall timeout waiting for all connection for a single delivery
attempt to succeed.
If 0, no overall limit is applied.
This can be used to restrict the total amount of time trying to connect to
a long list of host that could accept an e-mail for the recipient.
This timeout does not apply to
.b FallbackMXhost ,
i.e., if the time is exhausted, the
.b FallbackMXhost
is tried next.
.ip initial
The wait for the initial 220 greeting message
[5m, 5m].
.ip helo
The wait for a reply from a HELO or EHLO command
[5m, unspecified].
This may require a host name lookup, so
five minutes is probably a reasonable minimum.
.ip mail\(dg
The wait for a reply from a MAIL command
[10m, 5m].
.ip rcpt\(dg
The wait for a reply from a RCPT command
[1h, 5m].
This should be long
because it could be pointing at a list
that takes a long time to expand
(see below).
.ip datainit\(dg
The wait for a reply from a DATA command
[5m, 2m].
.ip datablock\(dg\(dd
The wait for reading a data block
(that is, the body of the message).
[1h, 3m].
This should be long because it also applies to programs
piping input to
.i sendmail
which have no guarantee of promptness.
.ip datafinal\(dg
The wait for a reply from the dot terminating a message.
[1h, 10m].
If this is shorter than the time actually needed
for the receiver to deliver the message,
duplicates will be generated.
This is discussed in RFC 1047.
.ip rset
The wait for a reply from a RSET command
[5m, unspecified].
.ip quit
The wait for a reply from a QUIT command
[2m, unspecified].
.ip misc
The wait for a reply from miscellaneous (but short) commands
such as NOOP (no-operation) and VERB (go into verbose mode).
[2m, unspecified].
.ip command\(dg\(dd
In server SMTP,
the time to wait for another command.
[1h, 5m].
.ip ident\(dd
The timeout waiting for a reply to an IDENT query
[5s\**, unspecified].
.(f
\**On some systems the default is zero to turn the protocol off entirely.
.)f
.ip lhlo
The wait for a reply to an LMTP LHLO command
[2m, unspecified].
.ip auth
The timeout for a reply in an SMTP AUTH dialogue
[10m, unspecified].
.ip starttls
The timeout for a reply to an SMTP STARTTLS command and the TLS handshake
[1h, unspecified].
.ip fileopen\(dd
The timeout for opening .forward and :include: files [60s, none].
.ip control\(dd
The timeout for a complete control socket transaction to complete [2m, none].
.ip hoststatus\(dd
How long status information about a host
(e.g., host down)
will be cached before it is considered stale
[30m, unspecified].
.ip resolver.retrans\(dd
The resolver's
retransmission time interval
(in seconds)
[varies].
Sets both
.i Timeout.resolver.retrans.first
and
.i Timeout.resolver.retrans.normal .
.ip resolver.retrans.first\(dd
The resolver's
retransmission time interval
(in seconds)
for the first attempt to
deliver a message
[varies].
.ip resolver.retrans.normal\(dd
The resolver's
retransmission time interval
(in seconds)
for all resolver lookups
except the first delivery attempt
[varies].
.ip resolver.retry\(dd
The number of times
to retransmit a resolver query.
Sets both
.i Timeout.resolver.retry.first
and
.i Timeout.resolver.retry.normal
[varies].
.ip resolver.retry.first\(dd
The number of times
to retransmit a resolver query
for the first attempt
to deliver a message
[varies].
.ip resolver.retry.normal\(dd
The number of times
to retransmit a resolver query
for all resolver lookups
except the first delivery attempt
[varies].
.lp
For compatibility with old configuration files,
if no
.i suboption
is specified,
all the timeouts marked with
.DG
(\(dg) are set to the indicated value.
All but those marked with
.DD
(\(dd) apply to client SMTP.
.pp
For example, the lines:
.(b
O Timeout.command=25m
O Timeout.datablock=3h
.)b
sets the server SMTP command timeout to 25 minutes
and the input data block timeout to three hours.
.sh 3 "Message timeouts"
.pp
After sitting in the queue for a few days,
an undeliverable message will time out.
This is to insure that at least the sender is aware
of the inability to send a message.
The timeout is typically set to five days.
It is sometimes considered convenient to also send a warning message
if the message is in the queue longer than a few hours
(assuming you normally have good connectivity;
if your messages normally took several hours to send
you wouldn't want to do this because it wouldn't be an unusual event).
These timeouts are set using the
.b Timeout.queuereturn
and
.b Timeout.queuewarn
options in the configuration file
(previously both were set using the
.b T
option).
.pp
If the message is submitted using the
.sm NOTIFY
.sm SMTP
extension,
warning messages will only be sent if
.sm NOTIFY=DELAY
is specified.
The queuereturn and queuewarn timeouts
can be further qualified with a tag based on the Precedence: field
in the message;
they must be one of
.q urgent
(indicating a positive non-zero precedence),
.q normal
(indicating a zero precedence), or
.q non-urgent
(indicating negative precedences).
For example, setting
.q Timeout.queuewarn.urgent=1h
sets the warning timeout for urgent messages only
to one hour.
The default if no precedence is indicated
is to set the timeout for all precedences.
If the message has a normal (default) precedence
and it is a delivery status notification (DSN),
.b Timeout.queuereturn.dsn
and
.b Timeout.queuewarn.dsn
can be used to give an alternative warn and return time
for DSNs.
The value "now" can be used for
-O Timeout.queuereturn
to return entries immediately during a queue run,
e.g., to bounce messages independent of their time in the queue.
.pp
Since these options are global,
and since you cannot know
.i "a priori"
how long another host outside your domain will be down,
a five day timeout is recommended.
This allows a recipient to fix the problem even if it occurs
at the beginning of a long weekend.
RFC 1123 section 5.3.1.1 says that this parameter
should be ``at least 4\-5 days''.
.pp
The
.b Timeout.queuewarn
value can be piggybacked on the
.b T
option by indicating a time after which
a warning message should be sent;
the two timeouts are separated by a slash.
For example, the line
.(b
OT5d/4h
.)b
causes email to fail after five days,
but a warning message will be sent after four hours.
This should be large enough that the message will have been tried
several times.
.sh 2 "Forking During Queue Runs"
.pp
By setting the
.b ForkEachJob
(\c
.b Y )
option,
.i sendmail
will fork before each individual message
while running the queue.
This option was used with earlier releases to prevent
.i sendmail
from consuming large amounts of memory.
It should no longer be necessary with
.i sendmail
8.12.
If the
.b ForkEachJob
option is not set,
.i sendmail
will keep track of hosts that are down during a queue run,
which can improve performance dramatically.
.pp
If the
.b ForkEachJob
option is set,
.i sendmail
cannot use connection caching.
.sh 2 "Queue Priorities"
.pp
Every message is assigned a priority when it is first instantiated,
consisting of the message size (in bytes)
offset by the message class
(which is determined from the Precedence: header)
times the
.q "work class factor"
and the number of recipients times the
.q "work recipient factor."
The priority is used to order the queue.
Higher numbers for the priority mean that the message will be processed later
when running the queue.
.pp
The message size is included so that large messages are penalized
relative to small messages.
The message class allows users to send
.q "high priority"
messages by including a
.q Precedence:
field in their message;
the value of this field is looked up in the
.b P
lines of the configuration file.
Since the number of recipients affects the amount of load a message presents
to the system,
this is also included into the priority.
.pp
The recipient and class factors
can be set in the configuration file using the
.b RecipientFactor
(\c
.b y )
and
.b ClassFactor
(\c
.b z )
options respectively.
They default to 30000 (for the recipient factor)
and 1800
(for the class factor).
The initial priority is:
.EQ
pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
.EN
(Remember, higher values for this parameter actually mean
that the job will be treated with lower priority.)
.pp
The priority of a job can also be adjusted each time it is processed
(that is, each time an attempt is made to deliver it)
using the
.q "work time factor,"
set by the
.b RetryFactor
(\c
.b Z )
option.
This is added to the priority,
so it normally decreases the precedence of the job,
on the grounds that jobs that have failed many times
will tend to fail again in the future.
The
.b RetryFactor
option defaults to 90000.
.sh 2 "Load Limiting"
.pp
.i Sendmail
can be asked to queue (but not deliver) mail
if the system load average gets too high using the
.b QueueLA
(\c
.b x )
option.
When the load average exceeds the value of the
.b QueueLA
option, the delivery mode is set to
.b q
(queue only) if the
.b QueueFactor
(\c
.b q )
option divided by the difference in the current load average and the
.b QueueLA
option plus one
is less than the priority of the message \(em
that is, the message is queued iff:
.EQ
pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
.EN
The
.b QueueFactor
option defaults to 600000,
so each point of load average is worth 600000 priority points
(as described above).
.pp
For drastic cases, the
.b RefuseLA
(\c
.b X )
option defines a load average at which
.i sendmail
will refuse to accept network connections.
Locally generated mail, i.e., mail which is not submitted via SMTP
(including incoming UUCP mail),
is still accepted.
Notice that the MSP submits mail to the MTA via SMTP, and hence
mail will be queued in the client queue in such a case.
Therefore it is necessary to run the client mail queue periodically.
.sh 2 "Resource Limits"
.pp
.i Sendmail
has several parameters to control resource usage.
-Besides those mentionted in the previous section, there are at least
+Besides those mentioned in the previous section, there are at least
.b MaxDaemonChildren ,
.b ConnectionRateThrottle ,
.b MaxQueueChildren ,
and
.b MaxRunnersPerQueue .
The latter two limit the number of
.i sendmail
processes that operate on the queue.
These are discussed in the section
``Queue Group Declaration''.
The former two can be used to limit the number of incoming connections.
Their appropriate values depend on the host operating system and
the hardware, e.g., amount of memory.
In many situations it might be useful to set limits to prevent
to have too many
.i sendmail
processes, however, these limits can be abused to mount a
denial of service attack.
For example, if
.b MaxDaemonChildren=10
then an attacker needs to open only 10 SMTP sessions to the server,
leave them idle for most of the time,
and no more connections will be accepted.
If this option is set then the timeouts used in a SMTP session
should be lowered from their default values to
their minimum values as specified in RFC 2821 and listed in
section
.\"XREF
4.1.2.
.sh 2 "Measures against Denial of Service Attacks"
.pp
.i Sendmail
has some built-in measures against simple denial of service (DoS) attacks.
The SMTP server by default slows down if too many bad commands are
issued or if some commands are repeated too often within a session.
Details can be found in the source file
.b sendmail/srvrsmtp.c
by looking for the macro definitions of
.b MAXBADCOMMANDS ,
.b MAXNOOPCOMMANDS ,
.b MAXHELOCOMMANDS ,
.b MAXVRFYCOMMANDS ,
and
.b MAXETRNCOMMANDS .
If an SMTP command is issued more often than the corresponding
-.b MAXcmdCOMMANDS
+.b MAXcmdCOMMANDS
value, then the response is delayed exponentially,
starting with a sleep time of one second,
up to a maximum of four minutes (as defined by
.b MAXTIMEOUT ).
If the option
.b MaxDaemonChildren
is set to a value greater than zero,
then this could make a DoS attack even worse since it
keeps a connection open longer than necessary.
Therefore a connection is terminated with a 421 SMTP reply code
if the number of commands exceeds the limit by a factor of two and
-.b MAXBADCOMMANDS
+.b MAXBADCOMMANDS
is set to a value greater than zero (the default is 25).
.sh 2 "Delivery Mode"
.pp
There are a number of delivery modes that
.i sendmail
can operate in,
set by the
.b DeliveryMode
(\c
.b d )
configuration option.
These modes
specify how quickly mail will be delivered.
Legal modes are:
.(b
.ta 4n
i deliver interactively (synchronously)
b deliver in background (asynchronously)
q queue only (don't deliver)
d defer delivery attempts (don't deliver)
.)b
There are tradeoffs.
Mode
.q i
gives the sender the quickest feedback,
but may slow down some mailers and
is hardly ever necessary.
Mode
.q b
delivers promptly but
can cause large numbers of processes
if you have a mailer that takes a long time to deliver a message.
Mode
.q q
minimizes the load on your machine,
but means that delivery may be delayed for up to the queue interval.
Mode
.q d
is identical to mode
.q q
except that it also prevents lookups in maps including the
.b -D
flag from working during the initial queue phase;
it is intended for ``dial on demand'' sites where DNS lookups
might cost real money.
Some simple error messages
(e.g., host unknown during the SMTP protocol)
will be delayed using this mode.
Mode
.q b
is the usual default.
.pp
If you run in mode
.q q
(queue only),
.q d
(defer),
or
.q b
(deliver in background)
.i sendmail
will not expand aliases and follow .forward files
upon initial receipt of the mail.
This speeds up the response to RCPT commands.
Mode
.q i
should not be used by the SMTP server.
.sh 2 "Log Level"
.pp
The level of logging can be set for
.i sendmail .
-The default using a standard configuration table is level 9.
-The levels are as follows:
+The default using a standard configuration is level 9.
+The levels are approximately as follows
+(some log types are using different level depending on various factors):
.nr ii 0.5i
.ip 0
Minimal logging.
.ip 1
Serious system failures and potential security problems.
.ip 2
Lost communications (network problems) and protocol failures.
.ip 3
Other serious failures, malformed addresses, transient forward/include
errors, connection timeouts.
.ip 4
Minor failures, out of date alias databases, connection rejections
via check_ rulesets.
.ip 5
Message collection statistics.
.ip 6
Creation of error messages,
VRFY and EXPN commands.
.ip 7
Delivery failures (host or user unknown, etc.).
.ip 8
Successful deliveries and alias database rebuilds.
.ip 9
Messages being deferred
(due to a host being down, etc.).
.ip 10
Database expansion (alias, forward, and userdb lookups)
and authentication information.
.ip 11
NIS errors and end of job processing.
.ip 12
Logs all SMTP connections.
.ip 13
Log bad user shells, files with improper permissions, and other
questionable situations.
.ip 14
Logs refused connections.
.ip 15
-Log all incoming and outgoing SMTP commands.
+Log all incoming SMTP commands.
.ip 20
Logs attempts to run locked queue files.
These are not errors,
but can be useful to note if your queue appears to be clogged.
.ip 30
Lost locks (only if using lockf instead of flock).
.lp
Additionally,
values above 64 are reserved for extremely verbose debugging output.
No normal site would ever set these.
.sh 2 "File Modes"
.pp
The modes used for files depend on what functionality you want
and the level of security you require.
In many cases
.i sendmail
does careful checking of the modes
of files and directories
to avoid accidental compromise;
if you want to make it possible to have group-writable support files
you may need to use the
.b DontBlameSendmail
option to turn off some of these checks.
.sh 3 "To suid or not to suid?"
.pp
.i Sendmail
is no longer installed
set-user-ID to root.
sendmail/SECURITY
explains how to configure and install
.i sendmail
without set-user-ID to root but set-group-ID
which is the default configuration starting with 8.12.
.pp
The daemon usually runs as root, unless other measures are taken.
At the point where
.i sendmail
is about to
.i exec \|(2)
a mailer,
it checks to see if the userid is zero (root);
if so,
it resets the userid and groupid to a default
(set by the
.b U=
equate in the mailer line;
if that is not set, the
.b DefaultUser
option is used).
This can be overridden
by setting the
.b S
flag to the mailer
for mailers that are trusted
and must be called as root.
However,
this will cause mail processing
to be accounted
(using
.i sa \|(8))
to root
rather than to the user sending the mail.
.pp
A middle ground is to set the
.b RunAsUser
option.
This causes
.i sendmail
to become the indicated user as soon as it has done the startup
that requires root privileges
(primarily, opening the
.sm SMTP
socket).
If you use
.b RunAsUser ,
the queue directory
(normally
.i /var/spool/mqueue )
should be owned by that user,
and all files and databases
(including user
.i \&.forward
files,
alias files,
:include: files,
and external databases)
must be readable by that user.
Also, since sendmail will not be able to change its uid,
delivery to programs or files will be marked as unsafe,
e.g., undeliverable,
in
.i \&.forward ,
aliases,
and :include: files.
Administrators can override this by setting the
.b DontBlameSendmail
option to the setting
.b NonRootSafeAddr .
.b RunAsUser
is probably best suited for firewall configurations
that don't have regular user logins.
If the option is used on a system which performs local delivery,
then the local delivery agent must have the proper permissions
(i.e., usually set-user-ID root)
since it will be invoked by the
.b RunAsUser ,
not by root.
.sh 3 "Turning off security checks"
.pp
.i Sendmail
is very particular about the modes of files that it reads or writes.
For example, by default it will refuse to read most files
that are group writable
on the grounds that they might have been tampered with
by someone other than the owner;
it will even refuse to read files in group writable directories.
Also, sendmail will refuse to create a new aliases database in an
unsafe directory. You can get around this by manually creating the
database file as a trusted user ahead of time and then rebuilding the
aliases database with
.b newaliases .
.pp
If you are
.i quite
sure that your configuration is safe and you want
.i sendmail
to avoid these security checks,
you can turn off certain checks using the
.b DontBlameSendmail
option.
This option takes one or more names that disable checks.
In the descriptions that follow,
.q "unsafe directory"
means a directory that is writable by anyone other than the owner.
The values are:
.nr ii 0.5i
.ip Safe
No special handling.
.ip AssumeSafeChown
Assume that the
.i chown
system call is restricted to root.
Since some versions of UNIX permit regular users
to give away their files to other users on some filesystems,
.i sendmail
often cannot assume that a given file was created by the owner,
particularly when it is in a writable directory.
You can set this flag if you know that file giveaway is restricted
on your system.
.ip ClassFileInUnsafeDirPath
When reading class files (using the
.b F
line in the configuration file),
allow files that are in unsafe directories.
.ip DontWarnForwardFileInUnsafeDirPath
Prevent logging of
unsafe directory path warnings
for non-existent forward files.
.ip ErrorHeaderInUnsafeDirPath
Allow the file named in the
.b ErrorHeader
option to be in an unsafe directory.
.ip FileDeliveryToHardLink
Allow delivery to files that are hard links.
.ip FileDeliveryToSymLink
Allow delivery to files that are symbolic links.
.ip ForwardFileInGroupWritableDirPath
Allow
.i \&.forward
files in group writable directories.
.ip ForwardFileInUnsafeDirPath
Allow
.i \&.forward
files in unsafe directories.
.ip ForwardFileInUnsafeDirPathSafe
Allow a
.i \&.forward
file that is in an unsafe directory to include references
to program and files.
.ip GroupReadableKeyFile
Accept a group-readable key file for STARTTLS.
.ip GroupReadableSASLDBFile
Accept a group-readable Cyrus SASL password file.
.ip GroupReadableDefaultAuthInfoFile
Accept a group-readable DefaultAuthInfo file for SASL.
.ip GroupWritableAliasFile
Allow group-writable alias files.
.ip GroupWritableDirPathSafe
Change the definition of
.q "unsafe directory"
to consider group-writable directories to be safe.
World-writable directories are always unsafe.
.ip GroupWritableForwardFile
Allow group writable
.i \&.forward
files.
.ip GroupWritableForwardFileSafe
Accept group-writable
.i \&.forward
files as safe for program and file delivery.
.ip GroupWritableIncludeFile
-Allow group wriable
+Allow group writable
.i :include:
files.
.ip GroupWritableIncludeFileSafe
Accept group-writable
.i :include:
files as safe for program and file delivery.
.ip GroupWritableSASLDBFile
Accept a group-writable Cyrus SASL password file.
.ip HelpFileInUnsafeDirPath
Allow the file named in the
.b HelpFile
option to be in an unsafe directory.
.ip IncludeFileInGroupWritableDirPath
Allow
.i :include:
files in group writable directories.
.ip IncludeFileInUnsafeDirPath
Allow
.i :include:
files in unsafe directories.
.ip IncludeFileInUnsafeDirPathSafe
Allow a
.i :include:
file that is in an unsafe directory to include references
to program and files.
.ip InsufficientEntropy
Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
despite the security problems.
.ip LinkedAliasFileInWritableDir
Allow an alias file that is a link in a writable directory.
.ip LinkedClassFileInWritableDir
Allow class files that are links in writable directories.
.ip LinkedForwardFileInWritableDir
Allow
.i \&.forward
files that are links in writable directories.
.ip LinkedIncludeFileInWritableDir
Allow
.i :include:
files that are links in writable directories.
.ip LinkedMapInWritableDir
Allow map files that are links in writable directories.
This includes alias database files.
.ip LinkedServiceSwitchFileInWritableDir
Allow the service switch file to be a link
even if the directory is writable.
.ip MapInUnsafeDirPath
Allow maps (e.g.,
.i hash ,
.i btree ,
and
.i dbm
files)
in unsafe directories.
This includes alias database files.
.ip NonRootSafeAddr
Do not mark file and program deliveries as unsafe
if sendmail is not running with root privileges.
.ip RunProgramInUnsafeDirPath
Run programs that are in writable directories without logging a warning.
.ip RunWritableProgram
Run programs that are group- or world-writable without logging a warning.
.ip TrustStickyBit
Allow group or world writable directories
if the sticky bit is set on the directory.
Do not set this on systems which do not honor
the sticky bit on directories.
.ip WorldWritableAliasFile
Accept world-writable alias files.
.ip WorldWritableForwardfile
Allow world writable
.i \&.forward
files.
.ip WorldWritableIncludefile
-Allow world wriable
+Allow world writable
.i :include:
files.
.ip WriteMapToHardLink
Allow writes to maps that are hard links.
.ip WriteMapToSymLink
Allow writes to maps that are symbolic links.
.ip WriteStatsToHardLink
Allow the status file to be a hard link.
.ip WriteStatsToSymLink
Allow the status file to be a symbolic link.
.sh 2 "Connection Caching"
.pp
When processing the queue,
.i sendmail
will try to keep the last few open connections open
to avoid startup and shutdown costs.
This only applies to IPC and LPC connections.
.pp
When trying to open a connection
the cache is first searched.
If an open connection is found, it is probed to see if it is still active
by sending a
.sm RSET
command.
It is not an error if this fails;
instead, the connection is closed and reopened.
.pp
Two parameters control the connection cache.
The
.b ConnectionCacheSize
(\c
.b k )
option defines the number of simultaneous open connections
that will be permitted.
If it is set to zero,
connections will be closed as quickly as possible.
The default is one.
This should be set as appropriate for your system size;
it will limit the amount of system resources that
.i sendmail
will use during queue runs.
Never set this higher than 4.
.pp
The
.b ConnectionCacheTimeout
(\c
.b K )
option specifies the maximum time that any cached connection
will be permitted to idle.
When the idle time exceeds this value
the connection is closed.
This number should be small
(under ten minutes)
to prevent you from grabbing too many resources
from other hosts.
The default is five minutes.
.sh 2 "Name Server Access"
.pp
Control of host address lookups is set by the
.b hosts
service entry in your service switch file.
If you are on a system that has built-in service switch support
(e.g., Ultrix, Solaris, or DEC OSF/1)
then your system is probably configured properly already.
Otherwise,
.i sendmail
will consult the file
.b /etc/mail/service.switch ,
which should be created.
.i Sendmail
only uses two entries:
.b hosts
and
.b aliases ,
although system routines may use other services
(notably the
.b passwd
service for user name lookups by
.i getpwname ).
.pp
However, some systems (such as SunOS 4.X)
will do DNS lookups
regardless of the setting of the service switch entry.
In particular, the system routine
.i gethostbyname (3)
is used to look up host names,
and many vendor versions try some combination of DNS, NIS,
and file lookup in /etc/hosts
without consulting a service switch.
.i Sendmail
makes no attempt to work around this problem,
and the DNS lookup will be done anyway.
If you do not have a nameserver configured at all,
such as at a UUCP-only site,
.i sendmail
will get a
.q "connection refused"
message when it tries to connect to the name server.
If the
.b hosts
switch entry has the service
.q dns
listed somewhere in the list,
.i sendmail
will interpret this to mean a temporary failure
and will queue the mail for later processing;
otherwise, it ignores the name server data.
.pp
The same technique is used to decide whether to do MX lookups.
If you want MX support, you
.i must
have
.q dns
listed as a service in the
.b hosts
switch entry.
.pp
The
.b ResolverOptions
(\c
.b I )
option allows you to tweak name server options.
The command line takes a series of flags as documented in
.i resolver (3)
(with the leading
.q RES_
deleted).
Each can be preceded by an optional `+' or `\(mi'.
For example, the line
.(b
O ResolverOptions=+AAONLY \(miDNSRCH
.)b
turns on the AAONLY (accept authoritative answers only)
and turns off the DNSRCH (search the domain path) options.
Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
flags on and all others off.
If NETINET6 is enabled, most libraries default to USE_INET6 as well.
You can also include
.q HasWildcardMX
to specify that there is a wildcard MX record matching your domain;
this turns off MX matching when canonifying names,
which can lead to inappropriate canonifications.
Use
.q WorkAroundBrokenAAAA
when faced with a broken nameserver that returns SERVFAIL
(a temporary failure)
on T_AAAA (IPv6) lookups
during hostname canonification.
Notice: it might be necessary to apply the same (or similar) options to
.i submit.cf
too.
.pp
Version level 1 configurations (see the section about
``Configuration Version Level'')
turn DNSRCH and DEFNAMES off when doing delivery lookups,
but leave them on everywhere else.
Version 8 of
.i sendmail
ignores them when doing canonification lookups
(that is, when using $[ ... $]),
and always does the search.
If you don't want to do automatic name extension,
don't call $[ ... $].
.pp
The search rules for $[ ... $] are somewhat different than usual.
If the name being looked up
has at least one dot, it always tries the unmodified name first.
If that fails, it tries the reduced search path,
and lastly tries the unmodified name
(but only for names without a dot,
since names with a dot have already been tried).
This allows names such as
``utc.CS''
to match the site in Czechoslovakia
rather than the site in your local Computer Science department.
It also prefers A and CNAME records over MX records \*-
that is, if it finds an MX record it makes note of it,
but keeps looking.
This way, if you have a wildcard MX record matching your domain,
it will not assume that all names match.
.pp
To completely turn off all name server access
on systems without service switch support
(such as SunOS 4.X)
you will have to recompile with
\-DNAMED_BIND=0
and remove \-lresolv from the list of libraries to be searched
when linking.
.sh 2 "Moving the Per-User Forward Files"
.pp
Some sites mount each user's home directory
from a local disk on their workstation,
so that local access is fast.
However, the result is that .forward file lookups
from a central mail server are slow.
In some cases,
mail can even be delivered on machines inappropriately
because of a file server being down.
The performance can be especially bad if you run the automounter.
.pp
The
.b ForwardPath
(\c
.b J )
option allows you to set a path of forward files.
For example, the config file line
.(b
O ForwardPath=/var/forward/$u:$z/.forward.$w
.)b
would first look for a file with the same name as the user's login
in /var/forward;
if that is not found (or is inaccessible)
the file
``.forward.\c
.i machinename ''
in the user's home directory is searched.
A truly perverse site could also search by sender
by using $r, $s, or $f.
.pp
If you create a directory such as /var/forward,
it should be mode 1777
(that is, the sticky bit should be set).
Users should create the files mode 0644.
Note that you must use the
ForwardFileInUnsafeDirPath and
ForwardFileInUnsafeDirPathSafe
flags with the
.b DontBlameSendmail
option to allow forward files in a world writable directory.
This might also be used as a denial of service attack
(users could create forward files for other users);
a better approach might be to create
/var/forward
mode 0755
and create empty files for each user,
owned by that user,
mode 0644.
If you do this, you don't have to set the DontBlameSendmail options
indicated above.
.sh 2 "Free Space"
.pp
On systems that have one of the system calls in the
.i statfs (2)
family
(including
.i statvfs
and
.i ustat ),
you can specify a minimum number of free blocks on the queue filesystem
using the
.b MinFreeBlocks
(\c
.b b )
option.
If there are fewer than the indicated number of blocks free
on the filesystem on which the queue is mounted
the SMTP server will reject mail
with the
452 error code.
This invites the SMTP client to try again later.
.pp
Beware of setting this option too high;
it can cause rejection of email
when that mail would be processed without difficulty.
.sh 2 "Maximum Message Size"
.pp
To avoid overflowing your system with a large message,
the
.b MaxMessageSize
option can be set to set an absolute limit
on the size of any one message.
This will be advertised in the ESMTP dialogue
and checked during message collection.
.sh 2 "Privacy Flags"
.pp
The
.b PrivacyOptions
(\c
.b p )
option allows you to set certain
``privacy''
flags.
Actually, many of them don't give you any extra privacy,
rather just insisting that client SMTP servers
use the HELO command
before using certain commands
or adding extra headers to indicate possible spoof attempts.
.pp
The option takes a series of flag names;
the final privacy is the inclusive or of those flags.
For example:
.(b
O PrivacyOptions=needmailhelo, noexpn
.)b
insists that the HELO or EHLO command be used before a MAIL command is accepted
and disables the EXPN command.
.pp
The flags are detailed in section
.\"XREF
5.6.
.sh 2 "Send to Me Too"
.pp
Beginning with version 8.10,
.i sendmail
includes by default the (envelope) sender in any list expansions.
For example, if
.q matt
sends to a list that contains
.q matt
as one of the members he will get a copy of the message.
If the
.b MeToo
option is set to
.sm FALSE
(in the configuration file or via the command line),
this behavior is changed, i.e.,
the (envelope) sender is excluded in list expansions.
.sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
.pp
This section describes the configuration file
in detail.
.pp
There is one point that should be made clear immediately:
the syntax of the configuration file
is designed to be reasonably easy to parse,
since this is done every time
.i sendmail
starts up,
rather than easy for a human to read or write.
The configuration file should be generated via the method described in
.b cf/README ,
it should not be edited directly unless someone is familiar
with the internals of the syntax described here and it is
not possible to achieve the desired result via the default method.
.pp
The configuration file is organized as a series of lines,
each of which begins with a single character
defining the semantics for the rest of the line.
Lines beginning with a space or a tab
are continuation lines
(although the semantics are not well defined in many places).
Blank lines and lines beginning with a sharp symbol
(`#')
are comments.
.sh 2 "R and S \*- Rewriting Rules"
.pp
The core of address parsing
are the rewriting rules.
These are an ordered production system.
.i Sendmail
scans through the set of rewriting rules
looking for a match on the left hand side
(LHS)
of the rule.
When a rule matches,
the address is replaced by the right hand side
(RHS)
of the rule.
.pp
There are several sets of rewriting rules.
Some of the rewriting sets are used internally
and must have specific semantics.
Other rewriting sets
do not have specifically assigned semantics,
and may be referenced by the mailer definitions
or by other rewriting sets.
.pp
The syntax of these two commands are:
.(b F
.b S \c
.i n
.)b
Sets the current ruleset being collected to
.i n .
If you begin a ruleset more than once
it appends to the old definition.
.(b F
.b R \c
.i lhs
.i rhs
.i comments
.)b
The
fields must be separated
by at least one tab character;
there may be embedded spaces
in the fields.
The
.i lhs
is a pattern that is applied to the input.
If it matches,
the input is rewritten to the
.i rhs .
The
.i comments
are ignored.
.pp
Macro expansions of the form
.b $ \c
.i x
are performed when the configuration file is read.
A literal
.b $
can be included using
.b $$ .
Expansions of the form
.b $& \c
.i x
are performed at run time using a somewhat less general algorithm.
This is intended only for referencing internally defined macros
such as
.b $h
that are changed at runtime.
.sh 3 "The left hand side"
.pp
The left hand side of rewriting rules contains a pattern.
Normal words are simply matched directly.
Metasyntax is introduced using a dollar sign.
The metasymbols are:
.(b
.ta \w'\fB$=\fP\fIx\fP 'u
\fB$*\fP Match zero or more tokens
\fB$+\fP Match one or more tokens
\fB$\-\fP Match exactly one token
\fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
\fB$~\fP\fIx\fP Match any word not in class \fIx\fP
.)b
If any of these match,
they are assigned to the symbol
.b $ \c
.i n
for replacement on the right hand side,
where
.i n
is the index in the LHS.
For example,
if the LHS:
.(b
$\-:$+
.)b
is applied to the input:
.(b
UCBARPA:eric
.)b
the rule will match, and the values passed to the RHS will be:
.(b
.ta 4n
$1 UCBARPA
$2 eric
.)b
.pp
Additionally, the LHS can include
.b $@
to match zero tokens.
This is
.i not
bound to a
.b $ \c
.i n
on the RHS, and is normally only used when it stands alone
in order to match the null input.
.sh 3 "The right hand side"
.pp
When the left hand side of a rewriting rule matches,
the input is deleted and replaced by the right hand side.
Tokens are copied directly from the RHS
unless they begin with a dollar sign.
Metasymbols are:
.(b
.ta \w'$#mailer\0\0\0'u
\fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
\fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
\fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
Generalized keyed mapping function
\fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
\fB$#\fP\fImailer\fP Resolve to \fImailer\fP
\fB$@\fP\fIhost\fP Specify \fIhost\fP
\fB$:\fP\fIuser\fP Specify \fIuser\fP
.)b
.pp
The
.b $ \c
.i n
syntax substitutes the corresponding value from a
.b $+ ,
.b $\- ,
.b $* ,
.b $= ,
or
.b $~
match on the LHS.
It may be used anywhere.
.pp
A host name enclosed between
.b $[
and
.b $]
is looked up in the host database(s)
and replaced by the canonical name\**.
.(f
\**This is actually
completely equivalent
to $(host \fIhostname\fP$).
In particular, a
.b $:
default can be used.
.)f
For example,
.q $[ftp$]
might become
.q ftp.CS.Berkeley.EDU
and
.q $[[128.32.130.2]$]
would become
.q vangogh.CS.Berkeley.EDU.
.i Sendmail
recognizes its numeric IP address
without calling the name server
and replaces it with its canonical name.
.pp
The
.b $(
\&...
.b $)
syntax is a more general form of lookup;
it uses a named map instead of an implicit map.
If no lookup is found, the indicated
.i default
is inserted;
if no default is specified and no lookup matches,
the value is left unchanged.
The
.i arguments
are passed to the map for possible use.
.pp
The
.b $> \c
.i n
syntax
causes the remainder of the line to be substituted as usual
and then passed as the argument to ruleset
.i n .
The final value of ruleset
.i n
then becomes
the substitution for this rule.
The
.b $>
syntax expands everything after the ruleset name
to the end of the replacement string
and then passes that as the initial input to the ruleset.
Recursive calls are allowed.
For example,
.(b
$>0 $>3 $1
.)b
expands $1, passes that to ruleset 3, and then passes the result
of ruleset 3 to ruleset 0.
.pp
The
.b $#
syntax should
.i only
be used in ruleset zero,
a subroutine of ruleset zero,
or rulesets that return decisions (e.g., check_rcpt).
It causes evaluation of the ruleset to terminate immediately,
and signals to
.i sendmail
that the address has completely resolved.
The complete syntax for ruleset 0 is:
.(b
\fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
.)b
This specifies the
{mailer, host, user}
-3-tuple necessary to direct the mailer.
+3-tuple (triple) necessary to direct the mailer.
Note: the third element (
.i user
) is often also called
.i address
part.
If the mailer is local
the host part may be omitted\**.
.(f
\**You may want to use it for special
.q "per user"
extensions.
For example, in the address
.q jgm+foo@CMU.EDU ;
the
.q +foo
part is not part of the user name,
and is passed to the local mailer for local use.
.)f
The
.i mailer
must be a single word,
but the
.i host
and
.i user
may be multi-part.
If the
.i mailer
is the built-in IPC mailer,
the
.i host
-may be a colon-separated list of hosts
-that are searched in order for the first working address
-(exactly like MX records).
+may be a colon (or comma) separated list of hosts.
+Each is separately MX expanded and the results are concatenated
+to make (essentially) one long MX list.
+Hosts separated by a comma have the same MX preference,
+and for each colon separated host the MX preference is increased.
The
.i user
is later rewritten by the mailer-specific envelope rewriting set
and assigned to the
.b $u
macro.
As a special case, if the mailer specified has the
.b F=@
flag specified
and the first character of the
.b $:
value is
.q @ ,
the
.q @
is stripped off, and a flag is set in the address descriptor
that causes sendmail to not do ruleset 5 processing.
.pp
Normally, a rule that matches is retried,
that is,
the rule loops until it fails.
A RHS may also be preceded by a
.b $@
or a
.b $:
to change this behavior.
A
.b $@
prefix causes the ruleset to return with the remainder of the RHS
as the value.
A
.b $:
prefix causes the rule to terminate immediately,
but the ruleset to continue;
this can be used to avoid continued application of a rule.
The prefix is stripped before continuing.
.pp
The
.b $@
and
.b $:
prefixes may precede a
.b $>
spec;
for example:
.(b
.ta 8n
R$+ $: $>7 $1
.)b
matches anything,
passes that to ruleset seven,
and continues;
the
.b $:
is necessary to avoid an infinite loop.
.pp
Substitution occurs in the order described,
that is,
parameters from the LHS are substituted,
hostnames are canonicalized,
.q subroutines
are called,
and finally
.b $# ,
.b $@ ,
and
.b $:
are processed.
.sh 3 "Semantics of rewriting rule sets"
.pp
There are six rewriting sets
that have specific semantics.
Five of these are related as depicted by figure 1.
.(z
.hl
.ie n \{\
.(c
+---+
-->| 0 |-->resolved address
/ +---+
/ +---+ +---+
/ ---->| 1 |-->| S |--
+---+ / +---+ / +---+ +---+ \e +---+
addr-->| 3 |-->| D |-- --->| 4 |-->msg
+---+ +---+ \e +---+ +---+ / +---+
--->| 2 |-->| R |--
+---+ +---+
.)c
.\}
.el \{\
.ie !"\*(.T"" \{\
.PS
boxwid = 0.3i
boxht = 0.3i
movewid = 0.3i
moveht = 0.3i
linewid = 0.3i
lineht = 0.3i
box invis "addr"; arrow
Box3: box "3"
A1: arrow
BoxD: box "D"; line; L1: Here
C: [
C1: arrow; box "1"; arrow; box "S"; line; E1: Here
move to C1 down 0.5; right
C2: arrow; box "2"; arrow; box "R"; line; E2: Here
] with .w at L1 + (0.5, 0)
move to C.e right 0.5
L4: arrow; box "4"; arrow; box invis "msg"
line from L1 to C.C1
line from L1 to C.C2
line from C.E1 to L4
line from C.E2 to L4
move to BoxD.n up 0.6; right
Box0: arrow; box "0"
arrow; box invis "resolved address" width 1.3
line from 1/3 of the way between A1 and BoxD.w to Box0
.PE
.\}
.el .sp 2i
.\}
.ce
Figure 1 \*- Rewriting set semantics
.(c
D \*- sender domain addition
S \*- mailer-specific sender rewriting
R \*- mailer-specific recipient rewriting
.)c
.hl
.)z
.pp
Ruleset three
should turn the address into
.q "canonical form."
This form should have the basic syntax:
.(b
local-part@host-domain-spec
.)b
Ruleset three
is applied by
.i sendmail
before doing anything with any address.
.pp
If no
.q @
sign is specified,
then the
host-domain-spec
.i may
be appended (box
.q D
in Figure 1)
from the
sender address
(if the
.b C
flag is set in the mailer definition
corresponding to the
.i sending
mailer).
.pp
Ruleset zero
is applied after ruleset three
to addresses that are going to actually specify recipients.
It must resolve to a
.i "{mailer, host, address}"
triple.
The
.i mailer
must be defined in the mailer definitions
from the configuration file.
The
.i host
is defined into the
.b $h
macro
for use in the argv expansion of the specified mailer.
Notice: since the envelope sender address will be used if
a delivery status notification must be send,
-i.e., is may specify a recipient,
+i.e., it may specify a recipient,
it is also run through ruleset zero.
If ruleset zero returns a temporary error
.b 4xy
then delivery is deferred.
This can be used to temporarily disable delivery,
e.g., based on the time of the day or other varying parameters.
It should not be used to quarantine e-mails.
.pp
Rulesets one and two
are applied to all sender and recipient addresses respectively.
They are applied before any specification
in the mailer definition.
They must never resolve.
.pp
Ruleset four is applied to all addresses
in the message.
It is typically used
to translate internal to external form.
.pp
In addition,
ruleset 5 is applied to all local addresses
(specifically, those that resolve to a mailer with the `F=5'
flag set)
that do not have aliases.
This allows a last minute hook for local names.
.sh 3 "Ruleset hooks"
.pp
A few extra rulesets are defined as
.q hooks
that can be defined to get special features.
They are all named rulesets.
The
.q check_*
forms all give accept/reject status;
falling off the end or returning normally is an accept,
and resolving to
.b $#error
is a reject or quarantine.
Quarantining is chosen by specifying
.b quarantine
in the second part of the mailer triplet:
.(b
$#error $@ quarantine $: Reason for quarantine
.)b
Many of these can also resolve to the special mailer name
.b $#discard ;
this accepts the message as though it were successful
but then discards it without delivery.
Note,
this mailer cannot be chosen as a mailer in ruleset 0.
Note also that all
.q check_*
rulesets have to deal with temporary failures, especially for map lookups,
themselves, i.e., they should return a temporary error code
or at least they should make a proper decision in those cases.
.sh 4 "check_relay"
.pp
The
.i check_relay
ruleset is called after a connection is accepted by the daemon.
It is not called when sendmail is started using the
.b \-bs
option.
It is passed
.(b
client.host.name $| client.host.address
.)b
where
.b $|
is a metacharacter separating the two parts.
This ruleset can reject connections from various locations.
Note that it only checks the connecting SMTP client IP address and hostname.
It does not check for third party message relaying.
The
.i check_rcpt
ruleset discussed below usually does third party message relay checking.
.sh 4 "check_mail"
.pp
The
.i check_mail
ruleset is passed the user name parameter of the
.sm "SMTP MAIL"
command.
It can accept or reject the address.
.sh 4 "check_rcpt"
.pp
The
.i check_rcpt
ruleset is passed the user name parameter of the
.sm "SMTP RCPT"
command.
It can accept or reject the address.
.sh 4 "check_data"
.pp
The
.i check_data
ruleset is called after the
.sm "SMTP DATA"
command, its parameter is the number of recipients.
It can accept or reject the command.
.sh 4 "check_compat"
.pp
The
.i check_compat
ruleset is passed
.(b
sender-address $| recipient-address
.)b
where
.b $|
is a metacharacter separating the addresses.
It can accept or reject mail transfer between these two addresses
much like the
.i checkcompat()
function.
Note:
while other
.i check_*
rulesets are invoked during the SMTP mail receiption stage
(i.e., in the SMTP server),
.i check_compat
is invoked during the mail delivery stage.
.sh 4 "check_eoh"
.pp
The
.i check_eoh
ruleset is passed
.(b
number-of-headers $| size-of-headers
.)b
where
.b $|
is a metacharacter separating the numbers.
These numbers can be used for size comparisons with the
.b arith
map.
The ruleset is triggered after
all of the headers have been read.
It can be used to correlate information gathered
from those headers using the
.b macro
storage map.
One possible use is to check for a missing header.
For example:
.(b
.ta 1.5i
Kstorage macro
HMessage-Id: $>CheckMessageId
SCheckMessageId
# Record the presence of the header
R$* $: $(storage {MessageIdCheck} $@ OK $) $1
R< $+ @ $+ > $@ OK
R$* $#error $: 553 Header Error
Scheck_eoh
# Check the macro
R$* $: < $&{MessageIdCheck} >
# Clear the macro for the next message
R$* $: $(storage {MessageIdCheck} $) $1
# Has a Message-Id: header
R< $+ > $@ OK
# Allow missing Message-Id: from local mail
R$* $: < $&{client_name} >
R< > $@ OK
R< $=w > $@ OK
# Otherwise, reject the mail
R$* $#error $: 553 Header Error
.)b
Keep in mind the Message-Id: header is not a required header and
is not a guaranteed spam indicator.
This ruleset is an example and
should probably not be used in production.
.sh 4 "check_eom"
.pp
The
.i check_eom
ruleset is called after the end of a message,
its parameter is the message size.
It can accept or reject the message.
.sh 4 "check_etrn"
.pp
The
.i check_etrn
ruleset is passed the parameter of the
.sm "SMTP ETRN"
command.
It can accept or reject the command.
.sh 4 "check_expn"
.pp
The
.i check_expn
ruleset is passed the user name parameter of the
.sm "SMTP EXPN"
command.
It can accept or reject the address.
.sh 4 "check_vrfy"
.pp
The
.i check_vrfy
ruleset is passed the user name parameter of the
.sm "SMTP VRFY"
command.
It can accept or reject the command.
.sh 4 "trust_auth"
.pp
The
.i trust_auth
ruleset is passed the AUTH= parameter of the
.sm "SMTP MAIL"
command.
It is used to determine whether this value should be
trusted. In order to make this decision, the ruleset
may make use of the various
.b ${auth_*}
macros.
If the ruleset does resolve to the
.q error
mailer the AUTH= parameter is not trusted and hence
not passed on to the next relay.
.sh 4 "tls_client"
.pp
The
.i tls_client
ruleset is called when sendmail acts as server, after a STARTTLS command
has been issued, and from
.i check_mail.
The parameter is the value of
.b ${verify}
and STARTTLS or MAIL, respectively.
If the ruleset does resolve to the
.q error
mailer, the appropriate error code is returned to the client.
.sh 4 "tls_server"
.pp
The
.i tls_server
ruleset is called when sendmail acts as client after a STARTTLS command
(should) have been issued.
The parameter is the value of
.b ${verify} .
If the ruleset does resolve to the
.q error
mailer, the connection is aborted
(treated as non-deliverable with a permanent or temporary error).
.sh 4 "tls_rcpt"
.pp
The
.i tls_rcpt
ruleset is called each time before a RCPT TO command is sent.
The parameter is the current recipient.
If the ruleset does resolve to the
.q error
mailer, the RCPT TO command is suppressed
(treated as non-deliverable with a permanent or temporary error).
This ruleset allows to require encryption or verification of
the recipient's MTA even if the mail is somehow redirected
to another host.
For example, sending mail to
.i luke@endmail.org
may get redirected to a host named
.i death.star
and hence the tls_server ruleset won't apply.
By introducing per recipient restrictions such attacks
(e.g., via DNS spoofing) can be made impossible.
See
.i cf/README
how this ruleset can be used.
.sh 4 "srv_features"
.pp
The
.i srv_features
ruleset is called with the connecting client's host name
when a client connects to sendmail.
This ruleset should return
.b $#
followed by a list of options (single characters
delimited by white space).
If the return value starts with anything else it is silently ignored.
Generally upper case characters turn off a feature
while lower case characters turn it on.
Option `S' causes the server not to offer STARTTLS,
which is useful to interact with MTAs/MUAs that have broken
STARTTLS implementations by simply not offering it.
`V' turns off the request for a client certificate during the TLS handshake.
Options `A' and `P' suppress SMTP AUTH and PIPELINING, respectively.
`c' is the equivalent to AuthOptions=p, i.e.,
it doesn't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.
Option `l' requires SMTP AUTH for a connection.
Options 'B', 'D', 'E', and 'X' suppress SMTP VERB, DSN, ETRN, and EXPN,
respectively.
.(b
.ta 9n
A Do not offer AUTH
a Offer AUTH (default)
B Do not offer VERB
b Offer VERB (default)
C Do not require security layer for
plaintext AUTH (default)
c Require security layer for plaintext AUTH
D Do not offer DSN
d Offer DSN (default)
E Do not offer ETRN
e Offer ETRN (default)
L Do not require AUTH (default)
l Require AUTH
P Do not offer PIPELINING
p Offer PIPELINING (default)
S Do not offer STARTTLS
s Offer STARTTLS (default)
V Do not request a client certificate
v Request a client certificate (default)
X Do not offer EXPN
x Offer EXPN (default)
.)b
Note: the entries marked as ``(default)'' may require that some
configuration has been made, e.g., SMTP AUTH is only available if
properly configured.
Moreover, many options can be changed on a global basis via other
settings as explained in this document, e.g., via DaemonPortOptions.
.pp
The ruleset may return `$#temp' to indicate that there is a temporary
problem determining the correct features, e.g., if a map is unavailable.
In that case, the SMTP server issues a temporary failure and does not
accept email.
.sh 4 "try_tls"
.pp
The
.i try_tls
ruleset is called when sendmail connects to another MTA.
If the ruleset does resolve to the
.q error
mailer, sendmail does not try STARTTLS even if it is offered.
This is useful to deal with STARTTLS interoperability issues
by simply not using it.
.sh 4 "tls_srv_features and tls_clt_features"
.pp
The
.i tls_clt_features
ruleset is called when sendmail connects to another MTA
and the
.i tls_srv_features
ruleset is called when a client connects to
.i sendmail .
The arguments for the rulesets are the host name and IP address
of the other side separated by
.b $|
(which is a metacharacter).
They should return a list of
.i key=value
pairs separated by semicolons;
the list can be empty if no options should be applied to the connection.
Available keys are and their allowed values are:
.nr ii 0.2i
.ip Options
A comma separated list of SSL related options.
See
.i ServerSSLOptions
and
.i ClientSSLOptions
for details, as well as
.i SSL_set_options (3)
and note this warning:
Options already set before are not cleared!
.ip CipherList
-Specify cipher list for STARTTLS,
+Specify cipher list for STARTTLS (does not apply to TLSv1.3),
see
.i ciphers (1)
for possible values.
This overrides the global
.i CipherList
for the session.
.ip CertFile
File containing a certificate.
.ip KeyFile
File containing the private key for the certificate.
+.ip Flags
+Currently the only valid flags are
+.br
+.i R
+to require a CRL for each encountered certificate during verification
+(by default a missing CRL is ignored),
+.br
+.i c
+and
+.i C
+which basically clears/sets the option
+.i TLSFallbacktoClear
+for just this session, respectively,
+.br
+.i d
+to turn off DANE which is obviously only valid for
+.i tls_clt_features
+and requires DANE to be compiled in.
+This might be needed in case of a misconfiguration,
+e.g.,
+specifying invalid TLSA RRs.
+.br
.lp
.lp
Example:
.(b
.ta 1.5i
Stls_srv_features
R$* $| 10.$+ $: cipherlist=HIGH
.)b
.lp
Notes:
.pp
Errors in these features (e.g., unknown keys or invalid values)
are logged
and the current session is aborted to avoid using STARTTLS
with features that should have been changed.
.pp
The keys are case-insensitive.
.pp
Both
.i CertFile
and
.i KeyFile
must be specified together;
specifying only one is an error.
-.pp
-These rulesets require the sendmail binary to be built with _FFR_TLS_SE_OPTS
-enabled (see the "For Future Release" section).
.sh 4 "authinfo"
.pp
The
.i authinfo
ruleset is called when sendmail tries to authenticate to another MTA.
It should return
.b $#
followed by a list of tokens that are used for SMTP AUTH.
If the return value starts with anything else it is silently ignored.
Each token is a tagged string of the form:
"TDstring"
(including the quotes), where
.(b
.ta 9n
T Tag which describes the item
D Delimiter: ':' simple text follows
'=' string is base64 encoded
string Value of the item
.)b
Valid values for the tag are:
.(b
.ta 9n
U user (authorization) id
I authentication id
P password
R realm
M list of mechanisms delimited by spaces
.)b
If this ruleset is defined, the option
.b DefaultAuthInfo
is ignored (even if the ruleset does not return a ``useful'' result).
.sh 4 "queuegroup"
.pp
The
.i queuegroup
ruleset is used to map a recipient address to a queue group name.
-The input for the ruleset is a recipient address as specified by the
-.sm "SMTP RCPT"
-command.
+The input for the ruleset is
+the recipient address
+(i.e., the address part of the resolved triple)
The ruleset should return
.b $#
followed by the name of a queue group.
If the return value starts with anything else it is silently ignored.
See the section about ``Queue Groups and Queue Directories''
for further information.
.sh 4 "greet_pause"
.pp
The
.i greet_pause
ruleset is used to specify the amount of time to pause before sending the
initial SMTP 220 greeting.
If any traffic is received during that pause, an SMTP 554 rejection
response is given instead of the 220 greeting and all SMTP commands are
rejected during that connection.
This helps protect sites from open proxies and SMTP slammers.
The ruleset should return
.b $#
followed by the number of milliseconds (thousandths of a second) to
pause.
If the return value starts with anything else or is not a number,
it is silently ignored.
Note: this ruleset is not invoked (and hence the feature is disabled)
-when the smtps (SMTP over SSL) is used, i.e.,
+when smtps (SMTP over SSL) is used, i.e.,
the
.i s
modifier is set for the daemon via
.b DaemonPortOptions ,
because in this case the SSL handshake is performed before
the greeting is sent.
.sh 3 "IPC mailers"
.pp
Some special processing occurs
if the ruleset zero resolves to an IPC mailer
(that is, a mailer that has
.q [IPC]
listed as the Path in the
.b M
configuration line.
The host name passed after
.q $@
has MX expansion performed if not delivering via a named socket;
this looks the name up in DNS to find alternate delivery sites.
.pp
The host name can also be provided as a dotted quad
or an IPv6 address in square brackets;
for example:
.(b
[128.32.149.78]
.)b
or
.(b
[IPv6:2002:c0a8:51d2::23f4]
.)b
This causes direct conversion of the numeric value
to an IP host address.
.pp
The host name passed in after the
.q $@
-may also be a colon-separated list of hosts.
+may also be a colon or comma separated list of hosts.
Each is separately MX expanded and the results are concatenated
to make (essentially) one long MX list.
+Hosts separated by a comma have the same MX preference,
+and for each colon separated host the MX preference is increased.
The intent here is to create
.q fake
MX records that are not published in DNS
for private internal networks.
.pp
As a final special case, the host name can be passed in
as a text string
in square brackets:
.(b
[ucbvax.berkeley.edu]
.)b
This form avoids the MX mapping.
.b N.B.:
.i
This is intended only for situations where you have a network firewall
or other host that will do special processing for all your mail,
so that your MX record points to a gateway machine;
this machine could then do direct delivery to machines
within your local domain.
Use of this feature directly violates RFC 1123 section 5.3.5:
it should not be used lightly.
.r
.sh 2 "D \*- Define Macro"
.pp
Macros are named with a single character
or with a word in {braces}.
The names ``x'' and ``{x}'' denote the same macro
for every single character ``x''.
Single character names may be selected from the entire ASCII set,
but user-defined macros
should be selected from the set of upper case letters only.
Lower case letters
and special symbols
are used internally.
Long names beginning with a lower case letter or a punctuation character
are reserved for use by sendmail,
so user-defined long macro names should begin with an upper case letter.
.pp
The syntax for macro definitions is:
.(b F
.b D \c
.i x\|val
.)b
where
.i x
is the name of the macro
(which may be a single character
or a word in braces)
and
.i val
is the value it should have.
There should be no spaces given
that do not actually belong in the macro value.
.pp
Macros are interpolated
using the construct
.b $ \c
.i x ,
where
.i x
is the name of the macro to be interpolated.
This interpolation is done when the configuration file is read,
except in
.b M
lines.
The special construct
.b $& \c
.i x
can be used in
.b R
lines to get deferred interpolation.
.pp
Conditionals can be specified using the syntax:
.(b
$?x text1 $| text2 $.
.)b
This interpolates
.i text1
if the macro
.b $x
is set and non-null,
and
.i text2
otherwise.
The
.q else
(\c
.b $| )
clause may be omitted.
.pp
The following macros are defined and/or used internally by
.i sendmail
for interpolation into argv's for mailers
or for other contexts.
The ones marked \(dg are information passed into sendmail\**,
.(f
\**As of version 8.6,
all of these macros have reasonable defaults.
Previous versions required that they be defined.
.)f
the ones marked \(dd are information passed both in and out of sendmail,
and the unmarked macros are passed out of sendmail
but are not otherwise used internally.
These macros are:
.nr ii 5n
.ip $a
The origination date in RFC 822 format.
This is extracted from the Date: line.
.ip $b
The current date in RFC 822 format.
.ip $c
The hop count.
This is a count of the number of Received: lines
plus the value of the
.b \-h
command line flag.
.ip $d
The current date in UNIX (ctime) format.
.ip $e\(dg
(Obsolete; use SmtpGreetingMessage option instead.)
The SMTP entry message.
This is printed out when SMTP starts up.
The first word must be the
.b $j
macro as specified by RFC 821.
Defaults to
.q "$j Sendmail $v ready at $b" .
Commonly redefined to include the configuration version number, e.g.,
.q "$j Sendmail $v/$Z ready at $b"
.ip $f
The envelope sender (from) address.
.ip $g
The sender address relative to the recipient.
For example, if
.b $f
is
.q foo ,
.b $g
will be
.q host!foo ,
.q foo@host.domain ,
or whatever is appropriate for the receiving mailer.
.ip $h
The recipient host.
This is set in ruleset 0 from the $@ field of a parsed address.
.ip $i
The queue id,
e.g.,
.q f344MXxp018717 .
.ip $j\(dd
The \*(lqofficial\*(rq domain name for this site.
This is fully qualified if the full qualification can be found.
It
.i must
be redefined to be the fully qualified domain name
if your system is not configured so that information can find
it automatically.
.ip $k
The UUCP node name (from the uname system call).
.ip $l\(dg
(Obsolete; use UnixFromLine option instead.)
The format of the UNIX from line.
Unless you have changed the UNIX mailbox format,
you should not change the default,
which is
.q "From $g $d" .
.ip $m
The domain part of the \fIgethostname\fP return value.
Under normal circumstances,
.b $j
is equivalent to
.b $w.$m .
.ip $n\(dg
The name of the daemon (for error messages).
Defaults to
.q MAILER-DAEMON .
.ip $o\(dg
(Obsolete: use OperatorChars option instead.)
The set of \*(lqoperators\*(rq in addresses.
A list of characters
which will be considered tokens
and which will separate tokens
when doing parsing.
For example, if
.q @
were in the
.b $o
macro, then the input
.q a@b
would be scanned as three tokens:
.q a,
.q @,
and
.q b.
Defaults to
.q ".:@[]" ,
which is the minimum set necessary to do RFC 822 parsing;
a richer set of operators is
.q ".:%@!/[]" ,
which adds support for UUCP, the %-hack, and X.400 addresses.
.ip $p
Sendmail's process id.
.ip $q\(dg
Default format of sender address.
The
.b $q
macro specifies how an address should appear in a message
when it is defaulted.
Defaults to
.q "<$g>" .
It is commonly redefined to be
.q "$?x$x <$g>$|$g$."
or
.q "$g$?x ($x)$." ,
corresponding to the following two formats:
.(b
Eric Allman <eric@CS.Berkeley.EDU>
eric@CS.Berkeley.EDU (Eric Allman)
.)b
.i Sendmail
properly quotes names that have special characters
if the first form is used.
.ip $r
Protocol used to receive the message.
Set from the
.b \-p
command line flag or by the SMTP server code.
.ip $s
Sender's host name.
Set from the
.b \-p
command line flag or by the SMTP server code
(in which case it is set to the EHLO/HELO parameter).
.ip $t
A numeric representation of the current time in the format YYYYMMDDHHmm
(4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31,
2 digit hours 00-23, 2 digit minutes 00-59).
.ip $u
The recipient user.
.ip $v
The version number of the
.i sendmail
binary.
.ip $w\(dd
The hostname of this site.
This is the root name of this host (but see below for caveats).
.ip $x
The full name of the sender.
.ip $z
The home directory of the recipient.
.ip $_
The validated sender address.
See also
.b ${client_resolve} .
.ip ${addr_type}
The type of the address which is currently being rewritten.
This macro contains up to three characters, the first
is either `e' or `h' for envelope/header address,
the second is a space,
and the third is either `s' or `r' for sender/recipient address.
.ip ${alg_bits}
The maximum keylength (in bits) of the symmetric encryption algorithm
used for a TLS connection.
This may be less than the effective keylength,
which is stored in
.b ${cipher_bits} ,
for ``export controlled'' algorithms.
.ip ${auth_authen}
The client's authentication credentials as determined by authentication
(only set if successful).
The format depends on the mechanism used, it might be just `user',
or `user@realm', or something similar (SMTP AUTH only).
.ip ${auth_author}
The authorization identity, i.e. the AUTH= parameter of the
.sm "SMTP MAIL"
command if supplied.
.ip ${auth_type}
The mechanism used for SMTP authentication
(only set if successful).
.ip ${auth_ssf}
The keylength (in bits) of the symmetric encryption algorithm
used for the security layer of a SASL mechanism.
.ip ${bodytype}
The message body type
(7BIT or 8BITMIME),
as determined from the envelope.
.ip ${cert_fp}
The fingerprint of the presented certificate (STARTTLS only).
Note: this macro is only defined if the option
.b CertFingerprintAlgorithm
is set,
in which case the specified fingerprint algorithm is used.
The valid algorithms depend on the OpenSSL version,
but usually md5, sha1, and sha256 are available.
See
.(b
openssl dgst -h
.)b
for a list.
.ip ${cert_issuer}
The DN (distinguished name) of the CA (certificate authority)
that signed the presented certificate (the cert issuer)
(STARTTLS only).
.ip ${cert_md5}
The MD5 hash of the presented certificate (STARTTLS only).
Note: this macro is only defined if the option
.b CertFingerprintAlgorithm
is not set.
.ip ${cert_subject}
The DN of the presented certificate (called the cert subject)
(STARTTLS only).
.ip ${cipher}
The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
(STARTTLS only).
.ip ${cipher_bits}
The effective keylength (in bits) of the symmetric encryption algorithm
used for a TLS connection.
.ip ${client_addr}
The IP address of the SMTP client.
IPv6 addresses are tagged with "IPv6:" before the address.
Defined in the SMTP server only.
.ip ${client_connections}
The number of open connections in the SMTP server for the client IP address.
.ip ${client_flags}
The flags specified by the
Modifier= part of
.b ClientPortOptions
where flags are separated from each other by spaces
and upper case flags are doubled.
That is,
Modifier=hA
will be represented as
"h AA" in
.b ${client_flags} ,
which is required for testing the flags in rulesets.
.ip ${client_name}
The host name of the SMTP client.
This may be the client's bracketed IP address
in the form [ nnn.nnn.nnn.nnn ] for IPv4
and [ IPv6:nnnn:...:nnnn ] for IPv6
if the client's
IP address is not resolvable, or if it is resolvable
but the IP address of the resolved hostname
doesn't match the original IP address.
Defined in the SMTP server only.
See also
.b ${client_resolve} .
.ip ${client_port}
The port number of the SMTP client.
Defined in the SMTP server only.
.ip ${client_ptr}
The result of the PTR lookup for the client IP address.
Note: this is the same as
.b ${client_name}
if and only if
.b ${client_resolve}
is OK.
Defined in the SMTP server only.
.ip ${client_rate}
The number of incoming connections for the client IP address
over the time interval specified by ConnectionRateWindowSize.
.ip ${client_resolve}
Holds the result of the resolve call for
.b ${client_name} .
Possible values are:
.(b
.ta 10n
OK resolved successfully
FAIL permanent lookup failure
FORGED forward lookup doesn't match reverse lookup
TEMP temporary lookup failure
.)b
Defined in the SMTP server only.
.i sendmail
performs a hostname lookup on the IP address of the connecting client.
Next the IP addresses of that hostname are looked up.
If the client IP address does not appear in that list,
then the hostname is maybe forged.
This is reflected as the value FORGED for
.b ${client_resolve}
and it also shows up in
.b $_
as "(may be forged)".
.ip ${cn_issuer}
The CN (common name) of the CA that signed the presented certificate
(STARTTLS only).
Note: if the CN cannot be extracted properly it will be replaced by
one of these strings based on the encountered error:
.(b
.ta 25n
BadCertificateContainsNUL CN contains a NUL character
BadCertificateTooLong CN is too long
BadCertificateUnknown CN could not be extracted
.)b
In the last case, some other (unspecific) error occurred.
.ip ${cn_subject}
The CN (common name) of the presented certificate
(STARTTLS only).
See
.b ${cn_issuer}
for possible replacements.
.ip ${currHeader}
Header value as quoted string
(possibly truncated to
.b MAXNAME ).
This macro is only available in header check rulesets.
.ip ${daemon_addr}
The IP address the daemon is listening on for connections.
.ip ${daemon_family}
The network family
if the daemon is accepting network connections.
Possible values include
.q inet ,
.q inet6 ,
.q iso ,
.q ns ,
.q x.25
.ip ${daemon_flags}
The flags for the daemon as specified by the
Modifier= part of
.b DaemonPortOptions
whereby the flags are separated from each other by spaces,
and upper case flags are doubled.
That is,
Modifier=Ea
will be represented as
"EE a" in
.b ${daemon_flags} ,
which is required for testing the flags in rulesets.
.ip ${daemon_info}
Some information about a daemon as a text string.
For example,
.q SMTP+queueing@00:30:00 .
.ip ${daemon_name}
The name of the daemon from
.b DaemonPortOptions
Name= suboption.
If this suboption is not set,
"Daemon#",
where # is the daemon number,
is used.
.ip ${daemon_port}
The port the daemon is accepting connection on.
Unless
.b DaemonPortOptions
is set, this will most likely be
.q 25 .
.ip ${deliveryMode}
The current delivery mode sendmail is using.
It is initially set to the value of the
.b DeliveryMode
option.
.ip ${envid}
The envelope id parameter (ENVID=) passed to sendmail as part of the envelope.
.ip ${hdrlen}
The length of the header value which is stored in
${currHeader} (before possible truncation).
If this value is greater than or equal to
.b MAXNAME
the header has been truncated.
.ip ${hdr_name}
The name of the header field for which the current header
check ruleset has been called.
This is useful for a default header check ruleset to get
the name of the header;
the macro is only available in header check rulesets.
.ip ${if_addr}
The IP address of the interface of an incoming connection
unless it is in the loopback net.
IPv6 addresses are tagged with "IPv6:" before the address.
.ip ${if_addr_out}
The IP address of the interface of an outgoing connection
unless it is in the loopback net.
IPv6 addresses are tagged with "IPv6:" before the address.
.ip ${if_family}
The IP family of the interface of an incoming connection
unless it is in the loopback net.
.ip ${if_family_out}
The IP family of the interface of an outgoing connection
unless it is in the loopback net.
.ip ${if_name}
The hostname associated with the interface of an incoming connection.
This macro can be used for
SmtpGreetingMessage and HReceived for virtual hosting.
For example:
.(b
O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
.)b
.ip ${if_name_out}
The name of the interface of an outgoing connection.
.ip ${load_avg}
The current load average.
.ip ${mail_addr}
The address part of the resolved triple of the address given for the
.sm "SMTP MAIL"
command.
Defined in the SMTP server only.
.ip ${mail_host}
The host from the resolved triple of the address given for the
.sm "SMTP MAIL"
command.
Defined in the SMTP server only.
.ip ${mail_mailer}
The mailer from the resolved triple of the address given for the
.sm "SMTP MAIL"
command.
Defined in the SMTP server only.
.ip ${msg_id}
The value of the Message-Id: header.
.ip ${msg_size}
The value of the SIZE= parameter,
i.e., usually the size of the message (in an ESMTP dialogue),
before the message has been collected, thereafter
the message size as computed by
.i sendmail
(and can be used in check_compat).
.ip ${nbadrcpts}
The number of bad recipients for a single message.
.ip ${nrcpts}
The number of validated recipients for a single message.
Note: since recipient validation happens after
.i check_rcpt
has been called, the value in this ruleset
is one less than what might be expected.
.ip ${ntries}
The number of delivery attempts.
.ip ${opMode}
The current operation mode (from the
.b \-b
flag).
.ip ${quarantine}
The quarantine reason for the envelope,
if it is quarantined.
.ip ${queue_interval}
The queue run interval given by the
.b \-q
flag.
For example,
.b \-q30m
would set
.b ${queue_interval}
to
.q 00:30:00 .
.ip ${rcpt_addr}
The address part of the resolved triple of the address given for the
.sm "SMTP RCPT"
command.
Defined in the SMTP server only after a RCPT command.
.ip ${rcpt_host}
The host from the resolved triple of the address given for the
.sm "SMTP RCPT"
command.
Defined in the SMTP server only after a RCPT command.
.ip ${rcpt_mailer}
The mailer from the resolved triple of the address given for the
.sm "SMTP RCPT"
command.
Defined in the SMTP server only after a RCPT command.
.ip ${server_addr}
The address of the server of the current outgoing SMTP connection.
For LMTP delivery the macro is set to the name of the mailer.
.ip ${server_name}
The name of the server of the current outgoing SMTP or LMTP connection.
.ip ${time}
The output of the
.i time (3)
function, i.e., the number of seconds since 0 hours, 0 minutes,
0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
.ip ${tls_version}
-The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2;
+The TLS/SSL version used for the connection, e.g., TLSv1.2, TLSv1;
defined after STARTTLS has been used.
.ip ${total_rate}
The total number of incoming connections over the time interval specified
by ConnectionRateWindowSize.
.ip ${verify}
The result of the verification of the presented cert;
only defined after STARTTLS has been used (or attempted).
Possible values are:
.(b
.ta 13n
OK verification succeeded.
NO no cert presented.
NOT no cert requested.
FAIL cert presented but could not be verified,
e.g., the signing CA is missing.
NONE STARTTLS has not been performed.
+CLEAR STARTTLS has been disabled internally for a clear text delivery attempt.
TEMP temporary error occurred.
PROTOCOL some protocol error occurred
at the ESMTP level (not TLS).
SOFTWARE STARTTLS handshake failed,
which is a fatal error for this session,
the e-mail will be queued.
.)b
.pp
There are three types of dates that can be used.
The
.b $a
and
.b $b
macros are in RFC 822 format;
.b $a
is the time as extracted from the
.q Date:
line of the message
(if there was one),
and
.b $b
is the current date and time
(used for postmarks).
If no
.q Date:
line is found in the incoming message,
.b $a
is set to the current time also.
The
.b $d
macro is equivalent to the
.b $b
macro in UNIX
(ctime)
format.
.pp
The macros
.b $w ,
.b $j ,
and
.b $m
are set to the identity of this host.
.i Sendmail
tries to find the fully qualified name of the host
if at all possible;
it does this by calling
.i gethostname (2)
to get the current hostname
and then passing that to
.i gethostbyname (3)
which is supposed to return the canonical version of that host name.\**
.(f
\**For example, on some systems
.i gethostname
might return
.q foo
which would be mapped to
.q foo.bar.com
by
.i gethostbyname .
.)f
Assuming this is successful,
.b $j
is set to the fully qualified name
and
.b $m
is set to the domain part of the name
(everything after the first dot).
The
.b $w
macro is set to the first word
(everything before the first dot)
if you have a level 5 or higher configuration file;
otherwise, it is set to the same value as
.b $j .
If the canonification is not successful,
it is imperative that the config file set
.b $j
to the fully qualified domain name\**.
.(f
\**Older versions of sendmail didn't pre-define
.b $j
at all, so up until 8.6,
config files
.i always
had to define
.b $j .
.)f
.pp
The
.b $f
macro is the id of the sender
as originally determined;
when mailing to a specific host
the
.b $g
macro is set to the address of the sender
.ul
relative to the recipient.
For example,
if I send to
.q bollard@matisse.CS.Berkeley.EDU
from the machine
.q vangogh.CS.Berkeley.EDU
the
.b $f
macro will be
.q eric
and the
.b $g
macro will be
.q eric@vangogh.CS.Berkeley.EDU.
.pp
The
.b $x
macro is set to the full name of the sender.
This can be determined in several ways.
It can be passed as flag to
.i sendmail .
It can be defined in the
.sm NAME
environment variable.
The third choice is the value of the
.q Full-Name:
line in the header if it exists,
and the fourth choice is the comment field
of a
.q From:
line.
If all of these fail,
and if the message is being originated locally,
the full name is looked up in the
.i /etc/passwd
file.
.pp
When sending,
the
.b $h ,
.b $u ,
and
.b $z
macros get set to the host, user, and home directory
(if local)
of the recipient.
The first two are set from the
.b $@
and
.b $:
part of the rewriting rules, respectively.
.pp
The
.b $p
and
.b $t
macros are used to create unique strings
(e.g., for the
.q Message-Id:
field).
The
.b $i
macro is set to the queue id on this host;
if put into the timestamp line
it can be extremely useful for tracking messages.
The
.b $v
macro is set to be the version number of
.i sendmail ;
this is normally put in timestamps
and has been proven extremely useful for debugging.
.pp
The
.b $c
field is set to the
.q "hop count,"
i.e., the number of times this message has been processed.
This can be determined
by the
.b \-h
flag on the command line
or by counting the timestamps in the message.
.pp
The
.b $r
and
.b $s
fields are set to the protocol used to communicate with
.i sendmail
and the sending hostname.
They can be set together using the
.b \-p
command line flag or separately using the
.b \-M
or
.b \-oM
flags.
.pp
The
.b $_
is set to a validated sender host name.
If the sender is running an RFC 1413 compliant IDENT server
and the receiver has the IDENT protocol turned on,
it will include the user name on that host.
.pp
The
.b ${client_name} ,
.b ${client_addr} ,
and
.b ${client_port}
macros
are set to the name, address, and port number of the SMTP client
who is invoking
.i sendmail
as a server.
These can be used in the
.i check_*
rulesets (using the
.b $&
deferred evaluation form, of course!).
.sh 2 "C and F \*- Define Classes"
.pp
Classes of phrases may be defined
to match on the left hand side of rewriting rules,
where a
.q phrase
is a sequence of characters that does not contain space characters.
For example
a class of all local names for this site
might be created
so that attempts to send to oneself
can be eliminated.
These can either be defined directly in the configuration file
or read in from another file.
Classes are named as a single letter or a word in {braces}.
Class names beginning with lower case letters
and special characters are reserved for system use.
Classes defined in config files may be given names
from the set of upper case letters for short names
or beginning with an upper case letter for long names.
.pp
The syntax is:
.(b F
.b C \c
.i c\|phrase1
.i phrase2...
.br
.b F \c
.i c\|file
.br
.b F \c
.i c\||program
.br
.b F \c
.i c\|[mapkey]@mapclass:mapspec
.)b
The first form defines the class
.i c
to match any of the named words.
If
.i phrase1
or
.i phrase2
is another class,
e.g.,
.i $=S ,
the contents of class
.i S
are added to class
.i c .
It is permissible to split them among multiple lines;
for example, the two forms:
.(b
CHmonet ucbmonet
.)b
and
.(b
CHmonet
CHucbmonet
.)b
are equivalent.
The ``F'' forms
read the elements of the class
.i c
from the named
.i file ,
.i program ,
or
.i "map specification" .
Each element should be listed on a separate line.
To specify an optional file, use ``\-o'' between the class
name and the file name, e.g.,
.(b
Fc \-o /path/to/file
.)b
If the file can't be used,
.i sendmail
will not complain but silently ignore it.
The map form should be an optional map key, an at sign,
and a map class followed by the specification for that map.
Examples include:
.(b
F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
F{MyClass}foo@hash:/etc/mail/classes
.)b
will fill the class
.b $={VirtHosts}
from an LDAP map lookup and
.b $={MyClass}
from a hash database map lookup of the
.b foo .
There is also a built-in schema that can be accessed by only specifying:
.(b
F{\c
.i ClassName }@LDAP
.)b
This will tell sendmail to use the default schema:
.(b
\-k (&(objectClass=sendmailMTAClass)
(sendmailMTAClassName=\c
.i ClassName )
(|(sendmailMTACluster=${sendmailMTACluster})
(sendmailMTAHost=$j)))
\-v sendmailMTAClassValue
.)b
Note that the lookup is only done when sendmail is initially started.
.pp
Elements of classes can be accessed in rules using
.b $=
or
.b $~ .
The
.b $~
(match entries not in class)
only matches a single word;
multi-word entries in the class are ignored in this context.
.pp
Some classes have internal meaning to
.i sendmail :
.nr ii 0.5i
.\".ip $=b
.\"A set of Content-Types that will not have the newline character
.\"translated to CR-LF before encoding into base64 MIME.
.\"The class can have major times
.\"(e.g.,
.\".q image )
.\"or full types
.\"(such as
.\".q application/octet-stream ).
.\"The class is initialized with
.\".q application/octet-stream ,
.\".q image ,
.\".q audio ,
.\"and
.\".q video .
.ip $=e
contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
It is predefined to contain
.q 7bit ,
.q 8bit ,
and
.q binary .
.ip $=k
set to be the same as
.b $k ,
that is, the UUCP node name.
.ip $=m
set to the set of domains by which this host is known,
initially just
.b $m .
.ip $=n
can be set to the set of MIME body types
that can never be eight to seven bit encoded.
It defaults to
.q multipart/signed .
Message types
.q message/*
and
.q multipart/*
are never encoded directly.
Multipart messages are always handled recursively.
The handling of message/* messages
are controlled by class
.b $=s .
.ip $=q
A set of Content-Types that will never be encoded as base64
(if they have to be encoded, they will be encoded as quoted-printable).
It can have primary types
(e.g.,
.q text )
or full types
(such as
.q text/plain ).
.ip $=s
contains the set of subtypes of message that can be treated recursively.
By default it contains only
.q rfc822 .
Other
.q message/*
types cannot be 8\(->7 bit encoded.
If a message containing eight bit data is sent to a seven bit host,
and that message cannot be encoded into seven bits,
it will be stripped to 7 bits.
.ip $=t
set to the set of trusted users by the
.b T
configuration line.
If you want to read trusted users from a file, use
.b Ft \c
.i /file/name .
.ip $=w
set to be the set of all names
this host is known by.
This can be used to match local hostnames.
.ip $={persistentMacros}
set to the macros that should be saved across queue runs.
Care should be taken when adding macro names to this class.
.pp
.i Sendmail
can be compiled to allow a
.i scanf (3)
string on the
.b F
line.
This lets you do simplistic parsing of text files.
For example, to read all the user names in your system
.i /etc/passwd
file into a class, use
.(b
FL/etc/passwd %[^:]
.)b
which reads every line up to the first colon.
.sh 2 "M \*- Define Mailer"
.pp
Programs and interfaces to mailers
are defined in this line.
The format is:
.(b F
.b M \c
.i name ,
{\c
.i field =\c
.i value \|}*
.)b
where
.i name
is the name of the mailer
(used internally only)
and the
.q field=name
pairs define attributes of the mailer.
Fields are:
.(b
.ta 1i
Path The pathname of the mailer
Flags Special flags for this mailer
Sender Rewriting set(s) for sender addresses
Recipient Rewriting set(s) for recipient addresses
recipients Maximum number of recipients per connection
Argv An argument vector to pass to this mailer
Eol The end-of-line string for this mailer
Maxsize The maximum message length to this mailer
maxmessages The maximum message deliveries per connection
Linelimit The maximum line length in the message body
Directory The working directory for the mailer
Userid The default user and group id to run as
Nice The nice(2) increment for the mailer
Charset The default character set for 8-bit characters
Type Type information for DSN diagnostics
Wait The maximum time to wait for the mailer
Queuegroup The default queue group for the mailer
/ The root directory for the mailer
.)b
Only the first character of the field name is checked
(it's case-sensitive).
.pp
The following flags may be set in the mailer description.
Any other flags may be used freely
to conditionally assign headers to messages
destined for particular mailers.
Flags marked with \(dg
are not interpreted by the
.i sendmail
binary;
these are the conventionally used to correlate to the flags portion
of the
.b H
line.
Flags marked with \(dd
apply to the mailers for the sender address
rather than the usual recipient mailers.
.nr ii 4n
.ip a
Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
This flag defaults on if the SMTP greeting message includes the word
.q ESMTP .
.ip A
Look up the user (address) part of the resolved mailer triple,
in the alias database.
Normally this is only set for local mailers.
.ip b
Force a blank line on the end of a message.
This is intended to work around some stupid versions of
/bin/mail
that require a blank line, but do not provide it themselves.
It would not normally be used on network mail.
.ip B
Strip leading backslashes (\e) off of the address;
this is a subset of the functionality of the
.b s
flag.
.ip c
Do not include comments in addresses.
This should only be used if you have to work around
a remote mailer that gets confused by comments.
This strips addresses of the form
.q "Phrase <address>"
or
.q "address (Comment)"
down to just
.q address .
.ip C\(dd
If mail is
.i received
from a mailer with this flag set,
any addresses in the header that do not have an at sign
(\c
.q @ )
after being rewritten by ruleset three
will have the
.q @domain
clause from the sender envelope address
tacked on.
This allows mail with headers of the form:
.(b
From: usera@hosta
To: userb@hostb, userc
.)b
to be rewritten as:
.(b
From: usera@hosta
To: userb@hostb, userc@hosta
.)b
automatically.
However, it doesn't really work reliably.
.ip d
Do not include angle brackets around route-address syntax addresses.
This is useful on mailers that are going to pass addresses to a shell
that might interpret angle brackets as I/O redirection.
However, it does not protect against other shell metacharacters.
Therefore, passing addresses to a shell should not be considered secure.
.ip D\(dg
This mailer wants a
.q Date:
header line.
.ip e
This mailer is expensive to connect to,
so try to avoid connecting normally;
any necessary connection will occur during a queue run.
See also option
.b HoldExpensive .
.ip E
Escape lines beginning with
.q From\0
in the message with a `>' sign.
.ip f
The mailer wants a
.b \-f
.i from
flag,
but only if this is a network forward operation
(i.e.,
the mailer will give an error
if the executing user
does not have special permissions).
.ip F\(dg
This mailer wants a
.q From:
header line.
.ip g
Normally,
.i sendmail
sends internally generated email (e.g., error messages)
using the null return address
as required by RFC 1123.
However, some mailers don't accept a null return address.
If necessary,
you can set the
.b g
flag to prevent
.i sendmail
from obeying the standards;
error messages will be sent as from the MAILER-DAEMON
(actually, the value of the
.b $n
macro).
.ip h
Upper case should be preserved in host names
(the $@ portion of the mailer triplet resolved from ruleset 0)
for this mailer.
.ip i
Do User Database rewriting on envelope sender address.
.ip I
This flag is deprecated
and will be removed from a future version.
This mailer will be speaking SMTP
to another
.i sendmail
\*-
as such it can use special protocol features.
This flag should not be used except for debugging purposes
because it uses
.b VERB
as SMTP command.
.ip j
Do User Database rewriting on recipients as well as senders.
.ip k
Normally when
.i sendmail
connects to a host via SMTP,
-it checks to make sure that this isn't accidently the same host name
+it checks to make sure that this isn't accidentally the same host name
as might happen if
.i sendmail
is misconfigured or if a long-haul network interface is set in loopback mode.
This flag disables the loopback check.
It should only be used under very unusual circumstances.
.ip K
Currently unimplemented.
Reserved for chunking.
.ip l
This mailer is local
(i.e.,
final delivery will be performed).
.ip L
Limit the line lengths as specified in RFC 821.
This deprecated option should be replaced by the
.b L=
mail declaration.
For historic reasons, the
.b L
flag also sets the
.b 7
flag.
.ip m
This mailer can send to multiple users
on the same host
in one transaction.
When a
.b $u
macro occurs in the
.i argv
part of the mailer definition,
that field will be repeated as necessary
for all qualifying users.
-Removing this flag can defeat duplicate supression on a remote site
+Removing this flag can defeat duplicate suppression on a remote site
as each recipient is sent in a separate transaction.
.ip M\(dg
This mailer wants a
.q Message-Id:
header line.
.ip n
Do not insert a UNIX-style
.q From
line on the front of the message.
.ip o
Always run as the owner of the recipient mailbox.
Normally
.i sendmail
runs as the sender for locally generated mail
or as
.q daemon
(actually, the user specified in the
.b u
option)
when delivering network mail.
The normal behavior is required by most local mailers,
which will not allow the envelope sender address
to be set unless the mailer is running as daemon.
This flag is ignored if the
.b S
flag is set.
.ip p
Use the route-addr style reverse-path in the SMTP
.q "MAIL FROM:"
command
rather than just the return address;
although this is required in RFC 821 section 3.1,
many hosts do not process reverse-paths properly.
Reverse-paths are officially discouraged by RFC 1123.
.ip P\(dg
This mailer wants a
.q Return-Path:
line.
.ip q
When an address that resolves to this mailer is verified
(SMTP VRFY command),
generate 250 responses instead of 252 responses.
This will imply that the address is local.
.ip r
Same as
.b f ,
but sends a
.b \-r
flag.
.ip R
Open SMTP connections from a
.q secure
port.
Secure ports aren't
(secure, that is)
except on UNIX machines,
so it is unclear that this adds anything.
.i sendmail
must be running as root to be able to use this flag.
.ip s
Strip quote characters (" and \e) off of the address
before calling the mailer.
.ip S
Don't reset the userid
before calling the mailer.
This would be used in a secure environment
where
.i sendmail
ran as root.
This could be used to avoid forged addresses.
If the
.b U=
field is also specified,
this flag causes the effective user id to be set to that user.
.ip u
Upper case should be preserved in user names for this mailer. Standards
require preservation of case in the local part of addresses, except for
those address for which your system accepts responsibility.
RFC 2142 provides a long list of addresses which should be case
insensitive.
If you use this flag, you may be violating RFC 2142.
Note that postmaster is always treated as a case insensitive address
regardless of this flag.
.ip U
This mailer wants UUCP-style
.q From
lines with the ugly
.q "remote from <host>"
on the end.
.ip w
The user must have a valid account on this machine,
i.e.,
.i getpwnam
must succeed.
If not, the mail is bounced.
See also the
.b MailBoxDatabase
option.
This is required to get
.q \&.forward
capability.
.ip W
Ignore long term host status information (see Section
"Persistent Host Status Information").
.ip x\(dg
This mailer wants a
.q Full-Name:
header line.
.ip X
This mailer wants to use the hidden dot algorithm as specified in RFC 821;
basically, any line beginning with a dot will have an extra dot prepended
(to be stripped at the other end).
This insures that lines in the message containing a dot
will not terminate the message prematurely.
.ip z
Run Local Mail Transfer Protocol (LMTP)
between
.i sendmail
and the local mailer.
This is a variant on SMTP
defined in RFC 2033
that is specifically designed for delivery to a local mailbox.
.ip Z
Apply DialDelay (if set) to this mailer.
.ip 0
Don't look up MX records for hosts sent via SMTP/LMTP.
Do not apply
.b FallbackMXhost
either.
.ip 1
Don't send null characters ('\\0') to this mailer.
.ip 2
Don't use ESMTP even if offered; this is useful for broken
systems that offer ESMTP but fail on EHLO (without recovering
when HELO is tried next).
.ip 3
Extend the list of characters converted to =XX notation
when converting to Quoted-Printable
to include those that don't map cleanly between ASCII and EBCDIC.
Useful if you have IBM mainframes on site.
.ip 5
If no aliases are found for this address,
pass the address through ruleset 5 for possible alternate resolution.
This is intended to forward the mail to an alternate delivery spot.
.ip 6
Strip headers to seven bits.
.ip 7
Strip all output to seven bits.
This is the default if the
.b L
flag is set.
Note that clearing this option is not
sufficient to get full eight bit data passed through
.i sendmail .
If the
.b 7
option is set, this is essentially always set,
since the eighth bit was stripped on input.
Note that this option will only impact messages
that didn't have 8\(->7 bit MIME conversions performed.
.ip 8
If set,
it is acceptable to send eight bit data to this mailer;
the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
.ip 9
If set,
do
.i limited
7\(->8 bit MIME conversions.
These conversions are limited to text/plain data.
.ip :
Check addresses to see if they begin
.q :include: ;
if they do, convert them to the
.q *include*
mailer.
.ip |
Check addresses to see if they begin with a `|';
if they do, convert them to the
.q prog
mailer.
.ip /
Check addresses to see if they begin with a `/';
if they do, convert them to the
.q *file*
mailer.
.ip @
Look up addresses in the user database.
.ip %
Do not attempt delivery on initial receipt of a message
or on queue runs
unless the queued message is selected
using one of the -qI/-qR/-qS queue run modifiers
or an ETRN request.
.ip !
Disable an MH hack that drops an explicit
From: header
if it is the same as what sendmail would generate.
.pp
Configuration files prior to level 6
assume the `A', `w', `5', `:', `|', `/', and `@' options
on the mailer named
.q local .
.pp
The mailer with the special name
.q error
can be used to generate a user error.
The (optional) host field is an exit status to be returned,
and the user field is a message to be printed.
The exit status may be numeric or one of the values
USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
to return the corresponding EX_ exit code,
or an enhanced error code as described in RFC 1893,
.ul
Enhanced Mail System Status Codes.
For example, the entry:
.(b
$#error $@ NOHOST $: Host unknown in this domain
.)b
on the RHS of a rule
will cause the specified error to be generated
and the
.q "Host unknown"
exit status to be returned
if the LHS matches.
This mailer is only functional in rulesets 0, 5,
or one of the check_* rulesets.
The host field can also contain the special token
.b quarantine
which instructs sendmail to quarantine the current message.
.pp
The mailer with the special name
.q discard
causes any mail sent to it to be discarded
but otherwise treated as though it were successfully delivered.
This mailer cannot be used in ruleset 0,
only in the various address checking rulesets.
.pp
The mailer named
.q local
.i must
be defined in every configuration file.
This is used to deliver local mail,
and is treated specially in several ways.
Additionally, three other mailers named
.q prog ,
.q *file* ,
and
.q *include*
may be defined to tune the delivery of messages to programs,
files,
and :include: lists respectively.
They default to:
.(b
Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
M*include*, P=/dev/null, F=su, A=INCLUDE $u
.)b
.pp
Builtin pathnames are [FILE] and [IPC], the former is used for
delivery to files, the latter for delivery via interprocess communication.
For mailers that use [IPC] as pathname the argument vector (A=)
must start with TCP or FILE for delivery via a TCP or a Unix domain socket.
If TCP is used, the second argument must be the name of the host
to contact.
Optionally a third argument can be used to specify a port,
the default is smtp (port 25).
If FILE is used, the second argument must be the name of
the Unix domain socket.
.pp
If the argument vector does not contain $u then
.i sendmail
will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer.
.pp
If no Eol field is defined, then the default is "\\r\\n" for
SMTP mailers and "\\n" of others.
.pp
The Sender and Recipient rewriting sets
may either be a simple ruleset id
or may be two ids separated by a slash;
if so, the first rewriting set is applied to envelope
addresses
and the second is applied to headers.
Setting any value to zero disables corresponding mailer-specific rewriting.
.pp
The Directory
is actually a colon-separated path of directories to try.
For example, the definition
.q D=$z:/
first tries to execute in the recipient's home directory;
if that is not available,
it tries to execute in the root of the filesystem.
This is intended to be used only on the
.q prog
mailer,
since some shells (such as
.i csh )
refuse to execute if they cannot read the current directory.
Since the queue directory is not normally readable by unprivileged users
.i csh
scripts as recipients can fail.
.pp
The Userid
specifies the default user and group id to run as,
overriding the
.b DefaultUser
option (q.v.).
If the
.b S
mailer flag is also specified,
this user and group will be set as the
effective uid and gid for the process.
This may be given as
.i user:group
to set both the user and group id;
either may be an integer or a symbolic name to be looked up
in the
.i passwd
and
.i group
files respectively.
If only a symbolic user name is specified,
the group id in the
.i passwd
file for that user is used as the group id.
.pp
The Charset field
is used when converting a message to MIME;
this is the character set used in the
Content-Type: header.
If this is not set, the
.b DefaultCharset
option is used,
and if that is not set, the value
.q unknown-8bit
is used.
.b WARNING:
this field applies to the sender's mailer,
not the recipient's mailer.
For example, if the envelope sender address
lists an address on the local network
and the recipient is on an external network,
the character set will be set from the Charset= field
for the local network mailer,
not that of the external network mailer.
.pp
The Type= field
sets the type information
used in MIME error messages
as defined by
RFC 1894.
It is actually three values separated by slashes:
the MTA-type (that is, the description of how hosts are named),
the address type (the description of e-mail addresses),
and the diagnostic type (the description of error diagnostic codes).
Each of these must be a registered value
or begin with
.q X\- .
The default is
.q dns/rfc822/smtp .
.pp
The m= field specifies the maximum number of messages
to attempt to deliver on a single SMTP or LMTP connection.
The default is infinite.
.pp
The r= field specifies the maximum number of recipients
to attempt to deliver in a single envelope.
It defaults to 100.
.pp
The /= field specifies a new root directory for the mailer. The path is
macro expanded and then passed to the
.q chroot
system call. The root directory is changed before the Directory field is
consulted or the uid is changed.
.pp
The Wait= field specifies the maximum time to wait for the
mailer to return after sending all data to it.
This applies to mailers that have been forked by
.i sendmail .
.pp
The Queuegroup= field specifies the default queue group in which
received mail should be queued.
This can be overridden by other means as explained in section
``Queue Groups and Queue Directories''.
.sh 2 "H \*- Define Header"
.pp
The format of the header lines that
.i sendmail
inserts into the message
are defined by the
.b H
line.
The syntax of this line is one of the following:
.(b F
.b H \c
.i hname \c
.b :
.i htemplate
.)b
.(b F
.b H [\c
.b ? \c
.i mflags \c
.b ? \c
.b ]\c
.i hname \c
.b :
.i htemplate
.)b
.(b F
.b H [\c
.b ?$ \c
.i {macro} \c
.b ? \c
.b ]\c
.i hname \c
.b :
.i htemplate
.)b
Continuation lines in this spec
are reflected directly into the outgoing message.
The
.i htemplate
is macro-expanded before insertion into the message.
If the
.i mflags
(surrounded by question marks)
are specified,
at least one of the specified flags
must be stated in the mailer definition
for this header to be automatically output.
If a
.i ${macro}
(surrounded by question marks)
is specified,
the header will be automatically output
if the macro is set.
The macro may be set using any of the normal methods,
including using the
.b macro
storage map in a ruleset.
If one of these headers is in the input
it is reflected to the output
regardless of these flags or macros.
Notice:
If a
.i ${macro}
is used to set a header, then it is useful to add that macro to class
.i $={persistentMacros}
which consists of the macros that should be saved across queue runs.
.pp
Some headers have special semantics
that will be described later.
.pp
A secondary syntax allows validation of headers as they are being read.
To enable validation, use:
.(b
.b H \c
.i Header \c
.b ": $>" \c
.i Ruleset
.b H \c
.i Header \c
.b ": $>+" \c
.i Ruleset
.)b
The indicated
.i Ruleset
is called for the specified
.i Header ,
and can return
.b $#error
to reject or quarantine the message or
.b $#discard
to discard the message
(as with the other
.b check_ *
rulesets).
The ruleset receives the header field-body as argument,
i.e., not the header field-name; see also
${hdr_name} and ${currHeader}.
The header is treated as a structured field,
that is,
text in parentheses is deleted before processing,
unless the second form
.b $>+
is used.
Note: only one ruleset can be associated with a header;
.i sendmail
will silently ignore multiple entries.
.pp
For example, the configuration lines:
.(b
HMessage-Id: $>CheckMessageId
SCheckMessageId
R< $+ @ $+ > $@ OK
R$* $#error $: Illegal Message-Id header
.)b
would refuse any message that had a Message-Id: header of any of the
following forms:
.(b
Message-Id: <>
Message-Id: some text
Message-Id: <legal text@domain> extra crud
.)b
A default ruleset that is called for headers which don't have a
specific ruleset defined for them can be specified by:
.(b
.b H \c
.i * \c
.b ": $>" \c
.i Ruleset
.)b
or
.(b
.b H \c
.i * \c
.b ": $>+" \c
.i Ruleset
.)b
.sh 2 "O \*- Set Option"
.pp
There are a number of global options that
can be set from a configuration file.
Options are represented by full words;
some are also representable as single characters for back compatibility.
The syntax of this line is:
.(b F
.b O \0
.i option \c
.b = \c
.i value
.)b
This sets option
.i option
to be
.i value .
Note that there
.i must
be a space between the letter `O' and the name of the option.
An older version is:
.(b F
.b O \c
.i o\|value
.)b
where the option
.i o
is a single character.
Depending on the option,
.i value
may be a string, an integer,
a boolean
(with legal values
.q t ,
.q T ,
.q f ,
or
.q F ;
the default is TRUE),
or
a time interval.
.pp
All filenames used in options should be absolute paths,
i.e., starting with '/'.
Relative filenames most likely cause surprises during operation
(unless otherwise noted).
.pp
The options supported (with the old, one character names in brackets) are:
.nr ii 1i
.ip "AliasFile=\fIspec, spec, ...\fP"
[A]
Specify possible alias file(s).
Each
.i spec
should be in the format
``\c
.i class \c
.b :
.i info ''
where
.i class \c
.b :
is optional and defaults to ``implicit''.
Note that
.i info
is required for all
.i class es
except
.q ldap .
For the
.q ldap
class,
if
.i info
is not specified,
a default
.i info
value is used as follows:
.(b
\-k (&(objectClass=sendmailMTAAliasObject)
(sendmailMTAAliasName=aliases)
(|(sendmailMTACluster=${sendmailMTACluster})
(sendmailMTAHost=$j))
(sendmailMTAKey=%0))
\-v sendmailMTAAliasValue
.)b
Depending on how
.i sendmail
is compiled, valid classes are
.q implicit
(search through a compiled-in list of alias file types,
for back compatibility),
.q hash
(if
.sm NEWDB
is specified),
.q btree
(if
.sm NEWDB
is specified),
.q dbm
(if
.sm NDBM
is specified),
+.q cdb
+(if
+.sm CDB
+is specified),
.q stab
(internal symbol table \*- not normally used
unless you have no other database lookup),
.q sequence
(use a sequence of maps
previously declared),
.q ldap
(if
.sm LDAPMAP
is specified),
or
.q nis
(if
.sm NIS
is specified).
If a list of
.i spec s
are provided,
.i sendmail
searches them in order.
.ip AliasWait=\fItimeout\fP
[a]
If set,
wait up to
.i timeout
(units default to minutes)
for an
.q @:@
entry to exist in the alias database
before starting up.
If it does not appear in the
.i timeout
interval issue a warning.
.ip AllowBogusHELO
[no short name]
If set, allow HELO SMTP commands that don't include a host name.
Setting this violates RFC 1123 section 5.2.5,
but is necessary to interoperate with several SMTP clients.
If there is a value, it is still checked for legitimacy.
.ip AuthMaxBits=\fIN\fP
[no short name]
Limit the maximum encryption strength for the security layer in
SMTP AUTH (SASL). Default is essentially unlimited.
This allows to turn off additional encryption in SASL if
STARTTLS is already encrypting the communication, because the
existing encryption strength is taken into account when choosing
an algorithm for the security layer.
For example, if STARTTLS is used and the symmetric cipher is 3DES,
then the the keylength (in bits) is 168.
Hence setting
.b AuthMaxBits
to 168 will disable any encryption in SASL.
.ip AuthMechanisms
[no short name]
List of authentication mechanisms for AUTH (separated by spaces).
The advertised list of authentication mechanisms will be the
intersection of this list and the list of available mechanisms as
determined by the Cyrus SASL library.
If STARTTLS is active, EXTERNAL will be added to this list.
In that case, the value of {cert_subject} is used as authentication id.
.ip AuthOptions
[no short name]
List of options for SMTP AUTH consisting of single characters
with intervening white space or commas.
.(b
.ta 4n
A Use the AUTH= parameter for the MAIL FROM
command only when authentication succeeded.
This can be used as a workaround for broken
MTAs that do not implement RFC 2554 correctly.
a protection from active (non-dictionary) attacks
during authentication exchange.
c require mechanisms which pass client credentials,
and allow mechanisms which can pass credentials
to do so.
d don't permit mechanisms susceptible to passive
dictionary attack.
f require forward secrecy between sessions
(breaking one won't help break next).
m require mechanisms which provide mutual authentication
(only available if using Cyrus SASL v2 or later).
p don't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a
security layer is active.
y don't permit mechanisms that allow anonymous login.
.)b
The first option applies to sendmail as a client, the others to a server.
Example:
.(b
O AuthOptions=p,y
.)b
would disallow ANONYMOUS as AUTH mechanism and would
allow PLAIN and LOGIN only if a security layer (e.g.,
provided by STARTTLS) is already active.
The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
selected SASL mechanisms.
Explanations of these properties can be found in the Cyrus SASL documentation.
.ip AuthRealm
[no short name]
The authentication realm that is passed to the Cyrus SASL library.
If no realm is specified,
.b $j
is used.
See also KNOWNBUGS.
.ip BadRcptThrottle=\fIN\fP
[no short name]
If set and the specified number of recipients in a single SMTP
transaction have been rejected, sleep for one second after each subsequent
RCPT command in that transaction.
.ip BlankSub=\fIc\fP
[B]
Set the blank substitution character to
.i c .
Unquoted spaces in addresses are replaced by this character.
Defaults to space (i.e., no change is made).
.ip CACertPath
[no short name]
Path to directory with certificates of CAs.
This directory directory must contain the hashes of each CA certificate
as filenames (or as links to them).
.ip CACertFile
[no short name]
File containing one or more CA certificates;
see section about STARTTLS for more information.
.ip CertFingerprintAlgorithm
Specify the fingerprint algorithm (digest) to use for the presented cert.
If the option is not set,
md5 is used and the macro
-.p ${cert_md5}
+.b ${cert_md5}
contains the cert fingerprint.
If the option is explicitly set,
the specified algorithm (e.g., sha1) is used
and the macro
.b ${cert_fp}
contains the cert fingerprint.
.ip CipherList
-Specify cipher list for STARTTLS.
+Specify cipher list for STARTTLS (does not apply to TLSv1.3).
See
.i ciphers (1)
for possible values.
.ip CheckAliases
[n]
Validate the RHS of aliases when rebuilding the alias database.
.ip CheckpointInterval=\fIN\fP
[C]
Checkpoints the queue every
.i N
(default 10)
addresses sent.
If your system crashes during delivery to a large list,
this prevents retransmission to any but the last
.i N
recipients.
.ip ClassFactor=\fIfact\fP
[z]
The indicated
.i fact or
is multiplied by the message class
(determined by the Precedence: field in the user header
and the
.b P
lines in the configuration file)
and subtracted from the priority.
Thus, messages with a higher Priority: will be favored.
Defaults to 1800.
.ip ClientCertFile
[no short name]
File containing the certificate of the client, i.e., this certificate
is used when
.i sendmail
acts as client (for STARTTLS).
.ip ClientKeyFile
[no short name]
File containing the private key belonging to the client certificate
(for STARTTLS if
.i sendmail
runs as client).
.ip ClientPortOptions=\fIoptions\fP
[O]
Set client SMTP options.
The options are
.i key=value
pairs separated by commas.
Known keys are:
.(b
.ta 1i
Port Name/number of source port for connection (defaults to any free port)
Addr Address mask (defaults INADDR_ANY)
Family Address family (defaults to INET)
SndBufSize Size of TCP send buffer
RcvBufSize Size of TCP receive buffer
Modifier Options (flags) for the client
.)b
The
.i Addr ess
mask may be a numeric address in IPv4 dot notation or IPv6 colon notation
or a network name.
Note that if a network name is specified,
only the first IP address returned for it will be used.
This may cause indeterminate behavior for network names
that resolve to multiple addresses.
Therefore, use of an address is recommended.
.i Modifier
can be the following character:
.(b
.ta 1i
h use name of interface for HELO command
A don't use AUTH when sending e-mail
S don't use STARTTLS when sending e-mail
.)b
If ``h'' is set, the name corresponding to the outgoing interface
address (whether chosen via the Connection parameter or
the default) is used for the HELO/EHLO command.
However, the name must not start with a square bracket
and it must contain at least one dot.
This is a simple test whether the name is not
an IP address (in square brackets) but a qualified hostname.
Note that multiple ClientPortOptions settings are allowed
in order to give settings for each protocol family
(e.g., one for Family=inet and one for Family=inet6).
A restriction placed on one family only affects
outgoing connections on that particular family.
.ip ClientSSLOptions
A space or comma separated list of SSL related options for the client side.
See
.i SSL_CTX_set_options (3)
for a list;
the available values depend on the OpenSSL version against which
.i sendmail
is compiled.
By default,
.i SSL_OP_ALL
.i SSL_OP_NO_SSLv2
.i SSL_OP_NO_TICKET
.i -SSL_OP_TLSEXT_PADDING
are used
(if those options are available).
-Options can be cleared by preceeding them with a minus sign.
+Options can be cleared by preceding them with a minus sign.
It is also possible to specify numerical values, e.g.,
.b -0x0010 .
.ip ColonOkInAddr
[no short name]
If set, colons are acceptable in e-mail addresses
(e.g.,
.q host:user ).
If not set, colons indicate the beginning of a RFC 822 group construct
(\c
.q "groupname: member1, member2, ... memberN;" ).
Doubled colons are always acceptable
(\c
.q nodename::user )
and proper route-addr nesting is understood
(\c
.q <@relay:user@host> ).
Furthermore, this option defaults on if the configuration version level
is less than 6 (for back compatibility).
However, it must be off for full compatibility with RFC 822.
.ip ConnectionCacheSize=\fIN\fP
[k]
The maximum number of open connections that will be cached at a time.
The default is one.
This delays closing the current connection until
either this invocation of
.i sendmail
needs to connect to another host
or it terminates.
Setting it to zero defaults to the old behavior,
that is, connections are closed immediately.
Since this consumes file descriptors,
the connection cache should be kept small:
4 is probably a practical maximum.
.ip ConnectionCacheTimeout=\fItimeout\fP
[K]
The maximum amount of time a cached connection will be permitted to idle
without activity.
If this time is exceeded,
the connection is immediately closed.
This value should be small (on the order of ten minutes).
Before
.i sendmail
uses a cached connection,
it always sends a RSET command
to check the connection;
if this fails, it reopens the connection.
This keeps your end from failing if the other end times out.
The point of this option is to be a good network neighbor
and avoid using up excessive resources
on the other end.
The default is five minutes.
.ip ConnectOnlyTo=\fIaddress\fP
[no short name]
This can be used to
override the connection address (for testing purposes).
.ip ConnectionRateThrottle=\fIN\fP
[no short name]
If set to a positive value,
allow no more than
.i N
incoming connections in a one second period per daemon.
This is intended to flatten out peaks
and allow the load average checking to cut in.
Defaults to zero (no limits).
.ip ConnectionRateWindowSize=\fIN\fP
[no short name]
Define the length of the interval for which
the number of incoming connections is maintained.
The default is 60 seconds.
.ip ControlSocketName=\fIname\fP
[no short name]
Name of the control socket for daemon management.
A running
.i sendmail
daemon can be controlled through this named socket.
Available commands are:
.i help,
.i mstat,
.i restart,
.i shutdown,
and
.i status.
The
.i status
command returns the current number of daemon children,
the maximum number of daemon children,
the free disk space (in blocks) of the queue directory,
and the load average of the machine expressed as an integer.
If not set, no control socket will be available.
Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
.ip CRLFile=\fIname\fP
[no short name]
Name of file that contains certificate
revocation status, useful for X.509v3 authentication.
-CRL checking requires at least OpenSSL version 0.9.7.
Note: if a CRLFile is specified but the file is unusable,
STARTTLS is disabled.
+.ip CRLPath=\fIname\fP
+[no short name]
+Name of directory that contains hashes pointing to
+certificate revocation status files.
+Symbolic links can be generated with the following
+two (Bourne) shell commands:
+.(b
+C=FileName_of_CRL
+ln -s $C `openssl crl -noout -hash < $C`.r0
+.)b
.ip DHParameters
This option applies to the server side only.
Possible values are:
.(b
.ta 2i
5 use precomputed 512 bit prime.
1 generate 1024 bit prime
2 generate 2048 bit prime.
i use included precomputed 2048 bit prime (default).
none do not use Diffie-Hellman.
/path/to/file load prime from file.
.)b
This is only required if a ciphersuite containing DSA/DH is used.
The default is ``i'' which selects a precomputed, fixed 2048 bit prime.
If ``5'' is selected, then precomputed, fixed primes are used.
Note: this option should not be used
(unless necessary for compatibility with old implementations).
If ``1'' or ``2'' is selected, then prime values are computed during startup.
Note: this operation can take a significant amount of time on a
slow machine (several seconds), but it is only done once at startup.
If ``none'' is selected, then TLS ciphersuites containing DSA/DH
cannot be used.
If a file name is specified (which must be an absolute path),
then the primes are read from it.
It is recommended to generate such a file using a command like this:
.(b
openssl dhparam -out /etc/mail/dhparams.pem 2048
.)b
If the file is not readable or contains unusable data,
the default ``i'' is used instead.
.ip DaemonPortOptions=\fIoptions\fP
[O]
Set server SMTP options.
Each instance of
.b DaemonPortOptions
leads to an additional incoming socket.
The options are
.i key=value
pairs.
Known keys are:
.(b
.ta 1i
Name User-definable name for the daemon (defaults to "Daemon#")
Port Name/number of listening port (defaults to "smtp")
Addr Address mask (defaults INADDR_ANY)
Family Address family (defaults to INET)
InputMailFilters List of input mail filters for the daemon
Listen Size of listen queue (defaults to 10)
Modifier Options (flags) for the daemon
SndBufSize Size of TCP send buffer
RcvBufSize Size of TCP receive buffer
children maximum number of children per daemon, see \fBMaxDaemonChildren\fP.
DeliveryMode Delivery mode per daemon, see \fBDeliveryMode\fP.
refuseLA RefuseLA per daemon
delayLA DelayLA per daemon
queueLA QueueLA per daemon
.)b
The
.i Name
key is used for error messages and logging.
The
.i Addr ess
mask may be
a numeric address in IPv4 dot notation or IPv6 colon notation,
or a network name,
or a path to a local socket.
Note that if a network name is specified,
only the first IP address returned for it will be used.
This may cause indeterminate behavior for network names
that resolve to multiple addresses.
Therefore, use of an address is recommended.
The
.i Family
key defaults to INET (IPv4).
IPv6 users who wish to also accept IPv6 connections
should add additional Family=inet6
.b DaemonPortOptions
lines.
For a local socket, use
Family=local
or
Family=unix.
The
.i InputMailFilters
key overrides the default list of input mail filters listed in the
.b InputMailFilters
option.
If multiple input mail filters are required, they must be separated
by semicolons (not commas).
.i Modifier
can be a sequence (without any delimiters)
of the following characters:
.(b
.ta 1i
-a always require authentication
+a always require AUTH
b bind to interface through which mail has been received
c perform hostname canonification (.cf)
f require fully qualified hostname (.cf)
s Run smtps (SMTP over SSL) instead of smtp
u allow unqualified addresses (.cf)
A disable AUTH (overrides 'a' modifier)
C don't perform hostname canonification
E disallow ETRN (see RFC 2476)
O optional; if opening the socket fails ignore it
S don't offer STARTTLS
.)b
That is, one way to specify a message submission agent (MSA) that
-always requires authentication is:
+always requires AUTH is:
.(b
O DaemonPortOptions=Name=MSA, Port=587, M=Ea
.)b
The modifiers that are marked with "(.cf)" have only
effect in the standard configuration file, in which
they are available via
.b ${daemon_flags} .
Notice: Do
.b not
use the ``a'' modifier on a public accessible MTA!
It should only be used for a MSA that is accessed by authorized
users for initial mail submission.
Users must authenticate to use a MSA which has this option turned on.
The flags ``c'' and ``C'' can change the default for
hostname canonification in the
.i sendmail.cf
file.
See the relevant documentation for
.sm FEATURE(nocanonify) .
The modifier ``f'' disallows addresses of the form
.b user@host
unless they are submitted directly.
The flag ``u'' allows unqualified sender addresses,
i.e., those without @host.
``b'' forces sendmail to bind to the interface
through which the e-mail has been
received for the outgoing connection.
.b WARNING:
Use ``b''
only if outgoing mail can be routed through the incoming connection's
interface to its destination. No attempt is made to catch problems due to a
misconfiguration of this parameter, use it only for virtual hosting
where each virtual interface can connect to every possible location.
This will also override possible settings via
.b ClientPortOptions.
Note,
.i sendmail
will listen on a new socket
-for each occurence of the
+for each occurrence of the
.b DaemonPortOptions
option in a configuration file.
The modifier ``O'' causes sendmail to ignore a socket
if it can't be opened.
This applies to failures from the socket(2) and bind(2) calls.
.ip DefaultAuthInfo
[no short name]
Filename that contains default authentication information for outgoing
connections. This file must contain the user id, the authorization id,
the password (plain text), the realm and the list of mechanisms to use
on separate lines and must be readable by
root (or the trusted user) only.
If no realm is specified,
.b $j
is used.
If no mechanisms are specified, the list given by
.b AuthMechanisms
is used.
Notice: this option is deprecated and will be removed in future versions.
Moreover, it doesn't work for the MSP since it can't read the file
(the file must not be group/world-readable otherwise
.i sendmail
will complain).
Use the authinfo ruleset instead which provides more control over
the usage of the data anyway.
.ip DefaultCharSet=\fIcharset\fP
[no short name]
When a message that has 8-bit characters but is not in MIME format
is converted to MIME
(see the EightBitMode option)
a character set must be included in the Content-Type: header.
This character set is normally set from the Charset= field
of the mailer descriptor.
If that is not set, the value of this option is used.
If this option is not set, the value
.q unknown-8bit
is used.
.ip DataFileBufferSize=\fIthreshold\fP
[no short name]
Set the
.i threshold ,
in bytes,
before a memory-based
queue data file
becomes disk-based.
The default is 4096 bytes.
.ip DeadLetterDrop=\fIfile\fP
[no short name]
Defines the location of the system-wide dead.letter file,
formerly hardcoded to /usr/tmp/dead.letter.
If this option is not set (the default),
sendmail will not attempt to save to a system-wide dead.letter file
in the event
it cannot bounce the mail to the user or postmaster.
Instead, it will rename the qf file
as it has in the past
when the dead.letter file could not be opened.
.ip DefaultUser=\fIuser:group\fP
[u]
Set the default userid for mailers to
.i user:group .
If
.i group
is omitted and
.i user
is a user name
(as opposed to a numeric user id)
the default group listed in the /etc/passwd file for that user is used
as the default group.
Both
.i user
and
.i group
may be numeric.
Mailers without the
.i S
flag in the mailer definition
will run as this user.
Defaults to 1:1.
The value can also be given as a symbolic user name.\**
.(f
\**The old
.b g
option has been combined into the
.b DefaultUser
option.
.)f
.ip DelayLA=\fILA\fP
[no short name]
When the system load average exceeds
.i LA ,
.i sendmail
will sleep for one second on most SMTP commands and
before accepting connections.
.ip DeliverByMin=\fItime\fP
[0]
Set minimum time for Deliver By SMTP Service Extension (RFC 2852).
If 0, no time is listed, if less than 0, the extension is not offered,
if greater than 0, it is listed as minimum time
for the EHLO keyword DELIVERBY.
.ip DeliveryMode=\fIx\fP
[d]
Deliver in mode
.i x .
Legal modes are:
.(b
.ta 4n
i Deliver interactively (synchronously)
b Deliver in background (asynchronously)
q Just queue the message (deliver during queue run)
d Defer delivery and all map lookups (deliver during queue run)
.)b
Defaults to ``b'' if no option is specified,
``i'' if it is specified but given no argument
(i.e., ``Od'' is equivalent to ``Odi'').
The
.b \-v
command line flag sets this to
.b i .
Note: for internal reasons,
``i'' does not work
if a milter is enabled which can reject or delete recipients.
In that case the mode will be changed to ``b''.
.ip DialDelay=\fIsleeptime\fP
[no short name]
Dial-on-demand network connections can see timeouts
if a connection is opened before the call is set up.
If this is set to an interval and a connection times out
on the first connection being attempted
.i sendmail
will sleep for this amount of time and try again.
This should give your system time to establish the connection
to your service provider.
Units default to seconds, so
.q DialDelay=5
uses a five second delay.
Defaults to zero
(no retry).
This delay only applies to mailers which have the
Z flag set.
.ip DirectSubmissionModifiers=\fImodifiers\fP
Defines
.b ${daemon_flags}
for direct (command line) submissions.
If not set,
.b ${daemon_flags}
is either "CC f" if the option
.b \-G
is used or "c u" otherwise.
Note that only the the "CC", "c", "f", and "u" flags are checked.
.ip DontBlameSendmail=\fIoption,option,...\fP
[no short name]
In order to avoid possible cracking attempts
caused by world- and group-writable files and directories,
.i sendmail
does paranoid checking when opening most of its support files.
If for some reason you absolutely must run with,
for example,
a group-writable
.i /etc
directory,
then you will have to turn off this checking
(at the cost of making your system more vulnerable to attack).
The possible arguments have been described earlier.
The details of these flags are described above.
.\"XXX should have more here!!! XXX
.b "Use of this option is not recommended."
.ip DontExpandCnames
[no short name]
The standards say that all host addresses used in a mail message
must be fully canonical.
For example, if your host is named
.q Cruft.Foo.ORG
and also has an alias of
.q FTP.Foo.ORG ,
the former name must be used at all times.
This is enforced during host name canonification
($[ ... $] lookups).
If this option is set, the protocols are ignored and the
.q wrong
thing is done.
However, the IETF is moving toward changing this standard,
so the behavior may become acceptable.
Please note that hosts downstream may still rewrite the address
to be the true canonical name however.
.ip DontInitGroups
[no short name]
If set,
.i sendmail
will avoid using the initgroups(3) call.
If you are running NIS,
this causes a sequential scan of the groups.byname map,
which can cause your NIS server to be badly overloaded in a large domain.
The cost of this is that the only group found for users
will be their primary group (the one in the password file),
which will make file access permissions somewhat more restrictive.
Has no effect on systems that don't have group lists.
.ip DontProbeInterfaces
[no short name]
.i Sendmail
normally finds the names of all interfaces active on your machine
when it starts up
and adds their name to the
.b $=w
class of known host aliases.
If you have a large number of virtual interfaces
or if your DNS inverse lookups are slow
this can be time consuming.
This option turns off that probing.
However, you will need to be certain to include all variant names
in the
.b $=w
class by some other mechanism.
If set to
.b loopback ,
loopback interfaces (e.g., lo0) will not be probed.
.ip DontPruneRoutes
[R]
Normally,
.i sendmail
tries to eliminate any unnecessary explicit routes
when sending an error message
(as discussed in RFC 1123 \(sc 5.2.6).
For example,
when sending an error message to
.(b
<@known1,@known2,@known3:user@unknown>
.)b
.i sendmail
will strip off the
.q @known1,@known2
in order to make the route as direct as possible.
However, if the
.b R
option is set, this will be disabled,
and the mail will be sent to the first address in the route,
even if later addresses are known.
This may be useful if you are caught behind a firewall.
.ip DoubleBounceAddress=\fIerror-address\fP
[no short name]
If an error occurs when sending an error message,
send the error report
(termed a
.q "double bounce"
because it is an error
.q bounce
that occurs when trying to send another error
.q bounce )
to the indicated address.
The address is macro expanded
at the time of delivery.
If not set, defaults to
.q postmaster .
If set to an empty string, double bounces are dropped.
.ip EightBitMode=\fIaction\fP
[8]
Set handling of eight-bit data.
There are two kinds of eight-bit data:
that declared as such using the
.b BODY=8BITMIME
ESMTP declaration or the
.b \-B8BITMIME
command line flag,
and undeclared 8-bit data, that is,
input that just happens to be eight bits.
There are three basic operations that can happen:
undeclared 8-bit data can be automatically converted to 8BITMIME,
undeclared 8-bit data can be passed as-is without conversion to MIME
(``just send 8''),
and declared 8-bit data can be converted to 7-bits
for transmission to a non-8BITMIME mailer.
The possible
.i action s
are:
.(b
.\" r Reject undeclared 8-bit data;
.\" don't convert 8BITMIME\(->7BIT (``reject'')
s Reject undeclared 8-bit data (``strict'')
.\" do convert 8BITMIME\(->7BIT (``strict'')
.\" c Convert undeclared 8-bit data to MIME;
.\" don't convert 8BITMIME\(->7BIT (``convert'')
m Convert undeclared 8-bit data to MIME (``mime'')
.\" do convert 8BITMIME\(->7BIT (``mime'')
.\" j Pass undeclared 8-bit data;
.\" don't convert 8BITMIME\(->7BIT (``just send 8'')
p Pass undeclared 8-bit data (``pass'')
.\" do convert 8BITMIME\(->7BIT (``pass'')
.\" a Adaptive algorithm: see below
.)b
.\"The adaptive algorithm is to accept 8-bit data,
.\"converting it to 8BITMIME only if the receiver understands that,
.\"otherwise just passing it as undeclared 8-bit data;
.\"8BITMIME\(->7BIT conversions are done.
In all cases properly declared 8BITMIME data will be converted to 7BIT
as needed.
+.p
+Note: if an automatic conversion is performed, a header with
+the following format will be added:
+.(b
+X-MIME-Autoconverted: from OLD to NEW by $j id $i
+.)b
+where
+.\" format?
+OLD
+and
+NEW
+describe the original format and the converted format, respectively.
.ip ErrorHeader=\fIfile-or-message\fP
[E]
Prepend error messages with the indicated message.
If it begins with a slash,
it is assumed to be the pathname of a file
containing a message (this is the recommended setting).
Otherwise, it is a literal message.
The error file might contain the name, email address, and/or phone number
of a local postmaster who could provide assistance
to end users.
If the option is missing or null,
or if it names a file which does not exist or which is not readable,
no message is printed.
.ip ErrorMode=\fIx\fP
[e]
Dispose of errors using mode
.i x .
The values for
.i x
are:
.(b
p Print error messages (default)
q No messages, just give exit status
m Mail back errors
w Write back errors (mail if user not logged in)
e Mail back errors (when applicable) and give zero exit stat always
.)b
Note that the last mode,
.q e ,
is for Berknet error processing and
should not be used in normal circumstances.
Note, too, that mode
.q q ,
only applies to errors recognized before sendmail forks for
background delivery.
.ip FallbackMXhost=\fIfallbackhost\fP
[V]
If specified, the
.i fallbackhost
acts like a very low priority MX
on every host.
MX records will be looked up for this host,
unless the name is surrounded by square brackets.
This is intended to be used by sites with poor network connectivity.
Messages which are undeliverable due to temporary address failures
(e.g., DNS failure)
also go to the FallbackMXhost.
.ip FallBackSmartHost=\fIhostname\fP
If specified, the
.i FallBackSmartHost
will be used in a last-ditch effort for each host.
This is intended to be used by sites with "fake internal DNS",
e.g., a company whose DNS accurately reflects the world
inside that company's domain but not outside.
.ip FastSplit
[no short name]
If set to a value greater than zero (the default is one),
it suppresses the MX lookups on addresses
when they are initially sorted, i.e., for the first delivery attempt.
This usually results in faster envelope splitting unless the MX records
are readily available in a local DNS cache.
To enforce initial sorting based on MX records set
.b FastSplit
to zero.
If the mail is submitted directly from the command line, then
the value also limits the number of processes to deliver the envelopes;
if more envelopes are created they are only queued up
and must be taken care of by a queue run.
Since the default submission method is via SMTP (either from a MUA
or via the MSP), the value of
.b FastSplit
is seldom used to limit the number of processes to deliver the envelopes.
.ip ForkEachJob
[Y]
If set,
deliver each job that is run from the queue in a separate process.
.ip ForwardPath=\fIpath\fP
[J]
Set the path for searching for users' .forward files.
The default is
.q $z/.forward .
Some sites that use the automounter may prefer to change this to
.q /var/forward/$u
to search a file with the same name as the user in a system directory.
It can also be set to a sequence of paths separated by colons;
.i sendmail
stops at the first file it can successfully and safely open.
For example,
.q /var/forward/$u:$z/.forward
will search first in /var/forward/\c
.i username
and then in
.i ~username /.forward
(but only if the first file does not exist).
.ip HeloName=\fIname\fP
[no short name]
Set the name to be used for HELO/EHLO (instead of $j).
+.ip HelpFile=\fIfile\fP
+[H]
+Specify the help file for SMTP.
+If no file name is specified, "helpfile" is used.
.ip HoldExpensive
[c]
If an outgoing mailer is marked as being expensive,
don't connect immediately.
.ip HostsFile=\fIpath\fP
[no short name]
The path to the hosts database,
normally
.q /etc/hosts .
This option is only consulted when sendmail
is canonifying addresses,
and then only when
.q files
is in the
.q hosts
service switch entry.
In particular, this file is
.i never
used when looking up host addresses;
that is under the control of the system
.i gethostbyname (3)
routine.
.ip HostStatusDirectory=\fIpath\fP
[no short name]
The location of the long term host status information.
When set,
information about the status of hosts
(e.g., host down or not accepting connections)
will be shared between all
.i sendmail
processes;
normally, this information is only held within a single queue run.
This option requires a connection cache of at least 1 to function.
If the option begins with a leading `/',
it is an absolute pathname;
otherwise,
it is relative to the mail queue directory.
A suggested value for sites desiring persistent host status is
.q \&.hoststat
(i.e., a subdirectory of the queue directory).
.ip IgnoreDots
[i]
Ignore dots in incoming messages.
This is always disabled (that is, dots are always accepted)
when reading SMTP mail.
.ip InputMailFilters=\fIname,name,...\fP
A comma separated list of filters which determines which filters
(see the "X \*- Mail Filter (Milter) Definitions" section)
and the invocation sequence are contacted for incoming SMTP messages.
If none are set, no filters will be contacted.
.ip LDAPDefaultSpec=\fIspec\fP
[no short name]
Sets a default map specification for LDAP maps.
The value should only contain LDAP specific settings
such as
.q "-h host -p port -d bindDN" .
The settings will be used for all LDAP maps
unless the individual map specification overrides a setting.
This option should be set before any LDAP maps are defined.
.ip LogLevel=\fIn\fP
[L]
Set the log level to
.i n .
Defaults to 9.
.ip M\fIx\|value\fP
[no long version]
Set the macro
.i x
to
.i value .
This is intended only for use from the command line.
The
.b \-M
flag is preferred.
.ip MailboxDatabase
[no short name]
Type of lookup to find information about local mailboxes,
defaults to ``pw'' which uses
.i getpwnam .
Other types can be introduced by adding them to the source code,
see libsm/mbdb.c for details.
.ip UseMSP
[no short name]
Use as mail submission program, i.e.,
allow group writable queue files
if the group is the same as that of a set-group-ID sendmail binary.
See the file
.b sendmail/SECURITY
in the distribution tarball.
.ip MatchGECOS
[G]
Allow fuzzy matching on the GECOS field.
If this flag is set,
and the usual user name lookups fail
(that is, there is no alias with this name and a
.i getpwnam
fails),
sequentially search the password file
for a matching entry in the GECOS field.
This also requires that MATCHGECOS
be turned on during compilation.
This option is not recommended.
.ip MaxAliasRecursion=\fIN\fP
[no short name]
The maximum depth of alias recursion (default: 10).
.ip MaxDaemonChildren=\fIN\fP
[no short name]
If set,
.i sendmail
will refuse connections when it has more than
.i N
children processing incoming mail or automatic queue runs.
This does not limit the number of outgoing connections.
If the default
.b DeliveryMode
(background) is used, then
.i sendmail
may create an almost unlimited number of children
(depending on the number of transactions and the
relative execution times of mail receiption and mail delivery).
If the limit should be enforced, then a
.b DeliveryMode
other than background must be used.
If not set, there is no limit to the number of children --
that is, the system load average controls this.
.ip MaxHeadersLength=\fIN\fP
[no short name]
-The maximum length of the sum of all headers.
+If set to a value greater than zero it specifies
+the maximum length of the sum of all headers.
This can be used to prevent a denial of service attack.
-The default is no limit.
+The default is 32K.
.ip MaxHopCount=\fIN\fP
[h]
The maximum hop count.
Messages that have been processed more than
.i N
times are assumed to be in a loop and are rejected.
Defaults to 25.
.ip MaxMessageSize=\fIN\fP
[no short name]
Specify the maximum message size
to be advertised in the ESMTP EHLO response.
Messages larger than this will be rejected.
If set to a value greater than zero,
that value will be listed in the SIZE response,
otherwise SIZE is advertised in the ESMTP EHLO response
without a parameter.
.ip MaxMimeHeaderLength=\fIN[/M]\fP
[no short name]
Sets the maximum length of certain MIME header field values to
.i N
characters.
These MIME header fields are determined by being a member of
class {checkMIMETextHeaders}, which currently contains only
the header Content-Description.
For some of these headers which take parameters,
the maximum length of each parameter is set to
.i M
if specified. If
.i /M
is not specified, one half of
.i N
will be used.
By default,
these values are 2048 and 1024, respectively.
To allow any length, a value of 0 can be specified.
.ip MaxNOOPCommands=\fIN\fP
Override the default of
.b MAXNOOPCOMMANDS
for the number of
.i useless
commands, see Section
"Measures against Denial of Service Attacks".
.ip MaxQueueChildren=\fIN\fP
[no short name]
When set, this limits the number of concurrent queue runner processes to
.i N.
This helps to control the amount of system resources used when processing
the queue. When there are multiple queue groups defined and the total number
of queue runners for these queue groups would exceed
.i MaxQueueChildren
then the queue groups will not all run concurrently. That is, some portion
of the queue groups will run concurrently such that
.i MaxQueueChildren
will not be exceeded, while the remaining queue groups will be run later (in
round robin order). See also
.i MaxRunnersPerQueue
and the section \fBQueue Group Declaration\fP.
Notice:
.i sendmail
does not count individual queue runners, but only sets of processes
that act on a workgroup.
Hence the actual number of queue runners may be lower than the limit
imposed by
.i MaxQueueChildren .
This discrepancy can be large if some queue runners have to wait
for a slow server and if short intervals are used.
.ip MaxQueueRunSize=\fIN\fP
[no short name]
The maximum number of jobs that will be processed
in a single queue run.
If not set, there is no limit on the size.
If you have very large queues or a very short queue run interval
this could be unstable.
However, since the first
.i N
jobs in queue directory order are run (rather than the
.i N
highest priority jobs)
this should be set as high as possible to avoid
.q losing
jobs that happen to fall late in the queue directory.
Note: this option also restricts the number of entries printed by
.i mailq .
That is, if
.i MaxQueueRunSize
is set to a value
.b N
larger than zero,
then only
.b N
entries are printed per queue group.
.ip MaxRecipientsPerMessage=\fIN\fP
[no short name]
The maximum number of recipients that will be accepted per message
in an SMTP transaction.
Note: setting this too low can interfere with sending mail from
MUAs that use SMTP for initial submission.
If not set, there is no limit on the number of recipients per envelope.
.ip MaxRunnersPerQueue=\fIN\fP
[no short name]
This sets the default maximum number of queue runners for queue groups.
Up to
.i N
queue runners will work in parallel on a queue group's messages.
This is useful where the processing of a message in the queue might
delay the processing of subsequent messages. Such a delay may be the result
of non-erroneous situations such as a low bandwidth connection.
May be overridden on a per queue group basis by setting the
.i Runners
option; see the section \fBQueue Group Declaration\fP.
The default is 1 when not set.
.ip MeToo
[m]
Send to me too,
even if I am in an alias expansion.
This option is deprecated
and will be removed from a future version.
.ip Milter
[no short name]
This option has several sub(sub)options.
The names of the suboptions are separated by dots.
At the first level the following options are available:
.(b
.ta \w'LogLevel'u+3n
LogLevel Log level for input mail filter actions, defaults to LogLevel.
macros Specifies list of macro to transmit to filters.
See list below.
.)b
The ``macros'' option has the following suboptions
which specify the list of macro to transmit to milters
after a certain event occurred.
.(b
.ta \w'envfrom'u+3n
connect After session connection start
helo After EHLO/HELO command
envfrom After MAIL From command
envrcpt After RCPT To command
data After DATA command.
eoh After DATA command and header
eom After DATA command and terminating ``.''
.)b
By default the lists of macros are empty.
Example:
.(b
O Milter.LogLevel=12
O Milter.macros.connect=j, _, {daemon_name}
.)b
.ip MinFreeBlocks=\fIN\fP
[b]
Insist on at least
.i N
blocks free on the filesystem that holds the queue files
before accepting email via SMTP.
If there is insufficient space
.i sendmail
gives a 452 response
to the MAIL command.
This invites the sender to try again later.
.ip MaxQueueAge=\fIage\fP
[no short name]
If this is set to a value greater than zero,
entries in the queue will be retried during a queue run
only if the individual retry time has been reached
which is doubled for each attempt.
The maximum retry time is limited by the specified value.
.ip MinQueueAge=\fIage\fP
[no short name]
Don't process any queued jobs
that have been in the queue less than the indicated time interval.
This is intended to allow you to get responsiveness
by processing the queue fairly frequently
without thrashing your system by trying jobs too often.
The default units are minutes.
Note:
This option is ignored for queue runs that select a subset
of the queue, i.e.,
.q \-q[!][I|R|S|Q][string]
.ip MustQuoteChars=\fIs\fP
[no short name]
Sets the list of characters that must be quoted if used in a full name
that is in the phrase part of a ``phrase <address>'' syntax.
The default is ``\'.''.
The characters ``@,;:\e()[]'' are always added to this list.
+Note: To avoid potential breakage of
+DKIM signatures it is useful to set
+.(b
+O MustQuoteChars=.
+.)b
+Moreover, relaxed header signing should be used for DKIM signatures.
.ip NiceQueueRun
[no short name]
The priority of queue runners (nice(3)).
This value must be greater or equal zero.
.ip NoRecipientAction
[no short name]
The action to take when you receive a message that has no valid
recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
the last included for back compatibility with old
.i sendmail s).
It can be
.b None
to pass the message on unmodified,
which violates the protocol,
.b Add-To
to add a To: header with any recipients it can find in the envelope
(which might expose Bcc: recipients),
.b Add-Apparently-To
to add an Apparently-To: header
(this is only for back-compatibility
and is officially deprecated),
.b Add-To-Undisclosed
to add a header
.q "To: undisclosed-recipients:;"
to make the header legal without disclosing anything,
or
.b Add-Bcc
to add an empty Bcc: header.
.ip OldStyleHeaders
[o]
Assume that the headers may be in old format,
i.e.,
spaces delimit names.
This actually turns on
an adaptive algorithm:
if any recipient address contains a comma, parenthesis,
or angle bracket,
it will be assumed that commas already exist.
If this flag is not on,
only commas delimit names.
Headers are always output with commas between the names.
Defaults to off.
.ip OperatorChars=\fIcharlist\fP
[$o macro]
The list of characters that are considered to be
.q operators ,
that is, characters that delimit tokens.
All operator characters are tokens by themselves;
sequences of non-operator characters are also tokens.
White space characters separate tokens
but are not tokens themselves \(em for example,
.q AAA.BBB
has three tokens, but
.q "AAA BBB"
has two.
If not set, OperatorChars defaults to
.q \&.\|:\|@\|[\|] ;
additionally, the characters
.q (\|)\|<\|>\|,\|;
are always operators.
Note that OperatorChars must be set in the
configuration file before any rulesets.
.ip PidFile=\fIfilename\fP
[no short name]
Filename of the pid file.
(default is _PATH_SENDMAILPID).
The
.i filename
is macro-expanded before it is opened, and unlinked when
.i sendmail
exits.
.ip PostmasterCopy=\fIpostmaster\fP
[P]
If set,
copies of error messages will be sent to the named
.i postmaster .
Only the header of the failed message is sent.
Errors resulting from messages with a negative precedence will not be sent.
Since most errors are user problems,
this is probably not a good idea on large sites,
and arguably contains all sorts of privacy violations,
but it seems to be popular with certain operating systems vendors.
The address is macro expanded
at the time of delivery.
Defaults to no postmaster copies.
.ip PrivacyOptions=\fI\|opt,opt,...\fP
[p]
Set the privacy
.i opt ions.
``Privacy'' is really a misnomer;
many of these are just a way of insisting on stricter adherence
to the SMTP protocol.
The
.i opt ions
can be selected from:
.(b
.ta \w'noactualrecipient'u+3n
public Allow open access
needmailhelo Insist on HELO or EHLO command before MAIL
needexpnhelo Insist on HELO or EHLO command before EXPN
noexpn Disallow EXPN entirely, implies noverb.
needvrfyhelo Insist on HELO or EHLO command before VRFY
novrfy Disallow VRFY entirely
noetrn Disallow ETRN entirely
noverb Disallow VERB entirely
restrictmailq Restrict mailq command
restrictqrun Restrict \-q command line flag
restrictexpand Restrict \-bv and \-v command line flags
noreceipts Don't return success DSNs\**
nobodyreturn Don't return the body of a message with DSNs
goaway Disallow essentially all SMTP status queries
authwarnings Put X-Authentication-Warning: headers in messages
and log warnings
noactualrecipient Don't put X-Actual-Recipient lines in DSNs
which reveal the actual account that addresses map to.
.)b
.(f
\**N.B.:
the
.b noreceipts
flag turns off support for RFC 1891
(Delivery Status Notification).
.)f
The
.q goaway
pseudo-flag sets all flags except
.q noreceipts ,
.q restrictmailq ,
.q restrictqrun ,
.q restrictexpand ,
.q noetrn ,
and
.q nobodyreturn .
If mailq is restricted,
only people in the same group as the queue directory
can print the queue.
If queue runs are restricted,
only root and the owner of the queue directory
can run the queue.
The
.q restrictexpand
pseudo-flag instructs
.i sendmail
to drop privileges when the
.b \-bv
option is given by users who are neither root nor the TrustedUser
so users cannot read private aliases, forwards, or :include: files.
It will add the
.q NonRootSafeAddr
to the
.q DontBlameSendmail
option to prevent misleading unsafe address warnings.
It also overrides the
.b \-v
(verbose) command line option to prevent information leakage.
Authentication Warnings add warnings about various conditions
that may indicate attempts to spoof the mail system,
such as using a non-standard queue directory.
.ip ProcessTitlePrefix=\fIstring\fP
[no short name]
Prefix the process title shown on 'ps' listings with
.i string .
The
.i string
will be macro processed.
.ip QueueDirectory=\fIdir\fP
[Q]
The QueueDirectory option serves two purposes.
First, it specifies the directory or set of directories that comprise
the default queue group.
Second, it specifies the directory D which is the ancestor of all queue
directories, and which sendmail uses as its current working directory.
When sendmail dumps core, it leaves its core files in D.
There are two cases.
If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd*\fR),
then all of the directories or symbolic links to directories
beginning with `qd' in
.i /var/spool/mqueue
will be used as queue directories of the default queue group,
and
.i /var/spool/mqueue
will be used as the working directory D.
Otherwise,
\fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR):
the default queue group consists of the single queue directory \fIdir\fR,
and the working directory D is set to \fIdir\fR.
To define additional groups of queue directories,
use the configuration file `Q' command.
Do not change the queue directory structure
while sendmail is running.
.ip QueueFactor=\fIfactor\fP
[q]
Use
.i factor
as the multiplier in the map function
to decide when to just queue up jobs rather than run them.
This value is divided by the difference between the current load average
and the load average limit
(\c
.b QueueLA
option)
to determine the maximum message priority
that will be sent.
Defaults to 600000.
.ip QueueLA=\fILA\fP
[x]
When the system load average exceeds
.i LA
and the
.b QueueFactor
(\c
.b q )
option divided by the difference in the current load average and the
.b QueueLA
option plus one
is less than the priority of the message,
just queue messages
(i.e., don't try to send them).
Defaults to 8 multiplied by
the number of processors online on the system
(if that can be determined).
.ip QueueFileMode=\fImode\fP
[no short name]
Default permissions for queue files (octal).
If not set, sendmail uses 0600 unless its real
and effective uid are different in which case it uses 0644.
.ip QueueSortOrder=\fIalgorithm\fP
[no short name]
Sets the
.i algorithm
used for sorting the queue.
Only the first character of the value is used.
Legal values are
.q host
(to order by the name of the first host name of the first recipient),
.q filename
(to order by the name of the queue file name),
.q time
(to order by the submission/creation time),
.q random
(to order randomly),
.q modification
(to order by the modification time of the qf file (older entries first)),
.q none
(to not order),
and
.q priority
(to order by message priority).
Host ordering makes better use of the connection cache,
but may tend to process low priority messages
that go to a single host
over high priority messages that go to several hosts;
it probably shouldn't be used on slow network links.
Filename and modification time ordering saves the overhead of
reading all of the queued items
before starting the queue run.
Creation (submission) time ordering is almost always a bad idea,
since it allows large, bulk mail to go out
before smaller, personal mail,
but may have applicability on some hosts with very fast connections.
Random is useful if several queue runners are started by hand
which try to drain the same queue since odds are they will be working
on different parts of the queue at the same time.
Priority ordering is the default.
.ip QueueTimeout=\fItimeout\fP
[T]
A synonym for
.q Timeout.queuereturn .
Use that form instead of the
.q QueueTimeout
form.
.ip RandFile
[no short name]
Name of file containing random data or the name of the UNIX socket
if EGD is used.
A (required) prefix "egd:" or "file:" specifies the type.
STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
(see sendmail/README).
.ip ResolverOptions=\fIoptions\fP
[I]
Set resolver options.
Values can be set using
.b + \c
.i flag
and cleared using
.b \- \c
.i flag ;
the
.i flag s
can be
.q debug ,
.q aaonly ,
.q usevc ,
.q primary ,
.q igntc ,
.q recurse ,
.q defnames ,
.q stayopen ,
.q use_inet6 ,
or
.q dnsrch .
The string
.q HasWildcardMX
(without a
.b +
or
.b \- )
can be specified to turn off matching against MX records
when doing name canonifications.
The string
.q WorkAroundBrokenAAAA
(without a
.b +
or
.b \- )
can be specified to work around some broken nameservers
which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.
Notice: it might be necessary to apply the same (or similar) options to
.i submit.cf
too.
.ip RequiresDirfsync
[no short name]
This option can be used to override the compile time flag
.b REQUIRES_DIR_FSYNC
at runtime by setting it to
.sm false .
If the compile time flag is not set, the option is ignored.
The flag turns on support for file systems that require to call
.i fsync()
for a directory if the meta-data in it has been changed.
This should be turned on at least for older versions of ReiserFS;
it is enabled by default for Linux.
According to some information this flag is not needed
anymore for kernel 2.4.16 and newer.
.ip RrtImpliesDsn
[R]
If this option is set, a
.q Return-Receipt-To:
header causes the request of a DSN, which is sent to
the envelope sender as required by RFC 1891,
not to the address given in the header.
.ip RunAsUser=\fIuser\fP
[no short name]
The
.i user
parameter may be a user name
(looked up in
.i /etc/passwd )
or a numeric user id;
either form can have
.q ":group"
attached
(where group can be numeric or symbolic).
If set to a non-zero (non-root) value,
.i sendmail
will change to this user id shortly after startup\**.
.(f
\**When running as a daemon,
it changes to this user after accepting a connection
but before reading any
.sm SMTP
commands.
.)f
This avoids a certain class of security problems.
However, this means that all
.q \&.forward
and
.q :include:
files must be readable by the indicated
.i user
and all files to be written must be writable by
.i user
Also, all file and program deliveries will be marked unsafe
unless the option
.b DontBlameSendmail=NonRootSafeAddr
is set,
in which case the delivery will be done as
.i user .
It is also incompatible with the
.b SafeFileEnvironment
option.
In other words, it may not actually add much to security on an average system,
and may in fact detract from security
(because other file permissions must be loosened).
However, it should be useful on firewalls and other
places where users don't have accounts and the aliases file is
well constrained.
.ip RecipientFactor=\fIfact\fP
[y]
The indicated
.i fact or
is added to the priority (thus
.i lowering
the priority of the job)
for each recipient,
i.e., this value penalizes jobs with large numbers of recipients.
Defaults to 30000.
.ip RefuseLA=\fILA\fP
[X]
When the system load average exceeds
.i LA ,
refuse incoming SMTP connections.
Defaults to 12 multiplied by
the number of processors online on the system
(if that can be determined).
.ip RejectLogInterval=\fItimeout\fP
[no short name]
Log interval when refusing connections for this long
(default: 3h).
.ip RetryFactor=\fIfact\fP
[Z]
The
.i fact or
is added to the priority
every time a job is processed.
Thus,
each time a job is processed,
its priority will be decreased by the indicated value.
In most environments this should be positive,
since hosts that are down are all too often down for a long time.
Defaults to 90000.
.ip SafeFileEnvironment=\fIdir\fP
[no short name]
If this option is set,
.i sendmail
will do a
.i chroot (2)
call into the indicated
.i dir ectory
before doing any file writes.
If the file name specified by the user begins with
.i dir ,
that partial path name will be stripped off before writing,
so (for example)
if the SafeFileEnvironment variable is set to
.q /safe
then aliases of
.q /safe/logs/file
and
.q /logs/file
actually indicate the same file.
Additionally, if this option is set,
.i sendmail
refuses to deliver to symbolic links.
.ip SaveFromLine
[f]
Save
UNIX-style
.q From
lines at the front of headers.
Normally they are assumed redundant
and discarded.
.ip SendMimeErrors
[j]
If set, send error messages in MIME format
(see RFC 2045 and RFC 1344 for details).
If disabled,
.i sendmail
will not return the DSN keyword in response to an EHLO
and will not do Delivery Status Notification processing as described in
RFC 1891.
.ip ServerCertFile
[no short name]
File containing the certificate of the server, i.e., this certificate
is used when sendmail acts as server
(used for STARTTLS).
.ip ServerKeyFile
[no short name]
File containing the private key belonging to the server certificate
(used for STARTTLS).
.ip ServerSSLOptions
A space or comma separated list of SSL related options for the server side.
See
.i SSL_CTX_set_options (3)
for a list;
the available values depend on the OpenSSL version against which
.i sendmail
is compiled.
By default,
.i SSL_OP_ALL
.i -SSL_OP_TLSEXT_PADDING
are used
(if those options are available).
-Options can be cleared by preceeding them with a minus sign.
+Options can be cleared by preceding them with a minus sign.
It is also possible to specify numerical values, e.g.,
.b -0x0010 .
.ip ServiceSwitchFile=\fIfilename\fP
[no short name]
If your host operating system has a service switch abstraction
(e.g., /etc/nsswitch.conf on Solaris
or /etc/svc.conf on Ultrix and DEC OSF/1)
that service will be consulted and this option is ignored.
Otherwise, this is the name of a file
that provides the list of methods used to implement particular services.
The syntax is a series of lines,
each of which is a sequence of words.
The first word is the service name,
and following words are service types.
The services that
.i sendmail
consults directly are
.q aliases
and
.q hosts.
Service types can be
.q dns ,
.q nis ,
.q nisplus ,
or
.q files
(with the caveat that the appropriate support
must be compiled in
before the service can be referenced).
If ServiceSwitchFile is not specified, it defaults to
/etc/mail/service.switch.
If that file does not exist, the default switch is:
.(b
aliases files
hosts dns nis files
.)b
The default file is
.q /etc/mail/service.switch .
.ip SevenBitInput
[7]
Strip input to seven bits for compatibility with old systems.
This shouldn't be necessary.
.ip SharedMemoryKey
[no short name]
Key to use for shared memory segment;
if not set (or 0), shared memory will not be used.
If set to
-1
.i sendmail
can select a key itself provided that also
.b SharedMemoryKeyFile
is set.
Requires support for shared memory to be compiled into
.i sendmail .
If this option is set,
.i sendmail
can share some data between different instances.
For example, the number of entries in a queue directory
or the available space in a file system.
This allows for more efficient program execution, since only
one process needs to update the data instead of each individual
process gathering the data each time it is required.
.ip SharedMemoryKeyFile
[no short name]
If
.b SharedMemoryKey
is set to
-1
then the automatically selected shared memory key will be stored
in the specified file.
.ip SingleLineFromHeader
[no short name]
If set, From: lines that have embedded newlines are unwrapped
onto one line.
This is to get around a botch in Lotus Notes
that apparently cannot understand legally wrapped RFC 822 headers.
.ip SingleThreadDelivery
[no short name]
If set, a client machine will never try to open two SMTP connections
to a single server machine at the same time,
even in different processes.
That is, if another
.i sendmail
is already talking to some host a new
.i sendmail
will not open another connection.
This property is of mixed value;
although this reduces the load on the other machine,
it can cause mail to be delayed
(for example, if one
.i sendmail
is delivering a huge message, other
.i sendmail s
won't be able to send even small messages).
Also, it requires another file descriptor
(for the lock file)
per connection, so you may have to reduce the
.b ConnectionCacheSize
option to avoid running out of per-process file descriptors.
Requires the
.b HostStatusDirectory
option.
.ip SmtpGreetingMessage=\fImessage\fP
[$e macro]
The message printed when the SMTP server starts up.
Defaults to
.q "$j Sendmail $v ready at $b".
.ip SoftBounce
If set, issue temporary errors (4xy) instead of permanent errors (5xy).
This can be useful during testing of a new configuration to avoid
erroneous bouncing of mails.
+.ip SSLEngine
+Name of SSL engine to use.
+The available values depend on the OpenSSL version against which
+.i sendmail
+is compiled,
+see
+.(b
+openssl engine -v
+.)b
+for some information.
+.ip SSLEnginePath
+Path to dynamic library for SSL engine.
+This option is only useful if
+.i SSLEngine
+is set.
+If both are set, the engine will be loaded dynamically at runtime
+using the concatenation of the path,
+a slash "/",
+the string "lib",
+the value of
+.i SSLEngine ,
+and the string ".so".
+If only
+.i SSLEngine
+is set then the static version of the engine is used.
.ip StatusFile=\fIfile\fP
[S]
Log summary statistics in the named
.i file .
If no file name is specified, "statistics" is used.
If not set,
no summary statistics are saved.
This file does not grow in size.
It can be printed using the
.i mailstats (8)
program.
.ip SuperSafe
[s]
This option can be set to True, False, Interactive, or PostMilter.
If set to True,
.i sendmail
will be super-safe when running things,
i.e., always instantiate the queue file,
even if you are going to attempt immediate delivery.
.i Sendmail
always instantiates the queue file
before returning control to the client
under any circumstances.
This should really
.i always
be set to True.
The Interactive value has been introduced in 8.12 and can
be used together with
.b DeliveryMode=i .
It skips some synchronization calls which are effectively
doubled in the code execution path for this mode.
If set to PostMilter,
.i sendmail
defers synchronizing the queue file until any milters have
signaled acceptance of the message.
PostMilter is useful only when
.i sendmail
is running as an SMTP server; in all other situations it
acts the same as True.
+.ip TLSFallbacktoClear
+[no short name]
+If set,
+.i sendmail
+immediately tries an outbound connection again without STARTTLS
+after a TLS handshake failure.
+Note:
+this applies to all connections even if TLS specific requirements are set
+(see rulesets
+.i tls_rcpt
+and
+.i tls_client
+).
+Hence such requirements will cause an error on a retry without STARTTLS.
+Therefore they should only trigger a temporary failure so the connection
+is later on tried again.
.ip TLSSrvOptions
[no short name]
List of options for SMTP STARTTLS for the server
consisting of single characters
with intervening white space or commas.
The flag ``V'' disables client verification, and hence
it is not possible to use a client certificate for relaying.
The flag ``C'' removes the requirement for the TLS server
to have a cert.
This only works under very specific circumstances
and should only be used if the consequences are understood,
e.g., clients may not work with a server using this.
.ip TempFileMode=\fImode\fP
[F]
The file mode for transcript files, files to which
.i sendmail
delivers directly, files in the
.b HostStatusDirectory ,
and
.b StatusFile .
It is interpreted in octal by default.
Defaults to 0600.
.ip Timeout.\fItype\fP=\|\fItimeout\fP
[r; subsumes old T option as well]
Set timeout values.
For more information,
see section
.\" XREF
4.1.
.ip TimeZoneSpec=\fItzinfo\fP
[t]
Set the local time zone info to
.i tzinfo
\*- for example,
.q PST8PDT .
Actually, if this is not set,
the TZ environment variable is cleared (so the system default is used);
if set but null, the user's TZ variable is used,
and if set and non-null the TZ variable is set to this value.
.ip TrustedUser=\fIuser\fP
[no short name]
The
.i user
parameter may be a user name
(looked up in
.i /etc/passwd )
or a numeric user id.
Trusted user for file ownership and starting the daemon. If set, generated
alias databases and the control socket (if configured) will automatically
be owned by this user.
.ip TryNullMXList
[w]
If this system is the
.q best
(that is, lowest preference)
MX for a given host,
its configuration rules should normally detect this situation
and treat that condition specially
by forwarding the mail to a UUCP feed,
treating it as local,
or whatever.
However, in some cases (such as Internet firewalls)
you may want to try to connect directly to that host
as though it had no MX records at all.
Setting this option causes
.i sendmail
to try this.
The downside is that errors in your configuration
are likely to be diagnosed as
.q "host unknown"
or
.q "message timed out"
instead of something more meaningful.
This option is disrecommended.
.ip UnixFromLine=\fIfromline\fP
[$l macro]
Defines the format used when
.i sendmail
must add a UNIX-style From_ line
(that is, a line beginning
.q From<space>user ).
Defaults to
.q "From $g $d" .
Don't change this unless your system uses a different UNIX mailbox format
(very unlikely).
.ip UnsafeGroupWrites
[no short name]
If set (default),
:include: and .forward files that are group writable are considered
.q unsafe ,
that is,
they cannot reference programs or write directly to files.
World writable :include: and .forward files
are always unsafe.
Note: use
.b DontBlameSendmail
instead; this option is deprecated.
.ip UseCompressedIPv6Addresses
[no short name]
If set, the compressed format of IPv6 addresses,
such as IPV6:::1, will be used,
instead of the uncompressed format,
such as IPv6:0:0:0:0:0:0:0:1.
.ip UseErrorsTo
[l]
If there is an
.q Errors-To:
header, send error messages to the addresses listed there.
They normally go to the envelope sender.
Use of this option causes
.i sendmail
to violate RFC 1123.
This option is disrecommended and deprecated.
.ip UserDatabaseSpec=\fIudbspec\fP
[U]
The user database specification.
.ip Verbose
[v]
Run in verbose mode.
If this is set,
.i sendmail
adjusts options
.b HoldExpensive
(old
.b c )
and
.b DeliveryMode
(old
.b d )
so that all mail is delivered completely
in a single job
so that you can see the entire delivery process.
Option
.b Verbose
should
.i never
be set in the configuration file;
it is intended for command line use only.
Note that the use of option
.b Verbose
can cause authentication information to leak, if you use a
sendmail client to authenticate to a server.
If the authentication mechanism uses plain text passwords
(as with LOGIN or PLAIN),
then the password could be compromised.
To avoid this, do not install sendmail set-user-ID root,
and disable the
.b VERB
SMTP command with a suitable
.b PrivacyOptions
setting.
.ip XscriptFileBufferSize=\fIthreshold\fP
[no short name]
Set the
.i threshold ,
in bytes,
before a memory-based
queue transcript file
becomes disk-based.
The default is 4096 bytes.
.lp
All options can be specified on the command line using the
\-O or \-o flag,
but most will cause
.i sendmail
to relinquish its set-user-ID permissions.
The options that will not cause this are
SevenBitInput [7],
EightBitMode [8],
MinFreeBlocks [b],
CheckpointInterval [C],
DeliveryMode [d],
ErrorMode [e],
IgnoreDots [i],
SendMimeErrors [j],
LogLevel [L],
MeToo [m],
OldStyleHeaders [o],
PrivacyOptions [p],
SuperSafe [s],
Verbose [v],
QueueSortOrder,
MinQueueAge,
DefaultCharSet,
Dial Delay,
NoRecipientAction,
ColonOkInAddr,
MaxQueueRunSize,
SingleLineFromHeader,
and
AllowBogusHELO.
Actually, PrivacyOptions [p] given on the command line
are added to those already specified in the
.i sendmail.cf
file, i.e., they can't be reset.
Also, M (define macro) when defining the r or s macros
is also considered
.q safe .
.sh 2 "P \*- Precedence Definitions"
.pp
Values for the
.q "Precedence:"
field may be defined using the
.b P
control line.
The syntax of this field is:
.(b
\fBP\fP\fIname\fP\fB=\fP\fInum\fP
.)b
When the
.i name
is found in a
.q Precedence:
field,
the message class is set to
.i num .
Higher numbers mean higher precedence.
Numbers less than zero
have the special property
that if an error occurs during processing
the body of the message will not be returned;
this is expected to be used for
.q "bulk"
mail such as through mailing lists.
The default precedence is zero.
For example,
our list of precedences is:
.(b
Pfirst-class=0
Pspecial-delivery=100
Plist=\-30
Pbulk=\-60
Pjunk=\-100
.)b
People writing mailing list exploders
are encouraged to use
.q "Precedence: list" .
Older versions of
.i sendmail
(which discarded all error returns for negative precedences)
didn't recognize this name, giving it a default precedence of zero.
This allows list maintainers to see error returns
on both old and new versions of
.i sendmail .
.sh 2 "V \*- Configuration Version Level"
.pp
To provide compatibility with old configuration files,
the
.b V
line has been added to define some very basic semantics
of the configuration file.
These are not intended to be long term supports;
rather, they describe compatibility features
which will probably be removed in future releases.
.pp
.b N.B.:
these version
.i levels
have nothing
to do with the version
.i number
on the files.
For example,
as of this writing
version 10 config files
(specifically, 8.10)
used version level 9 configurations.
.pp
.q Old
configuration files are defined as version level one.
Version level two files make the following changes:
.np
Host name canonification ($[ ... $])
appends a dot if the name is recognized;
this gives the config file a way of finding out if anything matched.
(Actually, this just initializes the
.q host
map with the
.q \-a.
flag \*- you can reset it to anything you prefer
by declaring the map explicitly.)
.np
Default host name extension is consistent throughout processing;
version level one configurations turned off domain extension
(that is, adding the local domain name)
during certain points in processing.
Version level two configurations are expected to include a trailing dot
to indicate that the name is already canonical.
.np
Local names that are not aliases
are passed through a new distinguished ruleset five;
this can be used to append a local relay.
This behavior can be prevented by resolving the local name
with an initial `@'.
That is, something that resolves to a local mailer and a user name of
.q vikki
will be passed through ruleset five,
but a user name of
.q @vikki
will have the `@' stripped,
will not be passed through ruleset five,
but will otherwise be treated the same as the prior example.
The expectation is that this might be used to implement a policy
where mail sent to
.q vikki
was handled by a central hub,
but mail sent to
.q vikki@localhost
was delivered directly.
.pp
Version level three files
allow # initiated comments on all lines.
Exceptions are backslash escaped # marks
and the $# syntax.
.pp
Version level four configurations
are completely equivalent to level three
for historical reasons.
.pp
Version level five configuration files
change the default definition of
.b $w
to be just the first component of the hostname.
.pp
Version level six configuration files
change many of the local processing options
(such as aliasing and matching the beginning of the address for
`|' characters)
to be mailer flags;
this allows fine-grained control over the special local processing.
Level six configuration files may also use long option names.
The
.b ColonOkInAddr
option (to allow colons in the local-part of addresses)
defaults
.b on
for lower numbered configuration files;
the configuration file requires some additional intelligence
to properly handle the RFC 822 group construct.
.pp
Version level seven configuration files
used new option names to replace old macros
(\c
.b $e
became
.b SmtpGreetingMessage ,
.b $l
became
.b UnixFromLine ,
and
.b $o
became
.b OperatorChars .
Also, prior to version seven,
the
.b F=q
flag (use 250 instead of 252 return value for
.sm "SMTP VRFY"
commands)
was assumed.
.pp
Version level eight configuration files allow
.b $#
on the left hand side of ruleset lines.
.pp
Version level nine configuration files allow
parentheses in rulesets, i.e. they are not treated
as comments and hence removed.
.pp
Version level ten configuration files allow
queue group definitions.
.pp
The
.b V
line may have an optional
.b / \c
.i vendor
to indicate that this configuration file uses modifications
specific to a particular vendor\**.
.(f
\**And of course, vendors are encouraged to add themselves
to the list of recognized vendors by editing the routine
.i setvendor
in
.i conf.c .
Please send e-mail to sendmail@Sendmail.ORG
to register your vendor dialect.
.)f
You may use
.q /Berkeley
to emphasize that this configuration file
uses the Berkeley dialect of
.i sendmail .
.sh 2 "K \*- Key File Declaration"
.pp
Special maps can be defined using the line:
.(b
Kmapname mapclass arguments
.)b
The
.i mapname
is the handle by which this map is referenced in the rewriting rules.
The
.i mapclass
is the name of a type of map;
these are compiled in to
.i sendmail .
The
.i arguments
are interpreted depending on the class;
typically,
there would be a single argument naming the file containing the map.
.pp
Maps are referenced using the syntax:
.(b
$( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
.)b
where either or both of the
.i arguments
or
.i default
portion may be omitted.
The
.i "$@ arguments"
may appear more than once.
The indicated
.i key
and
.i arguments
are passed to the appropriate mapping function.
If it returns a value, it replaces the input.
If it does not return a value and the
.i default
is specified, the
.i default
replaces the input.
Otherwise, the input is unchanged.
.pp
The
.i arguments
are passed to the map for arbitrary use.
Most map classes can interpolate these arguments
into their values using the syntax
.q %\fIn\fP
(where
.i n
is a digit)
to indicate the corresponding
.i argument .
Argument
.q %0
indicates the database key.
For example, the rule
.(b
.ta 1.5i
R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $)
.)b
Looks up the UUCP name in a (user defined) UUCP map;
if not found it turns it into
.q \&.UUCP
form.
The database might contain records like:
.(b
decvax %1@%0.DEC.COM
research %1@%0.ATT.COM
.)b
Note that
.i default
clauses never do this mapping.
.pp
The built-in map with both name and class
.q host
is the host name canonicalization lookup.
Thus,
the syntax:
.(b
$(host \fIhostname\fP$)
.)b
is equivalent to:
.(b
$[\fIhostname\fP$]
.)b
.pp
There are many defined classes.
+.ip cdb
+Database lookups using the cdb(3) library.
+.i Sendmail
+must be compiled with
+.b CDB
+defined.
.ip dbm
Database lookups using the ndbm(3) library.
.i Sendmail
must be compiled with
.b NDBM
defined.
.ip btree
Database lookups using the btree interface to the Berkeley DB
library.
.i Sendmail
must be compiled with
.b NEWDB
defined.
.ip hash
Database lookups using the hash interface to the Berkeley DB
library.
.i Sendmail
must be compiled with
.b NEWDB
defined.
.ip nis
NIS lookups.
.i Sendmail
must be compiled with
.b NIS
defined.
.ip nisplus
NIS+ lookups.
.i Sendmail
must be compiled with
.b NISPLUS
defined.
The argument is the name of the table to use for lookups,
and the
.b \-k
and
.b \-v
flags may be used to set the key and value columns respectively.
.ip hesiod
Hesiod lookups.
.i Sendmail
must be compiled with
.b HESIOD
defined.
.ip ldap
LDAP X500 directory lookups.
.i Sendmail
must be compiled with
.b LDAPMAP
defined.
The map supports most of the standard arguments
and most of the command line arguments of the
.i ldapsearch
program.
Note that,
by default,
if a single query matches multiple values,
only the first value will be returned
unless the
.b \-z
(value separator)
-map flag is set.
+map option is set.
Also, the
.b \-1
map flag will treat a multiple value return
as if there were no matches.
.ip netinfo
NeXT NetInfo lookups.
.i Sendmail
must be compiled with
.b NETINFO
defined.
.ip text
Text file lookups.
The format of the text file is defined by the
.b \-k
(key field number),
.b \-v
(value field number),
and
.b \-z
(field delimiter)
-flags.
+options.
.ip ph
PH query map.
Contributed and supported by
Mark Roth, roth@uiuc.edu.
-For more information,
-consult the web site
-.q http://www-dev.cites.uiuc.edu/sendmail/ .
.ip nsd
nsd map for IRIX 6.5 and later.
Contributed and supported by Bob Mende of SGI,
mende@sgi.com.
.ip stab
Internal symbol table lookups.
Used internally for aliasing.
.ip implicit
-Really should be called
-.q alias
-\(em this is used to get the default lookups
-for alias files,
-and is the default if no class is specified for alias files.
+Sequentially try a list of available map types:
+.i hash ,
+.i dbm ,
+and
+.i cdb .
+It is the default for alias files if no class is specified.
+If is no matching map type is found,
+the text version is used for the alias file,
+but other maps fail to open.
.ip user
Looks up users using
.i getpwnam (3).
The
.b \-v
flag can be used to specify the name of the field to return
(although this is normally used only to check the existence
of a user).
.ip host
Canonifies host domain names.
Given a host name it calls the name server
to find the canonical name for that host.
.ip bestmx
Returns the best MX record for a host name given as the key.
The current machine is always preferred \*-
that is, if the current machine is one of the hosts listed as a
lowest-preference MX record, then it will be guaranteed to be returned.
This can be used to find out if this machine is the target for an MX record,
and mail can be accepted on that basis.
If the
.b \-z
-flag is given, then all MX names are returned,
+option is given, then all MX names are returned,
separated by the given delimiter.
+Note: the return value is deterministic,
+i.e., even if multiple MX records have the same preference,
+they will be returned in the same order.
.ip dns
This map requires the option -R to specify the DNS resource record
-type to lookup. The following types are supported:
+type to lookup.
+The following types are supported:
A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
-A map lookup will return only one record.
+A map lookup will return only one record
+unless the
+.b \-z
+(value separator)
+option is set.
Hence for some types, e.g., MX records, the return value might be a random
-element of the list due to randomizing in the DNS resolver.
+element of the results due to randomizing in the DNS resolver,
+if only one element is returned.
.ip arpa
Returns the ``reverse'' for the given IP (IPv4 or IPv6) address,
i.e., the string for the PTR lookup,
but without trailing
.b ip6.arpa
or
.b in-addr.arpa .
For example, the following configuration lines:
.(b
Karpa arpa
SArpa
R$+ $: $(arpa $1 $)
-.)b
+.)b
work like this in test mode:
.(b
sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> Arpa IPv6:1:2:dead:beef:9876:0:0:1
Arpa input: IPv6 : 1 : 2 : dead : beef : 9876 : 0 : 0 : 1
Arpa returns: 1 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 6 . 7 . 8 . 9 . f . e . e . b . d . a . e . d . 2 . 0 . 0 . 0 . 1 . 0 . 0 . 0
> Arpa 1.2.3.4
Arpa input: 1 . 2 . 3 . 4
Arpa returns: 4 . 3 . 2 . 1
.)b
.ip sequence
The arguments on the `K' line are a list of maps;
the resulting map searches the argument maps in order
until it finds a match for the indicated key.
For example, if the key definition is:
.(b
Kmap1 ...
Kmap2 ...
Kseqmap sequence map1 map2
.)b
then a lookup against
.q seqmap
first does a lookup in map1.
If that is found, it returns immediately.
Otherwise, the same key is used for map2.
.ip syslog
the key is logged via
.i syslogd \|(8).
The lookup returns the empty string.
.ip switch
Much like the
.q sequence
map except that the order of maps is determined by the service switch.
The argument is the name of the service to be looked up;
the values from the service switch are appended to the map name
to create new map names.
For example, consider the key definition:
.(b
Kali switch aliases
.)b
together with the service switch entry:
.(b
aliases nis files
.)b
This causes a query against the map
.q ali
to search maps named
.q ali.nis
and
.q ali.files
in that order.
.ip dequote
Strip double quotes (") from a name.
It does not strip backslashes,
and will not strip quotes if the resulting string
would contain unscannable syntax
(that is, basic errors like unbalanced angle brackets;
more sophisticated errors such as unknown hosts are not checked).
The intent is for use when trying to accept mail from systems such as
DECnet
that routinely quote odd syntax such as
.(b
"49ers::ubell"
.)b
A typical usage is probably something like:
.(b
Kdequote dequote
\&...
R$\- $: $(dequote $1 $)
R$\- $+ $: $>3 $1 $2
.)b
Care must be taken to prevent unexpected results;
for example,
.(b
"|someprogram < input > output"
.)b
will have quotes stripped,
but the result is probably not what you had in mind.
Fortunately these cases are rare.
.ip regex
The map definition on the
.b K
line contains a regular expression.
Any key input is compared to that expression using the
POSIX regular expressions routines regcomp(), regerr(), and regexec().
Refer to the documentation for those routines for more information
about the regular expression matching.
No rewriting of the key is done if the
.b \-m
flag is used. Without it, the key is discarded or if
.b \-s
if used, it is substituted by the substring matches, delimited by
.b $|
or the string specified with the the
.b \-d
-flag. The flags available for the map are
+option.
+The options available for the map are
.(b
.ta 4n
-n not
-f case sensitive
-b basic regular expressions (default is extended)
-s substring match
--d set the delimiter used for -s
+-d set the delimiter string used for -s
-a append string to key
-m match only, do not replace/discard value
-D perform no lookup in deferred delivery mode.
.)b
The
.b \-s
-flag can include an optional parameter which can be used
-to select the substrings in the result of the lookup. For example,
+option can include an optional parameter which can be used
+to select the substrings in the result of the lookup.
+For example,
.(b
-s1,3,4
.)b
+The delimiter string specified via the
+.b \-d
+option is the sequence of characters after
+.b d
+ending at the first space.
+Hence it isn't possible to specify a space as delimiter,
+so if the option is immediately followed by a space
+the delimiter string is empty,
+which means the substrings are joined.
+
Notes: to match a
.b $
in a string,
\\$$
must be used.
-If the pattern contains spaces, they must be replaced
-with the blank substitution character, unless it is
-space itself.
+If the pattern contains spaces,
+they must be replaced with the blank substitution character,
+unless it is space itself.
.ip program
The arguments on the
.b K
line are the pathname to a program and any initial parameters to be passed.
When the map is called,
the key is added to the initial parameters
and the program is invoked
as the default user/group id.
The first line of standard output is returned as the value of the lookup.
This has many potential security problems,
and has terrible performance;
it should be used only when absolutely necessary.
.ip macro
Set or clear a macro value.
To set a macro,
pass the value as the first argument in the map lookup.
To clear a macro,
do not pass an argument in the map lookup.
The map always returns the empty string.
Example of typical usage include:
.(b
Kstorage macro
\&...
# set macro ${MyMacro} to the ruleset match
R$+ $: $(storage {MyMacro} $@ $1 $) $1
# set macro ${MyMacro} to an empty string
R$* $: $(storage {MyMacro} $@ $) $1
# clear macro ${MyMacro}
R$\- $: $(storage {MyMacro} $) $1
.)b
.ip arith
Perform simple arithmetic operations.
The operation is given as key, currently
+, -, *, /, %,
|, & (bitwise OR, AND),
l (for less than), =,
and r (for random) are supported.
The two operands are given as arguments.
The lookup returns the result of the computation,
i.e.,
.sm TRUE
or
.sm FALSE
for comparisons, integer values otherwise.
The r operator returns a pseudo-random number whose value
lies between the first and second operand
(which requires that the first operand is smaller than the second).
All options which are possible for maps are ignored.
A simple example is:
.(b
Kcomp arith
\&...
Scheck_etrn
R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1
RFALSE $# error \&...
.)b
.ip socket
The socket map uses a simple request/reply protocol over TCP or UNIX domain
sockets to query an external server.
Both requests and replies are text based and encoded as netstrings,
i.e., a string "hello there" becomes:
.(b
11:hello there,
.)b
Note: neither requests nor replies end with CRLF.
The request consists of the database map name and the lookup key separated
by a space character:
.(b
<mapname> ' ' <key>
.)b
The server responds with a status indicator and the result (if any):
.(b
<status> ' ' <result>
.)b
The status indicator specifies the result of the lookup operation itself
and is one of the following upper case words:
.(b
.ta 9n
OK the key was found, result contains the looked up value
NOTFOUND the key was not found, the result is empty
-TEMP a temporary failure occured
-TIMEOUT a timeout occured on the server side
-PERM a permanent failure occured
+TEMP a temporary failure occurred
+TIMEOUT a timeout occurred on the server side
+PERM a permanent failure occurred
.)b
-In case of errors (status TEMP, TIMEOUT or PERM) the result field may
+In case of errors (status TEMP, TIMEOUT or PERM) the result field may
contain an explanatory message.
However, the explanatory message is not used any further by
.i sendmail .
Example replies:
.(b
31:OK resolved.address@example.com,
.)b
.(b
56:OK error:550 5.7.1 User does not accept mail from sender,
.)b
in case of successful lookups, or:
.(b
-8:NOTFOUND,
+8:NOTFOUND,
.)b
in case the key was not found, or:
.(b
55:TEMP this text explains that we had a temporary failure,
.)b
in case of a temporary map lookup failure.
The socket map uses the same syntax as milters
(see Section "X \*- Mail Filter (Milter) Definitions")
to specify the remote endpoint, e.g.,
.(b
Ksocket mySocketMap inet:12345@127.0.0.1
.)b
If multiple socket maps define the same remote endpoint, they will share
a single connection to this endpoint.
.pp
Most of these accept as arguments the same optional flags
and a filename
(or a mapname for NIS;
the filename is the root of the database path,
so that
.q .db
or some other extension appropriate for the database type
will be added to get the actual database name).
Known flags are:
.ip "\-o"
Indicates that this map is optional \*- that is,
if it cannot be opened,
no error is produced,
and
.i sendmail
will behave as if the map existed but was empty.
.ip "\-N, \-O"
If neither
.b \-N
or
.b \-O
are specified,
.i sendmail
uses an adaptive algorithm to decide whether or not to look for null bytes
on the end of keys.
It starts by trying both;
if it finds any key with a null byte it never tries again without a null byte
and vice versa.
If
.b \-N
is specified it never tries without a null byte and
if
.b \-O
is specified it never tries with a null byte.
Setting one of
these can speed matches but are never necessary.
If both
.b \-N
and
.b \-O
are specified,
.i sendmail
will never try any matches at all \(em
that is, everything will appear to fail.
.ip "\-a\fIx\fP"
Append the string
.i x
on successful matches.
For example, the default
.i host
map appends a dot on successful matches.
.ip "\-T\fIx\fP"
Append the string
.i x
on temporary failures.
For example,
.i x
would be appended if a DNS lookup returned
.q "server failed"
or an NIS lookup could not locate a server.
See also the
.b \-t
flag.
.ip "\-f"
Do not fold upper to lower case before looking up the key.
.ip "\-m"
Match only (without replacing the value).
If you only care about the existence of a key and not the value
(as you might when searching the NIS map
.q hosts.byname
for example),
this flag prevents the map from substituting the value.
However,
The \-a argument is still appended on a match,
and the default is still taken if the match fails.
.ip "\-k\fIkeycol\fP"
The key column name (for NIS+) or number
(for text lookups).
For LDAP maps this is an LDAP filter string
in which %s is replaced with the literal contents of the lookup key
and %0 is replaced with the LDAP escaped contents of the lookup key
according to RFC 2254.
If the flag
.b \-K
is used, then %1 through %9 are replaced with the LDAP escaped contents
of the arguments specified in the map lookup.
.ip "\-v\fIvalcol\fP"
The value column name (for NIS+) or number
(for text lookups).
For LDAP maps this is the name of one or more
attributes to be returned;
multiple attributes can be separated by commas.
If not specified, all attributes found in the match
will be returned.
The attributes listed can also include a type and one or more
objectClass values for matching as described in the LDAP section.
.ip "\-z\fIdelim\fP"
The column delimiter (for text lookups).
It can be a single character or one of the special strings
.q \|\en
or
.q \|\et
to indicate newline or tab respectively.
If omitted entirely,
the column separator is any sequence of white space.
-For LDAP maps this is the separator character
+For LDAP and some other maps this is the separator character
to combine multiple values
into a single return string.
If not set,
the LDAP lookup will only return the first match found.
For DNS maps this is the separator character at which
the result of a query is cut off if is too long.
.ip "\-t"
Normally, when a map attempts to do a lookup
and the server fails
(e.g.,
.i sendmail
couldn't contact any name server;
this is
.i not
the same as an entry not being found in the map),
the message being processed is queued for future processing.
The
.b \-t
flag turns off this behavior,
letting the temporary failure (server down)
act as though it were a permanent failure (entry not found).
It is particularly useful for DNS lookups,
where someone else's misconfigured name server can cause problems
on your machine.
However, care must be taken to ensure that you don't bounce mail
that would be resolved correctly if you tried again.
A common strategy is to forward such mail
to another, possibly better connected, mail server.
.ip "\-D"
Perform no lookup in deferred delivery mode.
This flag is set by default for the
.i host
map.
.ip "\-S\fIspacesub\fP
The character to use to replace space characters
after a successful map lookup (esp. useful for regex
and syslog maps).
.ip "\-s\fIspacesub\fP
For the dequote map only,
the character to use to replace space characters
after a successful dequote.
.ip "\-q"
Don't dequote the key before lookup.
.ip "\-L\fIlevel\fP
For the syslog map only, it specifies the level
to use for the syslog call.
.ip "\-A"
When rebuilding an alias file,
the
.b \-A
flag causes duplicate entries in the text version
to be merged.
For example, two entries:
.(b
list: user1, user2
list: user3
.)b
would be treated as though it were the single entry
.(b
list: user1, user2, user3
.)b
in the presence of the
.b \-A
flag.
.pp
Some additional flags are available for the host and dns maps:
.ip "\-d"
delay: specify the resolver's retransmission time interval (in seconds).
.ip "\-r"
retry: specify the number of times to retransmit a resolver query.
.pp
The dns map has another flag:
.ip "\-B"
basedomain: specify a domain that is always appended to queries.
.pp
Socket maps have an optional flag:
.ip "\-d"
timeout: specify the timeout (in seconds) for communication
with the socket map server.
.pp
The following additional flags are present in the ldap map only:
+.ip "\-c\fItimeout\fP"
+Set the LDAP network timeout.
+sendmail must be compiled with
+.b \-DLDAP_OPT_NETWORK_TIMEOUT
+to use this flag.
.ip "\-R"
Do not auto chase referrals. sendmail must be compiled with
.b \-DLDAP_REFERRALS
to use this flag.
.ip "\-n"
Retrieve attribute names only.
.ip "\-V\fIsep\fP"
Retrieve both attributes name and value(s),
separated by
.i sep .
.ip "\-r\fIderef\fP"
Set the alias dereference option to one of never, always, search, or find.
.ip "\-s\fIscope\fP"
Set search scope to one of base, one (one level), or sub (subtree).
.ip "\-h\fIhost\fP"
LDAP server hostname.
Some LDAP libraries allow you to specify multiple, space-separated hosts for
redundancy.
In addition, each of the hosts listed can be followed by a colon and a port
number to override the default LDAP port.
.ip "\-p\fIport\fP"
LDAP service port.
.ip "\-H \fILDAPURI\fP"
Use the specified LDAP URI instead of specifying the hostname and port
separately with the the
.b \-h
and
.b \-p
options shown above.
For example,
.(b
-h server.example.com -p 389 -b dc=example,dc=com
.)b
is equivalent to
.(b
-H ldap://server.example.com:389 -b dc=example,dc=com
.)b
If the LDAP library supports it,
the LDAP URI format however can also request LDAP over SSL by using
.b ldaps://
instead of
.b ldap:// .
For example:
.(b
O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com
.)b
Similarly, if the LDAP library supports it,
It can also be used to specify a UNIX domain socket using
.b ldapi:// :
.(b
O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com
.)b
.ip "\-b\fIbase\fP"
LDAP search base.
.ip "\-l\fItimelimit\fP"
Time limit for LDAP queries.
.ip "\-Z\fIsizelimit\fP"
Size (number of matches) limit for LDAP or DNS queries.
.ip "\-d\fIdistinguished_name\fP"
The distinguished name to use to login to the LDAP server.
.ip "\-M\fImethod\fP"
The method to authenticate to the LDAP server.
Should be one of
.b LDAP_AUTH_NONE ,
.b LDAP_AUTH_SIMPLE ,
or
.b LDAP_AUTH_KRBV4 .
+The leading
+.b LDAP_AUTH_
+can be omitted and the value is case-insensitive.
.ip "\-P\fIpasswordfile\fP"
The file containing the secret key for the
.b LDAP_AUTH_SIMPLE
authentication method
or the name of the Kerberos ticket file for
.b LDAP_AUTH_KRBV4 .
.ip "\-1"
Force LDAP searches to only succeed if a single match is found.
If multiple values are found,
the search is treated as if no match was found.
.ip "\-w\fIversion\fP"
Set the LDAP API/protocol version to use.
The default depends on the LDAP client libraries in use.
For example,
.b "\-w 3"
will cause
.i sendmail
to use LDAPv3 when communicating with the LDAP server.
.ip "\-K"
Treat the LDAP search key as multi-argument and
replace %1 through %9 in the key with
the LDAP escaped contents of the lookup arguments specified in the map lookup.
.pp
The
.i dbm
map appends the strings
.q \&.pag
and
.q \&.dir
to the given filename;
the
.i hash
and
.i btree
maps append
.q \&.db .
For example, the map specification
.(b
Kuucp dbm \-o \-N /etc/mail/uucpmap
.)b
specifies an optional map named
.q uucp
of class
.q dbm ;
it always has null bytes at the end of every string,
and the data is located in
/etc/mail/uucpmap.{dir,pag}.
.pp
The program
.i makemap (8)
-can be used to build any of the three database-oriented maps.
-It takes the following flags:
+can be used to build database-oriented maps.
+It takes at least the following flags
+(for a complete list see its man page):
.ip \-f
Do not fold upper to lower case in the map.
.ip \-N
Include null bytes in keys.
.ip \-o
Append to an existing (old) file.
.ip \-r
Allow replacement of existing keys;
normally, re-inserting an existing key is an error.
.ip \-v
Print what is happening.
.lp
The
.i sendmail
daemon does not have to be restarted to read the new maps
as long as you change them in place;
file locking is used so that the maps won't be read
while they are being updated.
.pp
New classes can be added in the routine
.b setupmaps
in file
.b conf.c .
.sh 2 "Q \*- Queue Group Declaration"
.pp
In addition to the option
.i QueueDirectory,
queue groups can be declared that define a (group of) queue directories
under a common name.
The syntax is as follows:
.(b F
.b Q \c
.i name
{, \c
.i field =\c
.i value \|}+
.)b
where
.i name
is the symbolic name of the queue group under which
it can be referenced in various places
and the
.q field=value
pairs define attributes of the queue group.
The name must only consist of alphanumeric characters.
Fields are:
.ip Flags
Flags for this queue group.
.ip Nice
The nice(2) increment for the queue group.
This value must be greater or equal zero.
.ip Interval
The time between two queue runs.
.ip Path
The queue directory of the group (required).
.ip Runners
The number of parallel runners processing the queue.
Note that
.b F=f
must be set if this value is greater than one.
.ip Jobs
The maximum number of jobs (messages delivered) per queue run.
.ip recipients
The maximum number of recipients per envelope.
Envelopes with more than this number of recipients will be split
into multiple envelopes in the same queue directory.
The default value 0 means no limit.
.lp
Only the first character of the field name is checked.
.pp
By default, a queue group named
.i mqueue
is defined that uses the value of the
.i QueueDirectory
option as path.
Notice: all paths that are used for queue groups must
be subdirectories of
.i QueueDirectory .
Since they can be symbolic links, this isn't a real restriction,
If
.i QueueDirectory
uses a wildcard, then the directory one level up is considered
the ``base'' directory which all other queue directories must share.
Please make sure that the queue directories do not overlap,
e.g., do not specify
.(b
O QueueDirectory=/var/spool/mqueue/*
Qone, P=/var/spool/mqueue/dir1
Qtwo, P=/var/spool/mqueue/dir2
.)b
because this also includes
.q dir1
and
.q dir2
in the default queue group.
However,
.(b
O QueueDirectory=/var/spool/mqueue/main*
Qone, P=/var/spool/mqueue/dir
Qtwo, P=/var/spool/mqueue/other*
.)b
is a valid queue group specification.
.pp
Options listed in the ``Flags'' field can be used to modify
the behavior of a queue group.
The ``f'' flag must be set if multiple queue runners are
supposed to work on the entries in a queue group.
Otherwise
.i sendmail
will work on the entries strictly sequentially.
.pp
The ``Interval'' field sets the time between queue runs.
If no queue group specific interval is set, then the parameter of the
.b -q
option from the command line is used.
.pp
To control the overall number of concurrently active queue runners
the option
.b MaxQueueChildren
can be set.
This limits the number of processes used for running the queues to
.b MaxQueueChildren ,
though at any one time fewer processes may be active
as a result of queue options, completed queue runs, system load, etc.
.pp
The maximum number of queue runners for an individual queue group can be
controlled via the
.b Runners
option.
If set to 0, entries in the queue will not be processed, which
is useful to ``quarantine'' queue files.
The number of runners per queue group may also be set with the option
.b MaxRunnersPerQueue ,
which applies to queue groups that have no individual limit.
That is, the default value for
.b Runners
is
.b MaxRunnersPerQueue
if set, otherwise 1.
.pp
The field Jobs describes the maximum number of jobs
(messages delivered) per queue run, which is the queue group specific
value of
.b MaxQueueRunSize .
.pp
Notice: queue groups should be declared after all queue related options
have been set because queue groups take their defaults from those options.
If an option is set after a queue group declaration, the values of
options in the queue group are set to the defaults of
.i sendmail
unless explicitly set in the declaration.
.pp
Each envelope is assigned to a queue group based on the algorithm
described in section
``Queue Groups and Queue Directories''.
.sh 2 "X \*- Mail Filter (Milter) Definitions"
.pp
The
.i sendmail
Mail Filter API (Milter) is designed to allow third-party programs access
to mail messages as they are being processed in order to filter
meta-information and content.
They are declared in the configuration file as:
.(b F
.b X \c
.i name
{, \c
.i field =\c
.i value \|}*
.)b
where
.i name
is the name of the filter
(used internally only)
and the
.q field=name
pairs define attributes of the filter.
Also see the documentation for the
.b InputMailFilters
option for more information.
.pp
Fields are:
.(b
.ta 1i
Socket The socket specification
Flags Special flags for this filter
Timeouts Timeouts for this filter
.)b
Only the first character of the field name is checked
(it's case-sensitive).
.pp
The socket specification is one of the following forms:
.(b F
.b S= \c
.b inet \c
.b :
.i port
.b @
.i host
.)b
.(b F
.b S= \c
.b inet6 \c
.b :
.i port
.b @
.i host
.)b
.(b F
.b S= \c
.b local \c
.b :
.i path
.)b
The first two describe an IPv4 or IPv6 socket listening on a certain
.i port
at a given
.i host
or IP address.
The final form describes a named socket on the filesystem at the given
.i path .
.pp
The following flags may be set in the filter description.
.nr ii 4n
.ip R
Reject connection if filter unavailable.
.ip T
Temporary fail connection if filter unavailable.
.pp
If neither F=R nor F=T is specified, the message is passed through
.i sendmail
in case of filter errors as if the failing filters were not present.
.pp
The timeouts can be set using the four fields inside of the
.b T=
equate:
.nr ii 4n
.ip C
Timeout for connecting to a filter.
If set to 0, the system's
.i connect()
timeout will be used.
.ip S
Timeout for sending information from the MTA to a filter.
.ip R
Timeout for reading reply from the filter.
.ip E
Overall timeout between sending end-of-message to filter and waiting for
the final acknowledgment.
.pp
Note the separator between each timeout field is a
.b ';' .
The default values (if not set) are:
.b T=C:5m;S:10s;R:10s;E:5m
where
.b s
is seconds and
.b m
is minutes.
.pp
Examples:
.(b
Xfilter1, S=local:/var/run/f1.sock, F=R
Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m
Xfilter3, S=inet:3333@localhost, T=C:2m
.)b
.sh 2 "The User Database"
.pp
The user database is deprecated in favor of ``virtusertable''
and ``genericstable'' as explained in the file
.b cf/README .
If you have a version of
.i sendmail
with the user database package
compiled in,
the handling of sender and recipient addresses
is modified.
.pp
The location of this database is controlled with the
.b UserDatabaseSpec
option.
.sh 3 "Structure of the user database"
.pp
The database is a sorted (BTree-based) structure.
User records are stored with the key:
.(b
\fIuser-name\fP\fB:\fP\fIfield-name\fP
.)b
The sorted database format ensures that user records are clustered together.
Meta-information is always stored with a leading colon.
.pp
Field names define both the syntax and semantics of the value.
Defined fields include:
.nr ii 1i
.ip maildrop
The delivery address for this user.
There may be multiple values of this record.
In particular,
mailing lists will have one
.i maildrop
record for each user on the list.
.ip "mailname"
The outgoing mailname for this user.
For each outgoing name,
there should be an appropriate
.i maildrop
record for that name to allow return mail.
See also
.i :default:mailname .
.ip mailsender
Changes any mail sent to this address to have the indicated envelope sender.
This is intended for mailing lists,
and will normally be the name of an appropriate -request address.
It is very similar to the owner-\c
.i list
syntax in the alias file.
.ip fullname
The full name of the user.
.ip office-address
The office address for this user.
.ip office-phone
The office phone number for this user.
.ip office-fax
The office FAX number for this user.
.ip home-address
The home address for this user.
.ip home-phone
The home phone number for this user.
.ip home-fax
The home FAX number for this user.
.ip project
A (short) description of the project this person is affiliated with.
In the University this is often just the name of their graduate advisor.
.ip plan
A pointer to a file from which plan information can be gathered.
.pp
As of this writing,
only a few of these fields are actually being used by
.i sendmail :
.i maildrop
and
.i mailname .
A
.i finger
program that uses the other fields is planned.
.sh 3 "User database semantics"
.pp
When the rewriting rules submit an address to the local mailer,
the user name is passed through the alias file.
If no alias is found (or if the alias points back to the same address),
the name (with
.q :maildrop
appended)
is then used as a key in the user database.
If no match occurs (or if the maildrop points at the same address),
forwarding is tried.
.pp
If the first token of the user name returned by ruleset 0
is an
.q @
sign, the user database lookup is skipped.
The intent is that the user database will act as a set of defaults
for a cluster (in our case, the Computer Science Division);
mail sent to a specific machine should ignore these defaults.
.pp
When mail is sent,
the name of the sending user is looked up in the database.
If that user has a
.q mailname
record,
the value of that record is used as their outgoing name.
For example, I might have a record:
.(b
eric:mailname Eric.Allman@CS.Berkeley.EDU
.)b
This would cause my outgoing mail to be sent as Eric.Allman.
.pp
If a
.q maildrop
is found for the user,
but no corresponding
.q mailname
record exists,
the record
.q :default:mailname
is consulted.
If present, this is the name of a host to override the local host.
For example, in our case we would set it to
.q CS.Berkeley.EDU .
The effect is that anyone known in the database
gets their outgoing mail stamped as
.q user@CS.Berkeley.EDU ,
but people not listed in the database use the local hostname.
.sh 3 "Creating the database\**"
.(f
\**These instructions are known to be incomplete.
Other features are available which provide similar functionality,
e.g., virtual hosting and mapping local addresses into a
generic form as explained in cf/README.
.)f
.pp
The user database is built from a text file
using the
.i makemap
utility
(in the distribution in the makemap subdirectory).
The text file is a series of lines corresponding to userdb records;
each line has a key and a value separated by white space.
The key is always in the format described above \*-
for example:
.(b
eric:maildrop
.)b
This file is normally installed in a system directory;
for example, it might be called
.i /etc/mail/userdb .
To make the database version of the map, run the program:
.(b
makemap btree /etc/mail/userdb < /etc/mail/userdb
.)b
Then create a config file that uses this.
For example, using the V8 M4 configuration, include the
following line in your .mc file:
.(b
define(\`confUSERDB_SPEC\', /etc/mail/userdb)
.)b
.sh 1 "OTHER CONFIGURATION"
.pp
There are some configuration changes that can be made by
recompiling
.i sendmail .
This section describes what changes can be made
and what has to be modified to make them.
In most cases this should be unnecessary
unless you are porting
.i sendmail
to a new environment.
.sh 2 "Parameters in devtools/OS/$oscf"
.pp
These parameters are intended to describe the compilation environment,
not site policy,
and should normally be defined in the operating system
configuration file.
.b "This section needs a complete rewrite."
.ip NDBM
If set,
the new version of the DBM library
that allows multiple databases will be used.
-If neither NDBM nor NEWDB are set,
+If neither CDB, NDBM, nor NEWDB are set,
a much less efficient method of alias lookup is used.
+.ip CWDB
+If set, use the cdb (tinycdb) package.
.ip NEWDB
If set, use the new database package from Berkeley (from 4.4BSD).
This package is substantially faster than DBM or NDBM.
If NEWDB and NDBM are both set,
.i sendmail
will read DBM files,
but will create and use NEWDB files.
.ip NIS
Include support for NIS.
If set together with
.i both
NEWDB and NDBM,
.i sendmail
will create both DBM and NEWDB files if and only if
an alias file includes the substring
.q /yp/
in the name.
This is intended for compatibility with Sun Microsystems'
.i mkalias
program used on YP masters.
.ip NISPLUS
Compile in support for NIS+.
.ip NETINFO
Compile in support for NetInfo (NeXT stations).
.ip LDAPMAP
Compile in support for LDAP X500 queries.
Requires libldap and liblber
from the Umich LDAP 3.2 or 3.3 release
or equivalent libraries for other LDAP libraries
such as OpenLDAP.
.ip HESIOD
Compile in support for Hesiod.
.ip MAP_NSD
Compile in support for IRIX NSD lookups.
.ip MAP_REGEX
Compile in support for regular expression matching.
.ip DNSMAP
Compile in support for DNS map lookups in the
.i sendmail.cf
file.
.ip PH_MAP
Compile in support for ph lookups.
.ip SASL
Compile in support for SASL,
a required component for SMTP Authentication support.
.ip STARTTLS
Compile in support for STARTTLS.
.ip EGD
Compile in support for the "Entropy Gathering Daemon"
to provide better random data for TLS.
.ip TCPWRAPPERS
Compile in support for TCP Wrappers.
.ip _PATH_SENDMAILCF
The pathname of the sendmail.cf file.
.ip _PATH_SENDMAILPID
The pathname of the sendmail.pid file.
.ip SM_CONF_SHM
Compile in support for shared memory, see section about
"/var/spool/mqueue".
.ip MILTER
Compile in support for contacting external mail filters built with the
Milter API.
.pp
There are also several compilation flags to indicate the environment
such as
.q _AIX3
and
.q _SCO_unix_ .
See the sendmail/README
file for the latest scoop on these flags.
.sh 3 "For Future Releases"
.pp
.i sendmail
often contains compile time options
.i "For Future Releases"
(prefix _FFR_)
which might be enabled in a subsequent version
or might simply be removed as they turned out not to be really useful.
These features are usually not documented but if they are,
then the required (FFR) compile
time options are listed here for rulesets and macros,
and in
.i cf/README
for mc/cf options.
FFR compile times options must be enabled when the sendmail binary
is built from source.
Enabled FFRs in a binary can be listed with
.(b
sendmail -d0.13 < /dev/null | grep FFR
.)b
.sh 2 "Parameters in sendmail/conf.h"
.pp
Parameters and compilation options
are defined in conf.h.
Most of these need not normally be tweaked;
common parameters are all in sendmail.cf.
However, the sizes of certain primitive vectors, etc.,
are included in this file.
The numbers following the parameters
are their default value.
.pp
This document is not the best source of information
for compilation flags in conf.h \(em
see sendmail/README or sendmail/conf.h itself.
.nr ii 1.2i
.ip "MAXLINE [2048]"
The maximum line length of any input line.
If message lines exceed this length
they will still be processed correctly;
however, header lines,
configuration file lines,
alias lines,
etc.,
must fit within this limit.
.ip "MAXNAME [256]"
The maximum length of any name,
such as a host or a user name.
.ip "MAXPV [256]"
The maximum number of parameters to any mailer.
This limits the number of recipients that may be passed in one transaction.
It can be set to any arbitrary number above about 10,
since
.i sendmail
will break up a delivery into smaller batches as needed.
A higher number may reduce load on your system, however.
.ip "MAXQUEUEGROUPS [50]"
The maximum number of queue groups.
.ip "MAXATOM [1000]"
The maximum number of atoms
(tokens)
in a single address.
For example,
the address
.q "eric@CS.Berkeley.EDU"
is seven atoms.
.ip "MAXMAILERS [25]"
The maximum number of mailers that may be defined
in the configuration file.
This value is defined in include/sendmail/sendmail.h.
.ip "MAXRWSETS [200]"
The maximum number of rewriting sets
that may be defined.
The first half of these are reserved for numeric specification
(e.g., ``S92''),
while the upper half are reserved for auto-numbering
(e.g., ``Sfoo'').
Thus, with a value of 200 an attempt to use ``S99'' will succeed,
but ``S100'' will fail.
.ip "MAXPRIORITIES [25]"
The maximum number of values for the
.q Precedence:
field that may be defined
(using the
.b P
line in sendmail.cf).
.ip "MAXUSERENVIRON [100]"
The maximum number of items in the user environment
that will be passed to subordinate mailers.
.ip "MAXMXHOSTS [100]"
The maximum number of MX records we will accept for any single host.
.ip "MAXMAPSTACK [12]"
The maximum number of maps that may be "stacked" in a
.b sequence
class map.
.ip "MAXMIMEARGS [20]"
The maximum number of arguments in a MIME Content-Type: header;
additional arguments will be ignored.
.ip "MAXMIMENESTING [20]"
The maximum depth to which MIME messages may be nested
(that is, nested Message or Multipart documents;
this does not limit the number of components in a single Multipart document).
.ip "MAXDAEMONS [10]"
The maximum number of sockets sendmail will open for accepting connections
on different ports.
.ip "MAXMACNAMELEN [25]"
The maximum length of a macro name.
.lp
A number of other compilation options exist.
These specify whether or not specific code should be compiled in.
Ones marked with \(dg
are 0/1 valued.
.nr ii 1.2i
.ip NETINET\(dg
If set,
support for Internet protocol networking is compiled in.
Previous versions of
.i sendmail
referred to this as
.sm DAEMON ;
this old usage is now incorrect.
Defaults on;
turn it off in the Makefile
if your system doesn't support the Internet protocols.
.ip NETINET6\(dg
If set,
support for IPv6 networking is compiled in.
It must be separately enabled by adding
.b DaemonPortOptions
settings.
.ip NETISO\(dg
If set,
support for ISO protocol networking is compiled in
(it may be appropriate to #define this in the Makefile instead of conf.h).
.ip NETUNIX\(dg
If set,
support for UNIX domain sockets is compiled in.
This is used for control socket support.
.ip LOG
If set,
the
.i syslog
routine in use at some sites is used.
This makes an informational log record
for each message processed,
and makes a higher priority log record
for internal system errors.
.b "STRONGLY RECOMMENDED"
\(em if you want no logging, turn it off in the configuration file.
.ip MATCHGECOS\(dg
Compile in the code to do ``fuzzy matching'' on the GECOS field
in /etc/passwd.
This also requires that the
.b MatchGECOS
option be turned on.
.ip NAMED_BIND\(dg
Compile in code to use the
Berkeley Internet Name Domain (BIND) server
to resolve TCP/IP host names.
.ip NOTUNIX
If you are using a non-UNIX mail format,
you can set this flag to turn off special processing
of UNIX-style
.q "From "
lines.
.ip USERDB\(dg
Include the
.b experimental
Berkeley user information database package.
This adds a new level of local name expansion
between aliasing and forwarding.
It also uses the NEWDB package.
This may change in future releases.
.lp
The following options are normally turned on
in per-operating-system clauses in conf.h.
.ip IDENTPROTO\(dg
Compile in the IDENT protocol as defined in RFC 1413.
This defaults on for all systems except Ultrix,
which apparently has the interesting
.q feature
that when it receives a
.q "host unreachable"
message it closes all open connections to that host.
Since some firewall gateways send this error code
when you access an unauthorized port (such as 113, used by IDENT),
Ultrix cannot receive email from such hosts.
.ip SYSTEM5
Set all of the compilation parameters appropriate for System V.
.ip HASFLOCK\(dg
Use Berkeley-style
.b flock
instead of System V
.b lockf
to do file locking.
Due to the highly unusual semantics of locks
across forks in
.b lockf ,
this should always be used if at all possible.
.ip HASINITGROUPS
Set this if your system has the
.i initgroups()
call
(if you have multiple group support).
This is the default if SYSTEM5 is
.i not
defined or if you are on HPUX.
.ip HASUNAME
Set this if you have the
.i uname (2)
system call (or corresponding library routine).
Set by default if
SYSTEM5
is set.
.ip HASGETDTABLESIZE
Set this if you have the
.i getdtablesize (2)
system call.
.ip HASWAITPID
Set this if you have the
.i haswaitpid (2)
system call.
.ip FAST_PID_RECYCLE
Set this if your system can possibly
reuse the same pid in the same second of time.
.ip SFS_TYPE
The mechanism that can be used to get file system capacity information.
The values can be one of
SFS_USTAT (use the ustat(2) syscall),
SFS_4ARGS (use the four argument statfs(2) syscall),
SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
or
SFS_NONE (no way to get this information).
.ip LA_TYPE
The load average type.
Details are described below.
.lp
The are several built-in ways of computing the load average.
.i Sendmail
tries to auto-configure them based on imperfect guesses;
you can select one using the
.i cc
option
.b \-DLA_TYPE= \c
.i type ,
where
.i type
is:
.ip LA_INT
The kernel stores the load average in the kernel as an array of long integers.
The actual values are scaled by a factor FSCALE
(default 256).
.ip LA_SHORT
The kernel stores the load average in the kernel as an array of short integers.
The actual values are scaled by a factor FSCALE
(default 256).
.ip LA_FLOAT
The kernel stores the load average in the kernel as an array of
double precision floats.
.ip LA_MACH
Use MACH-style load averages.
.ip LA_SUBR
Call the
.i getloadavg
routine to get the load average as an array of doubles.
.ip LA_ZERO
Always return zero as the load average.
This is the fallback case.
.lp
If type
.sm LA_INT ,
.sm LA_SHORT ,
or
.sm LA_FLOAT
is specified,
you may also need to specify
.sm _PATH_UNIX
(the path to your system binary)
and
.sm LA_AVENRUN
(the name of the variable containing the load average in the kernel;
usually
.q _avenrun
or
.q avenrun ).
.sh 2 "Configuration in sendmail/conf.c"
.pp
The following changes can be made in conf.c.
.sh 3 "Built-in Header Semantics"
.pp
Not all header semantics are defined in the configuration file.
Header lines that should only be included by certain mailers
(as well as other more obscure semantics)
must be specified in the
.i HdrInfo
table in
.i conf.c .
This table contains the header name
(which should be in all lower case)
and a set of header control flags (described below),
The flags are:
.ip H_ACHECK
Normally when the check is made to see if a header line is compatible
with a mailer,
.i sendmail
will not delete an existing line.
If this flag is set,
.i sendmail
will delete
even existing header lines.
That is,
if this bit is set and the mailer does not have flag bits set
that intersect with the required mailer flags
in the header definition in
sendmail.cf,
the header line is
.i always
deleted.
.ip H_EOH
If this header field is set,
treat it like a blank line,
i.e.,
it will signal the end of the header
and the beginning of the message text.
.ip H_FORCE
Add this header entry
even if one existed in the message before.
If a header entry does not have this bit set,
.i sendmail
will not add another header line if a header line
of this name already existed.
This would normally be used to stamp the message
by everyone who handled it.
.ip H_TRACE
If set,
this is a timestamp
(trace)
field.
If the number of trace fields in a message
exceeds a preset amount
the message is returned
on the assumption that it has an aliasing loop.
.ip H_RCPT
If set,
this field contains recipient addresses.
This is used by the
.b \-t
flag to determine who to send to
when it is collecting recipients from the message.
.ip H_FROM
This flag indicates that this field
specifies a sender.
The order of these fields in the
.i HdrInfo
table specifies
.i sendmail 's
preference
for which field to return error messages to.
.ip H_ERRORSTO
Addresses in this header should receive error messages.
.ip H_CTE
This header is a Content-Transfer-Encoding header.
.ip H_CTYPE
This header is a Content-Type header.
-.ip H_STRIPVAL
+.ip H_BCC
Strip the value from the header (for Bcc:).
.nr ii 5n
.lp
Let's look at a sample
.i HdrInfo
specification:
.(b
.ta 4n +\w'"content-transfer-encoding", 'u
struct hdrinfo HdrInfo[] =
\&{
/* originator fields, most to least significant */
"resent-sender", H_FROM,
"resent-from", H_FROM,
"sender", H_FROM,
"from", H_FROM,
"full-name", H_ACHECK,
"errors-to", H_FROM\^|\^H_ERRORSTO,
/* destination fields */
"to", H_RCPT,
"resent-to", H_RCPT,
"cc", H_RCPT,
- "bcc", H_RCPT\^|\^H_STRIPVAL,
+ "bcc", H_RCPT\^|\^H_BCC,
/* message identification and control */
"message", H_EOH,
"text", H_EOH,
/* trace fields */
"received", H_TRACE\^|\^H_FORCE,
/* miscellaneous fields */
"content-transfer-encoding", H_CTE,
"content-type", H_CTYPE,
NULL, 0,
};
.)b
This structure indicates that the
.q To: ,
.q Resent-To: ,
and
.q Cc:
fields
all specify recipient addresses.
Any
.q Full-Name:
field will be deleted unless the required mailer flag
(indicated in the configuration file)
is specified.
The
.q Message:
and
.q Text:
fields will terminate the header;
these are used by random dissenters around the network world.
The
.q Received:
field will always be added,
and can be used to trace messages.
.pp
There are a number of important points here.
First,
header fields are not added automatically just because they are in the
.i HdrInfo
structure;
they must be specified in the configuration file
in order to be added to the message.
Any header fields mentioned in the configuration file but not
mentioned in the
.i HdrInfo
structure have default processing performed;
that is,
they are added unless they were in the message already.
Second,
the
.i HdrInfo
structure only specifies cliched processing;
certain headers are processed specially by ad hoc code
regardless of the status specified in
.i HdrInfo .
For example,
the
.q Sender:
and
.q From:
fields are always scanned on ARPANET mail
to determine the sender\**;
.(f
\**Actually, this is no longer true in SMTP;
this information is contained in the envelope.
The older ARPANET protocols did not completely distinguish
envelope from header.
.)f
this is used to perform the
.q "return to sender"
function.
The
.q "From:"
and
.q "Full-Name:"
fields are used to determine the full name of the sender
if possible;
this is stored in the macro
.b $x
and used in a number of ways.
.sh 3 "Restricting Use of Email"
.pp
If it is necessary to restrict mail through a relay,
the
.i checkcompat
routine can be modified.
This routine is called for every recipient address.
It returns an exit status
indicating the status of the message.
The status
.sm EX_OK
accepts the address,
.sm EX_TEMPFAIL
queues the message for a later try,
and other values
(commonly
.sm EX_UNAVAILABLE )
reject the message.
It is up to
.i checkcompat
to print an error message
(using
.i usrerr )
if the message is rejected.
For example,
.i checkcompat
could read:
.(b
.re
.sz -1
.ta 4n +4n +4n +4n +4n +4n +4n
int
checkcompat(to, e)
register ADDRESS *to;
register ENVELOPE *e;
\&{
register STAB *s;
s = stab("private", ST_MAILER, ST_FIND);
if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
to->q_mailer == s->s_mailer)
{
usrerr("No private net mail allowed through this machine");
return (EX_UNAVAILABLE);
}
if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
{
usrerr("Message too large for non-local delivery");
e\->e_flags |= EF_NORETURN;
return (EX_UNAVAILABLE);
}
return (EX_OK);
}
.sz
.)b
This would reject messages greater than 50000 bytes
unless they were local.
The
.i EF_NORETURN
flag can be set in
.i e\(->e_flags
to suppress the return of the actual body
of the message in the error return.
The actual use of this routine is highly dependent on the
implementation,
and use should be limited.
.sh 3 "New Database Map Classes"
.pp
New key maps can be added by creating a class initialization function
and a lookup function.
These are then added to the routine
.i setupmaps.
.pp
The initialization function is called as
.(b
\fIxxx\fP_map_init(MAP *map, char *args)
.)b
The
.i map
is an internal data structure.
The
.i args
is a pointer to the portion of the configuration file line
following the map class name;
flags and filenames can be extracted from this line.
The initialization function must return
.sm true
if it successfully opened the map,
.sm false
otherwise.
.pp
The lookup function is called as
.(b
\fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
.)b
The
.i map
defines the map internally.
The
.i buf
has the input key.
This may be (and often is) used destructively.
The
.i av
is a list of arguments passed in from the rewrite line.
The lookup function should return a pointer to the new value.
If the map lookup fails,
.i *statp
should be set to an exit status code;
in particular, it should be set to
.sm EX_TEMPFAIL
if recovery is to be attempted by the higher level code.
.sh 3 "Queueing Function"
.pp
The routine
.i shouldqueue
is called to decide if a message should be queued
or processed immediately.
Typically this compares the message priority to the current load average.
The default definition is:
.(b
bool
shouldqueue(pri, ctime)
long pri;
time_t ctime;
{
if (CurrentLA < QueueLA)
return false;
return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
}
.)b
If the current load average
(global variable
.i CurrentLA ,
which is set before this function is called)
is less than the low threshold load average
(option
.b x ,
variable
.i QueueLA ),
.i shouldqueue
returns
.sm false
immediately
(that is, it should
.i not
queue).
If the current load average exceeds the high threshold load average
(option
.b X ,
variable
.i RefuseLA ),
.i shouldqueue
returns
.sm true
immediately.
Otherwise, it computes the function based on the message priority,
the queue factor
(option
.b q ,
global variable
.i QueueFactor ),
and the current and threshold load averages.
.pp
An implementation wishing to take the actual age of the message into account
can also use the
.i ctime
parameter,
which is the time that the message was first submitted to
.i sendmail .
Note that the
.i pri
parameter is already weighted
by the number of times the message has been tried
(although this tends to lower the priority of the message with time);
the expectation is that the
.i ctime
would be used as an
.q "escape clause"
to ensure that messages are eventually processed.
.sh 3 "Refusing Incoming SMTP Connections"
.pp
The function
.i refuseconnections
returns
.sm true
if incoming SMTP connections should be refused.
The current implementation is based exclusively on the current load average
and the refuse load average option
(option
.b X ,
global variable
.i RefuseLA ):
.(b
bool
refuseconnections()
{
return (RefuseLA > 0 && CurrentLA >= RefuseLA);
}
.)b
A more clever implementation
could look at more system resources.
.sh 3 "Load Average Computation"
.pp
The routine
.i getla
returns the current load average (as a rounded integer).
The distribution includes several possible implementations.
If you are porting to a new environment
you may need to add some new tweaks.\**
.(f
\**If you do, please send updates to
sendmail@Sendmail.ORG.
.)f
.sh 2 "Configuration in sendmail/daemon.c"
.pp
The file
.i sendmail/daemon.c
contains a number of routines that are dependent
on the local networking environment.
The version supplied assumes you have BSD style sockets.
.pp
In previous releases,
we recommended that you modify the routine
.i maphostname
if you wanted to generalize
.b $[
\&...\&
.b $]
lookups.
We now recommend that you create a new keyed map instead.
.sh 2 "LDAP"
.pp
In this section we assume that
.i sendmail
has been compiled with support for LDAP.
.sh 3 "LDAP Recursion"
.pp
LDAP Recursion allows you to add types to the search attributes on an
LDAP map specification.
The syntax is:
.ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[|\fIOBJECTCLASS\fP|...]]]
.pp
The new \fITYPE\fPs are:
.nr ii 1i
.ip NORMAL
This attribute type specifies the attribute to add to the results string.
This is the default.
.ip DN
Any matches for this attribute are expected to have a value of a
fully qualified distinguished name.
.i sendmail
will lookup that DN and apply the attributes requested to the
returned DN record.
.ip FILTER
Any matches for this attribute are expected to have a value of an
LDAP search filter.
.i sendmail
will perform a lookup with the same parameters as the original
search but replaces the search filter with the one specified here.
.ip URL
Any matches for this attribute are expected to have a value of an LDAP URL.
.i sendmail
will perform a lookup of that URL and use the results from the attributes
named in that URL.
Note however that the search is done using the current LDAP connection,
regardless of what is specified as the scheme, LDAP host, and LDAP
port in the LDAP URL.
.lp
Any untyped attributes are considered
.sm NORMAL
attributes as described above.
.pp
The optional \fIOBJECTCLASS\fP (| separated) list contains the
objectClass values for which that attribute applies.
If the list is given,
the attribute named will only be used if the LDAP record being returned is a
member of that object class.
Note that if these new value attribute \fITYPE\fPs are used in an
AliasFile
option setting, it will need to be double quoted to prevent
.i sendmail
from misparsing the colons.
.pp
Note that LDAP recursion attributes which do not ultimately point to an
LDAP record are not considered an error.
.sh 4 "Example"
.pp
Since examples usually help clarify, here is an example which uses all
four of the new types:
.(b
O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com
Kexample ldap
-z,
-k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0))
-v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson,
uniqueMember:DN:groupOfUniqueNames,
sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,
sendmailMTAAliasURL:URL:sendmailMTAAliasObject
.)b
.pp
That definition specifies that:
.bu
Any value in a
.sm sendmailMTAAliasValue
attribute will be added to the result string regardless of object class.
.bu
The
.sm mail
attribute will be added to the result string if
the LDAP record is a member of the
.sm inetOrgPerson
object class.
.bu
The
.sm uniqueMember
attribute is a recursive attribute, used only in
.sm groupOfUniqueNames
records, and should contain an LDAP DN pointing to another LDAP record.
The desire here is to return the
.sm mail
attribute from those DNs.
.bu
The
.sm sendmailMTAAliasSearch
attribute and
.sm sendmailMTAAliasURL
are both used only if referenced in a
.sm sendmailMTAAliasObject .
They are both recursive, the first for a new LDAP search string and the
latter for an LDAP URL.
.sh 2 "STARTTLS"
.pp
In this section we assume that
.i sendmail
has been compiled with support for STARTTLS.
To properly understand the use of STARTTLS in
.i sendmail ,
it is necessary to understand at least some basics about X.509 certificates
and public key cryptography.
This information can be found in books about SSL/TLS
or on WWW sites, e.g.,
-.q http://www.OpenSSL.org/ .
+.q https://www.OpenSSL.org/ .
.sh 3 "Certificates for STARTTLS"
.pp
When acting as a server,
.i sendmail
requires X.509 certificates to support STARTTLS:
one as certificate for the server (ServerCertFile and corresponding
private ServerKeyFile)
at least one root CA (CACertFile),
i.e., a certificate that is used to sign other certificates,
and a path to a directory which contains (zero or more) other CAs (CACertPath).
The file specified via
CACertFile
can contain several certificates of CAs.
The DNs of these certificates are sent
to the client during the TLS handshake (as part of the
CertificateRequest) as the list of acceptable CAs.
However, do not list too many root CAs in that file, otherwise
the TLS handshake may fail; e.g.,
.(b
error:14094417:SSL routines:SSL3_READ_BYTES:
sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47
.)b
You should probably put only the CA cert into that file
that signed your own cert(s), or at least only those you trust.
The CACertPath directory must contain the hashes of each CA certificate
as filenames (or as links to them).
Symbolic links can be generated with the following
two (Bourne) shell commands:
.(b
C=FileName_of_CA_Certificate
ln -s $C `openssl x509 -noout -hash < $C`.0
.)b
A better way to do this is to use the
.b c_rehash
command that is part of the OpenSSL distribution
because it handles subject hash collisions
by incrementing the number in the suffix of the filename of the symbolic link,
e.g.,
.b \&.0
to
.b \&.1 ,
and so on.
An X.509 certificate is also required for authentication in client mode
(ClientCertFile and corresponding private ClientKeyFile), however,
.i sendmail
will always use STARTTLS when offered by a server.
The client and server certificates can be identical.
Certificates can be obtained from a certificate authority
or created with the help of OpenSSL.
The required format for certificates and private keys is PEM.
To allow for automatic startup of sendmail, private keys
(ServerKeyFile, ClientKeyFile)
must be stored unencrypted.
The keys are only protected by the permissions of the file system.
Never make a private key available to a third party.
.pp
The options
.i ClientCertFile ,
.i ClientKeyFile ,
.i ServerCertFile ,
and
.i ServerKeyFile
can take a second file name,
which must be separated from the first with a comma
(note: do not use any spaces)
to set up a second cert/key pair.
This can be used to have certs of different types,
e.g., RSA and DSA.
.sh 3 "PRNG for STARTTLS"
.pp
STARTTLS requires a strong pseudo random number generator (PRNG)
to operate properly.
Depending on the TLS library you use, it may be required to explicitly
initialize the PRNG with random data.
OpenSSL makes use of
.b /dev/urandom(4)
if available (this corresponds to the compile flag HASURANDOMDEV).
On systems which lack this support, a random file must be specified in the
.i sendmail.cf
file using the option RandFile.
It is
.b strongly
advised to use the "Entropy Gathering Daemon" EGD
from Brian Warner on those systems to provide useful random data.
In this case,
.i sendmail
must be compiled with the flag EGD, and the
RandFile option must point to the EGD socket.
If neither
.b /dev/urandom(4)
nor EGD are available, you have to make sure
that useful random data is available all the time in RandFile.
If the file hasn't been modified in the last 10 minutes before
it is supposed to be used by
.i sendmail
the content is considered obsolete.
One method for generating this file is:
.(b
openssl rand -out /etc/mail/randfile -rand \c
.i /path/to/file:... \c
256
.)b
See the OpenSSL documentation for more information.
In this case, the PRNG for TLS is only
seeded with other random data if the
.b DontBlameSendmail
option
.b InsufficientEntropy
is set.
This is most likely not sufficient for certain actions, e.g.,
generation of (temporary) keys.
.pp
Please see the OpenSSL documentation or other sources
for further information about certificates, their creation and their usage,
the importance of a good PRNG, and other aspects of TLS.
.sh 2 "Encoding of STARTTLS and AUTH related Macros"
.pp
Macros that contain STARTTLS and AUTH related data which comes from outside
sources, e.g., all macros containing information from certificates,
are encoded to avoid problems with non-printable or special characters.
The latter are '\\', '<', '>', '(', ')', '"', '+', and ' '.
All of these characters are replaced by their value in hexadecimal
with a leading '+'.
For example:
.(b
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/
Email=darth+cert@endmail.org
.)b
is encoded as:
.(b
/C=US/ST=California/O=endmail.org/OU=private/
CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
.)b
(line breaks have been inserted for readability).
The macros which are subject to this encoding are
{cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer},
as well as
{auth_authen} and {auth_author}.
+.sh 2 "DANE"
+.pp
+Initial support for DANE (see RFC 7672 et.al.)
+is available if
+.i sendmail
+is compiled with the option
+.b DANE .
+Only TLSA RR 3-1-x (DANE-EE) is currently implemented.
+The option
+.(b
+O DANE=true
+.)b
+enables this feature at run time
+and it automatically adds
+.b use_dnssec
+and
+.b use_edns0
+to
+.(b
+O ResolverOptions
+.)b
+This requires a (preferrably local)
+validating DNS resolver which supports those options.
+
+If the client finds a usable TLSA RR and the check
+succeeds the macro
+.b ${verify}
+is set to
+.b TRUSTED .
+All non-DNS maps are considered
+.i secure
+just like DNS lookups with DNSSEC.
+Be aware that the implementation might not handle all
+error conditions as required by the RFCs.
+Moreover, TLSA RRs are not looked up for some features,
+e.g.,
+.i FallBackSmartHost .
.sh 1 "ACKNOWLEDGEMENTS"
.pp
I've worked on
.i sendmail
for many years,
and many employers have been remarkably patient
about letting me work on a large project
that was not part of my official job.
This includes time on the INGRES Project at
the University of California at Berkeley,
at Britton Lee,
and again on the Mammoth and Titan Projects at Berkeley.
.pp
Much of the second wave of improvements
resulting in version 8.1
should be credited to Bryan Costales of the
International Computer Science Institute.
As he passed me drafts of his book on
.i sendmail
I was inspired to start working on things again.
Bryan was also available to bounce ideas off of.
.pp
Gregory Neil Shapiro
of Worcester Polytechnic Institute
has become instrumental in all phases of
.i sendmail
support and development,
and was largely responsible for getting versions 8.8 and 8.9
out the door.
.pp
Many, many people contributed chunks of code and ideas to
.i sendmail .
It has proven to be a group network effort.
Version 8 in particular was a group project.
The following people and organizations made notable contributions:
.(l
Claus Assmann
John Beck, Hewlett-Packard & Sun Microsystems
Keith Bostic, CSRG, University of California, Berkeley
Andrew Cheng, Sun Microsystems
Michael J. Corrigan, University of California, San Diego
Bryan Costales, International Computer Science Institute & InfoBeat
Pa\*:r (Pell) Emanuelsson
Craig Everhart, Transarc Corporation
Per Hedeland, Ericsson
Tom Ivar Helbekkmo, Norwegian School of Economics
Kari Hurtta, Finnish Meteorological Institute
Allan E. Johannesen, WPI
Jonathan Kamens, OpenVision Technologies, Inc.
Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
Brian Kantor, University of California, San Diego
John Kennedy, Cal State University, Chico
Murray S. Kucherawy, HookUp Communication Corp.
Bruce Lilly, Sony U.S.
Karl London
Motonori Nakamura, Ritsumeikan University & Kyoto University
John Gardiner Myers, Carnegie Mellon University
Neil Rickert, Northern Illinois University
Gregory Neil Shapiro, WPI
Eric Schnoebelen, Convex Computer Corp.
Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
Randall Winchester, University of Maryland
Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
Exactis.com, Inc.
.)l
I apologize for anyone I have omitted, misspelled, misattributed, or
otherwise missed.
At this point, I suspect that at least a hundred people
have contributed code,
and many more have contributed ideas, comments, and encouragement.
I've tried to list them in the RELEASE_NOTES in the distribution directory.
I appreciate their contribution as well.
.pp
Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
who besides being wonderful guinea pigs and contributors
have also consented to be added to the ``sendmail@Sendmail.ORG'' list
and, by answering the bulk of the questions sent to that list,
have freed me up to do other work.
.++ A
.+c "COMMAND LINE FLAGS"
.ba 0
.nr ii 1i
.pp
Arguments must be presented with flags before addresses.
The flags are:
.ip \-A\fIx\fP
Select an alternative .cf file which is either
.i sendmail.cf
for
.b \-Am
or
.i submit.cf
for
.b \-Ac .
By default the .cf file is chosen based on the operation mode.
For
.b -bm
(default),
.b -bs ,
and
.b -t
it is
.i submit.cf
if it exists, for all others it is
.i sendmail.cf .
.ip \-b\fIx\fP
Set operation mode to
.i x .
Operation modes are:
.(b
.ta 4n
m Deliver mail (default)
s Speak SMTP on input side
a\(dg ``Arpanet'' mode (get envelope sender information from header)
C Check the configuration file
d Run as a daemon in background
D Run as a daemon in foreground
t Run in test mode
v Just verify addresses, don't collect or deliver
i Initialize the alias database
p Print the mail queue
P Print overview over the mail queue (requires shared memory)
h Print the persistent host status database
H Purge expired entries from the persistent host status database
.)b
.(f
\(dgDeprecated.
.)f
.ip \-B\fItype\fP
Indicate body type.
.ip \-C\fIfile\fP
Use a different configuration file.
.i Sendmail
runs as the invoking user (rather than root)
when this flag is specified.
.ip "\-D \fIlogfile\fP"
Send debugging output to the indicated
.i logfile
instead of stdout.
.ip \-d\fIlevel\fP
Set debugging level.
.ip "\-f\ \fIaddr\fP"
The envelope sender address is set to
.i addr .
This address may also be used in the From: header
if that header is missing during initial submission.
The envelope sender address is used as the recipient
for delivery status notifications
and may also appear in a Return-Path: header.
.ip \-F\ \fIname\fP
Sets the full name of this user to
.i name .
.ip \-G
When accepting messages via the command line,
indicate that they are for relay (gateway) submission.
sendmail may complain about syntactically invalid messages,
e.g., unqualified host names,
rather than fixing them when this flag is set.
sendmail will not do any canonicalization in this mode.
.ip "\-h\ \fIcnt\fP"
Sets the
.q "hop count"
to
.i cnt .
This represents the number of times this message has been processed
by
.i sendmail
(to the extent that it is supported by the underlying networks).
.i Cnt
is incremented during processing,
and if it reaches
MAXHOP
(currently 25)
.i sendmail
throws away the message with an error.
.ip "\-L \fItag\fP"
Sets the identifier used for syslog.
Note that this identifier is set
as early as possible.
However,
.i sendmail
may be used
if problems arise
before the command line arguments
are processed.
.ip \-n
Don't do aliasing or forwarding.
.ip "\-N \fInotifications\fP"
Tag all addresses being sent as wanting the indicated
.i notifications ,
which consists of the word
.q NEVER
or a comma-separated list of
.q SUCCESS ,
.q FAILURE ,
and
.q DELAY
for successful delivery,
failure,
and a message that is stuck in a queue somewhere.
The default is
.q FAILURE,DELAY .
.ip "\-r\ \fIaddr\fP"
An obsolete form of
.b \-f .
.ip \-o\fIx\|value\fP
Set option
.i x
to the specified
.i value .
These options are described in Section 5.6.
.ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
Set
.i option
to the specified
.i value
(for long form option names).
These options are described in Section 5.6.
.ip \-M\fIx\|value\fP
Set macro
.i x
to the specified
.i value .
.ip \-p\fIprotocol\fP
Set the sending protocol.
Programs are encouraged to set this.
The protocol field can be in the form
.i protocol \c
.b : \c
.i host
to set both the sending protocol and sending host.
For example,
.q \-pUUCP:uunet
sets the sending protocol to UUCP
and the sending host to uunet.
(Some existing programs use \-oM to set the r and s macros;
this is equivalent to using \-p.)
.ip \-q\fItime\fP
Try to process the queued up mail.
If the time is given,
-a
.i sendmail
will start one or more processes to run through the queue(s) at the specified
time interval to deliver queued mail; otherwise, it only runs once.
Each of these processes acts on a workgroup.
These processes are also known as workgroup processes or WGP's for short.
Each workgroup is responsible for controlling the processing of one or
more queues; workgroups help manage the use of system resources by sendmail.
Each workgroup may have one or more children concurrently processing
queues depending on the setting of \fIMaxQueueChildren\fP.
.ip \-qp\fItime\fP
Similar to \-q with a time argument,
except that instead of periodically starting WGP's
sendmail starts persistent WGP's
that alternate between processing queues and sleeping.
The sleep time is specified by the time argument; it defaults to 1 second,
except that a WGP always sleeps at least 5 seconds if their queues were
empty in the previous run.
Persistent processes are managed by a queue control process (QCP).
The QCP is the parent process of the WGP's.
Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD)
or a special process (named Queue control) (when started without \-bd or \-bD).
If a persistent WGP ceases to be active for some reason
another WGP will be started by the QCP for the same workgroup
in most cases. When a persistent WGP has core dumped, the debug flag
\fIno_persistent_restart\fP is set or the specific persistent WGP has been
restarted too many times already then the WGP will not be started again
and a message will be logged to this effect.
To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate
signal should be sent to the QCP. The QCP will propagate the signal to all of
the WGP's and if appropriate restart the persistent WGP's.
.ip \-q\fIGname\fP
Run the jobs in the queue group
.i name
once.
.ip \-q[!]\fIXstring\fP
Run the queue once,
limiting the jobs to those matching
.i Xstring .
The key letter
.i X
can be
.b I
to limit based on queue identifier,
.b R
to limit based on recipient,
.b S
to limit based on sender,
or
.b Q
to limit based on quarantine reason for quarantined jobs.
A particular queued job is accepted if one of the corresponding attributes
contains the indicated
.i string .
The optional ! character negates the condition tested.
Multiple
.i \-q\fIX\fP
flags are permitted,
with items with the same key letter
.q or'ed
together, and items with different key letters
.q and'ed
together.
.ip "\-Q[reason]"
-Quarantine a normal queue items with the given reason or
+Quarantine normal queue items with the given reason or
unquarantine quarantined queue items if no reason is given.
This should only be used with some sort of item matching using
.b \-q[!]\fIXstring\fP
as described above.
.ip "\-R ret"
What information you want returned if the message bounces;
.i ret
can be
.q HDRS
for headers only or
.q FULL
for headers plus body.
This is a request only;
the other end is not required to honor the parameter.
If
.q HDRS
is specified local bounces also return only the headers.
.ip \-t
Read the header for
.q To: ,
.q Cc: ,
and
.q Bcc:
lines, and send to everyone listed in those lists.
The
.q Bcc:
line will be deleted before sending.
Any addresses in the argument vector will be deleted
from the send list.
.ip "\-V envid"
The indicated
.i envid
is passed with the envelope of the message
and returned if the message bounces.
.ip "\-X \fIlogfile\fP"
Log all traffic in and out of
.i sendmail
in the indicated
.i logfile
for debugging mailer problems.
This produces a lot of data very quickly and should be used sparingly.
.pp
There are a number of options that may be specified as
primitive flags.
These are the e, i, m, and v options.
Also,
the f option
may be specified as the
.b \-s
flag.
The DSN related options
.q "\-N" ,
.q "\-R" ,
and
.q "\-V"
have no effects on
.i sendmail
running as daemon.
.+c "QUEUE FILE FORMATS"
.pp
This appendix describes the format of the queue files.
These files live in a queue directory.
The individual qf, hf, Qf, df, and xf files
may be stored in separate
.i qf/ ,
.i df/ ,
and
.i xf/
subdirectories
if they are present in the queue directory.
.pp
All queue files have the name
.i ttYMDhmsNNppppp
where
.i YMDhmsNNppppp
is the
.i id
for this message
and the
.i tt
is a type.
The individual letters in the
.i id
are:
.nr ii 0.5i
.ip Y
Encoded year
.ip M
Encoded month
.ip D
Encoded day
.ip h
Encoded hour
.ip m
Encoded minute
.ip s
Encoded second
.ip NN
Encoded envelope number
.ip ppppp
At least five decimal digits of the process ID
.pp
All files with the same id collectively define one message.
Due to the use of memory-buffered files,
some of these files may never appear on disk.
.pp
The types are:
.nr ii 0.5i
.ip qf
The queue control file.
This file contains the information necessary to process the job.
.ip hf
The same as a queue control file, but for a quarantined queue job.
.ip df
The data file.
The message body (excluding the header) is kept in this file.
Sometimes the df file is not stored in the same directory as the qf file;
in this case,
the qf file contains a `d' record which names the queue directory
that contains the df file.
.ip tf
A temporary file.
This is an image of the
.b qf
file when it is being rebuilt.
It should be renamed to a
.b qf
file very quickly.
.ip xf
A transcript file,
existing during the life of a session
showing everything that happens
during that session.
Sometimes the xf file must be generated before a queue group has been selected;
in this case,
the xf file will be stored in a directory of the default queue group.
.ip Qf
A ``lost'' queue control file.
.i sendmail
renames a
.b qf
file to
.b Qf
if there is a severe (configuration) problem that cannot be solved without
human intervention.
Search the logfile for the queue file id to figure out what happened.
After you resolved the problem, you can rename the
.b Qf
file to
.b qf
and send it again.
.pp
The queue control file is structured as a series of lines
each beginning with a code letter.
The lines are as follows:
.ip V
The version number of the queue file format,
used to allow new
.i sendmail
binaries to read queue files created by older versions.
Defaults to version zero.
Must be the first line of the file if present.
For 8.12 the version number is 6.
.ip A
The information given by the AUTH= parameter of the
.q "MAIL FROM:"
command or $f@$j
if sendmail has been called directly.
.ip H
A header definition.
There may be any number of these lines.
The order is important:
they represent the order in the final message.
These use the same syntax
as header definitions in the configuration file.
.ip C
The controlling address.
The syntax is
.q localuser:aliasname .
Recipient addresses following this line
will be flagged so that deliveries will be run as the
.i localuser
(a user name from the /etc/passwd file);
.i aliasname
is the name of the alias that expanded to this address
(used for printing messages).
.ip q
The quarantine reason for quarantined queue items.
.ip Q
The ``original recipient'',
specified by the ORCPT= field in an ESMTP transaction.
Used exclusively for Delivery Status Notifications.
It applies only to the following `R' line.
.ip r
The ``final recipient''
used for Delivery Status Notifications.
It applies only to the following `R' line.
.ip R
A recipient address.
This will normally be completely aliased,
but is actually realiased when the job is processed.
There will be one line for each recipient.
Version 1 qf files
also include a leading colon-terminated list of flags,
-which can be
+some of which are
`S' to return a message on successful final delivery,
`F' to return a message on failure,
`D' to return a message if the message is delayed,
-`B' to indicate that the body should be returned,
`N' to suppress returning the body,
and
`P' to declare this as a ``primary'' (command line or SMTP-session) address.
.ip S
The sender address.
There may only be one of these lines.
.ip T
The job creation time.
This is used to compute when to time out the job.
.ip P
The current message priority.
This is used to order the queue.
Higher numbers mean lower priorities.
The priority changes
as the message sits in the queue.
The initial priority depends on the message class
and the size of the message.
.ip M
A message.
This line is printed by the
.i mailq
command,
and is generally used to store status information.
It can contain any text.
.ip F
Flag bits, represented as one letter per flag.
Defined flag bits are
.b r
indicating that this is a response message
and
.b w
indicating that a warning message has been sent
announcing that the mail has been delayed.
Other flag bits are:
.b 8 :
the body contains 8bit data,
.b b :
a Bcc: header should be removed,
.b d :
the mail has RET parameters (see RFC 1894),
.b n :
the body of the message should not be returned
in case of an error,
.b s :
the envelope has been split.
.ip N
The total number of delivery attempts.
.ip K
The time (as seconds since January 1, 1970)
of the last delivery attempt.
.ip d
If the df file is in a different directory than the qf file,
then a `d' record is present,
specifying the directory in which the df file resides.
.ip I
The i-number of the data file;
this can be used to recover your mail queue
after a disastrous disk crash.
.ip $
A macro definition.
The values of certain macros
are passed through to the queue run phase.
.ip B
The body type.
The remainder of the line is a text string defining the body type.
If this field is missing,
the body type is assumed to be
.q "undefined"
and no special processing is attempted.
Legal values are
.q 7BIT
and
.q 8BITMIME .
.ip Z
The original envelope id (from the ESMTP transaction).
For Deliver Status Notifications only.
.pp
As an example,
the following is a queue file sent to
.q eric@mammoth.Berkeley.EDU
and
.q bostic@okeeffe.CS.Berkeley.EDU \**:
.(f
\**This example is contrived and probably inaccurate for your environment.
Glance over it to get an idea;
nothing can replace looking at what your own system generates.
.)f
.(b
V4
T711358135
K904446490
N0
P2100941
$_eric@localhost
${daemon_flags}
Seric
Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
RPFD:eric@mammoth.Berkeley.EDU
RPFD:bostic@okeeffe.CS.Berkeley.EDU
H?P?Return-path: <^g>
H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
Fri, 17 Jul 1992 00:28:55 -0700
H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
H?F?From: eric@foo.bar.baz.de (Eric Allman)
H?x?Full-name: Eric Allman
H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
H??To: sendmail@vangogh.CS.Berkeley.EDU
H??Subject: this is an example message
.)b
This shows
the person who sent the message,
the submission time
(in seconds since January 1, 1970),
the message priority,
the message class,
the recipients,
and the headers for the message.
.+c "SUMMARY OF SUPPORT FILES"
.pp
This is a summary of the support files
that
.i sendmail
creates or generates.
Many of these can be changed by editing the sendmail.cf file;
check there to find the actual pathnames.
.nr ii 1i
.ip "/usr/\*(SD/sendmail"
The binary of
.i sendmail .
.ip /usr/\*(SB/newaliases
A link to /usr/\*(SD/sendmail;
causes the alias database to be rebuilt.
Running this program is completely equivalent to giving
.i sendmail
the
.b \-bi
flag.
.ip /usr/\*(SB/mailq
Prints a listing of the mail queue.
This program is equivalent to using the
.b \-bp
flag to
.i sendmail .
.ip /etc/mail/sendmail.cf
The configuration file,
in textual form.
.ip /etc/mail/helpfile
The SMTP help file.
.ip /etc/mail/statistics
A statistics file; need not be present.
.ip /etc/mail/sendmail.pid
Created in daemon mode;
it contains the process id of the current SMTP daemon.
If you use this in scripts;
use ``head \-1'' to get just the first line;
the second line contains the command line used to invoke the daemon,
and later versions of
.i sendmail
may add more information to subsequent lines.
.ip /etc/mail/aliases
The textual version of the alias file.
.ip /etc/mail/aliases.db
The alias file in
.i hash \|(3)
format.
.ip /etc/mail/aliases.{pag,dir}
The alias file in
.i ndbm \|(3)
format.
.ip /var/spool/mqueue
The directory in which the mail queue(s)
and temporary files reside.
.ip /var/spool/mqueue/qf*
Control (queue) files for messages.
.ip /var/spool/mqueue/df*
Data files.
.ip /var/spool/mqueue/tf*
Temporary versions of the qf files,
used during queue file rebuild.
.ip /var/spool/mqueue/xf*
A transcript of the current session.
.if o \
\{\
. bp
. rs
. sp |4i
. ce 2
This page intentionally left blank;
replace it with a blank sheet for double-sided output.
.\}
.\".ro
.\".ls 1
.\".tp
.\".sp 2i
.\".in 0
.\".ce 100
.\".sz 24
.\".b SENDMAIL
.\".sz 14
.\".sp
.\"INSTALLATION AND OPERATION GUIDE
.\".sp
.\".sz 10
.\"Eric Allman
.\".sp
-.\"Version $Revision: 8.759 $
.\".ce 0
.bp 3
.ce
.sz 12
TABLE OF CONTENTS
.sz 10
.sp
.\" remove some things to avoid "out of temp file space" problem
.rm sh
.rm (x
.rm )x
.rm ip
.rm pp
.rm lp
.rm he
.rm fo
.rm eh
.rm oh
.rm ef
.rm of
.xp
.if o \
\{\
. bp
. rs
. sp |4i
. ce 2
This page intentionally left blank;
replace it with a blank sheet for double-sided output.
.\}
diff --git a/doc/op/op.ps b/doc/op/op.ps
index b3026d10c91a..6e0e2cba8e66 100644
--- a/doc/op/op.ps
+++ b/doc/op/op.ps
@@ -1,14811 +1,10337 @@
%!PS-Adobe-3.0
-%%Creator: groff version 1.18.1.1
-%%CreationDate: Fri Jun 19 18:46:22 2015
+%%Creator: groff version 1.19.2
+%%CreationDate: Wed Jul 1 22:01:42 2020
%%DocumentNeededResources: font Times-Bold
%%+ font Times-Roman
%%+ font Times-Italic
%%+ font Symbol
-%%DocumentSuppliedResources: procset grops 1.18 1
-%%Pages: 112
+%%DocumentSuppliedResources: procset grops 1.19 2
+%%Pages: 114
%%PageOrder: Ascend
+%%DocumentMedia: Default 612 792 0 () ()
%%Orientation: Portrait
%%EndComments
+%%BeginDefaults
+%%PageMedia: Default
+%%EndDefaults
%%BeginProlog
-%%BeginResource: procset grops 1.18 1
+%%BeginResource: procset grops 1.19 2
/setpacking where{
pop
currentpacking
true setpacking
}if
/grops 120 dict dup begin
/SC 32 def
/A/show load def
/B{0 SC 3 -1 roll widthshow}bind def
/C{0 exch ashow}bind def
/D{0 exch 0 SC 5 2 roll awidthshow}bind def
/E{0 rmoveto show}bind def
/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
/G{0 rmoveto 0 exch ashow}bind def
/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/I{0 exch rmoveto show}bind def
/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
/K{0 exch rmoveto 0 exch ashow}bind def
/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/M{rmoveto show}bind def
/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
/O{rmoveto 0 exch ashow}bind def
/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/Q{moveto show}bind def
/R{moveto 0 SC 3 -1 roll widthshow}bind def
/S{moveto 0 exch ashow}bind def
/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/SF{
findfont exch
[exch dup 0 exch 0 exch neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/MF{
findfont
[5 2 roll
0 3 1 roll
neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/level0 0 def
/RES 0 def
/PL 0 def
/LS 0 def
/MANUAL{
statusdict begin/manualfeed true store end
}bind def
/PLG{
gsave newpath clippath pathbbox grestore
exch pop add exch pop
}bind def
/BP{
/level0 save def
1 setlinecap
1 setlinejoin
72 RES div dup scale
LS{
90 rotate
}{
0 PL translate
}ifelse
1 -1 scale
}bind def
/EP{
level0 restore
showpage
-}bind def
+}def
/DA{
newpath arcn stroke
}bind def
/SN{
transform
.25 sub exch .25 sub exch
round .25 add exch round .25 add exch
itransform
}bind def
/DL{
SN
moveto
SN
lineto stroke
}bind def
/DC{
newpath 0 360 arc closepath
}bind def
/TM matrix def
/DE{
TM currentmatrix pop
translate scale newpath 0 0 .5 0 360 arc closepath
TM setmatrix
}bind def
/RC/rcurveto load def
/RL/rlineto load def
/ST/stroke load def
/MT/moveto load def
/CL/closepath load def
/Fr{
setrgbcolor fill
}bind def
+/setcmykcolor where{
+pop
/Fk{
setcmykcolor fill
}bind def
+}if
/Fg{
setgray fill
}bind def
/FL/fill load def
/LW/setlinewidth load def
/Cr/setrgbcolor load def
+/setcmykcolor where{
+pop
/Ck/setcmykcolor load def
+}if
/Cg/setgray load def
/RE{
findfont
dup maxlength 1 index/FontName known not{1 add}if dict begin
{
1 index/FID ne{def}{pop pop}ifelse
}forall
/Encoding exch def
dup/FontName exch def
currentdict end definefont pop
}bind def
/DEFS 0 def
/EBEGIN{
moveto
DEFS begin
}bind def
/EEND/end load def
/CNT 0 def
/level1 0 def
/PBEGIN{
/level1 save def
translate
div 3 1 roll div exch scale
neg exch neg exch translate
0 setgray
0 setlinecap
1 setlinewidth
0 setlinejoin
10 setmiterlimit
[]0 setdash
/setstrokeadjust where{
pop
false setstrokeadjust
}if
/setoverprint where{
pop
false setoverprint
}if
newpath
/CNT countdictstack def
userdict begin
/showpage{}def
+/setpagedevice{}def
}bind def
/PEND{
-clear
countdictstack CNT sub{end}repeat
level1 restore
}bind def
end def
/setpacking where{
pop
setpacking
}if
%%EndResource
+%%BeginFeature: *PageSize Default
+<< /PageSize [ 612 792 ] /ImagingBBox null >> setpagedevice
+%%EndFeature
%%IncludeResource: font Times-Bold
%%IncludeResource: font Times-Roman
%%IncludeResource: font Times-Italic
%%IncludeResource: font Symbol
grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
def/PL 792 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron/Zcaron
/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent
/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen
/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon
/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O
/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex
/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y
/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft
/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl
/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen
/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft
/logicalnot/minus/registered/macron/degree/plusminus/twosuperior
/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior
/ordmasculine/guilsinglright/onequarter/onehalf/threequarters
/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE
/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn
/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla
/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
/Times-Italic@0 ENC0/Times-Italic RE/Times-Roman@0 ENC0/Times-Roman RE
/Times-Bold@0 ENC0/Times-Bold RE
%%EndProlog
%%Page: 1 1
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 16/Times-Bold@0 SF<53454e444d41494c>236.833 143.4 Q/F1 10
-/Times-Bold@0 SF<544d>-8 I/F2 12/Times-Bold@0 SF<494e5354>170.172 172.2
-Q<414c4c41>-1.08 E<54494f4e20414e44204f50455241>-1.14 E
-<54494f4e204755494445>-1.14 E/F3 10/Times-Roman@0 SF
-<4572696320416c6c6d616e>263.42 196.2 Q<436c617573204173736d616e6e>256.75
-208.2 Q<477265>244.75 220.2 Q<676f7279204e65696c205368617069726f>-.15 E
-<50726f6f66706f696e742c20496e632e>256.475 232.2 Q -1.11<5665>260.225
-256.2 S<7273696f6e20382e373539>1.11 E -.15<466f>234.465 280.2 S 2.5
-<7253>.15 G<656e646d61696c2056>-2.5 E<657273696f6e20382e3135>-1.11 E/F4
-10/Times-Italic@0 SF<53656e646d61696c>97 324.6 Q/F5 8/Times-Roman@0 SF
-<544d>-5 I F3 .1<696d706c656d656e747320612067656e6572616c20707572706f73
-6520696e7465726e657477>2.6 5 N .1<6f726b206d61696c20726f7574696e672066>
--.1 F .1<6163696c69747920756e6465722074686520554e4958ae206f706572>-.1 F
-<2d>-.2 E .017<6174696e672073797374656d2e>72 336.6 R .017
-<4974206973206e6f74207469656420746f20616e>5.017 F 2.517<796f>-.15 G .017
-<6e65207472616e73706f72742070726f746f636f6c208a206974732066756e6374696f
-6e206d6179206265206c696b>-2.517 F .017
-<656e656420746f20612063726f7373626172207377697463682c>-.1 F 1.036<72656c
-6179696e67206d657373616765732066726f6d206f6e6520646f6d61696e20696e746f20
-616e6f74686572>72 348.6 R 6.036<2e49>-.55 G 3.536<6e74>-6.036 G 1.036<68
-652070726f636573732c2069742063616e20646f2061206c696d6974656420616d6f756e
-74206f66206d657373616765>-3.536 F .604<6865616465722065646974696e672074
-6f2070757420746865206d65737361676520696e746f206120666f726d61742074686174
-20697320617070726f70726961746520666f7220746865207265636569>72 360.6 R
-.604<76696e6720646f6d61696e2e>-.25 F .604<416c6c206f662074686973206973>
-5.604 F<646f6e6520756e6465722074686520636f6e74726f6c206f66206120636f6e8c
-6775726174696f6e208c6c652e>72 372.6 Q .711
-<44756520746f2074686520726571756972656d656e7473206f66208d65>97 388.8 R
-.711<786962696c69747920666f72>-.15 F F4<73656e646d61696c>3.211 E F3
-3.211<2c74>C .71
-<686520636f6e8c6775726174696f6e208c6c652063616e207365656d20736f6d65>
--3.211 F .71<7768617420756e61702d>-.25 F 2.893
-<70726f61636861626c652e20486f>72 400.8 R<7765>-.25 E -.15<7665>-.25 G
-1.193 -.4<722c2074>.15 H .393<6865726520617265206f6e6c792061206665>.4 F
-2.893<7762>-.25 G .394<6173696320636f6e8c6775726174696f6e7320666f72206d
-6f73742073697465732c20666f72207768696368207374616e6461726420636f6e8c6775
-2d>-2.893 F .646<726174696f6e208c6c6573206861>72 412.8 R .946 -.15
-<76652062>-.2 H .646<65656e20737570706c6965642e>.15 F .645
-<4d6f7374206f7468657220636f6e8c6775726174696f6e732063616e2062652062>
-5.646 F .645<75696c742062792061646a757374696e6720616e2065>-.2 F .645
-<78697374696e6720636f6e8c677572612d>-.15 F
-<74696f6e208c6c6520696e6372656d656e74616c6c79>72 424.8 Q<2e>-.65 E F4
-<53656e646d61696c>97 441 Q F3 .903
-<6973206261736564206f6e2052464320383231202853696d706c65204d61696c2054>
-3.403 F .904<72616e73706f72742050726f746f636f6c292c20524643203832322028
-496e7465726e6574204d61696c2048656164657273>-.35 F -.15<466f>72 453 S
-2.518<726d6174292c205246432039373420284d5820726f7574696e67292c2052464320
-313132332028496e7465726e657420486f737420526571756972656d656e7473292c2052
-4643203134313320284964656e74698c636174696f6e>.15 F<73657276>72 465 Q
-1.868<6572292c2052464320313635322028534d545020384249544d494d452045787465
-6e73696f6e292c2052464320313836392028534d5450205365727669636520457874656e
-73696f6e73292c205246432031383730>-.15 F .671<28534d54502053495a45204578
-74656e73696f6e292c2052464320313839312028534d54502044656c69>72 477 R -.15
-<7665>-.25 G .671<727920537461747573204e6f74698c636174696f6e73292c205246
-43203138393220284d756c7469706172742f5265706f7274292c>.15 F 1.273<524643
-20313839332028456e68616e636564204d61696c2053797374656d205374617475732043
-6f646573292c205246432031383934202844656c69>72 489 R -.15<7665>-.25 G
-1.273
-<727920537461747573204e6f74698c636174696f6e73292c205246432031393835>.15
-F .639<28534d5450205365727669636520457874656e73696f6e20666f722052656d6f
-7465204d657373616765205175657565205374617274696e67292c205246432032303333
-20284c6f63616c204d6573736167652054>72 501 R<72616e736d697373696f6e>-.35
-E .242<50726f746f636f6c292c2052464320323033342028534d545020536572766963
-6520457874656e73696f6e20666f722052657475726e696e6720456e68616e6365642045
-72726f7220436f646573292c20524643203230343520284d494d45292c>72 513 R .283
-<524643203234373620284d657373616765205375626d697373696f6e292c2052464320
-323438372028534d5450205365727669636520457874656e73696f6e20666f7220536563
-75726520534d5450206f>72 525 R -.15<7665>-.15 G 2.782<7254>.15 G .282
-<4c53292c20524643>-2.782 F .118<323535342028534d545020536572766963652045
-7874656e73696f6e20666f722041757468656e7469636174696f6e292c20524643203238
-3231202853696d706c65204d61696c2054>72 537 R .118
-<72616e736665722050726f746f636f6c292c205246432032383232>-.35 F .595
-<28496e7465726e6574204d6573736167652046>72 549 R .595
-<6f726d6174292c205246432032383532202844656c69>-.15 F -.15<7665>-.25 G
-3.095<7242>.15 G 3.095<7953>-3.095 G .595<4d5450205365727669636520457874
-656e73696f6e292c20616e642052464320323932302028534d545020536572>-3.095 F
-<2d>-.2 E .608<7669636520457874656e73696f6e20666f7220436f6d6d616e642050
-6970656c696e696e67292e>72 561 R<486f>5.608 E<7765>-.25 E -.15<7665>-.25
-G 1.409 -.4<722c2073>.15 H<696e6365>.4 E F4<73656e646d61696c>3.109 E F3
-.609<69732064657369676e656420746f2077>3.109 F .609
-<6f726b20696e20612077696465722077>-.1 F<6f726c642c>-.1 E<696e206d616e>72
-573 Q 2.5<7963>-.15 G
-<617365732069742063616e20626520636f6e8c677572656420746f2065>-2.5 E
-<78636565642074686573652070726f746f636f6c732e>-.15 E
-<546865736520636173657320617265206465736372696265642068657265696e2e>5 E
-<416c74686f756768>97 589.2 Q F4<73656e646d61696c>3.548 E F3 1.047<697320
-696e74656e64656420746f2072756e20776974686f757420746865206e65656420666f72
-206d6f6e69746f72696e672c206974206861732061206e756d626572206f662066656174
-75726573>3.548 F 1.972<74686174206d6179206265207573656420746f206d6f6e69
-746f72206f722061646a75737420746865206f7065726174696f6e20756e64657220756e
-757375616c2063697263756d7374616e6365732e>72 601.2 R 1.972
-<546865736520666561747572657320617265>6.972 F<6465736372696265642e>72
-613.2 Q .817<53656374696f6e206f6e652064657363726962657320686f>97 629.4 R
-3.317<7774>-.25 G 3.317<6f64>-3.317 G 3.317<6f61>-3.317 G<6261736963>
--.001 E F4<73656e646d61696c>3.316 E F3 3.316
-<696e7374616c6c6174696f6e2e2053656374696f6e>3.316 F<7477>3.316 E 3.316
-<6f65>-.1 G .816<78706c61696e7320746865206461792d746f2d646179>-3.466 F
-.282<696e666f726d6174696f6e20796f752073686f756c64206b6e6f>72 641.4 R
-2.782<7774>-.25 G 2.782<6f6d>-2.782 G .282
-<61696e7461696e20796f7572206d61696c2073797374656d2e>-2.782 F .282
-<496620796f75206861>5.282 F .583 -.15<766520612072>-.2 H<656c617469>.15
-E -.15<7665>-.25 G .283
-<6c79206e6f726d616c20736974652c207468657365207477>.15 F<6f>-.1 E .635
-<73656374696f6e732073686f756c6420636f6e7461696e20737566>72 653.4 R .635<
-8c6369656e7420696e666f726d6174696f6e20666f7220796f7520746f20696e7374616c
-6c>-.25 F F4<73656e646d61696c>3.135 E F3 .634<616e64206b>3.135 F .634
-<6565702069742068617070>-.1 F 4.434 -.65<792e2053>-.1 H .634
-<656374696f6e207468726565>.65 F .509
-<68617320696e666f726d6174696f6e207265>72 665.4 R -.05<6761>-.15 G .509
-<7264696e672074686520636f6d6d616e64206c696e65206172>.05 F 3.009
-<67756d656e74732e2053656374696f6e>-.18 F .51<666f7572206465736372696265
-7320736f6d6520706172616d65746572732074686174206d6179>3.009 F .32 LW 76
-675 72 675 DL 80 675 76 675 DL 84 675 80 675 DL 88 675 84 675 DL 92 675
-88 675 DL 96 675 92 675 DL 100 675 96 675 DL 104 675 100 675 DL 108 675
-104 675 DL 112 675 108 675 DL 116 675 112 675 DL 120 675 116 675 DL 124
-675 120 675 DL 128 675 124 675 DL 132 675 128 675 DL 136 675 132 675 DL
-140 675 136 675 DL 144 675 140 675 DL 148 675 144 675 DL 152 675 148 675
-DL 156 675 152 675 DL 160 675 156 675 DL 164 675 160 675 DL 168 675 164
-675 DL 172 675 168 675 DL 176 675 172 675 DL 180 675 176 675 DL 184 675
-180 675 DL 188 675 184 675 DL 192 675 188 675 DL 196 675 192 675 DL 200
-675 196 675 DL 204 675 200 675 DL 208 675 204 675 DL 212 675 208 675 DL
-216 675 212 675 DL/F6 8/Times-Bold@0 SF<444953434c41494d45523a>93.6 687
-Q F5<5468697320646f63756d656e746174696f6e20697320756e646572206d6f64698c
-636174696f6e2e>2 E<53656e646d61696c20697320612074726164656d61726b206f66
-2050726f6f66706f696e742c20496e632e>93.6 699 Q<55532050>4 E
-<6174656e74204e756d6265727320363836353637312c20363938363033372e>-.12 E
-F1<53656e646d61696c20496e7374616c6c6174696f6e20616e64204f7065726174696f
-6e204775696465>72 756 Q<534d4d3a30382d31>200.86 E 0 Cg EP
+/F0 16/Times-Bold@0 SF(SENDMAIL)236.833 143.4 Q/F1 10/Times-Bold@0 SF
+(TM)-8 I/F2 12/Times-Bold@0 SF(INST)170.172 172.2 Q(ALLA)-1.08 E
+(TION AND OPERA)-1.14 E(TION GUIDE)-1.14 E/F3 10/Times-Roman@0 SF
+(Eric Allman)263.42 196.2 Q(Claus Assmann)256.75 208.2 Q(Gre)244.75
+220.2 Q(gory Neil Shapiro)-.15 E(Proofpoint, Inc.)256.475 232.2 Q -.15
+(Fo)234.465 268.2 S 2.5(rS).15 G(endmail V)-2.5 E(ersion 8.16)-1.11 E/F4
+10/Times-Italic@0 SF(Sendmail)97 312.6 Q/F5 8/Times-Roman@0 SF(TM)-5 I
+F3 .1(implements a general purpose internetw)2.6 5 N .1
+(ork mail routing f)-.1 F .1(acility under the UNIX\256 oper)-.1 F(-)-.2
+E .017(ating system.)72 324.6 R .017(It is not tied to an)5.017 F 2.517
+(yo)-.15 G .017(ne transport protocol \212 its function may be lik)
+-2.517 F .017(ened to a crossbar switch,)-.1 F 1.036
+(relaying messages from one domain into another)72 336.6 R 6.036(.I)-.55
+G 3.536(nt)-6.036 G 1.036
+(he process, it can do a limited amount of message)-3.536 F .604(header\
+ editing to put the message into a format that is appropriate for the r\
+ecei)72 348.6 R .604(ving domain.)-.25 F .604(All of this is)5.604 F
+(done under the control of a con\214guration \214le.)72 360.6 Q .711
+(Due to the requirements of \215e)97 376.8 R .711(xibility for)-.15 F F4
+(sendmail)3.211 E F3 3.211(,t)C .71
+(he con\214guration \214le can seem some)-3.211 F .71(what unap-)-.25 F
+2.893(proachable. Ho)72 388.8 R(we)-.25 E -.15(ve)-.25 G 1.193 -.4(r, t)
+.15 H .393(here are only a fe).4 F 2.893(wb)-.25 G .394
+(asic con\214gurations for most sites, for which standard con\214gu-)
+-2.893 F .646(ration \214les ha)72 400.8 R .946 -.15(ve b)-.2 H .646
+(een supplied.).15 F .645(Most other con\214gurations can be b)5.646 F
+.645(uilt by adjusting an e)-.2 F .645(xisting con\214gura-)-.15 F
+(tion \214le incrementally)72 412.8 Q(.)-.65 E F4(Sendmail)97 429 Q F3
+.903(is based on RFC 821 \(Simple Mail T)3.403 F .904
+(ransport Protocol\), RFC 822 \(Internet Mail Headers)-.35 F -.15(Fo)72
+441 S 2.518(rmat\), RFC 974 \(MX routing\), RFC 1123 \(Internet Host Re\
+quirements\), RFC 1413 \(Identi\214cation).15 F(serv)72 453 Q 1.868(er\
+\), RFC 1652 \(SMTP 8BITMIME Extension\), RFC 1869 \(SMTP Service Exten\
+sions\), RFC 1870)-.15 F .671
+(\(SMTP SIZE Extension\), RFC 1891 \(SMTP Deli)72 465 R -.15(ve)-.25 G
+.671(ry Status Noti\214cations\), RFC 1892 \(Multipart/Report\),).15 F
+1.273(RFC 1893 \(Enhanced Mail System Status Codes\), RFC 1894 \(Deli)72
+477 R -.15(ve)-.25 G 1.273(ry Status Noti\214cations\), RFC 1985).15 F
+.639(\(SMTP Service Extension for Remote Message Queue Starting\), RFC \
+2033 \(Local Message T)72 489 R(ransmission)-.35 E .242(Protocol\), RFC\
+ 2034 \(SMTP Service Extension for Returning Enhanced Error Codes\), RF\
+C 2045 \(MIME\),)72 501 R .283(RFC 2476 \(Message Submission\), RFC 248\
+7 \(SMTP Service Extension for Secure SMTP o)72 513 R -.15(ve)-.15 G
+2.782(rT).15 G .282(LS\), RFC)-2.782 F .118(2554 \(SMTP Service Extensi\
+on for Authentication\), RFC 2821 \(Simple Mail T)72 525 R .118
+(ransfer Protocol\), RFC 2822)-.35 F .904(\(Internet Message F)72 537 R
+.903(ormat\), RFC 2852 \(Deli)-.15 F -.15(ve)-.25 G 3.403(rB).15 G 3.403
+(yS)-3.403 G .903(MTP Service Extension\), RFC 2920 \(SMTP Service)
+-3.403 F 2.201(Extension for Command Pipelining\), and RFC 7505 \(A "Nu\
+ll MX" No Service Resource Record for)72 549 R .678
+(Domains That Accept No Mail\).)72 561 R(Ho)5.678 E(we)-.25 E -.15(ve)
+-.25 G 1.478 -.4(r, s).15 H(ince).4 E F4(sendmail)3.178 E F3 .678
+(is designed to w)3.178 F .677(ork in a wider w)-.1 F .677(orld, in man)
+-.1 F(y)-.15 E(cases it can be con\214gured to e)72 573 Q
+(xceed these protocols.)-.15 E(These cases are described herein.)5 E
+(Although)97 589.2 Q F4(sendmail)3.547 E F3 1.048(is intended to run wi\
+thout the need for monitoring, it has a number of features)3.547 F 1.972
+(that may be used to monitor or adjust the operation under unusual circ\
+umstances.)72 601.2 R 1.972(These features are)6.972 F(described.)72
+613.2 Q .816(Section one describes ho)97 629.4 R 3.316(wt)-.25 G 3.316
+(od)-3.316 G 3.316(oab)-3.316 G(asic)-3.316 E F4(sendmail)3.316 E F3
+3.317(installation. Section)3.317 F(tw)3.317 E 3.317(oe)-.1 G .817
+(xplains the day-to-day)-3.467 F .283(information you should kno)72
+641.4 R 2.783(wt)-.25 G 2.783(om)-2.783 G .282
+(aintain your mail system.)-2.783 F .282(If you ha)5.282 F .582 -.15
+(ve a r)-.2 H(elati).15 E -.15(ve)-.25 G .282(ly normal site, these tw)
+.15 F(o)-.1 E .634(sections should contain suf)72 653.4 R .635
+(\214cient information for you to install)-.25 F F4(sendmail)3.135 E F3
+.635(and k)3.135 F .635(eep it happ)-.1 F 4.435 -.65(y. S)-.1 H .635
+(ection three).65 F .51(has information re)72 665.4 R -.05(ga)-.15 G
+.509(rding the command line ar).05 F 3.009(guments. Section)-.18 F .509
+(four describes some parameters that may)3.009 F .32 LW 76 675 72 675 DL
+80 675 76 675 DL 84 675 80 675 DL 88 675 84 675 DL 92 675 88 675 DL 96
+675 92 675 DL 100 675 96 675 DL 104 675 100 675 DL 108 675 104 675 DL
+112 675 108 675 DL 116 675 112 675 DL 120 675 116 675 DL 124 675 120 675
+DL 128 675 124 675 DL 132 675 128 675 DL 136 675 132 675 DL 140 675 136
+675 DL 144 675 140 675 DL 148 675 144 675 DL 152 675 148 675 DL 156 675
+152 675 DL 160 675 156 675 DL 164 675 160 675 DL 168 675 164 675 DL 172
+675 168 675 DL 176 675 172 675 DL 180 675 176 675 DL 184 675 180 675 DL
+188 675 184 675 DL 192 675 188 675 DL 196 675 192 675 DL 200 675 196 675
+DL 204 675 200 675 DL 208 675 204 675 DL 212 675 208 675 DL 216 675 212
+675 DL/F6 8/Times-Bold@0 SF(DISCLAIMER:)93.6 687 Q F5
+(This documentation is under modi\214cation.)2 E
+(Sendmail is a trademark of Proofpoint, Inc.)93.6 699 Q(US P)4 E
+(atent Numbers 6865671, 6986037.)-.12 E F1
+(Sendmail Installation and Operation Guide)72 756 Q(SMM:08-1)200.86 E 0
+Cg EP
%%Page: 2 2
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 198.36<534d4d3a30382d322053656e646d61696c>72 60 R
-<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .363<626520736166656c7920747765616b>72 96 R
-2.862<65642e2053656374696f6e>-.1 F<8c76>2.862 E 2.862<6563>-.15 G .362<
-6f6e7461696e7320746865206e697474792d67726974747920696e666f726d6174696f6e
-2061626f75742074686520636f6e8c6775726174696f6e208c6c652e>-2.862 F .362
-<54686973207365632d>5.362 F .142<74696f6e20697320666f72206d61736f636869
-73747320616e642070656f706c652077686f206d75737420777269746520746865697220
-6f>72 108 R .143<776e20636f6e8c6775726174696f6e208c6c652e>-.25 F .143
-<53656374696f6e207369782064657363726962657320636f6e8c672d>5.143 F .228<
-75726174696f6e20746861742063616e20626520646f6e6520617420636f6d70696c6520
-74696d652e>72 120 R .227<54686520617070656e646978>5.227 F .227
-<6573206769>-.15 F .527 -.15<766520612062>-.25 H .227<726965662062>.15 F
-.227<75742064657461696c65642065>-.2 F .227
-<78706c616e6174696f6e206f662061206e756d626572>-.15 F<6f6620666561747572
-6573206e6f742064657363726962656420696e207468652072657374206f662074686520
-7061706572>72 132 Q<2e>-.55 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 198.36(SMM:08-2 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .362
+(be safely tweak)72 96 R 2.862(ed. Section)-.1 F<8c76>2.862 E 2.862(ec)
+-.15 G .362
+(ontains the nitty-gritty information about the con\214guration \214le.)
+-2.862 F .363(This sec-)5.363 F .143
+(tion is for masochists and people who must write their o)72 108 R .142
+(wn con\214guration \214le.)-.25 F .142(Section six describes con\214g-)
+5.142 F .227(uration that can be done at compile time.)72 120 R .227
+(The appendix)5.227 F .227(es gi)-.15 F .527 -.15(ve a b)-.25 H .227
+(rief b).15 F .227(ut detailed e)-.2 F .228(xplanation of a number)-.15
+F(of features not described in the rest of the paper)72 132 Q(.)-.55 E 0
+Cg EP
%%Page: 7 3
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d37>200.86 E 2.5
-<312e2042>72 96 R<4153494320494e5354>-.3 E<414c4c41>-.9 E<54494f4e>-.95
-E/F1 10/Times-Roman@0 SF .126<546865726520617265207477>112 112.2 R 2.626
-<6f62>-.1 G .126<6173696320737465707320746f20696e7374616c6c696e67>-2.626
-F/F2 10/Times-Italic@0 SF<73656e646d61696c>2.626 E F1 5.126<2e46>C .126
-<697273742c20796f75206861>-5.126 F .426 -.15<76652074>-.2 H 2.626<6f63>
-.15 G .127<6f6d70696c6520616e6420696e7374616c6c207468652062696e617279>
--2.626 F<2e>-.65 E<4966>87 124.2 Q F2<73656e646d61696c>2.889 E F1 .388<
-68617320616c7265616479206265656e20706f7274656420746f20796f7572206f706572
-6174696e672073797374656d20746861742073686f756c642062652073696d706c652e>
-2.889 F .388<5365636f6e642c20796f75206d757374>5.388 F -.2<6275>87 136.2
-S .278<696c6420612072756e2d74696d6520636f6e8c6775726174696f6e208c6c652e>
-.2 F .278<546869732069732061208c6c652074686174>5.278 F F2
-<73656e646d61696c>2.778 E F1 .279<7265616473207768656e206974207374617274
-7320757020746861742064657363726962657320746865>2.778 F .532
-<6d61696c657273206974206b6e6f>87 148.2 R .532<77732061626f75742c20686f>
--.25 F 3.031<7774>-.25 G 3.031<6f70>-3.031 G .531
-<61727365206164647265737365732c20686f>-3.031 F 3.031<7774>-.25 G 3.031
-<6f72>-3.031 G -.25<6577>-3.031 G .531
-<7269746520746865206d65737361676520686561646572>.25 F 3.031<2c61>-.4 G
-.531<6e64207468652073657474696e6773206f66>-3.031 F -.25<7661>87 160.2 S
-.868<72696f7573206f7074696f6e732e>.25 F .868<416c74686f7567682074686520
-636f6e8c6775726174696f6e208c6c652063616e20626520717569746520636f6d706c65>
-5.868 F .869
-<782c206120636f6e8c6775726174696f6e2063616e20757375616c6c79206265>-.15 F
--.2<6275>87 172.2 S 1.112<696c74207573696e6720616e204d342d62617365642063
-6f6e8c6775726174696f6e206c616e67756167652e>.2 F 1.112
-<417373756d696e6720796f75206861>6.112 F 1.411 -.15<76652074>-.2 H 1.111
-<6865207374616e64617264>.15 F F2<73656e646d61696c>3.611 E F1
-<64697374726962>3.611 E<752d>-.2 E<74696f6e2c20736565>87 184.2 Q F2
-<63662f524541444d45>2.5 E F1
-<666f72206675727468657220696e666f726d6174696f6e2e>2.5 E .192<5468652072
-656d61696e646572206f6620746869732073656374696f6e2077696c6c20646573637269
-62652074686520696e7374616c6c6174696f6e206f66>112 200.4 R F2
-<73656e646d61696c>2.692 E F1 .192
-<617373756d696e6720796f752063616e20757365206f6e65>2.692 F 1.432
-<6f66207468652065>87 212.4 R 1.432<78697374696e6720636f6e8c677572617469
-6f6e7320616e64207468617420746865207374616e6461726420696e7374616c6c617469
-6f6e20706172616d6574657273206172652061636365707461626c652e>-.15 F 1.431
-<416c6c20706174682d>6.431 F .976<6e616d657320616e642065>87 224.4 R .976
-<78616d706c657320617265206769>-.15 F -.15<7665>-.25 G 3.476<6e66>.15 G
-.976<726f6d2074686520726f6f74206f6620746865>-3.476 F F2
-<73656e646d61696c>3.476 E F1 .977<737562747265652c206e6f726d616c6c79>
-3.476 F F2<2f7573722f7372>3.477 E<632f757372>-.37 E
-<2e7362696e2f73656e642d>-1.11 E<6d61696c>87 236.4 Q F1
-<6f6e20342e344253442d62617365642073797374656d732e>2.5 E .166
-<436f6e74696e7565207769746820746865206e65>112 252.6 R .166
-<78742073656374696f6e20696620796f75206e6565642f77>-.15 F .166
-<616e7420746f20636f6d70696c65>-.1 F F2<73656e646d61696c>2.666 E F1 2.665
-<796f757273656c662e204966>2.665 F .165<796f75206861>2.665 F .465 -.15
-<766520612072>-.2 H<756e2d>.15 E<6e696e672062696e61727920616c7265616479
-206f6e20796f75722073797374656d2c20796f752073686f756c642070726f6261626c79
-20736b697020746f2073656374696f6e20312e322e>87 264.6 Q F0 2.5
-<312e312e20436f6d70696c696e67>87 288.6 R<53656e646d61696c>2.5 E F1
-<416c6c>127 304.8 Q F2<73656e646d61696c>2.57 E F1 .07
-<736f7572636520697320696e20746865>2.57 F F2<73656e646d61696c>2.571 E F1
-<7375626469726563746f7279>2.571 E 5.071<2e54>-.65 G 2.571<6f63>-5.871 G
-.071<6f6d70696c652073656e646d61696c2c209963649a20696e746f20746865>-2.571
-F F2<73656e642d>2.571 E<6d61696c>102 316.8 Q F1
-<6469726563746f727920616e642074797065>2.5 E<2e2f4275696c64>142 333 Q
-1.411<546869732077696c6c206c6561>102 349.2 R 1.711 -.15<76652074>-.2 H
-1.411<68652062696e61727920696e20616e20617070726f7072696174656c79206e616d
-6564207375626469726563746f7279>.15 F 3.911<2c65>-.65 G 1.41
-<2e672e2c206f626a2e4253442d4f532e322e312e693338362e>-3.911 F<4974>6.41 E
--.1<776f>102 361.2 S<726b7320666f72206d756c7469706c65206f626a6563742076>
-.1 E<657273696f6e7320636f6d70696c6564206f7574206f66207468652073616d6520
-6469726563746f7279>-.15 E<2e>-.65 E F0 2.5<312e312e312e2054>102 385.2 R
-<7765616b696e6720746865204275696c6420496e>-.74 E -.1<766f>-.4 G
-<636174696f6e>.1 E F1 -1.1<596f>142 401.4 S 2.904<7563>1.1 G .404
-<616e206769>-2.904 F .704 -.15<76652070>-.25 H .404
-<6172616d6574657273206f6e20746865>.15 F F2<4275696c64>2.905 E F1 2.905
-<636f6d6d616e642e20496e>2.905 F .405
-<6d6f737420636173657320746865736520617265206f6e6c792075736564207768656e>
-2.905 F<746865>117 413.4 Q F2<6f626a2e2a>2.5 E F1
-<6469726563746f7279206973208c72737420637265617465642e>5 E 1.6 -.8
-<546f2072>5 H<6573746172742066726f6d20736372617463682c20757365>.8 E F2
-<2d63>2.5 E F1 5<2e54>C<6865736520636f6d6d616e647320696e636c7564653a>-5
-E<ad4c>117 429.6 Q F2<6c6962646972>2.5 E<73>-.1 E F1 2.5<416c>153 441.6
-S<697374206f66206469726563746f7269657320746f2073656172636820666f72206c69
-627261726965732e>-2.5 E<ad49>117 457.8 Q F2<696e63646972>2.5 E<73>-.1 E
-F1 2.5<416c>153 469.8 S<697374206f66206469726563746f7269657320746f207365
-6172636820666f7220696e636c756465208c6c65732e>-2.5 E<ad45>117 486 Q F2
-<656e>2.5 E<766172>-.4 E F1<3d>A F2<76616c7565>A F1<53657420616e20656e>
-153 498 Q<7669726f6e6d656e742076>-.4 E
-<61726961626c6520746f20616e20696e64696361746564>-.25 E F2<76616c7565>2.5
-E F1<6265666f726520636f6d70696c696e672e>2.5 E 23.42<ad6320437265617465>
-117 514.2 R 2.5<616e>2.5 G -.25<6577>-2.5 G F2<6f626a2e2a>2.75 E F1
-<74726565206265666f72652072756e6e696e672e>5 E<ad66>117 530.4 Q F2
-<73697465636f6e8c67>2.5 E F1 2.193<526561642074686520696e64696361746564
-207369746520636f6e8c6775726174696f6e208c6c652e>153 542.4 R 2.192
-<4966207468697320706172616d65746572206973206e6f742073706563698c65642c>
-7.193 F F2<4275696c64>4.692 E F1<696e636c75646573>153 554.4 Q F2<616c6c>
-11.511 E F1 9.011<6f6620746865208c6c6573>11.511 F F2<2442>11.512 E
-<55494c4454>-.1 E<4f4f4c532f536974652f73697465>-.18 E<2e246f736366>-.15
-E<2e6d34>-.15 E F1<616e64>11.512 E F2<2442>11.512 E<55494c442d>-.1 E
--.18<544f>153 566.4 S<4f4c532f536974652f73697465>.18 E<2e636f6e8c67>-.15
-E<2e6d34>-.15 E F1 2.985<2c77>C .485<68657265202442>-2.985 F<55494c4454>
--.1 E .485<4f4f4c53206973206e6f726d616c6c79>-.18 F F2<2e2e2f6465>2.985 E
-<76746f6f6c73>-.15 E F1 .485<616e6420246f736366206973>2.985 F .678
-<7468652073616d65206e616d652061732075736564206f6e20746865>153 578.4 R F2
-<6f626a2e2a>3.178 E F1<6469726563746f7279>5.678 E 5.678<2e53>-.65 G .678
-<65652062656c6f>-5.678 F 3.178<7766>-.25 G .678
-<6f722061206465736372697074696f6e206f66207468652073697465>-3.178 F
-<636f6e8c6775726174696f6e208c6c652e>153 590.4 Q 22.3<ad5320536b6970>117
-606.6 R<6175746f2d636f6e8c6775726174696f6e2e>4.421 E F2<4275696c64>6.921
-E F1 1.921<77696c6c2061>4.421 F -.2<766f>-.2 G 1.921<6964206175746f2d64
-6574656374696e67206c69627261726965732069662074686973206973207365742e>.2
-F<416c6c>6.92 E<6c696272617269657320616e64206d61702064658c6e6974696f6e73
-206d7573742062652073706563698c656420696e20746865207369746520636f6e8c6775
-726174696f6e208c6c652e>153 618.6 Q 5.606<4d6f7374206f746865722070617261
-6d6574657273206172652070617373656420746f20746865>117 634.8 R F2<6d616b>
-8.107 E<65>-.1 E F1 5.607
-<70726f6772616d3b20666f722064657461696c7320736565>8.107 F F2<2442>8.107
-E<55494c442d>-.1 E -.18<544f>117 646.8 S<4f4c532f524541444d45>.18 E F1
-<2e>A F0 2.5<312e312e322e204372>102 670.8 R
-<656174696e672061205369746520436f6e8c6775726174696f6e2046696c65>-.18 E
-F1 1.09
-<28546869732073656374696f6e206973206e6f742079657420636f6d706c6574652e>
-142 687 R -.15<466f>6.089 G 3.589<726e>.15 G -.25<6f77>-3.589 G 3.589
-<2c73>-.4 G 1.089<656520746865208c6c65206465>-3.589 F 1.089
-<76746f6f6c732f524541444d4520666f722064657461696c732e29>-.25 F
-<5365652073656e646d61696c2f524541444d4520666f722076>117 699 Q<6172696f75
-7320636f6d70696c6174696f6e208d61677320746861742063616e206265207365742e>
--.25 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-7)200.86 E 2.5(1. B)72 96 R(ASIC INST)-.3 E(ALLA)-.9 E(TION)-.95
+E/F1 10/Times-Roman@0 SF .127(There are tw)112 112.2 R 2.627(ob)-.1 G
+.126(asic steps to installing)-2.627 F/F2 10/Times-Italic@0 SF(sendmail)
+2.626 E F1 5.126(.F)C .126(irst, you ha)-5.126 F .426 -.15(ve t)-.2 H
+2.626(oc).15 G .126(ompile and install the binary)-2.626 F(.)-.65 E(If)
+87 124.2 Q F2(sendmail)2.888 E F1 .388(has already been ported to your \
+operating system that should be simple.)2.888 F .389(Second, you must)
+5.388 F -.2(bu)87 136.2 S .279(ild a run-time con\214guration \214le.).2
+F .278(This is a \214le that)5.279 F F2(sendmail)2.778 E F1 .278
+(reads when it starts up that describes the)2.778 F .531(mailers it kno)
+87 148.2 R .531(ws about, ho)-.25 F 3.031(wt)-.25 G 3.031(op)-3.031 G
+.531(arse addresses, ho)-3.031 F 3.031(wt)-.25 G 3.031(or)-3.031 G -.25
+(ew)-3.031 G .531(rite the message header).25 F 3.031(,a)-.4 G .532
+(nd the settings of)-3.031 F -.25(va)87 160.2 S .869(rious options.).25
+F .869(Although the con\214guration \214le can be quite comple)5.869 F
+.868(x, a con\214guration can usually be)-.15 F -.2(bu)87 172.2 S 1.111
+(ilt using an M4-based con\214guration language.).2 F 1.112
+(Assuming you ha)6.112 F 1.412 -.15(ve t)-.2 H 1.112(he standard).15 F
+F2(sendmail)3.612 E F1(distrib)3.612 E(u-)-.2 E(tion, see)87 184.2 Q F2
+(cf/README)2.5 E F1(for further information.)2.5 E .192
+(The remainder of this section will describe the installation of)112
+200.4 R F2(sendmail)2.692 E F1 .192(assuming you can use one)2.692 F
+1.431(of the e)87 212.4 R 1.432(xisting con\214gurations and that the s\
+tandard installation parameters are acceptable.)-.15 F 1.432(All path-)
+6.432 F .977(names and e)87 224.4 R .976(xamples are gi)-.15 F -.15(ve)
+-.25 G 3.476(nf).15 G .976(rom the root of the)-3.476 F F2(sendmail)
+3.476 E F1 .976(subtree, normally)3.476 F F2(/usr/sr)3.476 E(c/usr)-.37
+E(.sbin/send-)-1.11 E(mail)87 236.4 Q F1(on 4.4BSD-based systems.)2.5 E
+.165(Continue with the ne)112 252.6 R .165(xt section if you need/w)-.15
+F .166(ant to compile)-.1 F F2(sendmail)2.666 E F1 2.666(yourself. If)
+2.666 F .166(you ha)2.666 F .466 -.15(ve a r)-.2 H(un-).15 E(ning binar\
+y already on your system, you should probably skip to section 1.2.)87
+264.6 Q F0 2.5(1.1. Compiling)87 288.6 R(Sendmail)2.5 E F1(All)127 304.8
+Q F2(sendmail)2.571 E F1 .071(source is in the)2.571 F F2(sendmail)2.571
+E F1(subdirectory)2.571 E 5.071(.T)-.65 G 2.571(oc)-5.871 G .07
+(ompile sendmail, \231cd\232 into the)-2.571 F F2(send-)2.57 E(mail)102
+316.8 Q F1(directory and type)2.5 E(./Build)142 333 Q 1.41
+(This will lea)102 349.2 R 1.711 -.15(ve t)-.2 H 1.411
+(he binary in an appropriately named subdirectory).15 F 3.911(,e)-.65 G
+1.411(.g., obj.BSD-OS.2.1.i386.)-3.911 F(It)6.411 E -.1(wo)102 361.2 S
+(rks for multiple object v).1 E
+(ersions compiled out of the same directory)-.15 E(.)-.65 E F0 2.5
+(1.1.1. T)102 385.2 R(weaking the Build In)-.74 E -.1(vo)-.4 G(cation).1
+E F1 -1.1(Yo)142 401.4 S 2.905(uc)1.1 G .405(an gi)-2.905 F .705 -.15
+(ve p)-.25 H .405(arameters on the).15 F F2(Build)2.905 E F1 2.905
+(command. In)2.905 F .404(most cases these are only used when)2.905 F
+(the)117 413.4 Q F2(obj.*)2.5 E F1(directory is \214rst created.)5 E 1.6
+-.8(To r)5 H(estart from scratch, use).8 E F2(-c)2.5 E F1 5(.T)C
+(hese commands include:)-5 E<ad4c>117 429.6 Q F2(libdir)2.5 E(s)-.1 E F1
+2.5(Al)153 441.6 S(ist of directories to search for libraries.)-2.5 E
+<ad49>117 457.8 Q F2(incdir)2.5 E(s)-.1 E F1 2.5(Al)153 469.8 S
+(ist of directories to search for include \214les.)-2.5 E<ad45>117 486 Q
+F2(en)2.5 E(var)-.4 E F1(=)A F2(value)A F1(Set an en)153 498 Q
+(vironment v)-.4 E(ariable to an indicated)-.25 E F2(value)2.5 E F1
+(before compiling.)2.5 E 23.42(\255c Create)117 514.2 R 2.5(an)2.5 G
+-.25(ew)-2.5 G F2(obj.*)2.75 E F1(tree before running.)5 E<ad66>117
+530.4 Q F2(sitecon\214g)2.5 E F1 2.192
+(Read the indicated site con\214guration \214le.)153 542.4 R 2.193
+(If this parameter is not speci\214ed,)7.192 F F2(Build)4.693 E F1
+(includes)153 554.4 Q F2(all)11.512 E F1 9.012(of the \214les)11.512 F
+F2($B)11.511 E(UILDT)-.1 E(OOLS/Site/site)-.18 E(.$oscf)-.15 E(.m4)-.15
+E F1(and)11.511 E F2($B)11.511 E(UILD-)-.1 E -.18(TO)153 566.4 S
+(OLS/Site/site).18 E(.con\214g)-.15 E(.m4)-.15 E F1 2.985(,w)C .485
+(here $B)-2.985 F(UILDT)-.1 E .485(OOLS is normally)-.18 F F2(../de)
+2.985 E(vtools)-.15 E F1 .485(and $oscf is)2.985 F .678
+(the same name as used on the)153 578.4 R F2(obj.*)3.178 E F1(directory)
+5.678 E 5.678(.S)-.65 G .678(ee belo)-5.678 F 3.178(wf)-.25 G .678
+(or a description of the site)-3.178 F(con\214guration \214le.)153 590.4
+Q 22.3(\255S Skip)117 606.6 R(auto-con\214guration.)4.42 E F2(Build)
+6.921 E F1 1.921(will a)4.421 F -.2(vo)-.2 G 1.921
+(id auto-detecting libraries if this is set.).2 F(All)6.921 E(libraries\
+ and map de\214nitions must be speci\214ed in the site con\214guration \
+\214le.)153 618.6 Q 5.607(Most other parameters are passed to the)117
+634.8 R F2(mak)8.107 E(e)-.1 E F1 5.606(program; for details see)8.107 F
+F2($B)8.106 E(UILD-)-.1 E -.18(TO)117 646.8 S(OLS/README).18 E F1(.)A F0
+2.5(1.1.2. Cr)102 670.8 R(eating a Site Con\214guration File)-.18 E F1
+4.321(See sendmail/README for v)142 687 R 4.322
+(arious compilation \215ags that can be set, and de)-.25 F(v-)-.25 E
+(tools/README for details ho)117 699 Q 2.5(wt)-.25 G 2.5(os)-2.5 G
+(et them.)-2.5 E 0 Cg EP
%%Page: 8 4
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 198.36<534d4d3a30382d382053656e646d61696c>72 60 R
-<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-2.5<312e312e332e2054>102 96 R<7765616b696e6720746865204d616b>-.74 E
-<658c6c65>-.1 E/F1 10/Times-Italic@0 SF<53656e646d61696c>142 112.2 Q/F2
-10/Times-Roman@0 SF 2.18<737570706f727473207477>4.68 F 4.681<6f64>-.1 G
-<6966>-4.681 E 2.181<666572656e7420666f726d61747320666f7220746865206c6f
-63616c20286f6e206469736b292076>-.25 F 2.181
-<657273696f6e206f66206461746162617365732c>-.15 F<6e6f7461626c7920746865>
-117 124.2 Q F1<616c6961736573>2.5 E F2 2.5<64617461626173652e204174>2.5
-F<6c65617374206f6e65206f662074686573652073686f756c642062652064658c6e6564
-20696620617420616c6c20706f737369626c652e>2.5 E 39.5<4e44424d20546865>117
-140.4 R -.74<6060>3.167 G<6e65>.74 E 3.167<7744>-.25 G<424d27>-3.167 E
-3.167<2766>-.74 G .667<6f726d61742c2061>-3.167 F -.25<7661>-.2 G .666<69
-6c61626c65206f6e206e6561726c7920616c6c2073797374656d732061726f756e642074
-6f646179>.25 F 5.666<2e54>-.65 G<686973>-5.666 E -.1<7761>189 152.4 S
-3.54<7374>.1 G 1.041<68652070726566657272656420666f726d6174207072696f72
-20746f20342e344253442e>-3.54 F 1.041<497420616c6c6f>6.041 F 1.041
-<7773207375636820636f6d706c65>-.25 F 3.541<7874>-.15 G 1.041
-<68696e6773206173>-3.541 F<6d756c7469706c652064617461626173657320616e64
-20636c6f73696e6720612063757272656e746c79206f70656e2064617461626173652e>
-189 164.4 Q 32.84<4e4557444220546865>117 180.6 R<4265726b>3.788 E
-<656c65>-.1 E 3.788<7944>-.15 G 3.788<4270>-3.788 G 3.788
-<61636b6167652e204966>-3.788 F 1.288<796f75206861>3.788 F 1.588 -.15
-<76652074>-.2 H 1.288<6869732c207573652069742e>.15 F 1.287
-<497420616c6c6f>6.287 F 1.287<7773206c6f6e67207265636f7264732c>-.25 F
-2.56<6d756c7469706c65206f70656e206461746162617365732c207265616c20696e2d
-6d656d6f72792063616368696e672c20616e6420736f20666f7274682e>189 192.6 R
--1.1<596f>7.56 G 5.06<7563>1.1 G<616e>-5.06 E .469
-<64658c6e65207468697320696e20636f6e6a756e6374696f6e2077697468>189 204.6
-R/F3 9/Times-Roman@0 SF<4e44424d>2.969 E F2 2.969<3b69>C 2.968<6679>
--2.969 G .468<6f7520646f2c206f6c6420616c69617320646174616261736573206172
-6520726561642c>-2.968 F -.2<6275>189 216.6 S 3.108<7477>.2 G .608
-<68656e2061206e65>-3.108 F 3.108<7764>-.25 G .608<6174616261736520697320
-637265617465642069742077696c6c20626520696e204e4557444220666f726d61742e>
--3.108 F .608<41732061206e61737479>5.608 F 1.804
-<6861636b2c20696620796f75206861>189 228.6 R 2.104 -.15<7665204e>-.2 H
-1.804<455744422c204e44424d2c20616e64204e49532064658c6e65642c20616e642069
-662074686520616c696173208c6c65>.15 F .123
-<6e616d6520696e636c756465732074686520737562737472696e6720992f79702f9a2c>
-189 240.6 R F1<73656e646d61696c>2.623 E F2 .123
-<77696c6c2063726561746520626f7468206e65>2.623 F 2.624<7761>-.25 G .124
-<6e64206f6c642076>-2.624 F<6572>-.15 E<2d>-.2 E 1.08
-<73696f6e73206f662074686520616c696173208c6c6520647572696e672061>189
-252.6 R F1<6e65>3.58 E<77616c696173>-.15 E F2 3.58
-<636f6d6d616e642e2054686973>3.58 F 1.08
-<69732072657175697265642062656361757365>3.58 F .845<7468652053756e204e49
-532f59502073797374656d207265616473207468652044424d2076>189 264.6 R .845
-<657273696f6e206f662074686520616c696173208c6c652e>-.15 F<497427>5.845 E
-3.345<7375>-.55 G .845<676c79206173>-3.345 F<73696e2c2062>189 276.6 Q
-<75742069742077>-.2 E<6f726b732e>-.1 E 1.112
-<4966206e656974686572206f66207468657365206172652064658c6e65642c>117
-292.8 R F1<73656e646d61696c>3.612 E F2 1.112<72656164732074686520616c69
-6173208c6c6520696e746f206d656d6f7279206f6e2065>3.612 F -.15<7665>-.25 G
-1.112<727920696e>.15 F -.2<766f>-.4 G<636174696f6e2e>.2 E 1.042
-<546869732063616e20626520736c6f>117 304.8 R 3.542<7761>-.25 G 1.043
-<6e642073686f756c642062652061>-3.542 F -.2<766f>-.2 G 3.543
-<696465642e205468657265>.2 F 1.043<61726520616c736f207365>3.543 F -.15
-<7665>-.25 G 1.043
-<72616c206d6574686f647320666f722072656d6f7465206461746162617365>.15 F
-<6163636573733a>117 316.8 Q<4c44>117 333 Q 43.79
-<4150204c69676874776569676874>-.4 F
-<4469726563746f7279204163636573732050726f746f636f6c2e>2.5 E 53.39
-<4e49532053756e27>117 349.2 R 2.5<734e>-.55 G<657477>-2.5 E<6f726b20496e
-666f726d6174696f6e2053657276696365732028666f726d65726c79205950292e>-.1 E
-28.94<4e4953504c55532053756e27>117 365.4 R 2.5<734e>-.55 G
-<49532b2073657276696365732e>-2.5 E 26.73<4e4554494e464f204e65585427>117
-381.6 R 2.5<734e>-.55 G<6574496e666f20736572766963652e>-2.5 E 32.84
-<484553494f4420486573696f64>117 397.8 R
-<73657276696365202866726f6d20417468656e61292e>2.5 E .086
-<4f7468657220636f6d70696c6174696f6e208d616773206172652073657420696e>117
-414 R F1<636f6e66>2.586 E<2e68>-.15 E F2 .085<616e642073686f756c64206265
-2070726564658c6e656420666f7220796f7520756e6c65737320796f752061726520706f
-7274696e67>2.586 F<746f2061206e65>117 426 Q 2.5<7765>-.25 G -.4<6e76>
--2.5 G 2.5<69726f6e6d656e742e2046>.4 F
-<6f72206d6f7265206f7074696f6e7320736565>-.15 E F1
-<73656e646d61696c2f524541444d45>2.5 E F2<2e>A F0 2.5
-<312e312e342e20436f6d70696c6174696f6e>102 450 R
-<616e6420696e7374616c6c6174696f6e>2.5 E F2 .308<4166746572206d616b696e67
-20746865206c6f63616c2073797374656d20636f6e8c6775726174696f6e206465736372
-696265642061626f>142 466.2 R -.15<7665>-.15 G 2.809<2c59>.15 G .309
-<6f752073686f756c642062652061626c6520746f20636f6d2d>-3.909 F
-<70696c6520616e6420696e7374616c6c207468652073797374656d2e>117 478.2 Q<54
-68652073637269707420994275696c649a20697320746865206265737420617070726f61
-6368206f6e206d6f73742073797374656d733a>5 E<2e2f4275696c64>157 494.4 Q
-<546869732077696c6c20757365>117 510.6 Q F1<756e616d65>2.5 E F2
-<28312920746f20637265617465206120637573746f6d204d616b>A
-<658c6c6520666f7220796f757220656e>-.1 E<7669726f6e6d656e742e>-.4 E<4966
-20796f752061726520696e7374616c6c696e6720696e20746865207374616e6461726420
-706c616365732c20796f752073686f756c642062652061626c6520746f20696e7374616c
-6c207573696e67>142 526.8 Q<2e2f4275696c6420696e7374616c6c>157 543 Q
-3.346<546869732073686f756c6420696e7374616c6c207468652062696e61727920696e
-202f7573722f7362696e20616e6420637265617465206c696e6b732066726f6d202f7573
-722f62696e2f6e65>117 559.2 R -.1<7761>-.25 G 3.345<6c696173657320616e64>
-.1 F .28<2f7573722f62696e2f6d61696c7120746f202f7573722f7362696e2f73656e
-646d61696c2e>117 571.2 R .281<4f6e206d6f73742073797374656d73206974207769
-6c6c20616c736f20666f726d617420616e6420696e7374616c6c206d616e207061676573
-2e>5.28 F 1.056<4e6f746963653a206173206f662076>117 583.2 R 1.056
-<657273696f6e20382e3132>-.15 F F1<73656e646d61696c>3.556 E F2 1.056<7769
-6c6c206e6f206c6f6e67657220626520696e7374616c6c6564207365742d75736572>
-3.556 F 1.056<2d494420726f6f7420627920646566>-.2 F 3.556
-<61756c742e204966>-.1 F<796f75207265616c6c792077>117 595.2 Q<616e742074
-6f2075736520746865206f6c64206d6574686f642c20796f752063616e20737065636966
-7920697420617320746172>-.1 E<6765743a>-.18 E
-<2e2f4275696c6420696e7374616c6c2d7365742d75736572>157 611.4 Q<2d6964>-.2
-E F0 2.5<312e322e20436f6e8c6775726174696f6e>87 639.6 R<46696c6573>2.5 E
-F1<53656e646d61696c>127 655.8 Q F2 2.079<63616e6e6f74206f70657261746520
-776974686f7574206120636f6e8c6775726174696f6e208c6c652e>4.579 F 2.079
-<54686520636f6e8c6775726174696f6e2064658c6e657320746865206d61696c>7.079
-F<64656c69>102 667.8 Q -.15<7665>-.25 G .889<7279206d656368616e69736d73
-20756e64657273746f6f64206174207468697320736974652c20686f>.15 F 3.389
-<7774>-.25 G 3.389<6f61>-3.389 G .889<6363657373207468656d2c20686f>
--3.389 F 3.388<7774>-.25 G 3.388<6f66>-3.388 G<6f7277>-3.388 E .888
-<61726420656d61696c20746f2072656d6f7465>-.1 F .088<6d61696c207379737465
-6d732c20616e642061206e756d626572206f662074756e696e6720706172616d65746572
-732e>102 679.8 R .088<5468697320636f6e8c6775726174696f6e208c6c6520697320
-64657461696c656420696e20746865206c6174657220706f72>5.088 F<2d>-.2 E
-<74696f6e206f66207468697320646f63756d656e742e>102 691.8 Q<546865>127 708
-Q F1<73656e646d61696c>2.764 E F2 .264<636f6e8c6775726174696f6e2063616e20
-6265206461756e74696e67206174208c7273742e>2.764 F .264<5468652077>5.264 F
-.264<6f726c6420697320636f6d706c65>-.1 F .264
-<782c20616e6420746865206d61696c20636f6e2d>-.15 F .108
-<8c6775726174696f6e2072658d6563747320746861742e>102 720 R .108
-<5468652064697374726962>5.108 F .109<7574696f6e20696e636c7564657320616e
-206d342d626173656420636f6e8c6775726174696f6e207061636b616765207468617420
-68696465732061206c6f74>-.2 F 0 Cg EP
+/F0 10/Times-Bold@0 SF 198.36(SMM:08-8 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E 2.5(1.1.3. T)102 96 R
+(weaking the Mak)-.74 E(e\214le)-.1 E/F1 10/Times-Italic@0 SF(Sendmail)
+142 112.2 Q/F2 10/Times-Roman@0 SF 2.181(supports tw)4.681 F 4.681(od)
+-.1 G(if)-4.681 E 2.181(ferent formats for the local \(on disk\) v)-.25
+F 2.18(ersion of databases,)-.15 F(notably the)117 124.2 Q F1(aliases)
+2.5 E F2 2.5(database. At)2.5 F
+(least one of these should be de\214ned if at all possible.)2.5 E 48.94
+(CDB Constant)117 140.4 R(DataBase \(tin)2.5 E(ycdb\).)-.15 E 39.5
+(NDBM The)117 156.6 R -.74(``)3.166 G(ne).74 E 3.166(wD)-.25 G(BM')
+-3.166 E 3.166('f)-.74 G .666(ormat, a)-3.166 F -.25(va)-.2 G .666
+(ilable on nearly all systems around today).25 F 5.667(.T)-.65 G(his)
+-5.667 E -.1(wa)189 168.6 S 3.541(st).1 G 1.041
+(he preferred format prior to 4.4BSD.)-3.541 F 1.041(It allo)6.041 F
+1.041(ws such comple)-.25 F 3.54(xt)-.15 G 1.04(hings as)-3.54 F
+(multiple databases and closing a currently open database.)189 180.6 Q
+32.84(NEWDB The)117 196.8 R(Berk)3.787 E(ele)-.1 E 3.787(yD)-.15 G 3.787
+(Bp)-3.787 G 3.787(ackage. If)-3.787 F 1.288(you ha)3.788 F 1.588 -.15
+(ve t)-.2 H 1.288(his, use it.).15 F 1.288(It allo)6.288 F 1.288
+(ws long records,)-.25 F 2.56
+(multiple open databases, real in-memory caching, and so forth.)189
+208.8 R -1.1(Yo)7.56 G 5.06(uc)1.1 G(an)-5.06 E .468
+(de\214ne this in conjunction with)189 220.8 R/F3 9/Times-Roman@0 SF
+(NDBM)2.968 E F2 2.968(;i)C 2.968(fy)-2.968 G .469
+(ou do, old alias databases are read,)-2.968 F -.2(bu)189 232.8 S 3.108
+(tw).2 G .608(hen a ne)-3.108 F 3.108(wd)-.25 G .608
+(atabase is created it will be in NEWDB format.)-3.108 F .608
+(As a nasty)5.608 F 1.803(hack, if you ha)189 244.8 R 2.104 -.15(ve N)
+-.2 H 1.804(EWDB, NDBM, and NIS de\214ned, and if the alias \214le).15 F
+.124(name includes the substring \231/yp/\232,)189 256.8 R F1(sendmail)
+2.623 E F2 .123(will create both ne)2.623 F 2.623(wa)-.25 G .123
+(nd old v)-2.623 F(er)-.15 E(-)-.2 E 1.08
+(sions of the alias \214le during a)189 268.8 R F1(ne)3.58 E(walias)-.15
+E F2 3.58(command. This)3.58 F 1.08(is required because)3.58 F .845
+(the Sun NIS/YP system reads the DBM v)189 280.8 R .845
+(ersion of the alias \214le.)-.15 F(It')5.845 E 3.345(su)-.55 G .845
+(gly as)-3.345 F(sin, b)189 292.8 Q(ut it w)-.2 E(orks.)-.1 E 1.112
+(If neither of these are de\214ned,)117 309 R F1(sendmail)3.612 E F2
+1.112(reads the alias \214le into memory on e)3.612 F -.15(ve)-.25 G
+1.112(ry in).15 F -.2(vo)-.4 G(cation.).2 E 1.043(This can be slo)117
+321 R 3.543(wa)-.25 G 1.043(nd should be a)-3.543 F -.2(vo)-.2 G 3.543
+(ided. There).2 F 1.043(are also se)3.543 F -.15(ve)-.25 G 1.042
+(ral methods for remote database).15 F(access:)117 333 Q(LD)117 349.2 Q
+43.79(AP Lightweight)-.4 F(Directory Access Protocol.)2.5 E 53.39
+(NIS Sun')117 365.4 R 2.5(sN)-.55 G(etw)-2.5 E
+(ork Information Services \(formerly YP\).)-.1 E 28.94(NISPLUS Sun')117
+381.6 R 2.5(sN)-.55 G(IS+ services.)-2.5 E 26.73(NETINFO NeXT')117 397.8
+R 2.5(sN)-.55 G(etInfo service.)-2.5 E 32.84(HESIOD Hesiod)117 414 R
+(service \(from Athena\).)2.5 E .085
+(Other compilation \215ags are set in)117 430.2 R F1(conf)2.585 E(.h)
+-.15 E F2 .086
+(and should be prede\214ned for you unless you are porting)2.586 F
+(to a ne)117 442.2 Q 2.5(we)-.25 G -.4(nv)-2.5 G 2.5(ironment. F).4 F
+(or more options see)-.15 E F1(sendmail/README)2.5 E F2(.)A F0 2.5
+(1.1.4. Compilation)102 466.2 R(and installation)2.5 E F2 .309
+(After making the local system con\214guration described abo)142 482.4 R
+-.15(ve)-.15 G 2.808(,Y).15 G .308(ou should be able to com-)-3.908 F
+(pile and install the system.)117 494.4 Q
+(The script \231Build\232 is the best approach on most systems:)5 E
+(./Build)157 510.6 Q(This will use)117 526.8 Q F1(uname)2.5 E F2
+(\(1\) to create a custom Mak)A(e\214le for your en)-.1 E(vironment.)-.4
+E(If you are installing in the standard places, you should be able to i\
+nstall using)142 543 Q(./Build install)157 559.2 Q 3.346(This should in\
+stall the binary in /usr/sbin and create links from /usr/bin/ne)117
+575.4 R -.1(wa)-.25 G 3.346(liases and).1 F .281
+(/usr/bin/mailq to /usr/sbin/sendmail.)117 587.4 R .281
+(On most systems it will also format and install man pages.)5.281 F
+1.056(Notice: as of v)117 599.4 R 1.056(ersion 8.12)-.15 F F1(sendmail)
+3.556 E F2 1.056(will no longer be installed set-user)3.556 F 1.056
+(-ID root by def)-.2 F 3.556(ault. If)-.1 F(you really w)117 611.4 Q
+(ant to use the old method, you can specify it as tar)-.1 E(get:)-.18 E
+(./Build install-set-user)157 627.6 Q(-id)-.2 E F0 2.5
+(1.2. Con\214guration)87 655.8 R(Files)2.5 E F1(Sendmail)127 672 Q F2
+2.079(cannot operate without a con\214guration \214le.)4.58 F 2.079
+(The con\214guration de\214nes the mail)7.079 F(deli)102 684 Q -.15(ve)
+-.25 G .888(ry mechanisms understood at this site, ho).15 F 3.389(wt)
+-.25 G 3.389(oa)-3.389 G .889(ccess them, ho)-3.389 F 3.389(wt)-.25 G
+3.389(of)-3.389 G(orw)-3.389 E .889(ard email to remote)-.1 F .088
+(mail systems, and a number of tuning parameters.)102 696 R .088
+(This con\214guration \214le is detailed in the later por)5.088 F(-)-.2
+E(tion of this document.)102 708 Q 0 Cg EP
%%Page: 9 5
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d39>200.86 E/F1
-10/Times-Roman@0 SF<6f662074686520636f6d706c65>102 96 Q<78697479>-.15 E
-5<2e53>-.65 G<6565>-5 E/F2 10/Times-Italic@0 SF<63662f524541444d45>2.5 E
-F1<666f722064657461696c732e>2.5 E .658<4f757220636f6e8c6775726174696f6e
-208c6c6573206172652070726f636573736564206279>127 112.2 R F2<6d34>3.158 E
-F1 .658<746f2066>3.158 F .657<6163696c6974617465206c6f63616c20637573746f
-6d697a6174696f6e3b20746865206469726563746f7279>-.1 F F2<6366>3.157 E F1
-.396<6f6620746865>102 124.2 R F2<73656e646d61696c>2.896 E F1
-<64697374726962>2.896 E .396<7574696f6e206469726563746f727920636f6e7461
-696e732074686520736f75726365208c6c65732e>-.2 F .396
-<54686973206469726563746f727920636f6e7461696e73207365>5.396 F -.15<7665>
--.25 G .397<72616c207375622d>.15 F<6469726563746f726965733a>102 136.2 Q
-61.73<636620426f7468>102 152.4 R .56<736974652d646570656e64656e7420616e
-6420736974652d696e646570656e64656e74206465736372697074696f6e73206f662068
-6f7374732e>3.06 F .56<54686573652063616e206265206c69742d>5.56 F .445
-<6572616c20686f7374206e616d65732028652e672e2c2099756362>174 164.4 R -.25
-<7661>-.15 G .445
-<782e6d639a29207768656e2074686520686f737473206172652067>.25 F<617465>
--.05 E -.1<7761>-.25 G .445<7973206f72206d6f72652067656e6572616c>.1 F
-.535<6465736372697074696f6e73202873756368206173209967656e657269632d736f
-6c61726973322e6d639a20617320612067656e6572616c206465736372697074696f6e20
-6f6620616e20534d54502d>174 176.4 R .93
-<636f6e6e656374656420686f73742072756e6e696e6720536f6c6172697320322e782e>
-174 188.4 R .93<46696c657320656e64696e67>5.93 F F0<2e6d63>3.43 E F1
-<2860>3.43 E .93<604d3420436f6e8c6775726174696f6e27>-.74 F .93
-<272920617265>-.74 F 1.785<74686520696e707574206465736372697074696f6e73
-3b20746865206f757470757420697320696e2074686520636f72726573706f6e64696e67>
-174 200.4 R F0<2e6366>4.285 E F1 4.285<8c6c652e20546865>4.285 F
-<67656e6572616c>4.285 E<737472756374757265206f66207468657365208c6c657320
-6973206465736372696265642062656c6f>174 212.4 Q -.65<772e>-.25 G 39.5
-<646f6d61696e20536974652d646570656e64656e74>102 228.6 R .428
-<737562646f6d61696e206465736372697074696f6e732e>2.928 F .428
-<546865736520617265207469656420746f207468652077>5.428 F .428
-<617920796f7572206f72>-.1 F -.05<6761>-.18 G<6e697a612d>.05 E .777
-<74696f6e2077>174 240.6 R .777
-<616e747320746f20646f2061646472657373696e672e>-.1 F -.15<466f>5.777 G
-3.277<7265>.15 G<78616d706c652c>-3.427 E F0
-<646f6d61696e2f43532e4265726b>3.276 E<656c6579>-.1 E<2e454455>-.7 E
-<2e6d34>-.5 E F1 .776<6973206f7572>3.276 F 1.188<6465736372697074696f6e
-20666f7220686f73747320696e207468652043532e4265726b>174 252.6 R<656c65>
--.1 E -.65<792e>-.15 G 1.188<45445520737562646f6d61696e2e>.65 F 1.188
-<546865736520617265207265666572656e636564>6.188 F<7573696e6720746865>174
-264.6 Q/F3 9/Times-Roman@0 SF<444f4d41494e>2.5 E F0<6d34>2.5 E F1
-<6d6163726f20696e20746865>2.5 E F0<2e6d63>2.5 E F1<8c6c652e>2.5 E 41.74
-<666561747572652044658c6e6974696f6e73>102 280.8 R .728<6f66207370656369
-8c63206665617475726573207468617420736f6d6520706172746963756c617220686f73
-7420696e20796f75722073697465206d696768742077>3.229 F<616e742e>-.1 E
-2.466<546865736520617265207265666572656e636564207573696e6720746865>174
-292.8 R F3<464541>4.966 E<54555245>-.999 E F0<6d34>4.966 E F1 4.966
-<6d6163726f2e20416e>4.966 F -.15<6578>4.967 G 2.467
-<616d706c652066656174757265206973>.15 F 1.764
-<7573655f63775f8c6c65202877686963682074656c6c73>174 304.8 R F2
-<73656e646d61696c>4.264 E F1 1.763<746f207265616420616e202f6574632f6d61
-696c2f6c6f63616c2d686f73742d6e616d6573208c6c65206f6e>4.263 F<7374617274
-757020746f208c6e642074686520736574206f66206c6f63616c206e616d6573292e>174
-316.8 Q 50.62<6861636b204c6f63616c>102 333 R 1.886
-<6861636b732c207265666572656e636564207573696e6720746865>4.386 F F3<4841>
-4.386 E<434b>-.36 E F0<6d34>4.386 E F1 4.386<6d6163726f2e2054>4.386 F
-1.886<727920746f2061>-.35 F -.2<766f>-.2 G 1.886<69642074686573652e>.2 F
-<546865>6.887 E<706f696e74206f66206861>174 345 Q
-<76696e67207468656d206865726520697320746f206d616b>-.2 E 2.5<6569>-.1 G
-2.5<7463>-2.5 G<6c656172207468617420746865>-2.5 E 2.5<7973>-.15 G
-<6d656c6c2e>-2.5 E 56.72<6d3420536974652d696e646570656e64656e74>102
-361.2 R F2<6d34>2.538 E F1 .038
-<28312920696e636c756465208c6c65732074686174206861>B .338 -.15<76652069>
--.2 H .038
-<6e666f726d6174696f6e20636f6d6d6f6e20746f20616c6c20636f6e8c67752d>.15 F
-<726174696f6e208c6c65732e>174 373.2 Q<546869732063616e2062652074686f7567
-6874206f662061732061209923696e636c7564659a206469726563746f7279>5 E<2e>
--.65 E 43.95<6d61696c65722044658c6e6974696f6e73>102 389.4 R .152
-<6f66206d61696c6572732c207265666572656e636564207573696e6720746865>2.652
-F F3<4d41494c4552>2.652 E F0<6d34>2.652 E F1 2.652<6d6163726f2e20546865>
-2.652 F .153<6d61696c6572207479706573>2.652 F 1.787
-<7468617420617265206b6e6f>174 401.4 R 1.787
-<776e20696e20746869732064697374726962>-.25 F 1.787
-<7574696f6e206172652066>-.2 F 1.787
-<61782c206c6f63616c2c20736d74702c20757563702c20616e64207573656e65742e>
--.1 F -.15<466f>6.786 G<72>.15 E -.15<6578>174 413.4 S<616d706c652c2074
-6f20696e636c75646520737570706f727420666f722074686520555543502d6261736564
-206d61696c6572732c2075736520994d41494c45522875756370299a2e>.15 E 43.39
-<6f73747970652044658c6e6974696f6e73>102 429.6 R 1.156
-<64657363726962696e672076>3.656 F 1.157
-<6172696f7573206f7065726174696e672073797374656d20656e>-.25 F 1.157
-<7669726f6e6d656e747320287375636820617320746865206c6f63612d>-.4 F
-<74696f6e206f6620737570706f7274208c6c6573292e>174 441.6 Q
-<546865736520617265207265666572656e636564207573696e6720746865>5 E F3
-<4f5354595045>2.5 E F0<6d34>2.5 E F1<6d6163726f2e>2.5 E 60.61
-<7368205368656c6c>102 457.8 R<8c6c6573207573656420627920746865>2.5 E F0
-<6d34>2.5 E F1 -.2<6275>2.5 G<696c642070726f636573732e>.2 E -1.1<596f>5
-G 2.5<7573>1.1 G<686f756c646e27>-2.5 E 2.5<7468>-.18 G -2.25 -.2
-<61762065>-2.5 H<746f206d65737320776974682074686573652e>2.7 E 30.61
-<73697465636f6e8c67204c6f63616c>102 474 R .251
-<5555435020636f6e6e65637469>2.751 F .251
-<7669747920696e666f726d6174696f6e2e>-.25 F .251<54686973206469726563746f
-727920686173206265656e20737570706c616e74656420627920746865>5.251 F 1.076
-<6d61696c65727461626c6520666561747572653b20616e>174 486 R 3.576<796e>
--.15 G 1.576 -.25<65772063>-3.576 H 1.077<6f6e8c6775726174696f6e73207368
-6f756c64207573652074686174206665617475726520746f20646f2055554350>.25 F
-<28616e64206f746865722920726f7574696e672e>174 498 Q<54686520757365206f66
-2074686973206469726563746f727920697320646570726563617465642e>5 E .757
-<496620796f752061726520696e2061206e65>127 514.2 R 3.257<7764>-.25 G .757
-<6f6d61696e2028652e672e2c206120636f6d70616e>-3.257 F .756
-<79292c20796f752077696c6c2070726f6261626c792077>-.15 F .756
-<616e7420746f2063726561746520612063662f646f6d61696e>-.1 F .05
-<8c6c6520666f7220796f757220646f6d61696e2e>102 526.2 R .051<546869732063
-6f6e7369737473207072696d6172696c79206f662072656c61792064658c6e6974696f6e
-7320616e6420666561747572657320796f752077>5.05 F .051
-<616e7420656e61626c656420736974652d>-.1 F .916<776964653a20666f722065>
-102 538.2 R .916<78616d706c652c204265726b>-.15 F<656c65>-.1 E<7927>-.15
-E 3.416<7364>-.55 G .915<6f6d61696e2064658c6e6974696f6e2064658c6e657320
-72656c61797320666f72204269744e455420616e642055554350>-3.416 F 5.915
-<2e54>-1.11 G .915<6865736520617265>-5.915 F 1.519
-<73706563698c6320746f204265726b>102 550.2 R<656c65>-.1 E 2.819 -.65
-<792c2061>-.15 H 1.519<6e642073686f756c642062652066756c6c792d7175616c69
-8c656420696e7465726e65742d7374796c6520646f6d61696e206e616d65732e>.65 F
-1.52<506c6561736520636865636b20746f>6.519 F<6d616b>102 562.2 Q 2.5<6563>
--.1 G<65727461696e20746865>-2.5 E 2.5<7961>-.15 G
-<726520726561736f6e61626c6520666f7220796f757220646f6d61696e2e>-2.5 E
-1.407<537562646f6d61696e73206174204265726b>127 578.4 R<656c65>-.1 E
-3.907<7961>-.15 G 1.407<726520616c736f20726570726573656e74656420696e2074
-68652063662f646f6d61696e206469726563746f7279>-3.907 F 6.406<2e46>-.65 G
-1.406<6f722065>-6.556 F 1.406<78616d706c652c20746865>-.15 F .356
-<646f6d61696e2043532e4265726b>102 590.4 R<656c65>-.1 E -.65<792e>-.15 G
-.356<4544552069732074686520436f6d707574657220536369656e636520737562646f
-6d61696e2c20454543532e4265726b>.65 F<656c65>-.1 E -.65<792e>-.15 G .356
-<4544552069732074686520456c65637472692d>.65 F 1.278<63616c20456e67696e65
-6572696e6720616e6420436f6d707574657220536369656e63657320737562646f6d6169
-6e2c20616e642053324b2e4265726b>102 602.4 R<656c65>-.1 E -.65<792e>-.15 G
-1.278<4544552069732074686520536571756f69612032303030>.65 F 4.003
-<737562646f6d61696e2e2059>102 614.4 R 1.503
-<6f752077696c6c2070726f6261626c79206861>-1.1 F 1.804 -.15<76652074>-.2 H
-4.004<6f61>.15 G 1.504<646420616e20656e74727920746f20746869732064697265
-63746f727920746f20626520617070726f70726961746520666f7220796f7572>-4.004
-F<646f6d61696e2e>102 626.4 Q -1.1<596f>127 642.6 S 4.373<7577>1.1 G
-1.873<696c6c206861>-4.373 F 2.173 -.15<76652074>-.2 H 4.373<6f75>.15 G
-1.873<7365206f7220637265617465>-4.373 F F0<2e6d63>4.372 E F1 1.872
-<8c6c657320696e20746865>4.372 F F2<63662f6366>4.372 E F1 1.872
-<7375626469726563746f727920666f7220796f757220686f7374732e>4.372 F 1.872
-<54686973206973>6.872 F
-<64657461696c656420696e207468652063662f524541444d45208c6c652e>102 654.6
-Q F0 2.5<312e332e2044657461696c73>87 678.6 R
-<6f6620496e7374616c6c6174696f6e2046696c6573>2.5 E F1<546869732073756273
-656374696f6e2064657363726962657320746865208c6c6573207468617420636f6d7072
-69736520746865>127 694.8 Q F2<73656e646d61696c>2.5 E F1
-<696e7374616c6c6174696f6e2e>2.5 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-9)200.86 E/F1 10/Times-Roman@0 SF(The)127 96 Q/F2 10
+/Times-Italic@0 SF(sendmail)2.764 E F1 .264
+(con\214guration can be daunting at \214rst.)2.764 F .264(The w)5.264 F
+.264(orld is comple)-.1 F .264(x, and the mail con-)-.15 F .109
+(\214guration re\215ects that.)102 108 R .109(The distrib)5.109 F .108
+(ution includes an m4-based con\214guration package that hides a lot)-.2
+F(of the comple)102 120 Q(xity)-.15 E 5(.S)-.65 G(ee)-5 E F2(cf/README)
+2.5 E F1(for details.)2.5 E .657
+(Our con\214guration \214les are processed by)127 136.2 R F2(m4)3.158 E
+F1 .658(to f)3.158 F .658(acilitate local customization; the directory)
+-.1 F F2(cf)3.158 E F1 .397(of the)102 148.2 R F2(sendmail)2.897 E F1
+(distrib)2.896 E .396(ution directory contains the source \214les.)-.2 F
+.396(This directory contains se)5.396 F -.15(ve)-.25 G .396(ral sub-).15
+F(directories:)102 160.2 Q 61.73(cf Both)102 176.4 R .56
+(site-dependent and site-independent descriptions of hosts.)3.06 F .56
+(These can be lit-)5.56 F .445(eral host names \(e.g., \231ucb)174 188.4
+R -.25(va)-.15 G .445(x.mc\232\) when the hosts are g).25 F(ate)-.05 E
+-.1(wa)-.25 G .445(ys or more general).1 F .535(descriptions \(such as \
+\231generic-solaris2.mc\232 as a general description of an SMTP-)174
+200.4 R .93(connected host running Solaris 2.x.)174 212.4 R .93
+(Files ending)5.93 F F0(.mc)3.43 E F1(\(`)3.43 E .93
+(`M4 Con\214guration')-.74 F .93('\) are)-.74 F 1.785
+(the input descriptions; the output is in the corresponding)174 224.4 R
+F0(.cf)4.285 E F1 4.285(\214le. The)4.285 F(general)4.285 E
+(structure of these \214les is described belo)174 236.4 Q -.65(w.)-.25 G
+39.5(domain Site-dependent)102 252.6 R .428(subdomain descriptions.)
+2.928 F .428(These are tied to the w)5.428 F .428(ay your or)-.1 F -.05
+(ga)-.18 G(niza-).05 E .776(tion w)174 264.6 R .776
+(ants to do addressing.)-.1 F -.15(Fo)5.777 G 3.277(re).15 G(xample,)
+-3.427 E F0(domain/CS.Berk)3.277 E(eley)-.1 E(.EDU)-.7 E(.m4)-.5 E F1
+.777(is our)3.277 F 1.188(description for hosts in the CS.Berk)174 276.6
+R(ele)-.1 E -.65(y.)-.15 G 1.188(EDU subdomain.).65 F 1.187
+(These are referenced)6.188 F(using the)174 288.6 Q/F3 9/Times-Roman@0
+SF(DOMAIN)2.5 E F0(m4)2.5 E F1(macro in the)2.5 E F0(.mc)2.5 E F1
+(\214le.)2.5 E 41.74(feature De\214nitions)102 304.8 R .728
+(of speci\214c features that some particular host in your site might w)
+3.228 F(ant.)-.1 E 2.467(These are referenced using the)174 316.8 R F3
+(FEA)4.966 E(TURE)-.999 E F0(m4)4.966 E F1 4.966(macro. An)4.966 F -.15
+(ex)4.966 G 2.466(ample feature is).15 F 1.763
+(use_cw_\214le \(which tells)174 328.8 R F2(sendmail)4.263 E F1 1.764
+(to read an /etc/mail/local-host-names \214le on)4.263 F
+(startup to \214nd the set of local names\).)174 340.8 Q 50.62
+(hack Local)102 357 R 1.886(hacks, referenced using the)4.387 F F3(HA)
+4.386 E(CK)-.36 E F0(m4)4.386 E F1 4.386(macro. T)4.386 F 1.886(ry to a)
+-.35 F -.2(vo)-.2 G 1.886(id these.).2 F(The)6.886 E(point of ha)174 369
+Q(ving them here is to mak)-.2 E 2.5(ei)-.1 G 2.5(tc)-2.5 G
+(lear that the)-2.5 E 2.5(ys)-.15 G(mell.)-2.5 E 56.72
+(m4 Site-independent)102 385.2 R F2(m4)2.538 E F1 .038
+(\(1\) include \214les that ha)B .338 -.15(ve i)-.2 H .038
+(nformation common to all con\214gu-).15 F(ration \214les.)174 397.2 Q
+(This can be thought of as a \231#include\232 directory)5 E(.)-.65 E
+43.95(mailer De\214nitions)102 413.4 R .152
+(of mailers, referenced using the)2.653 F F3(MAILER)2.652 E F0(m4)2.652
+E F1 2.652(macro. The)2.652 F .152(mailer types)2.652 F 1.786
+(that are kno)174 425.4 R 1.787(wn in this distrib)-.25 F 1.787
+(ution are f)-.2 F 1.787(ax, local, smtp, uucp, and usenet.)-.1 F -.15
+(Fo)6.787 G(r).15 E -.15(ex)174 437.4 S(ample, to include support for t\
+he UUCP-based mailers, use \231MAILER\(uucp\)\232.).15 E 43.39
+(ostype De\214nitions)102 453.6 R 1.157(describing v)3.657 F 1.157
+(arious operating system en)-.25 F 1.156(vironments \(such as the loca-)
+-.4 F(tion of support \214les\).)174 465.6 Q
+(These are referenced using the)5 E F3(OSTYPE)2.5 E F0(m4)2.5 E F1
+(macro.)2.5 E 60.61(sh Shell)102 481.8 R(\214les used by the)2.5 E F0
+(m4)2.5 E F1 -.2(bu)2.5 G(ild process.).2 E -1.1(Yo)5 G 2.5(us)1.1 G
+(houldn')-2.5 E 2.5(th)-.18 G -2.25 -.2(av e)-2.5 H(to mess with these.)
+2.7 E 30.61(sitecon\214g Local)102 498 R .251(UUCP connecti)2.751 F .251
+(vity information.)-.25 F .251
+(This directory has been supplanted by the)5.251 F 1.077
+(mailertable feature; an)174 510 R 3.577(yn)-.15 G 1.577 -.25(ew c)
+-3.577 H 1.076(on\214gurations should use that feature to do UUCP).25 F
+(\(and other\) routing.)174 522 Q
+(The use of this directory is deprecated.)5 E .756(If you are in a ne)
+127 538.2 R 3.256(wd)-.25 G .756(omain \(e.g., a compan)-3.256 F .757
+(y\), you will probably w)-.15 F .757(ant to create a cf/domain)-.1 F
+.051(\214le for your domain.)102 550.2 R .051
+(This consists primarily of relay de\214nitions and features you w)5.051
+F .05(ant enabled site-)-.1 F .915(wide: for e)102 562.2 R .915
+(xample, Berk)-.15 F(ele)-.1 E(y')-.15 E 3.415(sd)-.55 G .915
+(omain de\214nition de\214nes relays for BitNET and UUCP)-3.415 F 5.916
+(.T)-1.11 G .916(hese are)-5.916 F 1.52(speci\214c to Berk)102 574.2 R
+(ele)-.1 E 2.819 -.65(y, a)-.15 H 1.519
+(nd should be fully-quali\214ed internet-style domain names.).65 F 1.519
+(Please check to)6.519 F(mak)102 586.2 Q 2.5(ec)-.1 G(ertain the)-2.5 E
+2.5(ya)-.15 G(re reasonable for your domain.)-2.5 E 1.406
+(Subdomains at Berk)127 602.4 R(ele)-.1 E 3.906(ya)-.15 G 1.407
+(re also represented in the cf/domain directory)-3.906 F 6.407(.F)-.65 G
+1.407(or e)-6.557 F 1.407(xample, the)-.15 F .356(domain CS.Berk)102
+614.4 R(ele)-.1 E -.65(y.)-.15 G .356
+(EDU is the Computer Science subdomain, EECS.Berk).65 F(ele)-.1 E -.65
+(y.)-.15 G .356(EDU is the Electri-).65 F 1.278
+(cal Engineering and Computer Sciences subdomain, and S2K.Berk)102 626.4
+R(ele)-.1 E -.65(y.)-.15 G 1.278(EDU is the Sequoia 2000).65 F 4.004
+(subdomain. Y)102 638.4 R 1.504(ou will probably ha)-1.1 F 1.804 -.15
+(ve t)-.2 H 4.004(oa).15 G 1.504
+(dd an entry to this directory to be appropriate for your)-4.004 F
+(domain.)102 650.4 Q -1.1(Yo)127 666.6 S 4.372(uw)1.1 G 1.872(ill ha)
+-4.372 F 2.172 -.15(ve t)-.2 H 4.372(ou).15 G 1.872(se or create)-4.372
+F F0(.mc)4.372 E F1 1.872(\214les in the)4.372 F F2(cf/cf)4.372 E F1
+1.873(subdirectory for your hosts.)4.373 F 1.873(This is)6.873 F
+(detailed in the cf/README \214le.)102 678.6 Q 0 Cg EP
%%Page: 10 6
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d31302053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-2.5<312e332e312e202f7573722f7362696e2f73656e646d61696c>102 96 R/F1 10
-/Times-Roman@0 SF 1.832<5468652062696e61727920666f72>142 114.2 R/F2 10
-/Times-Italic@0 SF<73656e646d61696c>4.332 E F1 1.832
-<6973206c6f636174656420696e202f7573722f7362696e>4.332 F/F3 7
-/Times-Roman@0 SF<31>-4 I F1 6.831<2e49>4 K 4.331<7473>-6.831 G 1.831
-<686f756c64206265207365742d67726f75702d494420736d6d7370206173>-4.331 F
-.644<64657363726962656420696e2073656e646d61696c2f5345435552495459>117
-126.2 R 5.644<2e46>-1.29 G .644
-<6f7220736563757269747920726561736f6e732c202f2c202f757372>-5.794 F 3.144
-<2c61>-.4 G .644<6e64202f7573722f7362696e2073686f756c64206265206f>-3.144
-F<776e6564>-.25 E<627920726f6f742c206d6f64652030373535>117 140.2 Q F3
-<32>-4 I F1<2e>4 I F0 2.5
-<312e332e322e202f6574632f6d61696c2f73656e646d61696c2e6366>102 164.2 R F1
-.89<5468697320697320746865206d61696e20636f6e8c6775726174696f6e208c6c6520
-666f72>142 182.4 R F2<73656e646d61696c>3.389 E F3<33>-4 I F1 5.889<2e54>
-4 K .889<686973206973206f6e65206f6620746865207477>-5.889 F 3.389<6f6e>
--.1 G .889<6f6e2d6c696272617279208c6c65>-3.389 F
-<6e616d657320636f6d70696c656420696e746f>117 196.4 Q F2<73656e646d61696c>
-2.5 E F3<34>-4 I F1 2.5<2c74>4 K
-<6865206f74686572206973202f6574632f6d61696c2f7375626d69742e63662e>-2.5 E
-.721<54686520636f6e8c6775726174696f6e208c6c65206973206e6f726d616c6c7920
-63726561746564207573696e67207468652064697374726962>142 212.6 R .721
-<7574696f6e208c6c6573206465736372696265642061626f>-.2 F -.15<7665>-.15 G
-5.72<2e49>.15 G<66>-5.72 E .64<796f75206861>117 224.6 R .94 -.15
-<766520612070>-.2 H .64<6172746963756c61726c7920756e757375616c2073797374
-656d20636f6e8c6775726174696f6e20796f75206d6179206e65656420746f2063726561
-74652061207370656369616c2076>.15 F<657273696f6e2e>-.15 E<54686520666f72
-6d6174206f662074686973208c6c652069732064657461696c656420696e206c61746572
-2073656374696f6e73206f66207468697320646f63756d656e742e>117 236.6 Q F0
-2.5<312e332e332e202f6574632f6d61696c2f7375626d69742e6366>102 260.6 R F1
-.911<546869732069732074686520636f6e8c6775726174696f6e208c6c6520666f72>
-142 276.8 R F2<73656e646d61696c>3.411 E F1 .91<7768656e2069742069732075
-73656420666f7220696e697469616c206d61696c207375626d697373696f6e2c20696e>
-3.411 F 1.004
-<7768696368206361736520697420697320616c736f2063616c6c65642060>117 288.8
-R 1.004<604d61696c205375626d697373696f6e2050726f6772616d27>-.74 F 3.504
-<2728>-.74 G 1.005<4d53502920696e20636f6e747261737420746f2060>-3.504 F
-1.005<604d61696c2054>-.74 F<72616e73666572>-.35 E<4167656e7427>117 300.8
-Q 3.87<2728>-.74 G<4d54>-3.87 E 3.87<41292e205374617274696e67>-.93 F
-1.37<776974682076>3.87 F 1.37<657273696f6e20382e31322c>-.15 F F2
-<73656e646d61696c>3.87 E F1 1.37<75736573206f6e65206f66207477>3.87 F
-3.87<6f64>-.1 G<6966>-3.87 E 1.37
-<666572656e7420636f6e8c6775726174696f6e>-.25 F .051<8c6c6573206261736564
-206f6e20697473206f7065726174696f6e206d6f646520286f7220746865206e65>117
-312.8 R<77>-.25 E F0<ad41>2.552 E F1 2.552<6f7074696f6e292e2046>2.552 F
-.052<6f7220696e697469616c206d61696c207375626d697373696f6e2c20692e652e2c
-206966206f6e65>-.15 F .952<6f6620746865206f7074696f6e73>117 324.8 R F0
-<ad626d>3.452 E F1<28646566>3.452 E<61756c74292c>-.1 E F0<ad6273>3.451 E
-F1 3.451<2c6f>C<72>-3.451 E F0<ad74>3.451 E F1 .951<69732073706563698c65
-642c207375626d69742e63662069732075736564202869662061>3.451 F -.25<7661>
--.2 G .951<696c61626c65292c20666f72206f74686572>.25 F 2.28
-<6f7065726174696f6e732073656e646d61696c2e636620697320757365642e>117
-336.8 R 2.28<44657461696c732063616e20626520666f756e6420696e>7.28 F F2
-<73656e646d61696c2f5345435552495459>4.78 E F1 7.28<2e73>C 2.28
-<75626d69742e6366206973>-7.28 F .014<7368697070656420776974682073656e64
-6d61696c2028696e2063662f63662f2920616e6420697320696e7374616c6c6564206279
-20646566>117 348.8 R 2.514<61756c742e204966>-.1 F .014
-<6368616e67657320746f2074686520636f6e8c6775726174696f6e206e656564>2.514
-F<746f206265206d6164652c20737461727420776974682063662f63662f7375626d6974
-2e6d6320616e6420666f6c6c6f>117 360.8 Q 2.5<7774>-.25 G
-<686520696e737472756374696f6e20696e2063662f524541444d452e>-2.5 E F0 2.5
-<312e332e342e202f7573722f62696e2f6e6577616c6961736573>102 384.8 R F1
-<546865>142 401 Q F2<6e65>2.5 E<77616c6961736573>-.15 E F1
-<636f6d6d616e642073686f756c64206a7573742062652061206c696e6b20746f>2.5 E
-F2<73656e646d61696c>2.5 E F1<3a>A<726d20ad66202f7573722f62696e2f6e65>157
-417.2 Q -.1<7761>-.25 G<6c6961736573>.1 E<6c6e20ad73202f7573722f7362696e
-2f73656e646d61696c202f7573722f62696e2f6e65>157 429.2 Q -.1<7761>-.25 G
-<6c6961736573>.1 E
-<546869732063616e20626520696e7374616c6c656420696e207768617465>117 445.4
-Q -.15<7665>-.25 G 2.5<7273>.15 G<6561726368207061746820796f752070726566
-657220666f7220796f75722073797374656d2e>-2.5 E F0 2.5
-<312e332e352e202f7573722f62696e2f686f737473746174>102 469.4 R F1<546865>
-142 485.6 Q F2<686f737473746174>5.844 E F1 3.344
-<636f6d6d616e642073686f756c64206a7573742062652061206c696e6b20746f>5.844
-F F2<73656e646d61696c>5.844 E F1 5.844<2c69>C 5.845<6e6166>-5.844 G
-3.345<617368696f6e2073696d696c617220746f>-5.945 F F2<6e65>117 497.6 Q
-<77616c6961736573>-.15 E F1 6.444<2e54>C 1.444<68697320636f6d6d616e6420
-6c697374732074686520737461747573206f6620746865206c617374206d61696c207472
-616e73616374696f6e207769746820616c6c2072656d6f746520686f7374732e>-6.444
-F<546865>117 509.6 Q F0<ad76>3.856 E F1 1.356<8d61672077696c6c20707265>
-3.856 F -.15<7665>-.25 G 1.357<6e74207468652073746174757320646973706c61
-792066726f6d206265696e67207472756e63617465642e>.15 F 1.357
-<49742066756e6374696f6e73206f6e6c79207768656e20746865>6.357 F F0
-<486f7374537461747573446972>117 521.6 Q<6563746f7279>-.18 E F1
-<6f7074696f6e206973207365742e>2.5 E F0 2.5
-<312e332e362e202f7573722f62696e2f707572>102 545.6 R<676573746174>-.1 E
-F1 .187<5468697320636f6d6d616e6420697320616c736f2061206c696e6b20746f>142
-561.8 R F2<73656e646d61696c>2.687 E F1 5.187<2e49>C 2.686<748d>-5.187 G
-.186<75736865732065>-2.686 F .186<787069726564202854>-.15 F .186
-<696d656f75742e686f73747374617475732920696e666f726d612d>-.35 F
-<74696f6e20746861742069732073746f72656420696e20746865>117 573.8 Q F0
-<486f7374537461747573446972>2.5 E<6563746f7279>-.18 E F1<747265652e>2.5
-E .32 LW 76 583.4 72 583.4 DL 80 583.4 76 583.4 DL 84 583.4 80 583.4 DL
-88 583.4 84 583.4 DL 92 583.4 88 583.4 DL 96 583.4 92 583.4 DL 100 583.4
-96 583.4 DL 104 583.4 100 583.4 DL 108 583.4 104 583.4 DL 112 583.4 108
-583.4 DL 116 583.4 112 583.4 DL 120 583.4 116 583.4 DL 124 583.4 120
-583.4 DL 128 583.4 124 583.4 DL 132 583.4 128 583.4 DL 136 583.4 132
-583.4 DL 140 583.4 136 583.4 DL 144 583.4 140 583.4 DL 148 583.4 144
-583.4 DL 152 583.4 148 583.4 DL 156 583.4 152 583.4 DL 160 583.4 156
-583.4 DL 164 583.4 160 583.4 DL 168 583.4 164 583.4 DL 172 583.4 168
-583.4 DL 176 583.4 172 583.4 DL 180 583.4 176 583.4 DL 184 583.4 180
-583.4 DL 188 583.4 184 583.4 DL 192 583.4 188 583.4 DL 196 583.4 192
-583.4 DL 200 583.4 196 583.4 DL 204 583.4 200 583.4 DL 208 583.4 204
-583.4 DL 212 583.4 208 583.4 DL 216 583.4 212 583.4 DL/F4 5
-/Times-Roman@0 SF<31>93.6 593.8 Q/F5 8/Times-Roman@0 SF .384<5468697320
-697320757375616c6c79202f7573722f7362696e206f6e20342e3442534420616e64206e
-65>3.2 J .384<7765722073797374656d733b206d616e>-.2 F 2.385<7973>-.12 G
-.385<797374656d7320696e7374616c6c20697420696e202f7573722f6c6962>-2.385 F
-4.385<2e49>-.32 G .385
-<756e6465727374616e6420697420697320696e202f7573722f7563626c6962206f6e>-2
-F<53797374656d20562052656c6561736520342e>72 606.6 Q F4<32>93.6 617 Q F5
-.15<536f6d652076>3.2 J .15<656e646f72732073686970207468656d206f>-.12 F
-.15<776e65642062792062696e3b20746869732063726561746573206120736563757269
-747920686f6c652074686174206973206e6f742061637475616c6c792072656c61746564
-20746f>-.2 F/F6 8/Times-Italic@0 SF<73656e646d61696c>2.15 E F5 4.15
-<2e4f>C .149<7468657220696d706f7274616e742064692d>-4.15 F
-<726563746f7269657320746861742073686f756c64206861>72 629.8 Q .24 -.12
-<76652072>-.16 H<6573747269637469>.12 E .24 -.12<7665206f>-.2 H<776e6572
-736869707320616e64207065726d697373696f6e7320617265202f62696e2c202f757372
-2f62696e2c202f6574632c202f6574632f6d61696c2c202f7573722f6574632c202f6c69
-622c20616e64202f7573722f6c6962>-.08 E<2e>-.32 E F4<33>93.6 640.2 Q F5
-<41637475616c6c79>3.2 I 2.332<2c74>-.52 G .332
-<686520706174686e616d652076>-2.332 F .332<617269657320646570656e64696e67
-206f6e20746865206f7065726174696e672073797374656d3b202f6574632f6d61696c20
-69732074686520707265666572726564206469726563746f7279>-.2 F 4.332<2e53>
--.52 G .332<6f6d65206f6c6465722073797374656d7320696e2d>-4.332 F 1.487
-<7374616c6c20697420696e>72 653 R/F7 8/Times-Bold@0 SF
-<2f7573722f6c69622f73656e646d61696c2e6366>3.487 E F5 3.487<2c61>C 1.487
-<6e64204927>-3.487 F 1.727 -.12<76652061>-.4 H 1.486
-<6c736f207365656e20697420696e>.12 F F7<2f7573722f7563626c6962>3.486 E F5
-5.486<2e49>C 3.486<6679>-5.486 G 1.486<6f752077>-3.486 F 1.486
-<616e7420746f206d6f>-.08 F 1.726 -.12<76652074>-.12 H 1.486
-<686973208c6c652c20616464202d445f50>.12 F -.888<4154>-.736 G
-<485f53454e444d41494c2d>.888 E .093<43463d5c222f8c6c652f6e616d655c222074
-6f20746865208d6167732070617373656420746f20746865204320636f6d70696c6572>
-72 662.6 R 4.093<2e4d>-.44 G -.12<6f76>-4.093 G .093<696e67207468697320
-8c6c65206973206e6f74207265636f6d6d656e6465643a206f746865722070726f677261
-6d7320616e642073637269707473206b6e6f>.12 F 2.093<776f>-.2 G 2.093<6674>
--2.093 G<686973>-2.093 E<6c6f636174696f6e2e>72 672.2 Q F4<34>93.6 682.6
-Q F5 .588<5468652073797374656d206c69627261726965732063616e20726566657265
-6e6365206f74686572208c6c65733b20696e20706172746963756c6172>3.2 J 2.589
-<2c73>-.32 G .589
-<797374656d206c69627261727920737562726f7574696e65732074686174>-2.589 F
-F6<73656e646d61696c>2.589 E F5 .589
-<63616c6c732070726f6261626c79207265666572656e6365>2.589 F F6
-<2f6574632f706173737764>72 695.4 Q F5<616e64>2 E F6<2f6574632f72>2 E
-<65736f6c76>-.296 E<2e636f6e66>-.592 E F5<2e>A 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-10 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E 2.5(1.3. Details)87 96 R
+(of Installation Files)2.5 E/F1 10/Times-Roman@0 SF
+(This subsection describes the \214les that comprise the)127 112.2 Q/F2
+10/Times-Italic@0 SF(sendmail)2.5 E F1(installation.)2.5 E F0 2.5
+(1.3.1. /usr/sbin/sendmail)102 136.2 R F1 1.831(The binary for)142 154.4
+R F2(sendmail)4.331 E F1 1.831(is located in /usr/sbin)4.331 F/F3 7
+/Times-Roman@0 SF(1)-4 I F1 6.832(.I)4 K 4.332(ts)-6.832 G 1.832
+(hould be set-group-ID smmsp as)-4.332 F .645
+(described in sendmail/SECURITY)117 166.4 R 5.644(.F)-1.29 G .644
+(or security reasons, /, /usr)-5.794 F 3.144(,a)-.4 G .644
+(nd /usr/sbin should be o)-3.144 F(wned)-.25 E(by root, mode 0755)117
+180.4 Q F3(2)-4 I F1(.)4 I F0 2.5(1.3.2. /etc/mail/sendmail.cf)102 204.4
+R F1 .889(This is the main con\214guration \214le for)142 222.6 R F2
+(sendmail)3.389 E F3(3)-4 I F1 5.889(.T)4 K .89(his is one of the tw)
+-5.889 F 3.39(on)-.1 G .89(on-library \214le)-3.39 F
+(names compiled into)117 236.6 Q F2(sendmail)2.5 E F3(4)-4 I F1 2.5(,t)4
+K(he other is /etc/mail/submit.cf.)-2.5 E .721
+(The con\214guration \214le is normally created using the distrib)142
+252.8 R .721(ution \214les described abo)-.2 F -.15(ve)-.15 G 5.721(.I)
+.15 G(f)-5.721 E .64(you ha)117 264.8 R .94 -.15(ve a p)-.2 H .64(artic\
+ularly unusual system con\214guration you may need to create a special \
+v).15 F(ersion.)-.15 E(The format of this \214le is detailed in later s\
+ections of this document.)117 276.8 Q F0 2.5(1.3.3. /etc/mail/submit.cf)
+102 300.8 R F1 .91(This is the con\214guration \214le for)142 317 R F2
+(sendmail)3.411 E F1 .911
+(when it is used for initial mail submission, in)3.411 F 1.005
+(which case it is also called `)117 329 R 1.004
+(`Mail Submission Program')-.74 F 3.504('\()-.74 G 1.004
+(MSP\) in contrast to `)-3.504 F 1.004(`Mail T)-.74 F(ransfer)-.35 E
+(Agent')117 341 Q 3.87('\()-.74 G(MT)-3.87 E 3.87(A\). Starting)-.93 F
+1.37(with v)3.87 F 1.37(ersion 8.12,)-.15 F F2(sendmail)3.87 E F1 1.37
+(uses one of tw)3.87 F 3.87(od)-.1 G(if)-3.87 E 1.37
+(ferent con\214guration)-.25 F .052
+(\214les based on its operation mode \(or the ne)117 353 R(w)-.25 E F0
+<ad41>2.552 E F1 2.552(option\). F)2.552 F .051
+(or initial mail submission, i.e., if one)-.15 F .951(of the options)117
+365 R F0(\255bm)3.451 E F1(\(def)3.451 E(ault\),)-.1 E F0(\255bs)3.451 E
+F1 3.451(,o)C(r)-3.451 E F0<ad74>3.451 E F1 .951
+(is speci\214ed, submit.cf is used \(if a)3.451 F -.25(va)-.2 G .952
+(ilable\), for other).25 F 2.28(operations sendmail.cf is used.)117 377
+R 2.28(Details can be found in)7.28 F F2(sendmail/SECURITY)4.78 E F1
+7.28(.s)C 2.28(ubmit.cf is)-7.28 F .014
+(shipped with sendmail \(in cf/cf/\) and is installed by def)117 389 R
+2.514(ault. If)-.1 F .014(changes to the con\214guration need)2.514 F
+(to be made, start with cf/cf/submit.mc and follo)117 401 Q 2.5(wt)-.25
+G(he instruction in cf/README.)-2.5 E F0 2.5(1.3.4. /usr/bin/newaliases)
+102 425 R F1(The)142 441.2 Q F2(ne)2.5 E(waliases)-.15 E F1
+(command should just be a link to)2.5 E F2(sendmail)2.5 E F1(:)A
+(rm \255f /usr/bin/ne)157 457.4 Q -.1(wa)-.25 G(liases).1 E
+(ln \255s /usr/sbin/sendmail /usr/bin/ne)157 469.4 Q -.1(wa)-.25 G
+(liases).1 E(This can be installed in whate)117 485.6 Q -.15(ve)-.25 G
+2.5(rs).15 G(earch path you prefer for your system.)-2.5 E F0 2.5
+(1.3.5. /usr/bin/hoststat)102 509.6 R F1(The)142 525.8 Q F2(hoststat)
+5.845 E F1 3.344(command should just be a link to)5.845 F F2(sendmail)
+5.844 E F1 5.844(,i)C 5.844(naf)-5.844 G 3.344(ashion similar to)-5.944
+F F2(ne)117 537.8 Q(waliases)-.15 E F1 6.443(.T)C 1.444(his command lis\
+ts the status of the last mail transaction with all remote hosts.)-6.443
+F(The)117 549.8 Q F0<ad76>3.857 E F1 1.357(\215ag will pre)3.857 F -.15
+(ve)-.25 G 1.357(nt the status display from being truncated.).15 F 1.356
+(It functions only when the)6.356 F F0(HostStatusDir)117 561.8 Q(ectory)
+-.18 E F1(option is set.)2.5 E .32 LW 76 580.4 72 580.4 DL 80 580.4 76
+580.4 DL 84 580.4 80 580.4 DL 88 580.4 84 580.4 DL 92 580.4 88 580.4 DL
+96 580.4 92 580.4 DL 100 580.4 96 580.4 DL 104 580.4 100 580.4 DL 108
+580.4 104 580.4 DL 112 580.4 108 580.4 DL 116 580.4 112 580.4 DL 120
+580.4 116 580.4 DL 124 580.4 120 580.4 DL 128 580.4 124 580.4 DL 132
+580.4 128 580.4 DL 136 580.4 132 580.4 DL 140 580.4 136 580.4 DL 144
+580.4 140 580.4 DL 148 580.4 144 580.4 DL 152 580.4 148 580.4 DL 156
+580.4 152 580.4 DL 160 580.4 156 580.4 DL 164 580.4 160 580.4 DL 168
+580.4 164 580.4 DL 172 580.4 168 580.4 DL 176 580.4 172 580.4 DL 180
+580.4 176 580.4 DL 184 580.4 180 580.4 DL 188 580.4 184 580.4 DL 192
+580.4 188 580.4 DL 196 580.4 192 580.4 DL 200 580.4 196 580.4 DL 204
+580.4 200 580.4 DL 208 580.4 204 580.4 DL 212 580.4 208 580.4 DL 216
+580.4 212 580.4 DL/F4 5/Times-Roman@0 SF(1)93.6 590.8 Q/F5 8
+/Times-Roman@0 SF .385(This is usually /usr/sbin on 4.4BSD and ne)3.2 J
+.385(wer systems; man)-.2 F 2.385(ys)-.12 G .385
+(ystems install it in /usr/lib)-2.385 F 4.384(.I)-.32 G .384
+(understand it is in /usr/ucblib on)-2 F(System V Release 4.)72 603.6 Q
+F4(2)93.6 614 Q F5 .149(Some v)3.2 J .15(endors ship them o)-.12 F .15(\
+wned by bin; this creates a security hole that is not actually related \
+to)-.2 F/F6 8/Times-Italic@0 SF(sendmail)2.15 E F5 4.15(.O)C .15
+(ther important di-)-4.15 F(rectories that should ha)72 626.8 Q .24 -.12
+(ve r)-.16 H(estricti).12 E .24 -.12(ve o)-.2 H(wnerships and permissio\
+ns are /bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib)
+-.08 E(.)-.32 E F4(3)93.6 637.2 Q F5(Actually)3.2 I 2.332(,t)-.52 G .332
+(he pathname v)-2.332 F .332(aries depending on the operating system; /\
+etc/mail is the preferred directory)-.2 F 4.332(.S)-.52 G .332
+(ome older systems in-)-4.332 F 1.486(stall it in)72 650 R/F7 8
+/Times-Bold@0 SF(/usr/lib/sendmail.cf)3.486 E F5 3.486(,a)C 1.486(nd I')
+-3.486 F 1.726 -.12(ve a)-.4 H 1.486(lso seen it in).12 F F7
+(/usr/ucblib)3.486 E F5 5.486(.I)C 3.486(fy)-5.486 G 1.486(ou w)-3.486 F
+1.487(ant to mo)-.08 F 1.727 -.12(ve t)-.12 H 1.487
+(his \214le, add -D_P).12 F -.888(AT)-.736 G(H_SENDMAIL-).888 E .093
+(CF=\\"/\214le/name\\" to the \215ags passed to the C compiler)72 659.6
+R 4.093(.M)-.44 G -.12(ov)-4.093 G .093
+(ing this \214le is not recommended: other programs and scripts kno).12
+F 2.093(wo)-.2 G 2.092(ft)-2.093 G(his)-2.092 E(location.)72 669.2 Q F4
+(4)93.6 679.6 Q F5 .589
+(The system libraries can reference other \214les; in particular)3.2 J
+2.589(,s)-.32 G .589(ystem library subroutines that)-2.589 F F6
+(sendmail)2.588 E F5 .588(calls probably reference)2.588 F F6
+(/etc/passwd)72 692.4 Q F5(and)2 E F6(/etc/r)2 E(esolv)-.296 E(.conf)
+-.592 E F5(.)A 0 Cg EP
%%Page: 11 7
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3131>195.86 E
-2.5<312e332e372e202f76>102 96 R<61722f73706f6f6c2f6d7175657565>-.1 E/F1
-10/Times-Roman@0 SF .217<546865206469726563746f7279>142 112.2 R/F2 10
-/Times-Italic@0 SF<2f7661722f73706f6f6c2f6d7175657565>2.717 E F1 .218<73
-686f756c64206265206372656174656420746f20686f6c6420746865206d61696c207175
-6575652e>2.717 F .218<54686973206469726563746f7279>5.218 F
-<73686f756c64206265206d6f6465203037303020616e64206f>117 124.2 Q
-<776e656420627920726f6f742e>-.25 E 1.192<5468652061637475616c2070617468
-206f662074686973206469726563746f72792069732064658c6e656420627920746865>
-142 140.4 R F0<5175657565446972>3.691 E<6563746f7279>-.18 E F1 1.191
-<6f7074696f6e206f6620746865>3.691 F F2<73656e642d>3.691 E
-<6d61696c2e6366>117 152.4 Q F1 4.427<8c6c652e2054>4.427 F 4.428<6f75>-.8
-G 1.928<7365206d756c7469706c65207175657565732c20737570706c7920612076>
--4.428 F 1.928
-<616c756520656e64696e67207769746820616e20617374657269736b2e>-.25 F -.15
-<466f>6.928 G 4.428<7265>.15 G<78616d706c652c>-4.578 E F2
-<2f7661722f73706f6f6c2f6d71756575652f71642a>117 164.4 Q F1 .737<77696c6c
-2075736520616c6c206f6620746865206469726563746f72696573206f722073796d626f
-6c6963206c696e6b7320746f206469726563746f72696573206265>3.237 F
-<67696e6e696e67>-.15 E .779<77697468206071642720696e>117 176.4 R F2
-<2f7661722f73706f6f6c2f6d7175657565>3.279 E F1 .779
-<6173207175657565206469726563746f726965732e>3.279 F .779<446f206e6f7420
-6368616e676520746865207175657565206469726563746f72792073747275632d>5.779
-F<74757265207768696c652073656e646d61696c2069732072756e6e696e672e>117
-188.4 Q .898<4966207468657365206469726563746f72696573206861>142 204.6 R
-1.198 -.15<76652073>-.2 H .897<75626469726563746f72696573206f722073796d
-626f6c6963206c696e6b7320746f206469726563746f72696573206e616d656420607166>
-.15 F .897<272c20606466>.55 F<272c>.55 E 1.24<616e6420607866>117 216.6 R
-1.24<272c207468656e2074686573652077696c6c206265207573656420666f72207468
-6520646966>.55 F 1.241<666572656e74207175657565208c6c652074797065732e>
--.25 F 1.241<546861742069732c207468652064617461208c6c657320617265>6.241
-F .247<73746f72656420696e2074686520606466>117 228.6 R 2.747<2773>.55 G
-<75626469726563746f7279>-2.747 E 2.746<2c74>-.65 G .246<6865207472616e73
-6372697074208c6c6573206172652073746f72656420696e2074686520607866>-2.746
-F 2.746<2773>.55 G<75626469726563746f7279>-2.746 E 2.746<2c61>-.65 G
-.246<6e6420616c6c206f74682d>-2.746 F
-<657273206172652073746f72656420696e2074686520607166>117 240.6 Q 2.5
-<2773>.55 G<75626469726563746f7279>-2.5 E<2e>-.65 E 1.602<49662073686172
-6564206d656d6f727920737570706f727420697320636f6d70696c656420696e2c>142
-256.8 R F2<73656e646d61696c>4.102 E F1 1.602<73746f726573207468652061>
-4.102 F -.25<7661>-.2 G 1.603
-<696c61626c65206469736b737061636520696e2061>.25 F 1.065
-<736861726564206d656d6f7279207365>117 268.8 R 1.065
-<676d656e7420746f206d616b>-.15 F 3.565<6574>-.1 G 1.065<68652076>-3.565
-F 1.065<616c7565732072656164696c792061>-.25 F -.25<7661>-.2 G 1.064<696c
-61626c6520746f20616c6c206368696c6472656e20776974686f757420696e6375727269
-6e67>.25 F .25<73797374656d206f>117 280.8 R -.15<7665>-.15 G 2.75
-<72686561642e20496e>.15 F .251<7468697320636173652c206f6e6c792074686520
-6461656d6f6e20757064617465732074686520646174613b20692e652e2c207468652073
-656e646d61696c206461656d6f6e206372652d>2.75 F 1.037
-<617465732074686520736861726564206d656d6f7279207365>117 292.8 R 1.037<67
-6d656e7420616e642064656c65746573206974206966206974206973207465726d696e61
-7465642e>-.15 F 2.637 -.8<546f2075>6.037 H 1.037<736520746869732c>.8 F
-F2<73656e646d61696c>3.536 E F1<6d757374>3.536 E<6861>117 304.8 Q 2.461
--.15<76652062>-.2 H 2.162<65656e20636f6d70696c6564207769746820737570706f
-727420666f7220736861726564206d656d6f727920282d44534d5f434f4e465f53484d29
-20616e6420746865206f7074696f6e>.15 F F0<53686172>117 316.8 Q
-<65644d656d6f72794b>-.18 E<6579>-.25 E F1 1.517
-<6d757374206265207365742e>4.017 F 1.516
-<4e6f746963653a20646f206e6f7420757365207468652073616d65206b>6.516 F
-1.816 -.15<65792066>-.1 H<6f72>.15 E F2<73656e646d61696c>4.016 E F1
-<696e>4.016 E -.2<766f>-.4 G<636174696f6e73>.2 E .031<7769746820646966>
-117 328.8 R .031
-<666572656e74207175657565206469726563746f72696573206f7220646966>-.25 F
-.032<666572656e742071756575652067726f7570206465636c61726174696f6e732e>
--.25 F .032<41636365737320746f20736861726564206d656d6f7279>5.032 F 1.542
-<6973206e6f7420636f6e74726f6c6c6564206279206c6f636b732c20692e652e2c2074
-686572652069732061207261636520636f6e646974696f6e207768656e20646174612069
-6e2074686520736861726564206d656d6f7279206973>117 340.8 R 2.844
-<757064617465642e20486f>117 352.8 R<7765>-.25 E -.15<7665>-.25 G 1.144
--.4<722c2073>.15 H .344<696e6365206f7065726174696f6e206f66>.4 F F2
-<73656e646d61696c>2.844 E F1 .344<646f6573206e6f742072656c79206f6e207468
-65206461746120696e2074686520736861726564206d656d6f7279>2.844 F<2c>-.65 E
-<7468697320646f6573206e6f74206e65>117 364.8 Q -.05<6761>-.15 G<7469>.05
-E -.15<7665>-.25 G<6c7920696e8d75656e6365207468652062656861>.15 E
-<76696f72>-.2 E<2e>-.55 E F0 2.5<312e332e382e202f76>102 388.8 R
-<61722f73706f6f6c2f636c69656e746d7175657565>-.1 E F1 1.727
-<546865206469726563746f7279>142 405 R F2
-<2f7661722f73706f6f6c2f636c69656e746d7175657565>4.227 E F1 1.726<73686f
-756c64206265206372656174656420746f20686f6c6420746865206d61696c2071756575
-652e>4.227 F<54686973>6.726 E
-<6469726563746f72792073686f756c64206265206d6f6465203037373020616e64206f>
-117 417 Q
-<776e6564206279207573657220736d6d73702c2067726f757020736d6d73702e>-.25 E
-.139<5468652061637475616c2070617468206f662074686973206469726563746f7279
-2069732064658c6e656420627920746865>142 433.2 R F0<5175657565446972>2.639
-E<6563746f7279>-.18 E F1 .14<6f7074696f6e206f6620746865>2.64 F F2
-<7375626d69742e6366>2.64 E F1<8c6c652e>117 445.2 Q F0 2.5
-<312e332e392e202f76>102 469.2 R
-<61722f73706f6f6c2f6d71756575652f2e686f737473746174>-.1 E F1 1.045
-<546869732069732061207479706963616c2076>142 485.4 R 1.045
-<616c756520666f7220746865>-.25 F F0<486f7374537461747573446972>3.545 E
-<6563746f7279>-.18 E F1 1.044
-<6f7074696f6e2c20636f6e7461696e696e67206f6e65208c6c652070657220686f7374>
-3.545 F<7468617420746869732073656e646d61696c2068617320636861747465642077
-69746820726563656e746c79>117 497.4 Q 5<2e49>-.65 G 2.5<7469>-5 G 2.5
-<736e>-2.5 G<6f726d616c6c792061207375626469726563746f7279206f66>-2.5 E
-F2<6d7175657565>2.5 E F1<2e>A F0 2.5
-<312e332e31302e202f6574632f6d61696c2f616c69617365732a>102 521.4 R F1
-.019<5468652073797374656d20616c6961736573206172652068656c6420696e20992f
-6574632f6d61696c2f616c69617365739a2e>142 537.6 R 2.519<4173>5.019 G .019
-<616d706c65206973206769>-2.519 F -.15<7665>-.25 G 2.52<6e69>.15 G 2.52
-<6e99>-2.52 G<73656e646d61696c2f616c69617365739a>-2.52 E
-<776869636820696e636c7564657320736f6d6520616c6961736573207768696368>117
-549.6 Q F2<6d757374>2.5 E F1<62652064658c6e65643a>2.5 E<63702073656e646d
-61696c2f616c6961736573202f6574632f6d61696c2f616c6961736573>157 565.8 Q
-F2<65646974202f6574632f6d61696c2f616c6961736573>157 577.8 Q F1 -1.1
-<596f>117 594 S 2.5<7573>1.1 G<686f756c642065>-2.5 E
-<7874656e642074686973208c6c65207769746820616e>-.15 E 2.5<7961>-.15 G<6c
-6961736573207468617420617265206170726f706f7320746f20796f7572207379737465
-6d2e>-2.5 E<4e6f726d616c6c79>142 610.2 Q F2<73656e646d61696c>7.984 E F1
-5.484<6c6f6f6b7320617420612064617461626173652076>7.984 F 5.483<65727369
-6f6e206f6620746865208c6c65732c2073746f7265642065697468657220696e>-.15 F
-1.089<992f6574632f6d61696c2f616c69617365732e6469729a20616e6420992f657463
-2f6d61696c2f616c69617365732e7061679a206f7220992f6574632f6d61696c2f616c69
-617365732e64629a20646570656e64696e67206f6e207768696368>117 622.2 R .203
-<6461746162617365207061636b61676520796f7520617265207573696e672e>117
-634.2 R .202<5468652061637475616c2070617468206f662074686973208c6c652069
-732064658c6e656420696e20746865>5.203 F F0<416c69617346696c65>2.702 E F1
-.202<6f7074696f6e206f66>2.702 F<746865>117 646.2 Q F2
-<73656e646d61696c2e6366>2.5 E F1<8c6c652e>2.5 E .154<546865207065726d69
-7373696f6e73206f662074686520616c696173208c6c6520616e64207468652064617461
-626173652076>142 662.4 R .155
-<657273696f6e732073686f756c64206265203036343020746f20707265>-.15 F -.15
-<7665>-.25 G .155<6e74206c6f63616c>.15 F .242
-<64656e69616c206f6620736572766963652061747461636b732061732065>117 674.4
-R .242<78706c61696e656420696e2074686520746f70206c65>-.15 F -.15<7665>
--.25 G<6c>.15 E F0<524541444d45>2.742 E F1 .242
-<696e207468652073656e646d61696c2064697374726962>2.742 F 2.742
-<7574696f6e2e204966>-.2 F .909<746865207065726d697373696f6e732030363430
-2061726520757365642c20626520737572652074686174206f6e6c792074727573746564
-2075736572732062656c6f6e6720746f207468652067726f75702061737369676e656420
-746f>117 686.4 R<74686f7365208c6c65732e>117 698.4 Q
-<4f74686572776973652c208c6c65732073686f756c64206e6f742065>5 E -.15<7665>
--.25 G 2.5<6e62>.15 G 2.5<6567>-2.5 G<726f7570207265616461626c652e>-2.5
-E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-11)195.86 E 2.5(1.3.6. /usr/bin/pur)102 96 R(gestat)-.1 E/F1 10
+/Times-Roman@0 SF .186(This command is also a link to)142 112.2 R/F2 10
+/Times-Italic@0 SF(sendmail)2.687 E F1 5.187(.I)C 2.687<748d>-5.187 G
+.187(ushes e)-2.687 F .187(xpired \(T)-.15 F .187
+(imeout.hoststatus\) informa-)-.35 F(tion that is stored in the)117
+124.2 Q F0(HostStatusDir)2.5 E(ectory)-.18 E F1(tree.)2.5 E F0 2.5
+(1.3.7. /v)102 148.2 R(ar/spool/mqueue)-.1 E F1 .218(The directory)142
+164.4 R F2(/var/spool/mqueue)2.718 E F1 .217
+(should be created to hold the mail queue.)2.718 F .217(This directory)
+5.217 F(should be mode 0700 and o)117 176.4 Q(wned by root.)-.25 E 1.191
+(The actual path of this directory is de\214ned by the)142 192.6 R F0
+(QueueDir)3.692 E(ectory)-.18 E F1 1.192(option of the)3.692 F F2(send-)
+3.692 E(mail.cf)117 204.6 Q F1 4.428(\214le. T)4.428 F 4.428(ou)-.8 G
+1.928(se multiple queues, supply a v)-4.428 F 1.928
+(alue ending with an asterisk.)-.25 F -.15(Fo)6.927 G 4.427(re).15 G
+(xample,)-4.577 E F2(/var/spool/mqueue/qd*)117 216.6 Q F1 .737
+(will use all of the directories or symbolic links to directories be)
+3.236 F(ginning)-.15 E .78(with `qd' in)117 228.6 R F2
+(/var/spool/mqueue)3.28 E F1 .779(as queue directories.)3.279 F .779
+(Do not change the queue directory struc-)5.779 F
+(ture while sendmail is running.)117 240.6 Q .897
+(If these directories ha)142 256.8 R 1.197 -.15(ve s)-.2 H .898
+(ubdirectories or symbolic links to directories named `qf).15 F .898
+(', `df).55 F(',).55 E 1.241(and `xf)117 268.8 R 1.241
+(', then these will be used for the dif).55 F 1.24
+(ferent queue \214le types.)-.25 F 1.24(That is, the data \214les are)
+6.24 F .246(stored in the `df)117 280.8 R 2.746('s).55 G(ubdirectory)
+-2.746 E 2.746(,t)-.65 G .246
+(he transcript \214les are stored in the `xf)-2.746 F 2.747('s).55 G
+(ubdirectory)-2.747 E 2.747(,a)-.65 G .247(nd all oth-)-2.747 F
+(ers are stored in the `qf)117 292.8 Q 2.5('s).55 G(ubdirectory)-2.5 E
+(.)-.65 E 1.603(If shared memory support is compiled in,)142 309 R F2
+(sendmail)4.102 E F1 1.602(stores the a)4.102 F -.25(va)-.2 G 1.602
+(ilable diskspace in a).25 F 1.064(shared memory se)117 321 R 1.064
+(gment to mak)-.15 F 3.564(et)-.1 G 1.065(he v)-3.564 F 1.065
+(alues readily a)-.25 F -.25(va)-.2 G 1.065
+(ilable to all children without incurring).25 F .251(system o)117 333 R
+-.15(ve)-.15 G 2.751(rhead. In).15 F .251(this case, only the daemon up\
+dates the data; i.e., the sendmail daemon cre-)2.751 F 1.036
+(ates the shared memory se)117 345 R 1.037
+(gment and deletes it if it is terminated.)-.15 F 2.637 -.8(To u)6.037 H
+1.037(se this,).8 F F2(sendmail)3.537 E F1(must)3.537 E(ha)117 357 Q
+2.462 -.15(ve b)-.2 H 2.162(een compiled with support for shared memory\
+ \(-DSM_CONF_SHM\) and the option).15 F F0(Shar)117 369 Q(edMemoryK)-.18
+E(ey)-.25 E F1 1.516(must be set.)4.016 F 1.516
+(Notice: do not use the same k)6.516 F 1.816 -.15(ey f)-.1 H(or).15 E F2
+(sendmail)4.017 E F1(in)4.017 E -.2(vo)-.4 G(cations).2 E .032(with dif)
+117 381 R .032(ferent queue directories or dif)-.25 F .032
+(ferent queue group declarations.)-.25 F .031(Access to shared memory)
+5.031 F 1.542(is not controlled by locks, i.e., there is a race conditi\
+on when data in the shared memory is)117 393 R 2.844(updated. Ho)117 405
+R(we)-.25 E -.15(ve)-.25 G 1.144 -.4(r, s).15 H .344(ince operation of)
+.4 F F2(sendmail)2.844 E F1 .344
+(does not rely on the data in the shared memory)2.844 F(,)-.65 E
+(this does not ne)117 417 Q -.05(ga)-.15 G(ti).05 E -.15(ve)-.25 G
+(ly in\215uence the beha).15 E(vior)-.2 E(.)-.55 E F0 2.5(1.3.8. /v)102
+441 R(ar/spool/clientmqueue)-.1 E F1 1.726(The directory)142 457.2 R F2
+(/var/spool/clientmqueue)4.226 E F1 1.726
+(should be created to hold the mail queue.)4.226 F(This)6.727 E
+(directory should be mode 0770 and o)117 469.2 Q
+(wned by user smmsp, group smmsp.)-.25 E .139
+(The actual path of this directory is de\214ned by the)142 485.4 R F0
+(QueueDir)2.639 E(ectory)-.18 E F1 .139(option of the)2.639 F F2
+(submit.cf)2.639 E F1(\214le.)117 497.4 Q F0 2.5(1.3.9. /v)102 521.4 R
+(ar/spool/mqueue/.hoststat)-.1 E F1 1.044(This is a typical v)142 537.6
+R 1.044(alue for the)-.25 F F0(HostStatusDir)3.545 E(ectory)-.18 E F1
+1.045(option, containing one \214le per host)3.545 F
+(that this sendmail has chatted with recently)117 549.6 Q 5(.I)-.65 G
+2.5(ti)-5 G 2.5(sn)-2.5 G(ormally a subdirectory of)-2.5 E F2(mqueue)2.5
+E F1(.)A F0 2.5(1.3.10. /etc/mail/aliases*)102 573.6 R F1 .019
+(The system aliases are held in \231/etc/mail/aliases\232.)142 589.8 R
+2.519(As)5.019 G .019(ample is gi)-2.519 F -.15(ve)-.25 G 2.519(ni).15 G
+2.519<6e99>-2.519 G(sendmail/aliases\232)-2.519 E
+(which includes some aliases which)117 601.8 Q F2(must)2.5 E F1
+(be de\214ned:)2.5 E(cp sendmail/aliases /etc/mail/aliases)157 618 Q F2
+(edit /etc/mail/aliases)157 630 Q F1 -1.1(Yo)117 646.2 S 2.5(us)1.1 G
+(hould e)-2.5 E(xtend this \214le with an)-.15 E 2.5(ya)-.15 G
+(liases that are apropos to your system.)-2.5 E(Normally)142 662.4 Q F2
+(sendmail)7.983 E F1 5.483(looks at a database v)7.983 F 5.484
+(ersion of the \214les, stored either in)-.15 F 1.089(\231/etc/mail/ali\
+ases.dir\232 and \231/etc/mail/aliases.pag\232 or \231/etc/mail/aliases\
+.db\232 depending on which)117 674.4 R .202
+(database package you are using.)117 686.4 R .202
+(The actual path of this \214le is de\214ned in the)5.202 F F0
+(AliasFile)2.703 E F1 .203(option of)2.703 F(the)117 698.4 Q F2
+(sendmail.cf)2.5 E F1(\214le.)2.5 E 0 Cg EP
%%Page: 12 8
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d31322053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-2.5<312e332e31312e202f6574632f72>102 96 R 2.5<636f>-.18 G 2.5<722f>-2.5
-G<6574632f696e69742e642f73656e646d61696c>-2.5 E/F1 10/Times-Roman@0 SF
-.156<49742077696c6c206265206e656365737361727920746f20737461727420757020
-746865>142 112.2 R/F2 10/Times-Italic@0 SF<73656e646d61696c>2.655 E F1
-.155<6461656d6f6e207768656e20796f75722073797374656d207265626f6f74732e>
-2.655 F .155<54686973206461652d>5.155 F 1.537
-<6d6f6e20706572666f726d73207477>117 124.2 R 4.037<6f66>-.1 G 1.537<756e
-6374696f6e733a206974206c697374656e73206f6e2074686520534d545020736f636b>
--4.037 F 1.537<657420666f7220636f6e6e656374696f6e732028746f207265636569>
--.1 F 1.838 -.15<7665206d>-.25 H<61696c>.15 E .442<66726f6d20612072656d
-6f74652073797374656d2920616e642069742070726f6365737365732074686520717565
-756520706572696f646963616c6c7920746f20696e737572652074686174206d61696c20
-676574732064656c69>117 136.2 R -.15<7665>-.25 G<726564>.15 E
-<7768656e20686f73747320636f6d652075702e>117 148.2 Q .893
-<4966206e6563657373617279>142 164.4 R 3.393<2c61>-.65 G .893
-<64642074686520666f6c6c6f>-3.393 F .893<77696e67206c696e657320746f20992f
-6574632f72639a20286f7220992f6574632f72632e6c6f63616c9a20617320617070726f
-7072696174652920696e20746865>-.25 F .313<617265612077686572652069742069
-73207374617274696e6720757020746865206461656d6f6e73206f6e2061204253442d62
-6173652073797374656d2c206f72206f6e20612053797374656d2d56>117 176.4 R
-.312<2d62617365642073797374656d>-1 F<696e206f6e65206f662074686520737461
-72747570208c6c65732c207479706963616c6c7920992f6574632f696e69742e642f7365
-6e646d61696c9a3a>117 188.4 Q<6966205b20ad66202f7573722f7362696e2f73656e
-646d61696c20ad6120ad66202f6574632f6d61696c2f73656e646d61696c2e6366205d3b
-207468656e>157 204.6 Q<286364202f76>193 216.6 Q
-<61722f73706f6f6c2f6d71756575653b20726d20ad662078662a29>-.25 E
-<2f7573722f7362696e2f73656e646d61696c20ad626420ad7133306d2026>193 228.6
-Q<6563686f20ad6e20272073656e646d61696c27203e2f6465>193 240.6 Q
-<762f636f6e736f6c65>-.25 E<8c>157 252.6 Q 1.611<546865209963649a20616e64
-2099726d9a20636f6d6d616e647320696e73757265207468617420616c6c207472616e73
-6372697074208c6c6573206861>117 268.8 R 1.911 -.15<76652062>-.2 H 1.611
-<65656e2072656d6f>.15 F -.15<7665>-.15 G 1.611<643b2065>.15 F
-<787472616e656f7573>-.15 E .773<7472616e736372697074208c6c6573206d617920
-6265206c6566742061726f756e64206966207468652073797374656d20676f657320646f>
-117 280.8 R .772<776e20696e20746865206d6964646c65206f662070726f63657373
-696e672061206d65732d>-.25 F 3.921<736167652e20546865>117 292.8 R 1.422
-<6c696e6520746861742061637475616c6c7920696e>3.921 F -.2<766f>-.4 G -.1
-<6b65>.2 G<73>.1 E F2<73656e646d61696c>3.922 E F1 1.422<686173207477>
-3.922 F 3.922<6f8d>-.1 G 1.422<6167733a2099ad62649a20636175736573206974
-20746f206c697374656e206f6e20746865>-3.922 F<534d545020706f72742c20616e64
-2099ad7133306d9a2063617573657320697420746f2072756e2074686520717565756520
-65>117 304.8 Q -.15<7665>-.25 G<72792068616c6620686f7572>.15 E<2e>-.55 E
-.03<536f6d652070656f706c65207573652061206d6f726520636f6d706c65>142 321 R
-2.529<7873>-.15 G .029<746172747570207363726970742c2072656d6f>-2.529 F
-.029<76696e67207a65726f206c656e6774682071662f68662f5166208c6c657320616e
-64206466>-.15 F .022<8c6c657320666f72207768696368207468657265206973206e
-6f2071662f68662f5166208c6c652e>117 333 R .022
-<4e6f74652074686973206973206e6f7420616476697361626c652e>5.022 F -.15
-<466f>5.022 G 2.522<7265>.15 G .023
-<78616d706c652c2073656520466967757265203120666f72>-2.672 F<616e2065>117
-345 Q<78616d706c65206f66206120636f6d706c65>-.15 E 2.5<7873>-.15 G
-<637269707420776869636820646f6573207468697320636c65616e2075702e>-2.5 E
-F0 2.5<312e332e31322e202f6574632f6d61696c2f68656c708c6c65>102 369 R F1
-.161<54686973206973207468652068656c70208c6c6520757365642062792074686520
-534d5450>142 385.2 R F0<48454c50>2.661 E F1 2.66<636f6d6d616e642e204974>
-2.661 F .16<73686f756c6420626520636f706965642066726f6d209973656e642d>
-2.66 F<6d61696c2f68656c708c6c659a3a>117 397.2 Q<63702073656e646d61696c2f
-68656c708c6c65202f6574632f6d61696c2f68656c708c6c65>157 413.4 Q<54686520
-61637475616c2070617468206f662074686973208c6c652069732064658c6e656420696e
-20746865>117 429.6 Q F0<48656c7046696c65>2.5 E F1
-<6f7074696f6e206f6620746865>2.5 E F2<73656e646d61696c2e6366>2.5 E F1
-<8c6c652e>2.5 E F0 2.5
-<312e332e31332e202f6574632f6d61696c2f73746174697374696373>102 453.6 R F1
-3.04<496620796f75207769736820746f20636f6c6c6563742073746174697374696373
-2061626f757420796f7572206d61696c2074726166>142 469.8 R 3.04
-<8c632c20796f752073686f756c642063726561746520746865208c6c65>-.25 F
-<992f6574632f6d61696c2f737461746973746963739a3a>117 481.8 Q
-<6370202f6465>157 498 Q
-<762f6e756c6c202f6574632f6d61696c2f73746174697374696373>-.25 E
-<63686d6f642030363030202f6574632f6d61696c2f73746174697374696373>157 510
-Q .716<54686973208c6c6520646f6573206e6f742067726f>117 526.2 R 4.516 -.65
-<772e2049>-.25 H 3.216<7469>.65 G 3.216<7370>-3.216 G .716<72696e746564
-2077697468207468652070726f6772616d20996d61696c73746174732f6d61696c737461
-74732e632e>-3.216 F 5.715<9a54>-.7 G .715<68652061637475616c2070617468>
--5.715 F<6f662074686973208c6c652069732064658c6e656420696e20746865>117
-538.2 Q F0<53>2.5 E F1<6f7074696f6e206f6620746865>2.5 E F2
-<73656e646d61696c2e6366>2.5 E F1<8c6c652e>2.5 E F0 2.5
-<312e332e31342e202f7573722f62696e2f6d61696c71>102 562.2 R F1<4966>142
-578.4 Q F2<73656e646d61696c>3.439 E F1 .939<697320696e>3.439 F -.2<766f>
--.4 G -.1<6b65>.2 G 3.439<6461>.1 G 3.439<7399>-3.439 G<6d61696c712c>
--3.439 E 3.439<9a69>-.7 G 3.439<7477>-3.439 G .939
-<696c6c2073696d756c61746520746865>-3.439 F F0<ad6270>3.439 E F1 .94
-<8d61672028692e652e2c>3.44 F F2<73656e646d61696c>3.44 E F1 .94
-<77696c6c207072696e74>3.44 F<74686520636f6e74656e7473206f6620746865206d
-61696c2071756575653b207365652062656c6f>117 590.4 Q 2.5<77292e2054686973>
--.25 F<73686f756c642062652061206c696e6b20746f202f7573722f7362696e2f7365
-6e646d61696c2e>2.5 E F0 2.5<312e332e31352e2073656e646d61696c2e706964>102
-614.4 R F2<73656e646d61696c>142 630.6 Q F1 2.334<73746f7265732069747320
-63757272656e742070696420696e20746865208c6c652073706563698c65642062792074
-6865>4.834 F F0<50696446696c65>4.833 E F1 2.333<6f7074696f6e2028646566>
-4.833 F 2.333<61756c74206973>-.1 F<5f50>117 642.6 Q -1.11<4154>-.92 G
-<485f53454e444d41494c504944292e>1.11 E F2<73656e646d61696c>5.697 E F1
-<75736573>3.197 E F0 -.92<5465>3.197 G<6d7046696c654d6f6465>.92 E F1
-.697<28776869636820646566>3.197 F .697
-<61756c747320746f2030363030292061732074686520706572>-.1 F<2d>-.2 E 1.958
-<6d697373696f6e73206f662074686174208c6c6520746f20707265>117 654.6 R -.15
-<7665>-.25 G 1.958<6e74206c6f63616c2064656e69616c206f662073657276696365
-2061747461636b732061732065>.15 F 1.958
-<78706c61696e656420696e2074686520746f70206c65>-.15 F -.15<7665>-.25 G
-<6c>.15 E F0<524541444d45>117 666.6 Q F1 .64
-<696e207468652073656e646d61696c2064697374726962>3.14 F 3.14
-<7574696f6e2e204966>-.2 F .64<746865208c6c6520616c72656164792065>3.14 F
-.64<78697374732c207468656e206974206d69676874206265206e656365737361727920
-746f>-.15 F
-<6368616e676520746865207065726d697373696f6e73206163636f7264696e676c79>
-117 678.6 Q 2.5<2c65>-.65 G<2e672e2c>-2.5 E<63686d6f642030363030202f76>
-157 694.8 Q<61722f72756e2f73656e646d61696c2e706964>-.25 E 1.956
-<4e6f74652074686174206173206f662076>117 711 R 1.956
-<657273696f6e20382e31332c2074686973208c6c6520697320756e6c696e6b>-.15 F
-1.956<6564207768656e>-.1 F F2<73656e646d61696c>4.456 E F1 -.15<6578>
-4.456 G 4.456<6974732e204173>.15 F 4.456<6172>4.456 G 1.955
-<6573756c74206f662074686973>-4.456 F 1.324
-<6368616e67652c20612073637269707420737563682061732074686520666f6c6c6f>
-117 723 R 1.324<77696e672c207768696368206d6179206861>-.25 F 1.624 -.15
-<76652077>-.2 H<6f726b>.05 E 1.325
-<6564207072696f7220746f20382e31332c2077696c6c206e6f206c6f6e676572>-.1 F
-0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-12 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .155
+(The permissions of the alias \214le and the database v)142 96 R .154
+(ersions should be 0640 to pre)-.15 F -.15(ve)-.25 G .154(nt local).15 F
+.242(denial of service attacks as e)117 108 R .242
+(xplained in the top le)-.15 F -.15(ve)-.25 G(l).15 E F0(README)2.742 E
+F1 .242(in the sendmail distrib)2.742 F 2.742(ution. If)-.2 F .909(the \
+permissions 0640 are used, be sure that only trusted users belong to th\
+e group assigned to)117 120 R(those \214les.)117 132 Q
+(Otherwise, \214les should not e)5 E -.15(ve)-.25 G 2.5(nb).15 G 2.5(eg)
+-2.5 G(roup readable.)-2.5 E F0 2.5(1.3.11. /etc/r)102 156 R 2.5(co)-.18
+G 2.5(r/)-2.5 G(etc/init.d/sendmail)-2.5 E F1 .155
+(It will be necessary to start up the)142 172.2 R/F2 10/Times-Italic@0
+SF(sendmail)2.655 E F1 .156(daemon when your system reboots.)2.655 F
+.156(This dae-)5.156 F 1.538(mon performs tw)117 184.2 R 4.037(of)-.1 G
+1.537(unctions: it listens on the SMTP sock)-4.037 F 1.537
+(et for connections \(to recei)-.1 F 1.837 -.15(ve m)-.25 H(ail).15 E
+.442(from a remote system\) and it processes the queue periodically to \
+insure that mail gets deli)117 196.2 R -.15(ve)-.25 G(red).15 E
+(when hosts come up.)117 208.2 Q .894(If necessary)142 224.4 R 3.393(,a)
+-.65 G .893(dd the follo)-3.393 F .893(wing lines to \231/etc/rc\232 \(\
+or \231/etc/rc.local\232 as appropriate\) in the)-.25 F .312(area where\
+ it is starting up the daemons on a BSD-base system, or on a System-V)
+117 236.4 R .313(-based system)-1 F
+(in one of the startup \214les, typically \231/etc/init.d/sendmail\232:)
+117 248.4 Q(if [ \255f /usr/sbin/sendmail \255a \255f /etc/mail/sendmai\
+l.cf ]; then)157 264.6 Q(\(cd /v)193 276.6 Q
+(ar/spool/mqueue; rm \255f xf*\))-.25 E
+(/usr/sbin/sendmail \255bd \255q30m &)193 288.6 Q
+(echo \255n ' sendmail' >/de)193 300.6 Q(v/console)-.25 E<8c>157 312.6 Q
+1.611(The \231cd\232 and \231rm\232 commands insure that all transcript\
+ \214les ha)117 328.8 R 1.91 -.15(ve b)-.2 H 1.61(een remo).15 F -.15
+(ve)-.15 G 1.61(d; e).15 F(xtraneous)-.15 E .772
+(transcript \214les may be left around if the system goes do)117 340.8 R
+.773(wn in the middle of processing a mes-)-.25 F 3.922(sage. The)117
+352.8 R 1.422(line that actually in)3.922 F -.2(vo)-.4 G -.1(ke).2 G(s)
+.1 E F2(sendmail)3.922 E F1 1.422(has tw)3.922 F 3.922<6f8d>-.1 G 1.422
+(ags: \231\255bd\232 causes it to listen on the)-3.922 F
+(SMTP port, and \231\255q30m\232 causes it to run the queue e)117 364.8
+Q -.15(ve)-.25 G(ry half hour).15 E(.)-.55 E .029
+(Some people use a more comple)142 381 R 2.529(xs)-.15 G .029
+(tartup script, remo)-2.529 F .03
+(ving zero length qf/hf/Qf \214les and df)-.15 F .023
+(\214les for which there is no qf/hf/Qf \214le.)117 393 R .022
+(Note this is not advisable.)5.022 F -.15(Fo)5.022 G 2.522(re).15 G .022
+(xample, see Figure 1 for)-2.672 F(an e)117 405 Q(xample of a comple)
+-.15 E 2.5(xs)-.15 G(cript which does this clean up.)-2.5 E F0 2.5
+(1.3.12. /etc/mail/help\214le)102 429 R F1 .16
+(This is the help \214le used by the SMTP)142 445.2 R F0(HELP)2.661 E F1
+2.661(command. It)2.661 F .161(should be copied from \231send-)2.661 F
+(mail/help\214le\232:)117 457.2 Q
+(cp sendmail/help\214le /etc/mail/help\214le)157 473.4 Q
+(The actual path of this \214le is de\214ned in the)117 489.6 Q F0
+(HelpFile)2.5 E F1(option of the)2.5 E F2(sendmail.cf)2.5 E F1(\214le.)
+2.5 E F0 2.5(1.3.13. /etc/mail/statistics)102 513.6 R F1 3.04
+(If you wish to collect statistics about your mail traf)142 529.8 R 3.04
+(\214c, you should create the \214le)-.25 F
+(\231/etc/mail/statistics\232:)117 541.8 Q(cp /de)157 558 Q
+(v/null /etc/mail/statistics)-.25 E(chmod 0600 /etc/mail/statistics)157
+570 Q .715(This \214le does not gro)117 586.2 R 4.516 -.65(w. I)-.25 H
+3.216(ti).65 G 3.216(sp)-3.216 G .716
+(rinted with the program \231mailstats/mailstats.c.)-3.216 F 5.716<9a54>
+-.7 G .716(he actual path)-5.716 F(of this \214le is de\214ned in the)
+117 598.2 Q F0(S)2.5 E F1(option of the)2.5 E F2(sendmail.cf)2.5 E F1
+(\214le.)2.5 E F0 2.5(1.3.14. /usr/bin/mailq)102 622.2 R F1(If)142 638.4
+Q F2(sendmail)3.44 E F1 .94(is in)3.44 F -.2(vo)-.4 G -.1(ke).2 G 3.44
+(da).1 G 3.44<7399>-3.44 G(mailq,)-3.44 E 3.439<9a69>-.7 G 3.439(tw)
+-3.439 G .939(ill simulate the)-3.439 F F0(\255bp)3.439 E F1 .939
+(\215ag \(i.e.,)3.439 F F2(sendmail)3.439 E F1 .939(will print)3.439 F
+(the contents of the mail queue; see belo)117 650.4 Q 2.5(w\). This)-.25
+F(should be a link to /usr/sbin/sendmail.)2.5 E F0 2.5
+(1.3.15. sendmail.pid)102 674.4 R F2(sendmail)142 690.6 Q F1 2.333
+(stores its current pid in the \214le speci\214ed by the)4.833 F F0
+(PidFile)4.834 E F1 2.334(option \(def)4.834 F 2.334(ault is)-.1 F(_P)
+117 702.6 Q -1.11(AT)-.92 G(H_SENDMAILPID\).)1.11 E F2(sendmail)5.697 E
+F1(uses)3.197 E F0 -.92(Te)3.197 G(mpFileMode).92 E F1 .697(\(which def)
+3.197 F .697(aults to 0600\) as the per)-.1 F(-)-.2 E 1.958
+(missions of that \214le to pre)117 714.6 R -.15(ve)-.25 G 1.958
+(nt local denial of service attacks as e).15 F 1.958
+(xplained in the top le)-.15 F -.15(ve)-.25 G(l).15 E 0 Cg EP
%%Page: 13 9
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3133>195.86 E
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-13)195.86 E .4 LW 77 108 72 108 DL 79 108 74 108 DL 84 108 79
+108 DL 89 108 84 108 DL 94 108 89 108 DL 99 108 94 108 DL 104 108 99 108
+DL 109 108 104 108 DL 114 108 109 108 DL 119 108 114 108 DL 124 108 119
+108 DL 129 108 124 108 DL 134 108 129 108 DL 139 108 134 108 DL 144 108
+139 108 DL 149 108 144 108 DL 154 108 149 108 DL 159 108 154 108 DL 164
+108 159 108 DL 169 108 164 108 DL 174 108 169 108 DL 179 108 174 108 DL
+184 108 179 108 DL 189 108 184 108 DL 194 108 189 108 DL 199 108 194 108
+DL 204 108 199 108 DL 209 108 204 108 DL 214 108 209 108 DL 219 108 214
+108 DL 224 108 219 108 DL 229 108 224 108 DL 234 108 229 108 DL 239 108
+234 108 DL 244 108 239 108 DL 249 108 244 108 DL 254 108 249 108 DL 259
+108 254 108 DL 264 108 259 108 DL 269 108 264 108 DL 274 108 269 108 DL
+279 108 274 108 DL 284 108 279 108 DL 289 108 284 108 DL 294 108 289 108
+DL 299 108 294 108 DL 304 108 299 108 DL 309 108 304 108 DL 314 108 309
+108 DL 319 108 314 108 DL 324 108 319 108 DL 329 108 324 108 DL 334 108
+329 108 DL 339 108 334 108 DL 344 108 339 108 DL 349 108 344 108 DL 354
+108 349 108 DL 359 108 354 108 DL 364 108 359 108 DL 369 108 364 108 DL
+374 108 369 108 DL 379 108 374 108 DL 384 108 379 108 DL 389 108 384 108
+DL 394 108 389 108 DL 399 108 394 108 DL 404 108 399 108 DL 409 108 404
+108 DL 414 108 409 108 DL 419 108 414 108 DL 424 108 419 108 DL 429 108
+424 108 DL 434 108 429 108 DL 439 108 434 108 DL 444 108 439 108 DL 449
+108 444 108 DL 454 108 449 108 DL 459 108 454 108 DL 464 108 459 108 DL
+469 108 464 108 DL 474 108 469 108 DL 479 108 474 108 DL 484 108 479 108
+DL 489 108 484 108 DL 494 108 489 108 DL 499 108 494 108 DL 504 108 499
+108 DL/F1 10/Times-Roman@0 SF(#!/bin/sh)72 132 Q 2.5(#r)72 144 S(emo)
+-2.5 E .3 -.15(ve z)-.15 H(ero length qf/hf/Qf \214les).15 E(for qf)72
+156 Q(\214le in qf* hf* Qf*)-.25 E(do)72 168 Q(if [ \255r $qf)108 180 Q
+(\214le ])-.25 E(then)108 192 Q(if [ ! \255s $qf)144 204 Q(\214le ])-.25
+E(then)144 216 Q(echo \255n " <zero: $qf)180 228 Q(\214le>" > /de)-.25 E
+(v/console)-.25 E(rm \255f $qf)180 240 Q(\214le)-.25 E<8c>144 252 Q<8c>
+108 264 Q(done)72 276 Q 2.5(#r)72 288 S
+(ename tf \214les to be qf if the qf does not e)-2.5 E(xist)-.15 E
+(for tf)72 300 Q(\214le in tf*)-.25 E(do)72 312 Q(qf)108 324 Q
+(\214le=`echo $tf)-.25 E(\214le | sed ')-.25 E(s/t/q/'`)-.55 E
+(if [ \255r $tf)108 336 Q(\214le \255a ! \255f $qf)-.25 E(\214le ])-.25
+E(then)108 348 Q(echo \255n " <reco)144 360 Q -.15(ve)-.15 G(ring: $tf)
+.15 E(\214le>" > /de)-.25 E(v/console)-.25 E(mv $tf)144 372 Q
+(\214le $qf)-.25 E(\214le)-.25 E(else)108 384 Q(if [ \255f $tf)144 396 Q
+(\214le ])-.25 E(then)144 408 Q(echo \255n " <e)180 420 Q(xtra: $tf)-.15
+E(\214le>" > /de)-.25 E(v/console)-.25 E(rm \255f $tf)180 432 Q(\214le)
+-.25 E<8c>144 444 Q<8c>108 456 Q(done)72 468 Q 2.5(#r)72 480 S(emo)-2.5
+E .3 -.15(ve d)-.15 H 2.5<668c>.15 G
+(les with no corresponding qf/hf/Qf \214les)-2.5 E(for df)72 492 Q
+(\214le in df*)-.25 E(do)72 504 Q(qf)108 516 Q(\214le=`echo $df)-.25 E
+(\214le | sed ')-.25 E(s/d/q/'`)-.55 E(hf)108 528 Q(\214le=`echo $df)
+-.25 E(\214le | sed ')-.25 E(s/d/h/'`)-.55 E(Qf)108 540 Q
+(\214le=`echo $df)-.25 E(\214le | sed ')-.25 E(s/d/Q/'`)-.55 E
+(if [ \255r $df)108 552 Q(\214le \255a ! \255f $qf)-.25 E
+(\214le \255a ! \255f $hf)-.25 E(\214le \255a ! \255f $Qf)-.25 E
+(\214le ])-.25 E(then)108 564 Q(echo \255n " <incomplete: $df)144 576 Q
+(\214le>" > /de)-.25 E(v/console)-.25 E(mv $df)144 588 Q
+(\214le `echo $df)-.25 E(\214le | sed ')-.25 E(s/d/D/'`)-.55 E<8c>108
+600 Q(done)72 612 Q 2.5(#a)72 624 S(nnounce \214les that ha)-2.5 E .3
+-.15(ve b)-.2 H(een sa).15 E -.15(ve)-.2 G 2.5(dd).15 G
+(uring disaster reco)-2.5 E -.15(ve)-.15 G(ry).15 E(for xf)72 636 Q
+(\214le in [A-Z]f*)-.25 E(do)72 648 Q(if [ \255f $xf)108 660 Q(\214le ])
+-.25 E(then)108 672 Q(echo \255n " <panic: $xf)144 684 Q(\214le>" > /de)
+-.25 E(v/console)-.25 E<8c>108 696 Q(done)72 708 Q 0 Cg EP
+%%Page: 14 10
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-14 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(Figure 1 \212 A comple)214.47 96 Q 2.5(xs)-.15 G(tartup script)-2.5 E
.4 LW 77 108 72 108 DL 79 108 74 108 DL 84 108 79 108 DL 89 108 84 108
DL 94 108 89 108 DL 99 108 94 108 DL 104 108 99 108 DL 109 108 104 108
DL 114 108 109 108 DL 119 108 114 108 DL 124 108 119 108 DL 129 108 124
108 DL 134 108 129 108 DL 139 108 134 108 DL 144 108 139 108 DL 149 108
144 108 DL 154 108 149 108 DL 159 108 154 108 DL 164 108 159 108 DL 169
108 164 108 DL 174 108 169 108 DL 179 108 174 108 DL 184 108 179 108 DL
189 108 184 108 DL 194 108 189 108 DL 199 108 194 108 DL 204 108 199 108
DL 209 108 204 108 DL 214 108 209 108 DL 219 108 214 108 DL 224 108 219
108 DL 229 108 224 108 DL 234 108 229 108 DL 239 108 234 108 DL 244 108
239 108 DL 249 108 244 108 DL 254 108 249 108 DL 259 108 254 108 DL 264
108 259 108 DL 269 108 264 108 DL 274 108 269 108 DL 279 108 274 108 DL
284 108 279 108 DL 289 108 284 108 DL 294 108 289 108 DL 299 108 294 108
DL 304 108 299 108 DL 309 108 304 108 DL 314 108 309 108 DL 319 108 314
108 DL 324 108 319 108 DL 329 108 324 108 DL 334 108 329 108 DL 339 108
334 108 DL 344 108 339 108 DL 349 108 344 108 DL 354 108 349 108 DL 359
108 354 108 DL 364 108 359 108 DL 369 108 364 108 DL 374 108 369 108 DL
379 108 374 108 DL 384 108 379 108 DL 389 108 384 108 DL 394 108 389 108
DL 399 108 394 108 DL 404 108 399 108 DL 409 108 404 108 DL 414 108 409
108 DL 419 108 414 108 DL 424 108 419 108 DL 429 108 424 108 DL 434 108
429 108 DL 439 108 434 108 DL 444 108 439 108 DL 449 108 444 108 DL 454
108 449 108 DL 459 108 454 108 DL 464 108 459 108 DL 469 108 464 108 DL
474 108 469 108 DL 479 108 474 108 DL 484 108 479 108 DL 489 108 484 108
-DL 494 108 489 108 DL 499 108 494 108 DL 504 108 499 108 DL/F1 10
-/Times-Roman@0 SF<23212f62696e2f7368>72 132 Q 2.5<2372>72 144 S<656d6f>
--2.5 E .3 -.15<7665207a>-.15 H
-<65726f206c656e6774682071662f68662f5166208c6c6573>.15 E<666f72207166>72
-156 Q<8c6c6520696e2071662a2068662a2051662a>-.25 E<646f>72 168 Q
-<6966205b20ad7220247166>108 180 Q<8c6c65205d>-.25 E<7468656e>108 192 Q
-<6966205b202120ad7320247166>144 204 Q<8c6c65205d>-.25 E<7468656e>144 216
-Q<6563686f20ad6e2022203c7a65726f3a20247166>180 228 Q
-<8c6c653e22203e202f6465>-.25 E<762f636f6e736f6c65>-.25 E
-<726d20ad6620247166>180 240 Q<8c6c65>-.25 E<8c>144 252 Q<8c>108 264 Q
-<646f6e65>72 276 Q 2.5<2372>72 288 S<656e616d65207466208c6c657320746f20
-62652071662069662074686520716620646f6573206e6f742065>-2.5 E<78697374>
--.15 E<666f72207466>72 300 Q<8c6c6520696e2074662a>-.25 E<646f>72 312 Q
-<7166>108 324 Q<8c6c653d606563686f20247466>-.25 E
-<8c6c65207c207365642027>-.25 E<732f742f712f2760>-.55 E
-<6966205b20ad7220247466>108 336 Q<8c6c6520ad61202120ad6620247166>-.25 E
-<8c6c65205d>-.25 E<7468656e>108 348 Q<6563686f20ad6e2022203c7265636f>144
-360 Q -.15<7665>-.15 G<72696e673a20247466>.15 E<8c6c653e22203e202f6465>
--.25 E<762f636f6e736f6c65>-.25 E<6d7620247466>144 372 Q<8c6c6520247166>
--.25 E<8c6c65>-.25 E<656c7365>108 384 Q<6966205b20ad6620247466>144 396 Q
-<8c6c65205d>-.25 E<7468656e>144 408 Q<6563686f20ad6e2022203c65>180 420 Q
-<787472613a20247466>-.15 E<8c6c653e22203e202f6465>-.25 E
-<762f636f6e736f6c65>-.25 E<726d20ad6620247466>180 432 Q<8c6c65>-.25 E
-<8c>144 444 Q<8c>108 456 Q<646f6e65>72 468 Q 2.5<2372>72 480 S<656d6f>
--2.5 E .3 -.15<76652064>-.15 H 2.5<668c>.15 G<6c65732077697468206e6f2063
-6f72726573706f6e64696e672071662f68662f5166208c6c6573>-2.5 E
-<666f72206466>72 492 Q<8c6c6520696e2064662a>-.25 E<646f>72 504 Q<7166>
-108 516 Q<8c6c653d606563686f20246466>-.25 E<8c6c65207c207365642027>-.25
-E<732f642f712f2760>-.55 E<6866>108 528 Q<8c6c653d606563686f20246466>-.25
-E<8c6c65207c207365642027>-.25 E<732f642f682f2760>-.55 E<5166>108 540 Q
-<8c6c653d606563686f20246466>-.25 E<8c6c65207c207365642027>-.25 E
-<732f642f512f2760>-.55 E<6966205b20ad7220246466>108 552 Q
-<8c6c6520ad61202120ad6620247166>-.25 E<8c6c6520ad61202120ad6620246866>
--.25 E<8c6c6520ad61202120ad6620245166>-.25 E<8c6c65205d>-.25 E<7468656e>
-108 564 Q<6563686f20ad6e2022203c696e636f6d706c6574653a20246466>144 576 Q
-<8c6c653e22203e202f6465>-.25 E<762f636f6e736f6c65>-.25 E<6d7620246466>
-144 588 Q<8c6c6520606563686f20246466>-.25 E<8c6c65207c207365642027>-.25
-E<732f642f442f2760>-.55 E<8c>108 600 Q<646f6e65>72 612 Q 2.5<2361>72 624
-S<6e6e6f756e6365208c6c65732074686174206861>-2.5 E .3 -.15<76652062>-.2 H
-<65656e207361>.15 E -.15<7665>-.2 G 2.5<6464>.15 G
-<7572696e67206469736173746572207265636f>-2.5 E -.15<7665>-.15 G<7279>.15
-E<666f72207866>72 636 Q<8c6c6520696e205b412d5a5d662a>-.25 E<646f>72 648
-Q<6966205b20ad6620247866>108 660 Q<8c6c65205d>-.25 E<7468656e>108 672 Q
-<6563686f20ad6e2022203c70616e69633a20247866>144 684 Q
-<8c6c653e22203e202f6465>-.25 E<762f636f6e736f6c65>-.25 E<8c>108 696 Q
-<646f6e65>72 708 Q 0 Cg EP
-%%Page: 14 10
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d31342053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<4669677572652031208a204120636f6d706c65>214.47 96
-Q 2.5<7873>-.15 G<74617274757020736372697074>-2.5 E .4 LW 77 108 72 108
-DL 79 108 74 108 DL 84 108 79 108 DL 89 108 84 108 DL 94 108 89 108 DL
-99 108 94 108 DL 104 108 99 108 DL 109 108 104 108 DL 114 108 109 108 DL
-119 108 114 108 DL 124 108 119 108 DL 129 108 124 108 DL 134 108 129 108
-DL 139 108 134 108 DL 144 108 139 108 DL 149 108 144 108 DL 154 108 149
-108 DL 159 108 154 108 DL 164 108 159 108 DL 169 108 164 108 DL 174 108
-169 108 DL 179 108 174 108 DL 184 108 179 108 DL 189 108 184 108 DL 194
-108 189 108 DL 199 108 194 108 DL 204 108 199 108 DL 209 108 204 108 DL
-214 108 209 108 DL 219 108 214 108 DL 224 108 219 108 DL 229 108 224 108
-DL 234 108 229 108 DL 239 108 234 108 DL 244 108 239 108 DL 249 108 244
-108 DL 254 108 249 108 DL 259 108 254 108 DL 264 108 259 108 DL 269 108
-264 108 DL 274 108 269 108 DL 279 108 274 108 DL 284 108 279 108 DL 289
-108 284 108 DL 294 108 289 108 DL 299 108 294 108 DL 304 108 299 108 DL
-309 108 304 108 DL 314 108 309 108 DL 319 108 314 108 DL 324 108 319 108
-DL 329 108 324 108 DL 334 108 329 108 DL 339 108 334 108 DL 344 108 339
-108 DL 349 108 344 108 DL 354 108 349 108 DL 359 108 354 108 DL 364 108
-359 108 DL 369 108 364 108 DL 374 108 369 108 DL 379 108 374 108 DL 384
-108 379 108 DL 389 108 384 108 DL 394 108 389 108 DL 399 108 394 108 DL
-404 108 399 108 DL 409 108 404 108 DL 414 108 409 108 DL 419 108 414 108
-DL 424 108 419 108 DL 429 108 424 108 DL 434 108 429 108 DL 439 108 434
-108 DL 444 108 439 108 DL 449 108 444 108 DL 454 108 449 108 DL 459 108
-454 108 DL 464 108 459 108 DL 469 108 464 108 DL 474 108 469 108 DL 479
-108 474 108 DL 484 108 479 108 DL 489 108 484 108 DL 494 108 489 108 DL
-499 108 494 108 DL 504 108 499 108 DL -.1<776f>117 144 S<726b3a>.1 E 2.5
-<2373>157 160.2 S<746f7020262073746172742073656e646d61696c>-2.5 E
-<50494446494c453d2f76>157 172.2 Q
-<61722f72756e2f73656e646d61696c2e706964>-.25 E
-<6b696c6c206068656164202d31202450494446494c4560>157 184.2 Q
-<607461696c202d31202450494446494c4560>157 196.2 Q .218<6265636175736520
-697420617373756d6573207468617420746865207069648c6c652077696c6c207374696c
-6c2065>117 212.4 R .218<786973742065>-.15 F -.15<7665>-.25 G 2.718<6e61>
-.15 G .217<66746572206b696c6c696e67207468652070726f6365737320746f207768
-696368206974207265666572732e>-2.718 F<42656c6f>117 224.4 Q 2.5<7769>-.25
-G 2.5<736173>-2.5 G<63726970742077686963682077696c6c2077>-2.5 E
-<6f726b20636f72726563746c79206f6e20626f7468206e65>-.1 E
-<77657220616e64206f6c6465722076>-.25 E<657273696f6e733a>-.15 E 2.5<2373>
-157 240.6 S<746f7020262073746172742073656e646d61696c>-2.5 E
-<50494446494c453d2f76>157 252.6 Q
-<61722f72756e2f73656e646d61696c2e706964>-.25 E
-<7069643d6068656164202d31202450494446494c4560>157 264.6 Q
-<636d643d607461696c202d31202450494446494c4560>157 276.6 Q
-<6b696c6c2024706964>157 288.6 Q<24636d64>157 300.6 Q 1.31
-<54686973206973206a75737420616e2065>117 316.8 R 1.311<78616d706c65207363
-726970742c20697420646f6573206e6f7420706572666f726d20616e>-.15 F 3.811
-<7965>-.15 G 1.311<72726f7220636865636b732c20652e672e2c2077686574686572
-20746865207069648c6c65>-3.811 F -.15<6578>117 328.8 S
-<6973747320617420616c6c2e>.15 E F0 2.5<312e332e31362e204d6170>102 352.8
-R<46696c6573>2.5 E F1 2.466 -.8<546f2070>142 369 T<7265>.8 E -.15<7665>
--.25 G .866<6e74206c6f63616c2064656e69616c206f66207365727669636520617474
-61636b732061732065>.15 F .865
-<78706c61696e656420696e2074686520746f70206c65>-.15 F -.15<7665>-.25 G
-<6c>.15 E F0<524541444d45>3.365 E F1 .865<696e20746865>3.365 F 1.076
-<73656e646d61696c2064697374726962>117 381 R 1.077<7574696f6e2c2074686520
-7065726d697373696f6e73206f66206d6170208c6c65732063726561746564206279>-.2
-F/F2 10/Times-Italic@0 SF<6d616b>3.577 E<656d6170>-.1 E F1 1.077
-<73686f756c6420626520303634302e>3.577 F<546865>6.077 E .56<757365206f66
-203036343020696d706c6965732074686174206f6e6c7920747275737465642075736572
-732062656c6f6e6720746f207468652067726f75702061737369676e656420746f207468
-6f7365208c6c65732e>117 393 R .56<49662074686f7365>5.56 F
-<8c6c657320616c72656164792065>117 405 Q<786973742c207468656e206974206d69
-676874206265206e656365737361727920746f206368616e676520746865207065726d69
-7373696f6e73206163636f7264696e676c79>-.15 E 2.5<2c65>-.65 G<2e672e2c>
--2.5 E<6364202f6574632f6d61696c>157 421.2 Q
-<63686d6f642030363430202a2e6462202a2e706167202a2e646972>157 433.2 Q F0
-2.5<322e204e4f524d414c>72 461.4 R<4f50455241>2.5 E<54494f4e53>-.95 E 2.5
-<322e312e20546865>87 485.4 R<53797374656d204c6f67>2.5 E F1 1.511
-<5468652073797374656d206c6f6720697320737570706f7274656420627920746865>
-127 501.6 R F2<7379736c6f>4.011 E<6764>-.1 E F1 1.511
-<2838292070726f6772616d2e>1.666 F 1.511
-<416c6c206d657373616765732066726f6d>6.511 F F2<73656e646d61696c>4.011 E
-F1<617265>4.012 E<6c6f6767656420756e64657220746865>102 515.6 Q/F3 9
-/Times-Roman@0 SF<4c4f475f4d41494c>2.5 E F1 -.1<6661>2.5 G<63696c697479>
-.1 E/F4 7/Times-Roman@0 SF<35>-4 I F1<2e>4 I F0 2.5<322e312e312e2046>102
-539.6 R<6f726d6174>-.25 E F1 .574<45616368206c696e6520696e20746865207379
-7374656d206c6f6720636f6e7369737473206f6620612074696d657374616d702c207468
-65206e616d65206f6620746865206d616368696e6520746861742067656e6572>142
-555.8 R<2d>-.2 E .848
-<617465642069742028666f72206c6f6767696e672066726f6d207365>117 567.8 R
--.15<7665>-.25 G .848<72616c206d616368696e6573206f>.15 F -.15<7665>-.15
-G 3.349<7274>.15 G .849<6865206c6f63616c2061726561206e657477>-3.349 F
-.849<6f726b292c207468652077>-.1 F .849<6f7264209973656e646d61696c3a9a2c>
--.1 F<616e642061206d657373616765>117 581.8 Q F4<36>-4 I F1 5<2e4d>4 K
-<6f7374206d657373616765732061726520612073657175656e6365206f66>-5 E F2
-<6e616d65>2.5 E F1<3d>A F2<76616c7565>A F1<70616972732e>2.5 E .68
-<546865207477>142 598 R 3.18<6f6d>-.1 G .68<6f737420636f6d6d6f6e206c696e
-657320617265206c6f67676564207768656e2061206d6573736167652069732070726f63
-65737365642e>-3.18 F .68<546865208c727374206c6f677320746865>5.68 F .376<
-72656365697074206f662061206d6573736167653b2074686572652077696c6c20626520
-65>117 610 R .376
-<786163746c79206f6e65206f6620746865736520706572206d6573736167652e>-.15 F
-.376<536f6d65208c656c6473206d6179206265206f6d69742d>5.376 F
-<74656420696620746865>117 622 Q 2.5<7964>-.15 G 2.5<6f6e>-2.5 G
-<6f7420636f6e7461696e20696e746572657374696e6720696e666f726d6174696f6e2e>
--2.5 E<4669656c6473206172653a>5 E 50.06<66726f6d20546865>117 638.2 R
-<656e>2.5 E -.15<7665>-.4 G<6c6f70652073656e64657220616464726573732e>.15
-E 53.95<73697a6520546865>117 654.4 R
-<73697a65206f6620746865206d65737361676520696e2062797465732e>2.5 E .32 LW
-76 665.2 72 665.2 DL 80 665.2 76 665.2 DL 84 665.2 80 665.2 DL 88 665.2
-84 665.2 DL 92 665.2 88 665.2 DL 96 665.2 92 665.2 DL 100 665.2 96 665.2
-DL 104 665.2 100 665.2 DL 108 665.2 104 665.2 DL 112 665.2 108 665.2 DL
-116 665.2 112 665.2 DL 120 665.2 116 665.2 DL 124 665.2 120 665.2 DL 128
-665.2 124 665.2 DL 132 665.2 128 665.2 DL 136 665.2 132 665.2 DL 140
-665.2 136 665.2 DL 144 665.2 140 665.2 DL 148 665.2 144 665.2 DL 152
-665.2 148 665.2 DL 156 665.2 152 665.2 DL 160 665.2 156 665.2 DL 164
-665.2 160 665.2 DL 168 665.2 164 665.2 DL 172 665.2 168 665.2 DL 176
-665.2 172 665.2 DL 180 665.2 176 665.2 DL 184 665.2 180 665.2 DL 188
-665.2 184 665.2 DL 192 665.2 188 665.2 DL 196 665.2 192 665.2 DL 200
-665.2 196 665.2 DL 204 665.2 200 665.2 DL 208 665.2 204 665.2 DL 212
-665.2 208 665.2 DL 216 665.2 212 665.2 DL/F5 5/Times-Roman@0 SF<35>93.6
-675.6 Q/F6 8/Times-Roman@0 SF<457863657074206f6e20556c747269782c20776869
-636820646f6573206e6f7420737570706f72742066>3.2 I
-<6163696c697469657320696e20746865207379736c6f672e>-.08 E F5<36>93.6
-689.2 Q F6<5468697320666f726d6174206d61792076>3.2 I
-<61727920736c696768746c7920696620796f75722076>-.2 E
-<656e646f7220686173206368616e676564207468652073796e7461782e>-.12 E 0 Cg
-EP
+DL 494 108 489 108 DL 499 108 494 108 DL 504 108 499 108 DL F0(README)
+117 144 Q F1 .64(in the sendmail distrib)3.14 F 3.14(ution. If)-.2 F .64
+(the \214le already e)3.14 F .64(xists, then it might be necessary to)
+-.15 F(change the permissions accordingly)117 156 Q 2.5(,e)-.65 G(.g.,)
+-2.5 E(chmod 0600 /v)157 172.2 Q(ar/run/sendmail.pid)-.25 E 1.955
+(Note that as of v)117 188.4 R 1.956(ersion 8.13, this \214le is unlink)
+-.15 F 1.956(ed when)-.1 F/F2 10/Times-Italic@0 SF(sendmail)4.456 E F1
+-.15(ex)4.456 G 4.456(its. As).15 F 4.456(ar)4.456 G 1.956
+(esult of this)-4.456 F 1.325(change, a script such as the follo)117
+200.4 R 1.324(wing, which may ha)-.25 F 1.624 -.15(ve w)-.2 H(ork).05 E
+1.324(ed prior to 8.13, will no longer)-.1 F -.1(wo)117 212.4 S(rk:).1 E
+2.5(#s)157 228.6 S(top & start sendmail)-2.5 E(PIDFILE=/v)157 240.6 Q
+(ar/run/sendmail.pid)-.25 E(kill `head -1 $PIDFILE`)157 252.6 Q
+(`tail -1 $PIDFILE`)157 264.6 Q .217
+(because it assumes that the pid\214le will still e)117 280.8 R .218
+(xist e)-.15 F -.15(ve)-.25 G 2.718(na).15 G .218
+(fter killing the process to which it refers.)-2.718 F(Belo)117 292.8 Q
+2.5(wi)-.25 G 2.5(sas)-2.5 G(cript which will w)-2.5 E
+(ork correctly on both ne)-.1 E(wer and older v)-.25 E(ersions:)-.15 E
+2.5(#s)157 309 S(top & start sendmail)-2.5 E(PIDFILE=/v)157 321 Q
+(ar/run/sendmail.pid)-.25 E(pid=`head -1 $PIDFILE`)157 333 Q
+(cmd=`tail -1 $PIDFILE`)157 345 Q(kill $pid)157 357 Q($cmd)157 369 Q
+1.311(This is just an e)117 385.2 R 1.311
+(xample script, it does not perform an)-.15 F 3.81(ye)-.15 G 1.31
+(rror checks, e.g., whether the pid\214le)-3.81 F -.15(ex)117 397.2 S
+(ists at all.).15 E F0 2.5(1.3.16. Map)102 421.2 R(Files)2.5 E F1 2.465
+-.8(To p)142 437.4 T(re).8 E -.15(ve)-.25 G .865
+(nt local denial of service attacks as e).15 F .865
+(xplained in the top le)-.15 F -.15(ve)-.25 G(l).15 E F0(README)3.366 E
+F1 .866(in the)3.366 F 1.077(sendmail distrib)117 449.4 R 1.077
+(ution, the permissions of map \214les created by)-.2 F F2(mak)3.577 E
+(emap)-.1 E F1 1.077(should be 0640.)3.577 F(The)6.076 E .56(use of 064\
+0 implies that only trusted users belong to the group assigned to those\
+ \214les.)117 461.4 R .56(If those)5.56 F(\214les already e)117 473.4 Q
+(xist, then it might be necessary to change the permissions accordingly)
+-.15 E 2.5(,e)-.65 G(.g.,)-2.5 E(cd /etc/mail)157 489.6 Q
+(chmod 0640 *.db *.pag *.dir)157 501.6 Q F0 2.5(2. NORMAL)72 529.8 R
+(OPERA)2.5 E(TIONS)-.95 E 2.5(2.1. The)87 553.8 R(System Log)2.5 E F1
+1.511(The system log is supported by the)127 570 R F2(syslo)4.011 E(gd)
+-.1 E F1 1.511(\(8\) program.)1.666 F 1.511(All messages from)6.511 F F2
+(sendmail)4.011 E F1(are)4.011 E(logged under the)102 584 Q/F3 9
+/Times-Roman@0 SF(LOG_MAIL)2.5 E F1 -.1(fa)2.5 G(cility).1 E/F4 7
+/Times-Roman@0 SF(5)-4 I F1(.)4 I F0 2.5(2.1.1. F)102 608 R(ormat)-.25 E
+F1 .574(Each line in the system log consists of a timestamp, the name o\
+f the machine that gener)142 624.2 R(-)-.2 E .849
+(ated it \(for logging from se)117 636.2 R -.15(ve)-.25 G .849
+(ral machines o).15 F -.15(ve)-.15 G 3.349(rt).15 G .848
+(he local area netw)-3.349 F .848(ork\), the w)-.1 F .848
+(ord \231sendmail:\232,)-.1 F(and a message)117 650.2 Q F4(6)-4 I F1 5
+(.M)4 K(ost messages are a sequence of)-5 E F2(name)2.5 E F1(=)A F2
+(value)A F1(pairs.)2.5 E .32 LW 76 665.2 72 665.2 DL 80 665.2 76 665.2
+DL 84 665.2 80 665.2 DL 88 665.2 84 665.2 DL 92 665.2 88 665.2 DL 96
+665.2 92 665.2 DL 100 665.2 96 665.2 DL 104 665.2 100 665.2 DL 108 665.2
+104 665.2 DL 112 665.2 108 665.2 DL 116 665.2 112 665.2 DL 120 665.2 116
+665.2 DL 124 665.2 120 665.2 DL 128 665.2 124 665.2 DL 132 665.2 128
+665.2 DL 136 665.2 132 665.2 DL 140 665.2 136 665.2 DL 144 665.2 140
+665.2 DL 148 665.2 144 665.2 DL 152 665.2 148 665.2 DL 156 665.2 152
+665.2 DL 160 665.2 156 665.2 DL 164 665.2 160 665.2 DL 168 665.2 164
+665.2 DL 172 665.2 168 665.2 DL 176 665.2 172 665.2 DL 180 665.2 176
+665.2 DL 184 665.2 180 665.2 DL 188 665.2 184 665.2 DL 192 665.2 188
+665.2 DL 196 665.2 192 665.2 DL 200 665.2 196 665.2 DL 204 665.2 200
+665.2 DL 208 665.2 204 665.2 DL 212 665.2 208 665.2 DL 216 665.2 212
+665.2 DL/F5 5/Times-Roman@0 SF(5)93.6 675.6 Q/F6 8/Times-Roman@0 SF
+(Except on Ultrix, which does not support f)3.2 I
+(acilities in the syslog.)-.08 E F5(6)93.6 689.2 Q F6(This format may v)
+3.2 I(ary slightly if your v)-.2 E(endor has changed the syntax.)-.12 E
+0 Cg EP
%%Page: 15 11
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3135>195.86 E
-/F1 10/Times-Roman@0 SF 50.06<636c61737320546865>117 96 R<636c6173732028
-692e652e2c206e756d6572696320707265636564656e636529206f6620746865206d6573
-736167652e>2.5 E 58.39<70726920546865>117 112.2 R<696e697469616c206d6573
-73616765207072696f7269747920287573656420666f7220717565756520736f7274696e
-67292e>2.5 E 45.06<6e726370747320546865>117 128.4 R 1.515
-<6e756d626572206f6620656e>4.015 F -.15<7665>-.4 G 1.514<6c6f706520726563
-697069656e747320666f722074686973206d6573736167652028616674657220616c6961
-73696e6720616e6420666f72>.15 F<2d>-.2 E -.1<7761>189 140.4 S
-<7264696e67292e>.1 E 45.05<6d7367696420546865>117 156.6 R<6d657373616765
-206964206f6620746865206d657373616765202866726f6d207468652068656164657229
-2e>2.5 E 32.28<626f64797479706520546865>117 172.8 R 3.144<6d657373616765
-20626f64792074797065202837424954206f7220384249544d494d45292c206173206465
-7465726d696e65642066726f6d20746865>5.644 F<656e>189 184.8 Q -.15<7665>
--.4 G<6c6f70652e>.15 E 48.39<70726f746f20546865>117 201 R
-<70726f746f636f6c207573656420746f207265636569>2.5 E .3 -.15<76652074>
--.25 H
-<686973206d6573736167652028652e672e2c2045534d5450206f72205555435029>.15
-E 37.84<6461656d6f6e20546865>117 217.2 R
-<6461656d6f6e206e616d652066726f6d20746865>2.5 E F0<4461656d6f6e50>2.5 E
-<6f72744f7074696f6e73>-.2 E F1<73657474696e672e>2.5 E 49.51
-<72656c617920546865>117 233.4 R
-<6d616368696e652066726f6d2077686963682069742077>2.5 E<6173207265636569>
--.1 E -.15<7665>-.25 G<642e>.15 E .43<546865726520697320616c736f206f6e65
-206c696e65206c6f67676564207065722064656c69>117 249.6 R -.15<7665>-.25 G
-.43<727920617474656d70742028736f2074686572652063616e206265207365>.15 F
--.15<7665>-.25 G .43<72616c20706572206d6573736167652069662064656c69>.15
-F<762d>-.25 E<657279206973206465666572726564206f722074686572652061726520
-6d756c7469706c6520726563697069656e7473292e>117 261.6 Q
-<4669656c6473206172653a>5 E 61.72<746f2041>117 277.8 R<636f6d6d612d7365
-70617261746564206c697374206f662074686520726563697069656e747320746f207468
-6973206d61696c6572>2.5 E<2e>-.55 E 41.73<63746c6164647220546865>117 294
-R -.74<6060>2.726 G .226<636f6e74726f6c6c696e67207573657227>.74 F .226<
-272c20746861742069732c20746865206e616d65206f662074686520757365722077686f
-73652063726564656e7469616c7320776520757365>-.74 F<666f722064656c69>189
-306 Q -.15<7665>-.25 G<7279>.15 E<2e>-.65 E 47.84<64656c617920546865>117
-322.2 R 1.205<746f74616c2064656c6179206265747765656e207468652074696d6520
-74686973206d6573736167652077>3.705 F 1.205<6173207265636569>-.1 F -.15
-<7665>-.25 G 3.705<6461>.15 G 1.205<6e64207468652063757272656e74>-3.705
-F<64656c69>189 334.2 Q -.15<7665>-.25 G<727920617474656d70742e>.15 E
-42.84<7864656c617920546865>117 350.4 R .116
-<616d6f756e74206f662074696d65206e656564656420696e20746869732064656c69>
-2.615 F -.15<7665>-.25 G .116
-<727920617474656d707420286e6f726d616c6c7920696e646963617469>.15 F .416
--.15<7665206f>-.25 H 2.616<6674>.15 G<6865>-2.616 E
-<7370656564206f662074686520636f6e6e656374696f6e292e>189 362.4 Q 43.95
-<6d61696c657220546865>117 378.6 R
-<6e616d65206f6620746865206d61696c6572207573656420746f2064656c69>2.5 E
--.15<7665>-.25 G 2.5<7274>.15 G 2.5<6f74>-2.5 G
-<68697320726563697069656e742e>-2.5 E 49.51<72656c617920546865>117 394.8
-R<6e616d65206f662074686520686f737420746861742061637475616c6c792061636365
-7074656420286f722072656a656374656429207468697320726563697069656e742e>2.5
-E 55.61<64736e20546865>117 411 R
-<656e68616e636564206572726f7220636f646520285246432032303334292069662061>
-2.5 E -.25<7661>-.2 G<696c61626c652e>.25 E 55.61<7374617420546865>117
-427.2 R<64656c69>2.5 E -.15<7665>-.25 G<7279207374617475732e>.15 E 1.012
-<4e6f7420616c6c208c656c6473206172652070726573656e7420696e20616c6c206d65
-7373616765733b20666f722065>117 443.4 R 1.012<78616d706c652c207468652072
-656c617920697320757375616c6c79206e6f74206c697374656420666f72206c6f63616c>
--.15 F<64656c69>117 455.4 Q -.15<7665>-.25 G<726965732e>.15 E F0 2.5
-<322e312e322e204c65>102 479.4 R -.1<7665>-.15 G<6c73>.1 E F1 .204
-<496620796f75206861>142 495.6 R -.15<7665>-.2 G/F2 10/Times-Italic@0 SF
-<7379736c6f>2.854 E<6764>-.1 E F1 .204<283829206f7220616e2065717569>
-1.666 F -.25<7661>-.25 G .205<6c656e7420696e7374616c6c65642c20796f752077
-696c6c2062652061626c6520746f20646f206c6f6767696e672e>.25 F .205
-<5468657265206973>5.205 F 2.788<616c>117 507.6 S<6172>-2.788 E .287<6765
-20616d6f756e74206f6620696e666f726d6174696f6e20746861742063616e206265206c
-6f676765642e>-.18 F .287<546865206c6f6720697320617272616e67656420617320
-612073756363657373696f6e206f66206c65>5.287 F -.15<7665>-.25 G<6c732e>.15
-E .65<417420746865206c6f>117 519.6 R .65<77657374206c65>-.25 F -.15
-<7665>-.25 G 3.15<6c6f>.15 G .65<6e6c792065>-3.15 F .651<787472656d656c
-7920737472616e676520736974756174696f6e7320617265206c6f676765642e>-.15 F
-.651<4174207468652068696768657374206c65>5.651 F -.15<7665>-.25 G .651
-<6c2c2065>.15 F -.15<7665>-.25 G 3.151<6e74>.15 G<6865>-3.151 E .826
-<6d6f7374206d756e64616e6520616e6420756e696e746572657374696e672065>117
-531.6 R -.15<7665>-.25 G .825
-<6e747320617265207265636f7264656420666f7220706f73746572697479>.15 F
-5.825<2e41>-.65 G 3.325<736163>-5.825 G<6f6e>-3.325 E -.15<7665>-.4 G
-.825<6e74696f6e2c206c6f67206c65>.15 F -.15<7665>-.25 G<6c73>.15 E .2<75
-6e6465722074656e2061726520636f6e736964657265642067656e6572616c6c79209975
-736566756c3b9a206c6f67206c65>117 543.6 R -.15<7665>-.25 G .201
-<6c732061626f>.15 F .501 -.15<76652036>-.15 H 2.701<3461>.15 G .201
-<726520726573657276>-2.701 F .201<656420666f7220646562>-.15 F .201
-<756767696e6720707572>-.2 F<2d>-.2 E 2.5<706f7365732e204c65>117 555.6 R
--.15<7665>-.25 G<6c732066726f6d203131ad36342061726520726573657276>.15 E
-<656420666f722076>-.15 E<6572626f736520696e666f726d6174696f6e2074686174
-20736f6d65207369746573206d696768742077>-.15 E<616e742e>-.1 E 2.5<4163>
-142 571.8 S
-<6f6d706c657465206465736372697074696f6e206f6620746865206c6f67206c65>-2.5
-E -.15<7665>-.25 G<6c73206973206769>.15 E -.15<7665>-.25 G 2.5<6e69>.15
-G 2.5<6e73>-2.5 G<656374696f6e2060>-2.5 E<604c6f67204c65>-.74 E -.15
-<7665>-.25 G<6c27>.15 E<272e>-.74 E F0 2.5<322e322e2044756d70696e67>87
-595.8 R<5374617465>2.5 E F1 -1.1<596f>127 612 S 2.564<7563>1.1 G .064
-<616e2061736b>-2.564 F F2<73656e646d61696c>2.564 E F1 .064<746f206c6f67
-20612064756d70206f6620746865206f70656e208c6c657320616e642074686520636f6e
-6e656374696f6e2063616368652062792073656e64696e672069742061>2.564 F/F3 9
-/Times-Roman@0 SF<53494755535231>102 624 Q F1 2.5
-<7369676e616c2e20546865>2.5 F
-<726573756c747320617265206c6f67676564206174>2.5 E F3<4c4f475f444542>2.5
-E<5547>-.09 E F1<7072696f72697479>2.5 E<2e>-.65 E F0 2.5
-<322e332e20546865>87 648 R<4d61696c20517565756573>2.5 E F1 .648
-<4d61696c206d65737361676573206d6179206569746865722062652064656c69>127
-664.2 R -.15<7665>-.25 G .649<72656420696d6d6564696174656c79206f72206265
-2068656c6420666f72206c617465722064656c69>.15 F -.15<7665>-.25 G<7279>.15
-E 5.649<2e48>-.65 G .649<656c64206d65732d>-5.649 F<73616765732061726520
-706c6163656420696e746f206120686f6c64696e67206469726563746f72792063616c6c
-65642061206d61696c2071756575652e>102 676.2 Q 2.5<416d>127 692.4 S<61696c
-206d657373616765206d61792062652071756575656420666f7220746865736520726561
-736f6e733a>-2.5 E 5<8349>107 708.6 S 2.547<66616d>-5 G .047
-<61696c206d6573736167652069732074656d706f726172696c7920756e64656c69>
--2.547 F -.15<7665>-.25 G .047
-<7261626c652c2069742069732071756575656420616e642064656c69>.15 F -.15
-<7665>-.25 G .047<727920697320617474656d70746564206c61746572>.15 F 5.046
-<2e49>-.55 G 2.546<6674>-5.046 G<6865>-2.546 E 1.979<6d6573736167652069
-732061646472657373656420746f206d756c7469706c6520726563697069656e74732c20
-697420697320717565756564206f6e6c7920666f722074686f736520726563697069656e
-747320746f2077686f6d>115.5 720.6 R 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-15)195.86 E/F1 10/Times-Roman@0 SF .68(The tw)142 96 R 3.18(om)
+-.1 G .68(ost common lines are logged when a message is processed.)-3.18
+F .68(The \214rst logs the)5.68 F .376
+(receipt of a message; there will be e)117 108 R .376
+(xactly one of these per message.)-.15 F .376
+(Some \214elds may be omit-)5.376 F(ted if the)117 120 Q 2.5(yd)-.15 G
+2.5(on)-2.5 G(ot contain interesting information.)-2.5 E(Fields are:)5 E
+50.06(from The)117 136.2 R(en)2.5 E -.15(ve)-.4 G(lope sender address.)
+.15 E 53.95(size The)117 152.4 R(size of the message in bytes.)2.5 E
+50.06(class The)117 168.6 R
+(class \(i.e., numeric precedence\) of the message.)2.5 E 58.39(pri The)
+117 184.8 R(initial message priority \(used for queue sorting\).)2.5 E
+45.06(nrcpts The)117 201 R 1.514(number of en)4.014 F -.15(ve)-.4 G
+1.515(lope recipients for this message \(after aliasing and for).15 F(-)
+-.2 E -.1(wa)189 213 S(rding\).).1 E 45.05(msgid The)117 229.2 R
+(message id of the message \(from the header\).)2.5 E 32.28
+(bodytype The)117 245.4 R 3.144
+(message body type \(7BIT or 8BITMIME\), as determined from the)5.644 F
+(en)189 257.4 Q -.15(ve)-.4 G(lope.).15 E 48.39(proto The)117 273.6 R
+(protocol used to recei)2.5 E .3 -.15(ve t)-.25 H
+(his message \(e.g., ESMTP or UUCP\)).15 E 37.84(daemon The)117 289.8 R
+(daemon name from the)2.5 E F0(DaemonP)2.5 E(ortOptions)-.2 E F1
+(setting.)2.5 E 49.51(relay The)117 306 R(machine from which it w)2.5 E
+(as recei)-.1 E -.15(ve)-.25 G(d.).15 E .43
+(There is also one line logged per deli)117 322.2 R -.15(ve)-.25 G .43
+(ry attempt \(so there can be se).15 F -.15(ve)-.25 G .43
+(ral per message if deli).15 F(v-)-.25 E
+(ery is deferred or there are multiple recipients\).)117 334.2 Q
+(Fields are:)5 E 61.72(to A)117 350.4 R
+(comma-separated list of the recipients to this mailer)2.5 E(.)-.55 E
+41.73(ctladdr The)117 366.6 R -.74(``)2.727 G .227(controlling user').74
+F .226(', that is, the name of the user whose credentials we use)-.74 F
+(for deli)189 378.6 Q -.15(ve)-.25 G(ry).15 E(.)-.65 E 47.84(delay The)
+117 394.8 R 1.205(total delay between the time this message w)3.705 F
+1.205(as recei)-.1 F -.15(ve)-.25 G 3.705(da).15 G 1.205(nd the current)
+-3.705 F(deli)189 406.8 Q -.15(ve)-.25 G(ry attempt.).15 E 42.84
+(xdelay The)117 423 R .116(amount of time needed in this deli)2.616 F
+-.15(ve)-.25 G .116(ry attempt \(normally indicati).15 F .415 -.15(ve o)
+-.25 H 2.615(ft).15 G(he)-2.615 E(speed of the connection\).)189 435 Q
+43.95(mailer The)117 451.2 R(name of the mailer used to deli)2.5 E -.15
+(ve)-.25 G 2.5(rt).15 G 2.5(ot)-2.5 G(his recipient.)-2.5 E 49.51
+(relay The)117 467.4 R(name of the host that actually accepted \(or rej\
+ected\) this recipient.)2.5 E 55.61(dsn The)117 483.6 R
+(enhanced error code \(RFC 2034\) if a)2.5 E -.25(va)-.2 G(ilable.).25 E
+55.61(stat The)117 499.8 R(deli)2.5 E -.15(ve)-.25 G(ry status.).15 E
+1.012(Not all \214elds are present in all messages; for e)117 516 R
+1.012(xample, the relay is usually not listed for local)-.15 F(deli)117
+528 Q -.15(ve)-.25 G(ries.).15 E F0 2.5(2.1.2. Le)102 552 R -.1(ve)-.15
+G(ls).1 E F1 .205(If you ha)142 568.2 R -.15(ve)-.2 G/F2 10
+/Times-Italic@0 SF(syslo)2.855 E(gd)-.1 E F1 .205(\(8\) or an equi)1.666
+F -.25(va)-.25 G .205(lent installed, you will be able to do logging.)
+.25 F .204(There is)5.204 F 2.787(al)117 580.2 S(ar)-2.787 E .287
+(ge amount of information that can be logged.)-.18 F .287
+(The log is arranged as a succession of le)5.287 F -.15(ve)-.25 G(ls.)
+.15 E .651(At the lo)117 592.2 R .651(west le)-.25 F -.15(ve)-.25 G
+3.151(lo).15 G .651(nly e)-3.151 F .651
+(xtremely strange situations are logged.)-.15 F .65(At the highest le)
+5.651 F -.15(ve)-.25 G .65(l, e).15 F -.15(ve)-.25 G 3.15(nt).15 G(he)
+-3.15 E .825(most mundane and uninteresting e)117 604.2 R -.15(ve)-.25 G
+.825(nts are recorded for posterity).15 F 5.826(.A)-.65 G 3.326(sac)
+-5.826 G(on)-3.326 E -.15(ve)-.4 G .826(ntion, log le).15 F -.15(ve)-.25
+G(ls).15 E .201
+(under ten are considered generally \231useful;\232 log le)117 616.2 R
+-.15(ve)-.25 G .201(ls abo).15 F .501 -.15(ve 6)-.15 H 2.701(4a).15 G .2
+(re reserv)-2.701 F .2(ed for deb)-.15 F .2(ugging pur)-.2 F(-)-.2 E 2.5
+(poses. Le)117 628.2 R -.15(ve)-.25 G(ls from 11\25564 are reserv).15 E
+(ed for v)-.15 E(erbose information that some sites might w)-.15 E(ant.)
+-.1 E 2.5(Ac)142 644.4 S(omplete description of the log le)-2.5 E -.15
+(ve)-.25 G(ls is gi).15 E -.15(ve)-.25 G 2.5(ni).15 G 2.5(ns)-2.5 G
+(ection `)-2.5 E(`Log Le)-.74 E -.15(ve)-.25 G(l').15 E('.)-.74 E F0 2.5
+(2.2. Dumping)87 668.4 R(State)2.5 E F1 -1.1(Yo)127 684.6 S 2.563(uc)1.1
+G .063(an ask)-2.563 F F2(sendmail)2.563 E F1 .064(to log a dump of the\
+ open \214les and the connection cache by sending it a)2.563 F/F3 9
+/Times-Roman@0 SF(SIGUSR1)102 696.6 Q F1 2.5(signal. The)2.5 F
+(results are logged at)2.5 E F3(LOG_DEB)2.5 E(UG)-.09 E F1(priority)2.5
+E(.)-.65 E 0 Cg EP
%%Page: 16 12
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d31362053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<64656c69>115.5 96 Q -.15<7665>-.25 G
-<7279206973206e6f7420696d6d6564696174656c7920706f737369626c652e>.15 E 5
-<8349>107 108 S 2.5<6674>-5 G<686520537570657253616665206f7074696f6e2069
-732073657420746f20747275652c20616c6c206d61696c206d6573736167657320617265
-20717565756564207768696c652064656c69>-2.5 E -.15<7665>-.25 G
-<727920697320617474656d707465642e>.15 E 5<8349>107 120 S 3.259<6674>-5 G
-.759<68652044656c69>-3.259 F -.15<7665>-.25 G .758<72794d6f6465206f7074
-696f6e2069732073657420746f2071756575652d6f6e6c79206f72206465666572>.15 F
-3.258<2c61>-.4 G .758
-<6c6c206d61696c206973207175657565642c20616e64206e6f20696d6d656469617465>
--3.258 F<64656c69>115.5 132 Q -.15<7665>-.25 G
-<727920697320617474656d707465642e>.15 E 5<8349>107 144 S 2.814<6674>-5 G
-.314<6865206c6f61642061>-2.814 F -.15<7665>-.2 G .315
-<72616765206265636f6d657320686967686572207468616e207468652076>.15 F .315
-<616c7565206f66207468652051756575654c41206f7074696f6e20616e6420746865>
--.25 F F0<517565756546>2.815 E<6163746f72>-.25 E F1<28>115.5 156 Q F0
-<71>A F1 3.442<296f>C .942<7074696f6e206469>-3.442 F .942
-<76696465642062792074686520646966>-.25 F .942
-<666572656e636520696e207468652063757272656e74206c6f61642061>-.25 F -.15
-<7665>-.2 G .942<7261676520616e6420746865>.15 F F0<51756575654c41>3.442
-E F1 .942<6f7074696f6e20706c7573>3.442 F .403<6f6e65206973206c6573732074
-68616e20746865207072696f72697479206f6620746865206d6573736167652c206d6573
-7361676573206172652071756575656420726174686572207468616e20696d6d65646961
-74656c792064656c69>115.5 168 R<762d>-.25 E<657265642e>115.5 180 Q 5
-<834f>107 192 S .745
-<6e65206f72206d6f72652061646472657373657320617265206d61726b>-5 F .745
-<65642061732065>-.1 F<7870656e7369>-.15 E 1.045 -.15<76652061>-.25 H
-.745<6e642064656c69>.15 F -.15<7665>-.25 G .744
-<727920697320706f7374706f6e656420756e74696c20746865206e65>.15 F .744
-<7874207175657565>-.15 F
-<72756e206f72206f6e65206f72206d6f7265206164647265737320617265206d61726b>
-115.5 204 Q<65642061732068656c6420766961206d61696c6572207768696368207573
-65732074686520686f6c64206d61696c6572208d61672e>-.1 E 5<8354>107 216 S
-<6865206d61696c206d65737361676520686173206265656e206d61726b>-5 E<656420
-61732071756172616e74696e6564207669612061206d61696c208c6c746572206f722072
-756c65736574732e>-.1 E F0 2.5<322e332e312e205175657565>102 240 R<4772>
-2.5 E<6f75707320616e6420517565756520446972>-.18 E<6563746f72696573>-.18
-E F1 .338
-<546865726520617265206f6e65206f72206d6f7265206d61696c207175657565732e>
-142 256.2 R .339<45616368206d61696c2071756575652062656c6f6e677320746f20
-612071756575652067726f75702e>5.339 F .339<5468657265206973>5.339 F<616c>
-117 268.2 Q -.1<7761>-.1 G .617<7973206120646566>.1 F .617
-<61756c742071756575652067726f757020746861742069732063616c6c65642060>-.1
-F<606d717565756527>-.74 E 3.117<2728>-.74 G .616
-<7768696368206973207768657265206d6573736167657320676f20627920646566>
--3.117 F<61756c74>-.1 E 2.243
-<756e6c657373206f74686572776973652073706563698c6564292e>117 280.2 R
-2.244<546865206469726563746f7279206f72206469726563746f726965732077686963
-6820636f6d70726973652074686520646566>7.243 F 2.244<61756c74207175657565>
--.1 F 1.38<67726f7570206172652073706563698c6564206279207468652051756575
-654469726563746f7279206f7074696f6e2e>117 292.2 R 1.379<5468657265206172
-65207a65726f206f72206d6f7265206164646974696f6e616c206e616d6564>6.379 F
-<71756575652067726f757073206465636c61726564207573696e6720746865>117
-304.2 Q F0<51>2.5 E F1
-<636f6d6d616e6420696e2074686520636f6e8c6775726174696f6e208c6c652e>2.5 E
-.181<427920646566>142 320.4 R .181<61756c742c206120717565756564206d6573
-7361676520697320706c6163656420696e207468652071756575652067726f7570206173
-736f636961746564207769746820746865208c727374207265636970692d>-.1 F 1.181
-<656e7420696e2074686520726563697069656e74206c6973742e>117 332.4 R 3.681
-<4172>6.181 G 1.18<6563697069656e742061646472657373206973206d6170706564
-20746f20612071756575652067726f757020617320666f6c6c6f>-3.681 F 3.68
-<77732e2046697273742c>-.25 F<6966>3.68 E 1.222
-<746865726520697320612072756c657365742063616c6c65642060>117 344.4 R
-<607175657565>-.74 E<67726f757027>-.15 E 1.222<272c20616e64206966207468
-69732072756c65736574206d61707320746865206164647265737320746f206120717565
-75652067726f7570>-.74 F 1.39<6e616d652c207468656e2074686174207175657565
-2067726f75702069732063686f73656e2e>117 356.4 R 1.39
-<546861742069732c20746865206172>6.39 F 1.39<67756d656e7420666f7220746865
-2072756c657365742069732074686520726563697069656e74>-.18 F .79
-<6164647265737320616e642074686520726573756c742073686f756c64206265>117
-368.4 R F0<2423>3.29 E F1<666f6c6c6f>3.29 E .79
-<77656420627920746865206e616d65206f6620612071756575652067726f75702e>-.25
-F .79<4f74686572776973652c20696620746865>5.79 F 1.457<6d61696c6572206173
-736f63696174656420776974682074686520616464726573732073706563698c65732061
-2071756575652067726f75702c207468656e20746861742071756575652067726f757020
-69732063686f73656e2e>117 380.4 R<4f74686572776973652c2074686520646566>
-117 392.4 Q<61756c742071756575652067726f75702069732063686f73656e2e>-.1 E
-3.378<416d>142 408.6 S .878<6573736167652077697468206d756c7469706c652072
-6563697069656e74732077696c6c2062652073706c697420696620646966>-3.378 F
-.879<666572656e742071756575652067726f757073206172652063686f73656e206279>
--.25 F<746865206d617070696e67206f6620726563697069656e747320746f20717565
-75652067726f7570732e>117 420.6 Q 1.606<5768656e2061206d6573736167652069
-7320706c6163656420696e20612071756575652067726f75702c20616e64207468652071
-756575652067726f757020686173206d6f7265207468616e206f6e65>142 436.8 R
-<71756575652c20612071756575652069732073656c65637465642072616e646f6d6c79>
-117 448.8 Q<2e>-.65 E 1.633<49662061206d6573736167652077697468206d756c74
-69706c6520726563697069656e747320697320706c6163656420696e746f206120717565
-75652067726f75702077697468207468652027>142 465 R 1.633
-<7227206f7074696f6e>-.5 F 1.056<286d6178696d756d206e756d626572206f662072
-6563697069656e747320706572206d657373616765292073657420746f206120706f7369
-7469>117 477 R 1.356 -.15<76652076>-.25 H<616c7565>-.1 E/F2 10
-/Times-Italic@0 SF<4e>3.555 E F1 3.555<2c61>C 1.055
-<6e6420696620746865726520617265206d6f7265>-3.555 F<7468616e>117 489 Q F2
-<4e>2.905 E F1 .405<726563697069656e747320696e20746865206d6573736167652c
-207468656e20746865206d6573736167652077696c6c2062652073706c697420696e746f
-206d756c7469706c65206d657373616765732c2065616368206f66>2.905 F
-<7768696368206861>117 501 Q .3 -.15<76652061>-.2 H 2.5<746d>.15 G
-<6f7374>-2.5 E F2<4e>2.5 E F1<726563697069656e74732e>2.5 E .06<4e6f7469
-63653a206966206d756c7469706c652071756575652067726f7570732061726520757365
-642c20646f>142 517.2 R F0<6e6f74>2.56 E F1<6d6f>2.56 E .36 -.15
-<76652071>-.15 H .06
-<75657565208c6c65732061726f756e642c20652e672e2c20696e746f2061206469662d>
-.15 F 1.435<666572656e74207175657565206469726563746f7279>117 529.2 R
-6.435<2e54>-.65 G 1.435<686973206d6179206861>-6.435 F 1.735 -.15
-<76652077>-.2 H 1.435<65697264206566>.15 F 1.436<666563747320616e642063
-616e206361757365206d61696c206e6f7420746f2062652064656c69>-.25 F -.15
-<7665>-.25 G<7265642e>.15 E<5175657565208c6c657320616e64206469726563746f
-726965732073686f756c642062652074726561746564206173206f706171756520616e64
-2073686f756c64206e6f74206265206d616e6970756c61746564206469726563746c79>
-117 541.2 Q<2e>-.65 E F0 2.5<322e332e322e205175657565>102 565.2 R
-<52756e73>2.5 E F2<73656e646d61696c>142 581.4 Q F1 1.001<686173207477>
-3.501 F 3.501<6f64>-.1 G<6966>-3.501 E 1.001<666572656e742077>-.25 F
-1.001<61797320746f2070726f63657373207468652071756575652873292e>-.1 F 1
-<546865208c727374206f6e6520697320746f207374617274207175657565>6.001 F
-.103<72756e6e657273206166746572206365727461696e20696e74657276>117 593.4
-R .103<616c73202860>-.25 F<606e6f726d616c27>-.74 E 2.603<2771>-.74 G
-.104<756575652072756e6e657273292c20746865207365636f6e64206f6e6520697320
-746f206b>-2.603 F .104<6565702071756575652072756e6e6572>-.1 F .401
-<70726f6365737365732061726f756e64202860>117 605.4 R
-<6070657273697374656e7427>-.74 E 2.901<2771>-.74 G .401
-<756575652072756e6e657273292e>-2.901 F<486f>5.401 E 2.901<7774>-.25 G
-2.901<6f73>-2.901 G .401<656c65637420656974686572206f662074686573652074
-7970657320697320646973637573736564>-2.901 F 1.348
-<696e2074686520617070656e6469782060>117 617.4 R 1.348
-<60434f4d4d414e44204c494e4520464c41>-.74 F<475327>-.4 E 3.848
-<272e2050657273697374656e74>-.74 F 1.348
-<71756575652072756e6e657273206861>3.848 F 1.649 -.15<76652074>-.2 H
-1.349<686520616476>.15 F<616e74616765>-.25 E .055<74686174206e6f206e65>
-117 629.4 R 2.555<7770>-.25 G .055
-<726f636573736573206e65656420746f20626520737061>-2.555 F .055
-<776e6564206174206365727461696e20696e74657276>-.15 F .055
-<616c733b20746865>-.25 F 2.555<796a>-.15 G .054
-<75737420736c65657020666f7220612073706563698c65642074696d65>-2.555 F
-.554<616674657220746865>117 641.4 R 3.054<798c>-.15 G .554
-<6e697368656420612071756575652072756e2e>-3.054 F .554
-<416e6f7468657220616476>5.554 F .554<616e74616765206f662070657273697374
-656e742071756575652072756e6e6572732069732074686174206f6e6c79206f6e65>
--.25 F .38<70726f636573732062656c6f6e67696e6720746f20612077>117 653.4 R
-.38<6f726b67726f75702028612077>-.1 F .379<6f726b67726f757020697320612073
-6574206f662071756575652067726f7570732920636f6c6c656374732074686520646174
-6120666f722061>-.1 F .489<71756575652072756e20616e64207468656e206d756c74
-69706c652071756575652072756e6e6572206d617920676f206168656164207573696e67
-207468617420646174612e>117 665.4 R .489
-<546869732063616e207369676e698c63616e746c79>5.489 F .861<72656475636520
-746865206469736b20492f4f206e656365737361727920746f2072656164207468652071
-75657565208c6c657320636f6d706172656420746f207374617274696e67206d756c7469
-706c652071756575652072756e2d>117 677.4 R .549
-<6e657273206469726563746c79>117 689.4 R 5.549<2e54>-.65 G .549
-<6865697220646973616476>-5.549 F .549
-<616e7461676520697320746861742061206e65>-.25 F 3.049<7771>-.25 G .55<75
-6575652072756e206973206f6e6c79207374617274656420616674657220616c6c207175
-6575652072756e6e657273>-3.049 F 1.044<62656c6f6e67696e6720746f2061206772
-6f7570208c6e6973686564207468656972207461736b732e>117 701.4 R 1.043<496e
-2063617365206f6e65206f66207468652071756575652072756e6e657273207472696573
-2064656c69>6.044 F -.15<7665>-.25 G 1.043<727920746f2061>.15 F<736c6f>
-117 713.4 Q 3.282<7772>-.25 G .782<6563697069656e7420736974652061742074
-686520656e64206f6620612071756575652072756e2c20746865206e65>-3.282 F .783
-<78742071756575652072756e206d6179206265207375627374616e7469616c6c792064
-656c617965642e>-.15 F .741<496e2067656e6572616c20746869732073686f756c64
-20626520736d6f6f74686564206f75742064756520746f207468652064697374726962>
-117 725.4 R .741<7574696f6e206f662074686f736520736c6f>-.2 F 3.241<776a>
--.25 G .741<6f62732c20686f>-3.241 F<7765>-.25 E -.15<7665>-.25 G 1.541
--.4<722c2066>.15 H<6f72>.4 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-16 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E 2.5(2.3. The)87 96 R
+(Mail Queues)2.5 E/F1 10/Times-Roman@0 SF .649
+(Mail messages may either be deli)127 112.2 R -.15(ve)-.25 G .648
+(red immediately or be held for later deli).15 F -.15(ve)-.25 G(ry).15 E
+5.648(.H)-.65 G .648(eld mes-)-5.648 F
+(sages are placed into a holding directory called a mail queue.)102
+124.2 Q 2.5(Am)127 140.4 S(ail message may be queued for these reasons:)
+-2.5 E 5<8349>107 156.6 S 2.546(fam)-5 G .047
+(ail message is temporarily undeli)-2.546 F -.15(ve)-.25 G .047
+(rable, it is queued and deli).15 F -.15(ve)-.25 G .047
+(ry is attempted later).15 F 5.047(.I)-.55 G 2.547(ft)-5.047 G(he)-2.547
+E .141(message is addressed to multiple recipients, it is queued only f\
+or those recipients to whom deli)115.5 168.6 R(v-)-.25 E
+(ery is not immediately possible.)115.5 180.6 Q 5<8349>107 192.6 S 2.5
+(ft)-5 G(he SuperSafe option is set to true, all mail messages are queu\
+ed while deli)-2.5 E -.15(ve)-.25 G(ry is attempted.).15 E 5<8349>107
+204.6 S 3.258(ft)-5 G .758(he Deli)-3.258 F -.15(ve)-.25 G .758
+(ryMode option is set to queue-only or defer).15 F 3.258(,a)-.4 G .758
+(ll mail is queued, and no immediate)-3.258 F(deli)115.5 216.6 Q -.15
+(ve)-.25 G(ry is attempted.).15 E 5<8349>107 228.6 S 2.815(ft)-5 G .315
+(he load a)-2.815 F -.15(ve)-.2 G .315(rage becomes higher than the v)
+.15 F .314(alue of the QueueLA option and the)-.25 F F0(QueueF)2.814 E
+(actor)-.25 E F1(\()115.5 240.6 Q F0(q)A F1 3.442(\)o)C .942(ption di)
+-3.442 F .942(vided by the dif)-.25 F .942
+(ference in the current load a)-.25 F -.15(ve)-.2 G .942(rage and the)
+.15 F F0(QueueLA)3.442 E F1 .942(option plus)3.442 F .403(one is less t\
+han the priority of the message, messages are queued rather than immedi\
+ately deli)115.5 252.6 R(v-)-.25 E(ered.)115.5 264.6 Q 5<834f>107 276.6
+S .744(ne or more addresses are mark)-5 F .745(ed as e)-.1 F(xpensi)-.15
+E 1.045 -.15(ve a)-.25 H .745(nd deli).15 F -.15(ve)-.25 G .745
+(ry is postponed until the ne).15 F .745(xt queue)-.15 F
+(run or one or more address are mark)115.5 288.6 Q
+(ed as held via mailer which uses the hold mailer \215ag.)-.1 E 5<8354>
+107 300.6 S(he mail message has been mark)-5 E
+(ed as quarantined via a mail \214lter or rulesets.)-.1 E F0 2.5
+(2.3.1. Queue)102 324.6 R(Gr)2.5 E(oups and Queue Dir)-.18 E(ectories)
+-.18 E F1 .339(There are one or more mail queues.)142 340.8 R .339
+(Each mail queue belongs to a queue group.)5.339 F .338(There is)5.338 F
+(al)117 352.8 Q -.1(wa)-.1 G .616(ys a def).1 F .616
+(ault queue group that is called `)-.1 F(`mqueue')-.74 E 3.117('\()-.74
+G .617(which is where messages go by def)-3.117 F(ault)-.1 E 2.244
+(unless otherwise speci\214ed\).)117 364.8 R 2.244
+(The directory or directories which comprise the def)7.244 F 2.243
+(ault queue)-.1 F 1.379
+(group are speci\214ed by the QueueDirectory option.)117 376.8 R 1.379
+(There are zero or more additional named)6.379 F
+(queue groups declared using the)117 388.8 Q F0(Q)2.5 E F1
+(command in the con\214guration \214le.)2.5 E .182(By def)142 405 R .181
+(ault, a queued message is placed in the queue group associated with th\
+e \214rst recipi-)-.1 F 1.18(ent in the recipient list.)117 417 R 3.68
+(Ar)6.18 G 1.181(ecipient address is mapped to a queue group as follo)
+-3.68 F 3.681(ws. First,)-.25 F(if)3.681 E 1.222
+(there is a ruleset called `)117 429 R(`queue)-.74 E(group')-.15 E 1.222
+(', and if this ruleset maps the address to a queue group)-.74 F 1.39
+(name, then that queue group is chosen.)117 441 R 1.39(That is, the ar)
+6.39 F 1.39(gument for the ruleset is the recipient)-.18 F .44
+(address \(i.e., the address part of the resolv)117 453 R .439
+(ed triple\) and the result should be)-.15 F F0($#)2.939 E F1(follo)
+2.939 E .439(wed by the)-.25 F .768(name of a queue group.)117 465 R
+.769(Otherwise, if the mailer associated with the address speci\214es a\
+ queue)5.768 F(group, then that queue group is chosen.)117 477 Q
+(Otherwise, the def)5 E(ault queue group is chosen.)-.1 E 3.379(Am)142
+493.2 S .879(essage with multiple recipients will be split if dif)-3.379
+F .878(ferent queue groups are chosen by)-.25 F
+(the mapping of recipients to queue groups.)117 505.2 Q 1.606(When a me\
+ssage is placed in a queue group, and the queue group has more than one)
+142 521.4 R(queue, a queue is selected randomly)117 533.4 Q(.)-.65 E
+1.633(If a message with multiple recipients is placed into a queue grou\
+p with the ')142 549.6 R 1.632(r' option)-.5 F 1.055
+(\(maximum number of recipients per message\) set to a positi)117 561.6
+R 1.356 -.15(ve v)-.25 H(alue)-.1 E/F2 10/Times-Italic@0 SF(N)3.556 E F1
+3.556(,a)C 1.056(nd if there are more)-3.556 F(than)117 573.6 Q F2(N)
+2.905 E F1 .405(recipients in the message, then the message will be spl\
+it into multiple messages, each of)2.905 F(which ha)117 585.6 Q .3 -.15
+(ve a)-.2 H 2.5(tm).15 G(ost)-2.5 E F2(N)2.5 E F1(recipients.)2.5 E .06
+(Notice: if multiple queue groups are used, do)142 601.8 R F0(not)2.56 E
+F1(mo)2.56 E .36 -.15(ve q)-.15 H .06
+(ueue \214les around, e.g., into a dif-).15 F 1.436
+(ferent queue directory)117 613.8 R 6.436(.T)-.65 G 1.436(his may ha)
+-6.436 F 1.735 -.15(ve w)-.2 H 1.435(eird ef).15 F 1.435
+(fects and can cause mail not to be deli)-.25 F -.15(ve)-.25 G(red.).15
+E(Queue \214les and directories should be treated as opaque and should \
+not be manipulated directly)117 625.8 Q(.)-.65 E F0 2.5(2.3.2. Queue)102
+649.8 R(Runs)2.5 E F2(sendmail)142 666 Q F1 1(has tw)3.5 F 3.5(od)-.1 G
+(if)-3.5 E 1(ferent w)-.25 F 1.001(ays to process the queue\(s\).)-.1 F
+1.001(The \214rst one is to start queue)6.001 F .104
+(runners after certain interv)117 678 R .104(als \(`)-.25 F(`normal')
+-.74 E 2.604('q)-.74 G .103(ueue runners\), the second one is to k)
+-2.604 F .103(eep queue runner)-.1 F .4(processes around \(`)117 690 R
+(`persistent')-.74 E 2.9('q)-.74 G .401(ueue runners\).)-2.9 F(Ho)5.401
+E 2.901(wt)-.25 G 2.901(os)-2.901 G .401
+(elect either of these types is discussed)-2.901 F 1.349
+(in the appendix `)117 702 R 1.348(`COMMAND LINE FLA)-.74 F(GS')-.4 E
+3.848('. Persistent)-.74 F 1.348(queue runners ha)3.848 F 1.648 -.15
+(ve t)-.2 H 1.348(he adv).15 F(antage)-.25 E .054(that no ne)117 714 R
+2.554(wp)-.25 G .054(rocesses need to be spa)-2.554 F .055
+(wned at certain interv)-.15 F .055(als; the)-.25 F 2.555(yj)-.15 G .055
+(ust sleep for a speci\214ed time)-2.555 F 0 Cg EP
%%Page: 17 13
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3137>195.86 E
-/F1 10/Times-Roman@0 SF .458<7369746573207769746820736d616c6c206e756d62
-6572206f6620717565756520656e74726965732074686973206d6967687420696e74726f
-64756365206e6f74696361626c652064656c6179732e>117 96 R .459
-<496e2067656e6572616c2c20706572>5.459 F<2d>-.2 E<73697374656e7420717565
-75652072756e6e65727320617265206f6e6c792075736566756c20666f72207369746573
-207769746820626967207175657565732e>117 108 Q F0 2.5
-<322e332e332e204d616e75616c>102 132 R<496e746572>2.5 E -.1<7665>-.1 G
-<6e74696f6e>.1 E F1 1.049<556e646572206e6f726d616c20636f6e646974696f6e73
-20746865206d61696c2071756575652077696c6c2062652070726f636573736564207472
-616e73706172656e746c79>142 148.2 R 6.049<2e48>-.65 G -.25<6f77>-6.049 G
--2.15 -.25<65762065>.25 H 1.849 -.4<722c2079>.25 H<6f75>.4 E .151
-<6d6179208c6e642074686174206d616e75616c20696e74657276>117 160.2 R .151
-<656e74696f6e20697320736f6d6574696d6573206e6563657373617279>-.15 F 5.151
-<2e46>-.65 G .151<6f722065>-5.301 F .152
-<78616d706c652c2069662061206d616a6f7220686f737420697320646f>-.15 F<776e>
--.25 E .104<666f72206120706572696f64206f662074696d6520746865207175657565
-206d6179206265636f6d6520636c6f676765642e>117 172.2 R<416c74686f756768>
-5.103 E/F2 10/Times-Italic@0 SF<73656e646d61696c>2.603 E F1 .103
-<6f7567687420746f207265636f>2.603 F -.15<7665>-.15 G 2.603<7267>.15 G
-<726163652d>-2.603 E .249<66756c6c79207768656e2074686520686f737420636f6d
-65732075702c20796f75206d6179208c6e6420706572666f726d616e636520756e616363
-65707461626c792062616420696e20746865206d65616e74696d652e>117 184.2 R
-<496e>5.249 E .539<74686174206361736520796f752077>117 196.2 R .538<616e
-7420746f20636865636b2074686520636f6e74656e74206f662074686520717565756520
-616e64206d616e6970756c6174652069742061732065>-.1 F .538
-<78706c61696e656420696e20746865206e65>-.15 F<7874>-.15 E<7477>117 208.2
-Q 2.5<6f73>-.1 G<656374696f6e732e>-2.5 E F0 2.5
-<322e332e342e205072696e74696e67>102 232.2 R<746865207175657565>2.5 E F1
-.861<54686520636f6e74656e7473206f66207468652071756575652873292063616e20
-6265207072696e746564207573696e6720746865>142 248.4 R F2<6d61696c71>3.362
-E F1 .862<636f6d6d616e6420286f722062792073706563696679696e67>3.362 F
-<746865>117 260.4 Q F0<ad6270>2.5 E F1<8d616720746f>2.5 E F2
-<73656e646d61696c>2.5 E F1<293a>A<6d61696c71>157 276.6 Q 1.673<54686973
-2077696c6c2070726f647563652061206c697374696e67206f6620746865207175657565
-20696427>117 292.8 R 1.673<732c207468652073697a65206f6620746865206d6573
-736167652c20746865206461746520746865206d657373616765>-.55 F .527<656e74
-65726564207468652071756575652c20616e64207468652073656e64657220616e642072
-6563697069656e74732e>117 304.8 R .528<496620736861726564206d656d6f727920
-737570706f727420697320636f6d70696c656420696e2c20746865>5.527 F<8d6167>
-117 316.8 Q F0<ad6250>3.015 E F1 .514<63616e206265207573656420746f207072
-696e7420746865206e756d626572206f6620656e747269657320696e2074686520717565
-75652873292c2070726f>3.015 F .514
-<766964656420612070726f636573732075706461746573>-.15 F .54
-<74686520646174612e>117 328.8 R<486f>5.54 E<7765>-.25 E -.15<7665>-.25 G
-1.34 -.4<722c2061>.15 H 3.04<7365>.4 G .54
-<78706c61696e6564206561726c696572>-3.19 F 3.041<2c74>-.4 G .541<6865206f
-7574707574206d6967687420626520736c696768746c792077726f6e672c2073696e6365
-2061636365737320746f20746865>-3.041 F 1.431
-<736861726564206d656d6f7279206973206e6f74206c6f636b>117 340.8 R 3.931
-<65642e2046>-.1 F 1.431<6f722065>-.15 F 1.431<78616d706c652c2060>-.15 F
-<60756e6b6e6f>-.74 E 1.431<776e206e756d626572206f6620656e747269657327>
--.25 F 3.93<276d>-.74 G 1.43<696768742062652073686f>-3.93 F<776e2e>-.25
-E<54686520696e7465726e616c20636f756e746572732061726520757064617465642061
-6674657220656163682071756575652072756e20746f2074686520636f72726563742076>
-117 352.8 Q<616c7565206167>-.25 E<61696e2e>-.05 E F0 2.5
-<322e332e352e2046>102 376.8 R<6f72>-.25 E<63696e6720746865207175657565>
--.18 E F2<53656e646d61696c>142 393 Q F1 .352<73686f756c642072756e207468
-65207175657565206175746f6d61746963616c6c7920617420696e74657276>2.852 F
-2.853<616c732e205768656e>-.25 F .353
-<7573696e67206d756c7469706c65207175657565732c2061>2.853 F .277
-<73657061726174652070726f636573732077696c6c20627920646566>117 405 R .276
-<61756c74206265206372656174656420746f2072756e2065616368206f662074686520
-71756575657320756e6c657373207468652071756575652072756e20697320696e692d>
--.1 F .613<746961746564206279206120757365722077697468207468652076>117
-417 R .613<6572626f7365208d61672e>-.15 F .613<54686520616c676f726974686d
-20697320746f207265616420616e6420736f7274207468652071756575652c20616e6420
-7468656e20746f>5.613 F .159<617474656d707420746f2070726f6365737320616c6c
-206a6f627320696e206f72646572>117 429 R 5.159<2e57>-.55 G .159
-<68656e20697420617474656d70747320746f2072756e20746865206a6f622c>-5.159 F
-F2<73656e646d61696c>2.659 E F1 .158
-<8c72737420636865636b7320746f20736565>2.659 F
-<696620746865206a6f62206973206c6f636b>117 441 Q 2.5<65642e204966>-.1 F
-<736f2c2069742069676e6f72657320746865206a6f62>2.5 E<2e>-.4 E .338<546865
-7265206973206e6f20617474656d707420746f20696e737572652074686174206f6e6c79
-206f6e652071756575652070726f636573736f722065>142 457.2 R .338
-<786973747320617420616e>-.15 F 2.838<7974>-.15 G .339
-<696d652c2073696e6365207468657265>-2.838 F .095<6973206e6f2067756172616e
-74656520746861742061206a6f622063616e6e6f742074616b>117 469.2 R 2.595
-<6566>-.1 G<6f7265>-2.595 E -.15<7665>-.25 G 2.595<7274>.15 G 2.595
-<6f70>-2.595 G .094<726f636573732028686f>-2.595 F<7765>-.25 E -.15<7665>
--.25 G -.4<722c>.15 G F2<73656e646d61696c>2.994 E F1 .094
-<646f657320696e636c756465206865757269732d>2.594 F 1.086<7469637320746f20
-74727920746f2061626f7274206a6f62732074686174206172652074616b696e67206162
-7375726420616d6f756e7473206f662074696d653b20746563686e6963616c6c79>117
-481.2 R 3.587<2c74>-.65 G 1.087<6869732076696f6c6174657320524643>-3.587
-F .462<3832312c2062>117 493.2 R .461
-<757420697320626c6573736564206279205246432031313233292e>-.2 F .461<4475
-6520746f20746865206c6f636b696e6720616c676f726974686d2c20697420697320696d
-706f737369626c6520666f72206f6e65206a6f6220746f>5.461 F 1.086
-<667265657a652074686520656e746972652071756575652e>117 505.2 R<486f>6.086
-E<7765>-.25 E -.15<7665>-.25 G 1.886 -.4<722c2061>.15 H 3.586<6e75>.4 G
-<6e636f6f706572617469>-3.586 E 1.386 -.15<76652072>-.25 H 1.086<65636970
-69656e7420686f7374206f7220612070726f6772616d20726563697069656e7420746861
-74>.15 F<6e65>117 517.2 Q -.15<7665>-.25 G 3.351<7272>.15 G .851
-<657475726e732063616e20616363756d756c617465206d616e>-3.351 F 3.351<7970>
--.15 G .851<726f63657373657320696e20796f75722073797374656d2e>-3.351 F
-<556e666f7274756e6174656c79>5.851 E 3.351<2c74>-.65 G .85
-<68657265206973206e6f20636f6d2d>-3.351 F
-<706c6574656c792067656e6572616c2077>117 529.2 Q<617920746f20736f6c76>-.1
-E 2.5<6574>-.15 G<6869732e>-2.5 E .082<496e20736f6d652063617365732c2079
-6f75206d6179208c6e6420746861742061206d616a6f7220686f737420676f696e672064
-6f>142 545.4 R .083
-<776e20666f72206120636f75706c65206f662064617973206d617920637265617465>
--.25 F 2.925<6170>117 557.4 S<726f686962697469>-2.925 E -.15<7665>-.25 G
-.425<6c79206c6172>.15 F .425<67652071756575652e>-.18 F .424
-<546869732077696c6c20726573756c7420696e>5.425 F F2<73656e646d61696c>
-2.924 E F1 .424<7370656e64696e6720616e20696e6f7264696e61746520616d6f756e
-74206f662074696d65>2.924 F 1.084<736f7274696e67207468652071756575652e>
-117 569.4 R 1.084<5468697320736974756174696f6e2063616e206265208c78>6.084
-F 1.084<6564206279206d6f>-.15 F 1.085<76696e672074686520717565756520746f
-20612074656d706f7261727920706c61636520616e64>-.15 F .023
-<6372656174696e672061206e65>117 581.4 R 2.523<7771>-.25 G 2.523
-<756575652e20546865>-2.523 F .022<6f6c642071756575652063616e206265207275
-6e206c61746572207768656e20746865206f66>2.523 F .022
-<66656e64696e6720686f73742072657475726e7320746f20736572766963652e>-.25 F
-1.6 -.8<546f2064>142 597.6 T 2.5<6f74>.8 G
-<6869732c2069742069732061636365707461626c6520746f206d6f>-2.5 E .3 -.15
-<76652074>-.15 H<686520656e74697265207175657565206469726563746f72793a>
-.15 E<6364202f76>157 613.8 Q<61722f73706f6f6c>-.25 E<6d76206d7175657565
-206f6d71756575653b206d6b646972206d71756575653b2063686d6f642030373030206d
-7175657565>157 625.8 Q -1.1<596f>117 642 S 2.708<7573>1.1 G .208
-<686f756c64207468656e206b696c6c207468652065>-2.708 F .209<78697374696e67
-206461656d6f6e202873696e63652069742077696c6c207374696c6c2062652070726f63
-657373696e6720696e20746865206f6c642071756575652064697265632d>-.15 F
-<746f72792920616e64206372656174652061206e65>117 654 Q 2.5<7764>-.25 G
-<61656d6f6e2e>-2.5 E 1.6 -.8<546f2072>142 670.2 T<756e20746865206f6c6420
-6d61696c2071756575652c2069737375652074686520666f6c6c6f>.8 E
-<77696e6720636f6d6d616e643a>-.25 E<2f7573722f7362696e2f73656e646d61696c
-20ad43202f6574632f6d61696c2f71756575652e636620ad71>157 686.4 Q<546865>
-117 702.6 Q F0<ad43>3.313 E F1 .813<8d61672073706563698c657320616e20616c
-7465726e61746520636f6e8c6775726174696f6e208c6c65>3.313 F F0
-<71756575652e6366>3.313 E F1 .813
-<77686963682073686f756c6420726566657220746f20746865206d6f>3.313 F -.15
-<7665>-.15 G<64>.15 E<7175657565206469726563746f7279>117 714.6 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-17)195.86 E/F1 10/Times-Roman@0 SF .554(after the)117 96 R 3.054
+<798c>-.15 G .554(nished a queue run.)-3.054 F .554(Another adv)5.554 F
+.554(antage of persistent queue runners is that only one)-.25 F .379
+(process belonging to a w)117 108 R .379(orkgroup \(a w)-.1 F .38
+(orkgroup is a set of queue groups\) collects the data for a)-.1 F .489
+(queue run and then multiple queue runner may go ahead using that data.)
+117 120 R .488(This can signi\214cantly)5.488 F .861(reduce the disk I/\
+O necessary to read the queue \214les compared to starting multiple que\
+ue run-)117 132 R .55(ners directly)117 144 R 5.55(.T)-.65 G .55
+(heir disadv)-5.55 F .55(antage is that a ne)-.25 F 3.049(wq)-.25 G .549
+(ueue run is only started after all queue runners)-3.049 F 1.043
+(belonging to a group \214nished their tasks.)117 156 R 1.044
+(In case one of the queue runners tries deli)6.043 F -.15(ve)-.25 G
+1.044(ry to a).15 F(slo)117 168 Q 3.283(wr)-.25 G .783
+(ecipient site at the end of a queue run, the ne)-3.283 F .782
+(xt queue run may be substantially delayed.)-.15 F .741
+(In general this should be smoothed out due to the distrib)117 180 R
+.741(ution of those slo)-.2 F 3.242(wj)-.25 G .742(obs, ho)-3.242 F(we)
+-.25 E -.15(ve)-.25 G 1.542 -.4(r, f).15 H(or).4 E .142(sites with smal\
+l number of queue entries this might introduce noticeable delays.)117
+192 R .141(In general, per)5.141 F(-)-.2 E
+(sistent queue runners are only useful for sites with big queues.)117
+204 Q F0 2.5(2.3.3. Manual)102 228 R(Inter)2.5 E -.1(ve)-.1 G(ntion).1 E
+F1 1.049
+(Under normal conditions the mail queue will be processed transparently)
+142 244.2 R 6.049(.H)-.65 G -.25(ow)-6.049 G -2.15 -.25(ev e).25 H 1.85
+-.4(r, y).25 H(ou).4 E .152(may \214nd that manual interv)117 256.2 R
+.151(ention is sometimes necessary)-.15 F 5.151(.F)-.65 G .151(or e)
+-5.301 F .151(xample, if a major host is do)-.15 F(wn)-.25 E .103
+(for a period of time the queue may become clogged.)117 268.2 R
+(Although)5.103 E/F2 10/Times-Italic@0 SF(sendmail)2.604 E F1 .104
+(ought to reco)2.604 F -.15(ve)-.15 G 2.604(rg).15 G(race-)-2.604 E .249
+(fully when the host comes up, you may \214nd performance unacceptably \
+bad in the meantime.)117 280.2 R(In)5.248 E .538(that case you w)117
+292.2 R .538
+(ant to check the content of the queue and manipulate it as e)-.1 F .539
+(xplained in the ne)-.15 F(xt)-.15 E(tw)117 304.2 Q 2.5(os)-.1 G
+(ections.)-2.5 E F0 2.5(2.3.4. Printing)102 328.2 R(the queue)2.5 E F1
+.862(The contents of the queue\(s\) can be printed using the)142 344.4 R
+F2(mailq)3.361 E F1 .861(command \(or by specifying)3.361 F(the)117
+356.4 Q F0(\255bp)2.5 E F1(\215ag to)2.5 E F2(sendmail)2.5 E F1(\):)A
+(mailq)157 372.6 Q 1.673(This will produce a listing of the queue id')
+117 388.8 R 1.673(s, the size of the message, the date the message)-.55
+F .528(entered the queue, and the sender and recipients.)117 400.8 R
+.527(If shared memory support is compiled in, the)5.527 F(\215ag)117
+412.8 Q F0(\255bP)3.014 E F1 .514
+(can be used to print the number of entries in the queue\(s\), pro)3.014
+F .515(vided a process updates)-.15 F .541(the data.)117 424.8 R(Ho)
+5.541 E(we)-.25 E -.15(ve)-.25 G 1.341 -.4(r, a).15 H 3.041(se).4 G .541
+(xplained earlier)-3.191 F 3.041(,t)-.4 G .54
+(he output might be slightly wrong, since access to the)-3.041 F 1.43
+(shared memory is not lock)117 436.8 R 3.931(ed. F)-.1 F 1.431(or e)-.15
+F 1.431(xample, `)-.15 F(`unkno)-.74 E 1.431(wn number of entries')-.25
+F 3.931('m)-.74 G 1.431(ight be sho)-3.931 F(wn.)-.25 E(The internal co\
+unters are updated after each queue run to the correct v)117 448.8 Q
+(alue ag)-.25 E(ain.)-.05 E F0 2.5(2.3.5. F)102 472.8 R(or)-.25 E
+(cing the queue)-.18 E F2(Sendmail)142 489 Q F1 .353
+(should run the queue automatically at interv)2.853 F 2.852(als. When)
+-.25 F .352(using multiple queues, a)2.852 F .276
+(separate process will by def)117 501 R .276
+(ault be created to run each of the queues unless the queue run is ini-)
+-.1 F .614(tiated by a user with the v)117 513 R .613(erbose \215ag.)
+-.15 F .613(The algorithm is to read and sort the queue, and then to)
+5.613 F .159(attempt to process all jobs in order)117 525 R 5.159(.W)
+-.55 G .159(hen it attempts to run the job,)-5.159 F F2(sendmail)2.659 E
+F1 .159(\214rst checks to see)2.659 F(if the job is lock)117 537 Q 2.5
+(ed. If)-.1 F(so, it ignores the job)2.5 E(.)-.4 E .338
+(There is no attempt to insure that only one queue processor e)142 553.2
+R .338(xists at an)-.15 F 2.838(yt)-.15 G .338(ime, since there)-2.838 F
+.094(is no guarantee that a job cannot tak)117 565.2 R 2.595(ef)-.1 G
+(ore)-2.595 E -.15(ve)-.25 G 2.595(rt).15 G 2.595(op)-2.595 G .095
+(rocess \(ho)-2.595 F(we)-.25 E -.15(ve)-.25 G -.4(r,).15 G F2(sendmail)
+2.995 E F1 .095(does include heuris-)2.595 F 1.086(tics to try to abort\
+ jobs that are taking absurd amounts of time; technically)117 577.2 R
+3.586(,t)-.65 G 1.086(his violates RFC)-3.586 F .461(821, b)117 589.2 R
+.461(ut is blessed by RFC 1123\).)-.2 F .461
+(Due to the locking algorithm, it is impossible for one job to)5.461 F
+1.087(freeze the entire queue.)117 601.2 R(Ho)6.086 E(we)-.25 E -.15(ve)
+-.25 G 1.886 -.4(r, a).15 H 3.586(nu).4 G(ncooperati)-3.586 E 1.386 -.15
+(ve r)-.25 H 1.086(ecipient host or a program recipient that).15 F(ne)
+117 613.2 Q -.15(ve)-.25 G 3.35(rr).15 G .85(eturns can accumulate man)
+-3.35 F 3.351(yp)-.15 G .851(rocesses in your system.)-3.351 F
+(Unfortunately)5.851 E 3.351(,t)-.65 G .851(here is no com-)-3.351 F
+(pletely general w)117 625.2 Q(ay to solv)-.1 E 2.5(et)-.15 G(his.)-2.5
+E .082(In some cases, you may \214nd that a major host going do)142
+641.4 R .082(wn for a couple of days may create)-.25 F 2.924(ap)117
+653.4 S(rohibiti)-2.924 E -.15(ve)-.25 G .424(ly lar).15 F .424
+(ge queue.)-.18 F .424(This will result in)5.424 F F2(sendmail)2.924 E
+F1 .425(spending an inordinate amount of time)2.924 F 1.085
+(sorting the queue.)117 665.4 R 1.085(This situation can be \214x)6.085
+F 1.084(ed by mo)-.15 F 1.084(ving the queue to a temporary place and)
+-.15 F .022(creating a ne)117 677.4 R 2.522(wq)-.25 G 2.522(ueue. The)
+-2.522 F .022(old queue can be run later when the of)2.522 F .023
+(fending host returns to service.)-.25 F 1.6 -.8(To d)142 693.6 T 2.5
+(ot).8 G(his, it is acceptable to mo)-2.5 E .3 -.15(ve t)-.15 H
+(he entire queue directory:).15 E 0 Cg EP
%%Page: 18 14
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d31382053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 2.5<4f51>157 96 S
-<756575654469726563746f72793d2f76>-2.5 E
-<61722f73706f6f6c2f6f6d7175657565>-.25 E .648<616e6420746865>117 112.2 R
-F0<ad71>3.148 E F1 .648<8d6167207361797320746f206a7573742072756e2065>
-3.148 F -.15<7665>-.25 G .648<7279206a6f6220696e207468652071756575652e>
-.15 F -1.1<596f>5.649 G 3.149<7563>1.1 G .649
-<616e20616c736f207370656369667920746865206d6f>-3.149 F -.15<7665>-.15 G
-3.149<6471>.15 G<75657565>-3.149 E
-<6469726563746f7279206f6e2074686520636f6d6d616e64206c696e65>117 124.2 Q
-<2f7573722f7362696e2f73656e646d61696c20ad6f512f76>157 140.4 Q
-<61722f73706f6f6c2f6f6d717565756520ad71>-.25 E -.2<6275>117 156.6 S
-3.236<7474>.2 G .736
-<686973207265717569726573207468617420796f7520646f206e6f74206861>-3.236 F
-1.036 -.15<76652071>-.2 H .735<756575652067726f75707320696e207468652063
-6f6e8c6775726174696f6e208c6c652c20626563617573652074686f736520617265>.15
-F 1.07<6e6f74207375626469726563746f72696573206f6620746865206d6f>117
-168.6 R -.15<7665>-.15 G 3.571<6464>.15 G<69726563746f7279>-3.571 E
-6.071<2e53>-.65 G 1.071<6565207468652073656374696f6e2061626f75742060>
--6.071 F 1.071<6051756575652047726f7570204465636c61726174696f6e27>-.74 F
-<27>-.74 E .012<666f722064657461696c733b20796f75206d6f7374206c696b>117
-180.6 R .011<656c79206e656564206120646966>-.1 F .011<666572656e7420636f
-6e8c6775726174696f6e208c6c6520746f20636f72726563746c79206465616c20776974
-6820746869732070726f626c656d2e>-.25 F<486f>117 192.6 Q<7765>-.25 E -.15
-<7665>-.25 G 1.817 -.4<722c20612070>.15 H 1.018<726f70657220636f6e8c6775
-726174696f6e206f662071756575652067726f7570732073686f756c642061>.4 F -.2
-<766f>-.2 G 1.018
-<6964208c6c6c696e67207570207175657565206469726563746f726965732c20736f>.2
-F .368<796f752073686f756c646e27>117 204.6 R 2.868<7472>-.18 G .368
-<756e20696e746f20746869732070726f626c656d2e>-2.868 F .368
-<496620796f75206861>5.368 F .667 -.15<766520612074>-.2 H<656e64656e63>
-.15 E 2.867<7974>-.15 G -2.1 -.25<6f772061>-2.867 H .367<72642076>.25 F
--.1<6f79>-.2 G .367<65757269736d2c20796f752063616e2075736520746865>.1 F
-F0<ad76>117 216.6 Q F1<8d616720746f2077>2.5 E
-<61746368207768617420697320676f696e67206f6e2e>-.1 E<5768656e207468652071
-75657565206973208c6e616c6c7920656d70746965642c20796f752063616e2072656d6f>
-142 232.8 Q .3 -.15<76652074>-.15 H<6865206469726563746f72793a>.15 E
-<726d646972202f76>157 249 Q<61722f73706f6f6c2f6f6d7175657565>-.25 E F0
-2.5<322e332e362e2051756172616e74696e6564>102 277.2 R
-<5175657565204974656d73>2.5 E F1 1.183<497420697320706f737369626c652074
-6f202271756172616e74696e6522206d61696c206d657373616765732c206f7468657277
-697365206b6e6f>142 293.4 R 1.183<776e20617320656e>-.25 F -.15<7665>-.4 G
-3.683<6c6f7065732e20456e>.15 F -.15<7665>-.4 G<6c6f706573>.15 E .098
-<287175657565208c6c657329206172652073746f7265642062>117 305.4 R .097
-<7574206e6f7420636f6e7369646572656420666f722064656c69>-.2 F -.15<7665>
--.25 G .097<7279206f7220646973706c617920756e6c65737320746865202271756172
-616e74696e6522207374617465206f66>.15 F 1.236<74686520656e>117 317.4 R
--.15<7665>-.4 G 1.236<6c6f706520697320756e646f6e65206f722064656c69>.15 F
--.15<7665>-.25 G 1.236<7279206f7220646973706c6179206f662071756172616e74
-696e6564206974656d73206973207265717565737465642e>.15 F
-<51756172616e74696e6564>6.237 E 1.07
-<6d657373616765732061726520746167676564206279207573696e67206120646966>
-117 329.4 R 1.07
-<666572656e74206e616d6520666f7220746865207175657565208c6c652c20276866>
--.25 F 3.57<2769>.55 G 1.07<6e7374656164206f6620277166>-3.57 F 1.07
-<272c20616e64206279>.55 F<616464696e67207468652071756172616e74696e652072
-6561736f6e20746f20746865207175657565208c6c652e>117 341.4 Q<44656c69>142
-357.6 Q -.15<7665>-.25 G .323<7279206f7220646973706c6179206f662071756172
-616e74696e6564206974656d732063616e20626520726571756573746564207573696e67
-20746865>.15 F F0<ad7151>2.823 E F1 .323<8d616720746f>2.823 F/F2 10
-/Times-Italic@0 SF<73656e646d61696c>2.823 E F1<6f72>117 369.6 Q F2
-<6d61696c71>4.278 E F1 6.778<2e41>C<64646974696f6e616c6c79>-6.778 E
-4.278<2c6d>-.65 G 1.777<6573736167657320616c726561647920696e207468652071
-756575652063616e2062652071756172616e74696e6564206f7220756e71756172616e74
-696e6564>-4.278 F<7573696e6720746865206e65>117 381.6 Q<77>-.25 E F0
-<ad51>2.5 E F1<8d616720746f2073656e646d61696c2e>2.5 E -.15<466f>5 G 2.5
-<7265>.15 G<78616d706c652c>-2.65 E<73656e646d61696c202d51726561736f6e20
-2d715b215d5b497c527c535d5b6d61746368737472696e675d>157 397.8 Q .874<5175
-6172616e74696e657320746865206e6f726d616c207175657565206974656d73206d6174
-6368696e67207468652063726974657269612073706563698c656420627920746865>117
-414 R F0<2d715b215d5b497c527c535d5b6d617463682d>3.375 E<737472696e675d>
-117 426 Q F1<7573696e672074686520726561736f6e206769>2.5 E -.15<7665>-.25
-G 2.5<6e6f>.15 G 2.5<6e74>-2.5 G<6865>-2.5 E F0<ad51>2.5 E F1 2.5
-<8d61672e204c696b>2.5 F -.25<6577>-.1 G<6973652c>.25 E<73656e646d61696c
-202d7151202d515b726561736f6e5d202d715b215d5b497c527c537c515d5b6d61746368
-737472696e675d>157 442.2 Q 1.164<4368616e6765207468652071756172616e7469
-6e6520726561736f6e20666f72207468652071756172616e74696e6564206974656d7320
-6d61746368696e67207468652063726974657269612073706563698c6564206279207468
-65>117 458.4 R F0
-<2d715b215d5b497c527c537c515d5b6d61746368737472696e675d>117 470.4 Q F1
-<7573696e672074686520726561736f6e206769>2.5 E -.15<7665>-.25 G 2.5<6e6f>
-.15 G 2.5<6e74>-2.5 G<6865>-2.5 E F0<ad51>2.5 E F1 2.5<8d61672e204966>
-2.5 F<7468657265206973206e6f20726561736f6e2c>2.5 E .757<756e71756172616e
-74696e6520746865206d61746368696e67206974656d7320616e64206d616b>119.5
-482.4 R 3.257<6574>-.1 G .757
-<68656d206e6f726d616c207175657565206974656d732e>-3.257 F .757
-<4e6f7465207468617420746865>5.757 F F0<ad7151>3.258 E F1<8d6167>3.258 E<
-74656c6c732073656e646d61696c20746f206f706572617465206f6e2071756172616e74
-696e6564206974656d7320696e7374656164206f66206e6f726d616c206974656d732e>
-117 494.4 Q F0 2.5<322e342e204469736b>87 518.4 R
-<426173656420436f6e6e656374696f6e20496e66>2.5 E<6f726d6174696f6e>-.25 E
-F2<53656e646d61696c>127 534.6 Q F1 .597<73746f7265732061206c6172>3.097 F
-.596<676520616d6f756e74206f6620696e666f726d6174696f6e2061626f7574206561
-63682072656d6f74652073797374656d2069742068617320636f6e6e656374656420746f>
--.18 F .002<696e206d656d6f7279>102 546.6 R 2.502<2e49>-.65 G 2.502<7469>
--2.502 G 2.502<7370>-2.502 G .002<6f737369626c6520746f2070726573657276>
--2.502 F 2.502<6573>-.15 G .002<6f6d65206f66207468697320696e666f726d6174
-696f6e206f6e206469736b2061732077656c6c2c206279207573696e6720746865>
--2.502 F F0<486f73745374612d>2.503 E<747573446972>102 558.6 Q
-<6563746f7279>-.18 E F1 .229<6f7074696f6e2c20736f2074686174206974206d61
-7920626520736861726564206265747765656e207365>2.73 F -.15<7665>-.25 G
-.229<72616c20696e>.15 F -.2<766f>-.4 G .229<636174696f6e73206f66>.2 F F2
-<73656e646d61696c>2.729 E F1 5.229<2e54>C .229<68697320616c6c6f>-5.229 F
-<7773>-.25 E .831<6d61696c20746f2062652071756575656420696d6d656469617465
-6c79206f7220736b697070656420647572696e6720612071756575652072756e20696620
-746865726520686173206265656e206120726563656e742066>102 570.6 R .832
-<61696c75726520696e>-.1 F .372
-<636f6e6e656374696e6720746f20612072656d6f7465206d616368696e652e>102
-582.6 R .371<4e6f74653a20696e666f726d6174696f6e2061626f757420612072656d
-6f74652073797374656d2069732073746f72656420696e2061208c6c652077686f7365>
-5.371 F .693<706174686e616d6520636f6e7369737473206f662074686520636f6d70
-6f6e656e7473206f662074686520686f73746e616d6520696e207265>102 594.6 R
--.15<7665>-.25 G .694<727365206f72646572>.15 F 5.694<2e46>-.55 G .694
-<6f722065>-5.844 F .694<78616d706c652c2074686520696e666f726d612d>-.15 F
-1.103<74696f6e20666f72>102 606.6 R F0<686f73742e6578616d706c652e636f6d>
-3.603 E F1 1.103<69732073746f72656420696e>3.603 F F0
-<636f6d2e2f6578616d706c652e2f686f7374>3.603 E F1 6.102<2e46>C 1.102
-<6f7220746f702d6c65>-6.252 F -.15<7665>-.25 G 3.602<6c64>.15 G 1.102
-<6f6d61696e73206c696b>-3.602 F<65>-.1 E F0<636f6d>3.602 E F1<74686973>
-3.602 E 1.381<63616e206372656174652061206c6172>102 618.6 R 1.381<676520
-6e756d626572206f66207375626469726563746f72696573207768696368206f6e20736f
-6d65208c6c6573797374656d732063616e2065>-.18 F 1.382
-<78686175737420736f6d65206c696d6974732e>-.15 F<4d6f72656f>102 630.6 Q
--.15<7665>-.15 G 2.433 -.4<722c2074>.15 H 1.632<686520706572666f726d616e
-6365206f66206c6f6f6b75707320696e206469726563746f727920776974682074686f75
-73616e6473206f6620656e74726965732063616e2062652066>.4 F 1.632
-<6169726c7920736c6f>-.1 F<77>-.25 E<646570656e64696e67206f6e20746865208c
-6c6573797374656d20696d706c656d656e746174696f6e2e>102 642.6 Q 1.438
-<4164646974696f6e616c6c7920656e61626c696e67>127 658.8 R F0
-<53696e676c65546872>3.939 E<65616444656c69>-.18 E -.1<7665>-.1 G<7279>.1
-E F1 1.439<68617320746865206164646564206566>3.939 F 1.439
-<66656374206f662073696e676c652d746872656164696e67206d61696c>-.25 F
-<64656c69>102 670.8 Q -.15<7665>-.25 G 1.611
-<727920746f20612064657374696e6174696f6e2e>.15 F 1.611<546869732063616e20
-62652071756974652068656c7066756c206966207468652072656d6f7465206d61636869
-6e652069732072756e6e696e6720616e20534d5450>6.611 F<73657276>102 682.8 Q
-1.01<6572207468617420697320656173696c79206f>-.15 F -.15<7665>-.15 G
-1.011<726c6f61646564206f722063616e6e6f7420616363657074206d6f726520746861
-6e20612073696e676c6520636f6e6e656374696f6e20617420612074696d652c2062>.15
-F 1.011<75742063616e>-.2 F .458<636175736520736f6d65206d6573736167657320
-746f2062652070756e74656420746f2061206675747572652071756575652072756e2e>
-102 694.8 R .458<497420616c736f206170706c69657320746f>5.458 F F2<616c6c>
-2.958 E F1 .457<686f7374732c20736f2073657474696e672074686973>2.958 F
-.281<6265636175736520796f75206861>102 706.8 R .581 -.15<7665206f>-.2 H
-.281<6e65206d616368696e65206f6e207369746520746861742072756e7320736f6d65
-20736f667477>.15 F .281<617265207468617420697320656173696c79206f>-.1 F
--.15<7665>-.15 G .282<7272756e2063616e206361757365206d61696c>.15 F .315
-<746f206f7468657220686f73747320746f20626520736c6f>102 718.8 R .315
-<77656420646f>-.25 F 2.815<776e2e204966>-.25 F .315
-<74686973206f7074696f6e206973207365742c20796f752070726f6261626c792077>
-2.815 F .315<616e7420746f2073657420746865>-.1 F F0
-<4d696e5175657565416765>2.815 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-18 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF(cd /v)157
+96 Q(ar/spool)-.25 E(mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue)
+157 108 Q -1.1(Yo)117 124.2 S 2.709(us)1.1 G .209(hould then kill the e)
+-2.709 F .209(xisting daemon \(since it will still be processing in the\
+ old queue direc-)-.15 F(tory\) and create a ne)117 136.2 Q 2.5(wd)-.25
+G(aemon.)-2.5 E 1.6 -.8(To r)142 152.4 T
+(un the old mail queue, issue the follo).8 E(wing command:)-.25 E
+(/usr/sbin/sendmail \255C /etc/mail/queue.cf \255q)157 168.6 Q(The)117
+184.8 Q F0<ad43>3.312 E F1 .813
+(\215ag speci\214es an alternate con\214guration \214le)3.312 F F0
+(queue.cf)3.313 E F1 .813(which should refer to the mo)3.313 F -.15(ve)
+-.15 G(d).15 E(queue directory)117 196.8 Q 2.5(OQ)157 213 S
+(ueueDirectory=/v)-2.5 E(ar/spool/omqueue)-.25 E .649(and the)117 229.2
+R F0<ad71>3.149 E F1 .649(\215ag says to just run e)3.149 F -.15(ve)-.25
+G .648(ry job in the queue.).15 F -1.1(Yo)5.648 G 3.148(uc)1.1 G .648
+(an also specify the mo)-3.148 F -.15(ve)-.15 G 3.148(dq).15 G(ueue)
+-3.148 E(directory on the command line)117 241.2 Q
+(/usr/sbin/sendmail \255oQ/v)157 257.4 Q(ar/spool/omqueue \255q)-.25 E
+-.2(bu)117 273.6 S 3.235(tt).2 G .735(his requires that you do not ha)
+-3.235 F 1.036 -.15(ve q)-.2 H .736
+(ueue groups in the con\214guration \214le, because those are).15 F
+1.071(not subdirectories of the mo)117 285.6 R -.15(ve)-.15 G 3.571(dd)
+.15 G(irectory)-3.571 E 6.071(.S)-.65 G 1.071(ee the section about `)
+-6.071 F 1.07(`Queue Group Declaration')-.74 F(')-.74 E .011
+(for details; you most lik)117 297.6 R .011(ely need a dif)-.1 F .012
+(ferent con\214guration \214le to correctly deal with this problem.)-.25
+F(Ho)117 309.6 Q(we)-.25 E -.15(ve)-.25 G 1.818 -.4(r, a p).15 H 1.018
+(roper con\214guration of queue groups should a).4 F -.2(vo)-.2 G 1.017
+(id \214lling up queue directories, so).2 F .367(you shouldn')117 321.6
+R 2.867(tr)-.18 G .367(un into this problem.)-2.867 F .367(If you ha)
+5.367 F .668 -.15(ve a t)-.2 H(endenc).15 E 2.868(yt)-.15 G -2.1 -.25
+(ow a)-2.868 H .368(rd v).25 F -.1(oy)-.2 G .368
+(eurism, you can use the).1 F F0<ad76>117 333.6 Q F1(\215ag to w)2.5 E
+(atch what is going on.)-.1 E
+(When the queue is \214nally emptied, you can remo)142 349.8 Q .3 -.15
+(ve t)-.15 H(he directory:).15 E(rmdir /v)157 366 Q(ar/spool/omqueue)
+-.25 E F0 2.5(2.3.6. Quarantined)102 394.2 R(Queue Items)2.5 E F1 1.183
+(It is possible to "quarantine" mail messages, otherwise kno)142 410.4 R
+1.182(wn as en)-.25 F -.15(ve)-.4 G 3.682(lopes. En).15 F -.15(ve)-.4 G
+(lopes).15 E .097(\(queue \214les\) are stored b)117 422.4 R .097
+(ut not considered for deli)-.2 F -.15(ve)-.25 G .098
+(ry or display unless the "quarantine" state of).15 F 1.237(the en)117
+434.4 R -.15(ve)-.4 G 1.236(lope is undone or deli).15 F -.15(ve)-.25 G
+1.236(ry or display of quarantined items is requested.).15 F
+(Quarantined)6.236 E 1.07(messages are tagged by using a dif)117 446.4 R
+1.07(ferent name for the queue \214le, 'hf)-.25 F 3.57('i).55 G 1.07
+(nstead of 'qf)-3.57 F 1.07(', and by).55 F
+(adding the quarantine reason to the queue \214le.)117 458.4 Q(Deli)142
+474.6 Q -.15(ve)-.25 G .323
+(ry or display of quarantined items can be requested using the).15 F F0
+(\255qQ)2.823 E F1 .322(\215ag to)2.823 F/F2 10/Times-Italic@0 SF
+(sendmail)2.822 E F1(or)117 486.6 Q F2(mailq)4.277 E F1 6.777(.A)C
+(dditionally)-6.777 E 4.277(,m)-.65 G 1.778
+(essages already in the queue can be quarantined or unquarantined)-4.277
+F(using the ne)117 498.6 Q(w)-.25 E F0<ad51>2.5 E F1
+(\215ag to sendmail.)2.5 E -.15(Fo)5 G 2.5(re).15 G(xample,)-2.65 E
+(sendmail -Qreason -q[!][I|R|S][matchstring])157 514.8 Q .875(Quarantin\
+es the normal queue items matching the criteria speci\214ed by the)117
+531 R F0(-q[!][I|R|S][match-)3.374 E(string])117 543 Q F1
+(using the reason gi)2.5 E -.15(ve)-.25 G 2.5(no).15 G 2.5(nt)-2.5 G(he)
+-2.5 E F0<ad51>2.5 E F1 2.5(\215ag. Lik)2.5 F -.25(ew)-.1 G(ise,).25 E
+(sendmail -qQ -Q[reason] -q[!][I|R|S|Q][matchstring])157 559.2 Q 1.164(\
+Change the quarantine reason for the quarantined items matching the cri\
+teria speci\214ed by the)117 575.4 R F0(-q[!][I|R|S|Q][matchstring])117
+587.4 Q F1(using the reason gi)2.5 E -.15(ve)-.25 G 2.5(no).15 G 2.5(nt)
+-2.5 G(he)-2.5 E F0<ad51>2.5 E F1 2.5(\215ag. If)2.5 F
+(there is no reason,)2.5 E .757(unquarantine the matching items and mak)
+119.5 599.4 R 3.257(et)-.1 G .757(hem normal queue items.)-3.257 F .757
+(Note that the)5.757 F F0(\255qQ)3.257 E F1(\215ag)3.257 E(tells sendma\
+il to operate on quarantined items instead of normal items.)117 611.4 Q
+F0 2.5(2.4. Disk)87 635.4 R(Based Connection Inf)2.5 E(ormation)-.25 E
+F2(Sendmail)127 651.6 Q F1 .596(stores a lar)3.096 F .597
+(ge amount of information about each remote system it has connected to)
+-.18 F .003(in memory)102 663.6 R 2.503(.I)-.65 G 2.503(ti)-2.503 G
+2.503(sp)-2.503 G .002(ossible to preserv)-2.503 F 2.502(es)-.15 G .002
+(ome of this information on disk as well, by using the)-2.502 F F0
+(HostSta-)2.502 E(tusDir)102 675.6 Q(ectory)-.18 E F1 .229
+(option, so that it may be shared between se)2.729 F -.15(ve)-.25 G .229
+(ral in).15 F -.2(vo)-.4 G .23(cations of).2 F F2(sendmail)2.73 E F1
+5.23(.T)C .23(his allo)-5.23 F(ws)-.25 E .831(mail to be queued immedia\
+tely or skipped during a queue run if there has been a recent f)102
+687.6 R .831(ailure in)-.1 F .371(connecting to a remote machine.)102
+699.6 R .371
+(Note: information about a remote system is stored in a \214le whose)
+5.371 F .694(pathname consists of the components of the hostname in re)
+102 711.6 R -.15(ve)-.25 G .693(rse order).15 F 5.693(.F)-.55 G .693
+(or e)-5.843 F .693(xample, the informa-)-.15 F 1.102(tion for)102 723.6
+R F0(host.example.com)3.602 E F1 1.102(is stored in)3.602 F F0
+(com./example./host)3.602 E F1 6.103(.F)C 1.103(or top-le)-6.253 F -.15
+(ve)-.25 G 3.603(ld).15 G 1.103(omains lik)-3.603 F(e)-.1 E F0(com)3.603
+E F1(this)3.603 E 0 Cg EP
%%Page: 19 15
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3139>195.86 E
-/F1 10/Times-Roman@0 SF .871
-<6f7074696f6e2061732077656c6c20616e642072756e207468652071756575652066>
-102 96 R .871<6169726c79206672657175656e746c793b20746869732077>-.1 F
-.872<6179206a6f627320746861742061726520736b6970706564206265636175736520
-616e6f74686572>-.1 F/F2 10/Times-Italic@0 SF<73656e646d61696c>102 108 Q
-F1 .364<69732074616c6b696e6720746f207468652073616d6520686f73742077696c6c
-206265207472696564206167>2.864 F .363<61696e20717569636b6c79207261746865
-72207468616e206265696e672064656c6179656420666f722061206c6f6e67>-.05 F
-<74696d652e>102 120 Q 1.098<546865206469736b20626173656420686f737420696e
-666f726d6174696f6e2069732073746f72656420696e2061207375626469726563746f72
-79206f6620746865>127 136.2 R F0<6d7175657565>3.599 E F1 1.099
-<6469726563746f72792063616c6c6564>3.599 F F0<2e686f737473746174>102
-150.2 Q/F3 7/Times-Roman@0 SF<37>-4 I F1 6.75<2e52>4 K<656d6f>-6.75 E
-1.749<76696e672074686973206469726563746f727920616e6420697473207375626469
-726563746f726965732068617320616e206566>-.15 F 1.749
-<666563742073696d696c617220746f20746865>-.25 F F2<707572>4.249 E -.1
-<6765>-.37 G<73746174>.1 E F1 1.215
-<636f6d6d616e6420616e6420697320636f6d706c6574656c7920736166652e>102
-162.2 R<486f>6.215 E<7765>-.25 E -.15<7665>-.25 G -.4<722c>.15 G F2
-<707572>4.115 E -.1<6765>-.37 G<73746174>.1 E F1 1.215
-<6f6e6c792072656d6f>3.715 F -.15<7665>-.15 G 3.715<7365>.15 G 1.215
-<787069726564202854>-3.865 F<696d656f75742e686f737473746174757329>-.35 E
-3.54<646174612e20546865>102 174.2 R 1.039<696e666f726d6174696f6e20696e20
-7468657365206469726563746f726965732063616e206265207065727573656420776974
-6820746865>3.54 F F2<686f737473746174>3.539 E F1 1.039
-<636f6d6d616e642c2077686963682077696c6c>3.539 F .065<696e64696361746520
-74686520686f7374206e616d652c20746865206c617374206163636573732c20616e6420
-74686520737461747573206f662074686174206163636573732e>102 186.2 R .065
-<416e20617374657269736b20696e20746865206c656674206d6f737420636f6c2d>
-5.065 F<756d6e20696e6469636174657320746861742061>102 198.2 Q F2
-<73656e646d61696c>2.5 E F1
-<70726f636573732063757272656e746c79206861732074686520686f7374206c6f636b>
-2.5 E<656420666f72206d61696c2064656c69>-.1 E -.15<7665>-.25 G<7279>.15 E
-<2e>-.65 E .53<546865206469736b20626173656420636f6e6e656374696f6e20696e
-666f726d6174696f6e2069732074726561746564207468652073616d652077>127 214.4
-R .53<6179206173206d656d6f727920626173656420636f6e6e656374696f6e>-.1 F
-.536<696e666f726d6174696f6e20666f722074686520707572706f7365206f66207469
-6d656f7574732e>102 226.4 R .536<427920646566>5.536 F .536
-<61756c742c20696e666f726d6174696f6e2061626f757420686f73742066>-.1 F .536
-<61696c757265732069732076>-.1 F .536<616c696420666f72203330>-.25 F 2.5
-<6d696e757465732e2054686973>102 238.4 R
-<63616e2062652061646a7573746564207769746820746865>2.5 E F0 -.18<5469>2.5
-G<6d656f75742e686f7374737461747573>.18 E F1<6f7074696f6e2e>2.5 E 1.51<54
-686520636f6e6e656374696f6e20696e666f726d6174696f6e2073746f726564206f6e20
-6469736b206d61792062652065>127 254.6 R 1.51<78706972656420617420616e>
--.15 F 4.01<7974>-.15 G 1.51<696d65207769746820746865>-4.01 F F2<707572>
-4.01 E -.1<6765>-.37 G<73746174>.1 E F1 2.092
-<636f6d6d616e64206f7220627920696e>102 266.6 R -.2<766f>-.4 G 2.092
-<6b696e672073656e646d61696c207769746820746865>.2 F F0<ad6248>4.592 E F1
-4.592<7377697463682e20546865>4.592 F 2.093
-<636f6e6e656374696f6e20696e666f726d6174696f6e206d6179206265>4.593 F
-<766965>102 278.6 Q<776564207769746820746865>-.25 E F2<686f737473746174>
-2.5 E F1<636f6d6d616e64206f7220627920696e>2.5 E -.2<766f>-.4 G
-<6b696e672073656e646d61696c207769746820746865>.2 E F0<ad6268>2.5 E F1
-<7377697463682e>2.5 E F0 2.5<322e352e20546865>87 302.6 R<536572>2.5 E
-<7669636520537769746368>-.1 E F1 1.416<54686520696d706c656d656e74617469
-6f6e206f66206365727461696e2073797374656d20736572766963657320737563682061
-7320686f737420616e642075736572206e616d65206c6f6f6b757020697320636f6e2d>
-127 318.8 R 1.321
-<74726f6c6c6564206279207468652073657276696365207377697463682e>102 330.8
-R 1.321<49662074686520686f7374206f7065726174696e672073797374656d20737570
-706f72747320737563682061207377697463682c20616e642073656e646d61696c>6.321
-F<6b6e6f>102 342.8 Q .384<77732061626f75742069742c>-.25 F F2
-<73656e646d61696c>2.884 E F1 .383<77696c6c2075736520746865206e617469>
-2.884 F .683 -.15<7665207665>-.25 H 2.883<7273696f6e2e20556c747269782c>
-.15 F .383<536f6c617269732c20616e6420444543204f53462f31206172652065>
-2.883 F<78616d706c6573>-.15 E<6f6620737563682073797374656d73>102 356.8 Q
-F3<38>-4 I F1<2e>4 I .88<49662074686520756e6465726c79696e67206f70657261
-74696e672073797374656d20646f6573206e6f7420737570706f72742061207365727669
-6365207377697463682028652e672e2c2053756e4f5320342e582c2048502d>127 373 R
-.211<55582c2042534429207468656e>102 385 R F2<73656e646d61696c>2.711 E F1
-.212<77696c6c2070726f>2.711 F .212
-<766964652061207374756220696d706c656d656e746174696f6e2e>-.15 F<546865>
-5.212 E F0<536572>2.712 E<7669636553776974636846696c65>-.1 E F1 .212
-<6f7074696f6e20706f696e7473>2.712 F .937<746f20746865206e616d65206f6620
-61208c6c652074686174206861732074686520736572766963652064658c6e6974696f6e
-732e>102 397 R .937<45616368206c696e652068617320746865206e616d65206f6620
-61207365727669636520616e6420746865>5.937 F<706f737369626c6520696d706c65
-6d656e746174696f6e73206f66207468617420736572766963652e>102 409 Q -.15
-<466f>5 G 2.5<7265>.15 G<78616d706c652c20746865208c6c653a>-2.65 E 12.94
-<686f73747320646e73>142 425.2 R<8c6c6573206e6973>2.5 E 6.84
-<616c6961736573208c6c6573>142 437.2 R<6e6973>2.5 E .328
-<77696c6c2061736b>102 453.4 R F2<73656e646d61696c>2.828 E F1 .328<746f20
-6c6f6f6b20666f7220686f73747320696e2074686520446f6d61696e204e616d65205379
-7374656d208c7273742e>2.828 F .329
-<4966207468652072657175657374656420686f7374206e616d65206973>5.329 F .379
-<6e6f7420666f756e642c206974207472696573206c6f63616c208c6c65732c20616e64
-20696620746861742066>102 465.4 R .379
-<61696c73206974207472696573204e49532e>-.1 F<53696d696c61726c79>5.379 E
-2.879<2c77>-.65 G .379
-<68656e206c6f6f6b696e6720666f7220616c69617365732069742077696c6c>-2.879 F
-<74727920746865206c6f63616c208c6c6573208c72737420666f6c6c6f>102 477.4 Q
-<776564206279204e49532e>-.25 E .493<4e6f746963653a2073696e6365>127 493.6
-R F2<73656e646d61696c>2.993 E F1 .493<6d75737420616363657373204d58207265
-636f72647320666f7220636f7272656374206f7065726174696f6e2c2069742077696c6c
-2075736520444e53206966206974206973>2.993 F
-<636f6e8c677572656420696e20746865>102 505.6 Q F0<536572>2.5 E
-<7669636553776974636846696c65>-.1 E F1 2.5<8c6c652e2048656e6365>2.5 F
-<616e20656e747279206c696b>2.5 E<65>-.1 E 12.94<686f737473208c6c6573>142
-521.8 R<646e73>2.5 E<77696c6c206e6f742061>102 538 Q -.2<766f>-.2 G
-<696420444e53206c6f6f6b7570732065>.2 E -.15<7665>-.25 G 2.5<6e69>.15 G
-2.5<666168>-2.5 G
-<6f73742063616e20626520666f756e6420696e202f6574632f686f7374732e>-2.5 E
-1.27<5365727669636520737769746368657320617265206e6f7420636f6d706c657465
-6c7920696e7465>127 554.2 R 3.769<6772617465642e2046>-.15 F 1.269
-<6f722065>-.15 F 1.269<78616d706c652c2064657370697465207468652066>-.15 F
-1.269<61637420746861742074686520686f7374>-.1 F .293
-<656e747279206c697374656420696e207468652061626f>102 566.2 R .593 -.15
-<7665206578>-.15 H .294<616d706c652073706563698c657320746f206c6f6f6b2069
-6e204e49532c206f6e2053756e4f5320746869732077>.15 F<6f6e27>-.1 E 2.794
-<7468>-.18 G .294<617070656e206265636175736520746865>-2.794 F
-<73797374656d20696d706c656d656e746174696f6e206f66>102 578.2 Q F2 -.1
-<6765>2.5 G<74686f737462796e616d65>.1 E F1<28332920646f65736e27>1.666 E
-2.5<7475>-.18 G<6e6465727374616e6420746869732e>-2.5 E F0 2.5
-<322e362e20546865>87 602.2 R<416c696173204461746162617365>2.5 E F1 2.074
-<416674657220726563697069656e742061646472657373657320617265207265616420
-66726f6d2074686520534d545020636f6e6e656374696f6e206f7220636f6d6d616e6420
-6c696e6520746865>127 618.4 R 4.573<7961>-.15 G<7265>-4.573 E .599<706172
-7365642062792072756c6573657420302c207768696368206d757374207265736f6c76>
-102 630.4 R 3.099<6574>-.15 G 3.099<6f617b>-3.099 G F2<6d61696c6572>
--3.099 E F1<2c>A F2<686f7374>3.099 E F1<2c>A F2<61646472>3.1 E<657373>
--.37 E F1 3.1<7d74>C 3.1<7269706c652e204966>-3.1 F .6
-<746865208d6167732073656c6563746564206279>3.1 F<746865>102 642.4 Q F2
-<6d61696c6572>3.1 E F1 .6<696e636c75646520746865>3.1 F F0<41>3.1 E F1 .6
-<28616c69617361626c6529208d61672c20746865>3.1 F F2<61646472>3.1 E
-<657373>-.37 E F1 .599
-<70617274206f662074686520747269706c65206973206c6f6f6b>3.1 F .599
-<656420757020617320746865206b>-.1 F .899 -.15<65792028>-.1 H<692e652e2c>
-.15 E 1.045<746865206c6566742068616e6420736964652920696e2074686520616c69
-61732064617461626173652e>102 654.4 R 1.045<4966207468657265206973206120
-6d617463682c2074686520616464726573732069732064656c657465642066726f6d2074
-68652073656e64>6.045 F .32 LW 76 664 72 664 DL 80 664 76 664 DL 84 664
-80 664 DL 88 664 84 664 DL 92 664 88 664 DL 96 664 92 664 DL 100 664 96
-664 DL 104 664 100 664 DL 108 664 104 664 DL 112 664 108 664 DL 116 664
-112 664 DL 120 664 116 664 DL 124 664 120 664 DL 128 664 124 664 DL 132
-664 128 664 DL 136 664 132 664 DL 140 664 136 664 DL 144 664 140 664 DL
-148 664 144 664 DL 152 664 148 664 DL 156 664 152 664 DL 160 664 156 664
-DL 164 664 160 664 DL 168 664 164 664 DL 172 664 168 664 DL 176 664 172
-664 DL 180 664 176 664 DL 184 664 180 664 DL 188 664 184 664 DL 192 664
-188 664 DL 196 664 192 664 DL 200 664 196 664 DL 204 664 200 664 DL 208
-664 204 664 DL 212 664 208 664 DL 216 664 212 664 DL/F4 5/Times-Roman@0
-SF<37>93.6 674.4 Q/F5 8/Times-Roman@0 SF
-<546869732069732074686520757375616c2076>3.2 I<616c7565206f6620746865>-.2
-E/F6 8/Times-Bold@0 SF<486f7374537461747573446972>2 E<6563746f7279>-.144
-E F5<6f7074696f6e3b2069742063616e2c206f6620636f757273652c20676f20616e>2
-E<79776865726520796f75206c696b>-.12 E 2<6569>-.08 G 2<6e79>-2 G
-<6f7572208c6c6573797374656d2e>-2 E F4<38>93.6 688 Q F5 .107<48502d555820
-31302068617320736572766963652073776974636820737570706f72742c2062>3.2 J
-.108<75742073696e636520746865204150497320617265206170706172656e746c7920
-6e6f742061>-.16 F -.2<7661>-.16 G .108
-<696c61626c6520696e20746865206c6962726172696573>.2 F/F7 8/Times-Italic@0
-SF<73656e646d61696c>2.108 E F5 .108<646f6573206e6f742075736520746865>
-2.108 F<6e617469>72 700.8 Q .24 -.12<76652073>-.2 H
-<6572766963652073776974636820696e20746869732072656c656173652e>.12 E 0 Cg
-EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-19)195.86 E/F1 10/Times-Roman@0 SF 1.382(can create a lar)102 96
+R 1.381(ge number of subdirectories which on some \214lesystems can e)
+-.18 F 1.381(xhaust some limits.)-.15 F(Moreo)102 108 Q -.15(ve)-.15 G
+2.432 -.4(r, t).15 H 1.632(he performance of lookups in directory with \
+thousands of entries can be f).4 F 1.633(airly slo)-.1 F(w)-.25 E
+(depending on the \214lesystem implementation.)102 120 Q 1.439
+(Additionally enabling)127 136.2 R F0(SingleThr)3.939 E(eadDeli)-.18 E
+-.1(ve)-.1 G(ry).1 E F1 1.439(has the added ef)3.939 F 1.439
+(fect of single-threading mail)-.25 F(deli)102 148.2 Q -.15(ve)-.25 G
+1.61(ry to a destination.).15 F 1.611
+(This can be quite helpful if the remote machine is running an SMTP)6.61
+F(serv)102 160.2 Q 1.011(er that is easily o)-.15 F -.15(ve)-.15 G 1.011
+(rloaded or cannot accept more than a single connection at a time, b).15
+F 1.01(ut can)-.2 F .458
+(cause some messages to be punted to a future queue run.)102 172.2 R
+.458(It also applies to)5.458 F/F2 10/Times-Italic@0 SF(all)2.958 E F1
+.458(hosts, so setting this)2.958 F .282(because you ha)102 184.2 R .582
+-.15(ve o)-.2 H .281(ne machine on site that runs some softw).15 F .281
+(are that is easily o)-.1 F -.15(ve)-.15 G .281(rrun can cause mail).15
+F .315(to other hosts to be slo)102 196.2 R .315(wed do)-.25 F 2.815
+(wn. If)-.25 F .315(this option is set, you probably w)2.815 F .315
+(ant to set the)-.1 F F0(MinQueueAge)2.815 E F1 .872
+(option as well and run the queue f)102 208.2 R .871
+(airly frequently; this w)-.1 F .871
+(ay jobs that are skipped because another)-.1 F F2(sendmail)102 220.2 Q
+F1 .363(is talking to the same host will be tried ag)2.863 F .364
+(ain quickly rather than being delayed for a long)-.05 F(time.)102 232.2
+Q 1.099
+(The disk based host information is stored in a subdirectory of the)127
+248.4 R F0(mqueue)3.598 E F1 1.098(directory called)3.598 F F0
+(.hoststat)102 262.4 Q/F3 7/Times-Roman@0 SF(7)-4 I F1 6.749(.R)4 K(emo)
+-6.749 E 1.749(ving this directory and its subdirectories has an ef)-.15
+F 1.75(fect similar to the)-.25 F F2(pur)4.25 E -.1(ge)-.37 G(stat).1 E
+F1 1.215(command and is completely safe.)102 274.4 R(Ho)6.215 E(we)-.25
+E -.15(ve)-.25 G -.4(r,).15 G F2(pur)4.115 E -.1(ge)-.37 G(stat).1 E F1
+1.215(only remo)3.715 F -.15(ve)-.15 G 3.715(se).15 G 1.215(xpired \(T)
+-3.865 F(imeout.hoststatus\))-.35 E 3.539(data. The)102 286.4 R 1.039
+(information in these directories can be perused with the)3.539 F F2
+(hoststat)3.54 E F1 1.04(command, which will)3.54 F .065(indicate the h\
+ost name, the last access, and the status of that access.)102 298.4 R
+.064(An asterisk in the left most col-)5.065 F(umn indicates that a)102
+310.4 Q F2(sendmail)2.5 E F1(process currently has the host lock)2.5 E
+(ed for mail deli)-.1 E -.15(ve)-.25 G(ry).15 E(.)-.65 E .53
+(The disk based connection information is treated the same w)127 326.6 R
+.53(ay as memory based connection)-.1 F .536
+(information for the purpose of timeouts.)102 338.6 R .536(By def)5.536
+F .536(ault, information about host f)-.1 F .536(ailures is v)-.1 F .536
+(alid for 30)-.25 F 2.5(minutes. This)102 350.6 R
+(can be adjusted with the)2.5 E F0 -.18(Ti)2.5 G(meout.hoststatus).18 E
+F1(option.)2.5 E 1.51
+(The connection information stored on disk may be e)127 366.8 R 1.51
+(xpired at an)-.15 F 4.01(yt)-.15 G 1.51(ime with the)-4.01 F F2(pur)
+4.01 E -.1(ge)-.37 G(stat).1 E F1 2.093(command or by in)102 378.8 R -.2
+(vo)-.4 G 2.092(king sendmail with the).2 F F0(\255bH)4.592 E F1 4.592
+(switch. The)4.592 F 2.092(connection information may be)4.592 F(vie)102
+390.8 Q(wed with the)-.25 E F2(hoststat)2.5 E F1(command or by in)2.5 E
+-.2(vo)-.4 G(king sendmail with the).2 E F0(\255bh)2.5 E F1(switch.)2.5
+E F0 2.5(2.5. The)87 414.8 R(Ser)2.5 E(vice Switch)-.1 E F1 1.416(The i\
+mplementation of certain system services such as host and user name loo\
+kup is con-)127 431 R 1.322(trolled by the service switch.)102 443 R
+1.321(If the host operating system supports such a switch, and sendmail)
+6.322 F(kno)102 455 Q .383(ws about it,)-.25 F F2(sendmail)2.883 E F1
+.383(will use the nati)2.883 F .683 -.15(ve ve)-.25 H 2.883
+(rsion. Ultrix,).15 F .384(Solaris, and DEC OSF/1 are e)2.883 F(xamples)
+-.15 E(of such systems)102 469 Q F3(8)-4 I F1(.)4 I .88(If the underlyi\
+ng operating system does not support a service switch \(e.g., SunOS 4.X\
+, HP-)127 485.2 R .212(UX, BSD\) then)102 497.2 R F2(sendmail)2.712 E F1
+.212(will pro)2.712 F .212(vide a stub implementation.)-.15 F(The)5.211
+E F0(Ser)2.711 E(viceSwitchFile)-.1 E F1 .211(option points)2.711 F .937
+(to the name of a \214le that has the service de\214nitions.)102 509.2 R
+.937(Each line has the name of a service and the)5.937 F
+(possible implementations of that service.)102 521.2 Q -.15(Fo)5 G 2.5
+(re).15 G(xample, the \214le:)-2.65 E 12.94(hosts dns)142 537.4 R
+(\214les nis)2.5 E 6.84(aliases \214les)142 549.4 R(nis)2.5 E .329
+(will ask)102 565.6 R F2(sendmail)2.829 E F1 .328
+(to look for hosts in the Domain Name System \214rst.)2.829 F .328
+(If the requested host name is)5.328 F .379
+(not found, it tries local \214les, and if that f)102 577.6 R .379
+(ails it tries NIS.)-.1 F(Similarly)5.379 E 2.879(,w)-.65 G .379
+(hen looking for aliases it will)-2.879 F
+(try the local \214les \214rst follo)102 589.6 Q(wed by NIS.)-.25 E .494
+(Notice: since)127 605.8 R F2(sendmail)2.994 E F1 .493
+(must access MX records for correct operation, it will use DNS if it is)
+2.993 F(con\214gured in the)102 617.8 Q F0(Ser)2.5 E(viceSwitchFile)-.1
+E F1 2.5(\214le. Hence)2.5 F(an entry lik)2.5 E(e)-.1 E 12.94
+(hosts \214les)142 634 R(dns)2.5 E(will not a)102 650.2 Q -.2(vo)-.2 G
+(id DNS lookups e).2 E -.15(ve)-.25 G 2.5(ni).15 G 2.5(fah)-2.5 G
+(ost can be found in /etc/hosts.)-2.5 E .32 LW 76 659.8 72 659.8 DL 80
+659.8 76 659.8 DL 84 659.8 80 659.8 DL 88 659.8 84 659.8 DL 92 659.8 88
+659.8 DL 96 659.8 92 659.8 DL 100 659.8 96 659.8 DL 104 659.8 100 659.8
+DL 108 659.8 104 659.8 DL 112 659.8 108 659.8 DL 116 659.8 112 659.8 DL
+120 659.8 116 659.8 DL 124 659.8 120 659.8 DL 128 659.8 124 659.8 DL 132
+659.8 128 659.8 DL 136 659.8 132 659.8 DL 140 659.8 136 659.8 DL 144
+659.8 140 659.8 DL 148 659.8 144 659.8 DL 152 659.8 148 659.8 DL 156
+659.8 152 659.8 DL 160 659.8 156 659.8 DL 164 659.8 160 659.8 DL 168
+659.8 164 659.8 DL 172 659.8 168 659.8 DL 176 659.8 172 659.8 DL 180
+659.8 176 659.8 DL 184 659.8 180 659.8 DL 188 659.8 184 659.8 DL 192
+659.8 188 659.8 DL 196 659.8 192 659.8 DL 200 659.8 196 659.8 DL 204
+659.8 200 659.8 DL 208 659.8 204 659.8 DL 212 659.8 208 659.8 DL 216
+659.8 212 659.8 DL/F4 5/Times-Roman@0 SF(7)93.6 670.2 Q/F5 8
+/Times-Roman@0 SF(This is the usual v)3.2 I(alue of the)-.2 E/F6 8
+/Times-Bold@0 SF(HostStatusDir)2 E(ectory)-.144 E F5
+(option; it can, of course, go an)2 E(ywhere you lik)-.12 E 2(ei)-.08 G
+2(ny)-2 G(our \214lesystem.)-2 E F4(8)93.6 683.8 Q F5 .108
+(HP-UX 10 has service switch support, b)3.2 J .108
+(ut since the APIs are apparently not a)-.16 F -.2(va)-.16 G .107
+(ilable in the libraries).2 F/F7 8/Times-Italic@0 SF(sendmail)2.107 E F5
+.107(does not use the)2.107 F(nati)72 696.6 Q .24 -.12(ve s)-.2 H
+(ervice switch in this release.).12 E 0 Cg EP
%%Page: 20 16
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d32302053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .776<717565756520616e6420616c6c2061646472657373
-6573206f6e207468652072696768742068616e642073696465206f662074686520616c69
-61732061726520616464656420696e20706c616365206f662074686520616c6961732074
-6861742077>102 96 R<6173>-.1 E 2.682<666f756e642e2054686973>102 108 R
-.182<697320612072656375727369>2.682 F .483 -.15<7665206f>-.25 H .183<70
-65726174696f6e2c20736f20616c696173657320666f756e6420696e2074686520726967
-68742068616e642073696465206f662074686520616c696173206172652073696d696c61
-726c79>.15 F -.15<6578>102 120 S<70616e6465642e>.15 E 3.718
-<54686520616c6961732064617461626173652065>127 136.2 R 3.718
-<786973747320696e207477>-.15 F 6.218<6f66>-.1 G 6.218
-<6f726d732e204f6e65>-6.218 F 3.718<69732061207465>6.218 F 3.718
-<787420666f726d2c206d61696e7461696e656420696e20746865208c6c65>-.15 F/F2
-10/Times-Italic@0 SF<2f6574632f6d61696c2f616c69617365732e>102 148.2 Q F1
-<54686520616c696173657320617265206f662074686520666f726d>5 E
-<6e616d653a206e616d65312c206e616d65322c202e2e2e>142 164.4 Q<4f6e6c79206c
-6f63616c206e616d6573206d617920626520616c69617365643b20652e672e2c>102
-180.6 Q<6572696340707265702e61692e4d4954>142 196.8 Q
-<2e4544553a20657269634043532e4265726b>-.74 E<656c65>-.1 E -.65<792e>-.15
-G<454455>.65 E 1.087<77696c6c206e6f74206861>102 215 R 1.388 -.15
-<76652074>-.2 H 1.088<68652064657369726564206566>.15 F 1.088
-<66656374202865>-.25 F 1.088<7863657074206f6e20707265702e61692e4d4954>
--.15 F 1.088<2e4544552c20616e6420746865>-.74 F 3.588<7970>-.15 G 1.088
-<726f6261626c7920646f6e27>-3.588 F 3.588<7477>-.18 G 1.088
-<616e74206d6529>-3.688 F/F3 7/Times-Roman@0 SF<39>-4 I F1<2e>4 I .986<41
-6c6961736573206d617920626520636f6e74696e756564206279207374617274696e6720
-616e>102 227 R 3.486<7963>-.15 G .986<6f6e74696e756174696f6e206c696e6573
-20776974682061207370616365206f72206120746162206f722062792070757474696e67
-2061>-3.486 F .776
-<6261636b736c617368206469726563746c79206265666f726520746865206e65>102
-239 R 3.276<776c696e652e20426c616e6b>-.25 F .776
-<6c696e657320616e64206c696e6573206265>3.276 F .776
-<67696e6e696e6720776974682061207368617270207369676e202899239a2920617265>
--.15 F<636f6d6d656e74732e>102 251 Q .651
-<546865207365636f6e6420666f726d2069732070726f63657373656420627920746865>
-127 269.2 R F2<6e64626d>3.15 E F1<283329>1.666 E F3<3130>-4 I F1 .65
-<6f7220746865204265726b>3.15 4 N<656c65>-.1 E 3.15<7944>-.15 G 3.15
-<426c>-3.15 G<696272617279>-3.15 E 5.65<2e54>-.65 G .65
-<68697320666f726d20697320696e>-5.65 F .794<746865208c6c65>102 281.2 R F2
-<2f6574632f6d61696c2f616c69617365732e6462>3.294 E F1 .794
-<286966207573696e67204e4557444229206f72>3.294 F F2
-<2f6574632f6d61696c2f616c69617365732e646972>3.294 E F1<616e64>3.294 E F2
-<2f6574632f6d61696c2f616c69617365732e7061>3.294 E<67>-.1 E F1<286966>
-3.294 E 1.127<7573696e67204e44424d292e>102 293.2 R 1.127
-<546869732069732074686520666f726d2074686174>6.127 F F2<73656e646d61696c>
-3.627 E F1 1.127<61637475616c6c79207573657320746f207265736f6c76>3.627 F
-3.626<6561>-.15 G 3.626<6c69617365732e2054686973>-3.626 F 1.126
-<746563686e69717565206973>3.626 F<7573656420746f20696d70726f>102 305.2 Q
-.3 -.15<76652070>-.15 H<6572666f726d616e63652e>.15 E<54686520636f6e7472
-6f6c206f6620736561726368206f726465722069732061637475616c6c79207365742062
-79207468652073657276696365207377697463682e>127 321.4 Q
-<457373656e7469616c6c79>5 E 2.5<2c74>-.65 G<686520656e747279>-2.5 E 2.5
-<4f41>142 337.6 S<6c69617346696c653d7377697463683a616c6961736573>-2.5 E
-.926<697320616c>102 353.8 R -.1<7761>-.1 G .927<797320616464656420617320
-746865208c72737420616c69617320656e7472793b20616c736f2c20746865208c727374
-20616c696173208c6c65206e616d6520776974686f7574206120636c6173732028652e67
-2e2c20776974686f7574>.1 F .269<996e69733a9a206f6e207468652066726f6e7429
-2077696c6c206265207573656420617320746865206e616d65206f6620746865208c6c65
-20666f7220612060>102 365.8 R<608c6c657327>-.74 E 2.768<2765>-.74 G .268
-<6e74727920696e2074686520616c6961736573207377697463682e>-2.768 F -.15
-<466f>5.268 G<72>.15 E -.15<6578>102 377.8 S<616d706c652c20696620746865
-20636f6e8c6775726174696f6e208c6c6520636f6e7461696e73>.15 E 2.5<4f41>142
-394 S<6c69617346696c653d2f6574632f6d61696c2f616c6961736573>-2.5 E
-<616e642074686520736572766963652073776974636820636f6e7461696e73>102
-410.2 Q 6.84<616c6961736573206e6973>142 426.4 R
-<8c6c6573206e6973706c7573>2.5 E 1.164<7468656e20616c69617365732077696c6c
-208c72737420626520736561726368656420696e20746865204e49532064617461626173
-652c207468656e20696e202f6574632f6d61696c2f616c69617365732c207468656e2069
-6e20746865204e49532b>102 442.6 R<64617461626173652e>102 454.6 Q -1.1
-<596f>127 470.8 S 2.5<7563>1.1 G<616e20616c736f20757365>-2.5 E/F4 9
-/Times-Roman@0 SF<4e4953>2.5 E F1<2d626173656420616c696173208c6c65732e>A
--.15<466f>5 G 2.5<7265>.15 G
-<78616d706c652c207468652073706563698c636174696f6e3a>-2.65 E 2.5<4f41>142
-487 S<6c69617346696c653d2f6574632f6d61696c2f616c6961736573>-2.5 E 2.5
-<4f41>142 499 S
-<6c69617346696c653d6e69733a6d61696c2e616c6961736573406d79>-2.5 E
-<2e6e69732e646f6d61696e>-.65 E .143<77696c6c208c727374207365617263682074
-6865202f6574632f6d61696c2f616c6961736573208c6c6520616e64207468656e207468
-65206d6170206e616d656420996d61696c2e616c69617365739a20696e20996d79>102
-515.2 R<2e6e69732e646f6d61696e9a2e>-.65 E -.8<5761>102 527.2 S .589
-<726e696e673a20696620796f752062>.8 F .589<75696c6420796f7572206f>-.2 F
-<776e>-.25 E F4<4e4953>3.089 E F1 .589
-<2d626173656420616c696173208c6c65732c206265207375726520746f2070726f>B
-.59<7669646520746865>-.15 F F0<ad6c>3.09 E F1 .59<8d616720746f>3.09 F F2
-<6d616b>3.09 E<6564626d>-.1 E F1<283829>A .159
-<746f206d61702075707065722063617365206c65747465727320696e20746865206b>
-102 539.2 R -.15<6579>-.1 G 2.659<7374>.15 G 2.659<6f6c>-2.659 G -.25
-<6f77>-2.659 G .159<657220636173653b206f74686572776973652c20616c69617365
-7320776974682075707065722063617365206c65747465727320696e207468656972>.25
-F<6e616d65732077>102 551.2 Q<6f6e27>-.1 E 2.5<746d>-.18 G
-<6174636820696e636f6d696e67206164647265737365732e>-2.5 E<4164646974696f
-6e616c208d6167732063616e2062652061646465642061667465722074686520636f6c6f
-6e2065>127 567.4 Q<786163746c79206c696b>-.15 E 2.5<6561>-.1 G F0<4b>A F1
-<6c696e65208a20666f722065>2.5 E<78616d706c653a>-.15 E 2.5<4f41>142 583.6
-S<6c69617346696c653d6e69733aad4e206d61696c2e616c6961736573406d79>-2.5 E
-<2e6e69732e646f6d61696e>-.65 E<77696c6c20736561726368207468652061707072
-6f707269617465204e4953206d617020616e6420616c>102 599.8 Q -.1<7761>-.1 G
-<797320696e636c756465206e756c6c20627974657320696e20746865206b>.1 E -.15
-<6579>-.1 G 5<2e41>-.5 G<6c736f3a>-5 E 2.5<4f41>142 616 S
-<6c69617346696c653d6e69733aad66206d61696c2e616c6961736573406d79>-2.5 E
-<2e6e69732e646f6d61696e>-.65 E<77696c6c20707265>102 632.2 Q -.15<7665>
--.25 G<6e742073656e646d61696c2066726f6d20646f>.15 E
-<776e636173696e6720746865206b>-.25 E .3 -.15<65792062>-.1 H
-<65666f72652074686520616c696173206c6f6f6b75702e>.15 E .32 LW 76 665.2 72
-665.2 DL 80 665.2 76 665.2 DL 84 665.2 80 665.2 DL 88 665.2 84 665.2 DL
-92 665.2 88 665.2 DL 96 665.2 92 665.2 DL 100 665.2 96 665.2 DL 104
-665.2 100 665.2 DL 108 665.2 104 665.2 DL 112 665.2 108 665.2 DL 116
-665.2 112 665.2 DL 120 665.2 116 665.2 DL 124 665.2 120 665.2 DL 128
-665.2 124 665.2 DL 132 665.2 128 665.2 DL 136 665.2 132 665.2 DL 140
-665.2 136 665.2 DL 144 665.2 140 665.2 DL 148 665.2 144 665.2 DL 152
-665.2 148 665.2 DL 156 665.2 152 665.2 DL 160 665.2 156 665.2 DL 164
-665.2 160 665.2 DL 168 665.2 164 665.2 DL 172 665.2 168 665.2 DL 176
-665.2 172 665.2 DL 180 665.2 176 665.2 DL 184 665.2 180 665.2 DL 188
-665.2 184 665.2 DL 192 665.2 188 665.2 DL 196 665.2 192 665.2 DL 200
-665.2 196 665.2 DL 204 665.2 200 665.2 DL 208 665.2 204 665.2 DL 212
-665.2 208 665.2 DL 216 665.2 212 665.2 DL/F5 5/Times-Roman@0 SF<39>93.6
-675.6 Q/F6 8/Times-Roman@0 SF<41637475616c6c79>3.2 I 2<2c61>-.52 G .24
--.12<6e79206d>-2 H<61696c6572207468617420686173207468652060>.12 E 1.776
--.888<4127206d>-.64 H<61696c6572208d6167207365742077696c6c207065726d6974
-20616c696173696e673b2074686973206973206e6f726d616c6c79206c696d6974656420
-746f20746865206c6f63616c206d61696c6572>.888 E<2e>-.44 E F5<3130>93.6
-689.2 Q F6<546865>3.2 I/F7 8/Times-Italic@0 SF<6764626d>2 E F6
-<7061636b61676520646f6573206e6f742077>2 E<6f726b2e>-.08 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-20 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 1.269
+(Service switches are not completely inte)127 96 R 3.769(grated. F)-.15
+F 1.269(or e)-.15 F 1.269(xample, despite the f)-.15 F 1.27
+(act that the host)-.1 F .294(entry listed in the abo)102 108 R .594
+-.15(ve ex)-.15 H .293
+(ample speci\214es to look in NIS, on SunOS this w).15 F(on')-.1 E 2.793
+(th)-.18 G .293(appen because the)-2.793 F(system implementation of)102
+120 Q/F2 10/Times-Italic@0 SF -.1(ge)2.5 G(thostbyname).1 E F1
+(\(3\) doesn')1.666 E 2.5(tu)-.18 G(nderstand this.)-2.5 E F0 2.5
+(2.6. The)87 144 R(Alias Database)2.5 E F1 2.074(After recipient addres\
+ses are read from the SMTP connection or command line the)127 160.2 R
+4.574(ya)-.15 G(re)-4.574 E .6(parsed by ruleset 0, which must resolv)
+102 172.2 R 3.1(et)-.15 G 3.099(oa{)-3.1 G F2(mailer)-3.099 E F1(,)A F2
+(host)3.099 E F1(,)A F2(addr)3.099 E(ess)-.37 E F1 3.099(}t)C 3.099
+(riple. If)-3.099 F .599(the \215ags selected by)3.099 F(the)102 184.2 Q
+F2(mailer)3.099 E F1 .599(include the)3.099 F F0(A)3.099 E F1 .599
+(\(aliasable\) \215ag, the)3.099 F F2(addr)3.099 E(ess)-.37 E F1 .6
+(part of the triple is look)3.099 F .6(ed up as the k)-.1 F .9 -.15
+(ey \()-.1 H(i.e.,).15 E 1.046
+(the left hand side\) in the alias database.)102 196.2 R 1.045
+(If there is a match, the address is deleted from the send)6.045 F .776
+(queue and all addresses on the right hand side of the alias are added \
+in place of the alias that w)102 208.2 R(as)-.1 E 2.683(found. This)102
+220.2 R .183(is a recursi)2.683 F .483 -.15(ve o)-.25 H .183(peration, \
+so aliases found in the right hand side of the alias are similarly).15 F
+-.15(ex)102 232.2 S(panded.).15 E 3.718(The alias database e)127 248.4 R
+3.718(xists in tw)-.15 F 6.218(of)-.1 G 6.218(orms. One)-6.218 F 3.718
+(is a te)6.218 F 3.718(xt form, maintained in the \214le)-.15 F F2
+(/etc/mail/aliases.)102 260.4 Q F1(The aliases are of the form)5 E
+(name: name1, name2, ...)142 276.6 Q
+(Only local names may be aliased; e.g.,)102 292.8 Q(eric@prep.ai.MIT)142
+309 Q(.EDU: eric@CS.Berk)-.74 E(ele)-.1 E -.65(y.)-.15 G(EDU).65 E 1.088
+(will not ha)102 327.2 R 1.388 -.15(ve t)-.2 H 1.088(he desired ef).15 F
+1.088(fect \(e)-.25 F 1.088(xcept on prep.ai.MIT)-.15 F 1.088
+(.EDU, and the)-.74 F 3.588(yp)-.15 G 1.088(robably don')-3.588 F 3.587
+(tw)-.18 G 1.087(ant me\))-3.687 F/F3 7/Times-Roman@0 SF(9)-4 I F1(.)4 I
+.986(Aliases may be continued by starting an)102 339.2 R 3.486(yc)-.15 G
+.986(ontinuation lines with a space or a tab or by putting a)-3.486 F
+.776(backslash directly before the ne)102 351.2 R 3.276(wline. Blank)
+-.25 F .776(lines and lines be)3.276 F .776
+(ginning with a sharp sign \(\231#\232\) are)-.15 F(comments.)102 363.2
+Q .65(The second form is processed by the)127 381.4 R F2(ndbm)3.15 E F1
+(\(3\))1.666 E F3(10)-4 I F1 .65(or the Berk)3.15 4 N(ele)-.1 E 3.15(yD)
+-.15 G 3.15(Bl)-3.15 G(ibrary)-3.15 E 5.651(.T)-.65 G .651
+(his form is in)-5.651 F .794(the \214le)102 393.4 R F2
+(/etc/mail/aliases.db)3.294 E F1 .794(\(if using NEWDB\) or)3.294 F F2
+(/etc/mail/aliases.dir)3.294 E F1(and)3.294 E F2(/etc/mail/aliases.pa)
+3.294 E(g)-.1 E F1(\(if)3.294 E 1.126(using NDBM\).)102 405.4 R 1.126
+(This is the form that)6.126 F F2(sendmail)3.627 E F1 1.127
+(actually uses to resolv)3.627 F 3.627(ea)-.15 G 3.627(liases. This)
+-3.627 F 1.127(technique is)3.627 F(used to impro)102 417.4 Q .3 -.15
+(ve p)-.15 H(erformance.).15 E
+(The control of search order is actually set by the service switch.)127
+433.6 Q(Essentially)5 E 2.5(,t)-.65 G(he entry)-2.5 E 2.5(OA)142 449.8 S
+(liasFile=switch:aliases)-2.5 E .927(is al)102 466 R -.1(wa)-.1 G .927(\
+ys added as the \214rst alias entry; also, the \214rst alias \214le nam\
+e without a class \(e.g., without).1 F .268(\231nis:\232 on the front\)\
+ will be used as the name of the \214le for a `)102 478 R(`\214les')-.74
+E 2.769('e)-.74 G .269(ntry in the aliases switch.)-2.769 F -.15(Fo)
+5.269 G(r).15 E -.15(ex)102 490 S
+(ample, if the con\214guration \214le contains).15 E 2.5(OA)142 506.2 S
+(liasFile=/etc/mail/aliases)-2.5 E(and the service switch contains)102
+522.4 Q 6.84(aliases nis)142 538.6 R(\214les nisplus)2.5 E 1.164(then a\
+liases will \214rst be searched in the NIS database, then in /etc/mail/\
+aliases, then in the NIS+)102 554.8 R(database.)102 566.8 Q -1.1(Yo)127
+583 S 2.5(uc)1.1 G(an also use)-2.5 E/F4 9/Times-Roman@0 SF(NIS)2.5 E F1
+(-based alias \214les.)A -.15(Fo)5 G 2.5(re).15 G
+(xample, the speci\214cation:)-2.65 E 2.5(OA)142 599.2 S
+(liasFile=/etc/mail/aliases)-2.5 E 2.5(OA)142 611.2 S
+(liasFile=nis:mail.aliases@my)-2.5 E(.nis.domain)-.65 E .143(will \214r\
+st search the /etc/mail/aliases \214le and then the map named \231mail.\
+aliases\232 in \231my)102 627.4 R(.nis.domain\232.)-.65 E -.8(Wa)102
+639.4 S .59(rning: if you b).8 F .59(uild your o)-.2 F(wn)-.25 E F4(NIS)
+3.09 E F1 .589(-based alias \214les, be sure to pro)B .589(vide the)-.15
+F F0<ad6c>3.089 E F1 .589(\215ag to)3.089 F F2(mak)3.089 E(edbm)-.1 E F1
+(\(8\))A .159(to map upper case letters in the k)102 651.4 R -.15(ey)-.1
+G 2.659(st).15 G 2.659(ol)-2.659 G -.25(ow)-2.659 G .159
+(er case; otherwise, aliases with upper case letters in their).25 F
+(names w)102 663.4 Q(on')-.1 E 2.5(tm)-.18 G(atch incoming addresses.)
+-2.5 E .32 LW 76 673 72 673 DL 80 673 76 673 DL 84 673 80 673 DL 88 673
+84 673 DL 92 673 88 673 DL 96 673 92 673 DL 100 673 96 673 DL 104 673
+100 673 DL 108 673 104 673 DL 112 673 108 673 DL 116 673 112 673 DL 120
+673 116 673 DL 124 673 120 673 DL 128 673 124 673 DL 132 673 128 673 DL
+136 673 132 673 DL 140 673 136 673 DL 144 673 140 673 DL 148 673 144 673
+DL 152 673 148 673 DL 156 673 152 673 DL 160 673 156 673 DL 164 673 160
+673 DL 168 673 164 673 DL 172 673 168 673 DL 176 673 172 673 DL 180 673
+176 673 DL 184 673 180 673 DL 188 673 184 673 DL 192 673 188 673 DL 196
+673 192 673 DL 200 673 196 673 DL 204 673 200 673 DL 208 673 204 673 DL
+212 673 208 673 DL 216 673 212 673 DL/F5 5/Times-Roman@0 SF(9)93.6 683.4
+Q/F6 8/Times-Roman@0 SF(Actually)3.2 I 2(,a)-.52 G .24 -.12(ny m)-2 H
+(ailer that has the `).12 E 1.776 -.888(A' m)-.64 H(ailer \215ag set wi\
+ll permit aliasing; this is normally limited to the local mailer).888 E
+(.)-.44 E F5(10)93.6 697 Q F6(The)3.2 I/F7 8/Times-Italic@0 SF(gdbm)2 E
+F6(package does not w)2 E(ork.)-.08 E 0 Cg EP
%%Page: 21 17
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3231>195.86 E
-2.5<322e362e312e20526562>102 96 R
-<75696c64696e672074686520616c696173206461746162617365>-.2 E/F1 10
-/Times-Roman@0 SF<546865>142 112.2 Q/F2 10/Times-Italic@0 SF<68617368>
-3.079 E F1<6f72>3.079 E F2<64626d>3.079 E F1 -.15<7665>3.079 G .579
-<7273696f6e206f6620746865206461746162617365206d617920626520726562>.15 F
-.58<75696c742065>-.2 F .58<78706c696369746c792062792065>-.15 F -.15
-<7865>-.15 G .58<637574696e672074686520636f6d2d>.15 F<6d616e64>117 124.2
-Q<6e65>157 140.4 Q -.1<7761>-.25 G<6c6961736573>.1 E
-<546869732069732065717569>117 156.6 Q -.25<7661>-.25 G
-<6c656e7420746f206769>.25 E<76696e67>-.25 E F2<73656e646d61696c>2.5 E F1
-<746865>2.5 E F0<ad6269>2.5 E F1<8d61673a>2.5 E
-<2f7573722f7362696e2f73656e646d61696c20ad6269>157 172.8 Q 1.77
-<496620796f75206861>142 193.2 R 2.07 -.15<7665206d>-.2 H 1.77<756c746970
-6c6520616c6961736573206461746162617365732073706563698c65642c20746865>.15
-F F0<ad6269>4.27 E F1 1.77<8d616720726562>4.27 F 1.77
-<75696c647320616c6c20746865206461746162617365>-.2 F
-<747970657320697420756e6465727374616e64732028666f722065>117 205.2 Q
-<78616d706c652c2069742063616e20726562>-.15 E
-<75696c64204e44424d206461746162617365732062>-.2 E
-<7574206e6f74204e495320646174616261736573292e>-.2 E F0 2.5
-<322e362e322e2050>102 229.2 R<6f74656e7469616c207072>-.2 E<6f626c656d73>
--.18 E F1 1.131<5468657265206172652061206e756d626572206f662070726f626c65
-6d7320746861742063616e206f6363757220776974682074686520616c69617320646174
-61626173652e>142 245.4 R<546865>6.131 E 3.631<7961>-.15 G 1.131
-<6c6c20726573756c74>-3.631 F 1.104<66726f6d2061>117 257.4 R F2
-<73656e646d61696c>3.604 E F1 1.104
-<70726f6365737320616363657373696e67207468652044424d2076>3.604 F 1.103
-<657273696f6e207768696c65206974206973206f6e6c79207061727469616c6c792062>
--.15 F 3.603<75696c742e2054686973>-.2 F<63616e>3.603 E 1.248
-<68617070656e20756e646572207477>117 269.4 R 3.748<6f63>-.1 G 1.248<6972
-63756d7374616e6365733a204f6e652070726f6365737320616363657373657320746865
-206461746162617365207768696c6520616e6f746865722070726f63657373206973>
--3.748 F<726562>117 281.4 Q .518
-<75696c64696e672069742c206f72207468652070726f6365737320726562>-.2 F .518
-<75696c64696e67207468652064617461626173652064696573202864756520746f2062
-65696e67206b696c6c6564206f7220612073797374656d20637261736829>-.2 F
-<6265666f726520636f6d706c6574696e672074686520726562>117 293.4 Q
-<75696c642e>-.2 E .401<53656e646d61696c2068617320746872656520746563686e
-697175657320746f2074727920746f2072656c6965>142 309.6 R .701 -.15
-<76652074>-.25 H .401<686573652070726f626c656d732e>.15 F .401
-<46697273742c2069742069676e6f72657320696e7465727275707473>5.401 F .045
-<7768696c6520726562>117 321.6 R .045
-<75696c64696e67207468652064617461626173653b20746869732061>-.2 F -.2
-<766f>-.2 G .045<696473207468652070726f626c656d206f6620736f6d656f6e6520
-61626f7274696e67207468652070726f63657373206c6561>.2 F .045<76696e672061>
--.2 F .176<7061727469616c6c7920726562>117 333.6 R .176
-<75696c742064617461626173652e>-.2 F .177<5365636f6e642c206974206c6f636b
-732074686520646174616261736520736f75726365208c6c6520647572696e6720746865
-20726562>5.176 F .177<75696c64208a2062>-.2 F .177<75742074686174>-.2 F
-.813<6d6179206e6f742077>117 345.6 R .813<6f726b206f>-.1 F -.15<7665>-.15
-G 3.313<724e>.15 G .813
-<4653206f7220696620746865208c6c6520697320756e7772697461626c652e>-3.313 F
-.812<54686972642c2061742074686520656e64206f662074686520726562>5.812 F
-.812<75696c64206974206164647320616e>-.2 F
-<616c696173206f662074686520666f726d>117 357.6 Q<403a2040>157 373.8 Q
-.336<287768696368206973206e6f74206e6f726d616c6c79206c65>117 390 R -.05
-<6761>-.15 G 2.836<6c292e204265666f7265>.05 F F2<73656e646d61696c>2.836
-E F1 .336<77696c6c20616363657373207468652064617461626173652c206974206368
-65636b7320746f20696e737572652074686174>2.836 F<7468697320656e7472792065>
-117 404 Q<7869737473>-.15 E/F3 7/Times-Roman@0 SF<3131>-4 I F1<2e>4 I F0
-2.5<322e362e332e204c697374>102 428 R -.1<6f77>2.5 G<6e657273>.1 E F1
-.401<496620616e206572726f72206f6363757273206f6e2073656e64696e6720746f20
-61206365727461696e20616464726573732c207361792099>142 444.2 R F2<78>A F1
-<9a2c>A F2<73656e646d61696c>2.9 E F1 .4
-<77696c6c206c6f6f6b20666f7220616e20616c696173>2.9 F .417
-<6f662074686520666f726d20996f>117 456.2 R<776e6572>-.25 E<2d>-.2 E F2
-<78>A F1 2.917<9a74>C 2.917<6f72>-2.917 G<65636569>-2.917 E .717 -.15
-<76652074>-.25 H .418<6865206572726f72732e>.15 F .418<546869732069732074
-79706963616c6c792075736566756c20666f722061206d61696c696e67206c6973742077
-6865726520746865>5.418 F 1.117<7375626d6974746572206f6620746865206c6973
-7420686173206e6f20636f6e74726f6c206f>117 468.2 R -.15<7665>-.15 G 3.617
-<7274>.15 G 1.116<6865206d61696e74656e616e6365206f6620746865206c69737420
-697473656c663b20696e2074686973206361736520746865206c697374>-3.617 F
-<6d61696e7461696e65722077>117 480.2 Q<6f756c6420626520746865206f>-.1 E
-<776e6572206f6620746865206c6973742e>-.25 E -.15<466f>5 G 2.5<7265>.15 G
-<78616d706c653a>-2.65 E<756e69782d77697a617264733a2065726963407563626172
-70612c20776e6a406d6f6e65742c206e6f7375636875736572>157 496.4 Q<2c>-.4 E
-<73616d406d617469737365>193 508.4 Q -.25<6f77>157 520.4 S<6e6572>.25 E
-<2d756e69782d77697a617264733a20756e69782d77697a617264732d72657175657374>
--.2 E
-<756e69782d77697a617264732d726571756573743a20657269634075636261727061>
-157 532.4 Q -.1<776f>117 548.6 S .689<756c642063617573652099657269634075
-6362617270619a20746f2067657420746865206572726f7220746861742077696c6c206f
-63637572207768656e20736f6d656f6e652073656e647320746f20756e69782d77697a2d>
-.1 F<617264732064756520746f2074686520696e636c7573696f6e206f6620996e6f73
-756368757365729a206f6e20746865206c6973742e>117 560.6 Q .959
-<4c697374206f>142 576.8 R .959
-<776e65727320616c736f2063617573652074686520656e>-.25 F -.15<7665>-.4 G
-.959
-<6c6f70652073656e646572206164647265737320746f206265206d6f64698c65642e>
-.15 F .958<54686520636f6e74656e7473206f6620746865>5.958 F -.25<6f77>117
-588.8 S .428<6e657220616c69617320617265207573656420696620746865>.25 F
-2.928<7970>-.15 G .428<6f696e7420746f20612073696e676c652075736572>-2.928
-F 2.928<2c6f>-.4 G .429<746865727769736520746865206e616d65206f6620746865
-20616c69617320697473656c6620697320757365642e>-2.928 F -.15<466f>117
-600.8 S 3.455<7274>.15 G .955
-<68697320726561736f6e2c20616e6420746f206f6265>-3.455 F 3.454<7949>-.15 G
-.954<6e7465726e657420636f6e>-3.454 F -.15<7665>-.4 G .954
-<6e74696f6e732c2074686520996f>.15 F<776e6572>-.25 E .954
-<2d9a2061646472657373206e6f726d616c6c7920706f696e747320617420746865>-.2
-F .503<992d726571756573749a20616464726573733b20746869732063617573657320
-6d6573736167657320746f20676f206f7574207769746820746865207479706963616c20
-496e7465726e657420636f6e>117 612.8 R -.15<7665>-.4 G .504
-<6e74696f6e206f66207573696e67>.15 F -.74<6060>117 624.8 S F2<6c697374>
-.74 E F1<2d7265717565737427>A 2.5<2761>-.74 G 2.5<7374>-2.5 G
-<68652072657475726e20616464726573732e>-2.5 E F0 2.5<322e372e2055736572>
-87 648.8 R<496e66>2.5 E<6f726d6174696f6e204461746162617365>-.25 E F1
-3.636<54686973206f7074696f6e20697320646570726563617465642c20757365207669
-7274757365727461626c6520616e642067656e65726963737461626c6520696e73746561
-642061732065>127 665 R 3.635<78706c61696e656420696e>-.15 F F2
-<63662f524541444d45>102 677 Q F1 5.06<2e49>C 2.56<6679>-5.06 G .06
-<6f75206861>-2.56 F .36 -.15<76652061207665>-.2 H .06<7273696f6e206f66>
-.15 F F2<73656e646d61696c>2.56 E F1 .06<7769746820746865207573657220696e
-666f726d6174696f6e20646174616261736520636f6d70696c656420696e2c20616e64>
-2.56 F .32 LW 76 686.6 72 686.6 DL 80 686.6 76 686.6 DL 84 686.6 80
-686.6 DL 88 686.6 84 686.6 DL 92 686.6 88 686.6 DL 96 686.6 92 686.6 DL
-100 686.6 96 686.6 DL 104 686.6 100 686.6 DL 108 686.6 104 686.6 DL 112
-686.6 108 686.6 DL 116 686.6 112 686.6 DL 120 686.6 116 686.6 DL 124
-686.6 120 686.6 DL 128 686.6 124 686.6 DL 132 686.6 128 686.6 DL 136
-686.6 132 686.6 DL 140 686.6 136 686.6 DL 144 686.6 140 686.6 DL 148
-686.6 144 686.6 DL 152 686.6 148 686.6 DL 156 686.6 152 686.6 DL 160
-686.6 156 686.6 DL 164 686.6 160 686.6 DL 168 686.6 164 686.6 DL 172
-686.6 168 686.6 DL 176 686.6 172 686.6 DL 180 686.6 176 686.6 DL 184
-686.6 180 686.6 DL 188 686.6 184 686.6 DL 192 686.6 188 686.6 DL 196
-686.6 192 686.6 DL 200 686.6 196 686.6 DL 204 686.6 200 686.6 DL 208
-686.6 204 686.6 DL 212 686.6 208 686.6 DL 216 686.6 212 686.6 DL/F4 5
-/Times-Roman@0 SF<3131>93.6 697 Q/F5 8/Times-Roman@0 SF<546865>3.2 I/F6
-8/Times-Bold@0 SF<416c69617357>2 E<616974>-.52 E F5<6f7074696f6e20697320
-726571756972656420696e2074686520636f6e8c6775726174696f6e20666f7220746869
-7320616374696f6e20746f206f63637572>2 E 4<2e54>-.44 G
-<6869732073686f756c64206e6f726d616c6c792062652073706563698c65642e>-4 E 0
-Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-21)195.86 E/F1 10/Times-Roman@0 SF
+(Additional \215ags can be added after the colon e)127 96 Q(xactly lik)
+-.15 E 2.5(ea)-.1 G F0(K)A F1(line \212 for e)2.5 E(xample:)-.15 E 2.5
+(OA)142 112.2 S(liasFile=nis:\255N mail.aliases@my)-2.5 E(.nis.domain)
+-.65 E(will search the appropriate NIS map and al)102 128.4 Q -.1(wa)-.1
+G(ys include null bytes in the k).1 E -.15(ey)-.1 G 5(.A)-.5 G(lso:)-5 E
+2.5(OA)142 144.6 S(liasFile=nis:\255f mail.aliases@my)-2.5 E
+(.nis.domain)-.65 E(will pre)102 160.8 Q -.15(ve)-.25 G
+(nt sendmail from do).15 E(wncasing the k)-.25 E .3 -.15(ey b)-.1 H
+(efore the alias lookup.).15 E F0 2.5(2.6.1. Reb)102 184.8 R
+(uilding the alias database)-.2 E F1(The)142 201 Q/F2 10/Times-Italic@0
+SF(hash)3.08 E F1(or)3.08 E F2(dbm)3.08 E F1 -.15(ve)3.08 G .579
+(rsion of the database may be reb).15 F .579(uilt e)-.2 F .579
+(xplicitly by e)-.15 F -.15(xe)-.15 G .579(cuting the com-).15 F(mand)
+117 213 Q(ne)157 229.2 Q -.1(wa)-.25 G(liases).1 E(This is equi)117
+245.4 Q -.25(va)-.25 G(lent to gi).25 E(ving)-.25 E F2(sendmail)2.5 E F1
+(the)2.5 E F0(\255bi)2.5 E F1(\215ag:)2.5 E(/usr/sbin/sendmail \255bi)
+157 261.6 Q 1.77(If you ha)142 282 R 2.07 -.15(ve m)-.2 H 1.77
+(ultiple aliases databases speci\214ed, the).15 F F0(\255bi)4.27 E F1
+1.77(\215ag reb)4.27 F 1.77(uilds all the database)-.2 F
+(types it understands \(for e)117 294 Q(xample, it can reb)-.15 E
+(uild NDBM databases b)-.2 E(ut not NIS databases\).)-.2 E F0 2.5
+(2.6.2. P)102 318 R(otential pr)-.2 E(oblems)-.18 E F1 1.131
+(There are a number of problems that can occur with the alias database.)
+142 334.2 R(The)6.13 E 3.63(ya)-.15 G 1.13(ll result)-3.63 F 1.103
+(from a)117 346.2 R F2(sendmail)3.603 E F1 1.103
+(process accessing the DBM v)3.603 F 1.103
+(ersion while it is only partially b)-.15 F 3.604(uilt. This)-.2 F(can)
+3.604 E 1.249(happen under tw)117 358.2 R 3.749(oc)-.1 G 1.248(ircumsta\
+nces: One process accesses the database while another process is)-3.749
+F(reb)117 370.2 Q .518(uilding it, or the process reb)-.2 F .518
+(uilding the database dies \(due to being killed or a system crash\))-.2
+F(before completing the reb)117 382.2 Q(uild.)-.2 E .401
+(Sendmail has three techniques to try to relie)142 398.4 R .701 -.15
+(ve t)-.25 H .401(hese problems.).15 F .4(First, it ignores interrupts)
+5.401 F .045(while reb)117 410.4 R .045(uilding the database; this a)-.2
+F -.2(vo)-.2 G .045(ids the problem of someone aborting the process lea)
+.2 F .045(ving a)-.2 F .177(partially reb)117 422.4 R .177
+(uilt database.)-.2 F .177
+(Second, it locks the database source \214le during the reb)5.177 F .176
+(uild \212 b)-.2 F .176(ut that)-.2 F .812(may not w)117 434.4 R .812
+(ork o)-.1 F -.15(ve)-.15 G 3.312(rN).15 G .812
+(FS or if the \214le is unwritable.)-3.312 F .813
+(Third, at the end of the reb)5.813 F .813(uild it adds an)-.2 F
+(alias of the form)117 446.4 Q(@: @)157 462.6 Q .336
+(\(which is not normally le)117 478.8 R -.05(ga)-.15 G 2.836
+(l\). Before).05 F F2(sendmail)2.836 E F1 .336
+(will access the database, it checks to insure that)2.836 F
+(this entry e)117 492.8 Q(xists)-.15 E/F3 7/Times-Roman@0 SF(11)-4 I F1
+(.)4 I F0 2.5(2.6.3. List)102 516.8 R -.1(ow)2.5 G(ners).1 E F1 .4
+(If an error occurs on sending to a certain address, say \231)142 533 R
+F2(x)A F1<9a2c>A F2(sendmail)2.901 E F1 .401(will look for an alias)
+2.901 F .418(of the form \231o)117 545 R(wner)-.25 E(-)-.2 E F2(x)A F1
+2.918<9a74>C 2.918(or)-2.918 G(ecei)-2.918 E .718 -.15(ve t)-.25 H .418
+(he errors.).15 F .417
+(This is typically useful for a mailing list where the)5.418 F 1.116
+(submitter of the list has no control o)117 557 R -.15(ve)-.15 G 3.617
+(rt).15 G 1.117
+(he maintenance of the list itself; in this case the list)-3.617 F
+(maintainer w)117 569 Q(ould be the o)-.1 E(wner of the list.)-.25 E
+-.15(Fo)5 G 2.5(re).15 G(xample:)-2.65 E
+(unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser)157 585.2 Q(,)-.4 E
+(sam@matisse)193 597.2 Q -.25(ow)157 609.2 S(ner).25 E
+(-unix-wizards: unix-wizards-request)-.2 E
+(unix-wizards-request: eric@ucbarpa)157 621.2 Q -.1(wo)117 637.4 S .689
+(uld cause \231eric@ucbarpa\232 to get the error that will occur when s\
+omeone sends to unix-wiz-).1 F
+(ards due to the inclusion of \231nosuchuser\232 on the list.)117 649.4
+Q .958(List o)142 665.6 R .958(wners also cause the en)-.25 F -.15(ve)
+-.4 G .959(lope sender address to be modi\214ed.).15 F .959
+(The contents of the)5.959 F -.25(ow)117 677.6 S .429
+(ner alias are used if the).25 F 2.929(yp)-.15 G .429
+(oint to a single user)-2.929 F 2.928(,o)-.4 G .428
+(therwise the name of the alias itself is used.)-2.928 F .32 LW 76 687.2
+72 687.2 DL 80 687.2 76 687.2 DL 84 687.2 80 687.2 DL 88 687.2 84 687.2
+DL 92 687.2 88 687.2 DL 96 687.2 92 687.2 DL 100 687.2 96 687.2 DL 104
+687.2 100 687.2 DL 108 687.2 104 687.2 DL 112 687.2 108 687.2 DL 116
+687.2 112 687.2 DL 120 687.2 116 687.2 DL 124 687.2 120 687.2 DL 128
+687.2 124 687.2 DL 132 687.2 128 687.2 DL 136 687.2 132 687.2 DL 140
+687.2 136 687.2 DL 144 687.2 140 687.2 DL 148 687.2 144 687.2 DL 152
+687.2 148 687.2 DL 156 687.2 152 687.2 DL 160 687.2 156 687.2 DL 164
+687.2 160 687.2 DL 168 687.2 164 687.2 DL 172 687.2 168 687.2 DL 176
+687.2 172 687.2 DL 180 687.2 176 687.2 DL 184 687.2 180 687.2 DL 188
+687.2 184 687.2 DL 192 687.2 188 687.2 DL 196 687.2 192 687.2 DL 200
+687.2 196 687.2 DL 204 687.2 200 687.2 DL 208 687.2 204 687.2 DL 212
+687.2 208 687.2 DL 216 687.2 212 687.2 DL/F4 5/Times-Roman@0 SF(11)93.6
+697.6 Q/F5 8/Times-Roman@0 SF(The)3.2 I/F6 8/Times-Bold@0 SF(AliasW)2 E
+(ait)-.52 E F5
+(option is required in the con\214guration for this action to occur)2 E
+4(.T)-.44 G(his should normally be speci\214ed.)-4 E 0 Cg EP
%%Page: 22 18
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d32322053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .765<796f75206861>102 96 R 1.065 -.15<76652073>
--.2 H .764<706563698c6564206f6e65206f72206d6f72652064617461626173657320
-7573696e6720746865>.15 F F0<55>3.264 E F1 .764<6f7074696f6e2c2074686520
-6461746162617365732077696c6c20626520736561726368656420666f722061>3.264 F
-/F2 10/Times-Italic@0 SF<75736572>102 108 Q F1
-<3a6d61696c64726f7020656e747279>A 5<2e49>-.65 G 2.5<6666>-5 G<6f756e642c
-20746865206d61696c2077696c6c2062652073656e7420746f207468652073706563698c
-656420616464726573732e>-2.5 E F0 2.5<322e382e2050>87 132 R<6572>-.2 E
-<2d557365722046>-.37 E<6f7277617264696e6720282e66>-.25 E
-<6f72776172642046696c657329>-.25 E F1 .12
-<417320616e20616c7465726e617469>127 148.2 R .42 -.15<76652074>-.25 H
-2.62<6f74>.15 G .12<686520616c6961732064617461626173652c20616e>-2.62 F
-2.62<7975>-.15 G .121<736572206d6179207075742061208c6c652077697468207468
-65206e616d6520992e666f7277>-2.62 F .121<6172649a20696e20686973>-.1 F
-.205<6f722068657220686f6d65206469726563746f7279>102 160.2 R 5.205<2e49>
--.65 G 2.705<6674>-5.205 G .205<686973208c6c652065>-2.705 F
-<78697374732c>-.15 E F2<73656e646d61696c>2.705 E F1 .205<72656469726563
-7473206d61696c20666f722074686174207573657220746f20746865206c697374206f66
-20616464726573736573>2.705 F .664
-<6c697374656420696e20746865202e666f7277>102 172.2 R .664
-<617264208c6c652e>-.1 F .665
-<4e6f7465207468617420616c6961736573206172652066756c6c792065>5.664 F .665
-<7870616e646564206265666f726520666f7277>-.15 F .665
-<617264208c6c657320617265207265666572656e6365642e>-.1 F -.15<466f>102
-184.2 S 2.5<7265>.15 G<78616d706c652c2069662074686520686f6d652064697265
-63746f727920666f72207573657220996d636b757369636b9a206861732061202e666f72
-77>-2.65 E<617264208c6c65207769746820636f6e74656e74733a>-.1 E
-<6d636b757369636b4065726e6965>142 200.4 Q<6b69726b4063616c646572>142
-212.4 Q<7468656e20616e>102 228.6 Q 2.5<796d>-.15 G<61696c2061727269>-2.5
-E<76696e6720666f7220996d636b757369636b9a2077696c6c2062652072656469726563
-74656420746f207468652073706563698c6564206163636f756e74732e>-.25 E
-<41637475616c6c79>127 244.8 Q 3.375<2c74>-.65 G .874<686520636f6e8c6775
-726174696f6e208c6c652064658c6e657320612073657175656e6365206f66208c6c656e
-616d657320746f20636865636b2e>-3.375 F .874<427920646566>5.874 F .874
-<61756c742c2074686973206973>-.1 F .516<746865207573657227>102 256.8 R
-3.016<732e>-.55 G<666f7277>-3.016 E .517<617264208c6c652c2062>-.1 F .517
-<75742063616e2062652064658c6e656420746f206265206d6f72652067656e6572616c
-6c79207573696e6720746865>-.2 F F0 -.25<466f>3.017 G<727761726450>.25 E
-<617468>-.1 E F1 3.017<6f7074696f6e2e204966>3.017 F .183
-<796f75206368616e676520746869732c20796f752077696c6c206861>102 268.8 R
-.482 -.15<76652074>-.2 H 2.682<6f69>.15 G .182<6e666f726d20796f75722075
-7365722062617365206f6620746865206368616e67653b202e666f7277>-2.682 F .182
-<617264206973207072657474792077656c6c20696e636f72>-.1 F<2d>-.2 E
-<706f726174656420696e746f2074686520636f6c6c65637469>102 280.8 Q .3 -.15
-<76652073>-.25 H<7562636f6e7363696f75732e>.15 E F0 2.5
-<322e392e205370656369616c>87 304.8 R<486561646572204c696e6573>2.5 E F1
-<5365>127 321 Q -.15<7665>-.25 G 1.897
-<72616c20686561646572206c696e6573206861>.15 F 2.197 -.15<76652073>-.2 H
-1.897<70656369616c20696e746572707265746174696f6e732064658c6e656420627920
-74686520636f6e8c6775726174696f6e208c6c652e>.15 F<4f7468657273>6.898 E
-<6861>102 333 Q 1.206 -.15<76652069>-.2 H .906
-<6e746572707265746174696f6e732062>.15 F .906<75696c7420696e746f>-.2 F F2
-<73656e646d61696c>3.406 E F1 .905<746861742063616e6e6f74206265206368616e
-67656420776974686f7574206368616e67696e672074686520636f64652e>3.406 F
-<5468657365>5.905 E -.2<6275>102 345 S
-<696c742d696e73206172652064657363726962656420686572652e>.2 E F0 2.5
-<322e392e312e20457272>102 369 R<6f72732d54>-.18 E<6f3a>-.92 E F1 .22
-<4966206572726f7273206f6363757220616e>142 385.2 R .22<797768657265206475
-72696e672070726f63657373696e672c2074686973206865616465722077696c6c206361
-757365206572726f72206d6573736167657320746f20676f20746f>-.15 F
-<746865206c6973746564206164647265737365732e>117 397.2 Q
-<5468697320697320696e74656e64656420666f72206d61696c696e67206c697374732e>
-5 E .385<546865204572726f72732d54>142 413.4 R .385
-<6f3a206865616465722077>-.8 F .384<6173206372656174656420696e2074686520
-626164206f6c642064617973207768656e2055554350206469646e27>-.1 F 2.884
-<7475>-.18 G .384<6e6465727374616e6420746865>-2.884 F .889
-<64697374696e6374696f6e206265747765656e20616e20656e>117 425.4 R -.15
-<7665>-.4 G .889<6c6f706520616e642061206865616465723b20746869732077>.15
-F .889<61732061206861636b20746f2070726f>-.1 F .89
-<7669646520776861742073686f756c64206e6f>-.15 F 3.39<7762>-.25 G<65>-3.39
-E .81<7061737365642061732074686520656e>117 437.4 R -.15<7665>-.4 G .81
-<6c6f70652073656e64657220616464726573732e>.15 F .809
-<49742073686f756c6420676f2061>5.81 F -.1<7761>-.15 G 4.609 -.65
-<792e2049>.1 H 3.309<7469>.65 G 3.309<736f>-3.309 G .809
-<6e6c79207573656420696620746865>-3.309 F F0<557365457272>3.309 E
-<6f727354>-.18 E<6f>-.92 E F1<6f7074696f6e206973207365742e>117 449.4 Q
-<546865204572726f72732d54>142 465.6 Q<6f3a20686561646572206973206f66>-.8
-E<8c6369616c6c79206465707265636174656420616e642077696c6c20676f2061>-.25
-E -.1<7761>-.15 G 2.5<7969>.1 G 2.5<6e6166>-2.5 G
-<75747572652072656c656173652e>-2.5 E F0 2.5<322e392e322e2041>102 489.6 R
-<70706172>-.25 E<656e746c792d54>-.18 E<6f3a>-.92 E F1 .044<524643203832
-32207265717569726573206174206c65617374206f6e6520726563697069656e74208c65
-6c64202854>142 505.8 R .045
-<6f3a2c2043633a2c206f72204263633a206c696e652920696e2065>-.8 F -.15<7665>
--.25 G .045<7279206d6573736167652e>.15 F .045<49662061>5.045 F .562<6d65
-737361676520636f6d657320696e2077697468206e6f20726563697069656e7473206c69
-7374656420696e20746865206d657373616765207468656e>117 517.8 R F2
-<73656e646d61696c>3.062 E F1 .562
-<77696c6c2061646a7573742074686520686561646572>3.062 F .085<626173656420
-6f6e2074686520994e6f526563697069656e74416374696f6e9a206f7074696f6e2e>117
-529.8 R .085<4f6e65206f662074686520706f737369626c6520616374696f6e732069
-7320746f2061646420616e2099>5.085 F<4170706172656e746c792d>-.8 E -.8
-<546f>117 541.8 S<3a9a20686561646572206c696e6520666f7220616e>.8 E 2.5
-<7972>-.15 G<6563697069656e74732069742069732061>-2.5 E -.1<7761>-.15 G
-<7265206f662e>.1 E .911<546865204170706172656e746c792d54>142 558 R .911<
-6f3a20686561646572206973206e6f6e2d7374616e6461726420616e6420697320626f74
-68206465707265636174656420616e64207374726f6e676c7920646973636f7572>-.8 F
-<2d>-.2 E<616765642e>117 570 Q F0 2.5<322e392e332e205072>102 594 R
-<65636564656e6365>-.18 E F1 .425<54686520507265636564656e63653a20686561
-6465722063616e2062652075736564206173206120637275646520636f6e74726f6c206f
-66206d657373616765207072696f72697479>142 610.2 R 5.425<2e49>-.65 G 2.925
-<7474>-5.425 G .425<7765616b7320746865>-2.925 F .181<736f7274206f726465
-7220696e2074686520717565756520616e642063616e20626520636f6e8c677572656420
-746f206368616e676520746865206d6573736167652074696d656f75742076>117 622.2
-R 2.681<616c7565732e20546865>-.25 F<70726563652d>2.681 E .234
-<64656e6365206f662061206d65737361676520616c736f20636f6e74726f6c7320686f>
-117 634.2 R 2.734<7764>-.25 G<656c69>-2.734 E -.15<7665>-.25 G .235<7279
-20737461747573206e6f74698c636174696f6e73202844534e7329206172652070726f63
-657373656420666f722074686174>.15 F<6d6573736167652e>117 646.2 Q F0 2.5
-<322e31302e204944454e54>87 670.2 R<5072>2.5 E
-<6f746f636f6c20537570706f7274>-.18 E F2<53656e646d61696c>127 686.4 Q F1
-.746<737570706f72747320746865204944454e542070726f746f636f6c206173206465
-8c6e656420696e2052464320313431332e>3.246 F .745
-<4e6f746520746861742074686520524643207374617465732061>5.745 F 1.36
-<636c69656e742073686f756c642077>102 698.4 R 1.36<616974206174206c656173
-74203330207365636f6e647320666f72206120726573706f6e73652e>-.1 F 1.361
-<54686520646566>6.361 F 1.361<61756c742054>-.1 F 1.361
-<696d656f75742e6964656e742069732035207365636f6e6473206173>-.35 F<6d616e>
-102 710.4 Q 3.024<7973>-.15 G .524<69746573206861>-3.024 F .824 -.15
-<76652061>-.2 H .524<646f7074656420746865207072616374696365206f66206472
-6f7070696e67204944454e5420717565726965732e>.15 F .524
-<5468697320686173206c65616420746f2064656c6179732070726f636573732d>5.524
-F .451<696e67206d61696c2e>102 722.4 R .452<416c74686f756768207468697320
-656e68616e636573206964656e74698c636174696f6e206f662074686520617574686f72
-206f6620616e20656d61696c206d65737361676520627920646f696e6720612060>5.451
-F<6063616c6c>-.74 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-22 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF -.15(Fo)
+117 96 S 3.454(rt).15 G .954(his reason, and to obe)-3.454 F 3.454(yI)
+-.15 G .954(nternet con)-3.454 F -.15(ve)-.4 G .954(ntions, the \231o)
+.15 F(wner)-.25 E .955(-\232 address normally points at the)-.2 F .504(\
+\231-request\232 address; this causes messages to go out with the typic\
+al Internet con)117 108 R -.15(ve)-.4 G .503(ntion of using).15 F -.74
+(``)117 120 S/F2 10/Times-Italic@0 SF(list).74 E F1(-request')A 2.5('a)
+-.74 G 2.5(st)-2.5 G(he return address.)-2.5 E F0 2.5(2.7. User)87 144 R
+(Inf)2.5 E(ormation Database)-.25 E F1 3.635(This option is deprecated,\
+ use virtusertable and genericstable instead as e)127 160.2 R 3.636
+(xplained in)-.15 F F2(cf/README)102 172.2 Q F1 5.06(.I)C 2.56(fy)-5.06
+G .06(ou ha)-2.56 F .36 -.15(ve a ve)-.2 H .06(rsion of).15 F F2
+(sendmail)2.56 E F1 .06
+(with the user information database compiled in, and)2.56 F .764(you ha)
+102 184.2 R 1.064 -.15(ve s)-.2 H .764
+(peci\214ed one or more databases using the).15 F F0(U)3.264 E F1 .764
+(option, the databases will be searched for a)3.264 F F2(user)102 196.2
+Q F1(:maildrop entry)A 5(.I)-.65 G 2.5(ff)-5 G
+(ound, the mail will be sent to the speci\214ed address.)-2.5 E F0 2.5
+(2.8. P)87 220.2 R(er)-.2 E(-User F)-.37 E(orwarding \(.f)-.25 E
+(orward Files\))-.25 E F1 .121(As an alternati)127 236.4 R .421 -.15
+(ve t)-.25 H 2.621(ot).15 G .121(he alias database, an)-2.621 F 2.621
+(yu)-.15 G .12(ser may put a \214le with the name \231.forw)-2.621 F .12
+(ard\232 in his)-.1 F .205(or her home directory)102 248.4 R 5.205(.I)
+-.65 G 2.705(ft)-5.205 G .205(his \214le e)-2.705 F(xists,)-.15 E F2
+(sendmail)2.705 E F1 .205
+(redirects mail for that user to the list of addresses)2.705 F .665
+(listed in the .forw)102 260.4 R .665(ard \214le.)-.1 F .665
+(Note that aliases are fully e)5.665 F .664(xpanded before forw)-.15 F
+.664(ard \214les are referenced.)-.1 F -.15(Fo)102 272.4 S 2.5(re).15 G
+(xample, if the home directory for user \231mckusick\232 has a .forw)
+-2.65 E(ard \214le with contents:)-.1 E(mckusick@ernie)142 288.6 Q
+(kirk@calder)142 300.6 Q(then an)102 316.8 Q 2.5(ym)-.15 G(ail arri)-2.5
+E(ving for \231mckusick\232 will be redirected to the speci\214ed accou\
+nts.)-.25 E(Actually)127 333 Q 3.374(,t)-.65 G .874(he con\214guration \
+\214le de\214nes a sequence of \214lenames to check.)-3.374 F .875
+(By def)5.875 F .875(ault, this is)-.1 F .517(the user')102 345 R 3.017
+(s.)-.55 G(forw)-3.017 E .517(ard \214le, b)-.1 F .517
+(ut can be de\214ned to be more generally using the)-.2 F F0 -.25(Fo)
+3.017 G(rwardP).25 E(ath)-.1 E F1 3.016(option. If)3.016 F .182
+(you change this, you will ha)102 357 R .482 -.15(ve t)-.2 H 2.682(oi)
+.15 G .182(nform your user base of the change; .forw)-2.682 F .183
+(ard is pretty well incor)-.1 F(-)-.2 E(porated into the collecti)102
+369 Q .3 -.15(ve s)-.25 H(ubconscious.).15 E F0 2.5(2.9. Special)87 393
+R(Header Lines)2.5 E F1(Se)127 409.2 Q -.15(ve)-.25 G 1.898
+(ral header lines ha).15 F 2.197 -.15(ve s)-.2 H 1.897
+(pecial interpretations de\214ned by the con\214guration \214le.).15 F
+(Others)6.897 E(ha)102 421.2 Q 1.205 -.15(ve i)-.2 H .905
+(nterpretations b).15 F .905(uilt into)-.2 F F2(sendmail)3.405 E F1 .906
+(that cannot be changed without changing the code.)3.405 F(These)5.906 E
+-.2(bu)102 433.2 S(ilt-ins are described here.).2 E F0 2.5(2.9.1. Err)
+102 457.2 R(ors-T)-.18 E(o:)-.92 E F1 .22(If errors occur an)142 473.4 R
+.22(ywhere during processing, this header will cause error messages to \
+go to)-.15 F(the listed addresses.)117 485.4 Q
+(This is intended for mailing lists.)5 E .384(The Errors-T)142 501.6 R
+.384(o: header w)-.8 F .384
+(as created in the bad old days when UUCP didn')-.1 F 2.885(tu)-.18 G
+.385(nderstand the)-2.885 F .89(distinction between an en)117 513.6 R
+-.15(ve)-.4 G .89(lope and a header; this w).15 F .889(as a hack to pro)
+-.1 F .889(vide what should no)-.15 F 3.389(wb)-.25 G(e)-3.389 E .809
+(passed as the en)117 525.6 R -.15(ve)-.4 G .809(lope sender address.)
+.15 F .809(It should go a)5.809 F -.1(wa)-.15 G 4.609 -.65(y. I).1 H
+3.31(ti).65 G 3.31(so)-3.31 G .81(nly used if the)-3.31 F F0(UseErr)3.31
+E(orsT)-.18 E(o)-.92 E F1(option is set.)117 537.6 Q(The Errors-T)142
+553.8 Q(o: header is of)-.8 E(\214cially deprecated and will go a)-.25 E
+-.1(wa)-.15 G 2.5(yi).1 G 2.5(naf)-2.5 G(uture release.)-2.5 E F0 2.5
+(2.9.2. A)102 577.8 R(ppar)-.25 E(ently-T)-.18 E(o:)-.92 E F1 .045
+(RFC 822 requires at least one recipient \214eld \(T)142 594 R .045
+(o:, Cc:, or Bcc: line\) in e)-.8 F -.15(ve)-.25 G .044(ry message.).15
+F .044(If a)5.044 F .562
+(message comes in with no recipients listed in the message then)117 606
+R F2(sendmail)3.062 E F1 .562(will adjust the header)3.062 F .085
+(based on the \231NoRecipientAction\232 option.)117 618 R .085
+(One of the possible actions is to add an \231)5.085 F(Apparently-)-.8 E
+-.8(To)117 630 S(:\232 header line for an).8 E 2.5(yr)-.15 G
+(ecipients it is a)-2.5 E -.1(wa)-.15 G(re of.).1 E .91
+(The Apparently-T)142 646.2 R .911
+(o: header is non-standard and is both deprecated and strongly discour)
+-.8 F(-)-.2 E(aged.)117 658.2 Q F0 2.5(2.9.3. Pr)102 682.2 R(ecedence)
+-.18 E F1 .425(The Precedence: header can be used as a crude control of\
+ message priority)142 698.4 R 5.424(.I)-.65 G 2.924(tt)-5.424 G .424
+(weaks the)-2.924 F .181(sort order in the queue and can be con\214gure\
+d to change the message timeout v)117 710.4 R 2.682(alues. The)-.25 F
+(prece-)2.682 E .235(dence of a message also controls ho)117 722.4 R
+2.734(wd)-.25 G(eli)-2.734 E -.15(ve)-.25 G .234
+(ry status noti\214cations \(DSNs\) are processed for that).15 F 0 Cg EP
%%Page: 23 19
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3233>195.86 E
-/F1 10/Times-Roman@0 SF<6261636b27>102 96 Q 3.628<2774>-.74 G 3.628
-<6f74>-3.628 G 1.128<6865206f726967696e6174696e672073797374656d20746f20
-696e636c75646520746865206f>-3.628 F 1.127<776e6572206f662061207061727469
-63756c61722054435020636f6e6e656374696f6e20696e20746865206175646974>-.25
-F .164<747261696c20697420697320696e206e6f2073656e736520706572666563743b
-20612064657465726d696e656420666f72>102 108 R .164<6765722063616e20656173
-696c792073706f6f6620746865204944454e542070726f746f636f6c2e>-.18 F .165
-<54686520666f6c6c6f>5.165 F<772d>-.25 E
-<696e67206465736372697074696f6e2069732065>102 120 Q
-<78636572707465642066726f6d2052464320313431333a>-.15 E 2.5
-<362e205365637572697479>127 136.2 R<436f6e73696465726174696f6e73>2.5 E
-.006<54686520696e666f726d6174696f6e2072657475726e6564206279207468697320
-70726f746f636f6c206973206174206d6f737420617320747275737477>127 152.4 R
-<6f727468>-.1 E 2.505<7961>-.05 G 2.505<7374>-2.505 G .005
-<686520686f73742070726f>-2.505 F .005<766964696e67206974204f52>-.15 F
-.273<746865206f72>127 164.4 R -.05<6761>-.18 G .273
-<6e697a6174696f6e206f7065726174696e672074686520686f73742e>.05 F -.15
-<466f>5.273 G 2.773<7265>.15 G .274
-<78616d706c652c206120504320696e20616e206f70656e206c616220686173206665>
--2.923 F 2.774<7769>-.25 G 2.774<6661>-2.774 G .574 -.15<6e792063>-2.774
-H<6f6e74726f6c73>.15 E .987<6f6e20697420746f20707265>127 176.4 R -.15
-<7665>-.25 G .986<6e74206120757365722066726f6d206861>.15 F .986
-<76696e6720746869732070726f746f636f6c2072657475726e20616e>-.2 F 3.486
-<7969>-.15 G .986<64656e74698c65722074686520757365722077>-3.486 F 3.486
-<616e74732e204c696b>-.1 F<652d>-.1 E 1.441<776973652c206966207468652068
-6f737420686173206265656e20636f6d70726f6d697365642074686520696e666f726d61
-74696f6e2072657475726e6564206d617920626520636f6d706c6574656c79206572726f
-2d>127 188.4 R<6e656f757320616e64206d69736c656164696e672e>127 200.4 Q
-.521<546865204964656e74698c636174696f6e2050726f746f636f6c206973206e6f74
-20696e74656e64656420617320616e20617574686f72697a6174696f6e206f7220616363
-65737320636f6e74726f6c2070726f746f636f6c2e>127 216.6 R<4174>5.52 E 1.036
-<626573742c2069742070726f>127 228.6 R 1.037<766964657320736f6d6520616464
-6974696f6e616c206175646974696e6720696e666f726d6174696f6e2077697468207265
-737065637420746f2054435020636f6e6e656374696f6e732e>-.15 F<4174>6.037 E
--.1<776f>127 240.6 S<7273742c2069742063616e2070726f>.1 E<76696465206d69
-736c656164696e672c20696e636f72726563742c206f72206d616c6963696f75736c7920
-696e636f727265637420696e666f726d6174696f6e2e>-.15 E 1.006<54686520757365
-206f662074686520696e666f726d6174696f6e2072657475726e65642062792074686973
-2070726f746f636f6c20666f72206f74686572207468616e206175646974696e67206973
-207374726f6e676c79206469732d>127 256.8 R 2.697
-<636f7572616765642e2053706563698c63616c6c79>127 268.8 R 2.697<2c75>-.65
-G .197<73696e67204964656e74698c636174696f6e2050726f746f636f6c20696e666f
-726d6174696f6e20746f206d616b>-2.697 F 2.697<6561>-.1 G .197
-<636365737320636f6e74726f6c20646563692d>-2.697 F .514<73696f6e73202d2065
-697468657220617320746865207072696d617279206d6574686f642028692e652e2c206e
-6f206f7468657220636865636b7329206f7220617320616e2061646a756e637420746f20
-6f74686572206d6574686f6473>127 280.8 R
-<6d617920726573756c7420696e2061207765616b>127 292.8 Q
-<656e696e67206f66206e6f726d616c20686f7374207365637572697479>-.1 E<2e>
--.65 E 1.778<416e204964656e74698c636174696f6e2073657276>127 309 R 1.778
-<6572206d6179207265>-.15 F -.15<7665>-.25 G 1.778<616c20696e666f726d6174
-696f6e2061626f75742075736572732c20656e7469746965732c206f626a65637473206f
-722070726f636573736573>.15 F .337<7768696368206d69676874206e6f726d616c6c
-7920626520636f6e7369646572656420707269>127 321 R -.25<7661>-.25 G 2.836
-<74652e20416e>.25 F .336<4964656e74698c636174696f6e2073657276>2.836 F
-.336<65722070726f>-.15 F .336<76696465732073657276696365207768696368>
--.15 F .806<6973206120726f75676820616e616c6f67206f66207468652043616c6c65
-7249442073657276696365732070726f>127 333 R .806<766964656420627920736f6d
-652070686f6e6520636f6d70616e69657320616e64206d616e>-.15 F 3.306<796f>
--.15 G<66>-3.306 E 1.398<7468652073616d6520707269>127 345 R -.25<7661>
--.25 G 1.698 -.15<63792063>.25 H 1.398
-<6f6e73696465726174696f6e7320616e64206172>.15 F 1.398<67756d656e74732074
-686174206170706c7920746f207468652043616c6c657249442073657276696365206170
-706c7920746f>-.18 F 3.545<4964656e74698c636174696f6e2e204966>127 357 R
-1.045<796f752077>3.545 F<6f756c646e27>-.1 E 3.545<7472>-.18 G 1.045
-<756e206120228c6e676572222073657276>-3.545 F 1.046
-<65722064756520746f20707269>-.15 F -.25<7661>-.25 G 1.346 -.15<63792063>
-.25 H 1.046<6f6e73696465726174696f6e7320796f75206d6179>.15 F<6e6f742077>
-127 369 Q<616e7420746f2072756e20746869732070726f746f636f6c2e>-.1 E .377
-<496e20736f6d6520636173657320796f75722073797374656d206d6179206e6f742077>
-102 385.2 R .377<6f726b2070726f7065726c792077697468204944454e5420737570
-706f72742064756520746f20612062>-.1 F .376
-<756720696e20746865205443502f4950>-.2 F 3.675
-<696d706c656d656e746174696f6e2e20546865>102 397.2 R 1.175<73796d70746f6d
-732077696c6c206265207468617420666f7220736f6d6520686f7374732074686520534d
-545020636f6e6e656374696f6e2077696c6c20626520636c6f736564>3.675 F .566
-<616c6d6f737420696d6d6564696174656c79>102 409.2 R 5.566<2e49>-.65 G
-3.066<6674>-5.566 G .565
-<6869732069732074727565206f7220696620796f7520646f206e6f742077>-3.066 F
-.565<616e7420746f20757365204944454e54>-.1 F 3.065<2c79>-.74 G .565
-<6f752073686f756c642073657420746865204944454e54>-3.065 F<74696d656f7574
-20746f207a65726f3b20746869732077696c6c2064697361626c6520746865204944454e
-542070726f746f636f6c2e>102 421.2 Q F0 2.5<332e20415247554d454e5453>72
-445.2 R F1 .017<54686520636f6d706c657465206c697374206f66206172>112 461.4
-R .017<67756d656e747320746f>-.18 F/F2 10/Times-Italic@0 SF
-<73656e646d61696c>2.517 E F1 .017<69732064657363726962656420696e20646574
-61696c20696e20417070656e64697820412e>2.517 F .018
-<536f6d6520696d706f7274616e74>5.018 F<6172>87 473.4 Q
-<67756d656e7473206172652064657363726962656420686572652e>-.18 E F0 2.5
-<332e312e205175657565>87 497.4 R<496e746572>2.5 E -.1<7661>-.1 G<6c>.1 E
-F1 .455<54686520616d6f756e74206f662074696d65206265747765656e20666f726b69
-6e6720612070726f6365737320746f2072756e207468726f756768207468652071756575
-652069732064658c6e656420627920746865>127 513.6 R F0<ad71>2.955 E F1
-2.675<8d61672e204966>102 525.6 R .175
-<796f752072756e20776974682064656c69>2.675 F -.15<7665>-.25 G .175
-<7279206d6f64652073657420746f>.15 F F0<69>2.675 E F1<6f72>2.675 E F0<62>
-2.675 E F1 .176<746869732063616e2062652072656c617469>2.675 F -.15<7665>
--.25 G .176<6c79206c6172>.15 F .176
-<67652c2073696e63652069742077696c6c206f6e6c792062652072656c2d>-.18 F
--.25<657661>102 537.6 S .207<6e74207768656e206120686f737420746861742077>
-.25 F .207<617320646f>-.1 F .207<776e20636f6d6573206261636b2075702e>-.25
-F .206<496620796f752072756e20696e>5.207 F F0<71>2.706 E F1 .206
-<6d6f64652069742073686f756c642062652072656c617469>2.706 F -.15<7665>-.25
-G .206<6c792073686f72742c>.15 F 1.039<73696e63652069742064658c6e65732074
-6865206d6178696d756d20616d6f756e74206f662074696d6520746861742061206d6573
-73616765206d61792073697420696e207468652071756575652e>102 549.6 R 1.039
-<2853656520616c736f20746865>6.039 F
-<4d696e5175657565416765206f7074696f6e2e29>102 561.6 Q 1.336<524643203131
-32332073656374696f6e20352e332e312e312073617973207468617420746869732076>
-127 577.8 R 1.335<616c75652073686f756c64206265206174206c6561737420333020
-6d696e757465732028616c74686f7567682074686174>-.25 F
-<70726f6261626c7920646f65736e27>102 589.8 Q 2.5<746d>-.18 G<616b>-2.5 E
-2.5<6573>-.1 G<656e736520696620796f75207573652060>-2.5 E
-<6071756575652d6f6e6c7927>-.74 E 2.5<276d>-.74 G<6f6465292e>-2.5 E .364
-<4e6f746963653a20746865206d65616e696e67206f662074686520696e74657276>127
-606 R .364<616c2074696d6520646570656e6473206f6e2077686574686572206e6f72
-6d616c2071756575652072756e6e657273206f72207065727369732d>-.25 F .208
-<74656e742071756575652072756e6e6572732061726520757365642e>102 618 R -.15
-<466f>5.208 G 2.708<7274>.15 G .208<686520666f726d6572>-2.708 F 2.708
-<2c69>-.4 G 2.708<7469>-2.708 G 2.708<7374>-2.708 G .208<68652074696d65
-206265747765656e2073756273657175656e7420737461727473206f6620612071756575
-652072756e2e>-2.708 F -.15<466f>102 630 S 3.349<7274>.15 G .849
-<6865206c6174746572>-3.349 F 3.349<2c69>-.4 G 3.349<7469>-3.349 G 3.349
-<7374>-3.349 G .849<68652074696d652073656e646d61696c2077>-3.349 F .85<61
-69747320616674657220612070657273697374656e742071756575652072756e6e657220
-686173208c6e6973686564206974732077>-.1 F .85<6f726b20746f>-.1 F .411
-<737461727420746865206e65>102 642 R .411<7874206f6e652e>-.15 F .411<4865
-6e636520666f722070657273697374656e742071756575652072756e6e65727320746869
-7320696e74657276>5.411 F .41<616c2073686f756c642062652076>-.25 F .41
-<657279206c6f>-.15 F 1.71 -.65<772c2074>-.25 H .41
-<79706963616c6c79206e6f>.65 F<6d6f7265207468616e207477>102 654 Q 2.5
-<6f6d>-.1 G<696e757465732e>-2.5 E F0 2.5<332e322e204461656d6f6e>87 678 R
-<4d6f6465>2.5 E F1 .084<496620796f7520616c6c6f>127 694.2 R 2.584<7769>
--.25 G .084<6e636f6d696e67206d61696c206f>-2.584 F -.15<7665>-.15 G 2.585
-<7261>.15 G 2.585<6e49>-2.585 G .085
-<504320636f6e6e656374696f6e2c20796f752073686f756c64206861>-2.585 F .385
--.15<766520612064>-.2 H .085<61656d6f6e2072756e6e696e672e>.15 F
-<54686973>5.085 E .07<73686f756c642062652073657420627920796f7572>102
-706.2 R F2<2f6574632f72>2.57 E<63>-.37 E F1 .07
-<8c6c65207573696e6720746865>2.57 F F0<ad6264>2.57 E F1 2.569
-<8d61672e20546865>2.57 F F0<ad6264>2.569 E F1 .069
-<8d616720616e6420746865>2.569 F F0<ad71>2.569 E F1 .069
-<8d6167206d617920626520636f6d62696e6564>2.569 F
-<696e206f6e652063616c6c3a>102 718.2 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-23)195.86 E/F1 10/Times-Roman@0 SF(message.)117 96 Q F0 2.5
+(2.10. IDENT)87 120 R(Pr)2.5 E(otocol Support)-.18 E/F2 10
+/Times-Italic@0 SF(Sendmail)127 136.2 Q F1 .745
+(supports the IDENT protocol as de\214ned in RFC 1413.)3.245 F .746
+(Note that the RFC states a)5.745 F 1.361(client should w)102 148.2 R
+1.361(ait at least 30 seconds for a response.)-.1 F 1.36(The def)6.361 F
+1.36(ault T)-.1 F 1.36(imeout.ident is 5 seconds as)-.35 F(man)102 160.2
+Q 3.024(ys)-.15 G .524(ites ha)-3.024 F .824 -.15(ve a)-.2 H .524
+(dopted the practice of dropping IDENT queries.).15 F .524
+(This has lead to delays process-)5.524 F .452(ing mail.)102 172.2 R
+.452(Although this enhances identi\214cation of the author of an email \
+message by doing a `)5.452 F(`call)-.74 E(back')102 184.2 Q 3.627('t)
+-.74 G 3.627(ot)-3.627 G 1.127(he originating system to include the o)
+-3.627 F 1.128(wner of a particular TCP connection in the audit)-.25 F
+.164(trail it is in no sense perfect; a determined for)102 196.2 R .164
+(ger can easily spoof the IDENT protocol.)-.18 F .164(The follo)5.164 F
+(w-)-.25 E(ing description is e)102 208.2 Q(xcerpted from RFC 1413:)-.15
+E 2.5(6. Security)127 224.4 R(Considerations)2.5 E .005
+(The information returned by this protocol is at most as trustw)127
+240.6 R(orth)-.1 E 2.506(ya)-.05 G 2.506(st)-2.506 G .006(he host pro)
+-2.506 F .006(viding it OR)-.15 F .274(the or)127 252.6 R -.05(ga)-.18 G
+.274(nization operating the host.).05 F -.15(Fo)5.274 G 2.774(re).15 G
+.273(xample, a PC in an open lab has fe)-2.924 F 2.773(wi)-.25 G 2.773
+(fa)-2.773 G .573 -.15(ny c)-2.773 H(ontrols).15 E .986(on it to pre)127
+264.6 R -.15(ve)-.25 G .986(nt a user from ha).15 F .986
+(ving this protocol return an)-.2 F 3.486(yi)-.15 G .987
+(denti\214er the user w)-3.486 F 3.487(ants. Lik)-.1 F(e-)-.1 E 1.441(w\
+ise, if the host has been compromised the information returned may be c\
+ompletely erro-)127 276.6 R(neous and misleading.)127 288.6 Q .521(The \
+Identi\214cation Protocol is not intended as an authorization or access\
+ control protocol.)127 304.8 R(At)5.521 E 1.037(best, it pro)127 316.8 R
+1.037(vides some additional auditing information with respect to TCP co\
+nnections.)-.15 F(At)6.036 E -.1(wo)127 328.8 S(rst, it can pro).1 E
+(vide misleading, incorrect, or maliciously incorrect information.)-.15
+E 1.006(The use of the information returned by this protocol for other \
+than auditing is strongly dis-)127 345 R 2.697(couraged. Speci\214cally)
+127 357 R 2.697(,u)-.65 G .197
+(sing Identi\214cation Protocol information to mak)-2.697 F 2.697(ea)-.1
+G .197(ccess control deci-)-2.697 F .514(sions - either as the primary \
+method \(i.e., no other checks\) or as an adjunct to other methods)127
+369 R(may result in a weak)127 381 Q(ening of normal host security)-.1 E
+(.)-.65 E 1.779(An Identi\214cation serv)127 397.2 R 1.778(er may re)
+-.15 F -.15(ve)-.25 G 1.778
+(al information about users, entities, objects or processes).15 F .336
+(which might normally be considered pri)127 409.2 R -.25(va)-.25 G 2.836
+(te. An).25 F .337(Identi\214cation serv)2.836 F .337(er pro)-.15 F .337
+(vides service which)-.15 F .806
+(is a rough analog of the CallerID services pro)127 421.2 R .806
+(vided by some phone companies and man)-.15 F 3.306(yo)-.15 G(f)-3.306 E
+1.397(the same pri)127 433.2 R -.25(va)-.25 G 1.697 -.15(cy c).25 H
+1.397(onsiderations and ar).15 F 1.398
+(guments that apply to the CallerID service apply to)-.18 F 3.546
+(Identi\214cation. If)127 445.2 R 1.046(you w)3.546 F(ouldn')-.1 E 3.546
+(tr)-.18 G 1.045(un a "\214nger" serv)-3.546 F 1.045(er due to pri)-.15
+F -.25(va)-.25 G 1.345 -.15(cy c).25 H 1.045(onsiderations you may).15 F
+(not w)127 457.2 Q(ant to run this protocol.)-.1 E .376
+(In some cases your system may not w)102 473.4 R .377
+(ork properly with IDENT support due to a b)-.1 F .377(ug in the TCP/IP)
+-.2 F 3.675(implementation. The)102 485.4 R 1.175(symptoms will be that\
+ for some hosts the SMTP connection will be closed)3.675 F .565
+(almost immediately)102 497.4 R 5.565(.I)-.65 G 3.065(ft)-5.565 G .565
+(his is true or if you do not w)-3.065 F .565(ant to use IDENT)-.1 F
+3.066(,y)-.74 G .566(ou should set the IDENT)-3.066 F
+(timeout to zero; this will disable the IDENT protocol.)102 509.4 Q F0
+2.5(3. ARGUMENTS)72 533.4 R F1 .018(The complete list of ar)112 549.6 R
+.018(guments to)-.18 F F2(sendmail)2.517 E F1 .017
+(is described in detail in Appendix A.)2.517 F .017(Some important)5.017
+F(ar)87 561.6 Q(guments are described here.)-.18 E F0 2.5(3.1. Queue)87
+585.6 R(Inter)2.5 E -.1(va)-.1 G(l).1 E F1 .455(The amount of time betw\
+een forking a process to run through the queue is de\214ned by the)127
+601.8 R F0<ad71>2.956 E F1 2.676(\215ag. If)102 613.8 R .176
+(you run with deli)2.676 F -.15(ve)-.25 G .176(ry mode set to).15 F F0
+(i)2.676 E F1(or)2.676 E F0(b)2.675 E F1 .175(this can be relati)2.675 F
+-.15(ve)-.25 G .175(ly lar).15 F .175(ge, since it will only be rel-)
+-.18 F -.25(eva)102 625.8 S .206(nt when a host that w).25 F .206(as do)
+-.1 F .206(wn comes back up.)-.25 F .207(If you run in)5.206 F F0(q)
+2.707 E F1 .207(mode it should be relati)2.707 F -.15(ve)-.25 G .207
+(ly short,).15 F 1.039(since it de\214nes the maximum amount of time th\
+at a message may sit in the queue.)102 637.8 R 1.038(\(See also the)
+6.039 F(MinQueueAge option.\))102 649.8 Q 1.335
+(RFC 1123 section 5.3.1.1 says that this v)127 666 R 1.336
+(alue should be at least 30 minutes \(although that)-.25 F
+(probably doesn')102 678 Q 2.5(tm)-.18 G(ak)-2.5 E 2.5(es)-.1 G
+(ense if you use `)-2.5 E(`queue-only')-.74 E 2.5('m)-.74 G(ode\).)-2.5
+E .365(Notice: the meaning of the interv)127 694.2 R .364
+(al time depends on whether normal queue runners or persis-)-.25 F .207
+(tent queue runners are used.)102 706.2 R -.15(Fo)5.208 G 2.708(rt).15 G
+.208(he former)-2.708 F 2.708(,i)-.4 G 2.708(ti)-2.708 G 2.708(st)-2.708
+G .208(he time between subsequent starts of a queue run.)-2.708 F -.15
+(Fo)102 718.2 S 3.35(rt).15 G .85(he latter)-3.35 F 3.35(,i)-.4 G 3.35
+(ti)-3.35 G 3.35(st)-3.35 G .85(he time sendmail w)-3.35 F .849
+(aits after a persistent queue runner has \214nished its w)-.1 F .849
+(ork to)-.1 F 0 Cg EP
%%Page: 24 20
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d32342053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF
-<2f7573722f7362696e2f73656e646d61696c20ad626420ad7133306d>142 96 Q 1.14
-<416e20616c7465726e617469>127 116.4 R 1.44 -.15<76652061>-.25 H 1.14
-<7070726f61636820697320746f20696e>.15 F -.2<766f>-.4 G 1.341 -.1
-<6b652073>.2 H 1.141<656e646d61696c2066726f6d>.1 F/F2 10/Times-Italic@0
-SF<696e657464>3.641 E F1 1.141<283829202875736520746865>B F0<ad6273>
-3.641 E F1 1.141<ad416d208d61677320746f2061736b>2.5 F 1.34<73656e646d61
-696c20746f20737065616b20534d5450206f6e20697473207374616e6461726420696e70
-757420616e64206f757470757420616e6420746f2072756e206173204d54>102 128.4 R
-3.839<41292e2054686973>-.93 F -.1<776f>3.839 G 1.339<726b7320616e64>.1 F
-<616c6c6f>102 140.4 Q .322<777320796f7520746f2077726170>-.25 F F2
-<73656e646d61696c>2.822 E F1 .323
-<696e20612054435020777261707065722070726f6772616d2c2062>2.823 F .323
-<7574206d617920626520612062697420736c6f>-.2 F .323
-<7765722073696e63652074686520636f6e8c67752d>-.25 F .346
-<726174696f6e208c6c652068617320746f2062652072652d72656164206f6e2065>102
-152.4 R -.15<7665>-.25 G .346
-<7279206d657373616765207468617420636f6d657320696e2e>.15 F .345<49662079
-6f7520646f20746869732c20796f75207374696c6c206e65656420746f206861>5.346 F
-.645 -.15<76652061>-.2 H F2<73656e646d61696c>102 164.4 Q F1
-<72756e6e696e6720746f208d757368207468652071756575653a>2.5 E
-<2f7573722f7362696e2f73656e646d61696c20ad7133306d>142 180.6 Q F0 2.5
-<332e332e2046>87 208.8 R<6f72>-.25 E<63696e6720746865205175657565>-.18 E
-F1 .04<496e20736f6d6520636173657320796f75206d6179208c6e6420746861742074
-68652071756575652068617320676f7474656e20636c6f6767656420666f7220736f6d65
-20726561736f6e2e>127 225 R -1.1<596f>5.04 G 2.54<7563>1.1 G .04
-<616e20666f726365>-2.54 F 3.185<6171>102 237 S .685
-<756575652072756e207573696e6720746865>-3.185 F F0<ad71>3.184 E F1 .684
-<8d6167202877697468206e6f2076>3.184 F 3.184<616c7565292e204974>-.25 F
-.684<697320656e7465727461696e696e6720746f2075736520746865>3.184 F F0
-<ad76>3.184 E F1 .684<8d6167202876>3.184 F .684
-<6572626f736529207768656e>-.15 F<7468697320697320646f6e6520746f2077>102
-249 Q<6174636820776861742068617070656e733a>-.1 E
-<2f7573722f7362696e2f73656e646d61696c20ad7120ad76>142 265.2 Q -1.1<596f>
-127 285.6 S 2.999<7563>1.1 G .499<616e20616c736f206c696d697420746865206a
-6f627320746f2074686f73652077697468206120706172746963756c6172207175657565
-206964656e74698c6572>-2.999 F 3<2c72>-.4 G .5
-<6563697069656e742c2073656e646572>-3 F 3<2c71>-.4 G<756172>-3 E<2d>-.2 E
-2.097<616e74696e6520726561736f6e2c206f722071756575652067726f757020757369
-6e67206f6e65206f6620746865207175657565206d6f64698c6572732e>102 297.6 R
--.15<466f>7.097 G 4.597<7265>.15 G 2.096
-<78616d706c652c2099ad71526265726b>-4.747 F<656c65>-.1 E<799a>-.15 E
-1.363<726573747269637473207468652071756575652072756e20746f206a6f62732074
-686174206861>102 309.6 R 1.664 -.15<76652074>-.2 H 1.364
-<686520737472696e6720996265726b>.15 F<656c65>-.1 E 1.364<799a20736f6d65>
--.15 F 1.364<776865726520696e206f6e65206f662074686520726563697069656e74>
--.25 F 2.843<6164647265737365732e2053696d696c61726c79>102 321.6 R 2.843
-<2c99>-.65 G .342<ad7153737472696e679a206c696d697473207468652072756e2074
-6f20706172746963756c61722073656e646572732c2099ad7149737472696e679a206c69
-6d69747320697420746f207061727469632d>-2.843 F .408<756c6172207175657565
-206964656e74698c6572732c20616e642099ad7151737472696e679a206c696d69747320
-697420746f20706172746963756c61722071756172616e74696e656420726561736f6e73
-20616e64206f6e6c79206f70657261746564>102 333.6 R 1.748<6f6e207175617261
-6e74696e6564207175657565206974656d732c20616e642099ad7147737472696e679a20
-6c696d69747320697420746f206120706172746963756c61722071756575652067726f75
-702e>102 345.6 R 1.747<546865206e616d6564>6.747 F .388
-<71756575652067726f75702077696c6c2062652072756e2065>102 357.6 R -.15
-<7665>-.25 G 2.888<6e69>.15 G 2.888<6669>-2.888 G 2.888<7469>-2.888 G
-2.888<7373>-2.888 G .388<657420746f206861>-2.888 F .688 -.15
-<766520302072>-.2 H 2.888<756e6e6572732e2059>.15 F .388
-<6f75206d617920616c736f20706c61636520616e>-1.1 F F0<21>2.889 E F1 .389
-<6265666f726520746865>5.389 F F0<49>2.889 E F1<6f72>2.889 E F0<52>102
-369.6 Q F1<6f72>3.053 E F0<53>3.053 E F1<6f72>3.053 E F0<51>3.053 E F1
-.552<746f20696e6469636174652074686174206a6f627320617265206c696d69746564
-20746f206e6f7420696e636c7564696e67206120706172746963756c6172207175657565
-206964656e74698c6572>3.052 F 3.052<2c72>-.4 G<6563697069656e74>-3.052 E
-.251<6f722073656e646572>102 381.6 R 5.251<2e46>-.55 G .251<6f722065>
--5.401 F .252<78616d706c652c2099ad71215273656174746c659a206c696d69747320
-7468652071756575652072756e20746f206a6f6273207468617420646f206e6f74206861>
--.15 F .552 -.15<76652074>-.2 H .252<686520737472696e672099736561742d>
-.15 F .297<746c659a20736f6d65>102 393.6 R .297<776865726520696e206f6e65
-206f662074686520726563697069656e74206164647265737365732e>-.25 F .297<53
-686f756c6420796f75206e65656420746f207465726d696e617465207468652071756575
-65206a6f627320637572>5.297 F<2d>-.2 E<72656e746c792061637469>102 405.6 Q
-.3 -.15<76652074>-.25 H<68656e2061205349475445524d20746f2074686520706172
-656e74206f66207468652070726f6365737320286f722070726f63657373657329207769
-6c6c20636c65616e6c792073746f7020746865206a6f62732e>.15 E F0 2.5
-<332e342e20446562>87 429.6 R<756767696e67>-.2 E F1 .255
-<54686572652061726520612066>127 445.8 R .256<6169726c79206c6172>-.1 F
-.256<6765206e756d626572206f6620646562>-.18 F .256<7567208d6167732062>-.2
-F .256<75696c7420696e746f>-.2 F F2<73656e646d61696c>2.756 E F1 5.256
-<2e45>C .256<61636820646562>-5.256 F .256
-<7567208d6167206861732061206361742d>-.2 F -.15<6567>102 457.8 S .502
-<6f727920616e642061206c65>.15 F -.15<7665>-.25 G 3.002
-<6c2e20486967686572>.15 F<6c65>3.002 E -.15<7665>-.25 G .502
-<6c7320696e63726561736520746865206c65>.15 F -.15<7665>-.25 G 3.002<6c6f>
-.15 G 3.002<6664>-3.002 G<6562>-3.002 E .502<756767696e672061637469>-.2
-F .502<766974793b20696e206d6f73742063617365732c2074686973206d65616e73>
--.25 F .137
-<746f207072696e74206f7574206d6f726520696e666f726d6174696f6e2e>102 469.8
-R .137<54686520636f6e>5.137 F -.15<7665>-.4 G .137
-<6e74696f6e2069732074686174206c65>.15 F -.15<7665>-.25 G .138
-<6c732067726561746572207468616e206e696e652061726520996162737572642c>.15
-F 2.638<9a69>-.7 G .138<2e652e2c20746865>-2.638 F<79>-.15 E .87<7072696e
-74206f757420736f206d75636820696e666f726d6174696f6e207468617420796f752077>
-102 481.8 R<6f756c646e27>-.1 E 3.369<746e>-.18 G .869
-<6f726d616c6c792077>-3.369 F .869<616e7420746f20736565207468656d2065>-.1
-F .869<786365707420666f7220646562>-.15 F<756767696e67>-.2 E
-<7468617420706172746963756c6172207069656365206f6620636f64652e>102 493.8
-Q -1.1<596f>127 510 S 2.866<7573>1.1 G<686f756c64>-2.866 E F0<6e65>2.866
-E -.1<7665>-.15 G<72>.1 E F1 .366
-<72756e20612070726f64756374696f6e2073656e646d61696c2073657276>2.866 F
-.366<657220696e20646562>-.15 F .366<7567206d6f64652e>-.2 F<4d616e>5.366
-E 2.866<796f>-.15 G 2.866<6674>-2.866 G .366<686520646562>-2.866 F .366
-<7567208d616773>-.2 F .907<77696c6c20726573756c7420696e20646562>102 522
-R .907<7567206f7574707574206265696e672073656e74206f>-.2 F -.15<7665>-.15
-G 3.407<7274>.15 G .907
-<686520534d5450206368616e6e656c20756e6c65737320746865206f7074696f6e>
--3.407 F F0<ad44>3.407 E F1 .907<697320757365642e>3.407 F<54686973>5.907
-E 1.225<77696c6c20636f6e66757365206d616e>102 534 R 3.725<796d>-.15 G
-1.225<61696c2070726f6772616d732e>-3.725 F<486f>6.225 E<7765>-.25 E -.15
-<7665>-.25 G 2.025 -.4<722c2066>.15 H 1.225<6f722074657374696e6720707572
-706f7365732c2069742063616e2062652075736566756c207768656e2073656e64696e67>
-.4 F<6d61696c206d616e75616c6c79207669612074656c6e657420746f207468652070
-6f727420796f7520617265207573696e67207768696c6520646562>102 546 Q
-<756767696e672e>-.2 E 2.754<4164>127 562.2 S<6562>-2.754 E .254
-<75672063617465>-.2 F .254<676f72792069732065697468657220616e20696e7465>
--.15 F<676572>-.15 E 2.754<2c6c>-.4 G<696b>-2.754 E 2.754<6534>-.1 G
-.254<322c206f722061206e616d652c206c696b>-2.754 F 2.754<6541>-.1 G 2.754
-<4e53492e2059>-2.754 F .254
-<6f752063616e207370656369667920612072616e6765>-1.1 F .928
-<6f66206e756d6572696320646562>102 574.2 R .928<75672063617465>-.2 F .928
-<676f72696573207573696e67207468652073796e7461782031372d34322e>-.15 F
--1.1<596f>5.928 G 3.428<7563>1.1 G .928
-<616e2073706563696679206120736574206f66206e616d656420646562>-3.428 F
-.929<756720636174652d>-.2 F .484
-<676f72696573207573696e67206120676c6f62207061747465726e206c696b>102
-586.2 R 2.984<6599>-.1 G 2.984<736d5f74726163655f2a9a2e204174>-2.984 F
-.484<70726573656e742c206f6e6c7920992a9a20616e6420993f9a>2.984 F .483
-<61726520737570706f7274656420696e207468657365>5.483 F
-<676c6f62207061747465726e732e>102 598.2 Q<446562>127 614.4 Q
-<7567208d6167732061726520736574207573696e6720746865>-.2 E F0<ad64>2.5 E
-F1<6f7074696f6e3b207468652073796e7461782069733a>2.5 E<646562>142 630.6 Q
-<75672d8d61673a>-.2 E F0<ad64>36.78 E F1<646562>2.5 E<75672d6c697374>-.2
-E<646562>142 642.6 Q 37.05<75672d6c6973743a20646562>-.2 F
-<75672d6f7074696f6e205b202c20646562>-.2 E<75672d6f7074696f6e205d2a>-.2 E
-<646562>142 654.6 Q 23.72<75672d6f7074696f6e3a20646562>-.2 F
-<75672d63617465>-.2 E<676f72696573205b202e20646562>-.15 E<75672d6c65>-.2
-E -.15<7665>-.25 G 2.5<6c5d>.15 G<646562>142 666.6 Q<75672d63617465>-.2
-E 8.89<676f726965733a20696e7465>-.15 F<676572207c20696e7465>-.15 E
-<67657220ad20696e7465>-.15 E<676572207c2063617465>-.15 E
-<676f72792d7061747465726e>-.15 E<63617465>142 678.6 Q 11.47<676f72792d70
-61747465726e3a205b612d7a412d5a5f2a3f5d5b612d7a412d5a302d395f2a3f5d2a>
--.15 F<646562>142 690.6 Q<75672d6c65>-.2 E -.15<7665>-.25 G 30.24
-<6c3a20696e7465>.15 F<676572>-.15 E<776865726520737061636573206172652066
-6f722072656164696e672065617365206f6e6c79>102 706.8 Q 5<2e46>-.65 G
-<6f722065>-5.15 E<78616d706c652c>-.15 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-24 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .41
+(start the ne)102 96 R .41(xt one.)-.15 F .411
+(Hence for persistent queue runners this interv)5.41 F .411
+(al should be v)-.25 F .411(ery lo)-.15 F 1.711 -.65(w, t)-.25 H .411
+(ypically no).65 F(more than tw)102 108 Q 2.5(om)-.1 G(inutes.)-2.5 E F0
+2.5(3.2. Daemon)87 132 R(Mode)2.5 E F1 .085(If you allo)127 148.2 R
+2.585(wi)-.25 G .085(ncoming mail o)-2.585 F -.15(ve)-.15 G 2.585(ra).15
+G 2.585(nI)-2.585 G .085(PC connection, you should ha)-2.585 F .384 -.15
+(ve a d)-.2 H .084(aemon running.).15 F(This)5.084 E .069
+(should be set by your)102 160.2 R/F2 10/Times-Italic@0 SF(/etc/r)2.569
+E(c)-.37 E F1 .069(\214le using the)2.569 F F0(\255bd)2.569 E F1 2.57
+(\215ag. The)2.569 F F0(\255bd)2.57 E F1 .07(\215ag and the)2.57 F F0
+<ad71>2.57 E F1 .07(\215ag may be combined)2.57 F(in one call:)102 172.2
+Q(/usr/sbin/sendmail \255bd \255q30m)142 188.4 Q 1.141(An alternati)127
+208.8 R 1.441 -.15(ve a)-.25 H 1.141(pproach is to in).15 F -.2(vo)-.4 G
+1.341 -.1(ke s).2 H 1.141(endmail from).1 F F2(inetd)3.641 E F1 1.141
+(\(8\) \(use the)B F0(\255bs)3.64 E F1 1.14(\255Am \215ags to ask)2.5 F
+1.339(sendmail to speak SMTP on its standard input and output and to ru\
+n as MT)102 220.8 R 3.84(A\). This)-.93 F -.1(wo)3.84 G 1.34(rks and).1
+F(allo)102 232.8 Q .323(ws you to wrap)-.25 F F2(sendmail)2.823 E F1
+.323(in a TCP wrapper program, b)2.823 F .323(ut may be a bit slo)-.2 F
+.322(wer since the con\214gu-)-.25 F .345
+(ration \214le has to be re-read on e)102 244.8 R -.15(ve)-.25 G .346
+(ry message that comes in.).15 F .346
+(If you do this, you still need to ha)5.346 F .646 -.15(ve a)-.2 H F2
+(sendmail)102 256.8 Q F1(running to \215ush the queue:)2.5 E
+(/usr/sbin/sendmail \255q30m)142 273 Q F0 2.5(3.3. F)87 301.2 R(or)-.25
+E(cing the Queue)-.18 E F1 .04(In some cases you may \214nd that the qu\
+eue has gotten clogged for some reason.)127 317.4 R -1.1(Yo)5.04 G 2.54
+(uc)1.1 G .04(an force)-2.54 F 3.184(aq)102 329.4 S .684
+(ueue run using the)-3.184 F F0<ad71>3.184 E F1 .684(\215ag \(with no v)
+3.184 F 3.184(alue\). It)-.25 F .684(is entertaining to use the)3.184 F
+F0<ad76>3.185 E F1 .685(\215ag \(v)3.185 F .685(erbose\) when)-.15 F
+(this is done to w)102 341.4 Q(atch what happens:)-.1 E
+(/usr/sbin/sendmail \255q \255v)142 357.6 Q -1.1(Yo)127 378 S 3(uc)1.1 G
+.499
+(an also limit the jobs to those with a particular queue identi\214er)-3
+F 2.999(,r)-.4 G .499(ecipient, sender)-2.999 F 2.999(,q)-.4 G(uar)
+-2.999 E(-)-.2 E 2.097
+(antine reason, or queue group using one of the queue modi\214ers.)102
+390 R -.15(Fo)7.097 G 4.597(re).15 G 2.097(xample, \231\255qRberk)-4.747
+F(ele)-.1 E<799a>-.15 E 1.364(restricts the queue run to jobs that ha)
+102 402 R 1.664 -.15(ve t)-.2 H 1.364(he string \231berk).15 F(ele)-.1 E
+1.364(y\232 some)-.15 F 1.363(where in one of the recipient)-.25 F 2.842
+(addresses. Similarly)102 414 R 2.842<2c99>-.65 G .342(\255qSstring\232\
+ limits the run to particular senders, \231\255qIstring\232 limits it t\
+o partic-)-2.842 F .408(ular queue identi\214ers, and \231\255qQstring\
+\232 limits it to particular quarantined reasons and only operated)102
+426 R 1.748(on quarantined queue items, and \231\255qGstring\232 limits\
+ it to a particular queue group.)102 438 R 1.748(The named)6.748 F .389
+(queue group will be run e)102 450 R -.15(ve)-.25 G 2.889(ni).15 G 2.888
+(fi)-2.889 G 2.888(ti)-2.888 G 2.888(ss)-2.888 G .388(et to ha)-2.888 F
+.688 -.15(ve 0 r)-.2 H 2.888(unners. Y).15 F .388(ou may also place an)
+-1.1 F F0(!)2.888 E F1 .388(before the)5.388 F F0(I)2.888 E F1(or)2.888
+E F0(R)102 462 Q F1(or)3.052 E F0(S)3.052 E F1(or)3.052 E F0(Q)3.052 E
+F1 .552(to indicate that jobs are limited to not including a particular\
+ queue identi\214er)3.052 F 3.053(,r)-.4 G(ecipient)-3.053 E .252
+(or sender)102 474 R 5.252(.F)-.55 G .252(or e)-5.402 F .252(xample, \
+\231\255q!Rseattle\232 limits the queue run to jobs that do not ha)-.15
+F .551 -.15(ve t)-.2 H .251(he string \231seat-).15 F .296(tle\232 some)
+102 486 R .297(where in one of the recipient addresses.)-.25 F .297
+(Should you need to terminate the queue jobs cur)5.297 F(-)-.2 E
+(rently acti)102 498 Q .3 -.15(ve t)-.25 H(hen a SIGTERM to the parent \
+of the process \(or processes\) will cleanly stop the jobs.).15 E F0 2.5
+(3.4. Deb)87 522 R(ugging)-.2 E F1 .256(There are a f)127 538.2 R .256
+(airly lar)-.1 F .256(ge number of deb)-.18 F .256(ug \215ags b)-.2 F
+.256(uilt into)-.2 F F2(sendmail)2.756 E F1 5.256(.E)C .256(ach deb)
+-5.256 F .256(ug \215ag has a cat-)-.2 F -.15(eg)102 550.2 S .501
+(ory and a le).15 F -.15(ve)-.25 G 3.002(l. Higher).15 F(le)3.002 E -.15
+(ve)-.25 G .502(ls increase the le).15 F -.15(ve)-.25 G 3.002(lo).15 G
+3.002(fd)-3.002 G(eb)-3.002 E .502(ugging acti)-.2 F .502
+(vity; in most cases, this means)-.25 F .138
+(to print out more information.)102 562.2 R .138(The con)5.138 F -.15
+(ve)-.4 G .138(ntion is that le).15 F -.15(ve)-.25 G .137
+(ls greater than nine are \231absurd,).15 F 2.637<9a69>-.7 G .137
+(.e., the)-2.637 F(y)-.15 E .869
+(print out so much information that you w)102 574.2 R(ouldn')-.1 E 3.369
+(tn)-.18 G .869(ormally w)-3.369 F .87(ant to see them e)-.1 F .87
+(xcept for deb)-.15 F(ugging)-.2 E(that particular piece of code.)102
+586.2 Q -1.1(Yo)127 602.4 S 2.866(us)1.1 G(hould)-2.866 E F0(ne)2.866 E
+-.1(ve)-.15 G(r).1 E F1 .366(run a production sendmail serv)2.866 F .366
+(er in deb)-.15 F .366(ug mode.)-.2 F(Man)5.366 E 2.866(yo)-.15 G 2.866
+(ft)-2.866 G .366(he deb)-2.866 F .366(ug \215ags)-.2 F .907
+(will result in deb)102 614.4 R .907(ug output being sent o)-.2 F -.15
+(ve)-.15 G 3.407(rt).15 G .907(he SMTP channel unless the option)-3.407
+F F0<ad44>3.407 E F1 .907(is used.)3.407 F(This)5.908 E 1.225
+(will confuse man)102 626.4 R 3.725(ym)-.15 G 1.225(ail programs.)-3.725
+F(Ho)6.225 E(we)-.25 E -.15(ve)-.25 G 2.025 -.4(r, f).15 H 1.225
+(or testing purposes, it can be useful when sending).4 F
+(mail manually via telnet to the port you are using while deb)102 638.4
+Q(ugging.)-.2 E 2.753(Ad)127 654.6 S(eb)-2.753 E .253(ug cate)-.2 F .254
+(gory is either an inte)-.15 F(ger)-.15 E 2.754(,l)-.4 G(ik)-2.754 E
+2.754(e4)-.1 G .254(2, or a name, lik)-2.754 F 2.754(eA)-.1 G 2.754
+(NSI. Y)-2.754 F .254(ou can specify a range)-1.1 F .929(of numeric deb)
+102 666.6 R .928(ug cate)-.2 F .928(gories using the syntax 17-42.)-.15
+F -1.1(Yo)5.928 G 3.428(uc)1.1 G .928(an specify a set of named deb)
+-3.428 F .928(ug cate-)-.2 F .483(gories using a glob pattern lik)102
+678.6 R 2.984<6599>-.1 G 2.984(sm_trace_*\232. At)-2.984 F .484
+(present, only \231*\232 and \231?\232)2.984 F .484
+(are supported in these)5.484 F(glob patterns.)102 690.6 Q(Deb)127 706.8
+Q(ug \215ags are set using the)-.2 E F0<ad64>2.5 E F1
+(option; the syntax is:)2.5 E 0 Cg EP
%%Page: 25 21
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3235>195.86 E
-/F1 10/Times-Roman@0 SF 58.99<ad64313220536574>142 96 R<63617465>2.5 E
-<676f727920313220746f206c65>-.15 E -.15<7665>-.25 G 2.5<6c31>.15 G 51.49
-<ad6431322e3320536574>142 108 R<63617465>2.5 E
-<676f727920313220746f206c65>-.15 E -.15<7665>-.25 G 2.5<6c33>.15 G 48.35
-<ad6433ad313720536574>142 120 R<63617465>2.5 E
-<676f726965732033207468726f75676820313720746f206c65>-.15 E -.15<7665>
--.25 G 2.5<6c31>.15 G 40.85<ad6433ad31372e3420536574>142 132 R<63617465>
-2.5 E<676f726965732033207468726f75676820313720746f206c65>-.15 E -.15
-<7665>-.25 G 2.5<6c34>.15 G 45.66<ad64414e534920536574>142 144 R
-<63617465>2.5 E<676f727920414e534920746f206c65>-.15 E -.15<7665>-.25 G
-2.5<6c31>.15 G 15.39<ad64736d5f74726163655f2a2e3320536574>142 156 R
-<616c6c206e616d65642063617465>2.5 E
-<676f72696573206d61746368696e6720736d5f74726163655f2a20746f206c65>-.15 E
--.15<7665>-.25 G 2.5<6c33>.15 G -.15<466f>102 172.2 S 3.283<726163>.15 G
-.783<6f6d706c657465206c697374206f66207468652061>-3.283 F -.25<7661>-.2 G
-.783<696c61626c6520646562>.25 F .783
-<7567208d61677320796f752077696c6c206861>-.2 F 1.083 -.15<76652074>-.2 H
-3.283<6f6c>.15 G .783<6f6f6b2061742074686520636f646520616e6420746865>
--3.283 F/F2 10/Times-Italic@0 SF<545241>3.284 E<43452d>-.3 E<464c41>102
-184.2 Q<4753>-.35 E F1 1.062
-<8c6c6520696e207468652073656e646d61696c2064697374726962>3.562 F 1.062
-<7574696f6e2028746865>-.2 F 3.562<7961>-.15 G 1.062
-<726520746f6f2064796e616d696320746f206b>-3.562 F 1.062
-<656570207468697320646f63756d656e7420757020746f2064617465292e>-.1 F -.15
-<466f>102 196.2 S 2.5<72616c>.15 G<697374206f66206e616d656420646562>-2.5
-E<75672063617465>-.2 E
-<676f7269657320696e207468652073656e646d61696c2062696e617279>-.15 E 2.5
-<2c75>-.65 G<7365>-2.5 E
-<6964656e74202f7573722f7362696e2f73656e646d61696c207c206772657020446562>
-142 212.4 Q<7567>-.2 E F0 2.5<332e352e204368616e67696e67>87 240.6 R
-<7468652056>2.5 E<616c756573206f66204f7074696f6e73>-.92 E F1
-<4f7074696f6e732063616e206265206f>127 256.8 Q -.15<7665>-.15 G
-<7272696464656e207573696e6720746865>.15 E F0<ad6f>2.5 E F1<6f72>2.5 E F0
-<ad4f>2.5 E F1<636f6d6d616e64206c696e65208d6167732e>2.5 E -.15<466f>5 G
-2.5<7265>.15 G<78616d706c652c>-2.65 E
-<2f7573722f7362696e2f73656e646d61696c20ad6f54326d>142 273 Q .02
-<7365747320746865>102 289.2 R F0<54>2.52 E F1 .02
-<2874696d656f757429206f7074696f6e20746f207477>2.52 F 2.52<6f6d>-.1 G
-.021
-<696e7574657320666f7220746869732072756e206f6e6c793b207468652065717569>
--2.52 F -.25<7661>-.25 G .021
-<6c656e74206c696e65207573696e6720746865206c6f6e67206f7074696f6e>.25 F
-<6e616d65206973>102 301.2 Q<2f7573722f7362696e2f73656e646d61696c202d4f>
-142 317.4 Q -.35<5469>-.4 G<6d656f75742e717565756572657475726e3d326d>.35
-E .72<536f6d65206f7074696f6e73206861>127 337.8 R 1.02 -.15<76652073>-.2
-H .72<6563757269747920696d706c69636174696f6e732e>.15 F .72
-<53656e646d61696c20616c6c6f>5.72 F .72
-<777320796f7520746f207365742074686573652c2062>-.25 F .72
-<75742072656c696e71756973686573>-.2 F<697473207365742d75736572>102 351.8
-Q<2d4944206f72207365742d67726f75702d4944207065726d697373696f6e7320746865
-72656166746572>-.2 E/F3 7/Times-Roman@0 SF<3132>-4 I F1<2e>4 I F0 2.5
-<332e362e2054>87 375.8 R<7279696e67206120446966666572>-.74 E
-<656e7420436f6e8c6775726174696f6e2046696c65>-.18 E F1
-<416e20616c7465726e617469>127 392 Q .3 -.15<76652063>-.25 H<6f6e8c677572
-6174696f6e208c6c652063616e2062652073706563698c6564207573696e6720746865>
-.15 E F0<ad43>2.5 E F1<8d61673b20666f722065>2.5 E<78616d706c652c>-.15 E<
-2f7573722f7362696e2f73656e646d61696c20ad43746573742e636620ad6f512f746d70
-2f6d7175657565>142 408.2 Q .68
-<757365732074686520636f6e8c6775726174696f6e208c6c65>102 424.4 R F2
-<746573742e6366>3.18 E F1 .68<696e7374656164206f662074686520646566>3.18
-F<61756c74>-.1 E F2<2f6574632f6d61696c2f73656e646d61696c2e6366>3.18 E
-<2e>-.15 E F1 .68<496620746865>5.68 F F0<ad43>3.18 E F1 .68
-<8d616720686173206e6f>3.18 F -.25<7661>102 436.4 S<6c756520697420646566>
-.25 E<61756c747320746f>-.1 E F2<73656e646d61696c2e6366>2.5 E F1
-<696e207468652063757272656e74206469726563746f7279>2.5 E<2e>-.65 E F2
-<53656e646d61696c>127 452.6 Q F1<6769>2.57 E -.15<7665>-.25 G 2.57<7375>
-.15 G 2.57<7073>-2.57 G<65742d75736572>-2.57 E .071<2d494420726f6f742070
-65726d697373696f6e732028696620697420686173206265656e20696e7374616c6c6564
-207365742d75736572>-.2 F .071<2d494420726f6f7429207768656e>-.2 F .779<79
-6f75207573652074686973208d61672c20736f20697420697320636f6d6d6f6e20746f20
-7573652061207075626c69636c79207772697461626c65206469726563746f7279202873
-756368206173202f746d702920617320746865207175657565>102 464.6 R<64697265
-63746f7279202851756575654469726563746f7279206f722051206f7074696f6e292077
-68696c652074657374696e672e>102 476.6 Q F0 2.5<332e372e204c6f6767696e67>
-87 500.6 R -.74<5472>2.5 G<61668c63>.74 E F1<4d616e>127 516.8 Q 3.254
-<7953>-.15 G .754<4d545020696d706c656d656e746174696f6e7320646f206e6f7420
-66756c6c7920696d706c656d656e74207468652070726f746f636f6c2e>-3.254 F -.15
-<466f>5.754 G 3.254<7265>.15 G .755<78616d706c652c20736f6d6520706572>
--3.404 F<2d>-.2 E 1.178<736f6e616c20636f6d707574657220626173656420534d54
-507320646f206e6f7420756e6465727374616e6420636f6e74696e756174696f6e206c69
-6e657320696e207265706c7920636f6465732e>102 528.8 R 1.177
-<54686573652063616e206265>6.178 F -.15<7665>102 540.8 S .13
-<7279206861726420746f2074726163652e>.15 F .13<496620796f7520737573706563
-74207375636820612070726f626c656d2c20796f752063616e207365742074726166>
-5.13 F .13<8c63206c6f6767696e67207573696e6720746865>-.25 F F0<ad58>2.63
-E F1 2.63<8d61672e2046>2.63 F<6f72>-.15 E -.15<6578>102 552.8 S
-<616d706c652c>.15 E
-<2f7573722f7362696e2f73656e646d61696c20ad58202f746d702f74726166>142 569
-Q<8c6320ad6264>-.25 E<77696c6c206c6f6720616c6c2074726166>102 585.2 Q
-<8c6320696e20746865208c6c65>-.25 E F2<2f746d702f7472>2.5 E<6166>-.15 E
-<8c63>-.18 E F1<2e>A .998
-<54686973206c6f67732061206c6f74206f6620646174612076>127 601.4 R .997
-<65727920717569636b6c7920616e642073686f756c64>-.15 F F0<4e45564552>3.497
-E F1 .997
-<6265207573656420647572696e67206e6f726d616c206f7065726174696f6e732e>
-3.497 F .962<4166746572207374617274696e6720757020737563682061206461656d
-6f6e2c20666f7263652074686520657272616e7420696d706c656d656e746174696f6e20
-746f2073656e642061206d65737361676520746f20796f757220686f73742e>102 613.4
-R .609<416c6c206d6573736167652074726166>102 625.4 R .609
-<8c6320696e20616e64206f7574206f66>-.25 F F2<73656e646d61696c>3.109 E F1
-3.109<2c69>C .609
-<6e636c7564696e672074686520696e636f6d696e6720534d54502074726166>-3.109 F
-.608<8c632c2077696c6c206265206c6f6767656420696e>-.25 F
-<74686973208c6c652e>102 637.4 Q .32 LW 76 669.2 72 669.2 DL 80 669.2 76
-669.2 DL 84 669.2 80 669.2 DL 88 669.2 84 669.2 DL 92 669.2 88 669.2 DL
-96 669.2 92 669.2 DL 100 669.2 96 669.2 DL 104 669.2 100 669.2 DL 108
-669.2 104 669.2 DL 112 669.2 108 669.2 DL 116 669.2 112 669.2 DL 120
-669.2 116 669.2 DL 124 669.2 120 669.2 DL 128 669.2 124 669.2 DL 132
-669.2 128 669.2 DL 136 669.2 132 669.2 DL 140 669.2 136 669.2 DL 144
-669.2 140 669.2 DL 148 669.2 144 669.2 DL 152 669.2 148 669.2 DL 156
-669.2 152 669.2 DL 160 669.2 156 669.2 DL 164 669.2 160 669.2 DL 168
-669.2 164 669.2 DL 172 669.2 168 669.2 DL 176 669.2 172 669.2 DL 180
-669.2 176 669.2 DL 184 669.2 180 669.2 DL 188 669.2 184 669.2 DL 192
-669.2 188 669.2 DL 196 669.2 192 669.2 DL 200 669.2 196 669.2 DL 204
-669.2 200 669.2 DL 208 669.2 204 669.2 DL 212 669.2 208 669.2 DL 216
-669.2 212 669.2 DL/F4 5/Times-Roman@0 SF<3132>93.6 679.6 Q/F5 8
-/Times-Roman@0 SF .497<546861742069732c206974207365747320697473206566>
-3.2 J<6665637469>-.2 E .737 -.12<76652075>-.2 H .497<696420746f20746865
-207265616c207569643b20746875732c20696620796f75206172652065>.12 F -.12
-<7865>-.12 G .497
-<637574696e6720617320726f6f742c2061732066726f6d20726f6f7427>.12 F 2.497
-<7363>-.44 G .497
-<726f6e746162208c6c65206f7220647572696e672073797374656d>-2.497 F<737461
-727475702074686520726f6f74207065726d697373696f6e732077696c6c207374696c6c
-20626520686f6e6f7265642e>72 692.4 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-25)195.86 E/F1 10/Times-Roman@0 SF(deb)142 96 Q(ug-\215ag:)-.2 E
+F0<ad64>36.78 E F1(deb)2.5 E(ug-list)-.2 E(deb)142 108 Q 37.05
+(ug-list: deb)-.2 F(ug-option [ , deb)-.2 E(ug-option ]*)-.2 E(deb)142
+120 Q 23.72(ug-option: deb)-.2 F(ug-cate)-.2 E(gories [ . deb)-.15 E
+(ug-le)-.2 E -.15(ve)-.25 G 2.5(l]).15 G(deb)142 132 Q(ug-cate)-.2 E
+8.89(gories: inte)-.15 F(ger | inte)-.15 E(ger \255 inte)-.15 E
+(ger | cate)-.15 E(gory-pattern)-.15 E(cate)142 144 Q 11.47
+(gory-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]*)-.15 F(deb)142 156 Q(ug-le)-.2
+E -.15(ve)-.25 G 30.24(l: inte).15 F(ger)-.15 E
+(where spaces are for reading ease only)102 172.2 Q 5(.F)-.65 G(or e)
+-5.15 E(xample,)-.15 E 58.99(\255d12 Set)142 188.4 R(cate)2.5 E
+(gory 12 to le)-.15 E -.15(ve)-.25 G 2.5(l1).15 G 51.49(\255d12.3 Set)
+142 200.4 R(cate)2.5 E(gory 12 to le)-.15 E -.15(ve)-.25 G 2.5(l3).15 G
+48.35(\255d3\25517 Set)142 212.4 R(cate)2.5 E(gories 3 through 17 to le)
+-.15 E -.15(ve)-.25 G 2.5(l1).15 G 40.85(\255d3\25517.4 Set)142 224.4 R
+(cate)2.5 E(gories 3 through 17 to le)-.15 E -.15(ve)-.25 G 2.5(l4).15 G
+45.66(\255dANSI Set)142 236.4 R(cate)2.5 E(gory ANSI to le)-.15 E -.15
+(ve)-.25 G 2.5(l1).15 G 15.39(\255dsm_trace_*.3 Set)142 248.4 R
+(all named cate)2.5 E(gories matching sm_trace_* to le)-.15 E -.15(ve)
+-.25 G 2.5(l3).15 G -.15(Fo)102 264.6 S 3.284(rac).15 G .783
+(omplete list of the a)-3.284 F -.25(va)-.2 G .783(ilable deb).25 F .783
+(ug \215ags you will ha)-.2 F 1.083 -.15(ve t)-.2 H 3.283(ol).15 G .783
+(ook at the code and the)-3.283 F/F2 10/Times-Italic@0 SF(TRA)3.283 E
+(CE-)-.3 E(FLA)102 276.6 Q(GS)-.35 E F1 1.062
+(\214le in the sendmail distrib)3.561 F 1.062(ution \(the)-.2 F 3.562
+(ya)-.15 G 1.062(re too dynamic to k)-3.562 F 1.062
+(eep this document up to date\).)-.1 F -.15(Fo)102 288.6 S 2.5(ral).15 G
+(ist of named deb)-2.5 E(ug cate)-.2 E(gories in the sendmail binary)
+-.15 E 2.5(,u)-.65 G(se)-2.5 E(ident /usr/sbin/sendmail | grep Deb)142
+304.8 Q(ug)-.2 E F0 2.5(3.5. Changing)87 333 R(the V)2.5 E
+(alues of Options)-.92 E F1(Options can be o)127 349.2 Q -.15(ve)-.15 G
+(rridden using the).15 E F0<ad6f>2.5 E F1(or)2.5 E F0<ad4f>2.5 E F1
+(command line \215ags.)2.5 E -.15(Fo)5 G 2.5(re).15 G(xample,)-2.65 E
+(/usr/sbin/sendmail \255oT2m)142 365.4 Q .021(sets the)102 381.6 R F0(T)
+2.521 E F1 .021(\(timeout\) option to tw)2.521 F 2.521(om)-.1 G .021
+(inutes for this run only; the equi)-2.521 F -.25(va)-.25 G .02
+(lent line using the long option).25 F(name is)102 393.6 Q
+(/usr/sbin/sendmail -O)142 409.8 Q -.35(Ti)-.4 G(meout.queuereturn=2m)
+.35 E .72(Some options ha)127 430.2 R 1.02 -.15(ve s)-.2 H .72
+(ecurity implications.).15 F .72(Sendmail allo)5.72 F .72
+(ws you to set these, b)-.25 F .72(ut relinquishes)-.2 F(its set-user)
+102 444.2 Q(-ID or set-group-ID permissions thereafter)-.2 E/F3 7
+/Times-Roman@0 SF(12)-4 I F1(.)4 I F0 2.5(3.6. T)87 468.2 R
+(rying a Differ)-.74 E(ent Con\214guration File)-.18 E F1(An alternati)
+127 484.4 Q .3 -.15(ve c)-.25 H
+(on\214guration \214le can be speci\214ed using the).15 E F0<ad43>2.5 E
+F1(\215ag; for e)2.5 E(xample,)-.15 E
+(/usr/sbin/sendmail \255Ctest.cf \255oQ/tmp/mqueue)142 500.6 Q .68
+(uses the con\214guration \214le)102 516.8 R F2(test.cf)3.18 E F1 .68
+(instead of the def)3.18 F(ault)-.1 E F2(/etc/mail/sendmail.cf)3.18 E(.)
+-.15 E F1 .68(If the)5.68 F F0<ad43>3.18 E F1 .68(\215ag has no)3.18 F
+-.25(va)102 528.8 S(lue it def).25 E(aults to)-.1 E F2(sendmail.cf)2.5 E
+F1(in the current directory)2.5 E(.)-.65 E F2(Sendmail)127 545 Q F1(gi)
+2.571 E -.15(ve)-.25 G 2.571(su).15 G 2.571(ps)-2.571 G(et-user)-2.571 E
+.071(-ID root permissions \(if it has been installed set-user)-.2 F .07
+(-ID root\) when)-.2 F .779(you use this \215ag, so it is common to use\
+ a publicly writable directory \(such as /tmp\) as the queue)102 557 R
+(directory \(QueueDirectory or Q option\) while testing.)102 569 Q F0
+2.5(3.7. Logging)87 593 R -.74(Tr)2.5 G(af\214c).74 E F1(Man)127 609.2 Q
+3.255(yS)-.15 G .754
+(MTP implementations do not fully implement the protocol.)-3.255 F -.15
+(Fo)5.754 G 3.254(re).15 G .754(xample, some per)-3.404 F(-)-.2 E 1.178
+(sonal computer based SMTPs do not understand continuation lines in rep\
+ly codes.)102 621.2 R 1.178(These can be)6.178 F -.15(ve)102 633.2 S .13
+(ry hard to trace.).15 F .13
+(If you suspect such a problem, you can set traf)5.13 F .13
+(\214c logging using the)-.25 F F0<ad58>2.63 E F1 2.63(\215ag. F)2.63 F
+(or)-.15 E -.15(ex)102 645.2 S(ample,).15 E .32 LW 76 669.2 72 669.2 DL
+80 669.2 76 669.2 DL 84 669.2 80 669.2 DL 88 669.2 84 669.2 DL 92 669.2
+88 669.2 DL 96 669.2 92 669.2 DL 100 669.2 96 669.2 DL 104 669.2 100
+669.2 DL 108 669.2 104 669.2 DL 112 669.2 108 669.2 DL 116 669.2 112
+669.2 DL 120 669.2 116 669.2 DL 124 669.2 120 669.2 DL 128 669.2 124
+669.2 DL 132 669.2 128 669.2 DL 136 669.2 132 669.2 DL 140 669.2 136
+669.2 DL 144 669.2 140 669.2 DL 148 669.2 144 669.2 DL 152 669.2 148
+669.2 DL 156 669.2 152 669.2 DL 160 669.2 156 669.2 DL 164 669.2 160
+669.2 DL 168 669.2 164 669.2 DL 172 669.2 168 669.2 DL 176 669.2 172
+669.2 DL 180 669.2 176 669.2 DL 184 669.2 180 669.2 DL 188 669.2 184
+669.2 DL 192 669.2 188 669.2 DL 196 669.2 192 669.2 DL 200 669.2 196
+669.2 DL 204 669.2 200 669.2 DL 208 669.2 204 669.2 DL 212 669.2 208
+669.2 DL 216 669.2 212 669.2 DL/F4 5/Times-Roman@0 SF(12)93.6 679.6 Q/F5
+8/Times-Roman@0 SF .497(That is, it sets its ef)3.2 J(fecti)-.2 E .737
+-.12(ve u)-.2 H .497(id to the real uid; thus, if you are e).12 F -.12
+(xe)-.12 G .497(cuting as root, as from root').12 F 2.497(sc)-.44 G .497
+(rontab \214le or during system)-2.497 F
+(startup the root permissions will still be honored.)72 692.4 Q 0 Cg EP
%%Page: 26 22
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d32362053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-2.5<332e382e2054>87 96 R
-<657374696e6720436f6e8c6775726174696f6e2046696c6573>-.92 E/F1 10
-/Times-Roman@0 SF .643<5768656e20796f752062>127 112.2 R .644<75696c6420
-6120636f6e8c6775726174696f6e207461626c652c20796f752063616e20646f20612063
-65727461696e20616d6f756e74206f662074657374696e67207573696e67207468652099
-74657374>-.2 F<6d6f64659a206f66>102 124.2 Q/F2 10/Times-Italic@0 SF
-<73656e646d61696c>2.5 E F1 5<2e46>C<6f722065>-5.15 E
-<78616d706c652c20796f7520636f756c6420696e>-.15 E -.2<766f>-.4 G -.1
-<6b65>.2 G F2<73656e646d61696c>2.6 E F1<61733a>2.5 E
-<73656e646d61696c20ad627420ad43746573742e6366>142 140.4 Q .448
-<77686963682077>102 156.6 R .448<6f756c6420726561642074686520636f6e8c67
-75726174696f6e208c6c652099746573742e63669a20616e6420656e7465722074657374
-206d6f64652e>-.1 F .447
-<496e2074686973206d6f64652c20796f7520656e746572206c696e6573>5.447 F
-<6f662074686520666f726d3a>102 168.6 Q<72777365742061646472657373>142
-184.8 Q<7768657265>102 201 Q F2<7277736574>3.006 E F1 .506
-<697320746865207265>3.006 F .506<77726974696e672073657420796f752077>-.25
-F .506<616e7420746f2075736520616e64>-.1 F F2<61646472>3.007 E<657373>
--.37 E F1 .507
-<697320616e206164647265737320746f206170706c79207468652073657420746f2e>
-3.007 F -.7<5465>5.507 G<7374>.7 E .794<6d6f64652073686f>102 213 R .794
-<777320796f75207468652073746570732069742074616b>-.25 F .794
-<65732061732069742070726f63656564732c208c6e616c6c792073686f>-.1 F .794<
-77696e6720796f7520746865206164647265737320697420656e64732075702077697468
-2e>-.25 F -1.1<596f>102 225 S 3.331<756d>1.1 G .832<61792075736520612063
-6f6d6d6120736570617261746564206c697374206f662072777365747320666f72207365
-7175656e7469616c206170706c69636174696f6e206f662072756c657320746f20616e20
-696e7075742e>-3.331 F -.15<466f>5.832 G<72>.15 E -.15<6578>102 237 S
-<616d706c653a>.15 E<332c312c32312c34206d6f6e65743a626f6c6c617264>142
-253.2 Q .622<8c727374206170706c6965732072756c6573657420746872656520746f
-2074686520696e70757420996d6f6e65743a626f6c6c6172642e>102 269.4 R 5.622
-<9a52>-.7 G .622<756c65736574206f6e65206973207468656e206170706c69656420
-746f20746865206f7574707574206f66>-5.622 F
-<72756c657365742074687265652c20666f6c6c6f>102 281.4 Q<7765642073696d696c
-61726c792062792072756c6573657473207477656e74792d6f6e6520616e6420666f7572>
--.25 E<2e>-.55 E 1.084<496620796f75206e656564206d6f72652064657461696c2c
-20796f752063616e20616c736f20757365207468652099ad6432319a208d616720746f20
-7475726e206f6e206d6f726520646562>127 297.6 R 3.585<756767696e672e2046>
--.2 F<6f72>-.15 E -.15<6578>102 309.6 S<616d706c652c>.15 E
-<73656e646d61696c20ad627420ad6432312e3939>142 325.8 Q .689<7475726e7320
-6f6e20616e20696e6372656469626c6520616d6f756e74206f6620696e666f726d617469
-6f6e3b20612073696e676c652077>102 342 R .688<6f72642061646472657373206973
-2070726f6261626c7920676f696e6720746f207072696e74206f7574>-.1 F<7365>102
-354 Q -.15<7665>-.25 G<72616c2070616765732077>.15 E
-<6f727468206f6620696e666f726d6174696f6e2e>-.1 E -1.1<596f>127 370.2 S
-2.574<7573>1.1 G .074<686f756c642062652077>-2.574 F .074
-<61726e6564207468617420696e7465726e616c6c79>-.1 F<2c>-.65 E F2
-<73656e646d61696c>2.575 E F1 .075
-<6170706c6965732072756c65736574203320746f20616c6c206164647265737365732e>
-2.575 F .075<496e2074657374206d6f6465>5.075 F<796f752077696c6c206861>102
-382.2 Q .3 -.15<76652074>-.2 H 2.5<6f64>.15 G 2.5<6f74>-2.5 G
-<686174206d616e75616c6c79>-2.5 E 5<2e46>-.65 G<6f722065>-5.15 E
-<78616d706c652c206f6c6465722076>-.15 E<657273696f6e7320616c6c6f>-.15 E
-<77656420796f7520746f20757365>-.25 E 2.5<3062>142 398.4 S
-<727563654062726f6164636173742e736f6e>-2.5 E -.65<792e>-.15 G<636f6d>.65
-E<546869732076>102 414.6 Q
-<657273696f6e207265717569726573207468617420796f75207573653a>-.15 E
-<332c302062727563654062726f6164636173742e736f6e>142 430.8 Q -.65<792e>
--.15 G<636f6d>.65 E<4173206f662076>127 451.2 Q
-<657273696f6e20382e372c20736f6d65206f746865722073796e746178>-.15 E
-<6573206172652061>-.15 E -.25<7661>-.2 G
-<696c61626c6520696e2074657374206d6f64653a>.25 E -.834<2e4420782076>102
-467.4 R 30.038<616c75652064658c6e6573>-.25 F<6d6163726f>2.953 E F2<78>
-2.953 E F1 .453<746f206861>2.953 F .752 -.15<76652074>-.2 H .452
-<686520696e64696361746564>.15 F F2<76616c7565>2.952 E F1 5.452<2e54>C
-.452<6869732069732075736566756c207768656e20646562>-5.452 F .452
-<756767696e672072756c6573>-.2 F<746861742075736520746865>174 479.4 Q F0
-<2426>2.5 E F2<78>A F1<73796e7461782e>2.5 E -.834<2e4320632076>102 495.6
-R 31.148<616c75652061646473>-.25 F<74686520696e64696361746564>2.5 E F2
-<76616c7565>2.5 E F1<746f20636c617373>2.5 E F2<63>2.5 E F1<2e>A -.834
-<3d532072756c65736574>102 511.8 R<64756d70732074686520636f6e74656e747320
-6f662074686520696e646963617465642072756c657365742e>32.474 E -.834
-<ad6420646562>102 528 R 11.854<75672d73706563206973>-.2 F<65717569>2.5 E
--.25<7661>-.25 G
-<6c656e7420746f2074686520636f6d6d616e642d6c696e65208d61672e>.25 E -1.11
-<5665>102 544.2 S
-<7273696f6e20382e3920696e74726f6475636564206d6f72652066656174757265733a>
-1.11 E 67.56<3f73>102 560.4 S<686f>-67.56 E
-<777320612068656c70206d6573736167652e>-.25 E 54.97<3d4d20646973706c6179>
-102 576.6 R<746865206b6e6f>2.5 E<776e206d61696c6572732e>-.25 E 56.72
-<246d207072696e74>102 592.8 R<7468652076>2.5 E
-<616c7565206f66206d6163726f206d2e>-.25 E 54.42<243d63207072696e74>102
-609 R<74686520636f6e74656e7473206f6620636c61737320632e>2.5 E
-<2f6d7820686f7374>102 625.2 Q
-<72657475726e7320746865204d58207265636f72647320666f722060686f7374272e>
-37.27 E<2f70617273652061646472657373>102 641.4 Q
-<706172736520616464726573732c2072657475726e696e67207468652076>15.63 E
-<616c7565206f66>-.25 E F2<6372>2.5 E<6163>-.15 E<6b61646472>-.2 E F1 2.5
-<2c61>C<6e64207468652070617273656420616464726573732e>-2.5 E
-<2f747279206d61696c65722061646472>102 657.6 Q<7265>9.79 E<77726974652061
-64647265737320696e746f2074686520666f726d2069742077696c6c206861>-.25 E .3
--.15<76652077>-.2 H<68656e2070726573656e74656420746f2074686520696e646963
-61746564206d61696c6572>.15 E<2e>-.55 E<2f7472798d616773208d616773>102
-673.8 Q 1.005<736574208d61677320757365642062792070617273696e672e>17.83 F
-1.005<546865208d6167732063616e2062652060482720666f7220486561646572206f72
-2060452720666f7220456e>6.005 F -.15<7665>-.4 G<6c6f70652c>.15 E .62<616e
-642060532720666f722053656e646572206f722060522720666f7220526563697069656e
-742e>174 685.8 R .62<54686573652063616e20626520636f6d62696e65642c206048
-52272073657473208d616773>5.62 F
-<666f722068656164657220726563697069656e74732e>174 697.8 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-26 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(/usr/sbin/sendmail \255X /tmp/traf)142 96 Q(\214c \255bd)-.25 E
+(will log all traf)102 112.2 Q(\214c in the \214le)-.25 E/F2 10
+/Times-Italic@0 SF(/tmp/tr)2.5 E(af)-.15 E<8c63>-.18 E F1(.)A .997
+(This logs a lot of data v)127 128.4 R .997(ery quickly and should)-.15
+F F0(NEVER)3.497 E F1 .998(be used during normal operations.)3.498 F
+.963(After starting up such a daemon, force the errant implementation t\
+o send a message to your host.)102 140.4 R .608(All message traf)102
+152.4 R .608(\214c in and out of)-.25 F F2(sendmail)3.109 E F1 3.109(,i)
+C .609(ncluding the incoming SMTP traf)-3.109 F .609
+(\214c, will be logged in)-.25 F(this \214le.)102 164.4 Q F0 2.5(3.8. T)
+87 188.4 R(esting Con\214guration Files)-.92 E F1 .644(When you b)127
+204.6 R .644(uild a con\214guration table, you can do a certain amount \
+of testing using the \231test)-.2 F(mode\232 of)102 216.6 Q F2(sendmail)
+2.5 E F1 5(.F)C(or e)-5.15 E(xample, you could in)-.15 E -.2(vo)-.4 G
+-.1(ke).2 G F2(sendmail)2.6 E F1(as:)2.5 E(sendmail \255bt \255Ctest.cf)
+142 232.8 Q .447(which w)102 249 R .447(ould read the con\214guration \
+\214le \231test.cf\232 and enter test mode.)-.1 F .448
+(In this mode, you enter lines)5.448 F(of the form:)102 261 Q
+(rwset address)142 277.2 Q(where)102 293.4 Q F2(rwset)3.007 E F1 .507
+(is the re)3.007 F .507(writing set you w)-.25 F .507(ant to use and)-.1
+F F2(addr)3.006 E(ess)-.37 E F1 .506(is an address to apply the set to.)
+3.006 F -.7(Te)5.506 G(st).7 E .793(mode sho)102 305.4 R .794
+(ws you the steps it tak)-.25 F .794(es as it proceeds, \214nally sho)
+-.1 F .794(wing you the address it ends up with.)-.25 F -1.1(Yo)102
+317.4 S 3.332(um)1.1 G .832(ay use a comma separated list of rwsets for\
+ sequential application of rules to an input.)-3.332 F -.15(Fo)5.831 G
+(r).15 E -.15(ex)102 329.4 S(ample:).15 E(3,1,21,4 monet:bollard)142
+345.6 Q .622
+(\214rst applies ruleset three to the input \231monet:bollard.)102 361.8
+R 5.622<9a52>-.7 G .622(uleset one is then applied to the output of)
+-5.622 F(ruleset three, follo)102 373.8 Q
+(wed similarly by rulesets twenty-one and four)-.25 E(.)-.55 E 1.084(If\
+ you need more detail, you can also use the \231\255d21\232 \215ag to t\
+urn on more deb)127 390 R 3.584(ugging. F)-.2 F(or)-.15 E -.15(ex)102
+402 S(ample,).15 E(sendmail \255bt \255d21.99)142 418.2 Q .689
+(turns on an incredible amount of information; a single w)102 434.4 R
+.689(ord address is probably going to print out)-.1 F(se)102 446.4 Q
+-.15(ve)-.25 G(ral pages w).15 E(orth of information.)-.1 E -1.1(Yo)127
+462.6 S 2.575(us)1.1 G .075(hould be w)-2.575 F .075
+(arned that internally)-.1 F(,)-.65 E F2(sendmail)2.575 E F1 .075
+(applies ruleset 3 to all addresses.)2.575 F .074(In test mode)5.074 F
+(you will ha)102 474.6 Q .3 -.15(ve t)-.2 H 2.5(od).15 G 2.5(ot)-2.5 G
+(hat manually)-2.5 E 5(.F)-.65 G(or e)-5.15 E(xample, older v)-.15 E
+(ersions allo)-.15 E(wed you to use)-.25 E 2.5(0b)142 490.8 S
+(ruce@broadcast.son)-2.5 E -.65(y.)-.15 G(com).65 E(This v)102 507 Q
+(ersion requires that you use:)-.15 E(3,0 bruce@broadcast.son)142 523.2
+Q -.65(y.)-.15 G(com).65 E(As of v)127 543.6 Q
+(ersion 8.7, some other syntax)-.15 E(es are a)-.15 E -.25(va)-.2 G
+(ilable in test mode:).25 E -.834(.D x v)102 559.8 R 30.038
+(alue de\214nes)-.25 F(macro)2.952 E F2(x)2.952 E F1 .452(to ha)2.952 F
+.752 -.15(ve t)-.2 H .452(he indicated).15 F F2(value)2.952 E F1 5.452
+(.T)C .453(his is useful when deb)-5.452 F .453(ugging rules)-.2 F
+(that use the)174 571.8 Q F0($&)2.5 E F2(x)A F1(syntax.)2.5 E -.834
+(.C c v)102 588 R 31.148(alue adds)-.25 F(the indicated)2.5 E F2(value)
+2.5 E F1(to class)2.5 E F2(c)2.5 E F1(.)A -.834(=S ruleset)102 604.2 R
+(dumps the contents of the indicated ruleset.)32.474 E -.834(\255d deb)
+102 620.4 R 11.854(ug-spec is)-.2 F(equi)2.5 E -.25(va)-.25 G
+(lent to the command-line \215ag.).25 E -1.11(Ve)102 636.6 S
+(rsion 8.9 introduced more features:)1.11 E 67.56(?s)102 652.8 S(ho)
+-67.56 E(ws a help message.)-.25 E 54.97(=M display)102 669 R(the kno)
+2.5 E(wn mailers.)-.25 E 56.72($m print)102 685.2 R(the v)2.5 E
+(alue of macro m.)-.25 E 54.42($=c print)102 701.4 R
+(the contents of class c.)2.5 E 0 Cg EP
%%Page: 27 23
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3237>195.86 E
-/F1 10/Times-Roman@0 SF<2f63616e6f6e20686f73746e616d65>102 96 Q
-<74727920746f2063616e6f6e69667920686f73746e616d652e>4.51 E
-<2f6d6170206d61706e616d65206b>102 112.2 Q -.15<6579>-.1 G
-<6c6f6f6b20757020606b>174 124.2 Q -.15<6579>-.1 G 2.5<2769>.15 G 2.5
-<6e74>-2.5 G<686520696e6469636174656420606d61706e616d65272e>-2.5 E 51.16
-<2f717569742071756974>102 140.4 R<616464726573732074657374206d6f64652e>
-2.5 E F0 2.5<332e392e2050>87 156.6 R
-<657273697374656e7420486f73742053746174757320496e66>-.2 E
-<6f726d6174696f6e>-.25 E F1<5768656e>127 172.8 Q F0
-<486f7374537461747573446972>2.569 E<6563746f7279>-.18 E F1 .069<69732065
-6e61626c65642c20696e666f726d6174696f6e2061626f75742074686520737461747573
-206f6620686f737473206973206d61696e7461696e6564206f6e>2.569 F .249<646973
-6b20616e642063616e207468757320626520736861726564206265747765656e20646966>
-102 184.8 R .249<666572656e7420696e7374616e74696174696f6e73206f66>-.25 F
-/F2 10/Times-Italic@0 SF<73656e646d61696c>2.749 E F1 5.249<2e54>C .248
-<686520737461747573206f6620746865206c61737420636f6e2d>-5.249 F<6e656374
-696f6e207769746820656163682072656d6f746520686f7374206d617920626520766965>
-102 196.8 Q<77656420776974682074686520636f6d6d616e643a>-.25 E
-<73656e646d61696c20ad6268>142 213 Q<5468697320696e666f726d6174696f6e206d
-6179206265208d757368656420776974682074686520636f6d6d616e643a>102 229.2 Q
-<73656e646d61696c20ad6248>142 245.4 Q 1.534
-<466c757368696e672074686520696e666f726d6174696f6e20707265>102 261.6 R
--.15<7665>-.25 G 1.534<6e7473206e65>.15 F<77>-.25 E F2<73656e646d61696c>
-4.034 E F1 1.535
-<70726f6365737365732066726f6d206c6f6164696e672069742c2062>4.035 F 1.535
-<757420646f6573206e6f7420707265>-.2 F -.15<7665>-.25 G<6e74>.15 E -.15
-<6578>102 273.6 S<697374696e672070726f6365737365732066726f6d207573696e67
-207468652073746174757320696e666f726d6174696f6e207468617420746865>.15 E
-2.5<7961>-.15 G<6c7265616479206861>-2.5 E -.15<7665>-.2 G<2e>.15 E F0
-2.5<342e2054554e494e47>72 297.6 R F1 1.922<5468657265206172652061206e75
-6d626572206f6620636f6e8c6775726174696f6e20706172616d657465727320796f7520
-6d61792077>112 313.8 R 1.922
-<616e7420746f206368616e67652c20646570656e64696e67206f6e20746865>-.1 F
-.366<726571756972656d656e7473206f6620796f757220736974652e>87 325.8 R
-.367<4d6f7374206f662074686573652061726520736574207573696e6720616e206f70
-74696f6e20696e2074686520636f6e8c6775726174696f6e208c6c652e>5.366 F -.15
-<466f>5.367 G 2.867<7265>.15 G<78616d706c652c>-3.017 E
-<746865206c696e6520994f2054>87 337.8 Q<696d656f75742e717565756572657475
-726e3d35649a2073657473206f7074696f6e209954>-.35 E
-<696d656f75742e717565756572657475726e9a20746f207468652076>-.35 E
-<616c7565209935649a20288c76>-.25 E 2.5<6564>-.15 G<617973292e>-2.5 E
-.735<4d6f7374206f66207468657365206f7074696f6e73206861>112 354 R 1.035
--.15<76652061>-.2 H .735<7070726f70726961746520646566>.15 F .735
-<61756c747320666f72206d6f73742073697465732e>-.1 F<486f>5.735 E<7765>-.25
-E -.15<7665>-.25 G 1.535 -.4<722c2073>.15 H .735<69746573206861>.4 F
-.735<76696e672076>-.2 F .735<6572792068696768>-.15 F .045
-<6d61696c206c6f616473206d6179208c6e6420746865>87 366 R 2.545<796e>-.15 G
-.046<65656420746f2074756e65207468656d20617320617070726f7072696174652066
-6f72207468656972206d61696c206c6f61642e>-2.545 F .046
-<496e20706172746963756c6172>5.046 F 2.546<2c73>-.4 G .046<697465732065>
--2.546 F<78706572692d>-.15 E 1.088<656e63696e672061206c6172>87 378 R
-1.088<6765206e756d626572206f6620736d616c6c206d657373616765732c206d616e>
--.18 F 3.588<796f>-.15 G 3.587<6677>-3.588 G 1.087
-<68696368206172652064656c69>-3.587 F -.15<7665>-.25 G 1.087
-<72656420746f206d616e>.15 F 3.587<7972>-.15 G 1.087
-<6563697069656e74732c206d6179208c6e64>-3.587 F<7468617420746865>87 390 Q
-2.5<796e>-.15 G<65656420746f2061646a7573742074686520706172616d6574657273
-206465616c696e672077697468207175657565207072696f7269746965732e>-2.5 E
-.523<416c6c2076>112 406.2 R .523<657273696f6e73206f66>-.15 F F2
-<73656e646d61696c>3.023 E F1 .524<7072696f7220746f20382e3720686164207369
-6e676c6520636861726163746572206f7074696f6e206e616d65732e>3.023 F .524
-<4173206f6620382e372c206f7074696f6e73206861>5.524 F -.15<7665>-.2 G
-1.216<6c6f6e6720286d756c74692d636861726163746572206e616d6573292e>87
-418.2 R 1.216<416c74686f756768206f6c642073686f7274206e616d65732061726520
-7374696c6c2061636365707465642c206d6f7374206e65>6.216 F 3.715<776f>-.25 G
-1.215<7074696f6e7320646f206e6f74>-3.715 F<6861>87 430.2 Q .3 -.15
-<76652073>-.2 H<686f72742065717569>.15 E -.25<7661>-.25 G<6c656e74732e>
-.25 E .802<546869732073656374696f6e206f6e6c7920646573637269626573207468
-65206f7074696f6e7320796f7520617265206d6f7374206c696b>112 446.4 R .802
-<656c7920746f2077>-.1 F .802
-<616e7420746f20747765616b3b20726561642073656374696f6e203520666f72>-.1 F
-<6d6f72652064657461696c732e>87 458.4 Q F0 2.5<342e312e2054>87 482.4 R
-<696d656f757473>-.18 E F1 .583<416c6c2074696d6520696e74657276>127 498.6
-R .583
-<616c732061726520736574207573696e672061207363616c65642073796e7461782e>
--.25 F -.15<466f>5.583 G 3.083<7265>.15 G .583<78616d706c652c209931306d
-9a20726570726573656e74732074656e206d696e757465732c>-3.233 F
-<776865726561732099326833306d9a20726570726573656e7473207477>102 510.6 Q
-2.5<6f61>-.1 G<6e6420612068616c6620686f7572732e>-2.5 E
-<5468652066756c6c20736574206f66207363616c65732069733a>5 E 16.11<7373>142
-526.8 S<65636f6e6473>-16.11 E 12.22<6d6d>142 538.8 S<696e75746573>-12.22
-E 15<6868>142 550.8 S<6f757273>-15 E 15<6464>142 562.8 S<617973>-15 E
-12.78<7777>142 574.8 S<65656b73>-12.78 E F0 2.5
-<342e312e312e205175657565>102 603 R<696e746572>2.5 E -.1<7661>-.1 G<6c>
-.1 E F1 .18<546865206172>142 619.2 R .18<67756d656e7420746f20746865>-.18
-F F0<ad71>2.68 E F1 .18<8d61672073706563698c657320686f>2.68 F 2.68<776f>
--.25 G .18<6674656e2061207375622d6461656d6f6e2077696c6c2072756e20746865
-2071756575652e>-2.68 F .18<54686973206973>5.18 F .793<7479706963616c6c79
-2073657420746f206265747765656e208c667465656e206d696e7574657320616e64206f
-6e6520686f7572>117 631.2 R 5.793<2e49>-.55 G 3.293<666e>-5.793 G .793<6f
-74207365742c206f722073657420746f207a65726f2c207468652071756575652077696c
-6c>-3.293 F .048<6e6f742062652072756e206175746f6d61746963616c6c79>117
-643.2 R 5.048<2e52>-.65 G .048<464320313132332073656374696f6e20352e332e
-312e31207265636f6d6d656e647320746861742074686973206265206174206c65617374
-203330206d696e757465732e>-5.048 F .501<53686f756c6420796f75206e65656420
-746f207465726d696e61746520746865207175657565206a6f62732063757272656e746c
-792061637469>117 655.2 R .801 -.15<76652074>-.25 H .5
-<68656e2061205349475445524d20746f2074686520706172656e74206f66>.15 F<7468
-652070726f6365737320286f722070726f636573736573292077696c6c20636c65616e6c
-792073746f7020746865206a6f62732e>117 667.2 Q F0 2.5
-<342e312e322e2052656164>102 691.2 R<74696d656f757473>2.5 E F1 -.35<5469>
-142 707.4 S .297<6d656f75747320616c6c206861>.35 F .597 -.15<7665206f>-.2
-H .297<7074696f6e206e616d6573209954>.15 F<696d656f75742e>-.35 E F2
-<7375626f7074696f6e>A F1 2.797<9a2e204d6f7374>B .298
-<6f6620746865736520636f6e74726f6c20534d5450206f706572>2.797 F<2d>-.2 E
-3.899<6174696f6e732e20546865>117 719.4 R<7265636f676e697a6564>3.899 E F2
-<7375626f7074696f6e>3.899 E F1 1.399<732c20746865697220646566>B 1.398
-<61756c742076>-.1 F 1.398
-<616c7565732c20616e6420746865206d696e696d756d2076>-.25 F 1.398
-<616c75657320616c6c6f>-.25 F 1.398<776564206279>-.25 F 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-27)195.86 E/F1 10/Times-Roman@0 SF(/mx host)102 96 Q
+(returns the MX records for `host'.)37.27 E(/parse address)102 112.2 Q
+(parse address, returning the v)15.63 E(alue of)-.25 E/F2 10
+/Times-Italic@0 SF(cr)2.5 E(ac)-.15 E(kaddr)-.2 E F1 2.5(,a)C
+(nd the parsed address.)-2.5 E(/try mailer addr)102 128.4 Q(re)9.79 E
+(write address into the form it will ha)-.25 E .3 -.15(ve w)-.2 H
+(hen presented to the indicated mailer).15 E(.)-.55 E
+(/try\215ags \215ags)102 144.6 Q 1.006(set \215ags used by parsing.)
+17.83 F 1.005(The \215ags can be `H' for Header or `E' for En)6.006 F
+-.15(ve)-.4 G(lope,).15 E .62(and `S' for Sender or `R' for Recipient.)
+174 156.6 R .62(These can be combined, `HR' sets \215ags)5.62 F
+(for header recipients.)174 168.6 Q(/canon hostname)102 184.8 Q
+(try to canonify hostname.)4.51 E(/map mapname k)102 201 Q -.15(ey)-.1 G
+(look up `k)174 213 Q -.15(ey)-.1 G 2.5('i).15 G 2.5(nt)-2.5 G
+(he indicated `mapname'.)-2.5 E 51.16(/quit quit)102 229.2 R
+(address test mode.)2.5 E F0 2.5(3.9. P)87 245.4 R
+(ersistent Host Status Inf)-.2 E(ormation)-.25 E F1(When)127 261.6 Q F0
+(HostStatusDir)2.57 E(ectory)-.18 E F1 .069
+(is enabled, information about the status of hosts is maintained on)2.57
+F .248(disk and can thus be shared between dif)102 273.6 R .249
+(ferent instantiations of)-.25 F F2(sendmail)2.749 E F1 5.249(.T)C .249
+(he status of the last con-)-5.249 F
+(nection with each remote host may be vie)102 285.6 Q
+(wed with the command:)-.25 E(sendmail \255bh)142 301.8 Q
+(This information may be \215ushed with the command:)102 318 Q
+(sendmail \255bH)142 334.2 Q 1.535(Flushing the information pre)102
+350.4 R -.15(ve)-.25 G 1.535(nts ne).15 F(w)-.25 E F2(sendmail)4.035 E
+F1 1.535(processes from loading it, b)4.035 F 1.534(ut does not pre)-.2
+F -.15(ve)-.25 G(nt).15 E -.15(ex)102 362.4 S
+(isting processes from using the status information that the).15 E 2.5
+(ya)-.15 G(lready ha)-2.5 E -.15(ve)-.2 G(.).15 E F0 2.5(4. TUNING)72
+386.4 R F1 1.922
+(There are a number of con\214guration parameters you may w)112 402.6 R
+1.922(ant to change, depending on the)-.1 F .367
+(requirements of your site.)87 414.6 R .366
+(Most of these are set using an option in the con\214guration \214le.)
+5.367 F -.15(Fo)5.366 G 2.866(re).15 G(xample,)-3.016 E
+(the line \231O T)87 426.6 Q
+(imeout.queuereturn=5d\232 sets option \231T)-.35 E
+(imeout.queuereturn\232 to the v)-.35 E(alue \2315d\232 \(\214v)-.25 E
+2.5(ed)-.15 G(ays\).)-2.5 E .735(Most of these options ha)112 442.8 R
+1.035 -.15(ve a)-.2 H .735(ppropriate def).15 F .735
+(aults for most sites.)-.1 F(Ho)5.735 E(we)-.25 E -.15(ve)-.25 G 1.535
+-.4(r, s).15 H .735(ites ha).4 F .735(ving v)-.2 F .735(ery high)-.15 F
+.046(mail loads may \214nd the)87 454.8 R 2.546(yn)-.15 G .046
+(eed to tune them as appropriate for their mail load.)-2.546 F .045
+(In particular)5.045 F 2.545(,s)-.4 G .045(ites e)-2.545 F(xperi-)-.15 E
+1.087(encing a lar)87 466.8 R 1.087(ge number of small messages, man)
+-.18 F 3.587(yo)-.15 G 3.588(fw)-3.587 G 1.088(hich are deli)-3.588 F
+-.15(ve)-.25 G 1.088(red to man).15 F 3.588(yr)-.15 G 1.088
+(ecipients, may \214nd)-3.588 F(that the)87 478.8 Q 2.5(yn)-.15 G
+(eed to adjust the parameters dealing with queue priorities.)-2.5 E .524
+(All v)112 495 R .524(ersions of)-.15 F F2(sendmail)3.024 E F1 .524
+(prior to 8.7 had single character option names.)3.024 F .523
+(As of 8.7, options ha)5.524 F -.15(ve)-.2 G 1.215
+(long \(multi-character names\).)87 507 R 1.216
+(Although old short names are still accepted, most ne)6.215 F 3.716(wo)
+-.25 G 1.216(ptions do not)-3.716 F(ha)87 519 Q .3 -.15(ve s)-.2 H
+(hort equi).15 E -.25(va)-.25 G(lents.).25 E .802
+(This section only describes the options you are most lik)112 535.2 R
+.802(ely to w)-.1 F .801(ant to tweak; read section 5 for)-.1 F
+(more details.)87 547.2 Q F0 2.5(4.1. T)87 571.2 R(imeouts)-.18 E F1
+.582(All time interv)127 587.4 R .583
+(als are set using a scaled syntax.)-.25 F -.15(Fo)5.583 G 3.083(re).15
+G .583(xample, \23110m\232 represents ten minutes,)-3.233 F
+(whereas \2312h30m\232 represents tw)102 599.4 Q 2.5(oa)-.1 G
+(nd a half hours.)-2.5 E(The full set of scales is:)5 E 16.11(ss)142
+615.6 S(econds)-16.11 E 12.22(mm)142 627.6 S(inutes)-12.22 E 15(hh)142
+639.6 S(ours)-15 E 15(dd)142 651.6 S(ays)-15 E 12.78(ww)142 663.6 S
+(eeks)-12.78 E F0 2.5(4.1.1. Queue)102 691.8 R(inter)2.5 E -.1(va)-.1 G
+(l).1 E F1 .18(The ar)142 708 R .18(gument to the)-.18 F F0<ad71>2.68 E
+F1 .18(\215ag speci\214es ho)2.68 F 2.68(wo)-.25 G .18
+(ften a sub-daemon will run the queue.)-2.68 F .18(This is)5.18 F .792
+(typically set to between \214fteen minutes and one hour)117 720 R 5.793
+(.I)-.55 G 3.293(fn)-5.793 G .793
+(ot set, or set to zero, the queue will)-3.293 F 0 Cg EP
%%Page: 28 24
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d32382053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<52464320323832312073656374696f6e20342e352e332e32
-20286f722052464320313132332073656374696f6e20352e332e3229206172653a>117
-96 Q 38.4<636f6e6e65637420546865>117 112.2 R .16<74696d6520746f2077>2.66
-F .161<61697420666f7220616e20534d545020636f6e6e656374696f6e20746f206f70
-656e2028746865>-.1 F/F2 10/Times-Italic@0 SF<636f6e6e656374>2.661 E F1
-.161<2832292073797374656d2063616c6c29>B 1.154
-<5b302c20756e73706563698c65645d2e>189 124.2 R 1.153
-<4966207a65726f2c207573657320746865206b>6.153 F 1.153
-<65726e656c20646566>-.1 F 3.653<61756c742e20496e>-.1 F 1.153
-<6e6f20636173652063616e2074686973206f7074696f6e>3.653 F -.15<6578>189
-136.2 S .518
-<74656e64207468652074696d656f7574206c6f6e676572207468616e20746865206b>
-.15 F .518<65726e656c2070726f>-.1 F .519<76696465732c2062>-.15 F .519
-<75742069742063616e2073686f7274656e2069742e>-.2 F<54686973>5.519 E .58
-<697320746f206765742061726f756e64206b>189 148.2 R .579
-<65726e656c7320746861742070726f>-.1 F .579<7669646520616e20616273757264
-6c79206c6f6e6720636f6e6e656374696f6e2074696d656f757420283930>-.15 F
-<6d696e7574657320696e206f6e652063617365292e>189 160.2 Q 35.62
-<69636f6e6e65637420546865>117 176.4 R .31<73616d65206173>2.81 F F2
-<636f6e6e6563742c>2.81 E F1 -.15<6578>2.81 G .311<6365707420697420617070
-6c696573206f6e6c7920746f2074686520696e697469616c20617474656d707420746f20
-636f6e6e65637420746f>.15 F 2.75<6168>189 188.4 S .25
-<6f737420666f722061206769>-2.75 F -.15<7665>-.25 G 2.75<6e6d>.15 G .25
-<657373616765205b302c20756e73706563698c65645d2e>-2.75 F .25
-<54686520636f6e63657074206973207468617420746869732073686f756c64206265>
-5.25 F -.15<7665>189 200.4 S .766<72792073686f7274202861206665>.15 F
-3.266<7773>-.25 G .767<65636f6e6473293b20686f73747320746861742061726520
-77656c6c20636f6e6e656374656420616e6420726573706f6e7369>-3.266 F 1.067
--.15<76652077>-.25 H<696c6c>.15 E .027
-<7468757320626520736572766963656420696d6d6564696174656c79>189 212.4 R
-5.026<2e48>-.65 G .026<6f73747320746861742061726520736c6f>-5.026 F 2.526
-<7777>-.25 G .026<696c6c206e6f7420686f6c64207570206f746865722064656c69>
--2.526 F<762d>-.25 E<657269657320696e2074686520696e697469616c2064656c69>
-189 224.4 Q -.15<7665>-.25 G<727920617474656d70742e>.15 E 33.96
-<61636f6e6e656374205b302c>117 240.6 R 1.707
-<756e73706563698c65645d20546865206f>4.207 F -.15<7665>-.15 G 1.707
-<72616c6c2074696d656f75742077>.15 F 1.707<616974696e6720666f7220616c6c20
-636f6e6e656374696f6e20666f7220612073696e676c65>-.1 F<64656c69>189 252.6
-Q -.15<7665>-.25 G .153<727920617474656d707420746f20737563636565642e>.15
-F .152<496620302c206e6f206f>5.152 F -.15<7665>-.15 G .152
-<72616c6c206c696d6974206973206170706c6965642e>.15 F .152
-<546869732063616e2062652075736564>5.152 F .521<746f20726573747269637420
-74686520746f74616c20616d6f756e74206f662074696d6520747279696e6720746f2063
-6f6e6e65637420746f2061206c6f6e67206c697374206f6620686f73742074686174>189
-264.6 R .514<636f756c642061636365707420616e20652d6d61696c20666f72207468
-6520726563697069656e742e>189 276.6 R .514
-<546869732074696d656f757420646f6573206e6f74206170706c7920746f>5.514 F F0
--.25<4661>3.013 G<6c6c2d>.25 E<6261636b4d58686f7374>189 288.6 Q F1 2.677
-<2c69>C .177<2e652e2c206966207468652074696d652069732065>-2.677 F .177
-<78686175737465642c20746865>-.15 F F0 -.25<4661>2.677 G
-<6c6c6261636b4d58686f7374>.25 E F1 .178<6973207472696564206e65>2.678 F
-<78742e>-.15 E 46.16<696e697469616c20546865>117 304.8 R -.1<7761>2.5 G<
-697420666f722074686520696e697469616c20323230206772656574696e67206d657373
-616765205b356d2c20356d5d2e>.1 E 52.28<68656c6f20546865>117 321 R -.1
-<7761>4.227 G 1.727<697420666f722061207265706c792066726f6d20612048454c4f
-206f722045484c4f20636f6d6d616e64205b356d2c20756e73706563698c65645d2e>.1
-F .1<54686973206d61792072657175697265206120686f7374206e616d65206c6f6f6b
-75702c20736f208c76>189 333 R 2.6<656d>-.15 G .1
-<696e757465732069732070726f6261626c79206120726561736f6e61626c65>-2.6 F
-<6d696e696d756d2e>189 345 Q 46.72<6d61696c8720546865>117 361.2 R -.1
-<7761>2.5 G<697420666f722061207265706c792066726f6d2061204d41494c20636f6d
-6d616e64205b31306d2c20356d5d2e>.1 E 48.95<726370748720546865>117 377.4 R
--.1<7761>3.482 G .982<697420666f722061207265706c792066726f6d206120524350
-5420636f6d6d616e64205b31682c20356d5d2e>.1 F .981
-<546869732073686f756c64206265206c6f6e67>5.981 F 1.556<626563617573652069
-7420636f756c6420626520706f696e74696e672061742061206c69737420746861742074
-616b>189 389.4 R 1.556<65732061206c6f6e672074696d6520746f2065>-.1 F
-1.556<7870616e642028736565>-.15 F<62656c6f>189 401.4 Q<77292e>-.25 E
-34.5<64617461696e69748720546865>117 417.6 R -.1<7761>2.5 G
-<697420666f722061207265706c792066726f6d20612044>.1 E -1.21 -1.11
-<41542041>-.4 H<636f6d6d616e64205b356d2c20326d5d2e>3.61 E 20.62
-<64617461626c6f636b878820546865>117 433.8 R -.1<7761>2.696 G .196<697420
-666f722072656164696e672061206461746120626c6f636b2028746861742069732c2074
-686520626f6479206f6620746865206d657373616765292e>.1 F .196
-<5b31682c20336d5d2e>5.196 F .621<546869732073686f756c64206265206c6f6e67
-206265636175736520697420616c736f206170706c69657320746f2070726f6772616d73
-20706970696e6720696e70757420746f>189 445.8 R F2<73656e642d>3.121 E
-<6d61696c>189 457.8 Q F1<7768696368206861>2.5 E .3 -.15<7665206e>-.2 H
-2.5<6f67>.15 G<756172616e746565206f662070726f6d70746e6573732e>-2.5 E
-30.06<646174618c6e616c8720546865>117 474 R -.1<7761>2.806 G .306<697420
-666f722061207265706c792066726f6d2074686520646f74207465726d696e6174696e67
-2061206d6573736167652e>.1 F .306<5b31682c2031306d5d2e>5.306 F .306
-<49662074686973206973>5.306 F .883<73686f72746572207468616e207468652074
-696d652061637475616c6c79206e656564656420666f7220746865207265636569>189
-486 R -.15<7665>-.25 G 3.384<7274>.15 G 3.384<6f64>-3.384 G<656c69>
--3.384 E -.15<7665>-.25 G 3.384<7274>.15 G .884<6865206d6573736167652c>
--3.384 F<6475706c6963617465732077696c6c2062652067656e6572617465642e>189
-498 Q<546869732069732064697363757373656420696e2052464320313034372e>5 E
-55.06<7273657420546865>117 514.2 R -.1<7761>2.5 G<697420666f722061207265
-706c792066726f6d2061205253455420636f6d6d616e64205b356d2c20756e7370656369
-8c65645d2e>.1 E 53.94<7175697420546865>117 530.4 R -.1<7761>2.5 G
-<697420666f722061207265706c792066726f6d20612051>.1 E
-<55495420636f6d6d616e64205b326d2c20756e73706563698c65645d2e>-.1 E 50.61
-<6d69736320546865>117 546.6 R -.1<7761>2.761 G .261<697420666f7220612072
-65706c792066726f6d206d697363656c6c616e656f7573202862>.1 F .261
-<75742073686f72742920636f6d6d616e64732073756368206173204e4f4f50>-.2 F
-<286e6f2d6f7065726174696f6e2920616e6420564552422028676f20696e746f2076>
-189 558.6 Q<6572626f7365206d6f6465292e>-.15 E
-<5b326d2c20756e73706563698c65645d2e>5 E 20.06<636f6d6d616e64878820496e>
-117 574.8 R<73657276>2.5 E<657220534d5450>-.15 E 2.5<2c74>-1.11 G
-<68652074696d6520746f2077>-2.5 E
-<61697420666f7220616e6f7468657220636f6d6d616e642e>-.1 E
-<5b31682c20356d5d2e>5 E 44.5<6964656e748820546865>117 593 R
-<74696d656f75742077>2.5 E<616974696e6720666f722061207265706c7920746f2061
-6e204944454e54207175657279205b3573>-.1 E/F3 7/Times-Roman@0 SF<3133>-4 I
-F1 2.5<2c75>4 K<6e73706563698c65645d2e>-2.5 E 53.94<6c686c6f20546865>117
-609.2 R -.1<7761>2.5 G<697420666f722061207265706c7920746f20616e204c4d54
-50204c484c4f20636f6d6d616e64205b326d2c20756e73706563698c65645d2e>.1 E
-52.28<6175746820546865>117 625.4 R
-<74696d656f757420666f722061207265706c7920696e20616e20534d54502041>2.5 E
-<555448206469616c6f677565205b31306d2c20756e73706563698c65645d2e>-.55 E
-42.83<7374617274746c7320546865>117 641.6 R .141
-<74696d656f757420666f722061207265706c7920746f20616e20534d5450205354>2.64
-F<4152>-.93 E .141
-<54544c5320636f6d6d616e6420616e642074686520544c532068616e642d>-.6 F
-<7368616b>189 653.6 Q 2.5<655b>-.1 G<31682c20756e73706563698c65645d2e>
--2.5 E .32 LW 76 678.8 72 678.8 DL 80 678.8 76 678.8 DL 84 678.8 80
-678.8 DL 88 678.8 84 678.8 DL 92 678.8 88 678.8 DL 96 678.8 92 678.8 DL
-100 678.8 96 678.8 DL 104 678.8 100 678.8 DL 108 678.8 104 678.8 DL 112
-678.8 108 678.8 DL 116 678.8 112 678.8 DL 120 678.8 116 678.8 DL 124
-678.8 120 678.8 DL 128 678.8 124 678.8 DL 132 678.8 128 678.8 DL 136
-678.8 132 678.8 DL 140 678.8 136 678.8 DL 144 678.8 140 678.8 DL 148
-678.8 144 678.8 DL 152 678.8 148 678.8 DL 156 678.8 152 678.8 DL 160
-678.8 156 678.8 DL 164 678.8 160 678.8 DL 168 678.8 164 678.8 DL 172
-678.8 168 678.8 DL 176 678.8 172 678.8 DL 180 678.8 176 678.8 DL 184
-678.8 180 678.8 DL 188 678.8 184 678.8 DL 192 678.8 188 678.8 DL 196
-678.8 192 678.8 DL 200 678.8 196 678.8 DL 204 678.8 200 678.8 DL 208
-678.8 204 678.8 DL 212 678.8 208 678.8 DL 216 678.8 212 678.8 DL/F4 5
-/Times-Roman@0 SF<3133>93.6 689.2 Q/F5 8/Times-Roman@0 SF
-<4f6e20736f6d652073797374656d732074686520646566>3.2 I<61756c74206973207a
-65726f20746f207475726e207468652070726f746f636f6c206f66>-.08 E 2<6665>-.2
-G<6e746972656c79>-2 E<2e>-.52 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-28 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .048
+(not be run automatically)117 96 R 5.048(.R)-.65 G .048
+(FC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.)
+-5.048 F .5(Should you need to terminate the queue jobs currently acti)
+117 108 R .801 -.15(ve t)-.25 H .501(hen a SIGTERM to the parent of).15
+F(the process \(or processes\) will cleanly stop the jobs.)117 120 Q F0
+2.5(4.1.2. Read)102 144 R(timeouts)2.5 E F1 -.35(Ti)142 160.2 S .298
+(meouts all ha).35 F .598 -.15(ve o)-.2 H .297(ption names \231T).15 F
+(imeout.)-.35 E/F2 10/Times-Italic@0 SF(suboption)A F1 2.797(\232. Most)
+B .297(of these control SMTP oper)2.797 F(-)-.2 E 3.898(ations. The)117
+172.2 R(recognized)3.898 E F2(suboption)3.898 E F1 1.398(s, their def)B
+1.398(ault v)-.1 F 1.398(alues, and the minimum v)-.25 F 1.399
+(alues allo)-.25 F 1.399(wed by)-.25 F
+(RFC 2821 section 4.5.3.2 \(or RFC 1123 section 5.3.2\) are:)117 184.2 Q
+38.4(connect The)117 200.4 R .161(time to w)2.661 F .161
+(ait for an SMTP connection to open \(the)-.1 F F2(connect)2.66 E F1 .16
+(\(2\) system call\))B 1.153([0, unspeci\214ed].)189 212.4 R 1.153
+(If zero, uses the k)6.153 F 1.153(ernel def)-.1 F 3.653(ault. In)-.1 F
+1.153(no case can this option)3.653 F -.15(ex)189 224.4 S .519
+(tend the timeout longer than the k).15 F .518(ernel pro)-.1 F .518
+(vides, b)-.15 F .518(ut it can shorten it.)-.2 F(This)5.518 E .579
+(is to get around k)189 236.4 R .579(ernels that pro)-.1 F .579
+(vide an absurdly long connection timeout \(90)-.15 F
+(minutes in one case\).)189 248.4 Q 35.62(iconnect The)117 264.6 R .311
+(same as)2.811 F F2(connect,)2.811 E F1 -.15(ex)2.811 G .311
+(cept it applies only to the initial attempt to connect to).15 F 2.75
+(ah)189 276.6 S .25(ost for a gi)-2.75 F -.15(ve)-.25 G 2.75(nm).15 G
+.25(essage [0, unspeci\214ed].)-2.75 F .25
+(The concept is that this should be)5.25 F -.15(ve)189 288.6 S .767
+(ry short \(a fe).15 F 3.267(ws)-.25 G .767
+(econds\); hosts that are well connected and responsi)-3.267 F 1.066
+-.15(ve w)-.25 H(ill).15 E .026(thus be serviced immediately)189 300.6 R
+5.026(.H)-.65 G .026(osts that are slo)-5.026 F 2.526(ww)-.25 G .026
+(ill not hold up other deli)-2.526 F(v-)-.25 E
+(eries in the initial deli)189 312.6 Q -.15(ve)-.25 G(ry attempt.).15 E
+33.96(aconnect [0,)117 328.8 R 1.708(unspeci\214ed] The o)4.208 F -.15
+(ve)-.15 G 1.707(rall timeout w).15 F 1.707
+(aiting for all connection for a single)-.1 F(deli)189 340.8 Q -.15(ve)
+-.25 G .152(ry attempt to succeed.).15 F .152(If 0, no o)5.152 F -.15
+(ve)-.15 G .152(rall limit is applied.).15 F .153(This can be used)5.152
+F .521(to restrict the total amount of time trying to connect to a long\
+ list of host that)189 352.8 R .514
+(could accept an e-mail for the recipient.)189 364.8 R .514
+(This timeout does not apply to)5.514 F F0 -.25(Fa)3.014 G(ll-).25 E
+(backMXhost)189 376.8 Q F1 2.678(,i)C .177(.e., if the time is e)-2.678
+F .177(xhausted, the)-.15 F F0 -.25(Fa)2.677 G(llbackMXhost).25 E F1
+.177(is tried ne)2.677 F(xt.)-.15 E 46.16(initial The)117 393 R -.1(wa)
+2.5 G(it for the initial 220 greeting message [5m, 5m].).1 E 52.28
+(helo The)117 409.2 R -.1(wa)4.226 G 1.727
+(it for a reply from a HELO or EHLO command [5m, unspeci\214ed].).1 F .1
+(This may require a host name lookup, so \214v)189 421.2 R 2.6(em)-.15 G
+.1(inutes is probably a reasonable)-2.6 F(minimum.)189 433.2 Q 46.72
+(mail\207 The)117 449.4 R -.1(wa)2.5 G
+(it for a reply from a MAIL command [10m, 5m].).1 E 48.95(rcpt\207 The)
+117 465.6 R -.1(wa)3.481 G .981
+(it for a reply from a RCPT command [1h, 5m].).1 F .982
+(This should be long)5.982 F 1.556
+(because it could be pointing at a list that tak)189 477.6 R 1.556
+(es a long time to e)-.1 F 1.556(xpand \(see)-.15 F(belo)189 489.6 Q
+(w\).)-.25 E 34.5(datainit\207 The)117 505.8 R -.1(wa)2.5 G
+(it for a reply from a D).1 E -1.21 -1.11(AT A)-.4 H(command [5m, 2m].)
+3.61 E 20.62(datablock\207\210 The)117 522 R -.1(wa)2.696 G .196
+(it for reading a data block \(that is, the body of the message\).).1 F
+.196([1h, 3m].)5.196 F .621(This should be long because it also applies\
+ to programs piping input to)189 534 R F2(send-)3.12 E(mail)189 546 Q F1
+(which ha)2.5 E .3 -.15(ve n)-.2 H 2.5(og).15 G(uarantee of promptness.)
+-2.5 E 30.06(data\214nal\207 The)117 562.2 R -.1(wa)2.806 G .306
+(it for a reply from the dot terminating a message.).1 F .306
+([1h, 10m].)5.306 F .306(If this is)5.306 F .884
+(shorter than the time actually needed for the recei)189 574.2 R -.15
+(ve)-.25 G 3.383(rt).15 G 3.383(od)-3.383 G(eli)-3.383 E -.15(ve)-.25 G
+3.383(rt).15 G .883(he message,)-3.383 F(duplicates will be generated.)
+189 586.2 Q(This is discussed in RFC 1047.)5 E 55.06(rset The)117 602.4
+R -.1(wa)2.5 G(it for a reply from a RSET command [5m, unspeci\214ed].)
+.1 E 53.94(quit The)117 618.6 R -.1(wa)2.5 G(it for a reply from a Q).1
+E(UIT command [2m, unspeci\214ed].)-.1 E 50.61(misc The)117 634.8 R -.1
+(wa)2.76 G .261(it for a reply from miscellaneous \(b).1 F .261
+(ut short\) commands such as NOOP)-.2 F
+(\(no-operation\) and VERB \(go into v)189 646.8 Q(erbose mode\).)-.15 E
+([2m, unspeci\214ed].)5 E 20.06(command\207\210 In)117 663 R(serv)2.5 E
+(er SMTP)-.15 E 2.5(,t)-1.11 G(he time to w)-2.5 E
+(ait for another command.)-.1 E([1h, 5m].)5 E 44.5(ident\210 The)117
+681.2 R(timeout w)2.5 E(aiting for a reply to an IDENT query [5s)-.1 E
+/F3 7/Times-Roman@0 SF(13)-4 I F1 2.5(,u)4 K(nspeci\214ed].)-2.5 E .32
+LW 76 690.8 72 690.8 DL 80 690.8 76 690.8 DL 84 690.8 80 690.8 DL 88
+690.8 84 690.8 DL 92 690.8 88 690.8 DL 96 690.8 92 690.8 DL 100 690.8 96
+690.8 DL 104 690.8 100 690.8 DL 108 690.8 104 690.8 DL 112 690.8 108
+690.8 DL 116 690.8 112 690.8 DL 120 690.8 116 690.8 DL 124 690.8 120
+690.8 DL 128 690.8 124 690.8 DL 132 690.8 128 690.8 DL 136 690.8 132
+690.8 DL 140 690.8 136 690.8 DL 144 690.8 140 690.8 DL 148 690.8 144
+690.8 DL 152 690.8 148 690.8 DL 156 690.8 152 690.8 DL 160 690.8 156
+690.8 DL 164 690.8 160 690.8 DL 168 690.8 164 690.8 DL 172 690.8 168
+690.8 DL 176 690.8 172 690.8 DL 180 690.8 176 690.8 DL 184 690.8 180
+690.8 DL 188 690.8 184 690.8 DL 192 690.8 188 690.8 DL 196 690.8 192
+690.8 DL 200 690.8 196 690.8 DL 204 690.8 200 690.8 DL 208 690.8 204
+690.8 DL 212 690.8 208 690.8 DL 216 690.8 212 690.8 DL/F4 5
+/Times-Roman@0 SF(13)93.6 701.2 Q/F5 8/Times-Roman@0 SF
+(On some systems the def)3.2 I(ault is zero to turn the protocol of)-.08
+E 2(fe)-.2 G(ntirely)-2 E(.)-.52 E 0 Cg EP
%%Page: 29 25
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3239>195.86 E
-/F1 10/Times-Roman@0 SF 32.28<8c6c656f70656e8820546865>117 96 R
-<74696d656f757420666f72206f70656e696e67202e666f7277>2.5 E
-<61726420616e64203a696e636c7564653a208c6c6573205b3630732c206e6f6e655d2e>
--.1 E 36.17<636f6e74726f6c8820546865>117 112.2 R .241
-<74696d656f757420666f72206120636f6d706c65746520636f6e74726f6c20736f636b>
-2.741 F .241<6574207472616e73616374696f6e20746f20636f6d706c657465205b32
-6d2c206e6f6e655d2e>-.1 F 25.05<686f73747374617475738820486f>117 128.4 R
-4.141<776c>-.25 G 1.642<6f6e672073746174757320696e666f726d6174696f6e2061
-626f7574206120686f73742028652e672e2c20686f737420646f>-4.141 F 1.642
-<776e292077696c6c20626520636163686564>-.25 F<6265666f726520697420697320
-636f6e73696465726564207374616c65205b33306d2c20756e73706563698c65645d2e>
-189 140.4 Q<7265736f6c76>117 156.6 Q<6572>-.15 E 3.28
-<2e72657472616e738820546865>-.55 F<7265736f6c76>4.275 E<657227>-.15 E
-4.275<7372>-.55 G 1.775
-<657472616e736d697373696f6e2074696d6520696e74657276>-4.275 F 1.774
-<616c2028696e207365636f6e647329205b76>-.25 F 4.274
-<61726965735d2e2053657473>-.25 F<626f7468>4.274 E/F2 10/Times-Italic@0
-SF -.55<5469>189 168.6 S<6d656f75742e72>.55 E<65736f6c766572>-.37 E
-<2e72>-1.11 E<657472>-.37 E<616e732e8c72>-.15 E<7374>-.1 E F1<616e64>2.5
-E F2 -.55<5469>2.5 G<6d656f75742e72>.55 E<65736f6c766572>-.37 E<2e72>
--1.11 E<657472>-.37 E<616e732e6e6f726d616c>-.15 E F1<2e>A<7265736f6c76>
-117 184.8 Q<6572>-.15 E<2e72657472616e732e8c72737488>-.55 E .317
-<546865207265736f6c76>189 196.8 R<657227>-.15 E 2.817<7372>-.55 G .317
-<657472616e736d697373696f6e2074696d6520696e74657276>-2.817 F .317<616c20
-28696e207365636f6e64732920666f7220746865208c72737420617474656d707420746f>
--.25 F<64656c69>189 208.8 Q -.15<7665>-.25 G 2.5<72616d>.15 G
-<657373616765205b76>-2.5 E<61726965735d2e>-.25 E<7265736f6c76>117 225 Q
-<6572>-.15 E<2e72657472616e732e6e6f726d616c88>-.55 E 3.555
-<546865207265736f6c76>189 237 R<657227>-.15 E 6.055<7372>-.55 G 3.555
-<657472616e736d697373696f6e2074696d6520696e74657276>-6.055 F 3.554
-<616c2028696e207365636f6e64732920666f7220616c6c207265736f6c76>-.25 F
-<6572>-.15 E<6c6f6f6b7570732065>189 249 Q
-<786365707420746865208c7273742064656c69>-.15 E -.15<7665>-.25 G
-<727920617474656d7074205b76>.15 E<61726965735d2e>-.25 E<7265736f6c76>117
-265.2 Q<6572>-.15 E 11.61<2e72657472798820546865>-.55 F 3.838<6e756d6265
-72206f662074696d657320746f2072657472616e736d69742061207265736f6c76>6.338
-F 3.838<6572207175657279>-.15 F 8.838<2e53>-.65 G 3.839
-<65747320626f7468>-8.838 F F2 -.55<5469>6.339 G<6d652d>.55 E<6f75742e72>
-189 277.2 Q<65736f6c766572>-.37 E<2e72>-1.11 E<65747279>-.37 E<2e8c72>
--.55 E<7374>-.1 E F1<616e64>2.5 E F2 -.55<5469>2.5 G<6d656f75742e72>.55
-E<65736f6c766572>-.37 E<2e72>-1.11 E<65747279>-.37 E<2e6e6f726d616c>-.55
-E F1<5b76>2.5 E<61726965735d2e>-.25 E<7265736f6c76>117 293.4 Q<6572>-.15
-E<2e7265747279>-.55 E<2e8c72737488>-.65 E 1.66<546865206e756d626572206f
-662074696d657320746f2072657472616e736d69742061207265736f6c76>189 305.4 R
-1.66<657220717565727920666f7220746865208c72737420617474656d707420746f>
--.15 F<64656c69>189 317.4 Q -.15<7665>-.25 G 2.5<72616d>.15 G
-<657373616765205b76>-2.5 E<61726965735d2e>-.25 E<7265736f6c76>117 333.6
-Q<6572>-.15 E<2e7265747279>-.55 E<2e6e6f726d616c88>-.65 E<546865206e756d
-626572206f662074696d657320746f2072657472616e736d69742061207265736f6c76>
-189 345.6 Q<657220717565727920666f7220616c6c207265736f6c76>-.15 E
-<6572206c6f6f6b757073>-.15 E -.15<6578>191.5 357.6 S
-<6365707420746865208c7273742064656c69>.15 E -.15<7665>-.25 G
-<727920617474656d7074205b76>.15 E<61726965735d2e>-.25 E -.15<466f>117
-373.8 S 4.608<7263>.15 G 2.108<6f6d7061746962696c6974792077697468206f6c
-6420636f6e8c6775726174696f6e208c6c65732c206966206e6f>-4.608 F F2
-<7375626f7074696f6e>4.609 E F1 2.109
-<69732073706563698c65642c20616c6c207468652074696d656f757473>4.609 F
-<6d61726b>117 385.8 Q .059<65642077697468206120646167676572202887292061
-72652073657420746f2074686520696e646963617465642076>-.1 F 2.559
-<616c75652e20416c6c>-.25 F -.2<6275>2.559 G 2.559<7474>.2 G .059
-<686f7365206d61726b>-2.559 F .059
-<65642077697468206120646f75626c65206461672d>-.1 F
-<67657220288829206170706c7920746f20636c69656e7420534d5450>117 397.8 Q
-<2e>-1.11 E -.15<466f>142 414 S 2.5<7265>.15 G
-<78616d706c652c20746865206c696e65733a>-2.65 E 2.5<4f54>157 430.2 S
-<696d656f75742e636f6d6d616e643d32356d>-2.85 E 2.5<4f54>157 442.2 S
-<696d656f75742e64617461626c6f636b3d3368>-2.85 E .343
-<73657473207468652073657276>117 458.4 R .344<657220534d545020636f6d6d61
-6e642074696d656f757420746f203235206d696e7574657320616e642074686520696e70
-7574206461746120626c6f636b2074696d656f757420746f207468726565>-.15 F
-<686f7572732e>117 470.4 Q F0 2.5<342e312e332e204d657373616765>102 494.4
-R<74696d656f757473>2.5 E F1 .464
-<41667465722073697474696e6720696e2074686520717565756520666f722061206665>
-142 510.6 R 2.964<7764>-.25 G .464<6179732c20616e20756e64656c69>-2.964 F
--.15<7665>-.25 G .464
-<7261626c65206d6573736167652077696c6c2074696d65206f75742e>.15 F .463
-<54686973206973>5.463 F .164<746f20696e737572652074686174206174206c6561
-7374207468652073656e6465722069732061>117 522.6 R -.1<7761>-.15 G .165<72
-65206f662074686520696e6162696c69747920746f2073656e642061206d657373616765
-2e>.1 F .165<5468652074696d656f757420697320747970692d>5.165 F .56
-<63616c6c792073657420746f208c76>117 534.6 R 3.06<6564>-.15 G 3.06
-<6179732e204974>-3.06 F .56
-<697320736f6d6574696d657320636f6e7369646572656420636f6e>3.06 F -.15
-<7665>-.4 G .56<6e69656e7420746f20616c736f2073656e6420612077>.15 F .56
-<61726e696e67206d657373616765206966>-.1 F .236<746865206d65737361676520
-697320696e20746865207175657565206c6f6e676572207468616e2061206665>117
-546.6 R 2.736<7768>-.25 G .236
-<6f7572732028617373756d696e6720796f75206e6f726d616c6c79206861>-2.736 F
-.537 -.15<76652067>-.2 H .237<6f6f6420636f6e6e65632d>.15 F<7469>117
-558.6 Q 2.074<766974793b20696620796f7572206d65737361676573206e6f726d616c
-6c7920746f6f6b207365>-.25 F -.15<7665>-.25 G 2.073
-<72616c20686f75727320746f2073656e6420796f752077>.15 F<6f756c646e27>-.1 E
-4.573<7477>-.18 G 2.073<616e7420746f20646f2074686973>-4.673 F .793
-<626563617573652069742077>117 570.6 R<6f756c646e27>-.1 E 3.294<7462>-.18
-G 3.294<6561>-3.294 G 3.294<6e75>-3.294 G .794<6e757375616c2065>-3.294 F
--.15<7665>-.25 G 3.294<6e74292e205468657365>.15 F .794
-<74696d656f7574732061726520736574207573696e6720746865>3.294 F F0 -.18
-<5469>3.294 G<6d656f75742e717565756572>.18 E<652d>-.18 E<747572>117
-582.6 Q<6e>-.15 E F1<616e64>3.076 E F0 -.18<5469>3.076 G
-<6d656f75742e7175657565776172>.18 E<6e>-.15 E F1 .576<6f7074696f6e732069
-6e2074686520636f6e8c6775726174696f6e208c6c652028707265>3.076 F .576
-<76696f75736c7920626f7468207765726520736574207573696e67>-.25 F<746865>
-117 594.6 Q F0<54>2.5 E F1<6f7074696f6e292e>2.5 E 1.367<496620746865206d
-657373616765206973207375626d6974746564207573696e6720746865>142 610.8 R
-/F3 9/Times-Roman@0 SF<4e4f>3.867 E 1.617<5449465920534d5450>-.36 F F1
--.15<6578>3.868 G 1.368<74656e73696f6e2c2077>.15 F 1.368
-<61726e696e67206d657373616765732077696c6c>-.1 F .888
-<6f6e6c792062652073656e74206966>117 622.8 R F3<4e4f>3.388 E
-<544946593d44454c41>-.36 E<59>-.945 E F1 .888<69732073706563698c65642e>
-3.388 F .888<54686520717565756572657475726e20616e64207175657565>5.888 F
--.1<7761>-.25 G .888<726e2074696d656f7574732063616e206265>.1 F .669<6675
-7274686572207175616c698c65642077697468206120746167206261736564206f6e2074
-686520507265636564656e63653a208c656c6420696e20746865206d6573736167653b20
-746865>117 634.8 R 3.17<796d>-.15 G .67<757374206265206f6e65206f66>-3.17
-F<997572>117 646.8 Q .938
-<67656e749a2028696e6469636174696e67206120706f73697469>-.18 F 1.238 -.15
-<7665206e>-.25 H .938<6f6e2d7a65726f20707265636564656e6365292c20996e6f72
-6d616c9a2028696e6469636174696e672061207a65726f20707265636564656e6365292c>
-.15 F 3.495<6f7220996e6f6e2d7572>117 658.8 R 3.495
-<67656e749a2028696e6469636174696e67206e65>-.18 F -.05<6761>-.15 G<7469>
-.05 E 3.795 -.15<76652070>-.25 H 5.995<7265636564656e636573292e2046>.15
-F 3.495<6f722065>-.15 F 3.495<78616d706c652c2073657474696e67209954>-.15
-F<696d656f75742e71756575652d>-.35 E -.1<7761>117 670.8 S<726e2e7572>.1 E
-.486<67656e743d31689a2073657473207468652077>-.18 F .486
-<61726e696e672074696d656f757420666f72207572>-.1 F .486
-<67656e74206d65737361676573206f6e6c7920746f206f6e6520686f7572>-.18 F
-5.485<2e54>-.55 G .485<686520646566>-5.485 F .485<61756c74206966>-.1 F
-.205<6e6f20707265636564656e636520697320696e6469636174656420697320746f20
-736574207468652074696d656f757420666f7220616c6c20707265636564656e6365732e>
-117 682.8 R .205<496620746865206d657373616765206861732061206e6f726d616c>
-5.205 F<28646566>117 694.8 Q 1.278
-<61756c742920707265636564656e636520616e6420697420697320612064656c69>-.1
-F -.15<7665>-.25 G 1.278
-<727920737461747573206e6f74698c636174696f6e202844534e292c>.15 F F0 -.18
-<5469>3.778 G<6d656f75742e717565756572>.18 E<65747572>-.18 E<6e2e64736e>
--.15 E F1<616e64>117 706.8 Q F0 -.18<5469>2.675 G
-<6d656f75742e7175657565776172>.18 E<6e2e64736e>-.15 E F1 .175
-<63616e206265207573656420746f206769>2.675 F .475 -.15<76652061>-.25 H
-2.675<6e61>.15 G<6c7465726e617469>-2.675 E .475 -.15<76652077>-.25 H
-.175<61726e20616e642072657475726e2074696d6520666f722044534e732e>.05 F
-.242<5468652076>117 718.8 R .242<616c756520226e6f>-.25 F .242
-<77222063616e206265207573656420666f72202d4f2054>-.25 F .241<696d656f7574
-2e717565756572657475726e20746f2072657475726e20656e747269657320696d6d6564
-696174656c7920647572696e672061>-.35 F 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-29)195.86 E/F1 10/Times-Roman@0 SF 53.94(lhlo The)117 96 R -.1
+(wa)2.5 G(it for a reply to an LMTP LHLO command [2m, unspeci\214ed].).1
+E 52.28(auth The)117 112.2 R(timeout for a reply in an SMTP A)2.5 E
+(UTH dialogue [10m, unspeci\214ed].)-.55 E 42.83(starttls The)117 128.4
+R .141(timeout for a reply to an SMTP ST)2.641 F(AR)-.93 E .14
+(TTLS command and the TLS hand-)-.6 F(shak)189 140.4 Q 2.5(e[)-.1 G
+(1h, unspeci\214ed].)-2.5 E 32.28(\214leopen\210 The)117 156.6 R
+(timeout for opening .forw)2.5 E(ard and :include: \214les [60s, none].)
+-.1 E 36.17(control\210 The)117 172.8 R .241
+(timeout for a complete control sock)2.74 F .241
+(et transaction to complete [2m, none].)-.1 F 25.05(hoststatus\210 Ho)
+117 189 R 4.142(wl)-.25 G 1.642
+(ong status information about a host \(e.g., host do)-4.142 F 1.641
+(wn\) will be cached)-.25 F
+(before it is considered stale [30m, unspeci\214ed].)189 201 Q(resolv)
+117 217.2 Q(er)-.15 E 3.28(.retrans\210 The)-.55 F(resolv)4.274 E(er')
+-.15 E 4.274(sr)-.55 G 1.774(etransmission time interv)-4.274 F 1.775
+(al \(in seconds\) [v)-.25 F 4.275(aries]. Sets)-.25 F(both)4.275 E/F2
+10/Times-Italic@0 SF -.55(Ti)189 229.2 S(meout.r).55 E(esolver)-.37 E
+(.r)-1.11 E(etr)-.37 E(ans.\214r)-.15 E(st)-.1 E F1(and)2.5 E F2 -.55
+(Ti)2.5 G(meout.r).55 E(esolver)-.37 E(.r)-1.11 E(etr)-.37 E(ans.normal)
+-.15 E F1(.)A(resolv)117 245.4 Q(er)-.15 E(.retrans.\214rst\210)-.55 E
+.318(The resolv)189 257.4 R(er')-.15 E 2.818(sr)-.55 G .318
+(etransmission time interv)-2.818 F .317
+(al \(in seconds\) for the \214rst attempt to)-.25 F(deli)189 269.4 Q
+-.15(ve)-.25 G 2.5(ram).15 G(essage [v)-2.5 E(aries].)-.25 E(resolv)117
+285.6 Q(er)-.15 E(.retrans.normal\210)-.55 E 3.554(The resolv)189 297.6
+R(er')-.15 E 6.054(sr)-.55 G 3.554(etransmission time interv)-6.054 F
+3.555(al \(in seconds\) for all resolv)-.25 F(er)-.15 E(lookups e)189
+309.6 Q(xcept the \214rst deli)-.15 E -.15(ve)-.25 G(ry attempt [v).15 E
+(aries].)-.25 E(resolv)117 325.8 Q(er)-.15 E 11.61(.retry\210 The)-.55 F
+3.838(number of times to retransmit a resolv)6.339 F 3.838(er query)-.15
+F 8.838(.S)-.65 G 3.838(ets both)-8.838 F F2 -.55(Ti)6.338 G(me-).55 E
+(out.r)189 337.8 Q(esolver)-.37 E(.r)-1.11 E(etry)-.37 E(.\214r)-.55 E
+(st)-.1 E F1(and)2.5 E F2 -.55(Ti)2.5 G(meout.r).55 E(esolver)-.37 E(.r)
+-1.11 E(etry)-.37 E(.normal)-.55 E F1([v)2.5 E(aries].)-.25 E(resolv)117
+354 Q(er)-.15 E(.retry)-.55 E(.\214rst\210)-.65 E 1.66
+(The number of times to retransmit a resolv)189 366 R 1.66
+(er query for the \214rst attempt to)-.15 F(deli)189 378 Q -.15(ve)-.25
+G 2.5(ram).15 G(essage [v)-2.5 E(aries].)-.25 E(resolv)117 394.2 Q(er)
+-.15 E(.retry)-.55 E(.normal\210)-.65 E
+(The number of times to retransmit a resolv)189 406.2 Q
+(er query for all resolv)-.15 E(er lookups)-.15 E -.15(ex)191.5 418.2 S
+(cept the \214rst deli).15 E -.15(ve)-.25 G(ry attempt [v).15 E(aries].)
+-.25 E -.15(Fo)117 434.4 S 4.609(rc).15 G 2.109
+(ompatibility with old con\214guration \214les, if no)-4.609 F F2
+(suboption)4.608 E F1 2.108(is speci\214ed, all the timeouts)4.608 F
+(mark)117 446.4 Q .059
+(ed with a dagger \(\207\) are set to the indicated v)-.1 F 2.559
+(alue. All)-.25 F -.2(bu)2.559 G 2.559(tt).2 G .059(hose mark)-2.559 F
+.059(ed with a double dag-)-.1 F(ger \(\210\) apply to client SMTP)117
+458.4 Q(.)-1.11 E -.15(Fo)142 474.6 S 2.5(re).15 G(xample, the lines:)
+-2.65 E 2.5(OT)157 490.8 S(imeout.command=25m)-2.85 E 2.5(OT)157 502.8 S
+(imeout.datablock=3h)-2.85 E .344(sets the serv)117 519 R .344(er SMTP \
+command timeout to 25 minutes and the input data block timeout to three)
+-.15 F(hours.)117 531 Q F0 2.5(4.1.3. Message)102 555 R(timeouts)2.5 E
+F1 .463(After sitting in the queue for a fe)142 571.2 R 2.964(wd)-.25 G
+.464(ays, an undeli)-2.964 F -.15(ve)-.25 G .464
+(rable message will time out.).15 F .464(This is)5.464 F .165
+(to insure that at least the sender is a)117 583.2 R -.1(wa)-.15 G .165
+(re of the inability to send a message.).1 F .164(The timeout is typi-)
+5.164 F .56(cally set to \214v)117 595.2 R 3.06(ed)-.15 G 3.06(ays. It)
+-3.06 F .56(is sometimes considered con)3.06 F -.15(ve)-.4 G .56
+(nient to also send a w).15 F .56(arning message if)-.1 F .236
+(the message is in the queue longer than a fe)117 607.2 R 2.736(wh)-.25
+G .236(ours \(assuming you normally ha)-2.736 F .536 -.15(ve g)-.2 H
+.236(ood connec-).15 F(ti)117 619.2 Q 2.073
+(vity; if your messages normally took se)-.25 F -.15(ve)-.25 G 2.073
+(ral hours to send you w).15 F(ouldn')-.1 E 4.574(tw)-.18 G 2.074
+(ant to do this)-4.674 F .794(because it w)117 631.2 R(ouldn')-.1 E
+3.294(tb)-.18 G 3.294(ea)-3.294 G 3.294(nu)-3.294 G .794(nusual e)-3.294
+F -.15(ve)-.25 G 3.294(nt\). These).15 F .794
+(timeouts are set using the)3.294 F F0 -.18(Ti)3.293 G(meout.queuer).18
+E(e-)-.18 E(tur)117 643.2 Q(n)-.15 E F1(and)3.075 E F0 -.18(Ti)3.075 G
+(meout.queuewar).18 E(n)-.15 E F1 .576
+(options in the con\214guration \214le \(pre)3.076 F .576
+(viously both were set using)-.25 F(the)117 655.2 Q F0(T)2.5 E F1
+(option\).)2.5 E 1.368(If the message is submitted using the)142 671.4 R
+/F3 9/Times-Roman@0 SF(NO)3.867 E 1.617(TIFY SMTP)-.36 F F1 -.15(ex)
+3.867 G 1.367(tension, w).15 F 1.367(arning messages will)-.1 F .888
+(only be sent if)117 683.4 R F3(NO)3.388 E(TIFY=DELA)-.36 E(Y)-.945 E F1
+.888(is speci\214ed.)3.388 F .888(The queuereturn and queue)5.888 F -.1
+(wa)-.25 G .888(rn timeouts can be).1 F .67(further quali\214ed with a \
+tag based on the Precedence: \214eld in the message; the)117 695.4 R
+3.169(ym)-.15 G .669(ust be one of)-3.169 F(\231ur)117 707.4 Q .938
+(gent\232 \(indicating a positi)-.18 F 1.238 -.15(ve n)-.25 H .938
+(on-zero precedence\), \231normal\232 \(indicating a zero precedence\),)
+.15 F 14.022(or \231non-ur)117 719.4 R 14.022(gent\232 \(indicating ne)
+-.18 F -.05(ga)-.15 G(ti).05 E 14.321 -.15(ve p)-.25 H 16.521
+(recedences\). F).15 F 14.021(or e)-.15 F 14.021(xample, setting)-.15 F
+0 Cg EP
%%Page: 30 26
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d33302053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<71756575652072756e2c20652e672e2c20746f20626f756e
-6365206d6573736167657320696e646570656e64656e74206f662074686569722074696d
-6520696e207468652071756575652e>117 96 Q .28<53696e6365207468657365206f70
-74696f6e732061726520676c6f62616c2c20616e642073696e636520796f752063616e6e
-6f74206b6e6f>142 112.2 R<77>-.25 E/F2 10/Times-Italic@0 SF 2.78<6170>
-2.78 G<72696f7269>-2.78 E F1<686f>2.78 E 2.78<776c>-.25 G .28
-<6f6e6720616e6f7468657220686f7374>-2.78 F .476
-<6f75747369646520796f757220646f6d61696e2077696c6c20626520646f>117 124.2
-R .475<776e2c2061208c76>-.25 F 2.975<6564>-.15 G .475
-<61792074696d656f7574206973207265636f6d6d656e6465642e>-2.975 F .475
-<5468697320616c6c6f>5.475 F .475<7773206120726563697069656e74>-.25 F
-1.579<746f208c78207468652070726f626c656d2065>117 136.2 R -.15<7665>-.25
-G 4.079<6e69>.15 G 4.079<6669>-4.079 G 4.079<746f>-4.079 G 1.579
-<636375727320617420746865206265>-4.079 F 1.58
-<67696e6e696e67206f662061206c6f6e67207765656b>-.15 F 4.08
-<656e642e20524643>-.1 F 1.58<313132332073656374696f6e>4.08 F<352e332e31
-2e3120736179732074686174207468697320706172616d657465722073686f756c642062
-652060>117 148.2 Q<606174206c656173742034ad35206461797327>-.74 E<272e>
--.74 E<546865>142 164.4 Q F0 -.18<5469>2.923 G
-<6d656f75742e7175657565776172>.18 E<6e>-.15 E F1 -.25<7661>2.923 G .423
-<6c75652063616e2062652070696767796261636b>.25 F .422<6564206f6e20746865>
--.1 F F0<54>2.922 E F1 .422
-<6f7074696f6e20627920696e6469636174696e6720612074696d65>2.922 F .845
-<616674657220776869636820612077>117 176.4 R .845<61726e696e67206d657373
-6167652073686f756c642062652073656e743b20746865207477>-.1 F 3.346<6f74>
--.1 G .846
-<696d656f7574732061726520736570617261746564206279206120736c6173682e>
--3.346 F -.15<466f>5.846 G<72>.15 E -.15<6578>117 188.4 S
-<616d706c652c20746865206c696e65>.15 E -.4<4f54>157 204.6 S<35642f3468>.4
-E .972<63617573657320656d61696c20746f2066>117 220.8 R .971
-<61696c206166746572208c76>-.1 F 3.471<6564>-.15 G .971<6179732c2062>
--3.471 F .971<757420612077>-.2 F .971<61726e696e67206d657373616765207769
-6c6c2062652073656e7420616674657220666f757220686f7572732e>-.1 F<54686973>
-5.971 E<73686f756c64206265206c6172>117 232.8 Q
-<676520656e6f756768207468617420746865206d6573736167652077696c6c206861>
--.18 E .3 -.15<76652062>-.2 H<65656e207472696564207365>.15 E -.15<7665>
--.25 G<72616c2074696d65732e>.15 E F0 2.5<342e322e2046>87 256.8 R
-<6f726b696e6720447572696e672051756575652052756e73>-.25 E F1 .848
-<42792073657474696e6720746865>127 273 R F0 -.25<466f>3.348 G
-<726b456163684a>.25 E<6f62>-.15 E F1<28>3.348 E F0<59>A F1 3.348<296f>C
-<7074696f6e2c>-3.348 E F2<73656e646d61696c>3.348 E F1 .849
-<77696c6c20666f726b206265666f7265206561636820696e6469>3.348 F .849
-<76696475616c206d657373616765>-.25 F .486
-<7768696c652072756e6e696e67207468652071756575652e>102 285 R .486
-<54686973206f7074696f6e2077>5.486 F .486<617320757365642077697468206561
-726c6965722072656c656173657320746f20707265>-.1 F -.15<7665>-.25 G<6e74>
-.15 E F2<73656e646d61696c>2.986 E F1 .486<66726f6d20636f6e2d>2.986 F
-1.562<73756d696e67206c6172>102 297 R 1.562
-<676520616d6f756e7473206f66206d656d6f7279>-.18 F 6.562<2e49>-.65 G 4.062
-<7473>-6.562 G 1.562
-<686f756c64206e6f206c6f6e676572206265206e65636573736172792077697468>
--4.062 F F2<73656e646d61696c>4.062 E F1 4.062<382e31322e204966>4.062 F
-<746865>4.062 E F0 -.25<466f>102 309 S<726b456163684a>.25 E<6f62>-.15 E
-F1 .246<6f7074696f6e206973206e6f74207365742c>2.746 F F2
-<73656e646d61696c>2.746 E F1 .245<77696c6c206b>2.745 F .245
-<65657020747261636b206f6620686f73747320746861742061726520646f>-.1 F .245
-<776e20647572696e6720612071756575652072756e2c>-.25 F
-<77686963682063616e20696d70726f>102 321 Q .3 -.15<76652070>-.15 H
-<6572666f726d616e6365206472616d61746963616c6c79>.15 E<2e>-.65 E
-<496620746865>127 337.2 Q F0 -.25<466f>2.5 G<726b456163684a>.25 E<6f62>
--.15 E F1<6f7074696f6e206973207365742c>2.5 E F2<73656e646d61696c>2.5 E
-F1<63616e6e6f742075736520636f6e6e656374696f6e2063616368696e672e>2.5 E F0
-2.5<342e332e205175657565>87 361.2 R<5072696f726974696573>2.5 E F1<4576>
-127 377.4 Q 1.128<657279206d6573736167652069732061737369676e656420612070
-72696f72697479207768656e206974206973208c72737420696e7374616e746961746564
-2c20636f6e73697374696e67206f6620746865206d657373616765>-.15 F .286
-<73697a652028696e20627974657329206f66>102 389.4 R .286<6673657420627920
-746865206d65737361676520636c617373202877686963682069732064657465726d696e
-65642066726f6d2074686520507265636564656e63653a20686561646572292074696d65
-73>-.25 F .342<746865209977>102 401.4 R .342<6f726b20636c6173732066>-.1
-F .343<6163746f729a20616e6420746865206e756d626572206f662072656369706965
-6e74732074696d657320746865209977>-.1 F .343
-<6f726b20726563697069656e742066>-.1 F<6163746f72>-.1 E 4.243 -.7
-<2e9a2054>-.55 H .343<6865207072696f72697479>.7 F .073
-<6973207573656420746f206f72646572207468652071756575652e>102 413.4 R .073
-<486967686572206e756d6265727320666f7220746865207072696f72697479206d6561
-6e207468617420746865206d6573736167652077696c6c2062652070726f636573736564>
-5.073 F<6c61746572207768656e2072756e6e696e67207468652071756575652e>102
-425.4 Q .328<546865206d6573736167652073697a6520697320696e636c7564656420
-736f2074686174206c6172>127 441.6 R .329
-<6765206d65737361676573206172652070656e616c697a65642072656c617469>-.18 F
-.629 -.15<76652074>-.25 H 2.829<6f73>.15 G .329
-<6d616c6c206d657373616765732e>-2.829 F .285
-<546865206d65737361676520636c61737320616c6c6f>102 453.6 R .285<77732075
-7365727320746f2073656e64209968696768207072696f726974799a206d657373616765
-7320627920696e636c7564696e6720612099507265636564656e63653a9a208c656c64>
--.25 F .007<696e207468656972206d6573736167653b207468652076>102 465.6 R
-.007<616c7565206f662074686973208c656c64206973206c6f6f6b>-.25 F .008
-<656420757020696e20746865>-.1 F F0<50>2.508 E F1 .008
-<6c696e6573206f662074686520636f6e8c6775726174696f6e208c6c652e>2.508 F
-.008<53696e636520746865>5.008 F 1.967
-<6e756d626572206f6620726563697069656e7473206166>102 477.6 R 1.967<666563
-74732074686520616d6f756e74206f66206c6f61642061206d6573736167652070726573
-656e747320746f207468652073797374656d2c207468697320697320616c736f>-.25 F
-<696e636c7564656420696e746f20746865207072696f72697479>102 489.6 Q<2e>
--.65 E .53<54686520726563697069656e7420616e6420636c6173732066>127 505.8
-R .53<6163746f72732063616e2062652073657420696e2074686520636f6e8c67757261
-74696f6e208c6c65207573696e6720746865>-.1 F F0<526563697069656e7446>3.03
-E<6163746f72>-.25 E F1<28>102 517.8 Q F0<79>A F1 3.443<2961>C<6e64>
--3.443 E F0<436c61737346>3.443 E<6163746f72>-.25 E F1<28>3.442 E F0<7a>A
-F1 3.442<296f>C .942<7074696f6e73207265737065637469>-3.442 F -.15<7665>
--.25 G<6c79>.15 E 5.942<2e54>-.65 G<6865>-5.942 E 3.442<7964>-.15 G
-<6566>-3.442 E .942
-<61756c7420746f2033303030302028666f722074686520726563697069656e742066>
--.1 F .942<6163746f722920616e64>-.1 F
-<313830302028666f722074686520636c6173732066>102 529.8 Q 2.5
-<6163746f72292e20546865>-.1 F<696e697469616c207072696f726974792069733a>
-2.5 E F2<707269>169.68 547.8 Q/F3 10/Symbol SF<3d>3.05 E F2
-<6d736773697a65>3.18 E F3<2d>2.27 E F1<28>1.72 E F2<636c617373>.2 E F3
-<b4>2.3 E F0<436c617373466163746f7229>1.71 E F3<2b>2.1 E F1<28>1.72 E F2
-<6e72637074>.36 E F3<b4>2.71 E F0<526563697069656e74466163746f7229>1.94
-E F1<2852656d656d626572>102 565.8 Q 3.328<2c68>-.4 G .828
-<69676865722076>-3.328 F .828<616c75657320666f72207468697320706172616d65
-7465722061637475616c6c79206d65616e207468617420746865206a6f622077696c6c20
-626520747265617465642077697468206c6f>-.25 F<776572>-.25 E
-<7072696f72697479>102 577.8 Q<2e29>-.65 E 1.519<546865207072696f72697479
-206f662061206a6f622063616e20616c736f2062652061646a7573746564206561636820
-74696d652069742069732070726f6365737365642028746861742069732c206561636820
-74696d6520616e>127 594 R .235
-<617474656d7074206973206d61646520746f2064656c69>102 606 R -.15<7665>-.25
-G 2.736<7269>.15 G .236<7429207573696e6720746865209977>-2.736 F .236
-<6f726b2074696d652066>-.1 F<6163746f72>-.1 E 1.636 -.7<2c9a2073>-.4 H
-.236<657420627920746865>.7 F F0<526574727946>2.736 E<6163746f72>-.25 E
-F1<28>2.736 E F0<5a>A F1 2.736<296f>C 2.736<7074696f6e2e2054686973>
--2.736 F .367<697320616464656420746f20746865207072696f72697479>102 618 R
-2.867<2c73>-.65 G 2.867<6f69>-2.867 G 2.867<746e>-2.867 G .366<6f726d61
-6c6c79206465637265617365732074686520707265636564656e6365206f662074686520
-6a6f622c206f6e207468652067726f756e64732074686174206a6f6273>-2.867 F .137
-<74686174206861>102 630 R .437 -.15<76652066>-.2 H .137
-<61696c6564206d616e>.05 F 2.637<7974>-.15 G .137
-<696d65732077696c6c2074656e6420746f2066>-2.637 F .137<61696c206167>-.1 F
-.137<61696e20696e20746865206675747572652e>-.05 F<546865>5.137 E F0
-<526574727946>2.637 E<6163746f72>-.25 E F1 .137<6f7074696f6e20646566>
-2.637 F .138<61756c747320746f>-.1 F<39303030302e>102 642 Q F0 2.5
-<342e342e204c6f6164>87 666 R<4c696d6974696e67>2.5 E F2<53656e646d61696c>
-127 682.2 Q F1 .102<63616e2062652061736b>2.602 F .101
-<656420746f207175657565202862>-.1 F .101<7574206e6f742064656c69>-.2 F
--.15<7665>-.25 G .101
-<7229206d61696c206966207468652073797374656d206c6f61642061>.15 F -.15
-<7665>-.2 G .101<72616765206765747320746f6f2068696768>.15 F .483
-<7573696e6720746865>102 694.2 R F0<51756575654c41>2.983 E F1<28>2.983 E
-F0<78>A F1 2.983<296f>C 2.983<7074696f6e2e205768656e>-2.983 F .483
-<746865206c6f61642061>2.983 F -.15<7665>-.2 G .483<726167652065>.15 F
-.483<786365656473207468652076>-.15 F .484<616c7565206f6620746865>-.25 F
-F0<51756575654c41>2.984 E F1<6f7074696f6e2c>2.984 E .532
-<7468652064656c69>102 706.2 R -.15<7665>-.25 G .532
-<7279206d6f64652069732073657420746f>.15 F F0<71>3.032 E F1 .532
-<287175657565206f6e6c792920696620746865>3.032 F F0<517565756546>3.032 E
-<6163746f72>-.25 E F1<28>3.032 E F0<71>A F1 3.032<296f>C .531
-<7074696f6e206469>-3.032 F .531<76696465642062792074686520646966>-.25 F
-<666572656e6365>-.25 E .01<696e207468652063757272656e74206c6f61642061>
-102 718.2 R -.15<7665>-.2 G .01<7261676520616e6420746865>.15 F F0
-<51756575654c41>2.51 E F1 .01<6f7074696f6e20706c7573206f6e65206973206c65
-7373207468616e20746865207072696f72697479206f6620746865206d657373616765>
-2.51 F 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-30 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF<9954>117
+96 Q(imeout.queue)-.35 E -.1(wa)-.25 G(rn.ur).1 E .183
+(gent=1h\232 sets the w)-.18 F .184(arning timeout for ur)-.1 F .184
+(gent messages only to one hour)-.18 F(.)-.55 E .015(The def)117 108 R
+.015(ault if no precedence is indicated is to set the timeout for all p\
+recedences.)-.1 F .014(If the message)5.014 F 3.288(has a normal \(def)
+117 120 R 3.288(ault\) precedence and it is a deli)-.1 F -.15(ve)-.25 G
+3.289(ry status noti\214cation \(DSN\),).15 F F0 -.18(Ti)5.789 G(me-).18
+E(out.queuer)117 132 Q(etur)-.18 E(n.dsn)-.15 E F1(and)2.751 E F0 -.18
+(Ti)2.751 G(meout.queuewar).18 E(n.dsn)-.15 E F1 .251(can be used to gi)
+2.751 F .551 -.15(ve a)-.25 H 2.751(na).15 G(lternati)-2.751 E .551 -.15
+(ve w)-.25 H .25(arn and).05 F 2.027(return time for DSNs.)117 144 R
+2.027(The v)7.027 F 2.027(alue "no)-.25 F 2.027(w" can be used for -O T)
+-.25 F 2.028(imeout.queuereturn to return)-.35 F .901(entries immediate\
+ly during a queue run, e.g., to bounce messages independent of their ti\
+me in)117 156 R(the queue.)117 168 Q .28
+(Since these options are global, and since you cannot kno)142 184.2 R(w)
+-.25 E/F2 10/Times-Italic@0 SF 2.78(ap)2.78 G(riori)-2.78 E F1(ho)2.78 E
+2.78(wl)-.25 G .28(ong another host)-2.78 F .476
+(outside your domain will be do)117 196.2 R .475(wn, a \214v)-.25 F
+2.975(ed)-.15 G .475(ay timeout is recommended.)-2.975 F .475(This allo)
+5.475 F .475(ws a recipient)-.25 F 1.579(to \214x the problem e)117
+208.2 R -.15(ve)-.25 G 4.079(ni).15 G 4.079(fi)-4.079 G 4.079(to)-4.079
+G 1.579(ccurs at the be)-4.079 F 1.58(ginning of a long week)-.15 F 4.08
+(end. RFC)-.1 F 1.58(1123 section)4.08 F
+(5.3.1.1 says that this parameter should be `)117 220.2 Q
+(`at least 4\2555 days')-.74 E('.)-.74 E(The)142 236.4 Q F0 -.18(Ti)
+2.923 G(meout.queuewar).18 E(n)-.15 E F1 -.25(va)2.923 G .423
+(lue can be piggyback).25 F .422(ed on the)-.1 F F0(T)2.922 E F1 .422
+(option by indicating a time)2.922 F .845(after which a w)117 248.4 R
+.845(arning message should be sent; the tw)-.1 F 3.346(ot)-.1 G .846
+(imeouts are separated by a slash.)-3.346 F -.15(Fo)5.846 G(r).15 E -.15
+(ex)117 260.4 S(ample, the line).15 E -.4(OT)157 276.6 S(5d/4h).4 E .972
+(causes email to f)117 292.8 R .971(ail after \214v)-.1 F 3.471(ed)-.15
+G .971(ays, b)-3.471 F .971(ut a w)-.2 F .971
+(arning message will be sent after four hours.)-.1 F(This)5.971 E
+(should be lar)117 304.8 Q(ge enough that the message will ha)-.18 E .3
+-.15(ve b)-.2 H(een tried se).15 E -.15(ve)-.25 G(ral times.).15 E F0
+2.5(4.2. F)87 328.8 R(orking During Queue Runs)-.25 E F1 .848
+(By setting the)127 345 R F0 -.25(Fo)3.348 G(rkEachJ).25 E(ob)-.15 E F1
+(\()3.348 E F0(Y)A F1 3.348(\)o)C(ption,)-3.348 E F2(sendmail)3.348 E F1
+.849(will fork before each indi)3.348 F .849(vidual message)-.25 F .486
+(while running the queue.)102 357 R .486(This option w)5.486 F .486
+(as used with earlier releases to pre)-.1 F -.15(ve)-.25 G(nt).15 E F2
+(sendmail)2.986 E F1 .486(from con-)2.986 F 1.562(suming lar)102 369 R
+1.562(ge amounts of memory)-.18 F 6.562(.I)-.65 G 4.062(ts)-6.562 G
+1.562(hould no longer be necessary with)-4.062 F F2(sendmail)4.062 E F1
+4.062(8.12. If)4.062 F(the)4.062 E F0 -.25(Fo)102 381 S(rkEachJ).25 E
+(ob)-.15 E F1 .246(option is not set,)2.746 F F2(sendmail)2.746 E F1
+.245(will k)2.745 F .245(eep track of hosts that are do)-.1 F .245
+(wn during a queue run,)-.25 F(which can impro)102 393 Q .3 -.15(ve p)
+-.15 H(erformance dramatically).15 E(.)-.65 E(If the)127 409.2 Q F0 -.25
+(Fo)2.5 G(rkEachJ).25 E(ob)-.15 E F1(option is set,)2.5 E F2(sendmail)
+2.5 E F1(cannot use connection caching.)2.5 E F0 2.5(4.3. Queue)87 433.2
+R(Priorities)2.5 E F1(Ev)127 449.4 Q 1.128(ery message is assigned a pr\
+iority when it is \214rst instantiated, consisting of the message)-.15 F
+.286(size \(in bytes\) of)102 461.4 R .286(fset by the message class \(\
+which is determined from the Precedence: header\) times)-.25 F .342
+(the \231w)102 473.4 R .342(ork class f)-.1 F .343
+(actor\232 and the number of recipients times the \231w)-.1 F .343
+(ork recipient f)-.1 F(actor)-.1 E 4.243 -.7(.\232 T)-.55 H .343
+(he priority).7 F .073(is used to order the queue.)102 485.4 R .073(Hig\
+her numbers for the priority mean that the message will be processed)
+5.073 F(later when running the queue.)102 497.4 Q .328
+(The message size is included so that lar)127 513.6 R .329
+(ge messages are penalized relati)-.18 F .629 -.15(ve t)-.25 H 2.829(os)
+.15 G .329(mall messages.)-2.829 F .285(The message class allo)102 525.6
+R .285(ws users to send \231high priority\232 messages by including a \
+\231Precedence:\232 \214eld)-.25 F .007(in their message; the v)102
+537.6 R .007(alue of this \214eld is look)-.25 F .008(ed up in the)-.1 F
+F0(P)2.508 E F1 .008(lines of the con\214guration \214le.)2.508 F .008
+(Since the)5.008 F 1.967(number of recipients af)102 549.6 R 1.967(fect\
+s the amount of load a message presents to the system, this is also)-.25
+F(included into the priority)102 561.6 Q(.)-.65 E .53
+(The recipient and class f)127 577.8 R .53
+(actors can be set in the con\214guration \214le using the)-.1 F F0
+(RecipientF)3.03 E(actor)-.25 E F1(\()102 589.8 Q F0(y)A F1 3.443(\)a)C
+(nd)-3.443 E F0(ClassF)3.443 E(actor)-.25 E F1(\()3.442 E F0(z)A F1
+3.442(\)o)C .942(ptions respecti)-3.442 F -.15(ve)-.25 G(ly).15 E 5.942
+(.T)-.65 G(he)-5.942 E 3.442(yd)-.15 G(ef)-3.442 E .942
+(ault to 30000 \(for the recipient f)-.1 F .942(actor\) and)-.1 F
+(1800 \(for the class f)102 601.8 Q 2.5(actor\). The)-.1 F
+(initial priority is:)2.5 E F2(pri)168.495 619.8 Q/F3 10/Symbol SF(=)
+3.16 E F2(msgsize)3.18 E F3(-)2.38 E F1(\()2.2 E F2(class).2 E F3<b4>
+2.47 E F0(ClassFactor\))2.2 E F3(+)2.2 E F1(\()2.2 E F2(nrcpt).36 E F3
+<b4>2.88 E F0(RecipientFactor\))2.2 E F1(\(Remember)102 637.8 Q 3.328
+(,h)-.4 G .828(igher v)-3.328 F .828(alues for this parameter actually \
+mean that the job will be treated with lo)-.25 F(wer)-.25 E(priority)102
+649.8 Q(.\))-.65 E 1.519(The priority of a job can also be adjusted eac\
+h time it is processed \(that is, each time an)127 666 R .235
+(attempt is made to deli)102 678 R -.15(ve)-.25 G 2.736(ri).15 G .236
+(t\) using the \231w)-2.736 F .236(ork time f)-.1 F(actor)-.1 E 1.636
+-.7(,\232 s)-.4 H .236(et by the).7 F F0(RetryF)2.736 E(actor)-.25 E F1
+(\()2.736 E F0(Z)A F1 2.736(\)o)C 2.736(ption. This)-2.736 F .367
+(is added to the priority)102 690 R 2.867(,s)-.65 G 2.867(oi)-2.867 G
+2.867(tn)-2.867 G .366
+(ormally decreases the precedence of the job, on the grounds that jobs)
+-2.867 F .137(that ha)102 702 R .437 -.15(ve f)-.2 H .137(ailed man).05
+F 2.637(yt)-.15 G .137(imes will tend to f)-2.637 F .137(ail ag)-.1 F
+.137(ain in the future.)-.05 F(The)5.137 E F0(RetryF)2.637 E(actor)-.25
+E F1 .137(option def)2.637 F .138(aults to)-.1 F(90000.)102 714 Q 0 Cg
+EP
%%Page: 31 27
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3331>195.86 E
-/F1 10/Times-Roman@0 SF 2.5<8a74>102 96 S
-<6861742069732c20746865206d65737361676520697320717565756564206966>-2.5 E
-<663a>-.25 E/F2 10/Times-Italic@0 SF<707269>252.26 119.41 Q F1<3e>3.16 E
-F0<5175657565466163746f72>14.305 -7 M F2<4c41>-65.825 14 M/F3 10/Symbol
-SF<2d>2.12 E F0<51756575654c41>1.85 E F3<2b>2.1 E F1<31>1.09 E .4 LW
-353.79 116.81 276.73 116.81 DL<546865>102 142.67 Q F0<517565756546>2.616
-E<6163746f72>-.25 E F1 .116<6f7074696f6e20646566>2.616 F .116<61756c7473
-20746f203630303030302c20736f206561636820706f696e74206f66206c6f61642061>
--.1 F -.15<7665>-.2 G .116<726167652069732077>.15 F .116
-<6f72746820363030303030207072696f72697479>-.1 F
-<706f696e747320286173206465736372696265642061626f>102 154.67 Q -.15
-<7665>-.15 G<292e>.15 E -.15<466f>127 170.87 S 3.893<7264>.15 G 1.393
-<7261737469632063617365732c20746865>-3.893 F F0<5265667573654c41>3.893 E
-F1<28>3.893 E F0<58>A F1 3.893<296f>C 1.394
-<7074696f6e2064658c6e65732061206c6f61642061>-3.893 F -.15<7665>-.2 G
-1.394<72616765206174207768696368>.15 F F2<73656e646d61696c>3.894 E F1
-<77696c6c>3.894 E .433<72656675736520746f20616363657074206e657477>102
-182.87 R .432<6f726b20636f6e6e656374696f6e732e>-.1 F .432<4c6f63616c6c79
-2067656e657261746564206d61696c2c20692e652e2c206d61696c207768696368206973
-206e6f74207375626d697474656420766961>5.432 F .317<534d54502028696e636c75
-64696e6720696e636f6d696e672055554350206d61696c292c206973207374696c6c2061
-636365707465642e>102 194.87 R .318<4e6f74696365207468617420746865204d53
-50207375626d697473206d61696c20746f20746865>5.317 F<4d54>102 206.87 Q
-3.214<4176>-.93 G .714<696120534d5450>-3.214 F 3.214<2c61>-1.11 G .713<
-6e642068656e6365206d61696c2077696c6c2062652071756575656420696e2074686520
-636c69656e7420717565756520696e2073756368206120636173652e>-3.214 F .713
-<5468657265666f7265206974206973>5.713 F<6e656365737361727920746f2072756e
-2074686520636c69656e74206d61696c20717565756520706572696f646963616c6c79>
-102 218.87 Q<2e>-.65 E F0 2.5<342e352e205265736f7572>87 242.87 R
-<6365204c696d697473>-.18 E F2<53656e646d61696c>127 259.07 Q F1 .807
-<686173207365>3.307 F -.15<7665>-.25 G .807<72616c20706172616d6574657273
-20746f20636f6e74726f6c207265736f757263652075736167652e>.15 F .808
-<426573696465732074686f7365206d656e74696f6e74656420696e20746865>5.808 F
-<707265>102 271.07 Q 8.476
-<76696f75732073656374696f6e2c20746865726520617265206174206c65617374>-.25
-F F0<4d61784461656d6f6e4368696c6472>10.975 E<656e>-.18 E F1<2c>A F0
-<436f6e6e656374696f6e52617465546872>10.975 E<6f74746c65>-.18 E F1<2c>A
-F0<4d617851756575654368696c6472>102 283.07 Q<656e>-.18 E F1 3.889<2c61>C
-<6e64>-3.889 E F0<4d617852756e6e65727350>3.889 E<65725175657565>-.2 E F1
-6.389<2e54>C 1.389<6865206c6174746572207477>-6.389 F 3.889<6f6c>-.1 G
-1.389<696d697420746865206e756d626572206f66>-3.889 F F2<73656e646d61696c>
-3.889 E F1 1.315<70726f6365737365732074686174206f706572617465206f6e2074
-68652071756575652e>102 295.07 R 1.315<5468657365206172652064697363757373
-656420696e207468652073656374696f6e2060>6.315 F 1.315
-<6051756575652047726f7570204465636c6172612d>-.74 F<74696f6e27>102 307.07
-Q 2.712<272e20546865>-.74 F .212<666f726d6572207477>2.712 F 2.712<6f63>
--.1 G .212<616e206265207573656420746f206c696d697420746865206e756d626572
-206f6620696e636f6d696e6720636f6e6e656374696f6e732e>-2.712 F .212
-<546865697220617070726f707269617465>5.212 F -.25<7661>102 319.07 S .062<
-6c75657320646570656e64206f6e2074686520686f7374206f7065726174696e67207379
-7374656d20616e6420746865206861726477>.25 F .062
-<6172652c20652e672e2c20616d6f756e74206f66206d656d6f7279>-.1 F 5.062
-<2e49>-.65 G 2.561<6e6d>-5.062 G<616e>-2.561 E 2.561<7973>-.15 G<69742d>
--2.561 E 1.082<756174696f6e73206974206d696768742062652075736566756c2074
-6f20736574206c696d69747320746f20707265>102 331.07 R -.15<7665>-.25 G
-1.082<6e7420746f206861>.15 F 1.382 -.15<76652074>-.2 H 1.082
-<6f6f206d616e>.15 F<79>-.15 E F2<73656e646d61696c>3.582 E F1 1.082
-<70726f6365737365732c20686f>3.582 F<7765>-.25 E -.15<7665>-.25 G -.4
-<722c>.15 G .652<7468657365206c696d6974732063616e206265206162>102 343.07
-R .652<7573656420746f206d6f756e7420612064656e69616c206f6620736572766963
-652061747461636b2e>-.2 F -.15<466f>5.652 G 3.152<7265>.15 G .652
-<78616d706c652c206966>-3.302 F F0<4d61784461656d6f6e4368696c2d>3.152 E
-<6472>102 355.07 Q<656e3d3130>-.18 E F1 .9<7468656e20616e2061747461636b>
-3.4 F .901<6572206e6565647320746f206f70656e206f6e6c7920313020534d545020
-73657373696f6e7320746f207468652073657276>-.1 F<6572>-.15 E 3.401<2c6c>
--.4 G<6561>-3.401 E 1.201 -.15<76652074>-.2 H .901
-<68656d2069646c6520666f72>.15 F .591<6d6f7374206f66207468652074696d652c
-20616e64206e6f206d6f726520636f6e6e656374696f6e732077696c6c20626520616363
-65707465642e>102 367.07 R .591<49662074686973206f7074696f6e206973207365
-74207468656e207468652074696d656f757473>5.591 F 1.187
-<7573656420696e206120534d54502073657373696f6e2073686f756c64206265206c6f>
-102 379.07 R 1.187<77657265642066726f6d20746865697220646566>-.25 F 1.187
-<61756c742076>-.1 F 1.187
-<616c75657320746f207468656972206d696e696d756d2076>-.25 F 1.187
-<616c756573206173>-.25 F<73706563698c656420696e20524643203238323120616e
-64206c697374656420696e2073656374696f6e20342e312e322e>102 391.07 Q F0 2.5
-<342e362e204d6561737572>87 415.07 R
-<657320616761696e73742044656e69616c206f6620536572>-.18 E
-<766963652041747461636b73>-.1 E F2<53656e646d61696c>127 431.27 Q F1
-1.674<68617320736f6d652062>4.174 F 1.674
-<75696c742d696e206d65617375726573206167>-.2 F 1.673<61696e73742073696d70
-6c652064656e69616c206f6620736572766963652028446f53292061747461636b732e>
--.05 F<546865>6.673 E .913<534d54502073657276>102 443.27 R .913
-<657220627920646566>-.15 F .913<61756c7420736c6f>-.1 F .913<777320646f>
--.25 F .913<776e20696620746f6f206d616e>-.25 F 3.413<7962>-.15 G .913<61
-6420636f6d6d616e64732061726520697373756564206f7220696620736f6d6520636f6d
-6d616e6473>-3.413 F .034<61726520726570656174656420746f6f206f6674656e20
-77697468696e20612073657373696f6e2e>102 455.27 R .033<44657461696c732063
-616e20626520666f756e6420696e2074686520736f75726365208c6c65>5.033 F F0
-<73656e646d61696c2f7372>2.533 E<7672736d74702e63>-.1 E F1 2.169<6279206c
-6f6f6b696e6720666f7220746865206d6163726f2064658c6e6974696f6e73206f66>102
-467.27 R F0<4d415842>4.669 E<4144434f4d4d414e4453>-.3 E F1<2c>A F0
-<4d41584e4f4f50434f4d4d414e4453>4.669 E F1<2c>A F0
-<4d415848454c4f434f4d4d414e4453>102 479.27 Q F1<2c>A F0
-<4d415856524659434f4d4d414e4453>4.414 E F1 4.414<2c61>C<6e64>-4.414 E F0
-<4d41584554524e434f4d4d414e4453>4.414 E F1 6.914<2e49>C 4.414<6661>
--6.914 G<6e>-4.414 E .462<534d545020636f6d6d616e642069732069737375656420
-6d6f7265206f6674656e207468616e2074686520636f72726573706f6e64696e67>102
-491.27 R F0<4d4158636d64434f4d4d414e4453>2.962 E F1 -.25<7661>2.962 G
-.462<6c75652c207468656e>.25 F .217
-<74686520726573706f6e73652069732064656c617965642065>102 503.27 R
-<78706f6e656e7469616c6c79>-.15 E 2.717<2c73>-.65 G .216<74617274696e6720
-77697468206120736c6565702074696d65206f66206f6e65207365636f6e642c20757020
-746f2061206d6178696d756d206f66>-2.717 F 1.687
-<666f7572206d696e75746573202861732064658c6e6564206279>102 515.27 R F0
-<4d415854494d454f5554>4.187 E F1 4.187<292e204966>B 1.687
-<746865206f7074696f6e>4.187 F F0<4d61784461656d6f6e4368696c6472>4.187 E
-<656e>-.18 E F1 1.687<69732073657420746f2061>4.187 F -.25<7661>102
-527.27 S .735<6c75652067726561746572207468616e207a65726f2c207468656e2074
-68697320636f756c64206d616b>.25 F 3.235<656144>-.1 G .735
-<6f532061747461636b2065>-3.235 F -.15<7665>-.25 G 3.235<6e77>.15 G .734
-<6f7273652073696e6365206974206b>-3.335 F .734
-<65657073206120636f6e6e656374696f6e>-.1 F .867
-<6f70656e206c6f6e676572207468616e206e6563657373617279>102 539.27 R 5.867
-<2e54>-.65 G .867<68657265666f7265206120636f6e6e656374696f6e206973207465
-726d696e61746564207769746820612034323120534d5450207265706c7920636f646520
-6966>-5.867 F .57<746865206e756d626572206f6620636f6d6d616e64732065>102
-551.27 R .57<78636565647320746865206c696d697420627920612066>-.15 F .57
-<6163746f72206f66207477>-.1 F 3.07<6f61>-.1 G<6e64>-3.07 E F0<4d415842>
-3.07 E<4144434f4d4d414e4453>-.3 E F1 .57<697320736574>3.07 F
-<746f20612076>102 563.27 Q
-<616c75652067726561746572207468616e207a65726f202874686520646566>-.25 E
-<61756c74206973203235292e>-.1 E F0 2.5<342e372e2044656c69>87 587.27 R
--.1<7665>-.1 G<7279204d6f6465>.1 E F1 .253
-<5468657265206172652061206e756d626572206f662064656c69>127 603.47 R -.15
-<7665>-.25 G .253<7279206d6f6465732074686174>.15 F F2<73656e646d61696c>
-2.753 E F1 .254<63616e206f70657261746520696e2c2073657420627920746865>
-2.753 F F0<44656c69>2.754 E -.1<7665>-.1 G<72794d6f6465>.1 E F1<28>102
-615.47 Q F0<64>A F1 3.599<2963>C 1.099
-<6f6e8c6775726174696f6e206f7074696f6e2e>-3.599 F 1.099
-<5468657365206d6f646573207370656369667920686f>6.099 F 3.598<7771>-.25 G
-1.098<7569636b6c79206d61696c2077696c6c2062652064656c69>-3.598 F -.15
-<7665>-.25 G 3.598<7265642e204c65>.15 F -.05<6761>-.15 G 3.598<6c6d>.05
-G<6f646573>-3.598 E<6172653a>102 627.47 Q 17.22<6964>142 643.67 S
-<656c69>-17.22 E -.15<7665>-.25 G 2.5<7269>.15 G<6e74657261637469>-2.5 E
--.15<7665>-.25 G<6c79202873796e6368726f6e6f75736c7929>.15 E 15<6264>142
-655.67 S<656c69>-15 E -.15<7665>-.25 G 2.5<7269>.15 G 2.5<6e62>-2.5 G
-<61636b67726f756e6420286173796e6368726f6e6f75736c7929>-2.5 E 15<7171>142
-667.67 S<75657565206f6e6c792028646f6e27>-15 E 2.5<7464>-.18 G<656c69>
--2.5 E -.15<7665>-.25 G<7229>.15 E 15<6464>142 679.67 S
-<656665722064656c69>-15 E -.15<7665>-.25 G
-<727920617474656d7074732028646f6e27>.15 E 2.5<7464>-.18 G<656c69>-2.5 E
--.15<7665>-.25 G<7229>.15 E 1.273<5468657265206172652074726164656f66>102
-695.87 R 3.773<66732e204d6f6465>-.25 F 1.273<99699a206769>3.773 F -.15
-<7665>-.25 G 3.773<7374>.15 G 1.273
-<68652073656e6465722074686520717569636b>-3.773 F 1.273
-<65737420666565646261636b2c2062>-.1 F 1.274<7574206d617920736c6f>-.2 F
-3.774<7764>-.25 G -.25<6f77>-3.774 G 3.774<6e73>.25 G<6f6d65>-3.774 E
-.799<6d61696c65727320616e6420697320686172646c792065>102 707.87 R -.15
-<7665>-.25 G 3.299<726e>.15 G<6563657373617279>-3.299 E 5.799<2e4d>-.65
-G .799<6f64652099629a2064656c69>-5.799 F -.15<7665>-.25 G .799
-<72732070726f6d70746c792062>.15 F .798<75742063616e206361757365206c6172>
--.2 F .798<6765206e756d62657273206f66>-.18 F .223
-<70726f63657373657320696620796f75206861>102 719.87 R .524 -.15
-<76652061206d>-.2 H .224<61696c657220746861742074616b>.15 F .224
-<65732061206c6f6e672074696d6520746f2064656c69>-.1 F -.15<7665>-.25 G
-2.724<72616d>.15 G 2.724<6573736167652e204d6f6465>-2.724 F .224
-<99719a206d696e696d697a657320746865>2.724 F 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-31)195.86 E 2.5(4.4. Load)87 96 R(Limiting)2.5 E/F1 10
+/Times-Italic@0 SF(Sendmail)127 112.2 Q/F2 10/Times-Roman@0 SF .102
+(can be ask)2.602 F .101(ed to queue \(b)-.1 F .101(ut not deli)-.2 F
+-.15(ve)-.25 G .101(r\) mail if the system load a).15 F -.15(ve)-.2 G
+.101(rage gets too high).15 F .483(using the)102 124.2 R F0(QueueLA)
+2.983 E F2(\()2.983 E F0(x)A F2 2.983(\)o)C 2.983(ption. When)-2.983 F
+.483(the load a)2.983 F -.15(ve)-.2 G .483(rage e).15 F .483
+(xceeds the v)-.15 F .484(alue of the)-.25 F F0(QueueLA)2.984 E F2
+(option,)2.984 E .532(the deli)102 136.2 R -.15(ve)-.25 G .532
+(ry mode is set to).15 F F0(q)3.032 E F2 .532(\(queue only\) if the)
+3.032 F F0(QueueF)3.032 E(actor)-.25 E F2(\()3.032 E F0(q)A F2 3.032
+(\)o)C .531(ption di)-3.032 F .531(vided by the dif)-.25 F(ference)-.25
+E .01(in the current load a)102 148.2 R -.15(ve)-.2 G .01(rage and the)
+.15 F F0(QueueLA)2.51 E F2 .01
+(option plus one is less than the priority of the message)2.51 F 2.5
+<8a74>102 160.2 S(hat is, the message is queued if)-2.5 E(f:)-.25 E F1
+(pri)251.425 183.61 Q F2(>)3.16 E F0(QueueFactor)15.315 -7 M F1(LA)
+-66.835 14 M/F3 10/Symbol SF(-)2.23 E F0(QueueLA)2.2 E F3(+)2.2 E F2(1)
+2.2 E .4 LW 354.625 181.01 275.895 181.01 DL(The)102 206.87 Q F0(QueueF)
+2.616 E(actor)-.25 E F2 .116(option def)2.616 F .116
+(aults to 600000, so each point of load a)-.1 F -.15(ve)-.2 G .116
+(rage is w).15 F .116(orth 600000 priority)-.1 F
+(points \(as described abo)102 218.87 Q -.15(ve)-.15 G(\).).15 E -.15
+(Fo)127 235.07 S 3.893(rd).15 G 1.393(rastic cases, the)-3.893 F F0
+(RefuseLA)3.893 E F2(\()3.893 E F0(X)A F2 3.893(\)o)C 1.394
+(ption de\214nes a load a)-3.893 F -.15(ve)-.2 G 1.394(rage at which).15
+F F1(sendmail)3.894 E F2(will)3.894 E .433(refuse to accept netw)102
+247.07 R .432(ork connections.)-.1 F .432
+(Locally generated mail, i.e., mail which is not submitted via)5.432 F
+.317(SMTP \(including incoming UUCP mail\), is still accepted.)102
+259.07 R .318(Notice that the MSP submits mail to the)5.317 F(MT)102
+271.07 Q 3.214(Av)-.93 G .714(ia SMTP)-3.214 F 3.214(,a)-1.11 G .713
+(nd hence mail will be queued in the client queue in such a case.)-3.214
+F .713(Therefore it is)5.713 F
+(necessary to run the client mail queue periodically)102 283.07 Q(.)-.65
+E F0 2.5(4.5. Resour)87 307.07 R(ce Limits)-.18 E F1(Sendmail)127 323.27
+Q F2 1.039(has se)3.539 F -.15(ve)-.25 G 1.039
+(ral parameters to control resource usage.).15 F 1.039
+(Besides those mentioned in the)6.039 F(pre)102 335.27 Q 8.476
+(vious section, there are at least)-.25 F F0(MaxDaemonChildr)10.975 E
+(en)-.18 E F2(,)A F0(ConnectionRateThr)10.975 E(ottle)-.18 E F2(,)A F0
+(MaxQueueChildr)102 347.27 Q(en)-.18 E F2 3.889(,a)C(nd)-3.889 E F0
+(MaxRunnersP)3.889 E(erQueue)-.2 E F2 6.389(.T)C 1.389(he latter tw)
+-6.389 F 3.889(ol)-.1 G 1.389(imit the number of)-3.889 F F1(sendmail)
+3.889 E F2 1.315(processes that operate on the queue.)102 359.27 R 1.315
+(These are discussed in the section `)6.315 F 1.315
+(`Queue Group Declara-)-.74 F(tion')102 371.27 Q 2.712('. The)-.74 F
+.212(former tw)2.712 F 2.712(oc)-.1 G .212
+(an be used to limit the number of incoming connections.)-2.712 F .212
+(Their appropriate)5.212 F -.25(va)102 383.27 S .062
+(lues depend on the host operating system and the hardw).25 F .062
+(are, e.g., amount of memory)-.1 F 5.062(.I)-.65 G 2.561(nm)-5.062 G(an)
+-2.561 E 2.561(ys)-.15 G(it-)-2.561 E 1.082
+(uations it might be useful to set limits to pre)102 395.27 R -.15(ve)
+-.25 G 1.082(nt to ha).15 F 1.382 -.15(ve t)-.2 H 1.082(oo man).15 F(y)
+-.15 E F1(sendmail)3.582 E F2 1.082(processes, ho)3.582 F(we)-.25 E -.15
+(ve)-.25 G -.4(r,).15 G .652(these limits can be ab)102 407.27 R .652
+(used to mount a denial of service attack.)-.2 F -.15(Fo)5.652 G 3.152
+(re).15 G .652(xample, if)-3.302 F F0(MaxDaemonChil-)3.152 E(dr)102
+419.27 Q(en=10)-.18 E F2 .9(then an attack)3.4 F .901
+(er needs to open only 10 SMTP sessions to the serv)-.1 F(er)-.15 E
+3.401(,l)-.4 G(ea)-3.401 E 1.201 -.15(ve t)-.2 H .901(hem idle for).15 F
+.591(most of the time, and no more connections will be accepted.)102
+431.27 R .591(If this option is set then the timeouts)5.591 F 1.187
+(used in a SMTP session should be lo)102 443.27 R 1.187
+(wered from their def)-.25 F 1.187(ault v)-.1 F 1.187
+(alues to their minimum v)-.25 F 1.187(alues as)-.25 F
+(speci\214ed in RFC 2821 and listed in section 4.1.2.)102 455.27 Q F0
+2.5(4.6. Measur)87 479.27 R(es against Denial of Ser)-.18 E
+(vice Attacks)-.1 E F1(Sendmail)127 495.47 Q F2 1.674(has some b)4.174 F
+1.674(uilt-in measures ag)-.2 F 1.673
+(ainst simple denial of service \(DoS\) attacks.)-.05 F(The)6.673 E .913
+(SMTP serv)102 507.47 R .913(er by def)-.15 F .913(ault slo)-.1 F .913
+(ws do)-.25 F .913(wn if too man)-.25 F 3.413(yb)-.15 G .913
+(ad commands are issued or if some commands)-3.413 F .034
+(are repeated too often within a session.)102 519.47 R .033
+(Details can be found in the source \214le)5.033 F F0(sendmail/sr)2.533
+E(vrsmtp.c)-.1 E F2 2.169(by looking for the macro de\214nitions of)102
+531.47 R F0(MAXB)4.669 E(ADCOMMANDS)-.3 E F2(,)A F0(MAXNOOPCOMMANDS)
+4.669 E F2(,)A F0(MAXHELOCOMMANDS)102 543.47 Q F2(,)A F0
+(MAXVRFYCOMMANDS)4.414 E F2 4.414(,a)C(nd)-4.414 E F0(MAXETRNCOMMANDS)
+4.414 E F2 6.914(.I)C 4.414(fa)-6.914 G(n)-4.414 E .462
+(SMTP command is issued more often than the corresponding)102 555.47 R
+F0(MAXcmdCOMMANDS)2.962 E F2 -.25(va)2.962 G .462(lue, then).25 F .217
+(the response is delayed e)102 567.47 R(xponentially)-.15 E 2.717(,s)
+-.65 G .216(tarting with a sleep time of one second, up to a maximum of)
+-2.717 F 1.687(four minutes \(as de\214ned by)102 579.47 R F0
+(MAXTIMEOUT)4.187 E F2 4.187(\). If)B 1.687(the option)4.187 F F0
+(MaxDaemonChildr)4.187 E(en)-.18 E F2 1.687(is set to a)4.187 F -.25(va)
+102 591.47 S .735(lue greater than zero, then this could mak).25 F 3.235
+(eaD)-.1 G .735(oS attack e)-3.235 F -.15(ve)-.25 G 3.235(nw).15 G .734
+(orse since it k)-3.335 F .734(eeps a connection)-.1 F .867
+(open longer than necessary)102 603.47 R 5.867(.T)-.65 G .867
+(herefore a connection is terminated with a 421 SMTP reply code if)
+-5.867 F .57(the number of commands e)102 615.47 R .57
+(xceeds the limit by a f)-.15 F .57(actor of tw)-.1 F 3.07(oa)-.1 G(nd)
+-3.07 E F0(MAXB)3.07 E(ADCOMMANDS)-.3 E F2 .57(is set)3.07 F(to a v)102
+627.47 Q(alue greater than zero \(the def)-.25 E(ault is 25\).)-.1 E F0
+2.5(4.7. Deli)87 651.47 R -.1(ve)-.1 G(ry Mode).1 E F2 .253
+(There are a number of deli)127 667.67 R -.15(ve)-.25 G .253
+(ry modes that).15 F F1(sendmail)2.753 E F2 .254
+(can operate in, set by the)2.753 F F0(Deli)2.754 E -.1(ve)-.1 G(ryMode)
+.1 E F2(\()102 679.67 Q F0(d)A F2 3.599(\)c)C 1.099
+(on\214guration option.)-3.599 F 1.099(These modes specify ho)6.099 F
+3.598(wq)-.25 G 1.098(uickly mail will be deli)-3.598 F -.15(ve)-.25 G
+3.598(red. Le).15 F -.05(ga)-.15 G 3.598(lm).05 G(odes)-3.598 E(are:)102
+691.67 Q 0 Cg EP
%%Page: 32 28
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d33322053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .597
-<6c6f6164206f6e20796f7572206d616368696e652c2062>102 96 R .597
-<7574206d65616e7320746861742064656c69>-.2 F -.15<7665>-.25 G .596<727920
-6d61792062652064656c6179656420666f7220757020746f207468652071756575652069
-6e74657276>.15 F 3.096<616c2e204d6f6465>-.25 F .36
-<99649a206973206964656e746963616c20746f206d6f64652099719a2065>102 108 R
-.36<7863657074207468617420697420616c736f20707265>-.15 F -.15<7665>-.25 G
-.36<6e7473206c6f6f6b75707320696e206d61707320696e636c7564696e6720746865>
-.15 F F0<2d44>2.86 E F1 .36<8d61672066726f6d>2.86 F -.1<776f>102 120 S
-2.076<726b696e6720647572696e672074686520696e697469616c207175657565207068
-6173653b20697420697320696e74656e64656420666f722060>.1 F 2.075
-<606469616c206f6e2064656d616e6427>-.74 F 4.575<2773>-.74 G 2.075
-<6974657320776865726520444e53>-4.575 F .318
-<6c6f6f6b757073206d6967687420636f7374207265616c206d6f6e65>102 132 R
-4.118 -.65<792e2053>-.15 H .319<6f6d652073696d706c65206572726f72206d6573
-73616765732028652e672e2c20686f737420756e6b6e6f>.65 F .319
-<776e20647572696e672074686520534d5450>-.25 F<70726f746f636f6c292077696c
-6c2062652064656c61796564207573696e672074686973206d6f64652e>102 144 Q
-<4d6f64652099629a2069732074686520757375616c20646566>5 E<61756c742e>-.1 E
-.052<496620796f752072756e20696e206d6f64652099719a20287175657565206f6e6c
-79292c2099649a20286465666572292c206f722099629a202864656c69>127 160.2 R
--.15<7665>-.25 G 2.552<7269>.15 G 2.552<6e62>-2.552 G
-<61636b67726f756e6429>-2.552 E/F2 10/Times-Italic@0 SF<73656e646d61696c>
-2.551 E F1<77696c6c>2.551 E 1.391<6e6f742065>102 172.2 R 1.392
-<7870616e6420616c696173657320616e6420666f6c6c6f>-.15 F 3.892<772e>-.25 G
-<666f7277>-3.892 E 1.392<617264208c6c65732075706f6e20696e697469616c2072
-656365697074206f6620746865206d61696c2e>-.1 F 1.392
-<546869732073706565647320757020746865>6.392 F
-<726573706f6e736520746f205243505420636f6d6d616e64732e>102 184.2 Q<4d6f64
-652099699a2073686f756c64206e6f7420626520757365642062792074686520534d5450
-2073657276>5 E<6572>-.15 E<2e>-.55 E F0 2.5<342e382e204c6f67>87 208.2 R
-<4c65>2.5 E -.1<7665>-.15 G<6c>.1 E F1 .19<546865206c65>127 224.4 R -.15
-<7665>-.25 G 2.69<6c6f>.15 G 2.69<666c>-2.69 G .19
-<6f6767696e672063616e2062652073657420666f72>-2.69 F F2<73656e646d61696c>
-2.689 E F1 5.189<2e54>C .189<686520646566>-5.189 F .189<61756c7420757369
-6e672061207374616e6461726420636f6e8c6775726174696f6e207461626c65>-.1 F
-<6973206c65>102 236.4 Q -.15<7665>-.25 G 2.5<6c39>.15 G 5<2e54>-2.5 G
-<6865206c65>-5 E -.15<7665>-.25 G<6c732061726520617320666f6c6c6f>.15 E
-<77733a>-.25 E 31<304d>102 252.6 S<696e696d616c206c6f6767696e672e>-31 E
-31<3153>102 268.8 S<6572696f75732073797374656d2066>-31 E<61696c75726573
-20616e6420706f74656e7469616c2073656375726974792070726f626c656d732e>-.1 E
-31<324c>102 285 S<6f737420636f6d6d756e69636174696f6e7320286e657477>-31 E
-<6f726b2070726f626c656d732920616e642070726f746f636f6c2066>-.1 E
-<61696c757265732e>-.1 E 31<334f>102 301.2 S 1.237
-<7468657220736572696f75732066>-31 F 1.237<61696c757265732c206d616c666f72
-6d6564206164647265737365732c207472616e7369656e7420666f7277>-.1 F 1.238
-<6172642f696e636c756465206572726f72732c20636f6e6e656374696f6e>-.1 F
-<74696d656f7574732e>138 313.2 Q 31<344d>102 329.4 S<696e6f722066>-31 E<
-61696c757265732c206f7574206f66206461746520616c69617320646174616261736573
-2c20636f6e6e656374696f6e2072656a656374696f6e732076696120636865636b5f2072
-756c65736574732e>-.1 E 31<354d>102 345.6 S
-<65737361676520636f6c6c656374696f6e20737461746973746963732e>-31 E 31
-<3643>102 361.8 S<72656174696f6e206f66206572726f72206d657373616765732c20
-5652465920616e64204558504e20636f6d6d616e64732e>-31 E 31<3744>102 378 S
-<656c69>-31 E -.15<7665>-.25 G<72792066>.15 E
-<61696c757265732028686f7374206f72207573657220756e6b6e6f>-.1 E
-<776e2c206574632e292e>-.25 E 31<3853>102 394.2 S
-<75636365737366756c2064656c69>-31 E -.15<7665>-.25 G
-<7269657320616e6420616c69617320646174616261736520726562>.15 E
-<75696c64732e>-.2 E 31<394d>102 410.4 S<65737361676573206265696e67206465
-666572726564202864756520746f206120686f7374206265696e6720646f>-31 E
-<776e2c206574632e292e>-.25 E 23.5<3130204461746162617365>102 426.6 R
--.15<6578>2.5 G<70616e73696f6e2028616c6961732c20666f7277>.15 E<6172642c
-20616e6420757365726462206c6f6f6b7570732920616e642061757468656e7469636174
-696f6e20696e666f726d6174696f6e2e>-.1 E 23.5<3131204e4953>102 442.8 R
-<6572726f727320616e6420656e64206f66206a6f622070726f63657373696e672e>2.5
-E 23.5<3132204c6f6773>102 459 R
-<616c6c20534d545020636f6e6e656374696f6e732e>2.5 E 23.5<3133204c6f67>102
-475.2 R<6261642075736572207368656c6c732c208c6c6573207769746820696d70726f
-706572207065726d697373696f6e732c20616e64206f74686572207175657374696f6e61
-626c6520736974756174696f6e732e>2.5 E 23.5<3134204c6f6773>102 491.4 R
-<7265667573656420636f6e6e656374696f6e732e>2.5 E 23.5<3135204c6f67>102
-507.6 R<616c6c20696e636f6d696e6720616e64206f7574676f696e6720534d54502063
-6f6d6d616e64732e>2.5 E 23.5<3230204c6f6773>102 523.8 R .603
-<617474656d70747320746f2072756e206c6f636b>3.103 F .603
-<6564207175657565208c6c65732e>-.1 F .603
-<546865736520617265206e6f74206572726f72732c2062>5.603 F .603
-<75742063616e2062652075736566756c20746f206e6f7465206966>-.2 F
-<796f7572207175657565206170706561727320746f20626520636c6f676765642e>138
-535.8 Q 23.5<3330204c6f7374>102 552 R<6c6f636b7320286f6e6c79206966207573
-696e67206c6f636b6620696e7374656164206f66208d6f636b292e>2.5 E
-<4164646974696f6e616c6c79>102 568.2 Q 2.716<2c76>-.65 G .216
-<616c7565732061626f>-2.966 F .516 -.15<76652036>-.15 H 2.716<3461>.15 G
-.216<726520726573657276>-2.716 F .216<656420666f722065>-.15 F .216
-<787472656d656c792076>-.15 F .216<6572626f736520646562>-.15 F .216
-<756767696e67206f75747075742e>-.2 F .217<4e6f206e6f726d616c2073697465>
-5.216 F -.1<776f>102 580.2 S<756c642065>.1 E -.15<7665>-.25 G 2.5<7273>
-.15 G<65742074686573652e>-2.5 E F0 2.5<342e392e2046696c65>87 604.2 R
-<4d6f646573>2.5 E F1 .264<546865206d6f646573207573656420666f72208c6c6573
-20646570656e64206f6e20776861742066756e6374696f6e616c69747920796f752077>
-127 620.4 R .264<616e7420616e6420746865206c65>-.1 F -.15<7665>-.25 G
-2.763<6c6f>.15 G 2.763<6673>-2.763 G .263<6563757269747920796f75>-2.763
-F 2.56<726571756972652e20496e>102 632.4 R<6d616e>2.56 E 2.56<7963>-.15 G
-<61736573>-2.56 E F2<73656e646d61696c>2.56 E F1 .061<646f65732063617265
-66756c20636865636b696e67206f6620746865206d6f646573206f66208c6c657320616e
-64206469726563746f7269657320746f2061>2.56 F -.2<766f>-.2 G<6964>.2 E
-1.336<6163636964656e74616c20636f6d70726f6d6973653b20696620796f752077>102
-644.4 R 1.336<616e7420746f206d616b>-.1 F 3.836<6569>-.1 G 3.836<7470>
--3.836 G 1.336<6f737369626c6520746f206861>-3.836 F 1.635 -.15<76652067>
--.2 H 1.335
-<726f75702d7772697461626c6520737570706f7274208c6c657320796f75>.15 F
-<6d6179206e65656420746f2075736520746865>102 656.4 Q F0
-<446f6e74426c616d6553656e646d61696c>2.5 E F1
-<6f7074696f6e20746f207475726e206f66>2.5 E 2.5<6673>-.25 G
-<6f6d65206f6620746865736520636865636b732e>-2.5 E F0 2.5
-<342e392e312e2054>102 680.4 R 2.5<6f73>-.92 G
-<756964206f72206e6f7420746f20737569643f>-2.5 E F2<53656e646d61696c>142
-696.6 Q F1 .162
-<6973206e6f206c6f6e67657220696e7374616c6c6564207365742d75736572>2.662 F
-.163<2d494420746f20726f6f742e>-.2 F .163
-<73656e646d61696c2f53454355524954592065>5.163 F .163
-<78706c61696e7320686f>-.15 F 2.663<7774>-.25 G<6f>-2.663 E .56
-<636f6e8c6775726520616e6420696e7374616c6c>117 708.6 R F2
-<73656e646d61696c>3.06 E F1 .559<776974686f7574207365742d75736572>3.059
-F .559<2d494420746f20726f6f742062>-.2 F .559
-<7574207365742d67726f75702d49442077686963682069732074686520646566>-.2 F
-<61756c74>-.1 E
-<636f6e8c6775726174696f6e207374617274696e67207769746820382e31322e>117
-720.6 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-32 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 17.22(id)
+142 96 S(eli)-17.22 E -.15(ve)-.25 G 2.5(ri).15 G(nteracti)-2.5 E -.15
+(ve)-.25 G(ly \(synchronously\)).15 E 15(bd)142 108 S(eli)-15 E -.15(ve)
+-.25 G 2.5(ri).15 G 2.5(nb)-2.5 G(ackground \(asynchronously\))-2.5 E 15
+(qq)142 120 S(ueue only \(don')-15 E 2.5(td)-.18 G(eli)-2.5 E -.15(ve)
+-.25 G(r\)).15 E 15(dd)142 132 S(efer deli)-15 E -.15(ve)-.25 G
+(ry attempts \(don').15 E 2.5(td)-.18 G(eli)-2.5 E -.15(ve)-.25 G(r\))
+.15 E 1.273(There are tradeof)102 148.2 R 3.773(fs. Mode)-.25 F 1.273
+(\231i\232 gi)3.773 F -.15(ve)-.25 G 3.773(st).15 G 1.273
+(he sender the quick)-3.773 F 1.273(est feedback, b)-.1 F 1.274
+(ut may slo)-.2 F 3.774(wd)-.25 G -.25(ow)-3.774 G 3.774(ns).25 G(ome)
+-3.774 E .799(mailers and is hardly e)102 160.2 R -.15(ve)-.25 G 3.299
+(rn).15 G(ecessary)-3.299 E 5.799(.M)-.65 G .799(ode \231b\232 deli)
+-5.799 F -.15(ve)-.25 G .799(rs promptly b).15 F .798(ut can cause lar)
+-.2 F .798(ge numbers of)-.18 F .223(processes if you ha)102 172.2 R
+.524 -.15(ve a m)-.2 H .224(ailer that tak).15 F .224
+(es a long time to deli)-.1 F -.15(ve)-.25 G 2.724(ram).15 G 2.724
+(essage. Mode)-2.724 F .224(\231q\232 minimizes the)2.724 F .597
+(load on your machine, b)102 184.2 R .597(ut means that deli)-.2 F -.15
+(ve)-.25 G .596(ry may be delayed for up to the queue interv).15 F 3.096
+(al. Mode)-.25 F .36(\231d\232 is identical to mode \231q\232 e)102
+196.2 R .36(xcept that it also pre)-.15 F -.15(ve)-.25 G .36
+(nts lookups in maps including the).15 F F0(-D)2.86 E F1 .36
+(\215ag from)2.86 F -.1(wo)102 208.2 S 2.076
+(rking during the initial queue phase; it is intended for `).1 F 2.075
+(`dial on demand')-.74 F 4.575('s)-.74 G 2.075(ites where DNS)-4.575 F
+.318(lookups might cost real mone)102 220.2 R 4.118 -.65(y. S)-.15 H
+.319(ome simple error messages \(e.g., host unkno).65 F .319
+(wn during the SMTP)-.25 F(protocol\) will be delayed using this mode.)
+102 232.2 Q(Mode \231b\232 is the usual def)5 E(ault.)-.1 E .052(If you\
+ run in mode \231q\232 \(queue only\), \231d\232 \(defer\), or \231b\
+\232 \(deli)127 248.4 R -.15(ve)-.25 G 2.552(ri).15 G 2.552(nb)-2.552 G
+(ackground\))-2.552 E/F2 10/Times-Italic@0 SF(sendmail)2.551 E F1(will)
+2.551 E 1.391(not e)102 260.4 R 1.392(xpand aliases and follo)-.15 F
+3.892(w.)-.25 G(forw)-3.892 E 1.392
+(ard \214les upon initial receipt of the mail.)-.1 F 1.392
+(This speeds up the)6.392 F(response to RCPT commands.)102 272.4 Q
+(Mode \231i\232 should not be used by the SMTP serv)5 E(er)-.15 E(.)-.55
+E F0 2.5(4.8. Log)87 296.4 R(Le)2.5 E -.1(ve)-.15 G(l).1 E F1 1.041
+(The le)127 312.6 R -.15(ve)-.25 G 3.541(lo).15 G 3.541(fl)-3.541 G
+1.041(ogging can be set for)-3.541 F F2(sendmail)3.541 E F1 6.041(.T)C
+1.041(he def)-6.041 F 1.04(ault using a standard con\214guration is)-.1
+F(le)102 324.6 Q -.15(ve)-.25 G 2.622(l9).15 G 5.122(.T)-2.622 G .122
+(he le)-5.122 F -.15(ve)-.25 G .122(ls are approximately as follo).15 F
+.122(ws \(some log types are using dif)-.25 F .122(ferent le)-.25 F -.15
+(ve)-.25 G 2.622(ld).15 G(epending)-2.622 E(on v)102 336.6 Q(arious f)
+-.25 E(actors\):)-.1 E 31(0M)102 352.8 S(inimal logging.)-31 E 31(1S)102
+369 S(erious system f)-31 E(ailures and potential security problems.)-.1
+E 31(2L)102 385.2 S(ost communications \(netw)-31 E
+(ork problems\) and protocol f)-.1 E(ailures.)-.1 E 31(3O)102 401.4 S
+1.238(ther serious f)-31 F 1.238
+(ailures, malformed addresses, transient forw)-.1 F 1.237
+(ard/include errors, connection)-.1 F(timeouts.)138 413.4 Q 31(4M)102
+429.6 S(inor f)-31 E(ailures, out of date alias databases, connection r\
+ejections via check_ rulesets.)-.1 E 31(5M)102 445.8 S
+(essage collection statistics.)-31 E 31(6C)102 462 S
+(reation of error messages, VRFY and EXPN commands.)-31 E 31(7D)102
+478.2 S(eli)-31 E -.15(ve)-.25 G(ry f).15 E
+(ailures \(host or user unkno)-.1 E(wn, etc.\).)-.25 E 31(8S)102 494.4 S
+(uccessful deli)-31 E -.15(ve)-.25 G(ries and alias database reb).15 E
+(uilds.)-.2 E 31(9M)102 510.6 S
+(essages being deferred \(due to a host being do)-31 E(wn, etc.\).)-.25
+E 23.5(10 Database)102 526.8 R -.15(ex)2.5 G(pansion \(alias, forw).15 E
+(ard, and userdb lookups\) and authentication information.)-.1 E 23.5
+(11 NIS)102 543 R(errors and end of job processing.)2.5 E 23.5(12 Logs)
+102 559.2 R(all SMTP connections.)2.5 E 23.5(13 Log)102 575.4 R(bad use\
+r shells, \214les with improper permissions, and other questionable sit\
+uations.)2.5 E 23.5(14 Logs)102 591.6 R(refused connections.)2.5 E 23.5
+(15 Log)102 607.8 R(all incoming SMTP commands.)2.5 E 23.5(20 Logs)102
+624 R .603(attempts to run lock)3.102 F .603(ed queue \214les.)-.1 F
+.603(These are not errors, b)5.603 F .603(ut can be useful to note if)
+-.2 F(your queue appears to be clogged.)138 636 Q 23.5(30 Lost)102 652.2
+R(locks \(only if using lockf instead of \215ock\).)2.5 E(Additionally)
+102 668.4 Q 2.717(,v)-.65 G .217(alues abo)-2.967 F .516 -.15(ve 6)-.15
+H 2.716(4a).15 G .216(re reserv)-2.716 F .216(ed for e)-.15 F .216
+(xtremely v)-.15 F .216(erbose deb)-.15 F .216(ugging output.)-.2 F .216
+(No normal site)5.216 F -.1(wo)102 680.4 S(uld e).1 E -.15(ve)-.25 G 2.5
+(rs).15 G(et these.)-2.5 E 0 Cg EP
%%Page: 33 29
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3333>195.86 E
-/F1 10/Times-Roman@0 SF 1.286<546865206461656d6f6e20757375616c6c79207275
-6e7320617320726f6f742c20756e6c657373206f74686572206d65617375726573206172
-652074616b>142 96 R 3.786<656e2e204174>-.1 F 1.286
-<74686520706f696e74207768657265>3.786 F/F2 10/Times-Italic@0 SF
-<73656e646d61696c>117 108 Q F1 .495<69732061626f757420746f>2.995 F F2
--.2<6578>2.995 G<6563>.2 E F1 .495<2832292061206d61696c6572>1.666 F
-2.995<2c69>-.4 G 2.995<7463>-2.995 G .495<6865636b7320746f20736565206966
-2074686520757365726964206973207a65726f2028726f6f74293b20696620736f2c2069
-7420726573657473>-2.995 F .333
-<7468652075736572696420616e642067726f7570696420746f206120646566>117 120
-R .333<61756c74202873657420627920746865>-.1 F F0<553d>2.833 E F1 .334<65
-717561746520696e20746865206d61696c6572206c696e653b2069662074686174206973
-206e6f74207365742c20746865>2.833 F F0<44656661756c7455736572>117 132 Q
-F1 .122<6f7074696f6e2069732075736564292e>2.622 F .122
-<546869732063616e206265206f>5.122 F -.15<7665>-.15 G .122
-<7272696464656e2062792073657474696e6720746865>.15 F F0<53>2.622 E F1
-.121<8d616720746f20746865206d61696c657220666f72206d61696c2d>2.622 F .804
-<657273207468617420617265207472757374656420616e64206d757374206265206361
-6c6c656420617320726f6f742e>117 144 R<486f>5.804 E<7765>-.25 E -.15<7665>
--.25 G 1.604 -.4<722c2074>.15 H .804<6869732077696c6c206361757365206d61
-696c2070726f63657373696e6720746f206265>.4 F
-<6163636f756e74656420287573696e67>117 156 Q F2<7361>2.5 E F1<2838292920
-746f20726f6f7420726174686572207468616e20746f2074686520757365722073656e64
-696e6720746865206d61696c2e>1.666 E 3.558<416d>142 172.2 S 1.057
-<6964646c652067726f756e6420697320746f2073657420746865>-3.558 F F0
-<52756e417355736572>3.557 E F1 3.557<6f7074696f6e2e2054686973>3.557 F
-<636175736573>3.557 E F2<73656e646d61696c>3.557 E F1 1.057
-<746f206265636f6d6520746865>3.557 F .392<696e64696361746564207573657220
-617320736f6f6e2061732069742068617320646f6e652074686520737461727475702074
-68617420726571756972657320726f6f7420707269>117 184.2 R<76696c65>-.25 E
-.392<67657320287072696d6172696c79>-.15 F 2.892<2c6f>-.65 G<70656e696e67>
--2.892 E<746865>117 196.2 Q/F3 9/Times-Roman@0 SF<534d5450>3.742 E F1
-<736f636b>3.741 E 3.741<6574292e204966>-.1 F 1.241<796f7520757365>3.741
-F F0<52756e417355736572>3.741 E F1 3.741<2c74>C 1.241
-<6865207175657565206469726563746f727920286e6f726d616c6c79>-3.741 F F2
-<2f7661722f73706f6f6c2f6d7175657565>3.741 E F1<29>A 1.314
-<73686f756c64206265206f>117 208.2 R 1.314
-<776e656420627920746861742075736572>-.25 F 3.815<2c61>-.4 G 1.315<6e6420
-616c6c208c6c657320616e64206461746162617365732028696e636c7564696e67207573
-6572>-3.815 F F2<2e666f72776172>3.815 E<64>-.37 E F1 1.315
-<8c6c65732c20616c696173>3.815 F .257
-<8c6c65732c203a696e636c7564653a208c6c65732c20616e642065>117 220.2 R .256
-<787465726e616c2064617461626173657329206d757374206265207265616461626c65
-20627920746861742075736572>-.15 F 5.256<2e41>-.55 G .256
-<6c736f2c2073696e63652073656e646d61696c>-5.256 F .836<77696c6c206e6f7420
-62652061626c6520746f206368616e676520697473207569642c2064656c69>117 232.2
-R -.15<7665>-.25 G .836
-<727920746f2070726f6772616d73206f72208c6c65732077696c6c206265206d61726b>
-.15 F .837<656420617320756e736166652c20652e672e2c>-.1 F<756e64656c69>117
-244.2 Q -.15<7665>-.25 G .815<7261626c652c20696e>.15 F F2
-<2e666f72776172>3.315 E<64>-.37 E F1 3.314<2c61>C .814
-<6c69617365732c20616e64203a696e636c7564653a208c6c65732e>-3.314 F .814
-<41646d696e6973747261746f72732063616e206f>5.814 F -.15<7665>-.15 G .814
-<72726964652074686973206279207365742d>.15 F .7<74696e6720746865>117
-256.2 R F0<446f6e74426c616d6553656e646d61696c>3.2 E F1 .7
-<6f7074696f6e20746f207468652073657474696e67>3.2 F F0
-<4e6f6e526f6f745361666541646472>3.2 E F1<2e>A F0<52756e417355736572>5.7
-E F1 .7<69732070726f62612d>3.2 F 1.186
-<626c7920626573742073756974656420666f72208c7265>117 268.2 R -.1<7761>
--.25 G 1.186<6c6c20636f6e8c6775726174696f6e73207468617420646f6e27>.1 F
-3.686<7468>-.18 G -2.25 -.2<61762065>-3.686 H<7265>3.886 E 1.186
-<67756c61722075736572206c6f67696e732e>-.15 F 1.186
-<496620746865206f7074696f6e206973>6.186 F 1.442<75736564206f6e2061207379
-7374656d20776869636820706572666f726d73206c6f63616c2064656c69>117 280.2 R
--.15<7665>-.25 G<7279>.15 E 3.943<2c74>-.65 G 1.443
-<68656e20746865206c6f63616c2064656c69>-3.943 F -.15<7665>-.25 G 1.443
-<7279206167656e74206d757374206861>.15 F 1.743 -.15<76652074>-.2 H<6865>
-.15 E .975<70726f706572207065726d697373696f6e732028692e652e2c2075737561
-6c6c79207365742d75736572>117 292.2 R .975
-<2d494420726f6f74292073696e63652069742077696c6c20626520696e>-.2 F -.2
-<766f>-.4 G -.1<6b65>.2 G 3.474<6462>.1 G 3.474<7974>-3.474 G<6865>
--3.474 E F0<52756e417355736572>3.474 E F1<2c>A<6e6f7420627920726f6f742e>
-117 304.2 Q F0 2.5<342e392e322e2054>102 328.2 R<7572>-.92 E
-<6e696e67206f666620736563757269747920636865636b73>-.15 E F2
-<53656e646d61696c>142 344.4 Q F1 .648<69732076>3.148 F .648<657279207061
-72746963756c61722061626f757420746865206d6f646573206f66208c6c657320746861
-74206974207265616473206f72207772697465732e>-.15 F -.15<466f>5.648 G
-3.148<7265>.15 G<78616d706c652c>-3.298 E .251<627920646566>117 356.4 R
-.251<61756c742069742077696c6c2072656675736520746f2072656164206d6f737420
-8c6c65732074686174206172652067726f7570207772697461626c65206f6e2074686520
-67726f756e6473207468617420746865>-.1 F 2.75<796d>-.15 G<69676874>-2.75 E
-<6861>117 368.4 Q 1.215 -.15<76652062>-.2 H .916<65656e2074616d70657265
-64207769746820627920736f6d656f6e65206f74686572207468616e20746865206f>.15
-F .916<776e65723b2069742077696c6c2065>-.25 F -.15<7665>-.25 G 3.416
-<6e72>.15 G .916<656675736520746f2072656164208c6c657320696e>-3.416 F
-1.457<67726f7570207772697461626c65206469726563746f726965732e>117 380.4 R
-1.456<416c736f2c2073656e646d61696c2077696c6c2072656675736520746f20637265
-6174652061206e65>6.457 F 3.956<7761>-.25 G 1.456
-<6c696173657320646174616261736520696e20616e>-3.956 F .031
-<756e73616665206469726563746f7279>117 392.4 R 5.031<2e59>-.65 G .031<6f
-752063616e206765742061726f756e642074686973206279206d616e75616c6c79206372
-656174696e6720746865206461746162617365208c6c6520617320612074727573746564
-2075736572>-6.131 F
-<6168656164206f662074696d6520616e64207468656e20726562>117 404.4 Q
-<75696c64696e672074686520616c69617365732064617461626173652077697468>-.2
-E F0<6e6577616c6961736573>2.5 E F1<2e>A .438<496620796f7520617265>142
-420.6 R F2<7175697465>2.938 E F1 .438<73757265207468617420796f757220636f
-6e8c6775726174696f6e206973207361666520616e6420796f752077>2.938 F<616e74>
--.1 E F2<73656e646d61696c>2.937 E F1 .437<746f2061>2.937 F -.2<766f>-.2
-G .437<6964207468657365>.2 F 1.186
-<736563757269747920636865636b732c20796f752063616e207475726e206f66>117
-432.6 R 3.687<6663>-.25 G 1.187
-<65727461696e20636865636b73207573696e6720746865>-3.687 F F0
-<446f6e74426c616d6553656e646d61696c>3.687 E F1 3.687
-<6f7074696f6e2e2054686973>3.687 F 1.39<6f7074696f6e2074616b>117 444.6 R
-1.389<6573206f6e65206f72206d6f7265206e616d657320746861742064697361626c65
-20636865636b732e>-.1 F 1.389
-<496e20746865206465736372697074696f6e73207468617420666f6c6c6f>6.389 F
-2.689 -.65<772c2099>-.25 H<756e73616665>.65 E<6469726563746f72799a206d65
-616e732061206469726563746f72792074686174206973207772697461626c6520627920
-616e>117 456.6 Q<796f6e65206f74686572207468616e20746865206f>-.15 E
-<776e6572>-.25 E 5<2e54>-.55 G<68652076>-5 E<616c756573206172653a>-.25 E
-15.73<53616665204e6f>117 472.8 R<7370656369616c2068616e646c696e672e>2.5
-E<417373756d655361666543686f>117 489 Q<776e>-.25 E .412
-<417373756d65207468617420746865>153 501 R F2 -.15<6368>2.913 G<6f776e>
-.15 E F1 .413
-<73797374656d2063616c6c206973207265737472696374656420746f20726f6f742e>
-2.913 F .413<53696e636520736f6d652076>5.413 F .413
-<657273696f6e73206f6620554e4958>-.15 F .866<7065726d6974207265>153 513 R
-.866<67756c617220757365727320746f206769>-.15 F 1.166 -.15<7665206177>
--.25 H .866<6179207468656972208c6c657320746f206f74686572207573657273206f
-6e20736f6d65208c6c6573797374656d732c>.05 F F2<73656e642d>3.365 E
-<6d61696c>153 525 Q F1 .456
-<6f6674656e2063616e6e6f7420617373756d6520746861742061206769>2.956 F -.15
-<7665>-.25 G 2.956<6e8c>.15 G .456<6c652077>-2.956 F .457
-<6173206372656174656420627920746865206f>-.1 F<776e6572>-.25 E 2.957
-<2c70>-.4 G .457<6172746963756c61726c79207768656e>-2.957 F 1.475
-<697420697320696e2061207772697461626c65206469726563746f7279>153 537 R
-6.475<2e59>-.65 G 1.475
-<6f752063616e207365742074686973208d616720696620796f75206b6e6f>-7.575 F
-3.974<7774>-.25 G 1.474<686174208c6c65206769>-3.974 F -.15<7665>-.25 G
--2.3 -.15<61772061>.15 H 3.974<7969>.15 G<73>-3.974 E
-<72657374726963746564206f6e20796f75722073797374656d2e>153 549 Q
-<436c61737346696c65496e556e7361666544697250>117 565.2 Q<617468>-.15 E
-.493
-<5768656e2072656164696e6720636c617373208c6c657320287573696e6720746865>
-153 577.2 R F0<46>2.993 E F1 .493
-<6c696e6520696e2074686520636f6e8c6775726174696f6e208c6c65292c20616c6c6f>
-2.993 F 2.994<778c>-.25 G .494<6c6573207468617420617265>-2.994 F
-<696e20756e73616665206469726563746f726965732e>153 589.2 Q<446f6e7457>117
-605.4 Q<61726e46>-.8 E<6f7277>-.15 E
-<61726446696c65496e556e7361666544697250>-.1 E<617468>-.15 E<507265>153
-617.4 Q -.15<7665>-.25 G<6e74206c6f6767696e67206f6620756e73616665206469
-726563746f727920706174682077>.15 E<61726e696e677320666f72206e6f6e2d65>
--.1 E<78697374656e7420666f7277>-.15 E<617264208c6c65732e>-.1 E
-<4572726f72486561646572496e556e7361666544697250>117 633.6 Q<617468>-.15
-E<416c6c6f>153 645.6 Q 2.5<7774>-.25 G
-<6865208c6c65206e616d656420696e20746865>-2.5 E F0<457272>2.5 E
-<6f72486561646572>-.18 E F1
-<6f7074696f6e20746f20626520696e20616e20756e73616665206469726563746f7279>
-2.5 E<2e>-.65 E<46696c6544656c69>117 661.8 Q -.15<7665>-.25 G<727954>.15
-E<6f486172644c696e6b>-.8 E<416c6c6f>153 673.8 Q 2.5<7764>-.25 G<656c69>
--2.5 E -.15<7665>-.25 G
-<727920746f208c6c65732074686174206172652068617264206c696e6b732e>.15 E
-<46696c6544656c69>117 690 Q -.15<7665>-.25 G<727954>.15 E
-<6f53796d4c696e6b>-.8 E<416c6c6f>153 702 Q 2.5<7764>-.25 G<656c69>-2.5 E
--.15<7665>-.25 G
-<727920746f208c6c65732074686174206172652073796d626f6c6963206c696e6b732e>
-.15 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-33)195.86 E 2.5(4.9. File)87 96 R(Modes)2.5 E/F1 10
+/Times-Roman@0 SF .264
+(The modes used for \214les depend on what functionality you w)127 112.2
+R .264(ant and the le)-.1 F -.15(ve)-.25 G 2.764(lo).15 G 2.764(fs)
+-2.764 G .264(ecurity you)-2.764 F 2.561(require. In)102 124.2 R(man)
+2.561 E 2.561(yc)-.15 G(ases)-2.561 E/F2 10/Times-Italic@0 SF(sendmail)
+2.561 E F1 .06
+(does careful checking of the modes of \214les and directories to a)
+2.561 F -.2(vo)-.2 G(id).2 E 1.335(accidental compromise; if you w)102
+136.2 R 1.336(ant to mak)-.1 F 3.836(ei)-.1 G 3.836(tp)-3.836 G 1.336
+(ossible to ha)-3.836 F 1.636 -.15(ve g)-.2 H 1.336
+(roup-writable support \214les you).15 F(may need to use the)102 148.2 Q
+F0(DontBlameSendmail)2.5 E F1(option to turn of)2.5 E 2.5(fs)-.25 G
+(ome of these checks.)-2.5 E F0 2.5(4.9.1. T)102 172.2 R 2.5(os)-.92 G
+(uid or not to suid?)-2.5 E F2(Sendmail)142 188.4 Q F1 .163
+(is no longer installed set-user)2.663 F .163(-ID to root.)-.2 F .162
+(sendmail/SECURITY e)5.163 F .162(xplains ho)-.15 F 2.662(wt)-.25 G(o)
+-2.662 E .559(con\214gure and install)117 200.4 R F2(sendmail)3.059 E F1
+.559(without set-user)3.059 F .559(-ID to root b)-.2 F .56
+(ut set-group-ID which is the def)-.2 F(ault)-.1 E
+(con\214guration starting with 8.12.)117 212.4 Q 1.286
+(The daemon usually runs as root, unless other measures are tak)142
+228.6 R 3.785(en. At)-.1 F 1.285(the point where)3.785 F F2(sendmail)117
+240.6 Q F1 .494(is about to)2.994 F F2 -.2(ex)2.994 G(ec).2 E F1 .494
+(\(2\) a mailer)1.666 F 2.995(,i)-.4 G 2.995(tc)-2.995 G .495
+(hecks to see if the userid is zero \(root\); if so, it resets)-2.995 F
+.334(the userid and groupid to a def)117 252.6 R .333(ault \(set by the)
+-.1 F F0(U=)2.833 E F1 .333
+(equate in the mailer line; if that is not set, the)2.833 F F0
+(DefaultUser)117 264.6 Q F1 .121(option is used\).)2.621 F .122
+(This can be o)5.121 F -.15(ve)-.15 G .122(rridden by setting the).15 F
+F0(S)2.622 E F1 .122(\215ag to the mailer for mail-)2.622 F .804
+(ers that are trusted and must be called as root.)117 276.6 R(Ho)5.804 E
+(we)-.25 E -.15(ve)-.25 G 1.604 -.4(r, t).15 H .804
+(his will cause mail processing to be).4 F(accounted \(using)117 288.6 Q
+F2(sa)2.5 E F1
+(\(8\)\) to root rather than to the user sending the mail.)1.666 E 3.557
+(Am)142 304.8 S 1.057(iddle ground is to set the)-3.557 F F0(RunAsUser)
+3.557 E F1 3.557(option. This)3.557 F(causes)3.557 E F2(sendmail)3.557 E
+F1 1.058(to become the)3.557 F .392(indicated user as soon as it has do\
+ne the startup that requires root pri)117 316.8 R(vile)-.25 E .392
+(ges \(primarily)-.15 F 2.892(,o)-.65 G(pening)-2.892 E(the)117 328.8 Q
+/F3 9/Times-Roman@0 SF(SMTP)3.741 E F1(sock)3.741 E 3.741(et\). If)-.1 F
+1.241(you use)3.741 F F0(RunAsUser)3.741 E F1 3.741(,t)C 1.241
+(he queue directory \(normally)-3.741 F F2(/var/spool/mqueue)3.742 E F1
+(\))A 1.315(should be o)117 340.8 R 1.315(wned by that user)-.25 F 3.815
+(,a)-.4 G 1.315(nd all \214les and databases \(including user)-3.815 F
+F2(.forwar)3.814 E(d)-.37 E F1 1.314(\214les, alias)3.814 F .256
+(\214les, :include: \214les, and e)117 352.8 R .256
+(xternal databases\) must be readable by that user)-.15 F 5.257(.A)-.55
+G .257(lso, since sendmail)-5.257 F .836
+(will not be able to change its uid, deli)117 364.8 R -.15(ve)-.25 G
+.836(ry to programs or \214les will be mark).15 F .836
+(ed as unsafe, e.g.,)-.1 F(undeli)117 376.8 Q -.15(ve)-.25 G .814
+(rable, in).15 F F2(.forwar)3.314 E(d)-.37 E F1 3.314(,a)C .814
+(liases, and :include: \214les.)-3.314 F .814(Administrators can o)5.814
+F -.15(ve)-.15 G .815(rride this by set-).15 F .7(ting the)117 388.8 R
+F0(DontBlameSendmail)3.2 E F1 .7(option to the setting)3.2 F F0
+(NonRootSafeAddr)3.2 E F1(.)A F0(RunAsUser)5.7 E F1 .7(is proba-)3.2 F
+1.186(bly best suited for \214re)117 400.8 R -.1(wa)-.25 G 1.186
+(ll con\214gurations that don').1 F 3.686(th)-.18 G -2.25 -.2(av e)
+-3.686 H(re)3.886 E 1.186(gular user logins.)-.15 F 1.186
+(If the option is)6.186 F 1.443
+(used on a system which performs local deli)117 412.8 R -.15(ve)-.25 G
+(ry).15 E 3.943(,t)-.65 G 1.443(hen the local deli)-3.943 F -.15(ve)-.25
+G 1.442(ry agent must ha).15 F 1.742 -.15(ve t)-.2 H(he).15 E .974
+(proper permissions \(i.e., usually set-user)117 424.8 R .975
+(-ID root\) since it will be in)-.2 F -.2(vo)-.4 G -.1(ke).2 G 3.475(db)
+.1 G 3.475(yt)-3.475 G(he)-3.475 E F0(RunAsUser)3.475 E F1(,)A
+(not by root.)117 436.8 Q F0 2.5(4.9.2. T)102 460.8 R(ur)-.92 E
+(ning off security checks)-.15 E F2(Sendmail)142 477 Q F1 .648(is v)
+3.148 F .648
+(ery particular about the modes of \214les that it reads or writes.)-.15
+F -.15(Fo)5.648 G 3.148(re).15 G(xample,)-3.298 E .25(by def)117 489 R
+.251(ault it will refuse to read most \214les that are group writable o\
+n the grounds that the)-.1 F 2.751(ym)-.15 G(ight)-2.751 E(ha)117 501 Q
+1.216 -.15(ve b)-.2 H .916
+(een tampered with by someone other than the o).15 F .916
+(wner; it will e)-.25 F -.15(ve)-.25 G 3.416(nr).15 G .916
+(efuse to read \214les in)-3.416 F 1.456(group writable directories.)117
+513 R 1.456(Also, sendmail will refuse to create a ne)6.456 F 3.957(wa)
+-.25 G 1.457(liases database in an)-3.957 F .032(unsafe directory)117
+525 R 5.032(.Y)-.65 G .031(ou can get around this by manually creating \
+the database \214le as a trusted user)-6.132 F
+(ahead of time and then reb)117 537 Q(uilding the aliases database with)
+-.2 E F0(newaliases)2.5 E F1(.)A .437(If you are)142 553.2 R F2(quite)
+2.937 E F1 .437(sure that your con\214guration is safe and you w)2.937 F
+(ant)-.1 E F2(sendmail)2.938 E F1 .438(to a)2.938 F -.2(vo)-.2 G .438
+(id these).2 F 1.187(security checks, you can turn of)117 565.2 R 3.687
+(fc)-.25 G 1.187(ertain checks using the)-3.687 F F0(DontBlameSendmail)
+3.686 E F1 3.686(option. This)3.686 F 1.389(option tak)117 577.2 R 1.389
+(es one or more names that disable checks.)-.1 F 1.39
+(In the descriptions that follo)6.389 F 2.69 -.65(w, \231)-.25 H(unsafe)
+.65 E(directory\232 means a directory that is writable by an)117 589.2 Q
+(yone other than the o)-.15 E(wner)-.25 E 5(.T)-.55 G(he v)-5 E
+(alues are:)-.25 E 15.73(Safe No)117 605.4 R(special handling.)2.5 E
+(AssumeSafeCho)117 621.6 Q(wn)-.25 E .413(Assume that the)153 633.6 R F2
+-.15(ch)2.913 G(own).15 E F1 .413(system call is restricted to root.)
+2.913 F .413(Since some v)5.413 F .412(ersions of UNIX)-.15 F .865
+(permit re)153 645.6 R .865(gular users to gi)-.15 F 1.166 -.15(ve aw)
+-.25 H .866(ay their \214les to other users on some \214lesystems,).05 F
+F2(send-)3.366 E(mail)153 657.6 Q F1 .457(often cannot assume that a gi)
+2.957 F -.15(ve)-.25 G 2.956<6e8c>.15 G .456(le w)-2.956 F .456
+(as created by the o)-.1 F(wner)-.25 E 2.956(,p)-.4 G .456
+(articularly when)-2.956 F 1.474(it is in a writable directory)153 669.6
+R 6.475(.Y)-.65 G 1.475(ou can set this \215ag if you kno)-7.575 F 3.975
+(wt)-.25 G 1.475(hat \214le gi)-3.975 F -.15(ve)-.25 G -2.3 -.15(aw a)
+.15 H 3.975(yi).15 G(s)-3.975 E(restricted on your system.)153 681.6 Q
+(ClassFileInUnsafeDirP)117 697.8 Q(ath)-.15 E .494
+(When reading class \214les \(using the)153 709.8 R F0(F)2.993 E F1 .493
+(line in the con\214guration \214le\), allo)2.993 F 2.993<778c>-.25 G
+.493(les that are)-2.993 F(in unsafe directories.)153 721.8 Q 0 Cg EP
%%Page: 34 30
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d33342053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF -.15<466f>117 96 S<7277>.15 E
-<61726446696c65496e47726f75705772697461626c6544697250>-.1 E<617468>-.15
-E<416c6c6f>153 108 Q<77>-.25 E/F2 10/Times-Italic@0 SF<2e666f72776172>
-2.5 E<64>-.37 E F1
-<8c6c657320696e2067726f7570207772697461626c65206469726563746f726965732e>
-2.5 E -.15<466f>117 124.2 S<7277>.15 E
-<61726446696c65496e556e7361666544697250>-.1 E<617468>-.15 E<416c6c6f>153
-136.2 Q<77>-.25 E F2<2e666f72776172>2.5 E<64>-.37 E F1
-<8c6c657320696e20756e73616665206469726563746f726965732e>2.5 E -.15<466f>
-117 152.4 S<7277>.15 E<61726446696c65496e556e7361666544697250>-.1 E
-<61746853616665>-.15 E<416c6c6f>153 164.4 Q 2.612<7761>-.25 G F2
-<2e666f72776172>A<64>-.37 E F1 .112<8c6c65207468617420697320696e20616e20
-756e73616665206469726563746f727920746f20696e636c756465207265666572656e63
-657320746f2070726f6772616d20616e64>2.612 F<8c6c65732e>153 176.4 Q
-<47726f75705265616461626c654b>117 192.6 Q -.15<6579>-.25 G<46696c65>.15
-E<41636365707420612067726f75702d7265616461626c65206b>153 204.6 Q .3 -.15
-<6579208c>-.1 H<6c6520666f72205354>.15 E<4152>-.93 E<54544c532e>-.6 E
-<47726f75705265616461626c655341534c444246696c65>117 220.8 Q<416363657074
-20612067726f75702d7265616461626c65204379727573205341534c207061737377>153
-232.8 Q<6f7264208c6c652e>-.1 E<47726f75705265616461626c65446566>117 249
-Q<61756c7441757468496e666f46696c65>-.1 E
-<41636365707420612067726f75702d7265616461626c6520446566>153 261 Q
-<61756c7441757468496e666f208c6c6520666f72205341534c2e>-.1 E
-<47726f75705772697461626c65416c69617346696c65>117 277.2 Q<416c6c6f>153
-289.2 Q 2.5<7767>-.25 G
-<726f75702d7772697461626c6520616c696173208c6c65732e>-2.5 E
-<47726f75705772697461626c6544697250>117 305.4 Q<61746853616665>-.15 E
-.224<4368616e6765207468652064658c6e6974696f6e206f662099756e736166652064
-69726563746f72799a20746f20636f6e73696465722067726f75702d7772697461626c65
-206469726563746f7269657320746f206265>153 317.4 R 2.5<736166652e2057>153
-329.4 R
-<6f726c642d7772697461626c65206469726563746f726965732061726520616c>-.8 E
--.1<7761>-.1 G<797320756e736166652e>.1 E<47726f75705772697461626c6546>
-117 345.6 Q<6f7277>-.15 E<61726446696c65>-.1 E<416c6c6f>153 357.6 Q 2.5
-<7767>-.25 G<726f7570207772697461626c65>-2.5 E F2<2e666f72776172>2.5 E
-<64>-.37 E F1<8c6c65732e>2.5 E<47726f75705772697461626c6546>117 373.8 Q
-<6f7277>-.15 E<61726446696c6553616665>-.1 E
-<4163636570742067726f75702d7772697461626c65>153 385.8 Q F2
-<2e666f72776172>2.5 E<64>-.37 E F1<8c6c6573206173207361666520666f722070
-726f6772616d20616e64208c6c652064656c69>2.5 E -.15<7665>-.25 G<7279>.15 E
-<2e>-.65 E<47726f75705772697461626c65496e636c75646546696c65>117 402 Q
-<416c6c6f>153 414 Q 2.5<7767>-.25 G<726f75702077726961626c65>-2.5 E F2
-<3a696e636c7564653a>2.5 E F1<8c6c65732e>2.5 E
-<47726f75705772697461626c65496e636c75646546696c6553616665>117 430.2 Q
-<4163636570742067726f75702d7772697461626c65>153 442.2 Q F2
-<3a696e636c7564653a>2.5 E F1<8c6c6573206173207361666520666f722070726f67
-72616d20616e64208c6c652064656c69>2.5 E -.15<7665>-.25 G<7279>.15 E<2e>
--.65 E<47726f75705772697461626c655341534c444246696c65>117 458.4 Q<416363
-65707420612067726f75702d7772697461626c65204379727573205341534c2070617373
-77>153 470.4 Q<6f7264208c6c652e>-.1 E
-<48656c7046696c65496e556e7361666544697250>117 486.6 Q<617468>-.15 E
-<416c6c6f>153 498.6 Q 2.5<7774>-.25 G
-<6865208c6c65206e616d656420696e20746865>-2.5 E F0<48656c7046696c65>2.5 E
-F1
-<6f7074696f6e20746f20626520696e20616e20756e73616665206469726563746f7279>
-2.5 E<2e>-.65 E
-<496e636c75646546696c65496e47726f75705772697461626c6544697250>117 514.8
-Q<617468>-.15 E<416c6c6f>153 526.8 Q<77>-.25 E F2<3a696e636c7564653a>2.5
-E F1
-<8c6c657320696e2067726f7570207772697461626c65206469726563746f726965732e>
-2.5 E<496e636c75646546696c65496e556e7361666544697250>117 543 Q<617468>
--.15 E<416c6c6f>153 555 Q<77>-.25 E F2<3a696e636c7564653a>2.5 E F1
-<8c6c657320696e20756e73616665206469726563746f726965732e>2.5 E
-<496e636c75646546696c65496e556e7361666544697250>117 571.2 Q
-<61746853616665>-.15 E<416c6c6f>153 583.2 Q 3.706<7761>-.25 G F2
-<3a696e636c7564653a>A F1 1.206<8c6c65207468617420697320696e20616e20756e
-73616665206469726563746f727920746f20696e636c756465207265666572656e636573
-20746f2070726f6772616d>3.706 F<616e64208c6c65732e>153 595.2 Q
-<496e737566>117 611.4 Q<8c6369656e74456e74726f70>-.25 E<79>-.1 E -.35
-<5472>153 623.4 S 3.212<7974>.35 G 3.212<6f75>-3.212 G .713<7365205354>
--3.212 F<4152>-.93 E .713<54544c532065>-.6 F -.15<7665>-.25 G 3.213
-<6e69>.15 G 3.213<6674>-3.213 G .713<68652050524e4720666f72204f70656e53
-534c206973206e6f742070726f7065726c79207365656465642064657370697465>
--3.213 F<7468652073656375726974792070726f626c656d732e>153 635.4 Q
-<4c696e6b>117 651.6 Q<6564416c69617346696c65496e5772697461626c65446972>
--.1 E<416c6c6f>153 663.6 Q 2.5<7761>-.25 G 2.5<6e61>-2.5 G<6c696173208c
-6c6520746861742069732061206c696e6b20696e2061207772697461626c652064697265
-63746f7279>-2.5 E<2e>-.65 E<4c696e6b>117 679.8 Q
-<6564436c61737346696c65496e5772697461626c65446972>-.1 E<416c6c6f>153
-691.8 Q 2.5<7763>-.25 G<6c617373208c6c6573207468617420617265206c696e6b73
-20696e207772697461626c65206469726563746f726965732e>-2.5 E<4c696e6b>117
-708 Q<656446>-.1 E<6f7277>-.15 E
-<61726446696c65496e5772697461626c65446972>-.1 E<416c6c6f>153 720 Q<77>
--.25 E F2<2e666f72776172>2.5 E<64>-.37 E F1<8c6c657320746861742061726520
-6c696e6b7320696e207772697461626c65206469726563746f726965732e>2.5 E 0 Cg
-EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-34 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF(DontW)117
+96 Q(arnF)-.8 E(orw)-.15 E(ardFileInUnsafeDirP)-.1 E(ath)-.15 E(Pre)153
+108 Q -.15(ve)-.25 G(nt logging of unsafe directory path w).15 E
+(arnings for non-e)-.1 E(xistent forw)-.15 E(ard \214les.)-.1 E
+(ErrorHeaderInUnsafeDirP)117 124.2 Q(ath)-.15 E(Allo)153 136.2 Q 2.5(wt)
+-.25 G(he \214le named in the)-2.5 E F0(Err)2.5 E(orHeader)-.18 E F1
+(option to be in an unsafe directory)2.5 E(.)-.65 E(FileDeli)117 152.4 Q
+-.15(ve)-.25 G(ryT).15 E(oHardLink)-.8 E(Allo)153 164.4 Q 2.5(wd)-.25 G
+(eli)-2.5 E -.15(ve)-.25 G(ry to \214les that are hard links.).15 E
+(FileDeli)117 180.6 Q -.15(ve)-.25 G(ryT).15 E(oSymLink)-.8 E(Allo)153
+192.6 Q 2.5(wd)-.25 G(eli)-2.5 E -.15(ve)-.25 G
+(ry to \214les that are symbolic links.).15 E -.15(Fo)117 208.8 S(rw).15
+E(ardFileInGroupWritableDirP)-.1 E(ath)-.15 E(Allo)153 220.8 Q(w)-.25 E
+/F2 10/Times-Italic@0 SF(.forwar)2.5 E(d)-.37 E F1
+(\214les in group writable directories.)2.5 E -.15(Fo)117 237 S(rw).15 E
+(ardFileInUnsafeDirP)-.1 E(ath)-.15 E(Allo)153 249 Q(w)-.25 E F2
+(.forwar)2.5 E(d)-.37 E F1(\214les in unsafe directories.)2.5 E -.15(Fo)
+117 265.2 S(rw).15 E(ardFileInUnsafeDirP)-.1 E(athSafe)-.15 E(Allo)153
+277.2 Q 2.612(wa)-.25 G F2(.forwar)A(d)-.37 E F1 .112(\214le that is in\
+ an unsafe directory to include references to program and)2.612 F
+(\214les.)153 289.2 Q(GroupReadableK)117 305.4 Q -.15(ey)-.25 G(File).15
+E(Accept a group-readable k)153 317.4 Q .3 -.15(ey \214)-.1 H(le for ST)
+.15 E(AR)-.93 E(TTLS.)-.6 E(GroupReadableSASLDBFile)117 333.6 Q
+(Accept a group-readable Cyrus SASL passw)153 345.6 Q(ord \214le.)-.1 E
+(GroupReadableDef)117 361.8 Q(aultAuthInfoFile)-.1 E
+(Accept a group-readable Def)153 373.8 Q(aultAuthInfo \214le for SASL.)
+-.1 E(GroupWritableAliasFile)117 390 Q(Allo)153 402 Q 2.5(wg)-.25 G
+(roup-writable alias \214les.)-2.5 E(GroupWritableDirP)117 418.2 Q
+(athSafe)-.15 E .224(Change the de\214nition of \231unsafe directory\
+\232 to consider group-writable directories to be)153 430.2 R 2.5
+(safe. W)153 442.2 R(orld-writable directories are al)-.8 E -.1(wa)-.1 G
+(ys unsafe.).1 E(GroupWritableF)117 458.4 Q(orw)-.15 E(ardFile)-.1 E
+(Allo)153 470.4 Q 2.5(wg)-.25 G(roup writable)-2.5 E F2(.forwar)2.5 E(d)
+-.37 E F1(\214les.)2.5 E(GroupWritableF)117 486.6 Q(orw)-.15 E
+(ardFileSafe)-.1 E(Accept group-writable)153 498.6 Q F2(.forwar)2.5 E(d)
+-.37 E F1(\214les as safe for program and \214le deli)2.5 E -.15(ve)-.25
+G(ry).15 E(.)-.65 E(GroupWritableIncludeFile)117 514.8 Q(Allo)153 526.8
+Q 2.5(wg)-.25 G(roup writable)-2.5 E F2(:include:)2.5 E F1(\214les.)2.5
+E(GroupWritableIncludeFileSafe)117 543 Q(Accept group-writable)153 555 Q
+F2(:include:)2.5 E F1(\214les as safe for program and \214le deli)2.5 E
+-.15(ve)-.25 G(ry).15 E(.)-.65 E(GroupWritableSASLDBFile)117 571.2 Q
+(Accept a group-writable Cyrus SASL passw)153 583.2 Q(ord \214le.)-.1 E
+(HelpFileInUnsafeDirP)117 599.4 Q(ath)-.15 E(Allo)153 611.4 Q 2.5(wt)
+-.25 G(he \214le named in the)-2.5 E F0(HelpFile)2.5 E F1
+(option to be in an unsafe directory)2.5 E(.)-.65 E
+(IncludeFileInGroupWritableDirP)117 627.6 Q(ath)-.15 E(Allo)153 639.6 Q
+(w)-.25 E F2(:include:)2.5 E F1(\214les in group writable directories.)
+2.5 E(IncludeFileInUnsafeDirP)117 655.8 Q(ath)-.15 E(Allo)153 667.8 Q(w)
+-.25 E F2(:include:)2.5 E F1(\214les in unsafe directories.)2.5 E
+(IncludeFileInUnsafeDirP)117 684 Q(athSafe)-.15 E(Allo)153 696 Q 3.705
+(wa)-.25 G F2(:include:)A F1 1.206
+(\214le that is in an unsafe directory to include references to program)
+3.705 F(and \214les.)153 708 Q 0 Cg EP
%%Page: 35 31
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3335>195.86 E
-/F1 10/Times-Roman@0 SF<4c696e6b>117 96 Q
-<6564496e636c75646546696c65496e5772697461626c65446972>-.1 E<416c6c6f>153
-108 Q<77>-.25 E/F2 10/Times-Italic@0 SF<3a696e636c7564653a>2.5 E F1<8c6c
-6573207468617420617265206c696e6b7320696e207772697461626c6520646972656374
-6f726965732e>2.5 E<4c696e6b>117 124.2 Q
-<65644d6170496e5772697461626c65446972>-.1 E<416c6c6f>153 136.2 Q 2.685
-<776d>-.25 G .185<6170208c6c6573207468617420617265206c696e6b7320696e2077
-72697461626c65206469726563746f726965732e>-2.685 F .184
-<5468697320696e636c7564657320616c696173206461746162617365208c6c65732e>
-5.184 F<4c696e6b>117 152.4 Q
-<65645365727669636553776974636846696c65496e5772697461626c65446972>-.1 E
-<416c6c6f>153 164.4 Q 2.5<7774>-.25 G<6865207365727669636520737769746368
-208c6c6520746f2062652061206c696e6b2065>-2.5 E -.15<7665>-.25 G 2.5<6e69>
-.15 G 2.5<6674>-2.5 G
-<6865206469726563746f7279206973207772697461626c652e>-2.5 E
-<4d6170496e556e7361666544697250>117 180.6 Q<617468>-.15 E<416c6c6f>153
-192.6 Q 2.97<776d>-.25 G .47<6170732028652e672e2c>-2.97 F F2<68617368>
-2.97 E F1<2c>A F2<627472>2.97 E<6565>-.37 E F1 2.97<2c61>C<6e64>-2.97 E
-F2<64626d>2.97 E F1 .47
-<8c6c65732920696e20756e73616665206469726563746f726965732e>2.97 F .47
-<5468697320696e636c7564657320616c696173>5.47 F
-<6461746162617365208c6c65732e>153 204.6 Q
-<4e6f6e526f6f745361666541646472>117 220.8 Q .485
-<446f206e6f74206d61726b208c6c6520616e642070726f6772616d2064656c69>153
-232.8 R -.15<7665>-.25 G .484<7269657320617320756e736166652069662073656e
-646d61696c206973206e6f742072756e6e696e67207769746820726f6f74>.15 F
-<707269>153 244.8 Q<76696c65>-.25 E<6765732e>-.15 E
-<52756e50726f6772616d496e556e7361666544697250>117 261 Q<617468>-.15 E<52
-756e2070726f6772616d7320746861742061726520696e207772697461626c6520646972
-6563746f7269657320776974686f7574206c6f6767696e6720612077>153 273 Q
-<61726e696e672e>-.1 E<52756e5772697461626c6550726f6772616d>117 289.2 Q
-<52756e2070726f6772616d732074686174206172652067726f75702d206f722077>153
-301.2 Q
-<6f726c642d7772697461626c6520776974686f7574206c6f6767696e6720612077>-.1
-E<61726e696e672e>-.1 E -.35<5472>117 317.4 S<757374537469636b>.35 E
-<79426974>-.15 E<416c6c6f>153 329.4 Q 3.405<7767>-.25 G .905
-<726f7570206f722077>-3.405 F .905<6f726c64207772697461626c65206469726563
-746f726965732069662074686520737469636b>-.1 F 3.405<7962>-.15 G .906
-<697420697320736574206f6e20746865206469726563746f7279>-3.405 F 5.906
-<2e44>-.65 G<6f>-5.906 E<6e6f74207365742074686973206f6e2073797374656d73
-20776869636820646f206e6f7420686f6e6f722074686520737469636b>153 341.4 Q
-2.5<7962>-.15 G<6974206f6e206469726563746f726965732e>-2.5 E -.8<576f>117
-357.6 S<726c645772697461626c65416c69617346696c65>.8 E<4163636570742077>
-153 369.6 Q<6f726c642d7772697461626c6520616c696173208c6c65732e>-.1 E -.8
-<576f>117 385.8 S<726c645772697461626c6546>.8 E<6f7277>-.15 E
-<6172648c6c65>-.1 E<416c6c6f>153 397.8 Q 2.5<7777>-.25 G
-<6f726c64207772697461626c65>-2.6 E F2<2e666f72776172>2.5 E<64>-.37 E F1
-<8c6c65732e>2.5 E -.8<576f>117 414 S
-<726c645772697461626c65496e636c7564658c6c65>.8 E<416c6c6f>153 426 Q 2.5
-<7777>-.25 G<6f726c642077726961626c65>-2.6 E F2<3a696e636c7564653a>2.5 E
-F1<8c6c65732e>2.5 E<57726974654d617054>117 442.2 Q<6f486172644c696e6b>
--.8 E<416c6c6f>153 454.2 Q 2.5<7777>-.25 G
-<726974657320746f206d6170732074686174206172652068617264206c696e6b732e>
--2.5 E<57726974654d617054>117 470.4 Q<6f53796d4c696e6b>-.8 E<416c6c6f>
-153 482.4 Q 2.5<7777>-.25 G<726974657320746f206d617073207468617420617265
-2073796d626f6c6963206c696e6b732e>-2.5 E<5772697465537461747354>117 498.6
-Q<6f486172644c696e6b>-.8 E<416c6c6f>153 510.6 Q 2.5<7774>-.25 G
-<686520737461747573208c6c6520746f20626520612068617264206c696e6b2e>-2.5 E
-<5772697465537461747354>117 526.8 Q<6f53796d4c696e6b>-.8 E<416c6c6f>153
-538.8 Q 2.5<7774>-.25 G<686520737461747573208c6c6520746f2062652061207379
-6d626f6c6963206c696e6b2e>-2.5 E F0 2.5<342e31302e20436f6e6e656374696f6e>
-87 562.8 R<43616368696e67>2.5 E F1 .642
-<5768656e2070726f63657373696e67207468652071756575652c>127 579 R F2
-<73656e646d61696c>3.142 E F1 .642<77696c6c2074727920746f206b>3.142 F
-.642<65657020746865206c617374206665>-.1 F 3.142<776f>-.25 G .642
-<70656e20636f6e6e656374696f6e73206f70656e20746f>-3.142 F -.2<61766f>102
-591 S<6964207374617274757020616e642073687574646f>.2 E
-<776e20636f7374732e>-.25 E<54686973206f6e6c79206170706c69657320746f2049
-504320616e64204c504320636f6e6e656374696f6e732e>5 E .286<5768656e20747279
-696e6720746f206f70656e206120636f6e6e656374696f6e207468652063616368652069
-73208c7273742073656172636865642e>127 607.2 R .287
-<496620616e206f70656e20636f6e6e656374696f6e20697320666f756e642c>5.286 F
-1.034<69742069732070726f62656420746f20736565206966206974206973207374696c
-6c2061637469>102 619.2 R 1.333 -.15<76652062>-.25 H 3.533<7973>.15 G
-1.033<656e64696e672061>-3.533 F/F3 9/Times-Roman@0 SF<52534554>3.533 E
-F1 3.533<636f6d6d616e642e204974>3.533 F 1.033
-<6973206e6f7420616e206572726f7220696620746869732066>3.533 F<61696c733b>
--.1 E<696e73746561642c2074686520636f6e6e656374696f6e20697320636c6f736564
-20616e642072656f70656e65642e>102 631.2 Q -1 -.8<5477206f>127 647.4 T
-.408<706172616d657465727320636f6e74726f6c2074686520636f6e6e656374696f6e
-2063616368652e>3.708 F<546865>5.408 E F0
-<436f6e6e656374696f6e436163686553697a65>2.908 E F1<28>2.908 E F0<6b>A F1
-2.908<296f>C .408<7074696f6e2064658c6e6573>-2.908 F .145<746865206e756d
-626572206f662073696d756c74616e656f7573206f70656e20636f6e6e656374696f6e73
-20746861742077696c6c206265207065726d69747465642e>102 659.4 R .145
-<49662069742069732073657420746f207a65726f2c20636f6e6e656374696f6e73>
-5.145 F .212<77696c6c20626520636c6f73656420617320717569636b6c7920617320
-706f737369626c652e>102 671.4 R .212<54686520646566>5.212 F .212
-<61756c74206973206f6e652e>-.1 F .213<546869732073686f756c64206265207365
-7420617320617070726f70726961746520666f7220796f7572>5.212 F .63<73797374
-656d2073697a653b2069742077696c6c206c696d69742074686520616d6f756e74206f66
-2073797374656d207265736f75726365732074686174>102 683.4 R F2
-<73656e646d61696c>3.129 E F1 .629
-<77696c6c2075736520647572696e672071756575652072756e732e>3.129 F<4e65>102
-695.4 Q -.15<7665>-.25 G 2.5<7273>.15 G
-<6574207468697320686967686572207468616e20342e>-2.5 E<546865>127 711.6 Q
-F0<436f6e6e656374696f6e436163686554>2.74 E<696d656f7574>-.18 E F1<28>
-2.741 E F0<4b>A F1 2.741<296f>C .241<7074696f6e2073706563698c6573207468
-65206d6178696d756d2074696d65207468617420616e>-2.741 F 2.741<7963>-.15 G
-.241<616368656420636f6e2d>-2.741 F .9
-<6e656374696f6e2077696c6c206265207065726d697474656420746f2069646c652e>
-102 723.6 R .899<5768656e207468652069646c652074696d652065>5.9 F .899
-<78636565647320746869732076>-.15 F .899
-<616c75652074686520636f6e6e656374696f6e20697320636c6f7365642e>-.25 F 0
-Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-35)195.86 E/F1 10/Times-Roman@0 SF(Insuf)117 96 Q
+(\214cientEntrop)-.25 E(y)-.1 E -.35(Tr)153 108 S 3.213(yt).35 G 3.213
+(ou)-3.213 G .713(se ST)-3.213 F(AR)-.93 E .713(TTLS e)-.6 F -.15(ve)
+-.25 G 3.213(ni).15 G 3.213(ft)-3.213 G .713
+(he PRNG for OpenSSL is not properly seeded despite)-3.213 F
+(the security problems.)153 120 Q(Link)117 136.2 Q
+(edAliasFileInWritableDir)-.1 E(Allo)153 148.2 Q 2.5(wa)-.25 G 2.5(na)
+-2.5 G(lias \214le that is a link in a writable directory)-2.5 E(.)-.65
+E(Link)117 164.4 Q(edClassFileInWritableDir)-.1 E(Allo)153 176.4 Q 2.5
+(wc)-.25 G(lass \214les that are links in writable directories.)-2.5 E
+(Link)117 192.6 Q(edF)-.1 E(orw)-.15 E(ardFileInWritableDir)-.1 E(Allo)
+153 204.6 Q(w)-.25 E/F2 10/Times-Italic@0 SF(.forwar)2.5 E(d)-.37 E F1
+(\214les that are links in writable directories.)2.5 E(Link)117 220.8 Q
+(edIncludeFileInWritableDir)-.1 E(Allo)153 232.8 Q(w)-.25 E F2
+(:include:)2.5 E F1(\214les that are links in writable directories.)2.5
+E(Link)117 249 Q(edMapInWritableDir)-.1 E(Allo)153 261 Q 2.684(wm)-.25 G
+.184(ap \214les that are links in writable directories.)-2.684 F .185
+(This includes alias database \214les.)5.185 F(Link)117 277.2 Q
+(edServiceSwitchFileInWritableDir)-.1 E(Allo)153 289.2 Q 2.5(wt)-.25 G
+(he service switch \214le to be a link e)-2.5 E -.15(ve)-.25 G 2.5(ni)
+.15 G 2.5(ft)-2.5 G(he directory is writable.)-2.5 E(MapInUnsafeDirP)117
+305.4 Q(ath)-.15 E(Allo)153 317.4 Q 2.97(wm)-.25 G .47(aps \(e.g.,)-2.97
+F F2(hash)2.97 E F1(,)A F2(btr)2.97 E(ee)-.37 E F1 2.97(,a)C(nd)-2.97 E
+F2(dbm)2.97 E F1 .47(\214les\) in unsafe directories.)2.97 F .47
+(This includes alias)5.47 F(database \214les.)153 329.4 Q
+(NonRootSafeAddr)117 345.6 Q .484(Do not mark \214le and program deli)
+153 357.6 R -.15(ve)-.25 G .485
+(ries as unsafe if sendmail is not running with root).15 F(pri)153 369.6
+Q(vile)-.25 E(ges.)-.15 E(RunProgramInUnsafeDirP)117 385.8 Q(ath)-.15 E
+(Run programs that are in writable directories without logging a w)153
+397.8 Q(arning.)-.1 E(RunWritableProgram)117 414 Q
+(Run programs that are group- or w)153 426 Q
+(orld-writable without logging a w)-.1 E(arning.)-.1 E -.35(Tr)117 442.2
+S(ustStick).35 E(yBit)-.15 E(Allo)153 454.2 Q 3.406(wg)-.25 G .906
+(roup or w)-3.406 F .905(orld writable directories if the stick)-.1 F
+3.405(yb)-.15 G .905(it is set on the directory)-3.405 F 5.905(.D)-.65 G
+(o)-5.905 E(not set this on systems which do not honor the stick)153
+466.2 Q 2.5(yb)-.15 G(it on directories.)-2.5 E -.8(Wo)117 482.4 S
+(rldWritableAliasFile).8 E(Accept w)153 494.4 Q
+(orld-writable alias \214les.)-.1 E -.8(Wo)117 510.6 S(rldWritableF).8 E
+(orw)-.15 E(ard\214le)-.1 E(Allo)153 522.6 Q 2.5(ww)-.25 G
+(orld writable)-2.6 E F2(.forwar)2.5 E(d)-.37 E F1(\214les.)2.5 E -.8
+(Wo)117 538.8 S(rldWritableInclude\214le).8 E(Allo)153 550.8 Q 2.5(ww)
+-.25 G(orld writable)-2.6 E F2(:include:)2.5 E F1(\214les.)2.5 E
+(WriteMapT)117 567 Q(oHardLink)-.8 E(Allo)153 579 Q 2.5(ww)-.25 G
+(rites to maps that are hard links.)-2.5 E(WriteMapT)117 595.2 Q
+(oSymLink)-.8 E(Allo)153 607.2 Q 2.5(ww)-.25 G
+(rites to maps that are symbolic links.)-2.5 E(WriteStatsT)117 623.4 Q
+(oHardLink)-.8 E(Allo)153 635.4 Q 2.5(wt)-.25 G
+(he status \214le to be a hard link.)-2.5 E(WriteStatsT)117 651.6 Q
+(oSymLink)-.8 E(Allo)153 663.6 Q 2.5(wt)-.25 G
+(he status \214le to be a symbolic link.)-2.5 E F0 2.5(4.10. Connection)
+87 687.6 R(Caching)2.5 E F1 .642(When processing the queue,)127 703.8 R
+F2(sendmail)3.142 E F1 .642(will try to k)3.142 F .642(eep the last fe)
+-.1 F 3.142(wo)-.25 G .642(pen connections open to)-3.142 F -.2(avo)102
+715.8 S(id startup and shutdo).2 E(wn costs.)-.25 E
+(This only applies to IPC and LPC connections.)5 E 0 Cg EP
%%Page: 36 32
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d33362053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .34<54686973206e756d6265722073686f756c6420626520
-736d616c6c2028756e6465722074656e206d696e757465732920746f20707265>102 96
-R -.15<7665>-.25 G .34
-<6e7420796f752066726f6d206772616262696e6720746f6f206d616e>.15 F 2.84
-<7972>-.15 G<65736f7572636573>-2.84 E
-<66726f6d206f7468657220686f7374732e>102 108 Q<54686520646566>5 E
-<61756c74206973208c76>-.1 E 2.5<656d>-.15 G<696e757465732e>-2.5 E F0 2.5
-<342e31312e204e616d65>87 132 R<536572>2.5 E -.1<7665>-.1 G 2.5<7241>.1 G
-<6363657373>-2.5 E F1 .104<436f6e74726f6c206f6620686f737420616464726573
-73206c6f6f6b7570732069732073657420627920746865>127 148.2 R F0
-<686f737473>2.604 E F1 .103<7365727669636520656e74727920696e20796f757220
-7365727669636520737769746368208c6c652e>2.603 F<4966>5.103 E .99
-<796f7520617265206f6e20612073797374656d2074686174206861732062>102 160.2
-R .99<75696c742d696e20736572766963652073776974636820737570706f7274202865
-2e672e2c20556c747269782c20536f6c617269732c206f7220444543204f53462f3129>
--.2 F .336<7468656e20796f75722073797374656d2069732070726f6261626c792063
-6f6e8c67757265642070726f7065726c7920616c7265616479>102 172.2 R 5.335
-<2e4f>-.65 G<74686572776973652c>-5.335 E/F2 10/Times-Italic@0 SF
-<73656e646d61696c>2.835 E F1 .335
-<77696c6c20636f6e73756c7420746865208c6c65>2.835 F F0
-<2f6574632f6d61696c2f736572>102 184.2 Q<766963652e737769746368>-.1 E F1
-4.901<2c77>C 2.402<686963682073686f756c6420626520637265617465642e>-4.901
-F F2<53656e646d61696c>7.402 E F1 2.402<6f6e6c792075736573207477>4.902 F
-4.902<6f65>-.1 G<6e74726965733a>-4.902 E F0<686f737473>4.902 E F1
-<616e64>4.902 E F0<616c6961736573>102 196.2 Q F1 2.746<2c61>C .246<6c74
-686f7567682073797374656d20726f7574696e6573206d617920757365206f7468657220
-736572766963657320286e6f7461626c7920746865>-2.746 F F0<706173737764>
-2.746 E F1 .245<7365727669636520666f722075736572206e616d65>2.745 F
-<6c6f6f6b757073206279>102 208.2 Q F2 -.1<6765>2.5 G<7470776e616d65>.1 E
-F1<292e>A<486f>127 224.4 Q<7765>-.25 E -.15<7665>-.25 G 1.51 -.4
-<722c2073>.15 H .711<6f6d652073797374656d732028737563682061732053756e4f
-5320342e58292077696c6c20646f20444e53206c6f6f6b757073207265>.4 F -.05
-<6761>-.15 G .711<72646c657373206f66207468652073657474696e67>.05 F 1.029
-<6f662074686520736572766963652073776974636820656e747279>102 236.4 R
-6.029<2e49>-.65 G 3.529<6e70>-6.029 G<6172746963756c6172>-3.529 E 3.529
-<2c74>-.4 G 1.029<68652073797374656d20726f7574696e65>-3.529 F F2 -.1
-<6765>3.529 G<74686f737462796e616d65>.1 E F1 1.028
-<283329206973207573656420746f206c6f6f6b207570>B 1.868
-<686f7374206e616d65732c20616e64206d616e>102 248.4 R 4.368<7976>-.15 G
-1.868<656e646f722076>-4.518 F 1.869<657273696f6e732074727920736f6d652063
-6f6d62696e6174696f6e206f6620444e532c204e49532c20616e64208c6c65206c6f6f6b
-757020696e>-.15 F 1.731<2f6574632f686f73747320776974686f757420636f6e7375
-6c74696e6720612073657276696365207377697463682e>102 260.4 R F2
-<53656e646d61696c>6.731 E F1<6d616b>4.231 E 1.731
-<6573206e6f20617474656d707420746f2077>-.1 F 1.73
-<6f726b2061726f756e642074686973>-.1 F .367<70726f626c656d2c20616e642074
-686520444e53206c6f6f6b75702077696c6c20626520646f6e6520616e>102 272.4 R
-<7977>-.15 E<6179>-.1 E 5.368<2e49>-.65 G 2.868<6679>-5.368 G .368
-<6f7520646f206e6f74206861>-2.868 F .668 -.15<76652061206e>-.2 H
-<616d6573657276>.15 E .368<657220636f6e8c6775726564206174>-.15 F .464
-<616c6c2c2073756368206173206174206120555543502d6f6e6c7920736974652c>102
-284.4 R F2<73656e646d61696c>2.964 E F1 .464<77696c6c2067657420612099636f
-6e6e656374696f6e20726566757365649a206d657373616765207768656e206974207472
-69657320746f>2.964 F .423
-<636f6e6e65637420746f20746865206e616d652073657276>102 296.4 R<6572>-.15
-E 5.423<2e49>-.55 G 2.923<6674>-5.423 G<6865>-2.923 E F0<686f737473>
-2.923 E F1 .424<73776974636820656e74727920686173207468652073657276696365
-2099646e739a206c697374656420736f6d65>2.923 F .424
-<776865726520696e20746865>-.25 F<6c6973742c>102 308.4 Q F2
-<73656e646d61696c>3.313 E F1 .813<77696c6c20696e746572707265742074686973
-20746f206d65616e20612074656d706f726172792066>3.313 F .813<61696c75726520
-616e642077696c6c20717565756520746865206d61696c20666f72206c61746572207072
-6f2d>-.1 F<63657373696e673b206f74686572776973652c2069742069676e6f726573
-20746865206e616d652073657276>102 320.4 Q<657220646174612e>-.15 E .672<54
-68652073616d6520746563686e69717565206973207573656420746f2064656369646520
-7768657468657220746f20646f204d58206c6f6f6b7570732e>127 336.6 R .673
-<496620796f752077>5.673 F .673<616e74204d5820737570706f72742c>-.1 F
-<796f75>102 348.6 Q F2<6d757374>2.5 E F1<6861>2.5 E .3 -.15<76652099>-.2
-H<646e739a206c69737465642061732061207365727669636520696e20746865>.15 E
-F0<686f737473>2.5 E F1<73776974636820656e747279>2.5 E<2e>-.65 E<546865>
-127 364.8 Q F0<5265736f6c76>3.87 E<65724f7074696f6e73>-.1 E F1<28>3.87 E
-F0<49>A F1 3.869<296f>C 1.369<7074696f6e20616c6c6f>-3.869 F 1.369
-<777320796f7520746f20747765616b206e616d652073657276>-.25 F 1.369
-<6572206f7074696f6e732e>-.15 F 1.369<54686520636f6d6d616e64>6.369 F .892
-<6c696e652074616b>102 376.8 R .892<6573206120736572696573206f66208d6167
-7320617320646f63756d656e74656420696e>-.1 F F2 -.37<7265>3.392 G
-<736f6c766572>.37 E F1 .892<28332920287769746820746865206c656164696e6720
-995245535f9a2064656c65746564292e>B<45616368>5.892 E<63616e20626520707265
-636564656420627920616e206f7074696f6e616c20602b27206f722060>102 388.8 Q
-/F3 10/Symbol SF<2d>A F1 2.5<272e2046>B<6f722065>-.15 E
-<78616d706c652c20746865206c696e65>-.15 E 2.5<4f52>142 405 S<65736f6c76>
--2.5 E<65724f7074696f6e733d2b4141>-.15 E<4f4e4c>-.55 E<59>-1 E F3<2d>2.5
-E F1<444e53524348>A .862<7475726e73206f6e20746865204141>102 421.2 R
-<4f4e4c>-.55 E 3.362<5928>-1 G .862
-<61636365707420617574686f726974617469>-3.362 F 1.162 -.15<76652061>-.25
-H .861<6e7377657273206f6e6c792920616e64207475726e73206f66>.15 F 3.361
-<6674>-.25 G .861<686520444e53524348202873656172636820746865>-3.361 F
-2.039<646f6d61696e207061746829206f7074696f6e732e>102 433.2 R 2.039
-<4d6f7374207265736f6c76>7.039 F 2.039<6572206c696272617269657320646566>
--.15 F 2.039<61756c7420444e535243482c204445464e>-.1 F 2.039
-<414d45532c20616e642052454355525345>-.35 F .394
-<8d616773206f6e20616e6420616c6c206f7468657273206f66>102 445.2 R 2.894
-<662e204966>-.25 F .394<4e4554494e45543620697320656e61626c65642c206d6f73
-74206c696272617269657320646566>2.894 F .393
-<61756c7420746f205553455f494e4554362061732077656c6c2e>-.1 F -1.1<596f>
-102 457.2 S 3.748<7563>1.1 G 1.248
-<616e20616c736f20696e636c756465209948617357>-3.748 F 1.249<696c64636172
-644d589a20746f2073706563696679207468617420746865726520697320612077696c64
-63617264204d58207265636f7264206d61746368696e67>-.4 F .225
-<796f757220646f6d61696e3b2074686973207475726e73206f66>102 469.2 R 2.724
-<664d>-.25 G 2.724<586d>-2.724 G .224<61746368696e67207768656e2063616e6f
-6e696679696e67206e616d65732c2077686963682063616e206c65616420746f20696e61
-7070726f707269617465>-2.724 F 5.248
-<63616e6f6e698c636174696f6e732e20557365>102 481.2 R<9957>5.249 E
-<6f726b41726f756e6442726f6b>-.8 E 2.749<656e414141419a207768656e2066>-.1
-F 2.749<61636564207769746820612062726f6b>-.1 F 2.749
-<656e206e616d6573657276>-.1 F 2.749<65722074686174>-.15 F .565
-<72657475726e7320534552>102 493.2 R<5646>-.8 E .565
-<41494c2028612074656d706f726172792066>-.74 F .564<61696c75726529206f6e20
-545f4141414120284950763629206c6f6f6b75707320647572696e6720686f73746e616d
-652063616e6f6e698c63612d>-.1 F 2.5<74696f6e2e204e6f746963653a>102 505.2
-R<6974206d69676874206265206e656365737361727920746f206170706c792074686520
-73616d6520286f722073696d696c617229206f7074696f6e7320746f>2.5 E F2
-<7375626d69742e6366>2.5 E F1<746f6f2e>2.5 E -1.11<5665>127 521.4 S 1.732
-<7273696f6e206c65>1.11 F -.15<7665>-.25 G 4.232<6c3163>.15 G 1.733<6f6e
-8c6775726174696f6e732028736565207468652073656374696f6e2061626f75742060>
--4.232 F 1.733<60436f6e8c6775726174696f6e2056>-.74 F 1.733
-<657273696f6e204c65>-1.11 F -.15<7665>-.25 G<6c27>.15 E 1.733
-<2729207475726e>-.74 F .843<444e5352434820616e64204445464e>102 533.4 R
-.843<414d4553206f66>-.35 F 3.343<6677>-.25 G .842
-<68656e20646f696e672064656c69>-3.343 F -.15<7665>-.25 G .842
-<7279206c6f6f6b7570732c2062>.15 F .842<7574206c6561>-.2 F 1.142 -.15
-<76652074>-.2 H .842<68656d206f6e2065>.15 F -.15<7665>-.25 G .842
-<7279776865726520656c73652e>.15 F -1.11<5665>102 545.4 S 1.042
-<7273696f6e2038206f66>1.11 F F2<73656e646d61696c>3.542 E F1 1.043<69676e
-6f726573207468656d207768656e20646f696e672063616e6f6e698c636174696f6e206c
-6f6f6b7570732028746861742069732c207768656e207573696e6720245b202e2e2e>
-3.542 F .392<245d292c20616e6420616c>102 557.4 R -.1<7761>-.1 G .392
-<797320646f657320746865207365617263682e>.1 F .392
-<496620796f7520646f6e27>5.392 F 2.892<7477>-.18 G .392
-<616e7420746f20646f206175746f6d61746963206e616d652065>-2.992 F .391
-<7874656e73696f6e2c20646f6e27>-.15 F 2.891<7463>-.18 G .391
-<616c6c20245b202e2e2e>-2.891 F<245d2e>102 569.4 Q .485<5468652073656172
-63682072756c657320666f7220245b202e2e2e20245d2061726520736f6d65>127 585.6
-R .485<7768617420646966>-.25 F .485
-<666572656e74207468616e20757375616c2e>-.25 F .486
-<496620746865206e616d65206265696e67206c6f6f6b>5.485 F .486<6564207570>
--.1 F .11<686173206174206c65617374206f6e6520646f742c20697420616c>102
-597.6 R -.1<7761>-.1 G .11
-<79732074726965732074686520756e6d6f64698c6564206e616d65208c7273742e>.1 F
-.109<496620746861742066>5.109 F .109
-<61696c732c20697420747269657320746865207265647563656420736561726368>-.1
-F .124<706174682c20616e64206c6173746c792074726965732074686520756e6d6f64
-698c6564206e616d65202862>102 609.6 R .124<7574206f6e6c7920666f72206e616d
-657320776974686f7574206120646f742c2073696e6365206e616d657320776974682061
-20646f74>-.2 F<6861>102 621.6 Q .789 -.15<76652061>-.2 H .489
-<6c7265616479206265656e207472696564292e>.15 F .489<5468697320616c6c6f>
-5.489 F .489<7773206e616d657320737563682061732060>-.25 F
-<607574632e435327>-.74 E 2.989<2774>-.74 G 2.988<6f6d>-2.989 G .488
-<6174636820746865207369746520696e20437a6563686f736c6f>-2.988 F -.25
-<7661>-.15 G<6b6961>.25 E 1.587<726174686572207468616e207468652073697465
-20696e20796f7572206c6f63616c20436f6d707574657220536369656e63652064657061
-72746d656e742e>102 633.6 R 1.588
-<497420616c736f2070726566657273204120616e6420434e>6.587 F<414d45>-.35 E
-.513<7265636f726473206f>102 645.6 R -.15<7665>-.15 G 3.013<724d>.15 G
-3.013<5872>-3.013 G .513<65636f726473208a20746861742069732c206966206974
-208c6e647320616e204d58207265636f7264206974206d616b>-3.013 F .512
-<6573206e6f7465206f662069742c2062>-.1 F .512<7574206b>-.2 F .512
-<65657073206c6f6f6b696e672e>-.1 F 1.541<546869732077>102 657.6 R<6179>
--.1 E 4.041<2c69>-.65 G 4.041<6679>-4.041 G 1.541<6f75206861>-4.041 F
-1.841 -.15<766520612077>-.2 H 1.541<696c6463617264204d58207265636f726420
-6d61746368696e6720796f757220646f6d61696e2c2069742077696c6c206e6f74206173
-73756d65207468617420616c6c>.15 F<6e616d6573206d617463682e>102 669.6 Q
-3.454 -.8<546f2063>127 685.8 T 1.853<6f6d706c6574656c79207475726e206f66>
-.8 F 4.353<6661>-.25 G 1.853<6c6c206e616d652073657276>-4.353 F 1.853<65
-7220616363657373206f6e2073797374656d7320776974686f7574207365727669636520
-73776974636820737570706f7274>-.15 F .941
-<28737563682061732053756e4f5320342e582920796f752077696c6c206861>102
-697.8 R 1.242 -.15<76652074>-.2 H 3.442<6f72>.15 G .942
-<65636f6d70696c65207769746820ad444e>-3.442 F .942
-<414d45445f42494e443d3020616e642072656d6f>-.35 F 1.242 -.15<766520ad>
--.15 H<6c7265736f6c76>.15 E<66726f6d20746865206c697374206f66206c69627261
-7269657320746f206265207365617263686564207768656e206c696e6b696e672e>102
-709.8 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-36 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .286
+(When trying to open a connection the cache is \214rst searched.)127 96
+R .286(If an open connection is found,)5.286 F 1.033
+(it is probed to see if it is still acti)102 108 R 1.333 -.15(ve b)-.25
+H 3.533(ys).15 G 1.033(ending a)-3.533 F/F2 9/Times-Roman@0 SF(RSET)
+3.533 E F1 3.534(command. It)3.534 F 1.034(is not an error if this f)
+3.534 F(ails;)-.1 E(instead, the connection is closed and reopened.)102
+120 Q -1 -.8(Tw o)127 136.2 T .408
+(parameters control the connection cache.)3.708 F(The)5.408 E F0
+(ConnectionCacheSize)2.908 E F1(\()2.908 E F0(k)A F1 2.908(\)o)C .408
+(ption de\214nes)-2.908 F .145
+(the number of simultaneous open connections that will be permitted.)102
+148.2 R .145(If it is set to zero, connections)5.145 F .213
+(will be closed as quickly as possible.)102 160.2 R .212(The def)5.212 F
+.212(ault is one.)-.1 F .212(This should be set as appropriate for your)
+5.212 F .629
+(system size; it will limit the amount of system resources that)102
+172.2 R/F3 10/Times-Italic@0 SF(sendmail)3.13 E F1 .63
+(will use during queue runs.)3.13 F(Ne)102 184.2 Q -.15(ve)-.25 G 2.5
+(rs).15 G(et this higher than 4.)-2.5 E(The)127 200.4 Q F0
+(ConnectionCacheT)2.741 E(imeout)-.18 E F1(\()2.741 E F0(K)A F1 2.741
+(\)o)C .241(ption speci\214es the maximum time that an)-2.741 F 2.741
+(yc)-.15 G .24(ached con-)-2.741 F .899
+(nection will be permitted to idle.)102 212.4 R .899
+(When the idle time e)5.899 F .9(xceeds this v)-.15 F .9
+(alue the connection is closed.)-.25 F .34
+(This number should be small \(under ten minutes\) to pre)102 224.4 R
+-.15(ve)-.25 G .34(nt you from grabbing too man).15 F 2.84(yr)-.15 G
+(esources)-2.84 E(from other hosts.)102 236.4 Q(The def)5 E
+(ault is \214v)-.1 E 2.5(em)-.15 G(inutes.)-2.5 E F0 2.5(4.11. Name)87
+260.4 R(Ser)2.5 E -.1(ve)-.1 G 2.5(rA).1 G(ccess)-2.5 E F1 .103
+(Control of host address lookups is set by the)127 276.6 R F0(hosts)
+2.604 E F1 .104(service entry in your service switch \214le.)2.604 F(If)
+5.104 E .99(you are on a system that has b)102 288.6 R .99
+(uilt-in service switch support \(e.g., Ultrix, Solaris, or DEC OSF/1\))
+-.2 F .335(then your system is probably con\214gured properly already)
+102 300.6 R 5.335(.O)-.65 G(therwise,)-5.335 E F3(sendmail)2.836 E F1
+.336(will consult the \214le)2.836 F F0(/etc/mail/ser)102 312.6 Q
+(vice.switch)-.1 E F1 4.902(,w)C 2.402(hich should be created.)-4.902 F
+F3(Sendmail)7.402 E F1 2.402(only uses tw)4.902 F 4.902(oe)-.1 G
+(ntries:)-4.902 E F0(hosts)4.901 E F1(and)4.901 E F0(aliases)102 324.6 Q
+F1 2.745(,a)C .246
+(lthough system routines may use other services \(notably the)-2.745 F
+F0(passwd)2.746 E F1 .246(service for user name)2.746 F(lookups by)102
+336.6 Q F3 -.1(ge)2.5 G(tpwname).1 E F1(\).)A(Ho)127 352.8 Q(we)-.25 E
+-.15(ve)-.25 G 1.511 -.4(r, s).15 H .711
+(ome systems \(such as SunOS 4.X\) will do DNS lookups re).4 F -.05(ga)
+-.15 G .71(rdless of the setting).05 F 1.028
+(of the service switch entry)102 364.8 R 6.028(.I)-.65 G 3.529(np)-6.028
+G(articular)-3.529 E 3.529(,t)-.4 G 1.029(he system routine)-3.529 F F3
+-.1(ge)3.529 G(thostbyname).1 E F1 1.029(\(3\) is used to look up)B
+1.869(host names, and man)102 376.8 R 4.369(yv)-.15 G 1.869(endor v)
+-4.519 F 1.869
+(ersions try some combination of DNS, NIS, and \214le lookup in)-.15 F
+1.73(/etc/hosts without consulting a service switch.)102 388.8 R F3
+(Sendmail)6.731 E F1(mak)4.231 E 1.731(es no attempt to w)-.1 F 1.731
+(ork around this)-.1 F .368(problem, and the DNS lookup will be done an)
+102 400.8 R(yw)-.15 E(ay)-.1 E 5.368(.I)-.65 G 2.868(fy)-5.368 G .367
+(ou do not ha)-2.868 F .667 -.15(ve a n)-.2 H(ameserv).15 E .367
+(er con\214gured at)-.15 F .464(all, such as at a UUCP-only site,)102
+412.8 R F3(sendmail)2.964 E F1 .464
+(will get a \231connection refused\232 message when it tries to)2.964 F
+.424(connect to the name serv)102 424.8 R(er)-.15 E 5.424(.I)-.55 G
+2.924(ft)-5.424 G(he)-2.924 E F0(hosts)2.924 E F1 .423
+(switch entry has the service \231dns\232 listed some)2.924 F .423
+(where in the)-.25 F(list,)102 436.8 Q F3(sendmail)3.312 E F1 .813
+(will interpret this to mean a temporary f)3.313 F .813
+(ailure and will queue the mail for later pro-)-.1 F
+(cessing; otherwise, it ignores the name serv)102 448.8 Q(er data.)-.15
+E .673(The same technique is used to decide whether to do MX lookups.)
+127 465 R .672(If you w)5.672 F .672(ant MX support,)-.1 F(you)102 477 Q
+F3(must)2.5 E F1(ha)2.5 E .3 -.15(ve \231)-.2 H
+(dns\232 listed as a service in the).15 E F0(hosts)2.5 E F1
+(switch entry)2.5 E(.)-.65 E(The)127 493.2 Q F0(Resolv)3.869 E
+(erOptions)-.1 E F1(\()3.869 E F0(I)A F1 3.869(\)o)C 1.369(ption allo)
+-3.869 F 1.369(ws you to tweak name serv)-.25 F 1.369(er options.)-.15 F
+1.37(The command)6.37 F .892(line tak)102 505.2 R .892
+(es a series of \215ags as documented in)-.1 F F3 -.37(re)3.392 G
+(solver).37 E F1 .892(\(3\) \(with the leading \231RES_\232 deleted\).)B
+(Each)5.892 E(can be preceded by an optional `+' or `)102 517.2 Q/F4 10
+/Symbol SF(-)A F1 2.5('. F)B(or e)-.15 E(xample, the line)-.15 E 2.5(OR)
+142 533.4 S(esolv)-2.5 E(erOptions=+AA)-.15 E(ONL)-.55 E(Y)-1 E F4(-)2.5
+E F1(DNSRCH)A .861(turns on the AA)102 549.6 R(ONL)-.55 E 3.361(Y\()-1 G
+.861(accept authoritati)-3.361 F 1.161 -.15(ve a)-.25 H .861
+(nswers only\) and turns of).15 F 3.362(ft)-.25 G .862
+(he DNSRCH \(search the)-3.362 F 2.039(domain path\) options.)102 561.6
+R 2.039(Most resolv)7.039 F 2.039(er libraries def)-.15 F 2.039
+(ault DNSRCH, DEFN)-.1 F 2.039(AMES, and RECURSE)-.35 F .393
+(\215ags on and all others of)102 573.6 R 2.894(f. If)-.25 F .394
+(NETINET6 is enabled, most libraries def)2.894 F .394
+(ault to USE_INET6 as well.)-.1 F -1.1(Yo)102 585.6 S 3.749(uc)1.1 G
+1.249(an also include \231HasW)-3.749 F 1.248
+(ildcardMX\232 to specify that there is a wildcard MX record matching)
+-.4 F .224(your domain; this turns of)102 597.6 R 2.724(fM)-.25 G 2.724
+(Xm)-2.724 G .224
+(atching when canonifying names, which can lead to inappropriate)-2.724
+F 5.249(canoni\214cations. Use)102 609.6 R<9957>5.249 E(orkAroundBrok)
+-.8 E 2.749(enAAAA\232 when f)-.1 F 2.749(aced with a brok)-.1 F 2.749
+(en nameserv)-.1 F 2.748(er that)-.15 F .564(returns SER)102 621.6 R(VF)
+-.8 E .564(AIL \(a temporary f)-.74 F .565
+(ailure\) on T_AAAA \(IPv6\) lookups during hostname canoni\214ca-)-.1 F
+2.5(tion. Notice:)102 633.6 R
+(it might be necessary to apply the same \(or similar\) options to)2.5 E
+F3(submit.cf)2.5 E F1(too.)2.5 E -1.11(Ve)127 649.8 S 1.733(rsion le)
+1.11 F -.15(ve)-.25 G 4.233(l1c).15 G 1.733
+(on\214gurations \(see the section about `)-4.233 F 1.732
+(`Con\214guration V)-.74 F 1.732(ersion Le)-1.11 F -.15(ve)-.25 G(l').15
+E 1.732('\) turn)-.74 F .842(DNSRCH and DEFN)102 661.8 R .842(AMES of)
+-.35 F 3.342(fw)-.25 G .842(hen doing deli)-3.342 F -.15(ve)-.25 G .842
+(ry lookups, b).15 F .842(ut lea)-.2 F 1.143 -.15(ve t)-.2 H .843
+(hem on e).15 F -.15(ve)-.25 G .843(rywhere else.).15 F -1.11(Ve)102
+673.8 S 1.043(rsion 8 of)1.11 F F3(sendmail)3.543 E F1 1.043(ignores th\
+em when doing canoni\214cation lookups \(that is, when using $[ ...)
+3.543 F .391($]\), and al)102 685.8 R -.1(wa)-.1 G .391
+(ys does the search.).1 F .392(If you don')5.391 F 2.892(tw)-.18 G .392
+(ant to do automatic name e)-2.992 F .392(xtension, don')-.15 F 2.892
+(tc)-.18 G .392(all $[ ...)-2.892 F($].)102 697.8 Q 0 Cg EP
%%Page: 37 33
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3337>195.86 E
-2.5<342e31322e204d6f>87 96 R<76696e67207468652050>-.1 E<6572>-.2 E
-<2d557365722046>-.37 E<6f72776172642046696c6573>-.25 E/F1 10
-/Times-Roman@0 SF .772
-<536f6d65207369746573206d6f756e742065616368207573657227>127 112.2 R
-3.272<7368>-.55 G .772<6f6d65206469726563746f72792066726f6d2061206c6f63
-616c206469736b206f6e2074686569722077>-3.272 F .772
-<6f726b73746174696f6e2c20736f2074686174>-.1 F .614
-<6c6f63616c206163636573732069732066>102 124.2 R 3.114<6173742e20486f>-.1
-F<7765>-.25 E -.15<7665>-.25 G 1.414 -.4<722c2074>.15 H .614
-<686520726573756c742069732074686174202e666f7277>.4 F .614<617264208c6c65
-206c6f6f6b7570732066726f6d20612063656e7472616c206d61696c2073657276>-.1 F
-.615<657220617265>-.15 F<736c6f>102 136.2 Q 5.534 -.65<772e2049>-.25 H
-4.234<6e73>.65 G 1.734<6f6d652063617365732c206d61696c2063616e2065>-4.234
-F -.15<7665>-.25 G 4.234<6e62>.15 G 4.234<6564>-4.234 G<656c69>-4.234 E
--.15<7665>-.25 G 1.734<726564206f6e206d616368696e657320696e617070726f70
-72696174656c792062656361757365206f662061208c6c65>.15 F<73657276>102
-148.2 Q<6572206265696e6720646f>-.15 E 2.5<776e2e20546865>-.25 F<70657266
-6f726d616e63652063616e20626520657370656369616c6c792062616420696620796f75
-2072756e20746865206175746f6d6f756e746572>2.5 E<2e>-.55 E<546865>127
-164.4 Q F0 -.25<466f>2.743 G<727761726450>.25 E<617468>-.1 E F1<28>2.743
-E F0<4a>A F1 2.743<296f>C .243<7074696f6e20616c6c6f>-2.743 F .243
-<777320796f7520746f2073657420612070617468206f6620666f7277>-.25 F .243
-<617264208c6c65732e>-.1 F -.15<466f>5.243 G 2.743<7265>.15 G .244
-<78616d706c652c2074686520636f6e2d>-2.893 F<8c67208c6c65206c696e65>102
-176.4 Q 2.5<4f46>142 192.6 S<6f7277>-2.65 E<61726450>-.1 E<6174683d2f76>
--.15 E<61722f666f7277>-.25 E<6172642f24753a247a2f2e666f7277>-.1 E
-<6172642e2477>-.1 E -.1<776f>102 208.8 S .208<756c64208c727374206c6f6f6b
-20666f722061208c6c652077697468207468652073616d65206e616d6520617320746865
-207573657227>.1 F 2.707<736c>-.55 G .207<6f67696e20696e202f76>-2.707 F
-<61722f666f7277>-.25 E .207
-<6172643b2069662074686174206973206e6f7420666f756e64>-.1 F 1.17
-<286f7220697320696e61636365737369626c652920746865208c6c652060>102 220.8
-R<602e666f7277>-.74 E<6172642e>-.1 E/F2 10/Times-Italic@0 SF<6d6163>A
-<68696e656e616d65>-.15 E F1 2.651 -.74<27272069>D 3.671<6e74>.74 G 1.171
-<6865207573657227>-3.671 F 3.671<7368>-.55 G 1.171
-<6f6d65206469726563746f72792069732073656172636865642e>-3.671 F<41>6.171
-E<7472756c792070657276>102 232.8 Q<65727365207369746520636f756c6420616c
-736f207365617263682062792073656e646572206279207573696e67202472>-.15 E
-2.5<2c24>-.4 G<732c206f722024662e>-2.5 E .69<496620796f7520637265617465
-2061206469726563746f72792073756368206173202f76>127 249 R<61722f666f7277>
--.25 E .69<6172642c2069742073686f756c64206265206d6f64652031373737202874
-6861742069732c2074686520737469636b>-.1 F 3.19<7962>-.15 G<6974>-3.19 E
-.108<73686f756c6420626520736574292e>102 261 R .109<55736572732073686f75
-6c642063726561746520746865208c6c6573206d6f646520303634342e>5.108 F .109
-<4e6f7465207468617420796f75206d75737420757365207468652046>5.109 F
-<6f7277>-.15 E<61726446696c65496e2d>-.1 E<556e7361666544697250>102 273 Q
-.393<61746820616e642046>-.15 F<6f7277>-.15 E
-<61726446696c65496e556e7361666544697250>-.1 E .393
-<61746853616665208d616773207769746820746865>-.15 F F0
-<446f6e74426c616d6553656e646d61696c>2.892 E F1 .392<6f7074696f6e20746f>
-2.892 F<616c6c6f>102 285 Q 3.781<7766>-.25 G<6f7277>-3.781 E 1.281
-<617264208c6c657320696e20612077>-.1 F 1.281
-<6f726c64207772697461626c65206469726563746f7279>-.1 F 6.281<2e54>-.65 G
-1.281<686973206d6967687420616c736f206265207573656420617320612064656e6961
-6c206f662073657276696365>-6.281 F 2.352
-<61747461636b2028757365727320636f756c642063726561746520666f7277>102 297
-R 2.351<617264208c6c657320666f72206f74686572207573657273293b206120626574
-74657220617070726f616368206d6967687420626520746f20637265617465>-.1 F
-<2f76>102 309 Q<61722f666f7277>-.25 E 1.086<617264206d6f6465203037353520
-616e642063726561746520656d707479208c6c657320666f7220656163682075736572>
--.1 F 3.586<2c6f>-.4 G 1.086<776e656420627920746861742075736572>-3.836 F
-3.587<2c6d>-.4 G 1.087<6f646520303634342e>-3.587 F<4966>6.087 E
-<796f7520646f20746869732c20796f7520646f6e27>102 321 Q 2.5<7468>-.18 G
--2.25 -.2<61762065>-2.5 H<746f207365742074686520446f6e74426c616d6553656e
-646d61696c206f7074696f6e7320696e646963617465642061626f>2.7 E -.15<7665>
--.15 G<2e>.15 E F0 2.5<342e31332e204672>87 345 R<6565205370616365>-.18 E
-F1 1.406<4f6e2073797374656d732074686174206861>127 361.2 R 1.706 -.15
-<7665206f>-.2 H 1.405
-<6e65206f66207468652073797374656d2063616c6c7320696e20746865>.15 F F2
-<737461746673>3.905 E F1 1.405<2832292066>B 1.405
-<616d696c792028696e636c7564696e67>-.1 F F2<73746174766673>3.905 E F1
-<616e64>3.905 E F2<7573746174>102 373.2 Q F1 .839<292c20796f752063616e20
-737065636966792061206d696e696d756d206e756d626572206f66206672656520626c6f
-636b73206f6e20746865207175657565208c6c6573797374656d207573696e6720746865>
-B F0<4d696e2d>3.34 E<4672>102 385.2 Q<6565426c6f636b73>-.18 E F1<28>
-2.554 E F0<62>A F1 2.554<296f>C 2.553<7074696f6e2e204966>-2.554 F .053
-<746865726520617265206665>2.553 F .053<776572207468616e2074686520696e64
-696361746564206e756d626572206f6620626c6f636b732066726565206f6e2074686520
-8c6c6573797374656d>-.25 F 1.354<6f6e207768696368207468652071756575652069
-73206d6f756e7465642074686520534d54502073657276>102 397.2 R 1.355<657220
-77696c6c2072656a656374206d61696c20776974682074686520343532206572726f7220
-636f64652e>-.15 F<54686973>6.355 E<696e>102 409.2 Q
-<76697465732074686520534d545020636c69656e7420746f20747279206167>-.4 E
-<61696e206c61746572>-.05 E<2e>-.55 E<4265>127 425.4 Q -.1<7761>-.25 G
-.746<7265206f662073657474696e672074686973206f7074696f6e20746f6f20686967
-683b2069742063616e2063617573652072656a656374696f6e206f6620656d61696c2077
-68656e2074686174206d61696c2077>.1 F<6f756c64>-.1 E
-<62652070726f63657373656420776974686f757420646966>102 437.4 Q
-<8c63756c7479>-.25 E<2e>-.65 E F0 2.5<342e31342e204d6178696d756d>87
-461.4 R<4d6573736167652053697a65>2.5 E F1 2.077 -.8<546f2061>127 477.6 T
--.2<766f>.6 G .477<6964206f>.2 F -.15<7665>-.15 G<728d6f>.15 E .478
-<77696e6720796f75722073797374656d20776974682061206c6172>-.25 F .478
-<6765206d6573736167652c20746865>-.18 F F0<4d61784d65737361676553697a65>
-2.978 E F1 .478<6f7074696f6e2063616e206265>2.978 F .693<73657420746f2073
-657420616e206162736f6c757465206c696d6974206f6e207468652073697a65206f6620
-616e>102 489.6 R 3.193<796f>-.15 G .693<6e65206d6573736167652e>-3.193 F
-.692<546869732077696c6c20626520616476>5.692 F .692
-<6572746973656420696e207468652045534d5450>-.15 F
-<6469616c6f67756520616e6420636865636b>102 501.6 Q
-<656420647572696e67206d65737361676520636f6c6c656374696f6e2e>-.1 E F0 2.5
-<342e31352e20507269>87 525.6 R -.1<7661>-.1 G<637920466c616773>.1 E F1
-<546865>127 541.8 Q F0<507269>2.96 E -.1<7661>-.1 G<63794f7074696f6e73>
-.1 E F1<28>2.96 E F0<70>A F1 2.96<296f>C .46<7074696f6e20616c6c6f>-2.96
-F .46<777320796f7520746f20736574206365727461696e2060>-.25 F<60707269>
--.74 E -.25<7661>-.25 G -.15<6379>.25 G 1.94 -.74<2727208d>.15 H 2.96
-<6167732e2041637475616c6c79>.74 F 2.96<2c6d>-.65 G<616e>-2.96 E 2.96
-<796f>-.15 G<66>-2.96 E .534<7468656d20646f6e27>102 553.8 R 3.034<7467>
--.18 G -2.15 -.25<69762065>-3.034 H .534<796f7520616e>3.284 F 3.034
-<7965>-.15 G .534<7874726120707269>-3.184 F -.25<7661>-.25 G -.15<6379>
-.25 G 3.034<2c72>-.5 G .534<6174686572206a75737420696e73697374696e672074
-68617420636c69656e7420534d54502073657276>-3.034 F .533
-<65727320757365207468652048454c4f>-.15 F 2.87<636f6d6d616e64206265666f72
-65207573696e67206365727461696e20636f6d6d616e6473206f7220616464696e672065>
-102 565.8 R 2.87<78747261206865616465727320746f20696e64696361746520706f
-737369626c652073706f6f66>-.15 F<617474656d7074732e>102 577.8 Q .124
-<546865206f7074696f6e2074616b>127 594 R .124<6573206120736572696573206f
-66208d6167206e616d65733b20746865208c6e616c20707269>-.1 F -.25<7661>-.25
-G .424 -.15<63792069>.25 H 2.624<7374>.15 G .124<686520696e636c757369>
--2.624 F .424 -.15<7665206f>-.25 H 2.624<726f>.15 G 2.624<6674>-2.624 G
-.123<686f7365208d6167732e>-2.624 F -.15<466f>5.123 G<72>.15 E -.15<6578>
-102 606 S<616d706c653a>.15 E 2.5<4f50>142 622.2 S<7269>-2.5 E -.25<7661>
--.25 G -.15<6379>.25 G
-<4f7074696f6e733d6e6565646d61696c68656c6f2c206e6f65>.15 E<78706e>-.15 E
-.928<696e73697374732074686174207468652048454c4f206f722045484c4f20636f6d
-6d616e642062652075736564206265666f72652061204d41494c20636f6d6d616e642069
-7320616363657074656420616e64206469732d>102 638.4 R
-<61626c657320746865204558504e20636f6d6d616e642e>102 650.4 Q<546865208d61
-6773206172652064657461696c656420696e2073656374696f6e20352e362e>127 666.6
-Q F0 2.5<342e31362e2053656e64>87 690.6 R<746f204d652054>2.5 E<6f6f>-.92
-E F1<4265>127 706.8 Q 1.075<67696e6e696e6720776974682076>-.15 F 1.075
-<657273696f6e20382e31302c>-.15 F F2<73656e646d61696c>3.575 E F1 1.075
-<696e636c7564657320627920646566>3.575 F 1.075<61756c74207468652028656e>
--.1 F -.15<7665>-.4 G 1.074<6c6f7065292073656e64657220696e20616e>.15 F
-3.574<796c>-.15 G<697374>-3.574 E -.15<6578>102 718.8 S 3.464
-<70616e73696f6e732e2046>.15 F .964<6f722065>-.15 F .964<78616d706c652c20
-696620996d6174749a2073656e647320746f2061206c697374207468617420636f6e7461
-696e7320996d6174749a206173206f6e65206f6620746865206d656d62657273206865>
--.15 F 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-37)195.86 E/F1 10/Times-Roman@0 SF .486
+(The search rules for $[ ... $] are some)127 96 R .485(what dif)-.25 F
+.485(ferent than usual.)-.25 F .485(If the name being look)5.485 F .485
+(ed up)-.1 F .109(has at least one dot, it al)102 108 R -.1(wa)-.1 G
+.109(ys tries the unmodi\214ed name \214rst.).1 F .11(If that f)5.11 F
+.11(ails, it tries the reduced search)-.1 F .124
+(path, and lastly tries the unmodi\214ed name \(b)102 120 R .124
+(ut only for names without a dot, since names with a dot)-.2 F(ha)102
+132 Q .788 -.15(ve a)-.2 H .488(lready been tried\).).15 F .488
+(This allo)5.488 F .489(ws names such as `)-.25 F(`utc.CS')-.74 E 2.989
+('t)-.74 G 2.989(om)-2.989 G .489(atch the site in Czechoslo)-2.989 F
+-.25(va)-.15 G(kia).25 E 1.588
+(rather than the site in your local Computer Science department.)102 144
+R 1.587(It also prefers A and CN)6.587 F(AME)-.35 E .512(records o)102
+156 R -.15(ve)-.15 G 3.012(rM).15 G 3.012(Xr)-3.012 G .512
+(ecords \212 that is, if it \214nds an MX record it mak)-3.012 F .513
+(es note of it, b)-.1 F .513(ut k)-.2 F .513(eeps looking.)-.1 F 1.542
+(This w)102 168 R(ay)-.1 E 4.042(,i)-.65 G 4.042(fy)-4.042 G 1.541
+(ou ha)-4.042 F 1.841 -.15(ve a w)-.2 H 1.541
+(ildcard MX record matching your domain, it will not assume that all).15
+F(names match.)102 180 Q 3.453 -.8(To c)127 196.2 T 1.853
+(ompletely turn of).8 F 4.353(fa)-.25 G 1.853(ll name serv)-4.353 F
+1.853(er access on systems without service switch support)-.15 F .942
+(\(such as SunOS 4.X\) you will ha)102 208.2 R 1.242 -.15(ve t)-.2 H
+3.441(or).15 G .941(ecompile with \255DN)-3.441 F .941
+(AMED_BIND=0 and remo)-.35 F 1.241 -.15(ve \255)-.15 H(lresolv).15 E
+(from the list of libraries to be searched when linking.)102 220.2 Q F0
+2.5(4.12. Mo)87 244.2 R(ving the P)-.1 E(er)-.2 E(-User F)-.37 E
+(orward Files)-.25 E F1 .772(Some sites mount each user')127 260.4 R
+3.272(sh)-.55 G .772(ome directory from a local disk on their w)-3.272 F
+.772(orkstation, so that)-.1 F .615(local access is f)102 272.4 R 3.114
+(ast. Ho)-.1 F(we)-.25 E -.15(ve)-.25 G 1.414 -.4(r, t).15 H .614
+(he result is that .forw).4 F .614
+(ard \214le lookups from a central mail serv)-.1 F .614(er are)-.15 F
+(slo)102 284.4 Q 5.534 -.65(w. I)-.25 H 4.234(ns).65 G 1.734
+(ome cases, mail can e)-4.234 F -.15(ve)-.25 G 4.234(nb).15 G 4.234(ed)
+-4.234 G(eli)-4.234 E -.15(ve)-.25 G 1.734
+(red on machines inappropriately because of a \214le).15 F(serv)102
+296.4 Q(er being do)-.15 E 2.5(wn. The)-.25 F
+(performance can be especially bad if you run the automounter)2.5 E(.)
+-.55 E(The)127 312.6 Q F0 -.25(Fo)2.744 G(rwardP).25 E(ath)-.1 E F1(\()
+2.744 E F0(J)A F1 2.743(\)o)C .243(ption allo)-2.743 F .243
+(ws you to set a path of forw)-.25 F .243(ard \214les.)-.1 F -.15(Fo)
+5.243 G 2.743(re).15 G .243(xample, the con-)-2.893 F(\214g \214le line)
+102 324.6 Q 2.5(OF)142 340.8 S(orw)-2.65 E(ardP)-.1 E(ath=/v)-.15 E
+(ar/forw)-.25 E(ard/$u:$z/.forw)-.1 E(ard.$w)-.1 E -.1(wo)102 357 S .207
+(uld \214rst look for a \214le with the same name as the user').1 F
+2.708(sl)-.55 G .208(ogin in /v)-2.708 F(ar/forw)-.25 E .208
+(ard; if that is not found)-.1 F 1.171
+(\(or is inaccessible\) the \214le `)102 369 R(`.forw)-.74 E(ard.)-.1 E
+/F2 10/Times-Italic@0 SF(mac)A(hinename)-.15 E F1 2.651 -.74('' i)D
+3.671(nt).74 G 1.171(he user')-3.671 F 3.671(sh)-.55 G 1.17
+(ome directory is searched.)-3.671 F(A)6.17 E(truly perv)102 381 Q
+(erse site could also search by sender by using $r)-.15 E 2.5(,$)-.4 G
+(s, or $f.)-2.5 E .69(If you create a directory such as /v)127 397.2 R
+(ar/forw)-.25 E .69(ard, it should be mode 1777 \(that is, the stick)-.1
+F 3.19(yb)-.15 G(it)-3.19 E .109(should be set\).)102 409.2 R .109
+(Users should create the \214les mode 0644.)5.109 F .108
+(Note that you must use the F)5.109 F(orw)-.15 E(ardFileIn-)-.1 E
+(UnsafeDirP)102 421.2 Q .392(ath and F)-.15 F(orw)-.15 E
+(ardFileInUnsafeDirP)-.1 E .392(athSafe \215ags with the)-.15 F F0
+(DontBlameSendmail)2.893 E F1 .393(option to)2.893 F(allo)102 433.2 Q
+3.782(wf)-.25 G(orw)-3.782 E 1.282(ard \214les in a w)-.1 F 1.281
+(orld writable directory)-.1 F 6.281(.T)-.65 G 1.281
+(his might also be used as a denial of service)-6.281 F 2.351
+(attack \(users could create forw)102 445.2 R 2.351
+(ard \214les for other users\); a better approach might be to create)-.1
+F(/v)102 457.2 Q(ar/forw)-.25 E 1.086
+(ard mode 0755 and create empty \214les for each user)-.1 F 3.586(,o)-.4
+G 1.086(wned by that user)-3.836 F 3.586(,m)-.4 G 1.086(ode 0644.)-3.586
+F(If)6.086 E(you do this, you don')102 469.2 Q 2.5(th)-.18 G -2.25 -.2
+(av e)-2.5 H(to set the DontBlameSendmail options indicated abo)2.7 E
+-.15(ve)-.15 G(.).15 E F0 2.5(4.13. Fr)87 493.2 R(ee Space)-.18 E F1
+1.405(On systems that ha)127 509.4 R 1.705 -.15(ve o)-.2 H 1.405
+(ne of the system calls in the).15 F F2(statfs)3.906 E F1 1.406(\(2\) f)
+B 1.406(amily \(including)-.1 F F2(statvfs)3.906 E F1(and)3.906 E F2
+(ustat)102 521.4 Q F1 .839(\), you can specify a minimum number of free\
+ blocks on the queue \214lesystem using the)B F0(Min-)3.339 E(Fr)102
+533.4 Q(eeBlocks)-.18 E F1(\()2.553 E F0(b)A F1 2.553(\)o)C 2.553
+(ption. If)-2.553 F .053(there are fe)2.553 F .053
+(wer than the indicated number of blocks free on the \214lesystem)-.25 F
+1.355(on which the queue is mounted the SMTP serv)102 545.4 R 1.355
+(er will reject mail with the 452 error code.)-.15 F(This)6.354 E(in)102
+557.4 Q(vites the SMTP client to try ag)-.4 E(ain later)-.05 E(.)-.55 E
+(Be)127 573.6 Q -.1(wa)-.25 G .746(re of setting this option too high; \
+it can cause rejection of email when that mail w).1 F(ould)-.1 E
+(be processed without dif)102 585.6 Q(\214culty)-.25 E(.)-.65 E F0 2.5
+(4.14. Maximum)87 609.6 R(Message Size)2.5 E F1 2.078 -.8(To a)127 625.8
+T -.2(vo).6 G .478(id o).2 F -.15(ve)-.15 G(r\215o).15 E .478
+(wing your system with a lar)-.25 F .478(ge message, the)-.18 F F0
+(MaxMessageSize)2.977 E F1 .477(option can be)2.977 F .692
+(set to set an absolute limit on the size of an)102 637.8 R 3.193(yo)
+-.15 G .693(ne message.)-3.193 F .693(This will be adv)5.693 F .693
+(ertised in the ESMTP)-.15 F(dialogue and check)102 649.8 Q
+(ed during message collection.)-.1 E F0 2.5(4.15. Pri)87 673.8 R -.1(va)
+-.1 G(cy Flags).1 E F1(The)127 690 Q F0(Pri)2.96 E -.1(va)-.1 G
+(cyOptions).1 E F1(\()2.96 E F0(p)A F1 2.96(\)o)C .46(ption allo)-2.96 F
+.46(ws you to set certain `)-.25 F(`pri)-.74 E -.25(va)-.25 G -.15(cy)
+.25 G 1.94 -.74('' \215).15 H 2.96(ags. Actually).74 F 2.96(,m)-.65 G
+(an)-2.96 E 2.96(yo)-.15 G(f)-2.96 E .533(them don')102 702 R 3.033(tg)
+-.18 G -2.15 -.25(iv e)-3.033 H .533(you an)3.283 F 3.034(ye)-.15 G .534
+(xtra pri)-3.184 F -.25(va)-.25 G -.15(cy).25 G 3.034(,r)-.5 G .534
+(ather just insisting that client SMTP serv)-3.034 F .534
+(ers use the HELO)-.15 F 2.87
+(command before using certain commands or adding e)102 714 R 2.87
+(xtra headers to indicate possible spoof)-.15 F 0 Cg EP
%%Page: 38 34
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d33382053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .228<77696c6c20676574206120636f70>102 96 R 2.728
-<796f>-.1 G 2.728<6674>-2.728 G .228<6865206d6573736167652e>-2.728 F
-.228<496620746865>5.228 F F0<4d6554>2.728 E<6f6f>-.92 E F1 .228
-<6f7074696f6e2069732073657420746f>2.728 F/F2 9/Times-Roman@0 SF -.666
-<4641>2.727 G<4c5345>.666 E F1 .227
-<28696e2074686520636f6e8c6775726174696f6e208c6c65206f7220766961>2.727 F
-1.022<74686520636f6d6d616e64206c696e65292c20746869732062656861>102 108 R
-1.023<76696f72206973206368616e6765642c20692e652e2c207468652028656e>-.2 F
--.15<7665>-.4 G 1.023<6c6f7065292073656e6465722069732065>.15 F 1.023
-<78636c7564656420696e206c6973742065>-.15 F<7870616e2d>-.15 E
-<73696f6e732e>102 120 Q F0 2.5<352e20544845>72 144 R
-<57484f4c452053434f4f50204f4e2054484520434f4e464947555241>2.5 E
-<54494f4e2046494c45>-.95 E F1<546869732073656374696f6e206465736372696265
-732074686520636f6e8c6775726174696f6e208c6c6520696e2064657461696c2e>112
-160.2 Q .648<5468657265206973206f6e6520706f696e7420746861742073686f756c
-64206265206d61646520636c65617220696d6d6564696174656c793a207468652073796e
-746178206f662074686520636f6e8c6775726174696f6e208c6c65206973>112 176.4 R
-1.076<64657369676e656420746f20626520726561736f6e61626c79206561737920746f
-2070617273652c2073696e6365207468697320697320646f6e652065>87 188.4 R -.15
-<7665>-.25 G 1.077<72792074696d65>.15 F/F3 10/Times-Italic@0 SF
-<73656e646d61696c>3.577 E F1 1.077
-<7374617274732075702c20726174686572207468616e>3.577 F .303
-<6561737920666f7220612068756d616e20746f2072656164206f722077726974652e>87
-200.4 R .302<54686520636f6e8c6775726174696f6e208c6c652073686f756c642062
-652067656e6572617465642076696120746865206d6574686f6420646573637269626564>
-5.302 F<696e>87 212.4 Q F0<63662f524541444d45>3.657 E F1 3.657<2c69>C
-3.657<7473>-3.657 G 1.157<686f756c64206e6f742062652065646974656420646972
-6563746c7920756e6c65737320736f6d656f6e652069732066>-3.657 F 1.158
-<616d696c69617220776974682074686520696e7465726e616c73206f6620746865>-.1
-F<73796e74617820646573637269626564206865726520616e64206974206973206e6f74
-20706f737369626c6520746f206163686965>87 224.4 Q .3 -.15<76652074>-.25 H
-<6865206465736972656420726573756c74207669612074686520646566>.15 E
-<61756c74206d6574686f642e>-.1 E .243
-<54686520636f6e8c6775726174696f6e208c6c65206973206f72>112 240.6 R -.05
-<6761>-.18 G .243<6e697a6564206173206120736572696573206f66206c696e65732c
-2065616368206f66207768696368206265>.05 F .243
-<67696e73207769746820612073696e676c65206368617261632d>-.15 F .102<746572
-2064658c6e696e67207468652073656d616e7469637320666f7220746865207265737420
-6f6620746865206c696e652e>87 252.6 R .102<4c696e6573206265>5.102 F .102<
-67696e6e696e6720776974682061207370616365206f722061207461622061726520636f
-6e74696e756174696f6e>-.15 F 1.323<6c696e65732028616c74686f75676820746865
-2073656d616e7469637320617265206e6f742077656c6c2064658c6e656420696e206d61
-6e>87 264.6 R 3.823<7970>-.15 G 3.822<6c61636573292e20426c616e6b>-3.823
-F 1.322<6c696e657320616e64206c696e6573206265>3.822 F<67696e6e696e67>-.15
-E<7769746820612073686172702073796d626f6c2028602327292061726520636f6d6d65
-6e74732e>87 276.6 Q F0 2.5<352e312e2052>87 300.6 R
-<616e642053208a20526577726974696e672052756c6573>2.5 E F1 .465<5468652063
-6f7265206f6620616464726573732070617273696e672061726520746865207265>127
-316.8 R .466<77726974696e672072756c65732e>-.25 F .466<546865736520617265
-20616e206f7264657265642070726f64756374696f6e2073797374656d2e>5.466 F F3
-<53656e646d61696c>102 328.8 Q F1 .19
-<7363616e73207468726f7567682074686520736574206f66207265>2.69 F .19<7772
-6974696e672072756c6573206c6f6f6b696e6720666f722061206d61746368206f6e2074
-6865206c6566742068616e64207369646520284c485329206f66>-.25 F
-<7468652072756c652e>102 340.8 Q<5768656e20612072756c65206d6174636865732c
-207468652061646472657373206973207265706c61636564206279207468652072696768
-742068616e642073696465202852485329206f66207468652072756c652e>5 E .921
-<546865726520617265207365>127 357 R -.15<7665>-.25 G .921
-<72616c2073657473206f66207265>.15 F .921<77726974696e672072756c65732e>
--.25 F .921<536f6d65206f6620746865207265>5.921 F .922<77726974696e672073
-65747320617265207573656420696e7465726e616c6c7920616e64>-.25 F .36
-<6d757374206861>102 369 R .66 -.15<76652073>-.2 H .36
-<706563698c632073656d616e746963732e>.15 F .359<4f74686572207265>5.359 F
-.359<77726974696e67207365747320646f206e6f74206861>-.25 F .659 -.15
-<76652073>-.2 H .359
-<706563698c63616c6c792061737369676e65642073656d616e746963732c20616e64>
-.15 F<6d6179206265207265666572656e63656420627920746865206d61696c65722064
-658c6e6974696f6e73206f72206279206f74686572207265>102 381 Q
-<77726974696e6720736574732e>-.25 E
-<5468652073796e746178206f66207468657365207477>127 397.2 Q 2.5<6f63>-.1 G
-<6f6d6d616e6473206172653a>-2.5 E F0<53>142 413.4 Q F3<6e>A F1 .248<5365
-7473207468652063757272656e742072756c65736574206265696e6720636f6c6c656374
-656420746f>102 429.6 R F3<6e>2.748 E F1 5.248<2e49>C 2.748<6679>-5.248 G
-.248<6f75206265>-2.748 F .249<67696e20612072756c65736574206d6f7265207468
-616e206f6e636520697420617070656e647320746f20746865>-.15 F
-<6f6c642064658c6e6974696f6e2e>102 441.6 Q F0<52>142 457.8 Q F3
-<6c68732072687320636f6d6d656e7473>A F1 1.185<546865208c656c6473206d7573
-7420626520736570617261746564206279206174206c65617374206f6e65207461622063
-68617261637465723b207468657265206d617920626520656d6265646465642073706163
-657320696e20746865>102 474 R 2.594<8c656c64732e20546865>102 486 R F3
-<6c6873>2.594 E F1 .095<69732061207061747465726e207468617420697320617070
-6c69656420746f2074686520696e7075742e>2.594 F .095
-<4966206974206d6174636865732c2074686520696e707574206973207265>5.095 F
-.095<7772697474656e20746f20746865>-.25 F F3<726873>2.595 E F1<2e>A
-<546865>102 498 Q F3<636f6d6d656e7473>2.5 E F1<6172652069676e6f7265642e>
-2.5 E .427<4d6163726f2065>127 514.2 R .427
-<7870616e73696f6e73206f662074686520666f726d>-.15 F F0<24>2.927 E F3<78>A
-F1 .427<61726520706572666f726d6564207768656e2074686520636f6e8c6775726174
-696f6e208c6c6520697320726561642e>2.927 F 2.926<416c>5.426 G
-<69746572616c>-2.926 E F0<24>102 526.2 Q F1 .609
-<63616e20626520696e636c75646564207573696e67>3.108 F F0<2424>3.109 E F1
-5.609<2e45>C .609<7870616e73696f6e73206f662074686520666f726d>-5.609 F F0
-<2426>3.109 E F3<78>A F1 .609<61726520706572666f726d65642061742072756e20
-74696d65207573696e67206120736f6d652d>3.109 F .148
-<77686174206c6573732067656e6572616c20616c676f726974686d2e>102 538.2 R
-.148<5468697320697320696e74656e646564206f6e6c7920666f72207265666572656e
-63696e6720696e7465726e616c6c792064658c6e6564206d6163726f7320737563682061
-73>5.148 F F0<2468>102 550.2 Q F1
-<7468617420617265206368616e6765642061742072756e74696d652e>2.5 E F0 2.5
-<352e312e312e20546865>102 574.2 R<6c6566742068616e642073696465>2.5 E F1
-2.77<546865206c6566742068616e642073696465206f66207265>142 590.4 R 2.771
-<77726974696e672072756c657320636f6e7461696e732061207061747465726e2e>-.25
-F 2.771<4e6f726d616c2077>7.771 F 2.771<6f726473206172652073696d706c79>
--.1 F<6d617463686564206469726563746c79>117 602.4 Q 5<2e4d>-.65 G<657461
-73796e74617820697320696e74726f6475636564207573696e67206120646f6c6c617220
-7369676e2e>-5 E<546865206d65746173796d626f6c73206172653a>5 E F0<242a>157
-618.6 Q F1<4d61746368207a65726f206f72206d6f726520746f6b>10.14 E<656e73>
--.1 E F0<242b>157 630.6 Q F1<4d61746368206f6e65206f72206d6f726520746f6b>
-9.44 E<656e73>-.1 E F0<24ad>157 642.6 Q F1<4d617463682065>9.44 E
-<786163746c79206f6e6520746f6b>-.15 E<656e>-.1 E F0<243d>157 654.6 Q F3
-<78>A F1<4d6174636820616e>5 E 2.5<7970>-.15 G
-<687261736520696e20636c617373>-2.5 E F3<78>2.5 E F0<247e>157 666.6 Q F3
-<78>A F1<4d6174636820616e>7.37 E 2.5<7977>-.15 G
-<6f7264206e6f7420696e20636c617373>-2.6 E F3<78>2.5 E F1 .132<496620616e>
-117 682.8 R 2.632<796f>-.15 G 2.632<6674>-2.632 G .132
-<68657365206d617463682c20746865>-2.632 F 2.632<7961>-.15 G .132
-<72652061737369676e656420746f207468652073796d626f6c>-2.632 F F0<24>2.632
-E F3<6e>A F1 .131<666f72207265706c6163656d656e74206f6e207468652072696768
-742068616e6420736964652c>2.632 F<7768657265>117 694.8 Q F3<6e>2.5 E F1
-<69732074686520696e6465>2.5 E 2.5<7869>-.15 G 2.5<6e74>-2.5 G
-<6865204c48532e>-2.5 E -.15<466f>5 G 2.5<7265>.15 G
-<78616d706c652c20696620746865204c48533a>-2.65 E<24ad3a242b>157 711 Q 0
-Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-38 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(attempts.)102 96 Q .123(The option tak)127 112.2 R .124
+(es a series of \215ag names; the \214nal pri)-.1 F -.25(va)-.25 G .424
+-.15(cy i).25 H 2.624(st).15 G .124(he inclusi)-2.624 F .424 -.15(ve o)
+-.25 H 2.624(ro).15 G 2.624(ft)-2.624 G .124(hose \215ags.)-2.624 F -.15
+(Fo)5.124 G(r).15 E -.15(ex)102 124.2 S(ample:).15 E 2.5(OP)142 140.4 S
+(ri)-2.5 E -.25(va)-.25 G -.15(cy).25 G(Options=needmailhelo, noe).15 E
+(xpn)-.15 E .928(insists that the HELO or EHLO command be used before a\
+ MAIL command is accepted and dis-)102 156.6 R(ables the EXPN command.)
+102 168.6 Q(The \215ags are detailed in section 5.6.)127 184.8 Q F0 2.5
+(4.16. Send)87 208.8 R(to Me T)2.5 E(oo)-.92 E F1(Be)127 225 Q 1.074
+(ginning with v)-.15 F 1.074(ersion 8.10,)-.15 F/F2 10/Times-Italic@0 SF
+(sendmail)3.574 E F1 1.075(includes by def)3.574 F 1.075(ault the \(en)
+-.1 F -.15(ve)-.4 G 1.075(lope\) sender in an).15 F 3.575(yl)-.15 G(ist)
+-3.575 E -.15(ex)102 237 S 3.465(pansions. F).15 F .965(or e)-.15 F .964
+(xample, if \231matt\232 sends to a list that contains \231matt\232 as \
+one of the members he)-.15 F .227(will get a cop)102 249 R 2.727(yo)-.1
+G 2.727(ft)-2.727 G .227(he message.)-2.727 F .227(If the)5.227 F F0
+(MeT)2.728 E(oo)-.92 E F1 .228(option is set to)2.728 F/F3 9
+/Times-Roman@0 SF -.666(FA)2.728 G(LSE).666 E F1 .228
+(\(in the con\214guration \214le or via)2.728 F 1.023
+(the command line\), this beha)102 261 R 1.023
+(vior is changed, i.e., the \(en)-.2 F -.15(ve)-.4 G 1.022
+(lope\) sender is e).15 F 1.022(xcluded in list e)-.15 F(xpan-)-.15 E
+(sions.)102 273 Q F0 2.5(5. THE)72 297 R(WHOLE SCOOP ON THE CONFIGURA)
+2.5 E(TION FILE)-.95 E F1
+(This section describes the con\214guration \214le in detail.)112 313.2
+Q .648(There is one point that should be made clear immediately: the sy\
+ntax of the con\214guration \214le is)112 329.4 R 1.077
+(designed to be reasonably easy to parse, since this is done e)87 341.4
+R -.15(ve)-.25 G 1.076(ry time).15 F F2(sendmail)3.576 E F1 1.076
+(starts up, rather than)3.576 F .302(easy for a human to read or write.)
+87 353.4 R .303(The con\214guration \214le should be generated via the \
+method described)5.302 F(in)87 365.4 Q F0(cf/README)3.658 E F1 3.658(,i)
+C 3.658(ts)-3.658 G 1.158
+(hould not be edited directly unless someone is f)-3.658 F 1.157
+(amiliar with the internals of the)-.1 F
+(syntax described here and it is not possible to achie)87 377.4 Q .3
+-.15(ve t)-.25 H(he desired result via the def).15 E(ault method.)-.1 E
+.243(The con\214guration \214le is or)112 393.6 R -.05(ga)-.18 G .243
+(nized as a series of lines, each of which be).05 F .243
+(gins with a single charac-)-.15 F .102
+(ter de\214ning the semantics for the rest of the line.)87 405.6 R .102
+(Lines be)5.102 F .102(ginning with a space or a tab are continuation)
+-.15 F 1.322
+(lines \(although the semantics are not well de\214ned in man)87 417.6 R
+3.823(yp)-.15 G 3.823(laces\). Blank)-3.823 F 1.323(lines and lines be)
+3.823 F(ginning)-.15 E(with a sharp symbol \(`#'\) are comments.)87
+429.6 Q F0 2.5(5.1. R)87 453.6 R(and S \212 Rewriting Rules)2.5 E F1
+.466(The core of address parsing are the re)127 469.8 R .466
+(writing rules.)-.25 F .465(These are an ordered production system.)
+5.466 F F2(Sendmail)102 481.8 Q F1 .19(scans through the set of re)2.69
+F .19
+(writing rules looking for a match on the left hand side \(LHS\) of)-.25
+F(the rule.)102 493.8 Q(When a rule matches, the address is replaced by\
+ the right hand side \(RHS\) of the rule.)5 E .922(There are se)127 510
+R -.15(ve)-.25 G .922(ral sets of re).15 F .921(writing rules.)-.25 F
+.921(Some of the re)5.921 F .921(writing sets are used internally and)
+-.25 F .359(must ha)102 522 R .659 -.15(ve s)-.2 H .359
+(peci\214c semantics.).15 F .359(Other re)5.359 F .359
+(writing sets do not ha)-.25 F .659 -.15(ve s)-.2 H .36
+(peci\214cally assigned semantics, and).15 F
+(may be referenced by the mailer de\214nitions or by other re)102 534 Q
+(writing sets.)-.25 E(The syntax of these tw)127 550.2 Q 2.5(oc)-.1 G
+(ommands are:)-2.5 E F0(S)142 566.4 Q F2(n)A F1 .249
+(Sets the current ruleset being collected to)102 582.6 R F2(n)2.749 E F1
+5.249(.I)C 2.748(fy)-5.249 G .248(ou be)-2.748 F .248
+(gin a ruleset more than once it appends to the)-.15 F
+(old de\214nition.)102 594.6 Q F0(R)142 610.8 Q F2(lhs rhs comments)A F1
+1.185(The \214elds must be separated by at least one tab character; the\
+re may be embedded spaces in the)102 627 R 2.595(\214elds. The)102 639 R
+F2(lhs)2.595 E F1 .095(is a pattern that is applied to the input.)2.595
+F .095(If it matches, the input is re)5.095 F .094(written to the)-.25 F
+F2(rhs)2.594 E F1(.)A(The)102 651 Q F2(comments)2.5 E F1(are ignored.)
+2.5 E .426(Macro e)127 667.2 R .426(xpansions of the form)-.15 F F0($)
+2.926 E F2(x)A F1 .427
+(are performed when the con\214guration \214le is read.)2.927 F 2.927
+(Al)5.427 G(iteral)-2.927 E F0($)102 679.2 Q F1 .609
+(can be included using)3.109 F F0($$)3.109 E F1 5.609(.E)C .609
+(xpansions of the form)-5.609 F F0($&)3.109 E F2(x)A F1 .609
+(are performed at run time using a some-)3.109 F .147
+(what less general algorithm.)102 691.2 R .148(This is intended only fo\
+r referencing internally de\214ned macros such as)5.148 F F0($h)102
+703.2 Q F1(that are changed at runtime.)2.5 E 0 Cg EP
%%Page: 39 35
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3339>195.86 E
-/F1 10/Times-Roman@0 SF
-<6973206170706c69656420746f2074686520696e7075743a>117 96 Q<554342>157
-112.2 Q<415250>-.35 E<413a65726963>-.92 E
-<7468652072756c652077696c6c206d617463682c20616e64207468652076>117 128.4
-Q<616c7565732070617373656420746f20746865205248532077696c6c2062653a>-.25
-E 7.5<243120554342>157 144.6 R<415250>-.35 E<41>-.92 E 7.5
-<24322065726963>157 156.6 R<4164646974696f6e616c6c79>142 177 Q 2.704
-<2c74>-.65 G .204<6865204c48532063616e20696e636c756465>-2.704 F F0<2440>
-2.704 E F1 .204<746f206d61746368207a65726f20746f6b>2.704 F 2.704
-<656e732e2054686973>-.1 F<6973>2.704 E/F2 10/Times-Italic@0 SF<6e6f74>
-2.704 E F1 .204<626f756e6420746f2061>2.704 F F0<24>2.705 E F2<6e>A F1
-<6f6e>2.705 E<746865205248532c20616e64206973206e6f726d616c6c79206f6e6c79
-2075736564207768656e206974207374616e647320616c6f6e6520696e206f7264657220
-746f206d6174636820746865206e756c6c20696e7075742e>117 189 Q F0 2.5
-<352e312e322e20546865>102 213 R<72696768742068616e642073696465>2.5 E F1
-.649<5768656e20746865206c6566742068616e642073696465206f662061207265>142
-229.2 R .649<77726974696e672072756c65206d6174636865732c2074686520696e70
-75742069732064656c6574656420616e64207265706c61636564206279>-.25 F 1.036
-<7468652072696768742068616e6420736964652e>117 241.2 R -.8<546f>6.036 G
--.1<6b65>.8 G 1.036<6e732061726520636f70696564206469726563746c792066726f
-6d207468652052485320756e6c65737320746865>.1 F 3.537<7962>-.15 G -.15
-<6567>-3.537 G 1.037<696e2077697468206120646f6c6c6172>.15 F 2.5
-<7369676e2e204d65746173796d626f6c73>117 253.2 R<6172653a>2.5 E F0<24>157
-269.4 Q F2<6e>A F1<5375627374697475746520696e64658c6e69746520746f6b>
-40.55 E<656e>-.1 E F2<6e>2.5 E F1<66726f6d204c4853>2.5 E F0<245b>157
-281.4 Q F2<6e616d65>A F0<245d>A F1<43616e6f6e6963616c697a65>12.23 E F2
-<6e616d65>2.5 E F0<2428>157 293.4 Q F2<6d6170206b>A -.3<6579>-.1 G F0
-<2440>2.8 E F2<6172>A<67756d656e7473>-.37 E F0<243a>2.5 E F2
-<64656661756c74>A F0<2429>2.5 E F1<47656e6572616c697a6564206b>207.55
-305.4 Q -.15<6579>-.1 G<6564206d617070696e672066756e6374696f6e>.15 E F0
-<243e>157 317.4 Q F2<6e>A F1<9943616c6c9a2072756c65736574>34.85 E F2<6e>
-2.5 E F0<2423>157 329.4 Q F2<6d61696c6572>A F1<5265736f6c76>14.44 E 2.5
-<6574>-.15 G<6f>-2.5 E F2<6d61696c6572>2.5 E F0<2440>157 341.4 Q F2
-<686f7374>A F1<53706563696679>19.58 E F2<686f7374>2.5 E F0<243a>157
-353.4 Q F2<75736572>A F1<53706563696679>25 E F2<75736572>2.5 E F1
-<546865>142 373.8 Q F0<24>3.137 E F2<6e>A F1 .637<73796e7461782073756273
-746974757465732074686520636f72726573706f6e64696e672076>3.137 F .637
-<616c75652066726f6d2061>-.25 F F0<242b>3.137 E F1<2c>A F0<24ad>3.137 E
-F1<2c>A F0<242a>3.137 E F1<2c>A F0<243d>3.137 E F1 3.137<2c6f>C<72>
--3.137 E F0<247e>3.137 E F1 .636<6d61746368206f6e>3.136 F
-<746865204c48532e>117 385.8 Q<4974206d6179206265207573656420616e>5 E
-<7977686572652e>-.15 E 2.705<4168>142 402 S .205
-<6f7374206e616d6520656e636c6f736564206265747765656e>-2.705 F F0<245b>
-2.705 E F1<616e64>2.705 E F0<245d>2.706 E F1 .206<6973206c6f6f6b>2.706 F
-.206<656420757020696e2074686520686f737420646174616261736528732920616e64
-207265706c61636564>-.1 F 1.683
-<6279207468652063616e6f6e6963616c206e616d65>117 416 R/F3 7/Times-Roman@0
-SF<3134>-4 I F1 6.683<2e46>4 K 1.683<6f722065>-6.833 F 1.683<78616d706c
-652c2099245b667470245d9a206d69676874206265636f6d6520996674702e43532e4265
-726b>-.15 F<656c65>-.1 E -.65<792e>-.15 G 1.683<4544559a20616e64>.65 F
-3.17<99245b5b3132382e33322e3133302e325d245d9a2077>117 428 R 3.17
-<6f756c64206265636f6d65209976>-.1 F<616e676f67682e43532e4265726b>-.25 E
-<656c65>-.1 E -.65<792e>-.15 G<4544552e>.65 E<9a>-.7 E F2
-<53656e646d61696c>8.17 E F1 3.17<7265636f676e697a657320697473>5.67 F<6e
-756d65726963204950206164647265737320776974686f75742063616c6c696e67207468
-65206e616d652073657276>117 440 Q<657220616e64207265706c6163657320697420
-77697468206974732063616e6f6e6963616c206e616d652e>-.15 E<546865>142 456.2
-Q F0<2428>3.004 E F1<2e2e2e>3.004 E F0<2429>5.504 E F1 .503<73796e746178
-2069732061206d6f72652067656e6572616c20666f726d206f66206c6f6f6b75703b2069
-7420757365732061206e616d6564206d617020696e7374656164206f6620616e>3.003 F
-.809<696d706c69636974206d61702e>117 468.2 R .809<4966206e6f206c6f6f6b75
-7020697320666f756e642c2074686520696e64696361746564>5.809 F F2
-<64656661756c74>3.309 E F1 .81
-<697320696e7365727465643b206966206e6f20646566>3.309 F .81
-<61756c742069732073706563698c6564>-.1 F .776
-<616e64206e6f206c6f6f6b7570206d6174636865732c207468652076>117 480.2 R
-.776<616c7565206973206c65667420756e6368616e6765642e>-.25 F<546865>5.776
-E F2<6172>3.276 E<67756d656e7473>-.37 E F1 .775
-<6172652070617373656420746f20746865206d617020666f72>3.275 F
-<706f737369626c65207573652e>117 492.2 Q<546865>142 508.4 Q F0<243e>2.619
-E F2<6e>A F1 .119<73796e74617820636175736573207468652072656d61696e646572
-206f6620746865206c696e6520746f206265207375627374697475746564206173207573
-75616c20616e64207468656e20706173736564>2.619 F .587<617320746865206172>
-117 520.4 R .587<67756d656e7420746f2072756c65736574>-.18 F F2<6e>3.087 E
-F1 5.587<2e54>C .587<6865208c6e616c2076>-5.587 F .586
-<616c7565206f662072756c65736574>-.25 F F2<6e>3.086 E F1 .586<7468656e20
-6265636f6d65732074686520737562737469747574696f6e20666f722074686973>3.086
-F 3.758<72756c652e20546865>117 532.4 R F0<243e>3.758 E F1 1.258
-<73796e7461782065>3.758 F 1.258<7870616e64732065>-.15 F -.15<7665>-.25 G
-1.259<72797468696e67206166746572207468652072756c65736574206e616d6520746f
-2074686520656e64206f6620746865207265706c6163656d656e74>.15 F .976<737472
-696e6720616e64207468656e2070617373657320746861742061732074686520696e6974
-69616c20696e70757420746f207468652072756c657365742e>117 544.4 R
-<52656375727369>5.976 E 1.276 -.15<76652063>-.25 H .976
-<616c6c732061726520616c6c6f>.15 F 3.476<7765642e2046>-.25 F<6f72>-.15 E
--.15<6578>117 556.4 S<616d706c652c>.15 E<243e3020243e33202431>157 572.6
-Q -.15<6578>117 588.8 S<70616e64732024312c20706173736573207468617420746f
-2072756c6573657420332c20616e64207468656e20706173736573207468652072657375
-6c74206f662072756c65736574203320746f2072756c6573657420302e>.15 E<546865>
-142 605 Q F0<2423>2.768 E F1 .268<73796e7461782073686f756c64>2.768 F F2
-<6f6e6c79>2.768 E F1 .268<6265207573656420696e2072756c65736574207a65726f
-2c206120737562726f7574696e65206f662072756c65736574207a65726f2c206f722072
-756c6573657473>2.768 F .455<746861742072657475726e206465636973696f6e7320
-28652e672e2c20636865636b5f72637074292e>117 617 R .455
-<4974206361757365732065>5.455 F -.25<7661>-.25 G .454<6c756174696f6e206f
-66207468652072756c6573657420746f207465726d696e61746520696d6d6564692d>.25
-F<6174656c79>117 629 Q 2.565<2c61>-.65 G .065
-<6e64207369676e616c7320746f>-2.565 F F2<73656e646d61696c>2.565 E F1 .065
-<746861742074686520616464726573732068617320636f6d706c6574656c7920726573
-6f6c76>2.565 F 2.565<65642e20546865>-.15 F .065
-<636f6d706c6574652073796e74617820666f72>2.565 F
-<72756c6573657420302069733a>117 641 Q F0<2423>157 657.2 Q F2
-<6d61696c6572>A F0<2440>2.5 E F2<686f7374>A F0<243a>2.5 E F2<75736572>A
-F1 1.513<546869732073706563698c657320746865207b6d61696c6572>117 673.4 R
-4.013<2c68>-.4 G 1.513<6f73742c20757365727d20332d7475706c65206e65636573
-7361727920746f2064697265637420746865206d61696c6572>-4.013 F 6.513<2e4e>
--.55 G 1.512<6f74653a20746865207468697264>-6.513 F .32 LW 76 683 72 683
-DL 80 683 76 683 DL 84 683 80 683 DL 88 683 84 683 DL 92 683 88 683 DL
-96 683 92 683 DL 100 683 96 683 DL 104 683 100 683 DL 108 683 104 683 DL
-112 683 108 683 DL 116 683 112 683 DL 120 683 116 683 DL 124 683 120 683
-DL 128 683 124 683 DL 132 683 128 683 DL 136 683 132 683 DL 140 683 136
-683 DL 144 683 140 683 DL 148 683 144 683 DL 152 683 148 683 DL 156 683
-152 683 DL 160 683 156 683 DL 164 683 160 683 DL 168 683 164 683 DL 172
-683 168 683 DL 176 683 172 683 DL 180 683 176 683 DL 184 683 180 683 DL
-188 683 184 683 DL 192 683 188 683 DL 196 683 192 683 DL 200 683 196 683
-DL 204 683 200 683 DL 208 683 204 683 DL 212 683 208 683 DL 216 683 212
-683 DL/F4 5/Times-Roman@0 SF<3134>93.6 693.4 Q/F5 8/Times-Roman@0 SF
-<546869732069732061637475616c6c7920636f6d706c6574656c792065717569>3.2 I
--.2<7661>-.2 G<6c656e7420746f202428686f7374>.2 E/F6 8/Times-Italic@0 SF
-<686f73746e616d65>2 E F5 2<24292e20496e>B<706172746963756c6172>2 E 2
-<2c61>-.32 G/F7 8/Times-Bold@0 SF<243a>A F5<646566>2 E
-<61756c742063616e20626520757365642e>-.08 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-39)195.86 E 2.5(5.1.1. The)102 96 R(left hand side)2.5 E/F1 10
+/Times-Roman@0 SF 2.771(The left hand side of re)142 112.2 R 2.771
+(writing rules contains a pattern.)-.25 F 2.77(Normal w)7.771 F 2.77
+(ords are simply)-.1 F(matched directly)117 124.2 Q 5(.M)-.65 G
+(etasyntax is introduced using a dollar sign.)-5 E(The metasymbols are:)
+5 E F0($*)157 140.4 Q F1(Match zero or more tok)10.14 E(ens)-.1 E F0($+)
+157 152.4 Q F1(Match one or more tok)9.44 E(ens)-.1 E F0<24ad>157 164.4
+Q F1(Match e)9.44 E(xactly one tok)-.15 E(en)-.1 E F0($=)157 176.4 Q/F2
+10/Times-Italic@0 SF(x)A F1(Match an)5 E 2.5(yp)-.15 G(hrase in class)
+-2.5 E F2(x)2.5 E F0($~)157 188.4 Q F2(x)A F1(Match an)7.37 E 2.5(yw)
+-.15 G(ord not in class)-2.6 E F2(x)2.5 E F1 .131(If an)117 204.6 R
+2.631(yo)-.15 G 2.631(ft)-2.631 G .131(hese match, the)-2.631 F 2.631
+(ya)-.15 G .132(re assigned to the symbol)-2.631 F F0($)2.632 E F2(n)A
+F1 .132(for replacement on the right hand side,)2.632 F(where)117 216.6
+Q F2(n)2.5 E F1(is the inde)2.5 E 2.5(xi)-.15 G 2.5(nt)-2.5 G(he LHS.)
+-2.5 E -.15(Fo)5 G 2.5(re).15 G(xample, if the LHS:)-2.65 E($\255:$+)157
+232.8 Q(is applied to the input:)117 249 Q(UCB)157 265.2 Q(ARP)-.35 E
+(A:eric)-.92 E(the rule will match, and the v)117 281.4 Q
+(alues passed to the RHS will be:)-.25 E 7.5($1 UCB)157 297.6 R(ARP)-.35
+E(A)-.92 E 7.5($2 eric)157 309.6 R(Additionally)142 330 Q 2.705(,t)-.65
+G .204(he LHS can include)-2.705 F F0($@)2.704 E F1 .204
+(to match zero tok)2.704 F 2.704(ens. This)-.1 F(is)2.704 E F2(not)2.704
+E F1 .204(bound to a)2.704 F F0($)2.704 E F2(n)A F1(on)2.704 E(the RHS,\
+ and is normally only used when it stands alone in order to match the n\
+ull input.)117 342 Q F0 2.5(5.1.2. The)102 366 R(right hand side)2.5 E
+F1 .648(When the left hand side of a re)142 382.2 R .649
+(writing rule matches, the input is deleted and replaced by)-.25 F 1.037
+(the right hand side.)117 394.2 R -.8(To)6.037 G -.1(ke).8 G 1.036
+(ns are copied directly from the RHS unless the).1 F 3.536(yb)-.15 G
+-.15(eg)-3.536 G 1.036(in with a dollar).15 F 2.5(sign. Metasymbols)117
+406.2 R(are:)2.5 E F0($)157 422.4 Q F2(n)A F1
+(Substitute inde\214nite tok)40.55 E(en)-.1 E F2(n)2.5 E F1(from LHS)2.5
+E F0($[)157 434.4 Q F2(name)A F0($])A F1(Canonicalize)12.23 E F2(name)
+2.5 E F0($\()157 446.4 Q F2(map k)A -.3(ey)-.1 G F0($@)2.8 E F2(ar)A
+(guments)-.37 E F0($:)2.5 E F2(default)A F0($\))2.5 E F1(Generalized k)
+207.55 458.4 Q -.15(ey)-.1 G(ed mapping function).15 E F0($>)157 470.4 Q
+F2(n)A F1(\231Call\232 ruleset)34.85 E F2(n)2.5 E F0($#)157 482.4 Q F2
+(mailer)A F1(Resolv)14.44 E 2.5(et)-.15 G(o)-2.5 E F2(mailer)2.5 E F0
+($@)157 494.4 Q F2(host)A F1(Specify)19.58 E F2(host)2.5 E F0($:)157
+506.4 Q F2(user)A F1(Specify)25 E F2(user)2.5 E F1(The)142 526.8 Q F0($)
+3.136 E F2(n)A F1 .637(syntax substitutes the corresponding v)3.136 F
+.637(alue from a)-.25 F F0($+)3.137 E F1(,)A F0<24ad>3.137 E F1(,)A F0
+($*)3.137 E F1(,)A F0($=)3.137 E F1 3.137(,o)C(r)-3.137 E F0($~)3.137 E
+F1 .637(match on)3.137 F(the LHS.)117 538.8 Q(It may be used an)5 E
+(ywhere.)-.15 E 2.706(Ah)142 555 S .206(ost name enclosed between)-2.706
+F F0($[)2.706 E F1(and)2.706 E F0($])2.706 E F1 .206(is look)2.706 F
+.205(ed up in the host database\(s\) and replaced)-.1 F 1.683
+(by the canonical name)117 569 R/F3 7/Times-Roman@0 SF(14)-4 I F1 6.683
+(.F)4 K 1.683(or e)-6.833 F 1.683
+(xample, \231$[ftp$]\232 might become \231ftp.CS.Berk)-.15 F(ele)-.1 E
+-.65(y.)-.15 G 1.683(EDU\232 and).65 F 3.17
+(\231$[[128.32.130.2]$]\232 w)117 581 R 3.17(ould become \231v)-.1 F
+(angogh.CS.Berk)-.25 E(ele)-.1 E -.65(y.)-.15 G(EDU.).65 E<9a>-.7 E F2
+(Sendmail)8.17 E F1 3.17(recognizes its)5.67 F
+(numeric IP address without calling the name serv)117 593 Q
+(er and replaces it with its canonical name.)-.15 E(The)142 609.2 Q F0
+($\()3.003 E F1(...)3.003 E F0($\))5.503 E F1 .503(syntax is a more gen\
+eral form of lookup; it uses a named map instead of an)3.003 F .81
+(implicit map.)117 621.2 R .81(If no lookup is found, the indicated)5.81
+F F2(default)3.309 E F1 .809(is inserted; if no def)3.309 F .809
+(ault is speci\214ed)-.1 F .775(and no lookup matches, the v)117 633.2 R
+.776(alue is left unchanged.)-.25 F(The)5.776 E F2(ar)3.276 E(guments)
+-.37 E F1 .776(are passed to the map for)3.276 F(possible use.)117 645.2
+Q(The)142 661.4 Q F0($>)2.62 E F2(n)A F1 .119(syntax causes the remaind\
+er of the line to be substituted as usual and then passed)2.62 F .586
+(as the ar)117 673.4 R .586(gument to ruleset)-.18 F F2(n)3.086 E F1
+5.586(.T)C .586(he \214nal v)-5.586 F .586(alue of ruleset)-.25 F F2(n)
+3.087 E F1 .587(then becomes the substitution for this)3.087 F .32 LW 76
+683 72 683 DL 80 683 76 683 DL 84 683 80 683 DL 88 683 84 683 DL 92 683
+88 683 DL 96 683 92 683 DL 100 683 96 683 DL 104 683 100 683 DL 108 683
+104 683 DL 112 683 108 683 DL 116 683 112 683 DL 120 683 116 683 DL 124
+683 120 683 DL 128 683 124 683 DL 132 683 128 683 DL 136 683 132 683 DL
+140 683 136 683 DL 144 683 140 683 DL 148 683 144 683 DL 152 683 148 683
+DL 156 683 152 683 DL 160 683 156 683 DL 164 683 160 683 DL 168 683 164
+683 DL 172 683 168 683 DL 176 683 172 683 DL 180 683 176 683 DL 184 683
+180 683 DL 188 683 184 683 DL 192 683 188 683 DL 196 683 192 683 DL 200
+683 196 683 DL 204 683 200 683 DL 208 683 204 683 DL 212 683 208 683 DL
+216 683 212 683 DL/F4 5/Times-Roman@0 SF(14)93.6 693.4 Q/F5 8
+/Times-Roman@0 SF(This is actually completely equi)3.2 I -.2(va)-.2 G
+(lent to $\(host).2 E/F6 8/Times-Italic@0 SF(hostname)2 E F5 2($\). In)B
+(particular)2 E 2(,a)-.32 G/F7 8/Times-Bold@0 SF($:)A F5(def)2 E
+(ault can be used.)-.08 E 0 Cg EP
%%Page: 40 36
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d34302053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 1.253<656c656d656e742028>117 96 R/F2 10
-/Times-Italic@0 SF<75736572>3.753 E F1 3.753<2969>3.753 G 3.753<736f>
--3.753 G 1.253<6674656e20616c736f2063616c6c6564>-3.753 F F2<61646472>
-3.754 E<657373>-.37 E F1 3.754<706172742e204966>3.754 F 1.254<746865206d
-61696c6572206973206c6f63616c2074686520686f73742070617274206d6179206265>
-3.754 F<6f6d6974746564>117 110 Q/F3 7/Times-Roman@0 SF<3135>-4 I F1
-5.967<2e54>4 K<6865>-5.967 E F2<6d61696c6572>3.467 E F1 .967
-<6d75737420626520612073696e676c652077>3.467 F .967<6f72642c2062>-.1 F
-.967<757420746865>-.2 F F2<686f7374>3.467 E F1<616e64>3.467 E F2
-<75736572>3.467 E F1 .967<6d6179206265206d756c74692d706172742e>3.467 F
-.968<496620746865>5.967 F F2<6d61696c6572>117 122 Q F1 .026
-<6973207468652062>2.526 F .026<75696c742d696e20495043206d61696c6572>-.2
-F 2.525<2c74>-.4 G<6865>-2.525 E F2<686f7374>2.525 E F1 .025<6d61792062
-65206120636f6c6f6e2d736570617261746564206c697374206f6620686f737473207468
-617420617265207365617263686564>2.525 F .723
-<696e206f7264657220666f7220746865208c7273742077>117 134 R .723
-<6f726b696e672061646472657373202865>-.1 F .723<786163746c79206c696b>-.15
-F 3.223<654d>-.1 G 3.223<5872>-3.223 G 3.223<65636f726473292e20546865>
--3.223 F F2<75736572>3.223 E F1 .723<6973206c61746572207265>3.223 F .724
-<7772697474656e206279>-.25 F .106<746865206d61696c6572>117 146 R .106
-<2d73706563698c6320656e>-.2 F -.15<7665>-.4 G .106<6c6f7065207265>.15 F
-.106<77726974696e672073657420616e642061737369676e656420746f20746865>-.25
-F F0<2475>2.606 E F1 2.605<6d6163726f2e204173>2.606 F 2.605<6173>2.605 G
-.105<70656369616c20636173652c20696620746865>-2.605 F 1.033
-<6d61696c65722073706563698c65642068617320746865>117 158 R F0<463d40>
-3.533 E F1 1.033<8d61672073706563698c656420616e6420746865208c7273742063
-6861726163746572206f6620746865>3.533 F F0<243a>3.533 E F1 -.25<7661>
-3.533 G 1.033<6c75652069732099409a2c20746865>.25 F .017
-<99409a206973207374726970706564206f66>117 170 R .017<662c20616e64206120
-8d61672069732073657420696e2074686520616464726573732064657363726970746f72
-2074686174206361757365732073656e646d61696c20746f206e6f7420646f2072756c65
-2d>-.25 F<73657420352070726f63657373696e672e>117 182 Q<4e6f726d616c6c79>
-142 198.2 Q 3.251<2c6172>-.65 G .751<756c652074686174206d61746368657320
-697320726574726965642c20746861742069732c207468652072756c65206c6f6f707320
-756e74696c2069742066>-3.251 F 3.252<61696c732e2041>-.1 F .752
-<524853206d6179>3.252 F 1.086
-<616c736f2062652070726563656465642062792061>117 210.2 R F0<2440>3.586 E
-F1 1.085<6f722061>3.585 F F0<243a>3.585 E F1 1.085
-<746f206368616e676520746869732062656861>3.585 F<76696f72>-.2 E 6.085
-<2e41>-.55 G F0<2440>-2.5 E F1 1.085
-<7072658c7820636175736573207468652072756c6573657420746f>3.585 F 1.46<72
-657475726e2077697468207468652072656d61696e646572206f66207468652052485320
-6173207468652076>117 222.2 R 3.96<616c75652e2041>-.25 F F0<243a>3.96 E
-F1 1.46
-<7072658c7820636175736573207468652072756c6520746f207465726d696e617465>
-3.96 F<696d6d6564696174656c79>117 234.2 Q 3.756<2c62>-.65 G 1.256<757420
-7468652072756c6573657420746f20636f6e74696e75653b20746869732063616e206265
-207573656420746f2061>-3.956 F -.2<766f>-.2 G 1.256
-<696420636f6e74696e756564206170706c69636174696f6e206f662061>.2 F 2.5
-<72756c652e20546865>117 246.2 R<7072658c78206973207374726970706564206265
-666f726520636f6e74696e75696e672e>2.5 E<546865>142 262.4 Q F0<2440>2.5 E
-F1<616e64>2.5 E F0<243a>2.5 E F1<7072658c78>2.5 E
-<6573206d617920707265636564652061>-.15 E F0<243e>2.5 E F1
-<737065633b20666f722065>2.5 E<78616d706c653a>-.15 E 20.19<52242b20243a>
-157 278.6 R<243e37202431>2.5 E 1.256<6d61746368657320616e>117 294.8 R
-1.256
-<797468696e672c20706173736573207468617420746f2072756c65736574207365>-.15
-F -.15<7665>-.25 G 1.256<6e2c20616e6420636f6e74696e7565733b20746865>.15
-F F0<243a>3.756 E F1 1.256<6973206e656365737361727920746f2061>3.756 F
--.2<766f>-.2 G 1.256<696420616e>.2 F<696e8c6e697465206c6f6f702e>117
-306.8 Q 1.205<537562737469747574696f6e206f636375727320696e20746865206f72
-646572206465736372696265642c20746861742069732c20706172616d65746572732066
-726f6d20746865204c485320617265207375627374692d>142 323 R .219<7475746564
-2c20686f73746e616d6573206172652063616e6f6e6963616c697a65642c209973756272
-6f7574696e65739a206172652063616c6c65642c20616e64208c6e616c6c79>117 335 R
-F0<2423>2.719 E F1<2c>A F0<2440>2.719 E F1 2.72<2c61>C<6e64>-2.72 E F0
-<243a>2.72 E F1 .22<6172652070726f2d>2.72 F<6365737365642e>117 347 Q F0
-2.5<352e312e332e2053656d616e74696373>102 371 R<6f662072>2.5 E
-<6577726974696e672072756c652073657473>-.18 E F1 1.848
-<54686572652061726520736978207265>142 387.2 R 1.847
-<77726974696e6720736574732074686174206861>-.25 F 2.147 -.15<76652073>-.2
-H 1.847<706563698c632073656d616e746963732e>.15 F<4669>6.847 E 2.147 -.15
-<7665206f>-.25 H 4.347<6674>.15 G 1.847
-<68657365206172652072656c61746564206173>-4.347 F
-<6465706963746564206279208c6775726520312e>117 399.2 Q 1.029<52756c657365
-742074687265652073686f756c64207475726e20746865206164647265737320696e746f
-209963616e6f6e6963616c20666f726d2e>142 415.4 R 6.029<9a54>-.7 G 1.03
-<68697320666f726d2073686f756c64206861>-6.029 F 1.33 -.15<76652074>-.2 H
-<6865>.15 E<62617369632073796e7461783a>117 427.4 Q .4 LW 77 451.4 72
-451.4 DL 79 451.4 74 451.4 DL 84 451.4 79 451.4 DL 89 451.4 84 451.4 DL
-94 451.4 89 451.4 DL 99 451.4 94 451.4 DL 104 451.4 99 451.4 DL 109
-451.4 104 451.4 DL 114 451.4 109 451.4 DL 119 451.4 114 451.4 DL 124
-451.4 119 451.4 DL 129 451.4 124 451.4 DL 134 451.4 129 451.4 DL 139
-451.4 134 451.4 DL 144 451.4 139 451.4 DL 149 451.4 144 451.4 DL 154
-451.4 149 451.4 DL 159 451.4 154 451.4 DL 164 451.4 159 451.4 DL 169
-451.4 164 451.4 DL 174 451.4 169 451.4 DL 179 451.4 174 451.4 DL 184
-451.4 179 451.4 DL 189 451.4 184 451.4 DL 194 451.4 189 451.4 DL 199
-451.4 194 451.4 DL 204 451.4 199 451.4 DL 209 451.4 204 451.4 DL 214
-451.4 209 451.4 DL 219 451.4 214 451.4 DL 224 451.4 219 451.4 DL 229
-451.4 224 451.4 DL 234 451.4 229 451.4 DL 239 451.4 234 451.4 DL 244
-451.4 239 451.4 DL 249 451.4 244 451.4 DL 254 451.4 249 451.4 DL 259
-451.4 254 451.4 DL 264 451.4 259 451.4 DL 269 451.4 264 451.4 DL 274
-451.4 269 451.4 DL 279 451.4 274 451.4 DL 284 451.4 279 451.4 DL 289
-451.4 284 451.4 DL 294 451.4 289 451.4 DL 299 451.4 294 451.4 DL 304
-451.4 299 451.4 DL 309 451.4 304 451.4 DL 314 451.4 309 451.4 DL 319
-451.4 314 451.4 DL 324 451.4 319 451.4 DL 329 451.4 324 451.4 DL 334
-451.4 329 451.4 DL 339 451.4 334 451.4 DL 344 451.4 339 451.4 DL 349
-451.4 344 451.4 DL 354 451.4 349 451.4 DL 359 451.4 354 451.4 DL 364
-451.4 359 451.4 DL 369 451.4 364 451.4 DL 374 451.4 369 451.4 DL 379
-451.4 374 451.4 DL 384 451.4 379 451.4 DL 389 451.4 384 451.4 DL 394
-451.4 389 451.4 DL 399 451.4 394 451.4 DL 404 451.4 399 451.4 DL 409
-451.4 404 451.4 DL 414 451.4 409 451.4 DL 419 451.4 414 451.4 DL 424
-451.4 419 451.4 DL 429 451.4 424 451.4 DL 434 451.4 429 451.4 DL 439
-451.4 434 451.4 DL 444 451.4 439 451.4 DL 449 451.4 444 451.4 DL 454
-451.4 449 451.4 DL 459 451.4 454 451.4 DL 464 451.4 459 451.4 DL 469
-451.4 464 451.4 DL 474 451.4 469 451.4 DL 479 451.4 474 451.4 DL 484
-451.4 479 451.4 DL 489 451.4 484 451.4 DL 494 451.4 489 451.4 DL 499
-451.4 494 451.4 DL 504 451.4 499 451.4 DL<61646472>91.915 546 Q 133.2
-543.8 111.6 543.8 DL 133.2 543.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg 133.2
-543.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Cg ST 154.8 554.6 MT 0 -21.6 RL
--21.6 0 RL 0 21.6 RL CL ST<33>141.5 546 Q 176.4 543.8 154.8 543.8 DL
-176.4 543.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg 176.4 543.8 MT -7.2 1.8 RL
-0 -3.6 RL CL 0 Cg ST 198 554.6 MT 0 -21.6 RL -21.6 0 RL 0 21.6 RL CL ST
-<44>183.59 546 Q 219.6 543.8 198 543.8 DL 277.2 525.8 255.6 525.8 DL
-277.2 525.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg 277.2 525.8 MT -7.2 1.8 RL
-0 -3.6 RL CL 0 Cg ST 298.8 536.6 MT 0 -21.6 RL -21.6 0 RL 0 21.6 RL CL
-ST<31>285.5 528 Q 320.4 525.8 298.8 525.8 DL 320.4 525.8 MT -7.2 1.8 RL
-0 -3.6 RL CL 0 Fg 320.4 525.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Cg ST 342
-536.6 MT 0 -21.6 RL -21.6 0 RL 0 21.6 RL CL ST<53>328.42 528 Q 363.6
-525.8 342 525.8 DL 277.2 561.8 255.6 561.8 DL 277.2 561.8 MT -7.2 1.8 RL
-0 -3.6 RL CL 0 Fg 277.2 561.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Cg ST 298.8
-572.6 MT 0 -21.6 RL -21.6 0 RL 0 21.6 RL CL ST<32>285.5 564 Q 320.4
-561.8 298.8 561.8 DL 320.4 561.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg 320.4
-561.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Cg ST 342 572.6 MT 0 -21.6 RL -21.6
-0 RL 0 21.6 RL CL ST<52>327.865 564 Q 363.6 561.8 342 561.8 DL 421.2
-543.8 399.6 543.8 DL 421.2 543.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg 421.2
-543.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Cg ST 442.8 554.6 MT 0 -21.6 RL
--21.6 0 RL 0 21.6 RL CL ST<34>429.5 546 Q 464.4 543.8 442.8 543.8 DL
-464.4 543.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg 464.4 543.8 MT -7.2 1.8 RL
-0 -3.6 RL CL 0 Cg ST<6d7367>466.865 546 Q 255.6 525.8 219.6 543.8 DL
-255.6 561.8 219.6 543.8 DL 399.6 543.8 363.6 525.8 DL 399.6 543.8 363.6
-561.8 DL 208.8 489.8 187.2 489.8 DL 208.8 489.8 MT -7.2 1.8 RL 0 -3.6 RL
-CL 0 Fg 208.8 489.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Cg ST 230.4 500.6 MT 0
--21.6 RL -21.6 0 RL 0 21.6 RL CL ST<30>217.1 492 Q 252 489.8 230.4 489.8
-DL 252 489.8 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg 252 489.8 MT -7.2 1.8 RL 0
--3.6 RL CL 0 Cg ST<7265736f6c76>265.69 492 Q<65642061646472657373>-.15 E
-187.2 489.8 162 543.8 DL<4669677572652031208a205265>216.045 591.8 Q
-<77726974696e67207365742073656d616e74696373>-.25 E 2.5<448a73>209.35
-603.8 S<656e64657220646f6d61696e206164646974696f6e>-2.5 E 2.5<538a6d>
-209.35 615.8 S<61696c6572>-2.5 E<2d73706563698c632073656e646572207265>
--.2 E<77726974696e67>-.25 E 2.5<528a6d>209.35 627.8 S<61696c6572>-2.5 E
-<2d73706563698c6320726563697069656e74207265>-.2 E<77726974696e67>-.25 E
-77 639.8 72 639.8 DL 79 639.8 74 639.8 DL 84 639.8 79 639.8 DL 89 639.8
-84 639.8 DL 94 639.8 89 639.8 DL 99 639.8 94 639.8 DL 104 639.8 99 639.8
-DL 109 639.8 104 639.8 DL 114 639.8 109 639.8 DL 119 639.8 114 639.8 DL
-124 639.8 119 639.8 DL 129 639.8 124 639.8 DL 134 639.8 129 639.8 DL 139
-639.8 134 639.8 DL 144 639.8 139 639.8 DL 149 639.8 144 639.8 DL 154
-639.8 149 639.8 DL 159 639.8 154 639.8 DL 164 639.8 159 639.8 DL 169
-639.8 164 639.8 DL 174 639.8 169 639.8 DL 179 639.8 174 639.8 DL 184
-639.8 179 639.8 DL 189 639.8 184 639.8 DL 194 639.8 189 639.8 DL 199
-639.8 194 639.8 DL 204 639.8 199 639.8 DL 209 639.8 204 639.8 DL 214
-639.8 209 639.8 DL 219 639.8 214 639.8 DL 224 639.8 219 639.8 DL 229
-639.8 224 639.8 DL 234 639.8 229 639.8 DL 239 639.8 234 639.8 DL 244
-639.8 239 639.8 DL 249 639.8 244 639.8 DL 254 639.8 249 639.8 DL 259
-639.8 254 639.8 DL 264 639.8 259 639.8 DL 269 639.8 264 639.8 DL 274
-639.8 269 639.8 DL 279 639.8 274 639.8 DL 284 639.8 279 639.8 DL 289
-639.8 284 639.8 DL 294 639.8 289 639.8 DL 299 639.8 294 639.8 DL 304
-639.8 299 639.8 DL 309 639.8 304 639.8 DL 314 639.8 309 639.8 DL 319
-639.8 314 639.8 DL 324 639.8 319 639.8 DL 329 639.8 324 639.8 DL 334
-639.8 329 639.8 DL 339 639.8 334 639.8 DL 344 639.8 339 639.8 DL 349
-639.8 344 639.8 DL 354 639.8 349 639.8 DL 359 639.8 354 639.8 DL 364
-639.8 359 639.8 DL 369 639.8 364 639.8 DL 374 639.8 369 639.8 DL 379
-639.8 374 639.8 DL 384 639.8 379 639.8 DL 389 639.8 384 639.8 DL 394
-639.8 389 639.8 DL 399 639.8 394 639.8 DL 404 639.8 399 639.8 DL 409
-639.8 404 639.8 DL 414 639.8 409 639.8 DL 419 639.8 414 639.8 DL 424
-639.8 419 639.8 DL 429 639.8 424 639.8 DL 434 639.8 429 639.8 DL 439
-639.8 434 639.8 DL 444 639.8 439 639.8 DL 449 639.8 444 639.8 DL 454
-639.8 449 639.8 DL 459 639.8 454 639.8 DL 464 639.8 459 639.8 DL 469
-639.8 464 639.8 DL 474 639.8 469 639.8 DL 479 639.8 474 639.8 DL 484
-639.8 479 639.8 DL 489 639.8 484 639.8 DL 494 639.8 489 639.8 DL 499
-639.8 494 639.8 DL 504 639.8 499 639.8 DL .32 LW 76 673.4 72 673.4 DL 80
-673.4 76 673.4 DL 84 673.4 80 673.4 DL 88 673.4 84 673.4 DL 92 673.4 88
-673.4 DL 96 673.4 92 673.4 DL 100 673.4 96 673.4 DL 104 673.4 100 673.4
-DL 108 673.4 104 673.4 DL 112 673.4 108 673.4 DL 116 673.4 112 673.4 DL
-120 673.4 116 673.4 DL 124 673.4 120 673.4 DL 128 673.4 124 673.4 DL 132
-673.4 128 673.4 DL 136 673.4 132 673.4 DL 140 673.4 136 673.4 DL 144
-673.4 140 673.4 DL 148 673.4 144 673.4 DL 152 673.4 148 673.4 DL 156
-673.4 152 673.4 DL 160 673.4 156 673.4 DL 164 673.4 160 673.4 DL 168
-673.4 164 673.4 DL 172 673.4 168 673.4 DL 176 673.4 172 673.4 DL 180
-673.4 176 673.4 DL 184 673.4 180 673.4 DL 188 673.4 184 673.4 DL 192
-673.4 188 673.4 DL 196 673.4 192 673.4 DL 200 673.4 196 673.4 DL 204
-673.4 200 673.4 DL 208 673.4 204 673.4 DL 212 673.4 208 673.4 DL 216
-673.4 212 673.4 DL/F4 5/Times-Roman@0 SF<3135>93.6 683.8 Q/F5 8
-/Times-Roman@0 SF -.88<596f>3.2 K 2.726<756d>.88 G .726<61792077>-2.726
-F .726<616e7420746f2075736520697420666f72207370656369616c20997065722075
-7365729a2065>-.08 F 2.726<7874656e73696f6e732e2046>-.12 F .726<6f722065>
--.12 F .725<78616d706c652c20696e20746865206164647265737320996a676d2b666f
-6f40434d552e4544559a3b2074686520992b666f6f9a>-.12 F<70617274206973206e6f
-742070617274206f66207468652075736572206e616d652c20616e642069732070617373
-656420746f20746865206c6f63616c206d61696c657220666f72206c6f63616c20757365
-2e>72 696.6 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-40 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 3.759
+(rule. The)117 96 R F0($>)3.759 E F1 1.259(syntax e)3.759 F 1.259
+(xpands e)-.15 F -.15(ve)-.25 G 1.259
+(rything after the ruleset name to the end of the replacement).15 F .976
+(string and then passes that as the initial input to the ruleset.)117
+108 R(Recursi)5.976 E 1.277 -.15(ve c)-.25 H .977(alls are allo).15 F
+3.477(wed. F)-.25 F(or)-.15 E -.15(ex)117 120 S(ample,).15 E($>0 $>3 $1)
+157 136.2 Q -.15(ex)117 152.4 S(pands $1, passes that to ruleset 3, and\
+ then passes the result of ruleset 3 to ruleset 0.).15 E(The)142 168.6 Q
+F0($#)2.769 E F1 .268(syntax should)2.769 F/F2 10/Times-Italic@0 SF
+(only)2.768 E F1 .268
+(be used in ruleset zero, a subroutine of ruleset zero, or rulesets)
+2.768 F .454(that return decisions \(e.g., check_rcpt\).)117 180.6 R
+.455(It causes e)5.454 F -.25(va)-.25 G .455
+(luation of the ruleset to terminate immedi-).25 F(ately)117 192.6 Q
+2.565(,a)-.65 G .065(nd signals to)-2.565 F F2(sendmail)2.565 E F1 .065
+(that the address has completely resolv)2.565 F 2.565(ed. The)-.15 F
+.065(complete syntax for)2.565 F(ruleset 0 is:)117 204.6 Q F0($#)157
+220.8 Q F2(mailer)A F0($@)2.5 E F2(host)A F0($:)2.5 E F2(user)A F1 .878
+(This speci\214es the {mailer)117 237 R 3.378(,h)-.4 G .879
+(ost, user} 3-tuple \(triple\) necessary to direct the mailer)-3.378 F
+5.879(.N)-.55 G .879(ote: the)-5.879 F .122(third element \()117 249 R
+F2(user)2.622 E F1 2.622(\)i)2.622 G 2.622(so)-2.622 G .122
+(ften also called)-2.622 F F2(addr)2.622 E(ess)-.37 E F1 2.621(part. If)
+2.622 F .121(the mailer is local the host part may be)2.621 F(omitted)
+117 263 Q/F3 7/Times-Roman@0 SF(15)-4 I F1 5.968(.T)4 K(he)-5.968 E F2
+(mailer)3.467 E F1 .967(must be a single w)3.467 F .967(ord, b)-.1 F
+.967(ut the)-.2 F F2(host)3.467 E F1(and)3.467 E F2(user)3.467 E F1 .967
+(may be multi-part.)3.467 F .967(If the)5.967 F F2(mailer)117 275 Q F1
+1.118(is the b)3.618 F 1.119(uilt-in IPC mailer)-.2 F 3.619(,t)-.4 G(he)
+-3.619 E F2(host)3.619 E F1 1.119
+(may be a colon \(or comma\) separated list of hosts.)3.619 F .208
+(Each is separately MX e)117 287 R .207
+(xpanded and the results are concatenated to mak)-.15 F 2.707(e\()-.1 G
+.207(essentially\) one long)-2.707 F .587(MX list.)117 299 R .587
+(Hosts separated by a comma ha)5.587 F .887 -.15(ve t)-.2 H .588
+(he same MX preference, and for each colon sepa-).15 F 1.492
+(rated host the MX preference is increased.)117 311 R(The)6.491 E F2
+(user)3.991 E F1 1.491(is later re)3.991 F 1.491(written by the mailer)
+-.25 F(-speci\214c)-.2 E(en)117 323 Q -.15(ve)-.4 G .752(lope re).15 F
+.752(writing set and assigned to the)-.25 F F0($u)3.252 E F1 3.253
+(macro. As)3.252 F 3.253(as)3.253 G .753
+(pecial case, if the mailer speci\214ed)-3.253 F .146(has the)117 335 R
+F0(F=@)2.646 E F1 .146
+(\215ag speci\214ed and the \214rst character of the)2.646 F F0($:)2.646
+E F1 -.25(va)2.646 G .145
+(lue is \231@\232, the \231@\232 is stripped of).25 F(f,)-.25 E(and a \
+\215ag is set in the address descriptor that causes sendmail to not do \
+ruleset 5 processing.)117 347 Q(Normally)142 363.2 Q 3.251(,ar)-.65 G
+.751(ule that matches is retried, that is, the rule loops until it f)
+-3.251 F 3.252(ails. A)-.1 F .752(RHS may)3.252 F 1.086
+(also be preceded by a)117 375.2 R F0($@)3.586 E F1 1.085(or a)3.585 F
+F0($:)3.585 E F1 1.085(to change this beha)3.585 F(vior)-.2 E 6.085(.A)
+-.55 G F0($@)-2.5 E F1 1.085(pre\214x causes the ruleset to)3.585 F 1.46
+(return with the remainder of the RHS as the v)117 387.2 R 3.96(alue. A)
+-.25 F F0($:)3.96 E F1 1.46(pre\214x causes the rule to terminate)3.96 F
+(immediately)117 399.2 Q 3.756(,b)-.65 G 1.256
+(ut the ruleset to continue; this can be used to a)-3.956 F -.2(vo)-.2 G
+1.256(id continued application of a).2 F 2.5(rule. The)117 411.2 R
+(pre\214x is stripped before continuing.)2.5 E(The)142 427.4 Q F0($@)2.5
+E F1(and)2.5 E F0($:)2.5 E F1(pre\214x)2.5 E(es may precede a)-.15 E F0
+($>)2.5 E F1(spec; for e)2.5 E(xample:)-.15 E 20.19(R$+ $:)157 443.6 R
+($>7 $1)2.5 E 1.256(matches an)117 459.8 R 1.256
+(ything, passes that to ruleset se)-.15 F -.15(ve)-.25 G 1.256
+(n, and continues; the).15 F F0($:)3.756 E F1 1.256(is necessary to a)
+3.756 F -.2(vo)-.2 G 1.256(id an).2 F(in\214nite loop.)117 471.8 Q 1.205
+(Substitution occurs in the order described, that is, parameters from t\
+he LHS are substi-)142 488 R .219(tuted, hostnames are canonicalized, \
+\231subroutines\232 are called, and \214nally)117 500 R F0($#)2.719 E F1
+(,)A F0($@)2.719 E F1 2.72(,a)C(nd)-2.72 E F0($:)2.72 E F1 .22(are pro-)
+2.72 F(cessed.)117 512 Q F0 2.5(5.1.3. Semantics)102 536 R(of r)2.5 E
+(ewriting rule sets)-.18 E F1 1.848(There are six re)142 552.2 R 1.847
+(writing sets that ha)-.25 F 2.147 -.15(ve s)-.2 H 1.847
+(peci\214c semantics.).15 F(Fi)6.847 E 2.147 -.15(ve o)-.25 H 4.347(ft)
+.15 G 1.847(hese are related as)-4.347 F(depicted by \214gure 1.)117
+564.2 Q 1.029
+(Ruleset three should turn the address into \231canonical form.)142
+580.4 R 6.029<9a54>-.7 G 1.03(his form should ha)-6.029 F 1.33 -.15
+(ve t)-.2 H(he).15 E(basic syntax:)117 592.4 Q
+(local-part@host-domain-spec)157 608.6 Q(Ruleset three is applied by)117
+624.8 Q F2(sendmail)2.5 E F1(before doing an)2.5 E(ything with an)-.15 E
+2.5(ya)-.15 G(ddress.)-2.5 E .302
+(If no \231@\232 sign is speci\214ed, then the host-domain-spec)142 641
+R F2(may)2.801 E F1 .301(be appended \(box \231D\232 in Fig-)2.801 F
+.577(ure 1\) from the sender address \(if the)117 653 R F0(C)3.077 E F1
+.577(\215ag is set in the mailer de\214nition corresponding to the)3.077
+F F2(sending)117 665 Q F1(mailer\).)2.5 E .32 LW 76 674.6 72 674.6 DL 80
+674.6 76 674.6 DL 84 674.6 80 674.6 DL 88 674.6 84 674.6 DL 92 674.6 88
+674.6 DL 96 674.6 92 674.6 DL 100 674.6 96 674.6 DL 104 674.6 100 674.6
+DL 108 674.6 104 674.6 DL 112 674.6 108 674.6 DL 116 674.6 112 674.6 DL
+120 674.6 116 674.6 DL 124 674.6 120 674.6 DL 128 674.6 124 674.6 DL 132
+674.6 128 674.6 DL 136 674.6 132 674.6 DL 140 674.6 136 674.6 DL 144
+674.6 140 674.6 DL 148 674.6 144 674.6 DL 152 674.6 148 674.6 DL 156
+674.6 152 674.6 DL 160 674.6 156 674.6 DL 164 674.6 160 674.6 DL 168
+674.6 164 674.6 DL 172 674.6 168 674.6 DL 176 674.6 172 674.6 DL 180
+674.6 176 674.6 DL 184 674.6 180 674.6 DL 188 674.6 184 674.6 DL 192
+674.6 188 674.6 DL 196 674.6 192 674.6 DL 200 674.6 196 674.6 DL 204
+674.6 200 674.6 DL 208 674.6 204 674.6 DL 212 674.6 208 674.6 DL 216
+674.6 212 674.6 DL/F4 5/Times-Roman@0 SF(15)93.6 685 Q/F5 8
+/Times-Roman@0 SF -.88(Yo)3.2 K 2.725(um).88 G .725(ay w)-2.725 F .726
+(ant to use it for special \231per user\232 e)-.08 F 2.726(xtensions. F)
+-.12 F .726(or e)-.12 F .726
+(xample, in the address \231jgm+foo@CMU.EDU\232; the \231+foo\232)-.12 F
+(part is not part of the user name, and is passed to the local mailer f\
+or local use.)72 697.8 Q 0 Cg EP
%%Page: 41 37
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3431>195.86 E
-/F1 10/Times-Roman@0 SF
-<6c6f63616c2d7061727440686f73742d646f6d61696e2d73706563>157 96 Q
-<52756c65736574207468726565206973206170706c696564206279>117 112.2 Q/F2
-10/Times-Italic@0 SF<73656e646d61696c>2.5 E F1
-<6265666f726520646f696e6720616e>2.5 E<797468696e67207769746820616e>-.15
-E 2.5<7961>-.15 G<6464726573732e>-2.5 E .302<4966206e6f2099409a20736967
-6e2069732073706563698c65642c207468656e2074686520686f73742d646f6d61696e2d
-73706563>142 128.4 R F2<6d6179>2.801 E F1 .301
-<626520617070656e6465642028626f782099449a20696e204669672d>2.801 F .577<
-7572652031292066726f6d207468652073656e6465722061646472657373202869662074
-6865>117 140.4 R F0<43>3.077 E F1 .577<8d61672069732073657420696e207468
-65206d61696c65722064658c6e6974696f6e20636f72726573706f6e64696e6720746f20
-746865>3.077 F F2<73656e64696e67>117 152.4 Q F1<6d61696c6572292e>2.5 E
-1.021<52756c65736574207a65726f206973206170706c6965642061667465722072756c
-6573657420746872656520746f2061646472657373657320746861742061726520676f69
-6e6720746f2061637475616c6c792073706563696679>142 168.6 R 2.818
-<726563697069656e74732e204974>117 180.6 R .318<6d757374207265736f6c76>
-2.818 F 2.818<6574>-.15 G 2.819<6f61>-2.818 G F2<7b6d61696c6572>A 2.819
-<2c68>-1.11 G .319<6f73742c2061646472>-2.819 F<6573737d>-.37 E F1 2.819
-<747269706c652e20546865>2.819 F F2<6d61696c6572>2.819 E F1 .319
-<6d7573742062652064658c6e656420696e20746865>2.819 F .752<6d61696c657220
-64658c6e6974696f6e732066726f6d2074686520636f6e8c6775726174696f6e208c6c65
-2e>117 192.6 R<546865>5.751 E F2<686f7374>3.251 E F1 .751
-<69732064658c6e656420696e746f20746865>3.251 F F0<2468>3.251 E F1 .751
-<6d6163726f20666f722075736520696e>3.251 F 1.202<746865206172>117 204.6 R
-1.202<67762065>-.18 F 1.203
-<7870616e73696f6e206f66207468652073706563698c6564206d61696c6572>-.15 F
-6.203<2e4e>-.55 G 1.203<6f746963653a2073696e63652074686520656e>-6.203 F
--.15<7665>-.4 G 1.203
-<6c6f70652073656e64657220616464726573732077696c6c206265>.15 F .645
-<7573656420696620612064656c69>117 216.6 R -.15<7665>-.25 G .644<72792073
-7461747573206e6f74698c636174696f6e206d7573742062652073656e642c20692e652e
-2c206973206d61792073706563696679206120726563697069656e742c20697420697320
-616c736f2072756e>.15 F 1.548<7468726f7567682072756c65736574207a65726f2e>
-117 228.6 R 1.548<49662072756c65736574207a65726f2072657475726e7320612074
-656d706f72617279206572726f72>6.548 F F0<347879>4.049 E F1 1.549
-<7468656e2064656c69>4.049 F -.15<7665>-.25 G 1.549
-<72792069732064656665727265642e>.15 F .064<546869732063616e206265207573
-656420746f2074656d706f726172696c792064697361626c652064656c69>117 240.6 R
--.15<7665>-.25 G<7279>.15 E 2.564<2c65>-.65 G .064<2e672e2c206261736564
-206f6e207468652074696d65206f662074686520646179206f72206f746865722076>
--2.564 F<6172792d>-.25 E<696e6720706172616d65746572732e>117 252.6 Q<4974
-2073686f756c64206e6f74206265207573656420746f2071756172616e74696e6520652d
-6d61696c732e>5 E .452<52756c6573657473206f6e6520616e64207477>142 268.8 R
-2.952<6f61>-.1 G .452<7265206170706c69656420746f20616c6c2073656e64657220
-616e6420726563697069656e7420616464726573736573207265737065637469>-2.952
-F -.15<7665>-.25 G<6c79>.15 E 5.453<2e54>-.65 G<6865>-5.453 E<79>-.15 E
-<617265206170706c696564206265666f726520616e>117 280.8 Q 2.5<7973>-.15 G<
-706563698c636174696f6e20696e20746865206d61696c65722064658c6e6974696f6e2e>
--2.5 E<546865>5 E 2.5<796d>-.15 G<757374206e65>-2.5 E -.15<7665>-.25 G
-2.5<7272>.15 G<65736f6c76>-2.5 E<652e>-.15 E 1.266<52756c6573657420666f
-7572206973206170706c69656420746f20616c6c2061646472657373657320696e207468
-65206d6573736167652e>142 297 R 1.265
-<4974206973207479706963616c6c79207573656420746f207472616e736c617465>
-6.265 F<696e7465726e616c20746f2065>117 309 Q<787465726e616c20666f726d2e>
--.15 E .652<496e206164646974696f6e2c2072756c657365742035206973206170706c
-69656420746f20616c6c206c6f63616c20616464726573736573202873706563698c6361
-6c6c79>142 325.2 R 3.153<2c74>-.65 G .653
-<686f73652074686174207265736f6c76>-3.153 F 3.153<6574>-.15 G 3.153<6f61>
--3.153 G .296<6d61696c65722077697468207468652060463d3527208d616720736574
-29207468617420646f206e6f74206861>117 337.2 R .596 -.15<76652061>-.2 H
-2.796<6c69617365732e2054686973>.15 F<616c6c6f>2.796 E .296
-<77732061206c617374206d696e75746520686f6f6b20666f72206c6f63616c>-.25 F
-<6e616d65732e>117 349.2 Q F0 2.5<352e312e342e2052756c65736574>102 373.2
-R<686f6f6b73>2.5 E F1 3.814<4166>142 389.4 S 1.814 -.25<65772065>-3.814
-H 1.315<787472612072756c6573657473206172652064658c6e65642061732099686f6f
-6b739a20746861742063616e2062652064658c6e656420746f2067657420737065636961
-6c2066656174757265732e>.1 F<546865>117 401.4 Q 3.468<7961>-.15 G .968
-<726520616c6c206e616d65642072756c65736574732e>-3.468 F .968
-<5468652099636865636b5f2a9a20666f726d7320616c6c206769>5.968 F 1.268 -.15
-<76652061>-.25 H .968<63636570742f72656a656374207374617475733b2066>.15 F
-.967<616c6c696e67206f66>-.1 F 3.467<6674>-.25 G<6865>-3.467 E .207<656e
-64206f722072657475726e696e67206e6f726d616c6c7920697320616e20616363657074
-2c20616e64207265736f6c76696e6720746f>117 413.4 R F0<2423657272>2.707 E
-<6f72>-.18 E F1 .207
-<697320612072656a656374206f722071756172616e74696e652e>2.707 F<51756172>
-5.207 E<2d>-.2 E
-<616e74696e696e672069732063686f73656e2062792073706563696679696e67>117
-425.4 Q F0<71756172616e74696e65>2.5 E F1<696e20746865207365636f6e642070
-617274206f6620746865206d61696c657220747269706c65743a>2.5 E<24236572726f
-722024402071756172616e74696e6520243a20526561736f6e20666f722071756172616e
-74696e65>157 441.6 Q<4d616e>117 457.8 Q 3.121<796f>-.15 G 3.121<6674>
--3.121 G .621<686573652063616e20616c736f207265736f6c76>-3.121 F 3.121
-<6574>-.15 G 3.121<6f74>-3.121 G .621
-<6865207370656369616c206d61696c6572206e616d65>-3.121 F F0
-<242364697363617264>3.12 E F1 3.12<3b74>C .62
-<686973206163636570747320746865206d657373616765>-3.12 F .923
-<61732074686f7567682069742077657265207375636365737366756c2062>117 469.8
-R .923<7574207468656e20646973636172647320697420776974686f75742064656c69>
--.2 F -.15<7665>-.25 G<7279>.15 E 5.924<2e4e>-.65 G .924
-<6f74652c2074686973206d61696c65722063616e6e6f74206265>-5.924 F .682
-<63686f73656e2061732061206d61696c657220696e2072756c6573657420302e>117
-481.8 R .682<4e6f746520616c736f207468617420616c6c2099636865636b5f2a9a20
-72756c6573657473206861>5.682 F .981 -.15<76652074>-.2 H 3.181<6f64>.15 G
-.681<65616c20776974682074656d706f2d>-3.181 F .682<726172792066>117 493.8
-R .682<61696c757265732c20657370656369616c6c7920666f72206d6170206c6f6f6b
-7570732c207468656d73656c76>-.1 F .682<65732c20692e652e2c20746865>-.15 F
-3.182<7973>-.15 G .683
-<686f756c642072657475726e20612074656d706f72617279206572726f72>-3.182 F
-<636f6465206f72206174206c6561737420746865>117 505.8 Q 2.5<7973>-.15 G
-<686f756c64206d616b>-2.5 E 2.5<656170>-.1 G
-<726f706572206465636973696f6e20696e2074686f73652063617365732e>-2.5 E F0
-2.5<352e312e342e312e20636865636b5f72>117 529.8 R<656c6179>-.18 E F1
-<546865>157 546 Q F2 -.15<6368>3.336 G<6563>.15 E<6b5f72>-.2 E<656c6179>
--.37 E F1 .836<72756c657365742069732063616c6c6564206166746572206120636f
-6e6e656374696f6e20697320616363657074656420627920746865206461656d6f6e2e>
-3.336 F .835<4974206973>5.835 F<6e6f742063616c6c6564207768656e2073656e64
-6d61696c2069732073746172746564207573696e6720746865>132 558 Q F0<ad6273>
-2.5 E F1 2.5<6f7074696f6e2e204974>2.5 F<697320706173736564>2.5 E<636c69
-656e742e686f73742e6e616d6520247c20636c69656e742e686f73742e61646472657373>
-172 574.2 Q<7768657265>132 590.4 Q F0<247c>4.016 E F1 1.517<69732061206d
-6574616368617261637465722073657061726174696e6720746865207477>4.017 F
-4.017<6f70>-.1 G 4.017<617274732e2054686973>-4.017 F 1.517
-<72756c657365742063616e2072656a65637420636f6e6e656374696f6e73>4.017 F
-.323<66726f6d2076>132 602.4 R .323<6172696f7573206c6f636174696f6e732e>
--.25 F .322<4e6f74652074686174206974206f6e6c7920636865636b73207468652063
-6f6e6e656374696e6720534d545020636c69656e74204950206164647265737320616e64>
-5.322 F 3.463<686f73746e616d652e204974>132 614.4 R .963<646f6573206e6f74
-20636865636b20666f72207468697264207061727479206d6573736167652072656c6179
-696e672e>3.463 F<546865>5.963 E F2 -.15<6368>3.463 G<6563>.15 E<6b5f72>
--.2 E<637074>-.37 E F1 .964<72756c65736574206469732d>3.463 F
-<6375737365642062656c6f>132 626.4 Q 2.5<7775>-.25 G<7375616c6c7920646f65
-73207468697264207061727479206d6573736167652072656c617920636865636b696e67
-2e>-2.5 E F0 2.5<352e312e342e322e20636865636b5f6d61696c>117 650.4 R F1
-<546865>157 666.6 Q F2 -.15<6368>3.723 G<6563>.15 E<6b5f6d61696c>-.2 E
-F1 1.223<72756c6573657420697320706173736564207468652075736572206e616d65
-20706172616d65746572206f6620746865>3.723 F/F3 9/Times-Roman@0 SF 1.222
-<534d5450204d41494c>3.723 F F1<636f6d2d>3.722 E 2.5<6d616e642e204974>132
-678.6 R
-<63616e20616363657074206f722072656a6563742074686520616464726573732e>2.5
-E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-41)195.86 E .4 LW 77 108 72 108 DL 79 108 74 108 DL 84 108 79
+108 DL 89 108 84 108 DL 94 108 89 108 DL 99 108 94 108 DL 104 108 99 108
+DL 109 108 104 108 DL 114 108 109 108 DL 119 108 114 108 DL 124 108 119
+108 DL 129 108 124 108 DL 134 108 129 108 DL 139 108 134 108 DL 144 108
+139 108 DL 149 108 144 108 DL 154 108 149 108 DL 159 108 154 108 DL 164
+108 159 108 DL 169 108 164 108 DL 174 108 169 108 DL 179 108 174 108 DL
+184 108 179 108 DL 189 108 184 108 DL 194 108 189 108 DL 199 108 194 108
+DL 204 108 199 108 DL 209 108 204 108 DL 214 108 209 108 DL 219 108 214
+108 DL 224 108 219 108 DL 229 108 224 108 DL 234 108 229 108 DL 239 108
+234 108 DL 244 108 239 108 DL 249 108 244 108 DL 254 108 249 108 DL 259
+108 254 108 DL 264 108 259 108 DL 269 108 264 108 DL 274 108 269 108 DL
+279 108 274 108 DL 284 108 279 108 DL 289 108 284 108 DL 294 108 289 108
+DL 299 108 294 108 DL 304 108 299 108 DL 309 108 304 108 DL 314 108 309
+108 DL 319 108 314 108 DL 324 108 319 108 DL 329 108 324 108 DL 334 108
+329 108 DL 339 108 334 108 DL 344 108 339 108 DL 349 108 344 108 DL 354
+108 349 108 DL 359 108 354 108 DL 364 108 359 108 DL 369 108 364 108 DL
+374 108 369 108 DL 379 108 374 108 DL 384 108 379 108 DL 389 108 384 108
+DL 394 108 389 108 DL 399 108 394 108 DL 404 108 399 108 DL 409 108 404
+108 DL 414 108 409 108 DL 419 108 414 108 DL 424 108 419 108 DL 429 108
+424 108 DL 434 108 429 108 DL 439 108 434 108 DL 444 108 439 108 DL 449
+108 444 108 DL 454 108 449 108 DL 459 108 454 108 DL 464 108 459 108 DL
+469 108 464 108 DL 474 108 469 108 DL 479 108 474 108 DL 484 108 479 108
+DL 489 108 484 108 DL 494 108 489 108 DL 499 108 494 108 DL 504 108 499
+108 DL/F1 10/Times-Roman@0 SF(addr)91.915 202.6 Q 133.2 200.4 MT -7.2
+1.8 RL 0 -3.6 RL CL 0 Fg 133.2 200.4 MT -7.2 1.8 RL 0 -3.6 RL CL .1 LW 0
+Cg ST .4 LW 126 200.4 111.6 200.4 DL 154.8 211.2 MT 0 -21.6 RL -21.6 0
+RL 0 21.6 RL CL ST(3)141.5 202.6 Q 176.4 200.4 MT -7.2 1.8 RL 0 -3.6 RL
+CL 0 Fg 176.4 200.4 MT -7.2 1.8 RL 0 -3.6 RL CL .1 LW 0 Cg ST .4 LW
+169.2 200.4 154.8 200.4 DL 198 211.2 MT 0 -21.6 RL -21.6 0 RL 0 21.6 RL
+CL ST(D)183.59 202.6 Q 219.6 200.4 198 200.4 DL 277.2 182.4 MT -7.2 1.8
+RL 0 -3.6 RL CL 0 Fg 277.2 182.4 MT -7.2 1.8 RL 0 -3.6 RL CL .1 LW 0 Cg
+ST .4 LW 270 182.4 255.6 182.4 DL 298.8 193.2 MT 0 -21.6 RL -21.6 0 RL 0
+21.6 RL CL ST(1)285.5 184.6 Q 320.4 182.4 MT -7.2 1.8 RL 0 -3.6 RL CL 0
+Fg 320.4 182.4 MT -7.2 1.8 RL 0 -3.6 RL CL .1 LW 0 Cg ST .4 LW 313.2
+182.4 298.8 182.4 DL 342 193.2 MT 0 -21.6 RL -21.6 0 RL 0 21.6 RL CL ST
+(S)328.42 184.6 Q 363.6 182.4 342 182.4 DL 277.2 218.4 MT -7.2 1.8 RL 0
+-3.6 RL CL 0 Fg 277.2 218.4 MT -7.2 1.8 RL 0 -3.6 RL CL .1 LW 0 Cg ST .4
+LW 270 218.4 255.6 218.4 DL 298.8 229.2 MT 0 -21.6 RL -21.6 0 RL 0 21.6
+RL CL ST(2)285.5 220.6 Q 320.4 218.4 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg
+320.4 218.4 MT -7.2 1.8 RL 0 -3.6 RL CL .1 LW 0 Cg ST .4 LW 313.2 218.4
+298.8 218.4 DL 342 229.2 MT 0 -21.6 RL -21.6 0 RL 0 21.6 RL CL ST(R)
+327.865 220.6 Q 363.6 218.4 342 218.4 DL 421.2 200.4 MT -7.2 1.8 RL 0
+-3.6 RL CL 0 Fg 421.2 200.4 MT -7.2 1.8 RL 0 -3.6 RL CL .1 LW 0 Cg ST .4
+LW 414 200.4 399.6 200.4 DL 442.8 211.2 MT 0 -21.6 RL -21.6 0 RL 0 21.6
+RL CL ST(4)429.5 202.6 Q 464.4 200.4 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg
+464.4 200.4 MT -7.2 1.8 RL 0 -3.6 RL CL .1 LW 0 Cg ST .4 LW 457.2 200.4
+442.8 200.4 DL(msg)466.865 202.6 Q 255.6 182.4 219.6 200.4 DL 255.6
+218.4 219.6 200.4 DL 399.6 200.4 363.6 182.4 DL 399.6 200.4 363.6 218.4
+DL 208.8 146.4 MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg 208.8 146.4 MT -7.2 1.8
+RL 0 -3.6 RL CL .1 LW 0 Cg ST .4 LW 201.6 146.4 187.2 146.4 DL 230.4
+157.2 MT 0 -21.6 RL -21.6 0 RL 0 21.6 RL CL ST(0)217.1 148.6 Q 252 146.4
+MT -7.2 1.8 RL 0 -3.6 RL CL 0 Fg 252 146.4 MT -7.2 1.8 RL 0 -3.6 RL CL
+.1 LW 0 Cg ST .4 LW 244.8 146.4 230.4 146.4 DL(resolv)265.69 148.6 Q
+(ed address)-.15 E 187.2 146.4 162 200.4 DL(Figure 1 \212 Re)216.045
+248.4 Q(writing set semantics)-.25 E 2.5(D\212s)209.35 260.4 S
+(ender domain addition)-2.5 E 2.5(S\212m)209.35 272.4 S(ailer)-2.5 E
+(-speci\214c sender re)-.2 E(writing)-.25 E 2.5(R\212m)209.35 284.4 S
+(ailer)-2.5 E(-speci\214c recipient re)-.2 E(writing)-.25 E 77 296.4 72
+296.4 DL 79 296.4 74 296.4 DL 84 296.4 79 296.4 DL 89 296.4 84 296.4 DL
+94 296.4 89 296.4 DL 99 296.4 94 296.4 DL 104 296.4 99 296.4 DL 109
+296.4 104 296.4 DL 114 296.4 109 296.4 DL 119 296.4 114 296.4 DL 124
+296.4 119 296.4 DL 129 296.4 124 296.4 DL 134 296.4 129 296.4 DL 139
+296.4 134 296.4 DL 144 296.4 139 296.4 DL 149 296.4 144 296.4 DL 154
+296.4 149 296.4 DL 159 296.4 154 296.4 DL 164 296.4 159 296.4 DL 169
+296.4 164 296.4 DL 174 296.4 169 296.4 DL 179 296.4 174 296.4 DL 184
+296.4 179 296.4 DL 189 296.4 184 296.4 DL 194 296.4 189 296.4 DL 199
+296.4 194 296.4 DL 204 296.4 199 296.4 DL 209 296.4 204 296.4 DL 214
+296.4 209 296.4 DL 219 296.4 214 296.4 DL 224 296.4 219 296.4 DL 229
+296.4 224 296.4 DL 234 296.4 229 296.4 DL 239 296.4 234 296.4 DL 244
+296.4 239 296.4 DL 249 296.4 244 296.4 DL 254 296.4 249 296.4 DL 259
+296.4 254 296.4 DL 264 296.4 259 296.4 DL 269 296.4 264 296.4 DL 274
+296.4 269 296.4 DL 279 296.4 274 296.4 DL 284 296.4 279 296.4 DL 289
+296.4 284 296.4 DL 294 296.4 289 296.4 DL 299 296.4 294 296.4 DL 304
+296.4 299 296.4 DL 309 296.4 304 296.4 DL 314 296.4 309 296.4 DL 319
+296.4 314 296.4 DL 324 296.4 319 296.4 DL 329 296.4 324 296.4 DL 334
+296.4 329 296.4 DL 339 296.4 334 296.4 DL 344 296.4 339 296.4 DL 349
+296.4 344 296.4 DL 354 296.4 349 296.4 DL 359 296.4 354 296.4 DL 364
+296.4 359 296.4 DL 369 296.4 364 296.4 DL 374 296.4 369 296.4 DL 379
+296.4 374 296.4 DL 384 296.4 379 296.4 DL 389 296.4 384 296.4 DL 394
+296.4 389 296.4 DL 399 296.4 394 296.4 DL 404 296.4 399 296.4 DL 409
+296.4 404 296.4 DL 414 296.4 409 296.4 DL 419 296.4 414 296.4 DL 424
+296.4 419 296.4 DL 429 296.4 424 296.4 DL 434 296.4 429 296.4 DL 439
+296.4 434 296.4 DL 444 296.4 439 296.4 DL 449 296.4 444 296.4 DL 454
+296.4 449 296.4 DL 459 296.4 454 296.4 DL 464 296.4 459 296.4 DL 469
+296.4 464 296.4 DL 474 296.4 469 296.4 DL 479 296.4 474 296.4 DL 484
+296.4 479 296.4 DL 489 296.4 484 296.4 DL 494 296.4 489 296.4 DL 499
+296.4 494 296.4 DL 504 296.4 499 296.4 DL 1.021(Ruleset zero is applied\
+ after ruleset three to addresses that are going to actually specify)142
+332.4 R 2.818(recipients. It)117 344.4 R .318(must resolv)2.818 F 2.818
+(et)-.15 G 2.819(oa)-2.818 G/F2 10/Times-Italic@0 SF({mailer)A 2.819(,h)
+-1.11 G .319(ost, addr)-2.819 F(ess})-.37 E F1 2.819(triple. The)2.819 F
+F2(mailer)2.819 E F1 .319(must be de\214ned in the)2.819 F .752
+(mailer de\214nitions from the con\214guration \214le.)117 356.4 R(The)
+5.751 E F2(host)3.251 E F1 .751(is de\214ned into the)3.251 F F0($h)
+3.251 E F1 .751(macro for use in)3.251 F 1.202(the ar)117 368.4 R 1.202
+(gv e)-.18 F 1.203(xpansion of the speci\214ed mailer)-.15 F 6.203(.N)
+-.55 G 1.203(otice: since the en)-6.203 F -.15(ve)-.4 G 1.203
+(lope sender address will be).15 F .707(used if a deli)117 380.4 R -.15
+(ve)-.25 G .706(ry status noti\214cation must be send, i.e., it may spe\
+cify a recipient, it is also run).15 F 1.548(through ruleset zero.)117
+392.4 R 1.548(If ruleset zero returns a temporary error)6.548 F F0(4xy)
+4.049 E F1 1.549(then deli)4.049 F -.15(ve)-.25 G 1.549(ry is deferred.)
+.15 F .064(This can be used to temporarily disable deli)117 404.4 R -.15
+(ve)-.25 G(ry).15 E 2.564(,e)-.65 G .064
+(.g., based on the time of the day or other v)-2.564 F(ary-)-.25 E
+(ing parameters.)117 416.4 Q
+(It should not be used to quarantine e-mails.)5 E .452
+(Rulesets one and tw)142 432.6 R 2.952(oa)-.1 G .452
+(re applied to all sender and recipient addresses respecti)-2.952 F -.15
+(ve)-.25 G(ly).15 E 5.453(.T)-.65 G(he)-5.453 E(y)-.15 E
+(are applied before an)117 444.6 Q 2.5(ys)-.15 G
+(peci\214cation in the mailer de\214nition.)-2.5 E(The)5 E 2.5(ym)-.15 G
+(ust ne)-2.5 E -.15(ve)-.25 G 2.5(rr).15 G(esolv)-2.5 E(e.)-.15 E 1.266
+(Ruleset four is applied to all addresses in the message.)142 460.8 R
+1.265(It is typically used to translate)6.265 F(internal to e)117 472.8
+Q(xternal form.)-.15 E .652(In addition, ruleset 5 is applied to all lo\
+cal addresses \(speci\214cally)142 489 R 3.153(,t)-.65 G .653
+(hose that resolv)-3.153 F 3.153(et)-.15 G 3.153(oa)-3.153 G .296
+(mailer with the `F=5' \215ag set\) that do not ha)117 501 R .596 -.15
+(ve a)-.2 H 2.796(liases. This).15 F(allo)2.796 E .296
+(ws a last minute hook for local)-.25 F(names.)117 513 Q F0 2.5
+(5.1.4. Ruleset)102 537 R(hooks)2.5 E F1 3.814(Af)142 553.2 S 1.814 -.25
+(ew e)-3.814 H 1.315(xtra rulesets are de\214ned as \231hooks\232 that \
+can be de\214ned to get special features.).1 F(The)117 565.2 Q 3.468(ya)
+-.15 G .968(re all named rulesets.)-3.468 F .968
+(The \231check_*\232 forms all gi)5.968 F 1.268 -.15(ve a)-.25 H .968
+(ccept/reject status; f).15 F .967(alling of)-.1 F 3.467(ft)-.25 G(he)
+-3.467 E .207(end or returning normally is an accept, and resolving to)
+117 577.2 R F0($#err)2.707 E(or)-.18 E F1 .207
+(is a reject or quarantine.)2.707 F(Quar)5.207 E(-)-.2 E
+(antining is chosen by specifying)117 589.2 Q F0(quarantine)2.5 E F1
+(in the second part of the mailer triplet:)2.5 E
+($#error $@ quarantine $: Reason for quarantine)157 605.4 Q(Man)117
+621.6 Q 3.121(yo)-.15 G 3.121(ft)-3.121 G .621(hese can also resolv)
+-3.121 F 3.121(et)-.15 G 3.121(ot)-3.121 G .621(he special mailer name)
+-3.121 F F0($#discard)3.12 E F1 3.12(;t)C .62(his accepts the message)
+-3.12 F .923(as though it were successful b)117 633.6 R .923
+(ut then discards it without deli)-.2 F -.15(ve)-.25 G(ry).15 E 5.924
+(.N)-.65 G .924(ote, this mailer cannot be)-5.924 F .682
+(chosen as a mailer in ruleset 0.)117 645.6 R .682
+(Note also that all \231check_*\232 rulesets ha)5.682 F .981 -.15(ve t)
+-.2 H 3.181(od).15 G .681(eal with tempo-)-3.181 F .682(rary f)117 657.6
+R .682(ailures, especially for map lookups, themselv)-.1 F .682
+(es, i.e., the)-.15 F 3.182(ys)-.15 G .683
+(hould return a temporary error)-3.182 F(code or at least the)117 669.6
+Q 2.5(ys)-.15 G(hould mak)-2.5 E 2.5(eap)-.1 G
+(roper decision in those cases.)-2.5 E F0 2.5(5.1.4.1. check_r)117 693.6
+R(elay)-.18 E F1(The)157 709.8 Q F2 -.15(ch)3.336 G(ec).15 E(k_r)-.2 E
+(elay)-.37 E F1 .836
+(ruleset is called after a connection is accepted by the daemon.)3.336 F
+.835(It is)5.835 F(not called when sendmail is started using the)132
+721.8 Q F0(\255bs)2.5 E F1 2.5(option. It)2.5 F(is passed)2.5 E 0 Cg EP
%%Page: 42 38
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d34322053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-2.5<352e312e342e332e20636865636b5f72>117 96 R<637074>-.18 E/F1 10
-/Times-Roman@0 SF<546865>157 112.2 Q/F2 10/Times-Italic@0 SF -.15<6368>
-3.917 G<6563>.15 E<6b5f72>-.2 E<637074>-.37 E F1 1.417<72756c6573657420
-697320706173736564207468652075736572206e616d6520706172616d65746572206f66
-20746865>3.917 F/F3 9/Times-Roman@0 SF 1.418<534d54502052435054>3.917 F
-F1<636f6d2d>3.918 E 2.5<6d616e642e204974>132 124.2 R
-<63616e20616363657074206f722072656a6563742074686520616464726573732e>2.5
-E F0 2.5<352e312e342e342e20636865636b5f64617461>117 148.2 R F1<546865>
-157 164.4 Q F2 -.15<6368>3.246 G<6563>.15 E<6b5f64617461>-.2 E F1 .746
-<72756c657365742069732063616c6c656420616674657220746865>3.246 F F3 .746
-<534d54502044>3.246 F -1.089 -.999<41542041>-.36 H F1 .745
-<636f6d6d616e642c2069747320706172616d6574657220697320746865>4.245 F
-<6e756d626572206f6620726563697069656e74732e>132 176.4 Q<49742063616e2061
-6363657074206f722072656a6563742074686520636f6d6d616e642e>5 E F0 2.5
-<352e312e342e352e20636865636b5f636f6d706174>117 200.4 R F1<546865>157
-216.6 Q F2 -.15<6368>2.5 G<6563>.15 E<6b5f636f6d706174>-.2 E F1
-<72756c6573657420697320706173736564>2.5 E<73656e646572>172 232.8 Q
-<2d6164647265737320247c20726563697069656e742d61646472657373>-.2 E
-<7768657265>132 249 Q F0<247c>3.725 E F1 1.225<69732061206d657461636861
-7261637465722073657061726174696e6720746865206164647265737365732e>3.725 F
-1.225<49742063616e20616363657074206f722072656a656374206d61696c207472616e
-73666572>6.225 F 2.386<6265747765656e207468657365207477>132 261 R 4.886
-<6f61>-.1 G 2.386<6464726573736573206d756368206c696b>-4.886 F 4.885
-<6574>-.1 G<6865>-4.885 E F2 -.15<6368>4.885 G<6563>.15 E
-<6b636f6d7061742829>-.2 E F1 4.885<66756e6374696f6e2e204e6f74653a>4.885
-F 2.385<7768696c65206f74686572>4.885 F F2 -.15<6368>132 273 S<6563>.15 E
-<6b5f2a>-.2 E F1 1.99<72756c65736574732061726520696e>4.49 F -.2<766f>-.4
-G -.1<6b65>.2 G 4.49<6464>.1 G 1.99<7572696e672074686520534d5450206d6169
-6c2072656365697074696f6e2073746167652028692e652e2c20696e2074686520534d54
-50>-4.49 F<73657276>132 285 Q<6572292c>-.15 E F2 -.15<6368>2.5 G<6563>
-.15 E<6b5f636f6d706174>-.2 E F1<697320696e>2.5 E -.2<766f>-.4 G -.1
-<6b65>.2 G 2.5<6464>.1 G<7572696e6720746865206d61696c2064656c69>-2.5 E
--.15<7665>-.25 G<72792073746167652e>.15 E F0 2.5
-<352e312e342e362e20636865636b5f656f68>117 309 R F1<546865>157 325.2 Q F2
--.15<6368>2.5 G<6563>.15 E<6b5f656f68>-.2 E F1
-<72756c6573657420697320706173736564>2.5 E<6e756d626572>172 341.4 Q
-<2d6f662d6865616465727320247c2073697a652d6f662d68656164657273>-.2 E
-<7768657265>132 357.6 Q F0<247c>3.803 E F1 1.303<69732061206d6574616368
-617261637465722073657061726174696e6720746865206e756d626572732e>3.803 F
-1.303
-<5468657365206e756d626572732063616e206265207573656420666f722073697a65>
-6.303 F .588<636f6d70617269736f6e73207769746820746865>132 369.6 R F0
-<6172697468>3.088 E F1 3.088<6d61702e20546865>3.088 F .588<72756c657365
-742069732074726967676572656420616674657220616c6c206f66207468652068656164
-657273206861>3.088 F .888 -.15<76652062>-.2 H<65656e>.15 E 3.262
-<726561642e204974>132 381.6 R .762<63616e206265207573656420746f20636f72
-72656c61746520696e666f726d6174696f6e2067>3.262 F .761<617468657265642066
-726f6d2074686f73652068656164657273207573696e6720746865>-.05 F F0
-<6d616372>3.261 E<6f>-.18 E F1<73746f72616765206d61702e>132 393.6 Q<4f6e
-6520706f737369626c652075736520697320746f20636865636b20666f722061206d6973
-73696e6720686561646572>5 E 5<2e46>-.55 G<6f722065>-5.15 E
-<78616d706c653a>-.15 E<4b73746f72616765206d6163726f>172 409.8 Q
-<484d6573736167652d49643a20243e436865636b4d6573736167654964>172 421.8 Q
-<53436865636b4d6573736167654964>172 445.8 Q 2.5<2352>172 457.8 S
-<65636f7264207468652070726573656e6365206f662074686520686561646572>-2.5 E
-88.83<52242a20243a>172 469.8 R<242873746f72616765207b4d6573736167654964
-436865636b7d202440204f4b202429202431>2.5 E<523c20242b204020242b203e>172
-481.8 Q<2440204f4b>49.56 E 88.83<52242a2024236572726f72>172 493.8 R
-<243a2035353320486561646572204572726f72>2.5 E<53636865636b5f656f68>172
-517.8 Q 2.5<2343>172 529.8 S<6865636b20746865206d6163726f>-2.5 E 88.83
-<52242a20243a>172 541.8 R 2.5<3c24>2.5 G
-<267b4d6573736167654964436865636b7d203e>-2.5 E 2.5<2343>172 553.8 S
-<6c65617220746865206d6163726f20666f7220746865206e65>-2.5 E
-<7874206d657373616765>-.15 E 88.83<52242a20243a>172 565.8 R
-<242873746f72616765207b4d6573736167654964436865636b7d202429202431>2.5 E
-2.5<2348>172 577.8 S<61732061204d6573736167652d49643a20686561646572>-2.5
-E<523c20242b203e>172 589.8 Q<2440204f4b>74.41 E 2.5<2341>172 601.8 S
-<6c6c6f>-2.5 E 2.5<776d>-.25 G
-<697373696e67204d6573736167652d49643a2066726f6d206c6f63616c206d61696c>
--2.5 E 88.83<52242a20243a>172 613.8 R 2.5<3c24>2.5 G
-<267b636c69656e745f6e616d657d203e>-2.5 E<523c203e>172 625.8 Q
-<2440204f4b>87.55 E<523c20243d77203e>172 637.8 Q<2440204f4b>67.19 E 2.5
-<234f>172 649.8 S<74686572776973652c2072656a65637420746865206d61696c>
--2.5 E 88.83<52242a2024236572726f72>172 661.8 R
-<243a2035353320486561646572204572726f72>2.5 E -.25<4b65>132 678 S .459<
-657020696e206d696e6420746865204d6573736167652d49643a20686561646572206973
-206e6f7420612072657175697265642068656164657220616e64206973206e6f74206120
-67756172616e74656564207370616d>.25 F<696e64696361746f72>132 690 Q 5
-<2e54>-.55 G<6869732072756c6573657420697320616e2065>-5 E<78616d706c6520
-616e642073686f756c642070726f6261626c79206e6f74206265207573656420696e2070
-726f64756374696f6e2e>-.15 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-42 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(client.host.name $| client.host.address)172 96 Q(where)132 112.2 Q F0
+($|)4.016 E F1 1.517(is a metacharacter separating the tw)4.017 F 4.017
+(op)-.1 G 4.017(arts. This)-4.017 F 1.517
+(ruleset can reject connections)4.017 F .323(from v)132 124.2 R .323
+(arious locations.)-.25 F .322
+(Note that it only checks the connecting SMTP client IP address and)
+5.322 F 3.463(hostname. It)132 136.2 R .963
+(does not check for third party message relaying.)3.463 F(The)5.963 E/F2
+10/Times-Italic@0 SF -.15(ch)3.463 G(ec).15 E(k_r)-.2 E(cpt)-.37 E F1
+.964(ruleset dis-)3.463 F(cussed belo)132 148.2 Q 2.5(wu)-.25 G
+(sually does third party message relay checking.)-2.5 E F0 2.5
+(5.1.4.2. check_mail)117 172.2 R F1(The)157 188.4 Q F2 -.15(ch)3.723 G
+(ec).15 E(k_mail)-.2 E F1 1.223
+(ruleset is passed the user name parameter of the)3.723 F/F3 9
+/Times-Roman@0 SF 1.222(SMTP MAIL)3.723 F F1(com-)3.722 E 2.5(mand. It)
+132 200.4 R(can accept or reject the address.)2.5 E F0 2.5
+(5.1.4.3. check_r)117 224.4 R(cpt)-.18 E F1(The)157 240.6 Q F2 -.15(ch)
+3.917 G(ec).15 E(k_r)-.2 E(cpt)-.37 E F1 1.417
+(ruleset is passed the user name parameter of the)3.917 F F3 1.418
+(SMTP RCPT)3.917 F F1(com-)3.918 E 2.5(mand. It)132 252.6 R
+(can accept or reject the address.)2.5 E F0 2.5(5.1.4.4. check_data)117
+276.6 R F1(The)157 292.8 Q F2 -.15(ch)3.246 G(ec).15 E(k_data)-.2 E F1
+.746(ruleset is called after the)3.246 F F3 .746(SMTP D)3.246 F -1.089
+-.999(AT A)-.36 H F1 .745(command, its parameter is the)4.245 F
+(number of recipients.)132 304.8 Q(It can accept or reject the command.)
+5 E F0 2.5(5.1.4.5. check_compat)117 328.8 R F1(The)157 345 Q F2 -.15
+(ch)2.5 G(ec).15 E(k_compat)-.2 E F1(ruleset is passed)2.5 E(sender)172
+361.2 Q(-address $| recipient-address)-.2 E(where)132 377.4 Q F0($|)
+3.725 E F1 1.225(is a metacharacter separating the addresses.)3.725 F
+1.225(It can accept or reject mail transfer)6.225 F 2.386
+(between these tw)132 389.4 R 4.886(oa)-.1 G 2.386(ddresses much lik)
+-4.886 F 4.885(et)-.1 G(he)-4.885 E F2 -.15(ch)4.885 G(ec).15 E
+(kcompat\(\))-.2 E F1 4.885(function. Note:)4.885 F 2.385(while other)
+4.885 F F2 -.15(ch)132 401.4 S(ec).15 E(k_*)-.2 E F1 1.99
+(rulesets are in)4.49 F -.2(vo)-.4 G -.1(ke).2 G 4.49(dd).1 G 1.99
+(uring the SMTP mail receiption stage \(i.e., in the SMTP)-4.49 F(serv)
+132 413.4 Q(er\),)-.15 E F2 -.15(ch)2.5 G(ec).15 E(k_compat)-.2 E F1
+(is in)2.5 E -.2(vo)-.4 G -.1(ke).2 G 2.5(dd).1 G(uring the mail deli)
+-2.5 E -.15(ve)-.25 G(ry stage.).15 E F0 2.5(5.1.4.6. check_eoh)117
+437.4 R F1(The)157 453.6 Q F2 -.15(ch)2.5 G(ec).15 E(k_eoh)-.2 E F1
+(ruleset is passed)2.5 E(number)172 469.8 Q
+(-of-headers $| size-of-headers)-.2 E(where)132 486 Q F0($|)3.803 E F1
+1.303(is a metacharacter separating the numbers.)3.803 F 1.303
+(These numbers can be used for size)6.303 F .588(comparisons with the)
+132 498 R F0(arith)3.088 E F1 3.088(map. The)3.088 F .588
+(ruleset is triggered after all of the headers ha)3.088 F .888 -.15
+(ve b)-.2 H(een).15 E 3.262(read. It)132 510 R .762
+(can be used to correlate information g)3.262 F .761
+(athered from those headers using the)-.05 F F0(macr)3.261 E(o)-.18 E F1
+(storage map.)132 522 Q
+(One possible use is to check for a missing header)5 E 5(.F)-.55 G(or e)
+-5.15 E(xample:)-.15 E 0 Cg EP
%%Page: 43 39
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3433>195.86 E
-2.5<352e312e342e372e20636865636b5f656f6d>117 96 R/F1 10/Times-Roman@0 SF
-<546865>157 112.2 Q/F2 10/Times-Italic@0 SF -.15<6368>3.219 G<6563>.15 E
-<6b5f656f6d>-.2 E F1 .719<72756c657365742069732063616c6c6564206166746572
-2074686520656e64206f662061206d6573736167652c2069747320706172616d65746572
-20697320746865206d65732d>3.219 F<736167652073697a652e>132 124.2 Q<497420
-63616e20616363657074206f722072656a65637420746865206d6573736167652e>5 E
-F0 2.5<352e312e342e382e20636865636b5f657472>117 148.2 R<6e>-.15 E F1
-<546865>157 164.4 Q F2 -.15<6368>3.384 G<6563>.15 E<6b5f6574726e>-.2 E
-F1 .885<72756c65736574206973207061737365642074686520706172616d6574657220
-6f6620746865>3.384 F/F3 9/Times-Roman@0 SF .885<534d5450204554524e>3.385
-F F1 3.385<636f6d6d616e642e204974>3.385 F<63616e>3.385 E
-<616363657074206f722072656a6563742074686520636f6d6d616e642e>132 176.4 Q
-F0 2.5<352e312e342e392e20636865636b5f6578706e>117 200.4 R F1<546865>157
-216.6 Q F2 -.15<6368>3.615 G<6563>.15 E<6b5f65>-.2 E<78706e>-.2 E F1
-1.115<72756c6573657420697320706173736564207468652075736572206e616d652070
-6172616d65746572206f6620746865>3.615 F F3 1.114<534d5450204558504e>3.615
-F F1<636f6d2d>3.614 E 2.5<6d616e642e204974>132 228.6 R
-<63616e20616363657074206f722072656a6563742074686520616464726573732e>2.5
-E F0 2.5<352e312e342e31302e20636865636b5f76726679>117 252.6 R F1<546865>
-157 268.8 Q F2 -.15<6368>3.816 G<6563>.15 E<6b5f76726679>-.2 E F1 1.317<
-72756c6573657420697320706173736564207468652075736572206e616d652070617261
-6d65746572206f6620746865>3.816 F F3 1.317<534d54502056524659>3.817 F F1
-<636f6d2d>3.817 E 2.5<6d616e642e204974>132 280.8 R
-<63616e20616363657074206f722072656a6563742074686520636f6d6d616e642e>2.5
-E F0 2.5<352e312e342e31312e2074727573745f61757468>117 304.8 R F1<546865>
-157 321 Q F2<74727573745f61757468>3.045 E F1 .545
-<72756c6573657420697320706173736564207468652041>3.045 F .545
-<5554483d20706172616d65746572206f6620746865>-.55 F F3 .544
-<534d5450204d41494c>3.044 F F1<636f6d6d616e642e>3.044 E .635<4974206973
-207573656420746f2064657465726d696e65207768657468657220746869732076>132
-333 R .636<616c75652073686f756c6420626520747275737465642e20496e206f7264
-657220746f206d616b>-.25 F 3.136<6574>-.1 G .636
-<686973206465636973696f6e2c>-3.136 F .154
-<7468652072756c65736574206d6179206d616b>132 345 R 2.654<6575>-.1 G .154
-<7365206f66207468652076>-2.654 F<6172696f7573>-.25 E F0
-<247b617574685f2a7d>2.654 E F1 2.654<6d6163726f732e204966>2.654 F .153
-<7468652072756c6573657420646f6573207265736f6c76>2.654 F 2.653<6574>-.15
-G 2.653<6f74>-2.653 G<6865>-2.653 E .018
-<996572726f729a206d61696c6572207468652041>132 357 R .019<5554483d207061
-72616d65746572206973206e6f74207472757374656420616e642068656e6365206e6f74
-20706173736564206f6e20746f20746865206e65>-.55 F .019<78742072656c6179>
--.15 F<2e>-.65 E F0 2.5<352e312e342e31322e20746c735f636c69656e74>117 381
-R F1<546865>157 397.2 Q F2<746c735f636c69656e74>2.947 E F1 .447<72756c65
-7365742069732063616c6c6564207768656e2073656e646d61696c206163747320617320
-73657276>2.947 F<6572>-.15 E 2.947<2c61>-.4 G .447<667465722061205354>
--2.947 F<4152>-.93 E .446<54544c5320636f6d2d>-.6 F 1.045
-<6d616e6420686173206265656e206973737565642c20616e642066726f6d>132 409.2
-R F2 -.15<6368>3.545 G<6563>.15 E<6b5f6d61696c2e>-.2 E F1 1.045
-<54686520706172616d65746572206973207468652076>6.045 F 1.045
-<616c7565206f66>-.25 F F0<247b76>3.545 E<65726966797d>-.1 E F1<616e64>
-3.545 E<5354>132 421.2 Q<4152>-.93 E 1.704
-<54544c53206f72204d41494c2c207265737065637469>-.6 F -.15<7665>-.25 G
-<6c79>.15 E 6.704<2e49>-.65 G 4.204<6674>-6.704 G 1.704
-<68652072756c6573657420646f6573207265736f6c76>-4.204 F 4.204<6574>-.15 G
-4.204<6f74>-4.204 G 1.704<686520996572726f729a206d61696c6572>-4.204 F
-4.203<2c74>-.4 G<6865>-4.203 E<617070726f707269617465206572726f7220636f
-64652069732072657475726e656420746f2074686520636c69656e742e>132 433.2 Q
-F0 2.5<352e312e342e31332e20746c735f736572>117 457.2 R -.1<7665>-.1 G<72>
-.1 E F1<546865>157 473.4 Q F2<746c735f736572766572>3.053 E F1 .554<7275
-6c657365742069732063616c6c6564207768656e2073656e646d61696c20616374732061
-7320636c69656e742061667465722061205354>3.053 F<4152>-.93 E .554
-<54544c5320636f6d2d>-.6 F .05<6d616e64202873686f756c6429206861>132 485.4
-R .35 -.15<76652062>-.2 H .05<65656e206973737565642e>.15 F .049
-<54686520706172616d65746572206973207468652076>5.05 F .049
-<616c7565206f66>-.25 F F0<247b76>2.549 E<65726966797d>-.1 E F1 5.049
-<2e49>C 2.549<6674>-5.049 G .049<68652072756c6573657420646f6573>-2.549 F
-<7265736f6c76>132 497.4 Q 2.514<6574>-.15 G 2.514<6f74>-2.514 G .014
-<686520996572726f729a206d61696c6572>-2.514 F 2.514<2c74>-.4 G .014<6865
-20636f6e6e656374696f6e2069732061626f72746564202874726561746564206173206e
-6f6e2d64656c69>-2.514 F -.15<7665>-.25 G .015
-<7261626c652077697468206120706572>.15 F<2d>-.2 E
-<6d616e656e74206f722074656d706f72617279206572726f72292e>132 509.4 Q F0
-2.5<352e312e342e31342e20746c735f72>117 533.4 R<637074>-.18 E F1<546865>
-157 549.6 Q F2<746c735f72>4.075 E<637074>-.37 E F1 1.574<72756c65736574
-2069732063616c6c656420656163682074696d65206265666f7265206120524350542054>
-4.075 F 4.074<4f63>-.18 G 1.574<6f6d6d616e642069732073656e742e>-4.074 F
-<546865>6.574 E .102
-<706172616d65746572206973207468652063757272656e7420726563697069656e742e>
-132 561.6 R .102<4966207468652072756c6573657420646f6573207265736f6c76>
-5.102 F 2.602<6574>-.15 G 2.602<6f74>-2.602 G .102
-<686520996572726f729a206d61696c6572>-2.602 F 2.602<2c74>-.4 G .102
-<68652052435054>-2.602 F 2.749 -.18<544f2063>132 573.6 T 2.388<6f6d6d61
-6e642069732073757070726573736564202874726561746564206173206e6f6e2d64656c
-69>.18 F -.15<7665>-.25 G 2.388
-<7261626c6520776974682061207065726d616e656e74206f722074656d706f72617279>
-.15 F 3.027<6572726f72292e2054686973>132 585.6 R .527
-<72756c6573657420616c6c6f>3.027 F .528
-<777320746f207265717569726520656e6372797074696f6e206f722076>-.25 F .528
-<6572698c636174696f6e206f662074686520726563697069656e7427>-.15 F 3.028
-<734d>-.55 G 2.388 -.93<54412065>-3.028 H -.15<7665>.68 G<6e>.15 E .468
-<696620746865206d61696c20697320736f6d65686f>132 597.6 R 2.968<7772>-.25
-G .468<65646972656374656420746f20616e6f7468657220686f73742e>-2.968 F
--.15<466f>5.468 G 2.968<7265>.15 G .468
-<78616d706c652c2073656e64696e67206d61696c20746f>-3.118 F F2<6c756b>2.967
-E<6540656e642d>-.1 E<6d61696c2e6f72>132 609.6 Q<67>-.37 E F1 1.929
-<6d617920676574207265646972656374656420746f206120686f7374206e616d6564>
-4.429 F F2<64656174682e73746172>4.429 E F1 1.93
-<616e642068656e63652074686520746c735f73657276>4.429 F 1.93
-<65722072756c65736574>-.15 F -.1<776f>132 621.6 S<6e27>.1 E 3.003<7461>
--.18 G<70706c79>-3.003 E 5.503<2e42>-.65 G 3.003<7969>-5.503 G .502<6e74
-726f647563696e672070657220726563697069656e74207265737472696374696f6e7320
-737563682061747461636b732028652e672e2c2076696120444e532073706f6f8c6e6729>
--3.003 F<63616e206265206d61646520696d706f737369626c652e>132 633.6 Q
-<536565>5 E F2<63662f524541444d45>2.5 E F1<686f>2.5 E 2.5<7774>-.25 G
-<6869732072756c657365742063616e20626520757365642e>-2.5 E F0 2.5
-<352e312e342e31352e207372>117 657.6 R<765f666561747572>-.1 E<6573>-.18 E
-F1<546865>157 673.8 Q F2<7372765f666561747572>2.75 E<6573>-.37 E F1 .25<
-72756c657365742069732063616c6c656420776974682074686520636f6e6e656374696e
-6720636c69656e7427>2.75 F 2.75<7368>-.55 G .25
-<6f7374206e616d65207768656e206120636c69656e74>-2.75 F 1.512
-<636f6e6e6563747320746f2073656e646d61696c2e>132 685.8 R 1.512
-<546869732072756c657365742073686f756c642072657475726e>6.512 F F0<2423>
-4.011 E F1<666f6c6c6f>4.011 E 1.511
-<7765642062792061206c697374206f66206f7074696f6e73202873696e676c65>-.25 F
-2.16<636861726163746572732064656c696d6974656420627920776869746520737061
-6365292e>132 697.8 R 2.16<4966207468652072657475726e2076>7.16 F 2.16
-<616c756520737461727473207769746820616e>-.25 F 2.16
-<797468696e6720656c7365206974206973>-.15 F .267
-<73696c656e746c792069676e6f7265642e>132 709.8 R .267<47656e6572616c6c79
-20757070657220636173652063686172616374657273207475726e206f66>5.267 F
-2.767<666166>-.25 G .267<656174757265207768696c65206c6f>-2.767 F .267
-<7765722063617365206368617261632d>-.25 F 1.55
-<74657273207475726e206974206f6e2e>132 721.8 R 1.55
-<4f7074696f6e2060532720636175736573207468652073657276>6.55 F 1.55
-<6572206e6f7420746f206f66>-.15 F 1.55<666572205354>-.25 F<4152>-.93 E
-1.55<54544c532c2077686963682069732075736566756c20746f>-.6 F 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-43)195.86 E/F1 10/Times-Roman@0 SF(Kstorage macro)172 96 Q
+(HMessage-Id: $>CheckMessageId)172 108 Q(SCheckMessageId)172 132 Q 2.5
+(#R)172 144 S(ecord the presence of the header)-2.5 E 88.83(R$* $:)172
+156 R($\(storage {MessageIdCheck} $@ OK $\) $1)2.5 E(R< $+ @ $+ >)172
+168 Q($@ OK)49.56 E 88.83(R$* $#error)172 180 R($: 553 Header Error)2.5
+E(Scheck_eoh)172 204 Q 2.5(#C)172 216 S(heck the macro)-2.5 E 88.83
+(R$* $:)172 228 R 2.5(<$)2.5 G(&{MessageIdCheck} >)-2.5 E 2.5(#C)172 240
+S(lear the macro for the ne)-2.5 E(xt message)-.15 E 88.83(R$* $:)172
+252 R($\(storage {MessageIdCheck} $\) $1)2.5 E 2.5(#H)172 264 S
+(as a Message-Id: header)-2.5 E(R< $+ >)172 276 Q($@ OK)74.41 E 2.5(#A)
+172 288 S(llo)-2.5 E 2.5(wm)-.25 G(issing Message-Id: from local mail)
+-2.5 E 88.83(R$* $:)172 300 R 2.5(<$)2.5 G(&{client_name} >)-2.5 E(R< >)
+172 312 Q($@ OK)87.55 E(R< $=w >)172 324 Q($@ OK)67.19 E 2.5(#O)172 336
+S(therwise, reject the mail)-2.5 E 88.83(R$* $#error)172 348 R
+($: 553 Header Error)2.5 E -.25(Ke)132 364.2 S .459(ep in mind the Mess\
+age-Id: header is not a required header and is not a guaranteed spam).25
+F(indicator)132 376.2 Q 5(.T)-.55 G(his ruleset is an e)-5 E
+(xample and should probably not be used in production.)-.15 E F0 2.5
+(5.1.4.7. check_eom)117 400.2 R F1(The)157 416.4 Q/F2 10/Times-Italic@0
+SF -.15(ch)3.219 G(ec).15 E(k_eom)-.2 E F1 .719(ruleset is called after\
+ the end of a message, its parameter is the mes-)3.219 F(sage size.)132
+428.4 Q(It can accept or reject the message.)5 E F0 2.5
+(5.1.4.8. check_etr)117 452.4 R(n)-.15 E F1(The)157 468.6 Q F2 -.15(ch)
+3.384 G(ec).15 E(k_etrn)-.2 E F1 .885
+(ruleset is passed the parameter of the)3.384 F/F3 9/Times-Roman@0 SF
+.885(SMTP ETRN)3.385 F F1 3.385(command. It)3.385 F(can)3.385 E
+(accept or reject the command.)132 480.6 Q F0 2.5(5.1.4.9. check_expn)
+117 504.6 R F1(The)157 520.8 Q F2 -.15(ch)3.615 G(ec).15 E(k_e)-.2 E
+(xpn)-.2 E F1 1.115(ruleset is passed the user name parameter of the)
+3.615 F F3 1.114(SMTP EXPN)3.615 F F1(com-)3.614 E 2.5(mand. It)132
+532.8 R(can accept or reject the address.)2.5 E F0 2.5
+(5.1.4.10. check_vrfy)117 556.8 R F1(The)157 573 Q F2 -.15(ch)3.816 G
+(ec).15 E(k_vrfy)-.2 E F1 1.317
+(ruleset is passed the user name parameter of the)3.816 F F3 1.317
+(SMTP VRFY)3.817 F F1(com-)3.817 E 2.5(mand. It)132 585 R
+(can accept or reject the command.)2.5 E F0 2.5(5.1.4.11. trust_auth)117
+609 R F1(The)157 625.2 Q F2(trust_auth)3.045 E F1 .545
+(ruleset is passed the A)3.045 F .545(UTH= parameter of the)-.55 F F3
+.544(SMTP MAIL)3.044 F F1(command.)3.044 E .635
+(It is used to determine whether this v)132 637.2 R .636
+(alue should be trusted. In order to mak)-.25 F 3.136(et)-.1 G .636
+(his decision,)-3.136 F .154(the ruleset may mak)132 649.2 R 2.654(eu)
+-.1 G .154(se of the v)-2.654 F(arious)-.25 E F0(${auth_*})2.654 E F1
+2.654(macros. If)2.654 F .153(the ruleset does resolv)2.654 F 2.653(et)
+-.15 G 2.653(ot)-2.653 G(he)-2.653 E .018(\231error\232 mailer the A)132
+661.2 R .019
+(UTH= parameter is not trusted and hence not passed on to the ne)-.55 F
+.019(xt relay)-.15 F(.)-.65 E F0 2.5(5.1.4.12. tls_client)117 685.2 R F1
+(The)157 701.4 Q F2(tls_client)2.947 E F1 .447
+(ruleset is called when sendmail acts as serv)2.947 F(er)-.15 E 2.947
+(,a)-.4 G .447(fter a ST)-2.947 F(AR)-.93 E .446(TTLS com-)-.6 F 1.045
+(mand has been issued, and from)132 713.4 R F2 -.15(ch)3.545 G(ec).15 E
+(k_mail.)-.2 E F1 1.045(The parameter is the v)6.045 F 1.045(alue of)
+-.25 F F0(${v)3.545 E(erify})-.1 E F1(and)3.545 E(ST)132 725.4 Q(AR)-.93
+E 1.704(TTLS or MAIL, respecti)-.6 F -.15(ve)-.25 G(ly).15 E 6.704(.I)
+-.65 G 4.204(ft)-6.704 G 1.704(he ruleset does resolv)-4.204 F 4.204(et)
+-.15 G 4.204(ot)-4.204 G 1.704(he \231error\232 mailer)-4.204 F 4.203
+(,t)-.4 G(he)-4.203 E 0 Cg EP
%%Page: 44 40
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d34342053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 1.865<696e7465726163742077697468204d54>132 96 R
-<41732f4d55>-.93 E 1.865<41732074686174206861>-.4 F 2.165 -.15<76652062>
--.2 H<726f6b>.15 E 1.865<656e205354>-.1 F<4152>-.93 E 1.865
-<54544c5320696d706c656d656e746174696f6e732062792073696d706c79206e6f74>
--.6 F<6f66>132 108 Q 2.115<666572696e672069742e>-.25 F 2.115
-<605627207475726e73206f66>7.115 F 4.616<6674>-.25 G 2.116<68652072657175
-65737420666f72206120636c69656e742063657274698c6361746520647572696e672074
-686520544c532068616e647368616b>-4.616 F<652e>-.1 E .149
-<4f7074696f6e732060>132 120 R 2.369 -1.11<41272061>-.8 H .149
-<6e642060502720737570707265737320534d54502041>1.11 F .148
-<55544820616e6420504950454c494e494e472c207265737065637469>-.55 F -.15
-<7665>-.25 G<6c79>.15 E 5.148<2e60>-.65 G .148
-<6327206973207468652065717569>-5.148 F<762d>-.25 E 1.768<616c656e742074
-6f20417574684f7074696f6e733d702c20692e652e2c20697420646f65736e27>132 132
-R 4.268<7470>-.18 G 1.768<65726d6974206d656368616e69736d7320737573636570
-7469626c6520746f2073696d706c65207061737369>-4.268 F -.15<7665>-.25 G
-1.13<61747461636b2028652e672e2c20504c41494e2c204c4f47494e292c20756e6c65
-73732061207365637572697479206c617965722069732061637469>132 144 R -.15
-<7665>-.25 G 6.13<2e4f>.15 G 1.13
-<7074696f6e20606c2720726571756972657320534d5450>-6.13 F -.55<4155>132
-156 S 2.123<544820666f72206120636f6e6e656374696f6e2e>.55 F 2.123<4f7074
-696f6e73202742272c202744272c202745272c20616e6420275827207375707072657373
-20534d545020564552422c2044534e2c>7.123 F
-<4554524e2c20616e64204558504e2c207265737065637469>132 168 Q -.15<7665>
--.25 G<6c79>.15 E<2e>-.65 E 37.78<4144>172 184.2 S 2.5<6f6e>-37.78 G
-<6f74206f66>-2.5 E<6665722041>-.25 E<555448>-.55 E 40.56<614f>172 196.2
-S -.25<6666>-40.56 G<65722041>.25 E<5554482028646566>-.55 E<61756c7429>
--.1 E 38.33<4244>172 208.2 S 2.5<6f6e>-38.33 G<6f74206f66>-2.5 E
-<6665722056455242>-.25 E 40<624f>172 220.2 S -.25<6666>-40 G
-<657220564552422028646566>.25 E<61756c7429>-.1 E 38.33<4344>172 232.2 S
-2.5<6f6e>-38.33 G
-<6f742072657175697265207365637572697479206c6179657220666f72>-2.5 E
-<706c61696e7465>217 244.2 Q<78742041>-.15 E<5554482028646566>-.55 E
-<61756c7429>-.1 E 40.56<6352>172 256.2 S
-<657175697265207365637572697479206c6179657220666f7220706c61696e7465>
--40.56 E<78742041>-.15 E<555448>-.55 E 37.78<4444>172 268.2 S 2.5<6f6e>
--37.78 G<6f74206f66>-2.5 E<6665722044534e>-.25 E 40<644f>172 280.2 S
--.25<6666>-40 G<65722044534e2028646566>.25 E<61756c7429>-.1 E 38.89
-<4544>172 292.2 S 2.5<6f6e>-38.89 G<6f74206f66>-2.5 E<666572204554524e>
--.25 E 40.56<654f>172 304.2 S -.25<6666>-40.56 G
-<6572204554524e2028646566>.25 E<61756c7429>-.1 E 38.89<4c44>172 316.2 S
-2.5<6f6e>-38.89 G<6f7420726571756972652041>-2.5 E<5554482028646566>-.55
-E<61756c7429>-.1 E 42.22<6c52>172 328.2 S<6571756972652041>-42.22 E
-<555448>-.55 E 39.44<5044>172 340.2 S 2.5<6f6e>-39.44 G<6f74206f66>-2.5
-E<66657220504950454c494e494e47>-.25 E 40<704f>172 352.2 S -.25<6666>-40
-G<657220504950454c494e494e472028646566>.25 E<61756c7429>-.1 E 39.44
-<5344>172 364.2 S 2.5<6f6e>-39.44 G<6f74206f66>-2.5 E<666572205354>-.25
-E<4152>-.93 E<54544c53>-.6 E 41.11<734f>172 376.2 S -.25<6666>-41.11 G
-<6572205354>.25 E<4152>-.93 E<54544c532028646566>-.6 E<61756c7429>-.1 E
-37.78<5644>172 388.2 S 2.5<6f6e>-37.78 G
-<6f742072657175657374206120636c69656e742063657274698c63617465>-2.5 E 40
-<7652>172 400.2 S
-<657175657374206120636c69656e742063657274698c636174652028646566>-40 E
-<61756c7429>-.1 E 37.78<5844>172 412.2 S 2.5<6f6e>-37.78 G<6f74206f66>
--2.5 E<666572204558504e>-.25 E 40<784f>172 424.2 S -.25<6666>-40 G
-<6572204558504e2028646566>.25 E<61756c7429>-.1 E .205
-<4e6f74653a2074686520656e7472696573206d61726b>132 440.4 R .205
-<65642061732060>-.1 F<6028646566>-.74 E<61756c742927>-.1 E 2.705<276d>
--.74 G .204<61792072657175697265207468617420736f6d6520636f6e8c6775726174
-696f6e20686173206265656e206d6164652c>-2.705 F .406
-<652e672e2c20534d54502041>132 452.4 R .407<555448206973206f6e6c792061>
--.55 F -.25<7661>-.2 G .407
-<696c61626c652069662070726f7065726c7920636f6e8c67757265642e>.25 F
-<4d6f72656f>5.407 E -.15<7665>-.15 G 1.207 -.4<722c206d>.15 H<616e>.4 E
-2.907<796f>-.15 G .407<7074696f6e732063616e206265>-2.907 F .054<6368616e
-676564206f6e206120676c6f62616c20626173697320766961206f746865722073657474
-696e67732061732065>132 464.4 R .054<78706c61696e656420696e20746869732064
-6f63756d656e742c20652e672e2c20766961204461656d6f6e2d>-.15 F
-<506f72744f7074696f6e732e>132 476.4 Q .88<5468652072756c65736574206d6179
-2072657475726e2060242374656d702720746f20696e6469636174652074686174207468
-65726520697320612074656d706f726172792070726f626c656d206465746572>157
-492.6 R<2d>-.2 E 1.623<6d696e696e672074686520636f7272656374206665617475
-7265732c20652e672e2c2069662061206d617020697320756e61>132 504.6 R -.25
-<7661>-.2 G 4.123<696c61626c652e20496e>.25 F 1.622
-<7468617420636173652c2074686520534d54502073657276>4.122 F<6572>-.15 E
-<69737375657320612074656d706f726172792066>132 516.6 Q
-<61696c75726520616e6420646f6573206e6f742061636365707420656d61696c2e>-.1
-E F0 2.5<352e312e342e31362e207472795f746c73>117 540.6 R F1<546865>157
-556.8 Q/F2 10/Times-Italic@0 SF<7472795f746c73>3.563 E F1 1.063<72756c65
-7365742069732063616c6c6564207768656e2073656e646d61696c20636f6e6e65637473
-20746f20616e6f74686572204d54>3.563 F 3.563<412e204966>-.93 F 1.064
-<7468652072756c65736574>3.563 F 1.153<646f6573207265736f6c76>132 568.8 R
-3.653<6574>-.15 G 3.653<6f74>-3.653 G 1.153
-<686520996572726f729a206d61696c6572>-3.653 F 3.653<2c73>-.4 G 1.153
-<656e646d61696c20646f6573206e6f7420747279205354>-3.653 F<4152>-.93 E
-1.152<54544c532065>-.6 F -.15<7665>-.25 G 3.652<6e69>.15 G 3.652<6669>
--3.652 G 3.652<7469>-3.652 G 3.652<736f>-3.652 G -.25<6666>-3.652 G
-<657265642e>.25 E
-<546869732069732075736566756c20746f206465616c2077697468205354>132 580.8
-Q<4152>-.93 E<54544c5320696e7465726f7065726162696c6974792069737375657320
-62792073696d706c79206e6f74207573696e672069742e>-.6 E F0 2.5
-<352e312e342e31372e20746c735f7372>117 604.8 R<765f666561747572>-.1 E
-<657320616e6420746c735f636c745f666561747572>-.18 E<6573>-.18 E F1
-<546865>157 621 Q F2<746c735f636c745f666561747572>2.871 E<6573>-.37 E F1
-.372<72756c657365742069732063616c6c6564207768656e2073656e646d61696c2063
-6f6e6e6563747320746f20616e6f74686572204d54>2.871 F 2.872<4161>-.93 G
-.372<6e6420746865>-2.872 F F2<746c735f7372765f666561747572>132 633 Q
-<6573>-.37 E F1 .436<72756c657365742069732063616c6c6564207768656e206120
-636c69656e7420636f6e6e6563747320746f>2.936 F F2<73656e646d61696c>2.935 E
-F1 5.435<2e54>C .435<6865206172>-5.435 F .435
-<67756d656e747320666f7220746865>-.18 F 1.872<72756c65736574732061726520
-74686520686f7374206e616d6520616e642049502061646472657373206f662074686520
-6f74686572207369646520736570617261746564206279>132 645 R F0<247c>4.372 E
-F1 1.872<2877686963682069732061>4.372 F 3.593
-<6d657461636861726163746572292e20546865>132 657 R 3.593<7973>-.15 G
-1.093<686f756c642072657475726e2061206c697374206f66>-3.593 F F2 -.1<6b65>
-3.592 G<793d76616c7565>-.2 E F1 1.092
-<7061697273207365706172617465642062792073656d69636f6c6f6e733b20746865>
-3.592 F .552<6c6973742063616e20626520656d707479206966206e6f206f7074696f
-6e732073686f756c64206265206170706c69656420746f2074686520636f6e6e65637469
-6f6e2e>132 669 R -1.27 -.74<41762061>5.553 H .553<696c61626c65206b>.74 F
--.15<6579>-.1 G 3.053<7361>.15 G .553<726520616e64>-3.053 F
-<746865697220616c6c6f>132 681 Q<7765642076>-.25 E<616c756573206172653a>
--.25 E<4f7074696f6e73>132 697.2 Q 3.977<4163>146.4 709.2 S 1.477<6f6d6d
-6120736570617261746564206c697374206f662053534c2072656c61746564206f707469
-6f6e732e>-3.977 F<536565>6.476 E F2<53657276657253534c4f7074696f6e73>
-3.976 E F1<616e64>3.976 E F2<436c69656e7453532d>3.976 E
-<4c4f7074696f6e73>146.4 721.2 Q F1 2.519
-<666f722064657461696c732c2061732077656c6c206173>5.019 F F2
-<53534c5f7365745f6f7074696f6e73>5.019 E F1 2.519
-<28332920616e64206e6f746520746869732077>B 2.52
-<61726e696e673a204f7074696f6e73>-.1 F 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-44 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(appropriate error code is returned to the client.)132 96 Q F0 2.5
+(5.1.4.13. tls_ser)117 120 R -.1(ve)-.1 G(r).1 E F1(The)157 136.2 Q/F2
+10/Times-Italic@0 SF(tls_server)3.053 E F1 .554
+(ruleset is called when sendmail acts as client after a ST)3.053 F(AR)
+-.93 E .554(TTLS com-)-.6 F .05(mand \(should\) ha)132 148.2 R .35 -.15
+(ve b)-.2 H .05(een issued.).15 F .049(The parameter is the v)5.05 F
+.049(alue of)-.25 F F0(${v)2.549 E(erify})-.1 E F1 5.049(.I)C 2.549(ft)
+-5.049 G .049(he ruleset does)-2.549 F(resolv)132 160.2 Q 2.514(et)-.15
+G 2.514(ot)-2.514 G .014(he \231error\232 mailer)-2.514 F 2.514(,t)-.4 G
+.014(he connection is aborted \(treated as non-deli)-2.514 F -.15(ve)
+-.25 G .015(rable with a per).15 F(-)-.2 E(manent or temporary error\).)
+132 172.2 Q F0 2.5(5.1.4.14. tls_r)117 196.2 R(cpt)-.18 E F1(The)157
+212.4 Q F2(tls_r)4.075 E(cpt)-.37 E F1 1.574
+(ruleset is called each time before a RCPT T)4.075 F 4.074(Oc)-.18 G
+1.574(ommand is sent.)-4.074 F(The)6.574 E .102
+(parameter is the current recipient.)132 224.4 R .102
+(If the ruleset does resolv)5.102 F 2.602(et)-.15 G 2.602(ot)-2.602 G
+.102(he \231error\232 mailer)-2.602 F 2.602(,t)-.4 G .102(he RCPT)-2.602
+F 2.749 -.18(TO c)132 236.4 T 2.388
+(ommand is suppressed \(treated as non-deli).18 F -.15(ve)-.25 G 2.388
+(rable with a permanent or temporary).15 F 3.027(error\). This)132 248.4
+R .527(ruleset allo)3.027 F .528(ws to require encryption or v)-.25 F
+.528(eri\214cation of the recipient')-.15 F 3.028(sM)-.55 G 2.388 -.93
+(TA e)-3.028 H -.15(ve).68 G(n).15 E .468(if the mail is someho)132
+260.4 R 2.968(wr)-.25 G .468(edirected to another host.)-2.968 F -.15
+(Fo)5.468 G 2.968(re).15 G .468(xample, sending mail to)-3.118 F F2(luk)
+2.967 E(e@end-)-.1 E(mail.or)132 272.4 Q(g)-.37 E F1 1.929
+(may get redirected to a host named)4.429 F F2(death.star)4.429 E F1
+1.93(and hence the tls_serv)4.429 F 1.93(er ruleset)-.15 F -.1(wo)132
+284.4 S(n').1 E 3.003(ta)-.18 G(pply)-3.003 E 5.503(.B)-.65 G 3.003(yi)
+-5.503 G .502(ntroducing per recipient restrictions such attacks \(e.g.\
+, via DNS spoo\214ng\))-3.003 F(can be made impossible.)132 296.4 Q(See)
+5 E F2(cf/README)2.5 E F1(ho)2.5 E 2.5(wt)-.25 G
+(his ruleset can be used.)-2.5 E F0 2.5(5.1.4.15. sr)117 320.4 R
+(v_featur)-.1 E(es)-.18 E F1(The)157 336.6 Q F2(srv_featur)2.75 E(es)
+-.37 E F1 .25(ruleset is called with the connecting client')2.75 F 2.75
+(sh)-.55 G .25(ost name when a client)-2.75 F 1.512
+(connects to sendmail.)132 348.6 R 1.512(This ruleset should return)
+6.512 F F0($#)4.011 E F1(follo)4.011 E 1.511
+(wed by a list of options \(single)-.25 F 2.16
+(characters delimited by white space\).)132 360.6 R 2.16
+(If the return v)7.16 F 2.16(alue starts with an)-.25 F 2.16
+(ything else it is)-.15 F .267(silently ignored.)132 372.6 R .267
+(Generally upper case characters turn of)5.267 F 2.767(faf)-.25 G .267
+(eature while lo)-2.767 F .267(wer case charac-)-.25 F .049
+(ters turn it on.)132 384.6 R .049(Option `S' causes the serv)5.049 F
+.049(er not to of)-.15 F .05(fer ST)-.25 F(AR)-.93 E .05
+(TTLS, which is useful to inter)-.6 F(-)-.2 E .23(act with MT)132 396.6
+R(As/MU)-.93 E .229(As that ha)-.4 F .529 -.15(ve b)-.2 H(rok).15 E .229
+(en ST)-.1 F(AR)-.93 E .229(TTLS implementations by simply not of)-.6 F
+(fering)-.25 E 3.362(it. `V')132 408.6 R .862(turns of)3.362 F 3.362(ft)
+-.25 G .863
+(he request for a client certi\214cate during the TLS handshak)-3.362 F
+3.363(e. Options)-.1 F -.8(`A)3.363 G(')-.31 E 2.036
+(and `P' suppress SMTP A)132 420.6 R 2.036(UTH and PIPELINING, respecti)
+-.55 F -.15(ve)-.25 G(ly).15 E 7.036(.`)-.65 G 2.036(c' is the equi)
+-7.036 F -.25(va)-.25 G 2.035(lent to).25 F .229
+(AuthOptions=p, i.e., it doesn')132 432.6 R 2.729(tp)-.18 G .229
+(ermit mechanisms susceptible to simple passi)-2.729 F .529 -.15(ve a)
+-.25 H .23(ttack \(e.g.,).15 F .93
+(PLAIN, LOGIN\), unless a security layer is acti)132 444.6 R -.15(ve)
+-.25 G 5.93(.O).15 G .93(ption `l' requires SMTP A)-5.93 F .93
+(UTH for a)-.55 F 5.03(connection. Options)132 456.6 R 2.531
+('B', 'D', 'E', and 'X' suppress SMTP VERB, DSN, ETRN, and)5.03 F
+(EXPN, respecti)132 468.6 Q -.15(ve)-.25 G(ly).15 E(.)-.65 E 0 Cg EP
%%Page: 45 41
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3435>195.86 E
-/F1 10/Times-Roman@0 SF
-<616c726561647920736574206265666f726520617265206e6f7420636c656172656421>
-146.4 96 Q<4369706865724c697374>132 112.2 Q .195
-<5370656369667920636970686572206c69737420666f72205354>146.4 124.2 R
-<4152>-.93 E .194<54544c532c20736565>-.6 F/F2 10/Times-Italic@0 SF
-<636970686572>2.694 E<73>-.1 E F1 .194
-<28312920666f7220706f737369626c652076>B 2.694<616c7565732e2054686973>
--.25 F -.15<6f7665>2.694 G .194<72726964657320746865>.15 F<676c6f62616c>
-146.4 136.2 Q F2<4369706865724c697374>2.5 E F1
-<666f72207468652073657373696f6e2e>2.5 E<4365727446696c65>132 152.4 Q
-<46696c6520636f6e7461696e696e6720612063657274698c636174652e>146.4 164.4
-Q -2.15 -.25<4b652079>132 180.6 T<46696c65>.25 E
-<46696c6520636f6e7461696e696e672074686520707269>146.4 192.6 Q -.25<7661>
--.25 G<7465206b>.25 E .3 -.15<65792066>-.1 H
-<6f72207468652063657274698c636174652e>.15 E<4578616d706c653a>132 208.8 Q
-<53746c735f7372765f6665617475726573>172 225 Q<52242a20247c2031302e242b>
-172 237 Q<243a206369706865726c6973743d48494748>56.19 E<4e6f7465733a>132
-257.4 Q .402<4572726f727320696e2074686573652066656174757265732028652e67
-2e2c20756e6b6e6f>157 273.6 R .402<776e206b>-.25 F -.15<6579>-.1 G 2.902
-<736f>.15 G 2.902<7269>-2.902 G -1.95 -.4<6e762061>-2.902 H .402
-<6c69642076>.4 F .402
-<616c7565732920617265206c6f6767656420616e642074686520637572>-.25 F<2d>
--.2 E 2.362<72656e742073657373696f6e2069732061626f7274656420746f2061>132
-285.6 R -.2<766f>-.2 G 2.362<6964207573696e67205354>.2 F<4152>-.93 E
-2.361
-<54544c53207769746820666561747572657320746861742073686f756c64206861>-.6
-F 2.661 -.15<76652062>-.2 H<65656e>.15 E<6368616e6765642e>132 297.6 Q
-<546865206b>157 313.8 Q -.15<6579>-.1 G 2.5<7361>.15 G
-<726520636173652d696e73656e73697469>-2.5 E -.15<7665>-.25 G<2e>.15 E
-<426f7468>157 330 Q F2<4365727446>2.5 E<696c65>-.45 E F1<616e64>2.5 E F2
--2.1 -.35<4b652079>2.5 H -.45<4669>.35 G<6c65>.45 E F1<6d75737420626520
-73706563698c656420746f6765746865723b2073706563696679696e67206f6e6c79206f
-6e6520697320616e206572726f72>2.5 E<2e>-.55 E 2.054<54686573652072756c65
-736574732072657175697265207468652073656e646d61696c2062696e61727920746f20
-62652062>157 346.2 R 2.054
-<75696c742077697468205f4646525f544c535f53455f4f505453>-.2 F
-<656e61626c6564202873656520746865202246>132 358.2 Q
-<6f72204675747572652052656c65617365222073656374696f6e292e>-.15 E F0 2.5
-<352e312e342e31382e2061757468696e66>117 382.2 R<6f>-.25 E F1<546865>157
-398.4 Q F2<61757468696e666f>3.05 E F1 .549<72756c657365742069732063616c
-6c6564207768656e2073656e646d61696c20747269657320746f2061757468656e746963
-61746520746f20616e6f74686572204d54>3.05 F 3.049<412e204974>-.93 F .843
-<73686f756c642072657475726e>132 410.4 R F0<2423>3.343 E F1<666f6c6c6f>
-3.343 E .843<7765642062792061206c697374206f6620746f6b>-.25 F .844
-<656e73207468617420617265207573656420666f7220534d54502041>-.1 F 3.344
-<5554482e204966>-.55 F .844<7468652072657475726e>3.344 F -.25<7661>132
-422.4 S 1.304<6c756520737461727473207769746820616e>.25 F 1.304
-<797468696e6720656c73652069742069732073696c656e746c792069676e6f7265642e>
--.15 F 1.304<4561636820746f6b>6.304 F 1.303
-<656e20697320612074616767656420737472696e67206f6620746865>-.1 F<666f726d
-3a20225444737472696e67222028696e636c7564696e67207468652071756f746573292c
-207768657265>132 434.4 Q 38.89<5454>172 450.6 S
-<61672077686963682064657363726962657320746865206974656d>-39.69 E 37.78
-<4444>172 462.6 S<656c696d697465723a20273a272073696d706c65207465>-37.78
-E<787420666f6c6c6f>-.15 E<7773>-.25 E
-<273d2720737472696e672069732062617365363420656e636f646564>217 474.6 Q
-19.72<737472696e672056>172 486.6 R<616c7565206f6620746865206974656d>
--1.11 E -1.11<5661>132 502.8 S<6c69642076>1.11 E
-<616c75657320666f722074686520746167206172653a>-.25 E 37.78<5575>172 519
-S<7365722028617574686f72697a6174696f6e29206964>-37.78 E 41.67<4961>172
-531 S<757468656e7469636174696f6e206964>-41.67 E 39.44<5070>172 543 S
-<61737377>-39.44 E<6f7264>-.1 E 38.33<5272>172 555 S<65616c6d>-38.33 E
-36.11<4d6c>172 567 S<697374206f66206d656368616e69736d732064656c696d6974
-656420627920737061636573>-36.11 E .323<496620746869732072756c6573657420
-69732064658c6e65642c20746865206f7074696f6e>132 583.2 R F0
-<44656661756c7441>2.823 E<757468496e66>-.5 E<6f>-.25 E F1 .323
-<69732069676e6f726564202865>2.823 F -.15<7665>-.25 G 2.824<6e69>.15 G
-2.824<6674>-2.824 G .324<68652072756c6573657420646f6573206e6f74>-2.824 F
-<72657475726e20612060>132 595.2 Q<6075736566756c27>-.74 E 2.5<2772>-.74
-G<6573756c74292e>-2.5 E F0 2.5<352e312e342e31392e2071756575656772>117
-619.2 R<6f7570>-.18 E F1<546865>157 635.4 Q F2<7175657565>3.919 E<6772>
--.4 E<6f7570>-.45 E F1 1.419<72756c65736574206973207573656420746f206d61
-70206120726563697069656e74206164647265737320746f20612071756575652067726f
-7570206e616d652e>3.919 F 1.197<54686520696e70757420666f7220746865207275
-6c65736574206973206120726563697069656e7420616464726573732061732073706563
-698c656420627920746865>132 647.4 R/F3 9/Times-Roman@0 SF 1.197
-<534d54502052435054>3.697 F F1<636f6d6d616e642e>3.697 E 1.307
-<5468652072756c657365742073686f756c642072657475726e>132 659.4 R F0<2423>
-3.807 E F1<666f6c6c6f>3.807 E 1.307
-<77656420627920746865206e616d65206f6620612071756575652067726f75702e>-.25
-F 1.306<4966207468652072657475726e2076>6.307 F<616c7565>-.25 E 1.24
-<737461727473207769746820616e>132 671.4 R 1.241
-<797468696e6720656c73652069742069732073696c656e746c792069676e6f7265642e>
--.15 F 1.241<536565207468652073656374696f6e2061626f75742060>6.241 F
-1.241<6051756575652047726f75707320616e64>-.74 F
-<5175657565204469726563746f7269657327>132 683.4 Q 2.5<2766>-.74 G
-<6f72206675727468657220696e666f726d6174696f6e2e>-2.5 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-45)195.86 E/F1 10/Times-Roman@0 SF 37.78(AD)172 96 S 2.5(on)
+-37.78 G(ot of)-2.5 E(fer A)-.25 E(UTH)-.55 E 40.56(aO)172 108 S -.25
+(ff)-40.56 G(er A).25 E(UTH \(def)-.55 E(ault\))-.1 E 38.33(BD)172 120 S
+2.5(on)-38.33 G(ot of)-2.5 E(fer VERB)-.25 E 40(bO)172 132 S -.25(ff)-40
+G(er VERB \(def).25 E(ault\))-.1 E 38.33(CD)172 144 S 2.5(on)-38.33 G
+(ot require security layer for)-2.5 E(plainte)217 156 Q(xt A)-.15 E
+(UTH \(def)-.55 E(ault\))-.1 E 40.56(cR)172 168 S
+(equire security layer for plainte)-40.56 E(xt A)-.15 E(UTH)-.55 E 37.78
+(DD)172 180 S 2.5(on)-37.78 G(ot of)-2.5 E(fer DSN)-.25 E 40(dO)172 192
+S -.25(ff)-40 G(er DSN \(def).25 E(ault\))-.1 E 38.89(ED)172 204 S 2.5
+(on)-38.89 G(ot of)-2.5 E(fer ETRN)-.25 E 40.56(eO)172 216 S -.25(ff)
+-40.56 G(er ETRN \(def).25 E(ault\))-.1 E 38.89(LD)172 228 S 2.5(on)
+-38.89 G(ot require A)-2.5 E(UTH \(def)-.55 E(ault\))-.1 E 42.22(lR)172
+240 S(equire A)-42.22 E(UTH)-.55 E 39.44(PD)172 252 S 2.5(on)-39.44 G
+(ot of)-2.5 E(fer PIPELINING)-.25 E 40(pO)172 264 S -.25(ff)-40 G
+(er PIPELINING \(def).25 E(ault\))-.1 E 39.44(SD)172 276 S 2.5(on)-39.44
+G(ot of)-2.5 E(fer ST)-.25 E(AR)-.93 E(TTLS)-.6 E 41.11(sO)172 288 S
+-.25(ff)-41.11 G(er ST).25 E(AR)-.93 E(TTLS \(def)-.6 E(ault\))-.1 E
+37.78(VD)172 300 S 2.5(on)-37.78 G(ot request a client certi\214cate)
+-2.5 E 40(vR)172 312 S(equest a client certi\214cate \(def)-40 E(ault\))
+-.1 E 37.78(XD)172 324 S 2.5(on)-37.78 G(ot of)-2.5 E(fer EXPN)-.25 E 40
+(xO)172 336 S -.25(ff)-40 G(er EXPN \(def).25 E(ault\))-.1 E .205
+(Note: the entries mark)132 352.2 R .205(ed as `)-.1 F(`\(def)-.74 E
+(ault\)')-.1 E 2.705('m)-.74 G .204
+(ay require that some con\214guration has been made,)-2.705 F .406
+(e.g., SMTP A)132 364.2 R .407(UTH is only a)-.55 F -.25(va)-.2 G .407
+(ilable if properly con\214gured.).25 F(Moreo)5.407 E -.15(ve)-.15 G
+1.207 -.4(r, m).15 H(an).4 E 2.907(yo)-.15 G .407(ptions can be)-2.907 F
+.054(changed on a global basis via other settings as e)132 376.2 R .054
+(xplained in this document, e.g., via Daemon-)-.15 F(PortOptions.)132
+388.2 Q .88(The ruleset may return `$#temp' to indicate that there is a\
+ temporary problem deter)157 404.4 R(-)-.2 E 1.623
+(mining the correct features, e.g., if a map is una)132 416.4 R -.25(va)
+-.2 G 4.123(ilable. In).25 F 1.622(that case, the SMTP serv)4.122 F(er)
+-.15 E(issues a temporary f)132 428.4 Q
+(ailure and does not accept email.)-.1 E F0 2.5(5.1.4.16. try_tls)117
+452.4 R F1(The)157 468.6 Q/F2 10/Times-Italic@0 SF(try_tls)3.563 E F1
+1.063(ruleset is called when sendmail connects to another MT)3.563 F
+3.563(A. If)-.93 F 1.064(the ruleset)3.563 F 1.153(does resolv)132 480.6
+R 3.653(et)-.15 G 3.653(ot)-3.653 G 1.153(he \231error\232 mailer)-3.653
+F 3.653(,s)-.4 G 1.153(endmail does not try ST)-3.653 F(AR)-.93 E 1.152
+(TTLS e)-.6 F -.15(ve)-.25 G 3.652(ni).15 G 3.652(fi)-3.652 G 3.652(ti)
+-3.652 G 3.652(so)-3.652 G -.25(ff)-3.652 G(ered.).25 E
+(This is useful to deal with ST)132 492.6 Q(AR)-.93 E
+(TTLS interoperability issues by simply not using it.)-.6 E F0 2.5
+(5.1.4.17. tls_sr)117 516.6 R(v_featur)-.1 E(es and tls_clt_featur)-.18
+E(es)-.18 E F1(The)157 532.8 Q F2(tls_clt_featur)2.871 E(es)-.37 E F1
+.372(ruleset is called when sendmail connects to another MT)2.871 F
+2.872(Aa)-.93 G .372(nd the)-2.872 F F2(tls_srv_featur)132 544.8 Q(es)
+-.37 E F1 .436(ruleset is called when a client connects to)2.936 F F2
+(sendmail)2.935 E F1 5.435(.T)C .435(he ar)-5.435 F .435
+(guments for the)-.18 F 1.872(rulesets are the host name and IP address\
+ of the other side separated by)132 556.8 R F0($|)4.372 E F1 1.872
+(\(which is a)4.372 F 3.593(metacharacter\). The)132 568.8 R 3.593(ys)
+-.15 G 1.093(hould return a list of)-3.593 F F2 -.1(ke)3.592 G(y=value)
+-.2 E F1 1.092(pairs separated by semicolons; the)3.592 F .552
+(list can be empty if no options should be applied to the connection.)
+132 580.8 R -1.27 -.74(Av a)5.553 H .553(ilable k).74 F -.15(ey)-.1 G
+3.053(sa).15 G .553(re and)-3.053 F(their allo)132 592.8 Q(wed v)-.25 E
+(alues are:)-.25 E(Options)132 609 Q 3.977(Ac)146.4 621 S 1.477
+(omma separated list of SSL related options.)-3.977 F(See)6.476 E F2
+(ServerSSLOptions)3.976 E F1(and)3.976 E F2(ClientSS-)3.976 E(LOptions)
+146.4 633 Q F1 2.519(for details, as well as)5.019 F F2(SSL_set_options)
+5.019 E F1 2.519(\(3\) and note this w)B 2.52(arning: Options)-.1 F
+(already set before are not cleared!)146.4 645 Q(CipherList)132 661.2 Q
+.222(Specify cipher list for ST)146.4 673.2 R(AR)-.93 E .222
+(TTLS \(does not apply to TLSv1.3\), see)-.6 F F2(cipher)2.721 E(s)-.1 E
+F1 .221(\(1\) for possi-)B(ble v)146.4 685.2 Q 2.5(alues. This)-.25 F
+-.15(ove)2.5 G(rrides the global).15 E F2(CipherList)2.5 E F1
+(for the session.)2.5 E(CertFile)132 701.4 Q
+(File containing a certi\214cate.)146.4 713.4 Q 0 Cg EP
%%Page: 46 42
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d34362053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-2.5<352e312e342e32302e206772>117 96 R<6565745f7061757365>-.18 E/F1 10
-/Times-Roman@0 SF<546865>157 112.2 Q/F2 10/Times-Italic@0 SF<6772>2.793
-E<6565745f7061757365>-.37 E F1 .292<72756c65736574206973207573656420746f
-20737065636966792074686520616d6f756e74206f662074696d6520746f207061757365
-206265666f72652073656e64696e67>2.793 F 1.226
-<74686520696e697469616c20534d545020323230206772656574696e672e>132 124.2
-R 1.226<496620616e>6.226 F 3.726<7974>-.15 G<726166>-3.726 E 1.226
-<8c63206973207265636569>-.25 F -.15<7665>-.25 G 3.726<6464>.15 G 1.226
-<7572696e6720746861742070617573652c20616e20534d545020353534>-3.726 F
-.295<72656a656374696f6e20726573706f6e7365206973206769>132 136.2 R -.15
-<7665>-.25 G 2.795<6e69>.15 G .295<6e7374656164206f66207468652032323020
-6772656574696e6720616e6420616c6c20534d545020636f6d6d616e6473206172652072
-656a6563746564>-2.795 F 1.488
-<647572696e67207468617420636f6e6e656374696f6e2e>132 148.2 R 1.488<546869
-732068656c70732070726f746563742073697465732066726f6d206f70656e2070726f78
-69657320616e6420534d545020736c616d6d6572732e>6.488 F .522
-<5468652072756c657365742073686f756c642072657475726e>132 160.2 R F0<2423>
-3.022 E F1<666f6c6c6f>3.022 E .521<77656420627920746865206e756d62657220
-6f66206d696c6c697365636f6e6473202874686f7573616e64746873206f662061207365
-632d>-.25 F .728<6f6e642920746f2070617573652e>132 172.2 R .728
-<4966207468652072657475726e2076>5.728 F .728
-<616c756520737461727473207769746820616e>-.25 F .728
-<797468696e6720656c7365206f72206973206e6f742061206e756d626572>-.15 F
-3.229<2c69>-.4 G 3.229<7469>-3.229 G 3.229<7373>-3.229 G<696c656e746c79>
--3.229 E 2.702<69676e6f7265642e204e6f74653a>132 184.2 R .202
-<746869732072756c65736574206973206e6f7420696e>2.702 F -.2<766f>-.4 G -.1
-<6b65>.2 G 2.702<6428>.1 G .202<616e642068656e63652074686520666561747572
-652069732064697361626c656429207768656e2074686520736d747073>-2.702 F
-1.224<28534d5450206f>132 196.2 R -.15<7665>-.15 G 3.724<7253>.15 G 1.224
-<534c2920697320757365642c20692e652e2c20746865>-3.724 F F2<73>3.724 E F1
-1.224
-<6d6f64698c65722069732073657420666f7220746865206461656d6f6e20766961>
-3.724 F F0<4461656d6f6e50>3.724 E<6f72744f702d>-.2 E<74696f6e73>132
-208.2 Q F1 2.5<2c62>C<65636175736520696e20746869732063617365207468652053
-534c2068616e647368616b>-2.5 E 2.5<6569>-.1 G 2.5<7370>-2.5 G<6572666f72
-6d6564206265666f726520746865206772656574696e672069732073656e742e>-2.5 E
-F0 2.5<352e312e352e20495043>102 232.2 R<6d61696c657273>2.5 E F1 1.333<53
-6f6d65207370656369616c2070726f63657373696e67206f636375727320696620746865
-2072756c65736574207a65726f207265736f6c76>142 248.4 R 1.332
-<657320746f20616e20495043206d61696c65722028746861742069732c2061>-.15 F
-1.178<6d61696c657220746861742068617320995b4950435d9a206c6973746564206173
-207468652050>117 260.4 R 1.179<61746820696e20746865>-.15 F F0<4d>3.679 E
-F1 1.179<636f6e8c6775726174696f6e206c696e652e>3.679 F 1.179
-<54686520686f7374206e616d6520706173736564>6.179 F 1.178
-<6166746572209924409a20686173204d582065>117 272.4 R 1.178
-<7870616e73696f6e20706572666f726d6564206966206e6f742064656c69>-.15 F
--.15<7665>-.25 G 1.178<72696e67207669612061206e616d656420736f636b>.15 F
-1.178<65743b2074686973206c6f6f6b7320746865>-.1 F<6e616d6520757020696e20
-444e5320746f208c6e6420616c7465726e6174652064656c69>117 284.4 Q -.15
-<7665>-.25 G<72792073697465732e>.15 E .441
-<54686520686f7374206e616d652063616e20616c736f2062652070726f>142 300.6 R
-.442<7669646564206173206120646f747465642071756164206f7220616e2049507636
-206164647265737320696e2073717561726520627261636b2d>-.15 F
-<6574733b20666f722065>117 312.6 Q<78616d706c653a>-.15 E
-<5b3132382e33322e3134392e37385d>157 328.8 Q<6f72>117 345 Q
-<5b495076363a323030323a633061383a353164323a3a323366345d>157 361.2 Q
-<54686973206361757365732064697265637420636f6e>117 377.4 Q -.15<7665>-.4
-G<7273696f6e206f6620746865206e756d657269632076>.15 E
-<616c756520746f20616e20495020686f737420616464726573732e>-.25 E .214<5468
-6520686f7374206e616d652070617373656420696e20616674657220746865209924409a
-206d617920616c736f206265206120636f6c6f6e2d736570617261746564206c69737420
-6f6620686f7374732e>142 393.6 R<45616368>5.213 E .484
-<69732073657061726174656c79204d582065>117 405.6 R .484<7870616e64656420
-616e642074686520726573756c74732061726520636f6e636174656e6174656420746f20
-6d616b>-.15 F 2.985<6528>-.1 G .485
-<657373656e7469616c6c7929206f6e65206c6f6e67204d58>-2.985 F 3.465
-<6c6973742e20546865>117 417.6 R .964
-<696e74656e74206865726520697320746f20637265617465209966>3.465 F<616b>-.1
-E .964<659a204d58207265636f726473207468617420617265206e6f74207075626c69
-7368656420696e20444e5320666f7220707269>-.1 F -.25<7661>-.25 G<7465>.25 E
-<696e7465726e616c206e657477>117 429.6 Q<6f726b732e>-.1 E<41732061208c6e
-616c207370656369616c20636173652c2074686520686f7374206e616d652063616e2062
-652070617373656420696e2061732061207465>142 445.8 Q
-<787420737472696e6720696e2073717561726520627261636b>-.15 E<6574733a>-.1
-E<5b756362>157 462 Q -.25<7661>-.15 G<782e6265726b>.25 E<656c65>-.1 E
--.65<792e>-.15 G<6564755d>.65 E .312<5468697320666f726d2061>117 478.2 R
--.2<766f>-.2 G .312<69647320746865204d58206d617070696e672e>.2 F F0
-<4e2e422e3a>5.312 E F2 .313<5468697320697320696e74656e646564206f6e6c7920
-666f7220736974756174696f6e732077686572>2.812 F 2.813<6579>-.37 G .313
-<6f7520686176652061>-2.813 F .338<6e6574776f726b208c72>117 490.2 R -.15
-<6577>-.37 G .337<616c6c206f72206f7468657220686f737420746861742077696c6c
-20646f207370656369616c207072>.15 F .337<6f63657373696e6720666f7220616c6c
-20796f7572206d61696c2c20736f207468617420796f7572204d58>-.45 F -.37<7265>
-117 502.2 S<636f72>.37 E 3.958<6470>-.37 G 1.458
-<6f696e747320746f20612067617465>-3.958 F 1.458<776179206d6163>-.15 F
-1.458<68696e653b2074686973206d6163>-.15 F 1.459
-<68696e6520636f756c64207468656e20646f20646972>-.15 F 1.459
-<6563742064656c697665727920746f206d6163>-.37 F<68696e6573>-.15 E .09
-<77697468696e20796f7572206c6f63616c20646f6d61696e2e>117 514.2 R .09
-<557365206f66207468697320666561747572>5.09 F 2.59<6564>-.37 G<6972>-2.59
-E .09<6563746c792076696f6c617465732052464320313132332073656374696f6e2035
-2e332e353a2069742073686f756c64>-.37 F
-<6e6f742062652075736564206c696768746c79>117 526.2 Q<2e>-.55 E F0 2.5
-<352e322e2044>87 550.2 R 2.5<8a44>2.5 G<658c6e65204d616372>-2.5 E<6f>
--.18 E F1 .88<4d6163726f7320617265206e616d6564207769746820612073696e676c
-6520636861726163746572206f72207769746820612077>127 566.4 R .881
-<6f726420696e207b6272616365737d2e>-.1 F .881<546865206e616d65732060>
-5.881 F<607827>-.74 E 3.381<2761>-.74 G<6e64>-3.381 E -.74<6060>102
-578.4 S<7b787d27>.74 E 4.35<2764>-.74 G 1.85
-<656e6f7465207468652073616d65206d6163726f20666f722065>-4.35 F -.15<7665>
--.25 G 1.849<72792073696e676c65206368617261637465722060>.15 F<607827>
--.74 E 4.349<272e2053696e676c65>-.74 F 1.849
-<636861726163746572206e616d6573206d6179206265>4.349 F .172<73656c656374
-65642066726f6d2074686520656e74697265204153434949207365742c2062>102 590.4
-R .172<75742075736572>-.2 F .173<2d64658c6e6564206d6163726f732073686f75
-6c642062652073656c65637465642066726f6d2074686520736574206f66207570706572>
--.2 F .032<63617365206c657474657273206f6e6c79>102 602.4 R 5.032<2e4c>
--.65 G -.25<6f77>-5.032 G .031<65722063617365206c65747465727320616e6420
-7370656369616c2073796d626f6c7320617265207573656420696e7465726e616c6c79>
-.25 F 5.031<2e4c>-.65 G .031<6f6e67206e616d6573206265>-5.031 F
-<67696e6e696e67>-.15 E .326<776974682061206c6f>102 614.4 R .326<77657220
-63617365206c6574746572206f7220612070756e6374756174696f6e2063686172616374
-65722061726520726573657276>-.25 F .327
-<656420666f72207573652062792073656e646d61696c2c20736f2075736572>-.15 F
-<2d64658c6e6564>-.2 E
-<6c6f6e67206d6163726f206e616d65732073686f756c64206265>102 626.4 Q
-<67696e207769746820616e2075707065722063617365206c6574746572>-.15 E<2e>
--.55 E
-<5468652073796e74617820666f72206d6163726f2064658c6e6974696f6e732069733a>
-127 642.6 Q F0<44>142 658.8 Q F2 1.666<7876>C<616c>-1.666 E F1
-<7768657265>102 675 Q F2<78>3.069 E F1 .569<697320746865206e616d65206f66
-20746865206d6163726f20287768696368206d617920626520612073696e676c65206368
-61726163746572206f7220612077>3.069 F .568
-<6f726420696e206272616365732920616e64>-.1 F F2<76616c>3.068 E F1<6973>
-3.068 E .478<7468652076>102 687 R .478
-<616c75652069742073686f756c64206861>-.25 F -.15<7665>-.2 G 5.478<2e54>
-.15 G .478<686572652073686f756c64206265206e6f20737061636573206769>-5.478
-F -.15<7665>-.25 G 2.978<6e74>.15 G .479<68617420646f206e6f742061637475
-616c6c792062656c6f6e6720696e20746865206d6163726f>-2.978 F -.25<7661>102
-699 S<6c75652e>.25 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-46 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF -2.15
+-.25(Ke y)132 96 T(File).25 E(File containing the pri)146.4 108 Q -.25
+(va)-.25 G(te k).25 E .3 -.15(ey f)-.1 H(or the certi\214cate.).15 E
+(Flags)132 124.2 Q(Currently the only v)146.4 136.2 Q(alid \215ags are)
+-.25 E/F2 10/Times-Italic@0 SF(R)146.4 148.2 Q F1 1.828
+(to require a CRL for each encountered certi\214cate during v)4.328 F
+1.829(eri\214cation \(by def)-.15 F 1.829(ault a)-.1 F
+(missing CRL is ignored\),)146.4 160.2 Q F2(c)146.4 172.2 Q F1(and)3.33
+E F2(C)3.33 E F1 .829(which basically clears/sets the option)3.329 F F2
+(TLSF)3.329 E(allbac)-.75 E(ktoClear)-.2 E F1 .829
+(for just this session,)3.329 F(respecti)146.4 184.2 Q -.15(ve)-.25 G
+(ly).15 E(,)-.65 E F2(d)146.4 196.2 Q F1(to turn of)2.5 E 2.5(fD)-.25 G
+.001(ANE which is ob)-2.9 F .001(viously only v)-.15 F .001(alid for)
+-.25 F F2(tls_clt_featur)2.501 E(es)-.37 E F1 .001(and requires D)2.501
+F(ANE)-.4 E .705(to be compiled in.)146.4 208.2 R .704
+(This might be needed in case of a miscon\214guration, e.g., specifying)
+5.705 F(in)146.4 220.2 Q -.25(va)-.4 G(lid TLSA RRs.).25 E(Example:)132
+236.4 Q(Stls_srv_features)172 252.6 Q(R$* $| 10.$+)172 264.6 Q
+($: cipherlist=HIGH)56.19 E(Notes:)132 285 Q .402
+(Errors in these features \(e.g., unkno)157 301.2 R .402(wn k)-.25 F
+-.15(ey)-.1 G 2.902(so).15 G 2.902(ri)-2.902 G -1.95 -.4(nv a)-2.902 H
+.402(lid v).4 F .402(alues\) are logged and the cur)-.25 F(-)-.2 E 2.362
+(rent session is aborted to a)132 313.2 R -.2(vo)-.2 G 2.362
+(id using ST).2 F(AR)-.93 E 2.361(TTLS with features that should ha)-.6
+F 2.661 -.15(ve b)-.2 H(een).15 E(changed.)132 325.2 Q(The k)157 341.4 Q
+-.15(ey)-.1 G 2.5(sa).15 G(re case-insensiti)-2.5 E -.15(ve)-.25 G(.).15
+E(Both)157 357.6 Q F2(CertF)2.5 E(ile)-.45 E F1(and)2.5 E F2 -2.1 -.35
+(Ke y)2.5 H -.45(Fi).35 G(le).45 E F1
+(must be speci\214ed together; specifying only one is an error)2.5 E(.)
+-.55 E F0 2.5(5.1.4.18. authinf)117 381.6 R(o)-.25 E F1(The)157 397.8 Q
+F2(authinfo)3.049 E F1 .549
+(ruleset is called when sendmail tries to authenticate to another MT)
+3.049 F 3.05(A. It)-.93 F .844(should return)132 409.8 R F0($#)3.344 E
+F1(follo)3.344 E .844(wed by a list of tok)-.25 F .843
+(ens that are used for SMTP A)-.1 F 3.343(UTH. If)-.55 F .843
+(the return)3.343 F -.25(va)132 421.8 S 1.303(lue starts with an).25 F
+1.304(ything else it is silently ignored.)-.15 F 1.304(Each tok)6.304 F
+1.304(en is a tagged string of the)-.1 F
+(form: "TDstring" \(including the quotes\), where)132 433.8 Q 38.89(TT)
+172 450 S(ag which describes the item)-39.69 E 37.78(DD)172 462 S
+(elimiter: ':' simple te)-37.78 E(xt follo)-.15 E(ws)-.25 E
+('=' string is base64 encoded)217 474 Q 19.72(string V)172 486 R
+(alue of the item)-1.11 E -1.11(Va)132 502.2 S(lid v)1.11 E
+(alues for the tag are:)-.25 E 37.78(Uu)172 518.4 S
+(ser \(authorization\) id)-37.78 E 41.67(Ia)172 530.4 S
+(uthentication id)-41.67 E 39.44(Pp)172 542.4 S(assw)-39.44 E(ord)-.1 E
+38.33(Rr)172 554.4 S(ealm)-38.33 E 36.11(Ml)172 566.4 S
+(ist of mechanisms delimited by spaces)-36.11 E .324
+(If this ruleset is de\214ned, the option)132 582.6 R F0(DefaultA)2.823
+E(uthInf)-.5 E(o)-.25 E F1 .323(is ignored \(e)2.823 F -.15(ve)-.25 G
+2.823(ni).15 G 2.823(ft)-2.823 G .323(he ruleset does not)-2.823 F
+(return a `)132 594.6 Q(`useful')-.74 E 2.5('r)-.74 G(esult\).)-2.5 E F0
+2.5(5.1.4.19. queuegr)117 618.6 R(oup)-.18 E F1(The)157 634.8 Q F2
+(queue)3.918 E(gr)-.4 E(oup)-.45 E F1 1.419
+(ruleset is used to map a recipient address to a queue group name.)3.918
+F .434(The input for the ruleset is the recipient address \(i.e., the a\
+ddress part of the resolv)132 646.8 R .434(ed triple\))-.15 F 1.306
+(The ruleset should return)132 658.8 R F0($#)3.807 E F1(follo)3.807 E
+1.307(wed by the name of a queue group.)-.25 F 1.307(If the return v)
+6.307 F(alue)-.25 E 1.241(starts with an)132 670.8 R 1.241
+(ything else it is silently ignored.)-.15 F 1.241
+(See the section about `)6.241 F 1.24(`Queue Groups and)-.74 F
+(Queue Directories')132 682.8 Q 2.5('f)-.74 G(or further information.)
+-2.5 E 0 Cg EP
%%Page: 47 43
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3437>195.86 E
-/F1 10/Times-Roman@0 SF .494<4d6163726f732061726520696e746572706f6c6174
-6564207573696e672074686520636f6e737472756374>127 96 R F0<24>2.994 E/F2
-10/Times-Italic@0 SF<78>A F1 2.994<2c77>C<68657265>-2.994 E F2<78>2.994
-E F1 .494<697320746865206e616d65206f6620746865206d6163726f20746f20626520
-696e746572>2.994 F<2d>-.2 E 2.932<706f6c617465642e2054686973>102 108 R
-.432<696e746572706f6c6174696f6e20697320646f6e65207768656e2074686520636f
-6e8c6775726174696f6e208c6c6520697320726561642c2065>2.932 F .433
-<786365707420696e>-.15 F F0<4d>2.933 E F1 2.933<6c696e65732e20546865>
-2.933 F<7370652d>2.933 E<6369616c20636f6e737472756374>102 120 Q F0<2426>
-2.5 E F2<78>A F1<63616e206265207573656420696e>2.5 E F0<52>2.5 E F1<6c69
-6e657320746f2067657420646566657272656420696e746572706f6c6174696f6e2e>2.5
-E<436f6e646974696f6e616c732063616e2062652073706563698c6564207573696e6720
-7468652073796e7461783a>127 136.2 Q<243f78207465>142 152.4 Q
-<78743120247c207465>-.15 E<78743220242e>-.15 E 1.562
-<5468697320696e746572706f6c61746573>102 168.6 R F2<7465>4.062 E<787431>
--.2 E F1 1.562<696620746865206d6163726f>4.062 F F0<2478>4.062 E F1 1.562
-<69732073657420616e64206e6f6e2d6e756c6c2c20616e64>4.062 F F2<7465>4.062
-E<787432>-.2 E F1 4.062<6f74686572776973652e20546865>4.062 F 1.561
-<99656c73659a2028>4.061 F F0<247c>A F1<29>A
-<636c61757365206d6179206265206f6d69747465642e>102 180.6 Q 1.302
-<54686520666f6c6c6f>127 196.8 R 1.302<77696e67206d6163726f73206172652064
-658c6e656420616e642f6f72207573656420696e7465726e616c6c79206279>-.25 F F2
-<73656e646d61696c>3.803 E F1 1.303
-<666f7220696e746572706f6c6174696f6e20696e746f>3.803 F<6172>102 210.8 Q
-<677627>-.18 E 2.793<7366>-.55 G .293
-<6f72206d61696c657273206f7220666f72206f7468657220636f6e7465>-2.793 F
-2.793<7874732e20546865>-.15 F .293<6f6e6573206d61726b>2.793 F .292<6564
-20872061726520696e666f726d6174696f6e2070617373656420696e746f2073656e646d
-61696c>-.1 F/F3 7/Times-Roman@0 SF<3136>-4 I F1<2c>4 I .035
-<746865206f6e6573206d61726b>102 222.8 R .036<656420882061726520696e666f
-726d6174696f6e2070617373656420626f746820696e20616e64206f7574206f66207365
-6e646d61696c2c20616e642074686520756e6d61726b>-.1 F .036
-<6564206d6163726f7320617265>-.1 F
-<706173736564206f7574206f662073656e646d61696c2062>102 234.8 Q<7574206172
-65206e6f74206f7468657277697365207573656420696e7465726e616c6c79>-.2 E 5
-<2e54>-.65 G<68657365206d6163726f73206172653a>-5 E 13.06<246120546865>
-102 251 R
-<6f726967696e6174696f6e206461746520696e205246432038323220666f726d61742e>
-2.5 E<546869732069732065>5 E
-<78747261637465642066726f6d2074686520446174653a206c696e652e>-.15 E 12.5
-<246220546865>102 267.2 R
-<63757272656e74206461746520696e205246432038323220666f726d61742e>2.5 E
-13.06<246320546865>102 283.4 R .003<686f7020636f756e742e>2.503 F .003<54
-686973206973206120636f756e74206f6620746865206e756d626572206f662052656365
-69>5.003 F -.15<7665>-.25 G .002<643a206c696e657320706c7573207468652076>
-.15 F .002<616c7565206f6620746865>-.25 F F0<ad68>2.502 E F1<636f6d2d>
-2.502 E<6d616e64206c696e65208d61672e>127 295.4 Q 12.5<246420546865>102
-311.6 R<63757272656e74206461746520696e20554e495820286374696d652920666f72
-6d61742e>2.5 E 8.06<24658720284f62736f6c6574653b>102 327.8 R 1.814<7573
-6520536d74704772656574696e674d657373616765206f7074696f6e20696e7374656164
-2e29>4.314 F 1.814<54686520534d545020656e747279206d6573736167652e>6.814
-F 1.814<54686973206973>6.814 F .632
-<7072696e746564206f7574207768656e20534d5450207374617274732075702e>127
-339.8 R .631<546865208c7273742077>5.631 F .631
-<6f7264206d75737420626520746865>-.1 F F0<246a>3.131 E F1 .631
-<6d6163726f2061732073706563698c656420627920524643>3.131 F 2.97
-<3832312e20446566>127 351.8 R .47<61756c747320746f2099246a2053656e646d61
-696c2024762072656164792061742024629a2e>-.1 F .47<436f6d6d6f6e6c79207265
-64658c6e656420746f20696e636c7564652074686520636f6e8c67752d>5.47 F
-<726174696f6e2076>127 363.8 Q<657273696f6e206e756d626572>-.15 E 2.5
-<2c65>-.4 G<2e672e2c2099246a2053656e646d61696c2024762f245a20726561647920
-61742024629a>-2.5 E 14.17<246620546865>102 380 R<656e>2.5 E -.15<7665>
--.4 G<6c6f70652073656e646572202866726f6d2920616464726573732e>.15 E 12.5
-<246720546865>102 396.2 R .018
-<73656e64657220616464726573732072656c617469>2.518 F .318 -.15<76652074>
--.25 H 2.518<6f74>.15 G .018<686520726563697069656e742e>-2.518 F -.15
-<466f>5.018 G 2.518<7265>.15 G .017<78616d706c652c206966>-2.668 F F0
-<2466>2.517 E F1 .017<69732099666f6f9a2c>2.517 F F0<2467>2.517 E F1 .017
-<77696c6c2062652099686f737421666f6f9a2c>2.517 F
-<99666f6f40686f73742e646f6d61696e9a2c206f72207768617465>127 408.2 Q -.15
-<7665>-.25 G 2.5<7269>.15 G 2.5<7361>-2.5 G
-<7070726f70726961746520666f7220746865207265636569>-2.5 E
-<76696e67206d61696c6572>-.25 E<2e>-.55 E 12.5<246820546865>102 424.4 R
-<726563697069656e7420686f73742e>2.5 E<546869732069732073657420696e207275
-6c6573657420302066726f6d20746865202440208c656c64206f66206120706172736564
-20616464726573732e>5 E 14.72<246920546865>102 440.6 R
-<71756575652069642c20652e672e2c2099663334344d5878703031383731379a2e>2.5
-E 9.72<246a8820546865>102 456.8 R<996f66>2.746 E .247
-<8c6369616c9a20646f6d61696e206e616d6520666f72207468697320736974652e>-.25
-F .247<546869732069732066756c6c79207175616c698c656420696620746865206675
-6c6c207175616c698c636174696f6e2063616e206265>5.247 F 3.094
-<666f756e642e204974>127 468.8 R F2<6d757374>3.094 E F1 .593<626520726564
-658c6e656420746f206265207468652066756c6c79207175616c698c656420646f6d6169
-6e206e616d6520696620796f75722073797374656d206973206e6f7420636f6e2d>3.094
-F<8c677572656420736f207468617420696e666f726d6174696f6e2063616e208c6e6420
-6974206175746f6d61746963616c6c79>127 480.8 Q<2e>-.65 E 12.5
-<246b20546865>102 497 R<55554350206e6f6465206e616d65202866726f6d20746865
-20756e616d652073797374656d2063616c6c292e>2.5 E 9.72
-<246c8720284f62736f6c6574653b>102 513.2 R 1.281
-<75736520556e697846726f6d4c696e65206f7074696f6e20696e73746561642e29>
-3.781 F 1.282
-<54686520666f726d6174206f662074686520554e49582066726f6d206c696e652e>
-6.282 F<556e6c657373>6.282 E 1.41<796f75206861>127 525.2 R 1.71 -.15
-<76652063>-.2 H 1.409<68616e6765642074686520554e4958206d61696c626f782066
-6f726d61742c20796f752073686f756c64206e6f74206368616e67652074686520646566>
-.15 F 1.409<61756c742c207768696368206973>-.1 F
-<9946726f6d2024672024649a2e>127 537.2 Q 9.72<246d20546865>102 553.4 R
-.718<646f6d61696e2070617274206f6620746865>3.218 F F2 -.1<6765>3.218 G
-<74686f73746e616d65>.1 E F1 .718<72657475726e2076>3.218 F 3.219
-<616c75652e20556e646572>-.25 F .719
-<6e6f726d616c2063697263756d7374616e6365732c>3.219 F F0<246a>3.219 E F1
-.719<69732065717569>3.219 F<762d>-.25 E<616c656e7420746f>127 565.4 Q F0
-<2477>2.5 E<2e246d>-.7 E F1<2e>A 7.5<246e8720546865>102 581.6 R<6e616d65
-206f6620746865206461656d6f6e2028666f72206572726f72206d65737361676573292e>
-2.5 E<446566>5 E<61756c747320746f20994d41494c45522d44>-.1 E
-<41454d4f4e9a2e>-.4 E 7.5<246f8720284f62736f6c6574653a>102 597.8 R .651
-<757365204f70657261746f724368617273206f7074696f6e20696e73746561642e29>
-3.151 F .651<54686520736574206f6620996f70657261746f72739a20696e20616464
-7265737365732e>5.651 F 3.15<416c>5.65 G .65<697374206f66>-3.15 F .581<63
-6861726163746572732077686963682077696c6c20626520636f6e736964657265642074
-6f6b>127 609.8 R .582
-<656e7320616e642077686963682077696c6c20736570617261746520746f6b>-.1 F
-.582<656e73207768656e20646f696e6720706172732d>-.1 F 3.278<696e672e2046>
-127 621.8 R .778<6f722065>-.15 F .778
-<78616d706c652c2069662099409a207765726520696e20746865>-.15 F F0<246f>
-3.278 E F1 .777
-<6d6163726f2c207468656e2074686520696e70757420996140629a2077>3.278 F .777
-<6f756c64206265207363616e6e6564206173>-.1 F .627<746872656520746f6b>127
-633.8 R .627<656e733a2099612c>-.1 F 3.127<9a99>-.7 G<402c>-3.127 E 3.127
-<9a61>-.7 G .627<6e64209962>-3.127 F 4.527 -.7<2e9a2044>-.4 H<6566>.7 E
-.628<61756c747320746f20992e3a405b5d9a2c20776869636820697320746865206d69
-6e696d756d20736574206e656365737361727920746f>-.1 F .856<646f205246432038
-32322070617273696e673b20612072696368657220736574206f66206f70657261746f72
-7320697320992e3a2540212f5b5d9a2c207768696368206164647320737570706f727420
-666f722055554350>127 645.8 R<2c>-1.11 E
-<74686520252d6861636b2c20616e6420582e343030206164647265737365732e>127
-657.8 Q .32 LW 76 678.8 72 678.8 DL 80 678.8 76 678.8 DL 84 678.8 80
-678.8 DL 88 678.8 84 678.8 DL 92 678.8 88 678.8 DL 96 678.8 92 678.8 DL
-100 678.8 96 678.8 DL 104 678.8 100 678.8 DL 108 678.8 104 678.8 DL 112
-678.8 108 678.8 DL 116 678.8 112 678.8 DL 120 678.8 116 678.8 DL 124
-678.8 120 678.8 DL 128 678.8 124 678.8 DL 132 678.8 128 678.8 DL 136
-678.8 132 678.8 DL 140 678.8 136 678.8 DL 144 678.8 140 678.8 DL 148
-678.8 144 678.8 DL 152 678.8 148 678.8 DL 156 678.8 152 678.8 DL 160
-678.8 156 678.8 DL 164 678.8 160 678.8 DL 168 678.8 164 678.8 DL 172
-678.8 168 678.8 DL 176 678.8 172 678.8 DL 180 678.8 176 678.8 DL 184
-678.8 180 678.8 DL 188 678.8 184 678.8 DL 192 678.8 188 678.8 DL 196
-678.8 192 678.8 DL 200 678.8 196 678.8 DL 204 678.8 200 678.8 DL 208
-678.8 204 678.8 DL 212 678.8 208 678.8 DL 216 678.8 212 678.8 DL/F4 5
-/Times-Roman@0 SF<3136>93.6 689.2 Q/F5 8/Times-Roman@0 SF
-<4173206f662076>3.2 I
-<657273696f6e20382e362c20616c6c206f66207468657365206d6163726f73206861>
--.12 E .24 -.12<76652072>-.16 H<6561736f6e61626c6520646566>.12 E 2
-<61756c74732e20507265>-.08 F<76696f75732076>-.2 E
-<657273696f6e73207265717569726564207468617420746865>-.12 E 2<7962>-.12 G
-2<6564>-2 G<658c6e65642e>-2 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-47)195.86 E 2.5(5.1.4.20. gr)117 96 R(eet_pause)-.18 E/F1 10
+/Times-Roman@0 SF(The)157 112.2 Q/F2 10/Times-Italic@0 SF(gr)2.792 E
+(eet_pause)-.37 E F1 .292
+(ruleset is used to specify the amount of time to pause before sending)
+2.792 F 1.226(the initial SMTP 220 greeting.)132 124.2 R 1.226(If an)
+6.226 F 3.726(yt)-.15 G(raf)-3.726 E 1.226(\214c is recei)-.25 F -.15
+(ve)-.25 G 3.726(dd).15 G 1.226(uring that pause, an SMTP 554)-3.726 F
+.295(rejection response is gi)132 136.2 R -.15(ve)-.25 G 2.795(ni).15 G
+.295(nstead of the 220 greeting and all SMTP commands are rejected)
+-2.795 F 1.489(during that connection.)132 148.2 R 1.488
+(This helps protect sites from open proxies and SMTP slammers.)6.489 F
+.521(The ruleset should return)132 160.2 R F0($#)3.021 E F1(follo)3.021
+E .522(wed by the number of milliseconds \(thousandths of a sec-)-.25 F
+.729(ond\) to pause.)132 172.2 R .729(If the return v)5.729 F .728
+(alue starts with an)-.25 F .728(ything else or is not a number)-.15 F
+3.228(,i)-.4 G 3.228(ti)-3.228 G 3.228(ss)-3.228 G(ilently)-3.228 E
+3.767(ignored. Note:)132 184.2 R 1.268(this ruleset is not in)3.767 F
+-.2(vo)-.4 G -.1(ke).2 G 3.768(d\().1 G 1.268
+(and hence the feature is disabled\) when smtps)-3.768 F 1.224(\(SMTP o)
+132 196.2 R -.15(ve)-.15 G 3.724(rS).15 G 1.224(SL\) is used, i.e., the)
+-3.724 F F2(s)3.724 E F1 1.224(modi\214er is set for the daemon via)
+3.724 F F0(DaemonP)3.724 E(ortOp-)-.2 E(tions)132 208.2 Q F1 2.5(,b)C
+(ecause in this case the SSL handshak)-2.5 E 2.5(ei)-.1 G 2.5(sp)-2.5 G
+(erformed before the greeting is sent.)-2.5 E F0 2.5(5.1.5. IPC)102
+232.2 R(mailers)2.5 E F1 1.332
+(Some special processing occurs if the ruleset zero resolv)142 248.4 R
+1.333(es to an IPC mailer \(that is, a)-.15 F 1.179
+(mailer that has \231[IPC]\232 listed as the P)117 260.4 R 1.179
+(ath in the)-.15 F F0(M)3.679 E F1 1.179(con\214guration line.)3.679 F
+1.178(The host name passed)6.178 F 1.178(after \231$@\232 has MX e)117
+272.4 R 1.178(xpansion performed if not deli)-.15 F -.15(ve)-.25 G 1.178
+(ring via a named sock).15 F 1.178(et; this looks the)-.1 F
+(name up in DNS to \214nd alternate deli)117 284.4 Q -.15(ve)-.25 G
+(ry sites.).15 E .442(The host name can also be pro)142 300.6 R .442
+(vided as a dotted quad or an IPv6 address in square brack-)-.15 F
+(ets; for e)117 312.6 Q(xample:)-.15 E([128.32.149.78])157 328.8 Q(or)
+117 345 Q([IPv6:2002:c0a8:51d2::23f4])157 361.2 Q
+(This causes direct con)117 377.4 Q -.15(ve)-.4 G
+(rsion of the numeric v).15 E(alue to an IP host address.)-.25 E .708(T\
+he host name passed in after the \231$@\232 may also be a colon or comm\
+a separated list of)142 393.6 R 3.428(hosts. Each)117 405.6 R .928
+(is separately MX e)3.428 F .928
+(xpanded and the results are concatenated to mak)-.15 F 3.427(e\()-.1 G
+(essentially\))-3.427 E 1.281(one long MX list.)117 417.6 R 1.281
+(Hosts separated by a comma ha)6.281 F 1.581 -.15(ve t)-.2 H 1.282
+(he same MX preference, and for each).15 F 1.136
+(colon separated host the MX preference is increased.)117 429.6 R 1.136
+(The intent here is to create \231f)6.136 F(ak)-.1 E 1.136(e\232 MX)-.1
+F(records that are not published in DNS for pri)117 441.6 Q -.25(va)-.25
+G(te internal netw).25 E(orks.)-.1 E
+(As a \214nal special case, the host name can be passed in as a te)142
+457.8 Q(xt string in square brack)-.15 E(ets:)-.1 E([ucb)157 474 Q -.25
+(va)-.15 G(x.berk).25 E(ele)-.1 E -.65(y.)-.15 G(edu]).65 E .312
+(This form a)117 490.2 R -.2(vo)-.2 G .312(ids the MX mapping.).2 F F0
+(N.B.:)5.312 E F2 .313(This is intended only for situations wher)2.812 F
+2.813(ey)-.37 G .313(ou have a)-2.813 F .338(network \214r)117 502.2 R
+-.15(ew)-.37 G .337(all or other host that will do special pr).15 F .337
+(ocessing for all your mail, so that your MX)-.45 F -.37(re)117 514.2 S
+(cor).37 E 3.958(dp)-.37 G 1.458(oints to a gate)-3.958 F 1.458(way mac)
+-.15 F 1.458(hine; this mac)-.15 F 1.459(hine could then do dir)-.15 F
+1.459(ect delivery to mac)-.37 F(hines)-.15 E .09
+(within your local domain.)117 526.2 R .09(Use of this featur)5.09 F
+2.59(ed)-.37 G(ir)-2.59 E .09
+(ectly violates RFC 1123 section 5.3.5: it should)-.37 F
+(not be used lightly)117 538.2 Q(.)-.55 E F0 2.5(5.2. D)87 562.2 R 2.5
+<8a44>2.5 G(e\214ne Macr)-2.5 E(o)-.18 E F1 .88
+(Macros are named with a single character or with a w)127 578.4 R .881
+(ord in {braces}.)-.1 F .881(The names `)5.881 F(`x')-.74 E 3.381('a)
+-.74 G(nd)-3.381 E -.74(``)102 590.4 S({x}').74 E 4.35('d)-.74 G 1.85
+(enote the same macro for e)-4.35 F -.15(ve)-.25 G 1.849
+(ry single character `).15 F(`x')-.74 E 4.349('. Single)-.74 F 1.849
+(character names may be)4.349 F .172
+(selected from the entire ASCII set, b)102 602.4 R .172(ut user)-.2 F
+.173(-de\214ned macros should be selected from the set of upper)-.2 F
+.032(case letters only)102 614.4 R 5.032(.L)-.65 G -.25(ow)-5.032 G .031
+(er case letters and special symbols are used internally).25 F 5.031(.L)
+-.65 G .031(ong names be)-5.031 F(ginning)-.15 E .326(with a lo)102
+626.4 R .326(wer case letter or a punctuation character are reserv)-.25
+F .327(ed for use by sendmail, so user)-.15 F(-de\214ned)-.2 E
+(long macro names should be)102 638.4 Q(gin with an upper case letter)
+-.15 E(.)-.55 E(The syntax for macro de\214nitions is:)127 654.6 Q F0(D)
+142 670.8 Q F2 1.666(xv)C(al)-1.666 E F1(where)102 687 Q F2(x)3.069 E F1
+.569(is the name of the macro \(which may be a single character or a w)
+3.069 F .568(ord in braces\) and)-.1 F F2(val)3.068 E F1(is)3.068 E .478
+(the v)102 699 R .478(alue it should ha)-.25 F -.15(ve)-.2 G 5.478(.T)
+.15 G .478(here should be no spaces gi)-5.478 F -.15(ve)-.25 G 2.978(nt)
+.15 G .479(hat do not actually belong in the macro)-2.978 F -.25(va)102
+711 S(lue.).25 E 0 Cg EP
%%Page: 48 44
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d34382053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 12.5<24702053656e646d61696c27>102 96 R 2.5<7370>
--.55 G<726f636573732069642e>-2.5 E 7.5<24718720446566>102 112.2 R .403
-<61756c7420666f726d6174206f662073656e64657220616464726573732e>-.1 F
-<546865>5.403 E F0<2471>2.903 E F1 .403
-<6d6163726f2073706563698c657320686f>2.903 F 2.903<7761>-.25 G 2.904
-<6e61>-2.903 G .404<6464726573732073686f756c642061707065617220696e2061>
--2.904 F 1.181<6d657373616765207768656e20697420697320646566>127 124.2 R
-3.681<61756c7465642e20446566>-.1 F 1.181
-<61756c747320746f20993c24673e9a2e>-.1 F 1.18<497420697320636f6d6d6f6e6c
-7920726564658c6e656420746f2062652099243f782478>6.181 F
-<3c24673e247c2467242e>127 136.2 Q 5<9a6f>-.7 G 2.5<7299>-5 G
-<2467243f782028247829242e>-2.5 E
-<9a2c20636f72726573706f6e64696e6720746f2074686520666f6c6c6f>-.7 E
-<77696e67207477>-.25 E 2.5<6f66>-.1 G<6f726d6174733a>-2.5 E
-<4572696320416c6c6d616e203c657269634043532e4265726b>167 152.4 Q<656c65>
--.1 E -.65<792e>-.15 G<4544553e>.65 E<657269634043532e4265726b>167 164.4
-Q<656c65>-.1 E -.65<792e>-.15 G<45445520284572696320416c6c6d616e29>.65 E
-/F2 10/Times-Italic@0 SF<53656e646d61696c>127 180.6 Q F1
-<70726f7065726c792071756f746573206e616d65732074686174206861>2.5 E .3
--.15<76652073>-.2 H<70656369616c206368617261637465727320696620746865208c
-72737420666f726d20697320757365642e>.15 E 14.17<24722050726f746f636f6c>
-102 196.8 R .976<7573656420746f207265636569>3.476 F 1.276 -.15<76652074>
--.25 H .976<6865206d6573736167652e>.15 F .976<5365742066726f6d20746865>
-5.976 F F0<ad70>3.476 E F1 .977
-<636f6d6d616e64206c696e65208d6167206f722062792074686520534d5450>3.476 F
-<73657276>127 208.8 Q<657220636f64652e>-.15 E 13.61
-<24732053656e64657227>102 225 R 3.947<7368>-.55 G 1.447
-<6f7374206e616d652e>-3.947 F 1.447<5365742066726f6d20746865>6.447 F F0
-<ad70>3.947 E F1 1.447<636f6d6d616e64206c696e65208d6167206f722062792074
-686520534d54502073657276>3.947 F 1.446<657220636f64652028696e>-.15 F<77
-6869636820636173652069742069732073657420746f207468652045484c4f2f48454c4f
-20706172616d65746572292e>127 237 Q 14.72<24742041>102 253.2 R 1.607<6e75
-6d6572696320726570726573656e746174696f6e206f66207468652063757272656e7420
-74696d6520696e2074686520666f726d617420595959594d4d444448486d6d2028342064
-69676974>4.106 F .576<7965617220313930302d393939392c2032206469676974206d
-6f6e74682030312d31322c2032206469676974206461792030312d33312c203220646967
-697420686f7572732030302d32332c2032206469676974206d696e75746573>127 265.2
-R<30302d3539292e>127 277.2 Q 12.5<247520546865>102 293.4 R
-<726563697069656e742075736572>2.5 E<2e>-.55 E 12.5<247620546865>102
-309.6 R -.15<7665>2.5 G<7273696f6e206e756d626572206f6620746865>.15 E F2
-<73656e646d61696c>2.5 E F1<62696e617279>2.5 E<2e>-.65 E 5.28
-<24778820546865>102 325.8 R
-<686f73746e616d65206f66207468697320736974652e>2.5 E<54686973206973207468
-6520726f6f74206e616d65206f66207468697320686f7374202862>5 E
-<7574207365652062656c6f>-.2 E 2.5<7766>-.25 G<6f72206361>-2.5 E -.15
-<7665>-.2 G<617473292e>.15 E 12.5<247820546865>102 342 R
-<66756c6c206e616d65206f66207468652073656e646572>2.5 E<2e>-.55 E 13.06
-<247a20546865>102 358.2 R
-<686f6d65206469726563746f7279206f662074686520726563697069656e742e>2.5 E
-12.5<245f20546865>102 374.4 R -.25<7661>2.5 G
-<6c6964617465642073656e64657220616464726573732e>.25 E<53656520616c736f>5
-E F0<247b636c69656e745f72>2.5 E<65736f6c76>-.18 E<657d>-.1 E F1<2e>A
-<247b616464725f747970657d>102 390.6 Q .802<5468652074797065206f66207468
-6520616464726573732077686963682069732063757272656e746c79206265696e672072
-65>127 402.6 R 3.303<7772697474656e2e2054686973>-.25 F .803
-<6d6163726f20636f6e7461696e7320757020746f207468726565>3.303 F .393<6368
-61726163746572732c20746865208c7273742069732065697468657220606527206f7220
-60682720666f7220656e>127 414.6 R -.15<7665>-.4 G .392<6c6f70652f68656164
-657220616464726573732c20746865207365636f6e6420697320612073706163652c2061
-6e64>.15 F<7468652074686972642069732065697468657220607327206f7220607227
-20666f722073656e6465722f726563697069656e7420616464726573732e>127 426.6 Q
-<247b616c675f626974737d>102 442.8 Q .242<546865206d6178696d756d206b>127
-454.8 R -.15<6579>-.1 G .243<6c656e6774682028696e206269747329206f662074
-68652073796d6d657472696320656e6372797074696f6e20616c676f726974686d207573
-656420666f72206120544c5320636f6e2d>.15 F 2.823
-<6e656374696f6e2e2054686973>127 466.8 R .322
-<6d6179206265206c657373207468616e20746865206566>2.823 F<6665637469>-.25
-E .622 -.15<7665206b>-.25 H -.15<6579>.05 G .322
-<6c656e6774682c2077686963682069732073746f72656420696e>.15 F F0
-<247b6369706865725f626974737d>2.822 E F1 2.822<2c66>C<6f72>-2.822 E -.74
-<6060>127 478.8 S -.15<6578>.74 G<706f727420636f6e74726f6c6c656427>.15 E
-2.5<2761>-.74 G<6c676f726974686d732e>-2.5 E
-<247b617574685f61757468656e7d>102 495 Q 1.222<54686520636c69656e7427>127
-507 R 3.722<7361>-.55 G 1.223<757468656e7469636174696f6e2063726564656e74
-69616c732061732064657465726d696e65642062792061757468656e7469636174696f6e
-20286f6e6c792073657420696620737563636573732d>-3.722 F 2.728
-<66756c292e20546865>127 519 R .227<666f726d617420646570656e6473206f6e20
-746865206d656368616e69736d20757365642c206974206d69676874206265206a757374
-206075736572272c206f72206075736572407265616c6d272c206f72>2.728 F
-<736f6d657468696e672073696d696c61722028534d54502041>127 531 Q
-<555448206f6e6c79292e>-.55 E<247b617574685f617574686f727d>102 547.2 Q
-1.301<54686520617574686f72697a6174696f6e206964656e74697479>127 559.2 R
-3.801<2c69>-.65 G 1.301<2e652e207468652041>-3.801 F 1.301
-<5554483d20706172616d65746572206f6620746865>-.55 F/F3 9/Times-Roman@0 SF
-1.302<534d5450204d41494c>3.801 F F1 1.302
-<636f6d6d616e64206966207375702d>3.802 F<706c6965642e>127 571.2 Q
-<247b617574685f747970657d>102 587.4 Q<546865206d656368616e69736d20757365
-6420666f7220534d54502061757468656e7469636174696f6e20286f6e6c792073657420
-6966207375636365737366756c292e>127 599.4 Q<247b617574685f7373667d>102
-615.6 Q .321<546865206b>127 627.6 R -.15<6579>-.1 G .321<6c656e67746820
-28696e206269747329206f66207468652073796d6d657472696320656e6372797074696f
-6e20616c676f726974686d207573656420666f7220746865207365637572697479206c61
-796572206f662061>.15 F<5341534c206d656368616e69736d2e>127 639.6 Q
-<247b626f6479747970657d>102 655.8 Q<546865206d65737361676520626f64792074
-797065202837424954206f7220384249544d494d45292c2061732064657465726d696e65
-642066726f6d2074686520656e>127 667.8 Q -.15<7665>-.4 G<6c6f70652e>.15 E
-<247b636572745f66707d>102 684 Q 2.288<546865208c6e6765727072696e74206f66
-207468652070726573656e7465642063657274698c6361746520285354>127 696 R
-<4152>-.93 E 2.288<54544c53206f6e6c79292e>-.6 F 2.289
-<4e6f74653a2074686973206d6163726f206973206f6e6c79>7.288 F .017
-<64658c6e656420696620746865206f7074696f6e>127 708 R F0
-<4365727446696e676572>2.517 E<7072696e74416c676f726974686d>-.1 E F1 .016
-<6973207365742c20696e2077686963682063617365207468652073706563698c656420
-8c6e6765727072696e74>2.517 F 1.076<616c676f726974686d20697320757365642e>
-127 720 R 1.077<5468652076>6.077 F 1.077<616c696420616c676f726974686d73
-20646570656e64206f6e20746865204f70656e53534c2076>-.25 F 1.077
-<657273696f6e2c2062>-.15 F 1.077<757420757375616c6c79206d64352c>-.2 F 0
-Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-48 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .494
+(Macros are interpolated using the construct)127 96 R F0($)2.994 E/F2 10
+/Times-Italic@0 SF(x)A F1 2.994(,w)C(here)-2.994 E F2(x)2.994 E F1 .494
+(is the name of the macro to be inter)2.994 F(-)-.2 E 2.932
+(polated. This)102 108 R .432
+(interpolation is done when the con\214guration \214le is read, e)2.932
+F .433(xcept in)-.15 F F0(M)2.933 E F1 2.933(lines. The)2.933 F(spe-)
+2.933 E(cial construct)102 120 Q F0($&)2.5 E F2(x)A F1(can be used in)
+2.5 E F0(R)2.5 E F1(lines to get deferred interpolation.)2.5 E
+(Conditionals can be speci\214ed using the syntax:)127 136.2 Q($?x te)
+142 152.4 Q(xt1 $| te)-.15 E(xt2 $.)-.15 E 1.562(This interpolates)102
+168.6 R F2(te)4.062 E(xt1)-.2 E F1 1.562(if the macro)4.062 F F0($x)
+4.062 E F1 1.562(is set and non-null, and)4.062 F F2(te)4.062 E(xt2)-.2
+E F1 4.062(otherwise. The)4.062 F 1.561(\231else\232 \()4.061 F F0($|)A
+F1(\))A(clause may be omitted.)102 180.6 Q 1.302(The follo)127 196.8 R
+1.302(wing macros are de\214ned and/or used internally by)-.25 F F2
+(sendmail)3.803 E F1 1.303(for interpolation into)3.803 F(ar)102 210.8 Q
+(gv')-.18 E 2.793(sf)-.55 G .293(or mailers or for other conte)-2.793 F
+2.793(xts. The)-.15 F .293(ones mark)2.793 F .292
+(ed \207 are information passed into sendmail)-.1 F/F3 7/Times-Roman@0
+SF(16)-4 I F1(,)4 I .035(the ones mark)102 222.8 R .036(ed \210 are inf\
+ormation passed both in and out of sendmail, and the unmark)-.1 F .036
+(ed macros are)-.1 F(passed out of sendmail b)102 234.8 Q
+(ut are not otherwise used internally)-.2 E 5(.T)-.65 G
+(hese macros are:)-5 E 13.06($a The)102 251 R
+(origination date in RFC 822 format.)2.5 E(This is e)5 E
+(xtracted from the Date: line.)-.15 E 12.5($b The)102 267.2 R
+(current date in RFC 822 format.)2.5 E 13.06($c The)102 283.4 R .003
+(hop count.)2.503 F .003(This is a count of the number of Recei)5.003 F
+-.15(ve)-.25 G .002(d: lines plus the v).15 F .002(alue of the)-.25 F F0
+<ad68>2.502 E F1(com-)2.502 E(mand line \215ag.)127 295.4 Q 12.5($d The)
+102 311.6 R(current date in UNIX \(ctime\) format.)2.5 E 8.06
+($e\207 \(Obsolete;)102 327.8 R 1.814
+(use SmtpGreetingMessage option instead.\))4.314 F 1.814
+(The SMTP entry message.)6.814 F 1.814(This is)6.814 F .632
+(printed out when SMTP starts up.)127 339.8 R .631(The \214rst w)5.631 F
+.631(ord must be the)-.1 F F0($j)3.131 E F1 .631
+(macro as speci\214ed by RFC)3.131 F 2.97(821. Def)127 351.8 R .47
+(aults to \231$j Sendmail $v ready at $b\232.)-.1 F .47
+(Commonly rede\214ned to include the con\214gu-)5.47 F(ration v)127
+363.8 Q(ersion number)-.15 E 2.5(,e)-.4 G
+(.g., \231$j Sendmail $v/$Z ready at $b\232)-2.5 E 14.17($f The)102 380
+R(en)2.5 E -.15(ve)-.4 G(lope sender \(from\) address.).15 E 12.5
+($g The)102 396.2 R .018(sender address relati)2.518 F .318 -.15(ve t)
+-.25 H 2.518(ot).15 G .018(he recipient.)-2.518 F -.15(Fo)5.018 G 2.518
+(re).15 G .017(xample, if)-2.668 F F0($f)2.517 E F1 .017
+(is \231foo\232,)2.517 F F0($g)2.517 E F1 .017
+(will be \231host!foo\232,)2.517 F(\231foo@host.domain\232, or whate)127
+408.2 Q -.15(ve)-.25 G 2.5(ri).15 G 2.5(sa)-2.5 G
+(ppropriate for the recei)-2.5 E(ving mailer)-.25 E(.)-.55 E 12.5
+($h The)102 424.4 R(recipient host.)2.5 E
+(This is set in ruleset 0 from the $@ \214eld of a parsed address.)5 E
+14.72($i The)102 440.6 R(queue id, e.g., \231f344MXxp018717\232.)2.5 E
+9.72($j\210 The)102 456.8 R(\231of)2.746 E .247
+(\214cial\232 domain name for this site.)-.25 F .247
+(This is fully quali\214ed if the full quali\214cation can be)5.247 F
+3.094(found. It)127 468.8 R F2(must)3.094 E F1 .593(be rede\214ned to b\
+e the fully quali\214ed domain name if your system is not con-)3.094 F
+(\214gured so that information can \214nd it automatically)127 480.8 Q
+(.)-.65 E 12.5($k The)102 497 R
+(UUCP node name \(from the uname system call\).)2.5 E 9.72
+($l\207 \(Obsolete;)102 513.2 R 1.281
+(use UnixFromLine option instead.\))3.781 F 1.282
+(The format of the UNIX from line.)6.282 F(Unless)6.282 E 1.41(you ha)
+127 525.2 R 1.71 -.15(ve c)-.2 H 1.409
+(hanged the UNIX mailbox format, you should not change the def).15 F
+1.409(ault, which is)-.1 F(\231From $g $d\232.)127 537.2 Q 9.72($m The)
+102 553.4 R .718(domain part of the)3.218 F F2 -.1(ge)3.218 G(thostname)
+.1 E F1 .718(return v)3.218 F 3.219(alue. Under)-.25 F .719
+(normal circumstances,)3.219 F F0($j)3.219 E F1 .719(is equi)3.219 F(v-)
+-.25 E(alent to)127 565.4 Q F0($w)2.5 E(.$m)-.7 E F1(.)A 7.5($n\207 The)
+102 581.6 R(name of the daemon \(for error messages\).)2.5 E(Def)5 E
+(aults to \231MAILER-D)-.1 E(AEMON\232.)-.4 E 7.5($o\207 \(Obsolete:)102
+597.8 R .651(use OperatorChars option instead.\))3.151 F .651
+(The set of \231operators\232 in addresses.)5.651 F 3.15(Al)5.65 G .65
+(ist of)-3.15 F .581(characters which will be considered tok)127 609.8 R
+.582(ens and which will separate tok)-.1 F .582(ens when doing pars-)-.1
+F 3.278(ing. F)127 621.8 R .778(or e)-.15 F .778
+(xample, if \231@\232 were in the)-.15 F F0($o)3.278 E F1 .777
+(macro, then the input \231a@b\232 w)3.278 F .777(ould be scanned as)-.1
+F .627(three tok)127 633.8 R .627(ens: \231a,)-.1 F 3.127<9a99>-.7 G(@,)
+-3.127 E 3.127<9a61>-.7 G .627(nd \231b)-3.127 F 4.527 -.7(.\232 D)-.4 H
+(ef).7 E .628
+(aults to \231.:@[]\232, which is the minimum set necessary to)-.1 F
+.856(do RFC 822 parsing; a richer set of operators is \231.:%@!/[]\232,\
+ which adds support for UUCP)127 645.8 R(,)-1.11 E
+(the %-hack, and X.400 addresses.)127 657.8 Q .32 LW 76 678.8 72 678.8
+DL 80 678.8 76 678.8 DL 84 678.8 80 678.8 DL 88 678.8 84 678.8 DL 92
+678.8 88 678.8 DL 96 678.8 92 678.8 DL 100 678.8 96 678.8 DL 104 678.8
+100 678.8 DL 108 678.8 104 678.8 DL 112 678.8 108 678.8 DL 116 678.8 112
+678.8 DL 120 678.8 116 678.8 DL 124 678.8 120 678.8 DL 128 678.8 124
+678.8 DL 132 678.8 128 678.8 DL 136 678.8 132 678.8 DL 140 678.8 136
+678.8 DL 144 678.8 140 678.8 DL 148 678.8 144 678.8 DL 152 678.8 148
+678.8 DL 156 678.8 152 678.8 DL 160 678.8 156 678.8 DL 164 678.8 160
+678.8 DL 168 678.8 164 678.8 DL 172 678.8 168 678.8 DL 176 678.8 172
+678.8 DL 180 678.8 176 678.8 DL 184 678.8 180 678.8 DL 188 678.8 184
+678.8 DL 192 678.8 188 678.8 DL 196 678.8 192 678.8 DL 200 678.8 196
+678.8 DL 204 678.8 200 678.8 DL 208 678.8 204 678.8 DL 212 678.8 208
+678.8 DL 216 678.8 212 678.8 DL/F4 5/Times-Roman@0 SF(16)93.6 689.2 Q/F5
+8/Times-Roman@0 SF(As of v)3.2 I(ersion 8.6, all of these macros ha)-.12
+E .24 -.12(ve r)-.16 H(easonable def).12 E 2(aults. Pre)-.08 F(vious v)
+-.2 E(ersions required that the)-.12 E 2(yb)-.12 G 2(ed)-2 G(e\214ned.)
+-2 E 0 Cg EP
%%Page: 49 45
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3439>195.86 E
-/F1 10/Times-Roman@0 SF<736861312c20616e6420736861323536206172652061>127
-96 Q -.25<7661>-.2 G 2.5<696c61626c652e20536565>.25 F
-<6f70656e73736c2064677374202d68>167 112.2 Q<666f722061206c6973742e>127
-128.4 Q<247b636572745f6973737565727d>102 144.6 Q .709<54686520444e202864
-697374696e67756973686564206e616d6529206f6620746865204341202863657274698c
-6361746520617574686f72697479292074686174207369676e6564207468652070726573
-656e74656420636572>127 156.6 R<2d>-.2 E
-<74698c6361746520287468652063657274206973737565722920285354>127 168.6 Q
-<4152>-.93 E<54544c53206f6e6c79292e>-.6 E<247b636572745f6d64357d>102
-184.8 Q 2.134<546865204d44352068617368206f66207468652070726573656e746564
-2063657274698c6361746520285354>127 196.8 R<4152>-.93 E 2.134
-<54544c53206f6e6c79292e>-.6 F 2.134
-<4e6f74653a2074686973206d6163726f206973206f6e6c79>7.134 F
-<64658c6e656420696620746865206f7074696f6e>127 208.8 Q F0
-<4365727446696e676572>2.5 E<7072696e74416c676f726974686d>-.1 E F1
-<6973206e6f74207365742e>2.5 E<247b636572745f7375626a6563747d>102 225 Q<
-54686520444e206f66207468652070726573656e7465642063657274698c636174652028
-63616c6c6564207468652063657274207375626a6563742920285354>127 237 Q<4152>
--.93 E<54544c53206f6e6c79292e>-.6 E<247b6369706865727d>102 253.2 Q .228<
-54686520636970686572207375697465207573656420666f722074686520636f6e6e6563
-74696f6e2c20652e672e2c204544482d4453532d4445532d434243332d5348412c204544
-482d5253412d4445532d>127 265.2 R<4342432d5348412c204445532d4342432d4d44
-352c204445532d434243332d53484120285354>127 277.2 Q<4152>-.93 E
-<54544c53206f6e6c79292e>-.6 E<247b6369706865725f626974737d>102 293.4 Q
-.687<546865206566>127 305.4 R<6665637469>-.25 E .987 -.15<7665206b>-.25
-H -.15<6579>.05 G .688<6c656e6774682028696e206269747329206f662074686520
-73796d6d657472696320656e6372797074696f6e20616c676f726974686d207573656420
-666f72206120544c5320636f6e2d>.15 F<6e656374696f6e2e>127 317.4 Q
-<247b636c69656e745f616464727d>102 333.6 Q 2.302
-<5468652049502061646472657373206f662074686520534d545020636c69656e742e>
-127 345.6 R 2.302<495076362061646472657373657320617265207461676765642077
-6974682022495076363a22206265666f726520746865>7.302 F 2.5
-<616464726573732e2044658c6e6564>127 357.6 R
-<696e2074686520534d54502073657276>2.5 E<6572206f6e6c79>-.15 E<2e>-.65 E
-<247b636c69656e745f636f6e6e656374696f6e737d>102 373.8 Q<546865206e756d62
-6572206f66206f70656e20636f6e6e656374696f6e7320696e2074686520534d54502073
-657276>127 385.8 Q
-<657220666f722074686520636c69656e7420495020616464726573732e>-.15 E
-<247b636c69656e745f8d6167737d>102 402 Q 1.524<546865208d6167732073706563
-698c656420627920746865204d6f64698c65723d2070617274206f66>127 414 R F0
-<436c69656e7450>4.024 E<6f72744f7074696f6e73>-.2 E F1 1.525
-<7768657265208d6167732061726520736570617261746564>4.024 F 1.133<66726f6d
-2065616368206f746865722062792073706163657320616e642075707065722063617365
-208d6167732061726520646f75626c65642e>127 426 R 1.132
-<546861742069732c204d6f64698c65723d68412077696c6c206265>6.132 F
-<726570726573656e7465642061732022682041412220696e>127 438 Q F0
-<247b636c69656e745f8d6167737d>2.5 E F1 2.5<2c77>C<6869636820697320726571
-756972656420666f722074657374696e6720746865208d61677320696e2072756c657365
-74732e>-2.5 E<247b636c69656e745f6e616d657d>102 454.2 Q .24
-<54686520686f7374206e616d65206f662074686520534d545020636c69656e742e>127
-466.2 R .241<54686973206d61792062652074686520636c69656e7427>5.24 F 2.741
-<7362>-.55 G<7261636b>-2.741 E .241
-<65746564204950206164647265737320696e2074686520666f726d>-.1 F 3.322
-<5b6e>127 478.2 S .821<6e6e2e6e6e6e2e6e6e6e2e6e6e6e205d20666f7220495076
-3420616e64205b20495076363a6e6e6e6e3a2e2e2e3a6e6e6e6e205d20666f7220495076
-362069662074686520636c69656e7427>-3.322 F 3.321<7349>-.55 G 3.321<5061>
--3.321 G .821<646472657373206973>-3.321 F .21<6e6f74207265736f6c76>127
-490.2 R .21<61626c652c206f72206966206974206973207265736f6c76>-.25 F .21
-<61626c652062>-.25 F .21
-<7574207468652049502061646472657373206f6620746865207265736f6c76>-.2 F
-.21<656420686f73746e616d6520646f65736e27>-.15 F 2.71<746d>-.18 G
-<61746368>-2.71 E<746865206f726967696e616c20495020616464726573732e>127
-502.2 Q<44658c6e656420696e2074686520534d54502073657276>5 E
-<6572206f6e6c79>-.15 E 5<2e53>-.65 G<656520616c736f>-5 E F0
-<247b636c69656e745f72>2.5 E<65736f6c76>-.18 E<657d>-.1 E F1<2e>A
-<247b636c69656e745f706f72747d>102 518.4 Q
-<54686520706f7274206e756d626572206f662074686520534d545020636c69656e742e>
-127 530.4 Q<44658c6e656420696e2074686520534d54502073657276>5 E
-<6572206f6e6c79>-.15 E<2e>-.65 E<247b636c69656e745f7074727d>102 546.6 Q
-3.634<54686520726573756c74206f662074686520505452206c6f6f6b757020666f7220
-74686520636c69656e7420495020616464726573732e>127 558.6 R 3.633
-<4e6f74653a2074686973206973207468652073616d65206173>8.634 F F0
-<247b636c69656e745f6e616d657d>127 570.6 Q F1
-<696620616e64206f6e6c79206966>2.5 E F0<247b636c69656e745f72>2.5 E
-<65736f6c76>-.18 E<657d>-.1 E F1<6973204f4b2e>2.5 E
-<44658c6e656420696e2074686520534d54502073657276>5 E<6572206f6e6c79>-.15
-E<2e>-.65 E<247b636c69656e745f726174657d>102 586.8 Q .266<546865206e756d
-626572206f6620696e636f6d696e6720636f6e6e656374696f6e7320666f722074686520
-636c69656e742049502061646472657373206f>127 598.8 R -.15<7665>-.15 G
-2.766<7274>.15 G .266<68652074696d6520696e74657276>-2.766 F .266
-<616c2073706563698c6564>-.25 F<627920436f6e6e656374696f6e5261746557>127
-610.8 Q<696e646f>-.4 E<7753697a652e>-.25 E
-<247b636c69656e745f7265736f6c76>102 627 Q<657d>-.15 E
-<486f6c64732074686520726573756c74206f6620746865207265736f6c76>127 639 Q
-2.5<6563>-.15 G<616c6c20666f72>-2.5 E F0<247b636c69656e745f6e616d657d>
-2.5 E F1 5<2e50>C<6f737369626c652076>-5 E<616c756573206172653a>-.25 E
-33.06<4f4b207265736f6c76>167 655.2 R<6564207375636365737366756c6c79>-.15
-E -.74<4641>167 667.2 S 26.02<494c207065726d616e656e74>.74 F
-<6c6f6f6b75702066>2.5 E<61696c757265>-.1 E 7.5<464f5247454420666f7277>
-167 679.2 R<617264206c6f6f6b757020646f65736e27>-.1 E 2.5<746d>-.18 G
-<61746368207265>-2.5 E -.15<7665>-.25 G<727365206c6f6f6b7570>.15 E 20.83
-<54454d502074656d706f72617279>167 691.2 R<6c6f6f6b75702066>2.5 E
-<61696c757265>-.1 E .208<44658c6e656420696e2074686520534d54502073657276>
-127 707.4 R .208<6572206f6e6c79>-.15 F<2e>-.65 E/F2 10/Times-Italic@0 SF
-<73656e646d61696c>5.208 E F1 .208<706572666f726d73206120686f73746e616d65
-206c6f6f6b7570206f6e207468652049502061646472657373206f66>2.708 F .561
-<74686520636f6e6e656374696e6720636c69656e742e>127 719.4 R<4e65>5.561 E
-.561<78742074686520495020616464726573736573206f66207468617420686f73746e
-616d6520617265206c6f6f6b>-.15 F .561<65642075702e>-.1 F .562
-<49662074686520636c69656e74204950>5.562 F 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-49)195.86 E/F1 10/Times-Roman@0 SF 12.5($p Sendmail')102 96 R
+2.5(sp)-.55 G(rocess id.)-2.5 E 7.5($q\207 Def)102 112.2 R .403
+(ault format of sender address.)-.1 F(The)5.403 E F0($q)2.903 E F1 .403
+(macro speci\214es ho)2.903 F 2.903(wa)-.25 G 2.904(na)-2.903 G .404
+(ddress should appear in a)-2.904 F 1.181(message when it is def)127
+124.2 R 3.681(aulted. Def)-.1 F 1.181(aults to \231<$g>\232.)-.1 F 1.18
+(It is commonly rede\214ned to be \231$?x$x)6.181 F(<$g>$|$g$.)127 136.2
+Q 5<9a6f>-.7 G 2.5<7299>-5 G($g$?x \($x\)$.)-2.5 E
+(\232, corresponding to the follo)-.7 E(wing tw)-.25 E 2.5(of)-.1 G
+(ormats:)-2.5 E(Eric Allman <eric@CS.Berk)167 152.4 Q(ele)-.1 E -.65(y.)
+-.15 G(EDU>).65 E(eric@CS.Berk)167 164.4 Q(ele)-.1 E -.65(y.)-.15 G
+(EDU \(Eric Allman\)).65 E/F2 10/Times-Italic@0 SF(Sendmail)127 180.6 Q
+F1(properly quotes names that ha)2.5 E .3 -.15(ve s)-.2 H
+(pecial characters if the \214rst form is used.).15 E 14.17($r Protocol)
+102 196.8 R .976(used to recei)3.476 F 1.276 -.15(ve t)-.25 H .976
+(he message.).15 F .976(Set from the)5.976 F F0<ad70>3.476 E F1 .977
+(command line \215ag or by the SMTP)3.476 F(serv)127 208.8 Q(er code.)
+-.15 E 13.61($s Sender')102 225 R 3.947(sh)-.55 G 1.447(ost name.)-3.947
+F 1.447(Set from the)6.447 F F0<ad70>3.947 E F1 1.447
+(command line \215ag or by the SMTP serv)3.947 F 1.446(er code \(in)-.15
+F(which case it is set to the EHLO/HELO parameter\).)127 237 Q 14.72
+($t A)102 253.2 R 1.607(numeric representation of the current time in t\
+he format YYYYMMDDHHmm \(4 digit)4.106 F .576(year 1900-9999, 2 digit m\
+onth 01-12, 2 digit day 01-31, 2 digit hours 00-23, 2 digit minutes)127
+265.2 R(00-59\).)127 277.2 Q 12.5($u The)102 293.4 R(recipient user)2.5
+E(.)-.55 E 12.5($v The)102 309.6 R -.15(ve)2.5 G(rsion number of the).15
+E F2(sendmail)2.5 E F1(binary)2.5 E(.)-.65 E 5.28($w\210 The)102 325.8 R
+(hostname of this site.)2.5 E(This is the root name of this host \(b)5 E
+(ut see belo)-.2 E 2.5(wf)-.25 G(or ca)-2.5 E -.15(ve)-.2 G(ats\).).15 E
+12.5($x The)102 342 R(full name of the sender)2.5 E(.)-.55 E 13.06
+($z The)102 358.2 R(home directory of the recipient.)2.5 E 12.5($_ The)
+102 374.4 R -.25(va)2.5 G(lidated sender address.).25 E(See also)5 E F0
+(${client_r)2.5 E(esolv)-.18 E(e})-.1 E F1(.)A(${addr_type})102 390.6 Q
+.802(The type of the address which is currently being re)127 402.6 R
+3.303(written. This)-.25 F .803(macro contains up to three)3.303 F .393
+(characters, the \214rst is either `e' or `h' for en)127 414.6 R -.15
+(ve)-.4 G .392(lope/header address, the second is a space, and).15 F
+(the third is either `s' or `r' for sender/recipient address.)127 426.6
+Q(${alg_bits})102 442.8 Q .242(The maximum k)127 454.8 R -.15(ey)-.1 G
+.243(length \(in bits\) of the symmetric encryption algorithm used for \
+a TLS con-).15 F 2.823(nection. This)127 466.8 R .322
+(may be less than the ef)2.823 F(fecti)-.25 E .622 -.15(ve k)-.25 H -.15
+(ey).05 G .322(length, which is stored in).15 F F0(${cipher_bits})2.822
+E F1 2.822(,f)C(or)-2.822 E -.74(``)127 478.8 S -.15(ex).74 G
+(port controlled').15 E 2.5('a)-.74 G(lgorithms.)-2.5 E(${auth_authen})
+102 495 Q 1.222(The client')127 507 R 3.722(sa)-.55 G 1.223(uthenticati\
+on credentials as determined by authentication \(only set if success-)
+-3.722 F 2.728(ful\). The)127 519 R .227(format depends on the mechanis\
+m used, it might be just `user', or `user@realm', or)2.728 F
+(something similar \(SMTP A)127 531 Q(UTH only\).)-.55 E(${auth_author})
+102 547.2 Q 1.301(The authorization identity)127 559.2 R 3.801(,i)-.65 G
+1.301(.e. the A)-3.801 F 1.301(UTH= parameter of the)-.55 F/F3 9
+/Times-Roman@0 SF 1.302(SMTP MAIL)3.801 F F1 1.302(command if sup-)3.802
+F(plied.)127 571.2 Q(${auth_type})102 587.4 Q
+(The mechanism used for SMTP authentication \(only set if successful\).)
+127 599.4 Q(${auth_ssf})102 615.6 Q .321(The k)127 627.6 R -.15(ey)-.1 G
+.321(length \(in bits\) of the symmetric encryption algorithm used for \
+the security layer of a).15 F(SASL mechanism.)127 639.6 Q(${bodytype})
+102 655.8 Q
+(The message body type \(7BIT or 8BITMIME\), as determined from the en)
+127 667.8 Q -.15(ve)-.4 G(lope.).15 E(${cert_fp})102 684 Q 2.288
+(The \214ngerprint of the presented certi\214cate \(ST)127 696 R(AR)-.93
+E 2.288(TTLS only\).)-.6 F 2.289(Note: this macro is only)7.288 F .017
+(de\214ned if the option)127 708 R F0(CertFinger)2.517 E(printAlgorithm)
+-.1 E F1 .016(is set, in which case the speci\214ed \214ngerprint)2.517
+F 1.076(algorithm is used.)127 720 R 1.077(The v)6.077 F 1.077
+(alid algorithms depend on the OpenSSL v)-.25 F 1.077(ersion, b)-.15 F
+1.077(ut usually md5,)-.2 F 0 Cg EP
%%Page: 50 46
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d35302053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .782<6164647265737320646f6573206e6f742061707065
-617220696e2074686174206c6973742c207468656e2074686520686f73746e616d652069
-73206d6179626520666f72>127 96 R 3.282<6765642e2054686973>-.18 F .781
-<69732072658d6563746564206173>3.282 F<7468652076>127 108 Q
-<616c756520464f5247454420666f72>-.25 E F0<247b636c69656e745f72>2.5 E
-<65736f6c76>-.18 E<657d>-.1 E F1<616e6420697420616c736f2073686f>2.5 E
-<777320757020696e>-.25 E F0<245f>2.5 E F1
-<61732022286d617920626520666f72>2.5 E<67656429222e>-.18 E
-<247b636e5f6973737565727d>102 124.2 Q .874<54686520434e2028636f6d6d6f6e
-206e616d6529206f66207468652043412074686174207369676e65642074686520707265
-73656e7465642063657274698c6361746520285354>127 136.2 R<4152>-.93 E .874
-<54544c53206f6e6c79292e>-.6 F .376
-<4e6f74653a2069662074686520434e2063616e6e6f742062652065>127 148.2 R .376
-<78747261637465642070726f7065726c792069742077696c6c206265207265706c6163
-6564206279206f6e65206f6620746865736520737472696e6773206261736564>-.15 F
-<6f6e2074686520656e636f756e7465726564206572726f723a>127 160.2 Q 8.62
-<42616443657274698c63617465436f6e7461696e734e554c20434e>167 176.4 R
-<636f6e7461696e732061204e554c20636861726163746572>2.5 E
-<42616443657274698c6361746554>167 188.4 Q 28.31<6f6f4c6f6e6720434e>-.8 F
-<697320746f6f206c6f6e67>2.5 E<42616443657274698c63617465556e6b6e6f>167
-200.4 Q 25.54<776e20434e>-.25 F<636f756c64206e6f742062652065>2.5 E
-<7874726163746564>-.15 E<496e20746865206c61737420636173652c20736f6d6520
-6f746865722028756e73706563698c6329206572726f72206f636375727265642e>127
-216.6 Q<247b636e5f7375626a6563747d>102 232.8 Q 1.251<54686520434e202863
-6f6d6d6f6e206e616d6529206f66207468652070726573656e7465642063657274698c63
-61746520285354>127 244.8 R<4152>-.93 E 1.251<54544c53206f6e6c79292e>-.6
-F<536565>6.251 E F0<247b636e5f6973737565727d>3.751 E F1
-<666f7220706f737369626c65207265706c6163656d656e74732e>127 256.8 Q
-<247b637572724865616465727d>102 273 Q .164<4865616465722076>127 285 R
-.164<616c75652061732071756f74656420737472696e672028706f737369626c792074
-72756e636174656420746f>-.25 F F0<4d41584e>2.664 E<414d45>-.2 E F1 2.664
-<292e2054686973>B .163<6d6163726f206973206f6e6c792061>2.664 F -.25<7661>
--.2 G<696c2d>.25 E
-<61626c6520696e2068656164657220636865636b2072756c65736574732e>127 297 Q
-<247b6461656d6f6e5f616464727d>102 313.2 Q<546865204950206164647265737320
-746865206461656d6f6e206973206c697374656e696e67206f6e20666f7220636f6e6e65
-6374696f6e732e>127 325.2 Q<247b6461656d6f6e5f66>102 341.4 Q
-<616d696c797d>-.1 E .355<546865206e657477>127 353.4 R .355<6f726b2066>
--.1 F .356<616d696c7920696620746865206461656d6f6e2069732061636365707469
-6e67206e657477>-.1 F .356<6f726b20636f6e6e656374696f6e732e>-.1 F .356
-<506f737369626c652076>5.356 F .356<616c75657320696e636c756465>-.25 F<99
-696e65749a2c2099696e6574369a2c209969736f9a2c20996e739a2c2099782e32359a>
-127 365.4 Q<247b6461656d6f6e5f8d6167737d>102 381.6 Q .103<546865208d6167
-7320666f7220746865206461656d6f6e2061732073706563698c65642062792074686520
-4d6f64698c65723d2070617274206f66>127 393.6 R F0<4461656d6f6e50>2.603 E
-<6f72744f7074696f6e73>-.2 E F1<77686572656279>2.603 E .548<746865208d61
-677320617265207365706172617465642066726f6d2065616368206f7468657220627920
-7370616365732c20616e642075707065722063617365208d6167732061726520646f7562
-6c65642e>127 405.6 R .549<546861742069732c>5.549 F .37<4d6f64698c65723d
-45612077696c6c20626520726570726573656e7465642061732022454520612220696e>
-127 417.6 R F0<247b6461656d6f6e5f8d6167737d>2.87 E F1 2.87<2c77>C .37
-<6869636820697320726571756972656420666f722074657374696e67>-2.87 F
-<746865208d61677320696e2072756c65736574732e>127 429.6 Q
-<247b6461656d6f6e5f696e666f7d>102 445.8 Q 4.763<536f6d6520696e666f726d61
-74696f6e2061626f75742061206461656d6f6e2061732061207465>127 457.8 R 4.764
-<787420737472696e672e>-.15 F -.15<466f>9.764 G 7.264<7265>.15 G 4.764
-<78616d706c652c2099534d54502b71756575652d>-7.414 F
-<696e674030303a33303a30309a2e>127 469.8 Q<247b6461656d6f6e5f6e616d657d>
-102 486 Q .734<546865206e616d65206f6620746865206461656d6f6e2066726f6d>
-127 498 R F0<4461656d6f6e50>3.234 E<6f72744f7074696f6e73>-.2 E F1 .734
-<4e616d653d207375626f7074696f6e2e>3.234 F .734
-<49662074686973207375626f7074696f6e206973>5.734 F<6e6f74207365742c202244
-61656d6f6e23222c207768657265202320697320746865206461656d6f6e206e756d6265
-72>127 510 Q 2.5<2c69>-.4 G 2.5<7375>-2.5 G<7365642e>-2.5 E
-<247b6461656d6f6e5f706f72747d>102 526.2 Q 1.459<54686520706f727420746865
-206461656d6f6e20697320616363657074696e6720636f6e6e656374696f6e206f6e2e>
-127 538.2 R<556e6c657373>6.459 E F0<4461656d6f6e50>3.959 E
-<6f72744f7074696f6e73>-.2 E F1 1.46<6973207365742c2074686973>3.959 F
-<77696c6c206d6f7374206c696b>127 550.2 Q<656c79206265209932359a2e>-.1 E
-<247b64656c69>102 566.4 Q -.15<7665>-.25 G<72794d6f64657d>.15 E .806
-<5468652063757272656e742064656c69>127 578.4 R -.15<7665>-.25 G .806
-<7279206d6f64652073656e646d61696c206973207573696e672e>.15 F .806
-<497420697320696e697469616c6c792073657420746f207468652076>5.806 F .805
-<616c7565206f6620746865>-.25 F F0<44656c69>3.305 E -.1<7665>-.1 G
-<72792d>.1 E<4d6f6465>127 590.4 Q F1<6f7074696f6e2e>2.5 E<247b656e>102
-606.6 Q<7669647d>-.4 E<54686520656e>127 618.6 Q -.15<7665>-.4 G<6c6f7065
-20696420706172616d657465722028454e5649443d292070617373656420746f2073656e
-646d61696c2061732070617274206f662074686520656e>.15 E -.15<7665>-.4 G
-<6c6f70652e>.15 E<247b6864726c656e7d>102 634.8 Q .339
-<546865206c656e677468206f6620746865206865616465722076>127 646.8 R .339<
-616c75652077686963682069732073746f72656420696e20247b63757272486561646572
-7d20286265666f726520706f737369626c65207472756e636174696f6e292e>-.25 F
-<496620746869732076>127 658.8 Q
-<616c75652069732067726561746572207468616e206f7220657175616c20746f>-.25 E
-F0<4d41584e>2.5 E<414d45>-.2 E F1
-<7468652068656164657220686173206265656e207472756e63617465642e>2.5 E
-<247b6864725f6e616d657d>102 675 Q .167<546865206e616d65206f662074686520
-686561646572208c656c6420666f72207768696368207468652063757272656e74206865
-6164657220636865636b2072756c6573657420686173206265656e2063616c6c65642e>
-127 687 R<54686973>5.166 E .831<69732075736566756c20666f72206120646566>
-127 699 R .832<61756c742068656164657220636865636b2072756c6573657420746f
-2067657420746865206e616d65206f6620746865206865616465723b20746865206d6163
-726f206973206f6e6c79>-.1 F -.2<6176>127 711 S
-<61696c61626c6520696e2068656164657220636865636b2072756c65736574732e>-.05
-E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-50 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(sha1, and sha256 are a)127 96 Q -.25(va)-.2 G 2.5(ilable. See).25 F
+(openssl dgst -h)167 112.2 Q(for a list.)127 128.4 Q(${cert_issuer})102
+144.6 Q .709(The DN \(distinguished name\) of the CA \(certi\214cate au\
+thority\) that signed the presented cer)127 156.6 R(-)-.2 E
+(ti\214cate \(the cert issuer\) \(ST)127 168.6 Q(AR)-.93 E(TTLS only\).)
+-.6 E(${cert_md5})102 184.8 Q 2.134
+(The MD5 hash of the presented certi\214cate \(ST)127 196.8 R(AR)-.93 E
+2.134(TTLS only\).)-.6 F 2.134(Note: this macro is only)7.134 F
+(de\214ned if the option)127 208.8 Q F0(CertFinger)2.5 E(printAlgorithm)
+-.1 E F1(is not set.)2.5 E(${cert_subject})102 225 Q
+(The DN of the presented certi\214cate \(called the cert subject\) \(ST)
+127 237 Q(AR)-.93 E(TTLS only\).)-.6 E(${cipher})102 253.2 Q .228(The c\
+ipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, EDH-RS\
+A-DES-)127 265.2 R(CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA \(ST)127 277.2 Q
+(AR)-.93 E(TTLS only\).)-.6 E(${cipher_bits})102 293.4 Q .687(The ef)127
+305.4 R(fecti)-.25 E .987 -.15(ve k)-.25 H -.15(ey).05 G .688(length \(\
+in bits\) of the symmetric encryption algorithm used for a TLS con-).15
+F(nection.)127 317.4 Q(${client_addr})102 333.6 Q 2.302
+(The IP address of the SMTP client.)127 345.6 R 2.302
+(IPv6 addresses are tagged with "IPv6:" before the)7.302 F 2.5
+(address. De\214ned)127 357.6 R(in the SMTP serv)2.5 E(er only)-.15 E(.)
+-.65 E(${client_connections})102 373.8 Q
+(The number of open connections in the SMTP serv)127 385.8 Q
+(er for the client IP address.)-.15 E(${client_\215ags})102 402 Q 1.524
+(The \215ags speci\214ed by the Modi\214er= part of)127 414 R F0
+(ClientP)4.024 E(ortOptions)-.2 E F1 1.525(where \215ags are separated)
+4.024 F 1.133
+(from each other by spaces and upper case \215ags are doubled.)127 426 R
+1.132(That is, Modi\214er=hA will be)6.132 F(represented as "h AA" in)
+127 438 Q F0(${client_\215ags})2.5 E F1 2.5(,w)C
+(hich is required for testing the \215ags in rulesets.)-2.5 E
+(${client_name})102 454.2 Q .24(The host name of the SMTP client.)127
+466.2 R .241(This may be the client')5.24 F 2.741(sb)-.55 G(rack)-2.741
+E .241(eted IP address in the form)-.1 F 3.322([n)127 478.2 S .821(nn.n\
+nn.nnn.nnn ] for IPv4 and [ IPv6:nnnn:...:nnnn ] for IPv6 if the client\
+')-3.322 F 3.321(sI)-.55 G 3.321(Pa)-3.321 G .821(ddress is)-3.321 F .21
+(not resolv)127 490.2 R .21(able, or if it is resolv)-.25 F .21(able b)
+-.25 F .21(ut the IP address of the resolv)-.2 F .21(ed hostname doesn')
+-.15 F 2.71(tm)-.18 G(atch)-2.71 E(the original IP address.)127 502.2 Q
+(De\214ned in the SMTP serv)5 E(er only)-.15 E 5(.S)-.65 G(ee also)-5 E
+F0(${client_r)2.5 E(esolv)-.18 E(e})-.1 E F1(.)A(${client_port})102
+518.4 Q(The port number of the SMTP client.)127 530.4 Q
+(De\214ned in the SMTP serv)5 E(er only)-.15 E(.)-.65 E(${client_ptr})
+102 546.6 Q 3.634
+(The result of the PTR lookup for the client IP address.)127 558.6 R
+3.633(Note: this is the same as)8.634 F F0(${client_name})127 570.6 Q F1
+(if and only if)2.5 E F0(${client_r)2.5 E(esolv)-.18 E(e})-.1 E F1
+(is OK.)2.5 E(De\214ned in the SMTP serv)5 E(er only)-.15 E(.)-.65 E
+(${client_rate})102 586.8 Q .266
+(The number of incoming connections for the client IP address o)127
+598.8 R -.15(ve)-.15 G 2.766(rt).15 G .266(he time interv)-2.766 F .266
+(al speci\214ed)-.25 F(by ConnectionRateW)127 610.8 Q(indo)-.4 E(wSize.)
+-.25 E(${client_resolv)102 627 Q(e})-.15 E
+(Holds the result of the resolv)127 639 Q 2.5(ec)-.15 G(all for)-2.5 E
+F0(${client_name})2.5 E F1 5(.P)C(ossible v)-5 E(alues are:)-.25 E 33.06
+(OK resolv)167 655.2 R(ed successfully)-.15 E -.74(FA)167 667.2 S 26.02
+(IL permanent).74 F(lookup f)2.5 E(ailure)-.1 E 7.5(FORGED forw)167
+679.2 R(ard lookup doesn')-.1 E 2.5(tm)-.18 G(atch re)-2.5 E -.15(ve)
+-.25 G(rse lookup).15 E 20.83(TEMP temporary)167 691.2 R(lookup f)2.5 E
+(ailure)-.1 E .208(De\214ned in the SMTP serv)127 707.4 R .208(er only)
+-.15 F(.)-.65 E/F2 10/Times-Italic@0 SF(sendmail)5.208 E F1 .208
+(performs a hostname lookup on the IP address of)2.708 F .561
+(the connecting client.)127 719.4 R(Ne)5.561 E .561
+(xt the IP addresses of that hostname are look)-.15 F .561(ed up.)-.1 F
+.562(If the client IP)5.562 F 0 Cg EP
%%Page: 51 47
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3531>195.86 E
-/F1 10/Times-Roman@0 SF<247b69665f616464727d>102 96 Q 1.194
-<5468652049502061646472657373206f662074686520696e74657266>127 108 R
-1.194<616365206f6620616e20696e636f6d696e6720636f6e6e656374696f6e20756e6c
-65737320697420697320696e20746865206c6f6f706261636b206e65742e>-.1 F<4950
-763620616464726573736573206172652074616767656420776974682022495076363a22
-206265666f72652074686520616464726573732e>127 120 Q
-<247b69665f616464725f6f75747d>102 136.2 Q 1.332
-<5468652049502061646472657373206f662074686520696e74657266>127 148.2 R
-1.333<616365206f6620616e206f7574676f696e6720636f6e6e656374696f6e20756e6c
-65737320697420697320696e20746865206c6f6f706261636b206e65742e>-.1 F<4950
-763620616464726573736573206172652074616767656420776974682022495076363a22
-206265666f72652074686520616464726573732e>127 160.2 Q<247b69665f66>102
-176.4 Q<616d696c797d>-.1 E<5468652049502066>127 188.4 Q
-<616d696c79206f662074686520696e74657266>-.1 E<616365206f6620616e20696e63
-6f6d696e6720636f6e6e656374696f6e20756e6c65737320697420697320696e20746865
-206c6f6f706261636b206e65742e>-.1 E<247b69665f66>102 204.6 Q
-<616d696c795f6f75747d>-.1 E<5468652049502066>127 216.6 Q
-<616d696c79206f662074686520696e74657266>-.1 E<616365206f6620616e206f7574
-676f696e6720636f6e6e656374696f6e20756e6c65737320697420697320696e20746865
-206c6f6f706261636b206e65742e>-.1 E<247b69665f6e616d657d>102 232.8 Q
-1.086<54686520686f73746e616d65206173736f63696174656420776974682074686520
-696e74657266>127 244.8 R 1.086
-<616365206f6620616e20696e636f6d696e6720636f6e6e656374696f6e2e>-.1 F
-1.086<54686973206d6163726f2063616e206265>6.086 F<7573656420666f7220536d
-74704772656574696e674d65737361676520616e6420485265636569>127 256.8 Q
--.15<7665>-.25 G 2.5<6466>.15 G<6f72207669727475616c20686f7374696e672e>
--2.5 E -.15<466f>5 G 2.5<7265>.15 G<78616d706c653a>-2.65 E 2.5<4f53>167
-273 S<6d74704772656574696e674d6573736167653d243f7b69665f6e616d657d247b69
-665f6e616d657d247c246a242e204d54>-2.5 E<41>-.93 E
-<247b69665f6e616d655f6f75747d>102 293.4 Q
-<546865206e616d65206f662074686520696e74657266>127 305.4 Q
-<616365206f6620616e206f7574676f696e6720636f6e6e656374696f6e2e>-.1 E
-<247b6c6f61645f61>102 321.6 Q<76677d>-.2 E
-<5468652063757272656e74206c6f61642061>127 333.6 Q -.15<7665>-.2 G
-<726167652e>.15 E<247b6d61696c5f616464727d>102 349.8 Q 1.239
-<54686520616464726573732070617274206f6620746865207265736f6c76>127 361.8
-R 1.239<656420747269706c65206f66207468652061646472657373206769>-.15 F
--.15<7665>-.25 G 3.739<6e66>.15 G 1.239<6f7220746865>-3.739 F/F2 9
-/Times-Roman@0 SF 1.24<534d5450204d41494c>3.739 F F1<636f6d6d616e642e>
-3.74 E<44658c6e656420696e2074686520534d54502073657276>127 373.8 Q
-<6572206f6e6c79>-.15 E<2e>-.65 E<247b6d61696c5f686f73747d>102 390 Q .146
-<54686520686f73742066726f6d20746865207265736f6c76>127 402 R .146
-<656420747269706c65206f66207468652061646472657373206769>-.15 F -.15
-<7665>-.25 G 2.646<6e66>.15 G .146<6f7220746865>-2.646 F F2 .145
-<534d5450204d41494c>2.646 F F1 2.645<636f6d6d616e642e2044658c6e6564>
-2.645 F<696e2074686520534d54502073657276>127 414 Q<6572206f6e6c79>-.15 E
-<2e>-.65 E<247b6d61696c5f6d61696c65727d>102 430.2 Q 2.14
-<546865206d61696c65722066726f6d20746865207265736f6c76>127 442.2 R 2.14
-<656420747269706c65206f66207468652061646472657373206769>-.15 F -.15
-<7665>-.25 G 4.641<6e66>.15 G 2.141<6f7220746865>-4.641 F F2 2.141
-<534d5450204d41494c>4.641 F F1<636f6d6d616e642e>4.641 E
-<44658c6e656420696e2074686520534d54502073657276>127 454.2 Q
-<6572206f6e6c79>-.15 E<2e>-.65 E<247b6d73675f69647d>102 470.4 Q
-<5468652076>127 482.4 Q
-<616c7565206f6620746865204d6573736167652d49643a20686561646572>-.25 E<2e>
--.55 E<247b6d73675f73697a657d>102 498.6 Q 1.033<5468652076>127 510.6 R
-1.033<616c7565206f66207468652053495a453d20706172616d65746572>-.25 F
-3.533<2c69>-.4 G 1.032<2e652e2c20757375616c6c79207468652073697a65206f66
-20746865206d6573736167652028696e20616e2045534d5450206469612d>-3.533 F
-1.252<6c6f677565292c206265666f726520746865206d65737361676520686173206265
-656e20636f6c6c65637465642c207468657265616674657220746865206d657373616765
-2073697a6520617320636f6d7075746564206279>127 522.6 R/F3 10
-/Times-Italic@0 SF<73656e646d61696c>127 534.6 Q F1
-<28616e642063616e206265207573656420696e20636865636b5f636f6d706174292e>
-2.5 E<247b6e62616472637074737d>102 550.8 Q<546865206e756d626572206f6620
-62616420726563697069656e747320666f7220612073696e676c65206d6573736167652e>
-127 562.8 Q<247b6e72637074737d>102 579 Q .049
-<546865206e756d626572206f662076>127 591 R .049<616c69646174656420726563
-697069656e747320666f7220612073696e676c65206d6573736167652e>-.25 F .048
-<4e6f74653a2073696e636520726563697069656e742076>5.048 F .048
-<616c69646174696f6e206861702d>-.25 F .472<70656e73206166746572>127 603 R
-F3 -.15<6368>2.973 G<6563>.15 E<6b5f72>-.2 E<637074>-.37 E F1 .473
-<686173206265656e2063616c6c65642c207468652076>2.973 F .473<616c75652069
-6e20746869732072756c65736574206973206f6e65206c657373207468616e2077686174
-206d69676874206265>-.25 F -.15<6578>127 615 S<7065637465642e>.15 E
-<247b6e74726965737d>102 631.2 Q<546865206e756d626572206f662064656c69>127
-643.2 Q -.15<7665>-.25 G<727920617474656d7074732e>.15 E
-<247b6f704d6f64657d>102 659.4 Q<5468652063757272656e74206f7065726174696f
-6e206d6f6465202866726f6d20746865>127 671.4 Q F0<ad62>2.5 E F1
-<8d6167292e>2.5 E<247b71756172616e74696e657d>102 687.6 Q
-<5468652071756172616e74696e6520726561736f6e20666f722074686520656e>127
-699.6 Q -.15<7665>-.4 G
-<6c6f70652c2069662069742069732071756172616e74696e65642e>.15 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-51)195.86 E/F1 10/Times-Roman@0 SF .782
+(address does not appear in that list, then the hostname is maybe for)
+127 96 R 3.282(ged. This)-.18 F .781(is re\215ected as)3.282 F(the v)127
+108 Q(alue FORGED for)-.25 E F0(${client_r)2.5 E(esolv)-.18 E(e})-.1 E
+F1(and it also sho)2.5 E(ws up in)-.25 E F0($_)2.5 E F1
+(as "\(may be for)2.5 E(ged\)".)-.18 E(${cn_issuer})102 124.2 Q .874(Th\
+e CN \(common name\) of the CA that signed the presented certi\214cate \
+\(ST)127 136.2 R(AR)-.93 E .874(TTLS only\).)-.6 F .376
+(Note: if the CN cannot be e)127 148.2 R .376
+(xtracted properly it will be replaced by one of these strings based)
+-.15 F(on the encountered error:)127 160.2 Q 8.62
+(BadCerti\214cateContainsNUL CN)167 176.4 R(contains a NUL character)2.5
+E(BadCerti\214cateT)167 188.4 Q 28.31(ooLong CN)-.8 F(is too long)2.5 E
+(BadCerti\214cateUnkno)167 200.4 Q 25.54(wn CN)-.25 F(could not be e)2.5
+E(xtracted)-.15 E
+(In the last case, some other \(unspeci\214c\) error occurred.)127 216.6
+Q(${cn_subject})102 232.8 Q 1.251
+(The CN \(common name\) of the presented certi\214cate \(ST)127 244.8 R
+(AR)-.93 E 1.251(TTLS only\).)-.6 F(See)6.251 E F0(${cn_issuer})3.751 E
+F1(for possible replacements.)127 256.8 Q(${currHeader})102 273 Q .164
+(Header v)127 285 R .164(alue as quoted string \(possibly truncated to)
+-.25 F F0(MAXN)2.664 E(AME)-.2 E F1 2.664(\). This)B .163
+(macro is only a)2.664 F -.25(va)-.2 G(il-).25 E
+(able in header check rulesets.)127 297 Q(${daemon_addr})102 313.2 Q
+(The IP address the daemon is listening on for connections.)127 325.2 Q
+(${daemon_f)102 341.4 Q(amily})-.1 E .355(The netw)127 353.4 R .355
+(ork f)-.1 F .356(amily if the daemon is accepting netw)-.1 F .356
+(ork connections.)-.1 F .356(Possible v)5.356 F .356(alues include)-.25
+F(\231inet\232, \231inet6\232, \231iso\232, \231ns\232, \231x.25\232)127
+365.4 Q(${daemon_\215ags})102 381.6 Q .103
+(The \215ags for the daemon as speci\214ed by the Modi\214er= part of)
+127 393.6 R F0(DaemonP)2.603 E(ortOptions)-.2 E F1(whereby)2.603 E .548
+(the \215ags are separated from each other by spaces, and upper case \
+\215ags are doubled.)127 405.6 R .549(That is,)5.549 F .37
+(Modi\214er=Ea will be represented as "EE a" in)127 417.6 R F0
+(${daemon_\215ags})2.87 E F1 2.87(,w)C .37(hich is required for testing)
+-2.87 F(the \215ags in rulesets.)127 429.6 Q(${daemon_info})102 445.8 Q
+4.763(Some information about a daemon as a te)127 457.8 R 4.764
+(xt string.)-.15 F -.15(Fo)9.764 G 7.264(re).15 G 4.764
+(xample, \231SMTP+queue-)-7.414 F(ing@00:30:00\232.)127 469.8 Q
+(${daemon_name})102 486 Q .734(The name of the daemon from)127 498 R F0
+(DaemonP)3.234 E(ortOptions)-.2 E F1 .734(Name= suboption.)3.234 F .734
+(If this suboption is)5.734 F
+(not set, "Daemon#", where # is the daemon number)127 510 Q 2.5(,i)-.4 G
+2.5(su)-2.5 G(sed.)-2.5 E(${daemon_port})102 526.2 Q 1.459
+(The port the daemon is accepting connection on.)127 538.2 R(Unless)
+6.459 E F0(DaemonP)3.959 E(ortOptions)-.2 E F1 1.46(is set, this)3.959 F
+(will most lik)127 550.2 Q(ely be \23125\232.)-.1 E(${deli)102 566.4 Q
+-.15(ve)-.25 G(ryMode}).15 E .806(The current deli)127 578.4 R -.15(ve)
+-.25 G .806(ry mode sendmail is using.).15 F .806
+(It is initially set to the v)5.806 F .805(alue of the)-.25 F F0(Deli)
+3.305 E -.1(ve)-.1 G(ry-).1 E(Mode)127 590.4 Q F1(option.)2.5 E(${en)102
+606.6 Q(vid})-.4 E(The en)127 618.6 Q -.15(ve)-.4 G
+(lope id parameter \(ENVID=\) passed to sendmail as part of the en).15 E
+-.15(ve)-.4 G(lope.).15 E(${hdrlen})102 634.8 Q .339
+(The length of the header v)127 646.8 R .339
+(alue which is stored in ${currHeader} \(before possible truncation\).)
+-.25 F(If this v)127 658.8 Q(alue is greater than or equal to)-.25 E F0
+(MAXN)2.5 E(AME)-.2 E F1(the header has been truncated.)2.5 E
+(${hdr_name})102 675 Q .167(The name of the header \214eld for which th\
+e current header check ruleset has been called.)127 687 R(This)5.166 E
+.831(is useful for a def)127 699 R .832(ault header check ruleset to ge\
+t the name of the header; the macro is only)-.1 F -.2(av)127 711 S
+(ailable in header check rulesets.)-.05 E 0 Cg EP
%%Page: 52 48
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d35322053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<247b71756575655f696e74657276>102 96 Q<616c7d>
--.25 E .362<5468652071756575652072756e20696e74657276>127 108 R .362
-<616c206769>-.25 F -.15<7665>-.25 G 2.862<6e62>.15 G 2.862<7974>-2.862 G
-<6865>-2.862 E F0<ad71>2.861 E F1 2.861<8d61672e2046>2.861 F .361
-<6f722065>-.15 F<78616d706c652c>-.15 E F0<ad7133306d>2.861 E F1 -.1
-<776f>2.861 G .361<756c6420736574>.1 F F0<247b71756575655f696e746572>
-2.861 E<2d>-.37 E -.1<7661>127 120 S<6c7d>.1 E F1
-<746f209930303a33303a30309a2e>2.5 E<247b726370745f616464727d>102 136.2 Q
-1.271<54686520616464726573732070617274206f6620746865207265736f6c76>127
-148.2 R 1.272<656420747269706c65206f66207468652061646472657373206769>
--.15 F -.15<7665>-.25 G 3.772<6e66>.15 G 1.272<6f7220746865>-3.772 F/F2
-9/Times-Roman@0 SF 1.272<534d54502052435054>3.772 F F1<636f6d6d616e642e>
-3.772 E<44658c6e656420696e2074686520534d54502073657276>127 160.2 Q
-<6572206f6e6c792061667465722061205243505420636f6d6d616e642e>-.15 E
-<247b726370745f686f73747d>102 176.4 Q .179
-<54686520686f73742066726f6d20746865207265736f6c76>127 188.4 R .178
-<656420747269706c65206f66207468652061646472657373206769>-.15 F -.15
-<7665>-.25 G 2.678<6e66>.15 G .178<6f7220746865>-2.678 F F2 .178
-<534d54502052435054>2.678 F F1 2.678<636f6d6d616e642e2044658c6e6564>
-2.678 F<696e2074686520534d54502073657276>127 200.4 Q
-<6572206f6e6c792061667465722061205243505420636f6d6d616e642e>-.15 E
-<247b726370745f6d61696c65727d>102 216.6 Q 2.175
-<546865206d61696c65722066726f6d20746865207265736f6c76>127 228.6 R 2.175
-<656420747269706c65206f66207468652061646472657373206769>-.15 F -.15
-<7665>-.25 G 4.675<6e66>.15 G 2.175<6f7220746865>-4.675 F F2 2.176
-<534d54502052435054>4.676 F F1<636f6d6d616e642e>4.676 E
-<44658c6e656420696e2074686520534d54502073657276>127 240.6 Q
-<6572206f6e6c792061667465722061205243505420636f6d6d616e642e>-.15 E
-<247b73657276>102 256.8 Q<65725f616464727d>-.15 E .515
-<5468652061646472657373206f66207468652073657276>127 268.8 R .514<657220
-6f66207468652063757272656e74206f7574676f696e6720534d545020636f6e6e656374
-696f6e2e>-.15 F -.15<466f>5.514 G 3.014<724c>.15 G .514
-<4d54502064656c69>-3.014 F -.15<7665>-.25 G .514<727920746865>.15 F<6d61
-63726f2069732073657420746f20746865206e616d65206f6620746865206d61696c6572>
-127 280.8 Q<2e>-.55 E<247b73657276>102 297 Q<65725f6e616d657d>-.15 E
-<546865206e616d65206f66207468652073657276>127 309 Q<6572206f662074686520
-63757272656e74206f7574676f696e6720534d5450206f72204c4d545020636f6e6e6563
-74696f6e2e>-.15 E<247b74696d657d>102 325.2 Q .006
-<546865206f7574707574206f6620746865>127 337.2 R/F3 10/Times-Italic@0 SF
-<74696d65>2.506 E F1 .007<2833292066756e6374696f6e2c20692e652e2c20746865
-206e756d626572206f66207365636f6e64732073696e6365203020686f7572732c203020
-6d696e757465732c2030207365632d>B<6f6e64732c204a616e7561727920312c203139
-37302c20436f6f7264696e6174656420556e69>127 349.2 Q -.15<7665>-.25 G
-<7273616c2054>.15 E<696d652028555443292e>-.35 E<247b746c735f76>102 365.4
-Q<657273696f6e7d>-.15 E 1.755<54686520544c532f53534c2076>127 377.4 R
-1.755<657273696f6e207573656420666f722074686520636f6e6e656374696f6e2c2065
-2e672e2c20544c5376312c2053534c76332c2053534c76323b2064658c6e656420616674
-6572>-.15 F<5354>127 389.4 Q<4152>-.93 E
-<54544c5320686173206265656e20757365642e>-.6 E
-<247b746f74616c5f726174657d>102 405.6 Q 1.373<54686520746f74616c206e756d
-626572206f6620696e636f6d696e6720636f6e6e656374696f6e73206f>127 417.6 R
--.15<7665>-.15 G 3.873<7274>.15 G 1.373<68652074696d6520696e74657276>
--3.873 F 1.374<616c2073706563698c656420627920436f6e6e656374696f6e2d>-.25
-F<5261746557>127 429.6 Q<696e646f>-.4 E<7753697a652e>-.25 E<247b76>102
-445.8 Q<65726966797d>-.15 E 1.141
-<54686520726573756c74206f66207468652076>127 457.8 R 1.141<6572698c636174
-696f6e206f66207468652070726573656e74656420636572743b206f6e6c792064658c6e
-6564206166746572205354>-.15 F<4152>-.93 E 1.14
-<54544c5320686173206265656e>-.6 F
-<7573656420286f7220617474656d70746564292e>127 469.8 Q
-<506f737369626c652076>5 E<616c756573206172653a>-.25 E 48.06<4f4b2076>167
-486 R<6572698c636174696f6e207375636365656465642e>-.15 E 48.06
-<4e4f206e6f>167 498 R<636572742070726573656e7465642e>2.5 E<4e4f>167 510
-Q 44.85<546e>-.4 G 2.5<6f63>-44.85 G<657274207265717565737465642e>-2.5 E
--.74<4641>167 522 S 41.02<494c2063657274>.74 F<70726573656e7465642062>
-2.5 E<757420636f756c64206e6f742062652076>-.2 E<6572698c65642c>-.15 E
-<652e672e2c20746865207369676e696e67204341206973206d697373696e672e>232
-534 Q 34.73<4e4f4e45205354>167 546 R<4152>-.93 E
-<54544c5320686173206e6f74206265656e20706572666f726d65642e>-.6 E 35.83
-<54454d502074656d706f72617279>167 558 R<6572726f72206f636375727265642e>
-2.5 E<5052>167 570 Q -1.88 -.4<4f54204f>-.4 H 10.7<434f4c20736f6d65>.4 F
-<70726f746f636f6c206572726f72206f63637572726564>2.5 E
-<6174207468652045534d5450206c65>232 582 Q -.15<7665>-.25 G 2.5<6c28>.15
-G<6e6f7420544c53292e>-2.5 E<534f465457>167 594 Q 9.81<415245205354>-1.2
-F<4152>-.93 E<54544c532068616e647368616b>-.6 E 2.5<6566>-.1 G
-<61696c65642c>-2.6 E<776869636820697320612066>232 606 Q
-<6174616c206572726f7220666f7220746869732073657373696f6e2c>-.1 E
-<74686520652d6d61696c2077696c6c206265207175657565642e>232 618 Q .749<54
-6865726520617265207468726565207479706573206f6620646174657320746861742063
-616e20626520757365642e>127 638.4 R<546865>5.749 E F0<2461>3.249 E F1
-<616e64>3.249 E F0<2462>3.249 E F1 .749
-<6d6163726f732061726520696e205246432038323220666f72>3.249 F<2d>-.2 E
-<6d61743b>102 650.4 Q F0<2461>3.214 E F1 .714
-<6973207468652074696d652061732065>3.214 F .713<78747261637465642066726f
-6d207468652099446174653a9a206c696e65206f6620746865206d657373616765202869
-662074686572652077>-.15 F .713<6173206f6e65292c20616e64>-.1 F F0<2462>
-3.213 E F1<6973>3.213 E .056<7468652063757272656e74206461746520616e6420
-74696d6520287573656420666f7220706f73746d61726b73292e>102 662.4 R .057<49
-66206e6f2099446174653a9a206c696e6520697320666f756e6420696e2074686520696e
-636f6d696e67206d6573736167652c>5.056 F F0<2461>102 674.4 Q F1 .305
-<69732073657420746f207468652063757272656e742074696d6520616c736f2e>2.805
-F<546865>5.305 E F0<2464>2.805 E F1 .304<6d6163726f2069732065717569>
-2.805 F -.25<7661>-.25 G .304<6c656e7420746f20746865>.25 F F0<2462>2.804
-E F1 .304<6d6163726f20696e20554e495820286374696d652920666f72>2.804 F<2d>
--.2 E<6d61742e>102 686.4 Q .238<546865206d6163726f73>127 702.6 R F0
-<2477>2.738 E F1<2c>A F0<246a>2.738 E F1 2.738<2c61>C<6e64>-2.738 E F0
-<246d>2.738 E F1 .238<6172652073657420746f20746865206964656e74697479206f
-66207468697320686f73742e>2.738 F F3<53656e646d61696c>5.239 E F1 .239
-<747269657320746f208c6e64207468652066756c6c79>2.739 F .335<7175616c698c
-6564206e616d65206f662074686520686f737420696620617420616c6c20706f73736962
-6c653b20697420646f657320746869732062792063616c6c696e67>102 714.6 R F3
--.1<6765>2.834 G<74686f73746e616d65>.1 E F1 .334
-<28322920746f20676574207468652063757272656e74>B 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-52 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(${if_addr})102 96 Q 1.194(The IP address of the interf)127 108 R 1.194
+(ace of an incoming connection unless it is in the loopback net.)-.1 F
+(IPv6 addresses are tagged with "IPv6:" before the address.)127 120 Q
+(${if_addr_out})102 136.2 Q 1.332(The IP address of the interf)127 148.2
+R 1.333(ace of an outgoing connection unless it is in the loopback net.)
+-.1 F(IPv6 addresses are tagged with "IPv6:" before the address.)127
+160.2 Q(${if_f)102 176.4 Q(amily})-.1 E(The IP f)127 188.4 Q
+(amily of the interf)-.1 E
+(ace of an incoming connection unless it is in the loopback net.)-.1 E
+(${if_f)102 204.6 Q(amily_out})-.1 E(The IP f)127 216.6 Q
+(amily of the interf)-.1 E
+(ace of an outgoing connection unless it is in the loopback net.)-.1 E
+(${if_name})102 232.8 Q 1.086(The hostname associated with the interf)
+127 244.8 R 1.086(ace of an incoming connection.)-.1 F 1.086
+(This macro can be)6.086 F(used for SmtpGreetingMessage and HRecei)127
+256.8 Q -.15(ve)-.25 G 2.5(df).15 G(or virtual hosting.)-2.5 E -.15(Fo)5
+G 2.5(re).15 G(xample:)-2.65 E 2.5(OS)167 273 S
+(mtpGreetingMessage=$?{if_name}${if_name}$|$j$. MT)-2.5 E(A)-.93 E
+(${if_name_out})102 293.4 Q(The name of the interf)127 305.4 Q
+(ace of an outgoing connection.)-.1 E(${load_a)102 321.6 Q(vg})-.2 E
+(The current load a)127 333.6 Q -.15(ve)-.2 G(rage.).15 E(${mail_addr})
+102 349.8 Q 1.239(The address part of the resolv)127 361.8 R 1.239
+(ed triple of the address gi)-.15 F -.15(ve)-.25 G 3.739(nf).15 G 1.239
+(or the)-3.739 F/F2 9/Times-Roman@0 SF 1.24(SMTP MAIL)3.739 F F1
+(command.)3.74 E(De\214ned in the SMTP serv)127 373.8 Q(er only)-.15 E
+(.)-.65 E(${mail_host})102 390 Q .146(The host from the resolv)127 402 R
+.146(ed triple of the address gi)-.15 F -.15(ve)-.25 G 2.646(nf).15 G
+.146(or the)-2.646 F F2 .145(SMTP MAIL)2.646 F F1 2.645
+(command. De\214ned)2.645 F(in the SMTP serv)127 414 Q(er only)-.15 E(.)
+-.65 E(${mail_mailer})102 430.2 Q 2.14(The mailer from the resolv)127
+442.2 R 2.14(ed triple of the address gi)-.15 F -.15(ve)-.25 G 4.641(nf)
+.15 G 2.141(or the)-4.641 F F2 2.141(SMTP MAIL)4.641 F F1(command.)4.641
+E(De\214ned in the SMTP serv)127 454.2 Q(er only)-.15 E(.)-.65 E
+(${msg_id})102 470.4 Q(The v)127 482.4 Q(alue of the Message-Id: header)
+-.25 E(.)-.55 E(${msg_size})102 498.6 Q 1.033(The v)127 510.6 R 1.033
+(alue of the SIZE= parameter)-.25 F 3.533(,i)-.4 G 1.032
+(.e., usually the size of the message \(in an ESMTP dia-)-3.533 F 1.252
+(logue\), before the message has been collected, thereafter the message\
+ size as computed by)127 522.6 R/F3 10/Times-Italic@0 SF(sendmail)127
+534.6 Q F1(\(and can be used in check_compat\).)2.5 E(${nbadrcpts})102
+550.8 Q(The number of bad recipients for a single message.)127 562.8 Q
+(${nrcpts})102 579 Q .049(The number of v)127 591 R .049
+(alidated recipients for a single message.)-.25 F .048
+(Note: since recipient v)5.048 F .048(alidation hap-)-.25 F .472
+(pens after)127 603 R F3 -.15(ch)2.973 G(ec).15 E(k_r)-.2 E(cpt)-.37 E
+F1 .473(has been called, the v)2.973 F .473
+(alue in this ruleset is one less than what might be)-.25 F -.15(ex)127
+615 S(pected.).15 E(${ntries})102 631.2 Q(The number of deli)127 643.2 Q
+-.15(ve)-.25 G(ry attempts.).15 E(${opMode})102 659.4 Q
+(The current operation mode \(from the)127 671.4 Q F0<ad62>2.5 E F1
+(\215ag\).)2.5 E(${quarantine})102 687.6 Q
+(The quarantine reason for the en)127 699.6 Q -.15(ve)-.4 G
+(lope, if it is quarantined.).15 E 0 Cg EP
%%Page: 53 49
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3533>195.86 E
-/F1 10/Times-Roman@0 SF .457
-<686f73746e616d6520616e64207468656e2070617373696e67207468617420746f>102
-96 R/F2 10/Times-Italic@0 SF -.1<6765>2.957 G<74686f737462796e616d65>.1
-E F1 .457<28332920776869636820697320737570706f73656420746f2072657475726e
-207468652063616e6f6e6963616c2076>B<6572>-.15 E<2d>-.2 E .279
-<73696f6e206f66207468617420686f7374206e616d652e>102 110 R/F3 7
-/Times-Roman@0 SF<3137>-4 I F1 .279
-<417373756d696e672074686973206973207375636365737366756c2c>2.779 4 N F0
-<246a>2.778 E F1 .278<69732073657420746f207468652066756c6c79207175616c69
-8c6564206e616d6520616e64>2.778 F F0<246d>2.778 E F1<6973>2.778 E .706<73
-657420746f2074686520646f6d61696e2070617274206f6620746865206e616d65202865>
-102 122 R -.15<7665>-.25 G .706
-<72797468696e6720616674657220746865208c72737420646f74292e>.15 F<546865>
-5.706 E F0<2477>3.206 E F1 .706
-<6d6163726f2069732073657420746f20746865208c727374>3.206 F -.1<776f>102
-134 S .359<7264202865>.1 F -.15<7665>-.25 G .358<72797468696e6720626566
-6f726520746865208c72737420646f742920696620796f75206861>.15 F .658 -.15
-<76652061206c>-.2 H -2.15 -.25<65762065>.15 H 2.858<6c356f>.25 G 2.858
-<7268>-2.858 G .358<696768657220636f6e8c6775726174696f6e208c6c653b206f74
-686572776973652c206974>-2.858 F .404
-<69732073657420746f207468652073616d652076>102 146 R .405<616c7565206173>
--.25 F F0<246a>2.905 E F1 5.405<2e49>C 2.905<6674>-5.405 G .405<68652063
-616e6f6e698c636174696f6e206973206e6f74207375636365737366756c2c2069742069
-7320696d706572617469>-2.905 F .705 -.15<76652074>-.25 H .405
-<6861742074686520636f6e8c67>.15 F<8c6c6520736574>102 160 Q F0<246a>2.5 E
-F1<746f207468652066756c6c79207175616c698c656420646f6d61696e206e616d65>
-2.5 E F3<3138>-4 I F1<2e>4 I<546865>127 176.2 Q F0<2466>2.833 E F1 .333<
-6d6163726f20697320746865206964206f66207468652073656e646572206173206f7269
-67696e616c6c792064657465726d696e65643b207768656e206d61696c696e6720746f20
-612073706563698c6320686f7374>2.833 F<746865>102 188.2 Q F0<2467>3.224 E
-F1 .724<6d6163726f2069732073657420746f207468652061646472657373206f662074
-68652073656e646572>3.224 F F2 -.37<7265>3.225 G .725
-<6c617469766520746f207468652072>.37 F<6563697069656e742e>-.37 E F1 -.15
-<466f>5.725 G 3.225<7265>.15 G .725
-<78616d706c652c20696620492073656e6420746f>-3.375 F
-<99626f6c6c617264406d6174697373652e43532e4265726b>102 200.2 Q<656c65>-.1
-E -.65<792e>-.15 G .425
-<4544559a2066726f6d20746865206d616368696e65209976>.65 F
-<616e676f67682e43532e4265726b>-.25 E<656c65>-.1 E -.65<792e>-.15 G .424
-<4544559a20746865>.65 F F0<2466>2.924 E F1<6d6163726f>2.924 E
-<77696c6c2062652099657269639a20616e6420746865>102 212.2 Q F0<2467>2.5 E
-F1<6d6163726f2077696c6c2062652099657269634076>2.5 E
-<616e676f67682e43532e4265726b>-.25 E<656c65>-.1 E -.65<792e>-.15 G
-<4544552e>.65 E<9a>-.7 E<546865>127 228.4 Q F0<2478>2.562 E F1 .062<6d61
-63726f2069732073657420746f207468652066756c6c206e616d65206f66207468652073
-656e646572>2.562 F 5.062<2e54>-.55 G .062
-<6869732063616e2062652064657465726d696e656420696e207365>-5.062 F -.15
-<7665>-.25 G .063<72616c2077>.15 F 2.563<6179732e204974>-.1 F .63
-<63616e20626520706173736564206173208d616720746f>102 240.4 R F2
-<73656e646d61696c>3.13 E F1 5.629<2e49>C 3.129<7463>-5.629 G .629
-<616e2062652064658c6e656420696e20746865>-3.129 F/F4 9/Times-Roman@0 SF
--.315<4e41>3.129 G<4d45>.315 E F1<656e>3.129 E .629
-<7669726f6e6d656e742076>-.4 F 3.129<61726961626c652e20546865>-.25 F
-<7468697264>3.129 E .948<63686f696365206973207468652076>102 252.4 R .948
-<616c7565206f6620746865209946756c6c2d4e616d653a9a206c696e6520696e207468
-65206865616465722069662069742065>-.25 F .949
-<78697374732c20616e642074686520666f757274682063686f69636520697320746865>
--.15 F .526
-<636f6d6d656e74208c656c64206f662061209946726f6d3a9a206c696e652e>102
-264.4 R .526<496620616c6c206f662074686573652066>5.526 F .526<61696c2c20
-616e6420696620746865206d657373616765206973206265696e67206f726967696e6174
-6564206c6f63616c6c79>-.1 F<2c>-.65 E
-<7468652066756c6c206e616d65206973206c6f6f6b>102 276.4 Q
-<656420757020696e20746865>-.1 E F2<2f6574632f706173737764>2.5 E F1
-<8c6c652e>2.5 E 1.32<5768656e2073656e64696e672c20746865>127 292.6 R F0
-<2468>3.82 E F1<2c>A F0<2475>3.82 E F1 3.82<2c61>C<6e64>-3.82 E F0<247a>
-3.82 E F1 1.321
-<6d6163726f73206765742073657420746f2074686520686f73742c2075736572>3.82 F
-3.821<2c61>-.4 G 1.321<6e6420686f6d65206469726563746f727920286966>-3.821
-F .517<6c6f63616c29206f662074686520726563697069656e742e>102 304.6 R .517
-<546865208c727374207477>5.517 F 3.016<6f61>-.1 G .516
-<7265207365742066726f6d20746865>-3.016 F F0<2440>3.016 E F1<616e64>3.016
-E F0<243a>3.016 E F1 .516<70617274206f6620746865207265>3.016 F .516
-<77726974696e672072756c65732c207265737065632d>-.25 F<7469>102 316.6 Q
--.15<7665>-.25 G<6c79>.15 E<2e>-.65 E<546865>127 332.8 Q F0<2470>3.806 E
-F1<616e64>3.806 E F0<2474>3.806 E F1 1.306<6d6163726f732061726520757365
-6420746f2063726561746520756e6971756520737472696e67732028652e672e2c20666f
-722074686520994d6573736167652d49643a9a208c656c64292e>3.806 F<546865>102
-344.8 Q F0<2469>3.252 E F1 .751<6d6163726f2069732073657420746f2074686520
-7175657565206964206f6e207468697320686f73743b2069662070757420696e746f2074
-68652074696d657374616d70206c696e652069742063616e2062652065>3.252 F
-<787472656d656c79>-.15 E .164
-<75736566756c20666f7220747261636b696e67206d657373616765732e>102 356.8 R
-<546865>5.164 E F0<2476>2.664 E F1 .164
-<6d6163726f2069732073657420746f206265207468652076>2.664 F .165
-<657273696f6e206e756d626572206f66>-.15 F F2<73656e646d61696c>2.665 E F1
-2.665<3b74>C .165<686973206973206e6f72>-2.665 F<2d>-.2 E<6d616c6c792070
-757420696e2074696d657374616d707320616e6420686173206265656e2070726f>102
-368.8 Q -.15<7665>-.15 G 2.5<6e65>.15 G
-<787472656d656c792075736566756c20666f7220646562>-2.65 E<756767696e672e>
--.2 E<546865>127 385 Q F0<2463>3.548 E F1 1.048
-<8c656c642069732073657420746f207468652099686f7020636f756e742c>3.548 F
-3.548<9a69>-.7 G 1.048<2e652e2c20746865206e756d626572206f662074696d6573
-2074686973206d65737361676520686173206265656e2070726f2d>-3.548 F 2.856
-<6365737365642e2054686973>102 397 R .356
-<63616e2062652064657465726d696e656420627920746865>2.856 F F0<ad68>2.856
-E F1 .357<8d6167206f6e2074686520636f6d6d616e64206c696e65206f722062792063
-6f756e74696e67207468652074696d657374616d7073>2.856 F
-<696e20746865206d6573736167652e>102 409 Q<546865>127 425.2 Q F0<2472>
-2.833 E F1<616e64>2.833 E F0<2473>2.833 E F1 .333<8c656c6473206172652073
-657420746f207468652070726f746f636f6c207573656420746f20636f6d6d756e696361
-74652077697468>2.833 F F2<73656e646d61696c>2.833 E F1 .333
-<616e64207468652073656e642d>2.833 F .194<696e6720686f73746e616d652e>102
-437.2 R<546865>5.194 E 2.694<7963>-.15 G .194
-<616e2062652073657420746f676574686572207573696e6720746865>-2.694 F F0
-<ad70>2.694 E F1 .194<636f6d6d616e64206c696e65208d6167206f72207365706172
-6174656c79207573696e6720746865>2.694 F F0<ad4d>2.695 E F1<6f72>102 449.2
-Q F0<ad6f4d>2.5 E F1<8d6167732e>2.5 E<546865>127 465.4 Q F0<245f>2.967 E
-F1 .467<69732073657420746f20612076>2.967 F .467
-<616c6964617465642073656e64657220686f7374206e616d652e>-.25 F .466<496620
-7468652073656e6465722069732072756e6e696e6720616e20524643203134313320636f
-6d706c692d>5.467 F .384<616e74204944454e542073657276>102 477.4 R .384
-<657220616e6420746865207265636569>-.15 F -.15<7665>-.25 G 2.884<7268>.15
-G .384<617320746865204944454e542070726f746f636f6c207475726e6564206f6e2c
-2069742077696c6c20696e636c756465207468652075736572206e616d65>-2.884 F
-<6f6e207468617420686f73742e>102 489.4 Q<546865>127 505.6 Q F0
-<247b636c69656e745f6e616d657d>5.98 E F1<2c>A F0
-<247b636c69656e745f616464727d>5.98 E F1 5.98<2c61>C<6e64>-5.98 E F0
-<247b636c69656e745f706f72747d>5.98 E F1 3.48
-<6d6163726f73206172652073657420746f20746865206e616d652c>5.98 F .786<6164
-64726573732c20616e6420706f7274206e756d626572206f662074686520534d54502063
-6c69656e742077686f20697320696e>102 517.6 R -.2<766f>-.4 G<6b696e67>.2 E
-F2<73656e646d61696c>3.286 E F1 .786<617320612073657276>3.286 F<6572>-.15
-E 5.786<2e54>-.55 G .786<686573652063616e206265>-5.786 F
-<7573656420696e20746865>102 529.6 Q F2 -.15<6368>2.5 G<6563>.15 E
-<6b5f2a>-.2 E F1<72756c657365747320287573696e6720746865>2.5 E F0<2426>
-2.5 E F1<64656665727265642065>2.5 E -.25<7661>-.25 G
-<6c756174696f6e20666f726d2c206f6620636f7572736521292e>.25 E F0 2.5
-<352e332e2043>87 553.6 R<616e642046208a2044658c6e6520436c6173736573>2.5
-E F1 .66<436c6173736573206f662070687261736573206d61792062652064658c6e65
-6420746f206d61746368206f6e20746865206c6566742068616e642073696465206f6620
-7265>127 569.8 R .659<77726974696e672072756c65732c2077686572652061>-.25
-F .464<997068726173659a20697320612073657175656e6365206f6620636861726163
-74657273207468617420646f6573206e6f7420636f6e7461696e20737061636520636861
-726163746572732e>102 581.8 R -.15<466f>5.465 G 2.965<7265>.15 G .465
-<78616d706c65206120636c617373206f66>-3.115 F .654<616c6c206c6f63616c206e
-616d657320666f7220746869732073697465206d69676874206265206372656174656420
-736f207468617420617474656d70747320746f2073656e6420746f206f6e6573656c6620
-63616e20626520656c696d696e617465642e>102 593.8 R .041<54686573652063616e
-206569746865722062652064658c6e6564206469726563746c7920696e2074686520636f
-6e8c6775726174696f6e208c6c65206f72207265616420696e2066726f6d20616e6f7468
-6572208c6c652e>102 605.8 R .041<436c617373657320617265>5.041 F .649
-<6e616d656420617320612073696e676c65206c6574746572206f7220612077>102
-617.8 R .649<6f726420696e207b6272616365737d2e>-.1 F .649
-<436c617373206e616d6573206265>5.649 F .649
-<67696e6e696e672077697468206c6f>-.15 F .648
-<7765722063617365206c65747465727320616e64>-.25 F .638
-<7370656369616c20636861726163746572732061726520726573657276>102 629.8 R
-.638<656420666f722073797374656d207573652e>-.15 F .639<436c61737365732064
-658c6e656420696e20636f6e8c67208c6c6573206d6179206265206769>5.639 F -.15
-<7665>-.25 G 3.139<6e6e>.15 G<616d6573>-3.139 E 1.05<66726f6d2074686520
-736574206f662075707065722063617365206c65747465727320666f722073686f727420
-6e616d6573206f72206265>102 641.8 R 1.05<67696e6e696e67207769746820616e20
-75707065722063617365206c657474657220666f72206c6f6e67>-.15 F
-<6e616d65732e>102 653.8 Q .32 LW 76 665.2 72 665.2 DL 80 665.2 76 665.2
-DL 84 665.2 80 665.2 DL 88 665.2 84 665.2 DL 92 665.2 88 665.2 DL 96
-665.2 92 665.2 DL 100 665.2 96 665.2 DL 104 665.2 100 665.2 DL 108 665.2
-104 665.2 DL 112 665.2 108 665.2 DL 116 665.2 112 665.2 DL 120 665.2 116
-665.2 DL 124 665.2 120 665.2 DL 128 665.2 124 665.2 DL 132 665.2 128
-665.2 DL 136 665.2 132 665.2 DL 140 665.2 136 665.2 DL 144 665.2 140
-665.2 DL 148 665.2 144 665.2 DL 152 665.2 148 665.2 DL 156 665.2 152
-665.2 DL 160 665.2 156 665.2 DL 164 665.2 160 665.2 DL 168 665.2 164
-665.2 DL 172 665.2 168 665.2 DL 176 665.2 172 665.2 DL 180 665.2 176
-665.2 DL 184 665.2 180 665.2 DL 188 665.2 184 665.2 DL 192 665.2 188
-665.2 DL 196 665.2 192 665.2 DL 200 665.2 196 665.2 DL 204 665.2 200
-665.2 DL 208 665.2 204 665.2 DL 212 665.2 208 665.2 DL 216 665.2 212
-665.2 DL/F5 5/Times-Roman@0 SF<3137>93.6 675.6 Q/F6 8/Times-Roman@0 SF
--.12<466f>3.2 K 2<7265>.12 G
-<78616d706c652c206f6e20736f6d652073797374656d73>-2.12 E/F7 8
-/Times-Italic@0 SF -.08<6765>2 G<74686f73746e616d65>.08 E F6
-<6d696768742072657475726e2099666f6f9a2077686963682077>2 E
-<6f756c64206265206d617070656420746f2099666f6f2e626172>-.08 E
-<2e636f6d9a206279>-.44 E F7 -.08<6765>2 G<74686f737462796e616d65>.08 E
-F6<2e>A F5<3138>93.6 689.2 Q F6<4f6c6465722076>3.2 I
-<657273696f6e73206f662073656e646d61696c206469646e27>-.12 E 2<7470>-.144
-G<72652d64658c6e65>-2 E/F8 8/Times-Bold@0 SF<246a>2 E F6
-<617420616c6c2c20736f20757020756e74696c20382e362c20636f6e8c67208c6c6573>
-2 E F7<616c77617973>2 E F6<68616420746f2064658c6e65>2 E F8<246a>2 E F6
-<2e>A 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-53)195.86 E/F1 10/Times-Roman@0 SF(${queue_interv)102 96 Q(al})
+-.25 E .362(The queue run interv)127 108 R .362(al gi)-.25 F -.15(ve)
+-.25 G 2.862(nb).15 G 2.862(yt)-2.862 G(he)-2.862 E F0<ad71>2.861 E F1
+2.861(\215ag. F)2.861 F .361(or e)-.15 F(xample,)-.15 E F0(\255q30m)
+2.861 E F1 -.1(wo)2.861 G .361(uld set).1 F F0(${queue_inter)2.861 E(-)
+-.37 E -.1(va)127 120 S(l}).1 E F1(to \23100:30:00\232.)2.5 E
+(${rcpt_addr})102 136.2 Q 1.271(The address part of the resolv)127 148.2
+R 1.272(ed triple of the address gi)-.15 F -.15(ve)-.25 G 3.772(nf).15 G
+1.272(or the)-3.772 F/F2 9/Times-Roman@0 SF 1.272(SMTP RCPT)3.772 F F1
+(command.)3.772 E(De\214ned in the SMTP serv)127 160.2 Q
+(er only after a RCPT command.)-.15 E(${rcpt_host})102 176.4 Q .179
+(The host from the resolv)127 188.4 R .178(ed triple of the address gi)
+-.15 F -.15(ve)-.25 G 2.678(nf).15 G .178(or the)-2.678 F F2 .178
+(SMTP RCPT)2.678 F F1 2.678(command. De\214ned)2.678 F(in the SMTP serv)
+127 200.4 Q(er only after a RCPT command.)-.15 E(${rcpt_mailer})102
+216.6 Q 2.175(The mailer from the resolv)127 228.6 R 2.175
+(ed triple of the address gi)-.15 F -.15(ve)-.25 G 4.675(nf).15 G 2.175
+(or the)-4.675 F F2 2.176(SMTP RCPT)4.676 F F1(command.)4.676 E
+(De\214ned in the SMTP serv)127 240.6 Q(er only after a RCPT command.)
+-.15 E(${serv)102 256.8 Q(er_addr})-.15 E .515(The address of the serv)
+127 268.8 R .514(er of the current outgoing SMTP connection.)-.15 F -.15
+(Fo)5.514 G 3.014(rL).15 G .514(MTP deli)-3.014 F -.15(ve)-.25 G .514
+(ry the).15 F(macro is set to the name of the mailer)127 280.8 Q(.)-.55
+E(${serv)102 297 Q(er_name})-.15 E(The name of the serv)127 309 Q
+(er of the current outgoing SMTP or LMTP connection.)-.15 E(${time})102
+325.2 Q .006(The output of the)127 337.2 R/F3 10/Times-Italic@0 SF(time)
+2.506 E F1 .007(\(3\) function, i.e., the number of seconds since 0 hou\
+rs, 0 minutes, 0 sec-)B(onds, January 1, 1970, Coordinated Uni)127 349.2
+Q -.15(ve)-.25 G(rsal T).15 E(ime \(UTC\).)-.35 E(${tls_v)102 365.4 Q
+(ersion})-.15 E .85(The TLS/SSL v)127 377.4 R .849(ersion used for the \
+connection, e.g., TLSv1.2, TLSv1; de\214ned after ST)-.15 F(AR)-.93 E
+-.92(T-)-.6 G(TLS has been used.)127 389.4 Q(${total_rate})102 405.6 Q
+1.373(The total number of incoming connections o)127 417.6 R -.15(ve)
+-.15 G 3.873(rt).15 G 1.373(he time interv)-3.873 F 1.374
+(al speci\214ed by Connection-)-.25 F(RateW)127 429.6 Q(indo)-.4 E
+(wSize.)-.25 E(${v)102 445.8 Q(erify})-.15 E 1.141(The result of the v)
+127 457.8 R 1.141
+(eri\214cation of the presented cert; only de\214ned after ST)-.15 F(AR)
+-.93 E 1.14(TTLS has been)-.6 F(used \(or attempted\).)127 469.8 Q
+(Possible v)5 E(alues are:)-.25 E 48.06(OK v)167 486 R
+(eri\214cation succeeded.)-.15 E 48.06(NO no)167 498 R(cert presented.)
+2.5 E(NO)167 510 Q 44.85(Tn)-.4 G 2.5(oc)-44.85 G(ert requested.)-2.5 E
+-.74(FA)167 522 S 41.02(IL cert).74 F(presented b)2.5 E
+(ut could not be v)-.2 E(eri\214ed,)-.15 E
+(e.g., the signing CA is missing.)232 534 Q 34.73(NONE ST)167 546 R(AR)
+-.93 E(TTLS has not been performed.)-.6 E 29.72(CLEAR ST)167 558 R(AR)
+-.93 E(TTLS has been disabled internally for a clear te)-.6 E(xt deli)
+-.15 E -.15(ve)-.25 G(ry attempt.).15 E 35.83(TEMP temporary)167 570 R
+(error occurred.)2.5 E(PR)167 582 Q -1.88 -.4(OT O)-.4 H 10.7(COL some)
+.4 F(protocol error occurred)2.5 E(at the ESMTP le)232 594 Q -.15(ve)
+-.25 G 2.5(l\().15 G(not TLS\).)-2.5 E(SOFTW)167 606 Q 9.81(ARE ST)-1.2
+F(AR)-.93 E(TTLS handshak)-.6 E 2.5(ef)-.1 G(ailed,)-2.6 E(which is a f)
+232 618 Q(atal error for this session,)-.1 E(the e-mail will be queued.)
+232 630 Q .749(There are three types of dates that can be used.)127
+650.4 R(The)5.749 E F0($a)3.249 E F1(and)3.249 E F0($b)3.249 E F1 .749
+(macros are in RFC 822 for)3.249 F(-)-.2 E(mat;)102 662.4 Q F0($a)3.214
+E F1 .714(is the time as e)3.214 F .713
+(xtracted from the \231Date:\232 line of the message \(if there w)-.15 F
+.713(as one\), and)-.1 F F0($b)3.213 E F1(is)3.213 E .056
+(the current date and time \(used for postmarks\).)102 674.4 R .057
+(If no \231Date:\232 line is found in the incoming message,)5.056 F F0
+($a)102 686.4 Q F1 .305(is set to the current time also.)2.805 F(The)
+5.305 E F0($d)2.805 E F1 .304(macro is equi)2.805 F -.25(va)-.25 G .304
+(lent to the).25 F F0($b)2.804 E F1 .304(macro in UNIX \(ctime\) for)
+2.804 F(-)-.2 E(mat.)102 698.4 Q 0 Cg EP
%%Page: 54 50
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d35342053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<5468652073796e7461782069733a>127 96 Q F0<43>142
-112.2 Q/F2 10/Times-Italic@0 SF 1.666<6370>C<6872>-1.666 E
-<6173653120706872>-.15 E<617365322e2e2e>-.15 E F0<46>142 124.2 Q F2
-1.666<638c>C<6c65>-1.666 E F0<46>142 136.2 Q F2 1.666<637c>C<7072>-1.666
-E -.1<6f67>-.45 G -.15<7261>.1 G<6d>.15 E F0<46>142 148.2 Q F2 1.666
-<635b>C<6d61706b>-1.666 E -.3<6579>-.1 G
-<5d406d6170636c6173733a6d617073706563>.3 E F1 .035
-<546865208c72737420666f726d2064658c6e65732074686520636c617373>102 164.4
-R F2<63>2.535 E F1 .035<746f206d6174636820616e>2.535 F 2.535<796f>-.15 G
-2.535<6674>-2.535 G .035<6865206e616d65642077>-2.535 F 2.535
-<6f7264732e204966>-.1 F F2<706872>2.536 E<61736531>-.15 E F1<6f72>2.536
-E F2<706872>2.536 E<61736532>-.15 E F1 .036<697320616e6f74686572>2.536 F
-.747<636c6173732c20652e672e2c>102 176.4 R F2<243d53>3.247 E F1 3.247
-<2c74>C .747<686520636f6e74656e7473206f6620636c617373>-3.247 F F2<53>
-3.246 E F1 .746<61726520616464656420746f20636c617373>3.246 F F2<63>3.246
-E F1 5.746<2e49>C 3.246<7469>-5.746 G 3.246<7370>-3.246 G .746
-<65726d69737369626c6520746f2073706c6974207468656d20616d6f6e67>-3.246 F
-<6d756c7469706c65206c696e65733b20666f722065>102 188.4 Q
-<78616d706c652c20746865207477>-.15 E 2.5<6f66>-.1 G<6f726d733a>-2.5 E
-<43486d6f6e6574207563626d6f6e6574>142 204.6 Q<616e64>102 220.8 Q
-<43486d6f6e6574>142 237 Q<43487563626d6f6e6574>142 249 Q 1.015
-<6172652065717569>102 265.2 R -.25<7661>-.25 G 3.515<6c656e742e20546865>
-.25 F -.74<6060>3.516 G<4627>.74 E 3.516<2766>-.74 G 1.016
-<6f726d7320726561642074686520656c656d656e7473206f662074686520636c617373>
--3.516 F F2<63>3.516 E F1 1.016<66726f6d20746865206e616d6564>3.516 F F2
-<8c6c65>3.516 E F1<2c>A F2<7072>3.516 E -.1<6f67>-.45 G -.15<7261>.1 G
-<6d>.15 E F1 3.516<2c6f>C<72>-3.516 E F2 .162
-<6d61702073706563698c636174696f6e>102 277.2 R F1 5.162<2e45>C .161<6163
-6820656c656d656e742073686f756c64206265206c6973746564206f6e20612073657061
-72617465206c696e652e>-5.162 F 1.761 -.8<546f2073>5.161 H .161
-<70656369667920616e206f7074696f6e616c208c6c652c20757365>.8 F -.74<6060>
-102 289.2 S<ad6f27>.74 E 2.5<2762>-.74 G<65747765656e2074686520636c6173
-73206e616d6520616e6420746865208c6c65206e616d652c20652e672e2c>-2.5 E
-<466320ad6f202f706174682f746f2f8c6c65>142 305.4 Q .396
-<496620746865208c6c652063616e27>102 321.6 R 2.896<7462>-.18 G 2.896
-<6575>-2.896 G<7365642c>-2.896 E F2<73656e646d61696c>2.896 E F1 .396
-<77696c6c206e6f7420636f6d706c61696e2062>2.896 F .396
-<75742073696c656e746c792069676e6f72652069742e>-.2 F .396
-<546865206d617020666f726d2073686f756c64206265>5.396 F .364
-<616e206f7074696f6e616c206d6170206b>102 333.6 R -.15<6579>-.1 G 2.864
-<2c61>-.5 G 2.864<6e61>-2.864 G 2.864<7473>-2.864 G .363
-<69676e2c20616e642061206d617020636c61737320666f6c6c6f>-2.864 F .363<7765
-64206279207468652073706563698c636174696f6e20666f722074686174206d61702e>
--.25 F<4578616d2d>5.363 E<706c657320696e636c7564653a>102 345.6 Q<467b56>
-142 361.8 Q<697274486f7374737d406c6461703aad6b202826286f626a656374436c61
-73733d76697274486f7374732928686f73743d2a292920ad7620686f7374>-.6 E<467b
-4d79436c6173737d666f6f40686173683a2f6574632f6d61696c2f636c6173736573>142
-373.8 Q 2.625<77696c6c208c6c6c2074686520636c617373>102 390 R F0
-<243d7b56>5.125 E<697274486f7374737d>-.37 E F1 2.625
-<66726f6d20616e204c44>5.125 F 2.625<4150206d6170206c6f6f6b757020616e64>
--.4 F F0<243d7b4d79436c6173737d>5.125 E F1 2.625<66726f6d20612068617368>
-5.125 F .234<6461746162617365206d6170206c6f6f6b7570206f6620746865>102
-402 R F0 -.25<666f>2.734 G<6f>.25 E F1 5.234<2e54>C .233
-<6865726520697320616c736f20612062>-5.234 F .233<75696c742d696e2073636865
-6d6120746861742063616e206265206163636573736564206279206f6e6c792073706563
-692d>-.2 F<6679696e673a>102 414 Q<467b>142 430.2 Q F2
-<436c6173734e616d65>A F1<7d404c44>A<4150>-.4 E<546869732077696c6c207465
-6c6c2073656e646d61696c20746f207573652074686520646566>102 446.4 Q
-<61756c7420736368656d613a>-.1 E
-<ad6b202826286f626a656374436c6173733d73656e646d61696c4d54>142 462.6 Q
--.4<4143>-.93 G<6c61737329>.4 E<2873656e646d61696c4d54>154.5 474.6 Q -.4
-<4143>-.93 G<6c6173734e616d653d>.4 E F2<436c6173734e616d65>A F1<29>A
-<287c2873656e646d61696c4d54>154.5 486.6 Q -.4<4143>-.93 G
-<6c75737465723d247b73656e646d61696c4d54>.4 E -.4<4143>-.93 G
-<6c75737465727d29>.4 E<2873656e646d61696c4d54>159.5 498.6 Q
-<41486f73743d246a292929>-.93 E<ad762073656e646d61696c4d54>142 510.6 Q
--.4<4143>-.93 G<6c61737356>.4 E<616c7565>-1.11 E<4e6f746520746861742074
-6865206c6f6f6b7570206973206f6e6c7920646f6e65207768656e2073656e646d61696c
-20697320696e697469616c6c7920737461727465642e>102 526.8 Q 1.339<456c656d
-656e7473206f6620636c61737365732063616e20626520616363657373656420696e2072
-756c6573207573696e67>127 543 R F0<243d>3.839 E F1<6f72>3.839 E F0<247e>
-3.839 E F1 6.339<2e54>C<6865>-6.339 E F0<247e>3.839 E F1 1.339
-<286d6174636820656e7472696573206e6f7420696e>3.839 F
-<636c61737329206f6e6c79206d61746368657320612073696e676c652077>102 555 Q
-<6f72643b206d756c74692d77>-.1 E<6f726420656e747269657320696e207468652063
-6c617373206172652069676e6f72656420696e207468697320636f6e7465>-.1 E
-<78742e>-.15 E<536f6d6520636c6173736573206861>127 571.2 Q .3 -.15
-<76652069>-.2 H<6e7465726e616c206d65616e696e6720746f>.15 E F2
-<73656e646d61696c>2.5 E F1<3a>A 18.42<243d6520636f6e7461696e73>102 587.4
-R .562<74686520436f6e74656e742d54>3.062 F<72616e73666572>-.35 E .562
-<2d456e636f64696e677320746861742063616e2062652038>-.2 F/F3 10/Symbol SF
-<ae>A F1 3.062<3762>C .562<697420656e636f6465642e>-3.062 F .561
-<49742069732070726564658c6e656420746f>5.561 F<636f6e7461696e209937626974
-9a2c2099386269749a2c20616e64209962696e6172799a2e>138 599.4 Q 17.86
-<243d6b20736574>102 615.6 R<746f206265207468652073616d65206173>2.5 E F0
-<246b>2.5 E F1 2.5<2c74>C
-<6861742069732c207468652055554350206e6f6465206e616d652e>-2.5 E 15.08
-<243d6d20736574>102 631.8 R<746f2074686520736574206f6620646f6d61696e7320
-6279207768696368207468697320686f7374206973206b6e6f>2.5 E
-<776e2c20696e697469616c6c79206a757374>-.25 E F0<246d>2.5 E F1<2e>A 17.86
-<243d6e2063616e>102 648 R .58<62652073657420746f2074686520736574206f6620
-4d494d4520626f647920747970657320746861742063616e206e65>3.08 F -.15<7665>
--.25 G 3.081<7262>.15 G 3.081<6565>-3.081 G .581<6967687420746f207365>
--3.081 F -.15<7665>-.25 G 3.081<6e62>.15 G .581<697420656e636f6465642e>
--3.081 F<4974>5.581 E<646566>138 660 Q 1.81
-<61756c747320746f20996d756c7469706172742f7369676e65649a2e>-.1 F 1.81<4d
-65737361676520747970657320996d6573736167652f2a9a20616e6420996d756c746970
-6172742f2a9a20617265206e65>6.81 F -.15<7665>-.25 G<72>.15 E 1.853
-<656e636f646564206469726563746c79>138 672 R 6.853<2e4d>-.65 G 1.853
-<756c746970617274206d657373616765732061726520616c>-6.853 F -.1<7761>-.1
-G 1.853<79732068616e646c65642072656375727369>.1 F -.15<7665>-.25 G<6c79>
-.15 E 6.853<2e54>-.65 G 1.853<68652068616e646c696e67206f66>-6.853 F<6d65
-73736167652f2a206d657373616765732061726520636f6e74726f6c6c65642062792063
-6c617373>138 684 Q F0<243d73>2.5 E F1<2e>A 17.86<243d712041>102 700.2 R
-.712<736574206f6620436f6e74656e742d54>3.212 F .712
-<7970657320746861742077696c6c206e65>-.8 F -.15<7665>-.25 G 3.212<7262>
-.15 G 3.212<6565>-3.212 G .712
-<6e636f646564206173206261736536342028696620746865>-3.212 F 3.212<7968>
--.15 G -2.25 -.2<61762065>-3.212 H .711<746f20626520656e636f6465642c>
-3.412 F<746865>138 712.2 Q 3.357<7977>-.15 G .858<696c6c20626520656e636f
-6465642061732071756f7465642d7072696e7461626c65292e>-3.357 F .858
-<49742063616e206861>5.858 F 1.158 -.15<76652070>-.2 H .858
-<72696d6172792074797065732028652e672e2c20997465>.15 F .858
-<78749a29206f722066756c6c>-.15 F<747970657320287375636820617320997465>
-138 724.2 Q<78742f706c61696e9a292e>-.15 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-54 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .238
+(The macros)127 96 R F0($w)2.738 E F1(,)A F0($j)2.738 E F1 2.738(,a)C
+(nd)-2.738 E F0($m)2.738 E F1 .238
+(are set to the identity of this host.)2.738 F/F2 10/Times-Italic@0 SF
+(Sendmail)5.239 E F1 .239(tries to \214nd the fully)2.739 F .335(quali\
+\214ed name of the host if at all possible; it does this by calling)102
+108 R F2 -.1(ge)2.834 G(thostname).1 E F1 .334(\(2\) to get the current)
+B .457(hostname and then passing that to)102 120 R F2 -.1(ge)2.957 G
+(thostbyname).1 E F1 .457
+(\(3\) which is supposed to return the canonical v)B(er)-.15 E(-)-.2 E
+.279(sion of that host name.)102 134 R/F3 7/Times-Roman@0 SF(17)-4 I F1
+.279(Assuming this is successful,)2.779 4 N F0($j)2.778 E F1 .278
+(is set to the fully quali\214ed name and)2.778 F F0($m)2.778 E F1(is)
+2.778 E .706(set to the domain part of the name \(e)102 146 R -.15(ve)
+-.25 G .706(rything after the \214rst dot\).).15 F(The)5.706 E F0($w)
+3.206 E F1 .706(macro is set to the \214rst)3.206 F -.1(wo)102 158 S
+.359(rd \(e).1 F -.15(ve)-.25 G .358
+(rything before the \214rst dot\) if you ha).15 F .658 -.15(ve a l)-.2 H
+-2.15 -.25(ev e).15 H 2.858(l5o).25 G 2.858(rh)-2.858 G .358
+(igher con\214guration \214le; otherwise, it)-2.858 F .404
+(is set to the same v)102 170 R .405(alue as)-.25 F F0($j)2.905 E F1
+5.405(.I)C 2.905(ft)-5.405 G .405
+(he canoni\214cation is not successful, it is imperati)-2.905 F .705
+-.15(ve t)-.25 H .405(hat the con\214g).15 F(\214le set)102 184 Q F0($j)
+2.5 E F1(to the fully quali\214ed domain name)2.5 E F3(18)-4 I F1(.)4 I
+(The)127 200.2 Q F0($f)2.833 E F1 .333(macro is the id of the sender as\
+ originally determined; when mailing to a speci\214c host)2.833 F(the)
+102 212.2 Q F0($g)3.224 E F1 .724
+(macro is set to the address of the sender)3.224 F F2 -.37(re)3.225 G
+.725(lative to the r).37 F(ecipient.)-.37 E F1 -.15(Fo)5.725 G 3.225(re)
+.15 G .725(xample, if I send to)-3.375 F(\231bollard@matisse.CS.Berk)102
+224.2 Q(ele)-.1 E -.65(y.)-.15 G .425(EDU\232 from the machine \231v).65
+F(angogh.CS.Berk)-.25 E(ele)-.1 E -.65(y.)-.15 G .424(EDU\232 the).65 F
+F0($f)2.924 E F1(macro)2.924 E(will be \231eric\232 and the)102 236.2 Q
+F0($g)2.5 E F1(macro will be \231eric@v)2.5 E(angogh.CS.Berk)-.25 E(ele)
+-.1 E -.65(y.)-.15 G(EDU.).65 E<9a>-.7 E(The)127 252.4 Q F0($x)2.562 E
+F1 .062(macro is set to the full name of the sender)2.562 F 5.062(.T)
+-.55 G .062(his can be determined in se)-5.062 F -.15(ve)-.25 G .063
+(ral w).15 F 2.563(ays. It)-.1 F .63(can be passed as \215ag to)102
+264.4 R F2(sendmail)3.13 E F1 5.629(.I)C 3.129(tc)-5.629 G .629
+(an be de\214ned in the)-3.129 F/F4 9/Times-Roman@0 SF -.315(NA)3.129 G
+(ME).315 E F1(en)3.129 E .629(vironment v)-.4 F 3.129(ariable. The)-.25
+F(third)3.129 E .948(choice is the v)102 276.4 R .948
+(alue of the \231Full-Name:\232 line in the header if it e)-.25 F .949
+(xists, and the fourth choice is the)-.15 F .526
+(comment \214eld of a \231From:\232 line.)102 288.4 R .526
+(If all of these f)5.526 F .526
+(ail, and if the message is being originated locally)-.1 F(,)-.65 E
+(the full name is look)102 300.4 Q(ed up in the)-.1 E F2(/etc/passwd)2.5
+E F1(\214le.)2.5 E 1.32(When sending, the)127 316.6 R F0($h)3.82 E F1(,)
+A F0($u)3.82 E F1 3.82(,a)C(nd)-3.82 E F0($z)3.82 E F1 1.321
+(macros get set to the host, user)3.82 F 3.821(,a)-.4 G 1.321
+(nd home directory \(if)-3.821 F .517(local\) of the recipient.)102
+328.6 R .517(The \214rst tw)5.517 F 3.016(oa)-.1 G .516(re set from the)
+-3.016 F F0($@)3.016 E F1(and)3.016 E F0($:)3.016 E F1 .516
+(part of the re)3.016 F .516(writing rules, respec-)-.25 F(ti)102 340.6
+Q -.15(ve)-.25 G(ly).15 E(.)-.65 E(The)127 356.8 Q F0($p)3.806 E F1(and)
+3.806 E F0($t)3.806 E F1 1.306(macros are used to create unique strings\
+ \(e.g., for the \231Message-Id:\232 \214eld\).)3.806 F(The)102 368.8 Q
+F0($i)3.252 E F1 .751(macro is set to the queue id on this host; if put\
+ into the timestamp line it can be e)3.252 F(xtremely)-.15 E .164
+(useful for tracking messages.)102 380.8 R(The)5.164 E F0($v)2.664 E F1
+.164(macro is set to be the v)2.664 F .165(ersion number of)-.15 F F2
+(sendmail)2.665 E F1 2.665(;t)C .165(his is nor)-2.665 F(-)-.2 E
+(mally put in timestamps and has been pro)102 392.8 Q -.15(ve)-.15 G 2.5
+(ne).15 G(xtremely useful for deb)-2.65 E(ugging.)-.2 E(The)127 409 Q F0
+($c)3.548 E F1 1.048(\214eld is set to the \231hop count,)3.548 F 3.548
+<9a69>-.7 G 1.048(.e., the number of times this message has been pro-)
+-3.548 F 2.856(cessed. This)102 421 R .356(can be determined by the)
+2.856 F F0<ad68>2.856 E F1 .357
+(\215ag on the command line or by counting the timestamps)2.856 F
+(in the message.)102 433 Q(The)127 449.2 Q F0($r)2.833 E F1(and)2.833 E
+F0($s)2.833 E F1 .333
+(\214elds are set to the protocol used to communicate with)2.833 F F2
+(sendmail)2.833 E F1 .333(and the send-)2.833 F .194(ing hostname.)102
+461.2 R(The)5.194 E 2.694(yc)-.15 G .194(an be set together using the)
+-2.694 F F0<ad70>2.694 E F1 .194
+(command line \215ag or separately using the)2.694 F F0<ad4d>2.695 E F1
+(or)102 473.2 Q F0(\255oM)2.5 E F1(\215ags.)2.5 E(The)127 489.4 Q F0($_)
+2.967 E F1 .467(is set to a v)2.967 F .467(alidated sender host name.)
+-.25 F .466(If the sender is running an RFC 1413 compli-)5.467 F .384
+(ant IDENT serv)102 501.4 R .384(er and the recei)-.15 F -.15(ve)-.25 G
+2.884(rh).15 G .384
+(as the IDENT protocol turned on, it will include the user name)-2.884 F
+(on that host.)102 513.4 Q(The)127 529.6 Q F0(${client_name})5.98 E F1
+(,)A F0(${client_addr})5.98 E F1 5.98(,a)C(nd)-5.98 E F0(${client_port})
+5.98 E F1 3.48(macros are set to the name,)5.98 F .786
+(address, and port number of the SMTP client who is in)102 541.6 R -.2
+(vo)-.4 G(king).2 E F2(sendmail)3.286 E F1 .786(as a serv)3.286 F(er)
+-.15 E 5.786(.T)-.55 G .786(hese can be)-5.786 F(used in the)102 553.6 Q
+F2 -.15(ch)2.5 G(ec).15 E(k_*)-.2 E F1(rulesets \(using the)2.5 E F0($&)
+2.5 E F1(deferred e)2.5 E -.25(va)-.25 G(luation form, of course!\).).25
+E F0 2.5(5.3. C)87 577.6 R(and F \212 De\214ne Classes)2.5 E F1 .66(Cla\
+sses of phrases may be de\214ned to match on the left hand side of re)
+127 593.8 R .659(writing rules, where a)-.25 F .464(\231phrase\232 is a\
+ sequence of characters that does not contain space characters.)102
+605.8 R -.15(Fo)5.465 G 2.965(re).15 G .465(xample a class of)-3.115 F
+.654(all local names for this site might be created so that attempts to\
+ send to oneself can be eliminated.)102 617.8 R .041(These can either b\
+e de\214ned directly in the con\214guration \214le or read in from anot\
+her \214le.)102 629.8 R .041(Classes are)5.041 F .649
+(named as a single letter or a w)102 641.8 R .649(ord in {braces}.)-.1 F
+.649(Class names be)5.649 F .649(ginning with lo)-.15 F .648
+(wer case letters and)-.25 F .638(special characters are reserv)102
+653.8 R .638(ed for system use.)-.15 F .639
+(Classes de\214ned in con\214g \214les may be gi)5.639 F -.15(ve)-.25 G
+3.139(nn).15 G(ames)-3.139 E 1.05
+(from the set of upper case letters for short names or be)102 665.8 R
+1.05(ginning with an upper case letter for long)-.15 F .32 LW 76 675.4
+72 675.4 DL 80 675.4 76 675.4 DL 84 675.4 80 675.4 DL 88 675.4 84 675.4
+DL 92 675.4 88 675.4 DL 96 675.4 92 675.4 DL 100 675.4 96 675.4 DL 104
+675.4 100 675.4 DL 108 675.4 104 675.4 DL 112 675.4 108 675.4 DL 116
+675.4 112 675.4 DL 120 675.4 116 675.4 DL 124 675.4 120 675.4 DL 128
+675.4 124 675.4 DL 132 675.4 128 675.4 DL 136 675.4 132 675.4 DL 140
+675.4 136 675.4 DL 144 675.4 140 675.4 DL 148 675.4 144 675.4 DL 152
+675.4 148 675.4 DL 156 675.4 152 675.4 DL 160 675.4 156 675.4 DL 164
+675.4 160 675.4 DL 168 675.4 164 675.4 DL 172 675.4 168 675.4 DL 176
+675.4 172 675.4 DL 180 675.4 176 675.4 DL 184 675.4 180 675.4 DL 188
+675.4 184 675.4 DL 192 675.4 188 675.4 DL 196 675.4 192 675.4 DL 200
+675.4 196 675.4 DL 204 675.4 200 675.4 DL 208 675.4 204 675.4 DL 212
+675.4 208 675.4 DL 216 675.4 212 675.4 DL/F5 5/Times-Roman@0 SF(17)93.6
+685.8 Q/F6 8/Times-Roman@0 SF -.12(Fo)3.2 K 2(re).12 G
+(xample, on some systems)-2.12 E/F7 8/Times-Italic@0 SF -.08(ge)2 G
+(thostname).08 E F6(might return \231foo\232 which w)2 E
+(ould be mapped to \231foo.bar)-.08 E(.com\232 by)-.44 E F7 -.08(ge)2 G
+(thostbyname).08 E F6(.)A F5(18)93.6 699.4 Q F6(Older v)3.2 I
+(ersions of sendmail didn')-.12 E 2(tp)-.144 G(re-de\214ne)-2 E/F8 8
+/Times-Bold@0 SF($j)2 E F6(at all, so up until 8.6, con\214g \214les)2 E
+F7(always)2 E F6(had to de\214ne)2 E F8($j)2 E F6(.)A 0 Cg EP
%%Page: 55 51
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3535>195.86 E
-/F1 10/Times-Roman@0 SF 18.97<243d7320636f6e7461696e73>102 96 R .648<74
-686520736574206f66207375627479706573206f66206d65737361676520746861742063
-616e20626520747265617465642072656375727369>3.148 F -.15<7665>-.25 G
-<6c79>.15 E 5.648<2e42>-.65 G 3.148<7964>-5.648 G<6566>-3.148 E .648
-<61756c7420697420636f6e2d>-.1 F .969
-<7461696e73206f6e6c7920997266633832329a2e>138 108 R .969
-<4f7468657220996d6573736167652f2a9a2074797065732063616e6e6f742062652038>
-5.969 F/F2 10/Symbol SF<ae>A F1 3.469<3762>C .969
-<697420656e636f6465642e>-3.469 F .97<49662061206d657373616765>5.97 F
-1.045<636f6e7461696e696e672065696768742062697420646174612069732073656e74
-20746f2061207365>138 120 R -.15<7665>-.25 G 3.545<6e62>.15 G 1.045<6974
-20686f73742c20616e642074686174206d6573736167652063616e6e6f7420626520656e
-636f646564>-3.545 F<696e746f207365>138 132 Q -.15<7665>-.25 G 2.5<6e62>
-.15 G
-<6974732c2069742077696c6c20626520737472697070656420746f203720626974732e>
--2.5 E 20.08<243d7420736574>102 148.2 R .372
-<746f2074686520736574206f66207472757374656420757365727320627920746865>
-2.872 F F0<54>2.872 E F1 .372<636f6e8c6775726174696f6e206c696e652e>2.872
-F .372<496620796f752077>5.372 F .373
-<616e7420746f20726561642074727573746564207573657273>-.1 F
-<66726f6d2061208c6c652c20757365>138 160.2 Q F0<4674>2.5 E/F3 10
-/Times-Italic@0 SF<2f8c6c652f6e616d65>A F1<2e>A 15.64<243d7720736574>102
-176.4 R .513<746f2062652074686520736574206f6620616c6c206e616d6573207468
-697320686f7374206973206b6e6f>3.013 F .513<776e206279>-.25 F 5.513<2e54>
--.65 G .513<6869732063616e206265207573656420746f206d61746368206c6f63616c
-20686f73742d>-5.513 F<6e616d65732e>138 188.4 Q
-<243d7b70657273697374656e744d6163726f737d>102 204.6 Q 1.712
-<73657420746f20746865206d6163726f7320746861742073686f756c64206265207361>
-138 216.6 R -.15<7665>-.2 G 4.212<6461>.15 G 1.712
-<63726f73732071756575652072756e732e>-4.212 F 1.712
-<436172652073686f756c642062652074616b>6.712 F 1.712<656e207768656e>-.1 F
-<616464696e67206d6163726f206e616d657320746f207468697320636c6173732e>138
-228.6 Q F3<53656e646d61696c>127 244.8 Q F1 .183
-<63616e20626520636f6d70696c656420746f20616c6c6f>2.683 F 2.683<7761>-.25
-G F3<7363616e66>-.001 E F1 .182<28332920737472696e67206f6e20746865>B F0
-<46>2.682 E F1 2.682<6c696e652e2054686973>2.682 F .182
-<6c65747320796f7520646f2073696d706c6973746963>2.682 F .554
-<70617273696e67206f66207465>102 256.8 R .554<7874208c6c65732e>-.15 F
--.15<466f>5.554 G 3.054<7265>.15 G .554<78616d706c652c20746f207265616420
-616c6c207468652075736572206e616d657320696e20796f75722073797374656d>
--3.204 F F3<2f6574632f706173737764>3.055 E F1 .555<8c6c6520696e746f2061>
-3.055 F<636c6173732c20757365>102 268.8 Q
-<464c2f6574632f70617373776420255b5e3a5d>142 285 Q
-<77686963682072656164732065>102 301.2 Q -.15<7665>-.25 G
-<7279206c696e6520757020746f20746865208c72737420636f6c6f6e2e>.15 E F0 2.5
-<352e342e204d>87 325.2 R 2.5<8a44>2.5 G<658c6e65204d61696c6572>-2.5 E F1
-<50726f6772616d7320616e6420696e74657266>127 341.4 Q<6163657320746f206d61
-696c657273206172652064658c6e656420696e2074686973206c696e652e>-.1 E
-<54686520666f726d61742069733a>5 E F0<4d>142 357.6 Q F3<6e616d65>A F1 2.5
-<2c7b>C F3<8c656c64>-2.5 E F1<3d>A F3<76616c7565>A F1<7d2a>1.666 E
-<7768657265>102 373.8 Q F3<6e616d65>4.244 E F1 1.744<697320746865206e61
-6d65206f6620746865206d61696c657220287573656420696e7465726e616c6c79206f6e
-6c792920616e642074686520998c656c643d6e616d659a2070616972732064658c6e65>
-4.244 F<617474726962>102 385.8 Q<75746573206f6620746865206d61696c6572>
--.2 E 5<2e46>-.55 G<69656c6473206172653a>-5 E -.15<5061>142 402 S 51.87
-<746820546865>.15 F<706174686e616d65206f6620746865206d61696c6572>2.5 E
-47.83<466c616773205370656369616c>142 414 R
-<8d61677320666f722074686973206d61696c6572>2.5 E 41.73
-<53656e646572205265>142 426 R
-<77726974696e672073657428732920666f722073656e64657220616464726573736573>
--.25 E 31.17<526563697069656e74205265>142 438 R<77726974696e672073657428
-732920666f7220726563697069656e7420616464726573736573>-.25 E 30.62
-<726563697069656e7473204d6178696d756d>142 450 R
-<6e756d626572206f6620726563697069656e74732070657220636f6e6e656374696f6e>
-2.5 E<4172>142 462 Q 49.13<677620416e>-.18 F<6172>2.5 E
-<67756d656e742076>-.18 E
-<6563746f7220746f207061737320746f2074686973206d61696c6572>-.15 E 55.61
-<456f6c20546865>142 474 R
-<656e642d6f662d6c696e6520737472696e6720666f722074686973206d61696c6572>
-2.5 E 35.62<4d617873697a6520546865>142 486 R<6d6178696d756d206d65737361
-6765206c656e67746820746f2074686973206d61696c6572>2.5 E 14.51
-<6d61786d6573736167657320546865>142 498 R
-<6d6178696d756d206d6573736167652064656c69>2.5 E -.15<7665>-.25 G
-<726965732070657220636f6e6e656374696f6e>.15 E 32.27
-<4c696e656c696d697420546865>142 510 R<6d6178696d756d206c696e65206c656e67
-746820696e20746865206d65737361676520626f6479>2.5 E 31.18
-<4469726563746f727920546865>142 522 R -.1<776f>2.5 G
-<726b696e67206469726563746f727920666f7220746865206d61696c6572>.1 E 42.84
-<55736572696420546865>142 534 R<646566>2.5 E
-<61756c74207573657220616e642067726f757020696420746f2072756e206173>-.1 E
-50.62<4e69636520546865>142 546 R
-<6e69636528322920696e6372656d656e7420666f7220746865206d61696c6572>2.5 E
-38.95<4368617273657420546865>142 558 R<646566>2.5 E<61756c74206368617261
-637465722073657420666f7220382d6269742063686172616374657273>-.1 E -.8
-<5479>142 570 S 49.75<70652054>.8 F
-<79706520696e666f726d6174696f6e20666f722044534e20646961676e6f7374696373>
--.8 E -.8<5761>142 582 S 50.86<697420546865>.8 F
-<6d6178696d756d2074696d6520746f2077>2.5 E
-<61697420666f7220746865206d61696c6572>-.1 E<5175657565>142 594 Q 20.22
-<67726f757020546865>-.15 F<646566>2.5 E
-<61756c742071756575652067726f757020666f7220746865206d61696c6572>-.1 E
-69.22<2f54>142 606 S
-<686520726f6f74206469726563746f727920666f7220746865206d61696c6572>-69.22
-E<4f6e6c7920746865208c72737420636861726163746572206f6620746865208c656c64
-206e616d6520697320636865636b>102 622.2 Q<65642028697427>-.1 E 2.5<7363>
--.55 G<6173652d73656e73697469>-2.5 E -.15<7665>-.25 G<292e>.15 E .396
-<54686520666f6c6c6f>127 638.4 R .396<77696e67208d616773206d617920626520
-73657420696e20746865206d61696c6572206465736372697074696f6e2e>-.25 F
-<416e>5.396 E 2.896<796f>-.15 G .397
-<74686572208d616773206d6179206265207573656420667265656c79>-2.896 F .075<
-746f20636f6e646974696f6e616c6c792061737369676e206865616465727320746f206d
-657373616765732064657374696e656420666f7220706172746963756c6172206d61696c
-6572732e>102 650.4 R .075<466c616773206d61726b>5.075 F .075
-<65642077697468208720617265>-.1 F 1.192
-<6e6f7420696e74657270726574656420627920746865>102 662.4 R F3
-<73656e646d61696c>3.692 E F1 1.193
-<62696e6172793b207468657365206172652074686520636f6e>3.692 F -.15<7665>
--.4 G 1.193<6e74696f6e616c6c79207573656420746f20636f7272656c61746520746f
-20746865208d616773>.15 F .738<706f7274696f6e206f6620746865>102 674.4 R
-F0<48>3.238 E F1 3.237<6c696e652e20466c616773>3.238 F<6d61726b>3.237 E
-.737<656420776974682088206170706c7920746f20746865206d61696c65727320666f
-72207468652073656e646572206164647265737320726174686572207468616e>-.1 F
-<74686520757375616c20726563697069656e74206d61696c6572732e>102 686.4 Q
-15.56<6152>102 702.6 S .987<756e20457874656e64656420534d5450202845534d54
-50292070726f746f636f6c202864658c6e656420696e205246437320313836392c203136
-35322c20616e642031383730292e>-15.56 F .987<54686973208d6167>5.987 F
-<646566>122 714.6 Q<61756c7473206f6e2069662074686520534d5450206772656574
-696e67206d65737361676520696e636c75646573207468652077>-.1 E
-<6f7264209945534d54509a2e>-.1 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-55)195.86 E/F1 10/Times-Roman@0 SF(names.)102 96 Q
+(The syntax is:)127 112.2 Q F0(C)142 128.4 Q/F2 10/Times-Italic@0 SF
+1.666(cp)C(hr)-1.666 E(ase1 phr)-.15 E(ase2...)-.15 E F0(F)142 140.4 Q
+F2 1.666<638c>C(le)-1.666 E F0(F)142 152.4 Q F2 1.666(c|)C(pr)-1.666 E
+-.1(og)-.45 G -.15(ra).1 G(m).15 E F0(F)142 164.4 Q F2 1.666(c[)C(mapk)
+-1.666 E -.3(ey)-.1 G(]@mapclass:mapspec).3 E F1 .035
+(The \214rst form de\214nes the class)102 180.6 R F2(c)2.535 E F1 .035
+(to match an)2.535 F 2.535(yo)-.15 G 2.535(ft)-2.535 G .035(he named w)
+-2.535 F 2.535(ords. If)-.1 F F2(phr)2.536 E(ase1)-.15 E F1(or)2.536 E
+F2(phr)2.536 E(ase2)-.15 E F1 .036(is another)2.536 F .747(class, e.g.,)
+102 192.6 R F2($=S)3.247 E F1 3.247(,t)C .747(he contents of class)
+-3.247 F F2(S)3.246 E F1 .746(are added to class)3.246 F F2(c)3.246 E F1
+5.746(.I)C 3.246(ti)-5.746 G 3.246(sp)-3.246 G .746
+(ermissible to split them among)-3.246 F(multiple lines; for e)102 204.6
+Q(xample, the tw)-.15 E 2.5(of)-.1 G(orms:)-2.5 E(CHmonet ucbmonet)142
+220.8 Q(and)102 237 Q(CHmonet)142 253.2 Q(CHucbmonet)142 265.2 Q 1.015
+(are equi)102 281.4 R -.25(va)-.25 G 3.515(lent. The).25 F -.74(``)3.516
+G(F').74 E 3.516('f)-.74 G 1.016(orms read the elements of the class)
+-3.516 F F2(c)3.516 E F1 1.016(from the named)3.516 F F2(\214le)3.516 E
+F1(,)A F2(pr)3.516 E -.1(og)-.45 G -.15(ra).1 G(m).15 E F1 3.516(,o)C(r)
+-3.516 E F2 .162(map speci\214cation)102 293.4 R F1 5.162(.E)C .161
+(ach element should be listed on a separate line.)-5.162 F 1.761 -.8
+(To s)5.161 H .161(pecify an optional \214le, use).8 F -.74(``)102 305.4
+S(\255o').74 E 2.5('b)-.74 G
+(etween the class name and the \214le name, e.g.,)-2.5 E
+(Fc \255o /path/to/\214le)142 321.6 Q .396(If the \214le can')102 337.8
+R 2.896(tb)-.18 G 2.896(eu)-2.896 G(sed,)-2.896 E F2(sendmail)2.896 E F1
+.396(will not complain b)2.896 F .396(ut silently ignore it.)-.2 F .396
+(The map form should be)5.396 F .364(an optional map k)102 349.8 R -.15
+(ey)-.1 G 2.864(,a)-.5 G 2.864(na)-2.864 G 2.864(ts)-2.864 G .363
+(ign, and a map class follo)-2.864 F .363
+(wed by the speci\214cation for that map.)-.25 F(Exam-)5.363 E
+(ples include:)102 361.8 Q(F{V)142 378 Q(irtHosts}@ldap:\255k \(&\(obje\
+ctClass=virtHosts\)\(host=*\)\) \255v host)-.6 E
+(F{MyClass}foo@hash:/etc/mail/classes)142 390 Q .95
+(will \214ll the class)102 406.2 R F0($={V)3.45 E(irtHosts})-.37 E F1
+.951(from an LD)3.45 F .951(AP map lookup and)-.4 F F0($={MyClass})3.451
+E F1 .951(from a hash data-)3.451 F .017(base map lookup of the)102
+418.2 R F0 -.25(fo)2.517 G(o).25 E F1 5.017(.T)C .017(here is also a b)
+-5.017 F .016(uilt-in schema that can be accessed by only specifying:)
+-.2 F(F{)142 434.4 Q F2(ClassName)A F1(}@LD)A(AP)-.4 E
+(This will tell sendmail to use the def)102 450.6 Q(ault schema:)-.1 E
+(\255k \(&\(objectClass=sendmailMT)142 466.8 Q -.4(AC)-.93 G(lass\)).4 E
+(\(sendmailMT)154.5 478.8 Q -.4(AC)-.93 G(lassName=).4 E F2(ClassName)A
+F1(\))A(\(|\(sendmailMT)154.5 490.8 Q -.4(AC)-.93 G(luster=${sendmailMT)
+.4 E -.4(AC)-.93 G(luster}\)).4 E(\(sendmailMT)159.5 502.8 Q
+(AHost=$j\)\)\))-.93 E(\255v sendmailMT)142 514.8 Q -.4(AC)-.93 G(lassV)
+.4 E(alue)-1.11 E
+(Note that the lookup is only done when sendmail is initially started.)
+102 531 Q 1.339(Elements of classes can be accessed in rules using)127
+547.2 R F0($=)3.839 E F1(or)3.839 E F0($~)3.839 E F1 6.339(.T)C(he)
+-6.339 E F0($~)3.839 E F1 1.339(\(match entries not in)3.839 F
+(class\) only matches a single w)102 559.2 Q(ord; multi-w)-.1 E
+(ord entries in the class are ignored in this conte)-.1 E(xt.)-.15 E
+(Some classes ha)127 575.4 Q .3 -.15(ve i)-.2 H(nternal meaning to).15 E
+F2(sendmail)2.5 E F1(:)A 18.42($=e contains)102 591.6 R .562
+(the Content-T)3.062 F(ransfer)-.35 E .562(-Encodings that can be 8)-.2
+F/F3 10/Symbol SF<ae>A F1 3.062(7b)C .562(it encoded.)-3.062 F .561
+(It is prede\214ned to)5.561 F
+(contain \2317bit\232, \2318bit\232, and \231binary\232.)138 603.6 Q
+17.86($=k set)102 619.8 R(to be the same as)2.5 E F0($k)2.5 E F1 2.5(,t)
+C(hat is, the UUCP node name.)-2.5 E 15.08($=m set)102 636 R
+(to the set of domains by which this host is kno)2.5 E
+(wn, initially just)-.25 E F0($m)2.5 E F1(.)A 17.86($=n can)102 652.2 R
+.58(be set to the set of MIME body types that can ne)3.08 F -.15(ve)-.25
+G 3.081(rb).15 G 3.081(ee)-3.081 G .581(ight to se)-3.081 F -.15(ve)-.25
+G 3.081(nb).15 G .581(it encoded.)-3.081 F(It)5.581 E(def)138 664.2 Q
+1.81(aults to \231multipart/signed\232.)-.1 F 1.81
+(Message types \231message/*\232 and \231multipart/*\232 are ne)6.81 F
+-.15(ve)-.25 G(r).15 E 1.853(encoded directly)138 676.2 R 6.853(.M)-.65
+G 1.853(ultipart messages are al)-6.853 F -.1(wa)-.1 G 1.853
+(ys handled recursi).1 F -.15(ve)-.25 G(ly).15 E 6.853(.T)-.65 G 1.853
+(he handling of)-6.853 F(message/* messages are controlled by class)138
+688.2 Q F0($=s)2.5 E F1(.)A 17.86($=q A)102 704.4 R .712
+(set of Content-T)3.212 F .712(ypes that will ne)-.8 F -.15(ve)-.25 G
+3.212(rb).15 G 3.212(ee)-3.212 G .712(ncoded as base64 \(if the)-3.212 F
+3.212(yh)-.15 G -2.25 -.2(av e)-3.212 H .711(to be encoded,)3.412 F(the)
+138 716.4 Q 3.357(yw)-.15 G .858(ill be encoded as quoted-printable\).)
+-3.357 F .858(It can ha)5.858 F 1.158 -.15(ve p)-.2 H .858
+(rimary types \(e.g., \231te).15 F .858(xt\232\) or full)-.15 F 0 Cg EP
%%Page: 56 52
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d35362053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 12.78<414c>102 96 S .852<6f6f6b2075702074686520
-75736572202861646472657373292070617274206f6620746865207265736f6c76>
--12.78 F .852<6564206d61696c657220747269706c652c20696e2074686520616c6961
-732064617461626173652e>-.15 F<4e6f726d616c6c79>5.852 E
-<74686973206973206f6e6c792073657420666f72206c6f63616c206d61696c6572732e>
-122 108 Q 15<6246>102 124.2 S .456<6f726365206120626c616e6b206c696e6520
-6f6e2074686520656e64206f662061206d6573736167652e>-15.15 F .456
-<5468697320697320696e74656e64656420746f2077>5.456 F .456
-<6f726b2061726f756e6420736f6d65207374757069642076>-.1 F<6572>-.15 E<2d>
--.2 E .362<73696f6e73206f66202f62696e2f6d61696c207468617420726571756972
-65206120626c616e6b206c696e652c2062>122 136.2 R .362
-<757420646f206e6f742070726f>-.2 F .362<76696465206974207468656d73656c76>
--.15 F 2.861<65732e204974>-.15 F -.1<776f>2.861 G .361
-<756c64206e6f74206e6f72>.1 F<2d>-.2 E
-<6d616c6c792062652075736564206f6e206e657477>122 148.2 Q
-<6f726b206d61696c2e>-.1 E 13.33<4253>102 164.4 S .142
-<74726970206c656164696e67206261636b736c617368657320285c29206f66>-13.33 F
-2.643<666f>-.25 G 2.643<6674>-2.643 G .143<686520616464726573733b207468
-6973206973206120737562736574206f66207468652066756e6374696f6e616c69747920
-6f6620746865>-2.643 F F0<73>2.643 E F1<8d61672e>2.643 E 15.56<6344>102
-180.6 S 2.663<6f6e>-15.56 G .163
-<6f7420696e636c75646520636f6d6d656e747320696e206164647265737365732e>
--2.663 F .163
-<546869732073686f756c64206f6e6c79206265207573656420696620796f75206861>
-5.163 F .463 -.15<76652074>-.2 H 2.663<6f77>.15 G .163
-<6f726b2061726f756e642061>-2.763 F 1.846<72656d6f7465206d61696c65722074
-686174206765747320636f6e667573656420627920636f6d6d656e74732e>122 192.6 R
-1.846<546869732073747269707320616464726573736573206f662074686520666f726d
-2099506872617365>6.846 F<3c616464726573733e9a206f7220996164647265737320
-28436f6d6d656e74299a20646f>122 204.6 Q
-<776e20746f206a7573742099616464726573739a2e>-.25 E 5.83<4388204966>102
-220.8 R .214<6d61696c206973>2.714 F/F2 10/Times-Italic@0 SF -.37<7265>
-2.714 G<636569766564>.37 E F1 .213
-<66726f6d2061206d61696c657220776974682074686973208d6167207365742c20616e>
-2.713 F 2.713<7961>-.15 G .213<646472657373657320696e207468652068656164
-6572207468617420646f206e6f74206861>-2.713 F -.15<7665>-.2 G .97
-<616e206174207369676e202899409a29206166746572206265696e67207265>122
-232.8 R .97
-<7772697474656e2062792072756c657365742074687265652077696c6c206861>-.25 F
-1.27 -.15<76652074>-.2 H .97
-<6865209940646f6d61696e9a20636c617573652066726f6d>.15 F
-<7468652073656e64657220656e>122 244.8 Q -.15<7665>-.4 G
-<6c6f70652061646472657373207461636b>.15 E<6564206f6e2e>-.1 E
-<5468697320616c6c6f>5 E
-<7773206d61696c20776974682068656164657273206f662074686520666f726d3a>-.25
-E<46726f6d3a20757365726140686f737461>162 261 Q -.8<546f>162 273 S 2.5
-<3a75>.8 G<7365726240686f7374622c207573657263>-2.5 E<746f206265207265>
-122 289.2 Q<7772697474656e2061733a>-.25 E
-<46726f6d3a20757365726140686f737461>162 305.4 Q -.8<546f>162 317.4 S 2.5
-<3a75>.8 G<7365726240686f7374622c20757365726340686f737461>-2.5 E
-<6175746f6d61746963616c6c79>122 333.6 Q 5<2e48>-.65 G -.25<6f77>-5 G
--2.15 -.25<65762065>.25 H .8 -.4<722c2069>.25 H 2.5<7464>.4 G
-<6f65736e27>-2.5 E 2.5<7472>-.18 G<65616c6c792077>-2.5 E
-<6f726b2072656c6961626c79>-.1 E<2e>-.65 E 15<6444>102 349.8 S 2.56<6f6e>
--15 G .06<6f7420696e636c75646520616e676c6520627261636b>-2.56 F .06<6574
-732061726f756e6420726f7574652d616464726573732073796e74617820616464726573
-7365732e>-.1 F .06<546869732069732075736566756c206f6e206d61696c657273>
-5.06 F .187<746861742061726520676f696e6720746f20706173732061646472657373
-657320746f2061207368656c6c2074686174206d6967687420696e746572707265742061
-6e676c6520627261636b>122 361.8 R .188
-<65747320617320492f4f207265646972656374696f6e2e>-.1 F<486f>122 373.8 Q
-<7765>-.25 E -.15<7665>-.25 G 1.621 -.4<722c2069>.15 H 3.321<7464>.4 G
-.821<6f6573206e6f742070726f74656374206167>-3.321 F .821
-<61696e7374206f74686572207368656c6c206d657461636861726163746572732e>-.05
-F .821<5468657265666f72652c2070617373696e6720616464726573736573>5.821 F<
-746f2061207368656c6c2073686f756c64206e6f7420626520636f6e7369646572656420
-7365637572652e>122 385.8 Q 5.28<44872054686973>102 402 R
-<6d61696c65722077>2.5 E
-<616e747320612099446174653a9a20686561646572206c696e652e>-.1 E 15.56
-<6554>102 418.2 S .173<686973206d61696c65722069732065>-15.56 F
-<7870656e7369>-.15 E .473 -.15<76652074>-.25 H 2.673<6f63>.15 G .173
-<6f6e6e65637420746f2c20736f2074727920746f2061>-2.673 F -.2<766f>-.2 G
-.174<696420636f6e6e656374696e67206e6f726d616c6c793b20616e>.2 F 2.674
-<796e>-.15 G .174<656365737361727920636f6e2d>-2.674 F<6e656374696f6e2077
-696c6c206f6363757220647572696e6720612071756575652072756e2e>122 430.2 Q
-<53656520616c736f206f7074696f6e>5 E F0<486f6c64457870656e7369>2.5 E -.1
-<7665>-.1 G F1<2e>.1 E 13.89<4545>102 446.4 S
-<7363617065206c696e6573206265>-13.89 E
-<67696e6e696e672077697468209946726f6d>-.15 E 2.5<9a69>5 G 2.5<6e74>-2.5
-G<6865206d6573736167652077697468206120603e27207369676e2e>-2.5 E 16.67
-<6654>102 462.6 S .19<6865206d61696c65722077>-16.67 F .19<616e74732061>
--.1 F F0<ad66>2.69 E F2<6672>2.69 E<6f6d>-.45 E F1 .19<8d61672c2062>2.69
-F .19<7574206f6e6c7920696620746869732069732061206e657477>-.2 F .19
-<6f726b20666f7277>-.1 F .19
-<617264206f7065726174696f6e2028692e652e2c20746865206d61696c6572>-.1 F
-<77696c6c206769>122 474.6 Q .3 -.15<76652061>-.25 H 2.5<6e65>.15 G
-<72726f72206966207468652065>-2.5 E -.15<7865>-.15 G
-<637574696e67207573657220646f6573206e6f74206861>.15 E .3 -.15<76652073>
--.2 H<70656369616c207065726d697373696f6e73292e>.15 E 6.94
-<46872054686973>102 490.8 R<6d61696c65722077>2.5 E
-<616e74732061209946726f6d3a9a20686561646572206c696e652e>-.1 E 15<674e>
-102 507 S<6f726d616c6c79>-15 E<2c>-.65 E F2<73656e646d61696c>4.892 E F1
-2.393<73656e647320696e7465726e616c6c792067656e65726174656420656d61696c20
-28652e672e2c206572726f72206d6573736167657329207573696e6720746865206e756c
-6c>4.892 F 1.327<72657475726e206164647265737320617320726571756972656420
-62792052464320313132332e>122 519 R<486f>6.327 E<7765>-.25 E -.15<7665>
--.25 G 2.127 -.4<722c2073>.15 H 1.327<6f6d65206d61696c65727320646f6e27>
-.4 F 3.827<7461>-.18 G 1.327<63636570742061206e756c6c2072657475726e>
--3.827 F 3.31<616464726573732e204966>122 531 R<6e6563657373617279>3.31 E
-3.31<2c79>-.65 G .81<6f752063616e2073657420746865>-3.31 F F0<67>3.311 E
-F1 .811<8d616720746f20707265>3.311 F -.15<7665>-.25 G<6e74>.15 E F2
-<73656e646d61696c>3.311 E F1 .811<66726f6d206f6265>3.311 F .811
-<79696e6720746865207374616e64617264733b>-.15 F 1.57<6572726f72206d657373
-616765732077696c6c2062652073656e742061732066726f6d20746865204d41494c4552
-2d44>122 543 R 1.57<41454d4f4e202861637475616c6c79>-.4 F 4.07<2c74>-.65
-G 1.57<68652076>-4.07 F 1.57<616c7565206f6620746865>-.25 F F0<246e>4.07
-E F1<6d6163726f292e>122 555 Q 15<6855>102 571.2 S 1.006
-<7070657220636173652073686f756c642062652070726573657276>-15 F 1.007<6564
-20696e20686f7374206e616d6573202874686520244020706f7274696f6e206f66207468
-65206d61696c657220747269706c6574207265736f6c76>-.15 F<6564>-.15 E
-<66726f6d2072756c6573657420302920666f722074686973206d61696c6572>122
-583.2 Q<2e>-.55 E 17.22<6944>102 599.4 S 2.5<6f55>-17.22 G
-<736572204461746162617365207265>-2.5 E<77726974696e67206f6e20656e>-.25 E
--.15<7665>-.4 G<6c6f70652073656e64657220616464726573732e>.15 E 16.67
-<4954>102 615.6 S .54<686973208d6167206973206465707265636174656420616e64
-2077696c6c2062652072656d6f>-16.67 F -.15<7665>-.15 G 3.039<6466>.15 G
-.539<726f6d2061206675747572652076>-3.039 F 3.039
-<657273696f6e2e2054686973>-.15 F .539
-<6d61696c65722077696c6c20626520737065616b2d>3.039 F .161
-<696e6720534d545020746f20616e6f74686572>122 627.6 R F2<73656e646d61696c>
-2.662 E F1 2.662<8a61>2.662 G 2.662<7373>-2.662 G .162<7563682069742063
-616e20757365207370656369616c2070726f746f636f6c2066656174757265732e>
--2.662 F .162<54686973208d61672073686f756c64>5.162 F
-<6e6f7420626520757365642065>122 639.6 Q<786365707420666f7220646562>-.15
-E<756767696e6720707572706f73657320626563617573652069742075736573>-.2 E
-F0<56455242>2.5 E F1<617320534d545020636f6d6d616e642e>2.5 E 17.22<6a44>
-102 655.8 S 2.5<6f55>-17.22 G<736572204461746162617365207265>-2.5 E<7772
-6974696e67206f6e20726563697069656e74732061732077656c6c2061732073656e6465
-72732e>-.25 E 15<6b4e>102 672 S 1.03<6f726d616c6c79207768656e>-15 F F2
-<73656e646d61696c>3.53 E F1 1.03
-<636f6e6e6563747320746f206120686f73742076696120534d5450>3.53 F 3.529
-<2c69>-1.11 G 3.529<7463>-3.529 G 1.029<6865636b7320746f206d616b>-3.529
-F 3.529<6573>-.1 G 1.029<757265207468617420746869732069736e27>-3.529 F
-<74>-.18 E .562<6163636964656e746c79207468652073616d6520686f7374206e616d
-65206173206d696768742068617070656e206966>122 684 R F2<73656e646d61696c>
-3.062 E F1 .562
-<6973206d6973636f6e8c6775726564206f722069662061206c6f6e672d6861756c>
-3.062 F<6e657477>122 696 Q 1.074<6f726b20696e74657266>-.1 F 1.074
-<6163652069732073657420696e206c6f6f706261636b206d6f64652e>-.1 F 1.073<54
-686973208d61672064697361626c657320746865206c6f6f706261636b20636865636b2e>
-6.074 F 1.073<49742073686f756c64>6.073 F
-<6f6e6c79206265207573656420756e6465722076>122 708 Q
-<65727920756e757375616c2063697263756d7374616e6365732e>-.15 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-56 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(types \(such as \231te)138 96 Q(xt/plain\232\).)-.15 E 18.97
+($=s contains)102 112.2 R .648
+(the set of subtypes of message that can be treated recursi)3.148 F -.15
+(ve)-.25 G(ly).15 E 5.648(.B)-.65 G 3.148(yd)-5.648 G(ef)-3.148 E .648
+(ault it con-)-.1 F .969(tains only \231rfc822\232.)138 124.2 R .969
+(Other \231message/*\232 types cannot be 8)5.969 F/F2 10/Symbol SF<ae>A
+F1 3.469(7b)C .969(it encoded.)-3.469 F .97(If a message)5.97 F 1.045
+(containing eight bit data is sent to a se)138 136.2 R -.15(ve)-.25 G
+3.545(nb).15 G 1.045(it host, and that message cannot be encoded)-3.545
+F(into se)138 148.2 Q -.15(ve)-.25 G 2.5(nb).15 G
+(its, it will be stripped to 7 bits.)-2.5 E 20.08($=t set)102 164.4 R
+.372(to the set of trusted users by the)2.872 F F0(T)2.872 E F1 .372
+(con\214guration line.)2.872 F .372(If you w)5.372 F .373
+(ant to read trusted users)-.1 F(from a \214le, use)138 176.4 Q F0(Ft)
+2.5 E/F3 10/Times-Italic@0 SF(/\214le/name)A F1(.)A 15.64($=w set)102
+192.6 R .513(to be the set of all names this host is kno)3.013 F .513
+(wn by)-.25 F 5.513(.T)-.65 G .513(his can be used to match local host-)
+-5.513 F(names.)138 204.6 Q($={persistentMacros})102 220.8 Q 1.712
+(set to the macros that should be sa)138 232.8 R -.15(ve)-.2 G 4.212(da)
+.15 G 1.712(cross queue runs.)-4.212 F 1.712(Care should be tak)6.712 F
+1.712(en when)-.1 F(adding macro names to this class.)138 244.8 Q F3
+(Sendmail)127 261 Q F1 .183(can be compiled to allo)2.683 F 2.683(wa)
+-.25 G F3(scanf)-.001 E F1 .182(\(3\) string on the)B F0(F)2.682 E F1
+2.682(line. This)2.682 F .182(lets you do simplistic)2.682 F .554
+(parsing of te)102 273 R .554(xt \214les.)-.15 F -.15(Fo)5.554 G 3.054
+(re).15 G .554(xample, to read all the user names in your system)-3.204
+F F3(/etc/passwd)3.055 E F1 .555(\214le into a)3.055 F(class, use)102
+285 Q(FL/etc/passwd %[^:])142 301.2 Q(which reads e)102 317.4 Q -.15(ve)
+-.25 G(ry line up to the \214rst colon.).15 E F0 2.5(5.4. M)87 341.4 R
+2.5<8a44>2.5 G(e\214ne Mailer)-2.5 E F1(Programs and interf)127 357.6 Q
+(aces to mailers are de\214ned in this line.)-.1 E(The format is:)5 E F0
+(M)142 373.8 Q F3(name)A F1 2.5(,{)C F3(\214eld)-2.5 E F1(=)A F3(value)A
+F1(}*)1.666 E(where)102 390 Q F3(name)4.244 E F1 1.744(is the name of t\
+he mailer \(used internally only\) and the \231\214eld=name\232 pairs d\
+e\214ne)4.244 F(attrib)102 402 Q(utes of the mailer)-.2 E 5(.F)-.55 G
+(ields are:)-5 E -.15(Pa)142 418.2 S 51.87(th The).15 F
+(pathname of the mailer)2.5 E 47.83(Flags Special)142 430.2 R
+(\215ags for this mailer)2.5 E 41.73(Sender Re)142 442.2 R
+(writing set\(s\) for sender addresses)-.25 E 31.17(Recipient Re)142
+454.2 R(writing set\(s\) for recipient addresses)-.25 E 30.62
+(recipients Maximum)142 466.2 R(number of recipients per connection)2.5
+E(Ar)142 478.2 Q 49.13(gv An)-.18 F(ar)2.5 E(gument v)-.18 E
+(ector to pass to this mailer)-.15 E 55.61(Eol The)142 490.2 R
+(end-of-line string for this mailer)2.5 E 35.62(Maxsize The)142 502.2 R
+(maximum message length to this mailer)2.5 E 14.51(maxmessages The)142
+514.2 R(maximum message deli)2.5 E -.15(ve)-.25 G(ries per connection)
+.15 E 32.27(Linelimit The)142 526.2 R
+(maximum line length in the message body)2.5 E 31.18(Directory The)142
+538.2 R -.1(wo)2.5 G(rking directory for the mailer).1 E 42.84
+(Userid The)142 550.2 R(def)2.5 E(ault user and group id to run as)-.1 E
+50.62(Nice The)142 562.2 R(nice\(2\) increment for the mailer)2.5 E
+38.95(Charset The)142 574.2 R(def)2.5 E
+(ault character set for 8-bit characters)-.1 E -.8(Ty)142 586.2 S 49.75
+(pe T).8 F(ype information for DSN diagnostics)-.8 E -.8(Wa)142 598.2 S
+50.86(it The).8 F(maximum time to w)2.5 E(ait for the mailer)-.1 E
+(Queue)142 610.2 Q 20.22(group The)-.15 F(def)2.5 E
+(ault queue group for the mailer)-.1 E 69.22(/T)142 622.2 S
+(he root directory for the mailer)-69.22 E
+(Only the \214rst character of the \214eld name is check)102 638.4 Q
+(ed \(it')-.1 E 2.5(sc)-.55 G(ase-sensiti)-2.5 E -.15(ve)-.25 G(\).).15
+E .396(The follo)127 654.6 R .396
+(wing \215ags may be set in the mailer description.)-.25 F(An)5.396 E
+2.896(yo)-.15 G .397(ther \215ags may be used freely)-2.896 F .075(to c\
+onditionally assign headers to messages destined for particular mailers\
+.)102 666.6 R .075(Flags mark)5.075 F .075(ed with \207 are)-.1 F 1.192
+(not interpreted by the)102 678.6 R F3(sendmail)3.692 E F1 1.193
+(binary; these are the con)3.692 F -.15(ve)-.4 G 1.193
+(ntionally used to correlate to the \215ags).15 F .738(portion of the)
+102 690.6 R F0(H)3.238 E F1 3.237(line. Flags)3.238 F(mark)3.237 E .737
+(ed with \210 apply to the mailers for the sender address rather than)
+-.1 F(the usual recipient mailers.)102 702.6 Q 0 Cg EP
%%Page: 57 53
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3537>195.86 E
-/F1 10/Times-Roman@0 SF 12.78<4b43>102 96 S
-<757272656e746c7920756e696d706c656d656e7465642e>-12.78 E<526573657276>5
-E<656420666f72206368756e6b696e672e>-.15 E 17.22<6c54>102 112.2 S<686973
-206d61696c6572206973206c6f63616c2028692e652e2c208c6e616c2064656c69>
--17.22 E -.15<7665>-.25 G<72792077696c6c20626520706572666f726d6564292e>
-.15 E 13.89<4c4c>102 128.4 S .598<696d697420746865206c696e65206c656e6774
-68732061732073706563698c656420696e20524643203832312e>-13.89 F .598<5468
-69732064657072656361746564206f7074696f6e2073686f756c64206265207265706c61
-636564206279>5.598 F<746865>122 140.4 Q F0<4c3d>2.5 E F1
-<6d61696c206465636c61726174696f6e2e>2.5 E -.15<466f>5 G 2.5<7268>.15 G
-<6973746f72696320726561736f6e732c20746865>-2.5 E F0<4c>2.5 E F1
-<8d616720616c736f207365747320746865>2.5 E F0<37>2.5 E F1<8d61672e>2.5 E
-12.22<6d54>102 156.6 S .464<686973206d61696c65722063616e2073656e6420746f
-206d756c7469706c65207573657273206f6e207468652073616d6520686f737420696e20
-6f6e65207472616e73616374696f6e2e>-12.22 F .463<5768656e2061>5.463 F F0
-<2475>2.963 E F1<6d6163726f>2.963 E .731<6f636375727320696e20746865>122
-168.6 R/F2 10/Times-Italic@0 SF<6172>3.231 E<6776>-.37 E F1 .732<706172
-74206f6620746865206d61696c65722064658c6e6974696f6e2c2074686174208c656c64
-2077696c6c206265207265706561746564206173206e656365737361727920666f722061
-6c6c>3.231 F .674<7175616c696679696e672075736572732e>122 180.6 R
-<52656d6f>5.674 E .674<76696e672074686973208d61672063616e20646566656174
-206475706c69636174652073757072657373696f6e206f6e20612072656d6f7465207369
-74652061732065616368>-.15 F<726563697069656e742069732073656e7420696e2061
-207365706172617465207472616e73616374696f6e2e>122 192.6 Q 3.61
-<4d872054686973>102 208.8 R<6d61696c65722077>2.5 E
-<616e7473206120994d6573736167652d49643a9a20686561646572206c696e652e>-.1
-E 15<6e44>102 225 S 2.5<6f6e>-15 G<6f7420696e73657274206120554e49582d73
-74796c65209946726f6d9a206c696e65206f6e207468652066726f6e74206f6620746865
-206d6573736167652e>-2.5 E 15<6f41>102 241.2 S -.1<6c7761>-15 G .816
-<79732072756e20617320746865206f>.1 F .816
-<776e6572206f662074686520726563697069656e74206d61696c626f782e>-.25 F
-<4e6f726d616c6c79>5.816 E F2<73656e646d61696c>3.316 E F1 .816
-<72756e73206173207468652073656e64657220666f72>3.316 F .198<6c6f63616c6c
-792067656e657261746564206d61696c206f7220617320996461656d6f6e9a2028616374
-75616c6c79>122 253.2 R 2.698<2c74>-.65 G .198
-<686520757365722073706563698c656420696e20746865>-2.698 F F0<75>2.698 E
-F1 .198<6f7074696f6e29207768656e2064656c69>2.698 F<762d>-.25 E 1.337
-<6572696e67206e657477>122 265.2 R 1.337<6f726b206d61696c2e>-.1 F 1.338
-<546865206e6f726d616c2062656861>6.338 F 1.338<76696f72206973207265717569
-726564206279206d6f7374206c6f63616c206d61696c6572732c2077686963682077696c
-6c206e6f74>-.2 F<616c6c6f>122 277.2 Q 2.521<7774>-.25 G .021<686520656e>
--2.521 F -.15<7665>-.4 G .021<6c6f70652073656e64657220616464726573732074
-6f2062652073657420756e6c65737320746865206d61696c65722069732072756e6e696e
-67206173206461656d6f6e2e>.15 F .02<54686973208d6167206973>5.02 F
-<69676e6f72656420696620746865>122 289.2 Q F0<53>2.5 E F1
-<8d6167206973207365742e>2.5 E 15<7055>102 305.4 S .497
-<73652074686520726f7574652d61646472207374796c65207265>-15 F -.15<7665>
--.25 G .498<7273652d7061746820696e2074686520534d545020994d41494c204652>
-.15 F .498<4f4d3a9a20636f6d6d616e6420726174686572207468616e206a757374>
--.4 F .205<7468652072657475726e20616464726573733b20616c74686f7567682074
-68697320697320726571756972656420696e20524643203832312073656374696f6e2033
-2e312c206d616e>122 317.4 R 2.705<7968>-.15 G .205
-<6f73747320646f206e6f742070726f63657373>-2.705 F<7265>122 329.4 Q -.15
-<7665>-.25 G<7273652d70617468732070726f7065726c79>.15 E 5<2e52>-.65 G
--2.15 -.25<65762065>-5 H<7273652d706174687320617265206f66>.25 E
-<8c6369616c6c7920646973636f7572616765642062792052464320313132332e>-.25 E
-6.94<50872054686973>102 345.6 R<6d61696c65722077>2.5 E
-<616e74732061209952657475726e2d50>-.1 E<6174683a9a206c696e652e>-.15 E 15
-<7157>102 361.8 S .068
-<68656e20616e20616464726573732074686174207265736f6c76>-15 F .069
-<657320746f2074686973206d61696c65722069732076>-.15 F .069<6572698c656420
-28534d5450205652465920636f6d6d616e64292c2067656e657261746520323530>-.15
-F
-<726573706f6e73657320696e7374656164206f662032353220726573706f6e7365732e>
-122 373.8 Q<546869732077696c6c20696d706c79207468617420746865206164647265
-7373206973206c6f63616c2e>5 E 16.67<7253>102 390 S<616d65206173>-16.67 E
-F0<66>2.5 E F1 2.5<2c62>C<75742073656e64732061>-2.7 E F0<ad72>2.5 E F1
-<8d61672e>2.5 E 13.33<524f>102 406.2 S .67<70656e20534d545020636f6e6e65
-6374696f6e732066726f6d206120997365637572659a20706f72742e>-13.33 F .669
-<53656375726520706f727473206172656e27>5.669 F 3.169<7428>-.18 G .669
-<7365637572652c2074686174206973292065>-3.169 F .669<7863657074206f6e>
--.15 F .639<554e4958206d616368696e65732c20736f20697420697320756e636c6561
-7220746861742074686973206164647320616e>122 418.2 R<797468696e672e>-.15 E
-F2<73656e646d61696c>5.639 E F1 .64
-<6d7573742062652072756e6e696e6720617320726f6f7420746f>3.14 F
-<62652061626c6520746f207573652074686973208d61672e>122 430.2 Q 16.11
-<7353>102 446.4 S
-<747269702071756f7465206368617261637465727320282220616e64205c29206f66>
--16.11 E 2.5<666f>-.25 G 2.5<6674>-2.5 G<68652061646472657373206265666f
-72652063616c6c696e6720746865206d61696c6572>-2.5 E<2e>-.55 E 14.44<5344>
-102 462.6 S<6f6e27>-14.44 E 3.332<7472>-.18 G .832<65736574207468652075
-7365726964206265666f72652063616c6c696e6720746865206d61696c6572>-3.332 F
-5.831<2e54>-.55 G .831<6869732077>-5.831 F .831
-<6f756c64206265207573656420696e20612073656375726520656e>-.1 F
-<7669726f6e6d656e74>-.4 E<7768657265>122 474.6 Q F2<73656e646d61696c>
-3.317 E F1 .817<72616e20617320726f6f742e>3.317 F .817
-<5468697320636f756c64206265207573656420746f2061>5.817 F -.2<766f>-.2 G
-.817<696420666f72>.2 F .817<676564206164647265737365732e>-.18 F .817
-<496620746865>5.817 F F0<553d>3.317 E F1 .818<8c656c64206973>3.317 F<61
-6c736f2073706563698c65642c2074686973208d61672063617573657320746865206566>
-122 486.6 Q<6665637469>-.25 E .3 -.15<76652075>-.25 H
-<73657220696420746f2062652073657420746f20746861742075736572>.15 E<2e>
--.55 E 15<7555>102 502.8 S .726
-<7070657220636173652073686f756c642062652070726573657276>-15 F .725
-<656420696e2075736572206e616d657320666f722074686973206d61696c6572>-.15 F
-5.725<2e53>-.55 G .725<74616e646172647320726571756972652070726573657276>
--5.725 F<6174696f6e>-.25 E .748<6f66206361736520696e20746865206c6f63616c
-2070617274206f66206164647265737365732c2065>122 514.8 R .748<786365707420
-666f722074686f7365206164647265737320666f7220776869636820796f757220737973
-74656d2061636365707473>-.15 F<726573706f6e736962696c697479>122 526.8 Q
-5.151<2e52>-.65 G .151<464320323134322070726f>-5.151 F .151<766964657320
-61206c6f6e67206c697374206f66206164647265737365732077686963682073686f756c
-64206265206361736520696e73656e73697469>-.15 F -.15<7665>-.25 G 5.15
-<2e49>.15 G<66>-5.15 E .359<796f75207573652074686973208d61672c20796f7520
-6d61792062652076696f6c6174696e672052464320323134322e>122 538.8 R .36
-<4e6f7465207468617420706f73746d617374657220697320616c>5.359 F -.1<7761>
--.1 G .36<797320747265617465642061732061>.1 F
-<6361736520696e73656e73697469>122 550.8 Q .3 -.15<76652061>-.25 H
-<646472657373207265>.15 E -.05<6761>-.15 G
-<72646c657373206f662074686973208d61672e>.05 E 12.78<5554>102 567 S
-<686973206d61696c65722077>-12.78 E<616e747320555543502d7374796c65209946
-726f6d9a206c696e65732077697468207468652075676c79209972656d6f74652066726f
-6d203c686f73743e9a206f6e2074686520656e642e>-.1 E 12.78<7754>102 583.2 S
-.607<68652075736572206d757374206861>-12.78 F .907 -.15<766520612076>-.2
-H .606
-<616c6964206163636f756e74206f6e2074686973206d616368696e652c20692e652e2c>
--.1 F F2 -.1<6765>3.106 G<7470776e616d>.1 E F1 .606
-<6d75737420737563636565642e>3.106 F .606<4966206e6f742c20746865>5.606 F
-1.233<6d61696c20697320626f756e6365642e>122 595.2 R 1.233
-<53656520616c736f20746865>6.233 F F0<4d61696c426f784461746162617365>
-3.733 E F1 3.733<6f7074696f6e2e2054686973>3.733 F 1.233
-<697320726571756972656420746f2067657420992e666f7277>3.733 F<6172649a>-.1
-E<6361706162696c697479>122 607.2 Q<2e>-.65 E 10.56<5749>102 623.4 S<676e
-6f7265206c6f6e67207465726d20686f73742073746174757320696e666f726d6174696f
-6e20287365652053656374696f6e202250657273697374656e7420486f73742053746174
-757320496e666f726d6174696f6e22292e>-10.56 E 7.5<78872054686973>102 639.6
-R<6d61696c65722077>2.5 E
-<616e74732061209946756c6c2d4e616d653a9a20686561646572206c696e652e>-.1 E
-12.78<5854>102 655.8 S .512<686973206d61696c65722077>-12.78 F .512<616e
-747320746f20757365207468652068696464656e20646f7420616c676f726974686d2061
-732073706563698c656420696e20524643203832313b206261736963616c6c79>-.1 F
-3.011<2c61>-.65 G .811 -.15<6e79206c>-3.011 H<696e65>.15 E<6265>122
-667.8 Q .796<67696e6e696e672077697468206120646f742077696c6c206861>-.15 F
-1.096 -.15<76652061>-.2 H 3.296<6e65>.15 G .797<7874726120646f7420707265
-70656e6465642028746f20626520737472697070656420617420746865206f7468657220
-656e64292e>-3.446 F<54686973>5.797 E<696e73757265732074686174206c696e65
-7320696e20746865206d65737361676520636f6e7461696e696e67206120646f74207769
-6c6c206e6f74207465726d696e61746520746865206d657373616765207072656d617475
-72656c79>122 679.8 Q<2e>-.65 E 15.56<7a52>102 696 S .965
-<756e204c6f63616c204d61696c2054>-15.56 F .965
-<72616e736665722050726f746f636f6c20284c4d545029206265747765656e>-.35 F
-F2<73656e646d61696c>3.465 E F1 .965
-<616e6420746865206c6f63616c206d61696c6572>3.465 F 5.965<2e54>-.55 G .965
-<6869732069732061>-5.965 F -.25<7661>122 708 S .167<7269616e74206f6e2053
-4d54502064658c6e656420696e2052464320323033332074686174206973207370656369
-8c63616c6c792064657369676e656420666f722064656c69>.25 F -.15<7665>-.25 G
-.167<727920746f2061206c6f63616c206d61696c2d>.15 F<626f782e>122 720 Q 0
-Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-57)195.86 E/F1 10/Times-Roman@0 SF 15.56(aR)102 96 S .987(un Ex\
+tended SMTP \(ESMTP\) protocol \(de\214ned in RFCs 1869, 1652, and 1870\
+\).)-15.56 F .987(This \215ag)5.987 F(def)122 108 Q
+(aults on if the SMTP greeting message includes the w)-.1 E
+(ord \231ESMTP\232.)-.1 E 12.78(AL)102 124.2 S .852
+(ook up the user \(address\) part of the resolv)-12.78 F .852
+(ed mailer triple, in the alias database.)-.15 F(Normally)5.852 E
+(this is only set for local mailers.)122 136.2 Q 15(bF)102 152.4 S .456
+(orce a blank line on the end of a message.)-15.15 F .456
+(This is intended to w)5.456 F .456(ork around some stupid v)-.1 F(er)
+-.15 E(-)-.2 E .362(sions of /bin/mail that require a blank line, b)122
+164.4 R .362(ut do not pro)-.2 F .362(vide it themselv)-.15 F 2.861
+(es. It)-.15 F -.1(wo)2.861 G .361(uld not nor).1 F(-)-.2 E
+(mally be used on netw)122 176.4 Q(ork mail.)-.1 E 13.33(BS)102 192.6 S
+.142(trip leading backslashes \(\\\) of)-13.33 F 2.643(fo)-.25 G 2.643
+(ft)-2.643 G .143
+(he address; this is a subset of the functionality of the)-2.643 F F0(s)
+2.643 E F1(\215ag.)2.643 E 15.56(cD)102 208.8 S 2.663(on)-15.56 G .163
+(ot include comments in addresses.)-2.663 F .163
+(This should only be used if you ha)5.163 F .463 -.15(ve t)-.2 H 2.663
+(ow).15 G .163(ork around a)-2.763 F 1.846
+(remote mailer that gets confused by comments.)122 220.8 R 1.846
+(This strips addresses of the form \231Phrase)6.846 F
+(<address>\232 or \231address \(Comment\)\232 do)122 232.8 Q
+(wn to just \231address\232.)-.25 E 5.83(C\210 If)102 249 R .214
+(mail is)2.714 F/F2 10/Times-Italic@0 SF -.37(re)2.714 G(ceived).37 E F1
+.213(from a mailer with this \215ag set, an)2.713 F 2.713(ya)-.15 G .213
+(ddresses in the header that do not ha)-2.713 F -.15(ve)-.2 G .97
+(an at sign \(\231@\232\) after being re)122 261 R .97
+(written by ruleset three will ha)-.25 F 1.27 -.15(ve t)-.2 H .97
+(he \231@domain\232 clause from).15 F(the sender en)122 273 Q -.15(ve)
+-.4 G(lope address tack).15 E(ed on.)-.1 E(This allo)5 E
+(ws mail with headers of the form:)-.25 E(From: usera@hosta)162 289.2 Q
+-.8(To)162 301.2 S 2.5(:u).8 G(serb@hostb, userc)-2.5 E(to be re)122
+317.4 Q(written as:)-.25 E(From: usera@hosta)162 333.6 Q -.8(To)162
+345.6 S 2.5(:u).8 G(serb@hostb, userc@hosta)-2.5 E(automatically)122
+361.8 Q 5(.H)-.65 G -.25(ow)-5 G -2.15 -.25(ev e).25 H .8 -.4(r, i).25 H
+2.5(td).4 G(oesn')-2.5 E 2.5(tr)-.18 G(eally w)-2.5 E(ork reliably)-.1 E
+(.)-.65 E 15(dD)102 378 S 2.56(on)-15 G .06(ot include angle brack)-2.56
+F .06(ets around route-address syntax addresses.)-.1 F .06
+(This is useful on mailers)5.06 F .187(that are going to pass addresses\
+ to a shell that might interpret angle brack)122 390 R .188
+(ets as I/O redirection.)-.1 F(Ho)122 402 Q(we)-.25 E -.15(ve)-.25 G
+1.621 -.4(r, i).15 H 3.321(td).4 G .821(oes not protect ag)-3.321 F .821
+(ainst other shell metacharacters.)-.05 F .821
+(Therefore, passing addresses)5.821 F
+(to a shell should not be considered secure.)122 414 Q 5.28(D\207 This)
+102 430.2 R(mailer w)2.5 E(ants a \231Date:\232 header line.)-.1 E 15.56
+(eT)102 446.4 S .173(his mailer is e)-15.56 F(xpensi)-.15 E .473 -.15
+(ve t)-.25 H 2.673(oc).15 G .173(onnect to, so try to a)-2.673 F -.2(vo)
+-.2 G .174(id connecting normally; an).2 F 2.674(yn)-.15 G .174
+(ecessary con-)-2.674 F(nection will occur during a queue run.)122 458.4
+Q(See also option)5 E F0(HoldExpensi)2.5 E -.1(ve)-.1 G F1(.).1 E 13.89
+(EE)102 474.6 S(scape lines be)-13.89 E(ginning with \231From)-.15 E 2.5
+<9a69>5 G 2.5(nt)-2.5 G(he message with a `>' sign.)-2.5 E 16.67(fT)102
+490.8 S .19(he mailer w)-16.67 F .19(ants a)-.1 F F0<ad66>2.69 E F2(fr)
+2.69 E(om)-.45 E F1 .19(\215ag, b)2.69 F .19(ut only if this is a netw)
+-.2 F .19(ork forw)-.1 F .19(ard operation \(i.e., the mailer)-.1 F
+(will gi)122 502.8 Q .3 -.15(ve a)-.25 H 2.5(ne).15 G(rror if the e)-2.5
+E -.15(xe)-.15 G(cuting user does not ha).15 E .3 -.15(ve s)-.2 H
+(pecial permissions\).).15 E 6.94(F\207 This)102 519 R(mailer w)2.5 E
+(ants a \231From:\232 header line.)-.1 E 15(gN)102 535.2 S(ormally)-15 E
+(,)-.65 E F2(sendmail)4.892 E F1 2.393(sends internally generated email\
+ \(e.g., error messages\) using the null)4.892 F 1.327
+(return address as required by RFC 1123.)122 547.2 R(Ho)6.327 E(we)-.25
+E -.15(ve)-.25 G 2.127 -.4(r, s).15 H 1.327(ome mailers don').4 F 3.827
+(ta)-.18 G 1.327(ccept a null return)-3.827 F 3.31(address. If)122 559.2
+R(necessary)3.31 E 3.31(,y)-.65 G .81(ou can set the)-3.31 F F0(g)3.311
+E F1 .811(\215ag to pre)3.311 F -.15(ve)-.25 G(nt).15 E F2(sendmail)
+3.311 E F1 .811(from obe)3.311 F .811(ying the standards;)-.15 F 1.57
+(error messages will be sent as from the MAILER-D)122 571.2 R 1.57
+(AEMON \(actually)-.4 F 4.07(,t)-.65 G 1.57(he v)-4.07 F 1.57
+(alue of the)-.25 F F0($n)4.07 E F1(macro\).)122 583.2 Q 15(hU)102 599.4
+S 1.006(pper case should be preserv)-15 F 1.007
+(ed in host names \(the $@ portion of the mailer triplet resolv)-.15 F
+(ed)-.15 E(from ruleset 0\) for this mailer)122 611.4 Q(.)-.55 E 17.22
+(iD)102 627.6 S 2.5(oU)-17.22 G(ser Database re)-2.5 E(writing on en)
+-.25 E -.15(ve)-.4 G(lope sender address.).15 E 16.67(IT)102 643.8 S .54
+(his \215ag is deprecated and will be remo)-16.67 F -.15(ve)-.15 G 3.039
+(df).15 G .539(rom a future v)-3.039 F 3.039(ersion. This)-.15 F .539
+(mailer will be speak-)3.039 F .161(ing SMTP to another)122 655.8 R F2
+(sendmail)2.662 E F1 2.662<8a61>2.662 G 2.662(ss)-2.662 G .162
+(uch it can use special protocol features.)-2.662 F .162
+(This \215ag should)5.162 F(not be used e)122 667.8 Q(xcept for deb)-.15
+E(ugging purposes because it uses)-.2 E F0(VERB)2.5 E F1
+(as SMTP command.)2.5 E 17.22(jD)102 684 S 2.5(oU)-17.22 G
+(ser Database re)-2.5 E(writing on recipients as well as senders.)-.25 E
+15(kN)102 700.2 S 1.03(ormally when)-15 F F2(sendmail)3.53 E F1 1.03
+(connects to a host via SMTP)3.53 F 3.529(,i)-1.11 G 3.529(tc)-3.529 G
+1.029(hecks to mak)-3.529 F 3.529(es)-.1 G 1.029(ure that this isn')
+-3.529 F(t)-.18 E .08
+(accidentally the same host name as might happen if)122 712.2 R F2
+(sendmail)2.581 E F1 .081(is miscon\214gured or if a long-haul)2.581 F
+(netw)122 724.2 Q 1.074(ork interf)-.1 F 1.074
+(ace is set in loopback mode.)-.1 F 1.073
+(This \215ag disables the loopback check.)6.074 F 1.073(It should)6.073
+F 0 Cg EP
%%Page: 58 54
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d35382053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 13.89<5a41>102 96 S<70706c79204469616c44656c6179
-20286966207365742920746f2074686973206d61696c6572>-13.89 E<2e>-.55 E 15
-<3044>102 112.2 S<6f6e27>-15 E 3.607<746c>-.18 G 1.106<6f6f6b207570204d
-58207265636f72647320666f7220686f7374732073656e742076696120534d54502f4c4d
-5450>-3.607 F 6.106<2e44>-1.11 G 3.606<6f6e>-6.106 G 1.106
-<6f74206170706c79>-3.606 F F0 -.25<4661>3.606 G
-<6c6c6261636b4d58686f7374>.25 E F1<656974686572>122 124.2 Q<2e>-.55 E 15
-<3144>102 140.4 S<6f6e27>-15 E 2.5<7473>-.18 G<656e64206e756c6c20636861
-726163746572732028275c30272920746f2074686973206d61696c6572>-2.5 E<2e>
--.55 E 15<3244>102 156.6 S<6f6e27>-15 E 3.032<7475>-.18 G .532
-<73652045534d54502065>-3.032 F -.15<7665>-.25 G 3.032<6e69>.15 G 3.032
-<666f>-3.032 G -.25<6666>-3.032 G .532
-<657265643b20746869732069732075736566756c20666f722062726f6b>.25 F .533
-<656e2073797374656d732074686174206f66>-.1 F .533<6665722045534d54502062>
--.25 F .533<75742066>-.2 F<61696c>-.1 E
-<6f6e2045484c4f2028776974686f7574207265636f>122 168.6 Q -.15<7665>-.15 G
-<72696e67207768656e2048454c4f206973207472696564206e65>.15 E<7874292e>
--.15 E 15<3345>102 184.8 S .002
-<7874656e6420746865206c697374206f66206368617261637465727320636f6e>-15 F
--.15<7665>-.4 G .001
-<7274656420746f203d5858206e6f746174696f6e207768656e20636f6e>.15 F -.15
-<7665>-.4 G .001
-<7274696e6720746f2051756f7465642d5072696e7461626c6520746f>.15 F .977
-<696e636c7564652074686f7365207468617420646f6e27>122 196.8 R 3.478<746d>
--.18 G .978<617020636c65616e6c79206265747765656e20415343494920616e642045
-42434449432e>-3.478 F .978<55736566756c20696620796f75206861>5.978 F
-1.278 -.15<76652049>-.2 H<424d>.15 E
-<6d61696e6672616d6573206f6e20736974652e>122 208.8 Q 15<3549>102 225 S
-2.717<666e>-15 G 2.717<6f61>-2.717 G .217<6c69617365732061726520666f756e
-6420666f72207468697320616464726573732c2070617373207468652061646472657373
-207468726f7567682072756c65736574203520666f7220706f737369626c6520616c7465
-726e617465>-2.717 F 2.5<7265736f6c7574696f6e2e2054686973>122 237 R
-<697320696e74656e64656420746f20666f7277>2.5 E
-<61726420746865206d61696c20746f20616e20616c7465726e6174652064656c69>-.1
-E -.15<7665>-.25 G<72792073706f742e>.15 E 15<3653>102 253.2 S
-<74726970206865616465727320746f207365>-15 E -.15<7665>-.25 G 2.5<6e62>
-.15 G<6974732e>-2.5 E 15<3753>102 269.4 S 1.14
-<7472697020616c6c206f757470757420746f207365>-15 F -.15<7665>-.25 G 3.64
-<6e62>.15 G 3.64<6974732e2054686973>-3.64 F 1.14<69732074686520646566>
-3.64 F 1.141<61756c7420696620746865>-.1 F F0<4c>3.641 E F1 1.141
-<8d6167206973207365742e>3.641 F 1.141
-<4e6f7465207468617420636c656172696e672074686973>6.141 F .295
-<6f7074696f6e206973206e6f7420737566>122 281.4 R .295<8c6369656e7420746f
-206765742066756c6c20656967687420626974206461746120706173736564207468726f
-756768>-.25 F/F2 10/Times-Italic@0 SF<73656e646d61696c>2.795 E F1 5.295
-<2e49>C 2.795<6674>-5.295 G<6865>-2.795 E F0<37>2.795 E F1 .295
-<6f7074696f6e206973207365742c>2.795 F .716
-<7468697320697320657373656e7469616c6c7920616c>122 293.4 R -.1<7761>-.1 G
-.717<7973207365742c2073696e63652074686520656967687468206269742077>.1 F
-.717<6173207374726970706564206f6e20696e7075742e>-.1 F .717
-<4e6f746520746861742074686973206f7074696f6e>5.717 F<77696c6c206f6e6c7920
-696d70616374206d657373616765732074686174206469646e27>122 305.4 Q 2.5
-<7468>-.18 G -2.25 -.2<61762065>-2.5 H<38>2.7 E/F3 10/Symbol SF<ae>A F1
-2.5<3762>C<6974204d494d4520636f6e>-2.5 E -.15<7665>-.4 G
-<7273696f6e7320706572666f726d65642e>.15 E 15<3849>102 321.6 S 3.783
-<6673>-15 G 1.283<65742c2069742069732061636365707461626c6520746f2073656e
-6420656967687420626974206461746120746f2074686973206d61696c65723b20746865
-20757375616c20617474656d707420746f20646f2038>-3.783 F F3<ae>A F1 3.782
-<3762>C<6974>-3.782 E<4d494d4520636f6e>122 333.6 Q -.15<7665>-.4 G
-<7273696f6e732077696c6c2062652062797061737365642e>.15 E 15<3949>102
-349.8 S 2.704<6673>-15 G .204<65742c20646f>-2.704 F F2<6c696d69746564>
-2.704 E F1<37>2.704 E F3<ae>A F1 2.704<3862>C .204
-<6974204d494d4520636f6e>-2.704 F -.15<7665>-.4 G 2.704
-<7273696f6e732e205468657365>.15 F<636f6e>2.704 E -.15<7665>-.4 G .205
-<7273696f6e7320617265206c696d6974656420746f207465>.15 F .205
-<78742f706c61696e20646174612e>-.15 F 17.22<3a43>102 366 S .982
-<6865636b2061646472657373657320746f2073656520696620746865>-17.22 F 3.482
-<7962>-.15 G -.15<6567>-3.482 G .982
-<696e20993a696e636c7564653a9a3b20696620746865>.15 F 3.482<7964>-.15 G
-.982<6f2c20636f6e>-3.482 F -.15<7665>-.4 G .982
-<7274207468656d20746f2074686520992a696e636c7564652a9a>.15 F
-<6d61696c6572>122 378 Q<2e>-.55 E 18<7c43>102 394.2 S
-<6865636b2061646472657373657320746f2073656520696620746865>-18 E 2.5
-<7962>-.15 G -.15<6567>-2.5 G
-<696e2077697468206120607c273b20696620746865>.15 E 2.5<7964>-.15 G
-<6f2c20636f6e>-2.5 E -.15<7665>-.4 G
-<7274207468656d20746f20746865209970726f679a206d61696c6572>.15 E<2e>-.55
-E 17.22<2f43>102 410.4 S
-<6865636b2061646472657373657320746f2073656520696620746865>-17.22 E 2.5
-<7962>-.15 G -.15<6567>-2.5 G
-<696e2077697468206120602f273b20696620746865>.15 E 2.5<7964>-.15 G
-<6f2c20636f6e>-2.5 E -.15<7665>-.4 G
-<7274207468656d20746f2074686520992a8c6c652a9a206d61696c6572>.15 E<2e>
--.55 E 10.79<404c>102 426.6 S<6f6f6b2075702061646472657373657320696e2074
-686520757365722064617461626173652e>-10.79 E 11.67<2544>102 442.8 S 3.868
-<6f6e>-11.67 G 1.368<6f7420617474656d70742064656c69>-3.868 F -.15<7665>
--.25 G 1.369<7279206f6e20696e697469616c2072656365697074206f662061206d65
-7373616765206f72206f6e2071756575652072756e7320756e6c65737320746865207175
-65756564>.15 F<6d6573736167652069732073656c6563746564207573696e67206f6e
-65206f6620746865202d71492f2d71522f2d71532071756575652072756e206d6f64698c
-657273206f7220616e204554524e20726571756573742e>122 454.8 Q 16.67<2144>
-102 471 S 1.29
-<697361626c6520616e204d48206861636b20746861742064726f707320616e2065>
--16.67 F 1.289<78706c696369742046726f6d3a206865616465722069662069742069
-73207468652073616d6520617320776861742073656e646d61696c>-.15 F -.1<776f>
-122 483 S<756c642067656e65726174652e>.1 E .267
-<436f6e8c6775726174696f6e208c6c6573207072696f7220746f206c65>127 499.2 R
--.15<7665>-.25 G 2.768<6c3661>.15 G .268<7373756d65207468652060>-2.768 F
--1.11<4127>-.8 G 2.768<2c60>1.11 G .268<77272c206035272c20603a272c20607c
-272c20602f272c20616e6420604027206f7074696f6e73206f6e20746865>-2.768 F
-<6d61696c6572206e616d656420996c6f63616c9a2e>102 511.2 Q .306<546865206d
-61696c6572207769746820746865207370656369616c206e616d6520996572726f729a20
-63616e206265207573656420746f2067656e657261746520612075736572206572726f72>
-127 527.4 R 5.305<2e54>-.55 G .305<686520286f7074696f6e616c29>-5.305 F
-.323<686f7374208c656c6420697320616e2065>102 539.4 R .323<78697420737461
-74757320746f2062652072657475726e65642c20616e64207468652075736572208c656c
-642069732061206d65737361676520746f206265207072696e7465642e>-.15 F .324
-<5468652065>5.324 F .324<786974207374612d>-.15 F .891
-<747573206d6179206265206e756d65726963206f72206f6e65206f66207468652076>
-102 551.4 R .891<616c75657320555341>-.25 F .891
-<47452c204e4f555345522c204e4f484f5354>-.4 F 3.39<2c55>-.74 G -.35<4e41>
--3.39 G -1.35<5641>-1 G .89<494c41424c452c20534f4654>1.35 F<2d>-.92 E
--1.2<5741>102 563.4 S 1.141<52452c2054454d5046>1.2 F 1.141
-<41494c2c205052>-.74 F -1.88 -.4<4f54204f>-.4 H 1.141<434f4c2c206f722043
-4f4e46494720746f2072657475726e2074686520636f72726573706f6e64696e67204558
-5f2065>.4 F 1.142<78697420636f64652c206f7220616e>-.15 F .288<656e68616e
-636564206572726f7220636f64652061732064657363726962656420696e205246432031
-3839332c>102 575.4 R F2 .288
-<456e68616e636564204d61696c2053797374656d2053746174757320436f6465732e>
-2.788 F F1 -.15<466f>5.287 G 2.787<7265>.15 G<78616d706c652c>-2.937 E
-<74686520656e7472793a>102 587.4 Q
-<24236572726f72202440204e4f484f535420243a20486f737420756e6b6e6f>142
-603.6 Q<776e20696e207468697320646f6d61696e>-.25 E .145<6f6e207468652052
-4853206f6620612072756c652077696c6c206361757365207468652073706563698c6564
-206572726f7220746f2062652067656e65726174656420616e64207468652099486f7374
-20756e6b6e6f>102 619.8 R .146<776e9a2065>-.25 F .146<786974207374612d>
--.15 F .491<74757320746f2062652072657475726e656420696620746865204c485320
-6d6174636865732e>102 631.8 R .491<54686973206d61696c6572206973206f6e6c79
-2066756e6374696f6e616c20696e2072756c657365747320302c20352c206f72206f6e65
-206f6620746865>5.491 F 1.81<636865636b5f2a2072756c65736574732e>102 643.8
-R 1.81<54686520686f7374208c656c642063616e20616c736f20636f6e7461696e2074
-6865207370656369616c20746f6b>6.81 F<656e>-.1 E F0<71756172616e74696e65>
-4.31 E F1 1.81<776869636820696e73747275637473>4.31 F<73656e646d61696c20
-746f2071756172616e74696e65207468652063757272656e74206d6573736167652e>102
-655.8 Q .257<546865206d61696c6572207769746820746865207370656369616c206e
-616d652099646973636172649a2063617573657320616e>127 672 R 2.756<796d>-.15
-G .256<61696c2073656e7420746f20697420746f206265206469736361726465642062>
--2.756 F .256<7574206f74682d>-.2 F 1.313<657277697365207472656174656420
-61732074686f7567682069742077657265207375636365737366756c6c792064656c69>
-102 684 R -.15<7665>-.25 G 3.813<7265642e2054686973>.15 F 1.314
-<6d61696c65722063616e6e6f74206265207573656420696e2072756c6573657420302c>
-3.813 F<6f6e6c7920696e207468652076>102 696 Q
-<6172696f7573206164647265737320636865636b696e672072756c65736574732e>-.25
-E .468<546865206d61696c6572206e616d656420996c6f63616c9a>127 712.2 R F2
-<6d757374>2.968 E F1 .468<62652064658c6e656420696e2065>2.968 F -.15
-<7665>-.25 G .468<727920636f6e8c6775726174696f6e208c6c652e>.15 F .468
-<54686973206973207573656420746f2064656c69>5.468 F -.15<7665>-.25 G<72>
-.15 E .25<6c6f63616c206d61696c2c20616e6420697320747265617465642073706563
-69616c6c7920696e207365>102 724.2 R -.15<7665>-.25 G .25<72616c2077>.15 F
-2.75<6179732e204164646974696f6e616c6c79>-.1 F 2.75<2c74>-.65 G .25
-<68726565206f74686572206d61696c657273206e616d6564209970726f679a2c>-2.75
-F 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-58 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(only be used under v)122 96 Q(ery unusual circumstances.)-.15 E 12.78
+(KC)102 112.2 S(urrently unimplemented.)-12.78 E(Reserv)5 E
+(ed for chunking.)-.15 E 17.22(lT)102 128.4 S
+(his mailer is local \(i.e., \214nal deli)-17.22 E -.15(ve)-.25 G
+(ry will be performed\).).15 E 13.89(LL)102 144.6 S .598
+(imit the line lengths as speci\214ed in RFC 821.)-13.89 F .598
+(This deprecated option should be replaced by)5.598 F(the)122 156.6 Q F0
+(L=)2.5 E F1(mail declaration.)2.5 E -.15(Fo)5 G 2.5(rh).15 G
+(istoric reasons, the)-2.5 E F0(L)2.5 E F1(\215ag also sets the)2.5 E F0
+(7)2.5 E F1(\215ag.)2.5 E 12.22(mT)102 172.8 S .464(his mailer can send\
+ to multiple users on the same host in one transaction.)-12.22 F .463
+(When a)5.463 F F0($u)2.963 E F1(macro)2.963 E .731(occurs in the)122
+184.8 R/F2 10/Times-Italic@0 SF(ar)3.231 E(gv)-.37 E F1 .732(part of th\
+e mailer de\214nition, that \214eld will be repeated as necessary for a\
+ll)3.231 F .317(qualifying users.)122 196.8 R(Remo)5.317 E .316(ving th\
+is \215ag can defeat duplicate suppression on a remote site as each)-.15
+F(recipient is sent in a separate transaction.)122 208.8 Q 3.61
+(M\207 This)102 225 R(mailer w)2.5 E
+(ants a \231Message-Id:\232 header line.)-.1 E 15(nD)102 241.2 S 2.5(on)
+-15 G
+(ot insert a UNIX-style \231From\232 line on the front of the message.)
+-2.5 E 15(oA)102 257.4 S -.1(lwa)-15 G .816(ys run as the o).1 F .816
+(wner of the recipient mailbox.)-.25 F(Normally)5.816 E F2(sendmail)
+3.316 E F1 .816(runs as the sender for)3.316 F .198
+(locally generated mail or as \231daemon\232 \(actually)122 269.4 R
+2.698(,t)-.65 G .198(he user speci\214ed in the)-2.698 F F0(u)2.698 E F1
+.198(option\) when deli)2.698 F(v-)-.25 E 1.337(ering netw)122 281.4 R
+1.337(ork mail.)-.1 F 1.338(The normal beha)6.338 F 1.338
+(vior is required by most local mailers, which will not)-.2 F(allo)122
+293.4 Q 2.521(wt)-.25 G .021(he en)-2.521 F -.15(ve)-.4 G .021
+(lope sender address to be set unless the mailer is running as daemon.)
+.15 F .02(This \215ag is)5.02 F(ignored if the)122 305.4 Q F0(S)2.5 E F1
+(\215ag is set.)2.5 E 15(pU)102 321.6 S .497(se the route-addr style re)
+-15 F -.15(ve)-.25 G .498(rse-path in the SMTP \231MAIL FR).15 F .498
+(OM:\232 command rather than just)-.4 F .205(the return address; althou\
+gh this is required in RFC 821 section 3.1, man)122 333.6 R 2.705(yh)
+-.15 G .205(osts do not process)-2.705 F(re)122 345.6 Q -.15(ve)-.25 G
+(rse-paths properly).15 E 5(.R)-.65 G -2.15 -.25(ev e)-5 H
+(rse-paths are of).25 E(\214cially discouraged by RFC 1123.)-.25 E 6.94
+(P\207 This)102 361.8 R(mailer w)2.5 E(ants a \231Return-P)-.1 E
+(ath:\232 line.)-.15 E 15(qW)102 378 S .068(hen an address that resolv)
+-15 F .069(es to this mailer is v)-.15 F .069
+(eri\214ed \(SMTP VRFY command\), generate 250)-.15 F
+(responses instead of 252 responses.)122 390 Q
+(This will imply that the address is local.)5 E 16.67(rS)102 406.2 S
+(ame as)-16.67 E F0(f)2.5 E F1 2.5(,b)C(ut sends a)-2.7 E F0<ad72>2.5 E
+F1(\215ag.)2.5 E 13.33(RO)102 422.4 S .67
+(pen SMTP connections from a \231secure\232 port.)-13.33 F .669
+(Secure ports aren')5.669 F 3.169(t\()-.18 G .669(secure, that is\) e)
+-3.169 F .669(xcept on)-.15 F .639
+(UNIX machines, so it is unclear that this adds an)122 434.4 R(ything.)
+-.15 E F2(sendmail)5.639 E F1 .64(must be running as root to)3.14 F
+(be able to use this \215ag.)122 446.4 Q 16.11(sS)102 462.6 S
+(trip quote characters \(" and \\\) of)-16.11 E 2.5(fo)-.25 G 2.5(ft)
+-2.5 G(he address before calling the mailer)-2.5 E(.)-.55 E 14.44(SD)102
+478.8 S(on')-14.44 E 3.332(tr)-.18 G .832
+(eset the userid before calling the mailer)-3.332 F 5.831(.T)-.55 G .831
+(his w)-5.831 F .831(ould be used in a secure en)-.1 F(vironment)-.4 E
+(where)122 490.8 Q F2(sendmail)3.317 E F1 .817(ran as root.)3.317 F .817
+(This could be used to a)5.817 F -.2(vo)-.2 G .817(id for).2 F .817
+(ged addresses.)-.18 F .817(If the)5.817 F F0(U=)3.317 E F1 .818
+(\214eld is)3.317 F(also speci\214ed, this \215ag causes the ef)122
+502.8 Q(fecti)-.25 E .3 -.15(ve u)-.25 H(ser id to be set to that user)
+.15 E(.)-.55 E 15(uU)102 519 S .726(pper case should be preserv)-15 F
+.725(ed in user names for this mailer)-.15 F 5.725(.S)-.55 G .725
+(tandards require preserv)-5.725 F(ation)-.25 E .748
+(of case in the local part of addresses, e)122 531 R .748
+(xcept for those address for which your system accepts)-.15 F
+(responsibility)122 543 Q 5.151(.R)-.65 G .151(FC 2142 pro)-5.151 F .151
+(vides a long list of addresses which should be case insensiti)-.15 F
+-.15(ve)-.25 G 5.15(.I).15 G(f)-5.15 E .359
+(you use this \215ag, you may be violating RFC 2142.)122 555 R .36
+(Note that postmaster is al)5.359 F -.1(wa)-.1 G .36(ys treated as a).1
+F(case insensiti)122 567 Q .3 -.15(ve a)-.25 H(ddress re).15 E -.05(ga)
+-.15 G(rdless of this \215ag.).05 E 12.78(UT)102 583.2 S(his mailer w)
+-12.78 E(ants UUCP-style \231From\232 lines with the ugly \231remote fr\
+om <host>\232 on the end.)-.1 E 12.78(wT)102 599.4 S .607
+(he user must ha)-12.78 F .907 -.15(ve a v)-.2 H .606
+(alid account on this machine, i.e.,)-.1 F F2 -.1(ge)3.106 G(tpwnam).1 E
+F1 .606(must succeed.)3.106 F .606(If not, the)5.606 F 1.233
+(mail is bounced.)122 611.4 R 1.233(See also the)6.233 F F0
+(MailBoxDatabase)3.733 E F1 3.733(option. This)3.733 F 1.233
+(is required to get \231.forw)3.733 F(ard\232)-.1 E(capability)122 623.4
+Q(.)-.65 E 10.56(WI)102 639.6 S(gnore long term host status information\
+ \(see Section "Persistent Host Status Information"\).)-10.56 E 7.5
+(x\207 This)102 655.8 R(mailer w)2.5 E
+(ants a \231Full-Name:\232 header line.)-.1 E 12.78(XT)102 672 S .512
+(his mailer w)-12.78 F .512(ants to use the hidden dot algorithm as spe\
+ci\214ed in RFC 821; basically)-.1 F 3.011(,a)-.65 G .811 -.15(ny l)
+-3.011 H(ine).15 E(be)122 684 Q .796(ginning with a dot will ha)-.15 F
+1.096 -.15(ve a)-.2 H 3.296(ne).15 G .797
+(xtra dot prepended \(to be stripped at the other end\).)-3.446 F(This)
+5.797 E(insures that lines in the message containing a dot will not ter\
+minate the message prematurely)122 696 Q(.)-.65 E 15.56(zR)102 712.2 S
+.965(un Local Mail T)-15.56 F .965(ransfer Protocol \(LMTP\) between)
+-.35 F F2(sendmail)3.465 E F1 .965(and the local mailer)3.465 F 5.965
+(.T)-.55 G .965(his is a)-5.965 F -.25(va)122 724.2 S 1.752(riant on SM\
+TP de\214ned in RFC 2033 that is speci\214cally designed for deli).25 F
+-.15(ve)-.25 G 1.752(ry to a local).15 F 0 Cg EP
%%Page: 59 55
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3539>195.86 E
-/F1 10/Times-Roman@0 SF .942<992a8c6c652a9a2c20616e6420992a696e636c7564
-652a9a206d61792062652064658c6e656420746f2074756e65207468652064656c69>102
-96 R -.15<7665>-.25 G .942<7279206f66206d6573736167657320746f2070726f67
-72616d732c208c6c65732c20616e64>.15 F
-<3a696e636c7564653a206c69737473207265737065637469>102 108 Q -.15<7665>
--.25 G<6c79>.15 E 5<2e54>-.65 G<6865>-5 E 2.5<7964>-.15 G<6566>-2.5 E
-<61756c7420746f3a>-.1 E<4d70726f672c20503d2f62696e2f73682c20463d6c736f44
-71392c20543d444e532f5246433832322f582d556e69782c20413d736820ad63202475>
-142 124.2 Q<4d2a8c6c652a2c20503d5b46494c455d2c20463d6c7344464d50456f7571
-392c20543d444e532f5246433832322f582d556e69782c20413d46494c45202475>142
-136.2 Q<4d2a696e636c7564652a2c20503d2f6465>142 148.2 Q
-<762f6e756c6c2c20463d73752c20413d494e434c554445202475>-.25 E .466<427569
-6c74696e20706174686e616d657320617265205b46494c455d20616e64205b4950435d2c
-2074686520666f726d6572206973207573656420666f722064656c69>127 168.6 R
--.15<7665>-.25 G .467
-<727920746f208c6c65732c20746865206c617474657220666f72>.15 F<64656c69>102
-180.6 Q -.15<7665>-.25 G .12
-<72792076696120696e74657270726f6365737320636f6d6d756e69636174696f6e2e>
-.15 F -.15<466f>5.12 G 2.62<726d>.15 G .12<61696c6572732074686174207573
-65205b4950435d20617320706174686e616d6520746865206172>-2.62 F .12
-<67756d656e742076>-.18 F<65632d>-.15 E .761<746f722028413d29206d75737420
-7374617274207769746820544350206f722046494c4520666f722064656c69>102 192.6
-R -.15<7665>-.25 G .761
-<727920766961206120544350206f72206120556e697820646f6d61696e20736f636b>
-.15 F 3.261<65742e204966>-.1 F .761<544350206973>3.261 F .11
-<757365642c20746865207365636f6e64206172>102 204.6 R .109<67756d656e7420
-6d75737420626520746865206e616d65206f662074686520686f737420746f20636f6e74
-6163742e>-.18 F .109<4f7074696f6e616c6c792061207468697264206172>5.109 F
-.109<67756d656e742063616e>-.18 F .575
-<6265207573656420746f2073706563696679206120706f72742c2074686520646566>
-102 216.6 R .576<61756c7420697320736d74702028706f7274203235292e>-.1 F
-.576<49662046494c4520697320757365642c20746865207365636f6e64206172>5.576
-F .576<67756d656e74206d757374>-.18 F
-<626520746865206e616d65206f662074686520556e697820646f6d61696e20736f636b>
-102 228.6 Q<65742e>-.1 E .669<496620746865206172>127 244.8 R .669
-<67756d656e742076>-.18 F .669
-<6563746f7220646f6573206e6f7420636f6e7461696e202475207468656e>-.15 F/F2
-10/Times-Italic@0 SF<73656e646d61696c>3.169 E F1 .668
-<77696c6c20737065616b20534d545020286f72204c4d545020696620746865>3.169 F<
-6d61696c6572208d6167207a2069732073706563698c65642920746f20746865206d6169
-6c6572>102 256.8 Q<2e>-.55 E<4966206e6f20456f6c208c656c642069732064658c
-6e65642c207468656e2074686520646566>127 273 Q<61756c7420697320225c725c6e
-2220666f7220534d5450206d61696c65727320616e6420225c6e22206f66206f74686572
-732e>-.1 E .615<5468652053656e64657220616e6420526563697069656e74207265>
-127 289.2 R .615<77726974696e672073657473206d61792065697468657220626520
-612073696d706c652072756c65736574206964206f72206d6179206265207477>-.25 F
-3.116<6f69>-.1 G<6473>-3.116 E .576<736570617261746564206279206120736c61
-73683b20696620736f2c20746865208c727374207265>102 301.2 R .575
-<77726974696e6720736574206973206170706c69656420746f20656e>-.25 F -.15
-<7665>-.4 G .575
-<6c6f70652061646472657373657320616e6420746865207365636f6e64206973>.15 F
-<6170706c69656420746f20686561646572732e>102 313.2 Q
-<53657474696e6720616e>5 E 2.5<7976>-.15 G<616c756520746f207a65726f206469
-7361626c657320636f72726573706f6e64696e67206d61696c6572>-2.75 E
-<2d73706563698c63207265>-.2 E<77726974696e672e>-.25 E .196<546865204469
-726563746f72792069732061637475616c6c79206120636f6c6f6e2d7365706172617465
-642070617468206f66206469726563746f7269657320746f20747279>127 329.4 R
-5.197<2e46>-.65 G .197<6f722065>-5.347 F .197
-<78616d706c652c207468652064658c6e692d>-.15 F .104
-<74696f6e2099443d247a3a2f9a208c72737420747269657320746f2065>102 341.4 R
--.15<7865>-.15 G .104<6375746520696e2074686520726563697069656e7427>.15 F
-2.604<7368>-.55 G .104
-<6f6d65206469726563746f72793b2069662074686174206973206e6f742061>-2.604 F
--.25<7661>-.2 G .103<696c61626c652c20697420747269657320746f>.25 F -.15
-<657865>102 353.4 S .816
-<6375746520696e2074686520726f6f74206f6620746865208c6c6573797374656d2e>
-.15 F .816<5468697320697320696e74656e64656420746f2062652075736564206f6e
-6c79206f6e20746865209970726f679a206d61696c6572>5.816 F 3.317<2c73>-.4 G
-<696e6365>-3.317 E .009<736f6d65207368656c6c73202873756368206173>102
-365.4 R F2<637368>2.509 E F1 2.509<2972>C .009<656675736520746f2065>
--2.509 F -.15<7865>-.15 G .009<6375746520696620746865>.15 F 2.509<7963>
--.15 G .009
-<616e6e6f742072656164207468652063757272656e74206469726563746f7279>-2.509
-F 5.008<2e53>-.65 G .008<696e636520746865207175657565>-5.008 F<64697265
-63746f7279206973206e6f74206e6f726d616c6c79207265616461626c6520627920756e
-707269>102 377.4 Q<76696c65>-.25 E<676564207573657273>-.15 E F2<637368>
-2.5 E F1<7363726970747320617320726563697069656e74732063616e2066>2.5 E
-<61696c2e>-.1 E 1.862
-<546865205573657269642073706563698c65732074686520646566>127 393.6 R
-1.863
-<61756c74207573657220616e642067726f757020696420746f2072756e2061732c206f>
--.1 F -.15<7665>-.15 G 1.863<72726964696e6720746865>.15 F F0
-<44656661756c7455736572>4.363 E F1 .098<6f7074696f6e2028712e76>102 405.6
-R 2.598<2e292e204966>-.65 F<746865>2.598 E F0<53>2.598 E F1 .098<6d6169
-6c6572208d616720697320616c736f2073706563698c65642c2074686973207573657220
-616e642067726f75702077696c6c2062652073657420617320746865206566>2.598 F
-<6665637469>-.25 E .398 -.15<76652075>-.25 H<6964>.15 E .693
-<616e642067696420666f72207468652070726f636573732e>102 417.6 R .694
-<54686973206d6179206265206769>5.693 F -.15<7665>-.25 G 3.194<6e61>.15 G
-<73>-3.194 E F2<757365723a6772>3.194 E<6f7570>-.45 E F1 .694<746f207365
-7420626f746820746865207573657220616e642067726f75702069643b20656974686572>
-3.194 F .127<6d617920626520616e20696e7465>102 429.6 R .127
-<676572206f7220612073796d626f6c6963206e616d6520746f206265206c6f6f6b>-.15
-F .127<656420757020696e20746865>-.1 F F2<706173737764>2.627 E F1<616e64>
-2.627 E F2<6772>2.627 E<6f7570>-.45 E F1 .126
-<8c6c6573207265737065637469>2.626 F -.15<7665>-.25 G<6c79>.15 E 5.126
-<2e49>-.65 G<66>-5.126 E .782<6f6e6c7920612073796d626f6c6963207573657220
-6e616d652069732073706563698c65642c207468652067726f757020696420696e207468
-65>102 441.6 R F2<706173737764>3.282 E F1 .782
-<8c6c6520666f7220746861742075736572206973207573656420617320746865>3.282
-F<67726f75702069642e>102 453.6 Q .545
-<5468652043686172736574208c656c642069732075736564207768656e20636f6e>127
-469.8 R -.15<7665>-.4 G .545<7274696e672061206d65737361676520746f204d49
-4d453b20746869732069732074686520636861726163746572207365742075736564>.15
-F .465<696e2074686520436f6e74656e742d54>102 481.8 R .465
-<7970653a20686561646572>-.8 F 5.465<2e49>-.55 G 2.965<6674>-5.465 G .465
-<686973206973206e6f74207365742c20746865>-2.965 F F0
-<44656661756c7443686172736574>2.966 E F1 .466
-<6f7074696f6e20697320757365642c20616e642069662074686174206973206e6f74>
-2.966 F .258<7365742c207468652076>102 493.8 R .258
-<616c75652099756e6b6e6f>-.25 F .258<776e2d386269749a20697320757365642e>
--.25 F F0 -1.2<5741>5.257 G<524e494e473a>1.2 E F1 .257
-<74686973208c656c64206170706c69657320746f207468652073656e64657227>2.757
-F 2.757<736d>-.55 G<61696c6572>-2.757 E 2.757<2c6e>-.4 G .257
-<6f7420746865>-2.757 F<726563697069656e7427>102 505.8 Q 2.701<736d>-.55
-G<61696c6572>-2.701 E 5.201<2e46>-.55 G .201<6f722065>-5.351 F .201
-<78616d706c652c2069662074686520656e>-.15 F -.15<7665>-.4 G .202<6c6f7065
-2073656e6465722061646472657373206c6973747320616e2061646472657373206f6e20
-746865206c6f63616c206e657477>.15 F<6f726b>-.1 E .48
-<616e642074686520726563697069656e74206973206f6e20616e2065>102 517.8 R
-.48<787465726e616c206e657477>-.15 F .48<6f726b2c207468652063686172616374
-6572207365742077696c6c206265207365742066726f6d2074686520436861727365743d
-208c656c6420666f72>-.1 F<746865206c6f63616c206e657477>102 529.8 Q
-<6f726b206d61696c6572>-.1 E 2.5<2c6e>-.4 G
-<6f742074686174206f66207468652065>-2.5 E<787465726e616c206e657477>-.15 E
-<6f726b206d61696c6572>-.1 E<2e>-.55 E .794<5468652054>127 546 R .795<79
-70653d208c656c64207365747320746865207479706520696e666f726d6174696f6e2075
-73656420696e204d494d45206572726f72206d657373616765732061732064658c6e6564
-20627920524643>-.8 F 2.805<313839342e204974>102 558 R .305
-<69732061637475616c6c792074687265652076>2.805 F .305
-<616c7565732073657061726174656420627920736c61736865733a20746865204d54>
--.25 F .305<412d747970652028746861742069732c2074686520646573637269707469
-6f6e206f6620686f>-.93 F<77>-.25 E .083<686f73747320617265206e616d656429
-2c20746865206164647265737320747970652028746865206465736372697074696f6e20
-6f6620652d6d61696c20616464726573736573292c20616e642074686520646961676e6f
-7374696320747970652028746865>102 570 R .143<6465736372697074696f6e206f66
-206572726f7220646961676e6f7374696320636f646573292e>102 582 R .143
-<45616368206f66207468657365206d7573742062652061207265>5.143 F .142
-<67697374657265642076>-.15 F .142<616c7565206f72206265>-.25 F .142
-<67696e2077697468209958ad9a2e>-.15 F<54686520646566>102 594 Q
-<61756c742069732099646e732f7266633832322f736d74709a2e>-.1 E 1.175<546865
-206d3d208c656c642073706563698c657320746865206d6178696d756d206e756d626572
-206f66206d6573736167657320746f20617474656d707420746f2064656c69>127 610.2
-R -.15<7665>-.25 G 3.675<726f>.15 G 3.675<6e6173>-3.675 G<696e676c65>
--3.675 E<534d5450206f72204c4d545020636f6e6e656374696f6e2e>102 622.2 Q
-<54686520646566>5 E<61756c7420697320696e8c6e6974652e>-.1 E 1.545<546865
-20723d208c656c642073706563698c657320746865206d6178696d756d206e756d626572
-206f6620726563697069656e747320746f20617474656d707420746f2064656c69>127
-638.4 R -.15<7665>-.25 G 4.045<7269>.15 G 4.045<6e6173>-4.045 G
-<696e676c65>-4.045 E<656e>102 650.4 Q -.15<7665>-.4 G 2.5
-<6c6f70652e204974>.15 F<646566>2.5 E<61756c747320746f203130302e>-.1 E
-1.052<546865202f3d208c656c642073706563698c65732061206e65>127 666.6 R
-3.552<7772>-.25 G 1.052
-<6f6f74206469726563746f727920666f7220746865206d61696c6572>-3.552 F 6.052
-<2e54>-.55 G 1.052<68652070617468206973206d6163726f2065>-6.052 F 1.052
-<7870616e64656420616e64>-.15 F .512<7468656e2070617373656420746f20746865
-20996368726f6f749a2073797374656d2063616c6c2e>102 678.6 R .512<5468652072
-6f6f74206469726563746f7279206973206368616e676564206265666f72652074686520
-4469726563746f7279208c656c64206973>5.512 F
-<636f6e73756c746564206f722074686520756964206973206368616e6765642e>102
-690.6 Q .56<5468652057>127 706.8 R .56<6169743d208c656c642073706563698c
-657320746865206d6178696d756d2074696d6520746f2077>-.8 F .561<61697420666f
-7220746865206d61696c657220746f2072657475726e2061667465722073656e64696e67
-20616c6c>-.1 F<6461746120746f2069742e>102 718.8 Q
-<54686973206170706c69657320746f206d61696c6572732074686174206861>5 E .3
--.15<76652062>-.2 H<65656e20666f726b>.15 E<6564206279>-.1 E F2
-<73656e646d61696c>2.5 E F1<2e>A 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-59)195.86 E/F1 10/Times-Roman@0 SF(mailbox.)122 96 Q 13.89(ZA)
+102 112.2 S(pply DialDelay \(if set\) to this mailer)-13.89 E(.)-.55 E
+15(0D)102 128.4 S(on')-15 E 3.607(tl)-.18 G 1.106
+(ook up MX records for hosts sent via SMTP/LMTP)-3.607 F 6.106(.D)-1.11
+G 3.606(on)-6.106 G 1.106(ot apply)-3.606 F F0 -.25(Fa)3.606 G
+(llbackMXhost).25 E F1(either)122 140.4 Q(.)-.55 E 15(1D)102 156.6 S
+(on')-15 E 2.5(ts)-.18 G(end null characters \('\\0'\) to this mailer)
+-2.5 E(.)-.55 E 15(2D)102 172.8 S(on')-15 E 3.032(tu)-.18 G .532
+(se ESMTP e)-3.032 F -.15(ve)-.25 G 3.032(ni).15 G 3.032(fo)-3.032 G
+-.25(ff)-3.032 G .532(ered; this is useful for brok).25 F .533
+(en systems that of)-.1 F .533(fer ESMTP b)-.25 F .533(ut f)-.2 F(ail)
+-.1 E(on EHLO \(without reco)122 184.8 Q -.15(ve)-.15 G
+(ring when HELO is tried ne).15 E(xt\).)-.15 E 15(3E)102 201 S .002
+(xtend the list of characters con)-15 F -.15(ve)-.4 G .001
+(rted to =XX notation when con).15 F -.15(ve)-.4 G .001
+(rting to Quoted-Printable to).15 F .977(include those that don')122 213
+R 3.478(tm)-.18 G .978(ap cleanly between ASCII and EBCDIC.)-3.478 F
+.978(Useful if you ha)5.978 F 1.278 -.15(ve I)-.2 H(BM).15 E
+(mainframes on site.)122 225 Q 15(5I)102 241.2 S 2.717(fn)-15 G 2.717
+(oa)-2.717 G .217(liases are found for this address, pass the address t\
+hrough ruleset 5 for possible alternate)-2.717 F 2.5(resolution. This)
+122 253.2 R(is intended to forw)2.5 E(ard the mail to an alternate deli)
+-.1 E -.15(ve)-.25 G(ry spot.).15 E 15(6S)102 269.4 S
+(trip headers to se)-15 E -.15(ve)-.25 G 2.5(nb).15 G(its.)-2.5 E 15(7S)
+102 285.6 S 1.14(trip all output to se)-15 F -.15(ve)-.25 G 3.64(nb).15
+G 3.64(its. This)-3.64 F 1.14(is the def)3.64 F 1.141(ault if the)-.1 F
+F0(L)3.641 E F1 1.141(\215ag is set.)3.641 F 1.141
+(Note that clearing this)6.141 F .295(option is not suf)122 297.6 R .295
+(\214cient to get full eight bit data passed through)-.25 F/F2 10
+/Times-Italic@0 SF(sendmail)2.795 E F1 5.295(.I)C 2.795(ft)-5.295 G(he)
+-2.795 E F0(7)2.795 E F1 .295(option is set,)2.795 F .716
+(this is essentially al)122 309.6 R -.1(wa)-.1 G .717
+(ys set, since the eighth bit w).1 F .717(as stripped on input.)-.1 F
+.717(Note that this option)5.717 F(will only impact messages that didn')
+122 321.6 Q 2.5(th)-.18 G -2.25 -.2(av e)-2.5 H(8)2.7 E/F3 10/Symbol SF
+<ae>A F1 2.5(7b)C(it MIME con)-2.5 E -.15(ve)-.4 G(rsions performed.).15
+E 15(8I)102 337.8 S 3.783(fs)-15 G 1.283(et, it is acceptable to send e\
+ight bit data to this mailer; the usual attempt to do 8)-3.783 F F3<ae>A
+F1 3.782(7b)C(it)-3.782 E(MIME con)122 349.8 Q -.15(ve)-.4 G
+(rsions will be bypassed.).15 E 15(9I)102 366 S 2.704(fs)-15 G .204
+(et, do)-2.704 F F2(limited)2.704 E F1(7)2.704 E F3<ae>A F1 2.704(8b)C
+.204(it MIME con)-2.704 F -.15(ve)-.4 G 2.704(rsions. These).15 F(con)
+2.704 E -.15(ve)-.4 G .205(rsions are limited to te).15 F .205
+(xt/plain data.)-.15 F 17.22(:C)102 382.2 S .982
+(heck addresses to see if the)-17.22 F 3.482(yb)-.15 G -.15(eg)-3.482 G
+.982(in \231:include:\232; if the).15 F 3.482(yd)-.15 G .982(o, con)
+-3.482 F -.15(ve)-.4 G .982(rt them to the \231*include*\232).15 F
+(mailer)122 394.2 Q(.)-.55 E 18(|C)102 410.4 S
+(heck addresses to see if the)-18 E 2.5(yb)-.15 G -.15(eg)-2.5 G
+(in with a `|'; if the).15 E 2.5(yd)-.15 G(o, con)-2.5 E -.15(ve)-.4 G
+(rt them to the \231prog\232 mailer).15 E(.)-.55 E 17.22(/C)102 426.6 S
+(heck addresses to see if the)-17.22 E 2.5(yb)-.15 G -.15(eg)-2.5 G
+(in with a `/'; if the).15 E 2.5(yd)-.15 G(o, con)-2.5 E -.15(ve)-.4 G
+(rt them to the \231*\214le*\232 mailer).15 E(.)-.55 E 10.79(@L)102
+442.8 S(ook up addresses in the user database.)-10.79 E 11.67(%D)102 459
+S 3.868(on)-11.67 G 1.368(ot attempt deli)-3.868 F -.15(ve)-.25 G 1.369
+(ry on initial receipt of a message or on queue runs unless the queued)
+.15 F(message is selected using one of the -qI/-qR/-qS queue run modi\
+\214ers or an ETRN request.)122 471 Q 16.67(!D)102 487.2 S 1.29
+(isable an MH hack that drops an e)-16.67 F 1.289
+(xplicit From: header if it is the same as what sendmail)-.15 F -.1(wo)
+122 499.2 S(uld generate.).1 E .267(Con\214guration \214les prior to le)
+127 515.4 R -.15(ve)-.25 G 2.768(l6a).15 G .268(ssume the `)-2.768 F
+-1.11(A')-.8 G 2.768(,`)1.11 G .268
+(w', `5', `:', `|', `/', and `@' options on the)-2.768 F
+(mailer named \231local\232.)102 527.4 Q .306(The mailer with the speci\
+al name \231error\232 can be used to generate a user error)127 543.6 R
+5.305(.T)-.55 G .305(he \(optional\))-5.305 F .323(host \214eld is an e)
+102 555.6 R .323(xit status to be returned, and the user \214eld is a m\
+essage to be printed.)-.15 F .324(The e)5.324 F .324(xit sta-)-.15 F
+.891(tus may be numeric or one of the v)102 567.6 R .891(alues USA)-.25
+F .891(GE, NOUSER, NOHOST)-.4 F 3.39(,U)-.74 G -.35(NA)-3.39 G -1.35(VA)
+-1 G .89(ILABLE, SOFT)1.35 F(-)-.92 E -1.2(WA)102 579.6 S 1.141
+(RE, TEMPF)1.2 F 1.141(AIL, PR)-.74 F -1.88 -.4(OT O)-.4 H 1.141
+(COL, or CONFIG to return the corresponding EX_ e).4 F 1.142
+(xit code, or an)-.15 F .288
+(enhanced error code as described in RFC 1893,)102 591.6 R F2 .288
+(Enhanced Mail System Status Codes.)2.788 F F1 -.15(Fo)5.287 G 2.787(re)
+.15 G(xample,)-2.937 E(the entry:)102 603.6 Q
+($#error $@ NOHOST $: Host unkno)142 619.8 Q(wn in this domain)-.25 E
+.145(on the RHS of a rule will cause the speci\214ed error to be genera\
+ted and the \231Host unkno)102 636 R .146(wn\232 e)-.25 F .146(xit sta-)
+-.15 F .491(tus to be returned if the LHS matches.)102 648 R .491
+(This mailer is only functional in rulesets 0, 5, or one of the)5.491 F
+1.81(check_* rulesets.)102 660 R 1.81
+(The host \214eld can also contain the special tok)6.81 F(en)-.1 E F0
+(quarantine)4.31 E F1 1.81(which instructs)4.31 F
+(sendmail to quarantine the current message.)102 672 Q .257
+(The mailer with the special name \231discard\232 causes an)127 688.2 R
+2.756(ym)-.15 G .256(ail sent to it to be discarded b)-2.756 F .256
+(ut oth-)-.2 F 1.313(erwise treated as though it were successfully deli)
+102 700.2 R -.15(ve)-.25 G 3.813(red. This).15 F 1.314
+(mailer cannot be used in ruleset 0,)3.813 F(only in the v)102 712.2 Q
+(arious address checking rulesets.)-.25 E 0 Cg EP
%%Page: 60 56
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d36302053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 1.164<546865205175657565>127 96 R 1.164
-<67726f75703d208c656c642073706563698c65732074686520646566>-.15 F 1.164
-<61756c742071756575652067726f757020696e207768696368207265636569>-.1 F
--.15<7665>-.25 G 3.664<646d>.15 G 1.163<61696c2073686f756c64206265>
--3.664 F 2.848<7175657565642e2054686973>102 108 R .348<63616e206265206f>
-2.848 F -.15<7665>-.15 G .349
-<7272696464656e206279206f74686572206d65616e732061732065>.15 F .349
-<78706c61696e656420696e2073656374696f6e2060>-.15 F .349
-<6051756575652047726f75707320616e64205175657565>-.74 F
-<4469726563746f7269657327>102 120 Q<272e>-.74 E F0 2.5<352e352e2048>87
-144 R 2.5<8a44>2.5 G<658c6e6520486561646572>-2.5 E F1 1.136
-<54686520666f726d6174206f662074686520686561646572206c696e65732074686174>
-127 160.2 R/F2 10/Times-Italic@0 SF<73656e646d61696c>3.636 E F1 1.135<69
-6e736572747320696e746f20746865206d657373616765206172652064658c6e65642062
-7920746865>3.636 F F0<48>3.635 E F1 2.5<6c696e652e20546865>102 172.2 R<
-73796e746178206f662074686973206c696e65206973206f6e65206f662074686520666f
-6c6c6f>2.5 E<77696e673a>-.25 E F0<48>142 188.4 Q F2<686e616d65>A F0<3a>A
-F2<6874656d706c617465>2.5 E F0<48>142 208.8 Q F1<5b>A F0<3f>A F2<6d8d61>
-A<6773>-.1 E F0<3f5d>A F2<686e616d65>A F0<3a>A F2<6874656d706c617465>2.5
-E F0<48>142 229.2 Q F1<5b>A F0<3f24>A F2<7b6d616372>A<6f7d>-.45 E F0
-<3f5d>A F2<686e616d65>A F0<3a>A F2<6874656d706c617465>2.5 E F1 1.058<43
-6f6e74696e756174696f6e206c696e657320696e20746869732073706563206172652072
-658d6563746564206469726563746c7920696e746f20746865206f7574676f696e67206d
-6573736167652e>102 245.4 R<546865>6.058 E F2<6874656d706c617465>3.558 E
-F1<6973>3.558 E<6d6163726f2d65>102 257.4 Q 1.12<7870616e646564206265666f
-726520696e73657274696f6e20696e746f20746865206d6573736167652e>-.15 F 1.12
-<496620746865>6.12 F F2<6d8d61>3.62 E<6773>-.1 E F1 1.12
-<28737572726f756e646564206279207175657374696f6e206d61726b7329>3.62 F
-.161<6172652073706563698c65642c206174206c65617374206f6e65206f6620746865
-2073706563698c6564208d616773206d7573742062652073746174656420696e20746865
-206d61696c65722064658c6e6974696f6e20666f72207468697320686561646572>102
-269.4 R .858<746f206265206175746f6d61746963616c6c79206f75747075742e>102
-281.4 R .858<49662061>5.858 F F2<247b6d616372>3.358 E<6f7d>-.45 E F1
-.858<28737572726f756e646564206279207175657374696f6e206d61726b7329206973
-2073706563698c65642c2074686520686561646572>3.358 F 1.264<77696c6c206265
-206175746f6d61746963616c6c79206f757470757420696620746865206d6163726f2069
-73207365742e>102 293.4 R 1.264
-<546865206d6163726f206d617920626520736574207573696e6720616e>6.264 F
-3.764<796f>-.15 G 3.764<6674>-3.764 G 1.264<6865206e6f726d616c>-3.764 F
-.233<6d6574686f64732c20696e636c7564696e67207573696e6720746865>102 305.4
-R F0<6d616372>2.733 E<6f>-.18 E F1 .232
-<73746f72616765206d617020696e20612072756c657365742e>2.732 F .232<496620
-6f6e65206f66207468657365206865616465727320697320696e2074686520696e707574>
-5.232 F .124
-<69742069732072658d656374656420746f20746865206f7574707574207265>102
-317.4 R -.05<6761>-.15 G .124
-<72646c657373206f66207468657365208d616773206f72206d6163726f732e>.05 F
-.125<4e6f746963653a2049662061>5.125 F F2<247b6d616372>2.625 E<6f7d>-.45
-E F1 .125<6973207573656420746f207365742061>2.625 F<686561646572>102
-329.4 Q 4.309<2c74>-.4 G 1.809<68656e2069742069732075736566756c20746f20
-6164642074686174206d6163726f20746f20636c617373>-4.309 F F2<243d7b706572>
-4.308 E<73697374656e744d616372>-.1 E<6f737d>-.45 E F1 1.808
-<776869636820636f6e7369737473206f6620746865>4.308 F
-<6d6163726f7320746861742073686f756c64206265207361>102 341.4 Q -.15<7665>
--.2 G 2.5<6461>.15 G<63726f73732071756575652072756e732e>-2.5 E
-<536f6d652068656164657273206861>127 357.6 Q .3 -.15<76652073>-.2 H<7065
-6369616c2073656d616e7469637320746861742077696c6c206265206465736372696265
-64206c61746572>.15 E<2e>-.55 E 2.71<4173>127 373.8 S .21
-<65636f6e646172792073796e74617820616c6c6f>-2.71 F .21<77732076>-.25 F
-.211<616c69646174696f6e206f66206865616465727320617320746865>-.25 F 2.711
-<7961>-.15 G .211<7265206265696e6720726561642e>-2.711 F 1.811 -.8
-<546f2065>5.211 H .211<6e61626c652076>.8 F<616c69646174696f6e2c>-.25 E
-<7573653a>102 385.8 Q F0<48>142 402 Q F2<486561646572>A F0 2.5<3a24>C
-<3e>-2.5 E F2<52756c65736574>A F0<48>142 414 Q F2<486561646572>A F0 2.5
-<3a24>C<3e2b>-2.5 E F2<52756c65736574>A F1 .265
-<54686520696e64696361746564>102 430.2 R F2<52756c65736574>2.765 E F1
-.265<69732063616c6c656420666f72207468652073706563698c6564>2.765 F F2
-<486561646572>2.765 E F1 2.765<2c61>C .265<6e642063616e2072657475726e>
--2.765 F F0<2423657272>2.765 E<6f72>-.18 E F1 .265
-<746f2072656a656374206f722071756172616e2d>2.765 F 1.304
-<74696e6520746865206d657373616765206f72>102 442.2 R F0
-<242364697363617264>3.804 E F1 1.304<746f206469736361726420746865206d65
-737361676520286173207769746820746865206f74686572>3.804 F F0
-<636865636b5f>3.804 E F1 3.804<2a72>C 3.804<756c6573657473292e20546865>
--3.804 F 3.176<72756c65736574207265636569>102 454.2 R -.15<7665>-.25 G
-5.676<7374>.15 G 3.176
-<686520686561646572208c656c642d626f6479206173206172>-5.676 F 3.175<6775
-6d656e742c20692e652e2c206e6f742074686520686561646572208c656c642d6e616d65
-3b2073656520616c736f>-.18 F .629
-<247b6864725f6e616d657d20616e6420247b637572724865616465727d2e>102 466.2
-R .629<5468652068656164657220697320747265617465642061732061207374727563
-7475726564208c656c642c20746861742069732c207465>5.629 F .63
-<787420696e20706172656e2d>-.15 F .337<7468657365732069732064656c65746564
-206265666f72652070726f63657373696e672c20756e6c65737320746865207365636f6e
-6420666f726d>102 478.2 R F0<243e2b>2.837 E F1 .337<697320757365642e>
-2.837 F .337<4e6f74653a206f6e6c79206f6e652072756c657365742063616e>5.337
-F<6265206173736f63696174656420776974682061206865616465723b>102 490.2 Q
-F2<73656e646d61696c>2.5 E F1<77696c6c2073696c656e746c792069676e6f726520
-6d756c7469706c6520656e74726965732e>2.5 E -.15<466f>127 506.4 S 2.5<7265>
-.15 G<78616d706c652c2074686520636f6e8c6775726174696f6e206c696e65733a>
--2.65 E<484d6573736167652d49643a20243e436865636b4d6573736167654964>142
-522.6 Q<53436865636b4d6573736167654964>142 546.6 Q<523c20242b204020242b>
-142 558.6 Q 11.06<3e24>5 G 2.5<404f>-11.06 G<4b>-2.5 E 52.83
-<52242a2024236572726f72>142 570.6 R<243a20496c6c65>2.5 E -.05<6761>-.15
-G 2.5<6c4d>.05 G<6573736167652d496420686561646572>-2.5 E -.1<776f>102
-586.8 S<756c642072656675736520616e>.1 E 2.5<796d>-.15 G<6573736167652074
-686174206861642061204d6573736167652d49643a20686561646572206f6620616e>
--2.5 E 2.5<796f>-.15 G 2.5<6674>-2.5 G<686520666f6c6c6f>-2.5 E
-<77696e6720666f726d733a>-.25 E<4d6573736167652d49643a203c3e>142 603 Q
-<4d6573736167652d49643a20736f6d65207465>142 615 Q<7874>-.15 E
-<4d6573736167652d49643a203c6c65>142 627 Q -.05<6761>-.15 G 2.5<6c74>.05
-G -.15<6578>-2.5 G<7440646f6d61696e3e2065>.15 E<787472612063727564>-.15
-E 3.068<4164>102 643.2 S<6566>-3.068 E .569<61756c742072756c657365742074
-6861742069732063616c6c656420666f72206865616465727320776869636820646f6e27>
--.1 F 3.069<7468>-.18 G -2.25 -.2<61762065>-3.069 H 3.069<6173>3.269 G
-.569
-<706563698c632072756c657365742064658c6e656420666f72207468656d2063616e>
--3.069 F<62652073706563698c65642062793a>102 655.2 Q F0<48>142 671.4 Q F2
-<2a>A F0 2.5<3a24>C<3e>-2.5 E F2<52756c65736574>A F1<6f72>102 687.6 Q F0
-<48>142 703.8 Q F2<2a>A F0 2.5<3a24>C<3e2b>-2.5 E F2<52756c65736574>A 0
-Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-60 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .468
+(The mailer named \231local\232)127 96 R/F2 10/Times-Italic@0 SF(must)
+2.968 E F1 .468(be de\214ned in e)2.968 F -.15(ve)-.25 G .468
+(ry con\214guration \214le.).15 F .468(This is used to deli)5.468 F -.15
+(ve)-.25 G(r).15 E .25(local mail, and is treated specially in se)102
+108 R -.15(ve)-.25 G .25(ral w).15 F 2.75(ays. Additionally)-.1 F 2.75
+(,t)-.65 G .25(hree other mailers named \231prog\232,)-2.75 F .942(\231\
+*\214le*\232, and \231*include*\232 may be de\214ned to tune the deli)
+102 120 R -.15(ve)-.25 G .942(ry of messages to programs, \214les, and)
+.15 F(:include: lists respecti)102 132 Q -.15(ve)-.25 G(ly).15 E 5(.T)
+-.65 G(he)-5 E 2.5(yd)-.15 G(ef)-2.5 E(ault to:)-.1 E
+(Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \255c $u)142
+148.2 Q
+(M*\214le*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u)142
+160.2 Q(M*include*, P=/de)142 172.2 Q(v/null, F=su, A=INCLUDE $u)-.25 E
+.466
+(Builtin pathnames are [FILE] and [IPC], the former is used for deli)127
+192.6 R -.15(ve)-.25 G .467(ry to \214les, the latter for).15 F(deli)102
+204.6 Q -.15(ve)-.25 G .12(ry via interprocess communication.).15 F -.15
+(Fo)5.12 G 2.62(rm).15 G .12(ailers that use [IPC] as pathname the ar)
+-2.62 F .12(gument v)-.18 F(ec-)-.15 E .761
+(tor \(A=\) must start with TCP or FILE for deli)102 216.6 R -.15(ve)
+-.25 G .761(ry via a TCP or a Unix domain sock).15 F 3.261(et. If)-.1 F
+.761(TCP is)3.261 F .11(used, the second ar)102 228.6 R .109
+(gument must be the name of the host to contact.)-.18 F .109
+(Optionally a third ar)5.109 F .109(gument can)-.18 F .575
+(be used to specify a port, the def)102 240.6 R .576
+(ault is smtp \(port 25\).)-.1 F .576(If FILE is used, the second ar)
+5.576 F .576(gument must)-.18 F(be the name of the Unix domain sock)102
+252.6 Q(et.)-.1 E .669(If the ar)127 268.8 R .669(gument v)-.18 F .669
+(ector does not contain $u then)-.15 F F2(sendmail)3.169 E F1 .668
+(will speak SMTP \(or LMTP if the)3.169 F
+(mailer \215ag z is speci\214ed\) to the mailer)102 280.8 Q(.)-.55 E
+(If no Eol \214eld is de\214ned, then the def)127 297 Q
+(ault is "\\r\\n" for SMTP mailers and "\\n" of others.)-.1 E .615
+(The Sender and Recipient re)127 313.2 R .615
+(writing sets may either be a simple ruleset id or may be tw)-.25 F
+3.116(oi)-.1 G(ds)-3.116 E .576
+(separated by a slash; if so, the \214rst re)102 325.2 R .575
+(writing set is applied to en)-.25 F -.15(ve)-.4 G .575
+(lope addresses and the second is).15 F(applied to headers.)102 337.2 Q
+(Setting an)5 E 2.5(yv)-.15 G
+(alue to zero disables corresponding mailer)-2.75 E(-speci\214c re)-.2 E
+(writing.)-.25 E .196
+(The Directory is actually a colon-separated path of directories to try)
+127 353.4 R 5.197(.F)-.65 G .197(or e)-5.347 F .197
+(xample, the de\214ni-)-.15 F .104
+(tion \231D=$z:/\232 \214rst tries to e)102 365.4 R -.15(xe)-.15 G .104
+(cute in the recipient').15 F 2.604(sh)-.55 G .104
+(ome directory; if that is not a)-2.604 F -.25(va)-.2 G .103
+(ilable, it tries to).25 F -.15(exe)102 377.4 S .816
+(cute in the root of the \214lesystem.).15 F .816
+(This is intended to be used only on the \231prog\232 mailer)5.816 F
+3.317(,s)-.4 G(ince)-3.317 E .009(some shells \(such as)102 389.4 R F2
+(csh)2.509 E F1 2.509(\)r)C .009(efuse to e)-2.509 F -.15(xe)-.15 G .009
+(cute if the).15 F 2.509(yc)-.15 G .009
+(annot read the current directory)-2.509 F 5.008(.S)-.65 G .008
+(ince the queue)-5.008 F(directory is not normally readable by unpri)102
+401.4 Q(vile)-.25 E(ged users)-.15 E F2(csh)2.5 E F1
+(scripts as recipients can f)2.5 E(ail.)-.1 E 1.862
+(The Userid speci\214es the def)127 417.6 R 1.863
+(ault user and group id to run as, o)-.1 F -.15(ve)-.15 G 1.863
+(rriding the).15 F F0(DefaultUser)4.363 E F1 .098(option \(q.v)102 429.6
+R 2.598(.\). If)-.65 F(the)2.598 E F0(S)2.598 E F1 .098(mailer \215ag i\
+s also speci\214ed, this user and group will be set as the ef)2.598 F
+(fecti)-.25 E .398 -.15(ve u)-.25 H(id).15 E .693
+(and gid for the process.)102 441.6 R .694(This may be gi)5.693 F -.15
+(ve)-.25 G 3.194(na).15 G(s)-3.194 E F2(user:gr)3.194 E(oup)-.45 E F1
+.694(to set both the user and group id; either)3.194 F .127
+(may be an inte)102 453.6 R .127(ger or a symbolic name to be look)-.15
+F .127(ed up in the)-.1 F F2(passwd)2.627 E F1(and)2.627 E F2(gr)2.627 E
+(oup)-.45 E F1 .126(\214les respecti)2.626 F -.15(ve)-.25 G(ly).15 E
+5.126(.I)-.65 G(f)-5.126 E .782
+(only a symbolic user name is speci\214ed, the group id in the)102 465.6
+R F2(passwd)3.282 E F1 .782(\214le for that user is used as the)3.282 F
+(group id.)102 477.6 Q .545(The Charset \214eld is used when con)127
+493.8 R -.15(ve)-.4 G .545
+(rting a message to MIME; this is the character set used).15 F .465
+(in the Content-T)102 505.8 R .465(ype: header)-.8 F 5.465(.I)-.55 G
+2.965(ft)-5.465 G .465(his is not set, the)-2.965 F F0(DefaultCharset)
+2.966 E F1 .466(option is used, and if that is not)2.966 F .258
+(set, the v)102 517.8 R .258(alue \231unkno)-.25 F .258
+(wn-8bit\232 is used.)-.25 F F0 -1.2(WA)5.257 G(RNING:)1.2 E F1 .257
+(this \214eld applies to the sender')2.757 F 2.757(sm)-.55 G(ailer)
+-2.757 E 2.757(,n)-.4 G .257(ot the)-2.757 F(recipient')102 529.8 Q
+2.701(sm)-.55 G(ailer)-2.701 E 5.201(.F)-.55 G .201(or e)-5.351 F .201
+(xample, if the en)-.15 F -.15(ve)-.4 G .202
+(lope sender address lists an address on the local netw).15 F(ork)-.1 E
+.48(and the recipient is on an e)102 541.8 R .48(xternal netw)-.15 F .48
+(ork, the character set will be set from the Charset= \214eld for)-.1 F
+(the local netw)102 553.8 Q(ork mailer)-.1 E 2.5(,n)-.4 G
+(ot that of the e)-2.5 E(xternal netw)-.15 E(ork mailer)-.1 E(.)-.55 E
+.794(The T)127 570 R .795(ype= \214eld sets the type information used i\
+n MIME error messages as de\214ned by RFC)-.8 F 2.805(1894. It)102 582 R
+.305(is actually three v)2.805 F .305
+(alues separated by slashes: the MT)-.25 F .305
+(A-type \(that is, the description of ho)-.93 F(w)-.25 E .083(hosts are\
+ named\), the address type \(the description of e-mail addresses\), and\
+ the diagnostic type \(the)102 594 R .143
+(description of error diagnostic codes\).)102 606 R .143
+(Each of these must be a re)5.143 F .142(gistered v)-.15 F .142
+(alue or be)-.25 F .142(gin with \231X\255\232.)-.15 F(The def)102 618 Q
+(ault is \231dns/rfc822/smtp\232.)-.1 E 1.175(The m= \214eld speci\214e\
+s the maximum number of messages to attempt to deli)127 634.2 R -.15(ve)
+-.25 G 3.675(ro).15 G 3.675(nas)-3.675 G(ingle)-3.675 E
+(SMTP or LMTP connection.)102 646.2 Q(The def)5 E(ault is in\214nite.)
+-.1 E 1.545(The r= \214eld speci\214es the maximum number of recipients\
+ to attempt to deli)127 662.4 R -.15(ve)-.25 G 4.045(ri).15 G 4.045(nas)
+-4.045 G(ingle)-4.045 E(en)102 674.4 Q -.15(ve)-.4 G 2.5(lope. It).15 F
+(def)2.5 E(aults to 100.)-.1 E 1.052(The /= \214eld speci\214es a ne)127
+690.6 R 3.552(wr)-.25 G 1.052(oot directory for the mailer)-3.552 F
+6.052(.T)-.55 G 1.052(he path is macro e)-6.052 F 1.052(xpanded and)-.15
+F .512(then passed to the \231chroot\232 system call.)102 702.6 R .512
+(The root directory is changed before the Directory \214eld is)5.512 F
+(consulted or the uid is changed.)102 714.6 Q 0 Cg EP
%%Page: 61 57
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3631>195.86 E
-2.5<352e362e204f>87 96 R 2.5<8a53>2.5 G<6574204f7074696f6e>-2.5 E/F1 10
-/Times-Roman@0 SF .963<5468657265206172652061206e756d626572206f6620676c
-6f62616c206f7074696f6e7320746861742063616e206265207365742066726f6d206120
-636f6e8c6775726174696f6e208c6c652e>127 112.2 R .962
-<4f7074696f6e7320617265>5.962 F .86
-<726570726573656e7465642062792066756c6c2077>102 124.2 R .86<6f7264733b20
-736f6d652061726520616c736f20726570726573656e7461626c652061732073696e676c
-65206368617261637465727320666f72206261636b20636f6d7061746962696c697479>
--.1 F<2e>-.65 E<5468652073796e746178206f662074686973206c696e652069733a>
-102 136.2 Q F0<4f>142 152.4 Q/F2 10/Times-Italic@0 SF<6f7074696f6e>7.5 E
-F0<3d>A F2<76616c7565>A F1 .563<546869732073657473206f7074696f6e>102
-168.6 R F2<6f7074696f6e>3.062 E F1 .562<746f206265>3.062 F F2
-<76616c7565>3.062 E F1 5.562<2e4e>C .562<6f74652074686174207468657265>
--5.562 F F2<6d757374>3.062 E F1 .562<6265206120737061636520626574776565
-6e20746865206c657474657220604f2720616e6420746865>3.062 F
-<6e616d65206f6620746865206f7074696f6e2e>102 180.6 Q
-<416e206f6c6465722076>5 E<657273696f6e2069733a>-.15 E F0<4f>142 196.8 Q
-F2 1.666<6f76>C<616c7565>-1.666 E F1 .13
-<776865726520746865206f7074696f6e>102 213 R F2<6f>2.63 E F1 .13
-<697320612073696e676c6520636861726163746572>2.63 F 5.13<2e44>-.55 G .13
-<6570656e64696e67206f6e20746865206f7074696f6e2c>-5.13 F F2<76616c7565>
-2.63 E F1 .13<6d6179206265206120737472696e672c20616e20696e7465>2.63 F
-<676572>-.15 E<2c>-.4 E 2.5<6162>102 225 S
-<6f6f6c65616e202877697468206c65>-2.5 E -.05<6761>-.15 G 2.5<6c76>.05 G<
-616c7565732099749a2c2099549a2c2099669a2c206f722099469a3b2074686520646566>
--2.75 E<61756c74206973205452>-.1 E
-<5545292c206f7220612074696d6520696e74657276>-.4 E<616c2e>-.25 E 1.164<41
-6c6c208c6c656e616d6573207573656420696e206f7074696f6e732073686f756c642062
-65206162736f6c7574652070617468732c20692e652e2c207374617274696e6720776974
-6820272f272e>127 241.2 R<52656c617469>6.164 E 1.464 -.15<7665208c>-.25 H
-<6c652d>.15 E<6e616d6573206d6f7374206c696b>102 253.2 Q<656c792063617573
-652073757270726973657320647572696e67206f7065726174696f6e2028756e6c657373
-206f7468657277697365206e6f746564292e>-.1 E<546865206f7074696f6e73207375
-70706f7274656420287769746820746865206f6c642c206f6e6520636861726163746572
-206e616d657320696e20627261636b>127 269.4 Q<65747329206172653a>-.1 E
-<416c69617346696c653d>102 285.6 Q F2<737065632c20737065632c202e2e2e>A F1
-.182
-<5b415d205370656369667920706f737369626c6520616c696173208c6c652873292e>
-174 297.6 R<45616368>5.182 E F2<73706563>2.682 E F1 .183
-<73686f756c6420626520696e2074686520666f726d61742060>2.682 F<60>-.74 E F2
-<636c617373>A F0<3a>A F2<696e666f>2.683 E F1 -.74<2727>C<7768657265>174
-309.6 Q F2<636c617373>3.031 E F0<3a>A F1 .531
-<6973206f7074696f6e616c20616e6420646566>3.031 F .531
-<61756c747320746f2060>-.1 F<60696d706c6963697427>-.74 E 3.031
-<272e204e6f7465>-.74 F<74686174>3.031 E F2<696e666f>3.031 E F1 .53
-<697320726571756972656420666f72>3.03 F<616c6c>174 321.6 Q F2<636c617373>
-3.524 E F1 1.024<65732065>B 1.024<786365707420996c6461709a2e>-.15 F -.15
-<466f>6.024 G 3.524<7274>.15 G 1.024
-<686520996c6461709a20636c6173732c206966>-3.524 F F2<696e666f>3.524 E F1
-1.025<6973206e6f742073706563698c65642c206120646566>3.524 F<61756c74>-.1
-E F2<696e666f>174 333.6 Q F1 -.25<7661>2.5 G
-<6c7565206973207573656420617320666f6c6c6f>.25 E<77733a>-.25 E
-<ad6b202826286f626a656374436c6173733d73656e646d61696c4d54>214 349.8 Q
-<41416c6961734f626a65637429>-.93 E<2873656e646d61696c4d54>226.5 361.8 Q
-<41416c6961734e616d653d616c696173657329>-.93 E
-<287c2873656e646d61696c4d54>226.5 373.8 Q -.4<4143>-.93 G
-<6c75737465723d247b73656e646d61696c4d54>.4 E -.4<4143>-.93 G
-<6c75737465727d29>.4 E<2873656e646d61696c4d54>231.5 385.8 Q
-<41486f73743d246a2929>-.93 E<2873656e646d61696c4d54>226.5 397.8 Q<414b>
--.93 E -.15<6579>-.25 G<3d25302929>.15 E<ad762073656e646d61696c4d54>214
-409.8 Q<41416c69617356>-.93 E<616c7565>-1.11 E 2.305
-<446570656e64696e67206f6e20686f>174 426 R<77>-.25 E F2<73656e646d61696c>
-4.805 E F1 2.305<697320636f6d70696c65642c2076>4.805 F 2.305
-<616c696420636c6173736573206172652099696d706c696369749a2028736561726368>
--.25 F 1.207<7468726f756768206120636f6d70696c65642d696e206c697374206f66
-20616c696173208c6c652074797065732c20666f72206261636b20636f6d706174696269
-6c697479292c2099686173689a20286966>174 438 R/F3 9/Times-Roman@0 SF
-<4e45574442>174 450 Q F1 .496
-<69732073706563698c6564292c209962747265659a20286966>2.996 F F3
-<4e45574442>2.996 E F1 .496
-<69732073706563698c6564292c209964626d9a20286966>2.996 F F3<4e44424d>
-2.996 E F1 .496<69732073706563692d>2.996 F .201<8c6564292c2099737461629a
-2028696e7465726e616c2073796d626f6c207461626c65208a206e6f74206e6f726d616c
-6c79207573656420756e6c65737320796f75206861>174 462 R .501 -.15<7665206e>
--.2 H 2.701<6f6f>.15 G<74686572>-2.701 E 2.786<6461746162617365206c6f6f
-6b7570292c209973657175656e63659a202875736520612073657175656e6365206f6620
-6d61707320707265>174 474 R 2.785<76696f75736c79206465636c61726564292c>
--.25 F .638<996c6461709a20286966>174 486 R F3<4c44>3.138 E<41504d4150>
--.36 E F1 .638<69732073706563698c6564292c206f7220996e69739a20286966>
-3.138 F F3<4e4953>3.139 E F1 .639<69732073706563698c6564292e>3.139 F
-.639<49662061206c697374206f66>5.639 F F2<73706563>3.139 E F1<73>A
-<6172652070726f>174 498 Q<76696465642c>-.15 E F2<73656e646d61696c>2.5 E
-F1<7365617263686573207468656d20696e206f72646572>2.5 E<2e>-.55 E
-<416c69617357>102 514.2 Q<6169743d>-.8 E F2<74696d656f7574>A F1 .141
-<5b615d204966207365742c2077>174 526.2 R .141<61697420757020746f>-.1 F F2
-<74696d656f7574>2.641 E F1 .141<28756e69747320646566>2.641 F .14<61756c
-7420746f206d696e757465732920666f7220616e2099403a409a20656e74727920746f20
-65>-.1 F<78697374>-.15 E .517<696e2074686520616c696173206461746162617365
-206265666f7265207374617274696e672075702e>174 538.2 R .517
-<496620697420646f6573206e6f742061707065617220696e20746865>5.517 F F2
-<74696d656f7574>3.018 E F1<696e746572>3.018 E<2d>-.2 E -.25<7661>174
-550.2 S 2.5<6c69>.25 G<7373756520612077>-2.5 E<61726e696e672e>-.1 E
-<416c6c6f>102 566.4 Q<77426f67757348454c4f>-.25 E 1.104
-<5b6e6f2073686f7274206e616d655d204966207365742c20616c6c6f>174 578.4 R
-3.604<7748>-.25 G 1.104
-<454c4f20534d545020636f6d6d616e6473207468617420646f6e27>-3.604 F 3.604
-<7469>-.18 G 1.103<6e636c756465206120686f7374>-3.604 F 2.881
-<6e616d652e2053657474696e67>174 590.4 R .382<746869732076696f6c61746573
-2052464320313132332073656374696f6e20352e322e352c2062>2.881 F .382
-<7574206973206e656365737361727920746f20696e7465726f706572>-.2 F<2d>-.2 E
-.061<6174652077697468207365>174 602.4 R -.15<7665>-.25 G .061
-<72616c20534d545020636c69656e74732e>.15 F .061
-<496620746865726520697320612076>5.061 F .06
-<616c75652c206974206973207374696c6c20636865636b>-.25 F .06
-<656420666f72206c65>-.1 F<676974696d6163>-.15 E -.65<792e>-.15 G
-<417574684d6178426974733d>102 618.6 Q F2<4e>A F1 .697<5b6e6f2073686f7274
-206e616d655d204c696d697420746865206d6178696d756d20656e6372797074696f6e20
-737472656e67746820666f7220746865207365637572697479206c6179657220696e>
-5.24 F 1.318<534d54502041>174 630.6 R 1.318
-<55544820285341534c292e20446566>-.55 F 1.317
-<61756c7420697320657373656e7469616c6c7920756e6c696d697465642e>-.1 F
-1.317<5468697320616c6c6f>6.317 F 1.317<777320746f207475726e206f66>-.25 F
-<66>-.25 E .377
-<6164646974696f6e616c20656e6372797074696f6e20696e205341534c206966205354>
-174 642.6 R<4152>-.93 E .377<54544c5320697320616c726561647920656e637279
-7074696e672074686520636f6d6d756e692d>-.6 F .179
-<636174696f6e2c2062656361757365207468652065>174 654.6 R .179
-<78697374696e6720656e6372797074696f6e20737472656e6774682069732074616b>
--.15 F .179<656e20696e746f206163636f756e74207768656e2063686f6f732d>-.1 F
-.997<696e6720616e20616c676f726974686d20666f7220746865207365637572697479
-206c61796572>174 666.6 R 5.998<2e46>-.55 G .998<6f722065>-6.148 F .998
-<78616d706c652c206966205354>-.15 F<4152>-.93 E .998
-<54544c53206973207573656420616e64>-.6 F .437<7468652073796d6d6574726963
-2063697068657220697320334445532c207468656e2074686520746865206b>174 678.6
-R -.15<6579>-.1 G .437<6c656e6774682028696e206269747329206973203136382e>
-.15 F .437<48656e6365207365742d>5.437 F<74696e67>174 690.6 Q F0 -.5
-<4175>2.5 G<74684d617842697473>.5 E F1
-<746f203136382077696c6c2064697361626c6520616e>2.5 E 2.5<7965>-.15 G
-<6e6372797074696f6e20696e205341534c2e>-2.5 E -1.05
-<417574684d656368616e69736d73205b6e6f>102 706.8 R 2.672<73686f7274206e61
-6d655d204c697374206f662061757468656e7469636174696f6e206d656368616e69736d
-7320666f722041>5.172 F 2.672<5554482028736570617261746564206279>-.55 F
-2.853<737061636573292e20546865>174 718.8 R<616476>2.853 E .353<65727469
-736564206c697374206f662061757468656e7469636174696f6e206d656368616e69736d
-732077696c6c2062652074686520696e74657273656374696f6e>-.15 F 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-61)195.86 E/F1 10/Times-Roman@0 SF .56(The W)127 96 R .56
+(ait= \214eld speci\214es the maximum time to w)-.8 F .561
+(ait for the mailer to return after sending all)-.1 F(data to it.)102
+108 Q(This applies to mailers that ha)5 E .3 -.15(ve b)-.2 H(een fork)
+.15 E(ed by)-.1 E/F2 10/Times-Italic@0 SF(sendmail)2.5 E F1(.)A 1.164
+(The Queue)127 124.2 R 1.164(group= \214eld speci\214es the def)-.15 F
+1.164(ault queue group in which recei)-.1 F -.15(ve)-.25 G 3.664(dm).15
+G 1.163(ail should be)-3.664 F 2.848(queued. This)102 136.2 R .348
+(can be o)2.848 F -.15(ve)-.15 G .349(rridden by other means as e).15 F
+.349(xplained in section `)-.15 F .349(`Queue Groups and Queue)-.74 F
+(Directories')102 148.2 Q('.)-.74 E F0 2.5(5.5. H)87 172.2 R 2.5<8a44>
+2.5 G(e\214ne Header)-2.5 E F1 1.136
+(The format of the header lines that)127 188.4 R F2(sendmail)3.636 E F1
+1.135(inserts into the message are de\214ned by the)3.636 F F0(H)3.635 E
+F1 2.5(line. The)102 200.4 R(syntax of this line is one of the follo)2.5
+E(wing:)-.25 E F0(H)142 216.6 Q F2(hname)A F0(:)A F2(htemplate)2.5 E F0
+(H)142 237 Q F1([)A F0(?)A F2(m\215a)A(gs)-.1 E F0(?])A F2(hname)A F0(:)
+A F2(htemplate)2.5 E F0(H)142 257.4 Q F1([)A F0(?$)A F2({macr)A(o})-.45
+E F0(?])A F2(hname)A F0(:)A F2(htemplate)2.5 E F1 1.058(Continuation li\
+nes in this spec are re\215ected directly into the outgoing message.)102
+273.6 R(The)6.058 E F2(htemplate)3.558 E F1(is)3.558 E(macro-e)102 285.6
+Q 1.12(xpanded before insertion into the message.)-.15 F 1.12(If the)
+6.12 F F2(m\215a)3.62 E(gs)-.1 E F1 1.12
+(\(surrounded by question marks\))3.62 F .161(are speci\214ed, at least\
+ one of the speci\214ed \215ags must be stated in the mailer de\214niti\
+on for this header)102 297.6 R .858(to be automatically output.)102
+309.6 R .858(If a)5.858 F F2(${macr)3.358 E(o})-.45 E F1 .858
+(\(surrounded by question marks\) is speci\214ed, the header)3.358 F
+1.264(will be automatically output if the macro is set.)102 321.6 R
+1.264(The macro may be set using an)6.264 F 3.764(yo)-.15 G 3.764(ft)
+-3.764 G 1.264(he normal)-3.764 F .233(methods, including using the)102
+333.6 R F0(macr)2.733 E(o)-.18 E F1 .232(storage map in a ruleset.)2.732
+F .232(If one of these headers is in the input)5.232 F .124
+(it is re\215ected to the output re)102 345.6 R -.05(ga)-.15 G .124
+(rdless of these \215ags or macros.).05 F .125(Notice: If a)5.125 F F2
+(${macr)2.625 E(o})-.45 E F1 .125(is used to set a)2.625 F(header)102
+357.6 Q 4.309(,t)-.4 G 1.809
+(hen it is useful to add that macro to class)-4.309 F F2($={per)4.308 E
+(sistentMacr)-.1 E(os})-.45 E F1 1.808(which consists of the)4.308 F
+(macros that should be sa)102 369.6 Q -.15(ve)-.2 G 2.5(da).15 G
+(cross queue runs.)-2.5 E(Some headers ha)127 385.8 Q .3 -.15(ve s)-.2 H
+(pecial semantics that will be described later).15 E(.)-.55 E 2.71(As)
+127 402 S .21(econdary syntax allo)-2.71 F .21(ws v)-.25 F .211
+(alidation of headers as the)-.25 F 2.711(ya)-.15 G .211(re being read.)
+-2.711 F 1.811 -.8(To e)5.211 H .211(nable v).8 F(alidation,)-.25 E
+(use:)102 414 Q F0(H)142 430.2 Q F2(Header)A F0 2.5(:$)C(>)-2.5 E F2
+(Ruleset)A F0(H)142 442.2 Q F2(Header)A F0 2.5(:$)C(>+)-2.5 E F2
+(Ruleset)A F1 .265(The indicated)102 458.4 R F2(Ruleset)2.765 E F1 .265
+(is called for the speci\214ed)2.765 F F2(Header)2.765 E F1 2.765(,a)C
+.265(nd can return)-2.765 F F0($#err)2.765 E(or)-.18 E F1 .265
+(to reject or quaran-)2.765 F 1.304(tine the message or)102 470.4 R F0
+($#discard)3.804 E F1 1.304(to discard the message \(as with the other)
+3.804 F F0(check_)3.804 E F1 3.804(*r)C 3.804(ulesets\). The)-3.804 F
+3.176(ruleset recei)102 482.4 R -.15(ve)-.25 G 5.676(st).15 G 3.176
+(he header \214eld-body as ar)-5.676 F 3.175
+(gument, i.e., not the header \214eld-name; see also)-.18 F .629
+(${hdr_name} and ${currHeader}.)102 494.4 R .629
+(The header is treated as a structured \214eld, that is, te)5.629 F .63
+(xt in paren-)-.15 F .337
+(theses is deleted before processing, unless the second form)102 506.4 R
+F0($>+)2.837 E F1 .337(is used.)2.837 F .337(Note: only one ruleset can)
+5.337 F(be associated with a header;)102 518.4 Q F2(sendmail)2.5 E F1
+(will silently ignore multiple entries.)2.5 E -.15(Fo)127 534.6 S 2.5
+(re).15 G(xample, the con\214guration lines:)-2.65 E
+(HMessage-Id: $>CheckMessageId)142 550.8 Q(SCheckMessageId)142 574.8 Q
+(R< $+ @ $+)142 586.8 Q 11.06(>$)5 G 2.5(@O)-11.06 G(K)-2.5 E 52.83
+(R$* $#error)142 598.8 R($: Ille)2.5 E -.05(ga)-.15 G 2.5(lM).05 G
+(essage-Id header)-2.5 E -.1(wo)102 615 S(uld refuse an).1 E 2.5(ym)-.15
+G(essage that had a Message-Id: header of an)-2.5 E 2.5(yo)-.15 G 2.5
+(ft)-2.5 G(he follo)-2.5 E(wing forms:)-.25 E(Message-Id: <>)142 631.2 Q
+(Message-Id: some te)142 643.2 Q(xt)-.15 E(Message-Id: <le)142 655.2 Q
+-.05(ga)-.15 G 2.5(lt).05 G -.15(ex)-2.5 G(t@domain> e).15 E(xtra crud)
+-.15 E 3.068(Ad)102 671.4 S(ef)-3.068 E .569
+(ault ruleset that is called for headers which don')-.1 F 3.069(th)-.18
+G -2.25 -.2(av e)-3.069 H 3.069(as)3.269 G .569
+(peci\214c ruleset de\214ned for them can)-3.069 F(be speci\214ed by:)
+102 683.4 Q F0(H)142 699.6 Q F2(*)A F0 2.5(:$)C(>)-2.5 E F2(Ruleset)A F1
+(or)102 715.8 Q 0 Cg EP
%%Page: 62 58
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d36322053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .271
-<6f662074686973206c69737420616e6420746865206c697374206f662061>174 96 R
--.25<7661>-.2 G .272<696c61626c65206d656368616e69736d732061732064657465
-726d696e656420627920746865204379727573205341534c>.25 F<6c696272617279>
-174 108 Q 6.167<2e49>-.65 G 3.667<6653>-6.167 G -.93<5441>-3.667 G -.6
-<5254>.93 G 1.167<544c532069732061637469>.6 F -.15<7665>-.25 G 3.667
-<2c45>.15 G<585445524e>-3.667 E 1.167
-<414c2077696c6c20626520616464656420746f2074686973206c6973742e>-.35 F
-1.166<496e2074686174>6.167 F<636173652c207468652076>174 120 Q<616c756520
-6f66207b636572745f7375626a6563747d20697320757365642061732061757468656e74
-69636174696f6e2069642e>-.25 E 17.83<417574684f7074696f6e73205b6e6f>102
-136.2 R .836<73686f7274206e616d655d204c697374206f66206f7074696f6e732066
-6f7220534d54502041>3.335 F .836
-<55544820636f6e73697374696e67206f662073696e676c652063686172616374657273>
--.55 F<7769746820696e74657276>174 148.2 Q
-<656e696e67207768697465207370616365206f7220636f6d6d61732e>-.15 E 12.78
-<4155>214 164.4 S<7365207468652041>-12.78 E
-<5554483d20706172616d6574657220666f7220746865204d41494c204652>-.55 E
-<4f4d>-.4 E<636f6d6d616e64206f6e6c79207768656e2061757468656e746963617469
-6f6e207375636365656465642e>234 176.4 Q
-<546869732063616e206265207573656420617320612077>234 188.4 Q
-<6f726b61726f756e6420666f722062726f6b>-.1 E<656e>-.1 E<4d54>234 200.4 Q<
-4173207468617420646f206e6f7420696d706c656d656e7420524643203235353420636f
-72726563746c79>-.93 E<2e>-.65 E 15.56<6170>214 212.4 S
-<726f74656374696f6e2066726f6d2061637469>-15.56 E .3 -.15<76652028>-.25 H
-<6e6f6e2d64696374696f6e617279292061747461636b73>.15 E
-<647572696e672061757468656e7469636174696f6e2065>234 224.4 Q
-<786368616e67652e>-.15 E 15.56<6372>214 236.4 S<657175697265206d65636861
-6e69736d73207768696368207061737320636c69656e742063726564656e7469616c732c>
--15.56 E<616e6420616c6c6f>234 248.4 Q 2.5<776d>-.25 G<656368616e69736d73
-2077686963682063616e20706173732063726564656e7469616c73>-2.5 E
-<746f20646f20736f2e>234 260.4 Q 15<6464>214 272.4 S<6f6e27>-15 E 2.5
-<7470>-.18 G<65726d6974206d656368616e69736d73207375736365707469626c6520
-746f207061737369>-2.5 E -.15<7665>-.25 G
-<64696374696f6e6172792061747461636b2e>234 284.4 Q 16.67<6672>214 296.4 S
-<65717569726520666f7277>-16.67 E<61726420736563726563>-.1 E 2.5<7962>
--.15 G<65747765656e2073657373696f6e73>-2.5 E
-<28627265616b696e67206f6e652077>234 308.4 Q<6f6e27>-.1 E 2.5<7468>-.18 G
-<656c7020627265616b206e65>-2.5 E<7874292e>-.15 E 12.22<6d72>214 320.4 S
-<657175697265206d656368616e69736d732077686963682070726f>-12.22 E
-<76696465206d757475616c2061757468656e7469636174696f6e>-.15 E
-<286f6e6c792061>234 332.4 Q -.25<7661>-.2 G<696c61626c65206966207573696e
-67204379727573205341534c207632206f72206c61746572292e>.25 E 15<7064>214
-344.4 S<6f6e27>-15 E 2.5<7470>-.18 G<65726d6974206d656368616e69736d7320
-7375736365707469626c6520746f2073696d706c65>-2.5 E<7061737369>234 356.4 Q
-.3 -.15<76652061>-.25 H<747461636b2028652e672e2c20504c41494e2c204c4f4749
-4e292c20756e6c6573732061>.15 E
-<7365637572697479206c617965722069732061637469>234 368.4 Q -.15<7665>-.25
-G<2e>.15 E 15<7964>214 380.4 S<6f6e27>-15 E 2.5<7470>-.18 G
-<65726d6974206d656368616e69736d73207468617420616c6c6f>-2.5 E 2.5<7761>
--.25 G<6e6f6e>-2.5 E<796d6f7573206c6f67696e2e>-.15 E<546865208c72737420
-6f7074696f6e206170706c69657320746f2073656e646d61696c206173206120636c6965
-6e742c20746865206f746865727320746f20612073657276>174 396.6 Q<6572>-.15 E
-5<2e45>-.55 G<78616d706c653a>-5 E 2.5<4f41>214 412.8 S
-<7574684f7074696f6e733d702c79>-2.5 E -.1<776f>174 429 S 1.347
-<756c6420646973616c6c6f>.1 F 3.847<7741>-.25 G 1.347
-<4e4f4e594d4f55532061732041>-3.847 F 1.347
-<555448206d656368616e69736d20616e642077>-.55 F 1.346<6f756c6420616c6c6f>
--.1 F 3.846<7750>-.25 G<4c41494e>-3.846 E 1.788<616e64204c4f47494e206f6e
-6c792069662061207365637572697479206c617965722028652e672e2c2070726f>174
-441 R 1.789<7669646564206279205354>-.15 F<4152>-.93 E 1.789
-<54544c532920697320616c7265616479>-.6 F<61637469>174 453 Q -.15<7665>
--.25 G 5.364<2e54>.15 G .364
-<6865206f7074696f6e73202761272c202763272c2027>-5.364 F .364
-<64272c202766>-.5 F .364<272c202770272c20616e64202779272072656665722074
-6f2070726f70657274696573206f66207468652073656c6563746564>.55 F 1.089
-<5341534c206d656368616e69736d732e>174 465 R 1.089<4578706c616e6174696f6e
-73206f662074686573652070726f706572746965732063616e20626520666f756e642069
-6e20746865204379727573>6.089 F<5341534c20646f63756d656e746174696f6e2e>
-174 477 Q 23.39<417574685265616c6d205b6e6f>102 493.2 R 2.502<73686f7274
-206e616d655d205468652061757468656e7469636174696f6e207265616c6d2074686174
-2069732070617373656420746f20746865204379727573205341534c>5.003 F
-<6c696272617279>174 505.2 Q 5<2e49>-.65 G 2.5<666e>-5 G 2.5<6f72>-2.5 G
-<65616c6d2069732073706563698c65642c>-2.5 E F0<246a>2.5 E F1
-<697320757365642e>2.5 E<53656520616c736f204b4e4f>5 E<574e42>-.35 E
-<5547532e>-.1 E<426164526370745468726f74746c653d>102 521.4 Q/F2 10
-/Times-Italic@0 SF<4e>A F1 1.194<5b6e6f2073686f7274206e616d655d20496620
-73657420616e64207468652073706563698c6564206e756d626572206f66207265636970
-69656e747320696e20612073696e676c6520534d5450>174 533.4 R .596
-<7472616e73616374696f6e206861>174 545.4 R .896 -.15<76652062>-.2 H .595<
-65656e2072656a65637465642c20736c65657020666f72206f6e65207365636f6e642061
-6674657220656163682073756273657175656e742052435054>.15 F
-<636f6d6d616e6420696e2074686174207472616e73616374696f6e2e>174 557.4 Q
-<426c616e6b5375623d>102 573.6 Q F2<63>A F1 1.255<5b425d2053657420746865
-20626c616e6b20737562737469747574696f6e2063686172616374657220746f>22.47 F
-F2<63>3.755 E F1 6.255<2e55>C 1.255
-<6e71756f7465642073706163657320696e2061646472657373657320617265>-6.255 F
-<7265706c61636564206279207468697320636861726163746572>174 585.6 Q 5
-<2e44>-.55 G<6566>-5 E<61756c747320746f2073706163652028692e652e2c206e6f
-206368616e6765206973206d616465292e>-.1 E<4341>102 601.8 Q<4365727450>-.4
-E 21.16<617468205b6e6f>-.15 F .897<73686f7274206e616d655d2050>3.397 F
-.897<61746820746f206469726563746f727920776974682063657274698c6361746573
-206f66204341732e>-.15 F .896<54686973206469726563746f72792064697265632d>
-5.896 F 1.234<746f7279206d75737420636f6e7461696e207468652068617368657320
-6f6620656163682043412063657274698c63617465206173208c6c656e616d657320286f
-72206173206c696e6b7320746f>174 613.8 R<7468656d292e>174 625.8 Q<4341>102
-642 Q 23.23<4365727446696c65205b6e6f>-.4 F 1.439<73686f7274206e616d655d
-2046696c6520636f6e7461696e696e67206f6e65206f72206d6f72652043412063657274
-698c63617465733b207365652073656374696f6e2061626f7574>3.94 F<5354>174 654
-Q<4152>-.93 E<54544c5320666f72206d6f726520696e666f726d6174696f6e2e>-.6 E
-<4365727446696e6765727072696e74416c676f726974686d>102 670.2 Q 1.949<5370
-656369667920746865208c6e6765727072696e7420616c676f726974686d202864696765
-73742920746f2075736520666f72207468652070726573656e74656420636572742e>174
-682.2 R 1.95<496620746865>6.95 F .854<6f7074696f6e206973206e6f7420736574
-2c206d6435206973207573656420616e6420746865206d6163726f20636f6e7461696e73
-207468652063657274208c6e6765727072696e742e>174 694.2 R .854
-<496620746865>5.854 F .676<6f7074696f6e2069732065>174 706.2 R .676<7870
-6c696369746c79207365742c207468652073706563698c656420616c676f726974686d20
-28652e672e2c207368613129206973207573656420616e6420746865206d6163726f>
--.15 F F0<247b636572745f66707d>174 718.2 Q F1
-<636f6e7461696e73207468652063657274208c6e6765727072696e742e>2.5 E 0 Cg
-EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-62 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E(H)142 96 Q/F1 10/Times-Italic@0
+SF(*)A F0 2.5(:$)C(>+)-2.5 E F1(Ruleset)A F0 2.5(5.6. O)87 124.2 R 2.5
+<8a53>2.5 G(et Option)-2.5 E/F2 10/Times-Roman@0 SF .963(There are a nu\
+mber of global options that can be set from a con\214guration \214le.)
+127 140.4 R .962(Options are)5.962 F .86(represented by full w)102 152.4
+R .86(ords; some are also representable as single characters for back c\
+ompatibility)-.1 F(.)-.65 E(The syntax of this line is:)102 164.4 Q F0
+(O)142 180.6 Q F1(option)7.5 E F0(=)A F1(value)A F2 .563
+(This sets option)102 196.8 R F1(option)3.062 E F2 .562(to be)3.062 F F1
+(value)3.062 E F2 5.562(.N)C .562(ote that there)-5.562 F F1(must)3.062
+E F2 .562(be a space between the letter `O' and the)3.062 F
+(name of the option.)102 208.8 Q(An older v)5 E(ersion is:)-.15 E F0(O)
+142 225 Q F1 1.666(ov)C(alue)-1.666 E F2 .13(where the option)102 241.2
+R F1(o)2.63 E F2 .13(is a single character)2.63 F 5.13(.D)-.55 G .13
+(epending on the option,)-5.13 F F1(value)2.63 E F2 .13
+(may be a string, an inte)2.63 F(ger)-.15 E(,)-.4 E 2.5(ab)102 253.2 S
+(oolean \(with le)-2.5 E -.05(ga)-.15 G 2.5(lv).05 G
+(alues \231t\232, \231T\232, \231f\232, or \231F\232; the def)-2.75 E
+(ault is TR)-.1 E(UE\), or a time interv)-.4 E(al.)-.25 E 1.164(All \
+\214lenames used in options should be absolute paths, i.e., starting wi\
+th '/'.)127 269.4 R(Relati)6.164 E 1.464 -.15(ve \214)-.25 H(le-).15 E
+(names most lik)102 281.4 Q
+(ely cause surprises during operation \(unless otherwise noted\).)-.1 E
+(The options supported \(with the old, one character names in brack)127
+297.6 Q(ets\) are:)-.1 E(AliasFile=)102 313.8 Q F1(spec, spec, ...)A F2
+.182([A] Specify possible alias \214le\(s\).)174 325.8 R(Each)5.182 E F1
+(spec)2.682 E F2 .183(should be in the format `)2.682 F(`)-.74 E F1
+(class)A F0(:)A F1(info)2.683 E F2 -.74('')C(where)174 337.8 Q F1(class)
+3.031 E F0(:)A F2 .531(is optional and def)3.031 F .531(aults to `)-.1 F
+(`implicit')-.74 E 3.031('. Note)-.74 F(that)3.031 E F1(info)3.031 E F2
+.53(is required for)3.03 F(all)174 349.8 Q F1(class)3.524 E F2 1.024
+(es e)B 1.024(xcept \231ldap\232.)-.15 F -.15(Fo)6.024 G 3.524(rt).15 G
+1.024(he \231ldap\232 class, if)-3.524 F F1(info)3.524 E F2 1.025
+(is not speci\214ed, a def)3.524 F(ault)-.1 E F1(info)174 361.8 Q F2
+-.25(va)2.5 G(lue is used as follo).25 E(ws:)-.25 E
+(\255k \(&\(objectClass=sendmailMT)214 378 Q(AAliasObject\))-.93 E
+(\(sendmailMT)226.5 390 Q(AAliasName=aliases\))-.93 E(\(|\(sendmailMT)
+226.5 402 Q -.4(AC)-.93 G(luster=${sendmailMT).4 E -.4(AC)-.93 G
+(luster}\)).4 E(\(sendmailMT)231.5 414 Q(AHost=$j\)\))-.93 E
+(\(sendmailMT)226.5 426 Q(AK)-.93 E -.15(ey)-.25 G(=%0\)\)).15 E
+(\255v sendmailMT)214 438 Q(AAliasV)-.93 E(alue)-1.11 E 2.305
+(Depending on ho)174 454.2 R(w)-.25 E F1(sendmail)4.805 E F2 2.305
+(is compiled, v)4.805 F 2.305
+(alid classes are \231implicit\232 \(search)-.25 F 1.207(through a comp\
+iled-in list of alias \214le types, for back compatibility\), \231hash\
+\232 \(if)174 466.2 R/F3 9/Times-Roman@0 SF(NEWDB)174 478.2 Q F2 .496
+(is speci\214ed\), \231btree\232 \(if)2.996 F F3(NEWDB)2.996 E F2 .496
+(is speci\214ed\), \231dbm\232 \(if)2.996 F F3(NDBM)2.996 E F2 .496
+(is speci-)2.996 F 1.1(\214ed\), \231cdb\232 \(if)174 490.2 R F3(CDB)3.6
+E F2 1.101(is speci\214ed\), \231stab\232 \(internal symbol table \212 \
+not normally)3.6 F 1.079(used unless you ha)174 502.2 R 1.379 -.15(ve n)
+-.2 H 3.578(oo).15 G 1.078
+(ther database lookup\), \231sequence\232 \(use a sequence of)-3.578 F
+.958(maps pre)174 514.2 R .958(viously declared\), \231ldap\232 \(if)
+-.25 F F3(LD)3.458 E(APMAP)-.36 E F2 .958
+(is speci\214ed\), or \231nis\232 \(if)3.458 F F3(NIS)3.459 E F2(is)
+3.459 E 2.5(speci\214ed\). If)174 526.2 R 2.5(al)2.5 G(ist of)-2.5 E F1
+(spec)2.5 E F2 2.5(sa)C(re pro)-2.5 E(vided,)-.15 E F1(sendmail)2.5 E F2
+(searches them in order)2.5 E(.)-.55 E(AliasW)102 542.4 Q(ait=)-.8 E F1
+(timeout)A F2 .141([a] If set, w)174 554.4 R .141(ait up to)-.1 F F1
+(timeout)2.641 E F2 .141(\(units def)2.641 F .14
+(ault to minutes\) for an \231@:@\232 entry to e)-.1 F(xist)-.15 E .517
+(in the alias database before starting up.)174 566.4 R .517
+(If it does not appear in the)5.517 F F1(timeout)3.018 E F2(inter)3.018
+E(-)-.2 E -.25(va)174 578.4 S 2.5(li).25 G(ssue a w)-2.5 E(arning.)-.1 E
+(Allo)102 594.6 Q(wBogusHELO)-.25 E 1.104([no short name] If set, allo)
+174 606.6 R 3.604(wH)-.25 G 1.104(ELO SMTP commands that don')-3.604 F
+3.604(ti)-.18 G 1.103(nclude a host)-3.604 F 2.881(name. Setting)174
+618.6 R .382(this violates RFC 1123 section 5.2.5, b)2.881 F .382
+(ut is necessary to interoper)-.2 F(-)-.2 E .061(ate with se)174 630.6 R
+-.15(ve)-.25 G .061(ral SMTP clients.).15 F .061(If there is a v)5.061 F
+.06(alue, it is still check)-.25 F .06(ed for le)-.1 F(gitimac)-.15 E
+-.65(y.)-.15 G(AuthMaxBits=)102 646.8 Q F1(N)A F2 .697([no short name] \
+Limit the maximum encryption strength for the security layer in)5.24 F
+1.318(SMTP A)174 658.8 R 1.318(UTH \(SASL\). Def)-.55 F 1.317
+(ault is essentially unlimited.)-.1 F 1.317(This allo)6.317 F 1.317
+(ws to turn of)-.25 F(f)-.25 E .377(additional encryption in SASL if ST)
+174 670.8 R(AR)-.93 E .377(TTLS is already encrypting the communi-)-.6 F
+.179(cation, because the e)174 682.8 R .179
+(xisting encryption strength is tak)-.15 F .179
+(en into account when choos-)-.1 F .997
+(ing an algorithm for the security layer)174 694.8 R 5.998(.F)-.55 G
+.998(or e)-6.148 F .998(xample, if ST)-.15 F(AR)-.93 E .998
+(TTLS is used and)-.6 F .437
+(the symmetric cipher is 3DES, then the the k)174 706.8 R -.15(ey)-.1 G
+.437(length \(in bits\) is 168.).15 F .437(Hence set-)5.437 F(ting)174
+718.8 Q F0 -.5(Au)2.5 G(thMaxBits).5 E F2(to 168 will disable an)2.5 E
+2.5(ye)-.15 G(ncryption in SASL.)-2.5 E 0 Cg EP
%%Page: 63 59
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3633>195.86 E
-/F1 10/Times-Roman@0 SF 26.72<4369706865724c6973742053706563696679>102
-96 R<636970686572206c69737420666f72205354>2.5 E<4152>-.93 E 2.5
-<54544c532e20536565>-.6 F/F2 10/Times-Italic@0 SF<636970686572>2.5 E<73>
--.1 E F1<28312920666f7220706f737369626c652076>A<616c7565732e>-.25 E
-14.51<436865636b416c6961736573205b6e5d>102 112.2 R -1.11<5661>2.5 G
-<6c69646174652074686520524853206f6620616c6961736573207768656e20726562>
-1.11 E<75696c64696e672074686520616c6961732064617461626173652e>-.2 E
-<436865636b706f696e74496e74657276>102 128.4 Q<616c3d>-.25 E F2<4e>A F1
-1.297<5b435d20436865636b706f696e7473207468652071756575652065>174 140.4 R
--.15<7665>-.25 G<7279>.15 E F2<4e>3.797 E F1<28646566>3.797 E 1.297
-<61756c7420313029206164647265737365732073656e742e>-.1 F 1.296
-<496620796f75722073797374656d>6.296 F .746
-<6372617368657320647572696e672064656c69>174 152.4 R -.15<7665>-.25 G
-.746<727920746f2061206c6172>.15 F .746
-<6765206c6973742c207468697320707265>-.18 F -.15<7665>-.25 G .746
-<6e74732072657472616e736d697373696f6e20746f20616e>.15 F 3.247<7962>-.15
-G .747<757420746865>-3.447 F<6c617374>174 164.4 Q F2<4e>2.5 E F1
-<726563697069656e74732e>2.5 E<436c61737346>102 180.6 Q<6163746f723d>-.15
-E F2<66616374>A F1 1.625<5b7a5d2054686520696e64696361746564>4.29 F F2
-<66616374>4.124 E F1 1.624<6f72206973206d756c7469706c696564206279207468
-65206d65737361676520636c617373202864657465726d696e656420627920746865>B
-.718<507265636564656e63653a208c656c6420696e2074686520757365722068656164
-657220616e6420746865>174 192.6 R F0<50>3.219 E F1 .719
-<6c696e657320696e2074686520636f6e8c6775726174696f6e208c6c652920616e64>
-3.219 F 2.638<737562747261637465642066726f6d20746865207072696f72697479>
-174 204.6 R 7.637<2e54>-.65 G 2.637<6875732c206d657373616765732077697468
-206120686967686572205072696f726974793a2077696c6c206265>-7.637 F -.1
-<6661>174 216.6 S -.2<766f>-.1 G 2.5<7265642e20446566>.2 F
-<61756c747320746f20313830302e>-.1 E 12.27
-<436c69656e744365727446696c65205b6e6f>102 232.8 R .708<73686f7274206e61
-6d655d2046696c6520636f6e7461696e696e67207468652063657274698c63617465206f
-662074686520636c69656e742c20692e652e2c20746869732063657274698c6361746520
-6973>3.208 F<75736564207768656e>174 244.8 Q F2<73656e646d61696c>2.5 E F1
-<6163747320617320636c69656e742028666f72205354>2.5 E<4152>-.93 E
-<54544c53292e>-.6 E<436c69656e744b>102 261 Q -.15<6579>-.25 G 13.23
-<46696c65205b6e6f>.15 F .714
-<73686f7274206e616d655d2046696c6520636f6e7461696e696e672074686520707269>
-3.215 F -.25<7661>-.25 G .714<7465206b>.25 F 1.014 -.15<65792062>-.1 H
-.714<656c6f6e67696e6720746f2074686520636c69656e742063657274698c63617465>
-.15 F<28666f72205354>174 273 Q<4152>-.93 E<54544c53206966>-.6 E F2
-<73656e646d61696c>2.5 E F1<72756e7320617320636c69656e74292e>2.5 E
-<436c69656e74506f72744f7074696f6e733d>102 289.2 Q F2<6f7074696f6e73>A F1
-.355<5b4f5d2053657420636c69656e7420534d5450206f7074696f6e732e>174 301.2
-R .355<546865206f7074696f6e7320617265>5.355 F F2 -.1<6b65>2.855 G
-<793d76616c7565>-.2 E F1 .355
-<70616972732073657061726174656420627920636f6d2d>2.855 F 2.5
-<6d61732e204b6e6f>174 313.2 R<776e206b>-.25 E -.15<6579>-.1 G 2.5<7361>
-.15 G<72653a>-2.5 E 52.83<506f7274204e616d652f6e756d626572>214 329.4 R
-<6f6620736f7572636520706f727420666f7220636f6e6e656374696f6e2028646566>
-2.5 E<61756c747320746f20616e>-.1 E 2.5<7966>-.15 G<72656520706f727429>
--2.5 E 48.95<416464722041646472657373>214 341.4 R<6d61736b2028646566>2.5
-E<61756c747320494e>-.1 E<414444525f414e5929>-.35 E -.15<4661>214 353.4 S
-41.31<6d696c792041646472657373>.15 F -.1<6661>2.5 G<6d696c792028646566>
-.1 E<61756c747320746f20494e455429>-.1 E 21.72
-<536e6442756653697a652053697a65>214 365.4 R<6f66205443502073656e642062>
-2.5 E<7566>-.2 E<666572>-.25 E 21.17<52637642756653697a652053697a65>214
-377.4 R<6f6620544350207265636569>2.5 E .3 -.15<76652062>-.25 H<7566>-.05
-E<666572>-.25 E 34.5<4d6f64698c6572204f7074696f6e73>214 389.4 R
-<288d6167732920666f722074686520636c69656e74>2.5 E<546865>174 405.6 Q F2
-<41646472>3.257 E F1 .756<657373206d61736b206d61792062652061206e756d6572
-6963206164647265737320696e204950763420646f74206e6f746174696f6e206f722049
-50763620636f6c6f6e>B 1.148<6e6f746174696f6e206f722061206e657477>174
-417.6 R 1.148<6f726b206e616d652e>-.1 F 1.149
-<4e6f746520746861742069662061206e657477>6.148 F 1.149
-<6f726b206e616d652069732073706563698c65642c206f6e6c7920746865>-.1 F .383
-<8c72737420495020616464726573732072657475726e656420666f722069742077696c
-6c20626520757365642e>174 429.6 R .383
-<54686973206d617920636175736520696e64657465726d696e6174652062656861>
-5.383 F<762d>-.2 E 1.485<696f7220666f72206e657477>174 441.6 R 1.485
-<6f726b206e616d65732074686174207265736f6c76>-.1 F 3.985<6574>-.15 G
-3.985<6f6d>-3.985 G 1.485<756c7469706c65206164647265737365732e>-3.985 F
-1.485<5468657265666f72652c20757365206f6620616e>6.485 F
-<61646472657373206973207265636f6d6d656e6465642e>174 453.6 Q F2
-<4d6f64698c6572>5 E F1<63616e2062652074686520666f6c6c6f>2.5 E
-<77696e67206368617261637465723a>-.25 E 67<6875>214 469.8 S
-<7365206e616d65206f6620696e74657266>-67 E
-<61636520666f722048454c4f20636f6d6d616e64>-.1 E 64.78<4164>214 481.8 S
-<6f6e27>-64.78 E 2.5<7475>-.18 G<73652041>-2.5 E
-<555448207768656e2073656e64696e6720652d6d61696c>-.55 E 66.44<5364>214
-493.8 S<6f6e27>-66.44 E 2.5<7475>-.18 G<7365205354>-2.5 E<4152>-.93 E
-<54544c53207768656e2073656e64696e6720652d6d61696c>-.6 E .764<49662060>
-174 510 R<606827>-.74 E 3.264<2769>-.74 G 3.264<7373>-3.264 G .763<6574
-2c20746865206e616d6520636f72726573706f6e64696e6720746f20746865206f757467
-6f696e6720696e74657266>-3.264 F .763
-<6163652061646472657373202877686574686572>-.1 F .431<63686f73656e207669
-612074686520436f6e6e656374696f6e20706172616d65746572206f7220746865206465
-66>174 522 R .431
-<61756c7429206973207573656420666f72207468652048454c4f2f45484c4f>-.1 F
-3.618<636f6d6d616e642e20486f>174 534 R<7765>-.25 E -.15<7665>-.25 G
-1.918 -.4<722c2074>.15 H 1.118<6865206e616d65206d757374206e6f7420737461
-7274207769746820612073717561726520627261636b>.4 F 1.117
-<657420616e64206974206d757374>-.1 F 1.841
-<636f6e7461696e206174206c65617374206f6e6520646f742e>174 546 R 1.842<5468
-697320697320612073696d706c652074657374207768657468657220746865206e616d65
-206973206e6f7420616e204950>6.842 F .713
-<616464726573732028696e2073717561726520627261636b>174 558 R .713
-<657473292062>-.1 F .713<75742061207175616c698c656420686f73746e616d652e>
--.2 F .712<4e6f74652074686174206d756c7469706c6520436c69656e742d>5.713 F
-.343<506f72744f7074696f6e732073657474696e67732061726520616c6c6f>174 570
-R .343<77656420696e206f7264657220746f206769>-.25 F .643 -.15<76652073>
--.25 H .344<657474696e677320666f7220656163682070726f746f636f6c2066>.15 F
-<616d696c79>-.1 E .316<28652e672e2c206f6e6520666f722046>174 582 R .316
-<616d696c793d696e657420616e64206f6e6520666f722046>-.15 F 2.816
-<616d696c793d696e657436292e2041>-.15 F .315
-<7265737472696374696f6e20706c61636564206f6e206f6e65>2.816 F -.1<6661>174
-594 S<6d696c79206f6e6c79206166>.1 E<6665637473206f7574676f696e6720636f6e
-6e656374696f6e73206f6e207468617420706172746963756c61722066>-.25 E
-<616d696c79>-.1 E<2e>-.65 E<436c69656e7453534c4f7074696f6e73>102 610.2 Q
-3.495<4173>174 622.2 S .996<70616365206f7220636f6d6d61207365706172617465
-64206c697374206f662053534c2072656c61746564206f7074696f6e7320666f72207468
-6520636c69656e7420736964652e>-3.495 F<536565>5.996 E F2
-<53534c5f4354585f7365745f6f7074696f6e73>174 634.2 Q F1 .961
-<28332920666f722061206c6973743b207468652061>B -.25<7661>-.2 G .961
-<696c61626c652076>.25 F .961
-<616c75657320646570656e64206f6e20746865204f70656e53534c>-.25 F -.15
-<7665>174 646.2 S 5.628<7273696f6e206167>.15 F 5.628
-<61696e7374207768696368>-.05 F F2<73656e646d61696c>8.129 E F1 5.629
-<697320636f6d70696c65642e>8.129 F 5.629<427920646566>10.629 F
-<61756c742c>-.1 E F2<53534c5f4f505f414c4c>8.129 E 3.91<53534c5f4f505f4e
-4f5f53534c76322053534c5f4f505f4e4f5f5449434b4554202d53534c5f4f505f544c53
-4558545f50>174 658.2 R<414444494e47>-.9 E F1<617265>6.41 E .646
-<75736564202869662074686f7365206f7074696f6e73206172652061>174 670.2 R
--.25<7661>-.2 G 3.146<696c61626c65292e204f7074696f6e73>.25 F .646
-<63616e20626520636c65617265642062792070726563656564696e67207468656d>
-3.146 F<776974682061206d696e7573207369676e2e>174 682.2 Q<49742069732061
-6c736f20706f737369626c6520746f2073706563696679206e756d65726963616c2076>5
-E<616c7565732c20652e672e2c>-.25 E F0<2d307830303130>2.5 E F1<2e>A 3.95
-<436f6c6f6e4f6b496e41646472205b6e6f>102 698.4 R 4.679<73686f7274206e616d
-655d204966207365742c20636f6c6f6e73206172652061636365707461626c6520696e20
-652d6d61696c206164647265737365732028652e672e2c>7.18 F 3.54
-<99686f73743a757365729a292e204966>174 710.4 R 1.04
-<6e6f74207365742c20636f6c6f6e7320696e64696361746520746865206265>3.54 F
-1.04<67696e6e696e67206f66206120524643203832322067726f757020636f6e2d>-.15
-F 1.988<73747275637420289967726f75706e616d653a206d656d626572312c206d656d
-626572322c202e2e2e206d656d6265724e3b9a292e>174 722.4 R 1.987
-<446f75626c656420636f6c6f6e7320617265>6.987 F 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-63)195.86 E/F1 10/Times-Roman@0 SF -1.05(AuthMechanisms [no)102
+96 R .687(short name] List of authentication mechanisms for A)3.187 F
+.688(UTH \(separated by spa-)-.55 F 3.049(ces\). The)174 108 R(adv)3.049
+E .548
+(ertised list of authentication mechanisms will be the intersection of)
+-.15 F 1.125(this list and the list of a)174 120 R -.25(va)-.2 G 1.126
+(ilable mechanisms as determined by the Cyrus SASL).25 F(library)174 132
+Q 6.167(.I)-.65 G 3.667(fS)-6.167 G -.93(TA)-3.667 G -.6(RT).93 G 1.167
+(TLS is acti).6 F -.15(ve)-.25 G 3.667(,E).15 G(XTERN)-3.667 E 1.167
+(AL will be added to this list.)-.35 F 1.166(In that)6.167 F
+(case, the v)174 144 Q
+(alue of {cert_subject} is used as authentication id.)-.25 E 17.83
+(AuthOptions [no)102 160.2 R .836
+(short name] List of options for SMTP A)3.335 F .836
+(UTH consisting of single characters)-.55 F(with interv)174 172.2 Q
+(ening white space or commas.)-.15 E 12.78(AU)214 188.4 S(se the A)
+-12.78 E(UTH= parameter for the MAIL FR)-.55 E(OM)-.4 E
+(command only when authentication succeeded.)234 200.4 Q
+(This can be used as a w)234 212.4 Q(orkaround for brok)-.1 E(en)-.1 E
+(MT)234 224.4 Q(As that do not implement RFC 2554 correctly)-.93 E(.)
+-.65 E 15.56(ap)214 236.4 S(rotection from acti)-15.56 E .3 -.15(ve \()
+-.25 H(non-dictionary\) attacks).15 E(during authentication e)234 248.4
+Q(xchange.)-.15 E 15.56(cr)214 260.4 S
+(equire mechanisms which pass client credentials,)-15.56 E(and allo)234
+272.4 Q 2.5(wm)-.25 G(echanisms which can pass credentials)-2.5 E
+(to do so.)234 284.4 Q 15(dd)214 296.4 S(on')-15 E 2.5(tp)-.18 G
+(ermit mechanisms susceptible to passi)-2.5 E -.15(ve)-.25 G
+(dictionary attack.)234 308.4 Q 16.67(fr)214 320.4 S(equire forw)-16.67
+E(ard secrec)-.1 E 2.5(yb)-.15 G(etween sessions)-2.5 E
+(\(breaking one w)234 332.4 Q(on')-.1 E 2.5(th)-.18 G(elp break ne)-2.5
+E(xt\).)-.15 E 12.22(mr)214 344.4 S(equire mechanisms which pro)-12.22 E
+(vide mutual authentication)-.15 E(\(only a)234 356.4 Q -.25(va)-.2 G
+(ilable if using Cyrus SASL v2 or later\).).25 E 15(pd)214 368.4 S(on')
+-15 E 2.5(tp)-.18 G(ermit mechanisms susceptible to simple)-2.5 E(passi)
+234 380.4 Q .3 -.15(ve a)-.25 H(ttack \(e.g., PLAIN, LOGIN\), unless a)
+.15 E(security layer is acti)234 392.4 Q -.15(ve)-.25 G(.).15 E 15(yd)
+214 404.4 S(on')-15 E 2.5(tp)-.18 G(ermit mechanisms that allo)-2.5 E
+2.5(wa)-.25 G(non)-2.5 E(ymous login.)-.15 E(The \214rst option applies\
+ to sendmail as a client, the others to a serv)174 420.6 Q(er)-.15 E 5
+(.E)-.55 G(xample:)-5 E 2.5(OA)214 436.8 S(uthOptions=p,y)-2.5 E -.1(wo)
+174 453 S 1.347(uld disallo).1 F 3.847(wA)-.25 G 1.347(NONYMOUS as A)
+-3.847 F 1.347(UTH mechanism and w)-.55 F 1.346(ould allo)-.1 F 3.846
+(wP)-.25 G(LAIN)-3.846 E 1.788
+(and LOGIN only if a security layer \(e.g., pro)174 465 R 1.789
+(vided by ST)-.15 F(AR)-.93 E 1.789(TTLS\) is already)-.6 F(acti)174 477
+Q -.15(ve)-.25 G 5.364(.T).15 G .364(he options 'a', 'c', ')-5.364 F
+.364(d', 'f)-.5 F .364
+(', 'p', and 'y' refer to properties of the selected).55 F 1.089
+(SASL mechanisms.)174 489 R 1.089
+(Explanations of these properties can be found in the Cyrus)6.089 F
+(SASL documentation.)174 501 Q 23.39(AuthRealm [no)102 517.2 R 2.502
+(short name] The authentication realm that is passed to the Cyrus SASL)
+5.003 F(library)174 529.2 Q 5(.I)-.65 G 2.5(fn)-5 G 2.5(or)-2.5 G
+(ealm is speci\214ed,)-2.5 E F0($j)2.5 E F1(is used.)2.5 E(See also KNO)
+5 E(WNB)-.35 E(UGS.)-.1 E(BadRcptThrottle=)102 545.4 Q/F2 10
+/Times-Italic@0 SF(N)A F1 1.194([no short name] If set and the speci\
+\214ed number of recipients in a single SMTP)174 557.4 R .596
+(transaction ha)174 569.4 R .896 -.15(ve b)-.2 H .595
+(een rejected, sleep for one second after each subsequent RCPT).15 F
+(command in that transaction.)174 581.4 Q(BlankSub=)102 597.6 Q F2(c)A
+F1 1.255([B] Set the blank substitution character to)22.47 F F2(c)3.755
+E F1 6.255(.U)C 1.255(nquoted spaces in addresses are)-6.255 F
+(replaced by this character)174 609.6 Q 5(.D)-.55 G(ef)-5 E
+(aults to space \(i.e., no change is made\).)-.1 E(CA)102 625.8 Q(CertP)
+-.4 E 21.16(ath [no)-.15 F .897(short name] P)3.397 F .897
+(ath to directory with certi\214cates of CAs.)-.15 F .896
+(This directory direc-)5.896 F 1.234(tory must contain the hashes of ea\
+ch CA certi\214cate as \214lenames \(or as links to)174 637.8 R(them\).)
+174 649.8 Q(CA)102 666 Q 23.23(CertFile [no)-.4 F 1.439(short name] Fil\
+e containing one or more CA certi\214cates; see section about)3.94 F(ST)
+174 678 Q(AR)-.93 E(TTLS for more information.)-.6 E
+(CertFingerprintAlgorithm)102 694.2 Q 1.949(Specify the \214ngerprint a\
+lgorithm \(digest\) to use for the presented cert.)174 706.2 R 1.95
+(If the)6.95 F 2.346(option is not set, md5 is used and the macro)174
+718.2 R F0(${cert_md5})4.845 E F1 2.345(contains the cert)4.845 F 0 Cg
+EP
%%Page: 64 60
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d36342053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<616c>174 96 Q -.1<7761>-.1 G 2.215<797320616363
-65707461626c652028996e6f64656e616d653a3a757365729a2920616e642070726f7065
-7220726f7574652d61646472206e657374696e6720697320756e646572>.1 F<2d>-.2 E
-1.037<73746f6f642028993c4072656c61793a7573657240686f73743e9a292e>174 108
-R 1.037<467572746865726d6f72652c2074686973206f7074696f6e20646566>6.037 F
-1.036<61756c7473206f6e2069662074686520636f6e2d>-.1 F .853
-<8c6775726174696f6e2076>174 120 R .853<657273696f6e206c65>-.15 F -.15
-<7665>-.25 G 3.353<6c69>.15 G 3.353<736c>-3.353 G .853<657373207468616e
-20362028666f72206261636b20636f6d7061746962696c697479292e>-3.353 F<486f>
-5.854 E<7765>-.25 E -.15<7665>-.25 G 1.654 -.4<722c2069>.15 H 3.354
-<746d>.4 G<757374>-3.354 E<6265206f66>174 132 Q 2.5<6666>-.25 G
-<6f722066756c6c20636f6d7061746962696c697479207769746820524643203832322e>
--2.5 E<436f6e6e656374696f6e436163686553697a653d>102 148.2 Q/F2 10
-/Times-Italic@0 SF<4e>A F1 .242<5b6b5d20546865206d6178696d756d206e756d62
-6572206f66206f70656e20636f6e6e656374696f6e7320746861742077696c6c20626520
-63616368656420617420612074696d652e>174 160.2 R<546865>5.242 E<646566>174
-172.2 Q .385<61756c74206973206f6e652e>-.1 F .386<546869732064656c617973
-20636c6f73696e67207468652063757272656e7420636f6e6e656374696f6e20756e7469
-6c20656974686572207468697320696e>5.386 F -.2<766f>-.4 G<63612d>.2 E
-1.192<74696f6e206f66>174 184.2 R F2<73656e646d61696c>3.692 E F1 1.191<6e
-6565647320746f20636f6e6e65637420746f20616e6f7468657220686f7374206f722069
-74207465726d696e617465732e>3.692 F 1.191<53657474696e6720697420746f>
-6.191 F 2.046<7a65726f20646566>174 196.2 R 2.046
-<61756c747320746f20746865206f6c642062656861>-.1 F<76696f72>-.2 E 4.546
-<2c74>-.4 G 2.047<6861742069732c20636f6e6e656374696f6e732061726520636c6f
-73656420696d6d6564696174656c79>-4.546 F<2e>-.65 E .266<53696e6365207468
-697320636f6e73756d6573208c6c652064657363726970746f72732c2074686520636f6e
-6e656374696f6e2063616368652073686f756c64206265206b>174 208.2 R .265
-<65707420736d616c6c3a2034>-.1 F
-<69732070726f6261626c7920612070726163746963616c206d6178696d756d2e>174
-220.2 Q<436f6e6e656374696f6e436163686554>102 236.4 Q<696d656f75743d>-.35
-E F2<74696d656f7574>A F1 .708<5b4b5d20546865206d6178696d756d20616d6f756e
-74206f662074696d6520612063616368656420636f6e6e656374696f6e2077696c6c2062
-65207065726d697474656420746f2069646c65>174 248.4 R 1.083
-<776974686f75742061637469>174 260.4 R<76697479>-.25 E 6.083<2e49>-.65 G
-3.583<6674>-6.083 G 1.083<6869732074696d652069732065>-3.583 F 1.082<7863
-65656465642c2074686520636f6e6e656374696f6e20697320696d6d6564696174656c79
-20636c6f7365642e>-.15 F .417<546869732076>174 272.4 R .418<616c75652073
-686f756c6420626520736d616c6c20286f6e20746865206f72646572206f662074656e20
-6d696e75746573292e>-.25 F<4265666f7265>5.418 E F2<73656e646d61696c>2.918
-E F1 .418<757365732061>2.918 F .508
-<63616368656420636f6e6e656374696f6e2c20697420616c>174 284.4 R -.1<7761>
--.1 G .507<79732073656e64732061205253455420636f6d6d616e6420746f20636865
-636b2074686520636f6e6e656374696f6e3b206966>.1 F .401<746869732066>174
-296.4 R .401
-<61696c732c2069742072656f70656e732074686520636f6e6e656374696f6e2e>-.1 F
-.401<54686973206b>5.401 F .402<6565707320796f757220656e642066726f6d2066>
--.1 F .402<61696c696e6720696620746865206f74686572>-.1 F 1.545
-<656e642074696d6573206f75742e>174 308.4 R 1.545<54686520706f696e74206f66
-2074686973206f7074696f6e20697320746f206265206120676f6f64206e657477>6.545
-F 1.544<6f726b206e65696768626f7220616e64>-.1 F -.2<61766f>174 320.4 S
-<6964207573696e672075702065>.2 E<786365737369>-.15 E .3 -.15<76652072>
--.25 H<65736f7572636573206f6e20746865206f7468657220656e642e>.15 E
-<54686520646566>5 E<61756c74206973208c76>-.1 E 2.5<656d>-.15 G
-<696e757465732e>-2.5 E<436f6e6e6563744f6e6c7954>102 336.6 Q<6f3d>-.8 E
-F2<61646472>A<657373>-.37 E F1 .861<5b6e6f2073686f7274206e616d655d205468
-69732063616e206265207573656420746f206f>174 348.6 R -.15<7665>-.15 G .862
-<72726964652074686520636f6e6e656374696f6e20616464726573732028666f722074
-657374696e67>.15 F<707572706f736573292e>174 360.6 Q
-<436f6e6e656374696f6e526174655468726f74746c653d>102 376.8 Q F2<4e>A F1
-.212
-<5b6e6f2073686f7274206e616d655d2049662073657420746f206120706f73697469>
-174 388.8 R .511 -.15<76652076>-.25 H .211<616c75652c20616c6c6f>-.1 F
-2.711<776e>-.25 G 2.711<6f6d>-2.711 G .211<6f7265207468616e>-2.711 F F2
-<4e>2.711 E F1 .211<696e636f6d696e6720636f6e6e65632d>2.711 F .132<74696f
-6e7320696e2061206f6e65207365636f6e6420706572696f6420706572206461656d6f6e
-2e>174 400.8 R .132<5468697320697320696e74656e64656420746f208d617474656e
-206f7574207065616b7320616e64>5.132 F<616c6c6f>174 412.8 Q 2.5<7774>-.25
-G<6865206c6f61642061>-2.5 E -.15<7665>-.2 G
-<7261676520636865636b696e6720746f2063757420696e2e>.15 E<446566>5 E
-<61756c747320746f207a65726f20286e6f206c696d697473292e>-.1 E
-<436f6e6e656374696f6e5261746557>102 429 Q<696e646f>-.4 E<7753697a653d>
--.25 E F2<4e>A F1 .459<5b6e6f2073686f7274206e616d655d2044658c6e65207468
-65206c656e677468206f662074686520696e74657276>174 441 R .458
-<616c20666f7220776869636820746865206e756d626572206f6620696e636f6d2d>-.25
-F<696e6720636f6e6e656374696f6e73206973206d61696e7461696e65642e>174 453 Q
-<54686520646566>5 E<61756c74206973203630207365636f6e64732e>-.1 E
-<436f6e74726f6c536f636b>102 469.2 Q<65744e616d653d>-.1 E F2<6e616d65>A
-F1 .476<5b6e6f2073686f7274206e616d655d204e616d65206f662074686520636f6e74
-726f6c20736f636b>174 481.2 R .477
-<657420666f72206461656d6f6e206d616e6167656d656e742e>-.1 F 2.977<4172>
-5.477 G<756e6e696e67>-2.977 E F2<73656e646d61696c>174 493.2 Q F1 1.225<
-6461656d6f6e2063616e20626520636f6e74726f6c6c6564207468726f75676820746869
-73206e616d656420736f636b>3.725 F 3.725<65742e2041>-.1 F -.25<7661>-.74 G
-1.225<696c61626c6520636f6d2d>.25 F 2.926<6d616e6473206172653a>174 505.2
-R F2 2.926<68656c702c206d737461742c2072>5.426 F 2.926
-<6573746172742c2073687574646f776e2c>-.37 F F1<616e64>5.426 E F2
-<7374617475732e>5.426 E F1<546865>7.926 E F2<737461747573>5.426 E F1
-<636f6d6d616e64>5.426 E .46<72657475726e73207468652063757272656e74206e75
-6d626572206f66206461656d6f6e206368696c6472656e2c20746865206d6178696d756d
-206e756d626572206f66206461656d6f6e>174 517.2 R .449<6368696c6472656e2c20
-7468652066726565206469736b2073706163652028696e20626c6f636b7329206f662074
-6865207175657565206469726563746f7279>174 529.2 R 2.95<2c61>-.65 G .45
-<6e6420746865206c6f61642061>-2.95 F -.15<7665>-.2 G -.2<722d>.15 G .883
-<616765206f6620746865206d616368696e652065>174 541.2 R .883
-<787072657373656420617320616e20696e7465>-.15 F<676572>-.15 E 5.883<2e49>
--.55 G 3.383<666e>-5.883 G .882
-<6f74207365742c206e6f20636f6e74726f6c20736f636b>-3.383 F .882
-<65742077696c6c206265>-.1 F -.2<6176>174 553.2 S 5.029
-<61696c61626c652e20536f6c61726973>-.05 F 2.529
-<616e64207072652d342e34425344206b>5.029 F 2.529<65726e656c20757365727320
-73686f756c642073656520746865206e6f746520696e2073656e642d>-.1 F
-<6d61696c2f524541444d45202e>174 565.2 Q<43524c46696c653d>102 581.4 Q F2
-<6e616d65>A F1 .483<5b6e6f2073686f7274206e616d655d204e616d65206f66208c6c
-65207468617420636f6e7461696e732063657274698c63617465207265>9.69 F -.2
-<766f>-.25 G .482<636174696f6e207374617475732c2075736566756c20666f72>.2
-F .792<582e35303976332061757468656e7469636174696f6e2e>174 593.4 R .792<
-43524c20636865636b696e67207265717569726573206174206c65617374204f70656e53
-534c2076>5.792 F .793<657273696f6e20302e392e372e>-.15 F
-<4e6f74653a20696620612043524c46696c652069732073706563698c65642062>174
-605.4 Q<757420746865208c6c6520697320756e757361626c652c205354>-.2 E<4152>
--.93 E<54544c532069732064697361626c65642e>-.6 E<444850>102 621.6 Q 10.78
-<6172616d65746572732054686973>-.15 F
-<6f7074696f6e206170706c69657320746f207468652073657276>2.5 E
-<65722073696465206f6e6c79>-.15 E 5<2e50>-.65 G<6f737369626c652076>-5 E
-<616c756573206172653a>-.25 E 139<3575>214 637.8 S
-<736520707265636f6d70757465642035313220626974207072696d652e>-139 E 139
-<3167>214 649.8 S<656e6572617465203130323420626974207072696d65>-139 E
-139<3267>214 661.8 S<656e6572617465203230343820626974207072696d652e>-139
-E 141.22<6975>214 673.8 S<736520696e636c7564656420707265636f6d7075746564
-203230343820626974207072696d652028646566>-141.22 E<61756c74292e>-.1 E
-122.06<6e6f6e6520646f>214 685.8 R<6e6f742075736520446966>2.5 E
-<8c652d48656c6c6d616e2e>-.25 E 95.38<2f706174682f746f2f8c6c65206c6f6164>
-214 697.8 R<7072696d652066726f6d208c6c652e>2.5 E .63<54686973206973206f
-6e6c79207265717569726564206966206120636970686572737569746520636f6e746169
-6e696e67204453412f444820697320757365642e>174 714 R .63<54686520646566>
-5.63 F .63<61756c74206973>-.1 F 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-64 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 3.764
+(\214ngerprint. If)174 96 R 1.264(the option is e)3.764 F 1.264
+(xplicitly set, the speci\214ed algorithm \(e.g., sha1\) is)-.15 F
+(used and the macro)174 108 Q F0(${cert_fp})2.5 E F1
+(contains the cert \214ngerprint.)2.5 E 26.72(CipherList Specify)102
+124.2 R 1.06(cipher list for ST)3.56 F(AR)-.93 E 1.06
+(TTLS \(does not apply to TLSv1.3\).)-.6 F(See)6.06 E/F2 10
+/Times-Italic@0 SF(cipher)3.56 E(s)-.1 E F1(\(1\))A(for possible v)174
+136.2 Q(alues.)-.25 E 14.51(CheckAliases [n])102 152.4 R -1.11(Va)2.5 G
+(lidate the RHS of aliases when reb)1.11 E(uilding the alias database.)
+-.2 E(CheckpointInterv)102 168.6 Q(al=)-.25 E F2(N)A F1 1.296
+([C] Checkpoints the queue e)174 180.6 R -.15(ve)-.25 G(ry).15 E F2(N)
+3.797 E F1(\(def)3.797 E 1.297(ault 10\) addresses sent.)-.1 F 1.297
+(If your system)6.297 F .747(crashes during deli)174 192.6 R -.15(ve)
+-.25 G .746(ry to a lar).15 F .746(ge list, this pre)-.18 F -.15(ve)-.25
+G .746(nts retransmission to an).15 F 3.246(yb)-.15 G .746(ut the)-3.446
+F(last)174 204.6 Q F2(N)2.5 E F1(recipients.)2.5 E(ClassF)102 220.8 Q
+(actor=)-.15 E F2(fact)A F1 1.624([z] The indicated)4.29 F F2(fact)4.124
+E F1 1.624(or is multiplied by the message class \(determined by the)B
+.719(Precedence: \214eld in the user header and the)174 232.8 R F0(P)
+3.219 E F1 .718(lines in the con\214guration \214le\) and)3.218 F 2.637
+(subtracted from the priority)174 244.8 R 7.637(.T)-.65 G 2.637
+(hus, messages with a higher Priority: will be)-7.637 F -.1(fa)174 256.8
+S -.2(vo)-.1 G 2.5(red. Def).2 F(aults to 1800.)-.1 E 12.27
+(ClientCertFile [no)102 273 R .708(short name] File containing the cert\
+i\214cate of the client, i.e., this certi\214cate is)3.209 F(used when)
+174 285 Q F2(sendmail)2.5 E F1(acts as client \(for ST)2.5 E(AR)-.93 E
+(TTLS\).)-.6 E(ClientK)102 301.2 Q -.15(ey)-.25 G 13.23(File [no).15 F
+.714(short name] File containing the pri)3.214 F -.25(va)-.25 G .714
+(te k).25 F 1.014 -.15(ey b)-.1 H .714
+(elonging to the client certi\214cate).15 F(\(for ST)174 313.2 Q(AR)-.93
+E(TTLS if)-.6 E F2(sendmail)2.5 E F1(runs as client\).)2.5 E
+(ClientPortOptions=)102 329.4 Q F2(options)A F1 .355
+([O] Set client SMTP options.)174 341.4 R .355(The options are)5.355 F
+F2 -.1(ke)2.855 G(y=value)-.2 E F1 .355(pairs separated by com-)2.855 F
+2.5(mas. Kno)174 353.4 R(wn k)-.25 E -.15(ey)-.1 G 2.5(sa).15 G(re:)-2.5
+E 52.83(Port Name/number)214 369.6 R
+(of source port for connection \(def)2.5 E(aults to an)-.1 E 2.5(yf)-.15
+G(ree port\))-2.5 E 48.95(Addr Address)214 381.6 R(mask \(def)2.5 E
+(aults IN)-.1 E(ADDR_ANY\))-.35 E -.15(Fa)214 393.6 S 41.31
+(mily Address).15 F -.1(fa)2.5 G(mily \(def).1 E(aults to INET\))-.1 E
+21.72(SndBufSize Size)214 405.6 R(of TCP send b)2.5 E(uf)-.2 E(fer)-.25
+E 21.17(RcvBufSize Size)214 417.6 R(of TCP recei)2.5 E .3 -.15(ve b)-.25
+H(uf)-.05 E(fer)-.25 E 34.5(Modi\214er Options)214 429.6 R
+(\(\215ags\) for the client)2.5 E(The)174 445.8 Q F2(Addr)3.256 E F1
+.756
+(ess mask may be a numeric address in IPv4 dot notation or IPv6 colon)B
+1.149(notation or a netw)174 457.8 R 1.149(ork name.)-.1 F 1.149
+(Note that if a netw)6.149 F 1.148(ork name is speci\214ed, only the)-.1
+F .383(\214rst IP address returned for it will be used.)174 469.8 R .383
+(This may cause indeterminate beha)5.383 F(v-)-.2 E 1.485(ior for netw)
+174 481.8 R 1.485(ork names that resolv)-.1 F 3.985(et)-.15 G 3.985(om)
+-3.985 G 1.485(ultiple addresses.)-3.985 F 1.485(Therefore, use of an)
+6.485 F(address is recommended.)174 493.8 Q F2(Modi\214er)5 E F1
+(can be the follo)2.5 E(wing character:)-.25 E 67(hu)214 510 S
+(se name of interf)-67 E(ace for HELO command)-.1 E 64.78(Ad)214 522 S
+(on')-64.78 E 2.5(tu)-.18 G(se A)-2.5 E(UTH when sending e-mail)-.55 E
+66.44(Sd)214 534 S(on')-66.44 E 2.5(tu)-.18 G(se ST)-2.5 E(AR)-.93 E
+(TTLS when sending e-mail)-.6 E .763(If `)174 550.2 R(`h')-.74 E 3.263
+('i)-.74 G 3.263(ss)-3.263 G .763
+(et, the name corresponding to the outgoing interf)-3.263 F .764
+(ace address \(whether)-.1 F .431
+(chosen via the Connection parameter or the def)174 562.2 R .431
+(ault\) is used for the HELO/EHLO)-.1 F 3.617(command. Ho)174 574.2 R
+(we)-.25 E -.15(ve)-.25 G 1.917 -.4(r, t).15 H 1.118
+(he name must not start with a square brack).4 F 1.118(et and it must)
+-.1 F 1.842(contain at least one dot.)174 586.2 R 1.842
+(This is a simple test whether the name is not an IP)6.842 F .712
+(address \(in square brack)174 598.2 R .713(ets\) b)-.1 F .713
+(ut a quali\214ed hostname.)-.2 F .713(Note that multiple Client-)5.713
+F .344(PortOptions settings are allo)174 610.2 R .343
+(wed in order to gi)-.25 F .643 -.15(ve s)-.25 H .343
+(ettings for each protocol f).15 F(amily)-.1 E .315(\(e.g., one for F)
+174 622.2 R .316(amily=inet and one for F)-.15 F 2.816(amily=inet6\). A)
+-.15 F .316(restriction placed on one)2.816 F -.1(fa)174 634.2 S
+(mily only af).1 E(fects outgoing connections on that particular f)-.25
+E(amily)-.1 E(.)-.65 E(ClientSSLOptions)102 650.4 Q 3.496(As)174 662.4 S
+.996(pace or comma separated list of SSL related options for the client\
+ side.)-3.496 F(See)5.995 E F2(SSL_CTX_set_options)174 674.4 Q F1 .961
+(\(3\) for a list; the a)B -.25(va)-.2 G .961(ilable v).25 F .961
+(alues depend on the OpenSSL)-.25 F -.15(ve)174 686.4 S 5.629(rsion ag)
+.15 F 5.629(ainst which)-.05 F F2(sendmail)8.129 E F1 5.629
+(is compiled.)8.129 F 5.628(By def)10.629 F(ault,)-.1 E F2(SSL_OP_ALL)
+8.128 E 3.91(SSL_OP_NO_SSLv2 SSL_OP_NO_TICKET -SSL_OP_TLSEXT_P)174 698.4
+R(ADDING)-.9 E F1(are)6.41 E 1.016(used \(if those options are a)174
+710.4 R -.25(va)-.2 G 3.516(ilable\). Options).25 F 1.016
+(can be cleared by preceding them)3.516 F(with a minus sign.)174 722.4 Q
+(It is also possible to specify numerical v)5 E(alues, e.g.,)-.25 E F0
+(-0x0010)2.5 E F1(.)A 0 Cg EP
%%Page: 65 61
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3635>195.86 E
-/F1 10/Times-Roman@0 SF -.74<6060>174 96 S<6927>.74 E 3.406<2777>-.74 G
-.907<686963682073656c65637473206120707265636f6d70757465642c208c78>-3.406
-F .907<6564203230343820626974207072696d652e>-.15 F .907<49662060>5.907 F
-<603527>-.74 E 3.407<2769>-.74 G 3.407<7373>-3.407 G .907
-<656c65637465642c207468656e>-3.407 F .409
-<707265636f6d70757465642c208c78>174 108 R .409
-<6564207072696d65732061726520757365642e>-.15 F .408<4e6f74653a2074686973
-206f7074696f6e2073686f756c64206e6f7420626520757365642028756e6c657373>
-5.408 F .274<6e656365737361727920666f7220636f6d7061746962696c6974792077
-697468206f6c6420696d706c656d656e746174696f6e73292e>174 120 R .275
-<49662060>5.275 F<603127>-.74 E 2.775<276f>-.74 G 2.775<7260>-2.775 G
-<603227>-3.515 E 2.775<2769>-.74 G 2.775<7373>-2.775 G<656c65637465642c>
--2.775 E 1.238<7468656e207072696d652076>174 132 R 1.238
-<616c7565732061726520636f6d707574656420647572696e6720737461727475702e>
--.25 F 1.237<4e6f74653a2074686973206f7065726174696f6e2063616e2074616b>
-6.237 F 3.737<6561>-.1 G 1.648
-<7369676e698c63616e7420616d6f756e74206f662074696d65206f6e206120736c6f>
-174 144 R 4.148<776d>-.25 G 1.649<616368696e6520287365>-4.148 F -.15
-<7665>-.25 G 1.649<72616c207365636f6e6473292c2062>.15 F 1.649
-<7574206974206973206f6e6c79>-.2 F 1.858
-<646f6e65206f6e636520617420737461727475702e>174 156 R 1.857<49662060>
-6.857 F<606e6f6e6527>-.74 E 4.357<2769>-.74 G 4.357<7373>-4.357 G 1.857<
-656c65637465642c207468656e20544c532063697068657273756974657320636f6e7461
-696e696e67>-4.357 F .797<4453412f44482063616e6e6f7420626520757365642e>
-174 168 R .797<49662061208c6c65206e616d652069732073706563698c6564202877
-68696368206d75737420626520616e206162736f6c757465>5.797 F .45<7061746829
-2c207468656e20746865207072696d65732061726520726561642066726f6d2069742e>
-174 180 R .449<4974206973207265636f6d6d656e64656420746f2067656e65726174
-6520737563682061208c6c65>5.449 F<7573696e67206120636f6d6d616e64206c696b>
-174 192 Q 2.5<6574>-.1 G<6869733a>-2.5 E<6f70656e73736c206468706172616d
-202d6f7574202f6574632f6d61696c2f6468706172616d732e70656d2032303438>358
-208.2 Q .054<496620746865208c6c65206973206e6f74207265616461626c65206f72
-20636f6e7461696e7320756e757361626c6520646174612c2074686520646566>174
-224.4 R .054<61756c742060>-.1 F<606927>-.74 E 2.554<2769>-.74 G 2.554
-<7375>-2.554 G .054<73656420696e73746561642e>-2.554 F
-<4461656d6f6e506f72744f7074696f6e733d>102 240.6 Q/F2 10/Times-Italic@0
-SF<6f7074696f6e73>A F1 .364<5b4f5d205365742073657276>174 252.6 R .364
-<657220534d5450206f7074696f6e732e>-.15 F .364
-<4561636820696e7374616e6365206f66>5.364 F F0<4461656d6f6e50>2.863 E
-<6f72744f7074696f6e73>-.2 E F1 .363<6c6561647320746f20616e>2.863 F
-<6164646974696f6e616c20696e636f6d696e6720736f636b>174 264.6 Q 2.5
-<65742e20546865>-.1 F<6f7074696f6e7320617265>2.5 E F2 -.1<6b65>2.5 G
-<793d76616c7565>-.2 E F1 2.5<70616972732e204b6e6f>2.5 F<776e206b>-.25 E
--.15<6579>-.1 G 2.5<7361>.15 G<72653a>-2.5 E 45.62<4e616d652055736572>
-214 280.8 R
-<2d64658c6e61626c65206e616d6520666f7220746865206461656d6f6e2028646566>
--.2 E<61756c747320746f20224461656d6f6e232229>-.1 E 52.83
-<506f7274204e616d652f6e756d626572>214 292.8 R
-<6f66206c697374656e696e6720706f72742028646566>2.5 E
-<61756c747320746f2022736d74702229>-.1 E 48.95<416464722041646472657373>
-214 304.8 R<6d61736b2028646566>2.5 E<61756c747320494e>-.1 E
-<414444525f414e5929>-.35 E -.15<4661>214 316.8 S 41.31
-<6d696c792041646472657373>.15 F -.1<6661>2.5 G<6d696c792028646566>.1 E
-<61756c747320746f20494e455429>-.1 E 3.94
-<496e7075744d61696c46696c74657273204c697374>214 328.8 R
-<6f6620696e707574206d61696c208c6c7465727320666f7220746865206461656d6f6e>
-2.5 E 44.5<4c697374656e2053697a65>214 340.8 R
-<6f66206c697374656e2071756575652028646566>2.5 E
-<61756c747320746f20313029>-.1 E 34.5<4d6f64698c6572204f7074696f6e73>214
-352.8 R<288d6167732920666f7220746865206461656d6f6e>2.5 E 21.72
-<536e6442756653697a652053697a65>214 364.8 R<6f66205443502073656e642062>
-2.5 E<7566>-.2 E<666572>-.25 E 21.17<52637642756653697a652053697a65>214
-376.8 R<6f6620544350207265636569>2.5 E .3 -.15<76652062>-.25 H<7566>-.05
-E<666572>-.25 E 36.73<6368696c6472656e206d6178696d756d>214 388.8 R
-<6e756d626572206f66206368696c6472656e20706572206461656d6f6e2c20736565>
-2.5 E F0<4d61784461656d6f6e4368696c6472>2.5 E<656e>-.18 E F1<2e>A
-<44656c69>214 400.8 Q -.15<7665>-.25 G 11.58<72794d6f64652044656c69>.15
-F -.15<7665>-.25 G<7279206d6f646520706572206461656d6f6e2c20736565>.15 E
-F0<44656c69>2.5 E -.1<7665>-.1 G<72794d6f6465>.1 E F1<2e>A 31.74
-<7265667573654c41205265667573654c41>214 412.8 R<706572206461656d6f6e>2.5
-E 34.51<64656c61794c412044656c61794c41>214 424.8 R<706572206461656d6f6e>
-2.5 E 32.29<71756575654c412051756575654c41>214 436.8 R
-<706572206461656d6f6e>2.5 E<546865>174 453 Q F2<4e616d65>2.68 E F1 -.1
-<6b65>2.68 G 2.68<7969>-.05 G 2.68<7375>-2.68 G .181
-<73656420666f72206572726f72206d6573736167657320616e64206c6f6767696e672e>
--2.68 F<546865>5.181 E F2<41646472>2.681 E F1 .181
-<657373206d61736b206d6179206265>B 2.59<616e>174 465 S .089<756d65726963
-206164647265737320696e204950763420646f74206e6f746174696f6e206f7220495076
-3620636f6c6f6e206e6f746174696f6e2c206f722061206e657477>-2.59 F .089
-<6f726b206e616d652c>-.1 F .341
-<6f722061207061746820746f2061206c6f63616c20736f636b>174 477 R 2.841
-<65742e204e6f7465>-.1 F .341<746861742069662061206e657477>2.841 F .341
-<6f726b206e616d652069732073706563698c65642c206f6e6c7920746865208c727374>
--.1 F .085<495020616464726573732072657475726e656420666f722069742077696c
-6c20626520757365642e>174 489 R .084
-<54686973206d617920636175736520696e64657465726d696e6174652062656861>
-5.085 F .084<76696f7220666f72>-.2 F<6e657477>174 501 Q .327
-<6f726b206e616d65732074686174207265736f6c76>-.1 F 2.827<6574>-.15 G
-2.827<6f6d>-2.827 G .327<756c7469706c65206164647265737365732e>-2.827 F
-.328<5468657265666f72652c20757365206f6620616e2061646472657373206973>
-5.328 F 2.92<7265636f6d6d656e6465642e20546865>174 513 R F2 -.75<4661>
-2.92 G<6d696c79>.75 E F1 -.1<6b65>2.92 G 2.92<7964>-.05 G<6566>-2.92 E
-.42<61756c747320746f20494e4554202849507634292e>-.1 F .42
-<495076362075736572732077686f207769736820746f>5.42 F 1.611<616c736f2061
-6363657074204950763620636f6e6e656374696f6e732073686f756c6420616464206164
-646974696f6e616c2046>174 525 R<616d696c793d696e657436>-.15 E F0
-<4461656d6f6e50>4.112 E<6f72>-.2 E<2d>-.37 E<744f7074696f6e73>174 537 Q
-F1 2.889<6c696e65732e2046>2.89 F .389<6f722061206c6f63616c20736f636b>
--.15 F .389<65742c207573652046>-.1 F .389
-<616d696c793d6c6f63616c206f722046>-.15 F 2.889
-<616d696c793d756e69782e20546865>-.15 F F2<496e7075742d>2.889 E
-<4d61696c46>174 549 Q<696c746572>-.45 E<73>-.1 E F1 -.1<6b65>3.34 G 3.34
-<796f>-.05 G -.15<7665>-3.49 G .84<7272696465732074686520646566>.15 F
-.84<61756c74206c697374206f6620696e707574206d61696c208c6c74657273206c6973
-74656420696e20746865>-.1 F F0<496e7075742d>3.34 E
-<4d61696c46696c74657273>174 561 Q F1 2.955<6f7074696f6e2e204966>2.955 F
-.455<6d756c7469706c6520696e707574206d61696c208c6c7465727320617265207265
-7175697265642c20746865>2.955 F 2.955<796d>-.15 G .455
-<75737420626520736570612d>-2.955 F 2.064
-<72617465642062792073656d69636f6c6f6e7320286e6f7420636f6d6d6173292e>174
-573 R F2<4d6f64698c6572>7.064 E F1 2.065
-<63616e20626520612073657175656e63652028776974686f757420616e>4.565 F<79>
--.15 E<64656c696d697465727329206f662074686520666f6c6c6f>174 585 Q
-<77696e6720636861726163746572733a>-.25 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-65)195.86 E/F1 10/Times-Roman@0 SF 3.95(ColonOkInAddr [no)102 96
+R 4.679
+(short name] If set, colons are acceptable in e-mail addresses \(e.g.,)
+7.179 F 3.54(\231host:user\232\). If)174 108 R 1.04
+(not set, colons indicate the be)3.54 F 1.04
+(ginning of a RFC 822 group con-)-.15 F 1.987
+(struct \(\231groupname: member1, member2, ... memberN;\232\).)174 120 R
+1.988(Doubled colons are)6.988 F(al)174 132 Q -.1(wa)-.1 G 2.215(ys acc\
+eptable \(\231nodename::user\232\) and proper route-addr nesting is und\
+er).1 F(-)-.2 E 1.036(stood \(\231<@relay:user@host>\232\).)174 144 R
+1.037(Furthermore, this option def)6.036 F 1.037(aults on if the con-)
+-.1 F .854(\214guration v)174 156 R .854(ersion le)-.15 F -.15(ve)-.25 G
+3.354(li).15 G 3.354(sl)-3.354 G .853
+(ess than 6 \(for back compatibility\).)-3.354 F(Ho)5.853 E(we)-.25 E
+-.15(ve)-.25 G 1.653 -.4(r, i).15 H 3.353(tm).4 G(ust)-3.353 E(be of)174
+168 Q 2.5(ff)-.25 G(or full compatibility with RFC 822.)-2.5 E
+(ConnectionCacheSize=)102 184.2 Q/F2 10/Times-Italic@0 SF(N)A F1 .242([\
+k] The maximum number of open connections that will be cached at a time\
+.)174 196.2 R(The)5.243 E(def)174 208.2 Q .386(ault is one.)-.1 F .386
+(This delays closing the current connection until either this in)5.386 F
+-.2(vo)-.4 G(ca-).2 E 1.191(tion of)174 220.2 R F2(sendmail)3.691 E F1
+1.191(needs to connect to another host or it terminates.)3.691 F 1.192
+(Setting it to)6.192 F 2.047(zero def)174 232.2 R 2.047
+(aults to the old beha)-.1 F(vior)-.2 E 4.546(,t)-.4 G 2.046
+(hat is, connections are closed immediately)-4.546 F(.)-.65 E .266(Sinc\
+e this consumes \214le descriptors, the connection cache should be k)174
+244.2 R .266(ept small: 4)-.1 F(is probably a practical maximum.)174
+256.2 Q(ConnectionCacheT)102 272.4 Q(imeout=)-.35 E F2(timeout)A F1 .708
+([K] The maximum amount of time a cached connection will be permitted t\
+o idle)174 284.4 R 1.082(without acti)174 296.4 R(vity)-.25 E 6.082(.I)
+-.65 G 3.582(ft)-6.082 G 1.083(his time is e)-3.582 F 1.083
+(xceeded, the connection is immediately closed.)-.15 F .418(This v)174
+308.4 R .418(alue should be small \(on the order of ten minutes\).)-.25
+F(Before)5.418 E F2(sendmail)2.918 E F1 .417(uses a)2.917 F .507
+(cached connection, it al)174 320.4 R -.1(wa)-.1 G .508
+(ys sends a RSET command to check the connection; if).1 F .402(this f)
+174 332.4 R .402(ails, it reopens the connection.)-.1 F .401(This k)
+5.402 F .401(eeps your end from f)-.1 F .401(ailing if the other)-.1 F
+1.544(end times out.)174 344.4 R 1.545
+(The point of this option is to be a good netw)6.544 F 1.545
+(ork neighbor and)-.1 F -.2(avo)174 356.4 S(id using up e).2 E(xcessi)
+-.15 E .3 -.15(ve r)-.25 H(esources on the other end.).15 E(The def)5 E
+(ault is \214v)-.1 E 2.5(em)-.15 G(inutes.)-2.5 E(ConnectOnlyT)102 372.6
+Q(o=)-.8 E F2(addr)A(ess)-.37 E F1 .862
+([no short name] This can be used to o)174 384.6 R -.15(ve)-.15 G .861
+(rride the connection address \(for testing).15 F(purposes\).)174 396.6
+Q(ConnectionRateThrottle=)102 412.8 Q F2(N)A F1 .211
+([no short name] If set to a positi)174 424.8 R .511 -.15(ve v)-.25 H
+.211(alue, allo)-.1 F 2.711(wn)-.25 G 2.712(om)-2.711 G .212(ore than)
+-2.712 F F2(N)2.712 E F1 .212(incoming connec-)2.712 F .132
+(tions in a one second period per daemon.)174 436.8 R .132
+(This is intended to \215atten out peaks and)5.132 F(allo)174 448.8 Q
+2.5(wt)-.25 G(he load a)-2.5 E -.15(ve)-.2 G(rage checking to cut in.)
+.15 E(Def)5 E(aults to zero \(no limits\).)-.1 E(ConnectionRateW)102 465
+Q(indo)-.4 E(wSize=)-.25 E F2(N)A F1 .458
+([no short name] De\214ne the length of the interv)174 477 R .459
+(al for which the number of incom-)-.25 F
+(ing connections is maintained.)174 489 Q(The def)5 E
+(ault is 60 seconds.)-.1 E(ControlSock)102 505.2 Q(etName=)-.1 E F2
+(name)A F1 .477([no short name] Name of the control sock)174 517.2 R
+.476(et for daemon management.)-.1 F 2.976(Ar)5.476 G(unning)-2.976 E F2
+(sendmail)174 529.2 Q F1 1.225
+(daemon can be controlled through this named sock)3.725 F 3.725(et. A)
+-.1 F -.25(va)-.74 G 1.225(ilable com-).25 F 2.926(mands are:)174 541.2
+R F2 2.926(help, mstat, r)5.426 F 2.926(estart, shutdown,)-.37 F F1(and)
+5.426 E F2(status.)5.426 E F1(The)7.926 E F2(status)5.426 E F1(command)
+5.426 E .46(returns the current number of daemon children, the maximum \
+number of daemon)174 553.2 R .449
+(children, the free disk space \(in blocks\) of the queue directory)174
+565.2 R 2.949(,a)-.65 G .449(nd the load a)-2.949 F -.15(ve)-.2 G -.2
+(r-).15 G .882(age of the machine e)174 577.2 R .883
+(xpressed as an inte)-.15 F(ger)-.15 E 5.883(.I)-.55 G 3.383(fn)-5.883 G
+.883(ot set, no control sock)-3.383 F .883(et will be)-.1 F -.2(av)174
+589.2 S 5.03(ailable. Solaris)-.05 F 2.529(and pre-4.4BSD k)5.029 F
+2.529(ernel users should see the note in send-)-.1 F(mail/README .)174
+601.2 Q(CRLFile=)102 617.4 Q F2(name)A F1 .482
+([no short name] Name of \214le that contains certi\214cate re)9.69 F
+-.2(vo)-.25 G .483(cation status, useful for).2 F .944
+(X.509v3 authentication.)174 629.4 R .943
+(Note: if a CRLFile is speci\214ed b)5.944 F .943
+(ut the \214le is unusable,)-.2 F(ST)174 641.4 Q(AR)-.93 E
+(TTLS is disabled.)-.6 E(CRLP)102 657.6 Q(ath=)-.15 E F2(name)A F1 1.848
+([no short name] Name of directory that contains hashes pointing to cer\
+ti\214cate)7.62 F(re)174 669.6 Q -.2(vo)-.25 G 1.161
+(cation status \214les.).2 F 1.161
+(Symbolic links can be generated with the follo)6.161 F 1.16(wing tw)
+-.25 F(o)-.1 E(\(Bourne\) shell commands:)174 681.6 Q(C=FileName_of_CRL)
+214 697.8 Q(ln -s $C `openssl crl -noout -hash < $C`.r0)214 709.8 Q 0 Cg
+EP
%%Page: 66 62
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d36362053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 67.56<6161>214 96 S -.1<6c7761>-67.56 G
-<797320726571756972652061757468656e7469636174696f6e>.1 E 67<6262>214 108
-S<696e6420746f20696e74657266>-67 E<616365207468726f75676820776869636820
-6d61696c20686173206265656e207265636569>-.1 E -.15<7665>-.25 G<64>.15 E
-67.56<6370>214 120 S
-<6572666f726d20686f73746e616d652063616e6f6e698c636174696f6e20282e636629>
--67.56 E 68.67<6672>214 132 S<6571756972652066756c6c79207175616c698c6564
-20686f73746e616d6520282e636629>-68.67 E 68.11<7352>214 144 S
-<756e20736d7470732028534d5450206f>-68.11 E -.15<7665>-.15 G 2.5<7253>.15
-G<534c2920696e7374656164206f6620736d7470>-2.5 E 67<7561>214 156 S
-<6c6c6f>-67 E 2.5<7775>-.25 G
-<6e7175616c698c65642061646472657373657320282e636629>-2.5 E 64.78<4164>
-214 168 S<697361626c652041>-64.78 E<55544820286f>-.55 E -.15<7665>-.15 G
-<72726964657320276127206d6f64698c657229>.15 E 65.33<4364>214 180 S
-<6f6e27>-65.33 E 2.5<7470>-.18 G
-<6572666f726d20686f73746e616d652063616e6f6e698c636174696f6e>-2.5 E 65.89
-<4564>214 192 S<6973616c6c6f>-65.89 E 2.5<7745>-.25 G
-<54524e202873656520524643203234373629>-2.5 E 64.78<4f6f>214 204 S
-<7074696f6e616c3b206966206f70656e696e672074686520736f636b>-64.78 E
-<65742066>-.1 E<61696c732069676e6f7265206974>-.1 E 66.44<5364>214 216 S
-<6f6e27>-66.44 E 2.5<746f>-.18 G -.25<6666>-2.5 G<6572205354>.25 E<4152>
--.93 E<54544c53>-.6 E 2.413<546861742069732c206f6e652077>174 232.2 R
-2.412<617920746f20737065636966792061206d657373616765207375626d697373696f
-6e206167656e7420284d534129207468617420616c>-.1 F -.1<7761>-.1 G<7973>.1
-E<72657175697265732061757468656e7469636174696f6e2069733a>174 244.2 Q 2.5
-<4f44>214 260.4 S<61656d6f6e506f72744f7074696f6e733d4e616d653d4d53412c20
-506f72743d3538372c204d3d4561>-2.5 E .243
-<546865206d6f64698c657273207468617420617265206d61726b>174 276.6 R .244
-<656420776974682022282e63662922206861>-.1 F .544 -.15<7665206f>-.2 H
-.244<6e6c79206566>.15 F .244
-<6665637420696e20746865207374616e6461726420636f6e8c672d>-.25 F .16
-<75726174696f6e208c6c652c20696e20776869636820746865>174 288.6 R 2.66
-<7961>-.15 G .16<72652061>-2.66 F -.25<7661>-.2 G .16
-<696c61626c6520766961>.25 F F0<247b6461656d6f6e5f8d6167737d>2.66 E F1
-5.16<2e4e>C .16<6f746963653a20446f>-5.16 F F0<6e6f74>2.66 E F1<757365>
-2.66 E .46<7468652060>174 300.6 R<606127>-.74 E 2.96<276d>-.74 G .46
-<6f64698c6572206f6e2061207075626c69632061636365737369626c65204d54>-2.96
-F 2.961<4121204974>-.93 F .461
-<73686f756c64206f6e6c79206265207573656420666f722061204d5341>2.961 F
-2.553<7468617420697320616363657373656420627920617574686f72697a6564207573
-65727320666f7220696e697469616c206d61696c207375626d697373696f6e2e>174
-312.6 R 2.552<5573657273206d757374>7.552 F 1.141<61757468656e7469636174
-6520746f207573652061204d5341207768696368206861732074686973206f7074696f6e
-207475726e6564206f6e2e>174 324.6 R 1.141<546865208d6167732060>6.141 F
-<606327>-.74 E 3.641<2761>-.74 G<6e64>-3.641 E -.74<6060>174 336.6 S
-<4327>.74 E 3.786<2763>-.74 G 1.286<616e206368616e67652074686520646566>
--3.786 F 1.285<61756c7420666f7220686f73746e616d652063616e6f6e698c636174
-696f6e20696e20746865>-.1 F/F2 10/Times-Italic@0 SF
-<73656e646d61696c2e6366>3.785 E F1<8c6c652e>3.785 E .764
-<536565207468652072656c65>174 348.6 R -.25<7661>-.25 G .765
-<6e7420646f63756d656e746174696f6e20666f72>.25 F/F3 9/Times-Roman@0 SF
-<464541>3.265 E<54555245286e6f63616e6f6e69667929>-.999 E F1 5.765<2e54>C
-.765<6865206d6f64698c65722060>-5.765 F -1.95<60662027>-.74 F 3.265<2764>
--.74 G<69732d>-3.265 E<616c6c6f>174 360.6 Q .795
-<777320616464726573736573206f662074686520666f726d>-.25 F F0
-<7573657240686f7374>3.295 E F1 .794<756e6c65737320746865>3.295 F 3.294
-<7961>-.15 G .794<7265207375626d6974746564206469726563746c79>-3.294 F
-5.794<2e54>-.65 G<6865>-5.794 E 2.127<8d61672060>174 372.6 R<607527>-.74
-E 4.627<2761>-.74 G<6c6c6f>-4.627 E 2.127<777320756e7175616c698c65642073
-656e646572206164647265737365732c20692e652e2c2074686f736520776974686f7574
-2040686f73742e>-.25 F -.74<6060>7.127 G<6227>.74 E<27>-.74 E 2.791<666f
-726365732073656e646d61696c20746f2062696e6420746f2074686520696e74657266>
-174 384.6 R 2.791<616365207468726f7567682077686963682074686520652d6d6169
-6c20686173206265656e>-.1 F<7265636569>174 396.6 Q -.15<7665>-.25 G 4.369
-<6466>.15 G 1.869
-<6f7220746865206f7574676f696e6720636f6e6e656374696f6e2e>-4.369 F F0 -1.2
-<5741>6.869 G<524e494e473a>1.2 E F1 1.869<5573652060>4.369 F<606227>-.74
-E 4.369<276f>-.74 G 1.869<6e6c79206966206f7574676f696e67>-4.369 F .517<
-6d61696c2063616e20626520726f75746564207468726f7567682074686520696e636f6d
-696e6720636f6e6e656374696f6e27>174 408.6 R 3.017<7369>-.55 G<6e74657266>
--3.017 E .517<61636520746f206974732064657374696e6174696f6e2e>-.1 F .119<
-4e6f20617474656d7074206973206d61646520746f2063617463682070726f626c656d73
-2064756520746f2061206d6973636f6e8c6775726174696f6e206f662074686973207061
-72616d65746572>174 420.6 R<2c>-.4 E 1.177<757365206974206f6e6c7920666f72
-207669727475616c20686f7374696e672077686572652065616368207669727475616c20
-696e74657266>174 432.6 R 1.177<6163652063616e20636f6e6e65637420746f2065>
--.1 F -.15<7665>-.25 G<7279>.15 E 2.001
-<706f737369626c65206c6f636174696f6e2e>174 444.6 R 2.001
-<546869732077696c6c20616c736f206f>7.001 F -.15<7665>-.15 G 2.001
-<727269646520706f737369626c652073657474696e677320766961>.15 F F0
-<436c69656e7450>4.502 E<6f72744f702d>-.2 E<74696f6e732e>174 456.6 Q F1
-<4e6f74652c>5.487 E F2<73656e646d61696c>2.987 E F1 .487
-<77696c6c206c697374656e206f6e2061206e65>2.987 F 2.986<7773>-.25 G
-<6f636b>-2.986 E .486
-<657420666f722065616368206f63637572656e6365206f6620746865>-.1 F F0
-<4461652d>2.986 E<6d6f6e50>174 468.6 Q<6f72744f7074696f6e73>-.2 E F1
-.838<6f7074696f6e20696e206120636f6e8c6775726174696f6e208c6c652e>3.338 F
-.838<546865206d6f64698c65722060>5.838 F<604f27>-.74 E 3.338<2763>-.74 G
-.838<61757365732073656e642d>-3.338 F 1.418
-<6d61696c20746f2069676e6f7265206120736f636b>174 480.6 R 1.417
-<65742069662069742063616e27>-.1 F 3.917<7462>-.18 G 3.917<656f>-3.917 G
-3.917<70656e65642e2054686973>-3.917 F 1.417<6170706c69657320746f2066>
-3.917 F 1.417<61696c757265732066726f6d20746865>-.1 F<736f636b>174 492.6
-Q<657428322920616e642062696e642832292063616c6c732e>-.1 E<446566>102
-508.8 Q 2.95<61756c7441757468496e666f205b6e6f>-.1 F .181<73686f7274206e
-616d655d2046696c656e616d65207468617420636f6e7461696e7320646566>2.681 F
-.181<61756c742061757468656e7469636174696f6e20696e666f726d6174696f6e2066
-6f72206f75742d>-.1 F 1.738<676f696e6720636f6e6e656374696f6e732e20546869
-73208c6c65206d75737420636f6e7461696e2074686520757365722069642c2074686520
-617574686f72697a6174696f6e2069642c20746865>174 520.8 R<7061737377>174
-532.8 Q 1.561<6f72642028706c61696e207465>-.1 F 1.562<7874292c2074686520
-7265616c6d20616e6420746865206c697374206f66206d656368616e69736d7320746f20
-757365206f6e207365706172617465>-.15 F .288<6c696e657320616e64206d757374
-206265207265616461626c6520627920726f6f7420286f72207468652074727573746564
-207573657229206f6e6c79>174 544.8 R 5.287<2e49>-.65 G 2.787<666e>-5.287 G
-2.787<6f72>-2.787 G .287<65616c6d2069732073706563692d>-2.787 F<8c65642c>
-174 556.8 Q F0<246a>3.704 E F1 1.204<697320757365642e>3.704 F 1.205<4966
-206e6f206d656368616e69736d73206172652073706563698c65642c20746865206c6973
-74206769>6.204 F -.15<7665>-.25 G 3.705<6e62>.15 G<79>-3.705 E F0 -.5
-<4175>3.705 G<74684d656368612d>.5 E<6e69736d73>174 568.8 Q F1 1.372
-<697320757365642e>3.872 F 1.372<4e6f746963653a2074686973206f7074696f6e20
-6973206465707265636174656420616e642077696c6c2062652072656d6f>6.372 F
--.15<7665>-.15 G 3.871<6469>.15 G 3.871<6e66>-3.871 G<7574757265>-3.871
-E -.15<7665>174 580.8 S 3.41<7273696f6e732e204d6f72656f>.15 F -.15<7665>
--.15 G 1.71 -.4<722c2069>.15 H 3.41<7464>.4 G<6f65736e27>-3.41 E 3.41
-<7477>-.18 G .911
-<6f726b20666f7220746865204d53502073696e63652069742063616e27>-3.51 F
-3.411<7472>-.18 G .911<65616420746865208c6c652028746865>-3.411 F .014
-<8c6c65206d757374206e6f742062652067726f75702f77>174 592.8 R .014
-<6f726c642d7265616461626c65206f7468657277697365>-.1 F F2
-<73656e646d61696c>2.514 E F1 .014<77696c6c20636f6d706c61696e292e>2.514 F
-.014<55736520746865>5.014 F 1.2
-<61757468696e666f2072756c6573657420696e73746561642077686963682070726f>
-174 604.8 R 1.2<7669646573206d6f726520636f6e74726f6c206f>-.15 F -.15
-<7665>-.15 G 3.7<7274>.15 G 1.2
-<6865207573616765206f66207468652064617461>-3.7 F<616e>174 616.8 Q<7977>
--.15 E<6179>-.1 E<2e>-.65 E<446566>102 633 Q<61756c74436861725365743d>
--.1 E F2 -.15<6368>C<6172>.15 E<736574>-.1 E F1 .161<5b6e6f2073686f7274
-206e616d655d205768656e2061206d65737361676520746861742068617320382d626974
-20636861726163746572732062>174 645 R .16
-<7574206973206e6f7420696e204d494d4520666f72>-.2 F<2d>-.2 E .494
-<6d617420697320636f6e>174 657 R -.15<7665>-.4 G .495<7274656420746f204d
-494d452028736565207468652045696768744269744d6f6465206f7074696f6e29206120
-63686172616374657220736574206d757374206265>.15 F .488
-<696e636c7564656420696e2074686520436f6e74656e742d54>174 669 R .488
-<7970653a20686561646572>-.8 F 5.488<2e54>-.55 G .487<686973206368617261
-6374657220736574206973206e6f726d616c6c79207365742066726f6d20746865>
--5.488 F .133<436861727365743d208c656c64206f6620746865206d61696c65722064
-657363726970746f72>174 681 R 5.133<2e49>-.55 G 2.633<6674>-5.133 G .133
-<686174206973206e6f74207365742c207468652076>-2.633 F .133
-<616c7565206f662074686973206f7074696f6e206973>-.25 F 2.5
-<757365642e204966>174 693 R
-<74686973206f7074696f6e206973206e6f74207365742c207468652076>2.5 E
-<616c75652099756e6b6e6f>-.25 E<776e2d386269749a20697320757365642e>-.25 E
-<4461746146696c65427566>102 709.2 Q<66657253697a653d>-.25 E F2<746872>A
-<6573686f6c64>-.37 E F1 .012
-<5b6e6f2073686f7274206e616d655d2053657420746865>174 721.2 R F2<746872>
-2.512 E<6573686f6c64>-.37 E F1 2.512<2c69>C 2.512<6e62>-2.512 G .011<79
-7465732c206265666f72652061206d656d6f72792d626173656420717565756520646174
-61208c6c65>-2.512 F 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-66 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF(DHP)102
+96 Q 10.78(arameters This)-.15 F(option applies to the serv)2.5 E
+(er side only)-.15 E 5(.P)-.65 G(ossible v)-5 E(alues are:)-.25 E 139
+(5u)214 112.2 S(se precomputed 512 bit prime.)-139 E 139(1g)214 124.2 S
+(enerate 1024 bit prime)-139 E 139(2g)214 136.2 S
+(enerate 2048 bit prime.)-139 E 141.22(iu)214 148.2 S
+(se included precomputed 2048 bit prime \(def)-141.22 E(ault\).)-.1 E
+122.06(none do)214 160.2 R(not use Dif)2.5 E(\214e-Hellman.)-.25 E 95.38
+(/path/to/\214le load)214 172.2 R(prime from \214le.)2.5 E .63
+(This is only required if a ciphersuite containing DSA/DH is used.)174
+188.4 R .63(The def)5.63 F .63(ault is)-.1 F -.74(``)174 200.4 S(i').74
+E 3.407('w)-.74 G .907(hich selects a precomputed, \214x)-3.407 F .907
+(ed 2048 bit prime.)-.15 F .907(If `)5.907 F(`5')-.74 E 3.407('i)-.74 G
+3.407(ss)-3.407 G .906(elected, then)-3.407 F .408(precomputed, \214x)
+174 212.4 R .408(ed primes are used.)-.15 F .409
+(Note: this option should not be used \(unless)5.408 F .275
+(necessary for compatibility with old implementations\).)174 224.4 R
+.274(If `)5.275 F(`1')-.74 E 2.774('o)-.74 G 2.774(r`)-2.774 G(`2')
+-3.514 E 2.774('i)-.74 G 2.774(ss)-2.774 G(elected,)-2.774 E 1.237
+(then prime v)174 236.4 R 1.237(alues are computed during startup.)-.25
+F 1.238(Note: this operation can tak)6.238 F 3.738(ea)-.1 G 1.649
+(signi\214cant amount of time on a slo)174 248.4 R 4.148(wm)-.25 G 1.648
+(achine \(se)-4.148 F -.15(ve)-.25 G 1.648(ral seconds\), b).15 F 1.648
+(ut it is only)-.2 F 1.857(done once at startup.)174 260.4 R 1.857(If `)
+6.857 F(`none')-.74 E 4.357('i)-.74 G 4.357(ss)-4.357 G 1.858
+(elected, then TLS ciphersuites containing)-4.357 F .798
+(DSA/DH cannot be used.)174 272.4 R .797
+(If a \214le name is speci\214ed \(which must be an absolute)5.797 F
+.449(path\), then the primes are read from it.)174 284.4 R .45
+(It is recommended to generate such a \214le)5.449 F
+(using a command lik)174 296.4 Q 2.5(et)-.1 G(his:)-2.5 E
+(openssl dhparam -out /etc/mail/dhparams.pem 2048)358 312.6 Q .054
+(If the \214le is not readable or contains unusable data, the def)174
+328.8 R .054(ault `)-.1 F(`i')-.74 E 2.554('i)-.74 G 2.554(su)-2.554 G
+.054(sed instead.)-2.554 F(DaemonPortOptions=)102 345 Q/F2 10
+/Times-Italic@0 SF(options)A F1 .363([O] Set serv)174 357 R .363
+(er SMTP options.)-.15 F .364(Each instance of)5.364 F F0(DaemonP)2.864
+E(ortOptions)-.2 E F1 .364(leads to an)2.864 F(additional incoming sock)
+174 369 Q 2.5(et. The)-.1 F(options are)2.5 E F2 -.1(ke)2.5 G(y=value)
+-.2 E F1 2.5(pairs. Kno)2.5 F(wn k)-.25 E -.15(ey)-.1 G 2.5(sa).15 G
+(re:)-2.5 E 45.62(Name User)214 385.2 R
+(-de\214nable name for the daemon \(def)-.2 E(aults to "Daemon#"\))-.1 E
+52.83(Port Name/number)214 397.2 R(of listening port \(def)2.5 E
+(aults to "smtp"\))-.1 E 48.95(Addr Address)214 409.2 R(mask \(def)2.5 E
+(aults IN)-.1 E(ADDR_ANY\))-.35 E -.15(Fa)214 421.2 S 41.31
+(mily Address).15 F -.1(fa)2.5 G(mily \(def).1 E(aults to INET\))-.1 E
+3.94(InputMailFilters List)214 433.2 R
+(of input mail \214lters for the daemon)2.5 E 44.5(Listen Size)214 445.2
+R(of listen queue \(def)2.5 E(aults to 10\))-.1 E 34.5
+(Modi\214er Options)214 457.2 R(\(\215ags\) for the daemon)2.5 E 21.72
+(SndBufSize Size)214 469.2 R(of TCP send b)2.5 E(uf)-.2 E(fer)-.25 E
+21.17(RcvBufSize Size)214 481.2 R(of TCP recei)2.5 E .3 -.15(ve b)-.25 H
+(uf)-.05 E(fer)-.25 E 36.73(children maximum)214 493.2 R
+(number of children per daemon, see)2.5 E F0(MaxDaemonChildr)2.5 E(en)
+-.18 E F1(.)A(Deli)214 505.2 Q -.15(ve)-.25 G 11.58(ryMode Deli).15 F
+-.15(ve)-.25 G(ry mode per daemon, see).15 E F0(Deli)2.5 E -.1(ve)-.1 G
+(ryMode).1 E F1(.)A 31.74(refuseLA RefuseLA)214 517.2 R(per daemon)2.5 E
+34.51(delayLA DelayLA)214 529.2 R(per daemon)2.5 E 32.29
+(queueLA QueueLA)214 541.2 R(per daemon)2.5 E(The)174 557.4 Q F2(Name)
+2.681 E F1 -.1(ke)2.681 G 2.681(yi)-.05 G 2.681(su)-2.681 G .181
+(sed for error messages and logging.)-2.681 F(The)5.181 E F2(Addr)2.68 E
+F1 .18(ess mask may be)B 2.589(an)174 569.4 S .089
+(umeric address in IPv4 dot notation or IPv6 colon notation, or a netw)
+-2.589 F .09(ork name,)-.1 F .342(or a path to a local sock)174 581.4 R
+2.841(et. Note)-.1 F .341(that if a netw)2.841 F .341
+(ork name is speci\214ed, only the \214rst)-.1 F .084
+(IP address returned for it will be used.)174 593.4 R .085
+(This may cause indeterminate beha)5.085 F .085(vior for)-.2 F(netw)174
+605.4 Q .328(ork names that resolv)-.1 F 2.828(et)-.15 G 2.828(om)-2.828
+G .328(ultiple addresses.)-2.828 F .327(Therefore, use of an address is)
+5.327 F 2.92(recommended. The)174 617.4 R F2 -.75(Fa)2.92 G(mily).75 E
+F1 -.1(ke)2.92 G 2.92(yd)-.05 G(ef)-2.92 E .42(aults to INET \(IPv4\).)
+-.1 F .42(IPv6 users who wish to)5.42 F 1.611
+(also accept IPv6 connections should add additional F)174 629.4 R
+(amily=inet6)-.15 E F0(DaemonP)4.111 E(or)-.2 E(-)-.37 E(tOptions)174
+641.4 Q F1 2.889(lines. F)2.889 F .389(or a local sock)-.15 F .389
+(et, use F)-.1 F .389(amily=local or F)-.15 F 2.889(amily=unix. The)-.15
+F F2(Input-)2.89 E(MailF)174 653.4 Q(ilter)-.45 E(s)-.1 E F1 -.1(ke)3.34
+G 3.34(yo)-.05 G -.15(ve)-3.49 G .84(rrides the def).15 F .84
+(ault list of input mail \214lters listed in the)-.1 F F0(Input-)3.34 E
+(MailFilters)174 665.4 Q F1 2.955(option. If)2.955 F .455
+(multiple input mail \214lters are required, the)2.955 F 2.955(ym)-.15 G
+.455(ust be sepa-)-2.955 F 2.065(rated by semicolons \(not commas\).)174
+677.4 R F2(Modi\214er)7.065 E F1 2.064(can be a sequence \(without an)
+4.565 F(y)-.15 E(delimiters\) of the follo)174 689.4 Q(wing characters:)
+-.25 E 0 Cg EP
%%Page: 67 63
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3637>195.86 E
-/F1 10/Times-Roman@0 SF<6265636f6d6573206469736b2d62617365642e>174 96 Q
-<54686520646566>5 E<61756c7420697320343039362062797465732e>-.1 E
-<446561644c657474657244726f703d>102 112.2 Q/F2 10/Times-Italic@0 SF
-<8c6c65>A F1 .535<5b6e6f2073686f7274206e616d655d2044658c6e65732074686520
-6c6f636174696f6e206f66207468652073797374656d2d7769646520646561642e6c6574
-746572208c6c652c20666f726d65726c79>174 124.2 R .744
-<68617264636f64656420746f202f7573722f746d702f646561642e6c6574746572>174
-136.2 R 5.744<2e49>-.55 G 3.244<6674>-5.744 G .744
-<686973206f7074696f6e206973206e6f7420736574202874686520646566>-3.244 F
-.743<61756c74292c2073656e646d61696c>-.1 F 1.464
-<77696c6c206e6f7420617474656d707420746f207361>174 148.2 R 1.764 -.15
-<76652074>-.2 H 3.964<6f6173>.15 G 1.464
-<797374656d2d7769646520646561642e6c6574746572208c6c6520696e207468652065>
--3.964 F -.15<7665>-.25 G 1.465<6e742069742063616e6e6f74>.15 F .575<626f
-756e636520746865206d61696c20746f207468652075736572206f7220706f73746d6173
-746572>174 160.2 R 5.575<2e49>-.55 G .575<6e73746561642c2069742077696c6c
-2072656e616d6520746865207166208c6c65206173206974>-5.575 F<68617320696e20
-7468652070617374207768656e2074686520646561642e6c6574746572208c6c6520636f
-756c64206e6f74206265206f70656e65642e>174 172.2 Q<446566>102 188.4 Q
-<61756c74557365723d>-.1 E F2<757365723a6772>A<6f7570>-.45 E F1 .013
-<5b755d205365742074686520646566>174 200.4 R .013
-<61756c742075736572696420666f72206d61696c65727320746f>-.1 F F2
-<757365723a6772>2.513 E<6f7570>-.45 E F1 5.013<2e49>C<66>-5.013 E F2
-<6772>2.513 E<6f7570>-.45 E F1 .014<6973206f6d697474656420616e64>2.514 F
-F2<75736572>2.514 E F1<6973>2.514 E 4.307<6175>174 212.4 S 1.807<736572
-206e616d6520286173206f70706f73656420746f2061206e756d65726963207573657220
-6964292074686520646566>-4.307 F 1.806
-<61756c742067726f7570206c697374656420696e20746865>-.1 F 1.153<2f6574632f
-706173737764208c6c6520666f7220746861742075736572206973207573656420617320
-74686520646566>174 224.4 R 1.153<61756c742067726f75702e>-.1 F<426f7468>
-6.153 E F2<75736572>3.653 E F1<616e64>3.653 E F2<6772>3.653 E<6f7570>
--.45 E F1 1.153<6d6179206265206e756d657269632e>174 236.4 R 1.152
-<4d61696c65727320776974686f757420746865>6.152 F F2<53>3.652 E F1 1.152<
-8d616720696e20746865206d61696c65722064658c6e6974696f6e2077696c6c2072756e
-206173>3.652 F .142<746869732075736572>174 250.4 R 5.142<2e44>-.55 G
-<6566>-5.142 E .142<61756c747320746f20313a312e>-.1 F .142<5468652076>
-5.142 F .142<616c75652063616e20616c736f206265206769>-.25 F -.15<7665>
--.25 G 2.642<6e61>.15 G 2.642<736173>-2.642 G .142
-<796d626f6c69632075736572206e616d652e>-2.642 F/F3 7/Times-Roman@0 SF
-<3139>-4 I F1<44656c61794c413d>102 266.6 Q F2<4c41>A F1 .996<5b6e6f2073
-686f7274206e616d655d205768656e207468652073797374656d206c6f61642061>17.48
-F -.15<7665>-.2 G .996<726167652065>.15 F<786365656473>-.15 E F2<4c41>
-3.496 E F1<2c>A F2<73656e646d61696c>3.496 E F1 .995
-<77696c6c20736c656570>3.495 F<666f72206f6e65207365636f6e64206f6e206d6f73
-7420534d545020636f6d6d616e647320616e64206265666f726520616363657074696e67
-20636f6e6e656374696f6e732e>174 278.6 Q<44656c69>102 294.8 Q -.15<7665>
--.25 G<7242794d696e3d>.15 E F2<74696d65>A F1 .202
-<5b305d20536574206d696e696d756d2074696d6520666f722044656c69>174 306.8 R
--.15<7665>-.25 G 2.702<7242>.15 G 2.702<7953>-2.702 G .202
-<4d5450205365727669636520457874656e73696f6e20285246432032383532292e>
--2.702 F .203<496620302c>5.203 F .487<6e6f2074696d65206973206c6973746564
-2c206966206c657373207468616e20302c207468652065>174 318.8 R .487
-<7874656e73696f6e206973206e6f74206f66>-.15 F .486
-<66657265642c2069662067726561746572207468616e20302c206974206973>-.25 F<
-6c6973746564206173206d696e696d756d2074696d6520666f72207468652045484c4f20
-6b>174 330.8 Q -.15<6579>-.1 G -.1<776f>.15 G<72642044454c495645524259>
-.1 E<2e>-1.29 E<44656c69>102 347 Q -.15<7665>-.25 G<72794d6f64653d>.15 E
-F2<78>A F1<5b645d2044656c69>4 E -.15<7665>-.25 G 2.5<7269>.15 G 2.5
-<6e6d>-2.5 G<6f6465>-2.5 E F2<78>2.5 E F1 5<2e4c>C -2.25 -.15<65672061>
--5 H 2.5<6c6d>.15 G<6f646573206172653a>-2.5 E 17.22<6944>214 363.2 S
-<656c69>-17.22 E -.15<7665>-.25 G 2.5<7269>.15 G<6e74657261637469>-2.5 E
--.15<7665>-.25 G<6c79202873796e6368726f6e6f75736c7929>.15 E 15<6244>214
-375.2 S<656c69>-15 E -.15<7665>-.25 G 2.5<7269>.15 G 2.5<6e62>-2.5 G
-<61636b67726f756e6420286173796e6368726f6e6f75736c7929>-2.5 E 15<714a>214
-387.2 S<75737420717565756520746865206d657373616765202864656c69>-15 E
--.15<7665>-.25 G 2.5<7264>.15 G<7572696e672071756575652072756e29>-2.5 E
-15<6444>214 399.2 S<656665722064656c69>-15 E -.15<7665>-.25 G
-<727920616e6420616c6c206d6170206c6f6f6b757073202864656c69>.15 E -.15
-<7665>-.25 G 2.5<7264>.15 G<7572696e672071756575652072756e29>-2.5 E
-<446566>174 415.4 Q .711<61756c747320746f2060>-.1 F<606227>-.74 E 3.211
-<2769>-.74 G 3.211<666e>-3.211 G 3.211<6f6f>-3.211 G .711
-<7074696f6e2069732073706563698c65642c2060>-3.211 F<606927>-.74 E 3.211
-<2769>-.74 G 3.211<6669>-3.211 G 3.211<7469>-3.211 G 3.211<7373>-3.211 G
-.712<706563698c65642062>-3.211 F .712<7574206769>-.2 F -.15<7665>-.25 G
-3.212<6e6e>.15 G 3.212<6f61>-3.212 G -.18<7267>-3.212 G<752d>.18 E .094
-<6d656e742028692e652e2c2060>174 427.4 R<604f6427>-.74 E 2.594<2769>-.74
-G 2.594<7365>-2.594 G<717569>-2.594 E -.25<7661>-.25 G .094
-<6c656e7420746f2060>.25 F<604f646927>-.74 E 2.594<27292e20546865>-.74 F
-F0<ad76>2.594 E F1 .094
-<636f6d6d616e64206c696e65208d61672073657473207468697320746f>2.594 F F0
-<69>2.594 E F1<2e>A 1.526
-<4e6f74653a20666f7220696e7465726e616c20726561736f6e732c2060>174 439.4 R
-<606927>-.74 E 4.026<2764>-.74 G 1.526<6f6573206e6f742077>-4.026 F 1.527
-<6f726b2069662061206d696c74657220697320656e61626c6564207768696368206361
-6e>-.1 F<72656a656374206f722064656c65746520726563697069656e74732e>174
-451.4 Q<496e2074686174206361736520746865206d6f64652077696c6c206265206368
-616e67656420746f2060>5 E<606227>-.74 E<272e>-.74 E<4469616c44656c61793d>
-102 467.6 Q F2<736c65657074696d65>A F1 .799
-<5b6e6f2073686f7274206e616d655d204469616c2d6f6e2d64656d616e64206e657477>
-174 479.6 R .798<6f726b20636f6e6e656374696f6e732063616e207365652074696d
-656f757473206966206120636f6e2d>-.1 F .665<6e656374696f6e206973206f70656e
-6564206265666f7265207468652063616c6c206973207365742075702e>174 491.6 R
-.665<496620746869732069732073657420746f20616e20696e74657276>5.665 F .665
-<616c20616e64206120636f6e2d>-.25 F .743<6e656374696f6e2074696d6573206f75
-74206f6e20746865208c72737420636f6e6e656374696f6e206265696e6720617474656d
-70746564>174 503.6 R F2<73656e646d61696c>3.242 E F1 .742
-<77696c6c20736c65657020666f72>3.242 F .31
-<7468697320616d6f756e74206f662074696d6520616e6420747279206167>174 515.6
-R 2.81<61696e2e2054686973>-.05 F .31<73686f756c64206769>2.81 F .61 -.15
-<76652079>-.25 H .31
-<6f75722073797374656d2074696d6520746f2065737461626c697368>.15 F 1.543
-<74686520636f6e6e656374696f6e20746f20796f757220736572766963652070726f>
-174 527.6 R<7669646572>-.15 E 6.543<2e55>-.55 G 1.543<6e69747320646566>
--6.543 F 1.542<61756c7420746f207365636f6e64732c20736f20994469616c44652d>
--.1 F 1.798<6c61793d359a20757365732061208c76>174 539.6 R 4.298<6573>-.15
-G 1.798<65636f6e642064656c6179>-4.298 F 6.798<2e44>-.65 G<6566>-6.798 E
-1.799<61756c747320746f207a65726f20286e6f207265747279292e>-.1 F 1.799
-<546869732064656c6179206f6e6c79>6.799 F
-<6170706c69657320746f206d61696c657273207768696368206861>174 551.6 Q .3
--.15<76652074>-.2 H<6865205a208d6167207365742e>.15 E
-<4469726563745375626d697373696f6e4d6f64698c6572733d>102 567.8 Q F2
-<6d6f64698c6572>A<73>-.1 E F1<44658c6e6573>174 579.8 Q F0
-<247b6461656d6f6e5f8d6167737d>5.084 E F1 2.583<666f72206469726563742028
-636f6d6d616e64206c696e6529207375626d697373696f6e732e>5.084 F 2.583
-<4966206e6f74207365742c>7.583 F F0<247b6461656d6f6e5f8d6167737d>174
-591.8 Q F1 1.416
-<6973206569746865722022434320662220696620746865206f7074696f6e>3.916 F F0
-<ad47>3.916 E F1 1.417
-<69732075736564206f72202263207522206f74686572776973652e>3.917 F<4e6f7465
-2074686174206f6e6c79207468652074686520224343222c202263222c202266222c2061
-6e6420227522208d6167732061726520636865636b>174 603.8 Q<65642e>-.1 E
-<446f6e74426c616d6553656e646d61696c3d>102 620 Q F2
-<6f7074696f6e2c6f7074696f6e2c2e2e2e>A F1 .065
-<5b6e6f2073686f7274206e616d655d20496e206f7264657220746f2061>174 632 R
--.2<766f>-.2 G .064<696420706f737369626c6520637261636b696e6720617474656d
-707473206361757365642062792077>.2 F .064<6f726c642d20616e64>-.1 F .254<
-67726f75702d7772697461626c65208c6c657320616e64206469726563746f726965732c>
-174 644 R F2<73656e646d61696c>2.754 E F1 .255
-<646f657320706172616e6f696420636865636b696e67207768656e206f70656e2d>
-2.754 F .298<696e67206d6f7374206f662069747320737570706f7274208c6c65732e>
-174 656 R .297<496620666f7220736f6d6520726561736f6e20796f75206162736f6c
-7574656c79206d7573742072756e20776974682c20666f72>5.297 F -.15<6578>174
-668 S .176<616d706c652c20612067726f75702d7772697461626c65>.15 F F2
-<2f657463>2.677 E F1<6469726563746f7279>2.677 E 2.677<2c74>-.65 G .177
-<68656e20796f752077696c6c206861>-2.677 F .477 -.15<76652074>-.2 H 2.677
-<6f74>.15 G .177<75726e206f66>-2.677 F 2.677<6674>-.25 G .177
-<68697320636865636b2d>-2.677 F .794<696e67202861742074686520636f7374206f
-66206d616b696e6720796f75722073797374656d206d6f72652076756c6e657261626c65
-20746f2061747461636b292e>174 680 R .793<54686520706f737369626c65>5.793 F
-.32 LW 76 689.6 72 689.6 DL 80 689.6 76 689.6 DL 84 689.6 80 689.6 DL 88
-689.6 84 689.6 DL 92 689.6 88 689.6 DL 96 689.6 92 689.6 DL 100 689.6 96
-689.6 DL 104 689.6 100 689.6 DL 108 689.6 104 689.6 DL 112 689.6 108
-689.6 DL 116 689.6 112 689.6 DL 120 689.6 116 689.6 DL 124 689.6 120
-689.6 DL 128 689.6 124 689.6 DL 132 689.6 128 689.6 DL 136 689.6 132
-689.6 DL 140 689.6 136 689.6 DL 144 689.6 140 689.6 DL 148 689.6 144
-689.6 DL 152 689.6 148 689.6 DL 156 689.6 152 689.6 DL 160 689.6 156
-689.6 DL 164 689.6 160 689.6 DL 168 689.6 164 689.6 DL 172 689.6 168
-689.6 DL 176 689.6 172 689.6 DL 180 689.6 176 689.6 DL 184 689.6 180
-689.6 DL 188 689.6 184 689.6 DL 192 689.6 188 689.6 DL 196 689.6 192
-689.6 DL 200 689.6 196 689.6 DL 204 689.6 200 689.6 DL 208 689.6 204
-689.6 DL 212 689.6 208 689.6 DL 216 689.6 212 689.6 DL/F4 5
-/Times-Roman@0 SF<3139>93.6 700 Q/F5 8/Times-Roman@0 SF<546865206f6c64>
-3.2 I/F6 8/Times-Bold@0 SF<67>2 E F5
-<6f7074696f6e20686173206265656e20636f6d62696e656420696e746f20746865>2 E
-F6<44656661756c7455736572>2 E F5<6f7074696f6e2e>2 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-67)195.86 E/F1 10/Times-Roman@0 SF 67.56(aa)214 96 S -.1(lwa)
+-67.56 G(ys require A).1 E(UTH)-.55 E 67(bb)214 108 S(ind to interf)-67
+E(ace through which mail has been recei)-.1 E -.15(ve)-.25 G(d).15 E
+67.56(cp)214 120 S(erform hostname canoni\214cation \(.cf\))-67.56 E
+68.67(fr)214 132 S(equire fully quali\214ed hostname \(.cf\))-68.67 E
+68.11(sR)214 144 S(un smtps \(SMTP o)-68.11 E -.15(ve)-.15 G 2.5(rS).15
+G(SL\) instead of smtp)-2.5 E 67(ua)214 156 S(llo)-67 E 2.5(wu)-.25 G
+(nquali\214ed addresses \(.cf\))-2.5 E 64.78(Ad)214 168 S(isable A)
+-64.78 E(UTH \(o)-.55 E -.15(ve)-.15 G(rrides 'a' modi\214er\)).15 E
+65.33(Cd)214 180 S(on')-65.33 E 2.5(tp)-.18 G
+(erform hostname canoni\214cation)-2.5 E 65.89(Ed)214 192 S(isallo)
+-65.89 E 2.5(wE)-.25 G(TRN \(see RFC 2476\))-2.5 E 64.78(Oo)214 204 S
+(ptional; if opening the sock)-64.78 E(et f)-.1 E(ails ignore it)-.1 E
+66.44(Sd)214 216 S(on')-66.44 E 2.5(to)-.18 G -.25(ff)-2.5 G(er ST).25 E
+(AR)-.93 E(TTLS)-.6 E 2.412(That is, one w)174 232.2 R 2.413
+(ay to specify a message submission agent \(MSA\) that al)-.1 F -.1(wa)
+-.1 G(ys).1 E(requires A)174 244.2 Q(UTH is:)-.55 E 2.5(OD)214 260.4 S
+(aemonPortOptions=Name=MSA, Port=587, M=Ea)-2.5 E .244
+(The modi\214ers that are mark)174 276.6 R .244(ed with "\(.cf\)" ha)-.1
+F .544 -.15(ve o)-.2 H .244(nly ef).15 F .244
+(fect in the standard con\214g-)-.25 F .16(uration \214le, in which the)
+174 288.6 R 2.66(ya)-.15 G .16(re a)-2.66 F -.25(va)-.2 G .16
+(ilable via).25 F F0(${daemon_\215ags})2.66 E F1 5.16(.N)C .16
+(otice: Do)-5.16 F F0(not)2.66 E F1(use)2.66 E .461(the `)174 300.6 R
+(`a')-.74 E 2.961('m)-.74 G .461(odi\214er on a public accessible MT)
+-2.961 F 2.961(A! It)-.93 F .46(should only be used for a MSA)2.961 F
+2.553(that is accessed by authorized users for initial mail submission.)
+174 312.6 R 2.553(Users must)7.553 F 1.141
+(authenticate to use a MSA which has this option turned on.)174 324.6 R
+1.14(The \215ags `)6.14 F(`c')-.74 E 3.64('a)-.74 G(nd)-3.64 E -.74(``)
+174 336.6 S(C').74 E 3.785('c)-.74 G 1.285(an change the def)-3.785 F
+1.286(ault for hostname canoni\214cation in the)-.1 F/F2 10
+/Times-Italic@0 SF(sendmail.cf)3.786 E F1(\214le.)3.786 E .765
+(See the rele)174 348.6 R -.25(va)-.25 G .765(nt documentation for).25 F
+/F3 9/Times-Roman@0 SF(FEA)3.265 E(TURE\(nocanonify\))-.999 E F1 5.765
+(.T)C .765(he modi\214er `)-5.765 F -1.95(`f ')-.74 F 3.264('d)-.74 G
+(is-)-3.264 E(allo)174 360.6 Q .794(ws addresses of the form)-.25 F F0
+(user@host)3.294 E F1 .795(unless the)3.295 F 3.295(ya)-.15 G .795
+(re submitted directly)-3.295 F 5.795(.T)-.65 G(he)-5.795 E 2.127
+(\215ag `)174 372.6 R(`u')-.74 E 4.627('a)-.74 G(llo)-4.627 E 2.127
+(ws unquali\214ed sender addresses, i.e., those without @host.)-.25 F
+-.74(``)7.127 G(b').74 E(')-.74 E 2.791
+(forces sendmail to bind to the interf)174 384.6 R 2.791
+(ace through which the e-mail has been)-.1 F(recei)174 396.6 Q -.15(ve)
+-.25 G 4.369(df).15 G 1.869(or the outgoing connection.)-4.369 F F0 -1.2
+(WA)6.869 G(RNING:)1.2 E F1 1.869(Use `)4.369 F(`b')-.74 E 4.369('o)-.74
+G 1.869(nly if outgoing)-4.369 F .517
+(mail can be routed through the incoming connection')174 408.6 R 3.017
+(si)-.55 G(nterf)-3.017 E .518(ace to its destination.)-.1 F .119(No at\
+tempt is made to catch problems due to a miscon\214guration of this par\
+ameter)174 420.6 R(,)-.4 E 1.177
+(use it only for virtual hosting where each virtual interf)174 432.6 R
+1.177(ace can connect to e)-.1 F -.15(ve)-.25 G(ry).15 E 2.002
+(possible location.)174 444.6 R 2.001(This will also o)7.001 F -.15(ve)
+-.15 G 2.001(rride possible settings via).15 F F0(ClientP)4.501 E
+(ortOp-)-.2 E(tions.)174 456.6 Q F1(Note,)5.248 E F2(sendmail)2.748 E F1
+.248(will listen on a ne)2.748 F 2.749(ws)-.25 G(ock)-2.749 E .249
+(et for each occurrence of the)-.1 F F0(Dae-)2.749 E(monP)174 468.6 Q
+(ortOptions)-.2 E F1 .838(option in a con\214guration \214le.)3.338 F
+.838(The modi\214er `)5.838 F(`O')-.74 E 3.338('c)-.74 G .838
+(auses send-)-3.338 F 1.417(mail to ignore a sock)174 480.6 R 1.417
+(et if it can')-.1 F 3.917(tb)-.18 G 3.917(eo)-3.917 G 3.917
+(pened. This)-3.917 F 1.418(applies to f)3.918 F 1.418(ailures from the)
+-.1 F(sock)174 492.6 Q(et\(2\) and bind\(2\) calls.)-.1 E(Def)102 508.8
+Q 2.95(aultAuthInfo [no)-.1 F .181
+(short name] Filename that contains def)2.681 F .181
+(ault authentication information for out-)-.1 F 1.737(going connections\
+. This \214le must contain the user id, the authorization id, the)174
+520.8 R(passw)174 532.8 Q 1.562(ord \(plain te)-.1 F 1.561
+(xt\), the realm and the list of mechanisms to use on separate)-.15 F
+.287(lines and must be readable by root \(or the trusted user\) only)174
+544.8 R 5.288(.I)-.65 G 2.788(fn)-5.288 G 2.788(or)-2.788 G .288
+(ealm is speci-)-2.788 F(\214ed,)174 556.8 Q F0($j)3.705 E F1 1.205
+(is used.)3.705 F 1.205(If no mechanisms are speci\214ed, the list gi)
+6.205 F -.15(ve)-.25 G 3.704(nb).15 G(y)-3.704 E F0 -.5(Au)3.704 G
+(thMecha-).5 E(nisms)174 568.8 Q F1 1.371(is used.)3.871 F 1.372
+(Notice: this option is deprecated and will be remo)6.371 F -.15(ve)-.15
+G 3.872(di).15 G 3.872(nf)-3.872 G(uture)-3.872 E -.15(ve)174 580.8 S
+3.411(rsions. Moreo).15 F -.15(ve)-.15 G 1.711 -.4(r, i).15 H 3.411(td)
+.4 G(oesn')-3.411 E 3.411(tw)-.18 G .911(ork for the MSP since it can')
+-3.511 F 3.41(tr)-.18 G .91(ead the \214le \(the)-3.41 F .014
+(\214le must not be group/w)174 592.8 R .014(orld-readable otherwise)-.1
+F F2(sendmail)2.514 E F1 .014(will complain\).)2.514 F .014(Use the)
+5.014 F 1.2(authinfo ruleset instead which pro)174 604.8 R 1.2
+(vides more control o)-.15 F -.15(ve)-.15 G 3.7(rt).15 G 1.2
+(he usage of the data)-3.7 F(an)174 616.8 Q(yw)-.15 E(ay)-.1 E(.)-.65 E
+(Def)102 633 Q(aultCharSet=)-.1 E F2 -.15(ch)C(ar).15 E(set)-.1 E F1 .16
+([no short name] When a message that has 8-bit characters b)174 645 R
+.161(ut is not in MIME for)-.2 F(-)-.2 E .495(mat is con)174 657 R -.15
+(ve)-.4 G .495
+(rted to MIME \(see the EightBitMode option\) a character set must be)
+.15 F .487(included in the Content-T)174 669 R .487(ype: header)-.8 F
+5.487(.T)-.55 G .488(his character set is normally set from the)-5.487 F
+.133(Charset= \214eld of the mailer descriptor)174 681 R 5.133(.I)-.55 G
+2.633(ft)-5.133 G .133(hat is not set, the v)-2.633 F .133
+(alue of this option is)-.25 F 2.5(used. If)174 693 R
+(this option is not set, the v)2.5 E(alue \231unkno)-.25 E
+(wn-8bit\232 is used.)-.25 E(DataFileBuf)102 709.2 Q(ferSize=)-.25 E F2
+(thr)A(eshold)-.37 E F1 .011([no short name] Set the)174 721.2 R F2(thr)
+2.511 E(eshold)-.37 E F1 2.511(,i)C 2.512(nb)-2.511 G .012
+(ytes, before a memory-based queue data \214le)-2.512 F 0 Cg EP
%%Page: 68 64
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d36382053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<6172>174 96 Q 1.394<67756d656e7473206861>-.18 F
-1.694 -.15<76652062>-.2 H 1.394
-<65656e20646573637269626564206561726c696572>.15 F 6.394<2e54>-.55 G
-1.395<68652064657461696c73206f66207468657365208d616773206172652064657363
-7269626564>-6.394 F<61626f>174 108 Q -.15<7665>-.15 G<2e>.15 E F0
-<557365206f662074686973206f7074696f6e206973206e6f742072>5 E
-<65636f6d6d656e6465642e>-.18 E F1<446f6e74457870616e64436e616d6573>102
-124.2 Q .559<5b6e6f2073686f7274206e616d655d20546865207374616e6461726473
-20736179207468617420616c6c20686f737420616464726573736573207573656420696e
-2061206d61696c206d657373616765>174 136.2 R 1.407
-<6d7573742062652066756c6c792063616e6f6e6963616c2e>174 148.2 R -.15<466f>
-6.407 G 3.907<7265>.15 G 1.407<78616d706c652c20696620796f757220686f7374
-206973206e616d6564209943727566742e46>-4.057 F<6f6f2e4f52479a>-.15 E
-1.462<616e6420616c736f2068617320616e20616c696173206f662099465450>174
-160.2 R<2e46>-1.11 E 1.462<6f6f2e4f52479a2c2074686520666f726d6572206e61
-6d65206d757374206265207573656420617420616c6c>-.15 F 2.63
-<74696d65732e2054686973>174 172.2 R .131<697320656e666f7263656420647572
-696e6720686f7374206e616d652063616e6f6e698c636174696f6e2028245b202e2e2e20
-245d206c6f6f6b757073292e>2.63 F .131<49662074686973>5.131 F .662<6f7074
-696f6e206973207365742c207468652070726f746f636f6c73206172652069676e6f7265
-6420616e6420746865209977726f6e679a207468696e6720697320646f6e652e>174
-184.2 R<486f>5.661 E<7765>-.25 E -.15<7665>-.25 G -.4<722c>.15 G .871
-<7468652049455446206973206d6f>174 196.2 R .871<76696e6720746f>-.15 F -.1
-<7761>-.25 G .872<7264206368616e67696e672074686973207374616e646172642c20
-736f207468652062656861>.1 F .872<76696f72206d6179206265636f6d65>-.2 F
-3.01<61636365707461626c652e20506c65617365>174 208.2 R .509
-<6e6f7465207468617420686f73747320646f>3.01 F .509
-<776e73747265616d206d6179207374696c6c207265>-.25 F .509
-<777269746520746865206164647265737320746f206265>-.25 F
-<74686520747275652063616e6f6e6963616c206e616d6520686f>174 220.2 Q<7765>
--.25 E -.15<7665>-.25 G -.55<722e>.15 G 6.17
-<446f6e74496e697447726f757073205b6e6f>102 236.4 R .25
-<73686f7274206e616d655d204966207365742c>2.75 F/F2 10/Times-Italic@0 SF
-<73656e646d61696c>2.75 E F1 .25<77696c6c2061>2.75 F -.2<766f>-.2 G .25
-<6964207573696e672074686520696e697467726f7570732833292063616c6c2e>.2 F
-.25<496620796f7520617265>5.25 F .583<72756e6e696e67204e49532c2074686973
-2063617573657320612073657175656e7469616c207363616e206f66207468652067726f
-7570732e62796e616d65206d61702c2077686963682063616e>174 248.4 R .435
-<636175736520796f7572204e49532073657276>174 260.4 R .435
-<657220746f206265206261646c79206f>-.15 F -.15<7665>-.15 G .435
-<726c6f6164656420696e2061206c6172>.15 F .436<676520646f6d61696e2e>-.18 F
-.436<54686520636f7374206f662074686973>5.436 F .697<69732074686174207468
-65206f6e6c792067726f757020666f756e6420666f722075736572732077696c6c206265
-207468656972207072696d6172792067726f75702028746865206f6e6520696e20746865>
-174 272.4 R<7061737377>174 284.4 Q 1.189
-<6f7264208c6c65292c2077686963682077696c6c206d616b>-.1 F 3.689<658c>-.1 G
-1.189<6c6520616363657373207065726d697373696f6e7320736f6d65>-3.689 F
-1.189<77686174206d6f726520726573747269632d>-.25 F<7469>174 296.4 Q -.15
-<7665>-.25 G 5<2e48>.15 G<6173206e6f206566>-5 E
-<66656374206f6e2073797374656d73207468617420646f6e27>-.25 E 2.5<7468>-.18
-G -2.25 -.2<61762065>-2.5 H<67726f7570206c697374732e>2.7 E
-<446f6e7450726f6265496e74657266>102 312.6 Q<61636573>-.1 E 1.713
-<5b6e6f2073686f7274206e616d655d>174 324.6 R F2<53656e646d61696c>4.213 E
-F1 1.712<6e6f726d616c6c79208c6e647320746865206e616d6573206f6620616c6c20
-696e74657266>4.213 F 1.712<616365732061637469>-.1 F 2.012 -.15<7665206f>
--.25 H<6e>.15 E 1.103<796f7572206d616368696e65207768656e2069742073746172
-747320757020616e642061646473207468656972206e616d6520746f20746865>174
-336.6 R F0<243d77>3.603 E F1 1.103<636c617373206f66206b6e6f>3.603 F
-<776e>-.25 E 1.836<686f737420616c69617365732e>174 348.6 R 1.836
-<496620796f75206861>6.836 F 2.136 -.15<76652061206c>-.2 H<6172>.15 E
-1.836<6765206e756d626572206f66207669727475616c20696e74657266>-.18 F
-1.835<61636573206f7220696620796f757220444e53>-.1 F<696e>174 360.6 Q -.15
-<7665>-.4 G .958<727365206c6f6f6b7570732061726520736c6f>.15 F 3.458
-<7774>-.25 G .958<6869732063616e2062652074696d6520636f6e73756d696e672e>
--3.458 F .959<54686973206f7074696f6e207475726e73206f66>5.959 F 3.459
-<6674>-.25 G<686174>-3.459 E 2.974<70726f62696e672e20486f>174 372.6 R
-<7765>-.25 E -.15<7665>-.25 G 1.274 -.4<722c2079>.15 H .474<6f752077696c
-6c206e65656420746f206265206365727461696e20746f20696e636c75646520616c6c20
-76>.4 F .473<617269616e74206e616d657320696e20746865>-.25 F F0<243d77>174
-384.6 Q F1 1.868
-<636c61737320627920736f6d65206f74686572206d656368616e69736d2e>4.368 F
-1.868<49662073657420746f>6.868 F F0<6c6f6f706261636b>4.368 E F1 4.369
-<2c6c>C 1.869<6f6f706261636b20696e74657266>-4.369 F<61636573>-.1 E
-<28652e672e2c206c6f30292077696c6c206e6f742062652070726f6265642e>174
-396.6 Q -1.61<446f6e745072756e65526f75746573205b525d>102 412.8 R
-<4e6f726d616c6c79>3.905 E<2c>-.65 E F2<73656e646d61696c>3.905 E F1 1.405
-<747269657320746f20656c696d696e61746520616e>3.905 F 3.905<7975>-.15 G
-1.405<6e6e65636573736172792065>-3.905 F 1.405
-<78706c6963697420726f75746573207768656e>-.15 F .154<73656e64696e6720616e
-206572726f72206d657373616765202861732064697363757373656420696e2052464320
-3131323320a720352e322e36292e>174 424.8 R -.15<466f>5.155 G 2.655<7265>
-.15 G .155<78616d706c652c207768656e>-2.805 F
-<73656e64696e6720616e206572726f72206d65737361676520746f>174 436.8 Q
-<3c406b6e6f>214 453 Q<776e312c406b6e6f>-.25 E<776e322c406b6e6f>-.25 E
-<776e333a7573657240756e6b6e6f>-.25 E<776e3e>-.25 E F2<73656e646d61696c>
-174 469.2 Q F1 1.155<77696c6c207374726970206f66>3.655 F 3.655<6674>-.25
-G 1.155<68652099406b6e6f>-3.655 F<776e312c406b6e6f>-.25 E 1.155
-<776e329a20696e206f7264657220746f206d616b>-.25 F 3.655<6574>-.1 G 1.155
-<686520726f757465206173>-3.655 F .812
-<64697265637420617320706f737369626c652e>174 481.2 R<486f>5.812 E<7765>
--.25 E -.15<7665>-.25 G 1.612 -.4<722c2069>.15 H 3.312<6674>.4 G<6865>
--3.312 E F0<52>3.313 E F1 .813<6f7074696f6e206973207365742c207468697320
-77696c6c2062652064697361626c65642c20616e6420746865>3.313 F .01<6d61696c
-2077696c6c2062652073656e7420746f20746865208c727374206164647265737320696e
-2074686520726f7574652c2065>174 493.2 R -.15<7665>-.25 G 2.509<6e69>.15 G
-2.509<666c>-2.509 G .009<617465722061646472657373657320617265206b6e6f>
--2.509 F<776e2e>-.25 E<54686973206d61792062652075736566756c20696620796f
-75206172652063617567687420626568696e642061208c7265>174 505.2 Q -.1<7761>
--.25 G<6c6c2e>.1 E<446f75626c65426f756e6365416464726573733d>102 521.4 Q
-F2<657272>A<6f72>-.45 E<2d61646472>-.2 E<657373>-.37 E F1 .504<5b6e6f20
-73686f7274206e616d655d20496620616e206572726f72206f6363757273207768656e20
-73656e64696e6720616e206572726f72206d6573736167652c2073656e64207468652065
-72726f72>174 533.4 R 1.999<7265706f727420287465726d656420612099646f7562
-6c6520626f756e63659a206265636175736520697420697320616e206572726f72209962
-6f756e63659a2074686174206f6363757273>174 545.4 R .053<7768656e2074727969
-6e6720746f2073656e6420616e6f74686572206572726f722099626f756e63659a292074
-6f2074686520696e6469636174656420616464726573732e>174 557.4 R .054
-<5468652061646472657373>5.054 F .475<6973206d6163726f2065>174 569.4 R
-.474<7870616e646564206174207468652074696d65206f662064656c69>-.15 F -.15
-<7665>-.25 G<7279>.15 E 5.474<2e49>-.65 G 2.974<666e>-5.474 G .474
-<6f74207365742c20646566>-2.974 F .474
-<61756c747320746f2099706f73746d61737465729a2e>-.1 F<4966>5.474 E<736574
-20746f20616e20656d70747920737472696e672c20646f75626c6520626f756e63657320
-6172652064726f707065642e>174 581.4 Q<45696768744269744d6f64653d>102
-597.6 Q F2<616374696f6e>A F1 1.955
-<5b385d205365742068616e646c696e67206f662065696768742d62697420646174612e>
-174 609.6 R 1.955<546865726520617265207477>6.955 F 4.456<6f6b>-.1 G
-1.956<696e6473206f662065696768742d62697420646174613a2074686174>-4.456 F
-3.335<6465636c617265642061732073756368207573696e6720746865>174 621.6 R
-F0<424f44>5.834 E<593d384249544d494d45>-.4 E F1 3.334
-<45534d5450206465636c61726174696f6e206f7220746865>5.834 F F0
-<ad42384249544d494d45>174 633.6 Q F1 .948<636f6d6d616e64206c696e65208d61
-672c20616e6420756e6465636c6172656420382d62697420646174612c20746861742069
-732c20696e7075742074686174>3.448 F 1.18
-<6a7573742068617070656e7320746f20626520656967687420626974732e>174 645.6
-R 1.18<546865726520617265207468726565206261736963206f7065726174696f6e73
-20746861742063616e2068617070656e3a>6.18 F .995<756e6465636c617265642038
-2d62697420646174612063616e206265206175746f6d61746963616c6c7920636f6e>174
-657.6 R -.15<7665>-.4 G .996
-<7274656420746f20384249544d494d452c20756e6465636c61726564>.15 F .887<38
-2d62697420646174612063616e206265207061737365642061732d697320776974686f75
-7420636f6e>174 669.6 R -.15<7665>-.4 G .887
-<7273696f6e20746f204d494d45202860>.15 F .887<606a7573742073656e64203827>
--.74 F .886<27292c20616e64>-.74 F 1.794
-<6465636c6172656420382d62697420646174612063616e20626520636f6e>174 681.6
-R -.15<7665>-.4 G 1.794<7274656420746f20372d6269747320666f72207472616e73
-6d697373696f6e20746f2061206e6f6e2d38424954>.15 F<2d>-.92 E
-<4d494d45206d61696c6572>174 693.6 Q 5<2e54>-.55 G
-<686520706f737369626c65>-5 E F2<616374696f6e>2.5 E F1 2.5<7361>C<72653a>
--2.5 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-68 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(becomes disk-based.)174 96 Q(The def)5 E(ault is 4096 bytes.)-.1 E
+(DeadLetterDrop=)102 112.2 Q/F2 10/Times-Italic@0 SF(\214le)A F1 .535([\
+no short name] De\214nes the location of the system-wide dead.letter \
+\214le, formerly)174 124.2 R .743(hardcoded to /usr/tmp/dead.letter)174
+136.2 R 5.743(.I)-.55 G 3.243(ft)-5.743 G .744
+(his option is not set \(the def)-3.243 F .744(ault\), sendmail)-.1 F
+1.465(will not attempt to sa)174 148.2 R 1.764 -.15(ve t)-.2 H 3.964
+(oas).15 G 1.464(ystem-wide dead.letter \214le in the e)-3.964 F -.15
+(ve)-.25 G 1.464(nt it cannot).15 F .575
+(bounce the mail to the user or postmaster)174 160.2 R 5.575(.I)-.55 G
+.575(nstead, it will rename the qf \214le as it)-5.575 F
+(has in the past when the dead.letter \214le could not be opened.)174
+172.2 Q(Def)102 188.4 Q(aultUser=)-.1 E F2(user:gr)A(oup)-.45 E F1 .014
+([u] Set the def)174 200.4 R .014(ault userid for mailers to)-.1 F F2
+(user:gr)2.513 E(oup)-.45 E F1 5.013(.I)C(f)-5.013 E F2(gr)2.513 E(oup)
+-.45 E F1 .013(is omitted and)2.513 F F2(user)2.513 E F1(is)2.513 E
+4.306(au)174 212.4 S 1.807
+(ser name \(as opposed to a numeric user id\) the def)-4.306 F 1.807
+(ault group listed in the)-.1 F 1.153
+(/etc/passwd \214le for that user is used as the def)174 224.4 R 1.153
+(ault group.)-.1 F(Both)6.153 E F2(user)3.653 E F1(and)3.652 E F2(gr)
+3.652 E(oup)-.45 E F1 1.152(may be numeric.)174 236.4 R 1.152
+(Mailers without the)6.152 F F2(S)3.652 E F1 1.152
+(\215ag in the mailer de\214nition will run as)3.652 F .142(this user)
+174 250.4 R 5.142(.D)-.55 G(ef)-5.142 E .142(aults to 1:1.)-.1 F .142
+(The v)5.142 F .142(alue can also be gi)-.25 F -.15(ve)-.25 G 2.642(na)
+.15 G 2.642(sas)-2.642 G .142(ymbolic user name.)-2.642 F/F3 7
+/Times-Roman@0 SF(19)-4 I F1(DelayLA=)102 266.6 Q F2(LA)A F1 .996
+([no short name] When the system load a)17.48 F -.15(ve)-.2 G .996
+(rage e).15 F(xceeds)-.15 E F2(LA)3.496 E F1(,)A F2(sendmail)3.496 E F1
+.996(will sleep)3.496 F
+(for one second on most SMTP commands and before accepting connections.)
+174 278.6 Q(Deli)102 294.8 Q -.15(ve)-.25 G(rByMin=).15 E F2(time)A F1
+.203([0] Set minimum time for Deli)174 306.8 R -.15(ve)-.25 G 2.702(rB)
+.15 G 2.702(yS)-2.702 G .202(MTP Service Extension \(RFC 2852\).)-2.702
+F .202(If 0,)5.202 F .486(no time is listed, if less than 0, the e)174
+318.8 R .487(xtension is not of)-.15 F .487
+(fered, if greater than 0, it is)-.25 F
+(listed as minimum time for the EHLO k)174 330.8 Q -.15(ey)-.1 G -.1(wo)
+.15 G(rd DELIVERBY).1 E(.)-1.29 E(Deli)102 347 Q -.15(ve)-.25 G(ryMode=)
+.15 E F2(x)A F1([d] Deli)4 E -.15(ve)-.25 G 2.5(ri).15 G 2.5(nm)-2.5 G
+(ode)-2.5 E F2(x)2.5 E F1 5(.L)C -2.25 -.15(eg a)-5 H 2.5(lm).15 G
+(odes are:)-2.5 E 17.22(iD)214 363.2 S(eli)-17.22 E -.15(ve)-.25 G 2.5
+(ri).15 G(nteracti)-2.5 E -.15(ve)-.25 G(ly \(synchronously\)).15 E 15
+(bD)214 375.2 S(eli)-15 E -.15(ve)-.25 G 2.5(ri).15 G 2.5(nb)-2.5 G
+(ackground \(asynchronously\))-2.5 E 15(qJ)214 387.2 S
+(ust queue the message \(deli)-15 E -.15(ve)-.25 G 2.5(rd).15 G
+(uring queue run\))-2.5 E 15(dD)214 399.2 S(efer deli)-15 E -.15(ve)-.25
+G(ry and all map lookups \(deli).15 E -.15(ve)-.25 G 2.5(rd).15 G
+(uring queue run\))-2.5 E(Def)174 415.4 Q .712(aults to `)-.1 F(`b')-.74
+E 3.212('i)-.74 G 3.212(fn)-3.212 G 3.211(oo)-3.212 G .711
+(ption is speci\214ed, `)-3.211 F(`i')-.74 E 3.211('i)-.74 G 3.211(fi)
+-3.211 G 3.211(ti)-3.211 G 3.211(ss)-3.211 G .711(peci\214ed b)-3.211 F
+.711(ut gi)-.2 F -.15(ve)-.25 G 3.211(nn).15 G 3.211(oa)-3.211 G -.18
+(rg)-3.211 G(u-).18 E .094(ment \(i.e., `)174 427.4 R(`Od')-.74 E 2.594
+('i)-.74 G 2.594(se)-2.594 G(qui)-2.594 E -.25(va)-.25 G .094(lent to `)
+.25 F(`Odi')-.74 E 2.594('\). The)-.74 F F0<ad76>2.594 E F1 .094
+(command line \215ag sets this to)2.594 F F0(i)2.594 E F1(.)A 1.527
+(Note: for internal reasons, `)174 439.4 R(`i')-.74 E 4.027('d)-.74 G
+1.527(oes not w)-4.027 F 1.526(ork if a milter is enabled which can)-.1
+F(reject or delete recipients.)174 451.4 Q
+(In that case the mode will be changed to `)5 E(`b')-.74 E('.)-.74 E
+(DialDelay=)102 467.6 Q F2(sleeptime)A F1 .798
+([no short name] Dial-on-demand netw)174 479.6 R .798
+(ork connections can see timeouts if a con-)-.1 F .665
+(nection is opened before the call is set up.)174 491.6 R .665
+(If this is set to an interv)5.665 F .665(al and a con-)-.25 F .742
+(nection times out on the \214rst connection being attempted)174 503.6 R
+F2(sendmail)3.243 E F1 .743(will sleep for)3.243 F .31
+(this amount of time and try ag)174 515.6 R 2.81(ain. This)-.05 F .31
+(should gi)2.81 F .61 -.15(ve y)-.25 H .31(our system time to establish)
+.15 F 1.542(the connection to your service pro)174 527.6 R(vider)-.15 E
+6.543(.U)-.55 G 1.543(nits def)-6.543 F 1.543
+(ault to seconds, so \231DialDe-)-.1 F 1.799(lay=5\232 uses a \214v)174
+539.6 R 4.299(es)-.15 G 1.799(econd delay)-4.299 F 6.799(.D)-.65 G(ef)
+-6.799 E 1.798(aults to zero \(no retry\).)-.1 F 1.798(This delay only)
+6.798 F(applies to mailers which ha)174 551.6 Q .3 -.15(ve t)-.2 H
+(he Z \215ag set.).15 E(DirectSubmissionModi\214ers=)102 567.8 Q F2
+(modi\214er)A(s)-.1 E F1(De\214nes)174 579.8 Q F0(${daemon_\215ags})
+5.083 E F1 2.583(for direct \(command line\) submissions.)5.083 F 2.584
+(If not set,)7.584 F F0(${daemon_\215ags})174 591.8 Q F1 1.417
+(is either "CC f" if the option)3.917 F F0<ad47>3.916 E F1 1.416
+(is used or "c u" otherwise.)3.916 F
+(Note that only the the "CC", "c", "f", and "u" \215ags are check)174
+603.8 Q(ed.)-.1 E(DontBlameSendmail=)102 620 Q F2(option,option,...)A F1
+.064([no short name] In order to a)174 632 R -.2(vo)-.2 G .065
+(id possible cracking attempts caused by w).2 F .065(orld- and)-.1 F
+.255(group-writable \214les and directories,)174 644 R F2(sendmail)2.755
+E F1 .254(does paranoid checking when open-)2.754 F .297
+(ing most of its support \214les.)174 656 R .298
+(If for some reason you absolutely must run with, for)5.297 F -.15(ex)
+174 668 S .177(ample, a group-writable).15 F F2(/etc)2.677 E F1
+(directory)2.677 E 2.677(,t)-.65 G .177(hen you will ha)-2.677 F .477
+-.15(ve t)-.2 H 2.677(ot).15 G .177(urn of)-2.677 F 2.677(ft)-.25 G .176
+(his check-)-2.677 F .794
+(ing \(at the cost of making your system more vulnerable to attack\).)
+174 680 R .794(The possible)5.794 F .32 LW 76 689.6 72 689.6 DL 80 689.6
+76 689.6 DL 84 689.6 80 689.6 DL 88 689.6 84 689.6 DL 92 689.6 88 689.6
+DL 96 689.6 92 689.6 DL 100 689.6 96 689.6 DL 104 689.6 100 689.6 DL 108
+689.6 104 689.6 DL 112 689.6 108 689.6 DL 116 689.6 112 689.6 DL 120
+689.6 116 689.6 DL 124 689.6 120 689.6 DL 128 689.6 124 689.6 DL 132
+689.6 128 689.6 DL 136 689.6 132 689.6 DL 140 689.6 136 689.6 DL 144
+689.6 140 689.6 DL 148 689.6 144 689.6 DL 152 689.6 148 689.6 DL 156
+689.6 152 689.6 DL 160 689.6 156 689.6 DL 164 689.6 160 689.6 DL 168
+689.6 164 689.6 DL 172 689.6 168 689.6 DL 176 689.6 172 689.6 DL 180
+689.6 176 689.6 DL 184 689.6 180 689.6 DL 188 689.6 184 689.6 DL 192
+689.6 188 689.6 DL 196 689.6 192 689.6 DL 200 689.6 196 689.6 DL 204
+689.6 200 689.6 DL 208 689.6 204 689.6 DL 212 689.6 208 689.6 DL 216
+689.6 212 689.6 DL/F4 5/Times-Roman@0 SF(19)93.6 700 Q/F5 8
+/Times-Roman@0 SF(The old)3.2 I/F6 8/Times-Bold@0 SF(g)2 E F5
+(option has been combined into the)2 E F6(DefaultUser)2 E F5(option.)2 E
+0 Cg EP
%%Page: 69 65
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3639>195.86 E
-/F1 10/Times-Roman@0 SF 11.11<7352>219 96 S
-<656a65637420756e6465636c6172656420382d6269742064617461202860>-11.11 E
-<6073747269637427>-.74 E<2729>-.74 E 7.22<6d43>219 108 S<6f6e>-7.22 E
--.15<7665>-.4 G
-<727420756e6465636c6172656420382d626974206461746120746f204d494d45202860>
-.15 E<606d696d6527>-.74 E<2729>-.74 E 10<7050>219 120 S
-<61737320756e6465636c6172656420382d6269742064617461202860>-10.15 E
-<607061737327>-.74 E<2729>-.74 E 2.228<496e20616c6c2063617365732070726f
-7065726c79206465636c6172656420384249544d494d4520646174612077696c6c206265
-20636f6e>174 136.2 R -.15<7665>-.4 G 2.227
-<7274656420746f2037424954206173>.15 F<6e65656465642e>174 148.2 Q
-<4572726f724865616465723d>102 164.4 Q/F2 10/Times-Italic@0 SF
-<8c6c652d6f72>A<2d6d65737361>-.2 E -.1<6765>-.1 G F1 .486<5b455d20507265
-70656e64206572726f72206d6573736167657320776974682074686520696e6469636174
-6564206d6573736167652e>174 176.4 R .486<4966206974206265>5.486 F .487
-<67696e732077697468206120736c6173682c>-.15 F .246<697420697320617373756d
-656420746f2062652074686520706174686e616d65206f662061208c6c6520636f6e7461
-696e696e672061206d65737361676520287468697320697320746865207265636f6d2d>
-174 188.4 R .86<6d656e6465642073657474696e67292e>174 200.4 R .86
-<4f74686572776973652c2069742069732061206c69746572616c206d6573736167652e>
-5.86 F .86<546865206572726f72208c6c65206d6967687420636f6e7461696e>5.86 F
-1.116<746865206e616d652c20656d61696c20616464726573732c20616e642f6f722070
-686f6e65206e756d626572206f662061206c6f63616c20706f73746d6173746572207768
-6f20636f756c64>174 212.4 R<70726f>174 224.4 Q .826
-<7669646520617373697374616e636520746f20656e642075736572732e>-.15 F .827<
-496620746865206f7074696f6e206973206d697373696e67206f72206e756c6c2c206f72
-206966206974206e616d65732061>5.827 F
-<8c6c6520776869636820646f6573206e6f742065>174 236.4 Q<78697374206f722077
-68696368206973206e6f74207265616461626c652c206e6f206d65737361676520697320
-7072696e7465642e>-.15 E<4572726f724d6f64653d>102 252.6 Q F2<78>A F1
-<5b655d20446973706f7365206f66206572726f7273207573696e67206d6f6465>17.49
-E F2<78>2.5 E F1 5<2e54>C<68652076>-5 E<616c75657320666f72>-.25 E F2<78>
-2.5 E F1<6172653a>2.5 E 15<7050>214 268.8 S
-<72696e74206572726f72206d657373616765732028646566>-15 E<61756c7429>-.1 E
-15<714e>214 280.8 S 2.5<6f6d>-15 G<657373616765732c206a757374206769>-2.5
-E .3 -.15<7665206578>-.25 H<697420737461747573>.15 E 12.22<6d4d>214
-292.8 S<61696c206261636b206572726f7273>-12.22 E 12.78<7757>214 304.8 S<
-72697465206261636b206572726f727320286d61696c2069662075736572206e6f74206c
-6f6767656420696e29>-12.78 E 15.56<654d>214 316.8 S<61696c206261636b2065
-72726f727320287768656e206170706c696361626c652920616e64206769>-15.56 E .3
--.15<7665207a>-.25 H<65726f2065>.15 E<786974207374617420616c>-.15 E -.1
-<7761>-.1 G<7973>.1 E 1.314<4e6f7465207468617420746865206c617374206d6f64
-652c2099659a2c20697320666f72204265726b6e6574206572726f722070726f63657373
-696e6720616e642073686f756c64206e6f74206265>174 333 R 1.323
-<7573656420696e206e6f726d616c2063697263756d7374616e6365732e>174 345 R
-1.323<4e6f74652c20746f6f2c2074686174206d6f64652099719a2c206f6e6c79206170
-706c69657320746f206572726f7273>6.323 F<7265636f676e697a6564206265666f72
-652073656e646d61696c20666f726b7320666f72206261636b67726f756e642064656c69>
-174 357 Q -.15<7665>-.25 G<7279>.15 E<2e>-.65 E -.15<4661>102 373.2 S
-<6c6c6261636b4d58686f73743d>.15 E F2<66616c6c626163>A<6b686f7374>-.2 E
-F1 .797<5b565d2049662073706563698c65642c20746865>174 385.2 R F2
-<66616c6c626163>3.297 E<6b686f7374>-.2 E F1 .797<61637473206c696b>3.297
-F 3.296<656176>-.1 G .796<657279206c6f>-3.446 F 3.296<7770>-.25 G .796
-<72696f72697479204d58206f6e2065>-3.296 F -.15<7665>-.25 G .796
-<727920686f73742e>.15 F 1.537
-<4d58207265636f7264732077696c6c206265206c6f6f6b>174 397.2 R 1.537<656420
-757020666f72207468697320686f73742c20756e6c65737320746865206e616d65206973
-20737572726f756e646564206279>-.1 F .017<73717561726520627261636b>174
-409.2 R 2.517<6574732e2054686973>-.1 F .017<697320696e74656e64656420746f
-2062652075736564206279207369746573207769746820706f6f72206e657477>2.517 F
-.016<6f726b20636f6e6e65637469>-.1 F<762d>-.25 E<697479>174 421.2 Q 6.706
-<2e4d>-.65 G 1.706<657373616765732077686963682061726520756e64656c69>
--6.706 F -.15<7665>-.25 G 1.706
-<7261626c652064756520746f2074656d706f7261727920616464726573732066>.15 F
-1.706<61696c757265732028652e672e2c>-.1 F<444e532066>174 433.2 Q
-<61696c7572652920616c736f20676f20746f207468652046>-.1 E
-<616c6c6261636b4d58686f73742e>-.15 E -.15<4661>102 449.4 S
-<6c6c4261636b536d617274486f73743d>.15 E F2<686f73746e616d65>A F1 1.656
-<49662073706563698c65642c20746865>174 461.4 R F2 -.75<4661>4.156 G
-<6c6c426163>.75 E<6b536d617274486f7374>-.2 E F1 1.656
-<77696c6c206265207573656420696e2061206c6173742d6469746368206566>4.156 F
-1.655<666f727420666f722065616368>-.25 F 3.212<686f73742e2054686973>174
-473.4 R .712<697320696e74656e64656420746f206265207573656420627920736974
-65732077697468202266>3.212 F<616b>-.1 E 3.212<6569>-.1 G .712
-<6e7465726e616c20444e53222c20652e672e2c206120636f6d2d>-3.212 F<70616e>
-174 485.4 Q 3.19<7977>-.15 G .69
-<686f736520444e532061636375726174656c792072658d65637473207468652077>
--3.19 F .69<6f726c6420696e73696465207468617420636f6d70616e>-.1 F<7927>
--.15 E 3.19<7364>-.55 G .69<6f6d61696e2062>-3.19 F<7574>-.2 E
-<6e6f74206f7574736964652e>174 497.4 Q -.15<4661>102 513.6 S 34.08
-<737453706c6974205b6e6f>.15 F 1.572
-<73686f7274206e616d655d2049662073657420746f20612076>4.071 F 1.572
-<616c75652067726561746572207468616e207a65726f202874686520646566>-.25 F
-1.572<61756c74206973206f6e65292c206974207375702d>-.1 F .977<707265737365
-7320746865204d58206c6f6f6b757073206f6e20616464726573736573207768656e2074
-6865>174 525.6 R 3.477<7961>-.15 G .977
-<726520696e697469616c6c7920736f727465642c20692e652e2c20666f7220746865>
--3.477 F 1.03<8c7273742064656c69>174 537.6 R -.15<7665>-.25 G 1.031
-<727920617474656d70742e>.15 F 1.031
-<5468697320757375616c6c7920726573756c747320696e2066>6.031 F 1.031
-<617374657220656e>-.1 F -.15<7665>-.4 G 1.031
-<6c6f70652073706c697474696e6720756e6c65737320746865>.15 F .423
-<4d58207265636f726473206172652072656164696c792061>174 549.6 R -.25<7661>
--.2 G .423<696c61626c6520696e2061206c6f63616c20444e532063616368652e>.25
-F 2.023 -.8<546f2065>5.423 H .423
-<6e666f72636520696e697469616c20736f7274696e67>.8 F .337
-<6261736564206f6e204d58207265636f72647320736574>174 561.6 R F0 -.25
-<4661>2.838 G<737453706c6974>.25 E F1 .338<746f207a65726f2e>2.838 F .338
-<496620746865206d61696c206973207375626d6974746564206469726563746c792066
-726f6d>5.338 F 1.079
-<74686520636f6d6d616e64206c696e652c207468656e207468652076>174 573.6 R
-1.078<616c756520616c736f206c696d69747320746865206e756d626572206f66207072
-6f63657373657320746f2064656c69>-.25 F -.15<7665>-.25 G<72>.15 E .293
-<74686520656e>174 585.6 R -.15<7665>-.4 G .293
-<6c6f7065733b206966206d6f726520656e>.15 F -.15<7665>-.4 G .293
-<6c6f70657320617265206372656174656420746865>.15 F 2.794<7961>-.15 G .294
-<7265206f6e6c792071756575656420757020616e64206d757374206265>-2.794 F
-<74616b>174 597.6 Q .692
-<656e2063617265206f6620627920612071756575652072756e2e>-.1 F .691
-<53696e63652074686520646566>5.691 F .691
-<61756c74207375626d697373696f6e206d6574686f642069732076696120534d5450>
--.1 F 1.284<286569746865722066726f6d2061204d55>174 609.6 R 3.784<416f>
--.4 G 3.784<7276>-3.784 G 1.284<696120746865204d5350292c207468652076>
--3.784 F 1.284<616c7565206f66>-.25 F F0 -.25<4661>3.784 G
-<737453706c6974>.25 E F1 1.284<69732073656c646f6d207573656420746f>3.784
-F<6c696d697420746865206e756d626572206f662070726f63657373657320746f206465
-6c69>174 621.6 Q -.15<7665>-.25 G 2.5<7274>.15 G<686520656e>-2.5 E -.15
-<7665>-.4 G<6c6f7065732e>.15 E -.15<466f>102 637.8 S 16.88
-<726b456163684a6f62205b595d>.15 F<4966207365742c2064656c69>2.5 E -.15
-<7665>-.25 G 2.5<7265>.15 G<616368206a6f6220746861742069732072756e206672
-6f6d2074686520717565756520696e20612073657061726174652070726f636573732e>
--2.5 E -.15<466f>102 654 S<7277>.15 E<61726450>-.1 E<6174683d>-.15 E F2
-<70617468>A F1 1.512<5b4a5d2053657420746865207061746820666f722073656172
-6368696e6720666f7220757365727327202e666f7277>174 666 R 1.511
-<617264208c6c65732e>-.1 F 1.511<54686520646566>6.511 F 1.511
-<61756c742069732099247a2f2e666f72>-.1 F<2d>-.2 E -.1<7761>174 678 S
-5.799<72649a2e20536f6d65>.1 F 3.299<736974657320746861742075736520746865
-206175746f6d6f756e746572206d61792070726566657220746f206368616e6765207468
-697320746f>5.799 F<992f76>174 690 Q<61722f666f7277>-.25 E 1.696<6172642f
-24759a20746f207365617263682061208c6c652077697468207468652073616d65206e61
-6d6520617320746865207573657220696e20612073797374656d>-.1 F
-<6469726563746f7279>174 702 Q 5.487<2e49>-.65 G 2.987<7463>-5.487 G .488
-<616e20616c736f2062652073657420746f20612073657175656e6365206f6620706174
-68732073657061726174656420627920636f6c6f6e733b>-2.987 F F2
-<73656e646d61696c>2.988 E F1 4.218<73746f707320617420746865208c72737420
-8c6c652069742063616e207375636365737366756c6c7920616e6420736166656c79206f
-70656e2e>174 714 R -.15<466f>9.217 G 6.717<7265>.15 G<78616d706c652c>
--6.867 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-69)195.86 E/F1 10/Times-Roman@0 SF(ar)174 96 Q 1.395(guments ha)
+-.18 F 1.695 -.15(ve b)-.2 H 1.395(een described earlier).15 F 6.395(.T)
+-.55 G 1.394(he details of these \215ags are described)-6.395 F(abo)174
+108 Q -.15(ve)-.15 G(.).15 E F0(Use of this option is not r)5 E
+(ecommended.)-.18 E F1(DontExpandCnames)102 124.2 Q .559([no short name\
+] The standards say that all host addresses used in a mail message)174
+136.2 R 1.408(must be fully canonical.)174 148.2 R -.15(Fo)6.407 G 3.907
+(re).15 G 1.407(xample, if your host is named \231Cruft.F)-4.057 F
+(oo.ORG\232)-.15 E 1.462(and also has an alias of \231FTP)174 160.2 R
+(.F)-1.11 E 1.462(oo.ORG\232, the former name must be used at all)-.15 F
+2.631(times. This)174 172.2 R .131
+(is enforced during host name canoni\214cation \($[ ... $] lookups\).)
+2.631 F .13(If this)5.13 F .661(option is set, the protocols are ignore\
+d and the \231wrong\232 thing is done.)174 184.2 R(Ho)5.662 E(we)-.25 E
+-.15(ve)-.25 G -.4(r,).15 G .872(the IETF is mo)174 196.2 R .872
+(ving to)-.15 F -.1(wa)-.25 G .872
+(rd changing this standard, so the beha).1 F .871(vior may become)-.2 F
+3.009(acceptable. Please)174 208.2 R .509(note that hosts do)3.009 F
+.509(wnstream may still re)-.25 F .509(write the address to be)-.25 F
+(the true canonical name ho)174 220.2 Q(we)-.25 E -.15(ve)-.25 G -.55
+(r.).15 G 6.17(DontInitGroups [no)102 236.4 R .25(short name] If set,)
+2.75 F/F2 10/Times-Italic@0 SF(sendmail)2.75 E F1 .25(will a)2.75 F -.2
+(vo)-.2 G .25(id using the initgroups\(3\) call.).2 F .25(If you are)
+5.25 F .583(running NIS, this causes a sequential scan of the groups.by\
+name map, which can)174 248.4 R .436(cause your NIS serv)174 260.4 R
+.436(er to be badly o)-.15 F -.15(ve)-.15 G .435(rloaded in a lar).15 F
+.435(ge domain.)-.18 F .435(The cost of this)5.435 F .697(is that the o\
+nly group found for users will be their primary group \(the one in the)
+174 272.4 R(passw)174 284.4 Q 1.189(ord \214le\), which will mak)-.1 F
+3.689<658c>-.1 G 1.189(le access permissions some)-3.689 F 1.189
+(what more restric-)-.25 F(ti)174 296.4 Q -.15(ve)-.25 G 5(.H).15 G
+(as no ef)-5 E(fect on systems that don')-.25 E 2.5(th)-.18 G -2.25 -.2
+(av e)-2.5 H(group lists.)2.7 E(DontProbeInterf)102 312.6 Q(aces)-.1 E
+1.712([no short name])174 324.6 R F2(Sendmail)4.212 E F1 1.713
+(normally \214nds the names of all interf)4.212 F 1.713(aces acti)-.1 F
+2.013 -.15(ve o)-.25 H(n).15 E 1.103
+(your machine when it starts up and adds their name to the)174 336.6 R
+F0($=w)3.602 E F1 1.102(class of kno)3.602 F(wn)-.25 E 1.835
+(host aliases.)174 348.6 R 1.835(If you ha)6.835 F 2.136 -.15(ve a l)-.2
+H(ar).15 E 1.836(ge number of virtual interf)-.18 F 1.836
+(aces or if your DNS)-.1 F(in)174 360.6 Q -.15(ve)-.4 G .959
+(rse lookups are slo).15 F 3.459(wt)-.25 G .959
+(his can be time consuming.)-3.459 F .958(This option turns of)5.958 F
+3.458(ft)-.25 G(hat)-3.458 E 2.973(probing. Ho)174 372.6 R(we)-.25 E
+-.15(ve)-.25 G 1.273 -.4(r, y).15 H .474
+(ou will need to be certain to include all v).4 F .474
+(ariant names in the)-.25 F F0($=w)174 384.6 Q F1 1.868
+(class by some other mechanism.)4.369 F 1.868(If set to)6.868 F F0
+(loopback)4.368 E F1 4.368(,l)C 1.868(oopback interf)-4.368 F(aces)-.1 E
+(\(e.g., lo0\) will not be probed.)174 396.6 Q -1.61
+(DontPruneRoutes [R])102 412.8 R(Normally)3.905 E(,)-.65 E F2(sendmail)
+3.905 E F1 1.405(tries to eliminate an)3.905 F 3.905(yu)-.15 G 1.405
+(nnecessary e)-3.905 F 1.405(xplicit routes when)-.15 F .155
+(sending an error message \(as discussed in RFC 1123 \247 5.2.6\).)174
+424.8 R -.15(Fo)5.154 G 2.654(re).15 G .154(xample, when)-2.804 F
+(sending an error message to)174 436.8 Q(<@kno)214 453 Q(wn1,@kno)-.25 E
+(wn2,@kno)-.25 E(wn3:user@unkno)-.25 E(wn>)-.25 E F2(sendmail)174 469.2
+Q F1 1.155(will strip of)3.655 F 3.655(ft)-.25 G 1.155(he \231@kno)
+-3.655 F(wn1,@kno)-.25 E 1.155(wn2\232 in order to mak)-.25 F 3.655(et)
+-.1 G 1.155(he route as)-3.655 F .813(direct as possible.)174 481.2 R
+(Ho)5.813 E(we)-.25 E -.15(ve)-.25 G 1.613 -.4(r, i).15 H 3.313(ft).4 G
+(he)-3.313 E F0(R)3.313 E F1 .812
+(option is set, this will be disabled, and the)3.313 F .009
+(mail will be sent to the \214rst address in the route, e)174 493.2 R
+-.15(ve)-.25 G 2.51(ni).15 G 2.51(fl)-2.51 G .01(ater addresses are kno)
+-2.51 F(wn.)-.25 E(This may be useful if you are caught behind a \214re)
+174 505.2 Q -.1(wa)-.25 G(ll.).1 E(DoubleBounceAddress=)102 521.4 Q F2
+(err)A(or)-.45 E(-addr)-.2 E(ess)-.37 E F1 .504([no short name] If an e\
+rror occurs when sending an error message, send the error)174 533.4 R
+1.999(report \(termed a \231double bounce\232 because it is an error \
+\231bounce\232 that occurs)174 545.4 R .053(when trying to send another\
+ error \231bounce\232\) to the indicated address.)174 557.4 R .053
+(The address)5.053 F .474(is macro e)174 569.4 R .474
+(xpanded at the time of deli)-.15 F -.15(ve)-.25 G(ry).15 E 5.474(.I)
+-.65 G 2.974(fn)-5.474 G .474(ot set, def)-2.974 F .475
+(aults to \231postmaster\232.)-.1 F(If)5.475 E
+(set to an empty string, double bounces are dropped.)174 581.4 Q
+(EightBitMode=)102 597.6 Q F2(action)A F1 1.956
+([8] Set handling of eight-bit data.)174 609.6 R 1.955(There are tw)
+6.955 F 4.455(ok)-.1 G 1.955(inds of eight-bit data: that)-4.455 F 3.334
+(declared as such using the)174 621.6 R F0(BOD)5.834 E(Y=8BITMIME)-.4 E
+F1 3.335(ESMTP declaration or the)5.835 F F0(\255B8BITMIME)174 633.6 Q
+F1 .948
+(command line \215ag, and undeclared 8-bit data, that is, input that)
+3.449 F 1.18(just happens to be eight bits.)174 645.6 R 1.18
+(There are three basic operations that can happen:)6.18 F .996
+(undeclared 8-bit data can be automatically con)174 657.6 R -.15(ve)-.4
+G .995(rted to 8BITMIME, undeclared).15 F .887
+(8-bit data can be passed as-is without con)174 669.6 R -.15(ve)-.4 G
+.887(rsion to MIME \(`).15 F .887(`just send 8')-.74 F .887('\), and)
+-.74 F 1.794(declared 8-bit data can be con)174 681.6 R -.15(ve)-.4 G
+1.794(rted to 7-bits for transmission to a non-8BIT).15 F(-)-.92 E
+(MIME mailer)174 693.6 Q 5(.T)-.55 G(he possible)-5 E F2(action)2.5 E F1
+2.5(sa)C(re:)-2.5 E 0 Cg EP
%%Page: 70 66
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d37302053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<992f76>174 96 Q<61722f666f7277>-.25 E
-<6172642f24753a247a2f2e666f7277>-.1 E .681
-<6172649a2077696c6c20736561726368208c72737420696e202f76>-.1 F
-<61722f666f7277>-.25 E<6172642f>-.1 E/F2 10/Times-Italic@0 SF
-<757365726e616d65>A F1 .682<616e64207468656e>3.182 F<696e>174 108 Q F2
-<7e757365726e616d65>2.5 E F1<2f2e666f7277>A<617264202862>-.1 E
-<7574206f6e6c7920696620746865208c727374208c6c6520646f6573206e6f742065>
--.2 E<78697374292e>-.15 E<48656c6f4e616d653d>102 124.2 Q F2<6e616d65>A
-F1<5b6e6f2073686f7274206e616d655d2053657420746865206e616d6520746f206265
-207573656420666f722048454c4f2f45484c4f2028696e7374656164206f6620246a292e>
-1.38 E<486f6c64457870656e7369>102 140.4 Q 8.54 -.15<7665205b>-.25 H
-1.394<635d20496620616e206f7574676f696e67206d61696c6572206973206d61726b>
-.15 F 1.393<6564206173206265696e672065>-.1 F<7870656e7369>-.15 E -.15
-<7665>-.25 G 3.893<2c64>.15 G<6f6e27>-3.893 E 3.893<7463>-.18 G 1.393
-<6f6e6e65637420696d6d6564692d>-3.893 F<6174656c79>174 152.4 Q<2e>-.65 E
-<486f73747346696c653d>102 168.6 Q F2<70617468>A F1 .026<5b6e6f2073686f72
-74206e616d655d20546865207061746820746f2074686520686f73747320646174616261
-73652c206e6f726d616c6c7920992f6574632f686f7374739a2e>10.24 F .026
-<54686973206f7074696f6e>5.026 F 1.417<6973206f6e6c7920636f6e73756c746564
-207768656e2073656e646d61696c2069732063616e6f6e696679696e6720616464726573
-7365732c20616e64207468656e206f6e6c79207768656e>174 180.6 R .783<998c6c65
-739a20697320696e207468652099686f7374739a20736572766963652073776974636820
-656e747279>174 192.6 R 5.784<2e49>-.65 G 3.284<6e70>-5.784 G
-<6172746963756c6172>-3.284 E 3.284<2c74>-.4 G .784<686973208c6c65206973>
--3.284 F F2<6e65>3.284 E<766572>-.15 E F1<75736564>3.284 E .202<7768656e
-206c6f6f6b696e6720757020686f7374206164647265737365733b207468617420697320
-756e6465722074686520636f6e74726f6c206f66207468652073797374656d>174 204.6
-R F2 -.1<6765>2.702 G<74686f737462792d>.1 E<6e616d65>174 216.6 Q F1
-<28332920726f7574696e652e>A<486f73745374617475734469726563746f72793d>102
-232.8 Q F2<70617468>A F1 .43<5b6e6f2073686f7274206e616d655d20546865206c
-6f636174696f6e206f6620746865206c6f6e67207465726d20686f737420737461747573
-20696e666f726d6174696f6e2e>174 244.8 R .43<5768656e207365742c>5.43 F
-1.39<696e666f726d6174696f6e2061626f75742074686520737461747573206f662068
-6f7374732028652e672e2c20686f737420646f>174 256.8 R 1.39
-<776e206f72206e6f7420616363657074696e6720636f6e6e65632d>-.25 F .162
-<74696f6e73292077696c6c20626520736861726564206265747765656e20616c6c>174
-268.8 R F2<73656e646d61696c>2.663 E F1 .163
-<70726f6365737365733b206e6f726d616c6c79>2.663 F 2.663<2c74>-.65 G .163
-<68697320696e666f726d6174696f6e206973>-2.663 F .123<6f6e6c792068656c6420
-77697468696e20612073696e676c652071756575652072756e2e>174 280.8 R .123<54
-686973206f7074696f6e207265717569726573206120636f6e6e656374696f6e20636163
-6865206f66206174>5.123 F .688<6c65617374203120746f2066756e6374696f6e2e>
-174 292.8 R .688<496620746865206f7074696f6e206265>5.688 F .688<67696e73
-20776974682061206c656164696e6720602f272c20697420697320616e206162736f6c75
-746520706174682d>-.15 F .617
-<6e616d653b206f74686572776973652c2069742069732072656c617469>174 304.8 R
-.917 -.15<76652074>-.25 H 3.117<6f74>.15 G .617
-<6865206d61696c207175657565206469726563746f7279>-3.117 F 5.617<2e41>-.65
-G .617<7375676765737465642076>-2.5 F .616<616c756520666f72>-.25 F .558<
-7369746573206465736972696e672070657273697374656e7420686f7374207374617475
-7320697320992e686f7374737461749a2028692e652e2c2061207375626469726563746f
-7279206f6620746865207175657565>174 316.8 R<6469726563746f7279292e>174
-328.8 Q 24.51<49676e6f7265446f7473205b695d>102 345 R 1.172
-<49676e6f726520646f747320696e20696e636f6d696e67206d657373616765732e>
-3.672 F 1.172<5468697320697320616c>6.172 F -.1<7761>-.1 G 1.171
-<79732064697361626c65642028746861742069732c20646f747320617265>.1 F<616c>
-174 357 Q -.1<7761>-.1 G<797320616363657074656429207768656e207265616469
-6e6720534d5450206d61696c2e>.1 E<496e7075744d61696c46696c746572733d>102
-373.2 Q F2<6e616d65>A<2c6e616d65>-.1 E<2c2e2e2e>-.1 E F1 3.621<4163>174
-385.2 S 1.122<6f6d6d6120736570617261746564206c697374206f66208c6c74657273
-2077686963682064657465726d696e6573207768696368208c6c74657273202873656520
-746865202258208a>-3.621 F 1.768<4d61696c2046696c74657220284d696c74657229
-2044658c6e6974696f6e73222073656374696f6e2920616e642074686520696e>174
-397.2 R -.2<766f>-.4 G 1.768
-<636174696f6e2073657175656e63652061726520636f6e2d>.2 F .367
-<74616374656420666f7220696e636f6d696e6720534d5450206d657373616765732e>
-174 409.2 R .367<4966206e6f6e6520617265207365742c206e6f208c6c7465727320
-77696c6c20626520636f6e7461637465642e>5.367 F<4c44>102 425.4 Q
-<4150446566>-.4 E<61756c74537065633d>-.1 E F2<73706563>A F1 2.058
-<5b6e6f2073686f7274206e616d655d2053657473206120646566>174 437.4 R 2.057
-<61756c74206d61702073706563698c636174696f6e20666f72204c44>-.1 F 2.057
-<4150206d6170732e>-.4 F 2.057<5468652076>7.057 F<616c7565>-.25 E .673
-<73686f756c64206f6e6c7920636f6e7461696e204c44>174 449.4 R .674<41502073
-706563698c632073657474696e6773207375636820617320992d6820686f7374202d7020
-706f7274202d642062696e64444e9a2e>-.4 F .501<5468652073657474696e67732077
-696c6c206265207573656420666f7220616c6c204c44>174 461.4 R .501
-<4150206d61707320756e6c6573732074686520696e6469>-.4 F .5
-<76696475616c206d61702073706563698c63612d>-.25 F 1.5<74696f6e206f>174
-473.4 R -.15<7665>-.15 G 1.5<72726964657320612073657474696e672e>.15 F
-1.5
-<54686973206f7074696f6e2073686f756c6420626520736574206265666f726520616e>
-6.5 F 4<794c>-.15 G -.4<4441>-4 G 4<506d>.4 G 1.5<61707320617265>-4 F
-<64658c6e65642e>174 485.4 Q<4c6f674c65>102 501.6 Q -.15<7665>-.25 G
-<6c3d>.15 E F2<6e>A F1<5b4c5d2053657420746865206c6f67206c65>22.88 E -.15
-<7665>-.25 G 2.5<6c74>.15 G<6f>-2.5 E F2<6e>2.5 E F1 5<2e44>C<6566>-5 E
-<61756c747320746f20392e>-.1 E<4d>102 517.8 Q F2 1.666<7876>C<616c7565>
--1.666 E F1 .255<5b6e6f206c6f6e672076>35.344 F .255
-<657273696f6e5d2053657420746865206d6163726f>-.15 F F2<78>2.755 E F1
-<746f>2.755 E F2<76616c7565>2.755 E F1 5.255<2e54>C .255<68697320697320
-696e74656e646564206f6e6c7920666f72207573652066726f6d20746865>-5.255 F
-<636f6d6d616e64206c696e652e>174 529.8 Q<546865>5 E F0<ad4d>2.5 E F1
-<8d6167206973207072656665727265642e>2.5 E -1.04
-<4d61696c626f784461746162617365205b6e6f>102 546 R 2.967
-<73686f7274206e616d655d2054>5.467 F 2.967<797065206f66206c6f6f6b75702074
-6f208c6e6420696e666f726d6174696f6e2061626f7574206c6f63616c206d61696c626f
-78>-.8 F<65732c>-.15 E<646566>174 558 Q .145<61756c747320746f2060>-.1 F
-<60707727>-.74 E 2.645<2777>-.74 G .145<686963682075736573>-2.645 F F2
--.1<6765>2.645 G<7470776e616d>.1 E F1 5.145<2e4f>C .145<7468657220747970
-65732063616e20626520696e74726f647563656420627920616464696e67>-5.145 F<74
-68656d20746f2074686520736f7572636520636f64652c20736565206c6962736d2f6d62
-6462>174 570 Q<2e6320666f722064657461696c732e>-.4 E 33.94
-<5573654d5350205b6e6f>102 586.2 R .163<73686f7274206e616d655d2055736520
-6173206d61696c207375626d697373696f6e2070726f6772616d2c20692e652e2c20616c
-6c6f>2.663 F 2.664<7767>-.25 G .164
-<726f7570207772697461626c65207175657565>-2.664 F .954<8c6c65732069662074
-68652067726f7570206973207468652073616d652061732074686174206f662061207365
-742d67726f75702d49442073656e646d61696c2062696e617279>174 598.2 R 5.954
-<2e53>-.65 G .954<656520746865>-5.954 F<8c6c65>174 610.2 Q F0
-<73656e646d61696c2f5345435552495459>2.5 E F1
-<696e207468652064697374726962>2.5 E<7574696f6e2074617262616c6c2e>-.2 E
-11.17<4d617463684745434f53205b475d>102 626.4 R<416c6c6f>3.333 E 3.333
-<7766>-.25 G .833
-<757a7a79206d61746368696e67206f6e20746865204745434f53208c656c642e>-3.333
-F .834
-<49662074686973208d6167206973207365742c20616e642074686520757375616c>
-5.833 F .868<75736572206e616d65206c6f6f6b7570732066>174 638.4 R .867<61
-696c2028746861742069732c207468657265206973206e6f20616c696173207769746820
-74686973206e616d6520616e642061>-.1 F F2 -.1<6765>3.367 G<7470776e616d>.1
-E F1 -.1<6661>174 650.4 S 1.155
-<696c73292c2073657175656e7469616c6c792073656172636820746865207061737377>
-.1 F 1.155<6f7264208c6c6520666f722061206d61746368696e6720656e7472792069
-6e20746865204745434f53>-.1 F 3.696<8c656c642e2054686973>174 662.4 R
-1.196<616c736f2072657175697265732074686174204d41>3.696 F 1.196<54434847
-45434f53206265207475726e6564206f6e20647572696e6720636f6d70696c6174696f6e
-2e>-1.11 F
-<54686973206f7074696f6e206973206e6f74207265636f6d6d656e6465642e>174
-674.4 Q<4d6178416c696173526563757273696f6e3d>102 690.6 Q F2<4e>A F1<5b6e
-6f2073686f7274206e616d655d20546865206d6178696d756d206465707468206f662061
-6c69617320726563757273696f6e2028646566>174 702.6 Q<61756c743a203130292e>
--.1 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-70 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 11.11(sR)
+219 96 S(eject undeclared 8-bit data \(`)-11.11 E(`strict')-.74 E('\))
+-.74 E 7.22(mC)219 108 S(on)-7.22 E -.15(ve)-.4 G
+(rt undeclared 8-bit data to MIME \(`).15 E(`mime')-.74 E('\))-.74 E 10
+(pP)219 120 S(ass undeclared 8-bit data \(`)-10.15 E(`pass')-.74 E('\))
+-.74 E 2.227(In all cases properly declared 8BITMIME data will be con)
+174 136.2 R -.15(ve)-.4 G 2.228(rted to 7BIT as).15 F 2.92
+(needed. Note:)174 148.2 R .42(if an automatic con)2.92 F -.15(ve)-.4 G
+.42(rsion is performed, a header with the follo).15 F(w-)-.25 E
+(ing format will be added:)174 160.2 Q(X-MIME-Autocon)214 176.4 Q -.15
+(ve)-.4 G(rted: from OLD to NEW by $j id $i).15 E 2.027
+(where OLD and NEW describe the original format and the con)174 192.6 R
+-.15(ve)-.4 G 2.028(rted format,).15 F(respecti)174 204.6 Q -.15(ve)-.25
+G(ly).15 E(.)-.65 E(ErrorHeader=)102 220.8 Q/F2 10/Times-Italic@0 SF
+(\214le-or)A(-messa)-.2 E -.1(ge)-.1 G F1 .486
+([E] Prepend error messages with the indicated message.)174 232.8 R .486
+(If it be)5.486 F .486(gins with a slash,)-.15 F .246(it is assumed to \
+be the pathname of a \214le containing a message \(this is the recom-)
+174 244.8 R .86(mended setting\).)174 256.8 R .86
+(Otherwise, it is a literal message.)5.86 F .86
+(The error \214le might contain)5.86 F 1.116(the name, email address, a\
+nd/or phone number of a local postmaster who could)174 268.8 R(pro)174
+280.8 Q .827(vide assistance to end users.)-.15 F .827
+(If the option is missing or null, or if it names a)5.827 F
+(\214le which does not e)174 292.8 Q
+(xist or which is not readable, no message is printed.)-.15 E
+(ErrorMode=)102 309 Q F2(x)A F1([e] Dispose of errors using mode)17.49 E
+F2(x)2.5 E F1 5(.T)C(he v)-5 E(alues for)-.25 E F2(x)2.5 E F1(are:)2.5 E
+15(pP)214 325.2 S(rint error messages \(def)-15 E(ault\))-.1 E 15(qN)214
+337.2 S 2.5(om)-15 G(essages, just gi)-2.5 E .3 -.15(ve ex)-.25 H
+(it status).15 E 12.22(mM)214 349.2 S(ail back errors)-12.22 E 12.78(wW)
+214 361.2 S(rite back errors \(mail if user not logged in\))-12.78 E
+15.56(eM)214 373.2 S(ail back errors \(when applicable\) and gi)-15.56 E
+.3 -.15(ve z)-.25 H(ero e).15 E(xit stat al)-.15 E -.1(wa)-.1 G(ys).1 E
+1.314(Note that the last mode, \231e\232, is for Berknet error processi\
+ng and should not be)174 389.4 R 1.324(used in normal circumstances.)174
+401.4 R 1.323(Note, too, that mode \231q\232, only applies to errors)
+6.324 F(recognized before sendmail forks for background deli)174 413.4 Q
+-.15(ve)-.25 G(ry).15 E(.)-.65 E -.15(Fa)102 429.6 S(llbackMXhost=).15 E
+F2(fallbac)A(khost)-.2 E F1 .796([V] If speci\214ed, the)174 441.6 R F2
+(fallbac)3.296 E(khost)-.2 E F1 .796(acts lik)3.296 F 3.296(eav)-.1 G
+.797(ery lo)-3.446 F 3.297(wp)-.25 G .797(riority MX on e)-3.297 F -.15
+(ve)-.25 G .797(ry host.).15 F 1.538(MX records will be look)174 453.6 R
+1.537(ed up for this host, unless the name is surrounded by)-.1 F .016
+(square brack)174 465.6 R 2.517(ets. This)-.1 F .017
+(is intended to be used by sites with poor netw)2.517 F .017
+(ork connecti)-.1 F(v-)-.25 E(ity)174 477.6 Q 6.706(.M)-.65 G 1.706
+(essages which are undeli)-6.706 F -.15(ve)-.25 G 1.706
+(rable due to temporary address f).15 F 1.706(ailures \(e.g.,)-.1 F
+(DNS f)174 489.6 Q(ailure\) also go to the F)-.1 E(allbackMXhost.)-.15 E
+-.15(Fa)102 505.8 S(llBackSmartHost=).15 E F2(hostname)A F1 1.655
+(If speci\214ed, the)174 517.8 R F2 -.75(Fa)4.156 G(llBac).75 E
+(kSmartHost)-.2 E F1 1.656(will be used in a last-ditch ef)4.156 F 1.656
+(fort for each)-.25 F 3.212(host. This)174 529.8 R .712
+(is intended to be used by sites with "f)3.212 F(ak)-.1 E 3.212(ei)-.1 G
+.712(nternal DNS", e.g., a com-)-3.212 F(pan)174 541.8 Q 3.19(yw)-.15 G
+.69(hose DNS accurately re\215ects the w)-3.19 F .69
+(orld inside that compan)-.1 F(y')-.15 E 3.19(sd)-.55 G .69(omain b)
+-3.19 F(ut)-.2 E(not outside.)174 553.8 Q -.15(Fa)102 570 S 34.08
+(stSplit [no).15 F 1.572(short name] If set to a v)4.072 F 1.572
+(alue greater than zero \(the def)-.25 F 1.572(ault is one\), it sup-)
+-.1 F .977(presses the MX lookups on addresses when the)174 582 R 3.477
+(ya)-.15 G .977(re initially sorted, i.e., for the)-3.477 F 1.031
+(\214rst deli)174 594 R -.15(ve)-.25 G 1.031(ry attempt.).15 F 1.031
+(This usually results in f)6.031 F 1.031(aster en)-.1 F -.15(ve)-.4 G
+1.031(lope splitting unless the).15 F .423(MX records are readily a)174
+606 R -.25(va)-.2 G .423(ilable in a local DNS cache.).25 F 2.023 -.8
+(To e)5.423 H .423(nforce initial sorting).8 F .338
+(based on MX records set)174 618 R F0 -.25(Fa)2.838 G(stSplit).25 E F1
+.338(to zero.)2.838 F .338(If the mail is submitted directly from)5.338
+F 1.078(the command line, then the v)174 630 R 1.079
+(alue also limits the number of processes to deli)-.25 F -.15(ve)-.25 G
+(r).15 E .294(the en)174 642 R -.15(ve)-.4 G .294(lopes; if more en).15
+F -.15(ve)-.4 G .294(lopes are created the).15 F 2.794(ya)-.15 G .293
+(re only queued up and must be)-2.794 F(tak)174 654 Q .691
+(en care of by a queue run.)-.1 F .691(Since the def)5.691 F .692
+(ault submission method is via SMTP)-.1 F 1.284(\(either from a MU)174
+666 R 3.784(Ao)-.4 G 3.784(rv)-3.784 G 1.284(ia the MSP\), the v)-3.784
+F 1.284(alue of)-.25 F F0 -.25(Fa)3.784 G(stSplit).25 E F1 1.284
+(is seldom used to)3.784 F(limit the number of processes to deli)174 678
+Q -.15(ve)-.25 G 2.5(rt).15 G(he en)-2.5 E -.15(ve)-.4 G(lopes.).15 E
+-.15(Fo)102 694.2 S 16.88(rkEachJob [Y]).15 F(If set, deli)2.5 E -.15
+(ve)-.25 G 2.5(re).15 G
+(ach job that is run from the queue in a separate process.)-2.5 E -.15
+(Fo)102 710.4 S(rw).15 E(ardP)-.1 E(ath=)-.15 E F2(path)A F1 4.675
+([J] Set the path for searching for users' .forw)174 722.4 R 4.675
+(ard \214les.)-.1 F 4.675(The def)9.675 F 4.675(ault is)-.1 F 0 Cg EP
%%Page: 71 67
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3731>195.86 E
-/F1 10/Times-Roman@0 SF<4d61784461656d6f6e4368696c6472656e3d>102 96 Q/F2
-10/Times-Italic@0 SF<4e>A F1 .539
-<5b6e6f2073686f7274206e616d655d204966207365742c>174 108 R F2
-<73656e646d61696c>3.039 E F1 .539<77696c6c2072656675736520636f6e6e656374
-696f6e73207768656e20697420686173206d6f7265207468616e>3.039 F F2<4e>3.04
-E F1 .886<6368696c6472656e2070726f63657373696e6720696e636f6d696e67206d61
-696c206f72206175746f6d617469632071756575652072756e732e>174 120 R .885
-<5468697320646f6573206e6f74206c696d6974>5.885 F .812
-<746865206e756d626572206f66206f7574676f696e6720636f6e6e656374696f6e732e>
-174 132 R .812<49662074686520646566>5.812 F<61756c74>-.1 E F0<44656c69>
-3.313 E -.1<7665>-.1 G<72794d6f6465>.1 E F1<286261636b67726f756e6429>
-3.313 E 3.135<697320757365642c207468656e>174 144 R F2<73656e646d61696c>
-5.635 E F1 3.134<6d61792063726561746520616e20616c6d6f737420756e6c696d69
-746564206e756d626572206f66206368696c6472656e>5.635 F .294<28646570656e64
-696e67206f6e20746865206e756d626572206f66207472616e73616374696f6e7320616e
-64207468652072656c617469>174 156 R .594 -.15<766520657865>-.25 H .295
-<637574696f6e2074696d6573206f66206d61696c>.15 F 1.236
-<72656365697074696f6e20616e64206d61696c2064656c69>174 168 R -.15<7665>
--.25 G 3.736<7279292e204966>.15 F 1.236<746865206c696d69742073686f756c64
-20626520656e666f726365642c207468656e2061>3.736 F F0<44656c69>3.735 E -.1
-<7665>-.1 G<72792d>.1 E<4d6f6465>174 180 Q F1 1.483
-<6f74686572207468616e206261636b67726f756e64206d75737420626520757365642e>
-3.983 F 1.484<4966206e6f74207365742c207468657265206973206e6f206c696d6974
-20746f20746865>6.483 F<6e756d626572206f66206368696c6472656e202d2d207468
-61742069732c207468652073797374656d206c6f61642061>174 192 Q -.15<7665>-.2
-G<7261676520636f6e74726f6c7320746869732e>.15 E
-<4d6178486561646572734c656e6774683d>102 208.2 Q F2<4e>A F1 .17<5b6e6f20
-73686f7274206e616d655d20546865206d6178696d756d206c656e677468206f66207468
-652073756d206f6620616c6c20686561646572732e>174 220.2 R .17
-<546869732063616e2062652075736564>5.17 F<746f20707265>174 232.2 Q -.15
-<7665>-.25 G
-<6e7420612064656e69616c206f6620736572766963652061747461636b2e>.15 E
-<54686520646566>5 E<61756c74206973206e6f206c696d69742e>-.1 E
-<4d6178486f70436f756e743d>102 248.4 Q F2<4e>A F1 1.237
-<5b685d20546865206d6178696d756d20686f7020636f756e742e>174 260.4 R 1.237
-<4d657373616765732074686174206861>6.237 F 1.538 -.15<76652062>-.2 H
-1.238<65656e2070726f636573736564206d6f7265207468616e>.15 F F2<4e>3.738 E
-F1<74696d65732061726520617373756d656420746f20626520696e2061206c6f6f7020
-616e64206172652072656a65637465642e>174 272.4 Q<446566>5 E
-<61756c747320746f2032352e>-.1 E<4d61784d65737361676553697a653d>102 288.6
-Q F2<4e>A F1 2.563<5b6e6f2073686f7274206e616d655d2053706563696679207468
-65206d6178696d756d206d6573736167652073697a6520746f20626520616476>174
-300.6 R 2.562<6572746973656420696e20746865>-.15 F 1.022
-<45534d54502045484c4f20726573706f6e73652e>174 312.6 R 1.022
-<4d65737361676573206c6172>6.022 F 1.022
-<676572207468616e20746869732077696c6c2062652072656a65637465642e>-.18 F
-1.023<49662073657420746f2061>6.023 F -.25<7661>174 324.6 S .834
-<6c75652067726561746572207468616e207a65726f2c20746861742076>.25 F .834<
-616c75652077696c6c206265206c697374656420696e207468652053495a452072657370
-6f6e73652c206f7468657277697365>-.25 F<53495a4520697320616476>174 336.6 Q
-<6572746973656420696e207468652045534d54502045484c4f20726573706f6e736520
-776974686f7574206120706172616d65746572>-.15 E<2e>-.55 E
-<4d61784d696d654865616465724c656e6774683d>102 352.8 Q F2<4e5b2f4d5d>A F1
-.343<5b6e6f2073686f7274206e616d655d205365747320746865206d6178696d756d20
-6c656e677468206f66206365727461696e204d494d4520686561646572208c656c642076>
-174 364.8 R .344<616c75657320746f>-.25 F F2<4e>174 376.8 Q F1 3.619
-<636861726163746572732e205468657365>3.619 F 1.118<4d494d4520686561646572
-208c656c6473206172652064657465726d696e6564206279206265696e672061206d656d
-626572206f66>3.619 F .895<636c617373207b636865636b4d494d4554>174 388.8 R
--.15<6578>-.7 G .895<74486561646572737d2c2077686963682063757272656e746c
-7920636f6e7461696e73206f6e6c79207468652068656164657220436f6e2d>.15 F
-2.559<74656e742d4465736372697074696f6e2e2046>174 400.8 R .059
-<6f7220736f6d65206f6620746865736520686561646572732077686963682074616b>
--.15 F 2.559<6570>-.1 G .059
-<6172616d65746572732c20746865206d6178696d756d>-2.559 F .101
-<6c656e677468206f66206561636820706172616d657465722069732073657420746f>
-174 412.8 R F2<4d>2.602 E F1 .102<69662073706563698c65642e>2.602 F<4966>
-5.102 E F2<2f4d>2.602 E F1 .102
-<6973206e6f742073706563698c65642c206f6e652068616c66206f66>2.602 F F2<4e>
-174 424.8 Q F1 1.776<77696c6c20626520757365642e>4.276 F 1.776
-<427920646566>6.776 F 1.775<61756c742c2074686573652076>-.1 F 1.775
-<616c75657320617265203230343820616e6420313032342c207265737065637469>-.25
-F -.15<7665>-.25 G<6c79>.15 E 6.775<2e54>-.65 G<6f>-7.575 E<616c6c6f>174
-436.8 Q 2.5<7761>-.25 G .3 -.15<6e79206c>-2.5 H<656e6774682c20612076>.15
-E<616c7565206f6620302063616e2062652073706563698c65642e>-.25 E
-<4d61784e4f4f50436f6d6d616e64733d>102 453 Q F2<4e>A F1<4f76>174 465 Q
-2.103<6572726964652074686520646566>-.15 F 2.103<61756c74206f66>-.1 F F0
-<4d41584e4f4f50434f4d4d414e4453>4.603 E F1 2.104
-<666f7220746865206e756d626572206f66>4.603 F F2<7573656c657373>4.604 E F1
-<636f6d6d616e64732c207365652053656374696f6e20224d65617375726573206167>
-174 477 Q
-<61696e73742044656e69616c206f6620536572766963652041747461636b73222e>-.05
-E<4d617851756575654368696c6472656e3d>102 493.2 Q F2<4e>A F1 .304<5b6e6f
-2073686f7274206e616d655d205768656e207365742c2074686973206c696d6974732074
-6865206e756d626572206f6620636f6e63757272656e742071756575652072756e6e6572
-2070726f2d>174 505.2 R .201<63657373657320746f>174 517.2 R F2<4e2e>2.701
-E F1 .202<546869732068656c707320746f20636f6e74726f6c2074686520616d6f756e
-74206f662073797374656d207265736f75726365732075736564207768656e2070726f2d>
-5.201 F 1.255<63657373696e67207468652071756575652e>174 529.2 R 1.255<57
-68656e20746865726520617265206d756c7469706c652071756575652067726f75707320
-64658c6e656420616e642074686520746f74616c>6.255 F 1.2<6e756d626572206f66
-2071756575652072756e6e65727320666f722074686573652071756575652067726f7570
-732077>174 541.2 R 1.2<6f756c642065>-.1 F<7863656564>-.15 E F2
-<4d617851756575654368696c2d>3.7 E<6472>174 553.2 Q<656e>-.37 E F1 .472<
-7468656e207468652071756575652067726f7570732077696c6c206e6f7420616c6c2072
-756e20636f6e63757272656e746c79>2.973 F 2.972<2e54>-.65 G .472
-<6861742069732c20736f6d6520706f7274696f6e206f66>-2.972 F .871<7468652071
-756575652067726f7570732077696c6c2072756e20636f6e63757272656e746c79207375
-63682074686174>174 565.2 R F2<4d617851756575654368696c6472>3.371 E<656e>
--.37 E F1 .871<77696c6c206e6f74206265>3.371 F -.15<6578>174 577.2 S
-1.893<6365656465642c207768696c65207468652072656d61696e696e67207175657565
-2067726f7570732077696c6c2062652072756e206c617465722028696e20726f756e6420
-726f62696e>.15 F 1.3<6f72646572292e2053656520616c736f>174 589.2 R F2
-<4d617852756e6e6572>3.8 E<7350>-.1 E<65725175657565>-.8 E F1 1.3
-<616e64207468652073656374696f6e>3.8 F F0 1.3<5175657565204772>3.8 F 1.3
-<6f7570204465636c6172612d>-.18 F<74696f6e>174 601.2 Q F1 5.757<2e4e>C
-<6f746963653a>-5.757 E F2<73656e646d61696c>3.257 E F1 .757
-<646f6573206e6f7420636f756e7420696e6469>3.257 F .757
-<76696475616c2071756575652072756e6e6572732c2062>-.25 F .756
-<7574206f6e6c792073657473206f66>-.2 F 1.451
-<70726f636573736573207468617420616374206f6e20612077>174 613.2 R 3.951
-<6f726b67726f75702e2048656e6365>-.1 F 1.451
-<7468652061637475616c206e756d626572206f662071756575652072756e6e657273>
-3.951 F 1.414<6d6179206265206c6f>174 625.2 R 1.414
-<776572207468616e20746865206c696d697420696d706f736564206279>-.25 F F2
-<4d617851756575654368696c6472>3.914 E<656e>-.37 E F1 6.414<2e54>C 1.414
-<6869732064697363726570616e63>-6.414 F<79>-.15 E 1.423
-<63616e206265206c6172>174 637.2 R 1.424
-<676520696620736f6d652071756575652072756e6e657273206861>-.18 F 1.724
--.15<76652074>-.2 H 3.924<6f77>.15 G 1.424<61697420666f72206120736c6f>
--4.024 F 3.924<7773>-.25 G<657276>-3.924 E 1.424
-<657220616e642069662073686f7274>-.15 F<696e74657276>174 649.2 Q
-<616c732061726520757365642e>-.25 E<4d6178517565756552756e53697a653d>102
-665.4 Q F2<4e>A F1 .677<5b6e6f2073686f7274206e616d655d20546865206d617869
-6d756d206e756d626572206f66206a6f627320746861742077696c6c2062652070726f63
-657373656420696e20612073696e676c65>174 677.4 R .501
-<71756575652072756e2e>174 689.4 R .501<4966206e6f74207365742c2074686572
-65206973206e6f206c696d6974206f6e207468652073697a652e>5.501 F .501
-<496620796f75206861>5.501 F .802 -.15<7665207665>-.2 H .502
-<7279206c6172>.15 F .502<676520717565756573>-.18 F .445<6f7220612076>174
-701.4 R .445<6572792073686f72742071756575652072756e20696e74657276>-.15 F
-.445<616c207468697320636f756c6420626520756e737461626c652e>-.25 F<486f>
-5.445 E<7765>-.25 E -.15<7665>-.25 G 1.245 -.4<722c2073>.15 H .445
-<696e636520746865208c727374>.4 F F2<4e>174 713.4 Q F1 1.115<6a6f62732069
-6e207175657565206469726563746f7279206f72646572206172652072756e2028726174
-686572207468616e20746865>3.615 F F2<4e>3.615 E F1 1.115
-<68696768657374207072696f72697479206a6f627329>3.615 F .136<746869732073
-686f756c6420626520736574206173206869676820617320706f737369626c6520746f20
-61>174 725.4 R -.2<766f>-.2 G .136
-<696420996c6f73696e679a206a6f627320746861742068617070656e20746f2066>.2 F
-.136<616c6c206c617465>-.1 F 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-71)195.86 E/F1 10/Times-Roman@0 SF(\231$z/.forw)174 96 Q 3.231
+(ard\232. Some)-.1 F .731
+(sites that use the automounter may prefer to change this to)3.231 F
+(\231/v)174 108 Q(ar/forw)-.25 E 1.696(ard/$u\232 to search a \214le wi\
+th the same name as the user in a system)-.1 F(directory)174 120 Q 5.488
+(.I)-.65 G 2.988(tc)-5.488 G .488
+(an also be set to a sequence of paths separated by colons;)-2.988 F/F2
+10/Times-Italic@0 SF(sendmail)2.987 E F1 .831
+(stops at the \214rst \214le it can successfully and safely open.)174
+132 R -.15(Fo)5.831 G 3.331(re).15 G .831(xample, \231/v)-3.481 F
+(ar/for)-.25 E(-)-.2 E -.1(wa)174 144 S(rd/$u:$z/.forw).1 E .277
+(ard\232 will search \214rst in /v)-.1 F(ar/forw)-.25 E(ard/)-.1 E F2
+(username)A F1 .276(and then in)2.777 F F2(~user)2.776 E(-)-.2 E(name)
+174 156 Q F1(/.forw)A(ard \(b)-.1 E
+(ut only if the \214rst \214le does not e)-.2 E(xist\).)-.15 E
+(HeloName=)102 172.2 Q F2(name)A F1([no short name] Set the name to be \
+used for HELO/EHLO \(instead of $j\).)1.38 E(HelpFile=)102 188.4 Q F2
+(\214le)A F1 .18([H] Specify the help \214le for SMTP)19.14 F 5.18(.I)
+-1.11 G 2.68(fn)-5.18 G 2.68<6f8c>-2.68 G .18
+(le name is speci\214ed, "help\214le" is used.)-2.68 F(HoldExpensi)102
+204.6 Q 8.54 -.15(ve [)-.25 H 1.394(c] If an outgoing mailer is mark).15
+F 1.393(ed as being e)-.1 F(xpensi)-.15 E -.15(ve)-.25 G 3.893(,d).15 G
+(on')-3.893 E 3.893(tc)-.18 G 1.393(onnect immedi-)-3.893 F(ately)174
+216.6 Q(.)-.65 E(HostsFile=)102 232.8 Q F2(path)A F1 .026([no short nam\
+e] The path to the hosts database, normally \231/etc/hosts\232.)10.24 F
+.026(This option)5.026 F 1.417(is only consulted when sendmail is canon\
+ifying addresses, and then only when)174 244.8 R .783
+(\231\214les\232 is in the \231hosts\232 service switch entry)174 256.8
+R 5.784(.I)-.65 G 3.284(np)-5.784 G(articular)-3.284 E 3.284(,t)-.4 G
+.784(his \214le is)-3.284 F F2(ne)3.284 E(ver)-.15 E F1(used)3.284 E
+.202(when looking up host addresses; that is under the control of the s\
+ystem)174 268.8 R F2 -.1(ge)2.702 G(thostby-).1 E(name)174 280.8 Q F1
+(\(3\) routine.)A(HostStatusDirectory=)102 297 Q F2(path)A F1 .43
+([no short name] The location of the long term host status information.)
+174 309 R .43(When set,)5.43 F 1.39
+(information about the status of hosts \(e.g., host do)174 321 R 1.39
+(wn or not accepting connec-)-.25 F .162
+(tions\) will be shared between all)174 333 R F2(sendmail)2.663 E F1
+.163(processes; normally)2.663 F 2.663(,t)-.65 G .163
+(his information is)-2.663 F .123(only held within a single queue run.)
+174 345 R .123(This option requires a connection cache of at)5.123 F
+.688(least 1 to function.)174 357 R .688(If the option be)5.688 F .688
+(gins with a leading `/', it is an absolute path-)-.15 F .617
+(name; otherwise, it is relati)174 369 R .917 -.15(ve t)-.25 H 3.117(ot)
+.15 G .617(he mail queue directory)-3.117 F 5.617(.A)-.65 G .617
+(suggested v)-2.5 F .616(alue for)-.25 F .558(sites desiring persistent\
+ host status is \231.hoststat\232 \(i.e., a subdirectory of the queue)
+174 381 R(directory\).)174 393 Q 24.51(IgnoreDots [i])102 409.2 R 1.172
+(Ignore dots in incoming messages.)3.672 F 1.172(This is al)6.172 F -.1
+(wa)-.1 G 1.171(ys disabled \(that is, dots are).1 F(al)174 421.2 Q -.1
+(wa)-.1 G(ys accepted\) when reading SMTP mail.).1 E(InputMailFilters=)
+102 437.4 Q F2(name)A(,name)-.1 E(,...)-.1 E F1 3.621(Ac)174 449.4 S
+1.122(omma separated list of \214lters which determines which \214lters\
+ \(see the "X \212)-3.621 F 1.768
+(Mail Filter \(Milter\) De\214nitions" section\) and the in)174 461.4 R
+-.2(vo)-.4 G 1.768(cation sequence are con-).2 F .367
+(tacted for incoming SMTP messages.)174 473.4 R .367
+(If none are set, no \214lters will be contacted.)5.367 F(LD)102 489.6 Q
+(APDef)-.4 E(aultSpec=)-.1 E F2(spec)A F1 2.058
+([no short name] Sets a def)174 501.6 R 2.057
+(ault map speci\214cation for LD)-.1 F 2.057(AP maps.)-.4 F 2.057(The v)
+7.057 F(alue)-.25 E .673(should only contain LD)174 513.6 R .674
+(AP speci\214c settings such as \231-h host -p port -d bindDN\232.)-.4 F
+.501(The settings will be used for all LD)174 525.6 R .501
+(AP maps unless the indi)-.4 F .5(vidual map speci\214ca-)-.25 F 1.5
+(tion o)174 537.6 R -.15(ve)-.15 G 1.5(rrides a setting.).15 F 1.5
+(This option should be set before an)6.5 F 4(yL)-.15 G -.4(DA)-4 G 4(Pm)
+.4 G 1.5(aps are)-4 F(de\214ned.)174 549.6 Q(LogLe)102 565.8 Q -.15(ve)
+-.25 G(l=).15 E F2(n)A F1([L] Set the log le)22.88 E -.15(ve)-.25 G 2.5
+(lt).15 G(o)-2.5 E F2(n)2.5 E F1 5(.D)C(ef)-5 E(aults to 9.)-.1 E(M)102
+582 Q F2 1.666(xv)C(alue)-1.666 E F1 .255([no long v)35.344 F .255
+(ersion] Set the macro)-.15 F F2(x)2.755 E F1(to)2.755 E F2(value)2.755
+E F1 5.255(.T)C .255(his is intended only for use from the)-5.255 F
+(command line.)174 594 Q(The)5 E F0<ad4d>2.5 E F1(\215ag is preferred.)
+2.5 E -1.04(MailboxDatabase [no)102 610.2 R 2.967(short name] T)5.467 F
+2.967(ype of lookup to \214nd information about local mailbox)-.8 F(es,)
+-.15 E(def)174 622.2 Q .145(aults to `)-.1 F(`pw')-.74 E 2.645('w)-.74 G
+.145(hich uses)-2.645 F F2 -.1(ge)2.645 G(tpwnam).1 E F1 5.145(.O)C .145
+(ther types can be introduced by adding)-5.145 F
+(them to the source code, see libsm/mbdb)174 634.2 Q(.c for details.)-.4
+E 33.94(UseMSP [no)102 650.4 R .163
+(short name] Use as mail submission program, i.e., allo)2.663 F 2.664
+(wg)-.25 G .164(roup writable queue)-2.664 F .954(\214les if the group \
+is the same as that of a set-group-ID sendmail binary)174 662.4 R 5.954
+(.S)-.65 G .954(ee the)-5.954 F(\214le)174 674.4 Q F0(sendmail/SECURITY)
+2.5 E F1(in the distrib)2.5 E(ution tarball.)-.2 E 11.17(MatchGECOS [G])
+102 690.6 R(Allo)3.333 E 3.333(wf)-.25 G .833
+(uzzy matching on the GECOS \214eld.)-3.333 F .834
+(If this \215ag is set, and the usual)5.833 F .868(user name lookups f)
+174 702.6 R .867(ail \(that is, there is no alias with this name and a)
+-.1 F F2 -.1(ge)3.367 G(tpwnam).1 E F1 -.1(fa)174 714.6 S 1.155
+(ils\), sequentially search the passw).1 F 1.155
+(ord \214le for a matching entry in the GECOS)-.1 F 0 Cg EP
%%Page: 72 68
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d37322053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 2.325
-<696e20746865207175657565206469726563746f7279>174 96 R 7.326<2e4e>-.65 G
-2.326<6f74653a2074686973206f7074696f6e20616c736f207265737472696374732074
-6865206e756d626572206f6620656e7472696573>-7.326 F 1.443
-<7072696e746564206279>174 108 R/F2 10/Times-Italic@0 SF<6d61696c71>3.943
-E F1 6.443<2e54>C 1.443<6861742069732c206966>-6.443 F F2
-<4d6178517565756552756e53697a65>3.943 E F1 1.443
-<69732073657420746f20612076>3.943 F<616c7565>-.25 E F0<4e>3.943 E F1
-<6c6172>3.942 E 1.442<676572207468616e>-.18 F
-<7a65726f2c207468656e206f6e6c79>174 120 Q F0<4e>2.5 E F1<656e7472696573
-20617265207072696e746564207065722071756575652067726f75702e>2.5 E
-<4d6178526563697069656e74735065724d6573736167653d>102 136.2 Q F2<4e>A F1
-1.672<5b6e6f2073686f7274206e616d655d20546865206d6178696d756d206e756d6265
-72206f6620726563697069656e747320746861742077696c6c2062652061636365707465
-6420706572>174 148.2 R 1.459
-<6d65737361676520696e20616e20534d5450207472616e73616374696f6e2e>174
-160.2 R 1.458<4e6f74653a2073657474696e67207468697320746f6f206c6f>6.458 F
-3.958<7763>-.25 G 1.458<616e20696e746572666572652077697468>-3.958 F .048
-<73656e64696e67206d61696c2066726f6d204d55>174 172.2 R .048<417320746861
-742075736520534d545020666f7220696e697469616c207375626d697373696f6e2e>-.4
-F .049<4966206e6f74207365742c207468657265206973>5.049 F<6e6f206c696d6974
-206f6e20746865206e756d626572206f6620726563697069656e74732070657220656e>
-174 184.2 Q -.15<7665>-.4 G<6c6f70652e>.15 E
-<4d617852756e6e65727350657251756575653d>102 200.4 Q F2<4e>A F1 2.004
-<5b6e6f2073686f7274206e616d655d205468697320736574732074686520646566>174
-212.4 R 2.003<61756c74206d6178696d756d206e756d626572206f6620717565756520
-72756e6e65727320666f72>-.1 F 1.161<71756575652067726f7570732e>174 224.4
-R 1.161<557020746f>6.161 F F2<4e>3.661 E F1 1.161
-<71756575652072756e6e6572732077696c6c2077>3.661 F 1.162
-<6f726b20696e20706172616c6c656c206f6e20612071756575652067726f757027>-.1
-F<73>-.55 E 3.466<6d657373616765732e2054686973>174 236.4 R .965<69732075
-736566756c207768657265207468652070726f63657373696e67206f662061206d657373
-61676520696e20746865207175657565206d69676874>3.466 F .945<64656c61792074
-68652070726f63657373696e67206f662073756273657175656e74206d65737361676573
-2e205375636820612064656c6179206d61792062652074686520726573756c74206f66>
-174 248.4 R .116<6e6f6e2d6572726f6e656f757320736974756174696f6e73207375
-63682061732061206c6f>174 260.4 R 2.616<7762>-.25 G .116
-<616e64776964746820636f6e6e656374696f6e2e>-2.616 F .116
-<4d6179206265206f>5.116 F -.15<7665>-.15 G<7272696464656e>.15 E .644<6f
-6e2061207065722071756575652067726f75702062617369732062792073657474696e67
-20746865>174 272.4 R F2<52756e6e6572>3.144 E<73>-.1 E F1 .645
-<6f7074696f6e3b20736565207468652073656374696f6e>3.144 F F0<5175657565>
-3.145 E<4772>174 284.4 Q<6f7570204465636c61726174696f6e>-.18 E F1 5
-<2e54>C<686520646566>-5 E
-<61756c742069732031207768656e206e6f74207365742e>-.1 E<4d6554>102 300.6 Q
-40.86<6f6f205b6d5d>-.8 F .367<53656e6420746f206d6520746f6f2c2065>2.867 F
--.15<7665>-.25 G 2.867<6e69>.15 G 2.867<664961>-2.867 G 2.867<6d69>
--2.867 G 2.867<6e61>-2.867 G 2.867<6e61>-2.867 G .367<6c6961732065>
--2.867 F 2.867<7870616e73696f6e2e2054686973>-.15 F .366
-<6f7074696f6e2069732064657072656361746564>2.867 F
-<616e642077696c6c2062652072656d6f>174 312.6 Q -.15<7665>-.15 G 2.5<6466>
-.15 G<726f6d2061206675747572652076>-2.5 E<657273696f6e2e>-.15 E 44.5
-<4d696c746572205b6e6f>102 328.8 R .777
-<73686f7274206e616d655d2054686973206f7074696f6e20686173207365>3.277 F
--.15<7665>-.25 G .778<72616c2073756228737562296f7074696f6e732e>.15 F
-.778<546865206e616d6573206f6620746865207375622d>5.778 F 1.135
-<6f7074696f6e73206172652073657061726174656420627920646f74732e>174 340.8
-R 1.135<417420746865208c727374206c65>6.135 F -.15<7665>-.25 G 3.634
-<6c74>.15 G 1.134<686520666f6c6c6f>-3.634 F 1.134
-<77696e67206f7074696f6e73206172652061>-.25 F -.25<7661>-.2 G<696c2d>.25
-E<61626c653a>174 352.8 Q<4c6f674c65>214 369 Q -.15<7665>-.25 G 15<6c4c>
-.15 G<6f67206c65>-15 E -.15<7665>-.25 G 2.5<6c66>.15 G
-<6f7220696e707574206d61696c208c6c74657220616374696f6e732c20646566>-2.5 E
-<61756c747320746f204c6f674c65>-.1 E -.15<7665>-.25 G<6c2e>.15 E 22.1
-<6d6163726f732053706563698c6573>214 381 R<6c697374206f66206d6163726f2074
-6f207472616e736d697420746f208c6c746572732e>2.5 E
-<536565206c6973742062656c6f>267.48 393 Q -.65<772e>-.25 G 2.458
-<5468652060>174 409.2 R<606d6163726f7327>-.74 E 4.958<276f>-.74 G 2.458
-<7074696f6e206861732074686520666f6c6c6f>-4.958 F 2.458<77696e6720737562
-6f7074696f6e73207768696368207370656369667920746865206c697374206f66>-.25
-F<6d6163726f20746f207472616e736d697420746f206d696c7465727320616674657220
-61206365727461696e2065>174 421.2 Q -.15<7665>-.25 G
-<6e74206f636375727265642e>.15 E 14.88<636f6e6e656374204166746572>214
-437.4 R<73657373696f6e20636f6e6e656374696f6e207374617274>2.5 E 28.76
-<68656c6f204166746572>214 449.4 R<45484c4f2f48454c4f20636f6d6d616e64>2.5
-E<656e>214 461.4 Q 12.5<7666726f6d204166746572>-.4 F
-<4d41494c2046726f6d20636f6d6d616e64>2.5 E<656e>214 473.4 Q 16.39
-<7672637074204166746572>-.4 F<524350542054>2.5 E 2.5<6f63>-.8 G
-<6f6d6d616e64>-2.5 E 29.32<64617461204166746572>214 485.4 R -.4<4441>2.5
-G 1.86 -.93<54412063>-.71 H<6f6d6d616e642e>.93 E 31.54
-<656f68204166746572>214 497.4 R -.4<4441>2.5 G 1.86 -.93<54412063>-.71 H
-<6f6d6d616e6420616e6420686561646572>.93 E 28.76<656f6d204166746572>214
-509.4 R -.4<4441>2.5 G 1.86 -.93<54412063>-.71 H
-<6f6d6d616e6420616e64207465726d696e6174696e672060>.93 E<602e>-.74 E -.74
-<2727>-.7 G<427920646566>174 525.6 Q
-<61756c7420746865206c69737473206f66206d6163726f732061726520656d707479>
--.1 E 5<2e45>-.65 G<78616d706c653a>-5 E 2.5<4f4d>214 541.8 S<696c746572>
--2.5 E<2e4c6f674c65>-.55 E -.15<7665>-.25 G<6c3d3132>.15 E 2.5<4f4d>214
-553.8 S<696c746572>-2.5 E
-<2e6d6163726f732e636f6e6e6563743d6a2c205f2c207b6461656d6f6e5f6e616d657d>
--.55 E<4d696e46726565426c6f636b733d>102 574.2 Q F2<4e>A F1 1.539
-<5b625d20496e73697374206f6e206174206c65617374>174 586.2 R F2<4e>4.039 E
-F1 1.538<626c6f636b732066726565206f6e20746865208c6c6573797374656d207468
-617420686f6c647320746865207175657565208c6c6573>4.039 F .845
-<6265666f726520616363657074696e6720656d61696c2076696120534d5450>174
-598.2 R 5.846<2e49>-1.11 G 3.346<6674>-5.846 G .846
-<6865726520697320696e737566>-3.346 F .846<8c6369656e74207370616365>-.25
-F F2<73656e646d61696c>3.346 E F1<6769>3.346 E -.15<7665>-.25 G 3.346
-<7361>.15 G
-<34353220726573706f6e736520746f20746865204d41494c20636f6d6d616e642e>174
-610.2 Q<5468697320696e>5 E
-<7669746573207468652073656e64657220746f20747279206167>-.4 E
-<61696e206c61746572>-.05 E<2e>-.55 E<4d617851756575654167653d>102 626.4
-Q F2 -.1<616765>C F1 .346<5b6e6f2073686f7274206e616d655d2049662074686973
-2069732073657420746f20612076>174 638.4 R .345<616c7565206772656174657220
-7468616e207a65726f2c20656e747269657320696e207468652071756575652077696c6c>
--.25 F 1.094<6265207265747269656420647572696e6720612071756575652072756e
-206f6e6c792069662074686520696e6469>174 650.4 R 1.095
-<76696475616c2072657472792074696d6520686173206265656e2072656163686564>
--.25 F 1.476
-<776869636820697320646f75626c656420666f72206561636820617474656d70742e>
-174 662.4 R 1.476<546865206d6178696d756d2072657472792074696d65206973206c
-696d6974656420627920746865>6.476 F<73706563698c65642076>174 674.4 Q
-<616c75652e>-.25 E<4d696e51756575654167653d>102 690.6 Q F2 -.1<616765>C
-F1 .886<5b6e6f2073686f7274206e616d655d20446f6e27>174 702.6 R 3.386<7470>
--.18 G .886<726f6365737320616e>-3.386 F 3.386<7971>-.15 G .886
-<7565756564206a6f62732074686174206861>-3.386 F 1.187 -.15<76652062>-.2 H
-.887<65656e20696e20746865207175657565206c657373>.15 F 4.765
-<7468616e2074686520696e646963617465642074696d6520696e74657276>174 714.6
-R 7.265<616c2e2054686973>-.25 F 4.765
-<697320696e74656e64656420746f20616c6c6f>7.265 F 7.265<7779>-.25 G 4.765
-<6f7520746f20676574>-7.265 F 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-72 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 3.696
+(\214eld. This)174 96 R 1.196(also requires that MA)3.696 F 1.196
+(TCHGECOS be turned on during compilation.)-1.11 F
+(This option is not recommended.)174 108 Q(MaxAliasRecursion=)102 124.2
+Q/F2 10/Times-Italic@0 SF(N)A F1
+([no short name] The maximum depth of alias recursion \(def)174 136.2 Q
+(ault: 10\).)-.1 E(MaxDaemonChildren=)102 152.4 Q F2(N)A F1 .539
+([no short name] If set,)174 164.4 R F2(sendmail)3.039 E F1 .539
+(will refuse connections when it has more than)3.039 F F2(N)3.04 E F1
+.886(children processing incoming mail or automatic queue runs.)174
+176.4 R .885(This does not limit)5.885 F .812
+(the number of outgoing connections.)174 188.4 R .812(If the def)5.812 F
+(ault)-.1 E F0(Deli)3.313 E -.1(ve)-.1 G(ryMode).1 E F1(\(background\))
+3.313 E 3.135(is used, then)174 200.4 R F2(sendmail)5.635 E F1 3.134
+(may create an almost unlimited number of children)5.635 F .294
+(\(depending on the number of transactions and the relati)174 212.4 R
+.594 -.15(ve exe)-.25 H .295(cution times of mail).15 F 1.236
+(receiption and mail deli)174 224.4 R -.15(ve)-.25 G 3.736(ry\). If).15
+F 1.236(the limit should be enforced, then a)3.736 F F0(Deli)3.735 E -.1
+(ve)-.1 G(ry-).1 E(Mode)174 236.4 Q F1 1.483
+(other than background must be used.)3.983 F 1.484
+(If not set, there is no limit to the)6.483 F
+(number of children -- that is, the system load a)174 248.4 Q -.15(ve)
+-.2 G(rage controls this.).15 E(MaxHeadersLength=)102 264.6 Q F2(N)A F1
+.188([no short name] If set to a v)174 276.6 R .187
+(alue greater than zero it speci\214es the maximum length)-.25 F .637
+(of the sum of all headers.)174 288.6 R .638(This can be used to pre)
+5.637 F -.15(ve)-.25 G .638(nt a denial of service attack.).15 F
+(The def)174 300.6 Q(ault is 32K.)-.1 E(MaxHopCount=)102 316.8 Q F2(N)A
+F1 1.238([h] The maximum hop count.)174 328.8 R 1.238(Messages that ha)
+6.238 F 1.537 -.15(ve b)-.2 H 1.237(een processed more than).15 F F2(N)
+3.737 E F1(times are assumed to be in a loop and are rejected.)174 340.8
+Q(Def)5 E(aults to 25.)-.1 E(MaxMessageSize=)102 357 Q F2(N)A F1 2.562
+([no short name] Specify the maximum message size to be adv)174 369 R
+2.563(ertised in the)-.15 F 1.023(ESMTP EHLO response.)174 381 R 1.023
+(Messages lar)6.023 F 1.022(ger than this will be rejected.)-.18 F 1.022
+(If set to a)6.022 F -.25(va)174 393 S .834
+(lue greater than zero, that v).25 F .834
+(alue will be listed in the SIZE response, otherwise)-.25 F(SIZE is adv)
+174 405 Q(ertised in the ESMTP EHLO response without a parameter)-.15 E
+(.)-.55 E(MaxMimeHeaderLength=)102 421.2 Q F2(N[/M])A F1 .343([no short\
+ name] Sets the maximum length of certain MIME header \214eld v)174
+433.2 R .343(alues to)-.25 F F2(N)174 445.2 Q F1 3.618
+(characters. These)3.618 F 1.118
+(MIME header \214elds are determined by being a member of)3.618 F .895
+(class {checkMIMET)174 457.2 R -.15(ex)-.7 G .895
+(tHeaders}, which currently contains only the header Con-).15 F 2.559
+(tent-Description. F)174 469.2 R .059
+(or some of these headers which tak)-.15 F 2.559(ep)-.1 G .059
+(arameters, the maximum)-2.559 F .102
+(length of each parameter is set to)174 481.2 R F2(M)2.602 E F1 .102
+(if speci\214ed.)2.602 F(If)5.102 E F2(/M)2.602 E F1 .101
+(is not speci\214ed, one half of)2.602 F F2(N)174 493.2 Q F1 1.775
+(will be used.)4.275 F 1.775(By def)6.775 F 1.775(ault, these v)-.1 F
+1.776(alues are 2048 and 1024, respecti)-.25 F -.15(ve)-.25 G(ly).15 E
+6.776(.T)-.65 G(o)-7.576 E(allo)174 505.2 Q 2.5(wa)-.25 G .3 -.15(ny l)
+-2.5 H(ength, a v).15 E(alue of 0 can be speci\214ed.)-.25 E
+(MaxNOOPCommands=)102 521.4 Q F2(N)A F1(Ov)174 533.4 Q 2.104
+(erride the def)-.15 F 2.104(ault of)-.1 F F0(MAXNOOPCOMMANDS)4.603 E F1
+2.103(for the number of)4.603 F F2(useless)4.603 E F1
+(commands, see Section "Measures ag)174 545.4 Q
+(ainst Denial of Service Attacks".)-.05 E(MaxQueueChildren=)102 561.6 Q
+F2(N)A F1 .304([no short name] When set, this limits the number of conc\
+urrent queue runner pro-)174 573.6 R .202(cesses to)174 585.6 R F2(N.)
+2.702 E F1 .201
+(This helps to control the amount of system resources used when pro-)
+5.202 F 1.255(cessing the queue.)174 597.6 R 1.255
+(When there are multiple queue groups de\214ned and the total)6.255 F
+1.2(number of queue runners for these queue groups w)174 609.6 R 1.2
+(ould e)-.1 F(xceed)-.15 E F2(MaxQueueChil-)3.7 E(dr)174 621.6 Q(en)-.37
+E F1 .472(then the queue groups will not all run concurrently)2.972 F
+2.972(.T)-.65 G .472(hat is, some portion of)-2.972 F .871
+(the queue groups will run concurrently such that)174 633.6 R F2
+(MaxQueueChildr)3.371 E(en)-.37 E F1 .871(will not be)3.371 F -.15(ex)
+174 645.6 S 1.892(ceeded, while the remaining queue groups will be run \
+later \(in round robin).15 F 1.3(order\). See also)174 657.6 R F2
+(MaxRunner)3.8 E(sP)-.1 E(erQueue)-.8 E F1 1.3(and the section)3.8 F F0
+1.3(Queue Gr)3.8 F 1.3(oup Declara-)-.18 F(tion)174 669.6 Q F1 5.756(.N)
+C(otice:)-5.756 E F2(sendmail)3.256 E F1 .757(does not count indi)3.256
+F .757(vidual queue runners, b)-.25 F .757(ut only sets of)-.2 F 1.451
+(processes that act on a w)174 681.6 R 3.951(orkgroup. Hence)-.1 F 1.451
+(the actual number of queue runners)3.951 F 1.414(may be lo)174 693.6 R
+1.414(wer than the limit imposed by)-.25 F F2(MaxQueueChildr)3.914 E(en)
+-.37 E F1 6.414(.T)C 1.414(his discrepanc)-6.414 F(y)-.15 E 1.424
+(can be lar)174 705.6 R 1.424(ge if some queue runners ha)-.18 F 1.724
+-.15(ve t)-.2 H 3.924(ow).15 G 1.424(ait for a slo)-4.024 F 3.923(ws)
+-.25 G(erv)-3.923 E 1.423(er and if short)-.15 F(interv)174 717.6 Q
+(als are used.)-.25 E 0 Cg EP
%%Page: 73 69
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3733>195.86 E
-/F1 10/Times-Roman@0 SF<726573706f6e7369>174 96 Q -.15<7665>-.25 G 1.141
-<6e6573732062792070726f63657373696e67207468652071756575652066>.15 F
-1.141<6169726c79206672657175656e746c7920776974686f757420746872617368696e
-6720796f7572>-.1 F .286
-<73797374656d20627920747279696e67206a6f627320746f6f206f6674656e2e>174
-108 R .286<54686520646566>5.286 F .286
-<61756c7420756e69747320617265206d696e757465732e>-.1 F .286
-<4e6f74653a2054686973206f7074696f6e>5.286 F 6.763<69732069676e6f72656420
-666f722071756575652072756e7320746861742073656c65637420612073756273657420
-6f66207468652071756575652c20692e652e2c>174 120 R
-<99ad715b215d5b497c527c537c515d5b737472696e675d9a>174 132 Q
-<4d75737451756f746543686172733d>102 148.2 Q/F2 10/Times-Italic@0 SF<73>A
-F1 1.253<5b6e6f2073686f7274206e616d655d205365747320746865206c697374206f
-6620636861726163746572732074686174206d7573742062652071756f74656420696620
-7573656420696e20612066756c6c>174 160.2 R 1.217<6e616d652074686174206973
-20696e20746865207068726173652070617274206f6620612060>174 172.2 R 1.217
-<60706872617365203c616464726573733e27>-.74 F 3.717<2773>-.74 G 3.717
-<796e7461782e20546865>-3.717 F<646566>3.718 E 1.218<61756c74206973>-.1 F
--.74<6060>174 184.2 S<b42e>.74 E -.74<2727>-.7 G 5<2e54>.74 G
-<686520636861726163746572732060>-5 E<60402c3b3a5c28295b5d27>-.74 E 2.5
-<2761>-.74 G<726520616c>-2.5 E -.1<7761>-.1 G
-<797320616464656420746f2074686973206c6973742e>.1 E 7.85
-<4e696365517565756552756e205b6e6f>102 200.4 R 2.156<73686f7274206e616d65
-5d20546865207072696f72697479206f662071756575652072756e6e65727320286e6963
-65283329292e>4.656 F 2.156<546869732076>7.156 F 2.155
-<616c7565206d757374206265>-.25 F
-<67726561746572206f7220657175616c207a65726f2e>174 212.4 Q
-<4e6f526563697069656e74416374696f6e>102 228.6 Q .554
-<5b6e6f2073686f7274206e616d655d2054686520616374696f6e20746f2074616b>174
-240.6 R 3.055<6577>-.1 G .555<68656e20796f75207265636569>-3.055 F .855
--.15<76652061206d>-.25 H .555<657373616765207468617420686173206e6f2076>
-.15 F<616c6964>-.25 E .625<726563697069656e742068656164657273202854>174
-252.6 R .625
-<6f3a2c2043633a2c204263633a2c206f72204170706172656e746c792d54>-.8 F .625
-<6f3a208a20746865206c61737420696e636c7564656420666f72206261636b>-.8 F
-.108<636f6d7061746962696c6974792077697468206f6c64>174 264.6 R F2
-<73656e646d61696c>2.608 E F1 2.608<73292e204974>B .108<63616e206265>
-2.608 F F0<4e6f6e65>2.608 E F1 .109
-<746f207061737320746865206d657373616765206f6e20756e6d6f642d>2.609 F .297
-<698c65642c2077686963682076696f6c61746573207468652070726f746f636f6c2c>
-174 276.6 R F0<4164642d54>2.796 E<6f>-.92 E F1 .296
-<746f2061646420612054>2.796 F .296<6f3a20686561646572207769746820616e>
--.8 F 2.796<7972>-.15 G<6563697069656e7473>-2.796 E 1.638
-<69742063616e208c6e6420696e2074686520656e>174 288.6 R -.15<7665>-.4 G
-1.638<6c6f706520287768696368206d696768742065>.15 F 1.638
-<78706f7365204263633a20726563697069656e7473292c>-.15 F F0<4164642d41>
-4.139 E<70706172>-.25 E<2d>-.37 E<656e746c792d54>174 300.6 Q<6f>-.92 E
-F1 .338<746f2061646420616e204170706172656e746c792d54>2.838 F .337<6f3a20
-686561646572202874686973206973206f6e6c7920666f72206261636b2d636f6d706174
-6962696c69747920616e64>-.8 F .841<6973206f66>174 312.6 R .841
-<8c6369616c6c792064657072656361746564292c>-.25 F F0<4164642d54>3.341 E
-<6f2d556e646973636c6f736564>-.92 E F1 .841
-<746f20616464206120686561646572209954>3.341 F .842
-<6f3a20756e646973636c6f7365642d>-.8 F .398
-<726563697069656e74733a3b9a20746f206d616b>174 324.6 R 2.898<6574>-.1 G
-.397<686520686561646572206c65>-2.898 F -.05<6761>-.15 G 2.897<6c77>.05 G
-.397<6974686f757420646973636c6f73696e6720616e>-2.897 F .397
-<797468696e672c206f72>-.15 F F0<4164642d426363>2.897 E F1<746f>2.897 E
-<61646420616e20656d707479204263633a20686561646572>174 336.6 Q<2e>-.55 E
-1.18<4f6c645374796c6548656164657273205b6f5d>102 352.8 R 1.713<417373756d
-652074686174207468652068656164657273206d617920626520696e206f6c6420666f72
-6d61742c20692e652e2c207370616365732064656c696d6974206e616d65732e>4.213 F
-1.069<546869732061637475616c6c79207475726e73206f6e20616e20616461707469>
-174 364.8 R 1.368 -.15<76652061>-.25 H 1.068
-<6c676f726974686d3a20696620616e>.15 F 3.568<7972>-.15 G 1.068
-<6563697069656e74206164647265737320636f6e7461696e732061>-3.568 F 1.681
-<636f6d6d612c20706172656e7468657369732c206f7220616e676c6520627261636b>
-174 376.8 R 1.681<65742c2069742077696c6c20626520617373756d65642074686174
-20636f6d6d617320616c7265616479>-.1 F -.15<6578>174 388.8 S 2.825
-<6973742e204966>.15 F .325<74686973208d6167206973206e6f74206f6e2c206f6e
-6c7920636f6d6d61732064656c696d6974206e616d65732e>2.825 F .325
-<486561646572732061726520616c>5.325 F -.1<7761>-.1 G .325
-<7973206f75742d>.1 F
-<707574207769746820636f6d6d6173206265747765656e20746865206e616d65732e>
-174 400.8 Q<446566>5 E<61756c747320746f206f66>-.1 E<662e>-.25 E
-<4f70657261746f7243686172733d>102 417 Q F2 -.15<6368>C<61726c697374>.15
-E F1 1.438<5b246f206d6163726f5d20546865206c697374206f662063686172616374
-65727320746861742061726520636f6e7369646572656420746f20626520996f70657261
-746f72739a2c20746861742069732c>174 429 R .82
-<6368617261637465727320746861742064656c696d697420746f6b>174 441 R 3.32
-<656e732e20416c6c>-.1 F .82
-<6f70657261746f7220636861726163746572732061726520746f6b>3.32 F .82
-<656e73206279207468656d73656c76>-.1 F<65733b>-.15 E .078<73657175656e63
-6573206f66206e6f6e2d6f70657261746f7220636861726163746572732061726520616c
-736f20746f6b>174 453 R 2.578<656e732e205768697465>-.1 F .078
-<73706163652063686172616374657273207365702d>2.578 F .27
-<617261746520746f6b>174 465 R .27<656e732062>-.1 F .269
-<757420617265206e6f7420746f6b>-.2 F .269<656e73207468656d73656c76>-.1 F
-.269<6573208a20666f722065>-.15 F .269<78616d706c652c2099>-.15 F .269
-<4141412e4242429a20686173207468726565>-.8 F<746f6b>174 477 Q .433
-<656e732c2062>-.1 F .433<75742099>-.2 F .433
-<414141204242429a20686173207477>-.8 F 2.933<6f2e204966>-.1 F .433
-<6e6f74207365742c204f70657261746f72436861727320646566>2.933 F .433
-<61756c747320746f20992e>-.1 F 1.666<3a405b5d>1.666 G<9a3b>-1.666 E
-<6164646974696f6e616c6c79>174 489 Q 3.566<2c74>-.65 G 1.066
-<68652063686172616374657273209928>-3.566 F 1.666<293c3e2c3b>1.666 G
-3.566<9a61>-1.666 G 1.066<726520616c>-3.566 F -.1<7761>-.1 G 1.065
-<7973206f70657261746f72732e>.1 F 1.065
-<4e6f74652074686174204f70657261746f72>6.065 F<2d>-.2 E<4368617273206d75
-73742062652073657420696e2074686520636f6e8c6775726174696f6e208c6c65206265
-666f726520616e>174 501 Q 2.5<7972>-.15 G<756c65736574732e>-2.5 E
-<50696446696c653d>102 517.2 Q F2<8c6c656e616d65>A F1 1.3<5b6e6f2073686f
-7274206e616d655d2046696c656e616d65206f662074686520706964208c6c652e>3.58
-F<28646566>6.3 E 1.3<61756c74206973205f50>-.1 F -1.11<4154>-.92 G
-<485f53454e444d41494c504944292e>1.11 E<546865>174 529.2 Q F2
-<8c6c656e616d65>2.832 E F1 .332<6973206d6163726f2d65>2.832 F .332<787061
-6e646564206265666f7265206974206973206f70656e65642c20616e6420756e6c696e6b>
--.15 F .331<6564207768656e>-.1 F F2<73656e646d61696c>2.831 E F1 -.15
-<6578>174 541.2 S<6974732e>.15 E<506f73746d6173746572436f70>102 557.4 Q
-<793d>-.1 E F2<706f73746d6173746572>A F1 .003<5b505d204966207365742c2063
-6f70696573206f66206572726f72206d657373616765732077696c6c2062652073656e74
-20746f20746865206e616d6564>174 569.4 R F2<706f73746d6173746572>2.504 E
-F1 5.004<2e4f>C .004<6e6c7920746865>-5.004 F .687
-<686561646572206f66207468652066>174 581.4 R .687
-<61696c6564206d6573736167652069732073656e742e>-.1 F .687<4572726f727320
-726573756c74696e672066726f6d206d6573736167657320776974682061206e65>5.687
-F<672d>-.15 E<617469>174 593.4 Q 1.83 -.15<76652070>-.25 H 1.53
-<7265636564656e63652077696c6c206e6f742062652073656e742e>.15 F 1.531<5369
-6e6365206d6f7374206572726f72732061726520757365722070726f626c656d732c2074
-686973206973>6.531 F .453
-<70726f6261626c79206e6f74206120676f6f642069646561206f6e206c6172>174
-605.4 R .453<67652073697465732c20616e64206172>-.18 F .453
-<677561626c7920636f6e7461696e7320616c6c20736f727473206f6620707269>-.18 F
--.25<7661>-.25 G -.15<6379>.25 G .1<76696f6c6174696f6e732c2062>174 617.4
-R .101<7574206974207365656d7320746f20626520706f70756c617220776974682063
-65727461696e206f7065726174696e672073797374656d732076>-.2 F 2.601
-<656e646f72732e20546865>-.15 F 1.919
-<61646472657373206973206d6163726f2065>174 629.4 R 1.918
-<7870616e646564206174207468652074696d65206f662064656c69>-.15 F -.15
-<7665>-.25 G<7279>.15 E 6.918<2e44>-.65 G<6566>-6.918 E 1.918
-<61756c747320746f206e6f20706f73746d6173746572>-.1 F<636f706965732e>174
-641.4 Q<507269>102 657.6 Q -.25<7661>-.25 G -.15<6379>.25 G
-<4f7074696f6e733d>.15 E F2<6f70742c6f70742c2e2e2e>1.666 E F1 1.191
-<5b705d205365742074686520707269>174 669.6 R -.25<7661>-.25 G -.15<6379>
-.25 G F2<6f7074>3.841 E F1 3.691<696f6e732e2060>B<60507269>-.74 E -.25
-<7661>-.25 G -.15<6379>.25 G 2.671 -.74<27272069>.15 H 3.692<7372>.74 G
-1.192<65616c6c792061206d69736e6f6d65723b206d616e>-3.692 F 3.692<796f>
--.15 G 3.692<6674>-3.692 G 1.192<6865736520617265>-3.692 F .929
-<6a75737420612077>174 681.6 R .928<6179206f6620696e73697374696e67206f6e
-207374726963746572206164686572656e636520746f2074686520534d54502070726f74
-6f636f6c2e>-.1 F<546865>5.928 E F2<6f7074>3.428 E F1<696f6e73>A
-<63616e2062652073656c65637465642066726f6d3a>174 693.6 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-73)195.86 E/F1 10/Times-Roman@0 SF(MaxQueueRunSize=)102 96 Q/F2
+10/Times-Italic@0 SF(N)A F1 .677([no short name] The maximum number of \
+jobs that will be processed in a single)174 108 R .502(queue run.)174
+120 R .501(If not set, there is no limit on the size.)5.502 F .501
+(If you ha)5.501 F .801 -.15(ve ve)-.2 H .501(ry lar).15 F .501
+(ge queues)-.18 F .445(or a v)174 132 R .445(ery short queue run interv)
+-.15 F .445(al this could be unstable.)-.25 F(Ho)5.445 E(we)-.25 E -.15
+(ve)-.25 G 1.245 -.4(r, s).15 H .445(ince the \214rst).4 F F2(N)174 144
+Q F1 1.115(jobs in queue directory order are run \(rather than the)3.615
+F F2(N)3.615 E F1 1.115(highest priority jobs\))3.615 F .136
+(this should be set as high as possible to a)174 156 R -.2(vo)-.2 G .136
+(id \231losing\232 jobs that happen to f).2 F .137(all late)-.1 F 2.326
+(in the queue directory)174 168 R 7.326(.N)-.65 G 2.326
+(ote: this option also restricts the number of entries)-7.326 F 1.442
+(printed by)174 180 R F2(mailq)3.942 E F1 6.443(.T)C 1.443(hat is, if)
+-6.443 F F2(MaxQueueRunSize)3.943 E F1 1.443(is set to a v)3.943 F(alue)
+-.25 E F0(N)3.943 E F1(lar)3.943 E 1.443(ger than)-.18 F
+(zero, then only)174 192 Q F0(N)2.5 E F1
+(entries are printed per queue group.)2.5 E(MaxRecipientsPerMessage=)102
+208.2 Q F2(N)A F1 1.672([no short name] The maximum number of recipient\
+s that will be accepted per)174 220.2 R 1.458
+(message in an SMTP transaction.)174 232.2 R 1.458
+(Note: setting this too lo)6.458 F 3.959(wc)-.25 G 1.459
+(an interfere with)-3.959 F .049(sending mail from MU)174 244.2 R .049
+(As that use SMTP for initial submission.)-.4 F .048
+(If not set, there is)5.048 F
+(no limit on the number of recipients per en)174 256.2 Q -.15(ve)-.4 G
+(lope.).15 E(MaxRunnersPerQueue=)102 272.4 Q F2(N)A F1 2.003
+([no short name] This sets the def)174 284.4 R 2.004
+(ault maximum number of queue runners for)-.1 F 1.162(queue groups.)174
+296.4 R 1.162(Up to)6.162 F F2(N)3.662 E F1 1.161(queue runners will w)
+3.662 F 1.161(ork in parallel on a queue group')-.1 F(s)-.55 E 3.465
+(messages. This)174 308.4 R .965
+(is useful where the processing of a message in the queue might)3.465 F
+.945(delay the processing of subsequent messages. Such a delay may be t\
+he result of)174 320.4 R .116(non-erroneous situations such as a lo)174
+332.4 R 2.616(wb)-.25 G .116(andwidth connection.)-2.616 F .116
+(May be o)5.116 F -.15(ve)-.15 G(rridden).15 E .645
+(on a per queue group basis by setting the)174 344.4 R F2(Runner)3.144 E
+(s)-.1 E F1 .644(option; see the section)3.144 F F0(Queue)3.144 E(Gr)174
+356.4 Q(oup Declaration)-.18 E F1 5(.T)C(he def)-5 E
+(ault is 1 when not set.)-.1 E(MeT)102 372.6 Q 40.86(oo [m])-.8 F .367
+(Send to me too, e)2.866 F -.15(ve)-.25 G 2.867(ni).15 G 2.867(fIa)
+-2.867 G 2.867(mi)-2.867 G 2.867(na)-2.867 G 2.867(na)-2.867 G .367
+(lias e)-2.867 F 2.867(xpansion. This)-.15 F .367(option is deprecated)
+2.867 F(and will be remo)174 384.6 Q -.15(ve)-.15 G 2.5(df).15 G
+(rom a future v)-2.5 E(ersion.)-.15 E 44.5(Milter [no)102 400.8 R .778
+(short name] This option has se)3.278 F -.15(ve)-.25 G .777
+(ral sub\(sub\)options.).15 F .777(The names of the sub-)5.777 F 1.134
+(options are separated by dots.)174 412.8 R 1.135(At the \214rst le)
+6.134 F -.15(ve)-.25 G 3.635(lt).15 G 1.135(he follo)-3.635 F 1.135
+(wing options are a)-.25 F -.25(va)-.2 G(il-).25 E(able:)174 424.8 Q
+(LogLe)214 441 Q -.15(ve)-.25 G 15(lL).15 G(og le)-15 E -.15(ve)-.25 G
+2.5(lf).15 G(or input mail \214lter actions, def)-2.5 E(aults to LogLe)
+-.1 E -.15(ve)-.25 G(l.).15 E 22.1(macros Speci\214es)214 453 R
+(list of macro to transmit to \214lters.)2.5 E(See list belo)267.48 465
+Q -.65(w.)-.25 G 2.459(The `)174 481.2 R(`macros')-.74 E 4.959('o)-.74 G
+2.458(ption has the follo)-4.959 F 2.458
+(wing suboptions which specify the list of)-.25 F
+(macro to transmit to milters after a certain e)174 493.2 Q -.15(ve)-.25
+G(nt occurred.).15 E 14.88(connect After)214 509.4 R
+(session connection start)2.5 E 28.76(helo After)214 521.4 R
+(EHLO/HELO command)2.5 E(en)214 533.4 Q 12.5(vfrom After)-.4 F
+(MAIL From command)2.5 E(en)214 545.4 Q 16.39(vrcpt After)-.4 F(RCPT T)
+2.5 E 2.5(oc)-.8 G(ommand)-2.5 E 29.32(data After)214 557.4 R -.4(DA)2.5
+G 1.86 -.93(TA c)-.71 H(ommand.).93 E 31.54(eoh After)214 569.4 R -.4
+(DA)2.5 G 1.86 -.93(TA c)-.71 H(ommand and header).93 E 28.76(eom After)
+214 581.4 R -.4(DA)2.5 G 1.86 -.93(TA c)-.71 H(ommand and terminating `)
+.93 E(`.)-.74 E -.74('')-.7 G(By def)174 597.6 Q
+(ault the lists of macros are empty)-.1 E 5(.E)-.65 G(xample:)-5 E 2.5
+(OM)214 613.8 S(ilter)-2.5 E(.LogLe)-.55 E -.15(ve)-.25 G(l=12).15 E 2.5
+(OM)214 625.8 S(ilter)-2.5 E(.macros.connect=j, _, {daemon_name})-.55 E
+(MinFreeBlocks=)102 646.2 Q F2(N)A F1 1.538([b] Insist on at least)174
+658.2 R F2(N)4.038 E F1 1.539
+(blocks free on the \214lesystem that holds the queue \214les)4.039 F
+.846(before accepting email via SMTP)174 670.2 R 5.846(.I)-1.11 G 3.346
+(ft)-5.846 G .846(here is insuf)-3.346 F .846(\214cient space)-.25 F F2
+(sendmail)3.346 E F1(gi)3.345 E -.15(ve)-.25 G 3.345(sa).15 G
+(452 response to the MAIL command.)174 682.2 Q(This in)5 E
+(vites the sender to try ag)-.4 E(ain later)-.05 E(.)-.55 E
+(MaxQueueAge=)102 698.4 Q F2 -.1(age)C F1 .345
+([no short name] If this is set to a v)174 710.4 R .346
+(alue greater than zero, entries in the queue will)-.25 F 1.094
+(be retried during a queue run only if the indi)174 722.4 R 1.094
+(vidual retry time has been reached)-.25 F 0 Cg EP
%%Page: 74 70
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d37342053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 56.37<7075626c696320416c6c6f>214 96 R 2.5<776f>
--.25 G<70656e20616363657373>-2.5 E 27.49
-<6e6565646d61696c68656c6f20496e73697374>214 108 R
-<6f6e2048454c4f206f722045484c4f20636f6d6d616e64206265666f7265204d41494c>
-2.5 E<6e65656465>214 120 Q 25.98<78706e68656c6f20496e73697374>-.15 F
-<6f6e2048454c4f206f722045484c4f20636f6d6d616e64206265666f7265204558504e>
-2.5 E<6e6f65>214 132 Q 52.08<78706e20446973616c6c6f>-.15 F 2.5<7745>-.25
-G<58504e20656e746972656c79>-2.5 E 2.5<2c69>-.65 G<6d706c696573206e6f>
--2.5 E -.15<7665>-.15 G<7262>.15 E<2e>-.4 E 28.61
-<6e6565647672667968656c6f20496e73697374>214 144 R
-<6f6e2048454c4f206f722045484c4f20636f6d6d616e64206265666f72652056524659>
-2.5 E<6e6f>214 156 Q 54.86<7672667920446973616c6c6f>-.15 F 2.5<7756>-.25
-G<52465920656e746972656c79>-2.5 E 55.82<6e6f6574726e20446973616c6c6f>214
-168 R 2.5<7745>-.25 G<54524e20656e746972656c79>-2.5 E<6e6f>214 180 Q
--.15<7665>-.15 G 53.9<726220446973616c6c6f>.15 F 2.5<7756>-.25 G
-<45524220656e746972656c79>-2.5 E 30.82
-<72657374726963746d61696c71205265737472696374>214 192 R
-<6d61696c7120636f6d6d616e64>2.5 E 35.27
-<72657374726963747172756e205265737472696374>214 204 R
-<ad7120636f6d6d616e64206c696e65208d6167>2.5 E<726573747269637465>214 216
-Q 24.87<7870616e64205265737472696374>-.15 F<ad62>2.5 E 2.5<7661>-.15 G
-<6e6420ad7620636f6d6d616e64206c696e65208d616773>-2.5 E 40.27
-<6e6f726563656970747320446f6e27>214 230 R 2.5<7472>-.18 G
-<657475726e20737563636573732044534e73>-2.5 E/F2 7/Times-Roman@0 SF<3230>
--4 I F1 27.49<6e6f626f647972657475726e20446f6e27>214 242 R 2.5<7472>-.18
-G<657475726e2074686520626f6479206f662061206d6573736167652077697468204453
-4e73>-2.5 E<676f61>214 254 Q -.1<7761>-.15 G 53.02<7944>.1 G
-<6973616c6c6f>-53.02 E 2.5<7765>-.25 G
-<7373656e7469616c6c7920616c6c20534d5450207374617475732071756572696573>
--2.5 E<6175746877>214 266 Q 27.59<61726e696e677320507574>-.1 F
-<582d41757468656e7469636174696f6e2d57>2.5 E
-<61726e696e673a206865616465727320696e206d65737361676573>-.8 E
-<616e64206c6f672077>297.87 278 Q<61726e696e6773>-.1 E 12.5
-<6e6f61637475616c726563697069656e7420446f6e27>214 290 R 2.5<7470>-.18 G
-<757420582d41637475616c2d526563697069656e74206c696e657320696e2044534e73>
--2.5 E<7768696368207265>297.87 302 Q -.15<7665>-.25 G<616c20746865206163
-7475616c206163636f756e74207468617420616464726573736573206d617020746f2e>
-.15 E 2.976<5468652099676f61>174 318.2 R -.1<7761>-.15 G 2.976
-<799a2070736575646f2d8d6167207365747320616c6c208d6167732065>.1 F 2.977<
-786365707420996e6f72656365697074739a2c209972657374726963746d61696c719a2c>
--.15 F 4.558<9972657374726963747172756e9a2c2099726573747269637465>174
-330.2 R 4.557<7870616e649a2c20996e6f6574726e9a2c20616e6420996e6f626f6479
-72657475726e9a2e>-.15 F 4.557<4966206d61696c71206973>9.557 F 1.842<7265
-73747269637465642c206f6e6c792070656f706c6520696e207468652073616d65206772
-6f757020617320746865207175657565206469726563746f72792063616e207072696e74
-20746865>174 342.2 R 2.545<71756575652e204966>174 354.2 R .044<71756575
-652072756e732061726520726573747269637465642c206f6e6c7920726f6f7420616e64
-20746865206f>2.545 F .044
-<776e6572206f6620746865207175657565206469726563746f7279>-.25 F 1.299
-<63616e2072756e207468652071756575652e>174 366.2 R 1.299
-<5468652099726573747269637465>6.299 F 1.299
-<7870616e649a2070736575646f2d8d616720696e73747275637473>-.15 F/F3 10
-/Times-Italic@0 SF<73656e646d61696c>3.799 E F1 1.299<746f2064726f70>
-3.799 F<707269>174 378.2 Q<76696c65>-.25 E 1.608
-<676573207768656e20746865>-.15 F F0<ad62>4.108 E<76>-.15 E F1 1.608
-<6f7074696f6e206973206769>4.108 F -.15<7665>-.25 G 4.108<6e62>.15 G
-4.108<7975>-4.108 G 1.608
-<736572732077686f20617265206e65697468657220726f6f74206e6f7220746865>
--4.108 F -.35<5472>174 390.2 S 1.33
-<75737465645573657220736f2075736572732063616e6e6f74207265616420707269>
-.35 F -.25<7661>-.25 G 1.33<746520616c69617365732c20666f7277>.25 F 1.33
-<617264732c206f72203a696e636c7564653a208c6c65732e>-.1 F<4974>6.33 E .634
-<77696c6c206164642074686520994e6f6e526f6f7453616665416464729a20746f2074
-68652099446f6e74426c616d6553656e646d61696c9a206f7074696f6e20746f20707265>
-174 402.2 R -.15<7665>-.25 G<6e74>.15 E .436
-<6d69736c656164696e6720756e7361666520616464726573732077>174 414.2 R
-2.936<61726e696e67732e204974>-.1 F .436<616c736f206f>2.936 F -.15<7665>
--.15 G .436<72726964657320746865>.15 F F0<ad76>2.936 E F1<2876>2.936 E
-.436<6572626f73652920636f6d6d616e64>-.15 F 1.293
-<6c696e65206f7074696f6e20746f20707265>174 426.2 R -.15<7665>-.25 G 1.292
-<6e7420696e666f726d6174696f6e206c65616b6167652e>.15 F 1.292
-<41757468656e7469636174696f6e2057>6.292 F 1.292
-<61726e696e6773206164642077>-.8 F<61726e2d>-.1 E .183
-<696e67732061626f75742076>174 438.2 R .183<6172696f757320636f6e64697469
-6f6e732074686174206d617920696e64696361746520617474656d70747320746f207370
-6f6f6620746865206d61696c2073797374656d2c>-.25 F<73756368206173207573696e
-672061206e6f6e2d7374616e64617264207175657565206469726563746f7279>174
-450.2 Q<2e>-.65 E<50726f6365737354>102 466.4 Q<69746c655072658c783d>-.35
-E F3<737472696e67>A F1 1.196<5b6e6f2073686f7274206e616d655d205072658c78
-207468652070726f63657373207469746c652073686f>174 478.4 R 1.195
-<776e206f6e2027707327206c697374696e67732077697468>-.25 F F3
-<737472696e67>3.695 E F1 6.195<2e54>C<6865>-6.195 E F3<737472696e67>174
-490.4 Q F1<77696c6c206265206d6163726f2070726f6365737365642e>2.5 E
-<51756575654469726563746f72793d>102 506.6 Q F3<646972>A F1 .583
-<5b515d205468652051756575654469726563746f7279206f7074696f6e2073657276>
-174 518.6 R .584<6573207477>-.15 F 3.084<6f70>-.1 G 3.084
-<7572706f7365732e2046697273742c>-3.084 F .584
-<69742073706563698c6573207468652064697265632d>3.084 F .483<746f7279206f
-7220736574206f66206469726563746f72696573207468617420636f6d70726973652074
-686520646566>174 530.6 R .482<61756c742071756575652067726f75702e>-.1 F
-.482<5365636f6e642c2069742073706563692d>5.482 F .104<8c6573207468652064
-69726563746f727920442077686963682069732074686520616e636573746f72206f6620
-616c6c207175657565206469726563746f726965732c20616e642077686963682073656e
-642d>174 542.6 R .721
-<6d61696c2075736573206173206974732063757272656e742077>174 554.6 R .721
-<6f726b696e67206469726563746f7279>-.1 F 5.721<2e57>-.65 G .721
-<68656e2073656e646d61696c2064756d707320636f72652c206974206c6561>-5.721 F
--.15<7665>-.2 G<73>.15 E 2.872<69747320636f7265208c6c657320696e20442e>
-174 566.6 R 2.873<546865726520617265207477>7.872 F 5.373<6f63>-.1 G
-5.373<617365732e204966>-5.373 F F3<646972>5.373 E F1 2.873
-<656e6473207769746820616e20617374657269736b202865>5.373 F<672c>-.15 E F3
-<2f7661722f73706f6f6c2f6d71756575652f71642a>174 578.6 Q F1 .253<292c2074
-68656e20616c6c206f6620746865206469726563746f72696573206f722073796d626f6c
-6963206c696e6b7320746f206469726563746f72696573>B<6265>174 590.6 Q .432
-<67696e6e696e672077697468206071642720696e>-.15 F F3
-<2f7661722f73706f6f6c2f6d7175657565>2.932 E F1 .433<77696c6c206265207573
-6564206173207175657565206469726563746f72696573206f6620746865>2.932 F
-<646566>174 602.6 Q .276<61756c742071756575652067726f75702c20616e64>-.1
-F F3<2f7661722f73706f6f6c2f6d7175657565>2.776 E F1 .275
-<77696c6c2062652075736564206173207468652077>2.776 F .275
-<6f726b696e67206469726563746f7279>-.1 F 2.82<442e204f74686572776973652c>
-174 614.6 R F3<646972>2.82 E F1 .32
-<6d757374206e616d652061206469726563746f72792028757375616c6c79>2.82 F F3
-<2f7661722f73706f6f6c2f6d7175657565>2.82 E F1 .32<293a2074686520646566>B
-<61756c74>-.1 E .545<71756575652067726f757020636f6e7369737473206f662074
-68652073696e676c65207175657565206469726563746f7279>174 626.6 R F3
-<646972>3.045 E F1 3.045<2c61>C .545<6e64207468652077>-3.045 F .545
-<6f726b696e67206469726563746f7279>-.1 F 2.5<4469>174 638.6 S 2.5<7373>
--2.5 G<657420746f>-2.5 E F3<646972>2.5 E F1 5.001<2e54>C 2.501<6f64>
--5.801 G .001<658c6e65206164646974696f6e616c2067726f757073206f6620717565
-7565206469726563746f726965732c207573652074686520636f6e8c677572612d>
--2.501 F .746<74696f6e208c6c652060512720636f6d6d616e642e>174 650.6 R
-.746<446f206e6f74206368616e676520746865207175657565206469726563746f7279
-20737472756374757265207768696c652073656e642d>5.746 F
-<6d61696c2069732072756e6e696e672e>174 662.6 Q .32 LW 76 678.8 72 678.8
-DL 80 678.8 76 678.8 DL 84 678.8 80 678.8 DL 88 678.8 84 678.8 DL 92
-678.8 88 678.8 DL 96 678.8 92 678.8 DL 100 678.8 96 678.8 DL 104 678.8
-100 678.8 DL 108 678.8 104 678.8 DL 112 678.8 108 678.8 DL 116 678.8 112
-678.8 DL 120 678.8 116 678.8 DL 124 678.8 120 678.8 DL 128 678.8 124
-678.8 DL 132 678.8 128 678.8 DL 136 678.8 132 678.8 DL 140 678.8 136
-678.8 DL 144 678.8 140 678.8 DL 148 678.8 144 678.8 DL 152 678.8 148
-678.8 DL 156 678.8 152 678.8 DL 160 678.8 156 678.8 DL 164 678.8 160
-678.8 DL 168 678.8 164 678.8 DL 172 678.8 168 678.8 DL 176 678.8 172
-678.8 DL 180 678.8 176 678.8 DL 184 678.8 180 678.8 DL 188 678.8 184
-678.8 DL 192 678.8 188 678.8 DL 196 678.8 192 678.8 DL 200 678.8 196
-678.8 DL 204 678.8 200 678.8 DL 208 678.8 204 678.8 DL 212 678.8 208
-678.8 DL 216 678.8 212 678.8 DL/F4 5/Times-Roman@0 SF<3230>93.6 689.2 Q
-/F5 8/Times-Roman@0 SF<4e2e422e3a20746865>3.2 I/F6 8/Times-Bold@0 SF
-<6e6f72>2 E<65636569707473>-.144 E F5<8d6167207475726e73206f66>2 E 2
-<6673>-.2 G<7570706f727420666f72205246432031383931202844656c69>-2 E -.12
-<7665>-.2 G<727920537461747573204e6f74698c636174696f6e292e>.12 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-74 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 1.476
+(which is doubled for each attempt.)174 96 R 1.476
+(The maximum retry time is limited by the)6.476 F(speci\214ed v)174 108
+Q(alue.)-.25 E(MinQueueAge=)102 124.2 Q/F2 10/Times-Italic@0 SF -.1(age)
+C F1 .887([no short name] Don')174 136.2 R 3.387(tp)-.18 G .887
+(rocess an)-3.387 F 3.387(yq)-.15 G .886(ueued jobs that ha)-3.387 F
+1.186 -.15(ve b)-.2 H .886(een in the queue less).15 F 1.899
+(than the indicated time interv)174 148.2 R 4.399(al. This)-.25 F 1.899
+(is intended to allo)4.399 F 4.399(wy)-.25 G 1.9(ou to get respon-)
+-4.399 F(si)174 160.2 Q -.15(ve)-.25 G .665
+(ness by processing the queue f).15 F .665
+(airly frequently without thrashing your system)-.1 F 1.91
+(by trying jobs too often.)174 172.2 R 1.91(The def)6.91 F 1.91
+(ault units are minutes.)-.1 F 1.91(Note: This option is)6.91 F 8.212
+(ignored for queue runs that select a subset of the queue, i.e.,)174
+184.2 R(\231\255q[!][I|R|S|Q][string]\232)174 196.2 Q(MustQuoteChars=)
+102 212.4 Q F2(s)A F1 1.252([no short name] Sets the list of characters\
+ that must be quoted if used in a full)174 224.4 R 1.217
+(name that is in the phrase part of a `)174 236.4 R 1.217
+(`phrase <address>')-.74 F 3.717('s)-.74 G 3.717(yntax. The)-3.717 F
+(def)3.717 E 1.217(ault is)-.1 F -.74(``)174 248.4 S<b42e>.74 E -.74('')
+-.7 G 6.605(.T).74 G 1.605(he characters `)-6.605 F(`@,;:\\\(\)[]')-.74
+E 4.106('a)-.74 G 1.606(re al)-4.106 F -.1(wa)-.1 G 1.606
+(ys added to this list.).1 F 1.606(Note: T)6.606 F 4.106(oa)-.8 G -.2
+(vo)-4.306 G(id).2 E
+(potential breakage of DKIM signatures it is useful to set)174 260.4 Q
+2.5(OM)214 276.6 S(ustQuoteChars=.)-2.5 E(Moreo)174 292.8 Q -.15(ve)-.15
+G .8 -.4(r, r).15 H(elax).4 E
+(ed header signing should be used for DKIM signatures.)-.15 E 7.85
+(NiceQueueRun [no)102 309 R 2.156
+(short name] The priority of queue runners \(nice\(3\)\).)4.656 F 2.156
+(This v)7.156 F 2.155(alue must be)-.25 F(greater or equal zero.)174 321
+Q(NoRecipientAction)102 337.2 Q .554([no short name] The action to tak)
+174 349.2 R 3.055(ew)-.1 G .555(hen you recei)-3.055 F .855 -.15(ve a m)
+-.25 H .555(essage that has no v).15 F(alid)-.25 E .625
+(recipient headers \(T)174 361.2 R .625(o:, Cc:, Bcc:, or Apparently-T)
+-.8 F .625(o: \212 the last included for back)-.8 F .108
+(compatibility with old)174 373.2 R F2(sendmail)2.608 E F1 2.608
+(s\). It)B .108(can be)2.608 F F0(None)2.608 E F1 .109
+(to pass the message on unmod-)2.609 F .297
+(i\214ed, which violates the protocol,)174 385.2 R F0(Add-T)2.796 E(o)
+-.92 E F1 .296(to add a T)2.796 F .296(o: header with an)-.8 F 2.796(yr)
+-.15 G(ecipients)-2.796 E 1.638(it can \214nd in the en)174 397.2 R -.15
+(ve)-.4 G 1.638(lope \(which might e).15 F 1.638
+(xpose Bcc: recipients\),)-.15 F F0(Add-A)4.139 E(ppar)-.25 E(-)-.37 E
+(ently-T)174 409.2 Q(o)-.92 E F1 .338(to add an Apparently-T)2.838 F
+.337(o: header \(this is only for back-compatibility and)-.8 F .841
+(is of)174 421.2 R .841(\214cially deprecated\),)-.25 F F0(Add-T)3.341 E
+(o-Undisclosed)-.92 E F1 .841(to add a header \231T)3.341 F .842
+(o: undisclosed-)-.8 F .398(recipients:;\232 to mak)174 433.2 R 2.898
+(et)-.1 G .397(he header le)-2.898 F -.05(ga)-.15 G 2.897(lw).05 G .397
+(ithout disclosing an)-2.897 F .397(ything, or)-.15 F F0(Add-Bcc)2.897 E
+F1(to)2.897 E(add an empty Bcc: header)174 445.2 Q(.)-.55 E 1.18
+(OldStyleHeaders [o])102 461.4 R 1.713(Assume that the headers may be i\
+n old format, i.e., spaces delimit names.)4.213 F 1.069
+(This actually turns on an adapti)174 473.4 R 1.368 -.15(ve a)-.25 H
+1.068(lgorithm: if an).15 F 3.568(yr)-.15 G 1.068
+(ecipient address contains a)-3.568 F 1.681
+(comma, parenthesis, or angle brack)174 485.4 R 1.681
+(et, it will be assumed that commas already)-.1 F -.15(ex)174 497.4 S
+2.825(ist. If).15 F .325
+(this \215ag is not on, only commas delimit names.)2.825 F .325
+(Headers are al)5.325 F -.1(wa)-.1 G .325(ys out-).1 F
+(put with commas between the names.)174 509.4 Q(Def)5 E(aults to of)-.1
+E(f.)-.25 E(OperatorChars=)102 525.6 Q F2 -.15(ch)C(arlist).15 E F1
+1.438([$o macro] The list of characters that are considered to be \231o\
+perators\232, that is,)174 537.6 R .82(characters that delimit tok)174
+549.6 R 3.32(ens. All)-.1 F .82(operator characters are tok)3.32 F .82
+(ens by themselv)-.1 F(es;)-.15 E .078
+(sequences of non-operator characters are also tok)174 561.6 R 2.578
+(ens. White)-.1 F .078(space characters sep-)2.578 F .27(arate tok)174
+573.6 R .27(ens b)-.1 F .269(ut are not tok)-.2 F .269(ens themselv)-.1
+F .269(es \212 for e)-.15 F .269(xample, \231)-.15 F .269
+(AAA.BBB\232 has three)-.8 F(tok)174 585.6 Q .433(ens, b)-.1 F .433
+(ut \231)-.2 F .433(AAA BBB\232 has tw)-.8 F 2.933(o. If)-.1 F .433
+(not set, OperatorChars def)2.933 F .433(aults to \231.)-.1 F 1.666
+(:@[])1.666 G<9a3b>-1.666 E(additionally)174 597.6 Q 3.566(,t)-.65 G
+1.066(he characters \231\()-3.566 F 1.666(\)<>,;)1.666 G 3.566<9a61>
+-1.666 G 1.066(re al)-3.566 F -.1(wa)-.1 G 1.065(ys operators.).1 F
+1.065(Note that Operator)6.065 F(-)-.2 E
+(Chars must be set in the con\214guration \214le before an)174 609.6 Q
+2.5(yr)-.15 G(ulesets.)-2.5 E(PidFile=)102 625.8 Q F2(\214lename)A F1
+1.3([no short name] Filename of the pid \214le.)3.58 F(\(def)6.3 E 1.3
+(ault is _P)-.1 F -1.11(AT)-.92 G(H_SENDMAILPID\).)1.11 E(The)174 637.8
+Q F2(\214lename)2.832 E F1 .332(is macro-e)2.832 F .332
+(xpanded before it is opened, and unlink)-.15 F .331(ed when)-.1 F F2
+(sendmail)2.831 E F1 -.15(ex)174 649.8 S(its.).15 E(PostmasterCop)102
+666 Q(y=)-.1 E F2(postmaster)A F1 .003
+([P] If set, copies of error messages will be sent to the named)174 678
+R F2(postmaster)2.504 E F1 5.004(.O)C .004(nly the)-5.004 F .687
+(header of the f)174 690 R .687(ailed message is sent.)-.1 F .687
+(Errors resulting from messages with a ne)5.687 F(g-)-.15 E(ati)174 702
+Q 1.83 -.15(ve p)-.25 H 1.53(recedence will not be sent.).15 F 1.531
+(Since most errors are user problems, this is)6.531 F .453
+(probably not a good idea on lar)174 714 R .453(ge sites, and ar)-.18 F
+.453(guably contains all sorts of pri)-.18 F -.25(va)-.25 G -.15(cy).25
+G 0 Cg EP
%%Page: 75 71
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3735>195.86 E
-/F1 10/Times-Roman@0 SF<517565756546>102 96 Q<6163746f723d>-.15 E/F2 10
-/Times-Italic@0 SF<666163746f72>A F1 .613<5b715d20557365>174 108 R F2
-<666163746f72>3.113 E F1 .613<617320746865206d756c7469706c69657220696e20
-746865206d61702066756e6374696f6e20746f20646563696465207768656e20746f206a
-757374207175657565>3.113 F .415
-<7570206a6f627320726174686572207468616e2072756e207468656d2e>174 120 R
-.415<546869732076>5.415 F .415<616c7565206973206469>-.25 F .415
-<76696465642062792074686520646966>-.25 F .415
-<666572656e6365206265747765656e20746865>-.25 F 1.003
-<63757272656e74206c6f61642061>174 132 R -.15<7665>-.2 G 1.003
-<7261676520616e6420746865206c6f61642061>.15 F -.15<7665>-.2 G 1.004
-<72616765206c696d69742028>.15 F F0<51756575654c41>A F1 1.004
-<6f7074696f6e2920746f2064657465726d696e65>3.504 F<746865206d6178696d756d
-206d657373616765207072696f7269747920746861742077696c6c2062652073656e742e>
-174 144 Q<446566>5 E<61756c747320746f203630303030302e>-.1 E
-<51756575654c413d>102 160.2 Q F2<4c41>A F1 1.087
-<5b785d205768656e207468652073797374656d206c6f61642061>15.26 F -.15<7665>
--.2 G 1.087<726167652065>.15 F<786365656473>-.15 E F2<4c41>3.587 E F1
-1.086<616e6420746865>3.587 F F0<517565756546>3.586 E<6163746f72>-.25 E
-F1<28>3.586 E F0<71>A F1 3.586<296f>C<7074696f6e>-3.586 E<6469>174 172.2
-Q 1.465<76696465642062792074686520646966>-.25 F 1.465
-<666572656e636520696e207468652063757272656e74206c6f61642061>-.25 F -.15
-<7665>-.2 G 1.465<7261676520616e6420746865>.15 F F0<51756575654c41>3.965
-E F1<6f7074696f6e>3.965 E .769<706c7573206f6e65206973206c65737320746861
-6e20746865207072696f72697479206f6620746865206d6573736167652c206a75737420
-7175657565206d657373616765732028692e652e2c20646f6e27>174 184.2 R<74>-.18
-E .247<74727920746f2073656e64207468656d292e>174 196.2 R<446566>5.247 E
-.247<61756c747320746f2038206d756c7469706c69656420627920746865206e756d62
-6572206f662070726f636573736f7273206f6e6c696e65206f6e>-.1 F<746865207379
-7374656d2028696620746861742063616e2062652064657465726d696e6564292e>174
-208.2 Q<517565756546696c654d6f64653d>102 224.4 Q F2<6d6f6465>A F1 .962
-<5b6e6f2073686f7274206e616d655d20446566>174 236.4 R .962<61756c74207065
-726d697373696f6e7320666f72207175657565208c6c657320286f6374616c292e>-.1 F
-.961<4966206e6f74207365742c2073656e646d61696c>5.961 F .212
-<75736573203036303020756e6c65737320697473207265616c20616e64206566>174
-248.4 R<6665637469>-.25 E .513 -.15<76652075>-.25 H .213
-<69642061726520646966>.15 F .213
-<666572656e7420696e2077686963682063617365206974207573657320303634342e>
--.25 F<5175657565536f72744f726465723d>102 264.6 Q F2<616c676f726974686d>
-A F1 .097<5b6e6f2073686f7274206e616d655d205365747320746865>174 276.6 R
-F2<616c676f726974686d>2.597 E F1 .096
-<7573656420666f7220736f7274696e67207468652071756575652e>2.597 F .096
-<4f6e6c7920746865208c7273742063686172>5.096 F<2d>-.2 E 1.021
-<6163746572206f66207468652076>174 288.6 R 1.021
-<616c756520697320757365642e>-.25 F<4c65>6.021 E -.05<6761>-.15 G 3.521
-<6c76>.05 G 1.021<616c756573206172652099686f73749a2028746f206f7264657220
-627920746865206e616d65206f6620746865>-3.771 F 1.73<8c72737420686f737420
-6e616d65206f6620746865208c72737420726563697069656e74292c20998c6c656e616d
-659a2028746f206f7264657220627920746865206e616d65206f6620746865>174 300.6
-R .283<7175657565208c6c65206e616d65292c209974696d659a2028746f206f726465
-7220627920746865207375626d697373696f6e2f6372656174696f6e2074696d65292c20
-9972616e646f6d9a2028746f>174 312.6 R .906<6f726465722072616e646f6d6c7929
-2c20996d6f64698c636174696f6e9a2028746f206f7264657220627920746865206d6f64
-698c636174696f6e2074696d65206f6620746865207166208c6c65>174 324.6 R 1.349
-<286f6c64657220656e7472696573208c72737429292c20996e6f6e659a2028746f206e
-6f74206f72646572292c20616e6420997072696f726974799a2028746f206f7264657220
-6279206d657373616765>174 336.6 R 2.528<7072696f72697479292e20486f7374>
-174 348.6 R .028<6f72646572696e67206d616b>2.528 F .028<6573206265747465
-7220757365206f662074686520636f6e6e656374696f6e2063616368652c2062>-.1 F
-.027<7574206d61792074656e6420746f>-.2 F .322<70726f63657373206c6f>174
-360.6 R 2.822<7770>-.25 G .322<72696f72697479206d6573736167657320746861
-7420676f20746f20612073696e676c6520686f7374206f>-2.822 F -.15<7665>-.15 G
-2.823<7268>.15 G .323<696768207072696f72697479206d65737361676573>-2.823
-F 1.825<7468617420676f20746f207365>174 372.6 R -.15<7665>-.25 G 1.825
-<72616c20686f7374733b2069742070726f6261626c792073686f756c646e27>.15 F
-4.325<7462>-.18 G 4.324<6575>-4.325 G 1.824<736564206f6e20736c6f>-4.324
-F 4.324<776e>-.25 G<657477>-4.324 E 1.824<6f726b206c696e6b732e>-.1 F
-.614<46696c656e616d6520616e64206d6f64698c636174696f6e2074696d65206f7264
-6572696e67207361>174 384.6 R -.15<7665>-.2 G 3.114<7374>.15 G .614
-<6865206f>-3.114 F -.15<7665>-.15 G .614
-<7268656164206f662072656164696e6720616c6c206f6620746865>.15 F .671<7175
-65756564206974656d73206265666f7265207374617274696e6720746865207175657565
-2072756e2e>174 396.6 R .671
-<4372656174696f6e20287375626d697373696f6e292074696d65206f72646572696e67>
-5.671 F 1.854<697320616c6d6f737420616c>174 408.6 R -.1<7761>-.1 G 1.854
-<797320612062616420696465612c2073696e636520697420616c6c6f>.1 F 1.854
-<7773206c6172>-.25 F 1.854<67652c2062>-.18 F 1.854
-<756c6b206d61696c20746f20676f206f7574206265666f7265>-.2 F
-<736d616c6c6572>174 420.6 Q 3.714<2c70>-.4 G 1.214
-<6572736f6e616c206d61696c2c2062>-3.714 F 1.214<7574206d6179206861>-.2 F
-1.513 -.15<76652061>-.2 H 1.213
-<70706c69636162696c697479206f6e20736f6d6520686f73747320776974682076>.15
-F 1.213<6572792066>-.15 F<617374>-.1 E 2.631
-<636f6e6e656374696f6e732e2052616e646f6d>174 432.6 R .131
-<69732075736566756c206966207365>2.631 F -.15<7665>-.25 G .132<72616c2071
-756575652072756e6e6572732061726520737461727465642062792068616e6420776869
-6368>.15 F .39<74727920746f20647261696e207468652073616d6520717565756520
-73696e6365206f6464732061726520746865>174 444.6 R 2.889<7977>-.15 G .389
-<696c6c2062652077>-2.889 F .389<6f726b696e67206f6e20646966>-.1 F .389
-<666572656e74207061727473>-.25 F
-<6f6620746865207175657565206174207468652073616d652074696d652e>174 456.6
-Q<5072696f72697479206f72646572696e672069732074686520646566>5 E
-<61756c742e>-.1 E<517565756554>102 472.8 Q<696d656f75743d>-.35 E F2
-<74696d656f7574>A F1 .355<5b545d20412073796e6f6e>174 484.8 R .355
-<796d20666f72209954>-.15 F 2.855
-<696d656f75742e717565756572657475726e9a2e20557365>-.35 F .356
-<7468617420666f726d20696e7374656164206f6620746865209951756575652d>2.855
-F -.35<5469>174 496.8 S<6d656f75749a20666f726d2e>.35 E 32.83
-<52616e6446696c65205b6e6f>102 513 R 1.036<73686f7274206e616d655d204e616d
-65206f66208c6c6520636f6e7461696e696e672072616e646f6d2064617461206f722074
-6865206e616d65206f662074686520554e4958>3.537 F<736f636b>174 525 Q 1.63
-<65742069662045474420697320757365642e>-.1 F 4.131<4128>6.631 G 1.631
-<726571756972656429207072658c78202265>-4.131 F 1.631
-<67643a22206f7220228c6c653a222073706563698c65732074686520747970652e>-.15
-F<5354>174 537 Q<4152>-.93 E 1.561<54544c532072657175697265732074686973
-208c6c656e616d652069662074686520636f6d70696c65208d6167204841535552414e44
-4f4d444556206973>-.6 F
-<6e6f742073657420287365652073656e646d61696c2f524541444d45292e>174 549 Q
-<5265736f6c76>102 565.2 Q<65724f7074696f6e733d>-.15 E F2<6f7074696f6e73>
-A F1 .127<5b495d20536574207265736f6c76>174 577.2 R .127
-<6572206f7074696f6e732e>-.15 F -1.11<5661>5.127 G .127
-<6c7565732063616e20626520736574207573696e67>1.11 F F0<2b>2.627 E F2
-<8d61>A<67>-.1 E F1 .127<616e6420636c6561726564207573696e67>2.627 F F0
-<ad>2.628 E F2<8d61>A<67>-.1 E F1 2.628<3b74>C<6865>-2.628 E F2<8d61>174
-589.2 Q<67>-.1 E F1 5.014<7363>C 2.514<616e2062652099646562>-5.014 F
-2.513<75679a2c209961616f6e6c799a2c2099757365>-.2 F 2.513<76639a2c209970
-72696d6172799a2c209969676e74639a2c2099726563757273659a2c20996465662d>
--.25 F 2.688<6e616d65739a2c2099737461796f70656e9a2c20997573655f696e6574
-369a2c206f722099646e737263689a2e>174 601.2 R 2.689
-<54686520737472696e67209948617357>7.689 F<696c64636172644d589a>-.4 E
-.283<28776974686f75742061>174 613.2 R F0<2b>2.783 E F1<6f72>2.783 E F0
-<ad>2.783 E F1 2.783<2963>C .283
-<616e2062652073706563698c656420746f207475726e206f66>-2.783 F 2.782<666d>
--.25 G .282<61746368696e67206167>-2.782 F .282
-<61696e7374204d58207265636f726473207768656e>-.05 F .89
-<646f696e67206e616d652063616e6f6e698c636174696f6e732e>174 625.2 R .89
-<54686520737472696e67209957>5.89 F<6f726b41726f756e6442726f6b>-.8 E .89
-<656e414141419a2028776974686f75742061>-.1 F F0<2b>174 637.2 Q F1<6f72>
-3.473 E F0<ad>3.473 E F1 3.473<2963>C .972
-<616e2062652073706563698c656420746f2077>-3.473 F .972
-<6f726b2061726f756e6420736f6d652062726f6b>-.1 F .972
-<656e206e616d6573657276>-.1 F .972<6572732077686963682072657475726e>-.15
-F<534552>174 649.2 Q<5646>-.8 E 1.001
-<41494c2028612074656d706f726172792066>-.74 F 1.001
-<61696c75726529206f6e20545f4141414120284950763629206c6f6f6b7570732e>-.1
-F 1.001<4e6f746963653a206974206d69676874>6.001 F<6265206e65636573736172
-7920746f206170706c79207468652073616d6520286f722073696d696c617229206f7074
-696f6e7320746f>174 661.2 Q F2<7375626d69742e6366>2.5 E F1<746f6f2e>2.5 E
--1.04<52657175697265734469726673796e63205b6e6f>102 677.4 R 2.782<73686f
-7274206e616d655d2054686973206f7074696f6e2063616e206265207573656420746f20
-6f>5.283 F -.15<7665>-.15 G 2.782
-<72726964652074686520636f6d70696c652074696d65208d6167>.15 F F0<524551>
-174 689.4 Q<55495245535f4449525f4653594e43>-.1 E F1 .871
-<61742072756e74696d652062792073657474696e6720697420746f>3.371 F/F3 9
-/Times-Roman@0 SF -.09<6661>3.372 G<6c7365>.09 E F1 5.872<2e49>C 3.372
-<6674>-5.872 G .872<686520636f6d70696c652074696d65>-3.372 F .018<8d6167
-206973206e6f74207365742c20746865206f7074696f6e2069732069676e6f7265642e>
-174 701.4 R .017<546865208d6167207475726e73206f6e20737570706f727420666f
-72208c6c652073797374656d732074686174>5.018 F .209
-<7265717569726520746f2063616c6c>174 713.4 R F2<6673796e632829>2.709 E F1
-.209<666f722061206469726563746f727920696620746865206d6574612d6461746120
-696e20697420686173206265656e206368616e6765642e>2.709 F<54686973>5.21 E
-.075<73686f756c64206265207475726e6564206f6e206174206c6561737420666f7220
-6f6c6465722076>174 725.4 R .074<657273696f6e73206f662052656973657246533b
-20697420697320656e61626c656420627920646566>-.15 F<61756c74>-.1 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-75)195.86 E/F1 10/Times-Roman@0 SF .1(violations, b)174 96 R
+.101(ut it seems to be popular with certain operating systems v)-.2 F
+2.601(endors. The)-.15 F 1.919(address is macro e)174 108 R 1.918
+(xpanded at the time of deli)-.15 F -.15(ve)-.25 G(ry).15 E 6.918(.D)
+-.65 G(ef)-6.918 E 1.918(aults to no postmaster)-.1 F(copies.)174 120 Q
+(Pri)102 136.2 Q -.25(va)-.25 G -.15(cy).25 G(Options=).15 E/F2 10
+/Times-Italic@0 SF(opt,opt,...)1.666 E F1 1.191([p] Set the pri)174
+148.2 R -.25(va)-.25 G -.15(cy).25 G F2(opt)3.841 E F1 3.691(ions. `)B
+(`Pri)-.74 E -.25(va)-.25 G -.15(cy).25 G 2.671 -.74('' i).15 H 3.692
+(sr).74 G 1.192(eally a misnomer; man)-3.692 F 3.692(yo)-.15 G 3.692(ft)
+-3.692 G 1.192(hese are)-3.692 F .929(just a w)174 160.2 R .928
+(ay of insisting on stricter adherence to the SMTP protocol.)-.1 F(The)
+5.928 E F2(opt)3.428 E F1(ions)A(can be selected from:)174 172.2 Q 56.37
+(public Allo)214 188.4 R 2.5(wo)-.25 G(pen access)-2.5 E 27.49
+(needmailhelo Insist)214 200.4 R(on HELO or EHLO command before MAIL)2.5
+E(neede)214 212.4 Q 25.98(xpnhelo Insist)-.15 F
+(on HELO or EHLO command before EXPN)2.5 E(noe)214 224.4 Q 52.08
+(xpn Disallo)-.15 F 2.5(wE)-.25 G(XPN entirely)-2.5 E 2.5(,i)-.65 G
+(mplies no)-2.5 E -.15(ve)-.15 G(rb).15 E(.)-.4 E 28.61
+(needvrfyhelo Insist)214 236.4 R(on HELO or EHLO command before VRFY)2.5
+E(no)214 248.4 Q 54.86(vrfy Disallo)-.15 F 2.5(wV)-.25 G(RFY entirely)
+-2.5 E 55.82(noetrn Disallo)214 260.4 R 2.5(wE)-.25 G(TRN entirely)-2.5
+E(no)214 272.4 Q -.15(ve)-.15 G 53.9(rb Disallo).15 F 2.5(wV)-.25 G
+(ERB entirely)-2.5 E 30.82(restrictmailq Restrict)214 284.4 R
+(mailq command)2.5 E 35.27(restrictqrun Restrict)214 296.4 R
+(\255q command line \215ag)2.5 E(restricte)214 308.4 Q 24.87
+(xpand Restrict)-.15 F<ad62>2.5 E 2.5(va)-.15 G
+(nd \255v command line \215ags)-2.5 E 40.27(noreceipts Don')214 322.4 R
+2.5(tr)-.18 G(eturn success DSNs)-2.5 E/F3 7/Times-Roman@0 SF(20)-4 I F1
+27.49(nobodyreturn Don')214 334.4 R 2.5(tr)-.18 G
+(eturn the body of a message with DSNs)-2.5 E(goa)214 346.4 Q -.1(wa)
+-.15 G 53.02(yD).1 G(isallo)-53.02 E 2.5(we)-.25 G
+(ssentially all SMTP status queries)-2.5 E(authw)214 358.4 Q 27.59
+(arnings Put)-.1 F(X-Authentication-W)2.5 E(arning: headers in messages)
+-.8 E(and log w)297.87 370.4 Q(arnings)-.1 E 12.5
+(noactualrecipient Don')214 382.4 R 2.5(tp)-.18 G
+(ut X-Actual-Recipient lines in DSNs)-2.5 E(which re)297.87 394.4 Q -.15
+(ve)-.25 G(al the actual account that addresses map to.).15 E 2.976
+(The \231goa)174 410.6 R -.1(wa)-.15 G 2.976
+(y\232 pseudo-\215ag sets all \215ags e).1 F 2.977
+(xcept \231noreceipts\232, \231restrictmailq\232,)-.15 F 4.558
+(\231restrictqrun\232, \231restricte)174 422.6 R 4.557
+(xpand\232, \231noetrn\232, and \231nobodyreturn\232.)-.15 F 4.557
+(If mailq is)9.557 F 1.842(restricted, only people in the same group as\
+ the queue directory can print the)174 434.6 R 2.545(queue. If)174 446.6
+R .044(queue runs are restricted, only root and the o)2.545 F .044
+(wner of the queue directory)-.25 F 1.299(can run the queue.)174 458.6 R
+1.299(The \231restricte)6.299 F 1.299(xpand\232 pseudo-\215ag instructs)
+-.15 F F2(sendmail)3.799 E F1 1.299(to drop)3.799 F(pri)174 470.6 Q
+(vile)-.25 E 1.608(ges when the)-.15 F F0<ad62>4.108 E(v)-.15 E F1 1.608
+(option is gi)4.108 F -.15(ve)-.25 G 4.108(nb).15 G 4.108(yu)-4.108 G
+1.608(sers who are neither root nor the)-4.108 F -.35(Tr)174 482.6 S
+1.33(ustedUser so users cannot read pri).35 F -.25(va)-.25 G 1.33
+(te aliases, forw).25 F 1.33(ards, or :include: \214les.)-.1 F(It)6.33 E
+.634(will add the \231NonRootSafeAddr\232 to the \231DontBlameSendmail\
+\232 option to pre)174 494.6 R -.15(ve)-.25 G(nt).15 E .436
+(misleading unsafe address w)174 506.6 R 2.936(arnings. It)-.1 F .436
+(also o)2.936 F -.15(ve)-.15 G .436(rrides the).15 F F0<ad76>2.936 E F1
+(\(v)2.936 E .436(erbose\) command)-.15 F 1.293(line option to pre)174
+518.6 R -.15(ve)-.25 G 1.292(nt information leakage.).15 F 1.292
+(Authentication W)6.292 F 1.292(arnings add w)-.8 F(arn-)-.1 E .183
+(ings about v)174 530.6 R .183
+(arious conditions that may indicate attempts to spoof the mail system,)
+-.25 F(such as using a non-standard queue directory)174 542.6 Q(.)-.65 E
+(ProcessT)102 558.8 Q(itlePre\214x=)-.35 E F2(string)A F1 1.196
+([no short name] Pre\214x the process title sho)174 570.8 R 1.195
+(wn on 'ps' listings with)-.25 F F2(string)3.695 E F1 6.195(.T)C(he)
+-6.195 E F2(string)174 582.8 Q F1(will be macro processed.)2.5 E
+(QueueDirectory=)102 599 Q F2(dir)A F1 .583
+([Q] The QueueDirectory option serv)174 611 R .584(es tw)-.15 F 3.084
+(op)-.1 G 3.084(urposes. First,)-3.084 F .584(it speci\214es the direc-)
+3.084 F .483(tory or set of directories that comprise the def)174 623 R
+.482(ault queue group.)-.1 F .482(Second, it speci-)5.482 F .104(\214es\
+ the directory D which is the ancestor of all queue directories, and wh\
+ich send-)174 635 R .721(mail uses as its current w)174 647 R .721
+(orking directory)-.1 F 5.721(.W)-.65 G .721
+(hen sendmail dumps core, it lea)-5.721 F -.15(ve)-.2 G(s).15 E 2.872
+(its core \214les in D.)174 659 R 2.873(There are tw)7.872 F 5.373(oc)
+-.1 G 5.373(ases. If)-5.373 F F2(dir)5.373 E F1 2.873
+(ends with an asterisk \(e)5.373 F(g,)-.15 E F2(/var/spool/mqueue/qd*)
+174 671 Q F1 .253
+(\), then all of the directories or symbolic links to directories)B .32
+LW 76 680.6 72 680.6 DL 80 680.6 76 680.6 DL 84 680.6 80 680.6 DL 88
+680.6 84 680.6 DL 92 680.6 88 680.6 DL 96 680.6 92 680.6 DL 100 680.6 96
+680.6 DL 104 680.6 100 680.6 DL 108 680.6 104 680.6 DL 112 680.6 108
+680.6 DL 116 680.6 112 680.6 DL 120 680.6 116 680.6 DL 124 680.6 120
+680.6 DL 128 680.6 124 680.6 DL 132 680.6 128 680.6 DL 136 680.6 132
+680.6 DL 140 680.6 136 680.6 DL 144 680.6 140 680.6 DL 148 680.6 144
+680.6 DL 152 680.6 148 680.6 DL 156 680.6 152 680.6 DL 160 680.6 156
+680.6 DL 164 680.6 160 680.6 DL 168 680.6 164 680.6 DL 172 680.6 168
+680.6 DL 176 680.6 172 680.6 DL 180 680.6 176 680.6 DL 184 680.6 180
+680.6 DL 188 680.6 184 680.6 DL 192 680.6 188 680.6 DL 196 680.6 192
+680.6 DL 200 680.6 196 680.6 DL 204 680.6 200 680.6 DL 208 680.6 204
+680.6 DL 212 680.6 208 680.6 DL 216 680.6 212 680.6 DL/F4 5
+/Times-Roman@0 SF(20)93.6 691 Q/F5 8/Times-Roman@0 SF(N.B.: the)3.2 I/F6
+8/Times-Bold@0 SF(nor)2 E(eceipts)-.144 E F5(\215ag turns of)2 E 2(fs)
+-.2 G(upport for RFC 1891 \(Deli)-2 E -.12(ve)-.2 G
+(ry Status Noti\214cation\).).12 E 0 Cg EP
%%Page: 76 72
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d37362053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 1.45<666f72204c696e75782e>174 96 R 1.451<416363
-6f7264696e6720746f20736f6d6520696e666f726d6174696f6e2074686973208d616720
-6973206e6f74206e656564656420616e>6.45 F 1.451<796d6f726520666f72>-.15 F
--.1<6b65>174 108 S<726e656c20322e342e313620616e64206e65>.1 E<776572>-.25
-E<2e>-.55 E 10.61<527274496d706c69657344736e205b525d>102 124.2 R 1.52<49
-662074686973206f7074696f6e206973207365742c2061209952657475726e2d52656365
-6970742d54>4.02 F 1.52
-<6f3a9a2068656164657220636175736573207468652072657175657374206f662061>
--.8 F 1.02<44534e2c2077686963682069732073656e7420746f2074686520656e>174
-136.2 R -.15<7665>-.4 G 1.02<6c6f70652073656e64657220617320726571756972
-65642062792052464320313839312c206e6f7420746f20746865>.15 F
-<61646472657373206769>174 148.2 Q -.15<7665>-.25 G 2.5<6e69>.15 G 2.5
-<6e74>-2.5 G<686520686561646572>-2.5 E<2e>-.55 E<52756e4173557365723d>
-102 164.4 Q/F2 10/Times-Italic@0 SF<75736572>A F1 3.753
-<5b6e6f2073686f7274206e616d655d20546865>2.48 F F2<75736572>6.253 E F1
-3.752
-<706172616d65746572206d617920626520612075736572206e616d6520286c6f6f6b>
-6.252 F 3.752<656420757020696e>-.1 F F2<2f6574632f706173737764>174 176.4
-Q F1 3.045<296f>C -5.544 3.045<7261206e>-3.045 H .546
-<756d6572696320757365722069643b2065697468657220666f726d2063616e206861>
--3.045 F .846 -.15<76652099>-.2 H .546
-<3a67726f75709a20617474616368656420287768657265>.15 F .966
-<67726f75702063616e206265206e756d65726963206f722073796d626f6c6963292e>
-174 188.4 R .965
-<49662073657420746f2061206e6f6e2d7a65726f20286e6f6e2d726f6f74292076>
-5.965 F<616c75652c>-.25 E F2<73656e642d>3.465 E<6d61696c>174 202.4 Q F1
-.483<77696c6c206368616e676520746f207468697320757365722069642073686f7274
-6c792061667465722073746172747570>2.983 F/F3 7/Times-Roman@0 SF<3231>-4 I
-F1 5.484<2e54>4 K .484<6869732061>-5.484 F -.2<766f>-.2 G .484
-<6964732061206365727461696e20636c617373>.2 F 1.844
-<6f662073656375726974792070726f626c656d732e>174 214.4 R<486f>6.844 E
-<7765>-.25 E -.15<7665>-.25 G 2.644 -.4<722c2074>.15 H 1.844
-<686973206d65616e73207468617420616c6c20992e666f7277>.4 F 1.844
-<6172649a20616e6420993a696e636c7564653a9a>-.1 F 1.428<8c6c6573206d757374
-206265207265616461626c652062792074686520696e64696361746564>174 226.4 R
-F2<75736572>3.928 E F1 1.428
-<616e6420616c6c208c6c657320746f206265207772697474656e206d757374206265>
-3.928 F .043<7772697461626c65206279>174 238.4 R F2<75736572>2.543 E F1
-.042<416c736f2c20616c6c208c6c6520616e642070726f6772616d2064656c69>2.543
-F -.15<7665>-.25 G .042<726965732077696c6c206265206d61726b>.15 F .042
-<656420756e7361666520756e6c657373>-.1 F 2.101<746865206f7074696f6e>174
-250.4 R F0
-<446f6e74426c616d6553656e646d61696c3d4e6f6e526f6f745361666541646472>
-4.601 E F1 2.101<6973207365742c20696e207768696368206361736520746865>
-4.601 F<64656c69>174 262.4 Q -.15<7665>-.25 G .778
-<72792077696c6c20626520646f6e65206173>.15 F F2<75736572>3.278 E F1 5.778
-<2e49>C 3.277<7469>-5.778 G 3.277<7361>-3.277 G .777
-<6c736f20696e636f6d70617469626c65207769746820746865>-3.277 F F0
-<5361666546696c65456e>3.277 E<766972>-.4 E<6f6e2d>-.18 E<6d656e74>174
-274.4 Q F1 2.62<6f7074696f6e2e20496e>2.62 F .12<6f746865722077>2.62 F
-.121<6f7264732c206974206d6179206e6f742061637475616c6c7920616464206d7563
-6820746f207365637572697479206f6e20616e2061>-.1 F -.15<7665>-.2 G -.2
-<722d>.15 G .593<6167652073797374656d2c20616e64206d617920696e2066>174
-286.4 R .592<61637420646574726163742066726f6d20736563757269747920286265
-6361757365206f74686572208c6c65207065726d697373696f6e73>-.1 F 1.579
-<6d757374206265206c6f6f73656e6564292e>174 298.4 R<486f>6.579 E<7765>-.25
-E -.15<7665>-.25 G 2.379 -.4<722c2069>.15 H 4.079<7473>.4 G 1.579
-<686f756c642062652075736566756c206f6e208c7265>-4.079 F -.1<7761>-.25 G
-1.58<6c6c7320616e64206f7468657220706c61636573>.1 F
-<776865726520757365727320646f6e27>174 310.4 Q 2.5<7468>-.18 G -2.25 -.2
-<61762065>-2.5 H<6163636f756e747320616e642074686520616c6961736573208c6c
-652069732077656c6c20636f6e73747261696e65642e>2.7 E<526563697069656e7446>
-102 326.6 Q<6163746f723d>-.15 E F2<66616374>A F1 .638
-<5b795d2054686520696e64696361746564>174 338.6 R F2<66616374>3.137 E F1
-.637<6f7220697320616464656420746f20746865207072696f72697479202874687573>
-B F2<6c6f776572696e67>3.137 E F1 .637
-<746865207072696f72697479206f6620746865>3.137 F .23<6a6f622920666f722065
-61636820726563697069656e742c20692e652e2c20746869732076>174 350.6 R .231
-<616c75652070656e616c697a6573206a6f62732077697468206c6172>-.25 F .231
-<6765206e756d62657273206f66207265636970692d>-.18 F 2.5
-<656e74732e20446566>174 362.6 R<61756c747320746f2033303030302e>-.1 E
-<5265667573654c413d>102 378.8 Q F2<4c41>A F1 1.012
-<5b585d205768656e207468652073797374656d206c6f61642061>13.59 F -.15<7665>
--.2 G 1.012<726167652065>.15 F<786365656473>-.15 E F2<4c41>3.512 E F1
-3.512<2c72>C 1.011
-<656675736520696e636f6d696e6720534d545020636f6e6e65632d>-3.512 F 2.658
-<74696f6e732e20446566>174 390.8 R .158<61756c747320746f203132206d756c74
-69706c69656420627920746865206e756d626572206f662070726f636573736f7273206f
-6e6c696e65206f6e207468652073797374656d>-.1 F
-<28696620746861742063616e2062652064657465726d696e6564292e>174 402.8 Q
-<52656a6563744c6f67496e74657276>102 419 Q<616c3d>-.25 E F2
-<74696d656f7574>A F1 1.628
-<5b6e6f2073686f7274206e616d655d204c6f6720696e74657276>174 431 R 1.627<61
-6c207768656e207265667573696e6720636f6e6e656374696f6e7320666f722074686973
-206c6f6e672028646566>-.25 F<61756c743a>-.1 E<3368292e>174 443 Q
-<526574727946>102 459.2 Q<6163746f723d>-.15 E F2<66616374>A F1 .771
-<5b5a5d20546865>3.74 F F2<66616374>3.271 E F1 .771
-<6f7220697320616464656420746f20746865207072696f726974792065>B -.15<7665>
--.25 G .772<72792074696d652061206a6f622069732070726f6365737365642e>.15 F
-.772<546875732c2065616368>5.772 F .994<74696d652061206a6f62206973207072
-6f6365737365642c20697473207072696f726974792077696c6c20626520646563726561
-7365642062792074686520696e646963617465642076>174 471.2 R 3.493
-<616c75652e20496e>-.25 F 1.107<6d6f737420656e>174 483.2 R 1.107
-<7669726f6e6d656e747320746869732073686f756c6420626520706f73697469>-.4 F
--.15<7665>-.25 G 3.608<2c73>.15 G 1.108
-<696e636520686f73747320746861742061726520646f>-3.608 F 1.108
-<776e2061726520616c6c20746f6f>-.25 F<6f6674656e20646f>174 495.2 Q
-<776e20666f722061206c6f6e672074696d652e>-.25 E<446566>5 E
-<61756c747320746f2039303030302e>-.1 E<5361666546696c65456e>102 511.4 Q
-<7669726f6e6d656e743d>-.4 E F2<646972>A F1 .022<5b6e6f2073686f7274206e61
-6d655d2049662074686973206f7074696f6e206973207365742c>174 523.4 R F2
-<73656e646d61696c>2.521 E F1 .021<77696c6c20646f2061>2.521 F F2 -.15
-<6368>2.521 G -.45<726f>.15 G<6f74>.45 E F1 .021
-<2832292063616c6c20696e746f2074686520696e64692d>B<6361746564>174 535.4 Q
-F2<646972>2.832 E F1 .333<6563746f7279206265666f726520646f696e6720616e>B
-2.833<798c>-.15 G .333<6c65207772697465732e>-2.833 F .333<49662074686520
-8c6c65206e616d652073706563698c6564206279207468652075736572>5.333 F<6265>
-174 547.4 Q .588<67696e732077697468>-.15 F F2<646972>3.088 E F1 3.087
-<2c74>C .587<686174207061727469616c2070617468206e616d652077696c6c206265
-207374726970706564206f66>-3.087 F 3.087<6662>-.25 G .587
-<65666f72652077726974696e672c20736f2028666f72>-3.087 F -.15<6578>174
-559.4 S 2.224<616d706c652920696620746865205361666546696c65456e>.15 F
-2.224<7669726f6e6d656e742076>-.4 F 2.225<61726961626c652069732073657420
-746f20992f736166659a207468656e20616c6961736573206f66>-.25 F 1.557<992f73
-6166652f6c6f67732f8c6c659a20616e6420992f6c6f67732f8c6c659a2061637475616c
-6c7920696e646963617465207468652073616d65208c6c652e>174 571.4 R
-<4164646974696f6e616c6c79>6.556 E 4.056<2c69>-.65 G<66>-4.056 E
-<74686973206f7074696f6e206973207365742c>174 583.4 Q F2<73656e646d61696c>
-2.5 E F1<7265667573657320746f2064656c69>2.5 E -.15<7665>-.25 G 2.5<7274>
-.15 G 2.5<6f73>-2.5 G<796d626f6c6963206c696e6b732e>-2.5 E<5361>102 599.6
-Q -.15<7665>-.2 G 10.41<46726f6d4c696e65205b665d>.15 F<5361>4.492 E
-2.292 -.15<76652055>-.2 H 1.992<4e49582d7374796c65209946726f6d9a206c696e
-6573206174207468652066726f6e74206f6620686561646572732e>.15 F 1.993
-<4e6f726d616c6c7920746865>6.993 F 4.493<7961>-.15 G<7265>-4.493 E
-<617373756d656420726564756e64616e7420616e64206469736361726465642e>174
-611.6 Q .62<53656e644d696d654572726f7273205b6a5d>102 627.8 R .373<496620
-7365742c2073656e64206572726f72206d6573736167657320696e204d494d4520666f72
-6d6174202873656520524643203230343520616e6420524643203133343420666f72>
-2.874 F 2.914<64657461696c73292e204966>174 639.8 R<64697361626c65642c>
-2.914 E F2<73656e646d61696c>2.914 E F1 .415
-<77696c6c206e6f742072657475726e207468652044534e206b>2.914 F -.15<6579>
--.1 G -.1<776f>.15 G .415<726420696e20726573706f6e736520746f20616e>.1 F
-1.731<45484c4f20616e642077696c6c206e6f7420646f2044656c69>174 651.8 R
--.15<7665>-.25 G 1.731<727920537461747573204e6f74698c636174696f6e207072
-6f63657373696e672061732064657363726962656420696e>.15 F
-<52464320313839312e>174 663.8 Q .32 LW 76 678.8 72 678.8 DL 80 678.8 76
-678.8 DL 84 678.8 80 678.8 DL 88 678.8 84 678.8 DL 92 678.8 88 678.8 DL
-96 678.8 92 678.8 DL 100 678.8 96 678.8 DL 104 678.8 100 678.8 DL 108
-678.8 104 678.8 DL 112 678.8 108 678.8 DL 116 678.8 112 678.8 DL 120
-678.8 116 678.8 DL 124 678.8 120 678.8 DL 128 678.8 124 678.8 DL 132
-678.8 128 678.8 DL 136 678.8 132 678.8 DL 140 678.8 136 678.8 DL 144
-678.8 140 678.8 DL 148 678.8 144 678.8 DL 152 678.8 148 678.8 DL 156
-678.8 152 678.8 DL 160 678.8 156 678.8 DL 164 678.8 160 678.8 DL 168
-678.8 164 678.8 DL 172 678.8 168 678.8 DL 176 678.8 172 678.8 DL 180
-678.8 176 678.8 DL 184 678.8 180 678.8 DL 188 678.8 184 678.8 DL 192
-678.8 188 678.8 DL 196 678.8 192 678.8 DL 200 678.8 196 678.8 DL 204
-678.8 200 678.8 DL 208 678.8 204 678.8 DL 212 678.8 208 678.8 DL 216
-678.8 212 678.8 DL/F4 5/Times-Roman@0 SF<3231>93.6 689.2 Q/F5 8
-/Times-Roman@0 SF<5768656e2072756e6e696e672061732061206461656d6f6e2c2069
-74206368616e67657320746f207468697320757365722061667465722061636365707469
-6e67206120636f6e6e656374696f6e2062>3.2 I
-<7574206265666f72652072656164696e6720616e>-.16 E<79>-.12 E F3<534d5450>2
-E F5<636f6d6d616e64732e>2 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-76 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF(be)174 96
+Q .432(ginning with `qd' in)-.15 F/F2 10/Times-Italic@0 SF
+(/var/spool/mqueue)2.932 E F1 .433
+(will be used as queue directories of the)2.932 F(def)174 108 Q .276
+(ault queue group, and)-.1 F F2(/var/spool/mqueue)2.776 E F1 .275
+(will be used as the w)2.776 F .275(orking directory)-.1 F 2.82
+(D. Otherwise,)174 120 R F2(dir)2.82 E F1 .32
+(must name a directory \(usually)2.82 F F2(/var/spool/mqueue)2.82 E F1
+.32(\): the def)B(ault)-.1 E .545
+(queue group consists of the single queue directory)174 132 R F2(dir)
+3.045 E F1 3.045(,a)C .545(nd the w)-3.045 F .545(orking directory)-.1 F
+2.5(Di)174 144 S 2.5(ss)-2.5 G(et to)-2.5 E F2(dir)2.5 E F1 5.001(.T)C
+2.501(od)-5.801 G .001
+(e\214ne additional groups of queue directories, use the con\214gura-)
+-2.501 F .746(tion \214le `Q' command.)174 156 R .746
+(Do not change the queue directory structure while send-)5.746 F
+(mail is running.)174 168 Q(QueueF)102 184.2 Q(actor=)-.15 E F2(factor)A
+F1 .613([q] Use)174 196.2 R F2(factor)3.113 E F1 .613
+(as the multiplier in the map function to decide when to just queue)
+3.113 F .415(up jobs rather than run them.)174 208.2 R .415(This v)5.415
+F .415(alue is di)-.25 F .415(vided by the dif)-.25 F .415
+(ference between the)-.25 F 1.003(current load a)174 220.2 R -.15(ve)-.2
+G 1.003(rage and the load a).15 F -.15(ve)-.2 G 1.004(rage limit \().15
+F F0(QueueLA)A F1 1.004(option\) to determine)3.504 F
+(the maximum message priority that will be sent.)174 232.2 Q(Def)5 E
+(aults to 600000.)-.1 E(QueueLA=)102 248.4 Q F2(LA)A F1 1.087
+([x] When the system load a)15.26 F -.15(ve)-.2 G 1.087(rage e).15 F
+(xceeds)-.15 E F2(LA)3.587 E F1 1.086(and the)3.587 F F0(QueueF)3.586 E
+(actor)-.25 E F1(\()3.586 E F0(q)A F1 3.586(\)o)C(ption)-3.586 E(di)174
+260.4 Q 1.465(vided by the dif)-.25 F 1.465
+(ference in the current load a)-.25 F -.15(ve)-.2 G 1.465(rage and the)
+.15 F F0(QueueLA)3.965 E F1(option)3.965 E .769(plus one is less than t\
+he priority of the message, just queue messages \(i.e., don')174 272.4 R
+(t)-.18 E .247(try to send them\).)174 284.4 R(Def)5.247 E .247
+(aults to 8 multiplied by the number of processors online on)-.1 F
+(the system \(if that can be determined\).)174 296.4 Q(QueueFileMode=)
+102 312.6 Q F2(mode)A F1 .962([no short name] Def)174 324.6 R .962
+(ault permissions for queue \214les \(octal\).)-.1 F .961
+(If not set, sendmail)5.961 F .212(uses 0600 unless its real and ef)174
+336.6 R(fecti)-.25 E .513 -.15(ve u)-.25 H .213(id are dif).15 F .213
+(ferent in which case it uses 0644.)-.25 F(QueueSortOrder=)102 352.8 Q
+F2(algorithm)A F1 .097([no short name] Sets the)174 364.8 R F2
+(algorithm)2.597 E F1 .096(used for sorting the queue.)2.597 F .096
+(Only the \214rst char)5.096 F(-)-.2 E 1.021(acter of the v)174 376.8 R
+1.021(alue is used.)-.25 F(Le)6.021 E -.05(ga)-.15 G 3.521(lv).05 G
+1.021(alues are \231host\232 \(to order by the name of the)-3.771 F 1.73
+(\214rst host name of the \214rst recipient\), \231\214lename\232 \(to \
+order by the name of the)174 388.8 R .283(queue \214le name\), \231time\
+\232 \(to order by the submission/creation time\), \231random\232 \(to)
+174 400.8 R .906(order randomly\), \231modi\214cation\232 \(to order by\
+ the modi\214cation time of the qf \214le)174 412.8 R 1.349(\(older ent\
+ries \214rst\)\), \231none\232 \(to not order\), and \231priority\232 \
+\(to order by message)174 424.8 R 2.528(priority\). Host)174 436.8 R
+.028(ordering mak)2.528 F .028(es better use of the connection cache, b)
+-.1 F .027(ut may tend to)-.2 F .322(process lo)174 448.8 R 2.822(wp)
+-.25 G .322(riority messages that go to a single host o)-2.822 F -.15
+(ve)-.15 G 2.823(rh).15 G .323(igh priority messages)-2.823 F 1.825
+(that go to se)174 460.8 R -.15(ve)-.25 G 1.825
+(ral hosts; it probably shouldn').15 F 4.325(tb)-.18 G 4.324(eu)-4.325 G
+1.824(sed on slo)-4.324 F 4.324(wn)-.25 G(etw)-4.324 E 1.824(ork links.)
+-.1 F .614(Filename and modi\214cation time ordering sa)174 472.8 R -.15
+(ve)-.2 G 3.114(st).15 G .614(he o)-3.114 F -.15(ve)-.15 G .614
+(rhead of reading all of the).15 F .671
+(queued items before starting the queue run.)174 484.8 R .671
+(Creation \(submission\) time ordering)5.671 F 1.854(is almost al)174
+496.8 R -.1(wa)-.1 G 1.854(ys a bad idea, since it allo).1 F 1.854
+(ws lar)-.25 F 1.854(ge, b)-.18 F 1.854(ulk mail to go out before)-.2 F
+(smaller)174 508.8 Q 3.714(,p)-.4 G 1.214(ersonal mail, b)-3.714 F 1.214
+(ut may ha)-.2 F 1.513 -.15(ve a)-.2 H 1.213
+(pplicability on some hosts with v).15 F 1.213(ery f)-.15 F(ast)-.1 E
+2.631(connections. Random)174 520.8 R .131(is useful if se)2.631 F -.15
+(ve)-.25 G .132(ral queue runners are started by hand which).15 F .39
+(try to drain the same queue since odds are the)174 532.8 R 2.889(yw)
+-.15 G .389(ill be w)-2.889 F .389(orking on dif)-.1 F .389
+(ferent parts)-.25 F(of the queue at the same time.)174 544.8 Q
+(Priority ordering is the def)5 E(ault.)-.1 E(QueueT)102 561 Q(imeout=)
+-.35 E F2(timeout)A F1 .355([T] A synon)174 573 R .355(ym for \231T)-.15
+F 2.855(imeout.queuereturn\232. Use)-.35 F .356
+(that form instead of the \231Queue-)2.855 F -.35(Ti)174 585 S
+(meout\232 form.).35 E 32.83(RandFile [no)102 601.2 R 1.036(short name]\
+ Name of \214le containing random data or the name of the UNIX)3.537 F
+(sock)174 613.2 Q 1.63(et if EGD is used.)-.1 F 4.131(A\()6.631 G 1.631
+(required\) pre\214x "e)-4.131 F 1.631
+(gd:" or "\214le:" speci\214es the type.)-.15 F(ST)174 625.2 Q(AR)-.93 E
+1.561
+(TTLS requires this \214lename if the compile \215ag HASURANDOMDEV is)
+-.6 F(not set \(see sendmail/README\).)174 637.2 Q(Resolv)102 653.4 Q
+(erOptions=)-.15 E F2(options)A F1 .127([I] Set resolv)174 665.4 R .127
+(er options.)-.15 F -1.11(Va)5.127 G .127(lues can be set using)1.11 F
+F0(+)2.627 E F2<8d61>A(g)-.1 E F1 .127(and cleared using)2.627 F F0<ad>
+2.628 E F2<8d61>A(g)-.1 E F1 2.628(;t)C(he)-2.628 E F2<8d61>174 677.4 Q
+(g)-.1 E F1 5.014(sc)C 2.514(an be \231deb)-5.014 F 2.513
+(ug\232, \231aaonly\232, \231use)-.2 F 2.513
+(vc\232, \231primary\232, \231igntc\232, \231recurse\232, \231def-)-.25
+F 2.688
+(names\232, \231stayopen\232, \231use_inet6\232, or \231dnsrch\232.)174
+689.4 R 2.689(The string \231HasW)7.689 F(ildcardMX\232)-.4 E .283
+(\(without a)174 701.4 R F0(+)2.783 E F1(or)2.783 E F0<ad>2.783 E F1
+2.783(\)c)C .283(an be speci\214ed to turn of)-2.783 F 2.782(fm)-.25 G
+.282(atching ag)-2.782 F .282(ainst MX records when)-.05 F .89
+(doing name canoni\214cations.)174 713.4 R .89(The string \231W)5.89 F
+(orkAroundBrok)-.8 E .89(enAAAA\232 \(without a)-.1 F F0(+)174 725.4 Q
+F1(or)3.473 E F0<ad>3.473 E F1 3.473(\)c)C .972(an be speci\214ed to w)
+-3.473 F .972(ork around some brok)-.1 F .972(en nameserv)-.1 F .972
+(ers which return)-.15 F 0 Cg EP
%%Page: 77 73
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3737>195.86 E
-/F1 10/Times-Roman@0 SF<53657276>102 96 Q 10.77
-<65724365727446696c65205b6e6f>-.15 F .581<73686f7274206e616d655d2046696c
-6520636f6e7461696e696e67207468652063657274698c63617465206f66207468652073
-657276>3.08 F<6572>-.15 E 3.081<2c69>-.4 G .581
-<2e652e2c20746869732063657274698c63617465206973>-3.081 F
-<75736564207768656e2073656e646d61696c20616374732061732073657276>174 108
-Q<657220287573656420666f72205354>-.15 E<4152>-.93 E<54544c53292e>-.6 E
-<53657276>102 124.2 Q<65724b>-.15 E -.15<6579>-.25 G 11.73
-<46696c65205b6e6f>.15 F .543
-<73686f7274206e616d655d2046696c6520636f6e7461696e696e672074686520707269>
-3.043 F -.25<7661>-.25 G .542<7465206b>.25 F .842 -.15<65792062>-.1 H
-.542<656c6f6e67696e6720746f207468652073657276>.15 F .542
-<65722063657274698c63617465>-.15 F<287573656420666f72205354>174 136.2 Q
-<4152>-.93 E<54544c53292e>-.6 E<53657276>102 152.4 Q
-<657253534c4f7074696f6e73>-.15 E 3.348<4173>174 164.4 S .849<7061636520
-6f7220636f6d6d6120736570617261746564206c697374206f662053534c2072656c6174
-6564206f7074696f6e7320666f72207468652073657276>-3.348 F .849
-<657220736964652e>-.15 F<536565>5.849 E/F2 10/Times-Italic@0 SF
-<53534c5f4354585f7365745f6f7074696f6e73>174 176.4 Q F1 .961
-<28332920666f722061206c6973743b207468652061>B -.25<7661>-.2 G .961
-<696c61626c652076>.25 F .961
-<616c75657320646570656e64206f6e20746865204f70656e53534c>-.25 F -.15
-<7665>174 188.4 S 5.628<7273696f6e206167>.15 F 5.628
-<61696e7374207768696368>-.05 F F2<73656e646d61696c>8.129 E F1 5.629
-<697320636f6d70696c65642e>8.129 F 5.629<427920646566>10.629 F
-<61756c742c>-.1 E F2<53534c5f4f505f414c4c>8.129 E
-<2d53534c5f4f505f544c534558545f50>174 200.4 Q<414444494e47>-.9 E F1 .938
-<6172652075736564202869662074686f7365206f7074696f6e73206172652061>3.438
-F -.25<7661>-.2 G 3.437<696c61626c65292e204f7074696f6e73>.25 F .503<6361
-6e20626520636c65617265642062792070726563656564696e67207468656d2077697468
-2061206d696e7573207369676e2e>174 212.4 R .504
-<497420697320616c736f20706f737369626c6520746f20737065632d>5.503 F
-<696679206e756d65726963616c2076>174 224.4 Q<616c7565732c20652e672e2c>
--.25 E F0<2d307830303130>2.5 E F1<2e>A
-<5365727669636553776974636846696c653d>102 240.6 Q F2<8c6c656e616d65>A F1
-1.533<5b6e6f2073686f7274206e616d655d20496620796f757220686f7374206f706572
-6174696e672073797374656d206861732061207365727669636520737769746368206162
-737472616374696f6e>174 252.6 R .003<28652e672e2c202f6574632f6e7373776974
-63682e636f6e66206f6e20536f6c61726973206f72202f6574632f7376632e636f6e6620
-6f6e20556c7472697820616e6420444543204f53462f31292074686174>174 264.6 R
-.814<736572766963652077696c6c20626520636f6e73756c74656420616e6420746869
-73206f7074696f6e2069732069676e6f7265642e>174 276.6 R .814
-<4f74686572776973652c207468697320697320746865206e616d65>5.814 F 1.082
-<6f662061208c6c6520746861742070726f>174 288.6 R 1.082<766964657320746865
-206c697374206f66206d6574686f6473207573656420746f20696d706c656d656e742070
-6172746963756c61722073657276696365732e>-.15 F 1.069<5468652073796e746178
-206973206120736572696573206f66206c696e65732c2065616368206f66207768696368
-20697320612073657175656e6365206f662077>174 300.6 R 3.569
-<6f7264732e20546865>-.1 F<8c727374>3.569 E -.1<776f>174 312.6 S 1.363
-<7264206973207468652073657276696365206e616d652c20616e6420666f6c6c6f>.1 F
-1.363<77696e672077>-.25 F 1.364
-<6f7264732061726520736572766963652074797065732e>-.1 F 1.364
-<546865207365727669636573>6.364 F<74686174>174 324.6 Q F2
-<73656e646d61696c>4.11 E F1 1.61<636f6e73756c7473206469726563746c792061
-72652099616c69617365739a20616e642099686f7374732e>4.11 F 6.61<9a53>-.7 G
-1.61<6572766963652074797065732063616e206265>-6.61 F 1.754<99646e739a2c20
-996e69739a2c20996e6973706c75739a2c206f7220998c6c65739a202877697468207468
-65206361>174 336.6 R -.15<7665>-.2 G 1.755
-<617420746861742074686520617070726f70726961746520737570706f7274>.15 F
-.791<6d75737420626520636f6d70696c656420696e206265666f726520746865207365
-72766963652063616e206265207265666572656e636564292e>174 348.6 R .79
-<4966205365727669636553776974636846696c65>5.791 F .925
-<6973206e6f742073706563698c65642c20697420646566>174 360.6 R .925
-<61756c747320746f202f6574632f6d61696c2f736572766963652e7377697463682e>
--.1 F .925<49662074686174208c6c6520646f6573206e6f742065>5.925 F
-<786973742c>-.15 E<74686520646566>174 372.6 Q
-<61756c74207377697463682069733a>-.1 E 54.71<616c6961736573208c6c6573>214
-388.8 R 60.81<686f73747320646e73>214 400.8 R<6e6973208c6c6573>2.5 E
-<54686520646566>174 417 Q<61756c74208c6c6520697320992f6574632f6d61696c2f
-736572766963652e7377697463689a2e>-.1 E<5365>102 433.2 Q -.15<7665>-.25 G
-12.12<6e426974496e707574205b375d>.15 F .322
-<537472697020696e70757420746f207365>2.822 F -.15<7665>-.25 G 2.822<6e62>
-.15 G .321<69747320666f7220636f6d7061746962696c6974792077697468206f6c64
-2073797374656d732e>-2.822 F .321<546869732073686f756c646e27>5.321 F
-2.821<7462>-.18 G<65>-2.821 E<6e6563657373617279>174 445.2 Q<2e>-.65 E
-<5368617265644d656d6f72794b>102 461.4 Q -.15<6579>-.25 G .744
-<5b6e6f2073686f7274206e616d655d204b>174 473.4 R 1.044 -.15<65792074>-.25
-H 3.244<6f75>.15 G .745<736520666f7220736861726564206d656d6f7279207365>
--3.244 F .745
-<676d656e743b206966206e6f742073657420286f722030292c20736861726564>-.15 F
-1.16<6d656d6f72792077696c6c206e6f7420626520757365642e>174 485.4 R 1.159
-<49662073657420746f202d31>6.16 F F2<73656e646d61696c>3.659 E F1 1.159
-<63616e2073656c6563742061206b>3.659 F 1.459 -.15<65792069>-.1 H 1.159
-<7473656c662070726f>.15 F<7669646564>-.15 E .658<7468617420616c736f>174
-497.4 R F0<53686172>3.158 E<65644d656d6f72794b>-.18 E<657946696c65>-.25
-E F1 .658<6973207365742e>3.158 F .658<526571756972657320737570706f727420
-666f7220736861726564206d656d6f727920746f>5.658 F 1.413
-<626520636f6d70696c656420696e746f>174 509.4 R F2<73656e646d61696c>3.913
-E F1 6.413<2e49>C 3.912<6674>-6.413 G 1.412
-<686973206f7074696f6e206973207365742c>-3.912 F F2<73656e646d61696c>3.912
-E F1 1.412<63616e20736861726520736f6d652064617461>3.912 F .307
-<6265747765656e20646966>174 521.4 R .307
-<666572656e7420696e7374616e6365732e>-.25 F -.15<466f>5.307 G 2.807<7265>
-.15 G .308<78616d706c652c20746865206e756d626572206f6620656e747269657320
-696e20612071756575652064697265632d>-2.957 F .033
-<746f7279206f72207468652061>174 533.4 R -.25<7661>-.2 G .032
-<696c61626c6520737061636520696e2061208c6c652073797374656d2e>.25 F .032
-<5468697320616c6c6f>5.032 F .032<777320666f72206d6f7265206566>-.25 F
-.032<8c6369656e742070726f6772616d>-.25 F -.15<657865>174 545.4 S .09<63
-7574696f6e2c2073696e6365206f6e6c79206f6e652070726f63657373206e6565647320
-746f2075706461746520746865206461746120696e7374656164206f6620656163682069
-6e6469>.15 F<7669642d>-.25 E<75616c2070726f636573732067>174 557.4 Q<6174
-686572696e6720746865206461746120656163682074696d652069742069732072657175
-697265642e>-.05 E<5368617265644d656d6f72794b>102 573.6 Q -.15<6579>-.25
-G<46696c65>.15 E .087<5b6e6f2073686f7274206e616d655d204966>174 585.6 R
-F0<53686172>2.587 E<65644d656d6f72794b>-.18 E<6579>-.25 E F1 .086<697320
-73657420746f202d31207468656e20746865206175746f6d61746963616c6c792073656c
-6563746564>2.587 F<736861726564206d656d6f7279206b>174 597.6 Q .3 -.15
-<65792077>-.1 H
-<696c6c2062652073746f72656420696e207468652073706563698c6564208c6c652e>
-.15 E<53696e676c654c696e6546726f6d486561646572>102 613.8 Q .958<5b6e6f20
-73686f7274206e616d655d204966207365742c2046726f6d3a206c696e65732074686174
-206861>174 625.8 R 1.259 -.15<76652065>-.2 H .959<6d626564646564206e65>
-.15 F .959<776c696e65732061726520756e77726170706564>-.25 F .243
-<6f6e746f206f6e65206c696e652e>174 637.8 R .243<5468697320697320746f2067
-65742061726f756e64206120626f74636820696e204c6f747573204e6f74657320746861
-74206170706172656e746c792063616e6e6f74>5.243 F
-<756e6465727374616e64206c65>174 649.8 Q -.05<6761>-.15 G
-<6c6c792077726170706564205246432038323220686561646572732e>.05 E
-<53696e676c6554687265616444656c69>102 666 Q -.15<7665>-.25 G<7279>.15 E
-.333<5b6e6f2073686f7274206e616d655d204966207365742c206120636c69656e7420
-6d616368696e652077696c6c206e65>174 678 R -.15<7665>-.25 G 2.833<7274>.15
-G .334<727920746f206f70656e207477>-2.833 F 2.834<6f53>-.1 G .334
-<4d545020636f6e6e65632d>-2.834 F 1.712
-<74696f6e7320746f20612073696e676c652073657276>174 690 R 1.712
-<6572206d616368696e65206174207468652073616d652074696d652c2065>-.15 F
--.15<7665>-.25 G 4.211<6e69>.15 G 4.211<6e64>-4.211 G<6966>-4.211 E
-1.711<666572656e742070726f6365737365732e>-.25 F .952
-<546861742069732c20696620616e6f74686572>174 702 R F2<73656e646d61696c>
-3.452 E F1 .952<697320616c72656164792074616c6b696e6720746f20736f6d652068
-6f73742061206e65>3.452 F<77>-.25 E F2<73656e646d61696c>3.453 E F1
-<77696c6c>3.453 E 2.388
-<6e6f74206f70656e20616e6f7468657220636f6e6e656374696f6e2e>174 714 R
-2.387<546869732070726f7065727479206973206f66206d6978>7.387 F 2.387
-<65642076>-.15 F 2.387<616c75653b20616c74686f7567682074686973>-.25 F 0
-Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-77)195.86 E/F1 10/Times-Roman@0 SF(SER)174 96 Q(VF)-.8 E 1.001
+(AIL \(a temporary f)-.74 F 1.001(ailure\) on T_AAAA \(IPv6\) lookups.)
+-.1 F 1.001(Notice: it might)6.001 F
+(be necessary to apply the same \(or similar\) options to)174 108 Q/F2
+10/Times-Italic@0 SF(submit.cf)2.5 E F1(too.)2.5 E -1.04
+(RequiresDirfsync [no)102 124.2 R 2.782
+(short name] This option can be used to o)5.283 F -.15(ve)-.15 G 2.782
+(rride the compile time \215ag).15 F F0(REQ)174 136.2 Q(UIRES_DIR_FSYNC)
+-.1 E F1 .871(at runtime by setting it to)3.371 F/F3 9/Times-Roman@0 SF
+-.09(fa)3.372 G(lse).09 E F1 5.872(.I)C 3.372(ft)-5.872 G .872
+(he compile time)-3.372 F .018
+(\215ag is not set, the option is ignored.)174 148.2 R .017
+(The \215ag turns on support for \214le systems that)5.018 F .209
+(require to call)174 160.2 R F2(fsync\(\))2.709 E F1 .209
+(for a directory if the meta-data in it has been changed.)2.709 F(This)
+5.21 E .075(should be turned on at least for older v)174 172.2 R .074
+(ersions of ReiserFS; it is enabled by def)-.15 F(ault)-.1 E 1.45
+(for Linux.)174 184.2 R 1.451
+(According to some information this \215ag is not needed an)6.45 F 1.451
+(ymore for)-.15 F -.1(ke)174 196.2 S(rnel 2.4.16 and ne).1 E(wer)-.25 E
+(.)-.55 E 10.61(RrtImpliesDsn [R])102 212.4 R 1.52
+(If this option is set, a \231Return-Receipt-T)4.02 F 1.52
+(o:\232 header causes the request of a)-.8 F 1.02
+(DSN, which is sent to the en)174 224.4 R -.15(ve)-.4 G 1.02
+(lope sender as required by RFC 1891, not to the).15 F(address gi)174
+236.4 Q -.15(ve)-.25 G 2.5(ni).15 G 2.5(nt)-2.5 G(he header)-2.5 E(.)
+-.55 E(RunAsUser=)102 252.6 Q F2(user)A F1 3.753([no short name] The)
+2.48 F F2(user)6.253 E F1 3.752(parameter may be a user name \(look)
+6.252 F 3.752(ed up in)-.1 F F2(/etc/passwd)174 264.6 Q F1 3.045(\)o)C
+-5.544 3.045(ra n)-3.045 H .546(umeric user id; either form can ha)
+-3.045 F .846 -.15(ve \231)-.2 H .546(:group\232 attached \(where).15 F
+.966(group can be numeric or symbolic\).)174 276.6 R .965
+(If set to a non-zero \(non-root\) v)5.965 F(alue,)-.25 E F2(send-)3.465
+E(mail)174 290.6 Q F1 .483
+(will change to this user id shortly after startup)2.983 F/F4 7
+/Times-Roman@0 SF(21)-4 I F1 5.484(.T)4 K .484(his a)-5.484 F -.2(vo)-.2
+G .484(ids a certain class).2 F 1.844(of security problems.)174 302.6 R
+(Ho)6.844 E(we)-.25 E -.15(ve)-.25 G 2.644 -.4(r, t).15 H 1.844
+(his means that all \231.forw).4 F 1.844(ard\232 and \231:include:\232)
+-.1 F 1.428(\214les must be readable by the indicated)174 314.6 R F2
+(user)3.928 E F1 1.428(and all \214les to be written must be)3.928 F
+.043(writable by)174 326.6 R F2(user)2.543 E F1 .042
+(Also, all \214le and program deli)2.543 F -.15(ve)-.25 G .042
+(ries will be mark).15 F .042(ed unsafe unless)-.1 F 2.101(the option)
+174 338.6 R F0(DontBlameSendmail=NonRootSafeAddr)4.601 E F1 2.101
+(is set, in which case the)4.601 F(deli)174 350.6 Q -.15(ve)-.25 G .778
+(ry will be done as).15 F F2(user)3.278 E F1 5.778(.I)C 3.277(ti)-5.778
+G 3.277(sa)-3.277 G .777(lso incompatible with the)-3.277 F F0
+(SafeFileEn)3.277 E(vir)-.4 E(on-)-.18 E(ment)174 362.6 Q F1 2.62
+(option. In)2.62 F .12(other w)2.62 F .121
+(ords, it may not actually add much to security on an a)-.1 F -.15(ve)
+-.2 G -.2(r-).15 G .593(age system, and may in f)174 374.6 R .592
+(act detract from security \(because other \214le permissions)-.1 F
+1.579(must be loosened\).)174 386.6 R(Ho)6.579 E(we)-.25 E -.15(ve)-.25
+G 2.379 -.4(r, i).15 H 4.079(ts).4 G 1.579(hould be useful on \214re)
+-4.079 F -.1(wa)-.25 G 1.58(lls and other places).1 F(where users don')
+174 398.6 Q 2.5(th)-.18 G -2.25 -.2(av e)-2.5 H
+(accounts and the aliases \214le is well constrained.)2.7 E(RecipientF)
+102 414.8 Q(actor=)-.15 E F2(fact)A F1 .638([y] The indicated)174 426.8
+R F2(fact)3.137 E F1 .637(or is added to the priority \(thus)B F2
+(lowering)3.137 E F1 .637(the priority of the)3.137 F .23
+(job\) for each recipient, i.e., this v)174 438.8 R .231
+(alue penalizes jobs with lar)-.25 F .231(ge numbers of recipi-)-.18 F
+2.5(ents. Def)174 450.8 R(aults to 30000.)-.1 E(RefuseLA=)102 467 Q F2
+(LA)A F1 1.012([X] When the system load a)13.59 F -.15(ve)-.2 G 1.012
+(rage e).15 F(xceeds)-.15 E F2(LA)3.512 E F1 3.512(,r)C 1.011
+(efuse incoming SMTP connec-)-3.512 F 2.658(tions. Def)174 479 R .158(a\
+ults to 12 multiplied by the number of processors online on the system)
+-.1 F(\(if that can be determined\).)174 491 Q(RejectLogInterv)102 507.2
+Q(al=)-.25 E F2(timeout)A F1 1.628([no short name] Log interv)174 519.2
+R 1.627(al when refusing connections for this long \(def)-.25 F(ault:)
+-.1 E(3h\).)174 531.2 Q(RetryF)102 547.4 Q(actor=)-.15 E F2(fact)A F1
+.771([Z] The)3.74 F F2(fact)3.271 E F1 .771
+(or is added to the priority e)B -.15(ve)-.25 G .772
+(ry time a job is processed.).15 F .772(Thus, each)5.772 F .994(time a \
+job is processed, its priority will be decreased by the indicated v)174
+559.4 R 3.493(alue. In)-.25 F 1.107(most en)174 571.4 R 1.107
+(vironments this should be positi)-.4 F -.15(ve)-.25 G 3.608(,s).15 G
+1.108(ince hosts that are do)-3.608 F 1.108(wn are all too)-.25 F
+(often do)174 583.4 Q(wn for a long time.)-.25 E(Def)5 E
+(aults to 90000.)-.1 E(SafeFileEn)102 599.6 Q(vironment=)-.4 E F2(dir)A
+F1 .022([no short name] If this option is set,)174 611.6 R F2(sendmail)
+2.521 E F1 .021(will do a)2.521 F F2 -.15(ch)2.521 G -.45(ro).15 G(ot)
+.45 E F1 .021(\(2\) call into the indi-)B(cated)174 623.6 Q F2(dir)2.832
+E F1 .333(ectory before doing an)B 2.833<798c>-.15 G .333(le writes.)
+-2.833 F .333(If the \214le name speci\214ed by the user)5.333 F(be)174
+635.6 Q .588(gins with)-.15 F F2(dir)3.088 E F1 3.087(,t)C .587
+(hat partial path name will be stripped of)-3.087 F 3.087(fb)-.25 G .587
+(efore writing, so \(for)-3.087 F -.15(ex)174 647.6 S 2.224
+(ample\) if the SafeFileEn).15 F 2.224(vironment v)-.4 F 2.225
+(ariable is set to \231/safe\232 then aliases of)-.25 F 1.557(\231/safe\
+/logs/\214le\232 and \231/logs/\214le\232 actually indicate the same \
+\214le.)174 659.6 R(Additionally)6.556 E 4.056(,i)-.65 G(f)-4.056 E
+(this option is set,)174 671.6 Q F2(sendmail)2.5 E F1(refuses to deli)
+2.5 E -.15(ve)-.25 G 2.5(rt).15 G 2.5(os)-2.5 G(ymbolic links.)-2.5 E
+.32 LW 76 681.2 72 681.2 DL 80 681.2 76 681.2 DL 84 681.2 80 681.2 DL 88
+681.2 84 681.2 DL 92 681.2 88 681.2 DL 96 681.2 92 681.2 DL 100 681.2 96
+681.2 DL 104 681.2 100 681.2 DL 108 681.2 104 681.2 DL 112 681.2 108
+681.2 DL 116 681.2 112 681.2 DL 120 681.2 116 681.2 DL 124 681.2 120
+681.2 DL 128 681.2 124 681.2 DL 132 681.2 128 681.2 DL 136 681.2 132
+681.2 DL 140 681.2 136 681.2 DL 144 681.2 140 681.2 DL 148 681.2 144
+681.2 DL 152 681.2 148 681.2 DL 156 681.2 152 681.2 DL 160 681.2 156
+681.2 DL 164 681.2 160 681.2 DL 168 681.2 164 681.2 DL 172 681.2 168
+681.2 DL 176 681.2 172 681.2 DL 180 681.2 176 681.2 DL 184 681.2 180
+681.2 DL 188 681.2 184 681.2 DL 192 681.2 188 681.2 DL 196 681.2 192
+681.2 DL 200 681.2 196 681.2 DL 204 681.2 200 681.2 DL 208 681.2 204
+681.2 DL 212 681.2 208 681.2 DL 216 681.2 212 681.2 DL/F5 5
+/Times-Roman@0 SF(21)93.6 691.6 Q/F6 8/Times-Roman@0 SF(When running as\
+ a daemon, it changes to this user after accepting a connection b)3.2 I
+(ut before reading an)-.16 E(y)-.12 E F4(SMTP)2 E F6(commands.)2 E 0 Cg
+EP
%%Page: 78 74
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d37382053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .386<7265647563657320746865206c6f6164206f6e2074
-6865206f74686572206d616368696e652c2069742063616e206361757365206d61696c20
-746f2062652064656c617965642028666f722065>174 96 R<78616d2d>-.15 E .719
-<706c652c206966206f6e65>174 108 R/F2 10/Times-Italic@0 SF
-<73656e646d61696c>3.219 E F1 .719<69732064656c69>3.219 F -.15<7665>-.25
-G .718<72696e6720612068756765206d6573736167652c206f74686572>.15 F F2
-<73656e646d61696c>3.218 E F1 3.218<7377>C<6f6e27>-3.318 E 3.218<7462>
--.18 G 3.218<6561>-3.218 G<626c65>-3.218 E 1.542<746f2073656e642065>174
-120 R -.15<7665>-.25 G 4.042<6e73>.15 G 1.542
-<6d616c6c206d65737361676573292e>-4.042 F 1.543<416c736f2c20697420726571
-756972657320616e6f74686572208c6c652064657363726970746f722028666f72207468
-65>6.542 F .997<6c6f636b208c6c65292070657220636f6e6e656374696f6e2c20736f
-20796f75206d6179206861>174 132 R 1.296 -.15<76652074>-.2 H 3.496<6f72>
-.15 G .996<656475636520746865>-3.496 F F0
-<436f6e6e656374696f6e436163686553697a65>3.496 E F1 .234
-<6f7074696f6e20746f2061>174 144 R -.2<766f>-.2 G .234
-<69642072756e6e696e67206f7574206f6620706572>.2 F .235
-<2d70726f63657373208c6c652064657363726970746f72732e>-.2 F .235
-<526571756972657320746865>5.235 F F0<486f73745374612d>2.735 E
-<747573446972>174 156 Q<6563746f7279>-.18 E F1<6f7074696f6e2e>2.5 E
-<536d74704772656574696e674d6573736167653d>102 172.2 Q F2<6d65737361>A
--.1<6765>-.1 G F1 .345<5b2465206d6163726f5d20546865206d6573736167652070
-72696e746564207768656e2074686520534d54502073657276>174 184.2 R .344
-<6572207374617274732075702e>-.15 F<446566>5.344 E .344
-<61756c747320746f2099246a>-.1 F
-<53656e646d61696c2024762072656164792061742024629a2e>174 196.2 Q 22.28
-<536f6674426f756e6365204966>102 212.4 R .092<7365742c206973737565207465
-6d706f72617279206572726f727320283478792920696e7374656164206f66207065726d
-616e656e74206572726f72732028357879292e>2.592 F .093
-<546869732063616e206265>5.093 F .127
-<75736566756c20647572696e672074657374696e67206f662061206e65>174 224.4 R
-2.627<7763>-.25 G .127<6f6e8c6775726174696f6e20746f2061>-2.627 F -.2
-<766f>-.2 G .126
-<6964206572726f6e656f757320626f756e63696e67206f66206d61696c732e>.2 F
-<53746174757346696c653d>102 240.6 Q F2<8c6c65>A F1 .523<5b535d204c6f6720
-73756d6d617279207374617469737469637320696e20746865206e616d6564>14.13 F
-F2<8c6c65>3.024 E F1 5.524<2e49>C 3.024<666e>-5.524 G 3.024<6f8c>-3.024
-G .524<6c65206e616d652069732073706563698c65642c20227374617469732d>-3.024
-F .548<746963732220697320757365642e>174 252.6 R .547<4966206e6f74207365
-742c206e6f2073756d6d617279207374617469737469637320617265207361>5.548 F
--.15<7665>-.2 G 3.047<642e2054686973>.15 F .547
-<8c6c6520646f6573206e6f742067726f>3.047 F<77>-.25 E<696e2073697a652e>174
-264.6 Q<49742063616e206265207072696e746564207573696e6720746865>5 E F2
-<6d61696c7374617473>2.5 E F1<2838292070726f6772616d2e>A 28.4
-<537570657253616665205b735d>102 280.8 R .364
-<54686973206f7074696f6e2063616e2062652073657420746f2054>2.864 F .364
-<7275652c2046>-.35 F .364<616c73652c20496e74657261637469>-.15 F -.15
-<7665>-.25 G 2.864<2c6f>.15 G 2.864<7250>-2.864 G<6f73744d696c746572>
--2.864 E 5.364<2e49>-.55 G 2.864<6673>-5.364 G .364<657420746f2054>
--2.864 F<7275652c>-.35 E F2<73656e646d61696c>174 292.8 Q F1 .117
-<77696c6c206265207375706572>2.617 F .116
-<2d73616665207768656e2072756e6e696e67207468696e67732c20692e652e2c20616c>
--.2 F -.1<7761>-.1 G .116
-<797320696e7374616e746961746520746865207175657565>.1 F .117
-<8c6c652c2065>174 304.8 R -.15<7665>-.25 G 2.617<6e69>.15 G 2.617<6679>
--2.617 G .117<6f752061726520676f696e6720746f20617474656d707420696d6d6564
-696174652064656c69>-2.617 F -.15<7665>-.25 G<7279>.15 E<2e>-.65 E F2
-<53656e646d61696c>5.118 E F1<616c>2.618 E -.1<7761>-.1 G .118
-<797320696e7374616e2d>.1 F .088<74696174657320746865207175657565208c6c65
-206265666f72652072657475726e696e6720636f6e74726f6c20746f2074686520636c69
-656e7420756e64657220616e>174 316.8 R 2.587<7963>-.15 G
-<697263756d7374616e6365732e>-2.587 E 1.299
-<546869732073686f756c64207265616c6c79>174 328.8 R F2<616c77617973>3.799
-E F1 1.299<62652073657420746f2054>3.799 F 3.799<7275652e20546865>-.35 F
-<496e74657261637469>3.799 E 1.599 -.15<76652076>-.25 H 1.3
-<616c756520686173206265656e20696e74726f2d>-.1 F .222<647563656420696e20
-382e313220616e642063616e206265207573656420746f6765746865722077697468>174
-340.8 R F0<44656c69>2.721 E -.1<7665>-.1 G<72794d6f64653d69>.1 E F1
-5.221<2e49>C 2.721<7473>-5.221 G .221<6b69707320736f6d652073796e2d>
--2.721 F 1.532
-<6368726f6e697a6174696f6e2063616c6c7320776869636820617265206566>174
-352.8 R<6665637469>-.25 E -.15<7665>-.25 G 1.533
-<6c7920646f75626c656420696e2074686520636f64652065>.15 F -.15<7865>-.15 G
-1.533<637574696f6e207061746820666f72>.15 F .336<74686973206d6f64652e>174
-364.8 R .336<49662073657420746f20506f73744d696c746572>5.336 F<2c>-.4 E
-F2<73656e646d61696c>2.836 E F1 .336<6465666572732073796e6368726f6e697a69
-6e6720746865207175657565208c6c6520756e74696c>2.836 F<616e>174 376.8 Q
-3.787<796d>-.15 G 1.287<696c74657273206861>-3.787 F 1.587 -.15<76652073>
--.2 H 1.287
-<69676e616c656420616363657074616e6365206f6620746865206d6573736167652e>
-.15 F 1.288<506f73744d696c7465722069732075736566756c206f6e6c79>6.287 F
-<7768656e>174 388.8 Q F2<73656e646d61696c>3.822 E F1 1.322
-<69732072756e6e696e6720617320616e20534d54502073657276>3.822 F 1.321<6572
-3b20696e20616c6c206f7468657220736974756174696f6e732069742061637473207468
-65>-.15 F<73616d652061732054>174 400.8 Q<7275652e>-.35 E 6.16
-<544c535372764f7074696f6e73205b6e6f>102 417 R .238<73686f7274206e616d65
-5d204c697374206f66206f7074696f6e7320666f7220534d5450205354>2.737 F<4152>
--.93 E .238<54544c5320666f72207468652073657276>-.6 F .238
-<657220636f6e73697374696e67206f66>-.15 F .18
-<73696e676c652063686172616374657273207769746820696e74657276>174 429 R
-.18<656e696e67207768697465207370616365206f7220636f6d6d61732e>-.15 F .18
-<546865208d61672060>5.18 F<605627>-.74 E 2.68<2764>-.74 G
-<697361626c6573>-2.68 E .51<636c69656e742076>174 441 R .511<6572698c6361
-74696f6e2c20616e642068656e6365206974206973206e6f7420706f737369626c652074
-6f20757365206120636c69656e742063657274698c6361746520666f722072656c61792d>
--.15 F 3.919<696e672e20546865>174 453 R 1.419<8d61672060>3.919 F<604327>
--.74 E 3.919<2772>-.74 G<656d6f>-3.919 E -.15<7665>-.15 G 3.919<7374>.15
-G 1.419<686520726571756972656d656e7420666f722074686520544c532073657276>
--3.919 F 1.418<657220746f206861>-.15 F 1.718 -.15<766520612063>-.2 H
-<6572742e>.15 E .386<54686973206f6e6c792077>174 465 R .386
-<6f726b7320756e6465722076>-.1 F .386<6572792073706563698c63206369726375
-6d7374616e63657320616e642073686f756c64206f6e6c79206265207573656420696620
-746865>-.15 F<636f6e73657175656e6365732061726520756e64657273746f6f642c20
-652e672e2c20636c69656e7473206d6179206e6f742077>174 477 Q
-<6f726b207769746820612073657276>-.1 E<6572207573696e6720746869732e>-.15
-E -.7<5465>102 493.2 S<6d7046696c654d6f64653d>.7 E F2<6d6f6465>A F1 .062
-<5b465d20546865208c6c65206d6f646520666f72207472616e736372697074208c6c65
-732c208c6c657320746f207768696368>174 505.2 R F2<73656e646d61696c>2.561 E
-F1<64656c69>2.561 E -.15<7665>-.25 G .061<7273206469726563746c79>.15 F
-2.561<2c8c>-.65 G<6c6573>-2.561 E .61<696e20746865>174 517.2 R F0
-<486f7374537461747573446972>3.11 E<6563746f7279>-.18 E F1 3.11<2c61>C
-<6e64>-3.11 E F0<53746174757346696c65>3.11 E F1 5.61<2e49>C 3.11<7469>
--5.61 G 3.11<7369>-3.11 G .61
-<6e74657270726574656420696e206f6374616c20627920646566>-3.11 F
-<61756c742e>-.1 E<446566>174 529.2 Q<61756c747320746f20303630302e>-.1 E
--.35<5469>102 545.4 S<6d656f75742e>.35 E F2<74797065>A F1<3d>A F2
-<74696d656f7574>1.666 E F1 .417<5b723b2073756273756d6573206f6c642054206f
-7074696f6e2061732077656c6c5d205365742074696d656f75742076>174 557.4 R
-2.917<616c7565732e2046>-.25 F .417
-<6f72206d6f726520696e666f726d6174696f6e2c20736565>-.15 F
-<73656374696f6e20342e312e>174 569.4 Q -.35<5469>102 585.6 S
-<6d655a6f6e65537065633d>.35 E F2<747a696e666f>A F1 .218
-<5b745d2053657420746865206c6f63616c2074696d65207a6f6e6520696e666f20746f>
-174 597.6 R F2<747a696e666f>2.718 E F1 2.718<8a66>2.718 G .218<6f722065>
--2.718 F .218<78616d706c652c2099505354385044549a2e>-.15 F
-<41637475616c6c79>5.218 E 2.718<2c69>-.65 G<66>-2.718 E 1.346
-<74686973206973206e6f74207365742c2074686520545a20656e>174 609.6 R 1.346
-<7669726f6e6d656e742076>-.4 F 1.346<61726961626c6520697320636c6561726564
-2028736f207468652073797374656d20646566>-.25 F 1.345<61756c74206973>-.1 F
-.208<75736564293b206966207365742062>174 621.6 R .208
-<7574206e756c6c2c20746865207573657227>-.2 F 2.708<7354>-.55 G 2.708
-<5a76>-2.708 G .208<61726961626c6520697320757365642c20616e64206966207365
-7420616e64206e6f6e2d6e756c6c2074686520545a>-2.958 F -.25<7661>174 633.6
-S<726961626c652069732073657420746f20746869732076>.25 E<616c75652e>-.25 E
--.35<5472>102 649.8 S<7573746564557365723d>.35 E F2<75736572>A F1 3.753
-<5b6e6f2073686f7274206e616d655d20546865>.06 F F2<75736572>6.253 E F1
-3.752
-<706172616d65746572206d617920626520612075736572206e616d6520286c6f6f6b>
-6.252 F 3.752<656420757020696e>-.1 F F2<2f6574632f706173737764>174 661.8
-Q F1 2.742<296f>C 2.742<72616e>-2.742 G .242
-<756d6572696320757365722069642e>-2.742 F -.35<5472>5.242 G .242
-<7573746564207573657220666f72208c6c65206f>.35 F .243
-<776e65727368697020616e64207374617274696e6720746865>-.25 F 3.78
-<6461656d6f6e2e204966>174 673.8 R 1.279<7365742c2067656e6572617465642061
-6c6961732064617461626173657320616e642074686520636f6e74726f6c20736f636b>
-3.779 F 1.279<65742028696620636f6e8c677572656429>-.1 F
-<77696c6c206175746f6d61746963616c6c79206265206f>174 685.8 Q
-<776e656420627920746869732075736572>-.25 E<2e>-.55 E -.35<5472>102 702 S
-5.96<794e756c6c4d584c697374205b775d>.35 F .114<496620746869732073797374
-656d206973207468652099626573749a2028746861742069732c206c6f>2.613 F .114
-<7765737420707265666572656e636529204d5820666f722061206769>-.25 F -.15
-<7665>-.25 G 2.614<6e68>.15 G .114<6f73742c20697473>-2.614 F 1.168<636f
-6e8c6775726174696f6e2072756c65732073686f756c64206e6f726d616c6c7920646574
-656374207468697320736974756174696f6e20616e64207472656174207468617420636f
-6e646974696f6e>174 714 R 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-78 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF(Sa)102 96
+Q -.15(ve)-.2 G 10.41(FromLine [f]).15 F(Sa)4.492 E 2.292 -.15(ve U)-.2
+H 1.992(NIX-style \231From\232 lines at the front of headers.).15 F
+1.993(Normally the)6.993 F 4.493(ya)-.15 G(re)-4.493 E
+(assumed redundant and discarded.)174 108 Q .62(SendMimeErrors [j])102
+124.2 R .373(If set, send error messages in MIME format \(see RFC 2045 \
+and RFC 1344 for)2.874 F 2.914(details\). If)174 136.2 R(disabled,)2.914
+E/F2 10/Times-Italic@0 SF(sendmail)2.914 E F1 .415
+(will not return the DSN k)2.914 F -.15(ey)-.1 G -.1(wo).15 G .415
+(rd in response to an).1 F 1.731(EHLO and will not do Deli)174 148.2 R
+-.15(ve)-.25 G 1.731
+(ry Status Noti\214cation processing as described in).15 F(RFC 1891.)174
+160.2 Q(Serv)102 176.4 Q 10.77(erCertFile [no)-.15 F .581
+(short name] File containing the certi\214cate of the serv)3.08 F(er)
+-.15 E 3.081(,i)-.4 G .581(.e., this certi\214cate is)-3.081 F
+(used when sendmail acts as serv)174 188.4 Q(er \(used for ST)-.15 E(AR)
+-.93 E(TTLS\).)-.6 E(Serv)102 204.6 Q(erK)-.15 E -.15(ey)-.25 G 11.73
+(File [no).15 F .543(short name] File containing the pri)3.043 F -.25
+(va)-.25 G .542(te k).25 F .842 -.15(ey b)-.1 H .542
+(elonging to the serv).15 F .542(er certi\214cate)-.15 F(\(used for ST)
+174 216.6 Q(AR)-.93 E(TTLS\).)-.6 E(Serv)102 232.8 Q(erSSLOptions)-.15 E
+3.348(As)174 244.8 S .849
+(pace or comma separated list of SSL related options for the serv)-3.348
+F .849(er side.)-.15 F(See)5.849 E F2(SSL_CTX_set_options)174 256.8 Q F1
+.961(\(3\) for a list; the a)B -.25(va)-.2 G .961(ilable v).25 F .961
+(alues depend on the OpenSSL)-.25 F -.15(ve)174 268.8 S 5.628(rsion ag)
+.15 F 5.628(ainst which)-.05 F F2(sendmail)8.129 E F1 5.629
+(is compiled.)8.129 F 5.629(By def)10.629 F(ault,)-.1 E F2(SSL_OP_ALL)
+8.129 E(-SSL_OP_TLSEXT_P)174 280.8 Q(ADDING)-.9 E F1 .938
+(are used \(if those options are a)3.438 F -.25(va)-.2 G 3.437
+(ilable\). Options).25 F .28
+(can be cleared by preceding them with a minus sign.)174 292.8 R .281
+(It is also possible to specify)5.281 F(numerical v)174 304.8 Q
+(alues, e.g.,)-.25 E F0(-0x0010)2.5 E F1(.)A(ServiceSwitchFile=)102 321
+Q F2(\214lename)A F1 1.533([no short name] If your host operating syste\
+m has a service switch abstraction)174 333 R .003(\(e.g., /etc/nsswitch\
+.conf on Solaris or /etc/svc.conf on Ultrix and DEC OSF/1\) that)174 345
+R .814(service will be consulted and this option is ignored.)174 357 R
+.814(Otherwise, this is the name)5.814 F 1.082(of a \214le that pro)174
+369 R 1.082
+(vides the list of methods used to implement particular services.)-.15 F
+1.069(The syntax is a series of lines, each of which is a sequence of w)
+174 381 R 3.569(ords. The)-.1 F(\214rst)3.569 E -.1(wo)174 393 S 1.363
+(rd is the service name, and follo).1 F 1.363(wing w)-.25 F 1.364
+(ords are service types.)-.1 F 1.364(The services)6.364 F(that)174 405 Q
+F2(sendmail)4.11 E F1 1.61
+(consults directly are \231aliases\232 and \231hosts.)4.11 F 6.61<9a53>
+-.7 G 1.61(ervice types can be)-6.61 F 1.754(\231dns\232, \231nis\232, \
+\231nisplus\232, or \231\214les\232 \(with the ca)174 417 R -.15(ve)-.2
+G 1.755(at that the appropriate support).15 F .791
+(must be compiled in before the service can be referenced\).)174 429 R
+.79(If ServiceSwitchFile)5.791 F .925(is not speci\214ed, it def)174 441
+R .925(aults to /etc/mail/service.switch.)-.1 F .925
+(If that \214le does not e)5.925 F(xist,)-.15 E(the def)174 453 Q
+(ault switch is:)-.1 E 54.71(aliases \214les)214 469.2 R 60.81
+(hosts dns)214 481.2 R(nis \214les)2.5 E(The def)174 497.4 Q
+(ault \214le is \231/etc/mail/service.switch\232.)-.1 E(Se)102 513.6 Q
+-.15(ve)-.25 G 12.12(nBitInput [7]).15 F .322(Strip input to se)2.822 F
+-.15(ve)-.25 G 2.822(nb).15 G .321
+(its for compatibility with old systems.)-2.822 F .321(This shouldn')
+5.321 F 2.821(tb)-.18 G(e)-2.821 E(necessary)174 525.6 Q(.)-.65 E
+(SharedMemoryK)102 541.8 Q -.15(ey)-.25 G .744([no short name] K)174
+553.8 R 1.044 -.15(ey t)-.25 H 3.244(ou).15 G .745
+(se for shared memory se)-3.244 F .745
+(gment; if not set \(or 0\), shared)-.15 F 1.16
+(memory will not be used.)174 565.8 R 1.159(If set to -1)6.16 F F2
+(sendmail)3.659 E F1 1.159(can select a k)3.659 F 1.459 -.15(ey i)-.1 H
+1.159(tself pro).15 F(vided)-.15 E .658(that also)174 577.8 R F0(Shar)
+3.158 E(edMemoryK)-.18 E(eyFile)-.25 E F1 .658(is set.)3.158 F .658
+(Requires support for shared memory to)5.658 F 1.413(be compiled into)
+174 589.8 R F2(sendmail)3.913 E F1 6.413(.I)C 3.912(ft)-6.413 G 1.412
+(his option is set,)-3.912 F F2(sendmail)3.912 E F1 1.412
+(can share some data)3.912 F .307(between dif)174 601.8 R .307
+(ferent instances.)-.25 F -.15(Fo)5.307 G 2.807(re).15 G .308
+(xample, the number of entries in a queue direc-)-2.957 F .033
+(tory or the a)174 613.8 R -.25(va)-.2 G .032
+(ilable space in a \214le system.).25 F .032(This allo)5.032 F .032
+(ws for more ef)-.25 F .032(\214cient program)-.25 F -.15(exe)174 625.8
+S .09(cution, since only one process needs to update the data instead o\
+f each indi).15 F(vid-)-.25 E(ual process g)174 637.8 Q
+(athering the data each time it is required.)-.05 E(SharedMemoryK)102
+654 Q -.15(ey)-.25 G(File).15 E .087([no short name] If)174 666 R F0
+(Shar)2.587 E(edMemoryK)-.18 E(ey)-.25 E F1 .086
+(is set to -1 then the automatically selected)2.587 F(shared memory k)
+174 678 Q .3 -.15(ey w)-.1 H(ill be stored in the speci\214ed \214le.)
+.15 E(SingleLineFromHeader)102 694.2 Q .958
+([no short name] If set, From: lines that ha)174 706.2 R 1.259 -.15
+(ve e)-.2 H .959(mbedded ne).15 F .959(wlines are unwrapped)-.25 F .243
+(onto one line.)174 718.2 R .243
+(This is to get around a botch in Lotus Notes that apparently cannot)
+5.243 F 0 Cg EP
%%Page: 79 75
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3739>195.86 E
-/F1 10/Times-Roman@0 SF .257<7370656369616c6c7920627920666f7277>174 96 R
-.258<617264696e6720746865206d61696c20746f2061205555435020666565642c2074
-72656174696e67206974206173206c6f63616c2c206f72207768617465>-.1 F -.15
-<7665>-.25 G -.55<722e>.15 G<486f>174 108 Q<7765>-.25 E -.15<7665>-.25 G
-1.686 -.4<722c2069>.15 H 3.386<6e73>.4 G .886
-<6f6d6520636173657320287375636820617320496e7465726e6574208c7265>-3.386 F
--.1<7761>-.25 G .886<6c6c732920796f75206d61792077>.1 F .885
-<616e7420746f2074727920746f20636f6e2d>-.1 F .07<6e656374206469726563746c
-7920746f207468617420686f73742061732074686f75676820697420686164206e6f204d
-58207265636f72647320617420616c6c2e>174 120 R .07
-<53657474696e672074686973206f7074696f6e>5.07 F<636175736573>174 132 Q/F2
-10/Times-Italic@0 SF<73656e646d61696c>3.014 E F1 .514
-<746f2074727920746869732e>3.014 F .514<54686520646f>5.514 F .514<776e73
-6964652069732074686174206572726f727320696e20796f757220636f6e8c6775726174
-696f6e20617265>-.25 F<6c696b>174 144 Q 2.116
-<656c7920746f20626520646961676e6f7365642061732099686f737420756e6b6e6f>
--.1 F 2.116<776e9a206f7220996d6573736167652074696d6564206f75749a20696e73
-74656164206f66>-.25 F
-<736f6d657468696e67206d6f7265206d65616e696e6766756c2e>174 156 Q
-<54686973206f7074696f6e206973206469737265636f6d6d656e6465642e>5 E
-<556e697846726f6d4c696e653d>102 172.2 Q F2<6672>A<6f6d6c696e65>-.45 E F1
-.236<5b246c206d6163726f5d2044658c6e65732074686520666f726d61742075736564
-207768656e>174 184.2 R F2<73656e646d61696c>2.736 E F1 .236
-<6d75737420616464206120554e49582d7374796c652046726f6d5f>2.736 F 1.324
-<6c696e652028746861742069732c2061206c696e65206265>174 196.2 R 1.325
-<67696e6e696e67209946726f6d3c73706163653e757365729a292e>-.15 F<446566>
-6.325 E 1.325<61756c747320746f209946726f6d202467>-.1 F<24649a2e>6.325 E
-<446f6e27>174 208.2 Q 2.646<7463>-.18 G .146<68616e6765207468697320756e
-6c65737320796f75722073797374656d2075736573206120646966>-2.646 F .146
-<666572656e7420554e4958206d61696c626f7820666f726d6174202876>-.25 F
-<657279>-.15 E<756e6c696b>174 220.2 Q<656c79292e>-.1 E
-<556e7361666547726f7570577269746573>102 236.4 Q .085
-<5b6e6f2073686f7274206e616d655d204966207365742028646566>174 248.4 R .085
-<61756c74292c203a696e636c7564653a20616e64202e666f7277>-.1 F .086
-<617264208c6c65732074686174206172652067726f7570207772697461626c65>-.1 F
-.655<61726520636f6e736964657265642099756e736166659a2c20746861742069732c
-20746865>174 260.4 R 3.155<7963>-.15 G .654<616e6e6f74207265666572656e63
-652070726f6772616d73206f72207772697465206469726563746c79>-3.155 F .536
-<746f208c6c65732e>174 272.4 R -.8<576f>5.536 G .536
-<726c64207772697461626c65203a696e636c7564653a20616e64202e666f7277>.8 F
-.537<617264208c6c65732061726520616c>-.1 F -.1<7761>-.1 G .537
-<797320756e736166652e>.1 F .537<4e6f74653a20757365>5.537 F F0
-<446f6e74426c616d6553656e646d61696c>174 284.4 Q F1
-<696e73746561643b2074686973206f7074696f6e20697320646570726563617465642e>
-2.5 E<557365436f6d7072657373656449507636416464726573736573>102 300.6 Q
-.09<5b6e6f2073686f7274206e616d655d204966207365742c2074686520636f6d707265
-7373656420666f726d6174206f662049507636206164647265737365732c207375636820
-617320495056363a3a3a312c>174 312.6 R<77696c6c20626520757365642c20696e73
-74656164206f662074686520756e636f6d7072657373656420666f726d61742c20737563
-6820617320495076363a303a303a303a303a303a303a303a312e>174 324.6 Q
-<5573654572726f727354>102 340.8 Q 21.15<6f5b>-.8 G .826
-<6c5d20496620746865726520697320616e20994572726f72732d54>-21.15 F .826
-<6f3a9a20686561646572>-.8 F 3.326<2c73>-.4 G .826<656e64206572726f72206d
-6573736167657320746f2074686520616464726573736573206c6973746564>-3.326 F
-3.135<74686572652e20546865>174 352.8 R 3.135<796e>-.15 G .635
-<6f726d616c6c7920676f20746f2074686520656e>-3.135 F -.15<7665>-.4 G .635
-<6c6f70652073656e646572>.15 F 5.635<2e55>-.55 G .634
-<7365206f662074686973206f7074696f6e20636175736573>-5.635 F F2
-<73656e642d>3.134 E<6d61696c>174 364.8 Q F1
-<746f2076696f6c6174652052464320313132332e>2.5 E<54686973206f7074696f6e20
-6973206469737265636f6d6d656e64656420616e6420646570726563617465642e>5 E
-<557365724461746162617365537065633d>102 381 Q F2<75646273706563>A F1
-<5b555d2054686520757365722064617461626173652073706563698c636174696f6e2e>
-174 393 Q -1.11<5665>102 409.2 S 37.29<72626f7365205b765d>1.11 F .56
-<52756e20696e2076>3.06 F .561<6572626f7365206d6f64652e>-.15 F .561
-<49662074686973206973207365742c>5.561 F F2<73656e646d61696c>3.061 E F1
-.561<61646a75737473206f7074696f6e73>3.061 F F0<486f6c64457870656e7369>
-3.061 E -.1<7665>-.1 G F1<286f6c64>174 421.2 Q F0<63>2.636 E F1 2.636
-<2961>C<6e64>-2.636 E F0<44656c69>2.636 E -.1<7665>-.1 G<72794d6f6465>.1
-E F1<286f6c64>2.636 E F0<64>2.636 E F1 2.635<2973>C 2.635<6f74>-2.635 G
-.135<68617420616c6c206d61696c2069732064656c69>-2.635 F -.15<7665>-.25 G
-.135<72656420636f6d706c6574656c7920696e20612073696e2d>.15 F 1.244<676c65
-206a6f6220736f207468617420796f752063616e207365652074686520656e7469726520
-64656c69>174 433.2 R -.15<7665>-.25 G 1.244<72792070726f636573732e>.15 F
-<4f7074696f6e>6.244 E F0 -1<5665>3.744 G<72626f7365>1 E F1<73686f756c64>
-3.744 E F2<6e65>174 445.2 Q<766572>-.15 E F1 1.269<62652073657420696e20
-74686520636f6e8c6775726174696f6e208c6c653b20697420697320696e74656e646564
-20666f7220636f6d6d616e64206c696e6520757365206f6e6c79>3.77 F<2e>-.65 E
-.435<4e6f746520746861742074686520757365206f66206f7074696f6e>174 457.2 R
-F0 -1<5665>2.935 G<72626f7365>1 E F1 .435<63616e206361757365206175746865
-6e7469636174696f6e20696e666f726d6174696f6e20746f206c65616b2c>2.935 F
-.015<696620796f752075736520612073656e646d61696c20636c69656e7420746f2061
-757468656e74696361746520746f20612073657276>174 469.2 R<6572>-.15 E 5.015
-<2e49>-.55 G 2.515<6674>-5.015 G .015
-<68652061757468656e7469636174696f6e206d6563682d>-2.515 F .935
-<616e69736d207573657320706c61696e207465>174 481.2 R .936
-<7874207061737377>-.15 F .936<6f726473202861732077697468204c4f47494e206f
-7220504c41494e292c207468656e20746865207061737377>-.1 F<6f7264>-.1 E
-1.418<636f756c6420626520636f6d70726f6d697365642e>174 493.2 R 3.017 -.8
-<546f2061>6.418 H -.2<766f>.6 G 1.417<696420746869732c20646f206e6f742069
-6e7374616c6c2073656e646d61696c207365742d75736572>.2 F 1.417
-<2d494420726f6f742c>-.2 F<616e642064697361626c6520746865>174 505.2 Q F0
-<56455242>2.5 E F1
-<534d545020636f6d6d616e6420776974682061207375697461626c65>2.5 E F0
-<507269>2.5 E -.1<7661>-.1 G<63794f7074696f6e73>.1 E F1
-<73657474696e672e>2.5 E<5873637269707446696c65427566>102 521.4 Q
-<66657253697a653d>-.25 E F2<746872>A<6573686f6c64>-.37 E F1 1.1
-<5b6e6f2073686f7274206e616d655d2053657420746865>174 533.4 R F2<746872>
-3.601 E<6573686f6c64>-.37 E F1 3.601<2c69>C 3.601<6e62>-3.601 G 1.101<79
-7465732c206265666f72652061206d656d6f72792d626173656420717565756520747261
-6e2d>-3.601 F
-<736372697074208c6c65206265636f6d6573206469736b2d62617365642e>174 545.4
-Q<54686520646566>5 E<61756c7420697320343039362062797465732e>-.1 E .109<
-416c6c206f7074696f6e732063616e2062652073706563698c6564206f6e207468652063
-6f6d6d616e64206c696e65207573696e672074686520ad4f206f7220ad6f208d61672c20
-62>102 561.6 R .108<7574206d6f73742077696c6c206361757365>-.2 F F2
-<73656e642d>2.608 E<6d61696c>102 573.6 Q F1 .663
-<746f2072656c696e717569736820697473207365742d75736572>3.163 F .663
-<2d4944207065726d697373696f6e732e>-.2 F .664<546865206f7074696f6e732074
-6861742077696c6c206e6f74206361757365207468697320617265205365>5.663 F
--.15<7665>-.25 G<6e426974496e2d>.15 E 1.319<707574205b375d2c204569676874
-4269744d6f6465205b385d2c204d696e46726565426c6f636b73205b625d2c2043686563
-6b706f696e74496e74657276>102 585.6 R 1.319<616c205b435d2c2044656c69>-.25
-F -.15<7665>-.25 G 1.319<72794d6f6465205b645d2c204572726f72>.15 F<2d>-.2
-E .042<4d6f6465205b655d2c2049676e6f7265446f7473205b695d2c2053656e644d69
-6d654572726f7273205b6a5d2c204c6f674c65>102 597.6 R -.15<7665>-.25 G
-2.543<6c5b>.15 G .043<4c5d2c204d6554>-2.543 F .043
-<6f6f205b6d5d2c204f6c645374796c6548656164657273205b6f5d2c205072692d>-.8
-F -.25<7661>102 609.6 S -.15<6379>.25 G .303
-<4f7074696f6e73205b705d2c20537570657253616665205b735d2c2056>.15 F .302
-<6572626f7365205b765d2c205175657565536f72744f72646572>-1.11 F 2.802
-<2c4d>-.4 G .302<696e51756575654167652c20446566>-2.802 F .302
-<61756c74436861725365742c204469616c>-.1 F<44656c6179>102 621.6 Q 7.312
-<2c4e>-.65 G 4.812
-<6f526563697069656e74416374696f6e2c20436f6c6f6e4f6b496e41646472>-7.312 F
-7.312<2c4d>-.4 G 4.812<6178517565756552756e53697a652c2053696e676c654c69
-6e6546726f6d486561646572>-7.312 F 7.312<2c61>-.4 G<6e64>-7.312 E
-<416c6c6f>102 633.6 Q 3.921<77426f67757348454c4f2e2041637475616c6c79>
--.25 F 3.921<2c50>-.65 G<7269>-3.921 E -.25<7661>-.25 G -.15<6379>.25 G
-1.421<4f7074696f6e73205b705d206769>.15 F -.15<7665>-.25 G 3.921<6e6f>.15
-G 3.921<6e74>-3.921 G 1.421
-<686520636f6d6d616e64206c696e652061726520616464656420746f2074686f7365>
--3.921 F 1.697<616c72656164792073706563698c656420696e20746865>102 645.6
-R F2<73656e646d61696c2e6366>4.197 E F1 1.697
-<8c6c652c20692e652e2c20746865>4.197 F 4.197<7963>-.15 G<616e27>-4.197 E
-4.197<7462>-.18 G 4.197<6572>-4.197 G 4.198<657365742e20416c736f2c>
--4.197 F 4.198<4d28>4.198 G 1.698<64658c6e65206d6163726f29207768656e>
--4.198 F<64658c6e696e67207468652072206f722073206d6163726f7320697320616c
-736f20636f6e736964657265642099736166659a2e>102 657.6 Q F0 2.5
-<352e372e2050>87 681.6 R 2.5<8a50>2.5 G -.18<7265>-2.5 G
-<636564656e63652044658c6e6974696f6e73>.18 E F1 -1.11<5661>127 697.8 S
-.164<6c75657320666f72207468652099507265636564656e63653a9a208c656c64206d
-61792062652064658c6e6564207573696e6720746865>1.11 F F0<50>2.664 E F1
-.164<636f6e74726f6c206c696e652e>2.664 F .163
-<5468652073796e746178206f662074686973>5.163 F<8c656c642069733a>102 709.8
-Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-79)195.86 E/F1 10/Times-Roman@0 SF(understand le)174 96 Q -.05
+(ga)-.15 G(lly wrapped RFC 822 headers.).05 E(SingleThreadDeli)102 112.2
+Q -.15(ve)-.25 G(ry).15 E .333
+([no short name] If set, a client machine will ne)174 124.2 R -.15(ve)
+-.25 G 2.833(rt).15 G .334(ry to open tw)-2.833 F 2.834(oS)-.1 G .334
+(MTP connec-)-2.834 F 1.712(tions to a single serv)174 136.2 R 1.712
+(er machine at the same time, e)-.15 F -.15(ve)-.25 G 4.211(ni).15 G
+4.211(nd)-4.211 G(if)-4.211 E 1.711(ferent processes.)-.25 F .952
+(That is, if another)174 148.2 R/F2 10/Times-Italic@0 SF(sendmail)3.452
+E F1 .952(is already talking to some host a ne)3.452 F(w)-.25 E F2
+(sendmail)3.453 E F1(will)3.453 E 2.388(not open another connection.)174
+160.2 R 2.387(This property is of mix)7.387 F 2.387(ed v)-.15 F 2.387
+(alue; although this)-.25 F .386(reduces the load on the other machine,\
+ it can cause mail to be delayed \(for e)174 172.2 R(xam-)-.15 E .719
+(ple, if one)174 184.2 R F2(sendmail)3.219 E F1 .719(is deli)3.219 F
+-.15(ve)-.25 G .718(ring a huge message, other).15 F F2(sendmail)3.218 E
+F1 3.218(sw)C(on')-3.318 E 3.218(tb)-.18 G 3.218(ea)-3.218 G(ble)-3.218
+E 1.542(to send e)174 196.2 R -.15(ve)-.25 G 4.042(ns).15 G 1.542
+(mall messages\).)-4.042 F 1.543
+(Also, it requires another \214le descriptor \(for the)6.542 F .997
+(lock \214le\) per connection, so you may ha)174 208.2 R 1.296 -.15
+(ve t)-.2 H 3.496(or).15 G .996(educe the)-3.496 F F0
+(ConnectionCacheSize)3.496 E F1 .234(option to a)174 220.2 R -.2(vo)-.2
+G .234(id running out of per).2 F .235(-process \214le descriptors.)-.2
+F .235(Requires the)5.235 F F0(HostSta-)2.735 E(tusDir)174 232.2 Q
+(ectory)-.18 E F1(option.)2.5 E(SmtpGreetingMessage=)102 248.4 Q F2
+(messa)A -.1(ge)-.1 G F1 .345
+([$e macro] The message printed when the SMTP serv)174 260.4 R .344
+(er starts up.)-.15 F(Def)5.344 E .344(aults to \231$j)-.1 F
+(Sendmail $v ready at $b\232.)174 272.4 Q 22.28(SoftBounce If)102 288.6
+R .092(set, issue temporary errors \(4xy\) instead of permanent errors \
+\(5xy\).)2.592 F .093(This can be)5.093 F .127
+(useful during testing of a ne)174 300.6 R 2.627(wc)-.25 G .127
+(on\214guration to a)-2.627 F -.2(vo)-.2 G .126
+(id erroneous bouncing of mails.).2 F 23.94(SSLEngine Name)102 316.8 R
+1.004(of SSL engine to use.)3.503 F 1.004(The a)6.004 F -.25(va)-.2 G
+1.004(ilable v).25 F 1.004(alues depend on the OpenSSL v)-.25 F(er)-.15
+E(-)-.2 E(sion ag)174 328.8 Q(ainst which)-.05 E F2(sendmail)2.5 E F1
+(is compiled, see)2.5 E(openssl engine -v)214 345 Q
+(for some information.)174 361.2 Q(SSLEngineP)102 377.4 Q 6.31(ath P)
+-.15 F .632(ath to dynamic library for SSL engine.)-.15 F .631
+(This option is only useful if)5.632 F F2(SSLEngine)3.131 E F1 .484
+(is set.)174 389.4 R .484(If both are set, the engine will be loaded dy\
+namically at runtime using the)5.484 F .164
+(concatenation of the path, a slash "/", the string "lib", the v)174
+401.4 R .164(alue of)-.25 F F2(SSLEngine)2.664 E F1 2.664(,a)C(nd)-2.664
+E .874(the string ".so".)174 413.4 R .874(If only)5.874 F F2(SSLEngine)
+3.374 E F1 .875(is set then the static v)3.375 F .875
+(ersion of the engine is)-.15 F(used.)174 425.4 Q(StatusFile=)102 441.6
+Q F2(\214le)A F1 .524([S] Log summary statistics in the named)14.13 F F2
+(\214le)3.024 E F1 5.524(.I)C 3.023(fn)-5.524 G 3.023<6f8c>-3.023 G .523
+(le name is speci\214ed, "statis-)-3.023 F .547(tics" is used.)174 453.6
+R .547(If not set, no summary statistics are sa)5.547 F -.15(ve)-.2 G
+3.048(d. This).15 F .548(\214le does not gro)3.048 F(w)-.25 E(in size.)
+174 465.6 Q(It can be printed using the)5 E F2(mailstats)2.5 E F1
+(\(8\) program.)A 28.4(SuperSafe [s])102 481.8 R .364
+(This option can be set to T)2.864 F .364(rue, F)-.35 F .364
+(alse, Interacti)-.15 F -.15(ve)-.25 G 2.864(,o).15 G 2.864(rP)-2.864 G
+(ostMilter)-2.864 E 5.364(.I)-.55 G 2.864(fs)-5.364 G .364(et to T)
+-2.864 F(rue,)-.35 E F2(sendmail)174 493.8 Q F1 .116(will be super)2.616
+F .116(-safe when running things, i.e., al)-.2 F -.1(wa)-.1 G .117
+(ys instantiate the queue).1 F .118(\214le, e)174 505.8 R -.15(ve)-.25 G
+2.618(ni).15 G 2.618(fy)-2.618 G .118
+(ou are going to attempt immediate deli)-2.618 F -.15(ve)-.25 G(ry).15 E
+(.)-.65 E F2(Sendmail)5.117 E F1(al)2.617 E -.1(wa)-.1 G .117
+(ys instan-).1 F .087(tiates the queue \214le before returning control \
+to the client under an)174 517.8 R 2.588(yc)-.15 G(ircumstances.)-2.588
+E 1.3(This should really)174 529.8 R F2(always)3.8 E F1 1.299
+(be set to T)3.799 F 3.799(rue. The)-.35 F(Interacti)3.799 E 1.599 -.15
+(ve v)-.25 H 1.299(alue has been intro-)-.1 F .221
+(duced in 8.12 and can be used together with)174 541.8 R F0(Deli)2.722 E
+-.1(ve)-.1 G(ryMode=i).1 E F1 5.222(.I)C 2.722(ts)-5.222 G .222
+(kips some syn-)-2.722 F 1.533(chronization calls which are ef)174 553.8
+R(fecti)-.25 E -.15(ve)-.25 G 1.533(ly doubled in the code e).15 F -.15
+(xe)-.15 G 1.532(cution path for).15 F .335(this mode.)174 565.8 R .336
+(If set to PostMilter)5.335 F(,)-.4 E F2(sendmail)2.836 E F1 .336
+(defers synchronizing the queue \214le until)2.836 F(an)174 577.8 Q
+3.788(ym)-.15 G 1.288(ilters ha)-3.788 F 1.588 -.15(ve s)-.2 H 1.287
+(ignaled acceptance of the message.).15 F 1.287
+(PostMilter is useful only)6.287 F(when)174 589.8 Q F2(sendmail)3.821 E
+F1 1.321(is running as an SMTP serv)3.821 F 1.322
+(er; in all other situations it acts the)-.15 F(same as T)174 601.8 Q
+(rue.)-.35 E(TLSF)102 618 Q(allbacktoClear)-.15 E .716
+([no short name] If set,)174 630 R F2(sendmail)3.216 E F1 .715
+(immediately tries an outbound connection ag)3.215 F(ain)-.05 E .61
+(without ST)174 642 R(AR)-.93 E .61(TTLS after a TLS handshak)-.6 F 3.11
+(ef)-.1 G 3.11(ailure. Note:)-3.21 F .61(this applies to all con-)3.11 F
+2.677(nections e)174 654 R -.15(ve)-.25 G 5.177(ni).15 G 5.177(fT)-5.177
+G 2.676(LS speci\214c requirements are set \(see rulesets)-5.177 F F2
+(tls_r)5.176 E(cpt)-.37 E F1(and)5.176 E F2(tls_client)174 666 Q F1
+4.866(\). Hence)4.866 F 2.367
+(such requirements will cause an error on a retry without)4.866 F(ST)174
+678 Q(AR)-.93 E 3.551(TTLS. Therefore)-.6 F(the)3.551 E 3.551(ys)-.15 G
+1.051(hould only trigger a temporary f)-3.551 F 1.051
+(ailure so the con-)-.1 F(nection is later on tried ag)174 690 Q(ain.)
+-.05 E 6.16(TLSSrvOptions [no)102 706.2 R .238
+(short name] List of options for SMTP ST)2.737 F(AR)-.93 E .238
+(TTLS for the serv)-.6 F .238(er consisting of)-.15 F .18
+(single characters with interv)174 718.2 R .18
+(ening white space or commas.)-.15 F .18(The \215ag `)5.18 F(`V')-.74 E
+2.68('d)-.74 G(isables)-2.68 E 0 Cg EP
%%Page: 80 76
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d38302053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-<50>142 96 Q/F1 10/Times-Italic@0 SF<6e616d65>A F0<3d>A F1<6e756d>A/F2
-10/Times-Roman@0 SF .383<5768656e20746865>102 112.2 R F1<6e616d65>2.883
-E F2 .384<697320666f756e6420696e20612099507265636564656e63653a9a208c656c
-642c20746865206d65737361676520636c6173732069732073657420746f>2.883 F F1
-<6e756d>2.884 E F2 5.384<2e48>C .384<6967686572206e756d62657273>-5.384 F
-.85<6d65616e2068696768657220707265636564656e63652e>102 124.2 R .85
-<4e756d62657273206c657373207468616e207a65726f206861>5.85 F 1.15 -.15
-<76652074>-.2 H .85<6865207370656369616c2070726f706572747920746861742069
-6620616e206572726f72206f6363757273>.15 F 1.551<647572696e672070726f6365
-7373696e672074686520626f6479206f6620746865206d6573736167652077696c6c206e
-6f742062652072657475726e65643b20746869732069732065>102 136.2 R 1.552
-<7870656374656420746f206265207573656420666f72>-.15 F<9962>102 148.2 Q
-.462<756c6b9a206d61696c2073756368206173207468726f756768206d61696c696e67
-206c697374732e>-.2 F .461<54686520646566>5.461 F .461
-<61756c7420707265636564656e6365206973207a65726f2e>-.1 F -.15<466f>5.461
-G 2.961<7265>.15 G .461<78616d706c652c206f7572206c697374206f66>-3.111 F
-<707265636564656e6365732069733a>102 160.2 Q<508c7273742d636c6173733d30>
-142 176.4 Q<507370656369616c2d64656c69>142 188.4 Q -.15<7665>-.25 G
-<72793d313030>.15 E<506c6973743dad3330>142 200.4 Q<5062>142 212.4 Q
-<756c6b3dad3630>-.2 E<506a756e6b3dad313030>142 224.4 Q 1.058
-<50656f706c652077726974696e67206d61696c696e67206c6973742065>102 240.6 R
-1.058<78706c6f646572732061726520656e636f75726167656420746f20757365209950
-7265636564656e63653a206c6973749a2e>-.15 F 1.059<4f6c6465722076>6.059 F
-1.059<657273696f6e73206f66>-.15 F F1<73656e646d61696c>102 252.6 Q F2
-1.19<2877686963682064697363617264656420616c6c206572726f722072657475726e
-7320666f72206e65>3.69 F -.05<6761>-.15 G<7469>.05 E 1.49 -.15<76652070>
--.25 H 1.19<7265636564656e63657329206469646e27>.15 F 3.69<7472>-.18 G
-1.19<65636f676e697a652074686973206e616d652c>-3.69 F<6769>102 264.6 Q
-.598<76696e67206974206120646566>-.25 F .598
-<61756c7420707265636564656e6365206f66207a65726f2e>-.1 F .598
-<5468697320616c6c6f>5.598 F .598<7773206c697374206d61696e7461696e657273
-20746f20736565206572726f722072657475726e73206f6e20626f7468206f6c64>-.25
-F<616e64206e65>102 276.6 Q 2.5<7776>-.25 G<657273696f6e73206f66>-2.65 E
-F1<73656e646d61696c>2.5 E F2<2e>A F0 2.5<352e382e2056>87 300.6 R 2.5
-<8a43>2.5 G<6f6e8c6775726174696f6e2056>-2.5 E<657273696f6e204c65>-1 E
--.1<7665>-.15 G<6c>.1 E F2 3.182 -.8<546f2070>127 316.8 T<726f>.8 E
-1.582<7669646520636f6d7061746962696c6974792077697468206f6c6420636f6e8c67
-75726174696f6e208c6c65732c20746865>-.15 F F0<56>4.081 E F2 1.581
-<6c696e6520686173206265656e20616464656420746f2064658c6e65>4.081 F 1.11
-<736f6d652076>102 328.8 R 1.11<6572792062617369632073656d616e7469637320
-6f662074686520636f6e8c6775726174696f6e208c6c652e>-.15 F 1.11<5468657365
-20617265206e6f7420696e74656e64656420746f206265206c6f6e67207465726d207375
-702d>6.11 F .034<706f7274733b20726174686572>102 340.8 R 2.533<2c74>-.4 G
-<6865>-2.533 E 2.533<7964>-.15 G .033<6573637269626520636f6d706174696269
-6c6974792066656174757265732077686963682077696c6c2070726f6261626c79206265
-2072656d6f>-2.533 F -.15<7665>-.15 G 2.533<6469>.15 G 2.533<6e66>-2.533
-G .033<75747572652072656c65617365732e>-2.533 F F0<4e2e422e3a>127 357 Q
-F2 .196<74686573652076>2.696 F<657273696f6e>-.15 E F1<6c65>2.696 E
-<76656c73>-.15 E F2<6861>2.696 E .496 -.15<7665206e>-.2 H .196
-<6f7468696e6720746f20646f2077697468207468652076>.15 F<657273696f6e>-.15
-E F1<6e756d626572>2.696 E F2 .197<6f6e20746865208c6c65732e>2.696 F -.15
-<466f>5.197 G 2.697<7265>.15 G<78616d2d>-2.847 E
-<706c652c206173206f6620746869732077726974696e672076>102 369 Q
-<657273696f6e20313020636f6e8c67208c6c6573202873706563698c63616c6c79>-.15
-E 2.5<2c38>-.65 G<2e31302920757365642076>-2.5 E<657273696f6e206c65>-.15
-E -.15<7665>-.25 G 2.5<6c3963>.15 G<6f6e8c6775726174696f6e732e>-2.5 E
-1.102<994f6c649a20636f6e8c6775726174696f6e208c6c6573206172652064658c6e65
-642061732076>127 385.2 R 1.102<657273696f6e206c65>-.15 F -.15<7665>-.25
-G 3.602<6c6f>.15 G 3.602<6e652e2056>-3.602 F 1.102<657273696f6e206c65>
--1.11 F -.15<7665>-.25 G 3.602<6c74>.15 G 1.302 -.1<776f208c>-3.602 H
-1.102<6c6573206d616b>.1 F 3.602<6574>-.1 G<6865>-3.602 E<666f6c6c6f>102
-397.2 Q<77696e67206368616e6765733a>-.25 E 12.5<28312920486f7374>107
-413.4 R .727<6e616d652063616e6f6e698c636174696f6e2028245b202e2e2e20245d
-2920617070656e6473206120646f7420696620746865206e616d65206973207265636f67
-6e697a65643b2074686973206769>3.226 F -.15<7665>-.25 G 3.227<7374>.15 G
-<6865>-3.227 E 1.975<636f6e8c67208c6c6520612077>133.66 425.4 R 1.974
-<6179206f66208c6e64696e67206f757420696620616e>-.1 F 1.974
-<797468696e67206d6174636865642e>-.15 F<2841637475616c6c79>6.974 E 4.474
-<2c74>-.65 G 1.974<686973206a75737420696e697469616c697a657320746865>
--4.474 F .738<99686f73749a206d61702077697468207468652099ad612e>133.66
-437.4 R 5.739<9a8d>-.7 G .739
-<6167208a20796f752063616e20726573657420697420746f20616e>-5.739 F .739
-<797468696e6720796f7520707265666572206279206465636c6172696e6720746865>
--.15 F<6d61702065>133.66 449.4 Q<78706c696369746c79>-.15 E<2e29>-.65 E
-12.5<28322920446566>107 465.6 R .385<61756c7420686f7374206e616d652065>
--.1 F .385<7874656e73696f6e20697320636f6e73697374656e74207468726f756768
-6f75742070726f63657373696e673b2076>-.15 F .384<657273696f6e206c65>-.15 F
--.15<7665>-.25 G 2.884<6c6f>.15 G .384<6e6520636f6e8c67752d>-2.884 F .83
-<726174696f6e73207475726e6564206f66>133.66 477.6 R 3.33<6664>-.25 G .83
-<6f6d61696e2065>-3.33 F .83<7874656e73696f6e2028746861742069732c20616464
-696e6720746865206c6f63616c20646f6d61696e206e616d652920647572696e67206365
-727461696e>-.15 F .4<706f696e747320696e2070726f63657373696e672e>133.66
-489.6 R -1.11<5665>5.4 G .4<7273696f6e206c65>1.11 F -.15<7665>-.25 G 2.9
-<6c74>.15 G .6 -.1<776f2063>-2.9 H .4
-<6f6e8c6775726174696f6e73206172652065>.1 F .4
-<7870656374656420746f20696e636c756465206120747261696c696e6720646f74>-.15
-F<746f20696e646963617465207468617420746865206e616d6520697320616c72656164
-792063616e6f6e6963616c2e>133.66 501.6 Q 12.5<283329204c6f63616c>107
-517.8 R .072<6e616d6573207468617420617265206e6f7420616c6961736573206172
-6520706173736564207468726f7567682061206e65>2.572 F 2.572<7764>-.25 G
-.072<697374696e677569736865642072756c65736574208c76>-2.572 F .072
-<653b20746869732063616e>-.15 F .14
-<6265207573656420746f20617070656e642061206c6f63616c2072656c6179>133.66
-529.8 R 5.139<2e54>-.65 G .139<6869732062656861>-5.139 F .139
-<76696f722063616e20626520707265>-.2 F -.15<7665>-.25 G .139
-<6e746564206279207265736f6c76696e6720746865206c6f63616c206e616d65>.15 F
-.993<7769746820616e20696e697469616c206040272e>133.66 541.8 R .993
-<546861742069732c20736f6d657468696e672074686174207265736f6c76>5.993 F
-.993<657320746f2061206c6f63616c206d61696c657220616e6420612075736572206e
-616d65206f66>-.15 F .602<9976696b6b699a2077696c6c2062652070617373656420
-7468726f7567682072756c65736574208c76>133.66 553.8 R .601<652c2062>-.15 F
-.601
-<757420612075736572206e616d65206f6620994076696b6b699a2077696c6c206861>
--.2 F .901 -.15<76652074>-.2 H .601<686520604027>.15 F .919<737472697070
-65642c2077696c6c206e6f7420626520706173736564207468726f7567682072756c6573
-6574208c76>133.66 565.8 R .919<652c2062>-.15 F .92<75742077696c6c206f74
-686572776973652062652074726561746564207468652073616d65206173>-.2 F .63
-<746865207072696f722065>133.66 577.8 R 3.13<78616d706c652e20546865>-.15
-F -.15<6578>3.13 G .629<706563746174696f6e20697320746861742074686973206d
-69676874206265207573656420746f20696d706c656d656e74206120706f6c6963>.15 F
-3.129<7977>-.15 G<68657265>-3.129 E .734
-<6d61696c2073656e7420746f209976696b6b699a2077>133.66 589.8 R .734
-<61732068616e646c656420627920612063656e7472616c206875622c2062>-.1 F .734
-<7574206d61696c2073656e7420746f209976696b6b69406c6f63616c686f73749a2077>
--.2 F<6173>-.1 E<64656c69>133.66 601.8 Q -.15<7665>-.25 G
-<726564206469726563746c79>.15 E<2e>-.65 E -1.11<5665>127 618 S 1.383
-<7273696f6e206c65>1.11 F -.15<7665>-.25 G 3.883<6c74>.15 G 1.383
-<68726565208c6c657320616c6c6f>-3.883 F 3.882<772369>-.25 G 1.382
-<6e6974696174656420636f6d6d656e7473206f6e20616c6c206c696e65732e>-3.882 F
-1.382<457863657074696f6e7320617265206261636b736c617368>6.382 F
-<657363617065642023206d61726b7320616e64207468652024232073796e7461782e>
-102 630 Q -1.11<5665>127 646.2 S 1.207<7273696f6e206c65>1.11 F -.15
-<7665>-.25 G 3.707<6c66>.15 G 1.207<6f757220636f6e8c6775726174696f6e7320
-61726520636f6d706c6574656c792065717569>-3.707 F -.25<7661>-.25 G 1.208
-<6c656e7420746f206c65>.25 F -.15<7665>-.25 G 3.708<6c74>.15 G 1.208
-<6872656520666f7220686973746f726963616c207265612d>-3.708 F<736f6e732e>
-102 658.2 Q -1.11<5665>127 674.4 S 1.234<7273696f6e206c65>1.11 F -.15
-<7665>-.25 G 3.734<6c8c>.15 G 1.534 -.15<76652063>-3.734 H 1.234
-<6f6e8c6775726174696f6e208c6c6573206368616e67652074686520646566>.15 F
-1.234<61756c742064658c6e6974696f6e206f66>-.1 F F0<2477>3.734 E F2 1.234
-<746f206265206a75737420746865208c727374>3.734 F
-<636f6d706f6e656e74206f662074686520686f73746e616d652e>102 686.4 Q -1.11
-<5665>127 702.6 S 1.588<7273696f6e206c65>1.11 F -.15<7665>-.25 G 4.088
-<6c73>.15 G 1.588
-<697820636f6e8c6775726174696f6e208c6c6573206368616e6765206d616e>-4.088 F
-4.088<796f>-.15 G 4.089<6674>-4.088 G 1.589<6865206c6f63616c2070726f6365
-7373696e67206f7074696f6e73202873756368206173>-4.089 F .481
-<616c696173696e6720616e64206d61746368696e6720746865206265>102 714.6 R
-.481<67696e6e696e67206f6620746865206164647265737320666f7220607c27206368
-61726163746572732920746f206265206d61696c6572208d6167733b207468697320616c
-6c6f>-.15 F<7773>-.25 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-80 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .51
+(client v)174 96 R .511(eri\214cation, and hence it is not possible to \
+use a client certi\214cate for relay-)-.15 F 3.919(ing. The)174 108 R
+1.419(\215ag `)3.919 F(`C')-.74 E 3.919('r)-.74 G(emo)-3.919 E -.15(ve)
+-.15 G 3.919(st).15 G 1.419(he requirement for the TLS serv)-3.919 F
+1.418(er to ha)-.15 F 1.718 -.15(ve a c)-.2 H(ert.).15 E .386
+(This only w)174 120 R .386(orks under v)-.1 F .386
+(ery speci\214c circumstances and should only be used if the)-.15 F
+(consequences are understood, e.g., clients may not w)174 132 Q
+(ork with a serv)-.1 E(er using this.)-.15 E -.7(Te)102 148.2 S
+(mpFileMode=).7 E/F2 10/Times-Italic@0 SF(mode)A F1 .062
+([F] The \214le mode for transcript \214les, \214les to which)174 160.2
+R F2(sendmail)2.561 E F1(deli)2.561 E -.15(ve)-.25 G .061(rs directly)
+.15 F 2.561<2c8c>-.65 G(les)-2.561 E .61(in the)174 172.2 R F0
+(HostStatusDir)3.11 E(ectory)-.18 E F1 3.11(,a)C(nd)-3.11 E F0
+(StatusFile)3.11 E F1 5.61(.I)C 3.11(ti)-5.61 G 3.11(si)-3.11 G .61
+(nterpreted in octal by def)-3.11 F(ault.)-.1 E(Def)174 184.2 Q
+(aults to 0600.)-.1 E -.35(Ti)102 200.4 S(meout.).35 E F2(type)A F1(=)A
+F2(timeout)1.666 E F1 .417
+([r; subsumes old T option as well] Set timeout v)174 212.4 R 2.917
+(alues. F)-.25 F .417(or more information, see)-.15 F(section 4.1.)174
+224.4 Q -.35(Ti)102 240.6 S(meZoneSpec=).35 E F2(tzinfo)A F1 .218
+([t] Set the local time zone info to)174 252.6 R F2(tzinfo)2.718 E F1
+2.718<8a66>2.718 G .218(or e)-2.718 F .218(xample, \231PST8PDT\232.)-.15
+F(Actually)5.218 E 2.718(,i)-.65 G(f)-2.718 E 1.346
+(this is not set, the TZ en)174 264.6 R 1.346(vironment v)-.4 F 1.346
+(ariable is cleared \(so the system def)-.25 F 1.345(ault is)-.1 F .208
+(used\); if set b)174 276.6 R .208(ut null, the user')-.2 F 2.708(sT)
+-.55 G 2.708(Zv)-2.708 G .208
+(ariable is used, and if set and non-null the TZ)-2.958 F -.25(va)174
+288.6 S(riable is set to this v).25 E(alue.)-.25 E -.35(Tr)102 304.8 S
+(ustedUser=).35 E F2(user)A F1 3.753([no short name] The).06 F F2(user)
+6.253 E F1 3.752(parameter may be a user name \(look)6.252 F 3.752
+(ed up in)-.1 F F2(/etc/passwd)174 316.8 Q F1 2.742(\)o)C 2.742(ran)
+-2.742 G .242(umeric user id.)-2.742 F -.35(Tr)5.242 G .242
+(usted user for \214le o).35 F .243(wnership and starting the)-.25 F
+3.78(daemon. If)174 328.8 R 1.279
+(set, generated alias databases and the control sock)3.779 F 1.279
+(et \(if con\214gured\))-.1 F(will automatically be o)174 340.8 Q
+(wned by this user)-.25 E(.)-.55 E -.35(Tr)102 357 S 5.96
+(yNullMXList [w]).35 F .114
+(If this system is the \231best\232 \(that is, lo)2.613 F .114
+(west preference\) MX for a gi)-.25 F -.15(ve)-.25 G 2.614(nh).15 G .114
+(ost, its)-2.614 F 1.168(con\214guration rules should normally detect t\
+his situation and treat that condition)174 369 R .257(specially by forw)
+174 381 R .258
+(arding the mail to a UUCP feed, treating it as local, or whate)-.1 F
+-.15(ve)-.25 G -.55(r.).15 G(Ho)174 393 Q(we)-.25 E -.15(ve)-.25 G 1.686
+-.4(r, i).15 H 3.386(ns).4 G .886(ome cases \(such as Internet \214re)
+-3.386 F -.1(wa)-.25 G .886(lls\) you may w).1 F .885
+(ant to try to con-)-.1 F .07
+(nect directly to that host as though it had no MX records at all.)174
+405 R .07(Setting this option)5.07 F(causes)174 417 Q F2(sendmail)3.014
+E F1 .514(to try this.)3.014 F .514(The do)5.514 F .514
+(wnside is that errors in your con\214guration are)-.25 F(lik)174 429 Q
+2.116(ely to be diagnosed as \231host unkno)-.1 F 2.116
+(wn\232 or \231message timed out\232 instead of)-.25 F
+(something more meaningful.)174 441 Q(This option is disrecommended.)5 E
+(UnixFromLine=)102 457.2 Q F2(fr)A(omline)-.45 E F1 .236
+([$l macro] De\214nes the format used when)174 469.2 R F2(sendmail)2.736
+E F1 .236(must add a UNIX-style From_)2.736 F 1.324
+(line \(that is, a line be)174 481.2 R 1.325
+(ginning \231From<space>user\232\).)-.15 F(Def)6.325 E 1.325
+(aults to \231From $g)-.1 F($d\232.)6.325 E(Don')174 493.2 Q 2.646(tc)
+-.18 G .146(hange this unless your system uses a dif)-2.646 F .146
+(ferent UNIX mailbox format \(v)-.25 F(ery)-.15 E(unlik)174 505.2 Q
+(ely\).)-.1 E(UnsafeGroupWrites)102 521.4 Q .085
+([no short name] If set \(def)174 533.4 R .085
+(ault\), :include: and .forw)-.1 F .086
+(ard \214les that are group writable)-.1 F .655
+(are considered \231unsafe\232, that is, the)174 545.4 R 3.155(yc)-.15 G
+.654(annot reference programs or write directly)-3.155 F .536
+(to \214les.)174 557.4 R -.8(Wo)5.536 G .536
+(rld writable :include: and .forw).8 F .537(ard \214les are al)-.1 F -.1
+(wa)-.1 G .537(ys unsafe.).1 F .537(Note: use)5.537 F F0
+(DontBlameSendmail)174 569.4 Q F1(instead; this option is deprecated.)
+2.5 E(UseCompressedIPv6Addresses)102 585.6 Q .09([no short name] If set\
+, the compressed format of IPv6 addresses, such as IPV6:::1,)174 597.6 R
+(will be used, instead of the uncompressed format, such as IPv6:0:0:0:0\
+:0:0:0:1.)174 609.6 Q(UseErrorsT)102 625.8 Q 21.15(o[)-.8 G .826
+(l] If there is an \231Errors-T)-21.15 F .826(o:\232 header)-.8 F 3.326
+(,s)-.4 G .826(end error messages to the addresses listed)-3.326 F 3.135
+(there. The)174 637.8 R 3.135(yn)-.15 G .635(ormally go to the en)-3.135
+F -.15(ve)-.4 G .635(lope sender).15 F 5.635(.U)-.55 G .634
+(se of this option causes)-5.635 F F2(send-)3.134 E(mail)174 649.8 Q F1
+(to violate RFC 1123.)2.5 E
+(This option is disrecommended and deprecated.)5 E(UserDatabaseSpec=)102
+666 Q F2(udbspec)A F1([U] The user database speci\214cation.)174 678 Q
+-1.11(Ve)102 694.2 S 37.29(rbose [v])1.11 F .56(Run in v)3.06 F .561
+(erbose mode.)-.15 F .561(If this is set,)5.561 F F2(sendmail)3.061 E F1
+.561(adjusts options)3.061 F F0(HoldExpensi)3.061 E -.1(ve)-.1 G F1
+(\(old)174 706.2 Q F0(c)2.636 E F1 2.636(\)a)C(nd)-2.636 E F0(Deli)2.636
+E -.1(ve)-.1 G(ryMode).1 E F1(\(old)2.636 E F0(d)2.636 E F1 2.635(\)s)C
+2.635(ot)-2.635 G .135(hat all mail is deli)-2.635 F -.15(ve)-.25 G .135
+(red completely in a sin-).15 F 1.244
+(gle job so that you can see the entire deli)174 718.2 R -.15(ve)-.25 G
+1.244(ry process.).15 F(Option)6.244 E F0 -1(Ve)3.744 G(rbose)1 E F1
+(should)3.744 E 0 Cg EP
%%Page: 81 77
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3831>195.86 E
-/F1 10/Times-Roman@0 SF 1.344
-<8c6e652d677261696e656420636f6e74726f6c206f>102 96 R -.15<7665>-.15 G
-3.844<7274>.15 G 1.344
-<6865207370656369616c206c6f63616c2070726f63657373696e672e>-3.844 F<4c65>
-6.345 E -.15<7665>-.25 G 3.845<6c73>.15 G 1.345
-<697820636f6e8c6775726174696f6e208c6c6573206d617920616c736f20757365>
--3.845 F 1.222<6c6f6e67206f7074696f6e206e616d65732e>102 108 R<546865>
-6.222 E F0<436f6c6f6e4f6b496e41646472>3.722 E F1 1.222
-<6f7074696f6e2028746f20616c6c6f>3.722 F 3.721<7763>-.25 G 1.221<6f6c6f6e
-7320696e20746865206c6f63616c2d70617274206f662061646472657373657329>
--3.721 F<646566>102 120 Q<61756c7473>-.1 E F0<6f6e>3.44 E F1 .94
-<666f72206c6f>3.44 F .94<776572206e756d626572656420636f6e8c677572617469
-6f6e208c6c65733b2074686520636f6e8c6775726174696f6e208c6c6520726571756972
-657320736f6d65206164646974696f6e616c>-.25 F<696e74656c6c6967656e63652074
-6f2070726f7065726c792068616e646c652074686520524643203832322067726f757020
-636f6e7374727563742e>102 132 Q -1.11<5665>127 148.2 S 1.97
-<7273696f6e206c65>1.11 F -.15<7665>-.25 G 4.47<6c73>.15 G -2.15 -.25
-<65762065>-4.47 H 4.47<6e63>.25 G 1.97
-<6f6e8c6775726174696f6e208c6c65732075736564206e65>-4.47 F 4.47<776f>-.25
-G 1.97
-<7074696f6e206e616d657320746f207265706c616365206f6c64206d6163726f732028>
--4.47 F F0<2465>A F1<626563616d65>102 160.2 Q F0<536d74704772>5.547 E
-<656574696e674d657373616765>-.18 E F1<2c>A F0<246c>5.547 E F1
-<626563616d65>5.547 E F0<556e69784672>5.547 E<6f6d4c696e65>-.18 E F1
-5.548<2c61>C<6e64>-5.548 E F0<246f>5.548 E F1<626563616d65>5.548 E F0
-<4f70657261746f724368617273>5.548 E F1<2e>A .087
-<416c736f2c207072696f7220746f2076>102 172.2 R .087<657273696f6e207365>
--.15 F -.15<7665>-.25 G .087<6e2c20746865>.15 F F0<463d71>2.587 E F1
-.087<8d616720287573652032353020696e7374656164206f6620323532207265747572
-6e2076>2.587 F .086<616c756520666f72>-.25 F/F2 9/Times-Roman@0 SF .086
-<534d54502056524659>2.586 F F1<636f6d2d>2.586 E<6d616e6473292077>102
-184.2 Q<617320617373756d65642e>-.1 E -1.11<5665>127 200.4 S
-<7273696f6e206c65>1.11 E -.15<7665>-.25 G 2.5<6c65>.15 G
-<6967687420636f6e8c6775726174696f6e208c6c657320616c6c6f>-2.5 E<77>-.25 E
-F0<2423>2.5 E F1<6f6e20746865206c6566742068616e642073696465206f66207275
-6c65736574206c696e65732e>2.5 E -1.11<5665>127 216.6 S .422
-<7273696f6e206c65>1.11 F -.15<7665>-.25 G 2.922<6c6e>.15 G .423
-<696e6520636f6e8c6775726174696f6e208c6c657320616c6c6f>-2.922 F 2.923
-<7770>-.25 G .423
-<6172656e74686573657320696e2072756c65736574732c20692e652e20746865>-2.923
-F 2.923<7961>-.15 G .423<7265206e6f742074726561746564206173>-2.923 F
-<636f6d6d656e747320616e642068656e63652072656d6f>102 228.6 Q -.15<7665>
--.15 G<642e>.15 E -1.11<5665>127 244.8 S<7273696f6e206c65>1.11 E -.15
-<7665>-.25 G 2.5<6c74>.15 G
-<656e20636f6e8c6775726174696f6e208c6c657320616c6c6f>-2.5 E 2.5<7771>-.25
-G<756575652067726f75702064658c6e6974696f6e732e>-2.5 E<546865>127 261 Q
-F0<56>2.678 E F1 .178<6c696e65206d6179206861>2.678 F .478 -.15<76652061>
--.2 H 2.677<6e6f>.15 G<7074696f6e616c>-2.677 E F0<2f>2.677 E/F3 10
-/Times-Italic@0 SF<76656e646f72>A F1 .177<746f20696e64696361746520746861
-74207468697320636f6e8c6775726174696f6e208c6c652075736573206d6f64698c6361
-2d>2.677 F .866
-<74696f6e732073706563698c6320746f206120706172746963756c61722076>102 275
-R<656e646f72>-.15 E/F4 7/Times-Roman@0 SF<3232>-4 I F1 5.866<2e59>4 K
-.866<6f75206d61792075736520992f4265726b>-6.966 F<656c65>-.1 E .865
-<799a20746f20656d70686173697a652074686174207468697320636f6e8c677572612d>
--.15 F<74696f6e208c6c65207573657320746865204265726b>102 287 Q<656c65>-.1
-E 2.5<7964>-.15 G<69616c656374206f66>-2.5 E F3<73656e646d61696c>2.5 E F1
-<2e>A F0 2.5<352e392e204b>87 311 R 2.5<8a4b>2.5 G
-<65792046696c65204465636c61726174696f6e>-2.75 E F1<5370656369616c206d61
-70732063616e2062652064658c6e6564207573696e6720746865206c696e653a>127
-327.2 Q<4b6d61706e616d65206d6170636c617373206172>142 343.4 Q
-<67756d656e7473>-.18 E<546865>102 359.6 Q F3<6d61706e616d65>2.75 E F1
-.251<6973207468652068616e646c652062792077686963682074686973206d61702069
-73207265666572656e63656420696e20746865207265>2.75 F .251
-<77726974696e672072756c65732e>-.25 F<546865>5.251 E F3<6d6170636c617373>
-2.751 E F1<6973>2.751 E 1.889<746865206e616d65206f6620612074797065206f66
-206d61703b2074686573652061726520636f6d70696c656420696e20746f>102 371.6 R
-F3<73656e646d61696c>4.389 E F1 6.888<2e54>C<6865>-6.888 E F3<6172>4.388
-E<67756d656e7473>-.37 E F1 1.888<61726520696e746572707265746564>4.388 F
-.79<646570656e64696e67206f6e2074686520636c6173733b207479706963616c6c79>
-102 383.6 R 3.29<2c74>-.65 G .791<686572652077>-3.29 F .791
-<6f756c6420626520612073696e676c65206172>-.1 F .791<67756d656e74206e616d
-696e6720746865208c6c6520636f6e7461696e696e6720746865>-.18 F<6d61702e>102
-395.6 Q<4d61707320617265207265666572656e636564207573696e6720746865207379
-6e7461783a>127 411.8 Q<2428>142 428 Q F3<6d6170206b>2.5 E -.3<6579>-.1 G
-F1<2440>2.8 E F3<6172>2.5 E<67756d656e7473>-.37 E F1<243a>2.5 E F3
-<64656661756c74>2.5 E F1<2429>2.5 E .641
-<776865726520656974686572206f7220626f7468206f6620746865>102 444.2 R F3
-<6172>3.141 E<67756d656e7473>-.37 E F1<6f72>3.141 E F3<64656661756c74>
-3.141 E F1 .64<706f7274696f6e206d6179206265206f6d69747465642e>3.141 F
-<546865>5.64 E F3 .64<2440206172>3.14 F<67756d656e7473>-.37 E F1<6d6179>
-3.14 E 1.276<617070656172206d6f7265207468616e206f6e63652e>102 456.2 R
-1.276<54686520696e64696361746564>6.276 F F3 -.1<6b65>3.776 G<79>-.2 E F1
-<616e64>3.776 E F3<6172>3.776 E<67756d656e7473>-.37 E F1 1.277<61726520
-70617373656420746f2074686520617070726f707269617465206d617070696e67>3.777
-F 3.253<66756e6374696f6e2e204966>102 468.2 R .753
-<69742072657475726e7320612076>3.253 F .753
-<616c75652c206974207265706c616365732074686520696e7075742e>-.25 F .753
-<496620697420646f6573206e6f742072657475726e20612076>5.753 F .753
-<616c756520616e6420746865>-.25 F F3<64656661756c74>3.253 E F1<6973>3.253
-E<73706563698c65642c20746865>102 480.2 Q F3<64656661756c74>2.5 E F1
-<7265706c616365732074686520696e7075742e>2.5 E
-<4f74686572776973652c2074686520696e70757420697320756e6368616e6765642e>5
-E<546865>127 496.4 Q F3<6172>4.063 E<67756d656e7473>-.37 E F1 1.563<6172
-652070617373656420746f20746865206d617020666f7220617262697472617279207573
-652e>4.063 F 1.564
-<4d6f7374206d617020636c61737365732063616e20696e746572706f6c617465>6.564
-F .883<7468657365206172>102 508.4 R .883
-<67756d656e747320696e746f2074686569722076>-.18 F .883
-<616c756573207573696e67207468652073796e746178209925>-.25 F F3<6e>A F1
-3.382<9a28>C<7768657265>-3.382 E F3<6e>3.382 E F1 .882
-<697320612064696769742920746f20696e6469636174652074686520636f7272652d>
-3.382 F<73706f6e64696e67>102 520.4 Q F3<6172>2.5 E<67756d656e74>-.37 E
-F1 5<2e41>C -.18<7267>-5 G
-<756d656e74209925309a20696e6469636174657320746865206461746162617365206b>
-.18 E -.15<6579>-.1 G 5<2e46>-.5 G<6f722065>-5.15 E
-<78616d706c652c207468652072756c65>-.15 E<5224ad202120242b>142 536.6 Q<24
-3a2024287575637020243120244020243220243a2024322040202431202e205555435020
-2429>71.72 E 1.269<4c6f6f6b73207570207468652055554350206e616d6520696e20
-612028757365722064658c6e6564292055554350206d61703b206966206e6f7420666f75
-6e64206974207475726e7320697420696e746f20992e555543509a>102 552.8 R 2.5
-<666f726d2e20546865>102 564.8 R
-<6461746162617365206d6967687420636f6e7461696e207265636f726473206c696b>
-2.5 E<653a>-.1 E<64656376>142 581 Q 77.43
-<61782025314025302e4445432e434f4d>-.25 F 72.19
-<72657365617263682025314025302e41>142 593 R<5454>-1.11 E<2e434f4d>-.74 E
-<4e6f74652074686174>102 609.2 Q F3<64656661756c74>2.5 E F1
-<636c6175736573206e65>2.5 E -.15<7665>-.25 G 2.5<7264>.15 G 2.5<6f74>
--2.5 G<686973206d617070696e672e>-2.5 E .735<5468652062>127 625.4 R .735<
-75696c742d696e206d6170207769746820626f7468206e616d6520616e6420636c617373
-2099686f73749a2069732074686520686f7374206e616d652063616e6f6e6963616c697a
-6174696f6e206c6f6f6b75702e>-.2 F<546875732c207468652073796e7461783a>102
-637.4 Q<2428686f7374>142 653.6 Q F3<686f73746e616d65>2.5 E F1<2429>A
-<69732065717569>102 669.8 Q -.25<7661>-.25 G<6c656e7420746f3a>.25 E .32
-LW 76 679.4 72 679.4 DL 80 679.4 76 679.4 DL 84 679.4 80 679.4 DL 88
-679.4 84 679.4 DL 92 679.4 88 679.4 DL 96 679.4 92 679.4 DL 100 679.4 96
-679.4 DL 104 679.4 100 679.4 DL 108 679.4 104 679.4 DL 112 679.4 108
-679.4 DL 116 679.4 112 679.4 DL 120 679.4 116 679.4 DL 124 679.4 120
-679.4 DL 128 679.4 124 679.4 DL 132 679.4 128 679.4 DL 136 679.4 132
-679.4 DL 140 679.4 136 679.4 DL 144 679.4 140 679.4 DL 148 679.4 144
-679.4 DL 152 679.4 148 679.4 DL 156 679.4 152 679.4 DL 160 679.4 156
-679.4 DL 164 679.4 160 679.4 DL 168 679.4 164 679.4 DL 172 679.4 168
-679.4 DL 176 679.4 172 679.4 DL 180 679.4 176 679.4 DL 184 679.4 180
-679.4 DL 188 679.4 184 679.4 DL 192 679.4 188 679.4 DL 196 679.4 192
-679.4 DL 200 679.4 196 679.4 DL 204 679.4 200 679.4 DL 208 679.4 204
-679.4 DL 212 679.4 208 679.4 DL 216 679.4 212 679.4 DL/F5 5
-/Times-Roman@0 SF<3232>93.6 689.8 Q/F6 8/Times-Roman@0 SF .214
-<416e64206f6620636f757273652c2076>3.2 J .214<656e646f72732061726520656e
-636f75726167656420746f20616464207468656d73656c76>-.12 F .214
-<657320746f20746865206c697374206f66207265636f676e697a65642076>-.12 F
-.214<656e646f72732062792065646974696e672074686520726f7574696e65>-.12 F
-/F7 8/Times-Italic@0 SF<73657476656e646f72>2.214 E F6<696e>2.214 E F7
-<636f6e66>72 702.6 Q<2e63>-.12 E F6 4<2e50>C<6c656173652073656e6420652d
-6d61696c20746f2073656e646d61696c4053656e646d61696c2e4f524720746f207265>
--4 E<67697374657220796f75722076>-.12 E<656e646f72206469616c6563742e>-.12
-E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-81)195.86 E/F1 10/Times-Italic@0 SF(ne)174 96 Q(ver)-.15 E/F2 10
+/Times-Roman@0 SF 1.269(be set in the con\214guration \214le; it is int\
+ended for command line use only)3.77 F(.)-.65 E .435
+(Note that the use of option)174 108 R F0 -1(Ve)2.935 G(rbose)1 E F2
+.435(can cause authentication information to leak,)2.935 F .015
+(if you use a sendmail client to authenticate to a serv)174 120 R(er)
+-.15 E 5.015(.I)-.55 G 2.515(ft)-5.015 G .015(he authentication mech-)
+-2.515 F .935(anism uses plain te)174 132 R .936(xt passw)-.15 F .936
+(ords \(as with LOGIN or PLAIN\), then the passw)-.1 F(ord)-.1 E 1.418
+(could be compromised.)174 144 R 3.017 -.8(To a)6.418 H -.2(vo).6 G
+1.417(id this, do not install sendmail set-user).2 F 1.417(-ID root,)-.2
+F(and disable the)174 156 Q F0(VERB)2.5 E F2
+(SMTP command with a suitable)2.5 E F0(Pri)2.5 E -.1(va)-.1 G(cyOptions)
+.1 E F2(setting.)2.5 E(XscriptFileBuf)102 172.2 Q(ferSize=)-.25 E F1
+(thr)A(eshold)-.37 E F2 1.1([no short name] Set the)174 184.2 R F1(thr)
+3.601 E(eshold)-.37 E F2 3.601(,i)C 3.601(nb)-3.601 G 1.101
+(ytes, before a memory-based queue tran-)-3.601 F
+(script \214le becomes disk-based.)174 196.2 Q(The def)5 E
+(ault is 4096 bytes.)-.1 E .109(All options can be speci\214ed on the c\
+ommand line using the \255O or \255o \215ag, b)102 212.4 R .108
+(ut most will cause)-.2 F F1(send-)2.608 E(mail)102 224.4 Q F2 .663
+(to relinquish its set-user)3.163 F .663(-ID permissions.)-.2 F .664
+(The options that will not cause this are Se)5.663 F -.15(ve)-.25 G
+(nBitIn-).15 E 1.319
+(put [7], EightBitMode [8], MinFreeBlocks [b], CheckpointInterv)102
+236.4 R 1.319(al [C], Deli)-.25 F -.15(ve)-.25 G 1.319
+(ryMode [d], Error).15 F(-)-.2 E .042
+(Mode [e], IgnoreDots [i], SendMimeErrors [j], LogLe)102 248.4 R -.15
+(ve)-.25 G 2.543(l[).15 G .043(L], MeT)-2.543 F .043
+(oo [m], OldStyleHeaders [o], Pri-)-.8 F -.25(va)102 260.4 S -.15(cy).25
+G .303(Options [p], SuperSafe [s], V).15 F .302
+(erbose [v], QueueSortOrder)-1.11 F 2.802(,M)-.4 G .302(inQueueAge, Def)
+-2.802 F .302(aultCharSet, Dial)-.1 F(Delay)102 272.4 Q 7.312(,N)-.65 G
+4.812(oRecipientAction, ColonOkInAddr)-7.312 F 7.312(,M)-.4 G 4.812
+(axQueueRunSize, SingleLineFromHeader)-7.312 F 7.312(,a)-.4 G(nd)-7.312
+E(Allo)102 284.4 Q 3.921(wBogusHELO. Actually)-.25 F 3.921(,P)-.65 G(ri)
+-3.921 E -.25(va)-.25 G -.15(cy).25 G 1.421(Options [p] gi).15 F -.15
+(ve)-.25 G 3.921(no).15 G 3.921(nt)-3.921 G 1.421
+(he command line are added to those)-3.921 F 1.697
+(already speci\214ed in the)102 296.4 R F1(sendmail.cf)4.197 E F2 1.697
+(\214le, i.e., the)4.197 F 4.197(yc)-.15 G(an')-4.197 E 4.197(tb)-.18 G
+4.197(er)-4.197 G 4.198(eset. Also,)-4.197 F 4.198(M\()4.198 G 1.698
+(de\214ne macro\) when)-4.198 F
+(de\214ning the r or s macros is also considered \231safe\232.)102 308.4
+Q F0 2.5(5.7. P)87 332.4 R 2.5<8a50>2.5 G -.18(re)-2.5 G
+(cedence De\214nitions).18 E F2 -1.11(Va)127 348.6 S .164
+(lues for the \231Precedence:\232 \214eld may be de\214ned using the)
+1.11 F F0(P)2.664 E F2 .164(control line.)2.664 F .163
+(The syntax of this)5.163 F(\214eld is:)102 360.6 Q F0(P)142 376.8 Q F1
+(name)A F0(=)A F1(num)A F2 .383(When the)102 393 R F1(name)2.883 E F2
+.384
+(is found in a \231Precedence:\232 \214eld, the message class is set to)
+2.883 F F1(num)2.884 E F2 5.384(.H)C .384(igher numbers)-5.384 F .85
+(mean higher precedence.)102 405 R .85(Numbers less than zero ha)5.85 F
+1.15 -.15(ve t)-.2 H .85(he special property that if an error occurs).15
+F 1.551(during processing the body of the message will not be returned;\
+ this is e)102 417 R 1.552(xpected to be used for)-.15 F<9962>102 429 Q
+.462(ulk\232 mail such as through mailing lists.)-.2 F .461(The def)
+5.461 F .461(ault precedence is zero.)-.1 F -.15(Fo)5.461 G 2.961(re).15
+G .461(xample, our list of)-3.111 F(precedences is:)102 441 Q
+(P\214rst-class=0)142 457.2 Q(Pspecial-deli)142 469.2 Q -.15(ve)-.25 G
+(ry=100).15 E(Plist=\25530)142 481.2 Q(Pb)142 493.2 Q(ulk=\25560)-.2 E
+(Pjunk=\255100)142 505.2 Q 1.058(People writing mailing list e)102 521.4
+R 1.058(xploders are encouraged to use \231Precedence: list\232.)-.15 F
+1.059(Older v)6.059 F 1.059(ersions of)-.15 F F1(sendmail)102 533.4 Q F2
+1.19(\(which discarded all error returns for ne)3.69 F -.05(ga)-.15 G
+(ti).05 E 1.49 -.15(ve p)-.25 H 1.19(recedences\) didn').15 F 3.69(tr)
+-.18 G 1.19(ecognize this name,)-3.69 F(gi)102 545.4 Q .598
+(ving it a def)-.25 F .598(ault precedence of zero.)-.1 F .598
+(This allo)5.598 F .598
+(ws list maintainers to see error returns on both old)-.25 F(and ne)102
+557.4 Q 2.5(wv)-.25 G(ersions of)-2.65 E F1(sendmail)2.5 E F2(.)A F0 2.5
+(5.8. V)87 581.4 R 2.5<8a43>2.5 G(on\214guration V)-2.5 E(ersion Le)-1 E
+-.1(ve)-.15 G(l).1 E F2 3.182 -.8(To p)127 597.6 T(ro).8 E 1.582
+(vide compatibility with old con\214guration \214les, the)-.15 F F0(V)
+4.081 E F2 1.581(line has been added to de\214ne)4.081 F 1.11(some v)102
+609.6 R 1.11(ery basic semantics of the con\214guration \214le.)-.15 F
+1.11(These are not intended to be long term sup-)6.11 F .034
+(ports; rather)102 621.6 R 2.533(,t)-.4 G(he)-2.533 E 2.533(yd)-.15 G
+.033(escribe compatibility features which will probably be remo)-2.533 F
+-.15(ve)-.15 G 2.533(di).15 G 2.533(nf)-2.533 G .033(uture releases.)
+-2.533 F F0(N.B.:)127 637.8 Q F2 .196(these v)2.696 F(ersion)-.15 E F1
+(le)2.696 E(vels)-.15 E F2(ha)2.696 E .496 -.15(ve n)-.2 H .196
+(othing to do with the v).15 F(ersion)-.15 E F1(number)2.696 E F2 .197
+(on the \214les.)2.696 F -.15(Fo)5.197 G 2.697(re).15 G(xam-)-2.847 E
+(ple, as of this writing v)102 649.8 Q
+(ersion 10 con\214g \214les \(speci\214cally)-.15 E 2.5(,8)-.65 G
+(.10\) used v)-2.5 E(ersion le)-.15 E -.15(ve)-.25 G 2.5(l9c).15 G
+(on\214gurations.)-2.5 E 1.102
+(\231Old\232 con\214guration \214les are de\214ned as v)127 666 R 1.102
+(ersion le)-.15 F -.15(ve)-.25 G 3.602(lo).15 G 3.602(ne. V)-3.602 F
+1.102(ersion le)-1.11 F -.15(ve)-.25 G 3.602(lt).15 G 1.302 -.1(wo \214)
+-3.602 H 1.102(les mak).1 F 3.602(et)-.1 G(he)-3.602 E(follo)102 678 Q
+(wing changes:)-.25 E 12.5(\(1\) Host)107 694.2 R .727(name canoni\214c\
+ation \($[ ... $]\) appends a dot if the name is recognized; this gi)
+3.226 F -.15(ve)-.25 G 3.227(st).15 G(he)-3.227 E 1.975
+(con\214g \214le a w)133.66 706.2 R 1.974(ay of \214nding out if an)-.1
+F 1.974(ything matched.)-.15 F(\(Actually)6.974 E 4.474(,t)-.65 G 1.974
+(his just initializes the)-4.474 F .738
+(\231host\232 map with the \231\255a.)133.66 718.2 R 5.739<9a8d>-.7 G
+.739(ag \212 you can reset it to an)-5.739 F .739
+(ything you prefer by declaring the)-.15 F 0 Cg EP
%%Page: 82 78
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d38322053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<245b>142 96 Q/F2 10/Times-Italic@0 SF
-<686f73746e616d65>A F1<245d>A<546865726520617265206d616e>127 116.4 Q 2.5
-<7964>-.15 G<658c6e656420636c61737365732e>-2.5 E 51.72
-<64626d204461746162617365>102 132.6 R 1.623
-<6c6f6f6b757073207573696e6720746865206e64626d283329206c696272617279>
-4.123 F<2e>-.65 E F2<53656e646d61696c>6.623 E F1 1.623
-<6d75737420626520636f6d70696c65642077697468>4.123 F F0<4e44424d>174
-144.6 Q F1<64658c6e65642e>2.5 E 49.51<6274726565204461746162617365>102
-160.8 R .678
-<6c6f6f6b757073207573696e672074686520627472656520696e74657266>3.178 F
-.677<61636520746f20746865204265726b>-.1 F<656c65>-.1 E 3.177<7944>-.15 G
-3.177<426c>-3.177 G<696272617279>-3.177 E<2e>-.65 E F2<53656e646d61696c>
-5.677 E F1<6d75737420626520636f6d70696c65642077697468>174 172.8 Q F0
-<4e45574442>2.5 E F1<64658c6e65642e>2.5 E 51.17
-<68617368204461746162617365>102 189 R .828
-<6c6f6f6b757073207573696e6720746865206861736820696e74657266>3.328 F .828
-<61636520746f20746865204265726b>-.1 F<656c65>-.1 E 3.328<7944>-.15 G
-3.329<426c>-3.328 G<696272617279>-3.329 E<2e>-.65 E F2<53656e646d61696c>
-5.829 E F1<6d75737420626520636f6d70696c65642077697468>174 201 Q F0
-<4e45574442>2.5 E F1<64658c6e65642e>2.5 E 57.83<6e6973204e4953>102 217.2
-R<6c6f6f6b7570732e>2.5 E F2<53656e646d61696c>5 E F1
-<6d75737420626520636f6d70696c65642077697468>2.5 E F0<4e4953>2.5 E F1
-<64658c6e65642e>2.5 E 41.16<6e6973706c7573204e49532b>102 233.4 R
-<6c6f6f6b7570732e>3.733 E F2<53656e646d61696c>6.233 E F1 1.233
-<6d75737420626520636f6d70696c65642077697468>3.733 F F0<4e4953504c5553>
-3.733 E F1 3.733<64658c6e65642e20546865>3.733 F<6172>3.733 E<67752d>-.18
-E .495<6d656e7420697320746865206e616d65206f6620746865207461626c6520746f
-2075736520666f72206c6f6f6b7570732c20616e6420746865>174 245.4 R F0<ad6b>
-2.995 E F1<616e64>2.995 E F0<ad76>2.995 E F1 .495
-<8d616773206d6179206265>2.995 F<7573656420746f2073657420746865206b>174
-257.4 Q .3 -.15<65792061>-.1 H<6e642076>.15 E
-<616c756520636f6c756d6e73207265737065637469>-.25 E -.15<7665>-.25 G
-<6c79>.15 E<2e>-.65 E 43.39<686573696f6420486573696f64>102 273.6 R
-<6c6f6f6b7570732e>2.5 E F2<53656e646d61696c>5 E F1
-<6d75737420626520636f6d70696c65642077697468>2.5 E F0<484553494f44>2.5 E
-F1<64658c6e65642e>2.5 E 52.28<6c646170204c44>102 289.8 R 1.784
-<41502058353030206469726563746f7279206c6f6f6b7570732e>-.4 F F2
-<53656e646d61696c>6.783 E F1 1.783
-<6d75737420626520636f6d70696c65642077697468>4.283 F F0<4c44>4.283 E
-<41504d4150>-.35 E F1 2.965<64658c6e65642e20546865>174 301.8 R .465<6d61
-7020737570706f727473206d6f7374206f6620746865207374616e64617264206172>
-2.965 F .466<67756d656e747320616e64206d6f7374206f662074686520636f6d2d>
--.18 F .3<6d616e64206c696e65206172>174 313.8 R .3
-<67756d656e7473206f6620746865>-.18 F F2<6c64617073656172>2.8 E -.15
-<6368>-.37 G F1 2.8<70726f6772616d2e204e6f7465>2.95 F .3
-<746861742c20627920646566>2.8 F .3<61756c742c20696620612073696e676c65>
--.1 F .628<7175657279206d617463686573206d756c7469706c652076>174 325.8 R
-.628<616c7565732c206f6e6c7920746865208c7273742076>-.25 F .629
-<616c75652077696c6c2062652072657475726e656420756e6c65737320746865>-.25 F
-F0<ad7a>3.129 E F1<2876>174 337.8 Q .249
-<616c756520736570617261746f7229206d6170208d6167206973207365742e>-.25 F
-.249<416c736f2c20746865>5.249 F F0<ad31>2.749 E F1 .248
-<6d6170208d61672077696c6c2074726561742061206d756c7469706c652076>2.749 F
-<616c7565>-.25 E
-<72657475726e2061732069662074686572652077657265206e6f206d6174636865732e>
-174 349.8 Q 41.17<6e6574696e666f204e655854>102 366 R
-<4e6574496e666f206c6f6f6b7570732e>2.5 E F2<53656e646d61696c>5 E F1
-<6d75737420626520636f6d70696c65642077697468>2.5 E F0<4e4554494e464f>2.5
-E F1<64658c6e65642e>2.5 E<7465>102 382.2 Q 54.65<78742054>-.15 F -.15
-<6578>-.7 G 2.917<748c>.15 G .417<6c65206c6f6f6b7570732e>-2.917 F .417
-<54686520666f726d6174206f6620746865207465>5.417 F .418
-<7874208c6c652069732064658c6e656420627920746865>-.15 F F0<ad6b>2.918 E
-F1<286b>2.918 E .718 -.15<6579208c>-.1 H .418<656c64206e756d2d>.15 F
-<626572292c>174 394.2 Q F0<ad76>2.5 E F1<2876>2.5 E
-<616c7565208c656c64206e756d626572292c20616e64>-.25 E F0<ad7a>2.5 E F1
-<288c656c642064656c696d6974657229208d6167732e>2.5 E 59.5<7068205048>102
-410.4 R 1.394<7175657279206d61702e>3.894 F<436f6e74726962>6.394 E 1.394<
-7574656420616e6420737570706f72746564206279204d61726b20526f74682c20726f74
-6840756975632e6564752e>-.2 F -.15<466f>6.394 G<72>.15 E .017<6d6f726520
-696e666f726d6174696f6e2c20636f6e73756c7420746865207765622073697465209968
-7474703a2f2f7777772d6465>174 422.4 R -.65<762e>-.25 G
-<63697465732e756975632e6564752f73656e646d61696c2f9a2e>.65 E 55.61
-<6e7364206e7364>102 438.6 R 1.599
-<6d617020666f72204952495820362e3520616e64206c61746572>4.1 F 6.599<2e43>
--.55 G<6f6e74726962>-6.599 E 1.599
-<7574656420616e6420737570706f7274656420627920426f62204d656e6465206f66>
--.2 F<5347492c206d656e6465407367692e636f6d2e>174 450.6 Q 53.39
-<7374616220496e7465726e616c>102 466.8 R
-<73796d626f6c207461626c65206c6f6f6b7570732e>2.5 E
-<5573656420696e7465726e616c6c7920666f7220616c696173696e672e>5 E 38.38
-<696d706c69636974205265616c6c79>102 483 R .546<73686f756c64206265206361
-6c6c65642099616c6961739a208a2074686973206973207573656420746f206765742074
-686520646566>3.046 F .546<61756c74206c6f6f6b75707320666f7220616c696173>
--.1 F<8c6c65732c20616e642069732074686520646566>174 495 Q<61756c74206966
-206e6f20636c6173732069732073706563698c656420666f7220616c696173208c6c6573
-2e>-.1 E 52.84<75736572204c6f6f6b73>102 511.2 R .477
-<7570207573657273207573696e67>2.977 F F2 -.1<6765>2.977 G<7470776e616d>
-.1 E F1 2.977<2833292e20546865>B F0<ad76>2.977 E F1 .476
-<8d61672063616e206265207573656420746f207370656369667920746865206e616d65>
-2.976 F .142<6f6620746865208c656c6420746f2072657475726e2028616c74686f75
-67682074686973206973206e6f726d616c6c792075736564206f6e6c7920746f20636865
-636b207468652065>174 523.2 R .142<78697374656e6365206f66>-.15 F 2.5
-<6175>174 535.2 S<736572292e>-2.5 E 52.83<686f73742043616e6f6e698c6573>
-102 551.4 R .2<686f737420646f6d61696e206e616d65732e>2.7 F<4769>5.2 E
--.15<7665>-.25 G 2.7<6e6168>.15 G .2
-<6f7374206e616d652069742063616c6c7320746865206e616d652073657276>-2.7 F
-.2<657220746f208c6e64>-.15 F
-<7468652063616e6f6e6963616c206e616d6520666f72207468617420686f73742e>174
-563.4 Q 40.61<626573746d782052657475726e73>102 579.6 R 2.478<7468652062
-657374204d58207265636f726420666f72206120686f7374206e616d65206769>4.978 F
--.15<7665>-.25 G 4.979<6e61>.15 G 4.979<7374>-4.979 G 2.479<6865206b>
--4.979 F -.15<6579>-.1 G 7.479<2e54>-.5 G 2.479<68652063757272656e74>
--7.479 F .722<6d616368696e6520697320616c>174 591.6 R -.1<7761>-.1 G .721
-<797320707265666572726564208a20746861742069732c206966207468652063757272
-656e74206d616368696e65206973206f6e65206f662074686520686f737473>.1 F .218
-<6c69737465642061732061206c6f>174 603.6 R .219<776573742d70726566657265
-6e6365204d58207265636f72642c207468656e2069742077696c6c206265206775617261
-6e7465656420746f2062652072657475726e65642e>-.25 F .961<546869732063616e
-206265207573656420746f208c6e64206f75742069662074686973206d616368696e6520
-69732074686520746172>174 615.6 R .961
-<67657420666f7220616e204d58207265636f72642c20616e64>-.18 F .313
-<6d61696c2063616e206265206163636570746564206f6e20746861742062617369732e>
-174 627.6 R .313<496620746865>5.313 F F0<ad7a>2.813 E F1 .313
-<8d6167206973206769>2.813 F -.15<7665>-.25 G .313
-<6e2c207468656e20616c6c204d58206e616d657320617265>.15 F
-<72657475726e65642c2073657061726174656420627920746865206769>174 639.6 Q
--.15<7665>-.25 G 2.5<6e64>.15 G<656c696d69746572>-2.5 E<2e>-.55 E 55.61
-<646e732054686973>102 655.8 R 2.248<6d617020726571756972657320746865206f
-7074696f6e202d5220746f20737065636966792074686520444e53207265736f75726365
-207265636f7264207479706520746f>4.748 F 1.229
-<6c6f6f6b75702e2054686520666f6c6c6f>174 667.8 R 1.229<77696e672074797065
-732061726520737570706f727465643a20412c20414141412c2041465344422c20434e>
--.25 F 1.229<414d452c204d582c>-.35 F .662<4e532c205054522c205352>174
-679.8 R 3.242 -1.29<562c2061>-.8 H .662<6e6420545854>1.29 F 5.662<2e41>
--.74 G .661<6d6170206c6f6f6b75702077696c6c2072657475726e206f6e6c79206f6e
-65207265636f72642e>-2.5 F .661<48656e636520666f72>5.661 F .558<736f6d65
-2074797065732c20652e672e2c204d58207265636f7264732c207468652072657475726e
-2076>174 691.8 R .558<616c7565206d6967687420626520612072616e646f6d20656c
-656d656e74206f6620746865>-.25 F<6c6973742064756520746f2072616e646f6d697a
-696e6720696e2074686520444e53207265736f6c76>174 703.8 Q<6572>-.15 E<2e>
--.55 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-82 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF(map e)
+133.66 96 Q(xplicitly)-.15 E(.\))-.65 E 12.5(\(2\) Def)107 112.2 R .385
+(ault host name e)-.1 F .385
+(xtension is consistent throughout processing; v)-.15 F .384(ersion le)
+-.15 F -.15(ve)-.25 G 2.884(lo).15 G .384(ne con\214gu-)-2.884 F .83
+(rations turned of)133.66 124.2 R 3.33(fd)-.25 G .83(omain e)-3.33 F .83
+(xtension \(that is, adding the local domain name\) during certain)-.15
+F .4(points in processing.)133.66 136.2 R -1.11(Ve)5.4 G .4(rsion le)
+1.11 F -.15(ve)-.25 G 2.9(lt).15 G .6 -.1(wo c)-2.9 H .4
+(on\214gurations are e).1 F .4(xpected to include a trailing dot)-.15 F
+(to indicate that the name is already canonical.)133.66 148.2 Q 12.5
+(\(3\) Local)107 164.4 R .072
+(names that are not aliases are passed through a ne)2.572 F 2.572(wd)
+-.25 G .072(istinguished ruleset \214v)-2.572 F .072(e; this can)-.15 F
+.14(be used to append a local relay)133.66 176.4 R 5.139(.T)-.65 G .139
+(his beha)-5.139 F .139(vior can be pre)-.2 F -.15(ve)-.25 G .139
+(nted by resolving the local name).15 F .993(with an initial `@'.)133.66
+188.4 R .993(That is, something that resolv)5.993 F .993
+(es to a local mailer and a user name of)-.15 F .602
+(\231vikki\232 will be passed through ruleset \214v)133.66 200.4 R .601
+(e, b)-.15 F .601(ut a user name of \231@vikki\232 will ha)-.2 F .901
+-.15(ve t)-.2 H .601(he `@').15 F .919
+(stripped, will not be passed through ruleset \214v)133.66 212.4 R .919
+(e, b)-.15 F .92(ut will otherwise be treated the same as)-.2 F .63
+(the prior e)133.66 224.4 R 3.13(xample. The)-.15 F -.15(ex)3.13 G .629
+(pectation is that this might be used to implement a polic).15 F 3.129
+(yw)-.15 G(here)-3.129 E .734(mail sent to \231vikki\232 w)133.66 236.4
+R .734(as handled by a central hub, b)-.1 F .734
+(ut mail sent to \231vikki@localhost\232 w)-.2 F(as)-.1 E(deli)133.66
+248.4 Q -.15(ve)-.25 G(red directly).15 E(.)-.65 E -1.11(Ve)127 264.6 S
+1.383(rsion le)1.11 F -.15(ve)-.25 G 3.883(lt).15 G 1.383
+(hree \214les allo)-3.883 F 3.882(w#i)-.25 G 1.382
+(nitiated comments on all lines.)-3.882 F 1.382
+(Exceptions are backslash)6.382 F(escaped # marks and the $# syntax.)102
+276.6 Q -1.11(Ve)127 292.8 S 1.207(rsion le)1.11 F -.15(ve)-.25 G 3.707
+(lf).15 G 1.207(our con\214gurations are completely equi)-3.707 F -.25
+(va)-.25 G 1.208(lent to le).25 F -.15(ve)-.25 G 3.708(lt).15 G 1.208
+(hree for historical rea-)-3.708 F(sons.)102 304.8 Q -1.11(Ve)127 321 S
+1.234(rsion le)1.11 F -.15(ve)-.25 G 3.734<6c8c>.15 G 1.534 -.15(ve c)
+-3.734 H 1.234(on\214guration \214les change the def).15 F 1.234
+(ault de\214nition of)-.1 F F0($w)3.734 E F1 1.234
+(to be just the \214rst)3.734 F(component of the hostname.)102 333 Q
+-1.11(Ve)127 349.2 S 1.588(rsion le)1.11 F -.15(ve)-.25 G 4.088(ls).15 G
+1.588(ix con\214guration \214les change man)-4.088 F 4.088(yo)-.15 G
+4.089(ft)-4.088 G 1.589(he local processing options \(such as)-4.089 F
+.481(aliasing and matching the be)102 361.2 R .481(ginning of the addre\
+ss for `|' characters\) to be mailer \215ags; this allo)-.15 F(ws)-.25 E
+1.344(\214ne-grained control o)102 373.2 R -.15(ve)-.15 G 3.844(rt).15 G
+1.344(he special local processing.)-3.844 F(Le)6.345 E -.15(ve)-.25 G
+3.845(ls).15 G 1.345(ix con\214guration \214les may also use)-3.845 F
+1.222(long option names.)102 385.2 R(The)6.222 E F0(ColonOkInAddr)3.722
+E F1 1.222(option \(to allo)3.722 F 3.721(wc)-.25 G 1.221
+(olons in the local-part of addresses\))-3.721 F(def)102 397.2 Q(aults)
+-.1 E F0(on)3.44 E F1 .94(for lo)3.44 F .94(wer numbered con\214guratio\
+n \214les; the con\214guration \214le requires some additional)-.25 F
+(intelligence to properly handle the RFC 822 group construct.)102 409.2
+Q -1.11(Ve)127 425.4 S 1.97(rsion le)1.11 F -.15(ve)-.25 G 4.47(ls).15 G
+-2.15 -.25(ev e)-4.47 H 4.47(nc).25 G 1.97
+(on\214guration \214les used ne)-4.47 F 4.47(wo)-.25 G 1.97
+(ption names to replace old macros \()-4.47 F F0($e)A F1(became)102
+437.4 Q F0(SmtpGr)5.547 E(eetingMessage)-.18 E F1(,)A F0($l)5.547 E F1
+(became)5.547 E F0(UnixFr)5.547 E(omLine)-.18 E F1 5.548(,a)C(nd)-5.548
+E F0($o)5.548 E F1(became)5.548 E F0(OperatorChars)5.548 E F1(.)A .087
+(Also, prior to v)102 449.4 R .087(ersion se)-.15 F -.15(ve)-.25 G .087
+(n, the).15 F F0(F=q)2.587 E F1 .087
+(\215ag \(use 250 instead of 252 return v)2.587 F .086(alue for)-.25 F
+/F2 9/Times-Roman@0 SF .086(SMTP VRFY)2.586 F F1(com-)2.586 E(mands\) w)
+102 461.4 Q(as assumed.)-.1 E -1.11(Ve)127 477.6 S(rsion le)1.11 E -.15
+(ve)-.25 G 2.5(le).15 G(ight con\214guration \214les allo)-2.5 E(w)-.25
+E F0($#)2.5 E F1(on the left hand side of ruleset lines.)2.5 E -1.11(Ve)
+127 493.8 S .422(rsion le)1.11 F -.15(ve)-.25 G 2.922(ln).15 G .423
+(ine con\214guration \214les allo)-2.922 F 2.923(wp)-.25 G .423
+(arentheses in rulesets, i.e. the)-2.923 F 2.923(ya)-.15 G .423
+(re not treated as)-2.923 F(comments and hence remo)102 505.8 Q -.15(ve)
+-.15 G(d.).15 E -1.11(Ve)127 522 S(rsion le)1.11 E -.15(ve)-.25 G 2.5
+(lt).15 G(en con\214guration \214les allo)-2.5 E 2.5(wq)-.25 G
+(ueue group de\214nitions.)-2.5 E(The)127 538.2 Q F0(V)2.678 E F1 .178
+(line may ha)2.678 F .478 -.15(ve a)-.2 H 2.677(no).15 G(ptional)-2.677
+E F0(/)2.677 E/F3 10/Times-Italic@0 SF(vendor)A F1 .177
+(to indicate that this con\214guration \214le uses modi\214ca-)2.677 F
+.866(tions speci\214c to a particular v)102 552.2 R(endor)-.15 E/F4 7
+/Times-Roman@0 SF(22)-4 I F1 5.866(.Y)4 K .866(ou may use \231/Berk)
+-6.966 F(ele)-.1 E .865(y\232 to emphasize that this con\214gura-)-.15 F
+(tion \214le uses the Berk)102 564.2 Q(ele)-.1 E 2.5(yd)-.15 G
+(ialect of)-2.5 E F3(sendmail)2.5 E F1(.)A F0 2.5(5.9. K)87 588.2 R 2.5
+<8a4b>2.5 G(ey File Declaration)-2.75 E F1
+(Special maps can be de\214ned using the line:)127 604.4 Q
+(Kmapname mapclass ar)142 620.6 Q(guments)-.18 E(The)102 636.8 Q F3
+(mapname)2.75 E F1 .251
+(is the handle by which this map is referenced in the re)2.75 F .251
+(writing rules.)-.25 F(The)5.251 E F3(mapclass)2.751 E F1(is)2.751 E
+1.889(the name of a type of map; these are compiled in to)102 648.8 R F3
+(sendmail)4.389 E F1 6.888(.T)C(he)-6.888 E F3(ar)4.388 E(guments)-.37 E
+F1 1.888(are interpreted)4.388 F .79(depending on the class; typically)
+102 660.8 R 3.29(,t)-.65 G .791(here w)-3.29 F .791(ould be a single ar)
+-.1 F .791(gument naming the \214le containing the)-.18 F .32 LW 76
+670.4 72 670.4 DL 80 670.4 76 670.4 DL 84 670.4 80 670.4 DL 88 670.4 84
+670.4 DL 92 670.4 88 670.4 DL 96 670.4 92 670.4 DL 100 670.4 96 670.4 DL
+104 670.4 100 670.4 DL 108 670.4 104 670.4 DL 112 670.4 108 670.4 DL 116
+670.4 112 670.4 DL 120 670.4 116 670.4 DL 124 670.4 120 670.4 DL 128
+670.4 124 670.4 DL 132 670.4 128 670.4 DL 136 670.4 132 670.4 DL 140
+670.4 136 670.4 DL 144 670.4 140 670.4 DL 148 670.4 144 670.4 DL 152
+670.4 148 670.4 DL 156 670.4 152 670.4 DL 160 670.4 156 670.4 DL 164
+670.4 160 670.4 DL 168 670.4 164 670.4 DL 172 670.4 168 670.4 DL 176
+670.4 172 670.4 DL 180 670.4 176 670.4 DL 184 670.4 180 670.4 DL 188
+670.4 184 670.4 DL 192 670.4 188 670.4 DL 196 670.4 192 670.4 DL 200
+670.4 196 670.4 DL 204 670.4 200 670.4 DL 208 670.4 204 670.4 DL 212
+670.4 208 670.4 DL 216 670.4 212 670.4 DL/F5 5/Times-Roman@0 SF(22)93.6
+680.8 Q/F6 8/Times-Roman@0 SF .214(And of course, v)3.2 J .214
+(endors are encouraged to add themselv)-.12 F .214
+(es to the list of recognized v)-.12 F .214
+(endors by editing the routine)-.12 F/F7 8/Times-Italic@0 SF(setvendor)
+2.214 E F6(in)2.214 E F7(conf)72 693.6 Q(.c)-.12 E F6 4(.P)C
+(lease send e-mail to sendmail@Sendmail.ORG to re)-4 E(gister your v)
+-.12 E(endor dialect.)-.12 E 0 Cg EP
%%Page: 83 79
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3833>195.86 E
-/F1 10/Times-Roman@0 SF 52.29<617270612052657475726e73>102 96 R .724
-<7468652060>3.224 F<607265>-.74 E -.15<7665>-.25 G<72736527>.15 E 3.224
-<2766>-.74 G .724<6f7220746865206769>-3.224 F -.15<7665>-.25 G 3.224
-<6e49>.15 G 3.224<5028>-3.224 G .723<49507634206f7220495076362920616464
-726573732c20692e652e2c2074686520737472696e6720666f72>-3.224 F .431
-<74686520505452206c6f6f6b75702c2062>174 108 R .431
-<757420776974686f757420747261696c696e67>-.2 F F0<6970362e6172>2.931 E
-<7061>-.1 E F1<6f72>2.931 E F0<696e2d61646472>2.931 E<2e6172>-1 E<7061>
--.1 E F1 5.431<2e46>C .431<6f722065>-5.581 F .431
-<78616d706c652c20746865>-.15 F<666f6c6c6f>174 120 Q
-<77696e6720636f6e8c6775726174696f6e206c696e65733a>-.25 E
-<4b617270612061727061>214 136.2 Q<5341727061>214 148.2 Q 88.19
-<52242b20243a>214 160.2 R<242861727061202431202429>2.5 E -.1<776f>174
-176.4 S<726b206c696b>.1 E 2.5<6574>-.1 G
-<68697320696e2074657374206d6f64653a>-2.5 E<73656e646d61696c202d6274>214
-192.6 Q<414444524553532054455354204d4f4445202872756c657365742033204e4f>
-214 204.6 Q 2.5<5461>-.4 G<75746f6d61746963616c6c7920696e>-2.5 E -.2
-<766f>-.4 G -.1<6b65>.2 G<6429>.1 E
-<456e746572203c72756c657365743e203c616464726573733e>214 216.6 Q 2.5
-<3e41>214 228.6 S
-<72706120495076363a313a323a646561643a626565663a393837363a303a303a31>-2.5
-E 35<4172706120696e7075743a>214 240.6 R<49507636203a2031203a2032203a2064
-656164203a2062656566203a2039383736203a2030203a2030203a2031>2.5 E 30
-<417270612072657475726e733a>214 252.6 R 2.5<312e302e302e302e302e302e302e
-302e302e302e302e302e362e372e382e392e662e652e652e622e642e612e652e642e322e
-302e302e302e312e302e302e30>2.5 G 2.5<3e41>214 264.6 S
-<72706120312e322e332e34>-2.5 E 35<4172706120696e7075743a>214 276.6 R 2.5
-<312e322e332e34>2.5 G 30<417270612072657475726e733a>214 288.6 R 2.5
-<342e332e322e31>2.5 G 32.85<73657175656e636520546865>102 309 R<6172>3.35
-E .849<67756d656e7473206f6e2074686520604b27206c696e65206172652061206c69
-7374206f66206d6170733b2074686520726573756c74696e67206d617020736561726368
-657320746865>-.18 F<6172>174 321 Q .438<67756d656e74206d61707320696e206f
-7264657220756e74696c206974208c6e64732061206d6174636820666f72207468652069
-6e64696361746564206b>-.18 F -.15<6579>-.1 G 5.439<2e46>-.5 G .439
-<6f722065>-5.589 F<78616d706c652c>-.15 E<696620746865206b>174 333 Q .3
--.15<65792064>-.1 H<658c6e6974696f6e2069733a>.15 E<4b6d617031202e2e2e>
-214 349.2 Q<4b6d617032202e2e2e>214 361.2 Q
-<4b7365716d61702073657175656e6365206d617031206d617032>214 373.2 Q .968
-<7468656e2061206c6f6f6b7570206167>174 389.4 R .968<61696e73742099736571
-6d61709a208c72737420646f65732061206c6f6f6b757020696e206d6170312e>-.05 F
-.968<4966207468617420697320666f756e642c206974>5.968 F
-<72657475726e7320696d6d6564696174656c79>174 401.4 Q 5<2e4f>-.65 G
-<74686572776973652c207468652073616d65206b>-5 E .3 -.15<65792069>-.1 H
-2.5<7375>.15 G<73656420666f72206d6170322e>-2.5 E 43.94
-<7379736c6f6720746865>102 417.6 R -.1<6b65>2.5 G 2.5<7969>-.05 G 2.5
-<736c>-2.5 G<6f6767656420766961>-2.5 E/F2 10/Times-Italic@0 SF
-<7379736c6f>2.5 E<6764>-.1 E F1 2.5<2838292e20546865>1.666 F
-<6c6f6f6b75702072657475726e732074686520656d70747920737472696e672e>2.5 E
-43.39<737769746368204d756368>102 433.8 R<6c696b>2.8 E 2.8<6574>-.1 G .3
-<6865209973657175656e63659a206d61702065>-2.8 F .301<78636570742074686174
-20746865206f72646572206f66206d6170732069732064657465726d696e656420627920
-746865>-.15 F .392<73657276696365207377697463682e>174 445.8 R .392
-<546865206172>5.392 F .391<67756d656e7420697320746865206e616d65206f6620
-746865207365727669636520746f206265206c6f6f6b>-.18 F .391
-<65642075703b207468652076>-.1 F<616c2d>-.25 E 1.492<7565732066726f6d2074
-68652073657276696365207377697463682061726520617070656e64656420746f207468
-65206d6170206e616d6520746f20637265617465206e65>174 457.8 R 3.993<776d>
--.25 G<6170>-3.993 E 2.5<6e616d65732e2046>174 469.8 R<6f722065>-.15 E
-<78616d706c652c20636f6e736964657220746865206b>-.15 E .3 -.15<65792064>
--.1 H<658c6e6974696f6e3a>.15 E<4b616c692073776974636820616c6961736573>
-214 486 Q<746f6765746865722077697468207468652073657276696365207377697463
-6820656e7472793a>174 502.2 Q 78.84<616c6961736573206e6973>214 518.4 R
-<8c6c6573>2.5 E 1.633<54686973206361757365732061207175657279206167>174
-534.6 R 1.633<61696e737420746865206d61702099616c699a20746f20736561726368
-206d617073206e616d65642099616c692e6e69739a20616e64>-.05 F
-<99616c692e8c6c65739a20696e2074686174206f72646572>174 546.6 Q<2e>-.55 E
-37.84<646571756f7465205374726970>102 562.8 R .96
-<646f75626c652071756f746573202822292066726f6d2061206e616d652e>3.46 F
-.961<497420646f6573206e6f74207374726970206261636b736c61736865732c20616e
-642077696c6c206e6f74>5.961 F .173<73747269702071756f74657320696620746865
-20726573756c74696e6720737472696e672077>174 574.8 R .172<6f756c6420636f6e
-7461696e20756e7363616e6e61626c652073796e7461782028746861742069732c206261
-736963>-.1 F .386<6572726f7273206c696b>174 586.8 R 2.886<6575>-.1 G .386
-<6e62616c616e63656420616e676c6520627261636b>-2.886 F .386<6574733b206d6f
-726520736f7068697374696361746564206572726f7273207375636820617320756e6b6e
-6f>-.1 F<776e>-.25 E .252<686f73747320617265206e6f7420636865636b>174
-598.8 R 2.752<6564292e20546865>-.1 F .251<696e74656e7420697320666f722075
-7365207768656e20747279696e6720746f20616363657074206d61696c2066726f6d2073
-79732d>2.752 F<74656d732073756368206173204445436e6574207468617420726f75
-74696e656c792071756f7465206f64642073796e7461782073756368206173>174 610.8
-Q<2234396572733a3a7562656c6c22>214 627 Q 2.5<4174>174 643.2 S<7970696361
-6c2075736167652069732070726f6261626c7920736f6d657468696e67206c696b>-2.5
-E<653a>-.1 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-83)195.86 E/F1 10/Times-Roman@0 SF(map.)102 96 Q
+(Maps are referenced using the syntax:)127 112.2 Q($\()142 128.4 Q/F2 10
+/Times-Italic@0 SF(map k)2.5 E -.3(ey)-.1 G F1($@)2.8 E F2(ar)2.5 E
+(guments)-.37 E F1($:)2.5 E F2(default)2.5 E F1($\))2.5 E .641
+(where either or both of the)102 144.6 R F2(ar)3.141 E(guments)-.37 E F1
+(or)3.141 E F2(default)3.141 E F1 .64(portion may be omitted.)3.141 F
+(The)5.64 E F2 .64($@ ar)3.14 F(guments)-.37 E F1(may)3.14 E 1.276
+(appear more than once.)102 156.6 R 1.276(The indicated)6.276 F F2 -.1
+(ke)3.776 G(y)-.2 E F1(and)3.776 E F2(ar)3.776 E(guments)-.37 E F1 1.277
+(are passed to the appropriate mapping)3.777 F 3.253(function. If)102
+168.6 R .753(it returns a v)3.253 F .753(alue, it replaces the input.)
+-.25 F .753(If it does not return a v)5.753 F .753(alue and the)-.25 F
+F2(default)3.253 E F1(is)3.253 E(speci\214ed, the)102 180.6 Q F2
+(default)2.5 E F1(replaces the input.)2.5 E
+(Otherwise, the input is unchanged.)5 E(The)127 196.8 Q F2(ar)4.063 E
+(guments)-.37 E F1 1.563(are passed to the map for arbitrary use.)4.063
+F 1.564(Most map classes can interpolate)6.564 F .883(these ar)102 208.8
+R .883(guments into their v)-.18 F .883(alues using the syntax \231%)
+-.25 F F2(n)A F1 3.382<9a28>C(where)-3.382 E F2(n)3.382 E F1 .882
+(is a digit\) to indicate the corre-)3.382 F(sponding)102 220.8 Q F2(ar)
+2.5 E(gument)-.37 E F1 5(.A)C -.18(rg)-5 G
+(ument \231%0\232 indicates the database k).18 E -.15(ey)-.1 G 5(.F)-.5
+G(or e)-5.15 E(xample, the rule)-.15 E(R$\255 ! $+)142 237 Q
+($: $\(uucp $1 $@ $2 $: $2 @ $1 . UUCP $\))71.72 E 1.269(Looks up the U\
+UCP name in a \(user de\214ned\) UUCP map; if not found it turns it int\
+o \231.UUCP\232)102 253.2 R 2.5(form. The)102 265.2 R
+(database might contain records lik)2.5 E(e:)-.1 E(decv)142 281.4 Q
+77.43(ax %1@%0.DEC.COM)-.25 F 72.19(research %1@%0.A)142 293.4 R(TT)
+-1.11 E(.COM)-.74 E(Note that)102 309.6 Q F2(default)2.5 E F1
+(clauses ne)2.5 E -.15(ve)-.25 G 2.5(rd).15 G 2.5(ot)-2.5 G
+(his mapping.)-2.5 E .735(The b)127 325.8 R .735(uilt-in map with both \
+name and class \231host\232 is the host name canonicalization lookup.)
+-.2 F(Thus, the syntax:)102 337.8 Q($\(host)142 354 Q F2(hostname)2.5 E
+F1($\))A(is equi)102 370.2 Q -.25(va)-.25 G(lent to:).25 E($[)142 386.4
+Q F2(hostname)A F1($])A(There are man)127 406.8 Q 2.5(yd)-.15 G
+(e\214ned classes.)-2.5 E 55.06(cdb Database)102 423 R .087
+(lookups using the cdb\(3\) library)2.587 F(.)-.65 E F2(Sendmail)5.087 E
+F1 .088(must be compiled with)2.587 F F0(CDB)2.588 E F1(de\214ned.)174
+435 Q 51.72(dbm Database)102 451.2 R 1.623
+(lookups using the ndbm\(3\) library)4.123 F(.)-.65 E F2(Sendmail)6.623
+E F1 1.623(must be compiled with)4.123 F F0(NDBM)174 463.2 Q F1
+(de\214ned.)2.5 E 49.51(btree Database)102 479.4 R .677
+(lookups using the btree interf)3.177 F .677(ace to the Berk)-.1 F(ele)
+-.1 E 3.178(yD)-.15 G 3.178(Bl)-3.178 G(ibrary)-3.178 E(.)-.65 E F2
+(Sendmail)5.678 E F1(must be compiled with)174 491.4 Q F0(NEWDB)2.5 E F1
+(de\214ned.)2.5 E 51.17(hash Database)102 507.6 R .828
+(lookups using the hash interf)3.329 F .828(ace to the Berk)-.1 F(ele)
+-.1 E 3.328(yD)-.15 G 3.328(Bl)-3.328 G(ibrary)-3.328 E(.)-.65 E F2
+(Sendmail)5.828 E F1(must be compiled with)174 519.6 Q F0(NEWDB)2.5 E F1
+(de\214ned.)2.5 E 57.83(nis NIS)102 535.8 R(lookups.)2.5 E F2(Sendmail)5
+E F1(must be compiled with)2.5 E F0(NIS)2.5 E F1(de\214ned.)2.5 E 41.16
+(nisplus NIS+)102 552 R(lookups.)3.733 E F2(Sendmail)6.233 E F1 1.233
+(must be compiled with)3.733 F F0(NISPLUS)3.733 E F1 3.733
+(de\214ned. The)3.733 F(ar)3.733 E(gu-)-.18 E .495
+(ment is the name of the table to use for lookups, and the)174 564 R F0
+<ad6b>2.995 E F1(and)2.995 E F0<ad76>2.995 E F1 .495(\215ags may be)
+2.995 F(used to set the k)174 576 Q .3 -.15(ey a)-.1 H(nd v).15 E
+(alue columns respecti)-.25 E -.15(ve)-.25 G(ly).15 E(.)-.65 E 43.39
+(hesiod Hesiod)102 592.2 R(lookups.)2.5 E F2(Sendmail)5 E F1
+(must be compiled with)2.5 E F0(HESIOD)2.5 E F1(de\214ned.)2.5 E 52.28
+(ldap LD)102 608.4 R 1.783(AP X500 directory lookups.)-.4 F F2(Sendmail)
+6.783 E F1 1.784(must be compiled with)4.283 F F0(LD)4.284 E(APMAP)-.35
+E F1 2.966(de\214ned. The)174 620.4 R .466
+(map supports most of the standard ar)2.966 F .465
+(guments and most of the com-)-.18 F .3(mand line ar)174 632.4 R .3
+(guments of the)-.18 F F2(ldapsear)2.8 E -.15(ch)-.37 G F1 2.8
+(program. Note)2.95 F .3(that, by def)2.8 F .3(ault, if a single)-.1 F
+.629(query matches multiple v)174 644.4 R .629
+(alues, only the \214rst v)-.25 F .628(alue will be returned unless the)
+-.25 F F0<ad7a>3.128 E F1(\(v)174 656.4 Q 1.22
+(alue separator\) map option is set.)-.25 F 1.22(Also, the)6.22 F F0
+<ad31>3.72 E F1 1.22(map \215ag will treat a multiple)3.72 F -.25(va)174
+668.4 S(lue return as if there were no matches.).25 E 41.17
+(netinfo NeXT)102 684.6 R(NetInfo lookups.)2.5 E F2(Sendmail)5 E F1
+(must be compiled with)2.5 E F0(NETINFO)2.5 E F1(de\214ned.)2.5 E(te)102
+700.8 Q 54.65(xt T)-.15 F -.15(ex)-.7 G 2.918<748c>.15 G .418
+(le lookups.)-2.918 F .418(The format of the te)5.418 F .417
+(xt \214le is de\214ned by the)-.15 F F0<ad6b>2.917 E F1(\(k)2.917 E
+.717 -.15(ey \214)-.1 H .417(eld num-).15 F(ber\),)174 712.8 Q F0<ad76>
+2.5 E F1(\(v)2.5 E(alue \214eld number\), and)-.25 E F0<ad7a>2.5 E F1
+(\(\214eld delimiter\) options.)2.5 E 0 Cg EP
%%Page: 84 80
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d38342053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<4b646571756f746520646571756f7465>214 96 Q
-<2e2e2e>214 120 Q 88.19<5224ad20243a>214 144 R
-<2428646571756f7465202431202429>2.5 E<5224ad20242b>214 156 Q
-<243a20243e33202431202432>77.55 E<43617265206d7573742062652074616b>174
-172.2 Q<656e20746f20707265>-.1 E -.15<7665>-.25 G<6e7420756e65>.15 E
-<7870656374656420726573756c74733b20666f722065>-.15 E<78616d706c652c>-.15
-E<227c736f6d6570726f6772616d203c20696e707574203e206f757470757422>214
-188.4 Q 1.31<77696c6c206861>174 204.6 R 1.61 -.15<76652071>-.2 H 1.31
-<756f7465732073747269707065642c2062>.15 F 1.31<75742074686520726573756c
-742069732070726f6261626c79206e6f74207768617420796f752068616420696e206d69
-6e642e>-.2 F -.15<466f>174 216.6 S
-<7274756e6174656c792074686573652063617365732061726520726172652e>.15 E
-<7265>102 232.8 Q<6765>-.15 E 50.09<7854>-.15 G .489
-<6865206d61702064658c6e6974696f6e206f6e20746865>-50.09 F F0<4b>2.989 E
-F1 .489<6c696e6520636f6e7461696e732061207265>2.989 F .488
-<67756c61722065>-.15 F 2.988<787072657373696f6e2e20416e>-.15 F 2.988
-<796b>-.15 G .788 -.15<65792069>-3.088 H .488<6e707574206973>.15 F 1.454
-<636f6d706172656420746f20746861742065>174 244.8 R 1.454
-<787072657373696f6e207573696e672074686520504f534958207265>-.15 F 1.454
-<67756c61722065>-.15 F 1.454
-<787072657373696f6e7320726f7574696e6573207265>-.15 F<672d>-.15 E .291
-<636f6d7028292c207265>174 256.8 R .291<6765727228292c20616e64207265>-.15
-F<6765>-.15 E -.15<7865>-.15 G 2.791<6328292e205265666572>.15 F .291<74
-6f2074686520646f63756d656e746174696f6e20666f722074686f736520726f7574696e
-657320666f72>2.791 F .355
-<6d6f726520696e666f726d6174696f6e2061626f757420746865207265>174 268.8 R
-.355<67756c61722065>-.15 F .355<787072657373696f6e206d61746368696e672e>
--.15 F .356<4e6f207265>5.356 F .356<77726974696e67206f6620746865206b>
--.25 F -.15<6579>-.1 G .075<697320646f6e6520696620746865>174 280.8 R F0
-<ad6d>2.575 E F1 .075<8d616720697320757365642e>2.575 F -.4<5769>5.075 G
-.075<74686f75742069742c20746865206b>.4 F .374 -.15<65792069>-.1 H 2.574
-<7364>.15 G .074<6973636172646564206f72206966>-2.574 F F0<ad73>2.574 E
-F1 .074<696620757365642c206974206973>2.574 F .905<7375627374697475746564
-2062792074686520737562737472696e67206d6174636865732c2064656c696d69746564
-206279>174 292.8 R F0<247c>3.405 E F1 .905
-<6f722074686520737472696e672073706563698c65642077697468>3.405 F
-<74686520746865>174 304.8 Q F0<ad64>2.5 E F1 2.5<8d61672e20546865>2.5 F
-<8d6167732061>2.5 E -.25<7661>-.2 G
-<696c61626c6520666f7220746865206d617020617265>.25 E 9.17<2d6e206e6f74>
-214 321 R 10.84<2d662063617365>214 333 R<73656e73697469>2.5 E -.15<7665>
--.25 G 9.17<2d62206261736963>214 345 R<7265>2.5 E<67756c61722065>-.15 E
-<787072657373696f6e732028646566>-.15 E<61756c742069732065>-.1 E
-<7874656e64656429>-.15 E 10.28<2d7320737562737472696e67>214 357 R
-<6d61746368>2.5 E 9.17<2d6420736574>214 369 R
-<7468652064656c696d69746572207573656420666f72202d73>2.5 E 9.73
-<2d6120617070656e64>214 381 R<737472696e6720746f206b>2.5 E -.15<6579>-.1
-G 6.39<2d6d206d61746368>214 393 R<6f6e6c79>2.5 E 2.5<2c64>-.65 G 2.5
-<6f6e>-2.5 G<6f74207265706c6163652f646973636172642076>-2.5 E<616c7565>
--.25 E 6.95<2d4420706572666f726d>214 405 R
-<6e6f206c6f6f6b757020696e2064656665727265642064656c69>2.5 E -.15<7665>
--.25 G<7279206d6f64652e>.15 E<546865>174 421.2 Q F0<ad73>2.551 E F1 .051
-<8d61672063616e20696e636c75646520616e206f7074696f6e616c20706172616d6574
-65722077686963682063616e206265207573656420746f2073656c656374207468652073
-75622d>2.551 F<737472696e677320696e2074686520726573756c74206f6620746865
-206c6f6f6b75702e>174 433.2 Q -.15<466f>5 G 2.5<7265>.15 G
-<78616d706c652c>-2.65 E<2d73312c332c34>214 449.4 Q .696
-<4e6f7465733a20746f206d617463682061>174 465.6 R F0<24>3.197 E F1 .697
-<696e206120737472696e672c205c2424206d75737420626520757365642e>3.197 F
-.697<496620746865207061747465726e20636f6e7461696e73207370616365732c>
-5.697 F<746865>174 477.6 Q 4.425<796d>-.15 G 1.924<75737420626520726570
-6c6163656420776974682074686520626c616e6b20737562737469747574696f6e206368
-61726163746572>-4.425 F 4.424<2c75>-.4 G 1.924
-<6e6c657373206974206973207370616365>-4.424 F<697473656c662e>174 489.6 Q
-35.62<70726f6772616d20546865>102 505.8 R<6172>2.544 E .044
-<67756d656e7473206f6e20746865>-.18 F F0<4b>2.544 E F1 .045<6c696e652061
-72652074686520706174686e616d6520746f20612070726f6772616d20616e6420616e>
-2.544 F 2.545<7969>-.15 G .045<6e697469616c20706172616d2d>-2.545 F .176
-<657465727320746f206265207061737365642e>174 517.8 R .176
-<5768656e20746865206d61702069732063616c6c65642c20746865206b>5.176 F .475
--.15<65792069>-.1 H 2.675<7361>.15 G .175
-<6464656420746f2074686520696e697469616c20706172616d652d>-2.675 F .112
-<7465727320616e64207468652070726f6772616d20697320696e>174 529.8 R -.2
-<766f>-.4 G -.1<6b65>.2 G 2.612<6461>.1 G 2.612<7374>-2.612 G .112
-<686520646566>-2.612 F .112<61756c7420757365722f67726f75702069642e>-.1 F
-.112<546865208c727374206c696e65206f66207374616e2d>5.112 F .508
-<64617264206f75747075742069732072657475726e6564206173207468652076>174
-541.8 R .508<616c7565206f6620746865206c6f6f6b75702e>-.25 F .508
-<5468697320686173206d616e>5.508 F 3.007<7970>-.15 G .507
-<6f74656e7469616c20736563752d>-3.007 F 1.277<726974792070726f626c656d73
-2c20616e6420686173207465727269626c6520706572666f726d616e63653b2069742073
-686f756c642062652075736564206f6e6c79207768656e206162736f2d>174 553.8 R
-<6c7574656c79206e6563657373617279>174 565.8 Q<2e>-.65 E 44.51
-<6d6163726f20536574>102 582 R .32<6f7220636c6561722061206d6163726f2076>
-2.82 F 2.82<616c75652e2054>-.25 F 2.82<6f73>-.8 G .32
-<65742061206d6163726f2c2070617373207468652076>-2.82 F .32
-<616c756520617320746865208c727374206172>-.25 F .32<67756d656e7420696e>
--.18 F .938<746865206d6170206c6f6f6b75702e>174 594 R 2.538 -.8<546f2063>
-5.938 H .939
-<6c6561722061206d6163726f2c20646f206e6f74207061737320616e206172>.8 F
-.939<67756d656e7420696e20746865206d6170206c6f6f6b75702e>-.18 F
-<546865206d617020616c>174 606 Q -.1<7761>-.1 G
-<79732072657475726e732074686520656d70747920737472696e672e>.1 E
-<4578616d706c65206f66207479706963616c20757361676520696e636c7564653a>5 E
-0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-84 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 59.5
+(ph PH)102 96 R(query map.)2.5 E(Contrib)5 E
+(uted and supported by Mark Roth, roth@uiuc.edu.)-.2 E 55.61(nsd nsd)102
+112.2 R 1.599(map for IRIX 6.5 and later)4.099 F 6.599(.C)-.55 G(ontrib)
+-6.599 E 1.599(uted and supported by Bob Mende of)-.2 F
+(SGI, mende@sgi.com.)174 124.2 Q 53.39(stab Internal)102 140.4 R
+(symbol table lookups.)2.5 E(Used internally for aliasing.)5 E 38.38
+(implicit Sequentially)102 156.6 R .132(try a list of a)2.632 F -.25(va)
+-.2 G .131(ilable map types:).25 F/F2 10/Times-Italic@0 SF(hash)2.631 E
+F1(,)A F2(dbm)2.631 E F1 2.631(,a)C(nd)-2.631 E F2(cdb)2.631 E F1 5.131
+(.I)C 2.631(ti)-5.131 G 2.631(st)-2.631 G .131(he def)-2.631 F(ault)-.1
+E .206(for alias \214les if no class is speci\214ed.)174 168.6 R .207
+(If is no matching map type is found, the te)5.206 F(xt)-.15 E -.15(ve)
+174 180.6 S(rsion is used for the alias \214le, b).15 E(ut other maps f)
+-.2 E(ail to open.)-.1 E 52.84(user Looks)102 196.8 R .477
+(up users using)2.977 F F2 -.1(ge)2.977 G(tpwnam).1 E F1 2.977
+(\(3\). The)B F0<ad76>2.977 E F1 .476
+(\215ag can be used to specify the name)2.976 F .142(of the \214eld to \
+return \(although this is normally used only to check the e)174 208.8 R
+.142(xistence of)-.15 F 2.5(au)174 220.8 S(ser\).)-2.5 E 52.83
+(host Canoni\214es)102 237 R .2(host domain names.)2.7 F(Gi)5.2 E -.15
+(ve)-.25 G 2.7(nah).15 G .2(ost name it calls the name serv)-2.7 F .2
+(er to \214nd)-.15 F(the canonical name for that host.)174 249 Q 40.61
+(bestmx Returns)102 265.2 R 2.478(the best MX record for a host name gi)
+4.978 F -.15(ve)-.25 G 4.979(na).15 G 4.979(st)-4.979 G 2.479(he k)
+-4.979 F -.15(ey)-.1 G 7.479(.T)-.5 G 2.479(he current)-7.479 F .722
+(machine is al)174 277.2 R -.1(wa)-.1 G .721
+(ys preferred \212 that is, if the current machine is one of the hosts)
+.1 F .218(listed as a lo)174 289.2 R .219
+(west-preference MX record, then it will be guaranteed to be returned.)
+-.25 F .961(This can be used to \214nd out if this machine is the tar)
+174 301.2 R .961(get for an MX record, and)-.18 F .592
+(mail can be accepted on that basis.)174 313.2 R .592(If the)5.592 F F0
+<ad7a>3.092 E F1 .592(option is gi)3.092 F -.15(ve)-.25 G .592
+(n, then all MX names).15 F .361(are returned, separated by the gi)174
+325.2 R -.15(ve)-.25 G 2.861(nd).15 G(elimiter)-2.861 E 5.361(.N)-.55 G
+.361(ote: the return v)-5.361 F .36(alue is determin-)-.25 F 1.698
+(istic, i.e., e)174 337.2 R -.15(ve)-.25 G 4.198(ni).15 G 4.198(fm)
+-4.198 G 1.698(ultiple MX records ha)-4.198 F 1.999 -.15(ve t)-.2 H
+1.699(he same preference, the).15 F 4.199(yw)-.15 G 1.699(ill be)-4.199
+F(returned in the same order)174 349.2 Q(.)-.55 E 55.61(dns This)102
+365.4 R 2.248
+(map requires the option -R to specify the DNS resource record type to)
+4.748 F 3.479(lookup. The)174 377.4 R(follo)3.479 E .979
+(wing types are supported: A, AAAA, AFSDB, CN)-.25 F .979(AME, MX,)-.35
+F .107(NS, PTR, SR)174 389.4 R 2.687 -1.29(V, a)-.8 H .107(nd TXT)1.29 F
+5.107(.A)-.74 G .107(map lookup will return only one record unless the)
+-2.5 F F0<ad7a>2.606 E F1(\(v)174 401.4 Q .11
+(alue separator\) option is set.)-.25 F .111
+(Hence for some types, e.g., MX records, the return)5.111 F -.25(va)174
+413.4 S 1.052(lue might be a random element of the results due to rando\
+mizing in the DNS).25 F(resolv)174 425.4 Q(er)-.15 E 2.5(,i)-.4 G 2.5
+(fo)-2.5 G(nly one element is returned.)-2.5 E 52.29(arpa Returns)102
+441.6 R .723(the `)3.223 F(`re)-.74 E -.15(ve)-.25 G(rse').15 E 3.223
+('f)-.74 G .723(or the gi)-3.223 F -.15(ve)-.25 G 3.223(nI).15 G 3.224
+(P\()-3.223 G .724(IPv4 or IPv6\) address, i.e., the string for)-3.224 F
+.431(the PTR lookup, b)174 453.6 R .431(ut without trailing)-.2 F F0
+(ip6.ar)2.931 E(pa)-.1 E F1(or)2.931 E F0(in-addr)2.931 E(.ar)-1 E(pa)
+-.1 E F1 5.431(.F)C .431(or e)-5.581 F .43(xample, the)-.15 F(follo)174
+465.6 Q(wing con\214guration lines:)-.25 E(Karpa arpa)214 481.8 Q(SArpa)
+214 493.8 Q 88.19(R$+ $:)214 505.8 R($\(arpa $1 $\))2.5 E -.1(wo)174 522
+S(rk lik).1 E 2.5(et)-.1 G(his in test mode:)-2.5 E(sendmail -bt)214
+538.2 Q(ADDRESS TEST MODE \(ruleset 3 NO)214 550.2 Q 2.5(Ta)-.4 G
+(utomatically in)-2.5 E -.2(vo)-.4 G -.1(ke).2 G(d\)).1 E
+(Enter <ruleset> <address>)214 562.2 Q 2.5(>A)214 574.2 S
+(rpa IPv6:1:2:dead:beef:9876:0:0:1)-2.5 E 35(Arpa input:)214 586.2 R
+(IPv6 : 1 : 2 : dead : beef : 9876 : 0 : 0 : 1)2.5 E 30(Arpa returns:)
+214 598.2 R 2.5
+(1.0.0.0.0.0.0.0.0.0.0.0.6.7.8.9.f.e.e.b.d.a.e.d.2.0.0.0.1.0.0.0)2.5 G
+2.5(>A)214 610.2 S(rpa 1.2.3.4)-2.5 E 35(Arpa input:)214 622.2 R 2.5
+(1.2.3.4)2.5 G 30(Arpa returns:)214 634.2 R 2.5(4.3.2.1)2.5 G 32.85
+(sequence The)102 654.6 R(ar)3.349 E .849(guments on the `K' line are a\
+ list of maps; the resulting map searches the)-.18 F(ar)174 666.6 Q .439
+(gument maps in order until it \214nds a match for the indicated k)-.18
+F -.15(ey)-.1 G 5.438(.F)-.5 G .438(or e)-5.588 F(xample,)-.15 E
+(if the k)174 678.6 Q .3 -.15(ey d)-.1 H(e\214nition is:).15 E 0 Cg EP
%%Page: 85 81
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3835>195.86 E
-/F1 10/Times-Roman@0 SF<4b73746f72616765206d6163726f>214 96 Q<2e2e2e>214
-120 Q 2.5<2373>214 144 S<6574206d6163726f20247b4d794d6163726f7d20746f20
-7468652072756c65736574206d61746368>-2.5 E .19<52242b20243a>214 156 R
-<242873746f72616765207b4d794d6163726f7d202440202431202429202431>2.5 E
-2.5<2373>214 168 S<6574206d6163726f20247b4d794d6163726f7d20746f20616e20
-656d70747920737472696e67>-2.5 E .83<52242a20243a>214 180 R
-<242873746f72616765207b4d794d6163726f7d202440202429202431>2.5 E 2.5
-<2363>214 192 S<6c656172206d6163726f20247b4d794d6163726f7d>-2.5 E .19
-<5224ad20243a>214 204 R
-<242873746f72616765207b4d794d6163726f7d202429202431>2.5 E 51.17
-<617269746820506572666f726d>102 224.4 R .494
-<73696d706c652061726974686d65746963206f7065726174696f6e732e>2.994 F .494
-<546865206f7065726174696f6e206973206769>5.494 F -.15<7665>-.25 G 2.993
-<6e61>.15 G 2.993<736b>-2.993 G -.15<6579>-3.093 G 2.993<2c63>-.5 G .493
-<757272656e746c79202b2c>-2.993 F .245<2d2c202a2c202f2c20252c207c2c202620
-2862697477697365204f522c20414e44292c206c2028666f72206c657373207468616e29
-2c203d2c20616e6420722028666f722072616e646f6d2920617265207375702d>174
-236.4 R 3.21<706f727465642e20546865>174 248.4 R<7477>3.21 E 3.21<6f6f>
--.1 G .71<706572616e647320617265206769>-3.21 F -.15<7665>-.25 G 3.21
-<6e61>.15 G 3.21<7361>-3.21 G -.18<7267>-3.21 G 3.21
-<756d656e74732e20546865>.18 F .71
-<6c6f6f6b75702072657475726e732074686520726573756c74>3.21 F 1.374
-<6f662074686520636f6d7075746174696f6e2c20692e652e2c>174 260.4 R/F2 9
-/Times-Roman@0 SF<5452>3.874 E<5545>-.36 E F1<6f72>3.874 E F2 -.666
-<4641>3.874 G<4c5345>.666 E F1 1.374
-<666f7220636f6d70617269736f6e732c20696e7465>3.874 F 1.374<6765722076>
--.15 F 1.374<616c756573206f74686572>-.25 F<2d>-.2 E 3.212
-<776973652e20546865>174 272.4 R 3.212<726f>3.212 G .712<70657261746f7220
-72657475726e7320612070736575646f2d72616e646f6d206e756d6265722077686f7365
-2076>-3.212 F .711<616c7565206c696573206265747765656e>-.25 F .538<746865
-208c72737420616e64207365636f6e64206f706572616e64202877686963682072657175
-69726573207468617420746865208c727374206f706572616e6420697320736d616c6c65
-72207468616e>174 284.4 R 2.134<746865207365636f6e64292e>174 296.4 R
-2.133<416c6c206f7074696f6e732077686963682061726520706f737369626c6520666f
-72206d617073206172652069676e6f7265642e>7.134 F 4.633<4173>7.133 G
-<696d706c65>-4.633 E -.15<6578>174 308.4 S<616d706c652069733a>.15 E
-<4b636f6d70206172697468>214 324.6 Q<2e2e2e>214 348.6 Q
-<53636865636b5f6574726e>214 372.6 Q .83<52242a20243a>214 384.6 R
-<2428636f6d70206c2024402024267b6c6f61645f61>2.5 E
-<76677d2024402037202429202431>-.2 E<5246>214 396.6 Q
-<414c53452423206572726f72202e2e2e>-.74 E<736f636b>102 417 Q 44.05
-<657420546865>-.1 F<736f636b>3.231 E .732<6574206d6170207573657320612073
-696d706c6520726571756573742f7265706c792070726f746f636f6c206f>-.1 F -.15
-<7665>-.15 G 3.232<7254>.15 G .732<4350206f7220554e495820646f6d61696e>
--3.232 F<736f636b>174 429 Q .753<65747320746f20717565727920616e2065>-.1
-F .753<787465726e616c2073657276>-.15 F<6572>-.15 E 5.753<2e42>-.55 G
-.753<6f746820726571756573747320616e64207265706c69657320617265207465>
--5.753 F .753<787420626173656420616e64>-.15 F<656e636f646564206173206e65
-74737472696e67732c20692e652e2c206120737472696e67202268656c6c6f2074686572
-6522206265636f6d65733a>174 441 Q<31313a68656c6c6f2074686572652c>214
-457.2 Q<4e6f74653a206e656974686572207265717565737473206e6f72207265706c69
-657320656e6420776974682043524c46>174 473.4 Q<2e>-.8 E .301<546865207265
-717565737420636f6e7369737473206f6620746865206461746162617365206d6170206e
-616d6520616e6420746865206c6f6f6b7570206b>174 497.4 R .601 -.15<65792073>
--.1 H .301<65706172617465642062792061>.15 F
-<7370616365206368617261637465723a>174 509.4 Q
-<3c6d61706e616d653e20272027203c6b>214 537.6 Q -.15<6579>-.1 G<3e>.15 E
-<5468652073657276>174 565.8 Q<657220726573706f6e647320776974682061207374
-6174757320696e64696361746f7220616e642074686520726573756c742028696620616e>
--.15 E<79293a>-.15 E<3c7374617475733e20272027203c726573756c743e>214 594
-Q .161<5468652073746174757320696e64696361746f722073706563698c6573207468
-6520726573756c74206f6620746865206c6f6f6b7570206f7065726174696f6e20697473
-656c6620616e64206973206f6e65206f66>174 622.2 R<74686520666f6c6c6f>174
-634.2 Q<77696e6720757070657220636173652077>-.25 E<6f7264733a>-.1 E 28.06
-<4f4b20746865>214 650.4 R -.1<6b65>2.5 G 2.5<7977>-.05 G
-<617320666f756e642c20726573756c7420636f6e7461696e7320746865206c6f6f6b>
--2.6 E<65642075702076>-.1 E<616c7565>-.25 E<4e4f>214 662.4 Q
-<54464f554e44746865206b>-.4 E .3 -.15<65792077>-.1 H
-<6173206e6f7420666f756e642c2074686520726573756c7420697320656d707479>.05
-E 15.83<54454d502061>214 674.4 R<74656d706f726172792066>2.5 E
-<61696c757265206f636375726564>-.1 E -2.49<54494d454f55542061>214 686.4 R
-<74696d656f7574206f636375726564206f6e207468652073657276>2.5 E
-<65722073696465>-.15 E 15.27<5045524d2061>214 698.4 R
-<7065726d616e656e742066>2.5 E<61696c757265206f636375726564>-.1 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-85)195.86 E/F1 10/Times-Roman@0 SF(Kmap1 ...)214 96 Q(Kmap2 ...)
+214 108 Q(Kseqmap sequence map1 map2)214 120 Q .968(then a lookup ag)174
+136.2 R .968(ainst \231seqmap\232 \214rst does a lookup in map1.)-.05 F
+.968(If that is found, it)5.968 F(returns immediately)174 148.2 Q 5(.O)
+-.65 G(therwise, the same k)-5 E .3 -.15(ey i)-.1 H 2.5(su).15 G
+(sed for map2.)-2.5 E 43.94(syslog the)102 164.4 R -.1(ke)2.5 G 2.5(yi)
+-.05 G 2.5(sl)-2.5 G(ogged via)-2.5 E/F2 10/Times-Italic@0 SF(syslo)2.5
+E(gd)-.1 E F1 2.5(\(8\). The)1.666 F(lookup returns the empty string.)
+2.5 E 43.39(switch Much)102 180.6 R(lik)2.801 E 2.801(et)-.1 G .301
+(he \231sequence\232 map e)-2.801 F .301
+(xcept that the order of maps is determined by the)-.15 F .391
+(service switch.)174 192.6 R .391(The ar)5.391 F .391
+(gument is the name of the service to be look)-.18 F .392(ed up; the v)
+-.1 F(al-)-.25 E 1.492
+(ues from the service switch are appended to the map name to create ne)
+174 204.6 R 3.992(wm)-.25 G(ap)-3.992 E 2.5(names. F)174 216.6 R(or e)
+-.15 E(xample, consider the k)-.15 E .3 -.15(ey d)-.1 H(e\214nition:).15
+E(Kali switch aliases)214 232.8 Q
+(together with the service switch entry:)174 249 Q 78.84(aliases nis)214
+265.2 R(\214les)2.5 E 1.633(This causes a query ag)174 281.4 R 1.633
+(ainst the map \231ali\232 to search maps named \231ali.nis\232 and)-.05
+F(\231ali.\214les\232 in that order)174 293.4 Q(.)-.55 E 37.84
+(dequote Strip)102 309.6 R .961(double quotes \("\) from a name.)3.461 F
+.96(It does not strip backslashes, and will not)5.961 F .172
+(strip quotes if the resulting string w)174 321.6 R .173
+(ould contain unscannable syntax \(that is, basic)-.1 F .386(errors lik)
+174 333.6 R 2.886(eu)-.1 G .386(nbalanced angle brack)-2.886 F .386
+(ets; more sophisticated errors such as unkno)-.1 F(wn)-.25 E .251
+(hosts are not check)174 345.6 R 2.751(ed\). The)-.1 F .251
+(intent is for use when trying to accept mail from sys-)2.751 F
+(tems such as DECnet that routinely quote odd syntax such as)174 357.6 Q
+("49ers::ubell")214 373.8 Q 2.5(At)174 390 S
+(ypical usage is probably something lik)-2.5 E(e:)-.1 E
+(Kdequote dequote)214 406.2 Q(...)214 430.2 Q 88.19(R$\255 $:)214 454.2
+R($\(dequote $1 $\))2.5 E(R$\255 $+)214 466.2 Q($: $>3 $1 $2)77.55 E
+(Care must be tak)174 482.4 Q(en to pre)-.1 E -.15(ve)-.25 G(nt une).15
+E(xpected results; for e)-.15 E(xample,)-.15 E
+("|someprogram < input > output")214 498.6 Q 1.31(will ha)174 514.8 R
+1.61 -.15(ve q)-.2 H 1.31(uotes stripped, b).15 F 1.31
+(ut the result is probably not what you had in mind.)-.2 F -.15(Fo)174
+526.8 S(rtunately these cases are rare.).15 E(re)102 543 Q(ge)-.15 E
+50.09(xT)-.15 G .488(he map de\214nition on the)-50.09 F F0(K)2.988 E F1
+.489(line contains a re)2.988 F .489(gular e)-.15 F 2.989(xpression. An)
+-.15 F 2.989(yk)-.15 G .789 -.15(ey i)-3.089 H .489(nput is).15 F 1.454
+(compared to that e)174 555 R 1.454(xpression using the POSIX re)-.15 F
+1.454(gular e)-.15 F 1.454(xpressions routines re)-.15 F(g-)-.15 E .29
+(comp\(\), re)174 567 R .291(gerr\(\), and re)-.15 F(ge)-.15 E -.15(xe)
+-.15 G 2.791(c\(\). Refer).15 F .291
+(to the documentation for those routines for)2.791 F .356
+(more information about the re)174 579 R .356(gular e)-.15 F .355
+(xpression matching.)-.15 F .355(No re)5.355 F .355(writing of the k)
+-.25 F -.15(ey)-.1 G .074(is done if the)174 591 R F0<ad6d>2.574 E F1
+.074(\215ag is used.)2.574 F -.4(Wi)5.074 G .074(thout it, the k).4 F
+.375 -.15(ey i)-.1 H 2.575(sd).15 G .075(iscarded or if)-2.575 F F0
+<ad73>2.575 E F1 .075(if used, it is)2.575 F .905
+(substituted by the substring matches, delimited by)174 603 R F0($|)
+3.405 E F1 .905(or the string speci\214ed with)3.405 F(the the)174 615 Q
+F0<ad64>2.5 E F1 2.5(option. The)2.5 F(options a)2.5 E -.25(va)-.2 G
+(ilable for the map are).25 E 0 Cg EP
%%Page: 86 82
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d38362053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF .26
-<496e2063617365206f66206572726f727320287374617475732054454d50>174 96 R
-2.76<2c54>-1.11 G .26<494d454f5554206f72205045524d292074686520726573756c
-74208c656c64206d617920636f6e7461696e>-2.76 F .819<616e2065>174 108 R
-.819<78706c616e61746f7279206d6573736167652e>-.15 F<486f>5.818 E<7765>
--.25 E -.15<7665>-.25 G 1.618 -.4<722c2074>.15 H .818<68652065>.4 F .818
-<78706c616e61746f7279206d657373616765206973206e6f74207573656420616e>-.15
-F 3.318<7966>-.15 G<7572>-3.318 E<2d>-.2 E<74686572206279>174 120 Q/F2
-10/Times-Italic@0 SF<73656e646d61696c>2.5 E F1<2e>A
-<4578616d706c65207265706c6965733a>174 144 Q<33313a4f4b207265736f6c76>214
-160.2 Q<65642e616464726573734065>-.15 E<78616d706c652e636f6d2c>-.15 E<35
-363a4f4b206572726f723a35353020352e372e31205573657220646f6573206e6f742061
-6363657074206d61696c2066726f6d2073656e646572>214 192.6 Q<2c>-.4 E
-<696e2063617365206f66207375636365737366756c206c6f6f6b7570732c206f723a>
-174 220.8 Q<383a4e4f>214 237 Q<54464f554e442c>-.4 E
-<696e206361736520746865206b>174 265.2 Q .3 -.15<65792077>-.1 H
-<6173206e6f7420666f756e642c206f723a>.05 E
-<35353a54454d502074686973207465>214 281.4 Q<78742065>-.15 E
-<78706c61696e7320746861742077652068616420612074656d706f726172792066>-.15
-E<61696c7572652c>-.1 E
-<696e2063617365206f6620612074656d706f72617279206d6170206c6f6f6b75702066>
-174 309.6 Q<61696c7572652e>-.1 E 1.186<54686520736f636b>174 333.6 R
-1.186<6574206d61702075736573207468652073616d652073796e746178206173206d69
-6c7465727320287365652053656374696f6e202258208a204d61696c2046696c746572>
--.1 F<284d696c746572292044658c6e6974696f6e73222920746f207370656369667920
-7468652072656d6f746520656e64706f696e742c20652e672e2c>174 345.6 Q
-<4b736f636b>214 361.8 Q<6574206d79536f636b>-.1 E
-<65744d617020696e65743a3132333435403132372e302e302e31>-.1 E .493
-<4966206d756c7469706c6520736f636b>174 390 R .492<6574206d6170732064658c
-6e65207468652073616d652072656d6f746520656e64706f696e742c20746865>-.1 F
-2.992<7977>-.15 G .492<696c6c20736861726520612073696e676c65>-2.992 F
-<636f6e6e656374696f6e20746f207468697320656e64706f696e742e>174 402 Q .488
-<4d6f7374206f6620746865736520616363657074206173206172>127 418.2 R .488<
-67756d656e7473207468652073616d65206f7074696f6e616c208d61677320616e642061
-208c6c656e616d6520286f722061206d61706e616d6520666f72>-.18 F .31<4e49533b
-20746865208c6c656e616d652069732074686520726f6f74206f66207468652064617461
-6261736520706174682c20736f207468617420992e64629a206f7220736f6d65206f7468
-65722065>102 430.2 R .31<7874656e73696f6e20617070726f707269617465>-.15 F
-<666f722074686520646174616261736520747970652077696c6c206265206164646564
-20746f20676574207468652061637475616c206461746162617365206e616d65292e>102
-442.2 Q<4b6e6f>5 E<776e208d616773206172653a>-.25 E 58.86
-<ad6f20496e64696361746573>102 458.4 R 1.148<746861742074686973206d617020
-6973206f7074696f6e616c208a20746861742069732c2069662069742063616e6e6f7420
-6265206f70656e65642c206e6f206572726f72206973>3.647 F
-<70726f64756365642c20616e64>174 470.4 Q F2<73656e646d61696c>2.5 E F1
-<77696c6c2062656861>2.5 E .3 -.15<76652061>-.2 H 2.5<7369>.15 G 2.5
-<6674>-2.5 G<6865206d61702065>-2.5 E<7869737465642062>-.15 E<75742077>
--.2 E<617320656d707479>-.1 E<2e>-.65 E<ad4e2c20ad4f>102 486.6 Q .697
-<4966206e656974686572>41.28 F F0<ad4e>3.197 E F1<6f72>3.197 E F0<ad4f>
-3.197 E F1 .697<6172652073706563698c65642c>3.197 F F2<73656e646d61696c>
-3.197 E F1 .697<7573657320616e20616461707469>3.197 F .997 -.15<76652061>
--.25 H .697<6c676f726974686d20746f20646563696465>.15 F .108<776865746865
-72206f72206e6f7420746f206c6f6f6b20666f72206e756c6c206279746573206f6e2074
-686520656e64206f66206b>174 498.6 R -.15<6579>-.1 G 2.608<732e204974>.15
-F .108<73746172747320627920747279696e6720626f74683b206966>2.608 F .82
-<6974208c6e647320616e>174 510.6 R 3.32<796b>-.15 G 1.12 -.15<65792077>
--3.42 H .82<6974682061206e756c6c2062797465206974206e65>.15 F -.15<7665>
--.25 G 3.319<7274>.15 G .819<72696573206167>-3.319 F .819
-<61696e20776974686f75742061206e756c6c206279746520616e642076696365>-.05 F
--.15<7665>174 522.6 S 2.827<7273612e204966>.15 F F0<ad4e>2.827 E F1 .327
-<69732073706563698c6564206974206e65>2.827 F -.15<7665>-.25 G 2.828<7274>
-.15 G .328
-<7269657320776974686f75742061206e756c6c206279746520616e64206966>-2.828 F
-F0<ad4f>2.828 E F1 .328<69732073706563698c6564206974>2.828 F<6e65>174
-534.6 Q -.15<7665>-.25 G 2.886<7274>.15 G .386
-<7269657320776974682061206e756c6c20627974652e>-2.886 F .386<53657474696e
-67206f6e65206f662074686573652063616e207370656564206d6174636865732062>
-5.386 F .386<757420617265206e65>-.2 F -.15<7665>-.25 G<72>.15 E
-<6e6563657373617279>174 546.6 Q 5.545<2e49>-.65 G 3.045<6662>-5.545 G
-<6f7468>-3.045 E F0<ad4e>3.045 E F1<616e64>3.045 E F0<ad4f>3.045 E F1
-.545<6172652073706563698c65642c>3.045 F F2<73656e646d61696c>3.045 E F1
-.546<77696c6c206e65>3.046 F -.15<7665>-.25 G 3.046<7274>.15 G .546
-<727920616e>-3.046 F 3.046<796d>-.15 G<617463686573>-3.046 E
-<617420616c6c208a20746861742069732c2065>174 558.6 Q -.15<7665>-.25 G
-<72797468696e672077696c6c2061707065617220746f2066>.15 E<61696c2e>-.1 E
-<ad61>102 574.8 Q F2<78>A F1 1.357<417070656e642074686520737472696e67>
-57.48 F F2<78>3.857 E F1 1.357
-<6f6e207375636365737366756c206d6174636865732e>3.857 F -.15<466f>6.357 G
-3.857<7265>.15 G 1.356<78616d706c652c2074686520646566>-4.007 F<61756c74>
--.1 E F2<686f7374>3.856 E F1<6d6170>3.856 E<617070656e6473206120646f7420
-6f6e207375636365737366756c206d6174636865732e>174 586.8 Q<ad54>102 603 Q
-F2<78>A F1 .02<417070656e642074686520737472696e67>55.81 F F2<78>2.52 E
-F1 .021<6f6e2074656d706f726172792066>2.52 F 2.521<61696c757265732e2046>
--.1 F .021<6f722065>-.15 F<78616d706c652c>-.15 E F2<78>2.521 E F1 -.1
-<776f>2.521 G .021<756c6420626520617070656e6465642069662061>.1 F .72
-<444e53206c6f6f6b75702072657475726e6564209973657276>174 615 R .72
-<65722066>-.15 F .72<61696c65649a206f7220616e204e4953206c6f6f6b75702063
-6f756c64206e6f74206c6f6361746520612073657276>-.1 F<6572>-.15 E<2e>-.55 E
-<53656520616c736f20746865>174 627 Q F0<ad74>2.5 E F1<8d61672e>2.5 E
-60.53<ad6620446f>102 643.2 R<6e6f7420666f6c6420757070657220746f206c6f>
-2.5 E<7765722063617365206265666f7265206c6f6f6b696e6720757020746865206b>
--.25 E -.15<6579>-.1 G<2e>-.5 E 56.08<ad6d204d61746368>102 659.4 R .399
-<6f6e6c792028776974686f7574207265706c6163696e67207468652076>2.899 F
-2.899<616c7565292e204966>-.25 F .399
-<796f75206f6e6c7920636172652061626f7574207468652065>2.899 F .4
-<78697374656e6365206f66>-.15 F 7.307<616b>174 671.4 S 5.107 -.15
-<65792061>-7.407 H 4.807<6e64206e6f74207468652076>.15 F 4.807<616c756520
-28617320796f75206d69676874207768656e20736561726368696e6720746865204e4953
-206d6170>-.25 F 1.947<99686f7374732e62796e616d659a20666f722065>174 683.4
-R 1.947<78616d706c65292c2074686973208d616720707265>-.15 F -.15<7665>-.25
-G 1.947
-<6e747320746865206d61702066726f6d20737562737469747574696e6720746865>.15
-F -.25<7661>174 695.4 S 2.85<6c75652e20486f>.25 F<7765>-.25 E -.15<7665>
--.25 G 1.15 -.4<722c2054>.15 H .35<686520ad61206172>.4 F .349<67756d656e
-74206973207374696c6c20617070656e646564206f6e2061206d617463682c20616e6420
-74686520646566>-.18 F .349<61756c74206973>-.1 F<7374696c6c2074616b>174
-707.4 Q<656e20696620746865206d617463682066>-.1 E<61696c732e>-.1 E 0 Cg
-EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-86 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 9.17
+(-n not)214 96 R 10.84(-f case)214 108 R(sensiti)2.5 E -.15(ve)-.25 G
+9.17(-b basic)214 120 R(re)2.5 E(gular e)-.15 E(xpressions \(def)-.15 E
+(ault is e)-.1 E(xtended\))-.15 E 10.28(-s substring)214 132 R(match)2.5
+E 9.17(-d set)214 144 R(the delimiter string used for -s)2.5 E 9.73
+(-a append)214 156 R(string to k)2.5 E -.15(ey)-.1 G 6.39(-m match)214
+168 R(only)2.5 E 2.5(,d)-.65 G 2.5(on)-2.5 G(ot replace/discard v)-2.5 E
+(alue)-.25 E 6.95(-D perform)214 180 R(no lookup in deferred deli)2.5 E
+-.15(ve)-.25 G(ry mode.).15 E(The)174 196.2 Q F0<ad73>3.208 E F1 .709(o\
+ption can include an optional parameter which can be used to select the)
+3.208 F(substrings in the result of the lookup.)174 208.2 Q -.15(Fo)5 G
+2.5(re).15 G(xample,)-2.65 E(-s1,3,4)214 224.4 Q .272
+(The delimiter string speci\214ed via the)174 240.6 R F0<ad64>2.772 E F1
+.271(option is the sequence of characters after)2.772 F F0(d)174 252.6 Q
+F1 .412(ending at the \214rst space.)2.912 F .412(Hence it isn')5.412 F
+2.912(tp)-.18 G .412(ossible to specify a space as delimiter)-2.912 F(,)
+-.4 E .641(so if the option is immediately follo)174 264.6 R .641
+(wed by a space the delimiter string is empty)-.25 F(,)-.65 E
+(which means the substrings are joined.)174 276.6 Q .696
+(Notes: to match a)174 300.6 R F0($)3.197 E F1 .697
+(in a string, \\$$ must be used.)3.197 F .697
+(If the pattern contains spaces,)5.697 F(the)174 312.6 Q 4.425(ym)-.15 G
+1.924(ust be replaced with the blank substitution character)-4.425 F
+4.424(,u)-.4 G 1.924(nless it is space)-4.424 F(itself.)174 324.6 Q
+35.62(program The)102 340.8 R(ar)2.544 E .044(guments on the)-.18 F F0
+(K)2.544 E F1 .045(line are the pathname to a program and an)2.544 F
+2.545(yi)-.15 G .045(nitial param-)-2.545 F .176(eters to be passed.)174
+352.8 R .176(When the map is called, the k)5.176 F .475 -.15(ey i)-.1 H
+2.675(sa).15 G .175(dded to the initial parame-)-2.675 F .112
+(ters and the program is in)174 364.8 R -.2(vo)-.4 G -.1(ke).2 G 2.612
+(da).1 G 2.612(st)-2.612 G .112(he def)-2.612 F .112
+(ault user/group id.)-.1 F .112(The \214rst line of stan-)5.112 F .508
+(dard output is returned as the v)174 376.8 R .508(alue of the lookup.)
+-.25 F .508(This has man)5.508 F 3.007(yp)-.15 G .507(otential secu-)
+-3.007 F 1.277(rity problems, and has terrible performance; it should b\
+e used only when abso-)174 388.8 R(lutely necessary)174 400.8 Q(.)-.65 E
+44.51(macro Set)102 417 R .32(or clear a macro v)2.82 F 2.82(alue. T)
+-.25 F 2.82(os)-.8 G .32(et a macro, pass the v)-2.82 F .32
+(alue as the \214rst ar)-.25 F .32(gument in)-.18 F .938
+(the map lookup.)174 429 R 2.538 -.8(To c)5.938 H .939
+(lear a macro, do not pass an ar).8 F .939(gument in the map lookup.)
+-.18 F(The map al)174 441 Q -.1(wa)-.1 G(ys returns the empty string.).1
+E(Example of typical usage include:)5 E(Kstorage macro)214 457.2 Q(...)
+214 481.2 Q 2.5(#s)214 505.2 S(et macro ${MyMacro} to the ruleset match)
+-2.5 E .19(R$+ $:)214 517.2 R($\(storage {MyMacro} $@ $1 $\) $1)2.5 E
+2.5(#s)214 529.2 S(et macro ${MyMacro} to an empty string)-2.5 E .83
+(R$* $:)214 541.2 R($\(storage {MyMacro} $@ $\) $1)2.5 E 2.5(#c)214
+553.2 S(lear macro ${MyMacro})-2.5 E .19(R$\255 $:)214 565.2 R
+($\(storage {MyMacro} $\) $1)2.5 E 51.17(arith Perform)102 585.6 R .494
+(simple arithmetic operations.)2.994 F .494(The operation is gi)5.494 F
+-.15(ve)-.25 G 2.993(na).15 G 2.993(sk)-2.993 G -.15(ey)-3.093 G 2.993
+(,c)-.5 G .493(urrently +,)-2.993 F .245(-, *, /, %, |, & \(bitwise OR,\
+ AND\), l \(for less than\), =, and r \(for random\) are sup-)174 597.6
+R 3.21(ported. The)174 609.6 R(tw)3.21 E 3.21(oo)-.1 G .71
+(perands are gi)-3.21 F -.15(ve)-.25 G 3.21(na).15 G 3.21(sa)-3.21 G
+-.18(rg)-3.21 G 3.21(uments. The).18 F .71(lookup returns the result)
+3.21 F 1.374(of the computation, i.e.,)174 621.6 R/F2 9/Times-Roman@0 SF
+(TR)3.874 E(UE)-.36 E F1(or)3.874 E F2 -.666(FA)3.874 G(LSE).666 E F1
+1.374(for comparisons, inte)3.874 F 1.374(ger v)-.15 F 1.374
+(alues other)-.25 F(-)-.2 E 3.212(wise. The)174 633.6 R 3.212(ro)3.212 G
+.712(perator returns a pseudo-random number whose v)-3.212 F .711
+(alue lies between)-.25 F .538(the \214rst and second operand \(which r\
+equires that the \214rst operand is smaller than)174 645.6 R 2.134
+(the second\).)174 657.6 R 2.133
+(All options which are possible for maps are ignored.)7.134 F 4.633(As)
+7.133 G(imple)-4.633 E -.15(ex)174 669.6 S(ample is:).15 E 0 Cg EP
%%Page: 87 83
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3837>195.86 E
-/F1 10/Times-Roman@0 SF<ad6b>102 96 Q/F2 10/Times-Italic@0 SF -.1<6b65>C
-<79636f6c>-.2 E F1 .519<546865206b>36.22 F .819 -.15<65792063>-.1 H .519
-<6f6c756d6e206e616d652028666f72204e49532b29206f72206e756d6265722028666f
-72207465>.15 F .519<7874206c6f6f6b757073292e>-.15 F -.15<466f>5.52 G
-3.02<724c>.15 G -.4<4441>-3.02 G 3.02<506d>.4 G<617073>-3.02 E .973
-<7468697320697320616e204c44>174 108 R .973<4150208c6c74657220737472696e
-6720696e207768696368202573206973207265706c61636564207769746820746865206c
-69746572616c20636f6e74656e7473206f66>-.4 F .248
-<746865206c6f6f6b7570206b>174 120 R .548 -.15<65792061>-.1 H .248
-<6e64202530206973207265706c61636564207769746820746865204c44>.15 F .249
-<4150206573636170656420636f6e74656e7473206f6620746865206c6f6f6b7570>-.4
-F -.1<6b65>174 132 S 4.176<7961>-.05 G 1.676
-<63636f7264696e6720746f2052464320323235342e>-4.176 F 1.676
-<496620746865208d6167>6.676 F F0<ad4b>4.176 E F1 1.676
-<697320757365642c207468656e202531207468726f75676820253920617265>4.176 F
-.886<7265706c61636564207769746820746865204c44>174 144 R .887
-<4150206573636170656420636f6e74656e7473206f6620746865206172>-.4 F .887
-<67756d656e74732073706563698c656420696e20746865206d6170>-.18 F
-<6c6f6f6b75702e>174 156 Q<ad76>102 172.2 Q F2<76616c636f6c>A F1 1.929
-<5468652076>36.92 F 1.928<616c756520636f6c756d6e206e616d652028666f72204e
-49532b29206f72206e756d6265722028666f72207465>-.25 F 1.928
-<7874206c6f6f6b757073292e>-.15 F -.15<466f>6.928 G 4.428<724c>.15 G -.4
-<4441>-4.428 G<50>.4 E .467<6d617073207468697320697320746865206e616d6520
-6f66206f6e65206f72206d6f726520617474726962>174 184.2 R .467<757465732074
-6f2062652072657475726e65643b206d756c7469706c6520617474726962>-.2 F
-<75746573>-.2 E 1.217
-<63616e2062652073657061726174656420627920636f6d6d61732e>174 196.2 R
-1.216<4966206e6f742073706563698c65642c20616c6c20617474726962>6.216 F
-1.216<7574657320666f756e6420696e20746865206d61746368>-.2 F 1.327
-<77696c6c2062652072657475726e65642e>174 208.2 R 1.328
-<54686520617474726962>6.328 F 1.328<75746573206c69737465642063616e20616c
-736f20696e636c7564652061207479706520616e64206f6e65206f72206d6f7265>-.2 F
-<6f626a656374436c6173732076>174 220.2 Q<616c75657320666f72206d6174636869
-6e672061732064657363726962656420696e20746865204c44>-.25 E
-<41502073656374696f6e2e>-.4 E<ad7a>102 236.4 Q F2<64656c696d>A F1 .219
-<54686520636f6c756d6e2064656c696d697465722028666f72207465>39.7 F .219
-<7874206c6f6f6b757073292e>-.15 F .218<49742063616e20626520612073696e676c
-6520636861726163746572206f72206f6e65206f6620746865>5.219 F 1.825
-<7370656369616c20737472696e67732099>174 248.4 R 1.825<5c6e9a206f722099>
-1.666 F 1.826<5c749a20746f20696e646963617465206e65>1.666 F 1.826
-<776c696e65206f7220746162207265737065637469>-.25 F -.15<7665>-.25 G
-<6c79>.15 E 6.826<2e49>-.65 G 4.326<666f>-6.826 G<6d6974746564>-4.326 E
-<656e746972656c79>174 260.4 Q 3.567<2c74>-.65 G 1.067
-<686520636f6c756d6e20736570617261746f7220697320616e>-3.567 F 3.567<7973>
--.15 G 1.067<657175656e6365206f662077686974652073706163652e>-3.567 F
--.15<466f>6.066 G 3.566<724c>.15 G -.4<4441>-3.566 G 3.566<506d>.4 G
-<617073>-3.566 E 2.061<746869732069732074686520736570617261746f72206368
-6172616374657220746f20636f6d62696e65206d756c7469706c652076>174 272.4 R
-2.062<616c75657320696e746f20612073696e676c652072657475726e>-.25 F 3.711
-<737472696e672e204966>174 284.4 R 1.211<6e6f74207365742c20746865204c44>
-3.711 F 1.211<4150206c6f6f6b75702077696c6c206f6e6c792072657475726e207468
-65208c727374206d6174636820666f756e642e>-.4 F -.15<466f>6.21 G<72>.15 E
-.101<444e53206d61707320746869732069732074686520736570617261746f72206368
-617261637465722061742077686963682074686520726573756c74206f66206120717565
-727920697320637574206f66>174 296.4 R 2.601<6669>-.25 G<66>-2.601 E
-<697320746f6f206c6f6e672e>174 308.4 Q 61.08<ad74204e6f726d616c6c79>102
-324.6 R 2.727<2c77>-.65 G .227<68656e2061206d617020617474656d7074732074
-6f20646f2061206c6f6f6b757020616e64207468652073657276>-2.727 F .226
-<65722066>-.15 F .226<61696c732028652e672e2c>-.1 F F2<73656e646d61696c>
-2.726 E F1<636f756c646e27>174 336.6 Q 2.776<7463>-.18 G .276
-<6f6e7461637420616e>-2.776 F 2.776<796e>-.15 G .276<616d652073657276>
--2.776 F .276<65723b2074686973206973>-.15 F F2<6e6f74>2.776 E F1 .276<74
-68652073616d6520617320616e20656e747279206e6f74206265696e6720666f756e64>
-2.776 F .251<696e20746865206d6170292c20746865206d657373616765206265696e
-672070726f6365737365642069732071756575656420666f72206675747572652070726f
-63657373696e672e>174 348.6 R<546865>5.25 E F0<ad74>2.75 E F1 2.039
-<8d6167207475726e73206f66>174 360.6 R 4.539<6674>-.25 G 2.039
-<6869732062656861>-4.539 F<76696f72>-.2 E 4.539<2c6c>-.4 G 2.039
-<657474696e67207468652074656d706f726172792066>-4.539 F 2.039
-<61696c757265202873657276>-.1 F 2.039<657220646f>-.15 F 2.04
-<776e2920616374206173>-.25 F .676
-<74686f75676820697420776572652061207065726d616e656e742066>174 372.6 R
-.675<61696c7572652028656e747279206e6f7420666f756e64292e>-.1 F .675
-<497420697320706172746963756c61726c792075736566756c20666f72>5.675 F .772
-<444e53206c6f6f6b7570732c20776865726520736f6d656f6e6520656c736527>174
-384.6 R 3.272<736d>-.55 G .772
-<6973636f6e8c6775726564206e616d652073657276>-3.272 F .772
-<65722063616e2063617573652070726f622d>-.15 F 1.646
-<6c656d73206f6e20796f7572206d616368696e652e>174 396.6 R<486f>6.646 E
-<7765>-.25 E -.15<7665>-.25 G 2.446 -.4<722c2063>.15 H 1.645
-<617265206d7573742062652074616b>.4 F 1.645
-<656e20746f20656e73757265207468617420796f7520646f6e27>-.1 F<74>-.18 E
-.262<626f756e6365206d61696c20746861742077>174 408.6 R .262
-<6f756c64206265207265736f6c76>-.1 F .262
-<656420636f72726563746c7920696620796f75207472696564206167>-.15 F 2.763
-<61696e2e2041>-.05 F .263<636f6d6d6f6e2073747261742d>2.763 F -.15<6567>
-174 420.6 S 2.5<7969>.15 G 2.5<7374>-2.5 G 2.5<6f66>-2.5 G<6f7277>-2.5 E
-<6172642073756368206d61696c20746f20616e6f74686572>-.1 E 2.5<2c70>-.4 G
-<6f737369626c792062657474657220636f6e6e65637465642c206d61696c2073657276>
--2.5 E<6572>-.15 E<2e>-.55 E 56.64<ad4420506572666f726d>102 436.8 R .833
-<6e6f206c6f6f6b757020696e2064656665727265642064656c69>3.333 F -.15<7665>
--.25 G .833<7279206d6f64652e>.15 F .833
-<54686973208d61672069732073657420627920646566>5.833 F .832
-<61756c7420666f7220746865>-.1 F F2<686f7374>174 448.8 Q F1<6d61702e>2.5
-E<ad53>102 465 Q F2<7370616365737562>A F1 1.537<546865206368617261637465
-7220746f2075736520746f207265706c6163652073706163652063686172616374657273
-2061667465722061207375636365737366756c206d6170206c6f6f6b7570>24.14 F
-<286573702e2075736566756c20666f72207265>174 477 Q<6765>-.15 E 2.5<7861>
--.15 G<6e64207379736c6f67206d617073292e>-2.5 E<ad73>102 493.2 Q F2
-<7370616365737562>A F1 -.15<466f>25.81 G 3.101<7274>.15 G .601
-<686520646571756f7465206d6170206f6e6c79>-3.101 F 3.101<2c74>-.65 G .601<
-68652063686172616374657220746f2075736520746f207265706c616365207370616365
-20636861726163746572732061667465722061>-3.101 F
-<7375636365737366756c20646571756f74652e>174 505.2 Q 58.86
-<ad7120446f6e27>102 521.4 R 2.5<7464>-.18 G<6571756f746520746865206b>
--2.5 E .3 -.15<65792062>-.1 H<65666f7265206c6f6f6b75702e>.15 E<ad4c>102
-537.6 Q F2<6c65>A<76656c>-.15 E F1 -.15<466f>41.52 G 2.5<7274>.15 G
-<6865207379736c6f67206d6170206f6e6c79>-2.5 E 2.5<2c69>-.65 G 2.5<7473>
--2.5 G<706563698c657320746865206c65>-2.5 E -.15<7665>-.25 G 2.5<6c74>.15
-G 2.5<6f75>-2.5 G<736520666f7220746865207379736c6f672063616c6c2e>-2.5 E
-56.64<ad41205768656e>102 553.8 R<726562>3 E .5
-<75696c64696e6720616e20616c696173208c6c652c20746865>-.2 F F0<ad41>3 E F1
-.5<8d616720636175736573206475706c696361746520656e747269657320696e207468
-65207465>3 F .5<78742076>-.15 F<6572>-.15 E<2d>-.2 E
-<73696f6e20746f206265206d6572>174 565.8 Q 2.5<6765642e2046>-.18 F
-<6f722065>-.15 E<78616d706c652c207477>-.15 E 2.5<6f65>-.1 G
-<6e74726965733a>-2.5 E 27.49<6c6973743a2075736572312c>214 582 R
-<7573657232>2.5 E 27.49<6c6973743a207573657233>214 594 R -.1<776f>174
-610.2 S<756c6420626520747265617465642061732074686f7567682069742077657265
-207468652073696e676c6520656e747279>.1 E 27.49<6c6973743a2075736572312c>
-214 626.4 R<75736572322c207573657233>2.5 E
-<696e207468652070726573656e6365206f6620746865>174 642.6 Q F0<ad41>2.5 E
-F1<8d61672e>2.5 E<536f6d65206164646974696f6e616c208d616773206172652061>
-127 658.8 Q -.25<7661>-.2 G
-<696c61626c6520666f722074686520686f737420616e6420646e73206d6170733a>.25
-E 58.86<ad642064656c61793a>102 675 R
-<7370656369667920746865207265736f6c76>2.5 E<657227>-.15 E 2.5<7372>-.55
-G<657472616e736d697373696f6e2074696d6520696e74657276>-2.5 E
-<616c2028696e207365636f6e6473292e>-.25 E 60.53<ad722072657472793a>102
-691.2 R<7370656369667920746865206e756d626572206f662074696d657320746f2072
-657472616e736d69742061207265736f6c76>2.5 E<6572207175657279>-.15 E<2e>
--.65 E<54686520646e73206d61702068617320616e6f74686572208d61673a>127
-707.4 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-87)195.86 E/F1 10/Times-Roman@0 SF(Kcomp arith)214 96 Q(...)214
+120 Q(Scheck_etrn)214 144 Q .83(R$* $:)214 156 R($\(comp l $@ $&{load_a)
+2.5 E(vg} $@ 7 $\) $1)-.2 E(RF)214 168 Q(ALSE$# error ...)-.74 E(sock)
+102 188.4 Q 44.05(et The)-.1 F(sock)3.231 E .732
+(et map uses a simple request/reply protocol o)-.1 F -.15(ve)-.15 G
+3.232(rT).15 G .732(CP or UNIX domain)-3.232 F(sock)174 200.4 Q .753
+(ets to query an e)-.1 F .753(xternal serv)-.15 F(er)-.15 E 5.753(.B)
+-.55 G .753(oth requests and replies are te)-5.753 F .753(xt based and)
+-.15 F(encoded as netstrings, i.e., a string "hello there" becomes:)174
+212.4 Q(11:hello there,)214 228.6 Q
+(Note: neither requests nor replies end with CRLF)174 244.8 Q(.)-.8 E
+.301(The request consists of the database map name and the lookup k)174
+268.8 R .601 -.15(ey s)-.1 H .301(eparated by a).15 F(space character:)
+174 280.8 Q(<mapname> ' ' <k)214 309 Q -.15(ey)-.1 G(>).15 E(The serv)
+174 337.2 Q(er responds with a status indicator and the result \(if an)
+-.15 E(y\):)-.15 E(<status> ' ' <result>)214 365.4 Q .161(The status in\
+dicator speci\214es the result of the lookup operation itself and is on\
+e of)174 393.6 R(the follo)174 405.6 Q(wing upper case w)-.25 E(ords:)
+-.1 E 28.06(OK the)214 421.8 R -.1(ke)2.5 G 2.5(yw)-.05 G
+(as found, result contains the look)-2.6 E(ed up v)-.1 E(alue)-.25 E(NO)
+214 433.8 Q(TFOUNDthe k)-.4 E .3 -.15(ey w)-.1 H
+(as not found, the result is empty).05 E 15.83(TEMP a)214 445.8 R
+(temporary f)2.5 E(ailure occurred)-.1 E -2.49(TIMEOUT a)214 457.8 R
+(timeout occurred on the serv)2.5 E(er side)-.15 E 15.27(PERM a)214
+469.8 R(permanent f)2.5 E(ailure occurred)-.1 E .26
+(In case of errors \(status TEMP)174 498 R 2.76(,T)-1.11 G .26
+(IMEOUT or PERM\) the result \214eld may contain)-2.76 F .819(an e)174
+510 R .819(xplanatory message.)-.15 F(Ho)5.818 E(we)-.25 E -.15(ve)-.25
+G 1.618 -.4(r, t).15 H .818(he e).4 F .818
+(xplanatory message is not used an)-.15 F 3.318(yf)-.15 G(ur)-3.318 E(-)
+-.2 E(ther by)174 522 Q/F2 10/Times-Italic@0 SF(sendmail)2.5 E F1(.)A
+(Example replies:)174 546 Q(31:OK resolv)214 562.2 Q(ed.address@e)-.15 E
+(xample.com,)-.15 E
+(56:OK error:550 5.7.1 User does not accept mail from sender)214 594.6 Q
+(,)-.4 E(in case of successful lookups, or:)174 622.8 Q(8:NO)214 639 Q
+(TFOUND,)-.4 E(in case the k)174 667.2 Q .3 -.15(ey w)-.1 H
+(as not found, or:).05 E(55:TEMP this te)214 683.4 Q(xt e)-.15 E
+(xplains that we had a temporary f)-.15 E(ailure,)-.1 E
+(in case of a temporary map lookup f)174 711.6 Q(ailure.)-.1 E 0 Cg EP
%%Page: 88 84
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d38382053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 57.19<ad422062617365646f6d61696e3a>102 96 R
-<73706563696679206120646f6d61696e207468617420697320616c>2.5 E -.1<7761>
--.1 G<797320617070656e64656420746f20717565726965732e>.1 E<536f636b>127
-112.2 Q<6574206d617073206861>-.1 E .3 -.15<76652061>-.2 H 2.5<6e6f>.15 G
-<7074696f6e616c208d61673a>-2.5 E 58.86<ad642074696d656f75743a>102 128.4
-R .441<73706563696679207468652074696d656f75742028696e207365636f6e647329
-20666f7220636f6d6d756e69636174696f6e20776974682074686520736f636b>2.941 F
-.44<6574206d6170>-.1 F<73657276>174 140.4 Q<6572>-.15 E<2e>-.55 E
-<54686520666f6c6c6f>127 156.6 Q<77696e67206164646974696f6e616c208d616773
-206172652070726573656e7420696e20746865206c646170206d6170206f6e6c793a>
--.25 E 57.19<ad5220446f>102 172.8 R .025
-<6e6f74206175746f20636861736520726566657272616c732e>2.525 F .025
-<73656e646d61696c206d75737420626520636f6d70696c65642077697468>5.025 F F0
-<ad444c44>2.525 E<41505f52454645522d>-.35 E<52414c53>174 184.8 Q F1
-<746f207573652074686973208d61672e>2.5 E 58.86<ad6e20526574726965>102 201
-R .3 -.15<76652061>-.25 H<7474726962>.15 E<757465206e616d6573206f6e6c79>
--.2 E<2e>-.65 E<ad56>102 217.2 Q/F2 10/Times-Italic@0 SF<736570>A F1
-<526574726965>45.81 E .3 -.15<76652062>-.25 H<6f746820617474726962>.15 E
-<75746573206e616d6520616e642076>-.2 E
-<616c75652873292c20736570617261746564206279>-.25 E F2<736570>2.5 E F1
-<2e>A<ad72>102 233.4 Q F2<646572>A<6566>-.37 E F1<5365742074686520616c69
-61732064657265666572656e6365206f7074696f6e20746f206f6e65206f66206e65>
-42.85 E -.15<7665>-.25 G .8 -.4<722c2061>.15 H -.1<6c7761>.4 G
-<79732c207365617263682c206f72208c6e642e>.1 E<ad73>102 249.6 Q F2
-<73636f7065>A F1<536574207365617263682073636f706520746f206f6e65206f6620
-626173652c206f6e6520286f6e65206c65>39.7 E -.15<7665>-.25 G
-<6c292c206f7220737562202873756274726565292e>.15 E<ad68>102 265.8 Q F2
-<686f7374>A F1<4c44>44.69 E 2.095<41502073657276>-.4 F 2.095
-<657220686f73746e616d652e>-.15 F 2.095<536f6d65204c44>7.095 F 2.095
-<4150206c696272617269657320616c6c6f>-.4 F 4.595<7779>-.25 G 2.095
-<6f7520746f2073706563696679206d756c7469706c652c>-4.595 F .466
-<73706163652d73657061726174656420686f73747320666f7220726564756e64616e63>
-174 277.8 R 4.266 -.65<792e2049>-.15 H 2.967<6e61>.65 G .467<6464697469
-6f6e2c2065616368206f662074686520686f737473206c69737465642063616e206265>
--2.967 F<666f6c6c6f>174 289.8 Q<776564206279206120636f6c6f6e20616e642061
-20706f7274206e756d62657220746f206f>-.25 E -.15<7665>-.15 G
-<72726964652074686520646566>.15 E<61756c74204c44>-.1 E<415020706f72742e>
--.4 E<ad70>102 306 Q F2<706f7274>A F1<4c44>44.69 E
-<4150207365727669636520706f72742e>-.4 E<ad48>102 322.2 Q F2<4c44>2.5 E
-<4150555249>-.35 E F1 1.103<557365207468652073706563698c6564204c44>15.33
-F 1.102<41502055524920696e7374656164206f662073706563696679696e6720746865
-20686f73746e616d6520616e6420706f727420736570612d>-.4 F
-<726174656c7920776974682074686520746865>174 334.2 Q F0<ad68>2.5 E F1
-<616e64>2.5 E F0<ad70>2.5 E F1<6f7074696f6e732073686f>2.5 E
-<776e2061626f>-.25 E -.15<7665>-.15 G 5<2e46>.15 G<6f722065>-5.15 E
-<78616d706c652c>-.15 E<2d682073657276>214 350.4 Q<6572>-.15 E<2e65>-.55
-E<78616d706c652e636f6d202d7020333839202d622064633d65>-.15 E
-<78616d706c652c64633d636f6d>-.15 E<69732065717569>174 366.6 Q -.25<7661>
--.25 G<6c656e7420746f>.25 E<2d48206c6461703a2f2f73657276>214 382.8 Q
-<6572>-.15 E<2e65>-.55 E<78616d706c652e636f6d3a333839202d622064633d65>
--.15 E<78616d706c652c64633d636f6d>-.15 E .756<496620746865204c44>174 399
-R .757<4150206c69627261727920737570706f7274732069742c20746865204c44>-.4
-F .757<41502055524920666f726d617420686f>-.4 F<7765>-.25 E -.15<7665>-.25
-G 3.257<7263>.15 G .757<616e20616c736f2072657175657374>-3.257 F<4c44>174
-411 Q<4150206f>-.4 E -.15<7665>-.15 G 2.5<7253>.15 G
-<534c206279207573696e67>-2.5 E F0<6c646170733a2f2f>2.5 E F1
-<696e7374656164206f66>2.5 E F0<6c6461703a2f2f>2.5 E F1 5<2e46>C
-<6f722065>-5.15 E<78616d706c653a>-.15 E 2.5<4f4c>214 427.2 S -.4<4441>
--2.5 G<50446566>.4 E
-<61756c74537065633d2d48206c646170733a2f2f6c6461702e65>-.1 E
-<78616d706c652e636f6d202d622064633d65>-.15 E<78616d706c652c64633d636f6d>
--.15 E<53696d696c61726c79>174 443.4 Q 3.221<2c69>-.65 G 3.221<6674>
--3.221 G .721<6865204c44>-3.221 F .721<4150206c69627261727920737570706f
-7274732069742c2049742063616e20616c736f206265207573656420746f207370656369
-6679206120554e4958>-.4 F<646f6d61696e20736f636b>174 455.4 Q
-<6574207573696e67>-.1 E F0<6c646170693a2f2f>2.5 E F1<3a>A 2.5<4f4c>214
-471.6 S -.4<4441>-2.5 G<50446566>.4 E
-<61756c74537065633d2d48206c646170693a2f2f736f636b>-.1 E
-<65748c6c65202d622064633d65>-.1 E<78616d706c652c64633d636f6d>-.15 E
-<ad62>102 492 Q F2<62617365>A F1<4c44>43.03 E
-<41502073656172636820626173652e>-.4 E<ad6c>102 508.2 Q F2
-<74696d656c696d6974>A F1 -.35<5469>28.02 G
-<6d65206c696d697420666f72204c44>.35 E<415020717565726965732e>-.4 E<ad5a>
-102 524.4 Q F2<73697a656c696d6974>A F1<53697a6520286e756d626572206f6620
-6d61746368657329206c696d697420666f72204c44>26.91 E
-<4150206f7220444e5320717565726965732e>-.4 E<ad64>102 540.6 Q F2
-<64697374696e677569736865645f6e616d65>A F1<5468652064697374696e67756973
-686564206e616d6520746f2075736520746f206c6f67696e20746f20746865204c44>174
-552.6 Q<41502073657276>-.4 E<6572>-.15 E<2e>-.55 E<ad4d>102 568.8 Q F2
-<6d6574686f64>A F1 5.987<546865206d6574686f6420746f2061757468656e746963
-61746520746f20746865204c44>28.03 F 5.987<41502073657276>-.4 F<6572>-.15
-E 10.987<2e53>-.55 G 5.988<686f756c64206265206f6e65206f66>-10.987 F F0
-<4c44>174 580.8 Q<41505f41>-.35 E<5554485f4e4f4e45>-.5 E F1<2c>A F0
-<4c44>2.5 E<41505f41>-.35 E<5554485f53494d504c45>-.5 E F1 2.5<2c6f>C<72>
--2.5 E F0<4c44>2.5 E<41505f41>-.35 E<5554485f4b52425634>-.5 E F1<2e>A
-<ad50>102 597 Q F2<70617373776f72>A<648c6c65>-.37 E F1 .342
-<546865208c6c6520636f6e7461696e696e672074686520736563726574206b>10.61 F
-.642 -.15<65792066>-.1 H .342<6f7220746865>.15 F F0<4c44>2.842 E
-<41505f41>-.35 E<5554485f53494d504c45>-.5 E F1
-<61757468656e7469636174696f6e>2.842 E
-<6d6574686f64206f7220746865206e616d65206f6620746865204b>174 609 Q
-<65726265726f73207469636b>-.25 E<6574208c6c6520666f72>-.1 E F0<4c44>2.5
-E<41505f41>-.35 E<5554485f4b52425634>-.5 E F1<2e>A 58.86<ad312046>102
-625.2 R .457<6f726365204c44>-.15 F .458<415020736561726368657320746f206f
-6e6c79207375636365656420696620612073696e676c65206d6174636820697320666f75
-6e642e>-.4 F .458<4966206d756c7469706c652076>5.458 F<616c2d>-.25 E<7565
-732061726520666f756e642c207468652073656172636820697320747265617465642061
-73206966206e6f206d617463682077>174 637.2 Q<617320666f756e642e>-.1 E
-<ad77>102 653.4 Q F2<766572>A<73696f6e>-.1 E F1 1.48
-<53657420746865204c44>29.8 F 1.479<4150204150492f70726f746f636f6c2076>
--.4 F 1.479<657273696f6e20746f207573652e>-.15 F 1.479<54686520646566>
-6.479 F 1.479<61756c7420646570656e6473206f6e20746865204c44>-.1 F<4150>
--.4 E 1.37<636c69656e74206c696272617269657320696e207573652e>174 665.4 R
--.15<466f>6.37 G 3.87<7265>.15 G<78616d706c652c>-4.02 E F0 1.37
-<ad772033>3.87 F F1 1.37<77696c6c206361757365>3.87 F F2
-<73656e646d61696c>3.87 E F1 1.37<746f20757365204c44>3.87 F<41507633>-.4
-E<7768656e20636f6d6d756e69636174696e67207769746820746865204c44>174 677.4
-Q<41502073657276>-.4 E<6572>-.15 E<2e>-.55 E 56.64<ad4b2054>102 693.6 R
-.588<7265617420746865204c44>-.35 F .588<415020736561726368206b>-.4 F
-.888 -.15<65792061>-.1 H 3.088<736d>.15 G<756c74692d6172>-3.088 E .587<
-67756d656e7420616e64207265706c616365202531207468726f75676820253920696e20
-746865>-.18 F -.1<6b65>174 705.6 S 2.503<7977>-.05 G .003
-<69746820746865204c44>-2.503 F .003<4150206573636170656420636f6e74656e74
-73206f6620746865206c6f6f6b7570206172>-.4 F .003
-<67756d656e74732073706563698c656420696e20746865206d6170>-.18 F
-<6c6f6f6b75702e>174 717.6 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-88 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 1.186
+(The sock)174 96 R 1.186(et map uses the same syntax as milters \(see S\
+ection "X \212 Mail Filter)-.1 F
+(\(Milter\) De\214nitions"\) to specify the remote endpoint, e.g.,)174
+108 Q(Ksock)214 124.2 Q(et mySock)-.1 E(etMap inet:12345@127.0.0.1)-.1 E
+.493(If multiple sock)174 152.4 R .492
+(et maps de\214ne the same remote endpoint, the)-.1 F 2.992(yw)-.15 G
+.492(ill share a single)-2.992 F(connection to this endpoint.)174 164.4
+Q .488(Most of these accept as ar)127 180.6 R .488
+(guments the same optional \215ags and a \214lename \(or a mapname for)
+-.18 F .31(NIS; the \214lename is the root of the database path, so tha\
+t \231.db\232 or some other e)102 192.6 R .31(xtension appropriate)-.15
+F
+(for the database type will be added to get the actual database name\).)
+102 204.6 Q(Kno)5 E(wn \215ags are:)-.25 E 58.86(\255o Indicates)102
+220.8 R 1.148(that this map is optional \212 that is, if it cannot be o\
+pened, no error is)3.647 F(produced, and)174 232.8 Q/F2 10
+/Times-Italic@0 SF(sendmail)2.5 E F1(will beha)2.5 E .3 -.15(ve a)-.2 H
+2.5(si).15 G 2.5(ft)-2.5 G(he map e)-2.5 E(xisted b)-.15 E(ut w)-.2 E
+(as empty)-.1 E(.)-.65 E(\255N, \255O)102 249 Q .697(If neither)41.28 F
+F0<ad4e>3.197 E F1(or)3.197 E F0<ad4f>3.197 E F1 .697(are speci\214ed,)
+3.197 F F2(sendmail)3.197 E F1 .697(uses an adapti)3.197 F .997 -.15
+(ve a)-.25 H .697(lgorithm to decide).15 F .108
+(whether or not to look for null bytes on the end of k)174 261 R -.15
+(ey)-.1 G 2.608(s. It).15 F .108(starts by trying both; if)2.608 F .82
+(it \214nds an)174 273 R 3.32(yk)-.15 G 1.12 -.15(ey w)-3.42 H .82
+(ith a null byte it ne).15 F -.15(ve)-.25 G 3.319(rt).15 G .819(ries ag)
+-3.319 F .819(ain without a null byte and vice)-.05 F -.15(ve)174 285 S
+2.827(rsa. If).15 F F0<ad4e>2.827 E F1 .327(is speci\214ed it ne)2.827 F
+-.15(ve)-.25 G 2.828(rt).15 G .328(ries without a null byte and if)
+-2.828 F F0<ad4f>2.828 E F1 .328(is speci\214ed it)2.828 F(ne)174 297 Q
+-.15(ve)-.25 G 2.886(rt).15 G .386(ries with a null byte.)-2.886 F .386
+(Setting one of these can speed matches b)5.386 F .386(ut are ne)-.2 F
+-.15(ve)-.25 G(r).15 E(necessary)174 309 Q 5.545(.I)-.65 G 3.045(fb)
+-5.545 G(oth)-3.045 E F0<ad4e>3.045 E F1(and)3.045 E F0<ad4f>3.045 E F1
+.545(are speci\214ed,)3.045 F F2(sendmail)3.045 E F1 .546(will ne)3.046
+F -.15(ve)-.25 G 3.046(rt).15 G .546(ry an)-3.046 F 3.046(ym)-.15 G
+(atches)-3.046 E(at all \212 that is, e)174 321 Q -.15(ve)-.25 G
+(rything will appear to f).15 E(ail.)-.1 E<ad61>102 337.2 Q F2(x)A F1
+1.357(Append the string)57.48 F F2(x)3.857 E F1 1.357
+(on successful matches.)3.857 F -.15(Fo)6.357 G 3.857(re).15 G 1.356
+(xample, the def)-4.007 F(ault)-.1 E F2(host)3.856 E F1(map)3.856 E
+(appends a dot on successful matches.)174 349.2 Q<ad54>102 365.4 Q F2(x)
+A F1 .02(Append the string)55.81 F F2(x)2.52 E F1 .021(on temporary f)
+2.52 F 2.521(ailures. F)-.1 F .021(or e)-.15 F(xample,)-.15 E F2(x)2.521
+E F1 -.1(wo)2.521 G .021(uld be appended if a).1 F .72
+(DNS lookup returned \231serv)174 377.4 R .72(er f)-.15 F .72
+(ailed\232 or an NIS lookup could not locate a serv)-.1 F(er)-.15 E(.)
+-.55 E(See also the)174 389.4 Q F0<ad74>2.5 E F1(\215ag.)2.5 E 60.53
+(\255f Do)102 405.6 R(not fold upper to lo)2.5 E
+(wer case before looking up the k)-.25 E -.15(ey)-.1 G(.)-.5 E 56.08
+(\255m Match)102 421.8 R .399(only \(without replacing the v)2.899 F
+2.899(alue\). If)-.25 F .399(you only care about the e)2.899 F .4
+(xistence of)-.15 F 7.307(ak)174 433.8 S 5.107 -.15(ey a)-7.407 H 4.807
+(nd not the v).15 F 4.807
+(alue \(as you might when searching the NIS map)-.25 F 1.947
+(\231hosts.byname\232 for e)174 445.8 R 1.947(xample\), this \215ag pre)
+-.15 F -.15(ve)-.25 G 1.947(nts the map from substituting the).15 F -.25
+(va)174 457.8 S 2.85(lue. Ho).25 F(we)-.25 E -.15(ve)-.25 G 1.15 -.4
+(r, T).15 H .35(he \255a ar).4 F .349
+(gument is still appended on a match, and the def)-.18 F .349(ault is)
+-.1 F(still tak)174 469.8 Q(en if the match f)-.1 E(ails.)-.1 E<ad6b>102
+486 Q F2 -.1(ke)C(ycol)-.2 E F1 .519(The k)36.22 F .819 -.15(ey c)-.1 H
+.519(olumn name \(for NIS+\) or number \(for te).15 F .519
+(xt lookups\).)-.15 F -.15(Fo)5.52 G 3.02(rL).15 G -.4(DA)-3.02 G 3.02
+(Pm).4 G(aps)-3.02 E .973(this is an LD)174 498 R .973(AP \214lter stri\
+ng in which %s is replaced with the literal contents of)-.4 F .248
+(the lookup k)174 510 R .548 -.15(ey a)-.1 H .248
+(nd %0 is replaced with the LD).15 F .249
+(AP escaped contents of the lookup)-.4 F -.1(ke)174 522 S 4.176(ya)-.05
+G 1.676(ccording to RFC 2254.)-4.176 F 1.676(If the \215ag)6.676 F F0
+<ad4b>4.176 E F1 1.676(is used, then %1 through %9 are)4.176 F .886
+(replaced with the LD)174 534 R .887(AP escaped contents of the ar)-.4 F
+.887(guments speci\214ed in the map)-.18 F(lookup.)174 546 Q<ad76>102
+562.2 Q F2(valcol)A F1 1.929(The v)36.92 F 1.928
+(alue column name \(for NIS+\) or number \(for te)-.25 F 1.928
+(xt lookups\).)-.15 F -.15(Fo)6.928 G 4.428(rL).15 G -.4(DA)-4.428 G(P)
+.4 E .467(maps this is the name of one or more attrib)174 574.2 R .467
+(utes to be returned; multiple attrib)-.2 F(utes)-.2 E 1.217
+(can be separated by commas.)174 586.2 R 1.216
+(If not speci\214ed, all attrib)6.216 F 1.216(utes found in the match)
+-.2 F 1.327(will be returned.)174 598.2 R 1.328(The attrib)6.328 F 1.328
+(utes listed can also include a type and one or more)-.2 F
+(objectClass v)174 610.2 Q(alues for matching as described in the LD)
+-.25 E(AP section.)-.4 E<ad7a>102 626.4 Q F2(delim)A F1 .219
+(The column delimiter \(for te)39.7 F .219(xt lookups\).)-.15 F .218
+(It can be a single character or one of the)5.219 F 1.825
+(special strings \231)174 638.4 R 1.825(\\n\232 or \231)1.666 F 1.826
+(\\t\232 to indicate ne)1.666 F 1.826(wline or tab respecti)-.25 F -.15
+(ve)-.25 G(ly).15 E 6.826(.I)-.65 G 4.326(fo)-6.826 G(mitted)-4.326 E
+(entirely)174 650.4 Q 4.123(,t)-.65 G 1.623(he column separator is an)
+-4.123 F 4.123(ys)-.15 G 1.622(equence of white space.)-4.123 F -.15(Fo)
+6.622 G 4.122(rL).15 G -.4(DA)-4.122 G 4.122(Pa).4 G(nd)-4.122 E .557
+(some other maps this is the separator character to combine multiple v)
+174 662.4 R .557(alues into a)-.25 F .804(single return string.)174
+674.4 R .804(If not set, the LD)5.804 F .803
+(AP lookup will only return the \214rst match)-.4 F 2.57(found. F)174
+686.4 R .07(or DNS maps this is the separator character at which the re\
+sult of a query)-.15 F(is cut of)174 698.4 Q 2.5(fi)-.25 G 2.5(fi)-2.5 G
+2.5(st)-2.5 G(oo long.)-2.5 E 0 Cg EP
%%Page: 89 85
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3839>195.86 E
-/F1 10/Times-Roman@0 SF<546865>127 96 Q/F2 10/Times-Italic@0 SF<64626d>
-2.99 E F1 .489<6d617020617070656e64732074686520737472696e677320992e7061
-679a20616e6420992e6469729a20746f20746865206769>2.99 F -.15<7665>-.25 G
-2.989<6e8c>.15 G .489<6c656e616d653b20746865>-2.989 F F2<68617368>2.989
-E F1<616e64>2.989 E F2<627472>2.989 E<6565>-.37 E F1
-<6d61707320617070656e6420992e64629a2e>102 108 Q -.15<466f>5 G 2.5<7265>
-.15 G<78616d706c652c20746865206d61702073706563698c636174696f6e>-2.65 E
--.15<4b75>142 124.2 S
-<7563702064626d20ad6f20ad4e202f6574632f6d61696c2f757563706d6170>.15 E
-.21<73706563698c657320616e206f7074696f6e616c206d6170206e616d656420997575
-63709a206f6620636c617373209964626d9a3b20697420616c>102 140.4 R -.1<7761>
--.1 G .21
-<797320686173206e756c6c2062797465732061742074686520656e64206f662065>.1 F
--.15<7665>-.25 G<7279>.15 E<737472696e672c20616e642074686520646174612069
-73206c6f636174656420696e202f6574632f6d61696c2f757563706d61702e7b646972>
-102 152.4 Q<2c7061677d2e>-.4 E 1.095<5468652070726f6772616d>127 168.6 R
-F2<6d616b>3.595 E<656d6170>-.1 E F1 1.094
-<2838292063616e206265207573656420746f2062>B 1.094<75696c6420616e>-.2 F
-3.594<796f>-.15 G 3.594<6674>-3.594 G 1.094
-<68652074687265652064617461626173652d6f7269656e746564206d6170732e>-3.594
-F<4974>6.094 E<74616b>102 180.6 Q<65732074686520666f6c6c6f>-.1 E
-<77696e67208d6167733a>-.25 E 60.53<ad6620446f>102 196.8 R
-<6e6f7420666f6c6420757070657220746f206c6f>2.5 E
-<776572206361736520696e20746865206d61702e>-.25 E 56.64
-<ad4e20496e636c756465>102 213 R<6e756c6c20627974657320696e206b>2.5 E
--.15<6579>-.1 G<732e>.15 E 58.86<ad6f20417070656e64>102 229.2 R
-<746f20616e2065>2.5 E<78697374696e6720286f6c6429208c6c652e>-.15 E 60.53
-<ad7220416c6c6f>102 245.4 R 3.668<7772>-.25 G 1.168
-<65706c6163656d656e74206f662065>-3.668 F 1.168<78697374696e67206b>-.15 F
--.15<6579>-.1 G 1.168<733b206e6f726d616c6c79>.15 F 3.668<2c72>-.65 G
-1.168<652d696e73657274696e6720616e2065>-3.668 F 1.168
-<78697374696e67206b>-.15 F 1.469 -.15<65792069>-.1 H 3.669<7361>.15 G
-<6e>-3.669 E<6572726f72>174 257.4 Q<2e>-.55 E 58.86<ad76205072696e74>102
-273.6 R<776861742069732068617070656e696e672e>2.5 E<546865>102 289.8 Q F2
-<73656e646d61696c>3.606 E F1 1.106<6461656d6f6e20646f6573206e6f74206861>
-3.606 F 1.406 -.15<76652074>-.2 H 3.606<6f62>.15 G 3.606<6572>-3.606 G
-1.106<657374617274656420746f207265616420746865206e65>-3.606 F 3.605
-<776d>-.25 G 1.105<617073206173206c6f6e6720617320796f75206368616e6765>
--3.605 F<7468656d20696e20706c6163653b208c6c65206c6f636b696e672069732075
-73656420736f207468617420746865206d6170732077>102 301.8 Q<6f6e27>-.1 E
-2.5<7462>-.18 G 2.5<6572>-2.5 G<656164207768696c6520746865>-2.5 E 2.5
-<7961>-.15 G<7265206265696e6720757064617465642e>-2.5 E<4e65>127 318 Q
-2.5<7763>-.25 G
-<6c61737365732063616e20626520616464656420696e2074686520726f7574696e65>
--2.5 E F0<73657475706d617073>2.5 E F1<696e208c6c65>2.5 E F0<636f6e66>2.5
-E<2e63>-.15 E F1<2e>A F0 2.5<352e31302e2051>87 342 R 2.5<8a51>2.5 G
-<75657565204772>-2.5 E<6f7570204465636c61726174696f6e>-.18 E F1 .71
-<496e206164646974696f6e20746f20746865206f7074696f6e>127 358.2 R F2
-<5175657565446972>3.21 E<6563746f7279>-.37 E<2c>-.55 E F1 .71<7175657565
-2067726f7570732063616e206265206465636c6172656420746861742064658c6e652061
-202867726f7570>3.21 F<6f6629207175657565206469726563746f7269657320756e64
-6572206120636f6d6d6f6e206e616d652e>102 370.2 Q
-<5468652073796e74617820697320617320666f6c6c6f>5 E<77733a>-.25 E F0<51>
-142 386.4 Q F2<6e616d65>A F1<7b2c>2.5 E F2<8c656c64>2.5 E F1<3d>A F2
-<76616c7565>A F1<7d2b>1.666 E<7768657265>102 402.6 Q F2<6e616d65>3.276 E
-F1 .775<6973207468652073796d626f6c6963206e616d65206f66207468652071756575
-652067726f757020756e6465722077686963682069742063616e20626520726566657265
-6e63656420696e2076>3.276 F<6172696f7573>-.25 E .217
-<706c6163657320616e642074686520998c656c643d76>102 414.6 R .217
-<616c75659a2070616972732064658c6e6520617474726962>-.25 F .217
-<75746573206f66207468652071756575652067726f75702e>-.2 F .218
-<546865206e616d65206d757374206f6e6c7920636f6e73697374>5.218 F
-<6f6620616c7068616e756d6572696320636861726163746572732e>102 426.6 Q
-<4669656c6473206172653a>5 E 47.83<466c61677320466c616773>102 442.8 R
-<666f7220746869732071756575652067726f75702e>2.5 E 50.62
-<4e69636520546865>102 459 R .902<6e69636528322920696e6372656d656e742066
-6f72207468652071756575652067726f75702e>3.402 F .901<546869732076>5.902 F
-.901<616c7565206d7573742062652067726561746572206f7220657175616c>-.25 F
-<7a65726f2e>174 471 Q<496e74657276>102 487.2 Q 38.65<616c20546865>-.25 F
-<74696d65206265747765656e207477>2.5 E 2.5<6f71>-.1 G
-<756575652072756e732e>-2.5 E -.15<5061>102 503.4 S 51.87<746820546865>
-.15 F<7175657565206469726563746f7279206f66207468652067726f75702028726571
-7569726564292e>2.5 E 36.17<52756e6e65727320546865>102 519.6 R .073<6e75
-6d626572206f6620706172616c6c656c2072756e6e6572732070726f63657373696e6720
-7468652071756575652e>2.573 F .074<4e6f74652074686174>5.074 F F0<463d66>
-2.574 E F1 .074<6d75737420626520736574206966>2.574 F<746869732076>174
-531.6 Q<616c75652069732067726561746572207468616e206f6e652e>-.25 E 51.72
-<4a6f627320546865>102 547.8 R<6d6178696d756d206e756d626572206f66206a6f62
-7320286d657373616765732064656c69>2.5 E -.15<7665>-.25 G
-<72656429207065722071756575652072756e2e>.15 E 30.62
-<726563697069656e747320546865>102 564 R .382
-<6d6178696d756d206e756d626572206f6620726563697069656e74732070657220656e>
-2.882 F -.15<7665>-.4 G 2.882<6c6f70652e20456e>.15 F -.15<7665>-.4 G
-.382<6c6f7065732077697468206d6f7265207468616e2074686973>.15 F .109<6e75
-6d626572206f6620726563697069656e74732077696c6c2062652073706c697420696e74
-6f206d756c7469706c6520656e>174 576 R -.15<7665>-.4 G .11
-<6c6f70657320696e207468652073616d652071756575652064697265632d>.15 F
-<746f7279>174 588 Q 5<2e54>-.65 G<686520646566>-5 E<61756c742076>-.1 E
-<616c75652030206d65616e73206e6f206c696d69742e>-.25 E<4f6e6c792074686520
-8c72737420636861726163746572206f6620746865208c656c64206e616d652069732063
-6865636b>102 604.2 Q<65642e>-.1 E .076<427920646566>127 620.4 R .076
-<61756c742c20612071756575652067726f7570206e616d6564>-.1 F F2
-<6d7175657565>2.575 E F1 .075
-<69732064658c6e656420746861742075736573207468652076>2.575 F .075
-<616c7565206f6620746865>-.25 F F2<5175657565446972>2.575 E<6563746f7279>
--.37 E F1 .268<6f7074696f6e20617320706174682e>102 632.4 R .268<4e6f7469
-63653a20616c6c207061746873207468617420617265207573656420666f722071756575
-652067726f757073206d757374206265207375626469726563746f72696573206f66>
-5.268 F F2<517565756544692d>2.769 E -.37<7265>102 644.4 S<63746f7279>.37
-E F1 6.487<2e53>C 1.487<696e636520746865>-6.487 F 3.987<7963>-.15 G
-1.487<616e2062652073796d626f6c6963206c696e6b732c20746869732069736e27>
--3.987 F 3.987<746172>-.18 G 1.486
-<65616c207265737472696374696f6e2c204966>-3.987 F F2<5175657565446972>
-3.986 E<6563746f7279>-.37 E F1 1.486<757365732061>3.986 F .746
-<77696c64636172642c207468656e20746865206469726563746f7279206f6e65206c65>
-102 656.4 R -.15<7665>-.25 G 3.247<6c75>.15 G 3.247<7069>-3.247 G 3.247
-<7363>-3.247 G .747<6f6e73696465726564207468652060>-3.247 F
-<606261736527>-.74 E 3.247<2764>-.74 G .747
-<69726563746f727920776869636820616c6c206f74686572207175657565>-3.247 F
-.086<6469726563746f72696573206d7573742073686172652e>102 668.4 R .086
-<506c65617365206d616b>5.086 F 2.586<6573>-.1 G .086<75726520746861742074
-6865207175657565206469726563746f7269657320646f206e6f74206f>-2.586 F -.15
-<7665>-.15 G .085<726c61702c20652e672e2c20646f206e6f7420737065632d>.15 F
-<696679>102 680.4 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-89)195.86 E/F1 10/Times-Roman@0 SF 61.08(\255t Normally)102 96 R
+2.727(,w)-.65 G .227(hen a map attempts to do a lookup and the serv)
+-2.727 F .226(er f)-.15 F .226(ails \(e.g.,)-.1 F/F2 10/Times-Italic@0
+SF(sendmail)2.726 E F1(couldn')174 108 Q 2.776(tc)-.18 G .276(ontact an)
+-2.776 F 2.776(yn)-.15 G .276(ame serv)-2.776 F .276(er; this is)-.15 F
+F2(not)2.776 E F1 .276(the same as an entry not being found)2.776 F .251
+(in the map\), the message being processed is queued for future process\
+ing.)174 120 R(The)5.25 E F0<ad74>2.75 E F1 2.039(\215ag turns of)174
+132 R 4.539(ft)-.25 G 2.039(his beha)-4.539 F(vior)-.2 E 4.539(,l)-.4 G
+2.039(etting the temporary f)-4.539 F 2.039(ailure \(serv)-.1 F 2.039
+(er do)-.15 F 2.04(wn\) act as)-.25 F .676(though it were a permanent f)
+174 144 R .675(ailure \(entry not found\).)-.1 F .675
+(It is particularly useful for)5.675 F .772
+(DNS lookups, where someone else')174 156 R 3.272(sm)-.55 G .772
+(iscon\214gured name serv)-3.272 F .772(er can cause prob-)-.15 F 1.646
+(lems on your machine.)174 168 R(Ho)6.646 E(we)-.25 E -.15(ve)-.25 G
+2.446 -.4(r, c).15 H 1.645(are must be tak).4 F 1.645
+(en to ensure that you don')-.1 F(t)-.18 E .262(bounce mail that w)174
+180 R .262(ould be resolv)-.1 F .262(ed correctly if you tried ag)-.15 F
+2.763(ain. A)-.05 F .263(common strat-)2.763 F -.15(eg)174 192 S 2.5(yi)
+.15 G 2.5(st)-2.5 G 2.5(of)-2.5 G(orw)-2.5 E(ard such mail to another)
+-.1 E 2.5(,p)-.4 G(ossibly better connected, mail serv)-2.5 E(er)-.15 E
+(.)-.55 E 56.64(\255D Perform)102 208.2 R .833
+(no lookup in deferred deli)3.333 F -.15(ve)-.25 G .833(ry mode.).15 F
+.833(This \215ag is set by def)5.833 F .832(ault for the)-.1 F F2(host)
+174 220.2 Q F1(map.)2.5 E<ad53>102 236.4 Q F2(spacesub)A F1 1.537(The c\
+haracter to use to replace space characters after a successful map look\
+up)24.14 F(\(esp. useful for re)174 248.4 Q(ge)-.15 E 2.5(xa)-.15 G
+(nd syslog maps\).)-2.5 E<ad73>102 264.6 Q F2(spacesub)A F1 -.15(Fo)
+25.81 G 3.101(rt).15 G .601(he dequote map only)-3.101 F 3.101(,t)-.65 G
+.601(he character to use to replace space characters after a)-3.101 F
+(successful dequote.)174 276.6 Q 58.86(\255q Don')102 292.8 R 2.5(td)
+-.18 G(equote the k)-2.5 E .3 -.15(ey b)-.1 H(efore lookup.).15 E<ad4c>
+102 309 Q F2(le)A(vel)-.15 E F1 -.15(Fo)41.52 G 2.5(rt).15 G
+(he syslog map only)-2.5 E 2.5(,i)-.65 G 2.5(ts)-2.5 G
+(peci\214es the le)-2.5 E -.15(ve)-.25 G 2.5(lt).15 G 2.5(ou)-2.5 G
+(se for the syslog call.)-2.5 E 56.64(\255A When)102 325.2 R(reb)3 E .5
+(uilding an alias \214le, the)-.2 F F0<ad41>3 E F1 .5
+(\215ag causes duplicate entries in the te)3 F .5(xt v)-.15 F(er)-.15 E
+(-)-.2 E(sion to be mer)174 337.2 Q 2.5(ged. F)-.18 F(or e)-.15 E
+(xample, tw)-.15 E 2.5(oe)-.1 G(ntries:)-2.5 E 27.49(list: user1,)214
+353.4 R(user2)2.5 E 27.49(list: user3)214 365.4 R -.1(wo)174 381.6 S
+(uld be treated as though it were the single entry).1 E 27.49
+(list: user1,)214 397.8 R(user2, user3)2.5 E(in the presence of the)174
+414 Q F0<ad41>2.5 E F1(\215ag.)2.5 E(Some additional \215ags are a)127
+430.2 Q -.25(va)-.2 G(ilable for the host and dns maps:).25 E 58.86
+(\255d delay:)102 446.4 R(specify the resolv)2.5 E(er')-.15 E 2.5(sr)
+-.55 G(etransmission time interv)-2.5 E(al \(in seconds\).)-.25 E 60.53
+(\255r retry:)102 462.6 R
+(specify the number of times to retransmit a resolv)2.5 E(er query)-.15
+E(.)-.65 E(The dns map has another \215ag:)127 478.8 Q 57.19
+(\255B basedomain:)102 495 R(specify a domain that is al)2.5 E -.1(wa)
+-.1 G(ys appended to queries.).1 E(Sock)127 511.2 Q(et maps ha)-.1 E .3
+-.15(ve a)-.2 H 2.5(no).15 G(ptional \215ag:)-2.5 E 58.86
+(\255d timeout:)102 527.4 R .441
+(specify the timeout \(in seconds\) for communication with the sock)
+2.941 F .44(et map)-.1 F(serv)174 539.4 Q(er)-.15 E(.)-.55 E(The follo)
+127 555.6 Q(wing additional \215ags are present in the ldap map only:)
+-.25 E<ad63>102 571.8 Q F2(timeout)A F1 7.617(Set the LD)31.92 F 7.618
+(AP netw)-.4 F 7.618(ork timeout.)-.1 F 7.618
+(sendmail must be compiled with)12.618 F F0(\255DLD)174 583.8 Q
+(AP_OPT_NETW)-.35 E(ORK_TIMEOUT)-.1 E F1(to use this \215ag.)2.5 E 57.19
+(\255R Do)102 600 R .025(not auto chase referrals.)2.525 F .025
+(sendmail must be compiled with)5.025 F F0(\255DLD)2.525 E(AP_REFER-)
+-.35 E(RALS)174 612 Q F1(to use this \215ag.)2.5 E 58.86(\255n Retrie)
+102 628.2 R .3 -.15(ve a)-.25 H(ttrib).15 E(ute names only)-.2 E(.)-.65
+E<ad56>102 644.4 Q F2(sep)A F1(Retrie)45.81 E .3 -.15(ve b)-.25 H
+(oth attrib).15 E(utes name and v)-.2 E(alue\(s\), separated by)-.25 E
+F2(sep)2.5 E F1(.)A<ad72>102 660.6 Q F2(der)A(ef)-.37 E F1
+(Set the alias dereference option to one of ne)42.85 E -.15(ve)-.25 G .8
+-.4(r, a).15 H -.1(lwa).4 G(ys, search, or \214nd.).1 E<ad73>102 676.8 Q
+F2(scope)A F1(Set search scope to one of base, one \(one le)39.7 E -.15
+(ve)-.25 G(l\), or sub \(subtree\).).15 E<ad68>102 693 Q F2(host)A F1
+(LD)44.69 E 2.095(AP serv)-.4 F 2.095(er hostname.)-.15 F 2.095(Some LD)
+7.095 F 2.095(AP libraries allo)-.4 F 4.595(wy)-.25 G 2.095
+(ou to specify multiple,)-4.595 F .467
+(space-separated hosts for redundanc)174 705 R 4.267 -.65(y. I)-.15 H
+2.967(na).65 G .466(ddition, each of the hosts listed can be)-2.967 F
+(follo)174 717 Q(wed by a colon and a port number to o)-.25 E -.15(ve)
+-.15 G(rride the def).15 E(ault LD)-.1 E(AP port.)-.4 E 0 Cg EP
%%Page: 90 86
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d39302053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 2.5<4f51>142 96 S
-<756575654469726563746f72793d2f76>-2.5 E
-<61722f73706f6f6c2f6d71756575652f2a>-.25 E<516f6e652c20503d2f76>142 108
-Q<61722f73706f6f6c2f6d71756575652f64697231>-.25 E<517477>142 120 Q
-<6f2c20503d2f76>-.1 E<61722f73706f6f6c2f6d71756575652f64697232>-.25 E<62
-656361757365207468697320616c736f20696e636c756465732099646972319a20616e64
-2099646972329a20696e2074686520646566>102 136.2 Q
-<61756c742071756575652067726f75702e>-.1 E<486f>5 E<7765>-.25 E -.15
-<7665>-.25 G -.4<722c>.15 G 2.5<4f51>142 152.4 S
-<756575654469726563746f72793d2f76>-2.5 E
-<61722f73706f6f6c2f6d71756575652f6d61696e2a>-.25 E<516f6e652c20503d2f76>
-142 164.4 Q<61722f73706f6f6c2f6d71756575652f646972>-.25 E<517477>142
-176.4 Q<6f2c20503d2f76>-.1 E
-<61722f73706f6f6c2f6d71756575652f6f746865722a>-.25 E<697320612076>102
-192.6 Q<616c69642071756575652067726f75702073706563698c636174696f6e2e>
--.25 E .235<4f7074696f6e73206c697374656420696e207468652060>127 208.8 R
-<60466c61677327>-.74 E 2.736<278c>-.74 G .236
-<656c642063616e206265207573656420746f206d6f64696679207468652062656861>
--2.736 F .236<76696f72206f6620612071756575652067726f75702e>-.2 F<546865>
-5.236 E -.74<6060>102 220.8 S .55<6627>.74 G 2.605<278d>-1.29 G .105<61
-67206d75737420626520736574206966206d756c7469706c652071756575652072756e6e
-6572732061726520737570706f73656420746f2077>-2.605 F .104<6f726b206f6e20
-74686520656e747269657320696e20612071756575652067726f75702e>-.1 F
-<4f7468657277697365>102 232.8 Q/F2 10/Times-Italic@0 SF
-<73656e646d61696c>2.5 E F1<77696c6c2077>2.5 E<6f726b206f6e2074686520656e
-7472696573207374726963746c792073657175656e7469616c6c79>-.1 E<2e>-.65 E
-.511<5468652060>127 249 R<60496e74657276>-.74 E<616c27>-.25 E 3.011
-<278c>-.74 G .511<656c642073657473207468652074696d65206265747765656e2071
-756575652072756e732e>-3.011 F .512
-<4966206e6f2071756575652067726f75702073706563698c6320696e74657276>5.511
-F .512<616c206973>-.25 F
-<7365742c207468656e2074686520706172616d65746572206f6620746865>102 261 Q
-F0<2d71>2.5 E F1<6f7074696f6e2066726f6d2074686520636f6d6d616e64206c696e
-6520697320757365642e>2.5 E 7.657 -.8<546f2063>127 277.2 T 6.057
-<6f6e74726f6c20746865206f>.8 F -.15<7665>-.15 G 6.056
-<72616c6c206e756d626572206f6620636f6e63757272656e746c792061637469>.15 F
-6.356 -.15<76652071>-.25 H 6.056
-<756575652072756e6e65727320746865206f7074696f6e>.15 F F0
-<4d617851756575654368696c6472>102 289.2 Q<656e>-.18 E F1 .055
-<63616e206265207365742e>2.555 F .055<54686973206c696d69747320746865206e
-756d626572206f662070726f636573736573207573656420666f722072756e6e696e6720
-7468652071756575657320746f>5.055 F F0<4d617851756575654368696c6472>102
-301.2 Q<656e>-.18 E F1 3.63<2c74>C 1.13<686f75676820617420616e>-3.63 F
-3.63<796f>-.15 G 1.13<6e652074696d65206665>-3.63 F 1.129
-<7765722070726f636573736573206d61792062652061637469>-.25 F 1.429 -.15
-<76652061>-.25 H 3.629<736172>.15 G 1.129<6573756c74206f66207175657565>
--3.629 F<6f7074696f6e732c20636f6d706c657465642071756575652072756e732c20
-73797374656d206c6f61642c206574632e>102 313.2 Q .602<546865206d6178696d75
-6d206e756d626572206f662071756575652072756e6e65727320666f7220616e20696e64
-69>127 329.4 R .602<76696475616c2071756575652067726f75702063616e20626520
-636f6e74726f6c6c656420766961>-.25 F<746865>102 341.4 Q F0
-<52756e6e657273>2.585 E F1 2.585<6f7074696f6e2e204966>2.585 F .084<7365
-7420746f20302c20656e747269657320696e207468652071756575652077696c6c206e6f
-742062652070726f6365737365642c2077686963682069732075736566756c20746f2060>
-2.585 F<6071756172>-.74 E<2d>-.2 E<616e74696e6527>102 353.4 Q 4.515
-<2771>-.74 G 2.015<75657565208c6c65732e>-4.515 F 2.016<546865206e756d62
-6572206f662072756e6e657273207065722071756575652067726f7570206d617920616c
-736f20626520736574207769746820746865206f7074696f6e>7.015 F F0
-<4d617852756e6e65727350>102 365.4 Q<65725175657565>-.2 E F1 3.209<2c77>C
-.709<68696368206170706c69657320746f2071756575652067726f7570732074686174
-206861>-3.209 F 1.008 -.15<7665206e>-.2 H 3.208<6f69>.15 G<6e6469>-3.208
-E .708<76696475616c206c696d69742e>-.25 F .708<546861742069732c20746865>
-5.708 F<646566>102 377.4 Q<61756c742076>-.1 E<616c756520666f72>-.25 E F0
-<52756e6e657273>2.5 E F1<6973>2.5 E F0<4d617852756e6e65727350>2.5 E
-<65725175657565>-.2 E F1<6966207365742c206f746865727769736520312e>2.5 E
-1.087<546865208c656c64204a6f62732064657363726962657320746865206d6178696d
-756d206e756d626572206f66206a6f627320286d657373616765732064656c69>127
-393.6 R -.15<7665>-.25 G 1.087<72656429207065722071756575652072756e2c>
-.15 F
-<7768696368206973207468652071756575652067726f75702073706563698c632076>
-102 405.6 Q<616c7565206f66>-.25 E F0<4d6178517565756552756e53697a65>2.5
-E F1<2e>A .175<4e6f746963653a2071756575652067726f7570732073686f756c6420
-6265206465636c6172656420616674657220616c6c2071756575652072656c6174656420
-6f7074696f6e73206861>127 421.8 R .475 -.15<76652062>-.2 H .175
-<65656e207365742062656361757365>.15 F .314
-<71756575652067726f7570732074616b>102 433.8 R 2.814<6574>-.1 G .314
-<6865697220646566>-2.814 F .314
-<61756c74732066726f6d2074686f7365206f7074696f6e732e>-.1 F .314<49662061
-6e206f7074696f6e2069732073657420616674657220612071756575652067726f757020
-6465636c6172612d>5.314 F .188<74696f6e2c207468652076>102 445.8 R .187<61
-6c756573206f66206f7074696f6e7320696e207468652071756575652067726f75702061
-72652073657420746f2074686520646566>-.25 F .187<61756c7473206f66>-.1 F F2
-<73656e646d61696c>2.687 E F1 .187<756e6c6573732065>2.687 F .187
-<78706c696369746c7920736574>-.15 F
-<696e20746865206465636c61726174696f6e2e>102 457.8 Q 1.972
-<4561636820656e>127 474 R -.15<7665>-.4 G 1.972<6c6f70652069732061737369
-676e656420746f20612071756575652067726f7570206261736564206f6e207468652061
-6c676f726974686d2064657363726962656420696e2073656374696f6e>.15 F -.74
-<6060>102 486 S
-<51756575652047726f75707320616e64205175657565204469726563746f7269657327>
-.74 E<272e>-.74 E F0 2.5<352e31312e2058>87 510 R 2.5<8a4d>2.5 G
-<61696c2046696c74657220284d696c746572292044658c6e6974696f6e73>-2.5 E F1
-<546865>127 526.2 Q F2<73656e646d61696c>3.937 E F1 1.437<4d61696c204669
-6c7465722041504920284d696c746572292069732064657369676e656420746f20616c6c
-6f>3.937 F 3.937<7774>-.25 G 1.437
-<686972642d70617274792070726f6772616d732061636365737320746f>-3.937 F
-.177<6d61696c206d6573736167657320617320746865>102 538.2 R 2.677<7961>
--.15 G .177<7265206265696e672070726f63657373656420696e206f7264657220746f
-208c6c746572206d6574612d696e666f726d6174696f6e20616e6420636f6e74656e742e>
--2.677 F<546865>5.178 E 2.678<7961>-.15 G<7265>-2.678 E<6465636c61726564
-20696e2074686520636f6e8c6775726174696f6e208c6c652061733a>102 550.2 Q F0
-<58>142 566.4 Q F2<6e616d65>A F1<7b2c>2.5 E F2<8c656c64>2.5 E F1<3d>A F2
-<76616c7565>A F1<7d2a>1.666 E<7768657265>102 582.6 Q F2<6e616d65>4.688 E
-F1 2.188<697320746865206e616d65206f6620746865208c6c74657220287573656420
-696e7465726e616c6c79206f6e6c792920616e642074686520998c656c643d6e616d659a
-2070616972732064658c6e65>4.688 F<617474726962>102 594.6 Q .491
-<75746573206f6620746865208c6c746572>-.2 F 5.491<2e41>-.55 G .491
-<6c736f207365652074686520646f63756d656e746174696f6e20666f7220746865>
--5.491 F F0<496e7075744d61696c46696c74657273>2.992 E F1 .492
-<6f7074696f6e20666f72206d6f726520696e666f72>2.992 F<2d>-.2 E
-<6d6174696f6e2e>102 606.6 Q<4669656c6473206172653a>127 622.8 Q<536f636b>
-142 639 Q 42.38<657420546865>-.1 F<736f636b>2.5 E
-<65742073706563698c636174696f6e>-.1 E 47.83<466c616773205370656369616c>
-142 651 R<8d61677320666f722074686973208c6c746572>2.5 E -.35<5469>142 663
-S 32.07<6d656f7574732054>.35 F
-<696d656f75747320666f722074686973208c6c746572>-.35 E<4f6e6c792074686520
-8c72737420636861726163746572206f6620746865208c656c64206e616d652069732063
-6865636b>102 679.2 Q<65642028697427>-.1 E 2.5<7363>-.55 G
-<6173652d73656e73697469>-2.5 E -.15<7665>-.25 G<292e>.15 E
-<54686520736f636b>127 695.4 Q
-<65742073706563698c636174696f6e206973206f6e65206f662074686520666f6c6c6f>
--.1 E<77696e6720666f726d733a>-.25 E F0<533d696e65743a>142 711.6 Q F2
-<706f7274>2.5 E F0<40>2.5 E F2<686f7374>2.5 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-90 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF<ad70>102
+96 Q/F2 10/Times-Italic@0 SF(port)A F1(LD)44.69 E(AP service port.)-.4 E
+<ad48>102 112.2 Q F2(LD)2.5 E(APURI)-.35 E F1 1.102
+(Use the speci\214ed LD)15.33 F 1.103
+(AP URI instead of specifying the hostname and port sepa-)-.4 F
+(rately with the the)174 124.2 Q F0<ad68>2.5 E F1(and)2.5 E F0<ad70>2.5
+E F1(options sho)2.5 E(wn abo)-.25 E -.15(ve)-.15 G 5(.F).15 G(or e)
+-5.15 E(xample,)-.15 E(-h serv)214 140.4 Q(er)-.15 E(.e)-.55 E
+(xample.com -p 389 -b dc=e)-.15 E(xample,dc=com)-.15 E(is equi)174 156.6
+Q -.25(va)-.25 G(lent to).25 E(-H ldap://serv)214 172.8 Q(er)-.15 E(.e)
+-.55 E(xample.com:389 -b dc=e)-.15 E(xample,dc=com)-.15 E .757
+(If the LD)174 189 R .757(AP library supports it, the LD)-.4 F .757
+(AP URI format ho)-.4 F(we)-.25 E -.15(ve)-.25 G 3.257(rc).15 G .757
+(an also request)-3.257 F(LD)174 201 Q(AP o)-.4 E -.15(ve)-.15 G 2.5(rS)
+.15 G(SL by using)-2.5 E F0(ldaps://)2.5 E F1(instead of)2.5 E F0
+(ldap://)2.5 E F1 5(.F)C(or e)-5.15 E(xample:)-.15 E 2.5(OL)214 217.2 S
+-.4(DA)-2.5 G(PDef).4 E(aultSpec=-H ldaps://ldap.e)-.1 E
+(xample.com -b dc=e)-.15 E(xample,dc=com)-.15 E(Similarly)174 233.4 Q
+3.22(,i)-.65 G 3.22(ft)-3.22 G .72(he LD)-3.22 F .721
+(AP library supports it, It can also be used to specify a UNIX)-.4 F
+(domain sock)174 245.4 Q(et using)-.1 E F0(ldapi://)2.5 E F1(:)A 2.5(OL)
+214 261.6 S -.4(DA)-2.5 G(PDef).4 E(aultSpec=-H ldapi://sock)-.1 E
+(et\214le -b dc=e)-.1 E(xample,dc=com)-.15 E<ad62>102 282 Q F2(base)A F1
+(LD)43.03 E(AP search base.)-.4 E<ad6c>102 298.2 Q F2(timelimit)A F1
+-.35(Ti)28.02 G(me limit for LD).35 E(AP queries.)-.4 E<ad5a>102 314.4 Q
+F2(sizelimit)A F1(Size \(number of matches\) limit for LD)26.91 E
+(AP or DNS queries.)-.4 E<ad64>102 330.6 Q F2(distinguished_name)A F1
+(The distinguished name to use to login to the LD)174 342.6 Q(AP serv)
+-.4 E(er)-.15 E(.)-.55 E<ad4d>102 358.8 Q F2(method)A F1 5.988
+(The method to authenticate to the LD)28.03 F 5.987(AP serv)-.4 F(er)
+-.15 E 10.987(.S)-.55 G 5.987(hould be one of)-10.987 F F0(LD)174 370.8
+Q(AP_A)-.35 E(UTH_NONE)-.5 E F1(,)A F0(LD)5.756 E(AP_A)-.35 E
+(UTH_SIMPLE)-.5 E F1 5.757(,o)C(r)-5.757 E F0(LD)5.757 E(AP_A)-.35 E
+(UTH_KRBV4)-.5 E F1(.)A(The leading)174 382.8 Q F0(LD)2.5 E(AP_A)-.35 E
+(UTH_)-.5 E F1(can be omitted and the v)2.5 E(alue is case-insensiti)
+-.25 E -.15(ve)-.25 G(.).15 E<ad50>102 399 Q F2(passwor)A(d\214le)-.37 E
+F1 .342(The \214le containing the secret k)10.61 F .642 -.15(ey f)-.1 H
+.342(or the).15 F F0(LD)2.842 E(AP_A)-.35 E(UTH_SIMPLE)-.5 E F1
+(authentication)2.842 E(method or the name of the K)174 411 Q
+(erberos tick)-.25 E(et \214le for)-.1 E F0(LD)2.5 E(AP_A)-.35 E
+(UTH_KRBV4)-.5 E F1(.)A 58.86(\2551 F)102 427.2 R .457(orce LD)-.15 F
+.458(AP searches to only succeed if a single match is found.)-.4 F .458
+(If multiple v)5.458 F(al-)-.25 E
+(ues are found, the search is treated as if no match w)174 439.2 Q
+(as found.)-.1 E<ad77>102 455.4 Q F2(ver)A(sion)-.1 E F1 1.48
+(Set the LD)29.8 F 1.479(AP API/protocol v)-.4 F 1.479(ersion to use.)
+-.15 F 1.479(The def)6.479 F 1.479(ault depends on the LD)-.1 F(AP)-.4 E
+1.37(client libraries in use.)174 467.4 R -.15(Fo)6.37 G 3.87(re).15 G
+(xample,)-4.02 E F0 1.37(\255w 3)3.87 F F1 1.37(will cause)3.87 F F2
+(sendmail)3.87 E F1 1.37(to use LD)3.87 F(APv3)-.4 E
+(when communicating with the LD)174 479.4 Q(AP serv)-.4 E(er)-.15 E(.)
+-.55 E 56.64(\255K T)102 495.6 R .588(reat the LD)-.35 F .588
+(AP search k)-.4 F .888 -.15(ey a)-.1 H 3.088(sm).15 G(ulti-ar)-3.088 E
+.587(gument and replace %1 through %9 in the)-.18 F -.1(ke)174 507.6 S
+2.503(yw)-.05 G .003(ith the LD)-2.503 F .003
+(AP escaped contents of the lookup ar)-.4 F .003
+(guments speci\214ed in the map)-.18 F(lookup.)174 519.6 Q(The)127 535.8
+Q F2(dbm)2.99 E F1 .489
+(map appends the strings \231.pag\232 and \231.dir\232 to the gi)2.99 F
+-.15(ve)-.25 G 2.989<6e8c>.15 G .489(lename; the)-2.989 F F2(hash)2.989
+E F1(and)2.989 E F2(btr)2.989 E(ee)-.37 E F1(maps append \231.db\232.)
+102 547.8 Q -.15(Fo)5 G 2.5(re).15 G(xample, the map speci\214cation)
+-2.65 E -.15(Ku)142 564 S(ucp dbm \255o \255N /etc/mail/uucpmap).15 E
+.21(speci\214es an optional map named \231uucp\232 of class \231dbm\232\
+; it al)102 580.2 R -.1(wa)-.1 G .21(ys has null bytes at the end of e)
+.1 F -.15(ve)-.25 G(ry).15 E
+(string, and the data is located in /etc/mail/uucpmap.{dir)102 592.2 Q
+(,pag}.)-.4 E .853(The program)127 608.4 R F2(mak)3.353 E(emap)-.1 E F1
+.852(\(8\) can be used to b)B .852(uild database-oriented maps.)-.2 F
+.852(It tak)5.852 F .852(es at least the)-.1 F(follo)102 620.4 Q
+(wing \215ags \(for a complete list see its man page\):)-.25 E 60.53
+(\255f Do)102 636.6 R(not fold upper to lo)2.5 E(wer case in the map.)
+-.25 E 56.64(\255N Include)102 652.8 R(null bytes in k)2.5 E -.15(ey)-.1
+G(s.).15 E 58.86(\255o Append)102 669 R(to an e)2.5 E
+(xisting \(old\) \214le.)-.15 E 60.53(\255r Allo)102 685.2 R 3.668(wr)
+-.25 G 1.168(eplacement of e)-3.668 F 1.168(xisting k)-.15 F -.15(ey)-.1
+G 1.168(s; normally).15 F 3.668(,r)-.65 G 1.168(e-inserting an e)-3.668
+F 1.168(xisting k)-.15 F 1.469 -.15(ey i)-.1 H 3.669(sa).15 G(n)-3.669 E
+(error)174 697.2 Q(.)-.55 E 58.86(\255v Print)102 713.4 R
+(what is happening.)2.5 E 0 Cg EP
%%Page: 91 87
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3931>195.86 E
-<533d696e6574363a>142 96 Q/F1 10/Times-Italic@0 SF<706f7274>2.5 E F0<40>
-2.5 E F1<686f7374>2.5 E F0<533d6c6f63616c3a>142 116.4 Q F1<70617468>2.5
-E/F2 10/Times-Roman@0 SF 1.792<546865208c727374207477>102 132.6 R 4.291
-<6f64>-.1 G 1.791
-<6573637269626520616e2049507634206f72204950763620736f636b>-4.291 F 1.791
-<6574206c697374656e696e67206f6e2061206365727461696e>-.1 F F1<706f7274>
-4.291 E F2 1.791<61742061206769>4.291 F -.15<7665>-.25 G<6e>.15 E F1
-<686f7374>4.291 E F2 1.791<6f72204950>4.291 F 2.5
-<616464726573732e20546865>102 144.6 R
-<8c6e616c20666f726d206465736372696265732061206e616d656420736f636b>2.5 E
-<6574206f6e20746865208c6c6573797374656d20617420746865206769>-.1 E -.15
-<7665>-.25 G<6e>.15 E F1<70617468>2.5 E F2<2e>A<54686520666f6c6c6f>127
-160.8 Q<77696e67208d616773206d61792062652073657420696e20746865208c6c7465
-72206465736372697074696f6e2e>-.25 E 13.33<5252>102 177 S
-<656a65637420636f6e6e656374696f6e206966208c6c74657220756e61>-13.33 E
--.25<7661>-.2 G<696c61626c652e>.25 E 13.89<5454>102 193.2 S
-<656d706f726172792066>-14.59 E
-<61696c20636f6e6e656374696f6e206966208c6c74657220756e61>-.1 E -.25<7661>
--.2 G<696c61626c652e>.25 E .655<4966206e65697468657220463d52206e6f722046
-3d542069732073706563698c65642c20746865206d657373616765206973207061737365
-64207468726f756768>127 209.4 R F1<73656e646d61696c>3.155 E F2 .655
-<696e2063617365206f66208c6c746572>3.155 F
-<6572726f7273206173206966207468652066>102 221.4 Q
-<61696c696e67208c6c746572732077657265206e6f742070726573656e742e>-.1 E<54
-68652074696d656f7574732063616e20626520736574207573696e672074686520666f75
-72208c656c647320696e73696465206f6620746865>127 237.6 Q F0<543d>2.5 E F2
-<6571756174653a>2.5 E 13.33<4354>102 253.8 S
-<696d656f757420666f7220636f6e6e656374696e6720746f2061208c6c746572>-13.68
-E 5<2e49>-.55 G 2.5<6673>-5 G<657420746f20302c207468652073797374656d27>
--2.5 E<73>-.55 E F1<636f6e6e6563742829>2.5 E F2
-<74696d656f75742077696c6c20626520757365642e>2.5 E 14.44<5354>102 270 S<
-696d656f757420666f722073656e64696e6720696e666f726d6174696f6e2066726f6d20
-746865204d54>-14.79 E 2.5<4174>-.93 G 2.5<6f618c>-2.5 G<6c746572>-2.5 E
-<2e>-.55 E 13.33<5254>102 286.2 S<696d656f757420666f722072656164696e6720
-7265706c792066726f6d20746865208c6c746572>-13.68 E<2e>-.55 E 13.89<454f>
-102 302.4 S -.15<7665>-13.89 G 1.186<72616c6c2074696d656f75742062657477
-65656e2073656e64696e6720656e642d6f662d6d65737361676520746f208c6c74657220
-616e642077>.15 F 1.186
-<616974696e6720666f7220746865208c6e616c2061636b6e6f>-.1 F<776c2d>-.25 E
-<6564676d656e742e>122 314.4 Q 1.402<4e6f74652074686520736570617261746f72
-206265747765656e20656163682074696d656f7574208c656c642069732061>127 330.6
-R F0<273b27>3.903 E F2 6.403<2e54>C 1.403<686520646566>-6.403 F 1.403
-<61756c742076>-.1 F 1.403
-<616c75657320286966206e6f742073657429206172653a>-.25 F F0
-<543d433a356d3b533a3130733b523a3130733b453a356d>102 342.6 Q F2
-<7768657265>2.5 E F0<73>2.5 E F2<6973207365636f6e647320616e64>2.5 E F0
-<6d>2.5 E F2<6973206d696e757465732e>2.5 E<4578616d706c65733a>127 358.8 Q
-<588c6c746572312c20533d6c6f63616c3a2f76>142 375 Q
-<61722f72756e2f66312e736f636b2c20463d52>-.25 E
-<588c6c746572322c20533d696e6574363a393939406c6f63616c686f73742c20463d54>
-142 387 Q 2.5<2c54>-.74 G<3d533a31733b523a31733b453a356d>-2.5 E<588c6c74
-6572332c20533d696e65743a33333333406c6f63616c686f73742c20543d433a326d>142
-399 Q F0 2.5<352e31322e20546865>87 427.2 R<55736572204461746162617365>
-2.5 E F2 .479<5468652075736572206461746162617365206973206465707265636174
-656420696e2066>127 443.4 R -.2<61766f>-.1 G 2.978<726f>.2 G 2.978<6660>
--2.978 G<6076697274757365727461626c6527>-3.718 E 2.978<2761>-.74 G .478
-<6e642060>-2.978 F<6067656e65726963737461626c6527>-.74 E 2.978<2761>-.74
-G 2.978<7365>-2.978 G<78706c61696e6564>-3.128 E 1.029
-<696e20746865208c6c65>102 455.4 R F0<63662f524541444d45>3.529 E F2 6.029
-<2e49>C 3.529<6679>-6.029 G 1.029<6f75206861>-3.529 F 1.329 -.15
-<76652061207665>-.2 H 1.029<7273696f6e206f66>.15 F F1<73656e646d61696c>
-3.529 E F2 1.03
-<77697468207468652075736572206461746162617365207061636b61676520636f6d2d>
-3.53 F<70696c656420696e2c207468652068616e646c696e67206f662073656e646572
-20616e6420726563697069656e7420616464726573736573206973206d6f64698c65642e>
-102 467.4 Q<546865206c6f636174696f6e206f66207468697320646174616261736520
-697320636f6e74726f6c6c6564207769746820746865>127 483.6 Q F0
-<55736572446174616261736553706563>2.5 E F2<6f7074696f6e2e>2.5 E F0 2.5
-<352e31322e312e205374727563747572>102 507.6 R 2.5<656f>-.18 G 2.5<6674>
--2.5 G<68652075736572206461746162617365>-2.5 E F2
-<546865206461746162617365206973206120736f7274656420284254>142 523.8 Q
-<7265652d626173656429207374727563747572652e>-.35 E
-<55736572207265636f726473206172652073746f726564207769746820746865206b>5
-E -.15<6579>-.1 G<3a>.15 E F1<75736572>157 540 Q<2d6e616d65>-.2 E F0<3a>
-A F1<8c656c642d6e616d65>A F2 .128<54686520736f72746564206461746162617365
-20666f726d617420656e737572657320746861742075736572207265636f726473206172
-6520636c7573746572656420746f676574686572>117 556.2 R 5.128<2e4d>-.55 G
-.128<6574612d696e666f726d6174696f6e206973>-5.128 F<616c>117 568.2 Q -.1
-<7761>-.1 G
-<79732073746f72656420776974682061206c656164696e6720636f6c6f6e2e>.1 E<46
-69656c64206e616d65732064658c6e6520626f7468207468652073796e74617820616e64
-2073656d616e74696373206f66207468652076>142 584.4 Q 2.5
-<616c75652e2044658c6e6564>-.25 F<8c656c647320696e636c7564653a>2.5 E
-33.39<6d61696c64726f7020546865>117 600.6 R<64656c69>4.872 E -.15<7665>
--.25 G 2.372<7279206164647265737320666f7220746869732075736572>.15 F
-7.372<2e54>-.55 G 2.373<68657265206d6179206265206d756c7469706c652076>
--7.372 F 2.373<616c756573206f662074686973>-.25 F 2.675
-<7265636f72642e20496e>189 612.6 R<706172746963756c6172>2.675 E 2.675
-<2c6d>-.4 G .175<61696c696e67206c697374732077696c6c206861>-2.675 F .475
--.15<7665206f>-.2 H<6e65>.15 E F1<6d61696c6472>2.675 E<6f70>-.45 E F2
-.175<7265636f726420666f7220656163682075736572>2.675 F
-<6f6e20746865206c6973742e>189 624.6 Q 30.06<6d61696c6e616d6520546865>117
-640.8 R 1.026
-<6f7574676f696e67206d61696c6e616d6520666f7220746869732075736572>3.526 F
-6.026<2e46>-.55 G 1.027
-<6f722065616368206f7574676f696e67206e616d652c2074686572652073686f756c64>
--6.176 F .08<626520616e20617070726f707269617465>189 652.8 R F1
-<6d61696c6472>2.58 E<6f70>-.45 E F2 .08
-<7265636f726420666f722074686174206e616d6520746f20616c6c6f>2.58 F 2.58
-<7772>-.25 G .08<657475726e206d61696c2e>-2.58 F .08<53656520616c736f>
-5.08 F F1<3a64656661756c743a6d61696c6e616d65>189 664.8 Q F2<2e>A 25.62
-<6d61696c73656e646572204368616e676573>117 681 R<616e>3.447 E 3.447<796d>
--.15 G .947
-<61696c2073656e7420746f2074686973206164647265737320746f206861>-3.447 F
-1.248 -.15<76652074>-.2 H .948<686520696e6469636174656420656e>.15 F -.15
-<7665>-.4 G .948<6c6f70652073656e646572>.15 F<2e>-.55 E .498<5468697320
-697320696e74656e64656420666f72206d61696c696e67206c697374732c20616e642077
-696c6c206e6f726d616c6c7920626520746865206e616d65206f6620616e20617070726f
-2d>189 693 R .754<707269617465202d7265717565737420616464726573732e>189
-705 R .754<49742069732076>5.754 F .755
-<6572792073696d696c617220746f20746865206f>-.15 F<776e6572>-.25 E<2d>-.2
-E F1<6c697374>A F2 .755<73796e74617820696e2074686520616c696173>3.255 F
-<8c6c652e>189 717 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-91)195.86 E/F1 10/Times-Roman@0 SF(The)102 96 Q/F2 10
+/Times-Italic@0 SF(sendmail)3.606 E F1 1.106(daemon does not ha)3.606 F
+1.406 -.15(ve t)-.2 H 3.606(ob).15 G 3.606(er)-3.606 G 1.106
+(estarted to read the ne)-3.606 F 3.605(wm)-.25 G 1.105
+(aps as long as you change)-3.605 F
+(them in place; \214le locking is used so that the maps w)102 108 Q(on')
+-.1 E 2.5(tb)-.18 G 2.5(er)-2.5 G(ead while the)-2.5 E 2.5(ya)-.15 G
+(re being updated.)-2.5 E(Ne)127 124.2 Q 2.5(wc)-.25 G
+(lasses can be added in the routine)-2.5 E F0(setupmaps)2.5 E F1
+(in \214le)2.5 E F0(conf)2.5 E(.c)-.15 E F1(.)A F0 2.5(5.10. Q)87 148.2
+R 2.5<8a51>2.5 G(ueue Gr)-2.5 E(oup Declaration)-.18 E F1 .71
+(In addition to the option)127 164.4 R F2(QueueDir)3.21 E(ectory)-.37 E
+(,)-.55 E F1 .71(queue groups can be declared that de\214ne a \(group)
+3.21 F(of\) queue directories under a common name.)102 176.4 Q
+(The syntax is as follo)5 E(ws:)-.25 E F0(Q)142 192.6 Q F2(name)A F1({,)
+2.5 E F2(\214eld)2.5 E F1(=)A F2(value)A F1(}+)1.666 E(where)102 208.8 Q
+F2(name)3.276 E F1 .775(is the symbolic name of the queue group under w\
+hich it can be referenced in v)3.276 F(arious)-.25 E .217
+(places and the \231\214eld=v)102 220.8 R .217
+(alue\232 pairs de\214ne attrib)-.25 F .217(utes of the queue group.)-.2
+F .218(The name must only consist)5.218 F(of alphanumeric characters.)
+102 232.8 Q(Fields are:)5 E 47.83(Flags Flags)102 249 R
+(for this queue group.)2.5 E 50.62(Nice The)102 265.2 R .902
+(nice\(2\) increment for the queue group.)3.402 F .901(This v)5.902 F
+.901(alue must be greater or equal)-.25 F(zero.)174 277.2 Q(Interv)102
+293.4 Q 38.65(al The)-.25 F(time between tw)2.5 E 2.5(oq)-.1 G
+(ueue runs.)-2.5 E -.15(Pa)102 309.6 S 51.87(th The).15 F
+(queue directory of the group \(required\).)2.5 E 36.17(Runners The)102
+325.8 R .073(number of parallel runners processing the queue.)2.573 F
+.074(Note that)5.074 F F0(F=f)2.574 E F1 .074(must be set if)2.574 F
+(this v)174 337.8 Q(alue is greater than one.)-.25 E 51.72(Jobs The)102
+354 R(maximum number of jobs \(messages deli)2.5 E -.15(ve)-.25 G
+(red\) per queue run.).15 E 30.62(recipients The)102 370.2 R .382
+(maximum number of recipients per en)2.882 F -.15(ve)-.4 G 2.882
+(lope. En).15 F -.15(ve)-.4 G .382(lopes with more than this).15 F .109
+(number of recipients will be split into multiple en)174 382.2 R -.15
+(ve)-.4 G .11(lopes in the same queue direc-).15 F(tory)174 394.2 Q 5
+(.T)-.65 G(he def)-5 E(ault v)-.1 E(alue 0 means no limit.)-.25 E
+(Only the \214rst character of the \214eld name is check)102 410.4 Q
+(ed.)-.1 E .076(By def)127 426.6 R .076(ault, a queue group named)-.1 F
+F2(mqueue)2.575 E F1 .075(is de\214ned that uses the v)2.575 F .075
+(alue of the)-.25 F F2(QueueDir)2.575 E(ectory)-.37 E F1 .268
+(option as path.)102 438.6 R .268(Notice: all paths that are used for q\
+ueue groups must be subdirectories of)5.268 F F2(QueueDi-)2.769 E -.37
+(re)102 450.6 S(ctory).37 E F1 6.487(.S)C 1.487(ince the)-6.487 F 3.987
+(yc)-.15 G 1.487(an be symbolic links, this isn')-3.987 F 3.987(tar)-.18
+G 1.486(eal restriction, If)-3.987 F F2(QueueDir)3.986 E(ectory)-.37 E
+F1 1.486(uses a)3.986 F .746(wildcard, then the directory one le)102
+462.6 R -.15(ve)-.25 G 3.247(lu).15 G 3.247(pi)-3.247 G 3.247(sc)-3.247
+G .747(onsidered the `)-3.247 F(`base')-.74 E 3.247('d)-.74 G .747
+(irectory which all other queue)-3.247 F .086(directories must share.)
+102 474.6 R .086(Please mak)5.086 F 2.586(es)-.1 G .086
+(ure that the queue directories do not o)-2.586 F -.15(ve)-.15 G .085
+(rlap, e.g., do not spec-).15 F(ify)102 486.6 Q 2.5(OQ)142 502.8 S
+(ueueDirectory=/v)-2.5 E(ar/spool/mqueue/*)-.25 E(Qone, P=/v)142 514.8 Q
+(ar/spool/mqueue/dir1)-.25 E(Qtw)142 526.8 Q(o, P=/v)-.1 E
+(ar/spool/mqueue/dir2)-.25 E
+(because this also includes \231dir1\232 and \231dir2\232 in the def)102
+543 Q(ault queue group.)-.1 E(Ho)5 E(we)-.25 E -.15(ve)-.25 G -.4(r,).15
+G 2.5(OQ)142 559.2 S(ueueDirectory=/v)-2.5 E(ar/spool/mqueue/main*)-.25
+E(Qone, P=/v)142 571.2 Q(ar/spool/mqueue/dir)-.25 E(Qtw)142 583.2 Q
+(o, P=/v)-.1 E(ar/spool/mqueue/other*)-.25 E(is a v)102 599.4 Q
+(alid queue group speci\214cation.)-.25 E .235(Options listed in the `)
+127 615.6 R(`Flags')-.74 E 2.736<278c>-.74 G .236
+(eld can be used to modify the beha)-2.736 F .236
+(vior of a queue group.)-.2 F(The)5.236 E -.74(``)102 627.6 S .55(f').74
+G 2.605<278d>-1.29 G .105
+(ag must be set if multiple queue runners are supposed to w)-2.605 F
+.104(ork on the entries in a queue group.)-.1 F(Otherwise)102 639.6 Q F2
+(sendmail)2.5 E F1(will w)2.5 E
+(ork on the entries strictly sequentially)-.1 E(.)-.65 E .511(The `)127
+655.8 R(`Interv)-.74 E(al')-.25 E 3.011<278c>-.74 G .511
+(eld sets the time between queue runs.)-3.011 F .512
+(If no queue group speci\214c interv)5.511 F .512(al is)-.25 F
+(set, then the parameter of the)102 667.8 Q F0(-q)2.5 E F1
+(option from the command line is used.)2.5 E 7.657 -.8(To c)127 684 T
+6.057(ontrol the o).8 F -.15(ve)-.15 G 6.056
+(rall number of concurrently acti).15 F 6.356 -.15(ve q)-.25 H 6.056
+(ueue runners the option).15 F F0(MaxQueueChildr)102 696 Q(en)-.18 E F1
+.055(can be set.)2.555 F .055
+(This limits the number of processes used for running the queues to)
+5.055 F F0(MaxQueueChildr)102 708 Q(en)-.18 E F1 3.63(,t)C 1.13
+(hough at an)-3.63 F 3.63(yo)-.15 G 1.13(ne time fe)-3.63 F 1.129
+(wer processes may be acti)-.25 F 1.429 -.15(ve a)-.25 H 3.629(sar).15 G
+1.129(esult of queue)-3.629 F
+(options, completed queue runs, system load, etc.)102 720 Q 0 Cg EP
%%Page: 92 88
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d39322053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 33.95<66756c6c6e616d6520546865>117 96 R
-<66756c6c206e616d65206f66207468652075736572>2.5 E<2e>-.55 E<6f66>117
-112.2 Q 13.66<8c63652d6164647265737320546865>-.25 F<6f66>2.5 E
-<8c6365206164647265737320666f7220746869732075736572>-.25 E<2e>-.55 E
-<6f66>117 128.4 Q 19.21<8c63652d70686f6e6520546865>-.25 F<6f66>2.5 E
-<8c63652070686f6e65206e756d62657220666f7220746869732075736572>-.25 E<2e>
--.55 E<6f66>117 144.6 Q<8c63652d66>-.25 E 30.98<617820546865>-.1 F<6f66>
-2.5 E<8c63652046>-.25 E<4158206e756d62657220666f7220746869732075736572>
--.74 E<2e>-.55 E 13.96<686f6d652d6164647265737320546865>117 160.8 R
-<686f6d65206164647265737320666f7220746869732075736572>2.5 E<2e>-.55 E
-19.51<686f6d652d70686f6e6520546865>117 177 R
-<686f6d652070686f6e65206e756d62657220666f7220746869732075736572>2.5 E
-<2e>-.55 E<686f6d652d66>117 193.2 Q 31.28<617820546865>-.1 F
-<686f6d652046>2.5 E<4158206e756d62657220666f7220746869732075736572>-.74
-E<2e>-.55 E 41.73<70726f6a6563742041>117 209.4 R .856<2873686f7274292064
-65736372697074696f6e206f66207468652070726f6a656374207468697320706572736f
-6e206973206166>3.356 F .855<8c6c696174656420776974682e>-.25 F .855
-<496e2074686520556e692d>5.855 F -.15<7665>189 221.4 S<727369747920746869
-73206973206f6674656e206a75737420746865206e616d65206f66207468656972206772
-6164756174652061647669736f72>.15 E<2e>-.55 E 52.28<706c616e2041>117
-237.6 R<706f696e74657220746f2061208c6c652066726f6d20776869636820706c616e
-20696e666f726d6174696f6e2063616e2062652067>2.5 E<617468657265642e>-.05 E
-.924<4173206f6620746869732077726974696e672c206f6e6c792061206665>142
-253.8 R 3.424<776f>-.25 G 3.424<6674>-3.424 G .925<68657365208c656c6473
-206172652061637475616c6c79206265696e672075736564206279>-3.424 F/F2 10
-/Times-Italic@0 SF<73656e646d61696c>3.425 E F1<3a>A F2<6d61696c2d>3.425
-E<6472>117 265.8 Q<6f70>-.45 E F1<616e64>2.5 E F2<6d61696c6e616d65>2.5 E
-F1 5<2e41>C F2<8c6e67>-2.5 E<6572>-.1 E F1<70726f6772616d20746861742075
-73657320746865206f74686572208c656c647320697320706c616e6e65642e>2.5 E F0
-2.5<352e31322e322e2055736572>102 289.8 R
-<64617461626173652073656d616e74696373>2.5 E F1 .996
-<5768656e20746865207265>142 306 R .995<77726974696e672072756c6573207375
-626d697420616e206164647265737320746f20746865206c6f63616c206d61696c6572>
--.25 F 3.495<2c74>-.4 G .995
-<68652075736572206e616d6520697320706173736564>-3.495 F .78
-<7468726f7567682074686520616c696173208c6c652e>117 318 R .781<4966206e6f
-20616c69617320697320666f756e6420286f722069662074686520616c69617320706f69
-6e7473206261636b20746f207468652073616d652061646472657373292c20746865>
-5.78 F 1.778<6e616d6520287769746820993a6d61696c64726f709a20617070656e64
-656429206973207468656e20757365642061732061206b>117 330 R 2.077 -.15
-<65792069>-.1 H 4.277<6e74>.15 G 1.777
-<686520757365722064617461626173652e>-4.277 F 1.777
-<4966206e6f206d61746368>6.777 F<6f636375727320286f7220696620746865206d61
-696c64726f7020706f696e7473206174207468652073616d652061646472657373292c20
-666f7277>117 342 Q<617264696e672069732074726965642e>-.1 E .55
-<496620746865208c72737420746f6b>142 358.2 R .551<656e206f66207468652075
-736572206e616d652072657475726e65642062792072756c65736574203020697320616e
-2099409a207369676e2c207468652075736572206461746162617365>-.1 F .626
-<6c6f6f6b757020697320736b69707065642e>117 370.2 R .625<54686520696e7465
-6e7420697320746861742074686520757365722064617461626173652077696c6c206163
-74206173206120736574206f6620646566>5.626 F .625
-<61756c747320666f72206120636c7573746572>-.1 F 1.533<28696e206f7572206361
-73652c2074686520436f6d707574657220536369656e6365204469>117 382.2 R 1.533
-<766973696f6e293b206d61696c2073656e7420746f20612073706563698c63206d6163
-68696e652073686f756c642069676e6f7265>-.25 F<746865736520646566>117 394.2
-Q<61756c74732e>-.1 E .351<5768656e206d61696c2069732073656e742c2074686520
-6e616d65206f66207468652073656e64696e672075736572206973206c6f6f6b>142
-410.4 R .351<656420757020696e207468652064617461626173652e>-.1 F .351
-<496620746861742075736572>5.351 F .04
-<686173206120996d61696c6e616d659a207265636f72642c207468652076>117 422.4
-R .041<616c7565206f662074686174207265636f726420697320757365642061732074
-68656972206f7574676f696e67206e616d652e>-.25 F -.15<466f>5.041 G 2.541
-<7265>.15 G .041<78616d706c652c2049>-2.691 F<6d69676874206861>117 434.4
-Q .3 -.15<766520612072>-.2 H<65636f72643a>.15 E 12.29
-<657269633a6d61696c6e616d6520457269632e416c6c6d616e4043532e4265726b>157
-450.6 R<656c65>-.1 E -.65<792e>-.15 G<454455>.65 E<546869732077>117
-466.8 Q<6f756c64206361757365206d79206f7574676f696e67206d61696c20746f2062
-652073656e7420617320457269632e416c6c6d616e2e>-.1 E .52<4966206120996d61
-696c64726f709a20697320666f756e6420666f72207468652075736572>142 483 R
-3.019<2c62>-.4 G .519<7574206e6f20636f72726573706f6e64696e6720996d61696c
-6e616d659a207265636f72642065>-3.219 F .519<78697374732c20746865>-.15 F
-1.127<7265636f726420993a646566>117 495 R 1.127
-<61756c743a6d61696c6e616d659a20697320636f6e73756c7465642e>-.1 F 1.127<49
-662070726573656e742c207468697320697320746865206e616d65206f66206120686f73
-7420746f206f>6.127 F -.15<7665>-.15 G 1.128<727269646520746865>.15 F
-.625<6c6f63616c20686f73742e>117 507 R -.15<466f>5.625 G 3.125<7265>.15 G
-.625<78616d706c652c20696e206f757220636173652077652077>-3.275 F .625
-<6f756c642073657420697420746f209943532e4265726b>-.1 F<656c65>-.1 E -.65
-<792e>-.15 G 3.125<4544559a2e20546865>.65 F<6566>3.125 E .625
-<666563742069732074686174>-.25 F<616e>117 519 Q .881<796f6e65206b6e6f>
--.15 F .882<776e20696e20746865206461746162617365206765747320746865697220
-6f7574676f696e67206d61696c207374616d7065642061732099757365724043532e4265
-726b>-.25 F<656c65>-.1 E -.65<792e>-.15 G<4544559a2c>.65 E -.2<6275>117
-531 S 2.5<7470>.2 G<656f706c65206e6f74206c697374656420696e20746865206461
-7461626173652075736520746865206c6f63616c20686f73746e616d652e>-2.5 E F0
-2.5<352e31322e332e204372>102 557 R
-<656174696e6720746865206461746162617365>-.18 E/F3 7/Times-Bold@0 SF
-<3233>-4 I F1 .375<54686520757365722064617461626173652069732062>142
-573.2 R .375<75696c742066726f6d2061207465>-.2 F .375
-<7874208c6c65207573696e6720746865>-.15 F F2<6d616b>2.875 E<656d6170>-.1
-E F1 .375<7574696c6974792028696e207468652064697374726962>2.875 F .375
-<7574696f6e20696e>-.2 F 1.039<746865206d616b>117 585.2 R 1.039
-<656d6170207375626469726563746f7279292e>-.1 F 1.039<546865207465>6.039 F
-1.038<7874208c6c65206973206120736572696573206f66206c696e657320636f727265
-73706f6e64696e6720746f20757365726462207265636f7264733b>-.15 F 1.588
-<65616368206c696e65206861732061206b>117 597.2 R 1.889 -.15<65792061>-.1
-H 1.589<6e6420612076>.15 F 1.589
-<616c7565207365706172617465642062792077686974652073706163652e>-.25 F
-1.589<546865206b>6.589 F 1.889 -.15<65792069>-.1 H 4.089<7361>.15 G -.1
-<6c7761>-4.089 G 1.589<797320696e2074686520666f726d6174>.1 F
-<6465736372696265642061626f>117 609.2 Q .3 -.15<7665208a2066>-.15 H
-<6f722065>.15 E<78616d706c653a>-.15 E<657269633a6d61696c64726f70>157
-625.4 Q 3.984<54686973208c6c65206973206e6f726d616c6c7920696e7374616c6c65
-6420696e20612073797374656d206469726563746f72793b20666f722065>117 641.6 R
-3.984<78616d706c652c206974206d696768742062652063616c6c6564>-.15 F F2
-<2f6574632f6d61696c2f75736572>117 653.6 Q<6462>-.37 E F1 5<2e54>C 2.5
-<6f6d>-5.8 G<616b>-2.5 E 2.5<6574>-.1 G<68652064617461626173652076>-2.5
-E
-<657273696f6e206f6620746865206d61702c2072756e207468652070726f6772616d3a>
--.15 E .32 LW 76 669.2 72 669.2 DL 80 669.2 76 669.2 DL 84 669.2 80
-669.2 DL 88 669.2 84 669.2 DL 92 669.2 88 669.2 DL 96 669.2 92 669.2 DL
-100 669.2 96 669.2 DL 104 669.2 100 669.2 DL 108 669.2 104 669.2 DL 112
-669.2 108 669.2 DL 116 669.2 112 669.2 DL 120 669.2 116 669.2 DL 124
-669.2 120 669.2 DL 128 669.2 124 669.2 DL 132 669.2 128 669.2 DL 136
-669.2 132 669.2 DL 140 669.2 136 669.2 DL 144 669.2 140 669.2 DL 148
-669.2 144 669.2 DL 152 669.2 148 669.2 DL 156 669.2 152 669.2 DL 160
-669.2 156 669.2 DL 164 669.2 160 669.2 DL 168 669.2 164 669.2 DL 172
-669.2 168 669.2 DL 176 669.2 172 669.2 DL 180 669.2 176 669.2 DL 184
-669.2 180 669.2 DL 188 669.2 184 669.2 DL 192 669.2 188 669.2 DL 196
-669.2 192 669.2 DL 200 669.2 196 669.2 DL 204 669.2 200 669.2 DL 208
-669.2 204 669.2 DL 212 669.2 208 669.2 DL 216 669.2 212 669.2 DL/F4 5
-/Times-Roman@0 SF<3233>93.6 679.6 Q/F5 8/Times-Roman@0 SF .473
-<546865736520696e737472756374696f6e7320617265206b6e6f>3.2 J .473
-<776e20746f20626520696e636f6d706c6574652e>-.2 F .472
-<4f74686572206665617475726573206172652061>4.473 F -.2<7661>-.16 G .472
-<696c61626c652077686963682070726f>.2 F .472
-<766964652073696d696c61722066756e6374696f6e616c697479>-.12 F 2.472<2c65>
--.52 G .472<2e672e2c207669727475616c>-2.472 F<686f7374696e6720616e64206d
-617070696e67206c6f63616c2061646472657373657320696e746f20612067656e657269
-6320666f726d2061732065>72 692.4 Q
-<78706c61696e656420696e2063662f524541444d452e>-.12 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-92 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .602
+(The maximum number of queue runners for an indi)127 96 R .602
+(vidual queue group can be controlled via)-.25 F(the)102 108 Q F0
+(Runners)2.585 E F1 2.585(option. If)2.585 F .084(set to 0, entries in \
+the queue will not be processed, which is useful to `)2.585 F(`quar)-.74
+E(-)-.2 E(antine')102 120 Q 4.515('q)-.74 G 2.015(ueue \214les.)-4.515 F
+2.016
+(The number of runners per queue group may also be set with the option)
+7.015 F F0(MaxRunnersP)102 132 Q(erQueue)-.2 E F1 3.209(,w)C .709
+(hich applies to queue groups that ha)-3.209 F 1.008 -.15(ve n)-.2 H
+3.208(oi).15 G(ndi)-3.208 E .708(vidual limit.)-.25 F .708(That is, the)
+5.708 F(def)102 144 Q(ault v)-.1 E(alue for)-.25 E F0(Runners)2.5 E F1
+(is)2.5 E F0(MaxRunnersP)2.5 E(erQueue)-.2 E F1(if set, otherwise 1.)2.5
+E 1.087
+(The \214eld Jobs describes the maximum number of jobs \(messages deli)
+127 160.2 R -.15(ve)-.25 G 1.087(red\) per queue run,).15 F
+(which is the queue group speci\214c v)102 172.2 Q(alue of)-.25 E F0
+(MaxQueueRunSize)2.5 E F1(.)A .175(Notice: queue groups should be decla\
+red after all queue related options ha)127 188.4 R .475 -.15(ve b)-.2 H
+.175(een set because).15 F .314(queue groups tak)102 200.4 R 2.814(et)
+-.1 G .314(heir def)-2.814 F .314(aults from those options.)-.1 F .314
+(If an option is set after a queue group declara-)5.314 F .188
+(tion, the v)102 212.4 R .187
+(alues of options in the queue group are set to the def)-.25 F .187
+(aults of)-.1 F/F2 10/Times-Italic@0 SF(sendmail)2.687 E F1 .187
+(unless e)2.687 F .187(xplicitly set)-.15 F(in the declaration.)102
+224.4 Q 1.972(Each en)127 240.6 R -.15(ve)-.4 G 1.972(lope is assigned \
+to a queue group based on the algorithm described in section).15 F -.74
+(``)102 252.6 S(Queue Groups and Queue Directories').74 E('.)-.74 E F0
+2.5(5.11. X)87 276.6 R 2.5<8a4d>2.5 G
+(ail Filter \(Milter\) De\214nitions)-2.5 E F1(The)127 292.8 Q F2
+(sendmail)3.937 E F1 1.437
+(Mail Filter API \(Milter\) is designed to allo)3.937 F 3.937(wt)-.25 G
+1.437(hird-party programs access to)-3.937 F .177(mail messages as the)
+102 304.8 R 2.677(ya)-.15 G .177
+(re being processed in order to \214lter meta-information and content.)
+-2.677 F(The)5.178 E 2.678(ya)-.15 G(re)-2.678 E
+(declared in the con\214guration \214le as:)102 316.8 Q F0(X)142 333 Q
+F2(name)A F1({,)2.5 E F2(\214eld)2.5 E F1(=)A F2(value)A F1(}*)1.666 E
+(where)102 349.2 Q F2(name)4.688 E F1 2.188(is the name of the \214lter\
+ \(used internally only\) and the \231\214eld=name\232 pairs de\214ne)
+4.688 F(attrib)102 361.2 Q .491(utes of the \214lter)-.2 F 5.491(.A)-.55
+G .491(lso see the documentation for the)-5.491 F F0(InputMailFilters)
+2.992 E F1 .492(option for more infor)2.992 F(-)-.2 E(mation.)102 373.2
+Q(Fields are:)127 389.4 Q(Sock)142 405.6 Q 42.38(et The)-.1 F(sock)2.5 E
+(et speci\214cation)-.1 E 47.83(Flags Special)142 417.6 R
+(\215ags for this \214lter)2.5 E -.35(Ti)142 429.6 S 32.07(meouts T).35
+F(imeouts for this \214lter)-.35 E
+(Only the \214rst character of the \214eld name is check)102 445.8 Q
+(ed \(it')-.1 E 2.5(sc)-.55 G(ase-sensiti)-2.5 E -.15(ve)-.25 G(\).).15
+E(The sock)127 462 Q(et speci\214cation is one of the follo)-.1 E
+(wing forms:)-.25 E F0(S=inet:)142 478.2 Q F2(port)2.5 E F0(@)2.5 E F2
+(host)2.5 E F0(S=inet6:)142 498.6 Q F2(port)2.5 E F0(@)2.5 E F2(host)2.5
+E F0(S=local:)142 519 Q F2(path)2.5 E F1 1.792(The \214rst tw)102 535.2
+R 4.291(od)-.1 G 1.791(escribe an IPv4 or IPv6 sock)-4.291 F 1.791
+(et listening on a certain)-.1 F F2(port)4.291 E F1 1.791(at a gi)4.291
+F -.15(ve)-.25 G(n).15 E F2(host)4.291 E F1 1.791(or IP)4.291 F 2.5
+(address. The)102 547.2 R(\214nal form describes a named sock)2.5 E
+(et on the \214lesystem at the gi)-.1 E -.15(ve)-.25 G(n).15 E F2(path)
+2.5 E F1(.)A(The follo)127 563.4 Q
+(wing \215ags may be set in the \214lter description.)-.25 E 13.33(RR)
+102 579.6 S(eject connection if \214lter una)-13.33 E -.25(va)-.2 G
+(ilable.).25 E 13.89(TT)102 595.8 S(emporary f)-14.59 E
+(ail connection if \214lter una)-.1 E -.25(va)-.2 G(ilable.).25 E .655
+(If neither F=R nor F=T is speci\214ed, the message is passed through)
+127 612 R F2(sendmail)3.155 E F1 .655(in case of \214lter)3.155 F
+(errors as if the f)102 624 Q(ailing \214lters were not present.)-.1 E
+(The timeouts can be set using the four \214elds inside of the)127 640.2
+Q F0(T=)2.5 E F1(equate:)2.5 E 13.33(CT)102 656.4 S
+(imeout for connecting to a \214lter)-13.68 E 5(.I)-.55 G 2.5(fs)-5 G
+(et to 0, the system')-2.5 E(s)-.55 E F2(connect\(\))2.5 E F1
+(timeout will be used.)2.5 E 14.44(ST)102 672.6 S
+(imeout for sending information from the MT)-14.79 E 2.5(At)-.93 G 2.5
+(oa\214)-2.5 G(lter)-2.5 E(.)-.55 E 13.33(RT)102 688.8 S
+(imeout for reading reply from the \214lter)-13.68 E(.)-.55 E 13.89(EO)
+102 705 S -.15(ve)-13.89 G 1.186
+(rall timeout between sending end-of-message to \214lter and w).15 F
+1.186(aiting for the \214nal ackno)-.1 F(wl-)-.25 E(edgment.)122 717 Q 0
+Cg EP
%%Page: 93 89
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3933>195.86 E
-/F1 10/Times-Roman@0 SF<6d616b>157 96 Q<656d6170206274726565202f6574632f
-6d61696c2f757365726462203c202f6574632f6d61696c2f757365726462>-.1 E .077<
-5468656e20637265617465206120636f6e8c67208c6c6520746861742075736573207468
-69732e>117 112.2 R -.15<466f>5.077 G 2.577<7265>.15 G .077<78616d706c65
-2c207573696e6720746865205638204d3420636f6e8c6775726174696f6e2c20696e636c
-75646520746865>-2.727 F<666f6c6c6f>117 124.2 Q
-<77696e67206c696e6520696e20796f7572202e6d63208c6c653a>-.25 E<64658c6e65
-2892636f6e665553455244425f53504543b42c202f6574632f6d61696c2f757365726462
-29>157 140.4 Q F0 2.5<362e204f>72 168.6 R<5448455220434f4e464947555241>
--.4 E<54494f4e>-.95 E F1 .907<54686572652061726520736f6d6520636f6e8c6775
-726174696f6e206368616e67657320746861742063616e206265206d6164652062792072
-65636f6d70696c696e67>112 184.8 R/F2 10/Times-Italic@0 SF
-<73656e646d61696c>3.407 E F1 5.907<2e54>C .906<6869732073656374696f6e>
--5.907 F 1.139<6465736372696265732077686174206368616e6765732063616e2062
-65206d61646520616e6420776861742068617320746f206265206d6f64698c656420746f
-206d616b>87 196.8 R 3.639<6574>-.1 G 3.639<68656d2e20496e>-3.639 F 1.139
-<6d6f73742063617365732074686973>3.639 F<73686f756c6420626520756e6e656365
-737361727920756e6c65737320796f752061726520706f7274696e67>87 208.8 Q F2
-<73656e646d61696c>2.5 E F1<746f2061206e65>2.5 E 2.5<7765>-.25 G -.4
-<6e76>-2.5 G<69726f6e6d656e742e>.4 E F0 2.5<362e312e2050>87 232.8 R
-<6172616d657465727320696e206465>-.1 E<76746f6f6c732f4f532f246f736366>
--.15 E F1 .92<546865736520706172616d65746572732061726520696e74656e646564
-20746f2064657363726962652074686520636f6d70696c6174696f6e20656e>127 249 R
-.92<7669726f6e6d656e742c206e6f74207369746520706f6c6963>-.4 F 2.22 -.65
-<792c2061>-.15 H<6e64>.65 E .739<73686f756c64206e6f726d616c6c7920626520
-64658c6e656420696e20746865206f7065726174696e672073797374656d20636f6e8c67
-75726174696f6e208c6c652e>102 261 R F0 .74
-<546869732073656374696f6e206e65656473206120636f6d2d>5.739 F
-<706c6574652072>102 273 Q<6577726974652e>-.18 E F1 39.5<4e44424d204966>
-102 289.2 R .665<7365742c20746865206e65>3.165 F 3.165<7776>-.25 G .664
-<657273696f6e206f66207468652044424d206c696272617279207468617420616c6c6f>
--3.315 F .664
-<7773206d756c7469706c65206461746162617365732077696c6c206265>-.25 F 2.542
-<757365642e204966>174 301.2 R .042<6e656974686572204e44424d206e6f72204e
-4557444220617265207365742c2061206d756368206c657373206566>2.542 F .043
-<8c6369656e74206d6574686f64206f6620616c696173>-.25 F
-<6c6f6f6b757020697320757365642e>174 313.2 Q 32.84<4e45574442204966>102
-329.4 R .142<7365742c2075736520746865206e65>2.642 F 2.642<7764>-.25 G
-.142<61746162617365207061636b6167652066726f6d204265726b>-2.642 F<656c65>
--.1 E 2.641<7928>-.15 G .141<66726f6d20342e34425344292e>-2.641 F .141
-<54686973207061636b616765>5.141 F .266
-<6973207375627374616e7469616c6c792066>174 341.4 R .267
-<6173746572207468616e2044424d206f72204e44424d2e>-.1 F .267
-<4966204e4557444220616e64204e44424d2061726520626f7468207365742c>5.267 F
-F2<73656e646d61696c>174 353.4 Q F1
-<77696c6c20726561642044424d208c6c65732c2062>2.5 E
-<75742077696c6c2063726561746520616e6420757365204e45574442208c6c65732e>
--.2 E 53.39<4e495320496e636c756465>102 369.6 R .12
-<737570706f727420666f72204e49532e>2.62 F .119
-<49662073657420746f6765746865722077697468>5.119 F F2<626f7468>2.619 E F1
-.119<4e4557444220616e64204e44424d2c>2.619 F F2<73656e646d61696c>2.619 E
-F1 .947<77696c6c2063726561746520626f74682044424d20616e64204e45574442208c
-6c657320696620616e64206f6e6c7920696620616e20616c696173208c6c6520696e636c
-7564657320746865>174 381.6 R 3.409
-<737562737472696e6720992f79702f9a20696e20746865206e616d652e>174 393.6 R
-3.409<5468697320697320696e74656e64656420666f7220636f6d7061746962696c6974
-7920776974682053756e>8.409 F<4d6963726f73797374656d7327>174 405.6 Q F2
-<6d6b616c696173>2.5 E F1
-<70726f6772616d2075736564206f6e205950206d6173746572732e>2.5 E 28.94
-<4e4953504c555320436f6d70696c65>102 421.8 R
-<696e20737570706f727420666f72204e49532b2e>2.5 E 26.73
-<4e4554494e464f20436f6d70696c65>102 438 R<696e20737570706f727420666f7220
-4e6574496e666f20284e6558542073746174696f6e73292e>2.5 E<4c44>102 454.2 Q
-22.12<41504d415020436f6d70696c65>-.4 F 1.225
-<696e20737570706f727420666f72204c44>3.725 F 1.225
-<4150205835303020717565726965732e>-.4 F 1.226
-<5265717569726573206c69626c64617020616e64206c69626c6265722066726f6d>
-6.226 F 2.799<74686520556d696368204c44>174 466.2 R 2.798
-<415020332e32206f7220332e332072656c65617365206f722065717569>-.4 F -.25
-<7661>-.25 G 2.798
-<6c656e74206c696272617269657320666f72206f74686572204c44>.25 F<4150>-.4 E
-<6c69627261726965732073756368206173204f70656e4c44>174 478.2 Q<4150>-.4 E
-<2e>-1.11 E 32.84<484553494f4420436f6d70696c65>102 494.4 R
-<696e20737570706f727420666f7220486573696f642e>2.5 E 22.83
-<4d41505f4e534420436f6d70696c65>102 510.6 R
-<696e20737570706f727420666f722049524958204e5344206c6f6f6b7570732e>2.5 E
-9.5<4d41505f524547455820436f6d70696c65>102 526.8 R
-<696e20737570706f727420666f72207265>2.5 E<67756c61722065>-.15 E
-<787072657373696f6e206d61746368696e672e>-.15 E 27.83
-<444e534d415020436f6d70696c65>102 543 R<696e20737570706f727420666f722044
-4e53206d6170206c6f6f6b75707320696e20746865>2.5 E F2
-<73656e646d61696c2e6366>2.5 E F1<8c6c652e>2.5 E 30.05
-<50485f4d415020436f6d70696c65>102 559.2 R
-<696e20737570706f727420666f72207068206c6f6f6b7570732e>2.5 E 45.05
-<5341534c20436f6d70696c65>102 575.4 R 1.474<696e20737570706f727420666f72
-205341534c2c206120726571756972656420636f6d706f6e656e7420666f7220534d5450
-2041757468656e7469636174696f6e>3.974 F<737570706f72742e>174 587.4 Q
-<5354>102 603.6 Q<4152>-.93 E 21.58<54544c5320436f6d70696c65>-.6 F
-<696e20737570706f727420666f72205354>2.5 E<4152>-.93 E<54544c532e>-.6 E
-48.95<45474420436f6d70696c65>102 619.8 R .068
-<696e20737570706f727420666f72207468652022456e74726f70>2.568 F 2.567
-<7947>-.1 G .067<6174686572696e67204461656d6f6e2220746f2070726f>-2.567 F
-.067<76696465206265747465722072616e646f6d>-.15 F
-<6461746120666f7220544c532e>174 631.8 Q -1.63
-<544350575241505045525320436f6d70696c65>102 648 R
-<696e20737570706f727420666f72205443502057726170706572732e>2.5 E<5f50>102
-664.2 Q -1.11<4154>-.92 G<485f53454e444d41494c4346>1.11 E<54686520706174
-686e616d65206f66207468652073656e646d61696c2e6366208c6c652e>174 676.2 Q
-<5f50>102 692.4 Q -1.11<4154>-.92 G<485f53454e444d41494c504944>1.11 E<54
-686520706174686e616d65206f66207468652073656e646d61696c2e706964208c6c652e>
-174 704.4 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-93)195.86 E/F1 10/Times-Roman@0 SF 1.402
+(Note the separator between each timeout \214eld is a)127 96 R F0(';')
+3.903 E F1 6.403(.T)C 1.403(he def)-6.403 F 1.403(ault v)-.1 F 1.403
+(alues \(if not set\) are:)-.25 F F0(T=C:5m;S:10s;R:10s;E:5m)102 108 Q
+F1(where)2.5 E F0(s)2.5 E F1(is seconds and)2.5 E F0(m)2.5 E F1
+(is minutes.)2.5 E(Examples:)127 124.2 Q(X\214lter1, S=local:/v)142
+140.4 Q(ar/run/f1.sock, F=R)-.25 E
+(X\214lter2, S=inet6:999@localhost, F=T)142 152.4 Q 2.5(,T)-.74 G
+(=S:1s;R:1s;E:5m)-2.5 E(X\214lter3, S=inet:3333@localhost, T=C:2m)142
+164.4 Q F0 2.5(5.12. The)87 192.6 R(User Database)2.5 E F1 .479
+(The user database is deprecated in f)127 208.8 R -.2(avo)-.1 G 2.978
+(ro).2 G 2.978(f`)-2.978 G(`virtusertable')-3.718 E 2.978('a)-.74 G .478
+(nd `)-2.978 F(`genericstable')-.74 E 2.978('a)-.74 G 2.978(se)-2.978 G
+(xplained)-3.128 E 1.029(in the \214le)102 220.8 R F0(cf/README)3.529 E
+F1 6.029(.I)C 3.529(fy)-6.029 G 1.029(ou ha)-3.529 F 1.329 -.15(ve a ve)
+-.2 H 1.029(rsion of).15 F/F2 10/Times-Italic@0 SF(sendmail)3.529 E F1
+1.03(with the user database package com-)3.53 F(piled in, the handling \
+of sender and recipient addresses is modi\214ed.)102 232.8 Q
+(The location of this database is controlled with the)127 249 Q F0
+(UserDatabaseSpec)2.5 E F1(option.)2.5 E F0 2.5(5.12.1. Structur)102 273
+R 2.5(eo)-.18 G 2.5(ft)-2.5 G(he user database)-2.5 E F1
+(The database is a sorted \(BT)142 289.2 Q(ree-based\) structure.)-.35 E
+(User records are stored with the k)5 E -.15(ey)-.1 G(:).15 E F2(user)
+157 305.4 Q(-name)-.2 E F0(:)A F2(\214eld-name)A F1 .128(The sorted dat\
+abase format ensures that user records are clustered together)117 321.6
+R 5.128(.M)-.55 G .128(eta-information is)-5.128 F(al)117 333.6 Q -.1
+(wa)-.1 G(ys stored with a leading colon.).1 E
+(Field names de\214ne both the syntax and semantics of the v)142 349.8 Q
+2.5(alue. De\214ned)-.25 F(\214elds include:)2.5 E 33.39(maildrop The)
+117 366 R(deli)4.872 E -.15(ve)-.25 G 2.372(ry address for this user).15
+F 7.372(.T)-.55 G 2.373(here may be multiple v)-7.372 F 2.373
+(alues of this)-.25 F 2.675(record. In)189 378 R(particular)2.675 E
+2.675(,m)-.4 G .175(ailing lists will ha)-2.675 F .475 -.15(ve o)-.2 H
+(ne).15 E F2(maildr)2.675 E(op)-.45 E F1 .175(record for each user)2.675
+F(on the list.)189 390 Q 30.06(mailname The)117 406.2 R 1.026
+(outgoing mailname for this user)3.526 F 6.026(.F)-.55 G 1.027
+(or each outgoing name, there should)-6.176 F .08(be an appropriate)189
+418.2 R F2(maildr)2.58 E(op)-.45 E F1 .08(record for that name to allo)
+2.58 F 2.58(wr)-.25 G .08(eturn mail.)-2.58 F .08(See also)5.08 F F2
+(:default:mailname)189 430.2 Q F1(.)A 25.62(mailsender Changes)117 446.4
+R(an)3.447 E 3.447(ym)-.15 G .947(ail sent to this address to ha)-3.447
+F 1.248 -.15(ve t)-.2 H .948(he indicated en).15 F -.15(ve)-.4 G .948
+(lope sender).15 F(.)-.55 E .498(This is intended for mailing lists, an\
+d will normally be the name of an appro-)189 458.4 R .754
+(priate -request address.)189 470.4 R .754(It is v)5.754 F .755
+(ery similar to the o)-.15 F(wner)-.25 E(-)-.2 E F2(list)A F1 .755
+(syntax in the alias)3.255 F(\214le.)189 482.4 Q 33.95(fullname The)117
+498.6 R(full name of the user)2.5 E(.)-.55 E(of)117 514.8 Q 13.66
+(\214ce-address The)-.25 F(of)2.5 E(\214ce address for this user)-.25 E
+(.)-.55 E(of)117 531 Q 19.21(\214ce-phone The)-.25 F(of)2.5 E
+(\214ce phone number for this user)-.25 E(.)-.55 E(of)117 547.2 Q
+(\214ce-f)-.25 E 30.98(ax The)-.1 F(of)2.5 E(\214ce F)-.25 E
+(AX number for this user)-.74 E(.)-.55 E 13.96(home-address The)117
+563.4 R(home address for this user)2.5 E(.)-.55 E 19.51(home-phone The)
+117 579.6 R(home phone number for this user)2.5 E(.)-.55 E(home-f)117
+595.8 Q 31.28(ax The)-.1 F(home F)2.5 E(AX number for this user)-.74 E
+(.)-.55 E 41.73(project A)117 612 R .856
+(\(short\) description of the project this person is af)3.356 F .855
+(\214liated with.)-.25 F .855(In the Uni-)5.855 F -.15(ve)189 624 S
+(rsity this is often just the name of their graduate advisor).15 E(.)
+-.55 E 52.28(plan A)117 640.2 R
+(pointer to a \214le from which plan information can be g)2.5 E
+(athered.)-.05 E .924(As of this writing, only a fe)142 656.4 R 3.424
+(wo)-.25 G 3.424(ft)-3.424 G .925
+(hese \214elds are actually being used by)-3.424 F F2(sendmail)3.425 E
+F1(:)A F2(mail-)3.425 E(dr)117 668.4 Q(op)-.45 E F1(and)2.5 E F2
+(mailname)2.5 E F1 5(.A)C F2(\214ng)-2.5 E(er)-.1 E F1
+(program that uses the other \214elds is planned.)2.5 E F0 2.5
+(5.12.2. User)102 692.4 R(database semantics)2.5 E F1 .996(When the re)
+142 708.6 R .995(writing rules submit an address to the local mailer)
+-.25 F 3.495(,t)-.4 G .995(he user name is passed)-3.495 F .78
+(through the alias \214le.)117 720.6 R .781(If no alias is found \(or i\
+f the alias points back to the same address\), the)5.78 F 0 Cg EP
%%Page: 94 90
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d39342053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<534d5f434f4e465f53484d>102 96 Q<436f6d70696c6520
-696e20737570706f727420666f7220736861726564206d656d6f7279>174 108 Q 2.5
-<2c73>-.65 G<65652073656374696f6e2061626f757420222f76>-2.5 E
-<61722f73706f6f6c2f6d7175657565222e>-.25 E<4d494c>102 124.2 Q 33.2
-<54455220436f6d70696c65>-.92 F
-<696e20737570706f727420666f7220636f6e74616374696e672065>2.5 E
-<787465726e616c206d61696c208c6c746572732062>-.15 E
-<75696c74207769746820746865204d696c746572204150492e>-.2 E 1.439
-<54686572652061726520616c736f207365>127 140.4 R -.15<7665>-.25 G 1.439<
-72616c20636f6d70696c6174696f6e208d61677320746f20696e64696361746520746865
-20656e>.15 F 1.44
-<7669726f6e6d656e74207375636820617320995f414958339a20616e64>-.4 F 2.5
-<995f53434f5f756e69785f9a2e20536565>102 152.4 R<7468652073656e646d61696c
-2f524541444d45208c6c6520666f7220746865206c61746573742073636f6f70206f6e20
-7468657365208d6167732e>2.5 E F0 2.5<362e312e312e2046>102 176.4 R
-<6f72204675747572>-.25 E 2.5<6552>-.18 G<656c6561736573>-2.5 E/F2 10
-/Times-Italic@0 SF<73656e646d61696c>142 192.6 Q F1 .641
-<6f6674656e20636f6e7461696e7320636f6d70696c652074696d65206f7074696f6e73>
-3.141 F F2 -1.05<466f>3.141 G 3.141<7246>1.05 G<75747572>-3.141 E 3.141
-<6552>-.37 G<656c6561736573>-3.141 E F1 .641
-<287072658c78205f4646525f29207768696368>3.141 F .432
-<6d6967687420626520656e61626c656420696e20612073756273657175656e742076>
-117 204.6 R .432
-<657273696f6e206f72206d696768742073696d706c792062652072656d6f>-.15 F
--.15<7665>-.15 G 2.933<6461>.15 G 2.933<7374>-2.933 G<6865>-2.933 E
-2.933<7974>-.15 G .433<75726e6564206f7574206e6f7420746f>-2.933 F 1.089
-<6265207265616c6c792075736566756c2e>117 216.6 R 1.089<546865736520666561
-74757265732061726520757375616c6c79206e6f7420646f63756d656e7465642062>
-6.089 F 1.089<757420696620746865>-.2 F 3.588<7961>-.15 G 1.088
-<72652c207468656e20746865207265717569726564>-3.588 F 1.793<284646522920
-636f6d70696c652074696d65206f7074696f6e7320617265206c69737465642068657265
-20666f722072756c657365747320616e64206d6163726f732c20616e6420696e>117
-228.6 R F2<63662f524541444d45>4.294 E F1<666f72>4.294 E .951
-<6d632f6366206f7074696f6e732e>117 240.6 R .951<46465220636f6d70696c6520
-74696d6573206f7074696f6e73206d75737420626520656e61626c6564207768656e2074
-68652073656e646d61696c2062696e6172792069732062>5.951 F<75696c74>-.2 E
-<66726f6d20736f757263652e>117 252.6 Q<456e61626c6564204646527320696e2061
-2062696e6172792063616e206265206c69737465642077697468>5 E
-<73656e646d61696c202d64302e3133203c202f6465>157 268.8 Q
-<762f6e756c6c207c206772657020464652>-.25 E F0 2.5<362e322e2050>87 297 R
-<6172616d657465727320696e2073656e646d61696c2f636f6e66>-.1 E<2e68>-.15 E
-F1 -.15<5061>127 313.2 S .895<72616d657465727320616e6420636f6d70696c6174
-696f6e206f7074696f6e73206172652064658c6e656420696e20636f6e662e682e>.15 F
-.896<4d6f7374206f66207468657365206e656564206e6f74206e6f726d616c6c79>
-5.895 F .193<626520747765616b>102 325.2 R .192<65643b20636f6d6d6f6e2070
-6172616d65746572732061726520616c6c20696e2073656e646d61696c2e63662e>-.1 F
-<486f>5.192 E<7765>-.25 E -.15<7665>-.25 G .992 -.4<722c2074>.15 H .192
-<68652073697a6573206f66206365727461696e207072696d697469>.4 F .492 -.15
-<7665207665>-.25 H<632d>.15 E<746f72732c206574632e2c2061726520696e636c75
-64656420696e2074686973208c6c652e>102 337.2 Q
-<546865206e756d6265727320666f6c6c6f>5 E
-<77696e672074686520706172616d65746572732061726520746865697220646566>-.25
-E<61756c742076>-.1 E<616c75652e>-.25 E 1.247<5468697320646f63756d656e74
-206973206e6f7420746865206265737420736f75726365206f6620696e666f726d617469
-6f6e20666f7220636f6d70696c6174696f6e208d61677320696e20636f6e662e68208a20
-736565>127 353.4 R<73656e646d61696c2f524541444d45206f722073656e646d6169
-6c2f636f6e662e6820697473656c662e>102 365.4 Q
-<4d41584c494e45205b323034385d>102 381.6 Q 2.069
-<546865206d6178696d756d206c696e65206c656e677468206f6620616e>11.14 F
-4.568<7969>-.15 G 2.068<6e707574206c696e652e>-4.568 F 2.068
-<4966206d657373616765206c696e65732065>7.068 F 2.068
-<78636565642074686973>-.15 F .575<6c656e67746820746865>188.4 393.6 R
-3.075<7977>-.15 G .575<696c6c207374696c6c2062652070726f6365737365642063
-6f72726563746c793b20686f>-3.075 F<7765>-.25 E -.15<7665>-.25 G 1.375 -.4
-<722c2068>.15 H .575<6561646572206c696e65732c20636f6e8c677572612d>.4 F<
-74696f6e208c6c65206c696e65732c20616c696173206c696e65732c206574632e2c206d
-757374208c742077697468696e2074686973206c696d69742e>188.4 405.6 Q
-<4d41584e>102 421.8 Q<414d45205b3235365d>-.35 E
-<546865206d6178696d756d206c656e677468206f6620616e>9.82 E 2.5<796e>-.15 G
-<616d652c2073756368206173206120686f7374206f7220612075736572206e616d652e>
--2.5 E<4d41585056205b3235365d>102 438 Q .25<546865206d6178696d756d206e75
-6d626572206f6620706172616d657465727320746f20616e>26.13 F 2.75<796d>-.15
-G<61696c6572>-2.75 E 5.25<2e54>-.55 G .25
-<686973206c696d69747320746865206e756d626572206f66>-5.25 F .375<72656369
-7069656e74732074686174206d61792062652070617373656420696e206f6e6520747261
-6e73616374696f6e2e>188.4 450 R .376
-<49742063616e2062652073657420746f20616e>5.376 F 2.876<7961>-.15 G
-<7262697472617279>-2.876 E .876<6e756d6265722061626f>188.4 462 R 1.176
--.15<76652061>-.15 H .876<626f75742031302c2073696e6365>.15 F F2
-<73656e646d61696c>3.376 E F1 .876
-<77696c6c20627265616b20757020612064656c69>3.376 F -.15<7665>-.25 G .875
-<727920696e746f20736d616c6c6572>.15 F .886
-<62617463686573206173206e65656465642e>188.4 474 R 3.386<4168>5.886 G
-.887<6967686572206e756d626572206d617920726564756365206c6f6164206f6e2079
-6f75722073797374656d2c20686f>-3.386 F<772d>-.25 E -2.15 -.25<65762065>
-188.4 486 T -.55<722e>.25 G<4d415851>102 502.2 Q<554555454752>-.1 E
-<4f555053205b35305d>-.4 E
-<546865206d6178696d756d206e756d626572206f662071756575652067726f7570732e>
-188.4 514.2 Q<4d415841>102 530.4 Q -.18<544f>-1.11 G 2.5<4d5b>.18 G 3.26
-<313030305d20546865>-2.5 F .064
-<6d6178696d756d206e756d626572206f662061746f6d732028746f6b>2.564 F .063
-<656e732920696e20612073696e676c6520616464726573732e>-.1 F -.15<466f>
-5.063 G 2.563<7265>.15 G .063<78616d706c652c20746865>-2.713 F
-<616464726573732099657269634043532e4265726b>188.4 542.4 Q<656c65>-.1 E
--.65<792e>-.15 G<4544559a206973207365>.65 E -.15<7665>-.25 G 2.5<6e61>
-.15 G<746f6d732e>-2.5 E<4d41584d41494c455253205b32355d>102 558.6 Q .122<
-546865206d6178696d756d206e756d626572206f66206d61696c6572732074686174206d
-61792062652064658c6e656420696e2074686520636f6e8c6775726174696f6e208c6c65
-2e>.02 F<546869732076>188.4 570.6 Q<616c75652069732064658c6e656420696e20
-696e636c7564652f73656e646d61696c2f73656e646d61696c2e682e>-.25 E
-<4d415852>102 586.8 Q<5753455453205b3230305d>-.55 E .432
-<546865206d6178696d756d206e756d626572206f66207265>.01 F .432
-<77726974696e6720736574732074686174206d61792062652064658c6e65642e>-.25 F
-.431<546865208c7273742068616c66206f66>5.431 F .034
-<74686573652061726520726573657276>188.4 598.8 R .034<656420666f72206e75
-6d657269632073706563698c636174696f6e2028652e672e2c2060>-.15 F
-<6053393227>-.74 E .035
-<27292c207768696c65207468652075707065722068616c66>-.74 F .492
-<61726520726573657276>188.4 610.8 R .492
-<656420666f72206175746f2d6e756d626572696e672028652e672e2c2060>-.15 F
-<6053666f6f27>-.74 E 2.992<27292e20546875732c>-.74 F .492
-<7769746820612076>2.992 F .491<616c7565206f662032303020616e>-.25 F
-<617474656d707420746f207573652060>188.4 622.8 Q<6053393927>-.74 E 2.5
-<2777>-.74 G<696c6c20737563636565642c2062>-2.5 E<75742060>-.2 E
-<605331303027>-.74 E 2.5<2777>-.74 G<696c6c2066>-2.5 E<61696c2e>-.1 E
-<4d41585052494f524954494553205b32355d>102 639 Q 2.481
-<546865206d6178696d756d206e756d626572206f662076>188.4 651 R 2.482<616c75
-657320666f72207468652099507265636564656e63653a9a208c656c642074686174206d
-6179206265>-.25 F<64658c6e656420287573696e6720746865>188.4 663 Q F0<50>
-2.5 E F1<6c696e6520696e2073656e646d61696c2e6366292e>2.5 E
-<4d415855534552454e564952>102 679.2 Q<4f4e205b3130305d>-.4 E .399<546865
-206d6178696d756d206e756d626572206f66206974656d7320696e207468652075736572
-20656e>188.4 691.2 R .399
-<7669726f6e6d656e7420746861742077696c6c2062652070617373656420746f>-.4 F
-<7375626f7264696e617465206d61696c6572732e>188.4 703.2 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-94 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 1.778
+(name \(with \231:maildrop\232 appended\) is then used as a k)117 96 R
+2.077 -.15(ey i)-.1 H 4.277(nt).15 G 1.777(he user database.)-4.277 F
+1.777(If no match)6.777 F
+(occurs \(or if the maildrop points at the same address\), forw)117 108
+Q(arding is tried.)-.1 E .55(If the \214rst tok)142 124.2 R .551(en of \
+the user name returned by ruleset 0 is an \231@\232 sign, the user data\
+base)-.1 F .626(lookup is skipped.)117 136.2 R .625
+(The intent is that the user database will act as a set of def)5.626 F
+.625(aults for a cluster)-.1 F 1.533
+(\(in our case, the Computer Science Di)117 148.2 R 1.533
+(vision\); mail sent to a speci\214c machine should ignore)-.25 F
+(these def)117 160.2 Q(aults.)-.1 E .351
+(When mail is sent, the name of the sending user is look)142 176.4 R
+.351(ed up in the database.)-.1 F .351(If that user)5.351 F .04
+(has a \231mailname\232 record, the v)117 188.4 R .041
+(alue of that record is used as their outgoing name.)-.25 F -.15(Fo)
+5.041 G 2.541(re).15 G .041(xample, I)-2.691 F(might ha)117 200.4 Q .3
+-.15(ve a r)-.2 H(ecord:).15 E 12.29(eric:mailname Eric.Allman@CS.Berk)
+157 216.6 R(ele)-.1 E -.65(y.)-.15 G(EDU).65 E(This w)117 232.8 Q
+(ould cause my outgoing mail to be sent as Eric.Allman.)-.1 E .52
+(If a \231maildrop\232 is found for the user)142 249 R 3.019(,b)-.4 G
+.519(ut no corresponding \231mailname\232 record e)-3.219 F .519
+(xists, the)-.15 F 1.127(record \231:def)117 261 R 1.127
+(ault:mailname\232 is consulted.)-.1 F 1.127
+(If present, this is the name of a host to o)6.127 F -.15(ve)-.15 G
+1.128(rride the).15 F .625(local host.)117 273 R -.15(Fo)5.625 G 3.125
+(re).15 G .625(xample, in our case we w)-3.275 F .625
+(ould set it to \231CS.Berk)-.1 F(ele)-.1 E -.65(y.)-.15 G 3.125
+(EDU\232. The).65 F(ef)3.125 E .625(fect is that)-.25 F(an)117 285 Q
+.881(yone kno)-.15 F .882(wn in the database gets their outgoing mail s\
+tamped as \231user@CS.Berk)-.25 F(ele)-.1 E -.65(y.)-.15 G(EDU\232,).65
+E -.2(bu)117 297 S 2.5(tp).2 G
+(eople not listed in the database use the local hostname.)-2.5 E F0 2.5
+(5.12.3. Cr)102 323 R(eating the database)-.18 E/F2 7/Times-Bold@0 SF
+(23)-4 I F1 .375(The user database is b)142 339.2 R .375(uilt from a te)
+-.2 F .375(xt \214le using the)-.15 F/F3 10/Times-Italic@0 SF(mak)2.875
+E(emap)-.1 E F1 .375(utility \(in the distrib)2.875 F .375(ution in)-.2
+F 1.039(the mak)117 351.2 R 1.039(emap subdirectory\).)-.1 F 1.039
+(The te)6.039 F 1.038
+(xt \214le is a series of lines corresponding to userdb records;)-.15 F
+1.588(each line has a k)117 363.2 R 1.889 -.15(ey a)-.1 H 1.589(nd a v)
+.15 F 1.589(alue separated by white space.)-.25 F 1.589(The k)6.589 F
+1.889 -.15(ey i)-.1 H 4.089(sa).15 G -.1(lwa)-4.089 G 1.589
+(ys in the format).1 F(described abo)117 375.2 Q .3 -.15(ve \212 f)-.15
+H(or e).15 E(xample:)-.15 E(eric:maildrop)157 391.4 Q 3.984
+(This \214le is normally installed in a system directory; for e)117
+407.6 R 3.984(xample, it might be called)-.15 F F3(/etc/mail/user)117
+419.6 Q(db)-.37 E F1 5(.T)C 2.5(om)-5.8 G(ak)-2.5 E 2.5(et)-.1 G
+(he database v)-2.5 E(ersion of the map, run the program:)-.15 E(mak)157
+435.8 Q(emap btree /etc/mail/userdb < /etc/mail/userdb)-.1 E .077
+(Then create a con\214g \214le that uses this.)117 452 R -.15(Fo)5.077 G
+2.577(re).15 G .077
+(xample, using the V8 M4 con\214guration, include the)-2.727 F(follo)117
+464 Q(wing line in your .mc \214le:)-.25 E
+(de\214ne\(\222confUSERDB_SPEC\264, /etc/mail/userdb\))157 480.2 Q F0
+2.5(6. O)72 508.4 R(THER CONFIGURA)-.4 E(TION)-.95 E F1 .907
+(There are some con\214guration changes that can be made by recompiling)
+112 524.6 R F3(sendmail)3.407 E F1 5.907(.T)C .906(his section)-5.907 F
+1.139(describes what changes can be made and what has to be modi\214ed \
+to mak)87 536.6 R 3.639(et)-.1 G 3.639(hem. In)-3.639 F 1.139
+(most cases this)3.639 F(should be unnecessary unless you are porting)87
+548.6 Q F3(sendmail)2.5 E F1(to a ne)2.5 E 2.5(we)-.25 G -.4(nv)-2.5 G
+(ironment.).4 E F0 2.5(6.1. P)87 572.6 R(arameters in de)-.1 E
+(vtools/OS/$oscf)-.15 E F1 .92
+(These parameters are intended to describe the compilation en)127 588.8
+R .92(vironment, not site polic)-.4 F 2.22 -.65(y, a)-.15 H(nd).65 E
+.739(should normally be de\214ned in the operating system con\214gurati\
+on \214le.)102 600.8 R F0 .74(This section needs a com-)5.739 F(plete r)
+102 612.8 Q(ewrite.)-.18 E F1 39.5(NDBM If)102 629 R .665(set, the ne)
+3.165 F 3.165(wv)-.25 G .664(ersion of the DBM library that allo)-3.315
+F .664(ws multiple databases will be)-.25 F 2.822(used. If)174 641 R
+.322(neither CDB, NDBM, nor NEWDB are set, a much less ef)2.822 F .323
+(\214cient method)-.25 F(of alias lookup is used.)174 653 Q .32 LW 76
+669.2 72 669.2 DL 80 669.2 76 669.2 DL 84 669.2 80 669.2 DL 88 669.2 84
+669.2 DL 92 669.2 88 669.2 DL 96 669.2 92 669.2 DL 100 669.2 96 669.2 DL
+104 669.2 100 669.2 DL 108 669.2 104 669.2 DL 112 669.2 108 669.2 DL 116
+669.2 112 669.2 DL 120 669.2 116 669.2 DL 124 669.2 120 669.2 DL 128
+669.2 124 669.2 DL 132 669.2 128 669.2 DL 136 669.2 132 669.2 DL 140
+669.2 136 669.2 DL 144 669.2 140 669.2 DL 148 669.2 144 669.2 DL 152
+669.2 148 669.2 DL 156 669.2 152 669.2 DL 160 669.2 156 669.2 DL 164
+669.2 160 669.2 DL 168 669.2 164 669.2 DL 172 669.2 168 669.2 DL 176
+669.2 172 669.2 DL 180 669.2 176 669.2 DL 184 669.2 180 669.2 DL 188
+669.2 184 669.2 DL 192 669.2 188 669.2 DL 196 669.2 192 669.2 DL 200
+669.2 196 669.2 DL 204 669.2 200 669.2 DL 208 669.2 204 669.2 DL 212
+669.2 208 669.2 DL 216 669.2 212 669.2 DL/F4 5/Times-Roman@0 SF(23)93.6
+679.6 Q/F5 8/Times-Roman@0 SF .473(These instructions are kno)3.2 J .473
+(wn to be incomplete.)-.2 F .472(Other features are a)4.473 F -.2(va)
+-.16 G .472(ilable which pro).2 F .472(vide similar functionality)-.12 F
+2.472(,e)-.52 G .472(.g., virtual)-2.472 F
+(hosting and mapping local addresses into a generic form as e)72 692.4 Q
+(xplained in cf/README.)-.12 E 0 Cg EP
%%Page: 95 91
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3935>195.86 E
-/F1 10/Times-Roman@0 SF<4d41584d58484f535453205b3130305d>102 96 Q<546865
-206d6178696d756d206e756d626572206f66204d58207265636f7264732077652077696c
-6c2061636365707420666f7220616e>188.4 108 Q 2.5<7973>-.15 G
-<696e676c6520686f73742e>-2.5 E<4d41584d41505354>102 124.2 Q -.4<4143>
--.93 G 2.5<4b5b>.4 G<31325d>-2.5 E 1.65<546865206d6178696d756d206e756d62
-6572206f66206d6170732074686174206d61792062652022737461636b>188.4 136.2 R
-1.65<65642220696e2061>-.1 F F0<73657175656e6365>4.15 E F1<636c617373>
-4.15 E<6d61702e>188.4 148.2 Q<4d41584d494d4541524753205b32305d>102 164.4
-Q .718<546865206d6178696d756d206e756d626572206f66206172>188.4 176.4 R
-.718<67756d656e747320696e2061204d494d4520436f6e74656e742d54>-.18 F .718
-<7970653a206865616465723b20616464692d>-.8 F<74696f6e616c206172>188.4
-188.4 Q<67756d656e74732077696c6c2062652069676e6f7265642e>-.18 E
-<4d41584d494d454e455354494e47205b32305d>102 204.6 Q .4<546865206d617869
-6d756d20646570746820746f207768696368204d494d45206d65737361676573206d6179
-206265206e65737465642028746861742069732c206e6573746564>188.4 216.6 R
-1.344<4d657373616765206f72204d756c74697061727420646f63756d656e74733b2074
-68697320646f6573206e6f74206c696d697420746865206e756d626572206f6620636f6d
-706f2d>188.4 228.6 R<6e656e747320696e20612073696e676c65204d756c74697061
-727420646f63756d656e74292e>188.4 240.6 Q<4d415844>102 256.8 Q
-<41454d4f4e53205b31305d>-.4 E 1.353
-<546865206d6178696d756d206e756d626572206f6620736f636b>188.4 268.8 R
-1.353<6574732073656e646d61696c2077696c6c206f70656e20666f7220616363657074
-696e6720636f6e6e65632d>-.1 F<74696f6e73206f6e20646966>188.4 280.8 Q
-<666572656e7420706f7274732e>-.25 E<4d41584d41>102 297 Q<434e>-.4 E
-<414d454c454e205b32355d>-.35 E
-<546865206d6178696d756d206c656e677468206f662061206d6163726f206e616d652e>
-188.4 309 Q 2.851<416e>102 325.2 S .351<756d626572206f66206f746865722063
-6f6d70696c6174696f6e206f7074696f6e732065>-2.851 F 2.851
-<786973742e205468657365>-.15 F .35<737065636966792077686574686572206f72
-206e6f742073706563698c6320636f64652073686f756c64206265>2.851 F
-<636f6d70696c656420696e2e>102 337.2 Q<4f6e6573206d61726b>5 E
-<6564207769746820872061726520302f312076>-.1 E<616c7565642e>-.25 E 36.69
-<4e4554494e455487204966>102 353.4 R .829<7365742c20737570706f727420666f
-7220496e7465726e65742070726f746f636f6c206e657477>3.329 F .829
-<6f726b696e6720697320636f6d70696c656420696e2e>-.1 F<507265>5.829 E .83
-<76696f75732076>-.25 F<6572>-.15 E<2d>-.2 E .178<73696f6e73206f66>188.4
-365.4 R/F2 10/Times-Italic@0 SF<73656e646d61696c>2.678 E F1 .178
-<726566657272656420746f2074686973206173>2.678 F/F3 9/Times-Roman@0 SF
--.36<4441>2.678 G<454d4f4e>.36 E F1 2.677<3b74>C .177
-<686973206f6c64207573616765206973206e6f>-2.677 F 2.677<7769>-.25 G
-<6e636f72726563742e>-2.677 E<446566>188.4 377.4 Q 1.87
-<61756c7473206f6e3b207475726e206974206f66>-.1 F 4.37<6669>-.25 G 4.37
-<6e74>-4.37 G 1.87<6865204d616b>-4.37 F 1.87
-<658c6c6520696620796f75722073797374656d20646f65736e27>-.1 F 4.37<7473>
--.18 G 1.87<7570706f727420746865>-4.37 F
-<496e7465726e65742070726f746f636f6c732e>188.4 389.4 Q 31.69
-<4e4554494e45543687204966>102 405.6 R 2.26
-<7365742c20737570706f727420666f722049507636206e657477>4.76 F 2.26
-<6f726b696e6720697320636f6d70696c656420696e2e>-.1 F 2.26
-<4974206d7573742062652073657061726174656c79>7.26 F
-<656e61626c656420627920616464696e67>188.4 417.6 Q F0<4461656d6f6e50>2.5
-E<6f72744f7074696f6e73>-.2 E F1<73657474696e67732e>2.5 E 43.35
-<4e455449534f87204966>102 433.8 R .142
-<7365742c20737570706f727420666f722049534f2070726f746f636f6c206e657477>
-2.642 F .143<6f726b696e6720697320636f6d70696c656420696e20286974206d6179
-20626520617070726f7072692d>-.1 F
-<61746520746f202364658c6e65207468697320696e20746865204d616b>188.4 445.8
-Q<658c6c6520696e7374656164206f6620636f6e662e68292e>-.1 E 34.47
-<4e4554554e495887204966>102 462 R .39
-<7365742c20737570706f727420666f7220554e495820646f6d61696e20736f636b>2.89
-F .39<65747320697320636f6d70696c656420696e2e>-.1 F .39
-<54686973206973207573656420666f7220636f6e2d>5.39 F<74726f6c20736f636b>
-188.4 474 Q<657420737570706f72742e>-.1 E 63.35<4c4f47204966>102 490.2 R
-.5<7365742c20746865>3 F F2<7379736c6f>3 E<67>-.1 E F1 .5<726f7574696e65
-20696e2075736520617420736f6d6520736974657320697320757365642e>3 F .5
-<54686973206d616b>5.5 F .5<657320616e20696e666f726d612d>-.1 F .504<7469
-6f6e616c206c6f67207265636f726420666f722065616368206d6573736167652070726f
-6365737365642c20616e64206d616b>188.4 502.2 R .504
-<6573206120686967686572207072696f72697479206c6f67>-.1 F .052
-<7265636f726420666f7220696e7465726e616c2073797374656d206572726f72732e>
-188.4 514.2 R F0<535452>5.052 E<4f4e474c>-.3 E 2.552<5952>-.92 G
-<45434f4d4d454e444544>-2.552 E F1 2.553<8a69>2.552 G 2.553<6679>-2.553 G
-<6f75>-2.553 E -.1<7761>188.4 526.2 S
-<6e74206e6f206c6f6767696e672c207475726e206974206f66>.1 E 2.5<6669>-.25 G
-2.5<6e74>-2.5 G<686520636f6e8c6775726174696f6e208c6c652e>-2.5 E<4d41>102
-542.4 Q 11.12<5443484745434f538720436f6d70696c65>-1.11 F 3.555
-<696e2074686520636f646520746f20646f2060>6.055 F 3.555
-<6066757a7a79206d61746368696e6727>-.74 F 6.055<276f>-.74 G 6.055<6e74>
--6.055 G 3.555<6865204745434f53208c656c6420696e>-6.055 F 2.5
-<2f6574632f7061737377642e2054686973>188.4 554.4 R
-<616c736f207265717569726573207468617420746865>2.5 E F0
-<4d617463684745434f53>2.5 E F1<6f7074696f6e206265207475726e6564206f6e2e>
-2.5 E -.35<4e41>102 570.6 S 13.15<4d45445f42494e448720436f6d70696c65>.35
-F .412<696e20636f646520746f2075736520746865204265726b>2.912 F<656c65>-.1
-E 2.913<7949>-.15 G .413
-<6e7465726e6574204e616d6520446f6d61696e202842494e44292073657276>-2.913 F
-.413<657220746f>-.15 F<7265736f6c76>188.4 582.6 Q 2.5<6554>-.15 G
-<43502f495020686f7374206e616d65732e>-2.5 E<4e4f>102 598.8 Q 38.76
-<54554e4958204966>-.4 F .248<796f7520617265207573696e672061206e6f6e2d55
-4e4958206d61696c20666f726d61742c20796f752063616e207365742074686973208d61
-6720746f207475726e206f66>2.748 F 2.747<6673>-.25 G<70652d>-2.747 E<6369
-616c2070726f63657373696e67206f6620554e49582d7374796c65209946726f6d209a20
-6c696e65732e>188.4 610.8 Q 39.45<5553455244428720496e636c756465>102 627
-R<746865>3.448 E F0<6578706572696d656e74616c>3.448 E F1<4265726b>3.449 E
-<656c65>-.1 E 3.449<7975>-.15 G .949
-<73657220696e666f726d6174696f6e206461746162617365207061636b6167652e>
--3.449 F<54686973>5.949 E .27<616464732061206e65>188.4 639 R 2.77<776c>
--.25 G -2.15 -.25<65762065>-2.77 H 2.77<6c6f>.25 G 2.77<666c>-2.77 G .27
-<6f63616c206e616d652065>-2.77 F .27
-<7870616e73696f6e206265747765656e20616c696173696e6720616e6420666f7277>
--.15 F 2.77<617264696e672e204974>-.1 F
-<616c736f207573657320746865204e45574442207061636b6167652e>188.4 651 Q
-<54686973206d6179206368616e676520696e206675747572652072656c65617365732e>
-5 E<54686520666f6c6c6f>102 667.2 Q<77696e67206f7074696f6e7320617265206e
-6f726d616c6c79207475726e6564206f6e20696e20706572>-.25 E<2d6f706572617469
-6e672d73797374656d20636c617573657320696e20636f6e662e682e>-.2 E
-<4944454e545052>102 683.4 Q -1.88 -.4<4f54204f>-.4 H 19.61<8743>.4 G
-.375<6f6d70696c6520696e20746865204944454e542070726f746f636f6c2061732064
-658c6e656420696e2052464320313431332e>-19.61 F .376<5468697320646566>
-5.376 F .376<61756c7473206f6e20666f72>-.1 F 1.053
-<616c6c2073797374656d732065>188.4 695.4 R 1.053<786365707420556c74726978
-2c207768696368206170706172656e746c79206861732074686520696e74657265737469
-6e672099666561747572659a2074686174>-.15 F .83
-<7768656e206974207265636569>188.4 707.4 R -.15<7665>-.25 G 3.33<736199>
-.15 G .83<686f737420756e726561636861626c659a206d65737361676520697420636c
-6f73657320616c6c206f70656e20636f6e6e656374696f6e73>-3.33 F 1.922
-<746f207468617420686f73742e>188.4 719.4 R 1.922
-<53696e636520736f6d65208c7265>6.922 F -.1<7761>-.25 G 1.922<6c6c2067>.1
-F<617465>-.05 E -.1<7761>-.25 G 1.921
-<79732073656e642074686973206572726f7220636f6465207768656e20796f75>.1 F 0
-Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-95)195.86 E/F1 10/Times-Roman@0 SF 39.5(CWDB If)102 96 R
+(set, use the cdb \(tin)2.5 E(ycdb\) package.)-.15 E 32.84(NEWDB If)102
+112.2 R .142(set, use the ne)2.642 F 2.642(wd)-.25 G .142
+(atabase package from Berk)-2.642 F(ele)-.1 E 2.641(y\()-.15 G .141
+(from 4.4BSD\).)-2.641 F .141(This package)5.141 F .266
+(is substantially f)174 124.2 R .267(aster than DBM or NDBM.)-.1 F .267
+(If NEWDB and NDBM are both set,)5.267 F/F2 10/Times-Italic@0 SF
+(sendmail)174 136.2 Q F1(will read DBM \214les, b)2.5 E
+(ut will create and use NEWDB \214les.)-.2 E 53.39(NIS Include)102 152.4
+R .12(support for NIS.)2.62 F .119(If set together with)5.119 F F2(both)
+2.619 E F1 .119(NEWDB and NDBM,)2.619 F F2(sendmail)2.619 E F1 .947(wil\
+l create both DBM and NEWDB \214les if and only if an alias \214le incl\
+udes the)174 164.4 R 3.409(substring \231/yp/\232 in the name.)174 176.4
+R 3.409(This is intended for compatibility with Sun)8.409 F
+(Microsystems')174 188.4 Q F2(mkalias)2.5 E F1
+(program used on YP masters.)2.5 E 28.94(NISPLUS Compile)102 204.6 R
+(in support for NIS+.)2.5 E 26.73(NETINFO Compile)102 220.8 R
+(in support for NetInfo \(NeXT stations\).)2.5 E(LD)102 237 Q 22.12
+(APMAP Compile)-.4 F 1.225(in support for LD)3.725 F 1.225
+(AP X500 queries.)-.4 F 1.226(Requires libldap and liblber from)6.226 F
+2.799(the Umich LD)174 249 R 2.798(AP 3.2 or 3.3 release or equi)-.4 F
+-.25(va)-.25 G 2.798(lent libraries for other LD).25 F(AP)-.4 E
+(libraries such as OpenLD)174 261 Q(AP)-.4 E(.)-1.11 E 32.84
+(HESIOD Compile)102 277.2 R(in support for Hesiod.)2.5 E 22.83
+(MAP_NSD Compile)102 293.4 R(in support for IRIX NSD lookups.)2.5 E 9.5
+(MAP_REGEX Compile)102 309.6 R(in support for re)2.5 E(gular e)-.15 E
+(xpression matching.)-.15 E 27.83(DNSMAP Compile)102 325.8 R
+(in support for DNS map lookups in the)2.5 E F2(sendmail.cf)2.5 E F1
+(\214le.)2.5 E 30.05(PH_MAP Compile)102 342 R
+(in support for ph lookups.)2.5 E 45.05(SASL Compile)102 358.2 R 1.474
+(in support for SASL, a required component for SMTP Authentication)3.974
+F(support.)174 370.2 Q(ST)102 386.4 Q(AR)-.93 E 21.58(TTLS Compile)-.6 F
+(in support for ST)2.5 E(AR)-.93 E(TTLS.)-.6 E 48.95(EGD Compile)102
+402.6 R .068(in support for the "Entrop)2.568 F 2.567(yG)-.1 G .067
+(athering Daemon" to pro)-2.567 F .067(vide better random)-.15 F
+(data for TLS.)174 414.6 Q -1.63(TCPWRAPPERS Compile)102 430.8 R
+(in support for TCP Wrappers.)2.5 E(_P)102 447 Q -1.11(AT)-.92 G
+(H_SENDMAILCF)1.11 E(The pathname of the sendmail.cf \214le.)174 459 Q
+(_P)102 475.2 Q -1.11(AT)-.92 G(H_SENDMAILPID)1.11 E
+(The pathname of the sendmail.pid \214le.)174 487.2 Q(SM_CONF_SHM)102
+503.4 Q(Compile in support for shared memory)174 515.4 Q 2.5(,s)-.65 G
+(ee section about "/v)-2.5 E(ar/spool/mqueue".)-.25 E(MIL)102 531.6 Q
+33.2(TER Compile)-.92 F(in support for contacting e)2.5 E
+(xternal mail \214lters b)-.15 E(uilt with the Milter API.)-.2 E 1.439
+(There are also se)127 547.8 R -.15(ve)-.25 G 1.439
+(ral compilation \215ags to indicate the en).15 F 1.44
+(vironment such as \231_AIX3\232 and)-.4 F 2.5(\231_SCO_unix_\232. See)
+102 559.8 R
+(the sendmail/README \214le for the latest scoop on these \215ags.)2.5 E
+F0 2.5(6.1.1. F)102 583.8 R(or Futur)-.25 E 2.5(eR)-.18 G(eleases)-2.5 E
+F2(sendmail)142 600 Q F1 .641(often contains compile time options)3.141
+F F2 -1.05(Fo)3.141 G 3.141(rF)1.05 G(utur)-3.141 E 3.141(eR)-.37 G
+(eleases)-3.141 E F1 .641(\(pre\214x _FFR_\) which)3.141 F .432
+(might be enabled in a subsequent v)117 612 R .432
+(ersion or might simply be remo)-.15 F -.15(ve)-.15 G 2.933(da).15 G
+2.933(st)-2.933 G(he)-2.933 E 2.933(yt)-.15 G .433(urned out not to)
+-2.933 F 1.089(be really useful.)117 624 R 1.089
+(These features are usually not documented b)6.089 F 1.089(ut if the)-.2
+F 3.588(ya)-.15 G 1.088(re, then the required)-3.588 F 1.793(\(FFR\) co\
+mpile time options are listed here for rulesets and macros, and in)117
+636 R F2(cf/README)4.294 E F1(for)4.294 E .951(mc/cf options.)117 648 R
+.951(FFR compile times options must be enabled when the sendmail binary\
+ is b)5.951 F(uilt)-.2 E(from source.)117 660 Q
+(Enabled FFRs in a binary can be listed with)5 E(sendmail -d0.13 < /de)
+157 676.2 Q(v/null | grep FFR)-.25 E 0 Cg EP
%%Page: 96 92
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d39362053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 2.055<61636365737320616e20756e617574686f72697a65
-6420706f7274202873756368206173203131332c2075736564206279204944454e54292c
-20556c747269782063616e6e6f74>188.4 96 R<7265636569>188.4 108 Q .3 -.15
-<76652065>-.25 H<6d61696c2066726f6d207375636820686f7374732e>.15 E 39.45
-<53595354454d3520536574>102 124.2 R<616c6c206f662074686520636f6d70696c61
-74696f6e20706172616d657465727320617070726f70726961746520666f722053797374
-656d2056>2.5 E<2e>-1.29 E 26.12<484153464c4f434b8720557365>102 140.4 R
-<4265726b>2.845 E<656c65>-.1 E<792d7374796c65>-.15 E F0<8d6f636b>2.845 E
-F1 .345<696e7374656164206f662053797374656d2056>2.845 F F0<6c6f636b66>
-2.845 E F1 .344<746f20646f208c6c65206c6f636b696e672e>2.845 F .344
-<44756520746f>5.344 F .184<74686520686967686c7920756e757375616c2073656d
-616e74696373206f66206c6f636b73206163726f737320666f726b7320696e>188.4
-152.4 R F0<6c6f636b66>2.684 E F1 2.684<2c74>C .185
-<6869732073686f756c6420616c>-2.684 F -.1<7761>-.1 G<7973>.1 E
-<6265207573656420696620617420616c6c20706f737369626c652e>188.4 164.4 Q
-<484153494e49544752>102 180.6 Q 4.86<4f55505320536574>-.4 F 1.284
-<7468697320696620796f75722073797374656d2068617320746865>3.784 F/F2 10
-/Times-Italic@0 SF<696e69746772>3.784 E<6f7570732829>-.45 E F1 1.284
-<63616c6c2028696620796f75206861>3.784 F 1.583 -.15<7665206d>-.2 H 1.283
-<756c7469706c652067726f7570>.15 F 4.416<737570706f7274292e2054686973>
-188.4 192.6 R 1.916<69732074686520646566>4.416 F 1.916
-<61756c742069662053595354454d35206973>-.1 F F2<6e6f74>4.416 E F1 1.917
-<64658c6e6564206f7220696620796f7520617265206f6e>4.417 F<485055582e>188.4
-204.6 Q<484153554e>102 220.8 Q 27.59<414d4520536574>-.35 F 1.149
-<7468697320696620796f75206861>3.649 F 1.448 -.15<76652074>-.2 H<6865>.15
-E F2<756e616d65>3.648 E F1 1.148<2832292073797374656d2063616c6c20286f72
-20636f72726573706f6e64696e67206c69627261727920726f752d>B 2.5
-<74696e65292e20536574>188.4 232.8 R<627920646566>2.5 E
-<61756c742069662053595354454d35206973207365742e>-.1 E<4841534745544454>
-102 249 Q<41424c4553495a45>-.93 E<536574207468697320696620796f75206861>
-188.4 261 Q .3 -.15<76652074>-.2 H<6865>.15 E F2 -.1<6765>2.5 G
-<74647461626c6573697a65>.1 E F1<2832292073797374656d2063616c6c2e>A
-<48415357>102 277.2 Q 22.89<41495450494420536574>-1.2 F
-<7468697320696620796f75206861>2.5 E .3 -.15<76652074>-.2 H<6865>.15 E F2
-<68617377616974706964>2.5 E F1<2832292073797374656d2063616c6c2e>A -.74
-<4641>102 293.4 S<53545f5049445f52454359434c45>.74 E .542<53657420746869
-7320696620796f75722073797374656d2063616e20706f737369626c7920726575736520
-7468652073616d652070696420696e207468652073616d65207365636f6e64206f66>
-188.4 305.4 R<74696d652e>188.4 317.4 Q 37.22<5346535f5459504520546865>
-102 333.6 R .517<6d656368616e69736d20746861742063616e206265207573656420
-746f20676574208c6c652073797374656d20636170616369747920696e666f726d617469
-6f6e2e>3.017 F<546865>5.516 E -.25<7661>188.4 345.6 S .214
-<6c7565732063616e206265206f6e65206f66205346535f555354>.25 F 2.435 -1.11
-<41542028>-.93 H .215<757365207468652075737461742832292073797363616c6c29
-2c205346535f34415247532028757365>1.11 F .415<74686520666f7572206172>
-188.4 357.6 R .415<67756d656e74207374617466732832292073797363616c6c292c
-205346535f564653202875736520746865207477>-.18 F 2.915<6f61>-.1 G -.18
-<7267>-2.915 G .415<756d656e7420737461746673283229>.18 F .716<7379736361
-6c6c20696e636c7564696e67203c7379732f7666732e683e292c205346535f4d4f554e54
-202875736520746865207477>188.4 369.6 R 3.217<6f61>-.1 G -.18<7267>-3.217
-G .717<756d656e7420737461746673283229>.18 F 4.32<73797363616c6c20696e63
-6c7564696e67203c7379732f6d6f756e742e683e292c205346535f5354>188.4 381.6 R
--1.11<4154>-.93 G 4.32<4653202875736520746865207477>1.11 F 6.82<6f61>-.1
-G -.18<7267>-6.82 G<756d656e74>.18 E 1.108<7374617466732832292073797363
-616c6c20696e636c7564696e67203c7379732f7374617466732e683e292c205346535f53
-54>188.4 393.6 R -1.11<4154>-.93 G 1.109<564653202875736520746865207477>
-1.11 F 3.609<6f61>-.1 G -.18<7267>-3.609 G<752d>.18 E 1.511<6d656e742073
-74617466732832292073797363616c6c20696e636c7564696e67203c7379732f73746174
-7666732e683e292c206f72205346535f4e4f4e4520286e6f2077>188.4 405.6 R 1.511
-<617920746f>-.1 F<676574207468697320696e666f726d6174696f6e292e>188.4
-417.6 Q 40.57<4c415f5459504520546865>102 433.8 R<6c6f61642061>2.5 E -.15
-<7665>-.2 G<7261676520747970652e>.15 E
-<44657461696c7320617265206465736372696265642062656c6f>5 E -.65<772e>-.25
-G .342<54686520617265207365>102 450 R -.15<7665>-.25 G .342<72616c2062>
-.15 F .342<75696c742d696e2077>-.2 F .342
-<617973206f6620636f6d707574696e6720746865206c6f61642061>-.1 F -.15<7665>
--.2 G<726167652e>.15 E F2<53656e646d61696c>5.342 E F1 .343
-<747269657320746f206175746f2d636f6e8c67757265207468656d>2.842 F .267<62
-61736564206f6e20696d7065726665637420677565737365733b20796f752063616e2073
-656c656374206f6e65207573696e6720746865>102 462 R F2<6363>2.766 E F1
-<6f7074696f6e>2.766 E F0<ad444c415f545950453d>2.766 E F2<74797065>A F1
-2.766<2c77>C<68657265>-2.766 E F2<74797065>2.766 E F1<69733a>102 474 Q
-48.91<4c415f494e5420546865>102 490.2 R -.1<6b65>3.452 G .952
-<726e656c2073746f72657320746865206c6f61642061>.1 F -.15<7665>-.2 G .952
-<7261676520696e20746865206b>.15 F .952
-<65726e656c20617320616e206172726179206f66206c6f6e6720696e7465>-.1 F
-<676572732e>-.15 E<5468652061637475616c2076>188.4 502.2 Q
-<616c75657320617265207363616c656420627920612066>-.25 E
-<6163746f7220465343414c452028646566>-.1 E<61756c7420323536292e>-.1 E
-<4c415f53484f52>102 518.4 Q 35.89<5454>-.6 G .794<6865206b>-35.89 F .794
-<65726e656c2073746f72657320746865206c6f61642061>-.1 F -.15<7665>-.2 G
-.794<7261676520696e20746865206b>.15 F .793
-<65726e656c20617320616e206172726179206f662073686f727420696e7465>-.1 F
-<676572732e>-.15 E<5468652061637475616c2076>188.4 530.4 Q
-<616c75657320617265207363616c656420627920612066>-.25 E
-<6163746f7220465343414c452028646566>-.1 E<61756c7420323536292e>-.1 E
-<4c415f464c4f>102 546.6 Q 37.03 -1.11<41542054>-.35 H .088<6865206b>1.11
-F .088<65726e656c2073746f72657320746865206c6f61642061>-.1 F -.15<7665>
--.2 G .089<7261676520696e20746865206b>.15 F .089<65726e656c20617320616e
-206172726179206f6620646f75626c6520707265636973696f6e>-.1 F<8d6f6174732e>
-188.4 558.6 Q<4c415f4d41>102 574.8 Q 35.97<434820557365>-.4 F<4d41>2.5 E
-<43482d7374796c65206c6f61642061>-.4 E -.15<7665>-.2 G<72616765732e>.15 E
-39.45<4c415f535542522043616c6c>102 591 R<746865>2.5 E F2 -.1<6765>2.5 G
-<746c6f6164617667>.1 E F1
-<726f7574696e6520746f2067657420746865206c6f61642061>2.5 E -.15<7665>-.2
-G<7261676520617320616e206172726179206f6620646f75626c65732e>.15 E
-<4c415f5a4552>102 607.2 Q 42.36<4f41>-.4 G -.1<6c7761>-42.36 G
-<79732072657475726e207a65726f20617320746865206c6f61642061>.1 E -.15
-<7665>-.2 G 2.5<726167652e2054686973>.15 F<6973207468652066>2.5 E
-<616c6c6261636b20636173652e>-.1 E .494<49662074797065>102 623.4 R/F3 9
-/Times-Roman@0 SF<4c415f494e54>2.994 E F1<2c>A F3<4c415f53484f52>2.994 E
-<54>-.54 E F1 2.994<2c6f>C<72>-2.994 E F3<4c415f464c4f>2.993 E -.999
-<4154>-.315 G F1 .493<69732073706563698c65642c20796f75206d617920616c736f
-206e65656420746f2073706563696679>3.992 F F3<5f50>2.993 E -.999<4154>
--.828 G<485f554e4958>.999 E F1 .948<28746865207061746820746f20796f757220
-73797374656d2062696e6172792920616e64>102 635.4 R F3<4c415f41>3.448 E
-<56454e52>-1.215 E<554e>-.36 E F1 .949
-<28746865206e616d65206f66207468652076>3.448 F .949
-<61726961626c6520636f6e7461696e696e6720746865206c6f6164>-.25 F -2.25 -.2
-<61762065>102 647.4 T<7261676520696e20746865206b>.2 E
-<65726e656c3b20757375616c6c7920995f61>-.1 E -.15<7665>-.2 G
-<6e72756e9a206f72209961>.15 E -.15<7665>-.2 G<6e72756e9a292e>.15 E F0
-2.5<362e332e20436f6e8c6775726174696f6e>87 671.4 R
-<696e2073656e646d61696c2f636f6e66>2.5 E<2e63>-.15 E F1
-<54686520666f6c6c6f>127 687.6 Q
-<77696e67206368616e6765732063616e206265206d61646520696e20636f6e662e632e>
--.25 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-96 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E 2.5(6.2. P)87 96 R
+(arameters in sendmail/conf)-.1 E(.h)-.15 E/F1 10/Times-Roman@0 SF -.15
+(Pa)127 112.2 S .895
+(rameters and compilation options are de\214ned in conf.h.).15 F .896
+(Most of these need not normally)5.895 F .193(be tweak)102 124.2 R .192
+(ed; common parameters are all in sendmail.cf.)-.1 F(Ho)5.192 E(we)-.25
+E -.15(ve)-.25 G .992 -.4(r, t).15 H .192(he sizes of certain primiti).4
+F .492 -.15(ve ve)-.25 H(c-).15 E
+(tors, etc., are included in this \214le.)102 136.2 Q(The numbers follo)
+5 E(wing the parameters are their def)-.25 E(ault v)-.1 E(alue.)-.25 E
+1.247(This document is not the best source of information for compilati\
+on \215ags in conf.h \212 see)127 152.4 R
+(sendmail/README or sendmail/conf.h itself.)102 164.4 Q(MAXLINE [2048])
+102 180.6 Q 2.069(The maximum line length of an)11.14 F 4.568(yi)-.15 G
+2.068(nput line.)-4.568 F 2.068(If message lines e)7.068 F 2.068
+(xceed this)-.15 F .575(length the)188.4 192.6 R 3.075(yw)-.15 G .575
+(ill still be processed correctly; ho)-3.075 F(we)-.25 E -.15(ve)-.25 G
+1.375 -.4(r, h).15 H .575(eader lines, con\214gura-).4 F
+(tion \214le lines, alias lines, etc., must \214t within this limit.)
+188.4 204.6 Q(MAXN)102 220.8 Q(AME [256])-.35 E
+(The maximum length of an)9.82 E 2.5(yn)-.15 G
+(ame, such as a host or a user name.)-2.5 E(MAXPV [256])102 237 Q .25
+(The maximum number of parameters to an)26.13 F 2.75(ym)-.15 G(ailer)
+-2.75 E 5.25(.T)-.55 G .25(his limits the number of)-5.25 F .375
+(recipients that may be passed in one transaction.)188.4 249 R .376
+(It can be set to an)5.376 F 2.876(ya)-.15 G(rbitrary)-2.876 E .876
+(number abo)188.4 261 R 1.176 -.15(ve a)-.15 H .876(bout 10, since).15 F
+/F2 10/Times-Italic@0 SF(sendmail)3.376 E F1 .876(will break up a deli)
+3.376 F -.15(ve)-.25 G .875(ry into smaller).15 F .886
+(batches as needed.)188.4 273 R 3.386(Ah)5.886 G .887
+(igher number may reduce load on your system, ho)-3.386 F(w-)-.25 E
+-2.15 -.25(ev e)188.4 285 T -.55(r.).25 G(MAXQ)102 301.2 Q(UEUEGR)-.1 E
+(OUPS [50])-.4 E(The maximum number of queue groups.)188.4 313.2 Q(MAXA)
+102 329.4 Q -.18(TO)-1.11 G 2.5(M[).18 G 3.26(1000] The)-2.5 F .064
+(maximum number of atoms \(tok)2.564 F .063(ens\) in a single address.)
+-.1 F -.15(Fo)5.063 G 2.563(re).15 G .063(xample, the)-2.713 F
+(address \231eric@CS.Berk)188.4 341.4 Q(ele)-.1 E -.65(y.)-.15 G
+(EDU\232 is se).65 E -.15(ve)-.25 G 2.5(na).15 G(toms.)-2.5 E
+(MAXMAILERS [25])102 357.6 Q .122(The maximum number of mailers that ma\
+y be de\214ned in the con\214guration \214le.).02 F(This v)188.4 369.6 Q
+(alue is de\214ned in include/sendmail/sendmail.h.)-.25 E(MAXR)102 385.8
+Q(WSETS [200])-.55 E .432(The maximum number of re).01 F .432
+(writing sets that may be de\214ned.)-.25 F .431(The \214rst half of)
+5.431 F .034(these are reserv)188.4 397.8 R .034
+(ed for numeric speci\214cation \(e.g., `)-.15 F(`S92')-.74 E .035
+('\), while the upper half)-.74 F .492(are reserv)188.4 409.8 R .492
+(ed for auto-numbering \(e.g., `)-.15 F(`Sfoo')-.74 E 2.992('\). Thus,)
+-.74 F .492(with a v)2.992 F .491(alue of 200 an)-.25 F
+(attempt to use `)188.4 421.8 Q(`S99')-.74 E 2.5('w)-.74 G
+(ill succeed, b)-2.5 E(ut `)-.2 E(`S100')-.74 E 2.5('w)-.74 G(ill f)-2.5
+E(ail.)-.1 E(MAXPRIORITIES [25])102 438 Q 2.481(The maximum number of v)
+188.4 450 R 2.482(alues for the \231Precedence:\232 \214eld that may be)
+-.25 F(de\214ned \(using the)188.4 462 Q F0(P)2.5 E F1
+(line in sendmail.cf\).)2.5 E(MAXUSERENVIR)102 478.2 Q(ON [100])-.4 E
+.399(The maximum number of items in the user en)188.4 490.2 R .399
+(vironment that will be passed to)-.4 F(subordinate mailers.)188.4 502.2
+Q(MAXMXHOSTS [100])102 518.4 Q
+(The maximum number of MX records we will accept for an)188.4 530.4 Q
+2.5(ys)-.15 G(ingle host.)-2.5 E(MAXMAPST)102 546.6 Q -.4(AC)-.93 G 2.5
+(K[).4 G(12])-2.5 E 1.65(The maximum number of maps that may be "stack)
+188.4 558.6 R 1.65(ed" in a)-.1 F F0(sequence)4.15 E F1(class)4.15 E
+(map.)188.4 570.6 Q(MAXMIMEARGS [20])102 586.8 Q .718
+(The maximum number of ar)188.4 598.8 R .718
+(guments in a MIME Content-T)-.18 F .718(ype: header; addi-)-.8 F
+(tional ar)188.4 610.8 Q(guments will be ignored.)-.18 E
+(MAXMIMENESTING [20])102 627 Q .4(The maximum depth to which MIME messa\
+ges may be nested \(that is, nested)188.4 639 R 1.344(Message or Multip\
+art documents; this does not limit the number of compo-)188.4 651 R
+(nents in a single Multipart document\).)188.4 663 Q(MAXD)102 679.2 Q
+(AEMONS [10])-.4 E 1.353(The maximum number of sock)188.4 691.2 R 1.353
+(ets sendmail will open for accepting connec-)-.1 F(tions on dif)188.4
+703.2 Q(ferent ports.)-.25 E 0 Cg EP
%%Page: 97 93
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3937>195.86 E
-2.5<362e332e312e204275696c742d696e>102 96 R
-<4865616465722053656d616e74696373>2.5 E/F1 10/Times-Roman@0 SF 1.248<4e
-6f7420616c6c206865616465722073656d616e74696373206172652064658c6e65642069
-6e2074686520636f6e8c6775726174696f6e208c6c652e>142 112.2 R 1.247
-<486561646572206c696e657320746861742073686f756c64>6.247 F .305<6f6e6c79
-20626520696e636c75646564206279206365727461696e206d61696c6572732028617320
-77656c6c206173206f74686572206d6f7265206f6273637572652073656d616e74696373
-29206d7573742062652073706563698c6564>117 124.2 R .047<696e20746865>117
-136.2 R/F2 10/Times-Italic@0 SF<486472496e666f>2.547 E F1 .047
-<7461626c6520696e>2.547 F F2<636f6e66>2.547 E<2e63>-.15 E F1 5.047<2e54>
-C .046<686973207461626c6520636f6e7461696e732074686520686561646572206e61
-6d65202877686963682073686f756c6420626520696e20616c6c206c6f>-5.047 F
-<776572>-.25 E<636173652920616e64206120736574206f662068656164657220636f
-6e74726f6c208d61677320286465736372696265642062656c6f>117 148.2 Q
-<77292c20546865208d616773206172653a>-.25 E<485f41>117 164.4 Q 30.97
-<434845434b204e6f726d616c6c79>-.4 F .007<7768656e2074686520636865636b20
-6973206d61646520746f20736565206966206120686561646572206c696e652069732063
-6f6d70617469626c652077697468>2.507 F 2.941<616d>203.4 176.4 S
-<61696c6572>-2.941 E<2c>-.4 E F2<73656e646d61696c>2.941 E F1 .441
-<77696c6c206e6f742064656c65746520616e2065>2.941 F .441
-<78697374696e67206c696e652e>-.15 F .44
-<49662074686973208d6167206973207365742c>5.441 F F2<73656e642d>2.94 E
-<6d61696c>203.4 188.4 Q F1 .152<77696c6c2064656c6574652065>2.652 F -.15
-<7665>-.25 G 2.652<6e65>.15 G .152
-<78697374696e6720686561646572206c696e65732e>-2.802 F .152
-<546861742069732c2069662074686973206269742069732073657420616e6420746865>
-5.152 F 1.425<6d61696c657220646f6573206e6f74206861>203.4 200.4 R 1.725
--.15<7665208d>-.2 H 1.425<6167206269747320736574207468617420696e74657273
-656374207769746820746865207265717569726564206d61696c6572>.15 F 2.204<8d
-61677320696e20746865206865616465722064658c6e6974696f6e20696e2073656e646d
-61696c2e63662c2074686520686561646572206c696e65206973>203.4 212.4 R F2
-<616c77617973>4.704 E F1<64656c657465642e>203.4 224.4 Q 51.13
-<485f454f48204966>117 240.6 R .206<7468697320686561646572208c656c642069
-73207365742c207472656174206974206c696b>2.706 F 2.706<656162>-.1 G .206<
-6c616e6b206c696e652c20692e652e2c2069742077696c6c207369676e616c2074686520
-656e64>-2.706 F<6f66207468652068656164657220616e6420746865206265>203.4
-252.6 Q<67696e6e696e67206f6620746865206d657373616765207465>-.15 E
-<78742e>-.15 E 39.45<485f464f52434520416464>117 268.8 R 2.038
-<746869732068656164657220656e7472792065>4.538 F -.15<7665>-.25 G 4.538
-<6e69>.15 G 4.538<666f>-4.538 G 2.038<6e652065>-4.538 F 2.039
-<78697374656420696e20746865206d657373616765206265666f72652e>-.15 F 2.039
-<49662061>7.039 F 2.189
-<68656164657220656e74727920646f6573206e6f74206861>203.4 280.8 R 2.488
--.15<76652074>-.2 H 2.188<68697320626974207365742c>.15 F F2
-<73656e646d61696c>4.688 E F1 2.188
-<77696c6c206e6f742061646420616e6f74686572>4.688 F .62<686561646572206c69
-6e65206966206120686561646572206c696e65206f662074686973206e616d6520616c72
-656164792065>203.4 292.8 R 3.12<7869737465642e2054686973>-.15 F -.1
-<776f>3.12 G .62<756c64206e6f72>.1 F<2d>-.2 E<6d616c6c792062652075736564
-20746f207374616d7020746865206d6573736167652062792065>203.4 304.8 Q -.15
-<7665>-.25 G<72796f6e652077686f2068616e646c65642069742e>.15 E
-<485f545241>117 321 Q 39.3<4345204966>-.4 F 1.044<7365742c20746869732069
-7320612074696d657374616d702028747261636529208c656c642e>3.544 F 1.043
-<496620746865206e756d626572206f66207472616365208c656c647320696e2061>
-6.043 F .705<6d6573736167652065>203.4 333 R .705<7863656564732061207072
-6573657420616d6f756e7420746865206d6573736167652069732072657475726e656420
-6f6e2074686520617373756d702d>-.15 F
-<74696f6e20746861742069742068617320616e20616c696173696e67206c6f6f702e>
-203.4 345 Q 46.67<485f52435054204966>117 361.2 R .332<7365742c2074686973
-208c656c6420636f6e7461696e7320726563697069656e74206164647265737365732e>
-2.833 F .332<54686973206973207573656420627920746865>5.332 F F0<ad74>
-2.832 E F1 .332<8d616720746f>2.832 F 1.349<64657465726d696e652077686f20
-746f2073656e6420746f207768656e20697420697320636f6c6c656374696e6720726563
-697069656e74732066726f6d20746865206d65732d>203.4 373.2 R<736167652e>
-203.4 385.2 Q<485f4652>117 401.4 Q 43.74<4f4d2054686973>-.4 F 1.673<8d61
-6720696e6469636174657320746861742074686973208c656c642073706563698c657320
-612073656e646572>4.174 F 6.673<2e54>-.55 G 1.673
-<6865206f72646572206f66207468657365>-6.673 F .898
-<8c656c647320696e20746865>203.4 413.4 R F2<486472496e666f>3.398 E F1
-.898<7461626c652073706563698c6573>3.398 F F2<73656e646d61696c>3.398 E F1
-1.998 -.55<27732070>D .898
-<7265666572656e636520666f72207768696368208c656c64>.55 F
-<746f2072657475726e206572726f72206d6573736167657320746f2e>203.4 425.4 Q
-<485f455252>117 441.6 Q<4f525354>-.4 E 22.53<4f41>-.18 G<64647265737365
-7320696e2074686973206865616465722073686f756c64207265636569>-22.53 E .3
--.15<76652065>-.25 H<72726f72206d657373616765732e>.15 E 52.79
-<485f4354452054686973>117 457.8 R
-<686561646572206973206120436f6e74656e742d54>2.5 E<72616e73666572>-.35 E
-<2d456e636f64696e6720686561646572>-.2 E<2e>-.55 E 40.01
-<485f43545950452054686973>117 474 R
-<686561646572206973206120436f6e74656e742d54>2.5 E<79706520686561646572>
--.8 E<2e>-.55 E<485f535452495056>117 490.2 Q 25.25<414c205374726970>
--1.35 F<7468652076>2.5 E
-<616c75652066726f6d20746865206865616465722028666f72204263633a292e>-.25 E
-<4c657427>117 506.4 Q 2.5<736c>-.55 G<6f6f6b20617420612073616d706c65>
--2.5 E F2<486472496e666f>2.5 E F1<73706563698c636174696f6e3a>2.5 E 0 Cg
-EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-97)195.86 E/F1 10/Times-Roman@0 SF(MAXMA)102 96 Q(CN)-.4 E
+(AMELEN [25])-.35 E(The maximum length of a macro name.)188.4 108 Q
+2.851(An)102 124.2 S .351(umber of other compilation options e)-2.851 F
+2.851(xist. These)-.15 F .35
+(specify whether or not speci\214c code should be)2.851 F(compiled in.)
+102 136.2 Q(Ones mark)5 E(ed with \207 are 0/1 v)-.1 E(alued.)-.25 E
+36.69(NETINET\207 If)102 152.4 R .829
+(set, support for Internet protocol netw)3.329 F .829
+(orking is compiled in.)-.1 F(Pre)5.829 E .83(vious v)-.25 F(er)-.15 E
+(-)-.2 E .178(sions of)188.4 164.4 R/F2 10/Times-Italic@0 SF(sendmail)
+2.678 E F1 .178(referred to this as)2.678 F/F3 9/Times-Roman@0 SF -.36
+(DA)2.678 G(EMON).36 E F1 2.677(;t)C .177(his old usage is no)-2.677 F
+2.677(wi)-.25 G(ncorrect.)-2.677 E(Def)188.4 176.4 Q 1.87
+(aults on; turn it of)-.1 F 4.37(fi)-.25 G 4.37(nt)-4.37 G 1.87(he Mak)
+-4.37 F 1.87(e\214le if your system doesn')-.1 F 4.37(ts)-.18 G 1.87
+(upport the)-4.37 F(Internet protocols.)188.4 188.4 Q 31.69
+(NETINET6\207 If)102 204.6 R 2.26(set, support for IPv6 netw)4.76 F 2.26
+(orking is compiled in.)-.1 F 2.26(It must be separately)7.26 F
+(enabled by adding)188.4 216.6 Q F0(DaemonP)2.5 E(ortOptions)-.2 E F1
+(settings.)2.5 E 43.35(NETISO\207 If)102 232.8 R .142
+(set, support for ISO protocol netw)2.642 F .143
+(orking is compiled in \(it may be appropri-)-.1 F
+(ate to #de\214ne this in the Mak)188.4 244.8 Q
+(e\214le instead of conf.h\).)-.1 E 34.47(NETUNIX\207 If)102 261 R .39
+(set, support for UNIX domain sock)2.89 F .39(ets is compiled in.)-.1 F
+.39(This is used for con-)5.39 F(trol sock)188.4 273 Q(et support.)-.1 E
+63.35(LOG If)102 289.2 R .5(set, the)3 F F2(syslo)3 E(g)-.1 E F1 .5
+(routine in use at some sites is used.)3 F .5(This mak)5.5 F .5
+(es an informa-)-.1 F .504
+(tional log record for each message processed, and mak)188.4 301.2 R
+.504(es a higher priority log)-.1 F .052
+(record for internal system errors.)188.4 313.2 R F0(STR)5.052 E(ONGL)
+-.3 E 2.552(YR)-.92 G(ECOMMENDED)-2.552 E F1 2.553<8a69>2.552 G 2.553
+(fy)-2.553 G(ou)-2.553 E -.1(wa)188.4 325.2 S(nt no logging, turn it of)
+.1 E 2.5(fi)-.25 G 2.5(nt)-2.5 G(he con\214guration \214le.)-2.5 E(MA)
+102 341.4 Q 11.12(TCHGECOS\207 Compile)-1.11 F 3.555
+(in the code to do `)6.055 F 3.555(`fuzzy matching')-.74 F 6.055('o)-.74
+G 6.055(nt)-6.055 G 3.555(he GECOS \214eld in)-6.055 F 2.5
+(/etc/passwd. This)188.4 353.4 R(also requires that the)2.5 E F0
+(MatchGECOS)2.5 E F1(option be turned on.)2.5 E -.35(NA)102 369.6 S
+13.15(MED_BIND\207 Compile).35 F .412(in code to use the Berk)2.912 F
+(ele)-.1 E 2.913(yI)-.15 G .413(nternet Name Domain \(BIND\) serv)-2.913
+F .413(er to)-.15 F(resolv)188.4 381.6 Q 2.5(eT)-.15 G
+(CP/IP host names.)-2.5 E(NO)102 397.8 Q 38.76(TUNIX If)-.4 F .248(you \
+are using a non-UNIX mail format, you can set this \215ag to turn of)
+2.748 F 2.747(fs)-.25 G(pe-)-2.747 E
+(cial processing of UNIX-style \231From \232 lines.)188.4 409.8 Q 39.45
+(USERDB\207 Include)102 426 R(the)3.448 E F0(experimental)3.448 E F1
+(Berk)3.449 E(ele)-.1 E 3.449(yu)-.15 G .949
+(ser information database package.)-3.449 F(This)5.949 E .27(adds a ne)
+188.4 438 R 2.77(wl)-.25 G -2.15 -.25(ev e)-2.77 H 2.77(lo).25 G 2.77
+(fl)-2.77 G .27(ocal name e)-2.77 F .27
+(xpansion between aliasing and forw)-.15 F 2.77(arding. It)-.1 F
+(also uses the NEWDB package.)188.4 450 Q
+(This may change in future releases.)5 E(The follo)102 466.2 Q
+(wing options are normally turned on in per)-.25 E
+(-operating-system clauses in conf.h.)-.2 E(IDENTPR)102 482.4 Q -1.88
+-.4(OT O)-.4 H 19.61<8743>.4 G .375
+(ompile in the IDENT protocol as de\214ned in RFC 1413.)-19.61 F .376
+(This def)5.376 F .376(aults on for)-.1 F 1.053(all systems e)188.4
+494.4 R 1.053(xcept Ultrix, which apparently has the interesting \231fe\
+ature\232 that)-.15 F .83(when it recei)188.4 506.4 R -.15(ve)-.25 G
+3.33(sa\231).15 G .83
+(host unreachable\232 message it closes all open connections)-3.33 F
+1.922(to that host.)188.4 518.4 R 1.922(Since some \214re)6.922 F -.1
+(wa)-.25 G 1.922(ll g).1 F(ate)-.05 E -.1(wa)-.25 G 1.921
+(ys send this error code when you).1 F 2.055(access an unauthorized por\
+t \(such as 113, used by IDENT\), Ultrix cannot)188.4 530.4 R(recei)
+188.4 542.4 Q .3 -.15(ve e)-.25 H(mail from such hosts.).15 E 39.45
+(SYSTEM5 Set)102 558.6 R
+(all of the compilation parameters appropriate for System V)2.5 E(.)
+-1.29 E 26.12(HASFLOCK\207 Use)102 574.8 R(Berk)2.845 E(ele)-.1 E
+(y-style)-.15 E F0(\215ock)2.845 E F1 .345(instead of System V)2.845 F
+F0(lockf)2.845 E F1 .344(to do \214le locking.)2.845 F .344(Due to)5.344
+F .184(the highly unusual semantics of locks across forks in)188.4 586.8
+R F0(lockf)2.684 E F1 2.684(,t)C .185(his should al)-2.684 F -.1(wa)-.1
+G(ys).1 E(be used if at all possible.)188.4 598.8 Q(HASINITGR)102 615 Q
+4.86(OUPS Set)-.4 F 1.284(this if your system has the)3.784 F F2(initgr)
+3.784 E(oups\(\))-.45 E F1 1.284(call \(if you ha)3.784 F 1.583 -.15
+(ve m)-.2 H 1.283(ultiple group).15 F 4.416(support\). This)188.4 627 R
+1.916(is the def)4.416 F 1.916(ault if SYSTEM5 is)-.1 F F2(not)4.416 E
+F1 1.917(de\214ned or if you are on)4.417 F(HPUX.)188.4 639 Q(HASUN)102
+655.2 Q 27.59(AME Set)-.35 F 1.149(this if you ha)3.649 F 1.448 -.15
+(ve t)-.2 H(he).15 E F2(uname)3.648 E F1 1.148
+(\(2\) system call \(or corresponding library rou-)B 2.5(tine\). Set)
+188.4 667.2 R(by def)2.5 E(ault if SYSTEM5 is set.)-.1 E(HASGETDT)102
+683.4 Q(ABLESIZE)-.93 E(Set this if you ha)188.4 695.4 Q .3 -.15(ve t)
+-.2 H(he).15 E F2 -.1(ge)2.5 G(tdtablesize).1 E F1(\(2\) system call.)A
+(HASW)102 711.6 Q 22.89(AITPID Set)-1.2 F(this if you ha)2.5 E .3 -.15
+(ve t)-.2 H(he).15 E F2(haswaitpid)2.5 E F1(\(2\) system call.)A 0 Cg EP
%%Page: 98 94
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 193.36<534d4d3a30382d39382053656e646d61696c>72 60
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF<73747275637420686472696e666f>157 96 Q
-<486472496e666f5b5d203d>84.6 E<7b>157 108 Q<2f2a206f726967696e61746f7220
-8c656c64732c206d6f737420746f206c65617374207369676e698c63616e74>189.5 120
-Q<2a2f>5 E 52.29<22726573656e742d73656e646572222c20485f4652>177 132 R
-<4f4d2c>-.4 E 58.95<22726573656e742d66726f6d222c20485f4652>177 144 R
-<4f4d2c>-.4 E 79.5<2273656e646572222c20485f4652>177 156 R<4f4d2c>-.4 E
-86.16<2266726f6d222c20485f4652>177 168 R<4f4d2c>-.4 E 66.72
-<2266756c6c2d6e616d65222c20485f41>177 180 R<434845434b2c>-.4 E 71.17
-<226572726f72732d746f222c20485f4652>177 192 R -1.667
-<4f4d207c20485f455252>-.4 F<4f525354>-.4 E<4f2c>-.18 E
-<2f2a2064657374696e6174696f6e208c656c6473202a2f>189.5 204 Q 97.82
-<22746f222c20485f52435054>177 216 R<2c>-.74 E 70.61
-<22726573656e742d746f222c20485f52435054>177 228 R<2c>-.74 E 96.72
-<226363222c20485f52435054>177 240 R<2c>-.74 E 91.72
-<22626363222c20485f52435054>177 252 R .833<7c48>.833 G<5f535452495056>
--.833 E<414c2c>-1.35 E<2f2a206d657373616765206964656e74698c636174696f6e
-20616e6420636f6e74726f6c202a2f>189.5 264 Q 71.72
-<226d657373616765222c20485f454f482c>177 276 R<227465>177 288 Q 90.75
-<7874222c20485f454f482c>-.15 F<2f2a207472616365208c656c6473202a2f>189.5
-300 Q<227265636569>177 312 Q -.15<7665>-.25 G 72.13<64222c20485f545241>
-.15 F -1.667<4345207c20485f464f5243452c>-.4 F
-<2f2a206d697363656c6c616e656f7573208c656c6473202a2f>189.5 324 Q
-<22636f6e74656e742d7472616e73666572>177 336 Q 2.5
-<2d656e636f64696e67222c20485f4354452c>-.2 F 55.61
-<22636f6e74656e742d74797065222c20485f43545950452c>177 348 R 87.1
-<4e554c4c2c20302c>177 372 R<7d3b>157 384 Q 2.435<5468697320737472756374
-75726520696e64696361746573207468617420746865209954>117 400.2 R 2.435
-<6f3a9a2c2099526573656e742d54>-.8 F 2.435<6f3a9a2c20616e64209943633a9a20
-8c656c647320616c6c207370656369667920726563697069656e74>-.8 F 3.161
-<6164647265737365732e20416e>117 412.2 R 3.161<7999>-.15 G .662<46756c6c
-2d4e616d653a9a208c656c642077696c6c2062652064656c6574656420756e6c65737320
-746865207265717569726564206d61696c6572208d61672028696e646963617465642069
-6e>-3.161 F .246
-<74686520636f6e8c6775726174696f6e208c6c65292069732073706563698c65642e>
-117 424.2 R .245<54686520994d6573736167653a9a20616e64209954>5.246 F -.15
-<6578>-.7 G .245<743a9a208c656c64732077696c6c207465726d696e617465207468
-65206865616465723b>.15 F 1.936<7468657365206172652075736564206279207261
-6e646f6d2064697373656e746572732061726f756e6420746865206e657477>117 436.2
-R 1.936<6f726b2077>-.1 F 4.436<6f726c642e20546865>-.1 F<995265636569>
-4.436 E -.15<7665>-.25 G 1.937<643a9a208c656c642077696c6c>.15 F<616c>117
-448.2 Q -.1<7761>-.1 G<79732062652061646465642c20616e642063616e20626520
-7573656420746f207472616365206d657373616765732e>.1 E .446<54686572652061
-72652061206e756d626572206f6620696d706f7274616e7420706f696e74732068657265
-2e>142 464.4 R .445<46697273742c20686561646572208c656c647320617265206e6f
-74206164646564206175746f6d6174692d>5.446 F .656
-<63616c6c79206a757374206265636175736520746865>117 476.4 R 3.156<7961>
--.15 G .656<726520696e20746865>-3.156 F/F2 10/Times-Italic@0 SF
-<486472496e666f>3.157 E F1 .657<7374727563747572653b20746865>3.157 F
-3.157<796d>-.15 G .657
-<7573742062652073706563698c656420696e2074686520636f6e8c6775726174696f6e>
--3.157 F .728<8c6c6520696e206f7264657220746f20626520616464656420746f2074
-6865206d6573736167652e>117 488.4 R<416e>5.727 E 3.227<7968>-.15 G .727<
-6561646572208c656c6473206d656e74696f6e656420696e2074686520636f6e8c677572
-6174696f6e208c6c65>-3.227 F -.2<6275>117 500.4 S 3.24<746e>.2 G .74
-<6f74206d656e74696f6e656420696e20746865>-3.24 F F2<486472496e666f>3.24 E
-F1 .74<737472756374757265206861>3.24 F 1.04 -.15<76652064>-.2 H<6566>.15
-E .74<61756c742070726f63657373696e6720706572666f726d65643b20746861742069
-732c20746865>-.1 F 3.24<7961>-.15 G<7265>-3.24 E 1.375
-<616464656420756e6c65737320746865>117 512.4 R 3.875<7977>-.15 G 1.375
-<65726520696e20746865206d65737361676520616c7265616479>-3.875 F 6.375
-<2e53>-.65 G 1.374<65636f6e642c20746865>-6.375 F F2<486472496e666f>3.874
-E F1 1.374<737472756374757265206f6e6c792073706563698c6573>3.874 F .324<
-636c69636865642070726f63657373696e673b206365727461696e206865616465727320
-6172652070726f636573736564207370656369616c6c7920627920616420686f6320636f
-6465207265>117 524.4 R -.05<6761>-.15 G .325
-<72646c657373206f6620746865207374612d>.05 F .481
-<7475732073706563698c656420696e>117 536.4 R F2<486472496e666f>2.981 E F1
-5.481<2e46>C .481<6f722065>-5.631 F .481<78616d706c652c2074686520995365
-6e6465723a9a20616e64209946726f6d3a9a208c656c64732061726520616c>-.15 F
--.1<7761>-.1 G .48<7973207363616e6e6564206f6e>.1 F<415250>117 550.4 Q
-.751<414e4554206d61696c20746f2064657465726d696e65207468652073656e646572>
--.92 F/F3 7/Times-Roman@0 SF<3234>-4 I F1 3.251<3b74>4 K .75<6869732069
-73207573656420746f20706572666f726d20746865209972657475726e20746f2073656e
-6465729a2066756e632d>-3.251 F 2.976<74696f6e2e20546865>117 562.4 R .476<
-9946726f6d3a9a20616e64209946756c6c2d4e616d653a9a208c656c6473206172652075
-73656420746f2064657465726d696e65207468652066756c6c206e616d65206f66207468
-652073656e646572206966>2.976 F<706f737369626c653b2074686973206973207374
-6f72656420696e20746865206d6163726f>117 574.4 Q F0<2478>2.5 E F1
-<616e64207573656420696e2061206e756d626572206f662077>2.5 E<6179732e>-.1 E
-F0 2.5<362e332e322e205265737472696374696e67>102 598.4 R
-<557365206f6620456d61696c>2.5 E F1 .15<4966206974206973206e656365737361
-727920746f207265737472696374206d61696c207468726f75676820612072656c6179>
-142 614.6 R 2.649<2c74>-.65 G<6865>-2.649 E F2 -.15<6368>2.649 G<6563>
-.15 E<6b636f6d706174>-.2 E F1 .149
-<726f7574696e652063616e206265206d6f64698c65642e>2.649 F .163
-<5468697320726f7574696e652069732063616c6c656420666f722065>117 626.6 R
--.15<7665>-.25 G .163<727920726563697069656e7420616464726573732e>.15 F
-.163<49742072657475726e7320616e2065>5.163 F .163
-<7869742073746174757320696e6469636174696e672074686520737461747573206f66>
--.15 F .895<746865206d6573736167652e>117 638.6 R .895
-<54686520737461747573>5.895 F/F4 9/Times-Roman@0 SF<45585f4f4b>3.395 E
-F1 .895<616363657074732074686520616464726573732c>3.395 F F4
-<45585f54454d5046>3.395 E<41494c>-.666 E F1 .895
-<71756575657320746865206d65737361676520666f722061>3.395 F .263
-<6c6174657220747279>117 650.6 R 2.763<2c61>-.65 G .263
-<6e64206f746865722076>-2.763 F .264<616c7565732028636f6d6d6f6e6c79>-.25
-F F4<45585f554e>2.764 E -1.215<415641>-.315 G<494c41424c45>1.215 E F1
-2.764<2972>C .264<656a65637420746865206d6573736167652e>-2.764 F .264
-<497420697320757020746f>5.264 F F2 -.15<6368>2.764 G<6563>.15 E<6b2d>-.2
-E<636f6d706174>117 662.6 Q F1 2.477
-<746f207072696e7420616e206572726f72206d65737361676520287573696e67>4.978
-F F2<757372>4.977 E<657272>-.37 E F1 4.977<2969>C 4.977<6674>-4.977 G
-2.477<6865206d6573736167652069732072656a65637465642e>-4.977 F -.15<466f>
-7.477 G 4.977<7265>.15 G<78616d706c652c>-5.127 E .32 LW 76 672.2 72
-672.2 DL 80 672.2 76 672.2 DL 84 672.2 80 672.2 DL 88 672.2 84 672.2 DL
-92 672.2 88 672.2 DL 96 672.2 92 672.2 DL 100 672.2 96 672.2 DL 104
-672.2 100 672.2 DL 108 672.2 104 672.2 DL 112 672.2 108 672.2 DL 116
-672.2 112 672.2 DL 120 672.2 116 672.2 DL 124 672.2 120 672.2 DL 128
-672.2 124 672.2 DL 132 672.2 128 672.2 DL 136 672.2 132 672.2 DL 140
-672.2 136 672.2 DL 144 672.2 140 672.2 DL 148 672.2 144 672.2 DL 152
-672.2 148 672.2 DL 156 672.2 152 672.2 DL 160 672.2 156 672.2 DL 164
-672.2 160 672.2 DL 168 672.2 164 672.2 DL 172 672.2 168 672.2 DL 176
-672.2 172 672.2 DL 180 672.2 176 672.2 DL 184 672.2 180 672.2 DL 188
-672.2 184 672.2 DL 192 672.2 188 672.2 DL 196 672.2 192 672.2 DL 200
-672.2 196 672.2 DL 204 672.2 200 672.2 DL 208 672.2 204 672.2 DL 212
-672.2 208 672.2 DL 216 672.2 212 672.2 DL/F5 5/Times-Roman@0 SF<3234>
-93.6 682.6 Q/F6 8/Times-Roman@0 SF<41637475616c6c79>3.2 I 2.631<2c74>
--.52 G .631<686973206973206e6f206c6f6e676572207472756520696e20534d54503b
-207468697320696e666f726d6174696f6e20697320636f6e7461696e656420696e207468
-6520656e>-2.631 F -.12<7665>-.32 G 2.632<6c6f70652e20546865>.12 F .632
-<6f6c64657220415250>2.632 F .632<414e45542070726f746f636f6c7320646964>
--.736 F<6e6f7420636f6d706c6574656c792064697374696e677569736820656e>72
-695.4 Q -.12<7665>-.32 G<6c6f70652066726f6d20686561646572>.12 E<2e>-.44
-E 0 Cg EP
+/F0 10/Times-Bold@0 SF 193.36(SMM:08-98 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF -.74(FA)
+102 96 S(ST_PID_RECYCLE).74 E .542(Set this if your system can possibly\
+ reuse the same pid in the same second of)188.4 108 R(time.)188.4 120 Q
+37.22(SFS_TYPE The)102 136.2 R .517
+(mechanism that can be used to get \214le system capacity information.)
+3.017 F(The)5.516 E -.25(va)188.4 148.2 S .214
+(lues can be one of SFS_UST).25 F 2.435 -1.11(AT \()-.93 H .215
+(use the ustat\(2\) syscall\), SFS_4ARGS \(use)1.11 F .415(the four ar)
+188.4 160.2 R .415(gument statfs\(2\) syscall\), SFS_VFS \(use the tw)
+-.18 F 2.915(oa)-.1 G -.18(rg)-2.915 G .415(ument statfs\(2\)).18 F .716
+(syscall including <sys/vfs.h>\), SFS_MOUNT \(use the tw)188.4 172.2 R
+3.217(oa)-.1 G -.18(rg)-3.217 G .717(ument statfs\(2\)).18 F 4.32
+(syscall including <sys/mount.h>\), SFS_ST)188.4 184.2 R -1.11(AT)-.93 G
+4.32(FS \(use the tw)1.11 F 6.82(oa)-.1 G -.18(rg)-6.82 G(ument).18 E
+1.108(statfs\(2\) syscall including <sys/statfs.h>\), SFS_ST)188.4 196.2
+R -1.11(AT)-.93 G 1.109(VFS \(use the tw)1.11 F 3.609(oa)-.1 G -.18(rg)
+-3.609 G(u-).18 E 1.511(ment statfs\(2\) syscall including <sys/statvfs\
+.h>\), or SFS_NONE \(no w)188.4 208.2 R 1.511(ay to)-.1 F
+(get this information\).)188.4 220.2 Q 40.57(LA_TYPE The)102 236.4 R
+(load a)2.5 E -.15(ve)-.2 G(rage type.).15 E(Details are described belo)
+5 E -.65(w.)-.25 G .342(The are se)102 252.6 R -.15(ve)-.25 G .342
+(ral b).15 F .342(uilt-in w)-.2 F .342(ays of computing the load a)-.1 F
+-.15(ve)-.2 G(rage.).15 E/F2 10/Times-Italic@0 SF(Sendmail)5.342 E F1
+.343(tries to auto-con\214gure them)2.842 F .267
+(based on imperfect guesses; you can select one using the)102 264.6 R F2
+(cc)2.766 E F1(option)2.766 E F0(\255DLA_TYPE=)2.766 E F2(type)A F1
+2.766(,w)C(here)-2.766 E F2(type)2.766 E F1(is:)102 276.6 Q 48.91
+(LA_INT The)102 292.8 R -.1(ke)3.452 G .952(rnel stores the load a).1 F
+-.15(ve)-.2 G .952(rage in the k).15 F .952
+(ernel as an array of long inte)-.1 F(gers.)-.15 E(The actual v)188.4
+304.8 Q(alues are scaled by a f)-.25 E(actor FSCALE \(def)-.1 E
+(ault 256\).)-.1 E(LA_SHOR)102 321 Q 35.89(TT)-.6 G .794(he k)-35.89 F
+.794(ernel stores the load a)-.1 F -.15(ve)-.2 G .794(rage in the k).15
+F .793(ernel as an array of short inte)-.1 F(gers.)-.15 E(The actual v)
+188.4 333 Q(alues are scaled by a f)-.25 E(actor FSCALE \(def)-.1 E
+(ault 256\).)-.1 E(LA_FLO)102 349.2 Q 37.03 -1.11(AT T)-.35 H .088(he k)
+1.11 F .088(ernel stores the load a)-.1 F -.15(ve)-.2 G .089
+(rage in the k).15 F .089(ernel as an array of double precision)-.1 F
+(\215oats.)188.4 361.2 Q(LA_MA)102 377.4 Q 35.97(CH Use)-.4 F(MA)2.5 E
+(CH-style load a)-.4 E -.15(ve)-.2 G(rages.).15 E 39.45(LA_SUBR Call)102
+393.6 R(the)2.5 E F2 -.1(ge)2.5 G(tloadavg).1 E F1
+(routine to get the load a)2.5 E -.15(ve)-.2 G
+(rage as an array of doubles.).15 E(LA_ZER)102 409.8 Q 42.36(OA)-.4 G
+-.1(lwa)-42.36 G(ys return zero as the load a).1 E -.15(ve)-.2 G 2.5
+(rage. This).15 F(is the f)2.5 E(allback case.)-.1 E .494(If type)102
+426 R/F3 9/Times-Roman@0 SF(LA_INT)2.994 E F1(,)A F3(LA_SHOR)2.994 E(T)
+-.54 E F1 2.994(,o)C(r)-2.994 E F3(LA_FLO)2.993 E -.999(AT)-.315 G F1
+.493(is speci\214ed, you may also need to specify)3.992 F F3(_P)2.993 E
+-.999(AT)-.828 G(H_UNIX).999 E F1 .948
+(\(the path to your system binary\) and)102 438 R F3(LA_A)3.448 E(VENR)
+-1.215 E(UN)-.36 E F1 .949(\(the name of the v)3.448 F .949
+(ariable containing the load)-.25 F -2.25 -.2(av e)102 450 T
+(rage in the k).2 E(ernel; usually \231_a)-.1 E -.15(ve)-.2 G
+(nrun\232 or \231a).15 E -.15(ve)-.2 G(nrun\232\).).15 E F0 2.5
+(6.3. Con\214guration)87 474 R(in sendmail/conf)2.5 E(.c)-.15 E F1
+(The follo)127 490.2 Q(wing changes can be made in conf.c.)-.25 E F0 2.5
+(6.3.1. Built-in)102 514.2 R(Header Semantics)2.5 E F1 1.248
+(Not all header semantics are de\214ned in the con\214guration \214le.)
+142 530.4 R 1.247(Header lines that should)6.247 F .305(only be include\
+d by certain mailers \(as well as other more obscure semantics\) must b\
+e speci\214ed)117 542.4 R .047(in the)117 554.4 R F2(HdrInfo)2.547 E F1
+.047(table in)2.547 F F2(conf)2.547 E(.c)-.15 E F1 5.047(.T)C .046
+(his table contains the header name \(which should be in all lo)-5.047 F
+(wer)-.25 E(case\) and a set of header control \215ags \(described belo)
+117 566.4 Q(w\), The \215ags are:)-.25 E(H_A)117 582.6 Q 30.97
+(CHECK Normally)-.4 F .007
+(when the check is made to see if a header line is compatible with)2.507
+F 2.941(am)203.4 594.6 S(ailer)-2.941 E(,)-.4 E F2(sendmail)2.941 E F1
+.441(will not delete an e)2.941 F .441(xisting line.)-.15 F .44
+(If this \215ag is set,)5.441 F F2(send-)2.94 E(mail)203.4 606.6 Q F1
+.152(will delete e)2.652 F -.15(ve)-.25 G 2.652(ne).15 G .152
+(xisting header lines.)-2.802 F .152
+(That is, if this bit is set and the)5.152 F 1.425(mailer does not ha)
+203.4 618.6 R 1.725 -.15(ve \215)-.2 H 1.425
+(ag bits set that intersect with the required mailer).15 F 2.204
+(\215ags in the header de\214nition in sendmail.cf, the header line is)
+203.4 630.6 R F2(always)4.704 E F1(deleted.)203.4 642.6 Q 51.13
+(H_EOH If)117 658.8 R .206(this header \214eld is set, treat it lik)
+2.706 F 2.706(eab)-.1 G .206(lank line, i.e., it will signal the end)
+-2.706 F(of the header and the be)203.4 670.8 Q
+(ginning of the message te)-.15 E(xt.)-.15 E 39.45(H_FORCE Add)117 687 R
+2.038(this header entry e)4.538 F -.15(ve)-.25 G 4.538(ni).15 G 4.538
+(fo)-4.538 G 2.038(ne e)-4.538 F 2.039(xisted in the message before.)
+-.15 F 2.039(If a)7.039 F 2.189(header entry does not ha)203.4 699 R
+2.488 -.15(ve t)-.2 H 2.188(his bit set,).15 F F2(sendmail)4.688 E F1
+2.188(will not add another)4.688 F .62
+(header line if a header line of this name already e)203.4 711 R 3.12
+(xisted. This)-.15 F -.1(wo)3.12 G .62(uld nor).1 F(-)-.2 E
+(mally be used to stamp the message by e)203.4 723 Q -.15(ve)-.25 G
+(ryone who handled it.).15 E 0 Cg EP
%%Page: 99 95
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d3939>195.86 E
-/F1 10/Times-Italic@0 SF -.15<6368>117 96 S<6563>.15 E<6b636f6d706174>
--.2 E/F2 10/Times-Roman@0 SF<636f756c6420726561643a>2.5 E/F3 9
-/Times-Roman@0 SF<696e74>157 111 Q<636865636b636f6d70617428746f2c206529>
-157 121.8 Q<7265>175 132.6 Q<6769737465722041444452455353202a746f3b>
--.135 E<7265>175 143.4 Q<67697374657220454e56454c4f5045202a653b>-.135 E
-<7b>157 154.2 Q<7265>175 165 Q<676973746572205354>-.135 E<4142202a733b>
--.837 E 2.25<733d73>175 186.6 S<7461622822707269>-2.25 E -.225<7661>
--.225 G<7465222c2053545f4d41494c45522c2053545f46494e44293b>.225 E<696620
-287320213d204e554c4c2026262065ad3e655f66726f6d2e715f6d61696c657220213d20
-4c6f63616c4d61696c6572202626>175 197.4 Q
-<746f2d3e715f6d61696c6572203d3d20732d3e735f6d61696c657229>184 208.2 Q
-<7b>175 219 Q<75737265727228224e6f20707269>193 229.8 Q -.225<7661>-.225
-G<7465206e6574206d61696c20616c6c6f>.225 E
-<776564207468726f7567682074686973206d616368696e6522293b>-.225 E
-<72657475726e202845585f554e>193 240.6 Q -1.215<415641>-.315 G
-<494c41424c45293b>1.215 E<7d>175 251.4 Q<696620284d736753697a65203e2035
-30303030202626206269746e736574284d5f4c4f43414c4d41494c45522c20746fad3e71
-5f6d61696c65722929>175 262.2 Q<7b>175 273 Q
-<75737265727228224d65737361676520746f6f206c6172>193 283.8 Q
-<676520666f72206e6f6e2d6c6f63616c2064656c69>-.162 E -.135<7665>-.225 G
-<727922293b>.135 E<65ad3e655f8d616773207c3d2045465f4e4f52455455524e3b>
-193 294.6 Q<72657475726e202845585f554e>193 305.4 Q -1.215<415641>-.315 G
-<494c41424c45293b>1.215 E<7d>175 316.2 Q<72657475726e202845585f4f4b293b>
-175 327 Q<7d>157 337.8 Q F2 .969<546869732077>117 354 R .969<6f756c6420
-72656a656374206d657373616765732067726561746572207468616e2035303030302062
-7974657320756e6c65737320746865>-.1 F 3.469<7977>-.15 G .97
-<657265206c6f63616c2e>-3.469 F<546865>5.97 E F1<45465f4e4f52452d>3.47 E
-<5455524e>117 366 Q F2 .652<8d61672063616e2062652073657420696e>3.152 F
-F1<65>3.152 E/F4 10/Symbol SF<ae>A F1<655f8d61>A<6773>-.1 E F2 .651<746f
-207375707072657373207468652072657475726e206f66207468652061637475616c2062
-6f6479206f6620746865206d65737361676520696e>3.152 F .655
-<746865206572726f722072657475726e2e>117 378 R .655<5468652061637475616c
-20757365206f66207468697320726f7574696e6520697320686967686c7920646570656e
-64656e74206f6e2074686520696d706c656d656e746174696f6e2c20616e64>5.655 F
-<7573652073686f756c64206265206c696d697465642e>117 390 Q F0 2.5
-<362e332e332e204e6577>102 414 R
-<4461746162617365204d617020436c6173736573>2.5 E F2<4e65>142 430.2 Q
-2.876<776b>-.25 G .676 -.15<6579206d>-2.976 H .375<6170732063616e206265
-206164646564206279206372656174696e67206120636c61737320696e697469616c697a
-6174696f6e2066756e6374696f6e20616e642061206c6f6f6b75702066756e632d>.15 F
-2.5<74696f6e2e205468657365>117 442.2 R
-<617265207468656e20616464656420746f2074686520726f7574696e65>2.5 E F1
-<73657475706d6170732e>2.5 E F2<54686520696e697469616c697a6174696f6e2066
-756e6374696f6e2069732063616c6c6564206173>142 458.4 Q F1<787878>157 474.6
-Q F2<5f6d61705f696e6974284d4150202a6d61702c2063686172202a6172>A<677329>
--.18 E<546865>117 490.8 Q F1<6d6170>3.279 E F2 .779
-<697320616e20696e7465726e616c2064617461207374727563747572652e>3.279 F
-<546865>5.779 E F1<6172>3.279 E<6773>-.37 E F2 .78<6973206120706f696e74
-657220746f2074686520706f7274696f6e206f662074686520636f6e8c6775726174696f
-6e>3.279 F .397<8c6c65206c696e6520666f6c6c6f>117 502.8 R .396<77696e6720
-746865206d617020636c617373206e616d653b208d61677320616e64208c6c656e616d65
-732063616e2062652065>-.25 F .396
-<78747261637465642066726f6d2074686973206c696e652e>-.15 F<546865>5.396 E
-<696e697469616c697a6174696f6e2066756e6374696f6e206d7573742072657475726e>
-117 514.8 Q F3<74727565>2.5 E F2
-<6966206974207375636365737366756c6c79206f70656e656420746865206d61702c>
-2.5 E F3 -.09<6661>2.5 G<6c7365>.09 E F2<6f74686572776973652e>2.5 E
-<546865206c6f6f6b75702066756e6374696f6e2069732063616c6c6564206173>142
-531 Q F1<787878>157 547.2 Q F2
-<5f6d61705f6c6f6f6b7570284d4150202a6d61702c20636861722062>A
-<75665b5d2c2063686172202a2a61>-.2 E 1.3 -.65<762c2069>-.2 H
-<6e74202a737461747029>.65 E<546865>117 563.4 Q F1<6d6170>2.772 E F2 .272
-<64658c6e657320746865206d617020696e7465726e616c6c79>2.772 F 5.273<2e54>
--.65 G<6865>-5.273 E F1 -.2<6275>2.773 G<66>.2 E F2 .273
-<6861732074686520696e707574206b>2.773 F -.15<6579>-.1 G 5.273<2e54>-.5 G
-.273<686973206d61792062652028616e64206f6674656e206973292075736564>-5.273
-F<646573747275637469>117 575.4 Q -.15<7665>-.25 G<6c79>.15 E 5.152<2e54>
--.65 G<6865>-5.152 E F1<6176>2.652 E F2 .151
-<69732061206c697374206f66206172>2.652 F .151
-<67756d656e74732070617373656420696e2066726f6d20746865207265>-.18 F .151
-<7772697465206c696e652e>-.25 F .151
-<546865206c6f6f6b75702066756e6374696f6e>5.151 F .322
-<73686f756c642072657475726e206120706f696e74657220746f20746865206e65>117
-587.4 R 2.822<7776>-.25 G 2.822<616c75652e204966>-3.072 F .322
-<746865206d6170206c6f6f6b75702066>2.822 F<61696c732c>-.1 E F1
-<2a7374617470>2.822 E F2 .322
-<73686f756c642062652073657420746f20616e2065>2.822 F<786974>-.15 E .302
-<73746174757320636f64653b20696e20706172746963756c6172>117 599.4 R 2.802
-<2c69>-.4 G 2.802<7473>-2.802 G .302<686f756c642062652073657420746f>
--2.802 F F3<45585f54454d5046>2.802 E<41494c>-.666 E F2 .302
-<6966207265636f>2.802 F -.15<7665>-.15 G .301
-<727920697320746f20626520617474656d7074656420627920746865>.15 F
-<686967686572206c65>117 611.4 Q -.15<7665>-.25 G 2.5<6c63>.15 G
-<6f64652e>-2.5 E F0 2.5<362e332e342e205175657565696e67>102 635.4 R
-<46756e6374696f6e>2.5 E F2 .782<54686520726f7574696e65>142 651.6 R F1
-<73686f756c647175657565>3.282 E F2 .783<69732063616c6c656420746f20646563
-6964652069662061206d6573736167652073686f756c6420626520717565756564206f72
-2070726f636573736564>3.283 F<696d6d6564696174656c79>117 663.6 Q 6.619
-<2e54>-.65 G 1.618<79706963616c6c79207468697320636f6d706172657320746865
-206d657373616765207072696f7269747920746f207468652063757272656e74206c6f61
-642061>-7.419 F -.15<7665>-.2 G 4.118<726167652e20546865>.15 F<646566>
-117 675.6 Q<61756c742064658c6e6974696f6e2069733a>-.1 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-99)195.86 E/F1 10/Times-Roman@0 SF(H_TRA)117 96 Q 39.3(CE If)-.4
+F 1.044(set, this is a timestamp \(trace\) \214eld.)3.544 F 1.043
+(If the number of trace \214elds in a)6.043 F .705(message e)203.4 108 R
+.705(xceeds a preset amount the message is returned on the assump-)-.15
+F(tion that it has an aliasing loop.)203.4 120 Q 46.67(H_RCPT If)117
+136.2 R .332(set, this \214eld contains recipient addresses.)2.833 F
+.332(This is used by the)5.332 F F0<ad74>2.832 E F1 .332(\215ag to)2.832
+F 1.349(determine who to send to when it is collecting recipients from \
+the mes-)203.4 148.2 R(sage.)203.4 160.2 Q(H_FR)117 176.4 Q 43.74
+(OM This)-.4 F 1.673
+(\215ag indicates that this \214eld speci\214es a sender)4.174 F 6.673
+(.T)-.55 G 1.673(he order of these)-6.673 F .898(\214elds in the)203.4
+188.4 R/F2 10/Times-Italic@0 SF(HdrInfo)3.398 E F1 .898
+(table speci\214es)3.398 F F2(sendmail)3.398 E F1 1.998 -.55('s p)D .898
+(reference for which \214eld).55 F(to return error messages to.)203.4
+200.4 Q(H_ERR)117 216.6 Q(ORST)-.4 E 22.53(OA)-.18 G
+(ddresses in this header should recei)-22.53 E .3 -.15(ve e)-.25 H
+(rror messages.).15 E 52.79(H_CTE This)117 232.8 R
+(header is a Content-T)2.5 E(ransfer)-.35 E(-Encoding header)-.2 E(.)
+-.55 E 40.01(H_CTYPE This)117 249 R(header is a Content-T)2.5 E
+(ype header)-.8 E(.)-.55 E 51.67(H_BCC Strip)117 265.2 R(the v)2.5 E
+(alue from the header \(for Bcc:\).)-.25 E(Let')117 281.4 Q 2.5(sl)-.55
+G(ook at a sample)-2.5 E F2(HdrInfo)2.5 E F1(speci\214cation:)2.5 E
+(struct hdrinfo)157 297.6 Q(HdrInfo[] =)84.6 E({)157 309.6 Q
+(/* originator \214elds, most to least signi\214cant)189.5 321.6 Q(*/)5
+E 52.29("resent-sender", H_FR)177 333.6 R(OM,)-.4 E 58.95
+("resent-from", H_FR)177 345.6 R(OM,)-.4 E 79.5("sender", H_FR)177 357.6
+R(OM,)-.4 E 86.16("from", H_FR)177 369.6 R(OM,)-.4 E 66.72
+("full-name", H_A)177 381.6 R(CHECK,)-.4 E 71.17("errors-to", H_FR)177
+393.6 R -1.667(OM | H_ERR)-.4 F(ORST)-.4 E(O,)-.18 E
+(/* destination \214elds */)189.5 405.6 Q 97.82("to", H_RCPT)177 417.6 R
+(,)-.74 E 70.61("resent-to", H_RCPT)177 429.6 R(,)-.74 E 96.72
+("cc", H_RCPT)177 441.6 R(,)-.74 E 91.72("bcc", H_RCPT)177 453.6 R .833
+(|H).833 G(_BCC,)-.833 E(/* message identi\214cation and control */)
+189.5 465.6 Q 71.72("message", H_EOH,)177 477.6 R("te)177 489.6 Q 90.75
+(xt", H_EOH,)-.15 F(/* trace \214elds */)189.5 501.6 Q("recei)177 513.6
+Q -.15(ve)-.25 G 72.13(d", H_TRA).15 F -1.667(CE | H_FORCE,)-.4 F
+(/* miscellaneous \214elds */)189.5 525.6 Q("content-transfer)177 537.6
+Q 2.5(-encoding", H_CTE,)-.2 F 55.61("content-type", H_CTYPE,)177 549.6
+R 87.1(NULL, 0,)177 573.6 R(};)157 585.6 Q 2.435
+(This structure indicates that the \231T)117 601.8 R 2.435
+(o:\232, \231Resent-T)-.8 F 2.435
+(o:\232, and \231Cc:\232 \214elds all specify recipient)-.8 F 3.161
+(addresses. An)117 613.8 R 3.161<7999>-.15 G .662(Full-Name:\232 \214el\
+d will be deleted unless the required mailer \215ag \(indicated in)
+-3.161 F .246(the con\214guration \214le\) is speci\214ed.)117 625.8 R
+.245(The \231Message:\232 and \231T)5.246 F -.15(ex)-.7 G .245
+(t:\232 \214elds will terminate the header;).15 F 1.936
+(these are used by random dissenters around the netw)117 637.8 R 1.936
+(ork w)-.1 F 4.436(orld. The)-.1 F(\231Recei)4.436 E -.15(ve)-.25 G
+1.937(d:\232 \214eld will).15 F(al)117 649.8 Q -.1(wa)-.1 G
+(ys be added, and can be used to trace messages.).1 E .446
+(There are a number of important points here.)142 666 R .445
+(First, header \214elds are not added automati-)5.446 F .656
+(cally just because the)117 678 R 3.156(ya)-.15 G .656(re in the)-3.156
+F F2(HdrInfo)3.157 E F1 .657(structure; the)3.157 F 3.157(ym)-.15 G .657
+(ust be speci\214ed in the con\214guration)-3.157 F .728
+(\214le in order to be added to the message.)117 690 R(An)5.727 E 3.227
+(yh)-.15 G .727(eader \214elds mentioned in the con\214guration \214le)
+-3.227 F -.2(bu)117 702 S 3.24(tn).2 G .74(ot mentioned in the)-3.24 F
+F2(HdrInfo)3.24 E F1 .74(structure ha)3.24 F 1.04 -.15(ve d)-.2 H(ef).15
+E .74(ault processing performed; that is, the)-.1 F 3.24(ya)-.15 G(re)
+-3.24 E 1.375(added unless the)117 714 R 3.875(yw)-.15 G 1.375
+(ere in the message already)-3.875 F 6.375(.S)-.65 G 1.374(econd, the)
+-6.375 F F2(HdrInfo)3.874 E F1 1.374(structure only speci\214es)3.874 F
+0 Cg EP
%%Page: 100 96
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 188.36<534d4d3a30382d3130302053656e646d61696c>72
-60 R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>
-2.5 E/F1 10/Times-Roman@0 SF<626f6f6c>157 96 Q
-<73686f756c647175657565287072692c206374696d6529>157 108 Q
-<6c6f6e67207072693b>175 120 Q<74696d655f74206374696d653b>175 132 Q<7b>
-157 144 Q<6966202843757272656e744c41203c2051756575654c4129>175 156 Q
-<72657475726e2066>193 168 Q<616c73653b>-.1 E
-<72657475726e2028707269203e2028517565756546>175 180 Q<6163746f72202f2028
-43757272656e744c4120ad2051756575654c41202b20312929293b>-.15 E<7d>157 192
-Q 2.062<4966207468652063757272656e74206c6f61642061>117 208.2 R -.15
-<7665>-.2 G 2.062<726167652028676c6f62616c2076>.15 F<61726961626c65>-.25
-E/F2 10/Times-Italic@0 SF<43757272>4.562 E<656e744c41>-.37 E F1 4.562
-<2c77>C 2.062
-<6869636820697320736574206265666f726520746869732066756e6374696f6e206973>
--4.562 F 1.058<63616c6c656429206973206c657373207468616e20746865206c6f>
-117 220.2 R 3.558<7774>-.25 G 1.058<68726573686f6c64206c6f61642061>
--3.558 F -.15<7665>-.2 G 1.058<7261676520286f7074696f6e>.15 F F0<78>
-3.557 E F1 3.557<2c76>C<61726961626c65>-3.807 E F2<51756575654c41>3.557
-E F1<292c>A F2<73686f756c647175657565>3.557 E F1<72657475726e73>117
-232.2 Q/F3 9/Times-Roman@0 SF -.09<6661>3.248 G<6c7365>.09 E F1 .748
-<696d6d6564696174656c792028746861742069732c2069742073686f756c64>3.248 F
-F2<6e6f74>3.248 E F1 3.249<7175657565292e204966>3.249 F .749
-<7468652063757272656e74206c6f61642061>3.249 F -.15<7665>-.2 G .749
-<726167652065>.15 F .749<78636565647320746865>-.15 F 1.419
-<68696768207468726573686f6c64206c6f61642061>117 244.2 R -.15<7665>-.2 G
-1.419<7261676520286f7074696f6e>.15 F F0<58>3.919 E F1 3.919<2c76>C
-<61726961626c65>-4.169 E F2<5265667573654c41>3.919 E F1<292c>A F2
-<73686f756c647175657565>3.918 E F1<72657475726e73>3.918 E F3<74727565>
-3.918 E F1<696d6d6564692d>3.918 E<6174656c79>117 256.2 Q 7.125<2e4f>-.65
-G 2.125<74686572776973652c20697420636f6d7075746573207468652066756e637469
-6f6e206261736564206f6e20746865206d657373616765207072696f72697479>-7.125
-F 4.626<2c74>-.65 G 2.126<68652071756575652066>-4.626 F<6163746f72>-.1 E
-<286f7074696f6e>117 268.2 Q F0<71>2.5 E F1 2.5<2c67>C<6c6f62616c2076>
--2.5 E<61726961626c65>-.25 E F2<517565756546>2.5 E<6163746f72>-.75 E F1<
-292c20616e64207468652063757272656e7420616e64207468726573686f6c64206c6f61
-642061>A -.15<7665>-.2 G<72616765732e>.15 E 1.067
-<416e20696d706c656d656e746174696f6e2077697368696e6720746f2074616b>142
-284.4 R 3.567<6574>-.1 G 1.066<68652061637475616c20616765206f6620746865
-206d65737361676520696e746f206163636f756e742063616e20616c736f>-3.567 F
-1.41<75736520746865>117 296.4 R F2<6374696d65>3.91 E F1
-<706172616d65746572>3.91 E 3.91<2c77>-.4 G 1.41
-<68696368206973207468652074696d65207468617420746865206d6573736167652077>
--3.91 F 1.41<6173208c727374207375626d697474656420746f>-.1 F F2
-<73656e646d61696c>3.91 E F1<2e>A .929<4e6f7465207468617420746865>117
-308.4 R F2<707269>3.428 E F1 .928<706172616d6574657220697320616c72656164
-7920776569676874656420627920746865206e756d626572206f662074696d6573207468
-65206d65737361676520686173206265656e>3.428 F .395
-<74726965642028616c74686f75676820746869732074656e647320746f206c6f>117
-320.4 R .395<77657220746865207072696f72697479206f6620746865206d65737361
-676520776974682074696d65293b207468652065>-.25 F .395
-<78706563746174696f6e2069732074686174>-.15 F<746865>117 332.4 Q F2
-<6374696d65>2.674 E F1 -.1<776f>2.674 G .174<756c6420626520757365642061
-7320616e209965736361706520636c617573659a20746f20656e73757265207468617420
-6d65737361676573206172652065>.1 F -.15<7665>-.25 G .174
-<6e7475616c6c792070726f6365737365642e>.15 F F0 2.5
-<362e332e352e205265667573696e67>102 356.4 R
-<496e636f6d696e6720534d545020436f6e6e656374696f6e73>2.5 E F1 2.062
-<5468652066756e6374696f6e>142 372.6 R F2 -.37<7265>4.562 G
-<66757365636f6e6e656374696f6e73>.37 E F1<72657475726e73>4.562 E F3
-<74727565>4.562 E F1 2.063<696620696e636f6d696e6720534d545020636f6e6e65
-6374696f6e732073686f756c64206265>4.562 F 3.564<726566757365642e20546865>
-117 384.6 R 1.063
-<63757272656e7420696d706c656d656e746174696f6e2069732062617365642065>
-3.563 F<78636c757369>-.15 E -.15<7665>-.25 G 1.063
-<6c79206f6e207468652063757272656e74206c6f61642061>.15 F -.15<7665>-.2 G
-1.063<7261676520616e6420746865>.15 F<726566757365206c6f61642061>117
-396.6 Q -.15<7665>-.2 G<72616765206f7074696f6e20286f7074696f6e>.15 E F0
-<58>2.5 E F1 2.5<2c67>C<6c6f62616c2076>-2.5 E<61726961626c65>-.25 E F2
-<5265667573654c41>2.5 E F1<293a>A<626f6f6c>157 412.8 Q
-<726566757365636f6e6e656374696f6e732829>157 424.8 Q<7b>157 436.8 Q<7265
-7475726e20285265667573654c41203e20302026262043757272656e744c41203e3d2052
-65667573654c41293b>175 448.8 Q<7d>157 460.8 Q 2.5<416d>117 477 S
-<6f726520636c65>-2.5 E -.15<7665>-.25 G 2.5<7269>.15 G<6d706c656d656e74
-6174696f6e20636f756c64206c6f6f6b206174206d6f72652073797374656d207265736f
-75726365732e>-2.5 E F0 2.5<362e332e362e204c6f6164>102 501 R -.6 -1
-<41762065>2.5 H<7261676520436f6d7075746174696f6e>1 E F1 .243
-<54686520726f7574696e65>142 517.2 R F2 -.1<6765>2.743 G<746c61>.1 E F1
-.243<72657475726e73207468652063757272656e74206c6f61642061>2.743 F -.15
-<7665>-.2 G .243<7261676520286173206120726f756e64656420696e7465>.15 F
-2.743<676572292e20546865>-.15 F<64697374726962>2.744 E<7574696f6e>-.2 E
-1.157<696e636c75646573207365>117 529.2 R -.15<7665>-.25 G 1.157
-<72616c20706f737369626c6520696d706c656d656e746174696f6e732e>.15 F 1.157
-<496620796f752061726520706f7274696e6720746f2061206e65>6.157 F 3.657
-<7765>-.25 G -.4<6e76>-3.657 G 1.157<69726f6e6d656e7420796f75206d6179>.4
-F<6e65656420746f2061646420736f6d65206e65>117 543.2 Q 2.5<7774>-.25 G
-<7765616b732e>-2.5 E/F4 7/Times-Roman@0 SF<3235>-4 I F0 2.5
-<362e342e20436f6e8c6775726174696f6e>87 567.2 R
-<696e2073656e646d61696c2f6461656d6f6e2e63>2.5 E F1 .127<546865208c6c65>
-127 583.4 R F2<73656e646d61696c2f6461656d6f6e2e63>2.627 E F1 .128<636f6e
-7461696e732061206e756d626572206f6620726f7574696e657320746861742061726520
-646570656e64656e74206f6e20746865206c6f63616c206e65742d>2.628 F -.1<776f>
-102 595.4 S<726b696e6720656e>.1 E 2.5<7669726f6e6d656e742e20546865>-.4 F
--.15<7665>2.5 G
-<7273696f6e20737570706c69656420617373756d657320796f75206861>.15 E .3
--.15<76652042>-.2 H<5344207374796c6520736f636b>.15 E<6574732e>-.1 E 2.16
-<496e20707265>127 611.6 R 2.16<76696f75732072656c65617365732c2077652072
-65636f6d6d656e646564207468617420796f75206d6f646966792074686520726f757469
-6e65>-.25 F F2<6d6170686f73746e616d65>4.66 E F1 2.16<696620796f75>4.66 F
--.1<7761>102 623.6 S 1.918<6e74656420746f2067656e6572616c697a65>.1 F F0
-<245b>4.418 E F1<2e2e2e>4.418 E F0<245d>4.418 E F1 4.418
-<6c6f6f6b7570732e2057>4.418 F 4.418<656e>-.8 G 2.418 -.25<6f772072>
--4.418 H 1.918
-<65636f6d6d656e64207468617420796f75206372656174652061206e65>.25 F 4.419
-<776b>-.25 G -.15<6579>-4.519 G 1.919<6564206d6170>.15 F
-<696e73746561642e>102 635.6 Q .32 LW 76 678.8 72 678.8 DL 80 678.8 76
-678.8 DL 84 678.8 80 678.8 DL 88 678.8 84 678.8 DL 92 678.8 88 678.8 DL
-96 678.8 92 678.8 DL 100 678.8 96 678.8 DL 104 678.8 100 678.8 DL 108
-678.8 104 678.8 DL 112 678.8 108 678.8 DL 116 678.8 112 678.8 DL 120
-678.8 116 678.8 DL 124 678.8 120 678.8 DL 128 678.8 124 678.8 DL 132
-678.8 128 678.8 DL 136 678.8 132 678.8 DL 140 678.8 136 678.8 DL 144
-678.8 140 678.8 DL 148 678.8 144 678.8 DL 152 678.8 148 678.8 DL 156
-678.8 152 678.8 DL 160 678.8 156 678.8 DL 164 678.8 160 678.8 DL 168
-678.8 164 678.8 DL 172 678.8 168 678.8 DL 176 678.8 172 678.8 DL 180
-678.8 176 678.8 DL 184 678.8 180 678.8 DL 188 678.8 184 678.8 DL 192
-678.8 188 678.8 DL 196 678.8 192 678.8 DL 200 678.8 196 678.8 DL 204
-678.8 200 678.8 DL 208 678.8 204 678.8 DL 212 678.8 208 678.8 DL 216
-678.8 212 678.8 DL/F5 5/Times-Roman@0 SF<3235>93.6 689.2 Q/F6 8
-/Times-Roman@0 SF<496620796f7520646f2c20706c656173652073656e642075706461
-74657320746f2073656e646d61696c4053656e646d61696c2e4f52472e>3.2 I 0 Cg EP
+/F0 10/Times-Bold@0 SF 188.36(SMM:08-100 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF .324(cli\
+ched processing; certain headers are processed specially by ad hoc code\
+ re)117 96 R -.05(ga)-.15 G .325(rdless of the sta-).05 F .481
+(tus speci\214ed in)117 108 R/F2 10/Times-Italic@0 SF(HdrInfo)2.981 E F1
+5.481(.F)C .481(or e)-5.631 F .481
+(xample, the \231Sender:\232 and \231From:\232 \214elds are al)-.15 F
+-.1(wa)-.1 G .48(ys scanned on).1 F(ARP)117 122 Q .751
+(ANET mail to determine the sender)-.92 F/F3 7/Times-Roman@0 SF(24)-4 I
+F1 3.251(;t)4 K .75
+(his is used to perform the \231return to sender\232 func-)-3.251 F
+2.976(tion. The)117 134 R .476(\231From:\232 and \231Full-Name:\232 \
+\214elds are used to determine the full name of the sender if)2.976 F
+(possible; this is stored in the macro)117 146 Q F0($x)2.5 E F1
+(and used in a number of w)2.5 E(ays.)-.1 E F0 2.5(6.3.2. Restricting)
+102 170 R(Use of Email)2.5 E F1 .15
+(If it is necessary to restrict mail through a relay)142 186.2 R 2.649
+(,t)-.65 G(he)-2.649 E F2 -.15(ch)2.649 G(ec).15 E(kcompat)-.2 E F1 .149
+(routine can be modi\214ed.)2.649 F .163(This routine is called for e)
+117 198.2 R -.15(ve)-.25 G .163(ry recipient address.).15 F .163
+(It returns an e)5.163 F .163(xit status indicating the status of)-.15 F
+.895(the message.)117 210.2 R .895(The status)5.895 F/F4 9/Times-Roman@0
+SF(EX_OK)3.395 E F1 .895(accepts the address,)3.395 F F4(EX_TEMPF)3.395
+E(AIL)-.666 E F1 .895(queues the message for a)3.395 F .263(later try)
+117 222.2 R 2.763(,a)-.65 G .263(nd other v)-2.763 F .264
+(alues \(commonly)-.25 F F4(EX_UN)2.764 E -1.215(AVA)-.315 G(ILABLE)
+1.215 E F1 2.764(\)r)C .264(eject the message.)-2.764 F .264
+(It is up to)5.264 F F2 -.15(ch)2.764 G(ec).15 E(k-)-.2 E(compat)117
+234.2 Q F1 .43(to print an error message \(using)2.93 F F2(usr)2.929 E
+(err)-.37 E F1 2.929(\)i)C 2.929(ft)-2.929 G .429
+(he message is rejected.)-2.929 F -.15(Fo)5.429 G 2.929(re).15 G
+(xample,)-3.079 E F2 -.15(ch)2.929 G(ec).15 E(k-)-.2 E(compat)117 246.2
+Q F1(could read:)2.5 E F4(int)157 261.2 Q(checkcompat\(to, e\))157 272 Q
+(re)175 282.8 Q(gister ADDRESS *to;)-.135 E(re)175 293.6 Q
+(gister ENVELOPE *e;)-.135 E({)157 304.4 Q(re)175 315.2 Q(gister ST)
+-.135 E(AB *s;)-.837 E 2.25(s=s)175 336.8 S(tab\("pri)-2.25 E -.225(va)
+-.225 G(te", ST_MAILER, ST_FIND\);).225 E
+(if \(s != NULL && e\255>e_from.q_mailer != LocalMailer &&)175 347.6 Q
+(to->q_mailer == s->s_mailer\))184 358.4 Q({)175 369.2 Q
+(usrerr\("No pri)193 380 Q -.225(va)-.225 G(te net mail allo).225 E
+(wed through this machine"\);)-.225 E(return \(EX_UN)193 390.8 Q -1.215
+(AVA)-.315 G(ILABLE\);)1.215 E(})175 401.6 Q
+(if \(MsgSize > 50000 && bitnset\(M_LOCALMAILER, to\255>q_mailer\)\))175
+412.4 Q({)175 423.2 Q(usrerr\("Message too lar)193 434 Q
+(ge for non-local deli)-.162 E -.135(ve)-.225 G(ry"\);).135 E
+(e\255>e_\215ags |= EF_NORETURN;)193 444.8 Q(return \(EX_UN)193 455.6 Q
+-1.215(AVA)-.315 G(ILABLE\);)1.215 E(})175 466.4 Q(return \(EX_OK\);)175
+477.2 Q(})157 488 Q F1 .969(This w)117 504.2 R .969
+(ould reject messages greater than 50000 bytes unless the)-.1 F 3.469
+(yw)-.15 G .97(ere local.)-3.469 F(The)5.97 E F2(EF_NORE-)3.47 E(TURN)
+117 516.2 Q F1 .652(\215ag can be set in)3.152 F F2(e)3.152 E/F5 10
+/Symbol SF<ae>A F2(e_\215a)A(gs)-.1 E F1 .651
+(to suppress the return of the actual body of the message in)3.152 F
+.655(the error return.)117 528.2 R .655(The actual use of this routine \
+is highly dependent on the implementation, and)5.655 F
+(use should be limited.)117 540.2 Q F0 2.5(6.3.3. New)102 564.2 R
+(Database Map Classes)2.5 E F1(Ne)142 580.4 Q 2.876(wk)-.25 G .676 -.15
+(ey m)-2.976 H .375(aps can be added by creating a class initialization\
+ function and a lookup func-).15 F 2.5(tion. These)117 592.4 R
+(are then added to the routine)2.5 E F2(setupmaps.)2.5 E F1
+(The initialization function is called as)142 608.6 Q F2(xxx)157 624.8 Q
+F1(_map_init\(MAP *map, char *ar)A(gs\))-.18 E(The)117 641 Q F2(map)
+3.279 E F1 .779(is an internal data structure.)3.279 F(The)5.779 E F2
+(ar)3.279 E(gs)-.37 E F1 .78
+(is a pointer to the portion of the con\214guration)3.279 F .397
+(\214le line follo)117 653 R .396
+(wing the map class name; \215ags and \214lenames can be e)-.25 F .396
+(xtracted from this line.)-.15 F(The)5.396 E
+(initialization function must return)117 665 Q F4(true)2.5 E F1
+(if it successfully opened the map,)2.5 E F4 -.09(fa)2.5 G(lse).09 E F1
+(otherwise.)2.5 E .32 LW 76 674.6 72 674.6 DL 80 674.6 76 674.6 DL 84
+674.6 80 674.6 DL 88 674.6 84 674.6 DL 92 674.6 88 674.6 DL 96 674.6 92
+674.6 DL 100 674.6 96 674.6 DL 104 674.6 100 674.6 DL 108 674.6 104
+674.6 DL 112 674.6 108 674.6 DL 116 674.6 112 674.6 DL 120 674.6 116
+674.6 DL 124 674.6 120 674.6 DL 128 674.6 124 674.6 DL 132 674.6 128
+674.6 DL 136 674.6 132 674.6 DL 140 674.6 136 674.6 DL 144 674.6 140
+674.6 DL 148 674.6 144 674.6 DL 152 674.6 148 674.6 DL 156 674.6 152
+674.6 DL 160 674.6 156 674.6 DL 164 674.6 160 674.6 DL 168 674.6 164
+674.6 DL 172 674.6 168 674.6 DL 176 674.6 172 674.6 DL 180 674.6 176
+674.6 DL 184 674.6 180 674.6 DL 188 674.6 184 674.6 DL 192 674.6 188
+674.6 DL 196 674.6 192 674.6 DL 200 674.6 196 674.6 DL 204 674.6 200
+674.6 DL 208 674.6 204 674.6 DL 212 674.6 208 674.6 DL 216 674.6 212
+674.6 DL/F6 5/Times-Roman@0 SF(24)93.6 685 Q/F7 8/Times-Roman@0 SF
+(Actually)3.2 I 2.631(,t)-.52 G .631
+(his is no longer true in SMTP; this information is contained in the en)
+-2.631 F -.12(ve)-.32 G 2.632(lope. The).12 F .632(older ARP)2.632 F
+.632(ANET protocols did)-.736 F(not completely distinguish en)72 697.8 Q
+-.12(ve)-.32 G(lope from header).12 E(.)-.44 E 0 Cg EP
%%Page: 101 97
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d313031>190.86 E
-2.5<362e352e204c44>87 96 R<4150>-.35 E/F1 10/Times-Roman@0 SF
-<496e20746869732073656374696f6e20776520617373756d652074686174>127 112.2
-Q/F2 10/Times-Italic@0 SF<73656e646d61696c>2.5 E F1<686173206265656e2063
-6f6d70696c6564207769746820737570706f727420666f72204c44>2.5 E<4150>-.4 E
-<2e>-1.11 E F0 2.5<362e352e312e204c44>102 136.2 R
-<415020526563757273696f6e>-.35 E F1<4c44>142 152.4 Q .35
-<415020526563757273696f6e20616c6c6f>-.4 F .349<777320796f7520746f206164
-6420747970657320746f207468652073656172636820617474726962>-.25 F .349
-<75746573206f6e20616e204c44>-.2 F .349<4150206d61702073706563692d>-.4 F
-2.5<8c636174696f6e2e20546865>117 164.4 R<73796e7461782069733a>2.5 E
-<ad76>117 180.6 Q F2 -.37<4154>2.5 G<54524942>.37 E<555445>-.1 E F1
-<5b3a>A F2<54595045>A F1<5b3a>A F2<4f424a454354434c415353>A F1<5b7c>A F2
-<4f424a454354434c415353>A F1<7c2e2e2e5d5d5d>A<546865206e65>142 196.8 Q
-<77>-.25 E F2<54595045>2.5 E F1 2.5<7361>C<72653a>-2.5 E 26.17
-<4e4f524d414c2054686973>117 213 R<617474726962>3.578 E 1.078
-<75746520747970652073706563698c65732074686520617474726962>-.2 F 1.079
-<75746520746f2061646420746f2074686520726573756c747320737472696e672e>-.2
-F 1.079<54686973206973>6.079 F<74686520646566>189 225 Q<61756c742e>-.1 E
-55.06<444e20416e>117 241.2 R 2.822<796d>-.15 G .322
-<61746368657320666f72207468697320617474726962>-2.822 F .322
-<757465206172652065>-.2 F .321<7870656374656420746f206861>-.15 F .621
--.15<766520612076>-.2 H .321
-<616c7565206f6620612066756c6c79207175616c698c6564>-.1 F 1.521
-<64697374696e67756973686564206e616d652e>189 253.2 R F2<73656e646d61696c>
-6.521 E F1 1.521<77696c6c206c6f6f6b7570207468617420444e20616e6420617070
-6c792074686520617474726962>4.021 F<75746573>-.2 E<7265717565737465642074
-6f207468652072657475726e656420444e207265636f72642e>189 265.2 Q<46494c>
-117 281.4 Q 36.53<54455220416e>-.92 F 2.653<796d>-.15 G .153
-<61746368657320666f72207468697320617474726962>-2.653 F .153
-<757465206172652065>-.2 F .153<7870656374656420746f206861>-.15 F .453
--.15<766520612076>-.2 H .153<616c7565206f6620616e204c44>-.1 F .152
-<415020736561726368>-.4 F<8c6c746572>189 293.4 Q<2e>-.55 E F2
-<73656e646d61696c>5.697 E F1 .698<77696c6c20706572666f726d2061206c6f6f6b
-75702077697468207468652073616d6520706172616d657465727320617320746865206f
-726967692d>3.197 F<6e616c207365617263682062>189 305.4 Q<7574207265706c61
-6365732074686520736561726368208c6c746572207769746820746865206f6e65207370
-6563698c656420686572652e>-.2 E 49.5<55524c20416e>117 321.6 R 2.87<796d>
--.15 G .37<61746368657320666f72207468697320617474726962>-2.87 F .37
-<757465206172652065>-.2 F .37<7870656374656420746f206861>-.15 F .67 -.15
-<766520612076>-.2 H .37<616c7565206f6620616e204c44>-.1 F .37
-<41502055524c2e>-.4 F F2<73656e646d61696c>189 333.6 Q F1 1.947<77696c6c
-20706572666f726d2061206c6f6f6b7570206f6620746861742055524c20616e64207573
-652074686520726573756c74732066726f6d20746865>4.446 F<617474726962>189
-345.6 Q .39<75746573206e616d656420696e20746861742055524c2e>-.2 F .389
-<4e6f746520686f>5.389 F<7765>-.25 E -.15<7665>-.25 G 2.889<7274>.15 G
-.389<686174207468652073656172636820697320646f6e65207573696e6720746865>
--2.889 F 2.622<63757272656e74204c44>189 357.6 R 2.622
-<415020636f6e6e656374696f6e2c207265>-.4 F -.05<6761>-.15 G 2.622<72646c
-657373206f6620776861742069732073706563698c65642061732074686520736368656d
-652c>.05 F<4c44>189 369.6 Q<415020686f73742c20616e64204c44>-.4 E
-<415020706f727420696e20746865204c44>-.4 E<41502055524c2e>-.4 E<416e>117
-385.8 Q 2.5<7975>-.15 G<6e747970656420617474726962>-2.5 E
-<757465732061726520636f6e73696465726564>-.2 E/F3 9/Times-Roman@0 SF
-<4e4f524d414c>2.5 E F1<617474726962>2.5 E
-<75746573206173206465736372696265642061626f>-.2 E -.15<7665>-.15 G<2e>
-.15 E .91<546865206f7074696f6e616c>142 402 R F2<4f424a454354434c415353>
-3.41 E F1 .91<287c2073657061726174656429206c69737420636f6e7461696e732074
-6865206f626a656374436c6173732076>3.41 F .91
-<616c75657320666f72207768696368>-.25 F 1.398<7468617420617474726962>117
-414 R 1.398<757465206170706c6965732e>-.2 F 1.399
-<496620746865206c697374206973206769>6.398 F -.15<7665>-.25 G 1.399
-<6e2c2074686520617474726962>.15 F 1.399<757465206e616d65642077696c6c206f
-6e6c79206265207573656420696620746865204c44>-.2 F<4150>-.4 E 1.111<726563
-6f7264206265696e672072657475726e65642069732061206d656d626572206f66207468
-6174206f626a65637420636c6173732e>117 426 R 1.111
-<4e6f74652074686174206966207468657365206e65>6.111 F 3.611<7776>-.25 G
-1.111<616c756520617474726962>-3.861 F<757465>-.2 E F2<54595045>117 438 Q
-F1 2.936<7361>C .436<7265207573656420696e20616e20416c69617346696c65206f
-7074696f6e2073657474696e672c2069742077696c6c206e65656420746f20626520646f
-75626c652071756f74656420746f20707265>-2.936 F -.15<7665>-.25 G<6e74>.15
-E F2<73656e642d>2.937 E<6d61696c>117 450 Q F1
-<66726f6d206d697370617273696e672074686520636f6c6f6e732e>2.5 E .258
-<4e6f74652074686174204c44>142 466.2 R .257
-<415020726563757273696f6e20617474726962>-.4 F .257<75746573207768696368
-20646f206e6f7420756c74696d6174656c7920706f696e7420746f20616e204c44>-.2 F
-.257<4150207265636f726420617265>-.4 F
-<6e6f7420636f6e7369646572656420616e206572726f72>117 478.2 Q<2e>-.55 E F0
-2.5<362e352e312e312e204578616d706c65>117 502.2 R F1 .218<53696e63652065>
-157 518.4 R .218
-<78616d706c657320757375616c6c792068656c7020636c6172696679>-.15 F 2.718
-<2c68>-.65 G .218<65726520697320616e2065>-2.718 F .218<78616d706c652077
-68696368207573657320616c6c20666f7572206f6620746865206e65>-.15 F<77>-.25
-E<74797065733a>132 530.4 Q 2.5<4f4c>172 546.6 S -.4<4441>-2.5 G
-<50446566>.4 E<61756c74537065633d2d68206c6461702e65>-.1 E
-<78616d706c652e636f6d202d622064633d65>-.15 E<78616d706c652c64633d636f6d>
--.15 E -2.15 -.25<4b652078>172 570.6 T<616d706c65206c646170>.25 E
-<2d7a2c>194.5 582.6 Q
-<2d6b202826286f626a656374436c6173733d73656e646d61696c4d54>194.5 594.6 Q
-<41416c6961734f626a656374292873656e646d61696c4d54>-.93 E<414b>-.93 E
--.15<6579>-.25 G<3d25302929>.15 E<2d762073656e646d61696c4d54>194.5 606.6
-Q<41416c69617356>-.93 E<616c75652c6d61696c3a4e4f524d414c3a696e65744f72>
--1.11 E<67506572736f6e2c>-.18 E
-<756e697175654d656d6265723a444e3a67726f75704f66556e697175654e616d65732c>
-202 618.6 Q<73656e646d61696c4d54>202 630.6 Q
-<41416c6961735365617263683a46494c>-.93 E<5445523a73656e646d61696c4d54>
--.92 E<41416c6961734f626a6563742c>-.93 E<73656e646d61696c4d54>202 642.6
-Q<41416c69617355524c3a55524c3a73656e646d61696c4d54>-.93 E
-<41416c6961734f626a656374>-.93 E
-<546861742064658c6e6974696f6e2073706563698c657320746861743a>157 663 Q 5
-<8341>137 679.2 S .952 -.15<6e792076>-5 H .652<616c756520696e2061>-.1 F
-F3<73656e646d61696c4d54>3.152 E<41416c69617356>-.837 E<616c7565>-.999 E
-F1<617474726962>3.152 E .651<7574652077696c6c20626520616464656420746f20
-74686520726573756c7420737472696e67207265>-.2 F -.05<6761>-.15 G<72642d>
-.05 E<6c657373206f66206f626a65637420636c6173732e>145.5 691.2 Q 5<8354>
-137 703.2 S<6865>-5 E F3<6d61696c>2.551 E F1<617474726962>2.551 E .051<
-7574652077696c6c20626520616464656420746f2074686520726573756c742073747269
-6e6720696620746865204c44>-.2 F .052
-<4150207265636f72642069732061206d656d626572206f6620746865>-.4 F F3
-<696e65744f72>145.5 715.2 Q<67506572736f6e>-.162 E F1
-<6f626a65637420636c6173732e>2.5 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-101)190.86 E/F1 10/Times-Roman@0 SF
+(The lookup function is called as)142 96 Q/F2 10/Times-Italic@0 SF(xxx)
+157 112.2 Q F1(_map_lookup\(MAP *map, char b)A(uf[], char **a)-.2 E 1.3
+-.65(v, i)-.2 H(nt *statp\)).65 E(The)117 128.4 Q F2(map)2.772 E F1 .272
+(de\214nes the map internally)2.772 F 5.273(.T)-.65 G(he)-5.273 E F2 -.2
+(bu)2.773 G(f).2 E F1 .273(has the input k)2.773 F -.15(ey)-.1 G 5.273
+(.T)-.5 G .273(his may be \(and often is\) used)-5.273 F(destructi)117
+140.4 Q -.15(ve)-.25 G(ly).15 E 5.152(.T)-.65 G(he)-5.152 E F2(av)2.652
+E F1 .151(is a list of ar)2.652 F .151(guments passed in from the re)
+-.18 F .151(write line.)-.25 F .151(The lookup function)5.151 F .322
+(should return a pointer to the ne)117 152.4 R 2.822(wv)-.25 G 2.822
+(alue. If)-3.072 F .322(the map lookup f)2.822 F(ails,)-.1 E F2(*statp)
+2.822 E F1 .322(should be set to an e)2.822 F(xit)-.15 E .302
+(status code; in particular)117 164.4 R 2.802(,i)-.4 G 2.802(ts)-2.802 G
+.302(hould be set to)-2.802 F/F3 9/Times-Roman@0 SF(EX_TEMPF)2.802 E
+(AIL)-.666 E F1 .302(if reco)2.802 F -.15(ve)-.15 G .301
+(ry is to be attempted by the).15 F(higher le)117 176.4 Q -.15(ve)-.25 G
+2.5(lc).15 G(ode.)-2.5 E F0 2.5(6.3.4. Queueing)102 200.4 R(Function)2.5
+E F1 .782(The routine)142 216.6 R F2(shouldqueue)3.282 E F1 .783
+(is called to decide if a message should be queued or processed)3.283 F
+(immediately)117 228.6 Q 6.619(.T)-.65 G 1.618
+(ypically this compares the message priority to the current load a)
+-7.419 F -.15(ve)-.2 G 4.118(rage. The).15 F(def)117 240.6 Q
+(ault de\214nition is:)-.1 E(bool)157 256.8 Q(shouldqueue\(pri, ctime\))
+157 268.8 Q(long pri;)175 280.8 Q(time_t ctime;)175 292.8 Q({)157 304.8
+Q(if \(CurrentLA < QueueLA\))175 316.8 Q(return f)193 328.8 Q(alse;)-.1
+E(return \(pri > \(QueueF)175 340.8 Q
+(actor / \(CurrentLA \255 QueueLA + 1\)\)\);)-.15 E(})157 352.8 Q 2.062
+(If the current load a)117 369 R -.15(ve)-.2 G 2.062(rage \(global v).15
+F(ariable)-.25 E F2(Curr)4.562 E(entLA)-.37 E F1 4.562(,w)C 2.062
+(hich is set before this function is)-4.562 F 1.058
+(called\) is less than the lo)117 381 R 3.558(wt)-.25 G 1.058
+(hreshold load a)-3.558 F -.15(ve)-.2 G 1.058(rage \(option).15 F F0(x)
+3.557 E F1 3.557(,v)C(ariable)-3.807 E F2(QueueLA)3.557 E F1(\),)A F2
+(shouldqueue)3.557 E F1(returns)117 393 Q F3 -.09(fa)3.248 G(lse).09 E
+F1 .748(immediately \(that is, it should)3.248 F F2(not)3.248 E F1 3.249
+(queue\). If)3.249 F .749(the current load a)3.249 F -.15(ve)-.2 G .749
+(rage e).15 F .749(xceeds the)-.15 F 1.419(high threshold load a)117 405
+R -.15(ve)-.2 G 1.419(rage \(option).15 F F0(X)3.919 E F1 3.919(,v)C
+(ariable)-4.169 E F2(RefuseLA)3.919 E F1(\),)A F2(shouldqueue)3.918 E F1
+(returns)3.918 E F3(true)3.918 E F1(immedi-)3.918 E(ately)117 417 Q
+7.125(.O)-.65 G 2.125
+(therwise, it computes the function based on the message priority)-7.125
+F 4.626(,t)-.65 G 2.126(he queue f)-4.626 F(actor)-.1 E(\(option)117 429
+Q F0(q)2.5 E F1 2.5(,g)C(lobal v)-2.5 E(ariable)-.25 E F2(QueueF)2.5 E
+(actor)-.75 E F1(\), and the current and threshold load a)A -.15(ve)-.2
+G(rages.).15 E 1.067(An implementation wishing to tak)142 445.2 R 3.567
+(et)-.1 G 1.066(he actual age of the message into account can also)
+-3.567 F 1.41(use the)117 457.2 R F2(ctime)3.91 E F1(parameter)3.91 E
+3.91(,w)-.4 G 1.41(hich is the time that the message w)-3.91 F 1.41
+(as \214rst submitted to)-.1 F F2(sendmail)3.91 E F1(.)A .929
+(Note that the)117 469.2 R F2(pri)3.428 E F1 .928(parameter is already \
+weighted by the number of times the message has been)3.428 F .395
+(tried \(although this tends to lo)117 481.2 R .395
+(wer the priority of the message with time\); the e)-.25 F .395
+(xpectation is that)-.15 F(the)117 493.2 Q F2(ctime)2.674 E F1 -.1(wo)
+2.674 G .174
+(uld be used as an \231escape clause\232 to ensure that messages are e)
+.1 F -.15(ve)-.25 G .174(ntually processed.).15 F F0 2.5
+(6.3.5. Refusing)102 517.2 R(Incoming SMTP Connections)2.5 E F1 2.062
+(The function)142 533.4 R F2 -.37(re)4.562 G(fuseconnections).37 E F1
+(returns)4.562 E F3(true)4.562 E F1 2.063
+(if incoming SMTP connections should be)4.562 F 3.564(refused. The)117
+545.4 R 1.063(current implementation is based e)3.563 F(xclusi)-.15 E
+-.15(ve)-.25 G 1.063(ly on the current load a).15 F -.15(ve)-.2 G 1.063
+(rage and the).15 F(refuse load a)117 557.4 Q -.15(ve)-.2 G
+(rage option \(option).15 E F0(X)2.5 E F1 2.5(,g)C(lobal v)-2.5 E
+(ariable)-.25 E F2(RefuseLA)2.5 E F1(\):)A(bool)157 573.6 Q
+(refuseconnections\(\))157 585.6 Q({)157 597.6 Q
+(return \(RefuseLA > 0 && CurrentLA >= RefuseLA\);)175 609.6 Q(})157
+621.6 Q 2.5(Am)117 637.8 S(ore cle)-2.5 E -.15(ve)-.25 G 2.5(ri).15 G
+(mplementation could look at more system resources.)-2.5 E F0 2.5
+(6.3.6. Load)102 661.8 R -.6 -1(Av e)2.5 H(rage Computation)1 E F1 .243
+(The routine)142 678 R F2 -.1(ge)2.743 G(tla).1 E F1 .243
+(returns the current load a)2.743 F -.15(ve)-.2 G .243
+(rage \(as a rounded inte).15 F 2.743(ger\). The)-.15 F(distrib)2.744 E
+(ution)-.2 E 1.157(includes se)117 690 R -.15(ve)-.25 G 1.157
+(ral possible implementations.).15 F 1.157(If you are porting to a ne)
+6.157 F 3.657(we)-.25 G -.4(nv)-3.657 G 1.157(ironment you may).4 F 0 Cg
+EP
%%Page: 102 98
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 188.36<534d4d3a30382d3130322053656e646d61696c>72
-60 R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>
-2.5 E/F1 10/Times-Roman@0 SF 5<8354>137 96 S<6865>-5 E/F2 9
-/Times-Roman@0 SF<756e697175654d656d626572>4.597 E F1<617474726962>4.597
-E 2.097<75746520697320612072656375727369>-.2 F 2.397 -.15<76652061>-.25
-H<7474726962>.15 E 2.097<7574652c2075736564206f6e6c7920696e>-.2 F F2
-<67726f75704f66556e697175654e616d6573>4.596 E F1 .549
-<7265636f7264732c20616e642073686f756c6420636f6e7461696e20616e204c44>
-145.5 108 R .549
-<415020444e20706f696e74696e6720746f20616e6f74686572204c44>-.4 F .55
-<4150207265636f72642e>-.4 F .55<54686520646573697265>5.55 F
-<6865726520697320746f2072657475726e20746865>145.5 120 Q F2<6d61696c>2.5
-E F1<617474726962>2.5 E<7574652066726f6d2074686f736520444e732e>-.2 E 5
-<8354>137 132 S<6865>-5 E F2<73656e646d61696c4d54>4.374 E
-<41416c696173536561726368>-.837 E F1<617474726962>4.374 E 1.874
-<75746520616e64>-.2 F F2<73656e646d61696c4d54>4.374 E
-<41416c69617355524c>-.837 E F1 1.873
-<61726520626f74682075736564206f6e6c79206966>4.374 F 2.083
-<7265666572656e63656420696e2061>145.5 144 R F2<73656e646d61696c4d54>
-4.584 E<41416c6961734f626a656374>-.837 E F1 7.084<2e54>C<6865>-7.084 E
-4.584<7961>-.15 G 2.084<726520626f74682072656375727369>-4.584 F -.15
-<7665>-.25 G 4.584<2c74>.15 G 2.084<6865208c72737420666f722061206e65>
--4.584 F<77>-.25 E<4c44>145.5 156 Q<41502073656172636820737472696e672061
-6e6420746865206c617474657220666f7220616e204c44>-.4 E<41502055524c2e>-.4
-E F0 2.5<362e362e205354>87 180 R<4152>-.9 E<54544c53>-.4 E F1 .47
-<496e20746869732073656374696f6e20776520617373756d652074686174>127 196.2
-R/F3 10/Times-Italic@0 SF<73656e646d61696c>2.97 E F1 .47<68617320626565
-6e20636f6d70696c6564207769746820737570706f727420666f72205354>2.97 F
-<4152>-.93 E 2.97<54544c532e2054>-.6 F<6f>-.8 E .608
-<70726f7065726c7920756e6465727374616e642074686520757365206f66205354>102
-208.2 R<4152>-.93 E .609<54544c5320696e>-.6 F F3<73656e646d61696c>3.109
-E F1 3.109<2c69>C 3.109<7469>-3.109 G 3.109<736e>-3.109 G .609<65636573
-7361727920746f20756e6465727374616e64206174206c6561737420736f6d65>-3.109
-F 1.856<6261736963732061626f757420582e3530392063657274698c63617465732061
-6e64207075626c6963206b>102 220.2 R 2.155 -.15<65792063>-.1 H
-<727970746f6772617068>.15 E 5.655 -.65<792e2054>-.05 H 1.855
-<68697320696e666f726d6174696f6e2063616e20626520666f756e6420696e>.65 F<62
-6f6f6b732061626f75742053534c2f544c53206f72206f6e205757572073697465732c20
-652e672e2c2099687474703a2f2f777777>102 232.2 Q<2e4f70656e53534c2e6f72>
--.65 E<672f9a2e>-.18 E F0 2.5<362e362e312e2043657274698c6361746573>102
-256.2 R -.25<666f>2.5 G 2.5<7253>.25 G -.9<5441>-2.5 G -.4<5254>.9 G
-<544c53>.4 E F1 .437<5768656e20616374696e6720617320612073657276>142
-272.4 R<6572>-.15 E<2c>-.4 E F3<73656e646d61696c>2.937 E F1 .438<726571
-756972657320582e3530392063657274698c636174657320746f20737570706f72742053
-54>2.937 F<4152>-.93 E .438<54544c533a206f6e65>-.6 F 1.45
-<61732063657274698c6361746520666f72207468652073657276>117 284.4 R 1.45
-<6572202853657276>-.15 F 1.45
-<65724365727446696c6520616e6420636f72726573706f6e64696e6720707269>-.15 F
--.25<7661>-.25 G 1.45<74652053657276>.25 F<65724b>-.15 E -.15<6579>-.25
-G 1.45<46696c6529206174206c65617374>.15 F .244
-<6f6e6520726f6f7420434120284341>117 296.4 R .245<4365727446696c65292c20
-692e652e2c20612063657274698c636174652074686174206973207573656420746f2073
-69676e206f746865722063657274698c63617465732c20616e642061207061746820746f
-2061>-.4 F .766<6469726563746f727920776869636820636f6e7461696e7320287a65
-726f206f72206d6f726529206f746865722043417320284341>117 308.4 R
-<4365727450>-.4 E 3.266<617468292e20546865>-.15 F .766
-<8c6c652073706563698c656420766961204341>3.266 F<432d>-.4 E 1.554
-<65727446696c652063616e20636f6e7461696e207365>117 320.4 R -.15<7665>-.25
-G 1.554<72616c2063657274698c6361746573206f66204341732e>.15 F 1.555<5468
-6520444e73206f662074686573652063657274698c6361746573206172652073656e7420
-746f20746865>6.555 F .034
-<636c69656e7420647572696e672074686520544c532068616e647368616b>117 332.4
-R 2.534<6528>-.1 G .033<61732070617274206f66207468652043657274698c636174
-65526571756573742920617320746865206c697374206f662061636365707461626c6520
-4341732e>-2.534 F<486f>117 344.4 Q<7765>-.25 E -.15<7665>-.25 G .8 -.4
-<722c2064>.15 H 2.5<6f6e>.4 G<6f74206c69737420746f6f206d616e>-2.5 E 2.5
-<7972>-.15 G<6f6f742043417320696e2074686174208c6c652c206f74686572776973
-652074686520544c532068616e647368616b>-2.5 E 2.5<656d>-.1 G<61792066>-2.5
-E<61696c3b20652e672e2c>-.1 E<6572726f723a31343039343431373a53534c20726f
-7574696e65733a53534c335f524541445f42595445533a>157 360.6 Q
-<73736c763320616c65727420696c6c65>157 372.6 Q -.05<6761>-.15 G 2.5<6c70>
-.05 G<6172616d657465723a73335f706b742e633a3936343a53534c20616c657274206e
-756d626572203437>-2.5 E -1.1<596f>117 388.8 S 3.073<7573>1.1 G .574<686f
-756c642070726f6261626c7920707574206f6e6c7920746865204341206365727420696e
-746f2074686174208c6c652074686174207369676e656420796f7572206f>-3.073 F
-.574<776e20636572742873292c206f72206174206c65617374>-.25 F .543
-<6f6e6c792074686f736520796f752074727573742e>117 400.8 R .543
-<546865204341>5.543 F<4365727450>-.4 E .543<617468206469726563746f727920
-6d75737420636f6e7461696e2074686520686173686573206f6620656163682043412063
-657274698c63617465>-.15 F 1.584
-<6173208c6c656e616d657320286f72206173206c696e6b7320746f207468656d292e>
-117 412.8 R 1.585<53796d626f6c6963206c696e6b732063616e2062652067656e6572
-6174656420776974682074686520666f6c6c6f>6.585 F 1.585<77696e67207477>-.25
-F<6f>-.1 E<28426f75726e6529207368656c6c20636f6d6d616e64733a>117 424.8 Q
-<433d46696c654e616d655f6f665f43415f43657274698c63617465>157 441 Q<6c6e20
-2d7320244320606f70656e73736c2078353039202d6e6f6f7574202d68617368203c2024
-43602e30>157 453 Q 2.67<4162>117 469.2 S .17<65747465722077>-2.67 F .17
-<617920746f20646f207468697320697320746f2075736520746865>-.1 F F0<635f72>
-2.669 E<6568617368>-.18 E F1 .169<636f6d6d616e64207468617420697320706172
-74206f6620746865204f70656e53534c2064697374726962>2.669 F<7574696f6e>-.2
-E .801<626563617573652069742068616e646c6573207375626a656374206861736820
-636f6c6c6973696f6e7320627920696e6372656d656e74696e6720746865206e756d6265
-7220696e2074686520737566>117 481.2 R .801<8c78206f6620746865208c6c652d>
--.25 F 1.133
-<6e616d65206f66207468652073796d626f6c6963206c696e6b2c20652e672e2c>117
-493.2 R F0<2e30>3.632 E F1<746f>3.632 E F0<2e31>3.632 E F1 3.632<2c61>C
-1.132<6e6420736f206f6e2e>-3.632 F 1.132<416e20582e3530392063657274698c63
-61746520697320616c736f20726571756972656420666f72>6.132 F 1.527<61757468
-656e7469636174696f6e20696e20636c69656e74206d6f64652028436c69656e74436572
-7446696c6520616e6420636f72726573706f6e64696e6720707269>117 505.2 R -.25
-<7661>-.25 G 1.527<746520436c69656e744b>.25 F -.15<6579>-.25 G 1.527
-<46696c65292c20686f>.15 F<772d>-.25 E -2.15 -.25<65762065>117 517.2 T
--.4<722c>.25 G F3<73656e646d61696c>3.222 E F1 .322<77696c6c20616c>2.822
-F -.1<7761>-.1 G .322<797320757365205354>.1 F<4152>-.93 E .321
-<54544c53207768656e206f66>-.6 F .321<666572656420627920612073657276>-.25
-F<6572>-.15 E 5.321<2e54>-.55 G .321
-<686520636c69656e7420616e642073657276>-5.321 F .321<657220636572>-.15 F
-<2d>-.2 E .03<74698c63617465732063616e206265206964656e746963616c2e>117
-529.2 R .03<43657274698c63617465732063616e206265206f627461696e6564206672
-6f6d20612063657274698c6361746520617574686f72697479206f722063726561746564
-2077697468>5.03 F .869<7468652068656c70206f66204f70656e53534c2e>117
-541.2 R .869<54686520726571756972656420666f726d617420666f72206365727469
-8c636174657320616e6420707269>5.869 F -.25<7661>-.25 G .868<7465206b>.25
-F -.15<6579>-.1 G 3.368<7369>.15 G 3.368<7350>-3.368 G 3.368<454d2e2054>
--3.368 F 3.368<6f61>-.8 G<6c6c6f>-3.368 E<77>-.25 E 1.123<666f7220617574
-6f6d617469632073746172747570206f662073656e646d61696c2c20707269>117 553.2
-R -.25<7661>-.25 G 1.124<7465206b>.25 F -.15<6579>-.1 G 3.624<7328>.15 G
-<53657276>-3.624 E<65724b>-.15 E -.15<6579>-.25 G 1.124
-<46696c652c20436c69656e744b>.15 F -.15<6579>-.25 G 1.124
-<46696c6529206d7573742062652073746f726564>.15 F 3.04
-<756e656e637279707465642e20546865>117 565.2 R -.1<6b65>3.04 G .54<797320
-617265206f6e6c792070726f74656374656420627920746865207065726d697373696f6e
-73206f6620746865208c6c652073797374656d2e>-.05 F<4e65>5.54 E -.15<7665>
--.25 G 3.04<726d>.15 G<616b>-3.04 E 3.04<6561>-.1 G<707269>117 577.2 Q
--.25<7661>-.25 G<7465206b>.25 E .3 -.15<65792061>-.1 H -.25<7661>-.05 G
-<696c61626c6520746f2061207468697264207061727479>.25 E<2e>-.65 E .953
-<546865206f7074696f6e73>142 593.4 R F3<436c69656e744365727446>3.453 E
-<696c65>-.45 E F1<2c>A F3<436c69656e744b>3.453 E -.3<6579>-.35 G -.45
-<4669>.3 G<6c65>.45 E F1<2c>A F3<5365727665724365727446>3.453 E<696c65>
--.45 E F1 3.453<2c61>C<6e64>-3.453 E F3<5365727665724b>3.453 E -.3<6579>
--.35 G -.45<4669>.3 G<6c65>.45 E F1 .954<63616e2074616b>3.454 F 3.454
-<6561>-.1 G .946<7365636f6e64208c6c65206e616d652c207768696368206d757374
-206265207365706172617465642066726f6d20746865208c727374207769746820612063
-6f6d6d6120286e6f74653a20646f206e6f742075736520616e>117 605.4 R<79>-.15 E
-.657<7370616365732920746f207365742075702061207365636f6e6420636572742f6b>
-117 617.4 R .957 -.15<65792070>-.1 H<616972>.15 E 5.657<2e54>-.55 G .657
-<6869732063616e206265207573656420746f206861>-5.657 F .957 -.15<76652063>
--.2 H .658<65727473206f6620646966>.15 F .658
-<666572656e742074797065732c20652e672e2c>-.25 F<52534120616e64204453412e>
-117 629.4 Q F0 2.5<362e362e322e2050524e47>102 653.4 R -.25<666f>2.5 G
-2.5<7253>.25 G -.9<5441>-2.5 G -.4<5254>.9 G<544c53>.4 E F1<5354>142
-669.6 Q<4152>-.93 E .504<54544c532072657175697265732061207374726f6e6720
-70736575646f2072616e646f6d206e756d6265722067656e657261746f72202850524e47
-2920746f206f7065726174652070726f702d>-.6 F<65726c79>117 681.6 Q 5.055
-<2e44>-.65 G .056<6570656e64696e67206f6e2074686520544c53206c696272617279
-20796f75207573652c206974206d617920626520726571756972656420746f2065>
--5.055 F .056
-<78706c696369746c7920696e697469616c697a65207468652050524e47>-.15 F 1.155
-<776974682072616e646f6d20646174612e>117 693.6 R 1.154
-<4f70656e53534c206d616b>6.154 F 1.154<657320757365206f66>-.1 F F0
-<2f6465>3.654 E<762f7572616e646f6d283429>-.15 E F1 1.154<69662061>3.654
-F -.25<7661>-.2 G 1.154
-<696c61626c6520287468697320636f72726573706f6e647320746f>.25 F 1.442
-<74686520636f6d70696c65208d6167204841535552414e444f4d444556292e>117
-705.6 R 1.443<4f6e2073797374656d73207768696368206c61636b2074686973207375
-70706f72742c20612072616e646f6d208c6c65>6.442 F .224
-<6d7573742062652073706563698c656420696e20746865>117 717.6 R F3
-<73656e646d61696c2e6366>2.723 E F1 .223
-<8c6c65207573696e6720746865206f7074696f6e2052616e6446696c652e>2.723 F
-.223<4974206973>5.223 F F0<737472>2.723 E<6f6e676c79>-.18 E F1 .223
-<6164766973656420746f20757365>2.723 F 0 Cg EP
+/F0 10/Times-Bold@0 SF 188.36(SMM:08-102 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(need to add some ne)117 98 Q 2.5(wt)-.25 G(weaks.)-2.5 E/F2 7
+/Times-Roman@0 SF(25)-4 I F0 2.5(6.4. Con\214guration)87 122 R
+(in sendmail/daemon.c)2.5 E F1 .127(The \214le)127 138.2 R/F3 10
+/Times-Italic@0 SF(sendmail/daemon.c)2.627 E F1 .128
+(contains a number of routines that are dependent on the local net-)
+2.628 F -.1(wo)102 150.2 S(rking en).1 E 2.5(vironment. The)-.4 F -.15
+(ve)2.5 G(rsion supplied assumes you ha).15 E .3 -.15(ve B)-.2 H
+(SD style sock).15 E(ets.)-.1 E 2.16(In pre)127 166.4 R 2.16
+(vious releases, we recommended that you modify the routine)-.25 F F3
+(maphostname)4.66 E F1 2.16(if you)4.66 F -.1(wa)102 178.4 S 1.918
+(nted to generalize).1 F F0($[)4.418 E F1(...)4.418 E F0($])4.418 E F1
+4.418(lookups. W)4.418 F 4.418(en)-.8 G 2.418 -.25(ow r)-4.418 H 1.918
+(ecommend that you create a ne).25 F 4.419(wk)-.25 G -.15(ey)-4.519 G
+1.919(ed map).15 F(instead.)102 190.4 Q F0 2.5(6.5. LD)87 214.4 R(AP)
+-.35 E F1(In this section we assume that)127 230.6 Q F3(sendmail)2.5 E
+F1(has been compiled with support for LD)2.5 E(AP)-.4 E(.)-1.11 E F0 2.5
+(6.5.1. LD)102 254.6 R(AP Recursion)-.35 E F1(LD)142 270.8 Q .35
+(AP Recursion allo)-.4 F .349(ws you to add types to the search attrib)
+-.25 F .349(utes on an LD)-.2 F .349(AP map speci-)-.4 F 2.5
+(\214cation. The)117 282.8 R(syntax is:)2.5 E<ad76>117 299 Q F3 -.37(AT)
+2.5 G(TRIB).37 E(UTE)-.1 E F1([:)A F3(TYPE)A F1([:)A F3(OBJECTCLASS)A F1
+([|)A F3(OBJECTCLASS)A F1(|...]]])A(The ne)142 315.2 Q(w)-.25 E F3(TYPE)
+2.5 E F1 2.5(sa)C(re:)-2.5 E 26.17(NORMAL This)117 331.4 R(attrib)3.578
+E 1.078(ute type speci\214es the attrib)-.2 F 1.079
+(ute to add to the results string.)-.2 F 1.079(This is)6.079 F(the def)
+189 343.4 Q(ault.)-.1 E 55.06(DN An)117 359.6 R 2.822(ym)-.15 G .322
+(atches for this attrib)-2.822 F .322(ute are e)-.2 F .321
+(xpected to ha)-.15 F .621 -.15(ve a v)-.2 H .321
+(alue of a fully quali\214ed)-.1 F 1.521(distinguished name.)189 371.6 R
+F3(sendmail)6.521 E F1 1.521(will lookup that DN and apply the attrib)
+4.021 F(utes)-.2 E(requested to the returned DN record.)189 383.6 Q(FIL)
+117 399.8 Q 36.53(TER An)-.92 F 2.653(ym)-.15 G .153
+(atches for this attrib)-2.653 F .153(ute are e)-.2 F .153
+(xpected to ha)-.15 F .453 -.15(ve a v)-.2 H .153(alue of an LD)-.1 F
+.152(AP search)-.4 F(\214lter)189 411.8 Q(.)-.55 E F3(sendmail)5.697 E
+F1 .698(will perform a lookup with the same parameters as the origi-)
+3.197 F(nal search b)189 423.8 Q
+(ut replaces the search \214lter with the one speci\214ed here.)-.2 E
+49.5(URL An)117 440 R 2.87(ym)-.15 G .37(atches for this attrib)-2.87 F
+.37(ute are e)-.2 F .37(xpected to ha)-.15 F .67 -.15(ve a v)-.2 H .37
+(alue of an LD)-.1 F .37(AP URL.)-.4 F F3(sendmail)189 452 Q F1 1.947
+(will perform a lookup of that URL and use the results from the)4.446 F
+(attrib)189 464 Q .39(utes named in that URL.)-.2 F .389(Note ho)5.389 F
+(we)-.25 E -.15(ve)-.25 G 2.889(rt).15 G .389
+(hat the search is done using the)-2.889 F 2.622(current LD)189 476 R
+2.622(AP connection, re)-.4 F -.05(ga)-.15 G 2.622
+(rdless of what is speci\214ed as the scheme,).05 F(LD)189 488 Q
+(AP host, and LD)-.4 E(AP port in the LD)-.4 E(AP URL.)-.4 E(An)117
+504.2 Q 2.5(yu)-.15 G(ntyped attrib)-2.5 E(utes are considered)-.2 E/F4
+9/Times-Roman@0 SF(NORMAL)2.5 E F1(attrib)2.5 E(utes as described abo)
+-.2 E -.15(ve)-.15 G(.).15 E .91(The optional)142 520.4 R F3
+(OBJECTCLASS)3.41 E F1 .91
+(\(| separated\) list contains the objectClass v)3.41 F .91
+(alues for which)-.25 F 1.398(that attrib)117 532.4 R 1.398
+(ute applies.)-.2 F 1.399(If the list is gi)6.398 F -.15(ve)-.25 G 1.399
+(n, the attrib).15 F 1.399(ute named will only be used if the LD)-.2 F
+(AP)-.4 E 1.111(record being returned is a member of that object class.)
+117 544.4 R 1.111(Note that if these ne)6.111 F 3.611(wv)-.25 G 1.111
+(alue attrib)-3.861 F(ute)-.2 E F3(TYPE)117 556.4 Q F1 2.936(sa)C .436(\
+re used in an AliasFile option setting, it will need to be double quote\
+d to pre)-2.936 F -.15(ve)-.25 G(nt).15 E F3(send-)2.937 E(mail)117
+568.4 Q F1(from misparsing the colons.)2.5 E .258(Note that LD)142 584.6
+R .257(AP recursion attrib)-.4 F .257
+(utes which do not ultimately point to an LD)-.2 F .257(AP record are)
+-.4 F(not considered an error)117 596.6 Q(.)-.55 E F0 2.5
+(6.5.1.1. Example)117 620.6 R F1 .218(Since e)157 636.8 R .218
+(xamples usually help clarify)-.15 F 2.718(,h)-.65 G .218(ere is an e)
+-2.718 F .218(xample which uses all four of the ne)-.15 F(w)-.25 E
+(types:)132 648.8 Q .32 LW 76 688.4 72 688.4 DL 80 688.4 76 688.4 DL 84
+688.4 80 688.4 DL 88 688.4 84 688.4 DL 92 688.4 88 688.4 DL 96 688.4 92
+688.4 DL 100 688.4 96 688.4 DL 104 688.4 100 688.4 DL 108 688.4 104
+688.4 DL 112 688.4 108 688.4 DL 116 688.4 112 688.4 DL 120 688.4 116
+688.4 DL 124 688.4 120 688.4 DL 128 688.4 124 688.4 DL 132 688.4 128
+688.4 DL 136 688.4 132 688.4 DL 140 688.4 136 688.4 DL 144 688.4 140
+688.4 DL 148 688.4 144 688.4 DL 152 688.4 148 688.4 DL 156 688.4 152
+688.4 DL 160 688.4 156 688.4 DL 164 688.4 160 688.4 DL 168 688.4 164
+688.4 DL 172 688.4 168 688.4 DL 176 688.4 172 688.4 DL 180 688.4 176
+688.4 DL 184 688.4 180 688.4 DL 188 688.4 184 688.4 DL 192 688.4 188
+688.4 DL 196 688.4 192 688.4 DL 200 688.4 196 688.4 DL 204 688.4 200
+688.4 DL 208 688.4 204 688.4 DL 212 688.4 208 688.4 DL 216 688.4 212
+688.4 DL/F5 5/Times-Roman@0 SF(25)93.6 698.8 Q/F6 8/Times-Roman@0 SF
+(If you do, please send updates to sendmail@Sendmail.ORG.)3.2 I 0 Cg EP
%%Page: 103 99
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d313033>190.86 E
-/F1 10/Times-Roman@0 SF .872<7468652022456e74726f70>117 96 R 3.372<7947>
--.1 G .872
-<6174686572696e67204461656d6f6e22204547442066726f6d20427269616e2057>
--3.372 F .873
-<61726e6572206f6e2074686f73652073797374656d7320746f2070726f>-.8 F .873
-<766964652075736566756c>-.15 F 1.414<72616e646f6d20646174612e>117 108 R
-1.414<496e207468697320636173652c>6.414 F/F2 10/Times-Italic@0 SF
-<73656e646d61696c>3.914 E F1 1.413<6d75737420626520636f6d70696c65642077
-69746820746865208d6167204547442c20616e64207468652052616e6446696c65>3.913
-F .731
-<6f7074696f6e206d75737420706f696e7420746f207468652045474420736f636b>117
-120 R 3.231<65742e204966>-.1 F<6e656974686572>3.231 E F0<2f6465>3.232 E
-<762f7572616e646f6d283429>-.15 E F1 .732<6e6f7220454744206172652061>
-3.232 F -.25<7661>-.2 G .732<696c61626c652c20796f75>.25 F<6861>117 132 Q
-.474 -.15<76652074>-.2 H 2.674<6f6d>.15 G<616b>-2.674 E 2.674<6573>-.1 G
-.174<75726520746861742075736566756c2072616e646f6d20646174612069732061>
--2.674 F -.25<7661>-.2 G .174
-<696c61626c6520616c6c207468652074696d6520696e2052616e6446696c652e>.25 F
-.173<496620746865208c6c65206861736e27>5.174 F<74>-.18 E .39<6265656e206d
-6f64698c656420696e20746865206c617374203130206d696e75746573206265666f7265
-20697420697320737570706f73656420746f2062652075736564206279>117 144 R F2
-<73656e646d61696c>2.89 E F1 .39<74686520636f6e74656e74206973>2.89 F
-<636f6e73696465726564206f62736f6c6574652e>117 156 Q<4f6e65206d6574686f64
-20666f722067656e65726174696e672074686973208c6c652069733a>5 E<6f70656e73
-736c2072616e64202d6f7574202f6574632f6d61696c2f72616e648c6c65202d72616e64>
-157 172.2 Q F2<2f706174682f746f2f8c6c653a2e2e2e>2.5 E F1<323536>A .321<
-53656520746865204f70656e53534c20646f63756d656e746174696f6e20666f72206d6f
-726520696e666f726d6174696f6e2e>117 188.4 R .32<496e20746869732063617365
-2c207468652050524e4720666f7220544c53206973206f6e6c79>5.321 F .956<736565
-6465642077697468206f746865722072616e646f6d206461746120696620746865>117
-200.4 R F0<446f6e74426c616d6553656e646d61696c>3.456 E F1<6f7074696f6e>
-3.457 E F0<496e7375668c6369656e74456e7472>3.457 E<6f7079>-.18 E F1 .957
-<6973207365742e>3.457 F<54686973206973206d6f7374206c696b>117 212.4 Q
-<656c79206e6f7420737566>-.1 E<8c6369656e7420666f72206365727461696e206163
-74696f6e732c20652e672e2c2067656e65726174696f6e206f66202874656d706f726172
-7929206b>-.25 E -.15<6579>-.1 G<732e>.15 E .051<506c65617365207365652074
-6865204f70656e53534c20646f63756d656e746174696f6e206f72206f7468657220736f
-757263657320666f72206675727468657220696e666f726d6174696f6e2061626f757420
-636572>142 228.6 R<2d>-.2 E 1.064<74698c63617465732c20746865697220637265
-6174696f6e20616e642074686569722075736167652c2074686520696d706f7274616e63
-65206f66206120676f6f642050524e472c20616e64206f74686572206173706563747320
-6f66>117 240.6 R<544c532e>117 252.6 Q F0 2.5<362e372e20456e636f64696e67>
-87 276.6 R<6f66205354>2.5 E<4152>-.9 E<54544c5320616e642041>-.4 E
-<5554482072>-.5 E<656c61746564204d616372>-.18 E<6f73>-.18 E F1 .693
-<4d6163726f73207468617420636f6e7461696e205354>127 292.8 R<4152>-.93 E
-.693<54544c5320616e642041>-.6 F .692<5554482072656c61746564206461746120
-776869636820636f6d65732066726f6d206f75747369646520736f75726365732c>-.55
-F .809<652e672e2c20616c6c206d6163726f7320636f6e7461696e696e6720696e666f
-726d6174696f6e2066726f6d2063657274698c63617465732c2061726520656e636f6465
-6420746f2061>102 304.8 R -.2<766f>-.2 G .81
-<69642070726f626c656d732077697468206e6f6e2d>.2 F .193
-<7072696e7461626c65206f72207370656369616c20636861726163746572732e>102
-316.8 R .193<546865206c61747465722061726520275c272c20273c272c20273e272c
-202728272c202729272c202722272c20272b272c20616e64202720272e>5.193 F .192
-<416c6c206f662074686573652063686172>5.192 F<2d>-.2 E
-<61637465727320617265207265706c616365642062792074686569722076>102 328.8
-Q<616c756520696e206865>-.25 E
-<7861646563696d616c20776974682061206c656164696e6720272b272e>-.15 E -.15
-<466f>5 G 2.5<7265>.15 G<78616d706c653a>-2.65 E
-<2f433d55532f53543d43616c69666f726e69612f4f3d656e646d61696c2e6f72>142
-345 Q<672f4f553d707269>-.18 E -.25<7661>-.25 G
-<74652f434e3d4461727468204d61696c202843657274292f>.25 E
-<456d61696c3d64617274682b6365727440656e646d61696c2e6f72>142 357 Q<67>
--.18 E<697320656e636f6465642061733a>102 373.2 Q
-<2f433d55532f53543d43616c69666f726e69612f4f3d656e646d61696c2e6f72>142
-389.4 Q<672f4f553d707269>-.18 E -.25<7661>-.25 G<74652f>.25 E<434e3d4461
-7274682b32304d61696c2b32302b3238436572742b32392f456d61696c3d64617274682b
-32426365727440656e646d61696c2e6f72>142 401.4 Q<67>-.18 E .515
-<286c696e6520627265616b73206861>102 417.6 R .815 -.15<76652062>-.2 H
-.515<65656e20696e73657274656420666f7220726561646162696c697479292e>.15 F
-.516<546865206d6163726f7320776869636820617265207375626a65637420746f2074
-68697320656e636f64696e6720617265>5.515 F 6.828<7b636572745f7375626a6563
-747d2c207b636572745f6973737565727d2c207b636e5f7375626a6563747d2c207b636e
-5f6973737565727d2c2061732077656c6c206173207b617574685f61757468656e7d2061
-6e64>102 429.6 R<7b617574685f617574686f727d2e>102 441.6 Q F0 2.5
-<372e2041>72 465.6 R<434b4e4f>-.55 E<574c454447454d454e5453>-.5 E F1
-<4927>112 481.8 Q 2.036 -.15<76652077>-.5 H<6f726b>.05 E 1.737
-<6564206f6e>-.1 F F2<73656e646d61696c>4.237 E F1 1.737<666f72206d616e>
-4.237 F 4.237<7979>-.15 G 1.737<656172732c20616e64206d616e>-4.237 F
-4.237<7965>-.15 G<6d706c6f>-4.237 E 1.737<79657273206861>-.1 F 2.037
--.15<76652062>-.2 H 1.737<65656e2072656d61726b61626c792070617469656e74>
-.15 F .404<61626f7574206c657474696e67206d652077>87 493.8 R .404
-<6f726b206f6e2061206c6172>-.1 F .404<67652070726f6a65637420746861742077>
--.18 F .403<6173206e6f742070617274206f66206d79206f66>-.1 F .403
-<8c6369616c206a6f62>-.25 F 5.403<2e54>-.4 G .403
-<68697320696e636c756465732074696d65206f6e20746865>-5.403 F .281
-<494e475245532050726f6a6563742061742074686520556e69>87 505.8 R -.15
-<7665>-.25 G .282
-<7273697479206f662043616c69666f726e6961206174204265726b>.15 F<656c65>-.1
-E 1.582 -.65<792c2061>-.15 H 2.782<7442>.65 G .282
-<726974746f6e204c65652c20616e64206167>-2.782 F .282
-<61696e206f6e20746865204d616d6d6f7468>-.05 F<616e642054>87 517.8 Q
-<6974616e2050726f6a65637473206174204265726b>-.35 E<656c65>-.1 E -.65
-<792e>-.15 G .79<4d756368206f6620746865207365636f6e642077>112 534 R
--2.25 -.2<61762065>-.1 H .789<6f6620696d70726f>3.49 F -.15<7665>-.15 G
-.789<6d656e747320726573756c74696e6720696e2076>.15 F .789<657273696f6e20
-382e312073686f756c6420626520637265646974656420746f20427279616e>-.15 F
-.545<436f7374616c6573206f662074686520496e7465726e6174696f6e616c20436f6d
-707574657220536369656e636520496e737469747574652e>87 546 R .545<41732068
-6520706173736564206d6520647261667473206f662068697320626f6f6b206f6e>5.545
-F F2<73656e642d>3.045 E<6d61696c>87 558 Q F1 2.5<4977>2.5 G
-<617320696e73706972656420746f2073746172742077>-2.6 E
-<6f726b696e67206f6e207468696e6773206167>-.1 E 2.5<61696e2e20427279616e>
--.05 F -.1<7761>2.5 G 2.5<7361>.1 G<6c736f2061>-2.5 E -.25<7661>-.2 G
-<696c61626c6520746f20626f756e6365206964656173206f66>.25 E 2.5<666f>-.25
-G<662e>-2.5 E<477265>112 574.2 Q .168
-<676f7279204e65696c205368617069726f206f662057>-.15 F .168<6f726365737465
-7220506f6c79746563686e696320496e7374697475746520686173206265636f6d652069
-6e737472756d656e74616c20696e20616c6c20706861736573206f66>-.8 F F2
-<73656e646d61696c>87 586.2 Q F1 .34<737570706f727420616e64206465>2.84 F
--.15<7665>-.25 G .34<6c6f706d656e742c20616e642077>.15 F .34
-<6173206c6172>-.1 F .34
-<67656c7920726573706f6e7369626c6520666f722067657474696e672076>-.18 F .34
-<657273696f6e7320382e3820616e6420382e39206f757420746865>-.15 F<646f6f72>
-87 598.2 Q<2e>-.55 E<4d616e>112 614.4 Q 2.857 -.65<792c206d>-.15 H<616e>
-.65 E 4.057<7970>-.15 G 1.557<656f706c6520636f6e74726962>-4.057 F 1.556
-<75746564206368756e6b73206f6620636f646520616e6420696465617320746f>-.2 F
-F2<73656e646d61696c>4.056 E F1 6.556<2e49>C 4.056<7468>-6.556 G 1.556
-<61732070726f>-4.056 F -.15<7665>-.15 G 4.056<6e74>.15 G 4.056<6f62>
--4.056 G 4.056<6561>-4.056 G .405<67726f7570206e657477>87 626.4 R .405
-<6f726b206566>-.1 F 2.905<666f72742e2056>-.25 F .405
-<657273696f6e203820696e20706172746963756c61722077>-1.11 F .405
-<617320612067726f75702070726f6a6563742e>-.1 F .406<54686520666f6c6c6f>
-5.406 F .406<77696e672070656f706c6520616e64206f72>-.25 F -.05<6761>-.18
-G<6e697a612d>.05 E<74696f6e73206d616465206e6f7461626c6520636f6e74726962>
-87 638.4 Q<7574696f6e733a>-.2 E<436c617573204173736d616e6e>127 654.6 Q
-<4a6f686e204265636b2c204865>127 666.6 Q<776c6574742d50>-.25 E
-<61636b61726420262053756e204d6963726f73797374656d73>-.15 E -.25<4b65>127
-678.6 S<69746820426f737469632c20435352472c20556e69>.25 E -.15<7665>-.25
-G<7273697479206f662043616c69666f726e69612c204265726b>.15 E<656c65>-.1 E
-<79>-.15 E<416e647265>127 690.6 Q 2.5<7743>-.25 G
-<68656e672c2053756e204d6963726f73797374656d73>-2.5 E
-<4d69636861656c204a2e20436f72726967>127 702.6 Q<616e2c20556e69>-.05 E
--.15<7665>-.25 G
-<7273697479206f662043616c69666f726e69612c2053616e20446965>.15 E<676f>
--.15 E<427279616e20436f7374616c65732c20496e7465726e6174696f6e616c20436f
-6d707574657220536369656e636520496e73746974757465202620496e666f42656174>
-127 714.6 Q 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-103)190.86 E/F1 10/Times-Roman@0 SF 2.5(OL)172 96 S -.4(DA)-2.5
+G(PDef).4 E(aultSpec=-h ldap.e)-.1 E(xample.com -b dc=e)-.15 E
+(xample,dc=com)-.15 E -2.15 -.25(Ke x)172 120 T(ample ldap).25 E(-z,)
+194.5 132 Q(-k \(&\(objectClass=sendmailMT)194.5 144 Q
+(AAliasObject\)\(sendmailMT)-.93 E(AK)-.93 E -.15(ey)-.25 G(=%0\)\)).15
+E(-v sendmailMT)194.5 156 Q(AAliasV)-.93 E(alue,mail:NORMAL:inetOr)-1.11
+E(gPerson,)-.18 E(uniqueMember:DN:groupOfUniqueNames,)202 168 Q
+(sendmailMT)202 180 Q(AAliasSearch:FIL)-.93 E(TER:sendmailMT)-.92 E
+(AAliasObject,)-.93 E(sendmailMT)202 192 Q(AAliasURL:URL:sendmailMT)-.93
+E(AAliasObject)-.93 E(That de\214nition speci\214es that:)157 212.4 Q 5
+<8341>137 228.6 S .952 -.15(ny v)-5 H .652(alue in a)-.1 F/F2 9
+/Times-Roman@0 SF(sendmailMT)3.152 E(AAliasV)-.837 E(alue)-.999 E F1
+(attrib)3.152 E .651(ute will be added to the result string re)-.2 F
+-.05(ga)-.15 G(rd-).05 E(less of object class.)145.5 240.6 Q 5<8354>137
+252.6 S(he)-5 E F2(mail)2.551 E F1(attrib)2.551 E .051
+(ute will be added to the result string if the LD)-.2 F .052
+(AP record is a member of the)-.4 F F2(inetOr)145.5 264.6 Q(gPerson)
+-.162 E F1(object class.)2.5 E 5<8354>137 276.6 S(he)-5 E F2
+(uniqueMember)4.597 E F1(attrib)4.597 E 2.097(ute is a recursi)-.2 F
+2.397 -.15(ve a)-.25 H(ttrib).15 E 2.097(ute, used only in)-.2 F F2
+(groupOfUniqueNames)4.596 E F1 .549(records, and should contain an LD)
+145.5 288.6 R .549(AP DN pointing to another LD)-.4 F .55(AP record.)-.4
+F .55(The desire)5.55 F(here is to return the)145.5 300.6 Q F2(mail)2.5
+E F1(attrib)2.5 E(ute from those DNs.)-.2 E 5<8354>137 312.6 S(he)-5 E
+F2(sendmailMT)4.374 E(AAliasSearch)-.837 E F1(attrib)4.374 E 1.874
+(ute and)-.2 F F2(sendmailMT)4.374 E(AAliasURL)-.837 E F1 1.873
+(are both used only if)4.374 F 2.083(referenced in a)145.5 324.6 R F2
+(sendmailMT)4.584 E(AAliasObject)-.837 E F1 7.084(.T)C(he)-7.084 E 4.584
+(ya)-.15 G 2.084(re both recursi)-4.584 F -.15(ve)-.25 G 4.584(,t).15 G
+2.084(he \214rst for a ne)-4.584 F(w)-.25 E(LD)145.5 336.6 Q
+(AP search string and the latter for an LD)-.4 E(AP URL.)-.4 E F0 2.5
+(6.6. ST)87 360.6 R(AR)-.9 E(TTLS)-.4 E F1 .47
+(In this section we assume that)127 376.8 R/F3 10/Times-Italic@0 SF
+(sendmail)2.97 E F1 .47(has been compiled with support for ST)2.97 F(AR)
+-.93 E 2.97(TTLS. T)-.6 F(o)-.8 E .608
+(properly understand the use of ST)102 388.8 R(AR)-.93 E .609(TTLS in)
+-.6 F F3(sendmail)3.109 E F1 3.109(,i)C 3.109(ti)-3.109 G 3.109(sn)
+-3.109 G .609(ecessary to understand at least some)-3.109 F 1.856
+(basics about X.509 certi\214cates and public k)102 400.8 R 2.155 -.15
+(ey c)-.1 H(ryptograph).15 E 5.655 -.65(y. T)-.05 H 1.855
+(his information can be found in).65 F
+(books about SSL/TLS or on WWW sites, e.g., \231https://www)102 412.8 Q
+(.OpenSSL.or)-.65 E(g/\232.)-.18 E F0 2.5(6.6.1. Certi\214cates)102
+436.8 R -.25(fo)2.5 G 2.5(rS).25 G -.9(TA)-2.5 G -.4(RT).9 G(TLS).4 E F1
+.437(When acting as a serv)142 453 R(er)-.15 E(,)-.4 E F3(sendmail)2.937
+E F1 .438(requires X.509 certi\214cates to support ST)2.937 F(AR)-.93 E
+.438(TTLS: one)-.6 F 1.45(as certi\214cate for the serv)117 465 R 1.45
+(er \(Serv)-.15 F 1.45(erCertFile and corresponding pri)-.15 F -.25(va)
+-.25 G 1.45(te Serv).25 F(erK)-.15 E -.15(ey)-.25 G 1.45
+(File\) at least).15 F .244(one root CA \(CA)117 477 R .245(CertFile\),\
+ i.e., a certi\214cate that is used to sign other certi\214cates, and a\
+ path to a)-.4 F .766
+(directory which contains \(zero or more\) other CAs \(CA)117 489 R
+(CertP)-.4 E 3.266(ath\). The)-.15 F .766(\214le speci\214ed via CA)
+3.266 F(C-)-.4 E 1.554(ertFile can contain se)117 501 R -.15(ve)-.25 G
+1.554(ral certi\214cates of CAs.).15 F 1.555
+(The DNs of these certi\214cates are sent to the)6.555 F .034
+(client during the TLS handshak)117 513 R 2.534(e\()-.1 G .033
+(as part of the Certi\214cateRequest\) as the list of acceptable CAs.)
+-2.534 F(Ho)117 525 Q(we)-.25 E -.15(ve)-.25 G .8 -.4(r, d).15 H 2.5(on)
+.4 G(ot list too man)-2.5 E 2.5(yr)-.15 G
+(oot CAs in that \214le, otherwise the TLS handshak)-2.5 E 2.5(em)-.1 G
+(ay f)-2.5 E(ail; e.g.,)-.1 E
+(error:14094417:SSL routines:SSL3_READ_BYTES:)157 541.2 Q
+(sslv3 alert ille)157 553.2 Q -.05(ga)-.15 G 2.5(lp).05 G
+(arameter:s3_pkt.c:964:SSL alert number 47)-2.5 E -1.1(Yo)117 569.4 S
+3.073(us)1.1 G .574(hould probably put only the CA cert into that \214l\
+e that signed your o)-3.073 F .574(wn cert\(s\), or at least)-.25 F .543
+(only those you trust.)117 581.4 R .543(The CA)5.543 F(CertP)-.4 E .543
+(ath directory must contain the hashes of each CA certi\214cate)-.15 F
+1.584(as \214lenames \(or as links to them\).)117 593.4 R 1.585
+(Symbolic links can be generated with the follo)6.585 F 1.585(wing tw)
+-.25 F(o)-.1 E(\(Bourne\) shell commands:)117 605.4 Q
+(C=FileName_of_CA_Certi\214cate)157 621.6 Q
+(ln -s $C `openssl x509 -noout -hash < $C`.0)157 633.6 Q 2.67(Ab)117
+649.8 S .17(etter w)-2.67 F .17(ay to do this is to use the)-.1 F F0
+(c_r)2.669 E(ehash)-.18 E F1 .169
+(command that is part of the OpenSSL distrib)2.669 F(ution)-.2 E .801(b\
+ecause it handles subject hash collisions by incrementing the number in\
+ the suf)117 661.8 R .801(\214x of the \214le-)-.25 F 1.133
+(name of the symbolic link, e.g.,)117 673.8 R F0(.0)3.632 E F1(to)3.632
+E F0(.1)3.632 E F1 3.632(,a)C 1.132(nd so on.)-3.632 F 1.132
+(An X.509 certi\214cate is also required for)6.132 F 1.527
+(authentication in client mode \(ClientCertFile and corresponding pri)
+117 685.8 R -.25(va)-.25 G 1.527(te ClientK).25 F -.15(ey)-.25 G 1.527
+(File\), ho).15 F(w-)-.25 E -2.15 -.25(ev e)117 697.8 T -.4(r,).25 G F3
+(sendmail)3.222 E F1 .322(will al)2.822 F -.1(wa)-.1 G .322(ys use ST).1
+F(AR)-.93 E .321(TTLS when of)-.6 F .321(fered by a serv)-.25 F(er)-.15
+E 5.321(.T)-.55 G .321(he client and serv)-5.321 F .321(er cer)-.15 F(-)
+-.2 E .03(ti\214cates can be identical.)117 709.8 R .03(Certi\214cates \
+can be obtained from a certi\214cate authority or created with)5.03 F
+.869(the help of OpenSSL.)117 721.8 R .869
+(The required format for certi\214cates and pri)5.869 F -.25(va)-.25 G
+.868(te k).25 F -.15(ey)-.1 G 3.368(si).15 G 3.368(sP)-3.368 G 3.368
+(EM. T)-3.368 F 3.368(oa)-.8 G(llo)-3.368 E(w)-.25 E 0 Cg EP
%%Page: 104 100
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 188.36<534d4d3a30382d3130342053656e646d61696c>72
-60 R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>
-2.5 E/F1 10/Times-Roman@0 SF -.15<5061>127 96 S -.5<2e2e>-4.402 -6 O 2.5
-<7228>.552 6 O<50656c6c2920456d616e75656c73736f6e>-2.5 E
-<4372616967204576>127 108 Q<6572686172742c2054>-.15 E
-<72616e7361726320436f72706f726174696f6e>-.35 E
-<50657220486564656c616e642c204572696373736f6e>127 120 Q -.8<546f>127 132
-S 2.5<6d49>.8 G -.25<7661>-2.5 G 2.5<7248>.25 G
-<656c62656b6b6d6f2c204e6f727765>-2.5 E
-<6769616e205363686f6f6c206f662045636f6e6f6d696373>-.15 E<4b617269204875
-727474612c2046696e6e697368204d6574656f726f6c6f676963616c20496e7374697475
-7465>127 144 Q<416c6c616e20452e204a6f68616e6e6573656e2c20575049>127 156
-Q<4a6f6e617468616e204b616d656e732c204f70656e56>127 168 Q<6973696f6e2054>
--.6 E<6563686e6f6c6f676965732c20496e632e>-.7 E -.8<5461>127 180 S<6b6168
-69726f204b616e62652c2046756a69205865726f7820496e666f726d6174696f6e205379
-7374656d7320436f2e2c204c74642e>.8 E<427269616e204b616e746f72>127 192 Q
-2.5<2c55>-.4 G<6e69>-2.5 E -.15<7665>-.25 G
-<7273697479206f662043616c69666f726e69612c2053616e20446965>.15 E<676f>
--.15 E<4a6f686e204b>127 204 Q<656e6e656479>-.25 E 2.5<2c43>-.65 G
-<616c20537461746520556e69>-2.5 E -.15<7665>-.25 G<7273697479>.15 E 2.5
-<2c43>-.65 G<6869636f>-2.5 E<4d757272617920532e204b>127 216 Q
-<756368657261>-.15 E<7779>-.15 E 2.5<2c48>-.65 G
-<6f6f6b557020436f6d6d756e69636174696f6e20436f72702e>-2.5 E
-<4272756365204c696c6c79>127 228 Q 2.5<2c53>-.65 G<6f6e>-2.5 E 2.5<7955>
--.15 G<2e532e>-2.5 E<4b61726c204c6f6e646f6e>127 240 Q
-<4d6f746f6e6f7269204e616b616d7572612c2052697473756d65696b616e20556e69>
-127 252 Q -.15<7665>-.25 G<72736974792026204b>.15 E<796f746f20556e69>
--.25 E -.15<7665>-.25 G<7273697479>.15 E
-<4a6f686e2047617264696e6572204d796572732c204361726e65>127 264 Q
-<676965204d656c6c6f6e20556e69>-.15 E -.15<7665>-.25 G<7273697479>.15 E
-<4e65696c205269636b>127 276 Q
-<6572742c204e6f72746865726e20496c6c696e6f697320556e69>-.1 E -.15<7665>
--.25 G<7273697479>.15 E<477265>127 288 Q
-<676f7279204e65696c205368617069726f2c20575049>-.15 E
-<45726963205363686e6f6562656c656e2c20436f6e>127 300 Q .3 -.15
-<7665782043>-.4 H<6f6d707574657220436f72702e>.15 E<457269632057>127 312
-Q<617373656e616172>-.8 E 2.5<2c4e>-.4 G<6174696f6e616c20496e737469747574
-6520666f72204e75636c65617220616e64204869676820456e6572>-2.5 E
-<6779205068>-.18 E<79736963732c20416d7374657264616d>-.05 E
-<52616e64616c6c2057>127 324 Q<696e63686573746572>-.4 E 2.5<2c55>-.4 G
-<6e69>-2.5 E -.15<7665>-.25 G<7273697479206f66204d6172796c616e64>.15 E
-<4368726973746f7068652057>127 336 Q<6f6c66687567656c2c2050>-.8 E
-<61737465757220496e7374697475746520262048657276>-.15 E 2.5<6553>-.15 G
-<63686175657220436f6e73756c74616e7473202850>-2.5 E<6172697329>-.15 E
-<457861637469732e636f6d2c20496e632e>127 348 Q 3.22<4961>87 364.2 S .72
-<706f6c6f67697a6520666f7220616e>-3.22 F .72<796f6e652049206861>-.15 F
-1.019 -.15<7665206f>-.2 H .719
-<6d69747465642c206d69737370656c6c65642c206d6973617474726962>.15 F .719
-<757465642c206f72206f7468657277697365206d69737365642e>-.2 F .719
-<4174207468697320706f696e742c2049>5.719 F 1.092<737573706563742074686174
-206174206c6561737420612068756e647265642070656f706c65206861>87 376.2 R
-1.393 -.15<76652063>-.2 H<6f6e74726962>.15 E 1.093
-<7574656420636f64652c20616e64206d616e>-.2 F 3.593<796d>-.15 G 1.093
-<6f7265206861>-3.593 F 1.393 -.15<76652063>-.2 H<6f6e74726962>.15 E
-1.093<757465642069646561732c>-.2 F 1.534
-<636f6d6d656e74732c20616e6420656e636f75726167656d656e742e>87 388.2 R
-<4927>6.534 E 1.834 -.15<76652074>-.5 H 1.534
-<7269656420746f206c697374207468656d20696e207468652052454c454153455f4e4f>
-.15 F 1.533<54455320696e207468652064697374726962>-.4 F<7574696f6e>-.2 E
-<6469726563746f7279>87 400.2 Q 5<2e49>-.65 G
-<6170707265636961746520746865697220636f6e74726962>-2.5 E
-<7574696f6e2061732077656c6c2e>-.2 E .742
-<5370656369616c207468616e6b732061726520726573657276>112 416.4 R .742
-<656420666f72204d69636861656c20436f72726967>-.15 F .743
-<616e20616e64204368726973746f7068652057>-.05 F .743
-<6f6c66687567656c2c2077686f2062657369646573206265696e67>-.8 F -.1<776f>
-87 428.4 S 2.1
-<6e64657266756c206775696e6561207069677320616e6420636f6e74726962>.1 F 2.1
-<75746f7273206861>-.2 F 2.4 -.15<76652061>-.2 H 2.1
-<6c736f20636f6e73656e74656420746f20626520616464656420746f207468652060>
-.15 F<6073656e646d61696c4053656e642d>-.74 E<6d61696c2e4f524727>87 440.4
-Q 3.61<276c>-.74 G 1.11
-<69737420616e642c20627920616e73776572696e67207468652062>-3.61 F 1.111<75
-6c6b206f6620746865207175657374696f6e732073656e7420746f2074686174206c6973
-742c206861>-.2 F 1.411 -.15<76652066>-.2 H 1.111
-<72656564206d6520757020746f20646f>.15 F<6f746865722077>87 452.4 Q
-<6f726b2e>-.1 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 188.36(SMM:08-104 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 1.123
+(for automatic startup of sendmail, pri)117 96 R -.25(va)-.25 G 1.124
+(te k).25 F -.15(ey)-.1 G 3.624(s\().15 G(Serv)-3.624 E(erK)-.15 E -.15
+(ey)-.25 G 1.124(File, ClientK).15 F -.15(ey)-.25 G 1.124
+(File\) must be stored).15 F 3.04(unencrypted. The)117 108 R -.1(ke)3.04
+G .54(ys are only protected by the permissions of the \214le system.)
+-.05 F(Ne)5.54 E -.15(ve)-.25 G 3.04(rm).15 G(ak)-3.04 E 3.04(ea)-.1 G
+(pri)117 120 Q -.25(va)-.25 G(te k).25 E .3 -.15(ey a)-.1 H -.25(va)-.05
+G(ilable to a third party).25 E(.)-.65 E .953(The options)142 136.2 R/F2
+10/Times-Italic@0 SF(ClientCertF)3.453 E(ile)-.45 E F1(,)A F2(ClientK)
+3.453 E -.3(ey)-.35 G -.45(Fi).3 G(le).45 E F1(,)A F2(ServerCertF)3.453
+E(ile)-.45 E F1 3.453(,a)C(nd)-3.453 E F2(ServerK)3.453 E -.3(ey)-.35 G
+-.45(Fi).3 G(le).45 E F1 .954(can tak)3.454 F 3.454(ea)-.1 G .946(secon\
+d \214le name, which must be separated from the \214rst with a comma \(\
+note: do not use an)117 148.2 R(y)-.15 E .657
+(spaces\) to set up a second cert/k)117 160.2 R .957 -.15(ey p)-.1 H
+(air).15 E 5.657(.T)-.55 G .657(his can be used to ha)-5.657 F .957 -.15
+(ve c)-.2 H .658(erts of dif).15 F .658(ferent types, e.g.,)-.25 F
+(RSA and DSA.)117 172.2 Q F0 2.5(6.6.2. PRNG)102 196.2 R -.25(fo)2.5 G
+2.5(rS).25 G -.9(TA)-2.5 G -.4(RT).9 G(TLS).4 E F1(ST)142 212.4 Q(AR)
+-.93 E .504(TTLS requires a strong pseudo random number generator \(PRN\
+G\) to operate prop-)-.6 F(erly)117 224.4 Q 5.055(.D)-.65 G .056
+(epending on the TLS library you use, it may be required to e)-5.055 F
+.056(xplicitly initialize the PRNG)-.15 F 1.155(with random data.)117
+236.4 R 1.154(OpenSSL mak)6.154 F 1.154(es use of)-.1 F F0(/de)3.654 E
+(v/urandom\(4\))-.15 E F1 1.154(if a)3.654 F -.25(va)-.2 G 1.154
+(ilable \(this corresponds to).25 F 1.442
+(the compile \215ag HASURANDOMDEV\).)117 248.4 R 1.443
+(On systems which lack this support, a random \214le)6.442 F .224
+(must be speci\214ed in the)117 260.4 R F2(sendmail.cf)2.723 E F1 .223
+(\214le using the option RandFile.)2.723 F .223(It is)5.223 F F0(str)
+2.723 E(ongly)-.18 E F1 .223(advised to use)2.723 F .872(the "Entrop)117
+272.4 R 3.372(yG)-.1 G .872(athering Daemon" EGD from Brian W)-3.372 F
+.873(arner on those systems to pro)-.8 F .873(vide useful)-.15 F 1.414
+(random data.)117 284.4 R 1.414(In this case,)6.414 F F2(sendmail)3.914
+E F1 1.413(must be compiled with the \215ag EGD, and the RandFile)3.913
+F .731(option must point to the EGD sock)117 296.4 R 3.231(et. If)-.1 F
+(neither)3.231 E F0(/de)3.232 E(v/urandom\(4\))-.15 E F1 .732
+(nor EGD are a)3.232 F -.25(va)-.2 G .732(ilable, you).25 F(ha)117 308.4
+Q .474 -.15(ve t)-.2 H 2.674(om).15 G(ak)-2.674 E 2.674(es)-.1 G .174
+(ure that useful random data is a)-2.674 F -.25(va)-.2 G .174
+(ilable all the time in RandFile.).25 F .173(If the \214le hasn')5.174 F
+(t)-.18 E .39(been modi\214ed in the last 10 minutes before it is suppo\
+sed to be used by)117 320.4 R F2(sendmail)2.89 E F1 .39(the content is)
+2.89 F(considered obsolete.)117 332.4 Q
+(One method for generating this \214le is:)5 E
+(openssl rand -out /etc/mail/rand\214le -rand)157 348.6 Q F2
+(/path/to/\214le:...)2.5 E F1(256)A .321
+(See the OpenSSL documentation for more information.)117 364.8 R .32
+(In this case, the PRNG for TLS is only)5.321 F .956
+(seeded with other random data if the)117 376.8 R F0(DontBlameSendmail)
+3.456 E F1(option)3.457 E F0(Insuf\214cientEntr)3.457 E(opy)-.18 E F1
+.957(is set.)3.457 F(This is most lik)117 388.8 Q(ely not suf)-.1 E
+(\214cient for certain actions, e.g., generation of \(temporary\) k)-.25
+E -.15(ey)-.1 G(s.).15 E .051(Please see the OpenSSL documentation or o\
+ther sources for further information about cer)142 405 R(-)-.2 E 1.064(\
+ti\214cates, their creation and their usage, the importance of a good P\
+RNG, and other aspects of)117 417 R(TLS.)117 429 Q F0 2.5(6.7. Encoding)
+87 453 R(of ST)2.5 E(AR)-.9 E(TTLS and A)-.4 E(UTH r)-.5 E(elated Macr)
+-.18 E(os)-.18 E F1 .693(Macros that contain ST)127 469.2 R(AR)-.93 E
+.693(TTLS and A)-.6 F .692
+(UTH related data which comes from outside sources,)-.55 F .809(e.g., a\
+ll macros containing information from certi\214cates, are encoded to a)
+102 481.2 R -.2(vo)-.2 G .81(id problems with non-).2 F .193
+(printable or special characters.)102 493.2 R .193
+(The latter are '\\', '<', '>', '\(', '\)', '"', '+', and ' '.)5.193 F
+.192(All of these char)5.192 F(-)-.2 E(acters are replaced by their v)
+102 505.2 Q(alue in he)-.25 E(xadecimal with a leading '+'.)-.15 E -.15
+(Fo)5 G 2.5(re).15 G(xample:)-2.65 E(/C=US/ST=California/O=endmail.or)
+142 521.4 Q(g/OU=pri)-.18 E -.25(va)-.25 G(te/CN=Darth Mail \(Cert\)/)
+.25 E(Email=darth+cert@endmail.or)142 533.4 Q(g)-.18 E(is encoded as:)
+102 549.6 Q(/C=US/ST=California/O=endmail.or)142 565.8 Q(g/OU=pri)-.18 E
+-.25(va)-.25 G(te/).25 E
+(CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.or)142 577.8 Q
+(g)-.18 E .515(\(line breaks ha)102 594 R .815 -.15(ve b)-.2 H .515
+(een inserted for readability\).).15 F .516
+(The macros which are subject to this encoding are)5.515 F 6.828({cert_\
+subject}, {cert_issuer}, {cn_subject}, {cn_issuer}, as well as {auth_au\
+then} and)102 606 R({auth_author}.)102 618 Q F0 2.5(6.8. D)87 642 R(ANE)
+-.35 E F1 .525(Initial support for D)127 658.2 R .525
+(ANE \(see RFC 7672 et.al.\))-.4 F .525(is a)5.525 F -.25(va)-.2 G .525
+(ilable if).25 F F2(sendmail)3.026 E F1 .526(is compiled with the)3.026
+F(option)102 670.2 Q F0 -.35(DA)2.5 G(NE).35 E F1 5(.O)C
+(nly TLSA RR 3-1-x \(D)-5 E(ANE-EE\) is currently implemented.)-.4 E
+(The option)5 E 2.5(OD)142 686.4 S(ANE=true)-2.9 E
+(enables this feature at run time and it automatically adds)102 702.6 Q
+F0(use_dnssec)2.5 E F1(and)2.5 E F0(use_edns0)2.5 E F1(to)2.5 E 0 Cg EP
%%Page: 105 101
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 12/Times-Bold@0 SF 3<415050454e4449582041>257.172 98.4 R
-<434f4d4d414e44204c494e4520464c41>224.832 141.6 Q<4753>-.66 E/F1 10
-/Times-Roman@0 SF<4172>97 201 Q<67756d656e7473206d7573742062652070726573
-656e7465642077697468208d616773206265666f7265206164647265737365732e>-.18
-E<546865208d616773206172653a>5 E<ad41>72 217.2 Q/F2 10/Times-Italic@0 SF
-<78>A F1 .049<53656c65637420616e20616c7465726e617469>54.7 F .349 -.15
-<7665202e>-.25 H .049<6366208c6c6520776869636820697320656974686572>.15 F
-F2<73656e646d61696c2e6366>2.549 E F1<666f72>2.549 E/F3 10/Times-Bold@0
-SF<ad416d>2.549 E F1<6f72>2.548 E F2<7375626d69742e6366>2.548 E F1
-<666f72>2.548 E F3<ad4163>2.548 E F1 5.048<2e42>C<79>-5.048 E<646566>144
-229.2 Q .024<61756c7420746865202e6366208c6c652069732063686f73656e206261
-736564206f6e20746865206f7065726174696f6e206d6f64652e>-.1 F -.15<466f>
-5.024 G<72>.15 E F3<2d626d>2.524 E F1<28646566>2.524 E<61756c74292c>-.1
-E F3<2d6273>2.524 E F1 2.524<2c61>C<6e64>-2.524 E F3<2d74>2.525 E F1
-<6974>2.525 E<6973>144 241.2 Q F2<7375626d69742e6366>2.5 E F1
-<69662069742065>2.5 E
-<78697374732c20666f7220616c6c206f7468657273206974206973>-.15 E F2
-<73656e646d61696c2e6366>2.5 E F1<2e>A<ad62>72 257.4 Q F2<78>A F1
-<536574206f7065726174696f6e206d6f646520746f>56.92 E F2<78>2.5 E F1 5
-<2e4f>C<7065726174696f6e206d6f646573206172653a>-5 E 12.22<6d44>184 273.6
-S<656c69>-12.22 E -.15<7665>-.25 G 2.5<726d>.15 G<61696c2028646566>-2.5
-E<61756c7429>-.1 E 16.11<7353>184 285.6 S
-<7065616b20534d5450206f6e20696e7075742073696465>-16.11 E 8.06<61872060>
-184 297.6 R -.8<6041>-.74 G<7270616e657427>.8 E 2.5<276d>-.74 G
-<6f6465202867657420656e>-2.5 E -.15<7665>-.4 G<6c6f70652073656e64657220
-696e666f726d6174696f6e2066726f6d2068656164657229>.15 E 13.33<4343>184
-309.6 S<6865636b2074686520636f6e8c6775726174696f6e208c6c65>-13.33 E 15
-<6452>184 321.6 S
-<756e2061732061206461656d6f6e20696e206261636b67726f756e64>-15 E 12.78
-<4452>184 333.6 S<756e2061732061206461656d6f6e20696e20666f7265>-12.78 E
-<67726f756e64>-.15 E 17.22<7452>184 345.6 S
-<756e20696e2074657374206d6f6465>-17.22 E 15<764a>184 357.6 S<7573742076>
--15 E<6572696679206164647265737365732c20646f6e27>-.15 E 2.5<7463>-.18 G
-<6f6c6c656374206f722064656c69>-2.5 E -.15<7665>-.25 G<72>.15 E 17.22
-<6949>184 369.6 S
-<6e697469616c697a652074686520616c696173206461746162617365>-17.22 E 15
-<7050>184 381.6 S<72696e7420746865206d61696c207175657565>-15 E 14.44
-<5050>184 393.6 S<72696e74206f>-14.44 E -.15<7665>-.15 G<72766965>.15 E
-2.5<776f>-.25 G -.15<7665>-2.65 G 2.5<7274>.15 G<6865206d61696c20717565
-75652028726571756972657320736861726564206d656d6f727929>-2.5 E 15<6850>
-184 405.6 S<72696e74207468652070657273697374656e7420686f7374207374617475
-73206461746162617365>-15 E 12.78<4850>184 417.6 S<7572>-12.78 E
-<67652065>-.18 E<78706972656420656e74726965732066726f6d2074686520706572
-73697374656e7420686f737420737461747573206461746162617365>-.15 E<ad42>72
-438 Q F2<74797065>A F1<496e64696361746520626f647920747970652e>43.03 E
-<ad43>72 454.2 Q F2<8c6c65>A F1 .947<557365206120646966>47.47 F .946
-<666572656e7420636f6e8c6775726174696f6e208c6c652e>-.25 F F2
-<53656e646d61696c>5.946 E F1 .946<72756e732061732074686520696e>3.446 F
--.2<766f>-.4 G .946
-<6b696e6720757365722028726174686572207468616e20726f6f7429>.2 F
-<7768656e2074686973208d61672069732073706563698c65642e>144 466.2 Q<ad44>
-72 482.4 Q F2<6c6f>2.5 E<678c6c65>-.1 E F1<53656e6420646562>31.74 E
-<756767696e67206f757470757420746f2074686520696e64696361746564>-.2 E F2
-<6c6f>2.5 E<678c6c65>-.1 E F1<696e7374656164206f66207374646f75742e>2.5 E
-<ad64>72 498.6 Q F2<6c65>A<76656c>-.15 E F1<53657420646562>42.63 E
-<756767696e67206c65>-.2 E -.15<7665>-.25 G<6c2e>.15 E<ad66>72 514.8 Q F2
-<61646472>2.5 E F1 .627<54686520656e>41.64 F -.15<7665>-.4 G .627
-<6c6f70652073656e64657220616464726573732069732073657420746f>.15 F F2
-<61646472>3.127 E F1 5.627<2e54>C .628<6869732061646472657373206d617920
-616c736f206265207573656420696e207468652046726f6d3a>-5.627 F .153<686561
-646572206966207468617420686561646572206973206d697373696e6720647572696e67
-20696e697469616c207375626d697373696f6e2e>144 526.8 R .152<54686520656e>
-5.152 F -.15<7665>-.4 G .152
-<6c6f70652073656e6465722061646472657373206973>.15 F 1.263
-<757365642061732074686520726563697069656e7420666f722064656c69>144 538.8
-R -.15<7665>-.25 G 1.263<727920737461747573206e6f74698c636174696f6e7320
-616e64206d617920616c736f2061707065617220696e20612052657475726e2d>.15 F
--.15<5061>144 550.8 S<74683a20686561646572>.15 E<2e>-.55 E<ad46>72 567 Q
-F2<6e616d65>2.5 E F1
-<53657473207468652066756c6c206e616d65206f662074686973207573657220746f>
-36.64 E F2<6e616d65>2.5 E F1<2e>A 56.64<ad47205768656e>72 583.2 R 1.176<
-616363657074696e67206d65737361676573207669612074686520636f6d6d616e64206c
-696e652c20696e646963617465207468617420746865>3.677 F 3.676<7961>-.15 G
-1.176<726520666f722072656c6179202867>-3.676 F<6174652d>-.05 E -.1<7761>
-144 595.2 S 2.215<7929207375626d697373696f6e2e>.1 F 2.216<73656e646d6169
-6c206d617920636f6d706c61696e2061626f75742073796e746163746963616c6c792069
-6e>7.215 F -.25<7661>-.4 G 2.216<6c6964206d657373616765732c20652e672e2c>
-.25 F .037<756e7175616c698c656420686f7374206e616d65732c2072617468657220
-7468616e208c78696e67207468656d207768656e2074686973208d616720697320736574
-2e>144 607.2 R .037<73656e646d61696c2077696c6c206e6f7420646f>5.037 F
-<616e>144 619.2 Q 2.5<7963>-.15 G
-<616e6f6e6963616c697a6174696f6e20696e2074686973206d6f64652e>-2.5 E<ad68>
-72 635.4 Q F2<636e74>2.5 E F1 .725
-<53657473207468652099686f7020636f756e749a20746f>46.64 F F2<636e74>3.225
-E F1 5.725<2e54>C .726<68697320726570726573656e747320746865206e756d6265
-72206f662074696d65732074686973206d65737361676520686173206265656e>-5.725
-F .02<70726f636573736564206279>144 647.4 R F2<73656e646d61696c>2.52 E F1
-.02<28746f207468652065>2.52 F .02<7874656e742074686174206974206973207375
-70706f727465642062792074686520756e6465726c79696e67206e657477>-.15 F
-<6f726b73292e>-.1 E F2<436e74>5.02 E F1 1.521<697320696e6372656d656e7465
-6420647572696e672070726f63657373696e672c20616e64206966206974207265616368
-6573204d4158484f50202863757272656e746c7920323529>144 659.4 R F2
-<73656e646d61696c>4.021 E F1<7468726f>144 671.4 Q<77732061>-.25 E -.1
-<7761>-.15 G 2.5<7974>.1 G
-<6865206d657373616765207769746820616e206572726f72>-2.5 E<2e>-.55 E .32
-LW 76 681 72 681 DL 80 681 76 681 DL 84 681 80 681 DL 88 681 84 681 DL
-92 681 88 681 DL 96 681 92 681 DL 100 681 96 681 DL 104 681 100 681 DL
-108 681 104 681 DL 112 681 108 681 DL 116 681 112 681 DL 120 681 116 681
-DL 124 681 120 681 DL 128 681 124 681 DL 132 681 128 681 DL 136 681 132
-681 DL 140 681 136 681 DL 144 681 140 681 DL 148 681 144 681 DL 152 681
-148 681 DL 156 681 152 681 DL 160 681 156 681 DL 164 681 160 681 DL 168
-681 164 681 DL 172 681 168 681 DL 176 681 172 681 DL 180 681 176 681 DL
-184 681 180 681 DL 188 681 184 681 DL 192 681 188 681 DL 196 681 192 681
-DL 200 681 196 681 DL 204 681 200 681 DL 208 681 204 681 DL 212 681 208
-681 DL 216 681 212 681 DL/F4 8/Times-Roman@0 SF
-<87446570726563617465642e>93.6 693 Q F3<53656e646d61696c20496e7374616c6c
-6174696f6e20616e64204f7065726174696f6e204775696465>72 756 Q
-<534d4d3a30382d313035>190.86 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-105)190.86 E/F1 10/Times-Roman@0 SF 2.5(OR)142 96 S(esolv)-2.5 E
+(erOptions)-.15 E(This requires a \(preferrably local\) v)102 112.2 Q
+(alidating DNS resolv)-.25 E(er which supports those options.)-.15 E
+2.621(If the client \214nds a usable TLSA RR and the check succeeds the\
+ macro)102 136.2 R F0(${v)5.121 E(erify})-.1 E F1 2.621(is set to)5.121
+F F0(TR)102 148.2 Q(USTED)-.3 E F1 5.833(.A)C .834
+(ll non-DNS maps are considered)-5.833 F/F2 10/Times-Italic@0 SF(secur)
+3.334 E(e)-.37 E F1 .834(just lik)3.334 F 3.334(eD)-.1 G .834
+(NS lookups with DNSSEC.)-3.334 F(Be)5.834 E -2.3 -.15(aw a)102 160.2 T
+.023(re that the implementation might not handle all error conditions a\
+s required by the RFCs.).15 F(More-)5.023 E -.15(ove)102 172.2 S .8 -.4
+(r, T).15 H(LSA RRs are not look).4 E(ed up for some features, e.g.,)-.1
+E F2 -.75(Fa)2.5 G(llBac).75 E(kSmartHost)-.2 E F1(.)A F0 2.5(7. A)72
+196.2 R(CKNO)-.55 E(WLEDGEMENTS)-.5 E F1(I')112 212.4 Q 2.036 -.15(ve w)
+-.5 H(ork).05 E 1.737(ed on)-.1 F F2(sendmail)4.237 E F1 1.737(for man)
+4.237 F 4.237(yy)-.15 G 1.737(ears, and man)-4.237 F 4.237(ye)-.15 G
+(mplo)-4.237 E 1.737(yers ha)-.1 F 2.037 -.15(ve b)-.2 H 1.737
+(een remarkably patient).15 F .404(about letting me w)87 224.4 R .404
+(ork on a lar)-.1 F .404(ge project that w)-.18 F .403
+(as not part of my of)-.1 F .403(\214cial job)-.25 F 5.403(.T)-.4 G .403
+(his includes time on the)-5.403 F .281(INGRES Project at the Uni)87
+236.4 R -.15(ve)-.25 G .282(rsity of California at Berk).15 F(ele)-.1 E
+1.582 -.65(y, a)-.15 H 2.782(tB).65 G .282(ritton Lee, and ag)-2.782 F
+.282(ain on the Mammoth)-.05 F(and T)87 248.4 Q(itan Projects at Berk)
+-.35 E(ele)-.1 E -.65(y.)-.15 G .79(Much of the second w)112 264.6 R
+-2.25 -.2(av e)-.1 H .789(of impro)3.49 F -.15(ve)-.15 G .789
+(ments resulting in v).15 F .789(ersion 8.1 should be credited to Bryan)
+-.15 F .545(Costales of the International Computer Science Institute.)87
+276.6 R .545(As he passed me drafts of his book on)5.545 F F2(send-)
+3.045 E(mail)87 288.6 Q F1 2.5(Iw)2.5 G(as inspired to start w)-2.6 E
+(orking on things ag)-.1 E 2.5(ain. Bryan)-.05 F -.1(wa)2.5 G 2.5(sa).1
+G(lso a)-2.5 E -.25(va)-.2 G(ilable to bounce ideas of).25 E 2.5(fo)-.25
+G(f.)-2.5 E(Gre)112 304.8 Q .168(gory Neil Shapiro of W)-.15 F .168(orc\
+ester Polytechnic Institute has become instrumental in all phases of)-.8
+F F2(sendmail)87 316.8 Q F1 .34(support and de)2.84 F -.15(ve)-.25 G .34
+(lopment, and w).15 F .34(as lar)-.1 F .34
+(gely responsible for getting v)-.18 F .34(ersions 8.8 and 8.9 out the)
+-.15 F(door)87 328.8 Q(.)-.55 E(Man)112 345 Q 2.857 -.65(y, m)-.15 H(an)
+.65 E 4.057(yp)-.15 G 1.557(eople contrib)-4.057 F 1.556
+(uted chunks of code and ideas to)-.2 F F2(sendmail)4.056 E F1 6.556(.I)
+C 4.056(th)-6.556 G 1.556(as pro)-4.056 F -.15(ve)-.15 G 4.056(nt).15 G
+4.056(ob)-4.056 G 4.056(ea)-4.056 G .405(group netw)87 357 R .405
+(ork ef)-.1 F 2.905(fort. V)-.25 F .405(ersion 8 in particular w)-1.11 F
+.405(as a group project.)-.1 F .406(The follo)5.406 F .406
+(wing people and or)-.25 F -.05(ga)-.18 G(niza-).05 E
+(tions made notable contrib)87 369 Q(utions:)-.2 E(Claus Assmann)127
+385.2 Q(John Beck, He)127 397.2 Q(wlett-P)-.25 E
+(ackard & Sun Microsystems)-.15 E -.25(Ke)127 409.2 S
+(ith Bostic, CSRG, Uni).25 E -.15(ve)-.25 G(rsity of California, Berk)
+.15 E(ele)-.1 E(y)-.15 E(Andre)127 421.2 Q 2.5(wC)-.25 G
+(heng, Sun Microsystems)-2.5 E(Michael J. Corrig)127 433.2 Q(an, Uni)
+-.05 E -.15(ve)-.25 G(rsity of California, San Die).15 E(go)-.15 E
+(Bryan Costales, International Computer Science Institute & InfoBeat)127
+445.2 Q -.15(Pa)127 457.2 S -.5(..)-4.402 -6 O 2.5(r\().552 6 O
+(Pell\) Emanuelsson)-2.5 E(Craig Ev)127 469.2 Q(erhart, T)-.15 E
+(ransarc Corporation)-.35 E(Per Hedeland, Ericsson)127 481.2 Q -.8(To)
+127 493.2 S 2.5(mI).8 G -.25(va)-2.5 G 2.5(rH).25 G(elbekkmo, Norwe)-2.5
+E(gian School of Economics)-.15 E
+(Kari Hurtta, Finnish Meteorological Institute)127 505.2 Q
+(Allan E. Johannesen, WPI)127 517.2 Q(Jonathan Kamens, OpenV)127 529.2 Q
+(ision T)-.6 E(echnologies, Inc.)-.7 E -.8(Ta)127 541.2 S
+(kahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.).8 E
+(Brian Kantor)127 553.2 Q 2.5(,U)-.4 G(ni)-2.5 E -.15(ve)-.25 G
+(rsity of California, San Die).15 E(go)-.15 E(John K)127 565.2 Q(ennedy)
+-.25 E 2.5(,C)-.65 G(al State Uni)-2.5 E -.15(ve)-.25 G(rsity).15 E 2.5
+(,C)-.65 G(hico)-2.5 E(Murray S. K)127 577.2 Q(uchera)-.15 E(wy)-.15 E
+2.5(,H)-.65 G(ookUp Communication Corp.)-2.5 E(Bruce Lilly)127 589.2 Q
+2.5(,S)-.65 G(on)-2.5 E 2.5(yU)-.15 G(.S.)-2.5 E(Karl London)127 601.2 Q
+(Motonori Nakamura, Ritsumeikan Uni)127 613.2 Q -.15(ve)-.25 G
+(rsity & K).15 E(yoto Uni)-.25 E -.15(ve)-.25 G(rsity).15 E
+(John Gardiner Myers, Carne)127 625.2 Q(gie Mellon Uni)-.15 E -.15(ve)
+-.25 G(rsity).15 E(Neil Rick)127 637.2 Q(ert, Northern Illinois Uni)-.1
+E -.15(ve)-.25 G(rsity).15 E(Gre)127 649.2 Q(gory Neil Shapiro, WPI)-.15
+E(Eric Schnoebelen, Con)127 661.2 Q .3 -.15(vex C)-.4 H(omputer Corp.)
+.15 E(Eric W)127 673.2 Q(assenaar)-.8 E 2.5(,N)-.4 G
+(ational Institute for Nuclear and High Ener)-2.5 E(gy Ph)-.18 E
+(ysics, Amsterdam)-.05 E(Randall W)127 685.2 Q(inchester)-.4 E 2.5(,U)
+-.4 G(ni)-2.5 E -.15(ve)-.25 G(rsity of Maryland).15 E(Christophe W)127
+697.2 Q(olfhugel, P)-.8 E(asteur Institute & Herv)-.15 E 2.5(eS)-.15 G
+(chauer Consultants \(P)-2.5 E(aris\))-.15 E(Exactis.com, Inc.)127 709.2
+Q 3.22(Ia)87 725.4 S .72(pologize for an)-3.22 F .72(yone I ha)-.15 F
+1.019 -.15(ve o)-.2 H .719(mitted, misspelled, misattrib).15 F .719
+(uted, or otherwise missed.)-.2 F .719(At this point, I)5.719 F 0 Cg EP
%%Page: 106 102
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 188.36<534d4d3a30382d3130362053656e646d61696c>72
-60 R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>
-2.5 E/F1 10/Times-Roman@0 SF<ad4c>72 96 Q/F2 10/Times-Italic@0 SF<7461>
-2.5 E<67>-.1 E F1 1.483
-<5365747320746865206964656e74698c6572207573656420666f72207379736c6f672e>
-45.07 F 1.482<4e6f746520746861742074686973206964656e74698c65722069732073
-6574206173206561726c7920617320706f737369626c652e>6.483 F<486f>144 108 Q
-<7765>-.25 E -.15<7665>-.25 G -.4<722c>.15 G F2<73656e646d61696c>2.915 E
-F1 .015<6d617920626520757365642069662070726f626c656d73206172697365206265
-666f72652074686520636f6d6d616e64206c696e65206172>2.515 F .016
-<67756d656e747320617265>-.18 F<70726f6365737365642e>144 120 Q 58.86
-<ad6e20446f6e27>72 136.2 R 2.5<7464>-.18 G 2.5<6f61>-2.5 G
-<6c696173696e67206f7220666f7277>-2.5 E<617264696e672e>-.1 E<ad4e>72
-152.4 Q F2<6e6f74698c636174696f6e73>2.5 E F1 -.8<5461>7.19 G 3.128<6761>
-.8 G .628<6c6c20616464726573736573206265696e672073656e742061732077>
--3.128 F .628<616e74696e672074686520696e64696361746564>-.1 F F2
-<6e6f74698c636174696f6e73>3.128 E F1 3.127<2c77>C .627
-<6869636820636f6e7369737473206f6620746865>-3.127 F -.1<776f>144 164.4 S
-.474<726420994e455645529a206f72206120636f6d6d612d736570617261746564206c
-697374206f662099535543434553539a2c209946>.1 F .474
-<41494c5552459a2c20616e64209944454c41>-.74 F<599a>-1.05 E .86
-<666f72207375636365737366756c2064656c69>144 176.4 R -.15<7665>-.25 G
-<7279>.15 E 3.36<2c66>-.65 G .86<61696c7572652c20616e642061206d65737361
-6765207468617420697320737475636b20696e206120717565756520736f6d65>-3.46 F
-3.36<77686572652e20546865>-.25 F<646566>144 188.4 Q
-<61756c74206973209946>-.1 E<41494c5552452c44454c41>-.74 E<599a2e>-1.05 E
-<ad72>72 204.6 Q F2<61646472>2.5 E F1
-<416e206f62736f6c65746520666f726d206f66>41.64 E F0<ad66>2.5 E F1<2e>A
-<ad6f>72 220.8 Q F2 1.666<7876>C<616c7565>-1.666 E F1
-<536574206f7074696f6e>33.594 E F2<78>2.5 E F1
-<746f207468652073706563698c6564>2.5 E F2<76616c7565>2.5 E F1 5<2e54>C<68
-657365206f7074696f6e73206172652064657363726962656420696e2053656374696f6e
-20352e362e>-5 E<ad4f>72 237 Q F2<6f7074696f6e>A F0<3d>A F2<76616c7565>A
-F1<536574>6.22 E F2<6f7074696f6e>5.173 E F1 2.674
-<746f207468652073706563698c6564>5.173 F F2<76616c7565>5.174 E F1 2.674
-<28666f72206c6f6e6720666f726d206f7074696f6e206e616d6573292e>5.174 F
-2.674<5468657365206f7074696f6e7320617265>7.674 F
-<64657363726962656420696e2053656374696f6e20352e362e>144 249 Q<ad4d>72
-265.2 Q F2 1.666<7876>C<616c7565>-1.666 E F1<536574206d6163726f>29.704 E
-F2<78>2.5 E F1<746f207468652073706563698c6564>2.5 E F2<76616c7565>2.5 E
-F1<2e>A<ad70>72 281.4 Q F2<7072>A<6f746f636f6c>-.45 E F1 .401
-<536574207468652073656e64696e672070726f746f636f6c2e>27.92 F .401<50726f
-6772616d732061726520656e636f75726167656420746f2073657420746869732e>5.401
-F .4<5468652070726f746f636f6c208c656c642063616e206265>5.401 F .114
-<696e2074686520666f726d>144 293.4 R F2<7072>2.614 E<6f746f636f6c>-.45 E
-F0<3a>A F2<686f7374>A F1 .114<746f2073657420626f7468207468652073656e6469
-6e672070726f746f636f6c20616e642073656e64696e6720686f73742e>2.614 F -.15
-<466f>5.115 G 2.615<7265>.15 G<78616d706c652c>-2.765 E 2.147<99ad705555
-43503a75756e65749a2073657473207468652073656e64696e672070726f746f636f6c20
-746f205555435020616e64207468652073656e64696e6720686f737420746f2075756e65
-742e>144 305.4 R .973<28536f6d652065>144 317.4 R .974<78697374696e672070
-726f6772616d732075736520ad6f4d20746f2073657420746865207220616e642073206d
-6163726f733b20746869732069732065717569>-.15 F -.25<7661>-.25 G .974
-<6c656e7420746f207573696e67>.25 F<ad702e29>144 329.4 Q<ad71>72 345.6 Q
-F2<74696d65>A F1 -.35<5472>44.14 G 2.776<7974>.35 G 2.776<6f70>-2.776 G
-.276<726f636573732074686520717565756564207570206d61696c2e>-2.776 F .276
-<4966207468652074696d65206973206769>5.276 F -.15<7665>-.25 G .275
-<6e2c2061>.15 F F2<73656e646d61696c>2.775 E F1 .275
-<77696c6c207374617274206f6e65206f72206d6f7265>2.775 F .011<70726f636573
-73657320746f2072756e207468726f756768207468652071756575652873292061742074
-68652073706563698c65642074696d6520696e74657276>144 357.6 R .011
-<616c20746f2064656c69>-.25 F -.15<7665>-.25 G 2.511<7271>.15 G .011
-<7565756564206d61696c3b>-2.511 F .906
-<6f74686572776973652c206974206f6e6c792072756e73206f6e63652e>144 369.6 R
-.906
-<45616368206f662074686573652070726f6365737365732061637473206f6e20612077>
-5.906 F 3.405<6f726b67726f75702e205468657365>-.1 F<70726f2d>3.405 E .959
-<6365737365732061726520616c736f206b6e6f>144 381.6 R .959<776e2061732077>
--.25 F .959<6f726b67726f75702070726f636573736573206f722057475027>-.1 F
-3.459<7366>-.55 G .959<6f722073686f72742e>-3.459 F .96<456163682077>5.96
-F .96<6f726b67726f7570206973>-.1 F .523<726573706f6e7369626c6520666f7220
-636f6e74726f6c6c696e67207468652070726f63657373696e67206f66206f6e65206f72
-206d6f7265207175657565733b2077>144 393.6 R .522
-<6f726b67726f7570732068656c70206d616e2d>-.1 F 1.268<61676520746865207573
-65206f662073797374656d207265736f75726365732062792073656e646d61696c2e>144
-405.6 R 1.268<456163682077>6.268 F 1.268<6f726b67726f7570206d6179206861>
--.1 F 1.568 -.15<7665206f>-.2 H 1.268<6e65206f72206d6f7265>.15 F .357<63
-68696c6472656e20636f6e63757272656e746c792070726f63657373696e672071756575
-657320646570656e64696e67206f6e207468652073657474696e67206f66>144 417.6 R
-F2<4d617851756575654368696c6472>2.856 E<656e>-.37 E F1<2e>A<ad7170>72
-433.8 Q F2<74696d65>A F1 1.174
-<53696d696c617220746f20ad71207769746820612074696d65206172>39.14 F 1.175
-<67756d656e742c2065>-.18 F 1.175<7863657074207468617420696e737465616420
-6f6620706572696f646963616c6c79207374617274696e672057475027>-.15 F<73>
--.55 E .7
-<73656e646d61696c207374617274732070657273697374656e742057475027>144
-445.8 R 3.2<7374>-.55 G .7<68617420616c7465726e617465206265747765656e20
-70726f63657373696e672071756575657320616e6420736c656570696e672e>-3.2 F
-1.123<54686520736c6565702074696d652069732073706563698c656420627920746865
-2074696d65206172>144 457.8 R 1.123<67756d656e743b20697420646566>-.18 F
-1.123<61756c747320746f2031207365636f6e642c2065>-.1 F 1.124
-<786365707420746861742061>-.15 F 1.294<57475020616c>144 469.8 R -.1
-<7761>-.1 G 1.293<797320736c65657073206174206c656173742035207365636f6e64
-7320696620746865697220717565756573207765726520656d70747920696e2074686520
-707265>.1 F 1.293<76696f75732072756e2e>-.25 F .138<50657273697374656e74
-2070726f63657373657320617265206d616e61676564206279206120717565756520636f
-6e74726f6c2070726f636573732028514350292e>144 481.8 R .139
-<546865205143502069732074686520706172>5.139 F<2d>-.2 E .18
-<656e742070726f63657373206f66207468652057475027>144 493.8 R 2.679
-<732e2054>-.55 F .179<79706963616c6c7920746865205143502077696c6c20626520
-7468652073656e646d61696c206461656d6f6e20287768656e2073746172746564>-.8 F
-.424<7769746820ad6264206f7220ad624429206f722061207370656369616c2070726f
-6365737320286e616d656420517565756520636f6e74726f6c2920287768656e20737461
-7274656420776974686f757420ad6264>144 505.8 R .72<6f7220ad6244292e>144
-517.8 R .72<496620612070657273697374656e74205747502063656173657320746f20
-62652061637469>5.72 F 1.019 -.15<76652066>-.25 H .719
-<6f7220736f6d6520726561736f6e20616e6f74686572205747502077696c6c206265>
-.15 F .862
-<73746172746564206279207468652051435020666f72207468652073616d652077>144
-529.8 R .862<6f726b67726f757020696e206d6f73742063617365732e205768656e20
-612070657273697374656e742057475020686173>-.1 F 1.008
-<636f72652064756d7065642c2074686520646562>144 541.8 R 1.008
-<7567208d6167>-.2 F F2<6e6f5f706572>3.508 E<73697374656e745f72>-.1 E
-<657374617274>-.37 E F1 1.007<697320736574206f72207468652073706563698c63
-2070657273697374656e7420574750>3.508 F .676
-<686173206265656e2072657374617274656420746f6f206d616e>144 553.8 R 3.176
-<7974>-.15 G .676<696d657320616c7265616479207468656e20746865205747502077
-696c6c206e6f742062652073746172746564206167>-3.176 F .677
-<61696e20616e642061>-.05 F .876
-<6d6573736167652077696c6c206265206c6f6767656420746f2074686973206566>144
-565.8 R 3.375<666563742e2054>-.25 F 3.375<6f73>-.8 G .875<746f7020285349
-475445524d29206f722072657374617274202853494748555029207065727369732d>
--3.375 F .116<74656e742057475027>144 577.8 R 2.616<7374>-.55 G .116<6865
-20617070726f707269617465207369676e616c2073686f756c642062652073656e742074
-6f2074686520514350>-2.616 F 2.616<2e54>-1.11 G .116
-<6865205143502077696c6c2070726f706167>-2.616 F .116<61746520746865>-.05
-F<7369676e616c20746f20616c6c206f66207468652057475027>144 589.8 Q 2.5
-<7361>-.55 G<6e6420696620617070726f707269617465207265737461727420746865
-2070657273697374656e742057475027>-2.5 E<732e>-.55 E<ad71>72 606 Q F2
-<476e616d65>A F1
-<52756e20746865206a6f627320696e207468652071756575652067726f7570>32.48 E
-F2<6e616d65>2.5 E F1<6f6e63652e>2.5 E<ad715b215d>72 622.2 Q F2
-<58737472696e67>A F1 .313<52756e20746865207175657565206f6e63652c206c696d
-6974696e6720746865206a6f627320746f2074686f7365206d61746368696e67>21.92 F
-F2<58737472696e67>2.812 E F1 5.312<2e54>C .312<6865206b>-5.312 F .612
--.15<6579206c>-.1 H<6574746572>.15 E F2<58>2.812 E F1 .312<63616e206265>
-2.812 F F0<49>144 634.2 Q F1 1.347
-<746f206c696d6974206261736564206f6e207175657565206964656e74698c6572>
-3.847 F<2c>-.4 E F0<52>3.847 E F1 1.347
-<746f206c696d6974206261736564206f6e20726563697069656e742c>3.847 F F0<53>
-3.847 E F1 1.347<746f206c696d6974206261736564206f6e>3.847 F
-<73656e646572>144 646.2 Q 4.758<2c6f>-.4 G<72>-4.758 E F0<51>4.758 E F1
-2.258<746f206c696d6974206261736564206f6e2071756172616e74696e652072656173
-6f6e20666f722071756172616e74696e6564206a6f62732e>4.758 F 4.757<4170>
-7.257 G<6172746963756c6172>-4.757 E .062<717565756564206a6f622069732061
-63636570746564206966206f6e65206f662074686520636f72726573706f6e64696e6720
-617474726962>144 658.2 R .063
-<7574657320636f6e7461696e732074686520696e64696361746564>-.2 F F2
-<737472696e67>2.563 E F1<2e>A .779
-<546865206f7074696f6e616c202120636861726163746572206e65>144 670.2 R -.05
-<6761>-.15 G .778<7465732074686520636f6e646974696f6e207465737465642e>.05
-F<4d756c7469706c65>5.778 E F2<ad7158>3.278 E F1 .778
-<8d61677320617265207065726d69747465642c>3.278 F .622
-<77697468206974656d732077697468207468652073616d65206b>144 682.2 R .922
--.15<6579206c>-.1 H .622<657474657220996f722765649a20746f676574686572>
-.15 F 3.122<2c61>-.4 G .622<6e64206974656d73207769746820646966>-3.122 F
-.623<666572656e74206b>-.25 F .923 -.15<6579206c>-.1 H<657474657273>.15 E
-<99616e642765649a20746f676574686572>144 694.2 Q<2e>-.55 E 23.88
-<ad515b726561736f6e5d2051756172616e74696e65>72 710.4 R 4.689<616e>4.69 G
-2.189<6f726d616c207175657565206974656d73207769746820746865206769>-4.689
-F -.15<7665>-.25 G 4.689<6e72>.15 G 2.189
-<6561736f6e206f7220756e71756172616e74696e652071756172616e74696e6564>
--4.689 F 1.797
-<7175657565206974656d73206966206e6f20726561736f6e206973206769>144 722.4
-R -.15<7665>-.25 G 4.297<6e2e2054686973>.15 F 1.797<73686f756c64206f6e6c
-792062652075736564207769746820736f6d6520736f7274206f66206974656d>4.297 F
-0 Cg EP
+/F0 10/Times-Bold@0 SF 188.36(SMM:08-106 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 1.092
+(suspect that at least a hundred people ha)87 96 R 1.393 -.15(ve c)-.2 H
+(ontrib).15 E 1.093(uted code, and man)-.2 F 3.593(ym)-.15 G 1.093
+(ore ha)-3.593 F 1.393 -.15(ve c)-.2 H(ontrib).15 E 1.093(uted ideas,)
+-.2 F 1.534(comments, and encouragement.)87 108 R(I')6.534 E 1.834 -.15
+(ve t)-.5 H 1.534(ried to list them in the RELEASE_NO).15 F 1.533
+(TES in the distrib)-.4 F(ution)-.2 E(directory)87 120 Q 5(.I)-.65 G
+(appreciate their contrib)-2.5 E(ution as well.)-.2 E .742
+(Special thanks are reserv)112 136.2 R .742(ed for Michael Corrig)-.15 F
+.743(an and Christophe W)-.05 F .743(olfhugel, who besides being)-.8 F
+-.1(wo)87 148.2 S 2.1(nderful guinea pigs and contrib).1 F 2.1(utors ha)
+-.2 F 2.4 -.15(ve a)-.2 H 2.1(lso consented to be added to the `).15 F
+(`sendmail@Send-)-.74 E(mail.ORG')87 160.2 Q 3.61('l)-.74 G 1.11
+(ist and, by answering the b)-3.61 F 1.111
+(ulk of the questions sent to that list, ha)-.2 F 1.411 -.15(ve f)-.2 H
+1.111(reed me up to do).15 F(other w)87 172.2 Q(ork.)-.1 E 0 Cg EP
%%Page: 107 103
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d313037>190.86 E
-/F1 10/Times-Roman@0 SF<6d61746368696e67207573696e67>144 96 Q F0
-<ad715b215d>2.5 E/F2 10/Times-Italic@0 SF<58737472696e67>A F1
-<6173206465736372696265642061626f>2.5 E -.15<7665>-.15 G<2e>.15 E
-<ad5220726574>72 112.2 Q 1.687
-<5768617420696e666f726d6174696f6e20796f752077>46.64 F 1.687<616e74207265
-7475726e656420696620746865206d65737361676520626f756e6365733b>-.1 F F2
--.37<7265>4.187 G<74>.37 E F1 1.687<63616e2062652099484452539a20666f72>
-4.187 F .877<68656164657273206f6e6c79206f72209946554c4c9a20666f72206865
-616465727320706c757320626f6479>144 124.2 R 5.877<2e54>-.65 G .878<686973
-20697320612072657175657374206f6e6c793b20746865206f7468657220656e64206973>
--5.877 F 1.309
-<6e6f7420726571756972656420746f20686f6e6f722074686520706172616d65746572>
-144 136.2 R 6.309<2e49>-.55 G 3.808<6699>-6.309 G 1.308<484452539a206973
-2073706563698c6564206c6f63616c20626f756e63657320616c736f2072657475726e>
--3.808 F<6f6e6c792074686520686561646572732e>144 148.2 Q 61.08
-<ad742052656164>72 164.4 R .752<7468652068656164657220666f72209954>3.252
-F .752<6f3a9a2c209943633a9a2c20616e6420994263633a9a206c696e65732c20616e
-642073656e6420746f2065>-.8 F -.15<7665>-.25 G .752
-<72796f6e65206c697374656420696e2074686f7365>.15 F 2.54
-<6c697374732e20546865>144 176.4 R .039<994263633a9a206c696e652077696c6c
-2062652064656c65746564206265666f72652073656e64696e672e>2.54 F<416e>5.039
-E 2.539<7961>-.15 G .039<646472657373657320696e20746865206172>-2.539 F
-.039<67756d656e742076>-.18 F<65632d>-.15 E<746f722077696c6c206265206465
-6c657465642066726f6d207468652073656e64206c6973742e>144 188.4 Q
-<ad5620656e>72 204.6 Q 32.32<76696420546865>-.4 F<696e64696361746564>
-3.179 E F2<656e>3.179 E<766964>-.4 E F1 .679
-<69732070617373656420776974682074686520656e>3.179 F -.15<7665>-.4 G .68<
-6c6f7065206f6620746865206d65737361676520616e642072657475726e656420696620
-746865206d65732d>.15 F<7361676520626f756e6365732e>144 216.6 Q<ad58>72
-232.8 Q F2<6c6f>2.5 E<678c6c65>-.1 E F1 .725<4c6f6720616c6c2074726166>
-31.74 F .725<8c6320696e20616e64206f7574206f66>-.25 F F2
-<73656e646d61696c>3.225 E F1 .725<696e2074686520696e64696361746564>3.225
-F F2<6c6f>3.224 E<678c6c65>-.1 E F1 .724<666f7220646562>3.224 F .724
-<756767696e67206d61696c65722070726f622d>-.2 F 2.5<6c656d732e2054686973>
-144 244.8 R<70726f64756365732061206c6f74206f6620646174612076>2.5 E<6572
-7920717569636b6c7920616e642073686f756c6420626520757365642073706172696e67
-6c79>-.15 E<2e>-.65 E .637<5468657265206172652061206e756d626572206f6620
-6f7074696f6e732074686174206d61792062652073706563698c6564206173207072696d
-697469>97 261 R .938 -.15<7665208d>-.25 H 3.138<6167732e205468657365>.15
-F .638<6172652074686520652c20692c206d2c20616e642076>3.138 F 3.785
-<6f7074696f6e732e20416c736f2c>72 273 R 1.285
-<7468652066206f7074696f6e206d61792062652073706563698c656420617320746865>
-3.785 F F0<ad73>3.784 E F1 3.784<8d61672e20546865>3.784 F 1.284
-<44534e2072656c61746564206f7074696f6e732099ad4e9a2c2099ad529a2c20616e64>
-3.784 F<99ad569a206861>72 285 Q .3 -.15<7665206e>-.2 H 2.5<6f65>.15 G
--.25<6666>-2.5 G<65637473206f6e>.25 E F2<73656e646d61696c>2.5 E F1
-<72756e6e696e67206173206461656d6f6e2e>2.5 E 0 Cg EP
+/F0 12/Times-Bold@0 SF 3(APPENDIX A)257.172 98.4 R(COMMAND LINE FLA)
+224.832 141.6 Q(GS)-.66 E/F1 10/Times-Roman@0 SF(Ar)97 201 Q
+(guments must be presented with \215ags before addresses.)-.18 E
+(The \215ags are:)5 E<ad41>72 217.2 Q/F2 10/Times-Italic@0 SF(x)A F1
+.049(Select an alternati)54.7 F .349 -.15(ve .)-.25 H .049
+(cf \214le which is either).15 F F2(sendmail.cf)2.549 E F1(for)2.549 E
+/F3 10/Times-Bold@0 SF(\255Am)2.549 E F1(or)2.548 E F2(submit.cf)2.548 E
+F1(for)2.548 E F3(\255Ac)2.548 E F1 5.048(.B)C(y)-5.048 E(def)144 229.2
+Q .024(ault the .cf \214le is chosen based on the operation mode.)-.1 F
+-.15(Fo)5.024 G(r).15 E F3(-bm)2.524 E F1(\(def)2.524 E(ault\),)-.1 E F3
+(-bs)2.524 E F1 2.524(,a)C(nd)-2.524 E F3(-t)2.525 E F1(it)2.525 E(is)
+144 241.2 Q F2(submit.cf)2.5 E F1(if it e)2.5 E
+(xists, for all others it is)-.15 E F2(sendmail.cf)2.5 E F1(.)A<ad62>72
+257.4 Q F2(x)A F1(Set operation mode to)56.92 E F2(x)2.5 E F1 5(.O)C
+(peration modes are:)-5 E 12.22(mD)184 273.6 S(eli)-12.22 E -.15(ve)-.25
+G 2.5(rm).15 G(ail \(def)-2.5 E(ault\))-.1 E 16.11(sS)184 285.6 S
+(peak SMTP on input side)-16.11 E 8.06(a\207 `)184 297.6 R -.8(`A)-.74 G
+(rpanet').8 E 2.5('m)-.74 G(ode \(get en)-2.5 E -.15(ve)-.4 G
+(lope sender information from header\)).15 E 13.33(CC)184 309.6 S
+(heck the con\214guration \214le)-13.33 E 15(dR)184 321.6 S
+(un as a daemon in background)-15 E 12.78(DR)184 333.6 S
+(un as a daemon in fore)-12.78 E(ground)-.15 E 17.22(tR)184 345.6 S
+(un in test mode)-17.22 E 15(vJ)184 357.6 S(ust v)-15 E
+(erify addresses, don')-.15 E 2.5(tc)-.18 G(ollect or deli)-2.5 E -.15
+(ve)-.25 G(r).15 E 17.22(iI)184 369.6 S(nitialize the alias database)
+-17.22 E 15(pP)184 381.6 S(rint the mail queue)-15 E 14.44(PP)184 393.6
+S(rint o)-14.44 E -.15(ve)-.15 G(rvie).15 E 2.5(wo)-.25 G -.15(ve)-2.65
+G 2.5(rt).15 G(he mail queue \(requires shared memory\))-2.5 E 15(hP)184
+405.6 S(rint the persistent host status database)-15 E 12.78(HP)184
+417.6 S(ur)-12.78 E(ge e)-.18 E
+(xpired entries from the persistent host status database)-.15 E<ad42>72
+438 Q F2(type)A F1(Indicate body type.)43.03 E<ad43>72 454.2 Q F2
+(\214le)A F1 .947(Use a dif)47.47 F .946(ferent con\214guration \214le.)
+-.25 F F2(Sendmail)5.946 E F1 .946(runs as the in)3.446 F -.2(vo)-.4 G
+.946(king user \(rather than root\)).2 F
+(when this \215ag is speci\214ed.)144 466.2 Q<ad44>72 482.4 Q F2(lo)2.5
+E(g\214le)-.1 E F1(Send deb)31.74 E(ugging output to the indicated)-.2 E
+F2(lo)2.5 E(g\214le)-.1 E F1(instead of stdout.)2.5 E<ad64>72 498.6 Q F2
+(le)A(vel)-.15 E F1(Set deb)42.63 E(ugging le)-.2 E -.15(ve)-.25 G(l.)
+.15 E<ad66>72 514.8 Q F2(addr)2.5 E F1 .627(The en)41.64 F -.15(ve)-.4 G
+.627(lope sender address is set to).15 F F2(addr)3.127 E F1 5.627(.T)C
+.628(his address may also be used in the From:)-5.627 F .153
+(header if that header is missing during initial submission.)144 526.8 R
+.152(The en)5.152 F -.15(ve)-.4 G .152(lope sender address is).15 F
+1.263(used as the recipient for deli)144 538.8 R -.15(ve)-.25 G 1.263
+(ry status noti\214cations and may also appear in a Return-).15 F -.15
+(Pa)144 550.8 S(th: header).15 E(.)-.55 E<ad46>72 567 Q F2(name)2.5 E F1
+(Sets the full name of this user to)36.64 E F2(name)2.5 E F1(.)A 56.64
+(\255G When)72 583.2 R 1.176
+(accepting messages via the command line, indicate that the)3.677 F
+3.676(ya)-.15 G 1.176(re for relay \(g)-3.676 F(ate-)-.05 E -.1(wa)144
+595.2 S 2.215(y\) submission.).1 F 2.216
+(sendmail may complain about syntactically in)7.215 F -.25(va)-.4 G
+2.216(lid messages, e.g.,).25 F .037(unquali\214ed host names, rather t\
+han \214xing them when this \215ag is set.)144 607.2 R .037
+(sendmail will not do)5.037 F(an)144 619.2 Q 2.5(yc)-.15 G
+(anonicalization in this mode.)-2.5 E<ad68>72 635.4 Q F2(cnt)2.5 E F1
+.725(Sets the \231hop count\232 to)46.64 F F2(cnt)3.225 E F1 5.725(.T)C
+.726(his represents the number of times this message has been)-5.725 F
+.02(processed by)144 647.4 R F2(sendmail)2.52 E F1 .02(\(to the e)2.52 F
+.02(xtent that it is supported by the underlying netw)-.15 F(orks\).)-.1
+E F2(Cnt)5.02 E F1 1.521(is incremented during processing, and if it re\
+aches MAXHOP \(currently 25\))144 659.4 R F2(sendmail)4.021 E F1(thro)
+144 671.4 Q(ws a)-.25 E -.1(wa)-.15 G 2.5(yt).1 G
+(he message with an error)-2.5 E(.)-.55 E .32 LW 76 681 72 681 DL 80 681
+76 681 DL 84 681 80 681 DL 88 681 84 681 DL 92 681 88 681 DL 96 681 92
+681 DL 100 681 96 681 DL 104 681 100 681 DL 108 681 104 681 DL 112 681
+108 681 DL 116 681 112 681 DL 120 681 116 681 DL 124 681 120 681 DL 128
+681 124 681 DL 132 681 128 681 DL 136 681 132 681 DL 140 681 136 681 DL
+144 681 140 681 DL 148 681 144 681 DL 152 681 148 681 DL 156 681 152 681
+DL 160 681 156 681 DL 164 681 160 681 DL 168 681 164 681 DL 172 681 168
+681 DL 176 681 172 681 DL 180 681 176 681 DL 184 681 180 681 DL 188 681
+184 681 DL 192 681 188 681 DL 196 681 192 681 DL 200 681 196 681 DL 204
+681 200 681 DL 208 681 204 681 DL 212 681 208 681 DL 216 681 212 681 DL
+/F4 8/Times-Roman@0 SF(\207Deprecated.)93.6 693 Q F3
+(Sendmail Installation and Operation Guide)72 756 Q(SMM:08-107)190.86 E
+0 Cg EP
%%Page: 108 104
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 12/Times-Bold@0 SF 3<415050454e4449582042>250.002 98.4 R -.12<5155>
-220.29 141.6 S<4555452046494c4520464f524d41>.12 E<5453>-1.14 E/F1 10
-/Times-Roman@0 SF .101<5468697320617070656e6469782064657363726962657320
-74686520666f726d6174206f6620746865207175657565208c6c65732e>97 201 R .102
-<5468657365208c6c6573206c69>5.102 F .402 -.15<76652069>-.25 H 2.602
-<6e6171>.15 G .102<75657565206469726563746f7279>-2.602 F 5.102<2e54>-.65
-G .102<686520696e64692d>-5.102 F .331<76696475616c2071662c2068662c205166
-2c2064662c20616e64207866208c6c6573206d61792062652073746f72656420696e2073
-65706172617465>72 213 R/F2 10/Times-Italic@0 SF<71662f>2.831 E F1<2c>A
-F2<64662f>2.831 E F1 2.831<2c61>C<6e64>-2.831 E F2<78662f>2.831 E F1
-.331<7375626469726563746f7269657320696620746865>2.831 F 2.831<7961>-.15
-G .33<72652070726573656e74>-2.831 F
-<696e20746865207175657565206469726563746f7279>72 225 Q<2e>-.65 E .923
-<416c6c207175657565208c6c6573206861>97 241.2 R 1.223 -.15<76652074>-.2 H
-.923<6865206e616d65>.15 F F2<7474594d44686d734e4e7070707070>3.423 E F1
-<7768657265>3.424 E F2<594d44686d734e4e7070707070>3.424 E F1 .924
-<697320746865>3.424 F F2<6964>3.424 E F1 .924
-<666f722074686973206d65732d>3.424 F<7361676520616e6420746865>72 253.2 Q
-F2<7474>2.5 E F1<6973206120747970652e>2.5 E<54686520696e6469>5 E
-<76696475616c206c65747465727320696e20746865>-.25 E F2<6964>2.5 E F1
-<6172653a>2.5 E 28.78<5945>72 269.4 S<6e636f6465642079656172>-28.78 E
-27.11<4d45>72 285.6 S<6e636f646564206d6f6e7468>-27.11 E 28.78<4445>72
-301.8 S<6e636f64656420646179>-28.78 E 31<6845>72 318 S
-<6e636f64656420686f7572>-31 E 28.22<6d45>72 334.2 S
-<6e636f646564206d696e757465>-28.22 E 32.11<7345>72 350.4 S
-<6e636f646564207365636f6e64>-32.11 E 19.06<4e4e20456e636f646564>72 366.6
-R<656e>2.5 E -.15<7665>-.4 G<6c6f7065206e756d626572>.15 E 8.5
-<7070707070204174>72 382.8 R<6c65617374208c76>2.5 E 2.5<6564>-.15 G
-<6563696d616c20646967697473206f66207468652070726f63657373204944>-2.5 E
-.477
-<416c6c208c6c65732077697468207468652073616d6520696420636f6c6c65637469>97
-399 R -.15<7665>-.25 G .477<6c792064658c6e65206f6e65206d6573736167652e>
-.15 F .477<44756520746f2074686520757365206f66206d656d6f72792d62>5.477 F
-<7566>-.2 E .476<6665726564208c6c65732c>-.25 F
-<736f6d65206f66207468657365208c6c6573206d6179206e65>72 411 Q -.15<7665>
--.25 G 2.5<7261>.15 G<7070656172206f6e206469736b2e>-2.5 E
-<546865207479706573206172653a>97 427.2 Q 25.17<716620546865>72 443.4 R
-<717565756520636f6e74726f6c208c6c652e>2.5 E<54686973208c6c6520636f6e7461
-696e732074686520696e666f726d6174696f6e206e656365737361727920746f2070726f
-6365737320746865206a6f62>5 E<2e>-.4 E 25.17<686620546865>72 459.6 R
-<73616d65206173206120717565756520636f6e74726f6c208c6c652c2062>2.5 E
-<757420666f7220612071756172616e74696e6564207175657565206a6f62>-.2 E<2e>
--.4 E 25.17<646620546865>72 475.8 R .451<64617461208c6c652e>2.951 F .452
-<546865206d65737361676520626f6479202865>5.451 F .452
-<78636c7564696e67207468652068656164657229206973206b>-.15 F .452
-<65707420696e2074686973208c6c652e>-.1 F .452
-<536f6d6574696d657320746865206466208c6c65>5.452 F .183<6973206e6f742073
-746f72656420696e207468652073616d65206469726563746f7279206173207468652071
-66208c6c653b20696e207468697320636173652c20746865207166208c6c6520636f6e74
-61696e73206120606427207265636f7264207768696368>108 487.8 R<6e616d657320
-746865207175657565206469726563746f7279207468617420636f6e7461696e73207468
-65206466208c6c652e>108 499.8 Q 27.39<74662041>72 516 R .045
-<74656d706f72617279208c6c652e>2.545 F .045
-<5468697320697320616e20696d616765206f6620746865>5.045 F/F3 10
-/Times-Bold@0 SF<7166>2.546 E F1 .046
-<8c6c65207768656e206974206973206265696e6720726562>2.546 F 2.546
-<75696c742e204974>-.2 F .046
-<73686f756c642062652072656e616d656420746f2061>2.546 F F3<7166>108 528 Q
-F1<8c6c652076>2.5 E<65727920717569636b6c79>-.15 E<2e>-.65 E 25.17
-<78662041>72 544.2 R .567<7472616e736372697074208c6c652c2065>3.067 F
-.567<78697374696e6720647572696e6720746865206c696665206f6620612073657373
-696f6e2073686f>-.15 F .566<77696e672065>-.25 F -.15<7665>-.25 G .566
-<72797468696e6720746861742068617070656e7320647572696e672074686174>.15 F
-3.121<73657373696f6e2e20536f6d6574696d6573>108 556.2 R .622<746865207866
-208c6c65206d7573742062652067656e657261746564206265666f726520612071756575
-652067726f757020686173206265656e2073656c65637465643b20696e2074686973>
-3.121 F<636173652c20746865207866208c6c652077696c6c2062652073746f72656420
-696e2061206469726563746f7279206f662074686520646566>108 568.2 Q
-<61756c742071756575652067726f75702e>-.1 E 22.95<51662041>72 584.4 R -.74
-<6060>3.279 G<6c6f737427>.74 E 3.279<2771>-.74 G .779
-<7565756520636f6e74726f6c208c6c652e>-3.279 F F2<73656e646d61696c>5.778 E
-F1 .778<72656e616d65732061>3.278 F F3<7166>3.278 E F1 .778<8c6c6520746f>
-3.278 F F3<5166>3.278 E F1 .778<69662074686572652069732061207365>3.278 F
--.15<7665>-.25 G .778<72652028636f6e8c6775726174696f6e29>.15 F .256
-<70726f626c656d20746861742063616e6e6f7420626520736f6c76>108 596.4 R .256
-<656420776974686f75742068756d616e20696e74657276>-.15 F 2.756
-<656e74696f6e2e20536561726368>-.15 F .256
-<746865206c6f678c6c6520666f7220746865207175657565208c6c65206964>2.756 F
-.053<746f208c67757265206f757420776861742068617070656e65642e>108 608.4 R
-.052<416674657220796f75207265736f6c76>5.052 F .052
-<6564207468652070726f626c656d2c20796f752063616e2072656e616d6520746865>
--.15 F F3<5166>2.552 E F1 .052<8c6c6520746f>2.552 F F3<7166>2.552 E F1
-<616e64>2.552 E<73656e64206974206167>108 620.4 Q<61696e2e>-.05 E .74<54
-686520717565756520636f6e74726f6c208c6c6520697320737472756374757265642061
-73206120736572696573206f66206c696e65732065616368206265>97 636.6 R .741
-<67696e6e696e672077697468206120636f6465206c6574746572>-.15 F 5.741<2e54>
--.55 G .741<6865206c696e6573>-5.741 F<61726520617320666f6c6c6f>72 648.6
-Q<77733a>-.25 E 28.78<5654>72 664.8 S .82<68652076>-28.78 F .82<65727369
-6f6e206e756d626572206f6620746865207175657565208c6c6520666f726d61742c2075
-73656420746f20616c6c6f>-.15 F 3.319<776e>-.25 G -.25<6577>-3.319 G F2
-<73656e646d61696c>3.569 E F1 .819
-<62696e617269657320746f2072656164207175657565>3.319 F .003
-<8c6c65732063726561746564206279206f6c6465722076>108 676.8 R 2.504
-<657273696f6e732e20446566>-.15 F .004<61756c747320746f2076>-.1 F .004
-<657273696f6e207a65726f2e>-.15 F .004<4d75737420626520746865208c72737420
-6c696e65206f6620746865208c6c652069662070726573656e742e>5.004 F -.15
-<466f>108 688.8 S 2.5<7238>.15 G<2e3132207468652076>-2.5 E
-<657273696f6e206e756d62657220697320362e>-.15 E 28.78<4154>72 705 S 1.175
-<686520696e666f726d6174696f6e206769>-28.78 F -.15<7665>-.25 G 3.675
-<6e62>.15 G 3.675<7974>-3.675 G 1.175<68652041>-3.675 F 1.175
-<5554483d20706172616d65746572206f662074686520994d41494c204652>-.55 F
-1.175<4f4d3a9a20636f6d6d616e64206f7220246640246a206966>-.4 F
-<73656e646d61696c20686173206265656e2063616c6c6564206469726563746c79>108
-717 Q<2e>-.65 E F3 188.36<534d4d3a30382d3130382053656e646d61696c>72 756
-R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-0 Cg EP
+/F0 10/Times-Bold@0 SF 188.36(SMM:08-108 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF<ad4c>72
+96 Q/F2 10/Times-Italic@0 SF(ta)2.5 E(g)-.1 E F1 1.483
+(Sets the identi\214er used for syslog.)45.07 F 1.482
+(Note that this identi\214er is set as early as possible.)6.483 F(Ho)144
+108 Q(we)-.25 E -.15(ve)-.25 G -.4(r,).15 G F2(sendmail)2.915 E F1 .015
+(may be used if problems arise before the command line ar)2.515 F .016
+(guments are)-.18 F(processed.)144 120 Q 58.86(\255n Don')72 136.2 R 2.5
+(td)-.18 G 2.5(oa)-2.5 G(liasing or forw)-2.5 E(arding.)-.1 E<ad4e>72
+152.4 Q F2(noti\214cations)2.5 E F1 -.8(Ta)7.19 G 3.128(ga).8 G .628
+(ll addresses being sent as w)-3.128 F .628(anting the indicated)-.1 F
+F2(noti\214cations)3.128 E F1 3.127(,w)C .627(hich consists of the)
+-3.127 F -.1(wo)144 164.4 S .474
+(rd \231NEVER\232 or a comma-separated list of \231SUCCESS\232, \231F).1
+F .474(AILURE\232, and \231DELA)-.74 F<599a>-1.05 E .86
+(for successful deli)144 176.4 R -.15(ve)-.25 G(ry).15 E 3.36(,f)-.65 G
+.86(ailure, and a message that is stuck in a queue some)-3.46 F 3.36
+(where. The)-.25 F(def)144 188.4 Q(ault is \231F)-.1 E(AILURE,DELA)-.74
+E(Y\232.)-1.05 E<ad72>72 204.6 Q F2(addr)2.5 E F1(An obsolete form of)
+41.64 E F0<ad66>2.5 E F1(.)A<ad6f>72 220.8 Q F2 1.666(xv)C(alue)-1.666 E
+F1(Set option)33.594 E F2(x)2.5 E F1(to the speci\214ed)2.5 E F2(value)
+2.5 E F1 5(.T)C(hese options are described in Section 5.6.)-5 E<ad4f>72
+237 Q F2(option)A F0(=)A F2(value)A F1(Set)6.22 E F2(option)5.173 E F1
+2.674(to the speci\214ed)5.173 F F2(value)5.174 E F1 2.674
+(\(for long form option names\).)5.174 F 2.674(These options are)7.674 F
+(described in Section 5.6.)144 249 Q<ad4d>72 265.2 Q F2 1.666(xv)C(alue)
+-1.666 E F1(Set macro)29.704 E F2(x)2.5 E F1(to the speci\214ed)2.5 E F2
+(value)2.5 E F1(.)A<ad70>72 281.4 Q F2(pr)A(otocol)-.45 E F1 .401
+(Set the sending protocol.)27.92 F .401
+(Programs are encouraged to set this.)5.401 F .4
+(The protocol \214eld can be)5.401 F .114(in the form)144 293.4 R F2(pr)
+2.614 E(otocol)-.45 E F0(:)A F2(host)A F1 .114
+(to set both the sending protocol and sending host.)2.614 F -.15(Fo)
+5.115 G 2.615(re).15 G(xample,)-2.765 E 2.147(\231\255pUUCP:uunet\232 s\
+ets the sending protocol to UUCP and the sending host to uunet.)144
+305.4 R .973(\(Some e)144 317.4 R .974
+(xisting programs use \255oM to set the r and s macros; this is equi)
+-.15 F -.25(va)-.25 G .974(lent to using).25 F(\255p.\))144 329.4 Q
+<ad71>72 345.6 Q F2(time)A F1 -.35(Tr)44.14 G 3.2(yt).35 G 3.2(op)-3.2 G
+.7(rocess the queued up mail.)-3.2 F .7(If the time is gi)5.7 F -.15(ve)
+-.25 G(n,).15 E F2(sendmail)3.2 E F1 .7(will start one or more)3.2 F
+.011
+(processes to run through the queue\(s\) at the speci\214ed time interv)
+144 357.6 R .011(al to deli)-.25 F -.15(ve)-.25 G 2.511(rq).15 G .011
+(ueued mail;)-2.511 F .906(otherwise, it only runs once.)144 369.6 R
+.906(Each of these processes acts on a w)5.906 F 3.405(orkgroup. These)
+-.1 F(pro-)3.405 E .959(cesses are also kno)144 381.6 R .959(wn as w)
+-.25 F .959(orkgroup processes or WGP')-.1 F 3.459(sf)-.55 G .959
+(or short.)-3.459 F .96(Each w)5.96 F .96(orkgroup is)-.1 F .523
+(responsible for controlling the processing of one or more queues; w)144
+393.6 R .522(orkgroups help man-)-.1 F 1.268
+(age the use of system resources by sendmail.)144 405.6 R 1.268(Each w)
+6.268 F 1.268(orkgroup may ha)-.1 F 1.568 -.15(ve o)-.2 H 1.268
+(ne or more).15 F .357
+(children concurrently processing queues depending on the setting of)144
+417.6 R F2(MaxQueueChildr)2.856 E(en)-.37 E F1(.)A(\255qp)72 433.8 Q F2
+(time)A F1 1.174(Similar to \255q with a time ar)39.14 F 1.175
+(gument, e)-.18 F 1.175
+(xcept that instead of periodically starting WGP')-.15 F(s)-.55 E .7
+(sendmail starts persistent WGP')144 445.8 R 3.2(st)-.55 G .7
+(hat alternate between processing queues and sleeping.)-3.2 F 1.123
+(The sleep time is speci\214ed by the time ar)144 457.8 R 1.123
+(gument; it def)-.18 F 1.123(aults to 1 second, e)-.1 F 1.124
+(xcept that a)-.15 F 1.294(WGP al)144 469.8 R -.1(wa)-.1 G 1.293
+(ys sleeps at least 5 seconds if their queues were empty in the pre).1 F
+1.293(vious run.)-.25 F .138
+(Persistent processes are managed by a queue control process \(QCP\).)
+144 481.8 R .139(The QCP is the par)5.139 F(-)-.2 E .18
+(ent process of the WGP')144 493.8 R 2.679(s. T)-.55 F .179
+(ypically the QCP will be the sendmail daemon \(when started)-.8 F .424
+(with \255bd or \255bD\) or a special process \(named Queue control\) \
+\(when started without \255bd)144 505.8 R .72(or \255bD\).)144 517.8 R
+.72(If a persistent WGP ceases to be acti)5.72 F 1.019 -.15(ve f)-.25 H
+.719(or some reason another WGP will be).15 F .862
+(started by the QCP for the same w)144 529.8 R .862
+(orkgroup in most cases. When a persistent WGP has)-.1 F 1.008
+(core dumped, the deb)144 541.8 R 1.008(ug \215ag)-.2 F F2(no_per)3.508
+E(sistent_r)-.1 E(estart)-.37 E F1 1.007
+(is set or the speci\214c persistent WGP)3.508 F .676
+(has been restarted too man)144 553.8 R 3.176(yt)-.15 G .676
+(imes already then the WGP will not be started ag)-3.176 F .677
+(ain and a)-.05 F .876(message will be logged to this ef)144 565.8 R
+3.375(fect. T)-.25 F 3.375(os)-.8 G .875
+(top \(SIGTERM\) or restart \(SIGHUP\) persis-)-3.375 F .116(tent WGP')
+144 577.8 R 2.616(st)-.55 G .116
+(he appropriate signal should be sent to the QCP)-2.616 F 2.616(.T)-1.11
+G .116(he QCP will propag)-2.616 F .116(ate the)-.05 F
+(signal to all of the WGP')144 589.8 Q 2.5(sa)-.55 G
+(nd if appropriate restart the persistent WGP')-2.5 E(s.)-.55 E<ad71>72
+606 Q F2(Gname)A F1(Run the jobs in the queue group)32.48 E F2(name)2.5
+E F1(once.)2.5 E(\255q[!])72 622.2 Q F2(Xstring)A F1 .313
+(Run the queue once, limiting the jobs to those matching)21.92 F F2
+(Xstring)2.812 E F1 5.312(.T)C .312(he k)-5.312 F .612 -.15(ey l)-.1 H
+(etter).15 E F2(X)2.812 E F1 .312(can be)2.812 F F0(I)144 634.2 Q F1
+1.347(to limit based on queue identi\214er)3.847 F(,)-.4 E F0(R)3.847 E
+F1 1.347(to limit based on recipient,)3.847 F F0(S)3.847 E F1 1.347
+(to limit based on)3.847 F(sender)144 646.2 Q 4.758(,o)-.4 G(r)-4.758 E
+F0(Q)4.758 E F1 2.258
+(to limit based on quarantine reason for quarantined jobs.)4.758 F 4.757
+(Ap)7.257 G(articular)-4.757 E .062
+(queued job is accepted if one of the corresponding attrib)144 658.2 R
+.063(utes contains the indicated)-.2 F F2(string)2.563 E F1(.)A .779
+(The optional ! character ne)144 670.2 R -.05(ga)-.15 G .778
+(tes the condition tested.).05 F(Multiple)5.778 E F2(\255qX)3.278 E F1
+.778(\215ags are permitted,)3.278 F .622(with items with the same k)144
+682.2 R .922 -.15(ey l)-.1 H .622(etter \231or'ed\232 together).15 F
+3.122(,a)-.4 G .622(nd items with dif)-3.122 F .623(ferent k)-.25 F .923
+-.15(ey l)-.1 H(etters).15 E(\231and'ed\232 together)144 694.2 Q(.)-.55
+E 23.88(\255Q[reason] Quarantine)72 710.4 R .422
+(normal queue items with the gi)2.922 F -.15(ve)-.25 G 2.922(nr).15 G
+.422(eason or unquarantine quarantined queue)-2.922 F .963
+(items if no reason is gi)144 722.4 R -.15(ve)-.25 G 3.463(n. This).15 F
+.963(should only be used with some sort of item matching)3.463 F 0 Cg EP
%%Page: 109 105
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d313039>190.86 E
-/F1 10/Times-Roman@0 SF 28.78<4841>72 96 S .329
-<6865616465722064658c6e6974696f6e2e>-25.951 F .329
-<5468657265206d617920626520616e>5.329 F 2.829<796e>-.15 G .329
-<756d626572206f66207468657365206c696e65732e>-2.829 F .33
-<546865206f7264657220697320696d706f7274616e743a20746865>5.33 F 2.83
-<7972>-.15 G<657072652d>-2.83 E .046
-<73656e7420746865206f7264657220696e20746865208c6e616c206d6573736167652e>
-108 108 R .046<546865736520757365207468652073616d652073796e746178206173
-206865616465722064658c6e6974696f6e7320696e2074686520636f6e8c67752d>5.046
-F<726174696f6e208c6c652e>108 120 Q 29.33<4354>72 136.2 S .575
-<686520636f6e74726f6c6c696e6720616464726573732e>-29.33 F .575<5468652073
-796e74617820697320996c6f63616c757365723a616c6961736e616d659a2e>5.575 F
-.575<526563697069656e742061646472657373657320666f6c6c6f>5.575 F .575
-<77696e672074686973>-.25 F 2.814
-<6c696e652077696c6c206265208d616767656420736f20746861742064656c69>108
-148.2 R -.15<7665>-.25 G 2.814
-<726965732077696c6c2062652072756e20617320746865>.15 F/F2 10
-/Times-Italic@0 SF<6c6f63616c75736572>5.314 E F1 2.814
-<28612075736572206e616d652066726f6d20746865>5.314 F .561
-<2f6574632f706173737764208c6c65293b>108 160.2 R F2<616c6961736e616d65>
-3.061 E F1 .561
-<697320746865206e616d65206f662074686520616c69617320746861742065>3.061 F
-.562<7870616e64656420746f2074686973206164647265737320287573656420666f72
-207072696e742d>-.15 F<696e67206d65737361676573292e>108 172.2 Q 31<7154>
-72 188.4 S<68652071756172616e74696e6520726561736f6e20666f72207175617261
-6e74696e6564207175657565206974656d732e>-31 E 28.78<5154>72 204.6 S .798
-<68652060>-28.78 F .798<606f726967696e616c20726563697069656e7427>-.74 F
-.798<272c2073706563698c656420627920746865204f524350543d208c656c6420696e
-20616e2045534d5450207472616e73616374696f6e2e>-.74 F .797<557365642065>
-5.797 F<78636c752d>-.15 E<7369>108 216.6 Q -.15<7665>-.25 G
-<6c7920666f722044656c69>.15 E -.15<7665>-.25 G
-<727920537461747573204e6f74698c636174696f6e732e>.15 E
-<4974206170706c696573206f6e6c7920746f2074686520666f6c6c6f>5 E
-<77696e6720605227206c696e652e>-.25 E 32.67<7254>72 232.8 S .782
-<68652060>-32.67 F .782<608c6e616c20726563697069656e7427>-.74 F 3.282
-<2775>-.74 G .782<73656420666f722044656c69>-3.282 F -.15<7665>-.25 G
-.782<727920537461747573204e6f74698c636174696f6e732e>.15 F .782
-<4974206170706c696573206f6e6c7920746f2074686520666f6c6c6f>5.782 F .783
-<77696e6720605227>-.25 F<6c696e652e>108 244.8 Q 29.33<5241>72 261 S .705
-<726563697069656e7420616464726573732e>-26.125 F .705<546869732077696c6c
-206e6f726d616c6c7920626520636f6d706c6574656c7920616c69617365642c2062>
-5.705 F .705
-<75742069732061637475616c6c79207265616c6961736564207768656e20746865>-.2
-F .492<6a6f622069732070726f6365737365642e>108 273 R .492<54686572652077
-696c6c206265206f6e65206c696e6520666f72206561636820726563697069656e742e>
-5.492 F -1.11<5665>5.492 G .493<7273696f6e2031207166208c6c657320616c736f
-20696e636c7564652061206c6561642d>1.11 F .689<696e6720636f6c6f6e2d746572
-6d696e61746564206c697374206f66208d6167732c2077686963682063616e2062652060
-532720746f2072657475726e2061206d657373616765206f6e207375636365737366756c
-208c6e616c2064656c69>108 285 R<762d>-.25 E<657279>108 297 Q 3.327<2c60>
--.65 G .828<462720746f2072657475726e2061206d657373616765206f6e2066>
--3.327 F .828<61696c7572652c2060442720746f2072657475726e2061206d65737361
-676520696620746865206d6573736167652069732064656c617965642c2060422720746f>
--.1 F .941<696e64696361746520746861742074686520626f64792073686f756c6420
-62652072657475726e65642c20604e2720746f2073757070726573732072657475726e69
-6e672074686520626f6479>108 309 R 3.44<2c61>-.65 G .94
-<6e642060502720746f206465636c617265>-3.44 F<7468697320617320612060>108
-321 Q<607072696d61727927>-.74 E 2.5<2728>-.74 G<636f6d6d616e64206c696e65
-206f7220534d54502d73657373696f6e2920616464726573732e>-2.5 E 30.44<5354>
-72 337.2 S<68652073656e64657220616464726573732e>-30.44 E<5468657265206d
-6179206f6e6c79206265206f6e65206f66207468657365206c696e65732e>5 E 29.89
-<5454>72 353.4 S<6865206a6f62206372656174696f6e2074696d652e>-29.89 E<54
-686973206973207573656420746f20636f6d70757465207768656e20746f2074696d6520
-6f757420746865206a6f62>5 E<2e>-.4 E 30.44<5054>72 369.6 S .113
-<68652063757272656e74206d657373616765207072696f72697479>-30.44 F 5.113
-<2e54>-.65 G .113
-<686973206973207573656420746f206f72646572207468652071756575652e>-5.113 F
-.114<486967686572206e756d62657273206d65616e206c6f>5.114 F .114
-<776572207072696f72692d>-.25 F 3.677<746965732e20546865>108 381.6 R
-1.176<7072696f72697479206368616e67657320617320746865206d6573736167652073
-69747320696e207468652071756575652e>3.677 F 1.176
-<54686520696e697469616c207072696f7269747920646570656e6473206f6e20746865>
-6.176 F<6d65737361676520636c61737320616e64207468652073697a65206f66207468
-65206d6573736167652e>108 393.6 Q 27.11<4d41>72 409.8 S 2.703
-<6d6573736167652e2054686973>-24.407 F .203
-<6c696e65206973207072696e74656420627920746865>2.703 F F2<6d61696c71>
-2.703 E F1 .204<636f6d6d616e642c20616e642069732067656e6572616c6c79207573
-656420746f2073746f72652073746174757320696e666f72>2.704 F<2d>-.2 E 2.5
-<6d6174696f6e2e204974>108 421.8 R<63616e20636f6e7461696e20616e>2.5 E 2.5
-<7974>-.15 G -.15<6578>-2.5 G<742e>.15 E 30.44<4646>72 438 S .044<6c6167
-20626974732c20726570726573656e746564206173206f6e65206c657474657220706572
-208d61672e>-30.44 F .043<44658c6e6564208d6167206269747320617265>5.043 F
-F0<72>2.543 E F1 .043
-<696e6469636174696e6720746861742074686973206973206120726573706f6e7365>
-2.543 F .142<6d65737361676520616e64>108 450 R F0<77>2.642 E F1 .142
-<696e6469636174696e67207468617420612077>2.642 F .143<61726e696e67206d65
-737361676520686173206265656e2073656e7420616e6e6f756e63696e67207468617420
-746865206d61696c20686173206265656e>-.1 F 2.514
-<64656c617965642e204f74686572>108 462 R .014<8d61672062697473206172653a>
-2.514 F F0<38>2.514 E F1 2.514<3a74>C .013
-<686520626f647920636f6e7461696e73203862697420646174612c>-2.514 F F0<62>
-2.513 E F1 2.513<3a6142>C .013
-<63633a206865616465722073686f756c642062652072656d6f>-2.513 F -.15<7665>
--.15 G<642c>.15 E F0<64>2.513 E F1<3a>A .551<746865206d61696c2068617320
-52455420706172616d65746572732028736565205246432031383934292c>108 474 R
-F0<6e>3.052 E F1 3.052<3a74>C .552<686520626f6479206f6620746865206d6573
-736167652073686f756c64206e6f742062652072657475726e6564>-3.052 F
-<696e2063617365206f6620616e206572726f72>108 486 Q<2c>-.4 E F0<73>2.5 E
-F1 2.5<3a74>C<686520656e>-2.5 E -.15<7665>-.4 G
-<6c6f706520686173206265656e2073706c69742e>.15 E 28.78<4e54>72 502.2 S
-<686520746f74616c206e756d626572206f662064656c69>-28.78 E -.15<7665>-.25
-G<727920617474656d7074732e>.15 E 28.78<4b54>72 518.4 S<68652074696d6520
-286173207365636f6e64732073696e6365204a616e7561727920312c203139373029206f
-6620746865206c6173742064656c69>-28.78 E -.15<7665>-.25 G
-<727920617474656d70742e>.15 E 31<6449>72 534.6 S 3.15<6674>-31 G .65
-<6865206466208c6c6520697320696e206120646966>-3.15 F .65<666572656e742064
-69726563746f7279207468616e20746865207166208c6c652c207468656e206120606427
-207265636f72642069732070726573656e742c2073706563696679696e6720746865>
--.25 F<6469726563746f727920696e20776869636820746865206466208c6c65207265
-73696465732e>108 546.6 Q 32.67<4954>72 562.8 S .724<686520692d6e756d6265
-72206f66207468652064617461208c6c653b20746869732063616e206265207573656420
-746f207265636f>-32.67 F -.15<7665>-.15 G 3.225<7279>.15 G .725<6f757220
-6d61696c207175657565206166746572206120646973617374726f7573206469736b>
--3.225 F<63726173682e>108 574.8 Q 31<2441>72 591 S
-<6d6163726f2064658c6e6974696f6e2e>-28.5 E<5468652076>5 E<616c756573206f
-66206365727461696e206d6163726f732061726520706173736564207468726f75676820
-746f207468652071756575652072756e2070686173652e>-.25 E 29.33<4254>72
-607.2 S .925<686520626f647920747970652e>-29.33 F .925
-<5468652072656d61696e646572206f6620746865206c696e652069732061207465>
-5.925 F .925
-<787420737472696e672064658c6e696e672074686520626f647920747970652e>-.15 F
-.924<49662074686973208c656c64206973>5.924 F .009<6d697373696e672c207468
-6520626f6479207479706520697320617373756d656420746f2062652099756e64658c6e
-65649a20616e64206e6f207370656369616c2070726f63657373696e6720697320617474
-656d707465642e>108 619.2 R<4c65>5.009 E -.05<6761>-.15 G<6c>.05 E -.25
-<7661>108 631.2 S
-<6c756573206172652099374249549a20616e642099384249544d494d459a2e>.25 E
-29.89<5a54>72 647.4 S<6865206f726967696e616c20656e>-29.89 E -.15<7665>
--.4 G<6c6f7065206964202866726f6d207468652045534d5450207472616e7361637469
-6f6e292e>.15 E -.15<466f>5 G 2.5<7244>.15 G<656c69>-2.5 E -.15<7665>-.25
-G 2.5<7253>.15 G<7461747573204e6f74698c636174696f6e73206f6e6c79>-2.5 E
-<2e>-.65 E 4.073<417320616e2065>97 663.6 R 4.073
-<78616d706c652c2074686520666f6c6c6f>-.15 F 4.072<77696e6720697320612071
-75657565208c6c652073656e7420746f209965726963406d616d6d6f74682e4265726b>
--.25 F<656c65>-.1 E -.65<792e>-.15 G 4.072<4544559a20616e64>.65 F 0 Cg
-EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-109)190.86 E/F1 10/Times-Roman@0 SF(using)144 96 Q F0(\255q[!])
+2.5 E/F2 10/Times-Italic@0 SF(Xstring)A F1(as described abo)2.5 E -.15
+(ve)-.15 G(.).15 E(\255R ret)72 112.2 Q 1.687(What information you w)
+46.64 F 1.687(ant returned if the message bounces;)-.1 F F2 -.37(re)
+4.187 G(t).37 E F1 1.687(can be \231HDRS\232 for)4.187 F .877
+(headers only or \231FULL\232 for headers plus body)144 124.2 R 5.877
+(.T)-.65 G .878(his is a request only; the other end is)-5.877 F 1.309
+(not required to honor the parameter)144 136.2 R 6.309(.I)-.55 G 3.808
+<6699>-6.309 G 1.308(HDRS\232 is speci\214ed local bounces also return)
+-3.808 F(only the headers.)144 148.2 Q 61.08(\255t Read)72 164.4 R .752
+(the header for \231T)3.252 F .752
+(o:\232, \231Cc:\232, and \231Bcc:\232 lines, and send to e)-.8 F -.15
+(ve)-.25 G .752(ryone listed in those).15 F 2.54(lists. The)144 176.4 R
+.039(\231Bcc:\232 line will be deleted before sending.)2.54 F(An)5.039 E
+2.539(ya)-.15 G .039(ddresses in the ar)-2.539 F .039(gument v)-.18 F
+(ec-)-.15 E(tor will be deleted from the send list.)144 188.4 Q
+(\255V en)72 204.6 Q 32.32(vid The)-.4 F(indicated)3.179 E F2(en)3.179 E
+(vid)-.4 E F1 .679(is passed with the en)3.179 F -.15(ve)-.4 G .68
+(lope of the message and returned if the mes-).15 F(sage bounces.)144
+216.6 Q<ad58>72 232.8 Q F2(lo)2.5 E(g\214le)-.1 E F1 .725(Log all traf)
+31.74 F .725(\214c in and out of)-.25 F F2(sendmail)3.225 E F1 .725
+(in the indicated)3.225 F F2(lo)3.224 E(g\214le)-.1 E F1 .724(for deb)
+3.224 F .724(ugging mailer prob-)-.2 F 2.5(lems. This)144 244.8 R
+(produces a lot of data v)2.5 E
+(ery quickly and should be used sparingly)-.15 E(.)-.65 E .637
+(There are a number of options that may be speci\214ed as primiti)97 261
+R .938 -.15(ve \215)-.25 H 3.138(ags. These).15 F .638
+(are the e, i, m, and v)3.138 F 3.785(options. Also,)72 273 R 1.285
+(the f option may be speci\214ed as the)3.785 F F0<ad73>3.784 E F1 3.784
+(\215ag. The)3.784 F 1.284
+(DSN related options \231\255N\232, \231\255R\232, and)3.784 F
+<99ad569a206861>72 285 Q .3 -.15(ve n)-.2 H 2.5(oe).15 G -.25(ff)-2.5 G
+(ects on).25 E F2(sendmail)2.5 E F1(running as daemon.)2.5 E 0 Cg EP
%%Page: 110 106
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 188.36<534d4d3a30382d3131302053656e646d61696c>72
-60 R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>
-2.5 E/F1 10/Times-Roman@0 SF<99626f73746963406f6b>72 98 Q<656566>-.1 E
-<66652e43532e4265726b>-.25 E<656c65>-.1 E -.65<792e>-.15 G<4544559a>.65
-E/F2 7/Times-Roman@0 SF<31>-4 I F1<3a>4 I<5634>112 114.2 Q
-<54373131333538313335>112 126.2 Q<4b393034343436343930>112 138.2 Q<4e30>
-112 150.2 Q<5032313030393431>112 162.2 Q
-<245f65726963406c6f63616c686f7374>112 174.2 Q
-<247b6461656d6f6e5f8d6167737d>112 186.2 Q<5365726963>112 198.2 Q
-<43657269633a3130303a313030303a73656e646d61696c4076>112 210.2 Q
-<616e676f67682e43532e4265726b>-.25 E<656c65>-.1 E -.65<792e>-.15 G
-<454455>.65 E<525046443a65726963406d616d6d6f74682e4265726b>112 222.2 Q
-<656c65>-.1 E -.65<792e>-.15 G<454455>.65 E
-<525046443a626f73746963406f6b>112 234.2 Q<656566>-.1 E
-<66652e43532e4265726b>-.25 E<656c65>-.1 E -.65<792e>-.15 G<454455>.65 E
-<483f503f52657475726e2d706174683a203c5e673e>112 246.2 Q
-<483f3f5265636569>112 258.2 Q -.15<7665>-.25 G<643a2062792076>.15 E
-<616e676f67682e43532e4265726b>-.25 E<656c65>-.1 E -.65<792e>-.15 G
-<4544552028352e3130382f322e37292069642041414130363730333b>.65 E
-<4672692c203137204a756c20313939322030303a32383a3535202d30373030>132
-270.2 Q<483f3f5265636569>112 282.2 Q -.15<7665>-.25 G
-<643a2066726f6d206d61696c2e43532e4265726b>.15 E<656c65>-.1 E -.65<792e>
--.15 G<4544552062792076>.65 E<616e676f67682e43532e4265726b>-.25 E
-<656c65>-.1 E -.65<792e>-.15 G<4544552028352e3130382f322e3729>.65 E<6964
-2041414130363639383b204672692c203137204a756c20313939322030303a32383a3534
-202d30373030>132 294.2 Q<483f3f5265636569>112 306.2 Q -.15<7665>-.25 G<
-643a2066726f6d205b3132382e33322e33312e32315d206279206d61696c2e43532e4265
-726b>.15 E<656c65>-.1 E -.65<792e>-.15 G<4544552028352e39362f322e3529>
-.65 E<696420414132323737373b204672692c203137204a756c20313939322030333a32
-393a3134202d30343030>132 318.2 Q<483f3f5265636569>112 330.2 Q -.15<7665>
--.25 G<643a20627920666f6f2e626172>.15 E
-<2e62617a2e64652028352e35372f556c74726978332e302d4329>-.55 E<6964204141
-32323735373b204672692c203137204a756c20313939322030393a33313a323520474d54>
-132 342.2 Q<483f463f46726f6d3a206572696340666f6f2e626172>112 354.2 Q
-<2e62617a2e646520284572696320416c6c6d616e29>-.55 E
-<483f783f46756c6c2d6e616d653a204572696320416c6c6d616e>112 366.2 Q<483f3f
-4d6573736167652d69643a203c393230373137303933312e4141323237353740666f6f2e
-626172>112 378.2 Q<2e62617a2e64653e>-.55 E<483f3f54>112 390.2 Q
-<6f3a2073656e646d61696c4076>-.8 E<616e676f67682e43532e4265726b>-.25 E
-<656c65>-.1 E -.65<792e>-.15 G<454455>.65 E
-<483f3f5375626a6563743a207468697320697320616e2065>112 402.2 Q
-<78616d706c65206d657373616765>-.15 E .658<546869732073686f>72 418.4 R
-.658<77732074686520706572736f6e2077686f2073656e7420746865206d6573736167
-652c20746865207375626d697373696f6e2074696d652028696e207365636f6e64732073
-696e6365204a616e7561727920312c2031393730292c20746865>-.25 F
-<6d657373616765207072696f72697479>72 430.4 Q 2.5<2c74>-.65 G<6865206d65
-737361676520636c6173732c2074686520726563697069656e74732c20616e6420746865
-206865616465727320666f7220746865206d6573736167652e>-2.5 E .32 LW 76
-678.8 72 678.8 DL 80 678.8 76 678.8 DL 84 678.8 80 678.8 DL 88 678.8 84
-678.8 DL 92 678.8 88 678.8 DL 96 678.8 92 678.8 DL 100 678.8 96 678.8 DL
-104 678.8 100 678.8 DL 108 678.8 104 678.8 DL 112 678.8 108 678.8 DL 116
-678.8 112 678.8 DL 120 678.8 116 678.8 DL 124 678.8 120 678.8 DL 128
-678.8 124 678.8 DL 132 678.8 128 678.8 DL 136 678.8 132 678.8 DL 140
-678.8 136 678.8 DL 144 678.8 140 678.8 DL 148 678.8 144 678.8 DL 152
-678.8 148 678.8 DL 156 678.8 152 678.8 DL 160 678.8 156 678.8 DL 164
-678.8 160 678.8 DL 168 678.8 164 678.8 DL 172 678.8 168 678.8 DL 176
-678.8 172 678.8 DL 180 678.8 176 678.8 DL 184 678.8 180 678.8 DL 188
-678.8 184 678.8 DL 192 678.8 188 678.8 DL 196 678.8 192 678.8 DL 200
-678.8 196 678.8 DL 204 678.8 200 678.8 DL 208 678.8 204 678.8 DL 212
-678.8 208 678.8 DL 216 678.8 212 678.8 DL/F3 5/Times-Roman@0 SF<31>93.6
-689.2 Q/F4 8/Times-Roman@0 SF .718<546869732065>3.2 J .718
-<78616d706c6520697320636f6e747269>-.12 F -.12<7665>-.2 G 2.718<6461>.12
-G .718
-<6e642070726f6261626c7920696e616363757261746520666f7220796f757220656e>
--2.718 F 2.719<7669726f6e6d656e742e20476c616e6365>-.32 F -.12<6f7665>
-2.719 G 2.719<7269>.12 G 2.719<7474>-2.719 G 2.719<6f67>-2.719 G .719
-<657420616e20696465613b206e6f7468696e672063616e207265706c616365>-2.719 F
-<6c6f6f6b696e67206174207768617420796f7572206f>72 702 Q
-<776e2073797374656d2067656e6572617465732e>-.2 E 0 Cg EP
+/F0 12/Times-Bold@0 SF 3(APPENDIX B)250.002 98.4 R -.12(QU)220.29 141.6
+S(EUE FILE FORMA).12 E(TS)-1.14 E/F1 10/Times-Roman@0 SF .101
+(This appendix describes the format of the queue \214les.)97 201 R .102
+(These \214les li)5.102 F .402 -.15(ve i)-.25 H 2.602(naq).15 G .102
+(ueue directory)-2.602 F 5.102(.T)-.65 G .102(he indi-)-5.102 F .331
+(vidual qf, hf, Qf, df, and xf \214les may be stored in separate)72 213
+R/F2 10/Times-Italic@0 SF(qf/)2.831 E F1(,)A F2(df/)2.831 E F1 2.831(,a)
+C(nd)-2.831 E F2(xf/)2.831 E F1 .331(subdirectories if the)2.831 F 2.831
+(ya)-.15 G .33(re present)-2.831 F(in the queue directory)72 225 Q(.)
+-.65 E .923(All queue \214les ha)97 241.2 R 1.223 -.15(ve t)-.2 H .923
+(he name).15 F F2(ttYMDhmsNNppppp)3.423 E F1(where)3.424 E F2
+(YMDhmsNNppppp)3.424 E F1 .924(is the)3.424 F F2(id)3.424 E F1 .924
+(for this mes-)3.424 F(sage and the)72 253.2 Q F2(tt)2.5 E F1
+(is a type.)2.5 E(The indi)5 E(vidual letters in the)-.25 E F2(id)2.5 E
+F1(are:)2.5 E 28.78(YE)72 269.4 S(ncoded year)-28.78 E 27.11(ME)72 285.6
+S(ncoded month)-27.11 E 28.78(DE)72 301.8 S(ncoded day)-28.78 E 31(hE)72
+318 S(ncoded hour)-31 E 28.22(mE)72 334.2 S(ncoded minute)-28.22 E 32.11
+(sE)72 350.4 S(ncoded second)-32.11 E 19.06(NN Encoded)72 366.6 R(en)2.5
+E -.15(ve)-.4 G(lope number).15 E 8.5(ppppp At)72 382.8 R(least \214v)
+2.5 E 2.5(ed)-.15 G(ecimal digits of the process ID)-2.5 E .477
+(All \214les with the same id collecti)97 399 R -.15(ve)-.25 G .477
+(ly de\214ne one message.).15 F .477(Due to the use of memory-b)5.477 F
+(uf)-.2 E .476(fered \214les,)-.25 F(some of these \214les may ne)72 411
+Q -.15(ve)-.25 G 2.5(ra).15 G(ppear on disk.)-2.5 E(The types are:)97
+427.2 Q 25.17(qf The)72 443.4 R(queue control \214le.)2.5 E
+(This \214le contains the information necessary to process the job)5 E
+(.)-.4 E 25.17(hf The)72 459.6 R(same as a queue control \214le, b)2.5 E
+(ut for a quarantined queue job)-.2 E(.)-.4 E 25.17(df The)72 475.8 R
+.451(data \214le.)2.951 F .452(The message body \(e)5.451 F .452
+(xcluding the header\) is k)-.15 F .452(ept in this \214le.)-.1 F .452
+(Sometimes the df \214le)5.452 F .183(is not stored in the same directo\
+ry as the qf \214le; in this case, the qf \214le contains a `d' record \
+which)108 487.8 R
+(names the queue directory that contains the df \214le.)108 499.8 Q
+27.39(tf A)72 516 R .045(temporary \214le.)2.545 F .045
+(This is an image of the)5.045 F/F3 10/Times-Bold@0 SF(qf)2.546 E F1
+.046(\214le when it is being reb)2.546 F 2.546(uilt. It)-.2 F .046
+(should be renamed to a)2.546 F F3(qf)108 528 Q F1(\214le v)2.5 E
+(ery quickly)-.15 E(.)-.65 E 25.17(xf A)72 544.2 R .567
+(transcript \214le, e)3.067 F .567
+(xisting during the life of a session sho)-.15 F .566(wing e)-.25 F -.15
+(ve)-.25 G .566(rything that happens during that).15 F 3.121
+(session. Sometimes)108 556.2 R .622(the xf \214le must be generated be\
+fore a queue group has been selected; in this)3.121 F
+(case, the xf \214le will be stored in a directory of the def)108 568.2
+Q(ault queue group.)-.1 E 22.95(Qf A)72 584.4 R -.74(``)3.279 G(lost')
+.74 E 3.279('q)-.74 G .779(ueue control \214le.)-3.279 F F2(sendmail)
+5.778 E F1 .778(renames a)3.278 F F3(qf)3.278 E F1 .778(\214le to)3.278
+F F3(Qf)3.278 E F1 .778(if there is a se)3.278 F -.15(ve)-.25 G .778
+(re \(con\214guration\)).15 F .256(problem that cannot be solv)108 596.4
+R .256(ed without human interv)-.15 F 2.756(ention. Search)-.15 F .256
+(the log\214le for the queue \214le id)2.756 F .053
+(to \214gure out what happened.)108 608.4 R .052(After you resolv)5.052
+F .052(ed the problem, you can rename the)-.15 F F3(Qf)2.552 E F1 .052
+(\214le to)2.552 F F3(qf)2.552 E F1(and)2.552 E(send it ag)108 620.4 Q
+(ain.)-.05 E .74
+(The queue control \214le is structured as a series of lines each be)97
+636.6 R .741(ginning with a code letter)-.15 F 5.741(.T)-.55 G .741
+(he lines)-5.741 F(are as follo)72 648.6 Q(ws:)-.25 E 28.78(VT)72 664.8
+S .82(he v)-28.78 F .82
+(ersion number of the queue \214le format, used to allo)-.15 F 3.319(wn)
+-.25 G -.25(ew)-3.319 G F2(sendmail)3.569 E F1 .819
+(binaries to read queue)3.319 F .003(\214les created by older v)108
+676.8 R 2.504(ersions. Def)-.15 F .004(aults to v)-.1 F .004
+(ersion zero.)-.15 F .004
+(Must be the \214rst line of the \214le if present.)5.004 F -.15(Fo)108
+688.8 S 2.5(r8).15 G(.12 the v)-2.5 E(ersion number is 6.)-.15 E 28.78
+(AT)72 705 S 1.175(he information gi)-28.78 F -.15(ve)-.25 G 3.675(nb)
+.15 G 3.675(yt)-3.675 G 1.175(he A)-3.675 F 1.175
+(UTH= parameter of the \231MAIL FR)-.55 F 1.175
+(OM:\232 command or $f@$j if)-.4 F(sendmail has been called directly)108
+717 Q(.)-.65 E F3 188.36(SMM:08-110 Sendmail)72 756 R
+(Installation and Operation Guide)2.5 E 0 Cg EP
%%Page: 111 107
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 12/Times-Bold@0 SF 3<415050454e4449582043>249.672 98.4 R
-<53554d4d4152>198.282 141.6 Q 3<594f>-.42 G 3<4653>-3 G<5550504f52>-3 E
-3<5446>-.48 G<494c4553>-3 E/F1 10/Times-Roman@0 SF 1.519<54686973206973
-20612073756d6d617279206f662074686520737570706f7274208c6c65732074686174>
-97 201 R/F2 10/Times-Italic@0 SF<73656e646d61696c>4.019 E F1 1.52
-<63726561746573206f722067656e6572617465732e>4.019 F<4d616e>6.52 E 4.02
-<796f>-.15 G 4.02<6674>-4.02 G 1.52<686573652063616e206265>-4.02 F<6368
-616e6765642062792065646974696e67207468652073656e646d61696c2e6366208c6c65
-3b20636865636b20746865726520746f208c6e64207468652061637475616c2070617468
-6e616d65732e>72 213 Q<2f7573722f7362696e2f73656e646d61696c>72 229.2 Q
-<5468652062696e617279206f66>144 241.2 Q F2<73656e646d61696c>2.5 E F1<2e>
-A<2f7573722f62696e2f6e65>72 257.4 Q -.1<7761>-.25 G<6c6961736573>.1 E
-3.735<416c>144 269.4 S 1.235<696e6b20746f202f7573722f7362696e2f73656e64
-6d61696c3b206361757365732074686520616c69617320646174616261736520746f2062
-6520726562>-3.735 F 3.734<75696c742e2052756e6e696e67>-.2 F 1.234
-<746869732070726f2d>3.734 F
-<6772616d20697320636f6d706c6574656c792065717569>144 281.4 Q -.25<7661>
--.25 G<6c656e7420746f206769>.25 E<76696e67>-.25 E F2<73656e646d61696c>
-2.5 E F1<746865>2.5 E/F3 10/Times-Bold@0 SF<ad6269>2.5 E F1<8d61672e>2.5
-E 13.38<2f7573722f62696e2f6d61696c71205072696e7473>72 297.6 R 3.702
-<616c>3.702 G 1.202<697374696e67206f6620746865206d61696c2071756575652e>
--3.702 F 1.203<546869732070726f6772616d2069732065717569>6.202 F -.25
-<7661>-.25 G 1.203<6c656e7420746f207573696e6720746865>.25 F F3<ad6270>
-3.703 E F1 1.203<8d616720746f>3.703 F F2<73656e646d61696c>144 309.6 Q F1
-<2e>A<2f6574632f6d61696c2f73656e646d61696c2e6366>72 325.8 Q
-<54686520636f6e8c6775726174696f6e208c6c652c20696e207465>144 337.8 Q
-<787475616c20666f726d2e>-.15 E 1.72
-<2f6574632f6d61696c2f68656c708c6c6520546865>72 354 R
-<534d54502068656c70208c6c652e>2.5 E
-<2f6574632f6d61696c2f73746174697374696373>72 370.2 Q 2.5<4173>144 382.2
-S
-<746174697374696373208c6c653b206e656564206e6f742062652070726573656e742e>
--2.5 E<2f6574632f6d61696c2f73656e646d61696c2e706964>72 398.4 Q .318<4372
-656174656420696e206461656d6f6e206d6f64653b20697420636f6e7461696e73207468
-652070726f63657373206964206f66207468652063757272656e7420534d545020646165
-6d6f6e2e>144 410.4 R .318<496620796f75>5.318 F 1.047
-<757365207468697320696e20736372697074733b207573652060>144 422.4 R 1.047
-<606865616420ad3127>-.74 F 3.548<2774>-.74 G 3.548<6f67>-3.548 G 1.048<
-6574206a75737420746865208c727374206c696e653b20746865207365636f6e64206c69
-6e6520636f6e7461696e7320746865>-3.548 F .68
-<636f6d6d616e64206c696e65207573656420746f20696e>144 434.4 R -.2<766f>-.4
-G .879 -.1<6b652074>.2 H .679
-<6865206461656d6f6e2c20616e64206c617465722076>.1 F .679
-<657273696f6e73206f66>-.15 F F2<73656e646d61696c>3.179 E F1 .679
-<6d617920616464206d6f7265>3.179 F
-<696e666f726d6174696f6e20746f2073756273657175656e74206c696e65732e>144
-446.4 Q 5.06<2f6574632f6d61696c2f616c696173657320546865>72 462.6 R<7465>
-2.5 E<787475616c2076>-.15 E
-<657273696f6e206f662074686520616c696173208c6c652e>-.15 E
-<2f6574632f6d61696c2f616c69617365732e6462>72 478.8 Q
-<54686520616c696173208c6c6520696e>144 490.8 Q F2<68617368>2.5 E F1
-<28332920666f726d61742e>1.666 E
-<2f6574632f6d61696c2f616c69617365732e7b7061672c6469727d>72 507 Q
-<54686520616c696173208c6c6520696e>144 519 Q F2<6e64626d>2.5 E F1
-<28332920666f726d61742e>1.666 E<2f76>72 535.2 Q
-<61722f73706f6f6c2f6d7175657565>-.25 E<546865206469726563746f727920696e
-20776869636820746865206d61696c20717565756528732920616e642074656d706f7261
-7279208c6c6573207265736964652e>144 547.2 Q<2f76>72 563.4 Q
-<61722f73706f6f6c2f6d71756575652f71662a>-.25 E
-<436f6e74726f6c2028717565756529208c6c657320666f72206d657373616765732e>
-144 575.4 Q<2f76>72 591.6 Q<61722f73706f6f6c2f6d71756575652f64662a>-.25
-E<44617461208c6c65732e>144 603.6 Q<2f76>72 619.8 Q
-<61722f73706f6f6c2f6d71756575652f74662a>-.25 E -.7<5465>144 631.8 S
-<6d706f726172792076>.7 E<657273696f6e73206f6620746865207166208c6c65732c
-207573656420647572696e67207175657565208c6c6520726562>-.15 E<75696c642e>
--.2 E<2f76>72 648 Q<61722f73706f6f6c2f6d71756575652f78662a>-.25 E 2.5
-<4174>144 660 S
-<72616e736372697074206f66207468652063757272656e742073657373696f6e2e>-2.5
-E F3<53656e646d61696c20496e7374616c6c6174696f6e20616e64204f706572617469
-6f6e204775696465>72 756 Q<534d4d3a30382d313131>190.86 E 0 Cg EP
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-111)190.86 E/F1 10/Times-Roman@0 SF 28.78(HA)72 96 S .329
+(header de\214nition.)-25.951 F .329(There may be an)5.329 F 2.829(yn)
+-.15 G .329(umber of these lines.)-2.829 F .33
+(The order is important: the)5.33 F 2.83(yr)-.15 G(epre-)-2.83 E .046
+(sent the order in the \214nal message.)108 108 R .046
+(These use the same syntax as header de\214nitions in the con\214gu-)
+5.046 F(ration \214le.)108 120 Q 29.33(CT)72 136.2 S .575
+(he controlling address.)-29.33 F .575
+(The syntax is \231localuser:aliasname\232.)5.575 F .575
+(Recipient addresses follo)5.575 F .575(wing this)-.25 F 2.814
+(line will be \215agged so that deli)108 148.2 R -.15(ve)-.25 G 2.814
+(ries will be run as the).15 F/F2 10/Times-Italic@0 SF(localuser)5.314 E
+F1 2.814(\(a user name from the)5.314 F .561(/etc/passwd \214le\);)108
+160.2 R F2(aliasname)3.061 E F1 .561(is the name of the alias that e)
+3.061 F .562(xpanded to this address \(used for print-)-.15 F
+(ing messages\).)108 172.2 Q 31(qT)72 188.4 S
+(he quarantine reason for quarantined queue items.)-31 E 28.78(QT)72
+204.6 S .798(he `)-28.78 F .798(`original recipient')-.74 F .798
+(', speci\214ed by the ORCPT= \214eld in an ESMTP transaction.)-.74 F
+.797(Used e)5.797 F(xclu-)-.15 E(si)108 216.6 Q -.15(ve)-.25 G
+(ly for Deli).15 E -.15(ve)-.25 G(ry Status Noti\214cations.).15 E
+(It applies only to the follo)5 E(wing `R' line.)-.25 E 32.67(rT)72
+232.8 S .782(he `)-32.67 F .782(`\214nal recipient')-.74 F 3.282('u)-.74
+G .782(sed for Deli)-3.282 F -.15(ve)-.25 G .782
+(ry Status Noti\214cations.).15 F .782(It applies only to the follo)
+5.782 F .783(wing `R')-.25 F(line.)108 244.8 Q 29.33(RA)72 261 S .705
+(recipient address.)-26.125 F .705
+(This will normally be completely aliased, b)5.705 F .705
+(ut is actually realiased when the)-.2 F .492(job is processed.)108 273
+R .492(There will be one line for each recipient.)5.492 F -1.11(Ve)5.492
+G .493(rsion 1 qf \214les also include a lead-)1.11 F .986(ing colon-te\
+rminated list of \215ags, some of which are `S' to return a message on \
+successful \214nal)108 285 R(deli)108 297 Q -.15(ve)-.25 G(ry).15 E
+2.825(,`)-.65 G .325(F' to return a message on f)-2.825 F .326
+(ailure, `D' to return a message if the message is delayed, `N')-.1 F
+.842(to suppress returning the body)108 309 R 3.342(,a)-.65 G .842
+(nd `P' to declare this as a `)-3.342 F(`primary')-.74 E 3.342('\()-.74
+G .841(command line or SMTP-)-3.342 F(session\) address.)108 321 Q 30.44
+(ST)72 337.2 S(he sender address.)-30.44 E
+(There may only be one of these lines.)5 E 29.89(TT)72 353.4 S
+(he job creation time.)-29.89 E
+(This is used to compute when to time out the job)5 E(.)-.4 E 30.44(PT)
+72 369.6 S .113(he current message priority)-30.44 F 5.113(.T)-.65 G
+.113(his is used to order the queue.)-5.113 F .114
+(Higher numbers mean lo)5.114 F .114(wer priori-)-.25 F 3.677(ties. The)
+108 381.6 R 1.176(priority changes as the message sits in the queue.)
+3.677 F 1.176(The initial priority depends on the)6.176 F
+(message class and the size of the message.)108 393.6 Q 27.11(MA)72
+409.8 S 2.703(message. This)-24.407 F .203(line is printed by the)2.703
+F F2(mailq)2.703 E F1 .204
+(command, and is generally used to store status infor)2.704 F(-)-.2 E
+2.5(mation. It)108 421.8 R(can contain an)2.5 E 2.5(yt)-.15 G -.15(ex)
+-2.5 G(t.).15 E 30.44(FF)72 438 S .044
+(lag bits, represented as one letter per \215ag.)-30.44 F .043
+(De\214ned \215ag bits are)5.043 F F0(r)2.543 E F1 .043
+(indicating that this is a response)2.543 F .142(message and)108 450 R
+F0(w)2.642 E F1 .142(indicating that a w)2.642 F .143
+(arning message has been sent announcing that the mail has been)-.1 F
+2.514(delayed. Other)108 462 R .014(\215ag bits are:)2.514 F F0(8)2.514
+E F1 2.514(:t)C .013(he body contains 8bit data,)-2.514 F F0(b)2.513 E
+F1 2.513(:aB)C .013(cc: header should be remo)-2.513 F -.15(ve)-.15 G
+(d,).15 E F0(d)2.513 E F1(:)A .551
+(the mail has RET parameters \(see RFC 1894\),)108 474 R F0(n)3.052 E F1
+3.052(:t)C .552(he body of the message should not be returned)-3.052 F
+(in case of an error)108 486 Q(,)-.4 E F0(s)2.5 E F1 2.5(:t)C(he en)-2.5
+E -.15(ve)-.4 G(lope has been split.).15 E 28.78(NT)72 502.2 S
+(he total number of deli)-28.78 E -.15(ve)-.25 G(ry attempts.).15 E
+28.78(KT)72 518.4 S
+(he time \(as seconds since January 1, 1970\) of the last deli)-28.78 E
+-.15(ve)-.25 G(ry attempt.).15 E 31(dI)72 534.6 S 3.15(ft)-31 G .65
+(he df \214le is in a dif)-3.15 F .65(ferent directory than the qf \214\
+le, then a `d' record is present, specifying the)-.25 F
+(directory in which the df \214le resides.)108 546.6 Q 32.67(IT)72 562.8
+S .724(he i-number of the data \214le; this can be used to reco)-32.67 F
+-.15(ve)-.15 G 3.225(ry).15 G .725
+(our mail queue after a disastrous disk)-3.225 F(crash.)108 574.8 Q 31
+($A)72 591 S(macro de\214nition.)-28.5 E(The v)5 E
+(alues of certain macros are passed through to the queue run phase.)-.25
+E 29.33(BT)72 607.2 S .925(he body type.)-29.33 F .925
+(The remainder of the line is a te)5.925 F .925
+(xt string de\214ning the body type.)-.15 F .924(If this \214eld is)
+5.924 F .009(missing, the body type is assumed to be \231unde\214ned\
+\232 and no special processing is attempted.)108 619.2 R(Le)5.009 E -.05
+(ga)-.15 G(l).05 E -.25(va)108 631.2 S
+(lues are \2317BIT\232 and \2318BITMIME\232.).25 E 29.89(ZT)72 647.4 S
+(he original en)-29.89 E -.15(ve)-.4 G
+(lope id \(from the ESMTP transaction\).).15 E -.15(Fo)5 G 2.5(rD).15 G
+(eli)-2.5 E -.15(ve)-.25 G 2.5(rS).15 G(tatus Noti\214cations only)-2.5
+E(.)-.65 E 4.073(As an e)97 663.6 R 4.073(xample, the follo)-.15 F 4.072
+(wing is a queue \214le sent to \231eric@mammoth.Berk)-.25 F(ele)-.1 E
+-.65(y.)-.15 G 4.072(EDU\232 and).65 F 0 Cg EP
%%Page: 112 108
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 188.36<534d4d3a30382d3131322053656e646d61696c>72
-60 R<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>
-2.5 E/F1 10/Times-Roman@0 SF
-<54686973207061676520696e74656e74696f6e616c6c79206c65667420626c616e6b3b>
-256.225 300 Q<7265706c6163652069742077697468206120626c616e6b207368656574
-20666f7220646f75626c652d7369646564206f75747075742e>218.6 312 Q 0 Cg EP
-%%Page: 3 109
+/F0 10/Times-Bold@0 SF 188.36(SMM:08-112 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(\231bostic@ok)72 98 Q(eef)-.1 E(fe.CS.Berk)-.25 E(ele)-.1 E -.65(y.)
+-.15 G(EDU\232).65 E/F2 7/Times-Roman@0 SF(1)-4 I F1(:)4 I(V4)112 114.2
+Q(T711358135)112 126.2 Q(K904446490)112 138.2 Q(N0)112 150.2 Q(P2100941)
+112 162.2 Q($_eric@localhost)112 174.2 Q(${daemon_\215ags})112 186.2 Q
+(Seric)112 198.2 Q(Ceric:100:1000:sendmail@v)112 210.2 Q(angogh.CS.Berk)
+-.25 E(ele)-.1 E -.65(y.)-.15 G(EDU).65 E(RPFD:eric@mammoth.Berk)112
+222.2 Q(ele)-.1 E -.65(y.)-.15 G(EDU).65 E(RPFD:bostic@ok)112 234.2 Q
+(eef)-.1 E(fe.CS.Berk)-.25 E(ele)-.1 E -.65(y.)-.15 G(EDU).65 E
+(H?P?Return-path: <^g>)112 246.2 Q(H??Recei)112 258.2 Q -.15(ve)-.25 G
+(d: by v).15 E(angogh.CS.Berk)-.25 E(ele)-.1 E -.65(y.)-.15 G
+(EDU \(5.108/2.7\) id AAA06703;).65 E(Fri, 17 Jul 1992 00:28:55 -0700)
+132 270.2 Q(H??Recei)112 282.2 Q -.15(ve)-.25 G(d: from mail.CS.Berk).15
+E(ele)-.1 E -.65(y.)-.15 G(EDU by v).65 E(angogh.CS.Berk)-.25 E(ele)-.1
+E -.65(y.)-.15 G(EDU \(5.108/2.7\)).65 E
+(id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700)132 294.2 Q(H??Recei)112
+306.2 Q -.15(ve)-.25 G(d: from [128.32.31.21] by mail.CS.Berk).15 E(ele)
+-.1 E -.65(y.)-.15 G(EDU \(5.96/2.5\)).65 E
+(id AA22777; Fri, 17 Jul 1992 03:29:14 -0400)132 318.2 Q(H??Recei)112
+330.2 Q -.15(ve)-.25 G(d: by foo.bar).15 E(.baz.de \(5.57/Ultrix3.0-C\))
+-.55 E(id AA22757; Fri, 17 Jul 1992 09:31:25 GMT)132 342.2 Q
+(H?F?From: eric@foo.bar)112 354.2 Q(.baz.de \(Eric Allman\))-.55 E
+(H?x?Full-name: Eric Allman)112 366.2 Q
+(H??Message-id: <9207170931.AA22757@foo.bar)112 378.2 Q(.baz.de>)-.55 E
+(H??T)112 390.2 Q(o: sendmail@v)-.8 E(angogh.CS.Berk)-.25 E(ele)-.1 E
+-.65(y.)-.15 G(EDU).65 E(H??Subject: this is an e)112 402.2 Q
+(xample message)-.15 E .658(This sho)72 418.4 R .658(ws the person who \
+sent the message, the submission time \(in seconds since January 1, 197\
+0\), the)-.25 F(message priority)72 430.4 Q 2.5(,t)-.65 G
+(he message class, the recipients, and the headers for the message.)-2.5
+E .32 LW 76 678.8 72 678.8 DL 80 678.8 76 678.8 DL 84 678.8 80 678.8 DL
+88 678.8 84 678.8 DL 92 678.8 88 678.8 DL 96 678.8 92 678.8 DL 100 678.8
+96 678.8 DL 104 678.8 100 678.8 DL 108 678.8 104 678.8 DL 112 678.8 108
+678.8 DL 116 678.8 112 678.8 DL 120 678.8 116 678.8 DL 124 678.8 120
+678.8 DL 128 678.8 124 678.8 DL 132 678.8 128 678.8 DL 136 678.8 132
+678.8 DL 140 678.8 136 678.8 DL 144 678.8 140 678.8 DL 148 678.8 144
+678.8 DL 152 678.8 148 678.8 DL 156 678.8 152 678.8 DL 160 678.8 156
+678.8 DL 164 678.8 160 678.8 DL 168 678.8 164 678.8 DL 172 678.8 168
+678.8 DL 176 678.8 172 678.8 DL 180 678.8 176 678.8 DL 184 678.8 180
+678.8 DL 188 678.8 184 678.8 DL 192 678.8 188 678.8 DL 196 678.8 192
+678.8 DL 200 678.8 196 678.8 DL 204 678.8 200 678.8 DL 208 678.8 204
+678.8 DL 212 678.8 208 678.8 DL 216 678.8 212 678.8 DL/F3 5
+/Times-Roman@0 SF(1)93.6 689.2 Q/F4 8/Times-Roman@0 SF .718(This e)3.2 J
+.718(xample is contri)-.12 F -.12(ve)-.2 G 2.718(da).12 G .718
+(nd probably inaccurate for your en)-2.718 F 2.719(vironment. Glance)
+-.32 F -.12(ove)2.719 G 2.719(ri).12 G 2.719(tt)-2.719 G 2.719(og)-2.719
+G .719(et an idea; nothing can replace)-2.719 F(looking at what your o)
+72 702 Q(wn system generates.)-.2 E 0 Cg EP
+%%Page: 113 109
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 12/Times-Bold@0 SF 3(APPENDIX C)249.672 98.4 R(SUMMAR)198.282 141.6
+Q 3(YO)-.42 G 3(FS)-3 G(UPPOR)-3 E 3(TF)-.48 G(ILES)-3 E/F1 10
+/Times-Roman@0 SF 1.519(This is a summary of the support \214les that)97
+201 R/F2 10/Times-Italic@0 SF(sendmail)4.019 E F1 1.52
+(creates or generates.)4.019 F(Man)6.52 E 4.02(yo)-.15 G 4.02(ft)-4.02 G
+1.52(hese can be)-4.02 F(changed by editing the sendmail.cf \214le; che\
+ck there to \214nd the actual pathnames.)72 213 Q(/usr/sbin/sendmail)72
+229.2 Q(The binary of)144 241.2 Q F2(sendmail)2.5 E F1(.)A(/usr/bin/ne)
+72 257.4 Q -.1(wa)-.25 G(liases).1 E 3.735(Al)144 269.4 S 1.235
+(ink to /usr/sbin/sendmail; causes the alias database to be reb)-3.735 F
+3.734(uilt. Running)-.2 F 1.234(this pro-)3.734 F
+(gram is completely equi)144 281.4 Q -.25(va)-.25 G(lent to gi).25 E
+(ving)-.25 E F2(sendmail)2.5 E F1(the)2.5 E/F3 10/Times-Bold@0 SF
+(\255bi)2.5 E F1(\215ag.)2.5 E 13.38(/usr/bin/mailq Prints)72 297.6 R
+3.702(al)3.702 G 1.202(isting of the mail queue.)-3.702 F 1.203
+(This program is equi)6.202 F -.25(va)-.25 G 1.203(lent to using the).25
+F F3(\255bp)3.703 E F1 1.203(\215ag to)3.703 F F2(sendmail)144 309.6 Q
+F1(.)A(/etc/mail/sendmail.cf)72 325.8 Q
+(The con\214guration \214le, in te)144 337.8 Q(xtual form.)-.15 E 1.72
+(/etc/mail/help\214le The)72 354 R(SMTP help \214le.)2.5 E
+(/etc/mail/statistics)72 370.2 Q 2.5(As)144 382.2 S
+(tatistics \214le; need not be present.)-2.5 E(/etc/mail/sendmail.pid)72
+398.4 Q .318(Created in daemon mode; it contains the process id of the \
+current SMTP daemon.)144 410.4 R .318(If you)5.318 F 1.047
+(use this in scripts; use `)144 422.4 R 1.047(`head \2551')-.74 F 3.548
+('t)-.74 G 3.548(og)-3.548 G 1.048
+(et just the \214rst line; the second line contains the)-3.548 F .68
+(command line used to in)144 434.4 R -.2(vo)-.4 G .879 -.1(ke t).2 H
+.679(he daemon, and later v).1 F .679(ersions of)-.15 F F2(sendmail)
+3.179 E F1 .679(may add more)3.179 F(information to subsequent lines.)
+144 446.4 Q 5.06(/etc/mail/aliases The)72 462.6 R(te)2.5 E(xtual v)-.15
+E(ersion of the alias \214le.)-.15 E(/etc/mail/aliases.db)72 478.8 Q
+(The alias \214le in)144 490.8 Q F2(hash)2.5 E F1(\(3\) format.)1.666 E
+(/etc/mail/aliases.{pag,dir})72 507 Q(The alias \214le in)144 519 Q F2
+(ndbm)2.5 E F1(\(3\) format.)1.666 E(/v)72 535.2 Q(ar/spool/mqueue)-.25
+E(The directory in which the mail queue\(s\) and temporary \214les resi\
+de.)144 547.2 Q(/v)72 563.4 Q(ar/spool/mqueue/qf*)-.25 E
+(Control \(queue\) \214les for messages.)144 575.4 Q(/v)72 591.6 Q
+(ar/spool/mqueue/df*)-.25 E(Data \214les.)144 603.6 Q(/v)72 619.8 Q
+(ar/spool/mqueue/tf*)-.25 E -.7(Te)144 631.8 S(mporary v).7 E
+(ersions of the qf \214les, used during queue \214le reb)-.15 E(uild.)
+-.2 E(/v)72 648 Q(ar/spool/mqueue/xf*)-.25 E 2.5(At)144 660 S
+(ranscript of the current session.)-2.5 E F3
+(Sendmail Installation and Operation Guide)72 756 Q(SMM:08-113)190.86 E
+0 Cg EP
+%%Page: 114 110
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Bold@0 SF 188.36(SMM:08-114 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF
+(This page intentionally left blank;)256.225 300 Q
+(replace it with a blank sheet for double-sided output.)218.6 312 Q 0 Cg
+EP
+%%Page: 3 111
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d33>200.86 E/F1
-12/Times-Roman@0 SF -1.116<5441>263.226 98.4 S
-<424c45204f4620434f4e54454e5453>1.116 E/F2 10/Times-Roman@0 SF 2.5
-<312e2042>72 124.8 R<4153494320494e5354>-.35 E<414c4c41>-.93 E 1.18<5449
-4f4e202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e>-1.11 F<37>31 E 2.5<312e312e20436f6d70696c696e67>87 139.2 R
-.43<53656e646d61696c202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e>2.5 F<37>31 E 2.5<312e312e312e2054>102 153.6
-R<7765616b696e6720746865204275696c6420496e>-.8 E -.2<766f>-.4 G .19<6361
-74696f6e202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>.2 F<37>31 E 2.5
-<312e312e322e204372656174696e67>102 168 R 2.5<6153>2.5 G
-<69746520436f6e8c6775726174696f6e2046696c65>-2.5 E 28.5<2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2037>2.94 F 2.5<312e312e332e2054>102 182.4 R
-<7765616b696e6720746865204d616b>-.8 E 1.64<658c6c65202e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.1 F<38>31 E 2.5
-<312e312e342e20436f6d70696c6174696f6e>102 196.8 R
-<616e6420696e7374616c6c6174696f6e>2.5 E 28.5<2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2038>4.6 F 2.5<312e322e20436f6e8c6775726174696f6e>87 211.2 R .99<
-46696c6573202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e>2.5 F<38>31 E 2.5<312e332e2044657461696c73>87 225.6
-R<6f6620496e7374616c6c6174696f6e2046696c6573>2.5 E 28.5<2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2039>4.89 F 2.5
-<312e332e312e202f7573722f7362696e2f73656e646d61696c>102 240 R 23.5<2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203130>
-2.66 F 2.5<312e332e322e202f6574632f6d61696c2f73656e646d61696c2e6366>102
-254.4 R 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e20
-3130>4.34 F 2.5<312e332e332e202f6574632f6d61696c2f7375626d69742e6366>102
-268.8 R 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e203130>3.22 F 2.5<312e332e342e202f7573722f62696e2f6e65>102 283.2 R
--.1<7761>-.25 G 2.19<6c6961736573202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e>.1 F<3130>26 E 2.5
-<312e332e352e202f7573722f62696e2f686f737473746174>102 297.6 R 23.5<2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2031
-30>4.6 F 2.5<312e332e362e202f7573722f62696e2f707572>102 312 R 1.18<6765
-73746174202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e>-.18 F<3130>26 E 2.5<312e332e372e202f76>102 326.4 R 1.81<61722f73
-706f6f6c2f6d7175657565202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e>-.25 F<3131>26 E 2.5<312e332e382e202f76>102 340.8 R
-2.09<61722f73706f6f6c2f636c69656e746d7175657565202e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e>-.25 F<3131>26 E 2.5<312e332e392e202f76>102
-355.2 R .97<61722f73706f6f6c2f6d71756575652f2e686f737473746174202e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.25 F<3131>26 E 2.5
-<312e332e31302e202f6574632f6d61696c2f616c69617365732a>102 369.6 R 23.5<
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203131>
-4.06 F 2.5<312e332e31312e202f6574632f7263>102 384 R
-<6f72202f6574632f696e69742e642f73656e646d61696c>2.5 E 23.5<2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e203132>3.23 F 2.5
-<312e332e31322e202f6574632f6d61696c2f68656c708c6c65>102 398.4 R 23.5<2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203132>
-3.22 F 2.5<312e332e31332e202f6574632f6d61696c2f73746174697374696373>102
-412.8 R 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e203132>3.77 F 2.5<312e332e31342e202f7573722f62696e2f6d61696c71>102
-427.2 R 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e203132>4.88 F 2.5
-<312e332e31352e2073656e646d61696c2e706964>102 441.6 R 23.5<2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203132>
-4.61 F 2.5<312e332e31362e204d6170>102 456 R .72<46696c6573202e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e>2.5 F<3134>26 E 2.5<322e204e4f524d414c>72 470.4 R<4f50455241>2.5 E
-1.56<54494f4e53202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e>-1.11 F<3134>26 E 2.5<322e312e20546865>87 484.8 R
-<53797374656d204c6f67>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203134>4.89 F 2.5
-<322e312e312e2046>102 499.2 R 2.26<6f726d6174202e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e>-.15 F<3134>26 E 2.5<322e312e322e204c65>102 513.6 R -.15<7665>-.25
-G 2.24<6c73202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>.15 F<3135>26 E 2.5
-<322e322e2044756d70696e67>87 528 R .72<5374617465202e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e>2.5 F<3135>26 E 2.5<322e332e20546865>87 542.4 R
-<4d61696c20517565756573>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203135>4.07 F 2.5
-<322e332e312e205175657565>102 556.8 R
-<47726f75707320616e64205175657565204469726563746f72696573>2.5 E 23.5<2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e203136>2.99 F 2.5<322e332e322e205175657565>102 571.2 R 1.84<52756e7320
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e>2.5 F<3136>26 E 2.5<322e332e332e204d616e75616c>102 585.6 R
-<496e74657276>2.5 E 1.72<656e74696f6e202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e>-.15 F<3137>26 E 2.5
-<322e332e342e205072696e74696e67>102 600 R<746865207175657565>2.5 E 23.5<
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203137>
-2.67 F 2.5<322e332e352e2046>102 614.4 R
-<6f7263696e6720746865207175657565>-.15 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203137>3.94 F 2.5
-<322e332e362e2051756172616e74696e6564>102 628.8 R
-<5175657565204974656d73>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e203138>3.25 F 2.5<322e342e204469736b>87 643.2 R
-<426173656420436f6e6e656374696f6e20496e666f726d6174696f6e>2.5 E 23.5<2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e203138>3.79 F 2.5<322e352e20546865>87 657.6 R
-<5365727669636520537769746368>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203139>2.68 F 2.5
-<322e362e20546865>87 672 R<416c696173204461746162617365>2.5 E 23.5<2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e203139>2.69 F 2.5<322e362e312e20526562>102 686.4 R
-<75696c64696e672074686520616c696173206461746162617365>-.2 E 23.5<2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e203231>4.27 F 2.5
-<322e362e322e20506f74656e7469616c>102 700.8 R .72<70726f626c656d73202e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>2.5 F<3231>
-26 E 2.5<322e362e332e204c697374>102 715.2 R -.25<6f77>2.5 G 1.81<6e6572
-73202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e>.25 F<3231>26 E 0 Cg EP
-%%Page: 4 110
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-3)200.86 E/F1 12/Times-Roman@0 SF -1.116(TA)263.226 98.4 S
+(BLE OF CONTENTS)1.116 E/F2 10/Times-Roman@0 SF 2.5(1. B)72 124.8 R
+(ASIC INST)-.35 E(ALLA)-.93 E 1.18(TION ...............................\
+.......................................................................\
+.........)-1.11 F(7)31 E 2.5(1.1. Compiling)87 139.2 R .43(Sendmail ...\
+.......................................................................\
+....................................)2.5 F(7)31 E 2.5(1.1.1. T)102 153.6
+R(weaking the Build In)-.8 E -.2(vo)-.4 G .19(cation ..................\
+...................................................................).2 F
+(7)31 E 2.5(1.1.2. Creating)102 168 R 2.5(aS)2.5 G
+(ite Con\214guration File)-2.5 E 28.5(.................................\
+............................................... 7)2.94 F 2.5(1.1.3. T)
+102 182.4 R(weaking the Mak)-.8 E 1.64(e\214le ........................\
+.......................................................................\
+..)-.1 F(8)31 E 2.5(1.1.4. Compilation)102 196.8 R(and installation)2.5
+E 28.5(................................................................\
+........................ 8)4.6 F 2.5(1.2. Con\214guration)87 211.2 R .99
+(Files ................................................................\
+................................................)2.5 F(8)31 E 2.5
+(1.3. Details)87 225.6 R(of Installation Files)2.5 E 23.5(.............\
+.......................................................................\
+............... 10)4.89 F 2.5(1.3.1. /usr/sbin/sendmail)102 240 R 23.5(\
+.......................................................................\
+.................................. 10)2.66 F 2.5
+(1.3.2. /etc/mail/sendmail.cf)102 254.4 R 23.5(........................\
+.......................................................................\
+..... 10)4.34 F 2.5(1.3.3. /etc/mail/submit.cf)102 268.8 R 23.5(.......\
+.......................................................................\
+.......................... 10)3.22 F 2.5(1.3.4. /usr/bin/ne)102 283.2 R
+-.1(wa)-.25 G 2.19(liases .............................................\
+..........................................................).1 F(10)26 E
+2.5(1.3.5. /usr/bin/hoststat)102 297.6 R 23.5(.........................\
+.......................................................................\
+............ 10)4.6 F 2.5(1.3.6. /usr/bin/pur)102 312 R 1.18(gestat ...\
+.......................................................................\
+................................)-.18 F(11)26 E 2.5(1.3.7. /v)102 326.4
+R 1.81(ar/spool/mqueue ................................................\
+........................................................)-.25 F(11)26 E
+2.5(1.3.8. /v)102 340.8 R 2.09(ar/spool/clientmqueue ..................\
+.......................................................................\
+......)-.25 F(11)26 E 2.5(1.3.9. /v)102 355.2 R .97(ar/spool/mqueue/.ho\
+ststat ................................................................\
+..........................)-.25 F(11)26 E 2.5
+(1.3.10. /etc/mail/aliases*)102 369.6 R 23.5(..........................\
+.......................................................................\
+....... 11)4.06 F 2.5(1.3.11. /etc/rc)102 384 R(or /etc/init.d/sendmail)
+2.5 E 23.5(............................................................\
+.......................... 12)3.23 F 2.5(1.3.12. /etc/mail/help\214le)
+102 398.4 R 23.5(......................................................\
+................................................... 12)3.22 F 2.5
+(1.3.13. /etc/mail/statistics)102 412.8 R 23.5(........................\
+.......................................................................\
+........ 12)3.77 F 2.5(1.3.14. /usr/bin/mailq)102 427.2 R 23.5(........\
+.......................................................................\
+.............................. 12)4.88 F 2.5(1.3.15. sendmail.pid)102
+441.6 R 23.5(..........................................................\
+..................................................... 12)4.61 F 2.5
+(1.3.16. Map)102 456 R .72(Files ......................................\
+.......................................................................\
+.......)2.5 F(14)26 E 2.5(2. NORMAL)72 470.4 R(OPERA)2.5 E 1.56(TIONS .\
+.......................................................................\
+.....................................)-1.11 F(14)26 E 2.5(2.1. The)87
+484.8 R(System Log)2.5 E 23.5(.........................................\
+.......................................................................\
+.... 14)4.89 F 2.5(2.1.1. F)102 499.2 R 2.26(ormat ....................\
+.......................................................................\
+...............................)-.15 F(14)26 E 2.5(2.1.2. Le)102 513.6 R
+-.15(ve)-.25 G 2.24(ls ................................................\
+.......................................................................\
+....).15 F(15)26 E 2.5(2.2. Dumping)87 528 R .72(State ................\
+.......................................................................\
+................................)2.5 F(15)26 E 2.5(2.3. The)87 542.4 R
+(Mail Queues)2.5 E 23.5(...............................................\
+.................................................................... 16)
+4.07 F 2.5(2.3.1. Queue)102 556.8 R(Groups and Queue Directories)2.5 E
+23.5(..................................................................\
+........ 16)2.99 F 2.5(2.3.2. Queue)102 571.2 R 1.84(Runs .............\
+.......................................................................\
+..............................)2.5 F(16)26 E 2.5(2.3.3. Manual)102 585.6
+R(Interv)2.5 E 1.72(ention ............................................\
+.........................................................)-.15 F(17)26 E
+2.5(2.3.4. Printing)102 600 R(the queue)2.5 E 23.5(....................\
+.......................................................................\
+.............. 17)2.67 F 2.5(2.3.5. F)102 614.4 R(orcing the queue)-.15
+E 23.5(................................................................\
+......................................... 17)3.94 F 2.5
+(2.3.6. Quarantined)102 628.8 R(Queue Items)2.5 E 23.5(................\
+.......................................................................\
+...... 18)3.25 F 2.5(2.4. Disk)87 643.2 R(Based Connection Information)
+2.5 E 23.5(............................................................\
+......................... 18)3.79 F 2.5(2.5. The)87 657.6 R
+(Service Switch)2.5 E 23.5(............................................\
+.................................................................... 19)
+2.68 F 2.5(2.6. The)87 672 R(Alias Database)2.5 E 23.5(................\
+.......................................................................\
+......................... 20)2.69 F 2.5(2.6.1. Reb)102 686.4 R
+(uilding the alias database)-.2 E 23.5(................................\
+....................................................... 21)4.27 F 2.5
+(2.6.2. Potential)102 700.8 R .72(problems ............................\
+.......................................................................\
+.....)2.5 F(21)26 E 2.5(2.6.3. List)102 715.2 R -.25(ow)2.5 G 1.81(ners\
+ ......................................................................\
+.............................................).25 F(21)26 E 0 Cg EP
+%%Page: 4 112
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 198.36<534d4d3a30382d342053656e646d61696c>72 60 R
-<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 2.5<322e372e2055736572>87 96 R
-<496e666f726d6174696f6e204461746162617365>2.5 E 23.5<2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203231>2.7 F 2.5<322e382e20506572>
-87 110.4 R<2d557365722046>-.2 E<6f7277>-.15 E
-<617264696e6720282e666f7277>-.1 E<6172642046696c657329>-.1 E 23.5<2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e203232>4.09 F 2.5<322e392e205370656369616c>87 124.8 R
-<486561646572204c696e6573>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203232>2.97 F 2.5
-<322e392e312e204572726f72732d54>102 139.2 R 2.09<6f3a202e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e>-.8 F<3232>26 E 2.5<322e392e322e204170706172656e746c792d54>102 153.6
-R 2.09<6f3a202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e>-.8 F<3232>26 E 2.5<322e392e332e20507265636564656e6365>
-102 168 R 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203232>2.97 F 2.5
-<322e31302e204944454e54>87 182.4 R<50726f746f636f6c20537570706f7274>2.5
-E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203232>
-2.95 F 2.5<332e20415247554d454e5453>72 196.8 R 23.5<2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e203233>3.78 F 2.5<332e312e205175657565>87 211.2 R
-<496e74657276>2.5 E 1.55<616c202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.25 F<3233>26 E
-2.5<332e322e204461656d6f6e>87 225.6 R 1.29<4d6f6465202e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e>2.5 F<3233>26 E 2.5<332e332e2046>87 240 R
-<6f7263696e6720746865205175657565>-.15 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203234>4.22 F
-2.5<332e342e20446562>87 254.4 R 1.76<756767696e67202e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e>-.2 F<3234>26 E 2.5<332e352e204368616e67696e67>87 268.8 R
-<7468652056>2.5 E<616c756573206f66204f7074696f6e73>-1.11 E 23.5<2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203235>3.23 F 2.5<332e362e2054>87 283.2
-R<7279696e67206120446966>-.35 E
-<666572656e7420436f6e8c6775726174696f6e2046696c65>-.25 E 23.5<2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e203235>4.67 F 2.5<332e372e204c6f6767696e67>87 297.6 R -.35
-<5472>2.5 G<6166>.35 E .5<8c63202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.25 F<3235>26 E
-2.5<332e382e2054>87 312 R
-<657374696e6720436f6e8c6775726174696f6e2046696c6573>-.7 E 23.5<2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203236>4.19 F 2.5
-<332e392e2050657273697374656e74>87 326.4 R
-<486f73742053746174757320496e666f726d6174696f6e>2.5 E 23.5<2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e203237>3.5 F 2.5<342e2054554e494e47>72 340.8 R 23.5<
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203237>2.68 F
-2.5<342e312e2054>87 355.2 R 1.07<696d656f757473202e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e>-.35 F<3237>26 E 2.5<342e312e312e205175657565>102
-369.6 R<696e74657276>2.5 E 2.1<616c202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.25 F<3237>26 E 2.5
-<342e312e322e2052656164>102 384 R 1<74696d656f757473202e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>2.5 F<3237>
-26 E 2.5<342e312e332e204d657373616765>102 398.4 R 1.56<74696d656f757473
-202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>2.5
-F<3239>26 E 2.5<342e322e2046>87 412.8 R
-<6f726b696e6720447572696e672051756575652052756e73>-.15 E 23.5<2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203330>4.49 F 2.5
-<342e332e205175657565>87 427.2 R .73<5072696f726974696573202e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e>2.5 F<3330>26 E 2.5<342e342e204c6f6164>87 441.6 R .44<4c696d6974
-696e67202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>2.5 F<3330>26 E 2.5
-<342e352e205265736f75726365>87 456 R .17<4c696d697473202e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e>2.5 F<3331>26 E 2.5<342e362e204d65617375726573>87 470.4 R<6167>2.5 E
-<61696e73742044656e69616c206f6620536572766963652041747461636b73>-.05 E
-23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e203331>3.87 F 2.5<342e372e2044656c69>87 484.8 R -.15<7665>-.25 G
-<7279204d6f6465>.15 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203331>3.08 F 2.5
-<342e382e204c6f67>87 499.2 R<4c65>2.5 E -.15<7665>-.25 G 2.52<6c2e>.15 G
-23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203332>-2.52 F 2.5
-<342e392e2046696c65>87 513.6 R .72<4d6f646573202e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e>2.5 F<3332>26 E 2.5<342e392e312e2054>102 528 R 2.5<6f73>-.8 G
-<756964206f72206e6f7420746f20737569643f>-2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203332>6.52 F 2.5<342e392e322e2054>102
-542.4 R<75726e696e67206f66>-.45 E 2.5<6673>-.25 G
-<6563757269747920636865636b73>-2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e203333>3.95 F 2.5<342e31302e20436f6e6e656374696f6e>87 556.8 R 1.56
-<43616368696e67202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e>2.5 F<3335>26 E 2.5<342e31312e204e616d65>87 571.2 R
-<53657276>2.5 E<657220416363657373>-.15 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203336>2.85 F 2.5
-<342e31322e204d6f>87 585.6 R<76696e672074686520506572>-.15 E
-<2d557365722046>-.2 E<6f7277>-.15 E<6172642046696c6573>-.1 E 23.5<2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e203337>3.84 F 2.5<342e31332e2046726565>87 600 R 1.85<
-5370616365202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>2.5 F<3337>26 E 2.5
-<342e31342e204d6178696d756d>87 614.4 R<4d6573736167652053697a65>2.5 E
-23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203337>
-4.62 F 2.5<342e31352e20507269>87 628.8 R -.25<7661>-.25 G .3 -.15
-<63792046>.25 H 1.93<6c616773202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>.15 F<3337>26 E
-2.5<342e31362e2053656e64>87 643.2 R<746f204d652054>2.5 E 2.08<6f6f202e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e>-.8 F<3337>26 E 2.5<352e20544845>72 657.6 R
-<57484f4c452053434f4f50204f4e2054484520434f4e464947555241>2.5 E
-<54494f4e2046494c45>-1.11 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e203338>4.64 F 2.5<352e312e2052>87 672 R<616e642053208a205265>2.5 E
-<77726974696e672052756c6573>-.25 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e203338>4.3 F 2.5<352e312e312e20546865>102 686.4 R
-<6c6566742068616e642073696465>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203338>4.07 F 2.5
-<352e312e322e20546865>102 700.8 R<72696768742068616e642073696465>2.5 E
-23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2033
-39>3.51 F 2.5<352e312e332e2053656d616e74696373>102 715.2 R<6f66207265>
-2.5 E<77726974696e672072756c652073657473>-.25 E 23.5<2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e203430>4.6 F 0 Cg EP
-%%Page: 5 111
+/F0 10/Times-Bold@0 SF 198.36(SMM:08-4 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 2.5
+(2.7. User)87 96 R(Information Database)2.5 E 23.5(....................\
+.......................................................................\
+......... 22)2.7 F 2.5(2.8. Per)87 110.4 R(-User F)-.2 E(orw)-.15 E
+(arding \(.forw)-.1 E(ard Files\))-.1 E 23.5(..........................\
+......................................................... 22)4.09 F 2.5
+(2.9. Special)87 124.8 R(Header Lines)2.5 E 23.5(......................\
+.......................................................................\
+................ 22)2.97 F 2.5(2.9.1. Errors-T)102 139.2 R 2.09(o: ....\
+.......................................................................\
+..........................................)-.8 F(22)26 E 2.5
+(2.9.2. Apparently-T)102 153.6 R 2.09(o: ..............................\
+.......................................................................\
+........)-.8 F(22)26 E 2.5(2.9.3. Precedence)102 168 R 23.5(...........\
+.......................................................................\
+.................................. 22)2.97 F 2.5(2.10. IDENT)87 182.4 R
+(Protocol Support)2.5 E 23.5(..........................................\
+........................................................... 23)2.95 F
+2.5(3. ARGUMENTS)72 196.8 R 23.5(......................................\
+.......................................................................\
+.................. 23)3.78 F 2.5(3.1. Queue)87 211.2 R(Interv)2.5 E 1.55
+(al ...................................................................\
+....................................................)-.25 F(23)26 E 2.5
+(3.2. Daemon)87 225.6 R 1.29(Mode .....................................\
+.......................................................................\
+...........)2.5 F(24)26 E 2.5(3.3. F)87 240 R(orcing the Queue)-.15 E
+23.5(..................................................................\
+............................................... 24)4.22 F 2.5(3.4. Deb)
+87 254.4 R 1.76(ugging ................................................\
+.......................................................................\
+......)-.2 F(24)26 E 2.5(3.5. Changing)87 268.8 R(the V)2.5 E
+(alues of Options)-1.11 E 23.5(........................................\
+.................................................... 25)3.23 F 2.5
+(3.6. T)87 283.2 R(rying a Dif)-.35 E(ferent Con\214guration File)-.25 E
+23.5(..................................................................\
+................. 25)4.67 F 2.5(3.7. Logging)87 297.6 R -.35(Tr)2.5 G
+(af).35 E .5(\214c ....................................................\
+..................................................................)-.25
+F(25)26 E 2.5(3.8. T)87 312 R(esting Con\214guration Files)-.7 E 23.5(.\
+.......................................................................\
+........................... 26)4.19 F 2.5(3.9. Persistent)87 326.4 R
+(Host Status Information)2.5 E 23.5(...................................\
+..................................................... 27)3.5 F 2.5
+(4. TUNING)72 340.8 R 23.5(............................................\
+.......................................................................\
+...................... 27)2.68 F 2.5(4.1. T)87 355.2 R 1.07(imeouts ...\
+.......................................................................\
+......................................................)-.35 F(27)26 E
+2.5(4.1.1. Queue)102 369.6 R(interv)2.5 E 2.1(al ......................\
+.......................................................................\
+.................)-.25 F(27)26 E 2.5(4.1.2. Read)102 384 R 1(timeouts .\
+.......................................................................\
+.......................................)2.5 F(28)26 E 2.5
+(4.1.3. Message)102 398.4 R 1.56(timeouts .............................\
+.......................................................................\
+.....)2.5 F(29)26 E 2.5(4.2. F)87 412.8 R(orking During Queue Runs)-.15
+E 23.5(................................................................\
+................................. 30)4.49 F 2.5(4.3. Queue)87 427.2 R
+.73(Priorities ........................................................\
+.............................................................)2.5 F(30)
+26 E 2.5(4.4. Load)87 441.6 R .44(Limiting ............................\
+.......................................................................\
+.....................)2.5 F(31)26 E 2.5(4.5. Resource)87 456 R .17(Limi\
+ts ....................................................................\
+.................................................)2.5 F(31)26 E 2.5
+(4.6. Measures)87 470.4 R(ag)2.5 E(ainst Denial of Service Attacks)-.05
+E 23.5(................................................................\
+......... 31)3.87 F 2.5(4.7. Deli)87 484.8 R -.15(ve)-.25 G(ry Mode).15
+E 23.5(................................................................\
+....................................................... 31)3.08 F 2.5
+(4.8. Log)87 499.2 R(Le)2.5 E -.15(ve)-.25 G 2.52(l.).15 G 23.5(.......\
+.......................................................................\
+................................................ 32)-2.52 F 2.5
+(4.9. File)87 513.6 R .72(Modes .......................................\
+.......................................................................\
+...............)2.5 F(33)26 E 2.5(4.9.1. T)102 528 R 2.5(os)-.8 G
+(uid or not to suid?)-2.5 E 23.5(......................................\
+........................................................... 33)6.52 F
+2.5(4.9.2. T)102 542.4 R(urning of)-.45 E 2.5(fs)-.25 G(ecurity checks)
+-2.5 E 23.5(...........................................................\
+............................... 33)3.95 F 2.5(4.10. Connection)87 556.8
+R 1.56(Caching ........................................................\
+....................................................)2.5 F(35)26 E 2.5
+(4.11. Name)87 571.2 R(Serv)2.5 E(er Access)-.15 E 23.5(...............\
+.......................................................................\
+...................... 36)2.85 F 2.5(4.12. Mo)87 585.6 R(ving the Per)
+-.15 E(-User F)-.2 E(orw)-.15 E(ard Files)-.1 E 23.5(..................\
+.................................................................. 37)
+3.84 F 2.5(4.13. Free)87 600 R 1.85(Space .............................\
+.......................................................................\
+.......................)2.5 F(37)26 E 2.5(4.14. Maximum)87 614.4 R
+(Message Size)2.5 E 23.5(..............................................\
+....................................................... 37)4.62 F 2.5
+(4.15. Pri)87 628.8 R -.25(va)-.25 G .3 -.15(cy F).25 H 1.93(lags .....\
+.......................................................................\
+...........................................).15 F(37)26 E 2.5
+(4.16. Send)87 643.2 R(to Me T)2.5 E 2.08(oo ..........................\
+.......................................................................\
+..................)-.8 F(38)26 E 2.5(5. THE)72 657.6 R
+(WHOLE SCOOP ON THE CONFIGURA)2.5 E(TION FILE)-1.11 E 23.5
+(........................................................ 38)4.64 F 2.5
+(5.1. R)87 672 R(and S \212 Re)2.5 E(writing Rules)-.25 E 23.5(........\
+.......................................................................\
+................... 38)4.3 F 2.5(5.1.1. The)102 686.4 R(left hand side)
+2.5 E 23.5(............................................................\
+............................................. 39)4.07 F 2.5(5.1.2. The)
+102 700.8 R(right hand side)2.5 E 23.5(................................\
+.......................................................................\
+ 39)3.51 F 2.5(5.1.3. Semantics)102 715.2 R(of re)2.5 E
+(writing rule sets)-.25 E 23.5(........................................\
+........................................... 40)4.6 F 0 Cg EP
+%%Page: 5 113
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF<53656e646d61696c20496e7374616c6c6174696f6e20616e
-64204f7065726174696f6e204775696465>72 60 Q<534d4d3a30382d35>200.86 E/F1
-10/Times-Roman@0 SF 2.5<352e312e342e2052756c65736574>102 96 R 2.11<686f
-6f6b73202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e>2.5 F<3431>26 E 2.5
-<352e312e342e312e20636865636b5f72656c6179>117 110.4 R 23.5<2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203431>2.69 F
-2.5<352e312e342e322e20636865636b5f6d61696c>117 124.8 R 23.5<2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203431>4.9 F 2.5
-<352e312e342e332e20636865636b5f72637074>117 139.2 R 23.5<2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203432>4.63 F
-2.5<352e312e342e342e20636865636b5f64617461>117 153.6 R 23.5<2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203432>3.52 F
-2.5<352e312e342e352e20636865636b5f636f6d706174>117 168 R 23.5<2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203432>3.24 F 2.5
-<352e312e342e362e20636865636b5f656f68>117 182.4 R 23.5<2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203432>3.24 F
-2.5<352e312e342e372e20636865636b5f656f6d>117 196.8 R 23.5<2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203433>2.96 F
-2.5<352e312e342e382e20636865636b5f6574726e>117 211.2 R 23.5<2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203433>4.63 F
-2.5<352e312e342e392e20636865636b5f65>117 225.6 R .89<78706e202e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.15 F<3433>
-26 E 2.5<352e312e342e31302e20636865636b5f76726679>117 240 R 23.5<2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203433>3.52
-F 2.5<352e312e342e31312e2074727573745f61757468>117 254.4 R 23.5<2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203433>3.5
-F 2.5<352e312e342e31322e20746c735f636c69656e74>117 268.8 R 23.5<2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203433>
-4.33 F 2.5<352e312e342e31332e20746c735f73657276>117 283.2 R 2.27<657220
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>
--.15 F<3433>26 E 2.5<352e312e342e31342e20746c735f72637074>117 297.6 R
-23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e203433>3.5 F 2.5
-<352e312e342e31352e207372765f6665617475726573>117 312 R 23.5<2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203433>4.63 F 2.5
-<352e312e342e31362e207472795f746c73>117 326.4 R 23.5<2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203434>
-2.94 F 2.5<352e312e342e31372e20746c735f7372765f6665617475726573>117
-340.8 R<616e6420746c735f636c745f6665617475726573>2.5 E 23.5<2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203434>4.64 F 2.5
-<352e312e342e31382e2061757468696e666f>117 355.2 R 23.5<2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203435>2.67
-F 2.5<352e312e342e31392e207175657565>117 369.6 R 1.44<67726f7570202e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.15 F<3435>
-26 E 2.5<352e312e342e32302e2067726565745f7061757365>117 384 R 23.5<2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203436>3.24
-F 2.5<352e312e352e20495043>102 398.4 R 1<6d61696c657273202e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>
-2.5 F<3436>26 E 2.5<352e322e2044>87 412.8 R 2.5<8a44>2.5 G
-<658c6e65204d6163726f>-2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203436>3.52 F 2.5
-<352e332e2043>87 427.2 R<616e642046208a2044658c6e6520436c6173736573>2.5
-E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203533>
-2.67 F 2.5<352e342e204d>87 441.6 R 2.5<8a44>2.5 G
-<658c6e65204d61696c6572>-2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203535>3.79 F 2.5
-<352e352e2048>87 456 R 2.5<8a44>2.5 G<658c6e6520486561646572>-2.5 E 23.5
-<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e203630>3.25 F 2.5<352e362e204f>87 470.4 R 2.5<8a53>2.5 G
-<6574204f7074696f6e>-2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203631>3.22 F 2.5
-<352e372e2050>87 484.8 R 2.5<8a50>2.5 G
-<7265636564656e63652044658c6e6974696f6e73>-2.5 E 23.5<2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203739>2.96 F 2.5<352e382e2056>87
-499.2 R 2.5<8a43>2.5 G<6f6e8c6775726174696f6e2056>-2.5 E
-<657273696f6e204c65>-1.11 E -.15<7665>-.25 G 2.8<6c2e>.15 G 23.5<2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e203830>-2.8 F 2.5<352e392e204b>87 513.6 R 2.5
-<8a4b>2.5 G .3 -.15<65792046>-2.75 H<696c65204465636c61726174696f6e>.15
-E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203831>
-2.81 F 2.5<352e31302e2051>87 528 R 2.5<8a51>2.5 G
-<756575652047726f7570204465636c61726174696f6e>-2.5 E 23.5<2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e203839>2.98 F 2.5<352e31312e2058>87 542.4 R 2.5
-<8a4d>2.5 G
-<61696c2046696c74657220284d696c746572292044658c6e6974696f6e73>-2.5 E
-23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e203930>4.61 F 2.5<352e31322e20546865>87 556.8
-R<55736572204461746162617365>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203931>4.92 F 2.5
-<352e31322e312e20537472756374757265>102 571.2 R
-<6f66207468652075736572206461746162617365>2.5 E 23.5<2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e203931>2.7 F 2.5<352e31322e322e2055736572>102 585.6 R
-<64617461626173652073656d616e74696373>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e203932>3.25 F 2.5<352e31322e332e204372656174696e67>
-102 602 R<746865206461746162617365>2.5 E/F2 7/Times-Roman@0 SF<3233>-4 I
-F1 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203932>2.91 4 N
-2.5<362e204f>72 616.4 R<5448455220434f4e464947555241>-.4 E 1.97<54494f4e
-202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>
--1.11 F<3933>26 E 2.5<362e312e2050>87 630.8 R
-<6172616d657465727320696e206465>-.15 E .3<76746f6f6c732f4f532f246f736366
-202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.25 F<3933>26 E 2.5
-<362e312e312e2046>102 645.2 R<6f72204675747572652052656c6561736573>-.15
-E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2039
-34>3.66 F 2.5<362e322e2050>87 659.6 R
-<6172616d657465727320696e2073656e646d61696c2f636f6e662e68>-.15 E 23.5<2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e203934>4.78 F 2.5
-<362e332e20436f6e8c6775726174696f6e>87 674 R
-<696e2073656e646d61696c2f636f6e662e63>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e203936>4.06 F 2.5<362e332e312e204275696c742d696e>102 688.4
-R<4865616465722053656d616e74696373>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e203937>4.9 F 2.5<362e332e322e205265737472696374696e67>102
-702.8 R<557365206f6620456d61696c>2.5 E 23.5<2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e203938>4.34 F 2.5<362e332e332e204e65>102 717.2 R 2.5
-<7744>-.25 G<61746162617365204d617020436c6173736573>-2.5 E 23.5<2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e203939>4.89 F 0 Cg EP
-%%Page: 6 112
+/F0 10/Times-Bold@0 SF(Sendmail Installation and Operation Guide)72 60 Q
+(SMM:08-5)200.86 E/F1 10/Times-Roman@0 SF 2.5(5.1.4. Ruleset)102 96 R
+2.11(hooks ............................................................\
+...................................................)2.5 F(41)26 E 2.5
+(5.1.4.1. check_relay)117 110.4 R 23.5(................................\
+.......................................................................\
+... 41)2.69 F 2.5(5.1.4.2. check_mail)117 124.8 R 23.5(................\
+.......................................................................\
+................... 42)4.9 F 2.5(5.1.4.3. check_rcpt)117 139.2 R 23.5(.\
+.......................................................................\
+................................... 42)4.63 F 2.5(5.1.4.4. check_data)
+117 153.6 R 23.5(......................................................\
+..................................................... 42)3.52 F 2.5
+(5.1.4.5. check_compat)117 168 R 23.5(.................................\
+..................................................................... 4\
+2)3.24 F 2.5(5.1.4.6. check_eoh)117 182.4 R 23.5(......................\
+.......................................................................\
+............... 42)3.24 F 2.5(5.1.4.7. check_eom)117 196.8 R 23.5(.....\
+.......................................................................\
+............................... 43)2.96 F 2.5(5.1.4.8. check_etrn)117
+211.2 R 23.5(..........................................................\
+................................................. 43)4.63 F 2.5
+(5.1.4.9. check_e)117 225.6 R .89(xpn .................................\
+.......................................................................\
+..)-.15 F(43)26 E 2.5(5.1.4.10. check_vrfy)117 240 R 23.5(.............\
+.......................................................................\
+..................... 43)3.52 F 2.5(5.1.4.11. trust_auth)117 254.4 R
+23.5(..................................................................\
+......................................... 43)3.5 F 2.5
+(5.1.4.12. tls_client)117 268.8 R 23.5(................................\
+.......................................................................\
+..... 43)4.33 F 2.5(5.1.4.13. tls_serv)117 283.2 R 2.27(er ............\
+.......................................................................\
+........................)-.15 F(44)26 E 2.5(5.1.4.14. tls_rcpt)117 297.6
+R 23.5(................................................................\
+............................................... 44)3.5 F 2.5
+(5.1.4.15. srv_features)117 312 R 23.5(................................\
+.......................................................................\
+ 44)4.63 F 2.5(5.1.4.16. try_tls)117 326.4 R 23.5(.....................\
+.......................................................................\
+..................... 45)2.94 F 2.5(5.1.4.17. tls_srv_features)117 340.8
+R(and tls_clt_features)2.5 E 23.5
+(................................................................. 45)
+4.64 F 2.5(5.1.4.18. authinfo)117 355.2 R 23.5(........................\
+.......................................................................\
+............... 46)2.67 F 2.5(5.1.4.19. queue)117 369.6 R 1.44(group ..\
+.......................................................................\
+...............................)-.15 F(46)26 E 2.5
+(5.1.4.20. greet_pause)117 384 R 23.5(.................................\
+.......................................................................\
+ 47)3.24 F 2.5(5.1.5. IPC)102 398.4 R 1(mailers .......................\
+.......................................................................\
+.....................)2.5 F(47)26 E 2.5(5.2. D)87 412.8 R 2.5<8a44>2.5 G
+(e\214ne Macro)-2.5 E 23.5(............................................\
+.................................................................... 47)
+3.52 F 2.5(5.3. C)87 427.2 R(and F \212 De\214ne Classes)2.5 E 23.5(...\
+.......................................................................\
+........................... 54)2.67 F 2.5(5.4. M)87 441.6 R 2.5<8a44>2.5
+G(e\214ne Mailer)-2.5 E 23.5(..........................................\
+..................................................................... 5\
+6)3.79 F 2.5(5.5. H)87 456 R 2.5<8a44>2.5 G(e\214ne Header)-2.5 E 23.5(\
+.......................................................................\
+........................................ 61)3.25 F 2.5(5.6. O)87 470.4 R
+2.5<8a53>2.5 G(et Option)-2.5 E 23.5(..................................\
+.......................................................................\
+............ 62)3.22 F 2.5(5.7. P)87 484.8 R 2.5<8a50>2.5 G
+(recedence De\214nitions)-2.5 E 23.5(..................................\
+................................................................ 81)2.96
+F 2.5(5.8. V)87 499.2 R 2.5<8a43>2.5 G(on\214guration V)-2.5 E
+(ersion Le)-1.11 E -.15(ve)-.25 G 2.8(l.).15 G 23.5(...................\
+..................................................................... 8\
+1)-2.8 F 2.5(5.9. K)87 513.6 R 2.5<8a4b>2.5 G .3 -.15(ey F)-2.75 H
+(ile Declaration).15 E 23.5(...........................................\
+.......................................................... 82)2.81 F 2.5
+(5.10. Q)87 528 R 2.5<8a51>2.5 G(ueue Group Declaration)-2.5 E 23.5(...\
+.......................................................................\
+................. 91)2.98 F 2.5(5.11. X)87 542.4 R 2.5<8a4d>2.5 G
+(ail Filter \(Milter\) De\214nitions)-2.5 E 23.5(......................\
+............................................................ 92)4.61 F
+2.5(5.12. The)87 556.8 R(User Database)2.5 E 23.5(.....................\
+.......................................................................\
+.................. 93)4.92 F 2.5(5.12.1. Structure)102 571.2 R
+(of the user database)2.5 E 23.5(......................................\
+............................................... 93)2.7 F 2.5
+(5.12.2. User)102 585.6 R(database semantics)2.5 E 23.5(...............\
+.......................................................................\
+....... 93)3.25 F 2.5(5.12.3. Creating)102 602 R(the database)2.5 E/F2 7
+/Times-Roman@0 SF(23)-4 I F1 23.5(.....................................\
+.......................................................... 94)2.91 4 N
+2.5(6. O)72 616.4 R(THER CONFIGURA)-.4 E 1.97(TION ....................\
+.......................................................................\
+..............)-1.11 F(94)26 E 2.5(6.1. P)87 630.8 R(arameters in de)
+-.15 E .3(vtools/OS/$oscf .............................................\
+..............................................)-.25 F(94)26 E 2.5
+(6.1.1. F)102 645.2 R(or Future Releases)-.15 E 23.5(..................\
+.......................................................................\
+............. 95)3.66 F 2.5(6.2. P)87 659.6 R
+(arameters in sendmail/conf.h)-.15 E 23.5(.............................\
+................................................................. 96)
+4.78 F 2.5(6.3. Con\214guration)87 674 R(in sendmail/conf.c)2.5 E 23.5(\
+.......................................................................\
+................... 98)4.06 F 2.5(6.3.1. Built-in)102 688.4 R
+(Header Semantics)2.5 E 23.5(..........................................\
+................................................. 98)4.9 F 2.5
+(6.3.2. Restricting)102 702.8 R(Use of Email)2.5 E 18.5(...............\
+.......................................................................\
+........ 100)4.34 F 2.5(6.3.3. Ne)102 717.2 R 2.5(wD)-.25 G
+(atabase Map Classes)-2.5 E 18.5(......................................\
+................................................... 100)4.89 F 0 Cg EP
+%%Page: 6 114
%%BeginPageSetup
BP
%%EndPageSetup
-/F0 10/Times-Bold@0 SF 198.36<534d4d3a30382d362053656e646d61696c>72 60 R
-<496e7374616c6c6174696f6e20616e64204f7065726174696f6e204775696465>2.5 E
-/F1 10/Times-Roman@0 SF 2.5<362e332e342e205175657565696e67>102 96 R 1.56
-<46756e6374696f6e202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e>2.5 F<3939>26 E 2.5<362e332e352e205265667573696e67>102 110.4
-R<496e636f6d696e6720534d545020436f6e6e656374696f6e73>2.5 E 18.5<2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e20313030>
-2.94 F 2.5<362e332e362e204c6f6164>102 124.8 R -1.17 -.74<41762065>2.5 H
-<7261676520436f6d7075746174696f6e>.74 E 18.5<2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e20313030>2.74 F 2.5<362e342e20436f6e8c6775726174696f6e>87
-139.2 R<696e2073656e646d61696c2f6461656d6f6e2e63>2.5 E 18.5<2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e20313030>2.67 F 2.5<362e352e204c44>87 153.6 R .29<4150202e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.4 F<313031>21 E 2.5
-<362e352e312e204c44>102 168 R<415020526563757273696f6e>-.4 E 18.5<2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e20313031>
-4.74 F 2.5<362e352e312e312e204578616d706c65>117 182.4 R 18.5<2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2031
-3031>2.95 F 2.5<362e362e205354>87 196.8 R<4152>-.93 E .58<54544c53202e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.6 F<313032>21 E 2.5
-<362e362e312e2043657274698c6361746573>102 211.2 R<666f72205354>2.5 E
-<4152>-.93 E .87<54544c53202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.6 F
-<313032>21 E 2.5<362e362e322e2050524e47>102 225.6 R<666f72205354>2.5 E
-<4152>-.93 E 2.25<54544c53202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e>-.6 F<313032>21 E 2.5<362e372e20456e636f64696e67>87 240 R
-<6f66205354>2.5 E<4152>-.93 E<54544c5320616e642041>-.6 E
-<5554482072656c61746564204d6163726f73>-.55 E 18.5<2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e20313033>2.56 F 2.5<372e2041>72 254.4 R
-<434b4e4f>-.4 E .1<574c454447454d454e5453202e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.35 F<313033>21 E
-<417070656e64697820412e>72 268.8 Q<434f4d4d414e44204c494e4520464c41>5 E
-1.97<4753202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-.4 F<313035>21 E
-<417070656e64697820422e>72 283.2 Q -.1<5155>5 G
-<4555452046494c4520464f524d41>.1 E 1.38<5453202e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e>-1.11 F<313038>21 E<417070656e64697820432e>72 297.6 Q
-<53554d4d4152>5 E 2.5<594f>-.65 G 2.5<4653>-2.5 G<5550504f52>-2.5 E 2.5
-<5446>-.6 G 1.12<494c4553202e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e
-2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e>-2.5 F<313131>21 E 0 Cg EP
+/F0 10/Times-Bold@0 SF 198.36(SMM:08-6 Sendmail)72 60 R
+(Installation and Operation Guide)2.5 E/F1 10/Times-Roman@0 SF 2.5
+(6.3.4. Queueing)102 96 R 1.56(Function ...............................\
+.......................................................................\
+.)2.5 F(101)21 E 2.5(6.3.5. Refusing)102 110.4 R
+(Incoming SMTP Connections)2.5 E 18.5(.................................\
+...................................... 101)2.94 F 2.5(6.3.6. Load)102
+124.8 R -1.17 -.74(Av e)2.5 H(rage Computation).74 E 18.5(.............\
+.......................................................................\
+...... 101)2.74 F 2.5(6.4. Con\214guration)87 139.2 R
+(in sendmail/daemon.c)2.5 E 18.5(......................................\
+............................................... 102)2.67 F 2.5(6.5. LD)
+87 153.6 R .29(AP .....................................................\
+.......................................................................\
+.........)-.4 F(102)21 E 2.5(6.5.1. LD)102 168 R(AP Recursion)-.4 E 18.5
+(......................................................................\
+.................................... 102)4.74 F 2.5(6.5.1.1. Example)117
+182.4 R 18.5(..........................................................\
+..................................................... 102)2.95 F 2.5
+(6.6. ST)87 196.8 R(AR)-.93 E .58(TTLS ................................\
+.......................................................................\
+.....................)-.6 F(103)21 E 2.5(6.6.1. Certi\214cates)102 211.2
+R(for ST)2.5 E(AR)-.93 E .87(TTLS .....................................\
+.....................................................)-.6 F(103)21 E 2.5
+(6.6.2. PRNG)102 225.6 R(for ST)2.5 E(AR)-.93 E 2.25(TTLS .............\
+.......................................................................\
+.............)-.6 F(104)21 E 2.5(6.7. Encoding)87 240 R(of ST)2.5 E(AR)
+-.93 E(TTLS and A)-.6 E(UTH related Macros)-.55 E 18.5
+(............................................................ 104)2.56 F
+2.5(6.8. D)87 254.4 R 1.13(ANE ........................................\
+.......................................................................\
+.....................)-.4 F(104)21 E 2.5(7. A)72 268.8 R(CKNO)-.4 E .1(\
+WLEDGEMENTS ...........................................................\
+.................................................)-.35 F(105)21 E
+(Appendix A.)72 283.2 Q(COMMAND LINE FLA)5 E 1.97(GS ..................\
+.......................................................................)
+-.4 F(107)21 E(Appendix B.)72 297.6 Q -.1(QU)5 G(EUE FILE FORMA).1 E
+1.38(TS ...............................................................\
+.............................)-1.11 F(110)21 E(Appendix C.)72 312 Q
+(SUMMAR)5 E 2.5(YO)-.65 G 2.5(FS)-2.5 G(UPPOR)-2.5 E 2.5(TF)-.6 G 1.12(\
+ILES ..................................................................\
+............)-2.5 F(113)21 E 0 Cg EP
%%Trailer
end
%%EOF
diff --git a/editmap/Makefile b/editmap/Makefile
index f08d5a7ccde9..b173ba9fa62b 100644
--- a/editmap/Makefile
+++ b/editmap/Makefile
@@ -1,17 +1,19 @@
# $Id: Makefile,v 1.1 2000-08-31 16:19:25 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/editmap/editmap.0 b/editmap/editmap.0
index 664edb33f276..378dbb49ba1b 100644
--- a/editmap/editmap.0
+++ b/editmap/editmap.0
@@ -1,62 +1,62 @@
EDITMAP(8) EDITMAP(8)
-NNAAMMEE
- eeddiittmmaapp - query and edit single records in database maps for sendmail
+NAME
+ editmap - query and edit single records in database maps for sendmail
-SSYYNNOOPPSSIISS
- eeddiittmmaapp [--CC _f_i_l_e] [--NN] [--ff] [--qq||--uu||--xx] maptype mapname key [ "value
+SYNOPSIS
+ editmap [-C file] [-N] [-f] [-q|-u|-x] maptype mapname key [ "value
..." ]
-DDEESSCCRRIIPPTTIIOONN
- EEddiittmmaapp queries or edits one record in database maps used by the keyed
+DESCRIPTION
+ Editmap queries or edits one record in database maps used by the keyed
map lookups in sendmail(8). Arguments are passed on the command line
and output (for queries) is directed to standard output.
- Depending on how it is compiled, eeddiittmmaapp handles up to three different
- database formats, selected using the _m_a_p_t_y_p_e parameter. They may be
+ Depending on how it is compiled, editmap handles up to three different
+ database formats, selected using the maptype parameter. They may be
dbm DBM format maps. This requires the ndbm(3) library.
btree B-Tree format maps. This requires the new Berkeley DB library.
hash Hash format maps. This also requires the Berkeley DB library.
- If the _T_r_u_s_t_e_d_U_s_e_r option is set in the sendmail configuration file and
- eeddiittmmaapp is invoked as root, the generated files will be owned by the
- specified _T_r_u_s_t_e_d_U_s_e_r_.
+ If the TrustedUser option is set in the sendmail configuration file and
+ editmap is invoked as root, the generated files will be owned by the
+ specified TrustedUser.
- FFllaaggss
- --CC Use the specified sseennddmmaaiill configuration file for looking up the
+ Flags
+ -C Use the specified sendmail configuration file for looking up the
TrustedUser option.
- --NN Include the null byte that terminates strings in the map (for
+ -N Include the null byte that terminates strings in the map (for
alias maps).
- --ff Normally all upper case letters in the key are folded to lower
+ -f Normally all upper case letters in the key are folded to lower
case. This flag disables that behaviour. This is intended to
- mesh with the -f flag in the KK line in sendmail.cf. The value
+ mesh with the -f flag in the K line in sendmail.cf. The value
is never case folded.
- --qq Query the map for the specified key. If found, print value to
+ -q Query the map for the specified key. If found, print value to
standard output and exit with 0. If not found then print an
error message to stdout and exit with EX_UNAVAILABLE.
- --uu Update the record for _k_e_y with _v_a_l_u_e or inserts a new record if
+ -u Update the record for key with value or inserts a new record if
one doesn't exist. Exits with 0 on success or EX_IOERR on fail-
ure.
- --xx Deletes the specific key from the map. Exits with 0 on success
+ -x Deletes the specific key from the map. Exits with 0 on success
or EX_IOERR on failure.
- SSEEEE AALLSSOO
+ SEE ALSO
sendmail(8), makemap(8)
-HHIISSTTOORRYY
- The eeddiittmmaapp command has no history.
+HISTORY
+ The editmap command has no history.
$Date: 2013-11-22 20:51:26 $ EDITMAP(8)
diff --git a/editmap/editmap.c b/editmap/editmap.c
index 66ee5793d5d7..c3454cb495ae 100644
--- a/editmap/editmap.c
+++ b/editmap/editmap.c
@@ -1,417 +1,417 @@
/*
* Copyright (c) 1998-2002, 2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1992 Eric P. Allman. All rights reserved.
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
#ifndef lint
SM_UNUSED(static char copyright[]) =
"@(#) Copyright (c) 1998-2001 Proofpoint, Inc. and its suppliers.\n\
All rights reserved.\n\
Copyright (c) 1992 Eric P. Allman. All rights reserved.\n\
Copyright (c) 1992, 1993\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* ! lint */
#ifndef lint
SM_UNUSED(static char id[]) = "@(#)$Id: editmap.c,v 1.26 2013-11-22 20:51:26 ca Exp $";
-#endif /* ! lint */
+#endif
#include <sys/types.h>
#ifndef ISC_UNIX
# include <sys/file.h>
-#endif /* ! ISC_UNIX */
+#endif
#include <ctype.h>
#include <stdlib.h>
#include <unistd.h>
#ifdef EX_OK
# undef EX_OK /* unistd.h may have another use for this */
-#endif /* EX_OK */
+#endif
#include <sysexits.h>
#include <assert.h>
#include <sendmail/sendmail.h>
#include <sendmail/pathnames.h>
#include <libsmdb/smdb.h>
uid_t RealUid;
gid_t RealGid;
char *RealUserName;
uid_t RunAsUid;
gid_t RunAsGid;
char *RunAsUserName;
int Verbose = 2;
bool DontInitGroups = false;
uid_t TrustedUid = 0;
BITMAP256 DontBlameSendmail;
#define BUFSIZE 1024
#define ISSEP(c) (isascii(c) && isspace(c))
static void usage __P((char *));
static void
usage(progname)
char *progname;
{
fprintf(stderr,
"Usage: %s [-C cffile] [-N] [-f] [-q|-u|-x] maptype mapname key [ \"value ...\" ]\n",
progname);
exit(EX_USAGE);
}
int
main(argc, argv)
int argc;
char **argv;
{
char *progname;
char *cfile;
bool query = false;
bool update = false;
bool remove = false;
bool inclnull = false;
bool foldcase = true;
unsigned int nops = 0;
int exitstat;
int opt;
char *typename = NULL;
char *mapname = NULL;
char *keyname = NULL;
char *value = NULL;
int mode;
int smode;
int putflags = 0;
long sff = SFF_ROOTOK|SFF_REGONLY;
struct passwd *pw;
SMDB_DATABASE *database;
SMDB_DBENT db_key, db_val;
SMDB_DBPARAMS params;
SMDB_USER_INFO user_info;
#if HASFCHOWN
FILE *cfp;
char buf[MAXLINE];
-#endif /* HASFCHOWN */
+#endif
static char rnamebuf[MAXNAME]; /* holds RealUserName */
extern char *optarg;
extern int optind;
memset(&params, '\0', sizeof params);
params.smdbp_cache_size = 1024 * 1024;
progname = strrchr(argv[0], '/');
if (progname != NULL)
progname++;
else
progname = argv[0];
cfile = _PATH_SENDMAILCF;
clrbitmap(DontBlameSendmail);
RunAsUid = RealUid = getuid();
RunAsGid = RealGid = getgid();
pw = getpwuid(RealUid);
if (pw != NULL)
(void) sm_strlcpy(rnamebuf, pw->pw_name, sizeof rnamebuf);
else
(void) sm_snprintf(rnamebuf, sizeof rnamebuf,
"Unknown UID %d", (int) RealUid);
RunAsUserName = RealUserName = rnamebuf;
user_info.smdbu_id = RunAsUid;
user_info.smdbu_group_id = RunAsGid;
(void) sm_strlcpy(user_info.smdbu_name, RunAsUserName,
SMDB_MAX_USER_NAME_LEN);
#define OPTIONS "C:fquxN"
while ((opt = getopt(argc, argv, OPTIONS)) != -1)
{
switch (opt)
{
case 'C':
cfile = optarg;
break;
case 'f':
foldcase = false;
break;
case 'q':
query = true;
nops++;
break;
case 'u':
update = true;
nops++;
break;
case 'x':
remove = true;
nops++;
break;
case 'N':
inclnull = true;
break;
default:
usage(progname);
assert(0); /* NOTREACHED */
}
}
if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
sff |= SFF_NOSLINK;
if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
sff |= SFF_NOHLINK;
if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
sff |= SFF_NOWLINK;
argc -= optind;
argv += optind;
if ((nops != 1) ||
(query && argc != 3) ||
(remove && argc != 3) ||
(update && argc <= 3))
{
usage(progname);
assert(0); /* NOTREACHED */
}
typename = argv[0];
mapname = argv[1];
keyname = argv[2];
if (update)
value = argv[3];
if (foldcase)
{
char *p;
for (p = keyname; *p != '\0'; p++)
{
if (isascii(*p) && isupper(*p))
*p = tolower(*p);
}
}
#if HASFCHOWN
/* Find TrustedUser value in sendmail.cf */
if ((cfp = fopen(cfile, "r")) == NULL)
{
fprintf(stderr, "%s: %s: %s\n", progname,
cfile, sm_errstring(errno));
exit(EX_NOINPUT);
}
while (fgets(buf, sizeof(buf), cfp) != NULL)
{
register char *b;
if ((b = strchr(buf, '\n')) != NULL)
*b = '\0';
b = buf;
switch (*b++)
{
case 'O': /* option */
if (strncasecmp(b, " TrustedUser", 12) == 0 &&
!(isascii(b[12]) && isalnum(b[12])))
{
b = strchr(b, '=');
if (b == NULL)
continue;
while (isascii(*++b) && isspace(*b))
continue;
if (isascii(*b) && isdigit(*b))
TrustedUid = atoi(b);
else
{
TrustedUid = 0;
pw = getpwnam(b);
if (pw == NULL)
fprintf(stderr,
"TrustedUser: unknown user %s\n", b);
else
TrustedUid = pw->pw_uid;
}
# ifdef UID_MAX
if (TrustedUid > UID_MAX)
{
fprintf(stderr,
"TrustedUser: uid value (%ld) > UID_MAX (%ld)",
(long) TrustedUid,
(long) UID_MAX);
TrustedUid = 0;
}
# endif /* UID_MAX */
break;
}
default:
continue;
}
}
(void) fclose(cfp);
#endif /* HASFCHOWN */
if (query)
{
mode = O_RDONLY;
smode = S_IRUSR;
}
else
{
mode = O_RDWR | O_CREAT;
sff |= SFF_CREAT|SFF_NOTEXCL;
smode = S_IWUSR;
}
params.smdbp_num_elements = 4096;
errno = smdb_open_database(&database, mapname, mode, smode, sff,
typename, &user_info, &params);
if (errno != SMDBE_OK)
{
char *hint;
if (errno == SMDBE_UNSUPPORTED_DB_TYPE &&
(hint = smdb_db_definition(typename)) != NULL)
fprintf(stderr,
"%s: Need to recompile with -D%s for %s support\n",
progname, hint, typename);
else
fprintf(stderr,
"%s: error opening type %s map %s: %s\n",
progname, typename, mapname,
sm_errstring(errno));
exit(EX_CANTCREAT);
}
(void) database->smdb_sync(database, 0);
if (geteuid() == 0 && TrustedUid != 0)
{
errno = database->smdb_set_owner(database, TrustedUid, -1);
if (errno != SMDBE_OK)
{
fprintf(stderr,
"WARNING: ownership change on %s failed %s",
mapname, sm_errstring(errno));
}
}
exitstat = EX_OK;
if (query)
{
memset(&db_key, '\0', sizeof db_key);
memset(&db_val, '\0', sizeof db_val);
db_key.data = keyname;
db_key.size = strlen(keyname);
if (inclnull)
db_key.size++;
errno = database->smdb_get(database, &db_key, &db_val, 0);
if (errno != SMDBE_OK)
{
/* XXX - Need to distinguish between not found */
fprintf(stderr,
"%s: couldn't find key %s in map %s\n",
progname, keyname, mapname);
exitstat = EX_UNAVAILABLE;
}
else
{
printf("%.*s\n", (int) db_val.size,
(char *) db_val.data);
}
}
else if (update)
{
memset(&db_key, '\0', sizeof db_key);
memset(&db_val, '\0', sizeof db_val);
db_key.data = keyname;
db_key.size = strlen(keyname);
if (inclnull)
db_key.size++;
db_val.data = value;
db_val.size = strlen(value);
if (inclnull)
db_val.size++;
errno = database->smdb_put(database, &db_key, &db_val,
putflags);
if (errno != SMDBE_OK)
{
fprintf(stderr,
"%s: error updating (%s, %s) in map %s: %s\n",
progname, keyname, value, mapname,
sm_errstring(errno));
exitstat = EX_IOERR;
}
}
else if (remove)
{
memset(&db_key, '\0', sizeof db_key);
memset(&db_val, '\0', sizeof db_val);
db_key.data = keyname;
db_key.size = strlen(keyname);
if (inclnull)
db_key.size++;
errno = database->smdb_del(database, &db_key, 0);
switch (errno)
{
case SMDBE_NOT_FOUND:
fprintf(stderr,
"%s: key %s doesn't exist in map %s\n",
progname, keyname, mapname);
/* Don't set exitstat */
break;
case SMDBE_OK:
/* All's well */
break;
default:
fprintf(stderr,
"%s: couldn't remove key %s in map %s (error)\n",
progname, keyname, mapname);
exitstat = EX_IOERR;
break;
}
}
else
{
assert(0); /* NOT REACHED */
}
/*
** Now close the database.
*/
errno = database->smdb_close(database);
if (errno != SMDBE_OK)
{
fprintf(stderr, "%s: close(%s): %s\n",
progname, mapname, sm_errstring(errno));
exitstat = EX_IOERR;
}
smdb_free_database(database);
exit(exitstat);
/* NOTREACHED */
return exitstat;
}
diff --git a/include/libmilter/mfapi.h b/include/libmilter/mfapi.h
index 039a16a94481..2b012d86af2b 100644
--- a/include/libmilter/mfapi.h
+++ b/include/libmilter/mfapi.h
@@ -1,603 +1,603 @@
/*
* Copyright (c) 1999-2004, 2006, 2008, 2012 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*
* $Id: mfapi.h,v 8.83 2013-11-22 20:51:27 ca Exp $
*/
/*
** MFAPI.H -- Global definitions for mail filter library and mail filters.
*/
#ifndef _LIBMILTER_MFAPI_H
# define _LIBMILTER_MFAPI_H 1
#ifndef SMFI_VERSION
# if _FFR_MDS_NEGOTIATE
# define SMFI_VERSION 0x01000002 /* libmilter version number */
/* first libmilter version that has MDS support */
# define SMFI_VERSION_MDS 0x01000002
# else /* _FFR_MDS_NEGOTIATE */
# define SMFI_VERSION 0x01000001 /* libmilter version number */
# endif /* _FFR_MDS_NEGOTIATE */
#endif /* ! SMFI_VERSION */
#define SM_LM_VRS_MAJOR(v) (((v) & 0x7f000000) >> 24)
#define SM_LM_VRS_MINOR(v) (((v) & 0x007fff00) >> 8)
#define SM_LM_VRS_PLVL(v) ((v) & 0x0000007f)
# include <sys/types.h>
# include <sys/socket.h>
#include "libmilter/mfdef.h"
# define LIBMILTER_API extern
/* Only need to export C interface if used by C++ source code */
#ifdef __cplusplus
extern "C" {
-#endif /* __cplusplus */
+#endif
#ifndef _SOCK_ADDR
# define _SOCK_ADDR struct sockaddr
-#endif /* ! _SOCK_ADDR */
+#endif
/*
** libmilter functions return one of the following to indicate
** success/failure(/continue):
*/
#define MI_SUCCESS 0
#define MI_FAILURE (-1)
#if _FFR_WORKERS_POOL
# define MI_CONTINUE 1
-#endif /* _FFR_WORKERS_POOL */
+#endif
/* "forward" declarations */
typedef struct smfi_str SMFICTX;
typedef struct smfi_str *SMFICTX_PTR;
typedef struct smfiDesc smfiDesc_str;
typedef struct smfiDesc *smfiDesc_ptr;
/*
** Type which callbacks should return to indicate message status.
** This may take on one of the SMFIS_* values listed below.
*/
typedef int sfsistat;
#if defined(__linux__) && defined(__GNUC__) && defined(__cplusplus) && __GNUC_MINOR__ >= 8
# define SM__P(X) __PMT(X)
-#else /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */
+#else
# define SM__P(X) __P(X)
-#endif /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */
+#endif
/* Some platforms don't define __P -- do it for them here: */
#ifndef __P
# ifdef __STDC__
# define __P(X) X
-# else /* __STDC__ */
+# else
# define __P(X) ()
-# endif /* __STDC__ */
+# endif
#endif /* __P */
#if SM_CONF_STDBOOL_H
# include <stdbool.h>
#else /* SM_CONF_STDBOOL_H */
# ifndef __cplusplus
# ifndef bool
# ifndef __bool_true_false_are_defined
typedef int bool;
# define false 0
# define true 1
# define __bool_true_false_are_defined 1
# endif /* ! __bool_true_false_are_defined */
# endif /* bool */
# endif /* ! __cplusplus */
#endif /* SM_CONF_STDBOOL_H */
/*
** structure describing one milter
*/
struct smfiDesc
{
char *xxfi_name; /* filter name */
int xxfi_version; /* version code -- do not change */
unsigned long xxfi_flags; /* flags */
/* connection info filter */
sfsistat (*xxfi_connect) SM__P((SMFICTX *, char *, _SOCK_ADDR *));
/* SMTP HELO command filter */
sfsistat (*xxfi_helo) SM__P((SMFICTX *, char *));
/* envelope sender filter */
sfsistat (*xxfi_envfrom) SM__P((SMFICTX *, char **));
/* envelope recipient filter */
sfsistat (*xxfi_envrcpt) SM__P((SMFICTX *, char **));
/* header filter */
sfsistat (*xxfi_header) SM__P((SMFICTX *, char *, char *));
/* end of header */
sfsistat (*xxfi_eoh) SM__P((SMFICTX *));
/* body block */
sfsistat (*xxfi_body) SM__P((SMFICTX *, unsigned char *, size_t));
/* end of message */
sfsistat (*xxfi_eom) SM__P((SMFICTX *));
/* message aborted */
sfsistat (*xxfi_abort) SM__P((SMFICTX *));
/* connection cleanup */
sfsistat (*xxfi_close) SM__P((SMFICTX *));
/* any unrecognized or unimplemented command filter */
sfsistat (*xxfi_unknown) SM__P((SMFICTX *, const char *));
/* SMTP DATA command filter */
sfsistat (*xxfi_data) SM__P((SMFICTX *));
/* negotiation callback */
sfsistat (*xxfi_negotiate) SM__P((SMFICTX *,
unsigned long, unsigned long,
unsigned long, unsigned long,
unsigned long *, unsigned long *,
unsigned long *, unsigned long *));
#if 0
/* signal handler callback, not yet implemented. */
int (*xxfi_signal) SM__P((int));
#endif
};
LIBMILTER_API int smfi_opensocket __P((bool));
LIBMILTER_API int smfi_register __P((struct smfiDesc));
LIBMILTER_API int smfi_main __P((void));
LIBMILTER_API int smfi_setbacklog __P((int));
LIBMILTER_API int smfi_setdbg __P((int));
LIBMILTER_API int smfi_settimeout __P((int));
LIBMILTER_API int smfi_setconn __P((char *));
LIBMILTER_API int smfi_stop __P((void));
LIBMILTER_API size_t smfi_setmaxdatasize __P((size_t));
LIBMILTER_API int smfi_version __P((unsigned int *, unsigned int *, unsigned int *));
/*
** What the filter might do -- values to be ORed together for
** smfiDesc.xxfi_flags.
*/
#define SMFIF_NONE 0x00000000L /* no flags */
#define SMFIF_ADDHDRS 0x00000001L /* filter may add headers */
#define SMFIF_CHGBODY 0x00000002L /* filter may replace body */
#define SMFIF_MODBODY SMFIF_CHGBODY /* backwards compatible */
#define SMFIF_ADDRCPT 0x00000004L /* filter may add recipients */
#define SMFIF_DELRCPT 0x00000008L /* filter may delete recipients */
#define SMFIF_CHGHDRS 0x00000010L /* filter may change/delete headers */
#define SMFIF_QUARANTINE 0x00000020L /* filter may quarantine envelope */
/* filter may change "from" (envelope sender) */
#define SMFIF_CHGFROM 0x00000040L
#define SMFIF_ADDRCPT_PAR 0x00000080L /* add recipients incl. args */
/* filter can send set of symbols (macros) that it wants */
#define SMFIF_SETSYMLIST 0x00000100L
/*
** Macro "places";
** Notes:
** - must be coordinated with libmilter/engine.c and sendmail/milter.c
** - the order MUST NOT be changed as it would break compatibility between
** different versions. It's ok to append new entries however
** (hence the list is not sorted by the SMT protocol steps).
*/
#define SMFIM_NOMACROS (-1) /* Do NOT use, internal only */
#define SMFIM_FIRST 0 /* Do NOT use, internal marker only */
#define SMFIM_CONNECT 0 /* connect */
#define SMFIM_HELO 1 /* HELO/EHLO */
#define SMFIM_ENVFROM 2 /* MAIL From */
#define SMFIM_ENVRCPT 3 /* RCPT To */
#define SMFIM_DATA 4 /* DATA */
#define SMFIM_EOM 5 /* end of message (final dot) */
#define SMFIM_EOH 6 /* end of header */
#define SMFIM_LAST 6 /* Do NOT use, internal marker only */
/*
** Continue processing message/connection.
*/
#define SMFIS_CONTINUE 0
/*
** Reject the message/connection.
** No further routines will be called for this message
** (or connection, if returned from a connection-oriented routine).
*/
#define SMFIS_REJECT 1
/*
** Accept the message,
** but silently discard the message.
** No further routines will be called for this message.
** This is only meaningful from message-oriented routines.
*/
#define SMFIS_DISCARD 2
/*
** Accept the message/connection.
** No further routines will be called for this message
** (or connection, if returned from a connection-oriented routine;
** in this case, it causes all messages on this connection
** to be accepted without filtering).
*/
#define SMFIS_ACCEPT 3
/*
** Return a temporary failure, i.e.,
** the corresponding SMTP command will return a 4xx status code.
** In some cases this may prevent further routines from
** being called on this message or connection,
** although in other cases (e.g., when processing an envelope
** recipient) processing of the message will continue.
*/
#define SMFIS_TEMPFAIL 4
/*
** Do not send a reply to the MTA
*/
#define SMFIS_NOREPLY 7
/*
** Skip over rest of same callbacks, e.g., body.
*/
#define SMFIS_SKIP 8
/* xxfi_negotiate: use all existing protocol options/actions */
#define SMFIS_ALL_OPTS 10
#if 0
/*
** Filter Routine Details
*/
/* connection info filter */
extern sfsistat xxfi_connect __P((SMFICTX *, char *, _SOCK_ADDR *));
/*
** xxfi_connect(ctx, hostname, hostaddr) Invoked on each connection
**
** char *hostname; Host domain name, as determined by a reverse lookup
** on the host address.
** _SOCK_ADDR *hostaddr; Host address, as determined by a getpeername
** call on the SMTP socket.
*/
/* SMTP HELO command filter */
extern sfsistat xxfi_helo __P((SMFICTX *, char *));
/*
** xxfi_helo(ctx, helohost) Invoked on SMTP HELO/EHLO command
**
** char *helohost; Value passed to HELO/EHLO command, which should be
** the domain name of the sending host (but is, in practice,
** anything the sending host wants to send).
*/
/* envelope sender filter */
extern sfsistat xxfi_envfrom __P((SMFICTX *, char **));
/*
** xxfi_envfrom(ctx, argv) Invoked on envelope from
**
** char **argv; Null-terminated SMTP command arguments;
** argv[0] is guaranteed to be the sender address.
** Later arguments are the ESMTP arguments.
*/
/* envelope recipient filter */
extern sfsistat xxfi_envrcpt __P((SMFICTX *, char **));
/*
** xxfi_envrcpt(ctx, argv) Invoked on each envelope recipient
**
** char **argv; Null-terminated SMTP command arguments;
** argv[0] is guaranteed to be the recipient address.
** Later arguments are the ESMTP arguments.
*/
/* unknown command filter */
extern sfsistat *xxfi_unknown __P((SMFICTX *, const char *));
/*
** xxfi_unknown(ctx, arg) Invoked when SMTP command is not recognized or not
** implemented.
** const char *arg; Null-terminated SMTP command
*/
/* header filter */
extern sfsistat xxfi_header __P((SMFICTX *, char *, char *));
/*
** xxfi_header(ctx, headerf, headerv) Invoked on each message header. The
** content of the header may have folded white space (that is, multiple
** lines with following white space) included.
**
** char *headerf; Header field name
** char *headerv; Header field value
*/
/* end of header */
extern sfsistat xxfi_eoh __P((SMFICTX *));
/*
** xxfi_eoh(ctx) Invoked at end of header
*/
/* body block */
extern sfsistat xxfi_body __P((SMFICTX *, unsigned char *, size_t));
/*
** xxfi_body(ctx, bodyp, bodylen) Invoked for each body chunk. There may
** be multiple body chunks passed to the filter. End-of-lines are
** represented as received from SMTP (normally Carriage-Return/Line-Feed).
**
** unsigned char *bodyp; Pointer to body data
** size_t bodylen; Length of body data
*/
/* end of message */
extern sfsistat xxfi_eom __P((SMFICTX *));
/*
** xxfi_eom(ctx) Invoked at end of message. This routine can perform
** special operations such as modifying the message header, body, or
** envelope.
*/
/* message aborted */
extern sfsistat xxfi_abort __P((SMFICTX *));
/*
** xxfi_abort(ctx) Invoked if message is aborted outside of the control of
** the filter, for example, if the SMTP sender issues an RSET command. If
** xxfi_abort is called, xxfi_eom will not be called and vice versa.
*/
/* connection cleanup */
extern sfsistat xxfi_close __P((SMFICTX *));
/*
** xxfi_close(ctx) Invoked at end of the connection. This is called on
** close even if the previous mail transaction was aborted.
*/
#endif /* 0 */
/*
** Additional information is passed in to the vendor filter routines using
** symbols. Symbols correspond closely to sendmail macros. The symbols
** defined depend on the context. The value of a symbol is accessed using:
*/
/* Return the value of a symbol. */
LIBMILTER_API char * smfi_getsymval __P((SMFICTX *, char *));
/*
** Return the value of a symbol.
**
** SMFICTX *ctx; Opaque context structure
** char *symname; The name of the symbol to access.
*/
/*
** Vendor filter routines that want to pass additional information back to
** the MTA for use in SMTP replies may call smfi_setreply before returning.
*/
LIBMILTER_API int smfi_setreply __P((SMFICTX *, char *, char *, char *));
/*
** Alternatively, smfi_setmlreply can be called if a multi-line SMTP reply
** is needed.
*/
LIBMILTER_API int smfi_setmlreply __P((SMFICTX *, const char *, const char *, ...));
/*
** Set the specific reply code to be used in response to the active
** command. If not specified, a generic reply code is used.
**
** SMFICTX *ctx; Opaque context structure
** char *rcode; The three-digit (RFC 821) SMTP reply code to be
** returned, e.g., ``551''.
** char *xcode; The extended (RFC 2034) reply code, e.g., ``5.7.6''.
** char *message; The text part of the SMTP reply.
*/
/*
** The xxfi_eom routine is called at the end of a message (essentially,
** after the final DATA dot). This routine can call some special routines
** to modify the envelope, header, or body of the message before the
** message is enqueued. These routines must not be called from any vendor
** routine other than xxfi_eom.
*/
LIBMILTER_API int smfi_addheader __P((SMFICTX *, char *, char *));
/*
** Add a header to the message. It is not checked for standards
** compliance; the mail filter must ensure that no protocols are violated
** as a result of adding this header.
**
** SMFICTX *ctx; Opaque context structure
** char *headerf; Header field name
** char *headerv; Header field value
*/
LIBMILTER_API int smfi_chgheader __P((SMFICTX *, char *, int, char *));
/*
** Change/delete a header in the message. It is not checked for standards
** compliance; the mail filter must ensure that no protocols are violated
** as a result of adding this header.
**
** SMFICTX *ctx; Opaque context structure
** char *headerf; Header field name
-** int index; The Nth occurence of header field name
+** int index; The Nth occurrence of header field name
** char *headerv; New header field value (empty for delete header)
*/
LIBMILTER_API int smfi_insheader __P((SMFICTX *, int, char *, char *));
/*
** Insert a header into the message. It is not checked for standards
** compliance; the mail filter must ensure that no protocols are violated
** as a result of adding this header.
**
** SMFICTX *ctx; Opaque context structure
** int idx; index into the header list where the insertion should happen
** char *headerh; Header field name
** char *headerv; Header field value
*/
LIBMILTER_API int smfi_chgfrom __P((SMFICTX *, char *, char *));
/*
** Modify envelope sender address
**
** SMFICTX *ctx; Opaque context structure
** char *mail; New envelope sender address
** char *args; ESMTP arguments
*/
LIBMILTER_API int smfi_addrcpt __P((SMFICTX *, char *));
/*
** Add a recipient to the envelope
**
** SMFICTX *ctx; Opaque context structure
** char *rcpt; Recipient to be added
*/
LIBMILTER_API int smfi_addrcpt_par __P((SMFICTX *, char *, char *));
/*
** Add a recipient to the envelope
**
** SMFICTX *ctx; Opaque context structure
** char *rcpt; Recipient to be added
** char *args; ESMTP arguments
*/
LIBMILTER_API int smfi_delrcpt __P((SMFICTX *, char *));
/*
** Send a "no-op" up to the MTA to tell it we're still alive, so long
** milter-side operations don't time out.
**
** SMFICTX *ctx; Opaque context structure
*/
LIBMILTER_API int smfi_progress __P((SMFICTX *));
/*
** Delete a recipient from the envelope
**
** SMFICTX *ctx; Opaque context structure
** char *rcpt; Envelope recipient to be deleted. This should be in
** exactly the form passed to xxfi_envrcpt or the address may
** not be deleted.
*/
LIBMILTER_API int smfi_replacebody __P((SMFICTX *, unsigned char *, int));
/*
** Replace the body of the message. This routine may be called multiple
** times if the body is longer than convenient to send in one call. End of
** line should be represented as Carriage-Return/Line Feed.
**
** char *bodyp; Pointer to block of body information to insert
** int bodylen; Length of data pointed at by bodyp
*/
/*
** If the message is aborted (for example, if the SMTP sender sends the
** envelope but then does a QUIT or RSET before the data is sent),
** xxfi_abort is called. This can be used to reset state.
*/
/*
** Quarantine an envelope
**
** SMFICTX *ctx; Opaque context structure
** char *reason: explanation
*/
LIBMILTER_API int smfi_quarantine __P((SMFICTX *ctx, char *reason));
/*
** Connection-private data (specific to an SMTP connection) can be
** allocated using the smfi_setpriv routine; routines can access private
** data using smfi_getpriv.
*/
LIBMILTER_API int smfi_setpriv __P((SMFICTX *, void *));
/*
** Set the private data pointer
**
** SMFICTX *ctx; Opaque context structure
** void *privatedata; Pointer to private data area
*/
LIBMILTER_API void *smfi_getpriv __P((SMFICTX *));
/*
** Get the private data pointer
**
** SMFICTX *ctx; Opaque context structure
** void *privatedata; Pointer to private data area
*/
LIBMILTER_API int smfi_setsymlist __P((SMFICTX *, int, char *));
/*
** Set list of symbols (macros) to receive
**
** SMFICTX *ctx; Opaque context structure
** int where; where in the SMTP dialogue should the macros be sent
** char *macros; list of macros (space separated)
*/
#if _FFR_THREAD_MONITOR
LIBMILTER_API int smfi_set_max_exec_time __P((unsigned int));
-#endif /* _FFR_THREAD_MONITOR */
+#endif
#ifdef __cplusplus
}
-#endif /* __cplusplus */
+#endif
#endif /* ! _LIBMILTER_MFAPI_H */
diff --git a/include/libmilter/mfdef.h b/include/libmilter/mfdef.h
index 7dc9d5eb4341..02a34d3a2028 100644
--- a/include/libmilter/mfdef.h
+++ b/include/libmilter/mfdef.h
@@ -1,126 +1,126 @@
/*
* Copyright (c) 1999-2007 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*
* $Id: mfdef.h,v 8.40 2013-11-22 20:51:27 ca Exp $
*/
/*
** mfdef.h -- Global definitions for mail filter and MTA.
*/
#ifndef _LIBMILTER_MFDEF_H
# define _LIBMILTER_MFDEF_H 1
#ifndef SMFI_PROT_VERSION
# define SMFI_PROT_VERSION 6 /* MTA - libmilter protocol version */
-#endif /* SMFI_PROT_VERSION */
+#endif
/* Shared protocol constants */
#define MILTER_LEN_BYTES 4 /* length of 32 bit integer in bytes */
#define MILTER_OPTLEN (MILTER_LEN_BYTES * 3) /* length of options */
#define MILTER_CHUNK_SIZE 65535 /* body chunk size */
#define MILTER_MAX_DATA_SIZE 65535 /* default milter command data limit */
#if _FFR_MDS_NEGOTIATE
# define MILTER_MDS_64K ((64 * 1024) - 1)
# define MILTER_MDS_256K ((256 * 1024) - 1)
# define MILTER_MDS_1M ((1024 * 1024) - 1)
#endif /* _FFR_MDS_NEGOTIATE */
/* These apply to SMFIF_* flags */
#define SMFI_V1_ACTS 0x0000000FL /* The actions of V1 filter */
#define SMFI_V2_ACTS 0x0000003FL /* The actions of V2 filter */
#define SMFI_CURR_ACTS 0x000001FFL /* actions of current version */
/* address families */
#define SMFIA_UNKNOWN 'U' /* unknown */
#define SMFIA_UNIX 'L' /* unix/local */
#define SMFIA_INET '4' /* inet */
#define SMFIA_INET6 '6' /* inet6 */
/* commands: don't use anything smaller than ' ' */
#define SMFIC_ABORT 'A' /* Abort */
#define SMFIC_BODY 'B' /* Body chunk */
#define SMFIC_CONNECT 'C' /* Connection information */
#define SMFIC_MACRO 'D' /* Define macro */
#define SMFIC_BODYEOB 'E' /* final body chunk (End) */
#define SMFIC_HELO 'H' /* HELO/EHLO */
#define SMFIC_QUIT_NC 'K' /* QUIT but new connection follows */
#define SMFIC_HEADER 'L' /* Header */
#define SMFIC_MAIL 'M' /* MAIL from */
#define SMFIC_EOH 'N' /* EOH */
#define SMFIC_OPTNEG 'O' /* Option negotiation */
#define SMFIC_QUIT 'Q' /* QUIT */
#define SMFIC_RCPT 'R' /* RCPT to */
#define SMFIC_DATA 'T' /* DATA */
#define SMFIC_UNKNOWN 'U' /* Any unknown command */
/* actions (replies) */
#define SMFIR_ADDRCPT '+' /* add recipient */
#define SMFIR_DELRCPT '-' /* remove recipient */
#define SMFIR_ADDRCPT_PAR '2' /* add recipient (incl. ESMTP args) */
#define SMFIR_SHUTDOWN '4' /* 421: shutdown (internal to MTA) */
#define SMFIR_ACCEPT 'a' /* accept */
#define SMFIR_REPLBODY 'b' /* replace body (chunk) */
#define SMFIR_CONTINUE 'c' /* continue */
#define SMFIR_DISCARD 'd' /* discard */
#define SMFIR_CHGFROM 'e' /* change envelope sender (from) */
#define SMFIR_CONN_FAIL 'f' /* cause a connection failure */
#define SMFIR_ADDHEADER 'h' /* add header */
#define SMFIR_INSHEADER 'i' /* insert header */
#define SMFIR_SETSYMLIST 'l' /* set list of symbols (macros) */
#define SMFIR_CHGHEADER 'm' /* change header */
#define SMFIR_PROGRESS 'p' /* progress */
#define SMFIR_QUARANTINE 'q' /* quarantine */
#define SMFIR_REJECT 'r' /* reject */
#define SMFIR_SKIP 's' /* skip */
#define SMFIR_TEMPFAIL 't' /* tempfail */
#define SMFIR_REPLYCODE 'y' /* reply code etc */
/* What the MTA can send/filter wants in protocol */
#define SMFIP_NOCONNECT 0x00000001L /* MTA should not send connect info */
#define SMFIP_NOHELO 0x00000002L /* MTA should not send HELO info */
#define SMFIP_NOMAIL 0x00000004L /* MTA should not send MAIL info */
#define SMFIP_NORCPT 0x00000008L /* MTA should not send RCPT info */
#define SMFIP_NOBODY 0x00000010L /* MTA should not send body */
#define SMFIP_NOHDRS 0x00000020L /* MTA should not send headers */
#define SMFIP_NOEOH 0x00000040L /* MTA should not send EOH */
#define SMFIP_NR_HDR 0x00000080L /* No reply for headers */
#define SMFIP_NOHREPL SMFIP_NR_HDR /* No reply for headers */
#define SMFIP_NOUNKNOWN 0x00000100L /* MTA should not send unknown commands */
#define SMFIP_NODATA 0x00000200L /* MTA should not send DATA */
#define SMFIP_SKIP 0x00000400L /* MTA understands SMFIS_SKIP */
#define SMFIP_RCPT_REJ 0x00000800L /* MTA should also send rejected RCPTs */
#define SMFIP_NR_CONN 0x00001000L /* No reply for connect */
#define SMFIP_NR_HELO 0x00002000L /* No reply for HELO */
#define SMFIP_NR_MAIL 0x00004000L /* No reply for MAIL */
#define SMFIP_NR_RCPT 0x00008000L /* No reply for RCPT */
#define SMFIP_NR_DATA 0x00010000L /* No reply for DATA */
#define SMFIP_NR_UNKN 0x00020000L /* No reply for UNKN */
#define SMFIP_NR_EOH 0x00040000L /* No reply for eoh */
#define SMFIP_NR_BODY 0x00080000L /* No reply for body chunk */
#define SMFIP_HDR_LEADSPC 0x00100000L /* header value leading space */
#define SMFIP_MDS_256K 0x10000000L /* MILTER_MAX_DATA_SIZE=256K */
#define SMFIP_MDS_1M 0x20000000L /* MILTER_MAX_DATA_SIZE=1M */
/* #define SMFIP_ 0x40000000L reserved: see SMFI_INTERNAL*/
#define SMFI_V1_PROT 0x0000003FL /* The protocol of V1 filter */
#define SMFI_V2_PROT 0x0000007FL /* The protocol of V2 filter */
/* all defined protocol bits */
#define SMFI_CURR_PROT 0x001FFFFFL
/* internal flags: only used between MTA and libmilter */
#define SMFI_INTERNAL 0x70000000L
#if _FFR_MILTER_CHECK
# define SMFIP_TEST 0x80000000L
-#endif /* _FFR_MILTER_CHECK */
+#endif
#endif /* !_LIBMILTER_MFDEF_H */
diff --git a/include/libsmdb/smdb.h b/include/libsmdb/smdb.h
index a1df6d7ae801..427599ce206c 100644
--- a/include/libsmdb/smdb.h
+++ b/include/libsmdb/smdb.h
@@ -1,360 +1,385 @@
/*
- * Copyright (c) 1999-2002 Proofpoint, Inc. and its suppliers.
+ * Copyright (c) 1999-2002, 2018 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: smdb.h,v 8.42 2013-11-22 20:51:28 ca Exp $
*
*/
#ifndef _SMDB_H_
# define _SMDB_H_
# include <sys/types.h>
# include <sys/stat.h>
# include <sm/gen.h>
# include <sm/errstring.h>
-# ifdef NDBM
+# if NDBM
# include <ndbm.h>
-# endif /* NDBM */
+# endif
-# ifdef NEWDB
+# if NEWDB
# include "sm/bdb.h"
-# endif /* NEWDB */
+# endif
/*
** Some size constants
*/
#define SMDB_MAX_USER_NAME_LEN 1024
/*
** This file defines the abstraction for database lookups. It is pretty
** much a copy of the db2 interface with the exception that every function
** returns 0 on success and non-zero on failure. The non-zero return code
** is meaningful.
**
** I'm going to put the function comments in this file since the interface
** MUST be the same for all inheritors of this interface.
*/
typedef struct database_struct SMDB_DATABASE;
typedef struct cursor_struct SMDB_CURSOR;
typedef struct entry_struct SMDB_DBENT;
/*
** DB_CLOSE_FUNC -- close the database
**
** Parameters:
** db -- The database to close.
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_close_func) __P((SMDB_DATABASE *db));
/*
** DB_DEL_FUNC -- removes a key and data pair from the database
**
** Parameters:
** db -- The database to close.
** key -- The key to remove.
** flags -- delete options. There are currently no defined
** flags for delete.
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_del_func) __P((SMDB_DATABASE *db,
SMDB_DBENT *key, unsigned int flags));
/*
** DB_FD_FUNC -- Returns a pointer to a file used for the database.
**
** Parameters:
** db -- The database to close.
** fd -- A pointer to store the returned fd in.
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_fd_func) __P((SMDB_DATABASE *db, int* fd));
/*
** DB_GET_FUNC -- Gets the data associated with a key.
**
** Parameters:
** db -- The database to close.
** key -- The key to access.
** data -- A place to store the returned data.
** flags -- get options. There are currently no defined
** flags for get.
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_get_func) __P((SMDB_DATABASE *db,
SMDB_DBENT *key,
SMDB_DBENT *data, unsigned int flags));
/*
** DB_PUT_FUNC -- Sets some data according to the key.
**
** Parameters:
** db -- The database to close.
** key -- The key to use.
** data -- The data to store.
** flags -- put options:
** SMDBF_NO_OVERWRITE - Return an error if key alread
** exists.
-** SMDBF_ALLOW_DUP - Allow duplicates in btree maps.
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_put_func) __P((SMDB_DATABASE *db,
SMDB_DBENT *key,
SMDB_DBENT *data, unsigned int flags));
/*
** DB_SYNC_FUNC -- Flush any cached information to disk.
**
** Parameters:
** db -- The database to sync.
** flags -- sync options:
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_sync_func) __P((SMDB_DATABASE *db, unsigned int flags));
/*
** DB_SET_OWNER_FUNC -- Set the owner and group of the database files.
**
** Parameters:
** db -- The database to set.
** uid -- The UID for the new owner (-1 for no change)
** gid -- The GID for the new owner (-1 for no change)
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_set_owner_func) __P((SMDB_DATABASE *db, uid_t uid, gid_t gid));
/*
** DB_CURSOR -- Obtain a cursor for sequential access
**
** Parameters:
** db -- The database to use.
** cursor -- The address of a cursor pointer.
** flags -- sync options:
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_cursor_func) __P((SMDB_DATABASE *db,
SMDB_CURSOR **cursor, unsigned int flags));
typedef int (*db_lockfd_func) __P((SMDB_DATABASE *db));
struct database_struct
{
db_close_func smdb_close;
db_del_func smdb_del;
db_fd_func smdb_fd;
db_get_func smdb_get;
db_put_func smdb_put;
db_sync_func smdb_sync;
db_set_owner_func smdb_set_owner;
db_cursor_func smdb_cursor;
db_lockfd_func smdb_lockfd;
void *smdb_impl;
};
+
/*
** DB_CURSOR_CLOSE -- Close a cursor
**
** Parameters:
** cursor -- The cursor to close.
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_cursor_close_func) __P((SMDB_CURSOR *cursor));
/*
** DB_CURSOR_DEL -- Delete the key/value pair of this cursor
**
** Parameters:
** cursor -- The cursor.
** flags -- flags
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_cursor_del_func) __P((SMDB_CURSOR *cursor,
unsigned int flags));
/*
** DB_CURSOR_GET -- Get the key/value of this cursor.
**
** Parameters:
** cursor -- The cursor.
** key -- The current key.
** value -- The current value
** flags -- flags
**
** Returns:
** 0 - Success, otherwise errno.
** SMDBE_LAST_ENTRY - This is a success condition that
** gets returned when the end of the
** database is hit.
**
*/
typedef int (*db_cursor_get_func) __P((SMDB_CURSOR *cursor,
SMDB_DBENT *key,
SMDB_DBENT *data,
unsigned int flags));
/*
** Flags for DB_CURSOR_GET
*/
-#define SMDB_CURSOR_GET_FIRST 0
-#define SMDB_CURSOR_GET_LAST 1
+#define SMDB_CURSOR_GET_FIRST 0 /* NOT USED by any application */
+#define SMDB_CURSOR_GET_LAST 1 /* NOT USED by any application */
#define SMDB_CURSOR_GET_NEXT 2
-#define SMDB_CURSOR_GET_RANGE 3
+#define SMDB_CURSOR_GET_RANGE 3 /* NOT USED by any application */
/*
** DB_CURSOR_PUT -- Put the key/value at this cursor.
**
** Parameters:
** cursor -- The cursor.
** key -- The current key.
** value -- The current value
** flags -- flags
**
** Returns:
** 0 - Success, otherwise errno.
**
*/
typedef int (*db_cursor_put_func) __P((SMDB_CURSOR *cursor,
SMDB_DBENT *key,
SMDB_DBENT *data,
unsigned int flags));
struct cursor_struct
{
db_cursor_close_func smdbc_close;
db_cursor_del_func smdbc_del;
db_cursor_get_func smdbc_get;
db_cursor_put_func smdbc_put;
void *smdbc_impl;
};
struct database_params_struct
{
unsigned int smdbp_num_elements;
unsigned int smdbp_cache_size;
bool smdbp_allow_dup;
};
typedef struct database_params_struct SMDB_DBPARAMS;
struct database_user_struct
{
uid_t smdbu_id;
gid_t smdbu_group_id;
char smdbu_name[SMDB_MAX_USER_NAME_LEN];
};
typedef struct database_user_struct SMDB_USER_INFO;
struct entry_struct
{
void *data;
size_t size;
};
typedef char *SMDB_DBTYPE;
typedef unsigned int SMDB_FLAG;
/*
** These are types of databases.
*/
# define SMDB_TYPE_DEFAULT NULL
# define SMDB_TYPE_DEFAULT_LEN 0
+# define SMDB_TYPE_IMPL "implicit"
+# define SMDB_TYPE_IMPL_LEN 9
# define SMDB_TYPE_HASH "hash"
# define SMDB_TYPE_HASH_LEN 5
# define SMDB_TYPE_BTREE "btree"
# define SMDB_TYPE_BTREE_LEN 6
# define SMDB_TYPE_NDBM "dbm"
# define SMDB_TYPE_NDBM_LEN 4
+# define SMDB_TYPE_CDB "cdb"
+# define SMDB_TYPE_CDB_LEN 4
+
+# define SMDB_IS_TYPE_HASH(type) (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0)
+# define SMDB_IS_TYPE_BTREE(type) (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0)
+# define SMDB_IS_TYPE_NDBM(type) (strncmp(type, SMDB_TYPE_NDBM, SMDB_TYPE_NDBM_LEN) == 0)
+# define SMDB_IS_TYPE_CDB(type) (strncmp(type, SMDB_TYPE_CDB, SMDB_TYPE_CDB_LEN) == 0)
+
+# define SMDB_IS_TYPE_DEFAULT(t) (((t) == SMDB_TYPE_DEFAULT) \
+ || (strncmp(type, SMDB_TYPE_IMPL, SMDB_TYPE_IMPL_LEN) == 0) \
+ )
+
+# if CDB >= 2
+# define SMCDB_FILE_EXTENSION "db"
+# else
+# define SMCDB_FILE_EXTENSION "cdb"
+# endif
+# define SMDB1_FILE_EXTENSION "db"
+# define SMDB2_FILE_EXTENSION "db"
+# define SMNDB_DIR_FILE_EXTENSION "dir"
/*
** These are flags
*/
/* Flags for put */
# define SMDBF_NO_OVERWRITE 0x00000001
-# define SMDBF_ALLOW_DUP 0x00000002
+typedef int (smdb_open_func) __P((SMDB_DATABASE **, char *, int, int, long, SMDB_DBTYPE, SMDB_USER_INFO *, SMDB_DBPARAMS *));
extern SMDB_DATABASE *smdb_malloc_database __P((void));
extern void smdb_free_database __P((SMDB_DATABASE *));
-extern int smdb_open_database __P((SMDB_DATABASE **, char *, int,
- int, long, SMDB_DBTYPE,
- SMDB_USER_INFO *,
- SMDB_DBPARAMS *));
-# ifdef NEWDB
-extern int smdb_db_open __P((SMDB_DATABASE **, char *, int, int,
- long, SMDB_DBTYPE, SMDB_USER_INFO *,
- SMDB_DBPARAMS *));
-# endif /* NEWDB */
-# ifdef NDBM
-extern int smdb_ndbm_open __P((SMDB_DATABASE **, char *, int, int,
- long, SMDB_DBTYPE,
- SMDB_USER_INFO *,
- SMDB_DBPARAMS *));
-# endif /* NDBM */
+extern smdb_open_func smdb_open_database;
+# if NEWDB
+extern smdb_open_func smdb_db_open;
+# else
+# define smdb_db_open NULL
+# endif
+# if NDBM
+extern smdb_open_func smdb_ndbm_open;
+# else
+# define smdb_ndbm_open NULL
+# endif
extern int smdb_add_extension __P((char *, int, char *, char *));
extern int smdb_setup_file __P((char *, char *, int, long,
SMDB_USER_INFO *, struct stat *));
extern int smdb_lock_file __P((int *, char *, int, long, char *));
extern int smdb_unlock_file __P((int));
extern int smdb_filechanged __P((char *, char *, int,
struct stat *));
-extern void smdb_print_available_types __P((void));
+extern void smdb_print_available_types __P((bool));
+extern bool smdb_is_db_type __P((const char *));
extern char *smdb_db_definition __P((SMDB_DBTYPE));
extern int smdb_lock_map __P((SMDB_DATABASE *, int));
extern int smdb_unlock_map __P((SMDB_DATABASE *));
+
+# if CDB
+extern smdb_open_func smdb_cdb_open;
+# else
+# define smdb_cdb_open NULL
+# endif
#endif /* ! _SMDB_H_ */
diff --git a/include/sendmail/pathnames.h b/include/sendmail/pathnames.h
index 1e7bab58ccf1..67be3a2d0184 100644
--- a/include/sendmail/pathnames.h
+++ b/include/sendmail/pathnames.h
@@ -1,62 +1,62 @@
/*-
* Copyright (c) 1998-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*
* $Id: pathnames.h,v 8.37 2013-11-22 20:51:30 ca Exp $
*/
#ifndef SM_PATHNAMES_H
# define SM_PATHNAMES_H
# ifndef _PATH_SENDMAILCF
# if defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF)
# define _PATH_SENDMAILCF _PATH_VENDOR_CF
-# else /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */
+# else
# define _PATH_SENDMAILCF "/etc/mail/sendmail.cf"
-# endif /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */
+# endif
# endif /* ! _PATH_SENDMAILCF */
# ifndef _PATH_SENDMAILPID
# ifdef BSD4_4
# define _PATH_SENDMAILPID "/var/run/sendmail.pid"
-# else /* BSD4_4 */
+# else
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
-# endif /* BSD4_4 */
+# endif
# endif /* ! _PATH_SENDMAILPID */
# ifndef _PATH_SENDMAIL
# define _PATH_SENDMAIL "/usr/lib/sendmail"
-# endif /* ! _PATH_SENDMAIL */
+# endif
# ifndef _PATH_MAILDIR
# define _PATH_MAILDIR "/var/spool/mail"
-# endif /* ! _PATH_MAILDIR */
+# endif
# ifndef _PATH_LOCTMP
# define _PATH_LOCTMP "/tmp/local.XXXXXX"
-# endif /* ! _PATH_LOCTMP */
+# endif
# ifndef _PATH_HOSTS
# define _PATH_HOSTS "/etc/hosts"
-# endif /* ! _PATH_HOSTS */
+# endif
# ifndef _DIR_SENDMAILCF
# define _DIR_SENDMAILCF "/etc/mail/"
# endif /* ! _DIR_SENDMAILCF */
# define SM_GET_RIGHT_CF 0 /* get "right" .cf */
# define SM_GET_SENDMAIL_CF 1 /* always use sendmail.cf */
# define SM_GET_SUBMIT_CF 2 /* always use submit.cf */
extern char *getcfname __P((int, int, int, char *));
#endif /* ! SM_PATHNAMES_H */
diff --git a/include/sendmail/sendmail.h b/include/sendmail/sendmail.h
index c79072299b60..6ab789bd3679 100644
--- a/include/sendmail/sendmail.h
+++ b/include/sendmail/sendmail.h
@@ -1,133 +1,133 @@
/*
* Copyright (c) 1998-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*
* $Id: sendmail.h,v 8.69 2013-11-22 20:51:30 ca Exp $
*/
/*
** SENDMAIL.H -- Global definitions for sendmail.
*/
#include <stdio.h>
#include <sm/bitops.h>
#include <sm/io.h>
#include <sm/string.h>
#include "conf.h"
/**********************************************************************
** Table sizes, etc....
** There shouldn't be much need to change these....
**********************************************************************/
#ifndef MAXMAILERS
# define MAXMAILERS 25 /* maximum mailers known to system */
-#endif /* ! MAXMAILERS */
+#endif
/*
** Flags passed to safefile/safedirpath.
*/
#define SFF_ANYFILE 0L /* no special restrictions */
#define SFF_MUSTOWN 0x00000001L /* user must own this file */
#define SFF_NOSLINK 0x00000002L /* file cannot be a symbolic link */
#define SFF_ROOTOK 0x00000004L /* ok for root to own this file */
#define SFF_RUNASREALUID 0x00000008L /* if no ctladdr, run as real uid */
#define SFF_NOPATHCHECK 0x00000010L /* don't bother checking dir path */
#define SFF_SETUIDOK 0x00000020L /* set-user-ID files are ok */
#define SFF_CREAT 0x00000040L /* ok to create file if necessary */
#define SFF_REGONLY 0x00000080L /* regular files only */
#define SFF_SAFEDIRPATH 0x00000100L /* no writable directories allowed */
#define SFF_NOHLINK 0x00000200L /* file cannot have hard links */
#define SFF_NOWLINK 0x00000400L /* links only in non-writable dirs */
#define SFF_NOGWFILES 0x00000800L /* disallow world writable files */
#define SFF_NOWWFILES 0x00001000L /* disallow group writable files */
#define SFF_OPENASROOT 0x00002000L /* open as root instead of real user */
#define SFF_NOLOCK 0x00004000L /* don't lock the file */
#define SFF_NOGRFILES 0x00008000L /* disallow g readable files */
#define SFF_NOWRFILES 0x00010000L /* disallow o readable files */
#define SFF_NOTEXCL 0x00020000L /* creates don't need to be exclusive */
#define SFF_EXECOK 0x00040000L /* executable files are ok (E_SM_ISEXEC) */
#define SFF_NBLOCK 0x00080000L /* use a non-blocking lock */
#define SFF_NORFILES (SFF_NOGRFILES|SFF_NOWRFILES)
/* pseudo-flags */
#define SFF_NOLINK (SFF_NOHLINK|SFF_NOSLINK)
/* functions */
extern int safefile __P((char *, UID_T, GID_T, char *, long, int, struct stat *));
extern int safedirpath __P((char *, UID_T, GID_T, char *, long, int, int));
extern int safeopen __P((char *, int, int, long));
extern SM_FILE_T*safefopen __P((char *, int, int, long));
extern int dfopen __P((char *, int, int, long));
extern bool filechanged __P((char *, int, struct stat *));
/*
** DontBlameSendmail options
**
** Hopefully nobody uses these.
*/
#define DBS_SAFE 0
#define DBS_ASSUMESAFECHOWN 1
#define DBS_GROUPWRITABLEDIRPATHSAFE 2
#define DBS_GROUPWRITABLEFORWARDFILESAFE 3
#define DBS_GROUPWRITABLEINCLUDEFILESAFE 4
#define DBS_GROUPWRITABLEALIASFILE 5
#define DBS_WORLDWRITABLEALIASFILE 6
#define DBS_FORWARDFILEINUNSAFEDIRPATH 7
#define DBS_MAPINUNSAFEDIRPATH 8
#define DBS_LINKEDALIASFILEINWRITABLEDIR 9
#define DBS_LINKEDCLASSFILEINWRITABLEDIR 10
#define DBS_LINKEDFORWARDFILEINWRITABLEDIR 11
#define DBS_LINKEDINCLUDEFILEINWRITABLEDIR 12
#define DBS_LINKEDMAPINWRITABLEDIR 13
#define DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR 14
#define DBS_FILEDELIVERYTOHARDLINK 15
#define DBS_FILEDELIVERYTOSYMLINK 16
#define DBS_WRITEMAPTOHARDLINK 17
#define DBS_WRITEMAPTOSYMLINK 18
#define DBS_WRITESTATSTOHARDLINK 19
#define DBS_WRITESTATSTOSYMLINK 20
#define DBS_FORWARDFILEINGROUPWRITABLEDIRPATH 21
#define DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH 22
#define DBS_CLASSFILEINUNSAFEDIRPATH 23
#define DBS_ERRORHEADERINUNSAFEDIRPATH 24
#define DBS_HELPFILEINUNSAFEDIRPATH 25
#define DBS_FORWARDFILEINUNSAFEDIRPATHSAFE 26
#define DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE 27
#define DBS_RUNPROGRAMINUNSAFEDIRPATH 28
#define DBS_RUNWRITABLEPROGRAM 29
#define DBS_INCLUDEFILEINUNSAFEDIRPATH 30
#define DBS_NONROOTSAFEADDR 31
#define DBS_TRUSTSTICKYBIT 32
#define DBS_DONTWARNFORWARDFILEINUNSAFEDIRPATH 33
#define DBS_INSUFFICIENTENTROPY 34
#define DBS_GROUPREADABLESASLDBFILE 35
#define DBS_GROUPWRITABLESASLDBFILE 36
#define DBS_GROUPWRITABLEFORWARDFILE 37
#define DBS_GROUPWRITABLEINCLUDEFILE 38
#define DBS_WORLDWRITABLEFORWARDFILE 39
#define DBS_WORLDWRITABLEINCLUDEFILE 40
#define DBS_GROUPREADABLEKEYFILE 41
#define DBS_GROUPREADABLEAUTHINFOFILE 42
/* struct defining such things */
struct dbsval
{
char *dbs_name; /* name of DontBlameSendmail flag */
unsigned char dbs_flag; /* numeric level */
};
/* Flags for submitmode */
#define SUBMIT_UNKNOWN 0x0000 /* unknown agent type */
#define SUBMIT_MTA 0x0001 /* act like a message transfer agent */
#define SUBMIT_MSA 0x0002 /* act like a message submission agent */
diff --git a/include/sm/assert.h b/include/sm/assert.h
index 9d0ae54e6274..57d8c5f52f32 100644
--- a/include/sm/assert.h
+++ b/include/sm/assert.h
@@ -1,113 +1,113 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: assert.h,v 1.11 2013-11-22 20:51:31 ca Exp $
*/
/*
** libsm abnormal program termination and assertion checking
** See libsm/assert.html for documentation.
*/
#ifndef SM_ASSERT_H
# define SM_ASSERT_H
# include <sm/gen.h>
# include <sm/debug.h>
/*
** abnormal program termination
*/
typedef void (*SM_ABORT_HANDLER_T) __P((const char *, int, const char *));
extern SM_DEAD(void
sm_abort_at __P((
const char *,
int,
const char *)));
extern void
sm_abort_sethandler __P((
SM_ABORT_HANDLER_T));
extern SM_DEAD(void PRINTFLIKE(1, 2)
sm_abort __P((
char *,
...)));
/*
** assertion checking
*/
# ifndef SM_CHECK_ALL
# define SM_CHECK_ALL 1
-# endif /* ! SM_CHECK_ALL */
+# endif
# ifndef SM_CHECK_REQUIRE
# define SM_CHECK_REQUIRE SM_CHECK_ALL
-# endif /* ! SM_CHECK_REQUIRE */
+# endif
# ifndef SM_CHECK_ENSURE
# define SM_CHECK_ENSURE SM_CHECK_ALL
-# endif /* ! SM_CHECK_ENSURE */
+# endif
# ifndef SM_CHECK_ASSERT
# define SM_CHECK_ASSERT SM_CHECK_ALL
-# endif /* ! SM_CHECK_ASSERT */
+# endif
# if SM_CHECK_REQUIRE
# if defined(__STDC__) || defined(__cplusplus)
# define SM_REQUIRE(cond) \
((void) ((cond) || (sm_abort_at(__FILE__, __LINE__, \
"SM_REQUIRE(" #cond ") failed"), 0)))
# else /* defined(__STDC__) || defined(__cplusplus) */
# define SM_REQUIRE(cond) \
((void) ((cond) || (sm_abort_at(__FILE__, __LINE__, \
"SM_REQUIRE(cond) failed"), 0)))
# endif /* defined(__STDC__) || defined(__cplusplus) */
# else /* SM_CHECK_REQUIRE */
# define SM_REQUIRE(cond) ((void) 0)
# endif /* SM_CHECK_REQUIRE */
# define SM_REQUIRE_ISA(obj, magic) \
SM_REQUIRE((obj) != NULL && (obj)->sm_magic == (magic))
# if SM_CHECK_ENSURE
# if defined(__STDC__) || defined(__cplusplus)
# define SM_ENSURE(cond) \
((void) ((cond) || (sm_abort_at(__FILE__, __LINE__, \
"SM_ENSURE(" #cond ") failed"), 0)))
# else /* defined(__STDC__) || defined(__cplusplus) */
# define SM_ENSURE(cond) \
((void) ((cond) || (sm_abort_at(__FILE__, __LINE__, \
"SM_ENSURE(cond) failed"), 0)))
# endif /* defined(__STDC__) || defined(__cplusplus) */
# else /* SM_CHECK_ENSURE */
# define SM_ENSURE(cond) ((void) 0)
# endif /* SM_CHECK_ENSURE */
# if SM_CHECK_ASSERT
# if defined(__STDC__) || defined(__cplusplus)
# define SM_ASSERT(cond) \
((void) ((cond) || (sm_abort_at(__FILE__, __LINE__, \
"SM_ASSERT(" #cond ") failed"), 0)))
# else /* defined(__STDC__) || defined(__cplusplus) */
# define SM_ASSERT(cond) \
((void) ((cond) || (sm_abort_at(__FILE__, __LINE__, \
"SM_ASSERT(cond) failed"), 0)))
# endif /* defined(__STDC__) || defined(__cplusplus) */
# else /* SM_CHECK_ASSERT */
# define SM_ASSERT(cond) ((void) 0)
# endif /* SM_CHECK_ASSERT */
extern SM_DEBUG_T SmExpensiveRequire;
extern SM_DEBUG_T SmExpensiveEnsure;
extern SM_DEBUG_T SmExpensiveAssert;
#endif /* ! SM_ASSERT_H */
diff --git a/include/sm/bdb.h b/include/sm/bdb.h
index 893d815229fe..832de252ca65 100644
--- a/include/sm/bdb.h
+++ b/include/sm/bdb.h
@@ -1,47 +1,47 @@
/*
* Copyright (c) 2002, 2003, 2014 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*
* $Id: bdb.h,v 1.5 2013-11-22 20:51:31 ca Exp $
*/
#ifndef SM_BDB_H
#define SM_BDB_H
#if NEWDB
# include <db.h>
# ifndef DB_VERSION_MAJOR
# define DB_VERSION_MAJOR 1
-# endif /* ! DB_VERSION_MAJOR */
+# endif
# if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5
# define DBTXN NULL ,
/*
** Always turn on DB_FCNTL_LOCKING for DB 4.1.x since its
** "workaround" for accepting an empty (locked) file depends on
** this flag. Notice: this requires 4.1.24 + patch (which should be
** part of 4.1.25).
*/
# define SM_DB_FLAG_ADD(flag) (flag) |= DB_FCNTL_LOCKING
# else /* (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 */
# define DBTXN
# if !HASFLOCK && defined(DB_FCNTL_LOCKING)
# define SM_DB_FLAG_ADD(flag) (flag) |= DB_FCNTL_LOCKING
# else /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */
# define SM_DB_FLAG_ADD(flag) ((void) 0)
# endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */
# endif /* (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 */
#endif /* NEWDB */
#endif /* ! SM_BDB_H */
diff --git a/include/sm/cdefs.h b/include/sm/cdefs.h
index 0802d5941c97..52f7f7586f0b 100644
--- a/include/sm/cdefs.h
+++ b/include/sm/cdefs.h
@@ -1,147 +1,147 @@
/*
* Copyright (c) 2000-2002 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
- * $Id: cdefs.h,v 1.17 2013-11-22 20:51:31 ca Exp $
+ * $Id: cdefs.h,v 1.17 2013/11/22 20:51:31 ca Exp $
*/
/*
** libsm C language portability macros
** See libsm/cdefs.html for documentation.
*/
#ifndef SM_CDEFS_H
# define SM_CDEFS_H
# include <sm/config.h>
/*
** BSD and Linux have <sys/cdefs.h> which defines a set of C language
** portability macros that are a defacto standard in the open source
** community.
*/
# if SM_CONF_SYS_CDEFS_H
# include <sys/cdefs.h>
-# endif /* SM_CONF_SYS_CDEFS_H */
+# endif
/*
** Define the standard C language portability macros
** for platforms that lack <sys/cdefs.h>.
*/
# if !SM_CONF_SYS_CDEFS_H
# if defined(__cplusplus)
# define __BEGIN_DECLS extern "C" {
# define __END_DECLS };
# else /* defined(__cplusplus) */
# define __BEGIN_DECLS
# define __END_DECLS
# endif /* defined(__cplusplus) */
# if defined(__STDC__) || defined(__cplusplus)
# ifndef __P
# define __P(protos) protos
# endif /* __P */
# define __CONCAT(x,y) x ## y
# define __STRING(x) #x
# else /* defined(__STDC__) || defined(__cplusplus) */
# define __P(protos) ()
# define __CONCAT(x,y) x/**/y
# define __STRING(x) "x"
# define const
# define signed
# define volatile
# endif /* defined(__STDC__) || defined(__cplusplus) */
# endif /* !SM_CONF_SYS_CDEFS_H */
/*
** Define SM_DEAD, a macro used to declare functions that do not return
** to their caller.
*/
# ifndef SM_DEAD
# if __GNUC__ >= 2
# if __GNUC__ == 2 && __GNUC_MINOR__ < 5
# define SM_DEAD(proto) volatile proto
# define SM_DEAD_D volatile
# else /* __GNUC__ == 2 && __GNUC_MINOR__ < 5 */
# define SM_DEAD(proto) proto __attribute__((__noreturn__))
# define SM_DEAD_D
# endif /* __GNUC__ == 2 && __GNUC_MINOR__ < 5 */
# else /* __GNUC__ >= 2 */
# define SM_DEAD(proto) proto
# define SM_DEAD_D
# endif /* __GNUC__ >= 2 */
# endif /* SM_DEAD */
/*
** Define SM_UNUSED, a macro used to declare variables that may be unused.
*/
# ifndef SM_UNUSED
# if __GNUC__ >= 2
# if __GNUC__ == 2 && __GNUC_MINOR__ < 7
# define SM_UNUSED(decl) decl
-# else /* __GNUC__ == 2 && __GNUC_MINOR__ < 7 */
+# else
# define SM_UNUSED(decl) decl __attribute__((__unused__))
-# endif /* __GNUC__ == 2 && __GNUC_MINOR__ < 7 */
+# endif
# else /* __GNUC__ >= 2 */
# define SM_UNUSED(decl) decl
# endif /* __GNUC__ >= 2 */
# endif /* SM_UNUSED */
/*
** The SM_NONVOLATILE macro is used to declare variables that are not
** volatile, but which must be declared volatile when compiling with
** gcc -O -Wall in order to suppress bogus warning messages.
**
** Variables that actually are volatile should be declared volatile
** using the "volatile" keyword. If a variable actually is volatile,
** then SM_NONVOLATILE should not be used.
**
** To compile sendmail with gcc and see all non-bogus warnings,
** you should use
** gcc -O -Wall -DSM_OMIT_BOGUS_WARNINGS ...
** Do not use -DSM_OMIT_BOGUS_WARNINGS when compiling the production
** version of sendmail, because there is a performance hit.
*/
# ifdef SM_OMIT_BOGUS_WARNINGS
# define SM_NONVOLATILE volatile
-# else /* SM_OMIT_BOGUS_WARNINGS */
+# else
# define SM_NONVOLATILE
-# endif /* SM_OMIT_BOGUS_WARNINGS */
+# endif
/*
** Turn on format string argument checking.
*/
# ifndef SM_CONF_FORMAT_TEST
# if (__GNUC__ == 2 && __GNUC_MINOR__ >= 7) || __GNUC__ > 2
# define SM_CONF_FORMAT_TEST 1
# else
# define SM_CONF_FORMAT_TEST 0
# endif
# endif /* SM_CONF_FORMAT_TEST */
# ifndef PRINTFLIKE
# if SM_CONF_FORMAT_TEST
# define PRINTFLIKE(x,y) __attribute__ ((__format__ (__printf__, x, y)))
-# else /* SM_CONF_FORMAT_TEST */
+# else
# define PRINTFLIKE(x,y)
-# endif /* SM_CONF_FORMAT_TEST */
+# endif
# endif /* ! PRINTFLIKE */
# ifndef SCANFLIKE
# if SM_CONF_FORMAT_TEST
# define SCANFLIKE(x,y) __attribute__ ((__format__ (__scanf__, x, y)))
-# else /* SM_CONF_FORMAT_TEST */
+# else
# define SCANFLIKE(x,y)
-# endif /* SM_CONF_FORMAT_TEST */
+# endif
# endif /* ! SCANFLIKE */
#endif /* ! SM_CDEFS_H */
diff --git a/include/sm/clock.h b/include/sm/clock.h
index 2c7a8e45e45c..264f9b277c41 100644
--- a/include/sm/clock.h
+++ b/include/sm/clock.h
@@ -1,80 +1,80 @@
/*
* Copyright (c) 1998-2001, 2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: clock.h,v 1.14 2013-11-22 20:51:31 ca Exp $
*/
/*
** CLOCK.H -- for co-ordinating timed events
*/
#ifndef _SM_CLOCK_H
# define _SM_CLOCK_H 1
# include <sm/signal.h>
# if SM_CONF_SETITIMER
# include <sys/time.h>
-# endif /* SM_CONF_SETITIMER */
+# endif
/*
** STRUCT SM_EVENT -- event queue.
**
** Maintained in sorted order.
**
** We store the pid of the process that set this event to insure
** that when we fork we will not take events intended for the parent.
*/
struct sm_event
{
# if SM_CONF_SETITIMER
struct timeval ev_time; /* time of the call (microseconds) */
-# else /* SM_CONF_SETITIMER */
+# else
time_t ev_time; /* time of the call (seconds) */
-# endif /* SM_CONF_SETITIMER */
+# endif
void (*ev_func)__P((int));
/* function to call */
int ev_arg; /* argument to ev_func */
pid_t ev_pid; /* pid that set this event */
struct sm_event *ev_link; /* link to next item */
};
typedef struct sm_event SM_EVENT;
/* functions */
extern void sm_clrevent __P((SM_EVENT *));
extern void sm_clear_events __P((void));
extern SM_EVENT *sm_seteventm __P((int, void(*)__P((int)), int));
extern SM_EVENT *sm_sigsafe_seteventm __P((int, void(*)__P((int)), int));
extern SIGFUNC_DECL sm_tick __P((int));
/*
** SM_SETEVENT -- set an event to happen at a specific time in seconds.
**
** Translates the seconds into milliseconds and calls sm_seteventm()
** to get a specific event to happen in the future at a specific time.
**
** Parameters:
** t -- intvl until next event occurs (seconds).
** f -- function to call on event.
** a -- argument to func on event.
**
** Returns:
** result of sm_seteventm().
**
** Side Effects:
** Any that sm_seteventm() have.
*/
#define sm_setevent(t, f, a) sm_seteventm((int)((t) * 1000), (f), (a))
#define sm_sigsafe_setevent(t, f, a) sm_sigsafe_seteventm((int)((t) * 1000), (f), (a))
#endif /* _SM_CLOCK_H */
diff --git a/include/sm/conf.h b/include/sm/conf.h
index 459eda4cc7d9..7bb031bb0bc0 100644
--- a/include/sm/conf.h
+++ b/include/sm/conf.h
@@ -1,3071 +1,3099 @@
/*
* Copyright (c) 1998-2011 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*
* $Id: conf.h,v 1.147 2013-11-22 20:51:31 ca Exp $
*/
/*
** CONF.H -- All user-configurable parameters for sendmail
**
** Send updates to Sendmail.ORG so they will be
** included in the next release; see
** http://www.sendmail.org/email-addresses.html
** for current e-mail address.
*/
#ifndef SM_CONF_H
# define SM_CONF_H 1
# include <sm/config.h>
# include <sm/varargs.h>
/*
** General "standard C" defines.
**
** These may be undone later, to cope with systems that claim to
** be Standard C but aren't. Gcc is the biggest offender -- it
** doesn't realize that the library is part of the language.
**
** Life would be much easier if we could get rid of this sort
** of bozo problems.
*/
# ifdef __STDC__
# define HASSETVBUF 1 /* we have setvbuf(3) in libc */
-# endif /* __STDC__ */
+# endif
/*
** Assume you have standard calls; can be #undefed below if necessary.
*/
# ifndef HASLSTAT
# define HASLSTAT 1 /* has lstat(2) call */
-# endif /* ! HASLSTAT */
+# endif
# ifndef HASNICE
# define HASNICE 1 /* has nice(2) call */
-# endif /* ! HASNICE */
+# endif
# ifndef HASRRESVPORT
# define HASRRESVPORT 1 /* has rrsevport(3) call */
-# endif /* ! HASRRESVPORT */
+# endif
/**********************************************************************
** "Hard" compilation options.
** #define these if they are available; comment them out otherwise.
** These cannot be overridden from the Makefile, and should really not
** be turned off unless absolutely necessary.
**********************************************************************/
#define LOG 1 /* enable logging -- don't turn off */
/**********************************************************************
** Operating system configuration.
**
** Unless you are porting to a new OS, you shouldn't have to
** change these.
**********************************************************************/
/*
** HP-UX -- tested for 8.07, 9.00, and 9.01.
**
** If V4FS is defined, compile for HP-UX 10.0.
** 11.x support from Richard Allen <ra@hp.is>.
*/
# ifdef __hpux
/* common definitions for HP-UX 9.x and 10.x */
# undef m_flags /* conflict between Berkeley DB 1.85 db.h & sys/sysmacros.h on HP 300 */
# define SYSTEM5 1 /* include all the System V defines */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define USESETEUID 1 /* has usable seteuid(2) call */
# define HASSETRESGID 1 /* use setresgid(2) to set saved gid */
# define BOGUS_O_EXCL 1 /* exclusive open follows symlinks */
# define seteuid(e) setresuid(-1, e, -1)
# define IP_SRCROUTE 1 /* can check IP source routing */
# define LA_TYPE LA_HPUX
# define SPT_TYPE SPT_PSTAT
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# define GIDSET_T gid_t
# define LDA_USE_LOCKF 1
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps */
-# endif /* ! HASGETUSERSHELL */
+# endif
# ifdef HPUX10
# define _PATH_SENDMAIL "/usr/sbin/sendmail"
# ifndef SMRSH_CMDDIR
# define SMRSH_CMDDIR "/var/adm/sm.bin"
-# endif /* ! SMRSH_CMDDIR */
-# endif /* HPUX10 */
+# endif
+# endif
# ifdef HPUX11
# define HASSETREUID 1 /* setreuid(2) works on HP-UX 11.x */
# define HASFCHOWN 1 /* has fchown(2) */
# ifndef BROKEN_RES_SEARCH
# define BROKEN_RES_SEARCH 1 /* res_search(unknown) returns h_errno=0 */
-# endif /* ! BROKEN_RES_SEARCH */
+# endif
# ifndef SMRSH_CMDDIR
# define SMRSH_CMDDIR "/var/adm/sm.bin"
-# endif /* ! SMRSH_CMDDIR */
+# endif
# define _PATH_SENDMAIL "/usr/sbin/sendmail"
# else /* HPUX11 */
# ifndef NOT_SENDMAIL
# define syslog hard_syslog
-# endif /* ! NOT_SENDMAIL */
+# endif
# endif /* HPUX11 */
# define SAFENFSPATHCONF 1 /* pathconf(2) pessimizes on NFS filesystems */
# ifdef V4FS
/* HP-UX 10.x */
# define _PATH_UNIX "/stand/vmunix"
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# ifndef IDENTPROTO
# define IDENTPROTO 1 /* TCP/IP implementation fixed in 10.0 */
-# endif /* ! IDENTPROTO */
+# endif
# include <sys/mpctl.h> /* for mpctl() in get_num_procs_online() */
# else /* V4FS */
/* HP-UX 9.x */
# define _PATH_UNIX "/hp-ux"
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# ifdef __STDC__
extern void hard_syslog(int, char *, ...);
-# else /* __STDC__ */
+# else
extern void hard_syslog();
-# endif /* __STDC__ */
+# endif
# define FDSET_CAST (int *) /* cast for fd_set parameters to select */
# endif /* V4FS */
# endif /* __hpux */
/*
** IBM AIX 5.x
*/
# ifdef _AIX5
# include <sys/signal.h>
# include <sys/wait.h>
# define _AIX4 40300
# define SOCKADDR_LEN_T socklen_t /* e.g., arg#3 to accept, getsockname */
# define SOCKOPT_LEN_T socklen_t /* arg#5 to getsockopt */
# if _AIX5 >= 50200
# define HASUNSETENV 1 /* has unsetenv(3) call */
-# endif /* _AIX5 >= 50200 */
+# endif
# endif /* _AIX5 */
/*
** IBM AIX 4.x
*/
# ifdef _AIX4
# define _AIX3 1 /* pull in AIX3 stuff */
# define BSD4_4_SOCKADDR /* has sa_len */
# define USESETEUID 1 /* seteuid(2) works */
# define TZ_TYPE TZ_NAME /* use tzname[] vector */
# ifndef SOCKOPT_LEN_T
# define SOCKOPT_LEN_T size_t /* arg#5 to getsockopt */
-# endif /* SOCKOPT_LEN_T */
+# endif
# if _AIX4 >= 40200
# define HASSETREUID 1 /* setreuid(2) works as of AIX 4.2 */
# ifndef SOCKADDR_LEN_T
# define SOCKADDR_LEN_T size_t /* e.g., arg#3 to accept, getsockname */
-# endif /* SOCKADDR_LEN_T */
+# endif
# endif /* _AIX4 >= 40200 */
# if defined(_ILS_MACROS) /* IBM versions aren't side-effect clean */
# undef isascii
# define isascii(c) !(c & ~0177)
# undef isdigit
# define isdigit(__a) (_IS(__a,_ISDIGIT))
# undef isspace
# define isspace(__a) (_IS(__a,_ISSPACE))
# endif /* defined(_ILS_MACROS) */
# endif /* _AIX4 */
/*
** IBM AIX 3.x -- actually tested for 3.2.3
*/
# ifdef _AIX3
# include <paths.h>
# include <sys/machine.h> /* to get byte order */
# include <sys/select.h>
# define HASFCHOWN 1 /* has fchown(2) */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define IP_SRCROUTE 0 /* Something is broken with getsockopt() */
# define GIDSET_T gid_t
# define SFS_TYPE SFS_STATFS /* use <sys/statfs.h> statfs() impl */
# define SPT_PADCHAR '\0' /* pad process title with nulls */
# ifndef LA_TYPE
# define LA_TYPE LA_INT
-# endif /* LA_TYPE */
+# endif
# define FSHIFT 16
# define LA_AVENRUN "avenrun"
# if !defined(_AIX4) || _AIX4 < 40300
# ifndef __BIT_TYPES_DEFINED__
# define SM_INT32 int
-# endif /* __BIT_TYPES_DEFINED__ */
+# endif
# endif /* !defined(_AIX4) || _AIX4 < 40300 */
# if !defined(_AIX4) || _AIX4 < 40200
# define SM_CONF_SYSLOG 0
-# endif /* !defined(_AIX4) || _AIX4 < 40200 */
+# endif
# endif /* _AIX3 */
/*
** IBM AIX 2.2.1 -- actually tested for osupdate level 2706+1773
**
** From Mark Whetzel <markw@wg.waii.com>.
*/
# ifdef AIX /* AIX/RT compiler pre-defines this */
# include <paths.h>
# include <sys/time.h> /* AIX/RT resource.h does NOT include this */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define HASFCHMOD 0 /* does not have fchmod(2) syscall */
# define HASSETREUID 1 /* use setreuid(2) -lbsd system call */
# define HASSETVBUF 1 /* use setvbuf(2) system call */
# define HASSETRLIMIT 0 /* does not have setrlimit call */
# define HASFLOCK 0 /* does not have flock call - use fcntl */
# define HASULIMIT 1 /* use ulimit instead of setrlimit call */
# define SM_CONF_GETOPT 0 /* Do we need theirs or ours */
# define SYS5SETPGRP 1 /* don't have setpgid on AIX/RT */
# define IP_SRCROUTE 0 /* Something is broken with getsockopt() */
# define BSD4_3 1 /* NOT bsd 4.4 or posix signals */
# define GIDSET_T int
# define SFS_TYPE SFS_STATFS /* use <sys/statfs.h> statfs() impl */
# define SPT_PADCHAR '\0' /* pad process title with nulls */
# define LA_TYPE LA_SUBR /* use our ported loadavgd daemon */
# define TZ_TYPE TZ_TZNAME /* use tzname[] vector */
# define ARBPTR_T int *
# define void int
typedef int pid_t;
/* RTisms for BSD compatibility, specified in the Makefile
define BSD 1
define BSD_INCLUDES 1
define BSD_REMAP_SIGNAL_TO_SIGVEC
RTisms needed above */
/* make this sendmail in a completely different place */
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/local/newmail/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/usr/local/newmail/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# endif /* AIX */
# if defined(_AIX)
# define LDA_USE_LOCKF 1
# define LDA_USE_SETEUID 1
-# endif /* defined(_AIX) */
+# endif
/*
** Silicon Graphics IRIX
**
** Compiles on 4.0.1.
**
** Use IRIX64 instead of IRIX for 64-bit IRIX (6.0).
** Use IRIX5 instead of IRIX for IRIX 5.x.
**
** IRIX64 changes from Mark R. Levinson <ml@cvdev.rochester.edu>.
** IRIX5 changes from Kari E. Hurtta <Kari.Hurtta@fmi.fi>.
*/
# ifdef IRIX
# define SYSTEM5 1 /* this is a System-V derived system */
# define HASSETREUID 1 /* has setreuid(2) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define IP_SRCROUTE 1 /* can check IP source routing */
# define setpgid BSDsetpgrp
# define GIDSET_T gid_t
# define SFS_TYPE SFS_4ARGS /* four argument statfs() call */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define SYSLOG_BUFSIZE 512
# if defined(_SC_NPROC_ONLN) && !defined(_SC_NPROCESSORS_ONLN)
/* _SC_NPROC_ONLN is 'mpadmin -u', total # of unrestricted processors */
# define _SC_NPROCESSORS_ONLN _SC_NPROC_ONLN
-# endif /* if defined(_SC_NPROC_ONLN) && !defined(_SC_NPROCESSORS_ONLN) */
+# endif
# ifdef IRIX6
# define STAT64 1
# define QUAD_T unsigned long long
# define LA_TYPE LA_IRIX6 /* figure out at run time */
# define SAFENFSPATHCONF 0 /* pathconf(2) lies on NFS filesystems */
# else /* IRIX6 */
# define LA_TYPE LA_INT
# ifdef IRIX64
# define STAT64 1
# define QUAD_T unsigned long long
# define NAMELISTMASK 0x7fffffffffffffff /* mask for nlist() values */
# else /* IRIX64 */
# define STAT64 0
# define NAMELISTMASK 0x7fffffff /* mask for nlist() values */
# endif /* IRIX64 */
# endif /* IRIX6 */
# if defined(IRIX64) || defined(IRIX5) || defined(IRIX6)
# include <sys/cdefs.h>
# include <paths.h>
# define ARGV_T char *const *
# define HASFCHOWN 1 /* has fchown(2) */
# define HASSETRLIMIT 1 /* has setrlimit(2) syscall */
# define HASGETDTABLESIZE 1 /* has getdtablesize(2) syscall */
# define HASSTRERROR 1 /* has strerror(3) */
# else /* defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */
# define ARGV_T const char **
# define WAITUNION 1 /* use "union wait" as wait argument type */
# endif /* defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */
# endif /* IRIX */
/*
** SunOS and Solaris
**
** Tested on SunOS 4.1.x (a.k.a. Solaris 1.1.x) and
** Solaris 2.4 (a.k.a. SunOS 5.4).
*/
# if defined(sun) && !defined(BSD)
# include <sys/time.h>
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define IP_SRCROUTE 1 /* can check IP source routing */
# define SAFENFSPATHCONF 1 /* pathconf(2) pessimizes on NFS filesystems */
# ifndef HASFCHOWN
# define HASFCHOWN 1 /* fchown(2) */
-# endif /* ! HASFCHOWN */
+# endif
# ifdef __svr4__
# define LDA_USE_LOCKF 1
# define LDA_USE_SETEUID 1
# define _PATH_MAILDIR "/var/mail"
# endif /* __svr4__ */
# ifdef SOLARIS_2_3
# define SOLARIS 20300 /* for back compat only -- use -DSOLARIS=20300 */
# endif /* SOLARIS_2_3 */
# if defined(NOT_SENDMAIL) && !defined(SOLARIS) && defined(sun) && (defined(__svr4__) || defined(__SVR4))
# define SOLARIS 1 /* unknown Solaris version */
-# endif /* defined(NOT_SENDMAIL) && !defined(SOLARIS) && defined(sun) && (defined(__svr4__) || defined(__SVR4)) */
+# endif
# ifdef SOLARIS
/* Solaris 2.x (a.k.a. SunOS 5.x) */
# ifndef __svr4__
# define __svr4__ /* use all System V Release 4 defines below */
-# endif /* ! __svr4__ */
+# endif
# if SOLARIS >= 21100
# include <paths.h>
-# endif /* SOLARIS >= 21100 */
+# endif
# ifndef _PATH_VARRUN
# define _PATH_VARRUN "/var/run/"
-# endif /* _PATH_VARRUN */
+# endif
# define GIDSET_T gid_t
# define USE_SA_SIGACTION 1 /* use sa_sigaction field */
# define BROKEN_PTHREAD_SLEEP 1 /* sleep after pthread_create() fails */
# define HASSTRERROR 1 /* has strerror(3) */
# ifndef _PATH_UNIX
# define _PATH_UNIX "/dev/ksyms"
-# endif /* ! _PATH_UNIX */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# ifndef _PATH_HOSTS
# define _PATH_HOSTS "/etc/inet/hosts"
-# endif /* ! _PATH_HOSTS */
+# endif
# ifndef SYSLOG_BUFSIZE
# define SYSLOG_BUFSIZE 1024 /* allow full size syslog buffer */
-# endif /* ! SYSLOG_BUFSIZE */
+# endif
# ifndef TZ_TYPE
# define TZ_TYPE TZ_TZNAME
-# endif /* ! TZ_TYPE */
+# endif
# if SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203)
# define USESETEUID 1 /* seteuid works as of 2.3 */
# define LDA_CONTENTLENGTH 1 /* Needs the Content-Length header */
-# endif /* SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203) */
+# endif
# if SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205)
# define HASSETREUID 1 /* setreuid works as of 2.5 */
# define HASSETREGID 1 /* use setregid(2) to set saved gid */
# if SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206)
# define HASSNPRINTF 1 /* has snprintf(3c) starting in 2.6 */
-# endif /* SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) */
+# endif
# if SOLARIS < 207 || (SOLARIS > 10000 && SOLARIS < 20700)
# ifndef LA_TYPE
# define LA_TYPE LA_KSTAT /* use kstat(3k) -- may work in < 2.5 */
-# endif /* ! LA_TYPE */
-# ifndef RANDOMSHIFT /* random() doesn't work well (sometimes) */
+# endif
+# ifndef RANDOMSHIFT /* random() doesn't work well (sometimes) */
# define RANDOMSHIFT 8
-# endif /* ! RANDOMSHIFT */
+# endif
# endif /* SOLARIS < 207 || (SOLARIS > 10000 && SOLARIS < 20700) */
# else /* SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205) */
# ifndef HASRANDOM
# define HASRANDOM 0 /* doesn't have random(3) */
-# endif /* ! HASRANDOM */
+# endif
# endif /* SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205) */
# if (SOLARIS > 10000 && SOLARIS < 20600) || SOLARIS < 206
# define SM_INT32 int /* 32bit integer */
-# endif /* (SOLARIS > 10000 && SOLARIS < 20600) || SOLARIS < 206 */
+# endif
# if SOLARIS >= 20700 || (SOLARIS < 10000 && SOLARIS >= 207)
# ifndef LA_TYPE
# include <sys/loadavg.h>
# if SOLARIS >= 20900 || (SOLARIS < 10000 && SOLARIS >= 209)
# include <sys/pset.h>
# define LA_TYPE LA_PSET /* pset_getloadavg(3c) appears in 2.9 */
# else /* SOLARIS >= 20900 || (SOLARIS < 10000 && SOLARIS >= 209) */
# define LA_TYPE LA_SUBR /* getloadavg(3c) appears in 2.7 */
# endif /* SOLARIS >= 20900 || (SOLARIS < 10000 && SOLARIS >= 209) */
# endif /* ! LA_TYPE */
# define HASGETUSERSHELL 1 /* getusershell(3c) bug fixed in 2.7 */
# endif /* SOLARIS >= 20700 || (SOLARIS < 10000 && SOLARIS >= 207) */
# if SOLARIS >= 20800 || (SOLARIS < 10000 && SOLARIS >= 208)
# undef _PATH_SENDMAILPID /* tmpfs /var/run added in 2.8 */
# define _PATH_SENDMAILPID _PATH_VARRUN "sendmail.pid"
# ifndef SMRSH_CMDDIR
# define SMRSH_CMDDIR "/var/adm/sm.bin"
-# endif /* ! SMRSH_CMDDIR */
+# endif
# define SL_FUDGE 34 /* fudge offset for SyslogPrefixLen */
# define HASLDAPGETALIASBYNAME 1 /* added in S8 */
# endif /* SOLARIS >= 20800 || (SOLARIS < 10000 && SOLARIS >= 208) */
# if SOLARIS >= 20900 || (SOLARIS < 10000 && SOLARIS >= 209)
# define HASURANDOMDEV 1 /* /dev/[u]random added in S9 */
# define HASCLOSEFROM 1 /* closefrom(3c) added in S9 */
# define HASFDWALK 1 /* fdwalk(3c) added in S9 */
# endif /* SOLARIS >= 20900 || (SOLARIS < 10000 && SOLARIS >= 209) */
# if SOLARIS >= 21000 || (SOLARIS < 10000 && SOLARIS >= 210)
# define HASUNSETENV 1 /* unsetenv() added in S10 */
-# endif /* SOLARIS >= 21000 || (SOLARIS < 10000 && SOLARIS >= 210) */
+# endif
# if SOLARIS >= 21100 || (SOLARIS < 10000 && SOLARIS >= 211)
# define GETLDAPALIASBYNAME_VERSION 2 /* changed in S11 */
# define HAVE_NANOSLEEP 1 /* moved from librt to libc in S11 */
# define SOCKADDR_LEN_T socklen_t /* arg#3 to accept, getsockname */
# define SOCKOPT_LEN_T socklen_t /* arg#5 to getsockopt */
# endif /* SOLARIS >= 21100 || (SOLARIS < 10000 && SOLARIS >= 211) */
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps pre-2.7 */
-# endif /* ! HASGETUSERSHELL */
+# endif
# if SOLARIS < 21200
# define SIGWAIT_TAKES_1_ARG 1 /* S12 moves to UNIX V7 semantic */
-# endif /* SOLARIS < 21200 */
+# endif
# else /* SOLARIS */
/* SunOS 4.0.3 or 4.1.x */
# define HASGETUSERSHELL 1 /* DOES have getusershell(3) call in libc */
# define HASSETREUID 1 /* has setreuid(2) call */
# ifndef HASFLOCK
# define HASFLOCK 1 /* has flock(2) call */
-# endif /* ! HASFLOCK */
+# endif
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# define TZ_TYPE TZ_TM_ZONE /* use tm->tm_zone */
# include <memory.h>
# include <vfork.h>
# ifdef __GNUC__
# define strtoul strtol /* gcc library bogosity */
-# endif /* __GNUC__ */
+# endif
# define memmove(d, s, l) (bcopy((s), (d), (l)))
# define atexit(f) on_exit((f), 0) /* ugly hack for SunOS */
# define SM_INT32 int /* 32bit integer */
# define SM_ALIGN_SIZE (sizeof(long))
# define GIDSET_T int
# define SM_CONF_SYSLOG 0
# ifdef SUNOS403
/* special tweaking for SunOS 4.0.3 */
# include <malloc.h>
# define BSD4_3 1 /* 4.3 BSD-based */
# define NEEDSTRSTR 1 /* need emulation of strstr(3) routine */
# define WAITUNION 1 /* use "union wait" as wait argument type */
# undef WIFEXITED
# undef WEXITSTATUS
# undef HASUNAME
# define setpgid setpgrp
# define MODE_T int
typedef int pid_t;
extern char *getenv();
# else /* SUNOS403 */
/* 4.1.x specifics */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASSETVBUF 1 /* we have setvbuf(3) in libc */
# endif /* SUNOS403 */
# endif /* SOLARIS */
# ifndef LA_TYPE
# define LA_TYPE LA_INT
-# endif /* ! LA_TYPE */
+# endif
# endif /* defined(sun) && !defined(BSD) */
/*
** DG/UX
**
** Tested on 5.4.2 and 5.4.3. Use DGUX_5_4_2 to get the
** older support.
** 5.4.3 changes from Mark T. Robinson <mtr@ornl.gov>.
*/
# ifdef DGUX_5_4_2
# define DGUX 1
-# endif /* DGUX_5_4_2 */
+# endif
# ifdef DGUX
# define SYSTEM5 1
# define LA_TYPE LA_DGUX
# define HASSETREUID 1 /* has setreuid(2) call */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define IP_SRCROUTE 0 /* does not have <netinet/ip_var.h> */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) */
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# define SPT_TYPE SPT_NONE /* don't use setproctitle */
# define SFS_TYPE SFS_4ARGS /* four argument statfs() call */
# define LDA_USE_LOCKF 1
/* these include files must be included early on DG/UX */
# include <netinet/in.h>
# include <arpa/inet.h>
/* compiler doesn't understand const? */
# define const
# ifdef DGUX_5_4_2
# define inet_addr dgux_inet_addr
extern long dgux_inet_addr();
# endif /* DGUX_5_4_2 */
# endif /* DGUX */
/*
** Digital Ultrix 4.2 - 4.5
**
** Apparently, fcntl locking is broken on 4.2A, in that locks are
** not dropped when the process exits. This causes major problems,
** so flock is the only alternative.
*/
# ifdef ultrix
# define HASSETREUID 1 /* has setreuid(2) call */
# define HASUNSETENV 1 /* has unsetenv(3) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASFCHOWN 1 /* has fchown(2) syscall */
# ifndef HASFLOCK
# define HASFLOCK 1 /* has flock(2) call */
-# endif /* ! HASFLOCK */
+# endif
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# ifndef BROKEN_RES_SEARCH
# define BROKEN_RES_SEARCH 1 /* res_search(unknown) returns h_errno=0 */
-# endif /* ! BROKEN_RES_SEARCH */
+# endif
# if !defined(NEEDLOCAL_HOSTNAME_LENGTH) && NAMED_BIND && __RES >= 19931104 && __RES < 19950621
# define NEEDLOCAL_HOSTNAME_LENGTH 1 /* see sendmail/README */
-# endif /* !defined(NEEDLOCAL_HOSTNAME_LENGTH) && NAMED_BIND && __RES >= 19931104 && __RES < 19950621 */
+# endif
# ifdef vax
# define LA_TYPE LA_FLOAT
# else /* vax */
# define LA_TYPE LA_INT
# define LA_AVENRUN "avenrun"
# endif /* vax */
# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* pre-4.4 TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# define SYSLOG_BUFSIZE 256
# define SM_CONF_SYSLOG 0
# endif /* ultrix */
/*
** OSF/1 for KSR.
**
** Contributed by Todd C. Miller <Todd.Miller@cs.colorado.edu>
*/
# ifdef __ksr__
# define __osf__ 1 /* get OSF/1 defines below */
# ifndef TZ_TYPE
# define TZ_TYPE TZ_TZNAME /* use tzname[] vector */
-# endif /* ! TZ_TYPE */
+# endif
# endif /* __ksr__ */
/*
** OSF/1 for Intel Paragon.
**
** Contributed by Jeff A. Earickson <jeff@ssd.intel.com>
-** of Intel Scalable Systems Divison.
+** of Intel Scalable Systems Division.
*/
# ifdef __PARAGON__
# define __osf__ 1 /* get OSF/1 defines below */
# ifndef TZ_TYPE
# define TZ_TYPE TZ_TZNAME /* use tzname[] vector */
-# endif /* ! TZ_TYPE */
+# endif
# define GIDSET_T gid_t
# define MAXNAMLEN NAME_MAX
# endif /* __PARAGON__ */
/*
** Tru64 UNIX, formerly known as Digital UNIX, formerly known as DEC OSF/1
**
** Tested for 3.2 and 4.0.
*/
# ifdef __osf__
# define HASUNAME 1 /* has uname(2) call */
# define HASUNSETENV 1 /* has unsetenv(3) call */
# define USESETEUID 1 /* has usable seteuid(2) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASFCHOWN 1 /* has fchown(2) syscall */
# define HASSETLOGIN 1 /* has setlogin(2) */
# define IP_SRCROUTE 1 /* can check IP source routing */
# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
# define GIDSET_T gid_t
# define SM_INT32 int /* 32bit integer */
# ifndef HASFLOCK
# include <standards.h>
# if _XOPEN_SOURCE+0 >= 400
# define HASFLOCK 0 /* 5.0 and later has bad flock(2) call */
-# else /* _XOPEN_SOURCE+0 >= 400 */
+# else
# define HASFLOCK 1 /* has flock(2) call */
-# endif /* _XOPEN_SOURCE+0 >= 400 */
+# endif
# endif /* ! HASFLOCK */
# define LA_TYPE LA_ALPHAOSF
# define SFS_TYPE SFS_STATVFS /* use <sys/statvfs.h> statfs() impl */
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/var/adm/sendmail/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/var/run/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# if _FFR_DIGUNIX_SAFECHOWN
/*
** Testing on a Digital UNIX 4.0a system showed this to be the correct
** setting but given the security consequences, more testing and
** verification is needed. Unfortunately, the man page offers no
** assistance.
*/
# define IS_SAFE_CHOWN >= 0
# endif /* _FFR_DIGUNIX_SAFECHOWN */
# endif /* __osf__ */
/*
** NeXTstep
*/
# ifdef NeXT
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define NEEDPUTENV 2 /* need putenv(3) call; no setenv(3) call */
# ifndef HASFLOCK
# define HASFLOCK 1 /* has flock(2) call */
-# endif /* ! HASFLOCK */
+# endif
# define UID_T int /* compiler gripes on uid_t */
# define GID_T int /* ditto for gid_t */
# define MODE_T int /* and mode_t */
# define setpgid setpgrp
# ifndef NOT_SENDMAIL
# define sleep sleepX
-# endif /* ! NOT_SENDMAIL */
+# endif
# ifndef LA_TYPE
# define LA_TYPE LA_MACH
-# endif /* ! LA_TYPE */
+# endif
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# ifdef _POSIX_SOURCE
extern struct passwd *getpwent();
# else /* _POSIX_SOURCE */
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
# define WAITUNION 1 /* use "union wait" as wait argument type */
typedef int pid_t;
# undef WEXITSTATUS
# undef WIFEXITED
# undef WIFSTOPPED
# undef WTERMSIG
# endif /* _POSIX_SOURCE */
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/etc/sendmail/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# define SM_INT32 int /* 32bit integer */
# ifdef TCPWRAPPERS
# ifndef HASUNSETENV
# define HASUNSETENV 1
-# endif /* ! HASUNSETENV */
+# endif
# undef NEEDPUTENV
# endif /* TCPWRAPPERS */
# ifndef __APPLE__
# include <libc.h>
# ifndef S_IRUSR
# define S_IRUSR S_IREAD
-# endif /* ! S_IRUSR */
+# endif
# ifndef S_IWUSR
# define S_IWUSR S_IWRITE
-# endif /* ! S_IWUSR */
+# endif
# define _PATH_MAILDIR "/usr/spool/mail"
# endif /* ! __APPLE__ */
# ifndef isascii
# define isascii(c) ((unsigned)(c) <= 0177)
-# endif /* ! isascii */
+# endif
# endif /* NeXT */
/*
** Apple Darwin
** Contributed by Wilfredo Sanchez <wsanchez@mit.edu>
*/
# if defined(DARWIN)
# define HASFCHMOD 1 /* has fchmod(2) */
# define HASFCHOWN 1 /* has fchown(2) */
# define HASFLOCK 1 /* has flock(2) */
# define HASUNAME 1 /* has uname(2) */
# define HASUNSETENV 1 /* has unsetenv(3) */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASINITGROUPS 1 /* has initgroups(3) */
# define HASSETVBUF 1 /* has setvbuf (3) */
# define HASSETREUID 0 /* setreuid(2) unusable */
# define HASSETEUID 1 /* has seteuid(2) */
# define USESETEUID 1 /* has seteuid(2) */
# define HASSETEGID 1 /* has setegid(2) */
# define HASSETREGID 1 /* has setregid(2) */
# define HASSETRESGID 0 /* no setresgid(2) */
# define HASLSTAT 1 /* has lstat(2) */
# define HASSETRLIMIT 1 /* has setrlimit(2) */
# define HASWAITPID 1 /* has waitpid(2) */
# define HASGETDTABLESIZE 1 /* has getdtablesize(2) */
# define HAS_ST_GEN 1 /* has st_gen field in struct stat */
# define HASURANDOMDEV 1 /* has urandom(4) */
# define HASSTRERROR 1 /* has strerror(3) */
# define HASGETUSERSHELL 1 /* had getusershell(3) */
+# if DARWIN >=180000
+# ifdef HASRRESVPORT
+# undef HASRRESVPORT
+# endif
+# define HASRRESVPORT 0 /* deprecated rresvport() */
+# endif
# define GIDSET_T gid_t /* getgroups(2) takes gid_t */
# define LA_TYPE LA_SUBR /* use getloadavg(3) */
# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
# if DARWIN >= 70000
# define SOCKADDR_LEN_T socklen_t
# endif
# if DARWIN >= 80000
# define SPT_TYPE SPT_REUSEARGV
# define SPT_PADCHAR '\0'
# define SOCKOPT_LEN_T socklen_t
# else
# define SPT_TYPE SPT_PSSTRINGS /* use magic PS_STRINGS pointer for setproctitle */
# endif
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
# define BSD4_4_SOCKADDR /* struct sockaddr has sa_len */
# define SAFENFSPATHCONF 0 /* unverified: pathconf(2) doesn't work on NFS */
# define HAS_IN_H 1
# define NETLINK 1 /* supports AF_LINK */
# ifndef NOT_SENDMAIL
# define sleep sleepX
extern unsigned int sleepX __P((unsigned int seconds));
# endif /* ! NOT_SENDMAIL */
# endif /* defined(DARWIN) */
/*
** 4.4 BSD
**
** See also BSD defines.
*/
# if defined(BSD4_4) && !defined(__bsdi__) && !defined(__GNU__) && !defined(DARWIN)
# include <paths.h>
# define HASUNSETENV 1 /* has unsetenv(3) call */
# define USESETEUID 1 /* has usable seteuid(2) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASFCHOWN 1 /* has fchown(2) syscall */
# define HASSTRERROR 1 /* has strerror(3) */
# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
# include <sys/cdefs.h>
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
# define BSD4_4_SOCKADDR /* has sa_len */
# define NEED_PRINTF_PERCENTQ 1 /* doesn't have %lld */
# define NETLINK 1 /* supports AF_LINK */
# ifndef LA_TYPE
# define LA_TYPE LA_SUBR
-# endif /* ! LA_TYPE */
+# endif
# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
# define SPT_TYPE SPT_PSSTRINGS /* use PS_STRINGS pointer */
# endif /* defined(BSD4_4) && !defined(__bsdi__) && !defined(__GNU__) && !defined(DARWIN)*/
/*
** BSD/OS (was BSD/386) (all versions)
** From Tony Sanders, BSDI
*/
# ifdef __bsdi__
# include <paths.h>
# define HASUNSETENV 1 /* has the unsetenv(3) call */
# define HASSETREUID 0 /* BSD-OS has broken setreuid(2) emulation */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define USESETEUID 1 /* has usable seteuid(2) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASSETLOGIN 1 /* has setlogin(2) */
# define HASUNAME 1 /* has uname(2) syscall */
# define HASSTRERROR 1 /* has strerror(3) */
# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
# include <sys/cdefs.h>
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
# define BSD4_4_SOCKADDR /* has sa_len */
# define NETLINK 1 /* supports AF_LINK */
# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
# ifndef LA_TYPE
# define LA_TYPE LA_SUBR
-# endif /* ! LA_TYPE */
+# endif
# define GIDSET_T gid_t
# define QUAD_T quad_t
# if defined(_BSDI_VERSION) && _BSDI_VERSION >= 199312
/* version 1.1 or later */
# undef SPT_TYPE
# define SPT_TYPE SPT_BUILTIN /* setproctitle is in libc */
# else /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199312 */
/* version 1.0 or earlier */
# define SPT_PADCHAR '\0' /* pad process title with nulls */
# endif /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199312 */
# if defined(_BSDI_VERSION) && _BSDI_VERSION >= 199701 /* on 3.x */
# define HASSETUSERCONTEXT 1 /* has setusercontext */
-# endif /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199701 */
+# endif
# if defined(_BSDI_VERSION) && _BSDI_VERSION <= 199701 /* 3.1 and earlier */
# define MODE_T int /* va_arg() can't handle less than int */
-# endif /* defined(_BSDI_VERSION) && _BSDI_VERSION <= 199701 */
+# endif
# if defined(_BSDI_VERSION) && _BSDI_VERSION >= 199910 /* on 4.x */
# define HASURANDOMDEV 1 /* has /dev/urandom(4) */
-# endif /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199910 */
+# endif
# endif /* __bsdi__ */
# if defined(__QNX__)
# if defined(__QNXNTO__)
/* QNX 6 */
# include <unix.h>
# define HASUNSETENV 1 /* has unsetenv(3) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define USESETEUID 1 /* has usable seteuid(2) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASFCHOWN 1 /* has fchown(2) syscall */
# define HASUNAME 1 /* has uname(2) syscall */
# define HASSTRERROR 1 /* has strerror(3) */
# define BSD4_4_SOCKADDR /* has sa_len */
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
# define NETLINK 1 /* supports AF_LINK */
# define GIDSET_T gid_t
# define QUAD_T uint64_t
# define HASSNPRINTF 1 /* has snprintf(3) (all versions?) */
# define HASGETUSERSHELL 0
/*
** We have a strrev() that doesn't allocate anything.
** Make sure the one here is used.
*/
# define strrev strrev_sendmail
# else /* defined(__QNXNTO__) */
/*
** QNX 4.2x
** Contributed by Glen McCready <glen@qnx.com>.
**
** Should work with all versions of QNX 4.
*/
# include <unix.h>
# include <sys/select.h>
# undef NGROUPS_MAX
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define USESETEUID 1 /* has usable seteuid(2) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASGETDTABLESIZE 1 /* has getdtablesize(2) call */
# define HASSETREUID 1 /* has setreuid(2) call */
# define HASSTRERROR 1 /* has strerror(3) */
# define HASFLOCK 0
# undef HASINITGROUPS /* has initgroups(3) call */
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
# define IP_SRCROUTE 1 /* can check IP source routing */
# define TZ_TYPE TZ_TMNAME /* use tmname variable */
# define GIDSET_T gid_t
# define LA_TYPE LA_ZERO
# define SFS_TYPE SFS_NONE
# define SPT_TYPE SPT_REUSEARGV
# define SPT_PADCHAR '\0' /* pad process title with nulls */
# define HASGETUSERSHELL 0
# define _FILE_H_INCLUDED
# endif /* defined(__QNXNTO__) */
# endif /* defined(__QNX__) */
/*
** DragonFly BSD/ FreeBSD / NetBSD / OpenBSD (all architectures, all versions)
**
** 4.3BSD clone, closer to 4.4BSD for FreeBSD 1.x and NetBSD 0.9x
** 4.4BSD-Lite based for FreeBSD 2.x and NetBSD 1.x
**
** See also BSD defines.
*/
# if defined(__DragonFly__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
# include <paths.h>
# define HASUNSETENV 1 /* has unsetenv(3) call */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define USESETEUID 1 /* has usable seteuid(2) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASFCHOWN 1 /* has fchown(2) syscall */
# define HASUNAME 1 /* has uname(2) syscall */
# define HASSTRERROR 1 /* has strerror(3) */
# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
# define NEED_PRINTF_PERCENTQ 1 /* doesn't have %lld */
# include <sys/cdefs.h>
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
# define BSD4_4_SOCKADDR /* has sa_len */
# define NETLINK 1 /* supports AF_LINK */
# define SAFENFSPATHCONF 1 /* pathconf(2) pessimizes on NFS filesystems */
# define GIDSET_T gid_t
# define QUAD_T unsigned long long
# define HASSNPRINTF 1 /* has snprintf(3) (all versions?) */
# ifndef LA_TYPE
# define LA_TYPE LA_SUBR
-# endif /* ! LA_TYPE */
+# endif
# if defined(__NetBSD__) && defined(__NetBSD_Version__) && \
((__NetBSD_Version__ >= 200040000 && __NetBSD_Version__ < 200090000) || \
(__NetBSD_Version__ >= 299000900))
# undef SFS_TYPE
# define SFS_TYPE SFS_STATVFS
# else
# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
# endif
# if defined(__NetBSD__) && (NetBSD > 199307 || NetBSD0_9 > 1)
# undef SPT_TYPE
# define SPT_TYPE SPT_BUILTIN /* setproctitle is in libc */
-# endif /* defined(__NetBSD__) && (NetBSD > 199307 || NetBSD0_9 > 1) */
+# endif
# if defined(__NetBSD__) && ((__NetBSD_Version__ > 102070000) || (NetBSD1_2 > 8) || defined(NetBSD1_4) || defined(NetBSD1_3))
# define HASURANDOMDEV 1 /* has /dev/urandom(4) */
-# endif /* defined(__NetBSD__) && ((__NetBSD_Version__ > 102070000) || (NetBSD1_2 > 8) || defined(NetBSD1_4) || defined(NetBSD1_3)) */
+# endif
# if defined(__NetBSD__) && defined(__NetBSD_Version__) && __NetBSD_Version__ >= 104170000
# define HASSETUSERCONTEXT 1 /* BSDI-style login classes */
# endif
# if defined(__NetBSD__) && defined(__NetBSD_Version__) && \
((__NetBSD_Version__ >= 200060000 && __NetBSD_Version__ < 200090000) || \
(__NetBSD_Version__ >= 299000900))
# define HASCLOSEFROM 1 /* closefrom(3) added in 2.0F */
# endif
# if defined(__NetBSD__)
# define USESYSCTL 1 /* use sysctl(3) for getting ncpus */
# include <sys/param.h>
# include <sys/sysctl.h>
# endif
# if defined(__DragonFly__)
# define HASSETLOGIN 1 /* has setlogin(2) */
# define HASSRANDOMDEV 1 /* has srandomdev(3) */
# define HASURANDOMDEV 1 /* has /dev/urandom(4) */
# undef SPT_TYPE
# include <libutil.h>
# define SPT_TYPE SPT_BUILTIN
# define HASSETUSERCONTEXT 1 /* BSDI-style login classes */
# ifndef SMRSH_CMDDIR
# define SMRSH_CMDDIR "/usr/libexec/sm.bin"
-# endif /* ! SMRSH_CMDDIR */
+# endif
# ifndef SMRSH_PATH
# define SMRSH_PATH "/bin:/usr/bin"
-# endif /* ! SMRSH_PATH */
+# endif
# define USESYSCTL 1 /* use sysctl(3) for getting ncpus */
# include <sys/sysctl.h>
# endif /* defined(__DragonFly__) */
# if defined(__FreeBSD__)
# define HASSETLOGIN 1 /* has setlogin(2) */
# if __FreeBSD_version >= 227001
# define HASSRANDOMDEV 1 /* has srandomdev(3) */
# define HASURANDOMDEV 1 /* has /dev/urandom(4) */
# endif /* __FreeBSD_version >= 227001 */
# undef SPT_TYPE
# if __FreeBSD__ >= 2
# include <osreldate.h>
# if __FreeBSD_version >= 199512 /* 2.2-current when it appeared */
-# include <libutil.h>
+# if __FreeBSD_version < 500012 /* Moved to libc in 2000 */
+# include <libutil.h>
+# endif
# define SPT_TYPE SPT_BUILTIN
# endif /* __FreeBSD_version >= 199512 */
# if __FreeBSD_version >= 222000 /* 2.2.2-release and later */
# define HASSETUSERCONTEXT 1 /* BSDI-style login classes */
-# endif /* __FreeBSD_version >= 222000 */
+# endif
# if __FreeBSD_version >= 300000 /* 3.0.0-release and later */
# define HAVE_NANOSLEEP 1 /* has nanosleep(2) */
-# endif /* __FreeBSD_version >= 300000 */
+# endif
# if __FreeBSD_version >= 330000 /* 3.3.0-release and later */
# ifndef SMRSH_CMDDIR
# define SMRSH_CMDDIR "/usr/libexec/sm.bin"
-# endif /* ! SMRSH_CMDDIR */
+# endif
# ifndef SMRSH_PATH
# define SMRSH_PATH "/bin:/usr/bin"
-# endif /* ! SMRSH_PATH */
+# endif
# endif /* __FreeBSD_version >= 330000 */
# if __FreeBSD_version >= 430000 /* 4.3.0-release and later */
# define SOCKADDR_LEN_T socklen_t /* e.g., arg#3 to accept, getsockname */
# define SOCKOPT_LEN_T socklen_t /* arg#5 to getsockopt */
# endif /* __FreeBSD_version >= 430000 */
# define USESYSCTL 1 /* use sysctl(3) for getting ncpus */
# include <sys/sysctl.h>
# endif /* __FreeBSD__ >= 2 */
# ifndef SPT_TYPE
# define SPT_TYPE SPT_REUSEARGV
# define SPT_PADCHAR '\0' /* pad process title with nulls */
-# endif /* ! SPT_TYPE */
+# endif
# endif /* defined(__FreeBSD__) */
# if defined(__OpenBSD__)
# undef SPT_TYPE
# define SPT_TYPE SPT_BUILTIN /* setproctitle is in libc */
# define HASSETLOGIN 1 /* has setlogin(2) */
# if OpenBSD < 200305
# define HASSETREUID 0 /* setreuid(2) broken in OpenBSD < 3.3 */
-# endif /* OpenBSD < 200305 */
+# endif
# define HASSETEGID 1 /* use setegid(2) to set saved gid */
# define HASURANDOMDEV 1 /* has /dev/urandom(4) */
# if OpenBSD >= 200006
# define HASSRANDOMDEV 1 /* has srandomdev(3) */
-# endif /* OpenBSD >= 200006 */
+# endif
# if OpenBSD >= 200012
# define HASSETUSERCONTEXT 1 /* BSDI-style login classes */
-# endif /* OpenBSD >= 200012 */
+# endif
# if OpenBSD >= 200405
# define HASCLOSEFROM 1 /* closefrom(3) added in 3.5 */
-# endif /* OpenBSD >= 200405 */
+# endif
# if OpenBSD >= 200505
# undef NETISO /* iso.h removed in 3.7 */
-# endif /* OpenBSD >= 200505 */
+# endif
# if OpenBSD >= 200800
# define HAVE_NANOSLEEP 1 /* has nanosleep(2) */
-# endif /* OpenBSD >= 200800 */
+# endif
+# ifndef SOCKADDR_LEN_T
+# define SOCKADDR_LEN_T socklen_t /* e.g., arg#3 to accept, getsockname */
+# endif
+# ifndef SOCKOPT_LEN_T
+# define SOCKOPT_LEN_T socklen_t /* arg#5 to getsockopt */
+# endif
# endif /* defined(__OpenBSD__) */
# endif /* defined(__DragonFly__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) */
/*
** Mach386
**
** For mt Xinu's Mach386 system.
*/
# if defined(MACH) && defined(i386) && !defined(__GNU__)
# define MACH386 1
# define HASUNSETENV 1 /* has unsetenv(3) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# ifndef HASFLOCK
# define HASFLOCK 1 /* has flock(2) call */
-# endif /* ! HASFLOCK */
+# endif
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
# define NEEDSTRTOL 1 /* need the strtol() function */
# define setpgid setpgrp
# ifndef LA_TYPE
# define LA_TYPE LA_FLOAT
-# endif /* ! LA_TYPE */
+# endif
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# undef HASSETVBUF /* don't actually have setvbuf(3) */
# undef WEXITSTATUS
# undef WIFEXITED
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# endif /* defined(MACH) && defined(i386) && !defined(__GNU__) */
/*
** GNU OS (hurd)
** Largely BSD & posix compatible.
** Port contributed by Miles Bader <miles@gnu.ai.mit.edu>.
** Updated by Mark Kettenis <kettenis@wins.uva.nl>.
*/
# if defined(__GNU__) && !defined(NeXT)
# include <paths.h>
# define HASFCHMOD 1 /* has fchmod(2) call */
# define HASFCHOWN 1 /* has fchown(2) call */
# define HASUNAME 1 /* has uname(2) call */
# define HASUNSETENV 1 /* has unsetenv(3) call */
# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
# define HASSTRERROR 1 /* has strerror(3) */
# define GIDSET_T gid_t
# define SOCKADDR_LEN_T socklen_t
# define SOCKOPT_LEN_T socklen_t
# if (__GLIBC__ == 2 && __GLIBC_MINOR__ > 1) || __GLIBC__ > 2
# define LA_TYPE LA_SUBR
# else /* (__GLIBC__ == 2 && __GLIBC_MINOR__ > 1) || __GLIBC__ > 2 */
# define LA_TYPE LA_MACH
/* GNU uses mach[34], which renames some rpcs from mach2.x. */
# define host_self mach_host_self
# endif /* (__GLIBC__ == 2 && __GLIBC_MINOR__ > 1) || __GLIBC__ > 2 */
# define SFS_TYPE SFS_STATFS
# define SPT_TYPE SPT_CHANGEARGV
# define ERRLIST_PREDEFINED 1 /* don't declare sys_errlist */
# define BSD4_4_SOCKADDR 1 /* has sa_len */
# define SIOCGIFCONF_IS_BROKEN 1 /* SIOCGFCONF doesn't work */
# define HAS_IN_H 1 /* GNU has netinet/in.h. */
/* GNU has no MAXPATHLEN; ideally the code should be changed to not use it. */
# define MAXPATHLEN 2048
# endif /* defined(__GNU__) && !defined(NeXT) */
/*
** 4.3 BSD -- this is for very old systems
**
** Should work for mt Xinu MORE/BSD and Mips UMIPS-BSD 2.1.
**
** You'll also have to install a new resolver library.
** I don't guarantee that support for this environment is complete.
*/
# if defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd)
# define NEEDVPRINTF 1 /* need a replacement for vprintf(3) */
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
# define ARBPTR_T char *
# define setpgid setpgrp
# ifndef LA_TYPE
# define LA_TYPE LA_FLOAT
-# endif /* ! LA_TYPE */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# undef WEXITSTATUS
# undef WIFEXITED
typedef short pid_t;
# endif /* defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) */
/*
** SCO Unix
**
** This includes three parts:
**
** The first is for SCO OpenServer 5.
** (Contributed by Keith Reynolds <keithr@sco.COM>).
**
** SCO OpenServer 5 has a compiler version number macro,
** which we can use to figure out what version we're on.
** This may have to change in future releases.
**
** The second is for SCO UNIX 3.2v4.2/Open Desktop 3.0.
** (Contributed by Philippe Brand <phb@colombo.telesys-innov.fr>).
**
** The third is for SCO UNIX 3.2v4.0/Open Desktop 2.0 and earlier.
*/
/* SCO OpenServer 5 */
# if _SCO_DS >= 1
# include <paths.h>
# define SIOCGIFNUM_IS_BROKEN 1 /* SIOCGIFNUM returns bogus value */
# define HASFCHMOD 1 /* has fchmod(2) call */
# define HASFCHOWN 1 /* has fchown(2) call */
# define HASSETRLIMIT 1 /* has setrlimit(2) call */
# define USESETEUID 1 /* has seteuid(2) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASGETDTABLESIZE 1 /* has getdtablesize(2) call */
# define RLIMIT_NEEDS_SYS_TIME_H 1
# define LDA_USE_LOCKF 1
# ifndef LA_TYPE
# define LA_TYPE LA_DEVSHORT
-# endif /* ! LA_TYPE */
+# endif
# define _PATH_AVENRUN "/dev/table/avenrun"
# ifndef _SCO_unix_4_2
# define _SCO_unix_4_2
# else /* ! _SCO_unix_4_2 */
# define SOCKADDR_LEN_T size_t /* e.g., arg#3 to accept, getsockname */
# define SOCKOPT_LEN_T size_t /* arg#5 to getsockopt */
# endif /* ! _SCO_unix_4_2 */
# endif /* _SCO_DS >= 1 */
/* SCO UNIX 3.2v4.2/Open Desktop 3.0 */
# ifdef _SCO_unix_4_2
# define _SCO_unix_
# define HASSETREUID 1 /* has setreuid(2) call */
# endif /* _SCO_unix_4_2 */
/* SCO UNIX 3.2v4.0 Open Desktop 2.0 and earlier */
# ifdef _SCO_unix_
# include <sys/stream.h> /* needed for IP_SRCROUTE */
# define SYSTEM5 1 /* include all the System V defines */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define NOFTRUNCATE 0 /* has (simulated) ftruncate call */
# ifndef USE_SIGLONGJMP
# define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */
-# endif /* ! USE_SIGLONGJMP */
+# endif
# define MAXPATHLEN PATHSIZE
# define SFS_TYPE SFS_4ARGS /* use <sys/statfs.h> 4-arg impl */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define SPT_TYPE SPT_SCO /* write kernel u. area */
# define TZ_TYPE TZ_TM_NAME /* use tm->tm_name */
# define UID_T uid_t
# define GID_T gid_t
# define GIDSET_T gid_t
# define _PATH_UNIX "/unix"
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
/* stuff fixed in later releases */
# ifndef _SCO_unix_4_2
# define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */
-# endif /* ! _SCO_unix_4_2 */
+# endif
# ifndef _SCO_DS
# define ftruncate chsize /* use chsize(2) to emulate ftruncate */
# define NEEDFSYNC 1 /* needs the fsync(2) call stub */
# define NETUNIX 0 /* no unix domain socket support */
# define LA_TYPE LA_SHORT
# endif /* ! _SCO_DS */
# endif /* _SCO_unix_ */
/*
** ISC (SunSoft) Unix.
**
** Contributed by J.J. Bailey <jjb@jagware.bcc.com>
*/
# ifdef ISC_UNIX
# include <net/errno.h>
# include <sys/stream.h> /* needed for IP_SRCROUTE */
# include <sys/bsdtypes.h>
# define SYSTEM5 1 /* include all the System V defines */
# define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define HASSETREUID 1 /* has setreuid(2) call */
# define NEEDFSYNC 1 /* needs the fsync(2) call stub */
# define NETUNIX 0 /* no unix domain socket support */
# define MAXPATHLEN 1024
# define LA_TYPE LA_SHORT
# define SFS_TYPE SFS_STATFS /* use <sys/statfs.h> statfs() impl */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define _PATH_UNIX "/unix"
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# endif /* ISC_UNIX */
/*
** Altos System V (5.3.1)
** Contributed by Tim Rice <tim@trr.metro.net>.
*/
# ifdef ALTOS_SYSTEM_V
# include <sys/stream.h>
# include <limits.h>
# define SYSTEM5 1 /* include all the System V defines */
# define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define WAITUNION 1 /* use "union wait" as wait argument type */
# define NEEDFSYNC 1 /* no fsync(2) in system library */
# define NEEDSTRSTR 1 /* need emulation of the strstr(3) call */
# define NOFTRUNCATE 1 /* do not have ftruncate(2) */
# define MAXPATHLEN PATH_MAX
# define LA_TYPE LA_SHORT
# define SFS_TYPE SFS_STATFS /* use <sys/statfs.h> statfs() impl */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define TZ_TYPE TZ_TZNAME /* use tzname[] vector */
# define NETUNIX 0 /* no unix domain socket support */
# undef WIFEXITED
# undef WEXITSTATUS
# define strtoul strtol /* gcc library bogosity */
typedef unsigned short uid_t;
typedef unsigned short gid_t;
typedef short pid_t;
typedef unsigned long mode_t;
/* some stuff that should have been in the include files */
extern char *malloc();
extern struct passwd *getpwent();
extern struct passwd *getpwnam();
extern struct passwd *getpwuid();
extern char *getenv();
extern struct group *getgrgid();
extern struct group *getgrnam();
# endif /* ALTOS_SYSTEM_V */
/*
** ConvexOS 11.0 and later
**
** "Todd C. Miller" <millert@mroe.cs.colorado.edu> claims this
** works on 9.1 as well.
**
** ConvexOS 11.5 and later, should work on 11.0 as defined.
** For pre-ConvexOOS 11.0, define SM_CONF_GETOPT=0, undef IDENTPROTO
**
** Eric Schnoebelen (eric@cirr.com) For CONVEX Computer Corp.
** (now the CONVEX Technologies Center of Hewlett Packard)
*/
# ifdef _CONVEX_SOURCE
# define HASGETDTABLESIZE 1 /* has getdtablesize(2) */
# define HASINITGROUPS 1 /* has initgroups(3) */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASUNSETENV 1 /* has unsetenv(3) */
# define HASFLOCK 1 /* has flock(2) */
# define HASSETRLIMIT 1 /* has setrlimit(2) */
# define HASSETREUID 1 /* has setreuid(2) */
# define BROKEN_RES_SEARCH 1 /* res_search(unknown) returns h_error=0 */
# define NEEDPUTENV 1 /* needs putenv (written in terms of setenv) */
# define SM_CONF_GETOPT 1 /* need a replacement for getopt(3) */
# define IP_SRCROUTE 0 /* Something is broken with getsockopt() */
# define LA_TYPE LA_FLOAT
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef S_IREAD
# define S_IREAD _S_IREAD
# define S_IWRITE _S_IWRITE
# define S_IEXEC _S_IEXEC
# define S_IFMT _S_IFMT
# define S_IFCHR _S_IFCHR
# define S_IFBLK _S_IFBLK
# endif /* ! S_IREAD */
# ifndef TZ_TYPE
# define TZ_TYPE TZ_TIMEZONE
-# endif /* ! TZ_TYPE */
+# endif
# ifndef IDENTPROTO
# define IDENTPROTO 1
-# endif /* ! IDENTPROTO */
+# endif
# ifndef SHARE_V1
# define SHARE_V1 1 /* version 1 of the fair share scheduler */
-# endif /* ! SHARE_V1 */
+# endif
# if !defined(__GNUC__ )
-# define UID_T int /* GNUC gets it right, ConvexC botches */
-# define GID_T int /* GNUC gets it right, ConvexC botches */
-# endif /* !defined(__GNUC__ ) */
+# define UID_T int /* GNUC gets it right, ConvexC botches */
+# define GID_T int /* GNUC gets it right, ConvexC botches */
+# endif
# if SECUREWARE
# define FORK fork /* SecureWare wants the real fork! */
-# else /* SECUREWARE */
+# else
# define FORK vfork /* the rest of the OS versions don't care */
-# endif /* SECUREWARE */
+# endif
# endif /* _CONVEX_SOURCE */
/*
** RISC/os 4.52
**
** Gives a ton of warning messages, but otherwise compiles.
*/
# ifdef RISCOS
# define HASUNSETENV 1 /* has unsetenv(3) call */
# ifndef HASFLOCK
# define HASFLOCK 1 /* has flock(2) call */
-# endif /* ! HASFLOCK */
+# endif
# define WAITUNION 1 /* use "union wait" as wait argument type */
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
# define NEEDPUTENV 1 /* need putenv(3) call */
# define NEEDSTRSTR 1 /* need emulation of the strstr(3) call */
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# define LA_TYPE LA_INT
# define LA_AVENRUN "avenrun"
# define _PATH_UNIX "/unix"
# undef WIFEXITED
# define setpgid setpgrp
typedef int pid_t;
# define SIGFUNC_DEFINED
# define SIGFUNC_RETURN (0)
# define SIGFUNC_DECL int
typedef int (*sigfunc_t)();
extern char *getenv();
extern void *malloc();
/* added for RISC/os 4.01...which is dumber than 4.50 */
# ifdef RISCOS_4_0
# ifndef ARBPTR_T
# define ARBPTR_T char *
-# endif /* ! ARBPTR_T */
+# endif
# undef HASFLOCK
# define HASFLOCK 0
# endif /* RISCOS_4_0 */
# include <sys/time.h>
# endif /* RISCOS */
/*
** Linux 0.99pl10 and above...
**
** Thanks to, in reverse order of contact:
**
** John Kennedy <warlock@csuchico.edu>
** Andrew Pam <avatar@aus.xanadu.com>
** Florian La Roche <rzsfl@rz.uni-sb.de>
** Karl London <karl@borg.demon.co.uk>
**
** NOTE: Override HASFLOCK as you will but, as of 1.99.6, mixed-style
** file locking is no longer allowed. In particular, make sure
** your DBM library and sendmail are both using either flock(2)
** *or* fcntl(2) file locking, but not both.
*/
# ifdef __linux__
# include <linux/version.h>
# if !defined(KERNEL_VERSION) /* not defined in 2.0.x kernel series */
# define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
-# endif /* !defined(KERNEL_VERSION) */
+# endif
# define BSD 1 /* include BSD defines */
# define HASSETREGID 1 /* use setregid(2) to set saved gid */
# ifndef REQUIRES_DIR_FSYNC
# define REQUIRES_DIR_FSYNC 1 /* requires fsync() on directory */
-# endif /* REQUIRES_DIR_FSYNC */
+# endif
# ifndef USESETEUID
# define USESETEUID 0 /* has it due to POSIX, but doesn't work */
-# endif /* USESETEUID */
+# endif
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASUNSETENV 1 /* has unsetenv(3) call */
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
# define GIDSET_T gid_t /* from <linux/types.h> */
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* getusershell(3) broken in Slackware 2.0 */
-# endif /* HASGETUSERSHELL */
+# endif
# ifndef IP_SRCROUTE
# define IP_SRCROUTE 0 /* linux <= 1.2.8 doesn't support IP_OPTIONS */
-# endif /* ! IP_SRCROUTE */
+# endif
# ifndef HAS_IN_H
# define HAS_IN_H 1 /* use netinet/in.h */
-# endif /* ! HAS_IN_H */
+# endif
# ifndef USE_SIGLONGJMP
# define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */
-# endif /* ! USE_SIGLONGJMP */
+# endif
# ifndef HASFLOCK
# if LINUX_VERSION_CODE < 66399
# define HASFLOCK 0 /* flock(2) is broken after 0.99.13 */
# else /* LINUX_VERSION_CODE < 66399 */
# if (LINUX_VERSION_CODE < KERNEL_VERSION(2,4,0))
# define HASFLOCK 1 /* flock(2) fixed after 1.3.95 */
-# else /* (LINUX_VERSION_CODE < KERNEL_VERSION(2,4,0)) */
+# else
# define HASFLOCK 0 /* flock(2) is broken (again) after 2.4.0 */
-# endif /* (LINUX_VERSION_CODE < KERNEL_VERSION(2,4,0)) */
+# endif
# endif /* LINUX_VERSION_CODE < 66399 */
# endif /* ! HASFLOCK */
# ifndef LA_TYPE
# define LA_TYPE LA_PROCSTR
-# endif /* ! LA_TYPE */
+# endif
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() impl */
# define SPT_PADCHAR '\0' /* pad process title with nulls */
# if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,0,0))
# ifndef HASURANDOMDEV
# define HASURANDOMDEV 1 /* 2.0 (at least) has linux/drivers/char/random.c */
-# endif /* ! HASURANDOMDEV */
+# endif
# endif /* (LINUX_VERSION_CODE >= KERNEL_VERSION(2,0,0)) */
# if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
# define HASSTRERROR 1 /* has strerror(3) */
-# endif /* defined(__GLIBC__) && defined(__GLIBC_MINOR__) */
+# endif
# ifndef TZ_TYPE
# define TZ_TYPE TZ_NONE /* no standard for Linux */
-# endif /* ! TZ_TYPE */
+# endif
# if (__GLIBC__ >= 2)
# include <paths.h>
-# endif /* (__GLIBC__ >= 2) */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/var/run/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# include <sys/sysmacros.h>
# undef atol /* wounded in <stdlib.h> */
+
+# if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
+# define GLIBC_VERSION ((__GLIBC__ << 9) + __GLIBC_MINOR__)
+# if (GLIBC_VERSION >= 0x201)
+# define SOCKADDR_LEN_T socklen_t
+# define SOCKOPT_LEN_T socklen_t
+# endif
+# endif /* defined(__GLIBC__) && defined(__GLIBC_MINOR__) */
+
# if NETINET6
/*
** Linux doesn't have a good way to tell userland what interfaces are
** IPv6-capable. Therefore, the BIND resolver can not determine if there
** are IPv6 interfaces to honor AI_ADDRCONFIG. Unfortunately, it assumes
** that none are present. (Excuse the macro name ADDRCONFIG_IS_BROKEN.)
*/
# define ADDRCONFIG_IS_BROKEN 1
/*
** Indirectly included from glibc's <feature.h>. IPv6 support is native
** in 2.1 and later, but the APIs appear before the functions.
*/
# if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
-# define GLIBC_VERSION ((__GLIBC__ << 8) + __GLIBC_MINOR__)
# if (GLIBC_VERSION >= 0x201)
-# define SOCKADDR_LEN_T socklen_t
-# define SOCKOPT_LEN_T socklen_t
# undef IPPROTO_ICMPV6 /* linux #defines, glibc enums */
-# else /* (GLIBC_VERSION >= 0x201) */
+# else
# include <linux/in6.h> /* IPv6 support */
-# endif /* (GLIBC_VERSION >= 0x201) */
+# endif
# if (GLIBC_VERSION >= 0x201 && !defined(NEEDSGETIPNODE))
/* Have APIs in <netdb.h>, but no support in glibc */
# define NEEDSGETIPNODE 1
-# endif /* (GLIBC_VERSION >= 0x201 && !defined(NEEDSGETIPNODE)) */
+# endif
# undef GLIBC_VERSION
# endif /* defined(__GLIBC__) && defined(__GLIBC_MINOR__) */
# endif /* NETINET6 */
# ifndef HASFCHOWN
# define HASFCHOWN 1 /* fchown(2) */
-# endif /* ! HASFCHOWN */
+# endif
# if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,0,36)) && !defined(HASFCHMOD)
# define HASFCHMOD 1 /* fchmod(2) */
-# endif /* (LINUX_VERSION_CODE >= KERNEL_VERSION(2,0,36)) && !defined(HASFCHMOD) */
+# endif
# endif /* __linux__ */
/*
** DELL SVR4 Issue 2.2, and others
** From Kimmo Suominen <kim@grendel.lut.fi>
**
** It's on #ifdef DELL_SVR4 because Solaris also gets __svr4__
** defined, and the definitions conflict.
**
** Peter Wemm <peter@perth.DIALix.oz.au> claims that the setreuid
** trick works on DELL 2.2 (SVR4.0/386 version 4.0) and ESIX 4.0.3A
** (SVR4.0/386 version 3.0).
*/
# ifdef DELL_SVR4
/* no changes necessary */
/* see general __svr4__ defines below */
# endif /* DELL_SVR4 */
/*
** Apple A/UX 3.0
*/
# ifdef _AUX_SOURCE
# include <sys/sysmacros.h>
# define BSD /* has BSD routines */
# define HASSETRLIMIT 0 /* ... but not setrlimit(2) */
# define BROKEN_RES_SEARCH 1 /* res_search(unknown) returns h_errno=0 */
# define BOGUS_O_EXCL 1 /* exclusive open follows symlinks */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASSETVBUF 1 /* has setvbuf(3) in libc */
# define HASSTRERROR 1 /* has strerror(3) */
# define SIGFUNC_DEFINED /* sigfunc_t already defined */
# define SIGFUNC_RETURN /* POSIX-mode */
# define SIGFUNC_DECL void /* POSIX-mode */
# define ERRLIST_PREDEFINED 1
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# ifndef LA_TYPE
# define LA_TYPE LA_INT
# define FSHIFT 16
-# endif /* ! LA_TYPE */
+# endif
# define LA_AVENRUN "avenrun"
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# define TZ_TYPE TZ_TZNAME
# ifndef _PATH_UNIX
# define _PATH_UNIX "/unix" /* should be in <paths.h> */
-# endif /* ! _PATH_UNIX */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# undef WIFEXITED
# undef WEXITSTATUS
# endif /* _AUX_SOURCE */
/*
** Encore UMAX V
**
** Not extensively tested.
*/
# ifdef UMAXV
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASSETVBUF 1 /* we have setvbuf(3) in libc */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */
# define SYS5SETPGRP 1 /* use System V setpgrp(2) syscall */
# define SFS_TYPE SFS_4ARGS /* four argument statfs() call */
# define MAXPATHLEN PATH_MAX
extern struct passwd *getpwent(), *getpwnam(), *getpwuid();
extern struct group *getgrent(), *getgrnam(), *getgrgid();
# undef WIFEXITED
# undef WEXITSTATUS
# endif /* UMAXV */
/*
** Stardent Titan 3000 running TitanOS 4.2.
**
** Must be compiled in "cc -43" mode.
**
** From Kate Hedstrom <kate@ahab.rutgers.edu>.
**
** Note the tweaking below after the BSD defines are set.
*/
# ifdef titan
# define setpgid setpgrp
typedef int pid_t;
# undef WIFEXITED
# undef WEXITSTATUS
# endif /* titan */
/*
** Sequent DYNIX 3.2.0
**
** From Jim Davis <jdavis@cs.arizona.edu>.
*/
# ifdef sequent
# define BSD 1
# define HASUNSETENV 1
# define BSD4_3 1 /* to get signal() in conf.c */
# define WAITUNION 1
# define LA_TYPE LA_FLOAT
# ifdef _POSIX_VERSION
# undef _POSIX_VERSION /* set in <unistd.h> */
-# endif /* _POSIX_VERSION */
+# endif
# undef HASSETVBUF /* don't actually have setvbuf(3) */
# define setpgid setpgrp
/* Have to redefine WIFEXITED to take an int, to work with waitfor() */
# undef WIFEXITED
# define WIFEXITED(s) (((union wait*)&(s))->w_stopval != WSTOPPED && \
((union wait*)&(s))->w_termsig == 0)
# define WEXITSTATUS(s) (((union wait*)&(s))->w_retcode)
typedef int pid_t;
# define isgraph(c) (isprint(c) && (c != ' '))
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# ifndef _PATH_UNIX
# define _PATH_UNIX "/dynix"
-# endif /* ! _PATH_UNIX */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# endif /* sequent */
/*
** Sequent DYNIX/ptx v2.0 (and higher)
**
** For DYNIX/ptx v1.x, undefine HASSETREUID.
**
** From Tim Wright <timw@sequent.com>.
** Update from Jack Woolley <jwoolley@sctcorp.com>, 26 Dec 1995,
** for DYNIX/ptx 4.0.2.
*/
# ifdef _SEQUENT_
# include <sys/stream.h>
# define SYSTEM5 1 /* include all the System V defines */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASSETREUID 1 /* has setreuid(2) call */
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define GIDSET_T gid_t
# define LA_TYPE LA_INT
# define SFS_TYPE SFS_STATFS /* use <sys/statfs.h> statfs() impl */
# define SPT_TYPE SPT_NONE /* don't use setproctitle */
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# endif /* _SEQUENT_ */
/*
** Cray UNICOS, UNICOS/mk, and UNICOS/mp
**
** UNICOS:
-** Ported by David L. Kensiski, Sterling Sofware <kensiski@nas.nasa.gov>
+** Ported by David L. Kensiski, Sterling Software <kensiski@nas.nasa.gov>
** Update Brian Ginsbach <ginsbach@cray.com>
** UNICOS/mk (Cray T3E):
** Contributed by Manu Mahonen <mailadm@csc.fi>
** of Center for Scientific Computing.
** Update Brian Ginsbach <ginsbach@cray.com>
** UNICOS/mp:
** From Aaron Davis <awd@cray.com> & Brian Ginsbach <ginsbach@cray.com>
*/
# if defined(_CRAY) || defined(UNICOS) || defined(_UNICOSMP)
# define SYSTEM5 1 /* include all the System V defines */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define HASFCHOWN 1 /* has fchown(2) */
# define HASUNSETENV 1 /* has unsetenv(3) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASSETREUID 1 /* has setreuid(2) call */
# define USESETEUID 1 /* has usable seteuid(2) call */
# define HASGETDTABLESIZE 1 /* has getdtablesize(2) syscall */
# define HASSTRERROR 1 /* has strerror(3) */
# define GIDSET_T gid_t
# define SFS_TYPE SFS_4ARGS /* four argument statfs() call */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define SAFENFSPATHCONF 1 /* pathconf(2) pessimizes on NFS filesystems */
# ifdef UNICOS
# define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */
# define LA_TYPE LA_ZERO
# define _PATH_MAILDIR "/usr/spool/mail"
# define GET_IPOPT_DST(dst) *(struct in_addr *)&(dst)
# ifndef MAXPATHLEN
# define MAXPATHLEN PATHSIZE
-# endif /* ! MAXPATHLEN */
+# endif
# ifndef _PATH_UNIX
# ifdef UNICOSMK
# define _PATH_UNIX "/unicosmk.ar"
# else
# define _PATH_UNIX "/unicos"
-# endif /* UNICOSMK */
+# endif
# endif /* ! _PATH_UNIX */
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# endif /* UNICOS */
# ifdef _UNICOSMP
# if defined(_SC_NPROC_ONLN) && !defined(_SC_NPROCESSORS_ONLN)
/* _SC_NPROC_ONLN is 'mpadmin -u', total # of unrestricted processors */
# define _SC_NPROCESSORS_ONLN _SC_NPROC_ONLN
-# endif /* if defined(_SC_NPROC_ONLN) && !defined(_SC_NPROCESSORS_ONLN) */
+# endif
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define HASSETRLIMIT 1 /* has setrlimit(2) syscall */
# define LA_TYPE LA_IRIX6 /* figure out at run time */
# include <sys/cdefs.h>
# include <paths.h>
# define ARGV_T char *const *
# endif /* _UNICOSMP */
# endif /* _CRAY */
/*
** Apollo DomainOS
**
** From Todd Martin <tmartint@tus.ssi1.com> & Don Lewis <gdonl@gv.ssi1.com>
**
** 15 Jan 1994; updated 2 Aug 1995
**
*/
# ifdef apollo
# define HASSETREUID 1 /* has setreuid(2) call */
# define HASINITGROUPS 1 /* has initgroups(2) call */
# define IP_SRCROUTE 0 /* does not have <netinet/ip_var.h> */
# define SPT_TYPE SPT_NONE /* don't use setproctitle */
# define LA_TYPE LA_SUBR /* use getloadavg.c */
# define SFS_TYPE SFS_4ARGS /* four argument statfs() call */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define TZ_TYPE TZ_TZNAME
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# undef S_IFSOCK /* S_IFSOCK and S_IFIFO are the same */
# undef S_IFIFO
# define S_IFIFO 0010000
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# define RLIMIT_NEEDS_SYS_TIME_H 1
# if defined(NGROUPS_MAX) && !NGROUPS_MAX
# undef NGROUPS_MAX
-# endif /* defined(NGROUPS_MAX) && !NGROUPS_MAX */
+# endif
# endif /* apollo */
/*
** MPE-iX
**
** Requires MPE 6.0 or greater. See sendmail/README for more info.
**
** From Mark Bixby <mark_bixby@hp.com> or <mark@bixby.org>.
*/
# ifdef MPE
# include <sys/sysmacros.h>
# include <fcntl.h>
/* Sendmail stuff */
# define HASFCHOWN 0 /* lacks fchown() */
# define HASGETUSERSHELL 0 /* lacks getusershell() */
# ifdef HASNICE
# undef HASNICE
-# endif /* HASNICE */
+# endif
# define HASNICE 0 /* lacks nice() */
# define HASRANDOM 0 /* lacks random() */
# ifdef HASRRESVPORT
# undef HASRRESVPORT
-# endif /* HASRRESVPORT */
+# endif
# define HASRRESVPORT 0 /* lacks rresvport() */
# define IP_SRCROUTE 0 /* lacks IP source routing fields */
# ifdef MATCHGECOS
# undef MATCHGECOS
-# endif /* MATCHGECOS */
+# endif
# define MATCHGECOS 0 /* lacks an initialized GECOS field */
# define NEEDFSYNC 1 /* use sendmail's fsync() */
# define NEEDLINK 1 /* use sendmail's link() */
# define NOFTRUNCATE 1 /* lacks ftruncate() */
# define SFS_TYPE SFS_NONE /* can't determine disk space */
# define SM_CONF_SYSLOG 0 /* use sendmail decl of syslog() */
# define USE_DOUBLE_FORK 0 /* don't fork an intermediate zombie */
# define USE_ENVIRON 1 /* use environ instead of envp */
/* Missing header stuff */
# define AF_UNSPEC 0
# define AF_MAX AF_INET
# define IFF_LOOPBACK 0x8
# define IN_LOOPBACKNET 127
# define MAXNAMLEN NAME_MAX
# define S_IEXEC S_IXUSR
# define S_IREAD S_IRUSR
# define S_IWRITE S_IWUSR
/* Present header stuff that needs to be missing */
# undef NGROUPS_MAX
/* Shadow functions */
# define bind sendmail_mpe_bind
# define _exit sendmail_mpe__exit
# define exit sendmail_mpe_exit
# define fcntl sendmail_mpe_fcntl
# define getegid sendmail_mpe_getegid
# define geteuid sendmail_mpe_geteuid
# define getpwnam sendmail_mpe_getpwnam
# define getpwuid sendmail_mpe_getpwuid
# define setgid sendmail_mpe_setgid
# define setuid sendmail_mpe_setuid
extern int sendmail_mpe_fcntl __P((int, int, ...));
extern struct passwd * sendmail_mpe_getpwnam __P((const char *));
extern struct passwd * sendmail_mpe_getpwuid __P((uid_t));
# endif /* MPE */
/*
** System V Rel 5.x (a.k.a Unixware7 w/o BSD-Compatibility Libs ie. native)
**
** Contributed by Paul Gampe <paulg@apnic.net>
*/
# ifdef __svr5__
# include <sys/mkdev.h>
# define __svr4__
# define SYS5SIGNALS 1
# define HASFCHOWN 1 /* has fchown(2) call */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASSETREUID 1
# define HASWAITPID 1
# define HASGETDTABLESIZE 1
# define GIDSET_T gid_t
# define SOCKADDR_LEN_T size_t
# define SOCKOPT_LEN_T size_t
# define SIGWAIT_TAKES_1_ARG 1
# ifndef _PATH_UNIX
# define _PATH_UNIX "/stand/unix"
-# endif /* ! _PATH_UNIX */
+# endif
# define SPT_PADCHAR '\0' /* pad process title with nulls */
# ifndef SYSLOG_BUFSIZE
# define SYSLOG_BUFSIZE 1024 /* unsure */
-# endif /* ! SYSLOG_BUFSIZE */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/etc/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# undef offsetof /* avoid stddefs.h, sys/sysmacros.h conflict */
#if !defined(SM_SET_H_ERRNO) && defined(_REENTRANT)
# define SM_SET_H_ERRNO(err) set_h_errno((err))
-#endif /* ! SM_SET_H_ERRNO && _REENTRANT */
+#endif
# endif /* __svr5__ */
/* ###################################################################### */
/*
** UnixWare 2.x
*/
# ifdef UNIXWARE2
# define UNIXWARE 1
# undef offsetof /* avoid stddefs.h, sys/sysmacros.h conflict */
# endif /* UNIXWARE2 */
/*
** UnixWare 1.1.2.
**
** Updated by Petr Lampa <lampa@fee.vutbr.cz>.
** From Evan Champion <evanc@spatial.synapse.org>.
*/
# ifdef UNIXWARE
# include <sys/mkdev.h>
# define SYSTEM5 1
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
# define HASSETREUID 1
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASINITGROUPS 1
# define GIDSET_T gid_t
# define SLEEP_T unsigned
# define SFS_TYPE SFS_STATVFS
# define LA_TYPE LA_ZERO
# undef WIFEXITED
# undef WEXITSTATUS
# ifndef _PATH_UNIX
# define _PATH_UNIX "/unix"
-# endif /* ! _PATH_UNIX */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# define SYSLOG_BUFSIZE 128
# endif /* UNIXWARE */
/*
** Intergraph CLIX 3.1
**
** From Paul Southworth <pauls@locust.cic.net>
*/
# ifdef CLIX
# define SYSTEM5 1 /* looks like System V */
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
-# endif /* ! HASGETUSERSHELL */
+# endif
# define DEV_BSIZE 512 /* device block size not defined */
# define GIDSET_T gid_t
# undef LOG /* syslog not available */
# define NEEDFSYNC 1 /* no fsync in system library */
# define GETSHORT _getshort
# endif /* CLIX */
/*
** NCR MP-RAS 2.x (SysVr4) with Wollongong TCP/IP
**
** From Kevin Darcy <kevin@tech.mis.cfc.com>.
*/
# ifdef NCR_MP_RAS2
# include <sys/sockio.h>
# define __svr4__
# define IP_SRCROUTE 0 /* Something is broken with getsockopt() */
# define SYSLOG_BUFSIZE 1024
# define SPT_TYPE SPT_NONE
# endif /* NCR_MP_RAS2 */
/*
** NCR MP-RAS 3.x (SysVr4) with STREAMware TCP/IP
**
** From Tom Moore <Tom.Moore@DaytonOH.NCR.COM>
*/
# ifdef NCR_MP_RAS3
# define __svr4__
# define HASFCHOWN 1 /* has fchown(2) call */
# define LDA_USE_LOCKF 1
# define SIOCGIFNUM_IS_BROKEN 1 /* SIOCGIFNUM has non-std interface */
# define SO_REUSEADDR_IS_BROKEN 1 /* doesn't work if accept() fails */
# define SYSLOG_BUFSIZE 1024
# define SPT_TYPE SPT_NONE
# define _PATH_MAILDIR "/var/mail"
# ifndef _XOPEN_SOURCE
# define _XOPEN_SOURCE
# define _XOPEN_SOURCE_EXTENDED 1
# include <sys/resource.h>
# undef _XOPEN_SOURCE
# undef _XOPEN_SOURCE_EXTENDED
# endif /* ! _XOPEN_SOURCE */
# endif /* NCR_MP_RAS3 */
/*
** Tandem NonStop-UX SVR4
**
** From Rick McCarty <mccarty@mpd.tandem.com>.
*/
# ifdef NonStop_UX_BXX
# define __svr4__
# endif /* NonStop_UX_BXX */
/*
** Hitachi 3050R/3050RX and 3500 Workstations running HI-UX/WE2.
**
** Tested for 1.04, 1.03
** From Akihiro Hashimoto ("Hash") <hash@dominic.ipc.chiba-u.ac.jp>.
**
** Tested for 4.02, 6.10 and 7.10
** From Motonori NAKAMURA <motonori@media.kyoto-u.ac.jp>.
*/
# if !defined(__hpux) && (defined(_H3050R) || defined(_HIUX_SOURCE))
# define SYSTEM5 1 /* include all the System V defines */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define HASFCHMOD 1 /* has fchmod(2) syscall */
# define setreuid(r, e) setresuid(r, e, -1)
# define LA_TYPE LA_FLOAT
# define SPT_TYPE SPT_PSTAT
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# ifndef HASSETVBUF
# define HASSETVBUF /* HI-UX has no setlinebuf */
-# endif /* ! HASSETVBUF */
+# endif
# ifndef GIDSET_T
# define GIDSET_T gid_t
-# endif /* ! GIDSET_T */
+# endif
# ifndef _PATH_UNIX
# define _PATH_UNIX "/HI-UX"
-# endif /* ! _PATH_UNIX */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps */
-# endif /* ! HASGETUSERSHELL */
+# endif
# define FDSET_CAST (int *) /* cast for fd_set parameters to select */
/*
** avoid m_flags conflict between Berkeley DB 1.85 db.h & sys/sysmacros.h
** on HIUX 3050
*/
# undef m_flags
# define SM_CONF_SYSLOG 0
# endif /* !defined(__hpux) && (defined(_H3050R) || defined(_HIUX_SOURCE)) */
/*
** Amdahl UTS System V 2.1.5 (SVr3-based)
**
** From: Janet Jackson <janet@dialix.oz.au>.
*/
# ifdef _UTS
# include <sys/sysmacros.h>
# undef HASLSTAT /* has symlinks, but they cause problems */
# define NEEDFSYNC 1 /* system fsync(2) fails on non-EFS filesys */
# define SYS5SIGNALS 1 /* System V signal semantics */
# define SYS5SETPGRP 1 /* use System V setpgrp(2) syscall */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASINITGROUPS 1 /* has initgroups(3) function */
# define HASSETVBUF 1 /* has setvbuf(3) function */
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* does not have getusershell(3) function */
-# endif /* ! HASGETUSERSHELL */
+# endif
# define GIDSET_T gid_t /* type of 2nd arg to getgroups(2) isn't int */
# define LA_TYPE LA_ZERO /* doesn't have load average */
# define SFS_TYPE SFS_4ARGS /* use 4-arg statfs() */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define _PATH_UNIX "/unix"
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# endif /* _UTS */
/*
** Cray Computer Corporation's CSOS
**
** From Scott Bolte <scott@craycos.com>.
*/
# ifdef _CRAYCOM
# define SYSTEM5 1 /* include all the System V defines */
# define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */
# define NEEDFSYNC 1 /* no fsync in system library */
# define MAXPATHLEN PATHSIZE
# define LA_TYPE LA_ZERO
# define SFS_TYPE SFS_4ARGS /* four argument statfs() call */
# define SFS_BAVAIL f_bfree /* alternate field name */
# define _POSIX_CHOWN_RESTRICTED -1
extern struct group *getgrent(), *getgrnam(), *getgrgid();
# endif /* _CRAYCOM */
/*
** Sony NEWS-OS 4.2.1R and 6.0.3
**
** From Motonori NAKAMURA <motonori@cs.ritsumei.ac.jp>.
*/
# ifdef sony_news
# ifndef __svr4
/* NEWS-OS 4.2.1R */
# ifndef BSD
# define BSD /* has BSD routines */
-# endif /* ! BSD */
+# endif
# define HASUNSETENV 1 /* has unsetenv(2) call */
# undef HASSETVBUF /* don't actually have setvbuf(3) */
# define WAITUNION 1 /* use "union wait" as wait argument type */
# define LA_TYPE LA_INT
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# ifndef HASFLOCK
# define HASFLOCK 1 /* has flock(2) call */
-# endif /* ! HASFLOCK */
+# endif
# define setpgid setpgrp
# undef WIFEXITED
# undef WEXITSTATUS
# define MODE_T int /* system include files have no mode_t */
typedef int pid_t;
typedef int (*sigfunc_t)();
# define SIGFUNC_DEFINED
# define SIGFUNC_RETURN (0)
# define SIGFUNC_DECL int
# else /* ! __svr4 */
/* NEWS-OS 6.0.3 with /bin/cc */
# ifndef __svr4__
# define __svr4__ /* use all System V Release 4 defines below */
-# endif /* ! __svr4__ */
+# endif
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASGETUSERSHELL 1 /* DOES have getusershell(3) call in libc */
# define LA_TYPE LA_READKSYM /* use MIOC_READKSYM ioctl */
# ifndef SPT_TYPE
# define SPT_TYPE SPT_SYSMIPS /* use sysmips() (OS 6.0.2 or later) */
-# endif /* ! SPT_TYPE */
+# endif
# define GIDSET_T gid_t
# undef WIFEXITED
# undef WEXITSTATUS
# ifndef SYSLOG_BUFSIZE
# define SYSLOG_BUFSIZE 256
-# endif /* ! SYSLOG_BUFSIZE */
+# endif
# define _PATH_UNIX "/stand/unix"
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# endif /* ! __svr4 */
# endif /* sony_news */
/*
** Omron LUNA/UNIOS-B 3.0, LUNA2/Mach and LUNA88K Mach
**
** From Motonori NAKAMURA <motonori@cs.ritsumei.ac.jp>.
*/
# ifdef luna
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# define HASUNSETENV 1 /* has unsetenv(2) call */
# define NEEDPUTENV 1 /* need putenv(3) call */
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
# define NEEDSTRSTR 1 /* need emulation of the strstr(3) call */
# define WAITUNION 1 /* use "union wait" as wait argument type */
# ifdef uniosb
# include <sys/time.h>
# define NEEDVPRINTF 1 /* need a replacement for vprintf(3) */
# define LA_TYPE LA_INT
# define TZ_TYPE TZ_TM_ZONE /* use tm->tm_zone */
# endif /* uniosb */
# ifdef luna2
# define LA_TYPE LA_SUBR
# define TZ_TYPE TZ_TM_ZONE /* use tm->tm_zone */
# endif /* luna2 */
# ifdef luna88k
# define LA_TYPE LA_INT
-# endif /* luna88k */
+# endif
# define SFS_TYPE SFS_VFS /* use <sys/vfs.h> statfs() implementation */
# define setpgid setpgrp
# undef WIFEXITED
# undef WEXITSTATUS
typedef int pid_t;
typedef int (*sigfunc_t)();
# define SIGFUNC_DEFINED
# define SIGFUNC_RETURN (0)
# define SIGFUNC_DECL int
extern char *getenv();
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/lib/sendmail.cf"
# endif /* ! _PATH_VENDOR_CF */
# endif /* luna */
/*
** NEC EWS-UX/V 4.2 (with /usr/ucb/cc)
**
** From Motonori NAKAMURA <motonori@cs.ritsumei.ac.jp>.
*/
# if defined(nec_ews_svr4) || defined(_nec_ews_svr4)
# ifndef __svr4__
# define __svr4__ /* use all System V Release 4 defines below */
-# endif /* ! __svr4__ */
+# endif
# define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define LA_TYPE LA_READKSYM /* use MIOC_READSYM ioctl */
# define SFS_TYPE SFS_USTAT /* use System V ustat(2) syscall */
# define GIDSET_T gid_t
# undef WIFEXITED
# undef WEXITSTATUS
# define NAMELISTMASK 0x7fffffff /* mask for nlist() values */
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# ifndef SYSLOG_BUFSIZE
# define SYSLOG_BUFSIZE 1024 /* allow full size syslog buffer */
-# endif /* ! SYSLOG_BUFSIZE */
+# endif
# endif /* defined(nec_ews_svr4) || defined(_nec_ews_svr4) */
/*
** Fujitsu/ICL UXP/DS (For the DS/90 Series)
**
** From Diego R. Lopez <drlopez@cica.es>.
** Additional changes from Fumio Moriya and Toshiaki Nomura of the
** Fujitsu Fresoftware group <dsfrsoft@oai6.yk.fujitsu.co.jp>.
*/
# ifdef __uxp__
# include <arpa/nameser.h>
# include <sys/sysmacros.h>
# include <sys/mkdev.h>
# define __svr4__
# define HASGETUSERSHELL 0
# define HASFLOCK 0
# define _PATH_UNIX "/stand/unix"
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# endif /* __uxp__ */
/*
** Pyramid DC/OSx
**
** From Earle Ake <akee@wpdiss1.wpafb.af.mil>.
*/
# ifdef DCOSx
# define GIDSET_T gid_t
# ifndef IDENTPROTO
# define IDENTPROTO 0 /* TCP/IP implementation is broken */
-# endif /* ! IDENTPROTO */
+# endif
# endif /* DCOSx */
/*
** Concurrent Computer Corporation Maxion
**
** From Donald R. Laster Jr. <laster@access.digex.net>.
*/
# ifdef __MAXION__
# include <sys/stream.h>
# define __svr4__ 1 /* SVR4.2MP */
# define HASSETREUID 1 /* have setreuid(2) */
# define HASLSTAT 1 /* have lstat(2) */
# define HASSETRLIMIT 1 /* have setrlimit(2) */
# define HASGETDTABLESIZE 1 /* have getdtablesize(2) */
# define HASGETUSERSHELL 1 /* have getusershell(3) */
# define NOFTRUNCATE 1 /* do not have ftruncate(2) */
# define SLEEP_T unsigned
# define SFS_TYPE SFS_STATVFS
# define SFS_BAVAIL f_bavail
# ifndef SYSLOG_BUFSIZE
# define SYSLOG_BUFSIZE 256 /* Use 256 bytes */
-# endif /* ! SYSLOG_BUFSIZE */
+# endif
# undef WUNTRACED
# undef WIFEXITED
# undef WIFSIGNALED
# undef WIFSTOPPED
# undef WEXITSTATUS
# undef WTERMSIG
# undef WSTOPSIG
# endif /* __MAXION__ */
/*
** Harris Nighthawk PowerUX (nh6000 box)
**
** Contributed by Bob Miorelli, Pratt & Whitney <miorelli@pweh.com>
*/
# ifdef _PowerUX
# ifndef __svr4__
# define __svr4__
-# endif /* ! __svr4__ */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/etc/mail/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# define SYSLOG_BUFSIZE 1024
# define LA_TYPE LA_ZERO
typedef struct msgb mblk_t;
# undef offsetof /* avoid stddefs.h and sys/sysmacros.h conflict */
# endif /* _PowerUX */
/*
** Siemens Nixdorf Informationssysteme AG SINIX
**
** Contributed by Gerald Rinske of Siemens Business Services VAS.
*/
# ifdef sinix
# define HASRANDOM 0 /* has random(3) */
# define SYSLOG_BUFSIZE 1024
# define SM_INT32 int /* 32bit integer */
# endif /* sinix */
/*
** Motorola 922, MC88110, UNIX SYSTEM V/88 Release 4.0 Version 4.3
**
** Contributed by Sergey Rusanov <rsm@utfoms.udmnet.ru>
*/
# ifdef MOTO
# define HASFCHMOD 1
# define HASSETRLIMIT 0
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASSETREUID 1
# define HASULIMIT 1
# define HASWAITPID 1
# define HASGETDTABLESIZE 1
# define HASGETUSERSHELL 1
# define IP_SRCROUTE 0
# define IDENTPROTO 0
# define RES_DNSRCH_VARIABLE _res_dnsrch
# define _PATH_UNIX "/unix"
# define _PATH_VENDOR_CF "/etc/sendmail.cf"
# define _PATH_SENDMAILPID "/var/run/sendmail.pid"
# endif /* MOTO */
/*
** Interix
** Contributed by Nedelcho Stanev <nedelcho.stanev@atlanticsky.com>
**
** Used for Interix support.
*/
# if defined(__INTERIX)
# define HASURANDOMDEV 1
# define HASGETUSERSHELL 0
# define HASSTRERROR 1
# define HASUNSETENV 1
# define HASFCHOWN 1
# undef HAVE_SYS_ERRLIST
# define sys_errlist __sys_errlist
# define sys_nerr __sys_nerr
# include <sys/mkdev.h>
# ifndef major
# define major(dev) ((int)(((dev) >> 8) & 0xff))
-# endif /* ! major */
+# endif
# ifndef minor
# define minor(dev) ((int)((dev) & 0xff))
-# endif /* ! minor */
+# endif
# endif /* defined(__INTERIX) */
/**********************************************************************
** End of Per-Operating System defines
**********************************************************************/
/**********************************************************************
** More general defines
**********************************************************************/
/* general BSD defines */
# ifdef BSD
# define HASGETDTABLESIZE 1 /* has getdtablesize(2) call */
# ifndef HASSETREUID
# define HASSETREUID 1 /* has setreuid(2) call */
-# endif /* ! HASSETREUID */
+# endif
# define HASINITGROUPS 1 /* has initgroups(3) call */
# ifndef IP_SRCROUTE
# define IP_SRCROUTE 1 /* can check IP source routing */
-# endif /* ! IP_SRCROUTE */
+# endif
# ifndef HASSETRLIMIT
# define HASSETRLIMIT 1 /* has setrlimit(2) call */
-# endif /* ! HASSETRLIMIT */
+# endif
# ifndef HASFLOCK
# define HASFLOCK 1 /* has flock(2) call */
-# endif /* ! HASFLOCK */
+# endif
# ifndef TZ_TYPE
# define TZ_TYPE TZ_TM_ZONE /* use tm->tm_zone variable */
-# endif /* ! TZ_TYPE */
+# endif
# endif /* BSD */
/* general System V Release 4 defines */
# ifdef __svr4__
# define SYSTEM5 1
# define USESETEUID 1 /* has usable seteuid(2) call */
# define HASINITGROUPS 1 /* has initgroups(3) call */
# define BSD_COMP 1 /* get BSD ioctl calls */
# ifndef HASSETRLIMIT
# define HASSETRLIMIT 1 /* has setrlimit(2) call */
-# endif /* ! HASSETRLIMIT */
+# endif
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* does not have getusershell(3) call */
-# endif /* ! HASGETUSERSHELL */
+# endif
# ifndef HASFCHMOD
# define HASFCHMOD 1 /* most (all?) SVr4s seem to have fchmod(2) */
-# endif /* ! HASFCHMOD */
+# endif
# ifndef _PATH_UNIX
# define _PATH_UNIX "/unix"
-# endif /* ! _PATH_UNIX */
+# endif
# ifndef _PATH_VENDOR_CF
# define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf"
-# endif /* ! _PATH_VENDOR_CF */
+# endif
# ifndef _PATH_SENDMAILPID
# define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid"
-# endif /* ! _PATH_SENDMAILPID */
+# endif
# ifndef SYSLOG_BUFSIZE
# define SYSLOG_BUFSIZE 128
-# endif /* ! SYSLOG_BUFSIZE */
+# endif
# ifndef SFS_TYPE
# define SFS_TYPE SFS_STATVFS
-# endif /* ! SFS_TYPE */
+# endif
# ifndef USE_SIGLONGJMP
# define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */
-# endif /* ! USE_SIGLONGJMP */
+# endif
# endif /* __svr4__ */
# ifdef __SVR4
# define LDA_USE_LOCKF 1
# define LDA_USE_SETEUID 1
# define _PATH_MAILDIR "/var/mail"
# endif /* __SVR4 */
/* general System V defines */
# ifdef SYSTEM5
# include <sys/sysmacros.h>
# define HASUNAME 1 /* use System V uname(2) system call */
# define SYS5SETPGRP 1 /* use System V setpgrp(2) syscall */
# define HASSETVBUF 1 /* we have setvbuf(3) in libc */
# ifndef HASULIMIT
# define HASULIMIT 1 /* has the ulimit(2) syscall */
-# endif /* ! HASULIMIT */
+# endif
# ifndef LA_TYPE
# ifdef MIOC_READKSYM
# define LA_TYPE LA_READKSYM /* use MIOC_READKSYM ioctl */
-# else /* MIOC_READKSYM */
+# else
# define LA_TYPE LA_INT /* assume integer load average */
-# endif /* MIOC_READKSYM */
+# endif
# endif /* ! LA_TYPE */
# ifndef SFS_TYPE
# define SFS_TYPE SFS_USTAT /* use System V ustat(2) syscall */
-# endif /* ! SFS_TYPE */
+# endif
# ifndef TZ_TYPE
# define TZ_TYPE TZ_TZNAME /* use tzname[] vector */
-# endif /* ! TZ_TYPE */
+# endif
# endif /* SYSTEM5 */
/* general POSIX defines */
# ifdef _POSIX_VERSION
# define HASSETSID 1 /* has POSIX setsid(2) call */
# define HASWAITPID 1 /* has POSIX waitpid(2) call */
# if _POSIX_VERSION >= 199500 && !defined(USESETEUID)
# define USESETEUID 1 /* has usable seteuid(2) call */
# endif /* _POSIX_VERSION >= 199500 && !defined(USESETEUID) */
# endif /* _POSIX_VERSION */
/*
** Tweaking for systems that (for example) claim to be BSD or POSIX
** but don't have all the standard BSD or POSIX routines (boo hiss).
*/
# ifdef titan
# undef HASINITGROUPS /* doesn't have initgroups(3) call */
-# endif /* titan */
+# endif
# ifdef _CRAYCOM
# undef HASSETSID /* despite POSIX claim, doesn't have setsid */
-# endif /* _CRAYCOM */
+# endif
# ifdef MOTO
# undef USESETEUID
-# endif /* MOTO */
+# endif
/*
** Due to a "feature" in some operating systems such as Ultrix 4.3 and
** HPUX 8.0, if you receive a "No route to host" message (ICMP message
** ICMP_UNREACH_HOST) on _any_ connection, all connections to that host
** are closed. Some firewalls return this error if you try to connect
** to the IDENT port (113), so you can't receive email from these hosts
** on these systems. The firewall really should use a more specific
** message such as ICMP_UNREACH_PROTOCOL or _PORT or _FILTER_PROHIB. If
** not explicitly set to zero above, default it on.
*/
# ifndef IDENTPROTO
# define IDENTPROTO 1 /* use IDENT proto (RFC 1413) */
-# endif /* ! IDENTPROTO */
+# endif
# ifndef IP_SRCROUTE
# define IP_SRCROUTE 1 /* Detect IP source routing */
-# endif /* ! IP_SRCROUTE */
+# endif
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 1 /* libc has getusershell(3) call */
-# endif /* ! HASGETUSERSHELL */
+# endif
# ifndef NETUNIX
# define NETUNIX 1 /* include unix domain support */
-# endif /* ! NETUNIX */
+# endif
# ifndef HASRANDOM
# define HASRANDOM 1 /* has random(3) support */
-# endif /* ! HASRANDOM */
+# endif
# ifndef HASFLOCK
# define HASFLOCK 0 /* assume no flock(2) support */
-# endif /* ! HASFLOCK */
+# endif
# ifndef HASSETREUID
# define HASSETREUID 0 /* assume no setreuid(2) call */
-# endif /* ! HASSETREUID */
+# endif
# ifndef HASFCHMOD
# define HASFCHMOD 0 /* assume no fchmod(2) syscall */
-# endif /* ! HASFCHMOD */
+# endif
# ifndef USESETEUID
# define USESETEUID 0 /* assume no seteuid(2) call or no saved ids */
-# endif /* ! USESETEUID */
+# endif
# ifndef HASSETRLIMIT
# define HASSETRLIMIT 0 /* assume no setrlimit(2) support */
-# endif /* ! HASSETRLIMIT */
+# endif
# ifndef HASULIMIT
# define HASULIMIT 0 /* assume no ulimit(2) support */
-# endif /* ! HASULIMIT */
+# endif
# ifndef SECUREWARE
# define SECUREWARE 0 /* assume no SecureWare C2 auditing hooks */
-# endif /* ! SECUREWARE */
+# endif
# ifndef USE_DOUBLE_FORK
# define USE_DOUBLE_FORK 1 /* avoid intermediate zombies */
-# endif /* ! USE_DOUBLE_FORK */
+# endif
# ifndef USE_ENVIRON
# define USE_ENVIRON 0 /* use main() envp instead of extern environ */
-# endif /* ! USE_ENVIRON */
+# endif
# ifndef USE_SIGLONGJMP
# define USE_SIGLONGJMP 0 /* assume setjmp handles signals properly */
-# endif /* ! USE_SIGLONGJMP */
+# endif
# ifndef FDSET_CAST
# define FDSET_CAST /* (empty) cast for fd_set arg to select */
-# endif /* ! FDSET_CAST */
+# endif
/*
** Pick a mailer setuid method for changing the current uid
*/
# define USE_SETEUID 0
# define USE_SETREUID 1
# define USE_SETUID 2
# if USESETEUID
# define MAILER_SETUID_METHOD USE_SETEUID
# else /* USESETEUID */
# if HASSETREUID
# define MAILER_SETUID_METHOD USE_SETREUID
-# else /* HASSETREUID */
+# else
# define MAILER_SETUID_METHOD USE_SETUID
-# endif /* HASSETREUID */
+# endif
# endif /* USESETEUID */
/*
** If no type for argument two of getgroups call is defined, assume
** it's an integer -- unfortunately, there seem to be several choices
** here.
*/
# ifndef GIDSET_T
# define GIDSET_T int
-# endif /* ! GIDSET_T */
+# endif
# ifndef UID_T
# define UID_T uid_t
-# endif /* ! UID_T */
+# endif
# ifndef GID_T
# define GID_T gid_t
-# endif /* ! GID_T */
+# endif
# ifndef MODE_T
# define MODE_T mode_t
-# endif /* ! MODE_T */
+# endif
# ifndef ARGV_T
# define ARGV_T char **
-# endif /* ! ARGV_T */
+# endif
# ifndef SOCKADDR_LEN_T
# define SOCKADDR_LEN_T int
-# endif /* ! SOCKADDR_LEN_T */
+# endif
# ifndef SOCKOPT_LEN_T
# define SOCKOPT_LEN_T int
-# endif /* ! SOCKOPT_LEN_T */
+# endif
# ifndef QUAD_T
# define QUAD_T unsigned long
-# endif /* ! QUAD_T */
+# endif
/**********************************************************************
** Remaining definitions should never have to be changed. They are
** primarily to provide back compatibility for older systems -- for
** example, it includes some POSIX compatibility definitions
**********************************************************************/
/* System 5 compatibility */
# ifndef S_ISREG
# define S_ISREG(foo) ((foo & S_IFMT) == S_IFREG)
-# endif /* ! S_ISREG */
+# endif
# ifndef S_ISDIR
# define S_ISDIR(foo) ((foo & S_IFMT) == S_IFDIR)
-# endif /* ! S_ISDIR */
+# endif
# if !defined(S_ISLNK) && defined(S_IFLNK)
# define S_ISLNK(foo) ((foo & S_IFMT) == S_IFLNK)
-# endif /* !defined(S_ISLNK) && defined(S_IFLNK) */
+# endif
# if !defined(S_ISFIFO)
# if defined(S_IFIFO)
# define S_ISFIFO(foo) ((foo & S_IFMT) == S_IFIFO)
-# else /* defined(S_IFIFO) */
+# else
# define S_ISFIFO(foo) false
-# endif /* defined(S_IFIFO) */
+# endif
# endif /* !defined(S_ISFIFO) */
# ifndef S_IRUSR
# define S_IRUSR 0400
-# endif /* ! S_IRUSR */
+# endif
# ifndef S_IWUSR
# define S_IWUSR 0200
-# endif /* ! S_IWUSR */
+# endif
# ifndef S_IRGRP
# define S_IRGRP 0040
-# endif /* ! S_IRGRP */
+# endif
# ifndef S_IWGRP
# define S_IWGRP 0020
-# endif /* ! S_IWGRP */
+# endif
# ifndef S_IROTH
# define S_IROTH 0004
-# endif /* ! S_IROTH */
+# endif
# ifndef S_IWOTH
# define S_IWOTH 0002
-# endif /* ! S_IWOTH */
+# endif
/* close-on-exec flag */
# ifndef FD_CLOEXEC
# define FD_CLOEXEC 1
-# endif /* ! FD_CLOEXEC */
+# endif
/*
** Older systems don't have this error code -- it should be in
** /usr/include/sysexits.h.
*/
# ifndef EX_CONFIG
# define EX_CONFIG 78 /* configuration error */
-# endif /* ! EX_CONFIG */
+# endif
/* pseudo-codes */
# define EX_QUIT 22 /* drop out of server immediately */
# define EX_RESTART 23 /* restart sendmail daemon */
# define EX_SHUTDOWN 24 /* shutdown sendmail daemon */
#ifndef EX_NOTFOUND
# define EX_NOTFOUND EX_NOHOST
-#endif /* ! EX_NOTFOUND */
+#endif
/* pseudo-code used for mci_setstat */
# define EX_NOTSTICKY (-5) /* don't save persistent status */
/*
** An "impossible" file mode to indicate that the file does not exist.
*/
# define ST_MODE_NOFILE 0171147 /* unlikely to occur */
/* type of arbitrary pointer */
# ifndef ARBPTR_T
# define ARBPTR_T void *
-# endif /* ! ARBPTR_T */
+# endif
# ifndef __P
# include "sm/cdefs.h"
-# endif /* ! __P */
+# endif
# if HESIOD && !defined(NAMED_BIND)
# define NAMED_BIND 1 /* not one without the other */
-# endif /* HESIOD && !defined(NAMED_BIND) */
+# endif
# if NAMED_BIND && !defined( __ksr__ ) && !defined( h_errno )
extern int h_errno;
-# endif /* NAMED_BIND && !defined( __ksr__ ) && !defined( h_errno ) */
+# endif
# if NEEDPUTENV
extern int putenv __P((char *));
-# endif /* NEEDPUTENV */
+# endif
#if !HASUNSETENV
extern void unsetenv __P((char *));
-#endif /* !HASUNSETENV */
+#endif
# ifdef LDAPMAP
# include <sys/time.h>
# include <lber.h>
# include <ldap.h>
/* Some LDAP constants */
# define LDAPMAP_FALSE 0
# define LDAPMAP_TRUE 1
/*
** ldap_init(3) is broken in Umich 3.x and OpenLDAP 1.0/1.1.
** Use the lack of LDAP_OPT_SIZELIMIT to detect old API implementations
** and assume (falsely) that all old API implementations are broken.
** (OpenLDAP 1.2 and later have a working ldap_init(), add -DUSE_LDAP_INIT)
*/
# if defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_INIT)
# define USE_LDAP_INIT 1
-# endif /* defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_INIT) */
+# endif
+
+# if !defined(LDAP_NETWORK_TIMEOUT) && defined(_FFR_LDAP_NETWORK_TIMEOUT)
+# define LDAP_NETWORK_TIMEOUT _FFR_LDAP_NETWORK_TIMEOUT
+# endif
+
+# if !defined(LDAP_NETWORK_TIMEOUT) && defined(LDAP_OPT_NETWORK_TIMEOUT)
+# define LDAP_NETWORK_TIMEOUT 1
+# endif
/*
** LDAP_OPT_SIZELIMIT is not defined under Umich 3.x nor OpenLDAP 1.x,
** hence ldap_set_option() must not exist.
*/
# if defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_SET_OPTION)
# define USE_LDAP_SET_OPTION 1
-# endif /* defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_SET_OPTION) */
+# endif
# endif /* LDAPMAP */
# if HASUNAME
# include <sys/utsname.h>
# ifdef newstr
# undef newstr
-# endif /* newstr */
+# endif
# else /* HASUNAME */
# define NODE_LENGTH 32
struct utsname
{
char nodename[NODE_LENGTH + 1];
};
# endif /* HASUNAME */
# if !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V)
# define MAXHOSTNAMELEN 256
-# endif /* !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V) */
+# endif
-# if _FFR_LINUX_MHNL && defined(__linux__) && MAXHOSTNAMELEN < 255
+# if defined(__linux__) && MAXHOSTNAMELEN < 255
/*
** override Linux weirdness: a FQHN can be 255 chars long
** SUSv3 requires HOST_NAME_MAX ("Maximum length of a host
** name (not including the terminating null) as returned from the
** gethostname() function.") to be at least 255. c.f.:
** http://www.opengroup.org/onlinepubs/009695399
** but Linux defines that to 64 too.
*/
# undef MAXHOSTNAMELEN
# define MAXHOSTNAMELEN 256
-# endif /* _FFR_LINUX_MHNL && defined(__linux__) && MAXHOSTNAMELEN < 255 */
+# endif /* defined(__linux__) && MAXHOSTNAMELEN < 255 */
# if !defined(SIGCHLD) && defined(SIGCLD)
# define SIGCHLD SIGCLD
-# endif /* !defined(SIGCHLD) && defined(SIGCLD) */
+# endif
# ifndef STDIN_FILENO
# define STDIN_FILENO 0
-# endif /* ! STDIN_FILENO */
+# endif
# ifndef STDOUT_FILENO
# define STDOUT_FILENO 1
-# endif /* ! STDOUT_FILENO */
+# endif
# ifndef STDERR_FILENO
# define STDERR_FILENO 2
-# endif /* ! STDERR_FILENO */
+# endif
# ifndef LOCK_SH
# define LOCK_SH 0x01 /* shared lock */
# define LOCK_EX 0x02 /* exclusive lock */
# define LOCK_NB 0x04 /* non-blocking lock */
# define LOCK_UN 0x08 /* unlock */
# endif /* ! LOCK_SH */
# ifndef S_IXOTH
# define S_IXOTH (S_IEXEC >> 6)
-# endif /* ! S_IXOTH */
+# endif
# ifndef S_IXGRP
# define S_IXGRP (S_IEXEC >> 3)
-# endif /* ! S_IXGRP */
+# endif
# ifndef S_IXUSR
# define S_IXUSR (S_IEXEC)
-# endif /* ! S_IXUSR */
+# endif
#ifndef O_ACCMODE
# define O_ACCMODE (O_RDONLY|O_WRONLY|O_RDWR)
-#endif /* ! O_ACCMODE */
+#endif
# ifndef SEEK_SET
# define SEEK_SET 0
# define SEEK_CUR 1
# define SEEK_END 2
# endif /* ! SEEK_SET */
# ifndef SIG_ERR
# define SIG_ERR ((void (*)()) -1)
-# endif /* ! SIG_ERR */
+# endif
# ifndef WEXITSTATUS
# define WEXITSTATUS(st) (((st) >> 8) & 0377)
-# endif /* ! WEXITSTATUS */
+# endif
# ifndef WIFEXITED
# define WIFEXITED(st) (((st) & 0377) == 0)
-# endif /* ! WIFEXITED */
+# endif
# ifndef WIFSTOPPED
# define WIFSTOPPED(st) (((st) & 0100) == 0)
-# endif /* ! WIFSTOPPED */
+# endif
# ifndef WCOREDUMP
# define WCOREDUMP(st) (((st) & 0200) != 0)
-# endif /* ! WCOREDUMP */
+# endif
# ifndef WTERMSIG
# define WTERMSIG(st) (((st) & 0177))
-# endif /* ! WTERMSIG */
+# endif
# ifndef SIGFUNC_DEFINED
typedef void (*sigfunc_t) __P((int));
-# endif /* ! SIGFUNC_DEFINED */
+# endif
# ifndef SIGFUNC_RETURN
# define SIGFUNC_RETURN
-# endif /* ! SIGFUNC_RETURN */
+# endif
# ifndef SIGFUNC_DECL
# define SIGFUNC_DECL void
-# endif /* ! SIGFUNC_DECL */
+# endif
/* size of syslog buffer */
# ifndef SYSLOG_BUFSIZE
# define SYSLOG_BUFSIZE 1024
-# endif /* ! SYSLOG_BUFSIZE */
+# endif
/* for FD_SET() */
#ifndef FD_SETSIZE
# define FD_SETSIZE 256
-#endif /* ! FD_SETSIZE */
+#endif
#ifndef SIGWAIT_TAKES_1_ARG
# define SIGWAIT_TAKES_1_ARG 0
-#endif /* ! SIGWAIT_TAKES_1_ARG */
+#endif
/*
** Size of prescan buffer.
** Despite comments in the _sendmail_ book, this probably should
** not be changed; there are some hard-to-define dependencies.
*/
# define PSBUFSIZE (MAXNAME + MAXATOM) /* size of prescan buffer */
/* fork routine -- set above using #ifdef _osname_ or in Makefile */
# ifndef FORK
# define FORK fork /* function to call to fork mailer */
-# endif /* ! FORK */
+# endif
/* setting h_errno */
# ifndef SM_SET_H_ERRNO
# define SM_SET_H_ERRNO(err) h_errno = (err)
-# endif /* SM_SET_H_ERRNO */
+# endif
# ifndef SM_CONF_GETOPT
# define SM_CONF_GETOPT 1
-# endif /* ! SM_CONF_GETOPT */
+# endif
/* random routine -- set above using #ifdef _osname_ or in Makefile */
# if HASRANDOM
# define get_random() random()
# else /* HASRANDOM */
# define get_random() ((long) rand())
# ifndef RANDOMSHIFT
# define RANDOMSHIFT 8
-# endif /* ! RANDOMSHIFT */
+# endif
# endif /* HASRANDOM */
/*
** Default to using scanf in readcf.
*/
# ifndef SCANF
# define SCANF 1
-# endif /* ! SCANF */
+# endif
/* XXX 32 bit type */
# ifndef SM_INT32
# define SM_INT32 int32_t
-# endif /* ! SM_INT32 */
+# endif
/* XXX 16 bit type */
# ifndef SM_UINT16
# define SM_UINT16 uint16_t
-# endif /* ! SM_UINT16 */
+# endif
/* additional valid chars in user/group names in passwd */
# ifndef SM_PWN_CHARS
# define SM_PWN_CHARS "-_."
# endif
/*
** SVr4 and similar systems use different routines for setjmp/longjmp
** with signal support
*/
# if USE_SIGLONGJMP
# ifdef jmp_buf
# undef jmp_buf
-# endif /* jmp_buf */
+# endif
# define jmp_buf sigjmp_buf
# ifdef setjmp
# undef setjmp
-# endif /* setjmp */
+# endif
# define setjmp(env) sigsetjmp(env, 1)
# ifdef longjmp
# undef longjmp
-# endif /* longjmp */
+# endif
# define longjmp(env, val) siglongjmp(env, val)
# endif /* USE_SIGLONGJMP */
# if !defined(NGROUPS_MAX) && defined(NGROUPS)
# define NGROUPS_MAX NGROUPS /* POSIX naming convention */
-# endif /* !defined(NGROUPS_MAX) && defined(NGROUPS) */
+# endif
/*
** Some snprintf() implementations are rumored not to NUL terminate.
*/
# if SNPRINTF_IS_BROKEN
# ifdef snprintf
# undef snprintf
-# endif /* snprintf */
+# endif
# define snprintf sm_snprintf
# ifdef vsnprintf
# undef vsnprintf
-# endif /* vsnprintf */
+# endif
# define vsnprintf sm_vsnprintf
# endif /* SNPRINTF_IS_BROKEN */
/*
** If we don't have a system syslog, simulate it.
*/
# if !LOG
# define LOG_EMERG 0 /* system is unusable */
# define LOG_ALERT 1 /* action must be taken immediately */
# define LOG_CRIT 2 /* critical conditions */
# define LOG_ERR 3 /* error conditions */
# define LOG_WARNING 4 /* warning conditions */
# define LOG_NOTICE 5 /* normal but significant condition */
# define LOG_INFO 6 /* informational */
# define LOG_DEBUG 7 /* debug-level messages */
# endif /* !LOG */
# ifndef SM_CONF_SYSLOG
# define SM_CONF_SYSLOG 1 /* syslog.h has prototype for syslog() */
-# endif /* SM_CONF_SYSLOG */
+# endif
# if !SM_CONF_SYSLOG
# ifdef __STDC__
extern void syslog(int, const char *, ...);
-# else /* __STDC__ */
+# else
extern void syslog();
-# endif /* __STDC__ */
+# endif
# endif /* !SM_CONF_SYSLOG */
/* portable(?) definition for alignment */
# ifndef SM_ALIGN_SIZE
struct sm_align
{
char al_c;
union
{
long al_l;
void *al_p;
double al_d;
void (*al_f) __P((void));
} al_u;
};
# define SM_ALIGN_SIZE offsetof(struct sm_align, al_u)
# endif /* ! SM_ALIGN_SIZE */
# define SM_ALIGN_BITS (SM_ALIGN_SIZE - 1)
char *sm_inet6_ntop __P((const void *, char *, size_t));
#endif /* ! SM_CONF_H */
diff --git a/include/sm/config.h b/include/sm/config.h
index 451f1360612b..3eb5662d20aa 100644
--- a/include/sm/config.h
+++ b/include/sm/config.h
@@ -1,189 +1,189 @@
/*
* Copyright (c) 2000-2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: config.h,v 1.49 2013-11-22 20:51:31 ca Exp $
*/
/*
** libsm configuration macros.
** The values of these macros are platform dependent.
** The default values are given here.
** If the default is incorrect, then the correct value can be specified
** in the m4 configuration file in devtools/OS.
*/
#ifndef SM_CONFIG_H
# define SM_CONFIG_H
# include "sm_os.h"
/*
** SM_CONF_STDBOOL_H is 1 if <stdbool.h> exists
**
** Note, unlike gcc, clang doesn't apply full prototypes to K&R definitions.
*/
# ifndef SM_CONF_STDBOOL_H
# if !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
# define SM_CONF_STDBOOL_H 1
-# else /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
+# else
# define SM_CONF_STDBOOL_H 0
-# endif /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
+# endif
# endif /* ! SM_CONF_STDBOOL_H */
/*
** Configuration macros that specify how __P is defined.
*/
# ifndef SM_CONF_SYS_CDEFS_H
# define SM_CONF_SYS_CDEFS_H 0
-# endif /* ! SM_CONF_SYS_CDEFS_H */
+# endif
/*
** SM_CONF_STDDEF_H is 1 if <stddef.h> exists
*/
# ifndef SM_CONF_STDDEF_H
# define SM_CONF_STDDEF_H 1
-# endif /* ! SM_CONF_STDDEF_H */
+# endif
/*
** Configuration macro that specifies whether strlcpy/strlcat are available.
** Note: this is the default so that the libsm version (optimized) will
** be used by default (sm_strlcpy/sm_strlcat).
*/
# ifndef SM_CONF_STRL
# define SM_CONF_STRL 0
-# endif /* ! SM_CONF_STRL */
+# endif
/*
** Configuration macro indicating that setitimer is available
*/
# ifndef SM_CONF_SETITIMER
# define SM_CONF_SETITIMER 1
-# endif /* ! SM_CONF_SETITIMER */
+# endif
/*
** Does <sys/types.h> define uid_t and gid_t?
*/
# ifndef SM_CONF_UID_GID
# define SM_CONF_UID_GID 1
-# endif /* ! SM_CONF_UID_GID */
+# endif
/*
** Does <sys/types.h> define ssize_t?
*/
# ifndef SM_CONF_SSIZE_T
# define SM_CONF_SSIZE_T 1
-# endif /* ! SM_CONF_SSIZE_T */
+# endif
/*
** Does the C compiler support long long?
*/
# ifndef SM_CONF_LONGLONG
# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
# define SM_CONF_LONGLONG 1
# else /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# if defined(__GNUC__)
# define SM_CONF_LONGLONG 1
-# else /* defined(__GNUC__) */
+# else
# define SM_CONF_LONGLONG 0
-# endif /* defined(__GNUC__) */
+# endif
# endif /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# endif /* ! SM_CONF_LONGLONG */
/*
** Does <sys/types.h> define quad_t and u_quad_t?
** We only care if long long is not available.
*/
# ifndef SM_CONF_QUAD_T
# define SM_CONF_QUAD_T 0
-# endif /* ! SM_CONF_QUAD_T */
+# endif
/*
** Configuration macro indicating that shared memory is available
*/
# ifndef SM_CONF_SHM
# define SM_CONF_SHM 0
-# endif /* ! SM_CONF_SHM */
+# endif
/*
** Does <setjmp.h> define sigsetjmp?
*/
# ifndef SM_CONF_SIGSETJMP
# define SM_CONF_SIGSETJMP 1
-# endif /* ! SM_CONF_SIGSETJMP */
+# endif
/*
** Does <sysexits.h> exist, and define the EX_* macros with values
** that differ from the default BSD values in <sm/sysexits.h>?
*/
# ifndef SM_CONF_SYSEXITS_H
# define SM_CONF_SYSEXITS_H 0
-# endif /* ! SM_CONF_SYSEXITS_H */
+# endif
/* has memchr() prototype? (if not: needs memory.h) */
# ifndef SM_CONF_MEMCHR
# define SM_CONF_MEMCHR 1
-# endif /* ! SM_CONF_MEMCHR */
+# endif
/* try LLONG tests in libsm/t-types.c? */
# ifndef SM_CONF_TEST_LLONG
# define SM_CONF_TEST_LLONG 1
-# endif /* !SM_CONF_TEST_LLONG */
+# endif
/* LDAP Checks */
# if LDAPMAP
# include <lber.h>
# include <ldap.h>
/* Does the LDAP library have ldap_memfree()? */
# ifndef SM_CONF_LDAP_MEMFREE
/*
** The new LDAP C API (draft-ietf-ldapext-ldap-c-api-04.txt) includes
** ldap_memfree() in the API. That draft states to use LDAP_API_VERSION
** of 2004 to identify the API.
*/
# if USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004
# define SM_CONF_LDAP_MEMFREE 1
-# else /* USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004 */
+# else
# define SM_CONF_LDAP_MEMFREE 0
-# endif /* USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004 */
+# endif
# endif /* ! SM_CONF_LDAP_MEMFREE */
/* Does the LDAP library have ldap_initialize()? */
# ifndef SM_CONF_LDAP_INITIALIZE
/*
** Check for ldap_initialize() support for support for LDAP URI's with
** non-ldap:// schemes.
*/
/* OpenLDAP does it with LDAP_OPT_URI */
# ifdef LDAP_OPT_URI
# define SM_CONF_LDAP_INITIALIZE 1
-# endif /* LDAP_OPT_URI */
+# endif
# endif /* !SM_CONF_LDAP_INITIALIZE */
# endif /* LDAPMAP */
/* don't use strcpy() */
# ifndef DO_NOT_USE_STRCPY
# define DO_NOT_USE_STRCPY 1
-# endif /* ! DO_NOT_USE_STRCPY */
+# endif
#endif /* ! SM_CONFIG_H */
diff --git a/include/sm/debug.h b/include/sm/debug.h
index 9c7bb803d128..eb045c8ffed5 100644
--- a/include/sm/debug.h
+++ b/include/sm/debug.h
@@ -1,135 +1,135 @@
/*
* Copyright (c) 2000, 2001, 2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: debug.h,v 1.17 2013-11-22 20:51:31 ca Exp $
*/
/*
** libsm debugging and tracing
** See libsm/debug.html for documentation.
*/
#ifndef SM_DEBUG_H
# define SM_DEBUG_H
# include <sm/gen.h>
# include <sm/io.h>
/*
** abstractions for printing trace messages
*/
extern SM_FILE_T *
sm_debug_file __P((void));
extern void
sm_debug_setfile __P(( SM_FILE_T *));
extern void PRINTFLIKE(1, 2)
sm_dprintf __P((char *_fmt, ...));
extern void
sm_dflush __P((void));
extern void
sm_debug_close __P((void));
/*
** abstractions for setting and testing debug activation levels
*/
extern void
sm_debug_addsettings_x __P((const char *));
extern void
sm_debug_addsetting_x __P((const char *, int));
# define SM_DEBUG_UNKNOWN ((SM_ATOMIC_UINT_T)(-1))
extern const char SmDebugMagic[];
typedef struct sm_debug SM_DEBUG_T;
struct sm_debug
{
const char *sm_magic; /* points to SmDebugMagic */
/*
** debug_level is the activation level of this debug
** object. Level 0 means no debug activity.
** It is initialized to SM_DEBUG_UNKNOWN, which indicates
** that the true value is unknown. If debug_level ==
** SM_DEBUG_UNKNOWN, then the access functions will look up
** its true value in the internal table of debug settings.
*/
SM_ATOMIC_UINT_T debug_level;
/*
** debug_name is the name used to reference this SM_DEBUG
** structure via the sendmail -d option.
*/
char *debug_name;
/*
** debug_desc is a literal character string of the form
** "@(#)$Debug: <name> - <short description> $"
*/
char *debug_desc;
/*
** We keep a linked list of initialized SM_DEBUG structures
** so that when sm_debug_addsetting is called, we can reset
** them all back to the uninitialized state.
*/
SM_DEBUG_T *debug_next;
};
# ifndef SM_DEBUG_CHECK
# define SM_DEBUG_CHECK 1
-# endif /* ! SM_DEBUG_CHECK */
+# endif
# if SM_DEBUG_CHECK
/*
** This macro is cleverly designed so that if the debug object is below
** the specified level, then the only overhead is a single comparison
** (except for the first time this macro is invoked).
*/
# define sm_debug_active(debug, level) \
((debug)->debug_level >= (level) && \
((debug)->debug_level != SM_DEBUG_UNKNOWN || \
sm_debug_loadactive(debug, level)))
# define sm_debug_level(debug) \
((debug)->debug_level == SM_DEBUG_UNKNOWN \
? sm_debug_loadlevel(debug) : (debug)->debug_level)
# define sm_debug_unknown(debug) ((debug)->debug_level == SM_DEBUG_UNKNOWN)
# else /* SM_DEBUG_CHECK */
# define sm_debug_active(debug, level) 0
# define sm_debug_level(debug) 0
# define sm_debug_unknown(debug) 0
# endif /* SM_DEBUG_CHECK */
extern bool
sm_debug_loadactive __P((SM_DEBUG_T *, int));
extern int
sm_debug_loadlevel __P((SM_DEBUG_T *));
# define SM_DEBUG_INITIALIZER(name, desc) { \
SmDebugMagic, \
SM_DEBUG_UNKNOWN, \
name, \
desc, \
NULL}
#endif /* ! SM_DEBUG_H */
diff --git a/include/sm/errstring.h b/include/sm/errstring.h
index 14c100773202..16d0598a45e6 100644
--- a/include/sm/errstring.h
+++ b/include/sm/errstring.h
@@ -1,94 +1,93 @@
/*
* Copyright (c) 1998-2001, 2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: errstring.h,v 1.11 2013-11-22 20:51:31 ca Exp $
*/
/*
** Error codes.
*/
#ifndef SM_ERRSTRING_H
# define SM_ERRSTRING_H
#if defined(__QNX__)
# define E_PSEUDOBASE 512
-#endif /* defined(__QNX__) */
+#endif
#include <errno.h>
#if NEEDINTERRNO
extern int errno;
-#endif /* NEEDINTERRNO */
+#endif
/*
** These are used in a few cases where we need some special
** error codes, but where the system doesn't provide something
** reasonable. They are printed in sm_errstring.
*/
#ifndef E_PSEUDOBASE
# define E_PSEUDOBASE 256
-#endif /* ! E_PSEUDOBASE */
+#endif
#define E_SM_OPENTIMEOUT (E_PSEUDOBASE + 0) /* Timeout on file open */
#define E_SM_NOSLINK (E_PSEUDOBASE + 1) /* Symbolic links not allowed */
#define E_SM_NOHLINK (E_PSEUDOBASE + 2) /* Hard links not allowed */
#define E_SM_REGONLY (E_PSEUDOBASE + 3) /* Regular files only */
#define E_SM_ISEXEC (E_PSEUDOBASE + 4) /* Executable files not allowed */
#define E_SM_WWDIR (E_PSEUDOBASE + 5) /* World writable directory */
#define E_SM_GWDIR (E_PSEUDOBASE + 6) /* Group writable directory */
#define E_SM_FILECHANGE (E_PSEUDOBASE + 7) /* File changed after open */
#define E_SM_WWFILE (E_PSEUDOBASE + 8) /* World writable file */
#define E_SM_GWFILE (E_PSEUDOBASE + 9) /* Group writable file */
#define E_SM_GRFILE (E_PSEUDOBASE + 10) /* g readable file */
#define E_SM_WRFILE (E_PSEUDOBASE + 11) /* o readable file */
#define E_DNSBASE (E_PSEUDOBASE + 20) /* base for DNS h_errno */
#define E_SMDBBASE (E_PSEUDOBASE + 40) /* base for libsmdb errors */
#define E_LDAPREALBASE (E_PSEUDOBASE + 70) /* start of range for LDAP */
#define E_LDAPBASE (E_LDAPREALBASE + E_LDAP_SHIM) /* LDAP error zero */
#define E_LDAPURLBASE (E_PSEUDOBASE + 230) /* base for LDAP URL errors */
/*
** OpenLDAP uses small negative errors for internal (non-protocol)
** errors. We expect them to be between zero and -E_LDAP_SHIM
** (and then offset by E_LDAPBASE).
*/
#define E_LDAP_SHIM 30
/* libsmdb */
#define SMDBE_OK 0
#define SMDBE_MALLOC (E_SMDBBASE + 1)
#define SMDBE_GDBM_IS_BAD (E_SMDBBASE + 2)
#define SMDBE_UNSUPPORTED (E_SMDBBASE + 3)
#define SMDBE_DUPLICATE (E_SMDBBASE + 4)
#define SMDBE_BAD_OPEN (E_SMDBBASE + 5)
#define SMDBE_NOT_FOUND (E_SMDBBASE + 6)
#define SMDBE_UNKNOWN_DB_TYPE (E_SMDBBASE + 7)
#define SMDBE_UNSUPPORTED_DB_TYPE (E_SMDBBASE + 8)
#define SMDBE_INCOMPLETE (E_SMDBBASE + 9)
#define SMDBE_KEY_EMPTY (E_SMDBBASE + 10)
#define SMDBE_KEY_EXIST (E_SMDBBASE + 11)
#define SMDBE_LOCK_DEADLOCK (E_SMDBBASE + 12)
#define SMDBE_LOCK_NOT_GRANTED (E_SMDBBASE + 13)
#define SMDBE_LOCK_NOT_HELD (E_SMDBBASE + 14)
#define SMDBE_RUN_RECOVERY (E_SMDBBASE + 15)
#define SMDBE_IO_ERROR (E_SMDBBASE + 16)
#define SMDBE_READ_ONLY (E_SMDBBASE + 17)
#define SMDBE_DB_NAME_TOO_LONG (E_SMDBBASE + 18)
#define SMDBE_INVALID_PARAMETER (E_SMDBBASE + 19)
#define SMDBE_ONLY_SUPPORTS_ONE_CURSOR (E_SMDBBASE + 20)
#define SMDBE_NOT_A_VALID_CURSOR (E_SMDBBASE + 21)
#define SMDBE_LAST_ENTRY (E_SMDBBASE + 22)
#define SMDBE_OLD_VERSION (E_SMDBBASE + 23)
#define SMDBE_VERSION_MISMATCH (E_SMDBBASE + 24)
-extern const char *sm_errstring __P((int _errno));
-
+extern const char *sm_errstring __P((int _errnum));
#endif /* SM_ERRSTRING_H */
diff --git a/include/sm/gen.h b/include/sm/gen.h
index 522892982e9e..a66bae54b46c 100644
--- a/include/sm/gen.h
+++ b/include/sm/gen.h
@@ -1,80 +1,80 @@
/*
* Copyright (c) 2000-2002 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: gen.h,v 1.24 2013-11-22 20:51:31 ca Exp $
*/
/*
** libsm general definitions
** See libsm/gen.html for documentation.
*/
#ifndef SM_GEN_H
# define SM_GEN_H
# include <sm/config.h>
# include <sm/cdefs.h>
# include <sm/types.h>
/*
** Define SM_RCSID and SM_IDSTR,
** macros used to embed RCS and SCCS identification strings in object files.
*/
# ifdef lint
# define SM_RCSID(str)
# define SM_IDSTR(id,str)
# else /* lint */
# define SM_RCSID(str) SM_UNUSED(static const char RcsId[]) = str;
# define SM_IDSTR(id,str) SM_UNUSED(static const char id[]) = str;
# endif /* lint */
/*
** Define NULL and offsetof (from the C89 standard)
*/
# if SM_CONF_STDDEF_H
# include <stddef.h>
# else /* SM_CONF_STDDEF_H */
# ifndef NULL
# define NULL 0
-# endif /* ! NULL */
+# endif
# define offsetof(type, member) ((size_t)(&((type *)0)->member))
# endif /* SM_CONF_STDDEF_H */
/*
** Define bool, true, false (from the C99 standard)
*/
# if SM_CONF_STDBOOL_H
# include <stdbool.h>
# else /* SM_CONF_STDBOOL_H */
# ifndef __cplusplus
typedef int bool;
# define false 0
# define true 1
# define __bool_true_false_are_defined 1
# endif /* ! __cplusplus */
# endif /* SM_CONF_STDBOOL_H */
/*
** Define SM_MAX and SM_MIN
*/
# define SM_MAX(a, b) ((a) > (b) ? (a) : (b))
# define SM_MIN(a, b) ((a) < (b) ? (a) : (b))
/* Define SM_SUCCESS and SM_FAILURE */
# define SM_SUCCESS 0
# define SM_FAILURE (-1)
/* XXX This needs to be fixed when we start to use threads: */
typedef int SM_ATOMIC_INT_T;
typedef unsigned int SM_ATOMIC_UINT_T;
#endif /* SM_GEN_H */
diff --git a/include/sm/heap.h b/include/sm/heap.h
index 152e3672fcc4..369894e9cd15 100644
--- a/include/sm/heap.h
+++ b/include/sm/heap.h
@@ -1,111 +1,111 @@
/*
* Copyright (c) 2000-2001, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: heap.h,v 1.24 2013-11-22 20:51:31 ca Exp $
*/
/*
** Sendmail debugging memory allocation package.
** See libsm/heap.html for documentation.
*/
#ifndef SM_HEAP_H
# define SM_HEAP_H
# include <sm/io.h>
# include <stdlib.h>
# include <sm/debug.h>
# include <sm/exc.h>
/* change default to 0 for production? */
# ifndef SM_HEAP_CHECK
# define SM_HEAP_CHECK 1
-# endif /* ! SM_HEAP_CHECK */
+# endif
# if SM_HEAP_CHECK
# define sm_malloc_x(sz) sm_malloc_tagged_x(sz, __FILE__, __LINE__, SmHeapGroup)
# define sm_malloc(size) sm_malloc_tagged(size, __FILE__, __LINE__, SmHeapGroup)
# define sm_free(ptr) sm_free_tagged(ptr, __FILE__, __LINE__)
extern void *sm_malloc_tagged __P((size_t, char *, int, int));
extern void *sm_malloc_tagged_x __P((size_t, char *, int, int));
extern void sm_free_tagged __P((void *, char *, int));
extern void *sm_realloc_x __P((void *, size_t));
extern bool sm_heap_register __P((void *, size_t, char *, int, int));
extern void sm_heap_checkptr_tagged __P((void *, char *, int));
extern void sm_heap_report __P((SM_FILE_T *, int));
# else /* SM_HEAP_CHECK */
# define sm_malloc_tagged(size, file, line, grp) sm_malloc(size)
# define sm_malloc_tagged_x(size, file, line, grp) sm_malloc_x(size)
# define sm_free_tagged(ptr, file, line) sm_free(ptr)
# define sm_heap_register(ptr, size, file, line, grp) (true)
# define sm_heap_checkptr_tagged(ptr, tag, num) ((void)0)
# define sm_heap_report(file, verbose) ((void)0)
extern void *sm_malloc __P((size_t));
extern void *sm_malloc_x __P((size_t));
extern void *sm_realloc_x __P((void *, size_t));
extern void sm_free __P((void *));
# endif /* SM_HEAP_CHECK */
extern void *sm_realloc __P((void *, size_t));
# define sm_heap_checkptr(ptr) sm_heap_checkptr_tagged(ptr, __FILE__, __LINE__)
#if 0
/*
** sm_f[mc]alloc are plug in replacements for malloc and calloc
** which can be used in a context requiring a function pointer,
** and which are compatible with sm_free. Warning: sm_heap_report
** cannot report where storage leaked by sm_f[mc]alloc was allocated.
*/
/* XXX unused right now */
extern void *
sm_fmalloc __P((
size_t));
extern void *
sm_fcalloc __P((
size_t,
size_t));
#endif /* 0 */
/*
** Allocate 'permanent' storage that can be freed but may still be
** allocated when the process exits. sm_heap_report will not complain
** about a storage leak originating from a call to sm_pmalloc.
*/
# define sm_pmalloc(size) sm_malloc_tagged(size, __FILE__, __LINE__, 0)
# define sm_pmalloc_x(size) sm_malloc_tagged_x(size, __FILE__, __LINE__, 0)
# define sm_heap_group() SmHeapGroup
# define sm_heap_setgroup(g) (SmHeapGroup = (g))
# define sm_heap_newgroup() (SmHeapGroup = ++SmHeapMaxGroup)
#define SM_FREE(ptr) \
do \
{ \
if ((ptr) != NULL) \
{ \
sm_free(ptr); \
(ptr) = NULL; \
} \
} while (0)
extern int SmHeapGroup;
extern int SmHeapMaxGroup;
extern SM_DEBUG_T SmHeapTrace;
extern SM_DEBUG_T SmHeapCheck;
extern SM_EXC_T SmHeapOutOfMemory;
#endif /* ! SM_HEAP_H */
diff --git a/include/sm/io.h b/include/sm/io.h
index 1eceffd22cfb..838af38e3cfa 100644
--- a/include/sm/io.h
+++ b/include/sm/io.h
@@ -1,389 +1,389 @@
/*
* Copyright (c) 2000-2002, 2004, 2013 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: io.h,v 1.26 2013-11-22 20:51:31 ca Exp $
*/
/*-
* @(#)stdio.h 5.17 (Berkeley) 6/3/91
*/
#ifndef SM_IO_H
#define SM_IO_H
#include <stdio.h>
#include <sm/gen.h>
#include <sm/varargs.h>
/* mode for sm io (exposed) */
#define SM_IO_RDWR 1 /* read-write */
#define SM_IO_RDONLY 2 /* read-only */
#define SM_IO_WRONLY 3 /* write-only */
#define SM_IO_APPEND 4 /* write-only from eof */
#define SM_IO_APPENDRW 5 /* read-write from eof */
#define SM_IO_RDWRTR 6 /* read-write with truncation indicated */
# define SM_IO_BINARY 0x0 /* binary mode: not used in Unix */
#define SM_IS_BINARY(mode) (((mode) & SM_IO_BINARY) != 0)
#define SM_IO_MODE(mode) ((mode) & 0x0f)
#define SM_IO_RDWR_B (SM_IO_RDWR|SM_IO_BINARY)
#define SM_IO_RDONLY_B (SM_IO_RDONLY|SM_IO_BINARY)
#define SM_IO_WRONLY_B (SM_IO_WRONLY|SM_IO_BINARY)
#define SM_IO_APPEND_B (SM_IO_APPEND|SM_IO_BINARY)
#define SM_IO_APPENDRW_B (SM_IO_APPENDRW|SM_IO_BINARY)
#define SM_IO_RDWRTR_B (SM_IO_RDWRTR|SM_IO_BINARY)
/* for sm_io_fseek, et al api's (exposed) */
#define SM_IO_SEEK_SET 0
#define SM_IO_SEEK_CUR 1
#define SM_IO_SEEK_END 2
/* flags for info what's with different types (exposed) */
#define SM_IO_WHAT_MODE 1
#define SM_IO_WHAT_VECTORS 2
#define SM_IO_WHAT_FD 3
-#define SM_IO_WHAT_TYPE 4
+/* was WHAT_TYPE 4 unused */
#define SM_IO_WHAT_ISTYPE 5
#define SM_IO_IS_READABLE 6
#define SM_IO_WHAT_TIMEOUT 7
#define SM_IO_WHAT_SIZE 8
/* info flags (exposed) */
#define SM_IO_FTYPE_CREATE 1
#define SM_IO_FTYPE_MODIFY 2
#define SM_IO_FTYPE_DELETE 3
#define SM_IO_SL_PRIO 1
#define SM_IO_OPEN_MAX 20
/* for internal buffers */
struct smbuf
{
unsigned char *smb_base;
int smb_size;
};
/*
** sm I/O state variables (internal only).
**
** The following always hold:
**
** if (flags&(SMLBF|SMWR)) == (SMLBF|SMWR),
** lbfsize is -bf.size, else lbfsize is 0
** if flags&SMRD, w is 0
** if flags&SMWR, r is 0
**
** This ensures that the getc and putc macros (or inline functions) never
** try to write or read from a file that is in `read' or `write' mode.
** (Moreover, they can, and do, automatically switch from read mode to
** write mode, and back, on "r+" and "w+" files.)
**
** lbfsize is used only to make the inline line-buffered output stream
** code as compact as possible.
**
** ub, up, and ur are used when ungetc() pushes back more characters
** than fit in the current bf, or when ungetc() pushes back a character
** that does not match the previous one in bf. When this happens,
** ub.base becomes non-nil (i.e., a stream has ungetc() data iff
** ub.base!=NULL) and up and ur save the current values of p and r.
*/
typedef struct sm_file SM_FILE_T;
struct sm_file
{
const char *sm_magic; /* This SM_FILE_T is free when NULL */
unsigned char *f_p; /* current position in (some) buffer */
int f_r; /* read space left for getc() */
int f_w; /* write space left for putc() */
long f_flags; /* flags, below */
short f_file; /* fileno, if Unix fd, else -1 */
struct smbuf f_bf; /* the buffer (>= 1 byte, if !NULL) */
int f_lbfsize; /* 0 or -bf.size, for inline putc */
/* These can be used for any purpose by a file type implementation: */
void *f_cookie;
int f_ival;
/* operations */
int (*f_close) __P((SM_FILE_T *));
ssize_t (*f_read) __P((SM_FILE_T *, char *, size_t));
off_t (*f_seek) __P((SM_FILE_T *, off_t, int));
ssize_t (*f_write) __P((SM_FILE_T *, const char *, size_t));
int (*f_open) __P((SM_FILE_T *, const void *, int,
const void *));
int (*f_setinfo) __P((SM_FILE_T *, int , void *));
int (*f_getinfo) __P((SM_FILE_T *, int , void *));
int f_timeout;
int f_timeoutstate; /* either blocking or non-blocking */
char *f_type; /* for by-type lookups */
struct sm_file *f_flushfp; /* flush this before reading parent */
struct sm_file *f_modefp; /* sync mode with this fp */
/* separate buffer for long sequences of ungetc() */
struct smbuf f_ub; /* ungetc buffer */
unsigned char *f_up; /* saved f_p when f_p is doing ungetc */
int f_ur; /* saved f_r when f_r is counting ungetc */
/* tricks to meet minimum requirements even when malloc() fails */
unsigned char f_ubuf[3]; /* guarantee an ungetc() buffer */
unsigned char f_nbuf[1]; /* guarantee a getc() buffer */
/* Unix stdio files get aligned to block boundaries on fseek() */
int f_blksize; /* stat.st_blksize (may be != bf.size) */
off_t f_lseekoff; /* current lseek offset */
int f_dup_cnt; /* count file dup'd */
};
__BEGIN_DECLS
extern SM_FILE_T SmIoF[];
extern const char SmFileMagic[];
extern SM_FILE_T SmFtStdio_def;
extern SM_FILE_T SmFtStdiofd_def;
extern SM_FILE_T SmFtString_def;
extern SM_FILE_T SmFtSyslog_def;
extern SM_FILE_T SmFtRealStdio_def;
#define SMIOIN_FILENO 0
#define SMIOOUT_FILENO 1
#define SMIOERR_FILENO 2
#define SMIOSTDIN_FILENO 3
#define SMIOSTDOUT_FILENO 4
#define SMIOSTDERR_FILENO 5
/* Common predefined and already (usually) open files (exposed) */
#define smioin (&SmIoF[SMIOIN_FILENO])
#define smioout (&SmIoF[SMIOOUT_FILENO])
#define smioerr (&SmIoF[SMIOERR_FILENO])
#define smiostdin (&SmIoF[SMIOSTDIN_FILENO])
#define smiostdout (&SmIoF[SMIOSTDOUT_FILENO])
#define smiostderr (&SmIoF[SMIOSTDERR_FILENO])
#define SmFtStdio (&SmFtStdio_def)
#define SmFtStdiofd (&SmFtStdiofd_def)
#define SmFtString (&SmFtString_def)
#define SmFtSyslog (&SmFtSyslog_def)
#define SmFtRealStdio (&SmFtRealStdio_def)
#ifdef __STDC__
# define SM_IO_SET_TYPE(f, name, open, close, read, write, seek, get, set, timeout) \
(f) = {SmFileMagic, (unsigned char *) 0, 0, 0, 0L, -1, {0}, 0, (void *) 0,\
0, (close), (read), (seek), (write), (open), (set), (get), (timeout),\
0, (name)}
# define SM_IO_INIT_TYPE(f, name, open, close, read, write, seek, get, set, timeout)
#else /* __STDC__ */
# define SM_IO_SET_TYPE(f, name, open, close, read, write, seek, get, set, timeout) (f)
# define SM_IO_INIT_TYPE(f, name, open, close, read, write, seek, get, set, timeout) \
(f).sm_magic = SmFileMagic; \
(f).f_p = (unsigned char *) 0; \
(f).f_r = 0; \
(f).f_w = 0; \
(f).f_flags = 0L; \
(f).f_file = 0; \
(f).f_bf.smb_base = (unsigned char *) 0; \
(f).f_bf.smb_size = 0; \
(f).f_lbfsize = 0; \
(f).f_cookie = (void *) 0; \
(f).f_ival = 0; \
(f).f_close = (close); \
(f).f_read = (read); \
(f).f_seek = (seek); \
(f).f_write = (write); \
(f).f_open = (open); \
(f).f_setinfo = (set); \
(f).f_getinfo = (get); \
(f).f_timeout = (timeout); \
(f).f_timeoutstate = 0; \
(f).f_type = (name);
#endif /* __STDC__ */
__END_DECLS
/* Internal flags */
#define SMFBF 0x000001 /* XXXX fully buffered */
#define SMLBF 0x000002 /* line buffered */
#define SMNBF 0x000004 /* unbuffered */
#define SMNOW 0x000008 /* Flush each write; take read now */
#define SMRD 0x000010 /* OK to read */
#define SMWR 0x000020 /* OK to write */
/* RD and WR are never simultaneously asserted */
#define SMRW 0x000040 /* open for reading & writing */
#define SMFEOF 0x000080 /* found EOF */
#define SMERR 0x000100 /* found error */
#define SMMBF 0x000200 /* buf is from malloc */
#define SMAPP 0x000400 /* fdopen()ed in append mode */
#define SMSTR 0x000800 /* this is an snprintf string */
#define SMOPT 0x001000 /* do fseek() optimisation */
#define SMNPT 0x002000 /* do not do fseek() optimisation */
#define SMOFF 0x004000 /* set iff offset is in fact correct */
#define SMALC 0x010000 /* allocate string space dynamically */
#define SMMODEMASK 0x0070 /* read/write mode */
/* defines for timeout constants */
#define SM_TIME_IMMEDIATE (0)
#define SM_TIME_FOREVER (-1)
#define SM_TIME_DEFAULT (-2)
/* timeout state for blocking */
#define SM_TIME_BLOCK (0) /* XXX just bool? */
#define SM_TIME_NONBLOCK (1)
/* Exposed buffering type flags */
#define SM_IO_FBF 0 /* setvbuf should set fully buffered */
#define SM_IO_LBF 1 /* setvbuf should set line buffered */
#define SM_IO_NBF 2 /* setvbuf should set unbuffered */
/* setvbuf buffered, but through at lower file type layers */
#define SM_IO_NOW 3
/*
** size of buffer used by setbuf.
** If underlying filesystem blocksize is discoverable that is used instead
*/
#define SM_IO_BUFSIZ 4096
#define SM_IO_EOF (-1)
/* Functions defined in ANSI C standard. */
__BEGIN_DECLS
SM_FILE_T *sm_io_autoflush __P((SM_FILE_T *, SM_FILE_T *));
void sm_io_automode __P((SM_FILE_T *, SM_FILE_T *));
void sm_io_clearerr __P((SM_FILE_T *));
int sm_io_close __P((SM_FILE_T *, int SM_NONVOLATILE));
SM_FILE_T *sm_io_dup __P((SM_FILE_T *));
int sm_io_eof __P((SM_FILE_T *));
int sm_io_error __P((SM_FILE_T *));
int sm_io_fgets __P((SM_FILE_T *, int, char *, int));
int sm_io_flush __P((SM_FILE_T *, int SM_NONVOLATILE));
int PRINTFLIKE(3, 4)
sm_io_fprintf __P((SM_FILE_T *, int, const char *, ...));
int sm_io_fputs __P((SM_FILE_T *, int, const char *));
int SCANFLIKE(3, 4)
sm_io_fscanf __P((SM_FILE_T *, int, const char *, ...));
int sm_io_getc __P((SM_FILE_T *, int));
int sm_io_getinfo __P((SM_FILE_T *, int, void *));
SM_FILE_T *sm_io_open __P((const SM_FILE_T *, int SM_NONVOLATILE, const void *,
int, const void *));
int sm_io_purge __P((SM_FILE_T *));
int sm_io_putc __P((SM_FILE_T *, int, int));
size_t sm_io_read __P((SM_FILE_T *, int, void *, size_t));
SM_FILE_T *sm_io_reopen __P((const SM_FILE_T *, int SM_NONVOLATILE,
const void *, int, const void *, SM_FILE_T *));
void sm_io_rewind __P((SM_FILE_T *, int));
int sm_io_seek __P((SM_FILE_T *, int SM_NONVOLATILE, long SM_NONVOLATILE,
int SM_NONVOLATILE));
int sm_io_setinfo __P((SM_FILE_T *, int, void *));
int sm_io_setvbuf __P((SM_FILE_T *, int, char *, int, size_t));
int SCANFLIKE(2, 3)
sm_io_sscanf __P((const char *, char const *, ...));
long sm_io_tell __P((SM_FILE_T *, int SM_NONVOLATILE));
int sm_io_ungetc __P((SM_FILE_T *, int, int));
int sm_io_vfprintf __P((SM_FILE_T *, int, const char *, va_list));
size_t sm_io_write __P((SM_FILE_T *, int, const void *, size_t));
void sm_strio_init __P((SM_FILE_T *, char *, size_t));
extern SM_FILE_T *
sm_io_fopen __P((
char *_pathname,
int _flags,
...));
extern SM_FILE_T *
sm_io_stdioopen __P((
FILE *_stream,
char *_mode));
extern int
sm_vasprintf __P((
char **_str,
const char *_fmt,
va_list _ap));
extern int
sm_vsnprintf __P((
char *,
size_t,
const char *,
va_list));
extern void
sm_perror __P((
const char *));
__END_DECLS
/*
** Functions internal to the implementation.
*/
__BEGIN_DECLS
int sm_rget __P((SM_FILE_T *, int));
int sm_vfscanf __P((SM_FILE_T *, int SM_NONVOLATILE, const char *,
- va_list SM_NONVOLATILE));
+ va_list));
int sm_wbuf __P((SM_FILE_T *, int, int));
__END_DECLS
/*
** The macros are here so that we can
** define function versions in the library.
*/
#define sm_getc(f, t) \
(--(f)->f_r < 0 ? \
sm_rget(f, t) : \
(int)(*(f)->f_p++))
/*
** This has been tuned to generate reasonable code on the vax using pcc.
** (It also generates reasonable x86 code using gcc.)
*/
#define sm_putc(f, t, c) \
(--(f)->f_w < 0 ? \
(f)->f_w >= (f)->f_lbfsize ? \
(*(f)->f_p = (c)), *(f)->f_p != '\n' ? \
(int)*(f)->f_p++ : \
sm_wbuf(f, t, '\n') : \
sm_wbuf(f, t, (int)(c)) : \
(*(f)->f_p = (c), (int)*(f)->f_p++))
#define sm_eof(p) (((p)->f_flags & SMFEOF) != 0)
#define sm_error(p) (((p)->f_flags & SMERR) != 0)
#define sm_clearerr(p) ((void)((p)->f_flags &= ~(SMERR|SMFEOF)))
#define sm_io_eof(p) sm_eof(p)
#define sm_io_error(p) sm_error(p)
#define sm_io_clearerr(p) sm_clearerr(p)
#ifndef lint
# ifndef _POSIX_SOURCE
# define sm_io_getc(fp, t) sm_getc(fp, t)
# define sm_io_putc(fp, t, x) sm_putc(fp, t, x)
-# endif /* _POSIX_SOURCE */
+# endif
#endif /* lint */
#endif /* SM_IO_H */
diff --git a/include/sm/ldap.h b/include/sm/ldap.h
index 9ce5d234e70a..8fcd872d5f84 100644
--- a/include/sm/ldap.h
+++ b/include/sm/ldap.h
@@ -1,141 +1,144 @@
/*
* Copyright (c) 2001-2003, 2005-2007 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: ldap.h,v 1.35 2013-11-22 20:51:31 ca Exp $
*/
#ifndef SM_LDAP_H
# define SM_LDAP_H
# include <sm/conf.h>
# include <sm/rpool.h>
/*
** NOTE: These should be changed from LDAPMAP_* to SM_LDAP_*
** in the next major release (8.x+1) of sendmail.
*/
# ifndef LDAPMAP_MAX_ATTR
# define LDAPMAP_MAX_ATTR 64
-# endif /* ! LDAPMAP_MAX_ATTR */
+# endif
# ifndef LDAPMAP_MAX_FILTER
# define LDAPMAP_MAX_FILTER 1024
-# endif /* ! LDAPMAP_MAX_FILTER */
+# endif
# ifndef LDAPMAP_MAX_PASSWD
# define LDAPMAP_MAX_PASSWD 256
-# endif /* ! LDAPMAP_MAX_PASSWD */
+# endif
# if LDAPMAP
/* maximum number of arguments in a map lookup, see sendmail.h: MAX_MAP_ARGS */
# define SM_LDAP_ARGS 10
/* error codes from sm_ldap_search*() */
# define SM_LDAP_ERR (-1) /* generic error: ldap_search(3) */
# define SM_LDAP_ERR_ARG_MISS (-2) /* an argument is missing */
/* Attribute types */
# define SM_LDAP_ATTR_NONE (-1)
# define SM_LDAP_ATTR_OBJCLASS 0
# define SM_LDAP_ATTR_NORMAL 1
# define SM_LDAP_ATTR_DN 2
# define SM_LDAP_ATTR_FILTER 3
# define SM_LDAP_ATTR_URL 4
/* sm_ldap_results() flags */
# define SM_LDAP_SINGLEMATCH 0x0001
# define SM_LDAP_MATCHONLY 0x0002
# define SM_LDAP_USE_ALLATTR 0x0004
# define SM_LDAP_SINGLEDN 0x0008
struct sm_ldap_struct
{
/* needed for ldap_open or ldap_init */
char *ldap_uri;
char *ldap_host;
int ldap_port;
int ldap_version;
pid_t ldap_pid;
/* options set in ld struct before ldap_bind_s */
int ldap_deref;
time_t ldap_timelimit;
int ldap_sizelimit;
int ldap_options;
/* args for ldap_bind_s */
LDAP *ldap_ld;
char *ldap_binddn;
char *ldap_secret;
int ldap_method;
/* args for ldap_search */
char *ldap_base;
int ldap_scope;
char *ldap_filter;
char *ldap_attr[LDAPMAP_MAX_ATTR + 1];
int ldap_attr_type[LDAPMAP_MAX_ATTR + 1];
char *ldap_attr_needobjclass[LDAPMAP_MAX_ATTR + 1];
bool ldap_attrsonly;
bool ldap_multi_args;
/* args for ldap_result */
struct timeval ldap_timeout;
LDAPMessage *ldap_res;
/* ldapmap_lookup options */
char ldap_attrsep;
-# if _FFR_LDAP_NETWORK_TIMEOUT
+# if LDAP_NETWORK_TIMEOUT
int ldap_networktmo;
-# endif /* _FFR_LDAP_NETWORK_TIMEOUT */
+# endif
+# if _FFR_SM_LDAP_DBG
+ int ldap_debug;
+# endif
/* Linked list of maps sharing the same LDAP binding */
void *ldap_next;
};
typedef struct sm_ldap_struct SM_LDAP_STRUCT;
struct sm_ldap_recurse_entry
{
char *lr_search;
int lr_type;
LDAPURLDesc *lr_ludp;
char **lr_attrs;
bool lr_done;
};
struct sm_ldap_recurse_list
{
int lrl_size;
int lrl_cnt;
struct sm_ldap_recurse_entry **lrl_data;
};
typedef struct sm_ldap_recurse_entry SM_LDAP_RECURSE_ENTRY;
typedef struct sm_ldap_recurse_list SM_LDAP_RECURSE_LIST;
/* functions */
extern void sm_ldap_clear __P((SM_LDAP_STRUCT *));
extern bool sm_ldap_start __P((char *, SM_LDAP_STRUCT *));
extern int sm_ldap_search __P((SM_LDAP_STRUCT *, char *));
extern int sm_ldap_search_m __P((SM_LDAP_STRUCT *, char **));
extern int sm_ldap_results __P((SM_LDAP_STRUCT *, int, int, int,
SM_RPOOL_T *, char **, int *, int *,
SM_LDAP_RECURSE_LIST *));
extern void sm_ldap_setopts __P((LDAP *, SM_LDAP_STRUCT *));
extern int sm_ldap_geterrno __P((LDAP *));
extern void sm_ldap_close __P((SM_LDAP_STRUCT *));
/* Portability defines */
# if !SM_CONF_LDAP_MEMFREE
# define ldap_memfree(x) ((void) 0)
-# endif /* !SM_CONF_LDAP_MEMFREE */
+# endif
# endif /* LDAPMAP */
#endif /* ! SM_LDAP_H */
diff --git a/include/sm/limits.h b/include/sm/limits.h
index 001f81e190a4..fdc36bf81a62 100644
--- a/include/sm/limits.h
+++ b/include/sm/limits.h
@@ -1,55 +1,55 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: limits.h,v 1.7 2013-11-22 20:51:31 ca Exp $
*/
/*
** <sm/limits.h>
** This header file is a portability wrapper for <limits.h>.
** It includes <limits.h>, then it ensures that the following macros
** from the C 1999 standard for <limits.h> are defined:
** LLONG_MIN, LLONG_MAX
** ULLONG_MAX
*/
#ifndef SM_LIMITS_H
# define SM_LIMITS_H
# include <limits.h>
# include <sm/types.h>
# include <sys/param.h>
/*
** The following assumes two's complement binary arithmetic.
*/
# ifndef LLONG_MIN
# define LLONG_MIN ((LONGLONG_T)(~(ULLONG_MAX >> 1)))
-# endif /* ! LLONG_MIN */
+# endif
# ifndef LLONG_MAX
# define LLONG_MAX ((LONGLONG_T)(ULLONG_MAX >> 1))
-# endif /* ! LLONG_MAX */
+# endif
# ifndef ULLONG_MAX
# define ULLONG_MAX ((ULONGLONG_T)(-1))
-# endif /* ! ULLONG_MAX */
+# endif
/*
** PATH_MAX is defined by the POSIX standard. All modern systems
** provide it. Older systems define MAXPATHLEN in <sys/param.h> instead.
*/
# ifndef PATH_MAX
# ifdef MAXPATHLEN
# define PATH_MAX MAXPATHLEN
-# else /* MAXPATHLEN */
+# else
# define PATH_MAX 2048
-# endif /* MAXPATHLEN */
+# endif
# endif /* ! PATH_MAX */
#endif /* ! SM_LIMITS_H */
diff --git a/include/sm/notify.h b/include/sm/notify.h
new file mode 100644
index 000000000000..e5c193e09b37
--- /dev/null
+++ b/include/sm/notify.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2016 Proofpoint, Inc. and its suppliers.
+ * All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ */
+
+#ifndef SM_NOTIFY_H
+#define SM_NOTIFY_H
+
+int sm_notify_init __P((int));
+int sm_notify_start __P((bool, int));
+int sm_notify_stop __P((bool, int));
+int sm_notify_rcv __P((char *, size_t, int));
+int sm_notify_snd __P((char *, size_t));
+
+#endif /* ! SM_MSG_H */
diff --git a/include/sm/os/sm_os_freebsd.h b/include/sm/os/sm_os_freebsd.h
index 306f62cb5724..7c52edfe029f 100644
--- a/include/sm/os/sm_os_freebsd.h
+++ b/include/sm/os/sm_os_freebsd.h
@@ -1,41 +1,43 @@
/*
- * Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
+ * Copyright (c) 2000-2001, 2018 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
- *
- * $Id: sm_os_freebsd.h,v 1.12 2013-11-22 20:51:34 ca Exp $
*/
/*
** Platform definitions for FreeBSD
*/
#define SM_OS_NAME "freebsd"
#define SM_CONF_SYS_CDEFS_H 1
#if __FreeBSD__ >= 2
# include <osreldate.h> /* defines __FreeBSD_version */
# if __FreeBSD_version >= 199512 /* 2.2-current when it appeared */
# define MI_SOMAXCONN -1 /* listen() max backlog for milter */
# endif /* __FreeBSD_version >= 199512 */
# if __FreeBSD_version >= 330000
/* 3.3.0-release and later have strlcpy()/strlcat() */
# ifndef SM_CONF_STRL
# define SM_CONF_STRL 1
# endif
# endif
#endif
#ifndef SM_CONF_SHM
# define SM_CONF_SHM 1
-#endif /* SM_CONF_SHM */
+#endif
#ifndef SM_CONF_SEM
-# define SM_CONF_SEM 1
-#endif /* SM_CONF_SEM */
+# if __FreeBSD__ > 11
+# define SM_CONF_SEM 2 /* union semun is now longer available by default */
+# else
+# define SM_CONF_SEM 1
+# endif
+#endif
#ifndef SM_CONF_MSG
# define SM_CONF_MSG 1
-#endif /* SM_CONF_MSG */
+#endif
diff --git a/include/sm/rpool.h b/include/sm/rpool.h
index b01050de3a58..52f76771321a 100644
--- a/include/sm/rpool.h
+++ b/include/sm/rpool.h
@@ -1,189 +1,189 @@
/*
* Copyright (c) 2000-2001, 2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: rpool.h,v 1.17 2013-11-22 20:51:31 ca Exp $
*/
/*
** libsm resource pools
** See libsm/rpool.html for documentation.
*/
#ifndef SM_RPOOL_H
# define SM_RPOOL_H
# include <sm/gen.h>
# include <sm/heap.h>
# include <sm/string.h>
/*
** Each memory pool object consists of an SM_POOLLINK_T,
** followed by a platform specific amount of padding,
** followed by 'poolsize' bytes of pool data,
** where 'poolsize' is the value of rpool->sm_poolsize at the time
** the pool is allocated.
*/
typedef struct sm_poollink SM_POOLLINK_T;
struct sm_poollink
{
SM_POOLLINK_T *sm_pnext;
};
typedef void (*SM_RPOOL_RFREE_T) __P((void *_rcontext));
typedef SM_RPOOL_RFREE_T *SM_RPOOL_ATTACH_T;
typedef struct sm_resource SM_RESOURCE_T;
struct sm_resource
{
/*
** Function for freeing this resource. It may be NULL,
** meaning that this resource has already been freed.
*/
SM_RPOOL_RFREE_T sm_rfree;
void *sm_rcontext; /* resource data */
};
# define SM_RLIST_MAX 511
typedef struct sm_rlist SM_RLIST_T;
struct sm_rlist
{
SM_RESOURCE_T sm_rvec[SM_RLIST_MAX];
SM_RLIST_T *sm_rnext;
};
typedef struct
{
/* Points to SmRpoolMagic, or is NULL if rpool is freed. */
const char *sm_magic;
/*
** If this rpool object has no parent, then sm_parentlink
** is NULL. Otherwise, we set *sm_parentlink = NULL
** when this rpool is freed, so that it isn't freed a
** second time when the parent is freed.
*/
SM_RPOOL_RFREE_T *sm_parentlink;
/*
** Memory pools
*/
/* Size of the next pool to be allocated, not including the header. */
size_t sm_poolsize;
/*
** If an sm_rpool_malloc_x request is too big to fit
** in the current pool, and the request size > bigobjectsize,
** then the object will be given its own malloc'ed block.
** sm_bigobjectsize <= sm_poolsize. The maximum wasted space
** at the end of a pool is maxpooledobjectsize - 1.
*/
size_t sm_bigobjectsize;
/* Points to next free byte in the current pool. */
char *sm_poolptr;
/*
** Number of bytes available in the current pool.
** Initially 0. Set to 0 by sm_rpool_free.
*/
size_t sm_poolavail;
/* Linked list of memory pools. Initially NULL. */
SM_POOLLINK_T *sm_pools;
/*
** Resource lists
*/
SM_RESOURCE_T *sm_rptr; /* Points to next free resource slot. */
/*
** Number of available resource slots in current list.
** Initially 0. Set to 0 by sm_rpool_free.
*/
size_t sm_ravail;
/* Linked list of resource lists. Initially NULL. */
SM_RLIST_T *sm_rlists;
#if _FFR_PERF_RPOOL
int sm_nbigblocks;
int sm_npools;
-#endif /* _FFR_PERF_RPOOL */
+#endif
} SM_RPOOL_T;
extern SM_RPOOL_T *
sm_rpool_new_x __P((
SM_RPOOL_T *_parent));
extern void
sm_rpool_free __P((
SM_RPOOL_T *_rpool));
# if SM_HEAP_CHECK
extern void *
sm_rpool_malloc_tagged_x __P((
SM_RPOOL_T *_rpool,
size_t _size,
char *_file,
int _line,
int _group));
# define sm_rpool_malloc_x(rpool, size) \
sm_rpool_malloc_tagged_x(rpool, size, __FILE__, __LINE__, SmHeapGroup)
extern void *
sm_rpool_malloc_tagged __P((
SM_RPOOL_T *_rpool,
size_t _size,
char *_file,
int _line,
int _group));
# define sm_rpool_malloc(rpool, size) \
sm_rpool_malloc_tagged(rpool, size, __FILE__, __LINE__, SmHeapGroup)
# else /* SM_HEAP_CHECK */
extern void *
sm_rpool_malloc_x __P((
SM_RPOOL_T *_rpool,
size_t _size));
extern void *
sm_rpool_malloc __P((
SM_RPOOL_T *_rpool,
size_t _size));
# endif /* SM_HEAP_CHECK */
#if DO_NOT_USE_STRCPY
extern char *sm_rpool_strdup_x __P((SM_RPOOL_T *rpool, const char *s));
-#else /* DO_NOT_USE_STRCPY */
+#else
# define sm_rpool_strdup_x(rpool, str) \
strcpy(sm_rpool_malloc_x(rpool, strlen(str) + 1), str)
-#endif /* DO_NOT_USE_STRCPY */
+#endif
extern SM_RPOOL_ATTACH_T
sm_rpool_attach_x __P((
SM_RPOOL_T *_rpool,
SM_RPOOL_RFREE_T _rfree,
void *_rcontext));
# define sm_rpool_detach(a) ((void)(*(a) = NULL))
extern void
sm_rpool_setsizes __P((
SM_RPOOL_T *_rpool,
size_t _poolsize,
size_t _bigobjectsize));
#endif /* ! SM_RPOOL_H */
diff --git a/include/sm/sem.h b/include/sm/sem.h
index 556400c39ca4..f188a15deca3 100644
--- a/include/sm/sem.h
+++ b/include/sm/sem.h
@@ -1,60 +1,60 @@
/*
* Copyright (c) 2000-2001, 2005, 2008 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: sem.h,v 1.11 2013-11-22 20:51:31 ca Exp $
*/
#ifndef SM_SEM_H
# define SM_SEM_H 1
#include <sm/gen.h>
/* key for semaphores */
# define SM_SEM_KEY (41L)
# define SM_SEM_NO_ID (-1)
# define SM_NO_SEM(id) ((id) < 0)
# if SM_CONF_SEM > 0
# include <sys/types.h>
# include <sys/ipc.h>
# include <sys/sem.h>
# if SM_CONF_SEM == 2
union semun
{
int val;
struct semid_ds *buf;
ushort *array;
};
# endif /* SM_CONF_SEM == 2 */
# ifndef SEM_A
# define SEM_A 0200
-# endif /* SEM_A */
+# endif
# ifndef SEM_R
# define SEM_R 0400
-# endif /* SEM_R */
+# endif
# define SM_NSEM 1
extern int sm_sem_start __P((key_t, int, int, bool));
extern int sm_sem_stop __P((int));
extern int sm_sem_acq __P((int, int, int));
extern int sm_sem_rel __P((int, int, int));
extern int sm_sem_get __P((int, int));
extern int sm_semsetowner __P((int, uid_t, gid_t, mode_t));
# else /* SM_CONF_SEM > 0 */
# define sm_sem_start(key, nsem, semflg, owner) 0
# define sm_sem_stop(semid) 0
# define sm_sem_acq(semid, semnum, timeout) 0
# define sm_sem_rel(semid, semnum, timeout) 0
# define sm_sem_get(semid, semnum) 0
# endif /* SM_CONF_SEM > 0 */
#endif /* ! SM_SEM_H */
diff --git a/include/sm/shm.h b/include/sm/shm.h
index 1a3b3b4f8bd1..f6c5ad56c1c9 100644
--- a/include/sm/shm.h
+++ b/include/sm/shm.h
@@ -1,43 +1,43 @@
/*
* Copyright (c) 2000-2003, 2005 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: shm.h,v 1.12 2013-11-22 20:51:31 ca Exp $
*/
#ifndef SM_SHM_H
# define SM_SHM_H
# if SM_CONF_SHM
# include <sys/types.h>
# include <sys/ipc.h>
# include <sys/shm.h>
/* # include "def.h" */
/* key for shared memory */
# define SM_SHM_KEY ((key_t) 42)
/* return value for failed shmget() */
# define SM_SHM_NULL ((void *) -1)
# define SM_SHM_NO_ID (-2)
extern void *sm_shmstart __P((key_t, int , int , int *, bool));
extern int sm_shmstop __P((void *, int, bool));
extern int sm_shmsetowner __P((int, uid_t, gid_t, mode_t));
/* for those braindead systems... (e.g., SunOS 4) */
# ifndef SHM_R
# define SHM_R 0400
-# endif /* SHM_R */
+# endif
# ifndef SHM_W
# define SHM_W 0200
-# endif /* SHM_W */
+# endif
# endif /* SM_CONF_SHM */
#endif /* ! SM_SHM_H */
diff --git a/include/sm/string.h b/include/sm/string.h
index 4fd87afe6003..1f2b587cc642 100644
--- a/include/sm/string.h
+++ b/include/sm/string.h
@@ -1,113 +1,115 @@
/*
* Copyright (c) 2000-2001, 2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: string.h,v 1.39 2013-11-22 20:51:31 ca Exp $
*/
/*
** libsm string manipulation
*/
#ifndef SM_STRING_H
# define SM_STRING_H
# include <sm/gen.h>
# include <sm/varargs.h>
# include <string.h> /* strlc{py,at}, strerror */
/* return number of bytes left in a buffer */
#define SPACELEFT(buf, ptr) (sizeof buf - ((ptr) - buf))
extern int PRINTFLIKE(3, 4)
sm_snprintf __P((char *, size_t, const char *, ...));
extern bool
sm_match __P((const char *_str, const char *_pattern));
extern char *
-sm_strdup __P((char *));
+sm_strdup __P((const char *));
extern char *
sm_strndup_x __P((const char *_str, size_t _len));
#if DO_NOT_USE_STRCPY
/* for "normal" data (free'd before end of process) */
extern char *
sm_strdup_x __P((const char *_str));
/* for data that is supposed to be persistent. */
extern char *
sm_pstrdup_x __P((const char *_str));
extern char *
sm_strdup_tagged_x __P((const char *str, char *file, int line, int group));
#else /* DO_NOT_USE_STRCPY */
/* for "normal" data (free'd before end of process) */
# define sm_strdup_x(str) strcpy(sm_malloc_x(strlen(str) + 1), str)
/* for data that is supposed to be persistent. */
# define sm_pstrdup_x(str) strcpy(sm_pmalloc_x(strlen(str) + 1), str)
# define sm_strdup_tagged_x(str, file, line, group) \
strcpy(sm_malloc_tagged_x(strlen(str) + 1, file, line, group), str)
#endif /* DO_NOT_USE_STRCPY */
extern char *
sm_stringf_x __P((const char *_fmt, ...));
extern char *
sm_vstringf_x __P((const char *_fmt, va_list _ap));
extern size_t
sm_strlcpy __P((char *_dst, const char *_src, ssize_t _len));
extern size_t
sm_strlcat __P((char *_dst, const char *_src, ssize_t _len));
extern size_t
sm_strlcat2 __P((char *, const char *, const char *, ssize_t));
extern size_t
#ifdef __STDC__
sm_strlcpyn(char *dst, ssize_t len, int n, ...);
#else /* __STDC__ */
sm_strlcpyn __P((char *,
ssize_t,
int,
va_dcl));
#endif /* __STDC__ */
# if !HASSTRERROR
extern char *
strerror __P((int _errno));
-# endif /* !HASSTRERROR */
+# endif
extern int
sm_strrevcmp __P((const char *, const char *));
extern int
sm_strrevcasecmp __P((const char *, const char *));
extern int
sm_strcasecmp __P((const char *, const char *));
extern int
sm_strncasecmp __P((const char *, const char *, size_t));
extern LONGLONG_T
sm_strtoll __P((const char *, char**, int));
extern ULONGLONG_T
sm_strtoull __P((const char *, char**, int));
extern void
stripquotes __P((char *));
+extern void
+unfoldstripquotes __P((char *));
#endif /* SM_STRING_H */
diff --git a/include/sm/test.h b/include/sm/test.h
index fdcce848b7e7..b9b77b678fe2 100644
--- a/include/sm/test.h
+++ b/include/sm/test.h
@@ -1,46 +1,46 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: test.h,v 1.7 2013-11-22 20:51:32 ca Exp $
*/
/*
** Abstractions for writing a libsm test program.
*/
#ifndef SM_TEST_H
# define SM_TEST_H
# include <sm/gen.h>
# if defined(__STDC__) || defined(__cplusplus)
# define SM_TEST(cond) sm_test(cond, #cond, __FILE__, __LINE__)
-# else /* defined(__STDC__) || defined(__cplusplus) */
+# else
# define SM_TEST(cond) sm_test(cond, "cond", __FILE__, __LINE__)
-# endif /* defined(__STDC__) || defined(__cplusplus) */
+# endif
extern int SmTestIndex;
extern int SmTestNumErrors;
extern void
sm_test_begin __P((
int _argc,
char **_argv,
char *_testname));
extern bool
sm_test __P((
bool _success,
char *_expr,
char *_filename,
int _lineno));
extern int
sm_test_end __P((void));
#endif /* ! SM_TEST_H */
diff --git a/include/sm/types.h b/include/sm/types.h
index 32c696fb837d..68998af82ddf 100644
--- a/include/sm/types.h
+++ b/include/sm/types.h
@@ -1,65 +1,65 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: types.h,v 1.14 2013-11-22 20:51:32 ca Exp $
*/
/*
** This header file defines standard integral types.
** - It includes <sys/types.h>, and fixes portability problems that
** exist on older Unix platforms.
** - It defines LONGLONG_T and ULONGLONG_T, which are portable locutions
** for 'long long' and 'unsigned long long'.
*/
#ifndef SM_TYPES_H
# define SM_TYPES_H
# include <sm/config.h>
/*
** On BSD 4.2 systems, <sys/types.h> was not idempotent.
** This problem is circumvented by replacing all occurrences
** of <sys/types.h> with <sm/types.h>, which is idempotent.
*/
# include <sys/types.h>
/*
** On some old Unix platforms, some of the standard types are missing.
** We fix that here.
*/
# if !SM_CONF_UID_GID
# define uid_t int
# define gid_t int
-# endif /* !SM_CONF_UID_GID */
+# endif
# if !SM_CONF_SSIZE_T
# define ssize_t int
-# endif /* !SM_CONF_SSIZE_T */
+# endif
/*
** Define LONGLONG_T and ULONGLONG_T, which are portable locutions
** for 'long long' and 'unsigned long long' from the C 1999 standard.
*/
# if SM_CONF_LONGLONG
typedef long long LONGLONG_T;
typedef unsigned long long ULONGLONG_T;
# else /* SM_CONF_LONGLONG */
# if SM_CONF_QUAD_T
typedef quad_t LONGLONG_T;
typedef u_quad_t ULONGLONG_T;
# else /* SM_CONF_QUAD_T */
typedef long LONGLONG_T;
typedef unsigned long ULONGLONG_T;
# endif /* SM_CONF_QUAD_T */
# endif /* SM_CONF_LONGLONG */
#endif /* ! SM_TYPES_H */
diff --git a/include/sm/varargs.h b/include/sm/varargs.h
index 612858da9c1f..2609630d919d 100644
--- a/include/sm/varargs.h
+++ b/include/sm/varargs.h
@@ -1,45 +1,50 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: varargs.h,v 1.9 2013-11-22 20:51:32 ca Exp $
*/
/*
** libsm variable argument lists
*/
#ifndef SM_VARARGS_H
# define SM_VARARGS_H
# if defined(__STDC__) || defined(__cplusplus)
# define SM_VA_STD 1
# include <stdarg.h>
# define SM_VA_START(ap, f) va_start(ap, f)
# else /* defined(__STDC__) || defined(__cplusplus) */
# define SM_VA_STD 0
# include <varargs.h>
# define SM_VA_START(ap, f) va_start(ap)
# endif /* defined(__STDC__) || defined(__cplusplus) */
# if defined(va_copy)
# define SM_VA_COPY(dst, src) va_copy((dst), (src))
# elif defined(__va_copy)
# define SM_VA_COPY(dst, src) __va_copy((dst), (src))
# else
# define SM_VA_COPY(dst, src) memcpy(&(dst), &(src), sizeof((dst)))
+# define SM_VA_END_COPY(ap) do { } while (0)
+# endif
+
+# ifndef SM_VA_END_COPY
+# define SM_VA_END_COPY(ap) va_end(ap)
# endif
/*
** The following macros are useless, but are provided for symmetry.
*/
# define SM_VA_LOCAL_DECL va_list ap;
# define SM_VA_ARG(ap, type) va_arg(ap, type)
# define SM_VA_END(ap) va_end(ap)
#endif /* ! SM_VARARGS_H */
diff --git a/include/sm/xtrap.h b/include/sm/xtrap.h
index ed5de5348fe4..31ddd1d36982 100644
--- a/include/sm/xtrap.h
+++ b/include/sm/xtrap.h
@@ -1,38 +1,38 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: xtrap.h,v 1.8 2013-11-22 20:51:32 ca Exp $
*/
/*
** scaffolding for testing exception handler code
*/
#ifndef SM_XTRAP_H
# define SM_XTRAP_H
# include <sm/debug.h>
# include <sm/exc.h>
extern SM_ATOMIC_UINT_T SmXtrapCount;
extern SM_DEBUG_T SmXtrapDebug;
extern SM_DEBUG_T SmXtrapReport;
# if SM_DEBUG_CHECK
# define sm_xtrap_check() (++SmXtrapCount == sm_debug_level(&SmXtrapDebug))
-# else /* SM_DEBUG_CHECK */
+# else
# define sm_xtrap_check() (0)
-# endif /* SM_DEBUG_CHECK */
+# endif
# define sm_xtrap_raise_x(exc) \
if (sm_xtrap_check()) \
{ \
sm_exc_raise_x(exc); \
} else
#endif /* ! SM_XTRAP_H */
diff --git a/libmilter/Makefile b/libmilter/Makefile
index 825ddd52d9d6..181c3b671b91 100644
--- a/libmilter/Makefile
+++ b/libmilter/Makefile
@@ -1,19 +1,19 @@
# $Id: Makefile,v 8.2 2006-05-23 21:55:55 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
-check: FRC
- $(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/libmilter/README b/libmilter/README
index 64e1cca1cf7c..73953823b670 100644
--- a/libmilter/README
+++ b/libmilter/README
@@ -1,234 +1,225 @@
This directory contains the source files for libmilter.
The sendmail Mail Filter API (Milter) is designed to allow third-party
programs access to mail messages as they are being processed in order to
filter meta-information and content.
This README file describes the steps needed to compile and run a filter,
through reference to a sample filter which is attached at the end of this
file. It is necessary to first build libmilter.a, which can be done by
issuing the './Build' command in SRCDIR/libmilter .
Starting with 8.13 sendmail is compiled by default with support for
the milter API.
Note: if you want to write a milter in Java, then see
http://sendmail-jilter.sourceforge.net/
+----------------+
| SECURITY HINTS |
+----------------+
Note: we strongly recommend not to run any milter as root. Libmilter
does not need root access to communicate with sendmail. It is a
good security practice to run a program only with root privileges
if really necessary. A milter should probably check first whether
it runs as root and refuse to start in that case. libmilter will
not unlink a socket when running as root.
+----------------------+
| CONFIGURATION MACROS |
+----------------------+
Libmilter uses a set of C preprocessor macros to specify platform specific
features of the C compiler and standard C libraries.
SM_CONF_POLL
Set to 1 if poll(2) should be used instead of select(2).
+-------------------+
| BUILDING A FILTER |
+-------------------+
The following command presumes that the sample code from the end of this
README is saved to a file named 'sample.c' and built in the local platform-
specific build subdirectory (SRCDIR/obj.*/libmilter).
cc -I../../include -o sample sample.c libmilter.a ../libsm/libsm.a -pthread
It is recommended that you build your filters in a location outside of
the sendmail source tree. Modify the compiler include references (-I)
and the library locations accordingly. Also, some operating systems may
require additional libraries. For example, SunOS 5.X requires '-lresolv
-lsocket -lnsl'. Depending on your operating system you may need a library
instead of the option -pthread, e.g., -lpthread.
Filters must be thread-safe! Many operating systems now provide support for
POSIX threads in the standard C libraries. The compiler flag to link with
threading support differs according to the compiler and linker used. Check
the Makefile in your appropriate obj.*/libmilter build subdirectory if you
are unsure of the local flag used.
Note that since filters use threads, it may be necessary to alter per
process limits in your filter. For example, you might look at using
setrlimit() to increase the number of open file descriptors if your filter
is going to be busy.
+----------------------------------------+
| SPECIFYING FILTERS IN SENDMAIL CONFIGS |
+----------------------------------------+
Filters are specified with a key letter ``X'' (for ``eXternal'').
For example:
Xfilter1, S=local:/var/run/f1.sock, F=R
Xfilter2, S=inet6:999@localhost, F=T, T=C:10m;S:1s;R:1s;E:5m
Xfilter3, S=inet:3333@localhost
specifies three filters. Filters can be specified in your .mc file using
the following:
INPUT_MAIL_FILTER(`filter1', `S=local:/var/run/f1.sock, F=R')
INPUT_MAIL_FILTER(`filter2', `S=inet6:999@localhost, F=T, T=C:10m;S:1s;R:1s;E:5m')
INPUT_MAIL_FILTER(`filter3', `S=inet:3333@localhost')
The first attaches to a Unix-domain socket in the /var/run directory; the
second uses an IPv6 socket on port 999 of localhost, and the third uses an
IPv4 socket on port 3333 of localhost. The current flags (F=) are:
R Reject connection if filter unavailable
T Temporary fail connection if filter unavailable
4 Shut down connection if filter unavailable
(with a 421 temporary error).
If none of these is specified, the message is passed through sendmail
in case of filter errors as if the failing filters were not present.
Finally, you can override the default timeouts used by sendmail when
talking to the filters using the T= equate. There are four fields inside
of the T= equate:
Letter Meaning
C Timeout for connecting to a filter (if 0, use system timeout)
S Timeout for sending information from the MTA to a filter
R Timeout for reading reply from the filter
E Overall timeout between sending end-of-message to filter
and waiting for the final acknowledgment
Note the separator between each is a ';' as a ',' already separates equates
and therefore can't separate timeouts. The default values (if not set in
the config) are:
T=C:5m;S:10s;R:10s;E:5m
where 's' is seconds and 'm' is minutes.
-Which filters are invoked and their sequencing is handled by the
+Which filters are invoked and their sequencing is handled by the
InputMailFilters option. Note: if InputMailFilters is not defined no filters
will be used.
O InputMailFilters=filter1, filter2, filter3
This is is set automatically according to the order of the
INPUT_MAIL_FILTER commands in your .mc file. Alternatively, you can
reset its value by setting confINPUT_MAIL_FILTERS in your .mc file.
This options causes the three filters to be called in the same order
they were specified. It allows for possible future filtering on output
(although this is not intended for this release).
Also note that a filter can be defined without adding it to the input
filter list by using MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your
.mc file.
To test sendmail with the sample filter, the following might be added (in
the appropriate locations) to your .mc file:
INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
+------------------+
| TESTING A FILTER |
+------------------+
Once you have compiled a filter, modified your .mc file and restarted
the sendmail process, you will want to test that the filter performs as
intended.
The sample filter takes one argument -p, which indicates the local port
on which to create a listening socket for the filter. Maintaining
consistency with the suggested options for sendmail.cf, this would be the
UNIX domain socket located in /var/run/f1.sock.
% ./sample -p local:/var/run/f1.sock
If the sample filter returns immediately to a command line, there was either
an error with your command or a problem creating the specified socket.
Further logging can be captured through the syslogd daemon. Using the
'netstat -a' command can ensure that your filter process is listening on
the appropriate local socket.
Email messages must be injected via SMTP to be filtered. There are two
simple means of doing this; either using the 'sendmail -bs' command, or
by telnetting to port 25 of the machine configured for milter. Once
connected via one of these options, the session can be continued through
the use of standard SMTP commands.
% sendmail -bs
220 test.sendmail.com ESMTP Sendmail 8.14.0/8.14.0; Thu, 22 Jun 2006 13:05:23 -0500 (EST)
HELO localhost
250 test.sendmail.com Hello testy@localhost, pleased to meet you
MAIL From:<testy>
250 2.1.0 <testy>... Sender ok
RCPT To:<root>
250 2.1.5 <root>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
From: testy@test.sendmail.com
To: root@test.sendmail.com
Subject: testing sample filter
Sample body
.
250 2.0.0 dB73Zxi25236 Message accepted for delivery
QUIT
221 2.0.0 test.sendmail.com closing connection
In the above example, the lines beginning with numbers are output by the
mail server, and those without are your input. If everything is working
properly, you will find a file in /tmp by the name of msg.XXXXXXXX (where
the Xs represent any combination of letters and numbers). This file should
contain the message body and headers from the test email entered above.
If the sample filter did not log your test email, there are a number of
methods to narrow down the source of the problem. Check your system
logs written by syslogd and see if there are any pertinent lines. You
may need to reconfigure syslogd to capture all relevant data. Additionally,
the logging level of sendmail can be raised with the LogLevel option.
See the sendmail(8) manual page for more information.
+--------------+
| REQUIREMENTS |
+--------------+
libmilter requires pthread support in the operating system. Moreover, it
requires that the library functions it uses are thread safe; which is true
for the operating systems libmilter has been developed and tested on. On
some operating systems this requires special compile time options (e.g.,
-not just -pthread). libmilter is currently known to work on (modulo problems
-in the pthread support of some specific versions):
-
-FreeBSD 3.x, 4.x
-SunOS 5.x (x >= 5)
-AIX 4.3.x
-HP UX 11.x
-Linux (recent versions/distributions)
-
-libmilter is currently not supported on:
+not just -pthread).
+So far, libmilter is not supported on:
IRIX 6.x
Ultrix
Feedback about problems (and possible fixes) is welcome.
+
+--------------------------+
| SOURCE FOR SAMPLE FILTER |
+--------------------------+
Note that the filter example.c may not be thread safe on some operating
systems. You should check your system man pages for the functions used
-below to verify the functions are thread safe.
-
-$Revision: 8.42 $, Last updated $Date: 2006-06-29 17:10:16 $
+to verify they are thread safe.
diff --git a/libmilter/comm.c b/libmilter/comm.c
index a551a5253fd8..05dfdb61457c 100644
--- a/libmilter/comm.c
+++ b/libmilter/comm.c
@@ -1,357 +1,357 @@
/*
* Copyright (c) 1999-2004, 2009 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: comm.c,v 8.71 2013-11-22 20:51:36 ca Exp $")
#include "libmilter.h"
#include <sm/errstring.h>
#include <sys/uio.h>
static ssize_t retry_writev __P((socket_t, struct iovec *, int, struct timeval *));
static size_t Maxdatasize = MILTER_MAX_DATA_SIZE;
/*
** SMFI_SETMAXDATASIZE -- set limit for milter data read/write.
**
** Parameters:
** sz -- new limit.
**
** Returns:
** old limit
*/
size_t
smfi_setmaxdatasize(sz)
size_t sz;
{
size_t old;
old = Maxdatasize;
Maxdatasize = sz;
return old;
}
/*
** MI_RD_CMD -- read a command
**
** Parameters:
** sd -- socket descriptor
** timeout -- maximum time to wait
** cmd -- single character command read from sd
** rlen -- pointer to length of result
** name -- name of milter
**
** Returns:
** buffer with rest of command
** (malloc()ed here, should be free()d)
** hack: encode error in cmd
*/
char *
mi_rd_cmd(sd, timeout, cmd, rlen, name)
socket_t sd;
struct timeval *timeout;
char *cmd;
size_t *rlen;
char *name;
{
ssize_t len;
mi_int32 expl;
ssize_t i;
FD_RD_VAR(rds, excs);
int ret;
int save_errno;
char *buf;
char data[MILTER_LEN_BYTES + 1];
*cmd = '\0';
*rlen = 0;
i = 0;
for (;;)
{
FD_RD_INIT(sd, rds, excs);
ret = FD_RD_READY(sd, rds, excs, timeout);
if (ret == 0)
break;
else if (ret < 0)
{
if (errno == EINTR)
continue;
break;
}
if (FD_IS_RD_EXC(sd, rds, excs))
{
*cmd = SMFIC_SELECT;
return NULL;
}
len = MI_SOCK_READ(sd, data + i, sizeof data - i);
if (MI_SOCK_READ_FAIL(len))
{
smi_log(SMI_LOG_ERR,
"%s, mi_rd_cmd: read returned %d: %s",
name, (int) len, sm_errstring(errno));
*cmd = SMFIC_RECVERR;
return NULL;
}
if (len == 0)
{
*cmd = SMFIC_EOF;
return NULL;
}
if (len >= (ssize_t) sizeof data - i)
break;
i += len;
}
if (ret == 0)
{
*cmd = SMFIC_TIMEOUT;
return NULL;
}
else if (ret < 0)
{
smi_log(SMI_LOG_ERR,
"%s: mi_rd_cmd: %s() returned %d: %s",
name, MI_POLLSELECT, ret, sm_errstring(errno));
*cmd = SMFIC_RECVERR;
return NULL;
}
*cmd = data[MILTER_LEN_BYTES];
data[MILTER_LEN_BYTES] = '\0';
(void) memcpy((void *) &expl, (void *) &(data[0]), MILTER_LEN_BYTES);
expl = ntohl(expl) - 1;
if (expl <= 0)
return NULL;
if (expl > Maxdatasize)
{
*cmd = SMFIC_TOOBIG;
return NULL;
}
#if _FFR_ADD_NULL
buf = malloc(expl + 1);
-#else /* _FFR_ADD_NULL */
+#else
buf = malloc(expl);
-#endif /* _FFR_ADD_NULL */
+#endif
if (buf == NULL)
{
*cmd = SMFIC_MALLOC;
return NULL;
}
i = 0;
for (;;)
{
FD_RD_INIT(sd, rds, excs);
ret = FD_RD_READY(sd, rds, excs, timeout);
if (ret == 0)
break;
else if (ret < 0)
{
if (errno == EINTR)
continue;
break;
}
if (FD_IS_RD_EXC(sd, rds, excs))
{
*cmd = SMFIC_SELECT;
free(buf);
return NULL;
}
len = MI_SOCK_READ(sd, buf + i, expl - i);
if (MI_SOCK_READ_FAIL(len))
{
smi_log(SMI_LOG_ERR,
"%s: mi_rd_cmd: read returned %d: %s",
name, (int) len, sm_errstring(errno));
ret = -1;
break;
}
if (len == 0)
{
*cmd = SMFIC_EOF;
free(buf);
return NULL;
}
if (len > expl - i)
{
*cmd = SMFIC_RECVERR;
free(buf);
return NULL;
}
if (len >= expl - i)
{
*rlen = expl;
#if _FFR_ADD_NULL
/* makes life simpler for common string routines */
buf[expl] = '\0';
-#endif /* _FFR_ADD_NULL */
+#endif
return buf;
}
i += len;
}
save_errno = errno;
free(buf);
/* select returned 0 (timeout) or < 0 (error) */
if (ret == 0)
{
*cmd = SMFIC_TIMEOUT;
return NULL;
}
if (ret < 0)
{
smi_log(SMI_LOG_ERR,
"%s: mi_rd_cmd: %s() returned %d: %s",
name, MI_POLLSELECT, ret, sm_errstring(save_errno));
*cmd = SMFIC_RECVERR;
return NULL;
}
*cmd = SMFIC_UNKNERR;
return NULL;
}
/*
** RETRY_WRITEV -- Keep calling the writev() system call
** until all the data is written out or an error occurs.
**
** Parameters:
** fd -- socket descriptor
** iov -- io vector
** iovcnt -- number of elements in io vector
** must NOT exceed UIO_MAXIOV.
** timeout -- maximum time to wait
**
** Returns:
** success: number of bytes written
** otherwise: MI_FAILURE
*/
static ssize_t
retry_writev(fd, iov, iovcnt, timeout)
socket_t fd;
struct iovec *iov;
int iovcnt;
struct timeval *timeout;
{
int i;
ssize_t n, written;
FD_WR_VAR(wrs);
written = 0;
for (;;)
{
while (iovcnt > 0 && iov[0].iov_len == 0)
{
iov++;
iovcnt--;
}
if (iovcnt <= 0)
return written;
/*
** We don't care much about the timeout here,
** it's very long anyway; correct solution would be
** to take the time before the loop and reduce the
** timeout after each invocation.
** FD_SETSIZE is checked when socket is created.
*/
FD_WR_INIT(fd, wrs);
i = FD_WR_READY(fd, wrs, timeout);
if (i == 0)
return MI_FAILURE;
if (i < 0)
{
if (errno == EINTR || errno == EAGAIN)
continue;
return MI_FAILURE;
}
n = writev(fd, iov, iovcnt);
if (n == -1)
{
if (errno == EINTR || errno == EAGAIN)
continue;
return MI_FAILURE;
}
written += n;
for (i = 0; i < iovcnt; i++)
{
if (iov[i].iov_len > (unsigned int) n)
{
iov[i].iov_base = (char *)iov[i].iov_base + n;
iov[i].iov_len -= (unsigned int) n;
break;
}
n -= (int) iov[i].iov_len;
iov[i].iov_len = 0;
}
if (i == iovcnt)
return written;
}
}
/*
** MI_WR_CMD -- write a cmd to sd
**
** Parameters:
** sd -- socket descriptor
** timeout -- maximum time to wait
** cmd -- single character command to write
** buf -- buffer with further data
** len -- length of buffer (without cmd!)
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
mi_wr_cmd(sd, timeout, cmd, buf, len)
socket_t sd;
struct timeval *timeout;
int cmd;
char *buf;
size_t len;
{
size_t sl;
ssize_t l;
mi_int32 nl;
int iovcnt;
struct iovec iov[2];
char data[MILTER_LEN_BYTES + 1];
if (len > Maxdatasize || (len > 0 && buf == NULL))
return MI_FAILURE;
nl = htonl(len + 1); /* add 1 for the cmd char */
(void) memcpy(data, (void *) &nl, MILTER_LEN_BYTES);
data[MILTER_LEN_BYTES] = (char) cmd;
sl = MILTER_LEN_BYTES + 1;
/* set up the vector for the size / command */
iov[0].iov_base = (void *) data;
iov[0].iov_len = sl;
iovcnt = 1;
if (len >= 0 && buf != NULL)
{
iov[1].iov_base = (void *) buf;
iov[1].iov_len = len;
iovcnt = 2;
}
l = retry_writev(sd, iov, iovcnt, timeout);
if (l == MI_FAILURE)
return MI_FAILURE;
return MI_SUCCESS;
}
diff --git a/libmilter/docs/api.html b/libmilter/docs/api.html
index b314a0f4e96d..4a90e9a432e6 100644
--- a/libmilter/docs/api.html
+++ b/libmilter/docs/api.html
@@ -1,321 +1,330 @@
<HTML>
<HEAD><TITLE>Milter API</TITLE></HEAD>
<BODY>
<!--
$Id: api.html,v 1.39 2013-11-22 20:51:39 ca Exp $
-->
<H1>Milter API</H1>
<H2>Contents</H2>
<UL>
<LI><A HREF="#LibraryControlFunctions">Library Control Functions</A>
<LI><A HREF="#DataAccessFunctions">Data Access Functions</A>
<LI><A HREF="#MessageModificationFunctions">Message Modification Functions</A>
<LI><A HREF="#Callbacks">Callbacks</A>
<LI><A HREF="#Miscellaneous">Miscellaneous</A>
</UL>
-<H2><A NAME="LibraryControlFunctions">Library Control Functions</A></H2>
+<H2><A NAME="LibraryControlFunctions">Library Control Functions</A></H2>
Before handing control to libmilter (by calling
<A HREF="smfi_main.html">smfi_main</A>), a filter may call the following
functions to set libmilter parameters.
In particular, the filter must call
<A HREF="smfi_register.html">smfi_register</A> to register its callbacks.
Each function will return either MI_SUCCESS or MI_FAILURE to
-indicate the status of the operation.
+indicate the status of the operation.
<P>
-None of these functions communicate with the MTA. All alter the
-library's state, some of which is communicated to the MTA inside
+None of these functions communicate with the MTA.
+All alter the library's state, some of which
+is communicated to the MTA inside
<A HREF="smfi_main.html">smfi_main</A>.
<P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH></TR>
<TR><TD><A HREF="smfi_opensocket.html">smfi_opensocket</A></TD><TD>Try to create the interface socket.</TD></TR>
<TR><TD><A HREF="smfi_register.html">smfi_register</A></TD><TD>Register a filter.</TD></TR>
<TR><TD><A HREF="smfi_setconn.html">smfi_setconn</A></TD><TD>Specify socket to use.</TD></TR>
<TR><TD><A HREF="smfi_settimeout.html">smfi_settimeout</A></TD><TD>Set timeout.</TD></TR>
<TR><TD><A HREF="smfi_setbacklog.html">smfi_setbacklog</A></TD><TD>Define the incoming <CODE>listen(2)</CODE> queue size.</TD></TR>
<TR><TD><A HREF="smfi_setdbg.html">smfi_setdbg</A></TD><TD>Set the milter library debugging (tracing) level.</TD></TR>
<TR><TD><A HREF="smfi_stop.html">smfi_stop</A></TD><TD>Cause an orderly shutdown.</TD></TR>
<TR><TD><A HREF="smfi_main.html">smfi_main</A></TD><TD>Hand control to libmilter.</TD></TR>
</TABLE>
<H2><A NAME="DataAccessFunctions">Data Access Functions</A></H2>
The following functions may be called from within the filter-defined callbacks
-to access information about the current connection or message.
+to access information about the current connection or message.
<P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR bgcolor="#dddddd"><TH>Function</TH><TH>Description</TH></TR>
<TR><TD><A HREF="smfi_getsymval.html">smfi_getsymval</A></TD><TD>Return the value
of a symbol.</TD></TR>
<TR><TD><A HREF="smfi_getpriv.html">smfi_getpriv</A></TD><TD>Get the private data
pointer.</TD></TR>
<TR><TD><A HREF="smfi_setpriv.html">smfi_setpriv</A></TD><TD>Set the private data
pointer.</TD></TR>
<TR><TD><A HREF="smfi_setreply.html">smfi_setreply</A></TD><TD>Set the specific
reply code to be used.</TD></TR>
<TR><TD><A HREF="smfi_setmlreply.html">smfi_setmlreply</A></TD><TD>Set the
specific multi-line reply to be used.</TD></TR>
</TABLE>
<H2><A NAME="MessageModificationFunctions">Message Modification Functions</A></H2>
The following functions change a message's contents and attributes.
<EM>They may only be called in <A HREF="xxfi_eom.html">xxfi_eom</A></EM>.
All of these functions may invoke additional communication with the MTA.
They will return either MI_SUCCESS or MI_FAILURE to indicate the status of
-the operation. Message data (senders, recipients, headers, body chunks)
+the operation.
+Message data (senders, recipients, headers, body chunks)
passed to these functions via parameters is copied and does not need to be
preserved (i.e., allocated memory can be freed).
<P>
-A filter must have set the appropriate flag (listed below) in the
-description passed to <A HREF="smfi_register.html">smfi_register</A>
-to call any message modification function. Failure to do so will
-cause the MTA to treat a call to the function as a failure of the
-filter, terminating its connection.
+A filter which might call a message modification function
+must set the appropriate flag
+(<A HREF="#SMFIF">listed below</A>),
+either
+in the description passed to <A HREF="smfi_register.html">smfi_register</A>
+or via <A HREF="xxfi_negotiate.html">xxfi_negotiate</A>.
+Failure to do so will cause the MTA to treat a call to the function
+as a failure of the filter, terminating its connection.
<P>
Note that the status returned indicates only whether or not the
filter's message was successfully sent to the MTA, not whether or not
-the MTA performed the requested operation. For example,
+the MTA performed the requested operation.
+For example,
<A HREF="smfi_addheader.html">smfi_addheader</A>, when called with an
illegal header name, will return MI_SUCCESS even though the MTA may
later refuse to add the illegal header.
<P>
-<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH><TH>SMFIF_* flag</TR>
+<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH><TH><A NAME="SMFIF">SMFIF_* flag</A></TH></TR>
<TR><TD><A HREF="smfi_addheader.html">smfi_addheader</A></TD><TD>Add a header to
-the message.</TD><TD>SMFIF_ADDHDRS</TD></TR>
+the message.</TD><TD>SMFIF_ADDHDRS</TD></TR>
-<TR><TD><A HREF="smfi_chgheader.html">smfi_chgheader</A></TD><TD>Change or delete a header.</TD><TD>SMFIF_CHGHDRS</TD></TR>
+<TR><TD><A HREF="smfi_chgheader.html">smfi_chgheader</A></TD><TD>Change or delete a header.</TD><TD>SMFIF_CHGHDRS</TD></TR>
<TR><TD><A HREF="smfi_insheader.html">smfi_insheader</A></TD><TD>Insert a
-header into the message.</TD><TD>SMFIF_ADDHDRS</TD></TR>
+header into the message.</TD><TD>SMFIF_ADDHDRS</TD></TR>
<TR><TD><A HREF="smfi_chgfrom.html">smfi_chgfrom</A></TD><TD>Change the
envelope sender address.</TD><TD>SMFIF_CHGFROM</TD></TR>
<TR><TD><A HREF="smfi_addrcpt.html">smfi_addrcpt</A></TD><TD>Add a recipient to
the envelope.</TD><TD>SMFIF_ADDRCPT</TD></TR>
<TR><TD><A HREF="smfi_addrcpt_par.html">smfi_addrcpt_par</A></TD><TD>Add
a recipient including ESMTP parameter to the envelope.
</TD><TD>SMFIF_ADDRCPT_PAR</TD></TR>
<TR><TD><A HREF="smfi_delrcpt.html">smfi_delrcpt</A></TD><TD>Delete a recipient
from the envelope.</TD><TD>SMFIF_DELRCPT</TD></TR>
<TR><TD><A HREF="smfi_replacebody.html">smfi_replacebody</A></TD><TD>Replace the
body of the message.</TD><TD>SMFIF_CHGBODY</TD></TR>
</TABLE>
<H2>Other Message Handling Functions</H2>
The following functions provide special case handling instructions for
milter or the MTA, without altering the content or status of the message.
<EM>They too may only be called in <A HREF="xxfi_eom.html">xxfi_eom</A></EM>.
All of these functions may invoke additional communication with the MTA.
They will return either MI_SUCCESS or MI_FAILURE to indicate the status of
the operation.
<P>
Note that the status returned indicates only whether or not the
filter's message was successfully sent to the MTA, not whether or not
the MTA performed the requested operation.
<P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH></TR>
<TR><TD><A HREF="smfi_progress.html">smfi_progress</A></TD><TD>Report operation in progress.</TD></TR>
<TR><TD><A HREF="smfi_quarantine.html">smfi_quarantine</A></TD><TD>Quarantine a message.</TD></TR>
</TABLE>
<H2><A NAME="Callbacks">Callbacks</A></H2>
The filter should implement one or more of the following callbacks,
which are registered via <A HREF="smfi_register.html">smfi_register</A>:
<P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH></TR>
<TR><TD><A HREF="xxfi_connect.html">xxfi_connect</A></TD><TD>connection info</TD></TR>
<TR><TD><A HREF="xxfi_helo.html">xxfi_helo</A></TD><TD>SMTP HELO/EHLO command</TD></TR>
<TR><TD><A HREF="xxfi_envfrom.html">xxfi_envfrom</A></TD><TD>envelope sender</TD></TR>
<TR><TD><A HREF="xxfi_envrcpt.html">xxfi_envrcpt</A></TD><TD>envelope recipient</TD></TR>
<TR><TD><A HREF="xxfi_data.html">xxfi_data</A></TD><TD>DATA command</TD></TR>
<TR><TD><A HREF="xxfi_unknown.html">xxfi_unknown</A></TD><TD>Unknown SMTP command</TD></TR>
<TR><TD><A HREF="xxfi_header.html">xxfi_header</A></TD><TD>header</TD></TR>
<TR><TD><A HREF="xxfi_eoh.html">xxfi_eoh</A></TD><TD>end of header</TD></TR>
<TR><TD><A HREF="xxfi_body.html">xxfi_body</A></TD><TD>body block</TD></TR>
<TR><TD><A HREF="xxfi_eom.html">xxfi_eom</A></TD><TD>end of message</TD></TR>
<TR><TD><A HREF="xxfi_abort.html">xxfi_abort</A></TD><TD>message aborted</TD></TR>
<TR><TD><A HREF="xxfi_close.html">xxfi_close</A></TD><TD>connection cleanup</TD></TR>
-<TR><TD><A HREF="xxfi_negotiate.html">xxfi_negotiate</A></TD><TD>option negotiattion</TD></TR>
+<TR><TD><A HREF="xxfi_negotiate.html">xxfi_negotiate</A></TD><TD>option negotiation</TD></TR>
</TABLE>
<P>
The above callbacks should all return one of the following return values,
-having the indicated meanings. Any return other than one of the below
-values constitutes an error, and will cause sendmail to terminate its
-connection to the offending filter.
+having the indicated meanings.
+Any return other than one of the below values constitutes an error,
+and will cause sendmail to terminate its connection to the offending filter.
<P><A NAME="conn-spec">Milter</A> distinguishes between recipient-,
-message-, and connection-oriented routines. Recipient-oriented
-callbacks may affect the processing of a single message recipient;
-message-oriented callbacks, a single message; connection-oriented
-callbacks, an entire connection (during which multiple messages may be
-delivered to multiple sets of recipients).
+message-, and connection-oriented routines.
+Recipient-oriented callbacks may affect the processing
+of a single message recipient;
+message-oriented callbacks, a single message;
+connection-oriented callbacks, an entire connection
+(during which multiple messages may be delivered
+to multiple sets of recipients).
<A HREF="xxfi_envrcpt.html">xxfi_envrcpt</A> is recipient-oriented.
+<A HREF="xxfi_negotiate.html">xxfi_negotiate</A>,
<A HREF="xxfi_connect.html">xxfi_connect</A>,
<A HREF="xxfi_helo.html">xxfi_helo</A> and
-<A HREF="xxfi_close.html">xxfi_close</A> are connection-oriented. All
-other callbacks are message-oriented.
+<A HREF="xxfi_close.html">xxfi_close</A> are connection-oriented.
+All other callbacks are message-oriented.
<P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2>
<TR BGCOLOR="#dddddd"><TH>Return value</TH><TH>Description</TH></TR>
<TR VALIGN="TOP">
- <TD>SMFIS_CONTINUE</TD>
+ <TD>SMFIS_CONTINUE</TD>
<TD>Continue processing the current connection, message, or recipient.
</TD>
</TR>
<TR VALIGN="TOP">
<TD>SMFIS_REJECT</TD>
<TD>For a connection-oriented routine, reject this connection; call <A HREF="xxfi_close.html">xxfi_close</A>.<BR>
- For a message-oriented routine (except
+ For a message-oriented routine (except
<A HREF="xxfi_abort.html">xxfi_abort</A>), reject this message.<BR>
For a recipient-oriented routine, reject the current recipient (but continue processing the current message).
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_DISCARD</TD>
<TD>For a message- or recipient-oriented routine, accept this message, but silently discard it.<BR>
SMFIS_DISCARD should not be returned by a connection-oriented routine.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_ACCEPT</TD>
<TD>For a connection-oriented routine, accept this connection without further filter processing; call <A HREF="xxfi_close.html">xxfi_close</A>.<BR>
For a message- or recipient-oriented routine, accept this message without further filtering.<BR>
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_TEMPFAIL</TD>
<TD>Return a temporary failure, i.e., the corresponding SMTP command will return an appropriate 4xx status code.
- For a message-oriented routine (except <A HREF="xxfi_envfrom.html">xxfi_envfrom</A>), fail for this message. <BR>
- For a connection-oriented routine, fail for this connection; call <A HREF="xxfi_close.html">xxfi_close</A>. <BR>
+ For a message-oriented routine (except <A HREF="xxfi_envfrom.html">xxfi_envfrom</A>), fail for this message.<BR>
+ For a connection-oriented routine, fail for this connection; call <A HREF="xxfi_close.html">xxfi_close</A>.<BR>
For a recipient-oriented routine, only fail for the current recipient; continue message processing.
</TD>
</TR>
<TR valign="top">
<TD><A NAME="SMFIS_SKIP">SMFIS_SKIP</A></TD>
<TD>Skip further callbacks of the same type in this transaction.
Currently this return value is only allowed in
<A HREF="xxfi_body.html">xxfi_body()</A>.
It can be used if a milter has received sufficiently many
body chunks to make a decision, but still wants to invoke
message modification functions that are only allowed to be called from
<A HREF="xxfi_eom.html">xxfi_eom()</A>.
Note: the milter <EM>must</EM>
<A HREF="xxfi_negotiate.html">negotiate</A>
this behavior with the MTA, i.e., it must check whether
the protocol action
<A HREF="xxfi_negotiate.html#SMFIP_SKIP"><CODE>SMFIP_SKIP</CODE></A>
is available and if so, the milter must request it.
</TD>
</TR>
<TR valign="top">
<TD><A NAME="SMFIS_NOREPLY">SMFIS_NOREPLY</A></TD>
<TD>Do not send a reply back to the MTA.
The milter <EM>must</EM>
<A HREF="xxfi_negotiate.html">negotiate</A>
this behavior with the MTA, i.e., it must check whether
the appropriate protocol action
<A HREF="xxfi_negotiate.html#SMFIP_NR_"><CODE>SMFIP_NR_*</CODE></A>
is available and if so, the milter must request it.
If you set the
<A HREF="xxfi_negotiate.html#SMFIP_NR_"><CODE>SMFIP_NR_*</CODE></A>
protocol action for a callback, that callback <EM>must</EM>
always reply with
SMFIS_NOREPLY.
Using any other reply code is a violation of the API.
If in some cases your callback may return another value
(e.g., due to some resource shortages), then you
<EM>must not</EM> set
<A HREF="xxfi_negotiate.html#SMFIP_NR_"><CODE>SMFIP_NR_*</CODE></A>
and you must use
SMFIS_CONTINUE as the default return code.
(Alternatively you can try to delay reporting the problem to
a later callback for which
<A HREF="xxfi_negotiate.html#SMFIP_NR_"><CODE>SMFIP_NR_*</CODE></A>
is not set.)
</TD>
</TR>
</TABLE>
<H2><A NAME="Miscellaneous">Miscellaneous</A></H2>
<P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH></TR>
<TR><TD><A HREF="smfi_version.html">smfi_version</A></TD><TD>libmilter (runtime) version info</TD></TR>
<TR><TD><A HREF="smfi_setsymlist.html">smfi_setsymlist</A></TD><TD>
Set the list of macros that the milter wants to receive from the MTA
for a protocol stage.
</TD></TR>
</TABLE>
<P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Constant</TH><TH>Description</TH></TR>
<TR><TD><A HREF="smfi_version.html">SMFI_VERSION</A></TD><TD>libmilter (compile time) version info</TD></TR>
</TABLE>
<HR SIZE="1">
<FONT SIZE="-1">
Copyright (c) 2000, 2003, 2006, 2009 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/design.html b/libmilter/docs/design.html
index 294f9a153d08..3636fc8158f5 100644
--- a/libmilter/docs/design.html
+++ b/libmilter/docs/design.html
@@ -1,147 +1,151 @@
<HTML>
<HEAD>
<TITLE>Architecture</TITLE>
</HEAD>
<BODY>
<!--
$Id: design.html,v 1.13 2013-11-22 20:51:39 ca Exp $
-->
<H1>Architecture</H1>
<H2>Contents</H2>
<UL>
<LI>Design Goals
<LI>Implementing Filtering Policies
<LI>MTA - Filter Communication
</UL>
<H2>Goals</H2>
The Sendmail Content Management API (Milter) provides an interface for
third-party software to validate and modify messages as they pass
through the mail transport system. Filters can process messages'
connection (IP) information, envelope protocol elements, message
headers, and/or message body contents, and modify a message's
recipients, headers, and body. The MTA configuration file specifies
which filters are to be applied, and in what order, allowing an
administrator to combine multiple independently-developed filters.
<P>
We expect to see both vendor-supplied, configurable mail filtering
applications and a multiplicity of script-like filters designed by and
-for MTA administrators. A certain degree of coding sophistication and
-domain knowledge on the part of the filter provider is assumed. This
-allows filters to exercise fine-grained control at the SMTP level.
+for MTA administrators.
+A certain degree of coding sophistication and
+domain knowledge on the part of the filter provider is assumed.
+This allows filters to exercise fine-grained control at the SMTP level.
However, as will be seen in the example, many filtering applications
-can be written with relatively little protocol knowledge.
+can be written with relatively little protocol knowledge,
+but a basic understanding (e.g., as documented in RFC 5321:
+<EM>The dialog is purposely lock-step, one-at-a-time</EM>)
+is necessary.
<P>
Given these expectations, the API is designed to achieve the following
goals:
<OL>
<LI>Safety/security.
Filter processes should not need to run as root
(of course, they can if required, but that is a local issue);
this will simplify coding
and limit the impact of security flaws in the filter program.
<P>
<LI>Reliability.
Coding failures in a Milter process that cause that process
to hang or core-dump
should not stop mail delivery.
Faced with such a failure,
sendmail should use a default mechanism,
either behaving as if the filter were not present
or as if a required resource were unavailable.
The latter failure mode will generally have sendmail return
a 4xx SMTP code (although in later phases of the SMTP protocol
it may cause the mail to be queued for later processing).
<P>
<LI>Simplicity.
The API should make implementation of a new filter
no more difficult than absolutely necessary.
Subgoals include:
<UL>
<LI>Encourage good thread practice
by defining thread-clean interfaces including local data hooks.
<LI>Provide all interfaces required
while avoiding unnecessary pedanticism.
</UL>
<P>
<LI>Performance.
Simple filters should not seriously impact overall MTA performance.
</OL>
<H2>Implementing Filtering Policies</H2>
Milter is designed to allow a server administrator to combine
third-party filters to implement a desired mail filtering policy. For
example, if a site wished to scan incoming mail for viruses on several
platforms, eliminate unsolicited commercial email, and append a mandated
footer to selected incoming messages, the administrator could configure
the MTA to filter messages first through a server based anti-virus
engine, then via a large-scale spam-catching service, and finally
append the desired footer if the message still met requisite criteria.
Any of these filters could be added or changed independently.
<P>
Thus the site administrator, not the filter writer, controls the
overall mail filtering environment. In particular, he/she must decide
which filters are run, in what order they are run, and how they
communicate with the MTA. These parameters, as well as the
actions to be taken if a filter becomes unavailable, are selectable
during MTA configuration. <A href="installation.html">Further
details</A> are available later in this document.
<H2>MTA - Filter communication</H2>
Filters run as separate processes, outside of the sendmail address
space. The benefits of this are threefold:
<OL>
<LI>The filter need not run with "root" permissions, thereby
avoiding a large family of potential security problems.</LI>
<LI>Failures in a particular filter will not affect the MTA or
other filters.</LI>
<LI>The filter can potentially have higher performance because of
the parallelism inherent in multiple processes.</LI>
</OL>
<P>
Each filter may communicate with multiple MTAs at the same time over
local or remote connections, using multiple threads of execution.
<A HREF="#figure-1">Figure 1</A> illustrates a possible network of
communication channels between a site's filters, its MTAs, and other
MTAs on the network:
</P>
<DIV align="center">
<A name="figure-1"><IMG src="figure1.jpg" ALT=""></A><BR>
<B>Figure 1: A set of MTA's interacting with a set of filters.</B>
</DIV>
<P>
The Milter library (libmilter) implements the communication protocol.
It accepts connections from various MTAs, passes the relevant data to
the filter through callbacks, then makes appropriate responses based
on return codes. A filter may also send data to the MTA as a result
of library calls. <A href="#figure-2">Figure 2</A> shows a single
filter process processing messages from two MTAs:
</P>
<DIV align="center">
<IMG src="figure2.jpg" ALT=""><BR>
<B>Figure 2: A filter handling simultaneous requests from two MTA's.</B>
</DIV>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/index.html b/libmilter/docs/index.html
index 57d9ebc6d74d..90df444f6265 100644
--- a/libmilter/docs/index.html
+++ b/libmilter/docs/index.html
@@ -1,92 +1,92 @@
<HTML>
<HEAD>
<TITLE>Filtering Mail with Sendmail</TITLE>
</HEAD>
<BODY>
<!--
$Id: index.html,v 1.14 2013-11-22 20:51:39 ca Exp $
-->
<H1>Filtering Mail with Sendmail</H1>
<!--
-<P><B>Disclaimer</B>:
+<P><B>Disclaimer</B>:
This preliminary API description is provided for review only. This
specification may change based on feedback from reviewers, and does
not bind Sendmail to offer this functionality in any release.
-->
<H2>Introduction</H2>
<P>
Sendmail's Content Management API (milter) provides third-party
programs to access mail messages as they are being processed by the
Mail Transfer Agent (MTA), allowing them to examine and modify message
content and meta-information. Filtering policies implemented by
Milter-conformant filters may then be centrally configured and
composed in an end-user's MTA configuration file.
<P>
Possible uses for filters include spam rejection, virus
filtering, and content control. In general, Milter seeks to address
site-wide filtering concerns in a scalable way. Individual users' mail
filtering needs (e.g. sorting messages by subject) are left to
client-level programs such as <A href="http://www.procmail.org">Procmail</A>.
<P>
This document is a technical introduction intended for those
interested in developing Milter filters. It includes:
<UL>
<LI>A description of Milter's design goals.
<LI>An explanation of Milter application architecture, including
interactions between the support library and user code, and between
filters and the MTA.
<LI>A specification of the C application programming interface.
<LI>An example of a simple Milter filter.
</UL>
<H2>Contents</H2>
<UL>
<LI><A href="design.html">Architecture</A>
<UL>
<LI>Design Goals
<LI>Implementing Filtering Policies
<LI>MTA - Filter communication
</UL>
<LI><A href="overview.html">Technical Overview</A>
<UL>
<LI>Initialization
<LI>Control flow
<LI>Multithreading
<LI>Resource Management
<LI>Signal Handling
</UL>
<LI><A href="api.html">API Documentation</A>
<UL>
<LI>Library Control Functions
<LI>Data Access Functions
<LI>Message Modification Functions
<LI>Callbacks
</UL>
<LI><A href="installation.html">Installation and Configuration</A>
<UL>
<LI>Compiling and Installing Your Filter
<LI>Configuring Sendmail
</UL>
<LI><A href="sample.html">A Sample Filter</A>
<!-- <LI><A href="other.html">Other Sources of Information</A> -->
</UL>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2001, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/installation.html b/libmilter/docs/installation.html
index 91fe0d818a3f..7405afd7f014 100644
--- a/libmilter/docs/installation.html
+++ b/libmilter/docs/installation.html
@@ -1,165 +1,165 @@
<HTML>
<HEAD><TITLE>Installation and Configuration</TITLE>
</HEAD>
<BODY>
<!--
$Id: installation.html,v 1.24 2013-11-22 20:51:39 ca Exp $
-->
<H1>Installation</H1>
<H2>Contents</H2>
<UL>
<LI><A href="#compile">Compiling and Installing Your Filter</A>
<LI><A href="#config">Configuring Sendmail</A>
</UL>
<H2><A name="compile">Compiling and Installing Your Filter</A></H2>
To compile a filter, modify the Makefile provided with the sample program, or:
<UL>
<LI>Put the include and Sendmail directories in your include path
- (e.g. -I/path/to/include -I/path/to/sendmail).
+ (e.g. -I/path/to/include -I/path/to/sendmail).
<LI>Make sure libmilter.a is in your library path, and link your
application with it (e.g. "-lmilter").
<LI>Compile with pthreads, either by using -pthread for gcc, or
linking with a pthreads support library (-lpthread).
</UL>
Your compile command line will look like
<PRE>
cc -I/path/to/include -I/path/to/sendmail -c myfile.c
</PRE>
and your linking command line will look something like
<PRE>
cc -o myfilter [object-files] -L[library-location] -lmilter -pthread
</PRE>
<H2><A name="config">Configuring Sendmail</A></H2>
If you use a sendmail version older than 8.13 please see
the instructions for your version.
The default compilation options for sendmail enable support
for milters since 8.13.
<P>
Next, you must add the desired filters to your sendmail configuration
(.mc) file.
Mail filters have three equates:
The required <CODE>S=</CODE> equate specifies the socket where
sendmail should look for the filter; the optional <CODE>F=</CODE> and
<CODE>T=</CODE> equates specify flags and timeouts, respectively.
All equates names, equate field names, and flag values are case sensitive.
<P>
The current flags (<CODE>F=</CODE>) are:
<P>
<TABLE cellspacing="1" cellpadding=4 border=1>
<TR bgcolor="#dddddd" align=left valign=top>
<TH>Flag</TH> <TH align="center">Meaning</TH>
</TR>
<TR align="left" valign=top>
<TD>R</TD> <TD>Reject connection if filter unavailable</TD>
</TR>
<TR align="left" valign=top>
<TD>T</TD> <TD>Temporary fail connection if filter unavailable</TD>
</TR>
</TABLE>
If a filter is unavailable or unresponsive and no flags have been
specified, the MTA will continue normal handling of the current
connection.
The MTA will try to contact the filter again on each new connection.
<P>
-There are three fields inside of the <CODE>T=</CODE> equate: S, R, and E.
+There are four fields inside of the <CODE>T=</CODE> equate: C, S, R, and E.
Note the separator between each is a ";" (semicolon), as ","
(comma) already separates equates.
The value of each field is a decimal number followed by a single letter
designating the units ("s" for seconds, "m" for minutes).
The fields have the following meanings:
<P>
<TABLE cellspacing="1" cellpadding=4 border=1>
<TR bgcolor="#dddddd" align=left valign=top>
<TH>Flag</TH> <TH align="center">Meaning</TH>
</TR>
<TR align="left" valign=top>
<TD>C</TD> <TD>Timeout for connecting to a filter. If set to 0, the
system's <CODE>connect(2)</CODE> timeout will be used.
Default: 5m</TD>
</TR>
<TR align="left" valign=top>
<TD>S</TD> <TD>Timeout for sending information from the MTA to a
filter. Default: 10s</TD>
</TR>
<TR align="left" valign=top>
<TD>R</TD> <TD>Timeout for reading reply from the filter. Default: 10s</TD>
</TR>
<TR align="left" valign=top>
<TD>E</TD> <TD>Overall timeout between sending end-of-message to
filter and waiting for the final acknowledgment. Default: 5m</TD>
</TR>
</TABLE>
<P>
The following sendmail.mc example specifies three filters.
The first two rendezvous on Unix-domain sockets in the /var/run directory;
the third uses an IP socket on port 999.
<PRE>
INPUT_MAIL_FILTER(`filter1', `S=unix:/var/run/f1.sock, F=R')
INPUT_MAIL_FILTER(`filter2', `S=unix:/var/run/f2.sock, F=T, T=S:1s;R:1s;E:5m')
INPUT_MAIL_FILTER(`filter3', `S=inet:999@localhost, T=C:2m')
define(`confINPUT_MAIL_FILTERS', `filter2,filter1,filter3')
<HR width="30%">
m4 ../m4/cf.m4 myconfig.mc &gt; myconfig.cf
</PRE>
By default, the filters would be run in the order declared,
i.e. "filter1, filter2, filter3"; however, since
<CODE>confINPUT_MAIL_FILTERS</CODE> is defined, the filters will be
run "filter2, filter1, filter3".
Also note that a filter can be defined
without adding it to the input filter list by using
MAIL_FILTER() instead of INPUT_MAIL_FILTER().
<P>
The above macros will result in the following lines being added to
your .cf file:
<PRE>
Xfilter1, S=unix:/var/run/f1.sock, F=R
Xfilter2, S=unix:/var/run/f2.sock, F=T, T=S:1s;R:1s;E:5m
Xfilter3, S=inet:999@localhost, T=C:2m
O InputMailFilters=filter2,filter1,filter3
</PRE>
<P>
Finally, the sendmail macros accessible via
<A HREF="smfi_getsymval.html">smfi_getsymval</A> can be configured by
defining the following m4 variables (or cf options):
<TABLE cellspacing="1" cellpadding=4 border=1>
<TR bgcolor="#dddddd" align=left valign=top>
<TH align="center">In .mc file</TH> <TH align="center">In .cf file</TH>
<TH align="center">Default Value</TH>
</TR>
<TR><TD>confMILTER_MACROS_CONNECT</TD><TD>Milter.macros.connect</TD>
<TD><CODE>j, _, {daemon_name}, {if_name}, {if_addr}</CODE></TD></TR>
<TR><TD>confMILTER_MACROS_HELO</TD><TD>Milter.macros.helo</TD>
<TD><CODE>{tls_version}, {cipher}, {cipher_bits}, {cert_subject},
{cert_issuer}</CODE></TD></TR>
<TR><TD>confMILTER_MACROS_ENVFROM</TD><TD>Milter.macros.envfrom</TD>
<TD><CODE>i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author},
{mail_mailer}, {mail_host}, {mail_addr}</CODE></TD></TR>
<TR><TD>confMILTER_MACROS_ENVRCPT</TD><TD>Milter.macros.envrcpt</TD>
<TD><CODE>{rcpt_mailer}, {rcpt_host}, {rcpt_addr}</CODE></TD></TR>
</TABLE>
For information about available macros and their meanings, please
consult the sendmail documentation.
<HR size="1">
<FONT size="-1">
Copyright (c) 2000-2003, 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/overview.html b/libmilter/docs/overview.html
index 78676d377a11..b88e45136965 100644
--- a/libmilter/docs/overview.html
+++ b/libmilter/docs/overview.html
@@ -1,217 +1,229 @@
<HTML>
<HEAD>
<TITLE>Technical Overview</TITLE>
</HEAD>
<BODY>
<!--
$Id: overview.html,v 1.22 2013-11-22 20:51:39 ca Exp $
-->
<H1>Technical Overview</H1>
<H2>Contents</H2>
<UL>
<LI><A HREF="#Initialization">Initialization</A>
<LI><A HREF="#ControlFlow">Control Flow</A>
<LI><A HREF="#Multithreading">Multithreading</A>
<LI><A HREF="#ResourceManagement">Resource Management</A>
<LI><A HREF="#SignalHandling">Signal Handling</A>
</UL>
<H2><A NAME="Initialization">Initialization</A></H2>
In addition to its own initialization,
libmilter expects a filter to initialize several parameters
before calling <A HREF="smfi_main.html">smfi_main</A>:
<UL>
<LI>The callbacks the filter wishes to be called, and the types of
message modification it intends to perform (required, see
<A HREF="smfi_register.html">smfi_register</A>).
<LI>The socket address to be used when communicating with the MTA
(required, see <A HREF="smfi_setconn.html">smfi_setconn</A>).
<LI>The number of seconds to wait for MTA connections before
timing out (optional, see
<A HREF="smfi_settimeout.html">smfi_settimeout</A>).
</UL>
<P>
If the filter fails to initialize libmilter,
or if one or more of the parameters it has passed are invalid,
a subsequent call to smfi_main will fail.
<H2><A NAME="ControlFlow">Control Flow</A></H2>
<P>
The following pseudocode describes the filtering process from the
perspective of a set of <CODE>N</CODE> MTA's,
each corresponding to a connection.
Callbacks are shown beside the processing stages in which they are invoked;
if no callbacks are defined for a particular stage,
that stage may be bypassed.
Though it is not shown,
processing may be aborted at any time during a message,
in which case the
<A HREF="xxfi_abort.html">xxfi_abort</A> callback is invoked and control
returns to <CODE>MESSAGE</CODE>.
<P>
<PRE>
For each of N connections
{
+ For each filter
+ egotiate MTA/milter capabilities/requirements (<A HREF="xxfi_negotiate.html">xxfi_negotiate</A>)
For each filter
process connection (<A HREF="xxfi_connect.html">xxfi_connect</A>)
For each filter
process helo/ehlo (<A HREF="xxfi_helo.html">xxfi_helo</A>)
MESSAGE:For each message in this connection (sequentially)
{
For each filter
process sender (<A HREF="xxfi_envfrom.html">xxfi_envfrom</A>)
For each recipient
{
For each filter
process recipient (<A HREF="xxfi_envrcpt.html">xxfi_envrcpt</A>)
}
For each filter
{
process DATA (<A HREF="xxfi_data.html">xxfi_data</A>)
For each header
process header (<A HREF="xxfi_header.html">xxfi_header</A>)
process end of headers (<A HREF="xxfi_eoh.html">xxfi_eoh</A>)
For each body block
process this body block (<A HREF="xxfi_body.html">xxfi_body</A>)
process end of message (<A HREF="xxfi_eom.html">xxfi_eom</A>)
}
}
For each filter
process end of connection (<A HREF="xxfi_close.html">xxfi_close</A>)
}
</PRE>
<P>Note: Filters are contacted in order defined in config file.</P>
<P>
To write a filter, a vendor supplies callbacks to process relevant
parts of a message transaction.
The library then controls all sequencing, threading,
and protocol exchange with the MTA.
<A HREF="#figure-3">Figure 3</A> outlines control flow for a filter
process, showing where different callbacks are invoked.
</P>
<DIV ALIGN="center"><A NAME="figure-3"></A>
<TABLE border=1 cellspacing=0 cellpadding=2 width="70%">
<TR bgcolor="#dddddd"><TH>SMTP Commands</TH><TH>Milter Callbacks</TH></TR>
<TR><TD>(open SMTP connection)</TD><TD>xxfi_connect</TD></TR>
<TR><TD>HELO ...</TD><TD>xxfi_helo</TD></TR>
<TR><TD>MAIL From: ...</TD><TD>xxfi_envfrom</TD></TR>
<TR><TD>RCPT To: ...</TD><TD>xxfi_envrcpt</TD></TR>
<TR><TD>[more RCPTs]</TD><TD>[xxfi_envrcpt]</TD></TR>
<TR><TD>DATA</TD><TD>xxfi_data</TD></TR>
<TR><TD>Header: ...</TD><TD>xxfi_header</TD></TR>
<TR><TD>[more headers]</TD><TD>[xxfi_header]</TD></TR>
<TR><TD>&nbsp;</TD><TD>xxfi_eoh</TD></TR>
<TR><TD>body... </TD><TD>xxfi_body</TD></TR>
<TR><TD>[more body...]</TD><TD>[xxfi_body]</TD></TR>
<TR><TD>.</TD><TD>xxfi_eom</TD></TR>
<TR><TD>QUIT</TD><TD>xxfi_close</TD></TR>
<TR><TD>(close SMTP connection)</TD><TD>&nbsp;</TD></TR>
</TABLE>
<B>Figure 3: Milter callbacks related to an SMTP transaction.</B>
</DIV>
<P>
Note that although only a single message is shown above, multiple
messages may be sent in a single connection.
Note also that a message or connection may be aborted by
either the remote host or the MTA
at any point during the SMTP transaction.
If this occurs during a message (between the MAIL command and the final "."),
the filter's
<A HREF="xxfi_abort.html">xxfi_abort</A> routine will be called.
<A HREF="xxfi_close.html">xxfi_close</A> is called any time the
connection closes.
<H2><A NAME="Multithreading">Multithreading</A></H2>
<P>
A single filter process may handle any number of connections
simultaneously.
All filtering callbacks must therefore be reentrant,
and use some appropriate external synchronization methods to access
global data.
Furthermore, since there is not a one-to-one correspondence
between threads and connections
(N connections mapped onto M threads, M &lt;= N),
connection-specific data must be accessed
through the handles provided by the Milter library.
The programmer cannot rely on library-supplied thread-specific data blocks
(e.g., <CODE>pthread_getspecific(3)</CODE>) to store connection-specific data.
See the API documentation for
<A HREF="smfi_setpriv.html">smfi_setpriv</A> and
<A HREF="smfi_getpriv.html">smfi_getpriv</A> for details.
<H2><A NAME="ResourceManagement">Resource Management</A></H2>
Since filters are likely to be long-lived,
and to handle many connections,
proper deallocation of per-connection resources is important.
The lifetime of a connection is bracketed by calls to the
callbacks <A HREF="xxfi_connect.html">xxfi_connect</A> and
<A HREF="xxfi_close.html">xxfi_close</A>.
Therefore connection-specific
resources (accessed via <A HREF="smfi_getpriv.html">smfi_getpriv</A>
and <A HREF="smfi_setpriv.html">smfi_setpriv</A>) may be allocated in
<A HREF="xxfi_connect.html">xxfi_connect</A>,
and should be freed in
<A HREF="xxfi_close.html">xxfi_close</A>.
For further information see
the <A HREF="api.html#conn-msg">discussion</A> of message- versus
connection-oriented routines.
In particular,
note that there is only one connection-specific data pointer per connection.
<P>
Each message is bracketed by calls to
<A HREF="xxfi_envfrom.html">xxfi_envfrom</A> and
<A HREF="xxfi_eom.html">xxfi_eom</A> (or
<A HREF="xxfi_abort.html">xxfi_abort</A>),
implying that message-specific resources can be allocated
and reclaimed in these routines.
Since the messages in a connection are processed sequentially by each filter,
there will be only one active message associated with a given
connection and filter (and connection-private data block).
These resources must still be accessed through
<A HREF="smfi_getpriv.html">smfi_getpriv</A> and
<A HREF="smfi_setpriv.html">smfi_setpriv</A>,
and must be reclaimed in
<A HREF="xxfi_abort.html">xxfi_abort</A>.
<H2><A NAME="SignalHandling">Signal Handling</A></H2>
libmilter takes care of signal handling,
the filters are not influenced directly by signals.
There are basically two types of signal handlers:
<OL>
<LI><TT>Stop</TT>: no new connections from the MTA will be accepted,
but existing connections are allowed to continue.
<LI><TT>Abort</TT>: all filters will be stopped as soon as the next
communication with the MTA happens.
</OL>
Filters are not terminated asynchronously
(except by signals that can't be caught).
In the case of <TT>Abort</TT> the
-<A HREF="xxfi_abort.html">xxfi_abort</A> callback is invoked.
+<A HREF="xxfi_abort.html">xxfi_abort</A> callback is usually invoked
+if there is an active transaction.
+However, if an invoked callback takes too long to execute
+(the maximum time <TT>Abort</TT> waits is currently 5s)
+<!-- XREF: MI_CHK_TIME -->
+then the filter is simply terminated, i.e.,
+neither the
+<A HREF="xxfi_abort.html">xxfi_abort</A> callback
+nor the
+<A HREF="xxfi_close.html">xxfi_close</A> callback
+is invoked.
<HR size="1">
<FONT size="-1">
-Copyright (c) 2000, 2001, 2003, 2006 Proofpoint, Inc. and its suppliers.
+Copyright (c) 2000, 2001, 2003, 2006, 2018 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/sample.html b/libmilter/docs/sample.html
index de8d58947a39..b470ae390eee 100644
--- a/libmilter/docs/sample.html
+++ b/libmilter/docs/sample.html
@@ -1,537 +1,537 @@
<HTML>
<HEAD><TITLE>A Sample Filter</TITLE></HEAD>
<BODY>
<!--
$Id: sample.html,v 1.23 2013-11-22 20:51:39 ca Exp $
-->
<H1>A Sample Filter</H1>
The following sample logs each message to a separate temporary file,
adds a recipient given with the -a flag,
and rejects a disallowed recipient address given with the -r flag.
It recognizes the following options:
<P>
<CENTER>
<TABLE border="1" cellpadding=2 cellspacing=1>
<TR><TD><CODE>-p port</CODE></TD><TD>The port through which the MTA will connect to the filter.</TD></TR>
<TR><TD><CODE>-t sec</CODE></TD><TD>The timeout value.</TD></TR>
<TR><TD><CODE>-r addr</CODE></TD><TD>A recipient to reject.</TD></TR>
<TR><TD><CODE>-a addr</CODE></TD><TD>A recipient to add.</TD></TR>
</TABLE>
</CENTER>
<HR>
<PRE>
#include &lt;sys/types.h&gt;
#include &lt;sys/stat.h&gt;
#include &lt;errno.h&gt;
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
#include &lt;string.h&gt;
#include &lt;sysexits.h&gt;
#include &lt;unistd.h&gt;
#include "libmilter/mfapi.h"
#ifndef bool
# define bool int
# define TRUE 1
# define FALSE 0
#endif /* ! bool */
struct mlfiPriv
{
char *mlfi_fname;
char *mlfi_connectfrom;
char *mlfi_helofrom;
FILE *mlfi_fp;
};
#define MLFIPRIV ((struct mlfiPriv *) <A href="smfi_getpriv.html">smfi_getpriv</A>(ctx))
extern sfsistat mlfi_cleanup(SMFICTX *, bool);
/* recipients to add and reject (set with -a and -r options) */
char *add = NULL;
char *reject = NULL;
sfsistat
<A href="xxfi_connect.html">mlfi_connect</A>(ctx, hostname, hostaddr)
SMFICTX *ctx;
char *hostname;
_SOCK_ADDR *hostaddr;
{
struct mlfiPriv *priv;
char *ident;
/* allocate some private memory */
priv = malloc(sizeof *priv);
if (priv == NULL)
{
/* can't accept this message right now */
return SMFIS_TEMPFAIL;
}
memset(priv, '\0', sizeof *priv);
/* save the private data */
<A href="smfi_setpriv.html">smfi_setpriv</A>(ctx, priv);
ident = <A href="smfi_getsymval.html">smfi_getsymval</A>(ctx, "_");
if (ident == NULL)
ident = "???";
if ((priv-&gt;mlfi_connectfrom = strdup(ident)) == NULL)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_helo.html">mlfi_helo</A>(ctx, helohost)
SMFICTX *ctx;
char *helohost;
{
size_t len;
char *tls;
char *buf;
struct mlfiPriv *priv = MLFIPRIV;
tls = <A href="smfi_getsymval.html">smfi_getsymval</A>(ctx, "{tls_version}");
if (tls == NULL)
tls = "No TLS";
if (helohost == NULL)
helohost = "???";
len = strlen(tls) + strlen(helohost) + 3;
if ((buf = (char*) malloc(len)) == NULL)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
snprintf(buf, len, "%s, %s", helohost, tls);
if (priv-&gt;mlfi_helofrom != NULL)
free(priv-&gt;mlfi_helofrom);
priv-&gt;mlfi_helofrom = buf;
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_envfrom.html">mlfi_envfrom</A>(ctx, argv)
SMFICTX *ctx;
char **argv;
{
int fd = -1;
int argc = 0;
struct mlfiPriv *priv = MLFIPRIV;
char *mailaddr = <A href="smfi_getsymval.html">smfi_getsymval</A>(ctx, "{mail_addr}");
/* open a file to store this message */
if ((priv-&gt;mlfi_fname = strdup("/tmp/msg.XXXXXX")) == NULL)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
if ((fd = mkstemp(priv-&gt;mlfi_fname)) == -1)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
if ((priv-&gt;mlfi_fp = fdopen(fd, "w+")) == NULL)
{
(void) close(fd);
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
/* count the arguments */
while (*argv++ != NULL)
++argc;
/* log the connection information we stored earlier: */
if (fprintf(priv-&gt;mlfi_fp, "Connect from %s (%s)\n\n",
priv-&gt;mlfi_helofrom, priv-&gt;mlfi_connectfrom) == EOF)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
/* log the sender */
if (fprintf(priv-&gt;mlfi_fp, "FROM %s (%d argument%s)\n",
mailaddr ? mailaddr : "???", argc,
(argc == 1) ? "" : "s") == EOF)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_envrcpt.html">mlfi_envrcpt</A>(ctx, argv)
SMFICTX *ctx;
char **argv;
{
struct mlfiPriv *priv = MLFIPRIV;
char *rcptaddr = <A href="smfi_getsymval.html">smfi_getsymval</A>(ctx, "{rcpt_addr}");
int argc = 0;
/* count the arguments */
while (*argv++ != NULL)
++argc;
/* log this recipient */
- if (reject != NULL && rcptaddr != NULL &&
+ if (reject != NULL &amp;&amp; rcptaddr != NULL &amp;&amp;
(strcasecmp(rcptaddr, reject) == 0))
{
if (fprintf(priv-&gt;mlfi_fp, "RCPT %s -- REJECTED\n",
rcptaddr) == EOF)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
return SMFIS_REJECT;
}
if (fprintf(priv-&gt;mlfi_fp, "RCPT %s (%d argument%s)\n",
rcptaddr ? rcptaddr : "???", argc,
(argc == 1) ? "" : "s") == EOF)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_header.html">mlfi_header</A>(ctx, headerf, headerv)
SMFICTX *ctx;
char *headerf;
unsigned char *headerv;
{
/* write the header to the log file */
if (fprintf(MLFIPRIV-&gt;mlfi_fp, "%s: %s\n", headerf, headerv) == EOF)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_eoh.html">mlfi_eoh</A>(ctx)
SMFICTX *ctx;
{
/* output the blank line between the header and the body */
if (fprintf(MLFIPRIV-&gt;mlfi_fp, "\n") == EOF)
{
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_body.html">mlfi_body</A>(ctx, bodyp, bodylen)
SMFICTX *ctx;
unsigned char *bodyp;
size_t bodylen;
{
struct mlfiPriv *priv = MLFIPRIV;
/* output body block to log file */
if (fwrite(bodyp, bodylen, 1, priv-&gt;mlfi_fp) != 1)
{
/* write failed */
fprintf(stderr, "Couldn't write file %s: %s\n",
priv-&gt;mlfi_fname, strerror(errno));
(void) mlfi_cleanup(ctx, FALSE);
return SMFIS_TEMPFAIL;
}
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_eom.html">mlfi_eom</A>(ctx)
SMFICTX *ctx;
{
bool ok = TRUE;
/* change recipients, if requested */
if (add != NULL)
ok = (<A href="smfi_addrcpt.html">smfi_addrcpt</A>(ctx, add) == MI_SUCCESS);
return mlfi_cleanup(ctx, ok);
}
sfsistat
<A href="xxfi_abort.html">mlfi_abort</A>(ctx)
SMFICTX *ctx;
{
return mlfi_cleanup(ctx, FALSE);
}
sfsistat
mlfi_cleanup(ctx, ok)
SMFICTX *ctx;
bool ok;
{
sfsistat rstat = SMFIS_CONTINUE;
struct mlfiPriv *priv = MLFIPRIV;
char *p;
char host[512];
char hbuf[1024];
if (priv == NULL)
return rstat;
/* close the archive file */
- if (priv-&gt;mlfi_fp != NULL && fclose(priv-&gt;mlfi_fp) == EOF)
+ if (priv-&gt;mlfi_fp != NULL &amp;&amp; fclose(priv-&gt;mlfi_fp) == EOF)
{
/* failed; we have to wait until later */
fprintf(stderr, "Couldn't close archive file %s: %s\n",
priv-&gt;mlfi_fname, strerror(errno));
rstat = SMFIS_TEMPFAIL;
(void) unlink(priv-&gt;mlfi_fname);
}
else if (ok)
{
/* add a header to the message announcing our presence */
if (gethostname(host, sizeof host) &lt; 0)
snprintf(host, sizeof host, "localhost");
p = strrchr(priv-&gt;mlfi_fname, '/');
if (p == NULL)
p = priv-&gt;mlfi_fname;
else
p++;
snprintf(hbuf, sizeof hbuf, "%s@%s", p, host);
if (<A href="smfi_addheader.html">smfi_addheader</A>(ctx, "X-Archived", hbuf) != MI_SUCCESS)
{
/* failed; we have to wait until later */
fprintf(stderr,
"Couldn't add header: X-Archived: %s\n",
hbuf);
ok = FALSE;
rstat = SMFIS_TEMPFAIL;
(void) unlink(priv-&gt;mlfi_fname);
}
}
else
{
/* message was aborted -- delete the archive file */
fprintf(stderr, "Message aborted. Removing %s\n",
priv-&gt;mlfi_fname);
rstat = SMFIS_TEMPFAIL;
(void) unlink(priv-&gt;mlfi_fname);
}
/* release private memory */
if (priv-&gt;mlfi_fname != NULL)
free(priv-&gt;mlfi_fname);
/* return status */
return rstat;
}
sfsistat
<A href="xxfi_close.html">mlfi_close</A>(ctx)
SMFICTX *ctx;
{
struct mlfiPriv *priv = MLFIPRIV;
if (priv == NULL)
return SMFIS_CONTINUE;
if (priv-&gt;mlfi_connectfrom != NULL)
free(priv-&gt;mlfi_connectfrom);
if (priv-&gt;mlfi_helofrom != NULL)
free(priv-&gt;mlfi_helofrom);
free(priv);
<A href="smfi_setpriv.html">smfi_setpriv</A>(ctx, NULL);
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_unknown.html">mlfi_unknown</A>(ctx, cmd)
SMFICTX *ctx;
char *cmd;
{
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_data.html">mlfi_data</A>(ctx)
SMFICTX *ctx;
{
return SMFIS_CONTINUE;
}
sfsistat
<A href="xxfi_negotiate.html">mlfi_negotiate</A>(ctx, f0, f1, f2, f3, pf0, pf1, pf2, pf3)
SMFICTX *ctx;
unsigned long f0;
unsigned long f1;
unsigned long f2;
unsigned long f3;
unsigned long *pf0;
unsigned long *pf1;
unsigned long *pf2;
unsigned long *pf3;
{
return SMFIS_ALL_OPTS;
}
struct smfiDesc smfilter =
{
"SampleFilter", /* filter name */
SMFI_VERSION, /* version code -- do not change */
SMFIF_ADDHDRS|SMFIF_ADDRCPT,
/* flags */
<A href="xxfi_connect.html">mlfi_connect</A>, /* connection info filter */
<A href="xxfi_helo.html">mlfi_helo</A>, /* SMTP HELO command filter */
<A href="xxfi_envfrom.html">mlfi_envfrom</A>, /* envelope sender filter */
<A href="xxfi_envrcpt.html">mlfi_envrcpt</A>, /* envelope recipient filter */
<A href="xxfi_header.html">mlfi_header</A>, /* header filter */
<A href="xxfi_eoh.html">mlfi_eoh</A>, /* end of header */
<A href="xxfi_body.html">mlfi_body</A>, /* body block filter */
<A href="xxfi_eom.html">mlfi_eom</A>, /* end of message */
<A href="xxfi_abort.html">mlfi_abort</A>, /* message aborted */
<A href="xxfi_close.html">mlfi_close</A>, /* connection cleanup */
<A href="xxfi_unknown.html">mlfi_unknown</A>, /* unknown SMTP commands */
<A href="xxfi_data.html">mlfi_data</A>, /* DATA command */
<A href="xxfi_negotiate.html">mlfi_negotiate</A> /* Once, at the start of each SMTP connection */
};
static void
usage(prog)
char *prog;
{
fprintf(stderr,
"Usage: %s -p socket-addr [-t timeout] [-r reject-addr] [-a add-addr]\n",
prog);
}
int
main(argc, argv)
int argc;
char **argv;
{
bool setconn = FALSE;
int c;
const char *args = "p:t:r:a:h";
extern char *optarg;
/* Process command line options */
while ((c = getopt(argc, argv, args)) != -1)
{
switch (c)
{
case 'p':
if (optarg == NULL || *optarg == '\0')
{
(void) fprintf(stderr, "Illegal conn: %s\n",
optarg);
exit(EX_USAGE);
}
if (<A href="smfi_setconn.html">smfi_setconn</A>(optarg) == MI_FAILURE)
{
(void) fprintf(stderr,
"smfi_setconn failed\n");
exit(EX_SOFTWARE);
}
/*
** If we're using a local socket, make sure it
** doesn't already exist. Don't ever run this
** code as root!!
*/
if (strncasecmp(optarg, "unix:", 5) == 0)
unlink(optarg + 5);
else if (strncasecmp(optarg, "local:", 6) == 0)
unlink(optarg + 6);
setconn = TRUE;
break;
case 't':
if (optarg == NULL || *optarg == '\0')
{
(void) fprintf(stderr, "Illegal timeout: %s\n",
optarg);
exit(EX_USAGE);
}
if (<A href="smfi_settimeout.html">smfi_settimeout</A>(atoi(optarg)) == MI_FAILURE)
{
(void) fprintf(stderr,
"smfi_settimeout failed\n");
exit(EX_SOFTWARE);
}
break;
case 'r':
if (optarg == NULL)
{
(void) fprintf(stderr,
"Illegal reject rcpt: %s\n",
optarg);
exit(EX_USAGE);
}
reject = optarg;
break;
case 'a':
if (optarg == NULL)
{
(void) fprintf(stderr,
"Illegal add rcpt: %s\n",
optarg);
exit(EX_USAGE);
}
add = optarg;
smfilter.xxfi_flags |= SMFIF_ADDRCPT;
break;
case 'h':
default:
usage(argv[0]);
exit(EX_USAGE);
}
}
if (!setconn)
{
fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
usage(argv[0]);
exit(EX_USAGE);
}
if (<A href="smfi_register.html">smfi_register</A>(smfilter) == MI_FAILURE)
{
fprintf(stderr, "smfi_register failed\n");
exit(EX_UNAVAILABLE);
}
return <A href="smfi_main.html">smfi_main</A>();
}
/* eof */
</PRE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000-2004, 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_addheader.html b/libmilter/docs/smfi_addheader.html
index e58c8d713c60..fff4dc7fe6fe 100644
--- a/libmilter/docs/smfi_addheader.html
+++ b/libmilter/docs/smfi_addheader.html
@@ -1,130 +1,130 @@
<HTML>
<HEAD><TITLE>smfi_addheader</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_addheader.html,v 1.21 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_addheader</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_addheader(
SMFICTX *ctx,
char *headerf,
char *headerv
);
</PRE>
Add a header to the current message.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Adds a header to the current message.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>headerf</TD>
<TD>The header name, a non-NULL, null-terminated string.
</TD></TR>
<TR valign="top"><TD>headerv</TD>
<TD>The header value to be added, a non-NULL, null-terminated string.
- This may be the empty string.
+ This may be the empty string.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_addheader returns MI_FAILURE if:
<UL><LI>headerf or headerv is NULL.
<LI>Adding headers in the current connection state is invalid.
<LI>Memory allocation fails.
<LI>A network error occurs.
- <LI>SMFIF_ADDHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called.
+ <LI><A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> is not set.
</UL>
Otherwise, it returns MI_SUCCESS.
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
<UL><LI>smfi_addheader does not change a message's existing headers.
To change a header's current value, use
<A HREF="smfi_chgheader.html">smfi_chgheader</A>.
- <LI>A filter which calls smfi_addheader must have set the SMFIF_ADDHDRS
- flag in the smfiDesc_str passed to
- <A href="smfi_register.html">smfi_register</A>.
+ <LI>A filter which calls smfi_addheader must have set the
+ <A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> flag.
<LI>For smfi_addheader, filter order is important.
<B>Later filters will see the header changes made by earlier ones.</B>
<LI>Neither the name nor the value of the header is checked for
standards compliance.
However, each line of the header must be under 2048 characters
and should be under 998 characters.
If longer headers are needed, make them multi-line.
To make a multi-line header,
insert a line feed (ASCII 0x0a, or <TT>\n</TT> in C)
followed by at least one whitespace character
such as a space (ASCII 0x20) or tab (ASCII 0x09, or <TT>\t</TT> in C).
The line feed should NOT be preceded by a carriage return (ASCII 0x0d);
the MTA will add this automatically.
<B>It is the filter writer's responsibility to ensure that no standards
are violated.</B>
<LI>The MTA adds a leading space to an added header value unless
the flag
<A HREF="xxfi_negotiate.html#SMFIP_HDR_LEADSPC"><CODE>SMFIP_HDR_LEADSPC</CODE></A>
is set, in which case the milter
must include any desired leading spaces itself.
</UL>
</TD>
</TR>
<!----------- Example code ---------->
<TR>
-<TH valign="top" align=left>EXAMPLE</TH>
+<TH valign="top" align=left>EXAMPLE</TH>
<TD>
<PRE>
int ret;
SMFICTX *ctx;
...
ret = smfi_addheader(ctx, "Content-Type",
"multipart/mixed;\n\tboundary=\"foobar\"");
</PRE>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000-2003, 2006, 2009 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_addrcpt.html b/libmilter/docs/smfi_addrcpt.html
index 42014bf1d821..81eecaf0069e 100644
--- a/libmilter/docs/smfi_addrcpt.html
+++ b/libmilter/docs/smfi_addrcpt.html
@@ -1,83 +1,83 @@
<HTML>
<HEAD><TITLE>smfi_addrcpt</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_addrcpt.html,v 1.12 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_addrcpt</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_addrcpt(
SMFICTX *ctx,
char *rcpt
);
</PRE>
Add a recipient for the current message.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Add a recipient to the message envelope.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>rcpt</TD>
<TD>The new recipient's address.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_addrcpt will fail and return MI_FAILURE if:
<UL><LI>rcpt is NULL.
<LI>Adding recipients in the current connection state is invalid.
<LI>A network error occurs.
- <LI>SMFIF_ADDRCPT was not set when <A href="smfi_register.html">smfi_register</A> was called.
+ <LI><A HREF="smfi_register.html#SMFIF_ADDRCPT">SMFIF_ADDRCPT</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS.
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
-A filter which calls smfi_addrcpt must have set the SMFIF_ADDRCPT flag
-in the smfiDesc_str passed to
-<A href="smfi_register.html">smfi_register</A>.
+A filter which calls smfi_addrcpt must have set the
+<A HREF="smfi_register.html#SMFIF_ADDRCPT">SMFIF_ADDRCPT</A> flag.
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_addrcpt_par.html b/libmilter/docs/smfi_addrcpt_par.html
index 0176e69e0617..9d72cd6ca82b 100644
--- a/libmilter/docs/smfi_addrcpt_par.html
+++ b/libmilter/docs/smfi_addrcpt_par.html
@@ -1,88 +1,87 @@
<HTML>
<HEAD><TITLE>smfi_addrcpt_par</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_addrcpt_par.html,v 1.5 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_addrcpt_par</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_addrcpt_par(
SMFICTX *ctx,
char *rcpt,
char *args
);
</PRE>
Add a recipient for the current message including ESMTP arguments.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Add a recipient to the message envelope.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>rcpt</TD>
<TD>The new recipient's address.
</TD></TR>
<TR valign="top"><TD>args</TD>
<TD>The new recipient's ESMTP parameters.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
-<TD>smfi_addrcpt will fail and return MI_FAILURE if:
+<TD>smfi_addrcpt_par will fail and return MI_FAILURE if:
<UL><LI>rcpt is NULL.
<LI>Adding recipients in the current connection state is invalid.
<LI>A network error occurs.
- <LI>SMFIF_ADDRCPT_PAR was not set when
- <A href="smfi_register.html">smfi_register</A> was called.
+ <LI><A HREF="smfi_register.html#SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A> is not set._PAR
</UL>
Otherwise, it will return MI_SUCCESS.
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
-A filter which calls smfi_addrcpt must have set the SMFIF_ADDRCPT_PAR flag
-in the smfiDesc_str passed to
-<A href="smfi_register.html">smfi_register</A>.
+A filter which calls smfi_addrcpt_par must have set the
+<A HREF="smfi_register.html#SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A> flag.
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_chgfrom.html b/libmilter/docs/smfi_chgfrom.html
index a107ee9ebebc..0cfe7b6fc800 100644
--- a/libmilter/docs/smfi_chgfrom.html
+++ b/libmilter/docs/smfi_chgfrom.html
@@ -1,94 +1,94 @@
<HTML>
<HEAD><TITLE>smfi_chgfrom</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_chgfrom.html,v 1.4 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_chgfrom</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_chgfrom(
SMFICTX *ctx,
const char *mail,
char *args
);
</PRE>
Change the envelope sender (MAIL From) of the current message.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Change the envelope sender (MAIL From) of the current message.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>mail</TD>
<TD>The new sender address.
</TD></TR>
<TR valign="top"><TD>args</TD>
<TD>ESMTP arguments.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_chgfrom will fail and return MI_FAILURE if:
<UL><LI>mail is NULL.
<LI>Changing the sender in the current connection state is invalid.
<LI>A network error occurs.
- <LI>SMFIF_CHGFROM was not set when <A href="smfi_register.html">smfi_register</A> was called.
+ <LI><A HREF="smfi_register.html#SMFIF_CHGFROM">SMFIF_CHGFROM</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS.
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
-A filter which calls smfi_chgfrom must have set the SMFIF_CHGFROM flag
-in the smfiDesc_str passed to
-<A href="smfi_register.html">smfi_register</A>.
+A filter which calls smfi_chgfrom must have set the
+<A HREF="smfi_register.html#SMFIF_CHGFROM">SMFIF_CHGFROM</A> flag.
<BR>
Even though all ESMTP arguments could be set via this call,
it does not make sense to do so for many of them,
e.g., SIZE and BODY.
Setting those may cause problems, proper care must be taken.
Moreover, there is no feedback from the MTA to the milter
whether the call was successful.
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_chgheader.html b/libmilter/docs/smfi_chgheader.html
index b3004032e4b8..de132f442b5b 100644
--- a/libmilter/docs/smfi_chgheader.html
+++ b/libmilter/docs/smfi_chgheader.html
@@ -1,125 +1,127 @@
<HTML>
<HEAD><TITLE>smfi_chgheader</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_chgheader.html,v 1.19 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_chgheader</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_chgheader(
SMFICTX *ctx,
char *headerf,
mi_int32 hdridx,
char *headerv
);
</PRE>
Change or delete a message header.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Changes a header's value for the current message.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>headerf</TD>
<TD>The header name, a non-NULL, null-terminated string.
</TD></TR>
<TR valign="top"><TD>hdridx</TD>
<TD>Header index value (1-based). A hdridx value of 1 will modify the first occurrence of a header named headerf. If hdridx is greater than the number of times headerf appears, a new copy of headerf will be added.
</TD></TR>
<TR valign="top"><TD>headerv</TD>
<TD>The new value of the given header. headerv == NULL implies that the header should be deleted.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>
smfi_chgheader will return MI_FAILURE if
<UL><LI>headerf is NULL
<LI>Modifying headers in the current connection state is invalid.
<LI>Memory allocation fails.
<LI>A network error occurs.
- <LI>SMFIF_CHGHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called.
+ <LI><A HREF="smfi_register.html#SMFIF_CHGHDRS">SMFIF_CHGHDRS</A> is not set.
</UL>
Otherwise, it returns MI_SUCCESS.
-</TR>
+</TD></TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
<UL><LI>While smfi_chgheader may be used to add new headers, it is more efficient and far safer to use <A href="smfi_addheader.html">smfi_addheader</A>.
- <LI>A filter which calls smfi_chgheader must have set the SMFIF_CHGHDRS flag in the smfiDesc_str passed to <A href="smfi_register.html">smfi_register</A>.
+ <LI>A filter which calls smfi_chgheader must have set the
+ <A HREF="smfi_register.html#SMFIF_CHGHDRS">SMFIF_CHGHDRS</A> flag.
<LI>For smfi_chgheader, filter order is important. <B>Later filters will see the header changes made by earlier ones.</B>
<LI>Neither the name nor the value of the header is checked for
standards compliance. However, each line of the header must be under
2048 characters and should be under 998 characters. If longer headers
are needed, make them multi-line. To make a multi-line header, insert
a line feed (ASCII 0x0a, or <TT>\n</TT> in C) followed by at least
one whitespace character such as a space (ASCII 0x20) or tab (ASCII 0x09,
or <TT>\t</TT> in C). The line feed should NOT be preceded by a
carriage return (ASCII 0x0d); the MTA will add this automatically.
<B>It is the filter writer's responsibility to ensure that no standards
are violated.</B>
<LI>The MTA adds a leading space to a header value unless
the flag
<A HREF="xxfi_negotiate.html#SMFIP_HDR_LEADSPC"><CODE>SMFIP_HDR_LEADSPC</CODE></A>
is set, in which case the milter
must include any desired leading spaces itself.
</UL>
</TD>
</TR>
<!----------- Example code ---------->
<TR>
<TH valign="top" align=left>EXAMPLE</TH>
<TD>
<PRE>
int ret;
SMFICTX *ctx;
...
ret = smfi_chgheader(ctx, "Content-Type", 1,
"multipart/mixed;\n\tboundary=\"foobar\"");
</PRE>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000-2003, 2009 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_delrcpt.html b/libmilter/docs/smfi_delrcpt.html
index ec1412bd3778..bd42a7319e56 100644
--- a/libmilter/docs/smfi_delrcpt.html
+++ b/libmilter/docs/smfi_delrcpt.html
@@ -1,82 +1,87 @@
<HTML>
<HEAD><TITLE>smfi_delrcpt</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_delrcpt.html,v 1.12 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_delrcpt</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_delrcpt(
SMFICTX *ctx;
char *rcpt;
);
</PRE>
Remove a recipient from the current message's envelope.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>smfi_delrcpt removes the named recipient from the current message's envelope.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>rcpt</TD>
<TD>The recipient address to be removed, a non-NULL, null-terminated string.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_delrcpt will fail and return MI_FAILURE if:
<UL>
<LI>rcpt is NULL.
<LI>Deleting recipients in the current connection state is invalid.
<LI>A network error occurs.
- <LI>SMFIF_DELRCPT was not set when <A href="smfi_register.html">smfi_register</A> was called.
+ <LI><A HREF="smfi_register.html#SMFIF_DELRCPT">SMFIF_DELRCPT</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
+<LI>
The addresses to be removed must match exactly. For example, an address and its expanded form do not match.
+<LI>
+A filter which calls smfi_delrcpt must have set the
+<A HREF="smfi_register.html#SMFIF_DELRCPT">SMFIF_DELRCPT</A> flag.
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_getpriv.html b/libmilter/docs/smfi_getpriv.html
index 783d6402ef45..5ed8a22c2c60 100644
--- a/libmilter/docs/smfi_getpriv.html
+++ b/libmilter/docs/smfi_getpriv.html
@@ -1,62 +1,63 @@
<HTML>
<HEAD><TITLE>smfi_getpriv</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_getpriv.html,v 1.10 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_getpriv</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
void* smfi_getpriv(
SMFICTX *ctx
);
</PRE>
Get the connection-specific data pointer for this connection.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_getpriv may be called in any of the xxfi_* callbacks.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>None.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_getpriv returns the private data pointer stored by a prior call to <A href="smfi_setpriv.html">smfi_setpriv</A>, or NULL if none has been set.</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_getsymval.html b/libmilter/docs/smfi_getsymval.html
index dff8dc638c84..7e3e4d559434 100644
--- a/libmilter/docs/smfi_getsymval.html
+++ b/libmilter/docs/smfi_getsymval.html
@@ -1,105 +1,106 @@
<HTML>
<HEAD><TITLE>smfi_getsymval</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_getsymval.html,v 1.16 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_getsymval</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
char* smfi_getsymval(
SMFICTX *ctx,
char *symname
);
</PRE>
Get the value of a sendmail macro.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_getsymval may be called from within any of the xxfi_* callbacks. Which macros are defined will depend on when it is called.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>None.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>The opaque context structure.
</TD></TR>
<TR valign="top"><TD>symname</TD>
<TD>The name of a sendmail macro.
Single letter macros can optionally be enclosed in braces ("{" and "}"),
longer macro names must be enclosed in braces, just as in a
<TT>sendmail.cf</TT> file.
<A href="#notes">See below</A> for default macros.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_getsymval returns the value of the given macro as a null-terminated string, or NULL if the macro is not defined.</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH><A name="notes">NOTES</A></TH>
+<TH><A name="notes">NOTES</A></TH>
<TD>
By default, the following macros are valid in the given contexts:
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Sent With</TH><TH>Macros</TH></TR>
<TR><TD>xxfi_connect</TD> <TD>daemon_name, if_name, if_addr, j, _</TD></TR>
<TR><TD>xxfi_helo</TD> <TD>tls_version, cipher, cipher_bits, cert_subject, cert_issuer</TD></TR>
<TR><TD>xxfi_envfrom</TD> <TD>i, auth_type, auth_authen, auth_ssf, auth_author,
mail_mailer, mail_host, mail_addr</TD></TR>
<TR><TD>xxfi_envrcpt</TD> <TD>rcpt_mailer, rcpt_host, rcpt_addr</TD></TR>
<TR><TD>xxfi_data</TD> <TD>(none)</TD></TR>
<TR><TD>xxfi_eoh</TD> <TD>(none)</TD></TR>
<TR><TD>xxfi_eom</TD> <TD>msg_id</TD></TR>
</TABLE>
<P>
All macros stay in effect from the point they are received
until the end of the connection for the first two sets,
the end of the message for the third (xxfi_envfrom) and last (xxfi_eom),
and just for each recipient for xxfi_envrcpt.
<P>
The macro list can be changed using the confMILTER_MACROS_* options in
sendmail.mc.
The scopes of such macros will be determined by when they are set by sendmail.
For descriptions of macros' values,
please see the
"Sendmail Installation and Operation Guide"
provided with your sendmail distribution.
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2002-2003, 2007 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_insheader.html b/libmilter/docs/smfi_insheader.html
index 3f568864835c..7759dc90c1a5 100644
--- a/libmilter/docs/smfi_insheader.html
+++ b/libmilter/docs/smfi_insheader.html
@@ -1,150 +1,151 @@
<HTML>
<HEAD><TITLE>smfi_insheader</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_insheader.html,v 1.11 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_insheader</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_insheader(
SMFICTX *ctx,
int hdridx,
char *headerf,
char *headerv
);
</PRE>
Prepend a header to the current message.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Prepends a header to the current message.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>hdridx</TD>
<TD>The location in the internal header list where this header should
be inserted; 0 makes it the topmost header, etc.
</TD></TR>
<TR valign="top"><TD>headerf</TD>
<TD>The header name, a non-NULL, null-terminated string.
</TD></TR>
<TR valign="top"><TD>headerv</TD>
- <TD>The header value to be added, a non-NULL, null-terminated string. This may be the empty string.
+ <TD>The header value to be added, a non-NULL, null-terminated string. This may be the empty string.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_insheader returns MI_FAILURE if:
<UL><LI>headerf or headerv is NULL.
<LI>Adding headers in the current connection state is invalid.
<LI>Memory allocation fails.
<LI>A network error occurs.
- <LI>SMFIF_ADDHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called.
+ <LI><A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> is not set.
</UL>
Otherwise, it returns MI_SUCCESS.
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
<UL>
<LI>smfi_insheader does not change a message's existing headers.
To change a header's current value, use
<A HREF="smfi_chgheader.html">smfi_chgheader</A>.
- <LI>A filter which calls smfi_insheader must have set the SMFIF_ADDHDRS
- flag in the smfiDesc_str passed to
- <A href="smfi_register.html">smfi_register</A>.
+ <LI>A filter which calls smfi_insheader must have set the
+ <A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A>
+ flag.
<LI>For smfi_insheader, filter order is important.
<B>Later filters will see the header changes made by earlier ones.</B>
<LI>A filter will receive <EM>only</EM> headers that have been sent
by the SMTP client and those header modifications by earlier filters.
It will <EM>not</EM> receive the headers that are inserted by sendmail
itself.
This makes the header insertion position highly dependent on
the headers that exist in the incoming message
and those that are configured to be added by sendmail.
For example, sendmail will always add a
<CODE>Received:</CODE> header to the beginning of the headers.
Setting <CODE>hdridx</CODE> to 0 will actually insert the header
before this <CODE>Received:</CODE> header.
However, later filters can be easily confused as they receive
the added header, but not the <CODE>Received:</CODE> header,
thus making it hard to insert a header at a fixed position.
<LI>If hdridx is a number larger than the number of headers in the message,
the header will simply be appended.
<LI>Neither the name nor the value of the header is checked for
standards compliance.
However, each line of the header must be under 2048 characters
and should be under 998 characters.
If longer headers are needed, make them multi-line.
To make a multi-line header,
insert a line feed (ASCII 0x0a, or <TT>\n</TT> in C)
followed by at least one whitespace character
such as a space (ASCII 0x20) or tab (ASCII 0x09, or <TT>\t</TT> in C).
The line feed should NOT be preceded by a carriage return (ASCII 0x0d);
the MTA will add this automatically.
<B>It is the filter writer's responsibility to ensure that no standards
are violated.</B>
<LI>The MTA adds a leading space to an inserted header value unless
the flag
<A HREF="xxfi_negotiate.html#SMFIP_HDR_LEADSPC"><CODE>SMFIP_HDR_LEADSPC</CODE></A>
is set, in which case the milter
must include any desired leading spaces itself.
</UL>
</TD>
</TR>
<!----------- Example code ---------->
<TR>
-<TH valign="top" align=left>EXAMPLE</TH>
+<TH valign="top" align=left>EXAMPLE</TH>
<TD>
<PRE>
int ret;
SMFICTX *ctx;
...
ret = smfi_insheader(ctx, 0, "First", "See me?");
</PRE>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2004, 2006, 2009 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_main.html b/libmilter/docs/smfi_main.html
index cb63f96bc5d0..87228fc166d0 100644
--- a/libmilter/docs/smfi_main.html
+++ b/libmilter/docs/smfi_main.html
@@ -1,51 +1,52 @@
<HTML>
<HEAD><TITLE>smfi_main</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_main.html,v 1.10 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_main</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_main(
);
</PRE>
Hand control to libmilter event loop.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_main is called after a filter's initialization is complete.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>smfi_main hands control to the Milter event loop.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_main will return MI_FAILURE if it fails to establish a connection. This may occur for any of a variety of reasons (e.g. invalid address passed to <A href="smfi_setconn.html">smfi_setconn</A>). The reason for the failure will be logged. Otherwise, smfi_main will return MI_SUCCESS.</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_opensocket.html b/libmilter/docs/smfi_opensocket.html
index d4f7e3a705ed..7b9e49df97af 100644
--- a/libmilter/docs/smfi_opensocket.html
+++ b/libmilter/docs/smfi_opensocket.html
@@ -1,84 +1,85 @@
<HTML>
<HEAD><TITLE>smfi_opensocket</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_opensocket.html,v 1.8 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_opensocket</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_opensocket(
bool rmsocket
);
</PRE>
Attempt to create the interface socket MTAs will use to connect to the
filter.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from program mainline,
after calling <TT>smfi_setconn()</TT> and <TT>smfi_register()</TT>,
but before calling <TT>smfi_main()</TT>.
</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>smfi_opensocket attempts to create the socket specified previously by
a call to <TT>smfi_setconn()</TT> which will be the interface between MTAs
and the filter.
-This allows the calling application to ensure that the
-socket can be created.
+This allows the calling application to ensure that the socket can be created.
If this is not called,
-<TT>smfi_main()</TT> will do so implicitly.
+<TT>smfi_main()</TT> will create the socket implicitly
+(without removing a potentially existing UNIX domain socket).
</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>rmsocket</TD>
<TD>A flag indicating whether or not the library should try to
remove any existing UNIX domain socket before trying to create
a new one.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_opensocket will fail and return MI_FAILURE if:
<UL>
<LI>The interface socket could not be created for any reason.
<LI><TT>rmsocket</TT> was <TT>true</TT>, and either the socket could
not be examined, or exists and could not be removed.
<LI><TT>smfi_setconn()</TT> or <TT>smfi_register()</TT>
have not been called.
</UL>
Otherwise, it will return MI_SUCCESS
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2003, 2008 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_progress.html b/libmilter/docs/smfi_progress.html
index 2b87b012422f..53205ad5dc31 100644
--- a/libmilter/docs/smfi_progress.html
+++ b/libmilter/docs/smfi_progress.html
@@ -1,68 +1,69 @@
<HTML>
<HEAD><TITLE>smfi_progress</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_progress.html,v 1.6 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_progress</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_progress(
SMFICTX *ctx;
);
</PRE>
Notify the MTA that an operation is still in progress.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>smfi_progress notifies the MTA that the filter is still working
on a message, causing the MTA to re-start its timeouts.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_progress will fail and return MI_FAILURE if:
<UL>
<LI>A network error occurs.
</UL>
Otherwise, it will return MI_SUCCESS
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_quarantine.html b/libmilter/docs/smfi_quarantine.html
index b63da2d6c50f..6c954c44036e 100644
--- a/libmilter/docs/smfi_quarantine.html
+++ b/libmilter/docs/smfi_quarantine.html
@@ -1,73 +1,74 @@
<HTML>
<HEAD><TITLE>smfi_quarantine</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_quarantine.html,v 1.6 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_quarantine</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_quarantine(
SMFICTX *ctx;
char *reason;
);
</PRE>
Quarantine the message using the given reason.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>smfi_quarantine quarantines the message using the given reason.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>reason</TD>
<TD>The quarantine reason, a non-NULL and non-empty null-terminated string.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_quarantine will fail and return MI_FAILURE if:
<UL>
<LI>reason is NULL or empty.
<LI>A network error occurs.
- <LI>SMFIF_QUARANTINE was not set when <A href="smfi_register.html">smfi_register</A> was called.
+ <LI><A HREF="smfi_register.html#SMFIF_QUARANTINE">SMFIF_QUARANTINE</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2002-2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_register.html b/libmilter/docs/smfi_register.html
index 30ab75cae497..5c61beefc1a5 100644
--- a/libmilter/docs/smfi_register.html
+++ b/libmilter/docs/smfi_register.html
@@ -1,224 +1,225 @@
<HTML>
<HEAD><TITLE>smfi_register</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_register.html,v 1.19 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_register</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_register(
smfiDesc descr
);
</PRE>
Register a set of filter callbacks.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=1>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_register must be called before smfi_main</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>smfi_register creates a filter using the information given in the
smfiDesc argument.
Multiple (successful) calls to smfi_register within a
single process are not allowed,
i.e., only one filter can be successfully registered.
Note, however, that the library may not check whether this restriction
is obeyed.
</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>descr</TD>
<TD>
A filter descriptor of type smfiDesc describing the filter's functions.
<A NAME="smfiDesc">The structure</A> has the following members:
<PRE>
struct smfiDesc
{
char *xxfi_name; /* filter name */
int xxfi_version; /* version code -- do not change */
unsigned long xxfi_flags; /* <A href="#flags">flags</A> */
/* connection info filter */
sfsistat (*<A href="xxfi_connect.html">xxfi_connect</A>)(SMFICTX *, char *, _SOCK_ADDR *);
/* SMTP HELO command filter */
sfsistat (*<A href="xxfi_helo.html">xxfi_helo</A>)(SMFICTX *, char *);
/* envelope sender filter */
sfsistat (*<A href="xxfi_envfrom.html">xxfi_envfrom</A>)(SMFICTX *, char **);
/* envelope recipient filter */
sfsistat (*<A href="xxfi_envrcpt.html">xxfi_envrcpt</A>)(SMFICTX *, char **);
/* header filter */
sfsistat (*<A href="xxfi_header.html">xxfi_header</A>)(SMFICTX *, char *, char *);
/* end of header */
sfsistat (*<A href="xxfi_eoh.html">xxfi_eoh</A>)(SMFICTX *);
/* body block */
sfsistat (*<A href="xxfi_body.html">xxfi_body</A>)(SMFICTX *, unsigned char *, size_t);
/* end of message */
sfsistat (*<A href="xxfi_eom.html">xxfi_eom</A>)(SMFICTX *);
/* message aborted */
sfsistat (*<A href="xxfi_abort.html">xxfi_abort</A>)(SMFICTX *);
/* connection cleanup */
sfsistat (*<A href="xxfi_close.html">xxfi_close</A>)(SMFICTX *);
/* any unrecognized or unimplemented command filter */
sfsistat (*xxfi_unknown)(SMFICTX *, const char *);
/* SMTP DATA command filter */
sfsistat (*xxfi_data)(SMFICTX *);
/* negotiation callback */
sfsistat (*<A HREF="xxfi_negotiate.html">xxfi_negotiate</A>)(SMFICTX *,
unsigned long, unsigned long, unsigned long, unsigned long,
unsigned long *, unsigned long *, unsigned long *, unsigned long *);
};
</PRE>
A NULL value for any callback function indicates that the filter
does not wish to process the given type of information,
simply returning SMFIS_CONTINUE.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>
smfi_register may return MI_FAILURE for any of the following reasons:
<UL>
-<LI>memory allocation failed.
+<LI>memory allocation failed.
<LI>incompatible version or illegal flags value.
</UL>
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH><A NAME=Notes>NOTES</A></TH>
<TD>
<A NAME="flags">The xxfi_flags</A>
field should contain the bitwise OR of zero or more of
the following values, describing the actions the filter may take:
<TABLE BORDER CELLPADDING="1" cellspacing=1>
<TR valign="top" bgcolor="#dddddd"><TH align="left">Flag</TH><TH align="center">Description</TH></TR>
<TR align="left" valign=top>
<TD>
- SMFIF_ADDHDRS
+ <A NAME="SMFIF_ADDHDRS">SMFIF_ADDHDRS</A>
</TD>
<TD>
This filter may <A HREF="smfi_addheader.html">add headers</A>.
</TD>
</TR>
<TR align="left" valign=top>
<TD>
- SMFIF_CHGHDRS
+ <A NAME="SMFIF_CHGHDRS">SMFIF_CHGHDRS</A>
</TD>
<TD>
This filter may
<A HREF="smfi_chgheader.html">change and/or delete headers</A>.
</TD>
</TR>
<TR align="left" valign=top>
<TD VALIGN="TOP">
- SMFIF_CHGBODY
+ <A NAME="SMFIF_CHGBODY">SMFIF_CHGBODY</A>
</TD>
<TD>
This filter may
<A HREF="smfi_replacebody.html">replace the body</A> during filtering.
This may have significant performance impact
if other filters do body filtering after this filter.
</TD>
</TR>
<TR>
<TD VALIGN="TOP">
- SMFIF_ADDRCPT
+ <A NAME="SMFIF_ADDRCPT">SMFIF_ADDRCPT</A>
</TD>
<TD>
This filter may
<A HREF="smfi_addrcpt.html">add recipients</A>
to the message.
</TD>
</TR>
<TR>
<TD VALIGN="TOP">
- SMFIF_ADDRCPT_PAR
+ <A NAME="SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A>
</TD>
<TD>
This filter may
<A HREF="smfi_addrcpt_par.html">add recipients including ESMTP args</A>.
</TD>
</TR>
<TR>
<TD VALIGN="TOP">
- SMFIF_DELRCPT
+ <A NAME="SMFIF_DELRCPT">SMFIF_DELRCPT</A>
</TD>
<TD>
This filter may
<A HREF="smfi_delrcpt.html">remove recipients</A> from the message.
</TD>
</TR>
<TR>
<TD VALIGN="TOP">
- SMFIF_QUARANTINE
+ <A NAME="SMFIF_QUARANTINE">SMFIF_QUARANTINE</A>
</TD>
<TD>
This filter may
<A HREF="smfi_quarantine.html">quarantine</A> a message.
</TD>
</TR>
<TR>
<TD VALIGN="TOP">
- SMFIF_CHGFROM
+ <A NAME="SMFIF_CHGFROM">SMFIF_CHGFROM</A>
</TD>
<TD>
This filter may
<A HREF="smfi_chgfrom.html">change the envelope sender</A> (MAIL).
</TD>
</TR>
<TR>
<TD VALIGN="TOP">
- SMFIF_SETSYMLIST
+ <A NAME="SMFIF_SETSYMLIST">SMFIF_SETSYMLIST</A>
</TD>
<TD>
This filter can
<A HREF="smfi_setsymlist.html">send a set of symbols (macros)</A>
that it wants.
</TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000-2001, 2003, 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_replacebody.html b/libmilter/docs/smfi_replacebody.html
index 4a5117964a33..0842298bc62c 100644
--- a/libmilter/docs/smfi_replacebody.html
+++ b/libmilter/docs/smfi_replacebody.html
@@ -1,93 +1,96 @@
<HTML>
<HEAD><TITLE>smfi_replacebody</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_replacebody.html,v 1.16 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_replacebody</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_replacebody(
SMFICTX *ctx,
unsigned char *bodyp,
int bodylen
);
</PRE>
Replace message-body data.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called only from <A href="xxfi_eom.html">xxfi_eom</A>. smfi_replacebody may be called more than once.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
-<TD>smfi_replacebody replaces the body of the current message. If called
-more than once, subsequent calls result in data being appended to the new
+<TD>smfi_replacebody replaces the body of the current message. If called
+more than once, subsequent calls result in data being appended to the new
body.
</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>bodyp</TD>
<TD>A pointer to the start of the new body data, which does not have to be null-terminated. If bodyp is NULL, it is treated as having length == 0. Body data should be in CR/LF form.
</TD></TR>
<TR valign="top"><TD>bodylen</TD>
<TD>The number of data bytes pointed to by bodyp.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_replacebody fails and returns MI_FAILURE if:
<UL>
<LI>bodyp == NULL and bodylen &gt; 0.
<LI>Changing the body in the current connection state is invalid.
<LI>A network error occurs.
- <LI>SMFIF_CHGBODY was not set when <A href="smfi_register.html">smfi_register</A> was called.
+ <LI><A HREF="smfi_register.html#SMFIF_CHGBODY">SMFIF_CHGBODY</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS.
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
<UL>
- <LI>Since the message body may be very large, setting SMFIF_CHGBODY may significantly affect filter performance.
+ <LI>Since the message body may be very large, calling smfi_replacebody may significantly affect filter performance.
<LI>If a filter sets SMFIF_CHGBODY but does not call smfi_replacebody, the original body remains unchanged.
<LI>For smfi_replacebody, filter order is important. <B>Later filters will see the new body contents created by earlier ones.</B>
+ <LI>A filter which calls smfi_replacebody must have set the
+ <A HREF="smfi_register.html#SMFIF_CHGBODY">SMFIF_CHGBODY</A> flag.
</UL>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000-2001, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_setbacklog.html b/libmilter/docs/smfi_setbacklog.html
index 961285555442..f025009db7ed 100644
--- a/libmilter/docs/smfi_setbacklog.html
+++ b/libmilter/docs/smfi_setbacklog.html
@@ -1,64 +1,65 @@
<HTML>
<HEAD><TITLE>smfi_setbacklog</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_setbacklog.html,v 1.7 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_setbacklog</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_setbacklog(
int obacklog
);
</PRE>
Set the filter's <CODE>listen(2)</CODE> backlog value.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_setbacklog should only be called before <A href="smfi_main.html">smfi_main</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Sets the incoming socket backlog used by <CODE>listen(2)</CODE>.
If smfi_setbacklog is not called, the operating system default is used.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>obacklog</TD>
<TD>The number of incoming connections to allow in the listen queue.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_setbacklog returns MI_FAILURE if obacklog is less than or equal
to zero.</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2002-2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_setconn.html b/libmilter/docs/smfi_setconn.html
index eba7c5b7e52e..8897f5aca5a7 100644
--- a/libmilter/docs/smfi_setconn.html
+++ b/libmilter/docs/smfi_setconn.html
@@ -1,93 +1,94 @@
<HTML>
<HEAD><TITLE>smfi_setconn</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_setconn.html,v 1.18 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_setconn</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_setconn(
char *oconn;
);
</PRE>
Set the socket through which this filter should communicate with sendmail.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_setconn must be called once before <A href="smfi_main.html">smfi_main</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Sets the socket through which the filter communicates with sendmail.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>oconn</TD>
- <TD>The address of the desired communication socket.
- The address should be a NULL-terminated string in "proto:address"
+ <TD>The address of the desired communication socket.
+ The address should be a NULL-terminated string in "proto:address"
format:
<UL>
<LI><CODE>{unix|local}:/path/to/file</CODE> -- A named pipe.
<LI><CODE>inet:port@{hostname|ip-address}</CODE> -- An IPV4 socket.
<LI><CODE>inet6:port@{hostname|ip-address}</CODE> -- An IPV6 socket.
</UL>
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_setconn will not fail on an invalid address.
The failure will only be detected in <A href="smfi_main.html">smfi_main</A>.
Nevertheless, smfi_setconn may fail for other reasons, e.g.,
due to a lack of memory.
</TD>
</TR>
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>
<UL>
<LI>If possible, filters should not run as root when communicating
over unix/local domain sockets.
<LI>Unix/local sockets should have their permissions set to
0600 (read/write permission only for the socket's owner) or
0660 (read/write permission for the socket's owner and group)
which is useful if the sendmail RunAsUser option is used.
The permissions for a unix/local domain socket are determined as
usual by <CODE>umask</CODE>, which should be set to 007 or 077.
Note some operating systems (e.g, Solaris) don't use the
permissions of the socket. On those systems, place the socket in a
protected directory.
</UL>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_setdbg.html b/libmilter/docs/smfi_setdbg.html
index 58d519935e20..e7498391105b 100644
--- a/libmilter/docs/smfi_setdbg.html
+++ b/libmilter/docs/smfi_setdbg.html
@@ -1,67 +1,68 @@
<HTML>
<HEAD><TITLE>smfi_setdbg</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_setdbg.html,v 1.4 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_setdbg</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_setdbg(
int level;
);
</PRE>
Set the debugging (tracing) level for the milter library.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called from any any routine at any time.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>smfi_setdbg sets the milter library's internal debugging level
to a new level so that code details may be traced.
A level of zero turns off debugging. The greater
(more positive) the level the more detailed the debugging. Six is
the current, highest, useful value.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>level</TD>
<TD>The new debugging level
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_setdbg returns MI_SUCCESS by default.
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_setmlreply.html b/libmilter/docs/smfi_setmlreply.html
index e9118838fd39..3f36e5296430 100644
--- a/libmilter/docs/smfi_setmlreply.html
+++ b/libmilter/docs/smfi_setmlreply.html
@@ -1,145 +1,146 @@
<HTML>
<HEAD><TITLE>smfi_setmlreply</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_setmlreply.html,v 1.5 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_setmlreply</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_setmlreply(
SMFICTX *ctx,
char *rcode,
char *xcode,
...
);
</PRE>
Set the default SMTP error reply code to a multi-line response. Only 4XX
and 5XX replies are accepted.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_setmlreply may be called from any of the xxfi_ callbacks
other than xxfi_connect.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Directly set the SMTP error reply code for this connection to the given
lines after the xcode. The list of arguments must be NULL terminated.
This code will be used on subsequent error replies resulting from actions
taken by this filter.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>rcode</TD>
<TD>The three-digit (RFC 821/2821) SMTP reply code, as a
null-terminated string. rcode cannot be NULL, and must be a valid
4XX or 5XX reply code.
</TD></TR>
<TR valign="top"><TD>xcode</TD>
<TD>The extended (RFC 1893/2034) reply code. If xcode is NULL, no
extended code is used. Otherwise, xcode must conform to RFC 1893/2034.
</TD></TR>
<TR valign="top"><TD>...</TD>
<TD>The remainder of the arguments are single lines of text, up to
32 arguments, which will be used as the text part of the SMTP
reply. The list must be NULL terminated.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Example ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>
For example, the code:<BR>
<PRE>
ret = smfi_setmlreply(ctx, "550", "5.7.0",
"Spammer access rejected",
"Please see our policy at:",
"http://www.example.com/spampolicy.html",
NULL);
</PRE>
<BR>would give the SMTP response:<BR>
<PRE>
550-5.7.0 Spammer access rejected
550-5.7.0 Please see our policy at:
550 5.7.0 http://www.example.com/spampolicy.html
</PRE>
</TD>
</TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_setmlreply will fail and return MI_FAILURE if:
<UL>
<LI>The rcode or xcode argument is invalid.
<LI>A memory-allocation failure occurs.
- <LI>If any text line contains a carraige return or line feed.
+ <LI>If any text line contains a carriage return or line feed.
<LI>The length of any text line is more than MAXREPLYLEN (980).
<LI>More than 32 lines of text replies are given.
</UL>
Otherwise, it return MI_SUCCESS.
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
<UL>
<LI>Values passed to smfi_setmlreply are not checked for standards compliance.
<LI>The message parameter should contain only printable characters,
other characters may lead to undefined behavior.
For example, CR or LF will cause the call to fail,
single '%' characters will cause the text to be ignored
(if there really should be a '%' in the string,
use '%%' just like for <TT>printf(3)</TT>).
-<LI>For details about reply codes and their meanings, please see RFC's
+<LI>For details about reply codes and their meanings, please see RFC's
<A href="http://www.rfc-editor.org/rfc/rfc821.txt">821</A>/
<A href="http://www.rfc-editor.org/rfc/rfc2821.txt">2821</A>
and
<A href="http://www.rfc-editor.org/rfc/rfc1893.txt">1893</A>/
<A href="http://www.rfc-editor.org/rfc/rfc2034.txt">2034</A>.
<LI>If the reply code (rcode) given is a '4XX' code but SMFI_REJECT is used
for the message, the custom reply is not used.
<LI>Similarly, if the reply code (rcode) given is a '5XX' code but
SMFI_TEMPFAIL is used for the message, the custom reply is not used.
<BR>
Note: in neither of the last two cases an error is returned to the milter,
libmilter silently ignores the reply code.
<LI>If the milter returns SMFI_TEMPFAIL and sets the reply code to '421',
then the SMTP server will terminate the SMTP session with a 421 error code.
</UL>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2002-2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_setpriv.html b/libmilter/docs/smfi_setpriv.html
index 5b03456f47aa..a9cb37e598c9 100644
--- a/libmilter/docs/smfi_setpriv.html
+++ b/libmilter/docs/smfi_setpriv.html
@@ -1,80 +1,81 @@
<HTML>
<HEAD><TITLE>smfi_setpriv</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_setpriv.html,v 1.12 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_setpriv</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_setpriv(
SMFICTX *ctx,
void *privatedata
);
</PRE>
Set the private data pointer for this connection.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_setpriv may be called in any of the xxfi_* callbacks.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Sets the private data pointer for the context ctx.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>privatedata</TD>
<TD>Pointer to private data. This value will be returned by subsequent calls to <A href="smfi_getpriv.html">smfi_getpriv</A> using ctx.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_setpriv returns MI_FAILURE if ctx is an invalid context.
Otherwise, it returns MI_SUCCESS.</TD>
</TR>
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>There is only one private data pointer per connection; multiple
calls to smfi_setpriv with different values will cause previous values
to be lost.
<P>
Before a filter terminates it should release the private data
and set the pointer to NULL.
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000-2001, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_setreply.html b/libmilter/docs/smfi_setreply.html
index 21ec5a57d092..615567107a4a 100644
--- a/libmilter/docs/smfi_setreply.html
+++ b/libmilter/docs/smfi_setreply.html
@@ -1,117 +1,120 @@
<HTML>
<HEAD><TITLE>smfi_setreply</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_setreply.html,v 1.18 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_setreply</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_setreply(
SMFICTX *ctx,
char *rcode,
char *xcode,
char *message
);
</PRE>
Set the default SMTP error reply code. Only 4XX and 5XX replies are accepted.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_setreply may be called from any of the xxfi_ callbacks
other than xxfi_connect.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
-<TD>Directly set the SMTP error reply code for this connection. This code
-will be used on subsequent error replies resulting from actions taken by
+<TD>Directly set the SMTP error reply code for this connection. This code
+will be used on subsequent error replies resulting from actions taken by
this filter.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>rcode</TD>
<TD>The three-digit (RFC 821/2821) SMTP reply code, as a
null-terminated string. rcode cannot be NULL, and must be a valid
4XX or 5XX reply code.
</TD></TR>
<TR valign="top"><TD>xcode</TD>
<TD>The extended (RFC 1893/2034) reply code. If xcode is NULL, no
extended code is used. Otherwise, xcode must conform to RFC 1893/2034.
</TD></TR>
<TR valign="top"><TD>message</TD>
<TD>The text part of the SMTP reply. If message is NULL, an empty message is used.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_setreply will fail and return MI_FAILURE if:
<UL>
<LI>The rcode or xcode argument is invalid.
<LI>A memory-allocation failure occurs.
+ <LI>The length of any text line is more than MAXREPLYLEN (980).
+ <LI>The message argument contains a carriage return or line feed.
</UL>
Otherwise, it return MI_SUCCESS.
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>
<UL>
<LI>Values passed to smfi_setreply are not checked for standards compliance.
<LI>The message parameter should contain only printable characters,
other characters may lead to undefined behavior.
For example, CR or LF will cause the call to fail,
single '%' characters will cause the text to be ignored
(if there really should be a '%' in the string,
use '%%' just like for <TT>printf(3)</TT>).
-<LI>For details about reply codes and their meanings, please see RFC's
+<LI>For details about reply codes and their meanings, please see RFC's
<A href="http://www.rfc-editor.org/rfc/rfc821.txt">821</A>/
<A href="http://www.rfc-editor.org/rfc/rfc2821.txt">2821</A>
and
<A href="http://www.rfc-editor.org/rfc/rfc1893.txt">1893</A>/
<A href="http://www.rfc-editor.org/rfc/rfc2034.txt">2034</A>.
<LI>If the reply code (rcode) given is a '4XX' code but SMFI_REJECT is used
for the message, the custom reply is not used.
<LI>Similarly, if the reply code (rcode) given is a '5XX' code but
SMFI_TEMPFAIL is used for the message, the custom reply is not used.
<BR>
Note: in neither of the last two cases an error is returned to the milter,
libmilter silently ignores the reply code.
<LI>If the milter returns SMFI_TEMPFAIL and sets the reply code to '421',
then the SMTP server will terminate the SMTP session with a 421 error code.
</UL>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2002-2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_setsymlist.html b/libmilter/docs/smfi_setsymlist.html
index c270d0b5647b..27bdd8a5f8ed 100644
--- a/libmilter/docs/smfi_setsymlist.html
+++ b/libmilter/docs/smfi_setsymlist.html
@@ -1,112 +1,113 @@
<HTML>
<HEAD><TITLE>smfi_setsymlist</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_setsymlist.html,v 1.7 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_setsymlist</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_setsymlist(
- SMFICTX *ctx,
+ SMFICTX *ctx,
int stage,
char *macros
);
</PRE>
Set the list of macros that the milter wants to receive from the MTA
for a protocol stage.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>This function must only be called during
<A HREF="xxfi_negotiate.html">xxfi_negotiate()</A>.
</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>This function can be used to override the list of macros that the
milter wants to receive from the MTA.
</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR><TD>ctx</TD>
<TD>the opaque context structure.
</TD></TR>
<TR><TD>stage</TD>
<TD>the protocol stage during which the macro list should be used.
See the file
<CODE>include/libmilter/mfapi.h</CODE> for legal values,
look for the C macros with the prefix
<CODE>SMFIM_</CODE>.
Available protocol stages are at least
the initial connection, HELO/EHLO, MAIL, RCPT, DATA,
end of header, and
the end of a message.
</TD></TR>
<TR><TD>macros</TD>
<TD>list of macros (separated by space).
Example: "{rcpt_mailer} {rcpt_host}"
<BR>
An empty string ("", not NULL) can be used to specify that no macros
should be sent.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>MI_FAILURE is returned if
<UL>
<LI>there is not enough free memory to make a copy of the macro list,
<LI><CODE>macros</CODE> is <CODE>NULL</CODE>,
<LI><CODE>stage</CODE> is not a valid protocol stage,
<LI>the macro list for
<CODE>stage</CODE> has been set before.
</UL>
Otherwise MI_SUCCESS is returned.
</TD>
</TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
-<TH>NOTES</TH>
+<TH>NOTES</TH>
<TD>There is an internal limit on the number of macros
that can be set
<!-- XREF: MAXFILTERMACROS -->
(currently 50),
however, this limit is not enforced by libmilter, only by the MTA,
but a possible violation of this restriction is not communicated back to
the milter.</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2006, 2012 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_settimeout.html b/libmilter/docs/smfi_settimeout.html
index 35cd51003ae6..aa135618a9d0 100644
--- a/libmilter/docs/smfi_settimeout.html
+++ b/libmilter/docs/smfi_settimeout.html
@@ -1,79 +1,77 @@
<HTML>
<HEAD><TITLE>smfi_settimeout</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_settimeout.html,v 1.16 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_settimeout</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_settimeout(
int otimeout
);
</PRE>
Set the filter's I/O timeout value.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>smfi_settimeout should only be called before <A href="smfi_main.html">smfi_main</A>.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>Sets the number of seconds libmilter will wait
for an MTA communication (read or write) before timing out.
If smfi_settimeout is not called, a default timeout of 7210 seconds is used.
</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>otimeout</TD>
<TD>The number of seconds to wait before timing out (&gt; 0).
Zero means no wait, <B>not</B> "wait forever".
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_settimeout always returns MI_SUCCESS.</TD>
</TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>
Decreasing the timeout is strongly discouraged
and may break the communication with the MTA.
Do <EM>not</EM> decrease this value without making sure that
the MTA also uses lower timeouts for communication
(with the milter and with the SMTP client).
-</TR>
-</TABLE>
-
-
+</TD></TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2002-2003, 2006, 2011 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_stop.html b/libmilter/docs/smfi_stop.html
index aa725b9dbc25..c85a20d76ac5 100644
--- a/libmilter/docs/smfi_stop.html
+++ b/libmilter/docs/smfi_stop.html
@@ -1,74 +1,75 @@
<HTML>
<HEAD><TITLE>smfi_stop</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_stop.html,v 1.8 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_stop</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_stop(void);
</PRE>
Shutdown the milter.
No connections will be accepted after this call.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>Called from any of the <A href="api.html#Callbacks">Callback</A> routines
or any error-handling routines at any time.</TD>
</TR>
<TR align="left" valign=top>
<TH width="80">Effects</TH>
<TD>The smfi_stop routine prevents that new connections
will be accepted,
however, it does not wait for existing connections (threads) to terminate.
It will cause
<A href="smfi_main.html">smfi_main</A> to return to the calling program,
which may then exit or warm-restart.
</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>void</TD>
<TD>Takes no argument.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
-<TH valign="top" align=left>RETURN VALUES</TH>
+<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_stop always returns SMFI_CONTINUE. But note:
<UL>
<LI>Another internal routine may already have asked the milter to abort.
<LI>Another routine may already have asked the milter to stop.
<LI>There is no way to cancel the stop process once it has begun.
</UL>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2003, 2005 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/smfi_version.html b/libmilter/docs/smfi_version.html
index 64c4a4d8f8ac..f9b7bcb86b0c 100644
--- a/libmilter/docs/smfi_version.html
+++ b/libmilter/docs/smfi_version.html
@@ -1,92 +1,93 @@
<HTML>
<HEAD><TITLE>smfi_version()</TITLE></HEAD>
<BODY>
<!--
$Id: smfi_version.html,v 1.7 2013-11-22 20:51:39 ca Exp $
-->
<H1>smfi_version()</H1>
<TABLE BORDER="0" CELLSPACING=4 CELLPADDING=4>
<!---------- Synopsis ----------->
<TR><TH VALIGN="TOP" ALIGN=LEFT WIDTH=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
int smfi_version(
unsigned int *pmajor,
unsigned int *pminor,
unsigned int *ppl
);
</PRE>
Get the (runtime) version of libmilter.
</TD></TR>
<!----------- Description ---------->
<TR><TH VALIGN="TOP" ALIGN=LEFT>DESCRIPTION</TH><TD>
<TABLE BORDER="1" CELLSPACING=1 CELLPADDING=4>
<TR ALIGN="LEFT" VALIGN=TOP>
<TH WIDTH="80">Called When</TH>
<TD>smfi_version may be called at any time.</TD>
</TR>
<TR ALIGN="LEFT" VALIGN=TOP>
<TH WIDTH="80">Effects</TH>
<TD>None.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH VALIGN="TOP" ALIGN=LEFT>ARGUMENTS</TH><TD>
<TABLE BORDER="1" CELLSPACING=0>
<TR BGCOLOR="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR VALIGN="TOP"><TD>pmajor</TD>
<TD>Pointer to an unsigned int variable to store major version number.
</TD></TR>
<TR VALIGN="TOP"><TD>pminor</TD>
<TD>Pointer to an unsigned int variable to store minor version number.
</TD></TR>
<TR VALIGN="TOP"><TD>ppl</TD>
<TD>Pointer to an unsigned int variable to store patch level number.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
<TH VALIGN="TOP" ALIGN=LEFT>RETURN VALUES</TH>
<TD>smfi_version returns MI_SUCCESS.</TD>
</TR>
</TABLE>
Note: the compile time version of libmilter is available in the macro
<CODE>SMFI_VERSION</CODE>.
To extract the major and minor version as well as the current patch level
from this macro, the macros
<CODE>SM_LM_VRS_MAJOR(v)</CODE>,
<CODE>SM_LM_VRS_MINOR(v)</CODE>, and
<CODE>SM_LM_VRS_PLVL(v)</CODE>
can be used, respectively.
A milter can check the
<CODE>SMFI_VERSION</CODE>
macro to determine which functions to use
(at compile time via C preprocessor statements).
Using this macro and the
<CODE>smfi_version()</CODE>
function,
a milter can determine at runtime whether it has been (dynamically)
linked against the expected libmilter version.
Such a function should only compare the major and minor version,
not the patch level,
i.e., the libmilter library will be compatible despite
different patch levels.
<HR SIZE="1">
<FONT SIZE="-1">
Copyright (c) 2006-2008 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_abort.html b/libmilter/docs/xxfi_abort.html
index 9ec8f4990737..4e20d0e18d52 100644
--- a/libmilter/docs/xxfi_abort.html
+++ b/libmilter/docs/xxfi_abort.html
@@ -1,83 +1,84 @@
<HTML>
<HEAD><TITLE>xxfi_abort</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_abort.html,v 1.13 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_abort</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_abort)(
SMFICTX *ctx
);
</PRE>
Handle the current message's being aborted.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_abort may be called at any time during message processing (i.e. between some message-oriented routine and <A href="xxfi_eom.html">xxfi_eom</A>).</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>
<UL>
<LI>xxfi_abort must reclaim any resources allocated on a per-message
basis, and must be tolerant of being called between any two
message-oriented callbacks.
<LI>Calls to xxfi_abort and <A href="xxfi_eom.html">xxfi_eom</A> are
mutually exclusive.
<LI>xxfi_abort is not responsible for reclaiming connection-specific
data, since <A href="xxfi_close.html">xxfi_close</A> is always called
when a connection is closed.
<LI>Since the current message is already being aborted, the return
value is currently ignored.
<LI>xxfi_abort is only called if the message is aborted outside the
filter's control <B>and</B> the filter has not completed its
message-oriented processing. For example, if a filter has already
returned SMFIS_ACCEPT, SMFIS_REJECT, or SMFIS_DISCARD from a
message-oriented routine, xxfi_abort will not be called even if the
message is later aborted outside its control.
</UL>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_body.html b/libmilter/docs/xxfi_body.html
index 811035065874..511eeb3aae68 100644
--- a/libmilter/docs/xxfi_body.html
+++ b/libmilter/docs/xxfi_body.html
@@ -1,97 +1,98 @@
<HTML>
<HEAD><TITLE>xxfi_body</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_body.html,v 1.18 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_body</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_body)(
SMFICTX *ctx,
unsigned char *bodyp,
size_t len
);
</PRE>
Handle a piece of a message's body.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_body is called zero or more times between xxfi_eoh and xxfi_eom.</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>bodyp</TD>
<TD>Pointer to the start of this block of body data. bodyp is not valid outside this call to xxfi_body.
</TD></TR>
<TR valign="top"><TD>len</TD>
<TD>The amount of data pointed to by bodyp.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>
<UL>
<LI>bodyp points to a sequence of bytes.
It is <EM>not</EM> a C string (a sequence of characters that is terminated by '\0').
Therefore, do not use the usual C string functions like <CODE>strlen(3)</CODE>
on this byte block.
Moreover, the byte sequence may contain '\0' characters inside the block.
Hence even if a trailing '\0' is added, C string functions may still fail
to work as expected.
<LI>Since message bodies can be very large, defining xxfi_body can
significantly impact filter performance.
<LI>End-of-lines are represented as received from SMTP (normally CR/LF).
<LI>Later filters will see body changes made by earlier ones.
-<LI>Message bodies may be sent in multiple chunks, with one call to
+<LI>Message bodies may be sent in multiple chunks, with one call to
xxfi_body per chunk.
<LI>Return
<A HREF="api.html#SMFIS_SKIP">SMFIS_SKIP</A>
if a milter has received sufficiently many
body chunks to make a decision,
but still wants to invoke
message modification functions that are only allowed to be called from
<A HREF="xxfi_eom.html">xxfi_eom()</A>.
Note: the milter <EM>must</EM>
<A HREF="xxfi_negotiate.html">negotiate</A>
this behavior with the MTA, i.e., it must check whether
the protocol action
<A HREF="xxfi_negotiate.html#SMFIP_SKIP"><CODE>SMFIP_SKIP</CODE></A>
is available and if so, the milter must request it.
</UL>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000-2003, 2007 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_close.html b/libmilter/docs/xxfi_close.html
index b5cf2ff237ad..1999d0e3896b 100644
--- a/libmilter/docs/xxfi_close.html
+++ b/libmilter/docs/xxfi_close.html
@@ -1,81 +1,82 @@
<HTML>
<HEAD><TITLE>xxfi_close</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_close.html,v 1.14 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_close</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_close)(
SMFICTX *ctx
);
</PRE>
The current connection is being closed.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_close is always called once at the end of each connection.</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>
<UL>
<LI>xxfi_close may be called "out-of-order", i.e. before even the
xxfi_connect is called.
After a connection is established by the MTA to the filter,
if the MTA decides this connection's traffic will be discarded
(e.g. via an access_db result), no data will be passed to the
filter from the MTA until the client closes down.
At that time, xxfi_close is called.
It can therefore be the only callback ever used for a given connection,
and developers should anticipate this possibility when crafting their
xxfi_close code.
In particular, it is incorrect to assume the private context pointer
will be something other than NULL in this callback.
<LI>xxfi_close is called on close even if the previous mail
-transaction was aborted.
+transaction was aborted.
<LI>xxfi_close is responsible for freeing any resources allocated on a
per-connection basis.
<LI>Since the connection is already closing, the return value is
currently ignored.
</UL>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003, 2004 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_connect.html b/libmilter/docs/xxfi_connect.html
index 29a2c911153e..c84f9f281738 100644
--- a/libmilter/docs/xxfi_connect.html
+++ b/libmilter/docs/xxfi_connect.html
@@ -1,121 +1,123 @@
<HTML>
<HEAD><TITLE>xxfi_connect</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_connect.html,v 1.20 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_connect</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_connect)(
- SMFICTX *ctx,
+ SMFICTX *ctx,
char *hostname,
_SOCK_ADDR *hostaddr);
</PRE>
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR>
<TH valign="top" align=left width=80>Called When</TH>
<TD>Once, at the start of each SMTP connection.</TD>
</TR>
<TR>
<TH valign="top" align=left width=80>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+
<!--
-This callback function is invoked on each connection to the mail
+This callback function is invoked on each connection to the mail
filter program.
The callback is to be implemented by the Milter application developers.
The name of the callback can be any valid function name.
The function pointer is to be assigned to the
smfiDesc.xxfi_connect and the pointer to the smfiDesc structure
is passed to smfi_register().
-</TD></TR>
-->
+</TD></TR>
+
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR><TD>ctx</TD>
<TD>the opaque context structure.
</TD></TR>
<TR><TD>hostname</TD>
<TD>the host name of the message sender, as determined by a
reverse lookup on the host address.
If the reverse lookup fails
or if none of the IP addresses of the resolved host name
matches the original IP address,
hostname will contain the message sender's IP
address enclosed in square brackets (e.g. `[a.b.c.d]').
If the SMTP connection is made via stdin the value is
<CODE>localhost</CODE>.
</TD></TR>
<TR><TD>hostaddr</TD>
<TD>the host address,
as determined by a <CODE>getpeername(2)</CODE> call on the SMTP socket.
NULL if the type is not supported in the current version or if
the SMTP connection is made via stdin.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<!--
<TR>
<TH valign="top" align=left>SPECIAL RETURN VALUES</TH>
<TD><TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Return value</TH><TH>Description</TH></TR>
<TR valign="top">
<TD>SMFIS_ACCEPT</TD>
<TD>Accept all commands and messages from this client without any
further contact with the filter. </TD>
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_CONTINUE</TD>
<TD>Continue normal processing. </TD>
</TR>
<TR valign="top">
<TD>SMFIS_DISCARD</TD>
<TD>Undefined behaviour; do not use. </TD>
</TR>
<TR valign="top">
<TD>SMFIS_TEMPFAIL</TD>
<TD>Reject all commands and messages from this client with a
temporary failure reply code.
If also used in conjunction with <CODE>smfi_setreply()</CODE>
to set a reply whose SMTP code is 421,
the MTA will drop the connection immediately. </TD>
</TR>
<TR valign="top">
<TD>SMFIS_REJECT</TD>
<TD>Reject all commands and messages from this client with a
permanent failure reply code. </TD>
</TR>
</TABLE>
</TR>
-->
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>If an earlier filter rejects the connection in its xxfi_connect()
routine, this filter's xxfi_connect() will not be called.</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000-2001, 2003, 2007 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_data.html b/libmilter/docs/xxfi_data.html
index 7dedb4183097..f8b715b5675e 100644
--- a/libmilter/docs/xxfi_data.html
+++ b/libmilter/docs/xxfi_data.html
@@ -1,89 +1,90 @@
<HTML>
<HEAD><TITLE>xxfi_data</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_data.html,v 1.5 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_data</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_data)(
SMFICTX *ctx
);
</PRE>
Handle the DATA command.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
-<TD>xxfi_data is called when the client uses the DATA command.
+<TD>xxfi_data is called when the client uses the DATA command.</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
<TH valign="top" align=left>SPECIAL RETURN VALUES</TH>
<TD><TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Return value</TH><TH>Description</TH></TR>
<TR valign="top">
<TD>SMFIS_TEMPFAIL</TD>
<TD>Reject this message with a temporary error.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_REJECT</TD>
<TD>Reject this message.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_DISCARD</TD>
<TD>Accept and silently discard this message.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_ACCEPT</TD>
<TD>Accept this message.
</TD>
</TR>
</TABLE>
-</TR>
+</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>For more details on ESMTP responses, please see RFC
<A href="http://www.rfc-editor.org/rfc/rfc1869.txt">1869</A>.</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_envfrom.html b/libmilter/docs/xxfi_envfrom.html
index 24811e14a6c1..b553b4d9fd63 100644
--- a/libmilter/docs/xxfi_envfrom.html
+++ b/libmilter/docs/xxfi_envfrom.html
@@ -1,97 +1,98 @@
<HTML>
<HEAD><TITLE>xxfi_envfrom</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_envfrom.html,v 1.15 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_envfrom</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_envfrom)(
SMFICTX *ctx,
char **argv
);
</PRE>
Handle the MAIL (envelope sender) command.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_envfrom is called once at the beginning of each message
(MAIL command),
before xxfi_envrcpt.</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>argv</TD>
<TD>Null-terminated SMTP command arguments;
argv[0] is guaranteed to be the sender address.
Later arguments are the ESMTP arguments.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
<TH valign="top" align=left>SPECIAL RETURN VALUES</TH>
<TD><TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Return value</TH><TH>Description</TH></TR>
<TR valign="top">
<TD>SMFIS_TEMPFAIL</TD>
<TD>Reject this sender and message with a temporary error; a new sender (and hence a new message) may subsequently be specified. <A href="xxfi_abort.html">xxfi_abort</A> is not called.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_REJECT</TD>
<TD>Reject this sender and message; a new sender/message may be specified. <A href="xxfi_abort.html">xxfi_abort</A> is not called.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_DISCARD</TD>
<TD>Accept and silently discard this message. <A href="xxfi_abort.html">xxfi_abort</A> is not called.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_ACCEPT</TD>
<TD>Accept this message. <A href="xxfi_abort.html">xxfi_abort</A> is not called.
</TD>
</TR>
</TABLE>
-</TR>
+</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>For more details on ESMTP responses, please see RFC
<A href="http://www.rfc-editor.org/rfc/rfc1869.txt">1869</A>.</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003, 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_envrcpt.html b/libmilter/docs/xxfi_envrcpt.html
index 9503ab98c616..d15b70fdf187 100644
--- a/libmilter/docs/xxfi_envrcpt.html
+++ b/libmilter/docs/xxfi_envrcpt.html
@@ -1,98 +1,99 @@
<HTML>
<HEAD><TITLE>xxfi_envrcpt</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_envrcpt.html,v 1.17 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_envrcpt</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_envrcpt)(
SMFICTX *ctx,
char **argv
);
</PRE>
Handle the envelope RCPT command.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_envrcpt is called once per recipient, hence one or more times per message, immediately after xxfi_envfrom.</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>argv</TD>
<TD>Null-terminated SMTP command arguments;
argv[0] is guaranteed to be the recipient address.
Later arguments are the ESMTP arguments.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
<TH valign="top" align=left>SPECIAL RETURN VALUES</TH>
<TD><TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Return value</TH><TH>Description</TH></TR>
<TR valign="top">
<TD>SMFIS_TEMPFAIL</TD>
- <TD>Temporarily fail for this particular recipient; further recipients
+ <TD>Temporarily fail for this particular recipient; further recipients
may still be sent. <A href="xxfi_abort.html">xxfi_abort</A> is not called.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_REJECT</TD>
<TD>Reject this particular recipient; further recipients may still be sent.
<A href="xxfi_abort.html">xxfi_abort</A> is not called.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_DISCARD</TD>
<TD>Accept and discard the message. <A href="xxfi_abort.html">xxfi_abort</A> will be called.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_ACCEPT</TD>
<TD>Accept this message.
<A href="xxfi_abort.html">xxfi_abort</A> will not be called.
</TD>
</TR>
</TABLE>
-</TR>
+</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>For more details on ESMTP responses, please see RFC
<A href="http://www.rfc-editor.org/rfc/rfc1869.txt">1869</A>.</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003, 2010 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_eoh.html b/libmilter/docs/xxfi_eoh.html
index 33f5fc004983..4be41d758bc3 100644
--- a/libmilter/docs/xxfi_eoh.html
+++ b/libmilter/docs/xxfi_eoh.html
@@ -1,56 +1,57 @@
<HTML>
<HEAD><TITLE>xxfi_eoh</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_eoh.html,v 1.12 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_eoh</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_eoh)(
SMFICTX *ctx
);
</PRE>
Handle the end of message headers.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_eoh is called once after all headers have been sent and processed.
</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
</TABLE>
</TD></TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_eom.html b/libmilter/docs/xxfi_eom.html
index d473777e4b13..9bf040c02ad4 100644
--- a/libmilter/docs/xxfi_eom.html
+++ b/libmilter/docs/xxfi_eom.html
@@ -1,62 +1,63 @@
<HTML>
<HEAD><TITLE>xxfi_eom</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_eom.html,v 1.13 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_eom</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_eom)(
SMFICTX *ctx
);
</PRE>
End of a message.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_eom is called once after all calls to <A href="xxfi_body.html">xxfi_body</A> for a given message.</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>A filter is required to make all its modifications to the message headers, body, and envelope in xxfi_eom.
Modifications are made via the smfi_* routines.
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_header.html b/libmilter/docs/xxfi_header.html
index 16e814b47c48..bccada7e524f 100644
--- a/libmilter/docs/xxfi_header.html
+++ b/libmilter/docs/xxfi_header.html
@@ -1,111 +1,112 @@
<HTML>
<HEAD><TITLE>xxfi_header</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_header.html,v 1.18 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_header</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_header)(
SMFICTX *ctx,
char *headerf,
char *headerv
);
</PRE>
Handle a message header.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_header is called once for each message header.</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>headerf</TD>
<TD> Header field name.
</TD></TR>
<TR valign="top"><TD>headerv</TD>
<TD>Header field value.
The content of the header may include folded white space,
i.e., multiple lines with following white space
where lines are separated by LF (not CR/LF).
The trailing line terminator (CR/LF) is removed.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>
<UL>
<LI>Starting with sendmail 8.14, spaces after the colon in a header
field are preserved if requested using the flag
<A HREF="xxfi_negotiate.html#SMFIP_HDR_LEADSPC"><CODE>SMFIP_HDR_LEADSPC</CODE></A>.
That is, the header
<PRE>
From: sender &lt;f@example.com&gt;
To: user &lt;t@example.com&gt;
Subject:no
</PRE>
will be sent to a milter as
<PRE>
"From", " sender &lt;f@example.com&gt;"
"To", " user &lt;t@example.com&gt;"
"Subject", "no"
</PRE>
while previously
(or without the flag
<A HREF="xxfi_negotiate.html#SMFIP_HDR_LEADSPC"><CODE>SMFIP_HDR_LEADSPC</CODE></A>)
it was:
<PRE>
"From", "sender &lt;f@example.com&gt;"
"To", "user &lt;t@example.com&gt;"
"Subject", "no"
</PRE>
<LI>Later filters will see header changes/additions made by earlier ones.
-<LI>For much more detail about header format, please see
+<LI>For much more detail about header format, please see
RFC <A href="http://www.rfc-editor.org/rfc/rfc822.html">822</A>
and
RFC <A href="http://www.rfc-editor.org/rfc/rfc2822.html">2822</A>
</UL>
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003, 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_helo.html b/libmilter/docs/xxfi_helo.html
index 716eb9290f17..8c4309cd5bf2 100644
--- a/libmilter/docs/xxfi_helo.html
+++ b/libmilter/docs/xxfi_helo.html
@@ -1,64 +1,65 @@
<HTML>
<HEAD><TITLE>xxfi_helo</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_helo.html,v 1.13 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_helo</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_helo)(
- SMFICTX *ctx,
+ SMFICTX *ctx,
char *helohost
);
</PRE>
Handle the HELO/EHLO command.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH> <TD>xxfi_helo is called whenever the client
sends a HELO/EHLO command.
It may therefore be called several times or even not at all;
some restrictions can be imposed by the MTA configuration.
</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>helohost</TD>
<TD>Value passed to HELO/EHLO command, which should be
the domain name of the sending host (but is, in practice,
anything the sending host wants to send).
</TD></TR>
</TABLE>
</TD></TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2003, 2005 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_negotiate.html b/libmilter/docs/xxfi_negotiate.html
index b0502f47a711..e858a39c0e98 100644
--- a/libmilter/docs/xxfi_negotiate.html
+++ b/libmilter/docs/xxfi_negotiate.html
@@ -1,277 +1,287 @@
<HTML>
<HEAD><TITLE>xxfi_negotiate</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_negotiate.html,v 1.24 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_negotiate</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
#include &lt;libmilter/mfdef.h&gt;
sfsistat (*xxfi_negotiate)(
- SMFICTX *ctx,
+ SMFICTX *ctx,
unsigned long f0,
unsigned long f1,
unsigned long f2,
unsigned long f3,
unsigned long *pf0,
unsigned long *pf1,
unsigned long *pf2,
unsigned long *pf3);
</PRE>
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR>
<TH valign="top" align=left width=80>Called When</TH>
<TD>Once, at the start of each SMTP connection.</TD>
</TR>
<TR>
<TH valign="top" align=left width=80>Default Behavior</TH>
<TD>Return SMFIS_ALL_OPTS to change nothing.</TD>
</TR>
</TABLE>
+</TD></TR>
+
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR><TD>ctx</TD>
<TD>the opaque context structure.
</TD></TR>
<TR><TD>f0</TD>
<TD>the actions offered by the MTA.
</TD></TR>
<TR><TD>f1</TD>
<TD>the protocol steps offered by the MTA.
+ </TD></TR>
<TR><TD>f2</TD>
<TD>for future extensions.
</TD></TR>
<TR><TD>f3</TD>
<TD>for future extensions.
</TD></TR>
<TR><TD>pf0</TD>
<TD>the actions requested by the milter.
</TD></TR>
<TR><TD>pf1</TD>
<TD>the protocol steps requested by the milter.
+ </TD></TR>
<TR><TD>pf2</TD>
<TD>for future extensions.
</TD></TR>
<TR><TD>pf3</TD>
<TD>for future extensions.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
<TH valign="top" align=left>SPECIAL RETURN VALUES</TH>
<TD><TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Return value</TH><TH>Description</TH></TR>
<TR valign="top">
<TD>SMFIS_ALL_OPTS</TD>
<TD>
If a milter just wants to inspect the available protocol steps
and actions, then it can return
SMFIS_ALL_OPTS
and the MTA will make all protocol steps and actions available
to the milter.
In this case, no values should be assigned to the output parameters
<CODE>pf0</CODE> - <CODE>pf3</CODE>
as they will be ignored.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_REJECT</TD>
<TD>Milter startup fails and it will not be contacted again
(for the current connection).
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_CONTINUE</TD>
<TD>Continue processing.
In this case the milter <EM>must</EM> set all output parameters
<CODE>pf0</CODE> - <CODE>pf3</CODE>.
See below for an explanation how to set those output parameters.
</TD>
</TR>
</TABLE>
-</TR>
+</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>This function allows a milter to dynamically determine and
request operations and actions during startup.
In previous versions, the actions (f0) were fixed in the
<A HREF="smfi_register.html#flags">flags</A> field of the
<A HREF="smfi_register.html#smfiDesc">smfiDesc</A>
structure
and the protocol steps (f1) were implicitly derived by checking whether
a callback was defined.
Due to the extensions in the new milter version,
such a static selection will not work if a milter requires
new actions that are not available when talking to an older MTA.
Hence in the negotiation callback a milter can determine
which operations are available and dynamically select
those which it needs and which are offered.
If some operations are not available, the milter may either fall back
to an older mode or abort the session and ask the user to upgrade.
<!--
<P>
The protocol steps are defined in
<CODE>include/libmilter/mfdef.h</CODE>:
the macros start with
<CODE>SMFIP_</CODE>.
-->
<P>
Protocol steps
(<CODE>f1</CODE>, <CODE>*pf1</CODE>):
<UL>
<LI><A NAME="SMFIP_RCPT_REJ"><CODE>SMFIP_RCPT_REJ</CODE></A>:
By setting this bit, a milter can request that the
MTA should also send <CODE>RCPT</CODE> commands that have been rejected
because the user is unknown (or similar reasons), but not those
which have been rejected because of syntax errors etc.
+<!--
+In order for this request to have effect,
+sendmail must have been built with the compile time option
+<TT>_FFR_MILTER_CHECK_REJECTIONS_TOO</TT>.
+-->
If a milter requests this protocol step,
then it should check the macro
<CODE>{rcpt_mailer}</CODE>:
if that is set to
<CODE>error</CODE>,
then the recipient will be rejected by the MTA.
Usually the macros
<CODE>{rcpt_host}</CODE> and <CODE>{rcpt_addr}</CODE>
will contain an enhanced status code and an error text
in that case, respectively.
<LI><A NAME="SMFIP_SKIP"><CODE>SMFIP_SKIP</CODE></A>
indicates that the MTA understand the
<A HREF="api.html#SMFIS_SKIP">SMFIS_SKIP</A>
return code.
<LI><A NAME="SMFIP_NR_"><CODE>SMFIP_NR_*</CODE></A>
indicates that the MTA understand the
<A HREF="api.html#SMFIS_NOREPLY">SMFIS_NOREPLY</A>
return code.
There are flags for various protocol stages:
<UL>
<LI><A NAME="SMFIP_NR_CONN"><CODE>SMFIP_NR_CONN</CODE></A>:
<A HREF="xxfi_connect.html">xxfi_connect()</A>
<LI><A NAME="SMFIP_NR_HELO"><CODE>SMFIP_NR_HELO</CODE></A>:
<A HREF="xxfi_helo.html">xxfi_helo()</A>
<LI><A NAME="SMFIP_NR_MAIL"><CODE>SMFIP_NR_MAIL</CODE></A>:
<A HREF="xxfi_envfrom.html">xxfi_envfrom()</A>
<LI><A NAME="SMFIP_NR_RCPT"><CODE>SMFIP_NR_RCPT</CODE></A>:
<A HREF="xxfi_envrcpt.html">xxfi_envrcpt()</A>
<LI><A NAME="SMFIP_NR_DATA"><CODE>SMFIP_NR_DATA</CODE></A>:
<A HREF="xxfi_data.html">xxfi_data()</A>
<LI><A NAME="SMFIP_NR_UNKN"><CODE>SMFIP_NR_UNKN</CODE></A>:
<A HREF="xxfi_unknown.html">xxfi_unknown()</A>
<LI><A NAME="SMFIP_NR_EOH"><CODE>SMFIP_NR_EOH</CODE></A>:
<A HREF="xxfi_eoh.html">xxfi_eoh()</A>
<LI><A NAME="SMFIP_NR_BODY"><CODE>SMFIP_NR_BODY</CODE></A>:
<A HREF="xxfi_body.html">xxfi_body()</A>
<LI><A NAME="SMFIP_NR_HDR"><CODE>SMFIP_NR_HDR</CODE></A>:
<A HREF="xxfi_header.html">xxfi_header()</A>
</UL>
<LI><A NAME="SMFIP_HDR_LEADSPC"><CODE>SMFIP_HDR_LEADSPC</CODE></A>
indicates that the MTA can send header values with leading space intact.
If this protocol step is requested, then the MTA will also not add a leading
space to headers when they are added, inserted, or changed.
<!--
:'a,.s;^#define \(SMFIP_NO[A-Z]*\)[ ].*;<LI><A NAME="\1"><CODE>\1</CODE></A>:;
-->
<LI>The MTA can be instructed not to send information about
various SMTP stages, these flags start with:
<A NAME="SMFIP_NO"><CODE>SMFIP_NO*</CODE></A>.
+Setting any of these flags affects all connections.
<UL>
<LI><A NAME="SMFIP_NOCONNECT"><CODE>SMFIP_NOCONNECT</CODE></A>:
<A HREF="xxfi_connect.html">xxfi_connect()</A>
<LI><A NAME="SMFIP_NOHELO"><CODE>SMFIP_NOHELO</CODE></A>:
-<A HREF="xxfi_header.html">xxfi_header()</A>
+<A HREF="xxfi_helo.html">xxfi_helo()</A>
<LI><A NAME="SMFIP_NOMAIL"><CODE>SMFIP_NOMAIL</CODE></A>:
<A HREF="xxfi_envfrom.html">xxfi_envfrom()</A>
<LI><A NAME="SMFIP_NORCPT"><CODE>SMFIP_NORCPT</CODE></A>:
<A HREF="xxfi_envrcpt.html">xxfi_envrcpt()</A>
<LI><A NAME="SMFIP_NOBODY"><CODE>SMFIP_NOBODY</CODE></A>:
<A HREF="xxfi_body.html">xxfi_body()</A>
<LI><A NAME="SMFIP_NOHDRS"><CODE>SMFIP_NOHDRS</CODE></A>:
<A HREF="xxfi_header.html">xxfi_header()</A>
<LI><A NAME="SMFIP_NOEOH"><CODE>SMFIP_NOEOH</CODE></A>:
<A HREF="xxfi_eoh.html">xxfi_eoh()</A>
<LI><A NAME="SMFIP_NOUNKNOWN"><CODE>SMFIP_NOUNKNOWN</CODE></A>:
<A HREF="xxfi_unknown.html">xxfi_unknown()</A>
<LI><A NAME="SMFIP_NODATA"><CODE>SMFIP_NODATA</CODE></A>:
<A HREF="xxfi_data.html">xxfi_data()</A>
</UL>
For each of these xxfi_* callbacks that a milter does not use
the corresponding flag <EM>should</EM> be set in
<CODE>*pf1</CODE>.
</UL>
<P>
The available actions
(<CODE>f0</CODE>, <CODE>*pf0</CODE>)
are
<!--
defined in
<CODE>include/libmilter/mfapi.h</CODE>:
the macros start with
<CODE>SMFIF_</CODE>;
these are
-->
described
<A HREF="smfi_register.html#flags">elsewhere (xxfi_flags)</A>.
<P>
If a milter returns SMFIS_CONTINUE, then it <EM>must</EM>
set the desired actions and protocol steps
via the (output) parameters
<CODE>pf0</CODE>
and
<CODE>pf1</CODE>
(which correspond to
<CODE>f0</CODE>
and
<CODE>f1</CODE>, respectively).
The (output) parameters
<CODE>pf2</CODE> and
<CODE>pf3</CODE>
should be set to 0 for compatibility with future versions.
</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/docs/xxfi_unknown.html b/libmilter/docs/xxfi_unknown.html
index 38c1c3d47166..94e4f39d9592 100644
--- a/libmilter/docs/xxfi_unknown.html
+++ b/libmilter/docs/xxfi_unknown.html
@@ -1,84 +1,85 @@
<HTML>
<HEAD><TITLE>xxfi_unknown</TITLE></HEAD>
<BODY>
<!--
$Id: xxfi_unknown.html,v 1.5 2013-11-22 20:51:39 ca Exp $
-->
<H1>xxfi_unknown</H1>
<TABLE border="0" cellspacing=4 cellpadding=4>
<!---------- Synopsis ----------->
<TR><TH valign="top" align=left width=100>SYNOPSIS</TH><TD>
<PRE>
#include &lt;libmilter/mfapi.h&gt;
sfsistat (*xxfi_unknown)(
SMFICTX *ctx,
const char *arg
);
</PRE>
Handle unknown and unimplemented SMTP commands.
</TD></TR>
<!----------- Description ---------->
<TR><TH valign="top" align=left>DESCRIPTION</TH><TD>
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_unknown is called when the client uses an SMTP command
-that is either unknown or not implemented by the MTA.
+that is either unknown or not implemented by the MTA.</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
+</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Argument</TH><TH>Description</TH></TR>
<TR valign="top"><TD>ctx</TD>
<TD>Opaque context structure.
</TD></TR>
<TR valign="top"><TD>arg</TD>
<TD>SMTP command including all arguments.
</TD></TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>
<TH valign="top" align=left>SPECIAL RETURN VALUES</TH>
<TD><TABLE border="1" cellspacing=0>
<TR bgcolor="#dddddd"><TH>Return value</TH><TH>Description</TH></TR>
<TR valign="top">
<TD>SMFIS_TEMPFAIL</TD>
<TD>Reject this command with a temporary error.
</TD>
</TR>
<TR valign="top">
<TD>SMFIS_REJECT</TD>
<TD>Reject this command.
</TD>
</TR>
</TABLE>
-</TR>
+</TD></TR>
<!----------- Notes ---------->
<TR>
-<TH valign="top" align=left>NOTES</TH>
+<TH valign="top" align=left>NOTES</TH>
<TD>The SMTP command will always be rejected by the server,
-it is only possible to return a different error code.
+it is only possible to return a different error code.</TD>
</TR>
</TABLE>
<HR size="1">
<FONT size="-1">
Copyright (c) 2006 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set
forth in the LICENSE.
</FONT>
</BODY>
</HTML>
diff --git a/libmilter/engine.c b/libmilter/engine.c
index 808ffdbf608a..2619395a6eb1 100644
--- a/libmilter/engine.c
+++ b/libmilter/engine.c
@@ -1,1919 +1,1923 @@
/*
* Copyright (c) 1999-2004, 2006-2008 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: engine.c,v 8.168 2013-11-22 20:51:36 ca Exp $")
#include "libmilter.h"
#if NETINET || NETINET6
# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
+#endif
/* generic argument for functions in the command table */
struct arg_struct
{
size_t a_len; /* length of buffer */
char *a_buf; /* argument string */
int a_idx; /* index for macro array */
SMFICTX_PTR a_ctx; /* context */
};
typedef struct arg_struct genarg;
/* structure for commands received from MTA */
struct cmdfct_t
{
char cm_cmd; /* command */
int cm_argt; /* type of arguments expected */
int cm_next; /* next state */
int cm_todo; /* what to do next */
int cm_macros; /* index for macros */
int (*cm_fct) __P((genarg *)); /* function to execute */
};
typedef struct cmdfct_t cmdfct;
/* possible values for cm_argt */
#define CM_BUF 0
#define CM_NULLOK 1
/* possible values for cm_todo */
#define CT_CONT 0x0000 /* continue reading commands */
#define CT_IGNO 0x0001 /* continue even when error */
/* not needed right now, done via return code instead */
#define CT_KEEP 0x0004 /* keep buffer (contains symbols) */
#define CT_END 0x0008 /* last command of session, stop replying */
/* index in macro array: macros only for these commands */
#define CI_NONE (-1)
#define CI_CONN 0
#define CI_HELO 1
#define CI_MAIL 2
#define CI_RCPT 3
#define CI_DATA 4
#define CI_EOM 5
#define CI_EOH 6
#define CI_LAST CI_EOH
#if CI_LAST < CI_DATA
ERROR: do not compile with CI_LAST < CI_DATA
#endif
#if CI_LAST < CI_EOM
ERROR: do not compile with CI_LAST < CI_EOM
#endif
#if CI_LAST < CI_EOH
ERROR: do not compile with CI_LAST < CI_EOH
#endif
-#if CI_LAST < CI_ENVRCPT
-ERROR: do not compile with CI_LAST < CI_ENVRCPT
+#if CI_LAST < CI_RCPT
+ERROR: do not compile with CI_LAST < CI_RCPT
#endif
-#if CI_LAST < CI_ENVFROM
-ERROR: do not compile with CI_LAST < CI_ENVFROM
+#if CI_LAST < CI_MAIL
+ERROR: do not compile with CI_LAST < CI_MAIL
#endif
#if CI_LAST < CI_HELO
ERROR: do not compile with CI_LAST < CI_HELO
#endif
-#if CI_LAST < CI_CONNECT
-ERROR: do not compile with CI_LAST < CI_CONNECT
+#if CI_LAST < CI_CONN
+ERROR: do not compile with CI_LAST < CI_CONN
#endif
#if CI_LAST >= MAX_MACROS_ENTRIES
ERROR: do not compile with CI_LAST >= MAX_MACROS_ENTRIES
#endif
/* function prototypes */
static int st_abortfct __P((genarg *));
static int st_macros __P((genarg *));
static int st_optionneg __P((genarg *));
static int st_bodychunk __P((genarg *));
static int st_connectinfo __P((genarg *));
static int st_bodyend __P((genarg *));
static int st_helo __P((genarg *));
static int st_header __P((genarg *));
static int st_sender __P((genarg *));
static int st_rcpt __P((genarg *));
static int st_unknown __P((genarg *));
static int st_data __P((genarg *));
static int st_eoh __P((genarg *));
static int st_quit __P((genarg *));
static int sendreply __P((sfsistat, socket_t, struct timeval *, SMFICTX_PTR));
static void fix_stm __P((SMFICTX_PTR));
static bool trans_ok __P((int, int));
static char **dec_argv __P((char *, size_t));
static int dec_arg2 __P((char *, size_t, char **, char **));
static void mi_clr_symlist __P((SMFICTX_PTR));
#if _FFR_WORKERS_POOL
static bool mi_rd_socket_ready __P((int));
-#endif /* _FFR_WORKERS_POOL */
+#endif
/* states */
#define ST_NONE (-1)
#define ST_INIT 0 /* initial state */
#define ST_OPTS 1 /* option negotiation */
#define ST_CONN 2 /* connection info */
#define ST_HELO 3 /* helo */
#define ST_MAIL 4 /* mail from */
#define ST_RCPT 5 /* rcpt to */
#define ST_DATA 6 /* data */
#define ST_HDRS 7 /* headers */
#define ST_EOHS 8 /* end of headers */
#define ST_BODY 9 /* body */
#define ST_ENDM 10 /* end of message */
#define ST_QUIT 11 /* quit */
#define ST_ABRT 12 /* abort */
#define ST_UNKN 13 /* unknown SMTP command */
#define ST_Q_NC 14 /* quit, new connection follows */
#define ST_LAST ST_Q_NC /* last valid state */
#define ST_SKIP 16 /* not a state but required for the state table */
/* in a mail transaction? must be before eom according to spec. */
#define ST_IN_MAIL(st) ((st) >= ST_MAIL && (st) < ST_ENDM)
/*
** set of next states
** each state (ST_*) corresponds to bit in an int value (1 << state)
** each state has a set of allowed transitions ('or' of bits of states)
** so a state transition is valid if the mask of the next state
** is set in the NX_* value
** this function is coded in trans_ok(), see below.
*/
#define MI_MASK(x) (0x0001 << (x)) /* generate a bit "mask" for a state */
#define NX_INIT (MI_MASK(ST_OPTS))
#define NX_OPTS (MI_MASK(ST_CONN) | MI_MASK(ST_UNKN))
#define NX_CONN (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL) | MI_MASK(ST_UNKN))
#define NX_HELO (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL) | MI_MASK(ST_UNKN))
#define NX_MAIL (MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT) | MI_MASK(ST_UNKN))
#define NX_RCPT (MI_MASK(ST_HDRS) | MI_MASK(ST_EOHS) | MI_MASK(ST_DATA) | \
MI_MASK(ST_BODY) | MI_MASK(ST_ENDM) | \
MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT) | MI_MASK(ST_UNKN))
#define NX_DATA (MI_MASK(ST_EOHS) | MI_MASK(ST_HDRS) | MI_MASK(ST_ABRT))
#define NX_HDRS (MI_MASK(ST_EOHS) | MI_MASK(ST_HDRS) | MI_MASK(ST_ABRT))
#define NX_EOHS (MI_MASK(ST_BODY) | MI_MASK(ST_ENDM) | MI_MASK(ST_ABRT))
#define NX_BODY (MI_MASK(ST_ENDM) | MI_MASK(ST_BODY) | MI_MASK(ST_ABRT))
#define NX_ENDM (MI_MASK(ST_QUIT) | MI_MASK(ST_MAIL) | MI_MASK(ST_UNKN) | \
MI_MASK(ST_Q_NC))
#define NX_QUIT 0
#define NX_ABRT 0
#define NX_UNKN (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL) | \
MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT) | \
MI_MASK(ST_DATA) | \
MI_MASK(ST_BODY) | MI_MASK(ST_UNKN) | \
MI_MASK(ST_ABRT) | MI_MASK(ST_QUIT) | MI_MASK(ST_Q_NC))
#define NX_Q_NC (MI_MASK(ST_CONN) | MI_MASK(ST_UNKN))
#define NX_SKIP MI_MASK(ST_SKIP)
static int next_states[] =
{
NX_INIT
, NX_OPTS
, NX_CONN
, NX_HELO
, NX_MAIL
, NX_RCPT
, NX_DATA
, NX_HDRS
, NX_EOHS
, NX_BODY
, NX_ENDM
, NX_QUIT
, NX_ABRT
, NX_UNKN
, NX_Q_NC
};
#define SIZE_NEXT_STATES (sizeof(next_states) / sizeof(next_states[0]))
/* commands received by milter */
static cmdfct cmds[] =
{
{SMFIC_ABORT, CM_NULLOK, ST_ABRT, CT_CONT, CI_NONE, st_abortfct}
, {SMFIC_MACRO, CM_BUF, ST_NONE, CT_KEEP, CI_NONE, st_macros }
, {SMFIC_BODY, CM_BUF, ST_BODY, CT_CONT, CI_NONE, st_bodychunk}
, {SMFIC_CONNECT, CM_BUF, ST_CONN, CT_CONT, CI_CONN, st_connectinfo}
, {SMFIC_BODYEOB, CM_NULLOK, ST_ENDM, CT_CONT, CI_EOM, st_bodyend }
, {SMFIC_HELO, CM_BUF, ST_HELO, CT_CONT, CI_HELO, st_helo }
, {SMFIC_HEADER, CM_BUF, ST_HDRS, CT_CONT, CI_NONE, st_header }
, {SMFIC_MAIL, CM_BUF, ST_MAIL, CT_CONT, CI_MAIL, st_sender }
, {SMFIC_OPTNEG, CM_BUF, ST_OPTS, CT_CONT, CI_NONE, st_optionneg}
, {SMFIC_EOH, CM_NULLOK, ST_EOHS, CT_CONT, CI_EOH, st_eoh }
, {SMFIC_QUIT, CM_NULLOK, ST_QUIT, CT_END, CI_NONE, st_quit }
, {SMFIC_DATA, CM_NULLOK, ST_DATA, CT_CONT, CI_DATA, st_data }
, {SMFIC_RCPT, CM_BUF, ST_RCPT, CT_IGNO, CI_RCPT, st_rcpt }
, {SMFIC_UNKNOWN, CM_BUF, ST_UNKN, CT_IGNO, CI_NONE, st_unknown }
, {SMFIC_QUIT_NC, CM_NULLOK, ST_Q_NC, CT_CONT, CI_NONE, st_quit }
};
/*
** Additional (internal) reply codes;
** must be coordinated wit libmilter/mfapi.h
*/
#define _SMFIS_KEEP 20
#define _SMFIS_ABORT 21
#define _SMFIS_OPTIONS 22
#define _SMFIS_NOREPLY SMFIS_NOREPLY
#define _SMFIS_FAIL (-1)
#define _SMFIS_NONE (-2)
/*
** MI_ENGINE -- receive commands and process them
**
** Parameters:
** ctx -- context structure
**
** Returns:
** MI_FAILURE/MI_SUCCESS
*/
int
mi_engine(ctx)
SMFICTX_PTR ctx;
{
size_t len;
int i;
socket_t sd;
int ret = MI_SUCCESS;
int ncmds = sizeof(cmds) / sizeof(cmdfct);
int curstate = ST_INIT;
int newstate;
bool call_abort;
sfsistat r;
char cmd;
char *buf = NULL;
genarg arg;
struct timeval timeout;
int (*f) __P((genarg *));
sfsistat (*fi_abort) __P((SMFICTX *));
sfsistat (*fi_close) __P((SMFICTX *));
arg.a_ctx = ctx;
sd = ctx->ctx_sd;
fi_abort = ctx->ctx_smfi->xxfi_abort;
#if _FFR_WORKERS_POOL
curstate = ctx->ctx_state;
if (curstate == ST_INIT)
{
mi_clr_macros(ctx, 0);
fix_stm(ctx);
}
#else /* _FFR_WORKERS_POOL */
mi_clr_macros(ctx, 0);
fix_stm(ctx);
#endif /* _FFR_WORKERS_POOL */
r = _SMFIS_NONE;
do
{
/* call abort only if in a mail transaction */
call_abort = ST_IN_MAIL(curstate);
timeout.tv_sec = ctx->ctx_timeout;
timeout.tv_usec = 0;
if (mi_stop() == MILTER_ABRT)
{
if (ctx->ctx_dbg > 3)
sm_dprintf("[%lu] milter_abort\n",
(long) ctx->ctx_id);
ret = MI_FAILURE;
break;
}
/*
** Notice: buf is allocated by mi_rd_cmd() and it will
** usually be free()d after it has been used in f().
** However, if the function returns _SMFIS_KEEP then buf
** contains macros and will not be free()d.
** Hence r must be set to _SMFIS_NONE if a new buf is
** allocated to avoid problem with housekeeping, esp.
** if the code "break"s out of the loop.
*/
#if _FFR_WORKERS_POOL
/* Is the socket ready to be read ??? */
if (!mi_rd_socket_ready(sd))
{
ret = MI_CONTINUE;
break;
}
#endif /* _FFR_WORKERS_POOL */
r = _SMFIS_NONE;
if ((buf = mi_rd_cmd(sd, &timeout, &cmd, &len,
ctx->ctx_smfi->xxfi_name)) == NULL &&
cmd < SMFIC_VALIDCMD)
{
if (ctx->ctx_dbg > 5)
sm_dprintf("[%lu] mi_engine: mi_rd_cmd error (%x)\n",
(long) ctx->ctx_id, (int) cmd);
/*
** eof is currently treated as failure ->
** abort() instead of close(), otherwise use:
** if (cmd != SMFIC_EOF)
*/
ret = MI_FAILURE;
break;
}
if (ctx->ctx_dbg > 4)
sm_dprintf("[%lu] got cmd '%c' len %d\n",
(long) ctx->ctx_id, cmd, (int) len);
for (i = 0; i < ncmds; i++)
{
if (cmd == cmds[i].cm_cmd)
break;
}
if (i >= ncmds)
{
/* unknown command */
if (ctx->ctx_dbg > 1)
sm_dprintf("[%lu] cmd '%c' unknown\n",
(long) ctx->ctx_id, cmd);
ret = MI_FAILURE;
break;
}
if ((f = cmds[i].cm_fct) == NULL)
{
/* stop for now */
if (ctx->ctx_dbg > 1)
sm_dprintf("[%lu] cmd '%c' not impl\n",
(long) ctx->ctx_id, cmd);
ret = MI_FAILURE;
break;
}
/* is new state ok? */
newstate = cmds[i].cm_next;
if (ctx->ctx_dbg > 5)
sm_dprintf("[%lu] cur %x new %x nextmask %x\n",
(long) ctx->ctx_id,
curstate, newstate, next_states[curstate]);
if (newstate != ST_NONE && !trans_ok(curstate, newstate))
{
if (ctx->ctx_dbg > 1)
sm_dprintf("[%lu] abort: cur %d (%x) new %d (%x) next %x\n",
(long) ctx->ctx_id,
curstate, MI_MASK(curstate),
newstate, MI_MASK(newstate),
next_states[curstate]);
/* call abort only if in a mail transaction */
if (fi_abort != NULL && call_abort)
(void) (*fi_abort)(ctx);
/*
** try to reach the new state from HELO
** if it can't be reached, ignore the command.
*/
curstate = ST_HELO;
if (!trans_ok(curstate, newstate))
{
if (buf != NULL)
{
free(buf);
buf = NULL;
}
continue;
}
}
if (cmds[i].cm_argt != CM_NULLOK && buf == NULL)
{
/* stop for now */
if (ctx->ctx_dbg > 1)
sm_dprintf("[%lu] cmd='%c', buf=NULL\n",
(long) ctx->ctx_id, cmd);
ret = MI_FAILURE;
break;
}
arg.a_len = len;
arg.a_buf = buf;
if (newstate != ST_NONE)
{
curstate = newstate;
ctx->ctx_state = curstate;
}
arg.a_idx = cmds[i].cm_macros;
call_abort = ST_IN_MAIL(curstate);
/* call function to deal with command */
MI_MONITOR_BEGIN(ctx, cmd);
r = (*f)(&arg);
MI_MONITOR_END(ctx, cmd);
if (r != _SMFIS_KEEP && buf != NULL)
{
free(buf);
buf = NULL;
}
if (sendreply(r, sd, &timeout, ctx) != MI_SUCCESS)
{
ret = MI_FAILURE;
break;
}
if (r == SMFIS_ACCEPT)
{
/* accept mail, no further actions taken */
curstate = ST_HELO;
}
else if (r == SMFIS_REJECT || r == SMFIS_DISCARD ||
r == SMFIS_TEMPFAIL)
{
/*
** further actions depend on current state
** if the IGNO bit is set: "ignore" the error,
** i.e., stay in the current state
*/
if (!bitset(CT_IGNO, cmds[i].cm_todo))
curstate = ST_HELO;
}
else if (r == _SMFIS_ABORT)
{
if (ctx->ctx_dbg > 5)
sm_dprintf("[%lu] function returned abort\n",
(long) ctx->ctx_id);
ret = MI_FAILURE;
break;
}
} while (!bitset(CT_END, cmds[i].cm_todo));
ctx->ctx_state = curstate;
if (ret == MI_FAILURE)
{
/* call abort only if in a mail transaction */
if (fi_abort != NULL && call_abort)
(void) (*fi_abort)(ctx);
}
/* has close been called? */
if (ctx->ctx_state != ST_QUIT
#if _FFR_WORKERS_POOL
&& ret != MI_CONTINUE
-#endif /* _FFR_WORKERS_POOL */
+#endif
)
{
if ((fi_close = ctx->ctx_smfi->xxfi_close) != NULL)
(void) (*fi_close)(ctx);
}
if (r != _SMFIS_KEEP && buf != NULL)
free(buf);
#if !_FFR_WORKERS_POOL
mi_clr_macros(ctx, 0);
-#endif /* _FFR_WORKERS_POOL */
+#endif
return ret;
}
static size_t milter_addsymlist __P((SMFICTX_PTR, char *, char **));
static size_t
milter_addsymlist(ctx, buf, newbuf)
SMFICTX_PTR ctx;
char *buf;
char **newbuf;
{
size_t len;
int i;
mi_int32 v;
char *buffer;
SM_ASSERT(ctx != NULL);
SM_ASSERT(buf != NULL);
SM_ASSERT(newbuf != NULL);
len = 0;
for (i = 0; i < MAX_MACROS_ENTRIES; i++)
{
if (ctx->ctx_mac_list[i] != NULL)
{
len += strlen(ctx->ctx_mac_list[i]) + 1 +
MILTER_LEN_BYTES;
}
}
if (len > 0)
{
size_t offset;
SM_ASSERT(len + MILTER_OPTLEN > len);
len += MILTER_OPTLEN;
buffer = malloc(len);
if (buffer != NULL)
{
(void) memcpy(buffer, buf, MILTER_OPTLEN);
offset = MILTER_OPTLEN;
for (i = 0; i < MAX_MACROS_ENTRIES; i++)
{
size_t l;
if (ctx->ctx_mac_list[i] == NULL)
continue;
SM_ASSERT(offset + MILTER_LEN_BYTES < len);
v = htonl(i);
(void) memcpy(buffer + offset, (void *) &v,
MILTER_LEN_BYTES);
offset += MILTER_LEN_BYTES;
l = strlen(ctx->ctx_mac_list[i]) + 1;
SM_ASSERT(offset + l <= len);
(void) memcpy(buffer + offset,
ctx->ctx_mac_list[i], l);
offset += l;
}
}
else
{
/* oops ... */
}
}
else
{
len = MILTER_OPTLEN;
buffer = buf;
}
*newbuf = buffer;
return len;
}
/*
** GET_NR_BIT -- get "no reply" bit matching state
**
** Parameters:
** state -- current protocol stage
**
** Returns:
** 0: no matching bit
** >0: the matching "no reply" bit
*/
static unsigned long get_nr_bit __P((int));
static unsigned long
get_nr_bit(state)
int state;
{
unsigned long bit;
switch (state)
{
case ST_CONN:
bit = SMFIP_NR_CONN;
break;
case ST_HELO:
bit = SMFIP_NR_HELO;
break;
case ST_MAIL:
bit = SMFIP_NR_MAIL;
break;
case ST_RCPT:
bit = SMFIP_NR_RCPT;
break;
case ST_DATA:
bit = SMFIP_NR_DATA;
break;
case ST_UNKN:
bit = SMFIP_NR_UNKN;
break;
case ST_HDRS:
bit = SMFIP_NR_HDR;
break;
case ST_EOHS:
bit = SMFIP_NR_EOH;
break;
case ST_BODY:
bit = SMFIP_NR_BODY;
break;
default:
bit = 0;
break;
}
return bit;
}
/*
** SENDREPLY -- send a reply to the MTA
**
** Parameters:
** r -- reply code
** sd -- socket descriptor
** timeout_ptr -- (ptr to) timeout to use for sending
** ctx -- context structure
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
static int
sendreply(r, sd, timeout_ptr, ctx)
sfsistat r;
socket_t sd;
struct timeval *timeout_ptr;
SMFICTX_PTR ctx;
{
int ret;
unsigned long bit;
ret = MI_SUCCESS;
bit = get_nr_bit(ctx->ctx_state);
if (bit != 0 && (ctx->ctx_pflags & bit) != 0 && r != SMFIS_NOREPLY)
{
if (r >= SMFIS_CONTINUE && r < _SMFIS_KEEP)
{
/* milter said it wouldn't reply, but it lied... */
smi_log(SMI_LOG_ERR,
- "%s: milter claimed not to reply in state %d but did anyway %d\n",
+ "%s: milter claimed not to reply in state %d but did anyway %d",
ctx->ctx_smfi->xxfi_name,
ctx->ctx_state, r);
}
/*
** Force specified behavior, otherwise libmilter
** and MTA will fail to communicate properly.
*/
switch (r)
{
case SMFIS_CONTINUE:
case SMFIS_TEMPFAIL:
case SMFIS_REJECT:
case SMFIS_DISCARD:
case SMFIS_ACCEPT:
case SMFIS_SKIP:
case _SMFIS_OPTIONS:
r = SMFIS_NOREPLY;
break;
}
}
switch (r)
{
case SMFIS_CONTINUE:
ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_CONTINUE, NULL, 0);
break;
case SMFIS_TEMPFAIL:
case SMFIS_REJECT:
if (ctx->ctx_reply != NULL &&
((r == SMFIS_TEMPFAIL && *ctx->ctx_reply == '4') ||
(r == SMFIS_REJECT && *ctx->ctx_reply == '5')))
{
ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_REPLYCODE,
ctx->ctx_reply,
strlen(ctx->ctx_reply) + 1);
free(ctx->ctx_reply);
ctx->ctx_reply = NULL;
}
else
{
ret = mi_wr_cmd(sd, timeout_ptr, r == SMFIS_REJECT ?
SMFIR_REJECT : SMFIR_TEMPFAIL, NULL, 0);
}
break;
case SMFIS_DISCARD:
ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_DISCARD, NULL, 0);
break;
case SMFIS_ACCEPT:
ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_ACCEPT, NULL, 0);
break;
case SMFIS_SKIP:
ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_SKIP, NULL, 0);
break;
case _SMFIS_OPTIONS:
{
mi_int32 v;
size_t len;
char *buffer;
char buf[MILTER_OPTLEN];
v = htonl(ctx->ctx_prot_vers2mta);
(void) memcpy(&(buf[0]), (void *) &v,
MILTER_LEN_BYTES);
v = htonl(ctx->ctx_aflags);
(void) memcpy(&(buf[MILTER_LEN_BYTES]), (void *) &v,
MILTER_LEN_BYTES);
v = htonl(ctx->ctx_pflags2mta);
(void) memcpy(&(buf[MILTER_LEN_BYTES * 2]),
(void *) &v, MILTER_LEN_BYTES);
len = milter_addsymlist(ctx, buf, &buffer);
if (buffer != NULL)
+ {
ret = mi_wr_cmd(sd, timeout_ptr, SMFIC_OPTNEG,
buffer, len);
+ if (buffer != buf)
+ free(buffer);
+ }
else
ret = MI_FAILURE;
}
break;
case SMFIS_NOREPLY:
if (bit != 0 &&
(ctx->ctx_pflags & bit) != 0 &&
(ctx->ctx_mta_pflags & bit) == 0)
{
/*
** milter doesn't want to send a reply,
** but the MTA doesn't have that feature: fake it.
*/
ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_CONTINUE, NULL,
0);
}
break;
default: /* don't send a reply */
break;
}
return ret;
}
/*
** MI_CLR_MACROS -- clear set of macros starting from a given index
**
** Parameters:
** ctx -- context structure
** m -- index from which to clear all macros
**
** Returns:
** None.
*/
void
mi_clr_macros(ctx, m)
SMFICTX_PTR ctx;
int m;
{
int i;
for (i = m; i < MAX_MACROS_ENTRIES; i++)
{
if (ctx->ctx_mac_ptr[i] != NULL)
{
free(ctx->ctx_mac_ptr[i]);
ctx->ctx_mac_ptr[i] = NULL;
}
if (ctx->ctx_mac_buf[i] != NULL)
{
free(ctx->ctx_mac_buf[i]);
ctx->ctx_mac_buf[i] = NULL;
}
}
}
/*
** MI_CLR_SYMLIST -- clear list of macros
**
** Parameters:
** ctx -- context structure
**
** Returns:
** None.
*/
static void
mi_clr_symlist(ctx)
SMFICTX *ctx;
{
int i;
SM_ASSERT(ctx != NULL);
for (i = SMFIM_FIRST; i <= SMFIM_LAST; i++)
{
if (ctx->ctx_mac_list[i] != NULL)
{
free(ctx->ctx_mac_list[i]);
ctx->ctx_mac_list[i] = NULL;
}
}
}
/*
** MI_CLR_CTX -- clear context
**
** Parameters:
** ctx -- context structure
**
** Returns:
** None.
*/
void
mi_clr_ctx(ctx)
SMFICTX *ctx;
{
SM_ASSERT(ctx != NULL);
if (ValidSocket(ctx->ctx_sd))
{
(void) closesocket(ctx->ctx_sd);
ctx->ctx_sd = INVALID_SOCKET;
}
if (ctx->ctx_reply != NULL)
{
free(ctx->ctx_reply);
ctx->ctx_reply = NULL;
}
if (ctx->ctx_privdata != NULL)
{
smi_log(SMI_LOG_WARN,
"%s: private data not NULL",
ctx->ctx_smfi->xxfi_name);
}
mi_clr_macros(ctx, 0);
mi_clr_symlist(ctx);
free(ctx);
}
/*
** ST_OPTIONNEG -- negotiate options
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** abort/send options/continue
*/
static int
st_optionneg(g)
genarg *g;
{
mi_int32 i, v, fake_pflags, internal_pflags;
SMFICTX_PTR ctx;
#if _FFR_MILTER_CHECK
bool testmode = false;
-#endif /* _FFR_MILTER_CHECK */
+#endif
int (*fi_negotiate) __P((SMFICTX *,
unsigned long, unsigned long,
unsigned long, unsigned long,
unsigned long *, unsigned long *,
unsigned long *, unsigned long *));
if (g == NULL || g->a_ctx->ctx_smfi == NULL)
return SMFIS_CONTINUE;
ctx = g->a_ctx;
mi_clr_macros(ctx, g->a_idx + 1);
ctx->ctx_prot_vers = SMFI_PROT_VERSION;
/* check for minimum length */
if (g->a_len < MILTER_OPTLEN)
{
smi_log(SMI_LOG_ERR,
"%s: st_optionneg[%ld]: len too short %d < %d",
ctx->ctx_smfi->xxfi_name,
(long) ctx->ctx_id, (int) g->a_len,
MILTER_OPTLEN);
return _SMFIS_ABORT;
}
/* protocol version */
(void) memcpy((void *) &i, (void *) &(g->a_buf[0]), MILTER_LEN_BYTES);
v = ntohl(i);
#define SMFI_PROT_VERSION_MIN 2
/* check for minimum version */
if (v < SMFI_PROT_VERSION_MIN)
{
smi_log(SMI_LOG_ERR,
"%s: st_optionneg[%ld]: protocol version too old %d < %d",
ctx->ctx_smfi->xxfi_name,
(long) ctx->ctx_id, v, SMFI_PROT_VERSION_MIN);
return _SMFIS_ABORT;
}
ctx->ctx_mta_prot_vers = v;
if (ctx->ctx_prot_vers < ctx->ctx_mta_prot_vers)
ctx->ctx_prot_vers2mta = ctx->ctx_prot_vers;
else
ctx->ctx_prot_vers2mta = ctx->ctx_mta_prot_vers;
(void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES]),
MILTER_LEN_BYTES);
v = ntohl(i);
/* no flags? set to default value for V1 actions */
if (v == 0)
v = SMFI_V1_ACTS;
ctx->ctx_mta_aflags = v; /* MTA action flags */
internal_pflags = 0;
(void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES * 2]),
MILTER_LEN_BYTES);
v = ntohl(i);
/* no flags? set to default value for V1 protocol */
if (v == 0)
v = SMFI_V1_PROT;
#if _FFR_MDS_NEGOTIATE
else if (ctx->ctx_smfi->xxfi_version >= SMFI_VERSION_MDS)
{
/*
** Allow changing the size only if milter is compiled
** against a version that supports this.
** If a milter is dynamically linked against a newer
** libmilter version, we don't want to "surprise"
** it with a larger buffer as it may rely on it
** even though it is not documented as a limit.
*/
if (bitset(SMFIP_MDS_1M, v))
{
internal_pflags |= SMFIP_MDS_1M;
(void) smfi_setmaxdatasize(MILTER_MDS_1M);
}
else if (bitset(SMFIP_MDS_256K, v))
{
internal_pflags |= SMFIP_MDS_256K;
(void) smfi_setmaxdatasize(MILTER_MDS_256K);
}
}
# if 0
/* don't log this for now... */
else if (ctx->ctx_smfi->xxfi_version < SMFI_VERSION_MDS &&
bitset(SMFIP_MDS_1M|SMFIP_MDS_256K, v))
{
smi_log(SMI_LOG_WARN,
"%s: st_optionneg[%ld]: milter version=%X, trying flags=%X",
ctx->ctx_smfi->xxfi_name,
(long) ctx->ctx_id, ctx->ctx_smfi->xxfi_version, v);
}
# endif /* 0 */
#endif /* _FFR_MDS_NEGOTIATE */
/*
** MTA protocol flags.
** We pass the internal flags to the milter as "read only",
** i.e., a milter can read them so it knows which size
** will be used, but any changes by a milter will be ignored
** (see below, search for SMFI_INTERNAL).
*/
ctx->ctx_mta_pflags = (v & ~SMFI_INTERNAL) | internal_pflags;
/*
** Copy flags from milter struct into libmilter context;
** this variable will be used later on to check whether
** the MTA "actions" can fulfill the milter requirements,
** but it may be overwritten by the negotiate callback.
*/
ctx->ctx_aflags = ctx->ctx_smfi->xxfi_flags;
fake_pflags = SMFIP_NR_CONN
|SMFIP_NR_HELO
|SMFIP_NR_MAIL
|SMFIP_NR_RCPT
|SMFIP_NR_DATA
|SMFIP_NR_UNKN
|SMFIP_NR_HDR
|SMFIP_NR_EOH
|SMFIP_NR_BODY
;
if (g->a_ctx->ctx_smfi != NULL &&
g->a_ctx->ctx_smfi->xxfi_version > 4 &&
(fi_negotiate = g->a_ctx->ctx_smfi->xxfi_negotiate) != NULL)
{
int r;
unsigned long m_aflags, m_pflags, m_f2, m_f3;
/*
** let milter decide whether the features offered by the
** MTA are "good enough".
** Notes:
** - libmilter can "fake" some features (e.g., SMFIP_NR_HDR)
** - m_f2, m_f3 are for future extensions
*/
m_f2 = m_f3 = 0;
m_aflags = ctx->ctx_mta_aflags;
m_pflags = ctx->ctx_pflags;
if ((SMFIP_SKIP & ctx->ctx_mta_pflags) != 0)
m_pflags |= SMFIP_SKIP;
r = fi_negotiate(g->a_ctx,
ctx->ctx_mta_aflags,
ctx->ctx_mta_pflags|fake_pflags,
0, 0,
&m_aflags, &m_pflags, &m_f2, &m_f3);
#if _FFR_MILTER_CHECK
testmode = bitset(SMFIP_TEST, m_pflags);
if (testmode)
m_pflags &= ~SMFIP_TEST;
-#endif /* _FFR_MILTER_CHECK */
+#endif
/*
** Types of protocol flags (pflags):
** 1. do NOT send protocol step X
** 2. MTA can do/understand something extra (SKIP,
** send unknown RCPTs)
** 3. MTA can deal with "no reply" for various protocol steps
** Note: this mean that it isn't possible to simply set all
** flags to get "everything":
** setting a flag of type 1 turns off a step
** (it should be the other way around:
** a flag means a protocol step can be sent)
** setting a flag of type 3 requires that milter
** never sends a reply for the corresponding step.
** Summary: the "negation" of protocol flags is causing
** problems, but at least for type 3 there is no simple
** solution.
**
** What should "all options" mean?
** send all protocol steps _except_ those for which there is
** no callback (currently registered in ctx_pflags)
** expect SKIP as return code? Yes
** send unknown RCPTs? No,
** must be explicitly requested?
** "no reply" for some protocol steps? No,
** must be explicitly requested.
*/
if (SMFIS_ALL_OPTS == r)
{
ctx->ctx_aflags = ctx->ctx_mta_aflags;
ctx->ctx_pflags2mta = ctx->ctx_pflags;
if ((SMFIP_SKIP & ctx->ctx_mta_pflags) != 0)
ctx->ctx_pflags2mta |= SMFIP_SKIP;
}
else if (r != SMFIS_CONTINUE)
{
smi_log(SMI_LOG_ERR,
"%s: st_optionneg[%ld]: xxfi_negotiate returned %d (protocol options=0x%lx, actions=0x%lx)",
ctx->ctx_smfi->xxfi_name,
(long) ctx->ctx_id, r, ctx->ctx_mta_pflags,
ctx->ctx_mta_aflags);
return _SMFIS_ABORT;
}
else
{
ctx->ctx_aflags = m_aflags;
ctx->ctx_pflags = m_pflags;
ctx->ctx_pflags2mta = m_pflags;
}
/* check whether some flags need to be "faked" */
i = ctx->ctx_pflags2mta;
if ((ctx->ctx_mta_pflags & i) != i)
{
unsigned int idx;
unsigned long b;
/*
** If some behavior can be faked (set in fake_pflags),
** but the MTA doesn't support it, then unset
** that flag in the value that is sent to the MTA.
*/
for (idx = 0; idx < 32; idx++)
{
b = 1 << idx;
if ((ctx->ctx_mta_pflags & b) != b &&
(fake_pflags & b) == b)
ctx->ctx_pflags2mta &= ~b;
}
}
}
else
{
/*
** Set the protocol flags based on the values determined
** in mi_listener() which checked the defined callbacks.
*/
ctx->ctx_pflags2mta = ctx->ctx_pflags;
}
/* check whether actions and protocol requirements can be satisfied */
i = ctx->ctx_aflags;
if ((i & ctx->ctx_mta_aflags) != i)
{
smi_log(SMI_LOG_ERR,
"%s: st_optionneg[%ld]: 0x%lx does not fulfill action requirements 0x%x",
ctx->ctx_smfi->xxfi_name,
(long) ctx->ctx_id, ctx->ctx_mta_aflags, i);
return _SMFIS_ABORT;
}
i = ctx->ctx_pflags2mta;
if ((ctx->ctx_mta_pflags & i) != i)
{
/*
** Older MTAs do not support some protocol steps.
- ** As this protocol is a bit "wierd" (it asks for steps
+ ** As this protocol is a bit "weird" (it asks for steps
** NOT to be taken/sent) we have to check whether we
** should turn off those "negative" requests.
** Currently these are only SMFIP_NODATA and SMFIP_NOUNKNOWN.
*/
if (bitset(SMFIP_NODATA, ctx->ctx_pflags2mta) &&
!bitset(SMFIP_NODATA, ctx->ctx_mta_pflags))
ctx->ctx_pflags2mta &= ~SMFIP_NODATA;
if (bitset(SMFIP_NOUNKNOWN, ctx->ctx_pflags2mta) &&
!bitset(SMFIP_NOUNKNOWN, ctx->ctx_mta_pflags))
ctx->ctx_pflags2mta &= ~SMFIP_NOUNKNOWN;
i = ctx->ctx_pflags2mta;
}
if ((ctx->ctx_mta_pflags & i) != i)
{
smi_log(SMI_LOG_ERR,
"%s: st_optionneg[%ld]: 0x%lx does not fulfill protocol requirements 0x%x",
ctx->ctx_smfi->xxfi_name,
(long) ctx->ctx_id, ctx->ctx_mta_pflags, i);
return _SMFIS_ABORT;
}
fix_stm(ctx);
if (ctx->ctx_dbg > 3)
sm_dprintf("[%lu] milter_negotiate:"
" mta_actions=0x%lx, mta_flags=0x%lx"
" actions=0x%lx, flags=0x%lx\n"
, (long) ctx->ctx_id
, ctx->ctx_mta_aflags, ctx->ctx_mta_pflags
, ctx->ctx_aflags, ctx->ctx_pflags);
#if _FFR_MILTER_CHECK
if (ctx->ctx_dbg > 3)
sm_dprintf("[%lu] milter_negotiate:"
" testmode=%d, pflags2mta=%X, internal_pflags=%X\n"
, (long) ctx->ctx_id, testmode
, ctx->ctx_pflags2mta, internal_pflags);
/* in test mode: take flags without further modifications */
if (!testmode)
/* Warning: check statement below! */
#endif /* _FFR_MILTER_CHECK */
/*
** Remove the internal flags that might have been set by a milter
** and set only those determined above.
*/
ctx->ctx_pflags2mta = (ctx->ctx_pflags2mta & ~SMFI_INTERNAL)
| internal_pflags;
return _SMFIS_OPTIONS;
}
/*
** ST_CONNECTINFO -- receive connection information
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
*/
static int
st_connectinfo(g)
genarg *g;
{
size_t l;
size_t i;
char *s, family;
unsigned short port = 0;
_SOCK_ADDR sockaddr;
sfsistat (*fi_connect) __P((SMFICTX *, char *, _SOCK_ADDR *));
if (g == NULL)
return _SMFIS_ABORT;
mi_clr_macros(g->a_ctx, g->a_idx + 1);
if (g->a_ctx->ctx_smfi == NULL ||
(fi_connect = g->a_ctx->ctx_smfi->xxfi_connect) == NULL)
return SMFIS_CONTINUE;
s = g->a_buf;
i = 0;
l = g->a_len;
- while (s[i] != '\0' && i <= l)
+ while (i <= l && s[i] != '\0')
++i;
if (i + 1 >= l)
return _SMFIS_ABORT;
/* Move past trailing \0 in host string */
i++;
family = s[i++];
(void) memset(&sockaddr, '\0', sizeof sockaddr);
if (family != SMFIA_UNKNOWN)
{
if (i + sizeof port >= l)
{
smi_log(SMI_LOG_ERR,
"%s: connect[%ld]: wrong len %d >= %d",
g->a_ctx->ctx_smfi->xxfi_name,
(long) g->a_ctx->ctx_id, (int) i, (int) l);
return _SMFIS_ABORT;
}
(void) memcpy((void *) &port, (void *) (s + i),
sizeof port);
i += sizeof port;
/* make sure string is terminated */
if (s[l - 1] != '\0')
return _SMFIS_ABORT;
# if NETINET
if (family == SMFIA_INET)
{
if (inet_aton(s + i, (struct in_addr *) &sockaddr.sin.sin_addr)
!= 1)
{
smi_log(SMI_LOG_ERR,
"%s: connect[%ld]: inet_aton failed",
g->a_ctx->ctx_smfi->xxfi_name,
(long) g->a_ctx->ctx_id);
return _SMFIS_ABORT;
}
sockaddr.sa.sa_family = AF_INET;
if (port > 0)
sockaddr.sin.sin_port = port;
}
else
# endif /* NETINET */
# if NETINET6
if (family == SMFIA_INET6)
{
if (mi_inet_pton(AF_INET6, s + i,
&sockaddr.sin6.sin6_addr) != 1)
{
smi_log(SMI_LOG_ERR,
"%s: connect[%ld]: mi_inet_pton failed",
g->a_ctx->ctx_smfi->xxfi_name,
(long) g->a_ctx->ctx_id);
return _SMFIS_ABORT;
}
sockaddr.sa.sa_family = AF_INET6;
if (port > 0)
sockaddr.sin6.sin6_port = port;
}
else
# endif /* NETINET6 */
# if NETUNIX
if (family == SMFIA_UNIX)
{
if (sm_strlcpy(sockaddr.sunix.sun_path, s + i,
sizeof sockaddr.sunix.sun_path) >=
sizeof sockaddr.sunix.sun_path)
{
smi_log(SMI_LOG_ERR,
"%s: connect[%ld]: path too long",
g->a_ctx->ctx_smfi->xxfi_name,
(long) g->a_ctx->ctx_id);
return _SMFIS_ABORT;
}
sockaddr.sunix.sun_family = AF_UNIX;
}
else
# endif /* NETUNIX */
{
smi_log(SMI_LOG_ERR,
"%s: connect[%ld]: unknown family %d",
g->a_ctx->ctx_smfi->xxfi_name,
(long) g->a_ctx->ctx_id, family);
return _SMFIS_ABORT;
}
}
return (*fi_connect)(g->a_ctx, g->a_buf,
family != SMFIA_UNKNOWN ? &sockaddr : NULL);
}
/*
** ST_EOH -- end of headers
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
*/
static int
st_eoh(g)
genarg *g;
{
sfsistat (*fi_eoh) __P((SMFICTX *));
if (g == NULL)
return _SMFIS_ABORT;
if (g->a_ctx->ctx_smfi != NULL &&
(fi_eoh = g->a_ctx->ctx_smfi->xxfi_eoh) != NULL)
return (*fi_eoh)(g->a_ctx);
return SMFIS_CONTINUE;
}
/*
** ST_DATA -- DATA command
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
*/
static int
st_data(g)
genarg *g;
{
sfsistat (*fi_data) __P((SMFICTX *));
if (g == NULL)
return _SMFIS_ABORT;
if (g->a_ctx->ctx_smfi != NULL &&
g->a_ctx->ctx_smfi->xxfi_version > 3 &&
(fi_data = g->a_ctx->ctx_smfi->xxfi_data) != NULL)
return (*fi_data)(g->a_ctx);
return SMFIS_CONTINUE;
}
/*
** ST_HELO -- helo/ehlo command
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
*/
static int
st_helo(g)
genarg *g;
{
sfsistat (*fi_helo) __P((SMFICTX *, char *));
if (g == NULL)
return _SMFIS_ABORT;
mi_clr_macros(g->a_ctx, g->a_idx + 1);
if (g->a_ctx->ctx_smfi != NULL &&
(fi_helo = g->a_ctx->ctx_smfi->xxfi_helo) != NULL)
{
/* paranoia: check for terminating '\0' */
if (g->a_len == 0 || g->a_buf[g->a_len - 1] != '\0')
return MI_FAILURE;
return (*fi_helo)(g->a_ctx, g->a_buf);
}
return SMFIS_CONTINUE;
}
/*
** ST_HEADER -- header line
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
*/
static int
st_header(g)
genarg *g;
{
char *hf, *hv;
sfsistat (*fi_header) __P((SMFICTX *, char *, char *));
if (g == NULL)
return _SMFIS_ABORT;
if (g->a_ctx->ctx_smfi == NULL ||
(fi_header = g->a_ctx->ctx_smfi->xxfi_header) == NULL)
return SMFIS_CONTINUE;
if (dec_arg2(g->a_buf, g->a_len, &hf, &hv) == MI_SUCCESS)
return (*fi_header)(g->a_ctx, hf, hv);
else
return _SMFIS_ABORT;
}
#define ARGV_FCT(lf, rf, idx) \
char **argv; \
sfsistat (*lf) __P((SMFICTX *, char **)); \
int r; \
\
if (g == NULL) \
return _SMFIS_ABORT; \
mi_clr_macros(g->a_ctx, g->a_idx + 1); \
if (g->a_ctx->ctx_smfi == NULL || \
(lf = g->a_ctx->ctx_smfi->rf) == NULL) \
return SMFIS_CONTINUE; \
if ((argv = dec_argv(g->a_buf, g->a_len)) == NULL) \
return _SMFIS_ABORT; \
r = (*lf)(g->a_ctx, argv); \
free(argv); \
return r;
/*
** ST_SENDER -- MAIL FROM command
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
*/
static int
st_sender(g)
genarg *g;
{
ARGV_FCT(fi_envfrom, xxfi_envfrom, CI_MAIL)
}
/*
** ST_RCPT -- RCPT TO command
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
*/
static int
st_rcpt(g)
genarg *g;
{
ARGV_FCT(fi_envrcpt, xxfi_envrcpt, CI_RCPT)
}
/*
** ST_UNKNOWN -- unrecognized or unimplemented command
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
*/
static int
st_unknown(g)
genarg *g;
{
sfsistat (*fi_unknown) __P((SMFICTX *, const char *));
if (g == NULL)
return _SMFIS_ABORT;
if (g->a_ctx->ctx_smfi != NULL &&
g->a_ctx->ctx_smfi->xxfi_version > 2 &&
(fi_unknown = g->a_ctx->ctx_smfi->xxfi_unknown) != NULL)
return (*fi_unknown)(g->a_ctx, (const char *) g->a_buf);
return SMFIS_CONTINUE;
}
/*
** ST_MACROS -- deal with macros received from the MTA
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue/keep
**
** Side effects:
** set pointer in macro array to current values.
*/
static int
st_macros(g)
genarg *g;
{
int i;
char **argv;
if (g == NULL || g->a_len < 1)
return _SMFIS_FAIL;
if ((argv = dec_argv(g->a_buf + 1, g->a_len - 1)) == NULL)
return _SMFIS_FAIL;
switch (g->a_buf[0])
{
case SMFIC_CONNECT:
i = CI_CONN;
break;
case SMFIC_HELO:
i = CI_HELO;
break;
case SMFIC_MAIL:
i = CI_MAIL;
break;
case SMFIC_RCPT:
i = CI_RCPT;
break;
case SMFIC_DATA:
i = CI_DATA;
break;
case SMFIC_BODYEOB:
i = CI_EOM;
break;
case SMFIC_EOH:
i = CI_EOH;
break;
default:
free(argv);
return _SMFIS_FAIL;
}
if (g->a_ctx->ctx_mac_ptr[i] != NULL)
free(g->a_ctx->ctx_mac_ptr[i]);
if (g->a_ctx->ctx_mac_buf[i] != NULL)
free(g->a_ctx->ctx_mac_buf[i]);
g->a_ctx->ctx_mac_ptr[i] = argv;
g->a_ctx->ctx_mac_buf[i] = g->a_buf;
return _SMFIS_KEEP;
}
/*
** ST_QUIT -- quit command
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** noreply
*/
/* ARGSUSED */
static int
st_quit(g)
genarg *g;
{
sfsistat (*fi_close) __P((SMFICTX *));
if (g == NULL)
return _SMFIS_ABORT;
if (g->a_ctx->ctx_smfi != NULL &&
(fi_close = g->a_ctx->ctx_smfi->xxfi_close) != NULL)
(void) (*fi_close)(g->a_ctx);
mi_clr_macros(g->a_ctx, 0);
return _SMFIS_NOREPLY;
}
/*
** ST_BODYCHUNK -- deal with a piece of the mail body
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
*/
static int
st_bodychunk(g)
genarg *g;
{
sfsistat (*fi_body) __P((SMFICTX *, unsigned char *, size_t));
if (g == NULL)
return _SMFIS_ABORT;
if (g->a_ctx->ctx_smfi != NULL &&
(fi_body = g->a_ctx->ctx_smfi->xxfi_body) != NULL)
return (*fi_body)(g->a_ctx, (unsigned char *)g->a_buf,
g->a_len);
return SMFIS_CONTINUE;
}
/*
** ST_BODYEND -- deal with the last piece of the mail body
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** continue or filter-specified value
**
** Side effects:
** sends a reply for the body part (if non-empty).
*/
static int
st_bodyend(g)
genarg *g;
{
sfsistat r;
sfsistat (*fi_body) __P((SMFICTX *, unsigned char *, size_t));
sfsistat (*fi_eom) __P((SMFICTX *));
if (g == NULL)
return _SMFIS_ABORT;
r = SMFIS_CONTINUE;
if (g->a_ctx->ctx_smfi != NULL)
{
if ((fi_body = g->a_ctx->ctx_smfi->xxfi_body) != NULL &&
g->a_len > 0)
{
socket_t sd;
struct timeval timeout;
timeout.tv_sec = g->a_ctx->ctx_timeout;
timeout.tv_usec = 0;
sd = g->a_ctx->ctx_sd;
r = (*fi_body)(g->a_ctx, (unsigned char *)g->a_buf,
g->a_len);
if (r != SMFIS_CONTINUE &&
sendreply(r, sd, &timeout, g->a_ctx) != MI_SUCCESS)
return _SMFIS_ABORT;
}
}
if (r == SMFIS_CONTINUE &&
(fi_eom = g->a_ctx->ctx_smfi->xxfi_eom) != NULL)
return (*fi_eom)(g->a_ctx);
return r;
}
/*
** ST_ABORTFCT -- deal with aborts
**
** Parameters:
** g -- generic argument structure
**
** Returns:
** abort or filter-specified value
*/
static int
st_abortfct(g)
genarg *g;
{
sfsistat (*fi_abort) __P((SMFICTX *));
if (g == NULL)
return _SMFIS_ABORT;
if (g != NULL && g->a_ctx->ctx_smfi != NULL &&
(fi_abort = g->a_ctx->ctx_smfi->xxfi_abort) != NULL)
(void) (*fi_abort)(g->a_ctx);
return _SMFIS_NOREPLY;
}
/*
** TRANS_OK -- is the state transition ok?
**
** Parameters:
** old -- old state
** new -- new state
**
** Returns:
** state transition ok
*/
static bool
trans_ok(old, new)
int old, new;
{
int s, n;
s = old;
if (s >= SIZE_NEXT_STATES)
return false;
do
{
/* is this state transition allowed? */
if ((MI_MASK(new) & next_states[s]) != 0)
return true;
/*
** no: try next state;
** this works since the relevant states are ordered
** strict sequentially
*/
n = s + 1;
if (n >= SIZE_NEXT_STATES)
return false;
/*
** can we actually "skip" this state?
** see fix_stm() which sets this bit for those
** states which the filter program is not interested in
*/
if (bitset(NX_SKIP, next_states[n]))
s = n;
else
return false;
} while (s < SIZE_NEXT_STATES);
return false;
}
/*
** FIX_STM -- add "skip" bits to the state transition table
**
** Parameters:
** ctx -- context structure
**
** Returns:
** None.
**
** Side effects:
** may change state transition table.
*/
static void
fix_stm(ctx)
SMFICTX_PTR ctx;
{
unsigned long fl;
if (ctx == NULL || ctx->ctx_smfi == NULL)
return;
fl = ctx->ctx_pflags;
if (bitset(SMFIP_NOCONNECT, fl))
next_states[ST_CONN] |= NX_SKIP;
if (bitset(SMFIP_NOHELO, fl))
next_states[ST_HELO] |= NX_SKIP;
if (bitset(SMFIP_NOMAIL, fl))
next_states[ST_MAIL] |= NX_SKIP;
if (bitset(SMFIP_NORCPT, fl))
next_states[ST_RCPT] |= NX_SKIP;
if (bitset(SMFIP_NOHDRS, fl))
next_states[ST_HDRS] |= NX_SKIP;
if (bitset(SMFIP_NOEOH, fl))
next_states[ST_EOHS] |= NX_SKIP;
if (bitset(SMFIP_NOBODY, fl))
next_states[ST_BODY] |= NX_SKIP;
if (bitset(SMFIP_NODATA, fl))
next_states[ST_DATA] |= NX_SKIP;
if (bitset(SMFIP_NOUNKNOWN, fl))
next_states[ST_UNKN] |= NX_SKIP;
}
/*
** DEC_ARGV -- split a buffer into a list of strings, NULL terminated
**
** Parameters:
** buf -- buffer with several strings
** len -- length of buffer
**
** Returns:
** array of pointers to the individual strings
*/
static char **
dec_argv(buf, len)
char *buf;
size_t len;
{
char **s;
size_t i;
int elem, nelem;
nelem = 0;
for (i = 0; i < len; i++)
{
if (buf[i] == '\0')
++nelem;
}
if (nelem == 0)
return NULL;
/* last entry is only for the name */
s = (char **)malloc((nelem + 1) * (sizeof *s));
if (s == NULL)
return NULL;
s[0] = buf;
for (i = 0, elem = 0; i < len && elem < nelem; i++)
{
if (buf[i] == '\0')
{
++elem;
if (i + 1 >= len)
s[elem] = NULL;
else
s[elem] = &(buf[i + 1]);
}
}
/* overwrite last entry (already done above, just paranoia) */
s[elem] = NULL;
return s;
}
/*
** DEC_ARG2 -- split a buffer into two strings
**
** Parameters:
** buf -- buffer with two strings
** len -- length of buffer
** s1,s2 -- pointer to result strings
**
** Returns:
** MI_FAILURE/MI_SUCCESS
*/
static int
dec_arg2(buf, len, s1, s2)
char *buf;
size_t len;
char **s1;
char **s2;
{
size_t i;
/* paranoia: check for terminating '\0' */
if (len == 0 || buf[len - 1] != '\0')
return MI_FAILURE;
*s1 = buf;
for (i = 1; i < len && buf[i] != '\0'; i++)
continue;
if (i >= len - 1)
return MI_FAILURE;
*s2 = buf + i + 1;
return MI_SUCCESS;
}
/*
** MI_SENDOK -- is it ok for the filter to send stuff to the MTA?
**
** Parameters:
** ctx -- context structure
** flag -- flag to check
**
** Returns:
** sending allowed (in current state)
*/
bool
mi_sendok(ctx, flag)
SMFICTX_PTR ctx;
int flag;
{
if (ctx == NULL || ctx->ctx_smfi == NULL)
return false;
/* did the milter request this operation? */
if (flag != 0 && !bitset(flag, ctx->ctx_aflags))
return false;
/* are we in the correct state? It must be "End of Message". */
return ctx->ctx_state == ST_ENDM;
}
#if _FFR_WORKERS_POOL
/*
** MI_RD_SOCKET_READY - checks if the socket is ready for read(2)
**
** Parameters:
** sd -- socket_t
**
** Returns:
** true iff socket is ready for read(2)
*/
#define MI_RD_CMD_TO 1
#define MI_RD_MAX_ERR 16
static bool
mi_rd_socket_ready (sd)
socket_t sd;
{
int n;
int nerr = 0;
#if SM_CONF_POLL
struct pollfd pfd;
-#else /* SM_CONF_POLL */
+#else
fd_set rd_set, exc_set;
-#endif /* SM_CONF_POLL */
+#endif
do
{
#if SM_CONF_POLL
pfd.fd = sd;
pfd.events = POLLIN;
pfd.revents = 0;
n = poll(&pfd, 1, MI_RD_CMD_TO);
#else /* SM_CONF_POLL */
struct timeval timeout;
FD_ZERO(&rd_set);
FD_ZERO(&exc_set);
FD_SET(sd, &rd_set);
FD_SET(sd, &exc_set);
timeout.tv_sec = MI_RD_CMD_TO / 1000;
timeout.tv_usec = 0;
n = select(sd + 1, &rd_set, NULL, &exc_set, &timeout);
#endif /* SM_CONF_POLL */
if (n < 0)
{
if (errno == EINTR)
{
nerr++;
continue;
}
return true;
}
if (n == 0)
return false;
break;
} while (nerr < MI_RD_MAX_ERR);
if (nerr >= MI_RD_MAX_ERR)
return false;
#if SM_CONF_POLL
return (pfd.revents != 0);
-#else /* SM_CONF_POLL */
+#else
return FD_ISSET(sd, &rd_set) || FD_ISSET(sd, &exc_set);
-#endif /* SM_CONF_POLL */
+#endif
}
#endif /* _FFR_WORKERS_POOL */
diff --git a/libmilter/example.c b/libmilter/example.c
index f078eb7ba304..e0fef80b6d4e 100644
--- a/libmilter/example.c
+++ b/libmilter/example.c
@@ -1,298 +1,298 @@
/*
* Copyright (c) 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: example.c,v 8.5 2013-11-22 20:51:36 ca Exp $
*/
/*
** A trivial example filter that logs all email to a file.
** This milter also has some callbacks which it does not really use,
** but they are defined to serve as an example.
*/
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sysexits.h>
#include <unistd.h>
#include "libmilter/mfapi.h"
#include "libmilter/mfdef.h"
#ifndef true
# define false 0
# define true 1
-#endif /* ! true */
+#endif
struct mlfiPriv
{
char *mlfi_fname;
FILE *mlfi_fp;
};
#define MLFIPRIV ((struct mlfiPriv *) smfi_getpriv(ctx))
static unsigned long mta_caps = 0;
sfsistat
mlfi_cleanup(ctx, ok)
SMFICTX *ctx;
bool ok;
{
sfsistat rstat = SMFIS_CONTINUE;
struct mlfiPriv *priv = MLFIPRIV;
char *p;
char host[512];
char hbuf[1024];
if (priv == NULL)
return rstat;
/* close the archive file */
if (priv->mlfi_fp != NULL && fclose(priv->mlfi_fp) == EOF)
{
/* failed; we have to wait until later */
rstat = SMFIS_TEMPFAIL;
(void) unlink(priv->mlfi_fname);
}
else if (ok)
{
/* add a header to the message announcing our presence */
if (gethostname(host, sizeof host) < 0)
snprintf(host, sizeof host, "localhost");
p = strrchr(priv->mlfi_fname, '/');
if (p == NULL)
p = priv->mlfi_fname;
else
p++;
snprintf(hbuf, sizeof hbuf, "%s@%s", p, host);
smfi_addheader(ctx, "X-Archived", hbuf);
}
else
{
/* message was aborted -- delete the archive file */
(void) unlink(priv->mlfi_fname);
}
/* release private memory */
free(priv->mlfi_fname);
free(priv);
smfi_setpriv(ctx, NULL);
/* return status */
return rstat;
}
sfsistat
mlfi_envfrom(ctx, envfrom)
SMFICTX *ctx;
char **envfrom;
{
struct mlfiPriv *priv;
int fd = -1;
/* allocate some private memory */
priv = malloc(sizeof *priv);
if (priv == NULL)
{
/* can't accept this message right now */
return SMFIS_TEMPFAIL;
}
memset(priv, '\0', sizeof *priv);
/* open a file to store this message */
priv->mlfi_fname = strdup("/tmp/msg.XXXXXXXX");
if (priv->mlfi_fname == NULL)
{
free(priv);
return SMFIS_TEMPFAIL;
}
if ((fd = mkstemp(priv->mlfi_fname)) < 0 ||
(priv->mlfi_fp = fdopen(fd, "w+")) == NULL)
{
if (fd >= 0)
(void) close(fd);
free(priv->mlfi_fname);
free(priv);
return SMFIS_TEMPFAIL;
}
/* save the private data */
smfi_setpriv(ctx, priv);
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
mlfi_header(ctx, headerf, headerv)
SMFICTX *ctx;
char *headerf;
char *headerv;
{
/* write the header to the log file */
fprintf(MLFIPRIV->mlfi_fp, "%s: %s\r\n", headerf, headerv);
/* continue processing */
return ((mta_caps & SMFIP_NR_HDR) != 0)
? SMFIS_NOREPLY : SMFIS_CONTINUE;
}
sfsistat
mlfi_eoh(ctx)
SMFICTX *ctx;
{
/* output the blank line between the header and the body */
fprintf(MLFIPRIV->mlfi_fp, "\r\n");
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
mlfi_body(ctx, bodyp, bodylen)
SMFICTX *ctx;
u_char *bodyp;
size_t bodylen;
{
/* output body block to log file */
if (fwrite(bodyp, bodylen, 1, MLFIPRIV->mlfi_fp) <= 0)
{
/* write failed */
(void) mlfi_cleanup(ctx, false);
return SMFIS_TEMPFAIL;
}
/* continue processing */
return SMFIS_CONTINUE;
}
sfsistat
mlfi_eom(ctx)
SMFICTX *ctx;
{
return mlfi_cleanup(ctx, true);
}
sfsistat
mlfi_close(ctx)
SMFICTX *ctx;
{
return SMFIS_ACCEPT;
}
sfsistat
mlfi_abort(ctx)
SMFICTX *ctx;
{
return mlfi_cleanup(ctx, false);
}
sfsistat
mlfi_unknown(ctx, cmd)
SMFICTX *ctx;
char *cmd;
{
return SMFIS_CONTINUE;
}
sfsistat
mlfi_data(ctx)
SMFICTX *ctx;
{
return SMFIS_CONTINUE;
}
sfsistat
mlfi_negotiate(ctx, f0, f1, f2, f3, pf0, pf1, pf2, pf3)
SMFICTX *ctx;
unsigned long f0;
unsigned long f1;
unsigned long f2;
unsigned long f3;
unsigned long *pf0;
unsigned long *pf1;
unsigned long *pf2;
unsigned long *pf3;
{
/* milter actions: add headers */
*pf0 = SMFIF_ADDHDRS;
/* milter protocol steps: all but connect, HELO, RCPT */
*pf1 = SMFIP_NOCONNECT|SMFIP_NOHELO|SMFIP_NORCPT;
mta_caps = f1;
if ((mta_caps & SMFIP_NR_HDR) != 0)
*pf1 |= SMFIP_NR_HDR;
*pf2 = 0;
*pf3 = 0;
return SMFIS_CONTINUE;
}
struct smfiDesc smfilter =
{
"SampleFilter", /* filter name */
SMFI_VERSION, /* version code -- do not change */
SMFIF_ADDHDRS, /* flags */
NULL, /* connection info filter */
NULL, /* SMTP HELO command filter */
mlfi_envfrom, /* envelope sender filter */
NULL, /* envelope recipient filter */
mlfi_header, /* header filter */
mlfi_eoh, /* end of header */
mlfi_body, /* body block filter */
mlfi_eom, /* end of message */
mlfi_abort, /* message aborted */
mlfi_close, /* connection cleanup */
mlfi_unknown, /* unknown/unimplemented SMTP commands */
mlfi_data, /* DATA command filter */
mlfi_negotiate /* option negotiation at connection startup */
};
int
main(argc, argv)
int argc;
char *argv[];
{
bool setconn;
int c;
setconn = false;
/* Process command line options */
while ((c = getopt(argc, argv, "p:")) != -1)
{
switch (c)
{
case 'p':
if (optarg == NULL || *optarg == '\0')
{
(void) fprintf(stderr, "Illegal conn: %s\n",
optarg);
exit(EX_USAGE);
}
(void) smfi_setconn(optarg);
setconn = true;
break;
}
}
if (!setconn)
{
fprintf(stderr, "%s: Missing required -p argument\n", argv[0]);
exit(EX_USAGE);
}
if (smfi_register(smfilter) == MI_FAILURE)
{
fprintf(stderr, "smfi_register failed\n");
exit(EX_UNAVAILABLE);
}
return smfi_main();
}
diff --git a/libmilter/handler.c b/libmilter/handler.c
index 7622839d65e4..17ee7f8dac0a 100644
--- a/libmilter/handler.c
+++ b/libmilter/handler.c
@@ -1,50 +1,50 @@
/*
* Copyright (c) 1999-2003, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: handler.c,v 8.40 2013-11-22 20:51:36 ca Exp $")
#include "libmilter.h"
#if !_FFR_WORKERS_POOL
/*
** MI_HANDLE_SESSION -- Handle a connected session in its own context
**
** Parameters:
** ctx -- context structure
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
mi_handle_session(ctx)
SMFICTX_PTR ctx;
{
int ret;
if (ctx == NULL)
return MI_FAILURE;
ctx->ctx_id = (sthread_t) sthread_get_id();
/*
- ** Detach so resources are free when the thread returns.
+ ** Detach so resources are freed when the thread returns.
** If we ever "wait" for threads, this call must be removed.
*/
if (pthread_detach(ctx->ctx_id) != 0)
ret = MI_FAILURE;
else
ret = mi_engine(ctx);
mi_clr_ctx(ctx);
ctx = NULL;
return ret;
}
#endif /* !_FFR_WORKERS_POOL */
diff --git a/libmilter/libmilter.h b/libmilter/libmilter.h
index 3c572ec9a9e8..f9fe38ca4a9f 100644
--- a/libmilter/libmilter.h
+++ b/libmilter/libmilter.h
@@ -1,335 +1,335 @@
/*
* Copyright (c) 1999-2003, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
/*
** LIBMILTER.H -- include file for mail filter library functions
*/
#ifndef _LIBMILTER_H
# define _LIBMILTER_H 1
#include <sm/gen.h>
#ifdef _DEFINE
# define EXTERN
# define INIT(x) = x
SM_IDSTR(MilterlId, "@(#)$Id: libmilter.h,v 8.78 2013-11-22 20:51:36 ca Exp $")
-#else /* _DEFINE */
+#else
# define EXTERN extern
# define INIT(x)
-#endif /* _DEFINE */
+#endif
#include "sm/tailq.h"
#define NOT_SENDMAIL 1
#define _SOCK_ADDR union bigsockaddr
#include "sendmail.h"
#ifdef SM_ASSERT
#undef SM_ASSERT
#endif
#ifndef SM_ASSERT
#include <assert.h>
#define SM_ASSERT(x) assert(x)
#endif
#include "libmilter/milter.h"
#define MAX_MACROS_ENTRIES 7 /* max size of macro pointer array */
typedef SM_TAILQ_HEAD(, smfi_str) smfi_hd_T;
typedef struct smfi_str smfi_str_S;
/*
** Context for one milter session.
**
** Notes:
** There is a 1-1 correlation between a sendmail SMTP server process,
** an SMTP session, and an milter context. Due to the nature of SMTP
** session handling in sendmail 8, this libmilter implementation deals
** only with a single SMTP session per MTA - libmilter connection.
**
** There is no "global" context for libmilter, global variables are
** just that (they are not "collected" in a context).
**
** Implementation hint:
** macros are stored in mac_buf[] as sequence of:
** macro_name \0 macro_value
** (just as read from the MTA)
** mac_ptr is a list of pointers into mac_buf to the beginning of each
** entry, i.e., macro_name, macro_value, ...
*/
struct smfi_str
{
sthread_t ctx_id; /* thread id */
socket_t ctx_sd; /* socket descriptor */
int ctx_dbg; /* debug level */
time_t ctx_timeout; /* timeout */
int ctx_state; /* state */
smfiDesc_ptr ctx_smfi; /* filter description */
int ctx_prot_vers; /* libmilter protocol version */
unsigned long ctx_aflags; /* milter action flags */
unsigned long ctx_pflags; /* milter protocol flags */
/*
** milter protocol flags that are sent to the MTA;
** this is the same as ctx_pflags except for those flags that
** are not offered by the MTA but emulated in libmilter.
*/
unsigned long ctx_pflags2mta;
/*
** milter protocol version that is sent to the MTA;
** this is the same as ctx_prot_vers unless the
** MTA protocol version (ctx_mta_prot_vers) is smaller
** but still "acceptable".
*/
int ctx_prot_vers2mta;
char **ctx_mac_ptr[MAX_MACROS_ENTRIES];
char *ctx_mac_buf[MAX_MACROS_ENTRIES];
char *ctx_mac_list[MAX_MACROS_ENTRIES];
char *ctx_reply; /* reply code */
void *ctx_privdata; /* private data */
int ctx_mta_prot_vers; /* MTA protocol version */
unsigned long ctx_mta_pflags; /* MTA protocol flags */
unsigned long ctx_mta_aflags; /* MTA action flags */
#if _FFR_THREAD_MONITOR
time_t ctx_start; /* start time of thread */
SM_TAILQ_ENTRY(smfi_str) ctx_mon_link;
-#endif /* _FFR_THREAD_MONITOR */
+#endif
#if _FFR_WORKERS_POOL
long ctx_sid; /* session identifier */
int ctx_wstate; /* state of the session (worker pool) */
int ctx_wait; /* elapsed time waiting for sm cmd */
SM_TAILQ_ENTRY(smfi_str) ctx_link;
#endif /* _FFR_WORKERS_POOL */
};
# define ValidSocket(sd) ((sd) >= 0)
# define INVALID_SOCKET (-1)
# define closesocket close
# define MI_SOCK_READ(s, b, l) read(s, b, l)
# define MI_SOCK_READ_FAIL(x) ((x) < 0)
# define MI_SOCK_WRITE(s, b, l) write(s, b, l)
# define thread_create(ptid,wr,arg) pthread_create(ptid, NULL, wr, arg)
# define sthread_get_id() pthread_self()
typedef pthread_mutex_t smutex_t;
# define smutex_init(mp) (pthread_mutex_init(mp, NULL) == 0)
# define smutex_destroy(mp) (pthread_mutex_destroy(mp) == 0)
# define smutex_lock(mp) (pthread_mutex_lock(mp) == 0)
# define smutex_unlock(mp) (pthread_mutex_unlock(mp) == 0)
# define smutex_trylock(mp) (pthread_mutex_trylock(mp) == 0)
#if _FFR_WORKERS_POOL
/* SM_CONF_POLL shall be defined with _FFR_WORKERS_POOL */
# if !SM_CONF_POLL
# define SM_CONF_POLL 1
-# endif /* SM_CONF_POLL */
+# endif
#endif /* _FFR_WORKERS_POOL */
typedef pthread_cond_t scond_t;
#define scond_init(cp) pthread_cond_init(cp, NULL)
#define scond_destroy(cp) pthread_cond_destroy(cp)
#define scond_wait(cp, mp) pthread_cond_wait(cp, mp)
#define scond_signal(cp) pthread_cond_signal(cp)
#define scond_broadcast(cp) pthread_cond_broadcast(cp)
#define scond_timedwait(cp, mp, to) \
do \
{ \
struct timespec timeout; \
struct timeval now; \
gettimeofday(&now, NULL); \
timeout.tv_sec = now.tv_sec + to; \
timeout.tv_nsec = now.tv_usec / 1000; \
r = pthread_cond_timedwait(cp,mp,&timeout); \
if (r != 0 && r != ETIMEDOUT) \
smi_log(SMI_LOG_ERR, \
"pthread_cond_timedwait error %d", r); \
} while (0)
#if SM_CONF_POLL
# include <poll.h>
# define MI_POLLSELECT "poll"
# define MI_POLL_RD_FLAGS (POLLIN | POLLPRI)
# define MI_POLL_WR_FLAGS (POLLOUT)
-# define MI_MS(timeout) (((timeout)->tv_sec * 1000) + (timeout)->tv_usec)
+# define MI_MS(timeout) (((timeout)->tv_sec * 1000) + (((timeout)->tv_usec) / 1000))
# define FD_RD_VAR(rds, excs) struct pollfd rds
# define FD_WR_VAR(wrs) struct pollfd wrs
# define FD_RD_INIT(sd, rds, excs) \
(rds).fd = (sd); \
(rds).events = MI_POLL_RD_FLAGS; \
(rds).revents = 0
# define FD_WR_INIT(sd, wrs) \
(wrs).fd = (sd); \
(wrs).events = MI_POLL_WR_FLAGS; \
(wrs).revents = 0
# define FD_IS_RD_EXC(sd, rds, excs) \
(((rds).revents & (POLLERR | POLLHUP | POLLNVAL)) != 0)
# define FD_IS_WR_RDY(sd, wrs) \
(((wrs).revents & MI_POLL_WR_FLAGS) != 0)
# define FD_IS_RD_RDY(sd, rds, excs) \
(((rds).revents & MI_POLL_RD_FLAGS) != 0)
-# define FD_WR_READY(sd, excs, timeout) \
+# define FD_WR_READY(sd, wrs, timeout) \
poll(&(wrs), 1, MI_MS(timeout))
# define FD_RD_READY(sd, rds, excs, timeout) \
poll(&(rds), 1, MI_MS(timeout))
#else /* SM_CONF_POLL */
# include <sm/fdset.h>
# define MI_POLLSELECT "select"
# define FD_RD_VAR(rds, excs) fd_set rds, excs
# define FD_WR_VAR(wrs) fd_set wrs
# define FD_RD_INIT(sd, rds, excs) \
FD_ZERO(&(rds)); \
FD_SET((unsigned int) (sd), &(rds)); \
FD_ZERO(&(excs)); \
FD_SET((unsigned int) (sd), &(excs))
# define FD_WR_INIT(sd, wrs) \
FD_ZERO(&(wrs)); \
FD_SET((unsigned int) (sd), &(wrs))
# define FD_IS_RD_EXC(sd, rds, excs) FD_ISSET(sd, &(excs))
# define FD_IS_WR_RDY(sd, wrs) FD_ISSET((sd), &(wrs))
# define FD_IS_RD_RDY(sd, rds, excs) FD_ISSET((sd), &(rds))
# define FD_WR_READY(sd, wrs, timeout) \
select((sd) + 1, NULL, &(wrs), NULL, (timeout))
# define FD_RD_READY(sd, rds, excs, timeout) \
select((sd) + 1, &(rds), NULL, &(excs), (timeout))
#endif /* SM_CONF_POLL */
#include <sys/time.h>
/* some defaults */
#define MI_TIMEOUT 7210 /* default timeout for read/write */
#define MI_CHK_TIME 5 /* checking whether to terminate */
#ifndef MI_SOMAXCONN
# if SOMAXCONN > 20
# define MI_SOMAXCONN SOMAXCONN
-# else /* SOMAXCONN */
+# else
# define MI_SOMAXCONN 20
-# endif /* SOMAXCONN */
+# endif
#endif /* ! MI_SOMAXCONN */
/* maximum number of repeated failures in mi_listener() */
#define MAX_FAILS_M 16 /* malloc() */
#define MAX_FAILS_T 16 /* thread creation */
#define MAX_FAILS_A 16 /* accept() */
#define MAX_FAILS_S 16 /* select() */
/* internal "commands", i.e., error codes */
#define SMFIC_TIMEOUT ((char) 1) /* timeout */
#define SMFIC_SELECT ((char) 2) /* select error */
#define SMFIC_MALLOC ((char) 3) /* malloc error */
#define SMFIC_RECVERR ((char) 4) /* recv() error */
#define SMFIC_EOF ((char) 5) /* eof */
#define SMFIC_UNKNERR ((char) 6) /* unknown error */
#define SMFIC_TOOBIG ((char) 7) /* body chunk too big */
#define SMFIC_VALIDCMD ' ' /* first valid command */
/* hack */
#define smi_log syslog
#define sm_dprintf (void) printf
#define milter_ret int
#define SMI_LOG_ERR LOG_ERR
#define SMI_LOG_FATAL LOG_ERR
#define SMI_LOG_WARN LOG_WARNING
#define SMI_LOG_INFO LOG_INFO
#define SMI_LOG_DEBUG LOG_DEBUG
/* stop? */
#define MILTER_CONT 0
#define MILTER_STOP 1
#define MILTER_ABRT 2
/* functions */
extern int mi_handle_session __P((SMFICTX_PTR));
extern int mi_engine __P((SMFICTX_PTR));
extern int mi_listener __P((char *, int, smfiDesc_ptr, time_t, int));
extern void mi_clr_macros __P((SMFICTX_PTR, int));
extern void mi_clr_ctx __P((SMFICTX_PTR));
extern int mi_stop __P((void));
extern int mi_control_startup __P((char *));
extern void mi_stop_milters __P((int));
extern void mi_clean_signals __P((void));
extern struct hostent *mi_gethostbyname __P((char *, int));
extern int mi_inet_pton __P((int, const char *, void *));
extern void mi_closener __P((void));
extern int mi_opensocket __P((char *, int, int, bool, smfiDesc_ptr));
/* communication functions */
extern char *mi_rd_cmd __P((socket_t, struct timeval *, char *, size_t *, char *));
extern int mi_wr_cmd __P((socket_t, struct timeval *, int, char *, size_t));
extern bool mi_sendok __P((SMFICTX_PTR, int));
#if _FFR_THREAD_MONITOR
extern bool Monitor;
#define MI_MONITOR_INIT() mi_monitor_init()
#define MI_MONITOR_BEGIN(ctx, cmd) \
do \
{ \
if (Monitor) \
mi_monitor_work_begin(ctx, cmd);\
} while (0)
#define MI_MONITOR_END(ctx, cmd) \
do \
{ \
if (Monitor) \
mi_monitor_work_end(ctx, cmd); \
} while (0)
int mi_monitor_init __P((void));
int mi_monitor_work_begin __P((SMFICTX_PTR, int));
int mi_monitor_work_end __P((SMFICTX_PTR, int));
#else /* _FFR_THREAD_MONITOR */
#define MI_MONITOR_INIT() MI_SUCCESS
#define MI_MONITOR_BEGIN(ctx, cmd)
#define MI_MONITOR_END(ctx, cmd)
#endif /* _FFR_THREAD_MONITOR */
#if _FFR_WORKERS_POOL
extern int mi_pool_manager_init __P((void));
extern int mi_pool_controller_init __P((void));
extern int mi_start_session __P((SMFICTX_PTR));
#endif /* _FFR_WORKERS_POOL */
#endif /* ! _LIBMILTER_H */
diff --git a/libmilter/listener.c b/libmilter/listener.c
index 11d92bb09fdf..0468a6231cce 100644
--- a/libmilter/listener.c
+++ b/libmilter/listener.c
@@ -1,989 +1,989 @@
/*
* Copyright (c) 1999-2007 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: listener.c,v 8.127 2013-11-22 20:51:36 ca Exp $")
/*
** listener.c -- threaded network listener
*/
#include "libmilter.h"
#include <sm/errstring.h>
#include <sys/types.h>
#include <sys/stat.h>
# if NETINET || NETINET6
# include <arpa/inet.h>
-# endif /* NETINET || NETINET6 */
+# endif
# if SM_CONF_POLL
# undef SM_FD_OK_SELECT
# define SM_FD_OK_SELECT(fd) true
-# endif /* SM_CONF_POLL */
+# endif
static smutex_t L_Mutex;
static int L_family;
static SOCKADDR_LEN_T L_socksize;
static socket_t listenfd = INVALID_SOCKET;
static socket_t mi_milteropen __P((char *, int, bool, char *));
#if !_FFR_WORKERS_POOL
static void *mi_thread_handle_wrapper __P((void *));
-#endif /* !_FFR_WORKERS_POOL */
+#endif
/*
** MI_OPENSOCKET -- create the socket where this filter and the MTA will meet
**
** Parameters:
** conn -- connection description
** backlog -- listen backlog
** dbg -- debug level
** rmsocket -- if true, try to unlink() the socket first
** (UNIX domain sockets only)
** smfi -- filter structure to use
**
** Return value:
** MI_SUCCESS/MI_FAILURE
*/
int
mi_opensocket(conn, backlog, dbg, rmsocket, smfi)
char *conn;
int backlog;
int dbg;
bool rmsocket;
smfiDesc_ptr smfi;
{
if (smfi == NULL || conn == NULL)
return MI_FAILURE;
if (ValidSocket(listenfd))
return MI_SUCCESS;
if (dbg > 0)
{
smi_log(SMI_LOG_DEBUG,
"%s: Opening listen socket on conn %s",
smfi->xxfi_name, conn);
}
(void) smutex_init(&L_Mutex);
(void) smutex_lock(&L_Mutex);
listenfd = mi_milteropen(conn, backlog, rmsocket, smfi->xxfi_name);
if (!ValidSocket(listenfd))
{
smi_log(SMI_LOG_FATAL,
"%s: Unable to create listening socket on conn %s",
smfi->xxfi_name, conn);
(void) smutex_unlock(&L_Mutex);
return MI_FAILURE;
}
if (!SM_FD_OK_SELECT(listenfd))
{
smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d",
smfi->xxfi_name, listenfd, FD_SETSIZE);
(void) smutex_unlock(&L_Mutex);
return MI_FAILURE;
}
(void) smutex_unlock(&L_Mutex);
return MI_SUCCESS;
}
/*
** MI_MILTEROPEN -- setup socket to listen on
**
** Parameters:
** conn -- connection description
** backlog -- listen backlog
** rmsocket -- if true, try to unlink() the socket first
** (UNIX domain sockets only)
** name -- name for logging
**
** Returns:
** socket upon success, error code otherwise.
**
** Side effect:
** sets sockpath if UNIX socket.
*/
#if NETUNIX
static char *sockpath = NULL;
-#endif /* NETUNIX */
+#endif
static socket_t
mi_milteropen(conn, backlog, rmsocket, name)
char *conn;
int backlog;
bool rmsocket;
char *name;
{
socket_t sock;
int sockopt = 1;
int fdflags;
size_t len = 0;
char *p;
char *colon;
char *at;
SOCKADDR addr;
if (conn == NULL || conn[0] == '\0')
{
smi_log(SMI_LOG_ERR, "%s: empty or missing socket information",
name);
return INVALID_SOCKET;
}
(void) memset(&addr, '\0', sizeof addr);
/* protocol:filename or protocol:port@host */
p = conn;
colon = strchr(p, ':');
if (colon != NULL)
{
*colon = '\0';
if (*p == '\0')
{
#if NETUNIX
/* default to AF_UNIX */
addr.sa.sa_family = AF_UNIX;
L_socksize = sizeof (struct sockaddr_un);
#else /* NETUNIX */
# if NETINET
/* default to AF_INET */
addr.sa.sa_family = AF_INET;
L_socksize = sizeof addr.sin;
# else /* NETINET */
# if NETINET6
/* default to AF_INET6 */
addr.sa.sa_family = AF_INET6;
L_socksize = sizeof addr.sin6;
# else /* NETINET6 */
/* no protocols available */
smi_log(SMI_LOG_ERR,
"%s: no valid socket protocols available",
name);
return INVALID_SOCKET;
# endif /* NETINET6 */
# endif /* NETINET */
#endif /* NETUNIX */
}
#if NETUNIX
else if (strcasecmp(p, "unix") == 0 ||
strcasecmp(p, "local") == 0)
{
addr.sa.sa_family = AF_UNIX;
L_socksize = sizeof (struct sockaddr_un);
}
#endif /* NETUNIX */
#if NETINET
else if (strcasecmp(p, "inet") == 0)
{
addr.sa.sa_family = AF_INET;
L_socksize = sizeof addr.sin;
}
#endif /* NETINET */
#if NETINET6
else if (strcasecmp(p, "inet6") == 0)
{
addr.sa.sa_family = AF_INET6;
L_socksize = sizeof addr.sin6;
}
#endif /* NETINET6 */
else
{
smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
name, p);
return INVALID_SOCKET;
}
*colon++ = ':';
}
else
{
colon = p;
#if NETUNIX
/* default to AF_UNIX */
addr.sa.sa_family = AF_UNIX;
L_socksize = sizeof (struct sockaddr_un);
#else /* NETUNIX */
# if NETINET
/* default to AF_INET */
addr.sa.sa_family = AF_INET;
L_socksize = sizeof addr.sin;
# else /* NETINET */
# if NETINET6
/* default to AF_INET6 */
addr.sa.sa_family = AF_INET6;
L_socksize = sizeof addr.sin6;
# else /* NETINET6 */
smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
name, p);
return INVALID_SOCKET;
# endif /* NETINET6 */
# endif /* NETINET */
#endif /* NETUNIX */
}
#if NETUNIX
if (addr.sa.sa_family == AF_UNIX)
{
# if 0
long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN;
# endif /* 0 */
at = colon;
len = strlen(colon) + 1;
if (len >= sizeof addr.sunix.sun_path)
{
errno = EINVAL;
smi_log(SMI_LOG_ERR, "%s: UNIX socket name %s too long",
name, colon);
return INVALID_SOCKET;
}
(void) sm_strlcpy(addr.sunix.sun_path, colon,
sizeof addr.sunix.sun_path);
# if 0
errno = safefile(colon, RunAsUid, RunAsGid, RunAsUserName, sff,
S_IRUSR|S_IWUSR, NULL);
/* if not safe, don't create */
if (errno != 0)
{
smi_log(SMI_LOG_ERR,
"%s: UNIX socket name %s unsafe",
name, colon);
return INVALID_SOCKET;
}
# endif /* 0 */
}
#endif /* NETUNIX */
#if NETINET || NETINET6
if (
# if NETINET
addr.sa.sa_family == AF_INET
-# endif /* NETINET */
+# endif
# if NETINET && NETINET6
||
-# endif /* NETINET && NETINET6 */
+# endif
# if NETINET6
addr.sa.sa_family == AF_INET6
-# endif /* NETINET6 */
+# endif
)
{
unsigned short port;
/* Parse port@host */
at = strchr(colon, '@');
if (at == NULL)
{
switch (addr.sa.sa_family)
{
# if NETINET
case AF_INET:
addr.sin.sin_addr.s_addr = INADDR_ANY;
break;
-# endif /* NETINET */
+# endif
# if NETINET6
case AF_INET6:
addr.sin6.sin6_addr = in6addr_any;
break;
-# endif /* NETINET6 */
+# endif
}
}
else
*at = '\0';
if (isascii(*colon) && isdigit(*colon))
port = htons((unsigned short) atoi(colon));
else
{
# ifdef NO_GETSERVBYNAME
smi_log(SMI_LOG_ERR, "%s: invalid port number %s",
name, colon);
return INVALID_SOCKET;
# else /* NO_GETSERVBYNAME */
register struct servent *sp;
sp = getservbyname(colon, "tcp");
if (sp == NULL)
{
smi_log(SMI_LOG_ERR,
"%s: unknown port name %s",
name, colon);
return INVALID_SOCKET;
}
port = sp->s_port;
# endif /* NO_GETSERVBYNAME */
}
if (at != NULL)
{
*at++ = '@';
if (*at == '[')
{
char *end;
end = strchr(at, ']');
if (end != NULL)
{
bool found = false;
# if NETINET
unsigned long hid = INADDR_NONE;
-# endif /* NETINET */
+# endif
# if NETINET6
struct sockaddr_in6 hid6;
-# endif /* NETINET6 */
+# endif
*end = '\0';
# if NETINET
if (addr.sa.sa_family == AF_INET &&
(hid = inet_addr(&at[1])) != INADDR_NONE)
{
addr.sin.sin_addr.s_addr = hid;
addr.sin.sin_port = port;
found = true;
}
# endif /* NETINET */
# if NETINET6
(void) memset(&hid6, '\0', sizeof hid6);
if (addr.sa.sa_family == AF_INET6 &&
mi_inet_pton(AF_INET6, &at[1],
&hid6.sin6_addr) == 1)
{
addr.sin6.sin6_addr = hid6.sin6_addr;
addr.sin6.sin6_port = port;
found = true;
}
# endif /* NETINET6 */
*end = ']';
if (!found)
{
smi_log(SMI_LOG_ERR,
"%s: Invalid numeric domain spec \"%s\"",
name, at);
return INVALID_SOCKET;
}
}
else
{
smi_log(SMI_LOG_ERR,
"%s: Invalid numeric domain spec \"%s\"",
name, at);
return INVALID_SOCKET;
}
}
else
{
struct hostent *hp = NULL;
hp = mi_gethostbyname(at, addr.sa.sa_family);
if (hp == NULL)
{
smi_log(SMI_LOG_ERR,
"%s: Unknown host name %s",
name, at);
return INVALID_SOCKET;
}
addr.sa.sa_family = hp->h_addrtype;
switch (hp->h_addrtype)
{
# if NETINET
case AF_INET:
(void) memmove(&addr.sin.sin_addr,
hp->h_addr,
INADDRSZ);
addr.sin.sin_port = port;
break;
# endif /* NETINET */
# if NETINET6
case AF_INET6:
(void) memmove(&addr.sin6.sin6_addr,
hp->h_addr,
IN6ADDRSZ);
addr.sin6.sin6_port = port;
break;
# endif /* NETINET6 */
default:
smi_log(SMI_LOG_ERR,
"%s: Unknown protocol for %s (%d)",
name, at, hp->h_addrtype);
return INVALID_SOCKET;
}
# if NETINET6
freehostent(hp);
-# endif /* NETINET6 */
+# endif
}
}
else
{
switch (addr.sa.sa_family)
{
# if NETINET
case AF_INET:
addr.sin.sin_port = port;
break;
-# endif /* NETINET */
+# endif
# if NETINET6
case AF_INET6:
addr.sin6.sin6_port = port;
break;
-# endif /* NETINET6 */
+# endif
}
}
}
#endif /* NETINET || NETINET6 */
sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
if (!ValidSocket(sock))
{
smi_log(SMI_LOG_ERR,
"%s: Unable to create new socket: %s",
name, sm_errstring(errno));
return INVALID_SOCKET;
}
if ((fdflags = fcntl(sock, F_GETFD, 0)) == -1 ||
fcntl(sock, F_SETFD, fdflags | FD_CLOEXEC) == -1)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to set close-on-exec: %s", name,
sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
if (
#if NETUNIX
addr.sa.sa_family != AF_UNIX &&
-#endif /* NETUNIX */
+#endif
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt,
sizeof(sockopt)) == -1)
{
smi_log(SMI_LOG_ERR,
"%s: set reuseaddr failed (%s)", name,
sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
#if NETUNIX
if (addr.sa.sa_family == AF_UNIX && rmsocket)
{
struct stat s;
if (stat(colon, &s) != 0)
{
if (errno != ENOENT)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to stat() %s: %s",
name, colon, sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
}
else if (!S_ISSOCK(s.st_mode))
{
smi_log(SMI_LOG_ERR,
"%s: %s is not a UNIX domain socket",
name, colon);
(void) closesocket(sock);
return INVALID_SOCKET;
}
else if (unlink(colon) != 0)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to remove %s: %s",
name, colon, sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
}
#endif /* NETUNIX */
if (bind(sock, &addr.sa, L_socksize) < 0)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to bind to port %s: %s",
name, conn, sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
if (listen(sock, backlog) < 0)
{
smi_log(SMI_LOG_ERR,
"%s: listen call failed: %s", name,
sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
#if NETUNIX
if (addr.sa.sa_family == AF_UNIX && len > 0)
{
/*
** Set global variable sockpath so the UNIX socket can be
** unlink()ed at exit.
*/
sockpath = (char *) malloc(len);
if (sockpath != NULL)
(void) sm_strlcpy(sockpath, colon, len);
else
{
smi_log(SMI_LOG_ERR,
"%s: can't malloc(%d) for sockpath: %s",
name, (int) len, sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
}
#endif /* NETUNIX */
L_family = addr.sa.sa_family;
return sock;
}
#if !_FFR_WORKERS_POOL
/*
** MI_THREAD_HANDLE_WRAPPER -- small wrapper to handle session
**
** Parameters:
** arg -- argument to pass to mi_handle_session()
**
** Returns:
** results from mi_handle_session()
*/
static void *
mi_thread_handle_wrapper(arg)
void *arg;
{
/*
** Note: on some systems this generates a compiler warning:
** cast to pointer from integer of different size
** You can safely ignore this warning as the result of this function
** is not used anywhere.
*/
return (void *) mi_handle_session(arg);
}
#endif /* _FFR_WORKERS_POOL */
/*
** MI_CLOSENER -- close listen socket
**
** Parameters:
** none.
**
** Returns:
** none.
*/
void
mi_closener()
{
(void) smutex_lock(&L_Mutex);
if (ValidSocket(listenfd))
{
#if NETUNIX
bool removable;
struct stat sockinfo;
struct stat fileinfo;
removable = sockpath != NULL &&
geteuid() != 0 &&
fstat(listenfd, &sockinfo) == 0 &&
(S_ISFIFO(sockinfo.st_mode)
# ifdef S_ISSOCK
|| S_ISSOCK(sockinfo.st_mode)
-# endif /* S_ISSOCK */
+# endif
);
#endif /* NETUNIX */
(void) closesocket(listenfd);
listenfd = INVALID_SOCKET;
#if NETUNIX
/* XXX sleep() some time before doing this? */
if (sockpath != NULL)
{
if (removable &&
stat(sockpath, &fileinfo) == 0 &&
((fileinfo.st_dev == sockinfo.st_dev &&
fileinfo.st_ino == sockinfo.st_ino)
# ifdef S_ISSOCK
|| S_ISSOCK(fileinfo.st_mode)
-# endif /* S_ISSOCK */
+# endif
)
&&
(S_ISFIFO(fileinfo.st_mode)
# ifdef S_ISSOCK
|| S_ISSOCK(fileinfo.st_mode)
-# endif /* S_ISSOCK */
+# endif
))
(void) unlink(sockpath);
free(sockpath);
sockpath = NULL;
}
#endif /* NETUNIX */
}
(void) smutex_unlock(&L_Mutex);
}
/*
** MI_LISTENER -- Generic listener harness
**
** Open up listen port
** Wait for connections
**
** Parameters:
** conn -- connection description
** dbg -- debug level
** smfi -- filter structure to use
** timeout -- timeout for reads/writes
** backlog -- listen queue backlog size
**
** Returns:
** MI_SUCCESS -- Exited normally
** (session finished or we were told to exit)
** MI_FAILURE -- Network initialization failed.
*/
#if BROKEN_PTHREAD_SLEEP
/*
** Solaris 2.6, perhaps others, gets an internal threads library panic
** when sleep() is used:
**
** thread_create() failed, returned 11 (EINVAL)
** co_enable, thr_create() returned error = 24
** libthread panic: co_enable failed (PID: 17793 LWP 1)
** stacktrace:
** ef526b10
** ef52646c
** ef534cbc
** 156a4
** 14644
** 1413c
** 135e0
** 0
*/
# define MI_SLEEP(s) \
{ \
int rs = 0; \
struct timeval st; \
\
st.tv_sec = (s); \
st.tv_usec = 0; \
if (st.tv_sec > 0) \
{ \
for (;;) \
{ \
rs = select(0, NULL, NULL, NULL, &st); \
if (rs < 0 && errno == EINTR) \
continue; \
if (rs != 0) \
{ \
smi_log(SMI_LOG_ERR, \
"MI_SLEEP(): select() returned non-zero result %d, errno = %d", \
rs, errno); \
} \
break; \
} \
} \
}
#else /* BROKEN_PTHREAD_SLEEP */
# define MI_SLEEP(s) sleep((s))
#endif /* BROKEN_PTHREAD_SLEEP */
int
mi_listener(conn, dbg, smfi, timeout, backlog)
char *conn;
int dbg;
smfiDesc_ptr smfi;
time_t timeout;
int backlog;
{
socket_t connfd = INVALID_SOCKET;
#if _FFR_DUP_FD
socket_t dupfd = INVALID_SOCKET;
-#endif /* _FFR_DUP_FD */
+#endif
int sockopt = 1;
int r, mistop;
int ret = MI_SUCCESS;
int mcnt = 0; /* error count for malloc() failures */
int tcnt = 0; /* error count for thread_create() failures */
int acnt = 0; /* error count for accept() failures */
int scnt = 0; /* error count for select() failures */
int save_errno = 0;
int fdflags;
#if !_FFR_WORKERS_POOL
sthread_t thread_id;
-#endif /* !_FFR_WORKERS_POOL */
+#endif
_SOCK_ADDR cliaddr;
SOCKADDR_LEN_T clilen;
SMFICTX_PTR ctx;
FD_RD_VAR(rds, excs);
struct timeval chktime;
if (mi_opensocket(conn, backlog, dbg, false, smfi) == MI_FAILURE)
return MI_FAILURE;
#if _FFR_WORKERS_POOL
if (mi_pool_controller_init() == MI_FAILURE)
return MI_FAILURE;
-#endif /* _FFR_WORKERS_POOL */
+#endif
clilen = L_socksize;
while ((mistop = mi_stop()) == MILTER_CONT)
{
(void) smutex_lock(&L_Mutex);
if (!ValidSocket(listenfd))
{
ret = MI_FAILURE;
smi_log(SMI_LOG_ERR,
"%s: listenfd=%d corrupted, terminating, errno=%d",
smfi->xxfi_name, listenfd, errno);
(void) smutex_unlock(&L_Mutex);
break;
}
/* select on interface ports */
FD_RD_INIT(listenfd, rds, excs);
chktime.tv_sec = MI_CHK_TIME;
chktime.tv_usec = 0;
r = FD_RD_READY(listenfd, rds, excs, &chktime);
if (r == 0) /* timeout */
{
(void) smutex_unlock(&L_Mutex);
continue; /* just check mi_stop() */
}
if (r < 0)
{
save_errno = errno;
(void) smutex_unlock(&L_Mutex);
if (save_errno == EINTR)
continue;
scnt++;
smi_log(SMI_LOG_ERR,
"%s: %s() failed (%s), %s",
smfi->xxfi_name, MI_POLLSELECT,
sm_errstring(save_errno),
scnt >= MAX_FAILS_S ? "abort" : "try again");
MI_SLEEP(scnt);
if (scnt >= MAX_FAILS_S)
{
ret = MI_FAILURE;
break;
}
continue;
}
if (!FD_IS_RD_RDY(listenfd, rds, excs))
{
/* some error: just stop for now... */
ret = MI_FAILURE;
(void) smutex_unlock(&L_Mutex);
smi_log(SMI_LOG_ERR,
"%s: %s() returned exception for socket, abort",
smfi->xxfi_name, MI_POLLSELECT);
break;
}
scnt = 0; /* reset error counter for select() */
(void) memset(&cliaddr, '\0', sizeof cliaddr);
connfd = accept(listenfd, (struct sockaddr *) &cliaddr,
&clilen);
save_errno = errno;
(void) smutex_unlock(&L_Mutex);
/*
** If remote side closes before accept() finishes,
** sockaddr might not be fully filled in.
*/
if (ValidSocket(connfd) &&
(clilen == 0 ||
# ifdef BSD4_4_SOCKADDR
cliaddr.sa.sa_len == 0 ||
-# endif /* BSD4_4_SOCKADDR */
+# endif
cliaddr.sa.sa_family != L_family))
{
(void) closesocket(connfd);
connfd = INVALID_SOCKET;
save_errno = EINVAL;
}
/* check if acceptable for select() */
if (ValidSocket(connfd) && !SM_FD_OK_SELECT(connfd))
{
(void) closesocket(connfd);
connfd = INVALID_SOCKET;
save_errno = ERANGE;
}
if (!ValidSocket(connfd))
{
if (save_errno == EINTR
#ifdef EAGAIN
|| save_errno == EAGAIN
-#endif /* EAGAIN */
+#endif
#ifdef ECONNABORTED
|| save_errno == ECONNABORTED
-#endif /* ECONNABORTED */
+#endif
#ifdef EMFILE
|| save_errno == EMFILE
-#endif /* EMFILE */
+#endif
#ifdef ENFILE
|| save_errno == ENFILE
-#endif /* ENFILE */
+#endif
#ifdef ENOBUFS
|| save_errno == ENOBUFS
-#endif /* ENOBUFS */
+#endif
#ifdef ENOMEM
|| save_errno == ENOMEM
-#endif /* ENOMEM */
+#endif
#ifdef ENOSR
|| save_errno == ENOSR
-#endif /* ENOSR */
+#endif
#ifdef EWOULDBLOCK
|| save_errno == EWOULDBLOCK
-#endif /* EWOULDBLOCK */
+#endif
)
continue;
acnt++;
smi_log(SMI_LOG_ERR,
"%s: accept() returned invalid socket (%s), %s",
smfi->xxfi_name, sm_errstring(save_errno),
acnt >= MAX_FAILS_A ? "abort" : "try again");
MI_SLEEP(acnt);
if (acnt >= MAX_FAILS_A)
{
ret = MI_FAILURE;
break;
}
continue;
}
acnt = 0; /* reset error counter for accept() */
#if _FFR_DUP_FD
dupfd = fcntl(connfd, F_DUPFD, 256);
if (ValidSocket(dupfd) && SM_FD_OK_SELECT(dupfd))
{
close(connfd);
connfd = dupfd;
dupfd = INVALID_SOCKET;
}
#endif /* _FFR_DUP_FD */
- /*
+ /*
** Need to set close-on-exec for connfd in case a user's
** filter starts other applications.
** Note: errors will not stop processing (for now).
*/
if ((fdflags = fcntl(connfd, F_GETFD, 0)) == -1 ||
fcntl(connfd, F_SETFD, fdflags | FD_CLOEXEC) == -1)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to set close-on-exec: %s",
smfi->xxfi_name, sm_errstring(errno));
}
if (setsockopt(connfd, SOL_SOCKET, SO_KEEPALIVE,
(void *) &sockopt, sizeof sockopt) < 0)
{
smi_log(SMI_LOG_WARN,
"%s: set keepalive failed (%s)",
smfi->xxfi_name, sm_errstring(errno));
/* XXX: continue? */
}
if ((ctx = (SMFICTX_PTR) malloc(sizeof *ctx)) == NULL)
{
(void) closesocket(connfd);
mcnt++;
smi_log(SMI_LOG_ERR, "%s: malloc(ctx) failed (%s), %s",
smfi->xxfi_name, sm_errstring(save_errno),
mcnt >= MAX_FAILS_M ? "abort" : "try again");
MI_SLEEP(mcnt);
if (mcnt >= MAX_FAILS_M)
{
ret = MI_FAILURE;
break;
}
continue;
}
mcnt = 0; /* reset error counter for malloc() */
(void) memset(ctx, '\0', sizeof *ctx);
ctx->ctx_sd = connfd;
ctx->ctx_dbg = dbg;
ctx->ctx_timeout = timeout;
ctx->ctx_smfi = smfi;
if (smfi->xxfi_connect == NULL)
ctx->ctx_pflags |= SMFIP_NOCONNECT;
if (smfi->xxfi_helo == NULL)
ctx->ctx_pflags |= SMFIP_NOHELO;
if (smfi->xxfi_envfrom == NULL)
ctx->ctx_pflags |= SMFIP_NOMAIL;
if (smfi->xxfi_envrcpt == NULL)
ctx->ctx_pflags |= SMFIP_NORCPT;
if (smfi->xxfi_header == NULL)
ctx->ctx_pflags |= SMFIP_NOHDRS;
if (smfi->xxfi_eoh == NULL)
ctx->ctx_pflags |= SMFIP_NOEOH;
if (smfi->xxfi_body == NULL)
ctx->ctx_pflags |= SMFIP_NOBODY;
if (smfi->xxfi_version <= 3 || smfi->xxfi_data == NULL)
ctx->ctx_pflags |= SMFIP_NODATA;
if (smfi->xxfi_version <= 2 || smfi->xxfi_unknown == NULL)
ctx->ctx_pflags |= SMFIP_NOUNKNOWN;
#if _FFR_WORKERS_POOL
# define LOG_CRT_FAIL "%s: mi_start_session() failed: %d, %s"
if ((r = mi_start_session(ctx)) != MI_SUCCESS)
-#else /* _FFR_WORKERS_POOL */
+#else
# define LOG_CRT_FAIL "%s: thread_create() failed: %d, %s"
if ((r = thread_create(&thread_id,
mi_thread_handle_wrapper,
(void *) ctx)) != 0)
-#endif /* _FFR_WORKERS_POOL */
+#endif
{
tcnt++;
smi_log(SMI_LOG_ERR,
LOG_CRT_FAIL,
smfi->xxfi_name, r,
tcnt >= MAX_FAILS_T ? "abort" : "try again");
MI_SLEEP(tcnt);
(void) closesocket(connfd);
free(ctx);
if (tcnt >= MAX_FAILS_T)
{
ret = MI_FAILURE;
break;
}
continue;
}
tcnt = 0;
}
if (ret != MI_SUCCESS)
mi_stop_milters(MILTER_ABRT);
else
{
if (mistop != MILTER_CONT)
smi_log(SMI_LOG_INFO, "%s: mi_stop=%d",
smfi->xxfi_name, mistop);
mi_closener();
}
(void) smutex_destroy(&L_Mutex);
return ret;
}
diff --git a/libmilter/main.c b/libmilter/main.c
index ef3242feff05..ff7bf99bcc82 100644
--- a/libmilter/main.c
+++ b/libmilter/main.c
@@ -1,247 +1,247 @@
/*
* Copyright (c) 1999-2003, 2006, 2007 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: main.c,v 8.85 2013-11-22 20:51:36 ca Exp $")
#define _DEFINE 1
#include "libmilter.h"
#include <fcntl.h>
#include <sys/stat.h>
static smfiDesc_ptr smfi = NULL;
/*
** SMFI_REGISTER -- register a filter description
**
** Parameters:
** smfilter -- description of filter to register
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_register(smfilter)
smfiDesc_str smfilter;
{
size_t len;
if (smfi == NULL)
{
smfi = (smfiDesc_ptr) malloc(sizeof *smfi);
if (smfi == NULL)
return MI_FAILURE;
}
(void) memcpy(smfi, &smfilter, sizeof *smfi);
if (smfilter.xxfi_name == NULL)
smfilter.xxfi_name = "Unknown";
len = strlen(smfilter.xxfi_name) + 1;
smfi->xxfi_name = (char *) malloc(len);
if (smfi->xxfi_name == NULL)
return MI_FAILURE;
(void) sm_strlcpy(smfi->xxfi_name, smfilter.xxfi_name, len);
/* compare milter version with hard coded version */
if ((SM_LM_VRS_MAJOR(smfi->xxfi_version) != SM_LM_VRS_MAJOR(SMFI_VERSION) ||
SM_LM_VRS_MINOR(smfi->xxfi_version) != SM_LM_VRS_MINOR(SMFI_VERSION)) &&
smfi->xxfi_version != 2 &&
smfi->xxfi_version != 3 &&
smfi->xxfi_version != 4)
{
/* hard failure for now! */
smi_log(SMI_LOG_ERR,
"%s: smfi_register: version mismatch application: %d != milter: %d",
smfi->xxfi_name, smfi->xxfi_version,
(int) SMFI_VERSION);
/* XXX how about smfi? */
free(smfi->xxfi_name);
return MI_FAILURE;
}
return MI_SUCCESS;
}
/*
** SMFI_STOP -- stop milter
**
** Parameters:
** none.
**
** Returns:
** success.
*/
int
smfi_stop()
{
mi_stop_milters(MILTER_STOP);
return MI_SUCCESS;
}
/*
** Default values for some variables.
** Most of these can be changed with the functions below.
*/
static int dbg = 0;
static char *conn = NULL;
static int timeout = MI_TIMEOUT;
static int backlog = MI_SOMAXCONN;
/*
** SMFI_OPENSOCKET -- try the socket setup to make sure we'll be
** able to start up
**
** Parameters:
** rmsocket -- if true, instructs libmilter to attempt
** to remove the socket before creating it;
** only applies for "local:" or "unix:" sockets
**
** Return:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_opensocket(rmsocket)
bool rmsocket;
{
if (smfi == NULL || conn == NULL)
return MI_FAILURE;
return mi_opensocket(conn, backlog, dbg, rmsocket, smfi);
}
/*
** SMFI_SETDBG -- set debug level.
**
** Parameters:
** odbg -- new debug level.
**
** Returns:
** MI_SUCCESS
*/
int
smfi_setdbg(odbg)
int odbg;
{
dbg = odbg;
return MI_SUCCESS;
}
/*
** SMFI_SETTIMEOUT -- set timeout (for read/write).
**
** Parameters:
** otimeout -- new timeout.
**
** Returns:
** MI_SUCCESS
*/
int
smfi_settimeout(otimeout)
int otimeout;
{
timeout = otimeout;
return MI_SUCCESS;
}
/*
** SMFI_SETCONN -- set connection information (socket description)
**
** Parameters:
** oconn -- new connection information.
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_setconn(oconn)
char *oconn;
{
size_t l;
if (oconn == NULL || *oconn == '\0')
return MI_FAILURE;
l = strlen(oconn) + 1;
if ((conn = (char *) malloc(l)) == NULL)
return MI_FAILURE;
if (sm_strlcpy(conn, oconn, l) >= l)
return MI_FAILURE;
return MI_SUCCESS;
}
/*
** SMFI_SETBACKLOG -- set backlog
**
** Parameters:
** obacklog -- new backlog.
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_setbacklog(obacklog)
int obacklog;
{
if (obacklog <= 0)
return MI_FAILURE;
backlog = obacklog;
return MI_SUCCESS;
}
/*
-** SMFI_MAIN -- setup milter connnection and start listener.
+** SMFI_MAIN -- setup milter connection and start listener.
**
** Parameters:
** none.
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_main()
{
int r;
(void) signal(SIGPIPE, SIG_IGN);
if (conn == NULL)
{
smi_log(SMI_LOG_FATAL, "%s: missing connection information",
smfi->xxfi_name);
return MI_FAILURE;
}
(void) atexit(mi_clean_signals);
if (mi_control_startup(smfi->xxfi_name) != MI_SUCCESS)
{
smi_log(SMI_LOG_FATAL,
"%s: Couldn't start signal thread",
smfi->xxfi_name);
return MI_FAILURE;
}
r = MI_MONITOR_INIT();
/* Startup the listener */
if (mi_listener(conn, dbg, smfi, timeout, backlog) != MI_SUCCESS)
r = MI_FAILURE;
return r;
}
diff --git a/libmilter/monitor.c b/libmilter/monitor.c
index 9916bb59598d..ec08e53d0b2e 100644
--- a/libmilter/monitor.c
+++ b/libmilter/monitor.c
@@ -1,227 +1,227 @@
/*
* Copyright (c) 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: monitor.c,v 8.8 2013-11-22 20:51:36 ca Exp $")
#include "libmilter.h"
#if _FFR_THREAD_MONITOR
/*
** Thread Monitoring
** Todo: more error checking (return code from function calls)
** add comments.
*/
bool Monitor = false; /* use monitoring? */
static unsigned int Mon_exec_time = 0;
/* mutex protects Mon_cur_ctx, Mon_ctx_head, and ctx_start */
static smutex_t Mon_mutex;
static scond_t Mon_cv;
/*
** Current ctx to monitor.
** Invariant:
** Mon_cur_ctx == NULL || Mon_cur_ctx is thread which was started the longest
** time ago.
**
** Basically the entries in the list are ordered by time because new
** entries are appended at the end. However, due to the concurrent
** execution (multi-threaded) and no guaranteed order of wakeups
** after a mutex_lock() attempt, the order might not be strict,
** i.e., if the list contains e1 and e2 (in that order) then
** the the start time of e2 can be (slightly) smaller than that of e1.
-** However, this slight inaccurracy should not matter for the proper
+** However, this slight inaccuracy should not matter for the proper
** working of this algorithm.
*/
static SMFICTX_PTR Mon_cur_ctx = NULL;
static smfi_hd_T Mon_ctx_head; /* head of the linked list of active contexts */
/*
** SMFI_SET_MAX_EXEC_TIME -- set maximum execution time for a thread
**
** Parameters:
** tm -- maximum execution time for a thread
**
** Returns:
** MI_SUCCESS
*/
int
smfi_set_max_exec_time(tm)
unsigned int tm;
{
Mon_exec_time = tm;
return MI_SUCCESS;
}
/*
** MI_MONITOR_THREAD -- monitoring thread
**
** Parameters:
** arg -- ignored (required by pthread_create())
**
** Returns:
** NULL on termination.
*/
static void *
mi_monitor_thread(arg)
void *arg;
{
sthread_t tid;
int r;
time_t now, end;
SM_ASSERT(Monitor);
SM_ASSERT(Mon_exec_time > 0);
tid = (sthread_t) sthread_get_id();
if (pthread_detach(tid) != 0)
{
/* log an error */
return (void *)1;
}
/*
** NOTE: this is "flow through" code,
** do NOT use do { } while ("break" is used here!)
*/
#define MON_CHK_STOP \
now = time(NULL); \
end = Mon_cur_ctx->ctx_start + Mon_exec_time; \
if (now > end) \
{ \
smi_log(SMI_LOG_ERR, \
"WARNING: monitor timeout triggered, now=%ld, end=%ld, tid=%ld, state=0x%x",\
(long) now, (long) end, \
(long) Mon_cur_ctx->ctx_id, Mon_cur_ctx->ctx_state);\
mi_stop_milters(MILTER_STOP); \
break; \
}
(void) smutex_lock(&Mon_mutex);
while (mi_stop() == MILTER_CONT)
{
if (Mon_cur_ctx != NULL && Mon_cur_ctx->ctx_start > 0)
{
struct timespec abstime;
MON_CHK_STOP;
abstime.tv_sec = end;
abstime.tv_nsec = 0;
r = pthread_cond_timedwait(&Mon_cv, &Mon_mutex,
&abstime);
}
else
r = pthread_cond_wait(&Mon_cv, &Mon_mutex);
if (mi_stop() != MILTER_CONT)
break;
if (Mon_cur_ctx != NULL && Mon_cur_ctx->ctx_start > 0)
{
MON_CHK_STOP;
}
}
(void) smutex_unlock(&Mon_mutex);
return NULL;
}
/*
** MI_MONITOR_INIT -- initialize monitoring thread
**
** Parameters: none
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
mi_monitor_init()
{
int r;
sthread_t tid;
SM_ASSERT(!Monitor);
if (Mon_exec_time <= 0)
return MI_SUCCESS;
Monitor = true;
if (!smutex_init(&Mon_mutex))
return MI_FAILURE;
if (scond_init(&Mon_cv) != 0)
return MI_FAILURE;
SM_TAILQ_INIT(&Mon_ctx_head);
r = thread_create(&tid, mi_monitor_thread, (void *)NULL);
if (r != 0)
return r;
return MI_SUCCESS;
}
/*
** MI_MONITOR_WORK_BEGIN -- record start of thread execution
**
** Parameters:
** ctx -- session context
** cmd -- milter command char
**
** Returns:
** 0
*/
int
mi_monitor_work_begin(ctx, cmd)
SMFICTX_PTR ctx;
int cmd;
{
(void) smutex_lock(&Mon_mutex);
if (NULL == Mon_cur_ctx)
{
Mon_cur_ctx = ctx;
(void) scond_signal(&Mon_cv);
}
ctx->ctx_start = time(NULL);
SM_TAILQ_INSERT_TAIL(&Mon_ctx_head, ctx, ctx_mon_link);
(void) smutex_unlock(&Mon_mutex);
return 0;
}
/*
** MI_MONITOR_WORK_END -- record end of thread execution
**
** Parameters:
** ctx -- session context
** cmd -- milter command char
**
** Returns:
** 0
*/
int
mi_monitor_work_end(ctx, cmd)
SMFICTX_PTR ctx;
int cmd;
{
(void) smutex_lock(&Mon_mutex);
ctx->ctx_start = 0;
SM_TAILQ_REMOVE(&Mon_ctx_head, ctx, ctx_mon_link);
if (Mon_cur_ctx == ctx)
{
if (SM_TAILQ_EMPTY(&Mon_ctx_head))
Mon_cur_ctx = NULL;
else
Mon_cur_ctx = SM_TAILQ_FIRST(&Mon_ctx_head);
}
(void) smutex_unlock(&Mon_mutex);
return 0;
}
#endif /* _FFR_THREAD_MONITOR */
diff --git a/libmilter/sm_gethost.c b/libmilter/sm_gethost.c
index 2423c34419c1..262edb6c541c 100644
--- a/libmilter/sm_gethost.c
+++ b/libmilter/sm_gethost.c
@@ -1,176 +1,189 @@
/*
* Copyright (c) 1999-2001, 2004, 2010, 2013 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: sm_gethost.c,v 8.32 2013-11-22 20:51:36 ca Exp $")
#include <sendmail.h>
#if NETINET || NETINET6
# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
+#endif
#include "libmilter.h"
/*
** MI_GETHOSTBY{NAME,ADDR} -- compatibility routines for gethostbyXXX
**
-** Some operating systems have wierd problems with the gethostbyXXX
+** Some operating systems have weird problems with the gethostbyXXX
** routines. For example, Solaris versions at least through 2.3
** don't properly deliver a canonical h_name field. This tries to
** work around these problems.
**
** Support IPv6 as well as IPv4.
*/
#if NETINET6 && NEEDSGETIPNODE
static struct hostent *sm_getipnodebyname __P((const char *, int, int, int *));
# ifndef AI_ADDRCONFIG
# define AI_ADDRCONFIG 0 /* dummy */
-# endif /* ! AI_ADDRCONFIG */
+# endif
# ifndef AI_ALL
# define AI_ALL 0 /* dummy */
-# endif /* ! AI_ALL */
+# endif
# ifndef AI_DEFAULT
# define AI_DEFAULT 0 /* dummy */
-# endif /* ! AI_DEFAULT */
+# endif
static struct hostent *
sm_getipnodebyname(name, family, flags, err)
const char *name;
int family;
int flags;
int *err;
{
- bool resv6 = true;
struct hostent *h;
+# if HAS_GETHOSTBYNAME2
+
+ h = gethostbyname2(name, family);
+ if (h == NULL)
+ *err = h_errno;
+ return h;
+
+# else /* HAS_GETHOSTBYNAME2 */
+# ifdef RES_USE_INET6
+ bool resv6 = true;
if (family == AF_INET6)
{
/* From RFC2133, section 6.1 */
resv6 = bitset(RES_USE_INET6, _res.options);
_res.options |= RES_USE_INET6;
}
+# endif /* RES_USE_INET6 */
SM_SET_H_ERRNO(0);
h = gethostbyname(name);
- if (family == AF_INET6 && !resv6)
+# ifdef RES_USE_INET6
+ if (!resv6)
_res.options &= ~RES_USE_INET6;
+# endif
/* the function is supposed to return only the requested family */
if (h != NULL && h->h_addrtype != family)
{
-# if NETINET6
+# if NETINET6
freehostent(h);
-# endif /* NETINET6 */
+# endif
h = NULL;
*err = NO_DATA;
}
else
*err = h_errno;
return h;
+# endif /* HAS_GETHOSTBYNAME2 */
}
void
freehostent(h)
struct hostent *h;
{
/*
** Stub routine -- if they don't have getipnodeby*(),
** they probably don't have the free routine either.
*/
return;
}
#else /* NEEDSGETIPNODE && NETINET6 */
-#define sm_getipnodebyname getipnodebyname
+#define sm_getipnodebyname getipnodebyname
#endif /* NEEDSGETIPNODE && NETINET6 */
struct hostent *
mi_gethostbyname(name, family)
char *name;
int family;
{
struct hostent *h = NULL;
#if (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4))
# if SOLARIS == 20300 || SOLARIS == 203
static struct hostent hp;
static char buf[1000];
extern struct hostent *_switch_gethostbyname_r();
h = _switch_gethostbyname_r(name, &hp, buf, sizeof(buf), &h_errno);
# else /* SOLARIS == 20300 || SOLARIS == 203 */
extern struct hostent *__switch_gethostbyname();
h = __switch_gethostbyname(name);
# endif /* SOLARIS == 20300 || SOLARIS == 203 */
#else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
# if NETINET6
# ifndef SM_IPNODEBYNAME_FLAGS
/* For IPv4-mapped addresses, use: AI_DEFAULT|AI_ALL */
# define SM_IPNODEBYNAME_FLAGS AI_ADDRCONFIG
-# endif /* SM_IPNODEBYNAME_FLAGS */
+# endif
int flags = SM_IPNODEBYNAME_FLAGS;
int err;
# endif /* NETINET6 */
# if NETINET6
# if ADDRCONFIG_IS_BROKEN
flags &= ~AI_ADDRCONFIG;
-# endif /* ADDRCONFIG_IS_BROKEN */
+# endif
h = sm_getipnodebyname(name, family, flags, &err);
SM_SET_H_ERRNO(err);
# else /* NETINET6 */
h = gethostbyname(name);
# endif /* NETINET6 */
#endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
/* the function is supposed to return only the requested family */
if (h != NULL && h->h_addrtype != family)
{
# if NETINET6
freehostent(h);
-# endif /* NETINET6 */
+# endif
h = NULL;
SM_SET_H_ERRNO(NO_DATA);
}
return h;
}
#if NETINET6
/*
** MI_INET_PTON -- convert printed form to network address.
**
** Wrapper for inet_pton() which handles IPv6: labels.
**
** Parameters:
** family -- address family
** src -- string
** dst -- destination address structure
**
** Returns:
** 1 if the address was valid
-** 0 if the address wasn't parseable
+** 0 if the address wasn't parsable
** -1 if error
*/
int
mi_inet_pton(family, src, dst)
int family;
const char *src;
void *dst;
{
if (family == AF_INET6 &&
strncasecmp(src, "IPv6:", 5) == 0)
src += 5;
return inet_pton(family, src, dst);
}
#endif /* NETINET6 */
diff --git a/libmilter/smfi.c b/libmilter/smfi.c
index d6c63a2ce800..a0fcd1184e46 100644
--- a/libmilter/smfi.c
+++ b/libmilter/smfi.c
@@ -1,889 +1,888 @@
/*
* Copyright (c) 1999-2007 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: smfi.c,v 8.84 2013-11-22 20:51:36 ca Exp $")
#include <sm/varargs.h>
#include "libmilter.h"
static int smfi_header __P((SMFICTX *, int, int, char *, char *));
static int myisenhsc __P((const char *, int));
/* for smfi_set{ml}reply, let's be generous. 256/16 should be sufficient */
#define MAXREPLYLEN 980 /* max. length of a reply string */
#define MAXREPLIES 32 /* max. number of reply strings */
/*
** SMFI_HEADER -- send a header to the MTA
**
** Parameters:
** ctx -- Opaque context structure
** cmd -- Header modification command
** hdridx -- Header index
** headerf -- Header field name
** headerv -- Header field value
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
static int
smfi_header(ctx, cmd, hdridx, headerf, headerv)
SMFICTX *ctx;
int cmd;
int hdridx;
char *headerf;
char *headerv;
{
size_t len, l1, l2, offset;
int r;
mi_int32 v;
char *buf;
struct timeval timeout;
if (headerf == NULL || *headerf == '\0' || headerv == NULL)
return MI_FAILURE;
timeout.tv_sec = ctx->ctx_timeout;
timeout.tv_usec = 0;
l1 = strlen(headerf) + 1;
l2 = strlen(headerv) + 1;
len = l1 + l2;
if (hdridx >= 0)
len += MILTER_LEN_BYTES;
buf = malloc(len);
if (buf == NULL)
return MI_FAILURE;
offset = 0;
if (hdridx >= 0)
{
v = htonl(hdridx);
(void) memcpy(&(buf[0]), (void *) &v, MILTER_LEN_BYTES);
offset += MILTER_LEN_BYTES;
}
(void) memcpy(buf + offset, headerf, l1);
(void) memcpy(buf + offset + l1, headerv, l2);
r = mi_wr_cmd(ctx->ctx_sd, &timeout, cmd, buf, len);
free(buf);
return r;
}
/*
** SMFI_ADDHEADER -- send a new header to the MTA
**
** Parameters:
** ctx -- Opaque context structure
** headerf -- Header field name
** headerv -- Header field value
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_addheader(ctx, headerf, headerv)
SMFICTX *ctx;
char *headerf;
char *headerv;
{
if (!mi_sendok(ctx, SMFIF_ADDHDRS))
return MI_FAILURE;
return smfi_header(ctx, SMFIR_ADDHEADER, -1, headerf, headerv);
}
/*
** SMFI_INSHEADER -- send a new header to the MTA (to be inserted)
**
** Parameters:
** ctx -- Opaque context structure
-** hdridx -- index into header list where insertion should occur
+** hdridx -- index into header list where insertion should occur
** headerf -- Header field name
** headerv -- Header field value
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_insheader(ctx, hdridx, headerf, headerv)
SMFICTX *ctx;
int hdridx;
char *headerf;
char *headerv;
{
if (!mi_sendok(ctx, SMFIF_ADDHDRS) || hdridx < 0)
return MI_FAILURE;
return smfi_header(ctx, SMFIR_INSHEADER, hdridx, headerf, headerv);
}
/*
** SMFI_CHGHEADER -- send a changed header to the MTA
**
** Parameters:
** ctx -- Opaque context structure
** headerf -- Header field name
** hdridx -- Header index value
** headerv -- Header field value
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_chgheader(ctx, headerf, hdridx, headerv)
SMFICTX *ctx;
char *headerf;
mi_int32 hdridx;
char *headerv;
{
if (!mi_sendok(ctx, SMFIF_CHGHDRS) || hdridx < 0)
return MI_FAILURE;
if (headerv == NULL)
headerv = "";
return smfi_header(ctx, SMFIR_CHGHEADER, hdridx, headerf, headerv);
}
#if 0
/*
** BUF_CRT_SEND -- construct buffer to send from arguments
**
** Parameters:
** ctx -- Opaque context structure
** cmd -- command
** arg0 -- first argument
** argv -- list of arguments (NULL terminated)
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
static int
buf_crt_send __P((SMFICTX *, int cmd, char *, char **));
static int
buf_crt_send(ctx, cmd, arg0, argv)
SMFICTX *ctx;
int cmd;
char *arg0;
char **argv;
{
size_t len, l0, l1, offset;
int r;
char *buf, *arg, **argvl;
struct timeval timeout;
if (arg0 == NULL || *arg0 == '\0')
return MI_FAILURE;
timeout.tv_sec = ctx->ctx_timeout;
timeout.tv_usec = 0;
l0 = strlen(arg0) + 1;
len = l0;
argvl = argv;
while (argvl != NULL && (arg = *argv) != NULL && *arg != '\0')
{
l1 = strlen(arg) + 1;
len += l1;
SM_ASSERT(len > l1);
}
buf = malloc(len);
if (buf == NULL)
return MI_FAILURE;
(void) memcpy(buf, arg0, l0);
offset = l0;
argvl = argv;
while (argvl != NULL && (arg = *argv) != NULL && *arg != '\0')
{
l1 = strlen(arg) + 1;
SM_ASSERT(offset < len);
SM_ASSERT(offset + l1 <= len);
(void) memcpy(buf + offset, arg, l1);
offset += l1;
SM_ASSERT(offset > l1);
}
r = mi_wr_cmd(ctx->ctx_sd, &timeout, cmd, buf, len);
free(buf);
return r;
}
#endif /* 0 */
/*
** SEND2 -- construct buffer to send from arguments
**
** Parameters:
** ctx -- Opaque context structure
** cmd -- command
** arg0 -- first argument
** argv -- list of arguments (NULL terminated)
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
static int
send2 __P((SMFICTX *, int cmd, char *, char *));
static int
send2(ctx, cmd, arg0, arg1)
SMFICTX *ctx;
int cmd;
char *arg0;
char *arg1;
{
size_t len, l0, l1, offset;
int r;
char *buf;
struct timeval timeout;
if (arg0 == NULL || *arg0 == '\0')
return MI_FAILURE;
timeout.tv_sec = ctx->ctx_timeout;
timeout.tv_usec = 0;
l0 = strlen(arg0) + 1;
len = l0;
if (arg1 != NULL)
{
l1 = strlen(arg1) + 1;
len += l1;
SM_ASSERT(len > l1);
}
buf = malloc(len);
if (buf == NULL)
return MI_FAILURE;
(void) memcpy(buf, arg0, l0);
offset = l0;
if (arg1 != NULL)
{
- l1 = strlen(arg1) + 1;
SM_ASSERT(offset < len);
SM_ASSERT(offset + l1 <= len);
(void) memcpy(buf + offset, arg1, l1);
offset += l1;
SM_ASSERT(offset > l1);
}
r = mi_wr_cmd(ctx->ctx_sd, &timeout, cmd, buf, len);
free(buf);
return r;
}
/*
** SMFI_CHGFROM -- change enveloper sender ("from") address
**
** Parameters:
** ctx -- Opaque context structure
** from -- new envelope sender address ("MAIL From")
** args -- ESMTP arguments
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_chgfrom(ctx, from, args)
SMFICTX *ctx;
char *from;
char *args;
{
if (from == NULL || *from == '\0')
return MI_FAILURE;
if (!mi_sendok(ctx, SMFIF_CHGFROM))
return MI_FAILURE;
return send2(ctx, SMFIR_CHGFROM, from, args);
}
/*
** SMFI_SETSYMLIST -- set list of macros that the MTA should send.
**
** Parameters:
** ctx -- Opaque context structure
** where -- SMTP stage
** macros -- list of macros
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_setsymlist(ctx, where, macros)
SMFICTX *ctx;
int where;
char *macros;
{
SM_ASSERT(ctx != NULL);
if (macros == NULL)
return MI_FAILURE;
if (where < SMFIM_FIRST || where > SMFIM_LAST)
return MI_FAILURE;
if (where < 0 || where >= MAX_MACROS_ENTRIES)
return MI_FAILURE;
if (ctx->ctx_mac_list[where] != NULL)
return MI_FAILURE;
ctx->ctx_mac_list[where] = strdup(macros);
if (ctx->ctx_mac_list[where] == NULL)
return MI_FAILURE;
return MI_SUCCESS;
}
/*
** SMFI_ADDRCPT_PAR -- send an additional recipient to the MTA
**
** Parameters:
** ctx -- Opaque context structure
** rcpt -- recipient address
** args -- ESMTP arguments
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_addrcpt_par(ctx, rcpt, args)
SMFICTX *ctx;
char *rcpt;
char *args;
{
if (rcpt == NULL || *rcpt == '\0')
return MI_FAILURE;
if (!mi_sendok(ctx, SMFIF_ADDRCPT_PAR))
return MI_FAILURE;
return send2(ctx, SMFIR_ADDRCPT_PAR, rcpt, args);
}
/*
** SMFI_ADDRCPT -- send an additional recipient to the MTA
**
** Parameters:
** ctx -- Opaque context structure
** rcpt -- recipient address
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_addrcpt(ctx, rcpt)
SMFICTX *ctx;
char *rcpt;
{
size_t len;
struct timeval timeout;
if (rcpt == NULL || *rcpt == '\0')
return MI_FAILURE;
if (!mi_sendok(ctx, SMFIF_ADDRCPT))
return MI_FAILURE;
timeout.tv_sec = ctx->ctx_timeout;
timeout.tv_usec = 0;
len = strlen(rcpt) + 1;
return mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_ADDRCPT, rcpt, len);
}
/*
** SMFI_DELRCPT -- send a recipient to be removed to the MTA
**
** Parameters:
** ctx -- Opaque context structure
** rcpt -- recipient address
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_delrcpt(ctx, rcpt)
SMFICTX *ctx;
char *rcpt;
{
size_t len;
struct timeval timeout;
if (rcpt == NULL || *rcpt == '\0')
return MI_FAILURE;
if (!mi_sendok(ctx, SMFIF_DELRCPT))
return MI_FAILURE;
timeout.tv_sec = ctx->ctx_timeout;
timeout.tv_usec = 0;
len = strlen(rcpt) + 1;
return mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_DELRCPT, rcpt, len);
}
/*
** SMFI_REPLACEBODY -- send a body chunk to the MTA
**
** Parameters:
** ctx -- Opaque context structure
** bodyp -- body chunk
** bodylen -- length of body chunk
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_replacebody(ctx, bodyp, bodylen)
SMFICTX *ctx;
unsigned char *bodyp;
int bodylen;
{
int len, off, r;
struct timeval timeout;
if (bodylen < 0 ||
(bodyp == NULL && bodylen > 0))
return MI_FAILURE;
if (!mi_sendok(ctx, SMFIF_CHGBODY))
return MI_FAILURE;
timeout.tv_sec = ctx->ctx_timeout;
timeout.tv_usec = 0;
/* split body chunk if necessary */
off = 0;
do
{
len = (bodylen >= MILTER_CHUNK_SIZE) ? MILTER_CHUNK_SIZE :
bodylen;
if ((r = mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_REPLBODY,
(char *) (bodyp + off), len)) != MI_SUCCESS)
return r;
off += len;
bodylen -= len;
} while (bodylen > 0);
return MI_SUCCESS;
}
/*
** SMFI_QUARANTINE -- quarantine an envelope
**
** Parameters:
** ctx -- Opaque context structure
** reason -- why?
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_quarantine(ctx, reason)
SMFICTX *ctx;
char *reason;
{
size_t len;
int r;
char *buf;
struct timeval timeout;
if (reason == NULL || *reason == '\0')
return MI_FAILURE;
if (!mi_sendok(ctx, SMFIF_QUARANTINE))
return MI_FAILURE;
timeout.tv_sec = ctx->ctx_timeout;
timeout.tv_usec = 0;
len = strlen(reason) + 1;
buf = malloc(len);
if (buf == NULL)
return MI_FAILURE;
(void) memcpy(buf, reason, len);
r = mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_QUARANTINE, buf, len);
free(buf);
return r;
}
/*
** MYISENHSC -- check whether a string contains an enhanced status code
**
** Parameters:
** s -- string with possible enhanced status code.
** delim -- delim for enhanced status code.
**
** Returns:
** 0 -- no enhanced status code.
** >4 -- length of enhanced status code.
**
** Side Effects:
** none.
*/
static int
myisenhsc(s, delim)
const char *s;
int delim;
{
int l, h;
if (s == NULL)
return 0;
if (!((*s == '2' || *s == '4' || *s == '5') && s[1] == '.'))
return 0;
h = 0;
l = 2;
while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
++h;
if (h == 0 || s[l + h] != '.')
return 0;
l += h + 1;
h = 0;
while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
++h;
if (h == 0 || s[l + h] != delim)
return 0;
return l + h;
}
/*
** SMFI_SETREPLY -- set the reply code for the next reply to the MTA
**
** Parameters:
** ctx -- Opaque context structure
** rcode -- The three-digit (RFC 821) SMTP reply code.
** xcode -- The extended (RFC 2034) reply code.
** message -- The text part of the SMTP reply.
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_setreply(ctx, rcode, xcode, message)
SMFICTX *ctx;
char *rcode;
char *xcode;
char *message;
{
size_t len;
char *buf;
if (rcode == NULL || ctx == NULL)
return MI_FAILURE;
/* ### <sp> \0 */
len = strlen(rcode) + 2;
if (len != 5)
return MI_FAILURE;
if ((rcode[0] != '4' && rcode[0] != '5') ||
!isascii(rcode[1]) || !isdigit(rcode[1]) ||
!isascii(rcode[2]) || !isdigit(rcode[2]))
return MI_FAILURE;
if (xcode != NULL)
{
if (!myisenhsc(xcode, '\0'))
return MI_FAILURE;
len += strlen(xcode) + 1;
}
if (message != NULL)
{
size_t ml;
/* XXX check also for unprintable chars? */
if (strpbrk(message, "\r\n") != NULL)
return MI_FAILURE;
ml = strlen(message);
if (ml > MAXREPLYLEN)
return MI_FAILURE;
len += ml + 1;
}
buf = malloc(len);
if (buf == NULL)
return MI_FAILURE; /* oops */
(void) sm_strlcpy(buf, rcode, len);
(void) sm_strlcat(buf, " ", len);
if (xcode != NULL)
(void) sm_strlcat(buf, xcode, len);
if (message != NULL)
{
if (xcode != NULL)
(void) sm_strlcat(buf, " ", len);
(void) sm_strlcat(buf, message, len);
}
if (ctx->ctx_reply != NULL)
free(ctx->ctx_reply);
ctx->ctx_reply = buf;
return MI_SUCCESS;
}
/*
** SMFI_SETMLREPLY -- set multiline reply code for the next reply to the MTA
**
** Parameters:
** ctx -- Opaque context structure
** rcode -- The three-digit (RFC 821) SMTP reply code.
** xcode -- The extended (RFC 2034) reply code.
** txt, ... -- The text part of the SMTP reply,
** MUST be terminated with NULL.
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
#if SM_VA_STD
smfi_setmlreply(SMFICTX *ctx, const char *rcode, const char *xcode, ...)
#else /* SM_VA_STD */
smfi_setmlreply(ctx, rcode, xcode, va_alist)
SMFICTX *ctx;
const char *rcode;
const char *xcode;
va_dcl
#endif /* SM_VA_STD */
{
size_t len;
size_t rlen;
int args;
char *buf, *txt;
const char *xc;
char repl[16];
SM_VA_LOCAL_DECL
if (rcode == NULL || ctx == NULL)
return MI_FAILURE;
/* ### <sp> */
len = strlen(rcode) + 1;
if (len != 4)
return MI_FAILURE;
if ((rcode[0] != '4' && rcode[0] != '5') ||
!isascii(rcode[1]) || !isdigit(rcode[1]) ||
!isascii(rcode[2]) || !isdigit(rcode[2]))
return MI_FAILURE;
if (xcode != NULL)
{
if (!myisenhsc(xcode, '\0'))
return MI_FAILURE;
xc = xcode;
}
else
{
if (rcode[0] == '4')
xc = "4.0.0";
else
xc = "5.0.0";
}
/* add trailing space */
len += strlen(xc) + 1;
rlen = len;
args = 0;
SM_VA_START(ap, xcode);
while ((txt = SM_VA_ARG(ap, char *)) != NULL)
{
size_t tl;
tl = strlen(txt);
if (tl > MAXREPLYLEN)
break;
/* this text, reply codes, \r\n */
len += tl + 2 + rlen;
if (++args > MAXREPLIES)
break;
/* XXX check also for unprintable chars? */
if (strpbrk(txt, "\r\n") != NULL)
break;
}
SM_VA_END(ap);
if (txt != NULL)
return MI_FAILURE;
/* trailing '\0' */
++len;
buf = malloc(len);
if (buf == NULL)
return MI_FAILURE; /* oops */
(void) sm_strlcpyn(buf, len, 3, rcode, args == 1 ? " " : "-", xc);
(void) sm_strlcpyn(repl, sizeof repl, 4, rcode, args == 1 ? " " : "-",
xc, " ");
SM_VA_START(ap, xcode);
txt = SM_VA_ARG(ap, char *);
if (txt != NULL)
{
(void) sm_strlcat2(buf, " ", txt, len);
while ((txt = SM_VA_ARG(ap, char *)) != NULL)
{
if (--args <= 1)
repl[3] = ' ';
(void) sm_strlcat2(buf, "\r\n", repl, len);
(void) sm_strlcat(buf, txt, len);
}
}
if (ctx->ctx_reply != NULL)
free(ctx->ctx_reply);
ctx->ctx_reply = buf;
SM_VA_END(ap);
return MI_SUCCESS;
}
/*
** SMFI_SETPRIV -- set private data
**
** Parameters:
** ctx -- Opaque context structure
** privatedata -- pointer to private data
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_setpriv(ctx, privatedata)
SMFICTX *ctx;
void *privatedata;
{
if (ctx == NULL)
return MI_FAILURE;
ctx->ctx_privdata = privatedata;
return MI_SUCCESS;
}
/*
** SMFI_GETPRIV -- get private data
**
** Parameters:
** ctx -- Opaque context structure
**
** Returns:
** pointer to private data
*/
void *
smfi_getpriv(ctx)
SMFICTX *ctx;
{
if (ctx == NULL)
return NULL;
return ctx->ctx_privdata;
}
/*
** SMFI_GETSYMVAL -- get the value of a macro
**
** See explanation in mfapi.h about layout of the structures.
**
** Parameters:
** ctx -- Opaque context structure
** symname -- name of macro
**
** Returns:
** value of macro (NULL in case of failure)
*/
char *
smfi_getsymval(ctx, symname)
SMFICTX *ctx;
char *symname;
{
int i;
char **s;
char one[2];
char braces[4];
if (ctx == NULL || symname == NULL || *symname == '\0')
return NULL;
if (strlen(symname) == 3 && symname[0] == '{' && symname[2] == '}')
{
one[0] = symname[1];
one[1] = '\0';
}
else
one[0] = '\0';
if (strlen(symname) == 1)
{
braces[0] = '{';
braces[1] = *symname;
braces[2] = '}';
braces[3] = '\0';
}
else
braces[0] = '\0';
/* search backwards through the macro array */
for (i = MAX_MACROS_ENTRIES - 1 ; i >= 0; --i)
{
if ((s = ctx->ctx_mac_ptr[i]) == NULL ||
ctx->ctx_mac_buf[i] == NULL)
continue;
while (s != NULL && *s != NULL)
{
if (strcmp(*s, symname) == 0)
return *++s;
if (one[0] != '\0' && strcmp(*s, one) == 0)
return *++s;
if (braces[0] != '\0' && strcmp(*s, braces) == 0)
return *++s;
++s; /* skip over macro value */
++s; /* points to next macro name */
}
}
return NULL;
}
/*
** SMFI_PROGRESS -- send "progress" message to the MTA to prevent premature
** timeouts during long milter-side operations
**
** Parameters:
** ctx -- Opaque context structure
**
** Return value:
** MI_SUCCESS/MI_FAILURE
*/
int
smfi_progress(ctx)
SMFICTX *ctx;
{
struct timeval timeout;
if (ctx == NULL)
return MI_FAILURE;
timeout.tv_sec = ctx->ctx_timeout;
timeout.tv_usec = 0;
return mi_wr_cmd(ctx->ctx_sd, &timeout, SMFIR_PROGRESS, NULL, 0);
}
/*
** SMFI_VERSION -- return (runtime) version of libmilter
**
** Parameters:
** major -- (pointer to) major version
** minor -- (pointer to) minor version
** patchlevel -- (pointer to) patchlevel version
**
** Return value:
** MI_SUCCESS
*/
int
smfi_version(major, minor, patchlevel)
unsigned int *major;
unsigned int *minor;
unsigned int *patchlevel;
{
if (major != NULL)
*major = SM_LM_VRS_MAJOR(SMFI_VERSION);
if (minor != NULL)
*minor = SM_LM_VRS_MINOR(SMFI_VERSION);
if (patchlevel != NULL)
*patchlevel = SM_LM_VRS_PLVL(SMFI_VERSION);
return MI_SUCCESS;
}
diff --git a/libmilter/worker.c b/libmilter/worker.c
index bf7086a95187..74bf98a39435 100644
--- a/libmilter/worker.c
+++ b/libmilter/worker.c
@@ -1,831 +1,829 @@
/*
* Copyright (c) 2003-2004, 2007, 2009-2012 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* Contributed by Jose Marcio Martins da Cruz - Ecole des Mines de Paris
* Jose-Marcio.Martins@ensmp.fr
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: worker.c,v 8.25 2013-11-22 20:51:37 ca Exp $")
#include "libmilter.h"
#if _FFR_WORKERS_POOL
typedef struct taskmgr_S taskmgr_T;
#define TM_SIGNATURE 0x23021957
struct taskmgr_S
{
long tm_signature; /* has the controller been initialized */
sthread_t tm_tid; /* thread id of controller */
smfi_hd_T tm_ctx_head; /* head of the linked list of contexts */
int tm_nb_workers; /* number of workers in the pool */
int tm_nb_idle; /* number of workers waiting */
int tm_p[2]; /* poll control pipe */
smutex_t tm_w_mutex; /* linked list access mutex */
scond_t tm_w_cond; /* */
};
static taskmgr_T Tskmgr = {0};
#define WRK_CTX_HEAD Tskmgr.tm_ctx_head
#define RD_PIPE (Tskmgr.tm_p[0])
#define WR_PIPE (Tskmgr.tm_p[1])
#define PIPE_SEND_SIGNAL() \
do \
{ \
char evt = 0x5a; \
int fd = WR_PIPE; \
if (write(fd, &evt, sizeof(evt)) != sizeof(evt)) \
smi_log(SMI_LOG_ERR, \
"Error writing to event pipe: %s", \
sm_errstring(errno)); \
} while (0)
#ifndef USE_PIPE_WAKE_POLL
# define USE_PIPE_WAKE_POLL 1
-#endif /* USE_PIPE_WAKE_POLL */
+#endif
/* poll check periodicity (default 10000 - 10 s) */
#define POLL_TIMEOUT 10000
/* worker conditional wait timeout (default 10 s) */
#define COND_TIMEOUT 10
/* functions */
static int mi_close_session __P((SMFICTX_PTR));
static void *mi_worker __P((void *));
static void *mi_pool_controller __P((void *));
static int mi_list_add_ctx __P((SMFICTX_PTR));
static int mi_list_del_ctx __P((SMFICTX_PTR));
/*
** periodicity of cleaning up old sessions (timedout)
** sessions list will be checked to find old inactive
** sessions each DT_CHECK_OLD_SESSIONS sec
*/
#define DT_CHECK_OLD_SESSIONS 600
#ifndef OLD_SESSION_TIMEOUT
# define OLD_SESSION_TIMEOUT ctx->ctx_timeout
-#endif /* OLD_SESSION_TIMEOUT */
+#endif
/* session states - with respect to the pool of workers */
#define WKST_INIT 0 /* initial state */
#define WKST_READY_TO_RUN 1 /* command ready do be read */
#define WKST_RUNNING 2 /* session running on a worker */
#define WKST_READY_TO_WAIT 3 /* session just finished by a worker */
#define WKST_WAITING 4 /* waiting for new command */
#define WKST_CLOSING 5 /* session finished */
#ifndef MIN_WORKERS
# define MIN_WORKERS 2 /* minimum number of threads to keep around */
#endif
#define MIN_IDLE 1 /* minimum number of idle threads */
/*
** Macros for threads and mutex management
*/
#define TASKMGR_LOCK() \
do \
{ \
if (!smutex_lock(&Tskmgr.tm_w_mutex)) \
smi_log(SMI_LOG_ERR, "TASKMGR_LOCK error"); \
} while (0)
#define TASKMGR_UNLOCK() \
do \
{ \
if (!smutex_unlock(&Tskmgr.tm_w_mutex)) \
smi_log(SMI_LOG_ERR, "TASKMGR_UNLOCK error"); \
} while (0)
#define TASKMGR_COND_WAIT() \
scond_timedwait(&Tskmgr.tm_w_cond, &Tskmgr.tm_w_mutex, COND_TIMEOUT)
#define TASKMGR_COND_SIGNAL() \
do \
{ \
if (scond_signal(&Tskmgr.tm_w_cond) != 0) \
smi_log(SMI_LOG_ERR, "TASKMGR_COND_SIGNAL error"); \
} while (0)
#define LAUNCH_WORKER(ctx) \
do \
{ \
int r; \
sthread_t tid; \
\
if ((r = thread_create(&tid, mi_worker, ctx)) != 0) \
smi_log(SMI_LOG_ERR, "LAUNCH_WORKER error: %s",\
sm_errstring(r)); \
} while (0)
#if POOL_DEBUG
# define POOL_LEV_DPRINTF(lev, x) \
do \
{ \
- if ((lev) < ctx->ctx_dbg) \
+ if (ctx != NULL && (lev) < ctx->ctx_dbg) \
sm_dprintf x; \
} while (0)
#else /* POOL_DEBUG */
# define POOL_LEV_DPRINTF(lev, x)
#endif /* POOL_DEBUG */
/*
** MI_START_SESSION -- Start a session in the pool of workers
**
** Parameters:
** ctx -- context structure
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
mi_start_session(ctx)
SMFICTX_PTR ctx;
{
static long id = 0;
/* this can happen if the milter is shutting down */
if (Tskmgr.tm_signature != TM_SIGNATURE)
return MI_FAILURE;
SM_ASSERT(ctx != NULL);
POOL_LEV_DPRINTF(4, ("PIPE r=[%d] w=[%d]", RD_PIPE, WR_PIPE));
TASKMGR_LOCK();
if (mi_list_add_ctx(ctx) != MI_SUCCESS)
{
TASKMGR_UNLOCK();
return MI_FAILURE;
}
ctx->ctx_sid = id++;
/* if there is an idle worker, signal it, otherwise start new worker */
if (Tskmgr.tm_nb_idle > 0)
{
ctx->ctx_wstate = WKST_READY_TO_RUN;
TASKMGR_COND_SIGNAL();
}
else
{
ctx->ctx_wstate = WKST_RUNNING;
LAUNCH_WORKER(ctx);
}
TASKMGR_UNLOCK();
return MI_SUCCESS;
}
/*
** MI_CLOSE_SESSION -- Close a session and clean up data structures
**
** Parameters:
** ctx -- context structure
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
static int
mi_close_session(ctx)
SMFICTX_PTR ctx;
{
SM_ASSERT(ctx != NULL);
(void) mi_list_del_ctx(ctx);
mi_clr_ctx(ctx);
return MI_SUCCESS;
}
/*
** NONBLOCKING -- set nonblocking mode for a file descriptor.
**
** Parameters:
** fd -- file descriptor
** name -- name for (error) logging
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
static int
nonblocking(int fd, const char *name)
{
int r;
errno = 0;
r = fcntl(fd, F_GETFL, 0);
if (r == -1)
{
smi_log(SMI_LOG_ERR, "fcntl(%s, F_GETFL)=%s",
name, sm_errstring(errno));
return MI_FAILURE;
}
errno = 0;
r = fcntl(fd, F_SETFL, r | O_NONBLOCK);
if (r == -1)
{
smi_log(SMI_LOG_ERR, "fcntl(%s, F_SETFL, O_NONBLOCK)=%s",
name, sm_errstring(errno));
return MI_FAILURE;
}
return MI_SUCCESS;
}
/*
** MI_POOL_CONTROLLER_INIT -- Launch the worker pool controller
** Must be called before starting sessions.
**
** Parameters:
** none
**
** Returns:
** MI_SUCCESS/MI_FAILURE
*/
int
mi_pool_controller_init()
{
sthread_t tid;
int r, i;
if (Tskmgr.tm_signature == TM_SIGNATURE)
return MI_SUCCESS;
SM_TAILQ_INIT(&WRK_CTX_HEAD);
Tskmgr.tm_tid = (sthread_t) -1;
Tskmgr.tm_nb_workers = 0;
Tskmgr.tm_nb_idle = 0;
if (pipe(Tskmgr.tm_p) != 0)
{
smi_log(SMI_LOG_ERR, "can't create event pipe: %s",
sm_errstring(errno));
return MI_FAILURE;
}
r = nonblocking(WR_PIPE, "WR_PIPE");
if (r != MI_SUCCESS)
return r;
r = nonblocking(RD_PIPE, "RD_PIPE");
if (r != MI_SUCCESS)
return r;
(void) smutex_init(&Tskmgr.tm_w_mutex);
(void) scond_init(&Tskmgr.tm_w_cond);
/* Launch the pool controller */
if ((r = thread_create(&tid, mi_pool_controller, (void *) NULL)) != 0)
{
smi_log(SMI_LOG_ERR, "can't create controller thread: %s",
sm_errstring(r));
return MI_FAILURE;
}
Tskmgr.tm_tid = tid;
Tskmgr.tm_signature = TM_SIGNATURE;
/* Create the pool of workers */
for (i = 0; i < MIN_WORKERS; i++)
{
if ((r = thread_create(&tid, mi_worker, (void *) NULL)) != 0)
{
smi_log(SMI_LOG_ERR, "can't create workers crew: %s",
sm_errstring(r));
return MI_FAILURE;
}
}
return MI_SUCCESS;
}
/*
** MI_POOL_CONTROLLER -- manage the pool of workers
** This thread must be running when listener begins
** starting sessions
**
** Parameters:
** arg -- unused
**
** Returns:
** NULL
**
** Control flow:
** for (;;)
** Look for timed out sessions
** Select sessions to wait for sendmail command
** Poll set of file descriptors
** if timeout
** continue
** For each file descriptor ready
** launch new thread if no worker available
** else
** signal waiting worker
*/
/* Poll structure array (pollfd) size step */
#define PFD_STEP 256
#define WAIT_FD(i) (pfd[i].fd)
#define WAITFN "POLL"
static void *
mi_pool_controller(arg)
void *arg;
{
struct pollfd *pfd = NULL;
int dim_pfd = 0;
bool rebuild_set = true;
int pcnt = 0; /* error count for poll() failures */
time_t lastcheck;
Tskmgr.tm_tid = sthread_get_id();
if (pthread_detach(Tskmgr.tm_tid) != 0)
{
smi_log(SMI_LOG_ERR, "Failed to detach pool controller thread");
return NULL;
}
pfd = (struct pollfd *) malloc(PFD_STEP * sizeof(struct pollfd));
if (pfd == NULL)
{
smi_log(SMI_LOG_ERR, "Failed to malloc pollfd array: %s",
sm_errstring(errno));
return NULL;
}
dim_pfd = PFD_STEP;
lastcheck = time(NULL);
for (;;)
{
SMFICTX_PTR ctx;
int nfd, r, i;
time_t now;
- POOL_LEV_DPRINTF(4, ("Let's %s again...", WAITFN));
-
if (mi_stop() != MILTER_CONT)
break;
TASKMGR_LOCK();
now = time(NULL);
/* check for timed out sessions? */
if (lastcheck + DT_CHECK_OLD_SESSIONS < now)
{
ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD);
while (ctx != SM_TAILQ_END(&WRK_CTX_HEAD))
{
SMFICTX_PTR ctx_nxt;
ctx_nxt = SM_TAILQ_NEXT(ctx, ctx_link);
if (ctx->ctx_wstate == WKST_WAITING)
{
if (ctx->ctx_wait == 0)
ctx->ctx_wait = now;
else if (ctx->ctx_wait + OLD_SESSION_TIMEOUT
< now)
{
/* if session timed out, close it */
sfsistat (*fi_close) __P((SMFICTX *));
POOL_LEV_DPRINTF(4,
("Closing old connection: sd=%d id=%d",
ctx->ctx_sd,
ctx->ctx_sid));
if ((fi_close = ctx->ctx_smfi->xxfi_close) != NULL)
(void) (*fi_close)(ctx);
mi_close_session(ctx);
}
}
ctx = ctx_nxt;
}
lastcheck = now;
}
if (rebuild_set)
{
/*
** Initialize poll set.
** Insert into the poll set the file descriptors of
** all sessions waiting for a command from sendmail.
*/
nfd = 0;
/* begin with worker pipe */
pfd[nfd].fd = RD_PIPE;
pfd[nfd].events = MI_POLL_RD_FLAGS;
pfd[nfd].revents = 0;
nfd++;
SM_TAILQ_FOREACH(ctx, &WRK_CTX_HEAD, ctx_link)
{
/*
** update ctx_wait - start of wait moment -
** for timeout
*/
if (ctx->ctx_wstate == WKST_READY_TO_WAIT)
ctx->ctx_wait = now;
/* add the session to the pollfd array? */
if ((ctx->ctx_wstate == WKST_READY_TO_WAIT) ||
(ctx->ctx_wstate == WKST_WAITING))
{
/*
** Resize the pollfd array if it
** isn't large enough.
*/
if (nfd >= dim_pfd)
{
struct pollfd *tpfd;
size_t new;
new = (dim_pfd + PFD_STEP) *
sizeof(*tpfd);
tpfd = (struct pollfd *)
realloc(pfd, new);
if (tpfd != NULL)
{
pfd = tpfd;
dim_pfd += PFD_STEP;
}
else
{
smi_log(SMI_LOG_ERR,
"Failed to realloc pollfd array:%s",
sm_errstring(errno));
}
}
/* add the session to pollfd array */
if (nfd < dim_pfd)
{
ctx->ctx_wstate = WKST_WAITING;
pfd[nfd].fd = ctx->ctx_sd;
pfd[nfd].events = MI_POLL_RD_FLAGS;
pfd[nfd].revents = 0;
nfd++;
}
}
}
rebuild_set = false;
}
TASKMGR_UNLOCK();
/* Everything is ready, let's wait for an event */
r = poll(pfd, nfd, POLL_TIMEOUT);
POOL_LEV_DPRINTF(4, ("%s returned: at epoch %d value %d",
WAITFN, now, nfd));
/* timeout */
if (r == 0)
continue;
rebuild_set = true;
/* error */
if (r < 0)
{
if (errno == EINTR)
continue;
pcnt++;
smi_log(SMI_LOG_ERR,
"%s() failed (%s), %s",
WAITFN, sm_errstring(errno),
pcnt >= MAX_FAILS_S ? "abort" : "try again");
if (pcnt >= MAX_FAILS_S)
goto err;
continue;
}
pcnt = 0;
/* something happened */
for (i = 0; i < nfd; i++)
{
if (pfd[i].revents == 0)
continue;
POOL_LEV_DPRINTF(4, ("%s event on pfd[%d/%d]=%d ",
WAITFN, i, nfd,
WAIT_FD(i)));
/* has a worker signaled an end of task? */
if (WAIT_FD(i) == RD_PIPE)
{
char evts[256];
ssize_t r;
POOL_LEV_DPRINTF(4,
("PIPE WILL READ evt = %08X %08X",
pfd[i].events, pfd[i].revents));
r = 1;
while ((pfd[i].revents & MI_POLL_RD_FLAGS) != 0
&& r != -1)
{
r = read(RD_PIPE, evts, sizeof(evts));
}
POOL_LEV_DPRINTF(4,
("PIPE DONE READ i=[%d] fd=[%d] r=[%d] evt=[%d]",
i, RD_PIPE, (int) r, evts[0]));
if ((pfd[i].revents & ~MI_POLL_RD_FLAGS) != 0)
{
/* Exception handling */
}
continue;
}
/*
** Not the pipe for workers waking us,
** so must be something on an MTA connection.
*/
TASKMGR_LOCK();
SM_TAILQ_FOREACH(ctx, &WRK_CTX_HEAD, ctx_link)
{
if (ctx->ctx_wstate != WKST_WAITING)
continue;
POOL_LEV_DPRINTF(4,
("Checking context sd=%d - fd=%d ",
ctx->ctx_sd , WAIT_FD(i)));
if (ctx->ctx_sd == pfd[i].fd)
{
POOL_LEV_DPRINTF(4,
("TASK: found %d for fd[%d]=%d",
ctx->ctx_sid, i, WAIT_FD(i)));
if (Tskmgr.tm_nb_idle > 0)
{
ctx->ctx_wstate = WKST_READY_TO_RUN;
TASKMGR_COND_SIGNAL();
}
else
{
ctx->ctx_wstate = WKST_RUNNING;
LAUNCH_WORKER(ctx);
}
break;
}
}
TASKMGR_UNLOCK();
POOL_LEV_DPRINTF(4,
("TASK %s FOUND - Checking PIPE for fd[%d]",
ctx != NULL ? "" : "NOT", WAIT_FD(i)));
}
}
err:
if (pfd != NULL)
free(pfd);
Tskmgr.tm_signature = 0;
#if 0
/*
** Do not clean up ctx -- it can cause double-free()s.
** The program is shutting down anyway, so it's not worth the trouble.
** There is a more complex solution that prevents race conditions
** while accessing ctx, but that's maybe for a later version.
*/
for (;;)
{
SMFICTX_PTR ctx;
ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD);
if (ctx == NULL)
break;
mi_close_session(ctx);
}
#endif
(void) smutex_destroy(&Tskmgr.tm_w_mutex);
(void) scond_destroy(&Tskmgr.tm_w_cond);
return NULL;
}
/*
** Look for a task ready to run.
** Value of ctx is NULL or a pointer to a task ready to run.
*/
#define GET_TASK_READY_TO_RUN() \
SM_TAILQ_FOREACH(ctx, &WRK_CTX_HEAD, ctx_link) \
{ \
if (ctx->ctx_wstate == WKST_READY_TO_RUN) \
{ \
ctx->ctx_wstate = WKST_RUNNING; \
break; \
} \
}
/*
** MI_WORKER -- worker thread
** executes tasks distributed by the mi_pool_controller
** or by mi_start_session
**
** Parameters:
** arg -- pointer to context structure
**
** Returns:
** NULL pointer
*/
static void *
mi_worker(arg)
void *arg;
{
SMFICTX_PTR ctx;
bool done;
sthread_t t_id;
int r;
ctx = (SMFICTX_PTR) arg;
done = false;
if (ctx != NULL)
ctx->ctx_wstate = WKST_RUNNING;
t_id = sthread_get_id();
if (pthread_detach(t_id) != 0)
{
smi_log(SMI_LOG_ERR, "Failed to detach worker thread");
if (ctx != NULL)
ctx->ctx_wstate = WKST_READY_TO_RUN;
return NULL;
}
TASKMGR_LOCK();
Tskmgr.tm_nb_workers++;
TASKMGR_UNLOCK();
while (!done)
{
if (mi_stop() != MILTER_CONT)
break;
/* let's handle next task... */
if (ctx != NULL)
{
int res;
POOL_LEV_DPRINTF(4,
("worker %d: new task -> let's handle it",
t_id));
res = mi_engine(ctx);
POOL_LEV_DPRINTF(4,
("worker %d: mi_engine returned %d", t_id, res));
TASKMGR_LOCK();
if (res != MI_CONTINUE)
{
ctx->ctx_wstate = WKST_CLOSING;
/*
** Delete context from linked list of
** sessions and close session.
*/
mi_close_session(ctx);
}
else
{
ctx->ctx_wstate = WKST_READY_TO_WAIT;
POOL_LEV_DPRINTF(4,
("writing to event pipe..."));
/*
** Signal task controller to add new session
** to poll set.
*/
PIPE_SEND_SIGNAL();
}
TASKMGR_UNLOCK();
ctx = NULL;
}
/* check if there is any task waiting to be served */
TASKMGR_LOCK();
GET_TASK_READY_TO_RUN();
/* Got a task? */
if (ctx != NULL)
{
TASKMGR_UNLOCK();
continue;
}
/*
** if not, let's check if there is enough idle workers
** if yes: quit
*/
if (Tskmgr.tm_nb_workers > MIN_WORKERS &&
Tskmgr.tm_nb_idle > MIN_IDLE)
done = true;
POOL_LEV_DPRINTF(4, ("worker %d: checking ... %d %d", t_id,
Tskmgr.tm_nb_workers, Tskmgr.tm_nb_idle + 1));
if (done)
{
POOL_LEV_DPRINTF(4, ("worker %d: quitting... ", t_id));
Tskmgr.tm_nb_workers--;
TASKMGR_UNLOCK();
continue;
}
/*
** if no task ready to run, wait for another one
*/
Tskmgr.tm_nb_idle++;
TASKMGR_COND_WAIT();
Tskmgr.tm_nb_idle--;
/* look for a task */
GET_TASK_READY_TO_RUN();
TASKMGR_UNLOCK();
}
return NULL;
}
/*
** MI_LIST_ADD_CTX -- add new session to linked list
**
** Parameters:
** ctx -- context structure
**
** Returns:
** MI_FAILURE/MI_SUCCESS
*/
static int
mi_list_add_ctx(ctx)
SMFICTX_PTR ctx;
{
SM_ASSERT(ctx != NULL);
SM_TAILQ_INSERT_TAIL(&WRK_CTX_HEAD, ctx, ctx_link);
return MI_SUCCESS;
}
/*
** MI_LIST_DEL_CTX -- remove session from linked list when finished
**
** Parameters:
** ctx -- context structure
**
** Returns:
** MI_FAILURE/MI_SUCCESS
*/
static int
mi_list_del_ctx(ctx)
SMFICTX_PTR ctx;
{
SM_ASSERT(ctx != NULL);
if (SM_TAILQ_EMPTY(&WRK_CTX_HEAD))
return MI_FAILURE;
SM_TAILQ_REMOVE(&WRK_CTX_HEAD, ctx, ctx_link);
return MI_SUCCESS;
}
#endif /* _FFR_WORKERS_POOL */
diff --git a/libsm/Makefile b/libsm/Makefile
index e4b9871f98cd..4f43b9294576 100644
--- a/libsm/Makefile
+++ b/libsm/Makefile
@@ -1,19 +1,19 @@
# $Id: Makefile,v 1.2 2006-08-16 21:06:30 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
-install: FRC
- $(SHELL) $(BUILD) $(OPTIONS) $@
check: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+install: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/libsm/Makefile.m4 b/libsm/Makefile.m4
index 5882bb63f4e6..0dcb2d02b68d 100644
--- a/libsm/Makefile.m4
+++ b/libsm/Makefile.m4
@@ -1,46 +1,47 @@
dnl $Id: Makefile.m4,v 1.75 2013-08-27 19:02:10 ca Exp $
define(`confREQUIRE_LIBUNIX')
include(confBUILDTOOLSDIR`/M4/switch.m4')
define(`confREQUIRE_LIBSM', `true')
define(`confREQUIRE_SM_OS_H', `true')
PREPENDDEF(`confENVDEF', `confMAPDEF')
bldPRODUCT_START(`library', `libsm')
-define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ')
+define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c notify.c ')
bldPRODUCT_END
dnl msg.c
dnl syslogio.c
define(`confCHECK_LIBS',`libsm.a')dnl
include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/check.m4')
smcheck(`t-event', `compile-run')
smcheck(`t-exc', `compile-run')
smcheck(`t-rpool', `compile-run')
smcheck(`t-string', `compile-run')
smcheck(`t-smstdio', `compile-run')
smcheck(`t-fget', `compile-run')
smcheck(`t-match', `compile-run')
smcheck(`t-strio', `compile-run')
smcheck(`t-heap', `compile-run')
smcheck(`t-fopen', `compile-run')
smcheck(`t-strl', `compile-run')
smcheck(`t-strrevcmp', `compile-run')
smcheck(`t-types', `compile-run')
smcheck(`t-path', `compile-run')
smcheck(`t-float', `compile-run')
smcheck(`t-scanf', `compile-run')
smcheck(`t-shm', `compile-run')
smcheck(`t-sem', `compile-run')
smcheck(`t-inet6_ntop', `compile-run')
+smcheck(`t-notify', `compile-run')
dnl smcheck(`t-msg', `compile-run')
smcheck(`t-cf')
smcheck(`b-strcmp')
dnl SM_CONF_STRL cannot be turned off
dnl smcheck(`b-strl')
smcheck(`t-memstat')
smcheck(`t-qic', `compile-run')
divert(bldTARGETS_SECTION)
divert(0)
bldFINISH
diff --git a/libsm/assert.c b/libsm/assert.c
index 6393e9eca419..e77720109028 100644
--- a/libsm/assert.c
+++ b/libsm/assert.c
@@ -1,187 +1,187 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: assert.c,v 1.27 2013-11-22 20:51:42 ca Exp $")
/*
** Abnormal program termination and assertion checking.
** For documentation, see assert.html.
*/
#include <signal.h>
#include <stdlib.h>
#include <unistd.h>
#include <sm/assert.h>
#include <sm/exc.h>
#include <sm/io.h>
#include <sm/varargs.h>
/*
** Debug categories that are used to guard expensive assertion checks.
*/
SM_DEBUG_T SmExpensiveAssert = SM_DEBUG_INITIALIZER("sm_check_assert",
"@(#)$Debug: sm_check_assert - check assertions $");
SM_DEBUG_T SmExpensiveRequire = SM_DEBUG_INITIALIZER("sm_check_require",
"@(#)$Debug: sm_check_require - check function preconditions $");
SM_DEBUG_T SmExpensiveEnsure = SM_DEBUG_INITIALIZER("sm_check_ensure",
"@(#)$Debug: sm_check_ensure - check function postconditions $");
/*
** Debug category: send self SIGSTOP on fatal error,
** so that you can run a debugger on the stopped process.
*/
SM_DEBUG_T SmAbortStop = SM_DEBUG_INITIALIZER("sm_abort_stop",
"@(#)$Debug: sm_abort_stop - stop process on fatal error $");
/*
** SM_ABORT_DEFAULTHANDLER -- Default procedure for abnormal program
** termination.
**
** The goal is to display an error message without disturbing the
** process state too much, then dump core.
**
** Parameters:
** filename -- filename (can be NULL).
** lineno -- line number.
** msg -- message.
**
** Returns:
** doesn't return.
*/
static void
sm_abort_defaulthandler __P((
const char *filename,
int lineno,
const char *msg));
static void
sm_abort_defaulthandler(filename, lineno, msg)
const char *filename;
int lineno;
const char *msg;
{
if (filename != NULL)
sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "%s:%d: %s\n", filename,
lineno, msg);
else
sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "%s\n", msg);
sm_io_flush(smioerr, SM_TIME_DEFAULT);
#ifdef SIGSTOP
if (sm_debug_active(&SmAbortStop, 1))
kill(getpid(), SIGSTOP);
-#endif /* SIGSTOP */
+#endif
abort();
}
/*
** This is the action to be taken to cause abnormal program termination.
*/
static SM_ABORT_HANDLER_T SmAbortHandler = sm_abort_defaulthandler;
/*
** SM_ABORT_SETHANDLER -- Set handler for SM_ABORT()
**
** This allows you to set a handler function for causing abnormal
** program termination; it is called when a logic bug is detected.
**
** Parameters:
** f -- handler.
**
** Returns:
** none.
*/
void
sm_abort_sethandler(f)
SM_ABORT_HANDLER_T f;
{
if (f == NULL)
SmAbortHandler = sm_abort_defaulthandler;
else
SmAbortHandler = f;
}
/*
** SM_ABORT -- Call it when you have detected a logic bug.
**
** Parameters:
** fmt -- format string.
** ... -- arguments.
**
** Returns:
** doesn't.
*/
void SM_DEAD_D
#if SM_VA_STD
sm_abort(char *fmt, ...)
#else /* SM_VA_STD */
sm_abort(fmt, va_alist)
char *fmt;
va_dcl
#endif /* SM_VA_STD */
{
char msg[128];
SM_VA_LOCAL_DECL
SM_VA_START(ap, fmt);
sm_vsnprintf(msg, sizeof msg, fmt, ap);
SM_VA_END(ap);
sm_abort_at(NULL, 0, msg);
}
/*
** SM_ABORT_AT -- Initiate abnormal program termination.
**
** This is the low level function that is called to initiate abnormal
** program termination. It prints an error message and terminates the
** program. It is called by sm_abort and by the assertion macros.
** If filename != NULL then filename and lineno specify the line of source
** code at which the bug was detected.
**
** Parameters:
** filename -- filename (can be NULL).
** lineno -- line number.
** msg -- message.
**
** Returns:
** doesn't.
*/
void SM_DEAD_D
sm_abort_at(filename, lineno, msg)
const char *filename;
int lineno;
const char *msg;
{
SM_TRY
(*SmAbortHandler)(filename, lineno, msg);
SM_EXCEPT(exc, "*")
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"exception raised by abort handler:\n");
sm_exc_print(exc, smioerr);
sm_io_flush(smioerr, SM_TIME_DEFAULT);
SM_END_TRY
/*
** SmAbortHandler isn't supposed to return.
** Since it has, let's make sure that the program is terminated.
*/
abort();
}
diff --git a/libsm/clock.c b/libsm/clock.c
index 5e4d7598dba8..6e300b0a5ca4 100644
--- a/libsm/clock.c
+++ b/libsm/clock.c
@@ -1,640 +1,640 @@
/*
* Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: clock.c,v 1.48 2013-11-22 20:51:42 ca Exp $")
#include <unistd.h>
#include <time.h>
#include <errno.h>
#if SM_CONF_SETITIMER
# include <sm/time.h>
-#endif /* SM_CONF_SETITIMER */
+#endif
#include <sm/heap.h>
#include <sm/debug.h>
#include <sm/bitops.h>
#include <sm/clock.h>
#include "local.h"
#if _FFR_SLEEP_USE_SELECT > 0
# include <sys/types.h>
-#endif /* _FFR_SLEEP_USE_SELECT > 0 */
+#endif
#if defined(_FFR_MAX_SLEEP_TIME) && _FFR_MAX_SLEEP_TIME > 2
# include <syslog.h>
-#endif /* defined(_FFR_MAX_SLEEP_TIME) && _FFR_MAX_SLEEP_TIME > 2 */
+#endif
#ifndef sigmask
# define sigmask(s) (1 << ((s) - 1))
-#endif /* ! sigmask */
+#endif
/*
** SM_SETEVENTM -- set an event to happen at a specific time in milliseconds.
**
** Events are stored in a sorted list for fast processing.
** An event only applies to the process that set it.
** Source is #ifdef'd to work with older OS's that don't have setitimer()
** (that is, don't have a timer granularity less than 1 second).
**
** Parameters:
** intvl -- interval until next event occurs (milliseconds).
** func -- function to call on event.
** arg -- argument to func on event.
**
** Returns:
** On success returns the SM_EVENT entry created.
** On failure returns NULL.
**
** Side Effects:
** none.
*/
static SM_EVENT *volatile SmEventQueue; /* head of event queue */
static SM_EVENT *volatile SmFreeEventList; /* list of free events */
SM_EVENT *
sm_seteventm(intvl, func, arg)
int intvl;
void (*func)__P((int));
int arg;
{
ENTER_CRITICAL();
if (SmFreeEventList == NULL)
{
SmFreeEventList = (SM_EVENT *) sm_pmalloc_x(sizeof *SmFreeEventList);
SmFreeEventList->ev_link = NULL;
}
LEAVE_CRITICAL();
return sm_sigsafe_seteventm(intvl, func, arg);
}
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
SM_EVENT *
sm_sigsafe_seteventm(intvl, func, arg)
int intvl;
void (*func)__P((int));
int arg;
{
register SM_EVENT **evp;
register SM_EVENT *ev;
#if SM_CONF_SETITIMER
auto struct timeval now, nowi, ival;
auto struct itimerval itime;
-#else /* SM_CONF_SETITIMER */
+#else
auto time_t now, nowi;
-#endif /* SM_CONF_SETITIMER */
+#endif
int wasblocked;
/* negative times are not allowed */
if (intvl <= 0)
return NULL;
wasblocked = sm_blocksignal(SIGALRM);
#if SM_CONF_SETITIMER
ival.tv_sec = intvl / 1000;
ival.tv_usec = (intvl - ival.tv_sec * 1000) * 10;
(void) gettimeofday(&now, NULL);
nowi = now;
timeradd(&now, &ival, &nowi);
#else /* SM_CONF_SETITIMER */
now = time(NULL);
nowi = now + (time_t)(intvl / 1000);
#endif /* SM_CONF_SETITIMER */
/* search event queue for correct position */
for (evp = (SM_EVENT **) (&SmEventQueue);
(ev = *evp) != NULL;
evp = &ev->ev_link)
{
#if SM_CONF_SETITIMER
if (timercmp(&(ev->ev_time), &nowi, >=))
-#else /* SM_CONF_SETITIMER */
+#else
if (ev->ev_time >= nowi)
-#endif /* SM_CONF_SETITIMER */
+#endif
break;
}
ENTER_CRITICAL();
if (SmFreeEventList == NULL)
{
/*
** This shouldn't happen. If called from sm_seteventm(),
** we have just malloced a SmFreeEventList entry. If
** called from a signal handler, it should have been
** from an existing event which sm_tick() just added to
** SmFreeEventList.
*/
LEAVE_CRITICAL();
if (wasblocked == 0)
(void) sm_releasesignal(SIGALRM);
return NULL;
}
else
{
ev = SmFreeEventList;
SmFreeEventList = ev->ev_link;
}
LEAVE_CRITICAL();
/* insert new event */
ev->ev_time = nowi;
ev->ev_func = func;
ev->ev_arg = arg;
ev->ev_pid = getpid();
ENTER_CRITICAL();
ev->ev_link = *evp;
*evp = ev;
LEAVE_CRITICAL();
(void) sm_signal(SIGALRM, sm_tick);
# if SM_CONF_SETITIMER
timersub(&SmEventQueue->ev_time, &now, &itime.it_value);
itime.it_interval.tv_sec = 0;
itime.it_interval.tv_usec = 0;
if (itime.it_value.tv_sec < 0)
itime.it_value.tv_sec = 0;
if (itime.it_value.tv_sec == 0 && itime.it_value.tv_usec == 0)
itime.it_value.tv_usec = 1000;
(void) setitimer(ITIMER_REAL, &itime, NULL);
# else /* SM_CONF_SETITIMER */
intvl = SmEventQueue->ev_time - now;
(void) alarm((unsigned) (intvl < 1 ? 1 : intvl));
# endif /* SM_CONF_SETITIMER */
if (wasblocked == 0)
(void) sm_releasesignal(SIGALRM);
return ev;
}
/*
** SM_CLREVENT -- remove an event from the event queue.
**
** Parameters:
** ev -- pointer to event to remove.
**
** Returns:
** none.
**
** Side Effects:
** arranges for event ev to not happen.
*/
void
sm_clrevent(ev)
register SM_EVENT *ev;
{
register SM_EVENT **evp;
int wasblocked;
# if SM_CONF_SETITIMER
struct itimerval clr;
-# endif /* SM_CONF_SETITIMER */
+# endif
if (ev == NULL)
return;
/* find the parent event */
wasblocked = sm_blocksignal(SIGALRM);
for (evp = (SM_EVENT **) (&SmEventQueue);
*evp != NULL;
evp = &(*evp)->ev_link)
{
if (*evp == ev)
break;
}
/* now remove it */
if (*evp != NULL)
{
ENTER_CRITICAL();
*evp = ev->ev_link;
ev->ev_link = SmFreeEventList;
SmFreeEventList = ev;
LEAVE_CRITICAL();
}
/* restore clocks and pick up anything spare */
if (wasblocked == 0)
(void) sm_releasesignal(SIGALRM);
if (SmEventQueue != NULL)
(void) kill(getpid(), SIGALRM);
else
{
/* nothing left in event queue, no need for an alarm */
# if SM_CONF_SETITIMER
clr.it_interval.tv_sec = 0;
clr.it_interval.tv_usec = 0;
clr.it_value.tv_sec = 0;
clr.it_value.tv_usec = 0;
(void) setitimer(ITIMER_REAL, &clr, NULL);
# else /* SM_CONF_SETITIMER */
(void) alarm(0);
# endif /* SM_CONF_SETITIMER */
}
}
/*
** SM_CLEAR_EVENTS -- remove all events from the event queue.
**
** Parameters:
** none.
**
** Returns:
** none.
*/
void
sm_clear_events()
{
register SM_EVENT *ev;
#if SM_CONF_SETITIMER
struct itimerval clr;
-#endif /* SM_CONF_SETITIMER */
+#endif
int wasblocked;
/* nothing will be left in event queue, no need for an alarm */
#if SM_CONF_SETITIMER
clr.it_interval.tv_sec = 0;
clr.it_interval.tv_usec = 0;
clr.it_value.tv_sec = 0;
clr.it_value.tv_usec = 0;
(void) setitimer(ITIMER_REAL, &clr, NULL);
#else /* SM_CONF_SETITIMER */
(void) alarm(0);
#endif /* SM_CONF_SETITIMER */
if (SmEventQueue == NULL)
return;
wasblocked = sm_blocksignal(SIGALRM);
/* find the end of the EventQueue */
for (ev = SmEventQueue; ev->ev_link != NULL; ev = ev->ev_link)
continue;
ENTER_CRITICAL();
ev->ev_link = SmFreeEventList;
SmFreeEventList = SmEventQueue;
SmEventQueue = NULL;
LEAVE_CRITICAL();
/* restore clocks and pick up anything spare */
if (wasblocked == 0)
(void) sm_releasesignal(SIGALRM);
}
/*
** SM_TICK -- take a clock tick
**
** Called by the alarm clock. This routine runs events as needed.
** Always called as a signal handler, so we assume that SIGALRM
** has been blocked.
**
** Parameters:
** One that is ignored; for compatibility with signal handlers.
**
** Returns:
** none.
**
** Side Effects:
** calls the next function in EventQueue.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED */
SIGFUNC_DECL
sm_tick(sig)
int sig;
{
register SM_EVENT *ev;
pid_t mypid;
int save_errno = errno;
#if SM_CONF_SETITIMER
struct itimerval clr;
struct timeval now;
-#else /* SM_CONF_SETITIMER */
+#else
register time_t now;
#endif /* SM_CONF_SETITIMER */
#if SM_CONF_SETITIMER
clr.it_interval.tv_sec = 0;
clr.it_interval.tv_usec = 0;
clr.it_value.tv_sec = 0;
clr.it_value.tv_usec = 0;
(void) setitimer(ITIMER_REAL, &clr, NULL);
gettimeofday(&now, NULL);
#else /* SM_CONF_SETITIMER */
(void) alarm(0);
now = time(NULL);
#endif /* SM_CONF_SETITIMER */
FIX_SYSV_SIGNAL(sig, sm_tick);
errno = save_errno;
CHECK_CRITICAL(sig);
mypid = getpid();
while (PendingSignal != 0)
{
int sigbit = 0;
int sig = 0;
if (bitset(PEND_SIGHUP, PendingSignal))
{
sigbit = PEND_SIGHUP;
sig = SIGHUP;
}
else if (bitset(PEND_SIGINT, PendingSignal))
{
sigbit = PEND_SIGINT;
sig = SIGINT;
}
else if (bitset(PEND_SIGTERM, PendingSignal))
{
sigbit = PEND_SIGTERM;
sig = SIGTERM;
}
else if (bitset(PEND_SIGUSR1, PendingSignal))
{
sigbit = PEND_SIGUSR1;
sig = SIGUSR1;
}
else
{
/* If we get here, we are in trouble */
abort();
}
PendingSignal &= ~sigbit;
kill(mypid, sig);
}
#if SM_CONF_SETITIMER
gettimeofday(&now, NULL);
-#else /* SM_CONF_SETITIMER */
+#else
now = time(NULL);
-#endif /* SM_CONF_SETITIMER */
+#endif
while ((ev = SmEventQueue) != NULL &&
(ev->ev_pid != mypid ||
#if SM_CONF_SETITIMER
timercmp(&ev->ev_time, &now, <=)
-#else /* SM_CONF_SETITIMER */
+#else
ev->ev_time <= now
-#endif /* SM_CONF_SETITIMER */
+#endif
))
{
void (*f)__P((int));
int arg;
pid_t pid;
/* process the event on the top of the queue */
ev = SmEventQueue;
SmEventQueue = SmEventQueue->ev_link;
/* we must be careful in here because ev_func may not return */
f = ev->ev_func;
arg = ev->ev_arg;
pid = ev->ev_pid;
ENTER_CRITICAL();
ev->ev_link = SmFreeEventList;
SmFreeEventList = ev;
LEAVE_CRITICAL();
if (pid != getpid())
continue;
if (SmEventQueue != NULL)
{
#if SM_CONF_SETITIMER
if (timercmp(&SmEventQueue->ev_time, &now, >))
{
timersub(&SmEventQueue->ev_time, &now,
&clr.it_value);
clr.it_interval.tv_sec = 0;
clr.it_interval.tv_usec = 0;
if (clr.it_value.tv_sec < 0)
clr.it_value.tv_sec = 0;
if (clr.it_value.tv_sec == 0 &&
clr.it_value.tv_usec == 0)
clr.it_value.tv_usec = 1000;
(void) setitimer(ITIMER_REAL, &clr, NULL);
}
else
{
clr.it_interval.tv_sec = 0;
clr.it_interval.tv_usec = 0;
clr.it_value.tv_sec = 3;
clr.it_value.tv_usec = 0;
(void) setitimer(ITIMER_REAL, &clr, NULL);
}
#else /* SM_CONF_SETITIMER */
if (SmEventQueue->ev_time > now)
(void) alarm((unsigned) (SmEventQueue->ev_time
- now));
else
(void) alarm(3);
#endif /* SM_CONF_SETITIMER */
}
/* call ev_func */
errno = save_errno;
(*f)(arg);
#if SM_CONF_SETITIMER
clr.it_interval.tv_sec = 0;
clr.it_interval.tv_usec = 0;
clr.it_value.tv_sec = 0;
clr.it_value.tv_usec = 0;
(void) setitimer(ITIMER_REAL, &clr, NULL);
gettimeofday(&now, NULL);
#else /* SM_CONF_SETITIMER */
(void) alarm(0);
now = time(NULL);
#endif /* SM_CONF_SETITIMER */
}
if (SmEventQueue != NULL)
{
#if SM_CONF_SETITIMER
timersub(&SmEventQueue->ev_time, &now, &clr.it_value);
clr.it_interval.tv_sec = 0;
clr.it_interval.tv_usec = 0;
if (clr.it_value.tv_sec < 0)
clr.it_value.tv_sec = 0;
if (clr.it_value.tv_sec == 0 && clr.it_value.tv_usec == 0)
clr.it_value.tv_usec = 1000;
(void) setitimer(ITIMER_REAL, &clr, NULL);
#else /* SM_CONF_SETITIMER */
(void) alarm((unsigned) (SmEventQueue->ev_time - now));
#endif /* SM_CONF_SETITIMER */
}
errno = save_errno;
return SIGFUNC_RETURN;
}
/*
** SLEEP -- a version of sleep that works with this stuff
**
** Because Unix sleep uses the alarm facility, I must reimplement
** it here.
**
** Parameters:
** intvl -- time to sleep.
**
** Returns:
** zero.
**
** Side Effects:
** waits for intvl time. However, other events can
** be run during that interval.
*/
# if !HAVE_NANOSLEEP
static void sm_endsleep __P((int));
static bool volatile SmSleepDone;
-# endif /* !HAVE_NANOSLEEP */
+# endif
#ifndef SLEEP_T
# define SLEEP_T unsigned int
-#endif /* ! SLEEP_T */
+#endif
SLEEP_T
sleep(intvl)
unsigned int intvl;
{
#if HAVE_NANOSLEEP
struct timespec rqtp;
if (intvl == 0)
return (SLEEP_T) 0;
rqtp.tv_sec = intvl;
rqtp.tv_nsec = 0;
nanosleep(&rqtp, NULL);
return (SLEEP_T) 0;
#else /* HAVE_NANOSLEEP */
int was_held;
SM_EVENT *ev;
#if _FFR_SLEEP_USE_SELECT > 0
int r;
# if _FFR_SLEEP_USE_SELECT > 0
struct timeval sm_io_to;
-# endif /* _FFR_SLEEP_USE_SELECT > 0 */
+# endif
#endif /* _FFR_SLEEP_USE_SELECT > 0 */
#if SM_CONF_SETITIMER
struct timeval now, begin, diff;
# if _FFR_SLEEP_USE_SELECT > 0
struct timeval slpv;
-# endif /* _FFR_SLEEP_USE_SELECT > 0 */
+# endif
#else /* SM_CONF_SETITIMER */
time_t begin, now;
#endif /* SM_CONF_SETITIMER */
if (intvl == 0)
return (SLEEP_T) 0;
#if defined(_FFR_MAX_SLEEP_TIME) && _FFR_MAX_SLEEP_TIME > 2
if (intvl > _FFR_MAX_SLEEP_TIME)
{
syslog(LOG_ERR, "sleep: interval=%u exceeds max value %d",
intvl, _FFR_MAX_SLEEP_TIME);
# if 0
SM_ASSERT(intvl < (unsigned int) INT_MAX);
-# endif /* 0 */
+# endif
intvl = _FFR_MAX_SLEEP_TIME;
}
#endif /* defined(_FFR_MAX_SLEEP_TIME) && _FFR_MAX_SLEEP_TIME > 2 */
SmSleepDone = false;
#if SM_CONF_SETITIMER
# if _FFR_SLEEP_USE_SELECT > 0
slpv.tv_sec = intvl;
slpv.tv_usec = 0;
-# endif /* _FFR_SLEEP_USE_SELECT > 0 */
+# endif
(void) gettimeofday(&now, NULL);
begin = now;
#else /* SM_CONF_SETITIMER */
now = begin = time(NULL);
#endif /* SM_CONF_SETITIMER */
ev = sm_setevent((time_t) intvl, sm_endsleep, 0);
if (ev == NULL)
{
/* COMPLAIN */
#if 0
syslog(LOG_ERR, "sleep: sm_setevent(%u) failed", intvl);
-#endif /* 0 */
+#endif
SmSleepDone = true;
}
was_held = sm_releasesignal(SIGALRM);
while (!SmSleepDone)
{
#if SM_CONF_SETITIMER
(void) gettimeofday(&now, NULL);
timersub(&now, &begin, &diff);
if (diff.tv_sec < 0 ||
(diff.tv_sec == 0 && diff.tv_usec == 0))
break;
# if _FFR_SLEEP_USE_SELECT > 0
timersub(&slpv, &diff, &sm_io_to);
-# endif /* _FFR_SLEEP_USE_SELECT > 0 */
+# endif
#else /* SM_CONF_SETITIMER */
now = time(NULL);
/*
** Check whether time expired before signal is released.
** Due to the granularity of time() add 1 to be on the
** safe side.
*/
if (!(begin + (time_t) intvl + 1 > now))
break;
# if _FFR_SLEEP_USE_SELECT > 0
sm_io_to.tv_sec = intvl - (now - begin);
if (sm_io_to.tv_sec <= 0)
sm_io_to.tv_sec = 1;
sm_io_to.tv_usec = 0;
# endif /* _FFR_SLEEP_USE_SELECT > 0 */
#endif /* SM_CONF_SETITIMER */
#if _FFR_SLEEP_USE_SELECT > 0
if (intvl <= _FFR_SLEEP_USE_SELECT)
{
r = select(0, NULL, NULL, NULL, &sm_io_to);
if (r == 0)
break;
}
else
#endif /* _FFR_SLEEP_USE_SELECT > 0 */
(void) pause();
}
/* if out of the loop without the event being triggered remove it */
if (!SmSleepDone)
sm_clrevent(ev);
if (was_held > 0)
(void) sm_blocksignal(SIGALRM);
return (SLEEP_T) 0;
#endif /* HAVE_NANOSLEEP */
}
#if !HAVE_NANOSLEEP
static void
sm_endsleep(ignore)
int ignore;
{
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
SmSleepDone = true;
}
#endif /* !HAVE_NANOSLEEP */
diff --git a/libsm/config.c b/libsm/config.c
index b8f77d9bbe55..b96a4a0c8aba 100644
--- a/libsm/config.c
+++ b/libsm/config.c
@@ -1,260 +1,260 @@
/*
* Copyright (c) 2000-2003, 2007 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: config.c,v 1.32 2013-11-22 20:51:42 ca Exp $")
#include <stdlib.h>
#include <sm/heap.h>
#include <sm/string.h>
#include <sm/conf.h>
/*
** PUTENV -- emulation of putenv() in terms of setenv()
**
** Not needed on Posix-compliant systems.
** This doesn't have full Posix semantics, but it's good enough
** for sendmail.
**
** Parameter:
** env -- the environment to put.
**
** Returns:
** 0 on success, < 0 on failure.
*/
#if NEEDPUTENV
# if NEEDPUTENV == 2 /* no setenv(3) call available */
int
putenv(str)
char *str;
{
char **current;
int matchlen, envlen = 0;
char *tmp;
char **newenv;
static bool first = true;
extern char **environ;
/*
** find out how much of str to match when searching
** for a string to replace.
*/
if ((tmp = strchr(str, '=')) == NULL || tmp == str)
matchlen = strlen(str);
else
matchlen = (int) (tmp - str);
++matchlen;
/*
** Search for an existing string in the environment and find the
** length of environ. If found, replace and exit.
*/
for (current = environ; *current != NULL; current++)
{
++envlen;
if (strncmp(str, *current, matchlen) == 0)
{
/* found it, now insert the new version */
*current = (char *) str;
return 0;
}
}
/*
** There wasn't already a slot so add space for a new slot.
** If this is our first time through, use malloc(), else realloc().
*/
if (first)
{
newenv = (char **) sm_malloc(sizeof(char *) * (envlen + 2));
if (newenv == NULL)
return -1;
first = false;
(void) memcpy(newenv, environ, sizeof(char *) * envlen);
}
else
{
newenv = (char **) sm_realloc((char *) environ,
sizeof(char *) * (envlen + 2));
if (newenv == NULL)
return -1;
}
/* actually add in the new entry */
environ = newenv;
environ[envlen] = (char *) str;
environ[envlen + 1] = NULL;
return 0;
}
# else /* NEEDPUTENV == 2 */
int
putenv(env)
char *env;
{
char *p;
int l;
char nbuf[100];
p = strchr(env, '=');
if (p == NULL)
return 0;
l = p - env;
if (l > sizeof nbuf - 1)
l = sizeof nbuf - 1;
memmove(nbuf, env, l);
nbuf[l] = '\0';
return setenv(nbuf, ++p, 1);
}
# endif /* NEEDPUTENV == 2 */
#endif /* NEEDPUTENV */
/*
** UNSETENV -- remove a variable from the environment
**
** Not needed on newer systems.
**
** Parameters:
** name -- the string name of the environment variable to be
** deleted from the current environment.
**
** Returns:
** none.
**
** Globals:
** environ -- a pointer to the current environment.
**
** Side Effects:
** Modifies environ.
*/
#if !HASUNSETENV
void
unsetenv(name)
char *name;
{
extern char **environ;
register char **pp;
int len = strlen(name);
for (pp = environ; *pp != NULL; pp++)
{
if (strncmp(name, *pp, len) == 0 &&
((*pp)[len] == '=' || (*pp)[len] == '\0'))
break;
}
for (; *pp != NULL; pp++)
*pp = pp[1];
}
#endif /* !HASUNSETENV */
char *SmCompileOptions[] =
{
#if SM_CONF_BROKEN_STRTOD
"SM_CONF_BROKEN_STRTOD",
-#endif /* SM_CONF_BROKEN_STRTOD */
+#endif
#if SM_CONF_GETOPT
"SM_CONF_GETOPT",
-#endif /* SM_CONF_GETOPT */
+#endif
#if SM_CONF_LDAP_INITIALIZE
"SM_CONF_LDAP_INITIALIZE",
-#endif /* SM_CONF_LDAP_INITIALIZE */
+#endif
#if SM_CONF_LDAP_MEMFREE
"SM_CONF_LDAP_MEMFREE",
-#endif /* SM_CONF_LDAP_MEMFREE */
+#endif
#if SM_CONF_LONGLONG
"SM_CONF_LONGLONG",
-#endif /* SM_CONF_LONGLONG */
+#endif
#if SM_CONF_MEMCHR
"SM_CONF_MEMCHR",
-#endif /* SM_CONF_MEMCHR */
+#endif
#if SM_CONF_MSG
"SM_CONF_MSG",
-#endif /* SM_CONF_MSG */
+#endif
#if SM_CONF_QUAD_T
"SM_CONF_QUAD_T",
-#endif /* SM_CONF_QUAD_T */
+#endif
#if SM_CONF_SEM
"SM_CONF_SEM",
-#endif /* SM_CONF_SEM */
+#endif
#if SM_CONF_SETITIMER
"SM_CONF_SETITIMER",
-#endif /* SM_CONF_SETITIMER */
+#endif
#if SM_CONF_SIGSETJMP
"SM_CONF_SIGSETJMP",
-#endif /* SM_CONF_SIGSETJMP */
+#endif
#if SM_CONF_SHM
"SM_CONF_SHM",
-#endif /* SM_CONF_SHM */
+#endif
#if SM_CONF_SHM_DELAY
"SM_CONF_SHM_DELAY",
-#endif /* SM_CONF_SHM_DELAY */
+#endif
#if SM_CONF_SSIZE_T
"SM_CONF_SSIZE_T",
-#endif /* SM_CONF_SSIZE_T */
+#endif
#if SM_CONF_STDBOOL_H
"SM_CONF_STDBOOL_H",
-#endif /* SM_CONF_STDBOOL_H */
+#endif
#if SM_CONF_STDDEF_H
"SM_CONF_STDDEF_H",
-#endif /* SM_CONF_STDDEF_H */
+#endif
#if 0
/* XXX this is always enabled (for now) */
#if SM_CONF_STRL
"SM_CONF_STRL",
-#endif /* SM_CONF_STRL */
+#endif
#endif /* 0 */
#if SM_CONF_SYS_CDEFS_H
"SM_CONF_SYS_CDEFS_H",
-#endif /* SM_CONF_SYS_CDEFS_H */
+#endif
#if SM_CONF_SYSEXITS_H
"SM_CONF_SYSEXITS_H",
-#endif /* SM_CONF_SYSEXITS_H */
+#endif
#if SM_CONF_UID_GID
"SM_CONF_UID_GID",
-#endif /* SM_CONF_UID_GID */
+#endif
#if DO_NOT_USE_STRCPY
"DO_NOT_USE_STRCPY",
-#endif /* DO_NOT_USE_STRCPY */
+#endif
#if SM_HEAP_CHECK
"SM_HEAP_CHECK",
-#endif /* SM_HEAP_CHECK */
+#endif
#if defined(SM_OS_NAME) && defined(__STDC__)
"SM_OS=sm_os_" SM_OS_NAME,
-#endif /* defined(SM_OS_NAME) && defined(__STDC__) */
+#endif
#if SM_VA_STD
"SM_VA_STD",
-#endif /* SM_VA_STD */
+#endif
#if USEKSTAT
"USEKSTAT",
-#endif /* USEKSTAT */
+#endif
#if USEPROCMEMINFO
"USEPROCMEMINFO",
-#endif /* USEPROCMEMINFO */
+#endif
#if USESWAPCTL
"USESWAPCTL",
-#endif /* USESWAPCTL */
+#endif
NULL
};
diff --git a/libsm/debug.c b/libsm/debug.c
index 0dbc25733f14..2ebef889380e 100644
--- a/libsm/debug.c
+++ b/libsm/debug.c
@@ -1,423 +1,455 @@
/*
* Copyright (c) 2000, 2001, 2003, 2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: debug.c,v 1.33 2013-11-22 20:51:42 ca Exp $")
/*
** libsm debugging and tracing
** For documentation, see debug.html.
*/
#include <ctype.h>
#include <stdlib.h>
#if _FFR_DEBUG_PID_TIME
#include <unistd.h>
+#include <sm/types.h>
+#include <sm/time.h>
#include <time.h>
#endif /* _FFR_DEBUG_PID_TIME */
#include <setjmp.h>
#include <sm/io.h>
#include <sm/assert.h>
#include <sm/conf.h>
#include <sm/debug.h>
#include <sm/string.h>
#include <sm/varargs.h>
#include <sm/heap.h>
static void sm_debug_reset __P((void));
static const char *parse_named_setting_x __P((const char *));
/*
** Abstractions for printing trace messages.
*/
/*
** The output file to which trace output is directed.
** There is a controversy over whether this variable
** should be process global or thread local.
** To make the interface more abstract, we've hidden the
** variable behind access functions.
*/
static SM_FILE_T *SmDebugOutput = smioout;
/*
** SM_DEBUG_FILE -- Returns current debug file pointer.
**
** Parameters:
** none.
**
** Returns:
** current debug file pointer.
*/
SM_FILE_T *
sm_debug_file()
{
return SmDebugOutput;
}
/*
** SM_DEBUG_SETFILE -- Sets debug file pointer.
**
** Parameters:
** fp -- new debug file pointer.
**
** Returns:
** none.
**
** Side Effects:
** Sets SmDebugOutput.
*/
void
sm_debug_setfile(fp)
SM_FILE_T *fp;
{
SmDebugOutput = fp;
}
/*
** SM_DEBUG_CLOSE -- Close debug file pointer.
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** Closes SmDebugOutput.
*/
void
sm_debug_close()
{
if (SmDebugOutput != NULL && SmDebugOutput != smioout)
{
sm_io_close(SmDebugOutput, SM_TIME_DEFAULT);
SmDebugOutput = NULL;
}
}
/*
** SM_DPRINTF -- printf() for debug output.
**
** Parameters:
** fmt -- format for printf()
**
** Returns:
** none.
*/
#if _FFR_DEBUG_PID_TIME
SM_DEBUG_T SmDBGPidTime = SM_DEBUG_INITIALIZER("sm_trace_pid_time",
"@(#)$Debug: sm_trace_pid_time - print pid and time in debug $");
-#endif /* _FFR_DEBUG_PID_TIME */
+#endif
void
#if SM_VA_STD
sm_dprintf(char *fmt, ...)
#else /* SM_VA_STD */
sm_dprintf(fmt, va_alist)
char *fmt;
va_dcl
#endif /* SM_VA_STD */
{
SM_VA_LOCAL_DECL
+#if _FFR_DEBUG_PID_TIME
+ static struct timeval lasttv;
+#endif
if (SmDebugOutput == NULL)
return;
#if _FFR_DEBUG_PID_TIME
/* note: this is ugly if the output isn't a full line! */
- if (sm_debug_active(&SmDBGPidTime, 1))
+ if (sm_debug_active(&SmDBGPidTime, 3))
+ {
+ struct timeval tv, tvd;
+
+ gettimeofday(&tv, NULL);
+ if (timerisset(&lasttv))
+ timersub(&tv, &lasttv, &tvd);
+ else
+ timerclear(&tvd);
+ sm_io_fprintf(SmDebugOutput, SmDebugOutput->f_timeout,
+ "%ld: %ld.%06ld ",
+ (long) getpid(),
+ (long) tvd.tv_sec,
+ (long) tvd.tv_usec);
+ lasttv = tv;
+ }
+ else if (sm_debug_active(&SmDBGPidTime, 2))
+ {
+ struct timeval tv;
+
+ gettimeofday(&tv, NULL);
+ sm_io_fprintf(SmDebugOutput, SmDebugOutput->f_timeout,
+ "%ld: %ld.%06ld ",
+ (long) getpid(),
+ (long) tv.tv_sec,
+ (long) tv.tv_usec);
+ }
+ else if (sm_debug_active(&SmDBGPidTime, 1))
{
static char str[32] = "[1900-00-00/00:00:00] ";
struct tm *tmp;
time_t currt;
currt = time((time_t *)0);
tmp = localtime(&currt);
snprintf(str, sizeof(str), "[%d-%02d-%02d/%02d:%02d:%02d] ",
1900 + tmp->tm_year, /* HACK */
tmp->tm_mon + 1,
tmp->tm_mday,
tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
sm_io_fprintf(SmDebugOutput, SmDebugOutput->f_timeout,
"%ld: %s ", (long) getpid(), str);
}
#endif /* _FFR_DEBUG_PID_TIME */
SM_VA_START(ap, fmt);
sm_io_vfprintf(SmDebugOutput, SmDebugOutput->f_timeout, fmt, ap);
SM_VA_END(ap);
}
/*
** SM_DFLUSH -- Flush debug output.
**
** Parameters:
** none.
**
** Returns:
** none.
*/
void
sm_dflush()
{
sm_io_flush(SmDebugOutput, SM_TIME_DEFAULT);
}
/*
** This is the internal database of debug settings.
** The semantics of looking up a setting in the settings database
** are that the *last* setting specified in a -d option on the sendmail
** command line that matches a given SM_DEBUG structure is the one that is
** used. That is necessary to conform to the existing semantics of
** the sendmail -d option. We store the settings as a linked list in
** reverse order, so when we do a lookup, we take the *first* entry
** that matches.
*/
typedef struct sm_debug_setting SM_DEBUG_SETTING_T;
struct sm_debug_setting
{
const char *ds_pattern;
unsigned int ds_level;
SM_DEBUG_SETTING_T *ds_next;
};
SM_DEBUG_SETTING_T *SmDebugSettings = NULL;
/*
** We keep a linked list of SM_DEBUG structures that have been initialized,
** for use by sm_debug_reset.
*/
SM_DEBUG_T *SmDebugInitialized = NULL;
const char SmDebugMagic[] = "sm_debug";
/*
** SM_DEBUG_RESET -- Reset SM_DEBUG structures.
**
** Reset all SM_DEBUG structures back to the uninitialized state.
** This is used by sm_debug_addsetting to ensure that references to
** SM_DEBUG structures that occur before sendmail processes its -d flags
** do not cause those structures to be permanently forced to level 0.
**
** Parameters:
** none.
**
** Returns:
** none.
*/
static void
sm_debug_reset()
{
SM_DEBUG_T *debug;
for (debug = SmDebugInitialized;
debug != NULL;
debug = debug->debug_next)
{
debug->debug_level = SM_DEBUG_UNKNOWN;
}
SmDebugInitialized = NULL;
}
/*
** SM_DEBUG_ADDSETTING_X -- add an entry to the database of debug settings
**
** Parameters:
** pattern -- a shell-style glob pattern (see sm_match).
** WARNING: the storage for 'pattern' will be owned by
** the debug package, so it should either be a string
** literal or the result of a call to sm_strdup_x.
** level -- a non-negative integer.
**
** Returns:
** none.
**
** Exceptions:
** F:sm_heap -- out of memory
*/
void
sm_debug_addsetting_x(pattern, level)
const char *pattern;
int level;
{
SM_DEBUG_SETTING_T *s;
SM_REQUIRE(pattern != NULL);
SM_REQUIRE(level >= 0);
s = sm_malloc_x(sizeof(SM_DEBUG_SETTING_T));
s->ds_pattern = pattern;
s->ds_level = (unsigned int) level;
s->ds_next = SmDebugSettings;
SmDebugSettings = s;
sm_debug_reset();
}
/*
** PARSE_NAMED_SETTING_X -- process a symbolic debug setting
**
** Parameters:
** s -- Points to a non-empty \0 or , terminated string,
** of which the initial character is not a digit.
**
** Returns:
** pointer to terminating \0 or , character.
**
** Exceptions:
** F:sm.heap -- out of memory.
**
** Side Effects:
** adds the setting to the database.
*/
static const char *
parse_named_setting_x(s)
const char *s;
{
const char *pat, *endpat;
int level;
pat = s;
while (*s != '\0' && *s != ',' && *s != '.')
++s;
endpat = s;
if (*s == '.')
{
++s;
level = 0;
while (isascii(*s) && isdigit(*s))
{
level = level * 10 + (*s - '0');
++s;
}
if (level < 0)
level = 0;
}
else
level = 1;
sm_debug_addsetting_x(sm_strndup_x(pat, endpat - pat), level);
/* skip trailing junk */
while (*s != '\0' && *s != ',')
++s;
return s;
}
/*
** SM_DEBUG_ADDSETTINGS_X -- process a list of debug options
**
** Parameters:
** s -- a list of debug settings, eg the argument to the
** sendmail -d option.
**
** The syntax of the string s is as follows:
**
** <settings> ::= <setting> | <settings> "," <setting>
** <setting> ::= <categories> | <categories> "." <level>
** <categories> ::= [a-zA-Z_*?][a-zA-Z0-9_*?]*
**
** However, note that we skip over anything we don't
** understand, rather than report an error.
**
** Returns:
** none.
**
** Exceptions:
** F:sm.heap -- out of memory
**
** Side Effects:
** updates the database of debug settings.
*/
void
sm_debug_addsettings_x(s)
const char *s;
{
for (;;)
{
if (*s == '\0')
return;
if (*s == ',')
{
++s;
continue;
}
s = parse_named_setting_x(s);
}
}
/*
** SM_DEBUG_LOADLEVEL -- Get activation level of the specified debug object.
**
** Parameters:
** debug -- debug object.
**
** Returns:
** Activation level of the specified debug object.
**
** Side Effects:
** Ensures that the debug object is initialized.
*/
int
sm_debug_loadlevel(debug)
SM_DEBUG_T *debug;
{
if (debug->debug_level == SM_DEBUG_UNKNOWN)
{
SM_DEBUG_SETTING_T *s;
for (s = SmDebugSettings; s != NULL; s = s->ds_next)
{
if (sm_match(debug->debug_name, s->ds_pattern))
{
debug->debug_level = s->ds_level;
goto initialized;
}
}
debug->debug_level = 0;
initialized:
debug->debug_next = SmDebugInitialized;
SmDebugInitialized = debug;
}
return (int) debug->debug_level;
}
/*
** SM_DEBUG_LOADACTIVE -- Activation level reached?
**
** Parameters:
** debug -- debug object.
** level -- level to check.
**
** Returns:
** true iff the activation level of the specified debug
** object >= level.
**
** Side Effects:
** Ensures that the debug object is initialized.
*/
bool
sm_debug_loadactive(debug, level)
SM_DEBUG_T *debug;
int level;
{
return sm_debug_loadlevel(debug) >= level;
}
diff --git a/libsm/errstring.c b/libsm/errstring.c
index 01d5a6419f41..fd1af9b5dcbf 100644
--- a/libsm/errstring.c
+++ b/libsm/errstring.c
@@ -1,285 +1,285 @@
/*
* Copyright (c) 2001, 2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: errstring.c,v 1.20 2013-11-22 20:51:42 ca Exp $")
#include <errno.h>
#include <stdio.h> /* sys_errlist, on some platforms */
#include <sm/io.h> /* sm_snprintf */
#include <sm/string.h>
#include <sm/errstring.h>
#if NAMED_BIND
# include <netdb.h>
#endif
#if LDAPMAP
# include <lber.h>
# include <ldap.h> /* for LDAP error codes */
-#endif /* LDAPMAP */
+#endif
/*
** Notice: this file is used by libmilter. Please try to avoid
** using libsm specific functions.
*/
/*
** SM_ERRSTRING -- return string description of error code
**
** Parameters:
** errnum -- the error number to translate
**
** Returns:
** A string description of errnum.
**
** Note: this may point to a local (static) buffer.
*/
const char *
sm_errstring(errnum)
int errnum;
{
char *ret;
switch (errnum)
{
case EPERM:
/* SunOS gives "Not owner" -- this is the POSIX message */
return "Operation not permitted";
/*
** Error messages used internally in sendmail.
*/
case E_SM_OPENTIMEOUT:
return "Timeout on file open";
case E_SM_NOSLINK:
return "Symbolic links not allowed";
case E_SM_NOHLINK:
return "Hard links not allowed";
case E_SM_REGONLY:
return "Regular files only";
case E_SM_ISEXEC:
return "Executable files not allowed";
case E_SM_WWDIR:
return "World writable directory";
case E_SM_GWDIR:
return "Group writable directory";
case E_SM_FILECHANGE:
return "File changed after open";
case E_SM_WWFILE:
return "World writable file";
case E_SM_GWFILE:
return "Group writable file";
case E_SM_GRFILE:
return "Group readable file";
case E_SM_WRFILE:
return "World readable file";
/*
** DNS error messages.
*/
#if NAMED_BIND
case HOST_NOT_FOUND + E_DNSBASE:
return "Name server: host not found";
case TRY_AGAIN + E_DNSBASE:
return "Name server: host name lookup failure";
case NO_RECOVERY + E_DNSBASE:
return "Name server: non-recoverable error";
case NO_DATA + E_DNSBASE:
return "Name server: no data known";
#endif /* NAMED_BIND */
/*
** libsmdb error messages.
*/
case SMDBE_MALLOC:
return "Memory allocation failed";
case SMDBE_GDBM_IS_BAD:
return "GDBM is not supported";
case SMDBE_UNSUPPORTED:
return "Unsupported action";
case SMDBE_DUPLICATE:
return "Key already exists";
case SMDBE_BAD_OPEN:
return "Database open failed";
case SMDBE_NOT_FOUND:
return "Key not found";
case SMDBE_UNKNOWN_DB_TYPE:
return "Unknown database type";
case SMDBE_UNSUPPORTED_DB_TYPE:
return "Support for database type not compiled into this program";
case SMDBE_INCOMPLETE:
return "DB sync did not finish";
case SMDBE_KEY_EMPTY:
return "Key is empty";
case SMDBE_KEY_EXIST:
return "Key already exists";
case SMDBE_LOCK_DEADLOCK:
return "Locker killed to resolve deadlock";
case SMDBE_LOCK_NOT_GRANTED:
return "Lock unavailable";
case SMDBE_LOCK_NOT_HELD:
return "Lock not held by locker";
case SMDBE_RUN_RECOVERY:
return "Database panic, run recovery";
case SMDBE_IO_ERROR:
return "I/O error";
case SMDBE_READ_ONLY:
return "Database opened read-only";
case SMDBE_DB_NAME_TOO_LONG:
return "Name too long";
case SMDBE_INVALID_PARAMETER:
return "Invalid parameter";
case SMDBE_ONLY_SUPPORTS_ONE_CURSOR:
return "Only one cursor allowed";
case SMDBE_NOT_A_VALID_CURSOR:
return "Invalid cursor";
case SMDBE_OLD_VERSION:
return "Berkeley DB file is an old version, recreate it";
case SMDBE_VERSION_MISMATCH:
return "Berkeley DB version mismatch between include file and library";
#if LDAPMAP
/*
** LDAP URL error messages.
*/
/* OpenLDAP errors */
# ifdef LDAP_URL_ERR_MEM
case E_LDAPURLBASE + LDAP_URL_ERR_MEM:
return "LDAP URL can't allocate memory space";
-# endif /* LDAP_URL_ERR_MEM */
+# endif
# ifdef LDAP_URL_ERR_PARAM
case E_LDAPURLBASE + LDAP_URL_ERR_PARAM:
return "LDAP URL parameter is bad";
-# endif /* LDAP_URL_ERR_PARAM */
+# endif
# ifdef LDAP_URL_ERR_BADSCHEME
case E_LDAPURLBASE + LDAP_URL_ERR_BADSCHEME:
return "LDAP URL doesn't begin with \"ldap[si]://\"";
-# endif /* LDAP_URL_ERR_BADSCHEME */
+# endif
# ifdef LDAP_URL_ERR_BADENCLOSURE
case E_LDAPURLBASE + LDAP_URL_ERR_BADENCLOSURE:
return "LDAP URL is missing trailing \">\"";
-# endif /* LDAP_URL_ERR_BADENCLOSURE */
+# endif
# ifdef LDAP_URL_ERR_BADURL
case E_LDAPURLBASE + LDAP_URL_ERR_BADURL:
return "LDAP URL is bad";
-# endif /* LDAP_URL_ERR_BADURL */
+# endif
# ifdef LDAP_URL_ERR_BADHOST
case E_LDAPURLBASE + LDAP_URL_ERR_BADHOST:
return "LDAP URL host port is bad";
-# endif /* LDAP_URL_ERR_BADHOST */
+# endif
# ifdef LDAP_URL_ERR_BADATTRS
case E_LDAPURLBASE + LDAP_URL_ERR_BADATTRS:
return "LDAP URL bad (or missing) attributes";
-# endif /* LDAP_URL_ERR_BADATTRS */
+# endif
# ifdef LDAP_URL_ERR_BADSCOPE
case E_LDAPURLBASE + LDAP_URL_ERR_BADSCOPE:
return "LDAP URL scope string is invalid (or missing)";
-# endif /* LDAP_URL_ERR_BADSCOPE */
+# endif
# ifdef LDAP_URL_ERR_BADFILTER
case E_LDAPURLBASE + LDAP_URL_ERR_BADFILTER:
return "LDAP URL bad or missing filter";
-# endif /* LDAP_URL_ERR_BADFILTER */
+# endif
# ifdef LDAP_URL_ERR_BADEXTS
case E_LDAPURLBASE + LDAP_URL_ERR_BADEXTS:
return "LDAP URL bad or missing extensions";
-# endif /* LDAP_URL_ERR_BADEXTS */
+# endif
/* Sun LDAP errors */
# ifdef LDAP_URL_ERR_NOTLDAP
case E_LDAPURLBASE + LDAP_URL_ERR_NOTLDAP:
return "LDAP URL doesn't begin with \"ldap://\"";
-# endif /* LDAP_URL_ERR_NOTLDAP */
+# endif
# ifdef LDAP_URL_ERR_NODN
case E_LDAPURLBASE + LDAP_URL_ERR_NODN:
return "LDAP URL has no DN (required)";
-# endif /* LDAP_URL_ERR_NODN */
+# endif
#endif /* LDAPMAP */
}
#if LDAPMAP
/*
** LDAP error messages. Handle small negative errors from
** libldap (in the range -E_LDAP_SHIM to zero, offset by E_LDAPBASE)
** as well.
*/
if (errnum >= E_LDAPBASE - E_LDAP_SHIM)
return ldap_err2string(errnum - E_LDAPBASE);
#endif /* LDAPMAP */
ret = strerror(errnum);
if (ret == NULL)
{
static char buf[30];
(void) sm_snprintf(buf, sizeof buf, "Error %d", errnum);
return buf;
}
return ret;
}
diff --git a/libsm/exc.c b/libsm/exc.c
index d9ebe4419c84..4824d5f9bd0c 100644
--- a/libsm/exc.c
+++ b/libsm/exc.c
@@ -1,651 +1,651 @@
/*
* Copyright (c) 2000-2002 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: exc.c,v 1.50 2013-11-22 20:51:42 ca Exp $")
/*
** exception handling
** For documentation, see exc.html
*/
#include <ctype.h>
#include <string.h>
#include <sm/errstring.h>
#include <sm/exc.h>
#include <sm/heap.h>
#include <sm/string.h>
#include <sm/varargs.h>
#include <sm/io.h>
const char SmExcMagic[] = "sm_exc";
const char SmExcTypeMagic[] = "sm_exc_type";
/*
** SM_ETYPE_PRINTF -- printf for exception types.
**
** Parameters:
** exc -- exception.
** stream -- file for output.
**
** Returns:
** none.
*/
/*
** A simple formatted print function that can be used as the print function
** by most exception types. It prints the printcontext string, interpreting
** occurrences of %0 through %9 as references to the argument vector.
** If exception argument 3 is an int or long, then %3 will print the
** argument in decimal, and %o3 or %x3 will print it in octal or hex.
*/
void
sm_etype_printf(exc, stream)
SM_EXC_T *exc;
SM_FILE_T *stream;
{
size_t n = strlen(exc->exc_type->etype_argformat);
const char *p, *s;
char format;
for (p = exc->exc_type->etype_printcontext; *p != '\0'; ++p)
{
if (*p != '%')
{
(void) sm_io_putc(stream, SM_TIME_DEFAULT, *p);
continue;
}
++p;
if (*p == '\0')
{
(void) sm_io_putc(stream, SM_TIME_DEFAULT, '%');
break;
}
if (*p == '%')
{
(void) sm_io_putc(stream, SM_TIME_DEFAULT, '%');
continue;
}
format = '\0';
if (isalpha(*p))
{
format = *p++;
if (*p == '\0')
{
(void) sm_io_putc(stream, SM_TIME_DEFAULT, '%');
(void) sm_io_putc(stream, SM_TIME_DEFAULT,
format);
break;
}
}
if (isdigit(*p))
{
size_t i = *p - '0';
if (i < n)
{
switch (exc->exc_type->etype_argformat[i])
{
case 's':
case 'r':
s = exc->exc_argv[i].v_str;
if (s == NULL)
s = "(null)";
sm_io_fputs(stream, SM_TIME_DEFAULT, s);
continue;
case 'i':
sm_io_fprintf(stream,
SM_TIME_DEFAULT,
format == 'o' ? "%o"
: format == 'x' ? "%x"
: "%d",
exc->exc_argv[i].v_int);
continue;
case 'l':
sm_io_fprintf(stream,
SM_TIME_DEFAULT,
format == 'o' ? "%lo"
: format == 'x' ? "%lx"
: "%ld",
exc->exc_argv[i].v_long);
continue;
case 'e':
sm_exc_write(exc->exc_argv[i].v_exc,
stream);
continue;
}
}
}
(void) sm_io_putc(stream, SM_TIME_DEFAULT, '%');
if (format)
(void) sm_io_putc(stream, SM_TIME_DEFAULT, format);
(void) sm_io_putc(stream, SM_TIME_DEFAULT, *p);
}
}
/*
** Standard exception types.
*/
/*
** SM_ETYPE_OS_PRINT -- Print OS related exception.
**
** Parameters:
** exc -- exception.
** stream -- file for output.
**
** Returns:
** none.
*/
static void
sm_etype_os_print __P((
SM_EXC_T *exc,
SM_FILE_T *stream));
static void
sm_etype_os_print(exc, stream)
SM_EXC_T *exc;
SM_FILE_T *stream;
{
int err = exc->exc_argv[0].v_int;
char *syscall = exc->exc_argv[1].v_str;
char *sysargs = exc->exc_argv[2].v_str;
if (sysargs)
sm_io_fprintf(stream, SM_TIME_DEFAULT, "%s: %s failed: %s",
sysargs, syscall, sm_errstring(err));
else
sm_io_fprintf(stream, SM_TIME_DEFAULT, "%s failed: %s", syscall,
sm_errstring(err));
}
/*
** SmEtypeOs represents the failure of a Unix system call.
** The three arguments are:
** int errno (eg, ENOENT)
** char *syscall (eg, "open")
** char *sysargs (eg, NULL or "/etc/mail/sendmail.cf")
*/
const SM_EXC_TYPE_T SmEtypeOs =
{
SmExcTypeMagic,
"E:sm.os",
"isr",
sm_etype_os_print,
NULL,
};
/*
** SmEtypeErr is a completely generic error which should only be
** used in applications and test programs. Libraries should use
** more specific exception codes.
*/
const SM_EXC_TYPE_T SmEtypeErr =
{
SmExcTypeMagic,
"E:sm.err",
"r",
sm_etype_printf,
"%0",
};
/*
** SM_EXC_VNEW_X -- Construct a new exception object.
**
** Parameters:
** etype -- type of exception.
** ap -- varargs.
**
** Returns:
** pointer to exception object.
*/
/*
** This is an auxiliary function called by sm_exc_new_x and sm_exc_raisenew_x.
**
** If an exception is raised, then to avoid a storage leak, we must:
** (a) Free all storage we have allocated.
** (b) Free all exception arguments in the varargs list.
** Getting this right is tricky.
**
** To see why (b) is required, consider the code fragment
** SM_EXCEPT(exc, "*")
** sm_exc_raisenew_x(&MyEtype, exc);
** SM_END_TRY
** In the normal case, sm_exc_raisenew_x will allocate and raise a new
** exception E that owns exc. When E is eventually freed, exc is also freed.
** In the exceptional case, sm_exc_raisenew_x must free exc before raising
** an out-of-memory exception so that exc is not leaked.
*/
-static SM_EXC_T *sm_exc_vnew_x __P((const SM_EXC_TYPE_T *, va_list SM_NONVOLATILE));
+static SM_EXC_T *sm_exc_vnew_x __P((const SM_EXC_TYPE_T *, va_list));
static SM_EXC_T *
sm_exc_vnew_x(etype, ap)
const SM_EXC_TYPE_T *etype;
- va_list SM_NONVOLATILE ap;
+ va_list ap;
{
/*
** All variables that are modified in the SM_TRY clause and
** referenced in the SM_EXCEPT clause must be declared volatile.
*/
/* NOTE: Type of si, i, and argc *must* match */
SM_EXC_T * volatile exc = NULL;
int volatile si = 0;
SM_VAL_T * volatile argv = NULL;
int i, argc;
SM_REQUIRE_ISA(etype, SmExcTypeMagic);
argc = strlen(etype->etype_argformat);
SM_TRY
{
/*
** Step 1. Allocate the exception structure.
** On failure, scan the varargs list and free all
** exception arguments.
*/
exc = sm_malloc_x(sizeof(SM_EXC_T));
exc->sm_magic = SmExcMagic;
exc->exc_refcount = 1;
exc->exc_type = etype;
exc->exc_argv = NULL;
/*
** Step 2. Allocate the argument vector.
** On failure, free exc, scan the varargs list and free all
** exception arguments. On success, scan the varargs list,
** and copy the arguments into argv.
*/
argv = sm_malloc_x(argc * sizeof(SM_VAL_T));
exc->exc_argv = argv;
for (i = 0; i < argc; ++i)
{
switch (etype->etype_argformat[i])
{
case 'i':
argv[i].v_int = SM_VA_ARG(ap, int);
break;
case 'l':
argv[i].v_long = SM_VA_ARG(ap, long);
break;
case 'e':
argv[i].v_exc = SM_VA_ARG(ap, SM_EXC_T*);
break;
case 's':
argv[i].v_str = SM_VA_ARG(ap, char*);
break;
case 'r':
SM_REQUIRE(etype->etype_argformat[i+1] == '\0');
argv[i].v_str = SM_VA_ARG(ap, char*);
break;
default:
sm_abort("sm_exc_vnew_x: bad argformat '%c'",
etype->etype_argformat[i]);
}
}
/*
** Step 3. Scan argv, and allocate space for all
** string arguments. si is the number of elements
** of argv that have been processed so far.
** On failure, free exc, argv, all the exception arguments
** and all of the strings that have been copied.
*/
for (si = 0; si < argc; ++si)
{
switch (etype->etype_argformat[si])
{
case 's':
{
char *str = argv[si].v_str;
if (str != NULL)
argv[si].v_str = sm_strdup_x(str);
}
break;
case 'r':
{
char *fmt = argv[si].v_str;
if (fmt != NULL)
argv[si].v_str = sm_vstringf_x(fmt, ap);
}
break;
}
}
}
SM_EXCEPT(e, "*")
{
if (exc == NULL || argv == NULL)
{
/*
** Failure in step 1 or step 2.
** Scan ap and free all exception arguments.
*/
for (i = 0; i < argc; ++i)
{
switch (etype->etype_argformat[i])
{
case 'i':
(void) SM_VA_ARG(ap, int);
break;
case 'l':
(void) SM_VA_ARG(ap, long);
break;
case 'e':
sm_exc_free(SM_VA_ARG(ap, SM_EXC_T*));
break;
case 's':
case 'r':
(void) SM_VA_ARG(ap, char*);
break;
}
}
}
else
{
/*
** Failure in step 3. Scan argv and free
** all exception arguments and all string
** arguments that have been duplicated.
** Then free argv.
*/
for (i = 0; i < argc; ++i)
{
switch (etype->etype_argformat[i])
{
case 'e':
sm_exc_free(argv[i].v_exc);
break;
case 's':
case 'r':
if (i < si)
sm_free(argv[i].v_str);
break;
}
}
sm_free(argv);
}
sm_free(exc);
sm_exc_raise_x(e);
}
SM_END_TRY
return exc;
}
/*
** SM_EXC_NEW_X -- Construct a new exception object.
**
** Parameters:
** etype -- type of exception.
** ... -- varargs.
**
** Returns:
** pointer to exception object.
*/
SM_EXC_T *
#if SM_VA_STD
sm_exc_new_x(
const SM_EXC_TYPE_T *etype,
...)
#else /* SM_VA_STD */
sm_exc_new_x(etype, va_alist)
const SM_EXC_TYPE_T *etype;
va_dcl
#endif /* SM_VA_STD */
{
SM_EXC_T *exc;
SM_VA_LOCAL_DECL
SM_VA_START(ap, etype);
exc = sm_exc_vnew_x(etype, ap);
SM_VA_END(ap);
return exc;
}
/*
** SM_EXC_FREE -- Destroy a reference to an exception object.
**
** Parameters:
** exc -- exception object.
**
** Returns:
** none.
*/
void
sm_exc_free(exc)
SM_EXC_T *exc;
{
if (exc == NULL)
return;
SM_REQUIRE(exc->sm_magic == SmExcMagic);
if (exc->exc_refcount == 0)
return;
if (--exc->exc_refcount == 0)
{
int i, c;
for (i = 0; (c = exc->exc_type->etype_argformat[i]) != '\0';
++i)
{
switch (c)
{
case 's':
case 'r':
sm_free(exc->exc_argv[i].v_str);
break;
case 'e':
sm_exc_free(exc->exc_argv[i].v_exc);
break;
}
}
exc->sm_magic = NULL;
sm_free(exc->exc_argv);
sm_free(exc);
}
}
/*
** SM_EXC_MATCH -- Match exception category against a glob pattern.
**
** Parameters:
** exc -- exception.
** pattern -- glob pattern.
**
** Returns:
** true iff match.
*/
bool
sm_exc_match(exc, pattern)
SM_EXC_T *exc;
const char *pattern;
{
if (exc == NULL)
return false;
SM_REQUIRE(exc->sm_magic == SmExcMagic);
return sm_match(exc->exc_type->etype_category, pattern);
}
/*
** SM_EXC_WRITE -- Write exception message to a stream (wo trailing newline).
**
** Parameters:
** exc -- exception.
** stream -- file for output.
**
** Returns:
** none.
*/
void
sm_exc_write(exc, stream)
SM_EXC_T *exc;
SM_FILE_T *stream;
{
SM_REQUIRE_ISA(exc, SmExcMagic);
exc->exc_type->etype_print(exc, stream);
}
/*
** SM_EXC_PRINT -- Print exception message to a stream (with trailing newline).
**
** Parameters:
** exc -- exception.
** stream -- file for output.
**
** Returns:
** none.
*/
void
sm_exc_print(exc, stream)
SM_EXC_T *exc;
SM_FILE_T *stream;
{
SM_REQUIRE_ISA(exc, SmExcMagic);
exc->exc_type->etype_print(exc, stream);
(void) sm_io_putc(stream, SM_TIME_DEFAULT, '\n');
}
SM_EXC_HANDLER_T *SmExcHandler = NULL;
static SM_EXC_DEFAULT_HANDLER_T SmExcDefaultHandler = NULL;
/*
** SM_EXC_NEWTHREAD -- Initialize exception handling for new process/thread.
**
** Parameters:
** h -- default exception handler.
**
** Returns:
** none.
*/
/*
** Initialize a new process or a new thread by clearing the
** exception handler stack and optionally setting a default
** exception handler function. Call this at the beginning of main,
** or in a new process after calling fork, or in a new thread.
**
** This function is a luxury, not a necessity.
** If h != NULL then you can get the same effect by
** wrapping the body of main, or the body of a forked child
** or a new thread in SM_TRY ... SM_EXCEPT(e,"*") h(e); SM_END_TRY.
*/
void
sm_exc_newthread(h)
SM_EXC_DEFAULT_HANDLER_T h;
{
SmExcHandler = NULL;
SmExcDefaultHandler = h;
}
/*
** SM_EXC_RAISE_X -- Raise an exception.
**
** Parameters:
** exc -- exception.
**
** Returns:
** doesn't.
*/
void SM_DEAD_D
sm_exc_raise_x(exc)
SM_EXC_T *exc;
{
SM_REQUIRE_ISA(exc, SmExcMagic);
if (SmExcHandler == NULL)
{
if (SmExcDefaultHandler != NULL)
{
SM_EXC_DEFAULT_HANDLER_T h;
/*
** If defined, the default handler is expected
** to terminate the current thread of execution
** using exit() or pthread_exit().
** If it instead returns normally, then we fall
** through to the default case below. If it
** raises an exception, then sm_exc_raise_x is
** re-entered and, because we set SmExcDefaultHandler
** to NULL before invoking h, we will again
** end up in the default case below.
*/
h = SmExcDefaultHandler;
SmExcDefaultHandler = NULL;
(*h)(exc);
}
/*
** No exception handler, so print the error and exit.
** To override this behaviour on a program wide basis,
** call sm_exc_newthread or put an exception handler in main().
**
** XXX TODO: map the exception category to an exit code
** XXX from <sysexits.h>.
*/
sm_exc_print(exc, smioerr);
exit(255);
}
if (SmExcHandler->eh_value == NULL)
SmExcHandler->eh_value = exc;
else
sm_exc_free(exc);
sm_longjmp_nosig(SmExcHandler->eh_context, 1);
}
/*
** SM_EXC_RAISENEW_X -- shorthand for sm_exc_raise_x(sm_exc_new_x(...))
**
** Parameters:
** etype -- type of exception.
** ap -- varargs.
**
** Returns:
** none.
*/
void SM_DEAD_D
#if SM_VA_STD
sm_exc_raisenew_x(
const SM_EXC_TYPE_T *etype,
...)
#else
sm_exc_raisenew_x(etype, va_alist)
const SM_EXC_TYPE_T *etype;
va_dcl
#endif
{
SM_EXC_T *exc;
SM_VA_LOCAL_DECL
SM_VA_START(ap, etype);
exc = sm_exc_vnew_x(etype, ap);
SM_VA_END(ap);
sm_exc_raise_x(exc);
}
diff --git a/libsm/findfp.c b/libsm/findfp.c
index 25f7663e8797..1b2ed884d499 100644
--- a/libsm/findfp.c
+++ b/libsm/findfp.c
@@ -1,430 +1,420 @@
/*
* Copyright (c) 2000-2002, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: findfp.c,v 1.68 2013-11-22 20:51:42 ca Exp $")
#include <stdlib.h>
#include <unistd.h>
#include <sys/param.h>
#include <errno.h>
#include <string.h>
#include <syslog.h>
#include <sm/io.h>
#include <sm/assert.h>
#include <sm/heap.h>
#include <sm/string.h>
#include <sm/conf.h>
#include "local.h"
#include "glue.h"
bool Sm_IO_DidInit; /* IO system has been initialized? */
const char SmFileMagic[] = "sm_file";
/* An open type to map to fopen()-like behavior */
SM_FILE_T SmFtStdio_def =
{SmFileMagic, 0, 0, 0, (SMRW|SMFBF), -1, {0, 0}, 0, 0, 0,
sm_stdclose, sm_stdread, sm_stdseek, sm_stdwrite,
sm_stdopen, sm_stdsetinfo, sm_stdgetinfo, SM_TIME_FOREVER,
SM_TIME_BLOCK, "stdio" };
/* An open type to map to fdopen()-like behavior */
SM_FILE_T SmFtStdiofd_def =
{SmFileMagic, 0, 0, 0, (SMRW|SMFBF), -1, {0, 0}, 0, 0, 0,
sm_stdclose, sm_stdread, sm_stdseek, sm_stdwrite,
sm_stdfdopen, sm_stdsetinfo, sm_stdgetinfo, SM_TIME_FOREVER,
SM_TIME_BLOCK, "stdiofd" };
/* A string file type */
SM_FILE_T SmFtString_def =
{SmFileMagic, 0, 0, 0, (SMRW|SMNBF), -1, {0, 0}, 0, 0, 0,
sm_strclose, sm_strread, sm_strseek, sm_strwrite,
sm_stropen, sm_strsetinfo, sm_strgetinfo, SM_TIME_FOREVER,
SM_TIME_BLOCK, "string" };
#if 0
/* A file type for syslog communications */
SM_FILE_T SmFtSyslog_def =
{SmFileMagic, 0, 0, 0, (SMRW|SMNBF), -1, {0, 0}, 0, 0, 0,
sm_syslogclose, sm_syslogread, sm_syslogseek, sm_syslogwrite,
sm_syslogopen, sm_syslogsetinfo, sm_sysloggetinfo, SM_TIME_FOREVER,
SM_TIME_BLOCK, "syslog" };
#endif /* 0 */
#define NDYNAMIC 10 /* add ten more whenever necessary */
#define smio(flags, file, name) \
{SmFileMagic, 0, 0, 0, flags, file, {0}, 0, SmIoF+file, 0, \
sm_stdclose, sm_stdread, sm_stdseek, sm_stdwrite, \
sm_stdopen, sm_stdsetinfo, sm_stdgetinfo, SM_TIME_FOREVER, \
SM_TIME_BLOCK, name}
/* sm_magic p r w flags file bf lbfsize cookie ival */
#define smstd(flags, file, name) \
{SmFileMagic, 0, 0, 0, flags, -1, {0}, 0, 0, file, \
sm_stdioclose, sm_stdioread, sm_stdioseek, sm_stdiowrite, \
sm_stdioopen, sm_stdiosetinfo, sm_stdiogetinfo, SM_TIME_FOREVER,\
SM_TIME_BLOCK, name}
/* A file type for interfacing to stdio FILE* streams. */
SM_FILE_T SmFtRealStdio_def = smstd(SMRW|SMNBF, -1, "realstdio");
/* the usual - (stdin + stdout + stderr) */
static SM_FILE_T usual[SM_IO_OPEN_MAX - 3];
static struct sm_glue smuglue = { 0, SM_IO_OPEN_MAX - 3, usual };
/* List of builtin automagically already open file pointers */
SM_FILE_T SmIoF[6] =
{
smio(SMRD|SMLBF, SMIOIN_FILENO, "smioin"), /* smioin */
smio(SMWR|SMLBF, SMIOOUT_FILENO, "smioout"), /* smioout */
smio(SMWR|SMNBF, SMIOERR_FILENO, "smioerr"), /* smioerr */
smstd(SMRD|SMNBF, SMIOIN_FILENO, "smiostdin"), /* smiostdin */
smstd(SMWR|SMNBF, SMIOOUT_FILENO, "smiostdout"),/* smiostdout */
smstd(SMWR|SMNBF, SMIOERR_FILENO, "smiostderr") /* smiostderr */
};
/* Structure containing list of currently open file pointers */
struct sm_glue smglue = { &smuglue, 3, SmIoF };
/*
** SM_MOREGLUE -- adds more space for open file pointers
**
** Parameters:
** n -- number of new spaces for file pointers
**
** Returns:
** Raises an exception if no more memory.
** Otherwise, returns a pointer to new spaces.
*/
static struct sm_glue *sm_moreglue_x __P((int));
static SM_FILE_T empty;
static struct sm_glue *
sm_moreglue_x(n)
register int n;
{
register struct sm_glue *g;
register SM_FILE_T *p;
g = (struct sm_glue *) sm_pmalloc_x(sizeof(*g) + SM_ALIGN_BITS +
n * sizeof(SM_FILE_T));
p = (SM_FILE_T *) SM_ALIGN(g + 1);
g->gl_next = NULL;
g->gl_niobs = n;
g->gl_iobs = p;
while (--n >= 0)
*p++ = empty;
return g;
}
/*
** SM_FP -- allocate and initialize an SM_FILE structure
**
** Parameters:
** t -- file type requested to be opened.
** flags -- control flags for file type behavior
** oldfp -- file pointer to reuse if available (optional)
**
** Returns:
** Raises exception on memory exhaustion.
** Aborts if type is invalid.
** Otherwise, returns file pointer for requested file type.
*/
SM_FILE_T *
sm_fp(t, flags, oldfp)
const SM_FILE_T *t;
const int flags;
SM_FILE_T *oldfp;
{
register SM_FILE_T *fp;
register int n;
register struct sm_glue *g;
SM_REQUIRE(t->f_open && t->f_close && (t->f_read || t->f_write));
if (!Sm_IO_DidInit)
sm_init();
if (oldfp != NULL)
{
fp = oldfp;
goto found; /* for opening reusing an 'fp' */
}
for (g = &smglue;; g = g->gl_next)
{
for (fp = g->gl_iobs, n = g->gl_niobs; --n >= 0; fp++)
if (fp->sm_magic == NULL)
goto found;
if (g->gl_next == NULL)
g->gl_next = sm_moreglue_x(NDYNAMIC);
}
found:
fp->sm_magic = SmFileMagic; /* 'fp' now valid and in-use */
fp->f_p = NULL; /* no current pointer */
fp->f_w = 0; /* nothing to write */
fp->f_r = 0; /* nothing to read */
fp->f_flags = flags;
fp->f_file = -1; /* no file */
fp->f_bf.smb_base = NULL; /* no buffer */
fp->f_bf.smb_size = 0; /* no buffer size with no buffer */
fp->f_lbfsize = 0; /* not line buffered */
fp->f_flushfp = NULL; /* no associated flush file */
fp->f_cookie = fp; /* default: *open* overrides cookie setting */
fp->f_close = t->f_close; /* assign close function */
fp->f_read = t->f_read; /* assign read function */
fp->f_seek = t->f_seek; /* assign seek function */
fp->f_write = t->f_write; /* assign write function */
fp->f_open = t->f_open; /* assign open function */
fp->f_setinfo = t->f_setinfo; /* assign setinfo function */
fp->f_getinfo = t->f_getinfo; /* assign getinfo function */
fp->f_type = t->f_type; /* file type */
fp->f_ub.smb_base = NULL; /* no ungetc buffer */
fp->f_ub.smb_size = 0; /* no size for no ungetc buffer */
if (fp->f_timeout == SM_TIME_DEFAULT)
fp->f_timeout = SM_TIME_FOREVER;
else
fp->f_timeout = t->f_timeout; /* traditional behavior */
fp->f_timeoutstate = SM_TIME_BLOCK; /* by default */
return fp;
}
/*
** SM_CLEANUP -- cleanup function when exit called.
**
** This function is registered via atexit().
**
** Parameters:
** none
**
** Returns:
** nothing.
**
** Side Effects:
** flushes open files before they are forced closed
*/
void
sm_cleanup()
{
int timeout = SM_TIME_DEFAULT;
(void) sm_fwalk(sm_flush, &timeout); /* `cheating' */
}
/*
** SM_INIT -- called whenever sm_io's internal variables must be set up.
**
** Parameters:
** none
**
** Returns:
** none
**
** Side Effects:
** Registers sm_cleanup() using atexit().
*/
void
sm_init()
{
if (Sm_IO_DidInit) /* paranoia */
return;
/* more paranoia: initialize pointers in a static variable */
empty.f_type = NULL;
empty.sm_magic = NULL;
/* make sure we clean up on exit */
atexit(sm_cleanup); /* conservative */
Sm_IO_DidInit = true;
}
/*
** SM_IO_SETINFO -- change info for an open file type (fp)
**
** The generic SM_IO_WHAT_VECTORS is auto supplied for all file types.
** If the request is to set info other than SM_IO_WHAT_VECTORS then
** the request is passed on to the file type's specific setinfo vector.
** WARNING: this is working on an active/open file type.
**
** Parameters:
** fp -- file to make the setting on
** what -- type of information to set
** valp -- structure to obtain info from
**
** Returns:
** 0 on success
** -1 on error and sets errno:
** - when what != SM_IO_WHAT_VECTORS and setinfo vector
** not set
** - when vectored setinfo returns -1
*/
int
sm_io_setinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
SM_FILE_T *v = (SM_FILE_T *) valp;
SM_REQUIRE_ISA(fp, SmFileMagic);
switch (what)
{
case SM_IO_WHAT_VECTORS:
/*
** This is the "generic" available for all.
** This allows the function vectors to be replaced
** while the file type is active.
*/
fp->f_close = v->f_close;
fp->f_read = v->f_read;
fp->f_seek = v->f_seek;
fp->f_write = v->f_write;
fp->f_open = v->f_open;
fp->f_setinfo = v->f_setinfo;
fp->f_getinfo = v->f_getinfo;
sm_free(fp->f_type);
fp->f_type = sm_strdup_x(v->f_type);
return 0;
case SM_IO_WHAT_TIMEOUT:
fp->f_timeout = *((int *)valp);
return 0;
}
/* Otherwise the vector will check it out */
if (fp->f_setinfo == NULL)
{
errno = EINVAL;
return -1;
}
else
return (*fp->f_setinfo)(fp, what, valp);
}
/*
** SM_IO_GETINFO -- get information for an active file type (fp)
**
** This function supplies for all file types the answers for the
-** three requests SM_IO_WHAT_VECTORS, SM_IO_WHAT_TYPE and
-** SM_IO_WHAT_ISTYPE. Other requests are handled by the getinfo
+** three requests SM_IO_WHAT_VECTORS, and SM_IO_WHAT_ISTYPE.
+** Other requests are handled by the getinfo
** vector if available for the open file type.
** SM_IO_WHAT_VECTORS returns information for the file pointer vectors.
-** SM_IO_WHAT_TYPE returns the type identifier for the file pointer
** SM_IO_WHAT_ISTYPE returns >0 if the passed in type matches the
** file pointer's type.
** SM_IO_IS_READABLE returns 1 if there is data available for reading,
** 0 otherwise.
**
** Parameters:
** fp -- file pointer for active file type
** what -- type of information request
** valp -- structure to place obtained info into
**
** Returns:
** -1 on error and sets errno:
** - when valp==NULL and request expects otherwise
-** - when request is not SM_IO_WHAT_VECTORS and not
-** SM_IO_WHAT_TYPE and not SM_IO_WHAT_ISTYPE
+** - when request is not SM_IO_WHAT_VECTORS
+** and not SM_IO_WHAT_ISTYPE
** and getinfo vector is NULL
** - when getinfo type vector returns -1
** >=0 on success
*/
int
sm_io_getinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
SM_FILE_T *v = (SM_FILE_T *) valp;
SM_REQUIRE_ISA(fp, SmFileMagic);
switch (what)
{
case SM_IO_WHAT_VECTORS:
if (valp == NULL)
{
errno = EINVAL;
return -1;
}
/* This is the "generic" available for all */
v->f_close = fp->f_close;
v->f_read = fp->f_read;
v->f_seek = fp->f_seek;
v->f_write = fp->f_write;
v->f_open = fp->f_open;
v->f_setinfo = fp->f_setinfo;
v->f_getinfo = fp->f_getinfo;
v->f_type = fp->f_type;
return 0;
- case SM_IO_WHAT_TYPE:
- if (valp == NULL)
- {
- errno = EINVAL;
- return -1;
- }
- valp = sm_strdup_x(fp->f_type);
- return 0;
-
case SM_IO_WHAT_ISTYPE:
if (valp == NULL)
{
errno = EINVAL;
return -1;
}
return strcmp(fp->f_type, valp) == 0;
case SM_IO_IS_READABLE:
/* if there is data in the buffer, it must be readable */
if (fp->f_r > 0)
return 1;
/* otherwise query the underlying file */
break;
case SM_IO_WHAT_TIMEOUT:
*((int *) valp) = fp->f_timeout;
return 0;
case SM_IO_WHAT_FD:
if (fp->f_file > -1)
return fp->f_file;
/* try the file type specific getinfo to see if it knows */
break;
}
/* Otherwise the vector will check it out */
if (fp->f_getinfo == NULL)
{
errno = EINVAL;
return -1;
}
return (*fp->f_getinfo)(fp, what, valp);
}
diff --git a/libsm/flags.c b/libsm/flags.c
index 0786b026ffe4..49853271af5d 100644
--- a/libsm/flags.c
+++ b/libsm/flags.c
@@ -1,64 +1,64 @@
/*
* Copyright (c) 2000-2001, 2004, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: flags.c,v 1.24 2013-11-22 20:51:42 ca Exp $")
#include <sys/types.h>
#include <sys/file.h>
#include <errno.h>
#include <sm/io.h>
#include "local.h"
/*
** SM_FLAGS -- translate external (user) flags into internal flags
**
-** Paramters:
+** Parameters:
** flags -- user select flags
**
** Returns:
** Internal flag value matching user selected flags
*/
int
sm_flags(flags)
int flags;
{
int ret;
switch(SM_IO_MODE(flags))
{
case SM_IO_RDONLY: /* open for reading */
ret = SMRD;
break;
case SM_IO_WRONLY: /* open for writing */
ret = SMWR;
break;
case SM_IO_APPEND: /* open for appending */
ret = SMWR;
break;
case SM_IO_RDWR: /* open for read and write */
ret = SMRW;
break;
default:
ret = 0;
break;
}
if (SM_IS_BINARY(flags))
ret |= SM_IO_BINARY;
return ret;
}
diff --git a/libsm/fopen.c b/libsm/fopen.c
index 33ddc6015b9b..7dd1751c98b3 100644
--- a/libsm/fopen.c
+++ b/libsm/fopen.c
@@ -1,374 +1,374 @@
/*
* Copyright (c) 2000-2002, 2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: fopen.c,v 1.63 2013-11-22 20:51:42 ca Exp $")
#include <errno.h>
#include <setjmp.h>
#include <sm/time.h>
#include <sm/heap.h>
#include <sm/signal.h>
#include <sm/assert.h>
#include <sm/io.h>
#include <sm/clock.h>
#include "local.h"
static void openalrm __P((int));
static void reopenalrm __P((int));
extern int sm_io_fclose __P((SM_FILE_T *));
static jmp_buf OpenTimeOut, ReopenTimeOut;
/*
** OPENALRM -- handler when timeout activated for sm_io_open()
**
** Returns flow of control to where setjmp(OpenTimeOut) was set.
**
** Parameters:
** sig -- unused
**
** Returns:
** does not return
**
** Side Effects:
** returns flow of control to setjmp(OpenTimeOut).
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED0 */
static void
openalrm(sig)
int sig;
{
longjmp(OpenTimeOut, 1);
}
/*
** REOPENALRM -- handler when timeout activated for sm_io_reopen()
**
** Returns flow of control to where setjmp(ReopenTimeOut) was set.
**
** Parameters:
** sig -- unused
**
** Returns:
** does not return
**
** Side Effects:
** returns flow of control to setjmp(ReopenTimeOut).
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED0 */
static void
reopenalrm(sig)
int sig;
{
longjmp(ReopenTimeOut, 1);
}
/*
** SM_IO_OPEN -- open a file of a specific type
**
** Parameters:
** type -- type of file to open
** timeout -- time to complete the open
-** info -- info describing what is to be opened (type dependant)
+** info -- info describing what is to be opened (type dependent)
** flags -- user selected flags
** rpool -- pointer to rpool to be used for this open
**
** Returns:
** Raises exception on heap exhaustion.
** Aborts if type is invalid.
** Returns NULL and sets errno
** - when the type specific open fails
** - when open vector errors
** - when flags not set or invalid
** Success returns a file pointer to the opened file type.
*/
SM_FILE_T *
sm_io_open(type, timeout, info, flags, rpool)
const SM_FILE_T *type;
int SM_NONVOLATILE timeout; /* this is not the file type timeout */
const void *info;
int flags;
const void *rpool;
{
register SM_FILE_T *fp;
int ioflags;
SM_EVENT *evt = NULL;
ioflags = sm_flags(flags);
if (ioflags == 0)
{
/* must give some indication/intent */
errno = EINVAL;
return NULL;
}
if (timeout == SM_TIME_DEFAULT)
timeout = SM_TIME_FOREVER;
if (timeout == SM_TIME_IMMEDIATE)
{
errno = EAGAIN;
return NULL;
}
fp = sm_fp(type, ioflags, NULL);
/* Okay, this is where we set the timeout. */
if (timeout != SM_TIME_FOREVER)
{
if (setjmp(OpenTimeOut) != 0)
{
errno = EAGAIN;
return NULL;
}
evt = sm_seteventm(timeout, openalrm, 0);
}
if ((*fp->f_open)(fp, info, flags, rpool) < 0)
{
fp->f_flags = 0; /* release */
fp->sm_magic = NULL; /* release */
return NULL;
}
/* We're back. So undo our timeout and handler */
if (evt != NULL)
sm_clrevent(evt);
#if SM_RPOOL
if (rpool != NULL)
sm_rpool_attach_x(rpool, sm_io_fclose, fp);
-#endif /* SM_RPOOL */
+#endif
return fp;
}
/*
** SM_IO_DUP -- duplicate a file pointer
**
** Parameters:
** fp -- file pointer to duplicate
**
** Returns:
** Success - the duplicated file pointer
** Failure - NULL (was an invalid file pointer or too many open)
**
** Increments the duplicate counter (dup_cnt) for the open file pointer.
** The counter counts the number of duplicates. When the duplicate
** counter is 0 (zero) then the file pointer is the only one left
** (no duplicates, it is the only one).
*/
SM_FILE_T *
sm_io_dup(fp)
SM_FILE_T *fp;
{
SM_REQUIRE_ISA(fp, SmFileMagic);
if (fp->sm_magic != SmFileMagic)
{
errno = EBADF;
return NULL;
}
if (fp->f_dup_cnt >= INT_MAX - 1)
{
/* Can't let f_dup_cnt wrap! */
errno = EMFILE;
return NULL;
}
fp->f_dup_cnt++;
return fp;
}
/*
** SM_IO_REOPEN -- open a new file using the old file pointer
**
** Parameters:
** type -- file type to be opened
** timeout -- time to complete the reopen
-** info -- infomation about what is to be "re-opened" (type dep.)
+** info -- information about what is to be "re-opened" (type dep.)
** flags -- user flags to map to internal flags
** rpool -- rpool file to be associated with
** fp -- the file pointer to reuse
**
** Returns:
** Raises an exception on heap exhaustion.
** Aborts if type is invalid.
** Failure: returns NULL
** Success: returns "reopened" file pointer
*/
SM_FILE_T *
sm_io_reopen(type, timeout, info, flags, rpool, fp)
const SM_FILE_T *type;
int SM_NONVOLATILE timeout;
const void *info;
int flags;
const void *rpool;
SM_FILE_T *fp;
{
int ioflags, ret;
SM_FILE_T *fp2;
SM_EVENT *evt = NULL;
if ((ioflags = sm_flags(flags)) == 0)
{
(void) sm_io_close(fp, timeout);
return NULL;
}
if (!Sm_IO_DidInit)
sm_init();
if (timeout == SM_TIME_DEFAULT)
timeout = SM_TIME_FOREVER;
if (timeout == SM_TIME_IMMEDIATE)
{
/*
** Filling the buffer will take time and we are wanted to
** return immediately. So...
*/
errno = EAGAIN;
return NULL;
}
/* Okay, this is where we set the timeout. */
if (timeout != SM_TIME_FOREVER)
{
if (setjmp(ReopenTimeOut) != 0)
{
errno = EAGAIN;
return NULL;
}
evt = sm_seteventm(timeout, reopenalrm, 0);
}
/*
** There are actually programs that depend on being able to "reopen"
** descriptors that weren't originally open. Keep this from breaking.
** Remember whether the stream was open to begin with, and which file
** descriptor (if any) was associated with it. If it was attached to
** a descriptor, defer closing it; reopen("/dev/stdin", "r", stdin)
** should work. This is unnecessary if it was not a Unix file.
*/
if (fp != NULL)
{
if (fp->sm_magic != SmFileMagic)
fp->f_flags = SMFEOF; /* hold on to it */
else
{
/* flush the stream; ANSI doesn't require this. */
(void) sm_io_flush(fp, SM_TIME_FOREVER);
(void) sm_io_close(fp, SM_TIME_FOREVER);
}
}
fp2 = sm_fp(type, ioflags, fp);
ret = (*fp2->f_open)(fp2, info, flags, rpool);
/* We're back. So undo our timeout and handler */
if (evt != NULL)
sm_clrevent(evt);
if (ret < 0)
{
fp2->f_flags = 0; /* release */
fp2->sm_magic = NULL; /* release */
return NULL;
}
/*
** We're not preserving this logic (below) for sm_io because it is now
** abstracted at least one "layer" away. By closing and reopening
** the 1st fd used should be the just released one (when Unix
** behavior followed). Old comment::
** If reopening something that was open before on a real file, try
** to maintain the descriptor. Various C library routines (perror)
** assume stderr is always fd STDERR_FILENO, even if being reopen'd.
*/
#if SM_RPOOL
if (rpool != NULL)
sm_rpool_attach_x(rpool, sm_io_close, fp2);
-#endif /* SM_RPOOL */
+#endif
return fp2;
}
/*
** SM_IO_AUTOFLUSH -- link another file to this for auto-flushing
**
** When a read occurs on fp, fp2 will be flushed iff there is no
** data waiting on fp.
**
** Parameters:
** fp -- the file opened for reading.
** fp2 -- the file opened for writing.
**
** Returns:
** The old flush file pointer.
*/
SM_FILE_T *
sm_io_autoflush(fp, fp2)
SM_FILE_T *fp;
SM_FILE_T *fp2;
{
SM_FILE_T *savefp;
SM_REQUIRE_ISA(fp, SmFileMagic);
if (fp2 != NULL)
SM_REQUIRE_ISA(fp2, SmFileMagic);
savefp = fp->f_flushfp;
fp->f_flushfp = fp2;
return savefp;
}
/*
** SM_IO_AUTOMODE -- link another file to this for auto-moding
**
** When the mode (blocking or non-blocking) changes for fp1 then
** update fp2's mode at the same time. This is to be used when
** a system dup() has generated a second file descriptor for
** another sm_io_open() by file descriptor. The modes have been
** linked in the system and this formalizes it for sm_io internally.
**
** Parameters:
** fp1 -- the first file
** fp2 -- the second file
**
** Returns:
** nothing
*/
void
sm_io_automode(fp1, fp2)
SM_FILE_T *fp1;
SM_FILE_T *fp2;
{
SM_REQUIRE_ISA(fp1, SmFileMagic);
SM_REQUIRE_ISA(fp2, SmFileMagic);
fp1->f_modefp = fp2;
fp2->f_modefp = fp1;
}
diff --git a/libsm/fpos.c b/libsm/fpos.c
index 30015f57599b..fc21f84d7c43 100644
--- a/libsm/fpos.c
+++ b/libsm/fpos.c
@@ -1,153 +1,153 @@
/*
* Copyright (c) 2000-2001, 2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: fpos.c,v 1.40 2013-11-22 20:51:42 ca Exp $")
#include <errno.h>
#include <setjmp.h>
#include <sm/time.h>
#include <sm/heap.h>
#include <sm/signal.h>
#include <sm/clock.h>
#include <sm/io.h>
#include <sm/assert.h>
#include "local.h"
static void tellalrm __P((int));
static jmp_buf TellTimeOut;
/*
** TELLALRM -- handler when timeout activated for sm_io_tell()
**
** Returns flow of control to where setjmp(TellTimeOut) was set.
**
** Parameters:
** sig -- unused
**
** Returns:
** does not return
**
** Side Effects:
** returns flow of control to setjmp(TellTimeOut).
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED0 */
static void
tellalrm(sig)
int sig;
{
longjmp(TellTimeOut, 1);
}
/*
** SM_IO_TELL -- position the file pointer
**
-** Paramters:
+** Parameters:
** fp -- the file pointer to get repositioned
** timeout -- time to complete the tell (milliseconds)
**
** Returns:
** Success -- the repositioned location.
** Failure -- -1 (minus 1) and sets errno
*/
long
sm_io_tell(fp, timeout)
register SM_FILE_T *fp;
int SM_NONVOLATILE timeout;
{
register off_t pos;
SM_EVENT *evt = NULL;
SM_REQUIRE_ISA(fp, SmFileMagic);
if (fp->f_seek == NULL)
{
errno = ESPIPE; /* historic practice */
return -1L;
}
if (timeout == SM_TIME_DEFAULT)
timeout = fp->f_timeout;
if (timeout == SM_TIME_IMMEDIATE)
{
/*
** Filling the buffer will take time and we are wanted to
** return immediately. So...
*/
errno = EAGAIN;
return -1L;
}
/*
** Find offset of underlying I/O object, then adjust byte position
** may adjust seek offset on append stream
*/
(void) sm_flush(fp, (int *) &timeout);
/* This is where we start the timeout */
if (timeout != SM_TIME_FOREVER)
{
if (setjmp(TellTimeOut) != 0)
{
errno = EAGAIN;
return -1L;
}
evt = sm_seteventm(timeout, tellalrm, 0);
}
if (fp->f_flags & SMOFF)
pos = fp->f_lseekoff;
else
{
/* XXX only set the timeout here? */
pos = (*fp->f_seek)(fp, (off_t) 0, SM_IO_SEEK_CUR);
if (pos == -1L)
goto clean;
}
if (fp->f_flags & SMRD)
{
/*
** Reading. Any unread characters (including
** those from ungetc) cause the position to be
** smaller than that in the underlying object.
*/
pos -= fp->f_r;
if (HASUB(fp))
pos -= fp->f_ur;
}
else if (fp->f_flags & SMWR && fp->f_p != NULL)
{
/*
** Writing. Any buffered characters cause the
** position to be greater than that in the
** underlying object.
*/
pos += fp->f_p - fp->f_bf.smb_base;
}
clean:
/* We're back. So undo our timeout and handler */
if (evt != NULL)
sm_clrevent(evt);
return pos;
}
diff --git a/libsm/fscanf.c b/libsm/fscanf.c
index c45ef3a3cad0..0ca6f6f2d2db 100644
--- a/libsm/fscanf.c
+++ b/libsm/fscanf.c
@@ -1,55 +1,55 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: fscanf.c,v 1.18 2013-11-22 20:51:42 ca Exp $")
#include <sm/varargs.h>
#include <sm/assert.h>
#include <sm/io.h>
#include "local.h"
/*
** SM_IO_FSCANF -- convert input data to translated format
**
** Parameters:
** fp -- the file pointer to obtain the data from
** timeout -- time to complete scan
** fmt -- the format to translate the data to
-** ... -- memory locations to place the formated data
+** ... -- memory locations to place the formatted data
**
** Returns:
** Failure: returns SM_IO_EOF
** Success: returns the number of data units translated
*/
int
#if SM_VA_STD
sm_io_fscanf(SM_FILE_T *fp, int timeout, char const *fmt, ...)
#else /* SM_VA_STD */
sm_io_fscanf(fp, timeout, fmt, va_alist)
SM_FILE_T *fp;
int timeout;
char *fmt;
va_dcl
#endif /* SM_VA_STD */
{
int ret;
SM_VA_LOCAL_DECL
SM_REQUIRE_ISA(fp, SmFileMagic);
SM_VA_START(ap, fmt);
ret = sm_vfscanf(fp, timeout, fmt, ap);
SM_VA_END(ap);
return ret;
}
diff --git a/libsm/io.html b/libsm/io.html
index 5304d26236bd..3efdfebb58c7 100644
--- a/libsm/io.html
+++ b/libsm/io.html
@@ -1,745 +1,744 @@
<html>
<head>
<title>libsm sm_io general overview</title>
</head>
<body>
<a href="index.html">Back to libsm overview</a>
<center>
<h1>libsm sm_io general overview</h1>
<br> $Id: io.html,v 1.3 2001-03-17 03:22:50 gshapiro Exp $
</center>
<h2> Introduction </h2>
<p>
The <i>sm_io</i> portion of the <i>libsm</i> library is similar to
the <i>stdio</i> library. It is derived from the Chris Torek version
of the <i>stdio</i> library (BSD). There are some key differences
described below between <i>sm_io</i> and <i>stdio</i> but many
similarities will be noticed.
</p>
<p>
A key difference between <i>stdio</i> and <i>sm_io</i> is that the
functional code that does the open, close, read, write, etc. on a file
can be different for different files. For example, with <i>stdio</i>
the functional code (read, write) is either the default supplied in the
library or a "programmer specified" set of functions set via
<i>sm_io_open()</i>. Whichever set of functions are specified <b>all</b>
open's, read's, write's, etc use the same set of functions. In contrast, with
<i>sm_io</i> a different set of functions can be specified with each
active file for read's, write's, etc. These different function sets
are identified as <b>file types</b> (see <tt>sm_io_open()</tt>). Each function
set can handle the actions directly, pass the action request to
another function set or do some work before passing it on to another function
set. The setting of a function set for a file type can be done for
a file type at any time (even after the type is open).
</p>
<p>
A second difference is the use of <a href="rpool.html"><b>rpools</b></a>.
An <b>rpool</b> is specified with the opening of a file
(<tt>sm_io_open()</tt>).
This allows of a file to be associated with an rpool so that when the
rpool is released the open file will be closed; the <tt>sm_io_open()</tt>
registers that <tt>sm_io_close()</tt> should be called when the rpool is
released.
</p>
<p>
A third difference is that the I/O functions take a <i>timeout</i>
argument. This allows the setting of a maximum amount of time allowable
for the I/O to be completed. This means the calling program does not need
to setup it's own timeout mechanism. NOTE: SIGALRM's should not be
active in the calling program when an I/O function with a <i>timeout</i>
is used.
</p>
<p>
When converting source code from <i>stdio</i> to <i>sm_io</i> be
very careful to NOTE: the arguments to functions have been rationalized.
That is, unlike <i>stdio</i>, all <i>sm_io</i> functions that
take a file pointer (SM_FILE_T *) argument have the file pointer
as the first argument. Also not all functions with <i>stdio</i> have
an identical matching <i>sm_io</i> API: the API list has been thinned
since a number of <i>stdio</i> API's overlapped in functionality.
Remember many functions also have a <i>timeout</i> argument added.
</p>
<p>
When a file is going to be opened, the file type is included with
<tt>sm_io_open()</tt>.
A file type is either one automatically included with the <i>sm_io</i>
library or one created by the program at runtime.
File types can be either buffered or unbuffered. When buffered the buffering
is either the builtin <i>sm_io</i> buffering or as done by the file type.
File types can be disk files, strings, TCP/IP connections or whatever
your imagination can come up with that can be read and/or written to.
</p>
<p>
Information about a particular file type or pointer can be obtained or set with
the <i>sm_io</i> "info" functions.
The <tt>sm_io_setinfo()</tt> and <tt>sm_io_getinfo()</tt> functions work on
an active file pointer.
</p>
<h2>Include files</h2>
<p>
There is one main include file for use with sm_io: <i>io.h</i>. Since the
use of <b>rpools</b> is specified with <tt>sm_io_open()</tt> an
<b>rpool</b> may
be created and thus <i>rpool.h</i> may need to be included as well
(before io.h).
</p>
<pre>
#include &lt;rpool.h&gt;
#include &lt;io.h&gt;
</pre>
<h2>Functions/API's</h2>
<p>
Below is a list of the functions for <i>sm_io</i> listed in
alphabetical order. Currently these functions return error codes
and set errno when appropriate. These (may?/will?) change to
raising exceptions later.
</p>
<pre>
<a href="#sm_io_autoflush">SM_FILE_T *sm_io_autoflush(SM_FILE_T *fp, SM_FILE_T *)</a>
<a href="#sm_io_automode">void sm_io_automode(SM_FILE_T *fp, SM_FILE_T *)</a>
<a href="#defaultapi">void sm_io_clearerr(SM_FILE_T *fp)</a>
<a href="#sm_io_close">int sm_io_close(SM_FILE_T *fp, int timeout)</a>
<a href="#defaultapi">int sm_io_dup(SM_FILE_T *fp)</a>
<a href="#defaultapi">int sm_io_eof(SM_FILE_T *fp)</a>
<a href="#defaultapi">int sm_io_error(SM_FILE_T *fp)</a>
<a href="#defaultapi">char * sm_io_fgets(SM_FILE_T *fp, int timeout, char *buf, int n)</a>
<a href="#defaultapi">int sm_io_flush(SM_FILE_T *fp, int timeout)</a>
<a href="#sm_io_fopen">int sm_io_fopen(char *pathname, int flags [, MODE_T mode])</a>
<a href="#defaultapi">int sm_io_fprintf(SM_FILE_T *fp, int timeout, const char *fmt, ...)</a>
<a href="#defaultapi">int sm_io_fputs(s, int, SM_FILE_T *fp)</a>
<a href="#defaultapi">int sm_io_fscanf(SM_FILE_T *fp, int timeout, char const *fmt, ...) </a>
<a href="#defaultapi">int sm_io_getc(SM_FILE_T *fp, int timeout)</a>
<a href="#sm_io_getinfo">void sm_io_getinfo(SM_FILE_T *sfp, int what, void *valp)</a>
<a href="#sm_io_open">SM_FILE_T * sm_io_open(SM_FILE_T type, int timeout, void *info, int flags, void *rpool)</a>
<a href="#defaultapi">int sm_io_purge(SM_FILE_T *fp)</a>
<a href="#defaultapi">int sm_io_putc(SM_FILE_T *fp, int timeout, int c)</a>
<a href="#defaultapi">size_t sm_io_read(SM_FILE_T *fp, int timeout, char *buf, size_t size)</a>
<a href="#sm_io_reopen">SM_FILE_T * sm_io_open(SM_FILE_T type, int timeout, void *info, int flags, void *rpool)</a>
<a href="#defaultapi">void sm_io_rewind(SM_FILE_T *fp, int timeout)</a>
<a href="#defaultapi">int sm_io_seek(SM_FILE_T *fp, off_t offset, int timeout, int whence)</a>
<a href="#sm_io_setinfo">void sm_io_setinfo(SM_FILE_T *sfp, int what, void *valp)</a>
<a href="#defaultapi">int sm_io_setvbuf(SM_FILE_T *fp, int timeout, char *buf, int mode, size_t size)</a>
<a href="#defaultapi">int sm_io_sscanf(const char *str, char const *fmt, ...)</a>
<a href="#defaultapi">long sm_io_tell(SM_FILE_T *fp, int timeout)</a>
<a href="#defaultapi">int sm_io_ungetc(SM_FILE_T *fp, int timeout, int c)</a>
<a href="#defaultapi">size_t sm_io_write(SM_FILE_T *fp, int timeout, char *buf, size_t size)</a>
<a href="#defaultapi">int sm_snprintf(char *str, size_t n, char const *fmt, ...)</a>
</pre>
-<a name="timeouts">
-<h2>Timeouts</h2>
+<h2><a name="timeouts">Timeouts</a></h2>
<p>
For many of the functions a <i>timeout</i> argument is given. This limits
the amount of time allowed for the function to complete. There are three
pre-defined values:
<menu>
<li>
SM_TIME_DEFAULT - timeout using the default setting for this file type
</li>
<li>
SM_TIME_FOREVER - timeout will take forever; blocks until task completed
</li>
<li>
SM_TIME_IMMEDIATE - timeout (virtually) now
</li>
</menu>
</p>
<p>
A function caller can also specify a positive integer value in milliseconds.
A function will return with <i>errno</i> set to EINVAL if a bad value
is given for <i>timeout</i>.
When a function times out the function returns in error with <i>errno</i>
set to <b>EAGAIN</b>. In the future this may change to an exception being
thrown.
</p>
<h2>Function Descriptions</h2>
<dl>
<!-- SM_IO_FOPEN -->
<p></p>
<dt><tt><a name="sm_io_fopen">
SM_FILE_T *
<br>
sm_io_fopen(char *pathname, int flags)
<br>
SM_FILE_T *
<br>
sm_io_fopen(char *pathname, int flags, MODE_T mode)
</a></tt></dt>
<dd>
Open the file named by <tt>pathname</tt>, and associate a stream with it.
The arguments are the same as for the <tt>open(2)</tt> system call.
<br>
If memory could not be allocated, an exception is raised.
If successful, an <tt>SM_FILE_T</tt> pointer is returned.
Otherwise, <tt>NULL</tt> is returned and <tt>errno</tt> is set.
<!-- SM_IO_OPEN -->
<p></p>
<dt><tt><a name="sm_io_open">
SM_FILE_T *
<br>
sm_io_open(const SM_FILE_T *type, int timeout, const void *info, int flags, void *rpool)
</a></tt></dt>
<dd>
Opens a file by <i>type</i> directed by <i>info</i>. <i>Type</i> is a filled-in
SM_FILE_T structure from the following builtin list
(<a href="#builtins"><b>descriptions below</b></a>)
or one specified by the program.
<menu>
<li>
SmFtString
</li>
<li>
SmFtStdio
</li>
<li>
SmFtStdiofd
</li>
<li>
smioin <b>*</b>
</li>
<li>
smioout <b>*</b>
</li>
<li>
smioerr <b>*</b>
</li>
<li>
smiostdin <b>*</b>
</li>
<li>
smiostdout <b>*</b>
</li>
<li>
smiostderr <b>*</b>
</li>
<li>
SmFtSyslog
</li>
</menu>
<br>
The above list of file types are already appropriately filled in. Those marked
with a "<b>*</b>" are already open and may be used directly and immediately.
For program specified types, to set the <i>type</i> argument easily and with minimal error the macro
<b>SM_IO_SET_TYPE</b> should be used. The SM_FILE_T structure is fairly
large, but only a small portion of it need to be initialized for a new
type.
See also <a href="#writefunctions">"Writing Functions for a File Type"</a>.
<menu>
<pre>
SM_IO_SET_TYPE(type, name, open, close, read, write, seek, get, set, timeout)
</pre>
</menu>
<br>
<i>Timeout</i> is set as described in the <a href="#timeouts"><b>Timeouts</b></a>
section.
<br>
<i>Info</i> is information that describes for the file type what is
to be opened and any associated information.
For a disk file this would be a file path; with a TCP
connection this could be an a structure containing an IP address and port.
<br><i>Flags</i> is a
set of sm_io flags that describes how the file is to be interacted with:
<menu>
<li>
SM_IO_RDWR - read and write
</li>
<li>
SM_IO_RDONLY - read only
</li>
<li>
SM_IO_WRONLY - write only
</li>
<li>
SM_IO_APPEND - allow write to EOF only
</li>
<li>
SM_IO_APPENDRW - allow read-write from EOF only
</li>
<li>
SM_IO_RDWRTR - read and write with truncation of file first
</li>
</menu>
<i>Rpool</i> is the address of the rpool that this open is to be associated
with. When the rpool is released then the close function for this
file type will be automatically called to close the file for cleanup.
If NULL is specified for <i>rpool</i> then the close function is not
associated (attached) to an rpool.
<br>
On cannot allocate memory, an exception is raised.
If the <i>type</i> is invalid, <tt>sm_io_open</tt> will abort the process.
On success an SM_FILE_T * pointer is returned.
On failure the NULL pointer is returned and errno is set.
</dd>
<!-- SM_IO_SETINFO -->
<p></p>
<dt><tt><a name="sm_io_setinfo">
int
<br>
sm_io_setinfo(SM_FILE_T *sfp, int what, void *valp)
</a></tt></dt>
<dd>
For the open file <i>sfp</i> set the indicated information (<i>what</i>)
to the new value <i>(valp</i>).
This will make the change for this SM_FILE_T only. The file
type that <i>sfp</i> originally belonged to will still be
configured the same way (this is to prevent side-effect
to other open's of the same file type, particularly with threads).
-The value of <i>what</i> will be file-type dependant since this function
+The value of <i>what</i> will be file-type dependent since this function
is one of the per file type setable functions.
One value for <i>what</i> that is valid for all file types is
SM_WHAT_VECTORS. This sets the currently open file with a new function
vector set for open, close, etc. The new values are taken from <i>valp</i>
a SM_FILE_T filled in by the used via the macro SM_IO_SET_TYPE
(see and <a href="#writefunctions">
"Writing Functions for a File Type"</a> for more information).
<br>
On success 0 (zero) is returned. On failure -1 is returned and errno is set.
</dd>
<!-- SM_IO_GETINFO -->
<p></p>
<dt><tt><a name="sm_io_getinfo">
int
<br>
sm_io_getinfo(SM_FILE_T *sfp, int what, void *valp)
</a></tt></dt>
<dd>
For the open file <i>sfp</i> get the indicated information (<i>what</i>)
and place the result in <i>(valp</i>).
This will obtain information for SM_FILE_T only and may be different than
the information for the file type it was originally opened as.
-The value of <i>what</i> will be file type dependant since this function
+The value of <i>what</i> will be file type dependent since this function
is one of the per file type setable functions.
One value for <i>what</i> that is valid for all file types is
SM_WHAT_VECTORS. This gets from the currently open file a copy of
the function vectors and stores them in <i>valp</i> a SM_FILE_T
(see <a href="#writefunctions">
"Writing Functions for a File Type"</a> for more information).
<br>
On success 0 (zero) is returned. On failure -1 is returned and errno is set.
</dd>
<!-- SM_IO_AUTOFLUSH -->
<p></p>
<dt><tt><a name="sm_io_autoflush">
void
<br>
sm_io_autoflush(SM_FILE_T *fp1, *SM_FILE_T fp2)
</a></tt></dt>
<dd>
Associate a read of <i>fp1</i> with a data flush for <i>fp2</i>. If a read
of <i>fp1</i> discovers that there is no data available to be read, then
<i>fp2</i> will have it's data buffer flushed for writable data. It is
assumed that <i>fp1</i> is open for reading and <i>fp2</i> is open
for writing.
<br>
On return the old file pointer associated with <i>fp1</i> for flushing
is returned. A return of NULL is no an error; this merely indicates no
previous association.
</dd>
<!-- SM_IO_AUTOMODE -->
<p></p>
<dt><tt><a name="sm_io_automode">
void
<br>
sm_io_automode(SM_FILE_T *fp1, *SM_FILE_T fp2)
-<dt><tt><a name="sm_io_automode">
+<dt>
</a></tt></dt>
<dd>
Associate the two file pointers for blocking/non-blocking mode changes.
In the handling of timeouts <i>sm_io</i> may need to switch the mode of
a file between blocking and non-blocking. If the underlying file descriptor
has been duplicated with <tt>dup(2)</tt> and these descriptors are used
by <i>sm_io</i> (for example with an SmFtStdiofd file type), then this API
should be called to associate them. Otherwise odd behavior (i.e. errors)
-may result that is not consistently reproducable nor easily identifiable.
+may result that is not consistently reproducible nor easily identifiable.
</dd>
<!-- SM_IO_CLOSE -->
<p></p>
<dt><tt><a name="sm_io_close">
int
<br>
sm_io_close(SM_FILE_T *sfp, int timeout)
</a></tt></dt>
<dd>
Release all resources (file handles, memory, etc.) associated with
the open SM_FILE_T <i>sfp</i>. If buffering is active then the
buffer is flushed before any resources are released.
<i>Timeout</i> is set as described in the <a href="#timeouts"><b>Timeouts</b></a>
section.
The first resources released after buffer flushing will be the
buffer itself. Then the <b>close</b> function specified in the
file type at open will be called. It is the responsibility
of the <b>close</b> function to release any file type
specific resources allocated and to call <tt>sm_io_close()</tt>
for the next file type layer(s) that the current file type uses (if any).
<br>
On success 0 (zero) is returned. On failure SM_IO_EOF is returned and
errno is set.
</dd>
</dl>
<h2>
<a name="builtins">Description of Builtin File Types</a>
</h2>
<p>
There are several builtin file types as mentioned in <tt>sm_io_open()</tt>.
More file types may be added later.
</p>
<dl>
<p></p>
<dt><tt>SmFtString</tt></dt>
<dd>
Operates on a character string. <i>SmFtString</i> is a file type only.
The string starts at the location 0 (zero)
and ends at the last character. A read will obtain the requested
number of characters if available; else as many as possible. A read
will not terminate the read characters with a NULL ('\0'). A write
will place the number of requested characters at the current location.
To append to a string either the pointer must currently be at the end
of the string or a seek done to position the pointer. The file type
handles the space needed for the string. Thus space needed for the
string will be grown automagically without the user worrying about
space management.
</dd>
<dt><tt>SmFtStdio</tt></dt>
<dd>
A predefined SM_FILE_T structure with function vectors pointing to
functions that result in the file-type behaving as the system stdio
normally does. The <i>info</i> portion of the <tt>sm_io_open</tt>
is the path of the file to be opened. Note that this file type
does not interact with the system's stdio. Thus a program mixing system
stdio and sm_io stdio (SmFtStdio) will result in uncoordinated input
and output.
</dd>
<dt><tt>SmFtStdiofd</tt></dt>
<dd>
A predefined SM_FILE_T structure with function vectors pointing to
functions that result in the file-type behaving as the system stdio
normally does. The <i>info</i> portion of the <tt>sm_io_open</tt>
is a file descriptor (the value returned by open(2)). Note that this file type
does not interact with the system's stdio. Thus a program mixing system
stdio and sm_io stdio (SmFtStdio) will result in uncoordinated input
and output.
</dd>
<dt><tt>smioin</tt></dt>
<dt><tt>smioout</tt></dt>
<dt><tt>smioerr</tt></dt>
<dd>
The three types <i>smioin</i>, <i>smioout</i> and <i>smioerr</i> are grouped
together. These three types
perform in the same manner as <b>stdio</b>'s <i>stdin</i>, <i>stdout</i>
and <i>stderr</i>. These types are both the names and the file pointers.
-They are already open when a program starts (unless the parent explictly
+They are already open when a program starts (unless the parent explicitly
closed file descriptors 0, 1 and 2).
Thus <tt>sm_io_open()</tt> should never be called for these types:
the named file pointers should be used directly.
<i>Smioin</i> and <i>smioout</i> are buffered
by default. <i>Smioerr</i> is not buffered by default. Calls to <b>stdio</b>
are safe to make when using these three<b>sm_io</b> file pointers.
There is no interaction between <b>sm_io</b> and <b>stdio</b>. Hence,
due to buffering, the sequence of input and output data from both <b>sm_io</b>
and <b>stdio</b> at the same time may appear unordered. For
coordination between <b>sm_io</b> and <b>stdio</b> use the three
file pointers below (<i>smiostdin, smiostdout, smiostderr</i>).
</dd>
<dt><tt>smiostdin</tt></dt>
<dt><tt>smiostdout</tt></dt>
<dt><tt>smiostderr</tt></dt>
<dd>
The three types <i>smiostdin</i>, <i>smioostdut</i> and <i>smiostderr</i>
are grouped together. These three types
perform in the same manner as <b>stdio</b>'s <i>stdin</i>, <i>stdout</i>
and <i>stderr</i>. These types are both the names and file pointers.
-They are already open when a program starts (unless the parent explictly
+They are already open when a program starts (unless the parent explicitly
close file descriptors 0, 1 and 2).
Thus <tt>sm_io_open()</tt> should
never be called: the named file pointers should be used directly.
Calls to <b>stdio</b> are safe to make when using these three<b>sm_io</b>
file pointers though no code is shared between the two libaries.
However, the input and output between <i>sm_io</i> and <i>stdio</i> is
coordinated for these three file pointers: <i>smiostdin</i>,
<i>smiostdout</i> and <i>smiostderr</i> are layered on-top-of
the system's <i>stdio</i>.
<i>Smiostdin</i>, <i>smiostdout</i>
and <i>Smiostderr</i> are not buffered by default.
Hence, due to buffering in <i>stdio</i> only, the sequence of input and
output data from both <b>sm_io</b> and <b>stdio</b> at the same time will
appear ordered. If <i>sm_io</i> buffering is turned on then the
input and output can appear unordered or lost.
</dd>
<dt><tt>SmFtSyslog</tt></dt>
<dd>
This opens the channel to the system log. Reads are not allowed. Writes
cannot be undone once they have left the <i>sm_io</i> buffer.
The man pages for <tt>syslog(3)</tt> should be read for information
on syslog.
</dd>
</dl>
<p></p>
<hr>
<p></p>
<h2>
<a name="writefunctions">
Writing Functions for a File Type
</a>
</h2>
<p>
When writing functions to create a file type a function needs to
be created for each function vector in the SM_FILE_T structure
that will be passed to <tt>sm_io_open()</tt> or <tt>sm_io_setinfo()</tt>.
Otherwise the setting will be rejected and <i>errno</i> set to EINVAL.
Each function should accept and handle the number and types of arguments as
described in the portion of the SM_FILE_T structure shown below:
</p>
<pre>
int (*open) __P((SM_FILE_T *fp, const void *, int flags,
const void *rpool));
int (*close) __P((SM_FILE_T *fp));
int (*read) __P((SM_FILE_T *fp, char *buf, size_t size));
int (*write) __P((SM_FILE_T *fp, const char *buf, size_t size));
off_t (*seek) __P((SM_FILE_T *fp, off_t offset, int whence));
int (*getinfo) __P((SM_FILE_T *fp, int what, void *valp));
int (*setinfo) __P((SM_FILE_T *fp, int what, void *valp));
</pre>
<p>
The macro SM_IO_SET_TYPE should be used to initialized an SM_FILE_T as a file
type for an <tt>sm_io_open()</tt>:
<menu>
<pre>
SM_IO_SET_TYPE(type, name, open, close, read, write, seek, get, set, timeout)
</pre>
<br>
where:
<menu>
<li>
type - is the SM_FILE_T being filled-in
</li>
<li>
name - a human readable character string for human identification purposes
</li>
<li>
open - the vector to the open function
</li>
<li>
close - the vector to the close function
</li>
<li>
read - the vector to the read function
</li>
<li>
write - the vector to the write function
</li>
<li>
seek - the vector to the seek function
</li>
<li>
set - the vector to the set function
</li>
<li>
get - the vector to the get function
</li>
<li>
timeout - the default to be used for a timeout when SM_TIME_DEFAULT specified
</li>
</menu>
</menu>
You should avoid trying to change or use the other structure members of the
SM_FILE_T. The file pointer content (internal structure members) of an active
file should only be set and observed with the "info" functions.
The two exceptions to the above statement are the structure members
<i>cookie</i> and <i>ival</i>. <i>Cookie</i> is of type <tt>void *</tt>
while <i>ival</i> is of type <tt>int</tt>. These two structure members exist
specificly for your created file type to use. The <i>sm_io</i> functions
will not change or set these two structure members; only specific file type
will change or set these variables.
</p>
<p>
For maintaining information privately about status for a file type the
information should be encapsulated in a <i>cookie</i>. A <i>cookie</i>
is an opaque type that contains information that is only known to
the file type layer itself. The <i>sm_io</i> package will know
nothing about the contents of the <i>cookie</i>; <i>sm_io</i> only
maintains the location of the <i>cookie</i> so that it may be passed
to the functions of a file type. It is up to the file type to
determine what to do with the <i>cookie</i>. It is the responsibility
of the file type's open to create the cookie and point the SM_FILE_T's
<i>cookie</i> at the address of the cookie.
It is the responsibility of close to clean up
any resources that the cookie and instance of the file type have used.
</p>
<p>
For the <i>cookie</i> to be passed to all members of a function type
cleanly the location of the cookie must assigned during
the call to open. The file type functions should not attempt to
maintain the <i>cookie</i> internally since the file type may have
serveral instances (file pointers).
</p>
<p>
The SM_FILE_T's member <i>ival</i> may be used in a manner similar to
<i>cookie</i>. It is not to be used for maintaining the file's offset
or access status (other members do that). It is intended as a "light"
reference.
</p>
<p>
The file type vector functions are called by the <tt>sm_io_*()</tt>
functions after <i>sm_io</i> processing has occurred. The <i>sm_io</i>
processing validates SM_FILE_T's and may then handle the call entirely
itself or pass the request to the file type vector functions.
</p>
<p>
All of the "int" functions should return -1 (minus one) on failure
and 0 (zero) or greater on success. <i>Errno</i> should be set to
provide diagnostic information to the caller if it has not already
been set by another function the file type function used.
</p>
<p>
Examples are a wonderful manner of clarifying details. Below is an example
of an open function.
</p>
<p>
This shows the setup.
<menu>
<pre>
SM_FILE_T *fp;
SM_FILE_T SM_IO_SET_TYPE(vector, "my_type", myopen, myclose, myread, mywrite,
myseek, myget, myset, SM_TIME_FOREVER);
fp = sm_io_open(&vector, 1000, "data", SM_IO_RDONLY, NULL);
if (fp == NULL)
return(-1);
</pre>
The above code open's a file of type "my_type". The <i>info</i> is set
to a string "data". "data" may be the name of a file or have some special
meaning to the file type. For sake of the example, we will have it be
the name of a file in the home directory of the user running the program.
Now the only file type function that is dependent on this information
will be the open function.
<br>
We have also specified read-only access (SM_IO_RDONLY) and that no <i>rpool</i>
will be used. The <i>timeout</i> has been set to 1000 milliseconds which
directs that the file and all associated setup should be done within
1000 milliseconds or return that the function erred (with errno==EAGAIN).
<pre>
int myopen(fp, info, flags, rpools)
SM_FILE_T *fp;
const void *info;
int flags;
void *rpool;
{
/*
** now we could do the open raw (i.e with read(2)), but we will
** use file layering instead. We will use the <i>stdio</i> file
** type (different than the system's stdio).
*/
struct passwd *pw;
char path[PATH_MAX];
pw = getpwuid(getuid());
sm_io_snprintf(path, PATH_MAX, "%s/%s", pw->pw_dir, info);
/*
** Okay. Now the path pass-in has been prefixed with the
** user's HOME directory. We'll call the regular stdio (SmFtStdio)
** now to handle the rest of the open.
*/
fp->cookie = sm_io_open(SmFtStdio, path, flags, rpools);
if (fp->cookie == NULL)
return(-1) /* errno set by sm_io_open call */
else
return(0);
}
</pre>
Later on when a write is performed the function <tt>mywrite</tt> will
be invoked. To match the above <tt>myopen</tt>, <tt>mywrite</tt> could
be written as:
<pre>
int mywrite(fp, buf, size)
SM_FILE_T *fp;
char *buf;
size_t size;
{
/*
** As an example, we can change, modify, refuse, filter, etc.
** the content being passed through before we ask the SmFtStdio
** to do the actual write.
** This example is very simple and contrived, but this keeps it
** clear.
*/
if (size == 0)
return(0); /* why waste the cycles? */
if (*buf == 'X')
*buf = 'Y';
/*
** Note that the file pointer passed to the next level is the
** one that was stored in the cookie during the open.
*/
return(sm_io_write(fp->cookie, buf, size));
}
</pre>
As a thought-exercise for the fair reader: how would you modify the
above two functions to make a "tee". That is the program will call
<tt>sm_io_open</tt> or <tt>sm_io_write</tt> and two or more files will
be opened and written to. (Hint: create a cookie to hold two or more
file pointers).
</menu>
</p>
<p></p>
<hr>
<br>
<hr>
<p></p>
<center>
<h1>
<a name="defaultapi">
libsm sm_io default API definition
</a>
</h1>
</center>
<h2> Introduction </h2>
<p>
A number of <i>sm_io</i> API's perform similar to their <i>stdio</i>
counterparts (same name as when the "sm_io_" is removed).
One difference between <i>sm_io</i> and <i>stdio</i> functions is that
if a "file pointer" (FILE/SM_FILE_T)
is one of the arguments for the function, then it is now the first
argument. <i>Sm_io</i> is standardized so that when a file pointer is
one of the arguments to function then it will always be the first
-arguement. Many of the <i>sm_io</i> function take a <i>timeout</i>
+argument. Many of the <i>sm_io</i> function take a <i>timeout</i>
argument (see <a href="#timeouts"><b>Timeouts</b></a>).
</p>
<p>
The API you have selected is one of these. Please consult the
appropriate <i>stdio</i> man page for now.
</p>
</body>
</html>
diff --git a/libsm/ldap.c b/libsm/ldap.c
index 9359aedfdeda..116dc8fac343 100644
--- a/libsm/ldap.c
+++ b/libsm/ldap.c
@@ -1,1452 +1,1619 @@
/*
* Copyright (c) 2001-2009 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
/* some "deprecated" calls are used, e.g., ldap_get_values() */
#define LDAP_DEPRECATED 1
#include <sm/gen.h>
SM_RCSID("@(#)$Id: ldap.c,v 1.86 2013-11-22 20:51:43 ca Exp $")
#if LDAPMAP
# include <sys/types.h>
# include <errno.h>
# include <setjmp.h>
# include <stdlib.h>
# include <unistd.h>
# include <sm/bitops.h>
# include <sm/clock.h>
# include <sm/conf.h>
# include <sm/debug.h>
# include <sm/errstring.h>
# include <sm/ldap.h>
# include <sm/string.h>
# ifdef EX_OK
# undef EX_OK /* for SVr4.2 SMP */
-# endif /* EX_OK */
+# endif
# include <sm/sysexits.h>
SM_DEBUG_T SmLDAPTrace = SM_DEBUG_INITIALIZER("sm_trace_ldap",
"@(#)$Debug: sm_trace_ldap - trace LDAP operations $");
-static void ldaptimeout __P((int));
static bool sm_ldap_has_objectclass __P((SM_LDAP_STRUCT *, LDAPMessage *, char *));
static SM_LDAP_RECURSE_ENTRY *sm_ldap_add_recurse __P((SM_LDAP_RECURSE_LIST **, char *, int, SM_RPOOL_T *));
/*
** SM_LDAP_CLEAR -- set default values for SM_LDAP_STRUCT
**
** Parameters:
** lmap -- pointer to SM_LDAP_STRUCT to clear
**
** Returns:
** None.
**
*/
#if _FFR_LDAP_VERSION
# if defined(LDAP_VERSION_MAX) && _FFR_LDAP_VERSION > LDAP_VERSION_MAX
ERROR FFR_LDAP_VERSION > _LDAP_VERSION_MAX
-# endif /* defined(LDAP_VERSION_MAX) && _FFR_LDAP_VERSION > LDAP_VERSION_MAX */
+# endif
# if defined(LDAP_VERSION_MIN) && _FFR_LDAP_VERSION < LDAP_VERSION_MIN
ERROR FFR_LDAP_VERSION < _LDAP_VERSION_MIN
-# endif /* defined(LDAP_VERSION_MIN) && _FFR_LDAP_VERSION < LDAP_VERSION_MIN */
+# endif
# define SM_LDAP_VERSION_DEFAULT _FFR_LDAP_VERSION
#else /* _FFR_LDAP_VERSION */
# define SM_LDAP_VERSION_DEFAULT 0
#endif /* _FFR_LDAP_VERSION */
void
sm_ldap_clear(lmap)
SM_LDAP_STRUCT *lmap;
{
if (lmap == NULL)
return;
lmap->ldap_host = NULL;
lmap->ldap_port = LDAP_PORT;
lmap->ldap_uri = NULL;
lmap->ldap_version = SM_LDAP_VERSION_DEFAULT;
lmap->ldap_deref = LDAP_DEREF_NEVER;
lmap->ldap_timelimit = LDAP_NO_LIMIT;
lmap->ldap_sizelimit = LDAP_NO_LIMIT;
# ifdef LDAP_REFERRALS
lmap->ldap_options = LDAP_OPT_REFERRALS;
-# else /* LDAP_REFERRALS */
+# else
lmap->ldap_options = 0;
-# endif /* LDAP_REFERRALS */
+# endif
lmap->ldap_attrsep = '\0';
lmap->ldap_binddn = NULL;
lmap->ldap_secret = NULL;
lmap->ldap_method = LDAP_AUTH_SIMPLE;
lmap->ldap_base = NULL;
lmap->ldap_scope = LDAP_SCOPE_SUBTREE;
lmap->ldap_attrsonly = LDAPMAP_FALSE;
lmap->ldap_timeout.tv_sec = 0;
lmap->ldap_timeout.tv_usec = 0;
lmap->ldap_ld = NULL;
lmap->ldap_filter = NULL;
lmap->ldap_attr[0] = NULL;
lmap->ldap_attr_type[0] = SM_LDAP_ATTR_NONE;
lmap->ldap_attr_needobjclass[0] = NULL;
lmap->ldap_res = NULL;
lmap->ldap_next = NULL;
lmap->ldap_pid = 0;
lmap->ldap_multi_args = false;
}
+# if _FFR_SM_LDAP_DBG && defined(LBER_OPT_LOG_PRINT_FN)
+static void ldap_debug_cb __P((const char *msg));
+
+static void
+ldap_debug_cb(msg)
+ const char *msg;
+{
+ if (sm_debug_active(&SmLDAPTrace, 4))
+ sm_dprintf("%s", msg);
+}
+# endif /* _FFR_SM_LDAP_DBG && defined(LBER_OPT_LOG_PRINT_FN) */
+
+
+# if LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT)
+# define SET_LDAP_TMO(ld, lmap) \
+ do \
+ { \
+ if (lmap->ldap_networktmo > 0) \
+ { \
+ struct timeval tmo; \
+ \
+ if (sm_debug_active(&SmLDAPTrace, 9)) \
+ sm_dprintf("ldap_networktmo=%d\n", \
+ lmap->ldap_networktmo); \
+ tmo.tv_sec = lmap->ldap_networktmo; \
+ tmo.tv_usec = 0; \
+ ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tmo); \
+ } \
+ } while (0)
+# else /* LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */
+# define SET_LDAP_TMO(ld, lmap)
+# endif /* LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */
+
+/*
+** SM_LDAP_SETOPTSG -- set some (global) LDAP options
+**
+** Parameters:
+** lmap -- LDAP map information
+**
+** Returns:
+** None.
+**
+*/
+
+# if _FFR_SM_LDAP_DBG
+static bool dbg_init = false;
+# endif
+# if SM_CONF_LDAP_INITIALIZE
+static void sm_ldap_setoptsg __P((SM_LDAP_STRUCT *lmap));
+static void
+sm_ldap_setoptsg(lmap)
+ SM_LDAP_STRUCT *lmap;
+{
+# if USE_LDAP_SET_OPTION
+
+ SET_LDAP_TMO(NULL, lmap);
+
+# if _FFR_SM_LDAP_DBG
+ if (!dbg_init && sm_debug_active(&SmLDAPTrace, 1) &&
+ lmap->ldap_debug != 0)
+ {
+ int r;
+# if defined(LBER_OPT_LOG_PRINT_FN)
+ r = ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN, ldap_debug_cb);
+# endif
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_debug0=%d\n", lmap->ldap_debug);
+ r = ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL,
+ &(lmap->ldap_debug));
+ if (sm_debug_active(&SmLDAPTrace, 9) && r != LDAP_OPT_SUCCESS)
+ sm_dprintf("ber_set_option=%d\n", r);
+ r = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL,
+ &(lmap->ldap_debug));
+ if (sm_debug_active(&SmLDAPTrace, 9) && r != LDAP_OPT_SUCCESS)
+ sm_dprintf("ldap_set_option=%d\n", r);
+ dbg_init = true;
+ }
+# endif /* _FFR_SM_LDAP_DBG */
+# endif /* USE_LDAP_SET_OPTION */
+}
+# endif /* SM_CONF_LDAP_INITIALIZE */
+
+/*
+** SM_LDAP_SETOPTS -- set LDAP options
+**
+** Parameters:
+** ld -- LDAP session handle
+** lmap -- LDAP map information
+**
+** Returns:
+** None.
+**
+*/
+
+void
+sm_ldap_setopts(ld, lmap)
+ LDAP *ld;
+ SM_LDAP_STRUCT *lmap;
+{
+# if USE_LDAP_SET_OPTION
+ if (lmap->ldap_version != 0)
+ {
+ ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
+ &lmap->ldap_version);
+ }
+ ldap_set_option(ld, LDAP_OPT_DEREF, &lmap->ldap_deref);
+ if (bitset(LDAP_OPT_REFERRALS, lmap->ldap_options))
+ ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON);
+ else
+ ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+ ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->ldap_sizelimit);
+ ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->ldap_timelimit);
+ SET_LDAP_TMO(ld, lmap);
+# if _FFR_SM_LDAP_DBG
+ if ((!dbg_init || ld != NULL) && sm_debug_active(&SmLDAPTrace, 1)
+ && lmap->ldap_debug > 0)
+ {
+ int r;
+
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_debug=%d, dbg_init=%d\n",
+ lmap->ldap_debug, dbg_init);
+ r = ldap_set_option(ld, LDAP_OPT_DEBUG_LEVEL,
+ &(lmap->ldap_debug));
+ if (sm_debug_active(&SmLDAPTrace, 9) && r != LDAP_OPT_SUCCESS)
+ sm_dprintf("ldap_set_option=%d\n", r);
+ }
+# endif /* _FFR_SM_LDAP_DBG */
+# ifdef LDAP_OPT_RESTART
+ ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON);
+# endif
+
+# else /* USE_LDAP_SET_OPTION */
+ /* From here on in we can use ldap internal timelimits */
+ ld->ld_deref = lmap->ldap_deref;
+ ld->ld_options = lmap->ldap_options;
+ ld->ld_sizelimit = lmap->ldap_sizelimit;
+ ld->ld_timelimit = lmap->ldap_timelimit;
+# endif /* USE_LDAP_SET_OPTION */
+}
+
/*
** SM_LDAP_START -- actually connect to an LDAP server
**
** Parameters:
** name -- name of map for debug output.
** lmap -- the LDAP map being opened.
**
** Returns:
** true if connection is successful, false otherwise.
**
** Side Effects:
** Populates lmap->ldap_ld.
*/
+# if !USE_LDAP_INIT || !LDAP_NETWORK_TIMEOUT
static jmp_buf LDAPTimeout;
+static void ldaptimeout __P((int));
+
+/* ARGSUSED */
+static void
+ldaptimeout(unused)
+ int unused;
+{
+ /*
+ ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
+ ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
+ ** DOING.
+ */
+
+ errno = ETIMEDOUT;
+ longjmp(LDAPTimeout, 1);
+}
+
-#define SM_LDAP_SETTIMEOUT(to) \
+#define SM_LDAP_SETTIMEOUT(to, where) \
do \
{ \
if (to != 0) \
{ \
if (setjmp(LDAPTimeout) != 0) \
{ \
+ if (sm_debug_active(&SmLDAPTrace, 9)) \
+ sm_dprintf("ldap_settimeout(%s)=triggered\n",\
+ where); \
errno = ETIMEDOUT; \
return false; \
} \
ev = sm_setevent(to, ldaptimeout, 0); \
} \
} while (0)
#define SM_LDAP_CLEARTIMEOUT() \
do \
{ \
if (ev != NULL) \
sm_clrevent(ev); \
} while (0)
+#endif /* !USE_LDAP_INIT || !LDAP_NETWORK_TIMEOUT */
bool
sm_ldap_start(name, lmap)
char *name;
SM_LDAP_STRUCT *lmap;
{
- int bind_result;
int save_errno = 0;
char *id;
+# if !USE_LDAP_INIT || !LDAP_NETWORK_TIMEOUT
SM_EVENT *ev = NULL;
+# endif
LDAP *ld = NULL;
+ struct timeval tmo;
+ int msgid, err, r;
if (sm_debug_active(&SmLDAPTrace, 2))
sm_dprintf("ldapmap_start(%s)\n", name == NULL ? "" : name);
if (lmap->ldap_host != NULL)
id = lmap->ldap_host;
else if (lmap->ldap_uri != NULL)
id = lmap->ldap_uri;
else
id = "localhost";
if (sm_debug_active(&SmLDAPTrace, 9))
{
/* Don't print a port number for LDAP URIs */
if (lmap->ldap_uri != NULL)
sm_dprintf("ldapmap_start(%s)\n", id);
else
sm_dprintf("ldapmap_start(%s, %d)\n", id,
lmap->ldap_port);
}
if (lmap->ldap_uri != NULL)
{
#if SM_CONF_LDAP_INITIALIZE
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_initialize(%s)\n", lmap->ldap_uri);
/* LDAP server supports URIs so use them directly */
save_errno = ldap_initialize(&ld, lmap->ldap_uri);
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_initialize(%s)=%d, ld=%p\n", lmap->ldap_uri, save_errno, ld);
+ sm_ldap_setoptsg(lmap);
+
#else /* SM_CONF_LDAP_INITIALIZE */
- int err;
LDAPURLDesc *ludp = NULL;
/* Blast apart URL and use the ldap_init/ldap_open below */
err = ldap_url_parse(lmap->ldap_uri, &ludp);
if (err != 0)
{
errno = err + E_LDAPURLBASE;
return false;
}
lmap->ldap_host = sm_strdup_x(ludp->lud_host);
if (lmap->ldap_host == NULL)
{
save_errno = errno;
ldap_free_urldesc(ludp);
errno = save_errno;
return false;
}
lmap->ldap_port = ludp->lud_port;
ldap_free_urldesc(ludp);
#endif /* SM_CONF_LDAP_INITIALIZE */
}
if (ld == NULL)
{
# if USE_LDAP_INIT
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_init(%s, %d)\n", lmap->ldap_host, lmap->ldap_port);
ld = ldap_init(lmap->ldap_host, lmap->ldap_port);
save_errno = errno;
+
# else /* USE_LDAP_INIT */
/*
** If using ldap_open(), the actual connection to the server
** happens now so we need the timeout here. For ldap_init(),
** the connection happens at bind time.
*/
- SM_LDAP_SETTIMEOUT(lmap->ldap_timeout.tv_sec);
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_open(%s, %d)\n", lmap->ldap_host, lmap->ldap_port);
+
+ SM_LDAP_SETTIMEOUT(lmap->ldap_timeout.tv_sec, "ldap_open");
ld = ldap_open(lmap->ldap_host, lmap->ldap_port);
save_errno = errno;
/* clear the event if it has not sprung */
SM_LDAP_CLEARTIMEOUT();
# endif /* USE_LDAP_INIT */
}
errno = save_errno;
if (ld == NULL)
+ {
+ if (sm_debug_active(&SmLDAPTrace, 7))
+ sm_dprintf("FAIL: ldap_open(%s, %d)=%d\n", lmap->ldap_host, lmap->ldap_port, save_errno);
return false;
+ }
sm_ldap_setopts(ld, lmap);
-
-# if USE_LDAP_INIT
+# if USE_LDAP_INIT && !LDAP_NETWORK_TIMEOUT
/*
** If using ldap_init(), the actual connection to the server
** happens at ldap_bind_s() so we need the timeout here.
*/
- SM_LDAP_SETTIMEOUT(lmap->ldap_timeout.tv_sec);
-# endif /* USE_LDAP_INIT */
+ SM_LDAP_SETTIMEOUT(lmap->ldap_timeout.tv_sec, "ldap_bind");
+# endif /* USE_LDAP_INIT && !LDAP_NETWORK_TIMEOUT */
# ifdef LDAP_AUTH_KRBV4
if (lmap->ldap_method == LDAP_AUTH_KRBV4 &&
lmap->ldap_secret != NULL)
{
/*
** Need to put ticket in environment here instead of
** during parseargs as there may be different tickets
** for different LDAP connections.
*/
(void) putenv(lmap->ldap_secret);
}
# endif /* LDAP_AUTH_KRBV4 */
- bind_result = ldap_bind_s(ld, lmap->ldap_binddn,
- lmap->ldap_secret, lmap->ldap_method);
+# if LDAP_NETWORK_TIMEOUT
+ tmo.tv_sec = lmap->ldap_networktmo;
+# else
+ tmo.tv_sec = lmap->ldap_timeout.tv_sec;
+# endif
+ tmo.tv_usec = 0;
-# if USE_LDAP_INIT
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_bind(%s)\n", lmap->ldap_uri);
+ errno = 0;
+ msgid = ldap_bind(ld, lmap->ldap_binddn, lmap->ldap_secret,
+ lmap->ldap_method);
+ save_errno = errno;
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_bind(%s)=%d, errno=%d, tmo=%ld\n",
+ lmap->ldap_uri, msgid, save_errno,
+ (long) tmo.tv_sec);
+ if (-1 == msgid)
+ {
+ r = -1;
+ goto fail;
+ }
+
+ errno = 0;
+ r = ldap_result(ld, msgid, LDAP_MSG_ALL,
+ tmo.tv_sec == 0 ? NULL : &(tmo), &(lmap->ldap_res));
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_result(%s)=%d, errno=%d\n", lmap->ldap_uri, r, errno);
+ if (-1 == r)
+ goto fail;
+ if (0 == r)
+ {
+ save_errno = ETIMEDOUT;
+ r = -1;
+ goto fail;
+ }
+ r = ldap_parse_result(ld, lmap->ldap_res, &err, NULL, NULL, NULL, NULL,
+ 1);
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_parse_result(%s)=%d, err=%d\n", lmap->ldap_uri, r, err);
+ if (r != LDAP_SUCCESS)
+ goto fail;
+ if (err != LDAP_SUCCESS)
+ {
+ r = -1;
+ goto fail;
+ }
+
+# if USE_LDAP_INIT && !LDAP_NETWORK_TIMEOUT
/* clear the event if it has not sprung */
SM_LDAP_CLEARTIMEOUT();
-# endif /* USE_LDAP_INIT */
+ if (sm_debug_active(&SmLDAPTrace, 9))
+ sm_dprintf("ldap_cleartimeout(%s)\n", lmap->ldap_uri);
+# endif /* USE_LDAP_INIT && !LDAP_NETWORK_TIMEOUT */
- if (bind_result != LDAP_SUCCESS)
+ if (r != LDAP_SUCCESS)
{
- errno = bind_result + E_LDAPBASE;
+ fail:
+ if (-1 == r)
+ errno = save_errno;
+ else
+ errno = r + E_LDAPBASE;
return false;
}
/* Save PID to make sure only this PID closes the LDAP connection */
lmap->ldap_pid = getpid();
lmap->ldap_ld = ld;
return true;
}
-/* ARGSUSED */
-static void
-ldaptimeout(unused)
- int unused;
-{
- /*
- ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
- ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
- ** DOING.
- */
-
- errno = ETIMEDOUT;
- longjmp(LDAPTimeout, 1);
-}
-
/*
** SM_LDAP_SEARCH_M -- initiate multi-key LDAP search
**
** Initiate an LDAP search, return the msgid.
** The calling function must collect the results.
**
** Parameters:
** lmap -- LDAP map information
** argv -- key vector of substitutions in LDAP filter
-** NOTE: argv must have SM_LDAP_ARGS elements to prevent
+** NOTE: argv must have SM_LDAP_ARGS elements to prevent
** out of bound array references
**
** Returns:
** <0 on failure (SM_LDAP_ERR*), msgid on success
**
*/
int
sm_ldap_search_m(lmap, argv)
SM_LDAP_STRUCT *lmap;
char **argv;
{
int msgid;
char *fp, *p, *q;
char filter[LDAPMAP_MAX_FILTER + 1];
SM_REQUIRE(lmap != NULL);
SM_REQUIRE(argv != NULL);
SM_REQUIRE(argv[0] != NULL);
memset(filter, '\0', sizeof filter);
fp = filter;
p = lmap->ldap_filter;
while ((q = strchr(p, '%')) != NULL)
{
char *key;
if (lmap->ldap_multi_args)
{
#if SM_LDAP_ARGS < 10
# ERROR _SM_LDAP_ARGS must be 10
#endif /* SM_LDAP_ARGS < 10 */
if (q[1] == 's')
key = argv[0];
else if (q[1] >= '0' && q[1] <= '9')
{
key = argv[q[1] - '0'];
if (key == NULL)
{
# if SM_LDAP_ERROR_ON_MISSING_ARGS
return SM_LDAP_ERR_ARG_MISS;
# else /* SM_LDAP_ERROR_ON_MISSING_ARGS */
key = "";
# endif /* SM_LDAP_ERROR_ON_MISSING_ARGS */
}
}
else
key = NULL;
}
else
key = argv[0];
if (q[1] == 's')
{
(void) sm_snprintf(fp, SPACELEFT(filter, fp),
"%.*s%s", (int) (q - p), p, key);
fp += strlen(fp);
p = q + 2;
}
else if (q[1] == '0' ||
(lmap->ldap_multi_args && q[1] >= '0' && q[1] <= '9'))
{
char *k = key;
(void) sm_snprintf(fp, SPACELEFT(filter, fp),
"%.*s", (int) (q - p), p);
fp += strlen(fp);
p = q + 2;
/* Properly escape LDAP special characters */
while (SPACELEFT(filter, fp) > 0 &&
*k != '\0')
{
if (*k == '*' || *k == '(' ||
*k == ')' || *k == '\\')
{
(void) sm_strlcat(fp,
(*k == '*' ? "\\2A" :
(*k == '(' ? "\\28" :
(*k == ')' ? "\\29" :
(*k == '\\' ? "\\5C" :
"\00")))),
SPACELEFT(filter, fp));
fp += strlen(fp);
k++;
}
else
*fp++ = *k++;
}
}
else
{
(void) sm_snprintf(fp, SPACELEFT(filter, fp),
"%.*s", (int) (q - p + 1), p);
p = q + (q[1] == '%' ? 2 : 1);
fp += strlen(fp);
}
}
(void) sm_strlcpy(fp, p, SPACELEFT(filter, fp));
if (sm_debug_active(&SmLDAPTrace, 20))
sm_dprintf("ldap search filter=%s\n", filter);
lmap->ldap_res = NULL;
msgid = ldap_search(lmap->ldap_ld, lmap->ldap_base,
lmap->ldap_scope, filter,
(lmap->ldap_attr[0] == NULL ? NULL :
lmap->ldap_attr),
lmap->ldap_attrsonly);
return msgid;
}
/*
** SM_LDAP_SEARCH -- initiate LDAP search
**
** Initiate an LDAP search, return the msgid.
** The calling function must collect the results.
** Note this is just a wrapper into sm_ldap_search_m()
**
** Parameters:
** lmap -- LDAP map information
** key -- key to substitute in LDAP filter
**
** Returns:
** <0 on failure, msgid on success
**
*/
int
sm_ldap_search(lmap, key)
SM_LDAP_STRUCT *lmap;
char *key;
{
char *argv[SM_LDAP_ARGS];
memset(argv, '\0', sizeof argv);
argv[0] = key;
return sm_ldap_search_m(lmap, argv);
}
/*
** SM_LDAP_HAS_OBJECTCLASS -- determine if an LDAP entry is part of a
** particular objectClass
**
** Parameters:
** lmap -- pointer to SM_LDAP_STRUCT in use
** entry -- current LDAP entry struct
** ocvalue -- particular objectclass in question.
** may be of form (fee|foo|fum) meaning
** any entry can be part of either fee,
** foo or fum objectclass
**
** Returns:
** true if item has that objectClass
*/
static bool
sm_ldap_has_objectclass(lmap, entry, ocvalue)
SM_LDAP_STRUCT *lmap;
LDAPMessage *entry;
char *ocvalue;
{
char **vals = NULL;
int i;
if (ocvalue == NULL)
return false;
vals = ldap_get_values(lmap->ldap_ld, entry, "objectClass");
if (vals == NULL)
return false;
for (i = 0; vals[i] != NULL; i++)
{
char *p;
char *q;
p = q = ocvalue;
while (*p != '\0')
{
while (*p != '\0' && *p != '|')
p++;
if ((p - q) == strlen(vals[i]) &&
sm_strncasecmp(vals[i], q, p - q) == 0)
{
ldap_value_free(vals);
return true;
}
while (*p == '|')
p++;
q = p;
}
}
ldap_value_free(vals);
return false;
}
/*
** SM_LDAP_RESULTS -- return results from an LDAP lookup in result
**
** Parameters:
** lmap -- pointer to SM_LDAP_STRUCT in use
** msgid -- msgid returned by sm_ldap_search()
** flags -- flags for the lookup
** delim -- delimiter for result concatenation
** rpool -- memory pool for storage
** result -- return string
** recurse -- recursion list
**
** Returns:
** status (sysexit)
*/
# define SM_LDAP_ERROR_CLEANUP() \
{ \
if (lmap->ldap_res != NULL) \
{ \
ldap_msgfree(lmap->ldap_res); \
lmap->ldap_res = NULL; \
} \
(void) ldap_abandon(lmap->ldap_ld, msgid); \
}
static SM_LDAP_RECURSE_ENTRY *
sm_ldap_add_recurse(top, item, type, rpool)
SM_LDAP_RECURSE_LIST **top;
char *item;
int type;
SM_RPOOL_T *rpool;
{
int n;
int m;
int p;
int insertat;
int moveb;
int oldsizeb;
int rc;
SM_LDAP_RECURSE_ENTRY *newe;
SM_LDAP_RECURSE_ENTRY **olddata;
/*
** This code will maintain a list of
** SM_LDAP_RECURSE_ENTRY structures
** in ascending order.
*/
if (*top == NULL)
{
/* Allocate an initial SM_LDAP_RECURSE_LIST struct */
*top = sm_rpool_malloc_x(rpool, sizeof **top);
(*top)->lrl_cnt = 0;
(*top)->lrl_size = 0;
(*top)->lrl_data = NULL;
}
if ((*top)->lrl_cnt >= (*top)->lrl_size)
{
/* Grow the list of SM_LDAP_RECURSE_ENTRY ptrs */
olddata = (*top)->lrl_data;
if ((*top)->lrl_size == 0)
{
oldsizeb = 0;
(*top)->lrl_size = 256;
}
else
{
oldsizeb = (*top)->lrl_size * sizeof *((*top)->lrl_data);
(*top)->lrl_size *= 2;
}
(*top)->lrl_data = sm_rpool_malloc_x(rpool,
(*top)->lrl_size * sizeof *((*top)->lrl_data));
if (oldsizeb > 0)
memcpy((*top)->lrl_data, olddata, oldsizeb);
}
/*
** Binary search/insert item:type into list.
** Return current entry pointer if already exists.
*/
n = 0;
m = (*top)->lrl_cnt - 1;
if (m < 0)
insertat = 0;
else
insertat = -1;
while (insertat == -1)
{
p = (m + n) / 2;
rc = sm_strcasecmp(item, (*top)->lrl_data[p]->lr_search);
if (rc == 0)
rc = type - (*top)->lrl_data[p]->lr_type;
if (rc < 0)
m = p - 1;
else if (rc > 0)
n = p + 1;
else
return (*top)->lrl_data[p];
if (m == -1)
insertat = 0;
else if (n >= (*top)->lrl_cnt)
insertat = (*top)->lrl_cnt;
else if (m < n)
insertat = m + 1;
}
/*
** Not found in list, make room
** at insert point and add it.
*/
newe = sm_rpool_malloc_x(rpool, sizeof *newe);
if (newe != NULL)
{
moveb = ((*top)->lrl_cnt - insertat) * sizeof *((*top)->lrl_data);
if (moveb > 0)
memmove(&((*top)->lrl_data[insertat + 1]),
&((*top)->lrl_data[insertat]),
moveb);
newe->lr_search = sm_rpool_strdup_x(rpool, item);
newe->lr_type = type;
newe->lr_ludp = NULL;
newe->lr_attrs = NULL;
newe->lr_done = false;
((*top)->lrl_data)[insertat] = newe;
(*top)->lrl_cnt++;
}
return newe;
}
int
sm_ldap_results(lmap, msgid, flags, delim, rpool, result,
resultln, resultsz, recurse)
SM_LDAP_STRUCT *lmap;
int msgid;
int flags;
int delim;
SM_RPOOL_T *rpool;
char **result;
int *resultln;
int *resultsz;
SM_LDAP_RECURSE_LIST *recurse;
{
bool toplevel;
int i;
int statp;
int vsize;
int ret;
int save_errno;
char *p;
SM_LDAP_RECURSE_ENTRY *rl;
/* Are we the top top level of the search? */
toplevel = (recurse == NULL);
/* Get results */
statp = EX_NOTFOUND;
while ((ret = ldap_result(lmap->ldap_ld, msgid, 0,
(lmap->ldap_timeout.tv_sec == 0 ? NULL :
&(lmap->ldap_timeout)),
&(lmap->ldap_res))) == LDAP_RES_SEARCH_ENTRY)
{
LDAPMessage *entry;
/* If we don't want multiple values and we have one, break */
if ((char) delim == '\0' &&
!bitset(SM_LDAP_SINGLEMATCH, flags) &&
*result != NULL)
break;
/* Cycle through all entries */
for (entry = ldap_first_entry(lmap->ldap_ld, lmap->ldap_res);
entry != NULL;
entry = ldap_next_entry(lmap->ldap_ld, lmap->ldap_res))
{
BerElement *ber;
char *attr;
char **vals = NULL;
char *dn;
/*
** If matching only and found an entry,
** no need to spin through attributes
*/
if (bitset(SM_LDAP_MATCHONLY, flags))
{
statp = EX_OK;
continue;
}
#if _FFR_LDAP_SINGLEDN
if (bitset(SM_LDAP_SINGLEDN, flags) && *result != NULL)
{
/* only wanted one match */
SM_LDAP_ERROR_CLEANUP();
errno = ENOENT;
return EX_NOTFOUND;
}
#endif /* _FFR_LDAP_SINGLEDN */
/* record completed DN's to prevent loops */
dn = ldap_get_dn(lmap->ldap_ld, entry);
if (dn == NULL)
{
save_errno = sm_ldap_geterrno(lmap->ldap_ld);
save_errno += E_LDAPBASE;
SM_LDAP_ERROR_CLEANUP();
errno = save_errno;
return EX_TEMPFAIL;
}
rl = sm_ldap_add_recurse(&recurse, dn,
SM_LDAP_ATTR_DN,
rpool);
if (rl == NULL)
{
ldap_memfree(dn);
SM_LDAP_ERROR_CLEANUP();
errno = ENOMEM;
return EX_OSERR;
}
else if (rl->lr_done)
{
/* already on list, skip it */
ldap_memfree(dn);
continue;
}
ldap_memfree(dn);
# if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
/*
** Reset value to prevent lingering
** LDAP_DECODING_ERROR due to
** OpenLDAP 1.X's hack (see below)
*/
lmap->ldap_ld->ld_errno = LDAP_SUCCESS;
# endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */
for (attr = ldap_first_attribute(lmap->ldap_ld, entry,
&ber);
attr != NULL;
attr = ldap_next_attribute(lmap->ldap_ld, entry,
ber))
{
char *tmp, *vp_tmp;
int type;
char *needobjclass = NULL;
type = SM_LDAP_ATTR_NONE;
for (i = 0; lmap->ldap_attr[i] != NULL; i++)
{
if (sm_strcasecmp(lmap->ldap_attr[i],
attr) == 0)
{
type = lmap->ldap_attr_type[i];
needobjclass = lmap->ldap_attr_needobjclass[i];
break;
}
}
if (bitset(SM_LDAP_USE_ALLATTR, flags) &&
type == SM_LDAP_ATTR_NONE)
{
/* URL lookups specify attrs to use */
type = SM_LDAP_ATTR_NORMAL;
needobjclass = NULL;
}
if (type == SM_LDAP_ATTR_NONE)
{
/* attribute not requested */
ldap_memfree(attr);
SM_LDAP_ERROR_CLEANUP();
errno = EFAULT;
return EX_SOFTWARE;
}
/*
** For recursion on a particular attribute,
** we may need to see if this entry is
** part of a particular objectclass.
** Also, ignore objectClass attribute.
** Otherwise we just ignore this attribute.
*/
if (type == SM_LDAP_ATTR_OBJCLASS ||
(needobjclass != NULL &&
!sm_ldap_has_objectclass(lmap, entry,
needobjclass)))
{
ldap_memfree(attr);
continue;
}
if (lmap->ldap_attrsonly == LDAPMAP_FALSE)
{
vals = ldap_get_values(lmap->ldap_ld,
entry,
attr);
if (vals == NULL)
{
save_errno = sm_ldap_geterrno(lmap->ldap_ld);
if (save_errno == LDAP_SUCCESS)
{
ldap_memfree(attr);
continue;
}
/* Must be an error */
save_errno += E_LDAPBASE;
ldap_memfree(attr);
SM_LDAP_ERROR_CLEANUP();
errno = save_errno;
return EX_TEMPFAIL;
}
}
statp = EX_OK;
# if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
/*
** Reset value to prevent lingering
** LDAP_DECODING_ERROR due to
** OpenLDAP 1.X's hack (see below)
*/
lmap->ldap_ld->ld_errno = LDAP_SUCCESS;
# endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */
/*
** If matching only,
** no need to spin through entries
*/
if (bitset(SM_LDAP_MATCHONLY, flags))
{
if (lmap->ldap_attrsonly == LDAPMAP_FALSE)
ldap_value_free(vals);
ldap_memfree(attr);
continue;
}
/*
** If we don't want multiple values,
** return first found.
*/
if ((char) delim == '\0')
{
if (*result != NULL)
{
/* already have a value */
if (bitset(SM_LDAP_SINGLEMATCH,
flags))
{
/* only wanted one match */
SM_LDAP_ERROR_CLEANUP();
errno = ENOENT;
return EX_NOTFOUND;
}
break;
}
if (lmap->ldap_attrsonly == LDAPMAP_TRUE)
{
*result = sm_rpool_strdup_x(rpool,
attr);
ldap_memfree(attr);
break;
}
if (vals[0] == NULL)
{
ldap_value_free(vals);
ldap_memfree(attr);
continue;
}
vsize = strlen(vals[0]) + 1;
if (lmap->ldap_attrsep != '\0')
vsize += strlen(attr) + 1;
*result = sm_rpool_malloc_x(rpool,
vsize);
if (lmap->ldap_attrsep != '\0')
sm_snprintf(*result, vsize,
"%s%c%s",
attr,
lmap->ldap_attrsep,
vals[0]);
else
sm_strlcpy(*result, vals[0],
vsize);
ldap_value_free(vals);
ldap_memfree(attr);
break;
}
/* attributes only */
if (lmap->ldap_attrsonly == LDAPMAP_TRUE)
{
if (*result == NULL)
*result = sm_rpool_strdup_x(rpool,
attr);
else
{
if (bitset(SM_LDAP_SINGLEMATCH,
flags) &&
*result != NULL)
{
/* only wanted one match */
SM_LDAP_ERROR_CLEANUP();
errno = ENOENT;
return EX_NOTFOUND;
}
vsize = strlen(*result) +
strlen(attr) + 2;
tmp = sm_rpool_malloc_x(rpool,
vsize);
(void) sm_snprintf(tmp,
vsize, "%s%c%s",
*result, (char) delim,
attr);
*result = tmp;
}
ldap_memfree(attr);
continue;
}
/*
** If there is more than one, munge then
** into a map_coldelim separated string.
** If we are recursing we may have an entry
** with no 'normal' values to put in the
** string.
** This is not an error.
*/
if (type == SM_LDAP_ATTR_NORMAL &&
bitset(SM_LDAP_SINGLEMATCH, flags) &&
*result != NULL)
{
/* only wanted one match */
SM_LDAP_ERROR_CLEANUP();
errno = ENOENT;
return EX_NOTFOUND;
}
vsize = 0;
for (i = 0; vals[i] != NULL; i++)
{
if (type == SM_LDAP_ATTR_DN ||
type == SM_LDAP_ATTR_FILTER ||
type == SM_LDAP_ATTR_URL)
{
/* add to recursion */
if (sm_ldap_add_recurse(&recurse,
vals[i],
type,
rpool) == NULL)
{
SM_LDAP_ERROR_CLEANUP();
errno = ENOMEM;
return EX_OSERR;
}
continue;
}
vsize += strlen(vals[i]) + 1;
if (lmap->ldap_attrsep != '\0')
vsize += strlen(attr) + 1;
}
/*
** Create/Append to string any normal
** attribute values. Otherwise, just free
** memory and move on to the next
** attribute in this entry.
*/
if (type == SM_LDAP_ATTR_NORMAL && vsize > 0)
{
char *pe;
/* Grow result string if needed */
if ((*resultln + vsize) >= *resultsz)
{
while ((*resultln + vsize) >= *resultsz)
{
if (*resultsz == 0)
*resultsz = 1024;
else
*resultsz *= 2;
}
vp_tmp = sm_rpool_malloc_x(rpool, *resultsz);
*vp_tmp = '\0';
if (*result != NULL)
sm_strlcpy(vp_tmp,
*result,
*resultsz);
*result = vp_tmp;
}
p = *result + *resultln;
pe = *result + *resultsz;
for (i = 0; vals[i] != NULL; i++)
{
if (*resultln > 0 &&
p < pe)
*p++ = (char) delim;
if (lmap->ldap_attrsep != '\0')
{
p += sm_strlcpy(p, attr,
pe - p);
if (p < pe)
*p++ = lmap->ldap_attrsep;
}
p += sm_strlcpy(p, vals[i],
pe - p);
*resultln = p - (*result);
if (p >= pe)
{
/* Internal error: buffer too small for LDAP values */
SM_LDAP_ERROR_CLEANUP();
errno = ENOMEM;
return EX_OSERR;
}
}
}
ldap_value_free(vals);
ldap_memfree(attr);
}
save_errno = sm_ldap_geterrno(lmap->ldap_ld);
/*
** We check save_errno != LDAP_DECODING_ERROR since
** OpenLDAP 1.X has a very ugly *undocumented*
** hack of returning this error code from
** ldap_next_attribute() if the library freed the
** ber attribute. See:
** http://www.openldap.org/lists/openldap-devel/9901/msg00064.html
*/
if (save_errno != LDAP_SUCCESS &&
save_errno != LDAP_DECODING_ERROR)
{
/* Must be an error */
save_errno += E_LDAPBASE;
SM_LDAP_ERROR_CLEANUP();
errno = save_errno;
return EX_TEMPFAIL;
}
/* mark this DN as done */
rl->lr_done = true;
if (rl->lr_ludp != NULL)
{
ldap_free_urldesc(rl->lr_ludp);
rl->lr_ludp = NULL;
}
if (rl->lr_attrs != NULL)
{
free(rl->lr_attrs);
rl->lr_attrs = NULL;
}
/* We don't want multiple values and we have one */
if ((char) delim == '\0' &&
!bitset(SM_LDAP_SINGLEMATCH, flags) &&
*result != NULL)
break;
}
save_errno = sm_ldap_geterrno(lmap->ldap_ld);
if (save_errno != LDAP_SUCCESS &&
save_errno != LDAP_DECODING_ERROR)
{
/* Must be an error */
save_errno += E_LDAPBASE;
SM_LDAP_ERROR_CLEANUP();
errno = save_errno;
return EX_TEMPFAIL;
}
ldap_msgfree(lmap->ldap_res);
lmap->ldap_res = NULL;
}
if (ret == 0)
save_errno = ETIMEDOUT;
else if (ret == LDAP_RES_SEARCH_RESULT)
{
/*
** We may have gotten an LDAP_RES_SEARCH_RESULT response
** with an error inside it, so we have to extract that
** with ldap_parse_result(). This can happen when talking
** to an LDAP proxy whose backend has gone down.
*/
if (lmap->ldap_res == NULL)
save_errno = LDAP_UNAVAILABLE;
else
{
int rc;
save_errno = ldap_parse_result(lmap->ldap_ld,
lmap->ldap_res, &rc, NULL, NULL,
NULL, NULL, 0);
if (save_errno == LDAP_SUCCESS)
save_errno = rc;
}
}
else
save_errno = sm_ldap_geterrno(lmap->ldap_ld);
if (save_errno != LDAP_SUCCESS)
{
statp = EX_TEMPFAIL;
switch (save_errno)
{
#ifdef LDAP_SERVER_DOWN
case LDAP_SERVER_DOWN:
#endif /* LDAP_SERVER_DOWN */
case LDAP_TIMEOUT:
case ETIMEDOUT:
case LDAP_UNAVAILABLE:
/*
** server disappeared,
** try reopen on next search
*/
statp = EX_RESTART;
break;
}
if (ret != 0)
save_errno += E_LDAPBASE;
SM_LDAP_ERROR_CLEANUP();
errno = save_errno;
return statp;
}
if (lmap->ldap_res != NULL)
{
ldap_msgfree(lmap->ldap_res);
lmap->ldap_res = NULL;
}
if (toplevel)
{
int rlidx;
/*
** Spin through the built-up recurse list at the top
** of the recursion. Since new items are added at the
** end of the shared list, we actually only ever get
** one level of recursion before things pop back to the
** top. Any items added to the list during that recursion
** will be expanded by the top level.
*/
for (rlidx = 0; recurse != NULL && rlidx < recurse->lrl_cnt;
rlidx++)
{
int newflags;
int sid;
int status;
rl = recurse->lrl_data[rlidx];
newflags = flags;
if (rl->lr_done)
{
/* already expanded */
continue;
}
if (rl->lr_type == SM_LDAP_ATTR_DN)
{
/* do DN search */
sid = ldap_search(lmap->ldap_ld,
rl->lr_search,
lmap->ldap_scope,
"(objectClass=*)",
(lmap->ldap_attr[0] == NULL ?
NULL : lmap->ldap_attr),
lmap->ldap_attrsonly);
}
else if (rl->lr_type == SM_LDAP_ATTR_FILTER)
{
/* do new search */
sid = ldap_search(lmap->ldap_ld,
lmap->ldap_base,
lmap->ldap_scope,
rl->lr_search,
(lmap->ldap_attr[0] == NULL ?
NULL : lmap->ldap_attr),
lmap->ldap_attrsonly);
}
else if (rl->lr_type == SM_LDAP_ATTR_URL)
{
/* Parse URL */
sid = ldap_url_parse(rl->lr_search,
&rl->lr_ludp);
if (sid != 0)
{
errno = sid + E_LDAPURLBASE;
return EX_TEMPFAIL;
}
/* We need to add objectClass */
if (rl->lr_ludp->lud_attrs != NULL)
{
int attrnum = 0;
while (rl->lr_ludp->lud_attrs[attrnum] != NULL)
{
if (strcasecmp(rl->lr_ludp->lud_attrs[attrnum],
"objectClass") == 0)
{
/* already requested */
attrnum = -1;
break;
}
attrnum++;
}
if (attrnum >= 0)
{
int i;
rl->lr_attrs = (char **)malloc(sizeof(char *) * (attrnum + 2));
if (rl->lr_attrs == NULL)
{
save_errno = errno;
ldap_free_urldesc(rl->lr_ludp);
errno = save_errno;
return EX_TEMPFAIL;
}
for (i = 0 ; i < attrnum; i++)
{
rl->lr_attrs[i] = rl->lr_ludp->lud_attrs[i];
}
rl->lr_attrs[i++] = "objectClass";
rl->lr_attrs[i++] = NULL;
}
}
/*
** Use the existing connection
** for this search. It really
** should use lud_scheme://lud_host:lud_port/
** instead but that would require
** opening a new connection.
** This should be fixed ASAP.
*/
sid = ldap_search(lmap->ldap_ld,
rl->lr_ludp->lud_dn,
rl->lr_ludp->lud_scope,
rl->lr_ludp->lud_filter,
rl->lr_attrs,
lmap->ldap_attrsonly);
/* Use the attributes specified by URL */
newflags |= SM_LDAP_USE_ALLATTR;
}
else
{
/* unknown or illegal attribute type */
errno = EFAULT;
return EX_SOFTWARE;
}
/* Collect results */
if (sid == -1)
{
save_errno = sm_ldap_geterrno(lmap->ldap_ld);
statp = EX_TEMPFAIL;
switch (save_errno)
{
#ifdef LDAP_SERVER_DOWN
case LDAP_SERVER_DOWN:
#endif /* LDAP_SERVER_DOWN */
case LDAP_TIMEOUT:
case ETIMEDOUT:
case LDAP_UNAVAILABLE:
/*
** server disappeared,
** try reopen on next search
*/
statp = EX_RESTART;
break;
}
errno = save_errno + E_LDAPBASE;
return statp;
}
status = sm_ldap_results(lmap, sid, newflags, delim,
rpool, result, resultln,
resultsz, recurse);
save_errno = errno;
if (status != EX_OK && status != EX_NOTFOUND)
{
errno = save_errno;
return status;
}
/* Mark as done */
rl->lr_done = true;
if (rl->lr_ludp != NULL)
{
ldap_free_urldesc(rl->lr_ludp);
rl->lr_ludp = NULL;
}
if (rl->lr_attrs != NULL)
{
free(rl->lr_attrs);
rl->lr_attrs = NULL;
}
/* Reset rlidx as new items may have been added */
rlidx = -1;
}
}
return statp;
}
/*
** SM_LDAP_CLOSE -- close LDAP connection
**
** Parameters:
** lmap -- LDAP map information
**
** Returns:
** None.
**
*/
void
sm_ldap_close(lmap)
SM_LDAP_STRUCT *lmap;
{
if (lmap->ldap_ld == NULL)
return;
if (lmap->ldap_pid == getpid())
ldap_unbind(lmap->ldap_ld);
lmap->ldap_ld = NULL;
lmap->ldap_pid = 0;
}
-
-/*
-** SM_LDAP_SETOPTS -- set LDAP options
-**
-** Parameters:
-** ld -- LDAP session handle
-** lmap -- LDAP map information
-**
-** Returns:
-** None.
-**
-*/
-
-void
-sm_ldap_setopts(ld, lmap)
- LDAP *ld;
- SM_LDAP_STRUCT *lmap;
-{
-# if USE_LDAP_SET_OPTION
- if (lmap->ldap_version != 0)
- {
- ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
- &lmap->ldap_version);
- }
- ldap_set_option(ld, LDAP_OPT_DEREF, &lmap->ldap_deref);
- if (bitset(LDAP_OPT_REFERRALS, lmap->ldap_options))
- ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON);
- else
- ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
- ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->ldap_sizelimit);
- ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->ldap_timelimit);
-# if _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT)
- if (lmap->ldap_networktmo > 0)
- {
- struct timeval tmo;
-
- tmo.tv_sec = lmap->ldap_networktmo;
- tmo.tv_usec = 0;
- ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tmo);
- }
-# endif /* _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */
-# ifdef LDAP_OPT_RESTART
- ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON);
-# endif /* LDAP_OPT_RESTART */
-# else /* USE_LDAP_SET_OPTION */
- /* From here on in we can use ldap internal timelimits */
- ld->ld_deref = lmap->ldap_deref;
- ld->ld_options = lmap->ldap_options;
- ld->ld_sizelimit = lmap->ldap_sizelimit;
- ld->ld_timelimit = lmap->ldap_timelimit;
-# endif /* USE_LDAP_SET_OPTION */
-}
-
/*
** SM_LDAP_GETERRNO -- get ldap errno value
**
** Parameters:
** ld -- LDAP session handle
**
** Returns:
** LDAP errno.
**
*/
int
sm_ldap_geterrno(ld)
LDAP *ld;
{
int err = LDAP_SUCCESS;
# if defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3
- (void) ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &err);
-# else /* defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 */
+# ifdef LDAP_OPT_RESULT_CODE
+# define LDAP_GET_RESULT_CODE LDAP_OPT_RESULT_CODE
+# else
+# define LDAP_GET_RESULT_CODE LDAP_OPT_ERROR_NUMBER
+# endif
+ (void) ldap_get_option(ld, LDAP_GET_RESULT_CODE, &err);
+# else
# ifdef LDAP_OPT_SIZELIMIT
err = ldap_get_lderrno(ld, NULL, NULL);
-# else /* LDAP_OPT_SIZELIMIT */
+# else
err = ld->ld_errno;
/*
** Reset value to prevent lingering LDAP_DECODING_ERROR due to
** OpenLDAP 1.X's hack (see above)
*/
ld->ld_errno = LDAP_SUCCESS;
# endif /* LDAP_OPT_SIZELIMIT */
# endif /* defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 */
return err;
}
# endif /* LDAPMAP */
diff --git a/libsm/local.h b/libsm/local.h
index 304a52e292ce..0118d6169676 100644
--- a/libsm/local.h
+++ b/libsm/local.h
@@ -1,297 +1,297 @@
/*
* Copyright (c) 2000-2002, 2004-2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: local.h,v 1.59 2013-11-22 20:51:43 ca Exp $
*/
/*
** Information local to this implementation of stdio,
** in particular, macros and private variables.
*/
#include <sm/time.h>
#include <sm/fdset.h>
#if !SM_CONF_MEMCHR
# include <memory.h>
-#endif /* !SM_CONF_MEMCHR */
+#endif
#include <sm/heap.h>
int sm_flush __P((SM_FILE_T *, int *));
SM_FILE_T *smfp __P((void));
int sm_refill __P((SM_FILE_T *, int));
void sm_init __P((void));
void sm_cleanup __P((void));
void sm_makebuf __P((SM_FILE_T *));
int sm_whatbuf __P((SM_FILE_T *, size_t *, int *));
int sm_fwalk __P((int (*)(SM_FILE_T *, int *), int *));
int sm_wsetup __P((SM_FILE_T *));
int sm_flags __P((int));
SM_FILE_T *sm_fp __P((const SM_FILE_T *, const int, SM_FILE_T *));
int sm_vprintf __P((int, char const *, va_list));
/* std io functions */
ssize_t sm_stdread __P((SM_FILE_T *, char *, size_t));
ssize_t sm_stdwrite __P((SM_FILE_T *, char const *, size_t));
off_t sm_stdseek __P((SM_FILE_T *, off_t, int));
int sm_stdclose __P((SM_FILE_T *));
int sm_stdopen __P((SM_FILE_T *, const void *, int, const void *));
int sm_stdfdopen __P((SM_FILE_T *, const void *, int, const void *));
int sm_stdsetinfo __P((SM_FILE_T *, int , void *));
int sm_stdgetinfo __P((SM_FILE_T *, int , void *));
/* stdio io functions */
ssize_t sm_stdioread __P((SM_FILE_T *, char *, size_t));
ssize_t sm_stdiowrite __P((SM_FILE_T *, char const *, size_t));
off_t sm_stdioseek __P((SM_FILE_T *, off_t, int));
int sm_stdioclose __P((SM_FILE_T *));
int sm_stdioopen __P((SM_FILE_T *, const void *, int, const void *));
int sm_stdiosetinfo __P((SM_FILE_T *, int , void *));
int sm_stdiogetinfo __P((SM_FILE_T *, int , void *));
/* string io functions */
ssize_t sm_strread __P((SM_FILE_T *, char *, size_t));
ssize_t sm_strwrite __P((SM_FILE_T *, char const *, size_t));
off_t sm_strseek __P((SM_FILE_T *, off_t, int));
int sm_strclose __P((SM_FILE_T *));
int sm_stropen __P((SM_FILE_T *, const void *, int, const void *));
int sm_strsetinfo __P((SM_FILE_T *, int , void *));
int sm_strgetinfo __P((SM_FILE_T *, int , void *));
/* syslog io functions */
ssize_t sm_syslogread __P((SM_FILE_T *, char *, size_t));
ssize_t sm_syslogwrite __P((SM_FILE_T *, char const *, size_t));
off_t sm_syslogseek __P((SM_FILE_T *, off_t, int));
int sm_syslogclose __P((SM_FILE_T *));
int sm_syslogopen __P((SM_FILE_T *, const void *, int, const void *));
int sm_syslogsetinfo __P((SM_FILE_T *, int , void *));
int sm_sysloggetinfo __P((SM_FILE_T *, int , void *));
extern bool Sm_IO_DidInit;
/* Return true iff the given SM_FILE_T cannot be written now. */
#define cantwrite(fp) \
((((fp)->f_flags & SMWR) == 0 || (fp)->f_bf.smb_base == NULL) && \
sm_wsetup(fp))
/*
** Test whether the given stdio file has an active ungetc buffer;
** release such a buffer, without restoring ordinary unread data.
*/
#define HASUB(fp) ((fp)->f_ub.smb_base != NULL)
#define FREEUB(fp) \
{ \
if ((fp)->f_ub.smb_base != (fp)->f_ubuf) \
sm_free((char *)(fp)->f_ub.smb_base); \
(fp)->f_ub.smb_base = NULL; \
}
extern const char SmFileMagic[];
#define SM_ALIGN(p) (((unsigned long)(p) + SM_ALIGN_BITS) & ~SM_ALIGN_BITS)
#define sm_io_flockfile(fp) ((void) 0)
#define sm_io_funlockfile(fp) ((void) 0)
int sm_flags __P((int));
#ifndef FDSET_CAST
# define FDSET_CAST /* empty cast for fd_set arg to select */
#endif
/*
** SM_CONVERT_TIME -- convert the API timeout flag for select() usage.
**
** This takes a 'fp' (a file type pointer) and obtains the "raw"
** file descriptor (fd) if possible. The 'fd' is needed to possibly
** switch the mode of the file (blocking/non-blocking) to match
** the type of timeout. If timeout is SM_TIME_FOREVER then the
** timeout using select won't be needed and the file is best placed
** in blocking mode. If there is to be a finite timeout then the file
** is best placed in non-blocking mode. Then, if not enough can be
** written, select() can be used to test when something can be written
** yet still timeout if the wait is too long.
** If the mode is already in the correct state we don't change it.
** Iff (yes "iff") the 'fd' is "-1" in value then the mode change
** will not happen. This situation arises when a late-binding-to-disk
** file type is in use. An example of this is the sendmail buffered
** file type (in sendmail/bf.c).
**
** Parameters
** fp -- the file pointer the timeout is for
** fd -- to become the file descriptor value from 'fp'
** val -- the timeout value to be converted
** time -- a struct timeval holding the converted value
**
** Returns
** nothing, this is flow-through code
**
** Side Effects:
** May or may not change the mode of a currently open file.
** The file mode may be changed to O_NONBLOCK or ~O_NONBLOCK
** (meaning block). This is done to best match the type of
** timeout and for (possible) use with select().
*/
# define SM_CONVERT_TIME(fp, fd, val, time) { \
if (((fd) = sm_io_getinfo(fp, SM_IO_WHAT_FD, NULL)) == -1) \
{ \
/* can't get an fd, likely internal 'fake' fp */ \
errno = 0; \
} \
if ((val) == SM_TIME_DEFAULT) \
(val) = (fp)->f_timeout; \
if ((val) == SM_TIME_IMMEDIATE || (val) == SM_TIME_FOREVER) \
{ \
(time)->tv_sec = 0; \
(time)->tv_usec = 0; \
} \
else \
{ \
(time)->tv_sec = (val) / 1000; \
(time)->tv_usec = ((val) - ((time)->tv_sec * 1000)) * 1000; \
} \
if ((val) == SM_TIME_FOREVER) \
{ \
if ((fp)->f_timeoutstate == SM_TIME_NONBLOCK && (fd) != -1) \
{ \
int ret; \
ret = fcntl((fd), F_GETFL, 0); \
if (ret == -1 || fcntl((fd), F_SETFL, \
ret & ~O_NONBLOCK) == -1) \
{ \
/* errno should be set */ \
return SM_IO_EOF; \
} \
(fp)->f_timeoutstate = SM_TIME_BLOCK; \
if ((fp)->f_modefp != NULL) \
(fp)->f_modefp->f_timeoutstate = SM_TIME_BLOCK; \
} \
} \
else { \
if ((fp)->f_timeoutstate == SM_TIME_BLOCK && (fd) != -1) \
{ \
int ret; \
ret = fcntl((fd), F_GETFL, 0); \
if (ret == -1 || fcntl((fd), F_SETFL, \
ret | O_NONBLOCK) == -1) \
{ \
/* errno should be set */ \
return SM_IO_EOF; \
} \
(fp)->f_timeoutstate = SM_TIME_NONBLOCK; \
if ((fp)->f_modefp != NULL) \
(fp)->f_modefp->f_timeoutstate = SM_TIME_NONBLOCK; \
} \
} \
}
/*
** SM_IO_WR_TIMEOUT -- setup the timeout for the write
**
** This #define uses a select() to wait for the 'fd' to become writable.
** The select() can be active for up to 'to' time. The select may not
** use all of the the 'to' time. Hence, the amount of "wall-clock" time is
** measured to decide how much to subtract from 'to' to update it. On some
** BSD-based/like systems the timeout for a select is updated for the
** amount of time used. On many/most systems this does not happen. Therefore
** the updating of 'to' must be done ourselves; a copy of 'to' is passed
** since a BSD-like system will have updated it and we don't want to
** double the time used!
** Note: if a valid 'fd' doesn't exist yet, don't use this (e.g. the
** sendmail buffered file type in sendmail/bf.c; see fvwrite.c).
**
** Parameters
** fd -- a file descriptor for doing select() with
** timeout -- the original user set value.
**
** Returns
** nothing, this is flow through code
**
** Side Effects:
** adjusts 'timeout' for time used
*/
#define SM_IO_WR_TIMEOUT(fp, fd, to) { \
struct timeval sm_io_to_before, sm_io_to_after, sm_io_to_diff; \
struct timeval sm_io_to; \
int sm_io_to_sel; \
fd_set sm_io_to_mask, sm_io_x_mask; \
errno = 0; \
if ((to) == SM_TIME_DEFAULT) \
(to) = (fp)->f_timeout; \
if ((to) == SM_TIME_IMMEDIATE) \
{ \
errno = EAGAIN; \
return SM_IO_EOF; \
} \
else if ((to) == SM_TIME_FOREVER) \
{ \
errno = EINVAL; \
return SM_IO_EOF; \
} \
else \
{ \
sm_io_to.tv_sec = (to) / 1000; \
sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 1000; \
} \
if (!SM_FD_OK_SELECT(fd)) \
{ \
errno = EINVAL; \
return SM_IO_EOF; \
} \
FD_ZERO(&sm_io_to_mask); \
FD_SET((fd), &sm_io_to_mask); \
FD_ZERO(&sm_io_x_mask); \
FD_SET((fd), &sm_io_x_mask); \
if (gettimeofday(&sm_io_to_before, NULL) < 0) \
return SM_IO_EOF; \
do \
{ \
sm_io_to_sel = select((fd) + 1, NULL, &sm_io_to_mask, \
&sm_io_x_mask, &sm_io_to); \
} while (sm_io_to_sel < 0 && errno == EINTR); \
if (sm_io_to_sel < 0) \
{ \
/* something went wrong, errno set */ \
return SM_IO_EOF; \
} \
else if (sm_io_to_sel == 0) \
{ \
/* timeout */ \
errno = EAGAIN; \
return SM_IO_EOF; \
} \
/* else loop again */ \
if (gettimeofday(&sm_io_to_after, NULL) < 0) \
return SM_IO_EOF; \
timersub(&sm_io_to_after, &sm_io_to_before, &sm_io_to_diff); \
(to) -= (sm_io_to_diff.tv_sec * 1000); \
(to) -= (sm_io_to_diff.tv_usec / 1000); \
if ((to) < 0) \
(to) = 0; \
}
/*
** If there is no 'fd' just error (we can't timeout). If the timeout
** is SM_TIME_FOREVER then there is no need to do a timeout with
** select since this will be a real error. If the error is not
** EAGAIN/EWOULDBLOCK (from a nonblocking) then it's a real error.
** Specify the condition here as macro so it can be used in several places.
*/
#define IS_IO_ERROR(fd, ret, to) \
((fd) < 0 || \
((ret) < 0 && errno != EAGAIN && errno != EWOULDBLOCK) || \
(to) == SM_TIME_FOREVER)
diff --git a/libsm/makebuf.c b/libsm/makebuf.c
index 8d05e68bcb9c..2542d2982d6a 100644
--- a/libsm/makebuf.c
+++ b/libsm/makebuf.c
@@ -1,154 +1,154 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: makebuf.c,v 1.27 2013-11-22 20:51:43 ca Exp $")
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sm/io.h>
#include <sm/heap.h>
#include <sm/conf.h>
#include "local.h"
/*
** SM_MAKEBUF -- make a buffer for the file
**
** Parameters:
** fp -- the file to be buffered
**
** Returns:
** nothing
**
** Allocate a file buffer, or switch to unbuffered I/O.
** By default tty devices default to line buffered.
*/
void
sm_makebuf(fp)
register SM_FILE_T *fp;
{
register void *p;
register int flags;
size_t size;
int couldbetty;
if (fp->f_flags & SMNBF)
{
fp->f_bf.smb_base = fp->f_p = fp->f_nbuf;
fp->f_bf.smb_size = 1;
return;
}
flags = sm_whatbuf(fp, &size, &couldbetty);
if ((p = sm_malloc(size)) == NULL)
{
fp->f_flags |= SMNBF;
fp->f_bf.smb_base = fp->f_p = fp->f_nbuf;
fp->f_bf.smb_size = 1;
return;
}
if (!Sm_IO_DidInit)
sm_init();
flags |= SMMBF;
fp->f_bf.smb_base = fp->f_p = p;
fp->f_bf.smb_size = size;
if (couldbetty && isatty(fp->f_file))
flags |= SMLBF;
fp->f_flags |= flags;
}
/*
** SM_WHATBUF -- determine proper buffer for a file (internal)
**
** Plus it fills in 'bufsize' for recommended buffer size and
** fills in flag to indicate if 'fp' could be a tty (nothing
** to do with "betty" :-) ).
**
** Parameters:
** fp -- file pointer to be buffered
** bufsize -- new buffer size (a return)
** couldbetty -- could be a tty (returns)
**
** Returns:
** Success:
** on error:
** SMNPT -- not seek opimized
** SMOPT -- seek opimized
*/
int
sm_whatbuf(fp, bufsize, couldbetty)
register SM_FILE_T *fp;
size_t *bufsize;
int *couldbetty;
{
struct stat st;
if (fp->f_file < 0 || fstat(fp->f_file, &st) < 0)
{
*couldbetty = 0;
*bufsize = SM_IO_BUFSIZ;
return SMNPT;
}
/* could be a tty iff it is a character device */
*couldbetty = S_ISCHR(st.st_mode);
if (st.st_blksize == 0)
{
*bufsize = SM_IO_BUFSIZ;
return SMNPT;
}
#if SM_IO_MAX_BUF_FILE > 0
if (S_ISREG(st.st_mode) && st.st_blksize > SM_IO_MAX_BUF_FILE)
st.st_blksize = SM_IO_MAX_BUF_FILE;
-#endif /* SM_IO_MAX_BUF_FILE > 0 */
+#endif
#if SM_IO_MAX_BUF > 0 || SM_IO_MIN_BUF > 0
if (!S_ISREG(st.st_mode))
{
# if SM_IO_MAX_BUF > 0
if (st.st_blksize > SM_IO_MAX_BUF)
st.st_blksize = SM_IO_MAX_BUF;
# if SM_IO_MIN_BUF > 0
else
# endif /* SM_IO_MIN_BUF > 0 */
# endif /* SM_IO_MAX_BUF > 0 */
# if SM_IO_MIN_BUF > 0
if (st.st_blksize < SM_IO_MIN_BUF)
st.st_blksize = SM_IO_MIN_BUF;
-# endif /* SM_IO_MIN_BUF > 0 */
+# endif
}
#endif /* SM_IO_MAX_BUF > 0 || SM_IO_MIN_BUF > 0 */
/*
** Optimise fseek() only if it is a regular file. (The test for
** sm_std_seek is mainly paranoia.) It is safe to set _blksize
** unconditionally; it will only be used if SMOPT is also set.
*/
if ((fp->f_flags & SMSTR) == 0)
{
*bufsize = st.st_blksize;
fp->f_blksize = st.st_blksize;
}
else
*bufsize = SM_IO_BUFSIZ;
if ((st.st_mode & S_IFMT) == S_IFREG &&
fp->f_seek == sm_stdseek)
return SMOPT;
else
return SMNPT;
}
diff --git a/libsm/mbdb.c b/libsm/mbdb.c
index 3d7426cd5315..ff2d3d8150fa 100644
--- a/libsm/mbdb.c
+++ b/libsm/mbdb.c
@@ -1,780 +1,780 @@
/*
* Copyright (c) 2001-2003,2009 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: mbdb.c,v 1.43 2014-01-08 17:03:15 ca Exp $")
#include <sys/param.h>
#include <ctype.h>
#include <errno.h>
#include <pwd.h>
#include <stdlib.h>
#include <setjmp.h>
#include <unistd.h>
#include <sm/limits.h>
#include <sm/conf.h>
#include <sm/assert.h>
#include <sm/bitops.h>
#include <sm/errstring.h>
#include <sm/heap.h>
#include <sm/mbdb.h>
#include <sm/string.h>
# ifdef EX_OK
# undef EX_OK /* for SVr4.2 SMP */
-# endif /* EX_OK */
+# endif
#include <sm/sysexits.h>
#if LDAPMAP
# if _LDAP_EXAMPLE_
# include <sm/ldap.h>
-# endif /* _LDAP_EXAMPLE_ */
+# endif
#endif /* LDAPMAP */
typedef struct
{
char *mbdb_typename;
int (*mbdb_initialize) __P((char *));
int (*mbdb_lookup) __P((char *name, SM_MBDB_T *user));
void (*mbdb_terminate) __P((void));
} SM_MBDB_TYPE_T;
static int mbdb_pw_initialize __P((char *));
static int mbdb_pw_lookup __P((char *name, SM_MBDB_T *user));
static void mbdb_pw_terminate __P((void));
#if LDAPMAP
# if _LDAP_EXAMPLE_
static struct sm_ldap_struct LDAPLMAP;
static int mbdb_ldap_initialize __P((char *));
static int mbdb_ldap_lookup __P((char *name, SM_MBDB_T *user));
static void mbdb_ldap_terminate __P((void));
# endif /* _LDAP_EXAMPLE_ */
#endif /* LDAPMAP */
static SM_MBDB_TYPE_T SmMbdbTypes[] =
{
{ "pw", mbdb_pw_initialize, mbdb_pw_lookup, mbdb_pw_terminate },
#if LDAPMAP
# if _LDAP_EXAMPLE_
{ "ldap", mbdb_ldap_initialize, mbdb_ldap_lookup, mbdb_ldap_terminate },
-# endif /* _LDAP_EXAMPLE_ */
+# endif
#endif /* LDAPMAP */
{ NULL, NULL, NULL, NULL }
};
static SM_MBDB_TYPE_T *SmMbdbType = &SmMbdbTypes[0];
/*
** SM_MBDB_INITIALIZE -- specify which mailbox database to use
**
** If this function is not called, then the "pw" implementation
** is used by default; this implementation uses getpwnam().
**
** Parameters:
** mbdb -- Which mailbox database to use.
** The argument has the form "name" or "name.arg".
** "pw" means use getpwnam().
**
** Results:
** EX_OK on success, or an EX_* code on failure.
*/
int
sm_mbdb_initialize(mbdb)
char *mbdb;
{
size_t namelen;
int err;
char *name;
char *arg;
SM_MBDB_TYPE_T *t;
SM_REQUIRE(mbdb != NULL);
name = mbdb;
arg = strchr(mbdb, '.');
if (arg == NULL)
namelen = strlen(name);
else
{
namelen = arg - name;
++arg;
}
for (t = SmMbdbTypes; t->mbdb_typename != NULL; ++t)
{
if (strlen(t->mbdb_typename) == namelen &&
strncmp(name, t->mbdb_typename, namelen) == 0)
{
err = EX_OK;
if (t->mbdb_initialize != NULL)
err = t->mbdb_initialize(arg);
if (err == EX_OK)
SmMbdbType = t;
return err;
}
}
return EX_UNAVAILABLE;
}
/*
** SM_MBDB_TERMINATE -- terminate connection to the mailbox database
**
** Because this function closes any cached file descriptors that
** are being held open for the connection to the mailbox database,
** it should be called for security reasons prior to dropping privileges
** and execing another process.
**
** Parameters:
** none.
**
** Results:
** none.
*/
void
sm_mbdb_terminate()
{
if (SmMbdbType->mbdb_terminate != NULL)
SmMbdbType->mbdb_terminate();
}
/*
** SM_MBDB_LOOKUP -- look up a local mail recipient, given name
**
** Parameters:
** name -- name of local mail recipient
** user -- pointer to structure to fill in on success
**
** Results:
** On success, fill in *user and return EX_OK.
** If the user does not exist, return EX_NOUSER.
** If a temporary failure (eg, a network failure) occurred,
** return EX_TEMPFAIL. Otherwise return EX_OSERR.
*/
int
sm_mbdb_lookup(name, user)
char *name;
SM_MBDB_T *user;
{
int ret = EX_NOUSER;
if (SmMbdbType->mbdb_lookup != NULL)
ret = SmMbdbType->mbdb_lookup(name, user);
return ret;
}
/*
** SM_MBDB_FROMPW -- copy from struct pw to SM_MBDB_T
**
** Parameters:
** user -- destination user information structure
** pw -- source passwd structure
**
** Results:
** none.
*/
void
sm_mbdb_frompw(user, pw)
SM_MBDB_T *user;
struct passwd *pw;
{
SM_REQUIRE(user != NULL);
(void) sm_strlcpy(user->mbdb_name, pw->pw_name,
sizeof(user->mbdb_name));
user->mbdb_uid = pw->pw_uid;
user->mbdb_gid = pw->pw_gid;
sm_pwfullname(pw->pw_gecos, pw->pw_name, user->mbdb_fullname,
sizeof(user->mbdb_fullname));
(void) sm_strlcpy(user->mbdb_homedir, pw->pw_dir,
sizeof(user->mbdb_homedir));
(void) sm_strlcpy(user->mbdb_shell, pw->pw_shell,
sizeof(user->mbdb_shell));
}
/*
** SM_PWFULLNAME -- build full name of user from pw_gecos field.
**
** This routine interprets the strange entry that would appear
** in the GECOS field of the password file.
**
** Parameters:
** gecos -- name to build.
** user -- the login name of this user (for &).
** buf -- place to put the result.
** buflen -- length of buf.
**
** Returns:
** none.
*/
#if _FFR_HANDLE_ISO8859_GECOS
static char Latin1ToASCII[128] =
{
32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 33,
99, 80, 36, 89, 124, 36, 34, 99, 97, 60, 45, 45, 114, 45, 111, 42,
50, 51, 39, 117, 80, 46, 44, 49, 111, 62, 42, 42, 42, 63, 65, 65,
65, 65, 65, 65, 65, 67, 69, 69, 69, 69, 73, 73, 73, 73, 68, 78, 79,
79, 79, 79, 79, 88, 79, 85, 85, 85, 85, 89, 80, 66, 97, 97, 97, 97,
97, 97, 97, 99, 101, 101, 101, 101, 105, 105, 105, 105, 100, 110,
111, 111, 111, 111, 111, 47, 111, 117, 117, 117, 117, 121, 112, 121
};
#endif /* _FFR_HANDLE_ISO8859_GECOS */
void
sm_pwfullname(gecos, user, buf, buflen)
register char *gecos;
char *user;
char *buf;
size_t buflen;
{
register char *p;
register char *bp = buf;
if (*gecos == '*')
gecos++;
/* copy gecos, interpolating & to be full name */
for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++)
{
if (bp >= &buf[buflen - 1])
{
/* buffer overflow -- just use login name */
(void) sm_strlcpy(buf, user, buflen);
return;
}
if (*p == '&')
{
/* interpolate full name */
(void) sm_strlcpy(bp, user, buflen - (bp - buf));
*bp = toupper(*bp);
bp += strlen(bp);
}
else
{
#if _FFR_HANDLE_ISO8859_GECOS
if ((unsigned char) *p >= 128)
*bp++ = Latin1ToASCII[(unsigned char) *p - 128];
else
-#endif /* _FFR_HANDLE_ISO8859_GECOS */
+#endif
*bp++ = *p;
}
}
*bp = '\0';
}
/*
** /etc/passwd implementation.
*/
/*
** MBDB_PW_INITIALIZE -- initialize getpwnam() version
**
** Parameters:
** arg -- unused.
**
** Results:
** EX_OK.
*/
/* ARGSUSED0 */
static int
mbdb_pw_initialize(arg)
char *arg;
{
return EX_OK;
}
/*
** MBDB_PW_LOOKUP -- look up a local mail recipient, given name
**
** Parameters:
** name -- name of local mail recipient
** user -- pointer to structure to fill in on success
**
** Results:
** On success, fill in *user and return EX_OK.
** Failure: EX_NOUSER.
*/
static int
mbdb_pw_lookup(name, user)
char *name;
SM_MBDB_T *user;
{
struct passwd *pw;
#if HESIOD && !HESIOD_ALLOW_NUMERIC_LOGIN
/* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
{
char *p;
for (p = name; *p != '\0'; p++)
if (!isascii(*p) || !isdigit(*p))
break;
if (*p == '\0')
return EX_NOUSER;
}
#endif /* HESIOD && !HESIOD_ALLOW_NUMERIC_LOGIN */
errno = 0;
pw = getpwnam(name);
if (pw == NULL)
{
#if _FFR_USE_GETPWNAM_ERRNO
/*
** Only enable this code iff
** user unknown <-> getpwnam() == NULL && errno == 0
** (i.e., errno unchanged); see the POSIX spec.
*/
if (errno != 0)
return EX_TEMPFAIL;
#endif /* _FFR_USE_GETPWNAM_ERRNO */
return EX_NOUSER;
}
sm_mbdb_frompw(user, pw);
return EX_OK;
}
/*
** MBDB_PW_TERMINATE -- terminate connection to the mailbox database
**
** Parameters:
** none.
**
** Results:
** none.
*/
static void
mbdb_pw_terminate()
{
endpwent();
}
#if LDAPMAP
# if _LDAP_EXAMPLE_
/*
** LDAP example implementation based on RFC 2307, "An Approach for Using
** LDAP as a Network Information Service":
**
** ( nisSchema.1.0 NAME 'uidNumber'
** DESC 'An integer uniquely identifying a user in an
** administrative domain'
** EQUALITY integerMatch SYNTAX 'INTEGER' SINGLE-VALUE )
**
** ( nisSchema.1.1 NAME 'gidNumber'
** DESC 'An integer uniquely identifying a group in an
** administrative domain'
** EQUALITY integerMatch SYNTAX 'INTEGER' SINGLE-VALUE )
**
** ( nisSchema.1.2 NAME 'gecos'
** DESC 'The GECOS field; the common name'
** EQUALITY caseIgnoreIA5Match
** SUBSTRINGS caseIgnoreIA5SubstringsMatch
** SYNTAX 'IA5String' SINGLE-VALUE )
**
** ( nisSchema.1.3 NAME 'homeDirectory'
** DESC 'The absolute path to the home directory'
** EQUALITY caseExactIA5Match
** SYNTAX 'IA5String' SINGLE-VALUE )
**
** ( nisSchema.1.4 NAME 'loginShell'
** DESC 'The path to the login shell'
** EQUALITY caseExactIA5Match
** SYNTAX 'IA5String' SINGLE-VALUE )
**
** ( nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY
** DESC 'Abstraction of an account with POSIX attributes'
** MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
** MAY ( userPassword $ loginShell $ gecos $ description ) )
**
*/
# define MBDB_LDAP_LABEL "MailboxDatabase"
# ifndef MBDB_LDAP_FILTER
# define MBDB_LDAP_FILTER "(&(objectClass=posixAccount)(uid=%0))"
-# endif /* MBDB_LDAP_FILTER */
+# endif
# ifndef MBDB_DEFAULT_LDAP_BASEDN
# define MBDB_DEFAULT_LDAP_BASEDN NULL
-# endif /* MBDB_DEFAULT_LDAP_BASEDN */
+# endif
# ifndef MBDB_DEFAULT_LDAP_SERVER
# define MBDB_DEFAULT_LDAP_SERVER NULL
-# endif /* MBDB_DEFAULT_LDAP_SERVER */
+# endif
/*
** MBDB_LDAP_INITIALIZE -- initialize LDAP version
**
** Parameters:
** arg -- LDAP specification
**
** Results:
** EX_OK on success, or an EX_* code on failure.
*/
static int
mbdb_ldap_initialize(arg)
char *arg;
{
sm_ldap_clear(&LDAPLMAP);
LDAPLMAP.ldap_base = MBDB_DEFAULT_LDAP_BASEDN;
LDAPLMAP.ldap_host = MBDB_DEFAULT_LDAP_SERVER;
LDAPLMAP.ldap_filter = MBDB_LDAP_FILTER;
/* Only want one match */
LDAPLMAP.ldap_sizelimit = 1;
/* interpolate new ldap_base and ldap_host from arg if given */
if (arg != NULL && *arg != '\0')
{
char *new;
char *sep;
size_t len;
len = strlen(arg) + 1;
new = sm_malloc(len);
if (new == NULL)
return EX_TEMPFAIL;
(void) sm_strlcpy(new, arg, len);
sep = strrchr(new, '@');
if (sep != NULL)
{
*sep++ = '\0';
LDAPLMAP.ldap_host = sep;
}
LDAPLMAP.ldap_base = new;
}
return EX_OK;
}
/*
** MBDB_LDAP_LOOKUP -- look up a local mail recipient, given name
**
** Parameters:
** name -- name of local mail recipient
** user -- pointer to structure to fill in on success
**
** Results:
** On success, fill in *user and return EX_OK.
** Failure: EX_NOUSER.
*/
#define NEED_FULLNAME 0x01
#define NEED_HOMEDIR 0x02
#define NEED_SHELL 0x04
#define NEED_UID 0x08
#define NEED_GID 0x10
static int
mbdb_ldap_lookup(name, user)
char *name;
SM_MBDB_T *user;
{
int msgid;
int need;
int ret;
int save_errno;
LDAPMessage *entry;
BerElement *ber;
char *attr = NULL;
if (strlen(name) >= sizeof(user->mbdb_name))
{
errno = EINVAL;
return EX_NOUSER;
}
if (LDAPLMAP.ldap_filter == NULL)
{
/* map not initialized, but don't have arg here */
errno = EFAULT;
return EX_TEMPFAIL;
}
if (LDAPLMAP.ldap_pid != getpid())
{
/* re-open map in this child process */
LDAPLMAP.ldap_ld = NULL;
}
if (LDAPLMAP.ldap_ld == NULL)
{
/* map not open, try to open now */
if (!sm_ldap_start(MBDB_LDAP_LABEL, &LDAPLMAP))
return EX_TEMPFAIL;
}
sm_ldap_setopts(LDAPLMAP.ldap_ld, &LDAPLMAP);
msgid = sm_ldap_search(&LDAPLMAP, name);
if (msgid == -1)
{
save_errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld) + E_LDAPBASE;
# ifdef LDAP_SERVER_DOWN
if (errno == LDAP_SERVER_DOWN)
{
/* server disappeared, try reopen on next search */
sm_ldap_close(&LDAPLMAP);
}
# endif /* LDAP_SERVER_DOWN */
errno = save_errno;
return EX_TEMPFAIL;
}
/* Get results */
ret = ldap_result(LDAPLMAP.ldap_ld, msgid, 1,
(LDAPLMAP.ldap_timeout.tv_sec == 0 ? NULL :
&(LDAPLMAP.ldap_timeout)),
&(LDAPLMAP.ldap_res));
if (ret != LDAP_RES_SEARCH_RESULT &&
ret != LDAP_RES_SEARCH_ENTRY)
{
if (ret == 0)
errno = ETIMEDOUT;
else
errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);
ret = EX_TEMPFAIL;
goto abort;
}
entry = ldap_first_entry(LDAPLMAP.ldap_ld, LDAPLMAP.ldap_res);
if (entry == NULL)
{
int rc;
- /*
+ /*
** We may have gotten an LDAP_RES_SEARCH_RESULT response
** with an error inside it, so we have to extract that
** with ldap_parse_result(). This can happen when talking
** to an LDAP proxy whose backend has gone down.
*/
save_errno = ldap_parse_result(LDAPLMAP.ldap_ld,
LDAPLMAP.ldap_res, &rc, NULL,
NULL, NULL, NULL, 0);
if (save_errno == LDAP_SUCCESS)
save_errno = rc;
if (save_errno == LDAP_SUCCESS)
{
errno = ENOENT;
ret = EX_NOUSER;
}
else
{
errno = save_errno;
ret = EX_TEMPFAIL;
}
goto abort;
}
# if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
/*
** Reset value to prevent lingering
** LDAP_DECODING_ERROR due to
** OpenLDAP 1.X's hack (see below)
*/
LDAPLMAP.ldap_ld->ld_errno = LDAP_SUCCESS;
# endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */
ret = EX_OK;
need = NEED_FULLNAME|NEED_HOMEDIR|NEED_SHELL|NEED_UID|NEED_GID;
for (attr = ldap_first_attribute(LDAPLMAP.ldap_ld, entry, &ber);
attr != NULL;
attr = ldap_next_attribute(LDAPLMAP.ldap_ld, entry, ber))
{
char **vals;
vals = ldap_get_values(LDAPLMAP.ldap_ld, entry, attr);
if (vals == NULL)
{
errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);
if (errno == LDAP_SUCCESS)
{
ldap_memfree(attr);
continue;
}
/* Must be an error */
errno += E_LDAPBASE;
ret = EX_TEMPFAIL;
goto abort;
}
# if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT)
/*
** Reset value to prevent lingering
** LDAP_DECODING_ERROR due to
** OpenLDAP 1.X's hack (see below)
*/
LDAPLMAP.ldap_ld->ld_errno = LDAP_SUCCESS;
# endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */
if (vals[0] == NULL || vals[0][0] == '\0')
goto skip;
if (strcasecmp(attr, "gecos") == 0)
{
if (!bitset(NEED_FULLNAME, need) ||
strlen(vals[0]) >= sizeof(user->mbdb_fullname))
goto skip;
sm_pwfullname(vals[0], name, user->mbdb_fullname,
sizeof(user->mbdb_fullname));
need &= ~NEED_FULLNAME;
}
else if (strcasecmp(attr, "homeDirectory") == 0)
{
if (!bitset(NEED_HOMEDIR, need) ||
strlen(vals[0]) >= sizeof(user->mbdb_homedir))
goto skip;
(void) sm_strlcpy(user->mbdb_homedir, vals[0],
sizeof(user->mbdb_homedir));
need &= ~NEED_HOMEDIR;
}
else if (strcasecmp(attr, "loginShell") == 0)
{
if (!bitset(NEED_SHELL, need) ||
strlen(vals[0]) >= sizeof(user->mbdb_shell))
goto skip;
(void) sm_strlcpy(user->mbdb_shell, vals[0],
sizeof(user->mbdb_shell));
need &= ~NEED_SHELL;
}
else if (strcasecmp(attr, "uidNumber") == 0)
{
char *p;
if (!bitset(NEED_UID, need))
goto skip;
for (p = vals[0]; *p != '\0'; p++)
{
/* allow negative numbers */
if (p == vals[0] && *p == '-')
{
/* but not simply '-' */
if (*(p + 1) == '\0')
goto skip;
}
else if (!isascii(*p) || !isdigit(*p))
goto skip;
}
user->mbdb_uid = atoi(vals[0]);
need &= ~NEED_UID;
}
else if (strcasecmp(attr, "gidNumber") == 0)
{
char *p;
if (!bitset(NEED_GID, need))
goto skip;
for (p = vals[0]; *p != '\0'; p++)
{
/* allow negative numbers */
if (p == vals[0] && *p == '-')
{
/* but not simply '-' */
if (*(p + 1) == '\0')
goto skip;
}
else if (!isascii(*p) || !isdigit(*p))
goto skip;
}
user->mbdb_gid = atoi(vals[0]);
need &= ~NEED_GID;
}
skip:
ldap_value_free(vals);
ldap_memfree(attr);
}
errno = sm_ldap_geterrno(LDAPLMAP.ldap_ld);
/*
** We check errno != LDAP_DECODING_ERROR since
** OpenLDAP 1.X has a very ugly *undocumented*
** hack of returning this error code from
** ldap_next_attribute() if the library freed the
** ber attribute. See:
** http://www.openldap.org/lists/openldap-devel/9901/msg00064.html
*/
if (errno != LDAP_SUCCESS &&
errno != LDAP_DECODING_ERROR)
{
/* Must be an error */
errno += E_LDAPBASE;
ret = EX_TEMPFAIL;
goto abort;
}
abort:
save_errno = errno;
if (attr != NULL)
{
ldap_memfree(attr);
attr = NULL;
}
if (LDAPLMAP.ldap_res != NULL)
{
ldap_msgfree(LDAPLMAP.ldap_res);
LDAPLMAP.ldap_res = NULL;
}
if (ret == EX_OK)
{
if (need == 0)
{
(void) sm_strlcpy(user->mbdb_name, name,
sizeof(user->mbdb_name));
save_errno = 0;
}
else
{
ret = EX_NOUSER;
save_errno = EINVAL;
}
}
errno = save_errno;
return ret;
}
/*
** MBDB_LDAP_TERMINATE -- terminate connection to the mailbox database
**
** Parameters:
** none.
**
** Results:
** none.
*/
static void
mbdb_ldap_terminate()
{
sm_ldap_close(&LDAPLMAP);
}
# endif /* _LDAP_EXAMPLE_ */
#endif /* LDAPMAP */
diff --git a/libsm/memstat.c b/libsm/memstat.c
index a58b4c2ed3e8..4ef49fad31d5 100644
--- a/libsm/memstat.c
+++ b/libsm/memstat.c
@@ -1,336 +1,336 @@
/*
* Copyright (c) 2005-2007 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: memstat.c,v 1.7 2013-11-22 20:51:43 ca Exp $")
#include <errno.h>
#include <sm/misc.h>
#if USESWAPCTL
#include <sys/stat.h>
#include <sys/swap.h>
static long sc_page_size;
/*
** SM_MEMSTAT_OPEN -- open memory statistics
**
** Parameters:
** none
**
** Results:
** errno as error code, 0: ok
*/
int
sm_memstat_open()
{
sc_page_size = sysconf(_SC_PAGE_SIZE);
if (sc_page_size == -1)
return (errno != 0) ? errno : -1;
return 0;
}
/*
** SM_MEMSTAT_CLOSE -- close memory statistics
**
** Parameters:
** none
**
** Results:
** errno as error code, 0: ok
*/
int
sm_memstat_close()
{
return 0;
}
/*
** SM_MEMSTAT_GET -- get memory statistics
**
** Parameters:
** resource -- resource to look up
** pvalue -- (pointer to) memory statistics value (output)
**
** Results:
** 0: success
** !=0: error
*/
int
sm_memstat_get(resource, pvalue)
char *resource;
long *pvalue;
{
int r;
struct anoninfo ai;
r = swapctl(SC_AINFO, &ai);
if (r == -1)
return (errno != 0) ? errno : -1;
r = ai.ani_max - ai.ani_resv;
r *= sc_page_size >> 10;
*pvalue = r;
return 0;
}
#elif USEKSTAT
#include <kstat.h>
#include <sys/sysinfo.h>
static kstat_ctl_t *kc;
static kstat_t *kst;
/*
** SM_MEMSTAT_OPEN -- open memory statistics
**
** Parameters:
** none
**
** Results:
** errno as error code, 0: ok
*/
int
sm_memstat_open()
{
kstat_named_t *kn;
kc = kstat_open();
if (kc == NULL)
return (errno != 0) ? errno : -1;
kst = kstat_lookup(kc, "unix", 0,
(name != NULL) ? name : "system_pages");
- if (kst == 0)
+ if (kst == NULL)
return (errno != 0) ? errno : -2;
return 0;
}
/*
** SM_MEMSTAT_CLOSE -- close memory statistics
**
** Parameters:
** none
**
** Results:
** errno as error code, 0: ok
*/
int
sm_memstat_close()
{
int r;
if (kc == NULL)
return 0;
r = kstat_close(kc);
if (r != 0)
return (errno != 0) ? errno : -1;
return 0;
}
/*
** SM_MEMSTAT_GET -- get memory statistics
**
** Parameters:
** resource -- resource to look up
** pvalue -- (pointer to) memory statistics value (output)
**
** Results:
** 0: success
** !=0: error
*/
int
sm_memstat_get(resource, pvalue)
char *resource;
long *pvalue;
{
int r;
kstat_named_t *kn;
if (kc == NULL || kst == NULL)
return -1;
if (kstat_read(kc, kst, NULL) == -1)
return (errno != 0) ? errno : -2;
kn = kstat_data_lookup(kst,
(resource != NULL) ? resource: "freemem");
if (kn == NULL)
return (errno != 0) ? errno : -3;
*pvalue = kn->value.ul;
return 0;
}
#elif USEPROCMEMINFO
/*
/proc/meminfo?
total: used: free: shared: buffers: cached:
Mem: 261468160 252149760 9318400 0 3854336 109813760
Swap: 1052794880 62185472 990609408
MemTotal: 255340 kB
MemFree: 9100 kB
MemShared: 0 kB
Buffers: 3764 kB
Cached: 107240 kB
Active: 104340 kB
Inact_dirty: 4220 kB
Inact_clean: 2444 kB
Inact_target: 4092 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 255340 kB
LowFree: 9100 kB
SwapTotal: 1028120 kB
SwapFree: 967392 kB
*/
#include <stdio.h>
#include <string.h>
static FILE *fp;
/*
** SM_MEMSTAT_OPEN -- open memory statistics
**
** Parameters:
** none
**
** Results:
** errno as error code, 0: ok
*/
int
sm_memstat_open()
{
fp = fopen("/proc/meminfo", "r");
return (fp != NULL) ? 0 : errno;
}
/*
** SM_MEMSTAT_CLOSE -- close memory statistics
**
** Parameters:
** none
**
** Results:
** errno as error code, 0: ok
*/
int
sm_memstat_close()
{
if (fp != NULL)
{
fclose(fp);
fp = NULL;
}
return 0;
}
/*
** SM_MEMSTAT_GET -- get memory statistics
**
** Parameters:
** resource -- resource to look up
** pvalue -- (pointer to) memory statistics value (output)
**
** Results:
** 0: success
** !=0: error
*/
int
sm_memstat_get(resource, pvalue)
char *resource;
long *pvalue;
{
int r;
size_t l;
char buf[80];
if (resource == NULL)
return EINVAL;
if (pvalue == NULL)
return EINVAL;
if (fp == NULL)
return -1; /* try to reopen? */
rewind(fp);
l = strlen(resource);
if (l >= sizeof(buf))
return EINVAL;
while (fgets(buf, sizeof(buf), fp) != NULL)
{
if (strncmp(buf, resource, l) == 0 && buf[l] == ':')
{
r = sscanf(buf + l + 1, "%ld", pvalue);
return (r > 0) ? 0 : -1;
}
}
return 0;
}
#else /* USEPROCMEMINFO */
/*
** SM_MEMSTAT_OPEN -- open memory statistics
**
** Parameters:
** none
**
** Results:
** errno as error code, 0: ok
*/
int
sm_memstat_open()
{
return -1;
}
/*
** SM_MEMSTAT_CLOSE -- close memory statistics
**
** Parameters:
** none
**
** Results:
** errno as error code, 0: ok
*/
int
sm_memstat_close()
{
return 0;
}
/*
** SM_MEMSTAT_GET -- get memory statistics
**
** Parameters:
** resource -- resource to look up
** pvalue -- (pointer to) memory statistics value (output)
**
** Results:
** 0: success
** !=0: error
*/
int
sm_memstat_get(resource, pvalue)
char *resource;
long *pvalue;
{
return -1;
}
#endif /* USEKSTAT */
diff --git a/libsm/niprop.c b/libsm/niprop.c
index ca60e38f53c5..a5056deb34c6 100644
--- a/libsm/niprop.c
+++ b/libsm/niprop.c
@@ -1,213 +1,213 @@
/*
* Copyright (c) 2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: niprop.c,v 1.9 2013-11-22 20:51:43 ca Exp $")
#if NETINFO
#include <ctype.h>
#include <stdlib.h>
#include <sm/io.h>
#include <sm/assert.h>
#include <sm/debug.h>
#include <sm/string.h>
#include <sm/varargs.h>
#include <sm/heap.h>
/*
** NI_PROPVAL -- NetInfo property value lookup routine
**
** Parameters:
** keydir -- the NetInfo directory name in which to search
** for the key.
** keyprop -- the name of the property in which to find the
** property we are interested. Defaults to "name".
** keyval -- the value for which we are really searching.
** valprop -- the property name for the value in which we
** are interested.
** sepchar -- if non-nil, this can be multiple-valued, and
** we should return a string separated by this
** character.
**
** Returns:
** NULL -- if:
** 1. the directory is not found
** 2. the property name is not found
** 3. the property contains multiple values
** 4. some error occurred
** else -- the value of the lookup.
**
** Example:
** To search for an alias value, use:
** ni_propval("/aliases", "name", aliasname, "members", ',')
**
** Notes:
** Caller should free the return value of ni_proval
*/
# include <netinfo/ni.h>
# define LOCAL_NETINFO_DOMAIN "."
# define PARENT_NETINFO_DOMAIN ".."
# define MAX_NI_LEVELS 256
char *
ni_propval(keydir, keyprop, keyval, valprop, sepchar)
char *keydir;
char *keyprop;
char *keyval;
char *valprop;
int sepchar;
{
char *propval = NULL;
int i;
int j, alen, l;
void *ni = NULL;
void *lastni = NULL;
ni_status nis;
ni_id nid;
ni_namelist ninl;
register char *p;
char keybuf[1024];
/*
** Create the full key from the two parts.
**
** Note that directory can end with, e.g., "name=" to specify
** an alternate search property.
*/
i = strlen(keydir) + strlen(keyval) + 2;
if (keyprop != NULL)
i += strlen(keyprop) + 1;
if (i >= sizeof keybuf)
return NULL;
(void) sm_strlcpyn(keybuf, sizeof keybuf, 2, keydir, "/");
if (keyprop != NULL)
{
(void) sm_strlcat2(keybuf, keyprop, "=", sizeof keybuf);
}
(void) sm_strlcat(keybuf, keyval, sizeof keybuf);
#if 0
if (tTd(38, 21))
sm_dprintf("ni_propval(%s, %s, %s, %s, %d) keybuf='%s'\n",
keydir, keyprop, keyval, valprop, sepchar, keybuf);
-#endif /* 0 */
+#endif
/*
** If the passed directory and property name are found
** in one of netinfo domains we need to search (starting
** from the local domain moving all the way back to the
** root domain) set propval to the property's value
** and return it.
*/
for (i = 0; i < MAX_NI_LEVELS && propval == NULL; i++)
{
if (i == 0)
{
nis = ni_open(NULL, LOCAL_NETINFO_DOMAIN, &ni);
#if 0
if (tTd(38, 20))
sm_dprintf("ni_open(LOCAL) = %d\n", nis);
-#endif /* 0 */
+#endif
}
else
{
if (lastni != NULL)
ni_free(lastni);
lastni = ni;
nis = ni_open(lastni, PARENT_NETINFO_DOMAIN, &ni);
#if 0
if (tTd(38, 20))
sm_dprintf("ni_open(PARENT) = %d\n", nis);
-#endif /* 0 */
+#endif
}
/*
** Don't bother if we didn't get a handle on a
** proper domain. This is not necessarily an error.
** We would get a positive ni_status if, for instance
** we never found the directory or property and tried
** to open the parent of the root domain!
*/
if (nis != 0)
break;
/*
** Find the path to the server information.
*/
if (ni_pathsearch(ni, &nid, keybuf) != 0)
continue;
/*
** Find associated value information.
*/
if (ni_lookupprop(ni, &nid, valprop, &ninl) != 0)
continue;
#if 0
if (tTd(38, 20))
sm_dprintf("ni_lookupprop: len=%d\n",
ninl.ni_namelist_len);
-#endif /* 0 */
+#endif
/*
** See if we have an acceptable number of values.
*/
if (ninl.ni_namelist_len <= 0)
continue;
if (sepchar == '\0' && ninl.ni_namelist_len > 1)
{
ni_namelist_free(&ninl);
continue;
}
/*
** Calculate number of bytes needed and build result
*/
alen = 1;
for (j = 0; j < ninl.ni_namelist_len; j++)
alen += strlen(ninl.ni_namelist_val[j]) + 1;
propval = p = sm_malloc(alen);
if (propval == NULL)
goto cleanup;
for (j = 0; j < ninl.ni_namelist_len; j++)
{
(void) sm_strlcpy(p, ninl.ni_namelist_val[j], alen);
l = strlen(p);
p += l;
*p++ = sepchar;
alen -= l + 1;
}
*--p = '\0';
ni_namelist_free(&ninl);
}
cleanup:
if (ni != NULL)
ni_free(ni);
if (lastni != NULL && ni != lastni)
ni_free(lastni);
#if 0
if (tTd(38, 20))
sm_dprintf("ni_propval returns: '%s'\n", propval);
-#endif /* 0 */
+#endif
return propval;
}
#endif /* NETINFO */
diff --git a/libsm/notify.c b/libsm/notify.c
new file mode 100644
index 000000000000..b529d6ffa5b6
--- /dev/null
+++ b/libsm/notify.c
@@ -0,0 +1,205 @@
+/*
+ * Copyright (c) 2016 Proofpoint, Inc. and its suppliers.
+ * All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#include <sm/gen.h>
+
+#include <sm/conf.h> /* FDSET_CAST */
+#include <sm/fdset.h>
+#include <sm/assert.h>
+#include <sm/notify.h>
+
+#include <sys/types.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdbool.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h> /* for memset() */
+
+#if SM_NOTIFY_DEBUG
+#define SM_DBG(p) fprintf p
+#else
+#define SM_DBG(p)
+#endif
+
+static int Notifypipe[2];
+#define NotifyRDpipe Notifypipe[0]
+#define NotifyWRpipe Notifypipe[1]
+
+#define CLOSEFD(fd) do { \
+ if ((fd) != -1) { \
+ (void) close(fd); \
+ fd = - 1; \
+ } \
+ } while (0) \
+
+
+/*
+** SM_NOTIFY_INIT -- initialize notify system
+**
+** Parameters:
+** flags -- ignored
+**
+** Returns:
+** 0: success
+** <0: -errno
+*/
+
+int
+sm_notify_init(flags)
+ int flags;
+{
+ if (pipe(Notifypipe) < 0)
+ return -errno;
+ return 0;
+}
+
+/*
+** SM_NOTIFY_START -- start notify system
+**
+** Parameters:
+** owner -- owner.
+** flags -- currently ignored.
+**
+** Returns:
+** 0: success
+** <0: -errno
+*/
+
+int
+sm_notify_start(owner, flags)
+ bool owner;
+ int flags;
+{
+ int r;
+
+ r = 0;
+ if (owner)
+ CLOSEFD(NotifyWRpipe);
+ else
+ CLOSEFD(NotifyRDpipe);
+ return r;
+}
+
+/*
+** SM_NOTIFY_STOP -- stop notify system
+**
+** Parameters:
+** owner -- owner.
+** flags -- currently ignored.
+**
+** Returns:
+** 0: success
+** <0: -errno
+*/
+
+int
+sm_notify_stop(owner, flags)
+ bool owner;
+ int flags;
+{
+ if (owner)
+ CLOSEFD(NotifyRDpipe);
+ else
+ CLOSEFD(NotifyWRpipe);
+ return 0;
+}
+
+/*
+** SM_NOTIFY_SND -- send notification
+**
+** Parameters:
+** buf -- where to write data
+** buflen -- len of buffer
+**
+** Returns:
+** 0: success
+** <0: -errno
+*/
+
+int
+sm_notify_snd(buf, buflen)
+ char *buf;
+ size_t buflen;
+{
+ int r;
+ int save_errno;
+
+ SM_REQUIRE(buf != NULL);
+ SM_REQUIRE(buflen > 0);
+ if (NotifyWRpipe < 0)
+ return -EINVAL;
+
+ r = write(NotifyWRpipe, buf, buflen);
+ save_errno = errno;
+ SM_DBG((stderr, "write=%d, fd=%d, e=%d\n", r, NotifyWRpipe, save_errno));
+ return r >= 0 ? 0 : -save_errno;
+}
+
+/*
+** SM_NOTIFY_RCV -- receive notification
+**
+** Parameters:
+** buf -- where to write data
+** buflen -- len of buffer
+** tmo -- timeout
+**
+** Returns:
+** 0: success
+** <0: -errno
+*/
+
+int
+sm_notify_rcv(buf, buflen, tmo)
+ char *buf;
+ size_t buflen;
+ int tmo;
+{
+ int r;
+ int save_errno;
+ fd_set readfds;
+ struct timeval timeout;
+
+ SM_REQUIRE(buf != NULL);
+ SM_REQUIRE(buflen > 0);
+ if (NotifyRDpipe < 0)
+ return -EINVAL;
+ FD_ZERO(&readfds);
+ SM_FD_SET(NotifyRDpipe, &readfds);
+ timeout.tv_sec = tmo;
+ timeout.tv_usec = 0;
+
+ do {
+ r = select(NotifyRDpipe + 1, FDSET_CAST &readfds, NULL, NULL, &timeout);
+ save_errno = errno;
+ SM_DBG((stderr, "select=%d, fd=%d, e=%d\n", r, NotifyRDpipe, save_errno));
+ } while (r < 0 && save_errno == EINTR);
+
+ if (r <= 0)
+ {
+ SM_DBG((stderr, "select=%d, e=%d\n", r, save_errno));
+ return -ETIMEDOUT;
+ }
+
+ /* bogus... need to check again? */
+ if (!FD_ISSET(NotifyRDpipe, &readfds))
+ return -ETIMEDOUT;
+
+ r = read(NotifyRDpipe, buf, buflen);
+ save_errno = errno;
+ SM_DBG((stderr, "read=%d, e=%d\n", r, save_errno));
+ if (r == 0)
+ return -1; /* ??? */
+ if (r < 0)
+ return -save_errno;
+ return r;
+}
diff --git a/libsm/refill.c b/libsm/refill.c
index e13c831bed42..af3a84442f17 100644
--- a/libsm/refill.c
+++ b/libsm/refill.c
@@ -1,303 +1,303 @@
/*
* Copyright (c) 2000-2001, 2005-2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: refill.c,v 1.54 2013-11-22 20:51:43 ca Exp $")
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <setjmp.h>
#include <signal.h>
#include <sm/time.h>
#include <fcntl.h>
#include <string.h>
#include <sm/io.h>
#include <sm/conf.h>
#include <sm/assert.h>
#include <sm/fdset.h>
#include "local.h"
static int sm_lflush __P((SM_FILE_T *, int *));
/*
** SM_IO_RD_TIMEOUT -- measured timeout for reads
**
** This #define uses a select() to wait for the 'fd' to become readable.
** The select() can be active for up to 'To' time. The select() may not
** use all of the the 'To' time. Hence, the amount of "wall-clock" time is
** measured to decide how much to subtract from 'To' to update it. On some
** BSD-based/like systems the timeout for a select() is updated for the
** amount of time used. On many/most systems this does not happen. Therefore
** the updating of 'To' must be done ourselves; a copy of 'To' is passed
** since a BSD-like system will have updated it and we don't want to
** double the time used!
** Note: if a valid 'fd' doesn't exist yet, don't use this (e.g. the
** sendmail buffered file type in sendmail/bf.c; see use below).
**
** Parameters
** fp -- the file pointer for the active file
** fd -- raw file descriptor (from 'fp') to use for select()
** to -- struct timeval of the timeout
** timeout -- the original timeout value
** sel_ret -- the return value from the select()
**
** Returns:
** nothing, flow through code
*/
#define SM_IO_RD_TIMEOUT(fp, fd, to, timeout, sel_ret) \
{ \
struct timeval sm_io_to_before, sm_io_to_after, sm_io_to_diff; \
fd_set sm_io_to_mask, sm_io_x_mask; \
errno = 0; \
if (timeout == SM_TIME_IMMEDIATE) \
{ \
errno = EAGAIN; \
return SM_IO_EOF; \
} \
if (!SM_FD_OK_SELECT(fd)) \
{ \
errno = EINVAL; \
return SM_IO_EOF; \
} \
FD_ZERO(&sm_io_to_mask); \
FD_SET((fd), &sm_io_to_mask); \
FD_ZERO(&sm_io_x_mask); \
FD_SET((fd), &sm_io_x_mask); \
if (gettimeofday(&sm_io_to_before, NULL) < 0) \
return SM_IO_EOF; \
do \
{ \
(sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL, \
- &sm_io_x_mask, (to)); \
+ &sm_io_x_mask, (to)); \
} while ((sel_ret) < 0 && errno == EINTR); \
if ((sel_ret) < 0) \
{ \
/* something went wrong, errno set */ \
fp->f_r = 0; \
fp->f_flags |= SMERR; \
return SM_IO_EOF; \
} \
else if ((sel_ret) == 0) \
{ \
/* timeout */ \
errno = EAGAIN; \
return SM_IO_EOF; \
} \
- /* calulate wall-clock time used */ \
+ /* calculate wall-clock time used */ \
if (gettimeofday(&sm_io_to_after, NULL) < 0) \
return SM_IO_EOF; \
timersub(&sm_io_to_after, &sm_io_to_before, &sm_io_to_diff); \
timersub((to), &sm_io_to_diff, (to)); \
}
/*
** SM_LFLUSH -- flush a file if it is line buffered and writable
**
** Parameters:
** fp -- file pointer to flush
** timeout -- original timeout value (in milliseconds)
**
** Returns:
** Failure: returns SM_IO_EOF and sets errno
** Success: returns 0
*/
static int
sm_lflush(fp, timeout)
SM_FILE_T *fp;
int *timeout;
{
if ((fp->f_flags & (SMLBF|SMWR)) == (SMLBF|SMWR))
return sm_flush(fp, timeout);
return 0;
}
/*
** SM_REFILL -- refill a buffer
**
** Parameters:
** fp -- file pointer for buffer refill
** timeout -- time to complete filling the buffer in milliseconds
**
** Returns:
** Success: returns 0
** Failure: returns SM_IO_EOF
*/
int
sm_refill(fp, timeout)
register SM_FILE_T *fp;
int timeout;
{
int ret, r;
struct timeval to;
int fd;
if (timeout == SM_TIME_DEFAULT)
timeout = fp->f_timeout;
if (timeout == SM_TIME_IMMEDIATE)
{
/*
** Filling the buffer will take time and we are wanted to
** return immediately. And we're not EOF or ERR really.
** So... the failure is we couldn't do it in time.
*/
errno = EAGAIN;
fp->f_r = 0; /* just to be sure */
return 0;
}
/* make sure stdio is set up */
if (!Sm_IO_DidInit)
sm_init();
fp->f_r = 0; /* largely a convenience for callers */
if (fp->f_flags & SMFEOF)
return SM_IO_EOF;
SM_CONVERT_TIME(fp, fd, timeout, &to);
/* if not already reading, have to be reading and writing */
if ((fp->f_flags & SMRD) == 0)
{
if ((fp->f_flags & SMRW) == 0)
{
errno = EBADF;
fp->f_flags |= SMERR;
return SM_IO_EOF;
}
/* switch to reading */
if (fp->f_flags & SMWR)
{
if (sm_flush(fp, &timeout))
return SM_IO_EOF;
fp->f_flags &= ~SMWR;
fp->f_w = 0;
fp->f_lbfsize = 0;
}
fp->f_flags |= SMRD;
}
else
{
/*
** We were reading. If there is an ungetc buffer,
** we must have been reading from that. Drop it,
** restoring the previous buffer (if any). If there
** is anything in that buffer, return.
*/
if (HASUB(fp))
{
FREEUB(fp);
if ((fp->f_r = fp->f_ur) != 0)
{
fp->f_p = fp->f_up;
/* revert blocking state */
return 0;
}
}
}
if (fp->f_bf.smb_base == NULL)
sm_makebuf(fp);
/*
** Before reading from a line buffered or unbuffered file,
** flush all line buffered output files, per the ANSI C standard.
*/
if (fp->f_flags & (SMLBF|SMNBF))
(void) sm_fwalk(sm_lflush, &timeout);
/*
** If this file is linked to another, and we are going to hang
** on the read, flush the linked file before continuing.
*/
if (fp->f_flushfp != NULL &&
(*fp->f_getinfo)(fp, SM_IO_IS_READABLE, NULL) <= 0)
sm_flush(fp->f_flushfp, &timeout);
fp->f_p = fp->f_bf.smb_base;
/*
** The do-while loop stops trying to read when something is read
** or it appears that the timeout has expired before finding
** something available to be read (via select()).
*/
ret = 0;
do
{
errno = 0; /* needed to ensure EOF correctly found */
r = (*fp->f_read)(fp, (char *)fp->f_p, fp->f_bf.smb_size);
if (r <= 0)
{
if (r == 0 && errno == 0)
break; /* EOF found */
if (IS_IO_ERROR(fd, r, timeout))
goto err; /* errno set */
/* read would block */
SM_IO_RD_TIMEOUT(fp, fd, &to, timeout, ret);
}
} while (r <= 0 && ret > 0);
err:
if (r <= 0)
{
if (r == 0)
fp->f_flags |= SMFEOF;
else
fp->f_flags |= SMERR;
fp->f_r = 0;
return SM_IO_EOF;
}
fp->f_r = r;
return 0;
}
/*
** SM_RGET -- refills buffer and returns first character
**
** Handle sm_getc() when the buffer ran out:
** Refill, then return the first character in the newly-filled buffer.
**
** Parameters:
** fp -- file pointer to work on
** timeout -- time to complete refill
**
** Returns:
** Success: first character in refilled buffer as an int
** Failure: SM_IO_EOF
*/
int
sm_rget(fp, timeout)
register SM_FILE_T *fp;
int timeout;
{
if (sm_refill(fp, timeout) == 0)
{
fp->f_r--;
return *fp->f_p++;
}
return SM_IO_EOF;
}
diff --git a/libsm/rewind.c b/libsm/rewind.c
index 9203ddb32f65..2bbb26d2a9a9 100644
--- a/libsm/rewind.c
+++ b/libsm/rewind.c
@@ -1,44 +1,44 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: rewind.c,v 1.19 2013-11-22 20:51:43 ca Exp $")
#include <errno.h>
#include <sm/io.h>
#include <sm/assert.h>
#include "local.h"
/*
** SM_IO_REWIND -- rewind the file
**
-** Seeks the file to the begining and clears any outstanding errors.
+** Seeks the file to the beginning and clears any outstanding errors.
**
** Parameters:
** fp -- the flie pointer for rewind
** timeout -- time to complete the rewind
**
** Returns:
** none.
*/
void
sm_io_rewind(fp, timeout)
register SM_FILE_T *fp;
int timeout;
{
SM_REQUIRE_ISA(fp, SmFileMagic);
(void) sm_io_seek(fp, timeout, 0L, SM_IO_SEEK_SET);
(void) sm_io_clearerr(fp);
errno = 0; /* not required, but seems reasonable */
}
diff --git a/libsm/rpool.c b/libsm/rpool.c
index 2624123cca91..9d883ffca194 100644
--- a/libsm/rpool.c
+++ b/libsm/rpool.c
@@ -1,524 +1,524 @@
/*
* Copyright (c) 2000-2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: rpool.c,v 1.29 2013-11-22 20:51:43 ca Exp $")
/*
** resource pools
** For documentation, see rpool.html
*/
#include <sm/exc.h>
#include <sm/heap.h>
#include <sm/rpool.h>
#include <sm/varargs.h>
#include <sm/conf.h>
#if _FFR_PERF_RPOOL
# include <syslog.h>
-#endif /* _FFR_PERF_RPOOL */
+#endif
const char SmRpoolMagic[] = "sm_rpool";
typedef union
{
SM_POOLLINK_T link;
char align[SM_ALIGN_SIZE];
} SM_POOLHDR_T;
static char *sm_rpool_allocblock_x __P((SM_RPOOL_T *, size_t));
static char *sm_rpool_allocblock __P((SM_RPOOL_T *, size_t));
/*
** Tune this later
*/
#define POOLSIZE 4096
#define BIG_OBJECT_RATIO 10
/*
** SM_RPOOL_ALLOCBLOCK_X -- allocate a new block for an rpool.
**
** Parameters:
** rpool -- rpool to which the block should be added.
** size -- size of block.
**
** Returns:
** Pointer to block.
**
** Exceptions:
** F:sm_heap -- out of memory
*/
static char *
sm_rpool_allocblock_x(rpool, size)
SM_RPOOL_T *rpool;
size_t size;
{
SM_POOLLINK_T *p;
p = sm_malloc_x(sizeof(SM_POOLHDR_T) + size);
p->sm_pnext = rpool->sm_pools;
rpool->sm_pools = p;
return (char*) p + sizeof(SM_POOLHDR_T);
}
/*
** SM_RPOOL_ALLOCBLOCK -- allocate a new block for an rpool.
**
** Parameters:
** rpool -- rpool to which the block should be added.
** size -- size of block.
**
** Returns:
** Pointer to block, NULL on failure.
*/
static char *
sm_rpool_allocblock(rpool, size)
SM_RPOOL_T *rpool;
size_t size;
{
SM_POOLLINK_T *p;
p = sm_malloc(sizeof(SM_POOLHDR_T) + size);
if (p == NULL)
return NULL;
p->sm_pnext = rpool->sm_pools;
rpool->sm_pools = p;
return (char*) p + sizeof(SM_POOLHDR_T);
}
/*
** SM_RPOOL_MALLOC_TAGGED_X -- allocate memory from rpool
**
** Parameters:
** rpool -- rpool from which memory should be allocated;
** can be NULL, use sm_malloc() then.
** size -- size of block.
** file -- filename.
** line -- line number in file.
** group -- heap group for debugging.
**
** Returns:
** Pointer to block.
**
** Exceptions:
** F:sm_heap -- out of memory
**
** Notice: XXX
** if size == 0 and the rpool is new (no memory
** allocated yet) NULL is returned!
** We could solve this by
** - wasting 1 byte (size < avail)
** - checking for rpool->sm_poolptr != NULL
** - not asking for 0 sized buffer
*/
void *
#if SM_HEAP_CHECK
sm_rpool_malloc_tagged_x(rpool, size, file, line, group)
SM_RPOOL_T *rpool;
size_t size;
char *file;
int line;
int group;
#else /* SM_HEAP_CHECK */
sm_rpool_malloc_x(rpool, size)
SM_RPOOL_T *rpool;
size_t size;
#endif /* SM_HEAP_CHECK */
{
char *ptr;
if (rpool == NULL)
return sm_malloc_tagged_x(size, file, line, group);
/* Ensure that size is properly aligned. */
if (size & SM_ALIGN_BITS)
size = (size & ~SM_ALIGN_BITS) + SM_ALIGN_SIZE;
/* The common case. This is optimized for speed. */
if (size <= rpool->sm_poolavail)
{
ptr = rpool->sm_poolptr;
rpool->sm_poolptr += size;
rpool->sm_poolavail -= size;
return ptr;
}
/*
** The slow case: we need to call malloc.
** The SM_REQUIRE assertion is deferred until now, for speed.
** That's okay: we set rpool->sm_poolavail to 0 when we free an rpool,
** so the common case code won't be triggered on a dangling pointer.
*/
SM_REQUIRE(rpool->sm_magic == SmRpoolMagic);
/*
** If size > sm_poolsize, then malloc a new block especially for
** this request. Future requests will be allocated from the
** current pool.
**
** What if the current pool is mostly unallocated, and the current
** request is larger than the available space, but < sm_poolsize?
** If we discard the current pool, and start allocating from a new
** pool, then we will be wasting a lot of space. For this reason,
** we malloc a block just for the current request if size >
** sm_bigobjectsize, where sm_bigobjectsize <= sm_poolsize.
** Thus, the most space that we will waste at the end of a pool
** is sm_bigobjectsize - 1.
*/
if (size > rpool->sm_bigobjectsize)
{
#if _FFR_PERF_RPOOL
++rpool->sm_nbigblocks;
-#endif /* _FFR_PERF_RPOOL */
+#endif
return sm_rpool_allocblock_x(rpool, size);
}
SM_ASSERT(rpool->sm_bigobjectsize <= rpool->sm_poolsize);
ptr = sm_rpool_allocblock_x(rpool, rpool->sm_poolsize);
rpool->sm_poolptr = ptr + size;
rpool->sm_poolavail = rpool->sm_poolsize - size;
#if _FFR_PERF_RPOOL
++rpool->sm_npools;
-#endif /* _FFR_PERF_RPOOL */
+#endif
return ptr;
}
/*
** SM_RPOOL_MALLOC_TAGGED -- allocate memory from rpool
**
** Parameters:
** rpool -- rpool from which memory should be allocated;
** can be NULL, use sm_malloc() then.
** size -- size of block.
** file -- filename.
** line -- line number in file.
** group -- heap group for debugging.
**
** Returns:
** Pointer to block, NULL on failure.
**
** Notice: XXX
** if size == 0 and the rpool is new (no memory
** allocated yet) NULL is returned!
** We could solve this by
** - wasting 1 byte (size < avail)
** - checking for rpool->sm_poolptr != NULL
** - not asking for 0 sized buffer
*/
void *
#if SM_HEAP_CHECK
sm_rpool_malloc_tagged(rpool, size, file, line, group)
SM_RPOOL_T *rpool;
size_t size;
char *file;
int line;
int group;
#else /* SM_HEAP_CHECK */
sm_rpool_malloc(rpool, size)
SM_RPOOL_T *rpool;
size_t size;
#endif /* SM_HEAP_CHECK */
{
char *ptr;
if (rpool == NULL)
return sm_malloc_tagged(size, file, line, group);
/* Ensure that size is properly aligned. */
if (size & SM_ALIGN_BITS)
size = (size & ~SM_ALIGN_BITS) + SM_ALIGN_SIZE;
/* The common case. This is optimized for speed. */
if (size <= rpool->sm_poolavail)
{
ptr = rpool->sm_poolptr;
rpool->sm_poolptr += size;
rpool->sm_poolavail -= size;
return ptr;
}
/*
** The slow case: we need to call malloc.
** The SM_REQUIRE assertion is deferred until now, for speed.
** That's okay: we set rpool->sm_poolavail to 0 when we free an rpool,
** so the common case code won't be triggered on a dangling pointer.
*/
SM_REQUIRE(rpool->sm_magic == SmRpoolMagic);
/*
** If size > sm_poolsize, then malloc a new block especially for
** this request. Future requests will be allocated from the
** current pool.
**
** What if the current pool is mostly unallocated, and the current
** request is larger than the available space, but < sm_poolsize?
** If we discard the current pool, and start allocating from a new
** pool, then we will be wasting a lot of space. For this reason,
** we malloc a block just for the current request if size >
** sm_bigobjectsize, where sm_bigobjectsize <= sm_poolsize.
** Thus, the most space that we will waste at the end of a pool
** is sm_bigobjectsize - 1.
*/
if (size > rpool->sm_bigobjectsize)
{
#if _FFR_PERF_RPOOL
++rpool->sm_nbigblocks;
-#endif /* _FFR_PERF_RPOOL */
+#endif
return sm_rpool_allocblock(rpool, size);
}
SM_ASSERT(rpool->sm_bigobjectsize <= rpool->sm_poolsize);
ptr = sm_rpool_allocblock(rpool, rpool->sm_poolsize);
if (ptr == NULL)
return NULL;
rpool->sm_poolptr = ptr + size;
rpool->sm_poolavail = rpool->sm_poolsize - size;
#if _FFR_PERF_RPOOL
++rpool->sm_npools;
-#endif /* _FFR_PERF_RPOOL */
+#endif
return ptr;
}
/*
** SM_RPOOL_NEW_X -- create a new rpool.
**
** Parameters:
** parent -- pointer to parent rpool, can be NULL.
**
** Returns:
** Pointer to new rpool.
*/
SM_RPOOL_T *
sm_rpool_new_x(parent)
SM_RPOOL_T *parent;
{
SM_RPOOL_T *rpool;
rpool = sm_malloc_x(sizeof(SM_RPOOL_T));
if (parent == NULL)
rpool->sm_parentlink = NULL;
else
{
SM_TRY
rpool->sm_parentlink = sm_rpool_attach_x(parent,
(SM_RPOOL_RFREE_T) sm_rpool_free,
(void *) rpool);
SM_EXCEPT(exc, "*")
sm_free(rpool);
sm_exc_raise_x(exc);
SM_END_TRY
}
rpool->sm_magic = SmRpoolMagic;
rpool->sm_poolsize = POOLSIZE - sizeof(SM_POOLHDR_T);
rpool->sm_bigobjectsize = rpool->sm_poolsize / BIG_OBJECT_RATIO;
rpool->sm_poolptr = NULL;
rpool->sm_poolavail = 0;
rpool->sm_pools = NULL;
rpool->sm_rptr = NULL;
rpool->sm_ravail = 0;
rpool->sm_rlists = NULL;
#if _FFR_PERF_RPOOL
rpool->sm_nbigblocks = 0;
rpool->sm_npools = 0;
-#endif /* _FFR_PERF_RPOOL */
+#endif
return rpool;
}
/*
** SM_RPOOL_SETSIZES -- set sizes for rpool.
**
** Parameters:
** poolsize -- size of a single rpool block.
** bigobjectsize -- if this size is exceeded, an individual
** block is allocated (must be less or equal poolsize).
**
** Returns:
** none.
*/
void
sm_rpool_setsizes(rpool, poolsize, bigobjectsize)
SM_RPOOL_T *rpool;
size_t poolsize;
size_t bigobjectsize;
{
SM_REQUIRE(poolsize >= bigobjectsize);
if (poolsize == 0)
poolsize = POOLSIZE - sizeof(SM_POOLHDR_T);
if (bigobjectsize == 0)
bigobjectsize = poolsize / BIG_OBJECT_RATIO;
rpool->sm_poolsize = poolsize;
rpool->sm_bigobjectsize = bigobjectsize;
}
/*
** SM_RPOOL_FREE -- free an rpool and release all of its resources.
**
** Parameters:
** rpool -- rpool to free.
**
** Returns:
** none.
*/
void
sm_rpool_free(rpool)
SM_RPOOL_T *rpool;
{
SM_RLIST_T *rl, *rnext;
SM_RESOURCE_T *r, *rmax;
SM_POOLLINK_T *pp, *pnext;
if (rpool == NULL)
return;
/*
** It's important to free the resources before the memory pools,
** because the resource free functions might modify the contents
** of the memory pools.
*/
rl = rpool->sm_rlists;
if (rl != NULL)
{
rmax = rpool->sm_rptr;
for (;;)
{
for (r = rl->sm_rvec; r < rmax; ++r)
{
if (r->sm_rfree != NULL)
r->sm_rfree(r->sm_rcontext);
}
rnext = rl->sm_rnext;
sm_free(rl);
if (rnext == NULL)
break;
rl = rnext;
rmax = &rl->sm_rvec[SM_RLIST_MAX];
}
}
/*
** Now free the memory pools.
*/
for (pp = rpool->sm_pools; pp != NULL; pp = pnext)
{
pnext = pp->sm_pnext;
sm_free(pp);
}
/*
** Disconnect rpool from its parent.
*/
if (rpool->sm_parentlink != NULL)
*rpool->sm_parentlink = NULL;
/*
** Setting these fields to zero means that any future to attempt
** to use the rpool after it is freed will cause an assertion failure.
*/
rpool->sm_magic = NULL;
rpool->sm_poolavail = 0;
rpool->sm_ravail = 0;
#if _FFR_PERF_RPOOL
if (rpool->sm_nbigblocks > 0 || rpool->sm_npools > 1)
syslog(LOG_NOTICE,
"perf: rpool=%lx, sm_nbigblocks=%d, sm_npools=%d",
(long) rpool, rpool->sm_nbigblocks, rpool->sm_npools);
rpool->sm_nbigblocks = 0;
rpool->sm_npools = 0;
#endif /* _FFR_PERF_RPOOL */
sm_free(rpool);
}
/*
** SM_RPOOL_ATTACH_X -- attach a resource to an rpool.
**
** Parameters:
** rpool -- rpool to which resource should be attached.
** rfree -- function to call when rpool is freed.
** rcontext -- argument for function to call when rpool is freed.
**
** Returns:
** Pointer to allocated function.
**
** Exceptions:
** F:sm_heap -- out of memory
*/
SM_RPOOL_ATTACH_T
sm_rpool_attach_x(rpool, rfree, rcontext)
SM_RPOOL_T *rpool;
SM_RPOOL_RFREE_T rfree;
void *rcontext;
{
SM_RLIST_T *rl;
SM_RPOOL_ATTACH_T a;
SM_REQUIRE_ISA(rpool, SmRpoolMagic);
if (rpool->sm_ravail == 0)
{
rl = sm_malloc_x(sizeof(SM_RLIST_T));
rl->sm_rnext = rpool->sm_rlists;
rpool->sm_rlists = rl;
rpool->sm_rptr = rl->sm_rvec;
rpool->sm_ravail = SM_RLIST_MAX;
}
a = &rpool->sm_rptr->sm_rfree;
rpool->sm_rptr->sm_rfree = rfree;
rpool->sm_rptr->sm_rcontext = rcontext;
++rpool->sm_rptr;
--rpool->sm_ravail;
return a;
}
#if DO_NOT_USE_STRCPY
/*
** SM_RPOOL_STRDUP_X -- Create a copy of a C string
**
** Parameters:
** rpool -- rpool to use.
** s -- the string to copy.
**
** Returns:
** pointer to newly allocated string.
*/
char *
sm_rpool_strdup_x(rpool, s)
SM_RPOOL_T *rpool;
const char *s;
{
size_t l;
char *n;
l = strlen(s);
SM_ASSERT(l + 1 > l);
n = sm_rpool_malloc_x(rpool, l + 1);
sm_strlcpy(n, s, l + 1);
return n;
}
#endif /* DO_NOT_USE_STRCPY */
diff --git a/libsm/sem.c b/libsm/sem.c
index 23b2de70f318..ac28a61ae353 100644
--- a/libsm/sem.c
+++ b/libsm/sem.c
@@ -1,245 +1,245 @@
/*
* Copyright (c) 2000-2001, 2005, 2008 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: sem.c,v 1.15 2013-11-22 20:51:43 ca Exp $")
#if SM_CONF_SEM
# include <stdlib.h>
# include <unistd.h>
# include <sm/string.h>
# include <sm/sem.h>
# include <sm/heap.h>
# include <errno.h>
/*
** SM_SEM_START -- initialize semaphores
**
** Parameters:
** key -- key for semaphores.
** nsem -- number of semaphores.
** semflg -- flag for semget(), if 0, use a default.
** owner -- create semaphores.
**
** Returns:
** id for semaphores.
** < 0 on failure.
*/
int
sm_sem_start(key, nsem, semflg, owner)
key_t key;
int nsem;
int semflg;
bool owner;
{
int semid, i, err;
unsigned short *semvals;
semvals = NULL;
if (semflg == 0)
semflg = (SEM_A|SEM_R)|((SEM_A|SEM_R) >> 3);
if (owner)
semflg |= IPC_CREAT|IPC_EXCL;
semid = semget(key, nsem, semflg);
if (semid < 0)
goto error;
if (owner)
{
union semun semarg;
semvals = (unsigned short *) sm_malloc(nsem * sizeof semvals);
if (semvals == NULL)
goto error;
semarg.array = semvals;
/* initialize semaphore values to be available */
for (i = 0; i < nsem; i++)
semvals[i] = 1;
if (semctl(semid, 0, SETALL, semarg) < 0)
goto error;
}
return semid;
error:
err = errno;
if (semvals != NULL)
sm_free(semvals);
if (semid >= 0)
sm_sem_stop(semid);
return (err > 0) ? (0 - err) : -1;
}
/*
** SM_SEM_STOP -- stop using semaphores.
**
** Parameters:
** semid -- id for semaphores.
**
** Returns:
** 0 on success.
** < 0 on failure.
*/
int
sm_sem_stop(semid)
int semid;
{
return semctl(semid, 0, IPC_RMID, NULL);
}
/*
** SM_SEM_ACQ -- acquire semaphore.
**
** Parameters:
** semid -- id for semaphores.
** semnum -- number of semaphore.
** timeout -- how long to wait for operation to succeed.
**
** Returns:
** 0 on success.
** < 0 on failure.
*/
int
sm_sem_acq(semid, semnum, timeout)
int semid;
int semnum;
int timeout;
{
int r;
struct sembuf semops[1];
semops[0].sem_num = semnum;
semops[0].sem_op = -1;
semops[0].sem_flg = SEM_UNDO |
(timeout != SM_TIME_FOREVER ? 0 : IPC_NOWAIT);
if (timeout == SM_TIME_IMMEDIATE || timeout == SM_TIME_FOREVER)
return semop(semid, semops, 1);
do
{
r = semop(semid, semops, 1);
if (r == 0)
return r;
sleep(1);
--timeout;
} while (timeout > 0);
return r;
}
/*
** SM_SEM_REL -- release semaphore.
**
** Parameters:
** semid -- id for semaphores.
** semnum -- number of semaphore.
** timeout -- how long to wait for operation to succeed.
**
** Returns:
** 0 on success.
** < 0 on failure.
*/
int
sm_sem_rel(semid, semnum, timeout)
int semid;
int semnum;
int timeout;
{
int r;
struct sembuf semops[1];
#if PARANOID
/* XXX should we check whether the value is already 0 ? */
SM_REQUIRE(sm_get_sem(semid, semnum) > 0);
-#endif /* PARANOID */
+#endif
semops[0].sem_num = semnum;
semops[0].sem_op = 1;
semops[0].sem_flg = SEM_UNDO |
(timeout != SM_TIME_FOREVER ? 0 : IPC_NOWAIT);
if (timeout == SM_TIME_IMMEDIATE || timeout == SM_TIME_FOREVER)
return semop(semid, semops, 1);
do
{
r = semop(semid, semops, 1);
if (r == 0)
return r;
sleep(1);
--timeout;
} while (timeout > 0);
return r;
}
/*
** SM_SEM_GET -- get semaphore value.
**
** Parameters:
** semid -- id for semaphores.
** semnum -- number of semaphore.
**
** Returns:
** value of semaphore on success.
** < 0 on failure.
*/
int
sm_sem_get(semid, semnum)
int semid;
int semnum;
{
int semval;
if ((semval = semctl(semid, semnum, GETVAL, NULL)) < 0)
return -1;
return semval;
}
/*
** SM_SEMSETOWNER -- set owner/group/mode of semaphores.
**
** Parameters:
** semid -- id for semaphores.
** uid -- uid to use
** gid -- gid to use
** mode -- mode to use
**
** Returns:
** 0 on success.
** < 0 on failure.
*/
int
sm_semsetowner(semid, uid, gid, mode)
int semid;
uid_t uid;
gid_t gid;
mode_t mode;
{
int r;
struct semid_ds semidds;
union semun {
int val;
struct semid_ds *buf;
ushort *array;
} arg;
memset(&semidds, 0, sizeof(semidds));
arg.buf = &semidds;
if ((r = semctl(semid, 1, IPC_STAT, arg)) < 0)
return r;
semidds.sem_perm.uid = uid;
semidds.sem_perm.gid = gid;
semidds.sem_perm.mode = mode;
if ((r = semctl(semid, 1, IPC_SET, arg)) < 0)
return r;
return 0;
}
#endif /* SM_CONF_SEM */
diff --git a/libsm/signal.c b/libsm/signal.c
index 469b0fd7050b..bfbeaf555c2e 100644
--- a/libsm/signal.c
+++ b/libsm/signal.c
@@ -1,340 +1,340 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: signal.c,v 1.18 2013-11-22 20:51:43 ca Exp $")
#if SM_CONF_SETITIMER
# include <sm/time.h>
-#endif /* SM_CONF_SETITIMER */
+#endif
#include <errno.h>
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
#include <sm/clock.h>
#include <sm/signal.h>
#include <signal.h>
#include <sm/string.h>
unsigned int volatile InCriticalSection; /* >0 if inside critical section */
int volatile PendingSignal; /* pending signal to resend */
/*
** SM_SIGNAL -- set a signal handler
**
** This is essentially old BSD "signal(3)".
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
sigfunc_t
sm_signal(sig, handler)
int sig;
sigfunc_t handler;
{
# if defined(SA_RESTART) || (!defined(SYS5SIGNALS) && !defined(BSD4_3))
struct sigaction n, o;
-# endif /* defined(SA_RESTART) || (!defined(SYS5SIGNALS) && !defined(BSD4_3)) */
+# endif
/*
** First, try for modern signal calls
** and restartable syscalls
*/
# ifdef SA_RESTART
(void) memset(&n, '\0', sizeof n);
# if USE_SA_SIGACTION
n.sa_sigaction = (void(*)(int, siginfo_t *, void *)) handler;
n.sa_flags = SA_RESTART|SA_SIGINFO;
-# else /* USE_SA_SIGACTION */
+# else
n.sa_handler = handler;
n.sa_flags = SA_RESTART;
-# endif /* USE_SA_SIGACTION */
+# endif
if (sigaction(sig, &n, &o) < 0)
return SIG_ERR;
return o.sa_handler;
# else /* SA_RESTART */
/*
** Else check for SYS5SIGNALS or
** BSD4_3 signals
*/
# if defined(SYS5SIGNALS) || defined(BSD4_3)
# ifdef BSD4_3
return signal(sig, handler);
-# else /* BSD4_3 */
+# else
return sigset(sig, handler);
-# endif /* BSD4_3 */
+# endif
# else /* defined(SYS5SIGNALS) || defined(BSD4_3) */
/*
** Finally, if nothing else is available,
** go for a default
*/
(void) memset(&n, '\0', sizeof n);
n.sa_handler = handler;
if (sigaction(sig, &n, &o) < 0)
return SIG_ERR;
return o.sa_handler;
# endif /* defined(SYS5SIGNALS) || defined(BSD4_3) */
# endif /* SA_RESTART */
}
/*
** SM_BLOCKSIGNAL -- hold a signal to prevent delivery
**
** Parameters:
** sig -- the signal to block.
**
** Returns:
** 1 signal was previously blocked
** 0 signal was not previously blocked
** -1 on failure.
*/
int
sm_blocksignal(sig)
int sig;
{
# ifdef BSD4_3
# ifndef sigmask
# define sigmask(s) (1 << ((s) - 1))
-# endif /* ! sigmask */
+# endif
return (sigblock(sigmask(sig)) & sigmask(sig)) != 0;
# else /* BSD4_3 */
# ifdef ALTOS_SYSTEM_V
sigfunc_t handler;
handler = sigset(sig, SIG_HOLD);
if (handler == SIG_ERR)
return -1;
else
return handler == SIG_HOLD;
# else /* ALTOS_SYSTEM_V */
sigset_t sset, oset;
(void) sigemptyset(&sset);
(void) sigaddset(&sset, sig);
if (sigprocmask(SIG_BLOCK, &sset, &oset) < 0)
return -1;
else
return sigismember(&oset, sig);
# endif /* ALTOS_SYSTEM_V */
# endif /* BSD4_3 */
}
/*
** SM_RELEASESIGNAL -- release a held signal
**
** Parameters:
** sig -- the signal to release.
**
** Returns:
** 1 signal was previously blocked
** 0 signal was not previously blocked
** -1 on failure.
*/
int
sm_releasesignal(sig)
int sig;
{
# ifdef BSD4_3
return (sigsetmask(sigblock(0) & ~sigmask(sig)) & sigmask(sig)) != 0;
# else /* BSD4_3 */
# ifdef ALTOS_SYSTEM_V
sigfunc_t handler;
handler = sigset(sig, SIG_HOLD);
if (sigrelse(sig) < 0)
return -1;
else
return handler == SIG_HOLD;
# else /* ALTOS_SYSTEM_V */
sigset_t sset, oset;
(void) sigemptyset(&sset);
(void) sigaddset(&sset, sig);
if (sigprocmask(SIG_UNBLOCK, &sset, &oset) < 0)
return -1;
else
return sigismember(&oset, sig);
# endif /* ALTOS_SYSTEM_V */
# endif /* BSD4_3 */
}
/*
** PEND_SIGNAL -- Add a signal to the pending signal list
**
** Parameters:
** sig -- signal to add
**
** Returns:
** none.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
void
pend_signal(sig)
int sig;
{
int sigbit;
int save_errno = errno;
#if SM_CONF_SETITIMER
struct itimerval clr;
-#endif /* SM_CONF_SETITIMER */
+#endif
/*
** Don't want to interrupt something critical, hence delay
** the alarm for one second. Hopefully, by then we
** will be out of the critical section. If not, then
** we will just delay again. The events to be run will
** still all be run, maybe just a little bit late.
*/
switch (sig)
{
case SIGHUP:
sigbit = PEND_SIGHUP;
break;
case SIGINT:
sigbit = PEND_SIGINT;
break;
case SIGTERM:
sigbit = PEND_SIGTERM;
break;
case SIGUSR1:
sigbit = PEND_SIGUSR1;
break;
case SIGALRM:
/* don't have to pend these */
sigbit = 0;
break;
default:
/* If we get here, we are in trouble */
abort();
/* NOTREACHED */
/* shut up stupid compiler warning on HP-UX 11 */
sigbit = 0;
break;
}
if (sigbit != 0)
PendingSignal |= sigbit;
(void) sm_signal(SIGALRM, sm_tick);
#if SM_CONF_SETITIMER
clr.it_interval.tv_sec = 0;
clr.it_interval.tv_usec = 0;
clr.it_value.tv_sec = 1;
clr.it_value.tv_usec = 0;
(void) setitimer(ITIMER_REAL, &clr, NULL);
#else /* SM_CONF_SETITIMER */
(void) alarm(1);
#endif /* SM_CONF_SETITIMER */
errno = save_errno;
}
/*
** SM_ALLSIGNALS -- act on all signals
**
** Parameters:
** block -- whether to block or release all signals.
**
** Returns:
** none.
*/
void
sm_allsignals(block)
bool block;
{
# ifdef BSD4_3
# ifndef sigmask
# define sigmask(s) (1 << ((s) - 1))
-# endif /* ! sigmask */
+# endif
if (block)
{
int mask = 0;
mask |= sigmask(SIGALRM);
mask |= sigmask(SIGCHLD);
mask |= sigmask(SIGHUP);
mask |= sigmask(SIGINT);
mask |= sigmask(SIGTERM);
mask |= sigmask(SIGUSR1);
(void) sigblock(mask);
}
else
sigsetmask(0);
# else /* BSD4_3 */
# ifdef ALTOS_SYSTEM_V
if (block)
{
(void) sigset(SIGALRM, SIG_HOLD);
(void) sigset(SIGCHLD, SIG_HOLD);
(void) sigset(SIGHUP, SIG_HOLD);
(void) sigset(SIGINT, SIG_HOLD);
(void) sigset(SIGTERM, SIG_HOLD);
(void) sigset(SIGUSR1, SIG_HOLD);
}
else
{
(void) sigset(SIGALRM, SIG_DFL);
(void) sigset(SIGCHLD, SIG_DFL);
(void) sigset(SIGHUP, SIG_DFL);
(void) sigset(SIGINT, SIG_DFL);
(void) sigset(SIGTERM, SIG_DFL);
(void) sigset(SIGUSR1, SIG_DFL);
}
# else /* ALTOS_SYSTEM_V */
sigset_t sset;
(void) sigemptyset(&sset);
(void) sigaddset(&sset, SIGALRM);
(void) sigaddset(&sset, SIGCHLD);
(void) sigaddset(&sset, SIGHUP);
(void) sigaddset(&sset, SIGINT);
(void) sigaddset(&sset, SIGTERM);
(void) sigaddset(&sset, SIGUSR1);
(void) sigprocmask(block ? SIG_BLOCK : SIG_UNBLOCK, &sset, NULL);
# endif /* ALTOS_SYSTEM_V */
# endif /* BSD4_3 */
}
/*
** SM_SIGNAL_NOOP -- A signal no-op function
**
** Parameters:
** sig -- signal received
**
** Returns:
** SIGFUNC_RETURN
*/
/* ARGSUSED */
SIGFUNC_DECL
sm_signal_noop(sig)
int sig;
{
int save_errno = errno;
FIX_SYSV_SIGNAL(sig, sm_signal_noop);
errno = save_errno;
return SIGFUNC_RETURN;
}
diff --git a/libsm/stdio.c b/libsm/stdio.c
index 16277c09a8ec..7e045fa56fec 100644
--- a/libsm/stdio.c
+++ b/libsm/stdio.c
@@ -1,519 +1,519 @@
/*
* Copyright (c) 2000-2005 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: stdio.c,v 1.72 2013-11-22 20:51:43 ca Exp $")
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h> /* FreeBSD: FD_ZERO needs <string.h> */
#include <sys/stat.h>
#include <sm/time.h>
#include <sm/heap.h>
#include <sm/assert.h>
#include <sm/varargs.h>
#include <sm/io.h>
#include <sm/setjmp.h>
#include <sm/conf.h>
#include <sm/fdset.h>
#include "local.h"
static int sm_stdsetmode __P((SM_FILE_T *, const int *));
static int sm_stdgetmode __P((SM_FILE_T *, int *));
/*
** Overall:
** Small standard I/O/seek/close functions.
** These maintain the `known seek offset' for seek optimization.
*/
/*
** SM_STDOPEN -- open a file with stdio behavior
**
** Not associated with the system's stdio in libc.
**
** Parameters:
** fp -- file pointer to be associated with the open
** info -- pathname of the file to be opened
** flags -- indicates type of access methods
** rpool -- ignored
**
** Returns:
** Failure: -1 and set errno
** Success: 0 or greater (fd of file from open(2)).
**
*/
/* ARGSUSED3 */
int
sm_stdopen(fp, info, flags, rpool)
SM_FILE_T *fp;
const void *info;
int flags;
const void *rpool;
{
char *path = (char *) info;
int oflags;
switch (SM_IO_MODE(flags))
{
case SM_IO_RDWR:
oflags = O_RDWR;
break;
case SM_IO_RDWRTR:
oflags = O_RDWR | O_CREAT | O_TRUNC;
break;
case SM_IO_RDONLY:
oflags = O_RDONLY;
break;
case SM_IO_WRONLY:
oflags = O_WRONLY | O_CREAT | O_TRUNC;
break;
case SM_IO_APPEND:
oflags = O_APPEND | O_WRONLY | O_CREAT;
break;
case SM_IO_APPENDRW:
oflags = O_APPEND | O_RDWR | O_CREAT;
break;
default:
errno = EINVAL;
return -1;
}
#ifdef O_BINARY
if (SM_IS_BINARY(flags))
oflags |= O_BINARY;
-#endif /* O_BINARY */
+#endif
fp->f_file = open(path, oflags,
S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
if (fp->f_file < 0)
return -1; /* errno set by open() */
if (oflags & O_APPEND)
(void) (*fp->f_seek)((void *)fp, (off_t)0, SEEK_END);
return fp->f_file;
}
/*
** SM_STDREAD -- read from the file
**
** Parameters:
** fp -- file pointer to read from
** buf -- location to place read data
** n -- number of bytes to read
**
** Returns:
** Failure: -1 and sets errno
** Success: number of bytes read
**
** Side Effects:
-** Updates internal offset into file.
+** Updates internal offset for file.
*/
ssize_t
sm_stdread(fp, buf, n)
SM_FILE_T *fp;
char *buf;
size_t n;
{
register int ret;
ret = read(fp->f_file, buf, n);
/* if the read succeeded, update the current offset */
if (ret > 0)
fp->f_lseekoff += ret;
return ret;
}
/*
** SM_STDWRITE -- write to the file
**
** Parameters:
** fp -- file pointer ro write to
** buf -- location of data to be written
** n - number of bytes to write
**
** Returns:
** Failure: -1 and sets errno
** Success: number of bytes written
*/
ssize_t
sm_stdwrite(fp, buf, n)
SM_FILE_T *fp;
char const *buf;
size_t n;
{
return write(fp->f_file, buf, n);
}
/*
** SM_STDSEEK -- set the file offset position
**
** Parmeters:
** fp -- file pointer to position
** offset -- how far to position from "base" (set by 'whence')
** whence -- indicates where the "base" of the 'offset' to start
**
** Results:
** Failure: -1 and sets errno
** Success: the current offset
**
** Side Effects:
** Updates the internal value of the offset.
*/
off_t
sm_stdseek(fp, offset, whence)
SM_FILE_T *fp;
off_t offset;
int whence;
{
register off_t ret;
ret = lseek(fp->f_file, (off_t) offset, whence);
if (ret != (off_t) -1)
fp->f_lseekoff = ret;
return ret;
}
/*
** SM_STDCLOSE -- close the file
**
** Parameters:
** fp -- the file pointer to close
**
** Returns:
** Success: 0 (zero)
** Failure: -1 and sets errno
*/
int
sm_stdclose(fp)
SM_FILE_T *fp;
{
return close(fp->f_file);
}
/*
** SM_STDSETMODE -- set the access mode for the file
**
** Called by sm_stdsetinfo().
**
** Parameters:
** fp -- file pointer
** mode -- new mode to set the file access to
**
** Results:
** Success: 0 (zero);
** Failure: -1 and sets errno
*/
static int
sm_stdsetmode(fp, mode)
SM_FILE_T *fp;
const int *mode;
{
int flags = 0;
switch (SM_IO_MODE(*mode))
{
case SM_IO_RDWR:
flags |= SMRW;
break;
case SM_IO_RDONLY:
flags |= SMRD;
break;
case SM_IO_WRONLY:
flags |= SMWR;
break;
case SM_IO_APPEND:
default:
errno = EINVAL;
return -1;
}
fp->f_flags = fp->f_flags & ~SMMODEMASK;
fp->f_flags |= flags;
return 0;
}
/*
** SM_STDGETMODE -- for getinfo determine open mode
**
** Called by sm_stdgetinfo().
**
** Parameters:
** fp -- the file mode being determined
** mode -- internal mode to map to external value
**
** Results:
** Failure: -1 and sets errno
** Success: external mode value
*/
static int
sm_stdgetmode(fp, mode)
SM_FILE_T *fp;
int *mode;
{
switch (fp->f_flags & SMMODEMASK)
{
case SMRW:
*mode = SM_IO_RDWR;
break;
case SMRD:
*mode = SM_IO_RDONLY;
break;
case SMWR:
*mode = SM_IO_WRONLY;
break;
default:
errno = EINVAL;
return -1;
}
return 0;
}
/*
** SM_STDSETINFO -- set/modify information for a file
**
** Parameters:
** fp -- file to set info for
** what -- type of info to set
** valp -- location of data used for setting
**
** Returns:
** Failure: -1 and sets errno
** Success: >=0
*/
int
sm_stdsetinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
switch (what)
{
case SM_IO_WHAT_MODE:
return sm_stdsetmode(fp, (const int *)valp);
default:
errno = EINVAL;
return -1;
}
}
/*
** SM_STDGETINFO -- get information about the open file
**
** Parameters:
** fp -- file to get info for
** what -- type of info to get
** valp -- location to place found info
**
** Returns:
** Success: may or may not place info in 'valp' depending
** on 'what' value, and returns values >=0. Return
** value may be the obtained info
** Failure: -1 and sets errno
*/
int
sm_stdgetinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
switch (what)
{
case SM_IO_WHAT_MODE:
return sm_stdgetmode(fp, (int *)valp);
case SM_IO_WHAT_FD:
return fp->f_file;
case SM_IO_WHAT_SIZE:
{
struct stat st;
if (fstat(fp->f_file, &st) == 0)
return st.st_size;
else
return -1;
}
case SM_IO_IS_READABLE:
{
fd_set readfds;
struct timeval timeout;
if (SM_FD_SETSIZE > 0 && fp->f_file >= SM_FD_SETSIZE)
{
errno = EINVAL;
return -1;
}
FD_ZERO(&readfds);
SM_FD_SET(fp->f_file, &readfds);
timeout.tv_sec = 0;
timeout.tv_usec = 0;
if (select(fp->f_file + 1, FDSET_CAST &readfds,
NULL, NULL, &timeout) > 0 &&
SM_FD_ISSET(fp->f_file, &readfds))
return 1;
return 0;
}
default:
errno = EINVAL;
return -1;
}
}
/*
** SM_STDFDOPEN -- open file by primitive 'fd' rather than pathname
**
** I/O function to handle fdopen() stdio equivalence. The rest of
** the functions are the same as the sm_stdopen() above.
**
** Parameters:
** fp -- the file pointer to be associated with the open
** name -- the primitive file descriptor for association
** flags -- indicates type of access methods
** rpool -- ignored
**
** Results:
** Success: primitive file descriptor value
** Failure: -1 and sets errno
*/
/* ARGSUSED3 */
int
sm_stdfdopen(fp, info, flags, rpool)
SM_FILE_T *fp;
const void *info;
int flags;
const void *rpool;
{
int oflags, tmp, fdflags, fd = *((int *) info);
switch (SM_IO_MODE(flags))
{
case SM_IO_RDWR:
oflags = O_RDWR | O_CREAT;
break;
case SM_IO_RDONLY:
oflags = O_RDONLY;
break;
case SM_IO_WRONLY:
oflags = O_WRONLY | O_CREAT | O_TRUNC;
break;
case SM_IO_APPEND:
oflags = O_APPEND | O_WRONLY | O_CREAT;
break;
case SM_IO_APPENDRW:
oflags = O_APPEND | O_RDWR | O_CREAT;
break;
default:
errno = EINVAL;
return -1;
}
#ifdef O_BINARY
if (SM_IS_BINARY(flags))
oflags |= O_BINARY;
-#endif /* O_BINARY */
+#endif
/* Make sure the mode the user wants is a subset of the actual mode. */
if ((fdflags = fcntl(fd, F_GETFL, 0)) < 0)
return -1;
tmp = fdflags & O_ACCMODE;
if (tmp != O_RDWR && (tmp != (oflags & O_ACCMODE)))
{
errno = EINVAL;
return -1;
}
fp->f_file = fd;
if (oflags & O_APPEND)
(void) (*fp->f_seek)(fp, (off_t)0, SEEK_END);
return fp->f_file;
}
/*
** SM_IO_FOPEN -- open a file
**
** Same interface and semantics as the open() system call,
** except that it returns SM_FILE_T* instead of a file descriptor.
**
** Parameters:
** pathname -- path of file to open
** flags -- flags controlling the open
** ... -- option "mode" for opening the file
**
** Returns:
** Raises an exception on heap exhaustion.
** Returns NULL and sets errno if open() fails.
** Returns an SM_FILE_T pointer on success.
*/
SM_FILE_T *
#if SM_VA_STD
sm_io_fopen(char *pathname, int flags, ...)
#else /* SM_VA_STD */
sm_io_fopen(pathname, flags, va_alist)
char *pathname;
int flags;
va_dcl
#endif /* SM_VA_STD */
{
MODE_T mode;
SM_FILE_T *fp;
int ioflags;
if (flags & O_CREAT)
{
SM_VA_LOCAL_DECL
SM_VA_START(ap, flags);
mode = (MODE_T) SM_VA_ARG(ap, int);
SM_VA_END(ap);
}
else
mode = 0;
switch (flags & O_ACCMODE)
{
case O_RDONLY:
ioflags = SMRD;
break;
case O_WRONLY:
ioflags = SMWR;
break;
case O_RDWR:
ioflags = SMRW;
break;
default:
sm_abort("sm_io_fopen: bad flags 0%o", flags);
}
fp = sm_fp(SmFtStdio, ioflags, NULL);
fp->f_file = open(pathname, flags, mode);
if (fp->f_file == -1)
{
fp->f_flags = 0;
fp->sm_magic = NULL;
return NULL;
}
return fp;
}
diff --git a/libsm/strdup.c b/libsm/strdup.c
index 3ddf73b4629e..457c09970d94 100644
--- a/libsm/strdup.c
+++ b/libsm/strdup.c
@@ -1,166 +1,166 @@
/*
* Copyright (c) 2000-2001, 2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: strdup.c,v 1.16 2013-11-22 20:51:43 ca Exp $")
#include <sm/heap.h>
#include <sm/string.h>
/*
** SM_STRNDUP_X -- Duplicate a string of a given length
**
** Allocates memory and copies source string (of given length) into it.
**
** Parameters:
** s -- string to copy.
** n -- length to copy.
**
** Returns:
** copy of string, raises exception if out of memory.
**
** Side Effects:
** allocate memory for new string.
*/
char *
sm_strndup_x(s, n)
const char *s;
size_t n;
{
char *d = sm_malloc_x(n + 1);
(void) memcpy(d, s, n);
d[n] = '\0';
return d;
}
/*
** SM_STRDUP -- Duplicate a string
**
** Allocates memory and copies source string into it.
**
** Parameters:
** s -- string to copy.
**
** Returns:
** copy of string, NULL if out of memory.
**
** Side Effects:
** allocate memory for new string.
*/
char *
sm_strdup(s)
- char *s;
+ const char *s;
{
size_t l;
char *d;
l = strlen(s) + 1;
d = sm_malloc_tagged(l, "sm_strdup", 0, sm_heap_group());
if (d != NULL)
(void) sm_strlcpy(d, s, l);
return d;
}
#if DO_NOT_USE_STRCPY
/*
** SM_STRDUP_X -- Duplicate a string
**
** Allocates memory and copies source string into it.
**
** Parameters:
** s -- string to copy.
**
** Returns:
** copy of string, exception if out of memory.
**
** Side Effects:
** allocate memory for new string.
*/
char *
sm_strdup_x(s)
const char *s;
{
size_t l;
char *d;
l = strlen(s) + 1;
d = sm_malloc_tagged_x(l, "sm_strdup_x", 0, sm_heap_group());
(void) sm_strlcpy(d, s, l);
return d;
}
/*
** SM_PSTRDUP_X -- Duplicate a string (using "permanent" memory)
**
** Allocates memory and copies source string into it.
**
** Parameters:
** s -- string to copy.
**
** Returns:
** copy of string, exception if out of memory.
**
** Side Effects:
** allocate memory for new string.
*/
char *
sm_pstrdup_x(s)
const char *s;
{
size_t l;
char *d;
l = strlen(s) + 1;
d = sm_pmalloc_x(l);
(void) sm_strlcpy(d, s, l);
return d;
}
/*
** SM_STRDUP_X -- Duplicate a string
**
** Allocates memory and copies source string into it.
**
** Parameters:
** s -- string to copy.
** file -- name of source file
** line -- line in source file
** group -- heap group
**
** Returns:
** copy of string, exception if out of memory.
**
** Side Effects:
** allocate memory for new string.
*/
char *
sm_strdup_tagged_x(s, file, line, group)
const char *s;
char *file;
int line, group;
{
size_t l;
char *d;
l = strlen(s) + 1;
d = sm_malloc_tagged_x(l, file, line, group);
(void) sm_strlcpy(d, s, l);
return d;
}
#endif /* DO_NOT_USE_STRCPY */
diff --git a/libsm/strerror.c b/libsm/strerror.c
index b6b0b668ab5a..a6130f8612c7 100644
--- a/libsm/strerror.c
+++ b/libsm/strerror.c
@@ -1,60 +1,60 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: strerror.c,v 1.24 2013-11-22 20:51:43 ca Exp $")
/*
** define strerror for platforms that lack it.
*/
#include <errno.h>
#include <stdio.h> /* sys_errlist, on some platforms */
#include <sm/io.h> /* sm_snprintf */
#include <sm/string.h>
#include <sm/conf.h>
#include <sm/errstring.h>
#if !defined(ERRLIST_PREDEFINED)
extern char *sys_errlist[];
extern int sys_nerr;
-#endif /* !defined(ERRLIST_PREDEFINED) */
+#endif
#if !HASSTRERROR
/*
** STRERROR -- return error message string corresponding to an error number.
**
** Parameters:
** err -- error number.
**
** Returns:
** Error string (might be pointer to static buffer).
*/
char *
strerror(err)
int err;
{
static char buf[64];
if (err >= 0 && err < sys_nerr)
return (char *) sys_errlist[err];
else
{
(void) sm_snprintf(buf, sizeof(buf), "Error %d", err);
return buf;
}
}
#endif /* !HASSTRERROR */
diff --git a/libsm/string.c b/libsm/string.c
index 2b06e2c7ec78..83577f19a84e 100644
--- a/libsm/string.c
+++ b/libsm/string.c
@@ -1,56 +1,87 @@
/*
* Copyright (c) 2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: string.c,v 1.4 2013-11-22 20:51:43 ca Exp $")
#include <ctype.h>
#include <errno.h>
#include <sm/string.h>
/*
** STRIPQUOTES -- Strip quotes & quote bits from a string.
**
** Runs through a string and strips off unquoted quote
** characters and quote bits. This is done in place.
**
** Parameters:
** s -- the string to strip.
**
** Returns:
** none.
**
** Side Effects:
** none.
*/
void
stripquotes(s)
char *s;
{
register char *p;
register char *q;
register char c;
if (s == NULL)
return;
p = q = s;
do
{
c = *p++;
if (c == '\\')
c = *p++;
else if (c == '"')
continue;
*q++ = c;
} while (c != '\0');
}
+
+/*
+** UNFOLDSTRIPQUOTES -- Strip quotes & quote bits from a string.
+**
+** Parameters:
+** s -- the string to strip.
+**
+** Returns:
+** none.
+*/
+
+void
+unfoldstripquotes(s)
+ char *s;
+{
+ char *p, *q, c;
+
+ if (s == NULL)
+ return;
+
+ p = q = s;
+ do
+ {
+ c = *p++;
+ if (c == '\\' || c == '\n')
+ c = *p++;
+ else if (c == '"')
+ continue;
+ *q++ = c;
+ } while (c != '\0');
+}
diff --git a/libsm/strio.c b/libsm/strio.c
index 4fae8070ad00..de13af683deb 100644
--- a/libsm/strio.c
+++ b/libsm/strio.c
@@ -1,490 +1,490 @@
/*
* Copyright (c) 2000-2002, 2004, 2005 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_IDSTR(id, "@(#)$Id: strio.c,v 1.45 2013-11-22 20:51:43 ca Exp $")
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <errno.h>
#include <sm/rpool.h>
#include <sm/io.h>
#include <sm/heap.h>
#include <sm/conf.h>
#include "local.h"
static int sm_strsetmode __P((SM_FILE_T*, const int *));
static int sm_strgetmode __P((SM_FILE_T*, int *));
/*
** Cookie structure for the "strio" file type
*/
struct sm_str_obj
{
char *strio_base;
char *strio_end;
size_t strio_size;
size_t strio_offset;
int strio_flags;
const void *strio_rpool;
};
typedef struct sm_str_obj SM_STR_OBJ_T;
/*
** SM_STRGROW -- increase storage space for string
**
** Parameters:
** s -- current cookie
** size -- new storage size request
**
** Returns:
** true iff successful.
*/
static bool sm_strgrow __P((SM_STR_OBJ_T *, size_t));
static bool
sm_strgrow(s, size)
SM_STR_OBJ_T *s;
size_t size;
{
register void *p;
if (s->strio_size >= size)
return true;
p = sm_realloc(s->strio_base, size);
if (p == NULL)
return false;
s->strio_base = p;
s->strio_end = s->strio_base + size;
s->strio_size = size;
return true;
}
/*
** SM_STRREAD -- read a portion of the string
**
** Parameters:
** fp -- the file pointer
** buf -- location to place read data
** n -- number of bytes to read
**
** Returns:
** Failure: -1 and sets errno
** Success: >=0, number of bytes read
*/
ssize_t
sm_strread(fp, buf, n)
SM_FILE_T *fp;
char *buf;
size_t n;
{
register SM_STR_OBJ_T *s = fp->f_cookie;
int len;
if (!(s->strio_flags & SMRD) && !(s->strio_flags & SMRW))
{
errno = EBADF;
return -1;
}
len = SM_MIN(s->strio_size - s->strio_offset, n);
(void) memmove(buf, s->strio_base + s->strio_offset, len);
s->strio_offset += len;
return len;
}
/*
** SM_STRWRITE -- write a portion of the string
**
** Parameters:
** fp -- the file pointer
** buf -- location of data for writing
** n -- number of bytes to write
**
** Returns:
** Failure: -1 and sets errno
** Success: >=0, number of bytes written
*/
ssize_t
sm_strwrite(fp, buf, n)
SM_FILE_T *fp;
char const *buf;
size_t n;
{
register SM_STR_OBJ_T *s = fp->f_cookie;
if (!(s->strio_flags & SMWR) && !(s->strio_flags & SMRW))
{
errno = EBADF;
return -1;
}
if (n + s->strio_offset > s->strio_size)
{
if (!sm_strgrow(s, n + s->strio_offset))
return 0;
}
(void) memmove(s->strio_base + s->strio_offset, buf, n);
s->strio_offset += n;
return n;
}
/*
** SM_STRSEEK -- position the offset pointer for the string
**
** Only SM_IO_SEEK_SET, SM_IO_SEEK_CUR and SM_IO_SEEK_END are valid
** values for whence.
**
** Parameters:
** fp -- the file pointer
** offset -- number of bytes offset from "base"
** whence -- determines "base" for 'offset'
**
** Returns:
** Failure: -1 and sets errno
** Success: >=0, number of bytes read
*/
off_t
sm_strseek(fp, offset, whence)
SM_FILE_T *fp;
off_t offset;
int whence;
{
register off_t ret;
register SM_STR_OBJ_T *s = fp->f_cookie;
reseek:
switch (whence)
{
case SM_IO_SEEK_SET:
ret = offset;
break;
case SM_IO_SEEK_CUR:
ret = s->strio_offset + offset;
break;
case SM_IO_SEEK_END:
ret = s->strio_size;
break;
default:
errno = EINVAL;
return -1;
}
if (ret < 0 || ret > (off_t)(size_t)(-1)) /* XXX ugly */
return -1;
if ((size_t) ret > s->strio_size)
{
if (sm_strgrow(s, (size_t)ret))
goto reseek;
/* errno set by sm_strgrow */
return -1;
}
s->strio_offset = (size_t) ret;
return ret;
}
/*
** SM_STROPEN -- open a string file type
**
** Parameters:
** fp -- file pointer open to be associated with
** info -- initial contents (NULL for none)
** flags -- flags for methods of access (was mode)
** rpool -- resource pool to use memory from (if applicable)
**
** Results:
** Success: 0 (zero)
** Failure: -1 and sets errno
*/
int
sm_stropen(fp, info, flags, rpool)
SM_FILE_T *fp;
const void *info;
int flags;
const void *rpool;
{
register SM_STR_OBJ_T *s;
#if SM_RPOOL
s = sm_rpool_malloc_x(rpool, sizeof(SM_STR_OBJ_T));
-#else /* SM_RPOOL */
+#else
s = sm_malloc(sizeof(SM_STR_OBJ_T));
if (s == NULL)
return -1;
-#endif /* SM_RPOOL */
+#endif
fp->f_cookie = s;
s->strio_rpool = rpool;
s->strio_offset = 0;
s->strio_size = 0;
s->strio_base = NULL;
- s->strio_end = 0;
+ s->strio_end = NULL;
switch (flags)
{
case SM_IO_RDWR:
s->strio_flags = SMRW;
break;
case SM_IO_RDONLY:
s->strio_flags = SMRD;
break;
case SM_IO_WRONLY:
s->strio_flags = SMWR;
break;
case SM_IO_APPEND:
if (s->strio_rpool == NULL)
sm_free(s);
errno = EINVAL;
return -1;
default:
if (s->strio_rpool == NULL)
sm_free(s);
errno = EINVAL;
return -1;
}
if (info != NULL)
{
s->strio_base = sm_strdup_x(info);
if (s->strio_base == NULL)
{
int save_errno = errno;
if (s->strio_rpool == NULL)
sm_free(s);
errno = save_errno;
return -1;
}
s->strio_size = strlen(info);
s->strio_end = s->strio_base + s->strio_size;
}
return 0;
}
/*
** SM_STRCLOSE -- close the string file type and free resources
**
** Parameters:
** fp -- file pointer
**
** Results:
** Success: 0 (zero)
*/
int
sm_strclose(fp)
SM_FILE_T *fp;
{
SM_STR_OBJ_T *s = fp->f_cookie;
#if !SM_RPOOL
sm_free(s->strio_base);
s->strio_base = NULL;
-#endif /* !SM_RPOOL */
+#endif
return 0;
}
/*
** SM_STRSETMODE -- set mode info for the file
**
** Note: changing the mode can be a safe way to have the "parent"
** set up a string that the "child" is not to modify
**
** Parameters:
** fp -- the file pointer
** mode -- location of new mode to set
**
** Results:
** Success: 0 (zero)
** Failure: -1 and sets errno
*/
static int
sm_strsetmode(fp, mode)
SM_FILE_T *fp;
const int *mode;
{
register SM_STR_OBJ_T *s = fp->f_cookie;
int flags;
switch (*mode)
{
case SM_IO_RDWR:
flags = SMRW;
break;
case SM_IO_RDONLY:
flags = SMRD;
break;
case SM_IO_WRONLY:
flags = SMWR;
break;
case SM_IO_APPEND:
errno = EINVAL;
return -1;
default:
errno = EINVAL;
return -1;
}
s->strio_flags &= ~SMMODEMASK;
s->strio_flags |= flags;
return 0;
}
/*
** SM_STRGETMODE -- get mode info for the file
**
** Parameters:
** fp -- the file pointer
** mode -- location to store current mode
**
** Results:
** Success: 0 (zero)
** Failure: -1 and sets errno
*/
static int
sm_strgetmode(fp, mode)
SM_FILE_T *fp;
int *mode;
{
register SM_STR_OBJ_T *s = fp->f_cookie;
switch (s->strio_flags & SMMODEMASK)
{
case SMRW:
*mode = SM_IO_RDWR;
break;
case SMRD:
*mode = SM_IO_RDONLY;
break;
case SMWR:
*mode = SM_IO_WRONLY;
break;
default:
errno = EINVAL;
return -1;
}
return 0;
}
/*
** SM_STRSETINFO -- set info for the file
**
** Currently only SM_IO_WHAT_MODE is supported for 'what'.
**
** Parameters:
** fp -- the file pointer
** what -- type of information to set
** valp -- location to data for doing set
**
** Results:
** Failure: -1 and sets errno
** Success: sm_strsetmode() return [0 (zero)]
*/
int
sm_strsetinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
switch(what)
{
case SM_IO_WHAT_MODE:
return sm_strsetmode(fp, (int *) valp);
default:
errno = EINVAL;
return -1;
}
}
/*
** SM_STRGETINFO -- get info for the file
**
** Currently only SM_IO_WHAT_MODE is supported for 'what'.
**
** Parameters:
** fp -- the file pointer
** what -- type of information requested
** valp -- location to return information in
**
** Results:
** Failure: -1 and sets errno
** Success: sm_strgetmode() return [0 (zero)]
*/
int
sm_strgetinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
switch(what)
{
case SM_IO_WHAT_MODE:
return sm_strgetmode(fp, (int *) valp);
default:
errno = EINVAL;
return -1;
}
}
/*
** SM_STRIO_INIT -- initializes a write-only string type
**
** Original comments below. This function does not appear to be used anywhere.
** The same functionality can be done by changing the mode of the file.
** ------------
** sm_strio_init initializes an SM_FILE_T structure as a write-only file
** that writes into the specified buffer:
** - Use sm_io_putc, sm_io_fprintf, etc, to write into the buffer.
** Attempts to write more than size-1 characters into the buffer will fail
** silently (no error is reported).
** - Use sm_io_fflush to nul terminate the string in the buffer
** (the write pointer is not advanced).
** No memory is allocated either by sm_strio_init or by sm_io_{putc,write} etc.
**
** Parameters:
** fp -- file pointer
** buf -- memory location for stored data
** size -- size of 'buf'
**
** Results:
** none.
*/
void
sm_strio_init(fp, buf, size)
SM_FILE_T *fp;
char *buf;
size_t size;
{
fp->sm_magic = SmFileMagic;
fp->f_flags = SMWR | SMSTR;
fp->f_file = -1;
fp->f_bf.smb_base = fp->f_p = (unsigned char *) buf;
fp->f_bf.smb_size = fp->f_w = (size ? size - 1 : 0);
fp->f_lbfsize = 0;
fp->f_r = 0;
fp->f_read = NULL;
fp->f_seek = NULL;
fp->f_getinfo = NULL;
fp->f_setinfo = NULL;
}
diff --git a/libsm/strto.c b/libsm/strto.c
index 7f53424faf5c..af741533e3b4 100644
--- a/libsm/strto.c
+++ b/libsm/strto.c
@@ -1,254 +1,254 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1992
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_IDSTR(id, "@(#)$Id: strto.c,v 1.19 2013-11-22 20:51:43 ca Exp $")
#include <sys/param.h>
#include <sys/types.h>
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include <sm/limits.h>
#include <sm/conf.h>
#include <sm/string.h>
/*
** SM_STRTOLL -- Convert a string to a (signed) long long integer.
**
** Ignores `locale' stuff. Assumes that the upper and lower case
** alphabets and digits are each contiguous.
**
** Parameters:
** nptr -- string containing number
** endptr -- location of first invalid character
** base -- numeric base that 'nptr' number is based in
**
** Returns:
** Failure: on underflow LLONG_MIN is returned; on overflow
** LLONG_MAX is returned and errno is set.
** When 'endptr' == '\0' then the entire string 'nptr'
** was valid.
** Success: returns the converted number
*/
LONGLONG_T
sm_strtoll(nptr, endptr, base)
const char *nptr;
char **endptr;
register int base;
{
register bool neg;
register const char *s;
register LONGLONG_T acc, cutoff;
register int c;
register int any, cutlim;
/*
** Skip white space and pick up leading +/- sign if any.
** If base is 0, allow 0x for hex and 0 for octal, else
** assume decimal; if base is already 16, allow 0x.
*/
s = nptr;
do
{
c = (unsigned char) *s++;
} while (isascii(c) && isspace(c));
if (c == '-')
{
neg = true;
c = *s++;
}
else
{
neg = false;
if (c == '+')
c = *s++;
}
if ((base == 0 || base == 16) &&
c == '0' && (*s == 'x' || *s == 'X'))
{
c = s[1];
s += 2;
base = 16;
}
if (base == 0)
base = c == '0' ? 8 : 10;
/*
** Compute the cutoff value between legal numbers and illegal
** numbers. That is the largest legal value, divided by the
** base. An input number that is greater than this value, if
** followed by a legal input character, is too big. One that
** is equal to this value may be valid or not; the limit
** between valid and invalid numbers is then based on the last
** digit. For instance, if the range for long-long's is
** [-9223372036854775808..9223372036854775807] and the input base
** is 10, cutoff will be set to 922337203685477580 and cutlim to
** either 7 (!neg) or 8 (neg), meaning that if we have
** accumulated a value > 922337203685477580, or equal but the
** next digit is > 7 (or 8), the number is too big, and we will
** return a range error.
**
** Set any if any `digits' consumed; make it negative to indicate
** overflow.
*/
cutoff = neg ? LLONG_MIN : LLONG_MAX;
cutlim = cutoff % base;
cutoff /= base;
if (neg)
{
if (cutlim > 0)
{
cutlim -= base;
cutoff += 1;
}
cutlim = -cutlim;
}
for (acc = 0, any = 0;; c = (unsigned char) *s++)
{
if (isascii(c) && isdigit(c))
c -= '0';
else if (isascii(c) && isalpha(c))
c -= isupper(c) ? 'A' - 10 : 'a' - 10;
else
break;
if (c >= base)
break;
if (any < 0)
continue;
if (neg)
{
if (acc < cutoff || (acc == cutoff && c > cutlim))
{
any = -1;
acc = LLONG_MIN;
errno = ERANGE;
}
else
{
any = 1;
acc *= base;
acc -= c;
}
}
else
{
if (acc > cutoff || (acc == cutoff && c > cutlim))
{
any = -1;
acc = LLONG_MAX;
errno = ERANGE;
}
else
{
any = 1;
acc *= base;
acc += c;
}
}
}
- if (endptr != 0)
+ if (endptr != NULL)
*endptr = (char *) (any ? s - 1 : nptr);
return acc;
}
/*
** SM_STRTOULL -- Convert a string to an unsigned long long integer.
**
** Ignores `locale' stuff. Assumes that the upper and lower case
** alphabets and digits are each contiguous.
**
** Parameters:
** nptr -- string containing (unsigned) number
** endptr -- location of first invalid character
** base -- numeric base that 'nptr' number is based in
**
** Returns:
** Failure: on overflow ULLONG_MAX is returned and errno is set.
** When 'endptr' == '\0' then the entire string 'nptr'
** was valid.
** Success: returns the converted number
*/
ULONGLONG_T
sm_strtoull(nptr, endptr, base)
const char *nptr;
char **endptr;
register int base;
{
register const char *s;
register ULONGLONG_T acc, cutoff;
register int c;
register bool neg;
register int any, cutlim;
/* See sm_strtoll for comments as to the logic used. */
s = nptr;
do
{
c = (unsigned char) *s++;
} while (isascii(c) && isspace(c));
neg = (c == '-');
if (neg)
{
c = *s++;
}
else
{
if (c == '+')
c = *s++;
}
if ((base == 0 || base == 16) &&
c == '0' && (*s == 'x' || *s == 'X'))
{
c = s[1];
s += 2;
base = 16;
}
if (base == 0)
base = c == '0' ? 8 : 10;
cutoff = ULLONG_MAX / (ULONGLONG_T)base;
cutlim = ULLONG_MAX % (ULONGLONG_T)base;
for (acc = 0, any = 0;; c = (unsigned char) *s++)
{
if (isascii(c) && isdigit(c))
c -= '0';
else if (isascii(c) && isalpha(c))
c -= isupper(c) ? 'A' - 10 : 'a' - 10;
else
break;
if (c >= base)
break;
if (any < 0)
continue;
if (acc > cutoff || (acc == cutoff && c > cutlim))
{
any = -1;
acc = ULLONG_MAX;
errno = ERANGE;
}
else
{
any = 1;
acc *= (ULONGLONG_T)base;
acc += c;
}
}
if (neg && any > 0)
acc = -((LONGLONG_T) acc);
- if (endptr != 0)
+ if (endptr != NULL)
*endptr = (char *) (any ? s - 1 : nptr);
return acc;
}
diff --git a/libsm/syslogio.c b/libsm/syslogio.c
index 78cf700aff35..16f3aeafd0c5 100644
--- a/libsm/syslogio.c
+++ b/libsm/syslogio.c
@@ -1,220 +1,220 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: syslogio.c,v 1.30 2013-11-22 20:51:43 ca Exp $")
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <syslog.h>
#include <errno.h>
#ifdef SM_RPOOL
# include <sm/rpool.h>
-#endif /* SM_RPOOL */
+#endif
#include <sm/io.h>
#include "local.h"
/*
** Overall:
** This is a output file type that copies its output to the syslog daemon.
** Each line of output is written as a separate syslog message.
** The client is responsible for calling openlog() before writing to
** any syslog file, and calling closelog() after all syslog output is complete.
** The only state associated with a syslog file is 'int priority',
** which we store in fp->f_ival.
*/
/*
** SM_SYSLOGOPEN -- open a file pointer to syslog
**
** Parameters:
** fp -- file pointer assigned for the open
** info -- priority level of the syslog messages
** flags -- not used
** rpool -- ignored
**
** Returns:
** 0 (zero) success always (see Overall)
*/
int
sm_syslogopen(fp, info, flags, rpool)
SM_FILE_T *fp;
const void *info;
int flags;
const void *rpool;
{
int *priority = (int *)info;
fp->f_ival = *priority;
return 0;
}
/*
** SM_SYSLOGREAD -- read function for syslog
**
** This is a "stub" function (placeholder) that always returns an error.
** It is an error to read syslog.
**
** Parameters:
** fp -- the file pointer
** buf -- buffer to place the data read
** n -- number of bytes to read
**
** Returns:
** -1 (error) always and sets errno
*/
ssize_t
sm_syslogread(fp, buf, n)
SM_FILE_T *fp;
char *buf;
size_t n;
{
/* an error to read */
errno = ENODEV;
return -1;
}
/*
** SM_SYSLOGWRITE -- write function for syslog
**
** Send output to syslog.
**
** Parameters:
** fp -- the file pointer
** buf -- buffer that the write data comes from
** n -- number of bytes to write
**
** Returns:
** 0 (zero) for success always
*/
/*
** XXX TODO: more work needs to be done to ensure that each line of output
** XXX written to a syslog file is mapped to exactly one syslog message.
*/
ssize_t
sm_syslogwrite(fp, buf, n)
SM_FILE_T *fp;
char const *buf;
size_t n;
{
syslog(fp->f_ival, "%s", buf);
return 0;
}
/*
** SM_SYSLOGSEEK -- position the syslog file offset
**
** This is a "stub" function (placeholder) that always returns an error.
** It is an error to seek syslog.
**
** Parameters:
** fp -- the file pointer
** offset -- the new offset position relative to 'whence'
** whence -- flag indicating start of 'offset'
**
** Returns:
** -1 (error) always.
*/
off_t
sm_syslogseek(fp, offset, whence)
SM_FILE_T *fp;
off_t offset;
int whence;
{
errno = ENODEV;
return -1;
}
/*
** SM_SYSLOGCLOSE -- close the syslog file pointer
**
** Parameters:
** fp -- the file pointer
**
** Returns:
** 0 (zero) success always (see Overall)
**
*/
int
sm_syslogclose(fp)
SM_FILE_T *fp;
{
return 0;
}
/*
** SM_SYSLOGSETINFO -- set information for the file pointer
**
** Parameters:
** fp -- the file pointer being set
** what -- what information is being set
** valp -- information content being set to
**
** Returns:
** -1 on failure
** 0 (zero) on success
**
** Side Effects:
** Sets internal file pointer data
*/
int
sm_syslogsetinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
switch (what)
{
case SM_IO_SL_PRIO:
fp->f_ival = *((int *)(valp));
return 0;
default:
errno = EINVAL;
return -1;
}
}
/*
** SM_SYSLOGGETINFO -- get information relating to the file pointer
**
** Parameters:
** fp -- the file pointer being queried
** what -- the information type being queried
** valp -- location to placed queried information
**
** Returns:
** 0 (zero) on success
** -1 on failure
**
** Side Effects:
** Fills in 'valp' with data.
*/
int
sm_sysloggetinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
switch (what)
{
case SM_IO_SL_PRIO:
*((int *)(valp)) = fp->f_ival;
return 0;
default:
errno = EINVAL;
return -1;
}
}
diff --git a/libsm/t-event.c b/libsm/t-event.c
index 7f08b914bb53..fcdd02b28985 100644
--- a/libsm/t-event.c
+++ b/libsm/t-event.c
@@ -1,88 +1,88 @@
/*
* Copyright (c) 2001-2002, 2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: t-event.c,v 1.14 2013-11-22 20:51:43 ca Exp $")
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
# include <sys/wait.h>
#if SM_CONF_SETITIMER
# include <sm/time.h>
-#endif /* SM_CONF_SETITIMER */
+#endif
#include <sm/clock.h>
#include <sm/test.h>
static void evcheck __P((int));
static void ev1 __P((int));
static int check;
static void
evcheck(arg)
int arg;
{
SM_TEST(arg == 3);
SM_TEST(check == 0);
check++;
}
static void
ev1(arg)
int arg;
{
SM_TEST(arg == 1);
}
/* define as x if you want debug output */
#define DBG_OUT(x)
int
main(argc, argv)
int argc;
char *argv[];
{
SM_EVENT *ev;
sm_test_begin(argc, argv, "test event handling");
fprintf(stdout, "This test may hang. If there is no output within twelve seconds, abort it\nand recompile with -DSM_CONF_SETITIMER=%d\n",
SM_CONF_SETITIMER == 0 ? 1 : 0);
sleep(1);
SM_TEST(1 == 1);
DBG_OUT(fprintf(stdout, "We're back, test 1 seems to work.\n"));
ev = sm_seteventm(1000, ev1, 1);
sleep(1);
SM_TEST(2 == 2);
DBG_OUT(fprintf(stdout, "We're back, test 2 seems to work.\n"));
/* schedule an event in 9s */
ev = sm_seteventm(9000, ev1, 2);
sleep(1);
/* clear the event before it can fire */
sm_clrevent(ev);
SM_TEST(3 == 3);
DBG_OUT(fprintf(stdout, "We're back, test 3 seems to work.\n"));
/* schedule an event in 1s */
check = 0;
ev = sm_seteventm(1000, evcheck, 3);
sleep(2);
/* clear the event */
sm_clrevent(ev);
SM_TEST(4 == 4);
SM_TEST(check == 1);
DBG_OUT(fprintf(stdout, "We're back, test 4 seems to work.\n"));
return sm_test_end();
}
diff --git a/libsm/t-exc.c b/libsm/t-exc.c
index e0b45a86d525..3136e3f80c37 100644
--- a/libsm/t-exc.c
+++ b/libsm/t-exc.c
@@ -1,145 +1,145 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_IDSTR(id, "@(#)$Id: t-exc.c,v 1.21 2013-11-22 20:51:43 ca Exp $")
#include <string.h>
#include <sm/heap.h>
#include <sm/io.h>
#include <sm/test.h>
const SM_EXC_TYPE_T EtypeTest1 =
{
SmExcTypeMagic,
"E:test1",
"i",
sm_etype_printf,
"test1 exception argv[0]=%0",
};
const SM_EXC_TYPE_T EtypeTest2 =
{
SmExcTypeMagic,
"E:test2",
"i",
sm_etype_printf,
"test2 exception argv[0]=%0",
};
int
main(argc, argv)
int argc;
char **argv;
{
void *p;
int volatile x;
char *unknown, *cant;
sm_test_begin(argc, argv, "test exception handling");
/*
** SM_TRY
*/
cant = "can't happen";
x = 0;
SM_TRY
x = 1;
SM_END_TRY
SM_TEST(x == 1);
/*
** SM_FINALLY-0
*/
x = 0;
SM_TRY
x = 1;
SM_FINALLY
x = 2;
SM_END_TRY
SM_TEST(x == 2);
/*
** SM_FINALLY-1
*/
x = 0;
SM_TRY
SM_TRY
x = 1;
sm_exc_raisenew_x(&EtypeTest1, 17);
SM_FINALLY
x = 2;
sm_exc_raisenew_x(&EtypeTest2, 42);
SM_END_TRY
SM_EXCEPT(exc, "E:test2")
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"got exception test2: can't happen\n");
SM_EXCEPT(exc, "E:test1")
SM_TEST(x == 2 && exc->exc_argv[0].v_int == 17);
if (!(x == 2 && exc->exc_argv[0].v_int == 17))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"can't happen: x=%d argv[0]=%d\n",
x, exc->exc_argv[0].v_int);
}
SM_EXCEPT(exc, "*")
{
unknown = "unknown exception: ";
SM_TEST(strcmp(unknown, cant) == 0);
}
SM_END_TRY
x = 3;
SM_TRY
x = 4;
sm_exc_raisenew_x(&EtypeTest1, 94);
SM_FINALLY
x = 5;
sm_exc_raisenew_x(&EtypeTest2, 95);
SM_EXCEPT(exc, "E:test2")
{
unknown = "got exception test2: ";
SM_TEST(strcmp(unknown, cant) == 0);
}
SM_EXCEPT(exc, "E:test1")
SM_TEST(x == 5 && exc->exc_argv[0].v_int == 94);
if (!(x == 5 && exc->exc_argv[0].v_int == 94))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"can't happen: x=%d argv[0]=%d\n",
x, exc->exc_argv[0].v_int);
}
SM_EXCEPT(exc, "*")
{
unknown = "unknown exception: ";
SM_TEST(strcmp(unknown, cant) == 0);
}
SM_END_TRY
SM_TRY
sm_exc_raisenew_x(&SmEtypeErr, "test %d", 0);
SM_EXCEPT(exc, "*")
#if DEBUG
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"test 0 got an exception, as expected:\n");
sm_exc_print(exc, smioout);
-#endif /* DEBUG */
+#endif
return sm_test_end();
SM_END_TRY
p = sm_malloc_x((size_t)(-1));
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"sm_malloc_x unexpectedly succeeded, returning %p\n", p);
unknown = "sm_malloc_x unexpectedly succeeded";
SM_TEST(strcmp(unknown, cant) == 0);
return sm_test_end();
}
diff --git a/libsm/t-heap.c b/libsm/t-heap.c
index d5e9e7e3f549..5e813ad333a7 100644
--- a/libsm/t-heap.c
+++ b/libsm/t-heap.c
@@ -1,64 +1,64 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_IDSTR(id, "@(#)$Id: t-heap.c,v 1.11 2013-11-22 20:51:43 ca Exp $")
#include <sm/debug.h>
#include <sm/heap.h>
#include <sm/io.h>
#include <sm/test.h>
#include <sm/xtrap.h>
#if SM_HEAP_CHECK
extern SM_DEBUG_T SmHeapCheck;
# define HEAP_CHECK sm_debug_active(&SmHeapCheck, 1)
-#else /* SM_HEAP_CHECK */
+#else
# define HEAP_CHECK 0
#endif /* SM_HEAP_CHECK */
int
main(argc, argv)
int argc;
char **argv;
{
void *p;
sm_test_begin(argc, argv, "test heap handling");
if (argc > 1)
sm_debug_addsettings_x(argv[1]);
p = sm_malloc(10);
SM_TEST(p != NULL);
p = sm_realloc_x(p, 20);
SM_TEST(p != NULL);
p = sm_realloc(p, 30);
SM_TEST(p != NULL);
if (HEAP_CHECK)
{
sm_dprintf("heap with 1 30-byte block allocated:\n");
sm_heap_report(smioout, 3);
}
if (HEAP_CHECK)
{
sm_free(p);
sm_dprintf("heap with 0 blocks allocated:\n");
sm_heap_report(smioout, 3);
sm_dprintf("xtrap count = %d\n", SmXtrapCount);
}
#if DEBUG
/* this will cause a core dump */
sm_dprintf("about to free %p for the second time\n", p);
sm_free(p);
-#endif /* DEBUG */
+#endif
return sm_test_end();
}
diff --git a/libsm/t-notify.c b/libsm/t-notify.c
new file mode 100644
index 000000000000..7103cad2559d
--- /dev/null
+++ b/libsm/t-notify.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 2016 Proofpoint, Inc. and its suppliers.
+ * All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ */
+
+#include <sm/gen.h>
+
+#include <stdio.h>
+
+# include <stdlib.h>
+# include <unistd.h>
+
+# include <sm/heap.h>
+# include <sm/string.h>
+# include <sm/test.h>
+# include <sm/notify.h>
+
+# define MAX_CNT 10
+
+/*
+** MSGTEST -- test of message queue.
+**
+** Parameters:
+** owner -- create message queue.
+**
+** Returns:
+** 0 on success
+** < 0 on failure.
+*/
+
+static int
+notifytest(owner)
+ int owner;
+{
+ int r;
+ size_t len;
+ char buf[64];
+#define TSTSTR "qf0001"
+
+ r = sm_notify_start(owner, 0);
+ if (r < 0)
+ {
+ perror("sm_notify_start failed");
+ return -1;
+ }
+
+ if (!owner)
+ {
+ len = sm_strlcpy(buf, TSTSTR, sizeof(buf));
+ r = sm_notify_snd(buf, len);
+ SM_TEST(r >= 0);
+ if (r < 0)
+ goto end;
+
+ end:
+ return r;
+ }
+ else
+ {
+ r = sm_notify_rcv(buf, sizeof(buf), 5);
+ SM_TEST(r >= 0);
+ if (r < 0)
+ return r;
+ if (r > 0 && r < sizeof(buf))
+ buf[r] = '\0';
+ buf[sizeof(buf) - 1] = '\0';
+ SM_TEST(strcmp(buf, TSTSTR) == 0);
+ fprintf(stderr, "buf=\"%s\"\n", buf);
+ }
+ return 0;
+}
+
+int
+main(argc, argv)
+ int argc;
+ char *argv[];
+{
+ int ch;
+ int r = 0;
+ pid_t pid;
+
+# define OPTIONS ""
+ while ((ch = getopt(argc, argv, OPTIONS)) != -1)
+ {
+ switch ((char) ch)
+ {
+ default:
+ break;
+ }
+ }
+
+ r = sm_notify_init(0);
+ if (r < 0)
+ {
+ perror("sm_notify_init failed\n");
+ return -1;
+ }
+
+ if ((pid = fork()) < 0)
+ {
+ perror("fork failed\n");
+ return -1;
+ }
+
+ sm_test_begin(argc, argv, "test notify");
+ if (pid == 0)
+ {
+ /* give the parent the chance to setup data */
+ sleep(1);
+ r = notifytest(false);
+ }
+ else
+ {
+ r = notifytest(true);
+ }
+ SM_TEST(r >= 0);
+ return sm_test_end();
+}
diff --git a/libsm/t-scanf.c b/libsm/t-scanf.c
index d7c20f748abd..087792ecb959 100644
--- a/libsm/t-scanf.c
+++ b/libsm/t-scanf.c
@@ -1,59 +1,59 @@
/*
* Copyright (c) 2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_IDSTR(id, "@(#)$Id: t-scanf.c,v 1.6 2013-11-22 20:51:43 ca Exp $")
#include <sm/limits.h>
#include <sm/io.h>
#include <sm/string.h>
#include <sm/test.h>
#include <sm/types.h>
int
main(argc, argv)
int argc;
char **argv;
{
int i, d, h;
char buf[128];
char *r;
sm_test_begin(argc, argv, "test scanf point stuff");
#if !SM_CONF_BROKEN_SIZE_T
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"If tests for \"h == 2\" fail, check whether size_t is signed on your OS.\n\
If that is the case, add -DSM_CONF_BROKEN_SIZE_T to confENVDEF\n\
and start over. Otherwise contact sendmail.org.\n");
-#endif /* !SM_CONF_BROKEN_SIZE_T */
+#endif
d = 2;
sm_snprintf(buf, sizeof(buf), "%d", d);
r = "2";
if (!SM_TEST(strcmp(buf, r) == 0))
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"got %s instead\n", buf);
i = sm_io_sscanf(buf, "%d", &h);
SM_TEST(i == 1);
SM_TEST(h == 2);
d = 2;
sm_snprintf(buf, sizeof(buf), "%d\n", d);
r = "2\n";
if (!SM_TEST(strcmp(buf, r) == 0))
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"got %s instead\n", buf);
i = sm_io_sscanf(buf, "%d", &h);
SM_TEST(i == 1);
SM_TEST(h == 2);
return sm_test_end();
}
diff --git a/libsm/t-sem.c b/libsm/t-sem.c
index 4232b096ead7..b13e159ecebe 100644
--- a/libsm/t-sem.c
+++ b/libsm/t-sem.c
@@ -1,400 +1,400 @@
/*
* Copyright (c) 2000-2001, 2005-2008 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: t-sem.c,v 1.18 2013-11-22 20:51:43 ca Exp $")
#include <stdio.h>
#if SM_CONF_SEM
# include <stdlib.h>
# include <unistd.h>
# include <sysexits.h>
# include <sm/heap.h>
# include <sm/string.h>
# include <sm/signal.h>
# include <sm/test.h>
# include <sm/sem.h>
# define T_SM_SEM_KEY (4321L)
static void
delay(t, s)
int t;
char *s;
{
if (t > 0)
{
#if DEBUG
fprintf(stderr, "sleep(%d) before %s\n", t, s);
-#endif /* DEBUG */
+#endif
sleep(t);
}
#if DEBUG
fprintf(stderr, "%s\n", s);
-#endif /* DEBUG */
+#endif
}
/*
** SEMINTER -- interactive testing of semaphores.
**
** Parameters:
** owner -- create semaphores.
**
** Returns:
** 0 on success
** < 0 on failure.
*/
static int
seminter(owner)
bool owner;
{
int semid;
int t;
semid = sm_sem_start(T_SM_SEM_KEY, SM_NSEM, 0, owner);
if (semid < 0)
{
perror("sm_sem_start failed");
return 1;
}
while ((t = getchar()) != EOF)
{
switch (t)
{
case 'a':
delay(0, "try to acq");
if (sm_sem_acq(semid, 0, 2) < 0)
{
perror("sm_sem_acq failed");
return 1;
}
delay(0, "acquired");
break;
case 'r':
delay(0, "try to rel");
if (sm_sem_rel(semid, 0, 2) < 0)
{
perror("sm_sem_rel failed");
return 1;
}
delay(0, "released");
break;
case 'v':
if ((t = sm_sem_get(semid, 0)) < 0)
{
perror("get_sem failed");
return 1;
}
printf("semval: %d\n", t);
break;
}
}
if (owner)
return sm_sem_stop(semid);
return 0;
}
/*
** SEM_CLEANUP -- cleanup if something breaks
**
** Parameters:
** sig -- signal.
**
** Returns:
** none.
*/
static int semid_c = -1;
void
sem_cleanup(sig)
int sig;
{
if (semid_c >= 0)
(void) sm_sem_stop(semid_c);
exit(EX_UNAVAILABLE);
}
static int
drop_priv(uid, gid)
uid_t uid;
gid_t gid;
{
int r;
r = setgid(gid);
if (r != 0)
return r;
r = setuid(uid);
return r;
}
/*
** SEMTEST -- test of semaphores
**
** Parameters:
** owner -- create semaphores.
**
** Returns:
** 0 on success
** < 0 on failure.
*/
# define MAX_CNT 10
static int
semtest(owner, uid, gid)
int owner;
uid_t uid;
gid_t gid;
{
int semid, r;
int cnt = 0;
if (!owner && uid != 0)
{
r = drop_priv(uid, gid);
if (r < 0)
{
perror("drop_priv child failed");
return -1;
}
}
semid = sm_sem_start(T_SM_SEM_KEY, 1, 0, owner);
if (semid < 0)
{
perror("sm_sem_start failed");
return -1;
}
if (owner)
{
if (uid != 0)
{
r = sm_semsetowner(semid, uid, gid, 0660);
if (r < 0)
{
perror("sm_semsetowner failed");
return -1;
}
r = drop_priv(uid, gid);
if (r < 0)
{
perror("drop_priv owner failed");
return -1;
}
}
/* just in case someone kills the program... */
semid_c = semid;
(void) sm_signal(SIGHUP, sem_cleanup);
(void) sm_signal(SIGINT, sem_cleanup);
(void) sm_signal(SIGTERM, sem_cleanup);
delay(1, "parent: acquire 1");
cnt = 0;
do
{
r = sm_sem_acq(semid, 0, 0);
if (r < 0)
{
sleep(1);
++cnt;
}
} while (r < 0 && cnt <= MAX_CNT);
SM_TEST(r >= 0);
if (r < 0)
return r;
delay(3, "parent: release 1");
cnt = 0;
do
{
r = sm_sem_rel(semid, 0, 0);
if (r < 0)
{
sleep(1);
++cnt;
}
} while (r < 0 && cnt <= MAX_CNT);
SM_TEST(r >= 0);
if (r < 0)
return r;
delay(1, "parent: getval");
cnt = 0;
do
{
r = sm_sem_get(semid, 0);
if (r <= 0)
{
sleep(1);
++cnt;
}
} while (r <= 0 && cnt <= MAX_CNT);
SM_TEST(r > 0);
if (r <= 0)
return r;
delay(1, "parent: acquire 2");
cnt = 0;
do
{
r = sm_sem_acq(semid, 0, 0);
if (r < 0)
{
sleep(1);
++cnt;
}
} while (r < 0 && cnt <= MAX_CNT);
SM_TEST(r >= 0);
if (r < 0)
return r;
cnt = 0;
do
{
r = sm_sem_rel(semid, 0, 0);
if (r < 0)
{
sleep(1);
++cnt;
}
} while (r < 0 && cnt <= MAX_CNT);
SM_TEST(r >= 0);
if (r < 0)
return r;
}
else
{
delay(1, "child: acquire 1");
cnt = 0;
do
{
r = sm_sem_acq(semid, 0, 0);
if (r < 0)
{
sleep(1);
++cnt;
}
} while (r < 0 && cnt <= MAX_CNT);
SM_TEST(r >= 0);
if (r < 0)
return r;
delay(1, "child: release 1");
cnt = 0;
do
{
r = sm_sem_rel(semid, 0, 0);
if (r < 0)
{
sleep(1);
++cnt;
}
} while (r < 0 && cnt <= MAX_CNT);
SM_TEST(r >= 0);
if (r < 0)
return r;
}
if (owner)
return sm_sem_stop(semid);
return 0;
}
int
main(argc, argv)
int argc;
char *argv[];
{
bool interactive = false;
bool owner = false;
int ch, r;
uid_t uid;
gid_t gid;
uid = 0;
gid = 0;
r = 0;
# define OPTIONS "iog:u:"
while ((ch = getopt(argc, argv, OPTIONS)) != -1)
{
switch ((char) ch)
{
case 'g':
gid = (gid_t)strtoul(optarg, 0, 0);
break;
case 'i':
interactive = true;
break;
case 'u':
uid = (uid_t)strtoul(optarg, 0, 0);
break;
case 'o':
owner = true;
break;
default:
break;
}
}
if (interactive)
r = seminter(owner);
else
{
pid_t pid;
printf("This test takes about 8 seconds.\n");
printf("If it takes longer than 30 seconds, please interrupt it\n");
printf("and compile again without semaphore support, i.e.,");
printf("-DSM_CONF_SEM=0\n");
if ((pid = fork()) < 0)
{
perror("fork failed\n");
return -1;
}
sm_test_begin(argc, argv, "test semaphores");
if (pid == 0)
{
/* give the parent the chance to setup data */
sleep(1);
r = semtest(false, uid, gid);
}
else
{
r = semtest(true, uid, gid);
}
SM_TEST(r == 0);
return sm_test_end();
}
return r;
}
#else /* SM_CONF_SEM */
int
main(argc, argv)
int argc;
char *argv[];
{
printf("No support for semaphores configured on this machine\n");
return 0;
}
#endif /* SM_CONF_SEM */
diff --git a/libsm/vfprintf.c b/libsm/vfprintf.c
index 87c353c1bf14..b90a305b04d8 100644
--- a/libsm/vfprintf.c
+++ b/libsm/vfprintf.c
@@ -1,1118 +1,1119 @@
/*
* Copyright (c) 2000-2001, 2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_IDSTR(id, "@(#)$Id: vfprintf.c,v 1.55 2013-11-22 20:51:44 ca Exp $")
/*
** Overall:
** Actual printing innards.
** This code is large and complicated...
*/
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sm/config.h>
#include <sm/varargs.h>
#include <sm/io.h>
#include <sm/heap.h>
#include <sm/conf.h>
#include "local.h"
#include "fvwrite.h"
static int sm_bprintf __P((SM_FILE_T *, const char *, va_list));
static void sm_find_arguments __P((const char *, va_list , va_list **));
static void sm_grow_type_table_x __P((unsigned char **, int *));
static int sm_print __P((SM_FILE_T *, int, struct sm_uio *));
/*
** SM_PRINT -- print/flush to the file
**
** Flush out all the vectors defined by the given uio,
** then reset it so that it can be reused.
**
** Parameters:
** fp -- file pointer
** timeout -- time to complete operation (milliseconds)
** uio -- vector list of memory locations of data for printing
**
** Results:
** Success: 0 (zero)
** Failure:
*/
static int
sm_print(fp, timeout, uio)
SM_FILE_T *fp;
int timeout;
register struct sm_uio *uio;
{
register int err;
if (uio->uio_resid == 0)
{
uio->uio_iovcnt = 0;
return 0;
}
err = sm_fvwrite(fp, timeout, uio);
uio->uio_resid = 0;
uio->uio_iovcnt = 0;
return err;
}
/*
** SM_BPRINTF -- allow formating to an unbuffered file.
**
** Helper function for `fprintf to unbuffered unix file': creates a
** temporary buffer (via a "fake" file pointer).
** We only work on write-only files; this avoids
** worries about ungetc buffers and so forth.
**
** Parameters:
** fp -- the file to send the o/p to
** fmt -- format instructions for the o/p
** ap -- vectors of data units used for formating
**
** Results:
** Failure: SM_IO_EOF and errno set
** Success: number of data units used in the formating
**
** Side effects:
** formatted o/p can be SM_IO_BUFSIZ length maximum
*/
static int
sm_bprintf(fp, fmt, ap)
SM_FILE_T *fp;
const char *fmt;
SM_VA_LOCAL_DECL
{
int ret;
SM_FILE_T fake;
unsigned char buf[SM_IO_BUFSIZ];
extern const char SmFileMagic[];
/* copy the important variables */
fake.sm_magic = SmFileMagic;
fake.f_timeout = SM_TIME_FOREVER;
fake.f_timeoutstate = SM_TIME_BLOCK;
fake.f_flags = fp->f_flags & ~SMNBF;
fake.f_file = fp->f_file;
fake.f_cookie = fp->f_cookie;
fake.f_write = fp->f_write;
fake.f_close = NULL;
fake.f_open = NULL;
fake.f_read = NULL;
fake.f_seek = NULL;
fake.f_setinfo = fake.f_getinfo = NULL;
fake.f_type = "sm_bprintf:fake";
/* set up the buffer */
fake.f_bf.smb_base = fake.f_p = buf;
fake.f_bf.smb_size = fake.f_w = sizeof(buf);
fake.f_lbfsize = 0; /* not actually used, but Just In Case */
/* do the work, then copy any error status */
ret = sm_io_vfprintf(&fake, SM_TIME_FOREVER, fmt, ap);
if (ret >= 0 && sm_io_flush(&fake, SM_TIME_FOREVER))
ret = SM_IO_EOF; /* errno set by sm_io_flush */
if (fake.f_flags & SMERR)
fp->f_flags |= SMERR;
return ret;
}
#define BUF 40
#define STATIC_ARG_TBL_SIZE 8 /* Size of static argument table. */
/* Macros for converting digits to letters and vice versa */
#define to_digit(c) ((c) - '0')
#define is_digit(c) ((unsigned) to_digit(c) <= 9)
#define to_char(n) ((char) (n) + '0')
/* Flags used during conversion. */
#define ALT 0x001 /* alternate form */
#define HEXPREFIX 0x002 /* add 0x or 0X prefix */
#define LADJUST 0x004 /* left adjustment */
#define LONGINT 0x010 /* long integer */
#define QUADINT 0x020 /* quad integer */
#define SHORTINT 0x040 /* short integer */
#define ZEROPAD 0x080 /* zero (as opposed to blank) pad */
#define FPT 0x100 /* Floating point number */
/*
** SM_IO_VFPRINTF -- performs actual formating for o/p
**
** Parameters:
** fp -- file pointer for o/p
** timeout -- time to complete the print
** fmt0 -- formating directives
** ap -- vectors with data units for formating
**
** Results:
** Success: number of data units used for formatting
** Failure: SM_IO_EOF and sets errno
*/
int
sm_io_vfprintf(fp, timeout, fmt0, ap)
SM_FILE_T *fp;
int timeout;
const char *fmt0;
SM_VA_LOCAL_DECL
{
register char *fmt; /* format string */
register int ch; /* character from fmt */
register int n, m, n2; /* handy integers (short term usage) */
register char *cp; /* handy char pointer (short term usage) */
register struct sm_iov *iovp;/* for PRINT macro */
register int flags; /* flags as above */
int ret; /* return value accumulator */
int width; /* width from format (%8d), or 0 */
int prec; /* precision from format (%.3d), or -1 */
char sign; /* sign prefix (' ', '+', '-', or \0) */
wchar_t wc;
ULONGLONG_T _uquad; /* integer arguments %[diouxX] */
enum { OCT, DEC, HEX } base;/* base for [diouxX] conversion */
int dprec; /* a copy of prec if [diouxX], 0 otherwise */
int realsz; /* field size expanded by dprec */
int size; /* size of converted field or string */
char *xdigs="0123456789abcdef"; /* digits for [xX] conversion */
#define NIOV 8
struct sm_uio uio; /* output information: summary */
struct sm_iov iov[NIOV];/* ... and individual io vectors */
char buf[BUF]; /* space for %c, %[diouxX], %[eEfgG] */
char ox[2]; /* space for 0x hex-prefix */
va_list *argtable; /* args, built due to positional arg */
va_list statargtable[STATIC_ARG_TBL_SIZE];
int nextarg; /* 1-based argument index */
va_list orgap; /* original argument pointer */
/*
** Choose PADSIZE to trade efficiency vs. size. If larger printf
** fields occur frequently, increase PADSIZE and make the initialisers
** below longer.
*/
#define PADSIZE 16 /* pad chunk size */
static char blanks[PADSIZE] =
{' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' '};
static char zeroes[PADSIZE] =
{'0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0'};
/*
** BEWARE, these `goto error' on error, and PAD uses `n'.
*/
#define PRINT(ptr, len) do { \
iovp->iov_base = (ptr); \
iovp->iov_len = (len); \
uio.uio_resid += (len); \
iovp++; \
if (++uio.uio_iovcnt >= NIOV) \
{ \
if (sm_print(fp, timeout, &uio)) \
goto error; \
iovp = iov; \
} \
} while (0)
#define PAD(howmany, with) do \
{ \
if ((n = (howmany)) > 0) \
{ \
while (n > PADSIZE) { \
PRINT(with, PADSIZE); \
n -= PADSIZE; \
} \
PRINT(with, n); \
} \
} while (0)
#define FLUSH() do \
{ \
if (uio.uio_resid && sm_print(fp, timeout, &uio)) \
goto error; \
uio.uio_iovcnt = 0; \
iovp = iov; \
} while (0)
/*
** To extend shorts properly, we need both signed and unsigned
** argument extraction methods.
*/
#define SARG() \
(flags&QUADINT ? SM_VA_ARG(ap, LONGLONG_T) : \
flags&LONGINT ? GETARG(long) : \
flags&SHORTINT ? (long) (short) GETARG(int) : \
(long) GETARG(int))
#define UARG() \
(flags&QUADINT ? SM_VA_ARG(ap, ULONGLONG_T) : \
flags&LONGINT ? GETARG(unsigned long) : \
flags&SHORTINT ? (unsigned long) (unsigned short) GETARG(int) : \
(unsigned long) GETARG(unsigned int))
/*
** Get * arguments, including the form *nn$. Preserve the nextarg
** that the argument can be gotten once the type is determined.
*/
#define GETASTER(val) \
n2 = 0; \
cp = fmt; \
while (is_digit(*cp)) \
{ \
n2 = 10 * n2 + to_digit(*cp); \
cp++; \
} \
if (*cp == '$') \
{ \
int hold = nextarg; \
if (argtable == NULL) \
{ \
argtable = statargtable; \
sm_find_arguments(fmt0, orgap, &argtable); \
} \
nextarg = n2; \
val = GETARG(int); \
nextarg = hold; \
fmt = ++cp; \
} \
else \
{ \
val = GETARG(int); \
}
/*
** Get the argument indexed by nextarg. If the argument table is
** built, use it to get the argument. If its not, get the next
** argument (and arguments must be gotten sequentially).
*/
#if SM_VA_STD
# define GETARG(type) \
(((argtable != NULL) ? (void) (ap = argtable[nextarg]) : (void) 0), \
nextarg++, SM_VA_ARG(ap, type))
#else /* SM_VA_STD */
# define GETARG(type) \
((argtable != NULL) ? (*((type*)(argtable[nextarg++]))) : \
(nextarg++, SM_VA_ARG(ap, type)))
#endif /* SM_VA_STD */
/* sorry, fprintf(read_only_file, "") returns SM_IO_EOF, not 0 */
if (cantwrite(fp))
{
errno = EBADF;
return SM_IO_EOF;
}
/* optimise fprintf(stderr) (and other unbuffered Unix files) */
if ((fp->f_flags & (SMNBF|SMWR|SMRW)) == (SMNBF|SMWR) &&
fp->f_file >= 0)
return sm_bprintf(fp, fmt0, ap);
fmt = (char *) fmt0;
argtable = NULL;
nextarg = 1;
SM_VA_COPY(orgap, ap);
uio.uio_iov = iovp = iov;
uio.uio_resid = 0;
uio.uio_iovcnt = 0;
ret = 0;
/* Scan the format for conversions (`%' character). */
for (;;)
{
cp = fmt;
n = 0;
while ((wc = *fmt) != '\0')
{
if (wc == '%')
{
n = 1;
break;
}
fmt++;
}
if ((m = fmt - cp) != 0)
{
PRINT(cp, m);
ret += m;
}
if (n <= 0)
goto done;
fmt++; /* skip over '%' */
flags = 0;
dprec = 0;
width = 0;
prec = -1;
sign = '\0';
rflag: ch = *fmt++;
reswitch: switch (ch)
{
case ' ':
/*
** ``If the space and + flags both appear, the space
** flag will be ignored.''
** -- ANSI X3J11
*/
if (!sign)
sign = ' ';
goto rflag;
case '#':
flags |= ALT;
goto rflag;
case '*':
/*
** ``A negative field width argument is taken as a
** - flag followed by a positive field width.''
** -- ANSI X3J11
** They don't exclude field widths read from args.
*/
GETASTER(width);
if (width >= 0)
goto rflag;
width = -width;
/* FALLTHROUGH */
case '-':
flags |= LADJUST;
goto rflag;
case '+':
sign = '+';
goto rflag;
case '.':
if ((ch = *fmt++) == '*')
{
GETASTER(n);
prec = n < 0 ? -1 : n;
goto rflag;
}
n = 0;
while (is_digit(ch))
{
n = 10 * n + to_digit(ch);
ch = *fmt++;
}
if (ch == '$')
{
nextarg = n;
if (argtable == NULL)
{
argtable = statargtable;
sm_find_arguments(fmt0, orgap,
&argtable);
}
goto rflag;
}
prec = n < 0 ? -1 : n;
goto reswitch;
case '0':
/*
** ``Note that 0 is taken as a flag, not as the
** beginning of a field width.''
** -- ANSI X3J11
*/
flags |= ZEROPAD;
goto rflag;
case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
n = 0;
do
{
n = 10 * n + to_digit(ch);
ch = *fmt++;
} while (is_digit(ch));
if (ch == '$')
{
nextarg = n;
if (argtable == NULL)
{
argtable = statargtable;
sm_find_arguments(fmt0, orgap,
&argtable);
}
goto rflag;
}
width = n;
goto reswitch;
case 'h':
flags |= SHORTINT;
goto rflag;
case 'l':
if (*fmt == 'l')
{
fmt++;
flags |= QUADINT;
}
else
{
flags |= LONGINT;
}
goto rflag;
case 'q':
flags |= QUADINT;
goto rflag;
case 'c':
*(cp = buf) = GETARG(int);
size = 1;
sign = '\0';
break;
case 'D':
flags |= LONGINT;
/*FALLTHROUGH*/
case 'd':
case 'i':
_uquad = SARG();
if ((LONGLONG_T) _uquad < 0)
{
_uquad = -(LONGLONG_T) _uquad;
sign = '-';
}
base = DEC;
goto number;
case 'e':
case 'E':
case 'f':
case 'g':
case 'G':
{
double val;
char *p;
char fmt[16];
char out[150];
size_t len;
/*
** This code implements floating point output
** in the most portable manner possible,
** relying only on 'sprintf' as defined by
** the 1989 ANSI C standard.
** We silently cap width and precision
** at 120, to avoid buffer overflow.
*/
val = GETARG(double);
p = fmt;
*p++ = '%';
if (sign)
*p++ = sign;
if (flags & ALT)
*p++ = '#';
if (flags & LADJUST)
*p++ = '-';
if (flags & ZEROPAD)
*p++ = '0';
*p++ = '*';
if (prec >= 0)
{
*p++ = '.';
*p++ = '*';
}
*p++ = ch;
*p = '\0';
if (width > 120)
width = 120;
if (prec > 120)
prec = 120;
if (prec >= 0)
#if HASSNPRINTF
snprintf(out, sizeof(out), fmt, width,
prec, val);
-#else /* HASSNPRINTF */
+#else
sprintf(out, fmt, width, prec, val);
-#endif /* HASSNPRINTF */
+#endif
else
#if HASSNPRINTF
snprintf(out, sizeof(out), fmt, width,
val);
-#else /* HASSNPRINTF */
+#else
sprintf(out, fmt, width, val);
-#endif /* HASSNPRINTF */
+#endif
len = strlen(out);
PRINT(out, len);
FLUSH();
continue;
}
case 'n':
if (flags & QUADINT)
*GETARG(LONGLONG_T *) = ret;
else if (flags & LONGINT)
*GETARG(long *) = ret;
else if (flags & SHORTINT)
*GETARG(short *) = ret;
else
*GETARG(int *) = ret;
continue; /* no output */
case 'O':
flags |= LONGINT;
/*FALLTHROUGH*/
case 'o':
_uquad = UARG();
base = OCT;
goto nosign;
case 'p':
/*
** ``The argument shall be a pointer to void. The
** value of the pointer is converted to a sequence
** of printable characters, in an implementation-
** defined manner.''
** -- ANSI X3J11
*/
/* NOSTRICT */
{
union
{
void *p;
ULONGLONG_T ll;
unsigned long l;
unsigned i;
} u;
u.p = GETARG(void *);
if (sizeof(void *) == sizeof(ULONGLONG_T))
_uquad = u.ll;
else if (sizeof(void *) == sizeof(long))
_uquad = u.l;
else
_uquad = u.i;
}
base = HEX;
xdigs = "0123456789abcdef";
flags |= HEXPREFIX;
ch = 'x';
goto nosign;
case 's':
if ((cp = GETARG(char *)) == NULL)
cp = "(null)";
if (prec >= 0)
{
/*
** can't use strlen; can only look for the
** NUL in the first `prec' characters, and
** strlen() will go further.
*/
char *p = memchr(cp, 0, prec);
if (p != NULL)
{
size = p - cp;
if (size > prec)
size = prec;
}
else
size = prec;
}
else
size = strlen(cp);
sign = '\0';
break;
case 'U':
flags |= LONGINT;
/*FALLTHROUGH*/
case 'u':
_uquad = UARG();
base = DEC;
goto nosign;
case 'X':
xdigs = "0123456789ABCDEF";
goto hex;
case 'x':
xdigs = "0123456789abcdef";
hex: _uquad = UARG();
base = HEX;
/* leading 0x/X only if non-zero */
if (flags & ALT && _uquad != 0)
flags |= HEXPREFIX;
/* unsigned conversions */
nosign: sign = '\0';
/*
** ``... diouXx conversions ... if a precision is
** specified, the 0 flag will be ignored.''
** -- ANSI X3J11
*/
number: if ((dprec = prec) >= 0)
flags &= ~ZEROPAD;
/*
** ``The result of converting a zero value with an
** explicit precision of zero is no characters.''
** -- ANSI X3J11
*/
cp = buf + BUF;
if (_uquad != 0 || prec != 0)
{
/*
** Unsigned mod is hard, and unsigned mod
** by a constant is easier than that by
** a variable; hence this switch.
*/
switch (base)
{
case OCT:
do
{
*--cp = to_char(_uquad & 7);
_uquad >>= 3;
} while (_uquad);
/* handle octal leading 0 */
if (flags & ALT && *cp != '0')
*--cp = '0';
break;
case DEC:
/* many numbers are 1 digit */
while (_uquad >= 10)
{
*--cp = to_char(_uquad % 10);
_uquad /= 10;
}
*--cp = to_char(_uquad);
break;
case HEX:
do
{
*--cp = xdigs[_uquad & 15];
_uquad >>= 4;
} while (_uquad);
break;
default:
cp = "bug in sm_io_vfprintf: bad base";
size = strlen(cp);
goto skipsize;
}
}
size = buf + BUF - cp;
skipsize:
break;
default: /* "%?" prints ?, unless ? is NUL */
if (ch == '\0')
goto done;
/* pretend it was %c with argument ch */
cp = buf;
*cp = ch;
size = 1;
sign = '\0';
break;
}
/*
** All reasonable formats wind up here. At this point, `cp'
** points to a string which (if not flags&LADJUST) should be
** padded out to `width' places. If flags&ZEROPAD, it should
** first be prefixed by any sign or other prefix; otherwise,
** it should be blank padded before the prefix is emitted.
** After any left-hand padding and prefixing, emit zeroes
** required by a decimal [diouxX] precision, then print the
** string proper, then emit zeroes required by any leftover
** floating precision; finally, if LADJUST, pad with blanks.
**
** Compute actual size, so we know how much to pad.
** size excludes decimal prec; realsz includes it.
*/
realsz = dprec > size ? dprec : size;
if (sign)
realsz++;
else if (flags & HEXPREFIX)
realsz+= 2;
/* right-adjusting blank padding */
if ((flags & (LADJUST|ZEROPAD)) == 0)
PAD(width - realsz, blanks);
/* prefix */
if (sign)
{
PRINT(&sign, 1);
}
else if (flags & HEXPREFIX)
{
ox[0] = '0';
ox[1] = ch;
PRINT(ox, 2);
}
/* right-adjusting zero padding */
if ((flags & (LADJUST|ZEROPAD)) == ZEROPAD)
PAD(width - realsz, zeroes);
/* leading zeroes from decimal precision */
PAD(dprec - size, zeroes);
/* the string or number proper */
PRINT(cp, size);
/* left-adjusting padding (always blank) */
if (flags & LADJUST)
PAD(width - realsz, blanks);
/* finally, adjust ret */
ret += width > realsz ? width : realsz;
FLUSH(); /* copy out the I/O vectors */
}
done:
FLUSH();
error:
+ SM_VA_END_COPY(orgap);
if ((argtable != NULL) && (argtable != statargtable))
sm_free(argtable);
return sm_error(fp) ? SM_IO_EOF : ret;
/* NOTREACHED */
}
/* Type ids for argument type table. */
#define T_UNUSED 0
#define T_SHORT 1
#define T_U_SHORT 2
#define TP_SHORT 3
#define T_INT 4
#define T_U_INT 5
#define TP_INT 6
#define T_LONG 7
#define T_U_LONG 8
#define TP_LONG 9
#define T_QUAD 10
#define T_U_QUAD 11
#define TP_QUAD 12
#define T_DOUBLE 13
#define TP_CHAR 15
#define TP_VOID 16
/*
** SM_FIND_ARGUMENTS -- find all args when a positional parameter is found.
**
** Find all arguments when a positional parameter is encountered. Returns a
** table, indexed by argument number, of pointers to each arguments. The
** initial argument table should be an array of STATIC_ARG_TBL_SIZE entries.
** It will be replaced with a malloc-ed one if it overflows.
**
** Parameters:
** fmt0 -- formating directives
** ap -- vector list of data unit for formating consumption
** argtable -- an indexable table (returned) of 'ap'
**
** Results:
** none.
*/
static void
sm_find_arguments(fmt0, ap, argtable)
const char *fmt0;
SM_VA_LOCAL_DECL
va_list **argtable;
{
register char *fmt; /* format string */
register int ch; /* character from fmt */
register int n, n2; /* handy integer (short term usage) */
register char *cp; /* handy char pointer (short term usage) */
register int flags; /* flags as above */
unsigned char *typetable; /* table of types */
unsigned char stattypetable[STATIC_ARG_TBL_SIZE];
int tablesize; /* current size of type table */
int tablemax; /* largest used index in table */
int nextarg; /* 1-based argument index */
/* Add an argument type to the table, expanding if necessary. */
#define ADDTYPE(type) \
((nextarg >= tablesize) ? \
(sm_grow_type_table_x(&typetable, &tablesize), 0) : 0, \
typetable[nextarg++] = type, \
(nextarg > tablemax) ? tablemax = nextarg : 0)
#define ADDSARG() \
((flags & LONGINT) ? ADDTYPE(T_LONG) : \
((flags & SHORTINT) ? ADDTYPE(T_SHORT) : ADDTYPE(T_INT)))
#define ADDUARG() \
((flags & LONGINT) ? ADDTYPE(T_U_LONG) : \
((flags & SHORTINT) ? ADDTYPE(T_U_SHORT) : ADDTYPE(T_U_INT)))
/* Add * arguments to the type array. */
#define ADDASTER() \
n2 = 0; \
cp = fmt; \
while (is_digit(*cp)) \
{ \
n2 = 10 * n2 + to_digit(*cp); \
cp++; \
} \
if (*cp == '$') \
{ \
int hold = nextarg; \
nextarg = n2; \
ADDTYPE (T_INT); \
nextarg = hold; \
fmt = ++cp; \
} \
else \
{ \
ADDTYPE (T_INT); \
}
fmt = (char *) fmt0;
typetable = stattypetable;
tablesize = STATIC_ARG_TBL_SIZE;
tablemax = 0;
nextarg = 1;
(void) memset(typetable, T_UNUSED, STATIC_ARG_TBL_SIZE);
/* Scan the format for conversions (`%' character). */
for (;;)
{
for (cp = fmt; (ch = *fmt) != '\0' && ch != '%'; fmt++)
/* void */;
if (ch == '\0')
goto done;
fmt++; /* skip over '%' */
flags = 0;
rflag: ch = *fmt++;
reswitch: switch (ch)
{
case ' ':
case '#':
goto rflag;
case '*':
ADDASTER();
goto rflag;
case '-':
case '+':
goto rflag;
case '.':
if ((ch = *fmt++) == '*')
{
ADDASTER();
goto rflag;
}
while (is_digit(ch))
{
ch = *fmt++;
}
goto reswitch;
case '0':
goto rflag;
case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
n = 0;
do
{
n = 10 * n + to_digit(ch);
ch = *fmt++;
} while (is_digit(ch));
if (ch == '$')
{
nextarg = n;
goto rflag;
}
goto reswitch;
case 'h':
flags |= SHORTINT;
goto rflag;
case 'l':
flags |= LONGINT;
goto rflag;
case 'q':
flags |= QUADINT;
goto rflag;
case 'c':
ADDTYPE(T_INT);
break;
case 'D':
flags |= LONGINT;
/*FALLTHROUGH*/
case 'd':
case 'i':
if (flags & QUADINT)
{
ADDTYPE(T_QUAD);
}
else
{
ADDSARG();
}
break;
case 'e':
case 'E':
case 'f':
case 'g':
case 'G':
ADDTYPE(T_DOUBLE);
break;
case 'n':
if (flags & QUADINT)
ADDTYPE(TP_QUAD);
else if (flags & LONGINT)
ADDTYPE(TP_LONG);
else if (flags & SHORTINT)
ADDTYPE(TP_SHORT);
else
ADDTYPE(TP_INT);
continue; /* no output */
case 'O':
flags |= LONGINT;
/*FALLTHROUGH*/
case 'o':
if (flags & QUADINT)
ADDTYPE(T_U_QUAD);
else
ADDUARG();
break;
case 'p':
ADDTYPE(TP_VOID);
break;
case 's':
ADDTYPE(TP_CHAR);
break;
case 'U':
flags |= LONGINT;
/*FALLTHROUGH*/
case 'u':
if (flags & QUADINT)
ADDTYPE(T_U_QUAD);
else
ADDUARG();
break;
case 'X':
case 'x':
if (flags & QUADINT)
ADDTYPE(T_U_QUAD);
else
ADDUARG();
break;
default: /* "%?" prints ?, unless ? is NUL */
if (ch == '\0')
goto done;
break;
}
}
done:
/* Build the argument table. */
if (tablemax >= STATIC_ARG_TBL_SIZE)
{
*argtable = (va_list *)
sm_malloc(sizeof(va_list) * (tablemax + 1));
}
for (n = 1; n <= tablemax; n++)
{
SM_VA_COPY((*argtable)[n], ap);
switch (typetable [n])
{
case T_UNUSED:
(void) SM_VA_ARG(ap, int);
break;
case T_SHORT:
(void) SM_VA_ARG(ap, int);
break;
case T_U_SHORT:
(void) SM_VA_ARG(ap, int);
break;
case TP_SHORT:
(void) SM_VA_ARG(ap, short *);
break;
case T_INT:
(void) SM_VA_ARG(ap, int);
break;
case T_U_INT:
(void) SM_VA_ARG(ap, unsigned int);
break;
case TP_INT:
(void) SM_VA_ARG(ap, int *);
break;
case T_LONG:
(void) SM_VA_ARG(ap, long);
break;
case T_U_LONG:
(void) SM_VA_ARG(ap, unsigned long);
break;
case TP_LONG:
(void) SM_VA_ARG(ap, long *);
break;
case T_QUAD:
(void) SM_VA_ARG(ap, LONGLONG_T);
break;
case T_U_QUAD:
(void) SM_VA_ARG(ap, ULONGLONG_T);
break;
case TP_QUAD:
(void) SM_VA_ARG(ap, LONGLONG_T *);
break;
case T_DOUBLE:
(void) SM_VA_ARG(ap, double);
break;
case TP_CHAR:
(void) SM_VA_ARG(ap, char *);
break;
case TP_VOID:
(void) SM_VA_ARG(ap, void *);
break;
}
}
if ((typetable != NULL) && (typetable != stattypetable))
sm_free(typetable);
}
/*
** SM_GROW_TYPE_TABLE -- Increase the size of the type table.
**
** Parameters:
** tabletype -- type of table to grow
** tablesize -- requested new table size
**
** Results:
** Raises an exception if can't allocate memory.
*/
static void
sm_grow_type_table_x(typetable, tablesize)
unsigned char **typetable;
int *tablesize;
{
unsigned char *oldtable = *typetable;
int newsize = *tablesize * 2;
if (*tablesize == STATIC_ARG_TBL_SIZE)
{
*typetable = (unsigned char *) sm_malloc_x(sizeof(unsigned char)
* newsize);
(void) memmove(*typetable, oldtable, *tablesize);
}
else
{
*typetable = (unsigned char *) sm_realloc_x(typetable,
sizeof(unsigned char) * newsize);
}
(void) memset(&typetable [*tablesize], T_UNUSED,
(newsize - *tablesize));
*tablesize = newsize;
}
diff --git a/libsm/vfscanf.c b/libsm/vfscanf.c
index d043a1135884..c367f7682e37 100644
--- a/libsm/vfscanf.c
+++ b/libsm/vfscanf.c
@@ -1,877 +1,877 @@
/*
* Copyright (c) 2000-2001, 2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_IDSTR(id, "@(#)$Id: vfscanf.c,v 1.55 2013-11-22 20:51:44 ca Exp $")
#include <ctype.h>
#include <stdlib.h>
#include <errno.h>
#include <setjmp.h>
#include <sm/time.h>
#include <sm/varargs.h>
#include <sm/config.h>
#include <sm/io.h>
#include <sm/signal.h>
#include <sm/clock.h>
#include <sm/string.h>
#include "local.h"
#define BUF 513 /* Maximum length of numeric string. */
/* Flags used during conversion. */
#define LONG 0x01 /* l: long or double */
#define SHORT 0x04 /* h: short */
#define QUAD 0x08 /* q: quad (same as ll) */
#define SUPPRESS 0x10 /* suppress assignment */
#define POINTER 0x20 /* weird %p pointer (`fake hex') */
#define NOSKIP 0x40 /* do not skip blanks */
/*
** The following are used in numeric conversions only:
** SIGNOK, NDIGITS, DPTOK, and EXPOK are for floating point;
** SIGNOK, NDIGITS, PFXOK, and NZDIGITS are for integral.
*/
#define SIGNOK 0x080 /* +/- is (still) legal */
#define NDIGITS 0x100 /* no digits detected */
#define DPTOK 0x200 /* (float) decimal point is still legal */
#define EXPOK 0x400 /* (float) exponent (e+3, etc) still legal */
#define PFXOK 0x200 /* 0x prefix is (still) legal */
#define NZDIGITS 0x400 /* no zero digits detected */
/* Conversion types. */
#define CT_CHAR 0 /* %c conversion */
#define CT_CCL 1 /* %[...] conversion */
#define CT_STRING 2 /* %s conversion */
#define CT_INT 3 /* integer, i.e., strtoll or strtoull */
#define CT_FLOAT 4 /* floating, i.e., strtod */
static void scanalrm __P((int));
static unsigned char *sm_sccl __P((char *, unsigned char *));
static jmp_buf ScanTimeOut;
/*
** SCANALRM -- handler when timeout activated for sm_io_vfscanf()
**
** Returns flow of control to where setjmp(ScanTimeOut) was set.
**
** Parameters:
** sig -- unused
**
** Returns:
** does not return
**
** Side Effects:
** returns flow of control to setjmp(ScanTimeOut).
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED0 */
static void
scanalrm(sig)
int sig;
{
longjmp(ScanTimeOut, 1);
}
/*
** SM_VFSCANF -- convert input into data units
**
** Parameters:
** fp -- file pointer for input data
** timeout -- time intvl allowed to complete (milliseconds)
** fmt0 -- format for finding data units
** ap -- vectors for memory location for storing data units
**
** Results:
** Success: number of data units assigned
** Failure: SM_IO_EOF
*/
int
sm_vfscanf(fp, timeout, fmt0, ap)
register SM_FILE_T *fp;
int SM_NONVOLATILE timeout;
char const *fmt0;
- va_list SM_NONVOLATILE ap;
+ va_list ap;
{
register unsigned char *SM_NONVOLATILE fmt = (unsigned char *) fmt0;
register int c; /* character from format, or conversion */
register size_t width; /* field width, or 0 */
register char *p; /* points into all kinds of strings */
register int n; /* handy integer */
register int flags; /* flags as defined above */
register char *p0; /* saves original value of p when necessary */
int nassigned; /* number of fields assigned */
int nread; /* number of characters consumed from fp */
int base; /* base argument to strtoll/strtoull */
/* conversion function (strtoll/strtoull) */
ULONGLONG_T (*ccfn) __P((const char *, char **, int));
char ccltab[256]; /* character class table for %[...] */
char buf[BUF]; /* buffer for numeric conversions */
SM_EVENT *evt = NULL;
/* `basefix' is used to avoid `if' tests in the integer scanner */
static short basefix[17] =
{ 10, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };
if (timeout == SM_TIME_DEFAULT)
timeout = fp->f_timeout;
if (timeout == SM_TIME_IMMEDIATE)
{
/*
** Filling the buffer will take time and we are wanted to
** return immediately. So...
*/
errno = EAGAIN;
return SM_IO_EOF;
}
if (timeout != SM_TIME_FOREVER)
{
if (setjmp(ScanTimeOut) != 0)
{
errno = EAGAIN;
return SM_IO_EOF;
}
evt = sm_seteventm(timeout, scanalrm, 0);
}
nassigned = 0;
nread = 0;
base = 0; /* XXX just to keep gcc happy */
ccfn = NULL; /* XXX just to keep gcc happy */
for (;;)
{
c = *fmt++;
if (c == 0)
{
if (evt != NULL)
sm_clrevent(evt); /* undo our timeout */
return nassigned;
}
if (isspace(c))
{
while ((fp->f_r > 0 || sm_refill(fp, SM_TIME_FOREVER)
== 0) &&
isspace(*fp->f_p))
nread++, fp->f_r--, fp->f_p++;
continue;
}
if (c != '%')
goto literal;
width = 0;
flags = 0;
/*
** switch on the format. continue if done;
** break once format type is derived.
*/
again: c = *fmt++;
switch (c)
{
case '%':
literal:
if (fp->f_r <= 0 && sm_refill(fp, SM_TIME_FOREVER))
goto input_failure;
if (*fp->f_p != c)
goto match_failure;
fp->f_r--, fp->f_p++;
nread++;
continue;
case '*':
flags |= SUPPRESS;
goto again;
case 'h':
flags |= SHORT;
goto again;
case 'l':
if (*fmt == 'l')
{
fmt++;
flags |= QUAD;
}
else
{
flags |= LONG;
}
goto again;
case 'q':
flags |= QUAD;
goto again;
case '0': case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
width = width * 10 + c - '0';
goto again;
/*
** Conversions.
** Those marked `compat' are for 4.[123]BSD compatibility.
**
** (According to ANSI, E and X formats are supposed
** to the same as e and x. Sorry about that.)
*/
case 'D': /* compat */
flags |= LONG;
/* FALLTHROUGH */
case 'd':
c = CT_INT;
ccfn = (ULONGLONG_T (*)())sm_strtoll;
base = 10;
break;
case 'i':
c = CT_INT;
ccfn = (ULONGLONG_T (*)())sm_strtoll;
base = 0;
break;
case 'O': /* compat */
flags |= LONG;
/* FALLTHROUGH */
case 'o':
c = CT_INT;
ccfn = sm_strtoull;
base = 8;
break;
case 'u':
c = CT_INT;
ccfn = sm_strtoull;
base = 10;
break;
case 'X':
case 'x':
flags |= PFXOK; /* enable 0x prefixing */
c = CT_INT;
ccfn = sm_strtoull;
base = 16;
break;
case 'E':
case 'G':
case 'e':
case 'f':
case 'g':
c = CT_FLOAT;
break;
case 's':
c = CT_STRING;
break;
case '[':
fmt = sm_sccl(ccltab, fmt);
flags |= NOSKIP;
c = CT_CCL;
break;
case 'c':
flags |= NOSKIP;
c = CT_CHAR;
break;
case 'p': /* pointer format is like hex */
flags |= POINTER | PFXOK;
c = CT_INT;
ccfn = sm_strtoull;
base = 16;
break;
case 'n':
if (flags & SUPPRESS) /* ??? */
continue;
if (flags & SHORT)
*SM_VA_ARG(ap, short *) = nread;
else if (flags & LONG)
*SM_VA_ARG(ap, long *) = nread;
else
*SM_VA_ARG(ap, int *) = nread;
continue;
/* Disgusting backwards compatibility hacks. XXX */
case '\0': /* compat */
if (evt != NULL)
sm_clrevent(evt); /* undo our timeout */
return SM_IO_EOF;
default: /* compat */
if (isupper(c))
flags |= LONG;
c = CT_INT;
ccfn = (ULONGLONG_T (*)()) sm_strtoll;
base = 10;
break;
}
/* We have a conversion that requires input. */
if (fp->f_r <= 0 && sm_refill(fp, SM_TIME_FOREVER))
goto input_failure;
/*
** Consume leading white space, except for formats
** that suppress this.
*/
if ((flags & NOSKIP) == 0)
{
while (isspace(*fp->f_p))
{
nread++;
if (--fp->f_r > 0)
fp->f_p++;
else if (sm_refill(fp, SM_TIME_FOREVER))
goto input_failure;
}
/*
** Note that there is at least one character in
** the buffer, so conversions that do not set NOSKIP
** can no longer result in an input failure.
*/
}
/* Do the conversion. */
switch (c)
{
case CT_CHAR:
/* scan arbitrary characters (sets NOSKIP) */
if (width == 0)
width = 1;
if (flags & SUPPRESS)
{
size_t sum = 0;
for (;;)
{
if ((size_t) (n = fp->f_r) < width)
{
sum += n;
width -= n;
fp->f_p += n;
if (sm_refill(fp,
SM_TIME_FOREVER))
{
if (sum == 0)
goto input_failure;
break;
}
}
else
{
sum += width;
fp->f_r -= width;
fp->f_p += width;
break;
}
}
nread += sum;
}
else
{
size_t r;
r = sm_io_read(fp, SM_TIME_FOREVER,
(void *) SM_VA_ARG(ap, char *),
width);
if (r == 0)
goto input_failure;
nread += r;
nassigned++;
}
break;
case CT_CCL:
/* scan a (nonempty) character class (sets NOSKIP) */
if (width == 0)
width = (size_t)~0; /* `infinity' */
/* take only those things in the class */
if (flags & SUPPRESS)
{
n = 0;
while (ccltab[*fp->f_p] != '\0')
{
n++, fp->f_r--, fp->f_p++;
if (--width == 0)
break;
if (fp->f_r <= 0 &&
sm_refill(fp, SM_TIME_FOREVER))
{
if (n == 0) /* XXX how? */
goto input_failure;
break;
}
}
if (n == 0)
goto match_failure;
}
else
{
p0 = p = SM_VA_ARG(ap, char *);
while (ccltab[*fp->f_p] != '\0')
{
fp->f_r--;
*p++ = *fp->f_p++;
if (--width == 0)
break;
if (fp->f_r <= 0 &&
sm_refill(fp, SM_TIME_FOREVER))
{
if (p == p0)
goto input_failure;
break;
}
}
n = p - p0;
if (n == 0)
goto match_failure;
*p = 0;
nassigned++;
}
nread += n;
break;
case CT_STRING:
/* like CCL, but zero-length string OK, & no NOSKIP */
if (width == 0)
width = (size_t)~0;
if (flags & SUPPRESS)
{
n = 0;
while (!isspace(*fp->f_p))
{
n++, fp->f_r--, fp->f_p++;
if (--width == 0)
break;
if (fp->f_r <= 0 &&
sm_refill(fp, SM_TIME_FOREVER))
break;
}
nread += n;
}
else
{
p0 = p = SM_VA_ARG(ap, char *);
while (!isspace(*fp->f_p))
{
fp->f_r--;
*p++ = *fp->f_p++;
if (--width == 0)
break;
if (fp->f_r <= 0 &&
sm_refill(fp, SM_TIME_FOREVER))
break;
}
*p = 0;
nread += p - p0;
nassigned++;
}
continue;
case CT_INT:
/* scan an integer as if by strtoll/strtoull */
#if SM_CONF_BROKEN_SIZE_T
if (width == 0 || width > sizeof(buf) - 1)
width = sizeof(buf) - 1;
#else /* SM_CONF_BROKEN_SIZE_T */
/* size_t is unsigned, hence this optimisation */
if (--width > sizeof(buf) - 2)
width = sizeof(buf) - 2;
width++;
#endif /* SM_CONF_BROKEN_SIZE_T */
flags |= SIGNOK | NDIGITS | NZDIGITS;
for (p = buf; width > 0; width--)
{
c = *fp->f_p;
/*
** Switch on the character; `goto ok'
** if we accept it as a part of number.
*/
switch (c)
{
/*
** The digit 0 is always legal, but is
** special. For %i conversions, if no
** digits (zero or nonzero) have been
** scanned (only signs), we will have
** base==0. In that case, we should set
** it to 8 and enable 0x prefixing.
** Also, if we have not scanned zero digits
** before this, do not turn off prefixing
** (someone else will turn it off if we
** have scanned any nonzero digits).
*/
case '0':
if (base == 0)
{
base = 8;
flags |= PFXOK;
}
if (flags & NZDIGITS)
flags &= ~(SIGNOK|NZDIGITS|NDIGITS);
else
flags &= ~(SIGNOK|PFXOK|NDIGITS);
goto ok;
/* 1 through 7 always legal */
case '1': case '2': case '3':
case '4': case '5': case '6': case '7':
base = basefix[base];
flags &= ~(SIGNOK | PFXOK | NDIGITS);
goto ok;
/* digits 8 and 9 ok iff decimal or hex */
case '8': case '9':
base = basefix[base];
if (base <= 8)
break; /* not legal here */
flags &= ~(SIGNOK | PFXOK | NDIGITS);
goto ok;
/* letters ok iff hex */
case 'A': case 'B': case 'C':
case 'D': case 'E': case 'F':
case 'a': case 'b': case 'c':
case 'd': case 'e': case 'f':
/* no need to fix base here */
if (base <= 10)
break; /* not legal here */
flags &= ~(SIGNOK | PFXOK | NDIGITS);
goto ok;
/* sign ok only as first character */
case '+': case '-':
if (flags & SIGNOK)
{
flags &= ~SIGNOK;
goto ok;
}
break;
/* x ok iff flag still set & 2nd char */
case 'x': case 'X':
if (flags & PFXOK && p == buf + 1)
{
base = 16; /* if %i */
flags &= ~PFXOK;
goto ok;
}
break;
}
/*
** If we got here, c is not a legal character
** for a number. Stop accumulating digits.
*/
break;
ok:
/* c is legal: store it and look at the next. */
*p++ = c;
if (--fp->f_r > 0)
fp->f_p++;
else if (sm_refill(fp, SM_TIME_FOREVER))
break; /* SM_IO_EOF */
}
/*
** If we had only a sign, it is no good; push
** back the sign. If the number ends in `x',
** it was [sign] '0' 'x', so push back the x
** and treat it as [sign] '0'.
*/
if (flags & NDIGITS)
{
if (p > buf)
(void) sm_io_ungetc(fp, SM_TIME_DEFAULT,
*(unsigned char *)--p);
goto match_failure;
}
c = ((unsigned char *)p)[-1];
if (c == 'x' || c == 'X')
{
--p;
(void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
}
if ((flags & SUPPRESS) == 0)
{
ULONGLONG_T res;
*p = 0;
res = (*ccfn)(buf, (char **)NULL, base);
if (flags & POINTER)
*SM_VA_ARG(ap, void **) =
(void *)(long) res;
else if (flags & QUAD)
*SM_VA_ARG(ap, LONGLONG_T *) = res;
else if (flags & LONG)
*SM_VA_ARG(ap, long *) = res;
else if (flags & SHORT)
*SM_VA_ARG(ap, short *) = res;
else
*SM_VA_ARG(ap, int *) = res;
nassigned++;
}
nread += p - buf;
break;
case CT_FLOAT:
/* scan a floating point number as if by strtod */
if (width == 0 || width > sizeof(buf) - 1)
width = sizeof(buf) - 1;
flags |= SIGNOK | NDIGITS | DPTOK | EXPOK;
for (p = buf; width; width--)
{
c = *fp->f_p;
/*
** This code mimicks the integer conversion
** code, but is much simpler.
*/
switch (c)
{
case '0': case '1': case '2': case '3':
case '4': case '5': case '6': case '7':
case '8': case '9':
flags &= ~(SIGNOK | NDIGITS);
goto fok;
case '+': case '-':
if (flags & SIGNOK)
{
flags &= ~SIGNOK;
goto fok;
}
break;
case '.':
if (flags & DPTOK)
{
flags &= ~(SIGNOK | DPTOK);
goto fok;
}
break;
case 'e': case 'E':
/* no exponent without some digits */
if ((flags&(NDIGITS|EXPOK)) == EXPOK)
{
flags =
(flags & ~(EXPOK|DPTOK)) |
SIGNOK | NDIGITS;
goto fok;
}
break;
}
break;
fok:
*p++ = c;
if (--fp->f_r > 0)
fp->f_p++;
else if (sm_refill(fp, SM_TIME_FOREVER))
break; /* SM_IO_EOF */
}
/*
** If no digits, might be missing exponent digits
** (just give back the exponent) or might be missing
** regular digits, but had sign and/or decimal point.
*/
if (flags & NDIGITS)
{
if (flags & EXPOK)
{
/* no digits at all */
while (p > buf)
(void) sm_io_ungetc(fp,
SM_TIME_DEFAULT,
*(unsigned char *)--p);
goto match_failure;
}
/* just a bad exponent (e and maybe sign) */
c = *(unsigned char *) --p;
if (c != 'e' && c != 'E')
{
(void) sm_io_ungetc(fp, SM_TIME_DEFAULT,
c); /* sign */
c = *(unsigned char *)--p;
}
(void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
}
if ((flags & SUPPRESS) == 0)
{
double res;
*p = 0;
res = strtod(buf, (char **) NULL);
if (flags & LONG)
*SM_VA_ARG(ap, double *) = res;
else
*SM_VA_ARG(ap, float *) = res;
nassigned++;
}
nread += p - buf;
break;
}
}
input_failure:
if (evt != NULL)
sm_clrevent(evt); /* undo our timeout */
return nassigned ? nassigned : -1;
match_failure:
if (evt != NULL)
sm_clrevent(evt); /* undo our timeout */
return nassigned;
}
/*
** SM_SCCL -- sequenced character comparison list
**
** Fill in the given table from the scanset at the given format
** (just after `['). Return a pointer to the character past the
** closing `]'. The table has a 1 wherever characters should be
** considered part of the scanset.
**
** Parameters:
** tab -- array flagging "active" char's to match (returned)
** fmt -- character list (within "[]")
**
** Results:
*/
static unsigned char *
sm_sccl(tab, fmt)
register char *tab;
register unsigned char *fmt;
{
register int c, n, v;
/* first `clear' the whole table */
c = *fmt++; /* first char hat => negated scanset */
if (c == '^')
{
v = 1; /* default => accept */
c = *fmt++; /* get new first char */
}
else
v = 0; /* default => reject */
/* should probably use memset here */
for (n = 0; n < 256; n++)
tab[n] = v;
if (c == 0)
return fmt - 1; /* format ended before closing ] */
/*
** Now set the entries corresponding to the actual scanset
** to the opposite of the above.
**
** The first character may be ']' (or '-') without being special;
** the last character may be '-'.
*/
v = 1 - v;
for (;;)
{
tab[c] = v; /* take character c */
doswitch:
n = *fmt++; /* and examine the next */
switch (n)
{
case 0: /* format ended too soon */
return fmt - 1;
case '-':
/*
** A scanset of the form
** [01+-]
** is defined as `the digit 0, the digit 1,
** the character +, the character -', but
** the effect of a scanset such as
** [a-zA-Z0-9]
** is implementation defined. The V7 Unix
** scanf treats `a-z' as `the letters a through
** z', but treats `a-a' as `the letter a, the
** character -, and the letter a'.
**
- ** For compatibility, the `-' is not considerd
+ ** For compatibility, the `-' is not considered
** to define a range if the character following
** it is either a close bracket (required by ANSI)
** or is not numerically greater than the character
** we just stored in the table (c).
*/
n = *fmt;
if (n == ']' || n < c)
{
c = '-';
break; /* resume the for(;;) */
}
fmt++;
do
{
/* fill in the range */
tab[++c] = v;
} while (c < n);
#if 1 /* XXX another disgusting compatibility hack */
/*
** Alas, the V7 Unix scanf also treats formats
** such as [a-c-e] as `the letters a through e'.
** This too is permitted by the standard....
*/
goto doswitch;
#else
c = *fmt++;
if (c == 0)
return fmt - 1;
if (c == ']')
return fmt;
break;
#endif
case ']': /* end of scanset */
return fmt;
default: /* just another character */
c = n;
break;
}
}
/* NOTREACHED */
}
diff --git a/libsmdb/Makefile b/libsmdb/Makefile
index 13c8af07a52c..ce0e752abc0a 100644
--- a/libsmdb/Makefile
+++ b/libsmdb/Makefile
@@ -1,17 +1,19 @@
# $Id: Makefile,v 8.2 1999-09-23 22:36:29 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/libsmdb/Makefile.m4 b/libsmdb/Makefile.m4
index dfd62fa6a37e..69299e53fce0 100644
--- a/libsmdb/Makefile.m4
+++ b/libsmdb/Makefile.m4
@@ -1,15 +1,15 @@
dnl $Id: Makefile.m4,v 8.15 2006-06-28 21:08:01 ca Exp $
include(confBUILDTOOLSDIR`/M4/switch.m4')
define(`confREQUIRE_SM_OS_H', `true')
# sendmail dir
SMSRCDIR= ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
PREPENDDEF(`confENVDEF', `confMAPDEF')
PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
bldPRODUCT_START(`library', `libsmdb')
-define(`bldSOURCES', `smdb.c smdb1.c smdb2.c smndbm.c ')
+define(`bldSOURCES', `smdb.c smdb1.c smdb2.c smndbm.c smcdb.c ')
APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL')
bldPRODUCT_END
bldFINISH
diff --git a/libsmdb/smcdb.c b/libsmdb/smcdb.c
new file mode 100644
index 000000000000..84c1a9e1f90c
--- /dev/null
+++ b/libsmdb/smcdb.c
@@ -0,0 +1,575 @@
+/*
+** Copyright (c) 2018 Proofpoint, Inc. and its suppliers.
+** All rights reserved.
+**
+** By using this file, you agree to the terms and conditions set
+** forth in the LICENSE file which can be found at the top level of
+** the sendmail distribution.
+*/
+
+#include <sm/gen.h>
+SM_RCSID("@(#)$Id: smcdb.c,v 8.55 2013-11-22 20:51:49 ca Exp $")
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <sendmail/sendmail.h>
+#include <libsmdb/smdb.h>
+
+#if CDB
+#include <assert.h>
+#include <cdb.h>
+
+typedef struct cdb cdb_map_T, *cdb_map_P;
+typedef struct cdb_make cdb_make_T, *cdb_make_P;
+typedef union sm_cdbs_U sm_cdbs_T, *sm_cdbs_P;
+union sm_cdbs_U
+{
+ cdb_map_T cdbs_cdb_rd;
+ cdb_make_T cdbs_cdb_wr;
+};
+
+struct smdb_cdb_database
+{
+ sm_cdbs_T cdbmap_map;
+ int cdbmap_fd;
+ int smcdb_lock_fd;
+ bool cdbmap_create;
+ unsigned smcdb_pos;
+ int smcdb_n;
+};
+typedef struct smdb_cdb_database SMDB_CDB_DATABASE;
+
+/* static int smdb_type_to_cdb_type __P((SMDB_DBTYPE type)); */
+static int cdb_error_to_smdb __P((int error));
+static SMDB_CDB_DATABASE * smcdb_malloc_database __P((void));
+static int smcdb_close __P((SMDB_DATABASE *database));
+static int smcdb_del __P((SMDB_DATABASE *database, SMDB_DBENT *key, unsigned int flags));
+static int smcdb_fd __P((SMDB_DATABASE *database, int *fd));
+static int smcdb_lockfd __P((SMDB_DATABASE *database));
+static int smcdb_get __P((SMDB_DATABASE *database, SMDB_DBENT *key, SMDB_DBENT *data, unsigned int flags));
+static int smcdb_put __P((SMDB_DATABASE *database, SMDB_DBENT *key, SMDB_DBENT *data, unsigned int flags));
+static int smcdb_set_owner __P((SMDB_DATABASE *database, uid_t uid, gid_t gid));
+static int smcdb_sync __P((SMDB_DATABASE *database, unsigned int flags));
+static int smcdb_cursor_close __P((SMDB_CURSOR *cursor));
+static int smcdb_cursor_del __P((SMDB_CURSOR *cursor, SMDB_FLAG flags));
+static int smcdb_cursor_get __P((SMDB_CURSOR *cursor, SMDB_DBENT *key, SMDB_DBENT *value, SMDB_FLAG flags));
+static int smcdb_cursor_put __P((SMDB_CURSOR *cursor, SMDB_DBENT *key, SMDB_DBENT *value, SMDB_FLAG flags));
+static int smcdb_cursor __P((SMDB_DATABASE *database, SMDB_CURSOR **cursor, SMDB_FLAG flags));
+
+/*
+** SMDB_TYPE_TO_CDB_TYPE -- Translates smdb database type to cdb type.
+**
+** Parameters:
+** type -- The type to translate.
+**
+** Returns:
+** The CDB type that corresponsds to the passed in SMDB type.
+** Returns -1 if there is no equivalent type.
+**
+*/
+
+#if 0
+static int
+smdb_type_to_cdb_type(type)
+ SMDB_DBTYPE type;
+{
+ return 0; /* XXX */
+}
+#endif
+
+/*
+** CDB_ERROR_TO_SMDB -- Translates cdb errors to smdbe errors
+**
+** Parameters:
+** error -- The error to translate.
+**
+** Returns:
+** The SMDBE error corresponding to the cdb error.
+** If we don't have a corresponding error, it returns error.
+**
+*/
+
+static int
+cdb_error_to_smdb(error)
+ int error;
+{
+ int result;
+
+ switch (error)
+ {
+ case 0:
+ result = SMDBE_OK;
+ break;
+
+ default:
+ result = error;
+ }
+ return result;
+}
+
+SMDB_CDB_DATABASE *
+smcdb_malloc_database()
+{
+ SMDB_CDB_DATABASE *cdb;
+
+ cdb = (SMDB_CDB_DATABASE *) malloc(sizeof(SMDB_CDB_DATABASE));
+ if (cdb != NULL)
+ cdb->smcdb_lock_fd = -1;
+
+ return cdb;
+}
+
+static int
+smcdb_close(database)
+ SMDB_DATABASE *database;
+{
+ int result, fd;
+ SMDB_CDB_DATABASE *sm_cdbmap = (SMDB_CDB_DATABASE *) database->smdb_impl;
+
+ if (NULL == sm_cdbmap)
+ return -1;
+ result = 0;
+ if (sm_cdbmap->cdbmap_create)
+ result = cdb_make_finish(&sm_cdbmap->cdbmap_map.cdbs_cdb_wr);
+
+ fd = sm_cdbmap->cdbmap_fd;
+ if (fd >= 0)
+ {
+ close(fd);
+ sm_cdbmap->cdbmap_fd = -1;
+ }
+
+ free(sm_cdbmap);
+ database->smdb_impl = NULL;
+
+ return result;
+}
+
+static int
+smcdb_del(database, key, flags)
+ SMDB_DATABASE *database;
+ SMDB_DBENT *key;
+ unsigned int flags;
+{
+ SMDB_CDB_DATABASE *sm_cdbmap = (SMDB_CDB_DATABASE *) database->smdb_impl;
+
+ assert(sm_cdbmap != NULL);
+ return -1;
+}
+
+static int
+smcdb_fd(database, fd)
+ SMDB_DATABASE *database;
+ int *fd;
+{
+ SMDB_CDB_DATABASE *sm_cdbmap = (SMDB_CDB_DATABASE *) database->smdb_impl;
+ return sm_cdbmap->cdbmap_fd;
+}
+
+static int
+smcdb_lockfd(database)
+ SMDB_DATABASE *database;
+{
+ SMDB_CDB_DATABASE *sm_cdbmap = (SMDB_CDB_DATABASE *) database->smdb_impl;
+
+ return sm_cdbmap->smcdb_lock_fd;
+}
+
+/*
+** allocate/free: who does it: caller or callee?
+** If this code does it: the "last" entry will leak.
+*/
+
+#define DBEALLOC(dbe, l) \
+ do \
+ { \
+ if ((dbe)->size > 0 && l > (dbe)->size) \
+ { \
+ free((dbe)->data); \
+ (dbe)->size = 0; \
+ } \
+ if ((dbe)->size == 0) \
+ { \
+ (dbe)->data = malloc(l); \
+ if ((dbe)->data == NULL) \
+ return SMDBE_MALLOC; \
+ (dbe)->size = l; \
+ } \
+ if (l > (dbe)->size) \
+ return SMDBE_MALLOC; /* XXX bogus */ \
+ } while (0)
+
+
+static int
+smcdb_get(database, key, data, flags)
+ SMDB_DATABASE *database;
+ SMDB_DBENT *key;
+ SMDB_DBENT *data;
+ unsigned int flags;
+{
+ SMDB_CDB_DATABASE *sm_cdbmap = (SMDB_CDB_DATABASE *) database->smdb_impl;
+ size_t l;
+ int ret;
+
+ ret = SM_SUCCESS;
+
+ if (NULL == sm_cdbmap )
+ return -1;
+ /* SM_ASSERT(!sm_cdbmap->cdbmap_create); */
+
+ /* need to lock access? single threaded access! */
+ ret = cdb_find(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd,
+ key->data, key->size);
+ if (ret > 0)
+ {
+ l = cdb_datalen(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd);
+ DBEALLOC(data, l);
+ ret = cdb_read(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd,
+ data->data, l,
+ cdb_datapos(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd));
+ if (ret < 0)
+ ret = -1;
+ else
+ {
+ data->size = l;
+ ret = SM_SUCCESS;
+ }
+ }
+ else
+ ret = -1;
+
+ return ret;
+}
+
+static int
+smcdb_put(database, key, data, flags)
+ SMDB_DATABASE *database;
+ SMDB_DBENT *key;
+ SMDB_DBENT *data;
+ unsigned int flags;
+{
+ int r, cdb_flags;
+ SMDB_CDB_DATABASE *sm_cdbmap = (SMDB_CDB_DATABASE *) database->smdb_impl;
+
+ assert(sm_cdbmap != NULL);
+ if (bitset(SMDBF_NO_OVERWRITE, flags))
+ cdb_flags = CDB_PUT_INSERT;
+ else
+ cdb_flags = CDB_PUT_REPLACE;
+
+ r = cdb_make_put(&sm_cdbmap->cdbmap_map.cdbs_cdb_wr,
+ key->data, key->size, data->data, data->size,
+ cdb_flags);
+ if (r > 0)
+ {
+ if (bitset(SMDBF_NO_OVERWRITE, flags))
+ return SMDBE_DUPLICATE;
+ else
+ return SMDBE_OK;
+ }
+ return r;
+}
+
+
+static int
+smcdb_set_owner(database, uid, gid)
+ SMDB_DATABASE *database;
+ uid_t uid;
+ gid_t gid;
+{
+# if HASFCHOWN
+ int fd;
+ int result;
+ SMDB_CDB_DATABASE *sm_cdbmap = (SMDB_CDB_DATABASE *) database->smdb_impl;
+
+ assert(sm_cdbmap != NULL);
+ fd = sm_cdbmap->cdbmap_fd;
+ if (fd >= 0)
+ {
+ result = fchown(fd, uid, gid);
+ if (result < 0)
+ return errno;
+ }
+# endif /* HASFCHOWN */
+
+ return SMDBE_OK;
+}
+
+static int
+smcdb_sync(database, flags)
+ SMDB_DATABASE *database;
+ unsigned int flags;
+{
+ return 0;
+}
+
+static int
+smcdb_cursor_close(cursor)
+ SMDB_CURSOR *cursor;
+{
+ int ret;
+
+ ret = SMDBE_OK;
+ if (cursor != NULL)
+ free(cursor);
+ return ret;
+}
+
+static int
+smcdb_cursor_del(cursor, flags)
+ SMDB_CURSOR *cursor;
+ SMDB_FLAG flags;
+{
+ return -1;
+}
+
+static int
+smcdb_cursor_get(cursor, key, value, flags)
+ SMDB_CURSOR *cursor;
+ SMDB_DBENT *key;
+ SMDB_DBENT *value;
+ SMDB_FLAG flags;
+{
+ SMDB_CDB_DATABASE *sm_cdbmap;
+ size_t l;
+ int ret;
+
+ ret = SMDBE_OK;
+ sm_cdbmap = cursor->smdbc_impl;
+ ret = cdb_seqnext(&sm_cdbmap->smcdb_pos, &sm_cdbmap->cdbmap_map.cdbs_cdb_rd);
+ if (ret == 0)
+ return SMDBE_LAST_ENTRY;
+ if (ret < 0)
+ return SMDBE_IO_ERROR;
+
+ l = cdb_keylen(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd);
+ DBEALLOC(key, l);
+
+ ret = cdb_read(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd,
+ key->data, l,
+ cdb_keypos(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd));
+ if (ret < 0)
+ return SMDBE_IO_ERROR;
+ key->size = l;
+
+ l = cdb_datalen(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd);
+
+ DBEALLOC(value, l);
+ ret = cdb_read(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd,
+ value->data, l,
+ cdb_datapos(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd));
+ if (ret < 0)
+ return SMDBE_IO_ERROR;
+ value->size = l;
+
+ return SMDBE_OK;
+}
+
+static int
+smcdb_cursor_put(cursor, key, value, flags)
+ SMDB_CURSOR *cursor;
+ SMDB_DBENT *key;
+ SMDB_DBENT *value;
+ SMDB_FLAG flags;
+{
+ return -1;
+}
+
+static int
+smcdb_cursor(database, cursor, flags)
+ SMDB_DATABASE *database;
+ SMDB_CURSOR **cursor;
+ SMDB_FLAG flags;
+{
+ int result;
+ SMDB_CDB_DATABASE *sm_cdbmap;
+
+ result = SMDBE_OK;
+ *cursor = (SMDB_CURSOR *) malloc(sizeof(SMDB_CURSOR));
+ if (*cursor == NULL)
+ return SMDBE_MALLOC;
+
+ sm_cdbmap = (SMDB_CDB_DATABASE *) database->smdb_impl;
+ (*cursor)->smdbc_close = smcdb_cursor_close;
+ (*cursor)->smdbc_del = smcdb_cursor_del;
+ (*cursor)->smdbc_get = smcdb_cursor_get;
+ (*cursor)->smdbc_put = smcdb_cursor_put;
+ (*cursor)->smdbc_impl = sm_cdbmap;
+
+ cdb_seqinit(&sm_cdbmap->smcdb_pos, &sm_cdbmap->cdbmap_map.cdbs_cdb_rd);
+
+ return result;
+}
+
+/*
+** SMDB_DB_OPEN -- Opens a db database.
+**
+** Parameters:
+** database -- An unallocated database pointer to a pointer.
+** db_name -- The name of the database without extension.
+** mode -- File permisions for a created database.
+** mode_mask -- Mode bits that must match on an opened database.
+** sff -- Flags for safefile.
+** type -- The type of database to open
+** See smdb_type_to_cdb_type for valid types.
+** user_info -- User information for file permissions.
+** db_params --
+** An SMDB_DBPARAMS struct including params. These
+** are processed according to the type of the
+** database. Currently supported params (only for
+** HASH type) are:
+** num_elements
+** cache_size
+**
+** Returns:
+** SMDBE_OK -- Success, other errno:
+** SMDBE_MALLOC -- Cannot allocate memory.
+** SMDBE_BAD_OPEN -- db_open didn't return an error, but
+** somehow the DB pointer is NULL.
+** Anything else: translated error from cdb
+*/
+
+int
+smdb_cdb_open(database, db_name, mode, mode_mask, sff, type, user_info, db_params)
+ SMDB_DATABASE **database;
+ char *db_name;
+ int mode;
+ int mode_mask;
+ long sff;
+ SMDB_DBTYPE type;
+ SMDB_USER_INFO *user_info;
+ SMDB_DBPARAMS *db_params;
+{
+ bool lockcreated = false;
+ int result;
+ int lock_fd;
+ int db_fd;
+ SMDB_DATABASE *smdb_db;
+ SMDB_CDB_DATABASE *sm_cdbmap;
+ struct stat stat_info;
+ char db_file_name[MAXPATHLEN];
+
+ *database = NULL;
+ result = smdb_add_extension(db_file_name, sizeof db_file_name,
+ db_name, SMCDB_FILE_EXTENSION);
+ if (result != SMDBE_OK)
+ return result;
+
+ result = smdb_setup_file(db_name, SMCDB_FILE_EXTENSION,
+ mode_mask, sff, user_info, &stat_info);
+ if (result != SMDBE_OK)
+ return result;
+
+ lock_fd = -1;
+
+ if (stat_info.st_mode == ST_MODE_NOFILE &&
+ bitset(mode, O_CREAT))
+ lockcreated = true;
+
+ result = smdb_lock_file(&lock_fd, db_name, mode, sff,
+ SMCDB_FILE_EXTENSION);
+ if (result != SMDBE_OK)
+ return result;
+
+ if (lockcreated)
+ {
+ mode |= O_TRUNC;
+ mode &= ~(O_CREAT|O_EXCL);
+ }
+
+ smdb_db = smdb_malloc_database();
+ sm_cdbmap = smcdb_malloc_database();
+ if (sm_cdbmap == NULL || smdb_db == NULL)
+ {
+ smdb_unlock_file(lock_fd);
+ smdb_free_database(smdb_db); /* ok to be NULL */
+ if (sm_cdbmap != NULL)
+ free(sm_cdbmap);
+ return SMDBE_MALLOC;
+ }
+
+ sm_cdbmap->smcdb_lock_fd = lock_fd;
+
+#if 0
+ db = NULL;
+ db_flags = 0;
+ if (bitset(O_CREAT, mode))
+ db_flags |= DB_CREATE;
+ if (bitset(O_TRUNC, mode))
+ db_flags |= DB_TRUNCATE;
+ if (mode == O_RDONLY)
+ db_flags |= DB_RDONLY;
+ SM_DB_FLAG_ADD(db_flags);
+#endif
+
+ result = -1; /* smdb_db_open_internal(db_file_name, db_type, db_flags, db_params, &db); */
+ db_fd = open(db_file_name, mode, DBMMODE);
+ if (db_fd == -1)
+ {
+ result = SMDBE_BAD_OPEN;
+ goto error;
+ }
+
+ sm_cdbmap->cdbmap_create = (mode != O_RDONLY);
+ if (mode == O_RDONLY)
+ result = cdb_init(&sm_cdbmap->cdbmap_map.cdbs_cdb_rd, db_fd);
+ else
+ result = cdb_make_start(&sm_cdbmap->cdbmap_map.cdbs_cdb_wr, db_fd);
+ if (result != 0)
+ {
+ result = SMDBE_BAD_OPEN;
+ goto error;
+ }
+
+ if (result == 0)
+ result = SMDBE_OK;
+ else
+ {
+ /* Try and narrow down on the problem */
+ if (result != 0)
+ result = cdb_error_to_smdb(result);
+ else
+ result = SMDBE_BAD_OPEN;
+ }
+
+ if (result == SMDBE_OK)
+ result = smdb_filechanged(db_name, SMCDB_FILE_EXTENSION, db_fd,
+ &stat_info);
+
+ if (result == SMDBE_OK)
+ {
+ /* Everything is ok. Setup driver */
+ /* smdb_db->smcdb_db = sm_cdbmap; */
+
+ smdb_db->smdb_close = smcdb_close;
+ smdb_db->smdb_del = smcdb_del;
+ smdb_db->smdb_fd = smcdb_fd;
+ smdb_db->smdb_lockfd = smcdb_lockfd;
+ smdb_db->smdb_get = smcdb_get;
+ smdb_db->smdb_put = smcdb_put;
+ smdb_db->smdb_set_owner = smcdb_set_owner;
+ smdb_db->smdb_sync = smcdb_sync;
+ smdb_db->smdb_cursor = smcdb_cursor;
+ smdb_db->smdb_impl = sm_cdbmap;
+
+ *database = smdb_db;
+
+ return SMDBE_OK;
+ }
+
+ error:
+ if (sm_cdbmap != NULL)
+ {
+ /* close */
+ }
+
+ smdb_unlock_file(sm_cdbmap->smcdb_lock_fd);
+ free(sm_cdbmap);
+ smdb_free_database(smdb_db);
+
+ return result;
+}
+
+#endif /* CDB */
diff --git a/libsmdb/smdb.c b/libsmdb/smdb.c
index 96473b89b173..9091b52520fa 100644
--- a/libsmdb/smdb.c
+++ b/libsmdb/smdb.c
@@ -1,553 +1,594 @@
/*
** Copyright (c) 1999-2002 Proofpoint, Inc. and its suppliers.
** All rights reserved.
**
** By using this file, you agree to the terms and conditions set
** forth in the LICENSE file which can be found at the top level of
** the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: smdb.c,v 8.59 2013-11-22 20:51:49 ca Exp $")
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
#include <sendmail/sendmail.h>
#include <libsmdb/smdb.h>
static bool smdb_lockfile __P((int, int));
/*
-** SMDB_MALLOC_DATABASE -- Allocates a database structure.
+** SMDB_MALLOC_DATABASE -- Allocates a database structure.
**
** Parameters:
** None
**
** Returns:
-** An pointer to an allocated SMDB_DATABASE structure or
+** A pointer to an allocated SMDB_DATABASE structure or
** NULL if it couldn't allocate the memory.
*/
SMDB_DATABASE *
smdb_malloc_database()
{
SMDB_DATABASE *db;
db = (SMDB_DATABASE *) malloc(sizeof(SMDB_DATABASE));
if (db != NULL)
(void) memset(db, '\0', sizeof(SMDB_DATABASE));
return db;
}
-
/*
-** SMDB_FREE_DATABASE -- Unallocates a database structure.
+** SMDB_FREE_DATABASE -- Unallocates a database structure.
**
** Parameters:
** database -- a SMDB_DATABASE pointer to deallocate.
**
** Returns:
** None
*/
void
smdb_free_database(database)
SMDB_DATABASE *database;
{
if (database != NULL)
free(database);
}
+
/*
** SMDB_LOCKFILE -- lock a file using flock or (shudder) fcntl locking
**
** Parameters:
** fd -- the file descriptor of the file.
** type -- type of the lock. Bits can be:
** LOCK_EX -- exclusive lock.
** LOCK_NB -- non-blocking.
**
** Returns:
** true if the lock was acquired.
** false otherwise.
*/
static bool
smdb_lockfile(fd, type)
int fd;
int type;
{
int i;
int save_errno;
#if !HASFLOCK
int action;
struct flock lfd;
(void) memset(&lfd, '\0', sizeof lfd);
if (bitset(LOCK_UN, type))
lfd.l_type = F_UNLCK;
else if (bitset(LOCK_EX, type))
lfd.l_type = F_WRLCK;
else
lfd.l_type = F_RDLCK;
if (bitset(LOCK_NB, type))
action = F_SETLK;
else
action = F_SETLKW;
while ((i = fcntl(fd, action, &lfd)) < 0 && errno == EINTR)
continue;
if (i >= 0)
return true;
save_errno = errno;
/*
** On SunOS, if you are testing using -oQ/tmp/mqueue or
** -oA/tmp/aliases or anything like that, and /tmp is mounted
** as type "tmp" (that is, served from swap space), the
** previous fcntl will fail with "Invalid argument" errors.
** Since this is fairly common during testing, we will assume
** that this indicates that the lock is successfully grabbed.
*/
if (save_errno == EINVAL)
return true;
if (!bitset(LOCK_NB, type) ||
(save_errno != EACCES && save_errno != EAGAIN))
{
# if 0
int omode = fcntl(fd, F_GETFL, NULL);
int euid = (int) geteuid();
syslog(LOG_ERR, "cannot lockf(%s%s, fd=%d, type=%o, omode=%o, euid=%d)",
filename, ext, fd, type, omode, euid);
# endif /* 0 */
errno = save_errno;
return false;
}
#else /* !HASFLOCK */
while ((i = flock(fd, type)) < 0 && errno == EINTR)
continue;
if (i >= 0)
return true;
save_errno = errno;
if (!bitset(LOCK_NB, type) || save_errno != EWOULDBLOCK)
{
# if 0
int omode = fcntl(fd, F_GETFL, NULL);
int euid = (int) geteuid();
syslog(LOG_ERR, "cannot flock(%s%s, fd=%d, type=%o, omode=%o, euid=%d)",
filename, ext, fd, type, omode, euid);
# endif /* 0 */
errno = save_errno;
return false;
}
#endif /* !HASFLOCK */
errno = save_errno;
return false;
}
+
/*
-** SMDB_OPEN_DATABASE -- Opens a database.
+** SMDB_OPEN_DATABASE -- Opens a database.
**
** This opens a database. If type is SMDB_DEFAULT it tries to
-** use a DB1 or DB2 hash. If that isn't available, it will try
-** to use NDBM. If a specific type is given it will try to open
-** a database of that type.
+** use available DB types. If a specific type is given it will
+** try to open a database of that type.
**
** Parameters:
-** database -- An pointer to a SMDB_DATABASE pointer where the
+** database -- A pointer to a SMDB_DATABASE pointer where the
** opened database will be stored. This should
** be unallocated.
** db_name -- The name of the database to open. Do not include
** the file name extension.
** mode -- The mode to set on the database file or files.
** mode_mask -- Mode bits that must match on an opened database.
** sff -- Flags to safefile.
** type -- The type of database to open. Supported types
** vary depending on what was compiled in.
** user_info -- Information on the user to use for file
** permissions.
** params -- Params specific to the database being opened.
** Only supports some DB hash options right now
** (see smdb_db_open() for details).
**
** Returns:
** SMDBE_OK -- Success.
** Anything else is an error. Look up more info about the
** error in the comments for the specific open() used.
*/
+struct type2func_s
+{
+ const char *t2f_type;
+ smdb_open_func *t2f_open_fun;
+};
+typedef struct type2func_s type2func_t;
+static type2func_t type2func[] = {
+ { SMDB_TYPE_HASH, smdb_db_open },
+ { SMDB_TYPE_BTREE, smdb_db_open },
+ { SMDB_TYPE_NDBM, smdb_ndbm_open},
+ { SMDB_TYPE_CDB, smdb_cdb_open },
+ { NULL, NULL }
+};
+
int
smdb_open_database(database, db_name, mode, mode_mask, sff, type, user_info,
params)
SMDB_DATABASE **database;
char *db_name;
int mode;
int mode_mask;
long sff;
SMDB_DBTYPE type;
SMDB_USER_INFO *user_info;
SMDB_DBPARAMS *params;
{
-#if defined(NEWDB) && defined(NDBM)
- bool type_was_default = false;
-#endif
-
- if (type == SMDB_TYPE_DEFAULT)
- {
-#ifdef NEWDB
-# ifdef NDBM
- type_was_default = true;
-# endif
- type = SMDB_TYPE_HASH;
-#else /* NEWDB */
-# ifdef NDBM
- type = SMDB_TYPE_NDBM;
-# endif /* NDBM */
-#endif /* NEWDB */
- }
-
- if (type == SMDB_TYPE_DEFAULT)
- return SMDBE_UNKNOWN_DB_TYPE;
-
- if ((strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0) ||
- (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0))
+ bool type_was_default;
+ int result, i;
+ const char *smdb_type;
+ smdb_open_func *smdb_open_fun;
+
+ result = SMDBE_UNSUPPORTED_DB_TYPE;
+ type_was_default = SMDB_IS_TYPE_DEFAULT(type);
+ for (i = 0; (smdb_type = type2func[i].t2f_type) != NULL; i++)
{
-#ifdef NEWDB
- int result;
-
- result = smdb_db_open(database, db_name, mode, mode_mask, sff,
- type, user_info, params);
-# ifdef NDBM
- if (result == ENOENT && type_was_default)
- type = SMDB_TYPE_NDBM;
- else
-# endif /* NDBM */
- return result;
-#else /* NEWDB */
- return SMDBE_UNSUPPORTED_DB_TYPE;
-#endif /* NEWDB */
- }
-
- if (strncmp(type, SMDB_TYPE_NDBM, SMDB_TYPE_NDBM_LEN) == 0)
- {
-#ifdef NDBM
- int result;
-
- result = smdb_ndbm_open(database, db_name, mode, mode_mask,
- sff, type, user_info, params);
- return result;
-#else /* NDBM */
- return SMDBE_UNSUPPORTED_DB_TYPE;
-#endif /* NDBM */
+ if (!type_was_default && strcmp(type, smdb_type) != 0)
+ continue;
+ smdb_open_fun = type2func[i].t2f_open_fun;
+ if (smdb_open_fun == NULL)
+ {
+ if (type_was_default)
+ continue;
+ else
+ return SMDBE_UNSUPPORTED_DB_TYPE;
+ }
+ result = (*smdb_open_fun)(database, db_name, mode, mode_mask, sff,
+ (char *)smdb_type, user_info, params);
+ if (!((result == ENOENT
+ || result == EINVAL
+#ifdef EFTYPE
+ || result == EFTYPE
+#endif
+ )
+ && type_was_default))
+ goto ret;
}
-
return SMDBE_UNKNOWN_DB_TYPE;
+
+ ret:
+ return result;
}
+
/*
-** SMDB_ADD_EXTENSION -- Adds an extension to a file name.
+** SMDB_ADD_EXTENSION -- Adds an extension to a file name.
**
** Just adds a . followed by a string to a db_name if there
** is room and the db_name does not already have that extension.
**
** Parameters:
** full_name -- The final file name.
** max_full_name_len -- The max length for full_name.
** db_name -- The name of the db.
** extension -- The extension to add.
**
** Returns:
** SMDBE_OK -- Success.
** Anything else is an error. Look up more info about the
** error in the comments for the specific open() used.
*/
int
smdb_add_extension(full_name, max_full_name_len, db_name, extension)
char *full_name;
int max_full_name_len;
char *db_name;
char *extension;
{
int extension_len;
int db_name_len;
if (full_name == NULL || db_name == NULL || extension == NULL)
return SMDBE_INVALID_PARAMETER;
extension_len = strlen(extension);
db_name_len = strlen(db_name);
if (extension_len + db_name_len + 2 > max_full_name_len)
return SMDBE_DB_NAME_TOO_LONG;
if (db_name_len < extension_len + 1 ||
db_name[db_name_len - extension_len - 1] != '.' ||
strcmp(&db_name[db_name_len - extension_len], extension) != 0)
(void) sm_snprintf(full_name, max_full_name_len, "%s.%s",
db_name, extension);
else
(void) sm_strlcpy(full_name, db_name, max_full_name_len);
return SMDBE_OK;
}
/*
** SMDB_LOCK_FILE -- Locks the database file.
**
** Locks the actual database file.
**
** Parameters:
** lock_fd -- The resulting descriptor for the locked file.
** db_name -- The name of the database without extension.
** mode -- The open mode.
** sff -- Flags to safefile.
** extension -- The extension for the file.
**
** Returns:
** SMDBE_OK -- Success, otherwise errno.
*/
int
smdb_lock_file(lock_fd, db_name, mode, sff, extension)
int *lock_fd;
char *db_name;
int mode;
long sff;
char *extension;
{
int result;
char file_name[MAXPATHLEN];
result = smdb_add_extension(file_name, sizeof file_name, db_name,
extension);
if (result != SMDBE_OK)
return result;
*lock_fd = safeopen(file_name, mode & ~O_TRUNC, DBMMODE, sff);
if (*lock_fd < 0)
return errno;
return SMDBE_OK;
}
/*
** SMDB_UNLOCK_FILE -- Unlocks a file
**
** Unlocks a file.
**
** Parameters:
** lock_fd -- The descriptor for the locked file.
**
** Returns:
** SMDBE_OK -- Success, otherwise errno.
*/
int
smdb_unlock_file(lock_fd)
int lock_fd;
{
int result;
result = close(lock_fd);
if (result != 0)
return errno;
return SMDBE_OK;
}
/*
** SMDB_LOCK_MAP -- Locks a database.
**
** Parameters:
** database -- database description.
** type -- type of the lock. Bits can be:
** LOCK_EX -- exclusive lock.
** LOCK_NB -- non-blocking.
**
** Returns:
** SMDBE_OK -- Success, otherwise errno.
*/
int
smdb_lock_map(database, type)
SMDB_DATABASE *database;
int type;
{
int fd;
fd = database->smdb_lockfd(database);
if (fd < 0)
return SMDBE_NOT_FOUND;
if (!smdb_lockfile(fd, type))
return SMDBE_LOCK_NOT_GRANTED;
return SMDBE_OK;
}
/*
** SMDB_UNLOCK_MAP -- Unlocks a database
**
** Parameters:
** database -- database description.
**
** Returns:
** SMDBE_OK -- Success, otherwise errno.
*/
int
smdb_unlock_map(database)
SMDB_DATABASE *database;
{
int fd;
fd = database->smdb_lockfd(database);
if (fd < 0)
return SMDBE_NOT_FOUND;
if (!smdb_lockfile(fd, LOCK_UN))
return SMDBE_LOCK_NOT_HELD;
return SMDBE_OK;
}
/*
** SMDB_SETUP_FILE -- Gets db file ready for use.
**
** Makes sure permissions on file are safe and creates it if it
** doesn't exist.
**
** Parameters:
** db_name -- The name of the database without extension.
** extension -- The extension.
** sff -- Flags to safefile.
** mode_mask -- Mode bits that must match.
** user_info -- Information on the user to use for file
** permissions.
** stat_info -- A place to put the stat info for the file.
** Returns:
** SMDBE_OK -- Success, otherwise errno.
*/
int
smdb_setup_file(db_name, extension, mode_mask, sff, user_info, stat_info)
char *db_name;
char *extension;
int mode_mask;
long sff;
SMDB_USER_INFO *user_info;
struct stat *stat_info;
{
int st;
int result;
char db_file_name[MAXPATHLEN];
result = smdb_add_extension(db_file_name, sizeof db_file_name, db_name,
extension);
if (result != SMDBE_OK)
return result;
st = safefile(db_file_name, user_info->smdbu_id,
user_info->smdbu_group_id, user_info->smdbu_name,
sff, mode_mask, stat_info);
if (st != 0)
return st;
return SMDBE_OK;
}
/*
** SMDB_FILECHANGED -- Checks to see if a file changed.
**
** Compares the passed in stat_info with a current stat on
** the passed in file descriptor. Check filechanged for
** return values.
**
** Parameters:
** db_name -- The name of the database without extension.
** extension -- The extension.
** db_fd -- A file descriptor for the database file.
** stat_info -- An old stat_info.
** Returns:
** SMDBE_OK -- Success, otherwise errno.
*/
int
smdb_filechanged(db_name, extension, db_fd, stat_info)
char *db_name;
char *extension;
int db_fd;
struct stat *stat_info;
{
int result;
char db_file_name[MAXPATHLEN];
result = smdb_add_extension(db_file_name, sizeof db_file_name, db_name,
extension);
if (result != SMDBE_OK)
return result;
return filechanged(db_file_name, db_fd, stat_info);
}
+
/*
-** SMDB_PRINT_AVAILABLE_TYPES -- Prints the names of the available types.
+** SMDB_PRINT_AVAILABLE_TYPES -- Prints the names of the available types.
**
** Parameters:
** None
**
** Returns:
** None
*/
void
-smdb_print_available_types()
+smdb_print_available_types(ext)
+ bool ext;
{
-#ifdef NDBM
- printf("dbm\n");
-#endif /* NDBM */
-#ifdef NEWDB
- printf("hash\n");
- printf("btree\n");
-#endif /* NEWDB */
+# define PEXT1 ((ext) ? ":" : "")
+# define PEXT2(x) ((ext) ? x : "")
+
+#if NDBM
+ printf("%s%s%s\n", SMDB_TYPE_NDBM, PEXT1, PEXT2(SMNDB_DIR_FILE_EXTENSION));
+#endif
+#if NEWDB
+/* # if SMDB1_FILE_EXTENSION == SMDB2_FILE_EXTENSION */
+ printf("%s%s%s\n", SMDB_TYPE_HASH, PEXT1, PEXT2(SMDB1_FILE_EXTENSION));
+ printf("%s%s%s\n", SMDB_TYPE_BTREE, PEXT1, PEXT2(SMDB1_FILE_EXTENSION));
+#endif
+#if CDB
+ printf("%s%s%s\n", SMDB_TYPE_CDB, PEXT1, PEXT2(SMCDB_FILE_EXTENSION));
+#endif
+#ifdef SMDB_TYPE_IMPL
+ printf("%s%s%s\n", SMDB_TYPE_IMPL, PEXT1, "");
+#endif
+}
+
+/*
+** SMDB_IS_DB_TYPE -- Does a name match an available DB type?
+**
+** Parameters:
+** type -- The name of the database type.
+**
+** Returns:
+** true iff match
+*/
+
+bool
+smdb_is_db_type(db_type)
+ const char *db_type;
+{
+#if NDBM
+ if (strcmp(db_type, SMDB_TYPE_NDBM) == 0)
+ return true;
+#endif
+#if NEWDB
+ if (strcmp(db_type, SMDB_TYPE_HASH) == 0)
+ return true;
+ if (strcmp(db_type, SMDB_TYPE_BTREE) == 0)
+ return true;
+#endif
+#if CDB
+ if (strcmp(db_type, SMDB_TYPE_CDB) == 0)
+ return true;
+#endif
+ return false;
}
+
+
/*
-** SMDB_DB_DEFINITION -- Given a database type, return database definition
+** SMDB_DB_DEFINITION -- Given a database type, return database definition
**
** Reads though a structure making an association with the database
** type and the required cpp define from sendmail/README.
** List size is dynamic and must be NULL terminated.
**
** Parameters:
** type -- The name of the database type.
**
** Returns:
** definition for type, otherwise NULL.
*/
typedef struct
{
SMDB_DBTYPE type;
char *dbdef;
} dbtype;
static dbtype DatabaseDefs[] =
{
{ SMDB_TYPE_HASH, "NEWDB" },
{ SMDB_TYPE_BTREE, "NEWDB" },
{ SMDB_TYPE_NDBM, "NDBM" },
+ { SMDB_TYPE_CDB, "CDB" },
{ NULL, "OOPS" }
};
char *
smdb_db_definition(type)
SMDB_DBTYPE type;
{
dbtype *ptr = DatabaseDefs;
while (ptr != NULL && ptr->type != NULL)
{
if (strcmp(type, ptr->type) == 0)
return ptr->dbdef;
ptr++;
}
return NULL;
}
diff --git a/libsmdb/smdb1.c b/libsmdb/smdb1.c
index 9d4e958032a7..85dc7fcaf74c 100644
--- a/libsmdb/smdb1.c
+++ b/libsmdb/smdb1.c
@@ -1,584 +1,580 @@
/*
** Copyright (c) 1999-2002, 2004, 2009 Proofpoint, Inc. and its suppliers.
** All rights reserved.
**
** By using this file, you agree to the terms and conditions set
** forth in the LICENSE file which can be found at the top level of
** the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: smdb1.c,v 8.63 2013-11-22 20:51:49 ca Exp $")
#include <unistd.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sendmail/sendmail.h>
#include <libsmdb/smdb.h>
#if (DB_VERSION_MAJOR == 1)
-# define SMDB1_FILE_EXTENSION "db"
-
struct smdb_db1_struct
{
DB *smdb1_db;
int smdb1_lock_fd;
bool smdb1_cursor_in_use;
};
typedef struct smdb_db1_struct SMDB_DB1_DATABASE;
struct smdb_db1_cursor
{
SMDB_DB1_DATABASE *db;
};
typedef struct smdb_db1_cursor SMDB_DB1_CURSOR;
static DBTYPE smdb_type_to_db1_type __P((SMDB_DBTYPE));
static unsigned int smdb_put_flags_to_db1_flags __P((SMDB_FLAG));
static int smdb_cursor_get_flags_to_smdb1 __P((SMDB_FLAG));
static SMDB_DB1_DATABASE *smdb1_malloc_database __P((void));
static int smdb1_close __P((SMDB_DATABASE *));
static int smdb1_del __P((SMDB_DATABASE *, SMDB_DBENT *, unsigned int));
static int smdb1_fd __P((SMDB_DATABASE *, int *));
static int smdb1_lockfd __P((SMDB_DATABASE *));
static int smdb1_get __P((SMDB_DATABASE *, SMDB_DBENT *, SMDB_DBENT *, unsigned int));
static int smdb1_put __P((SMDB_DATABASE *, SMDB_DBENT *, SMDB_DBENT *, unsigned int));
static int smdb1_set_owner __P((SMDB_DATABASE *, uid_t, gid_t));
static int smdb1_sync __P((SMDB_DATABASE *, unsigned int));
static int smdb1_cursor_close __P((SMDB_CURSOR *));
static int smdb1_cursor_del __P((SMDB_CURSOR *, unsigned int));
static int smdb1_cursor_get __P((SMDB_CURSOR *, SMDB_DBENT *, SMDB_DBENT *, SMDB_FLAG));
static int smdb1_cursor_put __P((SMDB_CURSOR *, SMDB_DBENT *, SMDB_DBENT *, SMDB_FLAG));
static int smdb1_cursor __P((SMDB_DATABASE *, SMDB_CURSOR **, unsigned int));
/*
** SMDB_TYPE_TO_DB1_TYPE -- Translates smdb database type to db1 type.
**
** Parameters:
** type -- The type to translate.
**
** Returns:
** The DB1 type that corresponsds to the passed in SMDB type.
** Returns -1 if there is no equivalent type.
**
*/
static DBTYPE
smdb_type_to_db1_type(type)
SMDB_DBTYPE type;
{
if (type == SMDB_TYPE_DEFAULT)
return DB_HASH;
- if (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0)
+ if (SMDB_IS_TYPE_HASH(type))
return DB_HASH;
- if (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0)
+ if (SMDB_IS_TYPE_BTREE(type))
return DB_BTREE;
/* Should never get here thanks to test in smdb_db_open() */
return DB_HASH;
}
/*
** SMDB_PUT_FLAGS_TO_DB1_FLAGS -- Translates smdb put flags to db1 put flags.
**
** Parameters:
** flags -- The flags to translate.
**
** Returns:
** The db1 flags that are equivalent to the smdb flags.
**
** Notes:
** Any invalid flags are ignored.
**
*/
static unsigned int
smdb_put_flags_to_db1_flags(flags)
SMDB_FLAG flags;
{
int return_flags;
return_flags = 0;
if (bitset(SMDBF_NO_OVERWRITE, flags))
return_flags |= R_NOOVERWRITE;
return return_flags;
}
/*
** SMDB_CURSOR_GET_FLAGS_TO_SMDB1
**
** Parameters:
** flags -- The flags to translate.
**
** Returns:
** The db1 flags that are equivalent to the smdb flags.
**
** Notes:
** Returns -1 if we don't support the flag.
**
*/
static int
smdb_cursor_get_flags_to_smdb1(flags)
SMDB_FLAG flags;
{
switch(flags)
{
case SMDB_CURSOR_GET_FIRST:
return R_FIRST;
case SMDB_CURSOR_GET_LAST:
return R_LAST;
case SMDB_CURSOR_GET_NEXT:
return R_NEXT;
case SMDB_CURSOR_GET_RANGE:
return R_CURSOR;
default:
return -1;
}
}
/*
** The rest of these functions correspond to the interface laid out in smdb.h.
*/
static SMDB_DB1_DATABASE *
smdb1_malloc_database()
{
SMDB_DB1_DATABASE *db1;
db1 = (SMDB_DB1_DATABASE *) malloc(sizeof(SMDB_DB1_DATABASE));
if (db1 != NULL)
{
db1->smdb1_lock_fd = -1;
db1->smdb1_cursor_in_use = false;
}
return db1;
}
static int
smdb1_close(database)
SMDB_DATABASE *database;
{
int result;
SMDB_DB1_DATABASE *db1 = (SMDB_DB1_DATABASE *) database->smdb_impl;
DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
result = db->close(db);
if (db1->smdb1_lock_fd != -1)
(void) close(db1->smdb1_lock_fd);
free(db1);
database->smdb_impl = NULL;
return result;
}
static int
smdb1_del(database, key, flags)
SMDB_DATABASE *database;
SMDB_DBENT *key;
unsigned int flags;
{
DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
DBT dbkey;
(void) memset(&dbkey, '\0', sizeof dbkey);
dbkey.data = key->data;
dbkey.size = key->size;
return db->del(db, &dbkey, flags);
}
static int
smdb1_fd(database, fd)
SMDB_DATABASE *database;
int *fd;
{
DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
*fd = db->fd(db);
if (*fd == -1)
return errno;
return SMDBE_OK;
}
static int
smdb1_lockfd(database)
SMDB_DATABASE *database;
{
SMDB_DB1_DATABASE *db1 = (SMDB_DB1_DATABASE *) database->smdb_impl;
return db1->smdb1_lock_fd;
}
static int
smdb1_get(database, key, data, flags)
SMDB_DATABASE *database;
SMDB_DBENT *key;
SMDB_DBENT *data;
unsigned int flags;
{
int result;
DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
DBT dbkey, dbdata;
(void) memset(&dbdata, '\0', sizeof dbdata);
(void) memset(&dbkey, '\0', sizeof dbkey);
dbkey.data = key->data;
dbkey.size = key->size;
result = db->get(db, &dbkey, &dbdata, flags);
if (result != 0)
{
if (result == 1)
return SMDBE_NOT_FOUND;
return errno;
}
data->data = dbdata.data;
data->size = dbdata.size;
return SMDBE_OK;
}
static int
smdb1_put(database, key, data, flags)
SMDB_DATABASE *database;
SMDB_DBENT *key;
SMDB_DBENT *data;
unsigned int flags;
{
DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
DBT dbkey, dbdata;
(void) memset(&dbdata, '\0', sizeof dbdata);
(void) memset(&dbkey, '\0', sizeof dbkey);
dbkey.data = key->data;
dbkey.size = key->size;
dbdata.data = data->data;
dbdata.size = data->size;
return db->put(db, &dbkey, &dbdata,
smdb_put_flags_to_db1_flags(flags));
}
static int
smdb1_set_owner(database, uid, gid)
SMDB_DATABASE *database;
uid_t uid;
gid_t gid;
{
# if HASFCHOWN
int fd;
int result;
DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
fd = db->fd(db);
if (fd == -1)
return errno;
result = fchown(fd, uid, gid);
if (result < 0)
return errno;
# endif /* HASFCHOWN */
return SMDBE_OK;
}
static int
smdb1_sync(database, flags)
SMDB_DATABASE *database;
unsigned int flags;
{
DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db;
return db->sync(db, flags);
}
static int
smdb1_cursor_close(cursor)
SMDB_CURSOR *cursor;
{
SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl;
SMDB_DB1_DATABASE *db1 = db1_cursor->db;
if (!db1->smdb1_cursor_in_use)
return SMDBE_NOT_A_VALID_CURSOR;
db1->smdb1_cursor_in_use = false;
free(cursor);
return SMDBE_OK;
}
static int
smdb1_cursor_del(cursor, flags)
SMDB_CURSOR *cursor;
unsigned int flags;
{
SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl;
SMDB_DB1_DATABASE *db1 = db1_cursor->db;
DB *db = db1->smdb1_db;
return db->del(db, NULL, R_CURSOR);
}
static int
smdb1_cursor_get(cursor, key, value, flags)
SMDB_CURSOR *cursor;
SMDB_DBENT *key;
SMDB_DBENT *value;
SMDB_FLAG flags;
{
int db1_flags;
int result;
SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl;
SMDB_DB1_DATABASE *db1 = db1_cursor->db;
DB *db = db1->smdb1_db;
DBT dbkey, dbdata;
(void) memset(&dbdata, '\0', sizeof dbdata);
(void) memset(&dbkey, '\0', sizeof dbkey);
db1_flags = smdb_cursor_get_flags_to_smdb1(flags);
result = db->seq(db, &dbkey, &dbdata, db1_flags);
if (result == -1)
return errno;
if (result == 1)
return SMDBE_LAST_ENTRY;
value->data = dbdata.data;
value->size = dbdata.size;
key->data = dbkey.data;
key->size = dbkey.size;
return SMDBE_OK;
}
static int
smdb1_cursor_put(cursor, key, value, flags)
SMDB_CURSOR *cursor;
SMDB_DBENT *key;
SMDB_DBENT *value;
SMDB_FLAG flags;
{
SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl;
SMDB_DB1_DATABASE *db1 = db1_cursor->db;
DB *db = db1->smdb1_db;
DBT dbkey, dbdata;
(void) memset(&dbdata, '\0', sizeof dbdata);
(void) memset(&dbkey, '\0', sizeof dbkey);
dbkey.data = key->data;
dbkey.size = key->size;
dbdata.data = value->data;
dbdata.size = value->size;
return db->put(db, &dbkey, &dbdata, R_CURSOR);
}
static int
smdb1_cursor(database, cursor, flags)
SMDB_DATABASE *database;
SMDB_CURSOR **cursor;
unsigned int flags;
{
SMDB_DB1_DATABASE *db1 = (SMDB_DB1_DATABASE *) database->smdb_impl;
SMDB_CURSOR *cur;
SMDB_DB1_CURSOR *db1_cursor;
if (db1->smdb1_cursor_in_use)
return SMDBE_ONLY_SUPPORTS_ONE_CURSOR;
db1_cursor = (SMDB_DB1_CURSOR *) malloc(sizeof(SMDB_DB1_CURSOR));
if (db1_cursor == NULL)
return SMDBE_MALLOC;
cur = (SMDB_CURSOR *) malloc(sizeof(SMDB_CURSOR));
if (cur == NULL)
{
free(db1_cursor);
return SMDBE_MALLOC;
}
db1->smdb1_cursor_in_use = true;
db1_cursor->db = db1;
cur->smdbc_impl = db1_cursor;
cur->smdbc_close = smdb1_cursor_close;
cur->smdbc_del = smdb1_cursor_del;
cur->smdbc_get = smdb1_cursor_get;
cur->smdbc_put = smdb1_cursor_put;
*cursor = cur;
return SMDBE_OK;
}
/*
** SMDB_DB_OPEN -- Opens a db1 database.
**
** Parameters:
** database -- An unallocated database pointer to a pointer.
** db_name -- The name of the database without extension.
** mode -- File permisions on the database if created.
** mode_mask -- Mode bits that must match on an existing database.
** sff -- Flags for safefile.
** type -- The type of database to open
** See smdb_type_to_db1_type for valid types.
** user_info -- Information on the user to use for file
** permissions.
** db_params --
** An SMDB_DBPARAMS struct including params. These
** are processed according to the type of the
** database. Currently supported params (only for
** HASH type) are:
** num_elements
** cache_size
**
** Returns:
** SMDBE_OK -- Success, otherwise errno.
*/
int
smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info,
db_params)
SMDB_DATABASE **database;
char *db_name;
int mode;
int mode_mask;
long sff;
SMDB_DBTYPE type;
SMDB_USER_INFO *user_info;
SMDB_DBPARAMS *db_params;
{
bool lockcreated = false;
int db_fd;
int lock_fd;
int result;
void *params;
SMDB_DATABASE *smdb_db;
SMDB_DB1_DATABASE *db1;
DB *db;
HASHINFO hash_info;
BTREEINFO btree_info;
DBTYPE db_type;
struct stat stat_info;
char db_file_name[MAXPATHLEN];
if (type == NULL ||
- (strncmp(SMDB_TYPE_HASH, type, SMDB_TYPE_HASH_LEN) != 0 &&
- strncmp(SMDB_TYPE_BTREE, type, SMDB_TYPE_BTREE_LEN) != 0))
+ (!SMDB_IS_TYPE_HASH(type) && !SMDB_IS_TYPE_BTREE(type)
+ ))
return SMDBE_UNKNOWN_DB_TYPE;
result = smdb_add_extension(db_file_name, sizeof db_file_name,
db_name, SMDB1_FILE_EXTENSION);
if (result != SMDBE_OK)
return result;
result = smdb_setup_file(db_name, SMDB1_FILE_EXTENSION, mode_mask,
sff, user_info, &stat_info);
if (result != SMDBE_OK)
return result;
if (stat_info.st_mode == ST_MODE_NOFILE &&
bitset(mode, O_CREAT))
lockcreated = true;
lock_fd = -1;
result = smdb_lock_file(&lock_fd, db_name, mode, sff,
SMDB1_FILE_EXTENSION);
if (result != SMDBE_OK)
return result;
if (lockcreated)
{
mode |= O_TRUNC;
mode &= ~(O_CREAT|O_EXCL);
}
*database = NULL;
smdb_db = smdb_malloc_database();
db1 = smdb1_malloc_database();
if (smdb_db == NULL || db1 == NULL)
{
(void) smdb_unlock_file(lock_fd);
smdb_free_database(smdb_db);
free(db1);
return SMDBE_MALLOC;
}
db1->smdb1_lock_fd = lock_fd;
params = NULL;
- if (db_params != NULL &&
- (strncmp(SMDB_TYPE_HASH, type, SMDB_TYPE_HASH_LEN) == 0))
+ if (db_params != NULL && SMDB_IS_TYPE_HASH(type))
{
(void) memset(&hash_info, '\0', sizeof hash_info);
hash_info.nelem = db_params->smdbp_num_elements;
hash_info.cachesize = db_params->smdbp_cache_size;
params = &hash_info;
}
- if (db_params != NULL &&
- (strncmp(SMDB_TYPE_BTREE, type, SMDB_TYPE_BTREE_LEN) == 0))
+ if (db_params != NULL && SMDB_IS_TYPE_BTREE(type))
{
(void) memset(&btree_info, '\0', sizeof btree_info);
btree_info.cachesize = db_params->smdbp_cache_size;
if (db_params->smdbp_allow_dup)
btree_info.flags |= R_DUP;
params = &btree_info;
}
db_type = smdb_type_to_db1_type(type);
db = dbopen(db_file_name, mode, DBMMODE, db_type, params);
if (db != NULL)
{
db_fd = db->fd(db);
result = smdb_filechanged(db_name, SMDB1_FILE_EXTENSION, db_fd,
&stat_info);
}
else
{
if (errno == 0)
result = SMDBE_BAD_OPEN;
else
result = errno;
}
if (result == SMDBE_OK)
{
/* Everything is ok. Setup driver */
db1->smdb1_db = db;
smdb_db->smdb_close = smdb1_close;
smdb_db->smdb_del = smdb1_del;
smdb_db->smdb_fd = smdb1_fd;
smdb_db->smdb_lockfd = smdb1_lockfd;
smdb_db->smdb_get = smdb1_get;
smdb_db->smdb_put = smdb1_put;
smdb_db->smdb_set_owner = smdb1_set_owner;
smdb_db->smdb_sync = smdb1_sync;
smdb_db->smdb_cursor = smdb1_cursor;
smdb_db->smdb_impl = db1;
*database = smdb_db;
return SMDBE_OK;
}
if (db != NULL)
(void) db->close(db);
/* Error opening database */
(void) smdb_unlock_file(db1->smdb1_lock_fd);
free(db1);
smdb_free_database(smdb_db);
return result;
}
#endif /* (DB_VERSION_MAJOR == 1) */
diff --git a/libsmdb/smdb2.c b/libsmdb/smdb2.c
index 403040307a97..d208efb40324 100644
--- a/libsmdb/smdb2.c
+++ b/libsmdb/smdb2.c
@@ -1,701 +1,710 @@
/*
** Copyright (c) 1999-2003, 2009 Proofpoint, Inc. and its suppliers.
** All rights reserved.
**
** By using this file, you agree to the terms and conditions set
** forth in the LICENSE file which can be found at the top level of
** the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: smdb2.c,v 8.83 2013-11-22 20:51:49 ca Exp $")
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
#include <sendmail/sendmail.h>
#include <libsmdb/smdb.h>
#if (DB_VERSION_MAJOR >= 2)
-# define SMDB2_FILE_EXTENSION "db"
-
struct smdb_db2_database
{
DB *smdb2_db;
int smdb2_lock_fd;
};
typedef struct smdb_db2_database SMDB_DB2_DATABASE;
/*
** SMDB_TYPE_TO_DB2_TYPE -- Translates smdb database type to db2 type.
**
** Parameters:
** type -- The type to translate.
**
** Returns:
** The DB2 type that corresponsds to the passed in SMDB type.
** Returns -1 if there is no equivalent type.
**
*/
-DBTYPE
+static DBTYPE
smdb_type_to_db2_type(type)
SMDB_DBTYPE type;
{
if (type == SMDB_TYPE_DEFAULT)
return DB_HASH;
- if (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0)
+ if (SMDB_IS_TYPE_HASH(type))
return DB_HASH;
- if (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0)
+ if (SMDB_IS_TYPE_BTREE(type))
return DB_BTREE;
return DB_UNKNOWN;
}
/*
** DB2_ERROR_TO_SMDB -- Translates db2 errors to smdbe errors
**
** Parameters:
** error -- The error to translate.
**
** Returns:
** The SMDBE error corresponding to the db2 error.
-** If we don't have a corresponding error, it returs errno.
+** If we don't have a corresponding error, it returns errno.
**
*/
-int
+static int
db2_error_to_smdb(error)
int error;
{
int result;
switch (error)
{
# ifdef DB_INCOMPLETE
case DB_INCOMPLETE:
result = SMDBE_INCOMPLETE;
break;
-# endif /* DB_INCOMPLETE */
+# endif
# ifdef DB_NOTFOUND
case DB_NOTFOUND:
result = SMDBE_NOT_FOUND;
break;
-# endif /* DB_NOTFOUND */
+# endif
# ifdef DB_KEYEMPTY
case DB_KEYEMPTY:
result = SMDBE_KEY_EMPTY;
break;
-# endif /* DB_KEYEMPTY */
+# endif
# ifdef DB_KEYEXIST
case DB_KEYEXIST:
result = SMDBE_KEY_EXIST;
break;
-# endif /* DB_KEYEXIST */
+# endif
# ifdef DB_LOCK_DEADLOCK
case DB_LOCK_DEADLOCK:
result = SMDBE_LOCK_DEADLOCK;
break;
-# endif /* DB_LOCK_DEADLOCK */
+# endif
# ifdef DB_LOCK_NOTGRANTED
case DB_LOCK_NOTGRANTED:
result = SMDBE_LOCK_NOT_GRANTED;
break;
-# endif /* DB_LOCK_NOTGRANTED */
+# endif
# ifdef DB_LOCK_NOTHELD
case DB_LOCK_NOTHELD:
result = SMDBE_LOCK_NOT_HELD;
break;
-# endif /* DB_LOCK_NOTHELD */
+# endif
# ifdef DB_RUNRECOVERY
case DB_RUNRECOVERY:
result = SMDBE_RUN_RECOVERY;
break;
-# endif /* DB_RUNRECOVERY */
+# endif
# ifdef DB_OLD_VERSION
case DB_OLD_VERSION:
result = SMDBE_OLD_VERSION;
break;
-# endif /* DB_OLD_VERSION */
+# endif
case 0:
result = SMDBE_OK;
break;
default:
result = error;
}
return result;
}
/*
** SMDB_PUT_FLAGS_TO_DB2_FLAGS -- Translates smdb put flags to db2 put flags.
**
** Parameters:
** flags -- The flags to translate.
**
** Returns:
** The db2 flags that are equivalent to the smdb flags.
**
** Notes:
** Any invalid flags are ignored.
**
*/
-unsigned int
+static unsigned int
smdb_put_flags_to_db2_flags(flags)
SMDB_FLAG flags;
{
int return_flags;
return_flags = 0;
if (bitset(SMDBF_NO_OVERWRITE, flags))
return_flags |= DB_NOOVERWRITE;
return return_flags;
}
/*
** SMDB_CURSOR_GET_FLAGS_TO_DB2 -- Translates smdb cursor get flags to db2
** getflags.
**
** Parameters:
** flags -- The flags to translate.
**
** Returns:
** The db2 flags that are equivalent to the smdb flags.
**
** Notes:
** -1 is returned if flag is unknown.
**
*/
-int
+static int
smdb_cursor_get_flags_to_db2(flags)
SMDB_FLAG flags;
{
switch (flags)
{
case SMDB_CURSOR_GET_FIRST:
return DB_FIRST;
case SMDB_CURSOR_GET_LAST:
return DB_LAST;
case SMDB_CURSOR_GET_NEXT:
return DB_NEXT;
case SMDB_CURSOR_GET_RANGE:
return DB_SET_RANGE;
default:
return -1;
}
}
/*
** Except for smdb_db_open, the rest of these functions correspond to the
** interface laid out in smdb.h.
*/
-SMDB_DB2_DATABASE *
+static SMDB_DB2_DATABASE *
smdb2_malloc_database()
{
SMDB_DB2_DATABASE *db2;
db2 = (SMDB_DB2_DATABASE *) malloc(sizeof(SMDB_DB2_DATABASE));
if (db2 != NULL)
db2->smdb2_lock_fd = -1;
return db2;
}
-int
+static int
smdb2_close(database)
SMDB_DATABASE *database;
{
int result;
SMDB_DB2_DATABASE *db2 = (SMDB_DB2_DATABASE *) database->smdb_impl;
DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
result = db2_error_to_smdb(db->close(db, 0));
if (db2->smdb2_lock_fd != -1)
close(db2->smdb2_lock_fd);
free(db2);
database->smdb_impl = NULL;
return result;
}
-int
+static int
smdb2_del(database, key, flags)
SMDB_DATABASE *database;
SMDB_DBENT *key;
unsigned int flags;
{
DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
DBT dbkey;
(void) memset(&dbkey, '\0', sizeof dbkey);
dbkey.data = key->data;
dbkey.size = key->size;
return db2_error_to_smdb(db->del(db, NULL, &dbkey, flags));
}
-int
+static int
smdb2_fd(database, fd)
SMDB_DATABASE *database;
int *fd;
{
DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
return db2_error_to_smdb(db->fd(db, fd));
}
-int
+static int
smdb2_lockfd(database)
SMDB_DATABASE *database;
{
SMDB_DB2_DATABASE *db2 = (SMDB_DB2_DATABASE *) database->smdb_impl;
return db2->smdb2_lock_fd;
}
-int
+static int
smdb2_get(database, key, data, flags)
SMDB_DATABASE *database;
SMDB_DBENT *key;
SMDB_DBENT *data;
unsigned int flags;
{
int result;
DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
DBT dbkey, dbdata;
(void) memset(&dbdata, '\0', sizeof dbdata);
(void) memset(&dbkey, '\0', sizeof dbkey);
dbkey.data = key->data;
dbkey.size = key->size;
result = db->get(db, NULL, &dbkey, &dbdata, flags);
data->data = dbdata.data;
data->size = dbdata.size;
return db2_error_to_smdb(result);
}
-int
+static int
smdb2_put(database, key, data, flags)
SMDB_DATABASE *database;
SMDB_DBENT *key;
SMDB_DBENT *data;
unsigned int flags;
{
DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
DBT dbkey, dbdata;
(void) memset(&dbdata, '\0', sizeof dbdata);
(void) memset(&dbkey, '\0', sizeof dbkey);
dbkey.data = key->data;
dbkey.size = key->size;
dbdata.data = data->data;
dbdata.size = data->size;
return db2_error_to_smdb(db->put(db, NULL, &dbkey, &dbdata,
smdb_put_flags_to_db2_flags(flags)));
}
-int
+static int
smdb2_set_owner(database, uid, gid)
SMDB_DATABASE *database;
uid_t uid;
gid_t gid;
{
# if HASFCHOWN
int fd;
int result;
DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
result = db->fd(db, &fd);
if (result != 0)
return result;
result = fchown(fd, uid, gid);
if (result < 0)
return errno;
# endif /* HASFCHOWN */
return SMDBE_OK;
}
-int
+static int
smdb2_sync(database, flags)
SMDB_DATABASE *database;
unsigned int flags;
{
DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
return db2_error_to_smdb(db->sync(db, flags));
}
-int
+static int
smdb2_cursor_close(cursor)
SMDB_CURSOR *cursor;
{
int ret;
DBC *dbc = (DBC *) cursor->smdbc_impl;
ret = db2_error_to_smdb(dbc->c_close(dbc));
free(cursor);
return ret;
}
-int
+static int
smdb2_cursor_del(cursor, flags)
SMDB_CURSOR *cursor;
SMDB_FLAG flags;
{
DBC *dbc = (DBC *) cursor->smdbc_impl;
return db2_error_to_smdb(dbc->c_del(dbc, 0));
}
-int
+static int
smdb2_cursor_get(cursor, key, value, flags)
SMDB_CURSOR *cursor;
SMDB_DBENT *key;
SMDB_DBENT *value;
SMDB_FLAG flags;
{
int db2_flags;
int result;
DBC *dbc = (DBC *) cursor->smdbc_impl;
DBT dbkey, dbdata;
(void) memset(&dbdata, '\0', sizeof dbdata);
(void) memset(&dbkey, '\0', sizeof dbkey);
db2_flags = smdb_cursor_get_flags_to_db2(flags);
result = dbc->c_get(dbc, &dbkey, &dbdata, db2_flags);
if (result == DB_NOTFOUND)
return SMDBE_LAST_ENTRY;
key->data = dbkey.data;
key->size = dbkey.size;
value->data = dbdata.data;
value->size = dbdata.size;
return db2_error_to_smdb(result);
}
-int
+static int
smdb2_cursor_put(cursor, key, value, flags)
SMDB_CURSOR *cursor;
SMDB_DBENT *key;
SMDB_DBENT *value;
SMDB_FLAG flags;
{
DBC *dbc = (DBC *) cursor->smdbc_impl;
DBT dbkey, dbdata;
(void) memset(&dbdata, '\0', sizeof dbdata);
(void) memset(&dbkey, '\0', sizeof dbkey);
dbkey.data = key->data;
dbkey.size = key->size;
dbdata.data = value->data;
dbdata.size = value->size;
return db2_error_to_smdb(dbc->c_put(dbc, &dbkey, &dbdata, 0));
}
-int
+static int
smdb2_cursor(database, cursor, flags)
SMDB_DATABASE *database;
SMDB_CURSOR **cursor;
SMDB_FLAG flags;
{
int result;
DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db;
DBC *db2_cursor;
# if DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6
result = db->cursor(db, NULL, &db2_cursor, 0);
-# else /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */
+# else
result = db->cursor(db, NULL, &db2_cursor);
-# endif /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */
+# endif
if (result != 0)
return db2_error_to_smdb(result);
*cursor = (SMDB_CURSOR *) malloc(sizeof(SMDB_CURSOR));
if (*cursor == NULL)
return SMDBE_MALLOC;
(*cursor)->smdbc_close = smdb2_cursor_close;
(*cursor)->smdbc_del = smdb2_cursor_del;
(*cursor)->smdbc_get = smdb2_cursor_get;
(*cursor)->smdbc_put = smdb2_cursor_put;
(*cursor)->smdbc_impl = db2_cursor;
return SMDBE_OK;
}
# if DB_VERSION_MAJOR == 2
static int
smdb_db_open_internal(db_name, db_type, db_flags, db_params, db)
char *db_name;
DBTYPE db_type;
int db_flags;
SMDB_DBPARAMS *db_params;
DB **db;
{
void *params;
DB_INFO db_info;
params = NULL;
(void) memset(&db_info, '\0', sizeof db_info);
if (db_params != NULL)
{
db_info.db_cachesize = db_params->smdbp_cache_size;
if (db_type == DB_HASH)
db_info.h_nelem = db_params->smdbp_num_elements;
if (db_params->smdbp_allow_dup)
db_info.flags |= DB_DUP;
params = &db_info;
}
return db_open(db_name, db_type, db_flags, DBMMODE, NULL, params, db);
}
# endif /* DB_VERSION_MAJOR == 2 */
# if DB_VERSION_MAJOR > 2
+
+static void
+db_err_cb(
+#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 3
+ dbenv,
+#endif
+ errpfx, msg)
+#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 3
+ const DB_ENV *dbenv;
+ const char *errpfx;
+ const char *msg;
+#else
+ const char *errpfx;
+ char *msg;
+#endif
+{
+ /* do not print/log any errors... */
+ return;
+}
+
static int
smdb_db_open_internal(db_name, db_type, db_flags, db_params, db)
char *db_name;
DBTYPE db_type;
int db_flags;
SMDB_DBPARAMS *db_params;
DB **db;
{
int result;
result = db_create(db, NULL, 0);
if (result != 0 || *db == NULL)
return result;
+ (*db)->set_errcall(*db, db_err_cb);
if (db_params != NULL)
{
result = (*db)->set_cachesize(*db, 0,
db_params->smdbp_cache_size, 0);
if (result != 0)
- {
- (void) (*db)->close((*db), 0);
- *db = NULL;
- return db2_error_to_smdb(result);
- }
+ goto error;
if (db_type == DB_HASH)
{
result = (*db)->set_h_nelem(*db, db_params->smdbp_num_elements);
if (result != 0)
- {
- (void) (*db)->close(*db, 0);
- *db = NULL;
- return db2_error_to_smdb(result);
- }
+ goto error;
}
if (db_params->smdbp_allow_dup)
{
result = (*db)->set_flags(*db, DB_DUP);
if (result != 0)
- {
- (void) (*db)->close(*db, 0);
- *db = NULL;
- return db2_error_to_smdb(result);
- }
+ goto error;
}
}
result = (*db)->open(*db,
DBTXN /* transaction for DB 4.1 */
db_name, NULL, db_type, db_flags, DBMMODE);
+ error:
if (result != 0)
{
(void) (*db)->close(*db, 0);
*db = NULL;
}
return db2_error_to_smdb(result);
}
# endif /* DB_VERSION_MAJOR > 2 */
+
/*
** SMDB_DB_OPEN -- Opens a db database.
**
** Parameters:
** database -- An unallocated database pointer to a pointer.
** db_name -- The name of the database without extension.
** mode -- File permisions for a created database.
** mode_mask -- Mode bits that must match on an opened database.
** sff -- Flags for safefile.
** type -- The type of database to open
** See smdb_type_to_db2_type for valid types.
** user_info -- User information for file permissions.
** db_params --
** An SMDB_DBPARAMS struct including params. These
** are processed according to the type of the
** database. Currently supported params (only for
** HASH type) are:
** num_elements
** cache_size
**
** Returns:
** SMDBE_OK -- Success, other errno:
** SMDBE_MALLOC -- Cannot allocate memory.
** SMDBE_BAD_OPEN -- db_open didn't return an error, but
** somehow the DB pointer is NULL.
** Anything else: translated error from db2
*/
int
smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info, db_params)
SMDB_DATABASE **database;
char *db_name;
int mode;
int mode_mask;
long sff;
SMDB_DBTYPE type;
SMDB_USER_INFO *user_info;
SMDB_DBPARAMS *db_params;
{
bool lockcreated = false;
int result;
int db_flags;
int lock_fd;
int db_fd;
int major_v, minor_v, patch_v;
SMDB_DATABASE *smdb_db;
SMDB_DB2_DATABASE *db2;
DB *db;
DBTYPE db_type;
struct stat stat_info;
char db_file_name[MAXPATHLEN];
(void) db_version(&major_v, &minor_v, &patch_v);
if (major_v != DB_VERSION_MAJOR || minor_v != DB_VERSION_MINOR)
return SMDBE_VERSION_MISMATCH;
*database = NULL;
result = smdb_add_extension(db_file_name, sizeof db_file_name,
db_name, SMDB2_FILE_EXTENSION);
if (result != SMDBE_OK)
return result;
result = smdb_setup_file(db_name, SMDB2_FILE_EXTENSION,
mode_mask, sff, user_info, &stat_info);
if (result != SMDBE_OK)
return result;
lock_fd = -1;
if (stat_info.st_mode == ST_MODE_NOFILE &&
bitset(mode, O_CREAT))
lockcreated = true;
result = smdb_lock_file(&lock_fd, db_name, mode, sff,
SMDB2_FILE_EXTENSION);
if (result != SMDBE_OK)
return result;
if (lockcreated)
{
mode |= O_TRUNC;
mode &= ~(O_CREAT|O_EXCL);
}
smdb_db = smdb_malloc_database();
db2 = smdb2_malloc_database();
if (db2 == NULL || smdb_db == NULL)
{
smdb_unlock_file(lock_fd);
smdb_free_database(smdb_db); /* ok to be NULL */
if (db2 != NULL)
free(db2);
return SMDBE_MALLOC;
}
db2->smdb2_lock_fd = lock_fd;
db_type = smdb_type_to_db2_type(type);
db = NULL;
db_flags = 0;
if (bitset(O_CREAT, mode))
db_flags |= DB_CREATE;
if (bitset(O_TRUNC, mode))
db_flags |= DB_TRUNCATE;
if (mode == O_RDONLY)
db_flags |= DB_RDONLY;
SM_DB_FLAG_ADD(db_flags);
result = smdb_db_open_internal(db_file_name, db_type,
db_flags, db_params, &db);
if (result == 0 && db != NULL)
{
result = db->fd(db, &db_fd);
if (result == 0)
result = SMDBE_OK;
}
else
{
/* Try and narrow down on the problem */
if (result != 0)
result = db2_error_to_smdb(result);
else
result = SMDBE_BAD_OPEN;
}
if (result == SMDBE_OK)
result = smdb_filechanged(db_name, SMDB2_FILE_EXTENSION, db_fd,
&stat_info);
if (result == SMDBE_OK)
{
/* Everything is ok. Setup driver */
db2->smdb2_db = db;
smdb_db->smdb_close = smdb2_close;
smdb_db->smdb_del = smdb2_del;
smdb_db->smdb_fd = smdb2_fd;
smdb_db->smdb_lockfd = smdb2_lockfd;
smdb_db->smdb_get = smdb2_get;
smdb_db->smdb_put = smdb2_put;
smdb_db->smdb_set_owner = smdb2_set_owner;
smdb_db->smdb_sync = smdb2_sync;
smdb_db->smdb_cursor = smdb2_cursor;
smdb_db->smdb_impl = db2;
*database = smdb_db;
return SMDBE_OK;
}
if (db != NULL)
db->close(db, 0);
smdb_unlock_file(db2->smdb2_lock_fd);
free(db2);
smdb_free_database(smdb_db);
return result;
}
#endif /* (DB_VERSION_MAJOR >= 2) */
diff --git a/libsmdb/smndbm.c b/libsmdb/smndbm.c
index 579c5f55171e..bd7bce54cf7f 100644
--- a/libsmdb/smndbm.c
+++ b/libsmdb/smndbm.c
@@ -1,632 +1,631 @@
/*
** Copyright (c) 1999-2002 Proofpoint, Inc. and its suppliers.
** All rights reserved.
**
** By using this file, you agree to the terms and conditions set
** forth in the LICENSE file which can be found at the top level of
** the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: smndbm.c,v 8.55 2013-11-22 20:51:49 ca Exp $")
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
#include <sendmail/sendmail.h>
#include <libsmdb/smdb.h>
#ifdef NDBM
-# define SMNDB_DIR_FILE_EXTENSION "dir"
# define SMNDB_PAG_FILE_EXTENSION "pag"
struct smdb_dbm_database_struct
{
DBM *smndbm_dbm;
int smndbm_lock_fd;
bool smndbm_cursor_in_use;
};
typedef struct smdb_dbm_database_struct SMDB_DBM_DATABASE;
struct smdb_dbm_cursor_struct
{
SMDB_DBM_DATABASE *smndbmc_db;
datum smndbmc_current_key;
};
typedef struct smdb_dbm_cursor_struct SMDB_DBM_CURSOR;
/*
** SMDB_PUT_FLAGS_TO_NDBM_FLAGS -- Translates smdb put flags to ndbm put flags.
**
** Parameters:
** flags -- The flags to translate.
**
** Returns:
** The ndbm flags that are equivalent to the smdb flags.
**
** Notes:
** Any invalid flags are ignored.
**
*/
int
smdb_put_flags_to_ndbm_flags(flags)
SMDB_FLAG flags;
{
int return_flags;
return_flags = 0;
if (bitset(SMDBF_NO_OVERWRITE, flags))
return_flags = DBM_INSERT;
else
return_flags = DBM_REPLACE;
return return_flags;
}
/*
** Except for smdb_ndbm_open, the rest of these function correspond to the
** interface laid out in smdb.h.
*/
SMDB_DBM_DATABASE *
smdbm_malloc_database()
{
SMDB_DBM_DATABASE *db;
db = (SMDB_DBM_DATABASE *) malloc(sizeof(SMDB_DBM_DATABASE));
if (db != NULL)
{
db->smndbm_dbm = NULL;
db->smndbm_lock_fd = -1;
db->smndbm_cursor_in_use = false;
}
return db;
}
int
smdbm_close(database)
SMDB_DATABASE *database;
{
SMDB_DBM_DATABASE *db = (SMDB_DBM_DATABASE *) database->smdb_impl;
DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
dbm_close(dbm);
if (db->smndbm_lock_fd != -1)
close(db->smndbm_lock_fd);
free(db);
database->smdb_impl = NULL;
return SMDBE_OK;
}
int
smdbm_del(database, key, flags)
SMDB_DATABASE *database;
SMDB_DBENT *key;
unsigned int flags;
{
int result;
DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
datum dbkey;
(void) memset(&dbkey, '\0', sizeof dbkey);
dbkey.dptr = key->data;
dbkey.dsize = key->size;
errno = 0;
result = dbm_delete(dbm, dbkey);
if (result != 0)
{
int save_errno = errno;
if (dbm_error(dbm))
return SMDBE_IO_ERROR;
if (save_errno != 0)
return save_errno;
return SMDBE_NOT_FOUND;
}
return SMDBE_OK;
}
int
smdbm_fd(database, fd)
SMDB_DATABASE *database;
int *fd;
{
DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
*fd = dbm_dirfno(dbm);
if (*fd <= 0)
return EINVAL;
return SMDBE_OK;
}
int
smdbm_lockfd(database)
SMDB_DATABASE *database;
{
SMDB_DBM_DATABASE *db = (SMDB_DBM_DATABASE *) database->smdb_impl;
return db->smndbm_lock_fd;
}
int
smdbm_get(database, key, data, flags)
SMDB_DATABASE *database;
SMDB_DBENT *key;
SMDB_DBENT *data;
unsigned int flags;
{
DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
datum dbkey, dbdata;
(void) memset(&dbkey, '\0', sizeof dbkey);
(void) memset(&dbdata, '\0', sizeof dbdata);
dbkey.dptr = key->data;
dbkey.dsize = key->size;
errno = 0;
dbdata = dbm_fetch(dbm, dbkey);
if (dbdata.dptr == NULL)
{
int save_errno = errno;
if (dbm_error(dbm))
return SMDBE_IO_ERROR;
if (save_errno != 0)
return save_errno;
return SMDBE_NOT_FOUND;
}
data->data = dbdata.dptr;
data->size = dbdata.dsize;
return SMDBE_OK;
}
int
smdbm_put(database, key, data, flags)
SMDB_DATABASE *database;
SMDB_DBENT *key;
SMDB_DBENT *data;
unsigned int flags;
{
int result;
int save_errno;
DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
datum dbkey, dbdata;
(void) memset(&dbkey, '\0', sizeof dbkey);
(void) memset(&dbdata, '\0', sizeof dbdata);
dbkey.dptr = key->data;
dbkey.dsize = key->size;
dbdata.dptr = data->data;
dbdata.dsize = data->size;
errno = 0;
result = dbm_store(dbm, dbkey, dbdata,
smdb_put_flags_to_ndbm_flags(flags));
switch (result)
{
case 1:
return SMDBE_DUPLICATE;
case 0:
return SMDBE_OK;
default:
save_errno = errno;
if (dbm_error(dbm))
return SMDBE_IO_ERROR;
if (save_errno != 0)
return save_errno;
return SMDBE_IO_ERROR;
}
/* NOTREACHED */
}
int
smndbm_set_owner(database, uid, gid)
SMDB_DATABASE *database;
uid_t uid;
gid_t gid;
{
# if HASFCHOWN
int fd;
int result;
DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm;
fd = dbm_dirfno(dbm);
if (fd <= 0)
return EINVAL;
result = fchown(fd, uid, gid);
if (result < 0)
return errno;
fd = dbm_pagfno(dbm);
if (fd <= 0)
return EINVAL;
result = fchown(fd, uid, gid);
if (result < 0)
return errno;
# endif /* HASFCHOWN */
return SMDBE_OK;
}
int
smdbm_sync(database, flags)
SMDB_DATABASE *database;
unsigned int flags;
{
return SMDBE_UNSUPPORTED;
}
int
smdbm_cursor_close(cursor)
SMDB_CURSOR *cursor;
{
SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl;
SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db;
if (!db->smndbm_cursor_in_use)
return SMDBE_NOT_A_VALID_CURSOR;
db->smndbm_cursor_in_use = false;
free(dbm_cursor);
free(cursor);
return SMDBE_OK;
}
int
smdbm_cursor_del(cursor, flags)
SMDB_CURSOR *cursor;
unsigned int flags;
{
int result;
SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl;
SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db;
DBM *dbm = db->smndbm_dbm;
errno = 0;
result = dbm_delete(dbm, dbm_cursor->smndbmc_current_key);
if (result != 0)
{
int save_errno = errno;
if (dbm_error(dbm))
return SMDBE_IO_ERROR;
if (save_errno != 0)
return save_errno;
return SMDBE_NOT_FOUND;
}
return SMDBE_OK;
}
int
smdbm_cursor_get(cursor, key, value, flags)
SMDB_CURSOR *cursor;
SMDB_DBENT *key;
SMDB_DBENT *value;
SMDB_FLAG flags;
{
SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl;
SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db;
DBM *dbm = db->smndbm_dbm;
datum dbkey, dbdata;
(void) memset(&dbkey, '\0', sizeof dbkey);
(void) memset(&dbdata, '\0', sizeof dbdata);
if (flags == SMDB_CURSOR_GET_RANGE)
return SMDBE_UNSUPPORTED;
if (dbm_cursor->smndbmc_current_key.dptr == NULL)
{
dbm_cursor->smndbmc_current_key = dbm_firstkey(dbm);
if (dbm_cursor->smndbmc_current_key.dptr == NULL)
{
if (dbm_error(dbm))
return SMDBE_IO_ERROR;
return SMDBE_LAST_ENTRY;
}
}
else
{
dbm_cursor->smndbmc_current_key = dbm_nextkey(dbm);
if (dbm_cursor->smndbmc_current_key.dptr == NULL)
{
if (dbm_error(dbm))
return SMDBE_IO_ERROR;
return SMDBE_LAST_ENTRY;
}
}
errno = 0;
dbdata = dbm_fetch(dbm, dbm_cursor->smndbmc_current_key);
if (dbdata.dptr == NULL)
{
int save_errno = errno;
if (dbm_error(dbm))
return SMDBE_IO_ERROR;
if (save_errno != 0)
return save_errno;
return SMDBE_NOT_FOUND;
}
value->data = dbdata.dptr;
value->size = dbdata.dsize;
key->data = dbm_cursor->smndbmc_current_key.dptr;
key->size = dbm_cursor->smndbmc_current_key.dsize;
return SMDBE_OK;
}
int
smdbm_cursor_put(cursor, key, value, flags)
SMDB_CURSOR *cursor;
SMDB_DBENT *key;
SMDB_DBENT *value;
SMDB_FLAG flags;
{
int result;
int save_errno;
SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl;
SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db;
DBM *dbm = db->smndbm_dbm;
datum dbdata;
(void) memset(&dbdata, '\0', sizeof dbdata);
dbdata.dptr = value->data;
dbdata.dsize = value->size;
errno = 0;
result = dbm_store(dbm, dbm_cursor->smndbmc_current_key, dbdata,
smdb_put_flags_to_ndbm_flags(flags));
switch (result)
{
case 1:
return SMDBE_DUPLICATE;
case 0:
return SMDBE_OK;
default:
save_errno = errno;
if (dbm_error(dbm))
return SMDBE_IO_ERROR;
if (save_errno != 0)
return save_errno;
return SMDBE_IO_ERROR;
}
/* NOTREACHED */
}
int
smdbm_cursor(database, cursor, flags)
SMDB_DATABASE *database;
SMDB_CURSOR **cursor;
SMDB_FLAG flags;
{
SMDB_DBM_DATABASE *db = (SMDB_DBM_DATABASE *) database->smdb_impl;
SMDB_CURSOR *cur;
SMDB_DBM_CURSOR *dbm_cursor;
if (db->smndbm_cursor_in_use)
return SMDBE_ONLY_SUPPORTS_ONE_CURSOR;
db->smndbm_cursor_in_use = true;
dbm_cursor = (SMDB_DBM_CURSOR *) malloc(sizeof(SMDB_DBM_CURSOR));
if (dbm_cursor == NULL)
return SMDBE_MALLOC;
dbm_cursor->smndbmc_db = db;
dbm_cursor->smndbmc_current_key.dptr = NULL;
dbm_cursor->smndbmc_current_key.dsize = 0;
cur = (SMDB_CURSOR*) malloc(sizeof(SMDB_CURSOR));
if (cur == NULL)
{
free(dbm_cursor);
return SMDBE_MALLOC;
}
cur->smdbc_impl = dbm_cursor;
cur->smdbc_close = smdbm_cursor_close;
cur->smdbc_del = smdbm_cursor_del;
cur->smdbc_get = smdbm_cursor_get;
cur->smdbc_put = smdbm_cursor_put;
*cursor = cur;
return SMDBE_OK;
}
/*
** SMDB_NDBM_OPEN -- Opens a ndbm database.
**
** Parameters:
** database -- An unallocated database pointer to a pointer.
** db_name -- The name of the database without extension.
** mode -- File permisions on a created database.
** mode_mask -- Mode bits that much match on an opened database.
** sff -- Flags to safefile.
** type -- The type of database to open.
** Only SMDB_NDBM is supported.
** user_info -- Information on the user to use for file
** permissions.
** db_params -- No params are supported.
**
** Returns:
** SMDBE_OK -- Success, otherwise errno:
** SMDBE_MALLOC -- Cannot allocate memory.
** SMDBE_UNSUPPORTED -- The type is not supported.
** SMDBE_GDBM_IS_BAD -- We have detected GDBM and we don't
** like it.
** SMDBE_BAD_OPEN -- dbm_open failed and errno was not set.
** Anything else: errno
*/
int
smdb_ndbm_open(database, db_name, mode, mode_mask, sff, type, user_info,
db_params)
SMDB_DATABASE **database;
char *db_name;
int mode;
int mode_mask;
long sff;
SMDB_DBTYPE type;
SMDB_USER_INFO *user_info;
SMDB_DBPARAMS *db_params;
{
bool lockcreated = false;
int result;
int lock_fd;
SMDB_DATABASE *smdb_db;
SMDB_DBM_DATABASE *db;
DBM *dbm = NULL;
struct stat dir_stat_info;
struct stat pag_stat_info;
result = SMDBE_OK;
*database = NULL;
if (type == NULL)
return SMDBE_UNKNOWN_DB_TYPE;
result = smdb_setup_file(db_name, SMNDB_DIR_FILE_EXTENSION, mode_mask,
sff, user_info, &dir_stat_info);
if (result != SMDBE_OK)
return result;
result = smdb_setup_file(db_name, SMNDB_PAG_FILE_EXTENSION, mode_mask,
sff, user_info, &pag_stat_info);
if (result != SMDBE_OK)
return result;
if ((dir_stat_info.st_mode == ST_MODE_NOFILE ||
pag_stat_info.st_mode == ST_MODE_NOFILE) &&
bitset(mode, O_CREAT))
lockcreated = true;
lock_fd = -1;
result = smdb_lock_file(&lock_fd, db_name, mode, sff,
SMNDB_DIR_FILE_EXTENSION);
if (result != SMDBE_OK)
return result;
if (lockcreated)
{
int pag_fd;
/* Need to pre-open the .pag file as well with O_EXCL */
result = smdb_lock_file(&pag_fd, db_name, mode, sff,
SMNDB_PAG_FILE_EXTENSION);
if (result != SMDBE_OK)
{
(void) close(lock_fd);
return result;
}
(void) close(pag_fd);
mode |= O_TRUNC;
mode &= ~(O_CREAT|O_EXCL);
}
smdb_db = smdb_malloc_database();
if (smdb_db == NULL)
result = SMDBE_MALLOC;
db = smdbm_malloc_database();
if (db == NULL)
result = SMDBE_MALLOC;
/* Try to open database */
if (result == SMDBE_OK)
{
db->smndbm_lock_fd = lock_fd;
errno = 0;
dbm = dbm_open(db_name, mode, DBMMODE);
if (dbm == NULL)
{
if (errno == 0)
result = SMDBE_BAD_OPEN;
else
result = errno;
}
db->smndbm_dbm = dbm;
}
/* Check for GDBM */
if (result == SMDBE_OK)
{
if (dbm_dirfno(dbm) == dbm_pagfno(dbm))
result = SMDBE_GDBM_IS_BAD;
}
/* Check for filechanged */
if (result == SMDBE_OK)
{
result = smdb_filechanged(db_name, SMNDB_DIR_FILE_EXTENSION,
dbm_dirfno(dbm), &dir_stat_info);
if (result == SMDBE_OK)
{
result = smdb_filechanged(db_name,
SMNDB_PAG_FILE_EXTENSION,
dbm_pagfno(dbm),
&pag_stat_info);
}
}
/* XXX Got to get fchown stuff in here */
/* Setup driver if everything is ok */
if (result == SMDBE_OK)
{
*database = smdb_db;
smdb_db->smdb_close = smdbm_close;
smdb_db->smdb_del = smdbm_del;
smdb_db->smdb_fd = smdbm_fd;
smdb_db->smdb_lockfd = smdbm_lockfd;
smdb_db->smdb_get = smdbm_get;
smdb_db->smdb_put = smdbm_put;
smdb_db->smdb_set_owner = smndbm_set_owner;
smdb_db->smdb_sync = smdbm_sync;
smdb_db->smdb_cursor = smdbm_cursor;
smdb_db->smdb_impl = db;
return SMDBE_OK;
}
/* If we're here, something bad happened, clean up */
if (dbm != NULL)
dbm_close(dbm);
smdb_unlock_file(db->smndbm_lock_fd);
free(db);
smdb_free_database(smdb_db);
return result;
}
#endif /* NDBM */
diff --git a/libsmutil/Makefile b/libsmutil/Makefile
index baffab14d0d4..3bf1c4ba9b39 100644
--- a/libsmutil/Makefile
+++ b/libsmutil/Makefile
@@ -1,17 +1,19 @@
# $Id: Makefile,v 8.2 1999-09-23 22:36:32 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/libsmutil/cf.c b/libsmutil/cf.c
index e447aca4f79d..f803b95ef607 100644
--- a/libsmutil/cf.c
+++ b/libsmutil/cf.c
@@ -1,76 +1,76 @@
/*
* Copyright (c) 2000-2002 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: cf.c,v 8.20 2013-11-22 20:51:50 ca Exp $")
#include <sendmail/pathnames.h>
/*
** GETCFNAME -- return the name of the .cf file to use.
**
** Some systems (e.g., NeXT) determine this dynamically.
**
** For others: returns submit.cf or sendmail.cf depending
** on the modes.
**
** Parameters:
** opmode -- operation mode.
** submitmode -- submit mode.
** cftype -- may request a certain cf file.
** conffile -- if set, return it.
**
** Returns:
** name of .cf file.
*/
char *
getcfname(opmode, submitmode, cftype, conffile)
int opmode;
int submitmode;
int cftype;
char *conffile;
{
#if NETINFO
char *cflocation;
-#endif /* NETINFO */
+#endif
if (conffile != NULL)
return conffile;
if (cftype == SM_GET_SUBMIT_CF ||
((submitmode != SUBMIT_UNKNOWN ||
opmode == MD_DELIVER ||
opmode == MD_ARPAFTP ||
opmode == MD_SMTP) &&
cftype != SM_GET_SENDMAIL_CF))
{
struct stat sbuf;
static char cf[MAXPATHLEN];
#if NETINFO
cflocation = ni_propval("/locations", NULL, "sendmail",
"submit.cf", '\0');
if (cflocation != NULL)
(void) sm_strlcpy(cf, cflocation, sizeof cf);
else
#endif /* NETINFO */
(void) sm_strlcpyn(cf, sizeof cf, 2, _DIR_SENDMAILCF,
"submit.cf");
if (cftype == SM_GET_SUBMIT_CF || stat(cf, &sbuf) == 0)
return cf;
}
#if NETINFO
cflocation = ni_propval("/locations", NULL, "sendmail",
"sendmail.cf", '\0');
if (cflocation != NULL)
return cflocation;
-#endif /* NETINFO */
+#endif
return _PATH_SENDMAILCF;
}
diff --git a/libsmutil/safefile.c b/libsmutil/safefile.c
index 43d66eceee11..1c70c24440e5 100644
--- a/libsmutil/safefile.c
+++ b/libsmutil/safefile.c
@@ -1,982 +1,981 @@
/*
* Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#include <sm/io.h>
#include <sm/errstring.h>
SM_RCSID("@(#)$Id: safefile.c,v 8.130 2013-11-22 20:51:50 ca Exp $")
/*
** SAFEFILE -- return 0 if a file exists and is safe for a user.
**
** Parameters:
** fn -- filename to check.
** uid -- user id to compare against.
** gid -- group id to compare against.
-** user -- user name to compare against (used for group
-** sets).
+** user -- user name to compare against (used for group sets).
** flags -- modifiers:
** SFF_MUSTOWN -- "uid" must own this file.
** SFF_NOSLINK -- file cannot be a symbolic link.
** mode -- mode bits that must match.
** st -- if set, points to a stat structure that will
** get the stat info for the file.
**
** Returns:
** 0 if fn exists, is owned by uid, and matches mode.
** An errno otherwise. The actual errno is cleared.
**
** Side Effects:
** none.
*/
int
safefile(fn, uid, gid, user, flags, mode, st)
char *fn;
UID_T uid;
GID_T gid;
char *user;
long flags;
int mode;
struct stat *st;
{
register char *p;
register struct group *gr = NULL;
int file_errno = 0;
bool checkpath;
struct stat stbuf;
struct stat fstbuf;
char fbuf[MAXPATHLEN];
if (tTd(44, 4))
sm_dprintf("safefile(%s, uid=%d, gid=%d, flags=%lx, mode=%o):\n",
fn, (int) uid, (int) gid, flags, mode);
errno = 0;
if (sm_strlcpy(fbuf, fn, sizeof fbuf) >= sizeof fbuf)
{
if (tTd(44, 4))
sm_dprintf("\tpathname too long\n");
return ENAMETOOLONG;
}
fn = fbuf;
if (st == NULL)
st = &fstbuf;
/* ignore SFF_SAFEDIRPATH if we are debugging */
if (RealUid != 0 && RunAsUid == RealUid)
flags &= ~SFF_SAFEDIRPATH;
/* first check to see if the file exists at all */
# if HASLSTAT
if ((bitset(SFF_NOSLINK, flags) ? lstat(fn, st)
: stat(fn, st)) < 0)
-# else /* HASLSTAT */
+# else
if (stat(fn, st) < 0)
-# endif /* HASLSTAT */
+# endif
{
file_errno = errno;
}
else if (bitset(SFF_SETUIDOK, flags) &&
!bitset(S_IXUSR|S_IXGRP|S_IXOTH, st->st_mode) &&
S_ISREG(st->st_mode))
{
/*
** If final file is set-user-ID, run as the owner of that
** file. Gotta be careful not to reveal anything too
** soon here!
*/
# ifdef SUID_ROOT_FILES_OK
if (bitset(S_ISUID, st->st_mode))
-# else /* SUID_ROOT_FILES_OK */
+# else
if (bitset(S_ISUID, st->st_mode) && st->st_uid != 0 &&
st->st_uid != TrustedUid)
-# endif /* SUID_ROOT_FILES_OK */
+# endif
{
uid = st->st_uid;
user = NULL;
}
# ifdef SUID_ROOT_FILES_OK
if (bitset(S_ISGID, st->st_mode))
-# else /* SUID_ROOT_FILES_OK */
+# else
if (bitset(S_ISGID, st->st_mode) && st->st_gid != 0)
-# endif /* SUID_ROOT_FILES_OK */
+# endif
gid = st->st_gid;
}
checkpath = !bitset(SFF_NOPATHCHECK, flags) ||
(uid == 0 && !bitset(SFF_ROOTOK|SFF_OPENASROOT, flags));
if (bitset(SFF_NOWLINK, flags) && !bitset(SFF_SAFEDIRPATH, flags))
{
int ret;
/* check the directory */
p = strrchr(fn, '/');
if (p == NULL)
{
ret = safedirpath(".", uid, gid, user,
flags|SFF_SAFEDIRPATH, 0, 0);
}
else
{
*p = '\0';
ret = safedirpath(fn, uid, gid, user,
flags|SFF_SAFEDIRPATH, 0, 0);
*p = '/';
}
if (ret == 0)
{
/* directory is safe */
checkpath = false;
}
else
{
# if HASLSTAT
/* Need lstat() information if called stat() before */
if (!bitset(SFF_NOSLINK, flags) && lstat(fn, st) < 0)
{
ret = errno;
if (tTd(44, 4))
sm_dprintf("\t%s\n", sm_errstring(ret));
return ret;
}
# endif /* HASLSTAT */
/* directory is writable: disallow links */
flags |= SFF_NOLINK;
}
}
if (checkpath)
{
int ret;
p = strrchr(fn, '/');
if (p == NULL)
{
ret = safedirpath(".", uid, gid, user, flags, 0, 0);
}
else
{
*p = '\0';
ret = safedirpath(fn, uid, gid, user, flags, 0, 0);
*p = '/';
}
if (ret != 0)
return ret;
}
/*
** If the target file doesn't exist, check the directory to
** ensure that it is writable by this user.
*/
if (file_errno != 0)
{
int ret = file_errno;
char *dir = fn;
if (tTd(44, 4))
sm_dprintf("\t%s\n", sm_errstring(ret));
errno = 0;
if (!bitset(SFF_CREAT, flags) || file_errno != ENOENT)
return ret;
/* check to see if legal to create the file */
p = strrchr(dir, '/');
if (p == NULL)
dir = ".";
else if (p == dir)
dir = "/";
else
*p = '\0';
if (stat(dir, &stbuf) >= 0)
{
int md = S_IWRITE|S_IEXEC;
ret = 0;
if (stbuf.st_uid == uid)
/* EMPTY */
;
else if (uid == 0 && stbuf.st_uid == TrustedUid)
/* EMPTY */
;
else
{
md >>= 3;
if (stbuf.st_gid == gid)
/* EMPTY */
;
# ifndef NO_GROUP_SET
else if (user != NULL && !DontInitGroups &&
((gr != NULL &&
gr->gr_gid == stbuf.st_gid) ||
(gr = getgrgid(stbuf.st_gid)) != NULL))
{
register char **gp;
for (gp = gr->gr_mem; *gp != NULL; gp++)
if (strcmp(*gp, user) == 0)
break;
if (*gp == NULL)
md >>= 3;
}
# endif /* ! NO_GROUP_SET */
else
md >>= 3;
}
if ((stbuf.st_mode & md) != md)
ret = errno = EACCES;
}
else
ret = errno;
if (tTd(44, 4))
sm_dprintf("\t[final dir %s uid %d mode %lo] %s\n",
dir, (int) stbuf.st_uid,
(unsigned long) stbuf.st_mode,
sm_errstring(ret));
if (p != NULL)
*p = '/';
st->st_mode = ST_MODE_NOFILE;
return ret;
}
# ifdef S_ISLNK
if (bitset(SFF_NOSLINK, flags) && S_ISLNK(st->st_mode))
{
if (tTd(44, 4))
sm_dprintf("\t[slink mode %lo]\tE_SM_NOSLINK\n",
(unsigned long) st->st_mode);
return E_SM_NOSLINK;
}
# endif /* S_ISLNK */
if (bitset(SFF_REGONLY, flags) && !S_ISREG(st->st_mode))
{
if (tTd(44, 4))
sm_dprintf("\t[non-reg mode %lo]\tE_SM_REGONLY\n",
(unsigned long) st->st_mode);
return E_SM_REGONLY;
}
if (bitset(SFF_NOGWFILES, flags) &&
bitset(S_IWGRP, st->st_mode))
{
if (tTd(44, 4))
sm_dprintf("\t[write bits %lo]\tE_SM_GWFILE\n",
(unsigned long) st->st_mode);
return E_SM_GWFILE;
}
if (bitset(SFF_NOWWFILES, flags) &&
bitset(S_IWOTH, st->st_mode))
{
if (tTd(44, 4))
sm_dprintf("\t[write bits %lo]\tE_SM_WWFILE\n",
(unsigned long) st->st_mode);
return E_SM_WWFILE;
}
if (bitset(SFF_NOGRFILES, flags) && bitset(S_IRGRP, st->st_mode))
{
if (tTd(44, 4))
sm_dprintf("\t[read bits %lo]\tE_SM_GRFILE\n",
(unsigned long) st->st_mode);
return E_SM_GRFILE;
}
if (bitset(SFF_NOWRFILES, flags) && bitset(S_IROTH, st->st_mode))
{
if (tTd(44, 4))
sm_dprintf("\t[read bits %lo]\tE_SM_WRFILE\n",
(unsigned long) st->st_mode);
return E_SM_WRFILE;
}
if (!bitset(SFF_EXECOK, flags) &&
bitset(S_IWUSR|S_IWGRP|S_IWOTH, mode) &&
bitset(S_IXUSR|S_IXGRP|S_IXOTH, st->st_mode))
{
if (tTd(44, 4))
sm_dprintf("\t[exec bits %lo]\tE_SM_ISEXEC\n",
(unsigned long) st->st_mode);
return E_SM_ISEXEC;
}
if (bitset(SFF_NOHLINK, flags) && st->st_nlink != 1)
{
if (tTd(44, 4))
sm_dprintf("\t[link count %d]\tE_SM_NOHLINK\n",
(int) st->st_nlink);
return E_SM_NOHLINK;
}
if (uid == 0 && bitset(SFF_OPENASROOT, flags))
/* EMPTY */
;
else if (uid == 0 && !bitset(SFF_ROOTOK, flags))
mode >>= 6;
else if (st->st_uid == uid)
/* EMPTY */
;
else if (uid == 0 && st->st_uid == TrustedUid)
/* EMPTY */
;
else
{
mode >>= 3;
if (st->st_gid == gid)
/* EMPTY */
;
# ifndef NO_GROUP_SET
else if (user != NULL && !DontInitGroups &&
((gr != NULL && gr->gr_gid == st->st_gid) ||
(gr = getgrgid(st->st_gid)) != NULL))
{
register char **gp;
for (gp = gr->gr_mem; *gp != NULL; gp++)
if (strcmp(*gp, user) == 0)
break;
if (*gp == NULL)
mode >>= 3;
}
# endif /* ! NO_GROUP_SET */
else
mode >>= 3;
}
if (tTd(44, 4))
sm_dprintf("\t[uid %d, nlink %d, stat %lo, mode %lo] ",
(int) st->st_uid, (int) st->st_nlink,
(unsigned long) st->st_mode, (unsigned long) mode);
if ((st->st_uid == uid || st->st_uid == 0 ||
st->st_uid == TrustedUid ||
!bitset(SFF_MUSTOWN, flags)) &&
(st->st_mode & mode) == mode)
{
if (tTd(44, 4))
sm_dprintf("\tOK\n");
return 0;
}
if (tTd(44, 4))
sm_dprintf("\tEACCES\n");
return EACCES;
}
/*
** SAFEDIRPATH -- check to make sure a path to a directory is safe
**
** Safe means not writable and owned by the right folks.
**
** Parameters:
** fn -- filename to check.
** uid -- user id to compare against.
** gid -- group id to compare against.
** user -- user name to compare against (used for group
** sets).
** flags -- modifiers:
** SFF_ROOTOK -- ok to use root permissions to open.
** SFF_SAFEDIRPATH -- writable directories are considered
** to be fatal errors.
** level -- symlink recursive level.
** offset -- offset into fn to start checking from.
**
** Returns:
** 0 -- if the directory path is "safe".
** else -- an error number associated with the path.
*/
int
safedirpath(fn, uid, gid, user, flags, level, offset)
char *fn;
UID_T uid;
GID_T gid;
char *user;
long flags;
int level;
int offset;
{
int ret = 0;
int mode = S_IWOTH;
char save = '\0';
char *saveptr = NULL;
char *p, *enddir;
register struct group *gr = NULL;
char s[MAXLINKPATHLEN];
struct stat stbuf;
/* make sure we aren't in a symlink loop */
if (level > MAXSYMLINKS)
return ELOOP;
if (level < 0 || offset < 0 || offset > strlen(fn))
return EINVAL;
/* special case root directory */
if (*fn == '\0')
fn = "/";
if (tTd(44, 4))
sm_dprintf("safedirpath(%s, uid=%ld, gid=%ld, flags=%lx, level=%d, offset=%d):\n",
fn, (long) uid, (long) gid, flags, level, offset);
if (!bitnset(DBS_GROUPWRITABLEDIRPATHSAFE, DontBlameSendmail))
mode |= S_IWGRP;
/* Make a modifiable copy of the filename */
if (sm_strlcpy(s, fn, sizeof s) >= sizeof s)
return EINVAL;
p = s + offset;
while (p != NULL)
{
/* put back character */
if (saveptr != NULL)
{
*saveptr = save;
saveptr = NULL;
p++;
}
if (*p == '\0')
break;
p = strchr(p, '/');
/* Special case for root directory */
if (p == s)
{
save = *(p + 1);
saveptr = p + 1;
*(p + 1) = '\0';
}
else if (p != NULL)
{
save = *p;
saveptr = p;
*p = '\0';
}
/* Heuristic: . and .. have already been checked */
enddir = strrchr(s, '/');
if (enddir != NULL &&
(strcmp(enddir, "/..") == 0 ||
strcmp(enddir, "/.") == 0))
continue;
if (tTd(44, 20))
sm_dprintf("\t[dir %s]\n", s);
# if HASLSTAT
ret = lstat(s, &stbuf);
-# else /* HASLSTAT */
+# else
ret = stat(s, &stbuf);
-# endif /* HASLSTAT */
+# endif
if (ret < 0)
{
ret = errno;
break;
}
# ifdef S_ISLNK
/* Follow symlinks */
if (S_ISLNK(stbuf.st_mode))
{
int linklen;
char *target;
char buf[MAXPATHLEN];
char fullbuf[MAXLINKPATHLEN];
memset(buf, '\0', sizeof buf);
linklen = readlink(s, buf, sizeof buf);
if (linklen < 0)
{
ret = errno;
break;
}
if (linklen >= sizeof buf)
{
/* file name too long for buffer */
ret = errno = EINVAL;
break;
}
offset = 0;
if (*buf == '/')
{
target = buf;
/* If path is the same, avoid rechecks */
while (s[offset] == buf[offset] &&
s[offset] != '\0')
offset++;
if (s[offset] == '\0' && buf[offset] == '\0')
{
/* strings match, symlink loop */
return ELOOP;
}
/* back off from the mismatch */
if (offset > 0)
offset--;
/* Make sure we are at a directory break */
if (offset > 0 &&
s[offset] != '/' &&
s[offset] != '\0')
{
while (buf[offset] != '/' &&
offset > 0)
offset--;
}
if (offset > 0 &&
s[offset] == '/' &&
buf[offset] == '/')
{
/* Include the trailing slash */
offset++;
}
}
else
{
char *sptr;
sptr = strrchr(s, '/');
if (sptr != NULL)
{
*sptr = '\0';
offset = sptr + 1 - s;
if (sm_strlcpyn(fullbuf,
sizeof fullbuf, 2,
s, "/") >=
sizeof fullbuf ||
sm_strlcat(fullbuf, buf,
sizeof fullbuf) >=
sizeof fullbuf)
{
ret = EINVAL;
break;
}
*sptr = '/';
}
else
{
if (sm_strlcpy(fullbuf, buf,
sizeof fullbuf) >=
sizeof fullbuf)
{
ret = EINVAL;
break;
}
}
target = fullbuf;
}
ret = safedirpath(target, uid, gid, user, flags,
level + 1, offset);
if (ret != 0)
break;
/* Don't check permissions on the link file itself */
continue;
}
#endif /* S_ISLNK */
if ((uid == 0 || bitset(SFF_SAFEDIRPATH, flags)) &&
#ifdef S_ISVTX
!(bitnset(DBS_TRUSTSTICKYBIT, DontBlameSendmail) &&
bitset(S_ISVTX, stbuf.st_mode)) &&
-#endif /* S_ISVTX */
+#endif
bitset(mode, stbuf.st_mode))
{
if (tTd(44, 4))
sm_dprintf("\t[dir %s] mode %lo ",
s, (unsigned long) stbuf.st_mode);
if (bitset(SFF_SAFEDIRPATH, flags))
{
if (bitset(S_IWOTH, stbuf.st_mode))
ret = E_SM_WWDIR;
else
ret = E_SM_GWDIR;
if (tTd(44, 4))
sm_dprintf("FATAL\n");
break;
}
if (tTd(44, 4))
sm_dprintf("WARNING\n");
if (Verbose > 1)
message("051 WARNING: %s writable directory %s",
bitset(S_IWOTH, stbuf.st_mode)
? "World"
: "Group",
s);
}
if (uid == 0 && !bitset(SFF_ROOTOK|SFF_OPENASROOT, flags))
{
if (bitset(S_IXOTH, stbuf.st_mode))
continue;
ret = EACCES;
break;
}
/*
** Let OS determine access to file if we are not
** running as a privileged user. This allows ACLs
** to work. Also, if opening as root, assume we can
** scan the directory.
*/
if (geteuid() != 0 || bitset(SFF_OPENASROOT, flags))
continue;
if (stbuf.st_uid == uid &&
bitset(S_IXUSR, stbuf.st_mode))
continue;
if (stbuf.st_gid == gid &&
bitset(S_IXGRP, stbuf.st_mode))
continue;
# ifndef NO_GROUP_SET
if (user != NULL && !DontInitGroups &&
((gr != NULL && gr->gr_gid == stbuf.st_gid) ||
(gr = getgrgid(stbuf.st_gid)) != NULL))
{
register char **gp;
for (gp = gr->gr_mem; gp != NULL && *gp != NULL; gp++)
if (strcmp(*gp, user) == 0)
break;
if (gp != NULL && *gp != NULL &&
bitset(S_IXGRP, stbuf.st_mode))
continue;
}
# endif /* ! NO_GROUP_SET */
if (!bitset(S_IXOTH, stbuf.st_mode))
{
ret = EACCES;
break;
}
}
if (tTd(44, 4))
sm_dprintf("\t[dir %s] %s\n", fn,
ret == 0 ? "OK" : sm_errstring(ret));
return ret;
}
/*
** SAFEOPEN -- do a file open with extra checking
**
** Parameters:
** fn -- the file name to open.
** omode -- the open-style mode flags.
** cmode -- the create-style mode flags.
** sff -- safefile flags.
**
** Returns:
** Same as open.
*/
int
safeopen(fn, omode, cmode, sff)
char *fn;
int omode;
int cmode;
long sff;
{
#if !NOFTRUNCATE
bool truncate;
-#endif /* !NOFTRUNCATE */
+#endif
int rval;
int fd;
int smode;
struct stat stb;
if (tTd(44, 10))
sm_dprintf("safeopen: fn=%s, omode=%x, cmode=%x, sff=%lx\n",
fn, omode, cmode, sff);
if (bitset(O_CREAT, omode))
sff |= SFF_CREAT;
omode &= ~O_CREAT;
switch (omode & O_ACCMODE)
{
case O_RDONLY:
smode = S_IREAD;
break;
case O_WRONLY:
smode = S_IWRITE;
break;
case O_RDWR:
smode = S_IREAD|S_IWRITE;
break;
default:
smode = 0;
break;
}
if (bitset(SFF_OPENASROOT, sff))
rval = safefile(fn, RunAsUid, RunAsGid, RunAsUserName,
sff, smode, &stb);
else
rval = safefile(fn, RealUid, RealGid, RealUserName,
sff, smode, &stb);
if (rval != 0)
{
errno = rval;
return -1;
}
if (stb.st_mode == ST_MODE_NOFILE && bitset(SFF_CREAT, sff))
omode |= O_CREAT | (bitset(SFF_NOTEXCL, sff) ? 0 : O_EXCL);
else if (bitset(SFF_CREAT, sff) && bitset(O_EXCL, omode))
{
/* The file exists so an exclusive create would fail */
errno = EEXIST;
return -1;
}
#if !NOFTRUNCATE
truncate = bitset(O_TRUNC, omode);
if (truncate)
omode &= ~O_TRUNC;
-#endif /* !NOFTRUNCATE */
+#endif
fd = dfopen(fn, omode, cmode, sff);
if (fd < 0)
return fd;
if (filechanged(fn, fd, &stb))
{
syserr("554 5.3.0 cannot open: file %s changed after open", fn);
(void) close(fd);
errno = E_SM_FILECHANGE;
return -1;
}
#if !NOFTRUNCATE
if (truncate &&
ftruncate(fd, (off_t) 0) < 0)
{
int save_errno;
save_errno = errno;
syserr("554 5.3.0 cannot open: file %s could not be truncated",
fn);
(void) close(fd);
errno = save_errno;
return -1;
}
#endif /* !NOFTRUNCATE */
return fd;
}
/*
** SAFEFOPEN -- do a file open with extra checking
**
** Parameters:
** fn -- the file name to open.
** omode -- the open-style mode flags.
** cmode -- the create-style mode flags.
** sff -- safefile flags.
**
** Returns:
** Same as fopen.
*/
SM_FILE_T *
safefopen(fn, omode, cmode, sff)
char *fn;
int omode;
int cmode;
long sff;
{
int fd;
int save_errno;
SM_FILE_T *fp;
int fmode;
switch (omode & O_ACCMODE)
{
case O_RDONLY:
fmode = SM_IO_RDONLY;
break;
case O_WRONLY:
if (bitset(O_APPEND, omode))
fmode = SM_IO_APPEND;
else
fmode = SM_IO_WRONLY;
break;
case O_RDWR:
if (bitset(O_TRUNC, omode))
fmode = SM_IO_RDWRTR;
else if (bitset(O_APPEND, omode))
fmode = SM_IO_APPENDRW;
else
fmode = SM_IO_RDWR;
break;
default:
syserr("554 5.3.5 safefopen: unknown omode %o", omode);
fmode = 0;
}
fd = safeopen(fn, omode, cmode, sff);
if (fd < 0)
{
save_errno = errno;
if (tTd(44, 10))
sm_dprintf("safefopen: safeopen failed: %s\n",
sm_errstring(errno));
errno = save_errno;
return NULL;
}
fp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &fd, fmode, NULL);
if (fp != NULL)
return fp;
save_errno = errno;
if (tTd(44, 10))
{
sm_dprintf("safefopen: fdopen(%s, %d) failed: omode=%x, sff=%lx, err=%s\n",
fn, fmode, omode, sff, sm_errstring(errno));
}
(void) close(fd);
errno = save_errno;
return NULL;
}
/*
** FILECHANGED -- check to see if file changed after being opened
**
** Parameters:
** fn -- pathname of file to check.
** fd -- file descriptor to check.
** stb -- stat structure from before open.
**
** Returns:
** true -- if a problem was detected.
** false -- if this file is still the same.
*/
bool
filechanged(fn, fd, stb)
char *fn;
int fd;
struct stat *stb;
{
struct stat sta;
if (stb->st_mode == ST_MODE_NOFILE)
{
# if HASLSTAT && BOGUS_O_EXCL
/* only necessary if exclusive open follows symbolic links */
if (lstat(fn, stb) < 0 || stb->st_nlink != 1)
return true;
-# else /* HASLSTAT && BOGUS_O_EXCL */
+# else
return false;
-# endif /* HASLSTAT && BOGUS_O_EXCL */
+# endif
}
if (fstat(fd, &sta) < 0)
return true;
if (sta.st_nlink != stb->st_nlink ||
sta.st_dev != stb->st_dev ||
sta.st_ino != stb->st_ino ||
# if HAS_ST_GEN && 0 /* AFS returns garbage in st_gen */
sta.st_gen != stb->st_gen ||
-# endif /* HAS_ST_GEN && 0 */
+# endif
sta.st_uid != stb->st_uid ||
sta.st_gid != stb->st_gid)
{
if (tTd(44, 8))
{
sm_dprintf("File changed after opening:\n");
sm_dprintf(" nlink = %ld/%ld\n",
(long) stb->st_nlink, (long) sta.st_nlink);
sm_dprintf(" dev = %ld/%ld\n",
(long) stb->st_dev, (long) sta.st_dev);
sm_dprintf(" ino = %llu/%llu\n",
(ULONGLONG_T) stb->st_ino,
(ULONGLONG_T) sta.st_ino);
# if HAS_ST_GEN
sm_dprintf(" gen = %ld/%ld\n",
(long) stb->st_gen, (long) sta.st_gen);
-# endif /* HAS_ST_GEN */
+# endif
sm_dprintf(" uid = %ld/%ld\n",
(long) stb->st_uid, (long) sta.st_uid);
sm_dprintf(" gid = %ld/%ld\n",
(long) stb->st_gid, (long) sta.st_gid);
}
return true;
}
return false;
}
/*
** DFOPEN -- determined file open
**
** This routine has the semantics of open, except that it will
** keep trying a few times to make this happen. The idea is that
** on very loaded systems, we may run out of resources (inodes,
** whatever), so this tries to get around it.
*/
int
dfopen(filename, omode, cmode, sff)
char *filename;
int omode;
int cmode;
long sff;
{
register int tries;
int fd = -1;
struct stat st;
for (tries = 0; tries < 10; tries++)
{
(void) sleep((unsigned) (10 * tries));
errno = 0;
fd = open(filename, omode, cmode);
if (fd >= 0)
break;
switch (errno)
{
case ENFILE: /* system file table full */
case EINTR: /* interrupted syscall */
#ifdef ETXTBSY
case ETXTBSY: /* Apollo: net file locked */
-#endif /* ETXTBSY */
+#endif
continue;
}
break;
}
if (!bitset(SFF_NOLOCK, sff) &&
fd >= 0 &&
fstat(fd, &st) >= 0 &&
S_ISREG(st.st_mode))
{
int locktype;
/* lock the file to avoid accidental conflicts */
if ((omode & O_ACCMODE) != O_RDONLY)
locktype = LOCK_EX;
else
locktype = LOCK_SH;
if (bitset(SFF_NBLOCK, sff))
locktype |= LOCK_NB;
if (!lockfile(fd, filename, NULL, locktype))
{
int save_errno = errno;
(void) close(fd);
fd = -1;
errno = save_errno;
}
else
errno = 0;
}
return fd;
}
diff --git a/mail.local/Makefile b/mail.local/Makefile
index f3776a9d502a..6cd2bc10511b 100644
--- a/mail.local/Makefile
+++ b/mail.local/Makefile
@@ -1,19 +1,21 @@
# $Id: Makefile,v 8.5 1999-10-05 16:39:32 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
force-install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/mail.local/mail.local.0 b/mail.local/mail.local.0
index ec11d50a3eb8..454261106dca 100644
--- a/mail.local/mail.local.0
+++ b/mail.local/mail.local.0
@@ -1,97 +1,97 @@
MAIL.LOCAL(8) MAIL.LOCAL(8)
-NNAAMMEE
+NAME
mail.local - store mail in a mailbox
-SSYYNNOOPPSSIISS
- mmaaiill..llooccaall [--77] [--bb] [--dd] [--DD _m_b_d_b] [--ll] [--ff _f_r_o_m|--rr _f_r_o_m] [--hh _f_i_l_e_n_a_m_e
- ] _u_s_e_r _._._.
+SYNOPSIS
+ mail.local [-7] [-b] [-d] [-D mbdb] [-l] [-f from|-r from] [-h filename
+ ] user ...
-DDEESSCCRRIIPPTTIIOONN
- MMaaiill..llooccaall reads the standard input up to an end-of-file and appends it
- to each _u_s_e_r_'_s mmaaiill file. The _u_s_e_r must be a valid user name.
+DESCRIPTION
+ Mail.local reads the standard input up to an end-of-file and appends it
+ to each user's mail file. The user must be a valid user name.
The options are as follows:
- --77 Do not advertise 8BITMIME support in LMTP mode.
+ -7 Do not advertise 8BITMIME support in LMTP mode.
- --bb Return a permanent error instead of a temporary error if a
+ -b Return a permanent error instead of a temporary error if a
mailbox exceeds quota.
- --dd Specify this is a delivery (for backward compatibility).
+ -d Specify this is a delivery (for backward compatibility).
This option has no effect.
- --DD _m_b_d_b Specify the name of the mailbox database which is used to
+ -D mbdb Specify the name of the mailbox database which is used to
look up local recipient names. This option defaults to "pw",
which means use getpwnam().
- --ff _f_r_o_m Specify the sender's name.
+ -f from Specify the sender's name.
- --ll Turn on LMTP mode.
+ -l Turn on LMTP mode.
- --rr _f_r_o_m Specify the sender's name (for backward compatibility). Same
+ -r from Specify the sender's name (for backward compatibility). Same
as -f.
- --hh _f_i_l_e_n_a_m_e
- Store incoming mail in _f_i_l_e_n_a_m_e in the user's home directory
+ -h filename
+ Store incoming mail in filename in the user's home directory
instead of a system mail spool directory.
- The next options are only available if mmaaiill..llooccaall has been compiled
+ The next options are only available if mail.local has been compiled
with -DHASHSPOOL.
- --HH _h_a_s_h_t_y_p_e_h_a_s_h_d_e_p_t_h
- Select hashed mail directories. Valid hash types are uu for user
- name and mm for MD5 (requires compilation with -DHASHSPOOLMD5).
- Example: --HH _u_2 selects user name hashing with a hash depth of 2.
+ -H hashtypehashdepth
+ Select hashed mail directories. Valid hash types are u for user
+ name and m for MD5 (requires compilation with -DHASHSPOOLMD5).
+ Example: -H u2 selects user name hashing with a hash depth of 2.
Note: there must be no space between the hash type and the
depth.
- --pp _p_a_t_h
+ -p path
Specify an alternate mail spool path.
- --nn Specify that the domain part of recipient addresses in LMTP mode
+ -n Specify that the domain part of recipient addresses in LMTP mode
should not be stripped.
Individual mail messages in the mailbox are delimited by an empty line
followed by a line beginning with the string ``From ''. A line con-
taining the string ``From '', the sender's name and a time stamp is
prepended to each delivered mail message. A blank line is appended to
each message. A greater-than character (``>'') is prepended to any
line in the message which could be mistaken for a ``From '' delimiter
line (that is, a line beginning with the five characters ``From '' fol-
lowing a blank line).
The mail files are exclusively locked with flock(2) while mail is
- appended, and a uusseerr..lloocckk file also is created while the mailbox is
+ appended, and a user.lock file also is created while the mailbox is
locked for compatibility with older MUAs.
If the ``biff'' service is returned by getservbyname(3), the biff
server is notified of delivered mail.
- The mmaaiill..llooccaall utility exits 0 on success, and >0 if an error occurs.
+ The mail.local utility exits 0 on success, and >0 if an error occurs.
-EENNVVIIRROONNMMEENNTT
+ENVIRONMENT
TZ Used to set the appropriate time zone on the timestamp.
-FFIILLEESS
+FILES
/tmp/local.XXXXXX temporary files
/var/mail/user user's default mailbox directory
/var/mail/user.lock lock file for a user's default mailbox
-SSEEEE AALLSSOO
+SEE ALSO
mail(1), xsend(1), flock(2), getservbyname(3), comsat(8), sendmail(8)
-WWAARRNNIINNGG
- mmaaiill..llooccaall escapes only "^From " lines that follow an empty line. If
+WARNING
+ mail.local escapes only "^From " lines that follow an empty line. If
all lines starting with "From " should be escaped, use the 'E' flag for
the local mailer in the sendmail.cf file.
-HHIISSTTOORRYY
- A superset of mmaaiill..llooccaall (handling mailbox reading as well as mail
- delivery) appeared in Version 7 AT&T UNIX as the program mmaaiill.
+HISTORY
+ A superset of mail.local (handling mailbox reading as well as mail
+ delivery) appeared in Version 7 AT&T UNIX as the program mail.
$Date: 2013-11-22 20:51:51 $ MAIL.LOCAL(8)
diff --git a/mail.local/mail.local.c b/mail.local/mail.local.c
index fc60792e7daf..5a5659b2068b 100644
--- a/mail.local/mail.local.c
+++ b/mail.local/mail.local.c
@@ -1,1943 +1,1943 @@
/*
* Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1990, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_IDSTR(copyright,
"@(#) Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.\n\
All rights reserved.\n\
Copyright (c) 1990, 1993, 1994\n\
The Regents of the University of California. All rights reserved.\n")
SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.257 2013-11-22 20:51:51 ca Exp $")
#include <stdlib.h>
#include <sm/errstring.h>
#include <sm/io.h>
#include <sm/limits.h>
# include <unistd.h>
# ifdef EX_OK
# undef EX_OK /* unistd.h may have another use for this */
-# endif /* EX_OK */
+# endif
# define LOCKFILE_PMODE 0
#include <sm/mbdb.h>
#include <sm/sysexits.h>
#ifndef HASHSPOOL
# define HASHSPOOL 0
-#endif /* ! HASHSPOOL */
+#endif
#ifndef HASHSPOOLMD5
# define HASHSPOOLMD5 0
-#endif /* ! HASHSPOOLMD5 */
+#endif
/*
** This is not intended to work on System V derived systems
** such as Solaris or HP-UX, since they use a totally different
** approach to mailboxes (essentially, they have a set-group-ID program
** rather than set-user-ID, and they rely on the ability to "give away"
** files to do their work). IT IS NOT A BUG that this doesn't
** work on such architectures.
*/
#include <stdio.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <time.h>
#include <stdlib.h>
# include <sys/socket.h>
# include <sys/file.h>
# include <netinet/in.h>
# include <arpa/nameser.h>
# include <netdb.h>
# include <pwd.h>
#include <sm/string.h>
#include <syslog.h>
#include <ctype.h>
#include <sm/conf.h>
#include <sendmail/pathnames.h>
#if HASHSPOOL
# define HASH_NONE 0
# define HASH_USER 1
# if HASHSPOOLMD5
# define HASH_MD5 2
# include <openssl/md5.h>
-# endif /* HASHSPOOLMD5 */
+# endif
#endif /* HASHSPOOL */
#if _FFR_SPOOL_PATH
/*
** Override path to mail store at run time (using -p).
** From: Eugene Grosbein of Svyaz Service JSC
** See: http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/114195
** NOTE: Update man page before adding this to a release.
*/
#endif /* _FFR_SPOOL_PATH */
#ifndef LOCKTO_RM
# define LOCKTO_RM 300 /* timeout for stale lockfile removal */
-#endif /* ! LOCKTO_RM */
+#endif
#ifndef LOCKTO_GLOB
# define LOCKTO_GLOB 400 /* global timeout for lockfile creation */
-#endif /* ! LOCKTO_GLOB */
+#endif
/* define a realloc() which works for NULL pointers */
#define REALLOC(ptr, size) (((ptr) == NULL) ? malloc(size) : realloc(ptr, size))
/*
** If you don't have flock, you could try using lockf instead.
*/
#ifdef LDA_USE_LOCKF
# define flock(a, b) lockf(a, b, 0)
# ifdef LOCK_EX
# undef LOCK_EX
-# endif /* LOCK_EX */
+# endif
# define LOCK_EX F_LOCK
#endif /* LDA_USE_LOCKF */
#ifndef LOCK_EX
# include <sys/file.h>
-#endif /* ! LOCK_EX */
+#endif
/*
** If you don't have setreuid, and you have saved uids, and you have
** a seteuid() call that doesn't try to emulate using setuid(), then
** you can try defining LDA_USE_SETEUID.
*/
#ifdef LDA_USE_SETEUID
# define setreuid(r, e) seteuid(e)
-#endif /* LDA_USE_SETEUID */
+#endif
#ifdef LDA_CONTENTLENGTH
# define CONTENTLENGTH 1
-#endif /* LDA_CONTENTLENGTH */
+#endif
#ifndef INADDRSZ
# define INADDRSZ 4 /* size of an IPv4 address in bytes */
-#endif /* ! INADDRSZ */
+#endif
#ifdef MAILLOCK
# include <maillock.h>
-#endif /* MAILLOCK */
+#endif
#ifndef MAILER_DAEMON
# define MAILER_DAEMON "MAILER-DAEMON"
-#endif /* ! MAILER_DAEMON */
+#endif
#ifdef CONTENTLENGTH
char ContentHdr[40] = "Content-Length: ";
off_t HeaderLength;
off_t BodyLength;
-#endif /* CONTENTLENGTH */
+#endif
bool EightBitMime = true; /* advertise 8BITMIME in LMTP */
char ErrBuf[10240]; /* error buffer */
int ExitVal = EX_OK; /* sysexits.h error value. */
bool HoldErrs = false; /* Hold errors in ErrBuf */
bool LMTPMode = false;
bool BounceQuota = false; /* permanent error when over quota */
bool CloseMBDB = false;
char *HomeMailFile = NULL; /* store mail in homedir */
#if HASHSPOOL
int HashType = HASH_NONE;
int HashDepth = 0;
bool StripRcptDomain = true;
-#else /* HASHSPOOL */
+#else
# define StripRcptDomain true
-#endif /* HASHSPOOL */
+#endif
char SpoolPath[MAXPATHLEN];
char *parseaddr __P((char *, bool));
char *process_recipient __P((char *));
void dolmtp __P((void));
void deliver __P((int, char *));
int e_to_sys __P((int));
void notifybiff __P((char *));
int store __P((char *, bool *));
void usage __P((void));
int lockmbox __P((char *));
void unlockmbox __P((void));
void mailerr __P((const char *, const char *, ...));
void flush_error __P((void));
#if HASHSPOOL
const char *hashname __P((char *));
-#endif /* HASHSPOOL */
+#endif
static void sm_exit __P((int));
static void
sm_exit(status)
int status;
{
if (CloseMBDB)
{
sm_mbdb_terminate();
CloseMBDB = false; /* not really necessary, but ... */
}
exit(status);
}
int
main(argc, argv)
int argc;
char *argv[];
{
struct passwd *pw;
int ch, fd;
uid_t uid;
char *from;
char *mbdbname = "pw";
int err;
extern char *optarg;
extern int optind;
/* make sure we have some open file descriptors */
for (fd = 10; fd < 30; fd++)
(void) close(fd);
/* use a reasonable umask */
(void) umask(0077);
# ifdef LOG_MAIL
openlog("mail.local", 0, LOG_MAIL);
-# else /* LOG_MAIL */
+# else
openlog("mail.local", 0);
-# endif /* LOG_MAIL */
+# endif
from = NULL;
/* XXX can this be converted to a compile time check? */
if (sm_strlcpy(SpoolPath, _PATH_MAILDIR, sizeof(SpoolPath)) >=
sizeof(SpoolPath))
{
mailerr("421", "Configuration error: _PATH_MAILDIR too large");
sm_exit(EX_CONFIG);
}
#if HASHSPOOL
while ((ch = getopt(argc, argv, "7bdD:f:h:r:lH:p:n")) != -1)
#else /* HASHSPOOL */
# if _FFR_SPOOL_PATH
while ((ch = getopt(argc, argv, "7bdD:f:h:r:lp:")) != -1)
-# else /* _FFR_SPOOL_PATH */
+# else
while ((ch = getopt(argc, argv, "7bdD:f:h:r:l")) != -1)
-# endif /* _FFR_SPOOL_PATH */
+# endif
#endif /* HASHSPOOL */
{
switch(ch)
{
case '7': /* Do not advertise 8BITMIME */
EightBitMime = false;
break;
case 'b': /* bounce mail when over quota. */
BounceQuota = true;
break;
case 'd': /* Backward compatible. */
break;
case 'D': /* mailbox database type */
mbdbname = optarg;
break;
case 'f':
case 'r': /* Backward compatible. */
if (from != NULL)
{
mailerr(NULL, "Multiple -f options");
usage();
}
from = optarg;
break;
case 'h':
if (optarg != NULL || *optarg != '\0')
HomeMailFile = optarg;
else
{
mailerr(NULL, "-h: missing filename");
usage();
}
break;
case 'l':
LMTPMode = true;
break;
#if HASHSPOOL
case 'H':
if (optarg == NULL || *optarg == '\0')
{
mailerr(NULL, "-H: missing hashinfo");
usage();
}
switch(optarg[0])
{
case 'u':
HashType = HASH_USER;
break;
# if HASHSPOOLMD5
case 'm':
HashType = HASH_MD5;
break;
-# endif /* HASHSPOOLMD5 */
+# endif
default:
mailerr(NULL, "-H: unknown hash type");
usage();
}
if (optarg[1] == '\0')
{
mailerr(NULL, "-H: invalid hash depth");
usage();
}
HashDepth = atoi(&optarg[1]);
if ((HashDepth <= 0) || ((HashDepth * 2) >= MAXPATHLEN))
{
mailerr(NULL, "-H: invalid hash depth");
usage();
}
break;
case 'n':
StripRcptDomain = false;
break;
#endif /* HASHSPOOL */
#if HASHSPOOL || _FFR_SPOOL_PATH
case 'p':
if (optarg == NULL || *optarg == '\0')
{
mailerr(NULL, "-p: missing spool path");
usage();
}
if (sm_strlcpy(SpoolPath, optarg, sizeof(SpoolPath)) >=
sizeof(SpoolPath))
{
mailerr(NULL, "-p: invalid spool path");
usage();
}
break;
#endif /* HASHSPOOL || _FFR_SPOOL_PATH */
case '?':
default:
usage();
}
}
argc -= optind;
argv += optind;
/* initialize biff structures */
notifybiff(NULL);
err = sm_mbdb_initialize(mbdbname);
if (err != EX_OK)
{
char *errcode = "521";
if (err == EX_TEMPFAIL)
errcode = "421";
mailerr(errcode, "Can not open mailbox database %s: %s",
mbdbname, sm_strexit(err));
sm_exit(err);
}
CloseMBDB = true;
if (LMTPMode)
{
if (argc > 0)
{
mailerr("421", "Users should not be specified in command line if LMTP required");
sm_exit(EX_TEMPFAIL);
}
dolmtp();
/* NOTREACHED */
sm_exit(EX_OK);
}
/* Non-LMTP from here on out */
- if (*argv == '\0')
+ if (*argv == NULL)
usage();
/*
** If from not specified, use the name from getlogin() if the
** uid matches, otherwise, use the name from the password file
** corresponding to the uid.
*/
uid = getuid();
if (from == NULL && ((from = getlogin()) == NULL ||
(pw = getpwnam(from)) == NULL ||
pw->pw_uid != uid))
from = (pw = getpwuid(uid)) != NULL ? pw->pw_name : "???";
/*
** There is no way to distinguish the error status of one delivery
** from the rest of the deliveries. So, if we failed hard on one
** or more deliveries, but had no failures on any of the others, we
** return a hard failure. If we failed temporarily on one or more
** deliveries, we return a temporary failure regardless of the other
** failures. This results in the delivery being reattempted later
** at the expense of repeated failures and multiple deliveries.
*/
HoldErrs = true;
fd = store(from, NULL);
HoldErrs = false;
if (fd < 0)
{
flush_error();
sm_exit(ExitVal);
}
for (; *argv != NULL; ++argv)
deliver(fd, *argv);
sm_exit(ExitVal);
/* NOTREACHED */
return ExitVal;
}
char *
parseaddr(s, rcpt)
char *s;
bool rcpt;
{
char *p;
int l;
if (*s++ != '<')
return NULL;
p = s;
/* at-domain-list */
while (*p == '@')
{
p++;
while (*p != ',' && *p != ':' && *p != '\0')
p++;
if (*p == '\0')
return NULL;
/* Skip over , or : */
p++;
}
s = p;
/* local-part */
while (*p != '\0' && *p != '@' && *p != '>')
{
if (*p == '\\')
{
if (*++p == '\0')
return NULL;
}
else if (*p == '\"')
{
p++;
while (*p != '\0' && *p != '\"')
{
if (*p == '\\')
{
if (*++p == '\0')
return NULL;
}
p++;
}
if (*p == '\0' || *(p + 1) == '\0')
return NULL;
}
/* +detail ? */
if (*p == '+' && rcpt)
*p = '\0';
p++;
}
/* @domain */
if (*p == '@')
{
if (rcpt)
*p++ = '\0';
while (*p != '\0' && *p != '>')
p++;
}
if (*p != '>')
return NULL;
else
*p = '\0';
p++;
if (*p != '\0' && *p != ' ')
return NULL;
if (*s == '\0')
s = MAILER_DAEMON;
l = strlen(s) + 1;
if (l < 0)
return NULL;
p = malloc(l);
if (p == NULL)
{
mailerr("421 4.3.0", "Memory exhausted");
sm_exit(EX_TEMPFAIL);
}
(void) sm_strlcpy(p, s, l);
return p;
}
char *
process_recipient(addr)
char *addr;
{
SM_MBDB_T user;
switch (sm_mbdb_lookup(addr, &user))
{
case EX_OK:
return NULL;
case EX_NOUSER:
return "550 5.1.1 User unknown";
case EX_TEMPFAIL:
return "451 4.3.0 User database failure; retry later";
default:
return "550 5.3.0 User database failure";
}
}
#define RCPT_GROW 30
void
dolmtp()
{
char *return_path = NULL;
char **rcpt_addr = NULL;
int rcpt_num = 0;
int rcpt_alloc = 0;
bool gotlhlo = false;
char *err;
int msgfd;
char *p;
int i;
char myhostname[1024];
char buf[4096];
memset(myhostname, '\0', sizeof myhostname);
(void) gethostname(myhostname, sizeof myhostname - 1);
if (myhostname[0] == '\0')
sm_strlcpy(myhostname, "localhost", sizeof myhostname);
printf("220 %s LMTP ready\r\n", myhostname);
for (;;)
{
(void) fflush(stdout);
if (fgets(buf, sizeof(buf) - 1, stdin) == NULL)
sm_exit(EX_OK);
p = buf + strlen(buf) - 1;
if (p >= buf && *p == '\n')
*p-- = '\0';
if (p >= buf && *p == '\r')
*p-- = '\0';
switch (buf[0])
{
case 'd':
case 'D':
if (sm_strcasecmp(buf, "data") == 0)
{
bool inbody = false;
if (rcpt_num == 0)
{
mailerr("503 5.5.1", "No recipients");
continue;
}
HoldErrs = true;
msgfd = store(return_path, &inbody);
HoldErrs = false;
if (msgfd < 0 && !inbody)
{
flush_error();
continue;
}
for (i = 0; i < rcpt_num; i++)
{
if (msgfd < 0)
{
/* print error for rcpt */
flush_error();
continue;
}
p = strchr(rcpt_addr[i], '+');
if (p != NULL)
*p = '\0';
deliver(msgfd, rcpt_addr[i]);
}
if (msgfd >= 0)
(void) close(msgfd);
goto rset;
}
goto syntaxerr;
/* NOTREACHED */
break;
case 'l':
case 'L':
if (sm_strncasecmp(buf, "lhlo ", 5) == 0)
{
/* check for duplicate per RFC 1651 4.2 */
if (gotlhlo)
{
mailerr("503", "%s Duplicate LHLO",
myhostname);
continue;
}
gotlhlo = true;
printf("250-%s\r\n", myhostname);
if (EightBitMime)
printf("250-8BITMIME\r\n");
printf("250-ENHANCEDSTATUSCODES\r\n");
printf("250 PIPELINING\r\n");
continue;
}
goto syntaxerr;
/* NOTREACHED */
break;
case 'm':
case 'M':
if (sm_strncasecmp(buf, "mail ", 5) == 0)
{
if (return_path != NULL)
{
mailerr("503 5.5.1",
"Nested MAIL command");
continue;
}
if (sm_strncasecmp(buf + 5, "from:", 5) != 0 ||
((return_path = parseaddr(buf + 10,
false)) == NULL))
{
mailerr("501 5.5.4",
"Syntax error in parameters");
continue;
}
printf("250 2.5.0 Ok\r\n");
continue;
}
goto syntaxerr;
/* NOTREACHED */
break;
case 'n':
case 'N':
if (sm_strcasecmp(buf, "noop") == 0)
{
printf("250 2.0.0 Ok\r\n");
continue;
}
goto syntaxerr;
/* NOTREACHED */
break;
case 'q':
case 'Q':
if (sm_strcasecmp(buf, "quit") == 0)
{
printf("221 2.0.0 Bye\r\n");
sm_exit(EX_OK);
}
goto syntaxerr;
/* NOTREACHED */
break;
case 'r':
case 'R':
if (sm_strncasecmp(buf, "rcpt ", 5) == 0)
{
if (return_path == NULL)
{
mailerr("503 5.5.1",
"Need MAIL command");
continue;
}
if (rcpt_num >= rcpt_alloc)
{
rcpt_alloc += RCPT_GROW;
rcpt_addr = (char **)
REALLOC((char *) rcpt_addr,
rcpt_alloc *
sizeof(char **));
if (rcpt_addr == NULL)
{
mailerr("421 4.3.0",
"Memory exhausted");
sm_exit(EX_TEMPFAIL);
}
}
if (sm_strncasecmp(buf + 5, "to:", 3) != 0 ||
((rcpt_addr[rcpt_num] = parseaddr(buf + 8,
StripRcptDomain)) == NULL))
{
mailerr("501 5.5.4",
"Syntax error in parameters");
continue;
}
err = process_recipient(rcpt_addr[rcpt_num]);
if (err != NULL)
{
mailerr(NULL, "%s", err);
continue;
}
rcpt_num++;
printf("250 2.1.5 Ok\r\n");
continue;
}
else if (sm_strcasecmp(buf, "rset") == 0)
{
printf("250 2.0.0 Ok\r\n");
rset:
while (rcpt_num > 0)
free(rcpt_addr[--rcpt_num]);
if (return_path != NULL)
free(return_path);
return_path = NULL;
continue;
}
goto syntaxerr;
/* NOTREACHED */
break;
case 'v':
case 'V':
if (sm_strncasecmp(buf, "vrfy ", 5) == 0)
{
printf("252 2.3.3 Try RCPT to attempt delivery\r\n");
continue;
}
goto syntaxerr;
/* NOTREACHED */
break;
default:
syntaxerr:
mailerr("500 5.5.2", "Syntax error");
continue;
/* NOTREACHED */
break;
}
}
}
int
store(from, inbody)
char *from;
bool *inbody;
{
FILE *fp = NULL;
time_t tval;
bool eline; /* previous line was empty */
bool fullline = true; /* current line is terminated */
bool prevfl; /* previous line was terminated */
char line[2048];
int fd;
char tmpbuf[sizeof _PATH_LOCTMP + 1];
if (inbody != NULL)
*inbody = false;
(void) umask(0077);
(void) sm_strlcpy(tmpbuf, _PATH_LOCTMP, sizeof tmpbuf);
if ((fd = mkstemp(tmpbuf)) < 0 || (fp = fdopen(fd, "w+")) == NULL)
{
if (fd >= 0)
(void) close(fd);
mailerr("451 4.3.0", "Unable to open temporary file");
return -1;
}
(void) unlink(tmpbuf);
if (LMTPMode)
{
printf("354 Go ahead\r\n");
(void) fflush(stdout);
}
if (inbody != NULL)
*inbody = true;
(void) time(&tval);
(void) fprintf(fp, "From %s %s", from, ctime(&tval));
#ifdef CONTENTLENGTH
HeaderLength = 0;
BodyLength = -1;
-#endif /* CONTENTLENGTH */
+#endif
line[0] = '\0';
eline = true;
while (fgets(line, sizeof(line), stdin) != (char *) NULL)
{
size_t line_len = 0;
int peek;
prevfl = fullline; /* preserve state of previous line */
while (line[line_len] != '\n' && line_len < sizeof(line) - 2)
line_len++;
line_len++;
/* Check for dot-stuffing */
if (prevfl && LMTPMode && line[0] == '.')
{
if (line[1] == '\n' ||
(line[1] == '\r' && line[2] == '\n'))
goto lmtpdot;
memcpy(line, line + 1, line_len);
line_len--;
}
/* Check to see if we have the full line from fgets() */
fullline = false;
if (line_len > 0)
{
if (line[line_len - 1] == '\n')
{
if (line_len >= 2 &&
line[line_len - 2] == '\r')
{
line[line_len - 2] = '\n';
line[line_len - 1] = '\0';
line_len--;
}
fullline = true;
}
else if (line[line_len - 1] == '\r')
{
/* Did we just miss the CRLF? */
peek = fgetc(stdin);
if (peek == '\n')
{
line[line_len - 1] = '\n';
fullline = true;
}
else
(void) ungetc(peek, stdin);
}
}
else
fullline = true;
#ifdef CONTENTLENGTH
if (prevfl && line[0] == '\n' && HeaderLength == 0)
{
eline = false;
if (fp != NULL)
HeaderLength = ftell(fp);
if (HeaderLength <= 0)
{
/*
** shouldn't happen, unless ftell() is
** badly broken
*/
HeaderLength = -1;
}
}
#else /* CONTENTLENGTH */
if (prevfl && line[0] == '\n')
eline = true;
#endif /* CONTENTLENGTH */
else
{
if (eline && line[0] == 'F' &&
fp != NULL &&
!memcmp(line, "From ", 5))
(void) putc('>', fp);
eline = false;
#ifdef CONTENTLENGTH
/* discard existing "Content-Length:" headers */
if (prevfl && HeaderLength == 0 &&
(line[0] == 'C' || line[0] == 'c') &&
sm_strncasecmp(line, ContentHdr, 15) == 0)
{
/*
** be paranoid: clear the line
** so no "wrong matches" may occur later
*/
line[0] = '\0';
continue;
}
#endif /* CONTENTLENGTH */
}
if (fp != NULL)
{
(void) fwrite(line, sizeof(char), line_len, fp);
if (ferror(fp))
{
mailerr("451 4.3.0",
"Temporary file write error");
(void) fclose(fp);
fp = NULL;
continue;
}
}
}
/* check if an error occurred */
if (fp == NULL)
return -1;
if (LMTPMode)
{
/* Got a premature EOF -- toss message and exit */
sm_exit(EX_OK);
}
/* If message not newline terminated, need an extra. */
if (fp != NULL && strchr(line, '\n') == NULL)
(void) putc('\n', fp);
lmtpdot:
#ifdef CONTENTLENGTH
if (fp != NULL)
BodyLength = ftell(fp);
if (HeaderLength == 0 && BodyLength > 0) /* empty body */
{
HeaderLength = BodyLength;
BodyLength = 0;
}
else
BodyLength = BodyLength - HeaderLength - 1 ;
if (HeaderLength > 0 && BodyLength >= 0)
{
(void) sm_snprintf(line, sizeof line, "%lld\n",
(LONGLONG_T) BodyLength);
(void) sm_strlcpy(&ContentHdr[16], line,
sizeof(ContentHdr) - 16);
}
else
BodyLength = -1; /* Something is wrong here */
#endif /* CONTENTLENGTH */
/* Output a newline; note, empty messages are allowed. */
if (fp != NULL)
(void) putc('\n', fp);
if (fp == NULL || fflush(fp) == EOF || ferror(fp) != 0)
{
mailerr("451 4.3.0", "Temporary file write error");
if (fp != NULL)
(void) fclose(fp);
return -1;
}
return fd;
}
void
deliver(fd, name)
int fd;
char *name;
{
struct stat fsb;
struct stat sb;
char path[MAXPATHLEN];
int mbfd = -1, nr = 0, nw, off;
int exitval;
char *p;
char *errcode;
off_t curoff, cursize;
#ifdef CONTENTLENGTH
off_t headerbytes;
int readamount;
-#endif /* CONTENTLENGTH */
+#endif
char biffmsg[100], buf[8 * 1024];
SM_MBDB_T user;
/*
** Disallow delivery to unknown names -- special mailboxes can be
** handled in the sendmail aliases file.
*/
exitval = sm_mbdb_lookup(name, &user);
switch (exitval)
{
case EX_OK:
break;
case EX_NOUSER:
exitval = EX_UNAVAILABLE;
mailerr("550 5.1.1", "%s: User unknown", name);
break;
case EX_TEMPFAIL:
mailerr("451 4.3.0", "%s: User database failure; retry later",
name);
break;
default:
exitval = EX_UNAVAILABLE;
mailerr("550 5.3.0", "%s: User database failure", name);
break;
}
if (exitval != EX_OK)
{
if (ExitVal != EX_TEMPFAIL)
ExitVal = exitval;
return;
}
endpwent();
/*
** Keep name reasonably short to avoid buffer overruns.
** This isn't necessary on BSD because of the proper
** definition of snprintf(), but it can cause problems
** on other systems.
** Also, clear out any bogus characters.
*/
#if !HASHSPOOL
if (strlen(name) > 40)
name[40] = '\0';
for (p = name; *p != '\0'; p++)
{
if (!isascii(*p))
*p &= 0x7f;
else if (!isprint(*p))
*p = '.';
}
#endif /* !HASHSPOOL */
if (HomeMailFile == NULL)
{
if (sm_strlcpyn(path, sizeof(path),
#if HASHSPOOL
4,
-#else /* HASHSPOOL */
+#else
3,
-#endif /* HASHSPOOL */
+#endif
SpoolPath, "/",
#if HASHSPOOL
hashname(name),
-#endif /* HASHSPOOL */
+#endif
name) >= sizeof(path))
{
exitval = EX_UNAVAILABLE;
mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
return;
}
}
else if (*user.mbdb_homedir == '\0')
{
exitval = EX_UNAVAILABLE;
mailerr("550 5.1.1", "%s: User missing home directory", name);
return;
}
else if (sm_snprintf(path, sizeof(path), "%s/%s",
user.mbdb_homedir, HomeMailFile) >= sizeof(path))
{
exitval = EX_UNAVAILABLE;
mailerr("550 5.1.1", "%s: Invalid mailbox path", name);
return;
}
/*
** If the mailbox is linked or a symlink, fail. There's an obvious
** race here, that the file was replaced with a symbolic link after
** the lstat returned, but before the open. We attempt to detect
** this by comparing the original stat information and information
** returned by an fstat of the file descriptor returned by the open.
**
** NB: this is a symptom of a larger problem, that the mail spooling
** directory is writeable by the wrong users. If that directory is
** writeable, system security is compromised for other reasons, and
** it cannot be fixed here.
**
** If we created the mailbox, set the owner/group. If that fails,
** just return. Another process may have already opened it, so we
** can't unlink it. Historically, binmail set the owner/group at
** each mail delivery. We no longer do this, assuming that if the
** ownership or permissions were changed there was a reason.
**
** XXX
** open(2) should support flock'ing the file.
*/
tryagain:
#ifdef MAILLOCK
p = name;
-#else /* MAILLOCK */
+#else
p = path;
-#endif /* MAILLOCK */
+#endif
if ((off = lockmbox(p)) != 0)
{
if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL)
{
ExitVal = EX_TEMPFAIL;
errcode = "451 4.3.0";
}
else
errcode = "551 5.3.0";
mailerr(errcode, "lockmailbox %s failed; error code %d %s",
p, off, errno > 0 ? sm_errstring(errno) : "");
return;
}
if (lstat(path, &sb) < 0)
{
int save_errno;
int mode = S_IRUSR|S_IWUSR;
gid_t gid = user.mbdb_gid;
#ifdef MAILGID
(void) umask(0007);
gid = MAILGID;
mode |= S_IRGRP|S_IWGRP;
-#endif /* MAILGID */
+#endif
mbfd = open(path, O_APPEND|O_CREAT|O_EXCL|O_WRONLY,
mode);
save_errno = errno;
if (lstat(path, &sb) < 0)
{
ExitVal = EX_CANTCREAT;
mailerr("550 5.2.0",
"%s: lstat: file changed after open", path);
goto err1;
}
if (mbfd < 0)
{
if (save_errno == EEXIST)
goto tryagain;
/* open failed, don't try again */
mailerr("450 4.2.0", "%s: %s", path,
sm_errstring(save_errno));
goto err0;
}
else if (fchown(mbfd, user.mbdb_uid, gid) < 0)
{
mailerr("451 4.3.0", "chown %u.%u: %s",
user.mbdb_uid, gid, name);
goto err1;
}
else
{
/*
** open() was successful, now close it so can
** be opened as the right owner again.
** Paranoia: reset mbdf since the file descriptor
** is no longer valid; better safe than sorry.
*/
sb.st_uid = user.mbdb_uid;
(void) close(mbfd);
mbfd = -1;
}
}
else if (sb.st_nlink != 1)
{
mailerr("550 5.2.0", "%s: too many links", path);
goto err0;
}
else if (!S_ISREG(sb.st_mode))
{
mailerr("550 5.2.0", "%s: irregular file", path);
goto err0;
}
else if (sb.st_uid != user.mbdb_uid)
{
ExitVal = EX_CANTCREAT;
mailerr("550 5.2.0", "%s: wrong ownership (%d)",
path, (int) sb.st_uid);
goto err0;
}
/* change UID for quota checks */
if (setreuid(0, user.mbdb_uid) < 0)
{
mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
(int) user.mbdb_uid, sm_errstring(errno),
(int) getuid(), (int) geteuid());
goto err1;
}
#ifdef DEBUG
fprintf(stderr, "new euid = %d\n", (int) geteuid());
-#endif /* DEBUG */
+#endif
mbfd = open(path, O_APPEND|O_WRONLY, 0);
if (mbfd < 0)
{
mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
goto err0;
}
else if (fstat(mbfd, &fsb) < 0 ||
fsb.st_nlink != 1 ||
sb.st_nlink != 1 ||
!S_ISREG(fsb.st_mode) ||
sb.st_dev != fsb.st_dev ||
sb.st_ino != fsb.st_ino ||
# if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
sb.st_gen != fsb.st_gen ||
-# endif /* HAS_ST_GEN && 0 */
+# endif
sb.st_uid != fsb.st_uid)
{
ExitVal = EX_TEMPFAIL;
mailerr("550 5.2.0", "%s: fstat: file changed after open",
path);
goto err1;
}
#if 0
/*
** This code could be reused if we decide to add a
** per-user quota field to the sm_mbdb interface.
*/
/*
** Fail if the user has a quota specified, and delivery of this
** message would exceed that quota. We bounce such failures using
** EX_UNAVAILABLE, unless there were internal problems, since
** storing immense messages for later retries can cause queueing
** issues.
*/
if (ui.quota > 0)
{
struct stat dsb;
if (fstat(fd, &dsb) < 0)
{
ExitVal = EX_TEMPFAIL;
mailerr("451 4.3.0",
"%s: fstat: can't stat temporary storage: %s",
ui.mailspool, sm_errstring(errno));
goto err1;
}
if (dsb.st_size + sb.st_size + 1 > ui.quota)
{
ExitVal = EX_UNAVAILABLE;
mailerr("551 5.2.2",
"%s: Mailbox full or quota exceeded",
ui.mailspool);
goto err1;
}
}
#endif /* 0 */
/* Wait until we can get a lock on the file. */
if (flock(mbfd, LOCK_EX) < 0)
{
mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
goto err1;
}
/* Get the starting offset of the new message */
curoff = lseek(mbfd, (off_t) 0, SEEK_END);
(void) sm_snprintf(biffmsg, sizeof(biffmsg), "%s@%lld\n",
name, (LONGLONG_T) curoff);
/* Copy the message into the file. */
if (lseek(fd, (off_t) 0, SEEK_SET) == (off_t) -1)
{
mailerr("450 4.2.0", "Temporary file: %s",
sm_errstring(errno));
goto err1;
}
#ifdef DEBUG
fprintf(stderr, "before writing: euid = %d\n", (int) geteuid());
-#endif /* DEBUG */
+#endif
#ifdef CONTENTLENGTH
headerbytes = (BodyLength >= 0) ? HeaderLength : -1 ;
for (;;)
{
if (headerbytes == 0)
{
(void) sm_snprintf(buf, sizeof buf, "%s", ContentHdr);
nr = strlen(buf);
headerbytes = -1;
readamount = 0;
}
else if (headerbytes > sizeof(buf) || headerbytes < 0)
readamount = sizeof(buf);
else
readamount = headerbytes;
if (readamount != 0)
nr = read(fd, buf, readamount);
if (nr <= 0)
break;
if (headerbytes > 0)
headerbytes -= nr ;
#else /* CONTENTLENGTH */
while ((nr = read(fd, buf, sizeof(buf))) > 0)
{
#endif /* CONTENTLENGTH */
for (off = 0; off < nr; off += nw)
{
if ((nw = write(mbfd, buf + off, nr - off)) < 0)
{
errcode = "450 4.2.0";
#ifdef EDQUOT
if (errno == EDQUOT && BounceQuota)
errcode = "552 5.2.2";
-#endif /* EDQUOT */
+#endif
mailerr(errcode, "%s: %s",
path, sm_errstring(errno));
goto err3;
}
}
}
if (nr < 0)
{
mailerr("450 4.2.0", "Temporary file: %s",
sm_errstring(errno));
goto err3;
}
/* Flush to disk, don't wait for update. */
if (fsync(mbfd) < 0)
{
mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
err3:
#ifdef DEBUG
fprintf(stderr, "reset euid = %d\n", (int) geteuid());
-#endif /* DEBUG */
+#endif
if (mbfd >= 0)
(void) ftruncate(mbfd, curoff);
err1: if (mbfd >= 0)
(void) close(mbfd);
err0: (void) setreuid(0, 0);
unlockmbox();
return;
}
/*
** Save the current size so if the close() fails below
** we can make sure no other process has changed the mailbox
** between the failed close and the re-open()/re-lock().
** If something else has changed the size, we shouldn't
** try to truncate it as we may do more harm then good
** (e.g., truncate a later message delivery).
*/
if (fstat(mbfd, &sb) < 0)
cursize = 0;
else
cursize = sb.st_size;
/* Close and check -- NFS doesn't write until the close. */
if (close(mbfd))
{
errcode = "450 4.2.0";
#ifdef EDQUOT
if (errno == EDQUOT && BounceQuota)
errcode = "552 5.2.2";
-#endif /* EDQUOT */
+#endif
mailerr(errcode, "%s: %s", path, sm_errstring(errno));
mbfd = open(path, O_WRONLY, 0);
if (mbfd < 0 ||
cursize == 0
|| flock(mbfd, LOCK_EX) < 0 ||
fstat(mbfd, &sb) < 0 ||
sb.st_size != cursize ||
sb.st_nlink != 1 ||
!S_ISREG(sb.st_mode) ||
sb.st_dev != fsb.st_dev ||
sb.st_ino != fsb.st_ino ||
# if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */
sb.st_gen != fsb.st_gen ||
-# endif /* HAS_ST_GEN && 0 */
+# endif
sb.st_uid != fsb.st_uid
)
{
/* Don't use a bogus file */
if (mbfd >= 0)
{
(void) close(mbfd);
mbfd = -1;
}
}
/* Attempt to truncate back to pre-write size */
goto err3;
}
else
notifybiff(biffmsg);
if (setreuid(0, 0) < 0)
{
mailerr("450 4.2.0", "setreuid(0, 0): %s",
sm_errstring(errno));
goto err0;
}
#ifdef DEBUG
fprintf(stderr, "reset euid = %d\n", (int) geteuid());
-#endif /* DEBUG */
+#endif
unlockmbox();
if (LMTPMode)
printf("250 2.1.5 %s Ok\r\n", name);
}
/*
** user.lock files are necessary for compatibility with other
** systems, e.g., when the mail spool file is NFS exported.
** Alas, mailbox locking is more than just a local matter.
** EPA 11/94.
*/
bool Locked = false;
#ifdef MAILLOCK
int
lockmbox(name)
char *name;
{
int r = 0;
if (Locked)
return 0;
if ((r = maillock(name, 15)) == L_SUCCESS)
{
Locked = true;
return 0;
}
switch (r)
{
case L_TMPLOCK: /* Can't create tmp file */
case L_TMPWRITE: /* Can't write pid into lockfile */
case L_MAXTRYS: /* Failed after retrycnt attempts */
errno = 0;
r = EX_TEMPFAIL;
break;
case L_ERROR: /* Check errno for reason */
r = errno;
break;
default: /* other permanent errors */
errno = 0;
r = EX_UNAVAILABLE;
break;
}
return r;
}
void
unlockmbox()
{
if (Locked)
mailunlock();
Locked = false;
}
#else /* MAILLOCK */
char LockName[MAXPATHLEN];
int
lockmbox(path)
char *path;
{
int statfailed = 0;
time_t start;
if (Locked)
return 0;
if (strlen(path) + 6 > sizeof LockName)
return EX_SOFTWARE;
(void) sm_snprintf(LockName, sizeof LockName, "%s.lock", path);
(void) time(&start);
for (; ; sleep(5))
{
int fd;
struct stat st;
time_t now;
/* global timeout */
(void) time(&now);
if (now > start + LOCKTO_GLOB)
{
errno = 0;
return EX_TEMPFAIL;
}
fd = open(LockName, O_WRONLY|O_EXCL|O_CREAT, LOCKFILE_PMODE);
if (fd >= 0)
{
/* defeat lock checking programs which test pid */
(void) write(fd, "0", 2);
Locked = true;
(void) close(fd);
return 0;
}
if (stat(LockName, &st) < 0)
{
if (statfailed++ > 5)
{
errno = 0;
return EX_TEMPFAIL;
}
continue;
}
statfailed = 0;
(void) time(&now);
if (now < st.st_ctime + LOCKTO_RM)
continue;
/* try to remove stale lockfile */
if (unlink(LockName) < 0)
return errno;
}
}
void
unlockmbox()
{
if (!Locked)
return;
(void) unlink(LockName);
Locked = false;
}
#endif /* MAILLOCK */
void
notifybiff(msg)
char *msg;
{
static bool initialized = false;
static int f = -1;
struct hostent *hp;
struct servent *sp;
int len;
static struct sockaddr_in addr;
if (!initialized)
{
initialized = true;
/* Be silent if biff service not available. */
if ((sp = getservbyname("biff", "udp")) == NULL ||
(hp = gethostbyname("localhost")) == NULL ||
hp->h_length != INADDRSZ)
return;
addr.sin_family = hp->h_addrtype;
memcpy(&addr.sin_addr, hp->h_addr, INADDRSZ);
addr.sin_port = sp->s_port;
}
/* No message, just return */
if (msg == NULL)
return;
/* Couldn't initialize addr struct */
if (addr.sin_family == AF_UNSPEC)
return;
if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
return;
len = strlen(msg) + 1;
(void) sendto(f, msg, len, 0, (struct sockaddr *) &addr, sizeof(addr));
}
void
usage()
{
ExitVal = EX_USAGE;
# if _FFR_SPOOL_PATH
mailerr(NULL, "usage: mail.local [-7] [-b] [-d] [-l] [-f from|-r from] [-h filename] [-p path] user ...");
-# else /* _FFR_SPOOL_PATH */
+# else
mailerr(NULL, "usage: mail.local [-7] [-b] [-d] [-l] [-f from|-r from] [-h filename] user ...");
-# endif /* _FFR_SPOOL_PATH */
+# endif
sm_exit(ExitVal);
}
void
/*VARARGS2*/
#ifdef __STDC__
mailerr(const char *hdr, const char *fmt, ...)
#else /* __STDC__ */
mailerr(hdr, fmt, va_alist)
const char *hdr;
const char *fmt;
va_dcl
#endif /* __STDC__ */
{
size_t len = 0;
SM_VA_LOCAL_DECL
(void) e_to_sys(errno);
SM_VA_START(ap, fmt);
if (LMTPMode && hdr != NULL)
{
sm_snprintf(ErrBuf, sizeof ErrBuf, "%s ", hdr);
len = strlen(ErrBuf);
}
(void) sm_vsnprintf(&ErrBuf[len], sizeof ErrBuf - len, fmt, ap);
SM_VA_END(ap);
if (!HoldErrs)
flush_error();
/* Log the message to syslog. */
if (!LMTPMode)
syslog(LOG_ERR, "%s", ErrBuf);
}
void
flush_error()
{
if (LMTPMode)
printf("%s\r\n", ErrBuf);
else
{
if (ExitVal != EX_USAGE)
(void) fprintf(stderr, "mail.local: ");
fprintf(stderr, "%s\n", ErrBuf);
}
}
#if HASHSPOOL
const char *
hashname(name)
char *name;
{
static char p[MAXPATHLEN];
int i;
int len;
char *str;
# if HASHSPOOLMD5
char Base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_";
MD5_CTX ctx;
unsigned char md5[18];
# if MAXPATHLEN <= 24
ERROR _MAXPATHLEN <= 24
-# endif /* MAXPATHLEN <= 24 */
+# endif
char b64[24];
MD5_LONG bits;
int j;
# endif /* HASHSPOOLMD5 */
if (HashType == HASH_NONE || HashDepth * 2 >= MAXPATHLEN)
{
p[0] = '\0';
return p;
}
switch(HashType)
{
case HASH_USER:
str = name;
break;
# if HASHSPOOLMD5
case HASH_MD5:
MD5_Init(&ctx);
MD5_Update(&ctx, name, strlen(name));
MD5_Final(md5, &ctx);
md5[16] = 0;
md5[17] = 0;
for (i = 0; i < 6; i++)
{
bits = (unsigned) md5[(3 * i)] << 16;
bits |= (unsigned) md5[(3 * i) + 1] << 8;
bits |= (unsigned) md5[(3 * i) + 2];
for (j = 3; j >= 0; j--)
{
b64[(4 * i) + j] = Base64[(bits & 0x3f)];
bits >>= 6;
}
}
b64[22] = '\0';
str = b64;
break;
# endif /* HASHSPOOLMD5 */
}
len = strlen(str);
for (i = 0; i < HashDepth; i++)
{
if (i < len)
p[i * 2] = str[i];
else
p[i * 2] = '_';
p[(i * 2) + 1] = '/';
}
p[HashDepth * 2] = '\0';
return p;
}
#endif /* HASHSPOOL */
/*
* e_to_sys --
* Guess which errno's are temporary. Gag me.
*/
int
e_to_sys(num)
int num;
{
/* Temporary failures override hard errors. */
if (ExitVal == EX_TEMPFAIL)
return ExitVal;
switch (num) /* Hopefully temporary errors. */
{
#ifdef EDQUOT
case EDQUOT: /* Disc quota exceeded */
if (BounceQuota)
{
ExitVal = EX_UNAVAILABLE;
break;
}
/* FALLTHROUGH */
#endif /* EDQUOT */
#ifdef EAGAIN
case EAGAIN: /* Resource temporarily unavailable */
-#endif /* EAGAIN */
+#endif
#ifdef EBUSY
case EBUSY: /* Device busy */
-#endif /* EBUSY */
+#endif
#ifdef EPROCLIM
case EPROCLIM: /* Too many processes */
-#endif /* EPROCLIM */
+#endif
#ifdef EUSERS
case EUSERS: /* Too many users */
-#endif /* EUSERS */
+#endif
#ifdef ECONNABORTED
case ECONNABORTED: /* Software caused connection abort */
-#endif /* ECONNABORTED */
+#endif
#ifdef ECONNREFUSED
case ECONNREFUSED: /* Connection refused */
-#endif /* ECONNREFUSED */
+#endif
#ifdef ECONNRESET
case ECONNRESET: /* Connection reset by peer */
-#endif /* ECONNRESET */
+#endif
#ifdef EDEADLK
case EDEADLK: /* Resource deadlock avoided */
-#endif /* EDEADLK */
+#endif
#ifdef EFBIG
case EFBIG: /* File too large */
-#endif /* EFBIG */
+#endif
#ifdef EHOSTDOWN
case EHOSTDOWN: /* Host is down */
-#endif /* EHOSTDOWN */
+#endif
#ifdef EHOSTUNREACH
case EHOSTUNREACH: /* No route to host */
-#endif /* EHOSTUNREACH */
+#endif
#ifdef EMFILE
case EMFILE: /* Too many open files */
-#endif /* EMFILE */
+#endif
#ifdef ENETDOWN
case ENETDOWN: /* Network is down */
-#endif /* ENETDOWN */
+#endif
#ifdef ENETRESET
case ENETRESET: /* Network dropped connection on reset */
-#endif /* ENETRESET */
+#endif
#ifdef ENETUNREACH
case ENETUNREACH: /* Network is unreachable */
-#endif /* ENETUNREACH */
+#endif
#ifdef ENFILE
case ENFILE: /* Too many open files in system */
-#endif /* ENFILE */
+#endif
#ifdef ENOBUFS
case ENOBUFS: /* No buffer space available */
-#endif /* ENOBUFS */
+#endif
#ifdef ENOMEM
case ENOMEM: /* Cannot allocate memory */
-#endif /* ENOMEM */
+#endif
#ifdef ENOSPC
case ENOSPC: /* No space left on device */
-#endif /* ENOSPC */
+#endif
#ifdef EROFS
case EROFS: /* Read-only file system */
-#endif /* EROFS */
+#endif
#ifdef ESTALE
case ESTALE: /* Stale NFS file handle */
-#endif /* ESTALE */
+#endif
#ifdef ETIMEDOUT
case ETIMEDOUT: /* Connection timed out */
-#endif /* ETIMEDOUT */
+#endif
#if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK
case EWOULDBLOCK: /* Operation would block. */
-#endif /* defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK */
+#endif
ExitVal = EX_TEMPFAIL;
break;
default:
ExitVal = EX_UNAVAILABLE;
break;
}
return ExitVal;
}
#if defined(ultrix) || defined(_CRAY)
/*
* Copyright (c) 1987, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
# if defined(LIBC_SCCS) && !defined(lint)
static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93";
-# endif /* defined(LIBC_SCCS) && !defined(lint) */
+# endif
# include <sys/types.h>
# include <sys/stat.h>
# include <fcntl.h>
# include <errno.h>
# include <stdio.h>
# include <ctype.h>
static int _gettemp();
mkstemp(path)
char *path;
{
int fd;
return (_gettemp(path, &fd) ? fd : -1);
}
static
_gettemp(path, doopen)
char *path;
register int *doopen;
{
extern int errno;
register char *start, *trv;
struct stat sbuf;
unsigned int pid;
pid = getpid();
for (trv = path; *trv; ++trv); /* extra X's get set to 0's */
while (*--trv == 'X')
{
*trv = (pid % 10) + '0';
pid /= 10;
}
/*
* check the target directory; if you have six X's and it
* doesn't exist this runs for a *very* long time.
*/
for (start = trv + 1;; --trv)
{
if (trv <= path)
break;
if (*trv == '/')
{
*trv = '\0';
if (stat(path, &sbuf) < 0)
return(0);
if (!S_ISDIR(sbuf.st_mode))
{
errno = ENOTDIR;
return(0);
}
*trv = '/';
break;
}
}
for (;;)
{
if (doopen)
{
if ((*doopen = open(path, O_CREAT|O_EXCL|O_RDWR,
0600)) >= 0)
return(1);
if (errno != EEXIST)
return(0);
}
else if (stat(path, &sbuf) < 0)
return(errno == ENOENT ? 1 : 0);
/* tricky little algorithm for backward compatibility */
for (trv = start;;)
{
if (!*trv)
return(0);
if (*trv == 'z')
*trv++ = 'a';
else
{
if (isascii(*trv) && isdigit(*trv))
*trv = 'a';
else
++*trv;
break;
}
}
}
/* NOTREACHED */
}
#endif /* defined(ultrix) || defined(_CRAY) */
diff --git a/mailstats/Makefile b/mailstats/Makefile
index b4137b7c451b..526cd161efd1 100644
--- a/mailstats/Makefile
+++ b/mailstats/Makefile
@@ -1,17 +1,19 @@
# $Id: Makefile,v 8.5 1999-09-23 22:36:36 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/mailstats/mailstats.0 b/mailstats/mailstats.0
index 36de15a6d1fa..f733c56ba5fa 100644
--- a/mailstats/mailstats.0
+++ b/mailstats/mailstats.0
@@ -1,64 +1,64 @@
MAILSTATS(8) MAILSTATS(8)
-NNAAMMEE
+NAME
mailstats - display mail statistics
-SSYYNNOOPPSSIISS
- mmaaiillssttaattss [--cc] [--oo] [--pp] [--PP] [--CC _c_f_f_i_l_e] [--ff _s_t_f_i_l_e]
+SYNOPSIS
+ mailstats [-c] [-o] [-p] [-P] [-C cffile] [-f stfile]
-DDEESSCCRRIIPPTTIIOONN
- The mmaaiillssttaattss utility displays the current mail statistics.
+DESCRIPTION
+ The mailstats utility displays the current mail statistics.
First, the time at which statistics started being kept is displayed, in
the format specified by ctime(3). Then, the statistics for each mailer
are displayed on a single line, each with the following white space
separated fields:
- MM The mailer number.
- mmssggssffrr Number of messages from the mailer.
- bbyytteess__ffrroomm Kbytes from the mailer.
- mmssggssttoo Number of messages to the mailer.
- bbyytteess__ttoo Kbytes to the mailer.
- mmssggssrreejj Number of messages rejected.
- mmssggssddiiss Number of messages discarded.
- mmssggssqquurr Number of messages quarantined.
- MMaaiilleerr The name of the mailer.
+ M The mailer number.
+ msgsfr Number of messages from the mailer.
+ bytes_from Kbytes from the mailer.
+ msgsto Number of messages to the mailer.
+ bytes_to Kbytes to the mailer.
+ msgsrej Number of messages rejected.
+ msgsdis Number of messages discarded.
+ msgsqur Number of messages quarantined.
+ Mailer The name of the mailer.
After this display, a line totaling the values for all of the mailers
is displayed (preceded with a ``T''), separated from the previous
information by a line containing only equals (``='') characters.
Another line preceded with a ``C'' lists the number of TCP connections.
The options are as follows:
- --CC Read the specified file instead of the default sseennddmmaaiill configu-
+ -C Read the specified file instead of the default sendmail configu-
ration file.
- --cc Try to use submit.cf instead of the default sseennddmmaaiill configura-
+ -c Try to use submit.cf instead of the default sendmail configura-
tion file.
- --ff Read the specified statistics file instead of the statistics
- file specified in the sseennddmmaaiill configuration file.
+ -f Read the specified statistics file instead of the statistics
+ file specified in the sendmail configuration file.
- --PP Output information in program-readable mode without clearing
+ -P Output information in program-readable mode without clearing
statistics.
- --pp Output information in program-readable mode and clear statis-
+ -p Output information in program-readable mode and clear statis-
tics.
- --oo Don't display the name of the mailer in the output.
+ -o Don't display the name of the mailer in the output.
- The mmaaiillssttaattss utility exits 0 on success, and >0 if an error occurs.
+ The mailstats utility exits 0 on success, and >0 if an error occurs.
-FFIILLEESS
- /etc/mail/sendmail.cf The default sseennddmmaaiill configuration file.
- /etc/mail/statistics The default sseennddmmaaiill statistics file.
+FILES
+ /etc/mail/sendmail.cf The default sendmail configuration file.
+ /etc/mail/statistics The default sendmail statistics file.
-SSEEEE AALLSSOO
+SEE ALSO
mailq(1), sendmail(8)
$Date: 2013-11-22 20:51:51 $ MAILSTATS(8)
diff --git a/mailstats/mailstats.c b/mailstats/mailstats.c
index 7107e62744b5..6b34a576e851 100644
--- a/mailstats/mailstats.c
+++ b/mailstats/mailstats.c
@@ -1,372 +1,372 @@
/*
* Copyright (c) 1998-2002, 2013 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*
*/
#include <sm/gen.h>
SM_IDSTR(copyright,
"@(#) Copyright (c) 1998-2002 Proofpoint, Inc. and its suppliers.\n\
All rights reserved.\n\
Copyright (c) 1988, 1993\n\
The Regents of the University of California. All rights reserved.\n")
SM_IDSTR(id, "@(#)$Id: mailstats.c,v 8.103 2013-11-22 20:51:51 ca Exp $")
#include <unistd.h>
#include <stddef.h>
#include <stdlib.h>
#include <ctype.h>
#include <string.h>
#include <time.h>
#ifdef EX_OK
# undef EX_OK /* unistd.h may have another use for this */
-#endif /* EX_OK */
+#endif
#include <sysexits.h>
#include <sm/errstring.h>
#include <sm/limits.h>
#include <sendmail/sendmail.h>
#include <sendmail/mailstats.h>
#include <sendmail/pathnames.h>
#define MNAMELEN 20 /* max length of mailer name */
int
main(argc, argv)
int argc;
char **argv;
{
register int i;
int mno;
int save_errno;
int ch, fd;
char *sfile;
char *cfile;
SM_FILE_T *cfp;
bool mnames;
bool progmode;
bool trunc;
long frmsgs = 0, frbytes = 0, tomsgs = 0, tobytes = 0, rejmsgs = 0;
long dismsgs = 0;
long quarmsgs = 0;
time_t now;
char mtable[MAXMAILERS][MNAMELEN + 1];
char sfilebuf[MAXPATHLEN];
char buf[MAXLINE];
struct statistics stats;
extern char *ctime();
extern char *optarg;
extern int optind;
# define MSOPTS "cC:f:opP"
cfile = getcfname(0, 0, SM_GET_SENDMAIL_CF, NULL);
sfile = NULL;
mnames = true;
progmode = false;
trunc = false;
while ((ch = getopt(argc, argv, MSOPTS)) != -1)
{
switch (ch)
{
case 'c':
cfile = getcfname(0, 0, SM_GET_SUBMIT_CF, NULL);
break;
case 'C':
cfile = optarg;
break;
case 'f':
sfile = optarg;
break;
case 'o':
mnames = false;
break;
case 'p':
trunc = true;
/* FALLTHROUGH */
case 'P':
progmode = true;
break;
case '?':
default:
usage:
(void) sm_io_fputs(smioerr, SM_TIME_DEFAULT,
"usage: mailstats [-C cffile] [-c] [-P] [-f stfile] [-o] [-p]\n");
exit(EX_USAGE);
}
}
argc -= optind;
argv += optind;
if (argc != 0)
goto usage;
if ((cfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, cfile, SM_IO_RDONLY,
NULL)) == NULL)
{
save_errno = errno;
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "mailstats: ");
errno = save_errno;
sm_perror(cfile);
exit(EX_NOINPUT);
}
mno = 0;
(void) sm_strlcpy(mtable[mno++], "prog", MNAMELEN + 1);
(void) sm_strlcpy(mtable[mno++], "*file*", MNAMELEN + 1);
(void) sm_strlcpy(mtable[mno++], "*include*", MNAMELEN + 1);
while (sm_io_fgets(cfp, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
{
register char *b;
char *s;
register char *m;
b = strchr(buf, '#');
if (b == NULL)
b = strchr(buf, '\n');
if (b == NULL)
b = &buf[strlen(buf)];
while (isascii(*--b) && isspace(*b))
continue;
*++b = '\0';
b = buf;
switch (*b++)
{
case 'M': /* mailer definition */
break;
case 'O': /* option -- see if .st file */
if (sm_strncasecmp(b, " StatusFile", 11) == 0 &&
!(isascii(b[11]) && isalnum(b[11])))
{
/* new form -- find value */
b = strchr(b, '=');
if (b == NULL)
continue;
while (isascii(*++b) && isspace(*b))
continue;
}
else if (*b++ != 'S')
{
/* something else boring */
continue;
}
/* this is the S or StatusFile option -- save it */
if (sm_strlcpy(sfilebuf, b, sizeof sfilebuf) >=
sizeof sfilebuf)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"StatusFile filename too long: %.30s...\n",
b);
exit(EX_CONFIG);
}
if (sfile == NULL)
sfile = sfilebuf;
default:
continue;
}
if (mno >= MAXMAILERS)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"Too many mailers defined, %d max.\n",
MAXMAILERS);
exit(EX_SOFTWARE);
}
m = mtable[mno];
s = m + MNAMELEN; /* is [MNAMELEN + 1] */
while (*b != ',' && !(isascii(*b) && isspace(*b)) &&
*b != '\0' && m < s)
*m++ = *b++;
*m = '\0';
for (i = 0; i < mno; i++)
{
if (strcmp(mtable[i], mtable[mno]) == 0)
break;
}
if (i == mno)
mno++;
}
(void) sm_io_close(cfp, SM_TIME_DEFAULT);
for (; mno < MAXMAILERS; mno++)
mtable[mno][0] = '\0';
if (sfile == NULL)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"mailstats: no statistics file located\n");
exit(EX_OSFILE);
}
fd = open(sfile, O_RDONLY, 0600);
if ((fd < 0) || (i = read(fd, &stats, sizeof stats)) < 0)
{
save_errno = errno;
(void) sm_io_fputs(smioerr, SM_TIME_DEFAULT, "mailstats: ");
errno = save_errno;
sm_perror(sfile);
exit(EX_NOINPUT);
}
if (i == 0)
{
(void) sleep(1);
if ((i = read(fd, &stats, sizeof stats)) < 0)
{
save_errno = errno;
(void) sm_io_fputs(smioerr, SM_TIME_DEFAULT,
"mailstats: ");
errno = save_errno;
sm_perror(sfile);
exit(EX_NOINPUT);
}
else if (i == 0)
{
memset((ARBPTR_T) &stats, '\0', sizeof stats);
(void) time(&stats.stat_itime);
}
}
if (i != 0)
{
if (stats.stat_magic != STAT_MAGIC)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"mailstats: incorrect magic number in %s\n",
sfile);
exit(EX_OSERR);
}
else if (stats.stat_version != STAT_VERSION)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"mailstats version (%d) incompatible with %s version (%d)\n",
STAT_VERSION, sfile,
stats.stat_version);
exit(EX_OSERR);
}
else if (i != sizeof stats || stats.stat_size != sizeof(stats))
{
(void) sm_io_fputs(smioerr, SM_TIME_DEFAULT,
"mailstats: file size changed.\n");
exit(EX_OSERR);
}
}
if (progmode)
{
(void) time(&now);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%ld %ld\n",
(long) stats.stat_itime, (long) now);
}
else
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Statistics from %s",
ctime(&stats.stat_itime));
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" M msgsfr bytes_from msgsto bytes_to msgsrej msgsdis");
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, " msgsqur");
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%s\n",
mnames ? " Mailer" : "");
}
for (i = 0; i < MAXMAILERS; i++)
{
if (stats.stat_nf[i] || stats.stat_nt[i] ||
stats.stat_nq[i] ||
stats.stat_nr[i] || stats.stat_nd[i])
{
char *format;
if (progmode)
format = "%2d %8ld %10ld %8ld %10ld %6ld %6ld";
else
format = "%2d %8ld %10ldK %8ld %10ldK %6ld %6ld";
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
format, i,
stats.stat_nf[i],
stats.stat_bf[i],
stats.stat_nt[i],
stats.stat_bt[i],
stats.stat_nr[i],
stats.stat_nd[i]);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" %6ld", stats.stat_nq[i]);
if (mnames)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" %s",
mtable[i]);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\n");
frmsgs += stats.stat_nf[i];
frbytes += stats.stat_bf[i];
tomsgs += stats.stat_nt[i];
tobytes += stats.stat_bt[i];
rejmsgs += stats.stat_nr[i];
dismsgs += stats.stat_nd[i];
quarmsgs += stats.stat_nq[i];
}
}
if (progmode)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" T %8ld %10ld %8ld %10ld %6ld %6ld",
frmsgs, frbytes, tomsgs, tobytes, rejmsgs,
dismsgs);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" %6ld", quarmsgs);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\n");
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" C %8ld %8ld %6ld\n",
stats.stat_cf, stats.stat_ct,
stats.stat_cr);
(void) close(fd);
if (trunc)
{
fd = open(sfile, O_RDWR | O_TRUNC, 0600);
if (fd >= 0)
(void) close(fd);
}
}
else
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"=============================================================");
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "========");
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\n");
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" T %8ld %10ldK %8ld %10ldK %6ld %6ld",
frmsgs, frbytes, tomsgs, tobytes, rejmsgs,
dismsgs);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" %6ld", quarmsgs);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\n");
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" C %8ld %10s %8ld %10s %6ld\n",
stats.stat_cf, "", stats.stat_ct, "",
stats.stat_cr);
}
exit(EX_OK);
/* NOTREACHED */
return EX_OK;
}
diff --git a/makemap/Makefile b/makemap/Makefile
index 953d28b37e7e..301a639d437e 100644
--- a/makemap/Makefile
+++ b/makemap/Makefile
@@ -1,17 +1,19 @@
# $Id: Makefile,v 8.7 1999-09-23 22:36:37 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/makemap/Makefile.m4 b/makemap/Makefile.m4
index c6dffd0f57f5..9ff01cd25491 100644
--- a/makemap/Makefile.m4
+++ b/makemap/Makefile.m4
@@ -1,24 +1,25 @@
dnl $Id: Makefile.m4,v 8.44 2006-06-28 21:08:03 ca Exp $
include(confBUILDTOOLSDIR`/M4/switch.m4')
define(`confREQUIRE_LIBSM', `true')
define(`confREQUIRE_SM_OS_H', `true')
# sendmail dir
SMSRCDIR= ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail')
PREPENDDEF(`confENVDEF', `confMAPDEF')
PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ')
bldPRODUCT_START(`executable', `makemap')
define(`bldSOURCES', `makemap.c ')
define(`bldINSTALL_DIR', `S')
bldPUSH_SMLIB(`sm')
bldPUSH_SMLIB(`smutil')
bldPUSH_SMLIB(`smdb')
APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL')
bldPRODUCT_END
bldPRODUCT_START(`manpage', `makemap')
define(`bldSOURCES', `makemap.8')
bldPRODUCT_END
+
bldFINISH
diff --git a/makemap/makemap.0 b/makemap/makemap.0
index 73d6ef09a37e..61f4d6f868dc 100644
--- a/makemap/makemap.0
+++ b/makemap/makemap.0
@@ -1,90 +1,102 @@
MAKEMAP(8) MAKEMAP(8)
-NNAAMMEE
+NAME
makemap - create database maps for sendmail
-SSYYNNOOPPSSIISS
- mmaakkeemmaapp [--CC _f_i_l_e] [--NN] [--cc _c_a_c_h_e_s_i_z_e] [--dd] [--DD _c_o_m_m_e_n_t_c_h_a_r] [--ee] [--ff]
- [--ll] [--oo] [--rr] [--ss] [--tt _d_e_l_i_m] [--uu] [--vv] _m_a_p_t_y_p_e _m_a_p_n_a_m
+SYNOPSIS
+ makemap [-C file] [-N] [-c cachesize] [-d] [-D commentchar] [-e] [-f]
+ [-l] [-o] [-r] [-s] [-t delim] [-u] [-v] maptype mapnam
-DDEESSCCRRIIPPTTIIOONN
- MMaakkeemmaapp creates the database maps used by the keyed map lookups in
+DESCRIPTION
+ Makemap creates the database maps used by the keyed map lookups in
sendmail(8). It reads input from the standard input and outputs them
- to the indicated _m_a_p_n_a_m_e_.
+ to the indicated mapname.
- Depending on how it is compiled, mmaakkeemmaapp handles up to three different
- database formats, selected using the _m_a_p_t_y_p_e parameter. They may be
+ Depending on how it is compiled, makemap handles different database
+ formats, selected using the maptype parameter. They may be
dbm DBM format maps. This requires the ndbm(3) library.
btree B-Tree format maps. This requires the new Berkeley DB library.
hash Hash format maps. This also requires the Berkeley DB library.
- In all cases, mmaakkeemmaapp reads lines from the standard input consisting of
+ cdb CDB (Constant DataBase) format maps. This requires the tinycdb
+ library.
+
+ implicit
+ The first available format in the following order: hash, dbm,
+ and cdb.
+
+ In all cases, makemap reads lines from the standard input consisting of
two words separated by white space. The first is the database key, the
- second is the value. The value may contain ``%_n'' strings to indicate
+ second is the value. The value may contain ``%n'' strings to indicate
parameter substitution. Literal percents should be doubled (``%%'').
Blank lines and lines beginning with ``#'' are ignored.
- Notice: do nnoott use mmaakkeemmaapp to create the aliases data base, but
- nneewwaalliiaasseess which puts a special token into the data base that is
- required by sseennddmmaaiill..
+ Notice: do not use makemap to create the aliases data base, but
+ newaliases which puts a special token into the data base that is
+ required by sendmail.
- If the _T_r_u_s_t_e_d_U_s_e_r option is set in the sendmail configuration file and
- mmaakkeemmaapp is invoked as root, the generated files will be owned by the
- specified _T_r_u_s_t_e_d_U_s_e_r_.
+ If the TrustedUser option is set in the sendmail configuration file and
+ makemap is invoked as root, the generated files will be owned by the
+ specified TrustedUser.
- FFllaaggss
- --CC Use the specified sseennddmmaaiill configuration file for looking up the
+ Flags
+ -C Use the specified sendmail configuration file for looking up the
TrustedUser option.
- --NN Include the null byte that terminates strings in the map. This
+ -N Include the null byte that terminates strings in the map. This
must match the -N flag in the sendmail.cf ``K'' line.
- --cc Use the specified hash and B-Tree cache size.
+ -c Use the specified hash and B-Tree cache size.
- --DD Use to specify the character to use to indicate a comment (which
+ -D Use to specify the character to use to indicate a comment (which
is ignored) instead of the default of '#'.
- --dd Allow duplicate keys in the map. This is only allowed on B-Tree
+ -d Allow duplicate keys in the map. This is only allowed on B-Tree
format maps. If two identical keys are read, they will both be
inserted into the map.
- --ee Allow empty value (right hand side).
+ -e Allow empty value (right hand side).
- --ff Normally all upper case letters in the key are folded to lower
+ -f Normally all upper case letters in the key are folded to lower
case. This flag disables that behaviour. This is intended to
- mesh with the -f flag in the KK line in sendmail.cf. The value
+ mesh with the -f flag in the K line in sendmail.cf. The value
is never case folded.
- --ll List supported map types.
+ -l List supported map types.
- --oo Append to an old file. This allows you to augment an existing
- file.
+ -o Append to an old file. This allows you to augment an existing
+ file. Note: this might not be supported by all database types,
+ e.g., cdb.
- --rr Allow replacement of existing keys. Normally mmaakkeemmaapp complains
+ -r Allow replacement of existing keys. Normally makemap complains
if you repeat a key, and does not do the insert.
- --ss Ignore safety checks on maps being created. This includes
- checking for hard or symbolic links in world writable directo-
+ -s Ignore safety checks on maps being created. This includes
+ checking for hard or symbolic links in world writable directo-
ries.
- --tt Use the specified delimiter instead of white space (also for
+ -t Use the specified delimiter instead of white space (also for
dumping a map).
- --uu dump (unmap) the content of the database to standard output.
+ -u dump (unmap) the content of the database to standard output.
+
+ -v Verbosely print what it is doing.
+
- --vv Verbosely print what it is doing.
+Example
+ makemap hash /etc/mail/access < /etc/mail/access
-SSEEEE AALLSSOO
+SEE ALSO
sendmail(8), newaliases(1)
-HHIISSTTOORRYY
- The mmaakkeemmaapp command appeared in 4.4BSD.
+HISTORY
+ The makemap command appeared in 4.4BSD.
$Date: 2013-11-22 20:51:52 $ MAKEMAP(8)
diff --git a/makemap/makemap.8 b/makemap/makemap.8
index a6bfd21462c4..fa250109b842 100644
--- a/makemap/makemap.8
+++ b/makemap/makemap.8
@@ -1,173 +1,186 @@
.\" Copyright (c) 1998-2002 Proofpoint, Inc. and its suppliers.
.\" All rights reserved.
.\" Copyright (c) 1988, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" By using this file, you agree to the terms and conditions set
.\" forth in the LICENSE file which can be found at the top level of
.\" the sendmail distribution.
.\"
.\"
.\" $Id: makemap.8,v 8.32 2013-11-22 20:51:52 ca Exp $
.\"
.TH MAKEMAP 8 "$Date: 2013-11-22 20:51:52 $"
.SH NAME
makemap
\- create database maps for sendmail
.SH SYNOPSIS
.B makemap
.RB [ \-C
.IR file ]
.RB [ \-N ]
.RB [ \-c
.IR cachesize ]
.RB [ \-d ]
.RB [ \-D
.IR commentchar ]
.RB [ \-e ]
.RB [ \-f ]
.RB [ \-l ]
.RB [ \-o ]
.RB [ \-r ]
.RB [ \-s ]
.RB [ \-t
.IR delim ]
.RB [ \-u ]
.RB [ \-v ]
.I
maptype mapnam
.SH DESCRIPTION
.B Makemap
creates the database maps used by the keyed map lookups in
sendmail(8).
It reads input from the standard input
and outputs them to the indicated
.I mapname.
.PP
Depending on how it is compiled,
.B makemap
-handles up to three different database formats,
+handles different database formats,
selected using the
.I maptype
parameter.
They may be
.TP
dbm
DBM format maps.
This requires the
ndbm(3)
library.
.TP
btree
B-Tree format maps.
This requires the new Berkeley DB
library.
.TP
hash
Hash format maps.
This also requires the Berkeley DB
library.
+.TP
+cdb
+CDB (Constant DataBase) format maps.
+This requires the tinycdb library.
+.TP
+implicit
+The first available format in the following order:
+hash, dbm, and cdb.
.PP
In all cases,
.B makemap
reads lines from the standard input consisting of two
words separated by white space.
The first is the database key,
the second is the value.
The value may contain
``%\fIn\fP''
strings to indicate parameter substitution.
Literal percents should be doubled
(``%%'').
Blank lines and lines beginning with ``#'' are ignored.
.PP
Notice: do
.B not
use
.B makemap
to create the aliases data base, but
.B newaliases
which puts a special token into the data base that is required by
.B sendmail.
.PP
If the
.I TrustedUser
option is set in the sendmail configuration file and
.B makemap
is invoked as root, the generated files will be owned by
the specified
.IR TrustedUser.
.SS Flags
.TP
.B \-C
Use the specified
.B sendmail
configuration file for looking up the TrustedUser option.
.TP
.B \-N
Include the null byte that terminates strings
in the map.
This must match the \-N flag in the sendmail.cf
``K'' line.
.TP
.B \-c
Use the specified hash and B-Tree cache size.
.TP
.B \-D
Use to specify the character to use to indicate a comment (which is ignored)
instead of the default of '#'.
.TP
.B \-d
Allow duplicate keys in the map.
This is only allowed on B-Tree format maps.
If two identical keys are read,
they will both be inserted into the map.
.TP
.B \-e
Allow empty value (right hand side).
.TP
.B \-f
Normally all upper case letters in the key
are folded to lower case.
This flag disables that behaviour.
This is intended to mesh with the
\-f flag in the
.B K
line in sendmail.cf.
The value is never case folded.
.TP
.B \-l
List supported map types.
.TP
.B \-o
Append to an old file.
This allows you to augment an existing file.
+Note: this might not be supported by all database types,
+e.g., cdb.
.TP
.B \-r
Allow replacement of existing keys.
Normally
.B makemap
complains if you repeat a key,
and does not do the insert.
.TP
.B \-s
Ignore safety checks on maps being created.
This includes checking for hard or symbolic
links in world writable directories.
.TP
.B \-t
Use the specified delimiter instead of white space
(also for dumping a map).
.TP
.B \-u
dump (unmap) the content of the database to standard output.
.TP
.B \-v
Verbosely print what it is doing.
+.P
+.SH Example
+makemap hash /etc/mail/access < /etc/mail/access
.SH SEE ALSO
sendmail(8), newaliases(1)
.SH HISTORY
The
.B makemap
command appeared in
4.4BSD.
diff --git a/makemap/makemap.c b/makemap/makemap.c
index cf1f62c8ea9e..4aa8d6ddab38 100644
--- a/makemap/makemap.c
+++ b/makemap/makemap.c
@@ -1,529 +1,701 @@
/*
* Copyright (c) 1998-2002, 2004, 2008 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1992 Eric P. Allman. All rights reserved.
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_IDSTR(copyright,
"@(#) Copyright (c) 1998-2002, 2004 Proofpoint, Inc. and its suppliers.\n\
All rights reserved.\n\
Copyright (c) 1992 Eric P. Allman. All rights reserved.\n\
Copyright (c) 1992, 1993\n\
The Regents of the University of California. All rights reserved.\n")
SM_IDSTR(id, "@(#)$Id: makemap.c,v 8.183 2013-11-22 20:51:52 ca Exp $")
#include <sys/types.h>
#ifndef ISC_UNIX
# include <sys/file.h>
-#endif /* ! ISC_UNIX */
+#endif
#include <ctype.h>
#include <stdlib.h>
#include <unistd.h>
#ifdef EX_OK
# undef EX_OK /* unistd.h may have another use for this */
-#endif /* EX_OK */
+#endif
#include <sysexits.h>
#include <sendmail/sendmail.h>
+#include <sm/path.h>
#include <sendmail/pathnames.h>
#include <libsmdb/smdb.h>
uid_t RealUid;
gid_t RealGid;
char *RealUserName;
uid_t RunAsUid;
gid_t RunAsGid;
char *RunAsUserName;
int Verbose = 2;
bool DontInitGroups = false;
uid_t TrustedUid = 0;
BITMAP256 DontBlameSendmail;
#define BUFSIZE 1024
-#define ISSEP(c) (sep == '\0' ? isascii(c) && isspace(c) : (c) == sep)
+#define ISASCII(c) isascii((unsigned char)(c))
+#define ISSEP(c) (sep == '\0' ? ISASCII(c) && isspace(c) : (c) == sep)
-static void usage __P((char *));
+static void usage __P((const char *));
+static char *readcf __P((const char *, char *, bool));
static void
usage(progname)
- char *progname;
+ const char *progname;
{
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"Usage: %s [-C cffile] [-N] [-c cachesize] [-D commentchar]\n",
progname);
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
" %*s [-d] [-e] [-f] [-l] [-o] [-r] [-s] [-t delimiter]\n",
(int) strlen(progname), "");
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
" %*s [-u] [-v] type mapname\n",
(int) strlen(progname), "");
exit(EX_USAGE);
}
+/*
+** READCF -- read some settings from configuration file.
+**
+** Parameters:
+** cfile -- configuration file name.
+** mapfile -- file name of map to look up (if not NULL/empty)
+** Note: this finds the first match, so in case someone
+** uses the same map file for different maps, they are
+** hopefully using the same map type.
+** fullpath -- compare the full paths or just the "basename"s?
+** (even excluding any .ext !)
+**
+** Returns:
+** pointer to map class name (static!)
+*/
+
+static char *
+readcf(cfile, mapfile, fullpath)
+ const char *cfile;
+ char *mapfile;
+ bool fullpath;
+{
+ SM_FILE_T *cfp;
+ char buf[MAXLINE];
+ static char classbuf[MAXLINE];
+ char *classname;
+ char *p;
+
+ if ((cfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, cfile,
+ SM_IO_RDONLY, NULL)) == NULL)
+ {
+ sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+ "makemap: %s: %s\n",
+ cfile, sm_errstring(errno));
+ exit(EX_NOINPUT);
+ }
+ classname = NULL;
+ classbuf[0] = '\0';
+
+ if (!fullpath && mapfile != NULL)
+ {
+ p = strrchr(mapfile, '/');
+ if (p != NULL)
+ mapfile = ++p;
+ p = strrchr(mapfile, '.');
+ if (p != NULL)
+ *p = '\0';
+ }
+
+ while (sm_io_fgets(cfp, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
+ {
+ char *b;
+
+ if ((b = strchr(buf, '\n')) != NULL)
+ *b = '\0';
+
+ b = buf;
+ switch (*b++)
+ {
+ case 'O': /* option */
+#if HASFCHOWN
+ if (strncasecmp(b, " TrustedUser", 12) == 0 &&
+ !(ISASCII(b[12]) && isalnum(b[12])))
+ {
+ b = strchr(b, '=');
+ if (b == NULL)
+ continue;
+ while (ISASCII(*++b) && isspace(*b))
+ continue;
+ if (ISASCII(*b) && isdigit(*b))
+ TrustedUid = atoi(b);
+ else
+ {
+ struct passwd *pw;
+
+ TrustedUid = 0;
+ pw = getpwnam(b);
+ if (pw == NULL)
+ (void) sm_io_fprintf(smioerr,
+ SM_TIME_DEFAULT,
+ "TrustedUser: unknown user %s\n", b);
+ else
+ TrustedUid = pw->pw_uid;
+ }
+
+# ifdef UID_MAX
+ if (TrustedUid > UID_MAX)
+ {
+ (void) sm_io_fprintf(smioerr,
+ SM_TIME_DEFAULT,
+ "TrustedUser: uid value (%ld) > UID_MAX (%ld)",
+ (long) TrustedUid,
+ (long) UID_MAX);
+ TrustedUid = 0;
+ }
+# endif /* UID_MAX */
+ }
+#endif /* HASFCHOWN */
+ break;
+
+ case 'K': /* Keyfile (map) */
+ if (classname != NULL) /* found it already */
+ continue;
+ if (mapfile == NULL || *mapfile == '\0')
+ continue;
+
+ /* cut off trailing spaces */
+ for (p = buf + strlen(buf) - 1; ISASCII(*p) && isspace(*p) && p > buf; p--)
+ *p = '\0';
+
+ /* find the last argument */
+ p = strrchr(buf, ' ');
+ if (p == NULL)
+ continue;
+ b = strstr(p, mapfile);
+ if (b == NULL)
+ continue;
+ if (b <= buf)
+ continue;
+ if (!fullpath)
+ {
+ p = strrchr(b, '.');
+ if (p != NULL)
+ *p = '\0';
+ }
+
+ /* allow trailing white space? */
+ if (strcmp(mapfile, b) != 0)
+ continue;
+ /* SM_ASSERT(b > buf); */
+ --b;
+ if (!ISASCII(*b))
+ continue;
+ if (!isspace(*b) && fullpath)
+ continue;
+ if (!fullpath && !(SM_IS_DIR_DELIM(*b) || isspace(*b)))
+ continue;
+
+ /* basically from readcf.c */
+ for (b = buf + 1; ISASCII(*b) && isspace(*b); b++)
+ ;
+ if (!(ISASCII(*b) && isalnum(*b)))
+ {
+ /* syserr("readcf: config K line: no map name"); */
+ return NULL;
+ }
+
+ while ((ISASCII(*++b) && isalnum(*b)) || *b == '_' || *b == '.')
+ ;
+ if (*b != '\0')
+ *b++ = '\0';
+ while (ISASCII(*b) && isspace(*b))
+ b++;
+ if (!(ISASCII(*b) && isalnum(*b)))
+ {
+ /* syserr("readcf: config K line, map %s: no map class", b); */
+ return NULL;
+ }
+ classname = b;
+ while (ISASCII(*++b) && isalnum(*b))
+ ;
+ if (*b != '\0')
+ *b++ = '\0';
+ (void) sm_strlcpy(classbuf, classname, sizeof classbuf);
+ break;
+
+ default:
+ continue;
+ }
+ }
+ (void) sm_io_close(cfp, SM_TIME_DEFAULT);
+
+ return classbuf;
+}
+
int
main(argc, argv)
int argc;
char **argv;
{
char *progname;
char *cfile;
bool inclnull = false;
bool notrunc = false;
bool allowreplace = false;
bool allowempty = false;
bool verbose = false;
bool foldcase = true;
bool unmake = false;
+ bool didreadcf = false;
char sep = '\0';
char comment = '#';
int exitstat;
int opt;
char *typename = NULL;
+ char *fallback = NULL;
char *mapname = NULL;
unsigned int lineno;
int st;
int mode;
int smode;
int putflags = 0;
long sff = SFF_ROOTOK|SFF_REGONLY;
struct passwd *pw;
SMDB_DATABASE *database;
SMDB_CURSOR *cursor;
SMDB_DBENT db_key, db_val;
SMDB_DBPARAMS params;
SMDB_USER_INFO user_info;
char ibuf[BUFSIZE];
-#if HASFCHOWN
- SM_FILE_T *cfp;
- char buf[MAXLINE];
-#endif /* HASFCHOWN */
static char rnamebuf[MAXNAME]; /* holds RealUserName */
extern char *optarg;
extern int optind;
memset(&params, '\0', sizeof params);
params.smdbp_cache_size = 1024 * 1024;
progname = strrchr(argv[0], '/');
if (progname != NULL)
progname++;
else
progname = argv[0];
cfile = getcfname(0, 0, SM_GET_SENDMAIL_CF, NULL);
clrbitmap(DontBlameSendmail);
RunAsUid = RealUid = getuid();
RunAsGid = RealGid = getgid();
pw = getpwuid(RealUid);
if (pw != NULL)
(void) sm_strlcpy(rnamebuf, pw->pw_name, sizeof rnamebuf);
else
(void) sm_snprintf(rnamebuf, sizeof rnamebuf,
"Unknown UID %d", (int) RealUid);
RunAsUserName = RealUserName = rnamebuf;
user_info.smdbu_id = RunAsUid;
user_info.smdbu_group_id = RunAsGid;
(void) sm_strlcpy(user_info.smdbu_name, RunAsUserName,
SMDB_MAX_USER_NAME_LEN);
-#define OPTIONS "C:D:Nc:deflorst:uv"
+#define OPTIONS "C:D:Nc:defi:Llorst:uvx"
while ((opt = getopt(argc, argv, OPTIONS)) != -1)
{
switch (opt)
{
case 'C':
cfile = optarg;
break;
case 'N':
inclnull = true;
break;
case 'c':
params.smdbp_cache_size = atol(optarg);
break;
case 'd':
params.smdbp_allow_dup = true;
break;
case 'e':
allowempty = true;
break;
case 'f':
foldcase = false;
break;
+ case 'i':
+ fallback =optarg;
+ break;
+
case 'D':
comment = *optarg;
break;
+ case 'L':
+ smdb_print_available_types(false);
+ sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ "cf\nCF\n");
+ exit(EX_OK);
+ break;
+
case 'l':
- smdb_print_available_types();
+ smdb_print_available_types(false);
exit(EX_OK);
break;
case 'o':
notrunc = true;
break;
case 'r':
allowreplace = true;
break;
case 's':
setbitn(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail);
setbitn(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail);
setbitn(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail);
setbitn(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail);
break;
case 't':
if (optarg == NULL || *optarg == '\0')
{
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"Invalid separator\n");
break;
}
sep = *optarg;
break;
case 'u':
unmake = true;
break;
case 'v':
verbose = true;
break;
+
+ case 'x':
+ smdb_print_available_types(true);
+ exit(EX_OK);
+ break;
default:
usage(progname);
/* NOTREACHED */
}
}
if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
sff |= SFF_NOSLINK;
if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
sff |= SFF_NOHLINK;
if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
sff |= SFF_NOWLINK;
argc -= optind;
argv += optind;
if (argc != 2)
{
usage(progname);
/* NOTREACHED */
}
else
{
typename = argv[0];
mapname = argv[1];
}
+#define TYPEFROMCF (strcasecmp(typename, "cf") == 0)
+#define FULLPATHFROMCF (strcmp(typename, "cf") == 0)
+
#if HASFCHOWN
- /* Find TrustedUser value in sendmail.cf */
- if ((cfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, cfile, SM_IO_RDONLY,
- NULL)) == NULL)
- {
- sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "makemap: %s: %s\n",
- cfile, sm_errstring(errno));
- exit(EX_NOINPUT);
- }
- while (sm_io_fgets(cfp, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
+ if (geteuid() == 0)
{
- register char *b;
-
- if ((b = strchr(buf, '\n')) != NULL)
- *b = '\0';
-
- b = buf;
- switch (*b++)
- {
- case 'O': /* option */
- if (strncasecmp(b, " TrustedUser", 12) == 0 &&
- !(isascii(b[12]) && isalnum(b[12])))
- {
- b = strchr(b, '=');
- if (b == NULL)
- continue;
- while (isascii(*++b) && isspace(*b))
- continue;
- if (isascii(*b) && isdigit(*b))
- TrustedUid = atoi(b);
- else
- {
- TrustedUid = 0;
- pw = getpwnam(b);
- if (pw == NULL)
- (void) sm_io_fprintf(smioerr,
- SM_TIME_DEFAULT,
- "TrustedUser: unknown user %s\n", b);
- else
- TrustedUid = pw->pw_uid;
- }
-
-# ifdef UID_MAX
- if (TrustedUid > UID_MAX)
- {
- (void) sm_io_fprintf(smioerr,
- SM_TIME_DEFAULT,
- "TrustedUser: uid value (%ld) > UID_MAX (%ld)",
- (long) TrustedUid,
- (long) UID_MAX);
- TrustedUid = 0;
- }
-# endif /* UID_MAX */
- break;
- }
-
-
- default:
- continue;
- }
+ if (TYPEFROMCF)
+ typename = readcf(cfile, mapname, FULLPATHFROMCF);
+ else
+ (void) readcf(cfile, NULL, false);
+ didreadcf = true;
}
- (void) sm_io_close(cfp, SM_TIME_DEFAULT);
#endif /* HASFCHOWN */
if (!params.smdbp_allow_dup && !allowreplace)
putflags = SMDBF_NO_OVERWRITE;
if (unmake)
{
mode = O_RDONLY;
smode = S_IRUSR;
}
else
{
mode = O_RDWR;
if (!notrunc)
{
mode |= O_CREAT|O_TRUNC;
sff |= SFF_CREAT;
}
smode = S_IWUSR;
}
params.smdbp_num_elements = 4096;
+ if (!didreadcf && TYPEFROMCF)
+ {
+ typename = readcf(cfile, mapname, FULLPATHFROMCF);
+ didreadcf = true;
+ }
+ if (didreadcf && (typename == NULL || *typename == '\0'))
+ {
+ if (fallback != NULL && *fallback != '\0')
+ {
+ typename = fallback;
+ if (verbose)
+ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+ "%s: mapfile %s: not found in %s, using fallback %s\n",
+ progname, mapname, cfile, fallback);
+ }
+ else
+ {
+ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+ "%s: mapfile %s: not found in %s\n",
+ progname, mapname, cfile);
+ exit(EX_DATAERR);
+ }
+ }
+
+ /*
+ ** Note: if "implicit" is selected it does not work like
+ ** sendmail: it will just use the first available DB type,
+ ** it won't try several (for -u) to find one that "works".
+ */
+
errno = smdb_open_database(&database, mapname, mode, smode, sff,
typename, &user_info, &params);
if (errno != SMDBE_OK)
{
char *hint;
if (errno == SMDBE_UNSUPPORTED_DB_TYPE &&
(hint = smdb_db_definition(typename)) != NULL)
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: Need to recompile with -D%s for %s support\n",
progname, hint, typename);
else
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: error opening type %s map %s: %s\n",
progname, typename, mapname,
sm_errstring(errno));
exit(EX_CANTCREAT);
}
(void) database->smdb_sync(database, 0);
if (!unmake && geteuid() == 0 && TrustedUid != 0)
{
errno = database->smdb_set_owner(database, TrustedUid, -1);
if (errno != SMDBE_OK)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"WARNING: ownership change on %s failed %s",
mapname, sm_errstring(errno));
}
}
/*
** Copy the data
*/
exitstat = EX_OK;
if (unmake)
{
errno = database->smdb_cursor(database, &cursor, 0);
if (errno != SMDBE_OK)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: cannot make cursor for type %s map %s\n",
progname, typename, mapname);
exit(EX_SOFTWARE);
}
memset(&db_key, '\0', sizeof db_key);
memset(&db_val, '\0', sizeof db_val);
for (lineno = 0; ; lineno++)
{
errno = cursor->smdbc_get(cursor, &db_key, &db_val,
SMDB_CURSOR_GET_NEXT);
if (errno != SMDBE_OK)
break;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%.*s%c%.*s\n",
(int) db_key.size,
(char *) db_key.data,
(sep != '\0') ? sep : '\t',
(int) db_val.size,
(char *)db_val.data);
}
(void) cursor->smdbc_close(cursor);
}
else
{
lineno = 0;
while (sm_io_fgets(smioin, SM_TIME_DEFAULT, ibuf, sizeof ibuf)
>= 0)
{
register char *p;
lineno++;
/*
** Parse the line.
*/
p = strchr(ibuf, '\n');
if (p != NULL)
*p = '\0';
else if (!sm_io_eof(smioin))
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: %s: line %u: line too long (%ld bytes max)\n",
progname, mapname, lineno,
(long) sizeof ibuf);
exitstat = EX_DATAERR;
continue;
}
if (ibuf[0] == '\0' || ibuf[0] == comment)
continue;
- if (sep == '\0' && isascii(ibuf[0]) && isspace(ibuf[0]))
+ if (sep == '\0' && ISASCII(ibuf[0]) && isspace(ibuf[0]))
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: %s: line %u: syntax error (leading space)\n",
progname, mapname, lineno);
exitstat = EX_DATAERR;
continue;
}
memset(&db_key, '\0', sizeof db_key);
memset(&db_val, '\0', sizeof db_val);
db_key.data = ibuf;
for (p = ibuf; *p != '\0' && !(ISSEP(*p)); p++)
{
- if (foldcase && isascii(*p) && isupper(*p))
+ if (foldcase && ISASCII(*p) && isupper(*p))
*p = tolower(*p);
}
db_key.size = p - ibuf;
if (inclnull)
db_key.size++;
if (*p != '\0')
*p++ = '\0';
while (*p != '\0' && ISSEP(*p))
p++;
if (!allowempty && *p == '\0')
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: %s: line %u: no RHS for LHS %s\n",
progname, mapname, lineno,
(char *) db_key.data);
exitstat = EX_DATAERR;
continue;
}
db_val.data = p;
db_val.size = strlen(p);
if (inclnull)
db_val.size++;
/*
** Do the database insert.
*/
if (verbose)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"key=`%s', val=`%s'\n",
(char *) db_key.data,
(char *) db_val.data);
}
errno = database->smdb_put(database, &db_key, &db_val,
putflags);
switch (errno)
{
case SMDBE_KEY_EXIST:
st = 1;
break;
case 0:
st = 0;
break;
default:
st = -1;
break;
}
if (st < 0)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: %s: line %u: key %s: put error: %s\n",
progname, mapname, lineno,
(char *) db_key.data,
sm_errstring(errno));
exitstat = EX_IOERR;
}
else if (st > 0)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: %s: line %u: key %s: duplicate key\n",
progname, mapname,
lineno,
(char *) db_key.data);
exitstat = EX_DATAERR;
}
}
}
/*
** Now close the database.
*/
errno = database->smdb_close(database);
if (errno != SMDBE_OK)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: close(%s): %s\n",
progname, mapname, sm_errstring(errno));
exitstat = EX_IOERR;
}
smdb_free_database(database);
exit(exitstat);
/* NOTREACHED */
return exitstat;
}
diff --git a/praliases/Makefile b/praliases/Makefile
index adf435249c19..b7e69043d074 100644
--- a/praliases/Makefile
+++ b/praliases/Makefile
@@ -1,17 +1,19 @@
# $Id: Makefile,v 8.5 1999-09-23 22:36:39 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/praliases/praliases.0 b/praliases/praliases.0
index 7cca6e5c68b1..c6b03b0c512f 100644
--- a/praliases/praliases.0
+++ b/praliases/praliases.0
@@ -1,39 +1,39 @@
PRALIASES(8) PRALIASES(8)
-NNAAMMEE
+NAME
praliases - display system mail aliases
-SSYYNNOOPPSSIISS
- pprraalliiaasseess [--CC _f_i_l_e] [--ff _f_i_l_e] [_k_e_y _._._.]
+SYNOPSIS
+ praliases [-C file] [-f file] [key ...]
-DDEESSCCRRIIPPTTIIOONN
- The pprraalliiaasseess utility displays the current system aliases, one per
+DESCRIPTION
+ The praliases utility displays the current system aliases, one per
line, in no particular order. The special internal @:@ alias will be
displayed if present.
The options are as follows:
- --CC _f_i_l_e
+ -C file
Read the specified sendmail configuration file instead of the
- default sseennddmmaaiill configuration file.
+ default sendmail configuration file.
- --ff _f_i_l_e
- Read the specified file instead of the configured sseennddmmaaiill sys-
+ -f file
+ Read the specified file instead of the configured sendmail sys-
tem aliases file(s).
If one or more keys are specified on the command line, only entries
which match those keys are displayed.
- The pprraalliiaasseess utility exits 0 on success, and >0 if an error occurs.
+ The praliases utility exits 0 on success, and >0 if an error occurs.
-FFIILLEESS
- /etc/mail/sendmail.cf The default sseennddmmaaiill configuration file.
+FILES
+ /etc/mail/sendmail.cf The default sendmail configuration file.
-SSEEEE AALLSSOO
+SEE ALSO
mailq(1), sendmail(8)
$Date: 2013-11-22 20:51:53 $ PRALIASES(8)
diff --git a/praliases/praliases.c b/praliases/praliases.c
index 67b28eaec91c..682d4e14d2ea 100644
--- a/praliases/praliases.c
+++ b/praliases/praliases.c
@@ -1,398 +1,396 @@
/*
* Copyright (c) 1998-2001, 2008 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_IDSTR(copyright,
"@(#) Copyright (c) 1998-2001 Proofpoint, Inc. and its suppliers.\n\
All rights reserved.\n\
Copyright (c) 1983 Eric P. Allman. All rights reserved.\n\
Copyright (c) 1988, 1993\n\
The Regents of the University of California. All rights reserved.\n")
SM_IDSTR(id, "@(#)$Id: praliases.c,v 8.98 2013-11-22 20:51:53 ca Exp $")
#include <sys/types.h>
#include <ctype.h>
#include <stdlib.h>
#include <unistd.h>
#ifdef EX_OK
# undef EX_OK /* unistd.h may have another use for this */
-#endif /* EX_OK */
+#endif
#include <sysexits.h>
#ifndef NOT_SENDMAIL
# define NOT_SENDMAIL
-#endif /* ! NOT_SENDMAIL */
+#endif
#include <sendmail/sendmail.h>
#include <sendmail/pathnames.h>
#include <libsmdb/smdb.h>
static void praliases __P((char *, int, char **));
uid_t RealUid;
gid_t RealGid;
char *RealUserName;
uid_t RunAsUid;
gid_t RunAsGid;
char *RunAsUserName;
int Verbose = 2;
bool DontInitGroups = false;
uid_t TrustedUid = 0;
BITMAP256 DontBlameSendmail;
# define DELIMITERS " ,/"
# define PATH_SEPARATOR ':'
int
main(argc, argv)
int argc;
char **argv;
{
char *cfile;
char *filename = NULL;
SM_FILE_T *cfp;
int ch;
char afilebuf[MAXLINE];
char buf[MAXLINE];
struct passwd *pw;
static char rnamebuf[MAXNAME];
extern char *optarg;
extern int optind;
clrbitmap(DontBlameSendmail);
RunAsUid = RealUid = getuid();
RunAsGid = RealGid = getgid();
pw = getpwuid(RealUid);
if (pw != NULL)
{
if (strlen(pw->pw_name) > MAXNAME - 1)
pw->pw_name[MAXNAME] = 0;
sm_snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name);
}
else
(void) sm_snprintf(rnamebuf, sizeof rnamebuf,
"Unknown UID %d", (int) RealUid);
RunAsUserName = RealUserName = rnamebuf;
cfile = getcfname(0, 0, SM_GET_SENDMAIL_CF, NULL);
while ((ch = getopt(argc, argv, "C:f:")) != -1)
{
switch ((char)ch) {
case 'C':
cfile = optarg;
break;
case 'f':
filename = optarg;
break;
case '?':
default:
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"usage: praliases [-C cffile] [-f aliasfile]"
" [key ...]\n");
exit(EX_USAGE);
}
}
argc -= optind;
argv += optind;
if (filename != NULL)
{
praliases(filename, argc, argv);
exit(EX_OK);
}
if ((cfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, cfile, SM_IO_RDONLY,
NULL)) == NULL)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"praliases: %s: %s\n", cfile,
sm_errstring(errno));
exit(EX_NOINPUT);
}
while (sm_io_fgets(cfp, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
{
register char *b, *p;
b = strchr(buf, '\n');
if (b != NULL)
*b = '\0';
b = buf;
switch (*b++)
{
case 'O': /* option -- see if alias file */
if (sm_strncasecmp(b, " AliasFile", 10) == 0 &&
!(isascii(b[10]) && isalnum(b[10])))
{
/* new form -- find value */
b = strchr(b, '=');
if (b == NULL)
continue;
while (isascii(*++b) && isspace(*b))
continue;
}
else if (*b++ != 'A')
{
/* something else boring */
continue;
}
/* this is the A or AliasFile option -- save it */
if (sm_strlcpy(afilebuf, b, sizeof afilebuf) >=
sizeof afilebuf)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"praliases: AliasFile filename too long: %.30s\n",
b);
(void) sm_io_close(cfp, SM_TIME_DEFAULT);
exit(EX_CONFIG);
}
b = afilebuf;
for (p = b; p != NULL; )
{
while (isascii(*p) && isspace(*p))
p++;
if (*p == '\0')
break;
b = p;
p = strpbrk(p, DELIMITERS);
/* find end of spec */
if (p != NULL)
{
bool quoted = false;
for (; *p != '\0'; p++)
{
/*
** Don't break into a quoted
** string.
*/
if (*p == '"')
quoted = !quoted;
else if (*p == ',' && !quoted)
break;
}
/* No more alias specs follow */
if (*p == '\0')
{
/* chop trailing whitespace */
while (isascii(*p) &&
isspace(*p) &&
p > b)
p--;
*p = '\0';
p = NULL;
}
}
if (p != NULL)
{
char *e = p - 1;
/* chop trailing whitespace */
while (isascii(*e) &&
isspace(*e) &&
e > b)
e--;
*++e = '\0';
*p++ = '\0';
}
praliases(b, argc, argv);
}
default:
continue;
}
}
(void) sm_io_close(cfp, SM_TIME_DEFAULT);
exit(EX_OK);
/* NOTREACHED */
return EX_OK;
}
static void
praliases(filename, argc, argv)
char *filename;
int argc;
char **argv;
{
int result;
char *colon;
char *db_name;
char *db_type;
SMDB_DATABASE *database = NULL;
SMDB_CURSOR *cursor = NULL;
SMDB_DBENT db_key, db_value;
SMDB_DBPARAMS params;
SMDB_USER_INFO user_info;
colon = strchr(filename, PATH_SEPARATOR);
if (colon == NULL)
{
db_name = filename;
db_type = SMDB_TYPE_DEFAULT;
}
else
{
*colon = '\0';
db_name = colon + 1;
db_type = filename;
}
/* clean off arguments */
for (;;)
{
while (isascii(*db_name) && isspace(*db_name))
db_name++;
if (*db_name != '-')
break;
while (*db_name != '\0' &&
!(isascii(*db_name) && isspace(*db_name)))
db_name++;
}
/* Skip non-file based DB types */
if (db_type != NULL && *db_type != '\0')
{
if (db_type != SMDB_TYPE_DEFAULT &&
- strcmp(db_type, "hash") != 0 &&
- strcmp(db_type, "btree") != 0 &&
- strcmp(db_type, "dbm") != 0)
+ !smdb_is_db_type(db_type))
{
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"praliases: Skipping non-file based alias type %s\n",
db_type);
return;
}
}
if (*db_name == '\0' || (db_type != NULL && *db_type == '\0'))
{
if (colon != NULL)
*colon = ':';
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"praliases: illegal alias specification: %s\n", filename);
goto fatal;
}
memset(&params, '\0', sizeof params);
params.smdbp_cache_size = 1024 * 1024;
user_info.smdbu_id = RunAsUid;
user_info.smdbu_group_id = RunAsGid;
(void) sm_strlcpy(user_info.smdbu_name, RunAsUserName,
SMDB_MAX_USER_NAME_LEN);
result = smdb_open_database(&database, db_name, O_RDONLY, 0,
SFF_ROOTOK, db_type, &user_info, &params);
if (result != SMDBE_OK)
{
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"praliases: %s: open: %s\n",
db_name, sm_errstring(result));
goto fatal;
}
if (argc == 0)
{
memset(&db_key, '\0', sizeof db_key);
memset(&db_value, '\0', sizeof db_value);
result = database->smdb_cursor(database, &cursor, 0);
if (result != SMDBE_OK)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"praliases: %s: set cursor: %s\n", db_name,
sm_errstring(result));
goto fatal;
}
while ((result = cursor->smdbc_get(cursor, &db_key, &db_value,
SMDB_CURSOR_GET_NEXT)) ==
SMDBE_OK)
{
#if 0
/* skip magic @:@ entry */
if (db_key.size == 2 &&
db_key.data[0] == '@' &&
db_key.data[1] == '\0' &&
db_value.size == 2 &&
db_value.data[0] == '@' &&
db_value.data[1] == '\0')
continue;
#endif /* 0 */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%.*s:%.*s\n",
(int) db_key.size,
(char *) db_key.data,
(int) db_value.size,
(char *) db_value.data);
}
if (result != SMDBE_OK && result != SMDBE_LAST_ENTRY)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"praliases: %s: get value at cursor: %s\n",
db_name, sm_errstring(result));
goto fatal;
}
}
else for (; *argv != NULL; ++argv)
{
int get_res;
memset(&db_key, '\0', sizeof db_key);
memset(&db_value, '\0', sizeof db_value);
db_key.data = *argv;
db_key.size = strlen(*argv);
get_res = database->smdb_get(database, &db_key, &db_value, 0);
if (get_res == SMDBE_NOT_FOUND)
{
db_key.size++;
get_res = database->smdb_get(database, &db_key,
&db_value, 0);
}
if (get_res == SMDBE_OK)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%.*s:%.*s\n",
(int) db_key.size,
(char *) db_key.data,
(int) db_value.size,
(char *) db_value.data);
}
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%s: No such key\n",
(char *)db_key.data);
}
fatal:
if (cursor != NULL)
(void) cursor->smdbc_close(cursor);
if (database != NULL)
(void) database->smdb_close(database);
if (colon != NULL)
*colon = ':';
return;
}
diff --git a/rmail/Makefile b/rmail/Makefile
index eeace604b1d7..059e4c188b6d 100644
--- a/rmail/Makefile
+++ b/rmail/Makefile
@@ -1,19 +1,21 @@
# $Id: Makefile,v 8.5 1999-10-05 16:39:19 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
force-install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/rmail/rmail.0 b/rmail/rmail.0
index 6a7b83d3c23e..011c2846b545 100644
--- a/rmail/rmail.0
+++ b/rmail/rmail.0
@@ -1,36 +1,36 @@
RMAIL(8) RMAIL(8)
-NNAAMMEE
+NAME
rmail - handle remote mail received via uucp
-SSYYNNOOPPSSIISS
- rrmmaaiill [--DD _d_o_m_a_i_n] [--TT] _u_s_e_r _._._.
+SYNOPSIS
+ rmail [-D domain] [-T] user ...
-DDEESSCCRRIIPPTTIIOONN
- RRmmaaiill interprets incoming mail received via uucp(1), collapsing
+DESCRIPTION
+ Rmail interprets incoming mail received via uucp(1), collapsing
``From'' lines in the form generated by mail.local(8) into a single
line of the form ``return-path!sender'', and passing the processed mail
on to sendmail(8).
- RRmmaaiill is explicitly designed for use with uucp and sendmail.
+ Rmail is explicitly designed for use with uucp and sendmail.
- FFllaaggss
- --DD Use the specified _d_o_m_a_i_n instead of the default domain of
+ Flags
+ -D Use the specified domain instead of the default domain of
``UUCP''.
- --TT Turn on debugging.
+ -T Turn on debugging.
-SSEEEE AALLSSOO
+SEE ALSO
uucp(1), mail.local(8), sendmail(8)
-HHIISSTTOORRYY
- The rrmmaaiill program appeared in 4.2BSD.
+HISTORY
+ The rmail program appeared in 4.2BSD.
-BBUUGGSS
- RRmmaaiill should not reside in /bin.
+BUGS
+ Rmail should not reside in /bin.
$Date: 2013-11-22 20:51:53 $ RMAIL(8)
diff --git a/rmail/rmail.c b/rmail/rmail.c
index 178cc3560f8c..154d772a81da 100644
--- a/rmail/rmail.c
+++ b/rmail/rmail.c
@@ -1,433 +1,433 @@
/*
* Copyright (c) 1998-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_IDSTR(copyright,
"@(#) Copyright (c) 1998-2001 Proofpoint, Inc. and its suppliers.\n\
All rights reserved.\n\
Copyright (c) 1988, 1993\n\
The Regents of the University of California. All rights reserved.\n")
SM_IDSTR(id, "@(#)$Id: rmail.c,v 8.63 2013-11-22 20:51:53 ca Exp $")
/*
* RMAIL -- UUCP mail server.
*
* This program reads the >From ... remote from ... lines that UUCP is so
* fond of and turns them into something reasonable. It then execs sendmail
* with various options built from these lines.
*
* The expected syntax is:
*
* <user> := [-a-z0-9]+
* <date> := ctime format
* <site> := [-a-z0-9!]+
* <blank line> := "^\n$"
* <from> := "From" <space> <user> <space> <date>
* [<space> "remote from" <space> <site>]
* <forward> := ">" <from>
* msg := <from> <forward>* <blank-line> <body>
*
* The output of rmail(8) compresses the <forward> lines into a single
* from path.
*
* The err(3) routine is included here deliberately to make this code
* a bit more portable.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <ctype.h>
#include <fcntl.h>
#include <sm/io.h>
#include <stdlib.h>
#include <sm/string.h>
#include <unistd.h>
#ifdef EX_OK
# undef EX_OK /* unistd.h may have another use for this */
-#endif /* EX_OK */
+#endif
#include <sysexits.h>
#include <sm/conf.h>
#include <sm/errstring.h>
#include <sendmail/pathnames.h>
static void err __P((int, const char *, ...));
static void usage __P((void));
static char *xalloc __P((int));
#define newstr(s) strcpy(xalloc(strlen(s) + 1), s)
static char *
xalloc(sz)
register int sz;
{
register char *p;
/* some systems can't handle size zero mallocs */
if (sz <= 0)
sz = 1;
p = malloc(sz);
if (p == NULL)
err(EX_TEMPFAIL, "out of memory");
return (p);
}
int
main(argc, argv)
int argc;
char *argv[];
{
int ch, debug, i, pdes[2], pid, status;
size_t fplen = 0, fptlen = 0, len;
off_t offset;
SM_FILE_T *fp;
char *addrp = NULL, *domain, *p, *t;
char *from_path, *from_sys, *from_user;
char **args, buf[2048], lbuf[2048];
struct stat sb;
extern char *optarg;
extern int optind;
debug = 0;
domain = "UUCP"; /* Default "domain". */
while ((ch = getopt(argc, argv, "D:T")) != -1)
{
switch (ch)
{
case 'T':
debug = 1;
break;
case 'D':
domain = optarg;
break;
case '?':
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc < 1)
usage();
from_path = from_sys = from_user = NULL;
for (offset = 0; ; )
{
/* Get and nul-terminate the line. */
if (sm_io_fgets(smioin, SM_TIME_DEFAULT, lbuf,
sizeof(lbuf)) < 0)
err(EX_DATAERR, "no data");
if ((p = strchr(lbuf, '\n')) == NULL)
err(EX_DATAERR, "line too long");
*p = '\0';
/* Parse lines until reach a non-"From" line. */
if (!strncmp(lbuf, "From ", 5))
addrp = lbuf + 5;
else if (!strncmp(lbuf, ">From ", 6))
addrp = lbuf + 6;
else if (offset == 0)
err(EX_DATAERR,
"missing or empty From line: %s", lbuf);
else
{
*p = '\n';
break;
}
if (addrp == NULL || *addrp == '\0')
err(EX_DATAERR, "corrupted From line: %s", lbuf);
/* Use the "remote from" if it exists. */
for (p = addrp; (p = strchr(p + 1, 'r')) != NULL; )
{
if (!strncmp(p, "remote from ", 12))
{
for (t = p += 12; *t != '\0'; ++t)
{
if (isascii(*t) && isspace(*t))
break;
}
*t = '\0';
if (debug)
(void) sm_io_fprintf(smioerr,
SM_TIME_DEFAULT,
"remote from: %s\n",
p);
break;
}
}
/* Else use the string up to the last bang. */
if (p == NULL)
{
if (*addrp == '!')
err(EX_DATAERR, "bang starts address: %s",
addrp);
else if ((t = strrchr(addrp, '!')) != NULL)
{
*t = '\0';
p = addrp;
addrp = t + 1;
if (*addrp == '\0')
err(EX_DATAERR,
"corrupted From line: %s", lbuf);
if (debug)
(void) sm_io_fprintf(smioerr,
SM_TIME_DEFAULT,
"bang: %s\n", p);
}
}
/* 'p' now points to any system string from this line. */
if (p != NULL)
{
/* Nul terminate it as necessary. */
for (t = p; *t != '\0'; ++t)
{
if (isascii(*t) && isspace(*t))
break;
}
*t = '\0';
/* If the first system, copy to the from_sys string. */
if (from_sys == NULL)
{
from_sys = newstr(p);
if (debug)
(void) sm_io_fprintf(smioerr,
SM_TIME_DEFAULT,
"from_sys: %s\n",
from_sys);
}
/* Concatenate to the path string. */
len = t - p;
if (from_path == NULL)
{
fplen = 0;
if ((from_path = malloc(fptlen = 256)) == NULL)
err(EX_TEMPFAIL, "out of memory");
}
if (fplen + len + 2 > fptlen)
{
fptlen += SM_MAX(fplen + len + 2, 256);
if ((from_path = realloc(from_path,
fptlen)) == NULL)
err(EX_TEMPFAIL, "out of memory");
}
memmove(from_path + fplen, p, len);
fplen += len;
from_path[fplen++] = '!';
from_path[fplen] = '\0';
}
/* Save off from user's address; the last one wins. */
for (p = addrp; *p != '\0'; ++p)
{
if (isascii(*p) && isspace(*p))
break;
}
*p = '\0';
if (*addrp == '\0')
addrp = "<>";
if (from_user != NULL)
free(from_user);
from_user = newstr(addrp);
if (debug)
{
if (from_path != NULL)
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"from_path: %s\n",
from_path);
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"from_user: %s\n", from_user);
}
if (offset != -1)
offset = (off_t)sm_io_tell(smioin, SM_TIME_DEFAULT);
}
/* Allocate args (with room for sendmail args as well as recipients */
args = (char **)xalloc(sizeof(*args) * (10 + argc));
i = 0;
args[i++] = _PATH_SENDMAIL; /* Build sendmail's argument list. */
args[i++] = "-G"; /* relay submission */
args[i++] = "-oee"; /* No errors, just status. */
args[i++] = "-odq"; /* Queue it, don't try to deliver. */
args[i++] = "-oi"; /* Ignore '.' on a line by itself. */
/* set from system and protocol used */
if (from_sys == NULL)
sm_snprintf(buf, sizeof(buf), "-p%s", domain);
else if (strchr(from_sys, '.') == NULL)
sm_snprintf(buf, sizeof(buf), "-p%s:%s.%s",
domain, from_sys, domain);
else
sm_snprintf(buf, sizeof(buf), "-p%s:%s", domain, from_sys);
args[i++] = newstr(buf);
/* Set name of ``from'' person. */
sm_snprintf(buf, sizeof(buf), "-f%s%s",
from_path ? from_path : "", from_user);
args[i++] = newstr(buf);
/*
** Don't copy arguments beginning with - as they will be
** passed to sendmail and could be interpreted as flags.
** To prevent confusion of sendmail wrap < and > around
** the address (helps to pass addrs like @gw1,@gw2:aa@bb)
*/
while (*argv != NULL)
{
if (**argv == '-')
err(EX_USAGE, "dash precedes argument: %s", *argv);
if (strchr(*argv, ',') == NULL || strchr(*argv, '<') != NULL)
args[i++] = *argv;
else
{
len = strlen(*argv) + 3;
if ((args[i] = malloc(len)) == NULL)
err(EX_TEMPFAIL, "Cannot malloc");
sm_snprintf(args[i++], len, "<%s>", *argv);
}
argv++;
argc--;
/* Paranoia check, argc used for args[] bound */
if (argc < 0)
err(EX_SOFTWARE, "Argument count mismatch");
}
args[i] = NULL;
if (debug)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"Sendmail arguments:\n");
for (i = 0; args[i] != NULL; i++)
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"\t%s\n", args[i]);
}
/*
** If called with a regular file as standard input, seek to the right
** position in the file and just exec sendmail. Could probably skip
** skip the stat, but it's not unreasonable to believe that a failed
** seek will cause future reads to fail.
*/
if (!fstat(STDIN_FILENO, &sb) && S_ISREG(sb.st_mode))
{
if (lseek(STDIN_FILENO, offset, SEEK_SET) != offset)
err(EX_TEMPFAIL, "stdin seek");
(void) execv(_PATH_SENDMAIL, args);
err(EX_OSERR, "%s", _PATH_SENDMAIL);
}
if (pipe(pdes) < 0)
err(EX_OSERR, "pipe failed");
switch (pid = fork())
{
case -1: /* Err. */
err(EX_OSERR, "fork failed");
/* NOTREACHED */
case 0: /* Child. */
if (pdes[0] != STDIN_FILENO)
{
(void) dup2(pdes[0], STDIN_FILENO);
(void) close(pdes[0]);
}
(void) close(pdes[1]);
(void) execv(_PATH_SENDMAIL, args);
err(EX_UNAVAILABLE, "%s", _PATH_SENDMAIL);
/* NOTREACHED */
}
if ((fp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, (void *) &(pdes[1]),
SM_IO_WRONLY, NULL)) == NULL)
err(EX_OSERR, "sm_io_open failed");
(void) close(pdes[0]);
/* Copy the file down the pipe. */
do
{
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s", lbuf);
} while (sm_io_fgets(smioin, SM_TIME_DEFAULT, lbuf,
sizeof(lbuf)) >= 0);
if (sm_io_error(smioin))
err(EX_TEMPFAIL, "stdin: %s", sm_errstring(errno));
if (sm_io_close(fp, SM_TIME_DEFAULT))
err(EX_OSERR, "sm_io_close failed");
if ((waitpid(pid, &status, 0)) == -1)
err(EX_OSERR, "%s", _PATH_SENDMAIL);
if (!WIFEXITED(status))
err(EX_OSERR, "%s: did not terminate normally", _PATH_SENDMAIL);
if (WEXITSTATUS(status))
err(status, "%s: terminated with %d (non-zero) status",
_PATH_SENDMAIL, WEXITSTATUS(status));
exit(EX_OK);
/* NOTREACHED */
return EX_OK;
}
static void
usage()
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"usage: rmail [-T] [-D domain] user ...\n");
exit(EX_USAGE);
}
static void
#ifdef __STDC__
err(int eval, const char *fmt, ...)
#else /* __STDC__ */
err(eval, fmt, va_alist)
int eval;
const char *fmt;
va_dcl
#endif /* __STDC__ */
{
SM_VA_LOCAL_DECL
if (fmt != NULL)
{
SM_VA_START(ap, fmt);
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "rmail: ");
(void) sm_io_vfprintf(smioerr, SM_TIME_DEFAULT, fmt, ap);
SM_VA_END(ap);
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "\n");
}
exit(eval);
}
diff --git a/smrsh/Makefile b/smrsh/Makefile
index e5dd03089f19..90487fb2a24c 100644
--- a/smrsh/Makefile
+++ b/smrsh/Makefile
@@ -1,17 +1,19 @@
# $Id: Makefile,v 8.5 1999-09-23 22:36:43 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/smrsh/smrsh.0 b/smrsh/smrsh.0
index 40ac9bc55297..ca30a62ae516 100644
--- a/smrsh/smrsh.0
+++ b/smrsh/smrsh.0
@@ -1,65 +1,65 @@
SMRSH(8) SMRSH(8)
-NNAAMMEE
+NAME
smrsh - restricted shell for sendmail
-SSYYNNOOPPSSIISS
- ssmmrrsshh --cc command
+SYNOPSIS
+ smrsh -c command
-DDEESSCCRRIIPPTTIIOONN
- The _s_m_r_s_h program is intended as a replacement for _s_h for use in the
- ``prog'' mailer in _s_e_n_d_m_a_i_l(8) configuration files. It sharply limits
- the commands that can be run using the ``|program'' syntax of _s_e_n_d_m_a_i_l
+DESCRIPTION
+ The smrsh program is intended as a replacement for sh for use in the
+ ``prog'' mailer in sendmail(8) configuration files. It sharply limits
+ the commands that can be run using the ``|program'' syntax of sendmail
in order to improve the over all security of your system. Briefly,
even if a ``bad guy'' can get sendmail to run a program without going
- through an alias or forward file, _s_m_r_s_h limits the set of programs that
+ through an alias or forward file, smrsh limits the set of programs that
he or she can execute.
- Briefly, _s_m_r_s_h limits programs to be in a single directory, by default
+ Briefly, smrsh limits programs to be in a single directory, by default
/usr/adm/sm.bin, allowing the system administrator to choose the set of
acceptable commands, and to the shell builtin commands ``exec'',
``exit'', and ``echo''. It also rejects any commands with the charac-
ters ``', `<', `>', `;', `$', `(', `)', `\r' (carriage return), or `\n'
(newline) on the command line to prevent ``end run'' attacks. It
allows ``||'' and ``&&'' to enable commands like: ``"|exec
/usr/local/bin/filter || exit 75"''
Initial pathnames on programs are stripped, so forwarding to
``/usr/ucb/vacation'', ``/usr/bin/vacation'',
``/home/server/mydir/bin/vacation'', and ``vacation'' all actually for-
ward to ``/usr/adm/sm.bin/vacation''.
System administrators should be conservative about populating the
- sm.bin directory. For example, a reasonable additions is _v_a_c_a_t_i_o_n(1),
+ sm.bin directory. For example, a reasonable additions is vacation(1),
and the like. No matter how brow-beaten you may be, never include any
- shell or shell-like program (such as _p_e_r_l(1)) in the sm.bin directory.
+ shell or shell-like program (such as perl(1)) in the sm.bin directory.
Note that this does not restrict the use of shell or perl scripts in
the sm.bin directory (using the ``#!'' syntax); it simply disallows
execution of arbitrary programs. Also, including mail filtering pro-
- grams such as _p_r_o_c_m_a_i_l(1) is a very bad idea. _p_r_o_c_m_a_i_l(1) allows users
- to run arbitrary programs in their _p_r_o_c_m_a_i_l_r_c(5).
+ grams such as procmail(1) is a very bad idea. procmail(1) allows users
+ to run arbitrary programs in their procmailrc(5).
-CCOOMMPPIILLAATTIIOONN
+COMPILATION
Compilation should be trivial on most systems. You may need to use
- -DSMRSH_PATH=\"_p_a_t_h\" to adjust the default search path (defaults to
- ``/bin:/usr/bin:/usr/ucb'') and/or -DSMRSH_CMDDIR=\"_d_i_r\" to change the
+ -DSMRSH_PATH=\"path\" to adjust the default search path (defaults to
+ ``/bin:/usr/bin:/usr/ucb'') and/or -DSMRSH_CMDDIR=\"dir\" to change the
default program directory (defaults to ``/usr/adm/sm.bin'').
-FFIILLEESS
+FILES
/usr/adm/sm.bin - default directory for restricted programs on most OSs
/var/adm/sm.bin - directory for restricted programs on HP UX and
Solaris
/usr/libexec/sm.bin - directory for restricted programs on FreeBSD (>=
3.3) and DragonFly BSD
-SSEEEE AALLSSOO
+SEE ALSO
sendmail(8)
$Date: 2013-11-22 20:52:00 $ SMRSH(8)
diff --git a/smrsh/smrsh.c b/smrsh/smrsh.c
index 86e20a4cf537..8c4e47ca200b 100644
--- a/smrsh/smrsh.c
+++ b/smrsh/smrsh.c
@@ -1,440 +1,440 @@
/*
* Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1993 Eric P. Allman. All rights reserved.
* Copyright (c) 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_IDSTR(copyright,
"@(#) Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.\n\
All rights reserved.\n\
Copyright (c) 1993 Eric P. Allman. All rights reserved.\n\
Copyright (c) 1993\n\
The Regents of the University of California. All rights reserved.\n")
SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.66 2013-11-22 20:52:00 ca Exp $")
/*
** SMRSH -- sendmail restricted shell
**
** This is a patch to get around the prog mailer bugs in most
** versions of sendmail.
**
** Use this in place of /bin/sh in the "prog" mailer definition
** in your sendmail.cf file. You then create CMDDIR (owned by
** root, mode 755) and put links to any programs you want
** available to prog mailers in that directory. This should
** include things like "vacation" and "procmail", but not "sed"
** or "sh".
**
** Leading pathnames are stripped from program names so that
** existing .forward files that reference things like
** "/usr/bin/vacation" will continue to work.
**
** The following characters are completely illegal:
** < > ^ & ` ( ) \n \r
** The following characters are sometimes illegal:
** | &
** This is more restrictive than strictly necessary.
**
** To use this, add FEATURE(`smrsh') to your .mc file.
**
** This can be used on any version of sendmail.
**
** In loving memory of RTM. 11/02/93.
*/
#include <unistd.h>
#include <sm/io.h>
#include <sm/limits.h>
#include <sm/string.h>
#include <sys/file.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#ifdef EX_OK
# undef EX_OK
-#endif /* EX_OK */
+#endif
#include <sysexits.h>
#include <syslog.h>
#include <stdlib.h>
#include <sm/conf.h>
#include <sm/errstring.h>
/* directory in which all commands must reside */
#ifndef CMDDIR
# ifdef SMRSH_CMDDIR
# define CMDDIR SMRSH_CMDDIR
-# else /* SMRSH_CMDDIR */
+# else
# define CMDDIR "/usr/adm/sm.bin"
-# endif /* SMRSH_CMDDIR */
+# endif
#endif /* ! CMDDIR */
/* characters disallowed in the shell "-c" argument */
#define SPECIALS "<|>^();&`$\r\n"
/* default search path */
#ifndef PATH
# ifdef SMRSH_PATH
# define PATH SMRSH_PATH
-# else /* SMRSH_PATH */
+# else
# define PATH "/bin:/usr/bin:/usr/ucb"
-# endif /* SMRSH_PATH */
+# endif
#endif /* ! PATH */
char newcmdbuf[1000];
char *prg, *par;
static void addcmd __P((char *, bool, size_t));
/*
** ADDCMD -- add a string to newcmdbuf, check for overflow
**
** Parameters:
** s -- string to add
** cmd -- it's a command: prepend CMDDIR/
** len -- length of string to add
**
** Side Effects:
** changes newcmdbuf or exits with a failure.
**
*/
static void
addcmd(s, cmd, len)
char *s;
bool cmd;
size_t len;
{
if (s == NULL || *s == '\0')
return;
/* enough space for s (len) and CMDDIR + "/" and '\0'? */
if (sizeof newcmdbuf - strlen(newcmdbuf) <=
len + 1 + (cmd ? (strlen(CMDDIR) + 1) : 0))
{
(void)sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: command too long: %s\n", prg, par);
#ifndef DEBUG
syslog(LOG_WARNING, "command too long: %.40s", par);
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
if (cmd)
(void) sm_strlcat2(newcmdbuf, CMDDIR, "/", sizeof newcmdbuf);
(void) strncat(newcmdbuf, s, len);
}
int
main(argc, argv)
int argc;
char **argv;
{
register char *p;
register char *q;
register char *r;
register char *cmd;
int isexec;
int save_errno;
char *newenv[2];
char pathbuf[1000];
char specialbuf[32];
struct stat st;
#ifndef DEBUG
# ifndef LOG_MAIL
openlog("smrsh", 0);
-# else /* ! LOG_MAIL */
+# else
openlog("smrsh", LOG_ODELAY|LOG_CONS, LOG_MAIL);
-# endif /* ! LOG_MAIL */
+# endif
#endif /* ! DEBUG */
(void) sm_strlcpyn(pathbuf, sizeof pathbuf, 2, "PATH=", PATH);
newenv[0] = pathbuf;
newenv[1] = NULL;
/*
** Do basic argv usage checking
*/
prg = argv[0];
if (argc != 3 || strcmp(argv[1], "-c") != 0)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"Usage: %s -c command\n", prg);
#ifndef DEBUG
syslog(LOG_ERR, "usage");
-#endif /* ! DEBUG */
+#endif
exit(EX_USAGE);
}
par = argv[2];
/*
** Disallow special shell syntax. This is overly restrictive,
** but it should shut down all attacks.
** Be sure to include 8-bit versions, since many shells strip
** the address to 7 bits before checking.
*/
if (strlen(SPECIALS) * 2 >= sizeof specialbuf)
{
#ifndef DEBUG
syslog(LOG_ERR, "too many specials: %.40s", SPECIALS);
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
(void) sm_strlcpy(specialbuf, SPECIALS, sizeof specialbuf);
for (p = specialbuf; *p != '\0'; p++)
*p |= '\200';
(void) sm_strlcat(specialbuf, SPECIALS, sizeof specialbuf);
/*
** Do a quick sanity check on command line length.
*/
if (strlen(par) > (sizeof newcmdbuf - sizeof CMDDIR - 2))
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: command too long: %s\n", prg, par);
#ifndef DEBUG
syslog(LOG_WARNING, "command too long: %.40s", par);
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
q = par;
newcmdbuf[0] = '\0';
isexec = false;
while (*q != '\0')
{
/*
** Strip off a leading pathname on the command name. For
** example, change /usr/ucb/vacation to vacation.
*/
/* strip leading spaces */
while (*q != '\0' && isascii(*q) && isspace(*q))
q++;
if (*q == '\0')
{
if (isexec)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: missing command to exec\n",
prg);
#ifndef DEBUG
syslog(LOG_CRIT, "uid %d: missing command to exec", (int) getuid());
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
break;
}
/* find the end of the command name */
p = strpbrk(q, " \t");
if (p == NULL)
cmd = &q[strlen(q)];
else
{
*p = '\0';
cmd = p;
}
/* search backwards for last / (allow for 0200 bit) */
while (cmd > q)
{
if ((*--cmd & 0177) == '/')
{
cmd++;
break;
}
}
/* cmd now points at final component of path name */
/* allow a few shell builtins */
if (strcmp(q, "exec") == 0 && p != NULL)
{
addcmd("exec ", false, strlen("exec "));
/* test _next_ arg */
q = ++p;
isexec = true;
continue;
}
else if (strcmp(q, "exit") == 0 || strcmp(q, "echo") == 0)
{
addcmd(cmd, false, strlen(cmd));
/* test following chars */
}
else
{
char cmdbuf[MAXPATHLEN];
/*
** Check to see if the command name is legal.
*/
if (sm_strlcpyn(cmdbuf, sizeof cmdbuf, 3, CMDDIR,
"/", cmd) >= sizeof cmdbuf)
{
/* too long */
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: \"%s\" not available for sendmail programs (filename too long)\n",
prg, cmd);
if (p != NULL)
*p = ' ';
#ifndef DEBUG
syslog(LOG_CRIT, "uid %d: attempt to use \"%s\" (filename too long)",
(int) getuid(), cmd);
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
#ifdef DEBUG
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Trying %s\n", cmdbuf);
-#endif /* DEBUG */
+#endif
if (stat(cmdbuf, &st) < 0)
{
/* can't stat it */
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: \"%s\" not available for sendmail programs (stat failed)\n",
prg, cmd);
if (p != NULL)
*p = ' ';
#ifndef DEBUG
syslog(LOG_CRIT, "uid %d: attempt to use \"%s\" (stat failed)",
(int) getuid(), cmd);
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
if (!S_ISREG(st.st_mode)
#ifdef S_ISLNK
&& !S_ISLNK(st.st_mode)
-#endif /* S_ISLNK */
+#endif
)
{
/* can't stat it */
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: \"%s\" not available for sendmail programs (not a file)\n",
prg, cmd);
if (p != NULL)
*p = ' ';
#ifndef DEBUG
syslog(LOG_CRIT, "uid %d: attempt to use \"%s\" (not a file)",
(int) getuid(), cmd);
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
if (access(cmdbuf, X_OK) < 0)
{
- /* oops.... crack attack possiblity */
+ /* oops.... crack attack possibility */
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: \"%s\" not available for sendmail programs\n",
prg, cmd);
if (p != NULL)
*p = ' ';
#ifndef DEBUG
syslog(LOG_CRIT, "uid %d: attempt to use \"%s\"",
(int) getuid(), cmd);
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
/*
** Create the actual shell input.
*/
addcmd(cmd, true, strlen(cmd));
}
isexec = false;
if (p != NULL)
*p = ' ';
else
break;
r = strpbrk(p, specialbuf);
if (r == NULL)
{
addcmd(p, false, strlen(p));
break;
}
#if ALLOWSEMI
if (*r == ';')
{
addcmd(p, false, r - p + 1);
q = r + 1;
continue;
}
#endif /* ALLOWSEMI */
if ((*r == '&' && *(r + 1) == '&') ||
(*r == '|' && *(r + 1) == '|'))
{
addcmd(p, false, r - p + 2);
q = r + 2;
continue;
}
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: cannot use %c in command\n", prg, *r);
#ifndef DEBUG
syslog(LOG_CRIT, "uid %d: attempt to use %c in command: %s",
(int) getuid(), *r, par);
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
if (isexec)
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: missing command to exec\n", prg);
#ifndef DEBUG
syslog(LOG_CRIT, "uid %d: missing command to exec",
(int) getuid());
-#endif /* ! DEBUG */
+#endif
exit(EX_UNAVAILABLE);
}
/* make sure we created something */
if (newcmdbuf[0] == '\0')
{
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"Usage: %s -c command\n", prg);
#ifndef DEBUG
syslog(LOG_ERR, "usage");
-#endif /* ! DEBUG */
+#endif
exit(EX_USAGE);
}
/*
** Now invoke the shell
*/
#ifdef DEBUG
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%s\n", newcmdbuf);
-#endif /* DEBUG */
+#endif
(void) execle("/bin/sh", "/bin/sh", "-c", newcmdbuf,
(char *)NULL, newenv);
save_errno = errno;
#ifndef DEBUG
syslog(LOG_CRIT, "Cannot exec /bin/sh: %s", sm_errstring(errno));
-#endif /* ! DEBUG */
+#endif
errno = save_errno;
sm_perror("/bin/sh");
exit(EX_OSFILE);
/* NOTREACHED */
return EX_OSFILE;
}
diff --git a/src/Makefile b/src/Makefile
index 2326faf113ba..63554abaf1e0 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -1,19 +1,19 @@
# $Id: Makefile,v 8.12 2006-08-29 22:00:11 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
-check: FRC
- $(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/src/Makefile.m4 b/src/Makefile.m4
index a666aa276e5b..e7f185162778 100644
--- a/src/Makefile.m4
+++ b/src/Makefile.m4
@@ -1,103 +1,103 @@
dnl $Id: Makefile.m4,v 8.143 2013-09-04 19:49:04 ca Exp $
include(confBUILDTOOLSDIR`/M4/switch.m4')
define(`confREQUIRE_LIBSM', `true')
define(`confREQUIRE_SM_OS_H', `true')
bldPRODUCT_START(`executable', `sendmail')
define(`bldBIN_TYPE', `G')
define(`bldINSTALL_DIR', `')
-define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ')
+define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tlsh.c tls.c trace.c udb.c usersmtp.c util.c version.c ')
PREPENDDEF(`confENVDEF', `confMAPDEF')
bldPUSH_SMLIB(`sm')
bldPUSH_SMLIB(`smutil')
dnl hack: /etc/mail is not defined as "location of .cf" in the build system
define(`bldTARGET_INST_DEP', ifdef(`confINST_DEP', `confINST_DEP',
`${DESTDIR}/etc/mail/submit.cf ${DESTDIR}${MSPQ}'))dnl
define(`bldTARGET_LINKS', ifdef(`confLINKS', `confLINKS',
`${DESTDIR}${UBINDIR}/newaliases ${DESTDIR}${UBINDIR}/mailq ${DESTDIR}${UBINDIR}/hoststat ${DESTDIR}${UBINDIR}/purgestat')
)dnl
# location of sendmail statistics file (usually /etc/mail/ or /var/log)
STDIR= ifdef(`confSTDIR', `confSTDIR', `/etc/mail')
# statistics file name
STFILE= ifdef(`confSTFILE', `confSTFILE', `statistics')
MSPSTFILE=ifdef(`confMSP_STFILE', `confMSP_STFILE', `sm-client.st')
# full path to installed statistics file (usually ${STDIR}/statistics)
STPATH= ${STDIR}/${STFILE}
# location of sendmail helpfile file (usually /etc/mail)
HFDIR= ifdef(`confHFDIR', `confHFDIR', `/etc/mail')
# full path to installed help file (usually ${HFDIR}/helpfile)
HFFILE= ${HFDIR}/ifdef(`confHFFILE', `confHFFILE', `helpfile')
ifdef(`confSMSRCADD', `APPENDDEF(`confSRCADD', `confSMSRCADD')')
ifdef(`confSMOBJADD', `APPENDDEF(`confOBJADD', `confSMOBJADD')')
bldPUSH_TARGET(`statistics')
divert(bldTARGETS_SECTION)
statistics:
${CP} /dev/null statistics
${DESTDIR}/etc/mail/submit.cf:
@echo "Please read INSTALL if anything fails while installing the binary."
@echo "${DESTDIR}/etc/mail/submit.cf will be installed now."
cd ${SRCDIR}/cf/cf && make install-submit-cf
MSPQ=ifdef(`confMSP_QUEUE_DIR', `confMSP_QUEUE_DIR', `/var/spool/clientmqueue')
${DESTDIR}${MSPQ}:
@echo "Please read INSTALL if anything fails while installing the binary."
- @echo "You must have setup a new user ${MSPQOWN} and a new group ${GBINGRP}"
+ @echo "You must have set up a new user ${MSPQOWN} and a new group ${GBINGRP}"
@echo "as explained in sendmail/SECURITY."
mkdir -p ${DESTDIR}${MSPQ}
chown ${MSPQOWN} ${DESTDIR}${MSPQ}
chgrp ${GBINGRP} ${DESTDIR}${MSPQ}
chmod 0770 ${DESTDIR}${MSPQ}
divert(0)
ifdef(`confSETUSERID_INSTALL', `bldPUSH_INSTALL_TARGET(`install-set-user-id')')
ifdef(`confMTA_INSTALL', `bldPUSH_INSTALL_TARGET(`install-sm-mta')')
ifdef(`confNO_HELPFILE_INSTALL',, `bldPUSH_INSTALL_TARGET(`install-hf')')
ifdef(`confNO_STATISTICS_INSTALL',, `bldPUSH_INSTALL_TARGET(`install-st')')
divert(bldTARGETS_SECTION)
install-set-user-id: bldCURRENT_PRODUCT ifdef(`confNO_HELPFILE_INSTALL',, `install-hf') ifdef(`confNO_STATISTICS_INSTALL',, `install-st') ifdef(`confNO_MAN_BUILD',, `install-docs')
${INSTALL} -c -o ${S`'BINOWN} -g ${S`'BINGRP} -m ${S`'BINMODE} bldCURRENT_PRODUCT ${DESTDIR}${M`'BINDIR}
for i in ${sendmailTARGET_LINKS}; do \
rm -f $$i; \
${LN} ${LNOPTS} ${M`'BINDIR}/sendmail $$i; \
done
define(`confMTA_LINKS', `${DESTDIR}${UBINDIR}/newaliases ${DESTDIR}${UBINDIR}/mailq ${DESTDIR}${UBINDIR}/hoststat ${DESTDIR}${UBINDIR}/purgestat')
install-sm-mta: bldCURRENT_PRODUCT
${INSTALL} -c -o ${M`'BINOWN} -g ${M`'BINGRP} -m ${M`'BINMODE} bldCURRENT_PRODUCT ${DESTDIR}${M`'BINDIR}/sm-mta
for i in confMTA_LINKS; do \
rm -f $$i; \
${LN} ${LNOPTS} ${M`'BINDIR}/sm-mta $$i; \
done
install-hf:
if [ ! -d ${DESTDIR}${HFDIR} ]; then mkdir -p ${DESTDIR}${HFDIR}; else :; fi
${INSTALL} -c -o ${UBINOWN} -g ${UBINGRP} -m 444 helpfile ${DESTDIR}${HFFILE}
install-st: statistics
if [ ! -d ${DESTDIR}${STDIR} ]; then mkdir -p ${DESTDIR}${STDIR}; else :; fi
${INSTALL} -c -o ${SBINOWN} -g ${UBINGRP} -m ifdef(`confSTMODE', `confSTMODE', `0600') statistics ${DESTDIR}${STPATH}
install-submit-st: statistics ${DESTDIR}${MSPQ}
${INSTALL} -c -o ${MSPQOWN} -g ${GBINGRP} -m ifdef(`confSTMODE', `confSTMODE', `0600') statistics ${DESTDIR}${MSPQ}/${MSPSTFILE}
divert(0)
bldPRODUCT_END
bldPRODUCT_START(`manpage', `sendmail')
define(`bldSOURCES', `sendmail.8 aliases.5 mailq.1 newaliases.1')
bldPRODUCT_END
bldFINISH
diff --git a/src/README b/src/README
index fddce9d36f3b..06d727de4baf 100644
--- a/src/README
+++ b/src/README
@@ -1,1855 +1,1869 @@
# Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
# Copyright (c) 1988
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
# $Id: README,v 8.393 2013-11-22 20:51:54 ca Exp $
#
This directory contains the source files for sendmail(TM).
*******************************************************************
!! Read sendmail/SECURITY for important installation information !!
*******************************************************************
**********************************************************
** Read below for more details on building sendmail. **
**********************************************************
**************************************************************************
** IMPORTANT: Read the appropriate paragraphs in the section on **
** ``Operating System and Compile Quirks''. **
**************************************************************************
For detailed instructions, please read the document ../doc/op/op.me:
cd ../doc/op ; make op.ps op.txt
Sendmail is a trademark of Proofpoint, Inc.
US Patent Numbers 6865671, 6986037.
+-------------------+
| BUILDING SENDMAIL |
+-------------------+
By far, the easiest way to compile sendmail is to use the "Build"
script:
sh ./Build
This uses the "uname" command to figure out what architecture you are
on and creates a proper Makefile accordingly. It also creates a
subdirectory per object format, so that multiarchitecture support is
easy. In general this should be all you need. IRIX 6.x users should
read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section.
If you need to look at other include or library directories, use the
-I or -L flags on the command line, e.g.,
sh ./Build -I/usr/sww/include -L/usr/sww/lib
It's also possible to create local site configuration in the file
site.config.m4 (or another file settable with the -f flag). This
file contains M4 definitions for various compilation values; the
most useful are:
confMAPDEF -D flags to specify database types to be included
(see below)
confENVDEF -D flags to specify other environment information
confINCDIRS -I flags for finding include files during compilation
confLIBDIRS -L flags for finding libraries during linking
confLIBS -l flags for selecting libraries during linking
confLDOPTS other ld(1) linker options
Others can be found by examining Makefile.m4. Please read
../devtools/README for more information about the site.config.m4
file.
You can recompile from scratch using the -c flag with the Build
command. This removes the existing compilation directory for the
current platform and builds a new one. The -c flag must also
be used if any site.*.m4 file in devtools/Site/ is changed.
Porting to a new Unix-based system should be a matter of creating
an appropriate configuration file in the devtools/OS/ directory.
+----------------------+
| DATABASE DEFINITIONS |
+----------------------+
There are several database formats that can be used for the alias files
and for general maps. When used for alias files they interact in an
attempt to be backward compatible.
The options are:
+CDB Constant DataBase, requires tinycdb (0.75), see
+ http://www.corpit.ru/mjt/tinycdb.html
+ CDB is included automatically if the Build script can find
+ a library named libcdb.a or libcdb.so.
+ By default, .cdb is used as extension for cdb maps, however,
+ if CDB is set to 2, then .db is used to make transition from
+ hash maps easier. Note: this usually requires to exclude cdb
+ from confLIBSEARCH, see devtools/README.
NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and
Digital UNIX 4.0) have some version of this package
pre-installed. If your system does not have Berkeley DB
pre-installed, or the version installed is not version 2.0
or greater (e.g., is Berkeley DB 1.85 or 1.86), get the
current version from http://www.sleepycat.com/. DO NOT
use a version from any of the University of California,
Berkeley "Net" or other distributions. If you are still
running BSD/386 1.x, you will need to upgrade the included
Berkeley DB library to a current version. NEWDB is included
automatically if the Build script can find a library named
libdb.a or libdb.so.
See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
DB versions, e.g., DB 4.1.x.
NDBM The older NDBM implementation -- the very old V7 DBM
implementation is no longer supported.
NIS Network Information Services. To use this you must have
NIS support on your system.
NISPLUS NIS+ (the revised NIS released with Solaris 2). You must
have NIS+ support on your system to use this flag.
HESIOD Support for Hesiod (from the DEC/Athena distribution). You
must already have Hesiod support on your system for this to
work. You may be able to get this to work with the MIT/Athena
version of Hesiod, but that's likely to be a lot of work.
BIND 8.X also includes Hesiod support.
LDAPMAP Lightweight Directory Access Protocol support. You will
have to install the UMich or OpenLDAP
(http://www.openldap.org/) ldap and lber libraries to use
this flag.
MAP_REGEX Regular Expression support. You will need to use an
operating system which comes with the POSIX regex()
routines or install a regexp library such as libregex from
the Free Software Foundation.
DNSMAP DNS map support. Requires NAMED_BIND.
PH_MAP PH map support. You will need the libphclient library from
the nph package (http://www-dev.cites.uiuc.edu/ph/nph/).
MAP_NSD nsd map support (IRIX 6.5 and later).
SOCKETMAP Support for a trivial query protocol over UNIX domain or TCP
- sockets.
+ sockets.
>>> NOTE WELL for NEWDB support: If you want to get ndbm support, for
>>> Berkeley DB versions under 2.0, it is CRITICAL that you remove
>>> ndbm.o from libdb.a before you install it and DO NOT install ndbm.h;
>>> for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a
>>> before you install it. If you don't delete these, there is absolutely
>>> no point to including -DNDBM, since it will just get you another
>>> (inferior) API to the same format database. These files OVERRIDE
>>> calls to ndbm routines -- in particular, if you leave ndbm.h in,
>>> you can find yourself using the new db package even if you don't
>>> define NEWDB. Berkeley DB versions later than 2.3.14 do not need
>>> to be modified. Please also consult the README in the top level
>>> directory of the sendmail distribution for other important information.
>>>
>>> Further note: DO NOT remove your existing /usr/include/ndbm.h --
>>> you need that one. But do not install an updated ndbm.h in
>>> /usr/include, /usr/local/include, or anywhere else.
If NEWDB and NDBM are defined (but not NIS), then sendmail will read
NDBM format alias files, but the next time a newaliases is run the
format will be converted to NEWDB; that format will be used forever
more. This is intended as a transition feature.
If NEWDB, NDBM, and NIS are all defined and the name of the file includes
the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
alias files. However, it will only read the NEWDB file; the NDBM format
file is used only by the NIS subsystem. This is needed because the NIS
maps on an NIS server are built directly from the NDBM files.
If NDBM and NIS are defined (regardless of the definition of NEWDB),
and the filename includes the string "/yp/", sendmail adds the special
tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
required if the NDBM file is to be used as an NIS map.
All of these flags are normally defined in a confMAPDEF setting in your
site.config.m4.
If you define NEWDB or HESIOD you get the User Database (USERDB)
automatically. Generally you do want to have NEWDB for it to do
anything interesting. See above for getting the Berkeley DB
package (i.e., NEWDB). There is no separate "user database"
package -- don't bother searching for it on the net.
Hesiod and LDAP require libraries that may not be installed with your
system. These are outside of my ability to provide support. See the
"Quirks" section for more information.
The regex map can be used to see if an address matches a certain regular
expression. For example, all-numerics local parts are common spam
addresses, so "^[0-9]+$" would match this. By using such a map in a
check_* rule-set, you can block a certain range of addresses that would
otherwise be considered valid.
The socket map uses a simple request/reply protocol over TCP or
UNIX domain sockets to query an external server. Both requests and
replies are text based and encoded as netstrings. The socket map
uses the same syntax as milters the specify the remote endpoint,
e.g.:
KmySocketMap socket inet:12345@127.0.0.1
See doc/op/op.me for details.
+---------------+
| COMPILE FLAGS |
+---------------+
Wherever possible, I try to make sendmail pull in the correct
compilation options needed to compile on various environments based on
automatically defined symbols. Some machines don't seem to have useful
symbols available, requiring that a compilation flag be defined in
the Makefile; see the devtools/OS subdirectory for the supported
architectures.
If you are a system to which sendmail has already been ported you
should not have to touch the following symbols. But if you are porting,
you may have to tweak the following compilation flags in conf.h in order
to get it to compile and link properly:
SYSTEM5 Adjust for System V (not necessarily Release 4).
SYS5SIGNALS Use System V signal semantics -- the signal handler
is automatically dropped when the signal is caught.
If this is not set, use POSIX/BSD semantics, where the
signal handler stays in force until an exec or an
explicit delete. Implied by SYSTEM5.
SYS5SETPGRP Use System V setpgrp() semantics. Implied by SYSTEM5.
HASNICE Define this to zero if you lack the nice(2) system call.
HASRRESVPORT Define this to zero if you lack the rresvport(3) system call.
HASFCHMOD Define this to one if you have the fchmod(2) system call.
This improves security.
HASFCHOWN Define this to one if you have the fchown(2) system call.
This is required for the TrustedUser option if sendmail
must rebuild an (alias) map.
HASFLOCK Set this if you prefer to use the flock(2) system call
rather than using fcntl-based locking. Fcntl locking
has some semantic gotchas, but many vendor systems
also interface it to lockd(8) to do NFS-style locking.
Unfortunately, may vendors implementations of fcntl locking
is just plain broken (e.g., locks are never released,
causing your sendmail to deadlock; when the kernel runs
out of locks your system crashes). For this reason, I
recommend always defining this unless you are absolutely
certain that your fcntl locking implementation really works.
HASUNAME Set if you have the "uname" system call. Implied by
SYSTEM5.
HASUNSETENV Define this if your system library has the "unsetenv"
subroutine.
HASSETSID Define this if you have the setsid(2) system call. This
is implied if your system appears to be POSIX compliant.
HASINITGROUPS Define this if you have the initgroups(3) routine.
HASSETVBUF Define this if you have the setvbuf(3) library call.
If you don't, setlinebuf will be used instead. This
defaults on if your compiler defines __STDC__.
HASSETREUID Define this if you have setreuid(2) ***AND*** root can
use setreuid to change to an arbitrary user. This second
condition is not satisfied on AIX 3.x. You may find that
your system has setresuid(2), (for example, on HP-UX) in
which case you will also have to #define setreuid(r, e)
to be the appropriate call. Some systems (such as Solaris)
have a compatibility routine that doesn't work properly,
but may have "saved user ids" properly implemented so you
can ``#define setreuid(r, e) seteuid(e)'' and have it work.
The important thing is that you have a call that will set
the effective uid independently of the real or saved uid
and be able to set the effective uid back again when done.
There's a test program in ../test/t_setreuid.c that will
try things on your system. Setting this improves the
security, since sendmail doesn't have to read .forward
and :include: files as root. There are certain attacks
that may be unpreventable without this call.
USESETEUID Define this to 1 if you have a seteuid(2) system call that
will allow root to set only the effective user id to an
arbitrary value ***AND*** you have saved user ids. This is
preferable to HASSETREUID if these conditions are fulfilled.
These are the semantics of the to-be-released revision of
Posix.1. The test program ../test/t_seteuid.c will try
this out on your system. If you define both HASSETREUID
and USESETEUID, the former is ignored.
HASSETEGID Define this if you have setegid(2) and it can be
used to set the saved gid. Please run t_dropgid in
test/ if you are not sure whether the call works.
HASSETREGID Define this if you have setregid(2) and it can be
used to set the saved gid. Please run t_dropgid in
test/ if you are not sure whether the call works.
HASSETRESGID Define this if you have setresgid(2) and it can be
used to set the saved gid. Please run t_dropgid in
test/ if you are not sure whether the call works.
HASLSTAT Define this if you have symbolic links (and thus the
lstat(2) system call). This improves security. Unlike
most other options, this one is on by default, so you
need to #undef it in conf.h if you don't have symbolic
links (these days everyone does).
HASSETRLIMIT Define this to 1 if you have the setrlimit(2) syscall.
You can define it to 0 to force it off. It is assumed
if you are running a BSD-like system.
HASULIMIT Define this if you have the ulimit(2) syscall (System V
style systems). HASSETRLIMIT overrides, as it is more
general.
HASWAITPID Define this if you have the waitpid(2) syscall.
HASGETDTABLESIZE
Define this if you have the getdtablesize(2) syscall.
+HAS_GETHOSTBYNAME2 Define this to 1 if your system supports
+ gethostbyname2(2).
HAS_ST_GEN Define this to 1 if your system has the st_gen field in
the stat structure (see stat(2)).
HASSRANDOMDEV Define this if your system has the srandomdev(3) function
call.
HASURANDOMDEV Define this if your system has /dev/urandom(4).
HASSTRERROR Define this if you have the libc strerror(3) function (which
should be declared in <errno.h>), and it should be used
instead of sys_errlist.
HASCLOSEFROM Define this if your system has closefrom(3).
HASFDWALK Define this if your system has fdwalk(3).
SM_CONF_GETOPT Define this as 0 if you need a reimplementation of getopt(3).
On some systems, getopt does very odd things if called
to scan the arguments twice. This flag will ask sendmail
to compile in a local version of getopt that works
properly. You may also need this if you build with
another library that introduces a non-standard getopt(3).
NEEDSTRTOL Define this if your standard C library does not define
strtol(3). This will compile in a local version.
NEEDFSYNC Define this if your standard C library does not define
fsync(2). This will try to simulate the operation using
fcntl(2); if that is not available it does nothing, which
isn't great, but at least it compiles and runs.
HASGETUSERSHELL Define this to 1 if you have getusershell(3) in your
standard C library. If this is not defined, or is defined
to be 0, sendmail will scan the /etc/shells file (no
NIS-style support, defaults to /bin/sh and /bin/csh if
that file does not exist) to get a list of unrestricted
user shells. This is used to determine whether users
are allowed to forward their mail to a program or a file.
NEEDPUTENV Define this if your system needs am emulation of the
putenv(3) call. Define to 1 to implement it in terms
of setenv(3) or to 2 to do it in terms of primitives.
NOFTRUNCATE Define this if you don't have the ftruncate(2) syscall.
If you don't have this system call, there is an unavoidable
race condition that occurs when creating alias databases.
GIDSET_T The type of entries in a gidset passed as the second
argument to getgroups(2). Historically this has been an
int, so this is the default, but some systems (such as
IRIX) pass it as a gid_t, which is an unsigned short.
This will make a difference, so it is important to get
this right! However, it is only an issue if you have
group sets.
SLEEP_T The type returned by the system sleep() function.
Defaults to "unsigned int". Don't worry about this
if you don't have compilation problems.
ARBPTR_T The type of an arbitrary pointer -- defaults to "void *".
If you are an very old compiler you may need to define
this to be "char *".
SOCKADDR_LEN_T The type used for the third parameter to accept(2),
getsockname(2), and getpeername(2), representing the
length of a struct sockaddr. Defaults to int.
SOCKOPT_LEN_T The type used for the fifth parameter to getsockopt(2)
and setsockopt(2), representing the length of the option
buffer. Defaults to int.
LA_TYPE The type of load average your kernel supports. These
can be one of:
LA_ZERO (1) -- it always returns the load average as
"zero" (and does so on all architectures).
LA_INT (2) to read /dev/kmem for the symbol avenrun and
interpret as a long integer.
LA_FLOAT (3) same, but interpret the result as a floating
point number.
LA_SHORT (6) to interpret as a short integer.
LA_SUBR (4) if you have the getloadavg(3) routine in your
system library.
LA_MACH (5) to use MACH-style load averages (calls
processor_set_info()),
LA_PROCSTR (7) to read /proc/loadavg and interpret it
as a string representing a floating-point
number (Linux-style).
LA_READKSYM (8) is an implementation suitable for some
versions of SVr4 that uses the MIOC_READKSYM ioctl
call to read /dev/kmem.
LA_DGUX (9) is a special implementation for DG/UX that uses
the dg_sys_info system call.
LA_HPUX (10) is an HP-UX specific version that uses the
pstat_getdynamic system call.
LA_IRIX6 (11) is an IRIX 6.x specific version that adapts
to 32 or 64 bit kernels; it is otherwise very similar
to LA_INT.
LA_KSTAT (12) uses the (Solaris-specific) kstat(3k)
implementation.
LA_DEVSHORT (13) reads a short from a system file (default:
/dev/table/avenrun) and scales it in the same manner
as LA_SHORT.
LA_LONGLONG (17) to read /dev/kmem for the symbol avenrun and
interpret as a long long integer (e.g., for 64 bit
systems).
LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
other parameters that they try to divine: the name of your
kernel, the name of the variable in the kernel to examine,
the number of bits of precision in a fixed point load average,
and so forth. LA_DEVSHORT uses _PATH_AVENRUN to find the
device to be read to find the load average.
In desperation, use LA_ZERO. The actual code is in
conf.c -- it can be tweaked if you are brave.
FSHIFT For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
of bits of load average after the binary point -- i.e.,
the number of bits to shift right in order to scale the
integer to get the true integer load average. Defaults to 8.
_PATH_UNIX The path to your kernel. Needed only for LA_INT, LA_SHORT,
and LA_FLOAT. Defaults to "/unix" on System V, "/vmunix"
everywhere else.
LA_AVENRUN For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
variable that holds the load average. Defaults to "avenrun"
on System V, "_avenrun" everywhere else.
SFS_TYPE Encodes how your kernel can locate the amount of free
space on a disk partition. This can be set to SFS_NONE
(0) if you have no way of getting this information,
SFS_USTAT (1) if you have the ustat(2) system call,
SFS_4ARGS (2) if you have a four-argument statfs(2)
system call (and the include file is <sys/statfs.h>),
SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
the two-argument statfs(2) system call with includes in
<sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
or SFS_STATVFS (6) if you have the two-argument statvfs(2)
call. The default if nothing is defined is SFS_NONE.
SFS_BAVAIL with SFS_4ARGS you can also set SFS_BAVAIL to the field name
in the statfs structure that holds the useful information;
this defaults to f_bavail.
SPT_TYPE Encodes how your system can display what a process is doing
on a ps(1) command (SPT stands for Set Process Title). Can
be set to:
SPT_NONE (0) -- Don't try to set the process title at all.
SPT_REUSEARGV (1) -- Pad out your argv with the information;
this is the default if none specified.
SPT_BUILTIN (2) -- The system library has setproctitle.
SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
to set the process title; this is used by HP-UX.
SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6.
SPT_SCO (6) -- Write kernel u. area.
SPT_CHANGEARGV (7) -- Write pointers to our own strings into
the existing argv vector.
SPT_PADCHAR Character used to pad the process title; if undefined,
the space character (0x20) is used. This is ignored if
SPT_TYPE != SPT_REUSEARGV
ERRLIST_PREDEFINED
If set, assumes that some header file defines sys_errlist.
This may be needed if you get type conflicts on this
variable -- otherwise don't worry about it.
WAITUNION The wait(2) routine takes a "union wait" argument instead
of an integer argument. This is for compatibility with
old versions of BSD.
SCANF You can set this to extend the F command to accept a
scanf string -- this gives you a primitive parser for
class definitions -- BUT it can make you vulnerable to
core dumps if the target file is poorly formed.
SYSLOG_BUFSIZE You can define this to be the size of the buffer that
syslog accepts. If it is not defined, it assumes a
1024-byte buffer. If the buffer is very small (under
256 bytes) the log message format changes -- each
e-mail message will log many more messages, since it
will log each piece of information as a separate line
in syslog.
BROKEN_RES_SEARCH
On Ultrix (and maybe other systems?) if you use the
res_search routine with an unknown host name, it returns
-1 but sets h_errno to 0 instead of HOST_NOT_FOUND. If
you set this, sendmail considers 0 to be the same as
HOST_NOT_FOUND.
NAMELISTMASK If defined, values returned by nlist(3) are masked
against this value before use -- a common value is
0x7fffffff to strip off the top bit.
BSD4_4_SOCKADDR If defined, socket addresses have an sa_len field that
defines the length of this address.
SAFENFSPATHCONF Set this to 1 if and only if you have verified that a
pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an
NFS filesystem where the underlying system allows users to
give away files to other users returns <= 0. Be sure you
try both on NFS V2 and V3. Some systems assume that their
local policy apply to NFS servers -- this is a bad
assumption! The test/t_pathconf.c program will try this
for you -- you have to run it in a directory that is
mounted from a server that allows file giveaway.
SIOCGIFCONF_IS_BROKEN
Set this if your system has an SIOCGIFCONF ioctl defined,
but it doesn't behave the same way as "most" systems (BSD,
Solaris, SunOS, HP-UX, etc.)
SIOCGIFNUM_IS_BROKEN
Set this if your system has an SIOCGIFNUM ioctl defined,
but it doesn't behave the same way as "most" systems
(Solaris, HP-UX).
FAST_PID_RECYCLE
Set this if your system can reuse the same PID in the same
second.
SO_REUSEADDR_IS_BROKEN
Set this if your system has a setsockopt() SO_REUSEADDR
flag but doesn't pay attention to it when trying to bind a
socket to a recently closed port.
NEEDSGETIPNODE Set this if your system supports IPv6 but doesn't include
the getipnodeby{name,addr}() functions. Set automatically
for Linux's glibc.
PIPELINING Support SMTP PIPELINING (set by default).
USING_NETSCAPE_LDAP
Deprecated in favor of SM_CONF_LDAP_MEMFREE. See
libsm/README.
NEEDLINK Set this if your system doesn't have a link() call. It
will create a copy of the file instead of a hardlink.
USE_ENVIRON Set this to 1 to access process environment variables from
the external variable environ instead of the third
parameter of main().
USE_DOUBLE_FORK By default this is on (1). Set it to 0 to suppress the
extra fork() used to avoid intermediate zombies.
ALLOW_255 Do not convert (char)0xff to (char)0x7f in headers etc.
This can also be done at runtime with the command line
option -d82.101.
NEEDINTERRNO Set this if <errno.h> does not declare errno, i.e., if an
application needs to use
extern int errno;
USE_TTYPATH Set this to 1 to enable ErrorMode=write.
USESYSCTL Use sysctl(3) to determine the number of CPUs in a system.
HASSNPRINTF Set this to 1 if your OS has a working snprintf(3), i.e.,
it properly obeys the size of the buffer and returns the
number of characters that would have been printed if the
size were unlimited.
LDAP_REFERRALS Set this if you want to use the -R flag (do not auto chase
referrals) for LDAP maps (requires -DLDAPMAP).
MILTER_NO_NAGLE Turn off Nagle algorithm for communication with libmilter
("cork" on Linux). On some operating systems this may
improve the interprocess communication performance.
+-----------------------+
| COMPILE-TIME FEATURES |
+-----------------------+
There are a bunch of features that you can decide to compile in, such
as selecting various database packages and special protocol support.
Several are assumed based on other compilation flags -- if you want to
"un-assume" something, you probably need to edit conf.h. Compilation
flags that add support for special features include:
+CDB Include support for tinycdb.
NDBM Include support for "new" DBM library for aliases and maps.
Normally defined in the Makefile.
NEWDB Include support for Berkeley DB package (hash & btree)
for aliases and maps. Normally defined in the Makefile.
If the version of NEWDB you have is the old one that does
not include the "fd" call (this call was added in version
1.5 of the Berkeley DB code), you must upgrade to the
current version of Berkeley DB.
NIS Define this to get NIS (YP) support for aliases and maps.
Normally defined in the Makefile.
NISPLUS Define this to get NIS+ support for aliases and maps.
Normally defined in the Makefile.
HESIOD Define this to get Hesiod support for aliases and maps.
Normally defined in the Makefile.
NETINFO Define this to get NeXT NetInfo support for aliases and maps.
Normally defined in the Makefile.
LDAPMAP Define this to get LDAP support for maps.
PH_MAP Define this to get PH support for maps.
MAP_NSD Define this to get nsd support for maps.
USERDB Define this to 1 to include support for the User Information
Database. Implied by NEWDB or HESIOD. You can use
-DUSERDB=0 to explicitly turn it off.
IDENTPROTO Define this as 1 to get IDENT (RFC 1413) protocol support.
This is assumed unless you are running on Ultrix or
HP-UX, both of which have a problem in the UDP
implementation. You can define it to be 0 to explicitly
turn off IDENT protocol support. If defined off, the code
is actually still compiled in, but it defaults off; you
can turn it on by setting the IDENT timeout in the
configuration file.
IP_SRCROUTE Define this to 1 to get IP source routing information
displayed in the Received: header. This is assumed on
most systems, but some (e.g., Ultrix) apparently have a
broken version of getsockopt that doesn't properly
support the IP_OPTIONS call. You probably want this if
your OS can cope with it. Symptoms of failure will be that
it won't compile properly (that is, no support for fetching
IP_OPTIONs), or it compiles but source-routed TCP connections
either refuse to open or open and hang for no apparent reason.
Ultrix and AIX3 are known to fail this way.
LOG Set this to get syslog(3) support. Defined by default
in conf.h. You want this if at all possible.
NETINET Set this to get TCP/IP support. Defined by default
in conf.h. You probably want this.
NETINET6 Set this to get IPv6 support. Other configuration may
be needed in conf.h for your particular operating system.
Also, DaemonPortOptions must be set appropriately for
sendmail to accept IPv6 connections.
NETISO Define this to get ISO networking support.
NETUNIX Define this to get Unix domain networking support. Defined
by default. A few bizarre systems (SCO, ISC, Altos) don't
support this networking domain.
NETNS Define this to get NS networking support.
NETX25 Define this to get X.25 networking support.
NAMED_BIND If non-zero, include DNS (name daemon) support, including
MX support. The specs say you must use this if you run
SMTP. You don't have to be running a name server daemon
on your machine to need this -- any use of the DNS resolver,
including remote access to another machine, requires this
option. Defined by default in conf.h. Define it to zero
ONLY on machines that do not use DNS in any way.
MATCHGECOS Permit fuzzy matching of user names against the full
name (GECOS) field in the /etc/passwd file. This should
probably be on, since you can disable it from the config
file if you want to. Defined by default in conf.h.
MIME8TO7 If non-zero, include 8 to 7 bit MIME conversions. This
also controls advertisement of 8BITMIME in the ESMTP
startup dialogue.
MIME7TO8_OLD If 0 then use an algorithm for MIME 7-bit quoted-printable
or base64 encoding to 8-bit text that has been introduced
in 8.12.3. There are some examples where that code fails,
but the old code works. If you have an example of improper
7 to 8 bit conversion please send it to sendmail-bugs.
MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions.
HES_GETMAILHOST Define this to 1 if you are using Hesiod with the
hes_getmailhost() routine. This is included with the MIT
Hesiod distribution, but not with the DEC Hesiod distribution.
XDEBUG Do additional internal checking. These don't cost too
much; you might as well leave this on.
TCPWRAPPERS Turns on support for the TCP wrappers library (-lwrap).
See below for further information.
SECUREWARE Enable calls to the SecureWare luid enabling/changing routines.
SecureWare is a C2 security package added to several UNIX's
(notably ConvexOS) to get a C2 Secure system. This
option causes mail delivery to be done with the luid of the
recipient.
SHARE_V1 Support for the fair share scheduler, version 1. Setting to
1 causes final delivery to be done using the recipients
resource limitations. So far as I know, this is only
supported on ConvexOS.
SASL Enables SMTP AUTH (RFC 2554). This requires the Cyrus SASL
library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/). Please
install at least version 1.5.13. See below for further
information: SASL COMPILATION AND CONFIGURATION. If your
SASL library is older than 1.5.10, you have to set this
to its version number using a simple conversion: a.b.c
-> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
Note: Using an older version than 1.5.5 of Cyrus SASL is
not supported. Starting with version 1.5.10, setting SASL=1
is sufficient. Any value other than 1 (or 0) will be
compared with the actual version found and if there is a
mismatch, compilation will fail.
EGD Define this if your system has EGD installed, see
http://egd.sourceforge.net/ . It should be used to
seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
STARTTLS Enables SMTP STARTTLS (RFC 2487). This requires OpenSSL
(http://www.OpenSSL.org/); use OpenSSL 0.9.8zc or later.
See STARTTLS COMPILATION AND CONFIGURATION for further
information.
+TLS_EC Enable use of elliptic curve cryptography in STARTTLS.
+ If set to 2 sendmail uses SSL_CTX_set_ecdh_auto(),
+ if set to 1 it selects the NID_X9_62_prime256v1 curve
+ (created via EC_KEY_new_by_curve_name()) and uses
+ SSL_CTX_set_tmp_ecdh().
+ Support offered by different TLS libraries varies
+ greatly: some old versions do not support elliptic curve
+ cryptography at all, some new versions have it enabled
+ by default (i.e., no need to set TLS_EC at all), while
+ others may require one of the above settings.
TLS_NO_RSA Turn off support for RSA algorithms in STARTTLS.
MILTER Turn on support for external filters using the Milter API;
this option is set by default, to turn it off use
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=0')
in devtools/Site/site.config.m4 (see devtools/README).
See libmilter/README for more information about milter.
REQUIRES_DIR_FSYNC Turn on support for file systems that require to
call fsync() for a directory if the meta-data in it has
been changed. This should be turned on at least for older
versions of ReiserFS; it is enabled by default for Linux.
According to some information this flag is not needed
anymore for kernel 2.4.16 and newer. We would appreciate
feedback about the semantics of the various file systems
available for Linux.
An alternative to this compile time flag is to mount the
queue directory without the -async option, or using
chattr +S on Linux.
DBMMODE The default file permissions to use when creating new
database files for maps and aliases. Defaults to 0640.
IPV6_FULL Use uncompressed IPv6 addresses (set by default). This
permits a zero subnet to have a more specific match,
such as different map entries for IPv6:0:0 vs IPv6:0.
Generic notice: If you enable a compile time option that needs
libraries or include files that don't come with sendmail or are
installed in a location that your C compiler doesn't use by default
you should set confINCDIRS and confLIBDIRS as explained in the
first section: BUILDING SENDMAIL.
+---------------------+
| DNS/RESOLVER ISSUES |
+---------------------+
Many systems have old versions of the resolver library. At a minimum,
you should be running BIND 4.8.3; older versions may compile, but they
have known bugs that should give you pause.
Common problems in old versions include "undefined" errors for
dn_skipname.
Some people have had a problem with BIND 4.9; it uses some routines
that it expects to be externally defined such as strerror(). It may
help to link with "-l44bsd" to solve this problem. This has apparently
been fixed in later versions of BIND, starting around 4.9.3. In other
words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or
later versions, you do not.
!PLEASE! be sure to link with the same version of the resolver as
the header files you used -- some people have used the 4.9 headers
and linked with BIND 4.8 or vice versa, and it doesn't work.
Unfortunately, it doesn't fail in an obvious way -- things just
subtly don't work.
WILDCARD MX RECORDS ARE A BAD IDEA! The only situation in which they
work reliably is if you have two versions of DNS, one in the real world
which has a wildcard pointing to your firewall, and a completely
different version of the database internally that does not include
wildcard MX records that match your domain. ANYTHING ELSE WILL GIVE
YOU HEADACHES!
When attempting to canonify a hostname, some broken name servers will
return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. If you
want to excuse this behavior, include WorkAroundBrokenAAAA in
ResolverOptions. However, instead, we recommend catching the problem and
reporting it to the name server administrator so we can rid the world of
broken name servers.
+----------------------------------------+
| STARTTLS COMPILATION AND CONFIGURATION |
+----------------------------------------+
Please read the documentation accompanying the OpenSSL library. You
have to compile and install the OpenSSL libraries before you can compile
sendmail. See devtools/README how to set the correct compile time
parameters; you should at least set the following variables:
APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
If you have installed the OpenSSL libraries and include files in
a location that your C compiler doesn't use by default you should
set confINCDIRS and confLIBDIRS as explained in the first section:
BUILDING SENDMAIL.
Configuration information can be found in doc/op/op.me (required
certificates) and cf/README (how to tell sendmail about certificates).
To perform an initial test, connect to your sendmail daemon
(telnet localhost 25) and issue a EHLO localhost and see whether
250-STARTTLS
is in the response. If it isn't, run the daemon with
-O LogLevel=14
and try again. Then take a look at the logfile and see whether
there are any problems listed about permissions (unsafe files)
or the validity of X.509 certificates.
From: Garrett Wollman <wollman@lcs.mit.edu>
If your certificate authority is hierarchical, and you only include
the top-level CA certificate in the CACertFile file, some mail clients
may be unable to infer the proper certificate chain when selecting a
client certificate. Including the bottom-level CA certificate(s) in
the CACertFile file will allow these clients to work properly. This
is not necessary if you are not using client certificates for
authentication, or if all your clients are running Sendmail or other
programs using the OpenSSL library (which get it right automatically).
In addition, some mail clients are totally incapable of using
certificate authentication -- even some of those which already support
SSL/TLS for confidentiality.
Further information can be found via:
http://www.sendmail.org/tips/
+------------------------------------+
| SASL COMPILATION AND CONFIGURATION |
+------------------------------------+
Please read the documentation accompanying the Cyrus SASL library
(INSTALL and README). If you use Berkeley DB for Cyrus SASL then
you must compile sendmail with the same version of Berkeley DB.
See devtools/README for how to set the correct compile time parameters;
you should at least set the following variables:
APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
If you have installed the Cyrus SASL library and include files in
a location that your C compiler doesn't use by default you should
set confINCDIRS and confLIBDIRS as explained in the first section:
BUILDING SENDMAIL.
You have to select and install authentication mechanisms and tell
sendmail where to find the sasl library and the include files (see
devtools/README for the parameters to set). Set up the required
users and passwords as explained in the SASL documentation. See
also cf/README for authentication related options (especially
DefaultAuthInfo if you want authentication between MTAs).
To perform an initial test, connect to your sendmail daemon
(telnet localhost 25) and issue a EHLO localhost and see whether
250-AUTH ....
is in the response. If it isn't, run the daemon with
-O LogLevel=14
and try again. Then take a look at the logfile and see whether
there are any security related problems listed (unsafe files).
Further information can be found via:
http://www.sendmail.org/tips/
+-------------------------------------+
| OPERATING SYSTEM AND COMPILE QUIRKS |
+-------------------------------------+
GCC problems
When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
too (see include/sm/cdefs.h for more info).
*****************************************************************
** IMPORTANT: DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE **
** RUNNING GCC 2.4.x or 2.5.x. THERE IS A BUG IN THE GCC **
** OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
*****************************************************************
Jim Wilson of Cygnus believes he has found the problem -- it will
probably be fixed in GCC 2.5.6 -- but until this is verified, be
very suspicious of gcc -O. This problem is reported to have been
fixed in gcc 2.6.
A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with
optimization on a Sparc. If you are using gcc 2.5.5, youi should
upgrade to the latest version of gcc.
Apparently GCC 2.7.0 on the Pentium processor has optimization
problems. I recommend against using -O on that architecture. This
has been seen on FreeBSD 2.0.5 RELEASE.
Solaris 2.X users should use version 2.7.2.3 over 2.7.2.
We have been told there are problems with gcc 2.8.0. If you are
using this version, you should upgrade to 2.8.1 or later.
Berkeley DB
Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
You need at least 4.1.25.
GDBM GDBM does not work with sendmail because the additional
security checks and file locking cause problems. Unfortunately,
gdbm does not provide a compile flag in its version of ndbm.h so
the code can adapt. Until the GDBM authors can fix these problems,
GDBM will not be supported. Please use Berkeley DB instead.
Configuration file location
Up to 8.6, sendmail tried to find the sendmail.cf file in the same
place as the vendors had put it, even when this was obviously
stupid. As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
You can get sendmail to use the stupid vendor .cf location by
adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
support programs and scripts that need to find sendmail.cf. You
are STRONGLY urged to use symbolic links if you want to use the
vendor location rather than changing the location in the sendmail
binary.
NETINFO systems use NETINFO to determine the location of
sendmail.cf. The full path to sendmail.cf is stored as the value of
the "sendmail.cf" property in the "/locations/sendmail"
subdirectory of NETINFO. Set the value of this property to
"/etc/mail/sendmail.cf" (without the quotes) to use this new
default location for Sendmail 8.10.0 and higher.
ControlSocket permissions
Paraphrased from BIND 8.2.1's README:
Solaris and other pre-4.4BSD kernels do not respect ownership or
protections on UNIX-domain sockets. The short term fix for this is to
override the default path and put such control sockets into root-
owned directories which do not permit non-root to r/w/x through them.
The long term fix is for all kernels to upgrade to 4.4BSD semantics.
HP MPE/iX
The MPE-specific code within sendmail emulates a set-user-id root
environment for the sendmail binary. But there is no root uid 0 on
MPE, nor is there any support for set-user-id programs. Even when
sendmail thinks it is running as uid 0, it will still have the file
access rights of the underlying non-zero uid, but because sendmail is
an MPE priv-mode program it will still be able to call setuid() to
successfully switch to a new uid.
MPE setgid() semantics don't quite work the way sendmail expects, so
special emulation is done here also.
This uid/gid emulation is enabled via the setuid/setgid file mode bits
which are not currently used by MPE. Code in libsm/mpeix.c examines
these bits and enables emulation if they have been set, i.e.,
chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL.
SunOS 4.x (Solaris 1.x)
You may have to use -lresolv on SunOS. However, beware that
this links in a new version of gethostbyname that does not
understand NIS, so you must have all of your hosts in DNS.
Some people have reported problems with the SunOS version of
-lresolv and/or in.named, and suggest that you get a newer
version. The symptoms are delays when you connect to the
SMTP server on a SunOS machine or having your domain added to
addresses inappropriately. There is a version of BIND
version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
There is substantial disagreement about whether you can make
this work with resolv+, which allows you to specify a search-path
of services. Some people report that it works fine, others
claim it doesn't work at all (including causing sendmail to
drop core when it tries to do multiple resolv+ lookups for a
single job). I haven't tried resolv+, as we use DNS exclusively.
Should you want to try resolv+, it is on ftp.uu.net in
/networking/ip/dns.
Apparently getservbyname() can fail under moderate to high
load under some circumstances. This will exhibit itself as
the message ``554 makeconnection: service "smtp" unknown''.
The problem has been traced to one or more blank lines in
/etc/services on the NIS server machine. Delete these
and it should work. This info is thanks to Brian Bartholomew
<bb@math.ufl.edu> of I-Kinetics, Inc.
NOTE: The SunOS 4.X linker uses library paths specified during
compilation using -L for run-time shared library searches.
Therefore, it is vital that relative and unsafe directory paths not
be used when compiling sendmail.
SunOS 4.0.2 (Sun 386i)
Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
From: teus@oce.nl
Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the
following changes:
* Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
available as "uname" command.
* Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
devtools/OS/SunOS.4.0, which is selected via the "uname" command.
I recommend to make available the db-library on the system first
(and change the Makefile to use this library).
Note that the sendmail.cf and aliases files are found in /etc.
SunOS 4.1.3, 4.1.3_U1
Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1. According
to Sun bug number 1077939:
If an application does a getsockopt() on a SOCK_STREAM (TCP) socket
after the other side of the connection has sent a TCP RESET for
the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or
ip_ctloutput() routine.
For 4.1.3, this is fixed in patch 100584-08, available on the
Sunsolve 2.7.1 or later CDs. For 4.1.3_U1, this was fixed in patch
101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later
obsoleted by patch 102010-05.
Sun patch 100584-08 is not currently publicly available on their
ftp site but a user has reported it can be found at other sites
using a web search engine.
Solaris 2.x (SunOS 5.x)
To compile for Solaris, the Makefile built by Build must
include a SOLARIS definition which reflects the Solaris version
(i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1).
If you are using gcc, make sure -I/usr/include is not used (or
it might complain about TopFrame). If you are using Sun's cc,
make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
(or it might complain about tm_zone).
The Solaris 2.x (x <= 3) "syslog" function is apparently limited
to something about 90 characters because of a kernel limitation.
If you have source code, you can probably up this number. You
can get patches that fix this problem: the patch ids are:
Solaris 2.1 100834
Solaris 2.2 100999
Solaris 2.3 101318
Be sure you have the appropriate patch installed or you won't
see system logging.
Solaris 2.4 (SunOS 5.4)
If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
the risk of getting the wrong libraries under some circumstances.
This is because of a new feature in Solaris 2.4, described by
Rod.Evans@Eng.Sun.COM:
>> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
>> runtime linker if the application was setxid (secure), thus your
>> applications search path would be:
>>
>> /usr/local/lib LD_LIBRARY_PATH component - IGNORED
>> /usr/lib LD_LIBRARY_PATH component - IGNORED
>> /usr/local/lib RPATH - honored
>> /usr/lib RPATH - honored
>>
>> the effect is that path 3 would be the first used, and this would
>> satisfy your resolv.so lookup.
>>
>> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
>> People who developed setxid applications wanted to be able to alter
>> the library search path to some degree to allow for their own
>> testing and debugging mechanisms. It was decided that the only
>> secure way to do this was to allow a `trusted' path to be used in
>> LD_LIBRARY_PATH. The only trusted directory we presently define
>> is /usr/lib. Thus a set-user-ID root developer could play with some
>> alternative shared object implementations and place them in
>> /usr/lib (being root we assume they'ed have access to write in this
>> directory). This change was made as part of 1155380 - after a
>> *huge* amount of discussion regarding the security aspect of things.
>>
>> So, in SunOS 5.4 your applications search path would be:
>>
>> /usr/local/lib from LD_LIBRARY_PATH - IGNORED (untrustworthy)
>> /usr/lib from LD_LIBRARY_PATH - honored (trustworthy)
>> /usr/local/lib from RPATH - honored
>> /usr/lib from RPATH - honored
>>
>> here, path 2 would be the first used.
Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
Apparently Solaris 2.5.1 patch 103663-01 installs a new
/usr/include/resolv.h file that defines the __P macro without
checking to see if it is already defined. This new resolv.h is also
included in the Solaris 2.6 distribution. This causes compile
warnings such as:
In file included from daemon.c:51:
/usr/include/resolv.h:208: warning: `__P' redefined
cdefs.h:58: warning: this is the location of the previous definition
These warnings can be safely ignored or you can create a resolv.h
file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads:
#undef __P
#include "/usr/include/resolv.h"
This problem was fixed in Solaris 7 (Sun bug ID 4081053).
Solaris 7 (SunOS 5.7)
Solaris 7 includes LDAP libraries but the implementation was
lacking a few things. The following settings can be placed in
devtools/Site/site.SunOS.5.7.m4 if you plan on using those
libraries.
APPENDDEF(`confMAPDEF', `-DLDAPMAP')
APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
APPENDDEF(`confLIBS', `-lldap')
Also, Sun's patch 107555 is needed to prevent a crash in the call
to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
LDAP support is compiled in sendmail.
Solaris 8 and later (SunOS 5.8 and later)
Solaris 8 and later can optionally install LDAP support. If you
have installed the Entire Distribution meta-cluster, you can use
the following in devtools/Site/site.SunOS.5.8.m4 (or other
appropriately versioned file) to enable LDAP:
APPENDDEF(`confMAPDEF', `-DLDAPMAP')
APPENDDEF(`confLIBS', `-lldap')
Solaris 9 and later (SunOS 5.9 and later)
Solaris 9 and later have a revised LDAP library, libldap.so.5,
which is derived from a Netscape implementation, thus requiring
that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP:
APPENDDEF(`confMAPDEF', `-DLDAPMAP')
APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE')
APPENDDEF(`confLIBS', `-lldap')
Solaris
If you are using dns for hostname resolution on Solaris, make sure
that the 'dns' entry is last on the hosts line in
'/etc/nsswitch.conf'. For example, use:
hosts: nisplus files dns
Do not use:
hosts: nisplus dns [NOTFOUND=return] files
Note that 'nisplus' above is an illustration. The same comment
applies no matter what naming services you are using. If you have
anything other than dns last, even after "[NOTFOUND=return]",
sendmail may not be able to determine whether an error was
temporary or permanent. The error returned by the solaris
gethostbyname() is the error for the last lookup used, and other
naming services do not have the same concept of temporary failure.
Ultrix
By default, the IDENT protocol is turned off on Ultrix. If you
are running Ultrix 4.4 or later, or if you have included patch
CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
IDENT on in the configuration file by setting the "ident" timeout.
The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
included in libc.a. Unfortunately, the __RES symbol hasn't changed
and therefore, sendmail can no longer automatically detect the
newer version. If you get a compiler error:
/lib/libc.a(gethostent.o): local_hostname_length: multiply defined
Then rebuild with this in devtools/Site/site.ULTRIX.m4:
APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
Digital UNIX (formerly DEC OSF/1)
If you are compiling on OSF/1 (DEC Alpha), you must use
-L/usr/shlib (otherwise it core dumps on startup). You may also
need -mld to get the nlist() function, although some versions
apparently don't need this.
Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
it, just create the link to the sendmail binary.
On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work
properly due to a bug in the getpw* routines. If you want to use
this, use -DDEC_OSF_BROKEN_GETPWENT=1. The problem is fixed in 3.2C.
Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will
only preserve the envelope sender in the "From " header if
DefaultUserID is set to daemon. Setting this to mailnull will
cause all mail to have the header "From mailnull ...". To use
a different DefaultUserID, you will need to use a different mail
delivery agent (such as mail.local found in the sendmail
distribution).
On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the
operating system and already has the ndbm.o module removed. However,
Digital has modified the original Berkeley DB db.h include file.
This results in the following warning while compiling map.c and udb.c:
cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro
"__signed" conflicts with a current definition because the replacement
lists differ. The redefinition is now in effect.
#define __signed signed
------------------------^
This warning can be ignored.
Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/.
If you have installed a new version of BIND in /usr/include
and /usr/lib, you will experience difficulties as Digital ships
libresolv.a in /usr/ccs/lib/ as well. Be sure to replace both
copies of libresolv.a.
IRIX
The header files on SGI IRIX are completely prototyped, and as
a result you can sometimes get some warning messages during
compilation. These can be ignored. There are two errors in
deliver only if you are using gcc, both of the form ``warning:
passing arg N of `execve' from incompatible pointer type''.
Also, if you compile with -DNIS, you will get a complaint
about a declaration of struct dom_binding in a prototype
when compiling map.c; this is not important because the
function being prototyped is not used in that file.
In order to compile sendmail you will have had to install
the developers' option in order to get the necessary include
files.
If you compile with -lmalloc (the fast memory allocator), you may
get warning messages such as the following:
ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so
preempts that definition in /usr/lib32/mips3/libc.so.
ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so
preempts that definition in /usr/lib32/mips3/libc.so.
ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so
preempts that definition in /usr/lib32/mips3/libc.so.
ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so
preempts that definition in /usr/lib32/mips3/libc.so.
ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so
preempts that definition in /usr/lib32/mips3/libc.so.
These are unavoidable and innocuous -- just ignore them.
According to Dave Sill <de5@ornl.gov>, there is a version of the
Berkeley DB library patched to run on Irix 6.2 available from
http://reality.sgi.com/ariel/freeware/#db .
IRIX 6.x
If you are using XFS filesystem, avoid using the -32 ABI switch to
the cc compiler if possible.
Broken inet_aton and inet_ntoa on IRIX using gcc: There's
a problem with gcc on IRIX, i.e., gcc can't pass structs
less than 16 bits long unless they are 8 bits; IRIX 6.2 has
some other sized structs. See
http://www.bitmechanic.com/mail-archives/mysql/current/0418.html
This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1
is reported as broken. Check your gcc version for this bug
before installing sendmail.
IRIX 6.4
The IRIX 6.5.4 version of /bin/m4 does not work properly with
sendmail. Either install fw_m4.sw.m4 off the Freeware_May99 CD and
use /usr/freeware/bin/m4 or install and use GNU m4.
NeXT or NEXTSTEP
NEXTSTEP 3.3 and earlier ship with the old DBM library. Also,
Berkeley DB does not currently run on NEXTSTEP.
If you are compiling on NEXTSTEP, you will have to create an
empty file "unistd.h" and create a file "dirent.h" containing:
#include <sys/dir.h>
#define dirent direct
(devtools/OS/NeXT should try to do both of these for you.)
Apparently, there is a bug in getservbyname on Nextstep 3.0
that causes it to fail under some circumstances with the
message "SYSERR: service "smtp" unknown" logged. You should
be able to work around this by including the line:
OOPort=25
in your .cf file.
BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
The "m4" from BSDI won't handle the config files properly.
I haven't had a chance to test this myself.
The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
files properly. One must use either GNU m4 1.1 or the PD-M4
recently posted in comp.os.386bsd.bugs (and maybe others).
NetBSD-current includes the PD-M4 (as stated in the NetBSD file
CHANGES).
FreeBSD 1.0 RELEASE has uname(2) now. Use -DUSEUNAME in order to
use it (look into devtools/OS/FreeBSD). NetBSD-current may have
it too but it has not been verified.
The latest version of Berkeley DB uses a different naming
scheme than the version that is supplied with your release. This
means you will be able to use the current version of Berkeley DB
with sendmail as long you use the new db.h when compiling
sendmail and link it against the new libdb.a or libdb.so. You
should probably keep the original db.h in /usr/include and the
new db.h in /usr/local/include.
4.3BSD
If you are running a "virgin" version of 4.3BSD, you'll have
a very old resolver and be missing some header files. The
header files are simple -- create empty versions and everything
will work fine. For the resolver you should really port a new
version (4.8.3 or later) of the resolver; 4.9 is available on
gatekeeper.DEC.COM in pub/BSD/bind/4.9. If you are really
determined to continue to use your old, buggy version (or as
a shortcut to get sendmail working -- I'm sure you have the
best intentions to port a modern version of BIND), you can
copy ../contrib/oldbind.compat.c into sendmail and add the
following to devtools/Site/site.config.m4:
APPENDDEF(`confOBJADD', `oldbind.compat.o')
OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE)
m4 from *BSD won't handle libsm/Makefile.m4 properly, since the
maximum length for strings is too short. You need to use GNU m4
or patch m4, see for example:
http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12
A/UX
Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
Subject: Fix for A/UX ndbm
I guess this isn't really a sendmail bug, however, it is something
that A/UX users should be aware of when compiling sendmail 8.6.
Apparently, the calls that sendmail is using to the ndbm routines
in A/UX 3.0.x contain calls to "broken" routines, in that the
aliases database will break when it gets "just a little big"
(sorry I don't have exact numbers here, but it broke somewhere
around 20-25 aliases for me.), making all aliases non-functional
after exceeding this point.
What I did was to get the gnu-dbm-1.6 package, compile it, and
then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
ndbm.h header file that comes with the gnu-package. This makes
things behave properly.
[NOTE: see comment above about GDBM]
I suppose porting the New Berkeley DB package is another route,
however, I made a quick attempt at it, and found it difficult
(not easy at least); the gnu-dbm package "configured" and
compiled easily.
[NOTE: Berkeley DB version 2.X runs on A/UX and can be used for
database maps.]
SCO Unix
From: Thomas Essebier <tom@stallion.oz.au>
Organisation: Stallion Technologies Pty Ltd.
It will probably help those who are trying to configure sendmail 8.6.9
to know that if they are on SCO, they had better set
OI-dnsrch
or they will core dump as soon as they try to use the resolver.
i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3,
it does not inititialise it, nor does it understand 'search' in
/etc/named.boot.
- sigh -
According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
We recommend installing GNU m4 before attempting to build sendmail.
On some versions a bogus error value is listed if connections
time out (large negative number). To avoid this explicitly set
Timeout.connect to a reasonable value (several minutes).
DG/UX
Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
Originally, the DG /bin/mail program wasn't compatible with
the V8 sendmail, since the DG /bin/mail requires the environment
variable "_FORCE_MAIL_LOCAL_=yes" be set. Version 8.7 now includes
this in the environment before invoking the local mailer. Some
have used procmail to avoid this problem in the past. It works
but some have experienced file locking problems with their DG/UX
ports of procmail.
Apollo DomainOS
If you are compiling on Apollo, you will have to create an empty
file "unistd.h" (for DomainOS 10.3 and earlier) and create a file
"dirent.h" containing:
#include <sys/dir.h>
#define dirent direct
(devtools/OS/DomainOS will attempt to do both of these for you.)
HP-UX 8.00
Date: Mon, 24 Jan 1994 13:25:45 +0200
From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
Subject: 8.6.5 w/ HP-UX 8.00 on s300
Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e.,
a series 300 machine) running HP-UX 8.00.
I was getting segmentation fault when delivering to a local user.
With debugging I saw it was faulting when doing _free@libc... *sigh*
It seems the new implementation of malloc on s300 is buggy as of 8.0,
so I tried out the one in -lmalloc (malloc(3X)). With that it seems
to work just dandy.
When linking, you will get the following error:
ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
but you can just ignore it. You might want to add this info to the
README file for the future...
Linux
Something broke between versions 0.99.13 and 0.99.14 of Linux: the
flock() system call gives errors. If you are running .14, you must
not use flock. You can do this with -DHASFLOCK=0. We have also
been getting complaints since version 2.4.X was released.
sendmail 8.13 has changed the default locking method to fcntl()
for Linux kernel version 2.4 and later. Be sure to update other
sendmail related programs to match locking techniques (some
examples, besides makemap and mail.local, include procmail, mailx,
mutt, elm, etc).
Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the
initialization of the _res structure changed. If /etc/hosts.conf
was configured as "hosts, bind" the resolver code could return
"Name server failure" errors. This is supposedly fixed in
later versions of libc (>= 4.6.29?), and later versions of
sendmail (> 8.6.10) try to work around the problem.
Some older versions (< 4.6.20?) of the libc/include files conflict
with sendmail's version of cdefs.h. Deleting sendmail's version
on those systems should be non-harmful, and new versions don't care.
NOTE ON LINUX & BIND: By default, the Makefile generated for Linux
includes header files in /usr/local/include and libraries in
/usr/local/lib. If you've installed BIND on your system, the header
files typically end up in the search path and you need to add
"-lresolv" to the LIBS line in your Makefile. Really old versions
may need to include "-l44bsd" as well (particularly if the link phase
complains about missing strcasecmp, strncasecmp or strpbrk).
Complaints about an undefined reference to `__dn_skipname' in
domain.o are a sure sign that you need to add -lresolv to LIBS.
Newer versions of Linux are basically threaded BIND, so you may or
may not see complaints if you accidentally mix BIND
headers/libraries with virginal libc. If you have BIND headers in
/usr/local/include (resolv.h, etc) you *should* be adding -lresolv
to LIBS. Data structures may change and you'd be asking for a
core dump.
A number of problems have been reported regarding the Linux 2.2.0
kernel. So far, these problems have been tracked down to syslog()
and DNS resolution. We believe the problem is with the poll()
implementation in the Linux 2.2.0 kernel and poll()-aware versions
of glib (at least up to 2.0.111).
glibc
glibc 2.2.1 (and possibly other versions) changed the value of
__RES in resolv.h but failed to actually provide the IPv6 API
changes that the change implied. Therefore, compiling with
-DNETINET6 fails.
Workarounds:
1) Compile without -DNETINET6
2) Build against a real BIND 8.2.2 include/lib tree
3) Wait for glibc to fix it
AIX 4.X
The AIX 4.X linker uses library paths specified during compilation
using -L for run-time shared library searches. Therefore, it is
vital that relative and unsafe directory paths not be using when
compiling sendmail. Because of this danger, by default, compiles
on AIX use the -blibpath option to limit shared libraries to
/usr/lib and /lib. If you need to allow more directories, such as
/usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
appropriately. For example:
define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
Be sure to only add (safe) system directories.
The AIX version of GNU ld also exhibits this problem. If you are
using that version, instead of -blibpath, use its -rpath option.
For example:
gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
AIX 4.X If the test program t-event (and most others) in libsm fails,
check your compiler settings. It seems that the flags -qnoro or
-qnoroconst on some AIX versions trigger a compiler bug. Check
your compiler settings or use cc instead of xlc.
AIX 4.0-4.2, maybe some AIX 4.3 versions
The AIX m4 implements a different mechanism for ifdef which is
inconsistent with other versions of m4. Therefore, it will not
work properly with the sendmail Build architecture or m4
configuration method. To work around this problem, please use
GNU m4 from ftp://ftp.gnu.org/pub/gnu/.
The problem seems to be solved in AIX 4.3.3 at least.
AIX 4.3.3
From: Valdis.Kletnieks@vt.edu
Date: Sun, 02 Jul 2000 03:58:02 -0400
Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
BIND 8.2.2 security holes, you can no longer build with -DNETINET6
because they changed the value of __RES in resolv.h but failed to
actually provide the API changes that the change implied.
Workarounds:
1) Compile without -DNETINET6
2) Build against a real BIND 8.2.2 include/lib tree
3) Wait for IBM to fix it
AIX 3.x
This version of sendmail does not support MB, MG, and MR resource
records, which are supported by AIX sendmail.
Several people have reported that the IBM-supplied named returns
fairly random results -- the named should be replaced. It is not
necessary to replace the resolver, which will simplify installation.
A new BIND resolver can be found at http://www.isc.org/isc/.
AIX 3.1.x
The supplied load average code only works correctly for AIX 3.2.x.
For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor''
package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the
directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd
daemon, and the getloadavg subroutine supplied with that package.
If you don't care about load average throttling, just turn off
load average checking using -DLA_TYPE=LA_ZERO.
RISC/os
RISC/os from MIPS is a merged AT&T/Berkeley system. When you
compile on that platform you will get duplicate definitions
on many files. You can ignore these.
System V Release 4 Based Systems
There is a single devtools OS that is intended for all SVR4-based
systems (built from devtools/OS/SVR4). It defines __svr4__,
which is predefined by some compilers. If your compiler already
defines this compile variable, you can delete the definition from
the generated Makefile or create a devtools/Site/site.config.m4
file.
It's been tested on Dell Issue 2.2.
DELL SVR4
Date: Mon, 06 Dec 1993 10:42:29 EST
From: "Kimmo Suominen" <kim@grendel.lut.fi>
Message-ID: <2d0352f9.lento29@lento29.UUCP>
To: eric@cs.berkeley.edu
Cc: sendmail@cs.berkeley.edu
Subject: Notes for DELL SVR4
Eric,
Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4. I ran
across these things when helping out some people who contacted me by
e-mail.
1) Use gcc 2.4.5 (or later?). Dell distributes gcc 2.1 with their
Issue 2.2 Unix. It is too old, and gives you problems with
clock.c, because sigset_t won't get defined in <sys/signal.h>.
This is due to a problematic protection rule in there, and is
fixed with gcc 2.4.5.
2) If you don't use the new Berkeley DB (-DNEWDB), then you need
to add "-lc -lucb" to the libraries to link with. This is because
the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
functions. It is important that you specify both libraries in
the given order to be sure you only get the BSTRING functions
from the UCB library (and not the signal routines etc.).
3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
The UCB library also has another copy of the nlist routines,
but we do want the ones from "-lelf".
If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
can use anonymous ftp to fetch them from lut.fi in the /kim directory.
They are copies of what I use on grendel.lut.fi, and offering them
does not imply that I would also support them. I have sent the DB
port for SVR4 back to Keith Bostic for inclusion in the official
distribution, but I haven't heard anything from him as of today.
- gcc-2.4.5-svr4.tar.gz (gcc 2.4.5 and the corresponding libg++)
- db-1.72.tar.gz (with source, objects and a installed copy)
Cheers
+ Kim
--
* Kimmo.Suominen@lut.fi * SysVr4 enthusiast at GRENDEL.LUT.FI *
* KIM@FINFILES.BITNET * Postmaster and Hostmaster at LUT.FI *
* + 358 200 865 718 * Unix area moderator at NIC.FUNET.FI *
ConvexOS 10.1 and below
In order to use the name server, you must create the file
/etc/use_nameserver. If this file does not exist, the call
to res_init() will fail and you will have absolutely no
access to DNS, including MX records.
Amdahl UTS 2.1.5
In order to get UTS to work, you will have to port BIND 4.9.
The vendor's BIND is reported to be ``totally inadequate.''
See sendmail/contrib/AmdahlUTS.patch for the patches necessary
to get BIND 4.9 compiled for UTS.
UnixWare
According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
the m4 on UnixWare 2.0 (still in Beta) will core dump on the
config files. GNU m4 and the m4 from UnixWare 1.x both work.
According to Larry Rosenman <ler@lerami.lerctr.org>:
UnixWare 2.1.[23]'s m4 chokes (not obviously) when
processing the 8.9.0 cf files.
I had a LOCAL_RULE_0 that wound up AFTER the
SBasic_check_rcpt rules using the SCO supplied M4.
GNU M4 works fine.
UNICOS 8.0.3.4
Some people have reported that the -O flag on UNICOS can cause
problems. You may want to turn this off if you have problems
running sendmail. Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
Darwin/Mac OS X (10.X.X)
The linker errors produced regarding getopt() and its associated
variables can safely be ignored.
From Mike Zimmerman <zimmy@torrentnet.com>:
From scratch here is what Darwin users need to do to the standard
10.0.0, 10.0.1 install to get sendmail working.
From http://www.macosx.com/forums/showthread.php?s=6dac0e9e1f3fd118a4870a8a9b559491&threadid=2242:
1. chmod g-w / /private /private/etc
2. Properly set HOSTNAME in /etc/hostconfig to your FQDN:
HOSTNAME=-my.domain.com-
3. Edit /etc/rc.boot:
hostname my.domain.com
domainname domain.com
4. Edit /System/Library/StartupItems/Sendmail/Sendmail:
Remove the "&" after the sendmail command:
/usr/sbin/sendmail -bd -q1h
From Carsten Klapp <carsten.klapp@home.com>:
The easiest workaround is to remove the group-writable permission
for the root directory and the symbolic /etc inherits this
change. While this does fix sendmail, the unfortunate side-effect
is the OS X admin will no longer be able to manipulate icons in the
top level of the Startup disk unless logged into the GUI as the
superuser.
In applying the alternate workaround, care must be taken while
swapping the symlink /etc with the directory /private/etc. In all
likelihood any admin who is concerned with this sendmail error has
enough experience to not accidentally harm anything in the process.
a. Swap the /etc symlink with /private/etc (as superuser):
rm /etc
mv /private/etc /etc
ln -s /etc /private/etc
b. Set / to group unwritable (as superuser):
chmod g-w /
Darwin/Mac OS X (10.1.5)
Apple's upgrade to sendmail 8.12 is incorrectly configured. You
will need to manually fix it up by doing the following:
1. chown smmsp:smmsp /var/spool/clientmqueue
2. chmod 2770 /var/spool/clientmqueue
3. chgrp smmsp /usr/sbin/sendmail
4. chmod g+s /usr/sbin/sendmail
From Daniel J. Luke <dluke@geeklair.net>:
It appears that setting the sendmail.cf property in
/locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail
8.12.4 causes 'bad things' to happen.
Specifically sendmail instances that should be getting their config
from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which
open pipes to sendmail stop working as sendmail tries to write to
/var/spool/mqueue and cannot as sendmail is no longer suid root).
Removing the entry from NetInfo fixes this problem.
GNU getopt
I'm told that GNU getopt has a problem in that it gets confused
by the double call. Use the version in conf.c instead.
BIND 4.9.2 and Ultrix
If you are running on Ultrix, be sure you read conf/Info.Ultrix
in the BIND distribution very carefully -- there is information
in there that you need to know in order to avoid errors of the
form:
/lib/libc.a(gethostent.o): sethostent: multiply defined
/lib/libc.a(gethostent.o): endhostent: multiply defined
/lib/libc.a(gethostent.o): gethostbyname: multiply defined
/lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
during the link stage.
BIND 8.X
BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
DNS failures when trying to find the hostname associated with an IP
address (gethostbyaddr()). This can cause problems as
$&{client_name} based lookups in class R ($=R) and the access
database won't succeed.
This will be fixed in BIND 8.2.1. For earlier versions, this can
be fixed by making "dns" the last name service queried for host
resolution in /etc/irs.conf:
hosts local continue
hosts dns
strtoul
Some compilers (notably gcc) claim to be ANSI C but do not
include the ANSI-required routine "strtoul". If your compiler
has this problem, you will get an error in srvrsmtp.c on the
code:
# ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
e->e_msgsize = strtoul(vp, (char **) NULL, 10);
# else
e->e_msgsize = strtol(vp, (char **) NULL, 10);
# endif
You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
Listproc 6.0c
Date: 23 Sep 1995 23:56:07 GMT
Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk>
From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint]
Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
breaks, because it, by default, sends a blank "HELO" rather than
a "HELO hostname" when using the 'system' or 'telnet' mail method.
The fix is to include -DZMAILER in the compilation, which will
cause it to use "HELO hostname" (which Z-mail apparently requires
as well. :)
-OpenSSL
- OpenSSL versions prior to 0.9.6 use a macro named Free which
- conflicts with existing macro names on some platforms, such as
- AIX.
- Do not use 0.9.3, but OpenSSL 0.9.5a or later if compatible with
- 0.9.5a.
-
PH
PH support is provided by Mark Roth <roth@uiuc.edu>. The map is
described at http://www-dev.cites.uiuc.edu/sendmail/ .
NOTE: The "spacedname" pseudo-field which was used by earlier
versions of the PH map code is no longer supported! See the URL
listed above for more information.
Please contact Mark Roth for support and questions regarding the
map.
TCP Wrappers
If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
also need to install libwrap.a and modify your site.config.m4 file
or the generated Makefile to include -lwrap in the LIBS line
(make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
libwrap.a can be found).
TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
If you have alternate MX sites for your site, be sure that all of
your MX sites reject the same set of hosts. If not, a bad guy whom
you reject will connect to your site, fail, and move on to the next
MX site, which will accept the mail for you and forward it on to you.
Regular Expressions (MAP_REGEX)
If sendmail linking fails with:
undefined reference to 'regcomp'
or sendmail gives an error about a regular expression with:
pattern-compile-error: : Operation not applicable
Your libc does not include a running version of POSIX-regex. Use
librx or regex.o from the GNU Free Software Foundation,
ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
You can also use the regex-lib by Henry Spencer,
ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
Make sure, your compiler reads regex.h from the distribution,
not from /usr/include, otherwise sendmail will dump a core.
Fedora Core 5, 64 bit version
If the ld stage fails with undefined functions like
__res_querydomain, __dn_expand
then add these lines to devtools/Site/site.config.m4
APPENDDEF(`confLIBDIRS', `-L/usr/lib64')
APPENDDEF(`confINCDIRS', `-I/usr/include/bind9')
and rebuild (sh ./Build -c).
Problem noted by Daniel Krones, solution suggested by
Anthony Howe.
+--------------+
| MANUAL PAGES |
+--------------+
The manual pages have been written against the -man macros, and
should format correctly with any reasonable *roff.
+-----------------+
| DEBUGGING HOOKS |
+-----------------+
As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
some debugging output (logged at LOG_DEBUG severity). The
information dumped is:
* The value of the $j macro.
* A warning if $j is not in the set $=w.
* A list of the open file descriptors.
* The contents of the connection cache.
* If ruleset 89 is defined, it is evaluated and the results printed.
This allows you to get information regarding the runtime state of the
daemon on the fly. This should not be done too frequently, since
the process of rewriting may lose memory which will not be recovered.
Also, ruleset 89 may call non-reentrant routines, so there is a small
non-zero probability that this will cause other problems. It is
really only for debugging serious problems.
A typical formulation of ruleset 89 would be:
R$* $@ $>0 some test address
+-----------------------------+
| DESCRIPTION OF SOURCE FILES |
+-----------------------------+
The following list describes the files in this directory:
Build Shell script for building sendmail.
Makefile A convenience for calling ./Build.
Makefile.m4 A template for constructing a makefile based on the
information in the devtools directory.
README This file.
TRACEFLAGS My own personal list of the trace flags -- not guaranteed
to be particularly up to date.
alias.c Does name aliasing in all forms.
aliases.5 Man page describing the format of the aliases file.
arpadate.c A subroutine which creates ARPANET standard dates.
bf.c Routines to implement memory-buffered file system using
hooks provided by libsm now (formerly Torek stdio library).
bf.h Buffered file I/O function declarations and
data structure and function declarations for bf.c.
collect.c The routine that actually reads the mail into a temp
file. It also does a certain amount of parsing of
the header, etc.
conf.c The configuration file. This contains information
that is presumed to be quite static and non-
controversial, or code compiled in for efficiency
reasons. Most of the configuration is in sendmail.cf.
conf.h Configuration that must be known everywhere.
control.c Routines to implement control socket.
convtime.c A routine to sanely process times.
daemon.c Routines to implement daemon mode.
deliver.c Routines to deliver mail.
domain.c Routines that interface with DNS (the Domain Name
System).
envelope.c Routines to manipulate the envelope structure.
err.c Routines to print error messages.
headers.c Routines to process message headers.
helpfile An example helpfile for the SMTP HELP command and -bt mode.
macro.c The macro expander. This is used internally to
insert information from the configuration file.
mailq.1 Man page for the mailq command.
main.c The main routine to sendmail. This file also
contains some miscellaneous routines.
makesendmail A convenience for calling ./Build.
map.c Support for database maps.
mci.c Routines that handle mail connection information caching.
milter.c MTA portions of the mail filter API.
mime.c MIME conversion routines.
newaliases.1 Man page for the newaliases command.
parseaddr.c The routines which do address parsing.
queue.c Routines to implement message queueing.
readcf.c The routine that reads the configuration file and
translates it to internal form.
recipient.c Routines that manipulate the recipient list.
sasl.c Routines to interact with Cyrys-SASL.
savemail.c Routines which save the letter on processing errors.
sendmail.8 Man page for the sendmail command.
sendmail.h Main header file for sendmail.
sfsasl.c I/O interface between SASL/TLS and the MTA.
sfsasl.h Header file for sfsasl.c.
shmticklib.c Routines for shared memory counters.
sm_resolve.c Routines for DNS lookups (for DNS map type).
sm_resolve.h Header file for sm_resolve.c.
srvrsmtp.c Routines to implement server SMTP.
stab.c Routines to manage the symbol table.
stats.c Routines to collect and post the statistics.
statusd_shm.h Data structure and function declarations for shmticklib.c.
sysexits.c List of error messages associated with error codes
in sysexits.h.
sysexits.h List of error codes for systems that lack their own.
timers.c Routines to provide microtimers.
timers.h Data structure and function declarations for timers.h.
tls.c Routines for TLS.
trace.c The trace package. These routines allow setting and
testing of trace flags with a high granularity.
udb.c The user database interface module.
usersmtp.c Routines to implement user SMTP.
util.c Some general purpose routines used by sendmail.
version.c The version number and information about this
version of sendmail.
(Version $Revision: 8.393 $, last update $Date: 2013-11-22 20:51:54 $ )
diff --git a/src/TRACEFLAGS b/src/TRACEFLAGS
index 06efaa91c75f..df5df6bded58 100644
--- a/src/TRACEFLAGS
+++ b/src/TRACEFLAGS
@@ -1,110 +1,115 @@
# $Id: TRACEFLAGS,v 8.53 2013-11-27 01:27:03 gshapiro Exp $
0, 4 main.c main canonical name, UUCP node name, a.k.a.s
0, 15 main.c main print configuration
0, 44 util.c printav print address of each string
0, 101 main.c main print version and exit
1 main.c main print from person
2 main.c finis
3 conf.c getla, shouldqueue
4 conf.c enoughspace
5 clock.c setevent, clrevent, tick
6 savemail.c savemail, returntosender
7 queue.c queuename
8 domain.c getmxrr, getcanonname
9 daemon.c getauthinfo IDENT protocol
9 daemon.c maphostname
10 deliver.c deliver
11 deliver.c openmailer, mailfile
12 parseaddr.c remotename
13 deliver.c sendall, sendenvelope
14 headers.c commaize
15 daemon.c getrequests
16 daemon.c makeconnection
17 deliver.c hostsignature
17 domain.c mxrand
18 usersmtp.c reply, smtpmessage, smtpinit, smtpmailfrom, smtpdata
19 srvrsmtp.c smtp
20 parseaddr.c parseaddr
21 parseaddr.c rewrite
22 parseaddr.c prescan
23 main.c testmodeline
24 parseaddr.c buildaddr, allocaddr
25 recipient.c sendtolist
26 recipient.c recipient
27 alias.c alias
27 alias.c readaliases
27 alias.c forward
27 recipient.c include
28 udb.c udbexpand, udbsender
29 parseaddr.c maplocaluser
29 recipient.c recipient (local users), finduser
30 collect.c collect
30 collect.c eatfrom
31 headers.c chompheader
32 headers.c eatheader
33 headers.c crackaddr
34 headers.c putheader
35 macro.c expand, define
36 stab.c stab
37 readcf.c (many)
38 map.c initmaps, setupmaps (bogus map)
39 map.c map_rewrite
40 queue.c queueup, orderq, dowork
41 queue.c orderq
42 mci.c mci_get
43 mime.c mime8to7
44 recipient.c writable
44 safefile.c safefile, safedirpath, filechanged
45 envelope.c setsender
46 envelope.c openxscript
47 main.c drop_privileges
48 parseaddr.c rscheck
48 conf.c validate_connection
49 conf.c checkcompat
50 envelope.c dropenvelope
51 queue.c unlockqueue
52 main.c disconnect
53 util.c xfclose
54 err.c putoutmsg
55 conf.c lockfile
56 mci.c persistent host status
57 util.c snprintf
58 bf.c bf* routines
59 parseaddr.c cataddr
60 map.c
61 conf.c sm_gethostbyname
62 multiple file descriptor checking
63 queue.c runqueue process watching
64 multiple Milter
65 main.c permission checks
-#if _FFR_ADAPTIVE_EOL
-66 srvrsmtp.c conformance checks
-#endif /* _FFR_ADAPTIVE_EOL */
+#if DANE
+67 domain.c TLSA RR lookups
+#endif
#if _FFR_QUEUE_SCHED_DBG
69 queue.c scheduling
-#endif /* _FFR_QUEUE_SCHED_DBG */
+#endif
70 queue.c quarantining
71,>99 milter.c quarantine on errors
73 queue.c shared memory updates
74,>99 map.c LDAP map defer
#if _FFR_XCNCT
75 debug FFR_XC*
-#endif /* _FFR_XCNCT */
+#endif
+#if _FFR_TESTS
+76,>99 queue.c run_work_group: sleep
+77,>99 daemon.c change delivery host/port
+#endif
80 content length
81 sun remote mode
83 collect.c timeout
84 deliver.c timeout
85 map.c dprintf map
#if _FFR_PROXY
87 srvrsmtp.c proxy mode
#endif
89 conf.c >=8 use sm_dprintf() instead of syslog()
91 mci.c syslogging of MCI cache information
+92 EF_LOGSENDER
93,>99 * Prevent daemon connection fork for profiling/debugging
94,>99 srvrsmtp.c cause commands to fail (for protocol testing)
95 srvrsmtp.c AUTH
95 usersmtp.c AUTH
96 tls.c DHparam info, Activate SSL_CTX_set_info_callback()
97 srvrsmtp.c Trace automode settings for I/O
98 * timers
99 main.c avoid backgrounding (no printed output)
diff --git a/src/alias.c b/src/alias.c
index c31d8d09317e..70d8452eb08c 100644
--- a/src/alias.c
+++ b/src/alias.c
@@ -1,1015 +1,1001 @@
/*
* Copyright (c) 1998-2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: alias.c,v 8.221 2013-11-22 20:51:54 ca Exp $")
#define SEPARATOR ':'
# define ALIAS_SPEC_SEPARATORS " ,/:"
static MAP *AliasFileMap = NULL; /* the actual aliases.files map */
static int NAliasFileMaps; /* the number of entries in AliasFileMap */
static char *aliaslookup __P((char *, int *, char *));
/*
** ALIAS -- Compute aliases.
**
** Scans the alias file for an alias for the given address.
** If found, it arranges to deliver to the alias list instead.
** Uses libdbm database if -DDBM.
**
** Parameters:
** a -- address to alias.
** sendq -- a pointer to the head of the send queue
** to put the aliases in.
** aliaslevel -- the current alias nesting depth.
** e -- the current envelope.
**
** Returns:
** none
**
** Side Effects:
** Aliases found are expanded.
**
** Deficiencies:
** It should complain about names that are aliased to
** nothing.
*/
void
alias(a, sendq, aliaslevel, e)
register ADDRESS *a;
ADDRESS **sendq;
int aliaslevel;
register ENVELOPE *e;
{
register char *p;
char *owner;
auto int status = EX_OK;
char obuf[MAXNAME + 7];
if (tTd(27, 1))
sm_dprintf("alias(%s)\n", a->q_user);
/* don't realias already aliased names */
if (!QS_IS_OK(a->q_state))
return;
if (NoAlias)
return;
e->e_to = a->q_paddr;
/*
** Look up this name.
**
** If the map was unavailable, we will queue this message
** until the map becomes available; otherwise, we could
** bounce messages inappropriately.
*/
#if _FFR_REDIRECTEMPTY
/*
** envelope <> can't be sent to mailing lists, only owner-
** send spam of this type to owner- of the list
** ---- to stop spam from going to mailing lists!
*/
if (e->e_sender != NULL && *e->e_sender == '\0')
{
/* Look for owner of alias */
(void) sm_strlcpyn(obuf, sizeof(obuf), 2, "owner-", a->q_user);
if (aliaslookup(obuf, &status, a->q_host) != NULL)
{
if (LogLevel > 8)
sm_syslog(LOG_WARNING, e->e_id,
"possible spam from <> to list: %s, redirected to %s\n",
a->q_user, obuf);
a->q_user = sm_rpool_strdup_x(e->e_rpool, obuf);
}
}
#endif /* _FFR_REDIRECTEMPTY */
p = aliaslookup(a->q_user, &status, a->q_host);
if (status == EX_TEMPFAIL || status == EX_UNAVAILABLE)
{
a->q_state = QS_QUEUEUP;
if (e->e_message == NULL)
e->e_message = sm_rpool_strdup_x(e->e_rpool,
"alias database unavailable");
/* XXX msg only per recipient? */
if (a->q_message == NULL)
a->q_message = "alias database unavailable";
return;
}
if (p == NULL)
return;
/*
** Match on Alias.
** Deliver to the target list.
*/
if (tTd(27, 1))
sm_dprintf("%s (%s, %s) aliased to %s\n",
a->q_paddr, a->q_host, a->q_user, p);
if (bitset(EF_VRFYONLY, e->e_flags))
{
a->q_state = QS_VERIFIED;
return;
}
message("aliased to %s", shortenstring(p, MAXSHORTSTR));
if (LogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"alias %.100s => %s",
a->q_paddr, shortenstring(p, MAXSHORTSTR));
a->q_flags &= ~QSELFREF;
if (tTd(27, 5))
{
sm_dprintf("alias: QS_EXPANDED ");
printaddr(sm_debug_file(), a, false);
}
a->q_state = QS_EXPANDED;
/*
** Always deliver aliased items as the default user.
** Setting q_gid to 0 forces deliver() to use DefUser
** instead of the alias name for the call to initgroups().
*/
a->q_uid = DefUid;
a->q_gid = 0;
a->q_fullname = NULL;
a->q_flags |= QGOODUID|QALIAS;
(void) sendtolist(p, a, sendq, aliaslevel + 1, e);
if (bitset(QSELFREF, a->q_flags) && QS_IS_EXPANDED(a->q_state))
a->q_state = QS_OK;
/*
** Look for owner of alias
*/
if (strncmp(a->q_user, "owner-", 6) == 0 ||
strlen(a->q_user) > sizeof(obuf) - 7)
(void) sm_strlcpy(obuf, "owner-owner", sizeof(obuf));
else
(void) sm_strlcpyn(obuf, sizeof(obuf), 2, "owner-", a->q_user);
owner = aliaslookup(obuf, &status, a->q_host);
if (owner == NULL)
return;
/* reflect owner into envelope sender */
if (strpbrk(owner, ",:/|\"") != NULL)
owner = obuf;
a->q_owner = sm_rpool_strdup_x(e->e_rpool, owner);
/* announce delivery to this alias; NORECEIPT bit set later */
if (e->e_xfp != NULL)
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"Message delivered to mailing list %s\n",
a->q_paddr);
e->e_flags |= EF_SENDRECEIPT;
a->q_flags |= QDELIVERED|QEXPANDED;
}
/*
** ALIASLOOKUP -- look up a name in the alias file.
**
** Parameters:
** name -- the name to look up.
** pstat -- a pointer to a place to put the status.
** av -- argument for %1 expansion.
**
** Returns:
** the value of name.
** NULL if unknown.
**
** Side Effects:
** none.
**
** Warnings:
** The return value will be trashed across calls.
*/
static char *
aliaslookup(name, pstat, av)
char *name;
int *pstat;
char *av;
{
static MAP *map = NULL;
#if _FFR_ALIAS_DETAIL
int i;
char *argv[4];
-#endif /* _FFR_ALIAS_DETAIL */
+#endif
if (map == NULL)
{
STAB *s = stab("aliases", ST_MAP, ST_FIND);
if (s == NULL)
return NULL;
map = &s->s_map;
}
DYNOPENMAP(map);
/* special case POstMastER -- always use lower case */
if (sm_strcasecmp(name, "postmaster") == 0)
name = "postmaster";
#if _FFR_ALIAS_DETAIL
i = 0;
argv[i++] = name;
argv[i++] = av;
/* XXX '+' is hardwired here as delimiter! */
if (av != NULL && *av == '+')
argv[i++] = av + 1;
argv[i++] = NULL;
return (*map->map_class->map_lookup)(map, name, argv, pstat);
#else /* _FFR_ALIAS_DETAIL */
return (*map->map_class->map_lookup)(map, name, NULL, pstat);
#endif /* _FFR_ALIAS_DETAIL */
}
/*
** SETALIAS -- set up an alias map
**
** Called when reading configuration file.
**
** Parameters:
** spec -- the alias specification
**
** Returns:
** none.
*/
void
setalias(spec)
char *spec;
{
register char *p;
register MAP *map;
char *class;
STAB *s;
if (tTd(27, 8))
sm_dprintf("setalias(%s)\n", spec);
for (p = spec; p != NULL; )
{
char buf[50];
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p == '\0')
break;
spec = p;
if (NAliasFileMaps >= MAXMAPSTACK)
{
syserr("Too many alias databases defined, %d max",
MAXMAPSTACK);
return;
}
if (AliasFileMap == NULL)
{
(void) sm_strlcpy(buf, "aliases.files sequence",
sizeof(buf));
AliasFileMap = makemapentry(buf);
if (AliasFileMap == NULL)
{
syserr("setalias: cannot create aliases.files map");
return;
}
}
(void) sm_snprintf(buf, sizeof(buf), "Alias%d", NAliasFileMaps);
s = stab(buf, ST_MAP, ST_ENTER);
map = &s->s_map;
memset(map, '\0', sizeof(*map));
map->map_mname = s->s_name;
p = strpbrk(p, ALIAS_SPEC_SEPARATORS);
if (p != NULL && *p == SEPARATOR)
{
/* map name */
*p++ = '\0';
class = spec;
spec = p;
}
else
{
class = "implicit";
map->map_mflags = MF_INCLNULL;
}
/* find end of spec */
if (p != NULL)
{
bool quoted = false;
for (; *p != '\0'; p++)
{
/*
** Don't break into a quoted string.
** Needed for ldap maps which use
** commas in their specifications.
*/
if (*p == '"')
quoted = !quoted;
else if (*p == ',' && !quoted)
break;
}
/* No more alias specifications follow */
if (*p == '\0')
p = NULL;
}
if (p != NULL)
*p++ = '\0';
if (tTd(27, 20))
sm_dprintf(" map %s:%s %s\n", class, s->s_name, spec);
/* look up class */
s = stab(class, ST_MAPCLASS, ST_FIND);
if (s == NULL)
{
syserr("setalias: unknown alias class %s", class);
}
else if (!bitset(MCF_ALIASOK, s->s_mapclass.map_cflags))
{
syserr("setalias: map class %s can't handle aliases",
class);
}
else
{
map->map_class = &s->s_mapclass;
map->map_mflags |= MF_ALIAS;
if (map->map_class->map_parse(map, spec))
{
map->map_mflags |= MF_VALID;
AliasFileMap->map_stack[NAliasFileMaps++] = map;
}
}
}
}
/*
** ALIASWAIT -- wait for distinguished @:@ token to appear.
**
** This can decide to reopen or rebuild the alias file
**
** Parameters:
** map -- a pointer to the map descriptor for this alias file.
** ext -- the filename extension (e.g., ".db") for the
** database file.
** isopen -- if set, the database is already open, and we
** should check for validity; otherwise, we are
** just checking to see if it should be created.
**
** Returns:
** true -- if the database is open when we return.
** false -- if the database is closed when we return.
*/
bool
aliaswait(map, ext, isopen)
MAP *map;
char *ext;
bool isopen;
{
bool attimeout = false;
time_t mtime;
struct stat stb;
char buf[MAXPATHLEN];
if (tTd(27, 3))
sm_dprintf("aliaswait(%s:%s)\n",
map->map_class->map_cname, map->map_file);
if (bitset(MF_ALIASWAIT, map->map_mflags))
return isopen;
map->map_mflags |= MF_ALIASWAIT;
if (SafeAlias > 0)
{
auto int st;
unsigned int sleeptime = 2;
unsigned int loopcount = 0; /* only used for debugging */
time_t toolong = curtime() + SafeAlias;
while (isopen &&
map->map_class->map_lookup(map, "@", NULL, &st) == NULL)
{
if (curtime() > toolong)
{
/* we timed out */
attimeout = true;
break;
}
/*
** Close and re-open the alias database in case
** the one is mv'ed instead of cp'ed in.
*/
if (tTd(27, 2))
{
loopcount++;
sm_dprintf("aliaswait: sleeping for %u seconds (loopcount = %u)\n",
sleeptime, loopcount);
}
map->map_mflags |= MF_CLOSING;
map->map_class->map_close(map);
map->map_mflags &= ~(MF_OPEN|MF_WRITABLE|MF_CLOSING);
(void) sleep(sleeptime);
sleeptime *= 2;
if (sleeptime > 60)
sleeptime = 60;
isopen = map->map_class->map_open(map, O_RDONLY);
}
}
/* see if we need to go into auto-rebuild mode */
if (!bitset(MCF_REBUILDABLE, map->map_class->map_cflags))
{
if (tTd(27, 3))
sm_dprintf("aliaswait: not rebuildable\n");
map->map_mflags &= ~MF_ALIASWAIT;
return isopen;
}
if (stat(map->map_file, &stb) < 0)
{
if (tTd(27, 3))
sm_dprintf("aliaswait: no source file\n");
map->map_mflags &= ~MF_ALIASWAIT;
return isopen;
}
mtime = stb.st_mtime;
if (sm_strlcpyn(buf, sizeof(buf), 2,
map->map_file, ext == NULL ? "" : ext) >= sizeof(buf))
{
if (LogLevel > 3)
sm_syslog(LOG_INFO, NOQID,
"alias database %s%s name too long",
map->map_file, ext == NULL ? "" : ext);
message("alias database %s%s name too long",
map->map_file, ext == NULL ? "" : ext);
}
if (stat(buf, &stb) < 0 || stb.st_mtime < mtime || attimeout)
{
if (LogLevel > 3)
sm_syslog(LOG_INFO, NOQID,
"alias database %s out of date", buf);
message("Warning: alias database %s out of date", buf);
}
map->map_mflags &= ~MF_ALIASWAIT;
return isopen;
}
/*
** REBUILDALIASES -- rebuild the alias database.
**
** Parameters:
** map -- the database to rebuild.
** automatic -- set if this was automatically generated.
**
** Returns:
** true if successful; false otherwise.
**
** Side Effects:
** Reads the text version of the database, builds the
** DBM or DB version.
*/
bool
rebuildaliases(map, automatic)
register MAP *map;
bool automatic;
{
SM_FILE_T *af;
bool nolock = false;
bool success = false;
long sff = SFF_OPENASROOT|SFF_REGONLY|SFF_NOLOCK;
sigfunc_t oldsigint, oldsigquit;
#ifdef SIGTSTP
sigfunc_t oldsigtstp;
-#endif /* SIGTSTP */
+#endif
if (!bitset(MCF_REBUILDABLE, map->map_class->map_cflags))
return false;
if (!bitnset(DBS_LINKEDALIASFILEINWRITABLEDIR, DontBlameSendmail))
sff |= SFF_NOWLINK;
if (!bitnset(DBS_GROUPWRITABLEALIASFILE, DontBlameSendmail))
sff |= SFF_NOGWFILES;
if (!bitnset(DBS_WORLDWRITABLEALIASFILE, DontBlameSendmail))
sff |= SFF_NOWWFILES;
/* try to lock the source file */
if ((af = safefopen(map->map_file, O_RDWR, 0, sff)) == NULL)
{
struct stat stb;
if ((errno != EACCES && errno != EROFS) || automatic ||
(af = safefopen(map->map_file, O_RDONLY, 0, sff)) == NULL)
{
int saveerr = errno;
if (tTd(27, 1))
sm_dprintf("Can't open %s: %s\n",
map->map_file, sm_errstring(saveerr));
if (!automatic && !bitset(MF_OPTIONAL, map->map_mflags))
message("newaliases: cannot open %s: %s",
map->map_file, sm_errstring(saveerr));
errno = 0;
return false;
}
nolock = true;
if (tTd(27, 1) ||
fstat(sm_io_getinfo(af, SM_IO_WHAT_FD, NULL), &stb) < 0 ||
bitset(S_IWUSR|S_IWGRP|S_IWOTH, stb.st_mode))
message("warning: cannot lock %s: %s",
map->map_file, sm_errstring(errno));
}
/* see if someone else is rebuilding the alias file */
if (!nolock &&
!lockfile(sm_io_getinfo(af, SM_IO_WHAT_FD, NULL), map->map_file,
NULL, LOCK_EX|LOCK_NB))
{
/* yes, they are -- wait until done */
message("Alias file %s is locked (maybe being rebuilt)",
map->map_file);
if (OpMode != MD_INITALIAS)
{
/* wait for other rebuild to complete */
(void) lockfile(sm_io_getinfo(af, SM_IO_WHAT_FD, NULL),
map->map_file, NULL, LOCK_EX);
}
(void) sm_io_close(af, SM_TIME_DEFAULT);
errno = 0;
return false;
}
oldsigint = sm_signal(SIGINT, SIG_IGN);
oldsigquit = sm_signal(SIGQUIT, SIG_IGN);
#ifdef SIGTSTP
oldsigtstp = sm_signal(SIGTSTP, SIG_IGN);
-#endif /* SIGTSTP */
+#endif
if (map->map_class->map_open(map, O_RDWR))
{
if (LogLevel > 7)
{
sm_syslog(LOG_NOTICE, NOQID,
"alias database %s %srebuilt by %s",
map->map_file, automatic ? "auto" : "",
username());
}
map->map_mflags |= MF_OPEN|MF_WRITABLE;
map->map_pid = CurrentPid;
readaliases(map, af, !automatic, true);
success = true;
}
else
{
if (tTd(27, 1))
sm_dprintf("Can't create database for %s: %s\n",
map->map_file, sm_errstring(errno));
if (!automatic)
syserr("Cannot create database for alias file %s",
map->map_file);
}
/* close the file, thus releasing locks */
(void) sm_io_close(af, SM_TIME_DEFAULT);
/* add distinguished entries and close the database */
if (bitset(MF_OPEN, map->map_mflags))
{
map->map_mflags |= MF_CLOSING;
map->map_class->map_close(map);
map->map_mflags &= ~(MF_OPEN|MF_WRITABLE|MF_CLOSING);
}
/* restore the old signals */
(void) sm_signal(SIGINT, oldsigint);
(void) sm_signal(SIGQUIT, oldsigquit);
#ifdef SIGTSTP
(void) sm_signal(SIGTSTP, oldsigtstp);
-#endif /* SIGTSTP */
+#endif
return success;
}
/*
** READALIASES -- read and process the alias file.
**
** This routine implements the part of initaliases that occurs
** when we are not going to use the DBM stuff.
**
** Parameters:
** map -- the alias database descriptor.
** af -- file to read the aliases from.
** announcestats -- announce statistics regarding number of
** aliases, longest alias, etc.
** logstats -- lot the same info.
**
** Returns:
** none.
**
** Side Effects:
** Reads aliasfile into the symbol table.
** Optionally, builds the .dir & .pag files.
*/
void
readaliases(map, af, announcestats, logstats)
register MAP *map;
SM_FILE_T *af;
bool announcestats;
bool logstats;
{
register char *p;
char *rhs;
bool skipping;
long naliases, bytes, longest;
ADDRESS al, bl;
char line[BUFSIZ];
/*
** Read and interpret lines
*/
FileName = map->map_file;
LineNumber = 0;
naliases = bytes = longest = 0;
skipping = false;
while (sm_io_fgets(af, SM_TIME_DEFAULT, line, sizeof(line)) >= 0)
{
int lhssize, rhssize;
int c;
LineNumber++;
p = strchr(line, '\n');
/* XXX what if line="a\\" ? */
while (p != NULL && p > line && p[-1] == '\\')
{
p--;
if (sm_io_fgets(af, SM_TIME_DEFAULT, p,
SPACELEFT(line, p)) < 0)
break;
LineNumber++;
p = strchr(p, '\n');
}
if (p != NULL)
*p = '\0';
else if (!sm_io_eof(af))
{
errno = 0;
syserr("554 5.3.0 alias line too long");
/* flush to end of line */
while ((c = sm_io_getc(af, SM_TIME_DEFAULT)) !=
SM_IO_EOF && c != '\n')
continue;
/* skip any continuation lines */
skipping = true;
continue;
}
switch (line[0])
{
case '#':
case '\0':
skipping = false;
continue;
case ' ':
case '\t':
if (!skipping)
syserr("554 5.3.5 Non-continuation line starts with space");
skipping = true;
continue;
}
skipping = false;
/*
** Process the LHS
** Find the colon separator, and parse the address.
** It should resolve to a local name -- this will
** be checked later (we want to optionally do
** parsing of the RHS first to maximize error
** detection).
*/
for (p = line; *p != '\0' && *p != ':' && *p != '\n'; p++)
continue;
if (*p++ != ':')
{
syserr("554 5.3.5 missing colon");
continue;
}
if (parseaddr(line, &al, RF_COPYALL, ':', NULL, CurEnv, true)
== NULL)
{
syserr("554 5.3.5 %.40s... illegal alias name", line);
continue;
}
/*
** Process the RHS.
** 'al' is the internal form of the LHS address.
** 'p' points to the text of the RHS.
*/
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
rhs = p;
for (;;)
{
register char *nlp;
nlp = &p[strlen(p)];
if (nlp > p && nlp[-1] == '\n')
*--nlp = '\0';
if (CheckAliases)
{
/* do parsing & compression of addresses */
while (*p != '\0')
{
auto char *delimptr;
- while ((isascii(*p) && isspace(*p)) ||
- *p == ',')
+ while ((SM_ISSPACE(*p)) || *p == ',')
p++;
if (*p == '\0')
break;
if (parseaddr(p, &bl, RF_COPYNONE, ',',
&delimptr, CurEnv, true)
== NULL)
usrerr("553 5.3.5 %s... bad address", p);
p = delimptr;
}
}
else
{
p = nlp;
}
/* see if there should be a continuation line */
c = sm_io_getc(af, SM_TIME_DEFAULT);
if (!sm_io_eof(af))
(void) sm_io_ungetc(af, SM_TIME_DEFAULT, c);
if (c != ' ' && c != '\t')
break;
/* read continuation line */
if (sm_io_fgets(af, SM_TIME_DEFAULT, p,
sizeof(line) - (p-line)) < 0)
break;
LineNumber++;
/* check for line overflow */
if (strchr(p, '\n') == NULL && !sm_io_eof(af))
{
usrerr("554 5.3.5 alias too long");
while ((c = sm_io_getc(af, SM_TIME_DEFAULT))
!= SM_IO_EOF && c != '\n')
continue;
skipping = true;
break;
}
}
if (skipping)
continue;
if (!bitnset(M_ALIASABLE, al.q_mailer->m_flags))
{
syserr("554 5.3.5 %s... cannot alias non-local names",
al.q_paddr);
continue;
}
/*
** Insert alias into symbol table or database file.
**
** Special case pOStmaStER -- always make it lower case.
*/
if (sm_strcasecmp(al.q_user, "postmaster") == 0)
makelower(al.q_user);
lhssize = strlen(al.q_user);
rhssize = strlen(rhs);
if (rhssize > 0)
{
/* is RHS empty (just spaces)? */
p = rhs;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
}
if (rhssize == 0 || *p == '\0')
{
syserr("554 5.3.5 %.40s... missing value for alias",
line);
}
else
{
map->map_class->map_store(map, al.q_user, rhs);
/* statistics */
naliases++;
bytes += lhssize + rhssize;
if (rhssize > longest)
longest = rhssize;
}
-
-#if 0
- /*
- ** address strings are now stored in the envelope rpool,
- ** and therefore cannot be freed.
- */
- if (al.q_paddr != NULL)
- sm_free(al.q_paddr); /* disabled */
- if (al.q_host != NULL)
- sm_free(al.q_host); /* disabled */
- if (al.q_user != NULL)
- sm_free(al.q_user); /* disabled */
-#endif /* 0 */
}
CurEnv->e_to = NULL;
FileName = NULL;
if (Verbose || announcestats)
message("%s: %ld aliases, longest %ld bytes, %ld bytes total",
map->map_file, naliases, longest, bytes);
if (LogLevel > 7 && logstats)
sm_syslog(LOG_INFO, NOQID,
"%s: %ld aliases, longest %ld bytes, %ld bytes total",
map->map_file, naliases, longest, bytes);
}
/*
** FORWARD -- Try to forward mail
**
** This is similar but not identical to aliasing.
**
** Parameters:
** user -- the name of the user who's mail we would like
** to forward to. It must have been verified --
** i.e., the q_home field must have been filled
** in.
** sendq -- a pointer to the head of the send queue to
** put this user's aliases in.
** aliaslevel -- the current alias nesting depth.
** e -- the current envelope.
**
** Returns:
** none.
**
** Side Effects:
** New names are added to send queues.
*/
void
forward(user, sendq, aliaslevel, e)
ADDRESS *user;
ADDRESS **sendq;
int aliaslevel;
register ENVELOPE *e;
{
char *pp;
char *ep;
bool got_transient;
if (tTd(27, 1))
sm_dprintf("forward(%s)\n", user->q_paddr);
if (!bitnset(M_HASPWENT, user->q_mailer->m_flags) ||
!QS_IS_OK(user->q_state))
return;
if (ForwardPath != NULL && *ForwardPath == '\0')
return;
if (user->q_home == NULL)
{
syserr("554 5.3.0 forward: no home");
user->q_home = "/no/such/directory";
}
/* good address -- look for .forward file in home */
macdefine(&e->e_macro, A_PERM, 'z', user->q_home);
macdefine(&e->e_macro, A_PERM, 'u', user->q_user);
macdefine(&e->e_macro, A_PERM, 'h', user->q_host);
if (ForwardPath == NULL)
ForwardPath = newstr("\201z/.forward");
got_transient = false;
for (pp = ForwardPath; pp != NULL; pp = ep)
{
int err;
char buf[MAXPATHLEN];
struct stat st;
ep = strchr(pp, SEPARATOR);
if (ep != NULL)
*ep = '\0';
expand(pp, buf, sizeof(buf), e);
if (ep != NULL)
*ep++ = SEPARATOR;
if (buf[0] == '\0')
continue;
if (tTd(27, 3))
sm_dprintf("forward: trying %s\n", buf);
err = include(buf, true, user, sendq, aliaslevel, e);
if (err == 0)
break;
else if (transienterror(err))
{
/* we may have to suspend this message */
got_transient = true;
if (tTd(27, 2))
sm_dprintf("forward: transient error on %s\n",
buf);
if (LogLevel > 2)
{
char *curhost = CurHostName;
CurHostName = NULL;
sm_syslog(LOG_ERR, e->e_id,
"forward %s: transient error: %s",
buf, sm_errstring(err));
CurHostName = curhost;
}
}
else
{
switch (err)
{
case ENOENT:
break;
case E_SM_WWDIR:
case E_SM_GWDIR:
/* check if it even exists */
if (stat(buf, &st) < 0 && errno == ENOENT)
{
if (bitnset(DBS_DONTWARNFORWARDFILEINUNSAFEDIRPATH,
DontBlameSendmail))
break;
}
/* FALLTHROUGH */
#if _FFR_FORWARD_SYSERR
case E_SM_NOSLINK:
case E_SM_NOHLINK:
case E_SM_REGONLY:
case E_SM_ISEXEC:
case E_SM_WWFILE:
case E_SM_GWFILE:
syserr("forward: %s: %s", buf, sm_errstring(err));
break;
#endif /* _FFR_FORWARD_SYSERR */
default:
if (LogLevel > (RunAsUid == 0 ? 2 : 10))
sm_syslog(LOG_WARNING, e->e_id,
"forward %s: %s", buf,
sm_errstring(err));
if (Verbose)
message("forward: %s: %s",
buf, sm_errstring(err));
break;
}
}
}
if (pp == NULL && got_transient)
{
/*
** There was no successful .forward open and at least one
** transient open. We have to defer this address for
** further delivery.
*/
message("transient .forward open error: message queued");
user->q_state = QS_QUEUEUP;
return;
}
}
diff --git a/src/aliases.0 b/src/aliases.0
index cfdbe17e860a..ba855d4807e9 100644
--- a/src/aliases.0
+++ b/src/aliases.0
@@ -1,89 +1,89 @@
ALIASES(5) ALIASES(5)
-NNAAMMEE
+NAME
aliases - aliases file for sendmail
-SSYYNNOOPPSSIISS
- aalliiaasseess
+SYNOPSIS
+ aliases
-DDEESSCCRRIIPPTTIIOONN
+DESCRIPTION
This file describes user ID aliases used by sendmail. The file resides
in /etc/mail and is formatted as a series of lines of the form
name: addr_1, addr_2, addr_3, . . .
- The _n_a_m_e is the name to alias, and the _a_d_d_r___n are the aliases for that
- name. _a_d_d_r___n can be another alias, a local username, a local filename,
+ The name is the name to alias, and the addr_n are the aliases for that
+ name. addr_n can be another alias, a local username, a local filename,
a command, an include file, or an external address.
- LLooccaall UUsseerrnnaammee
+ Local Username
username
The username must be available via getpwnam(3).
- LLooccaall FFiilleennaammee
+ Local Filename
/path/name
Messages are appended to the file specified by the full pathname
(starting with a slash (/))
- CCoommmmaanndd
+ Command
|command
A command starts with a pipe symbol (|), it receives messages
via standard input.
- IInncclluuddee FFiillee
+ Include File
:include: /path/name
- The aliases in pathname are added to the aliases for _n_a_m_e_.
+ The aliases in pathname are added to the aliases for name.
- EE--MMaaiill AAddddrreessss
+ E-Mail Address
user@domain
An e-mail address in RFC 822 format.
Lines beginning with white space are continuation lines. Another way
to continue lines is by placing a backslash directly before a newline.
Lines beginning with # are comments.
Aliasing occurs only on local names. Loops can not occur, since no
message will be sent to any person more than once.
- If an alias is found for _n_a_m_e, sendmail then checks for an alias for
- _o_w_n_e_r_-_n_a_m_e. If it is found and the result of the lookup expands to a
+ If an alias is found for name, sendmail then checks for an alias for
+ owner-name. If it is found and the result of the lookup expands to a
single address, the envelope sender address of the message is rewritten
to that address. If it is found and the result expands to more than
- one address, the envelope sender address is changed to _o_w_n_e_r_-_n_a_m_e.
+ one address, the envelope sender address is changed to owner-name.
After aliasing has been done, local and valid recipients who have a
``.forward'' file in their home directory have messages forwarded to
the list of users defined in that file.
This is only the raw data file; the actual aliasing information is
placed into a binary format in the file /etc/mail/aliases.db using the
program newaliases(1). A newaliases command should be executed each
time the aliases file is changed for the change to take effect.
-SSEEEE AALLSSOO
+SEE ALSO
newaliases(1), dbm(3), dbopen(3), db_open(3), sendmail(8)
- _S_E_N_D_M_A_I_L _I_n_s_t_a_l_l_a_t_i_o_n _a_n_d _O_p_e_r_a_t_i_o_n _G_u_i_d_e_.
+ SENDMAIL Installation and Operation Guide.
- _S_E_N_D_M_A_I_L _A_n _I_n_t_e_r_n_e_t_w_o_r_k _M_a_i_l _R_o_u_t_e_r_.
+ SENDMAIL An Internetwork Mail Router.
-BBUUGGSS
+BUGS
If you have compiled sendmail with DBM support instead of NEWDB, you
may have encountered problems in dbm(3) restricting a single alias to
about 1000 bytes of information. You can get longer aliases by
``chaining''; that is, make the last name in the alias be a dummy name
which is a continuation alias.
-HHIISSTTOORRYY
- The aalliiaasseess file format appeared in 4.0BSD.
+HISTORY
+ The aliases file format appeared in 4.0BSD.
$Date: 2013-11-22 20:51:55 $ ALIASES(5)
diff --git a/src/arpadate.c b/src/arpadate.c
index 57d5a06ff7db..0458363c6a4c 100644
--- a/src/arpadate.c
+++ b/src/arpadate.c
@@ -1,203 +1,203 @@
/*
* Copyright (c) 1998-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: arpadate.c,v 8.32 2013-11-22 20:51:55 ca Exp $")
/*
** ARPADATE -- Create date in ARPANET format
**
** Parameters:
** ud -- unix style date string. if NULL, one is created.
**
** Returns:
** pointer to an ARPANET date field
**
** Side Effects:
** none
**
** WARNING:
** date is stored in a local buffer -- subsequent
** calls will overwrite.
**
** Bugs:
** Timezone is computed from local time, rather than
** from wherever (and whenever) the message was sent.
** To do better is very hard.
**
** Some sites are now inserting the timezone into the
** local date. This routine should figure out what
** the format is and work appropriately.
*/
#ifndef TZNAME_MAX
# define TZNAME_MAX 50 /* max size of timezone */
-#endif /* ! TZNAME_MAX */
+#endif
/* values for TZ_TYPE */
#define TZ_NONE 0 /* no character timezone support */
#define TZ_TM_NAME 1 /* use tm->tm_name */
#define TZ_TM_ZONE 2 /* use tm->tm_zone */
#define TZ_TZNAME 3 /* use tzname[] */
#define TZ_TIMEZONE 4 /* use timezone() */
char *
arpadate(ud)
register char *ud;
{
register char *p;
register char *q;
register int off;
register int i;
register struct tm *lt;
time_t t;
struct tm gmt;
char *tz;
static char b[43 + TZNAME_MAX];
/*
** Get current time.
** This will be used if a null argument is passed and
** to resolve the timezone.
*/
/* SM_REQUIRE(ud == NULL || strlen(ud) >= 23); */
t = curtime();
if (ud == NULL)
ud = ctime(&t);
/*
** Crack the UNIX date line in a singularly unoriginal way.
*/
q = b;
p = &ud[0]; /* Mon */
*q++ = *p++;
*q++ = *p++;
*q++ = *p++;
*q++ = ',';
*q++ = ' ';
p = &ud[8]; /* 16 */
if (*p == ' ')
p++;
else
*q++ = *p++;
*q++ = *p++;
*q++ = ' ';
p = &ud[4]; /* Sep */
*q++ = *p++;
*q++ = *p++;
*q++ = *p++;
*q++ = ' ';
p = &ud[20]; /* 1979 */
*q++ = *p++;
*q++ = *p++;
*q++ = *p++;
*q++ = *p++;
*q++ = ' ';
p = &ud[11]; /* 01:03:52 */
for (i = 8; i > 0; i--)
*q++ = *p++;
/*
** should really get the timezone from the time in "ud" (which
** is only different if a non-null arg was passed which is different
** from the current time), but for all practical purposes, returning
** the current local zone will do (its all that is ever needed).
*/
gmt = *gmtime(&t);
lt = localtime(&t);
off = (lt->tm_hour - gmt.tm_hour) * 60 + lt->tm_min - gmt.tm_min;
/* assume that offset isn't more than a day ... */
if (lt->tm_year < gmt.tm_year)
off -= 24 * 60;
else if (lt->tm_year > gmt.tm_year)
off += 24 * 60;
else if (lt->tm_yday < gmt.tm_yday)
off -= 24 * 60;
else if (lt->tm_yday > gmt.tm_yday)
off += 24 * 60;
*q++ = ' ';
if (off == 0)
{
*q++ = 'G';
*q++ = 'M';
*q++ = 'T';
}
else
{
tz = NULL;
#if TZ_TYPE == TZ_TM_NAME
tz = lt->tm_name;
-#endif /* TZ_TYPE == TZ_TM_NAME */
+#endif
#if TZ_TYPE == TZ_TM_ZONE
tz = lt->tm_zone;
-#endif /* TZ_TYPE == TZ_TM_ZONE */
+#endif
#if TZ_TYPE == TZ_TZNAME
{
extern char *tzname[];
if (lt->tm_isdst > 0)
tz = tzname[1];
else if (lt->tm_isdst == 0)
tz = tzname[0];
else
tz = NULL;
}
#endif /* TZ_TYPE == TZ_TZNAME */
#if TZ_TYPE == TZ_TIMEZONE
{
extern char *timezone();
tz = timezone(off, lt->tm_isdst);
}
#endif /* TZ_TYPE == TZ_TIMEZONE */
if (off < 0)
{
off = -off;
*q++ = '-';
}
else
*q++ = '+';
if (off >= 24*60) /* should be impossible */
off = 23*60+59; /* if not, insert silly value */
*q++ = (off / 600) + '0';
*q++ = (off / 60) % 10 + '0';
off %= 60;
*q++ = (off / 10) + '0';
*q++ = (off % 10) + '0';
if (tz != NULL && *tz != '\0')
{
*q++ = ' ';
*q++ = '(';
while (*tz != '\0' && q < &b[sizeof(b) - 3])
*q++ = *tz++;
*q++ = ')';
}
}
*q = '\0';
return b;
}
diff --git a/src/bf.c b/src/bf.c
index 0f2c9c0195eb..6fb10c9252bd 100644
--- a/src/bf.c
+++ b/src/bf.c
@@ -1,865 +1,865 @@
/*
* Copyright (c) 1999-2002, 2004, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* Contributed by Exactis.com, Inc.
*
*/
/*
** This is in transition. Changed from the original bf_torek.c code
** to use sm_io function calls directly rather than through stdio
** translation layer. Will be made a built-in file type of libsm
** next (once safeopen() linkable from libsm).
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: bf.c,v 8.63 2013-11-22 20:51:55 ca Exp $")
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/uio.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "sendmail.h"
#include "bf.h"
#include <syslog.h>
/* bf io functions */
static ssize_t sm_bfread __P((SM_FILE_T *, char *, size_t));
static ssize_t sm_bfwrite __P((SM_FILE_T *, const char *, size_t));
static off_t sm_bfseek __P((SM_FILE_T *, off_t, int));
static int sm_bfclose __P((SM_FILE_T *));
static int sm_bfcommit __P((SM_FILE_T *));
static int sm_bftruncate __P((SM_FILE_T *));
static int sm_bfopen __P((SM_FILE_T *, const void *, int, const void *));
static int sm_bfsetinfo __P((SM_FILE_T *, int , void *));
static int sm_bfgetinfo __P((SM_FILE_T *, int , void *));
/*
** Data structure for storing information about each buffered file
** (Originally in sendmail/bf_torek.h for the curious.)
*/
struct bf
{
bool bf_committed; /* Has this buffered file been committed? */
bool bf_ondisk; /* On disk: committed or buffer overflow */
long bf_flags;
int bf_disk_fd; /* If on disk, associated file descriptor */
char *bf_buf; /* Memory buffer */
int bf_bufsize; /* Length of above buffer */
int bf_buffilled; /* Bytes of buffer actually filled */
char *bf_filename; /* Name of buffered file, if ever committed */
MODE_T bf_filemode; /* Mode of buffered file, if ever committed */
off_t bf_offset; /* Currect file offset */
int bf_size; /* Total current size of file */
};
#ifdef BF_STANDALONE
# define OPEN(fn, omode, cmode, sff) open(fn, omode, cmode)
-#else /* BF_STANDALONE */
+#else
# define OPEN(fn, omode, cmode, sff) safeopen(fn, omode, cmode, sff)
-#endif /* BF_STANDALONE */
+#endif
struct bf_info
{
char *bi_filename;
MODE_T bi_fmode;
size_t bi_bsize;
long bi_flags;
};
/*
** SM_BFOPEN -- the "base" open function called by sm_io_open() for the
** internal, file-type-specific info setup.
**
** Parameters:
** fp -- file pointer being filled-in for file being open'd
** info -- information about file being opened
** flags -- ignored
** rpool -- ignored (currently)
**
** Returns:
** Failure: -1 and sets errno
** Success: 0 (zero)
*/
static int
sm_bfopen(fp, info, flags, rpool)
SM_FILE_T *fp;
const void *info;
int flags;
const void *rpool;
{
char *filename;
MODE_T fmode;
size_t bsize;
long sflags;
struct bf *bfp;
int l;
struct stat st;
filename = ((struct bf_info *) info)->bi_filename;
fmode = ((struct bf_info *) info)->bi_fmode;
bsize = ((struct bf_info *) info)->bi_bsize;
sflags = ((struct bf_info *) info)->bi_flags;
/* Sanity checks */
if (*filename == '\0')
{
/* Empty filename string */
errno = ENOENT;
return -1;
}
if (stat(filename, &st) == 0)
{
/* File already exists on disk */
errno = EEXIST;
return -1;
}
/* Allocate memory */
bfp = (struct bf *) sm_malloc(sizeof(struct bf));
if (bfp == NULL)
{
errno = ENOMEM;
return -1;
}
/* Assign data buffer */
/* A zero bsize is valid, just don't allocate memory */
if (bsize > 0)
{
bfp->bf_buf = (char *) sm_malloc(bsize);
if (bfp->bf_buf == NULL)
{
bfp->bf_bufsize = 0;
sm_free(bfp);
errno = ENOMEM;
return -1;
}
}
else
bfp->bf_buf = NULL;
/* Nearly home free, just set all the parameters now */
bfp->bf_committed = false;
bfp->bf_ondisk = false;
bfp->bf_flags = sflags;
bfp->bf_bufsize = bsize;
bfp->bf_buffilled = 0;
l = strlen(filename) + 1;
bfp->bf_filename = (char *) sm_malloc(l);
if (bfp->bf_filename == NULL)
{
if (bfp->bf_buf != NULL)
sm_free(bfp->bf_buf);
sm_free(bfp);
errno = ENOMEM;
return -1;
}
(void) sm_strlcpy(bfp->bf_filename, filename, l);
bfp->bf_filemode = fmode;
bfp->bf_offset = 0;
bfp->bf_size = 0;
bfp->bf_disk_fd = -1;
fp->f_cookie = bfp;
if (tTd(58, 8))
sm_dprintf("sm_bfopen(%s)\n", filename);
return 0;
}
/*
** BFOPEN -- create a new buffered file
**
** Parameters:
** filename -- the file's name
** fmode -- what mode the file should be created as
** bsize -- amount of buffer space to allocate (may be 0)
** flags -- if running under sendmail, passed directly to safeopen
**
** Returns:
** a SM_FILE_T * which may then be used with stdio functions,
** or NULL on failure. SM_FILE_T * is opened for writing
** "SM_IO_WHAT_VECTORS").
**
** Side Effects:
** none.
**
** Sets errno:
** any value of errno specified by sm_io_setinfo_type()
** any value of errno specified by sm_io_open()
** any value of errno specified by sm_io_setinfo()
*/
#ifdef __STDC__
/*
** XXX This is a temporary hack since MODE_T on HP-UX 10.x is short.
** If we use K&R here, the compiler will complain about
** Inconsistent parameter list declaration
** due to the change from short to int.
*/
SM_FILE_T *
bfopen(char *filename, MODE_T fmode, size_t bsize, long flags)
#else /* __STDC__ */
SM_FILE_T *
bfopen(filename, fmode, bsize, flags)
char *filename;
MODE_T fmode;
size_t bsize;
long flags;
#endif /* __STDC__ */
{
MODE_T omask;
SM_FILE_T SM_IO_SET_TYPE(vector, BF_FILE_TYPE, sm_bfopen, sm_bfclose,
sm_bfread, sm_bfwrite, sm_bfseek, sm_bfgetinfo, sm_bfsetinfo,
SM_TIME_FOREVER);
struct bf_info info;
/*
** Apply current umask to fmode as it may change by the time
** the file is actually created. fmode becomes the true
** permissions of the file, which OPEN() must obey.
*/
omask = umask(0);
fmode &= ~omask;
(void) umask(omask);
SM_IO_INIT_TYPE(vector, BF_FILE_TYPE, sm_bfopen, sm_bfclose,
sm_bfread, sm_bfwrite, sm_bfseek, sm_bfgetinfo, sm_bfsetinfo,
SM_TIME_FOREVER);
info.bi_filename = filename;
info.bi_fmode = fmode;
info.bi_bsize = bsize;
info.bi_flags = flags;
return sm_io_open(&vector, SM_TIME_DEFAULT, &info, SM_IO_RDWR, NULL);
}
/*
** SM_BFGETINFO -- returns info about an open file pointer
**
** Parameters:
** fp -- file pointer to get info about
** what -- type of info to obtain
** valp -- thing to return the info in
*/
static int
sm_bfgetinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
struct bf *bfp;
bfp = (struct bf *) fp->f_cookie;
switch (what)
{
case SM_IO_WHAT_FD:
return bfp->bf_disk_fd;
case SM_IO_WHAT_SIZE:
return bfp->bf_size;
default:
return -1;
}
}
/*
** SM_BFCLOSE -- close a buffered file
**
** Parameters:
** fp -- cookie of file to close
**
** Returns:
** 0 to indicate success
**
** Side Effects:
** deletes backing file, sm_frees memory.
**
** Sets errno:
** never.
*/
static int
sm_bfclose(fp)
SM_FILE_T *fp;
{
struct bf *bfp;
/* Cast cookie back to correct type */
bfp = (struct bf *) fp->f_cookie;
/* Need to clean up the file */
if (bfp->bf_ondisk && !bfp->bf_committed)
unlink(bfp->bf_filename);
sm_free(bfp->bf_filename);
if (bfp->bf_disk_fd != -1)
close(bfp->bf_disk_fd);
/* Need to sm_free the buffer */
if (bfp->bf_bufsize > 0)
sm_free(bfp->bf_buf);
/* Finally, sm_free the structure */
sm_free(bfp);
return 0;
}
/*
** SM_BFREAD -- read a buffered file
**
** Parameters:
** cookie -- cookie of file to read
** buf -- buffer to fill
** nbytes -- how many bytes to read
**
** Returns:
** number of bytes read or -1 indicate failure
**
** Side Effects:
** none.
**
*/
static ssize_t
sm_bfread(fp, buf, nbytes)
SM_FILE_T *fp;
char *buf;
size_t nbytes;
{
struct bf *bfp;
ssize_t count = 0; /* Number of bytes put in buf so far */
int retval;
/* Cast cookie back to correct type */
bfp = (struct bf *) fp->f_cookie;
if (bfp->bf_offset < bfp->bf_buffilled)
{
/* Need to grab some from buffer */
count = nbytes;
if ((bfp->bf_offset + count) > bfp->bf_buffilled)
count = bfp->bf_buffilled - bfp->bf_offset;
memcpy(buf, bfp->bf_buf + bfp->bf_offset, count);
}
if ((bfp->bf_offset + nbytes) > bfp->bf_buffilled)
{
/* Need to grab some from file */
if (!bfp->bf_ondisk)
{
/* Oops, the file doesn't exist. EOF. */
if (tTd(58, 8))
sm_dprintf("sm_bfread(%s): to disk\n",
bfp->bf_filename);
goto finished;
}
/* Catch a read() on an earlier failed write to disk */
if (bfp->bf_disk_fd < 0)
{
errno = EIO;
return -1;
}
if (lseek(bfp->bf_disk_fd,
bfp->bf_offset + count, SEEK_SET) < 0)
{
if ((errno == EINVAL) || (errno == ESPIPE))
{
/*
** stdio won't be expecting these
** errnos from read()! Change them
** into something it can understand.
*/
errno = EIO;
}
return -1;
}
while (count < nbytes)
{
retval = read(bfp->bf_disk_fd,
buf + count,
nbytes - count);
if (retval < 0)
{
/* errno is set implicitly by read() */
return -1;
}
else if (retval == 0)
goto finished;
else
count += retval;
}
}
finished:
bfp->bf_offset += count;
return count;
}
/*
** SM_BFSEEK -- seek to a position in a buffered file
**
** Parameters:
** fp -- fp of file to seek
** offset -- position to seek to
** whence -- how to seek
**
** Returns:
** new file offset or -1 indicate failure
**
** Side Effects:
** none.
**
*/
static off_t
sm_bfseek(fp, offset, whence)
SM_FILE_T *fp;
off_t offset;
int whence;
{
struct bf *bfp;
/* Cast cookie back to correct type */
bfp = (struct bf *) fp->f_cookie;
switch (whence)
{
case SEEK_SET:
bfp->bf_offset = offset;
break;
case SEEK_CUR:
bfp->bf_offset += offset;
break;
case SEEK_END:
bfp->bf_offset = bfp->bf_size + offset;
break;
default:
errno = EINVAL;
return -1;
}
return bfp->bf_offset;
}
/*
** SM_BFWRITE -- write to a buffered file
**
** Parameters:
** fp -- fp of file to write
** buf -- data buffer
** nbytes -- how many bytes to write
**
** Returns:
** number of bytes written or -1 indicate failure
**
** Side Effects:
** may create backing file if over memory limit for file.
**
*/
static ssize_t
sm_bfwrite(fp, buf, nbytes)
SM_FILE_T *fp;
const char *buf;
size_t nbytes;
{
struct bf *bfp;
ssize_t count = 0; /* Number of bytes written so far */
int retval;
/* Cast cookie back to correct type */
bfp = (struct bf *) fp->f_cookie;
/* If committed, go straight to disk */
if (bfp->bf_committed)
{
if (lseek(bfp->bf_disk_fd, bfp->bf_offset, SEEK_SET) < 0)
{
if ((errno == EINVAL) || (errno == ESPIPE))
{
/*
** stdio won't be expecting these
** errnos from write()! Change them
** into something it can understand.
*/
errno = EIO;
}
return -1;
}
count = write(bfp->bf_disk_fd, buf, nbytes);
if (count < 0)
{
/* errno is set implicitly by write() */
return -1;
}
goto finished;
}
if (bfp->bf_offset < bfp->bf_bufsize)
{
/* Need to put some in buffer */
count = nbytes;
if ((bfp->bf_offset + count) > bfp->bf_bufsize)
count = bfp->bf_bufsize - bfp->bf_offset;
memcpy(bfp->bf_buf + bfp->bf_offset, buf, count);
if ((bfp->bf_offset + count) > bfp->bf_buffilled)
bfp->bf_buffilled = bfp->bf_offset + count;
}
if ((bfp->bf_offset + nbytes) > bfp->bf_bufsize)
{
/* Need to put some in file */
if (!bfp->bf_ondisk)
{
MODE_T omask;
int save_errno;
/* Clear umask as bf_filemode are the true perms */
omask = umask(0);
retval = OPEN(bfp->bf_filename,
O_RDWR | O_CREAT | O_TRUNC | QF_O_EXTRA,
bfp->bf_filemode, bfp->bf_flags);
save_errno = errno;
(void) umask(omask);
errno = save_errno;
/* Couldn't create file: failure */
if (retval < 0)
{
/*
** stdio may not be expecting these
** errnos from write()! Change to
** something which it can understand.
** Note that ENOSPC and EDQUOT are saved
** because they are actually valid for
** write().
*/
if (!(errno == ENOSPC
#ifdef EDQUOT
|| errno == EDQUOT
-#endif /* EDQUOT */
+#endif
))
errno = EIO;
return -1;
}
bfp->bf_disk_fd = retval;
bfp->bf_ondisk = true;
}
/* Catch a write() on an earlier failed write to disk */
if (bfp->bf_ondisk && bfp->bf_disk_fd < 0)
{
errno = EIO;
return -1;
}
if (lseek(bfp->bf_disk_fd,
bfp->bf_offset + count, SEEK_SET) < 0)
{
if ((errno == EINVAL) || (errno == ESPIPE))
{
/*
** stdio won't be expecting these
** errnos from write()! Change them into
** something which it can understand.
*/
errno = EIO;
}
return -1;
}
while (count < nbytes)
{
retval = write(bfp->bf_disk_fd, buf + count,
nbytes - count);
if (retval < 0)
{
/* errno is set implicitly by write() */
return -1;
}
else
count += retval;
}
}
finished:
bfp->bf_offset += count;
if (bfp->bf_offset > bfp->bf_size)
bfp->bf_size = bfp->bf_offset;
return count;
}
/*
** BFREWIND -- rewinds the SM_FILE_T *
**
** Parameters:
** fp -- SM_FILE_T * to rewind
**
** Returns:
** 0 on success, -1 on error
**
** Side Effects:
** rewinds the SM_FILE_T * and puts it into read mode. Normally
** one would bfopen() a file, write to it, then bfrewind() and
** fread(). If fp is not a buffered file, this is equivalent to
** rewind().
**
** Sets errno:
** any value of errno specified by sm_io_rewind()
*/
int
bfrewind(fp)
SM_FILE_T *fp;
{
(void) sm_io_flush(fp, SM_TIME_DEFAULT);
sm_io_clearerr(fp); /* quicker just to do it */
return sm_io_seek(fp, SM_TIME_DEFAULT, 0, SM_IO_SEEK_SET);
}
/*
** SM_BFCOMMIT -- "commits" the buffered file
**
** Parameters:
** fp -- SM_FILE_T * to commit to disk
**
** Returns:
** 0 on success, -1 on error
**
** Side Effects:
** Forces the given SM_FILE_T * to be written to disk if it is not
** already, and ensures that it will be kept after closing. If
** fp is not a buffered file, this is a no-op.
**
** Sets errno:
** any value of errno specified by open()
** any value of errno specified by write()
** any value of errno specified by lseek()
*/
static int
sm_bfcommit(fp)
SM_FILE_T *fp;
{
struct bf *bfp;
int retval;
int byteswritten;
/* Get associated bf structure */
bfp = (struct bf *) fp->f_cookie;
/* If already committed, noop */
if (bfp->bf_committed)
return 0;
/* Do we need to open a file? */
if (!bfp->bf_ondisk)
{
int save_errno;
MODE_T omask;
struct stat st;
if (tTd(58, 8))
{
sm_dprintf("bfcommit(%s): to disk\n", bfp->bf_filename);
if (tTd(58, 32))
sm_dprintf("bfcommit(): filemode %o flags %ld\n",
(unsigned int) bfp->bf_filemode,
bfp->bf_flags);
}
if (stat(bfp->bf_filename, &st) == 0)
{
errno = EEXIST;
return -1;
}
/* Clear umask as bf_filemode are the true perms */
omask = umask(0);
retval = OPEN(bfp->bf_filename,
O_RDWR | O_CREAT | O_EXCL | QF_O_EXTRA,
bfp->bf_filemode, bfp->bf_flags);
save_errno = errno;
(void) umask(omask);
/* Couldn't create file: failure */
if (retval < 0)
{
/* errno is set implicitly by open() */
errno = save_errno;
return -1;
}
bfp->bf_disk_fd = retval;
bfp->bf_ondisk = true;
}
/* Write out the contents of our buffer, if we have any */
if (bfp->bf_buffilled > 0)
{
byteswritten = 0;
if (lseek(bfp->bf_disk_fd, 0, SEEK_SET) < 0)
{
/* errno is set implicitly by lseek() */
return -1;
}
while (byteswritten < bfp->bf_buffilled)
{
retval = write(bfp->bf_disk_fd,
bfp->bf_buf + byteswritten,
bfp->bf_buffilled - byteswritten);
if (retval < 0)
{
/* errno is set implicitly by write() */
return -1;
}
else
byteswritten += retval;
}
}
bfp->bf_committed = true;
/* Invalidate buf; all goes to file now */
bfp->bf_buffilled = 0;
if (bfp->bf_bufsize > 0)
{
/* Don't need buffer anymore; free it */
bfp->bf_bufsize = 0;
sm_free(bfp->bf_buf);
}
return 0;
}
/*
** SM_BFTRUNCATE -- rewinds and truncates the SM_FILE_T *
**
** Parameters:
** fp -- SM_FILE_T * to truncate
**
** Returns:
** 0 on success, -1 on error
**
** Side Effects:
** rewinds the SM_FILE_T *, truncates it to zero length, and puts
** it into write mode.
**
** Sets errno:
** any value of errno specified by fseek()
** any value of errno specified by ftruncate()
*/
static int
sm_bftruncate(fp)
SM_FILE_T *fp;
{
struct bf *bfp;
if (bfrewind(fp) < 0)
return -1;
/* Get bf structure */
bfp = (struct bf *) fp->f_cookie;
bfp->bf_buffilled = 0;
bfp->bf_size = 0;
/* Need to zero the buffer */
if (bfp->bf_bufsize > 0)
memset(bfp->bf_buf, '\0', bfp->bf_bufsize);
if (bfp->bf_ondisk)
{
#if NOFTRUNCATE
/* XXX: Not much we can do except rewind it */
errno = EINVAL;
return -1;
-#else /* NOFTRUNCATE */
+#else
return ftruncate(bfp->bf_disk_fd, 0);
-#endif /* NOFTRUNCATE */
+#endif
}
return 0;
}
/*
** SM_BFSETINFO -- set/change info for an open file pointer
**
** Parameters:
** fp -- file pointer to get info about
** what -- type of info to set/change
** valp -- thing to set/change the info to
**
*/
static int
sm_bfsetinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
struct bf *bfp;
int bsize;
/* Get bf structure */
bfp = (struct bf *) fp->f_cookie;
switch (what)
{
case SM_BF_SETBUFSIZE:
bsize = *((int *) valp);
bfp->bf_bufsize = bsize;
/* A zero bsize is valid, just don't allocate memory */
if (bsize > 0)
{
bfp->bf_buf = (char *) sm_malloc(bsize);
if (bfp->bf_buf == NULL)
{
bfp->bf_bufsize = 0;
errno = ENOMEM;
return -1;
}
}
else
bfp->bf_buf = NULL;
return 0;
case SM_BF_COMMIT:
return sm_bfcommit(fp);
case SM_BF_TRUNCATE:
return sm_bftruncate(fp);
case SM_BF_TEST:
return 1; /* always */
default:
errno = EINVAL;
return -1;
}
}
diff --git a/src/collect.c b/src/collect.c
index 5f090b23a042..526519050ca6 100644
--- a/src/collect.c
+++ b/src/collect.c
@@ -1,1128 +1,1123 @@
/*
* Copyright (c) 1998-2006, 2008 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: collect.c,v 8.287 2013-11-22 20:51:55 ca Exp $")
static void eatfrom __P((char *volatile, ENVELOPE *));
static void collect_doheader __P((ENVELOPE *));
static SM_FILE_T *collect_dfopen __P((ENVELOPE *));
static SM_FILE_T *collect_eoh __P((ENVELOPE *, int, int));
/*
** COLLECT_EOH -- end-of-header processing in collect()
**
** Called by collect() when it encounters the blank line
** separating the header from the message body, or when it
** encounters EOF in a message that contains only a header.
**
** Parameters:
** e -- envelope
** numhdrs -- number of headers
** hdrslen -- length of headers
**
** Results:
** NULL, or handle to open data file
**
** Side Effects:
** end-of-header check ruleset is invoked.
** envelope state is updated.
** headers may be added and deleted.
** selects the queue.
** opens the data file.
*/
static SM_FILE_T *
collect_eoh(e, numhdrs, hdrslen)
ENVELOPE *e;
int numhdrs;
int hdrslen;
{
char hnum[16];
char hsize[16];
/* call the end-of-header check ruleset */
(void) sm_snprintf(hnum, sizeof(hnum), "%d", numhdrs);
(void) sm_snprintf(hsize, sizeof(hsize), "%d", hdrslen);
if (tTd(30, 10))
sm_dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n",
hnum, hsize);
(void) rscheck("check_eoh", hnum, hsize, e, RSF_UNSTRUCTURED|RSF_COUNT,
3, NULL, e->e_id, NULL, NULL);
/*
** Process the header,
** select the queue, open the data file.
*/
collect_doheader(e);
return collect_dfopen(e);
}
/*
** COLLECT_DOHEADER -- process header in collect()
**
** Called by collect() after it has finished parsing the header,
** but before it selects the queue and creates the data file.
** The results of processing the header will affect queue selection.
**
** Parameters:
** e -- envelope
**
** Results:
** none.
**
** Side Effects:
** envelope state is updated.
** headers may be added and deleted.
*/
static void
collect_doheader(e)
ENVELOPE *e;
{
/*
** Find out some information from the headers.
** Examples are who is the from person & the date.
*/
eatheader(e, true, false);
if (GrabTo && e->e_sendqueue == NULL)
usrerr("No recipient addresses found in header");
/*
** If we have a Return-Receipt-To:, turn it into a DSN.
*/
if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL)
{
ADDRESS *q;
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
if (!bitset(QHASNOTIFY, q->q_flags))
q->q_flags |= QHASNOTIFY|QPINGONSUCCESS;
}
/*
** Add an appropriate recipient line if we have none.
*/
if (hvalue("to", e->e_header) != NULL ||
hvalue("cc", e->e_header) != NULL ||
hvalue("apparently-to", e->e_header) != NULL)
{
/* have a valid recipient header -- delete Bcc: headers */
e->e_flags |= EF_DELETE_BCC;
}
else if (hvalue("bcc", e->e_header) == NULL)
{
/* no valid recipient headers */
register ADDRESS *q;
char *hdr = NULL;
/* create a recipient field */
switch (NoRecipientAction)
{
case NRA_ADD_APPARENTLY_TO:
hdr = "Apparently-To";
break;
case NRA_ADD_TO:
hdr = "To";
break;
case NRA_ADD_BCC:
addheader("Bcc", " ", 0, e, true);
break;
case NRA_ADD_TO_UNDISCLOSED:
addheader("To", "undisclosed-recipients:;", 0, e, true);
break;
}
if (hdr != NULL)
{
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (q->q_alias != NULL)
continue;
if (tTd(30, 3))
sm_dprintf("Adding %s: %s\n",
hdr, q->q_paddr);
addheader(hdr, q->q_paddr, 0, e, true);
}
}
}
}
/*
** COLLECT_DFOPEN -- open the message data file
**
** Called by collect() after it has finished processing the header.
** Queue selection occurs at this point, possibly based on the
** envelope's recipient list and on header information.
**
** Parameters:
** e -- envelope
**
** Results:
** NULL, or a pointer to an open data file,
** into which the message body will be written by collect().
**
** Side Effects:
** Calls syserr, sets EF_FATALERRS and returns NULL
** if there is insufficient disk space.
** Aborts process if data file could not be opened.
** Otherwise, the queue is selected,
** e->e_{dfino,dfdev,msgsize,flags} are updated,
** and a pointer to an open data file is returned.
*/
static SM_FILE_T *
collect_dfopen(e)
ENVELOPE *e;
{
MODE_T oldumask = 0;
int dfd;
struct stat stbuf;
SM_FILE_T *df;
char *dfname;
if (!setnewqueue(e))
return NULL;
dfname = queuename(e, DATAFL_LETTER);
if (bitset(S_IWGRP, QueueFileMode))
oldumask = umask(002);
df = bfopen(dfname, QueueFileMode, DataFileBufferSize,
SFF_OPENASROOT);
if (bitset(S_IWGRP, QueueFileMode))
(void) umask(oldumask);
if (df == NULL)
{
syserr("@Cannot create %s", dfname);
e->e_flags |= EF_NO_BODY_RETN;
flush_errors(true);
finis(false, true, ExitStat);
/* NOTREACHED */
}
dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
if (dfd < 0 || fstat(dfd, &stbuf) < 0)
e->e_dfino = -1;
else
{
e->e_dfdev = stbuf.st_dev;
e->e_dfino = stbuf.st_ino;
}
e->e_flags |= EF_HAS_DF;
return df;
}
/*
** COLLECT -- read & parse message header & make temp file.
**
** Creates a temporary file name and copies the standard
** input to that file. Leading UNIX-style "From" lines are
** stripped off (after important information is extracted).
**
** Parameters:
** fp -- file to read.
** smtpmode -- if set, we are running SMTP: give an RFC821
** style message to say we are ready to collect
** input, and never ignore a single dot to mean
** end of message.
** hdrp -- the location to stash the header.
** e -- the current envelope.
** rsetsize -- reset e_msgsize?
**
** Returns:
** none.
**
** Side Effects:
** If successful,
** - Data file is created and filled, and e->e_dfp is set.
** - The from person may be set.
** If the "enough disk space" check fails,
** - syserr is called.
** - e->e_dfp is NULL.
** - e->e_flags & EF_FATALERRS is set.
** - collect() returns.
** If data file cannot be created, the process is terminated.
*/
/* values for input state machine */
#define IS_NORM 0 /* middle of line */
#define IS_BOL 1 /* beginning of line */
#define IS_DOT 2 /* read a dot at beginning of line */
#define IS_DOTCR 3 /* read ".\r" at beginning of line */
#define IS_CR 4 /* read a carriage return */
/* values for message state machine */
#define MS_UFROM 0 /* reading Unix from line */
#define MS_HEADER 1 /* reading message header */
#define MS_BODY 2 /* reading message body */
#define MS_DISCARD 3 /* discarding rest of message */
void
collect(fp, smtpmode, hdrp, e, rsetsize)
SM_FILE_T *fp;
bool smtpmode;
HDR **hdrp;
register ENVELOPE *e;
bool rsetsize;
{
register SM_FILE_T *df;
bool ignrdot;
int dbto;
register char *bp;
int c;
bool inputerr;
bool headeronly;
char *buf;
int buflen;
int istate;
int mstate;
int hdrslen;
int numhdrs;
int afd;
int old_rd_tmo;
unsigned char *pbp;
unsigned char peekbuf[8];
char bufbuf[MAXLINE];
#if _FFR_REJECT_NUL_BYTE
bool hasNUL; /* has at least one NUL input byte */
-#endif /* _FFR_REJECT_NUL_BYTE */
+#endif
df = NULL;
ignrdot = smtpmode ? false : IgnrDot;
/* timeout for I/O functions is in milliseconds */
dbto = smtpmode ? ((int) TimeOuts.to_datablock * 1000)
: SM_TIME_FOREVER;
sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto);
old_rd_tmo = set_tls_rd_tmo(TimeOuts.to_datablock);
c = SM_IO_EOF;
inputerr = false;
headeronly = hdrp != NULL;
hdrslen = 0;
numhdrs = 0;
HasEightBits = false;
#if _FFR_REJECT_NUL_BYTE
hasNUL = false;
-#endif /* _FFR_REJECT_NUL_BYTE */
+#endif
buf = bp = bufbuf;
buflen = sizeof(bufbuf);
pbp = peekbuf;
istate = IS_BOL;
mstate = SaveFrom ? MS_HEADER : MS_UFROM;
/*
** Tell ARPANET to go ahead.
*/
if (smtpmode)
message("354 Enter mail, end with \".\" on a line by itself");
/* simulate an I/O timeout when used as sink */
if (tTd(83, 101))
sleep(319);
if (tTd(30, 2))
sm_dprintf("collect\n");
/*
** Read the message.
**
** This is done using two interleaved state machines.
** The input state machine is looking for things like
** hidden dots; the message state machine is handling
** the larger picture (e.g., header versus body).
*/
if (rsetsize)
e->e_msgsize = 0;
for (;;)
{
if (tTd(30, 35))
sm_dprintf("top, istate=%d, mstate=%d\n", istate,
mstate);
for (;;)
{
if (pbp > peekbuf)
c = *--pbp;
else
{
while (!sm_io_eof(fp) && !sm_io_error(fp))
{
errno = 0;
c = sm_io_getc(fp, SM_TIME_DEFAULT);
if (c == SM_IO_EOF && errno == EINTR)
{
/* Interrupted, retry */
sm_io_clearerr(fp);
continue;
}
/* timeout? */
if (c == SM_IO_EOF && errno == EAGAIN
&& smtpmode)
{
/*
** Override e_message in
** usrerr() as this is the
** reason for failure that
** should be logged for
** undelivered recipients.
*/
e->e_message = NULL;
errno = 0;
inputerr = true;
goto readabort;
}
break;
}
if (TrafficLogFile != NULL && !headeronly)
{
if (istate == IS_BOL)
(void) sm_io_fprintf(TrafficLogFile,
SM_TIME_DEFAULT,
"%05d <<< ",
(int) CurrentPid);
if (c == SM_IO_EOF)
(void) sm_io_fprintf(TrafficLogFile,
SM_TIME_DEFAULT,
"[EOF]\n");
else
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT,
c);
}
#if _FFR_REJECT_NUL_BYTE
if (c == '\0')
hasNUL = true;
-#endif /* _FFR_REJECT_NUL_BYTE */
+#endif
if (c == SM_IO_EOF)
goto readerr;
if (SevenBitInput)
c &= 0x7f;
else
HasEightBits |= bitset(0x80, c);
}
if (tTd(30, 94))
sm_dprintf("istate=%d, c=%c (0x%x)\n",
istate, (char) c, c);
switch (istate)
{
case IS_BOL:
if (c == '.')
{
istate = IS_DOT;
continue;
}
break;
case IS_DOT:
- if (c == '\n' && !ignrdot &&
- !bitset(EF_NL_NOT_EOL, e->e_flags))
+ if (c == '\n' && !ignrdot)
goto readerr;
- else if (c == '\r' &&
- !bitset(EF_CRLF_NOT_EOL, e->e_flags))
+ else if (c == '\r')
{
istate = IS_DOTCR;
continue;
}
else if (ignrdot ||
(c != '.' &&
OpMode != MD_SMTP &&
OpMode != MD_DAEMON &&
OpMode != MD_ARPAFTP))
{
SM_ASSERT(pbp < peekbuf +
sizeof(peekbuf));
*pbp++ = c;
c = '.';
}
break;
case IS_DOTCR:
if (c == '\n' && !ignrdot)
goto readerr;
else
{
/* push back the ".\rx" */
SM_ASSERT(pbp < peekbuf +
sizeof(peekbuf));
*pbp++ = c;
if (OpMode != MD_SMTP &&
OpMode != MD_DAEMON &&
OpMode != MD_ARPAFTP)
{
SM_ASSERT(pbp < peekbuf +
sizeof(peekbuf));
*pbp++ = '\r';
c = '.';
}
else
c = '\r';
}
break;
case IS_CR:
if (c == '\n')
istate = IS_BOL;
else
{
(void) sm_io_ungetc(fp, SM_TIME_DEFAULT,
c);
c = '\r';
istate = IS_NORM;
}
goto bufferchar;
}
- if (c == '\r' && !bitset(EF_CRLF_NOT_EOL, e->e_flags))
+ if (c == '\r')
{
istate = IS_CR;
continue;
}
- else if (c == '\n' && !bitset(EF_NL_NOT_EOL,
- e->e_flags))
+ else if (c == '\n')
istate = IS_BOL;
else
istate = IS_NORM;
bufferchar:
if (!headeronly)
{
/* no overflow? */
if (e->e_msgsize >= 0)
{
e->e_msgsize++;
if (MaxMessageSize > 0 &&
!bitset(EF_TOOBIG, e->e_flags) &&
e->e_msgsize > MaxMessageSize)
e->e_flags |= EF_TOOBIG;
}
}
switch (mstate)
{
case MS_BODY:
/* just put the character out */
if (!bitset(EF_TOOBIG, e->e_flags))
(void) sm_io_putc(df, SM_TIME_DEFAULT,
c);
/* FALLTHROUGH */
case MS_DISCARD:
continue;
}
SM_ASSERT(mstate == MS_UFROM || mstate == MS_HEADER);
/* header -- buffer up */
if (bp >= &buf[buflen - 2])
{
char *obuf;
/* out of space for header */
obuf = buf;
if (buflen < MEMCHUNKSIZE)
buflen *= 2;
else
buflen += MEMCHUNKSIZE;
if (buflen <= 0)
{
sm_syslog(LOG_NOTICE, e->e_id,
"header overflow from %s during message collect",
CURHOSTNAME);
errno = 0;
e->e_flags |= EF_CLRQUEUE;
e->e_status = "5.6.0";
usrerrenh(e->e_status,
"552 Headers too large");
goto discard;
}
buf = xalloc(buflen);
memmove(buf, obuf, bp - obuf);
bp = &buf[bp - obuf];
if (obuf != bufbuf)
sm_free(obuf); /* XXX */
}
if (c != '\0')
{
*bp++ = c;
++hdrslen;
if (!headeronly &&
MaxHeadersLength > 0 &&
hdrslen > MaxHeadersLength)
{
sm_syslog(LOG_NOTICE, e->e_id,
"headers too large (%d max) from %s during message collect",
MaxHeadersLength,
CURHOSTNAME);
errno = 0;
e->e_flags |= EF_CLRQUEUE;
e->e_status = "5.6.0";
usrerrenh(e->e_status,
"552 Headers too large (%d max)",
MaxHeadersLength);
discard:
mstate = MS_DISCARD;
}
}
if (istate == IS_BOL)
break;
}
*bp = '\0';
nextstate:
if (tTd(30, 35))
sm_dprintf("nextstate, istate=%d, mstate=%d, line=\"%s\"\n",
istate, mstate, buf);
switch (mstate)
{
case MS_UFROM:
mstate = MS_HEADER;
#ifndef NOTUNIX
if (strncmp(buf, "From ", 5) == 0)
{
bp = buf;
eatfrom(buf, e);
continue;
}
#endif /* ! NOTUNIX */
/* FALLTHROUGH */
case MS_HEADER:
if (!isheader(buf))
{
mstate = MS_BODY;
goto nextstate;
}
/* check for possible continuation line */
do
{
sm_io_clearerr(fp);
errno = 0;
c = sm_io_getc(fp, SM_TIME_DEFAULT);
/* timeout? */
if (c == SM_IO_EOF && errno == EAGAIN
&& smtpmode)
{
/*
** Override e_message in
** usrerr() as this is the
** reason for failure that
** should be logged for
** undelivered recipients.
*/
e->e_message = NULL;
errno = 0;
inputerr = true;
goto readabort;
}
} while (c == SM_IO_EOF && errno == EINTR);
if (c != SM_IO_EOF)
(void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
if (c == ' ' || c == '\t')
{
/* yep -- defer this */
continue;
}
SM_ASSERT(bp > buf);
/* guaranteed by isheader(buf) */
SM_ASSERT(*(bp - 1) != '\n' || bp > buf + 1);
/* trim off trailing CRLF or NL */
if (*--bp != '\n' || *--bp != '\r')
bp++;
*bp = '\0';
if (bitset(H_EOH, chompheader(buf,
CHHDR_CHECK | CHHDR_USER,
hdrp, e)))
{
mstate = MS_BODY;
goto nextstate;
}
numhdrs++;
break;
case MS_BODY:
if (tTd(30, 1))
sm_dprintf("EOH\n");
if (headeronly)
goto readerr;
df = collect_eoh(e, numhdrs, hdrslen);
if (df == NULL)
e->e_flags |= EF_TOOBIG;
bp = buf;
/* toss blank line */
- if ((!bitset(EF_CRLF_NOT_EOL, e->e_flags) &&
- bp[0] == '\r' && bp[1] == '\n') ||
- (!bitset(EF_NL_NOT_EOL, e->e_flags) &&
- bp[0] == '\n'))
+ if ((bp[0] == '\r' && bp[1] == '\n') ||
+ (bp[0] == '\n'))
{
break;
}
/* if not a blank separator, write it out */
if (!bitset(EF_TOOBIG, e->e_flags))
{
while (*bp != '\0')
(void) sm_io_putc(df, SM_TIME_DEFAULT,
*bp++);
}
break;
}
bp = buf;
}
readerr:
if ((sm_io_eof(fp) && smtpmode) || sm_io_error(fp))
{
const char *errmsg;
if (sm_io_eof(fp))
errmsg = "unexpected close";
else
errmsg = sm_errstring(errno);
if (tTd(30, 1))
sm_dprintf("collect: premature EOM: %s\n", errmsg);
if (LogLevel > 1)
sm_syslog(LOG_WARNING, e->e_id,
"collect: premature EOM: %s", errmsg);
inputerr = true;
}
if (headeronly)
goto end;
if (mstate != MS_BODY)
{
/* no body or discard, so we never opened the data file */
SM_ASSERT(df == NULL);
df = collect_eoh(e, numhdrs, hdrslen);
}
if (df == NULL)
{
/* skip next few clauses */
/* EMPTY */
}
else if (sm_io_flush(df, SM_TIME_DEFAULT) != 0 || sm_io_error(df))
{
dferror(df, "sm_io_flush||sm_io_error", e);
flush_errors(true);
finis(true, true, ExitStat);
/* NOTREACHED */
}
else if (SuperSafe == SAFE_NO ||
SuperSafe == SAFE_INTERACTIVE ||
(SuperSafe == SAFE_REALLY_POSTMILTER && smtpmode))
{
/* skip next few clauses */
/* EMPTY */
/* Note: updfs() is not called in this case! */
}
else if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0 && errno != EINVAL)
{
int save_errno = errno;
if (save_errno == EEXIST)
{
char *dfile;
struct stat st;
int dfd;
dfile = queuename(e, DATAFL_LETTER);
if (stat(dfile, &st) < 0)
st.st_size = -1;
errno = EEXIST;
syserr("@collect: bfcommit(%s): already on disk, size=%ld",
dfile, (long) st.st_size);
dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
if (dfd >= 0)
dumpfd(dfd, true, true);
}
errno = save_errno;
dferror(df, "bfcommit", e);
flush_errors(true);
finis(save_errno != EEXIST, true, ExitStat);
}
else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
{
dferror(df, "sm_io_getinfo", e);
flush_errors(true);
finis(true, true, ExitStat);
/* NOTREACHED */
}
else if (fsync(afd) < 0)
{
dferror(df, "fsync", e);
flush_errors(true);
finis(true, true, ExitStat);
/* NOTREACHED */
}
else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
{
dferror(df, "sm_io_close", e);
flush_errors(true);
finis(true, true, ExitStat);
/* NOTREACHED */
}
else
{
/* everything is happily flushed to disk */
df = NULL;
/* remove from available space in filesystem */
updfs(e, 0, 1, "collect");
}
/* An EOF when running SMTP is an error */
readabort:
if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
{
char *host;
char *problem;
ADDRESS *q;
host = RealHostName;
if (host == NULL)
host = "localhost";
if (sm_io_eof(fp))
problem = "unexpected close";
else if (sm_io_error(fp))
problem = "I/O error";
else
problem = "read timeout";
if (LogLevel > 0 && sm_io_eof(fp))
sm_syslog(LOG_NOTICE, e->e_id,
"collect: %s on connection from %.100s, sender=%s",
problem, host,
shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
if (sm_io_eof(fp))
usrerr("421 4.4.1 collect: %s on connection from %s, from=%s",
problem, host,
shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
else
syserr("421 4.4.1 collect: %s on connection from %s, from=%s",
problem, host,
shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
flush_errors(true);
/* don't return an error indication */
e->e_to = NULL;
e->e_flags &= ~EF_FATALERRS;
e->e_flags |= EF_CLRQUEUE;
/* Don't send any message notification to sender */
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_DEAD(q->q_state))
continue;
q->q_state = QS_FATALERR;
}
(void) sm_io_close(df, SM_TIME_DEFAULT);
df = NULL;
finis(true, true, ExitStat);
/* NOTREACHED */
}
/* Log collection information. */
if (tTd(92, 2))
sm_dprintf("collect: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
{
logsender(e, e->e_msgid);
e->e_flags &= ~EF_LOGSENDER;
}
/* check for message too large */
if (bitset(EF_TOOBIG, e->e_flags))
{
e->e_flags |= EF_NO_BODY_RETN|EF_CLRQUEUE;
if (!bitset(EF_FATALERRS, e->e_flags))
{
e->e_status = "5.2.3";
usrerrenh(e->e_status,
"552 Message exceeds maximum fixed size (%ld)",
MaxMessageSize);
if (LogLevel > 6)
sm_syslog(LOG_NOTICE, e->e_id,
"message size (%ld) exceeds maximum (%ld)",
PRT_NONNEGL(e->e_msgsize),
MaxMessageSize);
}
}
/* check for illegal 8-bit data */
if (HasEightBits)
{
e->e_flags |= EF_HAS8BIT;
if (!bitset(MM_PASS8BIT|MM_MIME8BIT, MimeMode) &&
!bitset(EF_IS_MIME, e->e_flags))
{
e->e_status = "5.6.1";
usrerrenh(e->e_status, "554 Eight bit data not allowed");
}
}
else
{
/* if it claimed to be 8 bits, well, it lied.... */
if (e->e_bodytype != NULL &&
sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0)
e->e_bodytype = "7BIT";
}
#if _FFR_REJECT_NUL_BYTE
if (hasNUL && RejectNUL)
{
e->e_status = "5.6.1";
usrerrenh(e->e_status, "554 NUL byte not allowed");
}
#endif /* _FFR_REJECT_NUL_BYTE */
if (SuperSafe == SAFE_REALLY && !bitset(EF_FATALERRS, e->e_flags))
{
char *dfname = queuename(e, DATAFL_LETTER);
if ((e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
SM_IO_RDONLY_B, NULL)) == NULL)
{
/* we haven't acked receipt yet, so just chuck this */
syserr("@Cannot reopen %s", dfname);
finis(true, true, ExitStat);
/* NOTREACHED */
}
}
else
e->e_dfp = df;
/* collect statistics */
if (OpMode != MD_VERIFY)
{
/*
** Recalculate e_msgpriority, it is done at in eatheader()
** which is called (in 8.12) after the header is collected,
** hence e_msgsize is (most likely) incorrect.
*/
e->e_msgpriority = e->e_msgsize
- e->e_class * WkClassFact
+ e->e_nrcpts * WkRecipFact;
markstats(e, (ADDRESS *) NULL, STATS_NORMAL);
}
end:
(void) set_tls_rd_tmo(old_rd_tmo);
}
/*
** DFERROR -- signal error on writing the data file.
**
** Called by collect(). Collect() always terminates the process
** immediately after calling dferror(), which means that the SMTP
** session will be terminated, which means that any error message
** issued by dferror must be a 421 error, as per RFC 821.
**
** Parameters:
** df -- the file pointer for the data file.
** msg -- detailed message.
** e -- the current envelope.
**
** Returns:
** none.
**
** Side Effects:
** Gives an error message.
** Arranges for following output to go elsewhere.
*/
void
dferror(df, msg, e)
SM_FILE_T *volatile df;
char *msg;
register ENVELOPE *e;
{
char *dfname;
dfname = queuename(e, DATAFL_LETTER);
setstat(EX_IOERR);
if (errno == ENOSPC)
{
#if STAT64 > 0
struct stat64 st;
-#else /* STAT64 > 0 */
+#else
struct stat st;
-#endif /* STAT64 > 0 */
+#endif
long avail;
long bsize;
e->e_flags |= EF_NO_BODY_RETN;
if (
#if STAT64 > 0
fstat64(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
-#else /* STAT64 > 0 */
+#else
fstat(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
-#endif /* STAT64 > 0 */
+#endif
< 0)
st.st_size = 0;
(void) sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, dfname,
SM_IO_WRONLY_B, NULL, df);
if (st.st_size <= 0)
(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
"\n*** Mail could not be accepted");
else
(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
"\n*** Mail of at least %llu bytes could not be accepted\n",
(ULONGLONG_T) st.st_size);
(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
"*** at %s due to lack of disk space for temp file.\n",
MyHostName);
avail = freediskspace(qid_printqueue(e->e_qgrp, e->e_qdir),
&bsize);
if (avail > 0)
{
if (bsize > 1024)
avail *= bsize / 1024;
else if (bsize < 1024)
avail /= 1024 / bsize;
(void) sm_io_fprintf(df, SM_TIME_DEFAULT,
"*** Currently, %ld kilobytes are available for mail temp files.\n",
avail);
}
#if 0
/* Wrong response code; should be 421. */
e->e_status = "4.3.1";
usrerrenh(e->e_status, "452 Out of disk space for temp file");
#else /* 0 */
syserr("421 4.3.1 Out of disk space for temp file");
#endif /* 0 */
}
else
syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%ld, gid=%ld)",
dfname, msg, (long) geteuid(), (long) getegid());
if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL,
SM_IO_WRONLY, NULL, df) == NULL)
sm_syslog(LOG_ERR, e->e_id,
"dferror: sm_io_reopen(\"/dev/null\") failed: %s",
sm_errstring(errno));
}
/*
** EATFROM -- chew up a UNIX style from line and process
**
** This does indeed make some assumptions about the format
** of UNIX messages.
**
** Parameters:
** fm -- the from line.
** e -- envelope
**
** Returns:
** none.
**
** Side Effects:
** extracts what information it can from the header,
** such as the date.
*/
#ifndef NOTUNIX
static char *DowList[] =
{
"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
};
static char *MonthList[] =
{
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
NULL
};
static void
eatfrom(fm, e)
char *volatile fm;
register ENVELOPE *e;
{
register char *p;
register char **dt;
if (tTd(30, 2))
sm_dprintf("eatfrom(%s)\n", fm);
/* find the date part */
p = fm;
while (*p != '\0')
{
/* skip a word */
while (*p != '\0' && *p != ' ')
p++;
while (*p == ' ')
p++;
if (strlen(p) < 17)
{
/* no room for the date */
return;
}
if (!(isascii(*p) && isupper(*p)) ||
p[3] != ' ' || p[13] != ':' || p[16] != ':')
continue;
/* we have a possible date */
for (dt = DowList; *dt != NULL; dt++)
if (strncmp(*dt, p, 3) == 0)
break;
if (*dt == NULL)
continue;
for (dt = MonthList; *dt != NULL; dt++)
{
if (strncmp(*dt, &p[4], 3) == 0)
break;
}
if (*dt != NULL)
break;
}
if (*p != '\0')
{
char *q, buf[25];
/* we have found a date */
(void) sm_strlcpy(buf, p, sizeof(buf));
q = arpadate(buf);
macdefine(&e->e_macro, A_TEMP, 'a', q);
}
}
#endif /* ! NOTUNIX */
diff --git a/src/conf.c b/src/conf.c
index 8c7c94b15cfd..63c545cb27e1 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1,6606 +1,6830 @@
/*
* Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: conf.c,v 8.1192 2014-01-27 18:23:21 ca Exp $")
#include <sm/sendmail.h>
#include <sendmail/pathnames.h>
#if NEWDB
# include "sm/bdb.h"
-#endif /* NEWDB */
+#endif
#include <daemon.h>
#include "map.h"
+#include <ratectrl.h>
#ifdef DEC
# if NETINET6
/* for the IPv6 device lookup */
# define _SOCKADDR_LEN
# include <macros.h>
# endif /* NETINET6 */
#endif /* DEC */
# include <sys/ioctl.h>
# include <sys/param.h>
#include <limits.h>
#if NETINET || NETINET6
# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
+#endif
#if HASULIMIT && defined(HPUX11)
# include <ulimit.h>
-#endif /* HASULIMIT && defined(HPUX11) */
+#endif
+#if STARTTLS
+# include "tls.h"
+#endif
static void setupmaps __P((void));
static void setupmailers __P((void));
static void setupqueues __P((void));
static int get_num_procs_online __P((void));
static int add_hostnames __P((SOCKADDR *));
#if NETINET6 && NEEDSGETIPNODE
static struct hostent *sm_getipnodebyname __P((const char *, int, int, int *));
static struct hostent *sm_getipnodebyaddr __P((const void *, size_t, int, int *));
#else /* NETINET6 && NEEDSGETIPNODE */
#define sm_getipnodebyname getipnodebyname
#define sm_getipnodebyaddr getipnodebyaddr
#endif /* NETINET6 && NEEDSGETIPNODE */
/*
** CONF.C -- Sendmail Configuration Tables.
**
** Defines the configuration of this installation.
**
** Configuration Variables:
** HdrInfo -- a table describing well-known header fields.
** Each entry has the field name and some flags,
** which are described in sendmail.h.
**
** Notes:
** I have tried to put almost all the reasonable
** configuration information into the configuration
** file read at runtime. My intent is that anything
** here is a function of the version of UNIX you
** are running, or is really static -- for example
** the headers are a superset of widely used
** protocols. If you find yourself playing with
** this file too much, you may be making a mistake!
*/
/*
** Header info table
** Final (null) entry contains the flags used for any other field.
**
** Not all of these are actually handled specially by sendmail
** at this time. They are included as placeholders, to let
** you know that "someday" I intend to have sendmail do
** something with them.
*/
struct hdrinfo HdrInfo[] =
{
/* originator fields, most to least significant */
{ "resent-sender", H_FROM|H_RESENT, NULL },
{ "resent-from", H_FROM|H_RESENT, NULL },
{ "resent-reply-to", H_FROM|H_RESENT, NULL },
{ "sender", H_FROM, NULL },
{ "from", H_FROM, NULL },
{ "reply-to", H_FROM, NULL },
{ "errors-to", H_FROM|H_ERRORSTO, NULL },
{ "full-name", H_ACHECK, NULL },
{ "return-receipt-to", H_RECEIPTTO, NULL },
{ "delivery-receipt-to", H_RECEIPTTO, NULL },
{ "disposition-notification-to", H_FROM, NULL },
/* destination fields */
{ "to", H_RCPT, NULL },
{ "resent-to", H_RCPT|H_RESENT, NULL },
{ "cc", H_RCPT, NULL },
{ "resent-cc", H_RCPT|H_RESENT, NULL },
{ "bcc", H_RCPT|H_BCC, NULL },
{ "resent-bcc", H_RCPT|H_BCC|H_RESENT, NULL },
{ "apparently-to", H_RCPT, NULL },
/* message identification and control */
{ "message-id", 0, NULL },
{ "resent-message-id", H_RESENT, NULL },
+#if !NO_EOH_FIELDS
{ "message", H_EOH, NULL },
{ "text", H_EOH, NULL },
+#endif
/* date fields */
{ "date", 0, NULL },
{ "resent-date", H_RESENT, NULL },
/* trace fields */
{ "received", H_TRACE|H_FORCE, NULL },
{ "x400-received", H_TRACE|H_FORCE, NULL },
{ "via", H_TRACE|H_FORCE, NULL },
{ "mail-from", H_TRACE|H_FORCE, NULL },
/* miscellaneous fields */
{ "comments", H_FORCE|H_ENCODABLE, NULL },
{ "return-path", H_FORCE|H_ACHECK|H_BINDLATE, NULL },
{ "content-transfer-encoding", H_CTE, NULL },
{ "content-type", H_CTYPE, NULL },
{ "content-length", H_ACHECK, NULL },
{ "subject", H_ENCODABLE, NULL },
{ "x-authentication-warning", H_FORCE, NULL },
{ NULL, 0, NULL }
};
/*
** Privacy values
*/
struct prival PrivacyValues[] =
{
{ "public", PRIV_PUBLIC },
{ "needmailhelo", PRIV_NEEDMAILHELO },
{ "needexpnhelo", PRIV_NEEDEXPNHELO },
{ "needvrfyhelo", PRIV_NEEDVRFYHELO },
{ "noexpn", PRIV_NOEXPN },
{ "novrfy", PRIV_NOVRFY },
{ "restrictexpand", PRIV_RESTRICTEXPAND },
{ "restrictmailq", PRIV_RESTRICTMAILQ },
{ "restrictqrun", PRIV_RESTRICTQRUN },
{ "noetrn", PRIV_NOETRN },
{ "noverb", PRIV_NOVERB },
{ "authwarnings", PRIV_AUTHWARNINGS },
{ "noreceipts", PRIV_NORECEIPTS },
{ "nobodyreturn", PRIV_NOBODYRETN },
{ "goaway", PRIV_GOAWAY },
{ "noactualrecipient", PRIV_NOACTUALRECIPIENT },
{ NULL, 0 }
};
/*
** DontBlameSendmail values
*/
struct dbsval DontBlameSendmailValues[] =
{
{ "safe", DBS_SAFE },
{ "assumesafechown", DBS_ASSUMESAFECHOWN },
{ "groupwritabledirpathsafe", DBS_GROUPWRITABLEDIRPATHSAFE },
{ "groupwritableforwardfilesafe",
DBS_GROUPWRITABLEFORWARDFILESAFE },
{ "groupwritableincludefilesafe",
DBS_GROUPWRITABLEINCLUDEFILESAFE },
{ "groupwritablealiasfile", DBS_GROUPWRITABLEALIASFILE },
{ "worldwritablealiasfile", DBS_WORLDWRITABLEALIASFILE },
{ "forwardfileinunsafedirpath", DBS_FORWARDFILEINUNSAFEDIRPATH },
{ "includefileinunsafedirpath", DBS_INCLUDEFILEINUNSAFEDIRPATH },
{ "mapinunsafedirpath", DBS_MAPINUNSAFEDIRPATH },
{ "linkedaliasfileinwritabledir",
DBS_LINKEDALIASFILEINWRITABLEDIR },
{ "linkedclassfileinwritabledir",
DBS_LINKEDCLASSFILEINWRITABLEDIR },
{ "linkedforwardfileinwritabledir",
DBS_LINKEDFORWARDFILEINWRITABLEDIR },
{ "linkedincludefileinwritabledir",
DBS_LINKEDINCLUDEFILEINWRITABLEDIR },
{ "linkedmapinwritabledir", DBS_LINKEDMAPINWRITABLEDIR },
{ "linkedserviceswitchfileinwritabledir",
DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR },
{ "filedeliverytohardlink", DBS_FILEDELIVERYTOHARDLINK },
{ "filedeliverytosymlink", DBS_FILEDELIVERYTOSYMLINK },
{ "writemaptohardlink", DBS_WRITEMAPTOHARDLINK },
{ "writemaptosymlink", DBS_WRITEMAPTOSYMLINK },
{ "writestatstohardlink", DBS_WRITESTATSTOHARDLINK },
{ "writestatstosymlink", DBS_WRITESTATSTOSYMLINK },
{ "forwardfileingroupwritabledirpath",
DBS_FORWARDFILEINGROUPWRITABLEDIRPATH },
{ "includefileingroupwritabledirpath",
DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH },
{ "classfileinunsafedirpath", DBS_CLASSFILEINUNSAFEDIRPATH },
{ "errorheaderinunsafedirpath", DBS_ERRORHEADERINUNSAFEDIRPATH },
{ "helpfileinunsafedirpath", DBS_HELPFILEINUNSAFEDIRPATH },
{ "forwardfileinunsafedirpathsafe",
DBS_FORWARDFILEINUNSAFEDIRPATHSAFE },
{ "includefileinunsafedirpathsafe",
DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE },
{ "runprograminunsafedirpath", DBS_RUNPROGRAMINUNSAFEDIRPATH },
{ "runwritableprogram", DBS_RUNWRITABLEPROGRAM },
{ "nonrootsafeaddr", DBS_NONROOTSAFEADDR },
{ "truststickybit", DBS_TRUSTSTICKYBIT },
{ "dontwarnforwardfileinunsafedirpath",
DBS_DONTWARNFORWARDFILEINUNSAFEDIRPATH },
{ "insufficiententropy", DBS_INSUFFICIENTENTROPY },
{ "groupreadablesasldbfile", DBS_GROUPREADABLESASLDBFILE },
{ "groupwritablesasldbfile", DBS_GROUPWRITABLESASLDBFILE },
{ "groupwritableforwardfile", DBS_GROUPWRITABLEFORWARDFILE },
{ "groupwritableincludefile", DBS_GROUPWRITABLEINCLUDEFILE },
{ "worldwritableforwardfile", DBS_WORLDWRITABLEFORWARDFILE },
{ "worldwritableincludefile", DBS_WORLDWRITABLEINCLUDEFILE },
{ "groupreadablekeyfile", DBS_GROUPREADABLEKEYFILE },
{ "groupreadabledefaultauthinfofile",
DBS_GROUPREADABLEAUTHINFOFILE },
{ NULL, 0 }
};
/*
** Miscellaneous stuff.
*/
int DtableSize = 50; /* max open files; reset in 4.2bsd */
/*
** SETDEFAULTS -- set default values
**
** Some of these must be initialized using direct code since they
** depend on run-time values. So let's do all of them this way.
**
** Parameters:
** e -- the default envelope.
**
** Returns:
** none.
**
** Side Effects:
** Initializes a bunch of global variables to their
** default values.
*/
#define MINUTES * 60
#define HOURS * 60 MINUTES
#define DAYS * 24 HOURS
#ifndef MAXRULERECURSION
# define MAXRULERECURSION 50 /* max ruleset recursion depth */
-#endif /* ! MAXRULERECURSION */
+#endif
void
setdefaults(e)
register ENVELOPE *e;
{
int i;
int numprocs;
struct passwd *pw;
numprocs = get_num_procs_online();
SpaceSub = ' '; /* option B */
QueueLA = 8 * numprocs; /* option x */
RefuseLA = 12 * numprocs; /* option X */
WkRecipFact = 30000L; /* option y */
WkClassFact = 1800L; /* option z */
WkTimeFact = 90000L; /* option Z */
QueueFactor = WkRecipFact * 20; /* option q */
QueueMode = QM_NORMAL; /* what queue items to act upon */
FileMode = (RealUid != geteuid()) ? 0644 : 0600;
/* option F */
QueueFileMode = (RealUid != geteuid()) ? 0644 : 0600;
/* option QueueFileMode */
if (((pw = sm_getpwnam("mailnull")) != NULL && pw->pw_uid != 0) ||
((pw = sm_getpwnam("sendmail")) != NULL && pw->pw_uid != 0) ||
((pw = sm_getpwnam("daemon")) != NULL && pw->pw_uid != 0))
{
DefUid = pw->pw_uid; /* option u */
DefGid = pw->pw_gid; /* option g */
DefUser = newstr(pw->pw_name);
}
else
{
DefUid = 1; /* option u */
DefGid = 1; /* option g */
setdefuser();
}
TrustedUid = 0;
if (tTd(37, 4))
sm_dprintf("setdefaults: DefUser=%s, DefUid=%ld, DefGid=%ld\n",
DefUser != NULL ? DefUser : "<1:1>",
(long) DefUid, (long) DefGid);
CheckpointInterval = 10; /* option C */
MaxHopCount = 25; /* option h */
set_delivery_mode(SM_FORK, e); /* option d */
e->e_errormode = EM_PRINT; /* option e */
e->e_qgrp = NOQGRP;
e->e_qdir = NOQDIR;
e->e_xfqgrp = NOQGRP;
e->e_xfqdir = NOQDIR;
e->e_ctime = curtime();
+#if _FFR_EAI
+ e->e_smtputf8 = false;
+#endif
SevenBitInput = false; /* option 7 */
MaxMciCache = 1; /* option k */
MciCacheTimeout = 5 MINUTES; /* option K */
LogLevel = 9; /* option L */
#if MILTER
MilterLogLevel = -1;
-#endif /* MILTER */
+#endif
inittimeouts(NULL, false); /* option r */
PrivacyFlags = PRIV_PUBLIC; /* option p */
MeToo = true; /* option m */
SendMIMEErrors = true; /* option f */
SuperSafe = SAFE_REALLY; /* option s */
clrbitmap(DontBlameSendmail); /* DontBlameSendmail option */
#if MIME8TO7
MimeMode = MM_CVTMIME|MM_PASS8BIT; /* option 8 */
-#else /* MIME8TO7 */
+#else
MimeMode = MM_PASS8BIT;
-#endif /* MIME8TO7 */
+#endif
for (i = 0; i < MAXTOCLASS; i++)
{
TimeOuts.to_q_return[i] = 5 DAYS; /* option T */
TimeOuts.to_q_warning[i] = 0; /* option T */
}
ServiceSwitchFile = "/etc/mail/service.switch";
ServiceCacheMaxAge = (time_t) 10;
HostsFile = _PATH_HOSTS;
PidFile = newstr(_PATH_SENDMAILPID);
MustQuoteChars = "@,;:\\()[].'";
MciInfoTimeout = 30 MINUTES;
MaxRuleRecursion = MAXRULERECURSION;
MaxAliasRecursion = 10;
MaxMacroRecursion = 10;
ColonOkInAddr = true;
DontLockReadFiles = true;
DontProbeInterfaces = DPI_PROBEALL;
DoubleBounceAddr = "postmaster";
MaxHeadersLength = MAXHDRSLEN;
MaxMimeHeaderLength = MAXLINE;
MaxMimeFieldLength = MaxMimeHeaderLength / 2;
MaxForwardEntries = 0;
FastSplit = 1;
MaxNOOPCommands = MAXNOOPCOMMANDS;
#if SASL
AuthMechanisms = newstr(AUTH_MECHANISMS);
AuthRealm = NULL;
MaxSLBits = INT_MAX;
-#endif /* SASL */
+#endif
#if STARTTLS
TLS_Srv_Opts = TLS_I_SRV;
if (NULL == EVP_digest)
EVP_digest = EVP_md5();
+# if _FFR_TLSFB2CLEAR
+ TLSFallbacktoClear = true;
+# endif
Srv_SSL_Options = SSL_OP_ALL;
Clt_SSL_Options = SSL_OP_ALL
# ifdef SSL_OP_NO_SSLv2
| SSL_OP_NO_SSLv2
# endif
# ifdef SSL_OP_NO_TICKET
| SSL_OP_NO_TICKET
# endif
;
# ifdef SSL_OP_TLSEXT_PADDING
/* SSL_OP_TLSEXT_PADDING breaks compatibility with some sites */
Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
# endif /* SSL_OP_TLSEXT_PADDING */
#endif /* STARTTLS */
#ifdef HESIOD_INIT
HesiodContext = NULL;
-#endif /* HESIOD_INIT */
+#endif
#if NETINET6
/* Detect if IPv6 is available at run time */
i = socket(AF_INET6, SOCK_STREAM, 0);
if (i >= 0)
{
InetMode = AF_INET6;
(void) close(i);
}
else
InetMode = AF_INET;
#if !IPV6_FULL
UseCompressedIPv6Addresses = true;
#endif
#else /* NETINET6 */
InetMode = AF_INET;
#endif /* NETINET6 */
ControlSocketName = NULL;
memset(&ConnectOnlyTo, '\0', sizeof(ConnectOnlyTo));
DataFileBufferSize = 4096;
XscriptFileBufferSize = 4096;
for (i = 0; i < MAXRWSETS; i++)
RuleSetNames[i] = NULL;
#if MILTER
InputFilters[0] = NULL;
-#endif /* MILTER */
+#endif
RejectLogInterval = 3 HOURS;
#if REQUIRES_DIR_FSYNC
RequiresDirfsync = true;
-#endif /* REQUIRES_DIR_FSYNC */
+#endif
#if _FFR_RCPTTHROTDELAY
BadRcptThrottleDelay = 1;
-#endif /* _FFR_RCPTTHROTDELAY */
+#endif
ConnectionRateWindowSize = 60;
#if _FFR_BOUNCE_QUEUE
BounceQueue = NOQGRP;
-#endif /* _FFR_BOUNCE_QUEUE */
+#endif
setupmaps();
setupqueues();
setupmailers();
setupheaders();
}
-
/*
** SETDEFUSER -- set/reset DefUser using DefUid (for initgroups())
*/
void
setdefuser()
{
struct passwd *defpwent;
static char defuserbuf[40];
DefUser = defuserbuf;
defpwent = sm_getpwuid(DefUid);
(void) sm_strlcpy(defuserbuf,
(defpwent == NULL || defpwent->pw_name == NULL)
? "nobody" : defpwent->pw_name,
sizeof(defuserbuf));
if (tTd(37, 4))
sm_dprintf("setdefuser: DefUid=%ld, DefUser=%s\n",
(long) DefUid, DefUser);
}
/*
** SETUPQUEUES -- initialize default queues
**
** The mqueue QUEUE structure gets filled in after readcf() but
** we need something to point to now for the mailer setup,
** which use "mqueue" as default queue.
*/
static void
setupqueues()
{
char buf[100];
MaxRunnersPerQueue = 1;
(void) sm_strlcpy(buf, "mqueue, P=/var/spool/mqueue", sizeof(buf));
makequeue(buf, false);
}
/*
** SETUPMAILERS -- initialize default mailers
*/
static void
setupmailers()
{
char buf[100];
(void) sm_strlcpy(buf, "prog, P=/bin/sh, F=lsouDq9, T=X-Unix/X-Unix/X-Unix, A=sh -c \201u",
sizeof(buf));
makemailer(buf);
(void) sm_strlcpy(buf, "*file*, P=[FILE], F=lsDFMPEouq9, T=X-Unix/X-Unix/X-Unix, A=FILE \201u",
sizeof(buf));
makemailer(buf);
(void) sm_strlcpy(buf, "*include*, P=/dev/null, F=su, A=INCLUDE \201u",
sizeof(buf));
makemailer(buf);
initerrmailers();
}
/*
** SETUPMAPS -- set up map classes
*/
#define MAPDEF(name, ext, flags, parse, open, close, lookup, store) \
{ \
extern bool parse __P((MAP *, char *)); \
extern bool open __P((MAP *, int)); \
extern void close __P((MAP *)); \
extern char *lookup __P((MAP *, char *, char **, int *)); \
extern void store __P((MAP *, char *, char *)); \
s = stab(name, ST_MAPCLASS, ST_ENTER); \
s->s_mapclass.map_cname = name; \
s->s_mapclass.map_ext = ext; \
s->s_mapclass.map_cflags = flags; \
s->s_mapclass.map_parse = parse; \
s->s_mapclass.map_open = open; \
s->s_mapclass.map_close = close; \
s->s_mapclass.map_lookup = lookup; \
s->s_mapclass.map_store = store; \
}
static void
setupmaps()
{
register STAB *s;
#if NEWDB
# if DB_VERSION_MAJOR > 1
int major_v, minor_v, patch_v;
(void) db_version(&major_v, &minor_v, &patch_v);
if (major_v != DB_VERSION_MAJOR || minor_v != DB_VERSION_MINOR)
{
errno = 0;
syserr("Berkeley DB version mismatch: compiled against %d.%d.%d, run-time linked against %d.%d.%d",
DB_VERSION_MAJOR, DB_VERSION_MINOR, DB_VERSION_PATCH,
major_v, minor_v, patch_v);
}
# endif /* DB_VERSION_MAJOR > 1 */
MAPDEF("hash", ".db", MCF_ALIASOK|MCF_REBUILDABLE,
map_parseargs, hash_map_open, db_map_close,
db_map_lookup, db_map_store);
MAPDEF("btree", ".db", MCF_ALIASOK|MCF_REBUILDABLE,
map_parseargs, bt_map_open, db_map_close,
db_map_lookup, db_map_store);
#endif /* NEWDB */
#if NDBM
MAPDEF("dbm", ".dir", MCF_ALIASOK|MCF_REBUILDABLE,
map_parseargs, ndbm_map_open, ndbm_map_close,
ndbm_map_lookup, ndbm_map_store);
-#endif /* NDBM */
+#endif
+
+#if CDB
+ MAPDEF("cdb", CDBEXT, MCF_ALIASOK|MCF_REBUILDABLE,
+ map_parseargs, cdb_map_open, cdb_map_close,
+ cdb_map_lookup, cdb_map_store);
+#endif
#if NIS
MAPDEF("nis", NULL, MCF_ALIASOK,
map_parseargs, nis_map_open, null_map_close,
nis_map_lookup, null_map_store);
-#endif /* NIS */
+#endif
#if NISPLUS
MAPDEF("nisplus", NULL, MCF_ALIASOK,
map_parseargs, nisplus_map_open, null_map_close,
nisplus_map_lookup, null_map_store);
-#endif /* NISPLUS */
+#endif
#if LDAPMAP
MAPDEF("ldap", NULL, MCF_ALIASOK|MCF_NOTPERSIST,
ldapmap_parseargs, ldapmap_open, ldapmap_close,
ldapmap_lookup, null_map_store);
-#endif /* LDAPMAP */
+#endif
#if PH_MAP
MAPDEF("ph", NULL, MCF_NOTPERSIST,
ph_map_parseargs, ph_map_open, ph_map_close,
ph_map_lookup, null_map_store);
-#endif /* PH_MAP */
+#endif
#if MAP_NSD
/* IRIX 6.5 nsd support */
MAPDEF("nsd", NULL, MCF_ALIASOK,
map_parseargs, null_map_open, null_map_close,
nsd_map_lookup, null_map_store);
-#endif /* MAP_NSD */
+#endif
#if HESIOD
- MAPDEF("hesiod", NULL, MCF_ALIASOK|MCF_ALIASONLY,
+ MAPDEF("hesiod", NULL, MCF_ALIASOK,
map_parseargs, hes_map_open, hes_map_close,
hes_map_lookup, null_map_store);
-#endif /* HESIOD */
+#endif
#if NETINFO
MAPDEF("netinfo", NULL, MCF_ALIASOK,
map_parseargs, ni_map_open, null_map_close,
ni_map_lookup, null_map_store);
-#endif /* NETINFO */
+#endif
#if 0
MAPDEF("dns", NULL, 0,
dns_map_init, null_map_open, null_map_close,
dns_map_lookup, null_map_store);
#endif /* 0 */
#if NAMED_BIND
# if DNSMAP
# if _FFR_DNSMAP_ALIASABLE
MAPDEF("dns", NULL, MCF_ALIASOK,
dns_map_parseargs, dns_map_open, null_map_close,
dns_map_lookup, null_map_store);
# else /* _FFR_DNSMAP_ALIASABLE */
MAPDEF("dns", NULL, 0,
dns_map_parseargs, dns_map_open, null_map_close,
dns_map_lookup, null_map_store);
# endif /* _FFR_DNSMAP_ALIASABLE */
# endif /* DNSMAP */
#endif /* NAMED_BIND */
#if NAMED_BIND
/* best MX DNS lookup */
MAPDEF("bestmx", NULL, MCF_OPTFILE,
map_parseargs, null_map_open, null_map_close,
bestmx_map_lookup, null_map_store);
-#endif /* NAMED_BIND */
+#endif
MAPDEF("host", NULL, 0,
host_map_init, null_map_open, null_map_close,
host_map_lookup, null_map_store);
MAPDEF("text", NULL, MCF_ALIASOK,
map_parseargs, text_map_open, null_map_close,
text_map_lookup, null_map_store);
- MAPDEF("stab", NULL, MCF_ALIASOK|MCF_ALIASONLY,
+ MAPDEF("stab", NULL, MCF_ALIASOK,
map_parseargs, stab_map_open, null_map_close,
stab_map_lookup, stab_map_store);
- MAPDEF("implicit", NULL, MCF_ALIASOK|MCF_ALIASONLY|MCF_REBUILDABLE,
+ MAPDEF("implicit", NULL, MCF_ALIASOK|MCF_REBUILDABLE,
map_parseargs, impl_map_open, impl_map_close,
impl_map_lookup, impl_map_store);
/* access to system passwd file */
MAPDEF("user", NULL, MCF_OPTFILE,
map_parseargs, user_map_open, null_map_close,
user_map_lookup, null_map_store);
/* dequote map */
MAPDEF("dequote", NULL, 0,
dequote_init, null_map_open, null_map_close,
dequote_map, null_map_store);
#if MAP_REGEX
MAPDEF("regex", NULL, 0,
regex_map_init, null_map_open, null_map_close,
regex_map_lookup, null_map_store);
-#endif /* MAP_REGEX */
+#endif
#if USERDB
/* user database */
MAPDEF("userdb", ".db", 0,
map_parseargs, null_map_open, null_map_close,
udb_map_lookup, null_map_store);
-#endif /* USERDB */
+#endif
/* arbitrary programs */
MAPDEF("program", NULL, MCF_ALIASOK,
map_parseargs, null_map_open, null_map_close,
prog_map_lookup, null_map_store);
/* sequenced maps */
MAPDEF("sequence", NULL, MCF_ALIASOK,
seq_map_parse, null_map_open, null_map_close,
seq_map_lookup, seq_map_store);
/* switched interface to sequenced maps */
MAPDEF("switch", NULL, MCF_ALIASOK,
map_parseargs, switch_map_open, null_map_close,
seq_map_lookup, seq_map_store);
/* null map lookup -- really for internal use only */
MAPDEF("null", NULL, MCF_ALIASOK|MCF_OPTFILE,
map_parseargs, null_map_open, null_map_close,
null_map_lookup, null_map_store);
/* syslog map -- logs information to syslog */
MAPDEF("syslog", NULL, 0,
syslog_map_parseargs, null_map_open, null_map_close,
syslog_map_lookup, null_map_store);
/* macro storage map -- rulesets can set macros */
MAPDEF("macro", NULL, 0,
dequote_init, null_map_open, null_map_close,
macro_map_lookup, null_map_store);
/* arithmetic map -- add/subtract/compare */
MAPDEF("arith", NULL, 0,
dequote_init, null_map_open, null_map_close,
arith_map_lookup, null_map_store);
/* "arpa" map -- IP -> arpa */
MAPDEF("arpa", NULL, 0,
dequote_init, null_map_open, null_map_close,
arpa_map_lookup, null_map_store);
#if SOCKETMAP
/* arbitrary daemons */
MAPDEF("socket", NULL, MCF_ALIASOK,
map_parseargs, socket_map_open, socket_map_close,
socket_map_lookup, null_map_store);
-#endif /* SOCKETMAP */
+#endif
#if _FFR_DPRINTF_MAP
/* dprintf map -- logs information to syslog */
MAPDEF("dprintf", NULL, 0,
dprintf_map_parseargs, null_map_open, null_map_close,
dprintf_map_lookup, null_map_store);
-#endif /* _FFR_DPRINTF_MAP */
+#endif
+
+#if _FFR_SETDEBUG_MAP
+ /* setdebug map -- set debug levels */
+ MAPDEF("setdebug", NULL, 0,
+ dequote_init, null_map_open, null_map_close,
+ setdebug_map_lookup, null_map_store);
+#endif
+
+#if _FFR_SETOPT_MAP
+ /* setopt map -- set option */
+ MAPDEF("setopt", NULL, 0,
+ dequote_init, null_map_open, null_map_close,
+ setopt_map_lookup, null_map_store);
+#endif
if (tTd(38, 2))
{
/* bogus map -- always return tempfail */
MAPDEF("bogus", NULL, MCF_ALIASOK|MCF_OPTFILE,
map_parseargs, null_map_open, null_map_close,
bogus_map_lookup, null_map_store);
}
}
#undef MAPDEF
/*
** INITHOSTMAPS -- initial host-dependent maps
**
** This should act as an interface to any local service switch
** provided by the host operating system.
**
** Parameters:
** none
**
** Returns:
** none
**
** Side Effects:
** Should define maps "host" and "users" as necessary
** for this OS. If they are not defined, they will get
** a default value later. It should check to make sure
** they are not defined first, since it's possible that
** the config file has provided an override.
*/
void
inithostmaps()
{
register int i;
int nmaps;
char *maptype[MAXMAPSTACK];
short mapreturn[MAXMAPACTIONS];
char buf[MAXLINE];
/*
** Make sure we have a host map.
*/
if (stab("host", ST_MAP, ST_FIND) == NULL)
{
/* user didn't initialize: set up host map */
(void) sm_strlcpy(buf, "host host", sizeof(buf));
#if NAMED_BIND
if (ConfigLevel >= 2)
(void) sm_strlcat(buf, " -a. -D", sizeof(buf));
-#endif /* NAMED_BIND */
+#endif
(void) makemapentry(buf);
}
/*
** Set up default aliases maps
*/
nmaps = switch_map_find("aliases", maptype, mapreturn);
for (i = 0; i < nmaps; i++)
{
if (strcmp(maptype[i], "files") == 0 &&
stab("aliases.files", ST_MAP, ST_FIND) == NULL)
{
(void) sm_strlcpy(buf, "aliases.files null",
sizeof(buf));
(void) makemapentry(buf);
}
+#if CDB
+ else if (strcmp(maptype[i], "cdb") == 0 &&
+ stab("aliases.cdb", ST_MAP, ST_FIND) == NULL)
+ {
+ (void) sm_strlcpy(buf, "aliases.cdb null", sizeof(buf));
+ (void) makemapentry(buf);
+ }
+#endif /* CDB */
#if NISPLUS
else if (strcmp(maptype[i], "nisplus") == 0 &&
stab("aliases.nisplus", ST_MAP, ST_FIND) == NULL)
{
(void) sm_strlcpy(buf, "aliases.nisplus nisplus -kalias -vexpansion mail_aliases.org_dir",
sizeof(buf));
(void) makemapentry(buf);
}
#endif /* NISPLUS */
#if NIS
else if (strcmp(maptype[i], "nis") == 0 &&
stab("aliases.nis", ST_MAP, ST_FIND) == NULL)
{
(void) sm_strlcpy(buf, "aliases.nis nis mail.aliases",
sizeof(buf));
(void) makemapentry(buf);
}
#endif /* NIS */
#if NETINFO
else if (strcmp(maptype[i], "netinfo") == 0 &&
stab("aliases.netinfo", ST_MAP, ST_FIND) == NULL)
{
(void) sm_strlcpy(buf, "aliases.netinfo netinfo -z, /aliases",
sizeof(buf));
(void) makemapentry(buf);
}
#endif /* NETINFO */
#if HESIOD
else if (strcmp(maptype[i], "hesiod") == 0 &&
stab("aliases.hesiod", ST_MAP, ST_FIND) == NULL)
{
(void) sm_strlcpy(buf, "aliases.hesiod hesiod aliases",
sizeof(buf));
(void) makemapentry(buf);
}
#endif /* HESIOD */
#if LDAPMAP && defined(SUN_EXTENSIONS) && \
defined(SUN_SIMPLIFIED_LDAP) && HASLDAPGETALIASBYNAME
else if (strcmp(maptype[i], "ldap") == 0 &&
stab("aliases.ldap", ST_MAP, ST_FIND) == NULL)
{
(void) sm_strlcpy(buf, "aliases.ldap ldap -b . -h localhost -k mail=%0 -v mailgroup",
sizeof buf);
(void) makemapentry(buf);
}
#endif /* LDAPMAP && defined(SUN_EXTENSIONS) && ... */
}
if (stab("aliases", ST_MAP, ST_FIND) == NULL)
{
(void) sm_strlcpy(buf, "aliases switch aliases", sizeof(buf));
(void) makemapentry(buf);
}
}
/*
** SWITCH_MAP_FIND -- find the list of types associated with a map
**
** This is the system-dependent interface to the service switch.
**
** Parameters:
** service -- the name of the service of interest.
** maptype -- an out-array of strings containing the types
** of access to use for this service. There can
** be at most MAXMAPSTACK types for a single service.
** mapreturn -- an out-array of return information bitmaps
** for the map.
**
** Returns:
** The number of map types filled in, or -1 for failure.
**
** Side effects:
** Preserves errno so nothing in the routine clobbers it.
*/
#if defined(SOLARIS) || (defined(sony_news) && defined(__svr4))
# define _USE_SUN_NSSWITCH_
-#endif /* defined(SOLARIS) || (defined(sony_news) && defined(__svr4)) */
+#endif
#if _FFR_HPUX_NSSWITCH
# ifdef __hpux
# define _USE_SUN_NSSWITCH_
-# endif /* __hpux */
+# endif
#endif /* _FFR_HPUX_NSSWITCH */
#ifdef _USE_SUN_NSSWITCH_
# include <nsswitch.h>
-#endif /* _USE_SUN_NSSWITCH_ */
+#endif
#if defined(ultrix) || (defined(__osf__) && defined(__alpha))
# define _USE_DEC_SVC_CONF_
-#endif /* defined(ultrix) || (defined(__osf__) && defined(__alpha)) */
+#endif
#ifdef _USE_DEC_SVC_CONF_
# include <sys/svcinfo.h>
-#endif /* _USE_DEC_SVC_CONF_ */
+#endif
int
switch_map_find(service, maptype, mapreturn)
char *service;
char *maptype[MAXMAPSTACK];
short mapreturn[MAXMAPACTIONS];
{
int svcno = 0;
int save_errno = errno;
#ifdef _USE_SUN_NSSWITCH_
struct __nsw_switchconfig *nsw_conf;
enum __nsw_parse_err pserr;
struct __nsw_lookup *lk;
static struct __nsw_lookup lkp0 =
{ "files", {1, 0, 0, 0}, NULL, NULL };
static struct __nsw_switchconfig lkp_default =
{ 0, "sendmail", 3, &lkp0 };
for (svcno = 0; svcno < MAXMAPACTIONS; svcno++)
mapreturn[svcno] = 0;
if ((nsw_conf = __nsw_getconfig(service, &pserr)) == NULL)
lk = lkp_default.lookups;
else
lk = nsw_conf->lookups;
svcno = 0;
while (lk != NULL && svcno < MAXMAPSTACK)
{
maptype[svcno] = lk->service_name;
if (lk->actions[__NSW_NOTFOUND] == __NSW_RETURN)
mapreturn[MA_NOTFOUND] |= 1 << svcno;
if (lk->actions[__NSW_TRYAGAIN] == __NSW_RETURN)
mapreturn[MA_TRYAGAIN] |= 1 << svcno;
if (lk->actions[__NSW_UNAVAIL] == __NSW_RETURN)
mapreturn[MA_TRYAGAIN] |= 1 << svcno;
svcno++;
lk = lk->next;
}
errno = save_errno;
return svcno;
#endif /* _USE_SUN_NSSWITCH_ */
#ifdef _USE_DEC_SVC_CONF_
struct svcinfo *svcinfo;
int svc;
for (svcno = 0; svcno < MAXMAPACTIONS; svcno++)
mapreturn[svcno] = 0;
svcinfo = getsvc();
if (svcinfo == NULL)
goto punt;
if (strcmp(service, "hosts") == 0)
svc = SVC_HOSTS;
else if (strcmp(service, "aliases") == 0)
svc = SVC_ALIASES;
else if (strcmp(service, "passwd") == 0)
svc = SVC_PASSWD;
else
{
errno = save_errno;
return -1;
}
for (svcno = 0; svcno < SVC_PATHSIZE && svcno < MAXMAPSTACK; svcno++)
{
switch (svcinfo->svcpath[svc][svcno])
{
case SVC_LOCAL:
maptype[svcno] = "files";
break;
case SVC_YP:
maptype[svcno] = "nis";
break;
case SVC_BIND:
maptype[svcno] = "dns";
break;
# ifdef SVC_HESIOD
case SVC_HESIOD:
maptype[svcno] = "hesiod";
break;
-# endif /* SVC_HESIOD */
+# endif
case SVC_LAST:
errno = save_errno;
return svcno;
}
}
errno = save_errno;
return svcno;
#endif /* _USE_DEC_SVC_CONF_ */
#if !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_)
/*
** Fall-back mechanism.
*/
STAB *st;
static time_t servicecachetime; /* time service switch was cached */
time_t now = curtime();
for (svcno = 0; svcno < MAXMAPACTIONS; svcno++)
mapreturn[svcno] = 0;
if ((now - servicecachetime) > (time_t) ServiceCacheMaxAge)
{
/* (re)read service switch */
register SM_FILE_T *fp;
long sff = SFF_REGONLY|SFF_OPENASROOT|SFF_NOLOCK;
if (!bitnset(DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR,
DontBlameSendmail))
sff |= SFF_NOWLINK;
if (ConfigFileRead)
servicecachetime = now;
fp = safefopen(ServiceSwitchFile, O_RDONLY, 0, sff);
if (fp != NULL)
{
char buf[MAXLINE];
while (sm_io_fgets(fp, SM_TIME_DEFAULT, buf,
sizeof(buf)) >= 0)
{
register char *p;
p = strpbrk(buf, "#\n");
if (p != NULL)
*p = '\0';
#ifndef SM_NSSWITCH_DELIMS
# define SM_NSSWITCH_DELIMS " \t"
-#endif /* SM_NSSWITCH_DELIMS */
+#endif
p = strpbrk(buf, SM_NSSWITCH_DELIMS);
if (p != NULL)
*p++ = '\0';
if (buf[0] == '\0')
continue;
if (p == NULL)
{
sm_syslog(LOG_ERR, NOQID,
"Bad line on %.100s: %.100s",
ServiceSwitchFile,
buf);
continue;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p == '\0')
continue;
/*
** Find/allocate space for this service entry.
** Space for all of the service strings
** are allocated at once. This means
** that we only have to free the first
** one to free all of them.
*/
st = stab(buf, ST_SERVICE, ST_ENTER);
if (st->s_service[0] != NULL)
sm_free((void *) st->s_service[0]); /* XXX */
p = newstr(p);
for (svcno = 0; svcno < MAXMAPSTACK; )
{
if (*p == '\0')
break;
st->s_service[svcno++] = p;
p = strpbrk(p, " \t");
if (p == NULL)
break;
*p++ = '\0';
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
}
if (svcno < MAXMAPSTACK)
st->s_service[svcno] = NULL;
}
(void) sm_io_close(fp, SM_TIME_DEFAULT);
}
}
/* look up entry in cache */
st = stab(service, ST_SERVICE, ST_FIND);
if (st != NULL && st->s_service[0] != NULL)
{
/* extract data */
svcno = 0;
while (svcno < MAXMAPSTACK)
{
maptype[svcno] = st->s_service[svcno];
if (maptype[svcno++] == NULL)
break;
}
errno = save_errno;
return --svcno;
}
#endif /* !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_) */
#if !defined(_USE_SUN_NSSWITCH_)
/* if the service file doesn't work, use an absolute fallback */
# ifdef _USE_DEC_SVC_CONF_
punt:
-# endif /* _USE_DEC_SVC_CONF_ */
+# endif
for (svcno = 0; svcno < MAXMAPACTIONS; svcno++)
mapreturn[svcno] = 0;
svcno = 0;
if (strcmp(service, "aliases") == 0)
{
+ SM_ASSERT(svcno < MAXMAPSTACK);
maptype[svcno++] = "files";
+# if CDB
+ SM_ASSERT(svcno < MAXMAPSTACK);
+ maptype[svcno++] = "cdb";
+# endif
# if defined(AUTO_NETINFO_ALIASES) && defined (NETINFO)
+ SM_ASSERT(svcno < MAXMAPSTACK);
maptype[svcno++] = "netinfo";
-# endif /* defined(AUTO_NETINFO_ALIASES) && defined (NETINFO) */
+# endif
# ifdef AUTO_NIS_ALIASES
# if NISPLUS
+ SM_ASSERT(svcno < MAXMAPSTACK);
maptype[svcno++] = "nisplus";
-# endif /* NISPLUS */
+# endif
# if NIS
+ SM_ASSERT(svcno < MAXMAPSTACK);
maptype[svcno++] = "nis";
-# endif /* NIS */
+# endif
# endif /* AUTO_NIS_ALIASES */
errno = save_errno;
return svcno;
}
if (strcmp(service, "hosts") == 0)
{
# if NAMED_BIND
+ SM_ASSERT(svcno < MAXMAPSTACK);
maptype[svcno++] = "dns";
# else /* NAMED_BIND */
# if defined(sun) && !defined(BSD)
/* SunOS */
+ SM_ASSERT(svcno < MAXMAPSTACK);
maptype[svcno++] = "nis";
# endif /* defined(sun) && !defined(BSD) */
# endif /* NAMED_BIND */
# if defined(AUTO_NETINFO_HOSTS) && defined (NETINFO)
+ SM_ASSERT(svcno < MAXMAPSTACK);
maptype[svcno++] = "netinfo";
-# endif /* defined(AUTO_NETINFO_HOSTS) && defined (NETINFO) */
+# endif
+ SM_ASSERT(svcno < MAXMAPSTACK);
maptype[svcno++] = "files";
errno = save_errno;
return svcno;
}
errno = save_errno;
return -1;
#endif /* !defined(_USE_SUN_NSSWITCH_) */
}
/*
** USERNAME -- return the user id of the logged in user.
**
** Parameters:
** none.
**
** Returns:
** The login name of the logged in user.
**
** Side Effects:
** none.
**
** Notes:
** The return value is statically allocated.
*/
char *
username()
{
static char *myname = NULL;
extern char *getlogin();
register struct passwd *pw;
/* cache the result */
if (myname == NULL)
{
myname = getlogin();
if (myname == NULL || myname[0] == '\0')
{
pw = sm_getpwuid(RealUid);
if (pw != NULL)
myname = pw->pw_name;
}
else
{
uid_t uid = RealUid;
if ((pw = sm_getpwnam(myname)) == NULL ||
(uid != 0 && uid != pw->pw_uid))
{
pw = sm_getpwuid(uid);
if (pw != NULL)
myname = pw->pw_name;
}
}
if (myname == NULL || myname[0] == '\0')
{
syserr("554 5.3.0 Who are you?");
myname = "postmaster";
}
else if (strpbrk(myname, ",;:/|\"\\") != NULL)
myname = addquotes(myname, NULL);
else
myname = sm_pstrdup_x(myname);
}
return myname;
}
/*
** TTYPATH -- Get the path of the user's tty
**
** Returns the pathname of the user's tty. Returns NULL if
** the user is not logged in or if s/he has write permission
** denied.
**
** Parameters:
** none
**
** Returns:
** pathname of the user's tty.
** NULL if not logged in or write permission denied.
**
** Side Effects:
** none.
**
** WARNING:
** Return value is in a local buffer.
**
** Called By:
** savemail
*/
char *
ttypath()
{
struct stat stbuf;
register char *pathn;
extern char *ttyname();
extern char *getlogin();
/* compute the pathname of the controlling tty */
if ((pathn = ttyname(2)) == NULL && (pathn = ttyname(1)) == NULL &&
(pathn = ttyname(0)) == NULL)
{
errno = 0;
return NULL;
}
/* see if we have write permission */
if (stat(pathn, &stbuf) < 0 || !bitset(S_IWOTH, stbuf.st_mode))
{
errno = 0;
return NULL;
}
/* see if the user is logged in */
if (getlogin() == NULL)
return NULL;
/* looks good */
return pathn;
}
/*
** CHECKCOMPAT -- check for From and To person compatible.
**
** This routine can be supplied on a per-installation basis
** to determine whether a person is allowed to send a message.
** This allows restriction of certain types of internet
** forwarding or registration of users.
**
** If the hosts are found to be incompatible, an error
** message should be given using "usrerr" and an EX_ code
** should be returned. You can also set to->q_status to
** a DSN-style status code.
**
** EF_NO_BODY_RETN can be set in e->e_flags to suppress the
** body during the return-to-sender function; this should be done
** on huge messages. This bit may already be set by the ESMTP
** protocol.
**
** Parameters:
** to -- the person being sent to.
**
** Returns:
** an exit status
**
** Side Effects:
** none (unless you include the usrerr stuff)
*/
int
checkcompat(to, e)
register ADDRESS *to;
register ENVELOPE *e;
{
if (tTd(49, 1))
sm_dprintf("checkcompat(to=%s, from=%s)\n",
to->q_paddr, e->e_from.q_paddr);
#ifdef EXAMPLE_CODE
/* this code is intended as an example only */
register STAB *s;
s = stab("arpa", ST_MAILER, ST_FIND);
if (s != NULL && strcmp(e->e_from.q_mailer->m_name, "local") != 0 &&
to->q_mailer == s->s_mailer)
{
usrerr("553 No ARPA mail through this machine: see your system administration");
/* e->e_flags |= EF_NO_BODY_RETN; to suppress body on return */
to->q_status = "5.7.1";
return EX_UNAVAILABLE;
}
#endif /* EXAMPLE_CODE */
return EX_OK;
}
#ifdef SUN_EXTENSIONS
static void
init_md_sun()
{
struct stat sbuf;
/* Check for large file descriptor */
if (fstat(fileno(stdin), &sbuf) < 0)
{
if (errno == EOVERFLOW)
{
perror("stdin");
exit(EX_NOINPUT);
}
}
}
#endif /* SUN_EXTENSIONS */
/*
** INIT_MD -- do machine dependent initializations
**
** Systems that have global modes that should be set should do
** them here rather than in main.
*/
#ifdef _AUX_SOURCE
# include <compat.h>
-#endif /* _AUX_SOURCE */
+#endif
#if SHARE_V1
# include <shares.h>
-#endif /* SHARE_V1 */
+#endif
void
init_md(argc, argv)
int argc;
char **argv;
{
#ifdef _AUX_SOURCE
setcompat(getcompat() | COMPAT_BSDPROT);
-#endif /* _AUX_SOURCE */
+#endif
#ifdef SUN_EXTENSIONS
init_md_sun();
-#endif /* SUN_EXTENSIONS */
+#endif
#if _CONVEX_SOURCE
/* keep gethostby*() from stripping the local domain name */
set_domain_trim_off();
-#endif /* _CONVEX_SOURCE */
+#endif
#if defined(__QNX__) && !defined(__QNXNTO__)
/*
** Due to QNX's network distributed nature, you can target a tcpip
** stack on a different node in the qnx network; this patch lets
** this feature work. The __sock_locate() must be done before the
** environment is clear.
*/
__sock_locate();
#endif /* __QNX__ */
#if SECUREWARE || defined(_SCO_unix_)
set_auth_parameters(argc, argv);
# ifdef _SCO_unix_
/*
** This is required for highest security levels (the kernel
** won't let it call set*uid() or run setuid binaries without
** it). It may be necessary on other SECUREWARE systems.
*/
if (getluid() == -1)
setluid(0);
# endif /* _SCO_unix_ */
#endif /* SECUREWARE || defined(_SCO_unix_) */
#ifdef VENDOR_DEFAULT
VendorCode = VENDOR_DEFAULT;
-#else /* VENDOR_DEFAULT */
+#else
VendorCode = VENDOR_BERKELEY;
-#endif /* VENDOR_DEFAULT */
+#endif
}
/*
** INIT_VENDOR_MACROS -- vendor-dependent macro initializations
**
** Called once, on startup.
**
** Parameters:
** e -- the global envelope.
**
** Returns:
** none.
**
** Side Effects:
** vendor-dependent.
*/
void
init_vendor_macros(e)
register ENVELOPE *e;
{
}
/*
** GETLA -- get the current load average
**
** This code stolen from la.c.
**
** Parameters:
** none.
**
** Returns:
** The current load average as an integer.
**
** Side Effects:
** none.
*/
/* try to guess what style of load average we have */
#define LA_ZERO 1 /* always return load average as zero */
#define LA_INT 2 /* read kmem for avenrun; interpret as long */
#define LA_FLOAT 3 /* read kmem for avenrun; interpret as float */
#define LA_SUBR 4 /* call getloadavg */
#define LA_MACH 5 /* MACH load averages (as on NeXT boxes) */
#define LA_SHORT 6 /* read kmem for avenrun; interpret as short */
#define LA_PROCSTR 7 /* read string ("1.17") from /proc/loadavg */
#define LA_READKSYM 8 /* SVR4: use MIOC_READKSYM ioctl call */
#define LA_DGUX 9 /* special DGUX implementation */
#define LA_HPUX 10 /* special HPUX implementation */
#define LA_IRIX6 11 /* special IRIX 6.2 implementation */
#define LA_KSTAT 12 /* special Solaris kstat(3k) implementation */
#define LA_DEVSHORT 13 /* read short from a device */
#define LA_ALPHAOSF 14 /* Digital UNIX (OSF/1 on Alpha) table() call */
#define LA_PSET 15 /* Solaris per-processor-set load average */
#define LA_LONGLONG 17 /* read kmem for avenrun; interpret as long long */
/* do guesses based on general OS type */
#ifndef LA_TYPE
# define LA_TYPE LA_ZERO
-#endif /* ! LA_TYPE */
+#endif
#ifndef FSHIFT
# if defined(unixpc)
# define FSHIFT 5
-# endif /* defined(unixpc) */
+# endif
# if defined(__alpha) || defined(IRIX)
# define FSHIFT 10
-# endif /* defined(__alpha) || defined(IRIX) */
+# endif
#endif /* ! FSHIFT */
#ifndef FSHIFT
# define FSHIFT 8
-#endif /* ! FSHIFT */
+#endif
#ifndef FSCALE
# define FSCALE (1 << FSHIFT)
-#endif /* ! FSCALE */
+#endif
#ifndef LA_AVENRUN
# ifdef SYSTEM5
# define LA_AVENRUN "avenrun"
-# else /* SYSTEM5 */
+# else
# define LA_AVENRUN "_avenrun"
-# endif /* SYSTEM5 */
+# endif
#endif /* ! LA_AVENRUN */
/* _PATH_KMEM should be defined in <paths.h> */
#ifndef _PATH_KMEM
# define _PATH_KMEM "/dev/kmem"
-#endif /* ! _PATH_KMEM */
+#endif
#if (LA_TYPE == LA_INT) || (LA_TYPE == LA_FLOAT) || (LA_TYPE == LA_SHORT) || (LA_TYPE == LA_LONGLONG)
# include <nlist.h>
/* _PATH_UNIX should be defined in <paths.h> */
# ifndef _PATH_UNIX
# if defined(SYSTEM5)
# define _PATH_UNIX "/unix"
-# else /* defined(SYSTEM5) */
+# else
# define _PATH_UNIX "/vmunix"
-# endif /* defined(SYSTEM5) */
+# endif
# endif /* ! _PATH_UNIX */
# ifdef _AUX_SOURCE
struct nlist Nl[2];
# else /* _AUX_SOURCE */
struct nlist Nl[] =
{
{ LA_AVENRUN },
{ 0 },
};
# endif /* _AUX_SOURCE */
# define X_AVENRUN 0
int
getla()
{
int j;
static int kmem = -1;
# if LA_TYPE == LA_INT
long avenrun[3];
# else /* LA_TYPE == LA_INT */
# if LA_TYPE == LA_SHORT
short avenrun[3];
# else
# if LA_TYPE == LA_LONGLONG
long long avenrun[3];
-# else /* LA_TYPE == LA_LONGLONG */
+# else
double avenrun[3];
-# endif /* LA_TYPE == LA_LONGLONG */
+# endif
# endif /* LA_TYPE == LA_SHORT */
# endif /* LA_TYPE == LA_INT */
extern off_t lseek();
if (kmem < 0)
{
# ifdef _AUX_SOURCE
(void) sm_strlcpy(Nl[X_AVENRUN].n_name, LA_AVENRUN,
sizeof(Nl[X_AVENRUN].n_name));
Nl[1].n_name[0] = '\0';
# endif /* _AUX_SOURCE */
# if defined(_AIX3) || defined(_AIX4)
if (knlist(Nl, 1, sizeof(Nl[0])) < 0)
-# else /* defined(_AIX3) || defined(_AIX4) */
+# else
if (nlist(_PATH_UNIX, Nl) < 0)
-# endif /* defined(_AIX3) || defined(_AIX4) */
+# endif
{
if (tTd(3, 1))
sm_dprintf("getla: nlist(%s): %s\n", _PATH_UNIX,
sm_errstring(errno));
return -1;
}
if (Nl[X_AVENRUN].n_value == 0)
{
if (tTd(3, 1))
sm_dprintf("getla: nlist(%s, %s) ==> 0\n",
_PATH_UNIX, LA_AVENRUN);
return -1;
}
# ifdef NAMELISTMASK
Nl[X_AVENRUN].n_value &= NAMELISTMASK;
-# endif /* NAMELISTMASK */
+# endif
kmem = open(_PATH_KMEM, 0, 0);
if (kmem < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: open(/dev/kmem): %s\n",
sm_errstring(errno));
return -1;
}
if ((j = fcntl(kmem, F_GETFD, 0)) < 0 ||
fcntl(kmem, F_SETFD, j | FD_CLOEXEC) < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: fcntl(/dev/kmem, FD_CLOEXEC): %s\n",
sm_errstring(errno));
(void) close(kmem);
kmem = -1;
return -1;
}
}
if (tTd(3, 20))
sm_dprintf("getla: symbol address = %#lx\n",
(unsigned long) Nl[X_AVENRUN].n_value);
if (lseek(kmem, (off_t) Nl[X_AVENRUN].n_value, SEEK_SET) == -1 ||
read(kmem, (char *) avenrun, sizeof(avenrun)) != sizeof(avenrun))
{
/* thank you Ian */
if (tTd(3, 1))
sm_dprintf("getla: lseek or read: %s\n",
sm_errstring(errno));
return -1;
}
# if (LA_TYPE == LA_INT) || (LA_TYPE == LA_SHORT) || (LA_TYPE == LA_LONGLONG)
if (tTd(3, 5))
{
# if LA_TYPE == LA_SHORT
sm_dprintf("getla: avenrun = %d", avenrun[0]);
if (tTd(3, 15))
sm_dprintf(", %d, %d", avenrun[1], avenrun[2]);
# else /* LA_TYPE == LA_SHORT */
# if LA_TYPE == LA_LONGLONG
sm_dprintf("getla: avenrun = %lld", avenrun[0]);
if (tTd(3, 15))
sm_dprintf(", %lld, %lld", avenrun[1], avenrun[2]);
# else /* LA_TYPE == LA_LONGLONG */
sm_dprintf("getla: avenrun = %ld", avenrun[0]);
if (tTd(3, 15))
sm_dprintf(", %ld, %ld", avenrun[1], avenrun[2]);
# endif /* LA_TYPE == LA_LONGLONG */
# endif /* LA_TYPE == LA_SHORT */
sm_dprintf("\n");
}
if (tTd(3, 1))
sm_dprintf("getla: %d\n",
(int) (avenrun[0] + FSCALE/2) >> FSHIFT);
return ((int) (avenrun[0] + FSCALE/2) >> FSHIFT);
# else /* (LA_TYPE == LA_INT) || (LA_TYPE == LA_SHORT) || (LA_TYPE == LA_LONGLONG) */
if (tTd(3, 5))
{
sm_dprintf("getla: avenrun = %g", avenrun[0]);
if (tTd(3, 15))
sm_dprintf(", %g, %g", avenrun[1], avenrun[2]);
sm_dprintf("\n");
}
if (tTd(3, 1))
sm_dprintf("getla: %d\n", (int) (avenrun[0] +0.5));
return ((int) (avenrun[0] + 0.5));
# endif /* (LA_TYPE == LA_INT) || (LA_TYPE == LA_SHORT) || (LA_TYPE == LA_LONGLONG) */
}
#endif /* (LA_TYPE == LA_INT) || (LA_TYPE == LA_FLOAT) || (LA_TYPE == LA_SHORT) || (LA_TYPE == LA_LONGLONG) */
#if LA_TYPE == LA_READKSYM
# include <sys/ksym.h>
int
getla()
{
int j;
static int kmem = -1;
long avenrun[3];
struct mioc_rksym mirk;
if (kmem < 0)
{
kmem = open("/dev/kmem", 0, 0);
if (kmem < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: open(/dev/kmem): %s\n",
sm_errstring(errno));
return -1;
}
if ((j = fcntl(kmem, F_GETFD, 0)) < 0 ||
fcntl(kmem, F_SETFD, j | FD_CLOEXEC) < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: fcntl(/dev/kmem, FD_CLOEXEC): %s\n",
sm_errstring(errno));
(void) close(kmem);
kmem = -1;
return -1;
}
}
mirk.mirk_symname = LA_AVENRUN;
mirk.mirk_buf = avenrun;
mirk.mirk_buflen = sizeof(avenrun);
if (ioctl(kmem, MIOC_READKSYM, &mirk) < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: ioctl(MIOC_READKSYM) failed: %s\n",
sm_errstring(errno));
return -1;
}
if (tTd(3, 5))
{
sm_dprintf("getla: avenrun = %d", avenrun[0]);
if (tTd(3, 15))
sm_dprintf(", %d, %d", avenrun[1], avenrun[2]);
sm_dprintf("\n");
}
if (tTd(3, 1))
sm_dprintf("getla: %d\n",
(int) (avenrun[0] + FSCALE/2) >> FSHIFT);
return ((int) (avenrun[0] + FSCALE/2) >> FSHIFT);
}
#endif /* LA_TYPE == LA_READKSYM */
#if LA_TYPE == LA_DGUX
# include <sys/dg_sys_info.h>
int
getla()
{
struct dg_sys_info_load_info load_info;
dg_sys_info((long *)&load_info,
DG_SYS_INFO_LOAD_INFO_TYPE, DG_SYS_INFO_LOAD_VERSION_0);
if (tTd(3, 1))
sm_dprintf("getla: %d\n", (int) (load_info.one_minute + 0.5));
return ((int) (load_info.one_minute + 0.5));
}
#endif /* LA_TYPE == LA_DGUX */
#if LA_TYPE == LA_HPUX
/* forward declarations to keep gcc from complaining */
struct pst_dynamic;
struct pst_status;
struct pst_static;
struct pst_vminfo;
struct pst_diskinfo;
struct pst_processor;
struct pst_lv;
struct pst_swapinfo;
# include <sys/param.h>
# include <sys/pstat.h>
int
getla()
{
struct pst_dynamic pstd;
if (pstat_getdynamic(&pstd, sizeof(struct pst_dynamic),
(size_t) 1, 0) == -1)
return 0;
if (tTd(3, 1))
sm_dprintf("getla: %d\n", (int) (pstd.psd_avg_1_min + 0.5));
return (int) (pstd.psd_avg_1_min + 0.5);
}
#endif /* LA_TYPE == LA_HPUX */
#if LA_TYPE == LA_SUBR
int
getla()
{
double avenrun[3];
if (getloadavg(avenrun, sizeof(avenrun) / sizeof(avenrun[0])) < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: getloadavg failed: %s",
sm_errstring(errno));
return -1;
}
if (tTd(3, 1))
sm_dprintf("getla: %d\n", (int) (avenrun[0] +0.5));
return ((int) (avenrun[0] + 0.5));
}
#endif /* LA_TYPE == LA_SUBR */
#if LA_TYPE == LA_MACH
/*
** This has been tested on NEXTSTEP release 2.1/3.X.
*/
# if defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0
# include <mach/mach.h>
-# else /* defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0 */
+# else
# include <mach.h>
-# endif /* defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0 */
+# endif
int
getla()
{
processor_set_t default_set;
kern_return_t error;
unsigned int info_count;
struct processor_set_basic_info info;
host_t host;
error = processor_set_default(host_self(), &default_set);
if (error != KERN_SUCCESS)
{
if (tTd(3, 1))
sm_dprintf("getla: processor_set_default failed: %s",
sm_errstring(errno));
return -1;
}
info_count = PROCESSOR_SET_BASIC_INFO_COUNT;
if (processor_set_info(default_set, PROCESSOR_SET_BASIC_INFO,
&host, (processor_set_info_t)&info,
&info_count) != KERN_SUCCESS)
{
if (tTd(3, 1))
sm_dprintf("getla: processor_set_info failed: %s",
sm_errstring(errno));
return -1;
}
if (tTd(3, 1))
sm_dprintf("getla: %d\n",
(int) ((info.load_average + (LOAD_SCALE / 2)) /
LOAD_SCALE));
return (int) (info.load_average + (LOAD_SCALE / 2)) / LOAD_SCALE;
}
#endif /* LA_TYPE == LA_MACH */
#if LA_TYPE == LA_PROCSTR
# if SM_CONF_BROKEN_STRTOD
ERROR: This OS has most likely a broken strtod() implemenentation.
ERROR: The function is required for getla().
ERROR: Check the compilation options _LA_PROCSTR and
ERROR: _SM_CONF_BROKEN_STRTOD (without the leading _).
# endif /* SM_CONF_BROKEN_STRTOD */
/*
** Read /proc/loadavg for the load average. This is assumed to be
** in a format like "0.15 0.12 0.06".
**
** Initially intended for Linux. This has been in the kernel
** since at least 0.99.15.
*/
# ifndef _PATH_LOADAVG
# define _PATH_LOADAVG "/proc/loadavg"
-# endif /* ! _PATH_LOADAVG */
+# endif
int
getla()
{
double avenrun;
register int result;
SM_FILE_T *fp;
fp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, _PATH_LOADAVG, SM_IO_RDONLY,
NULL);
if (fp == NULL)
{
if (tTd(3, 1))
sm_dprintf("getla: sm_io_open(%s): %s\n",
_PATH_LOADAVG, sm_errstring(errno));
return -1;
}
result = sm_io_fscanf(fp, SM_TIME_DEFAULT, "%lf", &avenrun);
(void) sm_io_close(fp, SM_TIME_DEFAULT);
if (result != 1)
{
if (tTd(3, 1))
sm_dprintf("getla: sm_io_fscanf() = %d: %s\n",
result, sm_errstring(errno));
return -1;
}
if (tTd(3, 1))
sm_dprintf("getla(): %.2f\n", avenrun);
return ((int) (avenrun + 0.5));
}
#endif /* LA_TYPE == LA_PROCSTR */
#if LA_TYPE == LA_IRIX6
# include <sys/sysmp.h>
# ifdef _UNICOSMP
# define CAST_SYSMP(x) (x)
-# else /* _UNICOSMP */
+# else
# define CAST_SYSMP(x) ((x) & 0x7fffffff)
-# endif /* _UNICOSMP */
+# endif
int
getla(void)
{
int j;
static int kmem = -1;
int avenrun[3];
if (kmem < 0)
{
kmem = open(_PATH_KMEM, 0, 0);
if (kmem < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: open(%s): %s\n", _PATH_KMEM,
sm_errstring(errno));
return -1;
}
if ((j = fcntl(kmem, F_GETFD, 0)) < 0 ||
fcntl(kmem, F_SETFD, j | FD_CLOEXEC) < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: fcntl(/dev/kmem, FD_CLOEXEC): %s\n",
sm_errstring(errno));
(void) close(kmem);
kmem = -1;
return -1;
}
}
if (lseek(kmem, CAST_SYSMP(sysmp(MP_KERNADDR, MPKA_AVENRUN)), SEEK_SET)
== -1 ||
read(kmem, (char *) avenrun, sizeof(avenrun)) != sizeof(avenrun))
{
if (tTd(3, 1))
sm_dprintf("getla: lseek or read: %s\n",
sm_errstring(errno));
return -1;
}
if (tTd(3, 5))
{
sm_dprintf("getla: avenrun = %ld", (long int) avenrun[0]);
if (tTd(3, 15))
sm_dprintf(", %ld, %ld",
(long int) avenrun[1], (long int) avenrun[2]);
sm_dprintf("\n");
}
if (tTd(3, 1))
sm_dprintf("getla: %d\n",
(int) (avenrun[0] + FSCALE/2) >> FSHIFT);
return ((int) (avenrun[0] + FSCALE/2) >> FSHIFT);
}
#endif /* LA_TYPE == LA_IRIX6 */
#if LA_TYPE == LA_KSTAT
# include <kstat.h>
int
getla()
{
static kstat_ctl_t *kc = NULL;
static kstat_t *ksp = NULL;
kstat_named_t *ksn;
int la;
if (kc == NULL) /* if not initialized before */
kc = kstat_open();
if (kc == NULL)
{
if (tTd(3, 1))
sm_dprintf("getla: kstat_open(): %s\n",
sm_errstring(errno));
return -1;
}
if (ksp == NULL)
ksp = kstat_lookup(kc, "unix", 0, "system_misc");
if (ksp == NULL)
{
if (tTd(3, 1))
sm_dprintf("getla: kstat_lookup(): %s\n",
sm_errstring(errno));
return -1;
}
if (kstat_read(kc, ksp, NULL) < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: kstat_read(): %s\n",
sm_errstring(errno));
return -1;
}
ksn = (kstat_named_t *) kstat_data_lookup(ksp, "avenrun_1min");
la = ((double) ksn->value.ul + FSCALE/2) / FSCALE;
/* kstat_close(kc); /o do not close for fast access */
return la;
}
#endif /* LA_TYPE == LA_KSTAT */
#if LA_TYPE == LA_DEVSHORT
/*
** Read /dev/table/avenrun for the load average. This should contain
** three shorts for the 1, 5, and 15 minute loads. We only read the
** first, since that's all we care about.
**
** Intended for SCO OpenServer 5.
*/
# ifndef _PATH_AVENRUN
# define _PATH_AVENRUN "/dev/table/avenrun"
-# endif /* ! _PATH_AVENRUN */
+# endif
int
getla()
{
static int afd = -1;
short avenrun;
int loadav;
int r;
errno = EBADF;
if (afd == -1 || lseek(afd, 0L, SEEK_SET) == -1)
{
if (errno != EBADF)
return -1;
afd = open(_PATH_AVENRUN, O_RDONLY|O_SYNC);
if (afd < 0)
{
sm_syslog(LOG_ERR, NOQID,
"can't open %s: %s",
_PATH_AVENRUN, sm_errstring(errno));
return -1;
}
}
r = read(afd, &avenrun, sizeof(avenrun));
if (r != sizeof(avenrun))
{
sm_syslog(LOG_ERR, NOQID,
"can't read %s: %s", _PATH_AVENRUN,
r == -1 ? sm_errstring(errno) : "short read");
return -1;
}
if (tTd(3, 5))
sm_dprintf("getla: avenrun = %d\n", avenrun);
loadav = (int) (avenrun + FSCALE/2) >> FSHIFT;
if (tTd(3, 1))
sm_dprintf("getla: %d\n", loadav);
return loadav;
}
#endif /* LA_TYPE == LA_DEVSHORT */
#if LA_TYPE == LA_ALPHAOSF
struct rtentry;
struct mbuf;
# include <sys/table.h>
int
getla()
{
int ave = 0;
struct tbl_loadavg tab;
if (table(TBL_LOADAVG, 0, &tab, 1, sizeof(tab)) == -1)
{
if (tTd(3, 1))
sm_dprintf("getla: table %s\n", sm_errstring(errno));
return -1;
}
if (tTd(3, 1))
sm_dprintf("getla: scale = %d\n", tab.tl_lscale);
if (tab.tl_lscale)
ave = ((tab.tl_avenrun.l[2] + (tab.tl_lscale/2)) /
tab.tl_lscale);
else
ave = (int) (tab.tl_avenrun.d[2] + 0.5);
if (tTd(3, 1))
sm_dprintf("getla: %d\n", ave);
return ave;
}
#endif /* LA_TYPE == LA_ALPHAOSF */
#if LA_TYPE == LA_PSET
int
getla()
{
double avenrun[3];
if (pset_getloadavg(PS_MYID, avenrun,
sizeof(avenrun) / sizeof(avenrun[0])) < 0)
{
if (tTd(3, 1))
sm_dprintf("getla: pset_getloadavg failed: %s",
sm_errstring(errno));
return -1;
}
if (tTd(3, 1))
sm_dprintf("getla: %d\n", (int) (avenrun[0] +0.5));
return ((int) (avenrun[0] + 0.5));
}
#endif /* LA_TYPE == LA_PSET */
#if LA_TYPE == LA_ZERO
int
getla()
{
if (tTd(3, 1))
sm_dprintf("getla: ZERO\n");
return 0;
}
#endif /* LA_TYPE == LA_ZERO */
/*
* Copyright 1989 Massachusetts Institute of Technology
*
* Permission to use, copy, modify, distribute, and sell this software and its
* documentation for any purpose is hereby granted without fee, provided that
* the above copyright notice appear in all copies and that both that
* copyright notice and this permission notice appear in supporting
* documentation, and that the name of M.I.T. not be used in advertising or
* publicity pertaining to distribution of the software without specific,
* written prior permission. M.I.T. makes no representations about the
* suitability of this software for any purpose. It is provided "as is"
* without express or implied warranty.
*
* M.I.T. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL M.I.T.
* BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Authors: Many and varied...
*/
/* Non Apollo stuff removed by Don Lewis 11/15/93 */
#ifndef lint
SM_UNUSED(static char rcsid[]) = "@(#)$OrigId: getloadavg.c,v 1.16 1991/06/21 12:51:15 paul Exp $";
-#endif /* ! lint */
+#endif
#ifdef apollo
# undef volatile
# include <apollo/base.h>
/* ARGSUSED */
int getloadavg( call_data )
caddr_t call_data; /* pointer to (double) return value */
{
double *avenrun = (double *) call_data;
int i;
status_$t st;
long loadav[3];
proc1_$get_loadav(loadav, &st);
*avenrun = loadav[0] / (double) (1 << 16);
return 0;
}
#endif /* apollo */
/*
** SM_GETLA -- get the current load average
**
** Parameters:
** none
**
** Returns:
** none
**
** Side Effects:
** Set CurrentLA to the current load average.
** Set {load_avg} in GlobalMacros to the current load average.
*/
void
sm_getla()
{
char labuf[8];
CurrentLA = getla();
(void) sm_snprintf(labuf, sizeof(labuf), "%d", CurrentLA);
macdefine(&GlobalMacros, A_TEMP, macid("{load_avg}"), labuf);
}
/*
** SHOULDQUEUE -- should this message be queued or sent?
**
** Compares the message cost to the load average to decide.
**
** Note: Do NOT change this API! It is documented in op.me
** and theoretically the user can change this function...
**
** Parameters:
** pri -- the priority of the message in question.
** ct -- the message creation time (unused, but see above).
**
** Returns:
** true -- if this message should be queued up for the
** time being.
** false -- if the load is low enough to send this message.
**
** Side Effects:
** none.
*/
/* ARGSUSED1 */
bool
shouldqueue(pri, ct)
long pri;
time_t ct;
{
bool rval;
#if _FFR_MEMSTAT
long memfree;
-#endif /* _FFR_MEMSTAT */
+#endif
if (tTd(3, 30))
sm_dprintf("shouldqueue: CurrentLA=%d, pri=%ld: ",
CurrentLA, pri);
#if _FFR_MEMSTAT
if (QueueLowMem > 0 &&
sm_memstat_get(MemoryResource, &memfree) >= 0 &&
memfree < QueueLowMem)
{
if (tTd(3, 30))
sm_dprintf("true (memfree=%ld < QueueLowMem=%ld)\n",
memfree, QueueLowMem);
return true;
}
#endif /* _FFR_MEMSTAT */
if (CurrentLA < QueueLA)
{
if (tTd(3, 30))
sm_dprintf("false (CurrentLA < QueueLA)\n");
return false;
}
rval = pri > (QueueFactor / (CurrentLA - QueueLA + 1));
if (tTd(3, 30))
sm_dprintf("%s (by calculation)\n", rval ? "true" : "false");
return rval;
}
/*
** REFUSECONNECTIONS -- decide if connections should be refused
**
** Parameters:
** e -- the current envelope.
** dn -- number of daemon.
** active -- was this daemon actually active?
**
** Returns:
** true if incoming SMTP connections should be refused
** (for now).
** false if we should accept new work.
**
** Side Effects:
** Sets process title when it is rejecting connections.
*/
bool
refuseconnections(e, dn, active)
ENVELOPE *e;
int dn;
bool active;
{
static time_t lastconn[MAXDAEMONS];
static int conncnt[MAXDAEMONS];
static time_t firstrejtime[MAXDAEMONS];
static time_t nextlogtime[MAXDAEMONS];
int limit;
#if _FFR_MEMSTAT
long memfree;
-#endif /* _FFR_MEMSTAT */
+#endif
#if XLA
if (!xla_smtp_ok())
return true;
-#endif /* XLA */
+#endif
SM_ASSERT(dn >= 0);
SM_ASSERT(dn < MAXDAEMONS);
if (ConnRateThrottle > 0)
{
time_t now;
now = curtime();
if (active)
{
if (now != lastconn[dn])
{
lastconn[dn] = now;
conncnt[dn] = 1;
}
else if (conncnt[dn]++ > ConnRateThrottle)
{
#define D_MSG_CRT "deferring connections on daemon %s: %d per second"
/* sleep to flatten out connection load */
sm_setproctitle(true, e, D_MSG_CRT,
Daemons[dn].d_name,
ConnRateThrottle);
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID, D_MSG_CRT,
Daemons[dn].d_name,
ConnRateThrottle);
(void) sleep(1);
}
}
else if (now != lastconn[dn])
conncnt[dn] = 0;
}
#if _FFR_MEMSTAT
if (RefuseLowMem > 0 &&
sm_memstat_get(MemoryResource, &memfree) >= 0 &&
memfree < RefuseLowMem)
{
# define R_MSG_LM "rejecting connections on daemon %s: free memory: %ld"
sm_setproctitle(true, e, R_MSG_LM, Daemons[dn].d_name, memfree);
if (LogLevel > 8)
sm_syslog(LOG_NOTICE, NOQID, R_MSG_LM,
Daemons[dn].d_name, memfree);
return true;
}
#endif /* _FFR_MEMSTAT */
sm_getla();
limit = (Daemons[dn].d_refuseLA != DPO_NOTSET) ?
Daemons[dn].d_refuseLA : RefuseLA;
if (limit > 0 && CurrentLA >= limit)
{
time_t now;
# define R_MSG_LA "rejecting connections on daemon %s: load average: %d"
# define R2_MSG_LA "have been rejecting connections on daemon %s for %s"
sm_setproctitle(true, e, R_MSG_LA, Daemons[dn].d_name,
CurrentLA);
if (LogLevel > 8)
sm_syslog(LOG_NOTICE, NOQID, R_MSG_LA,
Daemons[dn].d_name, CurrentLA);
now = curtime();
if (firstrejtime[dn] == 0)
{
firstrejtime[dn] = now;
nextlogtime[dn] = now + RejectLogInterval;
}
else if (nextlogtime[dn] < now)
{
sm_syslog(LOG_ERR, NOQID, R2_MSG_LA, Daemons[dn].d_name,
pintvl(now - firstrejtime[dn], true));
nextlogtime[dn] = now + RejectLogInterval;
}
return true;
}
else
firstrejtime[dn] = 0;
limit = (Daemons[dn].d_delayLA != DPO_NOTSET) ?
Daemons[dn].d_delayLA : DelayLA;
if (limit > 0 && CurrentLA >= limit)
{
time_t now;
static time_t log_delay = (time_t) 0;
# define MIN_DELAY_LOG 90 /* wait before logging this again */
# define D_MSG_LA "delaying connections on daemon %s: load average=%d >= %d"
/* sleep to flatten out connection load */
sm_setproctitle(true, e, D_MSG_LA, Daemons[dn].d_name,
CurrentLA, limit);
if (LogLevel > 8 && (now = curtime()) > log_delay)
{
sm_syslog(LOG_INFO, NOQID, D_MSG_LA,
Daemons[dn].d_name, CurrentLA, limit);
log_delay = now + MIN_DELAY_LOG;
}
(void) sleep(1);
}
limit = (Daemons[dn].d_maxchildren != DPO_NOTSET) ?
Daemons[dn].d_maxchildren : MaxChildren;
if (limit > 0 && CurChildren >= limit)
{
proc_list_probe();
if (CurChildren >= limit)
{
#define R_MSG_CHILD "rejecting connections on daemon %s: %d children, max %d"
sm_setproctitle(true, e, R_MSG_CHILD,
Daemons[dn].d_name, CurChildren,
limit);
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID, R_MSG_CHILD,
Daemons[dn].d_name, CurChildren,
limit);
return true;
}
}
return false;
}
/*
** SETPROCTITLE -- set process title for ps
**
** Parameters:
** fmt -- a printf style format string.
** a, b, c -- possible parameters to fmt.
**
** Returns:
** none.
**
** Side Effects:
** Clobbers argv of our main procedure so ps(1) will
** display the title.
*/
#define SPT_NONE 0 /* don't use it at all */
#define SPT_REUSEARGV 1 /* cover argv with title information */
#define SPT_BUILTIN 2 /* use libc builtin */
#define SPT_PSTAT 3 /* use pstat(PSTAT_SETCMD, ...) */
#define SPT_PSSTRINGS 4 /* use PS_STRINGS->... */
#define SPT_SYSMIPS 5 /* use sysmips() supported by NEWS-OS 6 */
#define SPT_SCO 6 /* write kernel u. area */
#define SPT_CHANGEARGV 7 /* write our own strings into argv[] */
#ifndef SPT_TYPE
# define SPT_TYPE SPT_REUSEARGV
-#endif /* ! SPT_TYPE */
+#endif
#if SPT_TYPE != SPT_NONE && SPT_TYPE != SPT_BUILTIN
# if SPT_TYPE == SPT_PSTAT
# include <sys/pstat.h>
-# endif /* SPT_TYPE == SPT_PSTAT */
+# endif
# if SPT_TYPE == SPT_PSSTRINGS
# include <machine/vmparam.h>
# include <sys/exec.h>
# ifndef PS_STRINGS /* hmmmm.... apparently not available after all */
# undef SPT_TYPE
# define SPT_TYPE SPT_REUSEARGV
# else /* ! PS_STRINGS */
# ifndef NKPDE /* FreeBSD 2.0 */
# define NKPDE 63
typedef unsigned int *pt_entry_t;
# endif /* ! NKPDE */
# endif /* ! PS_STRINGS */
# endif /* SPT_TYPE == SPT_PSSTRINGS */
# if SPT_TYPE == SPT_PSSTRINGS || SPT_TYPE == SPT_CHANGEARGV
# define SETPROC_STATIC static
-# else /* SPT_TYPE == SPT_PSSTRINGS || SPT_TYPE == SPT_CHANGEARGV */
+# else
# define SETPROC_STATIC
-# endif /* SPT_TYPE == SPT_PSSTRINGS || SPT_TYPE == SPT_CHANGEARGV */
+# endif
# if SPT_TYPE == SPT_SYSMIPS
# include <sys/sysmips.h>
# include <sys/sysnews.h>
-# endif /* SPT_TYPE == SPT_SYSMIPS */
+# endif
# if SPT_TYPE == SPT_SCO
# include <sys/immu.h>
# include <sys/dir.h>
# include <sys/user.h>
# include <sys/fs/s5param.h>
# if PSARGSZ > MAXLINE
# define SPT_BUFSIZE PSARGSZ
-# endif /* PSARGSZ > MAXLINE */
+# endif
# endif /* SPT_TYPE == SPT_SCO */
# ifndef SPT_PADCHAR
# define SPT_PADCHAR ' '
-# endif /* ! SPT_PADCHAR */
+# endif
#endif /* SPT_TYPE != SPT_NONE && SPT_TYPE != SPT_BUILTIN */
#ifndef SPT_BUFSIZE
# define SPT_BUFSIZE MAXLINE
-#endif /* ! SPT_BUFSIZE */
+#endif
#if _FFR_SPT_ALIGN
/*
** It looks like the Compaq Tru64 5.1A now aligns argv and envp to
** 64 bit alignment, so unless each piece of argv and envp is a multiple
** of 8 bytes (including terminating NULL), initsetproctitle() won't use
** any of the space beyond argv[0]. Be sure to set SPT_ALIGN_SIZE if
** you use this FFR.
*/
# ifdef SPT_ALIGN_SIZE
# define SPT_ALIGN(x, align) (((((x) + SPT_ALIGN_SIZE) >> (align)) << (align)) - 1)
-# else /* SPT_ALIGN_SIZE */
+# else
# define SPT_ALIGN(x, align) (x)
-# endif /* SPT_ALIGN_SIZE */
+# endif
#else /* _FFR_SPT_ALIGN */
# define SPT_ALIGN(x, align) (x)
#endif /* _FFR_SPT_ALIGN */
/*
** Pointers for setproctitle.
** This allows "ps" listings to give more useful information.
*/
static char **Argv = NULL; /* pointer to argument vector */
static char *LastArgv = NULL; /* end of argv */
#if SPT_TYPE != SPT_BUILTIN
static void setproctitle __P((const char *, ...));
-#endif /* SPT_TYPE != SPT_BUILTIN */
+#endif
void
initsetproctitle(argc, argv, envp)
int argc;
char **argv;
char **envp;
{
register int i;
+#if _FFR_SPT_ALIGN
int align;
+#endif
extern char **environ;
/*
** Move the environment so setproctitle can use the space at
** the top of memory.
*/
if (envp != NULL)
{
for (i = 0; envp[i] != NULL; i++)
continue;
environ = (char **) xalloc(sizeof(char *) * (i + 1));
for (i = 0; envp[i] != NULL; i++)
environ[i] = newstr(envp[i]);
environ[i] = NULL;
}
/*
** Save start and extent of argv for setproctitle.
*/
Argv = argv;
/*
** Determine how much space we can use for setproctitle.
** Use all contiguous argv and envp pointers starting at argv[0]
*/
- align = -1;
# if _FFR_SPT_ALIGN
+ align = -1;
# ifdef SPT_ALIGN_SIZE
for (i = SPT_ALIGN_SIZE; i > 0; i >>= 1)
align++;
-# endif /* SPT_ALIGN_SIZE */
+# endif
# endif /* _FFR_SPT_ALIGN */
for (i = 0; i < argc; i++)
{
if (i == 0 || LastArgv + 1 == argv[i])
LastArgv = argv[i] + SPT_ALIGN(strlen(argv[i]), align);
}
for (i = 0; LastArgv != NULL && envp != NULL && envp[i] != NULL; i++)
{
if (LastArgv + 1 == envp[i])
LastArgv = envp[i] + SPT_ALIGN(strlen(envp[i]), align);
}
}
#if SPT_TYPE != SPT_BUILTIN
/*VARARGS1*/
static void
# ifdef __STDC__
setproctitle(const char *fmt, ...)
# else /* __STDC__ */
setproctitle(fmt, va_alist)
const char *fmt;
va_dcl
# endif /* __STDC__ */
{
# if SPT_TYPE != SPT_NONE
register int i;
register char *p;
SETPROC_STATIC char buf[SPT_BUFSIZE];
SM_VA_LOCAL_DECL
# if SPT_TYPE == SPT_PSTAT
union pstun pst;
-# endif /* SPT_TYPE == SPT_PSTAT */
+# endif
# if SPT_TYPE == SPT_SCO
int j;
off_t seek_off;
static int kmem = -1;
static pid_t kmempid = -1;
struct user u;
# endif /* SPT_TYPE == SPT_SCO */
p = buf;
/* print sendmail: heading for grep */
(void) sm_strlcpy(p, "sendmail: ", SPACELEFT(buf, p));
p += strlen(p);
/* print the argument string */
SM_VA_START(ap, fmt);
(void) sm_vsnprintf(p, SPACELEFT(buf, p), fmt, ap);
SM_VA_END(ap);
i = (int) strlen(buf);
if (i < 0)
return;
# if SPT_TYPE == SPT_PSTAT
pst.pst_command = buf;
pstat(PSTAT_SETCMD, pst, i, 0, 0);
-# endif /* SPT_TYPE == SPT_PSTAT */
+# endif
# if SPT_TYPE == SPT_PSSTRINGS
PS_STRINGS->ps_nargvstr = 1;
PS_STRINGS->ps_argvstr = buf;
-# endif /* SPT_TYPE == SPT_PSSTRINGS */
+# endif
# if SPT_TYPE == SPT_SYSMIPS
sysmips(SONY_SYSNEWS, NEWS_SETPSARGS, buf);
-# endif /* SPT_TYPE == SPT_SYSMIPS */
+# endif
# if SPT_TYPE == SPT_SCO
if (kmem < 0 || kmempid != CurrentPid)
{
if (kmem >= 0)
(void) close(kmem);
kmem = open(_PATH_KMEM, O_RDWR, 0);
if (kmem < 0)
return;
if ((j = fcntl(kmem, F_GETFD, 0)) < 0 ||
fcntl(kmem, F_SETFD, j | FD_CLOEXEC) < 0)
{
(void) close(kmem);
kmem = -1;
return;
}
kmempid = CurrentPid;
}
buf[PSARGSZ - 1] = '\0';
seek_off = UVUBLK + (off_t) u.u_psargs - (off_t) &u;
if (lseek(kmem, (off_t) seek_off, SEEK_SET) == seek_off)
(void) write(kmem, buf, PSARGSZ);
# endif /* SPT_TYPE == SPT_SCO */
# if SPT_TYPE == SPT_REUSEARGV
if (LastArgv == NULL)
return;
if (i > LastArgv - Argv[0] - 2)
{
i = LastArgv - Argv[0] - 2;
buf[i] = '\0';
}
(void) sm_strlcpy(Argv[0], buf, i + 1);
p = &Argv[0][i];
while (p < LastArgv)
*p++ = SPT_PADCHAR;
Argv[1] = NULL;
# endif /* SPT_TYPE == SPT_REUSEARGV */
# if SPT_TYPE == SPT_CHANGEARGV
Argv[0] = buf;
- Argv[1] = 0;
-# endif /* SPT_TYPE == SPT_CHANGEARGV */
+ Argv[1] = NULL;
+# endif
# endif /* SPT_TYPE != SPT_NONE */
}
-
#endif /* SPT_TYPE != SPT_BUILTIN */
+
/*
** SM_SETPROCTITLE -- set process task and set process title for ps
**
** Possibly set process status and call setproctitle() to
** change the ps display.
**
** Parameters:
** status -- whether or not to store as process status
** e -- the current envelope.
** fmt -- a printf style format string.
** a, b, c -- possible parameters to fmt.
**
** Returns:
** none.
*/
/*VARARGS3*/
void
#ifdef __STDC__
sm_setproctitle(bool status, ENVELOPE *e, const char *fmt, ...)
#else /* __STDC__ */
sm_setproctitle(status, e, fmt, va_alist)
bool status;
ENVELOPE *e;
const char *fmt;
va_dcl
#endif /* __STDC__ */
{
char buf[SPT_BUFSIZE];
SM_VA_LOCAL_DECL
/* print the argument string */
SM_VA_START(ap, fmt);
(void) sm_vsnprintf(buf, sizeof(buf), fmt, ap);
SM_VA_END(ap);
if (status)
proc_list_set(CurrentPid, buf);
if (ProcTitlePrefix != NULL)
{
char prefix[SPT_BUFSIZE];
expand(ProcTitlePrefix, prefix, sizeof(prefix), e);
setproctitle("%s: %s", prefix, buf);
}
else
setproctitle("%s", buf);
}
/*
** WAITFOR -- wait for a particular process id.
**
** Parameters:
** pid -- process id to wait for.
**
** Returns:
** status of pid.
** -1 if pid never shows up.
**
** Side Effects:
** none.
*/
int
waitfor(pid)
pid_t pid;
{
int st;
pid_t i;
do
{
errno = 0;
i = sm_wait(&st);
if (i > 0)
proc_list_drop(i, st, NULL);
} while ((i >= 0 || errno == EINTR) && i != pid);
if (i < 0)
return -1;
return st;
}
/*
** SM_WAIT -- wait
**
** Parameters:
** status -- pointer to status (return value)
**
** Returns:
** pid
*/
pid_t
sm_wait(status)
int *status;
{
# ifdef WAITUNION
union wait st;
-# else /* WAITUNION */
+# else
auto int st;
-# endif /* WAITUNION */
+# endif
pid_t i;
# if defined(ISC_UNIX) || defined(_SCO_unix_)
int savesig;
-# endif /* defined(ISC_UNIX) || defined(_SCO_unix_) */
+# endif
# if defined(ISC_UNIX) || defined(_SCO_unix_)
savesig = sm_releasesignal(SIGCHLD);
-# endif /* defined(ISC_UNIX) || defined(_SCO_unix_) */
+# endif
i = wait(&st);
# if defined(ISC_UNIX) || defined(_SCO_unix_)
if (savesig > 0)
sm_blocksignal(SIGCHLD);
-# endif /* defined(ISC_UNIX) || defined(_SCO_unix_) */
+# endif
# ifdef WAITUNION
*status = st.w_status;
-# else /* WAITUNION */
+# else
*status = st;
-# endif /* WAITUNION */
+# endif
return i;
}
/*
** REAPCHILD -- pick up the body of my child, lest it become a zombie
**
** Parameters:
** sig -- the signal that got us here (unused).
**
** Returns:
** none.
**
** Side Effects:
** Picks up extant zombies.
** Control socket exits may restart/shutdown daemon.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED0 */
SIGFUNC_DECL
reapchild(sig)
int sig;
{
int save_errno = errno;
int st;
pid_t pid;
# if HASWAITPID
auto int status;
int count;
count = 0;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
{
st = status;
if (count++ > 1000)
break;
# else /* HASWAITPID */
# ifdef WNOHANG
union wait status;
while ((pid = wait3(&status, WNOHANG, (struct rusage *) NULL)) > 0)
{
st = status.w_status;
# else /* WNOHANG */
auto int status;
/*
** Catch one zombie -- we will be re-invoked (we hope) if there
** are more. Unreliable signals probably break this, but this
** is the "old system" situation -- waitpid or wait3 are to be
** strongly preferred.
*/
if ((pid = wait(&status)) > 0)
{
st = status;
# endif /* WNOHANG */
# endif /* HASWAITPID */
/* Drop PID and check if it was a control socket child */
proc_list_drop(pid, st, NULL);
}
FIX_SYSV_SIGNAL(sig, reapchild);
errno = save_errno;
return SIGFUNC_RETURN;
}
/*
** GETDTSIZE -- return number of file descriptors
**
** Only on non-BSD systems
**
** Parameters:
** none
**
** Returns:
** size of file descriptor table
**
** Side Effects:
** none
*/
#ifdef SOLARIS
# include <sys/resource.h>
-#endif /* SOLARIS */
+#endif
int
getdtsize()
{
# ifdef RLIMIT_NOFILE
struct rlimit rl;
if (getrlimit(RLIMIT_NOFILE, &rl) >= 0)
return rl.rlim_cur;
# endif /* RLIMIT_NOFILE */
# if HASGETDTABLESIZE
return getdtablesize();
# else /* HASGETDTABLESIZE */
# ifdef _SC_OPEN_MAX
return sysconf(_SC_OPEN_MAX);
-# else /* _SC_OPEN_MAX */
+# else
return NOFILE;
-# endif /* _SC_OPEN_MAX */
+# endif
# endif /* HASGETDTABLESIZE */
}
/*
** UNAME -- get the UUCP name of this system.
*/
#if !HASUNAME
int
uname(name)
struct utsname *name;
{
SM_FILE_T *file;
char *n;
name->nodename[0] = '\0';
/* try /etc/whoami -- one line with the node name */
if ((file = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, "/etc/whoami",
SM_IO_RDONLY, NULL)) != NULL)
{
(void) sm_io_fgets(file, SM_TIME_DEFAULT, name->nodename,
NODE_LENGTH + 1);
(void) sm_io_close(file, SM_TIME_DEFAULT);
n = strchr(name->nodename, '\n');
if (n != NULL)
*n = '\0';
if (name->nodename[0] != '\0')
return 0;
}
/* try /usr/include/whoami.h -- has a #define somewhere */
if ((file = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
"/usr/include/whoami.h", SM_IO_RDONLY, NULL))
!= NULL)
{
char buf[MAXLINE];
while (sm_io_fgets(file, SM_TIME_DEFAULT,
buf, sizeof(buf)) >= 0)
{
if (sm_io_sscanf(buf, "#define sysname \"%*[^\"]\"",
NODE_LENGTH, name->nodename) > 0)
break;
}
(void) sm_io_close(file, SM_TIME_DEFAULT);
if (name->nodename[0] != '\0')
return 0;
}
return -1;
}
#endif /* !HASUNAME */
/*
** INITGROUPS -- initialize groups
**
** Stub implementation for System V style systems
*/
#if !HASINITGROUPS
-
initgroups(name, basegid)
char *name;
int basegid;
{
return 0;
}
-
#endif /* !HASINITGROUPS */
+
/*
** SETGROUPS -- set group list
**
** Stub implementation for systems that don't have group lists
*/
#ifndef NGROUPS_MAX
-
int
setgroups(ngroups, grouplist)
int ngroups;
GIDSET_T grouplist[];
{
return 0;
}
-
#endif /* ! NGROUPS_MAX */
+
/*
** SETSID -- set session id (for non-POSIX systems)
*/
#if !HASSETSID
pid_t
setsid __P ((void))
{
# ifdef TIOCNOTTY
int fd;
fd = open("/dev/tty", O_RDWR, 0);
if (fd >= 0)
{
(void) ioctl(fd, TIOCNOTTY, (char *) 0);
(void) close(fd);
}
# endif /* TIOCNOTTY */
# ifdef SYS5SETPGRP
return setpgrp();
-# else /* SYS5SETPGRP */
+# else
return setpgid(0, CurrentPid);
-# endif /* SYS5SETPGRP */
+# endif
}
#endif /* !HASSETSID */
/*
** FSYNC -- dummy fsync
*/
#if NEEDFSYNC
fsync(fd)
int fd;
{
# ifdef O_SYNC
return fcntl(fd, F_SETFL, O_SYNC);
-# else /* O_SYNC */
+# else
/* nothing we can do */
return 0;
-# endif /* O_SYNC */
+# endif
}
-
#endif /* NEEDFSYNC */
+
/*
** DGUX_INET_ADDR -- inet_addr for DG/UX
**
** Data General DG/UX version of inet_addr returns a struct in_addr
** instead of a long. This patches things. Only needed on versions
** prior to 5.4.3.
*/
#ifdef DGUX_5_4_2
# undef inet_addr
long
dgux_inet_addr(host)
char *host;
{
struct in_addr haddr;
haddr = inet_addr(host);
return haddr.s_addr;
}
#endif /* DGUX_5_4_2 */
/*
** GETOPT -- for old systems or systems with bogus implementations
*/
#if !SM_CONF_GETOPT
/*
* Copyright (c) 1985 Regents of the University of California.
* All rights reserved. The Berkeley software License Agreement
* specifies the terms and conditions for redistribution.
*/
/*
** this version hacked to add `atend' flag to allow state machine
** to reset if invoked by the program to scan args for a 2nd time
*/
# if defined(LIBC_SCCS) && !defined(lint)
static char sccsid[] = "@(#)getopt.c 4.3 (Berkeley) 3/9/86";
-# endif /* defined(LIBC_SCCS) && !defined(lint) */
+# endif
/*
** get option letter from argument vector
*/
# ifdef _CONVEX_SOURCE
extern int optind, opterr, optopt;
extern char *optarg;
# else /* _CONVEX_SOURCE */
int opterr = 1; /* if error message should be printed */
int optind = 1; /* index into parent argv vector */
int optopt = 0; /* character checked for validity */
char *optarg = NULL; /* argument associated with option */
# endif /* _CONVEX_SOURCE */
# define BADCH (int)'?'
# define EMSG ""
# define tell(s) if (opterr) \
{sm_io_fputs(smioerr, SM_TIME_DEFAULT, *nargv); \
(void) sm_io_fputs(smioerr, SM_TIME_DEFAULT, s); \
(void) sm_io_putc(smioerr, SM_TIME_DEFAULT, optopt); \
(void) sm_io_putc(smioerr, SM_TIME_DEFAULT, '\n'); \
return BADCH;}
int
getopt(nargc,nargv,ostr)
int nargc;
char *const *nargv;
const char *ostr;
{
static char *place = EMSG; /* option letter processing */
static char atend = 0;
register char *oli = NULL; /* option letter list index */
if (atend) {
atend = 0;
place = EMSG;
}
if(!*place) { /* update scanning pointer */
if (optind >= nargc || *(place = nargv[optind]) != '-' || !*++place) {
atend++;
return -1;
}
if (*place == '-') { /* found "--" */
++optind;
atend++;
return -1;
}
} /* option letter okay? */
if ((optopt = (int)*place++) == (int)':' || !(oli = strchr(ostr,optopt))) {
if (!*place) ++optind;
tell(": illegal option -- ");
}
if (oli && *++oli != ':') { /* don't need argument */
optarg = NULL;
if (!*place) ++optind;
}
else { /* need an argument */
if (*place) optarg = place; /* no white space */
else if (nargc <= ++optind) { /* no arg */
place = EMSG;
tell(": option requires an argument -- ");
}
else optarg = nargv[optind]; /* white space */
place = EMSG;
++optind;
}
return optopt; /* dump back option letter */
}
#endif /* !SM_CONF_GETOPT */
/*
** USERSHELLOK -- tell if a user's shell is ok for unrestricted use
**
** Parameters:
** user -- the name of the user we are checking.
** shell -- the user's shell from /etc/passwd
**
** Returns:
** true -- if it is ok to use this for unrestricted access.
** false -- if the shell is restricted.
*/
#if !HASGETUSERSHELL
# ifndef _PATH_SHELLS
# define _PATH_SHELLS "/etc/shells"
-# endif /* ! _PATH_SHELLS */
+# endif
# if defined(_AIX3) || defined(_AIX4)
# include <userconf.h>
# if _AIX4 >= 40200
# include <userpw.h>
-# endif /* _AIX4 >= 40200 */
+# endif
# include <usersec.h>
# endif /* defined(_AIX3) || defined(_AIX4) */
static char *DefaultUserShells[] =
{
"/bin/sh", /* standard shell */
# ifdef MPE
"/SYS/PUB/CI",
# else /* MPE */
"/usr/bin/sh",
"/bin/csh", /* C shell */
"/usr/bin/csh",
# endif /* MPE */
# ifdef __hpux
# ifdef V4FS
"/usr/bin/rsh", /* restricted Bourne shell */
"/usr/bin/ksh", /* Korn shell */
"/usr/bin/rksh", /* restricted Korn shell */
"/usr/bin/pam",
"/usr/bin/keysh", /* key shell (extended Korn shell) */
"/usr/bin/posix/sh",
# else /* V4FS */
"/bin/rsh", /* restricted Bourne shell */
"/bin/ksh", /* Korn shell */
"/bin/rksh", /* restricted Korn shell */
"/bin/pam",
"/usr/bin/keysh", /* key shell (extended Korn shell) */
"/bin/posix/sh",
"/sbin/sh",
# endif /* V4FS */
# endif /* __hpux */
# if defined(_AIX3) || defined(_AIX4)
"/bin/ksh", /* Korn shell */
"/usr/bin/ksh",
"/bin/tsh", /* trusted shell */
"/usr/bin/tsh",
"/bin/bsh", /* Bourne shell */
"/usr/bin/bsh",
# endif /* defined(_AIX3) || defined(_AIX4) */
# if defined(__svr4__) || defined(__svr5__)
"/bin/ksh", /* Korn shell */
"/usr/bin/ksh",
# endif /* defined(__svr4__) || defined(__svr5__) */
# ifdef sgi
"/sbin/sh", /* SGI's shells really live in /sbin */
"/usr/bin/sh",
"/sbin/bsh", /* classic Bourne shell */
"/bin/bsh",
"/usr/bin/bsh",
"/sbin/csh", /* standard csh */
"/bin/csh",
"/usr/bin/csh",
"/sbin/jsh", /* classic Bourne shell w/ job control*/
"/bin/jsh",
"/usr/bin/jsh",
"/bin/ksh", /* Korn shell */
"/sbin/ksh",
"/usr/bin/ksh",
"/sbin/tcsh", /* Extended csh */
"/bin/tcsh",
"/usr/bin/tcsh",
# endif /* sgi */
NULL
};
#endif /* !HASGETUSERSHELL */
#define WILDCARD_SHELL "/SENDMAIL/ANY/SHELL/"
bool
usershellok(user, shell)
char *user;
char *shell;
{
# if HASGETUSERSHELL
register char *p;
extern char *getusershell();
if (shell == NULL || shell[0] == '\0' || wordinclass(user, 't') ||
ConfigLevel <= 1)
return true;
setusershell();
while ((p = getusershell()) != NULL)
if (strcmp(p, shell) == 0 || strcmp(p, WILDCARD_SHELL) == 0)
break;
endusershell();
return p != NULL;
# else /* HASGETUSERSHELL */
# if USEGETCONFATTR
auto char *v;
-# endif /* USEGETCONFATTR */
+# endif
register SM_FILE_T *shellf;
char buf[MAXLINE];
if (shell == NULL || shell[0] == '\0' || wordinclass(user, 't') ||
ConfigLevel <= 1)
return true;
# if USEGETCONFATTR
/*
** Naturally IBM has a "better" idea.....
**
** What a crock. This interface isn't documented, it is
** considered part of the security library (-ls), and it
** only works if you are running as root (since the list
** of valid shells is obviously a source of great concern).
** I recommend that you do NOT define USEGETCONFATTR,
** especially since you are going to have to set up an
** /etc/shells anyhow to handle the cases where getconfattr
** fails.
*/
if (getconfattr(SC_SYS_LOGIN, SC_SHELLS, &v, SEC_LIST) == 0 && v != NULL)
{
while (*v != '\0')
{
if (strcmp(v, shell) == 0 || strcmp(v, WILDCARD_SHELL) == 0)
return true;
v += strlen(v) + 1;
}
return false;
}
# endif /* USEGETCONFATTR */
shellf = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, _PATH_SHELLS,
SM_IO_RDONLY, NULL);
if (shellf == NULL)
{
/* no /etc/shells; see if it is one of the std shells */
char **d;
if (errno != ENOENT && LogLevel > 3)
sm_syslog(LOG_ERR, NOQID,
"usershellok: cannot open %s: %s",
_PATH_SHELLS, sm_errstring(errno));
for (d = DefaultUserShells; *d != NULL; d++)
{
if (strcmp(shell, *d) == 0)
return true;
}
return false;
}
while (sm_io_fgets(shellf, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
{
register char *p, *q;
p = buf;
while (*p != '\0' && *p != '#' && *p != '/')
p++;
if (*p == '#' || *p == '\0')
continue;
q = p;
- while (*p != '\0' && *p != '#' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && *p != '#' && !(SM_ISSPACE(*p)))
p++;
*p = '\0';
if (strcmp(shell, q) == 0 || strcmp(WILDCARD_SHELL, q) == 0)
{
(void) sm_io_close(shellf, SM_TIME_DEFAULT);
return true;
}
}
(void) sm_io_close(shellf, SM_TIME_DEFAULT);
return false;
# endif /* HASGETUSERSHELL */
}
/*
** FREEDISKSPACE -- see how much free space is on the queue filesystem
**
** Only implemented if you have statfs.
**
** Parameters:
** dir -- the directory in question.
** bsize -- a variable into which the filesystem
** block size is stored.
**
** Returns:
** The number of blocks free on the queue filesystem.
** -1 if the statfs call fails.
**
** Side effects:
** Puts the filesystem block size into bsize.
*/
/* statfs types */
# define SFS_NONE 0 /* no statfs implementation */
# define SFS_USTAT 1 /* use ustat */
# define SFS_4ARGS 2 /* use four-argument statfs call */
# define SFS_VFS 3 /* use <sys/vfs.h> implementation */
# define SFS_MOUNT 4 /* use <sys/mount.h> implementation */
# define SFS_STATFS 5 /* use <sys/statfs.h> implementation */
# define SFS_STATVFS 6 /* use <sys/statvfs.h> implementation */
# ifndef SFS_TYPE
# define SFS_TYPE SFS_NONE
-# endif /* ! SFS_TYPE */
+# endif
# if SFS_TYPE == SFS_USTAT
# include <ustat.h>
-# endif /* SFS_TYPE == SFS_USTAT */
+# endif
# if SFS_TYPE == SFS_4ARGS || SFS_TYPE == SFS_STATFS
# include <sys/statfs.h>
-# endif /* SFS_TYPE == SFS_4ARGS || SFS_TYPE == SFS_STATFS */
+# endif
# if SFS_TYPE == SFS_VFS
# include <sys/vfs.h>
-# endif /* SFS_TYPE == SFS_VFS */
+# endif
# if SFS_TYPE == SFS_MOUNT
# include <sys/mount.h>
-# endif /* SFS_TYPE == SFS_MOUNT */
+# endif
# if SFS_TYPE == SFS_STATVFS
# include <sys/statvfs.h>
-# endif /* SFS_TYPE == SFS_STATVFS */
+# endif
long
freediskspace(dir, bsize)
const char *dir;
long *bsize;
{
# if SFS_TYPE == SFS_NONE
if (bsize != NULL)
*bsize = 4096L;
/* assume free space is plentiful */
return (long) LONG_MAX;
# else /* SFS_TYPE == SFS_NONE */
# if SFS_TYPE == SFS_USTAT
struct ustat fs;
struct stat statbuf;
# define FSBLOCKSIZE DEV_BSIZE
# define SFS_BAVAIL f_tfree
# else /* SFS_TYPE == SFS_USTAT */
# if defined(ultrix)
struct fs_data fs;
# define SFS_BAVAIL fd_bfreen
# define FSBLOCKSIZE 1024L
# else /* defined(ultrix) */
# if SFS_TYPE == SFS_STATVFS
struct statvfs fs;
# define FSBLOCKSIZE fs.f_frsize
# else /* SFS_TYPE == SFS_STATVFS */
struct statfs fs;
# define FSBLOCKSIZE fs.f_bsize
# endif /* SFS_TYPE == SFS_STATVFS */
# endif /* defined(ultrix) */
# endif /* SFS_TYPE == SFS_USTAT */
# ifndef SFS_BAVAIL
# define SFS_BAVAIL f_bavail
-# endif /* ! SFS_BAVAIL */
+# endif
# if SFS_TYPE == SFS_USTAT
if (stat(dir, &statbuf) == 0 && ustat(statbuf.st_dev, &fs) == 0)
# else /* SFS_TYPE == SFS_USTAT */
# if SFS_TYPE == SFS_4ARGS
if (statfs(dir, &fs, sizeof(fs), 0) == 0)
# else /* SFS_TYPE == SFS_4ARGS */
# if SFS_TYPE == SFS_STATVFS
if (statvfs(dir, &fs) == 0)
# else /* SFS_TYPE == SFS_STATVFS */
# if defined(ultrix)
if (statfs(dir, &fs) > 0)
# else /* defined(ultrix) */
if (statfs(dir, &fs) == 0)
# endif /* defined(ultrix) */
# endif /* SFS_TYPE == SFS_STATVFS */
# endif /* SFS_TYPE == SFS_4ARGS */
# endif /* SFS_TYPE == SFS_USTAT */
{
if (bsize != NULL)
*bsize = FSBLOCKSIZE;
if (fs.SFS_BAVAIL <= 0)
return 0;
else if (fs.SFS_BAVAIL > LONG_MAX)
return (long) LONG_MAX;
else
return (long) fs.SFS_BAVAIL;
}
return -1;
# endif /* SFS_TYPE == SFS_NONE */
}
/*
** ENOUGHDISKSPACE -- is there enough free space on the queue file systems?
**
** Parameters:
** msize -- the size to check against. If zero, we don't yet
** know how big the message will be, so just check for
** a "reasonable" amount.
** e -- envelope, or NULL -- controls logging
**
** Returns:
** true if in every queue group there is at least one
** queue directory whose file system contains enough free space.
** false otherwise.
**
** Side Effects:
** If there is not enough disk space and e != NULL
** then sm_syslog is called.
*/
bool
enoughdiskspace(msize, e)
long msize;
ENVELOPE *e;
{
int i;
#if _FFR_TESTS
if (tTd(4, 101))
return false;
-#endif /* _FFR_TESTS */
+#endif
if (MinBlocksFree <= 0 && msize <= 0)
{
if (tTd(4, 80))
sm_dprintf("enoughdiskspace: no threshold\n");
return true;
}
filesys_update();
for (i = 0; i < NumQueue; ++i)
{
if (pickqdir(Queue[i], msize, e) < 0)
return false;
}
return true;
}
/*
** TRANSIENTERROR -- tell if an error code indicates a transient failure
**
** This looks at an errno value and tells if this is likely to
** go away if retried later.
**
** Parameters:
** err -- the errno code to classify.
**
** Returns:
** true if this is probably transient.
** false otherwise.
*/
bool
transienterror(err)
int err;
{
switch (err)
{
case EIO: /* I/O error */
case ENXIO: /* Device not configured */
case EAGAIN: /* Resource temporarily unavailable */
case ENOMEM: /* Cannot allocate memory */
case ENODEV: /* Operation not supported by device */
case ENFILE: /* Too many open files in system */
case EMFILE: /* Too many open files */
case ENOSPC: /* No space left on device */
case ETIMEDOUT: /* Connection timed out */
#ifdef ESTALE
case ESTALE: /* Stale NFS file handle */
-#endif /* ESTALE */
+#endif
#ifdef ENETDOWN
case ENETDOWN: /* Network is down */
-#endif /* ENETDOWN */
+#endif
#ifdef ENETUNREACH
case ENETUNREACH: /* Network is unreachable */
-#endif /* ENETUNREACH */
+#endif
#ifdef ENETRESET
case ENETRESET: /* Network dropped connection on reset */
-#endif /* ENETRESET */
+#endif
#ifdef ECONNABORTED
case ECONNABORTED: /* Software caused connection abort */
-#endif /* ECONNABORTED */
+#endif
#ifdef ECONNRESET
case ECONNRESET: /* Connection reset by peer */
-#endif /* ECONNRESET */
+#endif
#ifdef ENOBUFS
case ENOBUFS: /* No buffer space available */
-#endif /* ENOBUFS */
+#endif
#ifdef ESHUTDOWN
case ESHUTDOWN: /* Can't send after socket shutdown */
-#endif /* ESHUTDOWN */
+#endif
#ifdef ECONNREFUSED
case ECONNREFUSED: /* Connection refused */
-#endif /* ECONNREFUSED */
+#endif
#ifdef EHOSTDOWN
case EHOSTDOWN: /* Host is down */
-#endif /* EHOSTDOWN */
+#endif
#ifdef EHOSTUNREACH
case EHOSTUNREACH: /* No route to host */
-#endif /* EHOSTUNREACH */
+#endif
#ifdef EDQUOT
case EDQUOT: /* Disc quota exceeded */
-#endif /* EDQUOT */
+#endif
#ifdef EPROCLIM
case EPROCLIM: /* Too many processes */
-#endif /* EPROCLIM */
+#endif
#ifdef EUSERS
case EUSERS: /* Too many users */
-#endif /* EUSERS */
+#endif
#ifdef EDEADLK
case EDEADLK: /* Resource deadlock avoided */
-#endif /* EDEADLK */
+#endif
#ifdef EISCONN
case EISCONN: /* Socket already connected */
-#endif /* EISCONN */
+#endif
#ifdef EINPROGRESS
case EINPROGRESS: /* Operation now in progress */
-#endif /* EINPROGRESS */
+#endif
#ifdef EALREADY
case EALREADY: /* Operation already in progress */
-#endif /* EALREADY */
+#endif
#ifdef EADDRINUSE
case EADDRINUSE: /* Address already in use */
-#endif /* EADDRINUSE */
+#endif
#ifdef EADDRNOTAVAIL
case EADDRNOTAVAIL: /* Can't assign requested address */
-#endif /* EADDRNOTAVAIL */
+#endif
#ifdef ETXTBSY
case ETXTBSY: /* (Apollo) file locked */
-#endif /* ETXTBSY */
+#endif
#if defined(ENOSR) && (!defined(ENOBUFS) || (ENOBUFS != ENOSR))
case ENOSR: /* Out of streams resources */
-#endif /* defined(ENOSR) && (!defined(ENOBUFS) || (ENOBUFS != ENOSR)) */
+#endif
#ifdef ENOLCK
case ENOLCK: /* No locks available */
-#endif /* ENOLCK */
+#endif
case E_SM_OPENTIMEOUT: /* PSEUDO: open timed out */
return true;
}
/* nope, must be permanent */
return false;
}
/*
** LOCKFILE -- lock a file using flock or (shudder) fcntl locking
**
** Parameters:
** fd -- the file descriptor of the file.
** filename -- the file name (for error messages).
** ext -- the filename extension.
** type -- type of the lock. Bits can be:
** LOCK_EX -- exclusive lock.
** LOCK_NB -- non-blocking.
** LOCK_UN -- unlock.
**
** Returns:
** true if the lock was acquired.
** false otherwise.
*/
bool
lockfile(fd, filename, ext, type)
int fd;
char *filename;
char *ext;
int type;
{
int i;
int save_errno;
# if !HASFLOCK
int action;
struct flock lfd;
if (ext == NULL)
ext = "";
memset(&lfd, '\0', sizeof(lfd));
if (bitset(LOCK_UN, type))
lfd.l_type = F_UNLCK;
else if (bitset(LOCK_EX, type))
lfd.l_type = F_WRLCK;
else
lfd.l_type = F_RDLCK;
if (bitset(LOCK_NB, type))
action = F_SETLK;
else
action = F_SETLKW;
if (tTd(55, 60))
sm_dprintf("lockfile(%s%s, action=%d, type=%d): ",
filename, ext, action, lfd.l_type);
while ((i = fcntl(fd, action, &lfd)) < 0 && errno == EINTR)
continue;
if (i >= 0)
{
if (tTd(55, 60))
sm_dprintf("SUCCESS\n");
return true;
}
save_errno = errno;
if (tTd(55, 60))
sm_dprintf("(%s) ", sm_errstring(save_errno));
/*
** On SunOS, if you are testing using -oQ/tmp/mqueue or
** -oA/tmp/aliases or anything like that, and /tmp is mounted
** as type "tmp" (that is, served from swap space), the
** previous fcntl will fail with "Invalid argument" errors.
** Since this is fairly common during testing, we will assume
** that this indicates that the lock is successfully grabbed.
*/
if (save_errno == EINVAL)
{
if (tTd(55, 60))
sm_dprintf("SUCCESS\n");
return true;
}
if (!bitset(LOCK_NB, type) ||
(save_errno != EACCES && save_errno != EAGAIN))
{
int omode = fcntl(fd, F_GETFL, 0);
uid_t euid = geteuid();
errno = save_errno;
syserr("cannot lockf(%s%s, fd=%d, type=%o, omode=%o, euid=%ld)",
filename, ext, fd, type, omode, (long) euid);
dumpfd(fd, true, true);
}
# else /* !HASFLOCK */
if (ext == NULL)
ext = "";
if (tTd(55, 60))
sm_dprintf("lockfile(%s%s, type=%o): ", filename, ext, type);
while ((i = flock(fd, type)) < 0 && errno == EINTR)
continue;
if (i >= 0)
{
if (tTd(55, 60))
sm_dprintf("SUCCESS\n");
return true;
}
save_errno = errno;
if (tTd(55, 60))
sm_dprintf("(%s) ", sm_errstring(save_errno));
if (!bitset(LOCK_NB, type) || save_errno != EWOULDBLOCK)
{
int omode = fcntl(fd, F_GETFL, 0);
uid_t euid = geteuid();
errno = save_errno;
syserr("cannot flock(%s%s, fd=%d, type=%o, omode=%o, euid=%ld)",
filename, ext, fd, type, omode, (long) euid);
dumpfd(fd, true, true);
}
# endif /* !HASFLOCK */
if (tTd(55, 60))
sm_dprintf("FAIL\n");
errno = save_errno;
return false;
}
/*
** CHOWNSAFE -- tell if chown is "safe" (executable only by root)
**
** Unfortunately, given that we can't predict other systems on which
** a remote mounted (NFS) filesystem will be mounted, the answer is
** almost always that this is unsafe.
**
** Note also that many operating systems have non-compliant
** implementations of the _POSIX_CHOWN_RESTRICTED variable and the
** fpathconf() routine. According to IEEE 1003.1-1990, if
** _POSIX_CHOWN_RESTRICTED is defined and not equal to -1, then
** no non-root process can give away the file. However, vendors
** don't take NFS into account, so a comfortable value of
** _POSIX_CHOWN_RESTRICTED tells us nothing.
**
** Also, some systems (e.g., IRIX 6.2) return 1 from fpathconf()
** even on files where chown is not restricted. Many systems get
** this wrong on NFS-based filesystems (that is, they say that chown
** is restricted [safe] on NFS filesystems where it may not be, since
** other systems can access the same filesystem and do file giveaway;
** only the NFS server knows for sure!) Hence, it is important to
** get the value of SAFENFSPATHCONF correct -- it should be defined
** _only_ after testing (see test/t_pathconf.c) a system on an unsafe
** NFS-based filesystem to ensure that you can get meaningful results.
** If in doubt, assume unsafe!
**
** You may also need to tweak IS_SAFE_CHOWN -- it should be a
** condition indicating whether the return from pathconf indicates
** that chown is safe (typically either > 0 or >= 0 -- there isn't
** even any agreement about whether a zero return means that a file
** is or is not safe). It defaults to "> 0".
**
** If the parent directory is safe (writable only by owner back
** to the root) then we can relax slightly and trust fpathconf
** in more circumstances. This is really a crock -- if this is an
** NFS mounted filesystem then we really know nothing about the
** underlying implementation. However, most systems pessimize and
** return an error (EINVAL or EOPNOTSUPP) on NFS filesystems, which
** we interpret as unsafe, as we should. Thus, this heuristic gets
** us into a possible problem only on systems that have a broken
** pathconf implementation and which are also poorly configured
** (have :include: files in group- or world-writable directories).
**
** Parameters:
** fd -- the file descriptor to check.
** safedir -- set if the parent directory is safe.
**
** Returns:
** true -- if the chown(2) operation is "safe" -- that is,
** only root can chown the file to an arbitrary user.
** false -- if an arbitrary user can give away a file.
*/
#ifndef IS_SAFE_CHOWN
# define IS_SAFE_CHOWN > 0
-#endif /* ! IS_SAFE_CHOWN */
+#endif
bool
chownsafe(fd, safedir)
int fd;
bool safedir;
{
# if (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && \
(defined(_PC_CHOWN_RESTRICTED) || defined(_GNU_TYPES_H))
int rval;
/* give the system administrator a chance to override */
if (bitnset(DBS_ASSUMESAFECHOWN, DontBlameSendmail))
return true;
/*
** Some systems (e.g., SunOS) seem to have the call and the
** #define _PC_CHOWN_RESTRICTED, but don't actually implement
** the call. This heuristic checks for that.
*/
errno = 0;
rval = fpathconf(fd, _PC_CHOWN_RESTRICTED);
# if SAFENFSPATHCONF
return errno == 0 && rval IS_SAFE_CHOWN;
-# else /* SAFENFSPATHCONF */
+# else
return safedir && errno == 0 && rval IS_SAFE_CHOWN;
-# endif /* SAFENFSPATHCONF */
+# endif
# else /* (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && ... */
return bitnset(DBS_ASSUMESAFECHOWN, DontBlameSendmail);
# endif /* (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && ... */
}
/*
** RESETLIMITS -- reset system controlled resource limits
**
** This is to avoid denial-of-service attacks
**
** Parameters:
** none
**
** Returns:
** none
*/
#if HASSETRLIMIT
# ifdef RLIMIT_NEEDS_SYS_TIME_H
# include <sm/time.h>
-# endif /* RLIMIT_NEEDS_SYS_TIME_H */
+# endif
# include <sys/resource.h>
#endif /* HASSETRLIMIT */
void
resetlimits()
{
#if HASSETRLIMIT
struct rlimit lim;
lim.rlim_cur = lim.rlim_max = RLIM_INFINITY;
(void) setrlimit(RLIMIT_CPU, &lim);
(void) setrlimit(RLIMIT_FSIZE, &lim);
# ifdef RLIMIT_NOFILE
lim.rlim_cur = lim.rlim_max = FD_SETSIZE;
(void) setrlimit(RLIMIT_NOFILE, &lim);
-# endif /* RLIMIT_NOFILE */
+# endif
#else /* HASSETRLIMIT */
# if HASULIMIT
(void) ulimit(2, 0x3fffff);
(void) ulimit(4, FD_SETSIZE);
-# endif /* HASULIMIT */
+# endif
#endif /* HASSETRLIMIT */
errno = 0;
}
/*
** SETVENDOR -- process vendor code from V configuration line
**
** Parameters:
** vendor -- string representation of vendor.
**
** Returns:
** true -- if ok.
** false -- if vendor code could not be processed.
**
** Side Effects:
** It is reasonable to set mode flags here to tweak
** processing in other parts of the code if necessary.
** For example, if you are a vendor that uses $%y to
** indicate YP lookups, you could enable that here.
*/
bool
setvendor(vendor)
char *vendor;
{
if (sm_strcasecmp(vendor, "Berkeley") == 0)
{
VendorCode = VENDOR_BERKELEY;
return true;
}
/* add vendor extensions here */
#ifdef SUN_EXTENSIONS
if (sm_strcasecmp(vendor, "Sun") == 0)
{
VendorCode = VENDOR_SUN;
return true;
}
#endif /* SUN_EXTENSIONS */
#ifdef DEC
if (sm_strcasecmp(vendor, "Digital") == 0)
{
VendorCode = VENDOR_DEC;
return true;
}
#endif /* DEC */
#if defined(VENDOR_NAME) && defined(VENDOR_CODE)
if (sm_strcasecmp(vendor, VENDOR_NAME) == 0)
{
VendorCode = VENDOR_CODE;
return true;
}
#endif /* defined(VENDOR_NAME) && defined(VENDOR_CODE) */
return false;
}
/*
** GETVENDOR -- return vendor name based on vendor code
**
** Parameters:
** vendorcode -- numeric representation of vendor.
**
** Returns:
** string containing vendor name.
*/
char *
getvendor(vendorcode)
int vendorcode;
{
#if defined(VENDOR_NAME) && defined(VENDOR_CODE)
/*
** Can't have the same switch case twice so need to
** handle VENDOR_CODE outside of switch. It might
** match one of the existing VENDOR_* codes.
*/
if (vendorcode == VENDOR_CODE)
return VENDOR_NAME;
#endif /* defined(VENDOR_NAME) && defined(VENDOR_CODE) */
switch (vendorcode)
{
case VENDOR_BERKELEY:
return "Berkeley";
case VENDOR_SUN:
return "Sun";
case VENDOR_HP:
return "HP";
case VENDOR_IBM:
return "IBM";
case VENDOR_SENDMAIL:
return "Sendmail";
default:
return "Unknown";
}
}
/*
** VENDOR_PRE_DEFAULTS, VENDOR_POST_DEFAULTS -- set vendor-specific defaults
**
** Vendor_pre_defaults is called before reading the configuration
** file; vendor_post_defaults is called immediately after.
**
** Parameters:
** e -- the global environment to initialize.
**
** Returns:
** none.
*/
#if SHARE_V1
int DefShareUid; /* default share uid to run as -- unused??? */
-#endif /* SHARE_V1 */
+#endif
void
vendor_pre_defaults(e)
ENVELOPE *e;
{
#if SHARE_V1
/* OTHERUID is defined in shares.h, do not be alarmed */
DefShareUid = OTHERUID;
-#endif /* SHARE_V1 */
+#endif
#if defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES)
sun_pre_defaults(e);
-#endif /* defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES) */
+#endif
#ifdef apollo
/*
** stupid domain/os can't even open
** /etc/mail/sendmail.cf without this
*/
sm_setuserenv("ISP", NULL);
sm_setuserenv("SYSTYPE", NULL);
#endif /* apollo */
}
void
vendor_post_defaults(e)
ENVELOPE *e;
{
#ifdef __QNX__
/* Makes sure the SOCK environment variable remains */
sm_setuserenv("SOCK", NULL);
-#endif /* __QNX__ */
+#endif
#if defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES)
sun_post_defaults(e);
-#endif /* defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES) */
+#endif
}
/*
** VENDOR_DAEMON_SETUP -- special vendor setup needed for daemon mode
*/
void
vendor_daemon_setup(e)
ENVELOPE *e;
{
#if HASSETLOGIN
(void) setlogin(RunAsUserName);
-#endif /* HASSETLOGIN */
+#endif
#if SECUREWARE
if (getluid() != -1)
{
usrerr("Daemon cannot have LUID");
finis(false, true, EX_USAGE);
}
#endif /* SECUREWARE */
}
/*
** VENDOR_SET_UID -- do setup for setting a user id
**
** This is called when we are still root.
**
** Parameters:
** uid -- the uid we are about to become.
**
** Returns:
** none.
*/
void
vendor_set_uid(uid)
UID_T uid;
{
/*
** We need to setup the share groups (lnodes)
** and add auditing information (luid's)
** before we loose our ``root''ness.
*/
#if SHARE_V1
if (setupshares(uid, syserr) != 0)
syserr("Unable to set up shares");
-#endif /* SHARE_V1 */
+#endif
#if SECUREWARE
(void) setup_secure(uid);
-#endif /* SECUREWARE */
+#endif
}
/*
** VALIDATE_CONNECTION -- check connection for rationality
**
** If the connection is rejected, this routine should log an
** appropriate message -- but should never issue any SMTP protocol.
**
** Parameters:
** sap -- a pointer to a SOCKADDR naming the peer.
** hostname -- the name corresponding to sap.
** e -- the current envelope.
**
** Returns:
** error message from rejection.
** NULL if not rejected.
*/
#if TCPWRAPPERS
# include <tcpd.h>
/* tcpwrappers does no logging, but you still have to declare these -- ugh */
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
#endif /* TCPWRAPPERS */
char *
validate_connection(sap, hostname, e)
SOCKADDR *sap;
char *hostname;
ENVELOPE *e;
{
#if TCPWRAPPERS
char *host;
char *addr;
extern int hosts_ctl();
#endif /* TCPWRAPPERS */
if (tTd(48, 3))
sm_dprintf("validate_connection(%s, %s)\n",
hostname, anynet_ntoa(sap));
connection_rate_check(sap, e);
if (rscheck("check_relay", hostname, anynet_ntoa(sap), e,
RSF_RMCOMM|RSF_COUNT, 3, NULL, NOQID, NULL, NULL) != EX_OK)
{
static char reject[BUFSIZ*2];
extern char MsgBuf[];
if (tTd(48, 4))
sm_dprintf(" ... validate_connection: BAD (rscheck)\n");
if (strlen(MsgBuf) >= 3)
(void) sm_strlcpy(reject, MsgBuf, sizeof(reject));
else
(void) sm_strlcpy(reject, "Access denied", sizeof(reject));
return reject;
}
#if TCPWRAPPERS
if (hostname[0] == '[' && hostname[strlen(hostname) - 1] == ']')
host = "unknown";
else
host = hostname;
addr = anynet_ntoa(sap);
# if NETINET6
/* TCP/Wrappers don't want the IPv6: protocol label */
if (addr != NULL && sm_strncasecmp(addr, "IPv6:", 5) == 0)
addr += 5;
# endif /* NETINET6 */
if (!hosts_ctl("sendmail", host, addr, STRING_UNKNOWN))
{
if (tTd(48, 4))
sm_dprintf(" ... validate_connection: BAD (tcpwrappers)\n");
if (LogLevel > 3)
sm_syslog(LOG_NOTICE, e->e_id,
"tcpwrappers (%s, %s) rejection",
host, addr);
return "Access denied";
}
#endif /* TCPWRAPPERS */
if (tTd(48, 4))
sm_dprintf(" ... validate_connection: OK\n");
return NULL;
}
/*
** STRTOL -- convert string to long integer
**
** For systems that don't have it in the C library.
**
** This is taken verbatim from the 4.4-Lite C library.
*/
#if NEEDSTRTOL
# if defined(LIBC_SCCS) && !defined(lint)
static char sccsid[] = "@(#)strtol.c 8.1 (Berkeley) 6/4/93";
-# endif /* defined(LIBC_SCCS) && !defined(lint) */
+# endif
/*
** Convert a string to a long integer.
**
** Ignores `locale' stuff. Assumes that the upper and lower case
** alphabets and digits are each contiguous.
*/
long
strtol(nptr, endptr, base)
const char *nptr;
char **endptr;
register int base;
{
register const char *s = nptr;
register unsigned long acc;
register int c;
register unsigned long cutoff;
register int neg = 0, any, cutlim;
/*
** Skip white space and pick up leading +/- sign if any.
** If base is 0, allow 0x for hex and 0 for octal, else
** assume decimal; if base is already 16, allow 0x.
*/
do {
c = *s++;
- } while (isascii(c) && isspace(c));
+ } while (SM_ISSPACE(c));
if (c == '-') {
neg = 1;
c = *s++;
} else if (c == '+')
c = *s++;
if ((base == 0 || base == 16) &&
c == '0' && (*s == 'x' || *s == 'X')) {
c = s[1];
s += 2;
base = 16;
}
if (base == 0)
base = c == '0' ? 8 : 10;
/*
** Compute the cutoff value between legal numbers and illegal
** numbers. That is the largest legal value, divided by the
** base. An input number that is greater than this value, if
** followed by a legal input character, is too big. One that
** is equal to this value may be valid or not; the limit
** between valid and invalid numbers is then based on the last
** digit. For instance, if the range for longs is
** [-2147483648..2147483647] and the input base is 10,
** cutoff will be set to 214748364 and cutlim to either
** 7 (neg==0) or 8 (neg==1), meaning that if we have accumulated
** a value > 214748364, or equal but the next digit is > 7 (or 8),
** the number is too big, and we will return a range error.
**
** Set any if any `digits' consumed; make it negative to indicate
** overflow.
*/
cutoff = neg ? -(unsigned long) LONG_MIN : LONG_MAX;
cutlim = cutoff % (unsigned long) base;
cutoff /= (unsigned long) base;
for (acc = 0, any = 0;; c = *s++) {
if (isascii(c) && isdigit(c))
c -= '0';
else if (isascii(c) && isalpha(c))
c -= isupper(c) ? 'A' - 10 : 'a' - 10;
else
break;
if (c >= base)
break;
if (any < 0 || acc > cutoff || acc == cutoff && c > cutlim)
any = -1;
else {
any = 1;
acc *= base;
acc += c;
}
}
if (any < 0) {
acc = neg ? LONG_MIN : LONG_MAX;
errno = ERANGE;
} else if (neg)
acc = -acc;
- if (endptr != 0)
+ if (endptr != NULL)
*endptr = (char *)(any ? s - 1 : nptr);
return acc;
}
#endif /* NEEDSTRTOL */
/*
** STRSTR -- find first substring in string
**
** Parameters:
** big -- the big (full) string.
** little -- the little (sub) string.
**
** Returns:
** A pointer to the first instance of little in big.
** big if little is the null string.
** NULL if little is not contained in big.
*/
#if NEEDSTRSTR
char *
strstr(big, little)
char *big;
char *little;
{
register char *p = big;
int l;
if (*little == '\0')
return big;
l = strlen(little);
while ((p = strchr(p, *little)) != NULL)
{
if (strncmp(p, little, l) == 0)
return p;
p++;
}
return NULL;
}
#endif /* NEEDSTRSTR */
/*
** SM_GETHOSTBY{NAME,ADDR} -- compatibility routines for gethostbyXXX
**
** Some operating systems have weird problems with the gethostbyXXX
** routines. For example, Solaris versions at least through 2.3
** don't properly deliver a canonical h_name field. This tries to
** work around these problems.
**
** Support IPv6 as well as IPv4.
*/
#if NETINET6 && NEEDSGETIPNODE
# ifndef AI_DEFAULT
# define AI_DEFAULT 0 /* dummy */
-# endif /* ! AI_DEFAULT */
+# endif
# ifndef AI_ADDRCONFIG
# define AI_ADDRCONFIG 0 /* dummy */
-# endif /* ! AI_ADDRCONFIG */
+# endif
# ifndef AI_V4MAPPED
# define AI_V4MAPPED 0 /* dummy */
-# endif /* ! AI_V4MAPPED */
+# endif
# ifndef AI_ALL
# define AI_ALL 0 /* dummy */
-# endif /* ! AI_ALL */
+# endif
static struct hostent *
sm_getipnodebyname(name, family, flags, err)
const char *name;
int family;
int flags;
int *err;
{
struct hostent *h;
# if HAS_GETHOSTBYNAME2
h = gethostbyname2(name, family);
if (h == NULL)
*err = h_errno;
return h;
# else /* HAS_GETHOSTBYNAME2 */
+# ifdef RES_USE_INET6
bool resv6 = true;
if (family == AF_INET6)
{
/* From RFC2133, section 6.1 */
resv6 = bitset(RES_USE_INET6, _res.options);
_res.options |= RES_USE_INET6;
}
+# endif /* RES_USE_INET6 */
SM_SET_H_ERRNO(0);
h = gethostbyname(name);
+# ifdef RES_USE_INET6
if (!resv6)
_res.options &= ~RES_USE_INET6;
+# endif
/* the function is supposed to return only the requested family */
if (h != NULL && h->h_addrtype != family)
{
# if NETINET6
freehostent(h);
-# endif /* NETINET6 */
+# endif
h = NULL;
*err = NO_DATA;
}
else
*err = h_errno;
return h;
# endif /* HAS_GETHOSTBYNAME2 */
}
static struct hostent *
sm_getipnodebyaddr(addr, len, family, err)
const void *addr;
size_t len;
int family;
int *err;
{
struct hostent *h;
SM_SET_H_ERRNO(0);
h = gethostbyaddr(addr, len, family);
*err = h_errno;
return h;
}
void
freehostent(h)
struct hostent *h;
{
/*
** Stub routine -- if they don't have getipnodeby*(),
** they probably don't have the free routine either.
*/
return;
}
#endif /* NETINET6 && NEEDSGETIPNODE */
struct hostent *
sm_gethostbyname(name, family)
char *name;
int family;
{
int save_errno;
struct hostent *h = NULL;
#if (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4))
# if SOLARIS == 20300 || SOLARIS == 203
static struct hostent hp;
static char buf[1000];
extern struct hostent *_switch_gethostbyname_r();
if (tTd(61, 10))
sm_dprintf("_switch_gethostbyname_r(%s)... ", name);
h = _switch_gethostbyname_r(name, &hp, buf, sizeof(buf), &h_errno);
save_errno = errno;
# else /* SOLARIS == 20300 || SOLARIS == 203 */
extern struct hostent *__switch_gethostbyname();
if (tTd(61, 10))
sm_dprintf("__switch_gethostbyname(%s)... ", name);
h = __switch_gethostbyname(name);
save_errno = errno;
# endif /* SOLARIS == 20300 || SOLARIS == 203 */
#else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
int nmaps;
# if NETINET6
# ifndef SM_IPNODEBYNAME_FLAGS
/* For IPv4-mapped addresses, use: AI_DEFAULT|AI_ALL */
# define SM_IPNODEBYNAME_FLAGS AI_ADDRCONFIG
-# endif /* SM_IPNODEBYNAME_FLAGS */
+# endif
int flags = SM_IPNODEBYNAME_FLAGS;
int err;
# endif /* NETINET6 */
char *maptype[MAXMAPSTACK];
short mapreturn[MAXMAPACTIONS];
char hbuf[MAXNAME];
if (tTd(61, 10))
sm_dprintf("sm_gethostbyname(%s, %d)... ", name, family);
# if NETINET6
# if ADDRCONFIG_IS_BROKEN
flags &= ~AI_ADDRCONFIG;
-# endif /* ADDRCONFIG_IS_BROKEN */
+# endif
h = sm_getipnodebyname(name, family, flags, &err);
SM_SET_H_ERRNO(err);
# else /* NETINET6 */
h = gethostbyname(name);
# endif /* NETINET6 */
save_errno = errno;
if (h == NULL)
{
if (tTd(61, 10))
sm_dprintf("failure\n");
nmaps = switch_map_find("hosts", maptype, mapreturn);
while (--nmaps >= 0)
{
if (strcmp(maptype[nmaps], "nis") == 0 ||
strcmp(maptype[nmaps], "files") == 0)
break;
}
if (nmaps >= 0)
{
/* try short name */
if (strlen(name) > sizeof(hbuf) - 1)
{
errno = save_errno;
return NULL;
}
(void) sm_strlcpy(hbuf, name, sizeof(hbuf));
(void) shorten_hostname(hbuf);
/* if it hasn't been shortened, there's no point */
if (strcmp(hbuf, name) != 0)
{
if (tTd(61, 10))
sm_dprintf("sm_gethostbyname(%s, %d)... ",
hbuf, family);
# if NETINET6
h = sm_getipnodebyname(hbuf, family, flags, &err);
SM_SET_H_ERRNO(err);
save_errno = errno;
# else /* NETINET6 */
h = gethostbyname(hbuf);
save_errno = errno;
# endif /* NETINET6 */
}
}
}
#endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
/* the function is supposed to return only the requested family */
if (h != NULL && h->h_addrtype != family)
{
# if NETINET6
freehostent(h);
-# endif /* NETINET6 */
+# endif
h = NULL;
SM_SET_H_ERRNO(NO_DATA);
}
if (tTd(61, 10))
{
if (h == NULL)
sm_dprintf("failure\n");
else
{
sm_dprintf("%s\n", h->h_name);
if (tTd(61, 11))
{
struct in_addr ia;
size_t i;
#if NETINET6
struct in6_addr ia6;
char buf6[INET6_ADDRSTRLEN];
-#endif /* NETINET6 */
+#endif
if (h->h_aliases != NULL)
for (i = 0; h->h_aliases[i] != NULL;
i++)
sm_dprintf("\talias: %s\n",
h->h_aliases[i]);
for (i = 0; h->h_addr_list[i] != NULL; i++)
{
char *addr;
addr = NULL;
#if NETINET6
if (h->h_addrtype == AF_INET6)
{
memmove(&ia6, h->h_addr_list[i],
IN6ADDRSZ);
addr = anynet_ntop(&ia6,
buf6, sizeof(buf6));
}
else
#endif /* NETINET6 */
/* "else" in #if code above */
{
memmove(&ia, h->h_addr_list[i],
INADDRSZ);
addr = (char *) inet_ntoa(ia);
}
if (addr != NULL)
sm_dprintf("\taddr: %s\n", addr);
}
}
}
}
errno = save_errno;
return h;
}
struct hostent *
sm_gethostbyaddr(addr, len, type)
char *addr;
int len;
int type;
{
struct hostent *hp;
#if NETINET6
if (type == AF_INET6 &&
IN6_IS_ADDR_UNSPECIFIED((struct in6_addr *) addr))
{
/* Avoid reverse lookup for IPv6 unspecified address */
SM_SET_H_ERRNO(HOST_NOT_FOUND);
return NULL;
}
#endif /* NETINET6 */
#if (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204)
# if SOLARIS == 20300 || SOLARIS == 203
{
static struct hostent he;
static char buf[1000];
extern struct hostent *_switch_gethostbyaddr_r();
hp = _switch_gethostbyaddr_r(addr, len, type, &he,
buf, sizeof(buf), &h_errno);
}
# else /* SOLARIS == 20300 || SOLARIS == 203 */
{
extern struct hostent *__switch_gethostbyaddr();
hp = __switch_gethostbyaddr(addr, len, type);
}
# endif /* SOLARIS == 20300 || SOLARIS == 203 */
#else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) */
# if NETINET6
{
int err;
hp = sm_getipnodebyaddr(addr, len, type, &err);
SM_SET_H_ERRNO(err);
}
# else /* NETINET6 */
hp = gethostbyaddr(addr, len, type);
# endif /* NETINET6 */
#endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) */
return hp;
}
/*
** SM_GETPW{NAM,UID} -- wrapper for getpwnam and getpwuid
*/
struct passwd *
sm_getpwnam(user)
char *user;
{
#ifdef _AIX4
extern struct passwd *_getpwnam_shadow(const char *, const int);
return _getpwnam_shadow(user, 0);
#else /* _AIX4 */
return getpwnam(user);
#endif /* _AIX4 */
}
struct passwd *
sm_getpwuid(uid)
UID_T uid;
{
#if defined(_AIX4) && 0
extern struct passwd *_getpwuid_shadow(const int, const int);
return _getpwuid_shadow(uid,0);
#else /* defined(_AIX4) && 0 */
return getpwuid(uid);
#endif /* defined(_AIX4) && 0 */
}
/*
** SECUREWARE_SETUP_SECURE -- Convex SecureWare setup
**
** Set up the trusted computing environment for C2 level security
** under SecureWare.
**
** Parameters:
** uid -- uid of the user to initialize in the TCB
**
** Returns:
** none
**
** Side Effects:
** Initialized the user in the trusted computing base
*/
#if SECUREWARE
# include <sys/security.h>
# include <prot.h>
void
secureware_setup_secure(uid)
UID_T uid;
{
int rc;
if (getluid() != -1)
return;
if ((rc = set_secure_info(uid)) != SSI_GOOD_RETURN)
{
switch (rc)
{
case SSI_NO_PRPW_ENTRY:
syserr("No protected passwd entry, uid = %d",
(int) uid);
break;
case SSI_LOCKED:
syserr("Account has been disabled, uid = %d",
(int) uid);
break;
case SSI_RETIRED:
syserr("Account has been retired, uid = %d",
(int) uid);
break;
case SSI_BAD_SET_LUID:
syserr("Could not set LUID, uid = %d", (int) uid);
break;
case SSI_BAD_SET_PRIVS:
syserr("Could not set kernel privs, uid = %d",
(int) uid);
default:
syserr("Unknown return code (%d) from set_secure_info(%d)",
rc, (int) uid);
break;
}
finis(false, true, EX_NOPERM);
}
}
#endif /* SECUREWARE */
/*
** ADD_HOSTNAMES -- Add a hostname to class 'w' based on IP address
**
** Add hostnames to class 'w' based on the IP address read from
** the network interface.
**
** Parameters:
** sa -- a pointer to a SOCKADDR containing the address
**
** Returns:
** 0 if successful, -1 if host lookup fails.
*/
static int
add_hostnames(sa)
SOCKADDR *sa;
{
struct hostent *hp;
char **ha;
char hnb[MAXHOSTNAMELEN];
/* lookup name with IP address */
switch (sa->sa.sa_family)
{
#if NETINET
case AF_INET:
hp = sm_gethostbyaddr((char *) &sa->sin.sin_addr,
sizeof(sa->sin.sin_addr),
sa->sa.sa_family);
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
hp = sm_gethostbyaddr((char *) &sa->sin6.sin6_addr,
sizeof(sa->sin6.sin6_addr),
sa->sa.sa_family);
break;
#endif /* NETINET6 */
default:
/* Give warning about unsupported family */
if (LogLevel > 3)
sm_syslog(LOG_WARNING, NOQID,
"Unsupported address family %d: %.100s",
sa->sa.sa_family, anynet_ntoa(sa));
return -1;
}
if (hp == NULL)
{
int save_errno = errno;
if (LogLevel > 3 &&
#if NETINET && defined(IN_LINKLOCAL)
!(sa->sa.sa_family == AF_INET &&
IN_LINKLOCAL(ntohl(sa->sin.sin_addr.s_addr))) &&
-#endif /* NETINET && defined(IN_LINKLOCAL) */
+#endif
#if NETINET6
!(sa->sa.sa_family == AF_INET6 &&
IN6_IS_ADDR_LINKLOCAL(&sa->sin6.sin6_addr)) &&
-#endif /* NETINET6 */
+#endif
true)
sm_syslog(LOG_WARNING, NOQID,
"gethostbyaddr(%.100s) failed: %d",
anynet_ntoa(sa),
#if NAMED_BIND
h_errno
-#else /* NAMED_BIND */
+#else
-1
-#endif /* NAMED_BIND */
+#endif
);
errno = save_errno;
return -1;
}
/* save its cname */
if (!wordinclass((char *) hp->h_name, 'w'))
{
setclass('w', (char *) hp->h_name);
if (tTd(0, 4))
sm_dprintf("\ta.k.a.: %s\n", hp->h_name);
if (sm_snprintf(hnb, sizeof(hnb), "[%s]", hp->h_name) <
sizeof(hnb)
&& !wordinclass((char *) hnb, 'w'))
setclass('w', hnb);
}
else
{
if (tTd(0, 43))
sm_dprintf("\ta.k.a.: %s (already in $=w)\n", hp->h_name);
}
/* save all it aliases name */
for (ha = hp->h_aliases; ha != NULL && *ha != NULL; ha++)
{
if (!wordinclass(*ha, 'w'))
{
setclass('w', *ha);
if (tTd(0, 4))
sm_dprintf("\ta.k.a.: %s\n", *ha);
if (sm_snprintf(hnb, sizeof(hnb),
"[%s]", *ha) < sizeof(hnb) &&
!wordinclass((char *) hnb, 'w'))
setclass('w', hnb);
}
else
{
if (tTd(0, 43))
sm_dprintf("\ta.k.a.: %s (already in $=w)\n",
*ha);
}
}
#if NETINET6
freehostent(hp);
-#endif /* NETINET6 */
+#endif
return 0;
}
/*
** LOAD_IF_NAMES -- load interface-specific names into $=w
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** Loads $=w with the names of all the interfaces.
*/
#if !NETINET
# define SIOCGIFCONF_IS_BROKEN 1 /* XXX */
-#endif /* !NETINET */
+#endif
#if defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN
struct rtentry;
struct mbuf;
# ifndef SUNOS403
# include <sm/time.h>
-# endif /* ! SUNOS403 */
+# endif
# if (_AIX4 >= 40300) && !defined(_NET_IF_H)
# undef __P
-# endif /* (_AIX4 >= 40300) && !defined(_NET_IF_H) */
+# endif
# include <net/if.h>
#endif /* defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN */
void
load_if_names()
{
# if NETINET6 && defined(SIOCGLIFCONF)
# ifdef __hpux
/*
** Unfortunately, HP has changed all of the structures,
** making life difficult for implementors.
*/
# define lifconf if_laddrconf
# define lifc_len iflc_len
# define lifc_buf iflc_buf
# define lifreq if_laddrreq
# define lifr_addr iflr_addr
# define lifr_name iflr_name
# define lifr_flags iflr_flags
# define ss_family sa_family
# undef SIOCGLIFNUM
# endif /* __hpux */
int s;
int i;
size_t len;
int numifs;
char *buf;
struct lifconf lifc;
# ifdef SIOCGLIFNUM
struct lifnum lifn;
-# endif /* SIOCGLIFNUM */
+# endif
s = socket(InetMode, SOCK_DGRAM, 0);
if (s == -1)
return;
/* get the list of known IP address from the kernel */
# ifdef __hpux
i = ioctl(s, SIOCGIFNUM, (char *) &numifs);
-# endif /* __hpux */
+# endif
# ifdef SIOCGLIFNUM
lifn.lifn_family = AF_UNSPEC;
lifn.lifn_flags = 0;
i = ioctl(s, SIOCGLIFNUM, (char *)&lifn);
numifs = lifn.lifn_count;
# endif /* SIOCGLIFNUM */
# if defined(__hpux) || defined(SIOCGLIFNUM)
if (i < 0)
{
/* can't get number of interfaces -- fall back */
if (tTd(0, 4))
sm_dprintf("SIOCGLIFNUM failed: %s\n",
sm_errstring(errno));
numifs = -1;
}
else if (tTd(0, 42))
sm_dprintf("system has %d interfaces\n", numifs);
if (numifs < 0)
# endif /* defined(__hpux) || defined(SIOCGLIFNUM) */
numifs = MAXINTERFACES;
if (numifs <= 0)
{
(void) close(s);
return;
}
len = lifc.lifc_len = numifs * sizeof(struct lifreq);
buf = lifc.lifc_buf = xalloc(lifc.lifc_len);
# ifndef __hpux
lifc.lifc_family = AF_UNSPEC;
lifc.lifc_flags = 0;
-# endif /* ! __hpux */
+# endif
if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0)
{
if (tTd(0, 4))
sm_dprintf("SIOCGLIFCONF failed: %s\n",
sm_errstring(errno));
(void) close(s);
sm_free(buf);
return;
}
/* scan the list of IP address */
if (tTd(0, 40))
sm_dprintf("scanning for interface specific names, lifc_len=%ld\n",
(long) len);
for (i = 0; i < len && i >= 0; )
{
int flags;
struct lifreq *ifr = (struct lifreq *)&buf[i];
SOCKADDR *sa = (SOCKADDR *) &ifr->lifr_addr;
int af = ifr->lifr_addr.ss_family;
char *addr;
char *name;
struct in6_addr ia6;
struct in_addr ia;
# ifdef SIOCGLIFFLAGS
struct lifreq ifrf;
-# endif /* SIOCGLIFFLAGS */
+# endif
char ip_addr[256];
char buf6[INET6_ADDRSTRLEN];
/*
** We must close and recreate the socket each time
** since we don't know what type of socket it is now
** (each status function may change it).
*/
(void) close(s);
s = socket(af, SOCK_DGRAM, 0);
if (s == -1)
{
sm_free(buf); /* XXX */
return;
}
/*
** If we don't have a complete ifr structure,
** don't try to use it.
*/
if ((len - i) < sizeof(*ifr))
break;
# ifdef BSD4_4_SOCKADDR
if (sa->sa.sa_len > sizeof(ifr->lifr_addr))
i += sizeof(ifr->lifr_name) + sa->sa.sa_len;
else
# endif /* BSD4_4_SOCKADDR */
# ifdef DEC
/* fix for IPv6 size differences */
i += sizeof(ifr->ifr_name) +
max(sizeof(ifr->ifr_addr), ifr->ifr_addr.sa_len);
# else /* DEC */
i += sizeof(*ifr);
# endif /* DEC */
if (tTd(0, 20))
sm_dprintf("%s\n", anynet_ntoa(sa));
if (af != AF_INET && af != AF_INET6)
continue;
# ifdef SIOCGLIFFLAGS
memset(&ifrf, '\0', sizeof(struct lifreq));
(void) sm_strlcpy(ifrf.lifr_name, ifr->lifr_name,
sizeof(ifrf.lifr_name));
if (ioctl(s, SIOCGLIFFLAGS, (char *) &ifrf) < 0)
{
if (tTd(0, 4))
sm_dprintf("SIOCGLIFFLAGS failed: %s\n",
sm_errstring(errno));
continue;
}
name = ifr->lifr_name;
flags = ifrf.lifr_flags;
if (tTd(0, 41))
sm_dprintf("\tflags: %lx\n", (unsigned long) flags);
if (!bitset(IFF_UP, flags))
continue;
# endif /* SIOCGLIFFLAGS */
ip_addr[0] = '\0';
/* extract IP address from the list*/
switch (af)
{
case AF_INET6:
SETV6LOOPBACKADDRFOUND(*sa);
# ifdef __KAME__
/* convert into proper scoped address */
if ((IN6_IS_ADDR_LINKLOCAL(&sa->sin6.sin6_addr) ||
IN6_IS_ADDR_SITELOCAL(&sa->sin6.sin6_addr)) &&
sa->sin6.sin6_scope_id == 0)
{
struct in6_addr *ia6p;
ia6p = &sa->sin6.sin6_addr;
sa->sin6.sin6_scope_id = ntohs(ia6p->s6_addr[3] |
((unsigned int)ia6p->s6_addr[2] << 8));
ia6p->s6_addr[2] = ia6p->s6_addr[3] = 0;
}
# endif /* __KAME__ */
ia6 = sa->sin6.sin6_addr;
if (IN6_IS_ADDR_UNSPECIFIED(&ia6))
{
addr = anynet_ntop(&ia6, buf6, sizeof(buf6));
message("WARNING: interface %s is UP with %s address",
name, addr == NULL ? "(NULL)" : addr);
continue;
}
/* save IP address in text from */
addr = anynet_ntop(&ia6, buf6, sizeof(buf6));
if (addr != NULL)
(void) sm_snprintf(ip_addr, sizeof(ip_addr),
"[%.*s]",
(int) sizeof(ip_addr) - 3,
addr);
break;
case AF_INET:
ia = sa->sin.sin_addr;
if (ia.s_addr == INADDR_ANY ||
ia.s_addr == INADDR_NONE)
{
message("WARNING: interface %s is UP with %s address",
name, inet_ntoa(ia));
continue;
}
/* save IP address in text from */
(void) sm_snprintf(ip_addr, sizeof(ip_addr), "[%.*s]",
(int) sizeof(ip_addr) - 3, inet_ntoa(ia));
break;
}
if (*ip_addr == '\0')
continue;
if (!wordinclass(ip_addr, 'w'))
{
setclass('w', ip_addr);
if (tTd(0, 4))
sm_dprintf("\ta.k.a.: %s\n", ip_addr);
}
# ifdef SIOCGLIFFLAGS
/* skip "loopback" interface "lo" */
if (DontProbeInterfaces == DPI_SKIPLOOPBACK &&
bitset(IFF_LOOPBACK, flags))
continue;
# endif /* SIOCGLIFFLAGS */
(void) add_hostnames(sa);
}
sm_free(buf); /* XXX */
(void) close(s);
# else /* NETINET6 && defined(SIOCGLIFCONF) */
# if defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN
int s;
int i;
struct ifconf ifc;
int numifs;
s = socket(AF_INET, SOCK_DGRAM, 0);
if (s == -1)
return;
/* get the list of known IP address from the kernel */
# if defined(SIOCGIFNUM) && !SIOCGIFNUM_IS_BROKEN
if (ioctl(s, SIOCGIFNUM, (char *) &numifs) < 0)
{
/* can't get number of interfaces -- fall back */
if (tTd(0, 4))
sm_dprintf("SIOCGIFNUM failed: %s\n",
sm_errstring(errno));
numifs = -1;
}
else if (tTd(0, 42))
sm_dprintf("system has %d interfaces\n", numifs);
if (numifs < 0)
# endif /* defined(SIOCGIFNUM) && !SIOCGIFNUM_IS_BROKEN */
numifs = MAXINTERFACES;
if (numifs <= 0)
{
(void) close(s);
return;
}
ifc.ifc_len = numifs * sizeof(struct ifreq);
ifc.ifc_buf = xalloc(ifc.ifc_len);
if (ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0)
{
if (tTd(0, 4))
sm_dprintf("SIOCGIFCONF failed: %s\n",
sm_errstring(errno));
(void) close(s);
return;
}
/* scan the list of IP address */
if (tTd(0, 40))
sm_dprintf("scanning for interface specific names, ifc_len=%d\n",
ifc.ifc_len);
for (i = 0; i < ifc.ifc_len && i >= 0; )
{
int af;
struct ifreq *ifr = (struct ifreq *) &ifc.ifc_buf[i];
SOCKADDR *sa = (SOCKADDR *) &ifr->ifr_addr;
# if NETINET6
char *addr;
struct in6_addr ia6;
-# endif /* NETINET6 */
+# endif
struct in_addr ia;
# ifdef SIOCGIFFLAGS
struct ifreq ifrf;
-# endif /* SIOCGIFFLAGS */
+# endif
char ip_addr[256];
# if NETINET6
char buf6[INET6_ADDRSTRLEN];
-# endif /* NETINET6 */
+# endif
/*
** If we don't have a complete ifr structure,
** don't try to use it.
*/
if ((ifc.ifc_len - i) < sizeof(*ifr))
break;
# ifdef BSD4_4_SOCKADDR
if (sa->sa.sa_len > sizeof(ifr->ifr_addr))
i += sizeof(ifr->ifr_name) + sa->sa.sa_len;
else
# endif /* BSD4_4_SOCKADDR */
i += sizeof(*ifr);
if (tTd(0, 20))
sm_dprintf("%s\n", anynet_ntoa(sa));
af = ifr->ifr_addr.sa_family;
if (af != AF_INET
# if NETINET6
&& af != AF_INET6
-# endif /* NETINET6 */
+# endif
)
continue;
# ifdef SIOCGIFFLAGS
memset(&ifrf, '\0', sizeof(struct ifreq));
(void) sm_strlcpy(ifrf.ifr_name, ifr->ifr_name,
sizeof(ifrf.ifr_name));
(void) ioctl(s, SIOCGIFFLAGS, (char *) &ifrf);
if (tTd(0, 41))
sm_dprintf("\tflags: %lx\n",
(unsigned long) ifrf.ifr_flags);
# define IFRFREF ifrf
# else /* SIOCGIFFLAGS */
# define IFRFREF (*ifr)
# endif /* SIOCGIFFLAGS */
if (!bitset(IFF_UP, IFRFREF.ifr_flags))
continue;
ip_addr[0] = '\0';
/* extract IP address from the list*/
switch (af)
{
case AF_INET:
ia = sa->sin.sin_addr;
if (ia.s_addr == INADDR_ANY ||
ia.s_addr == INADDR_NONE)
{
message("WARNING: interface %s is UP with %s address",
ifr->ifr_name, inet_ntoa(ia));
continue;
}
/* save IP address in text from */
(void) sm_snprintf(ip_addr, sizeof(ip_addr), "[%.*s]",
(int) sizeof(ip_addr) - 3,
inet_ntoa(ia));
break;
# if NETINET6
case AF_INET6:
SETV6LOOPBACKADDRFOUND(*sa);
# ifdef __KAME__
/* convert into proper scoped address */
if ((IN6_IS_ADDR_LINKLOCAL(&sa->sin6.sin6_addr) ||
IN6_IS_ADDR_SITELOCAL(&sa->sin6.sin6_addr)) &&
sa->sin6.sin6_scope_id == 0)
{
struct in6_addr *ia6p;
ia6p = &sa->sin6.sin6_addr;
sa->sin6.sin6_scope_id = ntohs(ia6p->s6_addr[3] |
((unsigned int)ia6p->s6_addr[2] << 8));
ia6p->s6_addr[2] = ia6p->s6_addr[3] = 0;
}
# endif /* __KAME__ */
ia6 = sa->sin6.sin6_addr;
if (IN6_IS_ADDR_UNSPECIFIED(&ia6))
{
addr = anynet_ntop(&ia6, buf6, sizeof(buf6));
message("WARNING: interface %s is UP with %s address",
ifr->ifr_name,
addr == NULL ? "(NULL)" : addr);
continue;
}
/* save IP address in text from */
addr = anynet_ntop(&ia6, buf6, sizeof(buf6));
if (addr != NULL)
(void) sm_snprintf(ip_addr, sizeof(ip_addr),
"[%.*s]",
(int) sizeof(ip_addr) - 3,
addr);
break;
# endif /* NETINET6 */
}
if (ip_addr[0] == '\0')
continue;
if (!wordinclass(ip_addr, 'w'))
{
setclass('w', ip_addr);
if (tTd(0, 4))
sm_dprintf("\ta.k.a.: %s\n", ip_addr);
}
/* skip "loopback" interface "lo" */
if (DontProbeInterfaces == DPI_SKIPLOOPBACK &&
bitset(IFF_LOOPBACK, IFRFREF.ifr_flags))
continue;
(void) add_hostnames(sa);
}
sm_free(ifc.ifc_buf); /* XXX */
(void) close(s);
# undef IFRFREF
# endif /* defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN */
# endif /* NETINET6 && defined(SIOCGLIFCONF) */
}
/*
** ISLOOPBACK -- is socket address in the loopback net?
**
** Parameters:
** sa -- socket address.
**
** Returns:
** true -- is socket address in the loopback net?
** false -- otherwise
**
*/
bool
isloopback(sa)
SOCKADDR sa;
{
-#if NETINET6
- if (IN6_IS_ADDR_LOOPBACK(&sa.sin6.sin6_addr))
- return true;
-#else /* NETINET6 */
/* XXX how to correctly extract IN_LOOPBACKNET part? */
- if (((ntohl(sa.sin.sin_addr.s_addr) & IN_CLASSA_NET)
+#define SM_IS_IPV4_LOOP(a) (((ntohl(a) & IN_CLASSA_NET) \
>> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
+#if NETINET6
+ if (sa.sa.sa_family == AF_INET6 &&
+ IN6_IS_ADDR_V4MAPPED(&sa.sin6.sin6_addr) &&
+ SM_IS_IPV4_LOOP(((uint32_t *) (&sa.sin6.sin6_addr))[3]))
return true;
-#endif /* NETINET6 */
+ if (sa.sa.sa_family == AF_INET6 &&
+ IN6_IS_ADDR_LOOPBACK(&sa.sin6.sin6_addr))
+ return true;
+#endif
+#if NETINET
+ if (sa.sa.sa_family == AF_INET &&
+ SM_IS_IPV4_LOOP(sa.sin.sin_addr.s_addr))
+ return true;
+#endif
return false;
}
+
/*
** GET_NUM_PROCS_ONLINE -- return the number of processors currently online
**
** Parameters:
** none.
**
** Returns:
** The number of processors online.
*/
static int
get_num_procs_online()
{
int nproc = 0;
#ifdef USESYSCTL
# if defined(CTL_HW) && defined(HW_NCPU)
size_t sz;
int mib[2];
mib[0] = CTL_HW;
mib[1] = HW_NCPU;
sz = (size_t) sizeof(nproc);
(void) sysctl(mib, 2, &nproc, &sz, NULL, 0);
# endif /* defined(CTL_HW) && defined(HW_NCPU) */
#else /* USESYSCTL */
# ifdef _SC_NPROCESSORS_ONLN
nproc = (int) sysconf(_SC_NPROCESSORS_ONLN);
# else /* _SC_NPROCESSORS_ONLN */
# ifdef __hpux
# include <sys/pstat.h>
struct pst_dynamic psd;
if (pstat_getdynamic(&psd, sizeof(psd), (size_t)1, 0) != -1)
nproc = psd.psd_proc_cnt;
# endif /* __hpux */
# endif /* _SC_NPROCESSORS_ONLN */
#endif /* USESYSCTL */
if (nproc <= 0)
nproc = 1;
return nproc;
}
/*
** SM_CLOSEFROM -- close file descriptors
**
** Parameters:
** lowest -- first fd to close
** highest -- last fd + 1 to close
**
** Returns:
** none
*/
void
sm_closefrom(lowest, highest)
int lowest, highest;
{
#if HASCLOSEFROM
closefrom(lowest);
#else /* HASCLOSEFROM */
int i;
for (i = lowest; i < highest; i++)
(void) close(i);
#endif /* HASCLOSEFROM */
}
#if HASFDWALK
/*
** CLOSEFD_WALK -- walk fd's arranging to close them
** Callback for fdwalk()
**
** Parameters:
** lowest -- first fd to arrange to be closed
** fd -- fd to arrange to be closed
**
** Returns:
** zero
*/
static int
closefd_walk(lowest, fd)
void *lowest;
int fd;
{
if (fd >= *(int *)lowest)
(void) fcntl(fd, F_SETFD, FD_CLOEXEC);
return 0;
}
#endif /* HASFDWALK */
/*
** SM_CLOSE_ON_EXEC -- arrange for file descriptors to be closed
**
** Parameters:
** lowest -- first fd to arrange to be closed
** highest -- last fd + 1 to arrange to be closed
**
** Returns:
** none
*/
void
sm_close_on_exec(lowest, highest)
int lowest, highest;
{
#if HASFDWALK
(void) fdwalk(closefd_walk, &lowest);
#else /* HASFDWALK */
int i, j;
for (i = lowest; i < highest; i++)
{
if ((j = fcntl(i, F_GETFD, 0)) != -1)
(void) fcntl(i, F_SETFD, j | FD_CLOEXEC);
}
#endif /* HASFDWALK */
}
/*
** SEED_RANDOM -- seed the random number generator
**
** Parameters:
** none
**
** Returns:
** none
*/
void
seed_random()
{
#if HASSRANDOMDEV
srandomdev();
#else /* HASSRANDOMDEV */
long seed;
struct timeval t;
seed = (long) CurrentPid;
if (gettimeofday(&t, NULL) >= 0)
seed += t.tv_sec + t.tv_usec;
# if HASRANDOM
(void) srandom(seed);
-# else /* HASRANDOM */
+# else
(void) srand((unsigned int) seed);
-# endif /* HASRANDOM */
+# endif
#endif /* HASSRANDOMDEV */
}
/*
** SM_SYSLOG -- syslog wrapper to keep messages under SYSLOG_BUFSIZE
**
** Parameters:
** level -- syslog level
** id -- envelope ID or NULL (NOQUEUE)
** fmt -- format string
** arg... -- arguments as implied by fmt.
**
** Returns:
** none
*/
/* VARARGS3 */
void
#ifdef __STDC__
sm_syslog(int level, const char *id, const char *fmt, ...)
#else /* __STDC__ */
sm_syslog(level, id, fmt, va_alist)
int level;
const char *id;
const char *fmt;
va_dcl
#endif /* __STDC__ */
{
char *buf;
size_t bufsize;
char *begin, *end;
int save_errno;
int seq = 1;
int idlen;
char buf0[MAXLINE];
char *newstring;
extern int SyslogPrefixLen;
SM_VA_LOCAL_DECL
save_errno = errno;
if (id == NULL)
id = "NOQUEUE";
idlen = strlen(id) + SyslogPrefixLen;
buf = buf0;
bufsize = sizeof(buf0);
for (;;)
{
int n;
/* print log message into buf */
SM_VA_START(ap, fmt);
n = sm_vsnprintf(buf, bufsize, fmt, ap);
SM_VA_END(ap);
SM_ASSERT(n >= 0);
if (n < bufsize)
break;
/* String too small, redo with correct size */
bufsize = n + 1;
if (buf != buf0)
{
sm_free(buf);
buf = NULL;
}
buf = sm_malloc_x(bufsize);
}
/* clean up buf after it has been expanded with args */
newstring = str2prt(buf);
if ((strlen(newstring) + idlen + 1) < SYSLOG_BUFSIZE)
{
#if LOG
if (*id == '\0')
{
if (tTd(89, 10))
{
struct timeval tv;
gettimeofday(&tv, NULL);
sm_dprintf("%ld.%06ld %s\n", (long) tv.tv_sec,
(long) tv.tv_usec, newstring);
}
else if (tTd(89, 8))
sm_dprintf("%s\n", newstring);
else
syslog(level, "%s", newstring);
}
else
{
if (tTd(89, 10))
{
struct timeval tv;
gettimeofday(&tv, NULL);
sm_dprintf("%ld.%06ld %s: %s\n", (long) tv.tv_sec,
(long) tv.tv_usec, id, newstring);
}
else if (tTd(89, 8))
sm_dprintf("%s: %s\n", id, newstring);
else
syslog(level, "%s: %s", id, newstring);
}
#else /* LOG */
/*XXX should do something more sensible */
if (*id == '\0')
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, "%s\n",
newstring);
else
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: %s\n", id, newstring);
#endif /* LOG */
if (buf != buf0)
sm_free(buf);
errno = save_errno;
return;
}
/*
** additional length for splitting: " ..." + 3, where 3 is magic to
** have some data for the next entry.
*/
#define SL_SPLIT 7
begin = newstring;
idlen += 5; /* strlen("[999]"), see below */
while (*begin != '\0' &&
(strlen(begin) + idlen) > SYSLOG_BUFSIZE)
{
char save;
if (seq >= 999)
{
/* Too many messages */
break;
}
end = begin + SYSLOG_BUFSIZE - idlen - SL_SPLIT;
while (end > begin)
{
/* Break on comma or space */
if (*end == ',' || *end == ' ')
{
end++; /* Include separator */
break;
}
end--;
}
/* No separator, break midstring... */
if (end == begin)
end = begin + SYSLOG_BUFSIZE - idlen - SL_SPLIT;
save = *end;
*end = 0;
#if LOG
if (tTd(89, 8))
sm_dprintf("%s[%d]: %s ...\n", id, seq++, begin);
else
syslog(level, "%s[%d]: %s ...", id, seq++, begin);
#else /* LOG */
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s[%d]: %s ...\n", id, seq++, begin);
#endif /* LOG */
*end = save;
begin = end;
}
if (seq >= 999)
{
#if LOG
if (tTd(89, 8))
sm_dprintf("%s[%d]: log terminated, too many parts\n",
id, seq);
else
syslog(level, "%s[%d]: log terminated, too many parts",
id, seq);
#else /* LOG */
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s[%d]: log terminated, too many parts\n", id, seq);
#endif /* LOG */
}
else if (*begin != '\0')
{
#if LOG
if (tTd(89, 8))
sm_dprintf("%s[%d]: %s\n", id, seq, begin);
else
syslog(level, "%s[%d]: %s", id, seq, begin);
#else /* LOG */
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s[%d]: %s\n", id, seq, begin);
#endif /* LOG */
}
if (buf != buf0)
sm_free(buf);
errno = save_errno;
}
/*
** HARD_SYSLOG -- call syslog repeatedly until it works
**
** Needed on HP-UX, which apparently doesn't guarantee that
** syslog succeeds during interrupt handlers.
*/
#if defined(__hpux) && !defined(HPUX11)
# define MAXSYSLOGTRIES 100
# undef syslog
# ifdef V4FS
# define XCNST const
# define CAST (const char *)
-# else /* V4FS */
+# else
# define XCNST
# define CAST
-# endif /* V4FS */
+# endif
void
# ifdef __STDC__
hard_syslog(int pri, XCNST char *msg, ...)
# else /* __STDC__ */
hard_syslog(pri, msg, va_alist)
int pri;
XCNST char *msg;
va_dcl
# endif /* __STDC__ */
{
int i;
char buf[SYSLOG_BUFSIZE];
SM_VA_LOCAL_DECL
SM_VA_START(ap, msg);
(void) sm_vsnprintf(buf, sizeof(buf), msg, ap);
SM_VA_END(ap);
for (i = MAXSYSLOGTRIES; --i >= 0 && syslog(pri, CAST "%s", buf) < 0; )
continue;
}
# undef CAST
#endif /* defined(__hpux) && !defined(HPUX11) */
#if NEEDLOCAL_HOSTNAME_LENGTH
/*
** LOCAL_HOSTNAME_LENGTH
**
** This is required to get sendmail to compile against BIND 4.9.x
** on Ultrix.
**
** Unfortunately, a Compaq Y2K patch kit provides it without
** bumping __RES in /usr/include/resolv.h so we can't automatically
** figure out whether it is needed.
*/
int
local_hostname_length(hostname)
char *hostname;
{
size_t len_host, len_domain;
if (!*_res.defdname)
res_init();
len_host = strlen(hostname);
len_domain = strlen(_res.defdname);
if (len_host > len_domain &&
(sm_strcasecmp(hostname + len_host - len_domain,
_res.defdname) == 0) &&
hostname[len_host - len_domain - 1] == '.')
return len_host - len_domain - 1;
else
return 0;
}
#endif /* NEEDLOCAL_HOSTNAME_LENGTH */
#if NEEDLINK
/*
** LINK -- clone a file
**
** Some OS's lacks link() and hard links. Since sendmail is using
** link() as an efficient way to clone files, this implementation
** will simply do a file copy.
**
** NOTE: This link() replacement is not a generic replacement as it
** does not handle all of the semantics of the real link(2).
**
** Parameters:
** source -- pathname of existing file.
** target -- pathname of link (clone) to be created.
**
** Returns:
** 0 -- success.
** -1 -- failure, see errno for details.
*/
int
link(source, target)
const char *source;
const char *target;
{
int save_errno;
int sff;
int src = -1, dst = -1;
ssize_t readlen;
ssize_t writelen;
char buf[BUFSIZ];
struct stat st;
sff = SFF_REGONLY|SFF_OPENASROOT;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
/* Open the original file */
src = safeopen((char *)source, O_RDONLY, 0, sff);
if (src < 0)
goto fail;
/* Obtain the size and the mode */
if (fstat(src, &st) < 0)
goto fail;
/* Create the duplicate copy */
sff &= ~SFF_NOLOCK;
sff |= SFF_CREAT;
dst = safeopen((char *)target, O_CREAT|O_EXCL|O_WRONLY,
st.st_mode, sff);
if (dst < 0)
goto fail;
/* Copy all of the bytes one buffer at a time */
while ((readlen = read(src, &buf, sizeof(buf))) > 0)
{
ssize_t left = readlen;
char *p = buf;
while (left > 0 &&
(writelen = write(dst, p, (size_t) left)) >= 0)
{
left -= writelen;
p += writelen;
}
if (writelen < 0)
break;
}
/* Any trouble reading? */
if (readlen < 0 || writelen < 0)
goto fail;
/* Close the input file */
if (close(src) < 0)
{
src = -1;
goto fail;
}
src = -1;
/* Close the output file */
if (close(dst) < 0)
{
/* don't set dst = -1 here so we unlink the file */
goto fail;
}
/* Success */
return 0;
fail:
save_errno = errno;
if (src >= 0)
(void) close(src);
if (dst >= 0)
{
(void) unlink(target);
(void) close(dst);
}
errno = save_errno;
return -1;
}
#endif /* NEEDLINK */
/*
** Compile-Time options
*/
+#define SM_STR(x) #x
+#define SM_XSTR(x) SM_STR(x)
+
char *CompileOptions[] =
{
#if ALLOW_255
"ALLOW_255",
#endif
+#if DANE
+# if STARTTLS
+ "DANE",
+# else
+# error "DANE set but STARTTLS not defined"
+# endif
+#endif
#if NAMED_BIND
# if DNSMAP
"DNSMAP",
# endif
#endif
#if EGD
"EGD",
#endif
#if HESIOD
"HESIOD",
#endif
#if HESIOD_ALLOW_NUMERIC_LOGIN
"HESIOD_ALLOW_NUMERIC_LOGIN",
#endif
#if HES_GETMAILHOST
"HES_GETMAILHOST",
#endif
#if IPV6_FULL
/* Use uncompressed IPv6 address format (no "::") by default */
"IPV6_FULL",
#endif
#if LDAPMAP
"LDAPMAP",
#endif
+#if LDAP_NETWORK_TIMEOUT
+# if LDAPMAP && defined(LDAP_OPT_NETWORK_TIMEOUT)
+ /* set LDAP_OPT_NETWORK_TIMEOUT if available (-c) */
+ "LDAP_NETWORK_TIMEOUT",
+# else
+# ERROR: _LDAP_NETWORK_TIMEOUT requires _LDAPMAP
+# endif
+#endif
#if LDAP_REFERRALS
"LDAP_REFERRALS",
#endif
#if LOG
"LOG",
#endif
#if MAP_NSD
"MAP_NSD",
#endif
#if MAP_REGEX
"MAP_REGEX",
#endif
#if MATCHGECOS
"MATCHGECOS",
#endif
+#if MAXDAEMONS != 10
+ "MAXDAEMONS=" SM_XSTR(MAXDAEMONS),
+#endif
+#if defined(MSGIDLOGLEN)
+ "MSGIDLOGLEN=" SM_XSTR(MSGIDLOGLEN),
+#endif
#if MILTER
"MILTER",
#endif
#if MIME7TO8
"MIME7TO8",
#endif
#if MIME7TO8_OLD
"MIME7TO8_OLD",
#endif
#if MIME8TO7
"MIME8TO7",
#endif
#if NAMED_BIND
"NAMED_BIND",
#endif
#if NDBM
"NDBM",
#endif
#if NETINET
"NETINET",
#endif
#if NETINET6
"NETINET6",
#endif
#if NETINFO
"NETINFO",
#endif
#if NETISO
"NETISO",
#endif
#if NETNS
"NETNS",
#endif
#if NETUNIX
"NETUNIX",
#endif
#if NETX25
"NETX25",
#endif
+#if NO_EOH_FIELDS
+ "NO_EOH_FIELDS",
+#endif
#if NEWDB
+# if defined(DB_VERSION_MAJOR) && defined(DB_VERSION_MINOR)
+ "NEWDB=" SM_XSTR(DB_VERSION_MAJOR) "." SM_XSTR(DB_VERSION_MINOR),
+# else
"NEWDB",
+# endif
+#endif
+#if CDB
+ "CDB=" SM_XSTR(CDB),
#endif
#if NIS
"NIS",
#endif
#if NISPLUS
"NISPLUS",
#endif
#if NO_DH
"NO_DH",
#endif
#if PH_MAP
"PH_MAP",
#endif
#ifdef PICKY_HELO_CHECK
"PICKY_HELO_CHECK",
#endif
#if PIPELINING
"PIPELINING",
#endif
#if SASL
# if SASL >= 20000
"SASLv2",
-# else /* SASL >= 20000 */
+# else
"SASL",
# endif
#endif
#if SCANF
"SCANF",
#endif
#if SM_LDAP_ERROR_ON_MISSING_ARGS
"SM_LDAP_ERROR_ON_MISSING_ARGS",
#endif
#if SMTPDEBUG
"SMTPDEBUG",
#endif
#if SOCKETMAP
"SOCKETMAP",
#endif
#if STARTTLS
"STARTTLS",
#endif
#if SUID_ROOT_FILES_OK
"SUID_ROOT_FILES_OK",
#endif
+#if SYSLOG_BUFSIZE > 1024
+ "SYSLOG_BUFSIZE=" SM_XSTR(SYSLOG_BUFSIZE),
+#endif
#if TCPWRAPPERS
"TCPWRAPPERS",
#endif
#if TLS_NO_RSA
"TLS_NO_RSA",
#endif
+#if TLS_EC
+ /* elliptic curves */
+ "TLS_EC",
+#endif
#if TLS_VRFY_PER_CTX
"TLS_VRFY_PER_CTX",
#endif
#if USERDB
"USERDB",
#endif
#if USE_LDAP_INIT
"USE_LDAP_INIT",
#endif
#if USE_TTYPATH
"USE_TTYPATH",
#endif
#if XDEBUG
"XDEBUG",
#endif
#if XLA
"XLA",
#endif
NULL
};
/*
** OS compile options.
*/
char *OsCompileOptions[] =
{
#if ADDRCONFIG_IS_BROKEN
"ADDRCONFIG_IS_BROKEN",
#endif
#ifdef AUTO_NETINFO_HOSTS
"AUTO_NETINFO_HOSTS",
#endif
#ifdef AUTO_NIS_ALIASES
"AUTO_NIS_ALIASES",
#endif
#if BROKEN_RES_SEARCH
"BROKEN_RES_SEARCH",
#endif
#ifdef BSD4_4_SOCKADDR
"BSD4_4_SOCKADDR",
#endif
#if BOGUS_O_EXCL
"BOGUS_O_EXCL",
#endif
#if DEC_OSF_BROKEN_GETPWENT
"DEC_OSF_BROKEN_GETPWENT",
#endif
+#if DNSSEC_TEST
+ "DNSSEC_TEST",
+#endif
#if FAST_PID_RECYCLE
"FAST_PID_RECYCLE",
#endif
#if HASCLOSEFROM
"HASCLOSEFROM",
#endif
#if HASFCHOWN
"HASFCHOWN",
#endif
#if HASFCHMOD
"HASFCHMOD",
#endif
#if HASFDWALK
"HASFDWALK",
#endif
#if HASFLOCK
"HASFLOCK",
#endif
#if HASGETDTABLESIZE
"HASGETDTABLESIZE",
#endif
+#if HAS_GETHOSTBYNAME2
+ "HAS_GETHOSTBYNAME2",
+#endif
#if HASGETUSERSHELL
"HASGETUSERSHELL",
#endif
#if HASINITGROUPS
"HASINITGROUPS",
#endif
#if HASLDAPGETALIASBYNAME
"HASLDAPGETALIASBYNAME",
#endif
#if HASLSTAT
"HASLSTAT",
#endif
#if HASNICE
"HASNICE",
#endif
#if HASRANDOM
"HASRANDOM",
#endif
#if HASRRESVPORT
"HASRRESVPORT",
#endif
#if HASSETEGID
"HASSETEGID",
#endif
#if HASSETLOGIN
"HASSETLOGIN",
#endif
#if HASSETREGID
"HASSETREGID",
#endif
#if HASSETRESGID
"HASSETRESGID",
#endif
#if HASSETREUID
"HASSETREUID",
#endif
#if HASSETRLIMIT
"HASSETRLIMIT",
#endif
#if HASSETSID
"HASSETSID",
#endif
#if HASSETUSERCONTEXT
"HASSETUSERCONTEXT",
#endif
#if HASSETVBUF
"HASSETVBUF",
#endif
#if HAS_ST_GEN
"HAS_ST_GEN",
#endif
#if HASSRANDOMDEV
"HASSRANDOMDEV",
#endif
#if HASURANDOMDEV
"HASURANDOMDEV",
#endif
#if HASSTRERROR
"HASSTRERROR",
#endif
#if HASULIMIT
"HASULIMIT",
#endif
#if HASUNAME
"HASUNAME",
#endif
#if HASUNSETENV
"HASUNSETENV",
#endif
#if HASWAITPID
"HASWAITPID",
#endif
#if HAVE_NANOSLEEP
"HAVE_NANOSLEEP",
#endif
#if IDENTPROTO
"IDENTPROTO",
#endif
#if IP_SRCROUTE
"IP_SRCROUTE",
#endif
#if O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL
"LOCK_ON_OPEN",
#endif
#if MILTER_NO_NAGLE
"MILTER_NO_NAGLE ",
#endif
#if NEEDFSYNC
"NEEDFSYNC",
#endif
#if NEEDLINK
"NEEDLINK",
#endif
#if NEEDLOCAL_HOSTNAME_LENGTH
"NEEDLOCAL_HOSTNAME_LENGTH",
#endif
#if NEEDSGETIPNODE
"NEEDSGETIPNODE",
#endif
#if NEEDSTRSTR
"NEEDSTRSTR",
#endif
#if NEEDSTRTOL
"NEEDSTRTOL",
#endif
#ifdef NO_GETSERVBYNAME
"NO_GETSERVBYNAME",
#endif
#if NOFTRUNCATE
"NOFTRUNCATE",
#endif
#if REQUIRES_DIR_FSYNC
"REQUIRES_DIR_FSYNC",
#endif
#if RLIMIT_NEEDS_SYS_TIME_H
"RLIMIT_NEEDS_SYS_TIME_H",
#endif
#if SAFENFSPATHCONF
"SAFENFSPATHCONF",
#endif
#if SECUREWARE
"SECUREWARE",
#endif
#if SFS_TYPE == SFS_4ARGS
"SFS_4ARGS",
#elif SFS_TYPE == SFS_MOUNT
"SFS_MOUNT",
#elif SFS_TYPE == SFS_NONE
"SFS_NONE",
#elif SFS_TYPE == SFS_NT
"SFS_NT",
#elif SFS_TYPE == SFS_STATFS
"SFS_STATFS",
#elif SFS_TYPE == SFS_STATVFS
"SFS_STATVFS",
#elif SFS_TYPE == SFS_USTAT
"SFS_USTAT",
#elif SFS_TYPE == SFS_VFS
"SFS_VFS",
#endif
#if SHARE_V1
"SHARE_V1",
#endif
#if SIOCGIFCONF_IS_BROKEN
"SIOCGIFCONF_IS_BROKEN",
#endif
#if SIOCGIFNUM_IS_BROKEN
"SIOCGIFNUM_IS_BROKEN",
#endif
#if SNPRINTF_IS_BROKEN
"SNPRINTF_IS_BROKEN",
#endif
#if SO_REUSEADDR_IS_BROKEN
"SO_REUSEADDR_IS_BROKEN",
#endif
#if SYS5SETPGRP
"SYS5SETPGRP",
#endif
#if SYSTEM5
"SYSTEM5",
#endif
#if USE_DOUBLE_FORK
"USE_DOUBLE_FORK",
#endif
#if USE_ENVIRON
"USE_ENVIRON",
#endif
#if USE_SA_SIGACTION
"USE_SA_SIGACTION",
#endif
#if USE_SIGLONGJMP
"USE_SIGLONGJMP",
#endif
#if USEGETCONFATTR
"USEGETCONFATTR",
#endif
#if USESETEUID
"USESETEUID",
#endif
#ifdef USESYSCTL
"USESYSCTL",
#endif
#if USE_OPENSSL_ENGINE
+ /*
+ ** 0: OpenSSL ENGINE?
+ ** 1: Support Sun OpenSSL patch for SPARC T4 pkcs11
+ ** 2: none
+ */
+# if USE_OPENSSL_ENGINE != 1
+ "USE_OPENSSL_ENGINE=" SM_XSTR(USE_OPENSSL_ENGINE),
+# else
"USE_OPENSSL_ENGINE",
#endif
+#endif
#if USING_NETSCAPE_LDAP
"USING_NETSCAPE_LDAP",
#endif
#ifdef WAITUNION
"WAITUNION",
#endif
NULL
};
/*
** FFR compile options.
*/
char *FFRCompileOptions[] =
{
#if _FFR_ADD_BCC
+ /* see cf/feature/bcc.m4 */
"_FFR_ADD_BCC",
#endif
#if _FFR_ADDR_TYPE_MODES
/* more info in {addr_type}, requires m4 changes! */
"_FFR_ADDR_TYPE_MODES",
#endif
#if _FFR_ALIAS_DETAIL
/* try to handle +detail for aliases */
"_FFR_ALIAS_DETAIL",
#endif
#if _FFR_ALLOW_SASLINFO
/* DefaultAuthInfo can be specified by user. */
/* DefaultAuthInfo doesn't really work in 8.13 anymore. */
"_FFR_ALLOW_SASLINFO",
#endif
#if _FFR_BADRCPT_SHUTDOWN
/* shut down connection (421) if there are too many bad RCPTs */
"_FFR_BADRCPT_SHUTDOWN",
#endif
#if _FFR_BESTMX_BETTER_TRUNCATION
/* Better truncation of list of MX records for dns map. */
"_FFR_BESTMX_BETTER_TRUNCATION",
#endif
+#if _FFR_BLANKENV_MACV
+ /* also look up macros in BlankEnvelope */
+ "_FFR_BLANKENV_MACV",
+#endif
#if _FFR_BOUNCE_QUEUE
/* Separate, unprocessed queue for DSNs */
/* John Gardiner Myers of Proofpoint */
"_FFR_BOUNCE_QUEUE",
#endif
#if _FFR_CATCH_BROKEN_MTAS
/* Deal with MTAs that send a reply during the DATA phase. */
"_FFR_CATCH_BROKEN_MTAS",
#endif
#if _FFR_CHK_QUEUE
/* Stricter checks about queue directory permissions. */
"_FFR_CHK_QUEUE",
#endif
+#if _FFR_CLIENTCA
+ /*
+ ** Allow to set client specific CA values.
+ ** CACertFile: see doc/op.*:
+ ** "The DNs of these certificates are sent to the client
+ ** during the TLS handshake (as part of the CertificateRequest)
+ ** as the list of acceptable CAs.
+ ** However, do not list too many root CAs in that file,
+ ** otherwise the TLS handshake may fail;"
+ ** In TLSv1.3 the certs in CACertFile are also sent by
+ ** the client to the server and there is seemingly a
+ ** 16KB limit (just in OpenSSL?).
+ ** Having a separate CACertFile for the client
+ ** helps to avoid this problem.
+ */
+
+ "_FFR_CLIENTCA",
+#endif
#if _FFR_CLIENT_SIZE
/* Don't try to send mail if its size exceeds SIZE= of server. */
"_FFR_CLIENT_SIZE",
#endif
-#if _FFR_CRLPATH
- /* CRLPath; needs documentation; Al Smith */
- "_FFR_CRLPATH",
-#endif
#if _FFR_DM_ONE
/* deliver first TA in background, then queue */
"_FFR_DM_ONE",
#endif
#if _FFR_DIGUNIX_SAFECHOWN
/* Properly set SAFECHOWN (include/sm/conf.h) for Digital UNIX */
/* Problem noted by Anne Bennett of Concordia University */
"_FFR_DIGUNIX_SAFECHOWN",
#endif
#if _FFR_DNSMAP_ALIASABLE
/* Allow dns map type to be used for aliases. */
/* Don Lewis of TDK */
"_FFR_DNSMAP_ALIASABLE",
#endif
#if _FFR_DONTLOCKFILESFORREAD_OPTION
/* Enable DontLockFilesForRead option. */
"_FFR_DONTLOCKFILESFORREAD_OPTION",
#endif
#if _FFR_DOTTED_USERNAMES
/* Allow usernames with '.' */
"_FFR_DOTTED_USERNAMES",
#endif
#if _FFR_DPO_CS
/*
** Make DaemonPortOptions case sensitive.
** For some unknown reasons the code converted every option
** to uppercase (first letter only, as that's the only one that
** is actually checked). This prevented all new lower case options
** from working...
** The documentation doesn't say anything about case (in)sensitivity,
** which means it should be case sensitive by default,
** but it's not a good idea to change this within a patch release,
** so let's delay this to 8.15.
*/
"_FFR_DPO_CS",
#endif
#if _FFR_DPRINTF_MAP
/* dprintf map for logging */
"_FFR_DPRINTF_MAP",
#endif
#if _FFR_DROP_TRUSTUSER_WARNING
/*
** Don't issue this warning:
** "readcf: option TrustedUser may cause problems on systems
** which do not support fchown() if UseMSP is not set.
*/
"_FFR_DROP_TRUSTUSER_WARNING",
#endif
#if _FFR_EIGHT_BIT_ADDR_OK
/* EightBitAddrOK: allow 8-bit e-mail addresses */
"_FFR_EIGHT_BIT_ADDR_OK",
#endif
+#if _FFR_EXPAND_HELONAME
+ /* perform macro expansion for heloname */
+ "_FFR_EXPAND_HELONAME",
+#endif
#if _FFR_EXTRA_MAP_CHECK
/* perform extra checks on $( $) in R lines */
"_FFR_EXTRA_MAP_CHECK",
#endif
#if _FFR_GETHBN_ExFILE
/*
** According to Motonori Nakamura some gethostbyname()
** implementations (TurboLinux?) may (temporarily) fail
** due to a lack of file descriptors. Enabling this FFR
** will check errno for EMFILE and ENFILE and in case of a match
** cause a temporary error instead of a permanent error.
** The right solution is of course to file a bug against those
** systems such that they actually set h_errno = TRY_AGAIN.
*/
"_FFR_GETHBN_ExFILE",
#endif
#if _FFR_FIPSMODE
/* FIPSMode (if supported by OpenSSL library) */
"_FFR_FIPSMODE",
#endif
#if _FFR_FIX_DASHT
/*
** If using -t, force not sending to argv recipients, even
** if they are mentioned in the headers.
*/
"_FFR_FIX_DASHT",
#endif
#if _FFR_FORWARD_SYSERR
/* Cause a "syserr" if forward file isn't "safe". */
"_FFR_FORWARD_SYSERR",
#endif
#if _FFR_GEN_ORCPT
/* Generate a ORCPT DSN arg if not already provided */
"_FFR_GEN_ORCPT",
#endif
#if _FFR_HANDLE_ISO8859_GECOS
/*
** Allow ISO 8859 characters in GECOS field: replace them
** with ASCII "equivalent".
*/
/* Peter Eriksson of Linkopings universitet */
"_FFR_HANDLE_ISO8859_GECOS",
#endif
#if _FFR_HANDLE_HDR_RW_TEMPFAIL
/*
** Temporary header rewriting problems from remotename() etc
** are not "sticky" for mci (e.g., during queue runs).
*/
"_FFR_HANDLE_HDR_RW_TEMPFAIL",
#endif
#if _FFR_HPUX_NSSWITCH
/* Use nsswitch on HP-UX */
"_FFR_HPUX_NSSWITCH",
#endif
#if _FFR_IGNORE_BOGUS_ADDR
/* Ignore addresses for which prescan() failed */
"_FFR_IGNORE_BOGUS_ADDR",
#endif
#if _FFR_IGNORE_EXT_ON_HELO
/* Ignore extensions offered in response to HELO */
"_FFR_IGNORE_EXT_ON_HELO",
#endif
-#if _FFR_LINUX_MHNL
- /* Set MAXHOSTNAMELEN to 256 (Linux) */
- "_FFR_LINUX_MHNL",
+#if _FFR_KEEPBCC
+ /* Keep Bcc header */
+ "_FFR_KEEPBCC",
#endif
#if _FFR_LOCAL_DAEMON
/* Local daemon mode (-bl) which only accepts loopback connections */
"_FFR_LOCAL_DAEMON",
#endif
#if _FFR_LOG_MORE1
/* log some TLS/AUTH info in from= too */
- "_FFR_LOG_MORE1",
+ "_FFR_LOG_MORE1=" SM_XSTR(_FFR_LOG_MORE1),
#endif
#if _FFR_LOG_MORE2
/* log some TLS info in to= too */
- "_FFR_LOG_MORE2",
+ "_FFR_LOG_MORE2=" SM_XSTR(_FFR_LOG_MORE2),
#endif
-#if _FFR_LOGREPLY
- "_FFR_LOGREPLY",
+#if _FFR_LOG_MORE1 > 1 || _FFR_LOG_MORE2 > 1
+# if _FFR_LOG_MORE1 != _FFR_LOG_MORE2
+ ERROR: FFR_LOG_MORE1 != FFR_LOG_MORE2
+# endif
#endif
#if _FFR_MAIL_MACRO
+ /* make the "real" sender address available in {mail_from} */
"_FFR_MAIL_MACRO",
#endif
#if _FFR_MAXDATASIZE
/*
** It is possible that a header is larger than MILTER_CHUNK_SIZE,
** hence this shouldn't be used as limit for milter communication.
** see also libmilter/comm.c
** Gurusamy Sarathy of ActiveState
*/
"_FFR_MAXDATASIZE",
#endif
#if _FFR_MAX_FORWARD_ENTRIES
/* Try to limit number of .forward entries */
/* (doesn't work) */
/* Randall S. Winchester of the University of Maryland */
"_FFR_MAX_FORWARD_ENTRIES",
#endif
#if _FFR_MAX_SLEEP_TIME
/* Limit sleep(2) time in libsm/clock.c */
"_FFR_MAX_SLEEP_TIME",
#endif
#if _FFR_MDS_NEGOTIATE
- /* MaxDataSize negotation with libmilter */
+ /* MaxDataSize negotiation with libmilter */
"_FFR_MDS_NEGOTIATE",
#endif
#if _FFR_MEMSTAT
/* Check free memory */
"_FFR_MEMSTAT",
#endif
#if _FFR_MILTER_CHECK
"_FFR_MILTER_CHECK",
#endif
#if _FFR_MILTER_CONNECT_REPLYCODE
/* milter: propagate replycode returned by connect commands */
/* John Gardiner Myers of Proofpoint */
"_FFR_MILTER_CONNECT_REPLYCODE ",
#endif
#if _FFR_MILTER_CONVERT_ALL_LF_TO_CRLF
/*
** milter_body() uses the same conversion algorithm as putbody()
** to translate the "local" df format (\n) to SMTP format (\r\n).
** However, putbody() and mime8to7() use different conversion
** algorithms.
** If the input date does not follow the SMTP standard
** (e.g., if it has "naked \r"s), then the output from putbody()
** and mime8to7() will most likely be different.
** By turning on this FFR milter_body() will try to "imitate"
** mime8to7().
** Note: there is no (simple) way to deal with both conversions
** in a consistent manner. Moreover, as the "GiGo" principle applies,
** it's not really worth to fix it.
*/
"_FFR_MILTER_CONVERT_ALL_LF_TO_CRLF",
#endif
#if _FFR_MILTER_CHECK_REJECTIONS_TOO
/*
** Also send RCPTs that are rejected by check_rcpt to a milter
** (if requested during option negotiation).
*/
"_FFR_MILTER_CHECK_REJECTIONS_TOO",
#endif
#if _FFR_MILTER_ENHSC
/* extract enhanced status code from milter replies for dsn= logging */
"_FFR_MILTER_ENHSC",
#endif
#if _FFR_MIME7TO8_OLD
/* Old mime7to8 code, the new is broken for at least one example. */
"_FFR_MIME7TO8_OLD",
#endif
#if _FFR_MORE_MACROS
/* allow more long macro names ("unprintable" characters). */
"_FFR_MORE_MACROS",
#endif
#if _FFR_MSG_ACCEPT
/* allow to override "Message accepted for delivery" */
"_FFR_MSG_ACCEPT",
#endif
#if _FFR_NODELAYDSN_ON_HOLD
/* Do not issue a DELAY DSN for mailers that use the hold flag. */
/* Steven Pitzl */
"_FFR_NODELAYDSN_ON_HOLD",
#endif
#if _FFR_NO_PIPE
/* Disable PIPELINING, delay client if used. */
"_FFR_NO_PIPE",
#endif
-#if _FFR_LDAP_NETWORK_TIMEOUT
- /* set LDAP_OPT_NETWORK_TIMEOUT if available (-c) */
- "_FFR_LDAP_NETWORK_TIMEOUT",
+#if _FFR_LDAP_SINGLEDN
+ /*
+ ** The LDAP database map code in Sendmail 8.12.10, when
+ ** given the -1 switch, would match only a single DN,
+ ** but was able to return multiple attributes for that
+ ** DN. In Sendmail 8.13 this "bug" was corrected to
+ ** only return if exactly one attribute matched.
+ **
+ ** Unfortunately, our configuration uses the former
+ ** behaviour. Attached is a relatively simple patch
+ ** to 8.13.4 which adds a -2 switch (for lack of a
+ ** better option) which returns the single dn/multiple
+ ** attributes.
+ **
+ ** Jeffrey T. Eaton, Carnegie-Mellon University
+ */
+
+ "_FFR_LDAP_SINGLEDN",
#endif
#if _FFR_LOG_NTRIES
/* log ntries=, from Nik Clayton of FreeBSD */
"_FFR_LOG_NTRIES",
#endif
+#if _FFR_OCC
+# if SM_CONF_SHM
+ /* outgoing connection control (not yet working) */
+ "_FFR_OCC",
+# else
+# ERROR: FFR_OCC requires _SM_CONF_SHM
+# endif
+#endif
#if _FFR_PROXY
/* "proxy" (synchronous) delivery mode */
"_FFR_PROXY",
#endif
#if _FFR_QF_PARANOIA
+ /* Check to make sure key fields were read from qf */
"_FFR_QF_PARANOIA",
#endif
#if _FFR_QUEUE_GROUP_SORTORDER
/* Allow QueueSortOrder per queue group. */
/* XXX: Still need to actually use qgrp->qg_sortorder */
"_FFR_QUEUE_GROUP_SORTORDER",
#endif
#if _FFR_QUEUE_MACRO
/* Define {queue} macro. */
"_FFR_QUEUE_MACRO",
#endif
#if _FFR_QUEUE_RUN_PARANOIA
/* Additional checks when doing queue runs; interval of checks */
"_FFR_QUEUE_RUN_PARANOIA",
#endif
#if _FFR_QUEUE_SCHED_DBG
/* Debug output for the queue scheduler. */
"_FFR_QUEUE_SCHED_DBG",
#endif
#if _FFR_RCPTFLAGS
+ /* dynamic mailer modifications via {rcpt_flags}*/
"_FFR_RCPTFLAGS",
#endif
#if _FFR_RCPTTHROTDELAY
/* configurable delay for BadRcptThrottle */
"_FFR_RCPTTHROTDELAY",
#endif
#if _FFR_REDIRECTEMPTY
/*
** envelope <> can't be sent to mailing lists, only owner-
** send spam of this type to owner- of the list
** ---- to stop spam from going to mailing lists.
*/
"_FFR_REDIRECTEMPTY",
#endif
#if _FFR_REJECT_NUL_BYTE
/* reject NUL bytes in body */
"_FFR_REJECT_NUL_BYTE",
#endif
#if _FFR_RESET_MACRO_GLOBALS
/* Allow macro 'j' to be set dynamically via rulesets. */
"_FFR_RESET_MACRO_GLOBALS",
#endif
#if _FFR_RHS
/* Random shuffle for queue sorting. */
"_FFR_RHS",
#endif
#if _FFR_RUNPQG
/*
** allow -qGqueue_group -qp to work, i.e.,
** restrict a persistent queue runner to a queue group.
*/
"_FFR_RUNPQG",
#endif
#if _FFR_SESSID
- /* session id (for logging) */
+ /* session id (for logging): WIP, no logging yet! */
"_FFR_SESSID",
#endif
+#if _FFR_SETANYOPT
+ "_FFR_SETANYOPT",
+#endif
+#if _FFR_SETDEBUG_MAP
+ "_FFR_SETDEBUG_MAP",
+#endif
+#if _FFR_SETOPT_MAP
+ "_FFR_SETOPT_MAP",
+#endif
#if _FFR_SHM_STATUS
/* Donated code (unused). */
"_FFR_SHM_STATUS",
#endif
-#if _FFR_LDAP_SINGLEDN
- /*
- ** The LDAP database map code in Sendmail 8.12.10, when
- ** given the -1 switch, would match only a single DN,
- ** but was able to return multiple attributes for that
- ** DN. In Sendmail 8.13 this "bug" was corrected to
- ** only return if exactly one attribute matched.
- **
- ** Unfortunately, our configuration uses the former
- ** behaviour. Attached is a relatively simple patch
- ** to 8.13.4 which adds a -2 switch (for lack of a
- ** better option) which returns the single dn/multiple
- ** attributes.
- **
- ** Jeffrey T. Eaton, Carnegie-Mellon University
- */
-
- "_FFR_LDAP_SINGLEDN",
-#endif
#if _FFR_SKIP_DOMAINS
/* process every N'th domain instead of every N'th message */
"_FFR_SKIP_DOMAINS",
#endif
#if _FFR_SLEEP_USE_SELECT
/* Use select(2) in libsm/clock.c to emulate sleep(2) */
"_FFR_SLEEP_USE_SELECT ",
#endif
+#if _FFR_SM_LDAP_DBG
+# if LDAPMAP && defined(LBER_OPT_LOG_PRINT_FN)
+ /* LDAP debugging */
+ "_FFR_SM_LDAP_DBG",
+# else
+# ERROR: FFR_SM_LDAP_DBG requires _LDAPMAP and LBER_OPT_LOG_PRINT_FN
+# endif
+#endif
#if _FFR_SPT_ALIGN
/*
** It looks like the Compaq Tru64 5.1A now aligns argv and envp to 64
** bit alignment, so unless each piece of argv and envp is a multiple
** of 8 bytes (including terminating NULL), initsetproctitle() won't
** use any of the space beyond argv[0]. Be sure to set SPT_ALIGN_SIZE
** if you use this FFR.
*/
/* Chris Adams of HiWAAY Informations Services */
"_FFR_SPT_ALIGN",
#endif
#if _FFR_SS_PER_DAEMON
/* SuperSafe per DaemonPortOptions: 'T' (better letter?) */
"_FFR_SS_PER_DAEMON",
#endif
#if _FFR_TESTS
/* enable some test code */
"_FFR_TESTS",
#endif
#if _FFR_TIMERS
/* Donated code (unused). */
"_FFR_TIMERS",
#endif
-#if _FFR_TLS_EC
- "_FFR_TLS_EC",
+#if _FFR_TLS_ALTNAMES
+ /* store subjectAltNames in class {cert_altnames} */
+# if STARTTLS
+ "_FFR_TLS_ALTNAMES",
+# else
+# error "_FFR_TLS_ALTNAMES set but STARTTLS not defined"
+# endif
+#endif
+#if _FFR_TLSFB2CLEAR
+ /* set default for TLSFallbacktoClear to true */
+# if STARTTLS
+ "_FFR_TLSFB2CLEAR",
+# else
+# error "_FFR_TLSFB2CLEAR set but STARTTLS not defined"
+# endif
#endif
#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
/*
** Use SSL_CTX_use_certificate_chain_file()
** instead of SSL_CTX_use_certificate_file()
*/
+# if STARTTLS
"_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE",
-#endif
-#if _FFR_TLS_SE_OPTS
- /* TLS session options */
- "_FFR_TLS_SE_OPTS",
+# else
+# error "_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE set but STARTTLS not defined"
+# endif
#endif
#if _FFR_TRUSTED_QF
/*
** If we don't own the file mark it as unsafe.
** However, allow TrustedUser to own it as well
** in case TrustedUser manipulates the queue.
*/
"_FFR_TRUSTED_QF",
#endif
#if _FFR_USE_GETPWNAM_ERRNO
/*
** See libsm/mbdb.c: only enable this on OSs
** that implement the correct (POSIX) semantics.
** This will need to become an OS-specific #if enabled
** in one of the headers files under include/sm/os/ .
*/
"_FFR_USE_GETPWNAM_ERRNO",
#endif
+#if _FFR_VRFY_TRUSTED_FIRST
+ /*
+ ** Sets X509_V_FLAG_TRUSTED_FIRST if -d88;.101 is used.
+ ** X509_VERIFY_PARAM_set_flags(3)
+ ** When X509_V_FLAG_TRUSTED_FIRST is set, construction of the
+ ** certificate chain in X509_verify_cert(3) will search the trust
+ ** store for issuer certificates before searching the provided
+ ** untrusted certificates. Local issuer certificates are often more
+ ** likely to satisfy local security requirements and lead to a locally
+ ** trusted root. This is especially important when some certificates
+ ** in the trust store have explicit trust settings (see "TRUST
+ ** SETTINGS" in x509(1)).
+ ** As of OpenSSL 1.1.0 this option is on by default.
+ */
+
+# if defined(X509_V_FLAG_TRUSTED_FIRST)
+ "_FFR_VRFY_TRUSTED_FIRST",
+# else
+# error "FFR_VRFY_TRUSTED_FIRST set but X509_V_FLAG_TRUSTED_FIRST not defined"
+# endif
+#endif
+
#if _FFR_USE_SEM_LOCKING
+ /* Use semaphore locking */
"_FFR_USE_SEM_LOCKING",
#endif
#if _FFR_USE_SETLOGIN
/* Use setlogin() */
/* Peter Philipp */
"_FFR_USE_SETLOGIN",
#endif
#if _FFR_XCNCT
+ /* X-Connect support */
"_FFR_XCNCT",
+#endif
+#if _FFR_EAI
+
+ /*
+ ** Initial/Partial/Experimental EAI (SMTPUTF8) support.
+ ** NOTE: This is currently BROKEN as the handling of
+ ** envelope addresses in sendmail is NOT 8-bit clean
+ ** (in contrast to header addresses/values).
+ ** Requires ICU include files and library depending on the OS.
+ ** Patch from Arnt Gulbrandsen.
+ */
+
+# if !ALLOW_255
+# ERROR FFR_EAI requires _ALLOW_255
+# endif
+# if _FFR_EIGHT_BIT_ADDR_OK
+# error "Cannot enable both of these FFRs: FFR_EAI FFR_EIGHT_BIT_ADDR_OK"
+# endif
+ "_FFR_EAI",
#endif
NULL
};
-
diff --git a/src/conf.h b/src/conf.h
index 54b1d09fc0ac..b5b368f48d68 100644
--- a/src/conf.h
+++ b/src/conf.h
@@ -1,243 +1,253 @@
/*
* Copyright (c) 1998-2002 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*
* $Id: conf.h,v 8.577 2013-11-22 20:51:55 ca Exp $
*/
/*
** CONF.H -- All user-configurable parameters for sendmail
**
-** Send updates to sendmail@Sendmail.ORG so they will be
-** included in the next release.
+** Send updates to sendmail-YYYY@support.sendmail.org
+** (replace YYYY with the current year)
+** so they will be included in the next release.
*/
#ifndef CONF_H
#define CONF_H 1
#ifdef __GNUC__
struct rusage; /* forward declaration to get gcc to shut up in wait.h */
-#endif /* __GNUC__ */
+#endif
# include <sys/param.h>
# include <sys/types.h>
# include <sys/stat.h>
# ifndef __QNX__
/* in QNX this grabs bogus LOCK_* manifests */
# include <sys/file.h>
-# endif /* ! __QNX__ */
+# endif
# include <sys/wait.h>
# include <limits.h>
# include <fcntl.h>
# include <signal.h>
# include <netdb.h>
# include <pwd.h>
# include <grp.h>
/* make sure TOBUFSIZ isn't larger than system limit for size of exec() args */
#ifdef ARG_MAX
# if ARG_MAX > 4096
# define SM_ARG_MAX 4096
-# else /* ARG_MAX > 4096 */
+# else
# define SM_ARG_MAX ARG_MAX
-# endif /* ARG_MAX > 4096 */
-#else /* ARG_MAX */
+# endif
+#else
# define SM_ARG_MAX 4096
-#endif /* ARG_MAX */
+#endif
/**********************************************************************
** Table sizes, etc....
** There shouldn't be much need to change these....
** If you do, be careful, none should be set anywhere near INT_MAX
**********************************************************************/
#define MAXLINE 2048 /* max line length */
#if SASL
# define MAXINPLINE 12288 /* max input line length (for AUTH) */
-#else /* SASL */
+#else
# define MAXINPLINE MAXLINE /* max input line length */
-#endif /* SASL */
+#endif
#define MAXNAME 256 /* max length of a name */
#ifndef MAXAUTHINFO
# define MAXAUTHINFO 100 /* max length of authinfo token */
-#endif /* ! MAXAUTHINFO */
+#endif
#define MAXPV 256 /* max # of parms to mailers */
#define MAXATOM 1000 /* max atoms per address */
#define MAXRWSETS 200 /* max # of sets of rewriting rules */
#define MAXPRIORITIES 25 /* max values for Precedence: field */
#define MAXMXHOSTS 100 /* max # of MX records for one host */
#define SMTPLINELIM 990 /* max SMTP line length */
#define MAXUDBKEY 128 /* max size of a database key (udb only) */
#define MAXKEY 1024 /* max size of a database key */
#define MEMCHUNKSIZE 1024 /* chunk size for memory allocation */
#define MAXUSERENVIRON 100 /* max envars saved, must be >= 3 */
#define MAXMAPSTACK 12 /* max # of stacked or sequenced maps */
#if MILTER
# define MAXFILTERS 25 /* max # of milter filters */
# define MAXFILTERMACROS 50 /* max # of macros per milter cmd */
-#endif /* MILTER */
+#endif
#define MAXSMTPARGS 20 /* max # of ESMTP args for MAIL/RCPT */
#define MAXTOCLASS 8 /* max # of message timeout classes */
#define MAXRESTOTYPES 3 /* max # of resolver timeout types */
#define MAXMIMEARGS 20 /* max args in Content-Type: */
#define MAXMIMENESTING 20 /* max MIME multipart nesting */
#define QUEUESEGSIZE 1000 /* increment for queue size */
#ifndef MAXNOOPCOMMANDS
# define MAXNOOPCOMMANDS 20 /* max "noise" commands before slowdown */
-#endif /* ! MAXNOOPCOMMANDS */
+#endif
/*
** MAXQFNAME == 2 (size of "qf", "df" prefix)
** + 8 (base 60 encoded date, time & sequence number)
** + 10 (base 10 encoded 32 bit process id)
** + 1 (terminating NUL character).
*/
#define MAXQFNAME 21 /* max qf file name length + 1 */
#define MACBUFSIZE 4096 /* max expanded macro buffer size */
#define TOBUFSIZE SM_ARG_MAX /* max buffer to hold address list */
#define MAXSHORTSTR 203 /* max short string length */
#define MAXMACNAMELEN 25 /* max macro name length */
#define MAXMACROID 0377 /* max macro id number */
/* Must match (BITMAPBITS - 1) */
#ifndef MAXHDRSLEN
# define MAXHDRSLEN (32 * 1024) /* max size of message headers */
-#endif /* ! MAXHDRSLEN */
+#endif
#ifndef MAXDAEMONS
# define MAXDAEMONS 10 /* max number of ports to listen to */
-#endif /* MAXDAEMONS */
+ /* XREF: conf.c: MAXDAEMONS != 10 */
+#endif
#ifndef MAXINTERFACES
# define MAXINTERFACES 512 /* number of interfaces to probe */
-#endif /* MAXINTERFACES */
+#endif
#ifndef MAXSYMLINKS
# define MAXSYMLINKS 32 /* max number of symlinks in a path */
-#endif /* ! MAXSYMLINKS */
+#endif
#define MAXLINKPATHLEN (MAXPATHLEN * MAXSYMLINKS) /* max link-expanded file */
#define DATA_PROGRESS_TIMEOUT 300 /* how often to check DATA progress */
#define ENHSCLEN 10 /* max len of enhanced status code */
#define DEFAULT_MAX_RCPT 100 /* max number of RCPTs per envelope */
#ifndef MAXQUEUEGROUPS
# define MAXQUEUEGROUPS 50 /* max # of queue groups */
/* must be less than BITMAPBITS for DoQueueRun */
-#endif /* MAXQUEUEGROUPS */
+#endif
#if MAXQUEUEGROUPS >= BITMAPBITS
ERROR _MAXQUEUEGROUPS must be less than _BITMAPBITS
-#endif /* MAXQUEUEGROUPS >= BITMAPBITS */
+#endif
#ifndef MAXWORKGROUPS
# define MAXWORKGROUPS 50 /* max # of work groups */
-#endif /* MAXWORKGROUPS */
+#endif
#define MAXFILESYS BITMAPBITS /* max # of queue file systems
* must be <= BITMAPBITS */
#ifndef FILESYS_UPDATE_INTERVAL
# define FILESYS_UPDATE_INTERVAL 300 /* how often to update FileSys table */
-#endif /* FILESYS_UPDATE_INTERVAL */
+#endif
#ifndef SM_DEFAULT_TTL
# define SM_DEFAULT_TTL 3600 /* default TTL for services that don't have one */
-#endif /* SM_DEFAULT_TTL */
+#endif
#if SASL
# ifndef AUTH_MECHANISMS
# if STARTTLS
# define AUTH_MECHANISMS "EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5"
-# else /* STARTTLS */
+# else
# define AUTH_MECHANISMS "GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5"
-# endif /* STARTTLS */
+# endif
# endif /* ! AUTH_MECHANISMS */
#endif /* SASL */
/*
** Default database permissions (alias, maps, etc.)
** Used by sendmail and libsmdb
*/
#ifndef DBMMODE
# define DBMMODE 0640
-#endif /* ! DBMMODE */
+#endif
/*
** Value which means a uid or gid value should not change
*/
#ifndef NO_UID
# define NO_UID -1
-#endif /* ! NO_UID */
+#endif
#ifndef NO_GID
# define NO_GID -1
-#endif /* ! NO_GID */
+#endif
/**********************************************************************
** Compilation options.
** #define these to 1 if they are available;
** #define them to 0 otherwise.
** All can be overridden from Makefile.
**********************************************************************/
#ifndef NETINET
# define NETINET 1 /* include internet support */
-#endif /* ! NETINET */
+#endif
#ifndef NETINET6
# define NETINET6 0 /* do not include IPv6 support */
-#endif /* ! NETINET6 */
+#endif
#ifndef NETISO
# define NETISO 0 /* do not include ISO socket support */
-#endif /* ! NETISO */
+#endif
#ifndef NAMED_BIND
# define NAMED_BIND 1 /* use Berkeley Internet Domain Server */
-#endif /* ! NAMED_BIND */
+#endif
#ifndef XDEBUG
# define XDEBUG 1 /* enable extended debugging */
-#endif /* ! XDEBUG */
+#endif
#ifndef MATCHGECOS
# define MATCHGECOS 1 /* match user names from gecos field */
-#endif /* ! MATCHGECOS */
+#endif
#ifndef DSN
# define DSN 1 /* include delivery status notification code */
-#endif /* ! DSN */
+#endif
#if !defined(USERDB) && (defined(NEWDB) || defined(HESIOD))
# define USERDB 1 /* look in user database */
-#endif /* !defined(USERDB) && (defined(NEWDB) || defined(HESIOD)) */
+#endif
#ifndef MIME8TO7
# define MIME8TO7 1 /* 8->7 bit MIME conversions */
-#endif /* ! MIME8TO7 */
+#endif
#ifndef MIME7TO8
# define MIME7TO8 1 /* 7->8 bit MIME conversions */
-#endif /* ! MIME7TO8 */
+#endif
#if NAMED_BIND
# ifndef DNSMAP
# define DNSMAP 1 /* DNS map type */
-# endif /* ! DNSMAP */
-#endif /* NAMED_BIND */
+# endif
+#endif
#ifndef PIPELINING
# define PIPELINING 1 /* SMTP PIPELINING */
-#endif /* PIPELINING */
+#endif
/**********************************************************************
** End of site-specific configuration.
**********************************************************************/
+#if CDB >= 2
+# define CDBEXT ".db"
+# define CDBext "db"
+#else
+# define CDBEXT ".cdb"
+# define CDBext "cdb"
+#endif
+
#include <sm/conf.h>
#endif /* ! CONF_H */
diff --git a/src/control.c b/src/control.c
index 254197389476..a6d8ad631335 100644
--- a/src/control.c
+++ b/src/control.c
@@ -1,431 +1,430 @@
/*
* Copyright (c) 1998-2004, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: control.c,v 8.130 2013-11-22 20:51:55 ca Exp $")
#include <sm/fdset.h>
/* values for cmd_code */
#define CMDERROR 0 /* bad command */
#define CMDRESTART 1 /* restart daemon */
#define CMDSHUTDOWN 2 /* end daemon */
#define CMDHELP 3 /* help */
#define CMDSTATUS 4 /* daemon status */
#define CMDMEMDUMP 5 /* dump memory, to find memory leaks */
#define CMDMSTAT 6 /* daemon status, more info, tagged data */
struct cmd
{
char *cmd_name; /* command name */
int cmd_code; /* internal code, see below */
};
static struct cmd CmdTab[] =
{
{ "help", CMDHELP },
{ "restart", CMDRESTART },
{ "shutdown", CMDSHUTDOWN },
{ "status", CMDSTATUS },
{ "memdump", CMDMEMDUMP },
{ "mstat", CMDMSTAT },
{ NULL, CMDERROR }
};
static void controltimeout __P((int));
int ControlSocket = -1;
/*
** OPENCONTROLSOCKET -- create/open the daemon control named socket
**
** Creates and opens a named socket for external control over
** the sendmail daemon.
**
** Parameters:
** none.
**
** Returns:
** 0 if successful, -1 otherwise
*/
int
opencontrolsocket()
{
# if NETUNIX
int save_errno;
int rval;
long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN;
struct sockaddr_un controladdr;
if (ControlSocketName == NULL || *ControlSocketName == '\0')
return 0;
if (strlen(ControlSocketName) >= sizeof(controladdr.sun_path))
{
errno = ENAMETOOLONG;
return -1;
}
rval = safefile(ControlSocketName, RunAsUid, RunAsGid, RunAsUserName,
sff, S_IRUSR|S_IWUSR, NULL);
/* if not safe, don't create */
if (rval != 0)
{
errno = rval;
return -1;
}
ControlSocket = socket(AF_UNIX, SOCK_STREAM, 0);
if (ControlSocket < 0)
return -1;
if (SM_FD_SETSIZE > 0 && ControlSocket >= SM_FD_SETSIZE)
{
clrcontrol();
errno = EINVAL;
return -1;
}
(void) unlink(ControlSocketName);
memset(&controladdr, '\0', sizeof(controladdr));
controladdr.sun_family = AF_UNIX;
(void) sm_strlcpy(controladdr.sun_path, ControlSocketName,
sizeof(controladdr.sun_path));
if (bind(ControlSocket, (struct sockaddr *) &controladdr,
sizeof(controladdr)) < 0)
{
save_errno = errno;
clrcontrol();
errno = save_errno;
return -1;
}
if (geteuid() == 0)
{
uid_t u = 0;
if (RunAsUid != 0)
u = RunAsUid;
else if (TrustedUid != 0)
u = TrustedUid;
if (u != 0 &&
chown(ControlSocketName, u, -1) < 0)
{
save_errno = errno;
sm_syslog(LOG_ALERT, NOQID,
"ownership change on %s to uid %d failed: %s",
ControlSocketName, (int) u,
sm_errstring(save_errno));
message("050 ownership change on %s to uid %d failed: %s",
ControlSocketName, (int) u,
sm_errstring(save_errno));
closecontrolsocket(true);
errno = save_errno;
return -1;
}
}
if (chmod(ControlSocketName, S_IRUSR|S_IWUSR) < 0)
{
save_errno = errno;
closecontrolsocket(true);
errno = save_errno;
return -1;
}
if (listen(ControlSocket, 8) < 0)
{
save_errno = errno;
closecontrolsocket(true);
errno = save_errno;
return -1;
}
# endif /* NETUNIX */
return 0;
}
/*
** CLOSECONTROLSOCKET -- close the daemon control named socket
**
** Close a named socket.
**
** Parameters:
** fullclose -- if set, close the socket and remove it;
** otherwise, just remove it
**
** Returns:
** none.
*/
void
closecontrolsocket(fullclose)
bool fullclose;
{
# if NETUNIX
long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN;
if (ControlSocket >= 0)
{
int rval;
if (fullclose)
{
(void) close(ControlSocket);
ControlSocket = -1;
}
rval = safefile(ControlSocketName, RunAsUid, RunAsGid,
RunAsUserName, sff, S_IRUSR|S_IWUSR, NULL);
/* if not safe, don't unlink */
if (rval != 0)
return;
if (unlink(ControlSocketName) < 0)
{
sm_syslog(LOG_WARNING, NOQID,
"Could not remove control socket: %s",
sm_errstring(errno));
return;
}
}
# endif /* NETUNIX */
return;
}
/*
** CLRCONTROL -- reset the control connection
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** releases any resources used by the control interface.
*/
void
clrcontrol()
{
# if NETUNIX
if (ControlSocket >= 0)
(void) close(ControlSocket);
ControlSocket = -1;
# endif /* NETUNIX */
}
/*
** CONTROL_COMMAND -- read and process command from named socket
**
** Read and process the command from the opened socket.
** Exits when done since it is running in a forked child.
**
** Parameters:
** sock -- the opened socket from getrequests()
** e -- the current envelope
**
** Returns:
** none.
*/
static jmp_buf CtxControlTimeout;
/* ARGSUSED0 */
static void
controltimeout(timeout)
int timeout;
{
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
errno = ETIMEDOUT;
longjmp(CtxControlTimeout, 1);
}
void
control_command(sock, e)
int sock;
ENVELOPE *e;
{
volatile int exitstat = EX_OK;
SM_FILE_T *s = NULL;
SM_EVENT *ev = NULL;
SM_FILE_T *traffic;
SM_FILE_T *oldout;
char *cmd;
char *p;
struct cmd *c;
char cmdbuf[MAXLINE];
char inp[MAXLINE];
sm_setproctitle(false, e, "control cmd read");
if (TimeOuts.to_control > 0)
{
/* handle possible input timeout */
if (setjmp(CtxControlTimeout) != 0)
{
if (LogLevel > 2)
sm_syslog(LOG_NOTICE, e->e_id,
"timeout waiting for input during control command");
exit(EX_IOERR);
}
ev = sm_setevent(TimeOuts.to_control, controltimeout,
TimeOuts.to_control);
}
s = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, (void *) &sock,
SM_IO_RDWR, NULL);
if (s == NULL)
{
int save_errno = errno;
(void) close(sock);
errno = save_errno;
exit(EX_IOERR);
}
(void) sm_io_setvbuf(s, SM_TIME_DEFAULT, NULL,
SM_IO_NBF, SM_IO_BUFSIZ);
if (sm_io_fgets(s, SM_TIME_DEFAULT, inp, sizeof(inp)) < 0)
{
(void) sm_io_close(s, SM_TIME_DEFAULT);
exit(EX_IOERR);
}
(void) sm_io_flush(s, SM_TIME_DEFAULT);
/* clean up end of line */
fixcrlf(inp, true);
sm_setproctitle(false, e, "control: %s", inp);
/* break off command */
- for (p = inp; isascii(*p) && isspace(*p); p++)
+ for (p = inp; SM_ISSPACE(*p); p++)
continue;
cmd = cmdbuf;
while (*p != '\0' &&
- !(isascii(*p) && isspace(*p)) &&
- cmd < &cmdbuf[sizeof(cmdbuf) - 2])
+ !(SM_ISSPACE(*p)) && cmd < &cmdbuf[sizeof(cmdbuf) - 2])
*cmd++ = *p++;
*cmd = '\0';
/* throw away leading whitespace */
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
/* decode command */
for (c = CmdTab; c->cmd_name != NULL; c++)
{
if (sm_strcasecmp(c->cmd_name, cmdbuf) == 0)
break;
}
switch (c->cmd_code)
{
case CMDHELP: /* get help */
traffic = TrafficLogFile;
TrafficLogFile = NULL;
oldout = OutChannel;
OutChannel = s;
help("control", e);
TrafficLogFile = traffic;
OutChannel = oldout;
break;
case CMDRESTART: /* restart the daemon */
(void) sm_io_fprintf(s, SM_TIME_DEFAULT, "OK\r\n");
exitstat = EX_RESTART;
break;
case CMDSHUTDOWN: /* kill the daemon */
(void) sm_io_fprintf(s, SM_TIME_DEFAULT, "OK\r\n");
exitstat = EX_SHUTDOWN;
break;
case CMDSTATUS: /* daemon status */
proc_list_probe();
{
int qgrp;
long bsize;
long free;
/* XXX need to deal with different partitions */
qgrp = e->e_qgrp;
if (!ISVALIDQGRP(qgrp))
qgrp = 0;
free = freediskspace(Queue[qgrp]->qg_qdir, &bsize);
/*
** Prevent overflow and don't lose
** precision (if bsize == 512)
*/
if (free > 0)
free = (long)((double) free *
((double) bsize / 1024));
(void) sm_io_fprintf(s, SM_TIME_DEFAULT,
"%d/%d/%ld/%d\r\n",
CurChildren, MaxChildren,
free, getla());
}
proc_list_display(s, "");
break;
case CMDMSTAT: /* daemon status, extended, tagged format */
proc_list_probe();
(void) sm_io_fprintf(s, SM_TIME_DEFAULT,
"C:%d\r\nM:%d\r\nL:%d\r\n",
CurChildren, MaxChildren,
getla());
printnqe(s, "Q:");
disk_status(s, "D:");
proc_list_display(s, "P:");
break;
case CMDMEMDUMP: /* daemon memory dump, to find memory leaks */
# if SM_HEAP_CHECK
/* dump the heap, if we are checking for memory leaks */
if (sm_debug_active(&SmHeapCheck, 2))
{
sm_heap_report(s, sm_debug_level(&SmHeapCheck) - 1);
}
else
{
(void) sm_io_fprintf(s, SM_TIME_DEFAULT,
"Memory dump unavailable.\r\n");
(void) sm_io_fprintf(s, SM_TIME_DEFAULT,
"To fix, run sendmail with -dsm_check_heap.4\r\n");
}
# else /* SM_HEAP_CHECK */
(void) sm_io_fprintf(s, SM_TIME_DEFAULT,
"Memory dump unavailable.\r\n");
(void) sm_io_fprintf(s, SM_TIME_DEFAULT,
"To fix, rebuild with -DSM_HEAP_CHECK\r\n");
# endif /* SM_HEAP_CHECK */
break;
case CMDERROR: /* unknown command */
(void) sm_io_fprintf(s, SM_TIME_DEFAULT,
"Bad command (%s)\r\n", cmdbuf);
break;
}
(void) sm_io_close(s, SM_TIME_DEFAULT);
if (ev != NULL)
sm_clrevent(ev);
exit(exitstat);
}
diff --git a/src/daemon.c b/src/daemon.c
index 42883658db89..19a937815cbd 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -1,4504 +1,4642 @@
/*
* Copyright (c) 1998-2007, 2009, 2010 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#include "map.h"
SM_RCSID("@(#)$Id: daemon.c,v 8.698 2013-11-22 20:51:55 ca Exp $")
#if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__)
# define USE_SOCK_STREAM 1
-#endif /* defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) */
+#endif
#if defined(USE_SOCK_STREAM)
# if NETINET || NETINET6
# include <arpa/inet.h>
-# endif /* NETINET || NETINET6 */
+# endif
# if NAMED_BIND
# ifndef NO_DATA
# define NO_DATA NO_ADDRESS
-# endif /* ! NO_DATA */
+# endif
# endif /* NAMED_BIND */
#endif /* defined(USE_SOCK_STREAM) */
#if STARTTLS
# include <openssl/rand.h>
-#endif /* STARTTLS */
+# if DANE
+# include "tls.h"
+# include "sm_resolve.h"
+# endif
+#endif
+
+#if NETINET6
+# define FREEHOSTENT(h, s) \
+ do \
+ { \
+ if ((h) != (s) && (h) != NULL) \
+ { \
+ freehostent((h)); \
+ (h) = NULL; \
+ } \
+ } while (0)
+#else
+# define FREEHOSTENT(h, s)
+#endif
#include <sm/time.h>
#if IP_SRCROUTE && NETINET
# include <netinet/in_systm.h>
# include <netinet/ip.h>
# if HAS_IN_H
# include <netinet/in.h>
# ifndef IPOPTION
# define IPOPTION ip_opts
# define IP_LIST ip_opts
# define IP_DST ip_dst
# endif /* ! IPOPTION */
# else /* HAS_IN_H */
# include <netinet/ip_var.h>
# ifndef IPOPTION
# define IPOPTION ipoption
# define IP_LIST ipopt_list
# define IP_DST ipopt_dst
# endif /* ! IPOPTION */
# endif /* HAS_IN_H */
#endif /* IP_SRCROUTE && NETINET */
#include <sm/fdset.h>
+#include <ratectrl.h>
+
#define DAEMON_C 1
#include <daemon.h>
static void connecttimeout __P((int));
static int opendaemonsocket __P((DAEMON_T *, bool));
static unsigned short setupdaemon __P((SOCKADDR *));
static void getrequests_checkdiskspace __P((ENVELOPE *e));
static void setsockaddroptions __P((char *, DAEMON_T *));
static void printdaemonflags __P((DAEMON_T *));
static int addr_family __P((char *));
static int addrcmp __P((struct hostent *, char *, SOCKADDR *));
static void authtimeout __P((int));
/*
** DAEMON.C -- routines to use when running as a daemon.
**
** This entire file is highly dependent on the 4.2 BSD
** interprocess communication primitives. No attempt has
** been made to make this file portable to Version 7,
** Version 6, MPX files, etc. If you should try such a
** thing yourself, I recommend chucking the entire file
** and starting from scratch. Basic semantics are:
**
** getrequests(e)
** Opens a port and initiates a connection.
** Returns in a child. Must set InChannel and
** OutChannel appropriately.
** clrdaemon()
** Close any open files associated with getting
** the connection; this is used when running the queue,
** etc., to avoid having extra file descriptors during
** the queue run and to avoid confusing the network
** code (if it cares).
** makeconnection(host, port, mci, e, enough)
** Make a connection to the named host on the given
** port. Returns zero on success, else an exit status
** describing the error.
** host_map_lookup(map, hbuf, avp, pstat)
** Convert the entry in hbuf into a canonical form.
*/
static int NDaemons = 0; /* actual number of daemons */
static time_t NextDiskSpaceCheck = 0;
/*
** GETREQUESTS -- open mail IPC port and get requests.
**
** Parameters:
** e -- the current envelope.
**
** Returns:
** pointer to flags.
**
** Side Effects:
** Waits until some interesting activity occurs. When
** it does, a child is created to process it, and the
** parent waits for completion. Return from this
** routine is always in the child. The file pointers
** "InChannel" and "OutChannel" should be set to point
** to the communication channel.
** May restart persistent queue runners if they have ended
** for some reason.
*/
BITMAP256 *
getrequests(e)
ENVELOPE *e;
{
int t;
int idx, curdaemon = -1;
int i, olddaemon = 0;
#if XDEBUG
bool j_has_dot;
-#endif /* XDEBUG */
+#endif
char status[MAXLINE];
SOCKADDR sa;
SOCKADDR_LEN_T len = sizeof(sa);
#if _FFR_QUEUE_RUN_PARANOIA
time_t lastrun;
-#endif /* _FFR_QUEUE_RUN_PARANOIA */
-# if NETUNIX
+#endif
+#if NETUNIX
extern int ControlSocket;
-# endif /* NETUNIX */
+#endif
extern ENVELOPE BlankEnvelope;
/* initialize data for function that generates queue ids */
init_qid_alg();
for (idx = 0; idx < NDaemons; idx++)
{
Daemons[idx].d_port = setupdaemon(&(Daemons[idx].d_addr));
Daemons[idx].d_firsttime = true;
Daemons[idx].d_refuse_connections_until = (time_t) 0;
}
/*
** Try to actually open the connection.
*/
if (tTd(15, 1))
{
for (idx = 0; idx < NDaemons; idx++)
{
sm_dprintf("getrequests: daemon %s: port %d\n",
Daemons[idx].d_name,
ntohs(Daemons[idx].d_port));
}
}
/* get a socket for the SMTP connection */
for (idx = 0; idx < NDaemons; idx++)
Daemons[idx].d_socksize = opendaemonsocket(&Daemons[idx], true);
if (opencontrolsocket() < 0)
sm_syslog(LOG_WARNING, NOQID,
"daemon could not open control socket %s: %s",
ControlSocketName, sm_errstring(errno));
/* If there are any queue runners released reapchild() co-ord's */
(void) sm_signal(SIGCHLD, reapchild);
/* write the pid to file, command line args to syslog */
log_sendmail_pid(e);
#if XDEBUG
{
char jbuf[MAXHOSTNAMELEN];
expand("\201j", jbuf, sizeof(jbuf), e);
j_has_dot = strchr(jbuf, '.') != NULL;
}
#endif /* XDEBUG */
/* Add parent process as first item */
proc_list_add(CurrentPid, "Sendmail daemon", PROC_DAEMON, 0, -1, NULL);
if (tTd(15, 1))
{
for (idx = 0; idx < NDaemons; idx++)
sm_dprintf("getrequests: daemon %s: socket %d\n",
Daemons[idx].d_name,
Daemons[idx].d_socket);
}
for (;;)
{
register pid_t pid;
auto SOCKADDR_LEN_T lotherend;
bool timedout = false;
bool control = false;
int save_errno;
int pipefd[2];
time_t now;
#if STARTTLS
long seed;
-#endif /* STARTTLS */
+#endif
/* see if we are rejecting connections */
(void) sm_blocksignal(SIGALRM);
CHECK_RESTART;
for (idx = 0; idx < NDaemons; idx++)
{
/*
** XXX do this call outside the loop?
** no: refuse_connections may sleep().
*/
now = curtime();
if (now < Daemons[idx].d_refuse_connections_until)
continue;
if (bitnset(D_DISABLE, Daemons[idx].d_flags))
continue;
if (refuseconnections(e, idx, curdaemon == idx))
{
if (Daemons[idx].d_socket >= 0)
{
/* close socket so peer fails quickly */
(void) close(Daemons[idx].d_socket);
Daemons[idx].d_socket = -1;
}
/* refuse connections for next 15 seconds */
Daemons[idx].d_refuse_connections_until = now + 15;
}
else if (Daemons[idx].d_socket < 0 ||
Daemons[idx].d_firsttime)
{
if (!Daemons[idx].d_firsttime && LogLevel > 8)
sm_syslog(LOG_INFO, NOQID,
"accepting connections again for daemon %s",
Daemons[idx].d_name);
/* arrange to (re)open the socket if needed */
(void) opendaemonsocket(&Daemons[idx], false);
Daemons[idx].d_firsttime = false;
}
}
/* May have been sleeping above, check again */
CHECK_RESTART;
getrequests_checkdiskspace(e);
#if XDEBUG
/* check for disaster */
{
char jbuf[MAXHOSTNAMELEN];
expand("\201j", jbuf, sizeof(jbuf), e);
if (!wordinclass(jbuf, 'w'))
{
dumpstate("daemon lost $j");
sm_syslog(LOG_ALERT, NOQID,
"daemon process doesn't have $j in $=w; see syslog");
abort();
}
else if (j_has_dot && strchr(jbuf, '.') == NULL)
{
dumpstate("daemon $j lost dot");
sm_syslog(LOG_ALERT, NOQID,
"daemon process $j lost dot; see syslog");
abort();
}
}
#endif /* XDEBUG */
#if 0
/*
** Andrew Sun <asun@ieps-sun.ml.com> claims that this will
** fix the SVr4 problem. But it seems to have gone away,
** so is it worth doing this?
*/
if (DaemonSocket >= 0 &&
SetNonBlocking(DaemonSocket, false) < 0)
log an error here;
#endif /* 0 */
(void) sm_releasesignal(SIGALRM);
for (;;)
{
bool setproc = false;
int highest = -1;
fd_set readfds;
struct timeval timeout;
CHECK_RESTART;
FD_ZERO(&readfds);
for (idx = 0; idx < NDaemons; idx++)
{
/* wait for a connection */
if (Daemons[idx].d_socket >= 0)
{
if (!setproc &&
!bitnset(D_ETRNONLY,
Daemons[idx].d_flags))
{
sm_setproctitle(true, e,
"accepting connections");
setproc = true;
}
if (Daemons[idx].d_socket > highest)
highest = Daemons[idx].d_socket;
SM_FD_SET(Daemons[idx].d_socket,
&readfds);
}
}
#if NETUNIX
if (ControlSocket >= 0)
{
if (ControlSocket > highest)
highest = ControlSocket;
SM_FD_SET(ControlSocket, &readfds);
}
#endif /* NETUNIX */
timeout.tv_sec = 5;
timeout.tv_usec = 0;
t = select(highest + 1, FDSET_CAST &readfds,
NULL, NULL, &timeout);
/* Did someone signal while waiting? */
CHECK_RESTART;
curdaemon = -1;
if (doqueuerun())
{
(void) runqueue(true, false, false, false);
#if _FFR_QUEUE_RUN_PARANOIA
lastrun = now;
-#endif /* _FFR_QUEUE_RUN_PARANOIA */
+#endif
}
#if _FFR_QUEUE_RUN_PARANOIA
else if (CheckQueueRunners > 0 && QueueIntvl > 0 &&
lastrun + QueueIntvl + CheckQueueRunners < now)
{
/*
** set lastrun unconditionally to avoid
** calling checkqueuerunner() all the time.
** That's also why we currently ignore the
** result of the function call.
*/
(void) checkqueuerunner();
lastrun = now;
}
#endif /* _FFR_QUEUE_RUN_PARANOIA */
if (t <= 0)
{
timedout = true;
break;
}
control = false;
errno = 0;
/* look "round-robin" for an active socket */
if ((idx = olddaemon + 1) >= NDaemons)
idx = 0;
for (i = 0; i < NDaemons; i++)
{
if (Daemons[idx].d_socket >= 0 &&
SM_FD_ISSET(Daemons[idx].d_socket,
&readfds))
{
lotherend = Daemons[idx].d_socksize;
memset(&RealHostAddr, '\0',
sizeof(RealHostAddr));
t = accept(Daemons[idx].d_socket,
(struct sockaddr *)&RealHostAddr,
&lotherend);
/*
** If remote side closes before
** accept() finishes, sockaddr
** might not be fully filled in.
*/
if (t >= 0 &&
(lotherend == 0 ||
-# ifdef BSD4_4_SOCKADDR
+#ifdef BSD4_4_SOCKADDR
RealHostAddr.sa.sa_len == 0 ||
-# endif /* BSD4_4_SOCKADDR */
+#endif
RealHostAddr.sa.sa_family != Daemons[idx].d_addr.sa.sa_family))
{
(void) close(t);
t = -1;
errno = EINVAL;
}
olddaemon = curdaemon = idx;
break;
}
if (++idx >= NDaemons)
idx = 0;
}
#if NETUNIX
if (curdaemon == -1 && ControlSocket >= 0 &&
SM_FD_ISSET(ControlSocket, &readfds))
{
struct sockaddr_un sa_un;
lotherend = sizeof(sa_un);
memset(&sa_un, '\0', sizeof(sa_un));
t = accept(ControlSocket,
(struct sockaddr *)&sa_un,
&lotherend);
/*
** If remote side closes before
** accept() finishes, sockaddr
** might not be fully filled in.
*/
if (t >= 0 &&
(lotherend == 0 ||
# ifdef BSD4_4_SOCKADDR
sa_un.sun_len == 0 ||
-# endif /* BSD4_4_SOCKADDR */
+# endif
sa_un.sun_family != AF_UNIX))
{
(void) close(t);
t = -1;
errno = EINVAL;
}
if (t >= 0)
control = true;
}
#else /* NETUNIX */
if (curdaemon == -1)
{
/* No daemon to service */
continue;
}
#endif /* NETUNIX */
if (t >= 0 || errno != EINTR)
break;
}
if (timedout)
{
timedout = false;
continue;
}
save_errno = errno;
(void) sm_blocksignal(SIGALRM);
if (t < 0)
{
errno = save_errno;
/* let's ignore these temporary errors */
if (save_errno == EINTR
#ifdef EAGAIN
|| save_errno == EAGAIN
-#endif /* EAGAIN */
+#endif
#ifdef ECONNABORTED
|| save_errno == ECONNABORTED
-#endif /* ECONNABORTED */
+#endif
#ifdef EWOULDBLOCK
|| save_errno == EWOULDBLOCK
-#endif /* EWOULDBLOCK */
+#endif
)
continue;
syserr("getrequests: accept");
if (curdaemon >= 0)
{
/* arrange to re-open socket next time around */
(void) close(Daemons[curdaemon].d_socket);
Daemons[curdaemon].d_socket = -1;
#if SO_REUSEADDR_IS_BROKEN
/*
** Give time for bound socket to be released.
** This creates a denial-of-service if you can
** force accept() to fail on affected systems.
*/
Daemons[curdaemon].d_refuse_connections_until =
curtime() + 15;
#endif /* SO_REUSEADDR_IS_BROKEN */
}
continue;
}
if (!control)
{
/* set some daemon related macros */
switch (Daemons[curdaemon].d_addr.sa.sa_family)
{
case AF_UNSPEC:
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_family}"), "unspec");
break;
#if NETUNIX
case AF_UNIX:
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_family}"), "local");
break;
-#endif /* NETUNIX */
+#endif
#if NETINET
case AF_INET:
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_family}"), "inet");
break;
-#endif /* NETINET */
+#endif
#if NETINET6
case AF_INET6:
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_family}"), "inet6");
break;
-#endif /* NETINET6 */
+#endif
#if NETISO
case AF_ISO:
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_family}"), "iso");
break;
-#endif /* NETISO */
+#endif
#if NETNS
case AF_NS:
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_family}"), "ns");
break;
-#endif /* NETNS */
+#endif
#if NETX25
case AF_CCITT:
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_family}"), "x.25");
break;
-#endif /* NETX25 */
+#endif
}
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_name}"),
Daemons[curdaemon].d_name);
if (Daemons[curdaemon].d_mflags != NULL)
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_flags}"),
Daemons[curdaemon].d_mflags);
else
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_flags}"), "");
}
/*
** If connection rate is exceeded here, connection shall be
** refused later by a new call after fork() by the
** validate_connection() function. Closing the connection
** at this point violates RFC 2821.
** Do NOT remove this call, its side effects are needed.
*/
connection_rate_check(&RealHostAddr, NULL);
/*
** Create a subprocess to process the mail.
*/
if (tTd(15, 2))
sm_dprintf("getrequests: forking (fd = %d)\n", t);
/*
** Advance state of PRNG.
** This is necessary because otherwise all child processes
** will produce the same PRN sequence and hence the selection
** of a queue directory (and other things, e.g., MX selection)
** are not "really" random.
*/
#if STARTTLS
/* XXX get some better "random" data? */
seed = get_random();
RAND_seed((void *) &NextDiskSpaceCheck,
sizeof(NextDiskSpaceCheck));
RAND_seed((void *) &now, sizeof(now));
RAND_seed((void *) &seed, sizeof(seed));
#else /* STARTTLS */
(void) get_random();
#endif /* STARTTLS */
#if NAMED_BIND
/*
** Update MX records for FallbackMX.
** Let's hope this is fast otherwise we screw up the
** response time.
*/
if (FallbackMX != NULL)
(void) getfallbackmxrr(FallbackMX);
#endif /* NAMED_BIND */
if (tTd(93, 100))
{
/* don't fork, handle connection in this process */
pid = 0;
pipefd[0] = pipefd[1] = -1;
}
else
{
/*
** Create a pipe to keep the child from writing to
** the socket until after the parent has closed
** it. Otherwise the parent may hang if the child
** has closed it first.
*/
if (pipe(pipefd) < 0)
pipefd[0] = pipefd[1] = -1;
(void) sm_blocksignal(SIGCHLD);
pid = fork();
if (pid < 0)
{
syserr("daemon: cannot fork");
if (pipefd[0] != -1)
{
(void) close(pipefd[0]);
(void) close(pipefd[1]);
}
(void) sm_releasesignal(SIGCHLD);
(void) sleep(10);
(void) close(t);
continue;
}
}
if (pid == 0)
{
char *p;
SM_FILE_T *inchannel, *outchannel = NULL;
/*
** CHILD -- return to caller.
** Collect verified idea of sending host.
** Verify calling user id if possible here.
*/
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
CurrentPid = getpid();
close_sendmail_pid();
(void) sm_releasesignal(SIGALRM);
(void) sm_releasesignal(SIGCHLD);
(void) sm_signal(SIGCHLD, SIG_DFL);
(void) sm_signal(SIGHUP, SIG_DFL);
(void) sm_signal(SIGTERM, intsig);
/* turn on profiling */
/* SM_PROF(0); */
/*
** Initialize exception stack and default exception
** handler for child process.
*/
sm_exc_newthread(fatal_error);
if (!control)
{
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{daemon_addr}"),
anynet_ntoa(&Daemons[curdaemon].d_addr));
(void) sm_snprintf(status, sizeof(status), "%d",
ntohs(Daemons[curdaemon].d_port));
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{daemon_port}"), status);
}
for (idx = 0; idx < NDaemons; idx++)
{
if (Daemons[idx].d_socket >= 0)
(void) close(Daemons[idx].d_socket);
Daemons[idx].d_socket = -1;
}
clrcontrol();
/* Avoid SMTP daemon actions if control command */
if (control)
{
/* Add control socket process */
proc_list_add(CurrentPid,
"console socket child",
PROC_CONTROL_CHILD, 0, -1, NULL);
}
else
{
proc_list_clear();
/* clean up background delivery children */
(void) sm_signal(SIGCHLD, reapchild);
/* Add parent process as first child item */
proc_list_add(CurrentPid, "daemon child",
PROC_DAEMON_CHILD, 0, -1, NULL);
/* don't schedule queue runs if ETRN */
QueueIntvl = 0;
/*
** Hack: override global variables if
** the corresponding DaemonPortOption
** is set.
*/
#if _FFR_SS_PER_DAEMON
if (Daemons[curdaemon].d_supersafe !=
DPO_NOTSET)
SuperSafe = Daemons[curdaemon].
d_supersafe;
#endif /* _FFR_SS_PER_DAEMON */
if (Daemons[curdaemon].d_dm != DM_NOTSET)
set_delivery_mode(
Daemons[curdaemon].d_dm, e);
if (Daemons[curdaemon].d_refuseLA !=
DPO_NOTSET)
RefuseLA = Daemons[curdaemon].
d_refuseLA;
if (Daemons[curdaemon].d_queueLA != DPO_NOTSET)
QueueLA = Daemons[curdaemon].d_queueLA;
if (Daemons[curdaemon].d_delayLA != DPO_NOTSET)
DelayLA = Daemons[curdaemon].d_delayLA;
if (Daemons[curdaemon].d_maxchildren !=
DPO_NOTSET)
MaxChildren = Daemons[curdaemon].
d_maxchildren;
sm_setproctitle(true, e, "startup with %s",
anynet_ntoa(&RealHostAddr));
}
if (pipefd[0] != -1)
{
auto char c;
/*
** Wait for the parent to close the write end
** of the pipe, which we will see as an EOF.
** This guarantees that we won't write to the
** socket until after the parent has closed
** the pipe.
*/
/* close the write end of the pipe */
(void) close(pipefd[1]);
/* we shouldn't be interrupted, but ... */
while (read(pipefd[0], &c, 1) < 0 &&
errno == EINTR)
continue;
(void) close(pipefd[0]);
}
/* control socket processing */
if (control)
{
control_command(t, e);
/* NOTREACHED */
exit(EX_SOFTWARE);
}
/* determine host name */
p = hostnamebyanyaddr(&RealHostAddr);
if (strlen(p) > MAXNAME) /* XXX - 1 ? */
p[MAXNAME] = '\0';
RealHostName = newstr(p);
if (RealHostName[0] == '[')
{
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{client_resolve}"),
h_errno == TRY_AGAIN ? "TEMP" : "FAIL");
}
else
{
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{client_resolve}"), "OK");
}
sm_setproctitle(true, e, "startup with %s", p);
markstats(e, NULL, STATS_CONNECT);
if ((inchannel = sm_io_open(SmFtStdiofd,
SM_TIME_DEFAULT,
(void *) &t,
SM_IO_RDONLY_B,
NULL)) == NULL ||
(t = dup(t)) < 0 ||
(outchannel = sm_io_open(SmFtStdiofd,
SM_TIME_DEFAULT,
(void *) &t,
SM_IO_WRONLY_B,
NULL)) == NULL)
{
syserr("cannot open SMTP server channel, fd=%d",
t);
finis(false, true, EX_OK);
}
sm_io_automode(inchannel, outchannel);
InChannel = inchannel;
OutChannel = outchannel;
DisConnected = false;
#if _FFR_XCNCT
t = xconnect(inchannel);
if (t <= 0)
{
clrbitn(D_XCNCT, Daemons[curdaemon].d_flags);
clrbitn(D_XCNCT_M, Daemons[curdaemon].d_flags);
}
else
setbitn(t, Daemons[curdaemon].d_flags);
#endif /* _FFR_XCNCT */
#if XLA
if (!xla_host_ok(RealHostName))
{
message("421 4.4.5 Too many SMTP sessions for this host");
finis(false, true, EX_OK);
}
#endif /* XLA */
/* find out name for interface of connection */
if (getsockname(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
NULL), &sa.sa, &len) == 0)
{
p = hostnamebyanyaddr(&sa);
if (tTd(15, 9))
sm_dprintf("getreq: got name %s\n", p);
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{if_name}"), p);
/*
** Do this only if it is not the loopback
** interface.
*/
if (!isloopback(sa))
{
char *addr;
char family[5];
addr = anynet_ntoa(&sa);
(void) sm_snprintf(family,
sizeof(family),
"%d", sa.sa.sa_family);
macdefine(&BlankEnvelope.e_macro,
A_TEMP,
macid("{if_addr}"), addr);
macdefine(&BlankEnvelope.e_macro,
A_TEMP,
macid("{if_family}"), family);
if (tTd(15, 7))
sm_dprintf("getreq: got addr %s and family %s\n",
addr, family);
}
else
{
macdefine(&BlankEnvelope.e_macro,
A_PERM,
macid("{if_addr}"), NULL);
macdefine(&BlankEnvelope.e_macro,
A_PERM,
macid("{if_family}"), NULL);
}
}
else
{
if (tTd(15, 7))
sm_dprintf("getreq: getsockname failed\n");
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{if_name}"), NULL);
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{if_addr}"), NULL);
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{if_family}"), NULL);
}
break;
}
/* parent -- keep track of children */
if (control)
{
(void) sm_snprintf(status, sizeof(status),
"control socket server child");
proc_list_add(pid, status, PROC_CONTROL, 0, -1, NULL);
}
else
{
(void) sm_snprintf(status, sizeof(status),
"SMTP server child for %s",
anynet_ntoa(&RealHostAddr));
proc_list_add(pid, status, PROC_DAEMON, 0, -1,
&RealHostAddr);
}
(void) sm_releasesignal(SIGCHLD);
/* close the read end of the synchronization pipe */
if (pipefd[0] != -1)
{
(void) close(pipefd[0]);
pipefd[0] = -1;
}
/* close the port so that others will hang (for a while) */
(void) close(t);
/* release the child by closing the read end of the sync pipe */
if (pipefd[1] != -1)
{
(void) close(pipefd[1]);
pipefd[1] = -1;
}
}
if (tTd(15, 2))
sm_dprintf("getreq: returning\n");
#if MILTER
/* set the filters for this daemon */
if (Daemons[curdaemon].d_inputfilterlist != NULL)
{
for (i = 0;
(i < MAXFILTERS &&
Daemons[curdaemon].d_inputfilters[i] != NULL);
i++)
{
InputFilters[i] = Daemons[curdaemon].d_inputfilters[i];
}
if (i < MAXFILTERS)
InputFilters[i] = NULL;
}
#endif /* MILTER */
return &Daemons[curdaemon].d_flags;
}
/*
** GETREQUESTS_CHECKDISKSPACE -- check available diskspace.
**
** Parameters:
** e -- envelope.
**
** Returns:
** none.
**
** Side Effects:
** Modifies Daemon flags (D_ETRNONLY) if not enough disk space.
*/
static void
getrequests_checkdiskspace(e)
ENVELOPE *e;
{
bool logged = false;
int idx;
time_t now;
now = curtime();
if (now < NextDiskSpaceCheck)
return;
/* Check if there is available disk space in all queue groups. */
if (!enoughdiskspace(0, NULL))
{
for (idx = 0; idx < NDaemons; ++idx)
{
if (bitnset(D_ETRNONLY, Daemons[idx].d_flags))
continue;
/* log only if not logged before */
if (!logged)
{
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID,
"rejecting new messages: min free: %ld",
MinBlocksFree);
sm_setproctitle(true, e,
"rejecting new messages: min free: %ld",
MinBlocksFree);
logged = true;
}
setbitn(D_ETRNONLY, Daemons[idx].d_flags);
}
}
else
{
for (idx = 0; idx < NDaemons; ++idx)
{
if (!bitnset(D_ETRNONLY, Daemons[idx].d_flags))
continue;
/* log only if not logged before */
if (!logged)
{
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID,
"accepting new messages (again)");
logged = true;
}
/* title will be set later */
clrbitn(D_ETRNONLY, Daemons[idx].d_flags);
}
}
/* only check disk space once a minute */
NextDiskSpaceCheck = now + 60;
}
/*
** OPENDAEMONSOCKET -- open SMTP socket
**
** Deals with setting all appropriate options.
**
** Parameters:
** d -- the structure for the daemon to open.
** firsttime -- set if this is the initial open.
**
** Returns:
** Size in bytes of the daemon socket addr.
**
** Side Effects:
** Leaves DaemonSocket set to the open socket.
** Exits if the socket cannot be created.
*/
#define MAXOPENTRIES 10 /* maximum number of tries to open connection */
static int
opendaemonsocket(d, firsttime)
DAEMON_T *d;
bool firsttime;
{
int on = 1;
int fdflags;
SOCKADDR_LEN_T socksize = 0;
int ntries = 0;
int save_errno;
if (tTd(15, 2))
sm_dprintf("opendaemonsocket(%s)\n", d->d_name);
do
{
if (ntries > 0)
(void) sleep(5);
if (firsttime || d->d_socket < 0)
{
#if NETUNIX
if (d->d_addr.sa.sa_family == AF_UNIX)
{
int rval;
long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_ROOTOK|SFF_EXECOK|SFF_CREAT;
/* if not safe, don't use it */
rval = safefile(d->d_addr.sunix.sun_path,
RunAsUid, RunAsGid,
RunAsUserName, sff,
S_IRUSR|S_IWUSR, NULL);
if (rval != 0)
{
save_errno = errno;
syserr("opendaemonsocket: daemon %s: unsafe domain socket %s",
d->d_name,
d->d_addr.sunix.sun_path);
goto fail;
}
/* Don't try to overtake an existing socket */
(void) unlink(d->d_addr.sunix.sun_path);
}
#endif /* NETUNIX */
d->d_socket = socket(d->d_addr.sa.sa_family,
SOCK_STREAM, 0);
if (d->d_socket < 0)
{
save_errno = errno;
syserr("opendaemonsocket: daemon %s: can't create server SMTP socket",
d->d_name);
fail:
if (bitnset(D_OPTIONAL, d->d_flags) &&
(!transienterror(save_errno) ||
ntries >= MAXOPENTRIES - 1))
{
syserr("opendaemonsocket: daemon %s: optional socket disabled",
d->d_name);
setbitn(D_DISABLE, d->d_flags);
d->d_socket = -1;
return -1;
}
severe:
if (LogLevel > 0)
sm_syslog(LOG_ALERT, NOQID,
"daemon %s: problem creating SMTP socket",
d->d_name);
d->d_socket = -1;
continue;
}
if (!SM_FD_OK_SELECT(d->d_socket))
{
save_errno = EINVAL;
syserr("opendaemonsocket: daemon %s: server SMTP socket (%d) too large",
d->d_name, d->d_socket);
goto fail;
}
/* turn on network debugging? */
if (tTd(15, 101))
(void) setsockopt(d->d_socket, SOL_SOCKET,
SO_DEBUG, (char *)&on,
sizeof(on));
(void) setsockopt(d->d_socket, SOL_SOCKET,
SO_REUSEADDR, (char *)&on, sizeof(on));
(void) setsockopt(d->d_socket, SOL_SOCKET,
SO_KEEPALIVE, (char *)&on, sizeof(on));
#ifdef SO_RCVBUF
if (d->d_tcprcvbufsize > 0)
{
if (setsockopt(d->d_socket, SOL_SOCKET,
SO_RCVBUF,
(char *) &d->d_tcprcvbufsize,
sizeof(d->d_tcprcvbufsize)) < 0)
syserr("opendaemonsocket: daemon %s: setsockopt(SO_RCVBUF)", d->d_name);
}
#endif /* SO_RCVBUF */
#ifdef SO_SNDBUF
if (d->d_tcpsndbufsize > 0)
{
if (setsockopt(d->d_socket, SOL_SOCKET,
SO_SNDBUF,
(char *) &d->d_tcpsndbufsize,
sizeof(d->d_tcpsndbufsize)) < 0)
syserr("opendaemonsocket: daemon %s: setsockopt(SO_SNDBUF)", d->d_name);
}
#endif /* SO_SNDBUF */
if ((fdflags = fcntl(d->d_socket, F_GETFD, 0)) == -1 ||
fcntl(d->d_socket, F_SETFD,
fdflags | FD_CLOEXEC) == -1)
{
save_errno = errno;
syserr("opendaemonsocket: daemon %s: failed to %s close-on-exec flag: %s",
d->d_name,
fdflags == -1 ? "get" : "set",
sm_errstring(save_errno));
(void) close(d->d_socket);
goto severe;
}
switch (d->d_addr.sa.sa_family)
{
#ifdef NETUNIX
case AF_UNIX:
socksize = sizeof(d->d_addr.sunix);
break;
-#endif /* NETUNIX */
+#endif
#if NETINET
case AF_INET:
socksize = sizeof(d->d_addr.sin);
break;
-#endif /* NETINET */
+#endif
#if NETINET6
case AF_INET6:
socksize = sizeof(d->d_addr.sin6);
break;
-#endif /* NETINET6 */
+#endif
#if NETISO
case AF_ISO:
socksize = sizeof(d->d_addr.siso);
break;
-#endif /* NETISO */
+#endif
default:
socksize = sizeof(d->d_addr);
break;
}
if (bind(d->d_socket, &d->d_addr.sa, socksize) < 0)
{
/* probably another daemon already */
save_errno = errno;
syserr("opendaemonsocket: daemon %s: cannot bind",
d->d_name);
(void) close(d->d_socket);
goto fail;
}
}
if (!firsttime &&
listen(d->d_socket, d->d_listenqueue) < 0)
{
save_errno = errno;
syserr("opendaemonsocket: daemon %s: cannot listen",
d->d_name);
(void) close(d->d_socket);
goto severe;
}
return socksize;
} while (ntries++ < MAXOPENTRIES && transienterror(save_errno));
syserr("!opendaemonsocket: daemon %s: server SMTP socket wedged: exiting",
d->d_name);
/* NOTREACHED */
return -1; /* avoid compiler warning on IRIX */
}
/*
** SETUPDAEMON -- setup socket for daemon
**
** Parameters:
** daemonaddr -- socket for daemon
**
** Returns:
** port number on which daemon should run
**
*/
static unsigned short
setupdaemon(daemonaddr)
SOCKADDR *daemonaddr;
{
unsigned short port;
/*
** Set up the address for the mailer.
*/
if (daemonaddr->sa.sa_family == AF_UNSPEC)
{
memset(daemonaddr, '\0', sizeof(*daemonaddr));
#if NETINET
daemonaddr->sa.sa_family = AF_INET;
-#endif /* NETINET */
+#endif
}
switch (daemonaddr->sa.sa_family)
{
#if NETINET
case AF_INET:
if (daemonaddr->sin.sin_addr.s_addr == 0)
daemonaddr->sin.sin_addr.s_addr =
LocalDaemon ? htonl(INADDR_LOOPBACK) : INADDR_ANY;
port = daemonaddr->sin.sin_port;
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
if (IN6_IS_ADDR_UNSPECIFIED(&daemonaddr->sin6.sin6_addr))
daemonaddr->sin6.sin6_addr =
(LocalDaemon && V6LoopbackAddrFound) ?
in6addr_loopback : in6addr_any;
port = daemonaddr->sin6.sin6_port;
break;
#endif /* NETINET6 */
default:
/* unknown protocol */
port = 0;
break;
}
if (port == 0)
{
#ifdef NO_GETSERVBYNAME
port = htons(25);
#else /* NO_GETSERVBYNAME */
{
register struct servent *sp;
sp = getservbyname("smtp", "tcp");
if (sp == NULL)
{
syserr("554 5.3.5 service \"smtp\" unknown");
port = htons(25);
}
else
port = sp->s_port;
}
#endif /* NO_GETSERVBYNAME */
}
switch (daemonaddr->sa.sa_family)
{
#if NETINET
case AF_INET:
daemonaddr->sin.sin_port = port;
break;
-#endif /* NETINET */
+#endif
#if NETINET6
case AF_INET6:
daemonaddr->sin6.sin6_port = port;
break;
-#endif /* NETINET6 */
+#endif
default:
/* unknown protocol */
break;
}
return port;
}
/*
** CLRDAEMON -- reset the daemon connection
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** releases any resources used by the passive daemon.
*/
void
clrdaemon()
{
int i;
for (i = 0; i < NDaemons; i++)
{
if (Daemons[i].d_socket >= 0)
(void) close(Daemons[i].d_socket);
Daemons[i].d_socket = -1;
}
}
/*
** GETMODIFIERS -- get modifier flags
**
** Parameters:
** v -- the modifiers (input text line).
** modifiers -- pointer to flag field to represent modifiers.
**
** Returns:
** (xallocat()ed) string representation of modifiers.
**
** Side Effects:
** fills in modifiers.
*/
char *
getmodifiers(v, modifiers)
char *v;
BITMAP256 modifiers;
{
int l;
char *h, *f, *flags;
/* maximum length of flags: upper case Option -> "OO " */
l = 3 * strlen(v) + 3;
/* is someone joking? */
if (l < 0 || l > 256)
{
if (LogLevel > 2)
sm_syslog(LOG_ERR, NOQID,
"getmodifiers too long, ignored");
return NULL;
}
flags = xalloc(l);
f = flags;
clrbitmap(modifiers);
for (h = v; *h != '\0'; h++)
{
if (isascii(*h) && !isspace(*h) && isprint(*h))
{
setbitn(*h, modifiers);
if (flags != f)
*flags++ = ' ';
*flags++ = *h;
if (isupper(*h))
*flags++ = *h;
}
}
*flags++ = '\0';
return f;
}
/*
** CHKDAEMONMODIFIERS -- check whether all daemons have set a flag.
**
** Parameters:
** flag -- the flag to test.
**
** Returns:
** true iff all daemons have set flag.
*/
bool
chkdaemonmodifiers(flag)
int flag;
{
int i;
for (i = 0; i < NDaemons; i++)
if (!bitnset((char) flag, Daemons[i].d_flags))
return false;
return true;
}
/*
** SETSOCKADDROPTIONS -- set options for SOCKADDR (daemon or client)
**
** Parameters:
** p -- the options line.
** d -- the daemon structure to fill in.
**
** Returns:
** none.
*/
static void
setsockaddroptions(p, d)
char *p;
DAEMON_T *d;
{
#if NETISO
short portno;
-#endif /* NETISO */
+#endif
char *port = NULL;
char *addr = NULL;
#if NETINET
if (d->d_addr.sa.sa_family == AF_UNSPEC)
d->d_addr.sa.sa_family = AF_INET;
-#endif /* NETINET */
+#endif
#if _FFR_SS_PER_DAEMON
d->d_supersafe = DPO_NOTSET;
-#endif /* _FFR_SS_PER_DAEMON */
+#endif
d->d_dm = DM_NOTSET;
d->d_refuseLA = DPO_NOTSET;
d->d_queueLA = DPO_NOTSET;
d->d_delayLA = DPO_NOTSET;
d->d_maxchildren = DPO_NOTSET;
while (p != NULL)
{
register char *f;
register char *v;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p == '\0')
break;
f = p;
p = strchr(p, ',');
if (p != NULL)
*p++ = '\0';
v = strchr(f, '=');
if (v == NULL)
continue;
while (isascii(*++v) && isspace(*v))
continue;
switch (*f)
{
case 'A': /* address */
#if !_FFR_DPO_CS
case 'a':
-#endif /* !_FFR_DPO_CS */
+#endif
addr = v;
break;
case 'c':
d->d_maxchildren = atoi(v);
break;
case 'D': /* DeliveryMode */
switch (*v)
{
case SM_QUEUE:
case SM_DEFER:
case SM_DELIVER:
case SM_FORK:
#if _FFR_PROXY
case SM_PROXY_REQ:
-#endif /* _FFR_PROXY */
+#endif
d->d_dm = *v;
break;
default:
syserr("554 5.3.5 Unknown delivery mode %c",
*v);
break;
}
break;
case 'd': /* delayLA */
d->d_delayLA = atoi(v);
break;
case 'F': /* address family */
#if !_FFR_DPO_CS
case 'f':
-#endif /* !_FFR_DPO_CS */
+#endif
if (isascii(*v) && isdigit(*v))
d->d_addr.sa.sa_family = atoi(v);
#ifdef NETUNIX
else if (sm_strcasecmp(v, "unix") == 0 ||
sm_strcasecmp(v, "local") == 0)
d->d_addr.sa.sa_family = AF_UNIX;
-#endif /* NETUNIX */
+#endif
#if NETINET
else if (sm_strcasecmp(v, "inet") == 0)
d->d_addr.sa.sa_family = AF_INET;
-#endif /* NETINET */
+#endif
#if NETINET6
else if (sm_strcasecmp(v, "inet6") == 0)
d->d_addr.sa.sa_family = AF_INET6;
-#endif /* NETINET6 */
+#endif
#if NETISO
else if (sm_strcasecmp(v, "iso") == 0)
d->d_addr.sa.sa_family = AF_ISO;
-#endif /* NETISO */
+#endif
#if NETNS
else if (sm_strcasecmp(v, "ns") == 0)
d->d_addr.sa.sa_family = AF_NS;
-#endif /* NETNS */
+#endif
#if NETX25
else if (sm_strcasecmp(v, "x.25") == 0)
d->d_addr.sa.sa_family = AF_CCITT;
-#endif /* NETX25 */
+#endif
else
syserr("554 5.3.5 Unknown address family %s in Family=option",
v);
break;
#if MILTER
case 'I':
# if !_FFR_DPO_CS
case 'i':
-# endif /* !_FFR_DPO_CS */
+# endif
d->d_inputfilterlist = v;
break;
#endif /* MILTER */
case 'L': /* listen queue size */
#if !_FFR_DPO_CS
case 'l':
-#endif /* !_FFR_DPO_CS */
+#endif
d->d_listenqueue = atoi(v);
break;
case 'M': /* modifiers (flags) */
#if !_FFR_DPO_CS
case 'm':
-#endif /* !_FFR_DPO_CS */
+#endif
d->d_mflags = getmodifiers(v, d->d_flags);
break;
case 'N': /* name */
#if !_FFR_DPO_CS
case 'n':
-#endif /* !_FFR_DPO_CS */
+#endif
d->d_name = v;
break;
case 'P': /* port */
#if !_FFR_DPO_CS
case 'p':
-#endif /* !_FFR_DPO_CS */
+#endif
port = v;
break;
case 'q':
d->d_queueLA = atoi(v);
break;
case 'R': /* receive buffer size */
d->d_tcprcvbufsize = atoi(v);
break;
case 'r':
d->d_refuseLA = atoi(v);
break;
case 'S': /* send buffer size */
#if !_FFR_DPO_CS
case 's':
-#endif /* !_FFR_DPO_CS */
+#endif
d->d_tcpsndbufsize = atoi(v);
break;
#if _FFR_SS_PER_DAEMON
case 'T': /* SuperSafe */
if (tolower(*v) == 'i')
d->d_supersafe = SAFE_INTERACTIVE;
else if (tolower(*v) == 'p')
# if MILTER
d->d_supersafe = SAFE_REALLY_POSTMILTER;
# else /* MILTER */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: SuperSafe=PostMilter requires Milter support (-DMILTER)\n");
# endif /* MILTER */
else
d->d_supersafe = atobool(v) ? SAFE_REALLY
: SAFE_NO;
break;
#endif /* _FFR_SS_PER_DAEMON */
default:
syserr("554 5.3.5 PortOptions parameter \"%s\" unknown",
f);
}
}
/* Check addr and port after finding family */
if (addr != NULL)
{
switch (d->d_addr.sa.sa_family)
{
#if NETUNIX
case AF_UNIX:
if (strlen(addr) >= sizeof(d->d_addr.sunix.sun_path))
{
errno = ENAMETOOLONG;
syserr("setsockaddroptions: domain socket name too long: %s > %ld",
addr,
(long) sizeof(d->d_addr.sunix.sun_path));
break;
}
/* file safety check done in opendaemonsocket() */
(void) memset(&d->d_addr.sunix.sun_path, '\0',
sizeof(d->d_addr.sunix.sun_path));
(void) sm_strlcpy((char *)&d->d_addr.sunix.sun_path,
addr,
sizeof(d->d_addr.sunix.sun_path));
break;
#endif /* NETUNIX */
#if NETINET
case AF_INET:
if (!isascii(*addr) || !isdigit(*addr) ||
((d->d_addr.sin.sin_addr.s_addr = inet_addr(addr))
== INADDR_NONE))
{
register struct hostent *hp;
hp = sm_gethostbyname(addr, AF_INET);
if (hp == NULL)
syserr("554 5.3.0 host \"%s\" unknown",
addr);
else
{
while (*(hp->h_addr_list) != NULL &&
hp->h_addrtype != AF_INET)
hp->h_addr_list++;
if (*(hp->h_addr_list) == NULL)
syserr("554 5.3.0 host \"%s\" unknown",
addr);
else
memmove(&d->d_addr.sin.sin_addr,
*(hp->h_addr_list),
INADDRSZ);
-# if NETINET6
- freehostent(hp);
- hp = NULL;
-# endif /* NETINET6 */
+ FREEHOSTENT(hp, NULL);
}
}
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
if (anynet_pton(AF_INET6, addr,
&d->d_addr.sin6.sin6_addr) != 1)
{
register struct hostent *hp;
hp = sm_gethostbyname(addr, AF_INET6);
if (hp == NULL)
syserr("554 5.3.0 host \"%s\" unknown",
addr);
else
{
while (*(hp->h_addr_list) != NULL &&
hp->h_addrtype != AF_INET6)
hp->h_addr_list++;
if (*(hp->h_addr_list) == NULL)
syserr("554 5.3.0 host \"%s\" unknown",
addr);
else
memmove(&d->d_addr.sin6.sin6_addr,
*(hp->h_addr_list),
IN6ADDRSZ);
- freehostent(hp);
- hp = NULL;
+ FREEHOSTENT(hp, NULL);
}
}
break;
#endif /* NETINET6 */
default:
syserr("554 5.3.5 address= option unsupported for family %d",
d->d_addr.sa.sa_family);
break;
}
}
if (port != NULL)
{
switch (d->d_addr.sa.sa_family)
{
#if NETINET
case AF_INET:
if (isascii(*port) && isdigit(*port))
d->d_addr.sin.sin_port = htons((unsigned short)
atoi((const char *) port));
else
{
# ifdef NO_GETSERVBYNAME
syserr("554 5.3.5 invalid port number: %s",
port);
# else /* NO_GETSERVBYNAME */
register struct servent *sp;
sp = getservbyname(port, "tcp");
if (sp == NULL)
syserr("554 5.3.5 service \"%s\" unknown",
port);
else
d->d_addr.sin.sin_port = sp->s_port;
# endif /* NO_GETSERVBYNAME */
}
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
if (isascii(*port) && isdigit(*port))
d->d_addr.sin6.sin6_port = htons((unsigned short)
atoi(port));
else
{
# ifdef NO_GETSERVBYNAME
syserr("554 5.3.5 invalid port number: %s",
port);
# else /* NO_GETSERVBYNAME */
register struct servent *sp;
sp = getservbyname(port, "tcp");
if (sp == NULL)
syserr("554 5.3.5 service \"%s\" unknown",
port);
else
d->d_addr.sin6.sin6_port = sp->s_port;
# endif /* NO_GETSERVBYNAME */
}
break;
#endif /* NETINET6 */
#if NETISO
case AF_ISO:
/* assume two byte transport selector */
if (isascii(*port) && isdigit(*port))
portno = htons((unsigned short) atoi(port));
else
{
# ifdef NO_GETSERVBYNAME
syserr("554 5.3.5 invalid port number: %s",
port);
# else /* NO_GETSERVBYNAME */
register struct servent *sp;
sp = getservbyname(port, "tcp");
if (sp == NULL)
syserr("554 5.3.5 service \"%s\" unknown",
port);
else
portno = sp->s_port;
# endif /* NO_GETSERVBYNAME */
}
memmove(TSEL(&d->d_addr.siso),
(char *) &portno, 2);
break;
#endif /* NETISO */
default:
syserr("554 5.3.5 Port= option unsupported for family %d",
d->d_addr.sa.sa_family);
break;
}
}
}
/*
** SETDAEMONOPTIONS -- set options for running the MTA daemon
**
** Parameters:
** p -- the options line.
**
** Returns:
** true if successful, false otherwise.
**
** Side Effects:
** increments number of daemons.
*/
#define DEF_LISTENQUEUE 10
struct dflags
{
char *d_name;
int d_flag;
};
static struct dflags DaemonFlags[] =
{
{ "AUTHREQ", D_AUTHREQ },
{ "BINDIF", D_BINDIF },
{ "CANONREQ", D_CANONREQ },
{ "IFNHELO", D_IFNHELO },
{ "FQMAIL", D_FQMAIL },
{ "FQRCPT", D_FQRCPT },
{ "SMTPS", D_SMTPS },
{ "UNQUALOK", D_UNQUALOK },
{ "NOAUTH", D_NOAUTH },
{ "NOCANON", D_NOCANON },
{ "NOETRN", D_NOETRN },
{ "NOTLS", D_NOTLS },
{ "ETRNONLY", D_ETRNONLY },
{ "OPTIONAL", D_OPTIONAL },
{ "DISABLE", D_DISABLE },
{ "ISSET", D_ISSET },
{ NULL, 0 }
};
static void
printdaemonflags(d)
DAEMON_T *d;
{
register struct dflags *df;
bool first = true;
for (df = DaemonFlags; df->d_name != NULL; df++)
{
if (!bitnset(df->d_flag, d->d_flags))
continue;
if (first)
sm_dprintf("<%s", df->d_name);
else
sm_dprintf(",%s", df->d_name);
first = false;
}
if (!first)
sm_dprintf(">");
}
bool
setdaemonoptions(p)
register char *p;
{
if (NDaemons >= MAXDAEMONS)
return false;
Daemons[NDaemons].d_socket = -1;
Daemons[NDaemons].d_listenqueue = DEF_LISTENQUEUE;
clrbitmap(Daemons[NDaemons].d_flags);
setsockaddroptions(p, &Daemons[NDaemons]);
#if MILTER
if (Daemons[NDaemons].d_inputfilterlist != NULL)
Daemons[NDaemons].d_inputfilterlist = newstr(Daemons[NDaemons].d_inputfilterlist);
-#endif /* MILTER */
+#endif
if (Daemons[NDaemons].d_name != NULL)
Daemons[NDaemons].d_name = newstr(Daemons[NDaemons].d_name);
else
{
char num[30];
(void) sm_snprintf(num, sizeof(num), "Daemon%d", NDaemons);
Daemons[NDaemons].d_name = newstr(num);
}
if (tTd(37, 1))
{
sm_dprintf("Daemon %s flags: ", Daemons[NDaemons].d_name);
printdaemonflags(&Daemons[NDaemons]);
sm_dprintf("\n");
}
++NDaemons;
return true;
}
/*
** INITDAEMON -- initialize daemon if not yet done.
**
** Parameters:
** none
**
** Returns:
** none
**
** Side Effects:
** initializes structure for one daemon.
*/
void
initdaemon()
{
if (NDaemons == 0)
{
Daemons[NDaemons].d_socket = -1;
Daemons[NDaemons].d_listenqueue = DEF_LISTENQUEUE;
Daemons[NDaemons].d_name = "Daemon0";
NDaemons = 1;
}
}
/*
** SETCLIENTOPTIONS -- set options for running the client
**
** Parameters:
** p -- the options line.
**
** Returns:
** none.
*/
static DAEMON_T ClientSettings[AF_MAX + 1];
void
setclientoptions(p)
register char *p;
{
int family;
DAEMON_T d;
memset(&d, '\0', sizeof(d));
setsockaddroptions(p, &d);
/* grab what we need */
family = d.d_addr.sa.sa_family;
STRUCTCOPY(d, ClientSettings[family]);
setbitn(D_ISSET, ClientSettings[family].d_flags); /* mark as set */
if (d.d_name != NULL)
ClientSettings[family].d_name = newstr(d.d_name);
else
{
char num[30];
(void) sm_snprintf(num, sizeof(num), "Client%d", family);
ClientSettings[family].d_name = newstr(num);
}
}
/*
** ADDR_FAMILY -- determine address family from address
**
** Parameters:
** addr -- the string representation of the address
**
** Returns:
** AF_INET, AF_INET6 or AF_UNSPEC
**
** Side Effects:
** none.
*/
static int
addr_family(addr)
char *addr;
{
#if NETINET6
SOCKADDR clt_addr;
-#endif /* NETINET6 */
+#endif
#if NETINET
if (inet_addr(addr) != INADDR_NONE)
{
if (tTd(16, 9))
sm_dprintf("addr_family(%s): INET\n", addr);
return AF_INET;
}
#endif /* NETINET */
#if NETINET6
if (anynet_pton(AF_INET6, addr, &clt_addr.sin6.sin6_addr) == 1)
{
if (tTd(16, 9))
sm_dprintf("addr_family(%s): INET6\n", addr);
return AF_INET6;
}
#endif /* NETINET6 */
#if NETUNIX
if (*addr == '/')
{
if (tTd(16, 9))
sm_dprintf("addr_family(%s): LOCAL\n", addr);
return AF_UNIX;
}
#endif /* NETUNIX */
if (tTd(16, 9))
sm_dprintf("addr_family(%s): UNSPEC\n", addr);
return AF_UNSPEC;
}
/*
** CHKCLIENTMODIFIERS -- check whether all clients have set a flag.
**
** Parameters:
** flag -- the flag to test.
**
** Returns:
** true iff all configured clients have set the flag.
*/
bool
chkclientmodifiers(flag)
int flag;
{
int i;
bool flagisset;
flagisset = false;
for (i = 0; i < AF_MAX; i++)
{
if (bitnset(D_ISSET, ClientSettings[i].d_flags))
{
if (!bitnset((char) flag, ClientSettings[i].d_flags))
return false;
flagisset = true;
}
}
return flagisset;
}
#if MILTER
/*
** SETUP_DAEMON_MILTERS -- Parse per-socket filters
**
** Parameters:
** none
**
** Returns:
** none
*/
void
setup_daemon_milters()
{
int idx;
if (OpMode == MD_SMTP)
{
/* no need to configure the daemons */
return;
}
for (idx = 0; idx < NDaemons; idx++)
{
if (Daemons[idx].d_inputfilterlist != NULL)
{
milter_config(Daemons[idx].d_inputfilterlist,
Daemons[idx].d_inputfilters,
MAXFILTERS);
}
}
}
#endif /* MILTER */
/*
** MAKECONNECTION -- make a connection to an SMTP socket on a machine.
**
** Parameters:
** host -- the name of the host.
** port -- the port number to connect to.
** mci -- a pointer to the mail connection information
** structure to be filled in.
** e -- the current envelope.
** enough -- time at which to stop further connection attempts.
** (0 means no limit)
**
** Returns:
** An exit code telling whether the connection could be
** made and if not why not.
**
** Side Effects:
** none.
*/
static jmp_buf CtxConnectTimeout;
SOCKADDR CurHostAddr; /* address of current host */
int
-makeconnection(host, port, mci, e, enough)
+makeconnection(host, port, mci, e, enough
+#if DANE
+ , ptlsa_flags
+#endif
+ )
char *host;
volatile unsigned int port;
register MCI *mci;
ENVELOPE *e;
time_t enough;
+#if DANE
+ unsigned long *ptlsa_flags;
+#endif
{
register volatile int addrno = 0;
volatile int s;
register struct hostent *volatile hp = (struct hostent *) NULL;
SOCKADDR addr;
SOCKADDR clt_addr;
int save_errno = 0;
volatile SOCKADDR_LEN_T addrlen;
volatile bool firstconnect = true;
SM_EVENT *volatile ev = NULL;
#if NETINET6
volatile bool v6found = false;
-#endif /* NETINET6 */
+#endif
volatile int family = InetMode;
SOCKADDR_LEN_T len;
volatile SOCKADDR_LEN_T socksize = 0;
volatile bool clt_bind;
BITMAP256 d_flags;
char *p;
extern ENVELOPE BlankEnvelope;
+#if DANE
+ unsigned long tlsa_flags;
+#endif
+#if DANE && NETINET6
+ struct hostent *volatile hs = (struct hostent *) NULL;
+#else
+# define hs ((struct hostent *) NULL)
+#endif
+
+#if DANE
+ SM_REQUIRE(ptlsa_flags != NULL);
+ tlsa_flags = *ptlsa_flags;
+ *ptlsa_flags &= ~(TLSAFLALWAYS|TLSAFLSECURE);
+#endif
/* retranslate {daemon_flags} into bitmap */
clrbitmap(d_flags);
if ((p = macvalue(macid("{daemon_flags}"), e)) != NULL)
{
for (; *p != '\0'; p++)
{
- if (!(isascii(*p) && isspace(*p)))
+ if (!(SM_ISSPACE(*p)))
setbitn(bitidx(*p), d_flags);
}
}
#if NETINET6
v4retry:
-#endif /* NETINET6 */
+#endif
clt_bind = false;
/* Set up the address for outgoing connection. */
if (bitnset(D_BINDIF, d_flags) &&
(p = macvalue(macid("{if_addr}"), e)) != NULL &&
*p != '\0')
{
#if NETINET6
char p6[INET6_ADDRSTRLEN];
-#endif /* NETINET6 */
+#endif
memset(&clt_addr, '\0', sizeof(clt_addr));
/* infer the address family from the address itself */
clt_addr.sa.sa_family = addr_family(p);
switch (clt_addr.sa.sa_family)
{
#if NETINET
case AF_INET:
clt_addr.sin.sin_addr.s_addr = inet_addr(p);
if (clt_addr.sin.sin_addr.s_addr != INADDR_NONE &&
clt_addr.sin.sin_addr.s_addr !=
htonl(INADDR_LOOPBACK))
{
clt_bind = true;
socksize = sizeof(struct sockaddr_in);
}
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
if (inet_addr(p) != INADDR_NONE)
(void) sm_snprintf(p6, sizeof(p6),
"IPv6:::ffff:%s", p);
else
(void) sm_strlcpy(p6, p, sizeof(p6));
if (anynet_pton(AF_INET6, p6,
&clt_addr.sin6.sin6_addr) == 1 &&
!IN6_IS_ADDR_LOOPBACK(&clt_addr.sin6.sin6_addr))
{
clt_bind = true;
socksize = sizeof(struct sockaddr_in6);
}
break;
#endif /* NETINET6 */
#if 0
default:
syserr("554 5.3.5 Address= option unsupported for family %d",
clt_addr.sa.sa_family);
break;
#endif /* 0 */
}
if (clt_bind)
family = clt_addr.sa.sa_family;
}
/* D_BINDIF not set or not available, fallback to ClientPortOptions */
if (!clt_bind)
{
STRUCTCOPY(ClientSettings[family].d_addr, clt_addr);
switch (clt_addr.sa.sa_family)
{
#if NETINET
case AF_INET:
if (clt_addr.sin.sin_addr.s_addr == 0)
clt_addr.sin.sin_addr.s_addr = LocalDaemon ?
htonl(INADDR_LOOPBACK) : INADDR_ANY;
else
clt_bind = true;
if (clt_addr.sin.sin_port != 0)
clt_bind = true;
socksize = sizeof(struct sockaddr_in);
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
if (IN6_IS_ADDR_UNSPECIFIED(&clt_addr.sin6.sin6_addr))
clt_addr.sin6.sin6_addr =
(LocalDaemon && V6LoopbackAddrFound) ?
in6addr_loopback : in6addr_any;
else
clt_bind = true;
socksize = sizeof(struct sockaddr_in6);
if (clt_addr.sin6.sin6_port != 0)
clt_bind = true;
break;
#endif /* NETINET6 */
#if NETISO
case AF_ISO:
socksize = sizeof(clt_addr.siso);
clt_bind = true;
break;
#endif /* NETISO */
default:
break;
}
}
/*
** Set up the address for the mailer.
** Accept "[a.b.c.d]" syntax for host name.
*/
SM_SET_H_ERRNO(0);
errno = 0;
memset(&CurHostAddr, '\0', sizeof(CurHostAddr));
memset(&addr, '\0', sizeof(addr));
SmtpPhase = mci->mci_phase = "initial connection";
CurHostName = host;
if (host[0] == '[')
{
p = strchr(host, ']');
if (p != NULL)
{
#if NETINET
unsigned long hid = INADDR_NONE;
-#endif /* NETINET */
+#endif
#if NETINET6
struct sockaddr_in6 hid6;
-#endif /* NETINET6 */
+#endif
*p = '\0';
#if NETINET6
memset(&hid6, '\0', sizeof(hid6));
-#endif /* NETINET6 */
+#endif
#if NETINET
if (family == AF_INET &&
(hid = inet_addr(&host[1])) != INADDR_NONE)
{
addr.sin.sin_family = AF_INET;
addr.sin.sin_addr.s_addr = hid;
}
else
#endif /* NETINET */
#if NETINET6
if (family == AF_INET6 &&
anynet_pton(AF_INET6, &host[1],
&hid6.sin6_addr) == 1)
{
addr.sin6.sin6_family = AF_INET6;
addr.sin6.sin6_addr = hid6.sin6_addr;
}
else
#endif /* NETINET6 */
{
/* try it as a host name (avoid MX lookup) */
hp = sm_gethostbyname(&host[1], family);
if (hp == NULL && p[-1] == '.')
{
#if NAMED_BIND
int oldopts = _res.options;
_res.options &= ~(RES_DEFNAMES|RES_DNSRCH);
#endif /* NAMED_BIND */
p[-1] = '\0';
hp = sm_gethostbyname(&host[1],
family);
p[-1] = '.';
#if NAMED_BIND
_res.options = oldopts;
-#endif /* NAMED_BIND */
+#endif
}
*p = ']';
goto gothostent;
}
*p = ']';
}
if (p == NULL)
{
extern char MsgBuf[];
usrerrenh("5.1.2",
"553 Invalid numeric domain spec \"%s\"",
host);
mci_setstat(mci, EX_NOHOST, "5.1.2", MsgBuf);
errno = EINVAL;
return EX_NOHOST;
}
}
else
{
/* contortion to get around SGI cc complaints */
{
p = &host[strlen(host) - 1];
- hp = sm_gethostbyname(host, family);
+#if DANE
+ if (tTd(16, 40))
+ sm_dprintf("makeconnection: tlsa_flags=%lX, host=%s\n",
+ tlsa_flags, host);
+ if (DANEMODE(tlsa_flags) == DANE_SECURE
+# if DNSSEC_TEST
+ || tTd(8, 120)
+# endif
+ )
+ {
+ DNS_REPLY_T *rr;
+ int err, herr;
+
+ rr = dns_lookup_int(host, C_IN, FAM2T_(family),
+ 0, 0, SM_RES_DNSSEC, 0, &err, &herr);
+
+ /*
+ ** Check for errors!
+ ** If no ad: turn off TLSA.
+ ** permail: use "normal" method?
+ ** tempfail: delay or use "normal" method?
+ */
+
+ if (rr != NULL && rr->dns_r_h.ad == 1)
+ {
+ *ptlsa_flags |= DANE_SECURE;
+ if ((TLSAFLTEMP & *ptlsa_flags) != 0)
+ {
+ dns_free_data(rr);
+ rr = NULL;
+ return EX_TEMPFAIL;
+ }
+ hp = dns2he(rr, family);
+#if NETINET6
+ hs = hp;
+#endif
+ }
+
+ /* other possible "tempfails"? */
+ if (rr == NULL && h_errno == TRY_AGAIN)
+ goto gothostent;
+
+ dns_free_data(rr);
+ rr = NULL;
+ }
+#endif
+ if (hp == NULL)
+ hp = sm_gethostbyname(host, family);
if (hp == NULL && *p == '.')
{
#if NAMED_BIND
int oldopts = _res.options;
_res.options &= ~(RES_DEFNAMES|RES_DNSRCH);
-#endif /* NAMED_BIND */
+#endif
*p = '\0';
hp = sm_gethostbyname(host, family);
*p = '.';
#if NAMED_BIND
_res.options = oldopts;
-#endif /* NAMED_BIND */
+#endif
}
}
gothostent:
if (hp == NULL || hp->h_addr == NULL)
{
#if NAMED_BIND
/* check for name server timeouts */
# if NETINET6
if (WorkAroundBrokenAAAA && family == AF_INET6 &&
(h_errno == TRY_AGAIN || errno == ETIMEDOUT))
{
/*
** An attempt with family AF_INET may
** succeed. By skipping the next section
** of code, we will try AF_INET before
** failing.
*/
if (tTd(16, 10))
sm_dprintf("makeconnection: WorkAroundBrokenAAAA: Trying AF_INET lookup (AF_INET6 failed)\n");
}
else
# endif /* NETINET6 */
{
if (errno == ETIMEDOUT ||
# if _FFR_GETHBN_ExFILE
# ifdef EMFILE
errno == EMFILE ||
-# endif /* EMFILE */
+# endif
# ifdef ENFILE
errno == ENFILE ||
-# endif /* ENFILE */
+# endif
# endif /* _FFR_GETHBN_ExFILE */
h_errno == TRY_AGAIN ||
(errno == ECONNREFUSED && UseNameServer))
{
save_errno = errno;
mci_setstat(mci, EX_TEMPFAIL,
"4.4.3", NULL);
errno = save_errno;
return EX_TEMPFAIL;
}
}
#endif /* NAMED_BIND */
#if NETINET6
/*
** Try v6 first, then fall back to v4.
** If we found a v6 address, but no v4
** addresses, then TEMPFAIL.
*/
if (family == AF_INET6)
{
family = AF_INET;
goto v4retry;
}
if (v6found)
goto v6tempfail;
#endif /* NETINET6 */
save_errno = errno;
mci_setstat(mci, EX_NOHOST, "5.1.2", NULL);
errno = save_errno;
return EX_NOHOST;
}
addr.sa.sa_family = hp->h_addrtype;
switch (hp->h_addrtype)
{
#if NETINET
case AF_INET:
memmove(&addr.sin.sin_addr,
hp->h_addr,
INADDRSZ);
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
memmove(&addr.sin6.sin6_addr,
hp->h_addr,
IN6ADDRSZ);
break;
#endif /* NETINET6 */
default:
if (hp->h_length > sizeof(addr.sa.sa_data))
{
syserr("makeconnection: long sa_data: family %d len %d",
hp->h_addrtype, hp->h_length);
mci_setstat(mci, EX_NOHOST, "5.1.2", NULL);
errno = EINVAL;
return EX_NOHOST;
}
memmove(addr.sa.sa_data, hp->h_addr, hp->h_length);
break;
}
addrno = 1;
}
+#if _FFR_TESTS
+ /*
+ ** Hack for testing.
+ ** Hardcoded:
+ ** 10.1.1.12: see meta1.tns XREF IP address
+ ** 8754: see common.sh XREF SNKPORT2
+ */
+
+ if (tTd(77, 101) && hp->h_addrtype == AF_INET &&
+ addr.sin.sin_addr.s_addr == inet_addr("10.1.1.12"))
+ {
+ addr.sin.sin_addr.s_addr = inet_addr("127.0.0.1");
+ port = htons(8754);
+ sm_dprintf("hack host=%s addr=[%s].%d\n", host,
+ anynet_ntoa(&addr), ntohs(port));
+ }
+#endif
+
/*
** Determine the port number.
*/
if (port == 0)
{
#ifdef NO_GETSERVBYNAME
port = htons(25);
#else /* NO_GETSERVBYNAME */
register struct servent *sp = getservbyname("smtp", "tcp");
if (sp == NULL)
{
if (LogLevel > 2)
sm_syslog(LOG_ERR, NOQID,
"makeconnection: service \"smtp\" unknown");
port = htons(25);
}
else
port = sp->s_port;
#endif /* NO_GETSERVBYNAME */
}
#if NETINET6
if (addr.sa.sa_family == AF_INET6 &&
IN6_IS_ADDR_V4MAPPED(&addr.sin6.sin6_addr) &&
ClientSettings[AF_INET].d_addr.sa.sa_family != 0)
{
/*
** Ignore mapped IPv4 address since
** there is a ClientPortOptions setting
** for IPv4.
*/
goto nextaddr;
}
#endif /* NETINET6 */
switch (addr.sa.sa_family)
{
#if NETINET
case AF_INET:
addr.sin.sin_port = port;
addrlen = sizeof(struct sockaddr_in);
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
addr.sin6.sin6_port = port;
addrlen = sizeof(struct sockaddr_in6);
break;
#endif /* NETINET6 */
#if NETISO
case AF_ISO:
/* assume two byte transport selector */
memmove(TSEL((struct sockaddr_iso *) &addr), (char *) &port, 2);
addrlen = sizeof(struct sockaddr_iso);
break;
#endif /* NETISO */
default:
syserr("Can't connect to address family %d", addr.sa.sa_family);
mci_setstat(mci, EX_NOHOST, "5.1.2", NULL);
errno = EINVAL;
-#if NETINET6
- if (hp != NULL)
- freehostent(hp);
-#endif /* NETINET6 */
+ FREEHOSTENT(hp, hs);
return EX_NOHOST;
}
/*
** Try to actually open the connection.
*/
#if XLA
/* if too many connections, don't bother trying */
if (!xla_noqueue_ok(host))
{
-# if NETINET6
- if (hp != NULL)
- freehostent(hp);
-# endif /* NETINET6 */
+ FREEHOSTENT(hp, hs);
return EX_TEMPFAIL;
}
#endif /* XLA */
+#if _FFR_OCC
+# define OCC_CLOSE occ_close(e, mci, host, &addr)
+ /* HACK!!!! just to see if this can work at all... */
+ if (occ_exceeded(e, mci, host, &addr))
+ {
+ FREEHOSTENT(hp, hs);
+ sm_syslog(LOG_DEBUG, e->e_id,
+ "stat=occ_exceeded, host=%s, addr=%s",
+ host, anynet_ntoa(&addr));
+
+ /*
+ ** to get a more specific stat= message set errno
+ ** or make up one in sm, see sm_errstring()
+ */
+
+ mci_setstat(mci, EX_TEMPFAIL, "4.4.5", "450 occ_exceeded"); /* check D.S.N */
+ errno = EAGAIN;
+ return EX_TEMPFAIL;
+ }
+#else /* _FFR_OCC */
+# define OCC_CLOSE
+#endif /* _FFR_OCC */
+
for (;;)
{
if (tTd(16, 1))
sm_dprintf("makeconnection (%s [%s].%d (%d))\n",
host, anynet_ntoa(&addr), ntohs(port),
(int) addr.sa.sa_family);
/* save for logging */
CurHostAddr = addr;
#if HASRRESVPORT
if (bitnset(M_SECURE_PORT, mci->mci_mailer->m_flags))
{
int rport = IPPORT_RESERVED - 1;
s = rresvport(&rport);
}
else
#endif /* HASRRESVPORT */
{
s = socket(addr.sa.sa_family, SOCK_STREAM, 0);
}
if (s < 0)
{
save_errno = errno;
syserr("makeconnection: cannot create socket");
#if XLA
xla_host_end(host);
-#endif /* XLA */
+#endif
mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
-#if NETINET6
- if (hp != NULL)
- freehostent(hp);
-#endif /* NETINET6 */
+ FREEHOSTENT(hp, hs);
errno = save_errno;
+ OCC_CLOSE;
return EX_TEMPFAIL;
}
#ifdef SO_SNDBUF
if (ClientSettings[family].d_tcpsndbufsize > 0)
{
if (setsockopt(s, SOL_SOCKET, SO_SNDBUF,
(char *) &ClientSettings[family].d_tcpsndbufsize,
sizeof(ClientSettings[family].d_tcpsndbufsize)) < 0)
syserr("makeconnection: setsockopt(SO_SNDBUF)");
}
#endif /* SO_SNDBUF */
#ifdef SO_RCVBUF
if (ClientSettings[family].d_tcprcvbufsize > 0)
{
if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
(char *) &ClientSettings[family].d_tcprcvbufsize,
sizeof(ClientSettings[family].d_tcprcvbufsize)) < 0)
syserr("makeconnection: setsockopt(SO_RCVBUF)");
}
#endif /* SO_RCVBUF */
if (tTd(16, 1))
sm_dprintf("makeconnection: fd=%d\n", s);
/* turn on network debugging? */
if (tTd(16, 101))
{
int on = 1;
(void) setsockopt(s, SOL_SOCKET, SO_DEBUG,
(char *)&on, sizeof(on));
}
if (e->e_xfp != NULL) /* for debugging */
(void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);
errno = 0; /* for debugging */
if (clt_bind)
{
int on = 1;
switch (clt_addr.sa.sa_family)
{
#if NETINET
case AF_INET:
if (clt_addr.sin.sin_port != 0)
(void) setsockopt(s, SOL_SOCKET,
SO_REUSEADDR,
(char *) &on,
sizeof(on));
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
if (clt_addr.sin6.sin6_port != 0)
(void) setsockopt(s, SOL_SOCKET,
SO_REUSEADDR,
(char *) &on,
sizeof(on));
break;
#endif /* NETINET6 */
}
if (bind(s, &clt_addr.sa, socksize) < 0)
{
save_errno = errno;
(void) close(s);
errno = save_errno;
syserr("makeconnection: cannot bind socket [%s]",
anynet_ntoa(&clt_addr));
-#if NETINET6
- if (hp != NULL)
- freehostent(hp);
-#endif /* NETINET6 */
+ FREEHOSTENT(hp, hs);
errno = save_errno;
+ OCC_CLOSE;
return EX_TEMPFAIL;
}
}
/*
** Linux seems to hang in connect for 90 minutes (!!!).
** Time out the connect to avoid this problem.
*/
if (setjmp(CtxConnectTimeout) == 0)
{
int i;
if (e->e_ntries <= 0 && TimeOuts.to_iconnect != 0)
ev = sm_setevent(TimeOuts.to_iconnect,
connecttimeout, 0);
else if (TimeOuts.to_connect != 0)
ev = sm_setevent(TimeOuts.to_connect,
connecttimeout, 0);
else
ev = NULL;
switch (ConnectOnlyTo.sa.sa_family)
{
#if NETINET
case AF_INET:
addr.sin.sin_addr.s_addr = ConnectOnlyTo.sin.sin_addr.s_addr;
addr.sa.sa_family = ConnectOnlyTo.sa.sa_family;
+ if (ConnectOnlyTo.sin.sin_port != 0)
+ {
+ port = ConnectOnlyTo.sin.sin_port;
+ addr.sin.sin_port = port;
+ }
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
memmove(&addr.sin6.sin6_addr,
&ConnectOnlyTo.sin6.sin6_addr,
IN6ADDRSZ);
+ if (ConnectOnlyTo.sin6.sin6_port != 0)
+ {
+ port = ConnectOnlyTo.sin6.sin6_port;
+ addr.sin6.sin6_port = port;
+ }
break;
#endif /* NETINET6 */
}
if (tTd(16, 1))
- sm_dprintf("Connecting to [%s]...\n", anynet_ntoa(&addr));
+ sm_dprintf("Connecting to [%s].%d...\n",
+ anynet_ntoa(&addr), ntohs(port));
+
i = connect(s, (struct sockaddr *) &addr, addrlen);
save_errno = errno;
if (ev != NULL)
sm_clrevent(ev);
if (i >= 0)
break;
}
else
save_errno = errno;
/* couldn't connect.... figure out why */
(void) close(s);
/* if running demand-dialed connection, try again */
if (DialDelay > 0 && firstconnect &&
bitnset(M_DIALDELAY, mci->mci_mailer->m_flags))
{
if (tTd(16, 1))
sm_dprintf("Connect failed (%s); trying again...\n",
sm_errstring(save_errno));
firstconnect = false;
(void) sleep(DialDelay);
continue;
}
if (LogLevel > 13)
sm_syslog(LOG_INFO, e->e_id,
- "makeconnection (%s [%s]) failed: %s",
- host, anynet_ntoa(&addr),
+ "makeconnection (%s [%s].%d (%d)) failed: %s",
+ host, anynet_ntoa(&addr), ntohs(port),
+ (int) addr.sa.sa_family,
sm_errstring(save_errno));
#if NETINET6
nextaddr:
#endif /* NETINET6 */
if (hp != NULL && hp->h_addr_list[addrno] != NULL &&
(enough == 0 || curtime() < enough))
{
if (tTd(16, 1))
sm_dprintf("Connect failed (%s); trying new address....\n",
sm_errstring(save_errno));
switch (addr.sa.sa_family)
{
#if NETINET
case AF_INET:
memmove(&addr.sin.sin_addr,
hp->h_addr_list[addrno++],
INADDRSZ);
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
memmove(&addr.sin6.sin6_addr,
hp->h_addr_list[addrno++],
IN6ADDRSZ);
break;
#endif /* NETINET6 */
default:
memmove(addr.sa.sa_data,
hp->h_addr_list[addrno++],
hp->h_length);
break;
}
continue;
}
errno = save_errno;
#if NETINET6
if (family == AF_INET6)
{
if (tTd(16, 1))
sm_dprintf("Connect failed (%s); retrying with AF_INET....\n",
sm_errstring(save_errno));
v6found = true;
family = AF_INET;
- if (hp != NULL)
- {
- freehostent(hp);
- hp = NULL;
- }
+ FREEHOSTENT(hp, hs);
goto v4retry;
}
v6tempfail:
#endif /* NETINET6 */
/* couldn't open connection */
#if NETINET6
/* Don't clobber an already saved errno from v4retry */
if (errno > 0)
-#endif /* NETINET6 */
+#endif
save_errno = errno;
if (tTd(16, 1))
sm_dprintf("Connect failed (%s)\n",
sm_errstring(save_errno));
#if XLA
xla_host_end(host);
-#endif /* XLA */
+#endif
mci_setstat(mci, EX_TEMPFAIL, "4.4.1", NULL);
-#if NETINET6
- if (hp != NULL)
- freehostent(hp);
-#endif /* NETINET6 */
+ FREEHOSTENT(hp, hs);
errno = save_errno;
+ OCC_CLOSE;
return EX_TEMPFAIL;
}
-#if NETINET6
- if (hp != NULL)
- {
- freehostent(hp);
- hp = NULL;
- }
-#endif /* NETINET6 */
+ FREEHOSTENT(hp, hs);
/* connection ok, put it into canonical form */
mci->mci_out = NULL;
if ((mci->mci_out = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &s,
SM_IO_WRONLY_B, NULL)) == NULL ||
(s = dup(s)) < 0 ||
(mci->mci_in = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &s,
SM_IO_RDONLY_B, NULL)) == NULL)
{
save_errno = errno;
syserr("cannot open SMTP client channel, fd=%d", s);
mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
if (mci->mci_out != NULL)
(void) sm_io_close(mci->mci_out, SM_TIME_DEFAULT);
(void) close(s);
errno = save_errno;
+ OCC_CLOSE;
return EX_TEMPFAIL;
}
sm_io_automode(mci->mci_out, mci->mci_in);
/* set {client_flags} */
if (ClientSettings[addr.sa.sa_family].d_mflags != NULL)
{
macdefine(&mci->mci_macro, A_PERM,
macid("{client_flags}"),
ClientSettings[addr.sa.sa_family].d_mflags);
}
else
macdefine(&mci->mci_macro, A_PERM,
macid("{client_flags}"), "");
/* "add" {client_flags} to bitmap */
if (bitnset(D_IFNHELO, ClientSettings[addr.sa.sa_family].d_flags))
{
/* look for just this one flag */
setbitn(D_IFNHELO, d_flags);
}
/* find out name for Interface through which we connect */
len = sizeof(addr);
if (getsockname(s, &addr.sa, &len) == 0)
{
char *name;
- char family[5];
- macdefine(&BlankEnvelope.e_macro, A_TEMP,
- macid("{if_addr_out}"), anynet_ntoa(&addr));
- (void) sm_snprintf(family, sizeof(family), "%d",
- addr.sa.sa_family);
- macdefine(&BlankEnvelope.e_macro, A_TEMP,
- macid("{if_family_out}"), family);
+ if (!isloopback(addr))
+ {
+ char familystr[5];
+
+ macdefine(&BlankEnvelope.e_macro, A_TEMP,
+ macid("{if_addr_out}"), anynet_ntoa(&addr));
+ (void) sm_snprintf(familystr, sizeof(familystr), "%d",
+ addr.sa.sa_family);
+ macdefine(&BlankEnvelope.e_macro, A_TEMP,
+ macid("{if_family_out}"), familystr);
+ }
+ else
+ {
+ macdefine(&BlankEnvelope.e_macro, A_PERM,
+ macid("{if_addr_out}"), NULL);
+ macdefine(&BlankEnvelope.e_macro, A_PERM,
+ macid("{if_family_out}"), NULL);
+ }
name = hostnamebyanyaddr(&addr);
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{if_name_out}"), name);
if (LogLevel > 11)
{
/* log connection information */
sm_syslog(LOG_INFO, e->e_id,
"SMTP outgoing connect on %.40s", name);
}
if (bitnset(D_IFNHELO, d_flags))
{
if (name[0] != '[' && strchr(name, '.') != NULL)
mci->mci_heloname = newstr(name);
}
}
else
{
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{if_name_out}"), NULL);
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{if_addr_out}"), NULL);
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{if_family_out}"), NULL);
}
/* Use the configured HeloName as appropriate */
if (HeloName != NULL && HeloName[0] != '\0')
{
- SM_FREE_CLR(mci->mci_heloname);
+ SM_FREE(mci->mci_heloname);
mci->mci_heloname = newstr(HeloName);
}
mci_setstat(mci, EX_OK, NULL, NULL);
return EX_OK;
}
static void
connecttimeout(ignore)
int ignore;
{
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
errno = ETIMEDOUT;
longjmp(CtxConnectTimeout, 1);
}
/*
** MAKECONNECTION_DS -- make a connection to a domain socket.
**
** Parameters:
** mux_path -- the path of the socket to connect to.
** mci -- a pointer to the mail connection information
** structure to be filled in.
**
** Returns:
** An exit code telling whether the connection could be
** made and if not why not.
**
** Side Effects:
** none.
*/
#if NETUNIX
int
makeconnection_ds(mux_path, mci)
char *mux_path;
register MCI *mci;
{
int sock;
int rval, save_errno;
long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_ROOTOK|SFF_EXECOK;
struct sockaddr_un unix_addr;
/* if not safe, don't connect */
rval = safefile(mux_path, RunAsUid, RunAsGid, RunAsUserName,
sff, S_IRUSR|S_IWUSR, NULL);
if (rval != 0)
{
syserr("makeconnection_ds: unsafe domain socket %s",
mux_path);
mci_setstat(mci, EX_TEMPFAIL, "4.3.5", NULL);
errno = rval;
return EX_TEMPFAIL;
}
/* prepare address structure */
memset(&unix_addr, '\0', sizeof(unix_addr));
unix_addr.sun_family = AF_UNIX;
if (strlen(mux_path) >= sizeof(unix_addr.sun_path))
{
syserr("makeconnection_ds: domain socket name %s too long",
mux_path);
/* XXX why TEMPFAIL but 5.x.y ? */
mci_setstat(mci, EX_TEMPFAIL, "5.3.5", NULL);
errno = ENAMETOOLONG;
return EX_UNAVAILABLE;
}
(void) sm_strlcpy(unix_addr.sun_path, mux_path,
sizeof(unix_addr.sun_path));
/* initialize domain socket */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock == -1)
{
save_errno = errno;
syserr("makeconnection_ds: could not create domain socket %s",
mux_path);
mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
errno = save_errno;
return EX_TEMPFAIL;
}
/* connect to server */
if (connect(sock, (struct sockaddr *) &unix_addr,
sizeof(unix_addr)) == -1)
{
save_errno = errno;
syserr("Could not connect to socket %s", mux_path);
mci_setstat(mci, EX_TEMPFAIL, "4.4.1", NULL);
(void) close(sock);
errno = save_errno;
return EX_TEMPFAIL;
}
/* connection ok, put it into canonical form */
mci->mci_out = NULL;
if ((mci->mci_out = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &sock, SM_IO_WRONLY_B, NULL))
== NULL
|| (sock = dup(sock)) < 0 ||
(mci->mci_in = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &sock, SM_IO_RDONLY_B, NULL))
== NULL)
{
save_errno = errno;
syserr("cannot open SMTP client channel, fd=%d", sock);
mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
if (mci->mci_out != NULL)
(void) sm_io_close(mci->mci_out, SM_TIME_DEFAULT);
(void) close(sock);
errno = save_errno;
return EX_TEMPFAIL;
}
sm_io_automode(mci->mci_out, mci->mci_in);
mci_setstat(mci, EX_OK, NULL, NULL);
errno = 0;
return EX_OK;
}
#endif /* NETUNIX */
/*
** SHUTDOWN_DAEMON -- Performs a clean shutdown of the daemon
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** closes control socket, exits.
*/
void
shutdown_daemon()
{
int i;
char *reason;
sm_allsignals(true);
reason = ShutdownRequest;
ShutdownRequest = NULL;
PendingSignal = 0;
if (LogLevel > 9)
sm_syslog(LOG_INFO, CurEnv->e_id, "stopping daemon, reason=%s",
reason == NULL ? "implicit call" : reason);
FileName = NULL;
closecontrolsocket(true);
#if XLA
xla_all_end();
-#endif /* XLA */
+#endif
for (i = 0; i < NDaemons; i++)
{
if (Daemons[i].d_socket >= 0)
{
(void) close(Daemons[i].d_socket);
Daemons[i].d_socket = -1;
#if NETUNIX
/* Remove named sockets */
if (Daemons[i].d_addr.sa.sa_family == AF_UNIX)
{
int rval;
long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_MUSTOWN|SFF_EXECOK|SFF_CREAT;
/* if not safe, don't use it */
rval = safefile(Daemons[i].d_addr.sunix.sun_path,
RunAsUid, RunAsGid,
RunAsUserName, sff,
S_IRUSR|S_IWUSR, NULL);
if (rval == 0 &&
unlink(Daemons[i].d_addr.sunix.sun_path) < 0)
{
sm_syslog(LOG_WARNING, NOQID,
"Could not remove daemon %s socket: %s: %s",
Daemons[i].d_name,
Daemons[i].d_addr.sunix.sun_path,
sm_errstring(errno));
}
}
#endif /* NETUNIX */
}
}
finis(false, true, EX_OK);
}
/*
** RESTART_DAEMON -- Performs a clean restart of the daemon
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** restarts the daemon or exits if restart fails.
*/
/* Make a non-DFL/IGN signal a noop */
#define SM_NOOP_SIGNAL(sig, old) \
do \
{ \
(old) = sm_signal((sig), sm_signal_noop); \
if ((old) == SIG_IGN || (old) == SIG_DFL) \
(void) sm_signal((sig), (old)); \
} while (0)
void
restart_daemon()
{
bool drop;
int save_errno;
char *reason;
sigfunc_t ignore, oalrm, ousr1;
extern int DtableSize;
/* clear the events to turn off SIGALRMs */
sm_clear_events();
sm_allsignals(true);
reason = RestartRequest;
RestartRequest = NULL;
PendingSignal = 0;
if (SaveArgv[0][0] != '/')
{
if (LogLevel > 3)
sm_syslog(LOG_INFO, NOQID,
"could not restart: need full path");
finis(false, true, EX_OSFILE);
/* NOTREACHED */
}
if (LogLevel > 3)
sm_syslog(LOG_INFO, NOQID, "restarting %s due to %s",
SaveArgv[0],
reason == NULL ? "implicit call" : reason);
closecontrolsocket(true);
#if SM_CONF_SHM
cleanup_shm(DaemonPid == getpid());
-#endif /* SM_CONF_SHM */
+#endif
/* close locked pid file */
close_sendmail_pid();
/*
** Want to drop to the user who started the process in all cases
** *but* when running as "smmsp" for the clientmqueue queue run
** daemon. In that case, UseMSP will be true, RunAsUid should not
** be root, and RealUid should be either 0 or RunAsUid.
*/
drop = !(UseMSP && RunAsUid != 0 &&
(RealUid == 0 || RealUid == RunAsUid));
if (drop_privileges(drop) != EX_OK)
{
if (LogLevel > 0)
sm_syslog(LOG_ALERT, NOQID,
"could not drop privileges: %s",
sm_errstring(errno));
finis(false, true, EX_OSERR);
/* NOTREACHED */
}
sm_close_on_exec(STDERR_FILENO + 1, DtableSize);
/*
** Need to allow signals before execve() to make them "harmless".
** However, the default action can be "terminate", so it isn't
** really harmless. Setting signals to IGN will cause them to be
** ignored in the new process to, so that isn't a good alternative.
*/
SM_NOOP_SIGNAL(SIGALRM, oalrm);
SM_NOOP_SIGNAL(SIGCHLD, ignore);
SM_NOOP_SIGNAL(SIGHUP, ignore);
SM_NOOP_SIGNAL(SIGINT, ignore);
SM_NOOP_SIGNAL(SIGPIPE, ignore);
SM_NOOP_SIGNAL(SIGTERM, ignore);
#ifdef SIGUSR1
SM_NOOP_SIGNAL(SIGUSR1, ousr1);
-#endif /* SIGUSR1 */
+#endif
/* Turn back on signals */
sm_allsignals(false);
(void) execve(SaveArgv[0], (ARGV_T) SaveArgv, (ARGV_T) ExternalEnviron);
save_errno = errno;
/* block signals again and restore needed signals */
sm_allsignals(true);
/* For finis() events */
(void) sm_signal(SIGALRM, oalrm);
#ifdef SIGUSR1
/* For debugging finis() */
(void) sm_signal(SIGUSR1, ousr1);
-#endif /* SIGUSR1 */
+#endif
errno = save_errno;
if (LogLevel > 0)
sm_syslog(LOG_ALERT, NOQID, "could not exec %s: %s",
SaveArgv[0], sm_errstring(errno));
finis(false, true, EX_OSFILE);
/* NOTREACHED */
}
/*
** MYHOSTNAME -- return the name of this host.
**
** Parameters:
** hostbuf -- a place to return the name of this host.
** size -- the size of hostbuf.
**
** Returns:
** A list of aliases for this host.
**
** Side Effects:
** Adds numeric codes to $=w.
*/
struct hostent *
myhostname(hostbuf, size)
char hostbuf[];
int size;
{
register struct hostent *hp;
if (gethostname(hostbuf, size) < 0 || hostbuf[0] == '\0')
(void) sm_strlcpy(hostbuf, "localhost", size);
hp = sm_gethostbyname(hostbuf, InetMode);
#if NETINET && NETINET6
if (hp == NULL && InetMode == AF_INET6)
{
/*
** It's possible that this IPv6 enabled machine doesn't
** actually have any IPv6 interfaces and, therefore, no
** IPv6 addresses. Fall back to AF_INET.
*/
hp = sm_gethostbyname(hostbuf, AF_INET);
}
#endif /* NETINET && NETINET6 */
if (hp == NULL)
return NULL;
if (strchr(hp->h_name, '.') != NULL || strchr(hostbuf, '.') == NULL)
(void) cleanstrcpy(hostbuf, hp->h_name, size);
#if NETINFO
if (strchr(hostbuf, '.') == NULL)
{
char *domainname;
domainname = ni_propval("/locations", NULL, "resolver",
"domain", '\0');
if (domainname != NULL &&
strlen(domainname) + strlen(hostbuf) + 1 < size)
(void) sm_strlcat2(hostbuf, ".", domainname, size);
}
#endif /* NETINFO */
/*
** If there is still no dot in the name, try looking for a
** dotted alias.
*/
if (strchr(hostbuf, '.') == NULL)
{
char **ha;
for (ha = hp->h_aliases; ha != NULL && *ha != NULL; ha++)
{
if (strchr(*ha, '.') != NULL)
{
(void) cleanstrcpy(hostbuf, *ha, size - 1);
hostbuf[size - 1] = '\0';
break;
}
}
}
/*
** If _still_ no dot, wait for a while and try again -- it is
** possible that some service is starting up. This can result
** in excessive delays if the system is badly configured, but
** there really isn't a way around that, particularly given that
** the config file hasn't been read at this point.
** All in all, a bit of a mess.
*/
if (strchr(hostbuf, '.') == NULL &&
- !getcanonname(hostbuf, size, true, NULL))
+ getcanonname(hostbuf, size, true, NULL) == HOST_NOTFOUND)
{
sm_syslog(LocalDaemon ? LOG_WARNING : LOG_CRIT, NOQID,
"My unqualified host name (%s) unknown; sleeping for retry",
hostbuf);
message("My unqualified host name (%s) unknown; sleeping for retry",
hostbuf);
(void) sleep(60);
- if (!getcanonname(hostbuf, size, true, NULL))
+ if (getcanonname(hostbuf, size, true, NULL) == HOST_NOTFOUND)
{
sm_syslog(LocalDaemon ? LOG_WARNING : LOG_ALERT, NOQID,
"unable to qualify my own domain name (%s) -- using short name",
hostbuf);
message("WARNING: unable to qualify my own domain name (%s) -- using short name",
hostbuf);
}
}
return hp;
}
/*
** ADDRCMP -- compare two host addresses
**
** Parameters:
** hp -- hostent structure for the first address
** ha -- actual first address
** sa -- second address
**
** Returns:
** 0 -- if ha and sa match
** else -- they don't match
*/
static int
addrcmp(hp, ha, sa)
struct hostent *hp;
char *ha;
SOCKADDR *sa;
{
#if NETINET6
unsigned char *a;
-#endif /* NETINET6 */
+#endif
switch (sa->sa.sa_family)
{
#if NETINET
case AF_INET:
if (hp->h_addrtype == AF_INET)
return memcmp(ha, (char *) &sa->sin.sin_addr, INADDRSZ);
break;
-#endif /* NETINET */
+#endif
#if NETINET6
case AF_INET6:
a = (unsigned char *) &sa->sin6.sin6_addr;
/* Straight binary comparison */
if (hp->h_addrtype == AF_INET6)
return memcmp(ha, a, IN6ADDRSZ);
/* If IPv4-mapped IPv6 address, compare the IPv4 section */
if (hp->h_addrtype == AF_INET &&
IN6_IS_ADDR_V4MAPPED(&sa->sin6.sin6_addr))
return memcmp(a + IN6ADDRSZ - INADDRSZ, ha, INADDRSZ);
break;
#endif /* NETINET6 */
}
return -1;
}
/*
** GETAUTHINFO -- get the real host name associated with a file descriptor
**
** Uses RFC1413 protocol to try to get info from the other end.
**
** Parameters:
** fd -- the descriptor
** may_be_forged -- an outage that is set to true if the
** forward lookup of RealHostName does not match
** RealHostAddr; set to false if they do match.
**
** Returns:
** The user@host information associated with this descriptor.
*/
static jmp_buf CtxAuthTimeout;
static void
authtimeout(ignore)
int ignore;
{
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
errno = ETIMEDOUT;
longjmp(CtxAuthTimeout, 1);
}
char *
getauthinfo(fd, may_be_forged)
int fd;
bool *may_be_forged;
{
unsigned short SM_NONVOLATILE port = 0;
SOCKADDR_LEN_T falen;
register char *volatile p = NULL;
SOCKADDR la;
SOCKADDR_LEN_T lalen;
#ifndef NO_GETSERVBYNAME
register struct servent *sp;
# if NETINET
static unsigned short port4 = 0;
-# endif /* NETINET */
+# endif
# if NETINET6
static unsigned short port6 = 0;
-# endif /* NETINET6 */
+# endif
#endif /* ! NO_GETSERVBYNAME */
volatile int s;
int i = 0;
size_t len;
SM_EVENT *ev;
int nleft;
struct hostent *hp;
char *ostype = NULL;
char **ha;
char ibuf[MAXNAME + 1];
static char hbuf[MAXNAME + MAXAUTHINFO + 11];
*may_be_forged = true;
falen = sizeof(RealHostAddr);
if (isatty(fd) || (i = getpeername(fd, &RealHostAddr.sa, &falen)) < 0 ||
falen <= 0 || RealHostAddr.sa.sa_family == 0)
{
if (i < 0)
{
/*
** ENOTSOCK is OK: bail on anything else, but reset
** errno in this case, so a mis-report doesn't
** happen later.
*/
if (errno != ENOTSOCK)
return NULL;
errno = 0;
}
*may_be_forged = false;
(void) sm_strlcpyn(hbuf, sizeof(hbuf), 2, RealUserName,
"@localhost");
if (tTd(9, 1))
sm_dprintf("getauthinfo: %s\n", hbuf);
return hbuf;
}
if (RealHostName == NULL)
{
/* translate that to a host name */
RealHostName = newstr(hostnamebyanyaddr(&RealHostAddr));
if (strlen(RealHostName) > MAXNAME)
RealHostName[MAXNAME] = '\0'; /* XXX - 1 ? */
}
/* cross check RealHostName with forward DNS lookup */
if (anynet_ntoa(&RealHostAddr)[0] == '[' ||
RealHostName[0] == '[')
*may_be_forged = false;
else
{
int family;
family = RealHostAddr.sa.sa_family;
#if NETINET6 && NEEDSGETIPNODE
/*
** If RealHostAddr is an IPv6 connection with an
** IPv4-mapped address, we need RealHostName's IPv4
** address(es) for addrcmp() to compare against
** RealHostAddr.
**
** Actually, we only need to do this for systems
** which NEEDSGETIPNODE since the real getipnodebyname()
** already does V4MAPPED address via the AI_V4MAPPEDCFG
** flag. A better fix to this problem is to add this
** functionality to our stub getipnodebyname().
*/
if (family == AF_INET6 &&
IN6_IS_ADDR_V4MAPPED(&RealHostAddr.sin6.sin6_addr))
family = AF_INET;
#endif /* NETINET6 && NEEDSGETIPNODE */
/* try to match the reverse against the forward lookup */
hp = sm_gethostbyname(RealHostName, family);
if (hp != NULL)
{
for (ha = hp->h_addr_list; *ha != NULL; ha++)
{
if (addrcmp(hp, *ha, &RealHostAddr) == 0)
{
*may_be_forged = false;
break;
}
}
-#if NETINET6
- freehostent(hp);
- hp = NULL;
-#endif /* NETINET6 */
+ FREEHOSTENT(hp, NULL);
}
}
if (TimeOuts.to_ident == 0)
goto noident;
lalen = sizeof(la);
switch (RealHostAddr.sa.sa_family)
{
#if NETINET
case AF_INET:
if (getsockname(fd, &la.sa, &lalen) < 0 ||
lalen <= 0 ||
la.sa.sa_family != AF_INET)
{
/* no ident info */
goto noident;
}
port = RealHostAddr.sin.sin_port;
/* create ident query */
(void) sm_snprintf(ibuf, sizeof(ibuf), "%d,%d\r\n",
ntohs(RealHostAddr.sin.sin_port),
ntohs(la.sin.sin_port));
/* create local address */
la.sin.sin_port = 0;
/* create foreign address */
# ifdef NO_GETSERVBYNAME
RealHostAddr.sin.sin_port = htons(113);
# else /* NO_GETSERVBYNAME */
/*
** getservbyname() consumes about 5% of the time
** when receiving a small message (almost all of the time
** spent in this routine).
** Hence we store the port in a static variable
** to save this time.
** The portnumber shouldn't change very often...
** This code makes the assumption that the port number
** is not 0.
*/
if (port4 == 0)
{
sp = getservbyname("auth", "tcp");
if (sp != NULL)
port4 = sp->s_port;
else
port4 = htons(113);
}
RealHostAddr.sin.sin_port = port4;
break;
# endif /* NO_GETSERVBYNAME */
#endif /* NETINET */
#if NETINET6
case AF_INET6:
if (getsockname(fd, &la.sa, &lalen) < 0 ||
lalen <= 0 ||
la.sa.sa_family != AF_INET6)
{
/* no ident info */
goto noident;
}
port = RealHostAddr.sin6.sin6_port;
/* create ident query */
(void) sm_snprintf(ibuf, sizeof(ibuf), "%d,%d\r\n",
ntohs(RealHostAddr.sin6.sin6_port),
ntohs(la.sin6.sin6_port));
/* create local address */
la.sin6.sin6_port = 0;
/* create foreign address */
# ifdef NO_GETSERVBYNAME
RealHostAddr.sin6.sin6_port = htons(113);
# else /* NO_GETSERVBYNAME */
if (port6 == 0)
{
sp = getservbyname("auth", "tcp");
if (sp != NULL)
port6 = sp->s_port;
else
port6 = htons(113);
}
RealHostAddr.sin6.sin6_port = port6;
break;
# endif /* NO_GETSERVBYNAME */
#endif /* NETINET6 */
default:
/* no ident info */
goto noident;
}
s = -1;
if (setjmp(CtxAuthTimeout) != 0)
{
if (s >= 0)
(void) close(s);
goto noident;
}
/* put a timeout around the whole thing */
ev = sm_setevent(TimeOuts.to_ident, authtimeout, 0);
/* connect to foreign IDENT server using same address as SMTP socket */
s = socket(la.sa.sa_family, SOCK_STREAM, 0);
if (s < 0)
{
sm_clrevent(ev);
goto noident;
}
if (bind(s, &la.sa, lalen) < 0 ||
connect(s, &RealHostAddr.sa, lalen) < 0)
goto closeident;
if (tTd(9, 10))
sm_dprintf("getauthinfo: sent %s", ibuf);
/* send query */
if (write(s, ibuf, strlen(ibuf)) < 0)
goto closeident;
/* get result */
p = &ibuf[0];
nleft = sizeof(ibuf) - 1;
while ((i = read(s, p, nleft)) > 0)
{
char *s;
p += i;
nleft -= i;
*p = '\0';
if ((s = strchr(ibuf, '\n')) != NULL)
{
if (p > s + 1)
{
p = s + 1;
*p = '\0';
}
break;
}
if (nleft <= 0)
break;
}
(void) close(s);
sm_clrevent(ev);
if (i < 0 || p == &ibuf[0])
goto noident;
if (p >= &ibuf[2] && *--p == '\n' && *--p == '\r')
p--;
*++p = '\0';
if (tTd(9, 3))
sm_dprintf("getauthinfo: got %s\n", ibuf);
/* parse result */
p = strchr(ibuf, ':');
if (p == NULL)
{
/* malformed response */
goto noident;
}
while (isascii(*++p) && isspace(*p))
continue;
if (sm_strncasecmp(p, "userid", 6) != 0)
{
/* presumably an error string */
goto noident;
}
p += 6;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p++ != ':')
{
/* either useridxx or malformed response */
goto noident;
}
/* p now points to the OSTYPE field */
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
ostype = p;
p = strchr(p, ':');
if (p == NULL)
{
/* malformed response */
goto noident;
}
else
{
char *charset;
*p = '\0';
charset = strchr(ostype, ',');
if (charset != NULL)
*charset = '\0';
}
/* 1413 says don't do this -- but it's broken otherwise */
while (isascii(*++p) && isspace(*p))
continue;
/* p now points to the authenticated name -- copy carefully */
if (sm_strncasecmp(ostype, "other", 5) == 0 &&
(ostype[5] == ' ' || ostype[5] == '\0'))
{
(void) sm_strlcpy(hbuf, "IDENT:", sizeof(hbuf));
cleanstrcpy(&hbuf[6], p, MAXAUTHINFO);
}
else
cleanstrcpy(hbuf, p, MAXAUTHINFO);
len = strlen(hbuf);
(void) sm_strlcpyn(&hbuf[len], sizeof(hbuf) - len, 2, "@",
RealHostName == NULL ? "localhost" : RealHostName);
goto postident;
closeident:
(void) close(s);
sm_clrevent(ev);
noident:
/* put back the original incoming port */
switch (RealHostAddr.sa.sa_family)
{
#if NETINET
case AF_INET:
if (port > 0)
RealHostAddr.sin.sin_port = port;
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
if (port > 0)
RealHostAddr.sin6.sin6_port = port;
break;
#endif /* NETINET6 */
}
if (RealHostName == NULL)
{
if (tTd(9, 1))
sm_dprintf("getauthinfo: NULL\n");
return NULL;
}
(void) sm_strlcpy(hbuf, RealHostName, sizeof(hbuf));
postident:
#if IP_SRCROUTE
# ifndef GET_IPOPT_DST
# define GET_IPOPT_DST(dst) (dst)
-# endif /* ! GET_IPOPT_DST */
+# endif
/*
** Extract IP source routing information.
**
** Format of output for a connection from site a through b
** through c to d:
** loose: @site-c@site-b:site-a
** strict: !@site-c@site-b:site-a
**
** o - pointer within ipopt_list structure.
** q - pointer within ls/ss rr route data
** p - pointer to hbuf
*/
if (RealHostAddr.sa.sa_family == AF_INET)
{
SOCKOPT_LEN_T ipoptlen;
int j;
unsigned char *q;
unsigned char *o;
int l;
struct IPOPTION ipopt;
ipoptlen = sizeof(ipopt);
if (getsockopt(fd, IPPROTO_IP, IP_OPTIONS,
(char *) &ipopt, &ipoptlen) < 0)
goto noipsr;
if (ipoptlen == 0)
goto noipsr;
o = (unsigned char *) ipopt.IP_LIST;
while (o != NULL && o < (unsigned char *) &ipopt + ipoptlen)
{
switch (*o)
{
case IPOPT_EOL:
o = NULL;
break;
case IPOPT_NOP:
o++;
break;
case IPOPT_SSRR:
case IPOPT_LSRR:
/*
** Source routing.
** o[0] is the option type (loose/strict).
** o[1] is the length of this option,
** including option type and
** length.
** o[2] is the pointer into the route
** data.
** o[3] begins the route data.
*/
p = &hbuf[strlen(hbuf)];
l = sizeof(hbuf) - (hbuf - p) - 6;
(void) sm_snprintf(p, SPACELEFT(hbuf, p),
" [%s@%.*s",
*o == IPOPT_SSRR ? "!" : "",
l > 240 ? 120 : l / 2,
inet_ntoa(GET_IPOPT_DST(ipopt.IP_DST)));
i = strlen(p);
p += i;
l -= strlen(p);
j = o[1] / sizeof(struct in_addr) - 1;
/* q skips length and router pointer to data */
q = &o[3];
for ( ; j >= 0; j--)
{
struct in_addr addr;
memcpy(&addr, q, sizeof(addr));
(void) sm_snprintf(p,
SPACELEFT(hbuf, p),
"%c%.*s",
j != 0 ? '@' : ':',
l > 240 ? 120 :
j == 0 ? l : l / 2,
inet_ntoa(addr));
i = strlen(p);
p += i;
l -= i + 1;
q += sizeof(struct in_addr);
}
o += o[1];
break;
default:
/* Skip over option */
o += o[1];
break;
}
}
(void) sm_snprintf(p, SPACELEFT(hbuf, p), "]");
goto postipsr;
}
noipsr:
#endif /* IP_SRCROUTE */
if (RealHostName != NULL && RealHostName[0] != '[')
{
p = &hbuf[strlen(hbuf)];
(void) sm_snprintf(p, SPACELEFT(hbuf, p), " [%.100s]",
anynet_ntoa(&RealHostAddr));
}
if (*may_be_forged)
{
p = &hbuf[strlen(hbuf)];
(void) sm_strlcpy(p, " (may be forged)", SPACELEFT(hbuf, p));
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{client_resolve}"), "FORGED");
}
#if IP_SRCROUTE
postipsr:
#endif /* IP_SRCROUTE */
/* put back the original incoming port */
switch (RealHostAddr.sa.sa_family)
{
#if NETINET
case AF_INET:
if (port > 0)
RealHostAddr.sin.sin_port = port;
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
if (port > 0)
RealHostAddr.sin6.sin6_port = port;
break;
#endif /* NETINET6 */
}
if (tTd(9, 1))
sm_dprintf("getauthinfo: %s\n", hbuf);
return hbuf;
}
/*
** HOST_MAP_LOOKUP -- turn a hostname into canonical form
**
** Parameters:
** map -- a pointer to this map.
** name -- the (presumably unqualified) hostname.
** av -- unused -- for compatibility with other mapping
** functions.
** statp -- an exit status (out parameter) -- set to
** EX_TEMPFAIL if the name server is unavailable.
**
** Returns:
** The mapping, if found.
** NULL if no mapping found.
**
** Side Effects:
** Looks up the host specified in hbuf. If it is not
** the canonical name for that host, return the canonical
** name (unless MF_MATCHONLY is set, which will cause the
** status only to be returned).
*/
char *
host_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
register struct hostent *hp;
#if NETINET
struct in_addr in_addr;
-#endif /* NETINET */
+#endif
#if NETINET6
struct in6_addr in6_addr;
-#endif /* NETINET6 */
+#endif
char *cp, *ans = NULL;
register STAB *s;
time_t now;
#if NAMED_BIND
time_t SM_NONVOLATILE retrans = 0;
int SM_NONVOLATILE retry = 0;
-#endif /* NAMED_BIND */
+#endif
char hbuf[MAXNAME + 1];
/*
** See if we have already looked up this name. If so, just
** return it (unless expired).
*/
now = curtime();
s = stab(name, ST_NAMECANON, ST_ENTER);
if (bitset(NCF_VALID, s->s_namecanon.nc_flags) &&
s->s_namecanon.nc_exp >= now)
{
if (tTd(9, 1))
sm_dprintf("host_map_lookup(%s) => CACHE %s\n",
name,
s->s_namecanon.nc_cname == NULL
? "NULL"
: s->s_namecanon.nc_cname);
errno = s->s_namecanon.nc_errno;
SM_SET_H_ERRNO(s->s_namecanon.nc_herrno);
*statp = s->s_namecanon.nc_stat;
if (*statp == EX_TEMPFAIL)
{
CurEnv->e_status = "4.4.3";
message("851 %s: Name server timeout",
shortenstring(name, 33));
}
if (*statp != EX_OK)
return NULL;
if (s->s_namecanon.nc_cname == NULL)
{
syserr("host_map_lookup(%s): bogus NULL cache entry, errno=%d, h_errno=%d",
name,
s->s_namecanon.nc_errno,
s->s_namecanon.nc_herrno);
return NULL;
}
+ if (bitset(NCF_SECURE, s->s_namecanon.nc_flags))
+ map->map_mflags |= MF_SECURE;
+ else
+ map->map_mflags &= ~MF_SECURE;
if (bitset(MF_MATCHONLY, map->map_mflags))
cp = map_rewrite(map, name, strlen(name), NULL);
else
cp = map_rewrite(map,
s->s_namecanon.nc_cname,
strlen(s->s_namecanon.nc_cname),
av);
return cp;
}
/*
** If we are running without a regular network connection (usually
** dial-on-demand) and we are just queueing, we want to avoid DNS
** lookups because those could try to connect to a server.
*/
if (CurEnv->e_sendmode == SM_DEFER &&
bitset(MF_DEFER, map->map_mflags))
{
if (tTd(9, 1))
sm_dprintf("host_map_lookup(%s) => DEFERRED\n", name);
*statp = EX_TEMPFAIL;
return NULL;
}
/*
** If first character is a bracket, then it is an address
** lookup. Address is copied into a temporary buffer to
** strip the brackets and to preserve name if address is
** unknown.
*/
if (tTd(9, 1))
sm_dprintf("host_map_lookup(%s) => ", name);
#if NAMED_BIND
if (map->map_timeout > 0)
{
retrans = _res.retrans;
_res.retrans = map->map_timeout;
}
if (map->map_retry > 0)
{
retry = _res.retry;
_res.retry = map->map_retry;
}
#endif /* NAMED_BIND */
/* set default TTL */
s->s_namecanon.nc_exp = now + SM_DEFAULT_TTL;
if (*name != '[')
{
- int ttl;
+ int ttl, r;
(void) sm_strlcpy(hbuf, name, sizeof(hbuf));
- if (getcanonname(hbuf, sizeof(hbuf) - 1, !HasWildcardMX, &ttl))
+
+ r = getcanonname(hbuf, sizeof(hbuf) - 1, !HasWildcardMX, &ttl);
+ if (r != HOST_NOTFOUND)
{
ans = hbuf;
if (ttl > 0)
s->s_namecanon.nc_exp = now + SM_MIN(ttl,
SM_DEFAULT_TTL);
+
+ if (HOST_SECURE == r)
+ {
+ s->s_namecanon.nc_flags |= NCF_SECURE;
+ map->map_mflags |= MF_SECURE;
+ }
+ else
+ {
+ s->s_namecanon.nc_flags &= ~NCF_SECURE;
+ map->map_mflags &= ~MF_SECURE;
+ }
}
}
else
{
if ((cp = strchr(name, ']')) == NULL)
{
if (tTd(9, 1))
sm_dprintf("FAILED\n");
return NULL;
}
*cp = '\0';
hp = NULL;
+
+ /* should this be considered secure? */
+ map->map_mflags &= ~MF_SECURE;
#if NETINET
if ((in_addr.s_addr = inet_addr(&name[1])) != INADDR_NONE)
hp = sm_gethostbyaddr((char *)&in_addr,
INADDRSZ, AF_INET);
#endif /* NETINET */
#if NETINET6
if (hp == NULL &&
anynet_pton(AF_INET6, &name[1], &in6_addr) == 1)
hp = sm_gethostbyaddr((char *)&in6_addr,
IN6ADDRSZ, AF_INET6);
#endif /* NETINET6 */
*cp = ']';
if (hp != NULL)
{
/* found a match -- copy out */
ans = denlstring((char *) hp->h_name, true, true);
#if NETINET6
if (ans == hp->h_name)
{
static char n[MAXNAME + 1];
/* hp->h_name is about to disappear */
(void) sm_strlcpy(n, ans, sizeof(n));
ans = n;
}
- freehostent(hp);
- hp = NULL;
+ FREEHOSTENT(hp, NULL);
#endif /* NETINET6 */
}
}
#if NAMED_BIND
if (map->map_timeout > 0)
_res.retrans = retrans;
if (map->map_retry > 0)
_res.retry = retry;
#endif /* NAMED_BIND */
s->s_namecanon.nc_flags |= NCF_VALID; /* will be soon */
/* Found an answer */
if (ans != NULL)
{
s->s_namecanon.nc_stat = *statp = EX_OK;
if (s->s_namecanon.nc_cname != NULL)
sm_free(s->s_namecanon.nc_cname);
s->s_namecanon.nc_cname = sm_strdup_x(ans);
if (bitset(MF_MATCHONLY, map->map_mflags))
cp = map_rewrite(map, name, strlen(name), NULL);
else
cp = map_rewrite(map, ans, strlen(ans), av);
if (tTd(9, 1))
sm_dprintf("FOUND %s\n", ans);
return cp;
}
/* No match found */
s->s_namecanon.nc_errno = errno;
#if NAMED_BIND
s->s_namecanon.nc_herrno = h_errno;
if (tTd(9, 1))
sm_dprintf("FAIL (%d)\n", h_errno);
switch (h_errno)
{
case TRY_AGAIN:
if (UseNameServer)
{
CurEnv->e_status = "4.4.3";
message("851 %s: Name server timeout",
shortenstring(name, 33));
}
*statp = EX_TEMPFAIL;
break;
case HOST_NOT_FOUND:
case NO_DATA:
*statp = EX_NOHOST;
break;
case NO_RECOVERY:
*statp = EX_SOFTWARE;
break;
default:
*statp = EX_UNAVAILABLE;
break;
}
#else /* NAMED_BIND */
if (tTd(9, 1))
sm_dprintf("FAIL\n");
*statp = EX_NOHOST;
#endif /* NAMED_BIND */
s->s_namecanon.nc_stat = *statp;
return NULL;
}
/*
** HOST_MAP_INIT -- initialize host class structures
**
** Parameters:
** map -- a pointer to this map.
** args -- argument string.
**
** Returns:
** true.
*/
bool
host_map_init(map, args)
MAP *map;
char *args;
{
register char *p = args;
for (;;)
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '-')
break;
switch (*++p)
{
case 'a':
map->map_app = ++p;
break;
case 'T':
map->map_tapp = ++p;
break;
case 'm':
map->map_mflags |= MF_MATCHONLY;
break;
case 't':
map->map_mflags |= MF_NODEFER;
break;
case 'S': /* only for consistency */
map->map_spacesub = *++p;
break;
case 'D':
map->map_mflags |= MF_DEFER;
break;
case 'd':
{
char *h;
while (isascii(*++p) && isspace(*p))
continue;
h = strchr(p, ' ');
if (h != NULL)
*h = '\0';
map->map_timeout = convtime(p, 's');
if (h != NULL)
*h = ' ';
}
break;
case 'r':
while (isascii(*++p) && isspace(*p))
continue;
map->map_retry = atoi(p);
break;
}
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
}
if (map->map_app != NULL)
map->map_app = newstr(map->map_app);
if (map->map_tapp != NULL)
map->map_tapp = newstr(map->map_tapp);
return true;
}
#if NETINET6
/*
** ANYNET_NTOP -- convert an IPv6 network address to printable form.
**
** Parameters:
** s6a -- a pointer to an in6_addr structure.
** dst -- buffer to store result in
** dst_len -- size of dst buffer
**
** Returns:
** A printable version of that structure.
*/
char *
anynet_ntop(s6a, dst, dst_len)
struct in6_addr *s6a;
char *dst;
size_t dst_len;
{
register char *ap;
if (IN6_IS_ADDR_V4MAPPED(s6a))
ap = (char *) inet_ntop(AF_INET,
&s6a->s6_addr[IN6ADDRSZ - INADDRSZ],
dst, dst_len);
else
{
char *d;
size_t sz;
/* Save pointer to beginning of string */
d = dst;
/* Add IPv6: protocol tag */
sz = sm_strlcpy(dst, "IPv6:", dst_len);
if (sz >= dst_len)
return NULL;
dst += sz;
dst_len -= sz;
if (UseCompressedIPv6Addresses)
ap = (char *) inet_ntop(AF_INET6, s6a, dst, dst_len);
else
ap = sm_inet6_ntop(s6a, dst, dst_len);
/* Restore pointer to beginning of string */
if (ap != NULL)
ap = d;
}
return ap;
}
/*
** ANYNET_PTON -- convert printed form to network address.
**
** Wrapper for inet_pton() which handles IPv6: labels.
**
** Parameters:
** family -- address family
** src -- string
** dst -- destination address structure
**
** Returns:
** 1 if the address was valid
-** 0 if the address wasn't parseable
+** 0 if the address wasn't parsable
** -1 if error
*/
int
anynet_pton(family, src, dst)
int family;
const char *src;
void *dst;
{
if (family == AF_INET6 && sm_strncasecmp(src, "IPv6:", 5) == 0)
src += 5;
return inet_pton(family, src, dst);
}
#endif /* NETINET6 */
/*
** ANYNET_NTOA -- convert a network address to printable form.
**
** Parameters:
** sap -- a pointer to a sockaddr structure.
**
** Returns:
** A printable version of that sockaddr.
*/
#ifdef USE_SOCK_STREAM
# if NETLINK
# include <net/if_dl.h>
-# endif /* NETLINK */
+# endif
char *
anynet_ntoa(sap)
register SOCKADDR *sap;
{
register char *bp;
register char *ap;
int l;
static char buf[100];
/* check for null/zero family */
if (sap == NULL)
return "NULLADDR";
if (sap->sa.sa_family == 0)
return "0";
switch (sap->sa.sa_family)
{
# if NETUNIX
case AF_UNIX:
if (sap->sunix.sun_path[0] != '\0')
(void) sm_snprintf(buf, sizeof(buf), "[UNIX: %.64s]",
sap->sunix.sun_path);
else
(void) sm_strlcpy(buf, "[UNIX: localhost]", sizeof(buf));
return buf;
# endif /* NETUNIX */
# if NETINET
case AF_INET:
return (char *) inet_ntoa(sap->sin.sin_addr);
-# endif /* NETINET */
+# endif
# if NETINET6
case AF_INET6:
ap = anynet_ntop(&sap->sin6.sin6_addr, buf, sizeof(buf));
if (ap != NULL)
return ap;
break;
# endif /* NETINET6 */
# if NETLINK
case AF_LINK:
(void) sm_snprintf(buf, sizeof(buf), "[LINK: %s]",
link_ntoa((struct sockaddr_dl *) &sap->sa));
return buf;
# endif /* NETLINK */
default:
/* this case is needed when nothing is #defined */
/* in order to keep the switch syntactically correct */
break;
}
/* unknown family -- just dump bytes */
(void) sm_snprintf(buf, sizeof(buf), "Family %d: ", sap->sa.sa_family);
bp = &buf[strlen(buf)];
ap = sap->sa.sa_data;
for (l = sizeof(sap->sa.sa_data); --l >= 0; )
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp), "%02x:",
*ap++ & 0377);
bp += 3;
}
*--bp = '\0';
return buf;
}
/*
** HOSTNAMEBYANYADDR -- return name of host based on address
**
** Parameters:
** sap -- SOCKADDR pointer
**
** Returns:
** text representation of host name.
**
** Side Effects:
** none.
*/
char *
hostnamebyanyaddr(sap)
register SOCKADDR *sap;
{
register struct hostent *hp;
# if NAMED_BIND
int saveretry;
-# endif /* NAMED_BIND */
+# endif
# if NETINET6
struct in6_addr in6_addr;
# endif /* NETINET6 */
# if NAMED_BIND
/* shorten name server timeout to avoid higher level timeouts */
saveretry = _res.retry;
if (_res.retry * _res.retrans > 20)
_res.retry = 20 / _res.retrans;
if (_res.retry == 0)
_res.retry = 1;
# endif /* NAMED_BIND */
switch (sap->sa.sa_family)
{
# if NETINET
case AF_INET:
hp = sm_gethostbyaddr((char *) &sap->sin.sin_addr,
INADDRSZ, AF_INET);
break;
# endif /* NETINET */
# if NETINET6
case AF_INET6:
hp = sm_gethostbyaddr((char *) &sap->sin6.sin6_addr,
IN6ADDRSZ, AF_INET6);
break;
# endif /* NETINET6 */
# if NETISO
case AF_ISO:
hp = sm_gethostbyaddr((char *) &sap->siso.siso_addr,
sizeof(sap->siso.siso_addr), AF_ISO);
break;
# endif /* NETISO */
# if NETUNIX
case AF_UNIX:
hp = NULL;
break;
# endif /* NETUNIX */
default:
hp = sm_gethostbyaddr(sap->sa.sa_data, sizeof(sap->sa.sa_data),
sap->sa.sa_family);
break;
}
# if NAMED_BIND
_res.retry = saveretry;
-# endif /* NAMED_BIND */
+# endif
# if NETINET || NETINET6
if (hp != NULL && hp->h_name[0] != '['
# if NETINET6
&& inet_pton(AF_INET6, hp->h_name, &in6_addr) != 1
# endif /* NETINET6 */
# if NETINET
&& inet_addr(hp->h_name) == INADDR_NONE
-# endif /* NETINET */
+# endif
)
{
char *name;
name = denlstring((char *) hp->h_name, true, true);
# if NETINET6
if (name == hp->h_name)
{
static char n[MAXNAME + 1];
/* Copy the string, hp->h_name is about to disappear */
(void) sm_strlcpy(n, name, sizeof(n));
name = n;
}
- freehostent(hp);
+ FREEHOSTENT(hp, NULL);
# endif /* NETINET6 */
return name;
}
# endif /* NETINET || NETINET6 */
-# if NETINET6
- if (hp != NULL)
- {
- freehostent(hp);
- hp = NULL;
- }
-# endif /* NETINET6 */
+ FREEHOSTENT(hp, NULL);
# if NETUNIX
if (sap->sa.sa_family == AF_UNIX && sap->sunix.sun_path[0] == '\0')
return "localhost";
-# endif /* NETUNIX */
+# endif
{
static char buf[203];
(void) sm_snprintf(buf, sizeof(buf), "[%.200s]",
anynet_ntoa(sap));
return buf;
}
}
#endif /* USE_SOCK_STREAM */
diff --git a/src/daemon.h b/src/daemon.h
index 649b4d5279a7..fa4e681a10b8 100644
--- a/src/daemon.h
+++ b/src/daemon.h
@@ -1,62 +1,62 @@
/*
* Copyright (c) 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: daemon.h,v 8.4 2013-11-22 20:51:55 ca Exp $
*/
#ifndef DAEMON_H
#define DAEMON_H 1
#if DAEMON_C
# define EXTERN
#else
# define EXTERN extern
#endif
/* structure to describe a daemon or a client */
struct daemon
{
int d_socket; /* fd for socket */
SOCKADDR d_addr; /* socket for incoming */
unsigned short d_port; /* port number */
int d_listenqueue; /* size of listen queue */
int d_tcprcvbufsize; /* size of TCP receive buffer */
int d_tcpsndbufsize; /* size of TCP send buffer */
time_t d_refuse_connections_until;
bool d_firsttime;
int d_socksize;
BITMAP256 d_flags; /* flags; see sendmail.h */
char *d_mflags; /* flags for use in macro */
char *d_name; /* user-supplied name */
int d_dm; /* DeliveryMode */
int d_refuseLA;
int d_queueLA;
int d_delayLA;
int d_maxchildren;
#if MILTER
char *d_inputfilterlist;
struct milter *d_inputfilters[MAXFILTERS];
-#endif /* MILTER */
+#endif
#if _FFR_SS_PER_DAEMON
int d_supersafe;
-#endif /* _FFR_SS_PER_DAEMON */
+#endif
};
typedef struct daemon DAEMON_T;
EXTERN DAEMON_T Daemons[MAXDAEMONS];
#define DPO_NOTSET (-1) /* daemon option (int) not set */
/* see also sendmail.h: SuperSafe values */
extern bool refuseconnections __P((ENVELOPE *, int, bool));
#undef EXTERN
#endif /* ! DAEMON_H */
diff --git a/src/deliver.c b/src/deliver.c
index 62d02b168b7f..ff4b21487700 100644
--- a/src/deliver.c
+++ b/src/deliver.c
@@ -1,6347 +1,6655 @@
/*
* Copyright (c) 1998-2010, 2012 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#include <sm/time.h>
SM_RCSID("@(#)$Id: deliver.c,v 8.1030 2013-11-22 20:51:55 ca Exp $")
#if HASSETUSERCONTEXT
# include <login_cap.h>
-#endif /* HASSETUSERCONTEXT */
+#endif
#if NETINET || NETINET6
# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
+#endif
#if STARTTLS || SASL
# include "sfsasl.h"
-#endif /* STARTTLS || SASL */
+# include "tls.h"
+#endif
static int deliver __P((ENVELOPE *, ADDRESS *));
static void dup_queue_file __P((ENVELOPE *, ENVELOPE *, int));
static void mailfiletimeout __P((int));
static void endwaittimeout __P((int));
static int parse_hostsignature __P((char *, char **, MAILER *));
static void sendenvelope __P((ENVELOPE *, int));
static int coloncmp __P((const char *, const char *));
#if STARTTLS
# include <openssl/err.h>
+# if DANE
+static int starttls __P((MAILER *, MCI *, ENVELOPE *, dane_vrfy_ctx_P));
+# else
static int starttls __P((MAILER *, MCI *, ENVELOPE *));
+# endif
static int endtlsclt __P((MCI *));
#endif /* STARTTLS */
-# if STARTTLS || SASL
+#if STARTTLS || SASL
static bool iscltflgset __P((ENVELOPE *, int));
-# endif /* STARTTLS || SASL */
+#endif
+
+#if _FFR_OCC
+# include <ratectrl.h>
+#endif
/*
** SENDALL -- actually send all the messages.
**
** Parameters:
** e -- the envelope to send.
** mode -- the delivery mode to use. If SM_DEFAULT, use
** the current e->e_sendmode.
**
** Returns:
** none.
**
** Side Effects:
** Scans the send lists and sends everything it finds.
** Delivers any appropriate error messages.
** If we are running in a non-interactive mode, takes the
** appropriate action.
*/
void
sendall(e, mode)
ENVELOPE *e;
int mode;
{
register ADDRESS *q;
char *owner;
int otherowners;
int save_errno;
register ENVELOPE *ee;
ENVELOPE *splitenv = NULL;
int oldverbose = Verbose;
bool somedeliveries = false, expensive = false;
pid_t pid;
/*
** If this message is to be discarded, don't bother sending
** the message at all.
*/
if (bitset(EF_DISCARD, e->e_flags))
{
if (tTd(13, 1))
sm_dprintf("sendall: discarding id %s\n", e->e_id);
e->e_flags |= EF_CLRQUEUE;
if (LogLevel > 9)
logundelrcpts(e, "discarded", 9, true);
else if (LogLevel > 4)
sm_syslog(LOG_INFO, e->e_id, "discarded");
markstats(e, NULL, STATS_REJECT);
return;
}
/*
** If we have had global, fatal errors, don't bother sending
** the message at all if we are in SMTP mode. Local errors
** (e.g., a single address failing) will still cause the other
** addresses to be sent.
*/
if (bitset(EF_FATALERRS, e->e_flags) &&
(OpMode == MD_SMTP || OpMode == MD_DAEMON))
{
e->e_flags |= EF_CLRQUEUE;
return;
}
/* determine actual delivery mode */
if (mode == SM_DEFAULT)
{
mode = e->e_sendmode;
if (mode != SM_VERIFY && mode != SM_DEFER &&
shouldqueue(e->e_msgpriority, e->e_ctime))
mode = SM_QUEUE;
}
if (tTd(13, 1))
{
sm_dprintf("\n===== SENDALL: mode %c, id %s, e_from ",
mode, e->e_id);
printaddr(sm_debug_file(), &e->e_from, false);
sm_dprintf("\te_flags = ");
printenvflags(e);
sm_dprintf("sendqueue:\n");
printaddr(sm_debug_file(), e->e_sendqueue, true);
}
/*
** Do any preprocessing necessary for the mode we are running.
** Check to make sure the hop count is reasonable.
** Delete sends to the sender in mailing lists.
*/
CurEnv = e;
if (tTd(62, 1))
checkfds(NULL);
if (e->e_hopcount > MaxHopCount)
{
char *recip;
if (e->e_sendqueue != NULL &&
e->e_sendqueue->q_paddr != NULL)
recip = e->e_sendqueue->q_paddr;
else
recip = "(nobody)";
errno = 0;
queueup(e, WILL_BE_QUEUED(mode), false);
e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE;
ExitStat = EX_UNAVAILABLE;
syserr("554 5.4.6 Too many hops %d (%d max): from %s via %s, to %s",
e->e_hopcount, MaxHopCount, e->e_from.q_paddr,
RealHostName == NULL ? "localhost" : RealHostName,
recip);
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_DEAD(q->q_state))
continue;
q->q_state = QS_BADADDR;
q->q_status = "5.4.6";
q->q_rstatus = "554 5.4.6 Too many hops";
}
return;
}
/*
** Do sender deletion.
**
** If the sender should be queued up, skip this.
** This can happen if the name server is hosed when you
** are trying to send mail. The result is that the sender
** is instantiated in the queue as a recipient.
*/
if (!bitset(EF_METOO, e->e_flags) &&
!QS_IS_QUEUEUP(e->e_from.q_state))
{
if (tTd(13, 5))
{
sm_dprintf("sendall: QS_SENDER ");
printaddr(sm_debug_file(), &e->e_from, false);
}
e->e_from.q_state = QS_SENDER;
(void) recipient(&e->e_from, &e->e_sendqueue, 0, e);
}
/*
** Handle alias owners.
**
** We scan up the q_alias chain looking for owners.
** We discard owners that are the same as the return path.
*/
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
register struct address *a;
for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias)
continue;
if (a != NULL)
q->q_owner = a->q_owner;
if (q->q_owner != NULL &&
!QS_IS_DEAD(q->q_state) &&
strcmp(q->q_owner, e->e_from.q_paddr) == 0)
q->q_owner = NULL;
}
if (tTd(13, 25))
{
sm_dprintf("\nAfter first owner pass, sendq =\n");
printaddr(sm_debug_file(), e->e_sendqueue, true);
}
owner = "";
otherowners = 1;
while (owner != NULL && otherowners > 0)
{
if (tTd(13, 28))
sm_dprintf("owner = \"%s\", otherowners = %d\n",
owner, otherowners);
owner = NULL;
otherowners = bitset(EF_SENDRECEIPT, e->e_flags) ? 1 : 0;
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (tTd(13, 30))
{
sm_dprintf("Checking ");
printaddr(sm_debug_file(), q, false);
}
if (QS_IS_DEAD(q->q_state))
{
if (tTd(13, 30))
sm_dprintf(" ... QS_IS_DEAD\n");
continue;
}
if (tTd(13, 29) && !tTd(13, 30))
{
sm_dprintf("Checking ");
printaddr(sm_debug_file(), q, false);
}
if (q->q_owner != NULL)
{
if (owner == NULL)
{
if (tTd(13, 40))
sm_dprintf(" ... First owner = \"%s\"\n",
q->q_owner);
owner = q->q_owner;
}
else if (owner != q->q_owner)
{
if (strcmp(owner, q->q_owner) == 0)
{
if (tTd(13, 40))
sm_dprintf(" ... Same owner = \"%s\"\n",
owner);
/* make future comparisons cheap */
q->q_owner = owner;
}
else
{
if (tTd(13, 40))
sm_dprintf(" ... Another owner \"%s\"\n",
q->q_owner);
otherowners++;
}
owner = q->q_owner;
}
else if (tTd(13, 40))
sm_dprintf(" ... Same owner = \"%s\"\n",
owner);
}
else
{
if (tTd(13, 40))
sm_dprintf(" ... Null owner\n");
otherowners++;
}
if (QS_IS_BADADDR(q->q_state))
{
if (tTd(13, 30))
sm_dprintf(" ... QS_IS_BADADDR\n");
continue;
}
if (QS_IS_QUEUEUP(q->q_state))
{
MAILER *m = q->q_mailer;
/*
** If we have temporary address failures
** (e.g., dns failure) and a fallback MX is
** set, send directly to the fallback MX host.
*/
if (FallbackMX != NULL &&
!wordinclass(FallbackMX, 'w') &&
mode != SM_VERIFY &&
!bitnset(M_NOMX, m->m_flags) &&
strcmp(m->m_mailer, "[IPC]") == 0 &&
m->m_argv[0] != NULL &&
strcmp(m->m_argv[0], "TCP") == 0)
{
int len;
char *p;
if (tTd(13, 30))
sm_dprintf(" ... FallbackMX\n");
len = strlen(FallbackMX) + 1;
p = sm_rpool_malloc_x(e->e_rpool, len);
(void) sm_strlcpy(p, FallbackMX, len);
q->q_state = QS_OK;
q->q_host = p;
}
else
{
if (tTd(13, 30))
sm_dprintf(" ... QS_IS_QUEUEUP\n");
continue;
}
}
/*
** If this mailer is expensive, and if we don't
** want to make connections now, just mark these
** addresses and return. This is useful if we
** want to batch connections to reduce load. This
** will cause the messages to be queued up, and a
** daemon will come along to send the messages later.
*/
if (NoConnect && !Verbose &&
bitnset(M_EXPENSIVE, q->q_mailer->m_flags))
{
if (tTd(13, 30))
sm_dprintf(" ... expensive\n");
q->q_state = QS_QUEUEUP;
expensive = true;
}
else if (bitnset(M_HOLD, q->q_mailer->m_flags) &&
QueueLimitId == NULL &&
QueueLimitSender == NULL &&
QueueLimitRecipient == NULL)
{
if (tTd(13, 30))
sm_dprintf(" ... hold\n");
q->q_state = QS_QUEUEUP;
expensive = true;
}
else if (QueueMode != QM_QUARANTINE &&
e->e_quarmsg != NULL)
{
if (tTd(13, 30))
sm_dprintf(" ... quarantine: %s\n",
e->e_quarmsg);
q->q_state = QS_QUEUEUP;
expensive = true;
}
else
{
if (tTd(13, 30))
sm_dprintf(" ... deliverable\n");
somedeliveries = true;
}
}
if (owner != NULL && otherowners > 0)
{
/*
** Split this envelope into two.
*/
ee = (ENVELOPE *) sm_rpool_malloc_x(e->e_rpool,
sizeof(*ee));
STRUCTCOPY(*e, *ee);
ee->e_message = NULL;
ee->e_id = NULL;
assign_queueid(ee);
if (tTd(13, 1))
sm_dprintf("sendall: split %s into %s, owner = \"%s\", otherowners = %d\n",
e->e_id, ee->e_id, owner,
otherowners);
ee->e_header = copyheader(e->e_header, ee->e_rpool);
ee->e_sendqueue = copyqueue(e->e_sendqueue,
ee->e_rpool);
ee->e_errorqueue = copyqueue(e->e_errorqueue,
ee->e_rpool);
ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS|EF_SENDRECEIPT|EF_RET_PARAM);
ee->e_flags |= EF_NORECEIPT;
setsender(owner, ee, NULL, '\0', true);
if (tTd(13, 5))
{
sm_dprintf("sendall(split): QS_SENDER ");
printaddr(sm_debug_file(), &ee->e_from, false);
}
ee->e_from.q_state = QS_SENDER;
ee->e_dfp = NULL;
ee->e_lockfp = NULL;
ee->e_xfp = NULL;
ee->e_qgrp = e->e_qgrp;
ee->e_qdir = e->e_qdir;
ee->e_errormode = EM_MAIL;
ee->e_sibling = splitenv;
ee->e_statmsg = NULL;
if (e->e_quarmsg != NULL)
ee->e_quarmsg = sm_rpool_strdup_x(ee->e_rpool,
e->e_quarmsg);
splitenv = ee;
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (q->q_owner == owner)
{
q->q_state = QS_CLONED;
if (tTd(13, 6))
sm_dprintf("\t... stripping %s from original envelope\n",
q->q_paddr);
}
}
for (q = ee->e_sendqueue; q != NULL; q = q->q_next)
{
if (q->q_owner != owner)
{
q->q_state = QS_CLONED;
if (tTd(13, 6))
sm_dprintf("\t... dropping %s from cloned envelope\n",
q->q_paddr);
}
else
{
/* clear DSN parameters */
q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
q->q_flags |= DefaultNotify & ~QPINGONSUCCESS;
if (tTd(13, 6))
sm_dprintf("\t... moving %s to cloned envelope\n",
q->q_paddr);
}
}
if (mode != SM_VERIFY && bitset(EF_HAS_DF, e->e_flags))
dup_queue_file(e, ee, DATAFL_LETTER);
/*
** Give the split envelope access to the parent
** transcript file for errors obtained while
** processing the recipients (done before the
** envelope splitting).
*/
if (e->e_xfp != NULL)
ee->e_xfp = sm_io_dup(e->e_xfp);
/* failed to dup e->e_xfp, start a new transcript */
if (ee->e_xfp == NULL)
openxscript(ee);
if (mode != SM_VERIFY && LogLevel > 4)
sm_syslog(LOG_INFO, e->e_id,
"%s: clone: owner=%s",
ee->e_id, owner);
}
}
if (owner != NULL)
{
setsender(owner, e, NULL, '\0', true);
if (tTd(13, 5))
{
sm_dprintf("sendall(owner): QS_SENDER ");
printaddr(sm_debug_file(), &e->e_from, false);
}
e->e_from.q_state = QS_SENDER;
e->e_errormode = EM_MAIL;
e->e_flags |= EF_NORECEIPT;
e->e_flags &= ~EF_FATALERRS;
}
/* if nothing to be delivered, just queue up everything */
if (!somedeliveries && !WILL_BE_QUEUED(mode) &&
mode != SM_VERIFY)
{
time_t now;
if (tTd(13, 29))
sm_dprintf("No deliveries: auto-queueing\n");
mode = SM_QUEUE;
now = curtime();
/* treat this as a delivery in terms of counting tries */
e->e_dtime = now;
if (!expensive)
e->e_ntries++;
for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
{
ee->e_dtime = now;
if (!expensive)
ee->e_ntries++;
}
}
if ((WILL_BE_QUEUED(mode) || mode == SM_FORK ||
(mode != SM_VERIFY &&
(SuperSafe == SAFE_REALLY ||
SuperSafe == SAFE_REALLY_POSTMILTER))) &&
(!bitset(EF_INQUEUE, e->e_flags) || splitenv != NULL))
{
bool msync;
/*
** Be sure everything is instantiated in the queue.
** Split envelopes first in case the machine crashes.
** If the original were done first, we may lose
** recipients.
*/
#if !HASFLOCK
msync = false;
-#else /* !HASFLOCK */
+#else
msync = mode == SM_FORK;
-#endif /* !HASFLOCK */
+#endif
for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
queueup(ee, WILL_BE_QUEUED(mode), msync);
queueup(e, WILL_BE_QUEUED(mode), msync);
}
if (tTd(62, 10))
checkfds("after envelope splitting");
/*
** If we belong in background, fork now.
*/
if (tTd(13, 20))
{
sm_dprintf("sendall: final mode = %c\n", mode);
if (tTd(13, 21))
{
sm_dprintf("\n================ Final Send Queue(s) =====================\n");
sm_dprintf("\n *** Envelope %s, e_from=%s ***\n",
e->e_id, e->e_from.q_paddr);
printaddr(sm_debug_file(), e->e_sendqueue, true);
for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
{
sm_dprintf("\n *** Envelope %s, e_from=%s ***\n",
ee->e_id, ee->e_from.q_paddr);
printaddr(sm_debug_file(), ee->e_sendqueue, true);
}
sm_dprintf("==========================================================\n\n");
}
}
switch (mode)
{
case SM_VERIFY:
Verbose = 2;
break;
case SM_QUEUE:
case SM_DEFER:
#if HASFLOCK
queueonly:
-#endif /* HASFLOCK */
+#endif
if (e->e_nrcpts > 0)
e->e_flags |= EF_INQUEUE;
(void) dropenvelope(e, splitenv != NULL, true);
for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
{
if (ee->e_nrcpts > 0)
ee->e_flags |= EF_INQUEUE;
(void) dropenvelope(ee, false, true);
}
return;
case SM_FORK:
if (e->e_xfp != NULL)
(void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);
#if !HASFLOCK
/*
** Since fcntl locking has the interesting semantic that
** the lock is owned by a process, not by an open file
** descriptor, we have to flush this to the queue, and
** then restart from scratch in the child.
*/
{
/* save id for future use */
char *qid = e->e_id;
/* now drop the envelope in the parent */
e->e_flags |= EF_INQUEUE;
(void) dropenvelope(e, splitenv != NULL, false);
/* arrange to reacquire lock after fork */
e->e_id = qid;
}
for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
{
/* save id for future use */
char *qid = ee->e_id;
/* drop envelope in parent */
ee->e_flags |= EF_INQUEUE;
(void) dropenvelope(ee, false, false);
/* and save qid for reacquisition */
ee->e_id = qid;
}
#endif /* !HASFLOCK */
/*
** Since the delivery may happen in a child and the parent
** does not wait, the parent may close the maps thereby
** removing any shared memory used by the map. Therefore,
** close the maps now so the child will dynamically open
** them if necessary.
*/
closemaps(false);
pid = fork();
if (pid < 0)
{
syserr("deliver: fork 1");
#if HASFLOCK
goto queueonly;
#else /* HASFLOCK */
e->e_id = NULL;
for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
ee->e_id = NULL;
return;
#endif /* HASFLOCK */
}
else if (pid > 0)
{
#if HASFLOCK
/* be sure we leave the temp files to our child */
/* close any random open files in the envelope */
closexscript(e);
if (e->e_dfp != NULL)
(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
e->e_dfp = NULL;
e->e_flags &= ~EF_HAS_DF;
/* can't call unlockqueue to avoid unlink of xfp */
if (e->e_lockfp != NULL)
(void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT);
else
syserr("%s: sendall: null lockfp", e->e_id);
e->e_lockfp = NULL;
#endif /* HASFLOCK */
/* make sure the parent doesn't own the envelope */
e->e_id = NULL;
#if USE_DOUBLE_FORK
/* catch intermediate zombie */
(void) waitfor(pid);
-#endif /* USE_DOUBLE_FORK */
+#endif
return;
}
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
/*
** Initialize exception stack and default exception
** handler for child process.
*/
sm_exc_newthread(fatal_error);
/*
** Since we have accepted responsbility for the message,
** change the SIGTERM handler. intsig() (the old handler)
** would remove the envelope if this was a command line
** message submission.
*/
(void) sm_signal(SIGTERM, SIG_DFL);
#if USE_DOUBLE_FORK
/* double fork to avoid zombies */
pid = fork();
if (pid > 0)
exit(EX_OK);
save_errno = errno;
#endif /* USE_DOUBLE_FORK */
CurrentPid = getpid();
/* be sure we are immune from the terminal */
disconnect(2, e);
clearstats();
/* prevent parent from waiting if there was an error */
if (pid < 0)
{
errno = save_errno;
syserr("deliver: fork 2");
#if HASFLOCK
e->e_flags |= EF_INQUEUE;
-#else /* HASFLOCK */
+#else
e->e_id = NULL;
-#endif /* HASFLOCK */
+#endif
finis(true, true, ExitStat);
}
/* be sure to give error messages in child */
QuickAbort = false;
/*
** Close any cached connections.
**
** We don't send the QUIT protocol because the parent
** still knows about the connection.
**
** This should only happen when delivering an error
** message.
*/
mci_flush(false, NULL);
#if HASFLOCK
break;
#else /* HASFLOCK */
/*
** Now reacquire and run the various queue files.
*/
for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
{
ENVELOPE *sibling = ee->e_sibling;
(void) dowork(ee->e_qgrp, ee->e_qdir, ee->e_id,
false, false, ee);
ee->e_sibling = sibling;
}
(void) dowork(e->e_qgrp, e->e_qdir, e->e_id,
false, false, e);
finis(true, true, ExitStat);
#endif /* HASFLOCK */
}
sendenvelope(e, mode);
(void) dropenvelope(e, true, true);
for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
{
CurEnv = ee;
if (mode != SM_VERIFY)
openxscript(ee);
sendenvelope(ee, mode);
(void) dropenvelope(ee, true, true);
}
CurEnv = e;
Verbose = oldverbose;
if (mode == SM_FORK)
finis(true, true, ExitStat);
}
static void
sendenvelope(e, mode)
register ENVELOPE *e;
int mode;
{
register ADDRESS *q;
bool didany;
if (tTd(13, 10))
sm_dprintf("sendenvelope(%s) e_flags=0x%lx\n",
e->e_id == NULL ? "[NOQUEUE]" : e->e_id,
e->e_flags);
if (LogLevel > 80)
sm_syslog(LOG_DEBUG, e->e_id,
"sendenvelope, flags=0x%lx",
e->e_flags);
/*
** If we have had global, fatal errors, don't bother sending
** the message at all if we are in SMTP mode. Local errors
** (e.g., a single address failing) will still cause the other
** addresses to be sent.
*/
if (bitset(EF_FATALERRS, e->e_flags) &&
(OpMode == MD_SMTP || OpMode == MD_DAEMON))
{
e->e_flags |= EF_CLRQUEUE;
return;
}
/*
** Don't attempt deliveries if we want to bounce now
** or if deliver-by time is exceeded.
*/
if (!bitset(EF_RESPONSE, e->e_flags) &&
(TimeOuts.to_q_return[e->e_timeoutclass] == NOW ||
(IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
curtime() > e->e_ctime + e->e_deliver_by)))
return;
/*
** Run through the list and send everything.
**
** Set EF_GLOBALERRS so that error messages during delivery
** result in returned mail.
*/
e->e_nsent = 0;
e->e_flags |= EF_GLOBALERRS;
macdefine(&e->e_macro, A_PERM, macid("{envid}"), e->e_envid);
macdefine(&e->e_macro, A_PERM, macid("{bodytype}"), e->e_bodytype);
didany = false;
if (!bitset(EF_SPLIT, e->e_flags))
{
ENVELOPE *oldsib;
ENVELOPE *ee;
/*
** Save old sibling and set it to NULL to avoid
** queueing up the same envelopes again.
** This requires that envelopes in that list have
** been take care of before (or at some other place).
*/
oldsib = e->e_sibling;
e->e_sibling = NULL;
if (!split_by_recipient(e) &&
bitset(EF_FATALERRS, e->e_flags))
{
if (OpMode == MD_SMTP || OpMode == MD_DAEMON)
e->e_flags |= EF_CLRQUEUE;
return;
}
for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
queueup(ee, false, true);
/* clean up */
for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
{
/* now unlock the job */
closexscript(ee);
unlockqueue(ee);
/* this envelope is marked unused */
if (ee->e_dfp != NULL)
{
(void) sm_io_close(ee->e_dfp, SM_TIME_DEFAULT);
ee->e_dfp = NULL;
}
ee->e_id = NULL;
ee->e_flags &= ~EF_HAS_DF;
}
e->e_sibling = oldsib;
}
/* now run through the queue */
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
#if XDEBUG
char wbuf[MAXNAME + 20];
(void) sm_snprintf(wbuf, sizeof(wbuf), "sendall(%.*s)",
MAXNAME, q->q_paddr);
checkfd012(wbuf);
#endif /* XDEBUG */
if (mode == SM_VERIFY)
{
e->e_to = q->q_paddr;
if (QS_IS_SENDABLE(q->q_state))
{
if (q->q_host != NULL && q->q_host[0] != '\0')
message("deliverable: mailer %s, host %s, user %s",
q->q_mailer->m_name,
q->q_host,
q->q_user);
else
message("deliverable: mailer %s, user %s",
q->q_mailer->m_name,
q->q_user);
}
}
else if (QS_IS_OK(q->q_state))
{
/*
** Checkpoint the send list every few addresses
*/
if (CheckpointInterval > 0 &&
e->e_nsent >= CheckpointInterval)
{
queueup(e, false, false);
e->e_nsent = 0;
}
(void) deliver(e, q);
didany = true;
}
}
if (didany)
{
e->e_dtime = curtime();
e->e_ntries++;
}
#if XDEBUG
checkfd012("end of sendenvelope");
-#endif /* XDEBUG */
+#endif
}
#if REQUIRES_DIR_FSYNC
/*
** SYNC_DIR -- fsync a directory based on a filename
**
** Parameters:
** filename -- path of file
** panic -- panic?
**
** Returns:
** none
*/
void
sync_dir(filename, panic)
char *filename;
bool panic;
{
int dirfd;
char *dirp;
char dir[MAXPATHLEN];
if (!RequiresDirfsync)
return;
/* filesystems which require the directory be synced */
dirp = strrchr(filename, '/');
if (dirp != NULL)
{
if (sm_strlcpy(dir, filename, sizeof(dir)) >= sizeof(dir))
return;
dir[dirp - filename] = '\0';
dirp = dir;
}
else
dirp = ".";
dirfd = open(dirp, O_RDONLY, 0700);
if (tTd(40,32))
sm_syslog(LOG_INFO, NOQID, "sync_dir: %s: fsync(%d)",
dirp, dirfd);
if (dirfd >= 0)
{
if (fsync(dirfd) < 0)
{
if (panic)
syserr("!sync_dir: cannot fsync directory %s",
dirp);
else if (LogLevel > 1)
sm_syslog(LOG_ERR, NOQID,
"sync_dir: cannot fsync directory %s: %s",
dirp, sm_errstring(errno));
}
(void) close(dirfd);
}
}
#endif /* REQUIRES_DIR_FSYNC */
/*
** DUP_QUEUE_FILE -- duplicate a queue file into a split queue
**
** Parameters:
** e -- the existing envelope
** ee -- the new envelope
** type -- the queue file type (e.g., DATAFL_LETTER)
**
** Returns:
** none
*/
static void
dup_queue_file(e, ee, type)
ENVELOPE *e, *ee;
int type;
{
char f1buf[MAXPATHLEN], f2buf[MAXPATHLEN];
ee->e_dfp = NULL;
ee->e_xfp = NULL;
/*
** Make sure both are in the same directory.
*/
(void) sm_strlcpy(f1buf, queuename(e, type), sizeof(f1buf));
(void) sm_strlcpy(f2buf, queuename(ee, type), sizeof(f2buf));
/* Force the df to disk if it's not there yet */
if (type == DATAFL_LETTER && e->e_dfp != NULL &&
sm_io_setinfo(e->e_dfp, SM_BF_COMMIT, NULL) < 0 &&
errno != EINVAL)
{
syserr("!dup_queue_file: can't commit %s", f1buf);
/* NOTREACHED */
}
if (link(f1buf, f2buf) < 0)
{
int save_errno = errno;
syserr("sendall: link(%s, %s)", f1buf, f2buf);
if (save_errno == EEXIST)
{
if (unlink(f2buf) < 0)
{
syserr("!sendall: unlink(%s): permanent",
f2buf);
/* NOTREACHED */
}
if (link(f1buf, f2buf) < 0)
{
syserr("!sendall: link(%s, %s): permanent",
f1buf, f2buf);
/* NOTREACHED */
}
}
}
SYNC_DIR(f2buf, true);
}
/*
** DOFORK -- do a fork, retrying a couple of times on failure.
**
** This MUST be a macro, since after a vfork we are running
** two processes on the same stack!!!
**
** Parameters:
** none.
**
** Returns:
** From a macro??? You've got to be kidding!
**
** Side Effects:
** Modifies the ==> LOCAL <== variable 'pid', leaving:
** pid of child in parent, zero in child.
** -1 on unrecoverable error.
**
** Notes:
** I'm awfully sorry this looks so awful. That's
** vfork for you.....
*/
#define NFORKTRIES 5
#ifndef FORK
# define FORK fork
-#endif /* ! FORK */
+#endif
#define DOFORK(fORKfN) \
{\
register int i;\
\
for (i = NFORKTRIES; --i >= 0; )\
{\
pid = fORKfN();\
if (pid >= 0)\
break;\
if (i > 0)\
(void) sleep((unsigned) NFORKTRIES - i);\
}\
}
/*
** DOFORK -- simple fork interface to DOFORK.
**
** Parameters:
** none.
**
** Returns:
** pid of child in parent.
** zero in child.
** -1 on error.
**
** Side Effects:
** returns twice, once in parent and once in child.
*/
pid_t
dofork()
{
register pid_t pid = -1;
DOFORK(fork);
return pid;
}
/*
** COLONCMP -- compare host-signatures up to first ':' or EOS
**
** This takes two strings which happen to be host-signatures and
** compares them. If the lowest preference portions of the MX-RR's
** match (up to ':' or EOS, whichever is first), then we have
** match. This is used for coattail-piggybacking messages during
** message delivery.
** If the signatures are the same up to the first ':' the remainder of
** the signatures are then compared with a normal strcmp(). This saves
** re-examining the first part of the signatures.
**
** Parameters:
** a - first host-signature
** b - second host-signature
**
** Returns:
** HS_MATCH_NO -- no "match".
** HS_MATCH_FIRST -- "match" for the first MX preference
** (up to the first colon (':')).
** HS_MATCH_FULL -- match for the entire MX record.
**
** Side Effects:
** none.
*/
#define HS_MATCH_NO 0
#define HS_MATCH_FIRST 1
#define HS_MATCH_FULL 2
static int
coloncmp(a, b)
register const char *a;
register const char *b;
{
int ret = HS_MATCH_NO;
int braclev = 0;
while (*a == *b++)
{
/* Need to account for IPv6 bracketed addresses */
if (*a == '[')
braclev++;
else if (*a == ']' && braclev > 0)
braclev--;
else if (*a == ':' && braclev <= 0)
{
ret = HS_MATCH_FIRST;
a++;
break;
}
else if (*a == '\0')
return HS_MATCH_FULL; /* a full match */
a++;
}
if (ret == HS_MATCH_NO &&
braclev <= 0 &&
((*a == '\0' && *(b - 1) == ':') ||
(*a == ':' && *(b - 1) == '\0')))
return HS_MATCH_FIRST;
if (ret == HS_MATCH_FIRST && strcmp(a, b) == 0)
return HS_MATCH_FULL;
return ret;
}
/*
** SHOULD_TRY_FBSH -- Should try FallbackSmartHost?
**
** Parameters:
** e -- envelope
** tried_fallbacksmarthost -- has been tried already? (in/out)
** hostbuf -- buffer for hostname (expand FallbackSmartHost) (out)
** hbsz -- size of hostbuf
** status -- current delivery status
**
** Returns:
** true iff FallbackSmartHost should be tried.
*/
static bool should_try_fbsh __P((ENVELOPE *, bool *, char *, size_t, int));
static bool
should_try_fbsh(e, tried_fallbacksmarthost, hostbuf, hbsz, status)
ENVELOPE *e;
bool *tried_fallbacksmarthost;
char *hostbuf;
size_t hbsz;
int status;
{
/*
** If the host was not found or a temporary failure occurred
** and a FallbackSmartHost is defined (and we have not yet
** tried it), then make one last try with it as the host.
*/
if ((status == EX_NOHOST || status == EX_TEMPFAIL) &&
FallbackSmartHost != NULL && !*tried_fallbacksmarthost)
{
*tried_fallbacksmarthost = true;
expand(FallbackSmartHost, hostbuf, hbsz, e);
if (!wordinclass(hostbuf, 'w'))
{
if (tTd(11, 1))
sm_dprintf("one last try with FallbackSmartHost %s\n",
hostbuf);
return true;
}
}
return false;
}
/*
** DELIVER -- Deliver a message to a list of addresses.
**
** This routine delivers to everyone on the same host as the
** user on the head of the list. It is clever about mailers
** that don't handle multiple users. It is NOT guaranteed
** that it will deliver to all these addresses however -- so
-** deliver should be called once for each address on the
-** list.
+** deliver should be called once for each address on the list.
** Deliver tries to be as opportunistic as possible about piggybacking
** messages. Some definitions to make understanding easier follow below.
** Piggybacking occurs when an existing connection to a mail host can
** be used to send the same message to more than one recipient at the
** same time. So "no piggybacking" means one message for one recipient
** per connection. "Intentional piggybacking" happens when the
** recipients' host address (not the mail host address) is used to
** attempt piggybacking. Recipients with the same host address
** have the same mail host. "Coincidental piggybacking" relies on
** piggybacking based on all the mail host addresses in the MX-RR. This
** is "coincidental" in the fact it could not be predicted until the
** MX Resource Records for the hosts were obtained and examined. For
** example (preference order and equivalence is important, not values):
** domain1 IN MX 10 mxhost-A
** IN MX 20 mxhost-B
** domain2 IN MX 4 mxhost-A
** IN MX 8 mxhost-B
** Domain1 and domain2 can piggyback the same message to mxhost-A or
** mxhost-B (if mxhost-A cannot be reached).
** "Coattail piggybacking" relaxes the strictness of "coincidental
** piggybacking" in the hope that most significant (lowest value)
** MX preference host(s) can create more piggybacking. For example
** (again, preference order and equivalence is important, not values):
** domain3 IN MX 100 mxhost-C
** IN MX 100 mxhost-D
** IN MX 200 mxhost-E
** domain4 IN MX 50 mxhost-C
** IN MX 50 mxhost-D
** IN MX 80 mxhost-F
** A message for domain3 and domain4 can piggyback to mxhost-C if mxhost-C
** is available. Same with mxhost-D because in both RR's the preference
** value is the same as mxhost-C, respectively.
** So deliver attempts coattail piggybacking when possible. If the
** first MX preference level hosts cannot be used then the piggybacking
** reverts to coincidental piggybacking. Using the above example you
** cannot deliver to mxhost-F for domain3 regardless of preference value.
** ("Coattail" from "riding on the coattails of your predecessor" meaning
** gaining benefit from a predecessor effort with no or little addition
** effort. The predecessor here being the preceding MX RR).
**
** Parameters:
** e -- the envelope to deliver.
** firstto -- head of the address list to deliver to.
**
** Returns:
** zero -- successfully delivered.
** else -- some failure, see ExitStat for more info.
**
** Side Effects:
** The standard input is passed off to someone.
*/
static int
deliver(e, firstto)
register ENVELOPE *e;
ADDRESS *firstto;
{
char *host; /* host being sent to */
char *user; /* user being sent to */
char **pvp;
register char **mvp;
register char *p;
register MAILER *m; /* mailer for this recipient */
ADDRESS *volatile ctladdr;
#if HASSETUSERCONTEXT
ADDRESS *volatile contextaddr = NULL;
-#endif /* HASSETUSERCONTEXT */
+#endif
register MCI *volatile mci;
register ADDRESS *SM_NONVOLATILE to = firstto;
volatile bool clever = false; /* running user smtp to this mailer */
ADDRESS *volatile tochain = NULL; /* users chain in this mailer call */
int rcode; /* response code */
SM_NONVOLATILE int lmtp_rcode = EX_OK;
SM_NONVOLATILE int nummxhosts = 0; /* number of MX hosts available */
SM_NONVOLATILE int hostnum = 0; /* current MX host index */
char *firstsig; /* signature of firstto */
volatile pid_t pid = -1;
char *volatile curhost;
SM_NONVOLATILE unsigned short port = 0;
SM_NONVOLATILE time_t enough = 0;
#if NETUNIX
char *SM_NONVOLATILE mux_path = NULL; /* path to UNIX domain socket */
-#endif /* NETUNIX */
+#endif
time_t xstart;
bool suidwarn;
bool anyok; /* at least one address was OK */
SM_NONVOLATILE bool goodmxfound = false; /* at least one MX was OK */
bool ovr;
bool quarantine;
+#if STARTTLS
+ /* 0: try TLS, 1: try without TLS again, >1: don't try again */
+ int tlsstate;
+# if DANE
+ dane_vrfy_ctx_T dane_vrfy_ctx;
+ STAB *ste;
+# endif
+#endif
+#if STARTTLS || SASL
+ int dotpos;
+
+# define RM_TRAIL_DOT(name) \
+ do { \
+ dotpos = strlen(name) - 1; \
+ if (dotpos >= 0) \
+ { \
+ if (name[dotpos] == '.') \
+ name[dotpos] = '\0'; \
+ else \
+ dotpos = -1; \
+ } \
+ } while (0)
+
+# define FIX_TRAIL_DOT(name) \
+ do { \
+ if (dotpos >= 0) \
+ name[dotpos] = '.'; \
+ } while (0)
+
+#endif
int strsize;
int rcptcount;
int ret;
static int tobufsize = 0;
static char *tobuf = NULL;
char *rpath; /* translated return path */
int mpvect[2];
int rpvect[2];
char *mxhosts[MAXMXHOSTS + 1];
char *pv[MAXPV + 1];
char buf[MAXNAME + 1];
char cbuf[MAXPATHLEN];
errno = 0;
SM_REQUIRE(firstto != NULL); /* same as to */
if (!QS_IS_OK(to->q_state))
return 0;
suidwarn = geteuid() == 0;
SM_REQUIRE(e != NULL);
m = to->q_mailer;
host = to->q_host;
CurEnv = e; /* just in case */
e->e_statmsg = NULL;
SmtpError[0] = '\0';
xstart = curtime();
+#if STARTTLS
+ tlsstate = 0;
+# if DANE
+ memset(&dane_vrfy_ctx, '\0', sizeof(dane_vrfy_ctx));
+ ste = NULL;
+# endif
+#endif
if (tTd(10, 1))
sm_dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n",
e->e_id, m->m_name, host, to->q_user);
if (tTd(10, 100))
printopenfds(false);
/*
** Clear {client_*} macros if this is a bounce message to
** prevent rejection by check_compat ruleset.
*/
if (bitset(EF_RESPONSE, e->e_flags))
{
macdefine(&e->e_macro, A_PERM, macid("{client_name}"), "");
macdefine(&e->e_macro, A_PERM, macid("{client_ptr}"), "");
macdefine(&e->e_macro, A_PERM, macid("{client_addr}"), "");
macdefine(&e->e_macro, A_PERM, macid("{client_port}"), "");
macdefine(&e->e_macro, A_PERM, macid("{client_resolve}"), "");
}
SM_TRY
{
ADDRESS *skip_back = NULL;
/*
** Do initial argv setup.
** Insert the mailer name. Notice that $x expansion is
** NOT done on the mailer name. Then, if the mailer has
** a picky -f flag, we insert it as appropriate. This
** code does not check for 'pv' overflow; this places a
** manifest lower limit of 4 for MAXPV.
** The from address rewrite is expected to make
** the address relative to the other end.
*/
/* rewrite from address, using rewriting rules */
rcode = EX_OK;
SM_ASSERT(e->e_from.q_mailer != NULL);
if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags))
p = e->e_sender;
else
p = e->e_from.q_paddr;
rpath = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e);
if (rcode != EX_OK && bitnset(M_xSMTP, m->m_flags))
goto cleanup;
if (strlen(rpath) > MAXNAME)
{
rpath = shortenstring(rpath, MAXSHORTSTR);
/* avoid bogus errno */
errno = 0;
syserr("remotename: huge return path %s", rpath);
}
rpath = sm_rpool_strdup_x(e->e_rpool, rpath);
macdefine(&e->e_macro, A_PERM, 'g', rpath);
macdefine(&e->e_macro, A_PERM, 'h', host);
Errors = 0;
pvp = pv;
*pvp++ = m->m_argv[0];
/* ignore long term host status information if mailer flag W is set */
if (bitnset(M_NOHOSTSTAT, m->m_flags))
IgnoreHostStatus = true;
/* insert -f or -r flag as appropriate */
if (FromFlag &&
(bitnset(M_FOPT, m->m_flags) ||
bitnset(M_ROPT, m->m_flags)))
{
if (bitnset(M_FOPT, m->m_flags))
*pvp++ = "-f";
else
*pvp++ = "-r";
*pvp++ = rpath;
}
/*
** Append the other fixed parts of the argv. These run
** up to the first entry containing "$u". There can only
** be one of these, and there are only a few more slots
** in the pv after it.
*/
for (mvp = m->m_argv; (p = *++mvp) != NULL; )
{
/* can't use strchr here because of sign extension problems */
while (*p != '\0')
{
if ((*p++ & 0377) == MACROEXPAND)
{
if (*p == 'u')
break;
}
}
if (*p != '\0')
break;
/* this entry is safe -- go ahead and process it */
expand(*mvp, buf, sizeof(buf), e);
*pvp++ = sm_rpool_strdup_x(e->e_rpool, buf);
if (pvp >= &pv[MAXPV - 3])
{
syserr("554 5.3.5 Too many parameters to %s before $u",
pv[0]);
rcode = -1;
goto cleanup;
}
}
/*
** If we have no substitution for the user name in the argument
** list, we know that we must supply the names otherwise -- and
** SMTP is the answer!!
*/
if (*mvp == NULL)
{
/* running LMTP or SMTP */
clever = true;
*pvp = NULL;
setbitn(M_xSMTP, m->m_flags);
}
else if (bitnset(M_LMTP, m->m_flags))
{
/* not running LMTP */
sm_syslog(LOG_ERR, NULL,
"Warning: mailer %s: LMTP flag (F=z) turned off",
m->m_name);
clrbitn(M_LMTP, m->m_flags);
}
/*
** At this point *mvp points to the argument with $u. We
** run through our address list and append all the addresses
** we can. If we run out of space, do not fret! We can
** always send another copy later.
*/
e->e_to = NULL;
strsize = 2;
rcptcount = 0;
ctladdr = NULL;
if (firstto->q_signature == NULL)
firstto->q_signature = hostsignature(firstto->q_mailer,
- firstto->q_host);
+ firstto->q_host,
+ firstto->q_flags & QSECURE);
firstsig = firstto->q_signature;
for (; to != NULL; to = to->q_next)
{
/* avoid sending multiple recipients to dumb mailers */
if (tochain != NULL && !bitnset(M_MUSER, m->m_flags))
break;
/* if already sent or not for this host, don't send */
if (!QS_IS_OK(to->q_state)) /* already sent; look at next */
continue;
/*
** Must be same mailer to keep grouping rcpts.
** If mailers don't match: continue; sendqueue is not
** sorted by mailers, so don't break;
*/
if (to->q_mailer != firstto->q_mailer)
continue;
if (to->q_signature == NULL) /* for safety */
to->q_signature = hostsignature(to->q_mailer,
- to->q_host);
+ to->q_host,
+ to->q_flags & QSECURE);
/*
** This is for coincidental and tailcoat piggybacking messages
** to the same mail host. While the signatures are identical
** (that's the MX-RR's are identical) we can do coincidental
** piggybacking. We try hard for coattail piggybacking
** with the same mail host when the next recipient has the
** same host at lowest preference. It may be that this
** won't work out, so 'skip_back' is maintained if a backup
** to coincidental piggybacking or full signature must happen.
*/
ret = firstto == to ? HS_MATCH_FULL :
coloncmp(to->q_signature, firstsig);
if (ret == HS_MATCH_FULL)
skip_back = to;
else if (ret == HS_MATCH_NO)
break;
if (!clever)
{
/* avoid overflowing tobuf */
strsize += strlen(to->q_paddr) + 1;
if (strsize > TOBUFSIZE)
break;
}
if (++rcptcount > to->q_mailer->m_maxrcpt)
break;
if (tTd(10, 1))
{
sm_dprintf("\nsend to ");
printaddr(sm_debug_file(), to, false);
}
/* compute effective uid/gid when sending */
if (bitnset(M_RUNASRCPT, to->q_mailer->m_flags))
-# if HASSETUSERCONTEXT
+#if HASSETUSERCONTEXT
contextaddr = ctladdr = getctladdr(to);
-# else /* HASSETUSERCONTEXT */
+#else
ctladdr = getctladdr(to);
-# endif /* HASSETUSERCONTEXT */
+#endif
if (tTd(10, 2))
{
sm_dprintf("ctladdr=");
printaddr(sm_debug_file(), ctladdr, false);
}
user = to->q_user;
e->e_to = to->q_paddr;
/*
** Check to see that these people are allowed to
** talk to each other.
** Check also for overflow of e_msgsize.
*/
if (m->m_maxsize != 0 &&
(e->e_msgsize > m->m_maxsize || e->e_msgsize < 0))
{
e->e_flags |= EF_NO_BODY_RETN;
if (bitnset(M_LOCALMAILER, to->q_mailer->m_flags))
to->q_status = "5.2.3";
else
to->q_status = "5.3.4";
/* set to->q_rstatus = NULL; or to the following? */
usrerrenh(to->q_status,
"552 Message is too large; %ld bytes max",
m->m_maxsize);
markfailure(e, to, NULL, EX_UNAVAILABLE, false);
giveresponse(EX_UNAVAILABLE, to->q_status, m,
NULL, ctladdr, xstart, e, to);
continue;
}
SM_SET_H_ERRNO(0);
ovr = true;
/* do config file checking of compatibility */
quarantine = (e->e_quarmsg != NULL);
rcode = rscheck("check_compat", e->e_from.q_paddr, to->q_paddr,
e, RSF_RMCOMM|RSF_COUNT, 3, NULL,
e->e_id, NULL, NULL);
if (rcode == EX_OK)
{
/* do in-code checking if not discarding */
if (!bitset(EF_DISCARD, e->e_flags))
{
rcode = checkcompat(to, e);
ovr = false;
}
}
if (rcode != EX_OK)
{
markfailure(e, to, NULL, rcode, ovr);
giveresponse(rcode, to->q_status, m,
NULL, ctladdr, xstart, e, to);
continue;
}
if (!quarantine && e->e_quarmsg != NULL)
{
/*
** check_compat or checkcompat() has tried
** to quarantine but that isn't supported.
** Revert the attempt.
*/
e->e_quarmsg = NULL;
macdefine(&e->e_macro, A_PERM,
macid("{quarantine}"), "");
}
if (bitset(EF_DISCARD, e->e_flags))
{
if (tTd(10, 5))
{
sm_dprintf("deliver: discarding recipient ");
printaddr(sm_debug_file(), to, false);
}
/* pretend the message was sent */
/* XXX should we log something here? */
to->q_state = QS_DISCARDED;
/*
** Remove discard bit to prevent discard of
** future recipients. This is safe because the
** true "global discard" has been handled before
** we get here.
*/
e->e_flags &= ~EF_DISCARD;
continue;
}
/*
** Strip quote bits from names if the mailer is dumb
** about them.
*/
if (bitnset(M_STRIPQ, m->m_flags))
{
stripquotes(user);
stripquotes(host);
}
/*
** Strip all leading backslashes if requested and the
** next character is alphanumerical (the latter can
** probably relaxed a bit, see RFC2821).
*/
if (bitnset(M_STRIPBACKSL, m->m_flags) && user[0] == '\\')
stripbackslash(user);
/* hack attack -- delivermail compatibility */
if (m == ProgMailer && *user == '|')
user++;
/*
** If an error message has already been given, don't
** bother to send to this address.
**
** >>>>>>>>>> This clause assumes that the local mailer
** >> NOTE >> cannot do any further aliasing; that
** >>>>>>>>>> function is subsumed by sendmail.
*/
if (!QS_IS_OK(to->q_state))
continue;
/*
** See if this user name is "special".
** If the user name has a slash in it, assume that this
** is a file -- send it off without further ado. Note
** that this type of addresses is not processed along
** with the others, so we fudge on the To person.
*/
if (strcmp(m->m_mailer, "[FILE]") == 0)
{
macdefine(&e->e_macro, A_PERM, 'u', user);
p = to->q_home;
if (p == NULL && ctladdr != NULL)
p = ctladdr->q_home;
macdefine(&e->e_macro, A_PERM, 'z', p);
expand(m->m_argv[1], buf, sizeof(buf), e);
if (strlen(buf) > 0)
rcode = mailfile(buf, m, ctladdr, SFF_CREAT, e);
else
{
syserr("empty filename specification for mailer %s",
m->m_name);
rcode = EX_CONFIG;
}
giveresponse(rcode, to->q_status, m, NULL,
ctladdr, xstart, e, to);
markfailure(e, to, NULL, rcode, true);
e->e_nsent++;
if (rcode == EX_OK)
{
to->q_state = QS_SENT;
if (bitnset(M_LOCALMAILER, m->m_flags) &&
bitset(QPINGONSUCCESS, to->q_flags))
{
to->q_flags |= QDELIVERED;
to->q_status = "2.1.5";
(void) sm_io_fprintf(e->e_xfp,
SM_TIME_DEFAULT,
"%s... Successfully delivered\n",
to->q_paddr);
}
}
to->q_statdate = curtime();
markstats(e, to, STATS_NORMAL);
continue;
}
/*
** Address is verified -- add this user to mailer
** argv, and add it to the print list of recipients.
*/
/* link together the chain of recipients */
to->q_tchain = tochain;
tochain = to;
e->e_to = "[CHAIN]";
macdefine(&e->e_macro, A_PERM, 'u', user); /* to user */
p = to->q_home;
if (p == NULL && ctladdr != NULL)
p = ctladdr->q_home;
macdefine(&e->e_macro, A_PERM, 'z', p); /* user's home */
/* set the ${dsn_notify} macro if applicable */
if (bitset(QHASNOTIFY, to->q_flags))
{
char notify[MAXLINE];
notify[0] = '\0';
if (bitset(QPINGONSUCCESS, to->q_flags))
(void) sm_strlcat(notify, "SUCCESS,",
sizeof(notify));
if (bitset(QPINGONFAILURE, to->q_flags))
(void) sm_strlcat(notify, "FAILURE,",
sizeof(notify));
if (bitset(QPINGONDELAY, to->q_flags))
(void) sm_strlcat(notify, "DELAY,",
sizeof(notify));
/* Set to NEVER or drop trailing comma */
if (notify[0] == '\0')
(void) sm_strlcat(notify, "NEVER",
sizeof(notify));
else
notify[strlen(notify) - 1] = '\0';
macdefine(&e->e_macro, A_TEMP,
macid("{dsn_notify}"), notify);
}
else
macdefine(&e->e_macro, A_PERM,
macid("{dsn_notify}"), NULL);
/*
** Expand out this user into argument list.
*/
if (!clever)
{
expand(*mvp, buf, sizeof(buf), e);
*pvp++ = sm_rpool_strdup_x(e->e_rpool, buf);
if (pvp >= &pv[MAXPV - 2])
{
/* allow some space for trailing parms */
break;
}
}
}
/* see if any addresses still exist */
if (tochain == NULL)
{
rcode = 0;
goto cleanup;
}
/* print out messages as full list */
strsize = 1;
for (to = tochain; to != NULL; to = to->q_tchain)
strsize += strlen(to->q_paddr) + 1;
if (strsize < TOBUFSIZE)
strsize = TOBUFSIZE;
if (strsize > tobufsize)
{
- SM_FREE_CLR(tobuf);
+ SM_FREE(tobuf);
tobuf = sm_pmalloc_x(strsize);
tobufsize = strsize;
}
p = tobuf;
*p = '\0';
for (to = tochain; to != NULL; to = to->q_tchain)
{
(void) sm_strlcpyn(p, tobufsize - (p - tobuf), 2,
",", to->q_paddr);
p += strlen(p);
}
e->e_to = tobuf + 1;
/*
** Fill out any parameters after the $u parameter.
*/
if (!clever)
{
while (*++mvp != NULL)
{
expand(*mvp, buf, sizeof(buf), e);
*pvp++ = sm_rpool_strdup_x(e->e_rpool, buf);
if (pvp >= &pv[MAXPV])
syserr("554 5.3.0 deliver: pv overflow after $u for %s",
pv[0]);
}
}
*pvp++ = NULL;
/*
** Call the mailer.
** The argument vector gets built, pipes
** are created as necessary, and we fork & exec as
** appropriate.
** If we are running SMTP, we just need to clean up.
*/
/* XXX this seems a bit weird */
if (ctladdr == NULL && m != ProgMailer && m != FileMailer &&
bitset(QGOODUID, e->e_from.q_flags))
ctladdr = &e->e_from;
#if NAMED_BIND
if (ConfigLevel < 2)
_res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
-#endif /* NAMED_BIND */
+#endif
if (tTd(11, 1))
{
sm_dprintf("openmailer:");
printav(sm_debug_file(), pv);
}
errno = 0;
SM_SET_H_ERRNO(0);
CurHostName = NULL;
/*
** Deal with the special case of mail handled through an IPC
** connection.
** In this case we don't actually fork. We must be
** running SMTP for this to work. We will return a
** zero pid to indicate that we are running IPC.
** We also handle a debug version that just talks to stdin/out.
*/
curhost = NULL;
SmtpPhase = NULL;
mci = NULL;
#if XDEBUG
{
char wbuf[MAXLINE];
/* make absolutely certain 0, 1, and 2 are in use */
(void) sm_snprintf(wbuf, sizeof(wbuf), "%s... openmailer(%s)",
shortenstring(e->e_to, MAXSHORTSTR),
m->m_name);
checkfd012(wbuf);
}
#endif /* XDEBUG */
/* check for 8-bit available */
if (bitset(EF_HAS8BIT, e->e_flags) &&
bitnset(M_7BITS, m->m_flags) &&
(bitset(EF_DONT_MIME, e->e_flags) ||
!(bitset(MM_MIME8BIT, MimeMode) ||
(bitset(EF_IS_MIME, e->e_flags) &&
bitset(MM_CVTMIME, MimeMode)))))
{
e->e_status = "5.6.3";
usrerrenh(e->e_status,
"554 Cannot send 8-bit data to 7-bit destination");
rcode = EX_DATAERR;
goto give_up;
}
if (tTd(62, 8))
checkfds("before delivery");
/* check for Local Person Communication -- not for mortals!!! */
if (strcmp(m->m_mailer, "[LPC]") == 0)
{
if (clever)
{
/* flush any expired connections */
(void) mci_scan(NULL);
/* try to get a cached connection or just a slot */
mci = mci_get(m->m_name, m);
if (mci->mci_host == NULL)
mci->mci_host = m->m_name;
CurHostName = mci->mci_host;
if (mci->mci_state != MCIS_CLOSED)
{
message("Using cached SMTP/LPC connection for %s...",
m->m_name);
mci->mci_deliveries++;
goto do_transfer;
}
}
else
{
mci = mci_new(e->e_rpool);
}
mci->mci_in = smioin;
mci->mci_out = smioout;
mci->mci_mailer = m;
mci->mci_host = m->m_name;
if (clever)
{
mci->mci_state = MCIS_OPENING;
mci_cache(mci);
}
else
mci->mci_state = MCIS_OPEN;
}
else if (strcmp(m->m_mailer, "[IPC]") == 0)
{
register int i;
if (pv[0] == NULL || pv[1] == NULL || pv[1][0] == '\0')
{
syserr("null destination for %s mailer", m->m_mailer);
rcode = EX_CONFIG;
goto give_up;
}
-# if NETUNIX
+#if NETUNIX
if (strcmp(pv[0], "FILE") == 0)
{
curhost = CurHostName = "localhost";
mux_path = pv[1];
}
else
-# endif /* NETUNIX */
+#endif /* NETUNIX */
{
CurHostName = pv[1];
- curhost = hostsignature(m, pv[1]);
+ /* XXX ??? */
+ curhost = hostsignature(m, pv[1], firstto->q_flags & QSECURE);
}
if (curhost == NULL || curhost[0] == '\0')
{
syserr("null host signature for %s", pv[1]);
rcode = EX_CONFIG;
goto give_up;
}
if (!clever)
{
syserr("554 5.3.5 non-clever IPC");
rcode = EX_CONFIG;
goto give_up;
}
if (pv[2] != NULL
-# if NETUNIX
+#if NETUNIX
&& mux_path == NULL
-# endif /* NETUNIX */
+#endif
)
{
port = htons((unsigned short) atoi(pv[2]));
if (port == 0)
{
-# ifdef NO_GETSERVBYNAME
+#ifdef NO_GETSERVBYNAME
syserr("Invalid port number: %s", pv[2]);
-# else /* NO_GETSERVBYNAME */
+#else /* NO_GETSERVBYNAME */
struct servent *sp = getservbyname(pv[2], "tcp");
if (sp == NULL)
syserr("Service %s unknown", pv[2]);
else
port = sp->s_port;
-# endif /* NO_GETSERVBYNAME */
+#endif /* NO_GETSERVBYNAME */
}
}
nummxhosts = parse_hostsignature(curhost, mxhosts, m);
if (TimeOuts.to_aconnect > 0)
enough = curtime() + TimeOuts.to_aconnect;
tryhost:
while (hostnum < nummxhosts)
{
char sep = ':';
char *endp;
static char hostbuf[MAXNAME + 1];
bool tried_fallbacksmarthost = false;
+#if DANE
+ unsigned long tlsa_flags;
-# if NETINET6
+ ste = NULL;
+ tlsa_flags = 0;
+#endif
+#if NETINET6
if (*mxhosts[hostnum] == '[')
{
endp = strchr(mxhosts[hostnum] + 1, ']');
if (endp != NULL)
endp = strpbrk(endp + 1, ":,");
}
else
endp = strpbrk(mxhosts[hostnum], ":,");
-# else /* NETINET6 */
+#else /* NETINET6 */
endp = strpbrk(mxhosts[hostnum], ":,");
-# endif /* NETINET6 */
+#endif /* NETINET6 */
if (endp != NULL)
{
sep = *endp;
*endp = '\0';
}
if (hostnum == 1 && skip_back != NULL)
{
/*
** Coattail piggybacking is no longer an
** option with the mail host next to be tried
** no longer the lowest MX preference
** (hostnum == 1 meaning we're on the second
** preference). We do not try to coattail
** piggyback more than the first MX preference.
** Revert 'tochain' to last location for
** coincidental piggybacking. This works this
** easily because the q_tchain kept getting
** added to the top of the linked list.
*/
tochain = skip_back;
}
if (*mxhosts[hostnum] == '\0')
{
syserr("deliver: null host name in signature");
hostnum++;
if (endp != NULL)
*endp = sep;
continue;
}
(void) sm_strlcpy(hostbuf, mxhosts[hostnum],
sizeof(hostbuf));
hostnum++;
if (endp != NULL)
*endp = sep;
+#if STARTTLS
+ tlsstate = 0;
+#endif
one_last_try:
/* see if we already know that this host is fried */
CurHostName = hostbuf;
mci = mci_get(hostbuf, m);
if (mci->mci_state != MCIS_CLOSED)
{
char *type;
if (tTd(11, 1))
{
sm_dprintf("openmailer: ");
mci_dump(sm_debug_file(), mci, false);
}
CurHostName = mci->mci_host;
if (bitnset(M_LMTP, m->m_flags))
type = "L";
else if (bitset(MCIF_ESMTP, mci->mci_flags))
type = "ES";
else
type = "S";
message("Using cached %sMTP connection to %s via %s...",
type, hostbuf, m->m_name);
mci->mci_deliveries++;
break;
}
mci->mci_mailer = m;
+#if DANE
+ tlsa_flags = 0;
+ if (CHK_DANE(Dane))
+ (void) GETTLSA(hostbuf, &ste, m->m_port);
+
+ /* XXX: check expiration! */
+ if (ste != NULL && TLSA_RR_TEMPFAIL(ste->s_tlsa))
+ {
+ if (tTd(11, 1))
+ sm_dprintf("skip: host=%s, TLSA_RR_lookup=%d\n"
+ , hostbuf
+ , ste->s_tlsa->dane_tlsa_dnsrc);
+
+ tlsa_flags |= TLSAFLTEMP;
+ }
+#endif /* DANE */
+
if (mci->mci_exitstat != EX_OK)
{
if (mci->mci_exitstat == EX_TEMPFAIL)
goodmxfound = true;
/* Try FallbackSmartHost? */
if (should_try_fbsh(e, &tried_fallbacksmarthost,
hostbuf, sizeof(hostbuf),
mci->mci_exitstat))
goto one_last_try;
continue;
}
if (mci_lock_host(mci) != EX_OK)
{
mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
goodmxfound = true;
continue;
}
/* try the connection */
sm_setproctitle(true, e, "%s %s: %s",
qid_printname(e),
hostbuf, "user open");
-# if NETUNIX
+#if NETUNIX
if (mux_path != NULL)
{
message("Connecting to %s via %s...",
mux_path, m->m_name);
i = makeconnection_ds((char *) mux_path, mci);
}
else
-# endif /* NETUNIX */
+#endif /* NETUNIX */
{
if (port == 0)
message("Connecting to %s via %s...",
hostbuf, m->m_name);
else
message("Connecting to %s port %d via %s...",
hostbuf, ntohs(port),
m->m_name);
+#if DANE
+ tlsa_flags |= (ste != NULL) ? Dane : DANE_NEVER;
+ dane_vrfy_ctx.dane_vrfy_chk = tlsa_flags;
+ dane_vrfy_ctx.dane_vrfy_port = m->m_port;
+ if (tTd(11, 11))
+ sm_dprintf("makeconnection: before: chk=%d, mode=%lX\n", dane_vrfy_ctx.dane_vrfy_chk, tlsa_flags);
+#endif
i = makeconnection(hostbuf, port, mci, e,
- enough);
+ enough
+#if DANE
+ , &tlsa_flags
+#endif
+ );
+#if DANE
+ if (tTd(11, 11))
+ sm_dprintf("makeconnection: after: chk=%d, mode=%lX\n", dane_vrfy_ctx.dane_vrfy_chk, tlsa_flags);
+ if (dane_vrfy_ctx.dane_vrfy_chk != DANE_ALWAYS)
+ dane_vrfy_ctx.dane_vrfy_chk = DANEMODE(tlsa_flags);
+ if (EX_TEMPFAIL == i &&
+ ((tlsa_flags & (TLSAFLTEMP|DANE_SECURE)) ==
+ (TLSAFLTEMP|DANE_SECURE)))
+ {
+ (void) sm_strlcpy(SmtpError,
+ " for TLSA RR",
+ sizeof(SmtpError));
+# if NAMED_BIND
+ SM_SET_H_ERRNO(TRY_AGAIN);
+# endif
+ }
+#endif
}
mci->mci_errno = errno;
mci->mci_lastuse = curtime();
mci->mci_deliveries = 0;
mci->mci_exitstat = i;
mci_clr_extensions(mci);
-# if NAMED_BIND
+#if NAMED_BIND
mci->mci_herrno = h_errno;
-# endif /* NAMED_BIND */
+#endif
/*
** Have we tried long enough to get a connection?
** If yes, skip to the fallback MX hosts
** (if existent).
*/
if (enough > 0 && mci->mci_lastuse >= enough)
{
int h;
-# if NAMED_BIND
+#if NAMED_BIND
extern int NumFallbackMXHosts;
-# else /* NAMED_BIND */
+#else
const int NumFallbackMXHosts = 0;
-# endif /* NAMED_BIND */
+#endif
if (hostnum < nummxhosts && LogLevel > 9)
sm_syslog(LOG_INFO, e->e_id,
"Timeout.to_aconnect occurred before exhausting all addresses");
/* turn off timeout if fallback available */
if (NumFallbackMXHosts > 0)
enough = 0;
/* skip to a fallback MX host */
h = nummxhosts - NumFallbackMXHosts;
if (hostnum < h)
hostnum = h;
}
if (i == EX_OK)
{
goodmxfound = true;
markstats(e, firstto, STATS_CONNECT);
mci->mci_state = MCIS_OPENING;
mci_cache(mci);
if (TrafficLogFile != NULL)
(void) sm_io_fprintf(TrafficLogFile,
SM_TIME_DEFAULT,
"%05d === CONNECT %s\n",
(int) CurrentPid,
hostbuf);
break;
}
else
{
/* Try FallbackSmartHost? */
if (should_try_fbsh(e, &tried_fallbacksmarthost,
hostbuf, sizeof(hostbuf), i))
goto one_last_try;
if (tTd(11, 1))
sm_dprintf("openmailer: makeconnection => stat=%d, errno=%d\n",
i, errno);
if (i == EX_TEMPFAIL)
goodmxfound = true;
mci_unlock_host(mci);
}
/* enter status of this host */
setstat(i);
/* should print some message here for -v mode */
}
if (mci == NULL)
{
syserr("deliver: no host name");
rcode = EX_SOFTWARE;
goto give_up;
}
mci->mci_pid = 0;
}
else
{
/* flush any expired connections */
(void) mci_scan(NULL);
mci = NULL;
if (bitnset(M_LMTP, m->m_flags))
{
/* try to get a cached connection */
mci = mci_get(m->m_name, m);
if (mci->mci_host == NULL)
mci->mci_host = m->m_name;
CurHostName = mci->mci_host;
if (mci->mci_state != MCIS_CLOSED)
{
message("Using cached LMTP connection for %s...",
m->m_name);
mci->mci_deliveries++;
goto do_transfer;
}
}
/* announce the connection to verbose listeners */
if (host == NULL || host[0] == '\0')
message("Connecting to %s...", m->m_name);
else
message("Connecting to %s via %s...", host, m->m_name);
if (TrafficLogFile != NULL)
{
char **av;
(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
"%05d === EXEC", (int) CurrentPid);
for (av = pv; *av != NULL; av++)
(void) sm_io_fprintf(TrafficLogFile,
SM_TIME_DEFAULT, " %s",
*av);
(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
"\n");
}
#if XDEBUG
checkfd012("before creating mail pipe");
-#endif /* XDEBUG */
+#endif
/* create a pipe to shove the mail through */
if (pipe(mpvect) < 0)
{
syserr("%s... openmailer(%s): pipe (to mailer)",
shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
if (tTd(11, 1))
sm_dprintf("openmailer: NULL\n");
rcode = EX_OSERR;
goto give_up;
}
#if XDEBUG
/* make sure we didn't get one of the standard I/O files */
if (mpvect[0] < 3 || mpvect[1] < 3)
{
syserr("%s... openmailer(%s): bogus mpvect %d %d",
shortenstring(e->e_to, MAXSHORTSTR), m->m_name,
mpvect[0], mpvect[1]);
printopenfds(true);
if (tTd(11, 1))
sm_dprintf("openmailer: NULL\n");
rcode = EX_OSERR;
goto give_up;
}
/* make sure system call isn't dead meat */
checkfdopen(mpvect[0], "mpvect[0]");
checkfdopen(mpvect[1], "mpvect[1]");
if (mpvect[0] == mpvect[1] ||
(e->e_lockfp != NULL &&
(mpvect[0] == sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD,
NULL) ||
mpvect[1] == sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD,
NULL))))
{
if (e->e_lockfp == NULL)
syserr("%s... openmailer(%s): overlapping mpvect %d %d",
shortenstring(e->e_to, MAXSHORTSTR),
m->m_name, mpvect[0], mpvect[1]);
else
syserr("%s... openmailer(%s): overlapping mpvect %d %d, lockfp = %d",
shortenstring(e->e_to, MAXSHORTSTR),
m->m_name, mpvect[0], mpvect[1],
sm_io_getinfo(e->e_lockfp,
SM_IO_WHAT_FD, NULL));
}
#endif /* XDEBUG */
/* create a return pipe */
if (pipe(rpvect) < 0)
{
syserr("%s... openmailer(%s): pipe (from mailer)",
shortenstring(e->e_to, MAXSHORTSTR),
m->m_name);
(void) close(mpvect[0]);
(void) close(mpvect[1]);
if (tTd(11, 1))
sm_dprintf("openmailer: NULL\n");
rcode = EX_OSERR;
goto give_up;
}
#if XDEBUG
checkfdopen(rpvect[0], "rpvect[0]");
checkfdopen(rpvect[1], "rpvect[1]");
-#endif /* XDEBUG */
+#endif
/*
** Actually fork the mailer process.
** DOFORK is clever about retrying.
**
** Dispose of SIGCHLD signal catchers that may be laying
** around so that endmailer will get it.
*/
if (e->e_xfp != NULL) /* for debugging */
(void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);
(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
(void) sm_signal(SIGCHLD, SIG_DFL);
DOFORK(FORK);
/* pid is set by DOFORK */
if (pid < 0)
{
/* failure */
syserr("%s... openmailer(%s): cannot fork",
shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
(void) close(mpvect[0]);
(void) close(mpvect[1]);
(void) close(rpvect[0]);
(void) close(rpvect[1]);
if (tTd(11, 1))
sm_dprintf("openmailer: NULL\n");
rcode = EX_OSERR;
goto give_up;
}
else if (pid == 0)
{
int save_errno;
int sff;
int new_euid = NO_UID;
int new_ruid = NO_UID;
int new_gid = NO_GID;
char *user = NULL;
struct stat stb;
extern int DtableSize;
CurrentPid = getpid();
/* clear the events to turn off SIGALRMs */
sm_clear_events();
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
if (e->e_lockfp != NULL)
(void) close(sm_io_getinfo(e->e_lockfp,
SM_IO_WHAT_FD,
NULL));
/* child -- set up input & exec mailer */
(void) sm_signal(SIGALRM, sm_signal_noop);
(void) sm_signal(SIGCHLD, SIG_DFL);
(void) sm_signal(SIGHUP, SIG_IGN);
(void) sm_signal(SIGINT, SIG_IGN);
(void) sm_signal(SIGTERM, SIG_DFL);
-# ifdef SIGUSR1
+#ifdef SIGUSR1
(void) sm_signal(SIGUSR1, sm_signal_noop);
-# endif /* SIGUSR1 */
+#endif
if (m != FileMailer || stat(tochain->q_user, &stb) < 0)
stb.st_mode = 0;
-# if HASSETUSERCONTEXT
+#if HASSETUSERCONTEXT
/*
** Set user resources.
*/
if (contextaddr != NULL)
{
int sucflags;
struct passwd *pwd;
if (contextaddr->q_ruser != NULL)
pwd = sm_getpwnam(contextaddr->q_ruser);
else
pwd = sm_getpwnam(contextaddr->q_user);
sucflags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
-#ifdef LOGIN_SETCPUMASK
+# ifdef LOGIN_SETCPUMASK
sucflags |= LOGIN_SETCPUMASK;
-#endif /* LOGIN_SETCPUMASK */
-#ifdef LOGIN_SETLOGINCLASS
+# endif
+# ifdef LOGIN_SETLOGINCLASS
sucflags |= LOGIN_SETLOGINCLASS;
-#endif /* LOGIN_SETLOGINCLASS */
-#ifdef LOGIN_SETMAC
+# endif
+# ifdef LOGIN_SETMAC
sucflags |= LOGIN_SETMAC;
-#endif /* LOGIN_SETMAC */
+# endif
if (pwd != NULL &&
setusercontext(NULL, pwd, pwd->pw_uid,
sucflags) == -1 &&
suidwarn)
{
syserr("openmailer: setusercontext() failed");
exit(EX_TEMPFAIL);
}
}
-# endif /* HASSETUSERCONTEXT */
+#endif /* HASSETUSERCONTEXT */
#if HASNICE
/* tweak niceness */
if (m->m_nice != 0)
(void) nice(m->m_nice);
#endif /* HASNICE */
/* reset group id */
if (bitnset(M_SPECIFIC_UID, m->m_flags))
{
if (m->m_gid == NO_GID)
new_gid = RunAsGid;
else
new_gid = m->m_gid;
}
else if (bitset(S_ISGID, stb.st_mode))
new_gid = stb.st_gid;
else if (ctladdr != NULL && ctladdr->q_gid != 0)
{
if (!DontInitGroups)
{
user = ctladdr->q_ruser;
if (user == NULL)
user = ctladdr->q_user;
if (initgroups(user,
ctladdr->q_gid) == -1
&& suidwarn)
{
syserr("openmailer: initgroups(%s, %ld) failed",
user, (long) ctladdr->q_gid);
exit(EX_TEMPFAIL);
}
}
else
{
GIDSET_T gidset[1];
gidset[0] = ctladdr->q_gid;
if (setgroups(1, gidset) == -1
&& suidwarn)
{
syserr("openmailer: setgroups() failed");
exit(EX_TEMPFAIL);
}
}
new_gid = ctladdr->q_gid;
}
else
{
if (!DontInitGroups)
{
user = DefUser;
if (initgroups(DefUser, DefGid) == -1 &&
suidwarn)
{
syserr("openmailer: initgroups(%s, %ld) failed",
DefUser, (long) DefGid);
exit(EX_TEMPFAIL);
}
}
else
{
GIDSET_T gidset[1];
gidset[0] = DefGid;
if (setgroups(1, gidset) == -1
&& suidwarn)
{
syserr("openmailer: setgroups() failed");
exit(EX_TEMPFAIL);
}
}
if (m->m_gid == NO_GID)
new_gid = DefGid;
else
new_gid = m->m_gid;
}
if (new_gid != NO_GID)
{
if (RunAsUid != 0 &&
bitnset(M_SPECIFIC_UID, m->m_flags) &&
new_gid != getgid() &&
new_gid != getegid())
{
/* Only root can change the gid */
syserr("openmailer: insufficient privileges to change gid, RunAsUid=%ld, new_gid=%ld, gid=%ld, egid=%ld",
(long) RunAsUid, (long) new_gid,
(long) getgid(), (long) getegid());
exit(EX_TEMPFAIL);
}
if (setgid(new_gid) < 0 && suidwarn)
{
syserr("openmailer: setgid(%ld) failed",
(long) new_gid);
exit(EX_TEMPFAIL);
}
}
/* change root to some "safe" directory */
if (m->m_rootdir != NULL)
{
expand(m->m_rootdir, cbuf, sizeof(cbuf), e);
if (tTd(11, 20))
sm_dprintf("openmailer: chroot %s\n",
cbuf);
if (chroot(cbuf) < 0)
{
syserr("openmailer: Cannot chroot(%s)",
cbuf);
exit(EX_TEMPFAIL);
}
if (chdir("/") < 0)
{
syserr("openmailer: cannot chdir(/)");
exit(EX_TEMPFAIL);
}
}
/* reset user id */
endpwent();
sm_mbdb_terminate();
if (bitnset(M_SPECIFIC_UID, m->m_flags))
{
if (m->m_uid == NO_UID)
new_euid = RunAsUid;
else
new_euid = m->m_uid;
/*
** Undo the effects of the uid change in main
** for signal handling. The real uid may
** be used by mailer in adding a "From "
** line.
*/
if (RealUid != 0 && RealUid != getuid())
{
-# if MAILER_SETUID_METHOD == USE_SETEUID
-# if HASSETREUID
+#if MAILER_SETUID_METHOD == USE_SETEUID
+# if HASSETREUID
if (setreuid(RealUid, geteuid()) < 0)
{
syserr("openmailer: setreuid(%d, %d) failed",
(int) RealUid, (int) geteuid());
exit(EX_OSERR);
}
-# endif /* HASSETREUID */
-# endif /* MAILER_SETUID_METHOD == USE_SETEUID */
-# if MAILER_SETUID_METHOD == USE_SETREUID
+# endif /* HASSETREUID */
+#endif /* MAILER_SETUID_METHOD == USE_SETEUID */
+#if MAILER_SETUID_METHOD == USE_SETREUID
new_ruid = RealUid;
-# endif /* MAILER_SETUID_METHOD == USE_SETREUID */
+#endif
}
}
else if (bitset(S_ISUID, stb.st_mode))
new_ruid = stb.st_uid;
else if (ctladdr != NULL && ctladdr->q_uid != 0)
new_ruid = ctladdr->q_uid;
else if (m->m_uid != NO_UID)
new_ruid = m->m_uid;
else
new_ruid = DefUid;
-# if _FFR_USE_SETLOGIN
+#if _FFR_USE_SETLOGIN
/* run disconnected from terminal and set login name */
if (setsid() >= 0 &&
ctladdr != NULL && ctladdr->q_uid != 0 &&
new_euid == ctladdr->q_uid)
{
struct passwd *pwd;
pwd = sm_getpwuid(ctladdr->q_uid);
if (pwd != NULL && suidwarn)
(void) setlogin(pwd->pw_name);
endpwent();
}
-# endif /* _FFR_USE_SETLOGIN */
+#endif /* _FFR_USE_SETLOGIN */
if (new_euid != NO_UID)
{
if (RunAsUid != 0 && new_euid != RunAsUid)
{
/* Only root can change the uid */
syserr("openmailer: insufficient privileges to change uid, new_euid=%ld, RunAsUid=%ld",
(long) new_euid, (long) RunAsUid);
exit(EX_TEMPFAIL);
}
vendor_set_uid(new_euid);
-# if MAILER_SETUID_METHOD == USE_SETEUID
+#if MAILER_SETUID_METHOD == USE_SETEUID
if (seteuid(new_euid) < 0 && suidwarn)
{
syserr("openmailer: seteuid(%ld) failed",
(long) new_euid);
exit(EX_TEMPFAIL);
}
-# endif /* MAILER_SETUID_METHOD == USE_SETEUID */
-# if MAILER_SETUID_METHOD == USE_SETREUID
+#endif /* MAILER_SETUID_METHOD == USE_SETEUID */
+#if MAILER_SETUID_METHOD == USE_SETREUID
if (setreuid(new_ruid, new_euid) < 0 && suidwarn)
{
syserr("openmailer: setreuid(%ld, %ld) failed",
(long) new_ruid, (long) new_euid);
exit(EX_TEMPFAIL);
}
-# endif /* MAILER_SETUID_METHOD == USE_SETREUID */
-# if MAILER_SETUID_METHOD == USE_SETUID
+#endif /* MAILER_SETUID_METHOD == USE_SETREUID */
+#if MAILER_SETUID_METHOD == USE_SETUID
if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn)
{
syserr("openmailer: setuid(%ld) failed",
(long) new_euid);
exit(EX_TEMPFAIL);
}
-# endif /* MAILER_SETUID_METHOD == USE_SETUID */
+#endif /* MAILER_SETUID_METHOD == USE_SETUID */
}
else if (new_ruid != NO_UID)
{
vendor_set_uid(new_ruid);
if (setuid(new_ruid) < 0 && suidwarn)
{
syserr("openmailer: setuid(%ld) failed",
(long) new_ruid);
exit(EX_TEMPFAIL);
}
}
if (tTd(11, 2))
sm_dprintf("openmailer: running as r/euid=%ld/%ld, r/egid=%ld/%ld\n",
(long) getuid(), (long) geteuid(),
(long) getgid(), (long) getegid());
/* move into some "safe" directory */
if (m->m_execdir != NULL)
{
char *q;
for (p = m->m_execdir; p != NULL; p = q)
{
q = strchr(p, ':');
if (q != NULL)
*q = '\0';
expand(p, cbuf, sizeof(cbuf), e);
if (q != NULL)
*q++ = ':';
if (tTd(11, 20))
sm_dprintf("openmailer: trydir %s\n",
cbuf);
if (cbuf[0] != '\0' &&
chdir(cbuf) >= 0)
break;
}
}
/* Check safety of program to be run */
sff = SFF_ROOTOK|SFF_EXECOK;
if (!bitnset(DBS_RUNWRITABLEPROGRAM,
DontBlameSendmail))
sff |= SFF_NOGWFILES|SFF_NOWWFILES;
if (bitnset(DBS_RUNPROGRAMINUNSAFEDIRPATH,
DontBlameSendmail))
sff |= SFF_NOPATHCHECK;
else
sff |= SFF_SAFEDIRPATH;
ret = safefile(m->m_mailer, getuid(), getgid(),
user, sff, 0, NULL);
if (ret != 0)
sm_syslog(LOG_INFO, e->e_id,
"Warning: program %s unsafe: %s",
m->m_mailer, sm_errstring(ret));
/* arrange to filter std & diag output of command */
(void) close(rpvect[0]);
if (dup2(rpvect[1], STDOUT_FILENO) < 0)
{
syserr("%s... openmailer(%s): cannot dup pipe %d for stdout",
shortenstring(e->e_to, MAXSHORTSTR),
m->m_name, rpvect[1]);
_exit(EX_OSERR);
}
(void) close(rpvect[1]);
if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0)
{
syserr("%s... openmailer(%s): cannot dup stdout for stderr",
shortenstring(e->e_to, MAXSHORTSTR),
m->m_name);
_exit(EX_OSERR);
}
/* arrange to get standard input */
(void) close(mpvect[1]);
if (dup2(mpvect[0], STDIN_FILENO) < 0)
{
syserr("%s... openmailer(%s): cannot dup pipe %d for stdin",
shortenstring(e->e_to, MAXSHORTSTR),
m->m_name, mpvect[0]);
_exit(EX_OSERR);
}
(void) close(mpvect[0]);
/* arrange for all the files to be closed */
sm_close_on_exec(STDERR_FILENO + 1, DtableSize);
-# if !_FFR_USE_SETLOGIN
+#if !_FFR_USE_SETLOGIN
/* run disconnected from terminal */
(void) setsid();
-# endif /* !_FFR_USE_SETLOGIN */
+#endif
/* try to execute the mailer */
(void) execve(m->m_mailer, (ARGV_T) pv,
(ARGV_T) UserEnviron);
save_errno = errno;
syserr("Cannot exec %s", m->m_mailer);
if (bitnset(M_LOCALMAILER, m->m_flags) ||
transienterror(save_errno))
_exit(EX_OSERR);
_exit(EX_UNAVAILABLE);
}
/*
** Set up return value.
*/
if (mci == NULL)
{
if (clever)
{
/*
** Allocate from general heap, not
** envelope rpool, because this mci
** is going to be cached.
*/
mci = mci_new(NULL);
}
else
{
/*
** Prevent a storage leak by allocating
** this from the envelope rpool.
*/
mci = mci_new(e->e_rpool);
}
}
mci->mci_mailer = m;
if (clever)
{
mci->mci_state = MCIS_OPENING;
mci_cache(mci);
}
else
{
mci->mci_state = MCIS_OPEN;
}
mci->mci_pid = pid;
(void) close(mpvect[0]);
mci->mci_out = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &(mpvect[1]), SM_IO_WRONLY_B,
NULL);
if (mci->mci_out == NULL)
{
syserr("deliver: cannot create mailer output channel, fd=%d",
mpvect[1]);
(void) close(mpvect[1]);
(void) close(rpvect[0]);
(void) close(rpvect[1]);
rcode = EX_OSERR;
goto give_up;
}
(void) close(rpvect[1]);
mci->mci_in = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &(rpvect[0]), SM_IO_RDONLY_B,
NULL);
if (mci->mci_in == NULL)
{
syserr("deliver: cannot create mailer input channel, fd=%d",
mpvect[1]);
(void) close(rpvect[0]);
(void) sm_io_close(mci->mci_out, SM_TIME_DEFAULT);
mci->mci_out = NULL;
rcode = EX_OSERR;
goto give_up;
}
}
/*
** If we are in SMTP opening state, send initial protocol.
*/
if (bitnset(M_7BITS, m->m_flags) &&
(!clever || mci->mci_state == MCIS_OPENING))
mci->mci_flags |= MCIF_7BIT;
if (clever && mci->mci_state != MCIS_CLOSED)
{
-# if STARTTLS || SASL
- int dotpos;
+#if STARTTLS || SASL
char *srvname;
extern SOCKADDR CurHostAddr;
-# endif /* STARTTLS || SASL */
-
-# if SASL
-# define DONE_AUTH(f) bitset(MCIF_AUTHACT, f)
-# endif /* SASL */
-# if STARTTLS
-# define DONE_STARTTLS(f) bitset(MCIF_TLSACT, f)
-# endif /* STARTTLS */
-# define ONLY_HELO(f) bitset(MCIF_ONLY_EHLO, f)
-# define SET_HELO(f) f |= MCIF_ONLY_EHLO
-# define CLR_HELO(f) f &= ~MCIF_ONLY_EHLO
-
-# if STARTTLS || SASL
+#endif /* STARTTLS || SASL */
+
+#if SASL
+# define DONE_AUTH(f) bitset(MCIF_AUTHACT, f)
+#endif
+#if STARTTLS
+# define DONE_STARTTLS(f) bitset(MCIF_TLSACT, f)
+#endif
+#define ONLY_HELO(f) bitset(MCIF_ONLY_EHLO, f)
+#define SET_HELO(f) f |= MCIF_ONLY_EHLO
+#define CLR_HELO(f) f &= ~MCIF_ONLY_EHLO
+
+#if STARTTLS || SASL
/* don't use CurHostName, it is changed in many places */
if (mci->mci_host != NULL)
{
srvname = mci->mci_host;
- dotpos = strlen(srvname) - 1;
- if (dotpos >= 0)
- {
- if (srvname[dotpos] == '.')
- srvname[dotpos] = '\0';
- else
- dotpos = -1;
- }
+ RM_TRAIL_DOT(srvname);
}
else if (mci->mci_mailer != NULL)
{
srvname = mci->mci_mailer->m_name;
dotpos = -1;
}
else
{
srvname = "local";
dotpos = -1;
}
/* don't set {server_name} to NULL or "": see getauth() */
macdefine(&mci->mci_macro, A_TEMP, macid("{server_name}"),
srvname);
/* CurHostAddr is set by makeconnection() and mci_get() */
if (CurHostAddr.sa.sa_family != 0)
{
macdefine(&mci->mci_macro, A_TEMP,
macid("{server_addr}"),
anynet_ntoa(&CurHostAddr));
}
else if (mci->mci_mailer != NULL)
{
/* mailer name is unique, use it as address */
macdefine(&mci->mci_macro, A_PERM,
macid("{server_addr}"),
mci->mci_mailer->m_name);
}
else
{
/* don't set it to NULL or "": see getauth() */
macdefine(&mci->mci_macro, A_PERM,
macid("{server_addr}"), "0");
}
+# if DANE
+ SM_FREE(dane_vrfy_ctx.dane_vrfy_host);
+ SM_FREE(dane_vrfy_ctx.dane_vrfy_sni);
+ dane_vrfy_ctx.dane_vrfy_fp[0] = '\0';
+ if (ste != NULL && ste->s_tlsa != NULL &&
+ ste->s_tlsa->dane_tlsa_sni != NULL)
+ dane_vrfy_ctx.dane_vrfy_sni = sm_strdup(ste->s_tlsa->dane_tlsa_sni);
+ dane_vrfy_ctx.dane_vrfy_host = sm_strdup(srvname);
+# endif
+
/* undo change of srvname (mci->mci_host) */
- if (dotpos >= 0)
- srvname[dotpos] = '.';
+ FIX_TRAIL_DOT(srvname);
reconnect: /* after switching to an encrypted connection */
-# endif /* STARTTLS || SASL */
+# if DANE
+ if (DONE_STARTTLS(mci->mci_flags))
+ {
+ /* use a "reset" function? */
+ SM_FREE(dane_vrfy_ctx.dane_vrfy_host);
+ SM_FREE(dane_vrfy_ctx.dane_vrfy_sni);
+ dane_vrfy_ctx.dane_vrfy_fp[0] = '\0';
+ dane_vrfy_ctx.dane_vrfy_res = 0;
+ }
+# endif
+
+#endif /* STARTTLS || SASL */
/* set the current connection information */
e->e_mci = mci;
-# if SASL
+#if SASL
mci->mci_saslcap = NULL;
-# endif /* SASL */
+#endif
smtpinit(m, mci, e, ONLY_HELO(mci->mci_flags));
CLR_HELO(mci->mci_flags);
if (IS_DLVR_RETURN(e))
{
/*
** Check whether other side can deliver e-mail
** fast enough
*/
if (!bitset(MCIF_DLVR_BY, mci->mci_flags))
{
e->e_status = "5.4.7";
usrerrenh(e->e_status,
"554 Server does not support Deliver By");
rcode = EX_UNAVAILABLE;
goto give_up;
}
if (e->e_deliver_by > 0 &&
e->e_deliver_by - (curtime() - e->e_ctime) <
mci->mci_min_by)
{
e->e_status = "5.4.7";
usrerrenh(e->e_status,
"554 Message can't be delivered in time; %ld < %ld",
- e->e_deliver_by - (curtime() - e->e_ctime),
+ e->e_deliver_by - (long) (curtime() -
+ e->e_ctime),
mci->mci_min_by);
rcode = EX_UNAVAILABLE;
goto give_up;
}
}
-# if STARTTLS
+#if STARTTLS
/* first TLS then AUTH to provide a security layer */
if (mci->mci_state != MCIS_CLOSED &&
!DONE_STARTTLS(mci->mci_flags))
{
int olderrors;
bool usetls;
bool saveQuickAbort = QuickAbort;
bool saveSuprErrs = SuprErrs;
char *host = NULL;
rcode = EX_OK;
usetls = bitset(MCIF_TLS, mci->mci_flags);
if (usetls)
usetls = !iscltflgset(e, D_NOTLS);
+ if (usetls)
+ usetls = tlsstate == 0;
host = macvalue(macid("{server_name}"), e);
if (usetls)
{
olderrors = Errors;
QuickAbort = false;
SuprErrs = true;
if (rscheck("try_tls", host, NULL, e,
RSF_RMCOMM, 7, host, NOQID, NULL,
NULL) != EX_OK
|| Errors > olderrors)
{
usetls = false;
}
SuprErrs = saveSuprErrs;
QuickAbort = saveQuickAbort;
}
if (usetls)
{
- if ((rcode = starttls(m, mci, e)) == EX_OK)
+ if ((rcode = starttls(m, mci, e
+# if DANE
+ , &dane_vrfy_ctx
+# endif
+ )) == EX_OK)
{
/* start again without STARTTLS */
mci->mci_flags |= MCIF_TLSACT;
}
else
{
char *s;
/*
** TLS negotiation failed, what to do?
** fall back to unencrypted connection
** or abort? How to decide?
** set a macro and call a ruleset.
*/
mci->mci_flags &= ~MCIF_TLS;
switch (rcode)
{
case EX_TEMPFAIL:
s = "TEMP";
break;
case EX_USAGE:
s = "USAGE";
break;
case EX_PROTOCOL:
s = "PROTOCOL";
break;
case EX_SOFTWARE:
s = "SOFTWARE";
break;
case EX_UNAVAILABLE:
s = "NONE";
break;
/* everything else is a failure */
default:
s = "FAILURE";
rcode = EX_TEMPFAIL;
}
macdefine(&e->e_macro, A_PERM,
macid("{verify}"), s);
}
}
else
+ {
+ p = tlsstate == 0 ? "NONE": "CLEAR";
+# if DANE
+ /*
+ ** TLSA found but STARTTLS not offered?
+ ** What is the best way to "fail"?
+ ** XXX: check expiration!
+ */
+
+ if (!bitset(MCIF_TLS, mci->mci_flags) &&
+ ste != NULL &&
+ ste->s_tlsa != NULL &&
+ ste->s_tlsa->dane_tlsa_n > 0)
+ {
+ if (LogLevel > 8)
+ sm_syslog(LOG_NOTICE, NOQID,
+ "STARTTLS=client, relay=%.100s, warning=DANE configured in DNS but no STARTTLS available",
+ host);
+ /* XXX include TLSA RR from DNS? */
+
+ p = "DANE_FAIL";
+ }
+# endif /* DANE */
macdefine(&e->e_macro, A_PERM,
- macid("{verify}"), "NONE");
+ macid("{verify}"), p);
+ }
olderrors = Errors;
QuickAbort = false;
SuprErrs = true;
/*
** rcode == EX_SOFTWARE is special:
** the TLS negotiation failed
** we have to drop the connection no matter what
** However, we call tls_server to give it the chance
** to log the problem and return an appropriate
** error code.
*/
if (rscheck("tls_server",
macvalue(macid("{verify}"), e),
NULL, e, RSF_RMCOMM|RSF_COUNT, 5,
host, NOQID, NULL, NULL) != EX_OK ||
Errors > olderrors ||
rcode == EX_SOFTWARE)
{
char enhsc[ENHSCLEN];
extern char MsgBuf[];
if (ISSMTPCODE(MsgBuf) &&
extenhsc(MsgBuf + 4, ' ', enhsc) > 0)
{
p = sm_rpool_strdup_x(e->e_rpool,
MsgBuf);
}
else
{
p = "403 4.7.0 server not authenticated.";
(void) sm_strlcpy(enhsc, "4.7.0",
sizeof(enhsc));
}
SuprErrs = saveSuprErrs;
QuickAbort = saveQuickAbort;
if (rcode == EX_SOFTWARE)
{
/* drop the connection */
mci->mci_state = MCIS_QUITING;
if (mci->mci_in != NULL)
{
(void) sm_io_close(mci->mci_in,
SM_TIME_DEFAULT);
mci->mci_in = NULL;
}
mci->mci_flags &= ~MCIF_TLSACT;
(void) endmailer(mci, e, pv);
+
+ if ((TLSFallbacktoClear ||
+ SM_TLSI_IS(&(mci->mci_tlsi),
+ TLSI_FL_FB2CLR)) &&
+ !SM_TLSI_IS(&(mci->mci_tlsi),
+ TLSI_FL_NOFB2CLR)
+# if DANE
+ && dane_vrfy_ctx.dane_vrfy_chk !=
+ DANE_SECURE
+# endif
+ )
+ {
+ ++tlsstate;
+ }
}
else
{
/* abort transfer */
smtpquit(m, mci, e);
}
/* avoid bogus error msg */
mci->mci_errno = 0;
/* temp or permanent failure? */
rcode = (*p == '4') ? EX_TEMPFAIL
: EX_UNAVAILABLE;
mci_setstat(mci, rcode, enhsc, p);
/*
** hack to get the error message into
** the envelope (done in giveresponse())
*/
(void) sm_strlcpy(SmtpError, p,
sizeof(SmtpError));
}
else if (mci->mci_state == MCIS_CLOSED)
{
/* connection close caused by 421 */
mci->mci_errno = 0;
rcode = EX_TEMPFAIL;
mci_setstat(mci, rcode, NULL, "421");
}
else
rcode = 0;
QuickAbort = saveQuickAbort;
SuprErrs = saveSuprErrs;
if (DONE_STARTTLS(mci->mci_flags) &&
mci->mci_state != MCIS_CLOSED)
{
SET_HELO(mci->mci_flags);
mci_clr_extensions(mci);
goto reconnect;
}
+ if (tlsstate == 1)
+ {
+ if (tTd(11, 1))
+ {
+ sm_syslog(LOG_DEBUG, NOQID,
+ "STARTTLS=client, relay=%.100s, tlsstate=%d, status=trying_again",
+ mci->mci_host, tlsstate);
+ mci_dump(NULL, mci, true);
+ }
+ ++tlsstate;
+
+ /*
+ ** Fake the status so a new connection is
+ ** tried, otherwise the TLS error will
+ ** "persist" during this delivery attempt.
+ */
+
+ mci->mci_errno = 0;
+ rcode = EX_OK;
+ mci_setstat(mci, rcode, NULL, NULL);
+ goto one_last_try;
+}
}
-# endif /* STARTTLS */
-# if SASL
+#endif /* STARTTLS */
+#if SASL
/* if other server supports authentication let's authenticate */
if (mci->mci_state != MCIS_CLOSED &&
mci->mci_saslcap != NULL &&
!DONE_AUTH(mci->mci_flags) && !iscltflgset(e, D_NOAUTH))
{
/* Should we require some minimum authentication? */
if ((ret = smtpauth(m, mci, e)) == EX_OK)
{
int result;
sasl_ssf_t *ssf = NULL;
/* Get security strength (features) */
result = sasl_getprop(mci->mci_conn, SASL_SSF,
# if SASL >= 20000
(const void **) &ssf);
-# else /* SASL >= 20000 */
+# else
(void **) &ssf);
-# endif /* SASL >= 20000 */
+# endif
/* XXX authid? */
if (LogLevel > 9)
sm_syslog(LOG_INFO, NOQID,
"AUTH=client, relay=%.100s, mech=%.16s, bits=%d",
mci->mci_host,
macvalue(macid("{auth_type}"), e),
result == SASL_OK ? *ssf : 0);
/*
** Only switch to encrypted connection
** if a security layer has been negotiated
*/
if (result == SASL_OK && *ssf > 0)
{
int tmo;
/*
** Convert I/O layer to use SASL.
** If the call fails, the connection
** is aborted.
*/
tmo = DATA_PROGRESS_TIMEOUT * 1000;
if (sfdcsasl(&mci->mci_in,
&mci->mci_out,
mci->mci_conn, tmo) == 0)
{
mci_clr_extensions(mci);
mci->mci_flags |= MCIF_AUTHACT|
MCIF_ONLY_EHLO;
goto reconnect;
}
syserr("AUTH TLS switch failed in client");
}
/* else? XXX */
mci->mci_flags |= MCIF_AUTHACT;
}
else if (ret == EX_TEMPFAIL)
{
if (LogLevel > 8)
sm_syslog(LOG_ERR, NOQID,
"AUTH=client, relay=%.100s, temporary failure, connection abort",
mci->mci_host);
smtpquit(m, mci, e);
/* avoid bogus error msg */
mci->mci_errno = 0;
rcode = EX_TEMPFAIL;
mci_setstat(mci, rcode, "4.3.0", p);
/*
** hack to get the error message into
** the envelope (done in giveresponse())
*/
(void) sm_strlcpy(SmtpError,
"Temporary AUTH failure",
sizeof(SmtpError));
}
}
-# endif /* SASL */
+#endif /* SASL */
}
-
do_transfer:
/* clear out per-message flags from connection structure */
mci->mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7);
if (bitset(EF_HAS8BIT, e->e_flags) &&
!bitset(EF_DONT_MIME, e->e_flags) &&
bitnset(M_7BITS, m->m_flags))
mci->mci_flags |= MCIF_CVT8TO7;
#if MIME7TO8
if (bitnset(M_MAKE8BIT, m->m_flags) &&
!bitset(MCIF_7BIT, mci->mci_flags) &&
(p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL &&
(sm_strcasecmp(p, "quoted-printable") == 0 ||
sm_strcasecmp(p, "base64") == 0) &&
(p = hvalue("Content-Type", e->e_header)) != NULL)
{
/* may want to convert 7 -> 8 */
/* XXX should really parse it here -- and use a class XXX */
if (sm_strncasecmp(p, "text/plain", 10) == 0 &&
(p[10] == '\0' || p[10] == ' ' || p[10] == ';'))
mci->mci_flags |= MCIF_CVT7TO8;
}
#endif /* MIME7TO8 */
if (tTd(11, 1))
{
sm_dprintf("openmailer: ");
mci_dump(sm_debug_file(), mci, false);
}
#if _FFR_CLIENT_SIZE
/*
** See if we know the maximum size and
** abort if the message is too big.
**
** NOTE: _FFR_CLIENT_SIZE is untested.
*/
if (bitset(MCIF_SIZE, mci->mci_flags) &&
mci->mci_maxsize > 0 &&
e->e_msgsize > mci->mci_maxsize)
{
e->e_flags |= EF_NO_BODY_RETN;
if (bitnset(M_LOCALMAILER, m->m_flags))
e->e_status = "5.2.3";
else
e->e_status = "5.3.4";
usrerrenh(e->e_status,
"552 Message is too large; %ld bytes max",
mci->mci_maxsize);
rcode = EX_DATAERR;
/* Need an e_message for error */
(void) sm_snprintf(SmtpError, sizeof(SmtpError),
"Message is too large; %ld bytes max",
mci->mci_maxsize);
goto give_up;
}
#endif /* _FFR_CLIENT_SIZE */
if (mci->mci_state != MCIS_OPEN)
{
/* couldn't open the mailer */
rcode = mci->mci_exitstat;
errno = mci->mci_errno;
SM_SET_H_ERRNO(mci->mci_herrno);
if (rcode == EX_OK)
{
/* shouldn't happen */
syserr("554 5.3.5 deliver: mci=%lx rcode=%d errno=%d state=%d sig=%s",
(unsigned long) mci, rcode, errno,
mci->mci_state, firstsig);
mci_dump_all(smioout, true);
rcode = EX_SOFTWARE;
}
else if (nummxhosts > hostnum)
{
/* try next MX site */
goto tryhost;
}
}
else if (!clever)
{
bool ok;
/*
** Format and send message.
*/
rcode = EX_OK;
errno = 0;
ok = putfromline(mci, e);
if (ok)
ok = (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
if (ok)
ok = (*e->e_putbody)(mci, e, NULL);
if (ok && bitset(MCIF_INLONGLINE, mci->mci_flags))
ok = putline("", mci);
/*
** Ignore an I/O error that was caused by EPIPE.
** Some broken mailers don't read the entire body
** but just exit() thus causing an I/O error.
*/
if (!ok && (sm_io_error(mci->mci_out) && errno == EPIPE))
ok = true;
/* (always) get the exit status */
rcode = endmailer(mci, e, pv);
if (!ok)
rcode = EX_TEMPFAIL;
if (rcode == EX_TEMPFAIL && SmtpError[0] == '\0')
{
/*
** Need an e_message for mailq display.
** We set SmtpError as
*/
(void) sm_snprintf(SmtpError, sizeof(SmtpError),
"%s mailer (%s) exited with EX_TEMPFAIL",
m->m_name, m->m_mailer);
}
}
else
{
/*
** Send the MAIL FROM: protocol
*/
/* XXX this isn't pipelined... */
rcode = smtpmailfrom(m, mci, e);
if (rcode == EX_OK)
{
register int i;
-# if PIPELINING
+#if PIPELINING
ADDRESS *volatile pchain;
-# endif /* PIPELINING */
+#endif
/* send the recipient list */
tobuf[0] = '\0';
mci->mci_retryrcpt = false;
mci->mci_tolist = tobuf;
-# if PIPELINING
+#if PIPELINING
pchain = NULL;
mci->mci_nextaddr = NULL;
-# endif /* PIPELINING */
+#endif
for (to = tochain; to != NULL; to = to->q_tchain)
{
if (!QS_IS_UNMARKED(to->q_state))
continue;
/* mark recipient state as "ok so far" */
to->q_state = QS_OK;
e->e_to = to->q_paddr;
-# if STARTTLS
+#if STARTTLS
i = rscheck("tls_rcpt", to->q_user, NULL, e,
RSF_RMCOMM|RSF_COUNT, 3,
mci->mci_host, e->e_id, NULL, NULL);
if (i != EX_OK)
{
markfailure(e, to, mci, i, false);
giveresponse(i, to->q_status, m, mci,
ctladdr, xstart, e, to);
if (i == EX_TEMPFAIL)
{
mci->mci_retryrcpt = true;
to->q_state = QS_RETRY;
}
continue;
}
-# endif /* STARTTLS */
+#endif /* STARTTLS */
i = smtprcpt(to, m, mci, e, ctladdr, xstart);
-# if PIPELINING
+#if PIPELINING
if (i == EX_OK &&
bitset(MCIF_PIPELINED, mci->mci_flags))
{
/*
** Add new element to list of
** recipients for pipelining.
*/
to->q_pchain = NULL;
if (mci->mci_nextaddr == NULL)
mci->mci_nextaddr = to;
if (pchain == NULL)
pchain = to;
else
{
pchain->q_pchain = to;
pchain = pchain->q_pchain;
}
}
-# endif /* PIPELINING */
+#endif /* PIPELINING */
if (i != EX_OK)
{
markfailure(e, to, mci, i, false);
giveresponse(i, to->q_status, m, mci,
ctladdr, xstart, e, to);
if (i == EX_TEMPFAIL)
to->q_state = QS_RETRY;
}
}
/* No recipients in list and no missing responses? */
if (tobuf[0] == '\0'
-# if PIPELINING
+#if PIPELINING
&& bitset(MCIF_PIPELINED, mci->mci_flags)
&& mci->mci_nextaddr == NULL
-# endif /* PIPELINING */
+#endif
)
{
rcode = EX_OK;
e->e_to = NULL;
if (bitset(MCIF_CACHED, mci->mci_flags))
smtprset(m, mci, e);
}
else
{
e->e_to = tobuf + 1;
rcode = smtpdata(m, mci, e, ctladdr, xstart);
}
}
if (rcode == EX_TEMPFAIL && nummxhosts > hostnum)
{
/* try next MX site */
goto tryhost;
}
}
#if NAMED_BIND
if (ConfigLevel < 2)
_res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
-#endif /* NAMED_BIND */
+#endif
if (tTd(62, 1))
checkfds("after delivery");
/*
** Do final status disposal.
** We check for something in tobuf for the SMTP case.
** If we got a temporary failure, arrange to queue the
** addressees.
*/
give_up:
if (bitnset(M_LMTP, m->m_flags))
{
lmtp_rcode = rcode;
tobuf[0] = '\0';
anyok = false;
strsize = 0;
}
else
anyok = rcode == EX_OK;
for (to = tochain; to != NULL; to = to->q_tchain)
{
/* see if address already marked */
if (!QS_IS_OK(to->q_state))
continue;
/* if running LMTP, get the status for each address */
if (bitnset(M_LMTP, m->m_flags))
{
if (lmtp_rcode == EX_OK)
rcode = smtpgetstat(m, mci, e);
if (rcode == EX_OK)
{
strsize += sm_strlcat2(tobuf + strsize, ",",
to->q_paddr,
tobufsize - strsize);
SM_ASSERT(strsize < tobufsize);
anyok = true;
}
else
{
e->e_to = to->q_paddr;
markfailure(e, to, mci, rcode, true);
giveresponse(rcode, to->q_status, m, mci,
ctladdr, xstart, e, to);
e->e_to = tobuf + 1;
continue;
}
}
else
{
/* mark bad addresses */
if (rcode != EX_OK)
{
if (goodmxfound && rcode == EX_NOHOST)
rcode = EX_TEMPFAIL;
markfailure(e, to, mci, rcode, true);
continue;
}
}
/* successful delivery */
to->q_state = QS_SENT;
to->q_statdate = curtime();
e->e_nsent++;
/*
** Checkpoint the send list every few addresses
*/
if (CheckpointInterval > 0 && e->e_nsent >= CheckpointInterval)
{
queueup(e, false, false);
e->e_nsent = 0;
}
if (bitnset(M_LOCALMAILER, m->m_flags) &&
bitset(QPINGONSUCCESS, to->q_flags))
{
to->q_flags |= QDELIVERED;
to->q_status = "2.1.5";
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"%s... Successfully delivered\n",
to->q_paddr);
}
else if (bitset(QPINGONSUCCESS, to->q_flags) &&
bitset(QPRIMARY, to->q_flags) &&
!bitset(MCIF_DSN, mci->mci_flags))
{
to->q_flags |= QRELAYED;
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"%s... relayed; expect no further notifications\n",
to->q_paddr);
}
else if (IS_DLVR_NOTIFY(e) &&
!bitset(MCIF_DLVR_BY, mci->mci_flags) &&
bitset(QPRIMARY, to->q_flags) &&
(!bitset(QHASNOTIFY, to->q_flags) ||
bitset(QPINGONSUCCESS, to->q_flags) ||
bitset(QPINGONFAILURE, to->q_flags) ||
bitset(QPINGONDELAY, to->q_flags)))
{
/* RFC 2852, 4.1.4.2: no NOTIFY, or not NEVER */
to->q_flags |= QBYNRELAY;
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"%s... Deliver-by notify: relayed\n",
to->q_paddr);
}
else if (IS_DLVR_TRACE(e) &&
(!bitset(QHASNOTIFY, to->q_flags) ||
bitset(QPINGONSUCCESS, to->q_flags) ||
bitset(QPINGONFAILURE, to->q_flags) ||
bitset(QPINGONDELAY, to->q_flags)) &&
bitset(QPRIMARY, to->q_flags))
{
/* RFC 2852, 4.1.4: no NOTIFY, or not NEVER */
to->q_flags |= QBYTRACE;
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"%s... Deliver-By trace: relayed\n",
to->q_paddr);
}
}
if (bitnset(M_LMTP, m->m_flags))
{
/*
** Global information applies to the last recipient only;
** clear it out to avoid bogus errors.
*/
rcode = EX_OK;
e->e_statmsg = NULL;
/* reset the mci state for the next transaction */
if (mci != NULL &&
(mci->mci_state == MCIS_MAIL ||
mci->mci_state == MCIS_RCPT ||
mci->mci_state == MCIS_DATA))
{
mci->mci_state = MCIS_OPEN;
SmtpPhase = mci->mci_phase = "idle";
sm_setproctitle(true, e, "%s: %s", CurHostName,
mci->mci_phase);
}
}
if (tobuf[0] != '\0')
{
giveresponse(rcode, NULL, m, mci, ctladdr, xstart, e, NULL);
#if 0
/*
** This code is disabled for now because I am not
** sure that copying status from the first recipient
** to all non-status'ed recipients is a good idea.
*/
if (tochain->q_message != NULL &&
!bitnset(M_LMTP, m->m_flags) && rcode != EX_OK)
{
for (to = tochain->q_tchain; to != NULL;
to = to->q_tchain)
{
/* see if address already marked */
if (QS_IS_QUEUEUP(to->q_state) &&
to->q_message == NULL)
to->q_message = sm_rpool_strdup_x(e->e_rpool,
tochain->q_message);
}
}
#endif /* 0 */
}
if (anyok)
markstats(e, tochain, STATS_NORMAL);
mci_store_persistent(mci);
+#if _FFR_OCC
+ /*
+ ** HACK: this is NOT the right place to "close" a connection!
+ ** use smtpquit?
+ ** add a flag to mci to indicate that rate/conc. was increased?
+ */
+
+ if (clever)
+ {
+ extern SOCKADDR CurHostAddr;
+
+ /* check family... {} */
+ /* r = anynet_pton(AF_INET, p, dst); */
+ occ_close(e, mci, host, &CurHostAddr);
+ }
+#endif /* _FFR_OCC */
+
/* Some recipients were tempfailed, try them on the next host */
if (mci != NULL && mci->mci_retryrcpt && nummxhosts > hostnum)
{
/* try next MX site */
goto tryhost;
}
/* now close the connection */
if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED &&
!bitset(MCIF_CACHED, mci->mci_flags))
smtpquit(m, mci, e);
cleanup: ;
}
SM_FINALLY
{
/*
** Restore state and return.
*/
#if XDEBUG
char wbuf[MAXLINE];
/* make absolutely certain 0, 1, and 2 are in use */
(void) sm_snprintf(wbuf, sizeof(wbuf),
"%s... end of deliver(%s)",
e->e_to == NULL ? "NO-TO-LIST"
: shortenstring(e->e_to,
MAXSHORTSTR),
m->m_name);
checkfd012(wbuf);
#endif /* XDEBUG */
errno = 0;
/*
** It was originally necessary to set macro 'g' to NULL
** because it previously pointed to an auto buffer.
** We don't do this any more, so this may be unnecessary.
*/
macdefine(&e->e_macro, A_PERM, 'g', (char *) NULL);
e->e_to = NULL;
}
SM_END_TRY
return rcode;
}
/*
** MARKFAILURE -- mark a failure on a specific address.
**
** Parameters:
** e -- the envelope we are sending.
** q -- the address to mark.
** mci -- mailer connection information.
** rcode -- the code signifying the particular failure.
** ovr -- override an existing code?
**
** Returns:
** none.
**
** Side Effects:
** marks the address (and possibly the envelope) with the
** failure so that an error will be returned or
** the message will be queued, as appropriate.
*/
void
markfailure(e, q, mci, rcode, ovr)
register ENVELOPE *e;
register ADDRESS *q;
register MCI *mci;
int rcode;
bool ovr;
{
int save_errno = errno;
char *status = NULL;
char *rstatus = NULL;
switch (rcode)
{
case EX_OK:
break;
case EX_TEMPFAIL:
case EX_IOERR:
case EX_OSERR:
q->q_state = QS_QUEUEUP;
break;
default:
q->q_state = QS_BADADDR;
break;
}
/* find most specific error code possible */
if (mci != NULL && mci->mci_status != NULL)
{
status = sm_rpool_strdup_x(e->e_rpool, mci->mci_status);
if (mci->mci_rstatus != NULL)
rstatus = sm_rpool_strdup_x(e->e_rpool,
mci->mci_rstatus);
- else
- rstatus = NULL;
}
else if (e->e_status != NULL)
{
status = e->e_status;
- rstatus = NULL;
}
else
{
switch (rcode)
{
case EX_USAGE:
status = "5.5.4";
break;
case EX_DATAERR:
status = "5.5.2";
break;
case EX_NOUSER:
status = "5.1.1";
break;
case EX_NOHOST:
status = "5.1.2";
break;
case EX_NOINPUT:
case EX_CANTCREAT:
case EX_NOPERM:
status = "5.3.0";
break;
case EX_UNAVAILABLE:
case EX_SOFTWARE:
case EX_OSFILE:
case EX_PROTOCOL:
case EX_CONFIG:
status = "5.5.0";
break;
case EX_OSERR:
case EX_IOERR:
status = "4.5.0";
break;
case EX_TEMPFAIL:
status = "4.2.0";
break;
}
}
/* new status? */
if (status != NULL && *status != '\0' && (ovr || q->q_status == NULL ||
*q->q_status == '\0' || *q->q_status < *status))
{
q->q_status = status;
q->q_rstatus = rstatus;
}
if (rcode != EX_OK && q->q_rstatus == NULL &&
q->q_mailer != NULL && q->q_mailer->m_diagtype != NULL &&
sm_strcasecmp(q->q_mailer->m_diagtype, "X-UNIX") == 0)
{
char buf[16];
(void) sm_snprintf(buf, sizeof(buf), "%d", rcode);
q->q_rstatus = sm_rpool_strdup_x(e->e_rpool, buf);
}
q->q_statdate = curtime();
if (CurHostName != NULL && CurHostName[0] != '\0' &&
mci != NULL && !bitset(M_LOCALMAILER, mci->mci_flags))
q->q_statmta = sm_rpool_strdup_x(e->e_rpool, CurHostName);
/* restore errno */
errno = save_errno;
}
/*
** ENDMAILER -- Wait for mailer to terminate.
**
** We should never get fatal errors (e.g., segmentation
** violation), so we report those specially. For other
** errors, we choose a status message (into statmsg),
** and if it represents an error, we print it.
**
** Parameters:
** mci -- the mailer connection info.
** e -- the current envelope.
** pv -- the parameter vector that invoked the mailer
** (for error messages).
**
** Returns:
** exit code of mailer.
**
** Side Effects:
** none.
*/
static jmp_buf EndWaitTimeout;
static void
endwaittimeout(ignore)
int ignore;
{
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
errno = ETIMEDOUT;
longjmp(EndWaitTimeout, 1);
}
int
endmailer(mci, e, pv)
register MCI *mci;
register ENVELOPE *e;
char **pv;
{
int st;
int save_errno = errno;
char buf[MAXLINE];
SM_EVENT *ev = NULL;
mci_unlock_host(mci);
/* close output to mailer */
if (mci->mci_out != NULL)
{
(void) sm_io_close(mci->mci_out, SM_TIME_DEFAULT);
mci->mci_out = NULL;
}
/* copy any remaining input to transcript */
if (mci->mci_in != NULL && mci->mci_state != MCIS_ERROR &&
e->e_xfp != NULL)
{
while (sfgets(buf, sizeof(buf), mci->mci_in,
TimeOuts.to_quit, "Draining Input") != NULL)
(void) sm_io_fputs(e->e_xfp, SM_TIME_DEFAULT, buf);
}
#if SASL
/* close SASL connection */
if (bitset(MCIF_AUTHACT, mci->mci_flags))
{
sasl_dispose(&mci->mci_conn);
mci->mci_flags &= ~MCIF_AUTHACT;
}
#endif /* SASL */
#if STARTTLS
/* shutdown TLS */
(void) endtlsclt(mci);
-#endif /* STARTTLS */
+#endif
/* now close the input */
if (mci->mci_in != NULL)
{
(void) sm_io_close(mci->mci_in, SM_TIME_DEFAULT);
mci->mci_in = NULL;
}
mci->mci_state = MCIS_CLOSED;
errno = save_errno;
/* in the IPC case there is nothing to wait for */
if (mci->mci_pid == 0)
return EX_OK;
/* put a timeout around the wait */
if (mci->mci_mailer->m_wait > 0)
{
if (setjmp(EndWaitTimeout) == 0)
ev = sm_setevent(mci->mci_mailer->m_wait,
endwaittimeout, 0);
else
{
syserr("endmailer %s: wait timeout (%ld)",
mci->mci_mailer->m_name,
(long) mci->mci_mailer->m_wait);
return EX_TEMPFAIL;
}
}
/* wait for the mailer process, collect status */
st = waitfor(mci->mci_pid);
save_errno = errno;
if (ev != NULL)
sm_clrevent(ev);
errno = save_errno;
if (st == -1)
{
syserr("endmailer %s: wait", mci->mci_mailer->m_name);
return EX_SOFTWARE;
}
if (WIFEXITED(st))
{
/* normal death -- return status */
return (WEXITSTATUS(st));
}
/* it died a horrid death */
syserr("451 4.3.0 mailer %s died with signal %d%s",
mci->mci_mailer->m_name, WTERMSIG(st),
WCOREDUMP(st) ? " (core dumped)" :
(WIFSTOPPED(st) ? " (stopped)" : ""));
/* log the arguments */
if (pv != NULL && e->e_xfp != NULL)
{
register char **av;
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, "Arguments:");
for (av = pv; *av != NULL; av++)
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, " %s",
*av);
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, "\n");
}
ExitStat = EX_TEMPFAIL;
return EX_TEMPFAIL;
}
/*
** GIVERESPONSE -- Interpret an error response from a mailer
**
** Parameters:
** status -- the status code from the mailer (high byte
** only; core dumps must have been taken care of
** already).
** dsn -- the DSN associated with the address, if any.
** m -- the mailer info for this mailer.
** mci -- the mailer connection info -- can be NULL if the
** response is given before the connection is made.
** ctladdr -- the controlling address for the recipient
** address(es).
** xstart -- the transaction start time, for computing
** transaction delays.
** e -- the current envelope.
** to -- the current recipient (NULL if none).
**
** Returns:
** none.
**
** Side Effects:
** Errors may be incremented.
** ExitStat may be set.
*/
void
giveresponse(status, dsn, m, mci, ctladdr, xstart, e, to)
int status;
char *dsn;
register MAILER *m;
register MCI *mci;
ADDRESS *ctladdr;
time_t xstart;
ENVELOPE *e;
ADDRESS *to;
{
register const char *statmsg;
int errnum = errno;
int off = 4;
bool usestat = false;
char dsnbuf[ENHSCLEN];
char buf[MAXLINE];
char *exmsg;
if (e == NULL)
{
syserr("giveresponse: null envelope");
/* NOTREACHED */
SM_ASSERT(0);
}
/*
** Compute status message from code.
*/
exmsg = sm_sysexmsg(status);
if (status == 0)
{
statmsg = "250 2.0.0 Sent";
if (e->e_statmsg != NULL)
{
(void) sm_snprintf(buf, sizeof(buf), "%s (%s)",
statmsg,
shortenstring(e->e_statmsg, 403));
statmsg = buf;
}
}
else if (exmsg == NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
"554 5.3.0 unknown mailer error %d",
status);
status = EX_UNAVAILABLE;
statmsg = buf;
usestat = true;
}
else if (status == EX_TEMPFAIL)
{
char *bp = buf;
(void) sm_strlcpy(bp, exmsg + 1, SPACELEFT(buf, bp));
bp += strlen(bp);
#if NAMED_BIND
if (h_errno == TRY_AGAIN)
statmsg = sm_errstring(h_errno + E_DNSBASE);
else
#endif /* NAMED_BIND */
{
if (errnum != 0)
statmsg = sm_errstring(errnum);
else
statmsg = SmtpError;
}
if (statmsg != NULL && statmsg[0] != '\0')
{
switch (errnum)
{
#ifdef ENETDOWN
case ENETDOWN: /* Network is down */
-#endif /* ENETDOWN */
+#endif
#ifdef ENETUNREACH
case ENETUNREACH: /* Network is unreachable */
-#endif /* ENETUNREACH */
+#endif
#ifdef ENETRESET
case ENETRESET: /* Network dropped connection on reset */
-#endif /* ENETRESET */
+#endif
#ifdef ECONNABORTED
case ECONNABORTED: /* Software caused connection abort */
-#endif /* ECONNABORTED */
+#endif
#ifdef EHOSTDOWN
case EHOSTDOWN: /* Host is down */
-#endif /* EHOSTDOWN */
+#endif
#ifdef EHOSTUNREACH
case EHOSTUNREACH: /* No route to host */
-#endif /* EHOSTUNREACH */
+#endif
if (mci != NULL && mci->mci_host != NULL)
{
(void) sm_strlcpyn(bp,
SPACELEFT(buf, bp),
2, ": ",
mci->mci_host);
bp += strlen(bp);
}
break;
}
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ": ",
statmsg);
+#if DANE
+ if (errnum == 0 && SmtpError[0] != '\0' &&
+ h_errno == TRY_AGAIN &&
+ mci->mci_exitstat == EX_TEMPFAIL)
+ {
+ (void) sm_strlcat(bp, SmtpError,
+ SPACELEFT(buf, bp));
+ bp += strlen(bp);
+ }
+#endif /* DANE */
usestat = true;
}
statmsg = buf;
}
#if NAMED_BIND
else if (status == EX_NOHOST && h_errno != 0)
{
statmsg = sm_errstring(h_errno + E_DNSBASE);
(void) sm_snprintf(buf, sizeof(buf), "%s (%s)", exmsg + 1,
statmsg);
statmsg = buf;
usestat = true;
}
#endif /* NAMED_BIND */
else
{
statmsg = exmsg;
if (*statmsg++ == ':' && errnum != 0)
{
(void) sm_snprintf(buf, sizeof(buf), "%s: %s", statmsg,
sm_errstring(errnum));
statmsg = buf;
usestat = true;
}
else if (bitnset(M_LMTP, m->m_flags) && e->e_statmsg != NULL)
{
(void) sm_snprintf(buf, sizeof(buf), "%s (%s)", statmsg,
shortenstring(e->e_statmsg, 403));
statmsg = buf;
usestat = true;
}
}
/*
** Print the message as appropriate
*/
if (status == EX_OK || status == EX_TEMPFAIL)
{
extern char MsgBuf[];
if ((off = isenhsc(statmsg + 4, ' ')) > 0)
{
if (dsn == NULL)
{
(void) sm_snprintf(dsnbuf, sizeof(dsnbuf),
"%.*s", off, statmsg + 4);
dsn = dsnbuf;
}
off += 5;
}
else
{
off = 4;
}
message("%s", statmsg + off);
if (status == EX_TEMPFAIL && e->e_xfp != NULL)
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT, "%s\n",
&MsgBuf[4]);
}
else
{
char mbuf[ENHSCLEN + 4];
Errors++;
if ((off = isenhsc(statmsg + 4, ' ')) > 0 &&
off < sizeof(mbuf) - 4)
{
if (dsn == NULL)
{
(void) sm_snprintf(dsnbuf, sizeof(dsnbuf),
"%.*s", off, statmsg + 4);
dsn = dsnbuf;
}
off += 5;
/* copy only part of statmsg to mbuf */
(void) sm_strlcpy(mbuf, statmsg, off);
(void) sm_strlcat(mbuf, " %s", sizeof(mbuf));
}
else
{
dsnbuf[0] = '\0';
(void) sm_snprintf(mbuf, sizeof(mbuf), "%.3s %%s",
statmsg);
off = 4;
}
usrerr(mbuf, &statmsg[off]);
}
/*
** Final cleanup.
** Log a record of the transaction. Compute the new ExitStat
** -- if we already had an error, stick with that.
*/
if (OpMode != MD_VERIFY && !bitset(EF_VRFYONLY, e->e_flags) &&
LogLevel > ((status == EX_TEMPFAIL) ? 8 : (status == EX_OK) ? 7 : 6))
logdelivery(m, mci, dsn, statmsg + off, ctladdr, xstart, e, to, status);
if (tTd(11, 2))
sm_dprintf("giveresponse: status=%d, dsn=%s, e->e_message=%s, errnum=%d\n",
status,
dsn == NULL ? "<NULL>" : dsn,
e->e_message == NULL ? "<NULL>" : e->e_message,
errnum);
if (status != EX_TEMPFAIL)
setstat(status);
if (status != EX_OK && (status != EX_TEMPFAIL || e->e_message == NULL))
e->e_message = sm_rpool_strdup_x(e->e_rpool, statmsg + off);
if (status != EX_OK && to != NULL && to->q_message == NULL)
{
if (!usestat && e->e_message != NULL)
to->q_message = sm_rpool_strdup_x(e->e_rpool,
e->e_message);
else
to->q_message = sm_rpool_strdup_x(e->e_rpool,
statmsg + off);
}
errno = 0;
SM_SET_H_ERRNO(0);
}
/*
** LOGDELIVERY -- log the delivery in the system log
**
** Care is taken to avoid logging lines that are too long, because
** some versions of syslog have an unfortunate proclivity for core
** dumping. This is a hack, to be sure, that is at best empirical.
**
** Parameters:
** m -- the mailer info. Can be NULL for initial queue.
** mci -- the mailer connection info -- can be NULL if the
** log is occurring when no connection is active.
** dsn -- the DSN attached to the status.
** status -- the message to print for the status.
** ctladdr -- the controlling address for the to list.
** xstart -- the transaction start time, used for
** computing transaction delay.
** e -- the current envelope.
** to -- the current recipient (NULL if none).
** rcode -- status code
**
** Returns:
** none
**
** Side Effects:
** none
*/
void
logdelivery(m, mci, dsn, status, ctladdr, xstart, e, to, rcode)
MAILER *m;
register MCI *mci;
char *dsn;
const char *status;
ADDRESS *ctladdr;
time_t xstart;
register ENVELOPE *e;
ADDRESS *to;
int rcode;
{
register char *bp;
register char *p;
int l;
time_t now = curtime();
char buf[1024];
#if (SYSLOG_BUFSIZE) >= 256
/* ctladdr: max 106 bytes */
bp = buf;
if (ctladdr != NULL)
{
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", ctladdr=",
shortenstring(ctladdr->q_paddr, 83));
bp += strlen(bp);
if (bitset(QGOODUID, ctladdr->q_flags))
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)",
(int) ctladdr->q_uid,
(int) ctladdr->q_gid);
bp += strlen(bp);
}
}
/* delay & xdelay: max 41 bytes */
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", delay=",
pintvl(now - e->e_ctime, true));
bp += strlen(bp);
if (xstart != (time_t) 0)
{
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", xdelay=",
pintvl(now - xstart, true));
bp += strlen(bp);
}
/* mailer: assume about 19 bytes (max 10 byte mailer name) */
if (m != NULL)
{
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", mailer=",
m->m_name);
bp += strlen(bp);
}
# if _FFR_LOG_MORE2
-# if STARTTLS
- p = macvalue(macid("{verify}"), e);
- if (p == NULL || *p == '\0')
- p = "NONE";
- (void) sm_snprintf(bp, SPACELEFT(buf, bp), ", tls_verify=%.20s", p);
- bp += strlen(bp);
-# endif /* STARTTLS */
-# endif /* _FFR_LOG_MORE2 */
+ LOG_MORE(buf, bp);
+# endif
/* pri: changes with each delivery attempt */
(void) sm_snprintf(bp, SPACELEFT(buf, bp), ", pri=%ld",
PRT_NONNEGL(e->e_msgpriority));
bp += strlen(bp);
/* relay: max 66 bytes for IPv4 addresses */
if (mci != NULL && mci->mci_host != NULL)
{
extern SOCKADDR CurHostAddr;
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", relay=",
shortenstring(mci->mci_host, 40));
bp += strlen(bp);
if (CurHostAddr.sa.sa_family != 0)
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp), " [%s]",
anynet_ntoa(&CurHostAddr));
}
}
else if (strcmp(status, "quarantined") == 0)
{
if (e->e_quarmsg != NULL)
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
", quarantine=%s",
shortenstring(e->e_quarmsg, 40));
}
else if (strcmp(status, "queued") != 0)
{
p = macvalue('h', e);
if (p != NULL && p[0] != '\0')
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
", relay=%s", shortenstring(p, 40));
}
}
bp += strlen(bp);
/* dsn */
if (dsn != NULL && *dsn != '\0')
{
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", dsn=",
shortenstring(dsn, ENHSCLEN));
bp += strlen(bp);
}
-#if _FFR_LOG_NTRIES
+# if _FFR_LOG_NTRIES
/* ntries */
if (e->e_ntries >= 0)
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
", ntries=%d", e->e_ntries + 1);
bp += strlen(bp);
}
-#endif /* _FFR_LOG_NTRIES */
+# endif /* _FFR_LOG_NTRIES */
# define STATLEN (((SYSLOG_BUFSIZE) - 100) / 4)
# if (STATLEN) < 63
# undef STATLEN
# define STATLEN 63
# endif /* (STATLEN) < 63 */
# if (STATLEN) > 203
# undef STATLEN
# define STATLEN 203
# endif /* (STATLEN) > 203 */
-#if _FFR_LOGREPLY
/*
** Notes:
** per-rcpt status: to->q_rstatus
** global status: e->e_text
**
** We (re)use STATLEN here, is that a good choice?
**
** stat=Deferred: ...
** has sometimes the same text?
**
** Note: this doesn't show the stage at which the error happened.
** can/should we log that?
** XS_* in reply() basically encodes the state.
+ **
+ ** Note: in some case the normal logging might show the same server
+ ** reply - how to avoid that?
*/
/* only show errors */
if (rcode != EX_OK && to != NULL && to->q_rstatus != NULL &&
*to->q_rstatus != '\0')
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
", reply=%s",
shortenstring(to->q_rstatus, STATLEN));
bp += strlen(bp);
}
else if (rcode != EX_OK && e->e_text != NULL)
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
", reply=%d %s%s%s",
e->e_rcode,
e->e_renhsc,
(e->e_renhsc[0] != '\0') ? " " : "",
shortenstring(e->e_text, STATLEN));
bp += strlen(bp);
}
-#endif
/* stat: max 210 bytes */
if ((bp - buf) > (sizeof(buf) - ((STATLEN) + 20)))
{
/* desperation move -- truncate data */
bp = buf + sizeof(buf) - ((STATLEN) + 17);
(void) sm_strlcpy(bp, "...", SPACELEFT(buf, bp));
bp += 3;
}
(void) sm_strlcpy(bp, ", stat=", SPACELEFT(buf, bp));
bp += strlen(bp);
(void) sm_strlcpy(bp, shortenstring(status, STATLEN),
SPACELEFT(buf, bp));
/* id, to: max 13 + TOBUFSIZE bytes */
l = SYSLOG_BUFSIZE - 100 - strlen(buf);
if (l < 0)
l = 0;
p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to;
while (strlen(p) >= l)
{
register char *q;
for (q = p + l; q > p; q--)
{
/* XXX a comma in an address will break this! */
if (*q == ',')
break;
}
if (p == q)
break;
sm_syslog(LOG_INFO, e->e_id, "to=%.*s [more]%s",
(int) (++q - p), p, buf);
p = q;
}
sm_syslog(LOG_INFO, e->e_id, "to=%.*s%s", l, p, buf);
#else /* (SYSLOG_BUFSIZE) >= 256 */
l = SYSLOG_BUFSIZE - 85;
if (l < 0)
l = 0;
p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to;
while (strlen(p) >= l)
{
register char *q;
for (q = p + l; q > p; q--)
{
if (*q == ',')
break;
}
if (p == q)
break;
sm_syslog(LOG_INFO, e->e_id, "to=%.*s [more]",
(int) (++q - p), p);
p = q;
}
sm_syslog(LOG_INFO, e->e_id, "to=%.*s", l, p);
if (ctladdr != NULL)
{
bp = buf;
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, "ctladdr=",
shortenstring(ctladdr->q_paddr, 83));
bp += strlen(bp);
if (bitset(QGOODUID, ctladdr->q_flags))
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)",
ctladdr->q_uid, ctladdr->q_gid);
bp += strlen(bp);
}
sm_syslog(LOG_INFO, e->e_id, "%s", buf);
}
bp = buf;
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, "delay=",
pintvl(now - e->e_ctime, true));
bp += strlen(bp);
if (xstart != (time_t) 0)
{
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", xdelay=",
pintvl(now - xstart, true));
bp += strlen(bp);
}
if (m != NULL)
{
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2, ", mailer=",
m->m_name);
bp += strlen(bp);
}
sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf);
buf[0] = '\0';
bp = buf;
if (mci != NULL && mci->mci_host != NULL)
{
extern SOCKADDR CurHostAddr;
(void) sm_snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s",
mci->mci_host);
bp += strlen(bp);
if (CurHostAddr.sa.sa_family != 0)
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
" [%.100s]",
anynet_ntoa(&CurHostAddr));
}
else if (strcmp(status, "quarantined") == 0)
{
if (e->e_quarmsg != NULL)
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
", quarantine=%.100s",
e->e_quarmsg);
}
else if (strcmp(status, "queued") != 0)
{
p = macvalue('h', e);
if (p != NULL && p[0] != '\0')
(void) sm_snprintf(buf, sizeof(buf), "relay=%.100s", p);
}
if (buf[0] != '\0')
sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf);
sm_syslog(LOG_INFO, e->e_id, "stat=%s", shortenstring(status, 63));
#endif /* (SYSLOG_BUFSIZE) >= 256 */
}
/*
** PUTFROMLINE -- output a UNIX-style from line (or whatever)
**
** This can be made an arbitrary message separator by changing $l
**
** One of the ugliest hacks seen by human eyes is contained herein:
** UUCP wants those stupid "remote from <host>" lines. Why oh why
** does a well-meaning programmer such as myself have to deal with
** this kind of antique garbage????
**
** Parameters:
** mci -- the connection information.
** e -- the envelope.
**
** Returns:
** true iff line was written successfully
**
** Side Effects:
** outputs some text to fp.
*/
bool
putfromline(mci, e)
register MCI *mci;
ENVELOPE *e;
{
char *template = UnixFromLine;
char buf[MAXLINE];
char xbuf[MAXLINE];
if (bitnset(M_NHDR, mci->mci_mailer->m_flags))
return true;
mci->mci_flags |= MCIF_INHEADER;
if (bitnset(M_UGLYUUCP, mci->mci_mailer->m_flags))
{
char *bang;
expand("\201g", buf, sizeof(buf), e);
bang = strchr(buf, '!');
if (bang == NULL)
{
char *at;
char hname[MAXNAME];
/*
** If we can construct a UUCP path, do so
*/
at = strrchr(buf, '@');
if (at == NULL)
{
expand("\201k", hname, sizeof(hname), e);
at = hname;
}
else
*at++ = '\0';
(void) sm_snprintf(xbuf, sizeof(xbuf),
"From %.800s \201d remote from %.100s\n",
buf, at);
}
else
{
*bang++ = '\0';
(void) sm_snprintf(xbuf, sizeof(xbuf),
"From %.800s \201d remote from %.100s\n",
bang, buf);
template = xbuf;
}
}
expand(template, buf, sizeof(buf), e);
return putxline(buf, strlen(buf), mci, PXLF_HEADER);
}
/*
** PUTBODY -- put the body of a message.
**
** Parameters:
** mci -- the connection information.
** e -- the envelope to put out.
** separator -- if non-NULL, a message separator that must
** not be permitted in the resulting message.
**
** Returns:
** true iff message was written successfully
**
** Side Effects:
** The message is written onto fp.
*/
/* values for output state variable */
#define OSTATE_HEAD 0 /* at beginning of line */
#define OSTATE_CR 1 /* read a carriage return */
#define OSTATE_INLINE 2 /* putting rest of line */
bool
putbody(mci, e, separator)
register MCI *mci;
register ENVELOPE *e;
char *separator;
{
bool dead = false;
bool ioerr = false;
int save_errno;
char buf[MAXLINE];
#if MIME8TO7
char *boundaries[MAXMIMENESTING + 1];
-#endif /* MIME8TO7 */
+#endif
/*
** Output the body of the message
*/
if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags))
{
char *df = queuename(e, DATAFL_LETTER);
e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, df,
SM_IO_RDONLY_B, NULL);
if (e->e_dfp == NULL)
{
char *msg = "!putbody: Cannot open %s for %s from %s";
if (errno == ENOENT)
msg++;
syserr(msg, df, e->e_to, e->e_from.q_paddr);
}
}
if (e->e_dfp == NULL)
{
if (bitset(MCIF_INHEADER, mci->mci_flags))
{
if (!putline("", mci))
goto writeerr;
mci->mci_flags &= ~MCIF_INHEADER;
}
if (!putline("<<< No Message Collected >>>", mci))
goto writeerr;
goto endofmessage;
}
if (e->e_dfino == (ino_t) 0)
{
struct stat stbuf;
if (fstat(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD, NULL), &stbuf)
< 0)
e->e_dfino = -1;
else
{
e->e_dfdev = stbuf.st_dev;
e->e_dfino = stbuf.st_ino;
}
}
/* paranoia: the data file should always be in a rewound state */
(void) bfrewind(e->e_dfp);
/* simulate an I/O timeout when used as source */
if (tTd(84, 101))
sleep(319);
#if MIME8TO7
if (bitset(MCIF_CVT8TO7, mci->mci_flags))
{
/*
** Do 8 to 7 bit MIME conversion.
*/
/* make sure it looks like a MIME message */
if (hvalue("MIME-Version", e->e_header) == NULL &&
!putline("MIME-Version: 1.0", mci))
goto writeerr;
if (hvalue("Content-Type", e->e_header) == NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
"Content-Type: text/plain; charset=%s",
defcharset(e));
if (!putline(buf, mci))
goto writeerr;
}
/* now do the hard work */
boundaries[0] = NULL;
mci->mci_flags |= MCIF_INHEADER;
if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER, 0) ==
SM_IO_EOF)
goto writeerr;
}
# if MIME7TO8
else if (bitset(MCIF_CVT7TO8, mci->mci_flags))
{
if (!mime7to8(mci, e->e_header, e))
goto writeerr;
}
# endif /* MIME7TO8 */
else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0)
{
bool oldsuprerrs = SuprErrs;
/* Use mime8to7 to check multipart for MIME header overflows */
boundaries[0] = NULL;
mci->mci_flags |= MCIF_INHEADER;
/*
** If EF_DONT_MIME is set, we have a broken MIME message
** and don't want to generate a new bounce message whose
** body propagates the broken MIME. We can't just not call
** mime8to7() as is done above since we need the security
** checks. The best we can do is suppress the errors.
*/
if (bitset(EF_DONT_MIME, e->e_flags))
SuprErrs = true;
if (mime8to7(mci, e->e_header, e, boundaries,
M87F_OUTER|M87F_NO8TO7, 0) == SM_IO_EOF)
goto writeerr;
/* restore SuprErrs */
SuprErrs = oldsuprerrs;
}
else
#endif /* MIME8TO7 */
{
int ostate;
register char *bp;
register char *pbp;
register int c;
register char *xp;
int padc;
char *buflim;
int pos = 0;
char peekbuf[12];
if (bitset(MCIF_INHEADER, mci->mci_flags))
{
if (!putline("", mci))
goto writeerr;
mci->mci_flags &= ~MCIF_INHEADER;
}
/* determine end of buffer; allow for short mailer lines */
buflim = &buf[sizeof(buf) - 1];
if (mci->mci_mailer->m_linelimit > 0 &&
mci->mci_mailer->m_linelimit < sizeof(buf) - 1)
buflim = &buf[mci->mci_mailer->m_linelimit - 1];
/* copy temp file to output with mapping */
ostate = OSTATE_HEAD;
bp = buf;
pbp = peekbuf;
while (!sm_io_error(mci->mci_out) && !dead)
{
if (pbp > peekbuf)
c = *--pbp;
else if ((c = sm_io_getc(e->e_dfp, SM_TIME_DEFAULT))
== SM_IO_EOF)
break;
if (bitset(MCIF_7BIT, mci->mci_flags))
c &= 0x7f;
switch (ostate)
{
case OSTATE_HEAD:
if (c == '\0' &&
bitnset(M_NONULLS,
mci->mci_mailer->m_flags))
break;
if (c != '\r' && c != '\n' && bp < buflim)
{
*bp++ = c;
break;
}
/* check beginning of line for special cases */
*bp = '\0';
pos = 0;
padc = SM_IO_EOF;
if (buf[0] == 'F' &&
bitnset(M_ESCFROM, mci->mci_mailer->m_flags)
&& strncmp(buf, "From ", 5) == 0)
{
padc = '>';
}
if (buf[0] == '-' && buf[1] == '-' &&
separator != NULL)
{
/* possible separator */
int sl = strlen(separator);
if (strncmp(&buf[2], separator, sl)
== 0)
padc = ' ';
}
if (buf[0] == '.' &&
bitnset(M_XDOT, mci->mci_mailer->m_flags))
{
padc = '.';
}
/* now copy out saved line */
if (TrafficLogFile != NULL)
{
(void) sm_io_fprintf(TrafficLogFile,
SM_TIME_DEFAULT,
"%05d >>> ",
(int) CurrentPid);
if (padc != SM_IO_EOF)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT,
padc);
for (xp = buf; xp < bp; xp++)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT,
(unsigned char) *xp);
if (c == '\n')
(void) sm_io_fputs(TrafficLogFile,
SM_TIME_DEFAULT,
mci->mci_mailer->m_eol);
}
if (padc != SM_IO_EOF)
{
if (sm_io_putc(mci->mci_out,
SM_TIME_DEFAULT, padc)
== SM_IO_EOF)
{
dead = true;
continue;
}
pos++;
}
for (xp = buf; xp < bp; xp++)
{
if (sm_io_putc(mci->mci_out,
SM_TIME_DEFAULT,
(unsigned char) *xp)
== SM_IO_EOF)
{
dead = true;
break;
}
}
if (dead)
continue;
if (c == '\n')
{
if (sm_io_fputs(mci->mci_out,
SM_TIME_DEFAULT,
mci->mci_mailer->m_eol)
== SM_IO_EOF)
break;
pos = 0;
}
else
{
pos += bp - buf;
if (c != '\r')
{
SM_ASSERT(pbp < peekbuf +
sizeof(peekbuf));
*pbp++ = c;
}
}
bp = buf;
/* determine next state */
if (c == '\n')
ostate = OSTATE_HEAD;
else if (c == '\r')
ostate = OSTATE_CR;
else
ostate = OSTATE_INLINE;
continue;
case OSTATE_CR:
if (c == '\n')
{
/* got CRLF */
if (sm_io_fputs(mci->mci_out,
SM_TIME_DEFAULT,
mci->mci_mailer->m_eol)
== SM_IO_EOF)
continue;
if (TrafficLogFile != NULL)
{
(void) sm_io_fputs(TrafficLogFile,
SM_TIME_DEFAULT,
mci->mci_mailer->m_eol);
}
pos = 0;
ostate = OSTATE_HEAD;
continue;
}
/* had a naked carriage return */
SM_ASSERT(pbp < peekbuf + sizeof(peekbuf));
*pbp++ = c;
c = '\r';
ostate = OSTATE_INLINE;
goto putch;
case OSTATE_INLINE:
if (c == '\r')
{
ostate = OSTATE_CR;
continue;
}
if (c == '\0' &&
bitnset(M_NONULLS,
mci->mci_mailer->m_flags))
break;
putch:
if (mci->mci_mailer->m_linelimit > 0 &&
pos >= mci->mci_mailer->m_linelimit - 1 &&
c != '\n')
{
int d;
/* check next character for EOL */
if (pbp > peekbuf)
d = *(pbp - 1);
else if ((d = sm_io_getc(e->e_dfp,
SM_TIME_DEFAULT))
!= SM_IO_EOF)
{
SM_ASSERT(pbp < peekbuf +
sizeof(peekbuf));
*pbp++ = d;
}
if (d == '\n' || d == SM_IO_EOF)
{
if (TrafficLogFile != NULL)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT,
(unsigned char) c);
if (sm_io_putc(mci->mci_out,
SM_TIME_DEFAULT,
(unsigned char) c)
== SM_IO_EOF)
{
dead = true;
continue;
}
pos++;
continue;
}
if (sm_io_putc(mci->mci_out,
SM_TIME_DEFAULT, '!')
== SM_IO_EOF ||
sm_io_fputs(mci->mci_out,
SM_TIME_DEFAULT,
mci->mci_mailer->m_eol)
== SM_IO_EOF)
{
dead = true;
continue;
}
if (TrafficLogFile != NULL)
{
(void) sm_io_fprintf(TrafficLogFile,
SM_TIME_DEFAULT,
"!%s",
mci->mci_mailer->m_eol);
}
ostate = OSTATE_HEAD;
SM_ASSERT(pbp < peekbuf +
sizeof(peekbuf));
*pbp++ = c;
continue;
}
if (c == '\n')
{
if (TrafficLogFile != NULL)
(void) sm_io_fputs(TrafficLogFile,
SM_TIME_DEFAULT,
mci->mci_mailer->m_eol);
if (sm_io_fputs(mci->mci_out,
SM_TIME_DEFAULT,
mci->mci_mailer->m_eol)
== SM_IO_EOF)
continue;
pos = 0;
ostate = OSTATE_HEAD;
}
else
{
if (TrafficLogFile != NULL)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT,
(unsigned char) c);
if (sm_io_putc(mci->mci_out,
SM_TIME_DEFAULT,
(unsigned char) c)
== SM_IO_EOF)
{
dead = true;
continue;
}
pos++;
ostate = OSTATE_INLINE;
}
break;
}
}
/* make sure we are at the beginning of a line */
if (bp > buf)
{
if (TrafficLogFile != NULL)
{
for (xp = buf; xp < bp; xp++)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT,
(unsigned char) *xp);
}
for (xp = buf; xp < bp; xp++)
{
if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
(unsigned char) *xp)
== SM_IO_EOF)
{
dead = true;
break;
}
}
pos += bp - buf;
}
if (!dead && pos > 0)
{
if (TrafficLogFile != NULL)
(void) sm_io_fputs(TrafficLogFile,
SM_TIME_DEFAULT,
mci->mci_mailer->m_eol);
if (sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
mci->mci_mailer->m_eol) == SM_IO_EOF)
goto writeerr;
}
}
if (sm_io_error(e->e_dfp))
{
syserr("putbody: %s/%cf%s: read error",
qid_printqueue(e->e_dfqgrp, e->e_dfqdir),
DATAFL_LETTER, e->e_id);
ExitStat = EX_IOERR;
ioerr = true;
}
endofmessage:
/*
** Since mailfile() uses e_dfp in a child process,
** the file offset in the stdio library for the
** parent process will not agree with the in-kernel
** file offset since the file descriptor is shared
** between the processes. Therefore, it is vital
** that the file always be rewound. This forces the
** kernel offset (lseek) and stdio library (ftell)
** offset to match.
*/
save_errno = errno;
if (e->e_dfp != NULL)
(void) bfrewind(e->e_dfp);
/* some mailers want extra blank line at end of message */
if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) &&
buf[0] != '\0' && buf[0] != '\n')
{
if (!putline("", mci))
goto writeerr;
}
if (!dead &&
(sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF ||
(sm_io_error(mci->mci_out) && errno != EPIPE)))
{
save_errno = errno;
syserr("putbody: write error");
ExitStat = EX_IOERR;
ioerr = true;
}
errno = save_errno;
return !dead && !ioerr;
writeerr:
return false;
}
/*
** MAILFILE -- Send a message to a file.
**
** If the file has the set-user-ID/set-group-ID bits set, but NO
** execute bits, sendmail will try to become the owner of that file
** rather than the real user. Obviously, this only works if
** sendmail runs as root.
**
** This could be done as a subordinate mailer, except that it
** is used implicitly to save messages in ~/dead.letter. We
** view this as being sufficiently important as to include it
** here. For example, if the system is dying, we shouldn't have
** to create another process plus some pipes to save the message.
**
** Parameters:
** filename -- the name of the file to send to.
** mailer -- mailer definition for recipient -- if NULL,
** use FileMailer.
** ctladdr -- the controlling address header -- includes
** the userid/groupid to be when sending.
** sfflags -- flags for opening.
** e -- the current envelope.
**
** Returns:
** The exit code associated with the operation.
**
** Side Effects:
** none.
*/
# define RETURN(st) exit(st);
static jmp_buf CtxMailfileTimeout;
int
mailfile(filename, mailer, ctladdr, sfflags, e)
char *volatile filename;
MAILER *volatile mailer;
ADDRESS *ctladdr;
volatile long sfflags;
register ENVELOPE *e;
{
register SM_FILE_T *f;
register pid_t pid = -1;
volatile int mode;
int len;
off_t curoff;
bool suidwarn = geteuid() == 0;
char *p;
char *volatile realfile;
SM_EVENT *ev;
char buf[MAXPATHLEN];
char targetfile[MAXPATHLEN];
if (tTd(11, 1))
{
sm_dprintf("mailfile %s\n ctladdr=", filename);
printaddr(sm_debug_file(), ctladdr, false);
}
if (mailer == NULL)
mailer = FileMailer;
if (e->e_xfp != NULL)
(void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);
/*
** Special case /dev/null. This allows us to restrict file
** delivery to regular files only.
*/
if (sm_path_isdevnull(filename))
return EX_OK;
/* check for 8-bit available */
if (bitset(EF_HAS8BIT, e->e_flags) &&
bitnset(M_7BITS, mailer->m_flags) &&
(bitset(EF_DONT_MIME, e->e_flags) ||
!(bitset(MM_MIME8BIT, MimeMode) ||
(bitset(EF_IS_MIME, e->e_flags) &&
bitset(MM_CVTMIME, MimeMode)))))
{
e->e_status = "5.6.3";
usrerrenh(e->e_status,
"554 Cannot send 8-bit data to 7-bit destination");
errno = 0;
return EX_DATAERR;
}
/* Find the actual file */
if (SafeFileEnv != NULL && SafeFileEnv[0] != '\0')
{
len = strlen(SafeFileEnv);
if (strncmp(SafeFileEnv, filename, len) == 0)
filename += len;
if (len + strlen(filename) + 1 >= sizeof(targetfile))
{
syserr("mailfile: filename too long (%s/%s)",
SafeFileEnv, filename);
return EX_CANTCREAT;
}
(void) sm_strlcpy(targetfile, SafeFileEnv, sizeof(targetfile));
realfile = targetfile + len;
if (*filename == '/')
filename++;
if (*filename != '\0')
{
/* paranoia: trailing / should be removed in readcf */
if (targetfile[len - 1] != '/')
(void) sm_strlcat(targetfile,
"/", sizeof(targetfile));
(void) sm_strlcat(targetfile, filename,
sizeof(targetfile));
}
}
else if (mailer->m_rootdir != NULL)
{
expand(mailer->m_rootdir, targetfile, sizeof(targetfile), e);
len = strlen(targetfile);
if (strncmp(targetfile, filename, len) == 0)
filename += len;
if (len + strlen(filename) + 1 >= sizeof(targetfile))
{
syserr("mailfile: filename too long (%s/%s)",
targetfile, filename);
return EX_CANTCREAT;
}
realfile = targetfile + len;
if (targetfile[len - 1] != '/')
(void) sm_strlcat(targetfile, "/", sizeof(targetfile));
if (*filename == '/')
(void) sm_strlcat(targetfile, filename + 1,
sizeof(targetfile));
else
(void) sm_strlcat(targetfile, filename,
sizeof(targetfile));
}
else
{
if (sm_strlcpy(targetfile, filename, sizeof(targetfile)) >=
sizeof(targetfile))
{
syserr("mailfile: filename too long (%s)", filename);
return EX_CANTCREAT;
}
realfile = targetfile;
}
/*
** Fork so we can change permissions here.
** Note that we MUST use fork, not vfork, because of
** the complications of calling subroutines, etc.
*/
/*
** Dispose of SIGCHLD signal catchers that may be laying
** around so that the waitfor() below will get it.
*/
(void) sm_signal(SIGCHLD, SIG_DFL);
DOFORK(fork);
if (pid < 0)
return EX_OSERR;
else if (pid == 0)
{
/* child -- actually write to file */
struct stat stb;
MCI mcibuf;
int err;
volatile int oflags = O_WRONLY|O_APPEND;
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
CurrentPid = getpid();
if (e->e_lockfp != NULL)
{
int fd;
fd = sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL);
/* SM_ASSERT(fd >= 0); */
if (fd >= 0)
(void) close(fd);
}
(void) sm_signal(SIGINT, SIG_DFL);
(void) sm_signal(SIGHUP, SIG_DFL);
(void) sm_signal(SIGTERM, SIG_DFL);
(void) umask(OldUmask);
e->e_to = filename;
ExitStat = EX_OK;
if (setjmp(CtxMailfileTimeout) != 0)
{
RETURN(EX_TEMPFAIL);
}
if (TimeOuts.to_fileopen > 0)
ev = sm_setevent(TimeOuts.to_fileopen, mailfiletimeout,
0);
else
ev = NULL;
/* check file mode to see if set-user-ID */
if (stat(targetfile, &stb) < 0)
mode = FileMode;
else
mode = stb.st_mode;
/* limit the errors to those actually caused in the child */
errno = 0;
ExitStat = EX_OK;
/* Allow alias expansions to use the S_IS{U,G}ID bits */
if ((ctladdr != NULL && !bitset(QALIAS, ctladdr->q_flags)) ||
bitset(SFF_RUNASREALUID, sfflags))
{
/* ignore set-user-ID and set-group-ID bits */
mode &= ~(S_ISGID|S_ISUID);
if (tTd(11, 20))
sm_dprintf("mailfile: ignoring set-user-ID/set-group-ID bits\n");
}
/* we have to open the data file BEFORE setuid() */
if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags))
{
char *df = queuename(e, DATAFL_LETTER);
e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, df,
SM_IO_RDONLY_B, NULL);
if (e->e_dfp == NULL)
{
syserr("mailfile: Cannot open %s for %s from %s",
df, e->e_to, e->e_from.q_paddr);
}
}
/* select a new user to run as */
if (!bitset(SFF_RUNASREALUID, sfflags))
{
if (bitnset(M_SPECIFIC_UID, mailer->m_flags))
{
RealUserName = NULL;
if (mailer->m_uid == NO_UID)
RealUid = RunAsUid;
else
RealUid = mailer->m_uid;
if (RunAsUid != 0 && RealUid != RunAsUid)
{
/* Only root can change the uid */
syserr("mailfile: insufficient privileges to change uid, RunAsUid=%ld, RealUid=%ld",
(long) RunAsUid, (long) RealUid);
RETURN(EX_TEMPFAIL);
}
}
else if (bitset(S_ISUID, mode))
{
RealUserName = NULL;
RealUid = stb.st_uid;
}
else if (ctladdr != NULL && ctladdr->q_uid != 0)
{
if (ctladdr->q_ruser != NULL)
RealUserName = ctladdr->q_ruser;
else
RealUserName = ctladdr->q_user;
RealUid = ctladdr->q_uid;
}
else if (mailer != NULL && mailer->m_uid != NO_UID)
{
RealUserName = DefUser;
RealUid = mailer->m_uid;
}
else
{
RealUserName = DefUser;
RealUid = DefUid;
}
/* select a new group to run as */
if (bitnset(M_SPECIFIC_UID, mailer->m_flags))
{
if (mailer->m_gid == NO_GID)
RealGid = RunAsGid;
else
RealGid = mailer->m_gid;
if (RunAsUid != 0 &&
(RealGid != getgid() ||
RealGid != getegid()))
{
/* Only root can change the gid */
syserr("mailfile: insufficient privileges to change gid, RealGid=%ld, RunAsUid=%ld, gid=%ld, egid=%ld",
(long) RealGid, (long) RunAsUid,
(long) getgid(), (long) getegid());
RETURN(EX_TEMPFAIL);
}
}
else if (bitset(S_ISGID, mode))
RealGid = stb.st_gid;
else if (ctladdr != NULL &&
ctladdr->q_uid == DefUid &&
ctladdr->q_gid == 0)
{
/*
** Special case: This means it is an
** alias and we should act as DefaultUser.
** See alias()'s comments.
*/
RealGid = DefGid;
RealUserName = DefUser;
}
else if (ctladdr != NULL && ctladdr->q_uid != 0)
RealGid = ctladdr->q_gid;
else if (mailer != NULL && mailer->m_gid != NO_GID)
RealGid = mailer->m_gid;
else
RealGid = DefGid;
}
/* last ditch */
if (!bitset(SFF_ROOTOK, sfflags))
{
if (RealUid == 0)
RealUid = DefUid;
if (RealGid == 0)
RealGid = DefGid;
}
/* set group id list (needs /etc/group access) */
if (RealUserName != NULL && !DontInitGroups)
{
if (initgroups(RealUserName, RealGid) == -1 && suidwarn)
{
syserr("mailfile: initgroups(%s, %ld) failed",
RealUserName, (long) RealGid);
RETURN(EX_TEMPFAIL);
}
}
else
{
GIDSET_T gidset[1];
gidset[0] = RealGid;
if (setgroups(1, gidset) == -1 && suidwarn)
{
syserr("mailfile: setgroups() failed");
RETURN(EX_TEMPFAIL);
}
}
/*
** If you have a safe environment, go into it.
*/
if (realfile != targetfile)
{
char save;
save = *realfile;
*realfile = '\0';
if (tTd(11, 20))
sm_dprintf("mailfile: chroot %s\n", targetfile);
if (chroot(targetfile) < 0)
{
syserr("mailfile: Cannot chroot(%s)",
targetfile);
RETURN(EX_CANTCREAT);
}
*realfile = save;
}
if (tTd(11, 40))
sm_dprintf("mailfile: deliver to %s\n", realfile);
if (chdir("/") < 0)
{
syserr("mailfile: cannot chdir(/)");
RETURN(EX_CANTCREAT);
}
/* now reset the group and user ids */
endpwent();
sm_mbdb_terminate();
if (setgid(RealGid) < 0 && suidwarn)
{
syserr("mailfile: setgid(%ld) failed", (long) RealGid);
RETURN(EX_TEMPFAIL);
}
vendor_set_uid(RealUid);
if (setuid(RealUid) < 0 && suidwarn)
{
syserr("mailfile: setuid(%ld) failed", (long) RealUid);
RETURN(EX_TEMPFAIL);
}
if (tTd(11, 2))
sm_dprintf("mailfile: running as r/euid=%ld/%ld, r/egid=%ld/%ld\n",
(long) getuid(), (long) geteuid(),
(long) getgid(), (long) getegid());
/* move into some "safe" directory */
if (mailer->m_execdir != NULL)
{
char *q;
for (p = mailer->m_execdir; p != NULL; p = q)
{
q = strchr(p, ':');
if (q != NULL)
*q = '\0';
expand(p, buf, sizeof(buf), e);
if (q != NULL)
*q++ = ':';
if (tTd(11, 20))
sm_dprintf("mailfile: trydir %s\n",
buf);
if (buf[0] != '\0' && chdir(buf) >= 0)
break;
}
}
/*
** Recheck the file after we have assumed the ID of the
** delivery user to make sure we can deliver to it as
** that user. This is necessary if sendmail is running
** as root and the file is on an NFS mount which treats
** root as nobody.
*/
#if HASLSTAT
if (bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
err = stat(realfile, &stb);
else
err = lstat(realfile, &stb);
#else /* HASLSTAT */
err = stat(realfile, &stb);
#endif /* HASLSTAT */
if (err < 0)
{
stb.st_mode = ST_MODE_NOFILE;
mode = FileMode;
oflags |= O_CREAT|O_EXCL;
}
else if (bitset(S_IXUSR|S_IXGRP|S_IXOTH, mode) ||
(!bitnset(DBS_FILEDELIVERYTOHARDLINK,
DontBlameSendmail) &&
stb.st_nlink != 1) ||
(realfile != targetfile && !S_ISREG(mode)))
exit(EX_CANTCREAT);
else
mode = stb.st_mode;
if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
sfflags |= SFF_NOSLINK;
if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail))
sfflags |= SFF_NOHLINK;
sfflags &= ~SFF_OPENASROOT;
f = safefopen(realfile, oflags, mode, sfflags);
if (f == NULL)
{
if (transienterror(errno))
{
usrerr("454 4.3.0 cannot open %s: %s",
shortenstring(realfile, MAXSHORTSTR),
sm_errstring(errno));
RETURN(EX_TEMPFAIL);
}
else
{
usrerr("554 5.3.0 cannot open %s: %s",
shortenstring(realfile, MAXSHORTSTR),
sm_errstring(errno));
RETURN(EX_CANTCREAT);
}
}
if (filechanged(realfile, sm_io_getinfo(f, SM_IO_WHAT_FD, NULL),
&stb))
{
syserr("554 5.3.0 file changed after open");
RETURN(EX_CANTCREAT);
}
if (fstat(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL), &stb) < 0)
{
syserr("554 5.3.0 cannot fstat %s",
sm_errstring(errno));
RETURN(EX_CANTCREAT);
}
curoff = stb.st_size;
if (ev != NULL)
sm_clrevent(ev);
memset(&mcibuf, '\0', sizeof(mcibuf));
mcibuf.mci_mailer = mailer;
mcibuf.mci_out = f;
if (bitnset(M_7BITS, mailer->m_flags))
mcibuf.mci_flags |= MCIF_7BIT;
/* clear out per-message flags from connection structure */
mcibuf.mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7);
if (bitset(EF_HAS8BIT, e->e_flags) &&
!bitset(EF_DONT_MIME, e->e_flags) &&
bitnset(M_7BITS, mailer->m_flags))
mcibuf.mci_flags |= MCIF_CVT8TO7;
#if MIME7TO8
if (bitnset(M_MAKE8BIT, mailer->m_flags) &&
!bitset(MCIF_7BIT, mcibuf.mci_flags) &&
(p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL &&
(sm_strcasecmp(p, "quoted-printable") == 0 ||
sm_strcasecmp(p, "base64") == 0) &&
(p = hvalue("Content-Type", e->e_header)) != NULL)
{
/* may want to convert 7 -> 8 */
/* XXX should really parse it here -- and use a class XXX */
if (sm_strncasecmp(p, "text/plain", 10) == 0 &&
(p[10] == '\0' || p[10] == ' ' || p[10] == ';'))
mcibuf.mci_flags |= MCIF_CVT7TO8;
}
#endif /* MIME7TO8 */
if (!putfromline(&mcibuf, e) ||
!(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER) ||
!(*e->e_putbody)(&mcibuf, e, NULL) ||
!putline("\n", &mcibuf) ||
(sm_io_flush(f, SM_TIME_DEFAULT) != 0 ||
(SuperSafe != SAFE_NO &&
fsync(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL)) < 0) ||
sm_io_error(f)))
{
setstat(EX_IOERR);
#if !NOFTRUNCATE
(void) ftruncate(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL),
curoff);
-#endif /* !NOFTRUNCATE */
+#endif
}
/* reset ISUID & ISGID bits for paranoid systems */
#if HASFCHMOD
(void) fchmod(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL),
(MODE_T) mode);
#else /* HASFCHMOD */
(void) chmod(filename, (MODE_T) mode);
#endif /* HASFCHMOD */
if (sm_io_close(f, SM_TIME_DEFAULT) < 0)
setstat(EX_IOERR);
(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
(void) setuid(RealUid);
exit(ExitStat);
/* NOTREACHED */
}
else
{
/* parent -- wait for exit status */
int st;
st = waitfor(pid);
if (st == -1)
{
syserr("mailfile: %s: wait", mailer->m_name);
return EX_SOFTWARE;
}
if (WIFEXITED(st))
{
errno = 0;
return (WEXITSTATUS(st));
}
else
{
syserr("mailfile: %s: child died on signal %d",
mailer->m_name, st);
return EX_UNAVAILABLE;
}
/* NOTREACHED */
}
return EX_UNAVAILABLE; /* avoid compiler warning on IRIX */
}
static void
mailfiletimeout(ignore)
int ignore;
{
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
errno = ETIMEDOUT;
longjmp(CtxMailfileTimeout, 1);
}
+
+#if DANE
+
+/*
+** GETMPORT -- return the port of a mailer
+**
+** Parameters:
+** m -- the mailer describing this host.
+**
+** Returns:
+** the port of the mailer if defined.
+** 0 otherwise
+** <0 error
+*/
+
+static int getmport __P((MAILER *));
+
+static int
+getmport(m)
+ MAILER *m;
+{
+ unsigned long ulval;
+ char *buf, *ep;
+
+ if (m->m_port > 0)
+ return m->m_port;
+
+ if (NULL == m->m_argv[0] ||NULL == m->m_argv[1])
+ return -1;
+ buf = m->m_argv[2];
+ if (NULL == buf)
+ return 0;
+
+ errno = 0;
+ ulval = strtoul(buf, &ep, 0);
+ if (buf[0] == '\0' || *ep != '\0')
+ return -1;
+ if (errno == ERANGE && ulval == ULONG_MAX)
+ return -1;
+ if (ulval > USHRT_MAX)
+ return -1;
+ m->m_port = (unsigned short) ulval;
+ if (tTd(17, 30))
+ sm_dprintf("getmport: mailer=%s, port=%d\n", m->m_name,
+ m->m_port);
+ return m->m_port;
+}
+# define GETMPORT(m) getmport(m)
+#else /* DANE */
+# define GETMPORT(m) 25
+#endif /* DANE */
+
/*
** HOSTSIGNATURE -- return the "signature" for a host.
**
** The signature describes how we are going to send this -- it
** can be just the hostname (for non-Internet hosts) or can be
** an ordered list of MX hosts.
**
** Parameters:
** m -- the mailer describing this host.
** host -- the host name.
+** ad -- DNSSEC: ad
**
** Returns:
** The signature for this host.
**
** Side Effects:
** Can tweak the symbol table.
*/
#define MAXHOSTSIGNATURE 8192 /* max len of hostsignature */
char *
-hostsignature(m, host)
+hostsignature(m, host, ad)
register MAILER *m;
char *host;
+ bool ad;
{
register char *p;
register STAB *s;
time_t now;
#if NAMED_BIND
char sep = ':';
char prevsep = ':';
int i;
int len;
int nmx;
int hl;
char *hp;
char *endp;
int oldoptions = _res.options;
char *mxhosts[MAXMXHOSTS + 1];
unsigned short mxprefs[MAXMXHOSTS + 1];
#endif /* NAMED_BIND */
if (tTd(17, 3))
- sm_dprintf("hostsignature(%s)\n", host);
+ sm_dprintf("hostsignature(%s), ad=%d\n", host, ad);
/*
** If local delivery (and not remote), just return a constant.
*/
if (bitnset(M_LOCALMAILER, m->m_flags) &&
strcmp(m->m_mailer, "[IPC]") != 0 &&
!(m->m_argv[0] != NULL && strcmp(m->m_argv[0], "TCP") == 0))
return "localhost";
/* an empty host does not have MX records */
if (*host == '\0')
return "_empty_";
/*
** Check to see if this uses IPC -- if not, it can't have MX records.
*/
if (strcmp(m->m_mailer, "[IPC]") != 0 ||
CurEnv->e_sendmode == SM_DEFER)
{
/* just an ordinary mailer or deferred mode */
return host;
}
#if NETUNIX
else if (m->m_argv[0] != NULL &&
strcmp(m->m_argv[0], "FILE") == 0)
{
/* rendezvous in the file system, no MX records */
return host;
}
#endif /* NETUNIX */
/*
** Look it up in the symbol table.
*/
now = curtime();
s = stab(host, ST_HOSTSIG, ST_ENTER);
if (s->s_hostsig.hs_sig != NULL)
{
if (s->s_hostsig.hs_exp >= now)
{
if (tTd(17, 3))
sm_dprintf("hostsignature(): stab(%s) found %s\n", host,
s->s_hostsig.hs_sig);
return s->s_hostsig.hs_sig;
}
/* signature is expired: clear it */
sm_free(s->s_hostsig.hs_sig);
s->s_hostsig.hs_sig = NULL;
}
/* set default TTL */
s->s_hostsig.hs_exp = now + SM_DEFAULT_TTL;
/*
** Not already there or expired -- create a signature.
*/
#if NAMED_BIND
if (ConfigLevel < 2)
_res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
for (hp = host; hp != NULL; hp = endp)
{
-#if NETINET6
+# if NETINET6
if (*hp == '[')
{
endp = strchr(hp + 1, ']');
if (endp != NULL)
endp = strpbrk(endp + 1, ":,");
}
else
endp = strpbrk(hp, ":,");
-#else /* NETINET6 */
+# else /* NETINET6 */
endp = strpbrk(hp, ":,");
-#endif /* NETINET6 */
+# endif /* NETINET6 */
if (endp != NULL)
{
sep = *endp;
*endp = '\0';
}
if (bitnset(M_NOMX, m->m_flags))
{
/* skip MX lookups */
nmx = 1;
mxhosts[0] = hp;
}
else
{
auto int rcode;
int ttl;
- nmx = getmxrr(hp, mxhosts, mxprefs, true, &rcode, true,
- &ttl);
+ GETMPORT(m);
+ nmx = getmxrr(hp, mxhosts, mxprefs,
+ DROPLOCALHOST|TRYFALLBACK|(ad ? ISAD :0),
+ &rcode, &ttl, M_PORT(m));
if (nmx <= 0)
{
int save_errno;
register MCI *mci;
/* update the connection info for this host */
save_errno = errno;
mci = mci_get(hp, m);
mci->mci_errno = save_errno;
mci->mci_herrno = h_errno;
mci->mci_lastuse = now;
- if (rcode == EX_NOHOST)
+ if (nmx == NULLMX)
+ mci_setstat(mci, rcode, "5.7.27",
+ "550 Host does not accept mail");
+ else if (rcode == EX_NOHOST)
mci_setstat(mci, rcode, "5.1.2",
"550 Host unknown");
else
mci_setstat(mci, rcode, NULL, NULL);
/* use the original host name as signature */
nmx = 1;
mxhosts[0] = hp;
}
if (tTd(17, 3))
sm_dprintf("hostsignature(): getmxrr() returned %d, mxhosts[0]=%s\n",
nmx, mxhosts[0]);
/*
** Set new TTL: we use only one!
** We could try to use the minimum instead.
*/
s->s_hostsig.hs_exp = now + SM_MIN(ttl, SM_DEFAULT_TTL);
}
len = 0;
for (i = 0; i < nmx; i++)
len += strlen(mxhosts[i]) + 1;
if (s->s_hostsig.hs_sig != NULL)
len += strlen(s->s_hostsig.hs_sig) + 1;
if (len < 0 || len >= MAXHOSTSIGNATURE)
{
sm_syslog(LOG_WARNING, NOQID, "hostsignature for host '%s' exceeds maxlen (%d): %d",
host, MAXHOSTSIGNATURE, len);
len = MAXHOSTSIGNATURE;
}
p = sm_pmalloc_x(len);
if (s->s_hostsig.hs_sig != NULL)
{
(void) sm_strlcpy(p, s->s_hostsig.hs_sig, len);
sm_free(s->s_hostsig.hs_sig); /* XXX */
s->s_hostsig.hs_sig = p;
hl = strlen(p);
p += hl;
*p++ = prevsep;
len -= hl + 1;
}
else
s->s_hostsig.hs_sig = p;
for (i = 0; i < nmx; i++)
{
hl = strlen(mxhosts[i]);
if (len - 1 < hl || len <= 1)
{
/* force to drop out of outer loop */
len = -1;
break;
}
if (i != 0)
{
if (mxprefs[i] == mxprefs[i - 1])
*p++ = ',';
else
*p++ = ':';
len--;
}
(void) sm_strlcpy(p, mxhosts[i], len);
p += hl;
len -= hl;
}
/*
** break out of loop if len exceeded MAXHOSTSIGNATURE
** because we won't have more space for further hosts
** anyway (separated by : in the .cf file).
*/
if (len < 0)
break;
if (endp != NULL)
*endp++ = sep;
prevsep = sep;
}
makelower(s->s_hostsig.hs_sig);
if (ConfigLevel < 2)
_res.options = oldoptions;
#else /* NAMED_BIND */
/* not using BIND -- the signature is just the host name */
/*
** 'host' points to storage that will be freed after we are
** done processing the current envelope, so we copy it.
*/
s->s_hostsig.hs_sig = sm_pstrdup_x(host);
#endif /* NAMED_BIND */
if (tTd(17, 1))
sm_dprintf("hostsignature(%s) = %s\n", host, s->s_hostsig.hs_sig);
return s->s_hostsig.hs_sig;
}
/*
** PARSE_HOSTSIGNATURE -- parse the "signature" and return MX host array.
**
** The signature describes how we are going to send this -- it
** can be just the hostname (for non-Internet hosts) or can be
** an ordered list of MX hosts which must be randomized for equal
** MX preference values.
**
** Parameters:
** sig -- the host signature.
** mxhosts -- array to populate.
** mailer -- mailer.
**
** Returns:
** The number of hosts inserted into mxhosts array.
**
** Side Effects:
** Randomizes equal MX preference hosts in mxhosts.
*/
static int
parse_hostsignature(sig, mxhosts, mailer)
char *sig;
char **mxhosts;
MAILER *mailer;
{
unsigned short curpref = 0;
int nmx = 0, i, j; /* NOTE: i, j, and nmx must have same type */
char *hp, *endp;
unsigned short prefer[MAXMXHOSTS];
long rndm[MAXMXHOSTS];
for (hp = sig; hp != NULL; hp = endp)
{
char sep = ':';
#if NETINET6
if (*hp == '[')
{
endp = strchr(hp + 1, ']');
if (endp != NULL)
endp = strpbrk(endp + 1, ":,");
}
else
endp = strpbrk(hp, ":,");
#else /* NETINET6 */
endp = strpbrk(hp, ":,");
#endif /* NETINET6 */
if (endp != NULL)
{
sep = *endp;
*endp = '\0';
}
mxhosts[nmx] = hp;
prefer[nmx] = curpref;
if (mci_match(hp, mailer))
rndm[nmx] = 0;
else
rndm[nmx] = get_random();
if (endp != NULL)
{
/*
** Since we don't have the original MX prefs,
** make our own. If the separator is a ':', that
** means the preference for the next host will be
** higher than this one, so simply increment curpref.
*/
if (sep == ':')
curpref++;
*endp++ = sep;
}
if (++nmx >= MAXMXHOSTS)
break;
}
/* sort the records using the random factor for equal preferences */
for (i = 0; i < nmx; i++)
{
for (j = i + 1; j < nmx; j++)
{
/*
** List is already sorted by MX preference, only
** need to look for equal preference MX records
*/
if (prefer[i] < prefer[j])
break;
if (prefer[i] > prefer[j] ||
(prefer[i] == prefer[j] && rndm[i] > rndm[j]))
{
register unsigned short tempp;
register long tempr;
register char *temp1;
tempp = prefer[i];
prefer[i] = prefer[j];
prefer[j] = tempp;
temp1 = mxhosts[i];
mxhosts[i] = mxhosts[j];
mxhosts[j] = temp1;
tempr = rndm[i];
rndm[i] = rndm[j];
rndm[j] = tempr;
}
}
}
return nmx;
}
-# if STARTTLS
+#if STARTTLS
static SSL_CTX *clt_ctx = NULL;
static bool tls_ok_clt = true;
/*
** SETCLTTLS -- client side TLS: allow/disallow.
**
** Parameters:
** tls_ok -- should tls be done?
**
** Returns:
** none.
**
** Side Effects:
** sets tls_ok_clt (static variable in this module)
*/
void
setclttls(tls_ok)
bool tls_ok;
{
tls_ok_clt = tls_ok;
return;
}
/*
** INITCLTTLS -- initialize client side TLS
**
** Parameters:
** tls_ok -- should tls initialization be done?
**
** Returns:
** succeeded?
**
** Side Effects:
** sets tls_ok_clt (static variable in this module)
*/
bool
initclttls(tls_ok)
bool tls_ok;
{
if (!tls_ok_clt)
return false;
tls_ok_clt = tls_ok;
if (!tls_ok_clt)
return false;
if (clt_ctx != NULL)
return true; /* already done */
tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, Clt_SSL_Options, false,
- CltCertFile, CltKeyFile,
- CACertPath, CACertFile, DHParams);
+ CltCertFile, CltKeyFile,
+# if _FFR_CLIENTCA
+ (CltCACertPath != NULL) ? CltCACertPath :
+# endif
+ CACertPath,
+# if _FFR_CLIENTCA
+ (CltCACertFile != NULL) ? CltCACertFile :
+# endif
+ CACertFile,
+ DHParams);
return tls_ok_clt;
}
/*
** STARTTLS -- try to start secure connection (client side)
**
** Parameters:
** m -- the mailer.
** mci -- the mailer connection info.
** e -- the envelope.
**
** Returns:
** success?
** (maybe this should be some other code than EX_
** that denotes which stage failed.)
*/
static int
-starttls(m, mci, e)
+starttls(m, mci, e
+# if DANE
+ , dane_vrfy_ctx
+# endif
+ )
MAILER *m;
MCI *mci;
ENVELOPE *e;
+# if DANE
+ dane_vrfy_ctx_P dane_vrfy_ctx;
+# endif
{
int smtpresult;
int result = 0;
int rfd, wfd;
SSL *clt_ssl = NULL;
time_t tlsstart;
+ extern int TLSsslidx;
if (clt_ctx == NULL && !initclttls(true))
return EX_TEMPFAIL;
-# if USE_OPENSSL_ENGINE
- if (!SSLEngineInitialized && !SSL_set_engine(NULL))
+ if (!TLS_set_engine(SSLEngine, false))
{
sm_syslog(LOG_ERR, NOQID,
- "STARTTLS=client, SSL_set_engine=failed");
+ "STARTTLS=client, engine=%s, TLS_set_engine=failed",
+ SSLEngine);
return EX_TEMPFAIL;
}
- SSLEngineInitialized = true;
-# endif /* USE_OPENSSL_ENGINE */
smtpmessage("STARTTLS", m, mci);
/* get the reply */
smtpresult = reply(m, mci, e, TimeOuts.to_starttls, NULL, NULL,
XS_STARTTLS);
/* check return code from server */
if (REPLYTYPE(smtpresult) == 4)
return EX_TEMPFAIL;
if (smtpresult == 501)
return EX_USAGE;
if (smtpresult == -1)
return smtpresult;
/* not an expected reply but we have to deal with it */
if (REPLYTYPE(smtpresult) == 5)
return EX_UNAVAILABLE;
if (smtpresult != 220)
return EX_PROTOCOL;
if (LogLevel > 13)
sm_syslog(LOG_INFO, NOQID, "STARTTLS=client, start=ok");
/* start connection */
if ((clt_ssl = SSL_new(clt_ctx)) == NULL)
{
if (LogLevel > 5)
{
sm_syslog(LOG_ERR, NOQID,
"STARTTLS=client, error: SSL_new failed");
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, "client");
+ tlslogerr(LOG_WARNING, 9, "client");
}
return EX_SOFTWARE;
}
/* SSL_clear(clt_ssl); ? */
- if (get_tls_se_options(e, clt_ssl, false) != 0)
+ if (get_tls_se_options(e, clt_ssl, &mci->mci_tlsi, false) != 0)
{
sm_syslog(LOG_ERR, NOQID,
"STARTTLS=client, get_tls_se_options=fail");
return EX_SOFTWARE;
}
+ result = SSL_set_ex_data(clt_ssl, TLSsslidx, &mci->mci_tlsi);
+ if (0 == result)
+ {
+ if (LogLevel > 5)
+ {
+ sm_syslog(LOG_ERR, NOQID,
+ "STARTTLS=client, error: SSL_set_ex_data failed=%d, idx=%d",
+ result, TLSsslidx);
+ tlslogerr(LOG_WARNING, 9, "client");
+ }
+ return EX_SOFTWARE;
+ }
+# if DANE
+ if (SM_TLSI_IS(&(mci->mci_tlsi), TLSI_FL_NODANE))
+ dane_vrfy_ctx->dane_vrfy_chk = DANE_NEVER;
+ else
+ {
+ int r;
+
+# define SM_IS_EMPTY(s) (NULL == (s) || '\0' == *(s))
+
+ /* set SNI only if there is a TLSA RR */
+ if (dane_get_tlsa(dane_vrfy_ctx) != NULL &&
+ !(SM_IS_EMPTY(dane_vrfy_ctx->dane_vrfy_host) &&
+ SM_IS_EMPTY(dane_vrfy_ctx->dane_vrfy_sni)) &&
+ (r = SSL_set_tlsext_host_name(clt_ssl,
+ (!SM_IS_EMPTY(dane_vrfy_ctx->dane_vrfy_sni)
+ ? dane_vrfy_ctx->dane_vrfy_sni
+ : dane_vrfy_ctx->dane_vrfy_host))) <= 0)
+ {
+ if (LogLevel > 5)
+ {
+ sm_syslog(LOG_ERR, NOQID,
+ "STARTTLS=client, host=%s, SSL_set_tlsext_host_name=%d",
+ dane_vrfy_ctx->dane_vrfy_host, r);
+ }
+ tlslogerr(LOG_ERR, 5, "client");
+ /* return EX_SOFTWARE; */
+ }
+ }
+ memcpy(&mci->mci_tlsi.tlsi_dvc, dane_vrfy_ctx, sizeof(*dane_vrfy_ctx));
+# endif /* DANE */
rfd = sm_io_getinfo(mci->mci_in, SM_IO_WHAT_FD, NULL);
wfd = sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD, NULL);
if (rfd < 0 || wfd < 0 ||
(result = SSL_set_rfd(clt_ssl, rfd)) != 1 ||
(result = SSL_set_wfd(clt_ssl, wfd)) != 1)
{
if (LogLevel > 5)
{
sm_syslog(LOG_ERR, NOQID,
"STARTTLS=client, error: SSL_set_xfd failed=%d",
result);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, "client");
+ tlslogerr(LOG_WARNING, 9, "client");
}
return EX_SOFTWARE;
}
SSL_set_connect_state(clt_ssl);
tlsstart = curtime();
ssl_retry:
if ((result = SSL_connect(clt_ssl)) <= 0)
{
int i, ssl_err;
int save_errno = errno;
ssl_err = SSL_get_error(clt_ssl, result);
i = tls_retry(clt_ssl, rfd, wfd, tlsstart,
TimeOuts.to_starttls, ssl_err, "client");
if (i > 0)
goto ssl_retry;
if (LogLevel > 5)
{
unsigned long l;
const char *sr;
l = ERR_peek_error();
sr = ERR_reason_error_string(l);
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=client, error: connect failed=%d, reason=%s, SSL_error=%d, errno=%d, retry=%d",
result, sr == NULL ? "unknown" : sr, ssl_err,
save_errno, i);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, "client");
+ tlslogerr(LOG_WARNING, 9, "client");
}
- SSL_free(clt_ssl);
- clt_ssl = NULL;
+ SM_SSL_FREE(clt_ssl);
return EX_SOFTWARE;
}
mci->mci_ssl = clt_ssl;
result = tls_get_info(mci->mci_ssl, false, mci->mci_host,
&mci->mci_macro, true);
/* switch to use TLS... */
if (sfdctls(&mci->mci_in, &mci->mci_out, mci->mci_ssl) == 0)
return EX_OK;
/* failure */
- SSL_free(clt_ssl);
- clt_ssl = NULL;
+ SM_SSL_FREE(clt_ssl);
return EX_SOFTWARE;
}
/*
** ENDTLSCLT -- shutdown secure connection (client side)
**
** Parameters:
** mci -- the mailer connection info.
**
** Returns:
** success?
*/
static int
endtlsclt(mci)
MCI *mci;
{
int r;
if (!bitset(MCIF_TLSACT, mci->mci_flags))
return EX_OK;
- r = endtls(mci->mci_ssl, "client");
+ r = endtls(&mci->mci_ssl, "client");
mci->mci_flags &= ~MCIF_TLSACT;
return r;
}
-# endif /* STARTTLS */
-# if STARTTLS || SASL
+#endif /* STARTTLS */
+#if STARTTLS || SASL
/*
** ISCLTFLGSET -- check whether client flag is set.
**
** Parameters:
** e -- envelope.
** flag -- flag to check in {client_flags}
**
** Returns:
** true iff flag is set.
*/
static bool
iscltflgset(e, flag)
ENVELOPE *e;
int flag;
{
char *p;
p = macvalue(macid("{client_flags}"), e);
if (p == NULL)
return false;
for (; *p != '\0'; p++)
{
/* look for just this one flag */
if (*p == (char) flag)
return true;
}
return false;
}
-# endif /* STARTTLS || SASL */
+#endif /* STARTTLS || SASL */
diff --git a/src/domain.c b/src/domain.c
index 4d1b92d05c88..c45abf1acc09 100644
--- a/src/domain.c
+++ b/src/domain.c
@@ -1,1147 +1,1672 @@
/*
* Copyright (c) 1998-2004, 2006, 2010 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1986, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#include "map.h"
+#if _FFR_EAI
+#include <unicode/uidna.h>
+#endif
#if NAMED_BIND
SM_RCSID("@(#)$Id: domain.c,v 8.205 2013-11-22 20:51:55 ca Exp $ (with name server)")
-#else /* NAMED_BIND */
+#else
SM_RCSID("@(#)$Id: domain.c,v 8.205 2013-11-22 20:51:55 ca Exp $ (without name server)")
-#endif /* NAMED_BIND */
+#endif
#if NAMED_BIND
# include <arpa/inet.h>
+# include <sm_resolve.h>
+# if DANE
+# include <tls.h>
+# ifndef SM_NEG_TTL
+# define SM_NEG_TTL 60 /* "negative" TTL */
+# endif
+# endif
# ifndef MXHOSTBUFSIZE
# define MXHOSTBUFSIZE (128 * MAXMXHOSTS)
-# endif /* ! MXHOSTBUFSIZE */
+# endif
static char MXHostBuf[MXHOSTBUFSIZE];
-#if (MXHOSTBUFSIZE < 2) || (MXHOSTBUFSIZE >= INT_MAX/2)
+# if (MXHOSTBUFSIZE < 2) || (MXHOSTBUFSIZE >= INT_MAX/2)
ERROR: _MXHOSTBUFSIZE is out of range
-#endif /* (MXHOSTBUFSIZE < 2) || (MXHOSTBUFSIZE >= INT_MAX/2) */
+# endif
# ifndef MAXDNSRCH
# define MAXDNSRCH 6 /* number of possible domains to search */
-# endif /* ! MAXDNSRCH */
+# endif
# ifndef RES_DNSRCH_VARIABLE
# define RES_DNSRCH_VARIABLE _res.dnsrch
-# endif /* ! RES_DNSRCH_VARIABLE */
+# endif
# ifndef NO_DATA
# define NO_DATA NO_ADDRESS
-# endif /* ! NO_DATA */
+# endif
# ifndef HFIXEDSZ
# define HFIXEDSZ 12 /* sizeof(HEADER) */
-# endif /* ! HFIXEDSZ */
+# endif
# define MAXCNAMEDEPTH 10 /* maximum depth of CNAME recursion */
# if defined(__RES) && (__RES >= 19940415)
# define RES_UNC_T char *
-# else /* defined(__RES) && (__RES >= 19940415) */
+# else
# define RES_UNC_T unsigned char *
-# endif /* defined(__RES) && (__RES >= 19940415) */
+# endif
static int mxrand __P((char *));
static int fallbackmxrr __P((int, unsigned short *, char **));
+# if DANE
+
+/*
+** TLSAADD -- add TLSA records to dane_tlsa entry
+**
+** Parameters:
+** name -- key for stab entry (for debugging output)
+** dr -- DNS reply
+** dane_tlsa -- dane_tlsa entry
+** dnsrc -- DNS lookup return code (h_errno)
+** n -- current number of TLSA records in dane_tlsa entry
+** pttl -- (pointer to) TTL (in/out)
+** level -- recursion level (CNAMEs)
+**
+** Returns:
+** new number of TLSA records
+*/
+
+static int tlsaadd __P((const char *, DNS_REPLY_T *, dane_tlsa_P, int, int,
+ unsigned int *, int));
+
+static int
+tlsaadd(name, dr, dane_tlsa, dnsrc, n, pttl, level)
+ const char *name;
+ DNS_REPLY_T *dr;
+ dane_tlsa_P dane_tlsa;
+ int dnsrc;
+ int n;
+ unsigned int *pttl;
+ int level;
+{
+ RESOURCE_RECORD_T *rr;
+ unsigned int ttl;
+ int nprev;
+
+ if (dnsrc != 0)
+ {
+ if (tTd(8, 2))
+ sm_dprintf("tlsaadd(%s), prev=%d, dnsrc=%d\n",
+ name, dane_tlsa->dane_tlsa_dnsrc, dnsrc);
+
+ /* check previous error and keep the "most important" one? */
+ dane_tlsa->dane_tlsa_dnsrc = dnsrc;
+# if DNSSEC_TEST
+ if (tTd(8, 110))
+ *pttl = tTdlevel(8)-110; /* how to make this an option? */
+ else
+# else
+ *pttl = SM_NEG_TTL;
+# endif
+
+ return n;
+ }
+ if (dr == NULL)
+ return n;
+ if (dr->dns_r_h.ad != 1 && Dane == DANE_SECURE) /* not secure? */
+ return n;
+ ttl = *pttl;
+
+ /* first: try to find TLSA records */
+ nprev = n;
+ for (rr = dr->dns_r_head; rr != NULL && n < MAX_TLSA_RR;
+ rr = rr->rr_next)
+ {
+ int tlsa_chk;
+
+ if (rr->rr_type != T_TLSA)
+ {
+ if (rr->rr_type != T_CNAME && tTd(8, 8))
+ sm_dprintf("tlsaadd(%s), type=%s\n", name,
+ dns_type_to_string(rr->rr_type));
+ continue;
+ }
+ tlsa_chk = dane_tlsa_chk(rr->rr_u.rr_data, rr->rr_size, name,
+ true);
+ if (!TLSA_IS_VALID(tlsa_chk))
+ continue;
+
+ /*
+ ** To do: the RRs should be sorted (by "complexity") --
+ ** when more than one type is supported.
+ */
+
+ dane_tlsa->dane_tlsa_rr[n] = rr->rr_u.rr_data;
+ dane_tlsa->dane_tlsa_len[n] = rr->rr_size;
+ if (tTd(8, 2))
+ {
+ unsigned char *p;
+
+ p = rr->rr_u.rr_data;
+ sm_dprintf("tlsaadd(%s), n=%d, %d-%d-%d:%02x\n", name,
+ n, (int)p[0], (int)p[1], (int)p[2], (int)p[3]);
+ }
+
+ /* require some minimum TTL? */
+ if (ttl > rr->rr_ttl && rr->rr_ttl > 0)
+ ttl = rr->rr_ttl;
+
+ /* hack: instead of copying the data, just "take it over" */
+ rr->rr_u.rr_data = NULL;
+ ++n;
+ }
+
+ /* second: check for CNAME records, but only if no TLSA RR was added */
+ for (rr = dr->dns_r_head; rr != NULL && n < MAX_TLSA_RR && nprev == n;
+ rr = rr->rr_next)
+ {
+ DNS_REPLY_T *drc;
+ int err, herr;
+
+ if (rr->rr_type != T_CNAME)
+ continue;
+ if (level > 1)
+ {
+ if (tTd(8, 2))
+ sm_dprintf("tlsaadd(%s), CNAME=%s, level=%d\n",
+ name, rr->rr_u.rr_txt, level);
+ continue;
+ }
+
+ drc = dns_lookup_int(rr->rr_u.rr_txt, C_IN, T_TLSA, 0, 0,
+ (Dane == DANE_SECURE &&
+ !TLSA_IS_FL(dane_tlsa, TLSAFLNOADMX))
+ ? SM_RES_DNSSEC : 0,
+ RR_RAW, &err, &herr);
+
+ if (tTd(8, 2))
+ sm_dprintf("tlsaadd(%s), CNAME=%s, level=%d, dr=%p, ad=%d, err=%d, herr=%d\n",
+ name, rr->rr_u.rr_txt, level,
+ (void *)drc, drc != NULL ? drc->dns_r_h.ad : -1,
+ err, herr);
+ nprev = n = tlsaadd(name, drc, dane_tlsa, herr, n, pttl,
+ level + 1);
+ dns_free_data(drc);
+ drc = NULL;
+ }
+
+ *pttl = ttl;
+ return n;
+}
+
+/*
+** GETTLSA -- get TLSA records for named host using DNS
+**
+** Parameters:
+** host -- host
+** name -- name for stab entry key (if NULL: host)
+** pste -- (pointer to) stab entry (output)
+** flags -- TLSAFL*
+** mxttl -- TTL of MX (or host)
+** port -- port
+**
+** Returns:
+** The number of TLSA records found.
+** <0 if there is an internal failure.
+**
+** Side effects:
+** Enters TLSA RRs into stab().
+** If the DNS lookup fails temporarily, an "empty" entry is
+** created with that DNS error code.
+*/
+
+int
+gettlsa(host, name, pste, flags, mxttl, port)
+ char *host;
+ char *name;
+ STAB **pste;
+ unsigned long flags;
+ unsigned int mxttl;
+ unsigned int port;
+{
+ DNS_REPLY_T *dr;
+ dane_tlsa_P dane_tlsa;
+ STAB *ste;
+ time_t now;
+ unsigned int ttl;
+ int n_rrs, len, err, herr;
+ bool isrname;
+ char nbuf[MAXDNAME];
+ char key[MAXDNAME];
+
+ SM_REQUIRE(host != NULL);
+ if (pste != NULL)
+ *pste = NULL;
+ if ('\0' == *host)
+ return 0;
+
+ isrname = NULL == name;
+ if (isrname)
+ name = host;
+ now = 0;
+ n_rrs = 0;
+ dr = NULL;
+ dane_tlsa = NULL;
+ len = strlen(name);
+ if (len > 1 && name[len - 1] == '.')
+ {
+ len--;
+ name[len] = '\0';
+ }
+ else
+ len = -1;
+ if (0 == port || tTd(66, 10))
+ port = 25;
+ (void) sm_snprintf(key, sizeof(key), "_%u..%s", port, name);
+ ste = stab(key, ST_TLSA_RR, ST_FIND);
+ if (tTd(8, 2))
+ sm_dprintf("gettlsa(%s, %s, ste=%p, pste=%p, flags=%lX, port=%d)\n",
+ host, isrname ? "" : name, (void *)ste, (void *)pste,
+ flags, port);
+
+ if (ste != NULL)
+ {
+ dane_tlsa = ste->s_tlsa;
+ if ((TLSAFLADMX & flags) != 0)
+ TLSA_CLR_FL(ste->s_tlsa, TLSAFLNOADMX);
+ }
+
+ /* Do not reload TLSA RRs if the MX RRs were not securely retrieved. */
+ if (pste != NULL
+ && dane_tlsa != NULL && TLSA_IS_FL(dane_tlsa, TLSAFLNOADMX)
+ && DANE_SECURE == Dane)
+ goto end;
+
+ if (ste != NULL)
+ {
+ SM_ASSERT(dane_tlsa != NULL);
+ now = curtime();
+ if (dane_tlsa->dane_tlsa_exp <= now
+ && 0 == (TLSAFLNOEXP & flags))
+ dane_tlsa_clr(dane_tlsa);
+ else
+ {
+ n_rrs = dane_tlsa->dane_tlsa_n;
+ goto end;
+ }
+ }
+
+ if (dane_tlsa == NULL)
+ {
+ dane_tlsa = (dane_tlsa_P) sm_malloc(sizeof(*dane_tlsa));
+ if (dane_tlsa == NULL)
+ {
+ n_rrs = -ENOMEM;
+ goto end;
+ }
+ memset(dane_tlsa, '\0', sizeof(*dane_tlsa));
+ }
+
+ /* There are flags to store -- just set those, do nothing else. */
+ if (TLSA_STORE_FL(flags))
+ {
+ dane_tlsa->dane_tlsa_flags = flags;
+ ttl = mxttl > 0 ? mxttl: SM_DEFAULT_TTL;
+ goto done;
+ }
+
+ (void) sm_snprintf(nbuf, sizeof(nbuf), "_%u._tcp.%s", port, host);
+ dr = dns_lookup_int(nbuf, C_IN, T_TLSA, 0, 0,
+ TLSA_IS_FL(dane_tlsa, TLSAFLNOADMX) ? 0 : SM_RES_DNSSEC,
+ RR_RAW, &err, &herr);
+ if (tTd(8, 2))
+ sm_dprintf("gettlsa(%s), dr=%p, ad=%d, err=%d, herr=%d\n", host,
+ (void *)dr, dr != NULL ? dr->dns_r_h.ad : -1, err, herr);
+ ttl = UINT_MAX;
+ n_rrs = tlsaadd(key, dr, dane_tlsa, herr, n_rrs, &ttl, 0);
+
+ /* no valid entries found? */
+ if (n_rrs == 0 && !TLSA_RR_TEMPFAIL(dane_tlsa))
+ {
+ if (tTd(8, 2))
+ sm_dprintf("gettlsa(%s), n_rrs=%d, herr=%d, status=NOT_ADDED\n",
+ host, n_rrs, dane_tlsa->dane_tlsa_dnsrc);
+ goto cleanup;
+ }
+
+ done:
+ dane_tlsa->dane_tlsa_n = n_rrs;
+ if (!isrname)
+ {
+ SM_FREE(dane_tlsa->dane_tlsa_sni);
+ dane_tlsa->dane_tlsa_sni = sm_strdup(host);
+ }
+ if (NULL == ste)
+ {
+ ste = stab(key, ST_TLSA_RR, ST_ENTER);
+ if (NULL == ste)
+ goto error;
+ }
+ ste->s_tlsa = dane_tlsa;
+ if (now == 0)
+ now = curtime();
+ dane_tlsa->dane_tlsa_exp = now + SM_MIN(ttl, SM_DEFAULT_TTL);
+ dns_free_data(dr);
+ dr = NULL;
+ goto end;
+
+ error:
+ if (tTd(8, 2))
+ sm_dprintf("gettlsa(%s, %s), status=error\n", host, key);
+ n_rrs = -1;
+ cleanup:
+ if (NULL == ste)
+ dane_tlsa_free(dane_tlsa);
+ dns_free_data(dr);
+ dr = NULL;
+
+ end:
+ if (pste != NULL && ste != NULL)
+ *pste = ste;
+ if (len > 0)
+ host[len] = '.';
+ return n_rrs;
+}
+# endif /* DANE */
+
/*
** GETFALLBACKMXRR -- get MX resource records for fallback MX host.
**
** We have to initialize this once before doing anything else.
** Moreover, we have to repeat this from time to time to avoid
** stale data, e.g., in persistent queue runners.
** This should be done in a parent process so the child
** processes have the right data.
**
** Parameters:
** host -- the name of the fallback MX host.
**
** Returns:
** number of MX records.
**
** Side Effects:
** Populates NumFallbackMXHosts and fbhosts.
** Sets renewal time (based on TTL).
*/
int NumFallbackMXHosts = 0; /* Number of fallback MX hosts (after MX expansion) */
static char *fbhosts[MAXMXHOSTS + 1];
int
getfallbackmxrr(host)
char *host;
{
int i, rcode;
int ttl;
static time_t renew = 0;
#if 0
/* This is currently done before this function is called. */
if (host == NULL || *host == '\0')
return 0;
#endif /* 0 */
if (NumFallbackMXHosts > 0 && renew > curtime())
return NumFallbackMXHosts;
+
+ /* for DANE we need to invoke getmxrr() to get the TLSA RRs. */
+#if !DANE
if (host[0] == '[')
{
fbhosts[0] = host;
NumFallbackMXHosts = 1;
}
else
+#endif
{
/* free old data */
for (i = 0; i < NumFallbackMXHosts; i++)
sm_free(fbhosts[i]);
- /* get new data */
- NumFallbackMXHosts = getmxrr(host, fbhosts, NULL, false,
- &rcode, false, &ttl);
+ /*
+ ** Get new data.
+ ** Note: passing 0 as port is not correct but we cannot
+ ** determine the port number as there is no mailer.
+ */
+
+ NumFallbackMXHosts = getmxrr(host, fbhosts, NULL,
+#if DANE
+ (DANE_SECURE == Dane) ? ISAD :
+#endif
+ 0,
+ &rcode, &ttl, 0);
renew = curtime() + ttl;
for (i = 0; i < NumFallbackMXHosts; i++)
fbhosts[i] = newstr(fbhosts[i]);
}
+ if (NumFallbackMXHosts == NULLMX)
+ NumFallbackMXHosts = 0;
return NumFallbackMXHosts;
}
/*
** FALLBACKMXRR -- add MX resource records for fallback MX host to list.
**
** Parameters:
** nmx -- current number of MX records.
** prefs -- array of preferences.
** mxhosts -- array of MX hosts (maximum size: MAXMXHOSTS)
**
** Returns:
** new number of MX records.
**
** Side Effects:
** If FallbackMX was set, it appends the MX records for
** that host to mxhosts (and modifies prefs accordingly).
*/
static int
fallbackmxrr(nmx, prefs, mxhosts)
int nmx;
unsigned short *prefs;
char **mxhosts;
{
int i;
for (i = 0; i < NumFallbackMXHosts && nmx < MAXMXHOSTS; i++)
{
if (nmx > 0)
prefs[nmx] = prefs[nmx - 1] + 1;
else
prefs[nmx] = 0;
mxhosts[nmx++] = fbhosts[i];
}
return nmx;
}
/*
** GETMXRR -- get MX resource records for a domain
**
** Parameters:
** host -- the name of the host to MX.
** mxhosts -- a pointer to a return buffer of MX records.
** mxprefs -- a pointer to a return buffer of MX preferences.
** If NULL, don't try to populate.
-** droplocalhost -- If true, all MX records less preferred
+** flags -- flags:
+** DROPLOCALHOSt -- If true, all MX records less preferred
** than the local host (as determined by $=w) will
** be discarded.
+** TRYFALLBACK -- add also fallback MX host?
+** ISAD -- host lookup was secure?
** rcode -- a pointer to an EX_ status code.
-** tryfallback -- add also fallback MX host?
** pttl -- pointer to return TTL (can be NULL).
**
** Returns:
** The number of MX records found.
** -1 if there is an internal failure.
** If no MX records are found, mxhosts[0] is set to host
** and 1 is returned.
**
** Side Effects:
** The entries made for mxhosts point to a static array
** MXHostBuf[MXHOSTBUFSIZE], so the data needs to be copied,
** if it must be preserved across calls to this function.
*/
int
-getmxrr(host, mxhosts, mxprefs, droplocalhost, rcode, tryfallback, pttl)
+getmxrr(host, mxhosts, mxprefs, flags, rcode, pttl, port)
char *host;
char **mxhosts;
unsigned short *mxprefs;
- bool droplocalhost;
+ unsigned int flags;
int *rcode;
- bool tryfallback;
int *pttl;
+ int port;
{
register unsigned char *eom, *cp;
register int i, j, n;
int nmx = 0;
register char *bp;
HEADER *hp;
querybuf answer;
int ancount, qdcount, buflen;
bool seenlocal = false;
unsigned short pref, type;
unsigned short localpref = 256;
char *fallbackMX = FallbackMX;
bool trycanon = false;
unsigned short *prefs;
int (*resfunc) __P((const char *, int, int, u_char *, int));
unsigned short prefer[MAXMXHOSTS];
int weight[MAXMXHOSTS];
int ttl = 0;
+ bool ad;
+ bool seennullmx = false;
extern int res_query(), res_search();
+# if DANE
+ bool cname2mx;
+ char qname[MAXNAME];
+ unsigned long old_options = 0;
+# endif
if (tTd(8, 2))
- sm_dprintf("getmxrr(%s, droplocalhost=%d)\n",
- host, droplocalhost);
+ sm_dprintf("getmxrr(%s, droplocalhost=%d, flags=%X, port=%d)\n",
+ host, (flags & DROPLOCALHOST) != 0, flags, port);
+ ad = (flags & ISAD) != 0;
*rcode = EX_OK;
if (pttl != NULL)
*pttl = SM_DEFAULT_TTL;
if (*host == '\0')
return 0;
-
- if ((fallbackMX != NULL && droplocalhost &&
- wordinclass(fallbackMX, 'w')) || !tryfallback)
+# if DANE
+ cname2mx = false;
+ qname[0] = '\0';
+ old_options = _res.options;
+ if (ad)
+ _res.options |= SM_RES_DNSSEC;
+# endif
+
+ if ((fallbackMX != NULL && (flags & DROPLOCALHOST) != 0 &&
+ wordinclass(fallbackMX, 'w')) || (flags & TRYFALLBACK) == 0)
{
/* don't use fallback for this pass */
fallbackMX = NULL;
}
if (mxprefs != NULL)
prefs = mxprefs;
else
prefs = prefer;
/* efficiency hack -- numeric or non-MX lookups */
if (host[0] == '[')
goto punt;
+# if DANE
+ /*
+ ** NOTE: This only works if nocanonify is used,
+ ** otherwise the name is already rewritten.
+ */
+
+ /* always or only when "needed"? */
+ if (DANE_ALWAYS == Dane || (ad && DANE_SECURE == Dane))
+ (void) sm_strlcpy(qname, host, sizeof(qname));
+# endif /* DANE */
+
+# if _FFR_EAI
+ if (!addr_is_ascii(host))
+ {
+ char buf[1024];
+ UErrorCode error = U_ZERO_ERROR;
+ UIDNAInfo info = UIDNA_INFO_INITIALIZER;
+ UIDNA *idna;
+
+ idna = uidna_openUTS46(UIDNA_NONTRANSITIONAL_TO_ASCII, &error);
+ (void) uidna_nameToASCII_UTF8(idna, host, strlen(host),
+ buf, sizeof(buf) - 1,
+ &info, &error);
+ uidna_close(idna);
+ host = sm_rpool_strdup_x(CurEnv->e_rpool, buf);
+ }
+# endif /* _FFR_EAI */
+
/*
** If we don't have MX records in our host switch, don't
** try for MX records. Note that this really isn't "right",
** since we might be set up to try NIS first and then DNS;
** if the host is found in NIS we really shouldn't be doing
** MX lookups. However, that should be a degenerate case.
*/
if (!UseNameServer)
goto punt;
if (HasWildcardMX && ConfigLevel >= 6)
resfunc = res_query;
else
resfunc = res_search;
+# if DNSSEC_TEST
+ if (tTd(8, 110))
+ resfunc = tstdns_search;
+# endif
errno = 0;
+ hp = (HEADER *)&answer;
n = (*resfunc)(host, C_IN, T_MX, (unsigned char *) &answer,
sizeof(answer));
if (n < 0)
{
if (tTd(8, 1))
- sm_dprintf("getmxrr: res_search(%s) failed (errno=%d, h_errno=%d)\n",
- host, errno, h_errno);
+# if DNSSEC_TEST
+ sm_dprintf("getmxrr: res_search(%s) failed (errno=%d (%s), h_errno=%d (%s))\n",
+ host, errno, strerror(errno),
+ h_errno, herrno2txt(h_errno));
+# else
+ sm_dprintf("getmxrr: res_search(%s) failed, h_errno=%d\n",
+ host, h_errno);
+# endif
switch (h_errno)
{
case NO_DATA:
trycanon = true;
/* FALLTHROUGH */
case NO_RECOVERY:
/* no MX data on this host */
goto punt;
case HOST_NOT_FOUND:
# if BROKEN_RES_SEARCH
- case 0: /* Ultrix resolver retns failure w/ h_errno=0 */
-# endif /* BROKEN_RES_SEARCH */
+ case 0: /* Ultrix resolver returns failure w/ h_errno=0 */
+# endif
/* host doesn't exist in DNS; might be in /etc/hosts */
trycanon = true;
*rcode = EX_NOHOST;
goto punt;
case TRY_AGAIN:
case -1:
/* couldn't connect to the name server */
if (fallbackMX != NULL)
{
/* name server is hosed -- push to fallback */
- return fallbackmxrr(nmx, prefs, mxhosts);
+ nmx = fallbackmxrr(nmx, prefs, mxhosts);
+ goto done;
}
/* it might come up later; better queue it up */
*rcode = EX_TEMPFAIL;
break;
default:
syserr("getmxrr: res_search (%s) failed with impossible h_errno (%d)",
host, h_errno);
*rcode = EX_OSERR;
break;
}
/* irreconcilable differences */
- return -1;
+ goto error;
}
+ ad = ad && hp->ad;
+ if (tTd(8, 2))
+ sm_dprintf("getmxrr(%s), hp=%p, ad=%d\n", host, (void*)hp, ad);
+
/* avoid problems after truncation in tcp packets */
if (n > sizeof(answer))
n = sizeof(answer);
/* find first satisfactory answer */
- hp = (HEADER *)&answer;
cp = (unsigned char *)&answer + HFIXEDSZ;
eom = (unsigned char *)&answer + n;
+
for (qdcount = ntohs((unsigned short) hp->qdcount);
qdcount--;
cp += n + QFIXEDSZ)
{
if ((n = dn_skipname(cp, eom)) < 0)
goto punt;
}
/* NOTE: see definition of MXHostBuf! */
buflen = sizeof(MXHostBuf) - 1;
SM_ASSERT(buflen > 0);
bp = MXHostBuf;
ancount = ntohs((unsigned short) hp->ancount);
/* See RFC 1035 for layout of RRs. */
/* XXX leave room for FallbackMX ? */
while (--ancount >= 0 && cp < eom && nmx < MAXMXHOSTS - 1)
{
if ((n = dn_expand((unsigned char *)&answer, eom, cp,
(RES_UNC_T) bp, buflen)) < 0)
break;
cp += n;
GETSHORT(type, cp);
cp += INT16SZ; /* skip over class */
GETLONG(ttl, cp);
GETSHORT(n, cp); /* rdlength */
+# if DANE
+ if (type == T_CNAME)
+ cname2mx = true;
+# endif
if (type != T_MX)
{
- if (tTd(8, 8) || _res.options & RES_DEBUG)
- sm_dprintf("unexpected answer type %d, size %d\n",
- type, n);
+ if ((tTd(8, 8) || _res.options & RES_DEBUG)
+# if DANE
+ && type != T_RRSIG
+# endif
+ )
+ sm_dprintf("unexpected answer type %s, size %d\n",
+ dns_type_to_string(type), n);
cp += n;
continue;
}
GETSHORT(pref, cp);
if ((n = dn_expand((unsigned char *)&answer, eom, cp,
(RES_UNC_T) bp, buflen)) < 0)
break;
cp += n;
n = strlen(bp);
-# if 0
- /* Can this happen? */
- if (n == 0)
- {
- if (LogLevel > 4)
- sm_syslog(LOG_ERR, NOQID,
- "MX records for %s contain empty string",
- host);
- continue;
- }
-# endif /* 0 */
+
+ /* Support for RFC7505 "MX 0 ." */
+ if (pref == 0 && *bp == '\0')
+ seennullmx = true;
+
if (wordinclass(bp, 'w'))
{
if (tTd(8, 3))
sm_dprintf("found localhost (%s) in MX list, pref=%d\n",
bp, pref);
- if (droplocalhost)
+ if ((flags & DROPLOCALHOST) != 0)
{
if (!seenlocal || pref < localpref)
localpref = pref;
seenlocal = true;
continue;
}
weight[nmx] = 0;
}
else
weight[nmx] = mxrand(bp);
prefs[nmx] = pref;
mxhosts[nmx++] = bp;
+# if DANE
+ if (CHK_DANE(Dane) && port >= 0)
+ {
+ int nrr;
+ unsigned long flags;
+
+ flags = ad ? TLSAFLADMX : TLSAFLNOADMX;
+ nrr = gettlsa(bp, NULL, NULL, flags, ttl, port);
+
+ /* Only check qname if no TLSA RRs were found */
+ if (0 == nrr && cname2mx && '\0' != qname[0] &&
+ strcmp(qname, bp))
+ gettlsa(qname, bp, NULL, flags, ttl, port);
+ /* XXX is this the right ad flag? */
+ }
+# endif
+
+ /*
+ ** Note: n can be 0 for something like:
+ ** host MX 0 .
+ ** See RFC 7505
+ */
+
bp += n;
- if (bp[-1] != '.')
+ if (0 == n || bp[-1] != '.')
{
*bp++ = '.';
n++;
}
*bp++ = '\0';
if (buflen < n + 1)
{
/* don't want to wrap buflen */
break;
}
buflen -= n + 1;
}
+ /* Support for RFC7505 "MX 0 ." */
+ if (seennullmx && nmx == 1)
+ {
+ if (tTd(8, 4))
+ sm_dprintf("getmxrr: Null MX record found, domain doesn't accept mail (RFC7505)\n");
+ *rcode = EX_UNAVAILABLE;
+ return NULLMX;
+ }
+
/* return only one TTL entry, that should be sufficient */
if (ttl > 0 && pttl != NULL)
*pttl = ttl;
/* sort the records */
for (i = 0; i < nmx; i++)
{
for (j = i + 1; j < nmx; j++)
{
if (prefs[i] > prefs[j] ||
(prefs[i] == prefs[j] && weight[i] > weight[j]))
{
register int temp;
register char *temp1;
temp = prefs[i];
prefs[i] = prefs[j];
prefs[j] = temp;
temp1 = mxhosts[i];
mxhosts[i] = mxhosts[j];
mxhosts[j] = temp1;
temp = weight[i];
weight[i] = weight[j];
weight[j] = temp;
}
}
if (seenlocal && prefs[i] >= localpref)
{
/* truncate higher preference part of list */
nmx = i;
}
}
/* delete duplicates from list (yes, some bozos have duplicates) */
for (i = 0; i < nmx - 1; )
{
if (sm_strcasecmp(mxhosts[i], mxhosts[i + 1]) != 0)
i++;
else
{
/* compress out duplicate */
for (j = i + 1; j < nmx; j++)
{
mxhosts[j] = mxhosts[j + 1];
prefs[j] = prefs[j + 1];
}
nmx--;
}
}
if (nmx == 0)
{
punt:
if (seenlocal)
{
struct hostent *h = NULL;
/*
** If we have deleted all MX entries, this is
** an error -- we should NEVER send to a host that
** has an MX, and this should have been caught
** earlier in the config file.
**
** Some sites prefer to go ahead and try the
** A record anyway; that case is handled by
** setting TryNullMXList. I believe this is a
** bad idea, but it's up to you....
*/
if (TryNullMXList)
{
SM_SET_H_ERRNO(0);
errno = 0;
h = sm_gethostbyname(host, AF_INET);
if (h == NULL)
{
if (errno == ETIMEDOUT ||
h_errno == TRY_AGAIN ||
(errno == ECONNREFUSED &&
UseNameServer))
{
*rcode = EX_TEMPFAIL;
- return -1;
+ goto error;
}
# if NETINET6
SM_SET_H_ERRNO(0);
errno = 0;
h = sm_gethostbyname(host, AF_INET6);
if (h == NULL &&
(errno == ETIMEDOUT ||
h_errno == TRY_AGAIN ||
(errno == ECONNREFUSED &&
UseNameServer)))
{
*rcode = EX_TEMPFAIL;
- return -1;
+ goto error;
}
# endif /* NETINET6 */
}
}
if (h == NULL)
{
*rcode = EX_CONFIG;
syserr("MX list for %s points back to %s",
host, MyHostName);
- return -1;
+ goto error;
}
# if NETINET6
freehostent(h);
h = NULL;
-# endif /* NETINET6 */
+# endif
}
if (strlen(host) >= sizeof(MXHostBuf))
{
*rcode = EX_CONFIG;
syserr("Host name %s too long",
shortenstring(host, MAXSHORTSTR));
- return -1;
+ goto error;
}
(void) sm_strlcpy(MXHostBuf, host, sizeof(MXHostBuf));
mxhosts[0] = MXHostBuf;
prefs[0] = 0;
if (host[0] == '[')
{
register char *p;
# if NETINET6
struct sockaddr_in6 tmp6;
-# endif /* NETINET6 */
+# endif
/* this may be an MX suppression-style address */
p = strchr(MXHostBuf, ']');
if (p != NULL)
{
*p = '\0';
if (inet_addr(&MXHostBuf[1]) != INADDR_NONE)
{
nmx++;
*p = ']';
}
# if NETINET6
else if (anynet_pton(AF_INET6, &MXHostBuf[1],
&tmp6.sin6_addr) == 1)
{
nmx++;
*p = ']';
}
# endif /* NETINET6 */
else
{
trycanon = true;
mxhosts[0]++;
}
}
}
if (trycanon &&
- getcanonname(mxhosts[0], sizeof(MXHostBuf) - 2, false, pttl))
+ (n = getcanonname(mxhosts[0], sizeof(MXHostBuf) - 2, false,
+ pttl)) != HOST_NOTFOUND)
{
/* XXX MXHostBuf == "" ? is that possible? */
bp = &MXHostBuf[strlen(MXHostBuf)];
if (bp[-1] != '.')
{
*bp++ = '.';
*bp = '\0';
}
nmx = 1;
+# if DANE
+ if (tTd(8, 3))
+ sm_dprintf("getmxrr=%s, getcanonname=%d\n",
+ mxhosts[0], n);
+ if (CHK_DANE(Dane) && port >= 0)
+ {
+ int nrr;
+ unsigned long flags;
+ unsigned int cttl;
+
+ if (pttl != NULL)
+ cttl = *pttl;
+ else if (ttl > 0)
+ cttl = ttl;
+ else
+ cttl = SM_DEFAULT_TTL;
+
+ flags = (ad && n == HOST_SECURE)
+ ? TLSAFLADMX : TLSAFLNOADMX;
+ nrr = gettlsa(mxhosts[0], NULL, NULL, flags,
+ cttl, port);
+
+ /*
+ ** Only check qname if no TLSA RRs were found
+ ** XXX: what about (temp) DNS errors?
+ */
+
+ if (0 == nrr && '\0' != qname[0] &&
+ strcmp(qname, mxhosts[0]))
+ gettlsa(qname, mxhosts[0], NULL, flags,
+ cttl, port);
+ /* XXX is this the right ad flag? */
+ }
+# endif
}
}
/* if we have a default lowest preference, include that */
if (fallbackMX != NULL && !seenlocal)
{
+ /* TODO: DNSsec status of fallbacks */
nmx = fallbackmxrr(nmx, prefs, mxhosts);
}
+ done:
+# if DANE
+ _res.options = old_options;
+# endif
return nmx;
+
+ error:
+# if DANE
+ _res.options = old_options;
+# endif
+ return -1;
}
+
/*
** MXRAND -- create a randomizer for equal MX preferences
**
** If two MX hosts have equal preferences we want to randomize
** the selection. But in order for signatures to be the same,
** we need to randomize the same way each time. This function
** computes a pseudo-random hash function from the host name.
**
** Parameters:
** host -- the name of the host.
**
** Returns:
** A random but repeatable value based on the host name.
*/
static int
mxrand(host)
register char *host;
{
int hfunc;
static unsigned int seed;
if (seed == 0)
{
seed = (int) curtime() & 0xffff;
if (seed == 0)
seed++;
}
if (tTd(17, 9))
sm_dprintf("mxrand(%s)", host);
hfunc = seed;
while (*host != '\0')
{
int c = *host++;
if (isascii(c) && isupper(c))
c = tolower(c);
hfunc = ((hfunc << 1) ^ c) % 2003;
}
hfunc &= 0xff;
hfunc++;
if (tTd(17, 9))
sm_dprintf(" = %d\n", hfunc);
return hfunc;
}
/*
** BESTMX -- find the best MX for a name
**
** This is really a hack, but I don't see any obvious way
** to generalize it at the moment.
*/
/* ARGSUSED3 */
char *
bestmx_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
int nmx;
int saveopts = _res.options;
int i;
ssize_t len = 0;
char *result;
char *mxhosts[MAXMXHOSTS + 1];
-#if _FFR_BESTMX_BETTER_TRUNCATION
+# if _FFR_BESTMX_BETTER_TRUNCATION
char *buf;
-#else /* _FFR_BESTMX_BETTER_TRUNCATION */
+# else
char *p;
char buf[PSBUFSIZE / 2];
-#endif /* _FFR_BESTMX_BETTER_TRUNCATION */
+# endif
_res.options &= ~(RES_DNSRCH|RES_DEFNAMES);
- nmx = getmxrr(name, mxhosts, NULL, false, statp, false, NULL);
+ nmx = getmxrr(name, mxhosts, NULL, 0, statp, NULL, -1);
_res.options = saveopts;
if (nmx <= 0)
return NULL;
if (bitset(MF_MATCHONLY, map->map_mflags))
return map_rewrite(map, name, strlen(name), NULL);
if ((map->map_coldelim == '\0') || (nmx == 1))
return map_rewrite(map, mxhosts[0], strlen(mxhosts[0]), av);
/*
** We were given a -z flag (return all MXs) and there are multiple
** ones. We need to build them all into a list.
*/
-#if _FFR_BESTMX_BETTER_TRUNCATION
+# if _FFR_BESTMX_BETTER_TRUNCATION
for (i = 0; i < nmx; i++)
{
if (strchr(mxhosts[i], map->map_coldelim) != NULL)
{
syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X",
mxhosts[i], map->map_coldelim);
return NULL;
}
len += strlen(mxhosts[i]) + 1;
if (len < 0)
{
len -= strlen(mxhosts[i]) + 1;
break;
}
}
buf = (char *) sm_malloc(len);
if (buf == NULL)
{
*statp = EX_UNAVAILABLE;
return NULL;
}
*buf = '\0';
for (i = 0; i < nmx; i++)
{
int end;
end = sm_strlcat(buf, mxhosts[i], len);
if (i != nmx && end + 1 < len)
{
buf[end] = map->map_coldelim;
buf[end + 1] = '\0';
}
}
/* Cleanly truncate for rulesets */
truncate_at_delim(buf, PSBUFSIZE / 2, map->map_coldelim);
-#else /* _FFR_BESTMX_BETTER_TRUNCATION */
+# else /* _FFR_BESTMX_BETTER_TRUNCATION */
p = buf;
for (i = 0; i < nmx; i++)
{
size_t slen;
if (strchr(mxhosts[i], map->map_coldelim) != NULL)
{
syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X",
mxhosts[i], map->map_coldelim);
return NULL;
}
slen = strlen(mxhosts[i]);
if (len + slen + 2 > sizeof(buf))
break;
if (i > 0)
{
*p++ = map->map_coldelim;
len++;
}
(void) sm_strlcpy(p, mxhosts[i], sizeof(buf) - len);
p += slen;
len += slen;
}
-#endif /* _FFR_BESTMX_BETTER_TRUNCATION */
+# endif /* _FFR_BESTMX_BETTER_TRUNCATION */
result = map_rewrite(map, buf, len, av);
-#if _FFR_BESTMX_BETTER_TRUNCATION
+# if _FFR_BESTMX_BETTER_TRUNCATION
sm_free(buf);
-#endif /* _FFR_BESTMX_BETTER_TRUNCATION */
+# endif
return result;
}
/*
** DNS_GETCANONNAME -- get the canonical name for named host using DNS
**
** This algorithm tries to be smart about wildcard MX records.
** This is hard to do because DNS doesn't tell is if we matched
** against a wildcard or a specific MX.
**
** We always prefer A & CNAME records, since these are presumed
** to be specific.
**
** If we match an MX in one pass and lose it in the next, we use
** the old one. For example, consider an MX matching *.FOO.BAR.COM.
** A hostname bletch.foo.bar.com will match against this MX, but
** will stop matching when we try bletch.bar.com -- so we know
** that bletch.foo.bar.com must have been right. This fails if
** there was also an MX record matching *.BAR.COM, but there are
** some things that just can't be fixed.
**
** Parameters:
** host -- a buffer containing the name of the host.
** This is a value-result parameter.
** hbsize -- the size of the host buffer.
** trymx -- if set, try MX records as well as A and CNAME.
** statp -- pointer to place to store status.
** pttl -- pointer to return TTL (can be NULL).
**
** Returns:
-** true -- if the host matched.
-** false -- otherwise.
+** >0 -- if the host was found.
+** 0 -- otherwise.
*/
-bool
+int
dns_getcanonname(host, hbsize, trymx, statp, pttl)
char *host;
int hbsize;
bool trymx;
int *statp;
int *pttl;
{
register unsigned char *eom, *ap;
register char *cp;
register int n;
HEADER *hp;
querybuf answer;
- int ancount, qdcount;
- int ret;
+ int ancount, qdcount, ret, type, qtype, initial, loopcnt, ttl, sli;
char **domain;
- int type;
- int ttl = 0;
- char **dp;
+ char *dp;
char *mxmatch;
- bool amatch;
- bool gotmx = false;
- int qtype;
- int initial;
- int loopcnt;
+ bool amatch, gotmx, ad;
char nbuf[SM_MAX(MAXPACKET, MAXDNAME*2+2)];
- char *searchlist[MAXDNSRCH + 2];
-
+# if DNSSEC_TEST
+# define ADDSL 1 /* NameSearchList may add another entry to searchlist! */
+# else
+# define ADDSL 0
+# endif
+ char *searchlist[MAXDNSRCH + 2 + ADDSL];
+# define SLSIZE SM_ARRAY_SIZE(searchlist)
+ int (*resqdomain) __P((const char *, const char *, int, int, unsigned char *, int));
+# if DANE
+ unsigned long old_options = 0;
+# endif
+
+ ttl = 0;
+ gotmx = false;
+ ad = true;
if (tTd(8, 2))
sm_dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx);
if ((_res.options & RES_INIT) == 0 && res_init() == -1)
{
*statp = EX_UNAVAILABLE;
- return false;
+ return HOST_NOTFOUND;
}
+# if DANE
+ old_options = _res.options;
+ if (DANE_SECURE == Dane)
+ _res.options |= SM_RES_DNSSEC;
+# endif
+
*statp = EX_OK;
+ resqdomain = res_querydomain;
+# if DNSSEC_TEST
+ if (tTd(8, 110))
+ resqdomain = tstdns_querydomain;
+# endif
/*
** Initialize domain search list. If there is at least one
** dot in the name, search the unmodified name first so we
** find "vse.CS" in Czechoslovakia instead of in the local
** domain (e.g., vse.CS.Berkeley.EDU). Note that there is no
** longer a country named Czechoslovakia but this type of problem
** is still present.
**
** Older versions of the resolver could create this
** list by tearing apart the host name.
*/
loopcnt = 0;
cnameloop:
/* Check for dots in the name */
for (cp = host, n = 0; *cp != '\0'; cp++)
if (*cp == '.')
n++;
/*
** Build the search list.
** If there is at least one dot in name, start with a null
** domain to search the unmodified name first.
** If name does not end with a dot and search up local domain
** tree desired, append each local domain component to the
** search list; if name contains no dots and default domain
** name is desired, append default domain name to search list;
** else if name ends in a dot, remove that dot.
*/
- dp = searchlist;
+ sli = 0;
if (n > 0)
- *dp++ = "";
+ searchlist[sli++] = "";
+# if DNSSEC_TEST
+ if (NameSearchList != NULL)
+ {
+ SM_ASSERT(sli < SLSIZE);
+ searchlist[sli++] = NameSearchList;
+ }
+# endif
if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, _res.options))
{
/* make sure there are less than MAXDNSRCH domains */
for (domain = RES_DNSRCH_VARIABLE, ret = 0;
- *domain != NULL && ret < MAXDNSRCH;
+ *domain != NULL && ret < MAXDNSRCH && sli < SLSIZE;
ret++)
- *dp++ = *domain++;
+ searchlist[sli++] = *domain++;
}
else if (n == 0 && bitset(RES_DEFNAMES, _res.options))
{
- *dp++ = _res.defdname;
+ SM_ASSERT(sli < SLSIZE);
+ searchlist[sli++] = _res.defdname;
}
else if (*cp == '.')
{
*cp = '\0';
}
- *dp = NULL;
+ SM_ASSERT(sli < SLSIZE);
+ searchlist[sli] = NULL;
/*
** Now loop through the search list, appending each domain in turn
** name and searching for a match.
*/
mxmatch = NULL;
initial = T_A;
# if NETINET6
if (InetMode == AF_INET6)
initial = T_AAAA;
-# endif /* NETINET6 */
+# endif
qtype = initial;
- for (dp = searchlist; *dp != NULL; )
+ for (sli = 0; sli < SLSIZE; )
{
+ dp = searchlist[sli];
+ if (NULL == dp)
+ break;
if (qtype == initial)
gotmx = false;
if (tTd(8, 5))
sm_dprintf("dns_getcanonname: trying %s.%s (%s)\n",
- host, *dp,
+ host, dp,
# if NETINET6
qtype == T_AAAA ? "AAAA" :
-# endif /* NETINET6 */
+# endif
qtype == T_A ? "A" :
qtype == T_MX ? "MX" :
"???");
errno = 0;
- ret = res_querydomain(host, *dp, C_IN, qtype,
+ hp = (HEADER *) &answer;
+ ret = (*resqdomain)(host, dp, C_IN, qtype,
answer.qb2, sizeof(answer.qb2));
if (ret <= 0)
{
int save_errno = errno;
if (tTd(8, 7))
sm_dprintf("\tNO: errno=%d, h_errno=%d\n",
save_errno, h_errno);
if (save_errno == ECONNREFUSED || h_errno == TRY_AGAIN)
{
/*
** the name server seems to be down or broken.
*/
SM_SET_H_ERRNO(TRY_AGAIN);
- if (**dp == '\0')
+ if (*dp == '\0')
{
if (*statp == EX_OK)
*statp = EX_TEMPFAIL;
goto nexttype;
}
*statp = EX_TEMPFAIL;
if (WorkAroundBrokenAAAA)
{
/*
** Only return if not TRY_AGAIN as an
** attempt with a different qtype may
** succeed (res_querydomain() calls
** res_query() calls res_send() which
** sets errno to ETIMEDOUT if the
** nameservers could be contacted but
** didn't give an answer).
*/
if (save_errno != ETIMEDOUT)
- return false;
+ goto error;
}
else
- return false;
+ goto error;
}
nexttype:
if (h_errno != HOST_NOT_FOUND)
{
/* might have another type of interest */
# if NETINET6
if (qtype == T_AAAA)
{
qtype = T_A;
continue;
}
else
# endif /* NETINET6 */
if (qtype == T_A && !gotmx &&
- (trymx || **dp == '\0'))
+ (trymx || *dp == '\0'))
{
qtype = T_MX;
continue;
}
}
/* definite no -- try the next domain */
- dp++;
+ sli++;
qtype = initial;
continue;
}
else if (tTd(8, 7))
sm_dprintf("\tYES\n");
/* avoid problems after truncation in tcp packets */
if (ret > sizeof(answer))
ret = sizeof(answer);
SM_ASSERT(ret >= 0);
/*
** Appear to have a match. Confirm it by searching for A or
** CNAME records. If we don't have a local domain
** wild card MX record, we will accept MX as well.
*/
- hp = (HEADER *) &answer;
ap = (unsigned char *) &answer + HFIXEDSZ;
eom = (unsigned char *) &answer + ret;
+ if (0 == hp->ad)
+ ad = false;
+
/* skip question part of response -- we know what we asked */
for (qdcount = ntohs((unsigned short) hp->qdcount);
qdcount--;
ap += ret + QFIXEDSZ)
{
if ((ret = dn_skipname(ap, eom)) < 0)
{
if (tTd(8, 20))
sm_dprintf("qdcount failure (%d)\n",
ntohs((unsigned short) hp->qdcount));
*statp = EX_SOFTWARE;
- return false; /* ???XXX??? */
+ goto error;
}
}
amatch = false;
for (ancount = ntohs((unsigned short) hp->ancount);
--ancount >= 0 && ap < eom;
ap += n)
{
n = dn_expand((unsigned char *) &answer, eom, ap,
(RES_UNC_T) nbuf, sizeof(nbuf));
if (n < 0)
break;
ap += n;
GETSHORT(type, ap);
ap += INT16SZ; /* skip over class */
GETLONG(ttl, ap);
GETSHORT(n, ap); /* rdlength */
switch (type)
{
case T_MX:
gotmx = true;
- if (**dp != '\0' && HasWildcardMX)
+ if (*dp != '\0' && HasWildcardMX)
{
/*
** If we are using MX matches and have
** not yet gotten one, save this one
** but keep searching for an A or
** CNAME match.
*/
if (trymx && mxmatch == NULL)
- mxmatch = *dp;
+ mxmatch = dp;
continue;
}
/*
** If we did not append a domain name, this
** must have been a canonical name to start
** with. Even if we did append a domain name,
** in the absence of a wildcard MX this must
** still be a real MX match.
** Such MX matches are as good as an A match,
** fall through.
*/
/* FALLTHROUGH */
# if NETINET6
case T_AAAA:
-# endif /* NETINET6 */
+# endif
case T_A:
/* Flag that a good match was found */
amatch = true;
/* continue in case a CNAME also exists */
continue;
case T_CNAME:
if (DontExpandCnames)
{
/* got CNAME -- guaranteed canonical */
amatch = true;
break;
}
if (loopcnt++ > MAXCNAMEDEPTH)
{
/*XXX should notify postmaster XXX*/
message("DNS failure: CNAME loop for %s",
host);
if (CurEnv->e_message == NULL)
{
char ebuf[MAXLINE];
(void) sm_snprintf(ebuf,
sizeof(ebuf),
"Deferred: DNS failure: CNAME loop for %.100s",
host);
CurEnv->e_message =
sm_rpool_strdup_x(
CurEnv->e_rpool, ebuf);
}
SM_SET_H_ERRNO(NO_RECOVERY);
*statp = EX_CONFIG;
- return false;
+ goto error;
}
/* value points at name */
if ((ret = dn_expand((unsigned char *)&answer,
eom, ap, (RES_UNC_T) nbuf,
sizeof(nbuf))) < 0)
break;
(void) sm_strlcpy(host, nbuf, hbsize);
/*
** RFC 1034 section 3.6 specifies that CNAME
** should point at the canonical name -- but
** urges software to try again anyway.
*/
goto cnameloop;
default:
/* not a record of interest */
continue;
}
}
if (amatch)
{
/*
** Got a good match -- either an A, CNAME, or an
** exact MX record. Save it and get out of here.
*/
- mxmatch = *dp;
+ mxmatch = dp;
break;
}
/*
** Nothing definitive yet.
** If this was a T_A query and we haven't yet found a MX
** match, try T_MX if allowed to do so.
** Otherwise, try the next domain.
*/
# if NETINET6
if (qtype == T_AAAA)
qtype = T_A;
else
-# endif /* NETINET6 */
- if (qtype == T_A && !gotmx && (trymx || **dp == '\0'))
+# endif
+ if (qtype == T_A && !gotmx && (trymx || *dp == '\0'))
qtype = T_MX;
else
{
qtype = initial;
- dp++;
+ sli++;
}
}
/* if nothing was found, we are done */
if (mxmatch == NULL)
{
if (*statp == EX_OK)
*statp = EX_NOHOST;
- return false;
+ goto error;
}
/*
** Create canonical name and return.
** If saved domain name is null, name was already canonical.
** Otherwise append the saved domain name.
*/
(void) sm_snprintf(nbuf, sizeof(nbuf), "%.*s%s%.*s", MAXDNAME, host,
*mxmatch == '\0' ? "" : ".",
MAXDNAME, mxmatch);
(void) sm_strlcpy(host, nbuf, hbsize);
if (tTd(8, 5))
sm_dprintf("dns_getcanonname: %s\n", host);
*statp = EX_OK;
/* return only one TTL entry, that should be sufficient */
if (ttl > 0 && pttl != NULL)
*pttl = ttl;
- return true;
+# if DANE
+ _res.options = old_options;
+# endif
+ return ad ? HOST_SECURE : HOST_OK;
+
+ error:
+# if DANE
+ _res.options = old_options;
+# endif
+ return HOST_NOTFOUND;
}
+
#endif /* NAMED_BIND */
diff --git a/src/envelope.c b/src/envelope.c
index bae6b0010db7..08d48b171e6a 100644
--- a/src/envelope.c
+++ b/src/envelope.c
@@ -1,1307 +1,1320 @@
/*
* Copyright (c) 1998-2003, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: envelope.c,v 8.313 2013-11-22 20:51:55 ca Exp $")
/*
** CLRSESSENVELOPE -- clear session oriented data in an envelope
**
** Parameters:
** e -- the envelope to clear.
**
** Returns:
** none.
*/
void
clrsessenvelope(e)
ENVELOPE *e;
{
#if SASL
macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), "");
macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), "");
macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), "");
macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), "");
#endif /* SASL */
#if STARTTLS
macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), "");
macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), "");
macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), "");
macdefine(&e->e_macro, A_PERM, macid("{cipher}"), "");
macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), "");
macdefine(&e->e_macro, A_PERM, macid("{verify}"), "");
macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), "");
macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), "");
macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), "");
#endif /* STARTTLS */
}
/*
** NEWENVELOPE -- fill in a new envelope
**
** Supports inheritance.
**
** Parameters:
** e -- the new envelope to fill in.
** parent -- the envelope to be the parent of e.
** rpool -- either NULL, or a pointer to a resource pool
** from which envelope memory is allocated, and
** to which envelope resources are attached.
**
** Returns:
** e.
**
** Side Effects:
** none.
*/
ENVELOPE *
newenvelope(e, parent, rpool)
register ENVELOPE *e;
register ENVELOPE *parent;
SM_RPOOL_T *rpool;
{
int sendmode;
/*
** This code used to read:
** if (e == parent && e->e_parent != NULL)
** parent = e->e_parent;
** So if e == parent && e->e_parent == NULL then we would
** set e->e_parent = e, which creates a loop in the e_parent chain.
** This meant macvalue() could go into an infinite loop.
*/
if (parent != NULL)
sendmode = parent->e_sendmode;
else
sendmode = DM_NOTSET;
if (e == parent)
parent = e->e_parent;
clearenvelope(e, true, rpool);
if (e == CurEnv)
memmove((char *) &e->e_from,
(char *) &NullAddress,
sizeof(e->e_from));
else
memmove((char *) &e->e_from,
(char *) &CurEnv->e_from,
sizeof(e->e_from));
e->e_parent = parent;
assign_queueid(e);
e->e_ctime = curtime();
#if _FFR_SESSID
e->e_sessid = e->e_id;
-#endif /* _FFR_SESSID */
+#endif
if (parent != NULL)
{
e->e_msgpriority = parent->e_msgsize;
#if _FFR_SESSID
if (parent->e_sessid != NULL)
e->e_sessid = sm_rpool_strdup_x(rpool,
parent->e_sessid);
-#endif /* _FFR_SESSID */
+#endif
if (parent->e_quarmsg == NULL)
{
e->e_quarmsg = NULL;
macdefine(&e->e_macro, A_PERM,
macid("{quarantine}"), "");
}
else
{
e->e_quarmsg = sm_rpool_strdup_x(rpool,
parent->e_quarmsg);
macdefine(&e->e_macro, A_PERM,
macid("{quarantine}"), e->e_quarmsg);
}
}
e->e_puthdr = putheader;
e->e_putbody = putbody;
if (CurEnv->e_xfp != NULL)
(void) sm_io_flush(CurEnv->e_xfp, SM_TIME_DEFAULT);
if (sendmode != DM_NOTSET)
set_delivery_mode(sendmode, e);
return e;
}
/* values for msg_timeout, see also IS_* below for usage (bit layout) */
#define MSG_T_O 0x01 /* normal timeout */
#define MSG_T_O_NOW 0x02 /* NOW timeout */
#define MSG_NOT_BY 0x04 /* Deliver-By time exceeded, mode R */
#define MSG_WARN 0x10 /* normal queue warning */
#define MSG_WARN_BY 0x20 /* Deliver-By time exceeded, mode N */
#define IS_MSG_ERR(x) (((x) & 0x0f) != 0) /* return an error */
/* immediate return */
#define IS_IMM_RET(x) (((x) & (MSG_T_O_NOW|MSG_NOT_BY)) != 0)
#define IS_MSG_WARN(x) (((x) & 0xf0) != 0) /* return a warning */
/*
** DROPENVELOPE -- deallocate an envelope.
**
** Parameters:
** e -- the envelope to deallocate.
** fulldrop -- if set, do return receipts.
** split -- if true, split by recipient if message is queued up
**
** Returns:
** EX_* status (currently: 0: success, EX_IOERR on panic)
**
** Side Effects:
** housekeeping necessary to dispose of an envelope.
** Unlocks this queue file.
*/
int
dropenvelope(e, fulldrop, split)
register ENVELOPE *e;
bool fulldrop;
bool split;
{
bool panic = false;
bool queueit = false;
int msg_timeout = 0;
bool failure_return = false;
bool delay_return = false;
bool success_return = false;
bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags);
bool done = false;
register ADDRESS *q;
char *id = e->e_id;
time_t now;
char buf[MAXLINE];
if (tTd(50, 1))
{
- sm_dprintf("dropenvelope %p: id=", e);
+ sm_dprintf("dropenvelope %p: id=", (void *)e);
xputs(sm_debug_file(), e->e_id);
sm_dprintf(", flags=");
printenvflags(e);
if (tTd(50, 10))
{
sm_dprintf("sendq=");
printaddr(sm_debug_file(), e->e_sendqueue, true);
}
}
if (LogLevel > 84)
sm_syslog(LOG_DEBUG, id,
"dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d",
e->e_flags, OpMode, (int) CurrentPid);
/* we must have an id to remove disk files */
if (id == NULL)
return EX_OK;
/* if verify-only mode, we can skip most of this */
if (OpMode == MD_VERIFY)
goto simpledrop;
if (tTd(92, 2))
sm_dprintf("dropenvelope: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
logsender(e, NULL);
e->e_flags &= ~EF_LOGSENDER;
/* post statistics */
poststats(StatFile);
/*
** Extract state information from dregs of send list.
*/
now = curtime();
if (now >= e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
msg_timeout = MSG_T_O;
if (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
now >= e->e_ctime + e->e_deliver_by &&
!bitset(EF_RESPONSE, e->e_flags))
{
msg_timeout = MSG_NOT_BY;
e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
}
else if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW &&
!bitset(EF_RESPONSE, e->e_flags))
{
msg_timeout = MSG_T_O_NOW;
e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
}
#if _FFR_PROXY
if (tTd(87, 2))
{
q = e->e_sendqueue;
sm_dprintf("dropenvelope: mode=%c, e=%p, sibling=%p, nrcpts=%d, sendqueue=%p, next=%p, state=%d\n",
e->e_sendmode, e, e->e_sibling, e->e_nrcpts, q,
(q == NULL) ? (void *)0 : q->q_next,
(q == NULL) ? -1 : q->q_state);
}
#endif /* _FFR_PROXY */
e->e_flags &= ~EF_QUEUERUN;
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_UNDELIVERED(q->q_state))
queueit = true;
#if _FFR_PROXY
if (queueit && e->e_sendmode == SM_PROXY)
queueit = false;
-#endif /* _FFR_PROXY */
+#endif
/* see if a notification is needed */
if (bitset(QPINGONFAILURE, q->q_flags) &&
((IS_MSG_ERR(msg_timeout) &&
QS_IS_UNDELIVERED(q->q_state)) ||
QS_IS_BADADDR(q->q_state) ||
IS_IMM_RET(msg_timeout)))
{
failure_return = true;
if (!done && q->q_owner == NULL &&
!emptyaddr(&e->e_from))
{
(void) sendtolist(e->e_from.q_paddr, NULLADDR,
&e->e_errorqueue, 0, e);
done = true;
}
}
else if ((bitset(QPINGONSUCCESS, q->q_flags) &&
((QS_IS_SENT(q->q_state) &&
bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) ||
bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) ||
bitset(QBYTRACE, q->q_flags) ||
bitset(QBYNRELAY, q->q_flags))
{
success_return = true;
}
}
if (e->e_class < 0)
e->e_flags |= EF_NO_BODY_RETN;
/*
** See if the message timed out.
*/
if (!queueit)
/* EMPTY */
/* nothing to do */ ;
else if (IS_MSG_ERR(msg_timeout))
{
if (failure_return)
{
if (msg_timeout == MSG_NOT_BY)
{
(void) sm_snprintf(buf, sizeof(buf),
"delivery time expired %lds",
e->e_deliver_by);
}
else
{
(void) sm_snprintf(buf, sizeof(buf),
"Cannot send message for %s",
pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
false));
}
/* don't free, allocated from e_rpool */
e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
- message(buf);
+ message("%s", buf);
e->e_flags |= EF_CLRQUEUE;
}
if (msg_timeout == MSG_NOT_BY)
{
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"Delivery time (%lds) expired\n",
e->e_deliver_by);
}
else
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"Message could not be delivered for %s\n",
pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
false));
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"Message will be deleted from queue\n");
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_UNDELIVERED(q->q_state))
{
q->q_state = QS_BADADDR;
if (msg_timeout == MSG_NOT_BY)
q->q_status = "5.4.7";
else
q->q_status = "4.4.7";
}
}
}
else
{
if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 &&
now >= e->e_ctime +
TimeOuts.to_q_warning[e->e_timeoutclass])
msg_timeout = MSG_WARN;
else if (IS_DLVR_NOTIFY(e) &&
e->e_deliver_by > 0 &&
now >= e->e_ctime + e->e_deliver_by)
msg_timeout = MSG_WARN_BY;
if (IS_MSG_WARN(msg_timeout))
{
if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) &&
e->e_class >= 0 &&
e->e_from.q_paddr != NULL &&
strcmp(e->e_from.q_paddr, "<>") != 0 &&
sm_strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 &&
(strlen(e->e_from.q_paddr) <= 8 ||
sm_strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8],
"-request") != 0))
{
for (q = e->e_sendqueue; q != NULL;
q = q->q_next)
{
if (QS_IS_UNDELIVERED(q->q_state)
#if _FFR_NODELAYDSN_ON_HOLD
&& !bitnset(M_HOLD,
q->q_mailer->m_flags)
-#endif /* _FFR_NODELAYDSN_ON_HOLD */
+#endif
)
{
if (msg_timeout ==
MSG_WARN_BY &&
(bitset(QPINGONDELAY,
q->q_flags) ||
!bitset(QHASNOTIFY,
q->q_flags))
)
{
q->q_flags |= QBYNDELAY;
delay_return = true;
}
if (bitset(QPINGONDELAY,
q->q_flags))
{
q->q_flags |= QDELAYED;
delay_return = true;
}
}
}
}
if (delay_return)
{
if (msg_timeout == MSG_WARN_BY)
{
(void) sm_snprintf(buf, sizeof(buf),
"Warning: Delivery time (%lds) exceeded",
e->e_deliver_by);
}
else
(void) sm_snprintf(buf, sizeof(buf),
"Warning: could not send message for past %s",
pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
false));
/* don't free, allocated from e_rpool */
e->e_message = sm_rpool_strdup_x(e->e_rpool,
buf);
- message(buf);
+ message("%s", buf);
e->e_flags |= EF_WARNING;
}
if (msg_timeout == MSG_WARN_BY)
{
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"Warning: Delivery time (%lds) exceeded\n",
e->e_deliver_by);
}
else
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"Warning: message still undelivered after %s\n",
pintvl(TimeOuts.to_q_warning[e->e_timeoutclass],
false));
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"Will keep trying until message is %s old\n",
pintvl(TimeOuts.to_q_return[e->e_timeoutclass],
false));
}
}
if (tTd(50, 2))
sm_dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n",
failure_return, delay_return, success_return, queueit);
/*
- ** If we had some fatal error, but no addresses are marked as
- ** bad, mark them _all_ as bad.
+ ** If we had some fatal error, but no addresses are marked as bad,
+ ** mark all OK/VERIFIED addresses as bad (if QPINGONFAILURE).
*/
if (bitset(EF_FATALERRS, e->e_flags) && !failure_return)
{
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if ((QS_IS_OK(q->q_state) ||
- QS_IS_VERIFIED(q->q_state)) &&
- bitset(QPINGONFAILURE, q->q_flags))
+ QS_IS_VERIFIED(q->q_state))
+ && bitset(QPINGONFAILURE, q->q_flags)
+
+ /*
+ ** do not mark an address as bad if
+ ** - the address itself is stored in the queue
+ ** - the DeliveryMode requires queueing
+ ** - the envelope is queued
+ */
+
+ && !(bitset(QQUEUED, q->q_flags)
+ && WILL_BE_QUEUED(e->e_sendmode)
+ && bitset(EF_INQUEUE, e->e_flags)
+ )
+ )
{
failure_return = true;
q->q_state = QS_BADADDR;
}
}
}
/*
** Send back return receipts as requested.
*/
if (success_return && !failure_return && !delay_return && fulldrop &&
!bitset(PRIV_NORECEIPTS, PrivacyFlags) &&
strcmp(e->e_from.q_paddr, "<>") != 0)
{
auto ADDRESS *rlist = NULL;
if (tTd(50, 8))
sm_dprintf("dropenvelope(%s): sending return receipt\n",
id);
e->e_flags |= EF_SENDRECEIPT;
(void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e);
(void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e);
}
e->e_flags &= ~EF_SENDRECEIPT;
/*
** Arrange to send error messages if there are fatal errors.
*/
if ((failure_return || delay_return) && e->e_errormode != EM_QUIET)
{
if (tTd(50, 8))
sm_dprintf("dropenvelope(%s): saving mail\n", id);
panic = savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags));
}
/*
** Arrange to send warning messages to postmaster as requested.
*/
if ((failure_return || pmnotify) &&
PostMasterCopy != NULL &&
!bitset(EF_RESPONSE, e->e_flags) &&
e->e_class >= 0)
{
auto ADDRESS *rlist = NULL;
char pcopy[MAXNAME];
if (failure_return)
{
expand(PostMasterCopy, pcopy, sizeof(pcopy), e);
if (tTd(50, 8))
sm_dprintf("dropenvelope(%s): sending postmaster copy to %s\n",
id, pcopy);
(void) sendtolist(pcopy, NULLADDR, &rlist, 0, e);
}
if (pmnotify)
(void) sendtolist("postmaster", NULLADDR,
&rlist, 0, e);
(void) returntosender(e->e_message, rlist,
RTSF_PM_BOUNCE|RTSF_NO_BODY, e);
}
/*
** Instantiate or deinstantiate the queue.
*/
simpledrop:
if (tTd(50, 8))
sm_dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n",
id, queueit);
if (!queueit || bitset(EF_CLRQUEUE, e->e_flags))
{
if (tTd(50, 1))
{
sm_dprintf("\n===== Dropping queue files for %s... queueit=%d, e_flags=",
e->e_id, queueit);
printenvflags(e);
}
if (!panic)
{
if (e->e_dfp != NULL)
{
(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
e->e_dfp = NULL;
}
(void) xunlink(queuename(e, DATAFL_LETTER));
}
if (panic && QueueMode == QM_LOST)
{
/*
** leave the Qf file behind as
** the delivery attempt failed.
*/
/* EMPTY */
}
else
if (xunlink(queuename(e, ANYQFL_LETTER)) == 0)
{
/* add to available space in filesystem */
updfs(e, -1, panic ? 0 : -1, "dropenvelope");
}
if (e->e_ntries > 0 && LogLevel > 9)
sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d",
pintvl(curtime() - e->e_ctime, true),
e->e_ntries);
}
else if (queueit || !bitset(EF_INQUEUE, e->e_flags))
{
if (!split)
queueup(e, false, true);
else
{
ENVELOPE *oldsib;
ENVELOPE *ee;
/*
** Save old sibling and set it to NULL to avoid
** queueing up the same envelopes again.
** This requires that envelopes in that list have
** been take care of before (or at some other place).
*/
oldsib = e->e_sibling;
e->e_sibling = NULL;
if (!split_by_recipient(e) &&
bitset(EF_FATALERRS, e->e_flags))
{
syserr("!dropenvelope(%s): cannot commit data file %s, uid=%ld",
e->e_id, queuename(e, DATAFL_LETTER),
(long) geteuid());
}
for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
queueup(ee, false, true);
queueup(e, false, true);
/* clean up */
for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
{
/* now unlock the job */
if (tTd(50, 8))
sm_dprintf("dropenvelope(%s): unlocking job\n",
ee->e_id);
closexscript(ee);
unlockqueue(ee);
/* this envelope is marked unused */
if (ee->e_dfp != NULL)
{
(void) sm_io_close(ee->e_dfp,
SM_TIME_DEFAULT);
ee->e_dfp = NULL;
}
ee->e_id = NULL;
ee->e_flags &= ~EF_HAS_DF;
}
e->e_sibling = oldsib;
}
}
/* now unlock the job */
if (tTd(50, 8))
sm_dprintf("dropenvelope(%s): unlocking job\n", id);
closexscript(e);
unlockqueue(e);
/* make sure that this envelope is marked unused */
if (e->e_dfp != NULL)
{
(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
e->e_dfp = NULL;
}
e->e_id = NULL;
e->e_flags &= ~EF_HAS_DF;
if (panic)
return EX_IOERR;
return EX_OK;
}
/*
** CLEARENVELOPE -- clear an envelope without unlocking
**
** This is normally used by a child process to get a clean
** envelope without disturbing the parent.
**
** Parameters:
** e -- the envelope to clear.
** fullclear - if set, the current envelope is total
** garbage and should be ignored; otherwise,
** release any resources it may indicate.
** rpool -- either NULL, or a pointer to a resource pool
** from which envelope memory is allocated, and
** to which envelope resources are attached.
**
** Returns:
** none.
**
** Side Effects:
** Closes files associated with the envelope.
** Marks the envelope as unallocated.
*/
void
clearenvelope(e, fullclear, rpool)
register ENVELOPE *e;
bool fullclear;
SM_RPOOL_T *rpool;
{
register HDR *bh;
register HDR **nhp;
extern ENVELOPE BlankEnvelope;
char **p;
if (!fullclear)
{
/* clear out any file information */
if (e->e_xfp != NULL)
(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
if (e->e_dfp != NULL)
(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
e->e_xfp = e->e_dfp = NULL;
}
/*
** Copy BlankEnvelope into *e.
** It is not safe to simply copy pointers to strings;
** the strings themselves must be copied (or set to NULL).
** The problem is that when we assign a new string value to
** a member of BlankEnvelope, we free the old string.
** We did not need to do this copying in sendmail 8.11 :-(
** and it is a potential performance hit. Reference counted
** strings are one way out.
*/
*e = BlankEnvelope;
e->e_message = NULL;
e->e_qfletter = '\0';
e->e_quarmsg = NULL;
macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
/*
** Copy the macro table.
** We might be able to avoid this by zeroing the macro table
** and always searching BlankEnvelope.e_macro after e->e_macro
** in macvalue().
*/
for (p = &e->e_macro.mac_table[0];
p <= &e->e_macro.mac_table[MAXMACROID];
++p)
{
if (*p != NULL)
*p = sm_rpool_strdup_x(rpool, *p);
}
/*
** XXX There are many strings in the envelope structure
** XXX that we are not attempting to copy here.
** XXX Investigate this further.
*/
e->e_rpool = rpool;
e->e_macro.mac_rpool = rpool;
if (Verbose)
set_delivery_mode(SM_DELIVER, e);
bh = BlankEnvelope.e_header;
nhp = &e->e_header;
while (bh != NULL)
{
*nhp = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*bh));
memmove((char *) *nhp, (char *) bh, sizeof(*bh));
bh = bh->h_link;
nhp = &(*nhp)->h_link;
}
#if _FFR_MILTER_ENHSC
e->e_enhsc[0] = '\0';
-#endif /* _FFR_MILTER_ENHSC */
+#endif
}
/*
** INITSYS -- initialize instantiation of system
**
** In Daemon mode, this is done in the child.
**
** Parameters:
** e -- the envelope to use.
**
** Returns:
** none.
**
** Side Effects:
** Initializes the system macros, some global variables,
** etc. In particular, the current time in various
** forms is set.
*/
void
initsys(e)
register ENVELOPE *e;
{
char buf[10];
#ifdef TTYNAME
static char ybuf[60]; /* holds tty id */
register char *p;
extern char *ttyname();
#endif /* TTYNAME */
/*
** Give this envelope a reality.
** I.e., an id, a transcript, and a creation time.
** We don't select the queue until all of the recipients are known.
*/
openxscript(e);
e->e_ctime = curtime();
e->e_qfletter = '\0';
/*
** Set OutChannel to something useful if stdout isn't it.
** This arranges that any extra stuff the mailer produces
** gets sent back to the user on error (because it is
** tucked away in the transcript).
*/
if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) &&
e->e_xfp != NULL)
OutChannel = e->e_xfp;
/*
** Set up some basic system macros.
*/
/* process id */
(void) sm_snprintf(buf, sizeof(buf), "%d", (int) CurrentPid);
macdefine(&e->e_macro, A_TEMP, 'p', buf);
/* hop count */
(void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount);
macdefine(&e->e_macro, A_TEMP, 'c', buf);
/* time as integer, unix time, arpa time */
settime(e);
/* Load average */
sm_getla();
#ifdef TTYNAME
/* tty name */
if (macvalue('y', e) == NULL)
{
p = ttyname(2);
if (p != NULL)
{
if (strrchr(p, '/') != NULL)
p = strrchr(p, '/') + 1;
(void) sm_strlcpy(ybuf, sizeof(ybuf), p);
macdefine(&e->e_macro, A_PERM, 'y', ybuf);
}
}
#endif /* TTYNAME */
}
/*
** SETTIME -- set the current time.
**
** Parameters:
** e -- the envelope in which the macros should be set.
**
** Returns:
** none.
**
** Side Effects:
** Sets the various time macros -- $a, $b, $d, $t.
*/
void
settime(e)
register ENVELOPE *e;
{
register char *p;
auto time_t now;
char buf[30];
register struct tm *tm;
now = curtime();
(void) sm_snprintf(buf, sizeof(buf), "%ld", (long) now);
macdefine(&e->e_macro, A_TEMP, macid("{time}"), buf);
tm = gmtime(&now);
(void) sm_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d",
tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
tm->tm_hour, tm->tm_min);
macdefine(&e->e_macro, A_TEMP, 't', buf);
(void) sm_strlcpy(buf, ctime(&now), sizeof(buf));
p = strchr(buf, '\n');
if (p != NULL)
*p = '\0';
macdefine(&e->e_macro, A_TEMP, 'd', buf);
macdefine(&e->e_macro, A_TEMP, 'b', arpadate(buf));
if (macvalue('a', e) == NULL)
macdefine(&e->e_macro, A_PERM, 'a', macvalue('b', e));
}
/*
** OPENXSCRIPT -- Open transcript file
**
** Creates a transcript file for possible eventual mailing or
** sending back.
**
** Parameters:
** e -- the envelope to create the transcript in/for.
**
** Returns:
** none
**
** Side Effects:
** Creates the transcript file.
*/
#ifndef O_APPEND
# define O_APPEND 0
-#endif /* ! O_APPEND */
+#endif
void
openxscript(e)
register ENVELOPE *e;
{
register char *p;
if (e->e_xfp != NULL)
return;
#if 0
if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags))
syserr("openxscript: job not locked");
-#endif /* 0 */
+#endif
p = queuename(e, XSCRPT_LETTER);
e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize,
SFF_NOTEXCL|SFF_OPENASROOT);
if (e->e_xfp == NULL)
{
syserr("Can't create transcript file %s", p);
e->e_xfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
SM_PATH_DEVNULL, SM_IO_RDWR, NULL);
if (e->e_xfp == NULL)
syserr("!Can't open %s", SM_PATH_DEVNULL);
}
(void) sm_io_setvbuf(e->e_xfp, SM_TIME_DEFAULT, NULL, SM_IO_LBF, 0);
if (tTd(46, 9))
{
sm_dprintf("openxscript(%s):\n ", p);
dumpfd(sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL), true,
false);
}
}
/*
** CLOSEXSCRIPT -- close the transcript file.
**
** Parameters:
** e -- the envelope containing the transcript to close.
**
** Returns:
** none.
**
** Side Effects:
** none.
*/
void
closexscript(e)
register ENVELOPE *e;
{
if (e->e_xfp == NULL)
return;
#if 0
if (e->e_lockfp == NULL)
syserr("closexscript: job not locked");
-#endif /* 0 */
+#endif
(void) sm_io_close(e->e_xfp, SM_TIME_DEFAULT);
e->e_xfp = NULL;
}
/*
** SETSENDER -- set the person who this message is from
**
** Under certain circumstances allow the user to say who
** s/he is (using -f or -r). These are:
** 1. The user's uid is zero (root).
** 2. The user's login name is in an approved list (typically
** from a network server).
** 3. The address the user is trying to claim has a
** "!" character in it (since #2 doesn't do it for
** us if we are dialing out for UUCP).
** A better check to replace #3 would be if the
** effective uid is "UUCP" -- this would require me
** to rewrite getpwent to "grab" uucp as it went by,
** make getname more nasty, do another passwd file
** scan, or compile the UID of "UUCP" into the code,
** all of which are reprehensible.
**
** Assuming all of these fail, we figure out something
** ourselves.
**
** Parameters:
** from -- the person we would like to believe this message
** is from, as specified on the command line.
** e -- the envelope in which we would like the sender set.
** delimptr -- if non-NULL, set to the location of the
** trailing delimiter.
** delimchar -- the character that will delimit the sender
** address.
** internal -- set if this address is coming from an internal
** source such as an owner alias.
**
** Returns:
** none.
**
** Side Effects:
** sets sendmail's notion of who the from person is.
*/
void
setsender(from, e, delimptr, delimchar, internal)
char *from;
register ENVELOPE *e;
char **delimptr;
int delimchar;
bool internal;
{
register char **pvp;
char *realname = NULL;
char *bp;
char buf[MAXNAME + 2];
char pvpbuf[PSBUFSIZE];
extern char *FullName;
if (tTd(45, 1))
sm_dprintf("setsender(%s)\n", from == NULL ? "" : from);
/* may be set from earlier calls */
macdefine(&e->e_macro, A_PERM, 'x', "");
/*
** Figure out the real user executing us.
** Username can return errno != 0 on non-errors.
*/
if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP ||
OpMode == MD_ARPAFTP || OpMode == MD_DAEMON)
realname = from;
if (realname == NULL || realname[0] == '\0')
realname = username();
if (ConfigLevel < 2)
SuprErrs = true;
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
/* preset state for then clause in case from == NULL */
e->e_from.q_state = QS_BADADDR;
e->e_from.q_flags = 0;
if (from == NULL ||
parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR,
delimchar, delimptr, e, false) == NULL ||
QS_IS_BADADDR(e->e_from.q_state) ||
e->e_from.q_mailer == ProgMailer ||
e->e_from.q_mailer == FileMailer ||
e->e_from.q_mailer == InclMailer)
{
/* log garbage addresses for traceback */
if (from != NULL && LogLevel > 2)
{
char *p;
char ebuf[MAXNAME * 2 + 2];
p = macvalue('_', e);
if (p == NULL)
{
char *host = RealHostName;
if (host == NULL)
host = MyHostName;
(void) sm_snprintf(ebuf, sizeof(ebuf),
"%.*s@%.*s", MAXNAME,
realname, MAXNAME, host);
p = ebuf;
}
sm_syslog(LOG_NOTICE, e->e_id,
"setsender: %s: invalid or unparsable, received from %s",
shortenstring(from, 83), p);
}
if (from != NULL)
{
if (!QS_IS_BADADDR(e->e_from.q_state))
{
/* it was a bogus mailer in the from addr */
e->e_status = "5.1.7";
usrerrenh(e->e_status,
"553 Invalid sender address");
}
SuprErrs = true;
}
if (from == realname ||
parseaddr(from = realname,
&e->e_from, RF_COPYALL|RF_SENDERADDR, ' ',
NULL, e, false) == NULL)
{
char nbuf[100];
SuprErrs = true;
expand("\201n", nbuf, sizeof(nbuf), e);
from = sm_rpool_strdup_x(e->e_rpool, nbuf);
if (parseaddr(from, &e->e_from, RF_COPYALL, ' ',
NULL, e, false) == NULL &&
parseaddr(from = "postmaster", &e->e_from,
RF_COPYALL, ' ', NULL, e, false) == NULL)
syserr("553 5.3.0 setsender: can't even parse postmaster!");
}
}
else
FromFlag = true;
e->e_from.q_state = QS_SENDER;
if (tTd(45, 5))
{
sm_dprintf("setsender: QS_SENDER ");
printaddr(sm_debug_file(), &e->e_from, false);
}
SuprErrs = false;
#if USERDB
if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags))
{
register char *p;
p = udbsender(e->e_from.q_user, e->e_rpool);
if (p != NULL)
from = p;
}
#endif /* USERDB */
if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
{
SM_MBDB_T user;
if (!internal)
{
/* if the user already given fullname don't redefine */
if (FullName == NULL)
FullName = macvalue('x', e);
if (FullName != NULL)
{
if (FullName[0] == '\0')
FullName = NULL;
else
FullName = newstr(FullName);
}
}
if (e->e_from.q_user[0] != '\0' &&
sm_mbdb_lookup(e->e_from.q_user, &user) == EX_OK)
{
/*
** Process passwd file entry.
*/
/* extract home directory */
if (*user.mbdb_homedir == '\0')
e->e_from.q_home = NULL;
else if (strcmp(user.mbdb_homedir, "/") == 0)
e->e_from.q_home = "";
else
e->e_from.q_home = sm_rpool_strdup_x(e->e_rpool,
user.mbdb_homedir);
macdefine(&e->e_macro, A_PERM, 'z', e->e_from.q_home);
/* extract user and group id */
if (user.mbdb_uid != SM_NO_UID)
{
e->e_from.q_uid = user.mbdb_uid;
e->e_from.q_gid = user.mbdb_gid;
e->e_from.q_flags |= QGOODUID;
}
/* extract full name from passwd file */
if (FullName == NULL && !internal &&
user.mbdb_fullname[0] != '\0' &&
strcmp(user.mbdb_name, e->e_from.q_user) == 0)
{
FullName = newstr(user.mbdb_fullname);
}
}
else
{
e->e_from.q_home = NULL;
}
if (FullName != NULL && !internal)
macdefine(&e->e_macro, A_TEMP, 'x', FullName);
}
else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP)
{
if (e->e_from.q_home == NULL)
{
e->e_from.q_home = getenv("HOME");
if (e->e_from.q_home != NULL)
{
if (*e->e_from.q_home == '\0')
e->e_from.q_home = NULL;
else if (strcmp(e->e_from.q_home, "/") == 0)
e->e_from.q_home++;
}
}
e->e_from.q_uid = RealUid;
e->e_from.q_gid = RealGid;
e->e_from.q_flags |= QGOODUID;
}
/*
** Rewrite the from person to dispose of possible implicit
** links in the net.
*/
pvp = prescan(from, delimchar, pvpbuf, sizeof(pvpbuf), NULL,
IntTokenTab, false);
if (pvp == NULL)
{
/* don't need to give error -- prescan did that already */
if (LogLevel > 2)
sm_syslog(LOG_NOTICE, e->e_id,
"cannot prescan from (%s)",
shortenstring(from, MAXSHORTSTR));
finis(true, true, ExitStat);
}
(void) REWRITE(pvp, 3, e);
(void) REWRITE(pvp, 1, e);
(void) REWRITE(pvp, 4, e);
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
bp = buf + 1;
cataddr(pvp, NULL, bp, sizeof(buf) - 2, '\0', false);
if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags))
{
/* heuristic: route-addr: add angle brackets */
(void) sm_strlcat(bp, ">", sizeof(buf) - 1);
*--bp = '<';
}
e->e_sender = sm_rpool_strdup_x(e->e_rpool, bp);
macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
/* save the domain spec if this mailer wants it */
if (e->e_from.q_mailer != NULL &&
bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags))
{
char **lastat;
/* get rid of any pesky angle brackets */
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e s");
(void) REWRITE(pvp, 3, e);
(void) REWRITE(pvp, 1, e);
(void) REWRITE(pvp, 4, e);
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
/* strip off to the last "@" sign */
for (lastat = NULL; *pvp != NULL; pvp++)
{
if (strcmp(*pvp, "@") == 0)
lastat = pvp;
}
if (lastat != NULL)
{
e->e_fromdomain = copyplist(lastat, true, e->e_rpool);
if (tTd(45, 3))
{
sm_dprintf("Saving from domain: ");
printav(sm_debug_file(), e->e_fromdomain);
}
}
}
}
/*
** PRINTENVFLAGS -- print envelope flags for debugging
**
** Parameters:
** e -- the envelope with the flags to be printed.
**
** Returns:
** none.
*/
struct eflags
{
char *ef_name;
unsigned long ef_bit;
};
static struct eflags EnvelopeFlags[] =
{
{ "OLDSTYLE", EF_OLDSTYLE },
{ "INQUEUE", EF_INQUEUE },
{ "NO_BODY_RETN", EF_NO_BODY_RETN },
{ "CLRQUEUE", EF_CLRQUEUE },
{ "SENDRECEIPT", EF_SENDRECEIPT },
{ "FATALERRS", EF_FATALERRS },
{ "DELETE_BCC", EF_DELETE_BCC },
{ "RESPONSE", EF_RESPONSE },
{ "RESENT", EF_RESENT },
{ "VRFYONLY", EF_VRFYONLY },
{ "WARNING", EF_WARNING },
{ "QUEUERUN", EF_QUEUERUN },
{ "GLOBALERRS", EF_GLOBALERRS },
{ "PM_NOTIFY", EF_PM_NOTIFY },
{ "METOO", EF_METOO },
{ "LOGSENDER", EF_LOGSENDER },
{ "NORECEIPT", EF_NORECEIPT },
{ "HAS8BIT", EF_HAS8BIT },
- { "NL_NOT_EOL", EF_NL_NOT_EOL },
- { "CRLF_NOT_EOL", EF_CRLF_NOT_EOL },
{ "RET_PARAM", EF_RET_PARAM },
{ "HAS_DF", EF_HAS_DF },
{ "IS_MIME", EF_IS_MIME },
{ "DONT_MIME", EF_DONT_MIME },
{ "DISCARD", EF_DISCARD },
{ "TOOBIG", EF_TOOBIG },
{ "SPLIT", EF_SPLIT },
{ "UNSAFE", EF_UNSAFE },
+ { "TOODEEP", EF_TOODEEP },
+ { "SECURE", EF_SECURE },
{ NULL, 0 }
};
void
printenvflags(e)
register ENVELOPE *e;
{
register struct eflags *ef;
bool first = true;
sm_dprintf("%lx", e->e_flags);
for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++)
{
if (!bitset(ef->ef_bit, e->e_flags))
continue;
if (first)
sm_dprintf("<%s", ef->ef_name);
else
sm_dprintf(",%s", ef->ef_name);
first = false;
}
if (!first)
sm_dprintf(">\n");
}
diff --git a/src/err.c b/src/err.c
index 0594eb9ba16c..8bd02669c5e0 100644
--- a/src/err.c
+++ b/src/err.c
@@ -1,1262 +1,1266 @@
/*
- * Copyright (c) 1998-2003, 2010 Proofpoint, Inc. and its suppliers.
+ * Copyright (c) 1998-2003, 2010, 2015 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: err.c,v 8.206 2013-11-22 20:51:55 ca Exp $")
#if LDAPMAP
# include <lber.h>
# include <ldap.h> /* for LDAP error codes */
-#endif /* LDAPMAP */
+#endif
static void putoutmsg __P((char *, bool, bool));
static void puterrmsg __P((char *));
static char *fmtmsg __P((char *, const char *, const char *, const char *,
int, const char *, va_list));
/*
** FATAL_ERROR -- handle a fatal exception
**
** This function is installed as the default exception handler
** in the main sendmail process, and in all child processes
** that we create. Its job is to handle exceptions that are not
** handled at a lower level.
**
** The theory is that unhandled exceptions will be 'fatal' class
** exceptions (with an "F:" prefix), such as the out-of-memory
** exception "F:sm.heap". As such, they are handled by exiting
** the process in exactly the same way that xalloc() in Sendmail 8.10
** exits the process when it fails due to lack of memory:
** we call syserr with a message beginning with "!".
**
** Parameters:
** exc -- exception which is terminating this process
**
** Returns:
** none
*/
void
fatal_error(exc)
SM_EXC_T *exc;
{
static char buf[256];
SM_FILE_T f;
/*
** This function may be called when the heap is exhausted.
** The following code writes the message for 'exc' into our
** static buffer without allocating memory or raising exceptions.
*/
sm_strio_init(&f, buf, sizeof(buf));
sm_exc_write(exc, &f);
(void) sm_io_flush(&f, SM_TIME_DEFAULT);
/*
** Terminate the process after logging an error and cleaning up.
** Problems:
** - syserr decides what class of error this is by looking at errno.
** That's no good; we should look at the exc structure.
** - The cleanup code should be moved out of syserr
** and into individual exception handlers
** that are part of the module they clean up after.
*/
errno = ENOMEM;
syserr("!%s", buf);
}
/*
** SYSERR -- Print error message.
**
** Prints an error message via sm_io_printf to the diagnostic output.
**
** If the first character of the syserr message is `!' it will
** log this as an ALERT message and exit immediately. This can
** leave queue files in an indeterminate state, so it should not
** be used lightly.
**
** If the first character of the syserr message is '!' or '@'
** then syserr knows that the process is about to be terminated,
** so the SMTP reply code defaults to 421. Otherwise, the
** reply code defaults to 451 or 554, depending on errno.
**
** Parameters:
** fmt -- the format string. An optional '!', '@', or '+',
** followed by an optional three-digit SMTP
** reply code, followed by message text.
** (others) -- parameters
**
** Returns:
** none
** Raises E:mta.quickabort if QuickAbort is set.
**
** Side Effects:
** increments Errors.
** sets ExitStat.
*/
char MsgBuf[BUFSIZ*2]; /* text of most recent message */
static char HeldMessageBuf[sizeof(MsgBuf)]; /* for held messages */
#if NAMED_BIND && !defined(NO_DATA)
# define NO_DATA NO_ADDRESS
-#endif /* NAMED_BIND && !defined(NO_DATA) */
+#endif
void
/*VARARGS1*/
#ifdef __STDC__
syserr(const char *fmt, ...)
#else /* __STDC__ */
syserr(fmt, va_alist)
const char *fmt;
va_dcl
#endif /* __STDC__ */
{
register char *p;
int save_errno = errno;
bool panic, exiting, keep;
char *user;
char *enhsc;
char *errtxt;
struct passwd *pw;
char ubuf[80];
SM_VA_LOCAL_DECL
panic = exiting = keep = false;
switch (*fmt)
{
case '!':
++fmt;
panic = exiting = true;
break;
case '@':
++fmt;
exiting = true;
break;
case '+':
++fmt;
keep = true;
break;
default:
break;
}
/* format and output the error message */
if (exiting)
{
/*
** Since we are terminating the process,
** we are aborting the entire SMTP session,
** rather than just the current transaction.
*/
p = "421";
enhsc = "4.0.0";
}
else if (save_errno == 0)
{
p = "554";
enhsc = "5.0.0";
}
else
{
p = "451";
enhsc = "4.0.0";
}
SM_VA_START(ap, fmt);
errtxt = fmtmsg(MsgBuf, (char *) NULL, p, enhsc, save_errno, fmt, ap);
SM_VA_END(ap);
puterrmsg(MsgBuf);
/* save this message for mailq printing */
if (!panic && CurEnv != NULL && (!keep || CurEnv->e_message == NULL))
{
char *nmsg = sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
if (CurEnv->e_rpool == NULL && CurEnv->e_message != NULL)
sm_free(CurEnv->e_message);
CurEnv->e_message = nmsg;
}
/* determine exit status if not already set */
if (ExitStat == EX_OK)
{
if (save_errno == 0)
ExitStat = EX_SOFTWARE;
else
ExitStat = EX_OSERR;
if (tTd(54, 1))
sm_dprintf("syserr: ExitStat = %d\n", ExitStat);
}
pw = sm_getpwuid(RealUid);
if (pw != NULL)
user = pw->pw_name;
else
{
user = ubuf;
(void) sm_snprintf(ubuf, sizeof(ubuf), "UID%d", (int) RealUid);
}
if (LogLevel > 0)
sm_syslog(panic ? LOG_ALERT : LOG_CRIT,
CurEnv == NULL ? NOQID : CurEnv->e_id,
"SYSERR(%s): %.900s",
user, errtxt);
switch (save_errno)
{
case EBADF:
case ENFILE:
case EMFILE:
case ENOTTY:
#ifdef EFBIG
case EFBIG:
-#endif /* EFBIG */
+#endif
#ifdef ESPIPE
case ESPIPE:
-#endif /* ESPIPE */
+#endif
#ifdef EPIPE
case EPIPE:
-#endif /* EPIPE */
+#endif
#ifdef ENOBUFS
case ENOBUFS:
-#endif /* ENOBUFS */
+#endif
#ifdef ESTALE
case ESTALE:
-#endif /* ESTALE */
+#endif
printopenfds(true);
mci_dump_all(smioout, true);
break;
}
if (panic)
{
#if XLA
xla_all_end();
-#endif /* XLA */
+#endif
sync_queue_time();
if (tTd(0, 1))
abort();
exit(EX_OSERR);
}
errno = 0;
if (QuickAbort)
sm_exc_raisenew_x(&EtypeQuickAbort, 2);
}
+
/*
** USRERR -- Signal user error.
**
** This is much like syserr except it is for user errors.
**
** Parameters:
** fmt -- the format string. If it does not begin with
** a three-digit SMTP reply code, 550 is assumed.
** (others) -- sm_io_printf strings
**
** Returns:
** none
** Raises E:mta.quickabort if QuickAbort is set.
**
** Side Effects:
** increments Errors.
*/
/*VARARGS1*/
void
#ifdef __STDC__
usrerr(const char *fmt, ...)
#else /* __STDC__ */
usrerr(fmt, va_alist)
const char *fmt;
va_dcl
#endif /* __STDC__ */
{
char *enhsc;
char *errtxt;
SM_VA_LOCAL_DECL
if (fmt[0] == '5' || fmt[0] == '6')
enhsc = "5.0.0";
else if (fmt[0] == '4' || fmt[0] == '8')
enhsc = "4.0.0";
else if (fmt[0] == '2')
enhsc = "2.0.0";
else
enhsc = NULL;
SM_VA_START(ap, fmt);
errtxt = fmtmsg(MsgBuf, CurEnv->e_to, "550", enhsc, 0, fmt, ap);
SM_VA_END(ap);
if (SuprErrs)
return;
/* save this message for mailq printing */
switch (MsgBuf[0])
{
case '4':
case '8':
if (CurEnv->e_message != NULL)
break;
/* FALLTHROUGH */
case '5':
case '6':
if (CurEnv->e_rpool == NULL && CurEnv->e_message != NULL)
sm_free(CurEnv->e_message);
if (MsgBuf[0] == '6')
{
char buf[MAXLINE];
(void) sm_snprintf(buf, sizeof(buf),
"Postmaster warning: %.*s",
(int) sizeof(buf) - 22, errtxt);
CurEnv->e_message =
sm_rpool_strdup_x(CurEnv->e_rpool, buf);
}
else
{
CurEnv->e_message =
sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
}
break;
}
puterrmsg(MsgBuf);
if (LogLevel > 3 && LogUsrErrs)
sm_syslog(LOG_NOTICE, CurEnv->e_id, "%.900s", errtxt);
if (QuickAbort)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
}
+
/*
** USRERRENH -- Signal user error.
**
** Same as usrerr but with enhanced status code.
**
** Parameters:
** enhsc -- the enhanced status code.
** fmt -- the format string. If it does not begin with
** a three-digit SMTP reply code, 550 is assumed.
** (others) -- sm_io_printf strings
**
** Returns:
** none
** Raises E:mta.quickabort if QuickAbort is set.
**
** Side Effects:
** increments Errors.
*/
/*VARARGS2*/
void
#ifdef __STDC__
usrerrenh(char *enhsc, const char *fmt, ...)
#else /* __STDC__ */
usrerrenh(enhsc, fmt, va_alist)
char *enhsc;
const char *fmt;
va_dcl
#endif /* __STDC__ */
{
char *errtxt;
SM_VA_LOCAL_DECL
if (enhsc == NULL || *enhsc == '\0')
{
if (fmt[0] == '5' || fmt[0] == '6')
enhsc = "5.0.0";
else if (fmt[0] == '4' || fmt[0] == '8')
enhsc = "4.0.0";
else if (fmt[0] == '2')
enhsc = "2.0.0";
}
SM_VA_START(ap, fmt);
errtxt = fmtmsg(MsgBuf, CurEnv->e_to, "550", enhsc, 0, fmt, ap);
SM_VA_END(ap);
if (SuprErrs)
return;
/* save this message for mailq printing */
switch (MsgBuf[0])
{
case '4':
case '8':
if (CurEnv->e_message != NULL)
break;
/* FALLTHROUGH */
case '5':
case '6':
if (CurEnv->e_rpool == NULL && CurEnv->e_message != NULL)
sm_free(CurEnv->e_message);
if (MsgBuf[0] == '6')
{
char buf[MAXLINE];
(void) sm_snprintf(buf, sizeof(buf),
"Postmaster warning: %.*s",
(int) sizeof(buf) - 22, errtxt);
CurEnv->e_message =
sm_rpool_strdup_x(CurEnv->e_rpool, buf);
}
else
{
CurEnv->e_message =
sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
}
break;
}
puterrmsg(MsgBuf);
if (LogLevel > 3 && LogUsrErrs)
sm_syslog(LOG_NOTICE, CurEnv->e_id, "%.900s", errtxt);
if (QuickAbort)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
}
/*
** MESSAGE -- print message (not necessarily an error)
**
** Parameters:
** msg -- the message (sm_io_printf fmt) -- it can begin with
** an SMTP reply code. If not, 050 is assumed.
** (others) -- sm_io_printf arguments
**
** Returns:
** none
-**
-** Side Effects:
-** none.
*/
/*VARARGS1*/
void
#ifdef __STDC__
message(const char *msg, ...)
#else /* __STDC__ */
message(msg, va_alist)
const char *msg;
va_dcl
#endif /* __STDC__ */
{
char *errtxt;
SM_VA_LOCAL_DECL
errno = 0;
SM_VA_START(ap, msg);
errtxt = fmtmsg(MsgBuf, CurEnv->e_to, "050", (char *) NULL, 0, msg, ap);
SM_VA_END(ap);
putoutmsg(MsgBuf, false, false);
/* save this message for mailq printing */
switch (MsgBuf[0])
{
case '4':
case '8':
if (CurEnv->e_message != NULL)
break;
/* FALLTHROUGH */
case '5':
if (CurEnv->e_rpool == NULL && CurEnv->e_message != NULL)
sm_free(CurEnv->e_message);
CurEnv->e_message = sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
break;
}
}
#if _FFR_PROXY
/*
** EMESSAGE -- print message (not necessarily an error)
** (same as message() but requires reply code and enhanced status code)
**
** Parameters:
** replycode -- SMTP reply code.
** enhsc -- enhanced status code.
** msg -- the message (sm_io_printf fmt) -- it can begin with
** an SMTP reply code. If not, 050 is assumed.
** (others) -- sm_io_printf arguments
**
** Returns:
** none
-**
-** Side Effects:
-** none.
*/
/*VARARGS3*/
void
# ifdef __STDC__
emessage(const char *replycode, const char *enhsc, const char *msg, ...)
# else /* __STDC__ */
emessage(replycode, enhsc, msg, va_alist)
const char *replycode;
const char *enhsc;
const char *msg;
va_dcl
# endif /* __STDC__ */
{
char *errtxt;
SM_VA_LOCAL_DECL
errno = 0;
SM_VA_START(ap, msg);
errtxt = fmtmsg(MsgBuf, CurEnv->e_to, replycode, enhsc, 0, msg, ap);
SM_VA_END(ap);
putoutmsg(MsgBuf, false, false);
/* save this message for mailq printing */
switch (MsgBuf[0])
{
case '4':
case '8':
if (CurEnv->e_message != NULL)
break;
/* FALLTHROUGH */
case '5':
if (CurEnv->e_rpool == NULL && CurEnv->e_message != NULL)
sm_free(CurEnv->e_message);
CurEnv->e_message = sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
break;
}
}
/*
** EXTSC -- check and extract a status codes
**
** Parameters:
** msg -- string with possible enhanced status code.
** delim -- delim for enhanced status code.
** replycode -- pointer to storage for SMTP reply code;
** must be != NULL and have space for at least
** 4 characters.
** enhsc -- pointer to storage for enhanced status code;
** must be != NULL and have space for at least
** 10 characters ([245].[0-9]{1,3}.[0-9]{1,3})
**
** Returns:
** -1 -- no SMTP reply code.
** >=3 -- offset of error text in msg.
** (<=4 -- no enhanced status code)
*/
int
extsc(msg, delim, replycode, enhsc)
const char *msg;
int delim;
char *replycode;
char *enhsc;
{
int offset;
SM_REQUIRE(replycode != NULL);
SM_REQUIRE(enhsc != NULL);
replycode[0] = '\0';
enhsc[0] = '\0';
if (msg == NULL)
return -1;
if (!ISSMTPREPLY(msg))
return -1;
sm_strlcpy(replycode, msg, 4);
if (msg[3] == '\0')
return 3;
offset = 4;
if (isenhsc(msg + 4, delim))
offset = extenhsc(msg + 4, delim, enhsc) + 4;
return offset;
}
#endif /* _FFR_PROXY */
/*
** NMESSAGE -- print message (not necessarily an error)
**
** Just like "message" except it never puts the to... tag on.
**
** Parameters:
** msg -- the message (sm_io_printf fmt) -- if it begins
** with a three digit SMTP reply code, that is used,
** otherwise 050 is assumed.
** (others) -- sm_io_printf arguments
**
** Returns:
** none
-**
-** Side Effects:
-** none.
*/
/*VARARGS1*/
void
#ifdef __STDC__
nmessage(const char *msg, ...)
#else /* __STDC__ */
nmessage(msg, va_alist)
const char *msg;
va_dcl
#endif /* __STDC__ */
{
char *errtxt;
SM_VA_LOCAL_DECL
errno = 0;
SM_VA_START(ap, msg);
errtxt = fmtmsg(MsgBuf, (char *) NULL, "050",
(char *) NULL, 0, msg, ap);
SM_VA_END(ap);
putoutmsg(MsgBuf, false, false);
/* save this message for mailq printing */
switch (MsgBuf[0])
{
case '4':
case '8':
if (CurEnv->e_message != NULL)
break;
/* FALLTHROUGH */
case '5':
if (CurEnv->e_rpool == NULL && CurEnv->e_message != NULL)
sm_free(CurEnv->e_message);
CurEnv->e_message = sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
break;
}
}
+
/*
** PUTOUTMSG -- output error message to transcript and channel
**
** Parameters:
** msg -- message to output (in SMTP format).
** holdmsg -- if true, don't output a copy of the message to
** our output channel.
** heldmsg -- if true, this is a previously held message;
** don't log it to the transcript file.
**
** Returns:
** none.
**
** Side Effects:
** Outputs msg to the transcript.
** If appropriate, outputs it to the channel.
** Deletes SMTP reply code number as appropriate.
*/
static void
putoutmsg(msg, holdmsg, heldmsg)
char *msg;
bool holdmsg;
bool heldmsg;
{
char msgcode = msg[0];
char *errtxt = msg;
char *id;
/* display for debugging */
if (tTd(54, 8))
sm_dprintf("--- %s%s%s\n", msg, holdmsg ? " (hold)" : "",
heldmsg ? " (held)" : "");
/* map warnings to something SMTP can handle */
if (msgcode == '6')
msg[0] = '5';
else if (msgcode == '8')
msg[0] = '4';
id = (CurEnv != NULL) ? CurEnv->e_id : NULL;
/* output to transcript if serious */
if (!heldmsg && CurEnv != NULL && CurEnv->e_xfp != NULL &&
strchr("45", msg[0]) != NULL)
(void) sm_io_fprintf(CurEnv->e_xfp, SM_TIME_DEFAULT, "%s\n",
msg);
if (LogLevel > 14 && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
sm_syslog(LOG_INFO, id,
"--- %s%s%s", msg, holdmsg ? " (hold)" : "",
heldmsg ? " (held)" : "");
if (msgcode == '8')
msg[0] = '0';
/* output to channel if appropriate */
if (!Verbose && msg[0] == '0')
return;
if (holdmsg)
{
/* save for possible future display */
msg[0] = msgcode;
if (HeldMessageBuf[0] == '5' && msgcode == '4')
return;
(void) sm_strlcpy(HeldMessageBuf, msg, sizeof(HeldMessageBuf));
return;
}
(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
if (OutChannel == NULL)
return;
/* find actual text of error (after SMTP status codes) */
if (ISSMTPREPLY(errtxt))
{
int l;
errtxt += 4;
l = isenhsc(errtxt, ' ');
if (l <= 0)
l = isenhsc(errtxt, '\0');
if (l > 0)
errtxt += l + 1;
}
/* if DisConnected, OutChannel now points to the transcript */
if (!DisConnected &&
(OpMode == MD_SMTP || OpMode == MD_DAEMON || OpMode == MD_ARPAFTP))
(void) sm_io_fprintf(OutChannel, SM_TIME_DEFAULT, "%s\r\n",
msg);
else
(void) sm_io_fprintf(OutChannel, SM_TIME_DEFAULT, "%s\n",
errtxt);
if (TrafficLogFile != NULL)
(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
"%05d >>> %s\n", (int) CurrentPid,
(OpMode == MD_SMTP || OpMode == MD_DAEMON)
? msg : errtxt);
#if !PIPELINING
/* XXX can't flush here for SMTP pipelining */
if (msg[3] == ' ')
(void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
if (!sm_io_error(OutChannel) || DisConnected)
return;
/*
** Error on output -- if reporting lost channel, just ignore it.
** Also, ignore errors from QUIT response (221 message) -- some
** rude servers don't read result.
*/
if (InChannel == NULL || sm_io_eof(InChannel) ||
sm_io_error(InChannel) || strncmp(msg, "221", 3) == 0)
return;
/* can't call syserr, 'cause we are using MsgBuf */
HoldErrs = true;
if (LogLevel > 0)
sm_syslog(LOG_CRIT, id,
"SYSERR: putoutmsg (%s): error on output channel sending \"%s\": %s",
CURHOSTNAME,
shortenstring(msg, MAXSHORTSTR), sm_errstring(errno));
#endif /* !PIPELINING */
}
+
/*
** PUTERRMSG -- like putoutmsg, but does special processing for error messages
**
** Parameters:
** msg -- the message to output.
**
** Returns:
** none.
**
** Side Effects:
** Sets the fatal error bit in the envelope as appropriate.
*/
static void
puterrmsg(msg)
char *msg;
{
char msgcode = msg[0];
/* output the message as usual */
putoutmsg(msg, HoldErrs, false);
/* be careful about multiple error messages */
if (OnlyOneError)
HoldErrs = true;
/* signal the error */
Errors++;
if (CurEnv == NULL)
return;
if (msgcode == '6')
{
/* notify the postmaster */
CurEnv->e_flags |= EF_PM_NOTIFY;
}
else if (msgcode == '5' && bitset(EF_GLOBALERRS, CurEnv->e_flags))
{
/* mark long-term fatal errors */
CurEnv->e_flags |= EF_FATALERRS;
}
}
+
/*
** ISENHSC -- check whether a string contains an enhanced status code
**
** Parameters:
** s -- string with possible enhanced status code.
** delim -- delim for enhanced status code.
**
** Returns:
** 0 -- no enhanced status code.
** >4 -- length of enhanced status code.
-**
-** Side Effects:
-** none.
*/
+
int
isenhsc(s, delim)
const char *s;
int delim;
{
int l, h;
if (s == NULL)
return 0;
if (!((*s == '2' || *s == '4' || *s == '5') && s[1] == '.'))
return 0;
h = 0;
l = 2;
while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
++h;
if (h == 0 || s[l + h] != '.')
return 0;
l += h + 1;
h = 0;
while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
++h;
if (h == 0 || s[l + h] != delim)
return 0;
return l + h;
}
+
/*
** EXTENHSC -- check and extract an enhanced status code
**
** Parameters:
** s -- string with possible enhanced status code.
** delim -- delim for enhanced status code.
** e -- pointer to storage for enhanced status code.
** must be != NULL and have space for at least
** 10 characters ([245].[0-9]{1,3}.[0-9]{1,3})
**
** Returns:
** 0 -- no enhanced status code.
** >4 -- length of enhanced status code.
**
** Side Effects:
** fills e with enhanced status code.
*/
int
extenhsc(s, delim, e)
const char *s;
int delim;
char *e;
{
int l, h;
if (s == NULL)
return 0;
if (!((*s == '2' || *s == '4' || *s == '5') && s[1] == '.'))
return 0;
h = 0;
l = 2;
e[0] = s[0];
e[1] = '.';
while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
{
e[l + h] = s[l + h];
++h;
}
if (h == 0 || s[l + h] != '.')
return 0;
e[l + h] = '.';
l += h + 1;
h = 0;
while (h < 3 && isascii(s[l + h]) && isdigit(s[l + h]))
{
e[l + h] = s[l + h];
++h;
}
if (h == 0 || s[l + h] != delim)
return 0;
e[l + h] = '\0';
return l + h;
}
+
/*
** FMTMSG -- format a message into buffer.
**
** Parameters:
** eb -- error buffer to get result -- MUST BE MsgBuf.
** to -- the recipient tag for this message.
** num -- default three digit SMTP reply code.
** enhsc -- enhanced status code.
** en -- the error number to display.
-** fmt -- format of string.
+** fmt -- format of string: See NOTE below.
** ap -- arguments for fmt.
**
** Returns:
** pointer to error text beyond status codes.
**
-** Side Effects:
-** none.
+** NOTE:
+** Do NOT use "%s" as fmt if the argument starts with an SMTP
+** reply code!
*/
static char *
fmtmsg(eb, to, num, enhsc, eno, fmt, ap)
register char *eb;
const char *to;
const char *num;
const char *enhsc;
int eno;
const char *fmt;
SM_VA_LOCAL_DECL
{
char del;
int l;
int spaceleft = sizeof(MsgBuf);
char *errtxt;
/* output the reply code */
if (ISSMTPCODE(fmt))
{
num = fmt;
fmt += 4;
}
if (num[3] == '-')
del = '-';
else
del = ' ';
if (SoftBounce && num[0] == '5')
{
/* replace 5 by 4 */
(void) sm_snprintf(eb, spaceleft, "4%2.2s%c", num + 1, del);
}
else
(void) sm_snprintf(eb, spaceleft, "%3.3s%c", num, del);
eb += 4;
spaceleft -= 4;
if ((l = isenhsc(fmt, ' ' )) > 0 && l < spaceleft - 4)
{
/* copy enh.status code including trailing blank */
l++;
(void) sm_strlcpy(eb, fmt, l + 1);
eb += l;
spaceleft -= l;
fmt += l;
}
else if ((l = isenhsc(enhsc, '\0')) > 0 && l < spaceleft - 4)
{
/* copy enh.status code */
(void) sm_strlcpy(eb, enhsc, l + 1);
eb[l] = ' ';
eb[++l] = '\0';
eb += l;
spaceleft -= l;
}
if (SoftBounce && eb[-l] == '5')
{
/* replace 5 by 4 */
eb[-l] = '4';
}
errtxt = eb;
/* output the file name and line number */
if (FileName != NULL)
{
(void) sm_snprintf(eb, spaceleft, "%s: line %d: ",
shortenstring(FileName, 83), LineNumber);
eb += (l = strlen(eb));
spaceleft -= l;
}
/*
** output the "to" address only if it is defined and one of the
** following codes is used:
** 050 internal notices, e.g., alias expansion
** 250 Ok
** 252 Cannot VRFY user, but will accept message and attempt delivery
** 450 Requested mail action not taken: mailbox unavailable
** 550 Requested action not taken: mailbox unavailable
** 553 Requested action not taken: mailbox name not allowed
**
** Notice: this still isn't "the right thing", this code shouldn't
** (indirectly) depend on CurEnv->e_to.
*/
if (to != NULL && to[0] != '\0' &&
(strncmp(num, "050", 3) == 0 ||
strncmp(num, "250", 3) == 0 ||
strncmp(num, "252", 3) == 0 ||
strncmp(num, "450", 3) == 0 ||
strncmp(num, "550", 3) == 0 ||
strncmp(num, "553", 3) == 0))
{
(void) sm_strlcpyn(eb, spaceleft, 2,
shortenstring(to, MAXSHORTSTR), "... ");
spaceleft -= strlen(eb);
+#if _FFR_EAI
+ eb += strlen(eb);
+#else
while (*eb != '\0')
*eb++ &= 0177;
+#endif
}
/* output the message */
(void) sm_vsnprintf(eb, spaceleft, fmt, ap);
spaceleft -= strlen(eb);
+#if _FFR_EAI
+ eb += strlen(eb);
+#else
while (*eb != '\0')
*eb++ &= 0177;
+#endif
/* output the error code, if any */
if (eno != 0)
(void) sm_strlcpyn(eb, spaceleft, 2, ": ", sm_errstring(eno));
return errtxt;
}
+
/*
** BUFFER_ERRORS -- arrange to buffer future error messages
**
** Parameters:
** none
**
** Returns:
** none.
*/
void
buffer_errors()
{
HeldMessageBuf[0] = '\0';
HoldErrs = true;
}
+
/*
** FLUSH_ERRORS -- flush the held error message buffer
**
** Parameters:
** print -- if set, print the message, otherwise just
** delete it.
**
** Returns:
** none.
*/
void
flush_errors(print)
bool print;
{
if (print && HeldMessageBuf[0] != '\0')
putoutmsg(HeldMessageBuf, false, true);
HeldMessageBuf[0] = '\0';
HoldErrs = false;
}
/*
** SM_ERRSTRING -- return string description of error code
**
** Parameters:
** errnum -- the error number to translate
**
** Returns:
** A string description of errnum.
-**
-** Side Effects:
-** none.
*/
const char *
sm_errstring(errnum)
int errnum;
{
char *dnsmsg;
char *bp;
static char buf[MAXLINE];
#if HASSTRERROR
char *err;
char errbuf[30];
-#endif /* HASSTRERROR */
+#endif
#if !HASSTRERROR && !defined(ERRLIST_PREDEFINED)
extern char *sys_errlist[];
extern int sys_nerr;
-#endif /* !HASSTRERROR && !defined(ERRLIST_PREDEFINED) */
+#endif
/*
** Handle special network error codes.
**
** These are 4.2/4.3bsd specific; they should be in daemon.c.
*/
dnsmsg = NULL;
switch (errnum)
{
case ETIMEDOUT:
case ECONNRESET:
bp = buf;
#if HASSTRERROR
err = strerror(errnum);
if (err == NULL)
{
(void) sm_snprintf(errbuf, sizeof(errbuf),
"Error %d", errnum);
err = errbuf;
}
(void) sm_strlcpy(bp, err, SPACELEFT(buf, bp));
#else /* HASSTRERROR */
if (errnum >= 0 && errnum < sys_nerr)
(void) sm_strlcpy(bp, sys_errlist[errnum],
SPACELEFT(buf, bp));
else
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
"Error %d", errnum);
#endif /* HASSTRERROR */
bp += strlen(bp);
if (CurHostName != NULL)
{
if (errnum == ETIMEDOUT)
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
" with ");
bp += strlen(bp);
}
else
{
bp = buf;
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
"Connection reset by ");
bp += strlen(bp);
}
(void) sm_strlcpy(bp,
shortenstring(CurHostName, MAXSHORTSTR),
SPACELEFT(buf, bp));
bp += strlen(buf);
}
if (SmtpPhase != NULL)
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
" during %s", SmtpPhase);
}
return buf;
case EHOSTDOWN:
if (CurHostName == NULL)
break;
(void) sm_snprintf(buf, sizeof(buf), "Host %s is down",
shortenstring(CurHostName, MAXSHORTSTR));
return buf;
case ECONNREFUSED:
if (CurHostName == NULL)
break;
(void) sm_strlcpyn(buf, sizeof(buf), 2, "Connection refused by ",
shortenstring(CurHostName, MAXSHORTSTR));
return buf;
#if NAMED_BIND
case HOST_NOT_FOUND + E_DNSBASE:
dnsmsg = "host not found";
break;
case TRY_AGAIN + E_DNSBASE:
dnsmsg = "host name lookup failure";
break;
case NO_RECOVERY + E_DNSBASE:
dnsmsg = "non-recoverable error";
break;
case NO_DATA + E_DNSBASE:
dnsmsg = "no data known";
break;
#endif /* NAMED_BIND */
case EPERM:
/* SunOS gives "Not owner" -- this is the POSIX message */
return "Operation not permitted";
/*
** Error messages used internally in sendmail.
*/
case E_SM_OPENTIMEOUT:
return "Timeout on file open";
case E_SM_NOSLINK:
return "Symbolic links not allowed";
case E_SM_NOHLINK:
return "Hard links not allowed";
case E_SM_REGONLY:
return "Regular files only";
case E_SM_ISEXEC:
return "Executable files not allowed";
case E_SM_WWDIR:
return "World writable directory";
case E_SM_GWDIR:
return "Group writable directory";
case E_SM_FILECHANGE:
return "File changed after open";
case E_SM_WWFILE:
return "World writable file";
case E_SM_GWFILE:
return "Group writable file";
case E_SM_GRFILE:
return "Group readable file";
case E_SM_WRFILE:
return "World readable file";
}
if (dnsmsg != NULL)
{
bp = buf;
bp += sm_strlcpy(bp, "Name server: ", sizeof(buf));
if (CurHostName != NULL)
{
(void) sm_strlcpyn(bp, SPACELEFT(buf, bp), 2,
shortenstring(CurHostName, MAXSHORTSTR), ": ");
bp += strlen(bp);
}
(void) sm_strlcpy(bp, dnsmsg, SPACELEFT(buf, bp));
return buf;
}
#if LDAPMAP
if (errnum >= E_LDAPBASE - E_LDAP_SHIM)
return ldap_err2string(errnum - E_LDAPBASE);
-#endif /* LDAPMAP */
+#endif
#if HASSTRERROR
err = strerror(errnum);
if (err == NULL)
{
(void) sm_snprintf(buf, sizeof(buf), "Error %d", errnum);
return buf;
}
return err;
#else /* HASSTRERROR */
if (errnum > 0 && errnum < sys_nerr)
return sys_errlist[errnum];
(void) sm_snprintf(buf, sizeof(buf), "Error %d", errnum);
return buf;
#endif /* HASSTRERROR */
}
diff --git a/src/headers.c b/src/headers.c
index 0af72436f7f2..da84a8009328 100644
--- a/src/headers.c
+++ b/src/headers.c
@@ -1,2362 +1,2359 @@
/*
* Copyright (c) 1998-2004, 2006, 2007 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#include <sm/sendmail.h>
SM_RCSID("@(#)$Id: headers.c,v 8.320 2013-11-22 20:51:55 ca Exp $")
static HDR *allocheader __P((char *, char *, int, SM_RPOOL_T *, bool));
static size_t fix_mime_header __P((HDR *, ENVELOPE *));
static int priencode __P((char *));
static bool put_vanilla_header __P((HDR *, char *, MCI *));
/*
** SETUPHEADERS -- initialize headers in symbol table
**
** Parameters:
** none
**
** Returns:
** none
*/
void
setupheaders()
{
struct hdrinfo *hi;
STAB *s;
for (hi = HdrInfo; hi->hi_field != NULL; hi++)
{
s = stab(hi->hi_field, ST_HEADER, ST_ENTER);
s->s_header.hi_flags = hi->hi_flags;
s->s_header.hi_ruleset = NULL;
}
}
/*
** DOCHOMPHEADER -- process and save a header line.
**
** Called by chompheader.
**
** Parameters:
** line -- header as a text line.
** pflag -- flags for chompheader() (from sendmail.h)
** hdrp -- a pointer to the place to save the header.
** e -- the envelope including this header.
**
** Returns:
** flags for this header.
**
** Side Effects:
** The header is saved on the header list.
** Contents of 'line' are destroyed.
*/
static struct hdrinfo NormalHeader = { NULL, 0, NULL };
static unsigned long dochompheader __P((char *, int, HDR **, ENVELOPE *));
static unsigned long
dochompheader(line, pflag, hdrp, e)
char *line;
int pflag;
HDR **hdrp;
ENVELOPE *e;
{
unsigned char mid = '\0';
register char *p;
register HDR *h;
HDR **hp;
char *fname;
char *fvalue;
bool cond = false;
bool dropfrom;
bool headeronly;
STAB *s;
struct hdrinfo *hi;
bool nullheader = false;
BITMAP256 mopts;
headeronly = hdrp != NULL;
if (!headeronly)
hdrp = &e->e_header;
/* strip off options */
clrbitmap(mopts);
p = line;
if (!bitset(pflag, CHHDR_USER) && *p == '?')
{
int c;
register char *q;
q = strchr(++p, '?');
if (q == NULL)
goto hse;
*q = '\0';
c = *p & 0377;
/* possibly macro conditional */
if (c == MACROEXPAND)
{
/* catch ?$? */
if (*++p == '\0')
{
*q = '?';
goto hse;
}
mid = (unsigned char) *p++;
/* catch ?$abc? */
if (*p != '\0')
{
*q = '?';
goto hse;
}
}
else if (*p == '$')
{
/* catch ?$? */
if (*++p == '\0')
{
*q = '?';
goto hse;
}
mid = (unsigned char) macid(p);
if (bitset(0200, mid))
{
p += strlen(macname(mid)) + 2;
SM_ASSERT(p <= q);
}
else
p++;
/* catch ?$abc? */
if (*p != '\0')
{
*q = '?';
goto hse;
}
}
else
{
while (*p != '\0')
{
if (!isascii(*p))
{
*q = '?';
goto hse;
}
setbitn(bitidx(*p), mopts);
cond = true;
p++;
}
}
p = q + 1;
}
/* find canonical name */
fname = p;
while (isascii(*p) && isgraph(*p) && *p != ':')
p++;
fvalue = p;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p++ != ':' || fname == fvalue)
{
hse:
syserr("553 5.3.0 header syntax error, line \"%s\"", line);
return 0;
}
*fvalue = '\0';
fvalue = p;
/* if the field is null, go ahead and use the default */
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p == '\0')
nullheader = true;
/* security scan: long field names are end-of-header */
if (strlen(fname) > 100)
return H_EOH;
/* check to see if it represents a ruleset call */
if (bitset(pflag, CHHDR_DEF))
{
char hbuf[50];
(void) expand(fvalue, hbuf, sizeof(hbuf), e);
- for (p = hbuf; isascii(*p) && isspace(*p); )
+ for (p = hbuf; SM_ISSPACE(*p); )
p++;
if ((*p++ & 0377) == CALLSUBR)
{
auto char *endp;
bool strc;
strc = *p == '+'; /* strip comments? */
if (strc)
++p;
if (strtorwset(p, &endp, ST_ENTER) > 0)
{
*endp = '\0';
s = stab(fname, ST_HEADER, ST_ENTER);
if (LogLevel > 9 &&
s->s_header.hi_ruleset != NULL)
sm_syslog(LOG_WARNING, NOQID,
"Warning: redefined ruleset for header=%s, old=%s, new=%s",
fname,
s->s_header.hi_ruleset, p);
s->s_header.hi_ruleset = newstr(p);
if (!strc)
s->s_header.hi_flags |= H_STRIPCOMM;
}
return 0;
}
}
/* see if it is a known type */
s = stab(fname, ST_HEADER, ST_FIND);
if (s != NULL)
hi = &s->s_header;
else
hi = &NormalHeader;
if (tTd(31, 9))
{
if (s == NULL)
sm_dprintf("no header flags match\n");
else
sm_dprintf("header match, flags=%lx, ruleset=%s\n",
hi->hi_flags,
hi->hi_ruleset == NULL ? "<NULL>"
: hi->hi_ruleset);
}
/* see if this is a resent message */
if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
bitset(H_RESENT, hi->hi_flags))
e->e_flags |= EF_RESENT;
/* if this is an Errors-To: header keep track of it now */
if (UseErrorsTo && !bitset(pflag, CHHDR_DEF) && !headeronly &&
bitset(H_ERRORSTO, hi->hi_flags))
(void) sendtolist(fvalue, NULLADDR, &e->e_errorqueue, 0, e);
/* if this means "end of header" quit now */
if (!headeronly && bitset(H_EOH, hi->hi_flags))
return hi->hi_flags;
/*
** Horrible hack to work around problem with Lotus Notes SMTP
** mail gateway, which generates From: headers with newlines in
** them and the <address> on the second line. Although this is
** legal RFC 822, many MUAs don't handle this properly and thus
** never find the actual address.
*/
if (bitset(H_FROM, hi->hi_flags) && SingleLineFromHeader)
{
while ((p = strchr(fvalue, '\n')) != NULL)
*p = ' ';
}
/*
** If there is a check ruleset, verify it against the header.
*/
if (bitset(pflag, CHHDR_CHECK))
{
int rscheckflags;
char *rs;
rscheckflags = RSF_COUNT;
if (!bitset(hi->hi_flags, H_FROM|H_RCPT))
rscheckflags |= RSF_UNSTRUCTURED;
/* no ruleset? look for default */
rs = hi->hi_ruleset;
if (rs == NULL)
{
s = stab("*", ST_HEADER, ST_FIND);
if (s != NULL)
{
rs = (&s->s_header)->hi_ruleset;
if (bitset((&s->s_header)->hi_flags,
H_STRIPCOMM))
rscheckflags |= RSF_RMCOMM;
}
}
else if (bitset(hi->hi_flags, H_STRIPCOMM))
rscheckflags |= RSF_RMCOMM;
if (rs != NULL)
{
int l, k;
char qval[MAXNAME];
l = 0;
qval[l++] = '"';
/* - 3 to avoid problems with " at the end */
/* should be sizeof(qval), not MAXNAME */
for (k = 0; fvalue[k] != '\0' && l < MAXNAME - 3; k++)
{
switch (fvalue[k])
{
/* XXX other control chars? */
case '\011': /* ht */
case '\012': /* nl */
case '\013': /* vt */
case '\014': /* np */
case '\015': /* cr */
qval[l++] = ' ';
break;
case '"':
qval[l++] = '\\';
/* FALLTHROUGH */
default:
qval[l++] = fvalue[k];
break;
}
}
qval[l++] = '"';
qval[l] = '\0';
k += strlen(fvalue + k);
if (k >= MAXNAME)
{
if (LogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"Warning: truncated header '%s' before check with '%s' len=%d max=%d",
fname, rs, k, MAXNAME - 1);
}
macdefine(&e->e_macro, A_TEMP,
macid("{currHeader}"), qval);
macdefine(&e->e_macro, A_TEMP,
macid("{hdr_name}"), fname);
(void) sm_snprintf(qval, sizeof(qval), "%d", k);
macdefine(&e->e_macro, A_TEMP, macid("{hdrlen}"), qval);
if (bitset(H_FROM, hi->hi_flags))
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), "h s");
else if (bitset(H_RCPT, hi->hi_flags))
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), "h r");
else
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), "h");
(void) rscheck(rs, fvalue, NULL, e, rscheckflags, 3,
NULL, e->e_id, NULL, NULL);
}
}
/*
** Drop explicit From: if same as what we would generate.
** This is to make MH (which doesn't always give a full name)
** insert the full name information in all circumstances.
*/
dropfrom = false;
p = "resent-from";
if (!bitset(EF_RESENT, e->e_flags))
p += 7;
if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
!bitset(EF_QUEUERUN, e->e_flags) && sm_strcasecmp(fname, p) == 0)
{
if (e->e_from.q_paddr != NULL &&
e->e_from.q_mailer != NULL &&
bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) &&
(strcmp(fvalue, e->e_from.q_paddr) == 0 ||
strcmp(fvalue, e->e_from.q_user) == 0))
dropfrom = true;
if (tTd(31, 2))
{
sm_dprintf("comparing header from (%s) against default (%s or %s), drop=%d\n",
fvalue, e->e_from.q_paddr, e->e_from.q_user,
dropfrom);
}
}
/* delete default value for this header */
for (hp = hdrp; (h = *hp) != NULL; hp = &h->h_link)
{
if (sm_strcasecmp(fname, h->h_field) == 0 &&
!bitset(H_USER, h->h_flags) &&
!bitset(H_FORCE, h->h_flags))
{
if (nullheader)
{
/* user-supplied value was null */
return 0;
}
if (dropfrom)
{
/* make this look like the user entered it */
h->h_flags |= H_USER;
/*
** If the MH hack is selected, allow to turn
** it off via a mailer flag to avoid problems
** with setups that remove the F flag from
** the RCPT mailer.
*/
if (bitnset(M_NOMHHACK,
e->e_from.q_mailer->m_flags))
{
h->h_flags &= ~H_CHECK;
}
return hi->hi_flags;
}
h->h_value = NULL;
if (!cond)
{
/* copy conditions from default case */
memmove((char *) mopts, (char *) h->h_mflags,
sizeof(mopts));
}
h->h_macro = mid;
}
}
/* create a new node */
h = (HDR *) sm_rpool_malloc_x(e->e_rpool, sizeof(*h));
h->h_field = sm_rpool_strdup_x(e->e_rpool, fname);
h->h_value = sm_rpool_strdup_x(e->e_rpool, fvalue);
h->h_link = NULL;
memmove((char *) h->h_mflags, (char *) mopts, sizeof(mopts));
h->h_macro = mid;
*hp = h;
h->h_flags = hi->hi_flags;
if (bitset(pflag, CHHDR_USER) || bitset(pflag, CHHDR_QUEUE))
h->h_flags |= H_USER;
/* strip EOH flag if parsing MIME headers */
if (headeronly)
h->h_flags &= ~H_EOH;
if (bitset(pflag, CHHDR_DEF))
h->h_flags |= H_DEFAULT;
if (cond || mid != '\0')
h->h_flags |= H_CHECK;
/* hack to see if this is a new format message */
if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
bitset(H_RCPT|H_FROM, h->h_flags) &&
(strchr(fvalue, ',') != NULL || strchr(fvalue, '(') != NULL ||
strchr(fvalue, '<') != NULL || strchr(fvalue, ';') != NULL))
{
e->e_flags &= ~EF_OLDSTYLE;
}
return h->h_flags;
}
/*
** CHOMPHEADER -- process and save a header line.
**
** Called by collect, readcf, and readqf to deal with header lines.
** This is just a wrapper for dochompheader().
**
** Parameters:
** line -- header as a text line.
** pflag -- flags for chompheader() (from sendmail.h)
** hdrp -- a pointer to the place to save the header.
** e -- the envelope including this header.
**
** Returns:
** flags for this header.
**
** Side Effects:
** The header is saved on the header list.
** Contents of 'line' are destroyed.
*/
unsigned long
chompheader(line, pflag, hdrp, e)
char *line;
int pflag;
HDR **hdrp;
register ENVELOPE *e;
{
unsigned long rval;
if (tTd(31, 6))
{
sm_dprintf("chompheader: ");
xputs(sm_debug_file(), line);
sm_dprintf("\n");
}
/* quote this if user (not config file) input */
if (bitset(pflag, CHHDR_USER))
{
char xbuf[MAXLINE];
char *xbp = NULL;
int xbufs;
xbufs = sizeof(xbuf);
xbp = quote_internal_chars(line, xbuf, &xbufs);
if (tTd(31, 7))
{
sm_dprintf("chompheader: quoted: ");
xputs(sm_debug_file(), xbp);
sm_dprintf("\n");
}
rval = dochompheader(xbp, pflag, hdrp, e);
if (xbp != xbuf)
sm_free(xbp);
}
else
rval = dochompheader(line, pflag, hdrp, e);
return rval;
}
/*
** ALLOCHEADER -- allocate a header entry
**
** Parameters:
** field -- the name of the header field (will not be copied).
** value -- the value of the field (will be copied).
** flags -- flags to add to h_flags.
** rp -- resource pool for allocations
** space -- add leading space?
**
** Returns:
** Pointer to a newly allocated and populated HDR.
**
** Notes:
** o field and value must be in internal format, i.e.,
** metacharacters must be "quoted", see quote_internal_chars().
** o maybe add more flags to decide:
** - what to copy (field/value)
** - whether to convert value to an internal format
*/
static HDR *
allocheader(field, value, flags, rp, space)
char *field;
char *value;
int flags;
SM_RPOOL_T *rp;
bool space;
{
HDR *h;
STAB *s;
/* find info struct */
s = stab(field, ST_HEADER, ST_FIND);
/* allocate space for new header */
h = (HDR *) sm_rpool_malloc_x(rp, sizeof(*h));
h->h_field = field;
if (space)
{
size_t l;
char *n;
l = strlen(value);
SM_ASSERT(l + 2 > l);
n = sm_rpool_malloc_x(rp, l + 2);
n[0] = ' ';
n[1] = '\0';
sm_strlcpy(n + 1, value, l + 1);
h->h_value = n;
}
else
h->h_value = sm_rpool_strdup_x(rp, value);
h->h_flags = flags;
if (s != NULL)
h->h_flags |= s->s_header.hi_flags;
clrbitmap(h->h_mflags);
h->h_macro = '\0';
return h;
}
/*
** ADDHEADER -- add a header entry to the end of the queue.
**
** This bypasses the special checking of chompheader.
**
** Parameters:
** field -- the name of the header field (will not be copied).
** value -- the value of the field (will be copied).
** flags -- flags to add to h_flags.
** e -- envelope.
** space -- add leading space?
**
** Returns:
** none.
**
** Side Effects:
** adds the field on the list of headers for this envelope.
**
** Notes: field and value must be in internal format, i.e.,
** metacharacters must be "quoted", see quote_internal_chars().
*/
void
addheader(field, value, flags, e, space)
char *field;
char *value;
int flags;
ENVELOPE *e;
bool space;
{
register HDR *h;
HDR **hp;
HDR **hdrlist = &e->e_header;
/* find current place in list -- keep back pointer? */
for (hp = hdrlist; (h = *hp) != NULL; hp = &h->h_link)
{
if (sm_strcasecmp(field, h->h_field) == 0)
break;
}
/* allocate space for new header */
h = allocheader(field, value, flags, e->e_rpool, space);
h->h_link = *hp;
*hp = h;
}
/*
** INSHEADER -- insert a header entry at the specified index
** This bypasses the special checking of chompheader.
**
** Parameters:
** idx -- index into the header list at which to insert
** field -- the name of the header field (will be copied).
** value -- the value of the field (will be copied).
** flags -- flags to add to h_flags.
** e -- envelope.
** space -- add leading space?
**
** Returns:
** none.
**
** Side Effects:
** inserts the field on the list of headers for this envelope.
**
** Notes:
** - field and value must be in internal format, i.e.,
** metacharacters must be "quoted", see quote_internal_chars().
** - the header list contains headers that might not be
** sent "out" (see putheader(): "skip"), hence there is no
** reliable way to insert a header at an exact position
** (except at the front or end).
*/
void
insheader(idx, field, value, flags, e, space)
int idx;
char *field;
char *value;
int flags;
ENVELOPE *e;
bool space;
{
HDR *h, *srch, *last = NULL;
/* allocate space for new header */
h = allocheader(field, value, flags, e->e_rpool, space);
/* find insertion position */
for (srch = e->e_header; srch != NULL && idx > 0;
srch = srch->h_link, idx--)
last = srch;
if (e->e_header == NULL)
{
e->e_header = h;
h->h_link = NULL;
}
else if (srch == NULL)
{
SM_ASSERT(last != NULL);
last->h_link = h;
h->h_link = NULL;
}
else
{
h->h_link = srch->h_link;
srch->h_link = h;
}
}
/*
** HVALUE -- return value of a header.
**
** Only "real" fields (i.e., ones that have not been supplied
** as a default) are used.
**
** Parameters:
** field -- the field name.
** header -- the header list.
**
** Returns:
** pointer to the value part (internal format).
** NULL if not found.
**
** Side Effects:
** none.
*/
char *
hvalue(field, header)
char *field;
HDR *header;
{
register HDR *h;
for (h = header; h != NULL; h = h->h_link)
{
if (!bitset(H_DEFAULT, h->h_flags) &&
sm_strcasecmp(h->h_field, field) == 0)
{
char *s;
s = h->h_value;
if (s == NULL)
return NULL;
- while (isascii(*s) && isspace(*s))
+ while (SM_ISSPACE(*s))
s++;
return s;
}
}
return NULL;
}
/*
** ISHEADER -- predicate telling if argument is a header.
**
** A line is a header if it has a single word followed by
** optional white space followed by a colon.
**
** Header fields beginning with two dashes, although technically
** permitted by RFC822, are automatically rejected in order
** to make MIME work out. Without this we could have a technically
** legal header such as ``--"foo:bar"'' that would also be a legal
** MIME separator.
**
** Parameters:
** h -- string to check for possible headerness.
**
** Returns:
** true if h is a header.
** false otherwise.
**
** Side Effects:
** none.
*/
bool
isheader(h)
char *h;
{
char *s;
s = h;
if (s[0] == '-' && s[1] == '-')
return false;
while (*s > ' ' && *s != ':' && *s != '\0')
s++;
if (h == s)
return false;
/* following technically violates RFC822 */
- while (isascii(*s) && isspace(*s))
+ while (SM_ISSPACE(*s))
s++;
return (*s == ':');
}
/*
** EATHEADER -- run through the stored header and extract info.
**
** Parameters:
** e -- the envelope to process.
** full -- if set, do full processing (e.g., compute
** message priority). This should not be set
** when reading a queue file because some info
** needed to compute the priority is wrong.
** log -- call logsender()?
**
** Returns:
** none.
**
** Side Effects:
** Sets a bunch of global variables from information
** in the collected header.
*/
void
eatheader(e, full, log)
register ENVELOPE *e;
bool full;
bool log;
{
register HDR *h;
register char *p;
int hopcnt = 0;
char buf[MAXLINE];
/*
** Set up macros for possible expansion in headers.
*/
macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
if (e->e_origrcpt != NULL && *e->e_origrcpt != '\0')
macdefine(&e->e_macro, A_PERM, 'u', e->e_origrcpt);
else
macdefine(&e->e_macro, A_PERM, 'u', NULL);
/* full name of from person */
p = hvalue("full-name", e->e_header);
if (p != NULL)
{
if (!rfc822_string(p))
{
/*
** Quote a full name with special characters
** as a comment so crackaddr() doesn't destroy
** the name portion of the address.
*/
p = addquotes(p, e->e_rpool);
}
macdefine(&e->e_macro, A_PERM, 'x', p);
}
if (tTd(32, 1))
sm_dprintf("----- collected header -----\n");
e->e_msgid = NULL;
for (h = e->e_header; h != NULL; h = h->h_link)
{
if (tTd(32, 1))
sm_dprintf("%s:", h->h_field);
if (h->h_value == NULL)
{
if (tTd(32, 1))
sm_dprintf("<NULL>\n");
continue;
}
/* do early binding */
if (bitset(H_DEFAULT, h->h_flags) &&
!bitset(H_BINDLATE, h->h_flags))
{
if (tTd(32, 1))
{
sm_dprintf("(");
xputs(sm_debug_file(), h->h_value);
sm_dprintf(") ");
}
expand(h->h_value, buf, sizeof(buf), e);
if (buf[0] != '\0' &&
(buf[0] != ' ' || buf[1] != '\0'))
{
if (bitset(H_FROM, h->h_flags))
expand(crackaddr(buf, e),
buf, sizeof(buf), e);
h->h_value = sm_rpool_strdup_x(e->e_rpool, buf);
h->h_flags &= ~H_DEFAULT;
}
}
if (tTd(32, 1))
{
xputs(sm_debug_file(), h->h_value);
sm_dprintf("\n");
}
/* count the number of times it has been processed */
if (bitset(H_TRACE, h->h_flags))
hopcnt++;
/* send to this person if we so desire */
if (GrabTo && bitset(H_RCPT, h->h_flags) &&
!bitset(H_DEFAULT, h->h_flags) &&
(!bitset(EF_RESENT, e->e_flags) ||
bitset(H_RESENT, h->h_flags)))
{
#if 0
int saveflags = e->e_flags;
-#endif /* 0 */
+#endif
(void) sendtolist(denlstring(h->h_value, true, false),
NULLADDR, &e->e_sendqueue, 0, e);
#if 0
/*
** Change functionality so a fatal error on an
** address doesn't affect the entire envelope.
*/
/* delete fatal errors generated by this address */
if (!bitset(EF_FATALERRS, saveflags))
e->e_flags &= ~EF_FATALERRS;
#endif /* 0 */
}
/* save the message-id for logging */
p = "resent-message-id";
if (!bitset(EF_RESENT, e->e_flags))
p += 7;
if (sm_strcasecmp(h->h_field, p) == 0)
{
e->e_msgid = h->h_value;
while (isascii(*e->e_msgid) && isspace(*e->e_msgid))
e->e_msgid++;
macdefine(&e->e_macro, A_PERM, macid("{msg_id}"),
e->e_msgid);
}
}
if (tTd(32, 1))
sm_dprintf("----------------------------\n");
/* if we are just verifying (that is, sendmail -t -bv), drop out now */
if (OpMode == MD_VERIFY)
return;
/* store hop count */
if (hopcnt > e->e_hopcount)
{
e->e_hopcount = hopcnt;
(void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount);
macdefine(&e->e_macro, A_TEMP, 'c', buf);
}
/* message priority */
p = hvalue("precedence", e->e_header);
if (p != NULL)
e->e_class = priencode(p);
if (e->e_class < 0)
e->e_timeoutclass = TOC_NONURGENT;
else if (e->e_class > 0)
e->e_timeoutclass = TOC_URGENT;
if (full)
{
e->e_msgpriority = e->e_msgsize
- e->e_class * WkClassFact
+ e->e_nrcpts * WkRecipFact;
}
/* check for DSN to properly set e_timeoutclass */
p = hvalue("content-type", e->e_header);
if (p != NULL)
{
bool oldsupr;
char **pvp;
char pvpbuf[MAXLINE];
extern unsigned char MimeTokenTab[256];
/* tokenize header */
oldsupr = SuprErrs;
SuprErrs = true;
pvp = prescan(p, '\0', pvpbuf, sizeof(pvpbuf), NULL,
MimeTokenTab, false);
SuprErrs = oldsupr;
/* Check if multipart/report */
if (pvp != NULL && pvp[0] != NULL &&
pvp[1] != NULL && pvp[2] != NULL &&
sm_strcasecmp(*pvp++, "multipart") == 0 &&
strcmp(*pvp++, "/") == 0 &&
sm_strcasecmp(*pvp++, "report") == 0)
{
/* Look for report-type=delivery-status */
while (*pvp != NULL)
{
/* skip to semicolon separator */
while (*pvp != NULL && strcmp(*pvp, ";") != 0)
pvp++;
/* skip semicolon */
if (*pvp++ == NULL || *pvp == NULL)
break;
/* look for report-type */
if (sm_strcasecmp(*pvp++, "report-type") != 0)
continue;
/* skip equal */
if (*pvp == NULL || strcmp(*pvp, "=") != 0)
continue;
/* check value */
if (*++pvp != NULL &&
sm_strcasecmp(*pvp,
"delivery-status") == 0)
e->e_timeoutclass = TOC_DSN;
/* found report-type, no need to continue */
break;
}
}
}
/* message timeout priority */
p = hvalue("priority", e->e_header);
if (p != NULL)
{
/* (this should be in the configuration file) */
if (sm_strcasecmp(p, "urgent") == 0)
e->e_timeoutclass = TOC_URGENT;
else if (sm_strcasecmp(p, "normal") == 0)
e->e_timeoutclass = TOC_NORMAL;
else if (sm_strcasecmp(p, "non-urgent") == 0)
e->e_timeoutclass = TOC_NONURGENT;
else if (bitset(EF_RESPONSE, e->e_flags))
e->e_timeoutclass = TOC_DSN;
}
else if (bitset(EF_RESPONSE, e->e_flags))
e->e_timeoutclass = TOC_DSN;
/* date message originated */
p = hvalue("posted-date", e->e_header);
if (p == NULL)
p = hvalue("date", e->e_header);
if (p != NULL)
macdefine(&e->e_macro, A_PERM, 'a', p);
/* check to see if this is a MIME message */
if ((e->e_bodytype != NULL &&
sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0) ||
hvalue("MIME-Version", e->e_header) != NULL)
{
e->e_flags |= EF_IS_MIME;
if (HasEightBits)
e->e_bodytype = "8BITMIME";
}
else if ((p = hvalue("Content-Type", e->e_header)) != NULL)
{
/* this may be an RFC 1049 message */
p = strpbrk(p, ";/");
if (p == NULL || *p == ';')
{
/* yep, it is */
e->e_flags |= EF_DONT_MIME;
}
}
/*
** From person in antiquated ARPANET mode
** required by UK Grey Book e-mail gateways (sigh)
*/
if (OpMode == MD_ARPAFTP)
{
register struct hdrinfo *hi;
for (hi = HdrInfo; hi->hi_field != NULL; hi++)
{
if (bitset(H_FROM, hi->hi_flags) &&
(!bitset(H_RESENT, hi->hi_flags) ||
bitset(EF_RESENT, e->e_flags)) &&
(p = hvalue(hi->hi_field, e->e_header)) != NULL)
break;
}
if (hi->hi_field != NULL)
{
if (tTd(32, 2))
sm_dprintf("eatheader: setsender(*%s == %s)\n",
hi->hi_field, p);
setsender(p, e, NULL, '\0', true);
}
}
/*
** Log collection information.
*/
if (tTd(92, 2))
sm_dprintf("eatheader: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d, log=%d\n",
e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel,
log);
if (log && bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
{
logsender(e, e->e_msgid);
e->e_flags &= ~EF_LOGSENDER;
}
}
/*
** LOGSENDER -- log sender information
**
** Parameters:
** e -- the envelope to log
** msgid -- the message id
**
** Returns:
** none
*/
void
logsender(e, msgid)
register ENVELOPE *e;
char *msgid;
{
char *name;
register char *sbp;
register char *p;
char hbuf[MAXNAME + 1];
- char sbuf[MAXLINE + 1];
- char mbuf[MAXNAME + 1];
-
- /* don't allow newlines in the message-id */
- /* XXX do we still need this? sm_syslog() replaces control chars */
- if (msgid != NULL)
- {
- size_t l;
-
- l = strlen(msgid);
- if (l > sizeof(mbuf) - 1)
- l = sizeof(mbuf) - 1;
- memmove(mbuf, msgid, l);
- mbuf[l] = '\0';
- p = mbuf;
- while ((p = strchr(p, '\n')) != NULL)
- *p++ = ' ';
- }
+ char sbuf[MAXLINE + 1]; /* XREF: see below MSGIDLOGLEN */
if (bitset(EF_RESPONSE, e->e_flags))
name = "[RESPONSE]";
else if ((name = macvalue('_', e)) != NULL)
/* EMPTY */
;
else if (RealHostName == NULL)
name = "localhost";
else if (RealHostName[0] == '[')
name = RealHostName;
else
{
name = hbuf;
(void) sm_snprintf(hbuf, sizeof(hbuf), "%.80s", RealHostName);
if (RealHostAddr.sa.sa_family != 0)
{
p = &hbuf[strlen(hbuf)];
(void) sm_snprintf(p, SPACELEFT(hbuf, p),
" (%.100s)",
anynet_ntoa(&RealHostAddr));
}
}
- /* some versions of syslog only take 5 printf args */
#if (SYSLOG_BUFSIZE) >= 256
sbp = sbuf;
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
"from=%.200s, size=%ld, class=%d, nrcpts=%d",
e->e_from.q_paddr == NULL ? "<NONE>" : e->e_from.q_paddr,
PRT_NONNEGL(e->e_msgsize), e->e_class, e->e_nrcpts);
sbp += strlen(sbp);
if (msgid != NULL)
{
+
+#ifndef MSGIDLOGLEN
+# define MSGIDLOGLEN 100
+# define FIRSTLOGLEN 850
+# else
+# if MSGIDLOGLEN < 100
+ ERROR MSGIDLOGLEN too short
+# endif
+/* XREF: this is "sizeof(sbuf)", see above */
+# if MSGIDLOGLEN >= MAXLINE / 2
+ ERROR MSGIDLOGLEN too long
+# endif
+
+/* 850 - 100 for original MSGIDLOGLEN */
+# define FIRSTLOGLEN (750 + MSGIDLOGLEN)
+
+/* check that total length is ok */
+# if FIRSTLOGLEN + 200 >= MAXLINE
+ ERROR MSGIDLOGLEN too long
+# endif
+#endif
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
- ", msgid=%.100s", mbuf);
+ ", msgid=%.*s", MSGIDLOGLEN, msgid);
sbp += strlen(sbp);
}
if (e->e_bodytype != NULL)
{
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
", bodytype=%.20s", e->e_bodytype);
sbp += strlen(sbp);
}
p = macvalue('r', e);
if (p != NULL)
{
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
", proto=%.20s", p);
sbp += strlen(sbp);
}
p = macvalue(macid("{daemon_name}"), e);
if (p != NULL)
{
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
", daemon=%.20s", p);
sbp += strlen(sbp);
}
# if _FFR_LOG_MORE1
-# if STARTTLS
- p = macvalue(macid("{verify}"), e);
- if (p == NULL || *p == '\0')
- p = "NONE";
- (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp), ", tls_verify=%.20s", p);
- sbp += strlen(sbp);
-# endif /* STARTTLS */
+ LOG_MORE(sbuf, sbp);
# if SASL
p = macvalue(macid("{auth_type}"), e);
if (p == NULL || *p == '\0')
p = "NONE";
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp), ", auth=%.20s", p);
sbp += strlen(sbp);
# endif /* SASL */
# endif /* _FFR_LOG_MORE1 */
- sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%s", sbuf, name);
+ sm_syslog(LOG_INFO, e->e_id, "%.*s, relay=%s", FIRSTLOGLEN, sbuf, name);
#else /* (SYSLOG_BUFSIZE) >= 256 */
sm_syslog(LOG_INFO, e->e_id,
"from=%s",
e->e_from.q_paddr == NULL ? "<NONE>"
: shortenstring(e->e_from.q_paddr,
83));
sm_syslog(LOG_INFO, e->e_id,
"size=%ld, class=%ld, nrcpts=%d",
PRT_NONNEGL(e->e_msgsize), e->e_class, e->e_nrcpts);
if (msgid != NULL)
sm_syslog(LOG_INFO, e->e_id,
"msgid=%s",
- shortenstring(mbuf, 83));
+ shortenstring(msgid, 83));
sbp = sbuf;
*sbp = '\0';
if (e->e_bodytype != NULL)
{
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
"bodytype=%.20s, ", e->e_bodytype);
sbp += strlen(sbp);
}
p = macvalue('r', e);
if (p != NULL)
{
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
"proto=%.20s, ", p);
sbp += strlen(sbp);
}
sm_syslog(LOG_INFO, e->e_id,
"%.400srelay=%s", sbuf, name);
#endif /* (SYSLOG_BUFSIZE) >= 256 */
}
/*
** PRIENCODE -- encode external priority names into internal values.
**
** Parameters:
** p -- priority in ascii.
**
** Returns:
** priority as a numeric level.
**
** Side Effects:
** none.
*/
static int
priencode(p)
char *p;
{
register int i;
for (i = 0; i < NumPriorities; i++)
{
if (sm_strcasecmp(p, Priorities[i].pri_name) == 0)
return Priorities[i].pri_val;
}
/* unknown priority */
return 0;
}
/*
** CRACKADDR -- parse an address and turn it into a macro
**
** This doesn't actually parse the address -- it just extracts
** it and replaces it with "$g". The parse is totally ad hoc
** and isn't even guaranteed to leave something syntactically
** identical to what it started with. However, it does leave
** something semantically identical if possible, else at least
** syntactically correct.
**
** For example, it changes "Real Name <real@example.com> (Comment)"
** to "Real Name <$g> (Comment)".
**
** This algorithm has been cleaned up to handle a wider range
** of cases -- notably quoted and backslash escaped strings.
** This modification makes it substantially better at preserving
** the original syntax.
**
** Parameters:
** addr -- the address to be cracked.
** e -- the current envelope.
**
** Returns:
** a pointer to the new version.
**
** Side Effects:
** none.
**
** Warning:
** The return value is saved in local storage and should
** be copied if it is to be reused.
*/
#define SM_HAVE_ROOM ((bp < buflim) && (buflim <= bufend))
/*
** Append a character to bp if we have room.
** If not, punt and return $g.
*/
#define SM_APPEND_CHAR(c) \
do \
{ \
if (SM_HAVE_ROOM) \
*bp++ = (c); \
else \
goto returng; \
} while (0)
#if MAXNAME < 10
ERROR MAXNAME must be at least 10
-#endif /* MAXNAME < 10 */
+#endif
char *
crackaddr(addr, e)
register char *addr;
ENVELOPE *e;
{
register char *p;
register char c;
int cmtlev; /* comment level in input string */
int realcmtlev; /* comment level in output string */
int anglelev; /* angle level in input string */
int copylev; /* 0 == in address, >0 copying */
int bracklev; /* bracket level for IPv6 addr check */
bool addangle; /* put closing angle in output */
bool qmode; /* quoting in original string? */
bool realqmode; /* quoting in output string? */
bool putgmac = false; /* already wrote $g */
bool quoteit = false; /* need to quote next character */
bool gotangle = false; /* found first '<' */
bool gotcolon = false; /* found a ':' */
register char *bp;
char *buflim;
char *bufhead;
char *addrhead;
char *bufend;
static char buf[MAXNAME + 1];
if (tTd(33, 1))
sm_dprintf("crackaddr(%s)\n", addr);
buflim = bufend = &buf[sizeof(buf) - 1];
bp = bufhead = buf;
/* skip over leading spaces but preserve them */
- while (*addr != '\0' && isascii(*addr) && isspace(*addr))
+ while (*addr != '\0' && SM_ISSPACE(*addr))
{
SM_APPEND_CHAR(*addr);
addr++;
}
bufhead = bp;
/*
** Start by assuming we have no angle brackets. This will be
** adjusted later if we find them.
*/
p = addrhead = addr;
copylev = anglelev = cmtlev = realcmtlev = 0;
bracklev = 0;
qmode = realqmode = addangle = false;
while ((c = *p++) != '\0')
{
/*
** Try to keep legal syntax using spare buffer space
** (maintained by buflim).
*/
if (copylev > 0)
SM_APPEND_CHAR(c);
/* check for backslash escapes */
if (c == '\\')
{
/* arrange to quote the address */
if (cmtlev <= 0 && !qmode)
quoteit = true;
if ((c = *p++) == '\0')
{
/* too far */
p--;
goto putg;
}
if (copylev > 0)
SM_APPEND_CHAR(c);
goto putg;
}
/* check for quoted strings */
if (c == '"' && cmtlev <= 0)
{
qmode = !qmode;
if (copylev > 0 && SM_HAVE_ROOM)
{
if (realqmode)
buflim--;
else
buflim++;
realqmode = !realqmode;
}
continue;
}
if (qmode)
goto putg;
/* check for comments */
if (c == '(')
{
cmtlev++;
/* allow space for closing paren */
if (SM_HAVE_ROOM)
{
buflim--;
realcmtlev++;
if (copylev++ <= 0)
{
if (bp != bufhead)
SM_APPEND_CHAR(' ');
SM_APPEND_CHAR(c);
}
}
}
if (cmtlev > 0)
{
if (c == ')')
{
cmtlev--;
copylev--;
if (SM_HAVE_ROOM)
{
realcmtlev--;
buflim++;
}
}
continue;
}
else if (c == ')')
{
/* syntax error: unmatched ) */
if (copylev > 0 && SM_HAVE_ROOM && bp > bufhead)
bp--;
}
/* count nesting on [ ... ] (for IPv6 domain literals) */
if (c == '[')
bracklev++;
else if (c == ']')
bracklev--;
/* check for group: list; syntax */
if (c == ':' && anglelev <= 0 && bracklev <= 0 &&
!gotcolon && !ColonOkInAddr)
{
register char *q;
/*
** Check for DECnet phase IV ``::'' (host::user)
** or DECnet phase V ``:.'' syntaxes. The latter
** covers ``user@DEC:.tay.myhost'' and
** ``DEC:.tay.myhost::user'' syntaxes (bletch).
*/
if (*p == ':' || *p == '.')
{
if (cmtlev <= 0 && !qmode)
quoteit = true;
if (copylev > 0)
{
SM_APPEND_CHAR(c);
SM_APPEND_CHAR(*p);
}
p++;
goto putg;
}
gotcolon = true;
bp = bufhead;
if (quoteit)
{
SM_APPEND_CHAR('"');
/* back up over the ':' and any spaces */
--p;
while (p > addr &&
isascii(*--p) && isspace(*p))
continue;
p++;
}
for (q = addrhead; q < p; )
{
c = *q++;
if (quoteit && c == '"')
SM_APPEND_CHAR('\\');
SM_APPEND_CHAR(c);
}
if (quoteit)
{
if (bp == &bufhead[1])
bp--;
else
SM_APPEND_CHAR('"');
while ((c = *p++) != ':')
SM_APPEND_CHAR(c);
SM_APPEND_CHAR(c);
}
/* any trailing white space is part of group: */
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
{
SM_APPEND_CHAR(*p);
p++;
}
copylev = 0;
putgmac = quoteit = false;
bufhead = bp;
addrhead = p;
continue;
}
if (c == ';' && copylev <= 0 && !ColonOkInAddr)
SM_APPEND_CHAR(c);
/* check for characters that may have to be quoted */
if (strchr(MustQuoteChars, c) != NULL)
{
/*
** If these occur as the phrase part of a <>
** construct, but are not inside of () or already
** quoted, they will have to be quoted. Note that
** now (but don't actually do the quoting).
*/
if (cmtlev <= 0 && !qmode)
quoteit = true;
}
/* check for angle brackets */
if (c == '<')
{
register char *q;
/* assume first of two angles is bogus */
if (gotangle)
quoteit = true;
gotangle = true;
/* oops -- have to change our mind */
anglelev = 1;
if (SM_HAVE_ROOM)
{
if (!addangle)
buflim--;
addangle = true;
}
bp = bufhead;
if (quoteit)
{
SM_APPEND_CHAR('"');
/* back up over the '<' and any spaces */
--p;
while (p > addr &&
isascii(*--p) && isspace(*p))
continue;
p++;
}
for (q = addrhead; q < p; )
{
c = *q++;
if (quoteit && c == '"')
{
SM_APPEND_CHAR('\\');
SM_APPEND_CHAR(c);
}
else
SM_APPEND_CHAR(c);
}
if (quoteit)
{
if (bp == &buf[1])
bp--;
else
SM_APPEND_CHAR('"');
while ((c = *p++) != '<')
SM_APPEND_CHAR(c);
SM_APPEND_CHAR(c);
}
copylev = 0;
putgmac = quoteit = false;
continue;
}
if (c == '>')
{
if (anglelev > 0)
{
anglelev--;
if (SM_HAVE_ROOM)
{
if (addangle)
buflim++;
addangle = false;
}
}
else if (SM_HAVE_ROOM)
{
/* syntax error: unmatched > */
if (copylev > 0 && bp > bufhead)
bp--;
quoteit = true;
continue;
}
if (copylev++ <= 0)
SM_APPEND_CHAR(c);
continue;
}
/* must be a real address character */
putg:
if (copylev <= 0 && !putgmac)
{
if (bp > buf && bp[-1] == ')')
SM_APPEND_CHAR(' ');
SM_APPEND_CHAR(MACROEXPAND);
SM_APPEND_CHAR('g');
putgmac = true;
}
}
/* repair any syntactic damage */
if (realqmode && bp < bufend)
*bp++ = '"';
while (realcmtlev-- > 0 && bp < bufend)
*bp++ = ')';
if (addangle && bp < bufend)
*bp++ = '>';
*bp = '\0';
if (bp < bufend)
goto success;
returng:
/* String too long, punt */
buf[0] = '<';
buf[1] = MACROEXPAND;
buf[2]= 'g';
buf[3] = '>';
buf[4]= '\0';
sm_syslog(LOG_ALERT, e->e_id,
"Dropped invalid comments from header address");
success:
if (tTd(33, 1))
{
sm_dprintf("crackaddr=>`");
xputs(sm_debug_file(), buf);
sm_dprintf("'\n");
}
return buf;
}
/*
** PUTHEADER -- put the header part of a message from the in-core copy
**
** Parameters:
** mci -- the connection information.
** hdr -- the header to put.
** e -- envelope to use.
** flags -- MIME conversion flags.
**
** Returns:
** true iff header part was written successfully
**
** Side Effects:
** none.
*/
bool
putheader(mci, hdr, e, flags)
register MCI *mci;
HDR *hdr;
register ENVELOPE *e;
int flags;
{
register HDR *h;
char buf[SM_MAX(MAXLINE,BUFSIZ)];
char obuf[MAXLINE];
if (tTd(34, 1))
sm_dprintf("--- putheader, mailer = %s ---\n",
mci->mci_mailer->m_name);
/*
** If we're in MIME mode, we're not really in the header of the
** message, just the header of one of the parts of the body of
** the message. Therefore MCIF_INHEADER should not be turned on.
*/
if (!bitset(MCIF_INMIME, mci->mci_flags))
mci->mci_flags |= MCIF_INHEADER;
for (h = hdr; h != NULL; h = h->h_link)
{
register char *p = h->h_value;
char *q;
if (tTd(34, 11))
{
sm_dprintf(" %s:", h->h_field);
xputs(sm_debug_file(), p);
}
/* Skip empty headers */
if (h->h_value == NULL)
continue;
/* heuristic shortening of MIME fields to avoid MUA overflows */
if (MaxMimeFieldLength > 0 &&
wordinclass(h->h_field,
macid("{checkMIMEFieldHeaders}")))
{
size_t len;
len = fix_mime_header(h, e);
if (len > 0)
{
sm_syslog(LOG_ALERT, e->e_id,
"Truncated MIME %s header due to field size (length = %ld) (possible attack)",
h->h_field, (unsigned long) len);
if (tTd(34, 11))
sm_dprintf(" truncated MIME %s header due to field size (length = %ld) (possible attack)\n",
h->h_field,
(unsigned long) len);
}
}
if (MaxMimeHeaderLength > 0 &&
wordinclass(h->h_field,
macid("{checkMIMETextHeaders}")))
{
size_t len;
len = strlen(h->h_value);
if (len > (size_t) MaxMimeHeaderLength)
{
h->h_value[MaxMimeHeaderLength - 1] = '\0';
sm_syslog(LOG_ALERT, e->e_id,
"Truncated long MIME %s header (length = %ld) (possible attack)",
h->h_field, (unsigned long) len);
if (tTd(34, 11))
sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n",
h->h_field,
(unsigned long) len);
}
}
if (MaxMimeHeaderLength > 0 &&
wordinclass(h->h_field,
macid("{checkMIMEHeaders}")))
{
size_t len;
len = strlen(h->h_value);
if (shorten_rfc822_string(h->h_value,
MaxMimeHeaderLength))
{
if (len < MaxMimeHeaderLength)
{
/* we only rebalanced a bogus header */
sm_syslog(LOG_ALERT, e->e_id,
"Fixed MIME %s header (possible attack)",
h->h_field);
if (tTd(34, 11))
sm_dprintf(" fixed MIME %s header (possible attack)\n",
h->h_field);
}
else
{
/* we actually shortened header */
sm_syslog(LOG_ALERT, e->e_id,
"Truncated long MIME %s header (length = %ld) (possible attack)",
h->h_field,
(unsigned long) len);
if (tTd(34, 11))
sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n",
h->h_field,
(unsigned long) len);
}
}
}
/*
** Suppress Content-Transfer-Encoding: if we are MIMEing
** and we are potentially converting from 8 bit to 7 bit
** MIME. If converting, add a new CTE header in
** mime8to7().
*/
if (bitset(H_CTE, h->h_flags) &&
bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME,
mci->mci_flags) &&
!bitset(M87F_NO8TO7, flags))
{
if (tTd(34, 11))
sm_dprintf(" (skipped (content-transfer-encoding))\n");
continue;
}
if (bitset(MCIF_INMIME, mci->mci_flags))
{
if (tTd(34, 11))
sm_dprintf("\n");
if (!put_vanilla_header(h, p, mci))
goto writeerr;
continue;
}
if (bitset(H_CHECK|H_ACHECK, h->h_flags) &&
!bitintersect(h->h_mflags, mci->mci_mailer->m_flags) &&
(h->h_macro == '\0' ||
(q = macvalue(bitidx(h->h_macro), e)) == NULL ||
*q == '\0'))
{
if (tTd(34, 11))
sm_dprintf(" (skipped)\n");
continue;
}
/* handle Resent-... headers specially */
if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags))
{
if (tTd(34, 11))
sm_dprintf(" (skipped (resent))\n");
continue;
}
/* suppress return receipts if requested */
if (bitset(H_RECEIPTTO, h->h_flags) &&
(RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags)))
{
if (tTd(34, 11))
sm_dprintf(" (skipped (receipt))\n");
continue;
}
/* macro expand value if generated internally */
if (bitset(H_DEFAULT, h->h_flags) ||
bitset(H_BINDLATE, h->h_flags))
{
expand(p, buf, sizeof(buf), e);
p = buf;
if (*p == '\0')
{
if (tTd(34, 11))
sm_dprintf(" (skipped -- null value)\n");
continue;
}
}
- if (bitset(H_BCC, h->h_flags))
+ if (bitset(H_BCC, h->h_flags) && !KeepBcc)
{
/* Bcc: field -- either truncate or delete */
if (bitset(EF_DELETE_BCC, e->e_flags))
{
if (tTd(34, 11))
sm_dprintf(" (skipped -- bcc)\n");
}
else
{
/* no other recipient headers: truncate value */
(void) sm_strlcpyn(obuf, sizeof(obuf), 2,
h->h_field, ":");
if (!putline(obuf, mci))
goto writeerr;
}
continue;
}
if (tTd(34, 11))
sm_dprintf("\n");
if (bitset(H_FROM|H_RCPT, h->h_flags))
{
/* address field */
bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);
if (bitset(H_FROM, h->h_flags))
oldstyle = false;
if (!commaize(h, p, oldstyle, mci, e,
PXLF_HEADER | PXLF_STRIPMQUOTE)
&& bitnset(M_xSMTP, mci->mci_mailer->m_flags))
goto writeerr;
}
else
{
if (!put_vanilla_header(h, p, mci))
goto writeerr;
}
}
/*
** If we are converting this to a MIME message, add the
** MIME headers (but not in MIME mode!).
*/
#if MIME8TO7
if (bitset(MM_MIME8BIT, MimeMode) &&
bitset(EF_HAS8BIT, e->e_flags) &&
!bitset(EF_DONT_MIME, e->e_flags) &&
!bitnset(M_8BITS, mci->mci_mailer->m_flags) &&
!bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
hvalue("MIME-Version", e->e_header) == NULL)
{
if (!putline("MIME-Version: 1.0", mci))
goto writeerr;
if (hvalue("Content-Type", e->e_header) == NULL)
{
(void) sm_snprintf(obuf, sizeof(obuf),
"Content-Type: text/plain; charset=%s",
defcharset(e));
if (!putline(obuf, mci))
goto writeerr;
}
if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL
&& !putline("Content-Transfer-Encoding: 8bit", mci))
goto writeerr;
}
#endif /* MIME8TO7 */
return true;
writeerr:
return false;
}
/*
** PUT_VANILLA_HEADER -- output a fairly ordinary header
**
** Parameters:
** h -- the structure describing this header
** v -- the value of this header
** mci -- the connection info for output
**
** Returns:
** true iff header was written successfully
*/
static bool
put_vanilla_header(h, v, mci)
HDR *h;
char *v;
MCI *mci;
{
register char *nlp;
register char *obp;
int putflags;
char obuf[MAXLINE + 256]; /* additional length for h_field */
putflags = PXLF_HEADER | PXLF_STRIPMQUOTE;
if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
putflags |= PXLF_STRIP8BIT;
(void) sm_snprintf(obuf, sizeof(obuf), "%.200s:", h->h_field);
obp = obuf + strlen(obuf);
while ((nlp = strchr(v, '\n')) != NULL)
{
int l;
l = nlp - v;
/*
** XXX This is broken for SPACELEFT()==0
** However, SPACELEFT() is always > 0 unless MAXLINE==1.
*/
if (SPACELEFT(obuf, obp) - 1 < (size_t) l)
l = SPACELEFT(obuf, obp) - 1;
(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
if (!putxline(obuf, strlen(obuf), mci, putflags))
goto writeerr;
v += l + 1;
obp = obuf;
if (*v != ' ' && *v != '\t')
*obp++ = ' ';
}
/* XXX This is broken for SPACELEFT()==0 */
(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
(int) (SPACELEFT(obuf, obp) - 1), v);
return putxline(obuf, strlen(obuf), mci, putflags);
writeerr:
return false;
}
/*
** COMMAIZE -- output a header field, making a comma-translated list.
**
** Parameters:
** h -- the header field to output.
** p -- the value to put in it.
** oldstyle -- true if this is an old style header.
** mci -- the connection information.
** e -- the envelope containing the message.
** putflags -- flags for putxline()
**
** Returns:
** true iff header field was written successfully
**
** Side Effects:
** outputs "p" to "mci".
*/
bool
commaize(h, p, oldstyle, mci, e, putflags)
register HDR *h;
register char *p;
bool oldstyle;
register MCI *mci;
register ENVELOPE *e;
int putflags;
{
register char *obp;
int opos, omax, spaces;
bool firstone = true;
char **res;
char obuf[MAXLINE + 3];
/*
** Output the address list translated by the
** mailer and with commas.
*/
if (tTd(14, 2))
sm_dprintf("commaize(%s:%s)\n", h->h_field, p);
if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
putflags |= PXLF_STRIP8BIT;
obp = obuf;
(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.200s:", h->h_field);
/* opos = strlen(obp); instead of the next 3 lines? */
opos = strlen(h->h_field) + 1;
if (opos > 201)
opos = 201;
obp += opos;
spaces = 0;
- while (*p != '\0' && isascii(*p) && isspace(*p))
+ while (*p != '\0' && SM_ISSPACE(*p))
{
++spaces;
++p;
}
if (spaces > 0)
{
SM_ASSERT(sizeof(obuf) > opos * 2);
/*
** Restrict number of spaces to half the length of buffer
** so the header field body can be put in here too.
** Note: this is a hack...
*/
if (spaces > sizeof(obuf) / 2)
spaces = sizeof(obuf) / 2;
(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%*s", spaces,
"");
opos += spaces;
obp += spaces;
SM_ASSERT(obp < &obuf[MAXLINE]);
}
omax = mci->mci_mailer->m_linelimit - 2;
if (omax < 0 || omax > 78)
omax = 78;
/*
** Run through the list of values.
*/
while (*p != '\0')
{
register char *name;
register int c;
char savechar;
int flags;
auto int status;
/*
** Find the end of the name. New style names
** end with a comma, old style names end with
** a space character. However, spaces do not
** necessarily delimit an old-style name -- at
** signs mean keep going.
*/
/* find end of name */
- while ((isascii(*p) && isspace(*p)) || *p == ',')
+ while ((SM_ISSPACE(*p)) || *p == ',')
p++;
name = p;
res = NULL;
for (;;)
{
auto char *oldp;
char pvpbuf[PSBUFSIZE];
res = prescan(p, oldstyle ? ' ' : ',', pvpbuf,
sizeof(pvpbuf), &oldp, ExtTokenTab, false);
p = oldp;
#if _FFR_IGNORE_BOGUS_ADDR
/* ignore addresses that can't be parsed */
if (res == NULL)
{
name = p;
continue;
}
#endif /* _FFR_IGNORE_BOGUS_ADDR */
/* look to see if we have an at sign */
- while (*p != '\0' && isascii(*p) && isspace(*p))
+ while (*p != '\0' && SM_ISSPACE(*p))
p++;
if (*p != '@')
{
p = oldp;
break;
}
++p;
- while (*p != '\0' && isascii(*p) && isspace(*p))
+ while (*p != '\0' && SM_ISSPACE(*p))
p++;
}
/* at the end of one complete name */
/* strip off trailing white space */
while (p >= name &&
- ((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
+ ((SM_ISSPACE(*p)) || *p == ',' || *p == '\0'))
p--;
if (++p == name)
continue;
/*
** if prescan() failed go a bit backwards; this is a hack,
** there should be some better error recovery.
*/
if (res == NULL && p > name &&
- !((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
+ !((SM_ISSPACE(*p)) || *p == ',' || *p == '\0'))
--p;
savechar = *p;
*p = '\0';
/* translate the name to be relative */
flags = RF_HEADERADDR|RF_ADDDOMAIN;
if (bitset(H_FROM, h->h_flags))
flags |= RF_SENDERADDR;
#if USERDB
else if (e->e_from.q_mailer != NULL &&
bitnset(M_UDBRECIPIENT, e->e_from.q_mailer->m_flags))
{
char *q;
q = udbsender(name, e->e_rpool);
if (q != NULL)
name = q;
}
#endif /* USERDB */
status = EX_OK;
name = remotename(name, mci->mci_mailer, flags, &status, e);
if (status != EX_OK && bitnset(M_xSMTP, mci->mci_mailer->m_flags))
{
if (status == EX_TEMPFAIL)
mci->mci_flags |= MCIF_NOTSTICKY;
goto writeerr;
}
if (*name == '\0')
{
*p = savechar;
continue;
}
name = denlstring(name, false, true);
/* output the name with nice formatting */
opos += strlen(name);
if (!firstone)
opos += 2;
if (opos > omax && !firstone)
{
(void) sm_strlcpy(obp, ",\n", SPACELEFT(obuf, obp));
if (!putxline(obuf, strlen(obuf), mci, putflags))
goto writeerr;
obp = obuf;
(void) sm_strlcpy(obp, " ", sizeof(obuf));
opos = strlen(obp);
obp += opos;
opos += strlen(name);
}
else if (!firstone)
{
(void) sm_strlcpy(obp, ", ", SPACELEFT(obuf, obp));
obp += 2;
}
while ((c = *name++) != '\0' && obp < &obuf[MAXLINE])
*obp++ = c;
firstone = false;
*p = savechar;
}
if (obp < &obuf[sizeof(obuf)])
*obp = '\0';
else
obuf[sizeof(obuf) - 1] = '\0';
return putxline(obuf, strlen(obuf), mci, putflags);
writeerr:
return false;
}
/*
** COPYHEADER -- copy header list
**
** This routine is the equivalent of newstr for header lists
**
** Parameters:
** header -- list of header structures to copy.
** rpool -- resource pool, or NULL
**
** Returns:
** a copy of 'header'.
**
** Side Effects:
** none.
*/
HDR *
copyheader(header, rpool)
register HDR *header;
SM_RPOOL_T *rpool;
{
register HDR *newhdr;
HDR *ret;
register HDR **tail = &ret;
while (header != NULL)
{
newhdr = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*newhdr));
STRUCTCOPY(*header, *newhdr);
*tail = newhdr;
tail = &newhdr->h_link;
header = header->h_link;
}
*tail = NULL;
return ret;
}
/*
** FIX_MIME_HEADER -- possibly truncate/rebalance parameters in a MIME header
**
** Run through all of the parameters of a MIME header and
** possibly truncate and rebalance the parameter according
** to MaxMimeFieldLength.
**
** Parameters:
** h -- the header to truncate/rebalance
** e -- the current envelope
**
** Returns:
** length of last offending field, 0 if all ok.
**
** Side Effects:
** string modified in place
*/
static size_t
fix_mime_header(h, e)
HDR *h;
ENVELOPE *e;
{
char *begin = h->h_value;
char *end;
size_t len = 0;
size_t retlen = 0;
if (begin == NULL || *begin == '\0')
return 0;
/* Split on each ';' */
/* find_character() never returns NULL */
while ((end = find_character(begin, ';')) != NULL)
{
char save = *end;
char *bp;
*end = '\0';
len = strlen(begin);
/* Shorten individual parameter */
if (shorten_rfc822_string(begin, MaxMimeFieldLength))
{
if (len < MaxMimeFieldLength)
{
/* we only rebalanced a bogus field */
sm_syslog(LOG_ALERT, e->e_id,
"Fixed MIME %s header field (possible attack)",
h->h_field);
if (tTd(34, 11))
sm_dprintf(" fixed MIME %s header field (possible attack)\n",
h->h_field);
}
else
{
/* we actually shortened the header */
retlen = len;
}
}
/* Collapse the possibly shortened string with rest */
bp = begin + strlen(begin);
if (bp != end)
{
char *ep = end;
*end = save;
end = bp;
/* copy character by character due to overlap */
while (*ep != '\0')
*bp++ = *ep++;
*bp = '\0';
}
else
*end = save;
if (*end == '\0')
break;
/* Move past ';' */
begin = end + 1;
}
return retlen;
}
diff --git a/src/macro.c b/src/macro.c
index cb7daf8cf690..83438563151b 100644
--- a/src/macro.c
+++ b/src/macro.c
@@ -1,730 +1,766 @@
/*
* Copyright (c) 1998-2001, 2003, 2006, 2007 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: macro.c,v 8.108 2013-11-22 20:51:55 ca Exp $")
#include <sm/sendmail.h>
#if MAXMACROID != (BITMAPBITS - 1)
ERROR Read the comment in conf.h
-#endif /* MAXMACROID != (BITMAPBITS - 1) */
+#endif
static char *MacroName[MAXMACROID + 1]; /* macro id to name table */
/*
** Codes for long named macros.
** See also macname():
* if not ASCII printable, look up the name *
if (n <= 0x20 || n > 0x7f)
** First use 1 to NEXTMACROID_L, then use NEXTMACROID_H to MAXMACROID.
*/
#define NEXTMACROID_L 037
#define NEXTMACROID_H 0240
#if _FFR_MORE_MACROS
/* table for next id in non-printable ASCII range: disallow some value */
static int NextMIdTable[] =
{
/* 0 nul */ 1,
/* 1 soh */ 2,
/* 2 stx */ 3,
/* 3 etx */ 4,
/* 4 eot */ 5,
/* 5 enq */ 6,
/* 6 ack */ 7,
/* 7 bel */ 8,
/* 8 bs */ 14,
/* 9 ht */ -1,
/* 10 nl */ -1,
/* 11 vt */ -1,
/* 12 np */ -1,
/* 13 cr */ -1,
/* 14 so */ 15,
/* 15 si */ 16,
/* 16 dle */ 17,
/* 17 dc1 */ 18,
/* 18 dc2 */ 19,
/* 19 dc3 */ 20,
/* 20 dc4 */ 21,
/* 21 nak */ 22,
/* 22 syn */ 23,
/* 23 etb */ 24,
/* 24 can */ 25,
/* 25 em */ 26,
/* 26 sub */ 27,
/* 27 esc */ 28,
/* 28 fs */ 29,
/* 29 gs */ 30,
/* 30 rs */ 31,
/* 31 us */ 32,
/* 32 sp */ -1,
};
#define NEXTMACROID(mid) ( \
(mid < NEXTMACROID_L) ? (NextMIdTable[mid]) : \
((mid < NEXTMACROID_H) ? NEXTMACROID_H : (mid + 1)))
int NextMacroId = 1; /* codes for long named macros */
/* see sendmail.h: Special characters in rewriting rules. */
#else /* _FFR_MORE_MACROS */
int NextMacroId = 0240; /* codes for long named macros */
#define NEXTMACROID(mid) ((mid) + 1)
#endif /* _FFR_MORE_MACROS */
/*
** INITMACROS -- initialize the macro system
**
** This just involves defining some macros that are actually
** used internally as metasymbols to be themselves.
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** initializes several macros to be themselves.
*/
struct metamac MetaMacros[] =
{
/* LHS pattern matching characters */
{ '*', MATCHZANY }, { '+', MATCHANY }, { '-', MATCHONE },
{ '=', MATCHCLASS }, { '~', MATCHNCLASS },
/* these are RHS metasymbols */
{ '#', CANONNET }, { '@', CANONHOST }, { ':', CANONUSER },
{ '>', CALLSUBR },
/* the conditional operations */
{ '?', CONDIF }, { '|', CONDELSE }, { '.', CONDFI },
/* the hostname lookup characters */
{ '[', HOSTBEGIN }, { ']', HOSTEND },
{ '(', LOOKUPBEGIN }, { ')', LOOKUPEND },
/* miscellaneous control characters */
{ '&', MACRODEXPAND },
{ '\0', '\0' }
};
#define MACBINDING(name, mid) \
stab(name, ST_MACRO, ST_ENTER)->s_macro = mid; \
MacroName[mid] = name;
void
initmacros(e)
ENVELOPE *e;
{
struct metamac *m;
int c;
char buf[5];
for (m = MetaMacros; m->metaname != '\0'; m++)
{
buf[0] = m->metaval;
buf[1] = '\0';
macdefine(&e->e_macro, A_TEMP, m->metaname, buf);
}
buf[0] = MATCHREPL;
buf[2] = '\0';
for (c = '0'; c <= '9'; c++)
{
buf[1] = c;
macdefine(&e->e_macro, A_TEMP, c, buf);
}
/* set defaults for some macros sendmail will use later */
macdefine(&e->e_macro, A_PERM, 'n', "MAILER-DAEMON");
/* set up external names for some internal macros */
MACBINDING("opMode", MID_OPMODE);
/*XXX should probably add equivalents for all short macros here XXX*/
}
/*
** EXPAND/DOEXPAND -- macro expand a string using $x escapes.
**
** After expansion, the expansion will be in external form (that is,
** there will be no sendmail metacharacters and METAQUOTEs will have
** been stripped out).
**
** Parameters:
** s -- the string to expand.
** buf -- the place to put the expansion.
** bufsize -- the size of the buffer.
** explevel -- the depth of expansion (doexpand only)
** e -- envelope in which to work.
**
** Returns:
** none.
**
** Side Effects:
** none.
*/
static void doexpand __P(( char *, char *, size_t, int, ENVELOPE *));
static void
doexpand(s, buf, bufsize, explevel, e)
char *s;
char *buf;
size_t bufsize;
int explevel;
ENVELOPE *e;
{
char *xp;
char *q;
bool skipping; /* set if conditionally skipping output */
bool recurse; /* set if recursion required */
size_t i;
int skiplev; /* skipping nesting level */
int iflev; /* if nesting level */
bool quotenext; /* quote the following character */
char xbuf[MACBUFSIZE];
if (tTd(35, 24))
{
sm_dprintf("expand(");
xputs(sm_debug_file(), s);
sm_dprintf(")\n");
}
recurse = false;
skipping = false;
skiplev = 0;
iflev = 0;
quotenext = false;
if (s == NULL)
s = "";
for (xp = xbuf; *s != '\0'; s++)
{
int c;
/*
** Check for non-ordinary (special?) character.
** 'q' will be the interpolated quantity.
*/
q = NULL;
c = *s & 0377;
if (quotenext)
{
quotenext = false;
goto simpleinterpolate;
}
switch (c)
{
case CONDIF: /* see if var set */
iflev++;
c = *++s & 0377;
if (skipping)
skiplev++;
else
{
char *mv;
mv = macvalue(c, e);
skipping = (mv == NULL || *mv == '\0');
}
continue;
case CONDELSE: /* change state of skipping */
if (iflev == 0)
break; /* XXX: error */
if (skiplev == 0)
skipping = !skipping;
continue;
case CONDFI: /* stop skipping */
if (iflev == 0)
break; /* XXX: error */
iflev--;
if (skiplev == 0)
skipping = false;
if (skipping)
skiplev--;
continue;
case MACROEXPAND: /* macro interpolation */
c = bitidx(*++s);
if (c != '\0')
q = macvalue(c, e);
else
{
s--;
q = NULL;
}
if (q == NULL)
continue;
break;
case METAQUOTE:
/* next octet completely quoted */
quotenext = true;
break;
}
/*
** Interpolate q or output one character
*/
simpleinterpolate:
if (skipping || xp >= &xbuf[sizeof(xbuf) - 1])
continue;
if (q == NULL)
*xp++ = c;
else
{
/* copy to end of q or max space remaining in buf */
bool hiderecurse = false;
while ((c = *q++) != '\0' &&
xp < &xbuf[sizeof(xbuf) - 1])
{
/* check for any sendmail metacharacters */
if (!hiderecurse && (c & 0340) == 0200)
recurse = true;
*xp++ = c;
/* give quoted characters a free ride */
hiderecurse = (c & 0377) == METAQUOTE;
}
}
}
*xp = '\0';
if (tTd(35, 28))
{
sm_dprintf("expand(%d) ==> ", explevel);
xputs(sm_debug_file(), xbuf);
sm_dprintf("\n");
}
/* recurse as appropriate */
if (recurse)
{
if (explevel < MaxMacroRecursion)
{
doexpand(xbuf, buf, bufsize, explevel + 1, e);
return;
}
syserr("expand: recursion too deep (%d max)",
MaxMacroRecursion);
}
/* copy results out */
if (explevel == 0)
(void) sm_strlcpy(buf, xbuf, bufsize);
else
{
/* leave in internal form */
i = xp - xbuf;
if (i >= bufsize)
i = bufsize - 1;
memmove(buf, xbuf, i);
buf[i] = '\0';
}
if (tTd(35, 24))
{
sm_dprintf("expand ==> ");
xputs(sm_debug_file(), buf);
sm_dprintf("\n");
}
}
void
expand(s, buf, bufsize, e)
char *s;
char *buf;
size_t bufsize;
ENVELOPE *e;
{
doexpand(s, buf, bufsize, 0, e);
}
+/*
+** MACTABCLEAR -- clear entire macro table
+**
+** Parameters:
+** mac -- Macro table.
+**
+** Returns:
+** none.
+**
+** Side Effects:
+** clears entire mac structure including rpool pointer!
+*/
+
+void
+mactabclear(mac)
+ MACROS_T *mac;
+{
+ int i;
+
+ if (mac->mac_rpool == NULL)
+ {
+ for (i = 0; i < MAXMACROID; i++)
+ SM_FREE(mac->mac_table[i]);
+ }
+ memset((char *) mac, '\0', sizeof(*mac));
+}
+
/*
** MACDEFINE -- bind a macro name to a value
**
** Set a macro to a value, with fancy storage management.
** macdefine will make a copy of the value, if required,
** and will ensure that the storage for the previous value
** is not leaked.
**
** Parameters:
** mac -- Macro table.
** vclass -- storage class of 'value', ignored if value==NULL.
** A_HEAP means that the value was allocated by
** malloc, and that macdefine owns the storage.
** A_TEMP means that value points to temporary storage,
** and thus macdefine needs to make a copy.
** A_PERM means that value points to storage that
** will remain allocated and unchanged for
** at least the lifetime of mac. Use A_PERM if:
** -- value == NULL,
** -- value points to a string literal,
** -- value was allocated from mac->mac_rpool
** or (in the case of an envelope macro)
** from e->e_rpool,
** -- in the case of an envelope macro,
** value is a string member of the envelope
** such as e->e_sender.
** id -- Macro id. This is a single character macro name
** such as 'g', or a value returned by macid().
** value -- Macro value: either NULL, or a string.
*/
void
#if SM_HEAP_CHECK
macdefine_tagged(mac, vclass, id, value, file, line, grp)
#else /* SM_HEAP_CHECK */
macdefine(mac, vclass, id, value)
#endif /* SM_HEAP_CHECK */
MACROS_T *mac;
ARGCLASS_T vclass;
int id;
char *value;
#if SM_HEAP_CHECK
char *file;
int line;
int grp;
#endif /* SM_HEAP_CHECK */
{
char *newvalue;
if (id < 0 || id > MAXMACROID)
return;
if (tTd(35, 9))
{
sm_dprintf("%sdefine(%s as ",
mac->mac_table[id] == NULL ? "" : "re", macname(id));
xputs(sm_debug_file(), value);
sm_dprintf(")\n");
}
if (mac->mac_rpool == NULL)
{
char *freeit = NULL;
if (mac->mac_table[id] != NULL &&
bitnset(id, mac->mac_allocated))
freeit = mac->mac_table[id];
if (value == NULL || vclass == A_HEAP)
{
sm_heap_checkptr_tagged(value, file, line);
newvalue = value;
clrbitn(id, mac->mac_allocated);
}
else
{
#if SM_HEAP_CHECK
newvalue = sm_strdup_tagged_x(value, file, line, 0);
-#else /* SM_HEAP_CHECK */
+#else
newvalue = sm_strdup_x(value);
-#endif /* SM_HEAP_CHECK */
+#endif
setbitn(id, mac->mac_allocated);
}
mac->mac_table[id] = newvalue;
if (freeit != NULL)
sm_free(freeit);
}
else
{
if (value == NULL || vclass == A_PERM)
newvalue = value;
else
newvalue = sm_rpool_strdup_x(mac->mac_rpool, value);
mac->mac_table[id] = newvalue;
if (vclass == A_HEAP)
sm_free(value);
}
#if _FFR_RESET_MACRO_GLOBALS
switch (id)
{
case 'j':
PSTRSET(MyHostName, value);
break;
}
#endif /* _FFR_RESET_MACRO_GLOBALS */
}
/*
** MACSET -- set a named macro to a value (low level)
**
** No fancy storage management; the caller takes full responsibility.
** Often used with macget; see also macdefine.
**
** Parameters:
** mac -- Macro table.
** i -- Macro name, specified as an integer offset.
** value -- Macro value: either NULL, or a string.
*/
void
macset(mac, i, value)
MACROS_T *mac;
int i;
char *value;
{
if (i < 0 || i > MAXMACROID)
return;
if (tTd(35, 9))
{
sm_dprintf("macset(%s as ", macname(i));
xputs(sm_debug_file(), value);
sm_dprintf(")\n");
}
mac->mac_table[i] = value;
}
/*
** MACVALUE -- return uninterpreted value of a macro.
**
** Does fancy path searching.
** The low level counterpart is macget.
**
** Parameters:
** n -- the name of the macro.
** e -- envelope in which to start looking for the macro.
**
** Returns:
** The value of n.
**
** Side Effects:
** none.
*/
char *
macvalue(n, e)
int n;
ENVELOPE *e;
{
n = bitidx(n);
if (e != NULL && e->e_mci != NULL)
{
char *p = e->e_mci->mci_macro.mac_table[n];
if (p != NULL)
return p;
}
while (e != NULL)
{
char *p = e->e_macro.mac_table[n];
if (p != NULL)
return p;
if (e == e->e_parent)
break;
e = e->e_parent;
}
+#if _FFR_BLANKENV_MACV
+ if (LOOKUP_MACRO_IN_BLANKENV && e != &BlankEnvelope)
+ {
+ char *p = BlankEnvelope.e_macro.mac_table[n];
+
+ if (p != NULL)
+ return p;
+ }
+#endif
return GlobalMacros.mac_table[n];
}
/*
** MACNAME -- return the name of a macro given its internal id
**
** Parameter:
** n -- the id of the macro
**
** Returns:
** The name of n.
**
** Side Effects:
** none.
**
** WARNING:
** Not thread-safe.
*/
char *
macname(n)
int n;
{
static char mbuf[2];
n = (int)(unsigned char)n;
if (n > MAXMACROID)
return "***OUT OF RANGE MACRO***";
/* if not ASCII printable, look up the name */
if (n <= 0x20 || n > 0x7f)
{
char *p = MacroName[n];
if (p != NULL)
return p;
return "***UNDEFINED MACRO***";
}
/* if in the ASCII graphic range, just return the id directly */
mbuf[0] = n;
mbuf[1] = '\0';
return mbuf;
}
/*
** MACID_PARSE -- return id of macro identified by its name
**
** Parameters:
** p -- pointer to name string -- either a single
** character or {name}.
** ep -- filled in with the pointer to the byte
** after the name.
**
** Returns:
** 0 -- An error was detected.
** 1..MAXMACROID -- The internal id code for this macro.
**
** Side Effects:
** If this is a new macro name, a new id is allocated.
** On error, syserr is called.
*/
int
macid_parse(p, ep)
char *p;
char **ep;
{
int mid;
char *bp;
char mbuf[MAXMACNAMELEN + 1];
if (tTd(35, 14))
{
sm_dprintf("macid(");
xputs(sm_debug_file(), p);
sm_dprintf(") => ");
}
if (*p == '\0' || (p[0] == '{' && p[1] == '}'))
{
syserr("Name required for macro/class");
if (ep != NULL)
*ep = p;
if (tTd(35, 14))
sm_dprintf("NULL\n");
return 0;
}
if (*p != '{')
{
/* the macro is its own code */
if (ep != NULL)
*ep = p + 1;
if (tTd(35, 14))
{
char buf[2];
buf[0] = *p;
buf[1] = '\0';
xputs(sm_debug_file(), buf);
sm_dprintf("\n");
}
return bitidx(*p);
}
bp = mbuf;
while (*++p != '\0' && *p != '}' && bp < &mbuf[sizeof(mbuf) - 1])
{
if (isascii(*p) && (isalnum(*p) || *p == '_'))
*bp++ = *p;
else
syserr("Invalid macro/class character %c", *p);
}
*bp = '\0';
mid = -1;
if (*p == '\0')
{
syserr("Unbalanced { on %s", mbuf); /* missing } */
}
else if (*p != '}')
{
syserr("Macro/class name ({%s}) too long (%d chars max)",
mbuf, (int) (sizeof(mbuf) - 1));
}
else if (mbuf[1] == '\0' && mbuf[0] >= 0x20)
{
/* ${x} == $x */
mid = bitidx(mbuf[0]);
p++;
}
else
{
STAB *s;
s = stab(mbuf, ST_MACRO, ST_ENTER);
if (s->s_macro != 0)
mid = s->s_macro;
else
{
if (NextMacroId > MAXMACROID)
{
syserr("Macro/class {%s}: too many long names",
mbuf);
s->s_macro = -1;
}
else
{
MacroName[NextMacroId] = s->s_name;
s->s_macro = mid = NextMacroId;
NextMacroId = NEXTMACROID(NextMacroId);
}
}
p++;
}
if (ep != NULL)
*ep = p;
if (mid < 0 || mid > MAXMACROID)
{
syserr("Unable to assign macro/class ID (mid = 0x%x)", mid);
if (tTd(35, 14))
sm_dprintf("NULL\n");
return 0;
}
if (tTd(35, 14))
sm_dprintf("0x%x\n", mid);
return mid;
}
/*
** WORDINCLASS -- tell if a word is in a specific class
**
** Parameters:
** str -- the name of the word to look up.
** cl -- the class name.
**
** Returns:
** true if str can be found in cl.
** false otherwise.
*/
bool
wordinclass(str, cl)
char *str;
int cl;
{
STAB *s;
s = stab(str, ST_CLASS, ST_FIND);
return s != NULL && bitnset(bitidx(cl), s->s_class);
}
diff --git a/src/mailq.0 b/src/mailq.0
index 950796c15aa9..4e0c5a6d4317 100644
--- a/src/mailq.0
+++ b/src/mailq.0
@@ -1,81 +1,81 @@
MAILQ(1) MAILQ(1)
-NNAAMMEE
+NAME
mailq - print the mail queue
-SSYYNNOOPPSSIISS
- mmaaiillqq [--AAcc] [--qq......] [--vv]
+SYNOPSIS
+ mailq [-Ac] [-q...] [-v]
-DDEESSCCRRIIPPTTIIOONN
- MMaaiillqq prints a summary of the mail messages queued for future delivery.
+DESCRIPTION
+ Mailq prints a summary of the mail messages queued for future delivery.
The first line printed for each message shows the internal identifier
used on this host for the message with a possible status character, the
size of the message in bytes, the date and time the message was
accepted into the queue, and the envelope sender of the message. The
second line shows the error message that caused this message to be
retained in the queue; it will not be present if the message is being
- processed for the first time. The status characters are either ** to
- indicate the job is being processed; XX to indicate that the load is too
- high to process the job; and -- to indicate that the job is too young to
+ processed for the first time. The status characters are either * to
+ indicate the job is being processed; X to indicate that the load is too
+ high to process the job; and - to indicate that the job is too young to
process. The following lines show message recipients, one per line.
- MMaaiillqq is identical to ``sendmail -bp''.
+ Mailq is identical to ``sendmail -bp''.
The relevant options are as follows:
- --AAcc Show the mail submission queue specified in _/_e_t_c_/_m_a_i_l_/_s_u_b_m_i_t_._c_f
- instead of the MTA queue specified in _/_e_t_c_/_m_a_i_l_/_s_e_n_d_m_a_i_l_._c_f.
+ -Ac Show the mail submission queue specified in /etc/mail/submit.cf
+ instead of the MTA queue specified in /etc/mail/sendmail.cf.
- --qqLL Show the "lost" items in the mail queue instead of the normal
+ -qL Show the "lost" items in the mail queue instead of the normal
queue items.
- --qqQQ Show the quarantined items in the mail queue instead of the nor-
+ -qQ Show the quarantined items in the mail queue instead of the nor-
mal queue items.
- --qq[_!]I substr
- Limit processed jobs to those containing _s_u_b_s_t_r as a substring
- of the queue id or not when _! is specified.
+ -q[!]I substr
+ Limit processed jobs to those containing substr as a substring
+ of the queue id or not when ! is specified.
- --qq[_!]Q substr
- Limit processed jobs to quarantined jobs containing _s_u_b_s_t_r as a
- substring of the quarantine reason or not when _! is specified.
+ -q[!]Q substr
+ Limit processed jobs to quarantined jobs containing substr as a
+ substring of the quarantine reason or not when ! is specified.
- --qq[_!]R substr
- Limit processed jobs to those containing _s_u_b_s_t_r as a substring
- of one of the recipients or not when _! is specified.
+ -q[!]R substr
+ Limit processed jobs to those containing substr as a substring
+ of one of the recipients or not when ! is specified.
- --qq[_!]S substr
- Limit processed jobs to those containing _s_u_b_s_t_r as a substring
- of the sender or not when _! is specified.
+ -q[!]S substr
+ Limit processed jobs to those containing substr as a substring
+ of the sender or not when ! is specified.
- --vv Print verbose information. This adds the priority of the mes-
+ -v Print verbose information. This adds the priority of the mes-
sage and a single character indicator (``+'' or blank) indicat-
ing whether a warning message has been sent on the first line of
the message. Additionally, extra lines may be intermixed with
the recipients indicating the ``controlling user'' information;
this shows who will own any programs that are executed on behalf
of this message and the name of the alias this command expanded
from, if any. Moreover, status messages for each recipient are
printed if available.
- Several sendmail.cf options influence the behavior of the mmaaiillqq util-
+ Several sendmail.cf options influence the behavior of the mailq util-
ity: The number of items printed per queue group is restricted by
- MMaaxxQQuueeuueeRRuunnSSiizzee if that value is set. The status character ** is not
- printed for some values of QQuueeuueeSSoorrttOOrrddeerr,, e.g., filename, random, mod-
- ification, and none, unless a --qq option is used to limit the processed
+ MaxQueueRunSize if that value is set. The status character * is not
+ printed for some values of QueueSortOrder, e.g., filename, random, mod-
+ ification, and none, unless a -q option is used to limit the processed
jobs.
- The mmaaiillqq utility exits 0 on success, and >0 if an error occurs.
+ The mailq utility exits 0 on success, and >0 if an error occurs.
-SSEEEE AALLSSOO
+SEE ALSO
sendmail(8)
-HHIISSTTOORRYY
- The mmaaiillqq command appeared in 4.0BSD.
+HISTORY
+ The mailq command appeared in 4.0BSD.
$Date: 2013-11-22 20:51:55 $ MAILQ(1)
diff --git a/src/main.c b/src/main.c
index 38eebbfe2945..a79733448039 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1,4644 +1,4732 @@
/*
* Copyright (c) 1998-2006, 2008, 2009, 2011 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#define _DEFINE
#include <sendmail.h>
#include <sm/sendmail.h>
#include <sm/xtrap.h>
#include <sm/signal.h>
+#include <tls.h>
#ifndef lint
SM_UNUSED(static char copyright[]) =
"@(#) Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.\n\
All rights reserved.\n\
Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.\n\
Copyright (c) 1988, 1993\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* ! lint */
SM_RCSID("@(#)$Id: main.c,v 8.988 2013-11-23 02:52:37 gshapiro Exp $")
#if NETINET || NETINET6
# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
+# if DANE
+# include "sm_resolve.h"
+# endif
+#endif
/* for getcfname() */
#include <sendmail/pathnames.h>
+#include <ratectrl.h>
static SM_DEBUG_T
DebugNoPRestart = SM_DEBUG_INITIALIZER("no_persistent_restart",
"@(#)$Debug: no_persistent_restart - don't restart, log only $");
static void dump_class __P((STAB *, int));
static void obsolete __P((char **));
static void testmodeline __P((char *, ENVELOPE *));
static char *getextenv __P((const char *));
static void sm_printoptions __P((char **));
static SIGFUNC_DECL intindebug __P((int));
static SIGFUNC_DECL sighup __P((int));
static SIGFUNC_DECL sigpipe __P((int));
static SIGFUNC_DECL sigterm __P((int));
#ifdef SIGUSR1
static SIGFUNC_DECL sigusr1 __P((int));
-#endif /* SIGUSR1 */
+#endif
/*
** SENDMAIL -- Post mail to a set of destinations.
**
** This is the basic mail router. All user mail programs should
** call this routine to actually deliver mail. Sendmail in
** turn calls a bunch of mail servers that do the real work of
** delivering the mail.
**
** Sendmail is driven by settings read in from /etc/mail/sendmail.cf
** (read by readcf.c).
**
** Usage:
** /usr/lib/sendmail [flags] addr ...
**
** See the associated documentation for details.
**
** Authors:
** Eric Allman, UCB/INGRES (until 10/81).
** Britton-Lee, Inc., purveyors of fine
** database computers (11/81 - 10/88).
** International Computer Science Institute
** (11/88 - 9/89).
** UCB/Mammoth Project (10/89 - 7/95).
** InReference, Inc. (8/95 - 1/97).
** Sendmail, Inc. (1/98 - 9/13).
** The support of my employers is gratefully acknowledged.
** Few of them (Britton-Lee in particular) have had
** anything to gain from my involvement in this project.
**
** Gregory Neil Shapiro,
** Worcester Polytechnic Institute (until 3/98).
** Sendmail, Inc. (3/98 - 10/13).
** Proofpoint, Inc. (10/13 - present).
**
** Claus Assmann,
** Sendmail, Inc. (12/98 - 10/13).
** Proofpoint, Inc. (10/13 - present).
*/
char *FullName; /* sender's full name */
ENVELOPE BlankEnvelope; /* a "blank" envelope */
static ENVELOPE MainEnvelope; /* the envelope around the basic letter */
ADDRESS NullAddress = /* a null address */
{ "", "", NULL, "" };
char *CommandLineArgs; /* command line args for pid file */
bool Warn_Q_option = false; /* warn about Q option use */
static int MissingFds = 0; /* bit map of fds missing on startup */
char *Mbdb = "pw"; /* mailbox database defaults to /etc/passwd */
#ifdef NGROUPS_MAX
GIDSET_T InitialGidSet[NGROUPS_MAX];
-#endif /* NGROUPS_MAX */
+#endif
#define MAXCONFIGLEVEL 10 /* highest config version level known */
#if SASL
static sasl_callback_t srvcallbacks[] =
{
{ SASL_CB_VERIFYFILE, (sasl_callback_ft)&safesaslfile, NULL },
{ SASL_CB_PROXY_POLICY, (sasl_callback_ft)&proxy_policy, NULL },
{ SASL_CB_LIST_END, NULL, NULL }
};
#endif /* SASL */
unsigned int SubmitMode;
int SyslogPrefixLen; /* estimated length of syslog prefix */
#define PIDLEN 6 /* pid length for computing SyslogPrefixLen */
#ifndef SL_FUDGE
# define SL_FUDGE 10 /* fudge offset for SyslogPrefixLen */
-#endif /* ! SL_FUDGE */
+#endif
#define SLDLL 8 /* est. length of default syslog label */
/* Some options are dangerous to allow users to use in non-submit mode */
#define CHECK_AGAINST_OPMODE(cmd) \
{ \
if (extraprivs && \
OpMode != MD_DELIVER && OpMode != MD_SMTP && \
OpMode != MD_ARPAFTP && OpMode != MD_CHECKCONFIG && \
OpMode != MD_VERIFY && OpMode != MD_TEST) \
{ \
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, \
"WARNING: Ignoring submission mode -%c option (not in submission mode)\n", \
(cmd)); \
break; \
} \
if (extraprivs && queuerun) \
{ \
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, \
"WARNING: Ignoring submission mode -%c option with -q\n", \
(cmd)); \
break; \
} \
}
int
main(argc, argv, envp)
int argc;
char **argv;
char **envp;
{
register char *p;
char **av;
extern char Version[];
char *ep, *from;
STAB *st;
register int i;
int j;
int dp;
int fill_errno;
int qgrp = NOQGRP; /* queue group to process */
bool safecf = true;
BITMAP256 *p_flags = NULL; /* daemon flags */
bool warn_C_flag = false;
bool auth = true; /* whether to set e_auth_param */
char warn_f_flag = '\0';
bool run_in_foreground = false; /* -bD mode */
bool queuerun = false, debug = false;
struct passwd *pw;
struct hostent *hp;
char *nullserver = NULL;
char *authinfo = NULL;
char *sysloglabel = NULL; /* label for syslog */
char *conffile = NULL; /* name of .cf file */
char *queuegroup = NULL; /* queue group to process */
char *quarantining = NULL; /* quarantine queue items? */
bool extraprivs;
bool forged, negate;
bool queuepersistent = false; /* queue runner process runs forever */
bool foregroundqueue = false; /* queue run in foreground */
bool save_val; /* to save some bool var. */
int cftype; /* which cf file to use? */
SM_FILE_T *smdebug;
static time_t starttime = 0; /* when was process started */
struct stat traf_st; /* for TrafficLog FIFO check */
char buf[MAXLINE];
char jbuf[MAXHOSTNAMELEN]; /* holds MyHostName */
static char rnamebuf[MAXNAME]; /* holds RealUserName */
char *emptyenviron[1];
#if STARTTLS
bool tls_ok;
-#endif /* STARTTLS */
+#endif
QUEUE_CHAR *new;
ENVELOPE *e;
extern int DtableSize;
extern int optind;
extern int opterr;
extern char *optarg;
extern char **environ;
#if SASL
extern void sm_sasl_init __P((void));
-#endif /* SASL */
+#endif
#if USE_ENVIRON
envp = environ;
-#endif /* USE_ENVIRON */
+#endif
/* turn off profiling */
SM_PROF(0);
/* install default exception handler */
sm_exc_newthread(fatal_error);
/* set the default in/out channel so errors reported to screen */
InChannel = smioin;
OutChannel = smioout;
/*
** Check to see if we reentered.
** This would normally happen if e_putheader or e_putbody
** were NULL when invoked.
*/
if (starttime != 0)
{
syserr("main: reentered!");
abort();
}
starttime = curtime();
/* avoid null pointer dereferences */
TermEscape.te_rv_on = TermEscape.te_under_on = TermEscape.te_normal = "";
RealUid = getuid();
RealGid = getgid();
/* Check if sendmail is running with extra privs */
extraprivs = (RealUid != 0 &&
(geteuid() != getuid() || getegid() != getgid()));
CurrentPid = getpid();
/* get whatever .cf file is right for the opmode */
cftype = SM_GET_RIGHT_CF;
/* in 4.4BSD, the table can be huge; impose a reasonable limit */
DtableSize = getdtsize();
if (DtableSize > 256)
DtableSize = 256;
/*
** Be sure we have enough file descriptors.
** But also be sure that 0, 1, & 2 are open.
*/
/* reset errno and fill_errno; the latter is used way down below */
errno = fill_errno = 0;
fill_fd(STDIN_FILENO, NULL);
if (errno != 0)
fill_errno = errno;
fill_fd(STDOUT_FILENO, NULL);
if (errno != 0)
fill_errno = errno;
fill_fd(STDERR_FILENO, NULL);
if (errno != 0)
fill_errno = errno;
sm_closefrom(STDERR_FILENO + 1, DtableSize);
errno = 0;
smdebug = NULL;
#if LOG
# ifndef SM_LOG_STR
# define SM_LOG_STR "sendmail"
-# endif /* ! SM_LOG_STR */
-# ifdef LOG_MAIL
+# endif
+# ifdef LOG_MAIL
openlog(SM_LOG_STR, LOG_PID, LOG_MAIL);
-# else /* LOG_MAIL */
+# else
openlog(SM_LOG_STR, LOG_PID);
-# endif /* LOG_MAIL */
+# endif
#endif /* LOG */
/*
** Seed the random number generator.
** Used for queue file names, picking a queue directory, and
** MX randomization.
*/
seed_random();
/* do machine-dependent initializations */
init_md(argc, argv);
SyslogPrefixLen = PIDLEN + (MAXQFNAME - 3) + SL_FUDGE + SLDLL;
/* reset status from syserr() calls for missing file descriptors */
Errors = 0;
ExitStat = EX_OK;
SubmitMode = SUBMIT_UNKNOWN;
#if _FFR_LOCAL_DAEMON
LocalDaemon = false;
# if NETINET6
V6LoopbackAddrFound = false;
-# endif /* NETINET6 */
-#endif /* _FFR_LOCAL_DAEMON */
+# endif
+#endif
#if XDEBUG
checkfd012("after openlog");
-#endif /* XDEBUG */
+#endif
tTsetup(tTdvect, sizeof(tTdvect), "0-99.1,*_trace_*.1");
#ifdef NGROUPS_MAX
/* save initial group set for future checks */
i = getgroups(NGROUPS_MAX, InitialGidSet);
if (i <= 0)
{
InitialGidSet[0] = (GID_T) -1;
i = 0;
}
while (i < NGROUPS_MAX)
InitialGidSet[i++] = InitialGidSet[0];
#endif /* NGROUPS_MAX */
/* drop group id privileges (RunAsUser not yet set) */
dp = drop_privileges(false);
setstat(dp);
#ifdef SIGUSR1
/* Only allow root (or non-set-*-ID binaries) to use SIGUSR1 */
if (!extraprivs)
{
/* arrange to dump state on user-1 signal */
(void) sm_signal(SIGUSR1, sigusr1);
}
else
{
/* ignore user-1 signal */
(void) sm_signal(SIGUSR1, SIG_IGN);
}
#endif /* SIGUSR1 */
/* initialize for setproctitle */
initsetproctitle(argc, argv, envp);
/* Handle any non-getoptable constructions. */
obsolete(argv);
/*
** Do a quick prescan of the argument list.
*/
/* find initial opMode */
OpMode = MD_DELIVER;
av = argv;
p = strrchr(*av, '/');
if (p++ == NULL)
p = *av;
if (strcmp(p, "newaliases") == 0)
OpMode = MD_INITALIAS;
else if (strcmp(p, "mailq") == 0)
OpMode = MD_PRINT;
else if (strcmp(p, "smtpd") == 0)
OpMode = MD_DAEMON;
else if (strcmp(p, "hoststat") == 0)
OpMode = MD_HOSTSTAT;
else if (strcmp(p, "purgestat") == 0)
OpMode = MD_PURGESTAT;
#if defined(__osf__) || defined(_AIX3)
# define OPTIONS "A:B:b:C:cD:d:e:F:f:Gh:IiL:M:mN:nO:o:p:Q:q:R:r:sTtV:vX:x"
#endif /* defined(__osf__) || defined(_AIX3) */
#if defined(sony_news)
# define OPTIONS "A:B:b:C:cD:d:E:e:F:f:Gh:IiJ:L:M:mN:nO:o:p:Q:q:R:r:sTtV:vX:"
#endif /* defined(sony_news) */
#ifndef OPTIONS
# define OPTIONS "A:B:b:C:cD:d:e:F:f:Gh:IiL:M:mN:nO:o:p:Q:q:R:r:sTtV:vX:"
-#endif /* ! OPTIONS */
+#endif
/* Set to 0 to allow -b; need to check optarg before using it! */
opterr = 0;
while ((j = getopt(argc, argv, OPTIONS)) != -1)
{
switch (j)
{
case 'b': /* operations mode */
j = (optarg == NULL) ? ' ' : *optarg;
switch (j)
{
case MD_DAEMON:
case MD_FGDAEMON:
case MD_SMTP:
case MD_INITALIAS:
case MD_DELIVER:
case MD_VERIFY:
case MD_TEST:
case MD_PRINT:
case MD_PRINTNQE:
case MD_HOSTSTAT:
case MD_PURGESTAT:
case MD_ARPAFTP:
case MD_CHECKCONFIG:
OpMode = j;
break;
#if _FFR_LOCAL_DAEMON
case MD_LOCAL:
OpMode = MD_DAEMON;
LocalDaemon = true;
break;
#endif /* _FFR_LOCAL_DAEMON */
case MD_FREEZE:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Frozen configurations unsupported\n");
return EX_USAGE;
default:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Invalid operation mode %c\n",
j);
return EX_USAGE;
}
break;
case 'D':
if (debug)
{
errno = 0;
syserr("-D file must be before -d");
ExitStat = EX_USAGE;
break;
}
dp = drop_privileges(true);
setstat(dp);
smdebug = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
optarg, SM_IO_APPEND, NULL);
if (smdebug == NULL)
{
syserr("cannot open %s", optarg);
ExitStat = EX_CANTCREAT;
break;
}
sm_debug_setfile(smdebug);
break;
case 'd':
debug = true;
tTflag(optarg);
(void) sm_io_setvbuf(sm_debug_file(), SM_TIME_DEFAULT,
(char *) NULL, SM_IO_NBF,
SM_IO_BUFSIZ);
break;
case 'G': /* relay (gateway) submission */
SubmitMode = SUBMIT_MTA;
break;
case 'L':
if (optarg == NULL)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"option requires an argument -- '%c'",
(char) j);
return EX_USAGE;
}
j = SM_MIN(strlen(optarg), 32) + 1;
sysloglabel = xalloc(j);
(void) sm_strlcpy(sysloglabel, optarg, j);
SyslogPrefixLen = PIDLEN + (MAXQFNAME - 3) +
SL_FUDGE + j;
break;
case 'Q':
case 'q':
/* just check if it is there */
queuerun = true;
break;
}
}
opterr = 1;
/* Don't leak queue information via debug flags */
if (extraprivs && queuerun && debug)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"WARNING: Can not use -d with -q. Disabling debugging.\n");
sm_debug_close();
sm_debug_setfile(NULL);
(void) memset(tTdvect, '\0', sizeof(tTdvect));
}
#if LOG
if (sysloglabel != NULL)
{
/* Sanitize the string */
for (p = sysloglabel; *p != '\0'; p++)
{
if (!isascii(*p) || !isprint(*p) || *p == '%')
*p = '*';
}
closelog();
-# ifdef LOG_MAIL
+# ifdef LOG_MAIL
openlog(sysloglabel, LOG_PID, LOG_MAIL);
-# else /* LOG_MAIL */
+# else
openlog(sysloglabel, LOG_PID);
-# endif /* LOG_MAIL */
+# endif
}
#endif /* LOG */
/* set up the blank envelope */
BlankEnvelope.e_puthdr = putheader;
BlankEnvelope.e_putbody = putbody;
BlankEnvelope.e_xfp = NULL;
STRUCTCOPY(NullAddress, BlankEnvelope.e_from);
CurEnv = &BlankEnvelope;
STRUCTCOPY(NullAddress, MainEnvelope.e_from);
/*
** Set default values for variables.
** These cannot be in initialized data space.
*/
setdefaults(&BlankEnvelope);
initmacros(&BlankEnvelope);
/* reset macro */
set_op_mode(OpMode);
if (OpMode == MD_DAEMON)
DaemonPid = CurrentPid; /* needed for finis() to work */
pw = sm_getpwuid(RealUid);
if (pw != NULL)
(void) sm_strlcpy(rnamebuf, pw->pw_name, sizeof(rnamebuf));
else
(void) sm_snprintf(rnamebuf, sizeof(rnamebuf), "Unknown UID %d",
(int) RealUid);
RealUserName = rnamebuf;
if (tTd(0, 101))
{
sm_dprintf("Version %s\n", Version);
finis(false, true, EX_OK);
/* NOTREACHED */
}
/*
** if running non-set-user-ID binary as non-root, pretend
** we are the RunAsUid
*/
if (RealUid != 0 && geteuid() == RealUid)
{
if (tTd(47, 1))
sm_dprintf("Non-set-user-ID binary: RunAsUid = RealUid = %d\n",
(int) RealUid);
RunAsUid = RealUid;
}
else if (geteuid() != 0)
RunAsUid = geteuid();
EffGid = getegid();
if (RealUid != 0 && EffGid == RealGid)
RunAsGid = RealGid;
if (tTd(47, 5))
{
sm_dprintf("main: e/ruid = %d/%d e/rgid = %d/%d\n",
(int) geteuid(), (int) getuid(),
(int) getegid(), (int) getgid());
sm_dprintf("main: RunAsUser = %d:%d\n",
(int) RunAsUid, (int) RunAsGid);
}
/* save command line arguments */
j = 0;
for (av = argv; *av != NULL; )
j += strlen(*av++) + 1;
SaveArgv = (char **) xalloc(sizeof(char *) * (argc + 1));
CommandLineArgs = xalloc(j);
p = CommandLineArgs;
for (av = argv, i = 0; *av != NULL; )
{
int h;
SaveArgv[i++] = newstr(*av);
if (av != argv)
*p++ = ' ';
(void) sm_strlcpy(p, *av++, j);
h = strlen(p);
p += h;
j -= h + 1;
}
SaveArgv[i] = NULL;
if (tTd(0, 1))
{
extern char *CompileOptions[];
sm_dprintf("Version %s\n Compiled with:", Version);
sm_printoptions(CompileOptions);
}
if (tTd(0, 10))
{
extern char *OsCompileOptions[];
sm_dprintf(" OS Defines:");
sm_printoptions(OsCompileOptions);
#ifdef _PATH_UNIX
sm_dprintf("Kernel symbols:\t%s\n", _PATH_UNIX);
-#endif /* _PATH_UNIX */
+#endif
sm_dprintf(" Conf file:\t%s (default for MSP)\n",
getcfname(OpMode, SubmitMode, SM_GET_SUBMIT_CF,
conffile));
sm_dprintf(" Conf file:\t%s (default for MTA)\n",
getcfname(OpMode, SubmitMode, SM_GET_SENDMAIL_CF,
conffile));
sm_dprintf(" Pid file:\t%s (default)\n", PidFile);
}
if (tTd(0, 12))
{
extern char *SmCompileOptions[];
sm_dprintf(" libsm Defines:");
sm_printoptions(SmCompileOptions);
}
if (tTd(0, 13))
{
extern char *FFRCompileOptions[];
sm_dprintf(" FFR Defines:");
sm_printoptions(FFRCompileOptions);
}
#if STARTTLS
if (tTd(0, 14))
{
/* exit(EX_CONFIG) if different? */
sm_dprintf(" OpenSSL: compiled 0x%08x\n",
(uint) OPENSSL_VERSION_NUMBER);
sm_dprintf(" OpenSSL: linked 0x%08x\n",
- (uint) SSLeay());
+ (uint) TLS_version_num());
}
#endif /* STARTTLS */
/* clear sendmail's environment */
ExternalEnviron = environ;
emptyenviron[0] = NULL;
environ = emptyenviron;
/*
** restore any original TZ setting until TimeZoneSpec has been
** determined - or early log messages may get bogus time stamps
*/
if ((p = getextenv("TZ")) != NULL)
{
char *tz;
int tzlen;
/* XXX check for reasonable length? */
tzlen = strlen(p) + 4;
tz = xalloc(tzlen);
(void) sm_strlcpyn(tz, tzlen, 2, "TZ=", p);
/* XXX check return code? */
(void) putenv(tz);
}
/* prime the child environment */
sm_setuserenv("AGENT", "sendmail");
(void) sm_signal(SIGPIPE, SIG_IGN);
OldUmask = umask(022);
FullName = getextenv("NAME");
if (FullName != NULL)
FullName = newstr(FullName);
/*
** Initialize name server if it is going to be used.
*/
#if NAMED_BIND
if (!bitset(RES_INIT, _res.options))
(void) res_init();
if (tTd(8, 8))
_res.options |= RES_DEBUG;
else
_res.options &= ~RES_DEBUG;
# ifdef RES_NOALIASES
_res.options |= RES_NOALIASES;
-# endif /* RES_NOALIASES */
+# endif
TimeOuts.res_retry[RES_TO_DEFAULT] = _res.retry;
TimeOuts.res_retry[RES_TO_FIRST] = _res.retry;
TimeOuts.res_retry[RES_TO_NORMAL] = _res.retry;
TimeOuts.res_retrans[RES_TO_DEFAULT] = _res.retrans;
TimeOuts.res_retrans[RES_TO_FIRST] = _res.retrans;
TimeOuts.res_retrans[RES_TO_NORMAL] = _res.retrans;
#endif /* NAMED_BIND */
errno = 0;
from = NULL;
/* initialize some macros, etc. */
init_vendor_macros(&BlankEnvelope);
/* version */
macdefine(&BlankEnvelope.e_macro, A_PERM, 'v', Version);
/* hostname */
hp = myhostname(jbuf, sizeof(jbuf));
if (jbuf[0] != '\0')
{
struct utsname utsname;
if (tTd(0, 4))
sm_dprintf("Canonical name: %s\n", jbuf);
macdefine(&BlankEnvelope.e_macro, A_TEMP, 'w', jbuf);
macdefine(&BlankEnvelope.e_macro, A_TEMP, 'j', jbuf);
setclass('w', jbuf);
p = strchr(jbuf, '.');
if (p != NULL && p[1] != '\0')
macdefine(&BlankEnvelope.e_macro, A_TEMP, 'm', &p[1]);
if (uname(&utsname) >= 0)
p = utsname.nodename;
else
{
if (tTd(0, 22))
sm_dprintf("uname failed (%s)\n",
sm_errstring(errno));
makelower(jbuf);
p = jbuf;
}
if (tTd(0, 4))
sm_dprintf(" UUCP nodename: %s\n", p);
macdefine(&BlankEnvelope.e_macro, A_TEMP, 'k', p);
setclass('k', p);
setclass('w', p);
}
if (hp != NULL)
{
for (av = hp->h_aliases; av != NULL && *av != NULL; av++)
{
if (tTd(0, 4))
sm_dprintf("\ta.k.a.: %s\n", *av);
setclass('w', *av);
}
#if NETINET || NETINET6
for (i = 0; i >= 0 && hp->h_addr_list[i] != NULL; i++)
{
# if NETINET6
char *addr;
char buf6[INET6_ADDRSTRLEN];
struct in6_addr ia6;
# endif /* NETINET6 */
# if NETINET
struct in_addr ia;
-# endif /* NETINET */
+# endif
char ipbuf[103];
ipbuf[0] = '\0';
switch (hp->h_addrtype)
{
# if NETINET
case AF_INET:
if (hp->h_length != INADDRSZ)
break;
memmove(&ia, hp->h_addr_list[i], INADDRSZ);
(void) sm_snprintf(ipbuf, sizeof(ipbuf),
"[%.100s]", inet_ntoa(ia));
break;
# endif /* NETINET */
# if NETINET6
case AF_INET6:
if (hp->h_length != IN6ADDRSZ)
break;
memmove(&ia6, hp->h_addr_list[i], IN6ADDRSZ);
addr = anynet_ntop(&ia6, buf6, sizeof(buf6));
if (addr != NULL)
(void) sm_snprintf(ipbuf, sizeof(ipbuf),
"[%.100s]", addr);
break;
# endif /* NETINET6 */
}
if (ipbuf[0] == '\0')
break;
if (tTd(0, 4))
sm_dprintf("\ta.k.a.: %s\n", ipbuf);
setclass('w', ipbuf);
}
#endif /* NETINET || NETINET6 */
#if NETINET6
freehostent(hp);
hp = NULL;
-#endif /* NETINET6 */
+#endif
}
/* current time */
macdefine(&BlankEnvelope.e_macro, A_TEMP, 'b', arpadate((char *) NULL));
/* current load average */
sm_getla();
QueueLimitRecipient = (QUEUE_CHAR *) NULL;
QueueLimitSender = (QUEUE_CHAR *) NULL;
QueueLimitId = (QUEUE_CHAR *) NULL;
QueueLimitQuarantine = (QUEUE_CHAR *) NULL;
/*
** Crack argv.
*/
optind = 1;
while ((j = getopt(argc, argv, OPTIONS)) != -1)
{
switch (j)
{
case 'b': /* operations mode */
/* already done */
break;
case 'A': /* use Alternate sendmail/submit.cf */
cftype = optarg[0] == 'c' ? SM_GET_SUBMIT_CF
: SM_GET_SENDMAIL_CF;
break;
case 'B': /* body type */
CHECK_AGAINST_OPMODE(j);
BlankEnvelope.e_bodytype = newstr(optarg);
break;
case 'C': /* select configuration file (already done) */
if (RealUid != 0)
warn_C_flag = true;
conffile = newstr(optarg);
dp = drop_privileges(true);
setstat(dp);
safecf = false;
break;
case 'D':
case 'd': /* debugging */
/* already done */
break;
case 'f': /* from address */
case 'r': /* obsolete -f flag */
CHECK_AGAINST_OPMODE(j);
if (from != NULL)
{
usrerr("More than one \"from\" person");
ExitStat = EX_USAGE;
break;
}
if (optarg[0] == '\0')
from = newstr("<>");
else
from = newstr(denlstring(optarg, true, true));
if (strcmp(RealUserName, from) != 0)
warn_f_flag = j;
break;
case 'F': /* set full name */
CHECK_AGAINST_OPMODE(j);
FullName = newstr(optarg);
break;
case 'G': /* relay (gateway) submission */
/* already set */
CHECK_AGAINST_OPMODE(j);
break;
case 'h': /* hop count */
CHECK_AGAINST_OPMODE(j);
BlankEnvelope.e_hopcount = (short) strtol(optarg, &ep,
10);
(void) sm_snprintf(buf, sizeof(buf), "%d",
BlankEnvelope.e_hopcount);
macdefine(&BlankEnvelope.e_macro, A_TEMP, 'c', buf);
if (*ep)
{
usrerr("Bad hop count (%s)", optarg);
ExitStat = EX_USAGE;
}
break;
case 'L': /* program label */
/* already set */
break;
case 'n': /* don't alias */
CHECK_AGAINST_OPMODE(j);
NoAlias = true;
break;
case 'N': /* delivery status notifications */
CHECK_AGAINST_OPMODE(j);
DefaultNotify |= QHASNOTIFY;
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{dsn_notify}"), optarg);
if (sm_strcasecmp(optarg, "never") == 0)
break;
for (p = optarg; p != NULL; optarg = p)
{
p = strchr(p, ',');
if (p != NULL)
*p++ = '\0';
if (sm_strcasecmp(optarg, "success") == 0)
DefaultNotify |= QPINGONSUCCESS;
else if (sm_strcasecmp(optarg, "failure") == 0)
DefaultNotify |= QPINGONFAILURE;
else if (sm_strcasecmp(optarg, "delay") == 0)
DefaultNotify |= QPINGONDELAY;
else
{
usrerr("Invalid -N argument");
ExitStat = EX_USAGE;
}
}
break;
case 'o': /* set option */
setoption(*optarg, optarg + 1, false, true,
&BlankEnvelope);
break;
case 'O': /* set option (long form) */
setoption(' ', optarg, false, true, &BlankEnvelope);
break;
case 'p': /* set protocol */
CHECK_AGAINST_OPMODE(j);
p = strchr(optarg, ':');
if (p != NULL)
{
*p++ = '\0';
if (*p != '\0')
{
i = strlen(p) + 1;
ep = sm_malloc_x(i);
cleanstrcpy(ep, p, i);
macdefine(&BlankEnvelope.e_macro,
A_HEAP, 's', ep);
}
}
if (*optarg != '\0')
{
i = strlen(optarg) + 1;
ep = sm_malloc_x(i);
cleanstrcpy(ep, optarg, i);
macdefine(&BlankEnvelope.e_macro, A_HEAP,
'r', ep);
}
break;
case 'Q': /* change quarantining on queued items */
/* sanity check */
if (OpMode != MD_DELIVER &&
OpMode != MD_QUEUERUN)
{
usrerr("Can not use -Q with -b%c", OpMode);
ExitStat = EX_USAGE;
break;
}
if (OpMode == MD_DELIVER)
set_op_mode(MD_QUEUERUN);
FullName = NULL;
quarantining = newstr(optarg);
break;
case 'q': /* run queue files at intervals */
/* sanity check */
if (OpMode != MD_DELIVER &&
OpMode != MD_DAEMON &&
OpMode != MD_FGDAEMON &&
OpMode != MD_PRINT &&
OpMode != MD_PRINTNQE &&
OpMode != MD_QUEUERUN)
{
usrerr("Can not use -q with -b%c", OpMode);
ExitStat = EX_USAGE;
break;
}
/* don't override -bd, -bD or -bp */
if (OpMode == MD_DELIVER)
set_op_mode(MD_QUEUERUN);
FullName = NULL;
negate = optarg[0] == '!';
if (negate)
{
/* negate meaning of pattern match */
optarg++; /* skip '!' for next switch */
}
switch (optarg[0])
{
case 'G': /* Limit by queue group name */
if (negate)
{
usrerr("Can not use -q!G");
ExitStat = EX_USAGE;
break;
}
if (queuegroup != NULL)
{
usrerr("Can not use multiple -qG options");
ExitStat = EX_USAGE;
break;
}
queuegroup = newstr(&optarg[1]);
break;
case 'I': /* Limit by ID */
new = (QUEUE_CHAR *) xalloc(sizeof(*new));
new->queue_match = newstr(&optarg[1]);
new->queue_negate = negate;
new->queue_next = QueueLimitId;
QueueLimitId = new;
break;
case 'R': /* Limit by recipient */
new = (QUEUE_CHAR *) xalloc(sizeof(*new));
new->queue_match = newstr(&optarg[1]);
new->queue_negate = negate;
new->queue_next = QueueLimitRecipient;
QueueLimitRecipient = new;
break;
case 'S': /* Limit by sender */
new = (QUEUE_CHAR *) xalloc(sizeof(*new));
new->queue_match = newstr(&optarg[1]);
new->queue_negate = negate;
new->queue_next = QueueLimitSender;
QueueLimitSender = new;
break;
case 'f': /* foreground queue run */
foregroundqueue = true;
break;
case 'Q': /* Limit by quarantine message */
if (optarg[1] != '\0')
{
new = (QUEUE_CHAR *) xalloc(sizeof(*new));
new->queue_match = newstr(&optarg[1]);
new->queue_negate = negate;
new->queue_next = QueueLimitQuarantine;
QueueLimitQuarantine = new;
}
QueueMode = QM_QUARANTINE;
break;
case 'L': /* act on lost items */
QueueMode = QM_LOST;
break;
case 'p': /* Persistent queue */
queuepersistent = true;
if (QueueIntvl == 0)
QueueIntvl = 1;
if (optarg[1] == '\0')
break;
++optarg;
/* FALLTHROUGH */
default:
i = Errors;
QueueIntvl = convtime(optarg, 'm');
if (QueueIntvl < 0)
{
usrerr("Invalid -q value");
ExitStat = EX_USAGE;
}
/* check for bad conversion */
if (i < Errors)
ExitStat = EX_USAGE;
break;
}
break;
case 'R': /* DSN RET: what to return */
CHECK_AGAINST_OPMODE(j);
if (bitset(EF_RET_PARAM, BlankEnvelope.e_flags))
{
usrerr("Duplicate -R flag");
ExitStat = EX_USAGE;
break;
}
BlankEnvelope.e_flags |= EF_RET_PARAM;
if (sm_strcasecmp(optarg, "hdrs") == 0)
BlankEnvelope.e_flags |= EF_NO_BODY_RETN;
else if (sm_strcasecmp(optarg, "full") != 0)
{
usrerr("Invalid -R value");
ExitStat = EX_USAGE;
}
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{dsn_ret}"), optarg);
break;
case 't': /* read recipients from message */
CHECK_AGAINST_OPMODE(j);
GrabTo = true;
break;
case 'V': /* DSN ENVID: set "original" envelope id */
CHECK_AGAINST_OPMODE(j);
if (!xtextok(optarg))
{
usrerr("Invalid syntax in -V flag");
ExitStat = EX_USAGE;
}
else
{
BlankEnvelope.e_envid = newstr(optarg);
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{dsn_envid}"), optarg);
}
break;
case 'X': /* traffic log file */
dp = drop_privileges(true);
setstat(dp);
if (stat(optarg, &traf_st) == 0 &&
S_ISFIFO(traf_st.st_mode))
TrafficLogFile = sm_io_open(SmFtStdio,
SM_TIME_DEFAULT,
optarg,
SM_IO_WRONLY, NULL);
else
TrafficLogFile = sm_io_open(SmFtStdio,
SM_TIME_DEFAULT,
optarg,
SM_IO_APPEND, NULL);
if (TrafficLogFile == NULL)
{
syserr("cannot open %s", optarg);
ExitStat = EX_CANTCREAT;
break;
}
(void) sm_io_setvbuf(TrafficLogFile, SM_TIME_DEFAULT,
NULL, SM_IO_LBF, 0);
break;
/* compatibility flags */
case 'c': /* connect to non-local mailers */
case 'i': /* don't let dot stop me */
case 'm': /* send to me too */
case 'T': /* set timeout interval */
case 'v': /* give blow-by-blow description */
setoption(j, "T", false, true, &BlankEnvelope);
break;
case 'e': /* error message disposition */
case 'M': /* define macro */
setoption(j, optarg, false, true, &BlankEnvelope);
break;
case 's': /* save From lines in headers */
setoption('f', "T", false, true, &BlankEnvelope);
break;
#ifdef DBM
case 'I': /* initialize alias DBM file */
set_op_mode(MD_INITALIAS);
break;
#endif /* DBM */
#if defined(__osf__) || defined(_AIX3)
case 'x': /* random flag that OSF/1 & AIX mailx passes */
break;
-#endif /* defined(__osf__) || defined(_AIX3) */
+#endif
#if defined(sony_news)
case 'E':
case 'J': /* ignore flags for Japanese code conversion
implemented on Sony NEWS */
break;
#endif /* defined(sony_news) */
default:
finis(true, true, EX_USAGE);
/* NOTREACHED */
break;
}
}
/* if we've had errors so far, exit now */
if ((ExitStat != EX_OK && OpMode != MD_TEST && OpMode != MD_CHECKCONFIG) ||
ExitStat == EX_OSERR)
{
finis(false, true, ExitStat);
/* NOTREACHED */
}
if (bitset(SUBMIT_MTA, SubmitMode))
{
/* If set daemon_flags on command line, don't reset it */
if (macvalue(macid("{daemon_flags}"), &BlankEnvelope) == NULL)
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_flags}"), "CC f");
}
else if (OpMode == MD_DELIVER || OpMode == MD_SMTP)
{
SubmitMode = SUBMIT_MSA;
/* If set daemon_flags on command line, don't reset it */
if (macvalue(macid("{daemon_flags}"), &BlankEnvelope) == NULL)
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_flags}"), "c u");
}
/*
** Do basic initialization.
** Read system control file.
** Extract special fields for local use.
*/
#if XDEBUG
checkfd012("before readcf");
-#endif /* XDEBUG */
+#endif
vendor_pre_defaults(&BlankEnvelope);
readcf(getcfname(OpMode, SubmitMode, cftype, conffile),
safecf, &BlankEnvelope);
#if !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_)
ConfigFileRead = true;
-#endif /* !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_) */
+#endif
vendor_post_defaults(&BlankEnvelope);
/* now we can complain about missing fds */
if (MissingFds != 0 && LogLevel > 8)
{
char mbuf[MAXLINE];
mbuf[0] = '\0';
if (bitset(1 << STDIN_FILENO, MissingFds))
(void) sm_strlcat(mbuf, ", stdin", sizeof(mbuf));
if (bitset(1 << STDOUT_FILENO, MissingFds))
(void) sm_strlcat(mbuf, ", stdout", sizeof(mbuf));
if (bitset(1 << STDERR_FILENO, MissingFds))
(void) sm_strlcat(mbuf, ", stderr", sizeof(mbuf));
/* Notice: fill_errno is from high above: fill_fd() */
sm_syslog(LOG_WARNING, NOQID,
"File descriptors missing on startup: %s; %s",
&mbuf[2], sm_errstring(fill_errno));
}
/* Remove the ability for a normal user to send signals */
if (RealUid != 0 && RealUid != geteuid())
{
uid_t new_uid = geteuid();
#if HASSETREUID
/*
** Since we can differentiate between uid and euid,
** make the uid a different user so the real user
** can't send signals. However, it doesn't need to be
** root (euid has root).
*/
if (new_uid == 0)
new_uid = DefUid;
if (tTd(47, 5))
sm_dprintf("Changing real uid to %d\n", (int) new_uid);
if (setreuid(new_uid, geteuid()) < 0)
{
syserr("main: setreuid(%d, %d) failed",
(int) new_uid, (int) geteuid());
finis(false, true, EX_OSERR);
/* NOTREACHED */
}
if (tTd(47, 10))
sm_dprintf("Now running as e/ruid %d:%d\n",
(int) geteuid(), (int) getuid());
#else /* HASSETREUID */
/*
** Have to change both effective and real so need to
** change them both to effective to keep privs.
*/
if (tTd(47, 5))
sm_dprintf("Changing uid to %d\n", (int) new_uid);
if (setuid(new_uid) < 0)
{
syserr("main: setuid(%d) failed", (int) new_uid);
finis(false, true, EX_OSERR);
/* NOTREACHED */
}
if (tTd(47, 10))
sm_dprintf("Now running as e/ruid %d:%d\n",
(int) geteuid(), (int) getuid());
#endif /* HASSETREUID */
}
#if NAMED_BIND
if (FallbackMX != NULL)
(void) getfallbackmxrr(FallbackMX);
-#endif /* NAMED_BIND */
+#endif
if (SuperSafe == SAFE_INTERACTIVE && !SM_IS_INTERACTIVE(CurEnv->e_sendmode))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"WARNING: SuperSafe=interactive should only be used with\n DeliveryMode=interactive\n");
}
if (UseMSP && (OpMode == MD_DAEMON || OpMode == MD_FGDAEMON))
{
usrerr("Mail submission program cannot be used as daemon");
finis(false, true, EX_USAGE);
}
if (OpMode == MD_DELIVER || OpMode == MD_SMTP ||
OpMode == MD_QUEUERUN || OpMode == MD_ARPAFTP ||
OpMode == MD_DAEMON || OpMode == MD_FGDAEMON)
makeworkgroups();
/* set up the basic signal handlers */
if (sm_signal(SIGINT, SIG_IGN) != SIG_IGN)
(void) sm_signal(SIGINT, intsig);
(void) sm_signal(SIGTERM, intsig);
/* Enforce use of local time (null string overrides this) */
if (TimeZoneSpec == NULL)
unsetenv("TZ");
else if (TimeZoneSpec[0] != '\0')
sm_setuserenv("TZ", TimeZoneSpec);
else
sm_setuserenv("TZ", NULL);
tzset();
/* initialize mailbox database */
i = sm_mbdb_initialize(Mbdb);
if (i != EX_OK)
{
usrerr("Can't initialize mailbox database \"%s\": %s",
Mbdb, sm_strexit(i));
ExitStat = i;
}
/* avoid denial-of-service attacks */
resetlimits();
if (OpMode == MD_TEST)
{
/* can't be done after readcf if RunAs* is used */
dp = drop_privileges(true);
if (dp != EX_OK)
{
finis(false, true, dp);
/* NOTREACHED */
}
}
else if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON)
{
/* drop privileges -- daemon mode done after socket/bind */
dp = drop_privileges(false);
setstat(dp);
if (dp == EX_OK && UseMSP && (geteuid() == 0 || getuid() == 0))
{
usrerr("Mail submission program must have RunAsUser set to non root user");
finis(false, true, EX_CONFIG);
/* NOTREACHED */
}
}
#if NAMED_BIND
_res.retry = TimeOuts.res_retry[RES_TO_DEFAULT];
_res.retrans = TimeOuts.res_retrans[RES_TO_DEFAULT];
-#endif /* NAMED_BIND */
+#endif
/*
** Find our real host name for future logging.
*/
authinfo = getauthinfo(STDIN_FILENO, &forged);
macdefine(&BlankEnvelope.e_macro, A_TEMP, '_', authinfo);
/* suppress error printing if errors mailed back or whatever */
if (BlankEnvelope.e_errormode != EM_PRINT)
HoldErrs = true;
/* set up the $=m class now, after .cf has a chance to redefine $m */
expand("\201m", jbuf, sizeof(jbuf), &BlankEnvelope);
if (jbuf[0] != '\0')
setclass('m', jbuf);
/* probe interfaces and locate any additional names */
if (DontProbeInterfaces != DPI_PROBENONE)
load_if_names();
if (tTd(0, 10))
{
char pidpath[MAXPATHLEN];
/* Now we know which .cf file we use */
sm_dprintf(" Conf file:\t%s (selected)\n",
getcfname(OpMode, SubmitMode, cftype, conffile));
expand(PidFile, pidpath, sizeof(pidpath), &BlankEnvelope);
sm_dprintf(" Pid file:\t%s (selected)\n", pidpath);
}
if (tTd(0, 1))
{
sm_dprintf("\n============ SYSTEM IDENTITY (after readcf) ============");
sm_dprintf("\n (short domain name) $w = ");
xputs(sm_debug_file(), macvalue('w', &BlankEnvelope));
sm_dprintf("\n (canonical domain name) $j = ");
xputs(sm_debug_file(), macvalue('j', &BlankEnvelope));
sm_dprintf("\n (subdomain name) $m = ");
xputs(sm_debug_file(), macvalue('m', &BlankEnvelope));
sm_dprintf("\n (node name) $k = ");
xputs(sm_debug_file(), macvalue('k', &BlankEnvelope));
sm_dprintf("\n========================================================\n\n");
}
/*
** Do more command line checking -- these are things that
** have to modify the results of reading the config file.
*/
/* process authorization warnings from command line */
if (warn_C_flag)
auth_warning(&BlankEnvelope, "Processed by %s with -C %s",
RealUserName, conffile);
if (Warn_Q_option && !wordinclass(RealUserName, 't'))
auth_warning(&BlankEnvelope, "Processed from queue %s",
QueueDir);
if (sysloglabel != NULL && !wordinclass(RealUserName, 't') &&
RealUid != 0 && RealUid != TrustedUid && LogLevel > 1)
sm_syslog(LOG_WARNING, NOQID, "user %d changed syslog label",
(int) RealUid);
/* check body type for legality */
i = check_bodytype(BlankEnvelope.e_bodytype);
if (i == BODYTYPE_ILLEGAL)
{
usrerr("Illegal body type %s", BlankEnvelope.e_bodytype);
BlankEnvelope.e_bodytype = NULL;
}
else if (i != BODYTYPE_NONE)
SevenBitInput = (i == BODYTYPE_7BIT);
/* tweak default DSN notifications */
if (DefaultNotify == 0)
DefaultNotify = QPINGONFAILURE|QPINGONDELAY;
/* check for sane configuration level */
if (ConfigLevel > MAXCONFIGLEVEL)
{
syserr("Warning: .cf version level (%d) exceeds sendmail version %s functionality (%d)",
ConfigLevel, Version, MAXCONFIGLEVEL);
}
/* need MCI cache to have persistence */
if (HostStatDir != NULL && MaxMciCache == 0)
{
HostStatDir = NULL;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: HostStatusDirectory disabled with ConnectionCacheSize = 0\n");
}
/* need HostStatusDir in order to have SingleThreadDelivery */
if (SingleThreadDelivery && HostStatDir == NULL)
{
SingleThreadDelivery = false;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: HostStatusDirectory required for SingleThreadDelivery\n");
}
#if _FFR_MEMSTAT
j = sm_memstat_open();
if (j < 0 && (RefuseLowMem > 0 || QueueLowMem > 0) && LogLevel > 4)
{
sm_syslog(LOG_WARNING, NOQID,
"cannot get memory statistics, settings ignored, error=%d"
, j);
}
#endif /* _FFR_MEMSTAT */
/* check for permissions */
if (RealUid != 0 &&
RealUid != TrustedUid)
{
char *action = NULL;
switch (OpMode)
{
case MD_QUEUERUN:
if (quarantining != NULL)
action = "quarantine jobs";
else
{
/* Normal users can do a single queue run */
if (QueueIntvl == 0)
break;
}
/* but not persistent queue runners */
if (action == NULL)
action = "start a queue runner daemon";
/* FALLTHROUGH */
case MD_PURGESTAT:
if (action == NULL)
action = "purge host status";
/* FALLTHROUGH */
case MD_DAEMON:
case MD_FGDAEMON:
if (action == NULL)
action = "run daemon";
if (tTd(65, 1))
sm_dprintf("Deny user %d attempt to %s\n",
(int) RealUid, action);
if (LogLevel > 1)
sm_syslog(LOG_ALERT, NOQID,
"user %d attempted to %s",
(int) RealUid, action);
HoldErrs = false;
usrerr("Permission denied (real uid not trusted)");
finis(false, true, EX_USAGE);
/* NOTREACHED */
break;
case MD_VERIFY:
if (bitset(PRIV_RESTRICTEXPAND, PrivacyFlags))
{
/*
** If -bv and RestrictExpand,
** drop privs to prevent normal
** users from reading private
** aliases/forwards/:include:s
*/
if (tTd(65, 1))
sm_dprintf("Drop privs for user %d attempt to expand (RestrictExpand)\n",
(int) RealUid);
dp = drop_privileges(true);
/* Fake address safety */
if (tTd(65, 1))
sm_dprintf("Faking DontBlameSendmail=NonRootSafeAddr\n");
setbitn(DBS_NONROOTSAFEADDR, DontBlameSendmail);
if (dp != EX_OK)
{
if (tTd(65, 1))
sm_dprintf("Failed to drop privs for user %d attempt to expand, exiting\n",
(int) RealUid);
CurEnv->e_id = NULL;
finis(true, true, dp);
/* NOTREACHED */
}
}
break;
case MD_TEST:
case MD_CHECKCONFIG:
case MD_PRINT:
case MD_PRINTNQE:
case MD_FREEZE:
case MD_HOSTSTAT:
/* Nothing special to check */
break;
case MD_INITALIAS:
if (!wordinclass(RealUserName, 't'))
{
if (tTd(65, 1))
sm_dprintf("Deny user %d attempt to rebuild the alias map\n",
(int) RealUid);
if (LogLevel > 1)
sm_syslog(LOG_ALERT, NOQID,
"user %d attempted to rebuild the alias map",
(int) RealUid);
HoldErrs = false;
usrerr("Permission denied (real uid not trusted)");
finis(false, true, EX_USAGE);
/* NOTREACHED */
}
if (UseMSP)
{
HoldErrs = false;
usrerr("User %d cannot rebuild aliases in mail submission program",
(int) RealUid);
finis(false, true, EX_USAGE);
/* NOTREACHED */
}
/* FALLTHROUGH */
default:
if (bitset(PRIV_RESTRICTEXPAND, PrivacyFlags) &&
Verbose != 0)
{
/*
** If -v and RestrictExpand, reset
** Verbose to prevent normal users
** from seeing the expansion of
** aliases/forwards/:include:s
*/
if (tTd(65, 1))
sm_dprintf("Dropping verbosity for user %d (RestrictExpand)\n",
(int) RealUid);
Verbose = 0;
}
break;
}
}
if (MeToo)
BlankEnvelope.e_flags |= EF_METOO;
switch (OpMode)
{
case MD_TEST:
/* don't have persistent host status in test mode */
HostStatDir = NULL;
/* FALLTHROUGH */
case MD_CHECKCONFIG:
if (Verbose == 0)
Verbose = 2;
BlankEnvelope.e_errormode = EM_PRINT;
HoldErrs = false;
break;
case MD_VERIFY:
BlankEnvelope.e_errormode = EM_PRINT;
HoldErrs = false;
/* arrange to exit cleanly on hangup signal */
if (sm_signal(SIGHUP, SIG_IGN) == (sigfunc_t) SIG_DFL)
(void) sm_signal(SIGHUP, intsig);
if (geteuid() != 0)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Notice: -bv may give misleading output for non-privileged user\n");
break;
case MD_FGDAEMON:
run_in_foreground = true;
set_op_mode(MD_DAEMON);
/* FALLTHROUGH */
case MD_DAEMON:
vendor_daemon_setup(&BlankEnvelope);
/* remove things that don't make sense in daemon mode */
FullName = NULL;
GrabTo = false;
/* arrange to restart on hangup signal */
if (SaveArgv[0] == NULL || SaveArgv[0][0] != '/')
sm_syslog(LOG_WARNING, NOQID,
"daemon invoked without full pathname; kill -1 won't work");
break;
case MD_INITALIAS:
Verbose = 2;
BlankEnvelope.e_errormode = EM_PRINT;
HoldErrs = false;
/* FALLTHROUGH */
default:
/* arrange to exit cleanly on hangup signal */
if (sm_signal(SIGHUP, SIG_IGN) == (sigfunc_t) SIG_DFL)
(void) sm_signal(SIGHUP, intsig);
break;
}
/* special considerations for FullName */
if (FullName != NULL)
{
char *full = NULL;
/* full names can't have newlines */
if (strchr(FullName, '\n') != NULL)
{
full = newstr(denlstring(FullName, true, true));
FullName = full;
}
/* check for characters that may have to be quoted */
if (!rfc822_string(FullName))
{
/*
** Quote a full name with special characters
** as a comment so crackaddr() doesn't destroy
** the name portion of the address.
*/
FullName = addquotes(FullName, NULL);
if (full != NULL)
sm_free(full); /* XXX */
}
}
/* do heuristic mode adjustment */
if (Verbose)
{
/* turn off noconnect option */
setoption('c', "F", true, false, &BlankEnvelope);
/* turn on interactive delivery */
setoption('d', "", true, false, &BlankEnvelope);
}
#ifdef VENDOR_CODE
/* check for vendor mismatch */
if (VendorCode != VENDOR_CODE)
{
message("Warning: .cf file vendor code mismatch: sendmail expects vendor %s, .cf file vendor is %s",
getvendor(VENDOR_CODE), getvendor(VendorCode));
}
#endif /* VENDOR_CODE */
/* check for out of date configuration level */
if (ConfigLevel < MAXCONFIGLEVEL)
{
message("Warning: .cf file is out of date: sendmail %s supports version %d, .cf file is version %d",
Version, MAXCONFIGLEVEL, ConfigLevel);
}
if (ConfigLevel < 3)
UseErrorsTo = true;
/* set options that were previous macros */
if (SmtpGreeting == NULL)
{
if (ConfigLevel < 7 &&
(p = macvalue('e', &BlankEnvelope)) != NULL)
SmtpGreeting = newstr(p);
else
SmtpGreeting = "\201j Sendmail \201v ready at \201b";
}
if (UnixFromLine == NULL)
{
if (ConfigLevel < 7 &&
(p = macvalue('l', &BlankEnvelope)) != NULL)
UnixFromLine = newstr(p);
else
UnixFromLine = "From \201g \201d";
}
SmtpError[0] = '\0';
/* our name for SMTP codes */
expand("\201j", jbuf, sizeof(jbuf), &BlankEnvelope);
if (jbuf[0] == '\0')
PSTRSET(MyHostName, "localhost");
else
PSTRSET(MyHostName, jbuf);
if (strchr(MyHostName, '.') == NULL)
message("WARNING: local host name (%s) is not qualified; see cf/README: WHO AM I?",
MyHostName);
/* make certain that this name is part of the $=w class */
setclass('w', MyHostName);
/* fill in the structure of the *default* queue */
st = stab("mqueue", ST_QUEUE, ST_FIND);
if (st == NULL)
syserr("No default queue (mqueue) defined");
else
set_def_queueval(st->s_quegrp, true);
/* the indices of built-in mailers */
st = stab("local", ST_MAILER, ST_FIND);
if (st != NULL)
LocalMailer = st->s_mailer;
else if (OpMode != MD_TEST || !warn_C_flag)
syserr("No local mailer defined");
st = stab("prog", ST_MAILER, ST_FIND);
if (st == NULL)
syserr("No prog mailer defined");
else
{
ProgMailer = st->s_mailer;
clrbitn(M_MUSER, ProgMailer->m_flags);
}
st = stab("*file*", ST_MAILER, ST_FIND);
if (st == NULL)
syserr("No *file* mailer defined");
else
{
FileMailer = st->s_mailer;
clrbitn(M_MUSER, FileMailer->m_flags);
}
st = stab("*include*", ST_MAILER, ST_FIND);
if (st == NULL)
syserr("No *include* mailer defined");
else
InclMailer = st->s_mailer;
if (ConfigLevel < 6)
{
/* heuristic tweaking of local mailer for back compat */
if (LocalMailer != NULL)
{
setbitn(M_ALIASABLE, LocalMailer->m_flags);
setbitn(M_HASPWENT, LocalMailer->m_flags);
setbitn(M_TRYRULESET5, LocalMailer->m_flags);
setbitn(M_CHECKINCLUDE, LocalMailer->m_flags);
setbitn(M_CHECKPROG, LocalMailer->m_flags);
setbitn(M_CHECKFILE, LocalMailer->m_flags);
setbitn(M_CHECKUDB, LocalMailer->m_flags);
}
if (ProgMailer != NULL)
setbitn(M_RUNASRCPT, ProgMailer->m_flags);
if (FileMailer != NULL)
setbitn(M_RUNASRCPT, FileMailer->m_flags);
}
if (ConfigLevel < 7)
{
if (LocalMailer != NULL)
setbitn(M_VRFY250, LocalMailer->m_flags);
if (ProgMailer != NULL)
setbitn(M_VRFY250, ProgMailer->m_flags);
if (FileMailer != NULL)
setbitn(M_VRFY250, FileMailer->m_flags);
}
/* MIME Content-Types that cannot be transfer encoded */
setclass('n', "multipart/signed");
/* MIME message/xxx subtypes that can be treated as messages */
setclass('s', "rfc822");
+#if _FFR_EAI
+ setclass('s', "global");
+#endif
/* MIME Content-Transfer-Encodings that can be encoded */
setclass('e', "7bit");
setclass('e', "8bit");
setclass('e', "binary");
#ifdef USE_B_CLASS
/* MIME Content-Types that should be treated as binary */
setclass('b', "image");
setclass('b', "audio");
setclass('b', "video");
setclass('b', "application/octet-stream");
#endif /* USE_B_CLASS */
/* MIME headers which have fields to check for overflow */
setclass(macid("{checkMIMEFieldHeaders}"), "content-disposition");
setclass(macid("{checkMIMEFieldHeaders}"), "content-type");
/* MIME headers to check for length overflow */
setclass(macid("{checkMIMETextHeaders}"), "content-description");
/* MIME headers to check for overflow and rebalance */
setclass(macid("{checkMIMEHeaders}"), "content-disposition");
setclass(macid("{checkMIMEHeaders}"), "content-id");
setclass(macid("{checkMIMEHeaders}"), "content-transfer-encoding");
setclass(macid("{checkMIMEHeaders}"), "content-type");
setclass(macid("{checkMIMEHeaders}"), "mime-version");
/* Macros to save in the queue file -- don't remove any */
setclass(macid("{persistentMacros}"), "r");
setclass(macid("{persistentMacros}"), "s");
setclass(macid("{persistentMacros}"), "_");
setclass(macid("{persistentMacros}"), "{if_addr}");
setclass(macid("{persistentMacros}"), "{daemon_flags}");
/* operate in queue directory */
if (QueueDir == NULL || *QueueDir == '\0')
{
if (OpMode != MD_TEST)
{
syserr("QueueDirectory (Q) option must be set");
ExitStat = EX_CONFIG;
}
}
else
{
if (OpMode != MD_TEST)
setup_queues(OpMode == MD_DAEMON);
}
/* check host status directory for validity */
if (HostStatDir != NULL && !path_is_dir(HostStatDir, false))
{
/* cannot use this value */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Cannot use HostStatusDirectory = %s: %s\n",
HostStatDir, sm_errstring(errno));
HostStatDir = NULL;
}
if (OpMode == MD_QUEUERUN &&
RealUid != 0 && bitset(PRIV_RESTRICTQRUN, PrivacyFlags))
{
struct stat stbuf;
/* check to see if we own the queue directory */
if (stat(".", &stbuf) < 0)
syserr("main: cannot stat %s", QueueDir);
if (stbuf.st_uid != RealUid)
{
/* nope, really a botch */
HoldErrs = false;
usrerr("You do not have permission to process the queue");
finis(false, true, EX_NOPERM);
/* NOTREACHED */
}
}
#if MILTER
/* sanity checks on milter filters */
if (OpMode == MD_DAEMON || OpMode == MD_SMTP)
{
milter_config(InputFilterList, InputFilters, MAXFILTERS);
setup_daemon_milters();
}
#endif /* MILTER */
/* Convert queuegroup string to qgrp number */
if (queuegroup != NULL)
{
qgrp = name2qid(queuegroup);
if (qgrp == NOQGRP)
{
HoldErrs = false;
usrerr("Queue group %s unknown", queuegroup);
finis(false, true, ExitStat);
/* NOTREACHED */
}
}
/* if checking config or have had errors so far, exit now */
if (OpMode == MD_CHECKCONFIG || (ExitStat != EX_OK && OpMode != MD_TEST))
{
finis(false, true, ExitStat);
/* NOTREACHED */
}
#if SASL
/* sendmail specific SASL initialization */
sm_sasl_init();
-#endif /* SASL */
+#endif
#if XDEBUG
checkfd012("before main() initmaps");
-#endif /* XDEBUG */
+#endif
/*
** Do operation-mode-dependent initialization.
*/
switch (OpMode)
{
case MD_PRINT:
/* print the queue */
HoldErrs = false;
(void) dropenvelope(&BlankEnvelope, true, false);
(void) sm_signal(SIGPIPE, sigpipe);
if (qgrp != NOQGRP)
{
- int j;
-
/* Selecting a particular queue group to run */
for (j = 0; j < Queue[qgrp]->qg_numqueues; j++)
{
if (StopRequest)
stop_sendmail();
(void) print_single_queue(qgrp, j);
}
finis(false, true, EX_OK);
/* NOTREACHED */
}
printqueue();
finis(false, true, EX_OK);
/* NOTREACHED */
break;
case MD_PRINTNQE:
/* print number of entries in queue */
(void) dropenvelope(&BlankEnvelope, true, false);
(void) sm_signal(SIGPIPE, sigpipe);
printnqe(smioout, NULL);
finis(false, true, EX_OK);
/* NOTREACHED */
break;
case MD_QUEUERUN:
/* only handle quarantining here */
if (quarantining == NULL)
break;
if (QueueMode != QM_QUARANTINE &&
QueueMode != QM_NORMAL)
{
HoldErrs = false;
usrerr("Can not use -Q with -q%c", QueueMode);
ExitStat = EX_USAGE;
finis(false, true, ExitStat);
/* NOTREACHED */
}
quarantine_queue(quarantining, qgrp);
finis(false, true, EX_OK);
break;
case MD_HOSTSTAT:
(void) sm_signal(SIGPIPE, sigpipe);
(void) mci_traverse_persistent(mci_print_persistent, NULL);
finis(false, true, EX_OK);
/* NOTREACHED */
break;
case MD_PURGESTAT:
(void) mci_traverse_persistent(mci_purge_persistent, NULL);
finis(false, true, EX_OK);
/* NOTREACHED */
break;
case MD_INITALIAS:
/* initialize maps */
initmaps();
finis(false, true, ExitStat);
/* NOTREACHED */
break;
case MD_SMTP:
case MD_DAEMON:
/* reset DSN parameters */
DefaultNotify = QPINGONFAILURE|QPINGONDELAY;
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{dsn_notify}"), NULL);
BlankEnvelope.e_envid = NULL;
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{dsn_envid}"), NULL);
BlankEnvelope.e_flags &= ~(EF_RET_PARAM|EF_NO_BODY_RETN);
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{dsn_ret}"), NULL);
/* don't open maps for daemon -- done below in child */
break;
}
if (tTd(0, 15))
{
/* print configuration table (or at least part of it) */
if (tTd(0, 90))
printrules();
for (i = 0; i < MAXMAILERS; i++)
{
if (Mailer[i] != NULL)
printmailer(sm_debug_file(), Mailer[i]);
}
}
/*
** Switch to the main envelope.
*/
CurEnv = newenvelope(&MainEnvelope, &BlankEnvelope,
sm_rpool_new_x(NULL));
MainEnvelope.e_flags = BlankEnvelope.e_flags;
/*
** If test mode, read addresses from stdin and process.
*/
if (OpMode == MD_TEST)
{
if (isatty(sm_io_getinfo(smioin, SM_IO_WHAT_FD, NULL)))
Verbose = 2;
if (Verbose)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)\n");
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Enter <ruleset> <address>\n");
}
macdefine(&(MainEnvelope.e_macro), A_PERM,
macid("{addr_type}"), "e r");
for (;;)
{
SM_TRY
{
(void) sm_signal(SIGINT, intindebug);
(void) sm_releasesignal(SIGINT);
if (Verbose == 2)
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"> ");
(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
if (sm_io_fgets(smioin, SM_TIME_DEFAULT, buf,
sizeof(buf)) < 0)
testmodeline("/quit", &MainEnvelope);
p = strchr(buf, '\n');
if (p != NULL)
*p = '\0';
if (Verbose < 2)
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"> %s\n", buf);
testmodeline(buf, &MainEnvelope);
}
SM_EXCEPT(exc, "[!F]*")
{
/*
** 8.10 just prints \n on interrupt.
** I'm printing the exception here in case
** sendmail is extended to raise additional
** exceptions in this context.
*/
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"\n");
sm_exc_print(exc, smioout);
}
SM_END_TRY
}
}
#if STARTTLS
tls_ok = true;
if (OpMode == MD_QUEUERUN || OpMode == MD_DELIVER ||
OpMode == MD_ARPAFTP)
{
/* check whether STARTTLS is turned off for the client */
if (chkclientmodifiers(D_NOTLS))
tls_ok = false;
}
else if (OpMode == MD_DAEMON || OpMode == MD_FGDAEMON ||
OpMode == MD_SMTP)
{
/* check whether STARTTLS is turned off */
if (chkdaemonmodifiers(D_NOTLS) && chkclientmodifiers(D_NOTLS))
tls_ok = false;
}
else /* other modes don't need STARTTLS */
tls_ok = false;
if (tls_ok)
{
/* basic TLS initialization */
- tls_ok = init_tls_library(FipsMode);
- if (!tls_ok && FipsMode)
+ j = init_tls_library(FipsMode);
+ if (j < 0)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
- "ERROR: FIPSMode failed to initialize\n");
+ "ERROR: TLS failed to initialize\n");
exit(EX_USAGE);
}
+ if (j > 0)
+ tls_ok = false;
}
if (!tls_ok && (OpMode == MD_QUEUERUN || OpMode == MD_DELIVER))
{
/* disable TLS for client */
setclttls(false);
}
#endif /* STARTTLS */
/*
** If collecting stuff from the queue, go start doing that.
*/
if (OpMode == MD_QUEUERUN && QueueIntvl == 0)
{
pid_t pid = -1;
#if STARTTLS
/* init TLS for client, ignore result for now */
(void) initclttls(tls_ok);
-#endif /* STARTTLS */
+#endif
/*
** The parent process of the caller of runqueue() needs
** to stay around for a possible SIGTERM. The SIGTERM will
** tell this process that all of the queue runners children
** need to be sent SIGTERM as well. At the same time, we
** want to return control to the command line. So we do an
** extra fork().
*/
if (Verbose || foregroundqueue || (pid = fork()) <= 0)
{
/*
** If the fork() failed we should still try to do
** the queue run. If it succeeded then the child
** is going to start the run and wait for all
** of the children to finish.
*/
if (pid == 0)
{
/* Reset global flags */
RestartRequest = NULL;
ShutdownRequest = NULL;
PendingSignal = 0;
/* disconnect from terminal */
disconnect(2, CurEnv);
}
CurrentPid = getpid();
if (qgrp != NOQGRP)
{
int rwgflags = RWG_NONE;
/*
** To run a specific queue group mark it to
** be run, select the work group it's in and
** increment the work counter.
*/
for (i = 0; i < NumQueue && Queue[i] != NULL;
i++)
Queue[i]->qg_nextrun = (time_t) -1;
Queue[qgrp]->qg_nextrun = 0;
if (Verbose)
rwgflags |= RWG_VERBOSE;
if (queuepersistent)
rwgflags |= RWG_PERSISTENT;
rwgflags |= RWG_FORCE;
(void) run_work_group(Queue[qgrp]->qg_wgrp,
rwgflags);
}
else
(void) runqueue(false, Verbose,
queuepersistent, true);
/* set the title to make it easier to find */
sm_setproctitle(true, CurEnv, "Queue control");
(void) sm_signal(SIGCHLD, SIG_DFL);
while (CurChildren > 0)
{
int status;
pid_t ret;
errno = 0;
while ((ret = sm_wait(&status)) <= 0)
{
if (errno == ECHILD)
{
/*
** Oops... something got messed
** up really bad. Waiting for
** non-existent children
** shouldn't happen. Let's get
** out of here.
*/
CurChildren = 0;
break;
}
continue;
}
/* something is really really wrong */
if (errno == ECHILD)
{
sm_syslog(LOG_ERR, NOQID,
"queue control process: lost all children: wait returned ECHILD");
break;
}
/* Only drop when a child gives status */
if (WIFSTOPPED(status))
continue;
proc_list_drop(ret, status, NULL);
}
}
finis(true, true, ExitStat);
/* NOTREACHED */
}
-# if SASL
+#if SASL
if (OpMode == MD_SMTP || OpMode == MD_DAEMON)
{
/* check whether AUTH is turned off for the server */
if (!chkdaemonmodifiers(D_NOAUTH) &&
(i = sasl_server_init(srvcallbacks, "Sendmail")) != SASL_OK)
syserr("!sasl_server_init failed! [%s]",
sasl_errstring(i, NULL, NULL));
}
-# endif /* SASL */
+#endif /* SASL */
if (OpMode == MD_SMTP)
{
proc_list_add(CurrentPid, "Sendmail SMTP Agent",
PROC_DAEMON, 0, -1, NULL);
/* clean up background delivery children */
(void) sm_signal(SIGCHLD, reapchild);
}
/*
** If a daemon, wait for a request.
** getrequests will always return in a child.
** If we should also be processing the queue, start
** doing it in background.
** We check for any errors that might have happened
** during startup.
*/
if (OpMode == MD_DAEMON || QueueIntvl > 0)
{
char dtype[200];
/* avoid cleanup in finis(), DaemonPid will be set below */
DaemonPid = 0;
if (!run_in_foreground && !tTd(99, 100))
{
/* put us in background */
i = fork();
if (i < 0)
syserr("daemon: cannot fork");
if (i != 0)
{
finis(false, true, EX_OK);
/* NOTREACHED */
}
/*
** Initialize exception stack and default exception
** handler for child process.
*/
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
CurrentPid = getpid();
sm_exc_newthread(fatal_error);
/* disconnect from our controlling tty */
disconnect(2, &MainEnvelope);
}
dtype[0] = '\0';
if (OpMode == MD_DAEMON)
{
(void) sm_strlcat(dtype, "+SMTP", sizeof(dtype));
DaemonPid = CurrentPid;
}
if (QueueIntvl > 0)
{
(void) sm_strlcat2(dtype,
queuepersistent
? "+persistent-queueing@"
: "+queueing@",
pintvl(QueueIntvl, true),
sizeof(dtype));
}
if (tTd(0, 1))
(void) sm_strlcat(dtype, "+debugging", sizeof(dtype));
sm_syslog(LOG_INFO, NOQID,
"starting daemon (%s): %s", Version, dtype + 1);
#if XLA
xla_create_file();
-#endif /* XLA */
+#endif
/* save daemon type in a macro for possible PidFile use */
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{daemon_info}"), dtype + 1);
/* save queue interval in a macro for possible PidFile use */
macdefine(&MainEnvelope.e_macro, A_TEMP,
macid("{queue_interval}"), pintvl(QueueIntvl, true));
/* workaround: can't seem to release the signal in the parent */
(void) sm_signal(SIGHUP, sighup);
(void) sm_releasesignal(SIGHUP);
(void) sm_signal(SIGTERM, sigterm);
if (QueueIntvl > 0)
{
#if _FFR_RUNPQG
if (qgrp != NOQGRP)
{
int rwgflags = RWG_NONE;
/*
** To run a specific queue group mark it to
** be run, select the work group it's in and
** increment the work counter.
*/
for (i = 0; i < NumQueue && Queue[i] != NULL;
i++)
Queue[i]->qg_nextrun = (time_t) -1;
Queue[qgrp]->qg_nextrun = 0;
if (Verbose)
rwgflags |= RWG_VERBOSE;
if (queuepersistent)
rwgflags |= RWG_PERSISTENT;
rwgflags |= RWG_FORCE;
(void) run_work_group(Queue[qgrp]->qg_wgrp,
rwgflags);
}
else
#endif /* _FFR_RUNPQG */
(void) runqueue(true, false, queuepersistent,
true);
/*
** If queuepersistent but not in daemon mode then
** we're going to do the queue runner monitoring here.
** If in daemon mode then the monitoring will happen
** elsewhere.
*/
if (OpMode != MD_DAEMON && queuepersistent)
{
/*
** Write the pid to file
** XXX Overwrites sendmail.pid
*/
log_sendmail_pid(&MainEnvelope);
/* set the title to make it easier to find */
sm_setproctitle(true, CurEnv, "Queue control");
(void) sm_signal(SIGCHLD, SIG_DFL);
while (CurChildren > 0)
{
int status;
pid_t ret;
int group;
CHECK_RESTART;
errno = 0;
while ((ret = sm_wait(&status)) <= 0)
{
/*
** Waiting for non-existent
** children shouldn't happen.
** Let's get out of here if
** it occurs.
*/
if (errno == ECHILD)
{
CurChildren = 0;
break;
}
continue;
}
/* something is really really wrong */
if (errno == ECHILD)
{
sm_syslog(LOG_ERR, NOQID,
"persistent queue runner control process: lost all children: wait returned ECHILD");
break;
}
if (WIFSTOPPED(status))
continue;
/* Probe only on a child status */
proc_list_drop(ret, status, &group);
if (WIFSIGNALED(status))
{
if (WCOREDUMP(status))
{
sm_syslog(LOG_ERR, NOQID,
"persistent queue runner=%d core dumped, signal=%d",
group, WTERMSIG(status));
/* don't restart this */
mark_work_group_restart(
group, -1);
continue;
}
sm_syslog(LOG_ERR, NOQID,
"persistent queue runner=%d died, pid=%ld, signal=%d",
group, (long) ret,
WTERMSIG(status));
}
/*
** When debugging active, don't
** restart the persistent queues.
** But do log this as info.
*/
if (sm_debug_active(&DebugNoPRestart,
1))
{
sm_syslog(LOG_DEBUG, NOQID,
"persistent queue runner=%d, exited",
group);
mark_work_group_restart(group,
-1);
}
CHECK_RESTART;
}
finis(true, true, ExitStat);
/* NOTREACHED */
}
if (OpMode != MD_DAEMON)
{
char qtype[200];
/*
** Write the pid to file
** XXX Overwrites sendmail.pid
*/
log_sendmail_pid(&MainEnvelope);
/* set the title to make it easier to find */
qtype[0] = '\0';
(void) sm_strlcpyn(qtype, sizeof(qtype), 4,
"Queue runner@",
pintvl(QueueIntvl, true),
" for ",
QueueDir);
sm_setproctitle(true, CurEnv, qtype);
for (;;)
{
(void) pause();
CHECK_RESTART;
if (doqueuerun())
(void) runqueue(true, false,
false, false);
}
}
}
(void) dropenvelope(&MainEnvelope, true, false);
#if STARTTLS
/* init TLS for server, ignore result for now */
(void) initsrvtls(tls_ok);
-#endif /* STARTTLS */
+#endif
nextreq:
p_flags = getrequests(&MainEnvelope);
/* drop privileges */
(void) drop_privileges(false);
/*
** Get authentication data
** Set _ macro in BlankEnvelope before calling newenvelope().
*/
#if _FFR_XCNCT
if (bitnset(D_XCNCT, *p_flags) || bitnset(D_XCNCT_M, *p_flags))
{
/* copied from getauthinfo() */
if (RealHostName == NULL)
{
RealHostName = newstr(hostnamebyanyaddr(&RealHostAddr));
if (strlen(RealHostName) > MAXNAME)
RealHostName[MAXNAME] = '\0'; /* XXX - 1 ? */
}
snprintf(buf, sizeof(buf), "%s [%s]",
RealHostName, anynet_ntoa(&RealHostAddr));
forged = bitnset(D_XCNCT_M, *p_flags);
if (forged)
{
(void) sm_strlcat(buf, " (may be forged)",
sizeof(buf));
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{client_resolve}"), "FORGED");
}
/* HACK! variable used only two times right below */
authinfo = buf;
if (tTd(75, 9))
sm_syslog(LOG_INFO, NOQID,
"main: where=not_calling_getauthinfo, RealHostAddr=%s",
anynet_ntoa(&RealHostAddr));
}
else
/* WARNING: "non-braced" else */
#endif /* _FFR_XCNCT */
authinfo = getauthinfo(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
NULL), &forged);
macdefine(&BlankEnvelope.e_macro, A_TEMP, '_', authinfo);
if (tTd(75, 9))
sm_syslog(LOG_INFO, NOQID,
"main: where=after_getauthinfo, RealHostAddr=%s",
anynet_ntoa(&RealHostAddr));
/* at this point we are in a child: reset state */
sm_rpool_free(MainEnvelope.e_rpool);
(void) newenvelope(&MainEnvelope, &MainEnvelope,
sm_rpool_new_x(NULL));
}
if (LogLevel > 9)
{
+ p = authinfo;
+ if (NULL == p)
+ {
+ if (NULL != RealHostName)
+ p = RealHostName;
+ else
+ p = anynet_ntoa(&RealHostAddr);
+ if (NULL == p)
+ p = "unknown";
+ }
+
/* log connection information */
- sm_syslog(LOG_INFO, NULL, "connect from %s", authinfo);
+ sm_syslog(LOG_INFO, NULL, "connect from %s", p);
}
/*
** If running SMTP protocol, start collecting and executing
** commands. This will never return.
*/
if (OpMode == MD_SMTP || OpMode == MD_DAEMON)
{
char pbuf[20];
/*
** Save some macros for check_* rulesets.
*/
if (forged)
{
char ipbuf[103];
(void) sm_snprintf(ipbuf, sizeof(ipbuf), "[%.100s]",
anynet_ntoa(&RealHostAddr));
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{client_name}"), ipbuf);
}
else
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{client_name}"), RealHostName);
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{client_ptr}"), RealHostName);
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{client_addr}"), anynet_ntoa(&RealHostAddr));
sm_getla();
switch (RealHostAddr.sa.sa_family)
{
#if NETINET
case AF_INET:
(void) sm_snprintf(pbuf, sizeof(pbuf), "%d",
ntohs(RealHostAddr.sin.sin_port));
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
(void) sm_snprintf(pbuf, sizeof(pbuf), "%d",
ntohs(RealHostAddr.sin6.sin6_port));
break;
#endif /* NETINET6 */
default:
(void) sm_snprintf(pbuf, sizeof(pbuf), "0");
break;
}
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{client_port}"), pbuf);
if (OpMode == MD_DAEMON)
{
ENVELOPE *saved_env;
/* validate the connection */
HoldErrs = true;
saved_env = CurEnv;
CurEnv = &BlankEnvelope;
nullserver = validate_connection(&RealHostAddr,
macvalue(macid("{client_name}"),
&BlankEnvelope),
&BlankEnvelope);
if (bitset(EF_DISCARD, BlankEnvelope.e_flags))
MainEnvelope.e_flags |= EF_DISCARD;
CurEnv = saved_env;
HoldErrs = false;
}
else if (p_flags == NULL)
{
p_flags = (BITMAP256 *) xalloc(sizeof(*p_flags));
clrbitmap(p_flags);
}
#if STARTTLS
if (OpMode == MD_SMTP)
(void) initsrvtls(tls_ok);
-#endif /* STARTTLS */
+#endif
/* turn off profiling */
SM_PROF(1);
smtp(nullserver, *p_flags, &MainEnvelope);
if (tTd(93, 100))
{
/* turn off profiling */
SM_PROF(0);
if (OpMode == MD_DAEMON)
goto nextreq;
}
}
sm_rpool_free(MainEnvelope.e_rpool);
clearenvelope(&MainEnvelope, false, sm_rpool_new_x(NULL));
if (OpMode == MD_VERIFY)
{
set_delivery_mode(SM_VERIFY, &MainEnvelope);
PostMasterCopy = NULL;
}
else
{
/* interactive -- all errors are global */
MainEnvelope.e_flags |= EF_GLOBALERRS|EF_LOGSENDER;
}
/*
** Do basic system initialization and set the sender
*/
initsys(&MainEnvelope);
macdefine(&MainEnvelope.e_macro, A_PERM, macid("{ntries}"), "0");
macdefine(&MainEnvelope.e_macro, A_PERM, macid("{nrcpts}"), "0");
setsender(from, &MainEnvelope, NULL, '\0', false);
if (warn_f_flag != '\0' && !wordinclass(RealUserName, 't') &&
(!bitnset(M_LOCALMAILER, MainEnvelope.e_from.q_mailer->m_flags) ||
strcmp(MainEnvelope.e_from.q_user, RealUserName) != 0))
{
auth_warning(&MainEnvelope, "%s set sender to %s using -%c",
RealUserName, from, warn_f_flag);
#if SASL
auth = false;
-#endif /* SASL */
+#endif
}
if (auth)
{
char *fv;
/* set the initial sender for AUTH= to $f@$j */
fv = macvalue('f', &MainEnvelope);
if (fv == NULL || *fv == '\0')
MainEnvelope.e_auth_param = NULL;
else
{
if (strchr(fv, '@') == NULL)
{
i = strlen(fv) + strlen(macvalue('j',
&MainEnvelope)) + 2;
p = sm_malloc_x(i);
(void) sm_strlcpyn(p, i, 3, fv, "@",
macvalue('j',
&MainEnvelope));
}
else
p = sm_strdup_x(fv);
MainEnvelope.e_auth_param = sm_rpool_strdup_x(MainEnvelope.e_rpool,
xtextify(p, "="));
sm_free(p); /* XXX */
}
}
if (macvalue('s', &MainEnvelope) == NULL)
macdefine(&MainEnvelope.e_macro, A_PERM, 's', RealHostName);
av = argv + optind;
if (*av == NULL && !GrabTo)
{
MainEnvelope.e_to = NULL;
MainEnvelope.e_flags |= EF_GLOBALERRS;
HoldErrs = false;
SuperSafe = SAFE_NO;
usrerr("Recipient names must be specified");
/* collect body for UUCP return */
if (OpMode != MD_VERIFY)
collect(InChannel, false, NULL, &MainEnvelope, true);
finis(true, true, EX_USAGE);
/* NOTREACHED */
}
/*
** Scan argv and deliver the message to everyone.
*/
save_val = LogUsrErrs;
LogUsrErrs = true;
sendtoargv(av, &MainEnvelope);
LogUsrErrs = save_val;
/* if we have had errors sofar, arrange a meaningful exit stat */
if (Errors > 0 && ExitStat == EX_OK)
ExitStat = EX_USAGE;
#if _FFR_FIX_DASHT
/*
** If using -t, force not sending to argv recipients, even
** if they are mentioned in the headers.
*/
if (GrabTo)
{
ADDRESS *q;
for (q = MainEnvelope.e_sendqueue; q != NULL; q = q->q_next)
q->q_state = QS_REMOVED;
}
#endif /* _FFR_FIX_DASHT */
/*
** Read the input mail.
*/
MainEnvelope.e_to = NULL;
if (OpMode != MD_VERIFY || GrabTo)
{
int savederrors;
unsigned long savedflags;
/*
** workaround for compiler warning on Irix:
** do not initialize variable in the definition, but
** later on:
** warning(1548): transfer of control bypasses
** initialization of:
** variable "savederrors" (declared at line 2570)
** variable "savedflags" (declared at line 2571)
** goto giveup;
*/
savederrors = Errors;
savedflags = MainEnvelope.e_flags & EF_FATALERRS;
MainEnvelope.e_flags |= EF_GLOBALERRS;
MainEnvelope.e_flags &= ~EF_FATALERRS;
Errors = 0;
buffer_errors();
collect(InChannel, false, NULL, &MainEnvelope, true);
/* header checks failed */
if (Errors > 0)
{
giveup:
if (!GrabTo)
{
/* Log who the mail would have gone to */
logundelrcpts(&MainEnvelope,
MainEnvelope.e_message,
8, false);
}
flush_errors(true);
finis(true, true, ExitStat);
/* NOTREACHED */
return -1;
}
/* bail out if message too large */
if (bitset(EF_CLRQUEUE, MainEnvelope.e_flags))
{
finis(true, true, ExitStat != EX_OK ? ExitStat
: EX_DATAERR);
/* NOTREACHED */
return -1;
}
/* set message size */
(void) sm_snprintf(buf, sizeof(buf), "%ld",
PRT_NONNEGL(MainEnvelope.e_msgsize));
macdefine(&MainEnvelope.e_macro, A_TEMP,
macid("{msg_size}"), buf);
Errors = savederrors;
MainEnvelope.e_flags |= savedflags;
}
errno = 0;
if (tTd(1, 1))
sm_dprintf("From person = \"%s\"\n",
MainEnvelope.e_from.q_paddr);
/* Check if quarantining stats should be updated */
if (MainEnvelope.e_quarmsg != NULL)
markstats(&MainEnvelope, NULL, STATS_QUARANTINE);
/*
** Actually send everything.
** If verifying, just ack.
*/
if (Errors == 0)
{
if (!split_by_recipient(&MainEnvelope) &&
bitset(EF_FATALERRS, MainEnvelope.e_flags))
goto giveup;
}
/* make sure we deliver at least the first envelope */
i = FastSplit > 0 ? 0 : -1;
for (e = &MainEnvelope; e != NULL; e = e->e_sibling, i++)
{
ENVELOPE *next;
e->e_from.q_state = QS_SENDER;
if (tTd(1, 5))
{
sm_dprintf("main[%d]: QS_SENDER ", i);
printaddr(sm_debug_file(), &e->e_from, false);
}
e->e_to = NULL;
sm_getla();
GrabTo = false;
#if NAMED_BIND
_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
-#endif /* NAMED_BIND */
+#endif
next = e->e_sibling;
e->e_sibling = NULL;
/* after FastSplit envelopes: queue up */
sendall(e, i >= FastSplit ? SM_QUEUE : SM_DEFAULT);
e->e_sibling = next;
}
/*
** All done.
** Don't send return error message if in VERIFY mode.
*/
finis(true, true, ExitStat);
/* NOTREACHED */
return ExitStat;
}
/*
** STOP_SENDMAIL -- Stop the running program
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** exits.
*/
void
stop_sendmail()
{
/* reset uid for process accounting */
endpwent();
(void) setuid(RealUid);
exit(EX_OK);
}
/*
** FINIS -- Clean up and exit.
**
** Parameters:
** drop -- whether or not to drop CurEnv envelope
** cleanup -- call exit() or _exit()?
** exitstat -- exit status to use for exit() call
**
** Returns:
** never
**
** Side Effects:
** exits sendmail
*/
void
finis(drop, cleanup, exitstat)
bool drop;
bool cleanup;
volatile int exitstat;
{
char pidpath[MAXPATHLEN];
pid_t pid;
/* Still want to process new timeouts added below */
sm_clear_events();
(void) sm_releasesignal(SIGALRM);
+#if RATECTL_DEBUG || _FFR_OCC
+ /* do this only in "main" process */
+ if (DaemonPid == getpid())
+ {
+ SM_FILE_T *fp;
+
+ fp = sm_debug_file();
+ if (fp != NULL)
+ dump_ch(fp);
+ }
+#endif
if (tTd(2, 1))
{
sm_dprintf("\n====finis: stat %d e_id=%s e_flags=",
exitstat,
CurEnv->e_id == NULL ? "NOQUEUE" : CurEnv->e_id);
printenvflags(CurEnv);
}
if (tTd(2, 9))
printopenfds(false);
SM_TRY
/*
** Clean up. This might raise E:mta.quickabort
*/
/* clean up temp files */
CurEnv->e_to = NULL;
if (drop)
{
if (CurEnv->e_id != NULL)
{
int r;
r = dropenvelope(CurEnv, true, false);
if (exitstat == EX_OK)
exitstat = r;
sm_rpool_free(CurEnv->e_rpool);
CurEnv->e_rpool = NULL;
/* these may have pointed to the rpool */
CurEnv->e_to = NULL;
CurEnv->e_message = NULL;
CurEnv->e_statmsg = NULL;
CurEnv->e_quarmsg = NULL;
CurEnv->e_bodytype = NULL;
CurEnv->e_id = NULL;
CurEnv->e_envid = NULL;
CurEnv->e_auth_param = NULL;
}
else
poststats(StatFile);
}
/* flush any cached connections */
mci_flush(true, NULL);
/* close maps belonging to this pid */
closemaps(false);
#if USERDB
/* close UserDatabase */
_udbx_close();
-#endif /* USERDB */
+#endif
#if SASL
stop_sasl_client();
-#endif /* SASL */
+#endif
#if XLA
/* clean up extended load average stuff */
xla_all_end();
-#endif /* XLA */
+#endif
SM_FINALLY
/*
** And exit.
*/
if (LogLevel > 78)
sm_syslog(LOG_DEBUG, CurEnv->e_id, "finis, pid=%d",
(int) CurrentPid);
if (exitstat == EX_TEMPFAIL ||
CurEnv->e_errormode == EM_BERKNET)
exitstat = EX_OK;
/* XXX clean up queues and related data structures */
cleanup_queues();
pid = getpid();
#if SM_CONF_SHM
cleanup_shm(DaemonPid == pid);
-#endif /* SM_CONF_SHM */
+#endif
/* close locked pid file */
close_sendmail_pid();
if (DaemonPid == pid || PidFilePid == pid)
{
/* blow away the pid file */
expand(PidFile, pidpath, sizeof(pidpath), CurEnv);
(void) unlink(pidpath);
}
/* reset uid for process accounting */
endpwent();
sm_mbdb_terminate();
#if _FFR_MEMSTAT
(void) sm_memstat_close();
-#endif /* _FFR_MEMSTAT */
+#endif
(void) setuid(RealUid);
#if SM_HEAP_CHECK
/* dump the heap, if we are checking for memory leaks */
if (sm_debug_active(&SmHeapCheck, 2))
sm_heap_report(smioout,
sm_debug_level(&SmHeapCheck) - 1);
-#endif /* SM_HEAP_CHECK */
+#endif
if (sm_debug_active(&SmXtrapReport, 1))
sm_dprintf("xtrap count = %d\n", SmXtrapCount);
if (cleanup)
exit(exitstat);
else
_exit(exitstat);
SM_END_TRY
}
/*
** INTINDEBUG -- signal handler for SIGINT in -bt mode
**
** Parameters:
** sig -- incoming signal.
**
** Returns:
** none.
**
** Side Effects:
** longjmps back to test mode loop.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* Type of an exception generated on SIGINT during address test mode. */
static const SM_EXC_TYPE_T EtypeInterrupt =
{
SmExcTypeMagic,
"S:mta.interrupt",
"",
sm_etype_printf,
"interrupt",
};
/* ARGSUSED */
static SIGFUNC_DECL
intindebug(sig)
int sig;
{
int save_errno = errno;
FIX_SYSV_SIGNAL(sig, intindebug);
errno = save_errno;
CHECK_CRITICAL(sig);
errno = save_errno;
sm_exc_raisenew_x(&EtypeInterrupt);
errno = save_errno;
return SIGFUNC_RETURN;
}
/*
** SIGTERM -- SIGTERM handler for the daemon
**
** Parameters:
** sig -- signal number.
**
** Returns:
** none.
**
** Side Effects:
** Sets ShutdownRequest which will hopefully trigger
** the daemon to exit.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED */
static SIGFUNC_DECL
sigterm(sig)
int sig;
{
int save_errno = errno;
FIX_SYSV_SIGNAL(sig, sigterm);
ShutdownRequest = "signal";
errno = save_errno;
return SIGFUNC_RETURN;
}
/*
** SIGHUP -- handle a SIGHUP signal
**
** Parameters:
** sig -- incoming signal.
**
** Returns:
** none.
**
** Side Effects:
** Sets RestartRequest which should cause the daemon
** to restart.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED */
static SIGFUNC_DECL
sighup(sig)
int sig;
{
int save_errno = errno;
FIX_SYSV_SIGNAL(sig, sighup);
RestartRequest = "signal";
errno = save_errno;
return SIGFUNC_RETURN;
}
/*
** SIGPIPE -- signal handler for SIGPIPE
**
** Parameters:
** sig -- incoming signal.
**
** Returns:
** none.
**
** Side Effects:
** Sets StopRequest which should cause the mailq/hoststatus
** display to stop.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED */
static SIGFUNC_DECL
sigpipe(sig)
int sig;
{
int save_errno = errno;
FIX_SYSV_SIGNAL(sig, sigpipe);
StopRequest = true;
errno = save_errno;
return SIGFUNC_RETURN;
}
/*
** INTSIG -- clean up on interrupt
**
** This just arranges to exit. It pessimizes in that it
** may resend a message.
**
** Parameters:
** sig -- incoming signal.
**
** Returns:
** none.
**
** Side Effects:
** Unlocks the current job.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
/* ARGSUSED */
SIGFUNC_DECL
intsig(sig)
int sig;
{
bool drop = false;
int save_errno = errno;
FIX_SYSV_SIGNAL(sig, intsig);
errno = save_errno;
CHECK_CRITICAL(sig);
sm_allsignals(true);
IntSig = true;
FileName = NULL;
/* Clean-up on aborted stdin message submission */
if (OpMode == MD_SMTP ||
OpMode == MD_DELIVER ||
OpMode == MD_ARPAFTP)
{
if (CurEnv->e_id != NULL)
{
char *fn;
fn = queuename(CurEnv, DATAFL_LETTER);
if (fn != NULL)
(void) unlink(fn);
fn = queuename(CurEnv, ANYQFL_LETTER);
if (fn != NULL)
(void) unlink(fn);
}
_exit(EX_OK);
/* NOTREACHED */
}
if (sig != 0 && LogLevel > 79)
sm_syslog(LOG_DEBUG, CurEnv->e_id, "interrupt");
if (OpMode != MD_TEST)
unlockqueue(CurEnv);
finis(drop, false, EX_OK);
/* NOTREACHED */
}
/*
** DISCONNECT -- remove our connection with any foreground process
**
** Parameters:
** droplev -- how "deeply" we should drop the line.
** 0 -- ignore signals, mail back errors, make sure
** output goes to stdout.
** 1 -- also, make stdout go to /dev/null.
** 2 -- also, disconnect from controlling terminal
** (only for daemon mode).
** e -- the current envelope.
**
** Returns:
** none
**
** Side Effects:
** Trys to insure that we are immune to vagaries of
** the controlling tty.
*/
void
disconnect(droplev, e)
int droplev;
register ENVELOPE *e;
{
int fd;
if (tTd(52, 1))
sm_dprintf("disconnect: In %d Out %d, e=%p\n",
sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL),
- sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL), e);
+ sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL),
+ (void *)e);
if (tTd(52, 100))
{
sm_dprintf("don't\n");
return;
}
if (LogLevel > 93)
sm_syslog(LOG_DEBUG, e->e_id,
"disconnect level %d",
droplev);
/* be sure we don't get nasty signals */
(void) sm_signal(SIGINT, SIG_IGN);
(void) sm_signal(SIGQUIT, SIG_IGN);
/* we can't communicate with our caller, so.... */
HoldErrs = true;
CurEnv->e_errormode = EM_MAIL;
Verbose = 0;
DisConnected = true;
/* all input from /dev/null */
if (InChannel != smioin)
{
(void) sm_io_close(InChannel, SM_TIME_DEFAULT);
InChannel = smioin;
}
if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL,
SM_IO_RDONLY, NULL, smioin) == NULL)
sm_syslog(LOG_ERR, e->e_id,
"disconnect: sm_io_reopen(\"%s\") failed: %s",
SM_PATH_DEVNULL, sm_errstring(errno));
/*
** output to the transcript
** We also compare the fd numbers here since OutChannel
** might be a layer on top of smioout due to encryption
** (see sfsasl.c).
*/
if (OutChannel != smioout &&
sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL) !=
sm_io_getinfo(smioout, SM_IO_WHAT_FD, NULL))
{
(void) sm_io_close(OutChannel, SM_TIME_DEFAULT);
OutChannel = smioout;
#if 0
/*
** Has smioout been closed? Reopen it.
** This shouldn't happen anymore, the code is here
** just as a reminder.
*/
if (smioout->sm_magic == NULL &&
sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL,
SM_IO_WRONLY, NULL, smioout) == NULL)
sm_syslog(LOG_ERR, e->e_id,
"disconnect: sm_io_reopen(\"%s\") failed: %s",
SM_PATH_DEVNULL, sm_errstring(errno));
#endif /* 0 */
}
if (droplev > 0)
{
fd = open(SM_PATH_DEVNULL, O_WRONLY, 0666);
if (fd == -1)
{
sm_syslog(LOG_ERR, e->e_id,
"disconnect: open(\"%s\") failed: %s",
SM_PATH_DEVNULL, sm_errstring(errno));
}
(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
if (fd >= 0)
{
(void) dup2(fd, STDOUT_FILENO);
(void) dup2(fd, STDERR_FILENO);
(void) close(fd);
}
}
/* drop our controlling TTY completely if possible */
if (droplev > 1)
{
(void) setsid();
errno = 0;
}
#if XDEBUG
checkfd012("disconnect");
-#endif /* XDEBUG */
+#endif
if (LogLevel > 71)
sm_syslog(LOG_DEBUG, e->e_id, "in background, pid=%d",
(int) CurrentPid);
errno = 0;
}
static void
obsolete(argv)
char *argv[];
{
register char *ap;
register char *op;
while ((ap = *++argv) != NULL)
{
/* Return if "--" or not an option of any form. */
if (ap[0] != '-' || ap[1] == '-')
return;
/* Don't allow users to use "-Q." or "-Q ." */
if ((ap[1] == 'Q' && ap[2] == '.') ||
(ap[1] == 'Q' && argv[1] != NULL &&
argv[1][0] == '.' && argv[1][1] == '\0'))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Can not use -Q.\n");
exit(EX_USAGE);
}
/* skip over options that do have a value */
op = strchr(OPTIONS, ap[1]);
if (op != NULL && *++op == ':' && ap[2] == '\0' &&
ap[1] != 'd' &&
#if defined(sony_news)
ap[1] != 'E' && ap[1] != 'J' &&
-#endif /* defined(sony_news) */
+#endif
argv[1] != NULL && argv[1][0] != '-')
{
argv++;
continue;
}
/* If -C doesn't have an argument, use sendmail.cf. */
#define __DEFPATH "sendmail.cf"
if (ap[1] == 'C' && ap[2] == '\0')
{
*argv = xalloc(sizeof(__DEFPATH) + 2);
(void) sm_strlcpyn(argv[0], sizeof(__DEFPATH) + 2, 2,
"-C", __DEFPATH);
}
/* If -q doesn't have an argument, run it once. */
if (ap[1] == 'q' && ap[2] == '\0')
*argv = "-q0";
/* If -Q doesn't have an argument, disable quarantining */
if (ap[1] == 'Q' && ap[2] == '\0')
*argv = "-Q.";
/* if -d doesn't have an argument, use 0-99.1 */
if (ap[1] == 'd' && ap[2] == '\0')
*argv = "-d0-99.1";
#if defined(sony_news)
/* if -E doesn't have an argument, use -EC */
if (ap[1] == 'E' && ap[2] == '\0')
*argv = "-EC";
/* if -J doesn't have an argument, use -JJ */
if (ap[1] == 'J' && ap[2] == '\0')
*argv = "-JJ";
#endif /* defined(sony_news) */
}
}
/*
** AUTH_WARNING -- specify authorization warning
**
** Parameters:
** e -- the current envelope.
** msg -- the text of the message.
** args -- arguments to the message.
**
** Returns:
** none.
*/
void
#ifdef __STDC__
auth_warning(register ENVELOPE *e, const char *msg, ...)
#else /* __STDC__ */
auth_warning(e, msg, va_alist)
register ENVELOPE *e;
const char *msg;
va_dcl
#endif /* __STDC__ */
{
char buf[MAXLINE];
SM_VA_LOCAL_DECL
if (bitset(PRIV_AUTHWARNINGS, PrivacyFlags))
{
register char *p;
static char hostbuf[48];
if (hostbuf[0] == '\0')
{
struct hostent *hp;
hp = myhostname(hostbuf, sizeof(hostbuf));
#if NETINET6
if (hp != NULL)
{
freehostent(hp);
hp = NULL;
}
#endif /* NETINET6 */
}
(void) sm_strlcpyn(buf, sizeof(buf), 2, hostbuf, ": ");
p = &buf[strlen(buf)];
SM_VA_START(ap, msg);
(void) sm_vsnprintf(p, SPACELEFT(buf, p), msg, ap);
SM_VA_END(ap);
addheader("X-Authentication-Warning", buf, 0, e, true);
if (LogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Authentication-Warning: %.400s",
buf);
}
}
/*
** GETEXTENV -- get from external environment
**
** Parameters:
** envar -- the name of the variable to retrieve
**
** Returns:
** The value, if any.
*/
static char *
getextenv(envar)
const char *envar;
{
char **envp;
int l;
l = strlen(envar);
for (envp = ExternalEnviron; envp != NULL && *envp != NULL; envp++)
{
if (strncmp(*envp, envar, l) == 0 && (*envp)[l] == '=')
return &(*envp)[l + 1];
}
return NULL;
}
/*
** SM_SETUSERENV -- set an environment variable in the propagated environment
**
** Parameters:
** envar -- the name of the environment variable.
** value -- the value to which it should be set. If
** null, this is extracted from the incoming
** environment. If that is not set, the call
** to sm_setuserenv is ignored.
**
** Returns:
** none.
*/
void
sm_setuserenv(envar, value)
const char *envar;
const char *value;
{
int i, l;
char **evp = UserEnviron;
char *p;
if (value == NULL)
{
value = getextenv(envar);
if (value == NULL)
return;
}
/* XXX enforce reasonable size? */
i = strlen(envar) + 1;
l = strlen(value) + i + 1;
p = (char *) xalloc(l);
(void) sm_strlcpyn(p, l, 3, envar, "=", value);
while (*evp != NULL && strncmp(*evp, p, i) != 0)
evp++;
if (*evp != NULL)
{
*evp++ = p;
}
else if (evp < &UserEnviron[MAXUSERENVIRON])
{
*evp++ = p;
*evp = NULL;
}
/* make sure it is in our environment as well */
if (putenv(p) < 0)
syserr("sm_setuserenv: putenv(%s) failed", p);
}
/*
** DUMPSTATE -- dump state
**
** For debugging.
*/
void
dumpstate(when)
char *when;
{
register char *j = macvalue('j', CurEnv);
int rs;
extern int NextMacroId;
sm_syslog(LOG_DEBUG, CurEnv->e_id,
"--- dumping state on %s: $j = %s ---",
when,
j == NULL ? "<NULL>" : j);
if (j != NULL)
{
if (!wordinclass(j, 'w'))
sm_syslog(LOG_DEBUG, CurEnv->e_id,
"*** $j not in $=w ***");
}
sm_syslog(LOG_DEBUG, CurEnv->e_id, "CurChildren = %d", CurChildren);
sm_syslog(LOG_DEBUG, CurEnv->e_id, "NextMacroId = %d (Max %d)",
NextMacroId, MAXMACROID);
sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- open file descriptors: ---");
printopenfds(true);
sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- connection cache: ---");
mci_dump_all(smioout, true);
rs = strtorwset("debug_dumpstate", NULL, ST_FIND);
if (rs > 0)
{
int status;
register char **pvp;
char *pv[MAXATOM + 1];
pv[0] = NULL;
status = REWRITE(pv, rs, CurEnv);
sm_syslog(LOG_DEBUG, CurEnv->e_id,
"--- ruleset debug_dumpstate returns stat %d, pv: ---",
status);
for (pvp = pv; *pvp != NULL; pvp++)
sm_syslog(LOG_DEBUG, CurEnv->e_id, "%s", *pvp);
}
sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- end of state dump ---");
}
#ifdef SIGUSR1
/*
** SIGUSR1 -- Signal a request to dump state.
**
** Parameters:
** sig -- calling signal.
**
** Returns:
** none.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
**
** XXX: More work is needed for this signal handler.
*/
/* ARGSUSED */
static SIGFUNC_DECL
sigusr1(sig)
int sig;
{
int save_errno = errno;
FIX_SYSV_SIGNAL(sig, sigusr1);
errno = save_errno;
CHECK_CRITICAL(sig);
dumpstate("user signal");
# if SM_HEAP_CHECK
dumpstab();
-# endif /* SM_HEAP_CHECK */
+# endif
errno = save_errno;
return SIGFUNC_RETURN;
}
#endif /* SIGUSR1 */
/*
** DROP_PRIVILEGES -- reduce privileges to those of the RunAsUser option
**
** Parameters:
** to_real_uid -- if set, drop to the real uid instead
** of the RunAsUser.
**
** Returns:
** EX_OSERR if the setuid failed.
** EX_OK otherwise.
*/
int
drop_privileges(to_real_uid)
bool to_real_uid;
{
int rval = EX_OK;
GIDSET_T emptygidset[1];
if (tTd(47, 1))
sm_dprintf("drop_privileges(%d): Real[UG]id=%ld:%ld, get[ug]id=%ld:%ld, gete[ug]id=%ld:%ld, RunAs[UG]id=%ld:%ld\n",
(int) to_real_uid,
(long) RealUid, (long) RealGid,
(long) getuid(), (long) getgid(),
(long) geteuid(), (long) getegid(),
(long) RunAsUid, (long) RunAsGid);
if (to_real_uid)
{
RunAsUserName = RealUserName;
RunAsUid = RealUid;
RunAsGid = RealGid;
EffGid = RunAsGid;
}
/* make sure no one can grab open descriptors for secret files */
endpwent();
sm_mbdb_terminate();
/* reset group permissions; these can be set later */
emptygidset[0] = (to_real_uid || RunAsGid != 0) ? RunAsGid : getegid();
/*
** Notice: on some OS (Linux...) the setgroups() call causes
** a logfile entry if sendmail is not run by root.
** However, it is unclear (no POSIX standard) whether
** setgroups() can only succeed if executed by root.
** So for now we keep it as it is; if you want to change it, use
** if (geteuid() == 0 && setgroups(1, emptygidset) == -1)
*/
if (setgroups(1, emptygidset) == -1 && geteuid() == 0)
{
syserr("drop_privileges: setgroups(1, %d) failed",
(int) emptygidset[0]);
rval = EX_OSERR;
}
/* reset primary group id */
if (to_real_uid)
{
/*
** Drop gid to real gid.
** On some OS we must reset the effective[/real[/saved]] gid,
** and then use setgid() to finally drop all group privileges.
** Later on we check whether we can get back the
** effective gid.
*/
#if HASSETEGID
if (setegid(RunAsGid) < 0)
{
syserr("drop_privileges: setegid(%d) failed",
(int) RunAsGid);
rval = EX_OSERR;
}
#else /* HASSETEGID */
# if HASSETREGID
if (setregid(RunAsGid, RunAsGid) < 0)
{
syserr("drop_privileges: setregid(%d, %d) failed",
(int) RunAsGid, (int) RunAsGid);
rval = EX_OSERR;
}
# else /* HASSETREGID */
# if HASSETRESGID
if (setresgid(RunAsGid, RunAsGid, RunAsGid) < 0)
{
syserr("drop_privileges: setresgid(%d, %d, %d) failed",
(int) RunAsGid, (int) RunAsGid, (int) RunAsGid);
rval = EX_OSERR;
}
# endif /* HASSETRESGID */
# endif /* HASSETREGID */
#endif /* HASSETEGID */
}
if (rval == EX_OK && (to_real_uid || RunAsGid != 0))
{
if (setgid(RunAsGid) < 0 && (!UseMSP || getegid() != RunAsGid))
{
syserr("drop_privileges: setgid(%ld) failed",
(long) RunAsGid);
rval = EX_OSERR;
}
errno = 0;
if (rval == EX_OK && getegid() != RunAsGid)
{
syserr("drop_privileges: Unable to set effective gid=%ld to RunAsGid=%ld",
(long) getegid(), (long) RunAsGid);
rval = EX_OSERR;
}
}
/* fiddle with uid */
if (to_real_uid || RunAsUid != 0)
{
uid_t euid;
/*
** Try to setuid(RunAsUid).
** euid must be RunAsUid,
** ruid must be RunAsUid unless (e|r)uid wasn't 0
** and we didn't have to drop privileges to the real uid.
*/
if (setuid(RunAsUid) < 0 ||
geteuid() != RunAsUid ||
(getuid() != RunAsUid &&
(to_real_uid || geteuid() == 0 || getuid() == 0)))
{
#if HASSETREUID
/*
** if ruid != RunAsUid, euid == RunAsUid, then
** try resetting just the real uid, then using
** setuid() to drop the saved-uid as well.
*/
if (geteuid() == RunAsUid)
{
if (setreuid(RunAsUid, -1) < 0)
{
syserr("drop_privileges: setreuid(%d, -1) failed",
(int) RunAsUid);
rval = EX_OSERR;
}
if (setuid(RunAsUid) < 0)
{
syserr("drop_privileges: second setuid(%d) attempt failed",
(int) RunAsUid);
rval = EX_OSERR;
}
}
else
#endif /* HASSETREUID */
{
syserr("drop_privileges: setuid(%d) failed",
(int) RunAsUid);
rval = EX_OSERR;
}
}
euid = geteuid();
if (RunAsUid != 0 && setuid(0) == 0)
{
/*
** Believe it or not, the Linux capability model
** allows a non-root process to override setuid()
** on a process running as root and prevent that
** process from dropping privileges.
*/
syserr("drop_privileges: setuid(0) succeeded (when it should not)");
rval = EX_OSERR;
}
else if (RunAsUid != euid && setuid(euid) == 0)
{
/*
** Some operating systems will keep the saved-uid
** if a non-root effective-uid calls setuid(real-uid)
** making it possible to set it back again later.
*/
syserr("drop_privileges: Unable to drop non-root set-user-ID privileges");
rval = EX_OSERR;
}
}
if ((to_real_uid || RunAsGid != 0) &&
rval == EX_OK && RunAsGid != EffGid &&
getuid() != 0 && geteuid() != 0)
{
errno = 0;
if (setgid(EffGid) == 0)
{
syserr("drop_privileges: setgid(%d) succeeded (when it should not)",
(int) EffGid);
rval = EX_OSERR;
}
}
if (tTd(47, 5))
{
sm_dprintf("drop_privileges: e/ruid = %d/%d e/rgid = %d/%d\n",
(int) geteuid(), (int) getuid(),
(int) getegid(), (int) getgid());
sm_dprintf("drop_privileges: RunAsUser = %d:%d\n",
(int) RunAsUid, (int) RunAsGid);
if (tTd(47, 10))
sm_dprintf("drop_privileges: rval = %d\n", rval);
}
return rval;
}
/*
** FILL_FD -- make sure a file descriptor has been properly allocated
**
** Used to make sure that stdin/out/err are allocated on startup
**
** Parameters:
** fd -- the file descriptor to be filled.
** where -- a string used for logging. If NULL, this is
** being called on startup, and logging should
** not be done.
**
** Returns:
** none
**
** Side Effects:
** possibly changes MissingFds
*/
void
fill_fd(fd, where)
int fd;
char *where;
{
int i;
struct stat stbuf;
if (fstat(fd, &stbuf) >= 0 || errno != EBADF)
return;
if (where != NULL)
syserr("fill_fd: %s: fd %d not open", where, fd);
else
MissingFds |= 1 << fd;
i = open(SM_PATH_DEVNULL, fd == 0 ? O_RDONLY : O_WRONLY, 0666);
if (i < 0)
{
syserr("!fill_fd: %s: cannot open %s",
where == NULL ? "startup" : where, SM_PATH_DEVNULL);
}
if (fd != i)
{
(void) dup2(i, fd);
(void) close(i);
}
}
/*
** SM_PRINTOPTIONS -- print options
**
** Parameters:
** options -- array of options.
**
** Returns:
** none.
*/
static void
sm_printoptions(options)
char **options;
{
int ll;
char **av;
av = options;
ll = 7;
while (*av != NULL)
{
if (ll + strlen(*av) > 63)
{
sm_dprintf("\n");
ll = 0;
}
if (ll == 0)
sm_dprintf("\t\t");
else
sm_dprintf(" ");
sm_dprintf("%s", *av);
ll += strlen(*av++) + 1;
}
sm_dprintf("\n");
}
/*
** TO8BIT -- convert \octal sequences in a test mode input line
**
** Parameters:
** str -- the input line.
**
** Returns:
** none.
**
** Side Effects:
** replaces \0octal in str with octal value.
*/
static bool to8bit __P((char *));
static bool
to8bit(str)
char *str;
{
int c, len;
char *out, *in;
bool changed;
if (str == NULL)
return false;
in = out = str;
changed = false;
len = 0;
while ((c = (*str++ & 0377)) != '\0')
{
int oct, nxtc;
++len;
if (c == '\\' &&
(nxtc = (*str & 0377)) == '0')
{
oct = 0;
while ((nxtc = (*str & 0377)) != '\0' &&
isascii(nxtc) && isdigit(nxtc))
{
oct <<= 3;
oct += nxtc - '0';
++str;
++len;
}
changed = true;
c = oct;
}
*out++ = c;
}
*out++ = c;
if (changed)
{
char *q;
q = quote_internal_chars(in, in, &len);
if (q != in)
sm_strlcpy(in, q, len);
}
return changed;
}
/*
** TESTMODELINE -- process a test mode input line
**
** Parameters:
** line -- the input line.
** e -- the current environment.
** Syntax:
** # a comment
** .X process X as a configuration line
** =X dump a configuration item (such as mailers)
** $X dump a macro or class
** /X try an activity
** X normal process through rule set X
*/
static void
testmodeline(line, e)
char *line;
ENVELOPE *e;
{
register char *p;
char *q;
auto char *delimptr;
int mid;
int i, rs;
STAB *map;
char **s;
struct rewrite *rw;
ADDRESS a;
char *lbp;
auto int lbs;
static int tryflags = RF_COPYNONE;
char exbuf[MAXLINE];
char lbuf[MAXLINE];
extern unsigned char TokTypeNoC[];
bool eightbit;
/* skip leading spaces */
while (*line == ' ')
line++;
lbp = NULL;
eightbit = false;
switch (line[0])
{
case '#':
case '\0':
return;
case '?':
help("-bt", e);
return;
case '.': /* config-style settings */
switch (line[1])
{
case 'D':
mid = macid_parse(&line[2], &delimptr);
if (mid == 0)
return;
lbs = sizeof(lbuf);
lbp = translate_dollars(delimptr, lbuf, &lbs);
macdefine(&e->e_macro, A_TEMP, mid, lbp);
if (lbp != lbuf)
SM_FREE(lbp);
break;
case 'C':
if (line[2] == '\0') /* not to call syserr() */
return;
mid = macid_parse(&line[2], &delimptr);
if (mid == 0)
return;
lbs = sizeof(lbuf);
lbp = translate_dollars(delimptr, lbuf, &lbs);
expand(lbp, exbuf, sizeof(exbuf), e);
if (lbp != lbuf)
SM_FREE(lbp);
p = exbuf;
while (*p != '\0')
{
register char *wd;
char delim;
- while (*p != '\0' && isascii(*p) && isspace(*p))
+ while (*p != '\0' && SM_ISSPACE(*p))
p++;
wd = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
delim = *p;
*p = '\0';
if (wd[0] != '\0')
setclass(mid, wd);
*p = delim;
}
break;
case '\0':
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: .[DC]macro value(s)\n");
break;
default:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Unknown \".\" command %s\n", line);
break;
}
return;
case '=': /* config-style settings */
switch (line[1])
{
case 'S': /* dump rule set */
rs = strtorwset(&line[2], NULL, ST_FIND);
if (rs < 0)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Undefined ruleset %s\n", &line[2]);
return;
}
rw = RewriteRules[rs];
if (rw == NULL)
return;
do
{
(void) sm_io_putc(smioout, SM_TIME_DEFAULT,
'R');
s = rw->r_lhs;
while (*s != NULL)
{
xputs(smioout, *s++);
(void) sm_io_putc(smioout,
SM_TIME_DEFAULT, ' ');
}
(void) sm_io_putc(smioout, SM_TIME_DEFAULT,
'\t');
(void) sm_io_putc(smioout, SM_TIME_DEFAULT,
'\t');
s = rw->r_rhs;
while (*s != NULL)
{
xputs(smioout, *s++);
(void) sm_io_putc(smioout,
SM_TIME_DEFAULT, ' ');
}
(void) sm_io_putc(smioout, SM_TIME_DEFAULT,
'\n');
} while ((rw = rw->r_next) != NULL);
break;
case 'M':
for (i = 0; i < MAXMAILERS; i++)
{
if (Mailer[i] != NULL)
printmailer(smioout, Mailer[i]);
}
break;
case '\0':
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: =Sruleset or =M\n");
break;
default:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Unknown \"=\" command %s\n", line);
break;
}
return;
case '-': /* set command-line-like opts */
switch (line[1])
{
case 'd':
tTflag(&line[2]);
break;
case '\0':
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: -d{debug arguments}\n");
break;
default:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Unknown \"-\" command %s\n", line);
break;
}
return;
case '$':
if (line[1] == '=')
{
mid = macid(&line[2]);
if (mid != 0)
stabapply(dump_class, mid);
return;
}
mid = macid(&line[1]);
if (mid == 0)
return;
p = macvalue(mid, e);
if (p == NULL)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Undefined\n");
else
{
xputs(smioout, p);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"\n");
}
return;
case '/': /* miscellaneous commands */
p = &line[strlen(line)];
- while (--p >= line && isascii(*p) && isspace(*p))
+ while (--p >= line && SM_ISSPACE(*p))
*p = '\0';
p = strpbrk(line, " \t");
if (p != NULL)
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
*p++ = '\0';
}
else
p = "";
if (line[1] == '\0')
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: /[canon|map|mx|parse|try|tryflags]\n");
return;
}
if (sm_strcasecmp(&line[1], "quit") == 0)
{
CurEnv->e_id = NULL;
finis(true, true, ExitStat);
/* NOTREACHED */
}
if (sm_strcasecmp(&line[1], "mx") == 0)
{
#if NAMED_BIND
/* look up MX records */
int nmx;
auto int rcode;
char *mxhosts[MAXMXHOSTS + 1];
if (*p == '\0')
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: /mx address\n");
return;
}
- nmx = getmxrr(p, mxhosts, NULL, false, &rcode, true,
- NULL);
- (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
- "getmxrr(%s) returns %d value(s):\n",
- p, nmx);
+ nmx = getmxrr(p, mxhosts, NULL, TRYFALLBACK, &rcode,
+ NULL, -1);
+ if (nmx == NULLMX)
+ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ "getmxrr(%s) returns null MX (See RFC7505)\n",
+ p);
+ else
+ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ "getmxrr(%s) returns %d value(s):\n",
+ p, nmx);
for (i = 0; i < nmx; i++)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"\t%s\n", mxhosts[i]);
#else /* NAMED_BIND */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"No MX code compiled in\n");
#endif /* NAMED_BIND */
}
else if (sm_strcasecmp(&line[1], "canon") == 0)
{
char host[MAXHOSTNAMELEN];
if (*p == '\0')
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: /canon address\n");
return;
}
else if (sm_strlcpy(host, p, sizeof(host)) >= sizeof(host))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Name too long\n");
return;
}
(void) getcanonname(host, sizeof(host), !HasWildcardMX,
NULL);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"getcanonname(%s) returns %s\n",
p, host);
}
else if (sm_strcasecmp(&line[1], "map") == 0)
{
auto int rcode = EX_OK;
char *av[2];
if (*p == '\0')
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: /map mapname key\n");
return;
}
- for (q = p; *q != '\0' && !(isascii(*q) && isspace(*q)); q++)
+ for (q = p; *q != '\0' && !(SM_ISSPACE(*q)); q++)
continue;
if (*q == '\0')
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"No key specified\n");
return;
}
*q++ = '\0';
map = stab(p, ST_MAP, ST_FIND);
if (map == NULL)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Map named \"%s\" not found\n", p);
return;
}
if (!bitset(MF_OPEN, map->s_map.map_mflags) &&
!openmap(&(map->s_map)))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Map named \"%s\" not open\n", p);
return;
}
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"map_lookup: %s (%s) ", p, q);
av[0] = q;
av[1] = NULL;
p = (*map->s_map.map_class->map_lookup)
(&map->s_map, q, av, &rcode);
if (p == NULL)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"no match (%d)\n",
rcode);
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"returns %s (%d)\n", p,
rcode);
}
else if (sm_strcasecmp(&line[1], "try") == 0)
{
MAILER *m;
STAB *st;
auto int rcode = EX_OK;
q = strpbrk(p, " \t");
if (q != NULL)
{
- while (isascii(*q) && isspace(*q))
+ while (SM_ISSPACE(*q))
*q++ = '\0';
}
if (q == NULL || *q == '\0')
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: /try mailer address\n");
return;
}
st = stab(p, ST_MAILER, ST_FIND);
if (st == NULL)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Unknown mailer %s\n", p);
return;
}
m = st->s_mailer;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Trying %s %s address %s for mailer %s\n",
bitset(RF_HEADERADDR, tryflags) ? "header"
: "envelope",
bitset(RF_SENDERADDR, tryflags) ? "sender"
: "recipient", q, p);
p = remotename(q, m, tryflags, &rcode, CurEnv);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Rcode = %d, addr = %s\n",
rcode, p == NULL ? "<NULL>" : p);
e->e_to = NULL;
}
else if (sm_strcasecmp(&line[1], "tryflags") == 0)
{
if (*p == '\0')
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: /tryflags [Hh|Ee][Ss|Rr]\n");
return;
}
for (; *p != '\0'; p++)
{
switch (*p)
{
case 'H':
case 'h':
tryflags |= RF_HEADERADDR;
break;
case 'E':
case 'e':
tryflags &= ~RF_HEADERADDR;
break;
case 'S':
case 's':
tryflags |= RF_SENDERADDR;
break;
case 'R':
case 'r':
tryflags &= ~RF_SENDERADDR;
break;
}
}
exbuf[0] = bitset(RF_HEADERADDR, tryflags) ? 'h' : 'e';
exbuf[1] = ' ';
exbuf[2] = bitset(RF_SENDERADDR, tryflags) ? 's' : 'r';
exbuf[3] = '\0';
macdefine(&e->e_macro, A_TEMP,
macid("{addr_type}"), exbuf);
}
else if (sm_strcasecmp(&line[1], "parse") == 0)
{
if (*p == '\0')
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Usage: /parse address\n");
return;
}
q = crackaddr(p, e);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Cracked address = ");
xputs(smioout, q);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"\nParsing %s %s address\n",
bitset(RF_HEADERADDR, tryflags) ?
"header" : "envelope",
bitset(RF_SENDERADDR, tryflags) ?
"sender" : "recipient");
if (parseaddr(p, &a, tryflags, '\0', NULL, e, true)
== NULL)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Cannot parse\n");
else if (a.q_host != NULL && a.q_host[0] != '\0')
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"mailer %s, host %s, user %s\n",
a.q_mailer->m_name,
a.q_host,
a.q_user);
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"mailer %s, user %s\n",
a.q_mailer->m_name,
a.q_user);
e->e_to = NULL;
}
else if (sm_strcasecmp(&line[1], "header") == 0)
{
unsigned long ul;
ul = chompheader(p, CHHDR_CHECK|CHHDR_USER, NULL, e);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"ul = %lu\n", ul);
}
#if NETINET || NETINET6
else if (sm_strcasecmp(&line[1], "gethostbyname") == 0)
{
int family = AF_INET;
q = strpbrk(p, " \t");
if (q != NULL)
{
- while (isascii(*q) && isspace(*q))
+ while (SM_ISSPACE(*q))
*q++ = '\0';
# if NETINET6
if (*q != '\0' && (strcmp(q, "inet6") == 0 ||
strcmp(q, "AAAA") == 0))
family = AF_INET6;
# endif /* NETINET6 */
}
(void) sm_gethostbyname(p, family);
}
#endif /* NETINET || NETINET6 */
+#if DANE
+ else if (sm_strcasecmp(&line[1], "dnslookup") == 0)
+ {
+ DNS_REPLY_T *r;
+ int rr_type, family;
+ unsigned int flags;
+
+ rr_type = T_A;
+ family = AF_INET;
+ flags = RR_AS_TEXT;
+ q = strpbrk(p, " \t");
+ if (q != NULL)
+ {
+ char *pflags;
+
+ while (SM_ISSPACE(*q))
+ *q++ = '\0';
+ pflags = strpbrk(q, " \t");
+ if (pflags != NULL)
+ {
+ while (SM_ISSPACE(*pflags))
+ *pflags++ = '\0';
+ }
+ rr_type = dns_string_to_type(q);
+ if (rr_type == T_A)
+ family = AF_INET;
+# if NETINET6
+ if (rr_type == T_AAAA)
+ family = AF_INET6;
+# endif
+ while (pflags != NULL && *pflags != '\0' &&
+ !SM_ISSPACE(*pflags))
+ {
+ if (*pflags == 'c')
+ flags |= RR_NO_CNAME;
+ else if (*pflags == 'o')
+ flags |= RR_ONLY_CNAME;
+ else if (*pflags == 'T')
+ flags &= ~RR_AS_TEXT;
+ ++pflags;
+ }
+ }
+ r = dns_lookup_int(p, C_IN, rr_type,
+ 0, 0, 0, flags, NULL, NULL);
+ if (r != NULL && family >= 0)
+ {
+ (void) dns2he(r, family);
+ dns_free_data(r);
+ r = NULL;
+ }
+ }
+#endif /* DANE */
else
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Unknown \"/\" command %s\n",
line);
}
(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
return;
}
- for (p = line; isascii(*p) && isspace(*p); p++)
+ for (p = line; SM_ISSPACE(*p); p++)
continue;
q = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p == '\0')
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"No address!\n");
return;
}
*p = '\0';
if (tTd(23, 101))
eightbit = to8bit(p + 1);
if (invalidaddr(p + 1, NULL, true))
return;
do
{
register char **pvp;
char pvpbuf[PSBUFSIZE];
pvp = prescan(++p, ',', pvpbuf, sizeof(pvpbuf), &delimptr,
ConfigLevel >= 9 ? TokTypeNoC : ExtTokenTab, false);
if (pvp == NULL)
continue;
p = q;
while (*p != '\0')
{
int status;
rs = strtorwset(p, NULL, ST_FIND);
if (rs < 0)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Undefined ruleset %s\n",
p);
break;
}
status = REWRITE(pvp, rs, e);
if (status != EX_OK)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"== Ruleset %s (%d) status %d\n",
p, rs, status);
else if (eightbit)
{
cataddr(pvp, NULL, exbuf, sizeof(exbuf), '\0',
true);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"cataddr: %s\n",
str2prt(exbuf));
}
while (*p != '\0' && *p++ != ',')
continue;
}
} while (*(p = delimptr) != '\0');
(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
}
static void
dump_class(s, id)
register STAB *s;
int id;
{
if (s->s_symtype != ST_CLASS)
return;
if (bitnset(bitidx(id), s->s_class))
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%s\n", s->s_name);
}
/*
** An exception type used to create QuickAbort exceptions.
** This is my first cut at converting QuickAbort from longjmp to exceptions.
** These exceptions have a single integer argument, which is the argument
** to longjmp in the original code (either 1 or 2). I don't know the
** significance of 1 vs 2: the calls to setjmp don't care.
*/
const SM_EXC_TYPE_T EtypeQuickAbort =
{
SmExcTypeMagic,
"E:mta.quickabort",
"i",
sm_etype_printf,
"quick abort %0",
};
diff --git a/src/map.c b/src/map.c
index 2cc283e5f52c..0931ea69235b 100644
--- a/src/map.c
+++ b/src/map.c
@@ -1,8125 +1,8673 @@
/*
* Copyright (c) 1998-2008 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1992, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: map.c,v 8.713 2013-11-22 20:51:55 ca Exp $")
#if LDAPMAP
# include <sm/ldap.h>
-#endif /* LDAPMAP */
+#endif
#if NDBM
# include <ndbm.h>
# ifdef R_FIRST
ERROR README: You are running the Berkeley DB version of ndbm.h. See
ERROR README: the README file about tweaking Berkeley DB so it can
ERROR README: coexist with NDBM, or delete -DNDBM from the Makefile
ERROR README: and use -DNEWDB instead.
# endif /* R_FIRST */
#endif /* NDBM */
#if NEWDB
# include "sm/bdb.h"
-#endif /* NEWDB */
+#endif
#if NIS
struct dom_binding; /* forward reference needed on IRIX */
# include <rpcsvc/ypclnt.h>
# if NDBM
# define NDBM_YP_COMPAT /* create YP-compatible NDBM files */
-# endif /* NDBM */
+# endif
#endif /* NIS */
+#if CDB
+# include <cdb.h>
+#endif
#include "map.h"
#if NEWDB
# if DB_VERSION_MAJOR < 2
static bool db_map_open __P((MAP *, int, char *, DBTYPE, const void *));
-# endif /* DB_VERSION_MAJOR < 2 */
+# endif
# if DB_VERSION_MAJOR == 2
static bool db_map_open __P((MAP *, int, char *, DBTYPE, DB_INFO *));
-# endif /* DB_VERSION_MAJOR == 2 */
+# endif
# if DB_VERSION_MAJOR > 2
static bool db_map_open __P((MAP *, int, char *, DBTYPE, void **));
-# endif /* DB_VERSION_MAJOR > 2 */
+# endif
#endif /* NEWDB */
static bool extract_canonname __P((char *, char *, char *, char[], int));
static void map_close __P((STAB *, int));
static void map_init __P((STAB *, int));
#ifdef LDAPMAP
static STAB * ldapmap_findconn __P((SM_LDAP_STRUCT *));
-#endif /* LDAPMAP */
+#endif
#if NISPLUS
static bool nisplus_getcanonname __P((char *, int, int *));
-#endif /* NISPLUS */
+#endif
#if NIS
static bool nis_getcanonname __P((char *, int, int *));
-#endif /* NIS */
+#endif
#if NETINFO
static bool ni_getcanonname __P((char *, int, int *));
-#endif /* NETINFO */
+#endif
static bool text_getcanonname __P((char *, int, int *));
#if SOCKETMAP
static STAB *socket_map_findconn __P((const char*));
/* XXX arbitrary limit for sanity */
# define SOCKETMAP_MAXL 1000000
#endif /* SOCKETMAP */
/* default error message for trying to open a map in write mode */
#ifdef ENOSYS
# define SM_EMAPCANTWRITE ENOSYS
#else /* ENOSYS */
# ifdef EFTYPE
# define SM_EMAPCANTWRITE EFTYPE
-# else /* EFTYPE */
+# else
# define SM_EMAPCANTWRITE ENXIO
-# endif /* EFTYPE */
+# endif
#endif /* ENOSYS */
/*
** MAP.C -- implementations for various map classes.
**
** Each map class implements a series of functions:
**
** bool map_parse(MAP *map, char *args)
** Parse the arguments from the config file. Return true
** if they were ok, false otherwise. Fill in map with the
** values.
**
** char *map_lookup(MAP *map, char *key, char **args, int *pstat)
** Look up the key in the given map. If found, do any
** rewriting the map wants (including "args" if desired)
** and return the value. Set *pstat to the appropriate status
** on error and return NULL. Args will be NULL if called
** from the alias routines, although this should probably
** not be relied upon. It is suggested you call map_rewrite
** to return the results -- it takes care of null termination
** and uses a dynamically expanded buffer as needed.
**
** void map_store(MAP *map, char *key, char *value)
** Store the key:value pair in the map.
**
** bool map_open(MAP *map, int mode)
** Open the map for the indicated mode. Mode should
** be either O_RDONLY or O_RDWR. Return true if it
** was opened successfully, false otherwise. If the open
** failed and the MF_OPTIONAL flag is not set, it should
** also print an error. If the MF_ALIAS bit is set
** and this map class understands the @:@ convention, it
** should call aliaswait() before returning.
**
** void map_close(MAP *map)
** Close the map.
**
** This file also includes the implementation for getcanonname.
** It is currently implemented in a pretty ad-hoc manner; it ought
** to be more properly integrated into the map structure.
*/
#if O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL
# define LOCK_ON_OPEN 1 /* we can open/create a locked file */
-#else /* O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL */
+#else
# define LOCK_ON_OPEN 0 /* no such luck -- bend over backwards */
-#endif /* O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL */
+#endif
/*
** MAP_PARSEARGS -- parse config line arguments for database lookup
**
** This is a generic version of the map_parse method.
**
** Parameters:
** map -- the map being initialized.
** ap -- a pointer to the args on the config line.
**
** Returns:
** true -- if everything parsed OK.
** false -- otherwise.
**
** Side Effects:
** null terminates the filename; stores it in map
*/
bool
map_parseargs(map, ap)
MAP *map;
char *ap;
{
register char *p = ap;
/*
** There is no check whether there is really an argument,
** but that's not important enough to warrant extra code.
*/
map->map_mflags |= MF_TRY0NULL|MF_TRY1NULL;
map->map_spacesub = SpaceSub; /* default value */
for (;;)
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '-')
break;
switch (*++p)
{
- case 'N':
- map->map_mflags |= MF_INCLNULL;
- map->map_mflags &= ~MF_TRY0NULL;
- break;
-
- case 'O':
- map->map_mflags &= ~MF_TRY1NULL;
- break;
-
- case 'o':
- map->map_mflags |= MF_OPTIONAL;
- break;
-
- case 'f':
- map->map_mflags |= MF_NOFOLDCASE;
- break;
-
- case 'm':
- map->map_mflags |= MF_MATCHONLY;
- break;
-
case 'A':
map->map_mflags |= MF_APPEND;
break;
- case 'q':
- map->map_mflags |= MF_KEEPQUOTES;
- break;
-
case 'a':
map->map_app = ++p;
break;
+ case 'D':
+ map->map_mflags |= MF_DEFER;
+ break;
+
case 'd':
{
char *h;
++p;
h = strchr(p, ' ');
if (h != NULL)
*h = '\0';
map->map_timeout = convtime(p, 's');
if (h != NULL)
*h = ' ';
}
break;
- case 'T':
- map->map_tapp = ++p;
+ case 'f':
+ map->map_mflags |= MF_NOFOLDCASE;
break;
case 'k':
while (isascii(*++p) && isspace(*p))
continue;
map->map_keycolnm = p;
break;
+ case 'm':
+ map->map_mflags |= MF_MATCHONLY;
+ break;
+
+ case 'N':
+ map->map_mflags |= MF_INCLNULL;
+ map->map_mflags &= ~MF_TRY0NULL;
+ break;
+
+ case 'O':
+ map->map_mflags &= ~MF_TRY1NULL;
+ break;
+
+ case 'o':
+ map->map_mflags |= MF_OPTIONAL;
+ break;
+
+ case 'q':
+ map->map_mflags |= MF_KEEPQUOTES;
+ break;
+
+ case 'S':
+ map->map_spacesub = *++p;
+ break;
+
+ case 'T':
+ map->map_tapp = ++p;
+ break;
+
+ case 't':
+ map->map_mflags |= MF_NODEFER;
+ break;
+
case 'v':
while (isascii(*++p) && isspace(*p))
continue;
map->map_valcolnm = p;
break;
case 'z':
if (*++p != '\\')
map->map_coldelim = *p;
else
{
switch (*++p)
{
case 'n':
map->map_coldelim = '\n';
break;
case 't':
map->map_coldelim = '\t';
break;
default:
map->map_coldelim = '\\';
}
}
break;
- case 't':
- map->map_mflags |= MF_NODEFER;
- break;
-
-
- case 'S':
- map->map_spacesub = *++p;
- break;
-
- case 'D':
- map->map_mflags |= MF_DEFER;
- break;
-
default:
syserr("Illegal option %c map %s", *p, map->map_mname);
break;
}
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
}
if (map->map_app != NULL)
map->map_app = newstr(map->map_app);
if (map->map_tapp != NULL)
map->map_tapp = newstr(map->map_tapp);
if (map->map_keycolnm != NULL)
map->map_keycolnm = newstr(map->map_keycolnm);
if (map->map_valcolnm != NULL)
map->map_valcolnm = newstr(map->map_valcolnm);
if (*p != '\0')
{
map->map_file = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
map->map_file = newstr(map->map_file);
}
- while (*p != '\0' && isascii(*p) && isspace(*p))
+ while (*p != '\0' && SM_ISSPACE(*p))
p++;
if (*p != '\0')
map->map_rebuild = newstr(p);
if (map->map_file == NULL &&
!bitset(MCF_OPTFILE, map->map_class->map_cflags))
{
syserr("No file name for %s map %s",
map->map_class->map_cname, map->map_mname);
return false;
}
return true;
}
/*
** MAP_REWRITE -- rewrite a database key, interpolating %n indications.
**
** It also adds the map_app string. It can be used as a utility
** in the map_lookup method.
**
** Parameters:
** map -- the map that causes this.
** s -- the string to rewrite, NOT necessarily null terminated.
** slen -- the length of s.
** av -- arguments to interpolate into buf.
**
** Returns:
** Pointer to rewritten result. This is static data that
** should be copied if it is to be saved!
*/
char *
map_rewrite(map, s, slen, av)
register MAP *map;
register const char *s;
size_t slen;
char **av;
{
register char *bp;
register char c;
char **avp;
register char *ap;
size_t l;
size_t len;
static size_t buflen = 0;
static char *buf = NULL;
if (tTd(39, 1))
{
sm_dprintf("map_rewrite(%.*s), av =", (int) slen, s);
if (av == NULL)
sm_dprintf(" (nullv)");
else
{
for (avp = av; *avp != NULL; avp++)
sm_dprintf("\n\t%s", *avp);
}
sm_dprintf("\n");
}
/* count expected size of output (can safely overestimate) */
l = len = slen;
if (av != NULL)
{
const char *sp = s;
while (l-- > 0 && (c = *sp++) != '\0')
{
if (c != '%')
continue;
if (l-- <= 0)
break;
c = *sp++;
if (!(isascii(c) && isdigit(c)))
continue;
for (avp = av; --c >= '0' && *avp != NULL; avp++)
continue;
if (*avp == NULL)
continue;
len += strlen(*avp);
}
}
if (map->map_app != NULL)
len += strlen(map->map_app);
if (buflen < ++len)
{
/* need to malloc additional space */
buflen = len;
if (buf != NULL)
sm_free(buf);
buf = sm_pmalloc_x(buflen);
}
bp = buf;
if (av == NULL)
{
memmove(bp, s, slen);
bp += slen;
/* assert(len > slen); */
len -= slen;
}
else
{
while (slen-- > 0 && (c = *s++) != '\0')
{
if (c != '%')
{
pushc:
if (len-- <= 1)
break;
*bp++ = c;
continue;
}
if (slen-- <= 0 || (c = *s++) == '\0')
c = '%';
if (c == '%')
goto pushc;
if (!(isascii(c) && isdigit(c)))
{
if (len-- <= 1)
break;
*bp++ = '%';
goto pushc;
}
for (avp = av; --c >= '0' && *avp != NULL; avp++)
continue;
if (*avp == NULL)
continue;
/* transliterate argument into output string */
for (ap = *avp; (c = *ap++) != '\0' && len > 0; --len)
*bp++ = c;
}
}
if (map->map_app != NULL && len > 0)
(void) sm_strlcpy(bp, map->map_app, len);
else
*bp = '\0';
if (tTd(39, 1))
sm_dprintf("map_rewrite => %s\n", buf);
return buf;
}
/*
** INITMAPS -- rebuild alias maps
**
** Parameters:
** none.
**
** Returns:
** none.
*/
void
initmaps()
{
#if XDEBUG
checkfd012("entering initmaps");
-#endif /* XDEBUG */
+#endif
stabapply(map_init, 0);
#if XDEBUG
checkfd012("exiting initmaps");
-#endif /* XDEBUG */
+#endif
}
/*
** MAP_INIT -- rebuild a map
**
** Parameters:
** s -- STAB entry: if map: try to rebuild
** unused -- unused variable
**
** Returns:
** none.
**
** Side Effects:
** will close already open rebuildable map.
*/
/* ARGSUSED1 */
static void
map_init(s, unused)
register STAB *s;
int unused;
{
register MAP *map;
/* has to be a map */
if (s->s_symtype != ST_MAP)
return;
map = &s->s_map;
if (!bitset(MF_VALID, map->map_mflags))
return;
if (tTd(38, 2))
sm_dprintf("map_init(%s:%s, %s)\n",
map->map_class->map_cname == NULL ? "NULL" :
map->map_class->map_cname,
map->map_mname == NULL ? "NULL" : map->map_mname,
map->map_file == NULL ? "NULL" : map->map_file);
if (!bitset(MF_ALIAS, map->map_mflags) ||
!bitset(MCF_REBUILDABLE, map->map_class->map_cflags))
{
if (tTd(38, 3))
sm_dprintf("\tnot rebuildable\n");
return;
}
/* if already open, close it (for nested open) */
if (bitset(MF_OPEN, map->map_mflags))
{
map->map_mflags |= MF_CLOSING;
map->map_class->map_close(map);
map->map_mflags &= ~(MF_OPEN|MF_WRITABLE|MF_CLOSING);
}
(void) rebuildaliases(map, false);
return;
}
/*
** OPENMAP -- open a map
**
** Parameters:
** map -- map to open (it must not be open).
**
** Returns:
** whether open succeeded.
*/
bool
openmap(map)
MAP *map;
{
bool restore = false;
bool savehold = HoldErrs;
bool savequick = QuickAbort;
int saveerrors = Errors;
if (!bitset(MF_VALID, map->map_mflags))
return false;
/* better safe than sorry... */
if (bitset(MF_OPEN, map->map_mflags))
return true;
/* Don't send a map open error out via SMTP */
if ((OnlyOneError || QuickAbort) &&
(OpMode == MD_SMTP || OpMode == MD_DAEMON))
{
restore = true;
HoldErrs = true;
QuickAbort = false;
}
errno = 0;
if (map->map_class->map_open(map, O_RDONLY))
{
if (tTd(38, 4))
sm_dprintf("openmap()\t%s:%s %s: valid\n",
map->map_class->map_cname == NULL ? "NULL" :
map->map_class->map_cname,
map->map_mname == NULL ? "NULL" :
map->map_mname,
map->map_file == NULL ? "NULL" :
map->map_file);
map->map_mflags |= MF_OPEN;
map->map_pid = CurrentPid;
}
else
{
if (tTd(38, 4))
sm_dprintf("openmap()\t%s:%s %s: invalid%s%s\n",
map->map_class->map_cname == NULL ? "NULL" :
map->map_class->map_cname,
map->map_mname == NULL ? "NULL" :
map->map_mname,
map->map_file == NULL ? "NULL" :
map->map_file,
errno == 0 ? "" : ": ",
errno == 0 ? "" : sm_errstring(errno));
if (!bitset(MF_OPTIONAL, map->map_mflags))
{
extern MAPCLASS BogusMapClass;
map->map_orgclass = map->map_class;
map->map_class = &BogusMapClass;
map->map_mflags |= MF_OPEN|MF_OPENBOGUS;
map->map_pid = CurrentPid;
}
else
{
/* don't try again */
map->map_mflags &= ~MF_VALID;
}
}
if (restore)
{
Errors = saveerrors;
HoldErrs = savehold;
QuickAbort = savequick;
}
return bitset(MF_OPEN, map->map_mflags);
}
/*
** CLOSEMAPS -- close all open maps opened by the current pid.
**
** Parameters:
** bogus -- only close bogus maps.
**
** Returns:
** none.
*/
void
closemaps(bogus)
bool bogus;
{
stabapply(map_close, bogus);
}
/*
** MAP_CLOSE -- close a map opened by the current pid.
**
** Parameters:
** s -- STAB entry: if map: try to close
** bogus -- only close bogus maps or MCF_NOTPERSIST maps.
**
** Returns:
** none.
*/
-/* ARGSUSED1 */
static void
map_close(s, bogus)
register STAB *s;
int bogus; /* int because of stabapply(), used as bool */
{
MAP *map;
extern MAPCLASS BogusMapClass;
if (s->s_symtype != ST_MAP)
return;
map = &s->s_map;
/*
** close the map iff:
** it is valid and open and opened by this process
** and (!bogus or it's a bogus map or it is not persistent)
** negate this: return iff
** it is not valid or it is not open or not opened by this process
** or (bogus and it's not a bogus map and it's not not-persistent)
*/
if (!bitset(MF_VALID, map->map_mflags) ||
!bitset(MF_OPEN, map->map_mflags) ||
bitset(MF_CLOSING, map->map_mflags) ||
map->map_pid != CurrentPid ||
(bogus && map->map_class != &BogusMapClass &&
!bitset(MCF_NOTPERSIST, map->map_class->map_cflags)))
return;
if (map->map_class == &BogusMapClass && map->map_orgclass != NULL &&
map->map_orgclass != &BogusMapClass)
map->map_class = map->map_orgclass;
if (tTd(38, 5))
sm_dprintf("closemaps: closing %s (%s)\n",
map->map_mname == NULL ? "NULL" : map->map_mname,
map->map_file == NULL ? "NULL" : map->map_file);
if (!bitset(MF_OPENBOGUS, map->map_mflags))
{
map->map_mflags |= MF_CLOSING;
map->map_class->map_close(map);
}
map->map_mflags &= ~(MF_OPEN|MF_WRITABLE|MF_OPENBOGUS|MF_CLOSING);
}
#if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN)
extern int getdomainname();
/* this is mainly for backward compatibility in Sun environment */
static char *
sun_init_domain()
{
/*
** Get the domain name from the kernel.
** If it does not start with a leading dot, then remove
** the first component. Since leading dots are funny Unix
** files, we treat a leading "+" the same as a leading dot.
** Finally, force there to be at least one dot in the domain name
** (i.e. top-level domains are not allowed, like "com", must be
** something like "sun.com").
*/
char buf[MAXNAME];
char *period, *autodomain;
if (getdomainname(buf, sizeof buf) < 0)
return NULL;
if (buf[0] == '\0')
return NULL;
if (tTd(0, 20))
printf("domainname = %s\n", buf);
if (buf[0] == '+')
buf[0] = '.';
period = strchr(buf, '.');
if (period == NULL)
autodomain = buf;
else
autodomain = period + 1;
if (strchr(autodomain, '.') == NULL)
return newstr(buf);
else
return newstr(autodomain);
}
#endif /* SUN_EXTENSIONS && SUN_INIT_DOMAIN */
/*
** GETCANONNAME -- look up name using service switch
**
** Parameters:
** host -- the host name to look up.
** hbsize -- the size of the host buffer.
** trymx -- if set, try MX records.
** pttl -- pointer to return TTL (can be NULL).
**
** Returns:
-** true -- if the host was found.
-** false -- otherwise.
+** >0 -- if the host was found.
+** 0 -- otherwise.
*/
-bool
+int
getcanonname(host, hbsize, trymx, pttl)
char *host;
int hbsize;
bool trymx;
int *pttl;
{
int nmaps;
int mapno;
bool found = false;
bool got_tempfail = false;
auto int status = EX_UNAVAILABLE;
char *maptype[MAXMAPSTACK];
short mapreturn[MAXMAPACTIONS];
#if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN)
bool should_try_nis_domain = false;
static char *nis_domain = NULL;
#endif
+ bool secure = true; /* consider all maps secure by default */
nmaps = switch_map_find("hosts", maptype, mapreturn);
- if (pttl != 0)
+ if (pttl != NULL)
*pttl = SM_DEFAULT_TTL;
for (mapno = 0; mapno < nmaps; mapno++)
{
int i;
if (tTd(38, 20))
sm_dprintf("getcanonname(%s), trying %s\n",
host, maptype[mapno]);
if (strcmp("files", maptype[mapno]) == 0)
{
found = text_getcanonname(host, hbsize, &status);
}
#if NIS
else if (strcmp("nis", maptype[mapno]) == 0)
{
found = nis_getcanonname(host, hbsize, &status);
# if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN)
if (nis_domain == NULL)
nis_domain = sun_init_domain();
-# endif /* defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN) */
+# endif
}
#endif /* NIS */
#if NISPLUS
else if (strcmp("nisplus", maptype[mapno]) == 0)
{
found = nisplus_getcanonname(host, hbsize, &status);
# if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN)
if (nis_domain == NULL)
nis_domain = sun_init_domain();
-# endif /* defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN) */
+# endif
}
#endif /* NISPLUS */
#if NAMED_BIND
else if (strcmp("dns", maptype[mapno]) == 0)
{
- found = dns_getcanonname(host, hbsize, trymx, &status, pttl);
+ int r;
+
+ r = dns_getcanonname(host, hbsize, trymx, &status,
+ pttl);
+ secure = HOST_SECURE == r;
+ found = r > 0;
}
#endif /* NAMED_BIND */
#if NETINFO
else if (strcmp("netinfo", maptype[mapno]) == 0)
{
found = ni_getcanonname(host, hbsize, &status);
}
#endif /* NETINFO */
else
{
found = false;
status = EX_UNAVAILABLE;
}
/*
** Heuristic: if $m is not set, we are running during system
** startup. In this case, when a name is apparently found
** but has no dot, treat is as not found. This avoids
** problems if /etc/hosts has no FQDN but is listed first
** in the service switch.
*/
if (found &&
(macvalue('m', CurEnv) != NULL || strchr(host, '.') != NULL))
break;
#if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN)
if (found)
should_try_nis_domain = true;
/* but don't break, as we need to try all methods first */
#endif /* defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN) */
/* see if we should continue */
if (status == EX_TEMPFAIL)
{
i = MA_TRYAGAIN;
got_tempfail = true;
}
else if (status == EX_NOTFOUND)
i = MA_NOTFOUND;
else
i = MA_UNAVAIL;
if (bitset(1 << mapno, mapreturn[i]))
break;
}
if (found)
{
char *d;
if (tTd(38, 20))
- sm_dprintf("getcanonname(%s), found\n", host);
+ sm_dprintf("getcanonname(%s), found, ad=%d\n", host, secure);
/*
** If returned name is still single token, compensate
** by tagging on $m. This is because some sites set
** up their DNS or NIS databases wrong.
*/
if ((d = strchr(host, '.')) == NULL || d[1] == '\0')
{
d = macvalue('m', CurEnv);
if (d != NULL &&
hbsize > (int) (strlen(host) + strlen(d) + 1))
{
if (host[strlen(host) - 1] != '.')
(void) sm_strlcat2(host, ".", d,
hbsize);
else
(void) sm_strlcat(host, d, hbsize);
}
else
{
#if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN)
if (VendorCode == VENDOR_SUN &&
should_try_nis_domain)
{
goto try_nis_domain;
}
#endif /* defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN) */
- return false;
+ return HOST_NOTFOUND;
}
}
- return true;
+ return secure ? HOST_SECURE : HOST_OK;
}
#if defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN)
if (VendorCode == VENDOR_SUN && should_try_nis_domain)
{
try_nis_domain:
if (nis_domain != NULL &&
strlen(nis_domain) + strlen(host) + 1 < hbsize)
{
(void) sm_strlcat2(host, ".", nis_domain, hbsize);
- return true;
+ return HOST_OK;
}
}
#endif /* defined(SUN_EXTENSIONS) && defined(SUN_INIT_DOMAIN) */
if (tTd(38, 20))
sm_dprintf("getcanonname(%s), failed, status=%d\n", host,
status);
if (got_tempfail)
SM_SET_H_ERRNO(TRY_AGAIN);
else
SM_SET_H_ERRNO(HOST_NOT_FOUND);
- return false;
+ return HOST_NOTFOUND;
}
/*
** EXTRACT_CANONNAME -- extract canonical name from /etc/hosts entry
**
** Parameters:
** name -- the name against which to match.
** dot -- where to reinsert '.' to get FQDN
** line -- the /etc/hosts line.
** cbuf -- the location to store the result.
** cbuflen -- the size of cbuf.
**
** Returns:
** true -- if the line matched the desired name.
** false -- otherwise.
*/
static bool
extract_canonname(name, dot, line, cbuf, cbuflen)
char *name;
char *dot;
char *line;
char cbuf[];
int cbuflen;
{
int i;
char *p;
bool found = false;
cbuf[0] = '\0';
if (line[0] == '#')
return false;
for (i = 1; ; i++)
{
char nbuf[MAXNAME + 1];
p = get_column(line, i, '\0', nbuf, sizeof(nbuf));
if (p == NULL)
break;
if (*p == '\0')
continue;
if (cbuf[0] == '\0' ||
(strchr(cbuf, '.') == NULL && strchr(p, '.') != NULL))
{
(void) sm_strlcpy(cbuf, p, cbuflen);
}
if (sm_strcasecmp(name, p) == 0)
found = true;
else if (dot != NULL)
{
/* try looking for the FQDN as well */
*dot = '.';
if (sm_strcasecmp(name, p) == 0)
found = true;
*dot = '\0';
}
}
if (found && strchr(cbuf, '.') == NULL)
{
/* try to add a domain on the end of the name */
char *domain = macvalue('m', CurEnv);
if (domain != NULL &&
strlen(domain) + (i = strlen(cbuf)) + 1 < (size_t) cbuflen)
{
p = &cbuf[i];
*p++ = '.';
(void) sm_strlcpy(p, domain, cbuflen - i - 1);
}
}
return found;
}
/*
** DNS modules
*/
#if NAMED_BIND
# if DNSMAP
# include "sm_resolve.h"
# if NETINET || NETINET6
# include <arpa/inet.h>
-# endif /* NETINET || NETINET6 */
+# endif
/*
** DNS_MAP_OPEN -- stub to check proper value for dns map type
*/
bool
dns_map_open(map, mode)
MAP *map;
int mode;
{
if (tTd(38,2))
sm_dprintf("dns_map_open(%s, %d)\n", map->map_mname, mode);
mode &= O_ACCMODE;
if (mode != O_RDONLY)
{
/* issue a pseudo-error message */
errno = SM_EMAPCANTWRITE;
return false;
}
return true;
}
/*
** DNS_MAP_PARSEARGS -- parse dns map definition args.
**
** Parameters:
** map -- pointer to MAP
** args -- pointer to the args on the config line.
**
** Returns:
** true -- if everything parsed OK.
** false -- otherwise.
*/
#define map_sizelimit map_lockfd /* overload field */
struct dns_map
{
int dns_m_type;
+ unsigned int dns_m_options;
};
bool
dns_map_parseargs(map,args)
MAP *map;
char *args;
{
register char *p = args;
struct dns_map *map_p;
map_p = (struct dns_map *) xalloc(sizeof(*map_p));
+ memset(map_p, '\0', sizeof(*map_p));
map_p->dns_m_type = -1;
map->map_mflags |= MF_TRY0NULL|MF_TRY1NULL;
for (;;)
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '-')
break;
switch (*++p)
{
- case 'N':
- map->map_mflags |= MF_INCLNULL;
- map->map_mflags &= ~MF_TRY0NULL;
- break;
-
- case 'O':
- map->map_mflags &= ~MF_TRY1NULL;
- break;
-
- case 'o':
- map->map_mflags |= MF_OPTIONAL;
- break;
-
- case 'f':
- map->map_mflags |= MF_NOFOLDCASE;
- break;
-
- case 'm':
- map->map_mflags |= MF_MATCHONLY;
+#if DNSSEC_TEST
+ case '@':
+ ++p;
+ if (nsportip(p) < 0)
+ syserr("dns map %s: nsportip(%s)=failed",
+ map->map_mname, p);
break;
+#endif /* DNSSEC_TEST */
case 'A':
map->map_mflags |= MF_APPEND;
break;
- case 'q':
- map->map_mflags |= MF_KEEPQUOTES;
- break;
-
- case 't':
- map->map_mflags |= MF_NODEFER;
- break;
-
case 'a':
map->map_app = ++p;
break;
- case 'T':
- map->map_tapp = ++p;
+ case 'B': /* base domain */
+ {
+ char *h;
+
+ while (isascii(*++p) && isspace(*p))
+ continue;
+ h = strchr(p, ' ');
+ if (h != NULL)
+ *h = '\0';
+
+ /*
+ ** slight abuse of map->map_file; it isn't
+ ** used otherwise in this map type.
+ */
+
+ map->map_file = newstr(p);
+ if (h != NULL)
+ *h = ' ';
+ }
break;
case 'd':
{
char *h;
++p;
h = strchr(p, ' ');
if (h != NULL)
*h = '\0';
map->map_timeout = convtime(p, 's');
if (h != NULL)
*h = ' ';
}
break;
+ case 'f':
+ map->map_mflags |= MF_NOFOLDCASE;
+ break;
+
+ case 'm':
+ map->map_mflags |= MF_MATCHONLY;
+ break;
+
+ case 'N':
+ map->map_mflags |= MF_INCLNULL;
+ map->map_mflags &= ~MF_TRY0NULL;
+ break;
+
+ case 'O':
+ map->map_mflags &= ~MF_TRY1NULL;
+ break;
+
+ case 'o':
+ map->map_mflags |= MF_OPTIONAL;
+ break;
+
+ case 'q':
+ map->map_mflags |= MF_KEEPQUOTES;
+ break;
+
+ case 'S':
+#if defined(RES_USE_EDNS0) && defined(RES_USE_DNSSEC)
+ map_p->dns_m_options |= SM_RES_DNSSEC;
+#endif
+ break;
+
case 'r':
while (isascii(*++p) && isspace(*p))
continue;
map->map_retry = atoi(p);
break;
+ case 't':
+ map->map_mflags |= MF_NODEFER;
+ break;
+
+ case 'T':
+ map->map_tapp = ++p;
+ break;
+
case 'z':
if (*++p != '\\')
map->map_coldelim = *p;
else
{
switch (*++p)
{
case 'n':
map->map_coldelim = '\n';
break;
case 't':
map->map_coldelim = '\t';
break;
default:
map->map_coldelim = '\\';
}
}
break;
case 'Z':
while (isascii(*++p) && isspace(*p))
continue;
map->map_sizelimit = atoi(p);
break;
/* Start of dns_map specific args */
case 'R': /* search field */
{
char *h;
while (isascii(*++p) && isspace(*p))
continue;
h = strchr(p, ' ');
if (h != NULL)
*h = '\0';
map_p->dns_m_type = dns_string_to_type(p);
if (h != NULL)
*h = ' ';
if (map_p->dns_m_type < 0)
syserr("dns map %s: wrong type %s",
map->map_mname, p);
}
break;
- case 'B': /* base domain */
- {
- char *h;
-
- while (isascii(*++p) && isspace(*p))
- continue;
- h = strchr(p, ' ');
- if (h != NULL)
- *h = '\0';
-
- /*
- ** slight abuse of map->map_file; it isn't
- ** used otherwise in this map type.
- */
-
- map->map_file = newstr(p);
- if (h != NULL)
- *h = ' ';
- }
- break;
}
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
}
if (map_p->dns_m_type < 0)
syserr("dns map %s: missing -R type", map->map_mname);
if (map->map_app != NULL)
map->map_app = newstr(map->map_app);
if (map->map_tapp != NULL)
map->map_tapp = newstr(map->map_tapp);
/*
** Assumption: assert(sizeof(int) <= sizeof(ARBPTR_T));
** Even if this assumption is wrong, we use only one byte,
** so it doesn't really matter.
*/
map->map_db1 = (ARBPTR_T) map_p;
return true;
}
/*
** DNS_MAP_LOOKUP -- perform dns map lookup.
**
** Parameters:
** map -- pointer to MAP
** name -- name to lookup
** av -- arguments to interpolate into buf.
** statp -- pointer to status (EX_)
**
** Returns:
** result of lookup if succeeded.
** NULL -- otherwise.
*/
char *
dns_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
int resnum = 0;
char *vp = NULL, *result = NULL;
size_t vsize;
struct dns_map *map_p;
RESOURCE_RECORD_T *rr = NULL;
DNS_REPLY_T *r = NULL;
+ unsigned int options;
# if NETINET6
static char buf6[INET6_ADDRSTRLEN];
-# endif /* NETINET6 */
+# endif
if (tTd(38, 20))
sm_dprintf("dns_map_lookup(%s, %s)\n",
map->map_mname, name);
map_p = (struct dns_map *)(map->map_db1);
+ options = map_p->dns_m_options;
if (map->map_file != NULL && *map->map_file != '\0')
{
size_t len;
char *appdomain;
len = strlen(map->map_file) + strlen(name) + 2;
appdomain = (char *) sm_malloc(len);
if (appdomain == NULL)
{
*statp = EX_UNAVAILABLE;
return NULL;
}
(void) sm_strlcpyn(appdomain, len, 3, name, ".", map->map_file);
- r = dns_lookup_int(appdomain, C_IN, map_p->dns_m_type,
- map->map_timeout, map->map_retry);
+ r = dns_lookup_map(appdomain, C_IN, map_p->dns_m_type,
+ map->map_timeout, map->map_retry, options);
sm_free(appdomain);
}
else
{
- r = dns_lookup_int(name, C_IN, map_p->dns_m_type,
- map->map_timeout, map->map_retry);
+ r = dns_lookup_map(name, C_IN, map_p->dns_m_type,
+ map->map_timeout, map->map_retry, options);
}
if (r == NULL)
{
result = NULL;
if (h_errno == TRY_AGAIN || transienterror(errno))
*statp = EX_TEMPFAIL;
else
*statp = EX_NOTFOUND;
goto cleanup;
}
*statp = EX_OK;
for (rr = r->dns_r_head; rr != NULL; rr = rr->rr_next)
{
char *type = NULL;
char *value = NULL;
switch (rr->rr_type)
{
case T_NS:
type = "T_NS";
value = rr->rr_u.rr_txt;
break;
case T_CNAME:
type = "T_CNAME";
value = rr->rr_u.rr_txt;
break;
case T_AFSDB:
type = "T_AFSDB";
value = rr->rr_u.rr_mx->mx_r_domain;
break;
case T_SRV:
type = "T_SRV";
value = rr->rr_u.rr_srv->srv_r_target;
break;
case T_PTR:
type = "T_PTR";
value = rr->rr_u.rr_txt;
break;
case T_TXT:
type = "T_TXT";
value = rr->rr_u.rr_txt;
break;
case T_MX:
type = "T_MX";
value = rr->rr_u.rr_mx->mx_r_domain;
break;
# if NETINET
case T_A:
type = "T_A";
value = inet_ntoa(*(rr->rr_u.rr_a));
break;
# endif /* NETINET */
# if NETINET6
case T_AAAA:
type = "T_AAAA";
value = anynet_ntop(rr->rr_u.rr_aaaa, buf6,
sizeof(buf6));
break;
# endif /* NETINET6 */
+# ifdef T_TLSA
+ case T_TLSA:
+ type = "T_TLSA";
+ value = rr->rr_u.rr_txt;
+ break;
+# endif /* T_TLSA */
}
(void) strreplnonprt(value, 'X');
if (map_p->dns_m_type != rr->rr_type)
{
if (tTd(38, 40))
sm_dprintf("\tskipping type %s (%d) value %s\n",
type != NULL ? type : "<UNKNOWN>",
rr->rr_type,
value != NULL ? value : "<NO VALUE>");
continue;
}
# if NETINET6
if (rr->rr_type == T_AAAA && value == NULL)
{
result = NULL;
*statp = EX_DATAERR;
if (tTd(38, 40))
sm_dprintf("\tbad T_AAAA conversion\n");
goto cleanup;
}
# endif /* NETINET6 */
if (tTd(38, 40))
sm_dprintf("\tfound type %s (%d) value %s\n",
type != NULL ? type : "<UNKNOWN>",
rr->rr_type,
value != NULL ? value : "<NO VALUE>");
if (value != NULL &&
(map->map_coldelim == '\0' ||
map->map_sizelimit == 1 ||
bitset(MF_MATCHONLY, map->map_mflags)))
{
/* Only care about the first match */
vp = newstr(value);
break;
}
else if (vp == NULL)
{
/* First result */
vp = newstr(value);
}
else
{
/* concatenate the results */
int sz;
char *new;
sz = strlen(vp) + strlen(value) + 2;
new = xalloc(sz);
(void) sm_snprintf(new, sz, "%s%c%s",
vp, map->map_coldelim, value);
sm_free(vp);
vp = new;
if (map->map_sizelimit > 0 &&
++resnum >= map->map_sizelimit)
break;
}
}
if (vp == NULL)
{
result = NULL;
*statp = EX_NOTFOUND;
if (tTd(38, 40))
sm_dprintf("\tno match found\n");
goto cleanup;
}
/* Cleanly truncate for rulesets */
truncate_at_delim(vp, PSBUFSIZE / 2, map->map_coldelim);
vsize = strlen(vp);
if (LogLevel > 9)
sm_syslog(LOG_INFO, CurEnv->e_id, "dns %.100s => %s",
name, vp);
if (bitset(MF_MATCHONLY, map->map_mflags))
result = map_rewrite(map, name, strlen(name), NULL);
else
result = map_rewrite(map, vp, vsize, av);
cleanup:
if (vp != NULL)
sm_free(vp);
- if (r != NULL)
- dns_free_data(r);
+ dns_free_data(r);
return result;
}
# endif /* DNSMAP */
#endif /* NAMED_BIND */
/*
** NDBM modules
*/
#if NDBM
/*
** NDBM_MAP_OPEN -- DBM-style map open
*/
bool
ndbm_map_open(map, mode)
MAP *map;
int mode;
{
register DBM *dbm;
int save_errno;
int dfd;
int pfd;
long sff;
int ret;
int smode = S_IREAD;
char dirfile[MAXPATHLEN];
char pagfile[MAXPATHLEN];
struct stat st;
struct stat std, stp;
if (tTd(38, 2))
sm_dprintf("ndbm_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
map->map_lockfd = -1;
mode &= O_ACCMODE;
/* do initial file and directory checks */
if (sm_strlcpyn(dirfile, sizeof(dirfile), 2,
map->map_file, ".dir") >= sizeof(dirfile) ||
sm_strlcpyn(pagfile, sizeof(pagfile), 2,
map->map_file, ".pag") >= sizeof(pagfile))
{
errno = 0;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("dbm map \"%s\": map file %s name too long",
map->map_mname, map->map_file);
return false;
}
sff = SFF_ROOTOK|SFF_REGONLY;
if (mode == O_RDWR)
{
sff |= SFF_CREAT;
if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
sff |= SFF_NOSLINK;
if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
sff |= SFF_NOHLINK;
smode = S_IWRITE;
}
else
{
if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
sff |= SFF_NOWLINK;
}
if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
sff |= SFF_SAFEDIRPATH;
ret = safefile(dirfile, RunAsUid, RunAsGid, RunAsUserName,
sff, smode, &std);
if (ret == 0)
ret = safefile(pagfile, RunAsUid, RunAsGid, RunAsUserName,
sff, smode, &stp);
if (ret != 0)
{
char *prob = "unsafe";
/* cannot open this map */
if (ret == ENOENT)
prob = "missing";
if (tTd(38, 2))
sm_dprintf("\t%s map file: %d\n", prob, ret);
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("dbm map \"%s\": %s map file %s",
map->map_mname, prob, map->map_file);
return false;
}
if (std.st_mode == ST_MODE_NOFILE)
mode |= O_CREAT|O_EXCL;
# if LOCK_ON_OPEN
if (mode == O_RDONLY)
mode |= O_SHLOCK;
else
mode |= O_TRUNC|O_EXLOCK;
# else /* LOCK_ON_OPEN */
if ((mode & O_ACCMODE) == O_RDWR)
{
# if NOFTRUNCATE
/*
** Warning: race condition. Try to lock the file as
** quickly as possible after opening it.
** This may also have security problems on some systems,
** but there isn't anything we can do about it.
*/
mode |= O_TRUNC;
# else /* NOFTRUNCATE */
/*
** This ugly code opens the map without truncating it,
** locks the file, then truncates it. Necessary to
** avoid race conditions.
*/
int dirfd;
int pagfd;
long sff = SFF_CREAT|SFF_OPENASROOT;
if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
sff |= SFF_NOSLINK;
if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
sff |= SFF_NOHLINK;
dirfd = safeopen(dirfile, mode, DBMMODE, sff);
pagfd = safeopen(pagfile, mode, DBMMODE, sff);
if (dirfd < 0 || pagfd < 0)
{
save_errno = errno;
if (dirfd >= 0)
(void) close(dirfd);
if (pagfd >= 0)
(void) close(pagfd);
errno = save_errno;
syserr("ndbm_map_open: cannot create database %s",
map->map_file);
return false;
}
if (ftruncate(dirfd, (off_t) 0) < 0 ||
ftruncate(pagfd, (off_t) 0) < 0)
{
save_errno = errno;
(void) close(dirfd);
(void) close(pagfd);
errno = save_errno;
syserr("ndbm_map_open: cannot truncate %s.{dir,pag}",
map->map_file);
return false;
}
/* if new file, get "before" bits for later filechanged check */
if (std.st_mode == ST_MODE_NOFILE &&
(fstat(dirfd, &std) < 0 || fstat(pagfd, &stp) < 0))
{
save_errno = errno;
(void) close(dirfd);
(void) close(pagfd);
errno = save_errno;
syserr("ndbm_map_open(%s.{dir,pag}): cannot fstat pre-opened file",
map->map_file);
return false;
}
/* have to save the lock for the duration (bletch) */
map->map_lockfd = dirfd;
(void) close(pagfd);
/* twiddle bits for dbm_open */
mode &= ~(O_CREAT|O_EXCL);
# endif /* NOFTRUNCATE */
}
# endif /* LOCK_ON_OPEN */
/* open the database */
dbm = dbm_open(map->map_file, mode, DBMMODE);
if (dbm == NULL)
{
save_errno = errno;
if (bitset(MF_ALIAS, map->map_mflags) &&
aliaswait(map, ".pag", false))
return true;
# if !LOCK_ON_OPEN && !NOFTRUNCATE
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
-# endif /* !LOCK_ON_OPEN && !NOFTRUNCATE */
+# endif
errno = save_errno;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("Cannot open DBM database %s", map->map_file);
return false;
}
dfd = dbm_dirfno(dbm);
pfd = dbm_pagfno(dbm);
if (dfd == pfd)
{
/* heuristic: if files are linked, this is actually gdbm */
dbm_close(dbm);
# if !LOCK_ON_OPEN && !NOFTRUNCATE
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
-# endif /* !LOCK_ON_OPEN && !NOFTRUNCATE */
+# endif
errno = 0;
syserr("dbm map \"%s\": cannot support GDBM",
map->map_mname);
return false;
}
if (filechanged(dirfile, dfd, &std) ||
filechanged(pagfile, pfd, &stp))
{
save_errno = errno;
dbm_close(dbm);
# if !LOCK_ON_OPEN && !NOFTRUNCATE
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
-# endif /* !LOCK_ON_OPEN && !NOFTRUNCATE */
+# endif
errno = save_errno;
syserr("ndbm_map_open(%s): file changed after open",
map->map_file);
return false;
}
map->map_db1 = (ARBPTR_T) dbm;
/*
** Need to set map_mtime before the call to aliaswait()
** as aliaswait() will call map_lookup() which requires
** map_mtime to be set
*/
if (fstat(pfd, &st) >= 0)
map->map_mtime = st.st_mtime;
if (mode == O_RDONLY)
{
# if LOCK_ON_OPEN
if (dfd >= 0)
(void) lockfile(dfd, map->map_file, ".dir", LOCK_UN);
if (pfd >= 0)
(void) lockfile(pfd, map->map_file, ".pag", LOCK_UN);
# endif /* LOCK_ON_OPEN */
if (bitset(MF_ALIAS, map->map_mflags) &&
!aliaswait(map, ".pag", true))
return false;
}
else
{
map->map_mflags |= MF_LOCKED;
if (geteuid() == 0 && TrustedUid != 0)
{
# if HASFCHOWN
if (fchown(dfd, TrustedUid, -1) < 0 ||
fchown(pfd, TrustedUid, -1) < 0)
{
int err = errno;
sm_syslog(LOG_ALERT, NOQID,
"ownership change on %s failed: %s",
map->map_file, sm_errstring(err));
message("050 ownership change on %s failed: %s",
map->map_file, sm_errstring(err));
}
# else /* HASFCHOWN */
sm_syslog(LOG_ALERT, NOQID,
"no fchown(): cannot change ownership on %s",
map->map_file);
message("050 no fchown(): cannot change ownership on %s",
map->map_file);
# endif /* HASFCHOWN */
}
}
return true;
}
/*
** NDBM_MAP_LOOKUP -- look up a datum in a DBM-type map
*/
char *
ndbm_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
datum key, val;
int dfd, pfd;
char keybuf[MAXNAME + 1];
struct stat stbuf;
if (tTd(38, 20))
sm_dprintf("ndbm_map_lookup(%s, %s)\n",
map->map_mname, name);
key.dptr = name;
key.dsize = strlen(name);
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
{
if (key.dsize > sizeof(keybuf) - 1)
key.dsize = sizeof(keybuf) - 1;
memmove(keybuf, key.dptr, key.dsize);
keybuf[key.dsize] = '\0';
makelower(keybuf);
key.dptr = keybuf;
}
lockdbm:
dfd = dbm_dirfno((DBM *) map->map_db1);
if (dfd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
(void) lockfile(dfd, map->map_file, ".dir", LOCK_SH);
pfd = dbm_pagfno((DBM *) map->map_db1);
if (pfd < 0 || fstat(pfd, &stbuf) < 0 ||
stbuf.st_mtime > map->map_mtime)
{
/* Reopen the database to sync the cache */
int omode = bitset(map->map_mflags, MF_WRITABLE) ? O_RDWR
: O_RDONLY;
if (dfd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
(void) lockfile(dfd, map->map_file, ".dir", LOCK_UN);
map->map_mflags |= MF_CLOSING;
map->map_class->map_close(map);
map->map_mflags &= ~(MF_OPEN|MF_WRITABLE|MF_CLOSING);
if (map->map_class->map_open(map, omode))
{
map->map_mflags |= MF_OPEN;
map->map_pid = CurrentPid;
if ((omode & O_ACCMODE) == O_RDWR)
map->map_mflags |= MF_WRITABLE;
goto lockdbm;
}
else
{
if (!bitset(MF_OPTIONAL, map->map_mflags))
{
extern MAPCLASS BogusMapClass;
*statp = EX_TEMPFAIL;
map->map_orgclass = map->map_class;
map->map_class = &BogusMapClass;
map->map_mflags |= MF_OPEN;
map->map_pid = CurrentPid;
syserr("Cannot reopen NDBM database %s",
map->map_file);
}
return NULL;
}
}
val.dptr = NULL;
if (bitset(MF_TRY0NULL, map->map_mflags))
{
val = dbm_fetch((DBM *) map->map_db1, key);
if (val.dptr != NULL)
map->map_mflags &= ~MF_TRY1NULL;
}
if (val.dptr == NULL && bitset(MF_TRY1NULL, map->map_mflags))
{
key.dsize++;
val = dbm_fetch((DBM *) map->map_db1, key);
if (val.dptr != NULL)
map->map_mflags &= ~MF_TRY0NULL;
}
if (dfd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
(void) lockfile(dfd, map->map_file, ".dir", LOCK_UN);
if (val.dptr == NULL)
return NULL;
if (bitset(MF_MATCHONLY, map->map_mflags))
return map_rewrite(map, name, strlen(name), NULL);
else
return map_rewrite(map, val.dptr, val.dsize, av);
}
/*
** NDBM_MAP_STORE -- store a datum in the database
*/
void
ndbm_map_store(map, lhs, rhs)
register MAP *map;
char *lhs;
char *rhs;
{
datum key;
datum data;
int status;
char keybuf[MAXNAME + 1];
if (tTd(38, 12))
sm_dprintf("ndbm_map_store(%s, %s, %s)\n",
map->map_mname, lhs, rhs);
key.dsize = strlen(lhs);
key.dptr = lhs;
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
{
if (key.dsize > sizeof(keybuf) - 1)
key.dsize = sizeof(keybuf) - 1;
memmove(keybuf, key.dptr, key.dsize);
keybuf[key.dsize] = '\0';
makelower(keybuf);
key.dptr = keybuf;
}
data.dsize = strlen(rhs);
data.dptr = rhs;
if (bitset(MF_INCLNULL, map->map_mflags))
{
key.dsize++;
data.dsize++;
}
status = dbm_store((DBM *) map->map_db1, key, data, DBM_INSERT);
if (status > 0)
{
if (!bitset(MF_APPEND, map->map_mflags))
message("050 Warning: duplicate alias name %s", lhs);
else
{
static char *buf = NULL;
static int bufsiz = 0;
auto int xstat;
datum old;
old.dptr = ndbm_map_lookup(map, key.dptr,
(char **) NULL, &xstat);
if (old.dptr != NULL && *(char *) old.dptr != '\0')
{
old.dsize = strlen(old.dptr);
if (data.dsize + old.dsize + 2 > bufsiz)
{
if (buf != NULL)
(void) sm_free(buf);
bufsiz = data.dsize + old.dsize + 2;
buf = sm_pmalloc_x(bufsiz);
}
(void) sm_strlcpyn(buf, bufsiz, 3,
data.dptr, ",", old.dptr);
data.dsize = data.dsize + old.dsize + 1;
data.dptr = buf;
if (tTd(38, 9))
sm_dprintf("ndbm_map_store append=%s\n",
- (char *)data.dptr);
+ data.dptr);
}
}
status = dbm_store((DBM *) map->map_db1,
key, data, DBM_REPLACE);
}
if (status != 0)
syserr("readaliases: dbm put (%s): %d", lhs, status);
}
/*
** NDBM_MAP_CLOSE -- close the database
*/
void
ndbm_map_close(map)
register MAP *map;
{
if (tTd(38, 9))
sm_dprintf("ndbm_map_close(%s, %s, %lx)\n",
map->map_mname, map->map_file, map->map_mflags);
if (bitset(MF_WRITABLE, map->map_mflags))
{
# ifdef NDBM_YP_COMPAT
bool inclnull;
char buf[MAXHOSTNAMELEN];
inclnull = bitset(MF_INCLNULL, map->map_mflags);
map->map_mflags &= ~MF_INCLNULL;
if (strstr(map->map_file, "/yp/") != NULL)
{
long save_mflags = map->map_mflags;
map->map_mflags |= MF_NOFOLDCASE;
(void) sm_snprintf(buf, sizeof(buf), "%010ld", curtime());
ndbm_map_store(map, "YP_LAST_MODIFIED", buf);
(void) gethostname(buf, sizeof(buf));
ndbm_map_store(map, "YP_MASTER_NAME", buf);
map->map_mflags = save_mflags;
}
if (inclnull)
map->map_mflags |= MF_INCLNULL;
# endif /* NDBM_YP_COMPAT */
/* write out the distinguished alias */
ndbm_map_store(map, "@", "@");
}
dbm_close((DBM *) map->map_db1);
/* release lock (if needed) */
# if !LOCK_ON_OPEN
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
-# endif /* !LOCK_ON_OPEN */
+# endif
}
#endif /* NDBM */
/*
** NEWDB (Hash and BTree) Modules
*/
#if NEWDB
/*
** BT_MAP_OPEN, HASH_MAP_OPEN -- database open primitives.
**
** These do rather bizarre locking. If you can lock on open,
** do that to avoid the condition of opening a database that
** is being rebuilt. If you don't, we'll try to fake it, but
** there will be a race condition. If opening for read-only,
** we immediately release the lock to avoid freezing things up.
** We really ought to hold the lock, but guarantee that we won't
** be pokey about it. That's hard to do.
*/
/* these should be K line arguments */
# if DB_VERSION_MAJOR < 2
# define db_cachesize cachesize
# define h_nelem nelem
# ifndef DB_CACHE_SIZE
# define DB_CACHE_SIZE (1024 * 1024) /* database memory cache size */
-# endif /* ! DB_CACHE_SIZE */
+# endif
# ifndef DB_HASH_NELEM
# define DB_HASH_NELEM 4096 /* (starting) size of hash table */
-# endif /* ! DB_HASH_NELEM */
+# endif
# endif /* DB_VERSION_MAJOR < 2 */
bool
bt_map_open(map, mode)
MAP *map;
int mode;
{
# if DB_VERSION_MAJOR < 2
BTREEINFO btinfo;
-# endif /* DB_VERSION_MAJOR < 2 */
+# endif
# if DB_VERSION_MAJOR == 2
DB_INFO btinfo;
-# endif /* DB_VERSION_MAJOR == 2 */
+# endif
# if DB_VERSION_MAJOR > 2
void *btinfo = NULL;
-# endif /* DB_VERSION_MAJOR > 2 */
+# endif
if (tTd(38, 2))
sm_dprintf("bt_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
# if DB_VERSION_MAJOR < 3
memset(&btinfo, '\0', sizeof(btinfo));
# ifdef DB_CACHE_SIZE
btinfo.db_cachesize = DB_CACHE_SIZE;
-# endif /* DB_CACHE_SIZE */
+# endif
# endif /* DB_VERSION_MAJOR < 3 */
return db_map_open(map, mode, "btree", DB_BTREE, &btinfo);
}
bool
hash_map_open(map, mode)
MAP *map;
int mode;
{
# if DB_VERSION_MAJOR < 2
HASHINFO hinfo;
-# endif /* DB_VERSION_MAJOR < 2 */
+# endif
# if DB_VERSION_MAJOR == 2
DB_INFO hinfo;
-# endif /* DB_VERSION_MAJOR == 2 */
+# endif
# if DB_VERSION_MAJOR > 2
void *hinfo = NULL;
-# endif /* DB_VERSION_MAJOR > 2 */
+# endif
if (tTd(38, 2))
sm_dprintf("hash_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
# if DB_VERSION_MAJOR < 3
memset(&hinfo, '\0', sizeof(hinfo));
# ifdef DB_HASH_NELEM
hinfo.h_nelem = DB_HASH_NELEM;
-# endif /* DB_HASH_NELEM */
+# endif
# ifdef DB_CACHE_SIZE
hinfo.db_cachesize = DB_CACHE_SIZE;
-# endif /* DB_CACHE_SIZE */
+# endif
# endif /* DB_VERSION_MAJOR < 3 */
return db_map_open(map, mode, "hash", DB_HASH, &hinfo);
}
static bool
db_map_open(map, mode, mapclassname, dbtype, openinfo)
MAP *map;
int mode;
char *mapclassname;
DBTYPE dbtype;
# if DB_VERSION_MAJOR < 2
const void *openinfo;
-# endif /* DB_VERSION_MAJOR < 2 */
+# endif
# if DB_VERSION_MAJOR == 2
DB_INFO *openinfo;
-# endif /* DB_VERSION_MAJOR == 2 */
+# endif
# if DB_VERSION_MAJOR > 2
void **openinfo;
-# endif /* DB_VERSION_MAJOR > 2 */
+# endif
{
DB *db = NULL;
int i;
int omode;
int smode = S_IREAD;
int fd;
long sff;
int save_errno;
struct stat st;
char buf[MAXPATHLEN];
/* do initial file and directory checks */
if (sm_strlcpy(buf, map->map_file, sizeof(buf)) >= sizeof(buf))
{
errno = 0;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("map \"%s\": map file %s name too long",
map->map_mname, map->map_file);
return false;
}
i = strlen(buf);
if (i < 3 || strcmp(&buf[i - 3], ".db") != 0)
{
if (sm_strlcat(buf, ".db", sizeof(buf)) >= sizeof(buf))
{
errno = 0;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("map \"%s\": map file %s name too long",
map->map_mname, map->map_file);
return false;
}
}
mode &= O_ACCMODE;
omode = mode;
sff = SFF_ROOTOK|SFF_REGONLY;
if (mode == O_RDWR)
{
sff |= SFF_CREAT;
if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
sff |= SFF_NOSLINK;
if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
sff |= SFF_NOHLINK;
smode = S_IWRITE;
}
else
{
if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
sff |= SFF_NOWLINK;
}
if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
sff |= SFF_SAFEDIRPATH;
i = safefile(buf, RunAsUid, RunAsGid, RunAsUserName, sff, smode, &st);
if (i != 0)
{
char *prob = "unsafe";
/* cannot open this map */
if (i == ENOENT)
prob = "missing";
if (tTd(38, 2))
sm_dprintf("\t%s map file: %s\n", prob, sm_errstring(i));
errno = i;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("%s map \"%s\": %s map file %s",
mapclassname, map->map_mname, prob, buf);
return false;
}
if (st.st_mode == ST_MODE_NOFILE)
omode |= O_CREAT|O_EXCL;
map->map_lockfd = -1;
# if LOCK_ON_OPEN
if (mode == O_RDWR)
omode |= O_TRUNC|O_EXLOCK;
else
omode |= O_SHLOCK;
# else /* LOCK_ON_OPEN */
/*
** Pre-lock the file to avoid race conditions. In particular,
** since dbopen returns NULL if the file is zero length, we
** must have a locked instance around the dbopen.
*/
fd = open(buf, omode, DBMMODE);
if (fd < 0)
{
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("db_map_open: cannot pre-open database %s", buf);
return false;
}
/* make sure no baddies slipped in just before the open... */
if (filechanged(buf, fd, &st))
{
save_errno = errno;
(void) close(fd);
errno = save_errno;
syserr("db_map_open(%s): file changed after pre-open", buf);
return false;
}
/* if new file, get the "before" bits for later filechanged check */
if (st.st_mode == ST_MODE_NOFILE && fstat(fd, &st) < 0)
{
save_errno = errno;
(void) close(fd);
errno = save_errno;
syserr("db_map_open(%s): cannot fstat pre-opened file",
buf);
return false;
}
/* actually lock the pre-opened file */
if (!lockfile(fd, buf, NULL, mode == O_RDONLY ? LOCK_SH : LOCK_EX))
syserr("db_map_open: cannot lock %s", buf);
/* set up mode bits for dbopen */
if (mode == O_RDWR)
omode |= O_TRUNC;
omode &= ~(O_EXCL|O_CREAT);
# endif /* LOCK_ON_OPEN */
# if DB_VERSION_MAJOR < 2
db = dbopen(buf, omode, DBMMODE, dbtype, openinfo);
# else /* DB_VERSION_MAJOR < 2 */
{
int flags = 0;
# if DB_VERSION_MAJOR > 2
int ret;
-# endif /* DB_VERSION_MAJOR > 2 */
+# endif
if (mode == O_RDONLY)
flags |= DB_RDONLY;
if (bitset(O_CREAT, omode))
flags |= DB_CREATE;
if (bitset(O_TRUNC, omode))
flags |= DB_TRUNCATE;
SM_DB_FLAG_ADD(flags);
# if DB_VERSION_MAJOR > 2
ret = db_create(&db, NULL, 0);
# ifdef DB_CACHE_SIZE
if (ret == 0 && db != NULL)
{
ret = db->set_cachesize(db, 0, DB_CACHE_SIZE, 0);
if (ret != 0)
{
(void) db->close(db, 0);
db = NULL;
}
}
# endif /* DB_CACHE_SIZE */
# ifdef DB_HASH_NELEM
if (dbtype == DB_HASH && ret == 0 && db != NULL)
{
ret = db->set_h_nelem(db, DB_HASH_NELEM);
if (ret != 0)
{
(void) db->close(db, 0);
db = NULL;
}
}
# endif /* DB_HASH_NELEM */
if (ret == 0 && db != NULL)
{
ret = db->open(db,
DBTXN /* transaction for DB 4.1 */
buf, NULL, dbtype, flags, DBMMODE);
if (ret != 0)
{
#ifdef DB_OLD_VERSION
if (ret == DB_OLD_VERSION)
ret = EINVAL;
#endif /* DB_OLD_VERSION */
(void) db->close(db, 0);
db = NULL;
}
}
errno = ret;
# else /* DB_VERSION_MAJOR > 2 */
errno = db_open(buf, dbtype, flags, DBMMODE,
NULL, openinfo, &db);
# endif /* DB_VERSION_MAJOR > 2 */
}
# endif /* DB_VERSION_MAJOR < 2 */
save_errno = errno;
# if !LOCK_ON_OPEN
if (mode == O_RDWR)
map->map_lockfd = fd;
else
(void) close(fd);
# endif /* !LOCK_ON_OPEN */
if (db == NULL)
{
if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
aliaswait(map, ".db", false))
return true;
# if !LOCK_ON_OPEN
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
-# endif /* !LOCK_ON_OPEN */
+# endif
errno = save_errno;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("Cannot open %s database %s",
mapclassname, buf);
return false;
}
# if DB_VERSION_MAJOR < 2
fd = db->fd(db);
-# else /* DB_VERSION_MAJOR < 2 */
+# else
fd = -1;
errno = db->fd(db, &fd);
# endif /* DB_VERSION_MAJOR < 2 */
if (filechanged(buf, fd, &st))
{
save_errno = errno;
# if DB_VERSION_MAJOR < 2
(void) db->close(db);
-# else /* DB_VERSION_MAJOR < 2 */
+# else
errno = db->close(db, 0);
# endif /* DB_VERSION_MAJOR < 2 */
# if !LOCK_ON_OPEN
if (map->map_lockfd >= 0)
(void) close(map->map_lockfd);
-# endif /* !LOCK_ON_OPEN */
+# endif
errno = save_errno;
syserr("db_map_open(%s): file changed after open", buf);
return false;
}
if (mode == O_RDWR)
map->map_mflags |= MF_LOCKED;
# if LOCK_ON_OPEN
if (fd >= 0 && mode == O_RDONLY)
{
(void) lockfile(fd, buf, NULL, LOCK_UN);
}
# endif /* LOCK_ON_OPEN */
/* try to make sure that at least the database header is on disk */
if (mode == O_RDWR)
{
(void) db->sync(db, 0);
if (geteuid() == 0 && TrustedUid != 0)
{
# if HASFCHOWN
if (fchown(fd, TrustedUid, -1) < 0)
{
int err = errno;
sm_syslog(LOG_ALERT, NOQID,
"ownership change on %s failed: %s",
buf, sm_errstring(err));
message("050 ownership change on %s failed: %s",
buf, sm_errstring(err));
}
# else /* HASFCHOWN */
sm_syslog(LOG_ALERT, NOQID,
"no fchown(): cannot change ownership on %s",
map->map_file);
message("050 no fchown(): cannot change ownership on %s",
map->map_file);
# endif /* HASFCHOWN */
}
}
map->map_db2 = (ARBPTR_T) db;
/*
** Need to set map_mtime before the call to aliaswait()
** as aliaswait() will call map_lookup() which requires
** map_mtime to be set
*/
if (fd >= 0 && fstat(fd, &st) >= 0)
map->map_mtime = st.st_mtime;
if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) &&
!aliaswait(map, ".db", true))
return false;
return true;
}
/*
** DB_MAP_LOOKUP -- look up a datum in a BTREE- or HASH-type map
*/
char *
db_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
DBT key, val;
register DB *db = (DB *) map->map_db2;
int i;
int st;
int save_errno;
int fd;
struct stat stbuf;
char keybuf[MAXNAME + 1];
char buf[MAXPATHLEN];
memset(&key, '\0', sizeof(key));
memset(&val, '\0', sizeof(val));
if (tTd(38, 20))
sm_dprintf("db_map_lookup(%s, %s)\n",
map->map_mname, name);
if (sm_strlcpy(buf, map->map_file, sizeof(buf)) >= sizeof(buf))
{
errno = 0;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("map \"%s\": map file %s name too long",
map->map_mname, map->map_file);
return NULL;
}
i = strlen(buf);
if (i > 3 && strcmp(&buf[i - 3], ".db") == 0)
buf[i - 3] = '\0';
key.size = strlen(name);
if (key.size > sizeof(keybuf) - 1)
key.size = sizeof(keybuf) - 1;
key.data = keybuf;
memmove(keybuf, name, key.size);
keybuf[key.size] = '\0';
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
makelower(keybuf);
lockdb:
# if DB_VERSION_MAJOR < 2
fd = db->fd(db);
-# else /* DB_VERSION_MAJOR < 2 */
+# else
fd = -1;
errno = db->fd(db, &fd);
# endif /* DB_VERSION_MAJOR < 2 */
if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
(void) lockfile(fd, buf, ".db", LOCK_SH);
if (fd < 0 || fstat(fd, &stbuf) < 0 || stbuf.st_mtime > map->map_mtime)
{
/* Reopen the database to sync the cache */
int omode = bitset(map->map_mflags, MF_WRITABLE) ? O_RDWR
: O_RDONLY;
if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
(void) lockfile(fd, buf, ".db", LOCK_UN);
map->map_mflags |= MF_CLOSING;
map->map_class->map_close(map);
map->map_mflags &= ~(MF_OPEN|MF_WRITABLE|MF_CLOSING);
if (map->map_class->map_open(map, omode))
{
map->map_mflags |= MF_OPEN;
map->map_pid = CurrentPid;
if ((omode & O_ACCMODE) == O_RDWR)
map->map_mflags |= MF_WRITABLE;
db = (DB *) map->map_db2;
goto lockdb;
}
else
{
if (!bitset(MF_OPTIONAL, map->map_mflags))
{
extern MAPCLASS BogusMapClass;
*statp = EX_TEMPFAIL;
map->map_orgclass = map->map_class;
map->map_class = &BogusMapClass;
map->map_mflags |= MF_OPEN;
map->map_pid = CurrentPid;
syserr("Cannot reopen DB database %s",
map->map_file);
}
return NULL;
}
}
st = 1;
if (bitset(MF_TRY0NULL, map->map_mflags))
{
# if DB_VERSION_MAJOR < 2
st = db->get(db, &key, &val, 0);
# else /* DB_VERSION_MAJOR < 2 */
errno = db->get(db, NULL, &key, &val, 0);
switch (errno)
{
case DB_NOTFOUND:
case DB_KEYEMPTY:
st = 1;
break;
case 0:
st = 0;
break;
default:
st = -1;
break;
}
# endif /* DB_VERSION_MAJOR < 2 */
if (st == 0)
map->map_mflags &= ~MF_TRY1NULL;
}
if (st != 0 && bitset(MF_TRY1NULL, map->map_mflags))
{
key.size++;
# if DB_VERSION_MAJOR < 2
st = db->get(db, &key, &val, 0);
# else /* DB_VERSION_MAJOR < 2 */
errno = db->get(db, NULL, &key, &val, 0);
switch (errno)
{
case DB_NOTFOUND:
case DB_KEYEMPTY:
st = 1;
break;
case 0:
st = 0;
break;
default:
st = -1;
break;
}
# endif /* DB_VERSION_MAJOR < 2 */
if (st == 0)
map->map_mflags &= ~MF_TRY0NULL;
}
save_errno = errno;
if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags))
(void) lockfile(fd, buf, ".db", LOCK_UN);
if (st != 0)
{
errno = save_errno;
if (st < 0)
syserr("db_map_lookup: get (%s)", name);
return NULL;
}
if (bitset(MF_MATCHONLY, map->map_mflags))
return map_rewrite(map, name, strlen(name), NULL);
else
return map_rewrite(map, val.data, val.size, av);
}
/*
** DB_MAP_STORE -- store a datum in the NEWDB database
*/
void
db_map_store(map, lhs, rhs)
register MAP *map;
char *lhs;
char *rhs;
{
int status;
DBT key;
DBT data;
register DB *db = map->map_db2;
char keybuf[MAXNAME + 1];
memset(&key, '\0', sizeof(key));
memset(&data, '\0', sizeof(data));
if (tTd(38, 12))
sm_dprintf("db_map_store(%s, %s, %s)\n",
map->map_mname, lhs, rhs);
key.size = strlen(lhs);
key.data = lhs;
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
{
if (key.size > sizeof(keybuf) - 1)
key.size = sizeof(keybuf) - 1;
memmove(keybuf, key.data, key.size);
keybuf[key.size] = '\0';
makelower(keybuf);
key.data = keybuf;
}
data.size = strlen(rhs);
data.data = rhs;
if (bitset(MF_INCLNULL, map->map_mflags))
{
key.size++;
data.size++;
}
# if DB_VERSION_MAJOR < 2
status = db->put(db, &key, &data, R_NOOVERWRITE);
# else /* DB_VERSION_MAJOR < 2 */
errno = db->put(db, NULL, &key, &data, DB_NOOVERWRITE);
switch (errno)
{
case DB_KEYEXIST:
status = 1;
break;
- case 0:
- status = 0;
- break;
+ case 0:
+ status = 0;
+ break;
+
+ default:
+ status = -1;
+ break;
+ }
+# endif /* DB_VERSION_MAJOR < 2 */
+ if (status > 0)
+ {
+ if (!bitset(MF_APPEND, map->map_mflags))
+ message("050 Warning: duplicate alias name %s", lhs);
+ else
+ {
+ static char *buf = NULL;
+ static int bufsiz = 0;
+ DBT old;
+
+ memset(&old, '\0', sizeof(old));
+
+ old.data = db_map_lookup(map, key.data,
+ (char **) NULL, &status);
+ if (old.data != NULL)
+ {
+ old.size = strlen(old.data);
+ if (data.size + old.size + 2 > (size_t) bufsiz)
+ {
+ if (buf != NULL)
+ sm_free(buf);
+ bufsiz = data.size + old.size + 2;
+ buf = sm_pmalloc_x(bufsiz);
+ }
+ (void) sm_strlcpyn(buf, bufsiz, 3,
+ (char *) data.data, ",",
+ (char *) old.data);
+ data.size = data.size + old.size + 1;
+ data.data = buf;
+ if (tTd(38, 9))
+ sm_dprintf("db_map_store append=%s\n",
+ (char *) data.data);
+ }
+ }
+# if DB_VERSION_MAJOR < 2
+ status = db->put(db, &key, &data, 0);
+# else
+ status = errno = db->put(db, NULL, &key, &data, 0);
+# endif /* DB_VERSION_MAJOR < 2 */
+ }
+ if (status != 0)
+ syserr("readaliases: db put (%s)", lhs);
+}
+
+
+/*
+** DB_MAP_CLOSE -- add distinguished entries and close the database
+*/
+
+void
+db_map_close(map)
+ MAP *map;
+{
+ register DB *db = map->map_db2;
+
+ if (tTd(38, 9))
+ sm_dprintf("db_map_close(%s, %s, %lx)\n",
+ map->map_mname, map->map_file, map->map_mflags);
+
+ if (bitset(MF_WRITABLE, map->map_mflags))
+ {
+ /* write out the distinguished alias */
+ db_map_store(map, "@", "@");
+ }
+
+ (void) db->sync(db, 0);
+
+# if !LOCK_ON_OPEN
+ if (map->map_lockfd >= 0)
+ (void) close(map->map_lockfd);
+# endif /* !LOCK_ON_OPEN */
+
+# if DB_VERSION_MAJOR < 2
+ if (db->close(db) != 0)
+# else /* DB_VERSION_MAJOR < 2 */
+ /*
+ ** Berkeley DB can use internal shared memory
+ ** locking for its memory pool. Closing a map
+ ** opened by another process will interfere
+ ** with the shared memory and locks of the parent
+ ** process leaving things in a bad state.
+ */
+
+ /*
+ ** If this map was not opened by the current
+ ** process, do not close the map but recover
+ ** the file descriptor.
+ */
+
+ if (map->map_pid != CurrentPid)
+ {
+ int fd = -1;
+
+ errno = db->fd(db, &fd);
+ if (fd >= 0)
+ (void) close(fd);
+ return;
+ }
+
+ if ((errno = db->close(db, 0)) != 0)
+# endif /* DB_VERSION_MAJOR < 2 */
+ syserr("db_map_close(%s, %s, %lx): db close failure",
+ map->map_mname, map->map_file, map->map_mflags);
+}
+#endif /* NEWDB */
+
+#if CDB
+/*
+** CDB Modules
+*/
+
+static bool smdb_add_extension __P((char *, int, char *, char *));
+
+/*
+** SMDB_ADD_EXTENSION -- Adds an extension to a file name.
+**
+** Just adds a . followed by a string to a db_name if there
+** is room and the db_name does not already have that extension.
+**
+** Parameters:
+** full_name -- The final file name.
+** max_full_name_len -- The max length for full_name.
+** db_name -- The name of the db.
+** extension -- The extension to add.
+**
+** Returns:
+** SMDBE_OK -- Success.
+** Anything else is an error. Look up more info about the
+** error in the comments for the specific open() used.
+*/
+
+static bool
+smdb_add_extension(full_name, max_full_name_len, db_name, extension)
+ char *full_name;
+ int max_full_name_len;
+ char *db_name;
+ char *extension;
+{
+ int extension_len;
+ int db_name_len;
+
+ if (full_name == NULL || db_name == NULL || extension == NULL)
+ return false; /* SMDBE_INVALID_PARAMETER; */
+
+ extension_len = strlen(extension);
+ db_name_len = strlen(db_name);
+
+ if (extension_len + db_name_len + 2 > max_full_name_len)
+ return false; /* SMDBE_DB_NAME_TOO_LONG; */
+
+ if (db_name_len < extension_len + 1 ||
+ db_name[db_name_len - extension_len - 1] != '.' ||
+ strcmp(&db_name[db_name_len - extension_len], extension) != 0)
+ (void) sm_snprintf(full_name, max_full_name_len, "%s.%s",
+ db_name, extension);
+ else
+ (void) sm_strlcpy(full_name, db_name, max_full_name_len);
+
+ return true;
+}
+
+bool
+cdb_map_open(map, mode)
+ MAP *map;
+ int mode;
+{
+ int fd, status, omode, smode;
+ long sff;
+ struct stat st;
+ char buf[MAXPATHLEN];
+
+ if (tTd(38, 2))
+ sm_dprintf("cdb_map_open(%s, %s, %d)\n",
+ map->map_mname, map->map_file, mode);
+ map->map_db1 = (ARBPTR_T)NULL;
+ map->map_db2 = (ARBPTR_T)NULL;
+
+ mode &= O_ACCMODE;
+ omode = mode;
+
+ /*
+ ** Notes:
+ ** If a temporary file is used, then there must be some check
+ ** that the rename() is "safe" (i.e., does not overwrite some
+ ** "other" file created by an attacker).
+ **
+ ** The code to add the extension and to set up safefile()
+ ** and open() should be in a common function
+ ** (it would be nice to re-use libsmdb?)
+ */
+
+ if (!smdb_add_extension(buf, sizeof(buf), map->map_file, CDBext))
+ {
+ errno = 0;
+ if (!bitset(MF_OPTIONAL, map->map_mflags))
+ syserr("cdb map \"%s\": map file %s name too long",
+ map->map_mname, map->map_file);
+ return false;
+ }
+
+ sff = SFF_ROOTOK|SFF_REGONLY;
+ if (mode == O_RDWR)
+ {
+ if (sm_strlcat(buf, ".tmp", sizeof buf) >= sizeof buf)
+ {
+ errno = 0;
+ if (!bitset(MF_OPTIONAL, map->map_mflags))
+ syserr("cdb map \"%s\": map file %s name too long",
+ map->map_mname, map->map_file);
+ return false;
+ }
+ sff |= SFF_CREAT;
+ if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail))
+ sff |= SFF_NOSLINK;
+ if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail))
+ sff |= SFF_NOHLINK;
+ smode = S_IWRITE;
+ }
+ else
+ {
+ smode = S_IREAD;
+ if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
+ sff |= SFF_NOWLINK;
+ }
+ if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
+ sff |= SFF_SAFEDIRPATH;
+ status = safefile(buf, RunAsUid, RunAsGid, RunAsUserName, sff, smode, &st);
+ if (status != 0)
+ {
+ char *prob = "unsafe";
+
+ /* cannot open this map */
+ if (status == ENOENT)
+ prob = "missing";
+ errno = status;
+ if (tTd(38, 2))
+ sm_dprintf("\t%s map file: %s\n", prob, sm_errstring(status));
+ if (!bitset(MF_OPTIONAL, map->map_mflags))
+ syserr("%s map \"%s\": %s map file %s",
+ map->map_mname, prob, buf, sm_errstring(status));
+ return false;
+ }
+
+ if (st.st_mode == ST_MODE_NOFILE)
+ omode |= O_CREAT|O_EXCL;
+# if LOCK_ON_OPEN
+ if (mode == O_RDWR)
+ omode |= O_TRUNC|O_EXLOCK;
+ else
+ omode |= O_SHLOCK;
+# else
+ if (mode == O_RDWR)
+ omode |= O_TRUNC;
+# endif /* LOCK_ON_OPEN */
+
+ fd = open(buf, omode, DBMMODE);
+ if (fd < 0)
+ {
+ if (!bitset(MF_OPTIONAL, map->map_mflags))
+ syserr("cdb_map_open: cannot open database %s", buf);
+ return false;
+ }
+
+# if !LOCK_ON_OPEN
+ /* make sure no baddies slipped in just before the open... */
+ if (filechanged(buf, fd, &st))
+ {
+ int save_errno;
+
+ save_errno = errno;
+ (void) close(fd);
+ errno = save_errno;
+ syserr("cdb_map_open(%s): file changed after open", buf);
+ return false;
+ }
+
+ /* actually lock the opened file */
+ if (!lockfile(fd, buf, NULL, mode == O_RDONLY ? LOCK_SH : LOCK_EX))
+ syserr("cdb_map_open: cannot lock %s", buf);
+# endif /* !LOCK_ON_OPEN */
+
+ /* only for aliases! */
+ if (mode == O_RDWR)
+ {
+ struct cdb_make *cdbmp;
+
+ cdbmp = (struct cdb_make *) xalloc(sizeof(*cdbmp));
+ status = cdb_make_start(cdbmp, fd);
+ if (status != 0)
+ {
+ close(fd);
+ if (!bitset(MF_OPTIONAL, map->map_mflags))
+ syserr("initialization of cdb map (make) failed");
+ return false;
+ }
+
+ map->map_db2 = (ARBPTR_T)cdbmp;
+ return true;
+ }
+ else
+ {
+ struct cdb *cdbp;
+
+ cdbp = (struct cdb *) xalloc(sizeof(*cdbp));
+ status = cdb_init(cdbp, fd);
+ if (status != 0)
+ {
+ close(fd);
+ if (!bitset(MF_OPTIONAL, map->map_mflags))
+ syserr("initialization of cdb map failed");
+ return false;
+ }
+ map->map_db1 = (ARBPTR_T)cdbp;
+ return true;
+ }
+
+ /* NOTREACHED */
+ return false;
+}
+
+char *
+cdb_map_lookup (map, name, av, statp)
+ MAP * map;
+ char *name;
+ char **av;
+ int *statp;
+{
+ char * data;
+ struct cdb *cdbmap;
+ unsigned int klen, dlen;
+ int st;
+ char key[MAXNAME+1];
+
+ data = NULL;
+ cdbmap = map->map_db1;
+ if (tTd(38, 20))
+ sm_dprintf("cdb_map_lookup(%s, %s)\n", map->map_mname, name);
+
+ klen = strlen(name);
+ if (klen > sizeof(key) - 1)
+ klen = sizeof(key) - 1;
+ memmove(key, name, klen);
+ key[klen] = '\0';
- default:
- status = -1;
- break;
+ if (!bitset(MF_NOFOLDCASE, map->map_mflags))
+ makelower(key);
+
+ st = 0;
+ if (bitset(MF_TRY0NULL, map->map_mflags))
+ {
+ st = cdb_find(cdbmap, key, klen);
+ if (st == 1)
+ map->map_mflags &= ~MF_TRY1NULL;
}
-# endif /* DB_VERSION_MAJOR < 2 */
- if (status > 0)
+ if (st != 1 && bitset(MF_TRY1NULL, map->map_mflags))
{
- if (!bitset(MF_APPEND, map->map_mflags))
- message("050 Warning: duplicate alias name %s", lhs);
- else
- {
- static char *buf = NULL;
- static int bufsiz = 0;
- DBT old;
-
- memset(&old, '\0', sizeof(old));
-
- old.data = db_map_lookup(map, key.data,
- (char **) NULL, &status);
- if (old.data != NULL)
- {
- old.size = strlen(old.data);
- if (data.size + old.size + 2 > (size_t) bufsiz)
- {
- if (buf != NULL)
- sm_free(buf);
- bufsiz = data.size + old.size + 2;
- buf = sm_pmalloc_x(bufsiz);
- }
- (void) sm_strlcpyn(buf, bufsiz, 3,
- (char *) data.data, ",",
- (char *) old.data);
- data.size = data.size + old.size + 1;
- data.data = buf;
- if (tTd(38, 9))
- sm_dprintf("db_map_store append=%s\n",
- (char *) data.data);
- }
- }
-# if DB_VERSION_MAJOR < 2
- status = db->put(db, &key, &data, 0);
-# else /* DB_VERSION_MAJOR < 2 */
- status = errno = db->put(db, NULL, &key, &data, 0);
-# endif /* DB_VERSION_MAJOR < 2 */
+ st = cdb_find(cdbmap, key, klen + 1);
+ if (st == 1)
+ map->map_mflags &= ~MF_TRY0NULL;
}
- if (status != 0)
- syserr("readaliases: db put (%s)", lhs);
+ if (st != 1)
+ {
+ if (st < 0)
+ syserr("cdb_map_lookup: get (%s)", name);
+ return NULL;
+ }
+ else
+ {
+ dlen = cdb_datalen(cdbmap);
+ data = malloc(dlen + 1);
+ cdb_read(cdbmap, data, dlen, cdb_datapos(cdbmap));
+ data[dlen] = '\0';
+ }
+ if (bitset(MF_MATCHONLY, map->map_mflags))
+ return map_rewrite(map, name, strlen(name), NULL);
+ else
+ return map_rewrite(map, data, dlen, av);
}
-
/*
-** DB_MAP_CLOSE -- add distinguished entries and close the database
+** CDB_MAP_STORE -- store a datum in the CDB database
*/
void
-db_map_close(map)
+cdb_map_store(map, lhs, rhs)
MAP *map;
+ char *lhs;
+ char *rhs;
{
- register DB *db = map->map_db2;
+ struct cdb_make *cdbmp;
+ size_t klen;
+ size_t vlen;
+ int status;
+ char keybuf[MAXNAME + 1];
- if (tTd(38, 9))
- sm_dprintf("db_map_close(%s, %s, %lx)\n",
- map->map_mname, map->map_file, map->map_mflags);
+ cdbmp = map->map_db2;
+ if (cdbmp == NULL)
+ return; /* XXX */
- if (bitset(MF_WRITABLE, map->map_mflags))
+ klen = strlen(lhs);
+ vlen = strlen(rhs);
+ if (!bitset(MF_NOFOLDCASE, map->map_mflags))
{
- /* write out the distinguished alias */
- db_map_store(map, "@", "@");
+ if (klen > sizeof(keybuf) - 1)
+ klen = sizeof(keybuf) - 1;
+ memmove(keybuf, lhs, klen);
+ keybuf[klen] = '\0';
+ makelower(keybuf);
+ lhs = keybuf;
}
- (void) db->sync(db, 0);
-
-# if !LOCK_ON_OPEN
- if (map->map_lockfd >= 0)
- (void) close(map->map_lockfd);
-# endif /* !LOCK_ON_OPEN */
+ if (bitset(MF_INCLNULL, map->map_mflags))
+ {
+ klen++;
+ vlen++;
+ }
-# if DB_VERSION_MAJOR < 2
- if (db->close(db) != 0)
-# else /* DB_VERSION_MAJOR < 2 */
- /*
- ** Berkeley DB can use internal shared memory
- ** locking for its memory pool. Closing a map
- ** opened by another process will interfere
- ** with the shared memory and locks of the parent
- ** process leaving things in a bad state.
- */
+ /* flags? */
+ status = cdb_make_put(cdbmp, lhs, klen, rhs, vlen, 0);
+ /* and now? */
+}
- /*
- ** If this map was not opened by the current
- ** process, do not close the map but recover
- ** the file descriptor.
- */
+void
+cdb_map_close(map)
+ MAP * map;
+{
+ struct cdb *cdbp;
+ struct cdb_make *cdbmp;
+ int fd;
- if (map->map_pid != CurrentPid)
+ fd = -1;
+ cdbp = map->map_db1;
+ if (cdbp != NULL)
{
- int fd = -1;
-
- errno = db->fd(db, &fd);
- if (fd >= 0)
- (void) close(fd);
- return;
+ if (tTd(38, 20))
+ sm_dprintf("cdb_map_close(%p)\n", (void *)cdbp);
+ fd = cdb_fileno(cdbp);
+ cdb_free(cdbp);
+ sm_free(cdbp);
+ cdbp = NULL;
}
+ cdbmp = map->map_db2;
+ if (cdbmp != NULL)
+ {
+ char tmpfn[MAXPATHLEN], cdbfn[MAXPATHLEN];
- if ((errno = db->close(db, 0)) != 0)
-# endif /* DB_VERSION_MAJOR < 2 */
- syserr("db_map_close(%s, %s, %lx): db close failure",
- map->map_mname, map->map_file, map->map_mflags);
+ if (tTd(38, 20))
+ sm_dprintf("cdb_map_close(%p)\n", (void *)cdbmp);
+ fd = cdb_fileno(cdbmp);
+
+ /* write out the distinguished alias */
+ /* XXX Why isn't this in a common place? */
+ cdb_map_store(map, "@", "@");
+
+ if (cdb_make_finish(cdbmp) != 0)
+ syserr("cdb: failed to write %s", map->map_file);
+ if (fd >=0)
+ {
+ if (fsync(fd) == -1)
+ syserr("cdb: fsync(%s) failed", map->map_file);
+ if (close(fd) == -1)
+ syserr("cdb: close(%s) failed", map->map_file);
+ }
+
+ if (!smdb_add_extension(cdbfn, sizeof(cdbfn), map->map_file,
+ CDBext))
+ {
+ syserr("cdb: add extension to %s failed",
+ map->map_file);
+ }
+ if (sm_strlcpy(tmpfn, cdbfn, sizeof tmpfn) >= sizeof tmpfn ||
+ sm_strlcat(tmpfn, ".tmp", sizeof tmpfn) >= sizeof tmpfn)
+ {
+ syserr("cdb: set temp filename for %s failed",
+ map->map_file);
+ }
+ if (tTd(38, 80))
+ sm_dprintf("rename(%s, %s)\n", tmpfn, cdbfn);
+ if (rename(tmpfn, cdbfn) == -1)
+ syserr("cdb: rename(%s, %s) failed", tmpfn, cdbfn);
+ sm_free(cdbmp);
+ cdbmp = NULL;
+ }
+ if (fd >=0)
+ close(fd);
}
-#endif /* NEWDB */
+#endif /* CDB */
+
/*
** NIS Modules
*/
#if NIS
# ifndef YPERR_BUSY
# define YPERR_BUSY 16
-# endif /* ! YPERR_BUSY */
+# endif
/*
** NIS_MAP_OPEN -- open DBM map
*/
bool
nis_map_open(map, mode)
MAP *map;
int mode;
{
int yperr;
register char *p;
auto char *vp;
auto int vsize;
if (tTd(38, 2))
sm_dprintf("nis_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
mode &= O_ACCMODE;
if (mode != O_RDONLY)
{
/* issue a pseudo-error message */
errno = SM_EMAPCANTWRITE;
return false;
}
p = strchr(map->map_file, '@');
if (p != NULL)
{
*p++ = '\0';
if (*p != '\0')
map->map_domain = p;
}
if (*map->map_file == '\0')
map->map_file = "mail.aliases";
if (map->map_domain == NULL)
{
yperr = yp_get_default_domain(&map->map_domain);
if (yperr != 0)
{
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("451 4.3.5 NIS map %s specified, but NIS not running",
map->map_file);
return false;
}
}
/* check to see if this map actually exists */
vp = NULL;
yperr = yp_match(map->map_domain, map->map_file, "@", 1,
&vp, &vsize);
if (tTd(38, 10))
sm_dprintf("nis_map_open: yp_match(@, %s, %s) => %s\n",
map->map_domain, map->map_file, yperr_string(yperr));
if (vp != NULL)
sm_free(vp);
if (yperr == 0 || yperr == YPERR_KEY || yperr == YPERR_BUSY)
{
/*
** We ought to be calling aliaswait() here if this is an
- ** alias file, but powerful HP-UX NIS servers apparently
+ ** alias file, but powerful HP-UX NIS servers apparently
** don't insert the @:@ token into the alias map when it
** is rebuilt, so aliaswait() just hangs. I hate HP-UX.
*/
# if 0
if (!bitset(MF_ALIAS, map->map_mflags) ||
aliaswait(map, NULL, true))
-# endif /* 0 */
+# endif
return true;
}
if (!bitset(MF_OPTIONAL, map->map_mflags))
{
syserr("451 4.3.5 Cannot bind to map %s in domain %s: %s",
map->map_file, map->map_domain, yperr_string(yperr));
}
return false;
}
/*
** NIS_MAP_LOOKUP -- look up a datum in a NIS map
*/
/* ARGSUSED3 */
char *
nis_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
char *vp;
auto int vsize;
int buflen;
int yperr;
char keybuf[MAXNAME + 1];
char *SM_NONVOLATILE result = NULL;
if (tTd(38, 20))
sm_dprintf("nis_map_lookup(%s, %s)\n",
map->map_mname, name);
buflen = strlen(name);
if (buflen > sizeof(keybuf) - 1)
buflen = sizeof(keybuf) - 1;
memmove(keybuf, name, buflen);
keybuf[buflen] = '\0';
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
makelower(keybuf);
yperr = YPERR_KEY;
vp = NULL;
if (bitset(MF_TRY0NULL, map->map_mflags))
{
yperr = yp_match(map->map_domain, map->map_file, keybuf, buflen,
&vp, &vsize);
if (yperr == 0)
map->map_mflags &= ~MF_TRY1NULL;
}
if (yperr == YPERR_KEY && bitset(MF_TRY1NULL, map->map_mflags))
{
- SM_FREE_CLR(vp);
+ SM_FREE(vp);
buflen++;
yperr = yp_match(map->map_domain, map->map_file, keybuf, buflen,
&vp, &vsize);
if (yperr == 0)
map->map_mflags &= ~MF_TRY0NULL;
}
if (yperr != 0)
{
if (yperr != YPERR_KEY && yperr != YPERR_BUSY)
map->map_mflags &= ~(MF_VALID|MF_OPEN);
if (vp != NULL)
sm_free(vp);
return NULL;
}
SM_TRY
if (bitset(MF_MATCHONLY, map->map_mflags))
result = map_rewrite(map, name, strlen(name), NULL);
else
result = map_rewrite(map, vp, vsize, av);
SM_FINALLY
if (vp != NULL)
sm_free(vp);
SM_END_TRY
return result;
}
/*
** NIS_GETCANONNAME -- look up canonical name in NIS
*/
static bool
nis_getcanonname(name, hbsize, statp)
char *name;
int hbsize;
int *statp;
{
char *vp;
auto int vsize;
int keylen;
int yperr;
static bool try0null = true;
static bool try1null = true;
static char *yp_domain = NULL;
char host_record[MAXLINE];
char cbuf[MAXNAME];
char nbuf[MAXNAME + 1];
if (tTd(38, 20))
sm_dprintf("nis_getcanonname(%s)\n", name);
if (sm_strlcpy(nbuf, name, sizeof(nbuf)) >= sizeof(nbuf))
{
*statp = EX_UNAVAILABLE;
return false;
}
(void) shorten_hostname(nbuf);
keylen = strlen(nbuf);
if (yp_domain == NULL)
(void) yp_get_default_domain(&yp_domain);
makelower(nbuf);
yperr = YPERR_KEY;
vp = NULL;
if (try0null)
{
yperr = yp_match(yp_domain, "hosts.byname", nbuf, keylen,
&vp, &vsize);
if (yperr == 0)
try1null = false;
}
if (yperr == YPERR_KEY && try1null)
{
- SM_FREE_CLR(vp);
+ SM_FREE(vp);
keylen++;
yperr = yp_match(yp_domain, "hosts.byname", nbuf, keylen,
&vp, &vsize);
if (yperr == 0)
try0null = false;
}
if (yperr != 0)
{
if (yperr == YPERR_KEY)
*statp = EX_NOHOST;
else if (yperr == YPERR_BUSY)
*statp = EX_TEMPFAIL;
else
*statp = EX_UNAVAILABLE;
if (vp != NULL)
sm_free(vp);
return false;
}
(void) sm_strlcpy(host_record, vp, sizeof(host_record));
sm_free(vp);
if (tTd(38, 44))
sm_dprintf("got record `%s'\n", host_record);
vp = strpbrk(host_record, "#\n");
if (vp != NULL)
*vp = '\0';
if (!extract_canonname(nbuf, NULL, host_record, cbuf, sizeof(cbuf)))
{
/* this should not happen, but.... */
*statp = EX_NOHOST;
return false;
}
if (sm_strlcpy(name, cbuf, hbsize) >= hbsize)
{
*statp = EX_UNAVAILABLE;
return false;
}
*statp = EX_OK;
return true;
}
#endif /* NIS */
/*
** NISPLUS Modules
**
** This code donated by Sun Microsystems.
*/
#if NISPLUS
# undef NIS /* symbol conflict in nis.h */
# undef T_UNSPEC /* symbol conflict in nis.h -> ... -> sys/tiuser.h */
# include <rpcsvc/nis.h>
# include <rpcsvc/nislib.h>
# ifndef NIS_TABLE_OBJ
# define NIS_TABLE_OBJ TABLE_OBJ
-# endif /* NIS_TABLE_OBJ */
+# endif
# define EN_col(col) zo_data.objdata_u.en_data.en_cols.en_cols_val[(col)].ec_value.ec_value_val
# define COL_NAME(res,i) ((res->objects.objects_val)->TA_data.ta_cols.ta_cols_val)[i].tc_name
# define COL_MAX(res) ((res->objects.objects_val)->TA_data.ta_cols.ta_cols_len)
# define PARTIAL_NAME(x) ((x)[strlen(x) - 1] != '.')
/*
** NISPLUS_MAP_OPEN -- open nisplus table
*/
bool
nisplus_map_open(map, mode)
MAP *map;
int mode;
{
nis_result *res = NULL;
int retry_cnt, max_col, i;
char qbuf[MAXLINE + NIS_MAXNAMELEN];
if (tTd(38, 2))
sm_dprintf("nisplus_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
mode &= O_ACCMODE;
if (mode != O_RDONLY)
{
errno = EPERM;
return false;
}
if (*map->map_file == '\0')
map->map_file = "mail_aliases.org_dir";
if (PARTIAL_NAME(map->map_file) && map->map_domain == NULL)
{
/* set default NISPLUS Domain to $m */
map->map_domain = newstr(nisplus_default_domain());
if (tTd(38, 2))
sm_dprintf("nisplus_map_open(%s): using domain %s\n",
map->map_file, map->map_domain);
}
if (!PARTIAL_NAME(map->map_file))
{
map->map_domain = newstr("");
(void) sm_strlcpy(qbuf, map->map_file, sizeof(qbuf));
}
else
{
/* check to see if this map actually exists */
(void) sm_strlcpyn(qbuf, sizeof(qbuf), 3,
map->map_file, ".", map->map_domain);
}
retry_cnt = 0;
while (res == NULL || res->status != NIS_SUCCESS)
{
res = nis_lookup(qbuf, FOLLOW_LINKS);
switch (res->status)
{
case NIS_SUCCESS:
break;
case NIS_TRYAGAIN:
case NIS_RPCERROR:
case NIS_NAMEUNREACHABLE:
if (retry_cnt++ > 4)
{
errno = EAGAIN;
return false;
}
/* try not to overwhelm hosed server */
sleep(2);
break;
default: /* all other nisplus errors */
# if 0
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("451 4.3.5 Cannot find table %s.%s: %s",
map->map_file, map->map_domain,
nis_sperrno(res->status));
# endif /* 0 */
errno = EAGAIN;
return false;
}
}
if (NIS_RES_NUMOBJ(res) != 1 ||
(NIS_RES_OBJECT(res)->zo_data.zo_type != NIS_TABLE_OBJ))
{
if (tTd(38, 10))
sm_dprintf("nisplus_map_open: %s is not a table\n", qbuf);
# if 0
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("451 4.3.5 %s.%s: %s is not a table",
map->map_file, map->map_domain,
nis_sperrno(res->status));
# endif /* 0 */
errno = EBADF;
return false;
}
/* default key column is column 0 */
if (map->map_keycolnm == NULL)
map->map_keycolnm = newstr(COL_NAME(res,0));
max_col = COL_MAX(res);
/* verify the key column exist */
for (i = 0; i < max_col; i++)
{
if (strcmp(map->map_keycolnm, COL_NAME(res,i)) == 0)
break;
}
if (i == max_col)
{
if (tTd(38, 2))
sm_dprintf("nisplus_map_open(%s): can not find key column %s\n",
map->map_file, map->map_keycolnm);
errno = ENOENT;
return false;
}
/* default value column is the last column */
if (map->map_valcolnm == NULL)
{
map->map_valcolno = max_col - 1;
return true;
}
for (i = 0; i< max_col; i++)
{
if (strcmp(map->map_valcolnm, COL_NAME(res,i)) == 0)
{
map->map_valcolno = i;
return true;
}
}
if (tTd(38, 2))
sm_dprintf("nisplus_map_open(%s): can not find column %s\n",
map->map_file, map->map_keycolnm);
errno = ENOENT;
return false;
}
/*
** NISPLUS_MAP_LOOKUP -- look up a datum in a NISPLUS table
*/
char *
nisplus_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
char *p;
auto int vsize;
char *skp;
int skleft;
char search_key[MAXNAME + 4];
char qbuf[MAXLINE + NIS_MAXNAMELEN];
nis_result *result;
if (tTd(38, 20))
sm_dprintf("nisplus_map_lookup(%s, %s)\n",
map->map_mname, name);
if (!bitset(MF_OPEN, map->map_mflags))
{
if (nisplus_map_open(map, O_RDONLY))
{
map->map_mflags |= MF_OPEN;
map->map_pid = CurrentPid;
}
else
{
*statp = EX_UNAVAILABLE;
return NULL;
}
}
/*
** Copy the name to the key buffer, escaping double quote characters
** by doubling them and quoting "]" and "," to avoid having the
** NIS+ parser choke on them.
*/
skleft = sizeof(search_key) - 4;
skp = search_key;
for (p = name; *p != '\0' && skleft > 0; p++)
{
switch (*p)
{
case ']':
case ',':
/* quote the character */
*skp++ = '"';
*skp++ = *p;
*skp++ = '"';
skleft -= 3;
break;
case '"':
/* double the quote */
*skp++ = '"';
skleft--;
/* FALLTHROUGH */
default:
*skp++ = *p;
skleft--;
break;
}
}
*skp = '\0';
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
makelower(search_key);
/* construct the query */
if (PARTIAL_NAME(map->map_file))
(void) sm_snprintf(qbuf, sizeof(qbuf), "[%s=%s],%s.%s",
map->map_keycolnm, search_key, map->map_file,
map->map_domain);
else
(void) sm_snprintf(qbuf, sizeof(qbuf), "[%s=%s],%s",
map->map_keycolnm, search_key, map->map_file);
if (tTd(38, 20))
sm_dprintf("qbuf=%s\n", qbuf);
result = nis_list(qbuf, FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
if (result->status == NIS_SUCCESS)
{
int count;
char *str;
if ((count = NIS_RES_NUMOBJ(result)) != 1)
{
if (LogLevel > 10)
sm_syslog(LOG_WARNING, CurEnv->e_id,
"%s: lookup error, expected 1 entry, got %d",
map->map_file, count);
/* ignore second entry */
if (tTd(38, 20))
sm_dprintf("nisplus_map_lookup(%s), got %d entries, additional entries ignored\n",
name, count);
}
p = ((NIS_RES_OBJECT(result))->EN_col(map->map_valcolno));
/* set the length of the result */
if (p == NULL)
p = "";
vsize = strlen(p);
if (tTd(38, 20))
sm_dprintf("nisplus_map_lookup(%s), found %s\n",
name, p);
if (bitset(MF_MATCHONLY, map->map_mflags))
str = map_rewrite(map, name, strlen(name), NULL);
else
str = map_rewrite(map, p, vsize, av);
nis_freeresult(result);
*statp = EX_OK;
return str;
}
else
{
if (result->status == NIS_NOTFOUND)
*statp = EX_NOTFOUND;
else if (result->status == NIS_TRYAGAIN)
*statp = EX_TEMPFAIL;
else
{
*statp = EX_UNAVAILABLE;
map->map_mflags &= ~(MF_VALID|MF_OPEN);
}
}
if (tTd(38, 20))
sm_dprintf("nisplus_map_lookup(%s), failed\n", name);
nis_freeresult(result);
return NULL;
}
/*
** NISPLUS_GETCANONNAME -- look up canonical name in NIS+
*/
static bool
nisplus_getcanonname(name, hbsize, statp)
char *name;
int hbsize;
int *statp;
{
char *vp;
auto int vsize;
nis_result *result;
char *p;
char nbuf[MAXNAME + 1];
char qbuf[MAXLINE + NIS_MAXNAMELEN];
if (sm_strlcpy(nbuf, name, sizeof(nbuf)) >= sizeof(nbuf))
{
*statp = EX_UNAVAILABLE;
return false;
}
(void) shorten_hostname(nbuf);
p = strchr(nbuf, '.');
if (p == NULL)
{
/* single token */
(void) sm_snprintf(qbuf, sizeof(qbuf),
"[name=%s],hosts.org_dir", nbuf);
}
else if (p[1] != '\0')
{
/* multi token -- take only first token in nbuf */
*p = '\0';
(void) sm_snprintf(qbuf, sizeof(qbuf),
"[name=%s],hosts.org_dir.%s", nbuf, &p[1]);
}
else
{
*statp = EX_NOHOST;
return false;
}
if (tTd(38, 20))
sm_dprintf("\nnisplus_getcanonname(%s), qbuf=%s\n",
name, qbuf);
result = nis_list(qbuf, EXPAND_NAME|FOLLOW_LINKS|FOLLOW_PATH,
NULL, NULL);
if (result->status == NIS_SUCCESS)
{
int count;
char *domain;
if ((count = NIS_RES_NUMOBJ(result)) != 1)
{
if (LogLevel > 10)
sm_syslog(LOG_WARNING, CurEnv->e_id,
"nisplus_getcanonname: lookup error, expected 1 entry, got %d",
count);
/* ignore second entry */
if (tTd(38, 20))
sm_dprintf("nisplus_getcanonname(%s), got %d entries, all but first ignored\n",
name, count);
}
if (tTd(38, 20))
sm_dprintf("nisplus_getcanonname(%s), found in directory \"%s\"\n",
name, (NIS_RES_OBJECT(result))->zo_domain);
vp = ((NIS_RES_OBJECT(result))->EN_col(0));
vsize = strlen(vp);
if (tTd(38, 20))
sm_dprintf("nisplus_getcanonname(%s), found %s\n",
name, vp);
if (strchr(vp, '.') != NULL)
{
domain = "";
}
else
{
domain = macvalue('m', CurEnv);
if (domain == NULL)
domain = "";
}
if (hbsize > vsize + (int) strlen(domain) + 1)
{
if (domain[0] == '\0')
(void) sm_strlcpy(name, vp, hbsize);
else
(void) sm_snprintf(name, hbsize,
"%s.%s", vp, domain);
*statp = EX_OK;
}
else
*statp = EX_NOHOST;
nis_freeresult(result);
return true;
}
else
{
if (result->status == NIS_NOTFOUND)
*statp = EX_NOHOST;
else if (result->status == NIS_TRYAGAIN)
*statp = EX_TEMPFAIL;
else
*statp = EX_UNAVAILABLE;
}
if (tTd(38, 20))
sm_dprintf("nisplus_getcanonname(%s), failed, status=%d, nsw_stat=%d\n",
name, result->status, *statp);
nis_freeresult(result);
return false;
}
char *
nisplus_default_domain()
{
static char default_domain[MAXNAME + 1] = "";
char *p;
if (default_domain[0] != '\0')
return default_domain;
p = nis_local_directory();
(void) sm_strlcpy(default_domain, p, sizeof(default_domain));
return default_domain;
}
#endif /* NISPLUS */
/*
** LDAP Modules
*/
/*
** LDAPMAP_DEQUOTE - helper routine for ldapmap_parseargs
*/
#if defined(LDAPMAP) || defined(PH_MAP)
# if PH_MAP
# define ph_map_dequote ldapmap_dequote
-# endif /* PH_MAP */
+# endif
static char *ldapmap_dequote __P((char *));
static char *
ldapmap_dequote(str)
char *str;
{
char *p;
char *start;
if (str == NULL)
return NULL;
p = str;
if (*p == '"')
{
/* Should probably swallow initial whitespace here */
start = ++p;
}
else
return str;
while (*p != '"' && *p != '\0')
p++;
if (*p != '\0')
*p = '\0';
return start;
}
#endif /* defined(LDAPMAP) || defined(PH_MAP) */
#if LDAPMAP
static SM_LDAP_STRUCT *LDAPDefaults = NULL;
/*
** LDAPMAP_OPEN -- open LDAP map
**
** Connect to the LDAP server. Re-use existing connections since a
** single server connection to a host (with the same host, port,
** bind DN, and secret) can answer queries for multiple maps.
*/
bool
ldapmap_open(map, mode)
MAP *map;
int mode;
{
SM_LDAP_STRUCT *lmap;
STAB *s;
char *id;
if (tTd(38, 2))
sm_dprintf("ldapmap_open(%s, %d): ", map->map_mname, mode);
#if defined(SUN_EXTENSIONS) && defined(SUN_SIMPLIFIED_LDAP) && \
HASLDAPGETALIASBYNAME
if (VendorCode == VENDOR_SUN &&
strcmp(map->map_mname, "aliases.ldap") == 0)
{
return true;
}
#endif /* defined(SUN_EXTENSIONS) && defined(SUN_SIMPLIFIED_LDAP) && ... */
mode &= O_ACCMODE;
/* sendmail doesn't have the ability to write to LDAP (yet) */
if (mode != O_RDONLY)
{
/* issue a pseudo-error message */
errno = SM_EMAPCANTWRITE;
return false;
}
lmap = (SM_LDAP_STRUCT *) map->map_db1;
s = ldapmap_findconn(lmap);
if (s->s_lmap != NULL)
{
/* Already have a connection open to this LDAP server */
lmap->ldap_ld = ((SM_LDAP_STRUCT *)s->s_lmap->map_db1)->ldap_ld;
lmap->ldap_pid = ((SM_LDAP_STRUCT *)s->s_lmap->map_db1)->ldap_pid;
/* Add this map as head of linked list */
lmap->ldap_next = s->s_lmap;
s->s_lmap = map;
if (tTd(38, 2))
sm_dprintf("using cached connection\n");
return true;
}
if (tTd(38, 2))
sm_dprintf("opening new connection\n");
if (lmap->ldap_host != NULL)
id = lmap->ldap_host;
else if (lmap->ldap_uri != NULL)
id = lmap->ldap_uri;
else
id = "localhost";
if (tTd(74, 104))
{
extern MAPCLASS NullMapClass;
/* debug mode: don't actually open an LDAP connection */
map->map_orgclass = map->map_class;
map->map_class = &NullMapClass;
map->map_mflags |= MF_OPEN;
map->map_pid = CurrentPid;
return true;
}
/* No connection yet, connect */
if (!sm_ldap_start(map->map_mname, lmap))
{
if (errno == ETIMEDOUT)
{
if (LogLevel > 1)
sm_syslog(LOG_NOTICE, CurEnv->e_id,
"timeout connecting to LDAP server %.100s",
id);
}
if (!bitset(MF_OPTIONAL, map->map_mflags))
{
if (bitset(MF_NODEFER, map->map_mflags))
{
syserr("%s failed to %s in map %s",
# if USE_LDAP_INIT
"ldap_init/ldap_bind",
-# else /* USE_LDAP_INIT */
+# else
"ldap_open",
-# endif /* USE_LDAP_INIT */
+# endif
id, map->map_mname);
}
else
{
syserr("451 4.3.5 %s failed to %s in map %s",
# if USE_LDAP_INIT
"ldap_init/ldap_bind",
-# else /* USE_LDAP_INIT */
+# else
"ldap_open",
-# endif /* USE_LDAP_INIT */
+# endif
id, map->map_mname);
}
}
return false;
}
/* Save connection for reuse */
s->s_lmap = map;
return true;
}
/*
** LDAPMAP_CLOSE -- close ldap map
*/
void
ldapmap_close(map)
MAP *map;
{
SM_LDAP_STRUCT *lmap;
STAB *s;
if (tTd(38, 2))
sm_dprintf("ldapmap_close(%s)\n", map->map_mname);
lmap = (SM_LDAP_STRUCT *) map->map_db1;
/* Check if already closed */
if (lmap->ldap_ld == NULL)
return;
/* Close the LDAP connection */
sm_ldap_close(lmap);
/* Mark all the maps that share the connection as closed */
s = ldapmap_findconn(lmap);
while (s->s_lmap != NULL)
{
MAP *smap = s->s_lmap;
if (tTd(38, 2) && smap != map)
sm_dprintf("ldapmap_close(%s): closed %s (shared LDAP connection)\n",
map->map_mname, smap->map_mname);
smap->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
lmap = (SM_LDAP_STRUCT *) smap->map_db1;
lmap->ldap_ld = NULL;
s->s_lmap = lmap->ldap_next;
lmap->ldap_next = NULL;
}
}
# ifdef SUNET_ID
/*
** SUNET_ID_HASH -- Convert a string to its Sunet_id canonical form
** This only makes sense at Stanford University.
*/
static char *
sunet_id_hash(str)
char *str;
{
char *p, *p_last;
p = str;
p_last = p;
while (*p != '\0')
{
if (isascii(*p) && (islower(*p) || isdigit(*p)))
{
*p_last = *p;
p_last++;
}
else if (isascii(*p) && isupper(*p))
{
*p_last = tolower(*p);
p_last++;
}
++p;
}
if (*p_last != '\0')
*p_last = '\0';
return str;
}
# define SM_CONVERT_ID(str) sunet_id_hash(str)
# else /* SUNET_ID */
# define SM_CONVERT_ID(str) makelower(str)
# endif /* SUNET_ID */
/*
** LDAPMAP_LOOKUP -- look up a datum in a LDAP map
*/
char *
ldapmap_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
int flags;
int i;
int plen = 0;
int psize = 0;
int msgid;
int save_errno;
char *vp, *p;
char *result = NULL;
SM_RPOOL_T *rpool;
SM_LDAP_STRUCT *lmap = NULL;
char *argv[SM_LDAP_ARGS];
char keybuf[MAXKEY];
#if SM_LDAP_ARGS != MAX_MAP_ARGS
# ERROR _SM_LDAP_ARGS must be the same as _MAX_MAP_ARGS
-#endif /* SM_LDAP_ARGS != MAX_MAP_ARGS */
+#endif
#if defined(SUN_EXTENSIONS) && defined(SUN_SIMPLIFIED_LDAP) && \
HASLDAPGETALIASBYNAME
if (VendorCode == VENDOR_SUN &&
strcmp(map->map_mname, "aliases.ldap") == 0)
{
int rc;
#if defined(GETLDAPALIASBYNAME_VERSION) && (GETLDAPALIASBYNAME_VERSION >= 2)
extern char *__getldapaliasbyname();
char *answer;
answer = __getldapaliasbyname(name, &rc);
#else
char answer[MAXNAME + 1];
rc = __getldapaliasbyname(name, answer, sizeof(answer));
#endif
if (rc != 0)
{
if (tTd(38, 20))
sm_dprintf("getldapaliasbyname(%.100s) failed, errno=%d\n",
name, errno);
*statp = EX_NOTFOUND;
return NULL;
}
*statp = EX_OK;
if (tTd(38, 20))
sm_dprintf("getldapaliasbyname(%.100s) => %s\n", name,
answer);
if (bitset(MF_MATCHONLY, map->map_mflags))
result = map_rewrite(map, name, strlen(name), NULL);
else
result = map_rewrite(map, answer, strlen(answer), av);
#if defined(GETLDAPALIASBYNAME_VERSION) && (GETLDAPALIASBYNAME_VERSION >= 2)
free(answer);
#endif
return result;
}
#endif /* defined(SUN_EXTENSIONS) && defined(SUN_SIMPLIFIED_LDAP) && ... */
/* Get ldap struct pointer from map */
lmap = (SM_LDAP_STRUCT *) map->map_db1;
sm_ldap_setopts(lmap->ldap_ld, lmap);
if (lmap->ldap_multi_args)
{
SM_REQUIRE(av != NULL);
memset(argv, '\0', sizeof(argv));
for (i = 0; i < SM_LDAP_ARGS && av[i] != NULL; i++)
{
argv[i] = sm_strdup(av[i]);
if (argv[i] == NULL)
{
int save_errno, j;
save_errno = errno;
for (j = 0; j < i && argv[j] != NULL; j++)
SM_FREE(argv[j]);
*statp = EX_TEMPFAIL;
errno = save_errno;
return NULL;
}
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
SM_CONVERT_ID(av[i]);
}
}
else
{
(void) sm_strlcpy(keybuf, name, sizeof(keybuf));
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
SM_CONVERT_ID(keybuf);
}
if (tTd(38, 20))
{
if (lmap->ldap_multi_args)
{
sm_dprintf("ldapmap_lookup(%s, argv)\n",
map->map_mname);
for (i = 0; i < SM_LDAP_ARGS; i++)
{
sm_dprintf(" argv[%d] = %s\n", i,
argv[i] == NULL ? "NULL" : argv[i]);
}
}
else
{
sm_dprintf("ldapmap_lookup(%s, %s)\n",
map->map_mname, name);
}
}
if (lmap->ldap_multi_args)
{
msgid = sm_ldap_search_m(lmap, argv);
/* free the argv array and its content, no longer needed */
for (i = 0; i < SM_LDAP_ARGS && argv[i] != NULL; i++)
SM_FREE(argv[i]);
}
else
msgid = sm_ldap_search(lmap, keybuf);
if (msgid == SM_LDAP_ERR)
{
errno = sm_ldap_geterrno(lmap->ldap_ld) + E_LDAPBASE;
save_errno = errno;
if (!bitset(MF_OPTIONAL, map->map_mflags))
{
/*
** Do not include keybuf as this error may be shown
** to outsiders.
*/
if (bitset(MF_NODEFER, map->map_mflags))
syserr("Error in ldap_search in map %s",
map->map_mname);
else
syserr("451 4.3.5 Error in ldap_search in map %s",
map->map_mname);
}
*statp = EX_TEMPFAIL;
switch (save_errno - E_LDAPBASE)
{
# ifdef LDAP_SERVER_DOWN
case LDAP_SERVER_DOWN:
-# endif /* LDAP_SERVER_DOWN */
+# endif
case LDAP_TIMEOUT:
case LDAP_UNAVAILABLE:
/* server disappeared, try reopen on next search */
ldapmap_close(map);
break;
}
errno = save_errno;
return NULL;
}
#if SM_LDAP_ERROR_ON_MISSING_ARGS
else if (msgid == SM_LDAP_ERR_ARG_MISS)
{
if (bitset(MF_NODEFER, map->map_mflags))
syserr("Error in ldap_search in map %s, too few arguments",
map->map_mname);
else
syserr("554 5.3.5 Error in ldap_search in map %s, too few arguments",
map->map_mname);
*statp = EX_CONFIG;
return NULL;
}
#endif /* SM_LDAP_ERROR_ON_MISSING_ARGS */
*statp = EX_NOTFOUND;
vp = NULL;
flags = 0;
if (bitset(MF_SINGLEMATCH, map->map_mflags))
flags |= SM_LDAP_SINGLEMATCH;
if (bitset(MF_MATCHONLY, map->map_mflags))
flags |= SM_LDAP_MATCHONLY;
# if _FFR_LDAP_SINGLEDN
if (bitset(MF_SINGLEDN, map->map_mflags))
flags |= SM_LDAP_SINGLEDN;
-# endif /* _FFR_LDAP_SINGLEDN */
+# endif
/* Create an rpool for search related memory usage */
rpool = sm_rpool_new_x(NULL);
p = NULL;
*statp = sm_ldap_results(lmap, msgid, flags, map->map_coldelim,
rpool, &p, &plen, &psize, NULL);
save_errno = errno;
/* Copy result so rpool can be freed */
if (*statp == EX_OK && p != NULL)
vp = newstr(p);
sm_rpool_free(rpool);
/* need to restart LDAP connection? */
if (*statp == EX_RESTART)
{
*statp = EX_TEMPFAIL;
ldapmap_close(map);
}
errno = save_errno;
if (*statp != EX_OK && *statp != EX_NOTFOUND)
{
if (!bitset(MF_OPTIONAL, map->map_mflags))
{
if (bitset(MF_NODEFER, map->map_mflags))
syserr("Error getting LDAP results, map=%s, name=%s",
map->map_mname, name);
else
syserr("451 4.3.5 Error getting LDAP results, map=%s, name=%s",
map->map_mname, name);
}
errno = save_errno;
return NULL;
}
/* Did we match anything? */
if (vp == NULL && !bitset(MF_MATCHONLY, map->map_mflags))
return NULL;
if (*statp == EX_OK)
{
if (LogLevel > 9)
sm_syslog(LOG_INFO, CurEnv->e_id,
"ldap=%s, %.100s=>%s", map->map_mname, name,
vp == NULL ? "<NULL>" : vp);
if (bitset(MF_MATCHONLY, map->map_mflags))
result = map_rewrite(map, name, strlen(name), NULL);
else
{
/* vp != NULL according to test above */
result = map_rewrite(map, vp, strlen(vp), av);
}
if (vp != NULL)
sm_free(vp); /* XXX */
}
return result;
}
/*
** LDAPMAP_FINDCONN -- find an LDAP connection to the server
**
** Cache LDAP connections based on the host, port, bind DN,
** secret, and PID so we don't have multiple connections open to
** the same server for different maps. Need a separate connection
** per PID since a parent process may close the map before the
** child is done with it.
**
** Parameters:
** lmap -- LDAP map information
**
** Returns:
** Symbol table entry for the LDAP connection.
*/
static STAB *
ldapmap_findconn(lmap)
SM_LDAP_STRUCT *lmap;
{
char *format;
char *nbuf;
char *id;
STAB *SM_NONVOLATILE s = NULL;
if (lmap->ldap_host != NULL)
id = lmap->ldap_host;
else if (lmap->ldap_uri != NULL)
id = lmap->ldap_uri;
else
id = "localhost";
format = "%s%c%d%c%d%c%s%c%s%d";
nbuf = sm_stringf_x(format,
id,
CONDELSE,
lmap->ldap_port,
CONDELSE,
lmap->ldap_version,
CONDELSE,
(lmap->ldap_binddn == NULL ? ""
: lmap->ldap_binddn),
CONDELSE,
(lmap->ldap_secret == NULL ? ""
: lmap->ldap_secret),
(int) CurrentPid);
SM_TRY
s = stab(nbuf, ST_LMAP, ST_ENTER);
SM_FINALLY
sm_free(nbuf);
SM_END_TRY
return s;
}
/*
** LDAPMAP_PARSEARGS -- parse ldap map definition args.
*/
static struct lamvalues LDAPAuthMethods[] =
{
{ "none", LDAP_AUTH_NONE },
{ "simple", LDAP_AUTH_SIMPLE },
# ifdef LDAP_AUTH_KRBV4
{ "krbv4", LDAP_AUTH_KRBV4 },
-# endif /* LDAP_AUTH_KRBV4 */
+# endif
{ NULL, 0 }
};
static struct ladvalues LDAPAliasDereference[] =
{
{ "never", LDAP_DEREF_NEVER },
{ "always", LDAP_DEREF_ALWAYS },
{ "search", LDAP_DEREF_SEARCHING },
{ "find", LDAP_DEREF_FINDING },
{ NULL, 0 }
};
static struct lssvalues LDAPSearchScope[] =
{
{ "base", LDAP_SCOPE_BASE },
{ "one", LDAP_SCOPE_ONELEVEL },
{ "sub", LDAP_SCOPE_SUBTREE },
{ NULL, 0 }
};
bool
ldapmap_parseargs(map, args)
MAP *map;
char *args;
{
bool secretread = true;
bool attrssetup = false;
int i;
register char *p = args;
SM_LDAP_STRUCT *lmap;
struct lamvalues *lam;
struct ladvalues *lad;
struct lssvalues *lss;
char ldapfilt[MAXLINE];
char m_tmp[MAXPATHLEN + LDAPMAP_MAX_PASSWD];
/* Get ldap struct pointer from map */
lmap = (SM_LDAP_STRUCT *) map->map_db1;
/* Check if setting the initial LDAP defaults */
if (lmap == NULL || lmap != LDAPDefaults)
{
/* We need to alloc an SM_LDAP_STRUCT struct */
lmap = (SM_LDAP_STRUCT *) xalloc(sizeof(*lmap));
if (LDAPDefaults == NULL)
sm_ldap_clear(lmap);
else
STRUCTCOPY(*LDAPDefaults, *lmap);
}
/* there is no check whether there is really an argument */
map->map_mflags |= MF_TRY0NULL|MF_TRY1NULL;
map->map_spacesub = SpaceSub; /* default value */
/* Check if setting up an alias or file class LDAP map */
if (bitset(MF_ALIAS, map->map_mflags))
{
/* Comma separate if used as an alias file */
map->map_coldelim = ',';
if (*args == '\0')
{
int n;
char *lc;
char jbuf[MAXHOSTNAMELEN];
char lcbuf[MAXLINE];
/* Get $j */
expand("\201j", jbuf, sizeof(jbuf), &BlankEnvelope);
if (jbuf[0] == '\0')
{
(void) sm_strlcpy(jbuf, "localhost",
sizeof(jbuf));
}
lc = macvalue(macid("{sendmailMTACluster}"), CurEnv);
if (lc == NULL)
lc = "";
else
{
expand(lc, lcbuf, sizeof(lcbuf), CurEnv);
lc = lcbuf;
}
n = sm_snprintf(ldapfilt, sizeof(ldapfilt),
"(&(objectClass=sendmailMTAAliasObject)(sendmailMTAAliasGrouping=aliases)(|(sendmailMTACluster=%s)(sendmailMTAHost=%s))(sendmailMTAKey=%%0))",
lc, jbuf);
if (n >= sizeof(ldapfilt))
{
syserr("%s: Default LDAP string too long",
map->map_mname);
return false;
}
/* default args for an alias LDAP entry */
lmap->ldap_filter = ldapfilt;
lmap->ldap_attr[0] = "objectClass";
lmap->ldap_attr_type[0] = SM_LDAP_ATTR_OBJCLASS;
lmap->ldap_attr_needobjclass[0] = NULL;
lmap->ldap_attr[1] = "sendmailMTAAliasValue";
lmap->ldap_attr_type[1] = SM_LDAP_ATTR_NORMAL;
lmap->ldap_attr_needobjclass[1] = NULL;
lmap->ldap_attr[2] = "sendmailMTAAliasSearch";
lmap->ldap_attr_type[2] = SM_LDAP_ATTR_FILTER;
lmap->ldap_attr_needobjclass[2] = "sendmailMTAMapObject";
lmap->ldap_attr[3] = "sendmailMTAAliasURL";
lmap->ldap_attr_type[3] = SM_LDAP_ATTR_URL;
lmap->ldap_attr_needobjclass[3] = "sendmailMTAMapObject";
lmap->ldap_attr[4] = NULL;
lmap->ldap_attr_type[4] = SM_LDAP_ATTR_NONE;
lmap->ldap_attr_needobjclass[4] = NULL;
attrssetup = true;
}
}
else if (bitset(MF_FILECLASS, map->map_mflags))
{
/* Space separate if used as a file class file */
map->map_coldelim = ' ';
}
-# if _FFR_LDAP_NETWORK_TIMEOUT
- lmap->ldap_networktmo = 120;
-# endif /* _FFR_LDAP_NETWORK_TIMEOUT */
+# if LDAP_NETWORK_TIMEOUT
+ if (0 == lmap->ldap_networktmo)
+ lmap->ldap_networktmo = (LDAP_NETWORK_TIMEOUT > 1)
+ ? LDAP_NETWORK_TIMEOUT : 60;
+# endif
for (;;)
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '-')
break;
switch (*++p)
{
case 'A':
map->map_mflags |= MF_APPEND;
break;
case 'a':
map->map_app = ++p;
break;
case 'D':
map->map_mflags |= MF_DEFER;
break;
case 'f':
map->map_mflags |= MF_NOFOLDCASE;
break;
case 'm':
map->map_mflags |= MF_MATCHONLY;
break;
case 'N':
map->map_mflags |= MF_INCLNULL;
map->map_mflags &= ~MF_TRY0NULL;
break;
case 'O':
map->map_mflags &= ~MF_TRY1NULL;
break;
case 'o':
map->map_mflags |= MF_OPTIONAL;
break;
case 'q':
map->map_mflags |= MF_KEEPQUOTES;
break;
case 'S':
map->map_spacesub = *++p;
break;
case 'T':
map->map_tapp = ++p;
break;
case 't':
map->map_mflags |= MF_NODEFER;
break;
case 'z':
if (*++p != '\\')
map->map_coldelim = *p;
else
{
switch (*++p)
{
case 'n':
map->map_coldelim = '\n';
break;
case 't':
map->map_coldelim = '\t';
break;
default:
map->map_coldelim = '\\';
}
}
break;
/* Start of ldapmap specific args */
case '1':
map->map_mflags |= MF_SINGLEMATCH;
break;
# if _FFR_LDAP_SINGLEDN
case '2':
map->map_mflags |= MF_SINGLEDN;
break;
# endif /* _FFR_LDAP_SINGLEDN */
case 'b': /* search base */
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_base = p;
break;
-# if _FFR_LDAP_NETWORK_TIMEOUT
+# if LDAP_NETWORK_TIMEOUT
case 'c': /* network (connect) timeout */
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_networktmo = atoi(p);
break;
-# endif /* _FFR_LDAP_NETWORK_TIMEOUT */
+# endif /* LDAP_NETWORK_TIMEOUT */
case 'd': /* Dn to bind to server as */
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_binddn = p;
break;
case 'H': /* Use LDAP URI */
# if !USE_LDAP_INIT
syserr("Must compile with -DUSE_LDAP_INIT to use LDAP URIs (-H) in map %s",
map->map_mname);
return false;
# else /* !USE_LDAP_INIT */
if (lmap->ldap_host != NULL)
{
syserr("Can not specify both an LDAP host and an LDAP URI in map %s",
map->map_mname);
return false;
}
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_uri = p;
break;
# endif /* !USE_LDAP_INIT */
case 'h': /* ldap host */
while (isascii(*++p) && isspace(*p))
continue;
if (lmap->ldap_uri != NULL)
{
syserr("Can not specify both an LDAP host and an LDAP URI in map %s",
map->map_mname);
return false;
}
lmap->ldap_host = p;
break;
case 'K':
lmap->ldap_multi_args = true;
break;
case 'k': /* search field */
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_filter = p;
break;
case 'l': /* time limit */
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_timelimit = atoi(p);
lmap->ldap_timeout.tv_sec = lmap->ldap_timelimit;
break;
case 'M': /* Method for binding */
while (isascii(*++p) && isspace(*p))
continue;
if (sm_strncasecmp(p, "LDAP_AUTH_", 10) == 0)
p += 10;
for (lam = LDAPAuthMethods;
lam != NULL && lam->lam_name != NULL; lam++)
{
if (sm_strncasecmp(p, lam->lam_name,
strlen(lam->lam_name)) == 0)
break;
}
if (lam->lam_name != NULL)
lmap->ldap_method = lam->lam_code;
else
{
/* bad config line */
if (!bitset(MCF_OPTFILE,
map->map_class->map_cflags))
{
char *ptr;
if ((ptr = strchr(p, ' ')) != NULL)
*ptr = '\0';
syserr("Method for binding must be [none|simple|krbv4] (not %s) in map %s",
p, map->map_mname);
if (ptr != NULL)
*ptr = ' ';
return false;
}
}
break;
case 'n': /* retrieve attribute names only */
lmap->ldap_attrsonly = LDAPMAP_TRUE;
break;
/*
** This is a string that is dependent on the
** method used defined by 'M'.
*/
case 'P': /* Secret password for binding */
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_secret = p;
secretread = false;
break;
case 'p': /* ldap port */
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_port = atoi(p);
break;
/* args stolen from ldapsearch.c */
case 'R': /* don't auto chase referrals */
# ifdef LDAP_REFERRALS
lmap->ldap_options &= ~LDAP_OPT_REFERRALS;
-# else /* LDAP_REFERRALS */
+# else
syserr("compile with -DLDAP_REFERRALS for referral support");
# endif /* LDAP_REFERRALS */
break;
case 'r': /* alias dereferencing */
while (isascii(*++p) && isspace(*p))
continue;
if (sm_strncasecmp(p, "LDAP_DEREF_", 11) == 0)
p += 11;
for (lad = LDAPAliasDereference;
lad != NULL && lad->lad_name != NULL; lad++)
{
if (sm_strncasecmp(p, lad->lad_name,
strlen(lad->lad_name)) == 0)
break;
}
if (lad->lad_name != NULL)
lmap->ldap_deref = lad->lad_code;
else
{
/* bad config line */
if (!bitset(MCF_OPTFILE,
map->map_class->map_cflags))
{
char *ptr;
if ((ptr = strchr(p, ' ')) != NULL)
*ptr = '\0';
syserr("Deref must be [never|always|search|find] (not %s) in map %s",
p, map->map_mname);
if (ptr != NULL)
*ptr = ' ';
return false;
}
}
break;
case 's': /* search scope */
while (isascii(*++p) && isspace(*p))
continue;
if (sm_strncasecmp(p, "LDAP_SCOPE_", 11) == 0)
p += 11;
for (lss = LDAPSearchScope;
lss != NULL && lss->lss_name != NULL; lss++)
{
if (sm_strncasecmp(p, lss->lss_name,
strlen(lss->lss_name)) == 0)
break;
}
if (lss->lss_name != NULL)
lmap->ldap_scope = lss->lss_code;
else
{
/* bad config line */
if (!bitset(MCF_OPTFILE,
map->map_class->map_cflags))
{
char *ptr;
if ((ptr = strchr(p, ' ')) != NULL)
*ptr = '\0';
syserr("Scope must be [base|one|sub] (not %s) in map %s",
p, map->map_mname);
if (ptr != NULL)
*ptr = ' ';
return false;
}
}
break;
case 'V':
if (*++p != '\\')
lmap->ldap_attrsep = *p;
else
{
switch (*++p)
{
case 'n':
lmap->ldap_attrsep = '\n';
break;
case 't':
lmap->ldap_attrsep = '\t';
break;
default:
lmap->ldap_attrsep = '\\';
}
}
break;
case 'v': /* attr to return */
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_attr[0] = p;
lmap->ldap_attr[1] = NULL;
break;
case 'w':
/* -w should be for passwd, -P should be for version */
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_version = atoi(p);
# ifdef LDAP_VERSION_MAX
if (lmap->ldap_version > LDAP_VERSION_MAX)
{
syserr("LDAP version %d exceeds max of %d in map %s",
lmap->ldap_version, LDAP_VERSION_MAX,
map->map_mname);
return false;
}
# endif /* LDAP_VERSION_MAX */
# ifdef LDAP_VERSION_MIN
if (lmap->ldap_version < LDAP_VERSION_MIN)
{
syserr("LDAP version %d is lower than min of %d in map %s",
lmap->ldap_version, LDAP_VERSION_MIN,
map->map_mname);
return false;
}
# endif /* LDAP_VERSION_MIN */
break;
+ case 'x':
+# if _FFR_SM_LDAP_DBG
+ while (isascii(*++p) && isspace(*p))
+ continue;
+ lmap->ldap_debug = atoi(p);
+# endif
+ break;
+
case 'Z':
while (isascii(*++p) && isspace(*p))
continue;
lmap->ldap_sizelimit = atoi(p);
break;
default:
syserr("Illegal option %c map %s", *p, map->map_mname);
break;
}
/* need to account for quoted strings here */
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
{
if (*p == '"')
{
while (*++p != '"' && *p != '\0')
continue;
if (*p != '\0')
p++;
}
else
p++;
}
if (*p != '\0')
*p++ = '\0';
}
if (map->map_app != NULL)
map->map_app = newstr(ldapmap_dequote(map->map_app));
if (map->map_tapp != NULL)
map->map_tapp = newstr(ldapmap_dequote(map->map_tapp));
/*
** We need to swallow up all the stuff into a struct
** and dump it into map->map_dbptr1
*/
if (lmap->ldap_host != NULL &&
(LDAPDefaults == NULL ||
LDAPDefaults == lmap ||
LDAPDefaults->ldap_host != lmap->ldap_host))
lmap->ldap_host = newstr(ldapmap_dequote(lmap->ldap_host));
map->map_domain = lmap->ldap_host;
if (lmap->ldap_uri != NULL &&
(LDAPDefaults == NULL ||
LDAPDefaults == lmap ||
LDAPDefaults->ldap_uri != lmap->ldap_uri))
lmap->ldap_uri = newstr(ldapmap_dequote(lmap->ldap_uri));
map->map_domain = lmap->ldap_uri;
if (lmap->ldap_binddn != NULL &&
(LDAPDefaults == NULL ||
LDAPDefaults == lmap ||
LDAPDefaults->ldap_binddn != lmap->ldap_binddn))
lmap->ldap_binddn = newstr(ldapmap_dequote(lmap->ldap_binddn));
if (lmap->ldap_secret != NULL &&
(LDAPDefaults == NULL ||
LDAPDefaults == lmap ||
LDAPDefaults->ldap_secret != lmap->ldap_secret))
{
SM_FILE_T *sfd;
long sff = SFF_OPENASROOT|SFF_ROOTOK|SFF_NOWLINK|SFF_NOWWFILES|SFF_NOGWFILES;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
/* need to use method to map secret to passwd string */
switch (lmap->ldap_method)
{
case LDAP_AUTH_NONE:
/* Do nothing */
break;
case LDAP_AUTH_SIMPLE:
/*
** Secret is the name of a file with
** the first line as the password.
*/
/* Already read in the secret? */
if (secretread)
break;
sfd = safefopen(ldapmap_dequote(lmap->ldap_secret),
O_RDONLY, 0, sff);
if (sfd == NULL)
{
syserr("LDAP map: cannot open secret %s",
ldapmap_dequote(lmap->ldap_secret));
return false;
}
lmap->ldap_secret = sfgets(m_tmp, sizeof(m_tmp),
sfd, TimeOuts.to_fileopen,
"ldapmap_parseargs");
(void) sm_io_close(sfd, SM_TIME_DEFAULT);
if (strlen(m_tmp) > LDAPMAP_MAX_PASSWD)
{
syserr("LDAP map: secret in %s too long",
ldapmap_dequote(lmap->ldap_secret));
return false;
}
if (lmap->ldap_secret != NULL &&
strlen(m_tmp) > 0)
{
/* chomp newline */
if (m_tmp[strlen(m_tmp) - 1] == '\n')
m_tmp[strlen(m_tmp) - 1] = '\0';
lmap->ldap_secret = m_tmp;
}
break;
# ifdef LDAP_AUTH_KRBV4
case LDAP_AUTH_KRBV4:
/*
** Secret is where the ticket file is
** stashed
*/
(void) sm_snprintf(m_tmp, sizeof(m_tmp),
"KRBTKFILE=%s",
ldapmap_dequote(lmap->ldap_secret));
lmap->ldap_secret = m_tmp;
break;
# endif /* LDAP_AUTH_KRBV4 */
default: /* Should NEVER get here */
syserr("LDAP map: Illegal value in lmap method");
return false;
/* NOTREACHED */
break;
}
}
if (lmap->ldap_secret != NULL &&
(LDAPDefaults == NULL ||
LDAPDefaults == lmap ||
LDAPDefaults->ldap_secret != lmap->ldap_secret))
lmap->ldap_secret = newstr(ldapmap_dequote(lmap->ldap_secret));
if (lmap->ldap_base != NULL &&
(LDAPDefaults == NULL ||
LDAPDefaults == lmap ||
LDAPDefaults->ldap_base != lmap->ldap_base))
lmap->ldap_base = newstr(ldapmap_dequote(lmap->ldap_base));
/*
** Save the server from extra work. If request is for a single
** match, tell the server to only return enough records to
** determine if there is a single match or not. This can not
** be one since the server would only return one and we wouldn't
** know if there were others available.
*/
if (bitset(MF_SINGLEMATCH, map->map_mflags))
lmap->ldap_sizelimit = 2;
/* If setting defaults, don't process ldap_filter and ldap_attr */
if (lmap == LDAPDefaults)
return true;
if (lmap->ldap_filter != NULL)
lmap->ldap_filter = newstr(ldapmap_dequote(lmap->ldap_filter));
else
{
if (!bitset(MCF_OPTFILE, map->map_class->map_cflags))
{
syserr("No filter given in map %s", map->map_mname);
return false;
}
}
if (!attrssetup && lmap->ldap_attr[0] != NULL)
{
bool recurse = false;
bool normalseen = false;
i = 0;
p = ldapmap_dequote(lmap->ldap_attr[0]);
lmap->ldap_attr[0] = NULL;
/* Prime the attr list with the objectClass attribute */
lmap->ldap_attr[i] = "objectClass";
lmap->ldap_attr_type[i] = SM_LDAP_ATTR_OBJCLASS;
lmap->ldap_attr_needobjclass[i] = NULL;
i++;
while (p != NULL)
{
char *v;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p == '\0')
break;
v = p;
p = strchr(v, ',');
if (p != NULL)
*p++ = '\0';
if (i >= LDAPMAP_MAX_ATTR)
{
syserr("Too many return attributes in %s (max %d)",
map->map_mname, LDAPMAP_MAX_ATTR);
return false;
}
if (*v != '\0')
{
int j;
int use;
char *type;
char *needobjclass;
type = strchr(v, ':');
if (type != NULL)
{
*type++ = '\0';
needobjclass = strchr(type, ':');
if (needobjclass != NULL)
*needobjclass++ = '\0';
}
else
{
needobjclass = NULL;
}
use = i;
/* allow override on "objectClass" type */
if (sm_strcasecmp(v, "objectClass") == 0 &&
lmap->ldap_attr_type[0] == SM_LDAP_ATTR_OBJCLASS)
{
use = 0;
}
else
{
/*
** Don't add something to attribute
** list twice.
*/
for (j = 1; j < i; j++)
{
if (sm_strcasecmp(v, lmap->ldap_attr[j]) == 0)
{
syserr("Duplicate attribute (%s) in %s",
v, map->map_mname);
return false;
}
}
lmap->ldap_attr[use] = newstr(v);
if (needobjclass != NULL &&
*needobjclass != '\0' &&
*needobjclass != '*')
{
lmap->ldap_attr_needobjclass[use] = newstr(needobjclass);
}
else
{
lmap->ldap_attr_needobjclass[use] = NULL;
}
}
if (type != NULL && *type != '\0')
{
if (sm_strcasecmp(type, "dn") == 0)
{
recurse = true;
lmap->ldap_attr_type[use] = SM_LDAP_ATTR_DN;
}
else if (sm_strcasecmp(type, "filter") == 0)
{
recurse = true;
lmap->ldap_attr_type[use] = SM_LDAP_ATTR_FILTER;
}
else if (sm_strcasecmp(type, "url") == 0)
{
recurse = true;
lmap->ldap_attr_type[use] = SM_LDAP_ATTR_URL;
}
else if (sm_strcasecmp(type, "normal") == 0)
{
lmap->ldap_attr_type[use] = SM_LDAP_ATTR_NORMAL;
normalseen = true;
}
else
{
syserr("Unknown attribute type (%s) in %s",
type, map->map_mname);
return false;
}
}
else
{
lmap->ldap_attr_type[use] = SM_LDAP_ATTR_NORMAL;
normalseen = true;
}
i++;
}
}
lmap->ldap_attr[i] = NULL;
/* Set in case needed in future code */
attrssetup = true;
if (recurse && !normalseen)
{
syserr("LDAP recursion requested in %s but no returnable attribute given",
map->map_mname);
return false;
}
if (recurse && lmap->ldap_attrsonly == LDAPMAP_TRUE)
{
syserr("LDAP recursion requested in %s can not be used with -n",
map->map_mname);
return false;
}
}
map->map_db1 = (ARBPTR_T) lmap;
return true;
}
/*
** LDAPMAP_SET_DEFAULTS -- Read default map spec from LDAPDefaults in .cf
**
** Parameters:
** spec -- map argument string from LDAPDefaults option
**
** Returns:
** None.
*/
void
ldapmap_set_defaults(spec)
char *spec;
{
STAB *class;
MAP map;
/* Allocate and set the default values */
if (LDAPDefaults == NULL)
LDAPDefaults = (SM_LDAP_STRUCT *) xalloc(sizeof(*LDAPDefaults));
sm_ldap_clear(LDAPDefaults);
memset(&map, '\0', sizeof(map));
/* look up the class */
class = stab("ldap", ST_MAPCLASS, ST_FIND);
if (class == NULL)
{
syserr("readcf: LDAPDefaultSpec: class ldap not available");
return;
}
map.map_class = &class->s_mapclass;
map.map_db1 = (ARBPTR_T) LDAPDefaults;
map.map_mname = "O LDAPDefaultSpec";
(void) ldapmap_parseargs(&map, spec);
/* These should never be set in LDAPDefaults */
if (map.map_mflags != (MF_TRY0NULL|MF_TRY1NULL) ||
map.map_spacesub != SpaceSub ||
map.map_app != NULL ||
map.map_tapp != NULL)
{
syserr("readcf: option LDAPDefaultSpec: Do not set non-LDAP specific flags");
- SM_FREE_CLR(map.map_app);
- SM_FREE_CLR(map.map_tapp);
+ SM_FREE(map.map_app);
+ SM_FREE(map.map_tapp);
}
if (LDAPDefaults->ldap_filter != NULL)
{
syserr("readcf: option LDAPDefaultSpec: Do not set the LDAP search filter");
/* don't free, it isn't malloc'ed in parseargs */
LDAPDefaults->ldap_filter = NULL;
}
if (LDAPDefaults->ldap_attr[0] != NULL)
{
syserr("readcf: option LDAPDefaultSpec: Do not set the requested LDAP attributes");
/* don't free, they aren't malloc'ed in parseargs */
LDAPDefaults->ldap_attr[0] = NULL;
}
}
#endif /* LDAPMAP */
/*
** PH map
*/
#if PH_MAP
/*
** Support for the CCSO Nameserver (ph/qi).
** This code is intended to replace the so-called "ph mailer".
** Contributed by Mark D. Roth. Contact him for support.
*/
/* what version of the ph map code we're running */
static char phmap_id[128];
/* sendmail version for phmap id string */
extern const char Version[];
/* assume we're using nph-1.2.x if not specified */
# ifndef NPH_VERSION
# define NPH_VERSION 10200
# endif
/* compatibility for versions older than nph-1.2.0 */
# if NPH_VERSION < 10200
# define PH_OPEN_ROUNDROBIN PH_ROUNDROBIN
# define PH_OPEN_DONTID PH_DONTID
# define PH_CLOSE_FAST PH_FASTCLOSE
# define PH_ERR_DATAERR PH_DATAERR
# define PH_ERR_NOMATCH PH_NOMATCH
# endif /* NPH_VERSION < 10200 */
/*
** PH_MAP_PARSEARGS -- parse ph map definition args.
*/
bool
ph_map_parseargs(map, args)
MAP *map;
char *args;
{
register bool done;
register char *p = args;
PH_MAP_STRUCT *pmap = NULL;
/* initialize version string */
(void) sm_snprintf(phmap_id, sizeof(phmap_id),
"sendmail-%s phmap-20010529 libphclient-%s",
Version, libphclient_version);
pmap = (PH_MAP_STRUCT *) xalloc(sizeof(*pmap));
/* defaults */
pmap->ph_servers = NULL;
pmap->ph_field_list = NULL;
pmap->ph = NULL;
pmap->ph_timeout = 0;
pmap->ph_fastclose = 0;
map->map_mflags |= MF_TRY0NULL|MF_TRY1NULL;
for (;;)
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '-')
break;
switch (*++p)
{
case 'N':
map->map_mflags |= MF_INCLNULL;
map->map_mflags &= ~MF_TRY0NULL;
break;
case 'O':
map->map_mflags &= ~MF_TRY1NULL;
break;
case 'o':
map->map_mflags |= MF_OPTIONAL;
break;
case 'f':
map->map_mflags |= MF_NOFOLDCASE;
break;
case 'm':
map->map_mflags |= MF_MATCHONLY;
break;
case 'A':
map->map_mflags |= MF_APPEND;
break;
case 'q':
map->map_mflags |= MF_KEEPQUOTES;
break;
case 't':
map->map_mflags |= MF_NODEFER;
break;
case 'a':
map->map_app = ++p;
break;
case 'T':
map->map_tapp = ++p;
break;
case 'l':
while (isascii(*++p) && isspace(*p))
continue;
pmap->ph_timeout = atoi(p);
break;
case 'S':
map->map_spacesub = *++p;
break;
case 'D':
map->map_mflags |= MF_DEFER;
break;
case 'h': /* PH server list */
while (isascii(*++p) && isspace(*p))
continue;
pmap->ph_servers = p;
break;
case 'k': /* fields to search for */
while (isascii(*++p) && isspace(*p))
continue;
pmap->ph_field_list = p;
break;
default:
syserr("ph_map_parseargs: unknown option -%c", *p);
}
/* try to account for quoted strings */
- done = isascii(*p) && isspace(*p);
+ done = SM_ISSPACE(*p);
while (*p != '\0' && !done)
{
if (*p == '"')
{
while (*++p != '"' && *p != '\0')
continue;
if (*p != '\0')
p++;
}
else
p++;
- done = isascii(*p) && isspace(*p);
+ done = SM_ISSPACE(*p);
}
if (*p != '\0')
*p++ = '\0';
}
if (map->map_app != NULL)
map->map_app = newstr(ph_map_dequote(map->map_app));
if (map->map_tapp != NULL)
map->map_tapp = newstr(ph_map_dequote(map->map_tapp));
if (pmap->ph_field_list != NULL)
pmap->ph_field_list = newstr(ph_map_dequote(pmap->ph_field_list));
if (pmap->ph_servers != NULL)
pmap->ph_servers = newstr(ph_map_dequote(pmap->ph_servers));
else
{
syserr("ph_map_parseargs: -h flag is required");
return false;
}
map->map_db1 = (ARBPTR_T) pmap;
return true;
}
/*
** PH_MAP_CLOSE -- close the connection to the ph server
*/
void
ph_map_close(map)
MAP *map;
{
PH_MAP_STRUCT *pmap;
pmap = (PH_MAP_STRUCT *)map->map_db1;
if (tTd(38, 9))
sm_dprintf("ph_map_close(%s): pmap->ph_fastclose=%d\n",
map->map_mname, pmap->ph_fastclose);
if (pmap->ph != NULL)
{
ph_set_sendhook(pmap->ph, NULL);
ph_set_recvhook(pmap->ph, NULL);
ph_close(pmap->ph, pmap->ph_fastclose);
}
map->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
}
static jmp_buf PHTimeout;
/* ARGSUSED */
static void
ph_timeout(unused)
int unused;
{
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
errno = ETIMEDOUT;
longjmp(PHTimeout, 1);
}
static void
#if NPH_VERSION >= 10200
ph_map_send_debug(appdata, text)
void *appdata;
#else
ph_map_send_debug(text)
#endif
char *text;
{
if (LogLevel > 9)
sm_syslog(LOG_NOTICE, CurEnv->e_id,
"ph_map_send_debug: ==> %s", text);
if (tTd(38, 20))
sm_dprintf("ph_map_send_debug: ==> %s\n", text);
}
static void
#if NPH_VERSION >= 10200
ph_map_recv_debug(appdata, text)
void *appdata;
#else
ph_map_recv_debug(text)
#endif
char *text;
{
if (LogLevel > 10)
sm_syslog(LOG_NOTICE, CurEnv->e_id,
"ph_map_recv_debug: <== %s", text);
if (tTd(38, 21))
sm_dprintf("ph_map_recv_debug: <== %s\n", text);
}
/*
** PH_MAP_OPEN -- sub for opening PH map
*/
bool
ph_map_open(map, mode)
MAP *map;
int mode;
{
PH_MAP_STRUCT *pmap;
register SM_EVENT *ev = NULL;
int save_errno = 0;
char *hostlist, *host;
if (tTd(38, 2))
sm_dprintf("ph_map_open(%s)\n", map->map_mname);
mode &= O_ACCMODE;
if (mode != O_RDONLY)
{
/* issue a pseudo-error message */
errno = SM_EMAPCANTWRITE;
return false;
}
if (CurEnv != NULL && CurEnv->e_sendmode == SM_DEFER &&
bitset(MF_DEFER, map->map_mflags))
{
if (tTd(9, 1))
sm_dprintf("ph_map_open(%s) => DEFERRED\n",
map->map_mname);
/*
** Unset MF_DEFER here so that map_lookup() returns
** a temporary failure using the bogus map and
** map->map_tapp instead of the default permanent error.
*/
map->map_mflags &= ~MF_DEFER;
return false;
}
pmap = (PH_MAP_STRUCT *)map->map_db1;
pmap->ph_fastclose = 0; /* refresh field for reopen */
/* try each host in the list */
hostlist = newstr(pmap->ph_servers);
for (host = strtok(hostlist, " ");
host != NULL;
host = strtok(NULL, " "))
{
/* set timeout */
if (pmap->ph_timeout != 0)
{
if (setjmp(PHTimeout) != 0)
{
ev = NULL;
if (LogLevel > 1)
sm_syslog(LOG_NOTICE, CurEnv->e_id,
"timeout connecting to PH server %.100s",
host);
errno = ETIMEDOUT;
goto ph_map_open_abort;
}
ev = sm_setevent(pmap->ph_timeout, ph_timeout, 0);
}
/* open connection to server */
if (ph_open(&(pmap->ph), host,
PH_OPEN_ROUNDROBIN|PH_OPEN_DONTID,
ph_map_send_debug, ph_map_recv_debug
#if NPH_VERSION >= 10200
, NULL
#endif
) == 0
&& ph_id(pmap->ph, phmap_id) == 0)
{
if (ev != NULL)
sm_clrevent(ev);
sm_free(hostlist); /* XXX */
return true;
}
ph_map_open_abort:
save_errno = errno;
if (ev != NULL)
sm_clrevent(ev);
pmap->ph_fastclose = PH_CLOSE_FAST;
ph_map_close(map);
errno = save_errno;
}
if (bitset(MF_NODEFER, map->map_mflags))
{
if (errno == 0)
errno = EAGAIN;
syserr("ph_map_open: %s: cannot connect to PH server",
map->map_mname);
}
else if (!bitset(MF_OPTIONAL, map->map_mflags) && LogLevel > 1)
sm_syslog(LOG_NOTICE, CurEnv->e_id,
"ph_map_open: %s: cannot connect to PH server",
map->map_mname);
sm_free(hostlist); /* XXX */
return false;
}
/*
** PH_MAP_LOOKUP -- look up key from ph server
*/
char *
ph_map_lookup(map, key, args, pstat)
MAP *map;
char *key;
char **args;
int *pstat;
{
int i, save_errno = 0;
register SM_EVENT *ev = NULL;
PH_MAP_STRUCT *pmap;
char *value = NULL;
pmap = (PH_MAP_STRUCT *)map->map_db1;
*pstat = EX_OK;
/* set timeout */
if (pmap->ph_timeout != 0)
{
if (setjmp(PHTimeout) != 0)
{
ev = NULL;
if (LogLevel > 1)
sm_syslog(LOG_NOTICE, CurEnv->e_id,
"timeout during PH lookup of %.100s",
key);
errno = ETIMEDOUT;
*pstat = EX_TEMPFAIL;
goto ph_map_lookup_abort;
}
ev = sm_setevent(pmap->ph_timeout, ph_timeout, 0);
}
/* perform lookup */
i = ph_email_resolve(pmap->ph, key, pmap->ph_field_list, &value);
if (i == -1)
*pstat = EX_TEMPFAIL;
else if (i == PH_ERR_NOMATCH || i == PH_ERR_DATAERR)
*pstat = EX_UNAVAILABLE;
ph_map_lookup_abort:
if (ev != NULL)
sm_clrevent(ev);
/*
** Close the connection if the timer popped
** or we got a temporary PH error
*/
if (*pstat == EX_TEMPFAIL)
{
save_errno = errno;
pmap->ph_fastclose = PH_CLOSE_FAST;
ph_map_close(map);
errno = save_errno;
}
if (*pstat == EX_OK)
{
if (tTd(38,20))
sm_dprintf("ph_map_lookup: %s => %s\n", key, value);
if (bitset(MF_MATCHONLY, map->map_mflags))
return map_rewrite(map, key, strlen(key), NULL);
else
return map_rewrite(map, value, strlen(value), args);
}
return NULL;
}
#endif /* PH_MAP */
/*
** syslog map
*/
#define map_prio map_lockfd /* overload field */
/*
** SYSLOG_MAP_PARSEARGS -- check for priority level to syslog messages.
*/
bool
syslog_map_parseargs(map, args)
MAP *map;
char *args;
{
char *p = args;
char *priority = NULL;
/* there is no check whether there is really an argument */
while (*p != '\0')
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '-')
break;
++p;
if (*p == 'D')
{
map->map_mflags |= MF_DEFER;
++p;
}
else if (*p == 'S')
{
map->map_spacesub = *++p;
if (*p != '\0')
p++;
}
else if (*p == 'L')
{
- while (*++p != '\0' && isascii(*p) && isspace(*p))
+ while (*++p != '\0' && SM_ISSPACE(*p))
continue;
if (*p == '\0')
break;
priority = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
}
else
{
syserr("Illegal option %c map syslog", *p);
++p;
}
}
if (priority == NULL)
map->map_prio = LOG_INFO;
else
{
if (sm_strncasecmp("LOG_", priority, 4) == 0)
priority += 4;
#ifdef LOG_EMERG
if (sm_strcasecmp("EMERG", priority) == 0)
map->map_prio = LOG_EMERG;
else
#endif /* LOG_EMERG */
#ifdef LOG_ALERT
if (sm_strcasecmp("ALERT", priority) == 0)
map->map_prio = LOG_ALERT;
else
#endif /* LOG_ALERT */
#ifdef LOG_CRIT
if (sm_strcasecmp("CRIT", priority) == 0)
map->map_prio = LOG_CRIT;
else
#endif /* LOG_CRIT */
#ifdef LOG_ERR
if (sm_strcasecmp("ERR", priority) == 0)
map->map_prio = LOG_ERR;
else
#endif /* LOG_ERR */
#ifdef LOG_WARNING
if (sm_strcasecmp("WARNING", priority) == 0)
map->map_prio = LOG_WARNING;
else
#endif /* LOG_WARNING */
#ifdef LOG_NOTICE
if (sm_strcasecmp("NOTICE", priority) == 0)
map->map_prio = LOG_NOTICE;
else
#endif /* LOG_NOTICE */
#ifdef LOG_INFO
if (sm_strcasecmp("INFO", priority) == 0)
map->map_prio = LOG_INFO;
else
#endif /* LOG_INFO */
#ifdef LOG_DEBUG
if (sm_strcasecmp("DEBUG", priority) == 0)
map->map_prio = LOG_DEBUG;
else
#endif /* LOG_DEBUG */
{
syserr("syslog_map_parseargs: Unknown priority %s",
priority);
return false;
}
}
return true;
}
/*
** SYSLOG_MAP_LOOKUP -- rewrite and syslog message. Always return empty string
*/
char *
syslog_map_lookup(map, string, args, statp)
MAP *map;
char *string;
char **args;
int *statp;
{
char *ptr = map_rewrite(map, string, strlen(string), args);
if (ptr != NULL)
{
if (tTd(38, 20))
sm_dprintf("syslog_map_lookup(%s (priority %d): %s\n",
map->map_mname, map->map_prio, ptr);
sm_syslog(map->map_prio, CurEnv->e_id, "%s", ptr);
}
*statp = EX_OK;
return "";
}
#if _FFR_DPRINTF_MAP
/*
** dprintf map
*/
#define map_dbg_level map_lockfd /* overload field */
/*
** DPRINTF_MAP_PARSEARGS -- check for priority level to dprintf messages.
*/
bool
dprintf_map_parseargs(map, args)
MAP *map;
char *args;
{
char *p = args;
char *dbg_level = NULL;
/* there is no check whether there is really an argument */
while (*p != '\0')
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '-')
break;
++p;
if (*p == 'D')
{
map->map_mflags |= MF_DEFER;
++p;
}
else if (*p == 'S')
{
map->map_spacesub = *++p;
if (*p != '\0')
p++;
}
else if (*p == 'd')
{
- while (*++p != '\0' && isascii(*p) && isspace(*p))
+ while (*++p != '\0' && SM_ISSPACE(*p))
continue;
if (*p == '\0')
break;
dbg_level = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
}
else
{
syserr("Illegal option %c map dprintf", *p);
++p;
}
}
if (dbg_level == NULL)
map->map_dbg_level = 0;
else
{
if (!(isascii(*dbg_level) && isdigit(*dbg_level)))
{
syserr("dprintf map \"%s\", file %s: -d should specify a number, not %s",
map->map_mname, map->map_file,
dbg_level);
return false;
}
map->map_dbg_level = atoi(dbg_level);
}
return true;
}
/*
** DPRINTF_MAP_LOOKUP -- rewrite and print message. Always return empty string
*/
char *
dprintf_map_lookup(map, string, args, statp)
MAP *map;
char *string;
char **args;
int *statp;
{
char *ptr = map_rewrite(map, string, strlen(string), args);
if (ptr != NULL && tTd(85, map->map_dbg_level))
sm_dprintf("%s\n", ptr);
*statp = EX_OK;
return "";
}
#endif /* _FFR_DPRINTF_MAP */
/*
** HESIOD Modules
*/
#if HESIOD
bool
hes_map_open(map, mode)
MAP *map;
int mode;
{
if (tTd(38, 2))
sm_dprintf("hes_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
if (mode != O_RDONLY)
{
/* issue a pseudo-error message */
errno = SM_EMAPCANTWRITE;
return false;
}
# ifdef HESIOD_INIT
if (HesiodContext != NULL || hesiod_init(&HesiodContext) == 0)
return true;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("451 4.3.5 cannot initialize Hesiod map (%s)",
sm_errstring(errno));
return false;
# else /* HESIOD_INIT */
if (hes_error() == HES_ER_UNINIT)
hes_init();
switch (hes_error())
{
case HES_ER_OK:
case HES_ER_NOTFOUND:
return true;
}
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("451 4.3.5 cannot initialize Hesiod map (%d)", hes_error());
return false;
# endif /* HESIOD_INIT */
}
char *
hes_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
char **hp;
if (tTd(38, 20))
sm_dprintf("hes_map_lookup(%s, %s)\n", map->map_file, name);
if (name[0] == '\\')
{
char *np;
int nl;
int save_errno;
char nbuf[MAXNAME];
nl = strlen(name);
if (nl < sizeof(nbuf) - 1)
np = nbuf;
else
np = xalloc(strlen(name) + 2);
np[0] = '\\';
(void) sm_strlcpy(&np[1], name, (sizeof(nbuf)) - 1);
# ifdef HESIOD_INIT
hp = hesiod_resolve(HesiodContext, np, map->map_file);
-# else /* HESIOD_INIT */
+# else
hp = hes_resolve(np, map->map_file);
# endif /* HESIOD_INIT */
save_errno = errno;
if (np != nbuf)
sm_free(np); /* XXX */
errno = save_errno;
}
else
{
# ifdef HESIOD_INIT
hp = hesiod_resolve(HesiodContext, name, map->map_file);
-# else /* HESIOD_INIT */
+# else
hp = hes_resolve(name, map->map_file);
# endif /* HESIOD_INIT */
}
# ifdef HESIOD_INIT
if (hp == NULL || *hp == NULL)
{
switch (errno)
{
case ENOENT:
*statp = EX_NOTFOUND;
break;
case ECONNREFUSED:
*statp = EX_TEMPFAIL;
break;
case EMSGSIZE:
case ENOMEM:
default:
*statp = EX_UNAVAILABLE;
break;
}
if (hp != NULL)
hesiod_free_list(HesiodContext, hp);
return NULL;
}
# else /* HESIOD_INIT */
if (hp == NULL || hp[0] == NULL)
{
switch (hes_error())
{
case HES_ER_OK:
*statp = EX_OK;
break;
case HES_ER_NOTFOUND:
*statp = EX_NOTFOUND;
break;
case HES_ER_CONFIG:
*statp = EX_UNAVAILABLE;
break;
case HES_ER_NET:
*statp = EX_TEMPFAIL;
break;
}
return NULL;
}
# endif /* HESIOD_INIT */
if (bitset(MF_MATCHONLY, map->map_mflags))
return map_rewrite(map, name, strlen(name), NULL);
else
return map_rewrite(map, hp[0], strlen(hp[0]), av);
}
/*
** HES_MAP_CLOSE -- free the Hesiod context
*/
void
hes_map_close(map)
MAP *map;
{
if (tTd(38, 20))
sm_dprintf("hes_map_close(%s)\n", map->map_file);
# ifdef HESIOD_INIT
/* Free the hesiod context */
if (HesiodContext != NULL)
{
hesiod_end(HesiodContext);
HesiodContext = NULL;
}
# endif /* HESIOD_INIT */
}
#endif /* HESIOD */
/*
** NeXT NETINFO Modules
*/
#if NETINFO
# define NETINFO_DEFAULT_DIR "/aliases"
# define NETINFO_DEFAULT_PROPERTY "members"
/*
** NI_MAP_OPEN -- open NetInfo Aliases
*/
bool
ni_map_open(map, mode)
MAP *map;
int mode;
{
if (tTd(38, 2))
sm_dprintf("ni_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
mode &= O_ACCMODE;
if (*map->map_file == '\0')
map->map_file = NETINFO_DEFAULT_DIR;
if (map->map_valcolnm == NULL)
map->map_valcolnm = NETINFO_DEFAULT_PROPERTY;
if (map->map_coldelim == '\0')
{
if (bitset(MF_ALIAS, map->map_mflags))
map->map_coldelim = ',';
else if (bitset(MF_FILECLASS, map->map_mflags))
map->map_coldelim = ' ';
}
return true;
}
/*
** NI_MAP_LOOKUP -- look up a datum in NetInfo
*/
char *
ni_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
char *res;
char *propval;
if (tTd(38, 20))
sm_dprintf("ni_map_lookup(%s, %s)\n", map->map_mname, name);
propval = ni_propval(map->map_file, map->map_keycolnm, name,
map->map_valcolnm, map->map_coldelim);
if (propval == NULL)
return NULL;
SM_TRY
if (bitset(MF_MATCHONLY, map->map_mflags))
res = map_rewrite(map, name, strlen(name), NULL);
else
res = map_rewrite(map, propval, strlen(propval), av);
SM_FINALLY
sm_free(propval);
SM_END_TRY
return res;
}
static bool
ni_getcanonname(name, hbsize, statp)
char *name;
int hbsize;
int *statp;
{
char *vptr;
char *ptr;
char nbuf[MAXNAME + 1];
if (tTd(38, 20))
sm_dprintf("ni_getcanonname(%s)\n", name);
if (sm_strlcpy(nbuf, name, sizeof(nbuf)) >= sizeof(nbuf))
{
*statp = EX_UNAVAILABLE;
return false;
}
(void) shorten_hostname(nbuf);
/* we only accept single token search key */
if (strchr(nbuf, '.'))
{
*statp = EX_NOHOST;
return false;
}
/* Do the search */
vptr = ni_propval("/machines", NULL, nbuf, "name", '\n');
if (vptr == NULL)
{
*statp = EX_NOHOST;
return false;
}
/* Only want the first machine name */
if ((ptr = strchr(vptr, '\n')) != NULL)
*ptr = '\0';
if (sm_strlcpy(name, vptr, hbsize) >= hbsize)
{
sm_free(vptr);
*statp = EX_UNAVAILABLE;
return true;
}
sm_free(vptr);
*statp = EX_OK;
return false;
}
#endif /* NETINFO */
/*
** TEXT (unindexed text file) Modules
**
** This code donated by Sun Microsystems.
*/
#define map_sff map_lockfd /* overload field */
/*
** TEXT_MAP_OPEN -- open text table
*/
bool
text_map_open(map, mode)
MAP *map;
int mode;
{
long sff;
int i;
if (tTd(38, 2))
sm_dprintf("text_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
mode &= O_ACCMODE;
if (mode != O_RDONLY)
{
errno = EPERM;
return false;
}
if (*map->map_file == '\0')
{
syserr("text map \"%s\": file name required",
map->map_mname);
return false;
}
if (map->map_file[0] != '/')
{
syserr("text map \"%s\": file name must be fully qualified",
map->map_mname);
return false;
}
sff = SFF_ROOTOK|SFF_REGONLY;
if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
sff |= SFF_NOWLINK;
if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
sff |= SFF_SAFEDIRPATH;
if ((i = safefile(map->map_file, RunAsUid, RunAsGid, RunAsUserName,
sff, S_IRUSR, NULL)) != 0)
{
int save_errno = errno;
/* cannot open this map */
if (tTd(38, 2))
sm_dprintf("\tunsafe map file: %d\n", i);
errno = save_errno;
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("text map \"%s\": unsafe map file %s",
map->map_mname, map->map_file);
return false;
}
if (map->map_keycolnm == NULL)
map->map_keycolno = 0;
else
{
if (!(isascii(*map->map_keycolnm) && isdigit(*map->map_keycolnm)))
{
syserr("text map \"%s\", file %s: -k should specify a number, not %s",
map->map_mname, map->map_file,
map->map_keycolnm);
return false;
}
map->map_keycolno = atoi(map->map_keycolnm);
}
if (map->map_valcolnm == NULL)
map->map_valcolno = 0;
else
{
if (!(isascii(*map->map_valcolnm) && isdigit(*map->map_valcolnm)))
{
syserr("text map \"%s\", file %s: -v should specify a number, not %s",
map->map_mname, map->map_file,
map->map_valcolnm);
return false;
}
map->map_valcolno = atoi(map->map_valcolnm);
}
if (tTd(38, 2))
{
sm_dprintf("text_map_open(%s, %s): delimiter = ",
map->map_mname, map->map_file);
if (map->map_coldelim == '\0')
sm_dprintf("(white space)\n");
else
sm_dprintf("%c\n", map->map_coldelim);
}
map->map_sff = sff;
return true;
}
/*
** TEXT_MAP_LOOKUP -- look up a datum in a TEXT table
*/
char *
text_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
char *vp;
auto int vsize;
int buflen;
SM_FILE_T *f;
char delim;
int key_idx;
bool found_it;
long sff = map->map_sff;
char search_key[MAXNAME + 1];
char linebuf[MAXLINE];
char buf[MAXNAME + 1];
found_it = false;
if (tTd(38, 20))
sm_dprintf("text_map_lookup(%s, %s)\n", map->map_mname, name);
buflen = strlen(name);
if (buflen > sizeof(search_key) - 1)
buflen = sizeof(search_key) - 1; /* XXX just cut if off? */
memmove(search_key, name, buflen);
search_key[buflen] = '\0';
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
makelower(search_key);
f = safefopen(map->map_file, O_RDONLY, FileMode, sff);
if (f == NULL)
{
map->map_mflags &= ~(MF_VALID|MF_OPEN);
*statp = EX_UNAVAILABLE;
return NULL;
}
key_idx = map->map_keycolno;
delim = map->map_coldelim;
while (sm_io_fgets(f, SM_TIME_DEFAULT,
linebuf, sizeof(linebuf)) >= 0)
{
char *p;
/* skip comment line */
if (linebuf[0] == '#')
continue;
p = strchr(linebuf, '\n');
if (p != NULL)
*p = '\0';
p = get_column(linebuf, key_idx, delim, buf, sizeof(buf));
if (p != NULL && sm_strcasecmp(search_key, p) == 0)
{
found_it = true;
break;
}
}
(void) sm_io_close(f, SM_TIME_DEFAULT);
if (!found_it)
{
*statp = EX_NOTFOUND;
return NULL;
}
vp = get_column(linebuf, map->map_valcolno, delim, buf, sizeof(buf));
if (vp == NULL)
{
*statp = EX_NOTFOUND;
return NULL;
}
vsize = strlen(vp);
*statp = EX_OK;
if (bitset(MF_MATCHONLY, map->map_mflags))
return map_rewrite(map, name, strlen(name), NULL);
else
return map_rewrite(map, vp, vsize, av);
}
/*
** TEXT_GETCANONNAME -- look up canonical name in hosts file
*/
static bool
text_getcanonname(name, hbsize, statp)
char *name;
int hbsize;
int *statp;
{
bool found;
char *dot;
SM_FILE_T *f;
char linebuf[MAXLINE];
char cbuf[MAXNAME + 1];
char nbuf[MAXNAME + 1];
if (tTd(38, 20))
sm_dprintf("text_getcanonname(%s)\n", name);
if (sm_strlcpy(nbuf, name, sizeof(nbuf)) >= sizeof(nbuf))
{
*statp = EX_UNAVAILABLE;
return false;
}
dot = shorten_hostname(nbuf);
f = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, HostsFile, SM_IO_RDONLY,
NULL);
if (f == NULL)
{
*statp = EX_UNAVAILABLE;
return false;
}
found = false;
while (!found &&
sm_io_fgets(f, SM_TIME_DEFAULT,
linebuf, sizeof(linebuf)) >= 0)
{
char *p = strpbrk(linebuf, "#\n");
if (p != NULL)
*p = '\0';
if (linebuf[0] != '\0')
found = extract_canonname(nbuf, dot, linebuf,
cbuf, sizeof(cbuf));
}
(void) sm_io_close(f, SM_TIME_DEFAULT);
if (!found)
{
*statp = EX_NOHOST;
return false;
}
if (sm_strlcpy(name, cbuf, hbsize) >= hbsize)
{
*statp = EX_UNAVAILABLE;
return false;
}
*statp = EX_OK;
return true;
}
/*
** STAB (Symbol Table) Modules
*/
/*
** STAB_MAP_LOOKUP -- look up alias in symbol table
*/
/* ARGSUSED2 */
char *
stab_map_lookup(map, name, av, pstat)
register MAP *map;
char *name;
char **av;
int *pstat;
{
register STAB *s;
if (tTd(38, 20))
sm_dprintf("stab_lookup(%s, %s)\n",
map->map_mname, name);
s = stab(name, ST_ALIAS, ST_FIND);
if (s == NULL)
return NULL;
if (bitset(MF_MATCHONLY, map->map_mflags))
return map_rewrite(map, name, strlen(name), NULL);
else
return map_rewrite(map, s->s_alias, strlen(s->s_alias), av);
}
/*
** STAB_MAP_STORE -- store in symtab (actually using during init, not rebuild)
*/
void
stab_map_store(map, lhs, rhs)
register MAP *map;
char *lhs;
char *rhs;
{
register STAB *s;
s = stab(lhs, ST_ALIAS, ST_ENTER);
s->s_alias = newstr(rhs);
}
/*
** STAB_MAP_OPEN -- initialize (reads data file)
**
** This is a weird case -- it is only intended as a fallback for
** aliases. For this reason, opens for write (only during a
** "newaliases") always fails, and opens for read open the
** actual underlying text file instead of the database.
*/
bool
stab_map_open(map, mode)
register MAP *map;
int mode;
{
SM_FILE_T *af;
long sff;
struct stat st;
if (tTd(38, 2))
sm_dprintf("stab_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
mode &= O_ACCMODE;
if (mode != O_RDONLY)
{
errno = EPERM;
return false;
}
sff = SFF_ROOTOK|SFF_REGONLY;
if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail))
sff |= SFF_NOWLINK;
if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail))
sff |= SFF_SAFEDIRPATH;
af = safefopen(map->map_file, O_RDONLY, 0444, sff);
if (af == NULL)
return false;
readaliases(map, af, false, false);
if (fstat(sm_io_getinfo(af, SM_IO_WHAT_FD, NULL), &st) >= 0)
map->map_mtime = st.st_mtime;
(void) sm_io_close(af, SM_TIME_DEFAULT);
return true;
}
/*
** Implicit Modules
**
** Tries several types. For back compatibility of aliases.
*/
/*
** IMPL_MAP_LOOKUP -- lookup in best open database
*/
char *
impl_map_lookup(map, name, av, pstat)
MAP *map;
char *name;
char **av;
int *pstat;
{
if (tTd(38, 20))
sm_dprintf("impl_map_lookup(%s, %s)\n",
map->map_mname, name);
#if NEWDB
if (bitset(MF_IMPL_HASH, map->map_mflags))
return db_map_lookup(map, name, av, pstat);
-#endif /* NEWDB */
+#endif
#if NDBM
if (bitset(MF_IMPL_NDBM, map->map_mflags))
return ndbm_map_lookup(map, name, av, pstat);
-#endif /* NDBM */
+#endif
+#if CDB
+ if (bitset(MF_IMPL_CDB, map->map_mflags))
+ return cdb_map_lookup(map, name, av, pstat);
+#endif
return stab_map_lookup(map, name, av, pstat);
}
/*
** IMPL_MAP_STORE -- store in open databases
*/
void
impl_map_store(map, lhs, rhs)
MAP *map;
char *lhs;
char *rhs;
{
if (tTd(38, 12))
sm_dprintf("impl_map_store(%s, %s, %s)\n",
map->map_mname, lhs, rhs);
#if NEWDB
if (bitset(MF_IMPL_HASH, map->map_mflags))
db_map_store(map, lhs, rhs);
-#endif /* NEWDB */
+#endif
#if NDBM
if (bitset(MF_IMPL_NDBM, map->map_mflags))
ndbm_map_store(map, lhs, rhs);
-#endif /* NDBM */
+#endif
+#if CDB
+ if (bitset(MF_IMPL_CDB, map->map_mflags))
+ cdb_map_store(map, lhs, rhs);
+#endif
stab_map_store(map, lhs, rhs);
}
/*
** IMPL_MAP_OPEN -- implicit database open
*/
bool
impl_map_open(map, mode)
MAP *map;
int mode;
{
+ bool wasopt;
+
if (tTd(38, 2))
sm_dprintf("impl_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
mode &= O_ACCMODE;
+ wasopt = bitset(MF_OPTIONAL, map->map_mflags);
+
+ /* suppress error msgs */
+ map->map_mflags |= MF_OPTIONAL;
#if NEWDB
map->map_mflags |= MF_IMPL_HASH;
if (hash_map_open(map, mode))
{
# ifdef NDBM_YP_COMPAT
if (mode == O_RDONLY || strstr(map->map_file, "/yp/") == NULL)
-# endif /* NDBM_YP_COMPAT */
- return true;
+# endif
+ goto ok;
}
else
map->map_mflags &= ~MF_IMPL_HASH;
#endif /* NEWDB */
#if NDBM
map->map_mflags |= MF_IMPL_NDBM;
if (ndbm_map_open(map, mode))
- {
- return true;
- }
+ goto ok;
else
map->map_mflags &= ~MF_IMPL_NDBM;
#endif /* NDBM */
-#if defined(NEWDB) || defined(NDBM)
+#if CDB
+ map->map_mflags |= MF_IMPL_CDB;
+ if (cdb_map_open(map, mode))
+ goto ok;
+ else
+ map->map_mflags &= ~MF_IMPL_CDB;
+#endif /* CDB */
+
+ if (!bitset(MF_ALIAS, map->map_mflags))
+ goto fail;
+#if NEWDB || NDBM || CDB
if (Verbose)
message("WARNING: cannot open alias database %s%s",
map->map_file,
mode == O_RDONLY ? "; reading text version" : "");
-#else /* defined(NEWDB) || defined(NDBM) */
+#else
if (mode != O_RDONLY)
usrerr("Cannot rebuild aliases: no database format defined");
-#endif /* defined(NEWDB) || defined(NDBM) */
+#endif
- if (mode == O_RDONLY)
- return stab_map_open(map, mode);
- else
- return false;
+ if (mode == O_RDONLY && stab_map_open(map, mode))
+ goto ok;
+
+ fail:
+ if (!wasopt)
+ map->map_mflags &= ~MF_OPTIONAL;
+ return false;
+
+ ok:
+ if (!wasopt)
+ map->map_mflags &= ~MF_OPTIONAL;
+ return true;
}
/*
** IMPL_MAP_CLOSE -- close any open database(s)
*/
void
impl_map_close(map)
MAP *map;
{
if (tTd(38, 9))
sm_dprintf("impl_map_close(%s, %s, %lx)\n",
map->map_mname, map->map_file, map->map_mflags);
#if NEWDB
if (bitset(MF_IMPL_HASH, map->map_mflags))
{
db_map_close(map);
map->map_mflags &= ~MF_IMPL_HASH;
}
#endif /* NEWDB */
#if NDBM
if (bitset(MF_IMPL_NDBM, map->map_mflags))
{
ndbm_map_close(map);
map->map_mflags &= ~MF_IMPL_NDBM;
}
#endif /* NDBM */
+#if CDB
+ if (bitset(MF_IMPL_CDB, map->map_mflags))
+ {
+ cdb_map_close(map);
+ map->map_mflags &= ~MF_IMPL_CDB;
+ }
+#endif /* CDB */
}
+
/*
** User map class.
**
** Provides access to the system password file.
*/
/*
** USER_MAP_OPEN -- open user map
**
** Really just binds field names to field numbers.
*/
bool
user_map_open(map, mode)
MAP *map;
int mode;
{
if (tTd(38, 2))
sm_dprintf("user_map_open(%s, %d)\n",
map->map_mname, mode);
mode &= O_ACCMODE;
if (mode != O_RDONLY)
{
/* issue a pseudo-error message */
errno = SM_EMAPCANTWRITE;
return false;
}
if (map->map_valcolnm == NULL)
/* EMPTY */
/* nothing */ ;
else if (sm_strcasecmp(map->map_valcolnm, "name") == 0)
map->map_valcolno = 1;
else if (sm_strcasecmp(map->map_valcolnm, "passwd") == 0)
map->map_valcolno = 2;
else if (sm_strcasecmp(map->map_valcolnm, "uid") == 0)
map->map_valcolno = 3;
else if (sm_strcasecmp(map->map_valcolnm, "gid") == 0)
map->map_valcolno = 4;
else if (sm_strcasecmp(map->map_valcolnm, "gecos") == 0)
map->map_valcolno = 5;
else if (sm_strcasecmp(map->map_valcolnm, "dir") == 0)
map->map_valcolno = 6;
else if (sm_strcasecmp(map->map_valcolnm, "shell") == 0)
map->map_valcolno = 7;
else
{
syserr("User map %s: unknown column name %s",
map->map_mname, map->map_valcolnm);
return false;
}
return true;
}
/*
** USER_MAP_LOOKUP -- look up a user in the passwd file.
*/
/* ARGSUSED3 */
char *
user_map_lookup(map, key, av, statp)
MAP *map;
char *key;
char **av;
int *statp;
{
auto bool fuzzy;
SM_MBDB_T user;
if (tTd(38, 20))
sm_dprintf("user_map_lookup(%s, %s)\n",
map->map_mname, key);
*statp = finduser(key, &fuzzy, &user);
if (*statp != EX_OK)
return NULL;
if (bitset(MF_MATCHONLY, map->map_mflags))
return map_rewrite(map, key, strlen(key), NULL);
else
{
char *rwval = NULL;
char buf[30];
switch (map->map_valcolno)
{
case 0:
case 1:
rwval = user.mbdb_name;
break;
case 2:
rwval = "x"; /* passwd no longer supported */
break;
case 3:
(void) sm_snprintf(buf, sizeof(buf), "%d",
(int) user.mbdb_uid);
rwval = buf;
break;
case 4:
(void) sm_snprintf(buf, sizeof(buf), "%d",
(int) user.mbdb_gid);
rwval = buf;
break;
case 5:
rwval = user.mbdb_fullname;
break;
case 6:
rwval = user.mbdb_homedir;
break;
case 7:
rwval = user.mbdb_shell;
break;
default:
syserr("user_map %s: bogus field %d",
map->map_mname, map->map_valcolno);
return NULL;
}
return map_rewrite(map, rwval, strlen(rwval), av);
}
}
/*
** Program map type.
**
** This provides access to arbitrary programs. It should be used
** only very sparingly, since there is no way to bound the cost
** of invoking an arbitrary program.
*/
char *
prog_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
int i;
int save_errno;
int fd;
int status;
auto pid_t pid;
register char *p;
char *rval;
char *argv[MAXPV + 1];
char buf[MAXLINE];
if (tTd(38, 20))
sm_dprintf("prog_map_lookup(%s, %s) %s\n",
map->map_mname, name, map->map_file);
i = 0;
argv[i++] = map->map_file;
if (map->map_rebuild != NULL)
{
(void) sm_strlcpy(buf, map->map_rebuild, sizeof(buf));
for (p = strtok(buf, " \t"); p != NULL; p = strtok(NULL, " \t"))
{
if (i >= MAXPV - 1)
break;
argv[i++] = p;
}
}
argv[i++] = name;
argv[i] = NULL;
if (tTd(38, 21))
{
sm_dprintf("prog_open:");
for (i = 0; argv[i] != NULL; i++)
sm_dprintf(" %s", argv[i]);
sm_dprintf("\n");
}
(void) sm_blocksignal(SIGCHLD);
pid = prog_open(argv, &fd, CurEnv);
if (pid < 0)
{
if (!bitset(MF_OPTIONAL, map->map_mflags))
syserr("prog_map_lookup(%s) failed (%s) -- closing",
map->map_mname, sm_errstring(errno));
else if (tTd(38, 9))
sm_dprintf("prog_map_lookup(%s) failed (%s) -- closing",
map->map_mname, sm_errstring(errno));
map->map_mflags &= ~(MF_VALID|MF_OPEN);
*statp = EX_OSFILE;
return NULL;
}
i = read(fd, buf, sizeof(buf) - 1);
if (i < 0)
{
syserr("prog_map_lookup(%s): read error %s",
map->map_mname, sm_errstring(errno));
rval = NULL;
}
else if (i == 0)
{
if (tTd(38, 20))
sm_dprintf("prog_map_lookup(%s): empty answer\n",
map->map_mname);
rval = NULL;
}
else
{
buf[i] = '\0';
p = strchr(buf, '\n');
if (p != NULL)
*p = '\0';
/* collect the return value */
if (bitset(MF_MATCHONLY, map->map_mflags))
rval = map_rewrite(map, name, strlen(name), NULL);
else
rval = map_rewrite(map, buf, strlen(buf), av);
/* now flush any additional output */
while ((i = read(fd, buf, sizeof(buf))) > 0)
continue;
}
/* wait for the process to terminate */
(void) close(fd);
status = waitfor(pid);
save_errno = errno;
(void) sm_releasesignal(SIGCHLD);
errno = save_errno;
if (status == -1)
{
syserr("prog_map_lookup(%s): wait error %s",
map->map_mname, sm_errstring(errno));
*statp = EX_SOFTWARE;
rval = NULL;
}
else if (WIFEXITED(status))
{
if ((*statp = WEXITSTATUS(status)) != EX_OK)
rval = NULL;
}
else
{
syserr("prog_map_lookup(%s): child died on signal %d",
map->map_mname, status);
*statp = EX_UNAVAILABLE;
rval = NULL;
}
return rval;
}
/*
** Sequenced map type.
**
** Tries each map in order until something matches, much like
** implicit. Stores go to the first map in the list that can
** support storing.
**
** This is slightly unusual in that there are two interfaces.
** The "sequence" interface lets you stack maps arbitrarily.
** The "switch" interface builds a sequence map by looking
** at a system-dependent configuration file such as
** /etc/nsswitch.conf on Solaris or /etc/svc.conf on Ultrix.
**
** We don't need an explicit open, since all maps are
** opened on demand.
*/
/*
** SEQ_MAP_PARSE -- Sequenced map parsing
*/
bool
seq_map_parse(map, ap)
MAP *map;
char *ap;
{
int maxmap;
if (tTd(38, 2))
sm_dprintf("seq_map_parse(%s, %s)\n", map->map_mname, ap);
maxmap = 0;
while (*ap != '\0')
{
register char *p;
STAB *s;
/* find beginning of map name */
- while (isascii(*ap) && isspace(*ap))
+ while (SM_ISSPACE(*ap))
ap++;
for (p = ap;
(isascii(*p) && isalnum(*p)) || *p == '_' || *p == '.';
p++)
continue;
if (*p != '\0')
*p++ = '\0';
while (*p != '\0' && (!isascii(*p) || !isalnum(*p)))
p++;
if (*ap == '\0')
{
ap = p;
continue;
}
s = stab(ap, ST_MAP, ST_FIND);
if (s == NULL)
{
syserr("Sequence map %s: unknown member map %s",
map->map_mname, ap);
}
else if (maxmap >= MAXMAPSTACK)
{
syserr("Sequence map %s: too many member maps (%d max)",
map->map_mname, MAXMAPSTACK);
maxmap++;
}
else if (maxmap < MAXMAPSTACK)
{
map->map_stack[maxmap++] = &s->s_map;
}
ap = p;
}
return true;
}
/*
** SWITCH_MAP_OPEN -- open a switched map
**
** This looks at the system-dependent configuration and builds
** a sequence map that does the same thing.
**
** Every system must define a switch_map_find routine in conf.c
** that will return the list of service types associated with a
** given service class.
*/
bool
switch_map_open(map, mode)
MAP *map;
int mode;
{
int mapno;
int nmaps;
char *maptype[MAXMAPSTACK];
if (tTd(38, 2))
sm_dprintf("switch_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
mode &= O_ACCMODE;
nmaps = switch_map_find(map->map_file, maptype, map->map_return);
if (tTd(38, 19))
{
sm_dprintf("\tswitch_map_find => %d\n", nmaps);
for (mapno = 0; mapno < nmaps; mapno++)
sm_dprintf("\t\t%s\n", maptype[mapno]);
}
if (nmaps <= 0 || nmaps > MAXMAPSTACK)
return false;
for (mapno = 0; mapno < nmaps; mapno++)
{
register STAB *s;
char nbuf[MAXNAME + 1];
if (maptype[mapno] == NULL)
continue;
(void) sm_strlcpyn(nbuf, sizeof(nbuf), 3,
map->map_mname, ".", maptype[mapno]);
s = stab(nbuf, ST_MAP, ST_FIND);
if (s == NULL)
{
syserr("Switch map %s: unknown member map %s",
map->map_mname, nbuf);
}
else
{
map->map_stack[mapno] = &s->s_map;
if (tTd(38, 4))
sm_dprintf("\tmap_stack[%d] = %s:%s\n",
mapno,
s->s_map.map_class->map_cname,
nbuf);
}
}
return true;
}
#if 0
/*
** SEQ_MAP_CLOSE -- close all underlying maps
*/
void
seq_map_close(map)
MAP *map;
{
int mapno;
if (tTd(38, 9))
sm_dprintf("seq_map_close(%s)\n", map->map_mname);
for (mapno = 0; mapno < MAXMAPSTACK; mapno++)
{
MAP *mm = map->map_stack[mapno];
if (mm == NULL || !bitset(MF_OPEN, mm->map_mflags))
continue;
mm->map_mflags |= MF_CLOSING;
mm->map_class->map_close(mm);
mm->map_mflags &= ~(MF_OPEN|MF_WRITABLE|MF_CLOSING);
}
}
#endif /* 0 */
/*
** SEQ_MAP_LOOKUP -- sequenced map lookup
*/
char *
seq_map_lookup(map, key, args, pstat)
MAP *map;
char *key;
char **args;
int *pstat;
{
int mapno;
int mapbit = 0x01;
bool tempfail = false;
if (tTd(38, 20))
sm_dprintf("seq_map_lookup(%s, %s)\n", map->map_mname, key);
for (mapno = 0; mapno < MAXMAPSTACK; mapbit <<= 1, mapno++)
{
MAP *mm = map->map_stack[mapno];
char *rv;
if (mm == NULL)
continue;
if (!bitset(MF_OPEN, mm->map_mflags) &&
!openmap(mm))
{
if (bitset(mapbit, map->map_return[MA_UNAVAIL]))
{
*pstat = EX_UNAVAILABLE;
return NULL;
}
continue;
}
*pstat = EX_OK;
rv = mm->map_class->map_lookup(mm, key, args, pstat);
if (rv != NULL)
return rv;
if (*pstat == EX_TEMPFAIL)
{
if (bitset(mapbit, map->map_return[MA_TRYAGAIN]))
return NULL;
tempfail = true;
}
else if (bitset(mapbit, map->map_return[MA_NOTFOUND]))
break;
}
if (tempfail)
*pstat = EX_TEMPFAIL;
else if (*pstat == EX_OK)
*pstat = EX_NOTFOUND;
return NULL;
}
/*
** SEQ_MAP_STORE -- sequenced map store
*/
void
seq_map_store(map, key, val)
MAP *map;
char *key;
char *val;
{
int mapno;
if (tTd(38, 12))
sm_dprintf("seq_map_store(%s, %s, %s)\n",
map->map_mname, key, val);
for (mapno = 0; mapno < MAXMAPSTACK; mapno++)
{
MAP *mm = map->map_stack[mapno];
if (mm == NULL || !bitset(MF_WRITABLE, mm->map_mflags))
continue;
mm->map_class->map_store(mm, key, val);
return;
}
syserr("seq_map_store(%s, %s, %s): no writable map",
map->map_mname, key, val);
}
/*
** NULL stubs
*/
/* ARGSUSED */
bool
null_map_open(map, mode)
MAP *map;
int mode;
{
return true;
}
/* ARGSUSED */
void
null_map_close(map)
MAP *map;
{
return;
}
char *
null_map_lookup(map, key, args, pstat)
MAP *map;
char *key;
char **args;
int *pstat;
{
*pstat = EX_NOTFOUND;
return NULL;
}
/* ARGSUSED */
void
null_map_store(map, key, val)
MAP *map;
char *key;
char *val;
{
return;
}
MAPCLASS NullMapClass =
{
"null-map", NULL, 0,
NULL, null_map_lookup, null_map_store,
null_map_open, null_map_close,
};
/*
** BOGUS stubs
*/
char *
bogus_map_lookup(map, key, args, pstat)
MAP *map;
char *key;
char **args;
int *pstat;
{
*pstat = EX_TEMPFAIL;
return NULL;
}
MAPCLASS BogusMapClass =
{
"bogus-map", NULL, 0,
NULL, bogus_map_lookup, null_map_store,
null_map_open, null_map_close,
};
/*
** MACRO modules
*/
char *
macro_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
int mid;
if (tTd(38, 20))
sm_dprintf("macro_map_lookup(%s, %s)\n", map->map_mname,
name == NULL ? "NULL" : name);
if (name == NULL ||
*name == '\0' ||
(mid = macid(name)) == 0)
{
*statp = EX_CONFIG;
return NULL;
}
if (av[1] == NULL)
macdefine(&CurEnv->e_macro, A_PERM, mid, NULL);
else
macdefine(&CurEnv->e_macro, A_TEMP, mid, av[1]);
*statp = EX_OK;
return "";
}
/*
** REGEX modules
*/
#if MAP_REGEX
# include <regex.h>
# define DEFAULT_DELIM CONDELSE
# define END_OF_FIELDS -1
# define ERRBUF_SIZE 80
# define MAX_MATCH 32
# define xnalloc(s) memset(xalloc(s), '\0', s);
struct regex_map
{
regex_t *regex_pattern_buf; /* xalloc it */
int *regex_subfields; /* move to type MAP */
char *regex_delim; /* move to type MAP */
};
static int parse_fields __P((char *, int *, int, int));
static char *regex_map_rewrite __P((MAP *, const char*, size_t, char **));
static int
parse_fields(s, ibuf, blen, nr_substrings)
char *s;
int *ibuf; /* array */
int blen; /* number of elements in ibuf */
int nr_substrings; /* number of substrings in the pattern */
{
register char *cp;
int i = 0;
bool lastone = false;
blen--; /* for terminating END_OF_FIELDS */
cp = s;
do
{
for (;; cp++)
{
if (*cp == ',')
{
*cp = '\0';
break;
}
if (*cp == '\0')
{
lastone = true;
break;
}
}
if (i < blen)
{
int val = atoi(s);
if (val < 0 || val >= nr_substrings)
{
syserr("field (%d) out of range, only %d substrings in pattern",
val, nr_substrings);
return -1;
}
ibuf[i++] = val;
}
else
{
syserr("too many fields, %d max", blen);
return -1;
}
s = ++cp;
} while (!lastone);
ibuf[i] = END_OF_FIELDS;
return i;
}
bool
regex_map_init(map, ap)
MAP *map;
char *ap;
{
int regerr;
struct regex_map *map_p;
register char *p;
char *sub_param = NULL;
int pflags;
static char defdstr[] = { (char) DEFAULT_DELIM, '\0' };
if (tTd(38, 2))
sm_dprintf("regex_map_init: mapname '%s', args '%s'\n",
map->map_mname, ap);
pflags = REG_ICASE | REG_EXTENDED | REG_NOSUB;
p = ap;
map_p = (struct regex_map *) xnalloc(sizeof(*map_p));
map_p->regex_pattern_buf = (regex_t *)xnalloc(sizeof(regex_t));
for (;;)
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '-')
break;
switch (*++p)
{
case 'n': /* not */
map->map_mflags |= MF_REGEX_NOT;
break;
case 'f': /* case sensitive */
map->map_mflags |= MF_NOFOLDCASE;
pflags &= ~REG_ICASE;
break;
case 'b': /* basic regular expressions */
pflags &= ~REG_EXTENDED;
break;
case 's': /* substring match () syntax */
sub_param = ++p;
pflags &= ~REG_NOSUB;
break;
case 'd': /* delimiter */
map_p->regex_delim = ++p;
break;
case 'a': /* map append */
map->map_app = ++p;
break;
case 'm': /* matchonly */
map->map_mflags |= MF_MATCHONLY;
break;
case 'q':
map->map_mflags |= MF_KEEPQUOTES;
break;
case 'S':
map->map_spacesub = *++p;
break;
case 'D':
map->map_mflags |= MF_DEFER;
break;
}
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
}
if (tTd(38, 3))
sm_dprintf("regex_map_init: compile '%s' 0x%x\n", p, pflags);
if ((regerr = regcomp(map_p->regex_pattern_buf, p, pflags)) != 0)
{
/* Errorhandling */
char errbuf[ERRBUF_SIZE];
(void) regerror(regerr, map_p->regex_pattern_buf,
errbuf, sizeof(errbuf));
syserr("pattern-compile-error: %s", errbuf);
sm_free(map_p->regex_pattern_buf); /* XXX */
sm_free(map_p); /* XXX */
return false;
}
if (map->map_app != NULL)
map->map_app = newstr(map->map_app);
if (map_p->regex_delim != NULL)
map_p->regex_delim = newstr(map_p->regex_delim);
else
map_p->regex_delim = defdstr;
if (!bitset(REG_NOSUB, pflags))
{
/* substring matching */
int substrings;
int *fields = (int *) xalloc(sizeof(int) * (MAX_MATCH + 1));
substrings = map_p->regex_pattern_buf->re_nsub + 1;
if (tTd(38, 3))
sm_dprintf("regex_map_init: nr of substrings %d\n",
substrings);
if (substrings >= MAX_MATCH)
{
syserr("too many substrings, %d max", MAX_MATCH);
sm_free(map_p->regex_pattern_buf); /* XXX */
sm_free(map_p); /* XXX */
return false;
}
if (sub_param != NULL && sub_param[0] != '\0')
{
/* optional parameter -sfields */
if (parse_fields(sub_param, fields,
MAX_MATCH + 1, substrings) == -1)
return false;
}
else
{
int i;
/* set default fields */
for (i = 0; i < substrings; i++)
fields[i] = i;
fields[i] = END_OF_FIELDS;
}
map_p->regex_subfields = fields;
if (tTd(38, 3))
{
int *ip;
sm_dprintf("regex_map_init: subfields");
for (ip = fields; *ip != END_OF_FIELDS; ip++)
sm_dprintf(" %d", *ip);
sm_dprintf("\n");
}
}
map->map_db1 = (ARBPTR_T) map_p; /* dirty hack */
return true;
}
static char *
regex_map_rewrite(map, s, slen, av)
MAP *map;
const char *s;
size_t slen;
char **av;
{
if (bitset(MF_MATCHONLY, map->map_mflags))
return map_rewrite(map, av[0], strlen(av[0]), NULL);
else
return map_rewrite(map, s, slen, av);
}
char *
regex_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
int reg_res;
struct regex_map *map_p;
regmatch_t pmatch[MAX_MATCH];
if (tTd(38, 20))
{
char **cpp;
sm_dprintf("regex_map_lookup: key '%s'\n", name);
for (cpp = av; cpp != NULL && *cpp != NULL; cpp++)
sm_dprintf("regex_map_lookup: arg '%s'\n", *cpp);
}
map_p = (struct regex_map *)(map->map_db1);
reg_res = regexec(map_p->regex_pattern_buf,
name, MAX_MATCH, pmatch, 0);
if (bitset(MF_REGEX_NOT, map->map_mflags))
{
/* option -n */
if (reg_res == REG_NOMATCH)
return regex_map_rewrite(map, "", (size_t) 0, av);
else
return NULL;
}
if (reg_res == REG_NOMATCH)
return NULL;
if (map_p->regex_subfields != NULL)
{
/* option -s */
static char retbuf[MAXNAME];
int fields[MAX_MATCH + 1];
bool first = true;
int anglecnt = 0, cmntcnt = 0, spacecnt = 0;
bool quotemode = false, bslashmode = false;
register char *dp, *sp;
char *endp, *ldp;
int *ip;
dp = retbuf;
ldp = retbuf + sizeof(retbuf) - 1;
if (av[1] != NULL)
{
if (parse_fields(av[1], fields, MAX_MATCH + 1,
(int) map_p->regex_pattern_buf->re_nsub + 1) == -1)
{
*statp = EX_CONFIG;
return NULL;
}
ip = fields;
}
else
ip = map_p->regex_subfields;
for ( ; *ip != END_OF_FIELDS; ip++)
{
if (!first)
{
for (sp = map_p->regex_delim; *sp; sp++)
{
if (dp < ldp)
*dp++ = *sp;
}
}
else
first = false;
if (*ip >= MAX_MATCH ||
pmatch[*ip].rm_so < 0 || pmatch[*ip].rm_eo < 0)
continue;
sp = name + pmatch[*ip].rm_so;
endp = name + pmatch[*ip].rm_eo;
for (; endp > sp; sp++)
{
if (dp < ldp)
{
if (bslashmode)
{
*dp++ = *sp;
bslashmode = false;
}
else if (quotemode && *sp != '"' &&
*sp != '\\')
{
*dp++ = *sp;
}
else switch (*dp++ = *sp)
{
case '\\':
bslashmode = true;
break;
case '(':
cmntcnt++;
break;
case ')':
cmntcnt--;
break;
case '<':
anglecnt++;
break;
case '>':
anglecnt--;
break;
case ' ':
spacecnt++;
break;
case '"':
quotemode = !quotemode;
break;
}
}
}
}
if (anglecnt != 0 || cmntcnt != 0 || quotemode ||
bslashmode || spacecnt != 0)
{
sm_syslog(LOG_WARNING, NOQID,
"Warning: regex may cause prescan() failure map=%s lookup=%s",
map->map_mname, name);
return NULL;
}
*dp = '\0';
return regex_map_rewrite(map, retbuf, strlen(retbuf), av);
}
return regex_map_rewrite(map, "", (size_t)0, av);
}
#endif /* MAP_REGEX */
/*
** NSD modules
*/
#if MAP_NSD
# include <ndbm.h>
# define _DATUM_DEFINED
# include <ns_api.h>
typedef struct ns_map_list
{
ns_map_t *map; /* XXX ns_ ? */
char *mapname;
struct ns_map_list *next;
} ns_map_list_t;
static ns_map_t *
ns_map_t_find(mapname)
char *mapname;
{
static ns_map_list_t *ns_maps = NULL;
ns_map_list_t *ns_map;
/* walk the list of maps looking for the correctly named map */
for (ns_map = ns_maps; ns_map != NULL; ns_map = ns_map->next)
{
if (strcmp(ns_map->mapname, mapname) == 0)
break;
}
/* if we are looking at a NULL ns_map_list_t, then create a new one */
if (ns_map == NULL)
{
ns_map = (ns_map_list_t *) xalloc(sizeof(*ns_map));
ns_map->mapname = newstr(mapname);
ns_map->map = (ns_map_t *) xalloc(sizeof(*ns_map->map));
memset(ns_map->map, '\0', sizeof(*ns_map->map));
ns_map->next = ns_maps;
ns_maps = ns_map;
}
return ns_map->map;
}
char *
nsd_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
int buflen, r;
char *p;
ns_map_t *ns_map;
char keybuf[MAXNAME + 1];
char buf[MAXLINE];
if (tTd(38, 20))
sm_dprintf("nsd_map_lookup(%s, %s)\n", map->map_mname, name);
buflen = strlen(name);
if (buflen > sizeof(keybuf) - 1)
buflen = sizeof(keybuf) - 1; /* XXX simply cut off? */
memmove(keybuf, name, buflen);
keybuf[buflen] = '\0';
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
makelower(keybuf);
ns_map = ns_map_t_find(map->map_file);
if (ns_map == NULL)
{
if (tTd(38, 20))
sm_dprintf("nsd_map_t_find failed\n");
*statp = EX_UNAVAILABLE;
return NULL;
}
r = ns_lookup(ns_map, NULL, map->map_file, keybuf, NULL,
buf, sizeof(buf));
if (r == NS_UNAVAIL || r == NS_TRYAGAIN)
{
*statp = EX_TEMPFAIL;
return NULL;
}
if (r == NS_BADREQ
# ifdef NS_NOPERM
|| r == NS_NOPERM
-# endif /* NS_NOPERM */
+# endif
)
{
*statp = EX_CONFIG;
return NULL;
}
if (r != NS_SUCCESS)
{
*statp = EX_NOTFOUND;
return NULL;
}
*statp = EX_OK;
/* Null out trailing \n */
if ((p = strchr(buf, '\n')) != NULL)
*p = '\0';
return map_rewrite(map, buf, strlen(buf), av);
}
#endif /* MAP_NSD */
char *
arith_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
long r;
long v[2];
bool res = false;
bool boolres;
static char result[16];
char **cpp;
if (tTd(38, 2))
{
sm_dprintf("arith_map_lookup: key '%s'\n", name);
for (cpp = av; cpp != NULL && *cpp != NULL; cpp++)
sm_dprintf("arith_map_lookup: arg '%s'\n", *cpp);
}
r = 0;
boolres = false;
cpp = av;
*statp = EX_OK;
/*
** read arguments for arith map
** - no check is made whether they are really numbers
** - just ignores args after the second
*/
for (++cpp; cpp != NULL && *cpp != NULL && r < 2; cpp++)
v[r++] = strtol(*cpp, NULL, 0);
/* operator and (at least) two operands given? */
if (name != NULL && r == 2)
{
switch (*name)
{
case '|':
r = v[0] | v[1];
break;
case '&':
r = v[0] & v[1];
break;
case '%':
if (v[1] == 0)
return NULL;
r = v[0] % v[1];
break;
case '+':
r = v[0] + v[1];
break;
case '-':
r = v[0] - v[1];
break;
case '*':
r = v[0] * v[1];
break;
case '/':
if (v[1] == 0)
return NULL;
r = v[0] / v[1];
break;
case 'l':
res = v[0] < v[1];
boolres = true;
break;
case '=':
res = v[0] == v[1];
boolres = true;
break;
case 'r':
r = v[1] - v[0] + 1;
if (r <= 0)
return NULL;
r = get_random() % r + v[0];
break;
default:
/* XXX */
*statp = EX_CONFIG;
if (LogLevel > 10)
sm_syslog(LOG_WARNING, NOQID,
"arith_map: unknown operator %c",
(isascii(*name) && isprint(*name)) ?
*name : '?');
return NULL;
}
if (boolres)
(void) sm_snprintf(result, sizeof(result),
res ? "TRUE" : "FALSE");
else
(void) sm_snprintf(result, sizeof(result), "%ld", r);
return result;
}
*statp = EX_CONFIG;
return NULL;
}
char *
arpa_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
int r;
char *rval;
char result[128]; /* IPv6: 64 + 10 + 1 would be enough */
if (tTd(38, 2))
sm_dprintf("arpa_map_lookup: key '%s'\n", name);
*statp = EX_DATAERR;
r = 1;
memset(result, '\0', sizeof(result));
rval = NULL;
# if NETINET6
if (sm_strncasecmp(name, "IPv6:", 5) == 0)
{
struct in6_addr in6_addr;
r = anynet_pton(AF_INET6, name, &in6_addr);
if (r == 1)
{
static char hex_digits[] =
{ '0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'a', 'b', 'c', 'd', 'e', 'f' };
unsigned char *src;
char *dst;
int i;
src = (unsigned char *) &in6_addr;
dst = result;
for (i = 15; i >= 0; i--) {
*dst++ = hex_digits[src[i] & 0x0f];
*dst++ = '.';
*dst++ = hex_digits[(src[i] >> 4) & 0x0f];
if (i > 0)
*dst++ = '.';
}
*statp = EX_OK;
}
}
else
# endif /* NETINET6 */
# if NETINET
{
struct in_addr in_addr;
r = inet_pton(AF_INET, name, &in_addr);
if (r == 1)
{
unsigned char *src;
src = (unsigned char *) &in_addr;
(void) snprintf(result, sizeof(result),
"%u.%u.%u.%u",
src[3], src[2], src[1], src[0]);
*statp = EX_OK;
}
}
# endif /* NETINET */
if (r < 0)
*statp = EX_UNAVAILABLE;
if (tTd(38, 2))
sm_dprintf("arpa_map_lookup: r=%d, result='%s'\n", r, result);
if (*statp == EX_OK)
{
if (bitset(MF_MATCHONLY, map->map_mflags))
rval = map_rewrite(map, name, strlen(name), NULL);
else
rval = map_rewrite(map, result, strlen(result), av);
}
return rval;
}
+#if _FFR_SETDEBUG_MAP
+char *
+setdebug_map_lookup(map, name, av, statp)
+ MAP *map;
+ char *name;
+ char **av;
+ int *statp;
+{
+
+ if (tTd(38, 2))
+ {
+ char **cpp;
+
+ sm_dprintf("setdebug_map_lookup: key '%s'\n", name);
+ for (cpp = av; cpp != NULL && *cpp != NULL; cpp++)
+ sm_dprintf("setdebug_map_lookup: arg '%s'\n", *cpp);
+ }
+ *statp = EX_OK;
+ tTflag(name);
+ return NULL;
+}
+#endif
+
+#if _FFR_SETOPT_MAP
+char *
+setopt_map_lookup(map, name, av, statp)
+ MAP *map;
+ char *name;
+ char **av;
+ int *statp;
+{
+# if !_FFR_SETANYOPT
+ int val;
+# endif
+ char **cpp;
+
+ if (tTd(38, 2))
+ {
+ sm_dprintf("setopt_map_lookup: key '%s'\n", name);
+ for (cpp = av; cpp != NULL && *cpp != NULL; cpp++)
+ sm_dprintf("setopt_map_lookup: arg '%s'\n", *cpp);
+ }
+# if _FFR_SETANYOPT
+ /*
+ ** API screwed up...
+ ** first arg is the "short" name and second is the entire string...
+ */
+
+ sm_dprintf("setoption: name=%s\n", name);
+ setoption(' ', name, true, false, CurEnv);
+ *statp = EX_OK;
+ return NULL;
+# else /* _FFR_SETANYOPT */
+ *statp = EX_CONFIG;
+
+ cpp = av;
+ if (cpp == NULL || ++cpp == NULL || *cpp == NULL)
+ return NULL;
+ *statp = EX_OK;
+ errno = 0;
+ val = strtol(*cpp, NULL, 0);
+ /* check for valid number? */
+
+ /* use a table? */
+ if (sm_strcasecmp(name, "LogLevel") == 0)
+ {
+ LogLevel = val;
+ sm_dprintf("LogLevel=%d\n", val);
+ return NULL;
+ }
+# endif /* _FFR_SETANYOPT */
+ *statp = EX_CONFIG;
+ return NULL;
+}
+#endif
+
+
#if SOCKETMAP
# if NETINET || NETINET6
# include <arpa/inet.h>
-# endif /* NETINET || NETINET6 */
+# endif
# define socket_map_next map_stack[0]
/*
** SOCKET_MAP_OPEN -- open socket table
*/
bool
socket_map_open(map, mode)
MAP *map;
int mode;
{
STAB *s;
int sock = 0;
int tmo;
SOCKADDR_LEN_T addrlen = 0;
int addrno = 0;
int save_errno;
char *p;
char *colon;
char *at;
struct hostent *hp = NULL;
SOCKADDR addr;
if (tTd(38, 2))
sm_dprintf("socket_map_open(%s, %s, %d)\n",
map->map_mname, map->map_file, mode);
mode &= O_ACCMODE;
/* sendmail doesn't have the ability to write to SOCKET (yet) */
if (mode != O_RDONLY)
{
/* issue a pseudo-error message */
errno = SM_EMAPCANTWRITE;
return false;
}
if (*map->map_file == '\0')
{
syserr("socket map \"%s\": empty or missing socket information",
map->map_mname);
return false;
}
s = socket_map_findconn(map->map_file);
if (s->s_socketmap != NULL)
{
/* Copy open connection */
map->map_db1 = s->s_socketmap->map_db1;
/* Add this map as head of linked list */
map->socket_map_next = s->s_socketmap;
s->s_socketmap = map;
if (tTd(38, 2))
sm_dprintf("using cached connection\n");
return true;
}
if (tTd(38, 2))
sm_dprintf("opening new connection\n");
/* following code is ripped from milter.c */
/* XXX It should be put in a library... */
/* protocol:filename or protocol:port@host */
memset(&addr, '\0', sizeof(addr));
p = map->map_file;
colon = strchr(p, ':');
if (colon != NULL)
{
*colon = '\0';
if (*p == '\0')
{
# if NETUNIX
/* default to AF_UNIX */
addr.sa.sa_family = AF_UNIX;
# else /* NETUNIX */
# if NETINET
/* default to AF_INET */
addr.sa.sa_family = AF_INET;
# else /* NETINET */
# if NETINET6
/* default to AF_INET6 */
addr.sa.sa_family = AF_INET6;
# else /* NETINET6 */
/* no protocols available */
syserr("socket map \"%s\": no valid socket protocols available",
map->map_mname);
return false;
# endif /* NETINET6 */
# endif /* NETINET */
# endif /* NETUNIX */
}
# if NETUNIX
else if (sm_strcasecmp(p, "unix") == 0 ||
sm_strcasecmp(p, "local") == 0)
addr.sa.sa_family = AF_UNIX;
# endif /* NETUNIX */
# if NETINET
else if (sm_strcasecmp(p, "inet") == 0)
addr.sa.sa_family = AF_INET;
# endif /* NETINET */
# if NETINET6
else if (sm_strcasecmp(p, "inet6") == 0)
addr.sa.sa_family = AF_INET6;
# endif /* NETINET6 */
else
{
# ifdef EPROTONOSUPPORT
errno = EPROTONOSUPPORT;
-# else /* EPROTONOSUPPORT */
+# else
errno = EINVAL;
# endif /* EPROTONOSUPPORT */
syserr("socket map \"%s\": unknown socket type %s",
map->map_mname, p);
return false;
}
*colon++ = ':';
}
else
{
colon = p;
#if NETUNIX
/* default to AF_UNIX */
addr.sa.sa_family = AF_UNIX;
#else /* NETUNIX */
# if NETINET
/* default to AF_INET */
addr.sa.sa_family = AF_INET;
# else /* NETINET */
# if NETINET6
/* default to AF_INET6 */
addr.sa.sa_family = AF_INET6;
# else /* NETINET6 */
syserr("socket map \"%s\": unknown socket type %s",
map->map_mname, p);
return false;
# endif /* NETINET6 */
# endif /* NETINET */
#endif /* NETUNIX */
}
# if NETUNIX
if (addr.sa.sa_family == AF_UNIX)
{
long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_EXECOK;
at = colon;
if (strlen(colon) >= sizeof(addr.sunix.sun_path))
{
syserr("socket map \"%s\": local socket name %s too long",
map->map_mname, colon);
return false;
}
errno = safefile(colon, RunAsUid, RunAsGid, RunAsUserName, sff,
S_IRUSR|S_IWUSR, NULL);
if (errno != 0)
{
/* if not safe, don't create */
syserr("socket map \"%s\": local socket name %s unsafe",
map->map_mname, colon);
return false;
}
(void) sm_strlcpy(addr.sunix.sun_path, colon,
sizeof(addr.sunix.sun_path));
addrlen = sizeof(struct sockaddr_un);
}
else
# endif /* NETUNIX */
# if NETINET || NETINET6
if (false
# if NETINET
|| addr.sa.sa_family == AF_INET
-# endif /* NETINET */
+# endif
# if NETINET6
|| addr.sa.sa_family == AF_INET6
-# endif /* NETINET6 */
+# endif
)
{
unsigned short port;
/* Parse port@host */
at = strchr(colon, '@');
if (at == NULL)
{
syserr("socket map \"%s\": bad address %s (expected port@host)",
map->map_mname, colon);
return false;
}
*at = '\0';
if (isascii(*colon) && isdigit(*colon))
port = htons((unsigned short) atoi(colon));
else
{
# ifdef NO_GETSERVBYNAME
syserr("socket map \"%s\": invalid port number %s",
map->map_mname, colon);
return false;
# else /* NO_GETSERVBYNAME */
register struct servent *sp;
sp = getservbyname(colon, "tcp");
if (sp == NULL)
{
syserr("socket map \"%s\": unknown port name %s",
map->map_mname, colon);
return false;
}
port = sp->s_port;
# endif /* NO_GETSERVBYNAME */
}
*at++ = '@';
if (*at == '[')
{
char *end;
end = strchr(at, ']');
if (end != NULL)
{
bool found = false;
# if NETINET
unsigned long hid = INADDR_NONE;
-# endif /* NETINET */
+# endif
# if NETINET6
struct sockaddr_in6 hid6;
-# endif /* NETINET6 */
+# endif
*end = '\0';
# if NETINET
if (addr.sa.sa_family == AF_INET &&
(hid = inet_addr(&at[1])) != INADDR_NONE)
{
addr.sin.sin_addr.s_addr = hid;
addr.sin.sin_port = port;
found = true;
}
# endif /* NETINET */
# if NETINET6
(void) memset(&hid6, '\0', sizeof(hid6));
if (addr.sa.sa_family == AF_INET6 &&
anynet_pton(AF_INET6, &at[1],
&hid6.sin6_addr) == 1)
{
addr.sin6.sin6_addr = hid6.sin6_addr;
addr.sin6.sin6_port = port;
found = true;
}
# endif /* NETINET6 */
*end = ']';
if (!found)
{
syserr("socket map \"%s\": Invalid numeric domain spec \"%s\"",
map->map_mname, at);
return false;
}
}
else
{
syserr("socket map \"%s\": Invalid numeric domain spec \"%s\"",
map->map_mname, at);
return false;
}
}
else
{
hp = sm_gethostbyname(at, addr.sa.sa_family);
if (hp == NULL)
{
syserr("socket map \"%s\": Unknown host name %s",
map->map_mname, at);
return false;
}
addr.sa.sa_family = hp->h_addrtype;
switch (hp->h_addrtype)
{
# if NETINET
case AF_INET:
memmove(&addr.sin.sin_addr,
hp->h_addr, INADDRSZ);
addr.sin.sin_port = port;
addrlen = sizeof(struct sockaddr_in);
addrno = 1;
break;
# endif /* NETINET */
# if NETINET6
case AF_INET6:
memmove(&addr.sin6.sin6_addr,
hp->h_addr, IN6ADDRSZ);
addr.sin6.sin6_port = port;
addrlen = sizeof(struct sockaddr_in6);
addrno = 1;
break;
# endif /* NETINET6 */
default:
syserr("socket map \"%s\": Unknown protocol for %s (%d)",
map->map_mname, at, hp->h_addrtype);
# if NETINET6
freehostent(hp);
-# endif /* NETINET6 */
+# endif
return false;
}
}
}
else
# endif /* NETINET || NETINET6 */
{
syserr("socket map \"%s\": unknown socket protocol",
map->map_mname);
return false;
}
/* nope, actually connecting */
for (;;)
{
sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
if (sock < 0)
{
save_errno = errno;
if (tTd(38, 5))
sm_dprintf("socket map \"%s\": error creating socket: %s\n",
map->map_mname,
sm_errstring(save_errno));
# if NETINET6
if (hp != NULL)
freehostent(hp);
# endif /* NETINET6 */
return false;
}
if (connect(sock, (struct sockaddr *) &addr, addrlen) >= 0)
break;
/* couldn't connect.... try next address */
save_errno = errno;
p = CurHostName;
CurHostName = at;
if (tTd(38, 5))
sm_dprintf("socket_open (%s): open %s failed: %s\n",
map->map_mname, at, sm_errstring(save_errno));
CurHostName = p;
(void) close(sock);
/* try next address */
if (hp != NULL && hp->h_addr_list[addrno] != NULL)
{
switch (addr.sa.sa_family)
{
# if NETINET
case AF_INET:
memmove(&addr.sin.sin_addr,
hp->h_addr_list[addrno++],
INADDRSZ);
break;
# endif /* NETINET */
# if NETINET6
case AF_INET6:
memmove(&addr.sin6.sin6_addr,
hp->h_addr_list[addrno++],
IN6ADDRSZ);
break;
# endif /* NETINET6 */
default:
if (tTd(38, 5))
sm_dprintf("socket map \"%s\": Unknown protocol for %s (%d)\n",
map->map_mname, at,
hp->h_addrtype);
# if NETINET6
freehostent(hp);
-# endif /* NETINET6 */
+# endif
return false;
}
continue;
}
p = CurHostName;
CurHostName = at;
if (tTd(38, 5))
sm_dprintf("socket map \"%s\": error connecting to socket map: %s\n",
map->map_mname, sm_errstring(save_errno));
CurHostName = p;
# if NETINET6
if (hp != NULL)
freehostent(hp);
-# endif /* NETINET6 */
+# endif
return false;
}
# if NETINET6
if (hp != NULL)
{
freehostent(hp);
hp = NULL;
}
# endif /* NETINET6 */
if ((map->map_db1 = (ARBPTR_T) sm_io_open(SmFtStdiofd,
SM_TIME_DEFAULT,
(void *) &sock,
SM_IO_RDWR,
NULL)) == NULL)
{
close(sock);
if (tTd(38, 2))
sm_dprintf("socket_open (%s): failed to create stream: %s\n",
map->map_mname, sm_errstring(errno));
return false;
}
tmo = map->map_timeout;
if (tmo == 0)
tmo = 30000; /* default: 30s */
else
tmo *= 1000; /* s -> ms */
sm_io_setinfo(map->map_db1, SM_IO_WHAT_TIMEOUT, &tmo);
/* Save connection for reuse */
s->s_socketmap = map;
return true;
}
/*
** SOCKET_MAP_FINDCONN -- find a SOCKET connection to the server
**
** Cache SOCKET connections based on the connection specifier
** and PID so we don't have multiple connections open to
** the same server for different maps. Need a separate connection
** per PID since a parent process may close the map before the
** child is done with it.
**
** Parameters:
** conn -- SOCKET map connection specifier
**
** Returns:
** Symbol table entry for the SOCKET connection.
*/
static STAB *
socket_map_findconn(conn)
const char *conn;
{
char *nbuf;
STAB *SM_NONVOLATILE s = NULL;
nbuf = sm_stringf_x("%s%c%d", conn, CONDELSE, (int) CurrentPid);
SM_TRY
s = stab(nbuf, ST_SOCKETMAP, ST_ENTER);
SM_FINALLY
sm_free(nbuf);
SM_END_TRY
return s;
}
/*
** SOCKET_MAP_CLOSE -- close the socket
*/
void
socket_map_close(map)
MAP *map;
{
STAB *s;
MAP *smap;
if (tTd(38, 20))
sm_dprintf("socket_map_close(%s), pid=%ld\n", map->map_file,
(long) CurrentPid);
/* Check if already closed */
if (map->map_db1 == NULL)
{
if (tTd(38, 20))
sm_dprintf("socket_map_close(%s) already closed\n",
map->map_file);
return;
}
sm_io_close((SM_FILE_T *)map->map_db1, SM_TIME_DEFAULT);
/* Mark all the maps that share the connection as closed */
s = socket_map_findconn(map->map_file);
smap = s->s_socketmap;
while (smap != NULL)
{
MAP *next;
if (tTd(38, 2) && smap != map)
sm_dprintf("socket_map_close(%s): closed %s (shared SOCKET connection)\n",
map->map_mname, smap->map_mname);
smap->map_mflags &= ~(MF_OPEN|MF_WRITABLE);
smap->map_db1 = NULL;
next = smap->socket_map_next;
smap->socket_map_next = NULL;
smap = next;
}
s->s_socketmap = NULL;
}
/*
** SOCKET_MAP_LOOKUP -- look up a datum in a SOCKET table
*/
char *
socket_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
unsigned int nettolen, replylen, recvlen;
+ int ret;
char *replybuf, *rval, *value, *status, *key;
SM_FILE_T *f;
char keybuf[MAXNAME + 1];
replybuf = NULL;
rval = NULL;
f = (SM_FILE_T *)map->map_db1;
if (tTd(38, 20))
sm_dprintf("socket_map_lookup(%s, %s) %s\n",
map->map_mname, name, map->map_file);
if (!bitset(MF_NOFOLDCASE, map->map_mflags))
{
nettolen = strlen(name);
if (nettolen > sizeof(keybuf) - 1)
nettolen = sizeof(keybuf) - 1;
memmove(keybuf, name, nettolen);
keybuf[nettolen] = '\0';
makelower(keybuf);
key = keybuf;
}
else
key = name;
nettolen = strlen(map->map_mname) + 1 + strlen(key);
SM_ASSERT(nettolen > strlen(map->map_mname));
SM_ASSERT(nettolen > strlen(key));
if ((sm_io_fprintf(f, SM_TIME_DEFAULT, "%u:%s %s,",
nettolen, map->map_mname, key) == SM_IO_EOF) ||
(sm_io_flush(f, SM_TIME_DEFAULT) != 0) ||
(sm_io_error(f)))
{
syserr("451 4.3.0 socket_map_lookup(%s): failed to send lookup request",
map->map_mname);
*statp = EX_TEMPFAIL;
goto errcl;
}
- if (sm_io_fscanf(f, SM_TIME_DEFAULT, "%9u", &replylen) != 1)
+ if ((ret = sm_io_fscanf(f, SM_TIME_DEFAULT, "%9u", &replylen)) != 1)
{
if (errno == EAGAIN)
{
syserr("451 4.3.0 socket_map_lookup(%s): read timeout",
map->map_mname);
}
+ else if (SM_IO_EOF == ret)
+ {
+ if (LogLevel > 9)
+ sm_syslog(LOG_INFO, CurEnv->e_id,
+ "socket_map_lookup(%s): EOF",
+ map->map_mname);
+ }
else
{
syserr("451 4.3.0 socket_map_lookup(%s): failed to read length parameter of reply %d",
map->map_mname, errno);
}
*statp = EX_TEMPFAIL;
goto errcl;
}
if (replylen > SOCKETMAP_MAXL)
{
syserr("451 4.3.0 socket_map_lookup(%s): reply too long: %u",
map->map_mname, replylen);
*statp = EX_TEMPFAIL;
goto errcl;
}
if (sm_io_getc(f, SM_TIME_DEFAULT) != ':')
{
syserr("451 4.3.0 socket_map_lookup(%s): missing ':' in reply",
map->map_mname);
*statp = EX_TEMPFAIL;
goto error;
}
replybuf = (char *) sm_malloc(replylen + 1);
if (replybuf == NULL)
{
syserr("451 4.3.0 socket_map_lookup(%s): can't allocate %u bytes",
map->map_mname, replylen + 1);
*statp = EX_OSERR;
goto error;
}
recvlen = sm_io_read(f, SM_TIME_DEFAULT, replybuf, replylen);
if (recvlen < replylen)
{
syserr("451 4.3.0 socket_map_lookup(%s): received only %u of %u reply characters",
map->map_mname, recvlen, replylen);
*statp = EX_TEMPFAIL;
goto errcl;
}
if (sm_io_getc(f, SM_TIME_DEFAULT) != ',')
{
syserr("451 4.3.0 socket_map_lookup(%s): missing ',' in reply",
map->map_mname);
*statp = EX_TEMPFAIL;
goto errcl;
}
status = replybuf;
replybuf[recvlen] = '\0';
value = strchr(replybuf, ' ');
if (value != NULL)
{
*value = '\0';
value++;
}
if (strcmp(status, "OK") == 0)
{
*statp = EX_OK;
/* collect the return value */
if (bitset(MF_MATCHONLY, map->map_mflags))
rval = map_rewrite(map, key, strlen(key), NULL);
else
rval = map_rewrite(map, value, strlen(value), av);
}
else if (strcmp(status, "NOTFOUND") == 0)
{
*statp = EX_NOTFOUND;
if (tTd(38, 20))
sm_dprintf("socket_map_lookup(%s): %s not found\n",
map->map_mname, key);
}
else
{
if (tTd(38, 5))
sm_dprintf("socket_map_lookup(%s, %s): server returned error: type=%s, reason=%s\n",
map->map_mname, key, status,
value ? value : "");
if ((strcmp(status, "TEMP") == 0) ||
(strcmp(status, "TIMEOUT") == 0))
*statp = EX_TEMPFAIL;
else if(strcmp(status, "PERM") == 0)
*statp = EX_UNAVAILABLE;
else
*statp = EX_PROTOCOL;
}
if (replybuf != NULL)
sm_free(replybuf);
return rval;
errcl:
socket_map_close(map);
error:
if (replybuf != NULL)
sm_free(replybuf);
return rval;
}
#endif /* SOCKETMAP */
diff --git a/src/map.h b/src/map.h
index f20cf647706c..d93c971a7c03 100644
--- a/src/map.h
+++ b/src/map.h
@@ -1,86 +1,117 @@
/*
* Copyright (c) 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: map.h,v 8.4 2013-11-22 20:51:56 ca Exp $
*/
#ifndef _MAP_H
# define _MAP_H 1
extern char *arith_map_lookup __P((MAP *, char *, char **, int *));
+extern char *arpa_map_lookup __P((MAP *, char *, char **, int *));
+
extern char *bestmx_map_lookup __P((MAP *, char *, char **, int *));
extern char *bogus_map_lookup __P((MAP *, char *, char **, int *));
+#if NEWDB
extern bool bt_map_open __P((MAP *, int));
extern char *db_map_lookup __P((MAP *, char *, char **, int *));
-
extern void db_map_store __P((MAP *, char *, char *));
extern void db_map_close __P((MAP *));
+#endif /* NEWDB */
extern bool dequote_init __P((MAP *, char *));
extern char *dequote_map __P((MAP *, char *, char **, int *));
extern bool dns_map_open __P((MAP *, int));
extern bool dns_map_parseargs __P((MAP *, char *));
extern char *dns_map_lookup __P((MAP *, char *, char **, int *));
extern bool dprintf_map_parseargs __P((MAP *, char *));
extern char *dprintf_map_lookup __P((MAP *, char *, char **, int *));
+#if NEWDB
extern bool hash_map_open __P((MAP *, int));
+#endif
extern bool host_map_init __P((MAP *, char *));
extern char *host_map_lookup __P((MAP *, char *, char **, int *));
extern char *impl_map_lookup __P((MAP *, char *, char **, int *));
extern void impl_map_store __P((MAP *, char *, char *));
extern bool impl_map_open __P((MAP *, int));
extern void impl_map_close __P((MAP *));
extern char *macro_map_lookup __P((MAP *, char *, char **, int *));
extern bool map_parseargs __P((MAP *, char *));
+#if NDBM
+extern char *ndbm_map_lookup __P((MAP *, char *, char **, int *));
+extern void ndbm_map_store __P((MAP *, char *, char *));
+extern void ndbm_map_close __P((MAP *));
+#endif /* NDBM */
+
extern bool nis_map_open __P((MAP *, int));
extern char *nis_map_lookup __P((MAP *, char *, char **, int *));
extern bool null_map_open __P((MAP *, int));
extern void null_map_close __P((MAP *));
extern char *null_map_lookup __P((MAP *, char *, char **, int *));
extern void null_map_store __P((MAP *, char *, char *));
extern char *prog_map_lookup __P((MAP *, char *, char **, int *));
extern bool regex_map_init __P((MAP *, char *));
extern char *regex_map_lookup __P((MAP *, char *, char **, int *));
extern char *seq_map_lookup __P((MAP *, char *, char **, int *));
extern void seq_map_store __P((MAP *, char *, char *));
extern bool seq_map_parse __P((MAP *, char *));
+#if _FFR_SETDEBUG_MAP
+extern char *setdebug_map_lookup __P((MAP *, char *, char **, int *));
+#endif
+#if _FFR_SETOPT_MAP
+extern char *setopt_map_lookup __P((MAP *, char *, char **, int *));
+#endif
+
+#if SOCKETMAP
+extern bool socket_map_open __P((MAP *, int));
+extern void socket_map_close __P((MAP *));
+extern char *socket_map_lookup __P((MAP *, char *, char **, int *));
+#endif
+
extern char *stab_map_lookup __P((MAP *, char *, char **, int *));
extern void stab_map_store __P((MAP *, char *, char *));
extern bool stab_map_open __P((MAP *, int));
extern bool switch_map_open __P((MAP *, int));
extern bool syslog_map_parseargs __P((MAP *, char *));
extern char *syslog_map_lookup __P((MAP *, char *, char **, int *));
extern bool text_map_open __P((MAP *, int));
extern char *text_map_lookup __P((MAP *, char *, char **, int *));
extern char *udb_map_lookup __P((MAP *, char *, char **, int *));
extern bool user_map_open __P((MAP *, int));
extern char *user_map_lookup __P((MAP *, char *, char **, int *));
+#if CDB
+extern bool cdb_map_open __P((MAP *, int));
+extern char *cdb_map_lookup __P((MAP *, char *, char **, int *));
+extern void cdb_map_store __P((MAP *, char *, char *));
+extern void cdb_map_close __P((MAP *));
+#endif /* CDB */
+
#endif /* ! _MAP_H */
diff --git a/src/mci.c b/src/mci.c
index c3f925f3cb25..a50fd8ed0fe2 100644
--- a/src/mci.c
+++ b/src/mci.c
@@ -1,1608 +1,1651 @@
/*
* Copyright (c) 1998-2005, 2010 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: mci.c,v 8.225 2013-11-22 20:51:56 ca Exp $")
#if NETINET || NETINET6
# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
+#endif
#include <dirent.h>
+#if STARTTLS
+# include <tls.h>
+#endif
static int mci_generate_persistent_path __P((const char *, char *,
int, bool));
static bool mci_load_persistent __P((MCI *));
static void mci_uncache __P((MCI **, bool));
+static void mci_clear __P((MCI *));
static int mci_lock_host_statfile __P((MCI *));
static int mci_read_persistent __P((SM_FILE_T *, MCI *));
/*
** Mail Connection Information (MCI) Caching Module.
**
** There are actually two separate things cached. The first is
** the set of all open connections -- these are stored in a
** (small) list. The second is stored in the symbol table; it
** has the overall status for all hosts, whether or not there
** is a connection open currently.
**
** There should never be too many connections open (since this
** could flood the socket table), nor should a connection be
** allowed to sit idly for too long.
**
** MaxMciCache is the maximum number of open connections that
** will be supported.
**
** MciCacheTimeout is the time (in seconds) that a connection
** is permitted to survive without activity.
**
** We actually try any cached connections by sending a RSET
** before we use them; if the RSET fails we close down the
** connection and reopen it (see smtpprobe()).
**
** The persistent MCI code is donated by Mark Lovell and Paul
** Vixie. It is based on the long term host status code in KJS
** written by Paul but has been adapted by Mark to fit into the
** MCI structure.
*/
static MCI **MciCache; /* the open connection cache */
/*
** MCI_CACHE -- enter a connection structure into the open connection cache
**
** This may cause something else to be flushed.
**
** Parameters:
** mci -- the connection to cache.
**
** Returns:
** none.
*/
void
mci_cache(mci)
register MCI *mci;
{
register MCI **mcislot;
/*
** Find the best slot. This may cause expired connections
** to be closed.
*/
mcislot = mci_scan(mci);
if (mcislot == NULL)
{
/* we don't support caching */
return;
}
if (mci->mci_host == NULL)
return;
/* if this is already cached, we are done */
if (bitset(MCIF_CACHED, mci->mci_flags))
return;
/* otherwise we may have to clear the slot */
if (*mcislot != NULL)
mci_uncache(mcislot, true);
if (tTd(42, 5))
sm_dprintf("mci_cache: caching %p (%s) in slot %d\n",
- mci, mci->mci_host, (int) (mcislot - MciCache));
+ (void *)mci, mci->mci_host, (int) (mcislot - MciCache));
if (tTd(91, 100))
sm_syslog(LOG_DEBUG, CurEnv->e_id,
"mci_cache: caching %lx (%.100s) in slot %d",
(unsigned long) mci, mci->mci_host,
(int) (mcislot - MciCache));
*mcislot = mci;
mci->mci_flags |= MCIF_CACHED;
}
/*
** MCI_SCAN -- scan the cache, flush junk, and return best slot
**
** Parameters:
** savemci -- never flush this one. Can be null.
**
** Returns:
** The LRU (or empty) slot.
*/
MCI **
mci_scan(savemci)
MCI *savemci;
{
time_t now;
register MCI **bestmci;
register MCI *mci;
register int i;
if (MaxMciCache <= 0)
{
/* we don't support caching */
return NULL;
}
if (MciCache == NULL)
{
/* first call */
MciCache = (MCI **) sm_pmalloc_x(MaxMciCache * sizeof(*MciCache));
memset((char *) MciCache, '\0', MaxMciCache * sizeof(*MciCache));
return &MciCache[0];
}
now = curtime();
bestmci = &MciCache[0];
for (i = 0; i < MaxMciCache; i++)
{
mci = MciCache[i];
if (mci == NULL || mci->mci_state == MCIS_CLOSED)
{
bestmci = &MciCache[i];
continue;
}
if ((mci->mci_lastuse + MciCacheTimeout <= now ||
(mci->mci_mailer != NULL &&
mci->mci_mailer->m_maxdeliveries > 0 &&
mci->mci_deliveries + 1 >= mci->mci_mailer->m_maxdeliveries))&&
mci != savemci)
{
/* connection idle too long or too many deliveries */
bestmci = &MciCache[i];
/* close it */
mci_uncache(bestmci, true);
continue;
}
if (*bestmci == NULL)
continue;
if (mci->mci_lastuse < (*bestmci)->mci_lastuse)
bestmci = &MciCache[i];
}
return bestmci;
}
/*
** MCI_UNCACHE -- remove a connection from a slot.
**
** May close a connection.
**
** Parameters:
** mcislot -- the slot to empty.
** doquit -- if true, send QUIT protocol on this connection.
** if false, we are assumed to be in a forked child;
** all we want to do is close the file(s).
**
** Returns:
** none.
*/
static void
mci_uncache(mcislot, doquit)
register MCI **mcislot;
bool doquit;
{
register MCI *mci;
extern ENVELOPE BlankEnvelope;
mci = *mcislot;
if (mci == NULL)
return;
*mcislot = NULL;
if (mci->mci_host == NULL)
return;
mci_unlock_host(mci);
if (tTd(42, 5))
sm_dprintf("mci_uncache: uncaching %p (%s) from slot %d (%d)\n",
- mci, mci->mci_host, (int) (mcislot - MciCache),
+ (void *)mci, mci->mci_host, (int) (mcislot - MciCache),
doquit);
if (tTd(91, 100))
sm_syslog(LOG_DEBUG, CurEnv->e_id,
"mci_uncache: uncaching %lx (%.100s) from slot %d (%d)",
(unsigned long) mci, mci->mci_host,
(int) (mcislot - MciCache), doquit);
mci->mci_deliveries = 0;
if (doquit)
{
message("Closing connection to %s", mci->mci_host);
mci->mci_flags &= ~MCIF_CACHED;
/* only uses the envelope to flush the transcript file */
if (mci->mci_state != MCIS_CLOSED)
smtpquit(mci->mci_mailer, mci, &BlankEnvelope);
#if XLA
xla_host_end(mci->mci_host);
-#endif /* XLA */
+#endif
}
else
{
if (mci->mci_in != NULL)
(void) sm_io_close(mci->mci_in, SM_TIME_DEFAULT);
if (mci->mci_out != NULL)
(void) sm_io_close(mci->mci_out, SM_TIME_DEFAULT);
mci->mci_in = mci->mci_out = NULL;
mci->mci_state = MCIS_CLOSED;
mci->mci_exitstat = EX_OK;
mci->mci_errno = 0;
mci->mci_flags = 0;
mci->mci_retryrcpt = false;
mci->mci_tolist = NULL;
#if PIPELINING
mci->mci_okrcpts = 0;
-#endif /* PIPELINING */
+#endif
}
- SM_FREE_CLR(mci->mci_status);
- SM_FREE_CLR(mci->mci_rstatus);
- SM_FREE_CLR(mci->mci_heloname);
+ SM_FREE(mci->mci_status);
+ SM_FREE(mci->mci_rstatus);
+ SM_FREE(mci->mci_heloname);
+ mci_clear(mci);
if (mci->mci_rpool != NULL)
{
sm_rpool_free(mci->mci_rpool);
mci->mci_macro.mac_rpool = NULL;
mci->mci_rpool = NULL;
}
}
/*
** MCI_FLUSH -- flush the entire cache
**
** Parameters:
** doquit -- if true, send QUIT protocol.
** if false, just close the connection.
** allbut -- but leave this one open.
**
** Returns:
** none.
*/
void
mci_flush(doquit, allbut)
bool doquit;
MCI *allbut;
{
register int i;
if (MciCache == NULL)
return;
for (i = 0; i < MaxMciCache; i++)
{
if (allbut != MciCache[i])
mci_uncache(&MciCache[i], doquit);
}
}
/*
** MCI_CLR_EXTENSIONS -- clear knowledge about SMTP extensions
**
** Parameters:
** mci -- the connection to clear.
**
** Returns:
** none.
*/
void
mci_clr_extensions(mci)
MCI *mci;
{
if (mci == NULL)
return;
mci->mci_flags &= ~MCIF_EXTENS;
mci->mci_maxsize = 0;
mci->mci_min_by = 0;
#if SASL
mci->mci_saslcap = NULL;
-#endif /* SASL */
+#endif
}
+/*
+** MCI_CLEAR -- clear mci
+**
+** Parameters:
+** mci -- the connection to clear.
+**
+** Returns:
+** none.
+*/
+
+static void
+mci_clear(mci)
+ MCI *mci;
+{
+ if (mci == NULL)
+ return;
+
+ mci->mci_maxsize = 0;
+ mci->mci_min_by = 0;
+ mci->mci_deliveries = 0;
+#if SASL
+ if (bitset(MCIF_AUTHACT, mci->mci_flags))
+ sasl_dispose(&mci->mci_conn);
+#endif
+#if STARTTLS
+ if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL)
+ SM_SSL_FREE(mci->mci_ssl);
+#endif
+
+ /* which flags to preserve? */
+ mci->mci_flags &= MCIF_CACHED;
+ mactabclear(&mci->mci_macro);
+}
+
+
/*
** MCI_GET -- get information about a particular host
**
** Parameters:
** host -- host to look for.
** m -- mailer.
**
** Returns:
** mci for this host (might be new).
*/
MCI *
mci_get(host, m)
char *host;
MAILER *m;
{
register MCI *mci;
register STAB *s;
extern SOCKADDR CurHostAddr;
/* clear CurHostAddr so we don't get a bogus address with this name */
memset(&CurHostAddr, '\0', sizeof(CurHostAddr));
/* clear out any expired connections */
(void) mci_scan(NULL);
if (m->m_mno < 0)
syserr("!negative mno %d (%s)", m->m_mno, m->m_name);
s = stab(host, ST_MCI + m->m_mno, ST_ENTER);
mci = &s->s_mci;
/* initialize per-message data */
mci->mci_retryrcpt = false;
mci->mci_tolist = NULL;
#if PIPELINING
mci->mci_okrcpts = 0;
-#endif /* PIPELINING */
+#endif
mci->mci_flags &= ~MCIF_NOTSTICKY;
if (mci->mci_rpool == NULL)
mci->mci_rpool = sm_rpool_new_x(NULL);
if (mci->mci_macro.mac_rpool == NULL)
mci->mci_macro.mac_rpool = mci->mci_rpool;
/*
** We don't need to load the persistent data if we have data
** already loaded in the cache.
*/
if (mci->mci_host == NULL &&
(mci->mci_host = s->s_name) != NULL &&
!mci_load_persistent(mci))
{
if (tTd(42, 2))
sm_dprintf("mci_get(%s %s): lock failed\n",
host, m->m_name);
mci->mci_exitstat = EX_TEMPFAIL;
mci->mci_state = MCIS_CLOSED;
mci->mci_statfile = NULL;
return mci;
}
if (tTd(42, 2))
{
sm_dprintf("mci_get(%s %s): mci_state=%d, _flags=%lx, _exitstat=%d, _errno=%d\n",
host, m->m_name, mci->mci_state, mci->mci_flags,
mci->mci_exitstat, mci->mci_errno);
}
if (mci->mci_state == MCIS_OPEN)
{
/* poke the connection to see if it's still alive */
(void) smtpprobe(mci);
/* reset the stored state in the event of a timeout */
if (mci->mci_state != MCIS_OPEN)
{
mci->mci_errno = 0;
mci->mci_exitstat = EX_OK;
mci->mci_state = MCIS_CLOSED;
}
else
{
/* get peer host address */
/* (this should really be in the mci struct) */
SOCKADDR_LEN_T socklen = sizeof(CurHostAddr);
(void) getpeername(sm_io_getinfo(mci->mci_in,
SM_IO_WHAT_FD, NULL),
(struct sockaddr *) &CurHostAddr, &socklen);
}
}
if (mci->mci_state == MCIS_CLOSED)
{
time_t now = curtime();
/* if this info is stale, ignore it */
if (mci->mci_lastuse + MciInfoTimeout <= now)
{
mci->mci_lastuse = now;
mci->mci_errno = 0;
mci->mci_exitstat = EX_OK;
}
+ mci_clear(mci);
}
return mci;
}
/*
** MCI_CLOSE -- (forcefully) close files used for a connection.
** Note: this is a last resort, usually smtpquit() or endmailer()
** should be used to close a connection.
**
** Parameters:
** mci -- the connection to close.
** where -- where has this been called?
**
** Returns:
** none.
*/
void
mci_close(mci, where)
MCI *mci;
char *where;
{
bool dumped;
if (mci == NULL)
return;
dumped = false;
if (mci->mci_out != NULL)
{
if (tTd(56, 1))
{
sm_dprintf("mci_close: mci_out!=NULL, where=%s\n",
where);
mci_dump(sm_debug_file(), mci, false);
dumped = true;
}
(void) sm_io_close(mci->mci_out, SM_TIME_DEFAULT);
mci->mci_out = NULL;
}
if (mci->mci_in != NULL)
{
if (tTd(56, 1))
{
sm_dprintf("mci_close: mci_in!=NULL, where=%s\n",
where);
if (!dumped)
mci_dump(sm_debug_file(), mci, false);
}
(void) sm_io_close(mci->mci_in, SM_TIME_DEFAULT);
mci->mci_in = NULL;
}
mci->mci_state = MCIS_CLOSED;
}
/*
** MCI_NEW -- allocate new MCI structure
**
** Parameters:
** rpool -- if non-NULL: allocate from that rpool.
**
** Returns:
** mci (new).
*/
MCI *
mci_new(rpool)
SM_RPOOL_T *rpool;
{
register MCI *mci;
if (rpool == NULL)
mci = (MCI *) sm_malloc_x(sizeof(*mci));
else
mci = (MCI *) sm_rpool_malloc_x(rpool, sizeof(*mci));
memset((char *) mci, '\0', sizeof(*mci));
mci->mci_rpool = sm_rpool_new_x(NULL);
mci->mci_macro.mac_rpool = mci->mci_rpool;
return mci;
}
/*
** MCI_MATCH -- check connection cache for a particular host
**
** Parameters:
** host -- host to look for.
** m -- mailer.
**
** Returns:
** true iff open connection exists.
*/
bool
mci_match(host, m)
char *host;
MAILER *m;
{
register MCI *mci;
register STAB *s;
if (m->m_mno < 0 || m->m_mno > MAXMAILERS)
return false;
s = stab(host, ST_MCI + m->m_mno, ST_FIND);
if (s == NULL)
return false;
mci = &s->s_mci;
return mci->mci_state == MCIS_OPEN;
}
/*
** MCI_SETSTAT -- set status codes in MCI structure.
**
** Parameters:
** mci -- the MCI structure to set.
** xstat -- the exit status code.
** dstat -- the DSN status code.
** rstat -- the SMTP status code.
**
** Returns:
** none.
*/
void
mci_setstat(mci, xstat, dstat, rstat)
MCI *mci;
int xstat;
char *dstat;
char *rstat;
{
/* protocol errors should never be interpreted as sticky */
if (xstat != EX_NOTSTICKY && xstat != EX_PROTOCOL)
mci->mci_exitstat = xstat;
- SM_FREE_CLR(mci->mci_status);
+ SM_FREE(mci->mci_status);
if (dstat != NULL)
mci->mci_status = sm_strdup_x(dstat);
- SM_FREE_CLR(mci->mci_rstatus);
+ SM_FREE(mci->mci_rstatus);
if (rstat != NULL)
mci->mci_rstatus = sm_strdup_x(rstat);
}
/*
** MCI_DUMP -- dump the contents of an MCI structure.
**
** Parameters:
** fp -- output file pointer
** mci -- the MCI structure to dump.
**
** Returns:
** none.
**
** Side Effects:
** none.
*/
struct mcifbits
{
int mcif_bit; /* flag bit */
char *mcif_name; /* flag name */
};
static struct mcifbits MciFlags[] =
{
- { MCIF_VALID, "VALID" },
{ MCIF_CACHED, "CACHED" },
{ MCIF_ESMTP, "ESMTP" },
{ MCIF_EXPN, "EXPN" },
{ MCIF_SIZE, "SIZE" },
{ MCIF_8BITMIME, "8BITMIME" },
{ MCIF_7BIT, "7BIT" },
{ MCIF_INHEADER, "INHEADER" },
{ MCIF_CVT8TO7, "CVT8TO7" },
{ MCIF_DSN, "DSN" },
{ MCIF_8BITOK, "8BITOK" },
{ MCIF_CVT7TO8, "CVT7TO8" },
{ MCIF_INMIME, "INMIME" },
{ MCIF_AUTH, "AUTH" },
{ MCIF_AUTH2, "AUTH2" },
{ MCIF_AUTHACT, "AUTHACT" },
{ MCIF_ENHSTAT, "ENHSTAT" },
{ MCIF_PIPELINED, "PIPELINED" },
+ { MCIF_VERB, "VERB" },
#if STARTTLS
{ MCIF_TLS, "TLS" },
{ MCIF_TLSACT, "TLSACT" },
-#endif /* STARTTLS */
+#endif
{ MCIF_DLVR_BY, "DLVR_BY" },
+ { MCIF_INLONGLINE, "INLONGLINE" },
+ { MCIF_NOTSTICKY, "NOTSTICKY" },
{ 0, NULL }
};
void
mci_dump(fp, mci, logit)
SM_FILE_T *fp;
register MCI *mci;
bool logit;
{
register char *p;
char *sep;
char buf[4000];
sep = logit ? " " : "\n\t";
p = buf;
- (void) sm_snprintf(p, SPACELEFT(buf, p), "MCI@%p: ", mci);
+ (void) sm_snprintf(p, SPACELEFT(buf, p), "MCI@%p: ", (void *)mci);
p += strlen(p);
if (mci == NULL)
{
(void) sm_snprintf(p, SPACELEFT(buf, p), "NULL");
goto printit;
}
(void) sm_snprintf(p, SPACELEFT(buf, p), "flags=%lx", mci->mci_flags);
p += strlen(p);
/*
** The following check is just for paranoia. It protects the
** assignment in the if() clause. If there's not some minimum
** amount of space we can stop right now. The check will not
** trigger as long as sizeof(buf)=4000.
*/
if (p >= buf + sizeof(buf) - 4)
goto printit;
if (mci->mci_flags != 0)
{
struct mcifbits *f;
*p++ = '<'; /* protected above */
for (f = MciFlags; f->mcif_bit != 0; f++)
{
if (!bitset(f->mcif_bit, mci->mci_flags))
continue;
(void) sm_strlcpyn(p, SPACELEFT(buf, p), 2,
f->mcif_name, ",");
p += strlen(p);
}
p[-1] = '>';
}
/* Note: sm_snprintf() takes care of NULL arguments for %s */
(void) sm_snprintf(p, SPACELEFT(buf, p),
",%serrno=%d, herrno=%d, exitstat=%d, state=%d, pid=%d,%s",
sep, mci->mci_errno, mci->mci_herrno,
mci->mci_exitstat, mci->mci_state, (int) mci->mci_pid, sep);
p += strlen(p);
(void) sm_snprintf(p, SPACELEFT(buf, p),
"maxsize=%ld, phase=%s, mailer=%s,%s",
mci->mci_maxsize, mci->mci_phase,
mci->mci_mailer == NULL ? "NULL" : mci->mci_mailer->m_name,
sep);
p += strlen(p);
(void) sm_snprintf(p, SPACELEFT(buf, p),
"status=%s, rstatus=%s,%s",
mci->mci_status, mci->mci_rstatus, sep);
p += strlen(p);
(void) sm_snprintf(p, SPACELEFT(buf, p),
"host=%s, lastuse=%s",
mci->mci_host, ctime(&mci->mci_lastuse));
printit:
if (logit)
sm_syslog(LOG_DEBUG, CurEnv->e_id, "%.1000s", buf);
else
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s\n", buf);
}
/*
** MCI_DUMP_ALL -- print the entire MCI cache
**
** Parameters:
** fp -- output file pointer
** logit -- if set, log the result instead of printing
** to stdout.
**
** Returns:
** none.
*/
void
mci_dump_all(fp, logit)
SM_FILE_T *fp;
bool logit;
{
register int i;
if (MciCache == NULL)
return;
for (i = 0; i < MaxMciCache; i++)
mci_dump(fp, MciCache[i], logit);
}
/*
** MCI_LOCK_HOST -- Lock host while sending.
**
** If we are contacting a host, we'll need to
** update the status information in the host status
** file, and if we want to do that, we ought to have
** locked it. This has the (according to some)
** desirable effect of serializing connectivity with
** remote hosts -- i.e.: one connection to a given
** host at a time.
**
** Parameters:
** mci -- containing the host we want to lock.
**
** Returns:
** EX_OK -- got the lock.
** EX_TEMPFAIL -- didn't get the lock.
*/
int
mci_lock_host(mci)
MCI *mci;
{
if (mci == NULL)
{
if (tTd(56, 1))
sm_dprintf("mci_lock_host: NULL mci\n");
return EX_OK;
}
if (!SingleThreadDelivery)
return EX_OK;
return mci_lock_host_statfile(mci);
}
static int
mci_lock_host_statfile(mci)
MCI *mci;
{
int save_errno = errno;
int retVal = EX_OK;
char fname[MAXPATHLEN];
if (HostStatDir == NULL || mci->mci_host == NULL)
return EX_OK;
if (tTd(56, 2))
sm_dprintf("mci_lock_host: attempting to lock %s\n",
mci->mci_host);
if (mci_generate_persistent_path(mci->mci_host, fname, sizeof(fname),
true) < 0)
{
/* of course this should never happen */
if (tTd(56, 2))
sm_dprintf("mci_lock_host: Failed to generate host path for %s\n",
mci->mci_host);
retVal = EX_TEMPFAIL;
goto cleanup;
}
mci->mci_statfile = safefopen(fname, O_RDWR, FileMode,
SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_SAFEDIRPATH|SFF_CREAT);
if (mci->mci_statfile == NULL)
{
syserr("mci_lock_host: cannot create host lock file %s", fname);
goto cleanup;
}
if (!lockfile(sm_io_getinfo(mci->mci_statfile, SM_IO_WHAT_FD, NULL),
fname, "", LOCK_EX|LOCK_NB))
{
if (tTd(56, 2))
sm_dprintf("mci_lock_host: couldn't get lock on %s\n",
fname);
(void) sm_io_close(mci->mci_statfile, SM_TIME_DEFAULT);
mci->mci_statfile = NULL;
retVal = EX_TEMPFAIL;
goto cleanup;
}
if (tTd(56, 12) && mci->mci_statfile != NULL)
sm_dprintf("mci_lock_host: Sanity check -- lock is good\n");
cleanup:
errno = save_errno;
return retVal;
}
/*
** MCI_UNLOCK_HOST -- unlock host
**
** Clean up the lock on a host, close the file, let
** someone else use it.
**
** Parameters:
** mci -- us.
**
** Returns:
** nothing.
*/
void
mci_unlock_host(mci)
MCI *mci;
{
int save_errno = errno;
if (mci == NULL)
{
if (tTd(56, 1))
sm_dprintf("mci_unlock_host: NULL mci\n");
return;
}
if (HostStatDir == NULL || mci->mci_host == NULL)
return;
if (!SingleThreadDelivery && mci_lock_host_statfile(mci) == EX_TEMPFAIL)
{
if (tTd(56, 1))
sm_dprintf("mci_unlock_host: stat file already locked\n");
}
else
{
if (tTd(56, 2))
sm_dprintf("mci_unlock_host: store prior to unlock\n");
mci_store_persistent(mci);
}
if (mci->mci_statfile != NULL)
{
(void) sm_io_close(mci->mci_statfile, SM_TIME_DEFAULT);
mci->mci_statfile = NULL;
}
errno = save_errno;
}
/*
** MCI_LOAD_PERSISTENT -- load persistent host info
**
** Load information about host that is kept
** in common for all running sendmails.
**
** Parameters:
** mci -- the host/connection to load persistent info for.
**
** Returns:
** true -- lock was successful
** false -- lock failed
*/
static bool
mci_load_persistent(mci)
MCI *mci;
{
int save_errno = errno;
bool locked = true;
SM_FILE_T *fp;
char fname[MAXPATHLEN];
if (mci == NULL)
{
if (tTd(56, 1))
sm_dprintf("mci_load_persistent: NULL mci\n");
return true;
}
if (IgnoreHostStatus || HostStatDir == NULL || mci->mci_host == NULL)
return true;
/* Already have the persistent information in memory */
if (SingleThreadDelivery && mci->mci_statfile != NULL)
return true;
if (tTd(56, 1))
sm_dprintf("mci_load_persistent: Attempting to load persistent information for %s\n",
mci->mci_host);
if (mci_generate_persistent_path(mci->mci_host, fname, sizeof(fname),
false) < 0)
{
/* Not much we can do if the file isn't there... */
if (tTd(56, 1))
sm_dprintf("mci_load_persistent: Couldn't generate host path\n");
goto cleanup;
}
fp = safefopen(fname, O_RDONLY, FileMode,
SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_SAFEDIRPATH);
if (fp == NULL)
{
/* I can't think of any reason this should ever happen */
if (tTd(56, 1))
sm_dprintf("mci_load_persistent: open(%s): %s\n",
fname, sm_errstring(errno));
goto cleanup;
}
FileName = fname;
locked = lockfile(sm_io_getinfo(fp, SM_IO_WHAT_FD, NULL), fname, "",
LOCK_SH|LOCK_NB);
if (locked)
{
(void) mci_read_persistent(fp, mci);
(void) lockfile(sm_io_getinfo(fp, SM_IO_WHAT_FD, NULL), fname,
"", LOCK_UN);
}
FileName = NULL;
(void) sm_io_close(fp, SM_TIME_DEFAULT);
cleanup:
errno = save_errno;
return locked;
}
/*
** MCI_READ_PERSISTENT -- read persistent host status file
**
** Parameters:
** fp -- the file pointer to read.
** mci -- the pointer to fill in.
**
** Returns:
** -1 -- if the file was corrupt.
** 0 -- otherwise.
**
** Warning:
** This code makes the assumption that this data
** will be read in an atomic fashion, and that the data
** was written in an atomic fashion. Any other functioning
** may lead to some form of insanity. This should be
** perfectly safe due to underlying stdio buffering.
*/
static int
mci_read_persistent(fp, mci)
SM_FILE_T *fp;
register MCI *mci;
{
int ver;
register char *p;
int saveLineNumber = LineNumber;
char buf[MAXLINE];
if (fp == NULL)
{
syserr("mci_read_persistent: NULL fp");
/* NOTREACHED */
return -1;
}
if (mci == NULL)
{
syserr("mci_read_persistent: NULL mci");
/* NOTREACHED */
return -1;
}
if (tTd(56, 93))
{
sm_dprintf("mci_read_persistent: fp=%lx, mci=",
(unsigned long) fp);
}
- SM_FREE_CLR(mci->mci_status);
- SM_FREE_CLR(mci->mci_rstatus);
+ SM_FREE(mci->mci_status);
+ SM_FREE(mci->mci_rstatus);
sm_io_rewind(fp, SM_TIME_DEFAULT);
ver = -1;
LineNumber = 0;
while (sm_io_fgets(fp, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
{
LineNumber++;
p = strchr(buf, '\n');
if (p != NULL)
*p = '\0';
switch (buf[0])
{
case 'V': /* version stamp */
ver = atoi(&buf[1]);
if (ver < 0 || ver > 0)
syserr("Unknown host status version %d: %d max",
ver, 0);
break;
case 'E': /* UNIX error number */
mci->mci_errno = atoi(&buf[1]);
break;
case 'H': /* DNS error number */
mci->mci_herrno = atoi(&buf[1]);
break;
case 'S': /* UNIX exit status */
mci->mci_exitstat = atoi(&buf[1]);
break;
case 'D': /* DSN status */
mci->mci_status = newstr(&buf[1]);
break;
case 'R': /* SMTP status */
mci->mci_rstatus = newstr(&buf[1]);
break;
case 'U': /* last usage time */
mci->mci_lastuse = atol(&buf[1]);
break;
case '.': /* end of file */
if (tTd(56, 93))
mci_dump(sm_debug_file(), mci, false);
return 0;
default:
sm_syslog(LOG_CRIT, NOQID,
"%s: line %d: Unknown host status line \"%s\"",
FileName == NULL ? mci->mci_host : FileName,
LineNumber, buf);
LineNumber = saveLineNumber;
return -1;
}
}
LineNumber = saveLineNumber;
if (tTd(56, 93))
sm_dprintf("incomplete (missing dot for EOF)\n");
if (ver < 0)
return -1;
return 0;
}
/*
** MCI_STORE_PERSISTENT -- Store persistent MCI information
**
** Store information about host that is kept
** in common for all running sendmails.
**
** Parameters:
** mci -- the host/connection to store persistent info for.
**
** Returns:
** none.
*/
void
mci_store_persistent(mci)
MCI *mci;
{
int save_errno = errno;
if (mci == NULL)
{
if (tTd(56, 1))
sm_dprintf("mci_store_persistent: NULL mci\n");
return;
}
if (HostStatDir == NULL || mci->mci_host == NULL)
return;
if (tTd(56, 1))
sm_dprintf("mci_store_persistent: Storing information for %s\n",
mci->mci_host);
if (mci->mci_statfile == NULL)
{
if (tTd(56, 1))
sm_dprintf("mci_store_persistent: no statfile\n");
return;
}
sm_io_rewind(mci->mci_statfile, SM_TIME_DEFAULT);
#if !NOFTRUNCATE
(void) ftruncate(sm_io_getinfo(mci->mci_statfile, SM_IO_WHAT_FD, NULL),
(off_t) 0);
-#endif /* !NOFTRUNCATE */
+#endif
(void) sm_io_fprintf(mci->mci_statfile, SM_TIME_DEFAULT, "V0\n");
(void) sm_io_fprintf(mci->mci_statfile, SM_TIME_DEFAULT, "E%d\n",
mci->mci_errno);
(void) sm_io_fprintf(mci->mci_statfile, SM_TIME_DEFAULT, "H%d\n",
mci->mci_herrno);
(void) sm_io_fprintf(mci->mci_statfile, SM_TIME_DEFAULT, "S%d\n",
mci->mci_exitstat);
if (mci->mci_status != NULL)
(void) sm_io_fprintf(mci->mci_statfile, SM_TIME_DEFAULT,
"D%.80s\n",
denlstring(mci->mci_status, true, false));
if (mci->mci_rstatus != NULL)
(void) sm_io_fprintf(mci->mci_statfile, SM_TIME_DEFAULT,
"R%.80s\n",
denlstring(mci->mci_rstatus, true, false));
(void) sm_io_fprintf(mci->mci_statfile, SM_TIME_DEFAULT, "U%ld\n",
(long)(mci->mci_lastuse));
(void) sm_io_fprintf(mci->mci_statfile, SM_TIME_DEFAULT, ".\n");
(void) sm_io_flush(mci->mci_statfile, SM_TIME_DEFAULT);
errno = save_errno;
return;
}
/*
** MCI_TRAVERSE_PERSISTENT -- walk persistent status tree
**
** Recursively find all the mci host files in `pathname'. Default to
** main host status directory if no path is provided.
** Call (*action)(pathname, host) for each file found.
**
** Note: all information is collected in a list before it is processed.
** This may not be the best way to do it, but it seems safest, since
** the file system would be touched while we are attempting to traverse
** the directory tree otherwise (during purges).
**
** Parameters:
** action -- function to call on each node. If returns < 0,
** return immediately.
** pathname -- root of tree. If null, use main host status
** directory.
**
** Returns:
** < 0 -- if any action routine returns a negative value, that
** value is returned.
** 0 -- if we successfully went to completion.
** > 0 -- return status from action()
*/
int
mci_traverse_persistent(action, pathname)
int (*action)__P((char *, char *));
char *pathname;
{
struct stat statbuf;
DIR *d;
int ret;
if (pathname == NULL)
pathname = HostStatDir;
if (pathname == NULL)
return -1;
if (tTd(56, 1))
sm_dprintf("mci_traverse: pathname is %s\n", pathname);
ret = stat(pathname, &statbuf);
if (ret < 0)
{
if (tTd(56, 2))
sm_dprintf("mci_traverse: Failed to stat %s: %s\n",
pathname, sm_errstring(errno));
return ret;
}
if (S_ISDIR(statbuf.st_mode))
{
bool leftone, removedone;
size_t len;
char *newptr;
struct dirent *e;
char newpath[MAXPATHLEN];
#if MAXPATHLEN <= MAXNAMLEN - 3
ERROR "MAXPATHLEN <= MAXNAMLEN - 3"
-#endif /* MAXPATHLEN <= MAXNAMLEN - 3 */
+#endif
if ((d = opendir(pathname)) == NULL)
{
if (tTd(56, 2))
sm_dprintf("mci_traverse: opendir %s: %s\n",
pathname, sm_errstring(errno));
return -1;
}
/*
** Reserve space for trailing '/', at least one
** character, and '\0'
*/
len = sizeof(newpath) - 3;
if (sm_strlcpy(newpath, pathname, len) >= len)
{
int save_errno = errno;
if (tTd(56, 2))
sm_dprintf("mci_traverse: path \"%s\" too long",
pathname);
(void) closedir(d);
errno = save_errno;
return -1;
}
newptr = newpath + strlen(newpath);
*newptr++ = '/';
len = sizeof(newpath) - (newptr - newpath);
/*
** repeat until no file has been removed
** this may become ugly when several files "expire"
** during these loops, but it's better than doing
** a rewinddir() inside the inner loop
*/
do
{
leftone = removedone = false;
while ((e = readdir(d)) != NULL)
{
if (e->d_name[0] == '.')
continue;
if (sm_strlcpy(newptr, e->d_name, len) >= len)
{
/* Skip truncated copies */
if (tTd(56, 4))
{
*newptr = '\0';
sm_dprintf("mci_traverse: path \"%s%s\" too long",
newpath, e->d_name);
}
continue;
}
if (StopRequest)
stop_sendmail();
ret = mci_traverse_persistent(action, newpath);
if (ret < 0)
break;
if (ret == 1)
leftone = true;
if (!removedone && ret == 0 &&
action == mci_purge_persistent)
removedone = true;
}
if (ret < 0)
break;
/*
** The following appears to be
** necessary during purges, since
** we modify the directory structure
*/
if (removedone)
rewinddir(d);
if (tTd(56, 40))
sm_dprintf("mci_traverse: path %s: ret %d removed %d left %d\n",
pathname, ret, removedone, leftone);
} while (removedone);
/* purge (or whatever) the directory proper */
if (!leftone)
{
*--newptr = '\0';
ret = (*action)(newpath, NULL);
}
(void) closedir(d);
}
else if (S_ISREG(statbuf.st_mode))
{
char *end = pathname + strlen(pathname) - 1;
char *start;
char *scan;
char host[MAXHOSTNAMELEN];
char *hostptr = host;
/*
** Reconstruct the host name from the path to the
** persistent information.
*/
do
{
if (hostptr != host)
*(hostptr++) = '.';
start = end;
while (start > pathname && *(start - 1) != '/')
start--;
if (*end == '.')
end--;
for (scan = start; scan <= end; scan++)
*(hostptr++) = *scan;
end = start - 2;
} while (end > pathname && *end == '.');
*hostptr = '\0';
/*
** Do something with the file containing the persistent
** information.
*/
ret = (*action)(pathname, host);
}
return ret;
}
/*
** MCI_PRINT_PERSISTENT -- print persistent info
**
** Dump the persistent information in the file 'pathname'
**
** Parameters:
** pathname -- the pathname to the status file.
** hostname -- the corresponding host name.
**
** Returns:
** 0
*/
int
mci_print_persistent(pathname, hostname)
char *pathname;
char *hostname;
{
static bool initflag = false;
SM_FILE_T *fp;
int width = Verbose ? 78 : 25;
bool locked;
MCI mcib;
/* skip directories */
if (hostname == NULL)
return 0;
if (StopRequest)
stop_sendmail();
if (!initflag)
{
initflag = true;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" -------------- Hostname --------------- How long ago ---------Results---------\n");
}
fp = safefopen(pathname, O_RDONLY, FileMode,
SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_SAFEDIRPATH);
if (fp == NULL)
{
if (tTd(56, 1))
sm_dprintf("mci_print_persistent: cannot open %s: %s\n",
pathname, sm_errstring(errno));
return 0;
}
FileName = pathname;
memset(&mcib, '\0', sizeof(mcib));
if (mci_read_persistent(fp, &mcib) < 0)
{
syserr("%s: could not read status file", pathname);
(void) sm_io_close(fp, SM_TIME_DEFAULT);
FileName = NULL;
return 0;
}
locked = !lockfile(sm_io_getinfo(fp, SM_IO_WHAT_FD, NULL), pathname,
"", LOCK_SH|LOCK_NB);
(void) sm_io_close(fp, SM_TIME_DEFAULT);
FileName = NULL;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%c%-39s %12s ",
locked ? '*' : ' ', hostname,
pintvl(curtime() - mcib.mci_lastuse, true));
if (mcib.mci_rstatus != NULL)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%.*s\n", width,
mcib.mci_rstatus);
else if (mcib.mci_exitstat == EX_TEMPFAIL && mcib.mci_errno != 0)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Deferred: %.*s\n", width - 10,
sm_errstring(mcib.mci_errno));
else if (mcib.mci_exitstat != 0)
{
char *exmsg = sm_sysexmsg(mcib.mci_exitstat);
if (exmsg == NULL)
{
char buf[80];
(void) sm_snprintf(buf, sizeof(buf),
"Unknown mailer error %d",
mcib.mci_exitstat);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%.*s\n",
width, buf);
}
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%.*s\n",
width, &exmsg[5]);
}
else if (mcib.mci_errno == 0)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "OK\n");
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "OK: %.*s\n",
width - 4, sm_errstring(mcib.mci_errno));
return 0;
}
/*
** MCI_PURGE_PERSISTENT -- Remove a persistence status file.
**
** Parameters:
** pathname -- path to the status file.
** hostname -- name of host corresponding to that file.
** NULL if this is a directory (domain).
**
** Returns:
** 0 -- ok
** 1 -- file not deleted (too young, incorrect format)
** < 0 -- some error occurred
*/
int
mci_purge_persistent(pathname, hostname)
char *pathname;
char *hostname;
{
struct stat statbuf;
char *end = pathname + strlen(pathname) - 1;
int ret;
if (tTd(56, 1))
sm_dprintf("mci_purge_persistent: purging %s\n", pathname);
ret = stat(pathname, &statbuf);
if (ret < 0)
{
if (tTd(56, 2))
sm_dprintf("mci_purge_persistent: Failed to stat %s: %s\n",
pathname, sm_errstring(errno));
return ret;
}
if (curtime() - statbuf.st_mtime <= MciInfoTimeout)
return 1;
if (hostname != NULL)
{
/* remove the file */
ret = unlink(pathname);
if (ret < 0)
{
if (LogLevel > 8)
sm_syslog(LOG_ERR, NOQID,
"mci_purge_persistent: failed to unlink %s: %s",
pathname, sm_errstring(errno));
if (tTd(56, 2))
sm_dprintf("mci_purge_persistent: failed to unlink %s: %s\n",
pathname, sm_errstring(errno));
return ret;
}
}
else
{
/* remove the directory */
if (*end != '.')
return 1;
if (tTd(56, 1))
sm_dprintf("mci_purge_persistent: dpurge %s\n", pathname);
ret = rmdir(pathname);
if (ret < 0)
{
if (tTd(56, 2))
sm_dprintf("mci_purge_persistent: rmdir %s: %s\n",
pathname, sm_errstring(errno));
return ret;
}
}
return 0;
}
/*
** MCI_GENERATE_PERSISTENT_PATH -- generate path from hostname
**
** Given `host', convert from a.b.c to $HostStatDir/c./b./a,
** putting the result into `path'. if `createflag' is set, intervening
** directories will be created as needed.
**
** Parameters:
** host -- host name to convert from.
** path -- place to store result.
** pathlen -- length of path buffer.
** createflag -- if set, create intervening directories as
** needed.
**
** Returns:
** 0 -- success
** -1 -- failure
*/
static int
mci_generate_persistent_path(host, path, pathlen, createflag)
const char *host;
char *path;
int pathlen;
bool createflag;
{
char *elem, *p, *x, ch;
int ret = 0;
int len;
char t_host[MAXHOSTNAMELEN];
#if NETINET6
struct in6_addr in6_addr;
-#endif /* NETINET6 */
+#endif
/*
** Rationality check the arguments.
*/
if (host == NULL)
{
syserr("mci_generate_persistent_path: null host");
return -1;
}
if (path == NULL)
{
syserr("mci_generate_persistent_path: null path");
return -1;
}
if (tTd(56, 80))
sm_dprintf("mci_generate_persistent_path(%s): ", host);
if (*host == '\0' || *host == '.')
return -1;
/* make certain this is not a bracketed host number */
if (strlen(host) > sizeof(t_host) - 1)
return -1;
if (host[0] == '[')
(void) sm_strlcpy(t_host, host + 1, sizeof(t_host));
else
(void) sm_strlcpy(t_host, host, sizeof(t_host));
/*
** Delete any trailing dots from the hostname.
** Leave 'elem' pointing at the \0.
*/
elem = t_host + strlen(t_host);
while (elem > t_host &&
(elem[-1] == '.' || (host[0] == '[' && elem[-1] == ']')))
*--elem = '\0';
/* check for bogus bracketed address */
if (host[0] == '[')
{
bool good = false;
# if NETINET6
if (anynet_pton(AF_INET6, t_host, &in6_addr) == 1)
good = true;
-# endif /* NETINET6 */
+# endif
# if NETINET
if (inet_addr(t_host) != INADDR_NONE)
good = true;
-# endif /* NETINET */
+# endif
if (!good)
return -1;
}
/* check for what will be the final length of the path */
len = strlen(HostStatDir) + 2;
for (p = (char *) t_host; *p != '\0'; p++)
{
if (*p == '.')
len++;
len++;
if (p[0] == '.' && p[1] == '.')
return -1;
}
if (len > pathlen || len < 1)
return -1;
(void) sm_strlcpy(path, HostStatDir, pathlen);
p = path + strlen(path);
while (elem > t_host)
{
if (!path_is_dir(path, createflag))
{
ret = -1;
break;
}
elem--;
while (elem >= t_host && *elem != '.')
elem--;
*p++ = '/';
x = elem + 1;
while ((ch = *x++) != '\0' && ch != '.')
{
if (isascii(ch) && isupper(ch))
ch = tolower(ch);
if (ch == '/')
ch = ':'; /* / -> : */
*p++ = ch;
}
if (elem >= t_host)
*p++ = '.';
*p = '\0';
}
if (tTd(56, 80))
{
if (ret < 0)
sm_dprintf("FAILURE %d\n", ret);
else
sm_dprintf("SUCCESS %s\n", path);
}
return ret;
}
diff --git a/src/milter.c b/src/milter.c
index 9b3667dc573a..ba783c4c61db 100644
--- a/src/milter.c
+++ b/src/milter.c
@@ -1,4789 +1,4803 @@
/*
* Copyright (c) 1999-2009, 2012, 2013 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: milter.c,v 8.281 2013-11-22 20:51:56 ca Exp $")
#if MILTER
# include <sm/sendmail.h>
# include <libmilter/mfapi.h>
# include <libmilter/mfdef.h>
# include <errno.h>
# include <sm/time.h>
# include <sys/uio.h>
# if NETINET || NETINET6
# include <arpa/inet.h>
# if MILTER_NO_NAGLE
# include <netinet/tcp.h>
-# endif /* MILTER_NO_NAGLE */
+# endif
# endif /* NETINET || NETINET6 */
# include <sm/fdset.h>
static void milter_connect_timeout __P((int));
static void milter_error __P((struct milter *, ENVELOPE *));
static int milter_open __P((struct milter *, bool, ENVELOPE *));
static void milter_parse_timeouts __P((char *, struct milter *));
static char *milter_sysread __P((struct milter *, char *, ssize_t, time_t,
ENVELOPE *, const char *));
static char *milter_read __P((struct milter *, char *, ssize_t *, time_t,
ENVELOPE *, const char *));
static char *milter_write __P((struct milter *, int, char *, ssize_t,
time_t, ENVELOPE *, const char *));
static char *milter_send_command __P((struct milter *, int, void *,
ssize_t, ENVELOPE *, char *, const char *));
static char *milter_command __P((int, void *, ssize_t, int,
ENVELOPE *, char *, const char *, bool));
static char *milter_body __P((struct milter *, ENVELOPE *, char *));
static int milter_reopen_df __P((ENVELOPE *));
static int milter_reset_df __P((ENVELOPE *));
static void milter_quit_filter __P((struct milter *, ENVELOPE *));
static void milter_abort_filter __P((struct milter *, ENVELOPE *));
static void milter_send_macros __P((struct milter *, char **, int,
ENVELOPE *));
static int milter_negotiate __P((struct milter *, ENVELOPE *,
milters_T *));
static void milter_per_connection_check __P((ENVELOPE *));
static char *milter_headers __P((struct milter *, ENVELOPE *, char *));
static void milter_addheader __P((struct milter *, char *, ssize_t,
ENVELOPE *));
static void milter_insheader __P((struct milter *, char *, ssize_t,
ENVELOPE *));
static void milter_changeheader __P((struct milter *, char *, ssize_t,
ENVELOPE *));
-static void milter_chgfrom __P((char *, ssize_t, ENVELOPE *));
-static void milter_addrcpt __P((char *, ssize_t, ENVELOPE *));
-static void milter_addrcpt_par __P((char *, ssize_t, ENVELOPE *));
-static void milter_delrcpt __P((char *, ssize_t, ENVELOPE *));
-static int milter_replbody __P((char *, ssize_t, bool, ENVELOPE *));
+static void milter_chgfrom __P((char *, ssize_t, ENVELOPE *, const char *));
+static void milter_addrcpt __P((char *, ssize_t, ENVELOPE *, const char *));
+static void milter_addrcpt_par __P((char *, ssize_t, ENVELOPE *, const char *));
+static void milter_delrcpt __P((char *, ssize_t, ENVELOPE *, const char *));
+static int milter_replbody __P((char *, ssize_t, bool, ENVELOPE *, const char *));
static int milter_set_macros __P((char *, char **, char *, int));
/* milter states */
# define SMFS_CLOSED 'C' /* closed for all further actions */
# define SMFS_OPEN 'O' /* connected to remote milter filter */
# define SMFS_INMSG 'M' /* currently servicing a message */
# define SMFS_DONE 'D' /* done with current message */
# define SMFS_CLOSABLE 'Q' /* done with current connection */
# define SMFS_ERROR 'E' /* error state */
# define SMFS_READY 'R' /* ready for action */
# define SMFS_SKIP 'S' /* skip body */
/*
** MilterMacros contains the milter macros for each milter and each stage.
** indices are (in order): stages, milter-index, macro
** milter-index == 0: "global" macros (not for a specific milter).
*/
static char *MilterMacros[SMFIM_LAST + 1][MAXFILTERS + 1][MAXFILTERMACROS + 1];
static size_t MilterMaxDataSize = MILTER_MAX_DATA_SIZE;
# define MILTER_CHECK_DONE_MSG() \
if (*state == SMFIR_REPLYCODE || \
*state == SMFIR_REJECT || \
*state == SMFIR_DISCARD || \
*state == SMFIR_TEMPFAIL) \
{ \
/* Abort the filters to let them know we are done with msg */ \
milter_abort(e); \
}
/* set state in case of an error */
# define MILTER_SET_STATE \
if (bitnset(SMF_TEMPFAIL, m->mf_flags)) \
*state = SMFIR_TEMPFAIL; \
else if (bitnset(SMF_TEMPDROP, m->mf_flags)) \
*state = SMFIR_SHUTDOWN; \
else if (bitnset(SMF_REJECT, m->mf_flags)) \
*state = SMFIR_REJECT
/* flow through code maybe using continue; don't wrap in do {} while */
# define MILTER_CHECK_ERROR(initial, action) \
if (!initial && tTd(71, 100)) \
{ \
if (e->e_quarmsg == NULL) \
{ \
e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \
"filter failure"); \
macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \
e->e_quarmsg); \
} \
} \
else if (tTd(71, 101)) \
{ \
if (e->e_quarmsg == NULL) \
{ \
e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \
"filter failure"); \
macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \
e->e_quarmsg); \
} \
} \
else MILTER_SET_STATE; \
else \
action;
# define MILTER_CHECK_REPLYCODE(default) \
if (response == NULL || \
strlen(response) + 1 != (size_t) rlen || \
rlen < 3 || \
(response[0] != '4' && response[0] != '5') || \
!isascii(response[1]) || !isdigit(response[1]) || \
!isascii(response[2]) || !isdigit(response[2])) \
{ \
if (response != NULL) \
sm_free(response); /* XXX */ \
response = newstr(default); \
} \
else \
{ \
char *ptr = response; \
\
/* Check for unprotected %'s in the string */ \
while (*ptr != '\0') \
{ \
if (*ptr == '%' && *++ptr != '%') \
{ \
sm_free(response); /* XXX */ \
response = newstr(default); \
break; \
} \
ptr++; \
} \
}
# define MILTER_DF_ERROR(msg) \
{ \
int save_errno = errno; \
\
if (tTd(64, 5)) \
{ \
sm_dprintf(msg, dfname, sm_errstring(save_errno)); \
sm_dprintf("\n"); \
} \
if (MilterLogLevel > 0) \
sm_syslog(LOG_ERR, e->e_id, msg, dfname, sm_errstring(save_errno)); \
if (SuperSafe == SAFE_REALLY) \
{ \
if (e->e_dfp != NULL) \
{ \
(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT); \
e->e_dfp = NULL; \
} \
e->e_flags &= ~EF_HAS_DF; \
} \
errno = save_errno; \
}
/*
** MILTER_TIMEOUT -- make sure socket is ready in time
**
** Parameters:
** routine -- routine name for debug/logging
** secs -- number of seconds in timeout
** write -- waiting to read or write?
** started -- whether this is part of a previous sequence
**
** Assumes 'm' is a milter structure for the current socket.
*/
# define MILTER_TIMEOUT(routine, secs, write, started, function) \
{ \
int ret; \
int save_errno; \
fd_set fds; \
struct timeval tv; \
\
if (!SM_FD_OK_SELECT(m->mf_sock)) \
{ \
if (tTd(64, 5)) \
sm_dprintf("milter_%s(%s): socket %d is larger than FD_SETSIZE %d\n", \
(routine), m->mf_name, m->mf_sock, \
SM_FD_SETSIZE); \
if (MilterLogLevel > 0) \
sm_syslog(LOG_ERR, e->e_id, \
"Milter (%s): socket(%s) %d is larger than FD_SETSIZE %d", \
m->mf_name, (routine), m->mf_sock, \
SM_FD_SETSIZE); \
milter_error(m, e); \
return NULL; \
} \
\
do \
{ \
FD_ZERO(&fds); \
SM_FD_SET(m->mf_sock, &fds); \
tv.tv_sec = (secs); \
tv.tv_usec = 0; \
ret = select(m->mf_sock + 1, \
(write) ? NULL : &fds, \
(write) ? &fds : NULL, \
NULL, &tv); \
} while (ret < 0 && errno == EINTR); \
\
switch (ret) \
{ \
case 0: \
if (tTd(64, 5)) \
sm_dprintf("milter_%s(%s): timeout, where=%s\n", \
(routine), m->mf_name, (function)); \
if (MilterLogLevel > 0) \
sm_syslog(LOG_ERR, e->e_id, \
"Milter (%s): timeout %s data %s, where=%s", \
m->mf_name, \
started ? "during" : "before", \
(routine), (function)); \
milter_error(m, e); \
return NULL; \
\
case -1: \
save_errno = errno; \
if (tTd(64, 5)) \
sm_dprintf("milter_%s(%s): select: %s\n", (routine), \
m->mf_name, sm_errstring(save_errno)); \
if (MilterLogLevel > 0) \
{ \
sm_syslog(LOG_ERR, e->e_id, \
"Milter (%s): select(%s): %s", \
m->mf_name, (routine), \
sm_errstring(save_errno)); \
} \
milter_error(m, e); \
return NULL; \
\
default: \
if (SM_FD_ISSET(m->mf_sock, &fds)) \
break; \
if (tTd(64, 5)) \
sm_dprintf("milter_%s(%s): socket not ready\n", \
(routine), m->mf_name); \
if (MilterLogLevel > 0) \
{ \
sm_syslog(LOG_ERR, e->e_id, \
"Milter (%s): socket(%s) not ready", \
m->mf_name, (routine)); \
} \
milter_error(m, e); \
return NULL; \
} \
}
/*
** Low level functions
*/
/*
** MILTER_READ -- read from a remote milter filter
**
** Parameters:
** m -- milter to read from.
** cmd -- return param for command read.
** rlen -- return length of response string.
** to -- timeout in seconds.
** e -- current envelope.
**
** Returns:
** response string (may be NULL)
*/
static char *
milter_sysread(m, buf, sz, to, e, where)
struct milter *m;
char *buf;
ssize_t sz;
time_t to;
ENVELOPE *e;
const char *where;
{
time_t readstart = 0;
ssize_t len, curl;
bool started = false;
curl = 0;
if (to > 0)
readstart = curtime();
for (;;)
{
if (to > 0)
{
time_t now;
now = curtime();
if (now - readstart >= to)
{
if (tTd(64, 5))
sm_dprintf("milter_sys_read (%s): timeout %s data read in %s",
m->mf_name,
started ? "during" : "before",
where);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): timeout %s data read in %s",
m->mf_name,
started ? "during" : "before",
where);
milter_error(m, e);
return NULL;
}
to -= now - readstart;
readstart = now;
MILTER_TIMEOUT("read", to, false, started, where);
}
len = read(m->mf_sock, buf + curl, sz - curl);
if (len < 0)
{
int save_errno = errno;
if (tTd(64, 5))
sm_dprintf("milter_sys_read(%s): read returned %ld: %s\n",
m->mf_name, (long) len,
sm_errstring(save_errno));
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): read returned %ld: %s",
m->mf_name, (long) len,
sm_errstring(save_errno));
milter_error(m, e);
return NULL;
}
started = true;
curl += len;
if (len == 0 || curl >= sz)
break;
}
if (curl != sz)
{
if (tTd(64, 5))
sm_dprintf("milter_sys_read(%s): cmd read returned %ld, expecting %ld\n",
m->mf_name, (long) curl, (long) sz);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"milter_sys_read(%s): cmd read returned %ld, expecting %ld",
m->mf_name, (long) curl, (long) sz);
milter_error(m, e);
return NULL;
}
return buf;
}
static char *
milter_read(m, cmd, rlen, to, e, where)
struct milter *m;
char *cmd;
ssize_t *rlen;
time_t to;
ENVELOPE *e;
const char *where;
{
time_t readstart = 0;
ssize_t expl;
mi_int32 i;
# if MILTER_NO_NAGLE && defined(TCP_CORK)
int cork = 0;
-# endif /* MILTER_NO_NAGLE && defined(TCP_CORK) */
+# endif
char *buf;
char data[MILTER_LEN_BYTES + 1];
if (m->mf_sock < 0)
{
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"milter_read(%s): socket closed, where=%s",
m->mf_name, where);
milter_error(m, e);
return NULL;
}
*rlen = 0;
*cmd = '\0';
if (to > 0)
readstart = curtime();
# if MILTER_NO_NAGLE && defined(TCP_CORK)
setsockopt(m->mf_sock, IPPROTO_TCP, TCP_CORK, (char *)&cork,
sizeof(cork));
-# endif /* MILTER_NO_NAGLE && defined(TCP_CORK) */
+# endif
if (milter_sysread(m, data, sizeof(data), to, e, where) == NULL)
return NULL;
# if MILTER_NO_NAGLE && defined(TCP_CORK)
cork = 1;
setsockopt(m->mf_sock, IPPROTO_TCP, TCP_CORK, (char *)&cork,
sizeof(cork));
-# endif /* MILTER_NO_NAGLE && defined(TCP_CORK) */
+# endif
/* reset timeout */
if (to > 0)
{
time_t now;
now = curtime();
if (now - readstart >= to)
{
if (tTd(64, 5))
sm_dprintf("milter_read(%s): timeout before data read, where=%s\n",
m->mf_name, where);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter read(%s): timeout before data read, where=%s",
m->mf_name, where);
milter_error(m, e);
return NULL;
}
to -= now - readstart;
}
*cmd = data[MILTER_LEN_BYTES];
data[MILTER_LEN_BYTES] = '\0';
(void) memcpy(&i, data, MILTER_LEN_BYTES);
expl = ntohl(i) - 1;
if (tTd(64, 25))
sm_dprintf("milter_read(%s): expecting %ld bytes\n",
m->mf_name, (long) expl);
if (expl < 0)
{
if (tTd(64, 5))
sm_dprintf("milter_read(%s): read size %ld out of range, where=%s\n",
m->mf_name, (long) expl, where);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"milter_read(%s): read size %ld out of range, where=%s",
m->mf_name, (long) expl, where);
milter_error(m, e);
return NULL;
}
if (expl == 0)
return NULL;
buf = (char *) xalloc(expl);
if (milter_sysread(m, buf, expl, to, e, where) == NULL)
{
sm_free(buf); /* XXX */
return NULL;
}
if (tTd(64, 50))
sm_dprintf("milter_read(%s): Returning %*s\n",
m->mf_name, (int) expl, buf);
*rlen = expl;
return buf;
}
/*
** MILTER_WRITE -- write to a remote milter filter
**
** Parameters:
** m -- milter to read from.
** cmd -- command to send.
** buf -- optional command data.
** len -- length of buf.
** to -- timeout in seconds.
** e -- current envelope.
**
** Returns:
** buf if successful, NULL otherwise
** Not actually used anywhere but function prototype
** must match milter_read()
*/
static char *
milter_write(m, cmd, buf, len, to, e, where)
struct milter *m;
int cmd;
char *buf;
ssize_t len;
time_t to;
ENVELOPE *e;
const char *where;
{
ssize_t sl, i;
int num_vectors;
mi_int32 nl;
char command = (char) cmd;
char data[MILTER_LEN_BYTES + 1];
bool started = false;
struct iovec vector[2];
/*
** At most two buffers will be written, though
** only one may actually be used (see num_vectors).
** The first is the size/command and the second is the command data.
*/
if (len < 0 || len > MilterMaxDataSize)
{
if (tTd(64, 5))
{
sm_dprintf("milter_write(%s): length %ld out of range, cmd=%c\n",
m->mf_name, (long) len, command);
sm_dprintf("milter_write(%s): buf=%s\n",
m->mf_name, str2prt(buf));
}
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"milter_write(%s): length %ld out of range, cmd=%c",
m->mf_name, (long) len, command);
milter_error(m, e);
return NULL;
}
if (m->mf_sock < 0)
{
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"milter_write(%s): socket closed",
m->mf_name);
milter_error(m, e);
return NULL;
}
if (tTd(64, 20))
sm_dprintf("milter_write(%s): cmd %c, len %ld\n",
m->mf_name, command, (long) len);
nl = htonl(len + 1); /* add 1 for the command char */
(void) memcpy(data, (char *) &nl, MILTER_LEN_BYTES);
data[MILTER_LEN_BYTES] = command;
sl = MILTER_LEN_BYTES + 1;
/* set up the vector for the size / command */
vector[0].iov_base = (void *) data;
vector[0].iov_len = sl;
/*
** Determine if there is command data. If so, there will be two
** vectors. If not, there will be only one. The vectors are set
** up here and 'num_vectors' and 'sl' are set appropriately.
*/
/* NOTE: len<0 has already been checked for. Pedantic */
if (len <= 0 || buf == NULL)
{
/* There is no command data -- only a size / command data */
num_vectors = 1;
}
else
{
/*
** There is both size / command and command data.
** Set up the vector for the command data.
*/
num_vectors = 2;
sl += len;
vector[1].iov_base = (void *) buf;
vector[1].iov_len = len;
if (tTd(64, 50))
sm_dprintf("milter_write(%s): Sending %*s\n",
m->mf_name, (int) len, buf);
}
if (to > 0)
MILTER_TIMEOUT("write", to, true, started, where);
/* write the vector(s) */
i = writev(m->mf_sock, vector, num_vectors);
if (i != sl)
{
int save_errno = errno;
if (tTd(64, 5))
sm_dprintf("milter_write(%s): write(%c) returned %ld, expected %ld: %s\n",
m->mf_name, command, (long) i, (long) sl,
sm_errstring(save_errno));
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): write(%c) returned %ld, expected %ld: %s",
m->mf_name, command, (long) i, (long) sl,
sm_errstring(save_errno));
milter_error(m, e);
return NULL;
}
return buf;
}
/*
** Utility functions
*/
/*
** MILTER_OPEN -- connect to remote milter filter
**
** Parameters:
** m -- milter to connect to.
** parseonly -- parse but don't connect.
** e -- current envelope.
**
** Returns:
** connected socket if successful && !parseonly,
** 0 upon parse success if parseonly,
** -1 otherwise.
*/
static jmp_buf MilterConnectTimeout;
static int
milter_open(m, parseonly, e)
struct milter *m;
bool parseonly;
ENVELOPE *e;
{
int sock = 0;
SOCKADDR_LEN_T addrlen = 0;
int addrno = 0;
int save_errno;
char *p;
char *colon;
char *at;
struct hostent *hp = NULL;
SOCKADDR addr;
if (m->mf_conn == NULL || m->mf_conn[0] == '\0')
{
if (tTd(64, 5))
sm_dprintf("X%s: empty or missing socket information\n",
m->mf_name);
if (parseonly)
syserr("X%s: empty or missing socket information",
m->mf_name);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): empty or missing socket information",
m->mf_name);
milter_error(m, e);
return -1;
}
/* protocol:filename or protocol:port@host */
memset(&addr, '\0', sizeof(addr));
p = m->mf_conn;
colon = strchr(p, ':');
if (colon != NULL)
{
*colon = '\0';
if (*p == '\0')
{
# if NETUNIX
/* default to AF_UNIX */
addr.sa.sa_family = AF_UNIX;
-# else /* NETUNIX */
+# else
# if NETINET
/* default to AF_INET */
addr.sa.sa_family = AF_INET;
# else /* NETINET */
# if NETINET6
/* default to AF_INET6 */
addr.sa.sa_family = AF_INET6;
# else /* NETINET6 */
/* no protocols available */
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): no valid socket protocols available",
m->mf_name);
milter_error(m, e);
return -1;
# endif /* NETINET6 */
# endif /* NETINET */
# endif /* NETUNIX */
}
# if NETUNIX
else if (sm_strcasecmp(p, "unix") == 0 ||
sm_strcasecmp(p, "local") == 0)
addr.sa.sa_family = AF_UNIX;
-# endif /* NETUNIX */
+# endif
# if NETINET
else if (sm_strcasecmp(p, "inet") == 0)
addr.sa.sa_family = AF_INET;
-# endif /* NETINET */
+# endif
# if NETINET6
else if (sm_strcasecmp(p, "inet6") == 0)
addr.sa.sa_family = AF_INET6;
-# endif /* NETINET6 */
+# endif
else
{
# ifdef EPROTONOSUPPORT
errno = EPROTONOSUPPORT;
-# else /* EPROTONOSUPPORT */
+# else
errno = EINVAL;
-# endif /* EPROTONOSUPPORT */
+# endif
if (tTd(64, 5))
sm_dprintf("X%s: unknown socket type %s\n",
m->mf_name, p);
if (parseonly)
syserr("X%s: unknown socket type %s",
m->mf_name, p);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): unknown socket type %s",
m->mf_name, p);
milter_error(m, e);
return -1;
}
*colon++ = ':';
}
else
{
/* default to AF_UNIX */
addr.sa.sa_family = AF_UNIX;
colon = p;
}
# if NETUNIX
if (addr.sa.sa_family == AF_UNIX)
{
long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_EXECOK;
at = colon;
if (strlen(colon) >= sizeof(addr.sunix.sun_path))
{
if (tTd(64, 5))
sm_dprintf("X%s: local socket name %s too long\n",
m->mf_name, colon);
errno = EINVAL;
if (parseonly)
syserr("X%s: local socket name %s too long",
m->mf_name, colon);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): local socket name %s too long",
m->mf_name, colon);
milter_error(m, e);
return -1;
}
errno = safefile(colon, RunAsUid, RunAsGid, RunAsUserName, sff,
S_IRUSR|S_IWUSR, NULL);
/* if just parsing .cf file, socket doesn't need to exist */
if (parseonly && errno == ENOENT)
{
if (OpMode == MD_DAEMON ||
OpMode == MD_FGDAEMON)
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"WARNING: X%s: local socket name %s missing\n",
m->mf_name, colon);
}
else if (errno != 0)
{
/* if not safe, don't create */
save_errno = errno;
if (tTd(64, 5))
sm_dprintf("X%s: local socket name %s unsafe\n",
m->mf_name, colon);
errno = save_errno;
if (parseonly)
{
if (OpMode == MD_DAEMON ||
OpMode == MD_FGDAEMON ||
OpMode == MD_SMTP)
syserr("X%s: local socket name %s unsafe",
m->mf_name, colon);
}
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): local socket name %s unsafe",
m->mf_name, colon);
milter_error(m, e);
return -1;
}
(void) sm_strlcpy(addr.sunix.sun_path, colon,
sizeof(addr.sunix.sun_path));
addrlen = sizeof(struct sockaddr_un);
}
else
# endif /* NETUNIX */
# if NETINET || NETINET6
if (false
# if NETINET
|| addr.sa.sa_family == AF_INET
-# endif /* NETINET */
+# endif
# if NETINET6
|| addr.sa.sa_family == AF_INET6
-# endif /* NETINET6 */
+# endif
)
{
unsigned short port;
/* Parse port@host */
at = strchr(colon, '@');
if (at == NULL)
{
if (tTd(64, 5))
sm_dprintf("X%s: bad address %s (expected port@host)\n",
m->mf_name, colon);
if (parseonly)
syserr("X%s: bad address %s (expected port@host)",
m->mf_name, colon);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): bad address %s (expected port@host)",
m->mf_name, colon);
milter_error(m, e);
return -1;
}
*at = '\0';
if (isascii(*colon) && isdigit(*colon))
port = htons((unsigned short) atoi(colon));
else
{
# ifdef NO_GETSERVBYNAME
if (tTd(64, 5))
sm_dprintf("X%s: invalid port number %s\n",
m->mf_name, colon);
if (parseonly)
syserr("X%s: invalid port number %s",
m->mf_name, colon);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): invalid port number %s",
m->mf_name, colon);
milter_error(m, e);
return -1;
# else /* NO_GETSERVBYNAME */
struct servent *sp;
sp = getservbyname(colon, "tcp");
if (sp == NULL)
{
save_errno = errno;
if (tTd(64, 5))
sm_dprintf("X%s: unknown port name %s\n",
m->mf_name, colon);
errno = save_errno;
if (parseonly)
syserr("X%s: unknown port name %s",
m->mf_name, colon);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): unknown port name %s",
m->mf_name, colon);
milter_error(m, e);
return -1;
}
port = sp->s_port;
# endif /* NO_GETSERVBYNAME */
}
*at++ = '@';
if (*at == '[')
{
char *end;
end = strchr(at, ']');
if (end != NULL)
{
bool found = false;
# if NETINET
unsigned long hid = INADDR_NONE;
-# endif /* NETINET */
+# endif
# if NETINET6
struct sockaddr_in6 hid6;
-# endif /* NETINET6 */
+# endif
*end = '\0';
# if NETINET
if (addr.sa.sa_family == AF_INET &&
(hid = inet_addr(&at[1])) != INADDR_NONE)
{
addr.sin.sin_addr.s_addr = hid;
addr.sin.sin_port = port;
found = true;
}
# endif /* NETINET */
# if NETINET6
(void) memset(&hid6, '\0', sizeof(hid6));
if (addr.sa.sa_family == AF_INET6 &&
anynet_pton(AF_INET6, &at[1],
&hid6.sin6_addr) == 1)
{
addr.sin6.sin6_addr = hid6.sin6_addr;
addr.sin6.sin6_port = port;
found = true;
}
# endif /* NETINET6 */
*end = ']';
if (!found)
{
if (tTd(64, 5))
sm_dprintf("X%s: Invalid numeric domain spec \"%s\"\n",
m->mf_name, at);
if (parseonly)
syserr("X%s: Invalid numeric domain spec \"%s\"",
m->mf_name, at);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): Invalid numeric domain spec \"%s\"",
m->mf_name, at);
milter_error(m, e);
return -1;
}
}
else
{
if (tTd(64, 5))
sm_dprintf("X%s: Invalid numeric domain spec \"%s\"\n",
m->mf_name, at);
if (parseonly)
syserr("X%s: Invalid numeric domain spec \"%s\"",
m->mf_name, at);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): Invalid numeric domain spec \"%s\"",
m->mf_name, at);
milter_error(m, e);
return -1;
}
}
else
{
hp = sm_gethostbyname(at, addr.sa.sa_family);
if (hp == NULL)
{
save_errno = errno;
if (tTd(64, 5))
sm_dprintf("X%s: Unknown host name %s\n",
m->mf_name, at);
errno = save_errno;
if (parseonly)
syserr("X%s: Unknown host name %s",
m->mf_name, at);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): Unknown host name %s",
m->mf_name, at);
milter_error(m, e);
return -1;
}
addr.sa.sa_family = hp->h_addrtype;
switch (hp->h_addrtype)
{
# if NETINET
case AF_INET:
memmove(&addr.sin.sin_addr,
hp->h_addr, INADDRSZ);
addr.sin.sin_port = port;
addrlen = sizeof(struct sockaddr_in);
addrno = 1;
break;
# endif /* NETINET */
# if NETINET6
case AF_INET6:
memmove(&addr.sin6.sin6_addr,
hp->h_addr, IN6ADDRSZ);
addr.sin6.sin6_port = port;
addrlen = sizeof(struct sockaddr_in6);
addrno = 1;
break;
# endif /* NETINET6 */
default:
if (tTd(64, 5))
sm_dprintf("X%s: Unknown protocol for %s (%d)\n",
m->mf_name, at,
hp->h_addrtype);
if (parseonly)
syserr("X%s: Unknown protocol for %s (%d)",
m->mf_name, at, hp->h_addrtype);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): Unknown protocol for %s (%d)",
m->mf_name, at,
hp->h_addrtype);
milter_error(m, e);
# if NETINET6
freehostent(hp);
-# endif /* NETINET6 */
+# endif
return -1;
}
}
}
else
# endif /* NETINET || NETINET6 */
{
if (tTd(64, 5))
sm_dprintf("X%s: unknown socket protocol\n",
m->mf_name);
if (parseonly)
syserr("X%s: unknown socket protocol", m->mf_name);
else if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): unknown socket protocol",
m->mf_name);
milter_error(m, e);
return -1;
}
/* just parsing through? */
if (parseonly)
{
m->mf_state = SMFS_READY;
# if NETINET6
if (hp != NULL)
freehostent(hp);
-# endif /* NETINET6 */
+# endif
return 0;
}
/* sanity check */
if (m->mf_state != SMFS_READY &&
m->mf_state != SMFS_CLOSED)
{
/* shouldn't happen */
if (tTd(64, 1))
sm_dprintf("Milter (%s): Trying to open filter in state %c\n",
m->mf_name, (char) m->mf_state);
milter_error(m, e);
# if NETINET6
if (hp != NULL)
freehostent(hp);
-# endif /* NETINET6 */
+# endif
return -1;
}
/* nope, actually connecting */
for (;;)
{
sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
if (sock < 0)
{
save_errno = errno;
if (tTd(64, 5))
sm_dprintf("Milter (%s): error creating socket: %s\n",
m->mf_name,
sm_errstring(save_errno));
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): error creating socket: %s",
m->mf_name, sm_errstring(save_errno));
milter_error(m, e);
# if NETINET6
if (hp != NULL)
freehostent(hp);
-# endif /* NETINET6 */
+# endif
return -1;
}
if (setjmp(MilterConnectTimeout) == 0)
{
SM_EVENT *ev = NULL;
int i;
if (m->mf_timeout[SMFTO_CONNECT] > 0)
ev = sm_setevent(m->mf_timeout[SMFTO_CONNECT],
milter_connect_timeout, 0);
i = connect(sock, (struct sockaddr *) &addr, addrlen);
save_errno = errno;
if (ev != NULL)
sm_clrevent(ev);
errno = save_errno;
if (i >= 0)
break;
}
/* couldn't connect.... try next address */
save_errno = errno;
p = CurHostName;
CurHostName = at;
if (tTd(64, 5))
sm_dprintf("milter_open (%s): open %s failed: %s\n",
m->mf_name, at, sm_errstring(save_errno));
if (MilterLogLevel > 13)
sm_syslog(LOG_INFO, e->e_id,
"Milter (%s): open %s failed: %s",
m->mf_name, at, sm_errstring(save_errno));
CurHostName = p;
(void) close(sock);
/* try next address */
if (hp != NULL && hp->h_addr_list[addrno] != NULL)
{
switch (addr.sa.sa_family)
{
# if NETINET
case AF_INET:
memmove(&addr.sin.sin_addr,
hp->h_addr_list[addrno++],
INADDRSZ);
break;
# endif /* NETINET */
# if NETINET6
case AF_INET6:
memmove(&addr.sin6.sin6_addr,
hp->h_addr_list[addrno++],
IN6ADDRSZ);
break;
# endif /* NETINET6 */
default:
if (tTd(64, 5))
sm_dprintf("X%s: Unknown protocol for %s (%d)\n",
m->mf_name, at,
hp->h_addrtype);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): Unknown protocol for %s (%d)",
m->mf_name, at,
hp->h_addrtype);
milter_error(m, e);
# if NETINET6
freehostent(hp);
-# endif /* NETINET6 */
+# endif
return -1;
}
continue;
}
p = CurHostName;
CurHostName = at;
if (tTd(64, 5))
sm_dprintf("X%s: error connecting to filter: %s\n",
m->mf_name, sm_errstring(save_errno));
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): error connecting to filter: %s",
m->mf_name, sm_errstring(save_errno));
CurHostName = p;
milter_error(m, e);
# if NETINET6
if (hp != NULL)
freehostent(hp);
-# endif /* NETINET6 */
+# endif
return -1;
}
m->mf_state = SMFS_OPEN;
# if NETINET6
if (hp != NULL)
{
freehostent(hp);
hp = NULL;
}
# endif /* NETINET6 */
# if MILTER_NO_NAGLE && !defined(TCP_CORK)
{
int nodelay = 1;
setsockopt(m->mf_sock, IPPROTO_TCP, TCP_NODELAY,
(char *)&nodelay, sizeof(nodelay));
}
# endif /* MILTER_NO_NAGLE && !defined(TCP_CORK) */
return sock;
}
static void
milter_connect_timeout(ignore)
int ignore;
{
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
errno = ETIMEDOUT;
longjmp(MilterConnectTimeout, 1);
}
/*
** MILTER_SETUP -- setup structure for a mail filter
**
** Parameters:
** line -- the options line.
**
** Returns:
** none
*/
void
milter_setup(line)
char *line;
{
char fcode;
char *p;
struct milter *m;
STAB *s;
static int idx = 0;
/* collect the filter name */
for (p = line;
- *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p));
+ *p != '\0' && *p != ',' && !(SM_ISSPACE(*p));
p++)
continue;
if (*p != '\0')
*p++ = '\0';
if (line[0] == '\0')
{
syserr("name required for mail filter");
return;
}
m = (struct milter *) xalloc(sizeof(*m));
memset((char *) m, '\0', sizeof(*m));
m->mf_name = newstr(line);
m->mf_state = SMFS_READY;
m->mf_sock = -1;
m->mf_timeout[SMFTO_CONNECT] = (time_t) 300;
m->mf_timeout[SMFTO_WRITE] = (time_t) 10;
m->mf_timeout[SMFTO_READ] = (time_t) 10;
m->mf_timeout[SMFTO_EOM] = (time_t) 300;
#if _FFR_MILTER_CHECK
m->mf_mta_prot_version = SMFI_PROT_VERSION;
m->mf_mta_prot_flags = SMFI_CURR_PROT;
m->mf_mta_actions = SMFI_CURR_ACTS;
#endif /* _FFR_MILTER_CHECK */
/* now scan through and assign info from the fields */
while (*p != '\0')
{
char *delimptr;
while (*p != '\0' &&
- (*p == ',' || (isascii(*p) && isspace(*p))))
+ (*p == ',' || (SM_ISSPACE(*p))))
p++;
/* p now points to field code */
fcode = *p;
while (*p != '\0' && *p != '=' && *p != ',')
p++;
if (*p++ != '=')
{
syserr("X%s: `=' expected", m->mf_name);
return;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
/* p now points to the field body */
p = munchstring(p, &delimptr, ',');
/* install the field into the filter struct */
switch (fcode)
{
case 'S': /* socket */
if (p == NULL)
m->mf_conn = NULL;
else
m->mf_conn = newstr(p);
break;
case 'F': /* Milter flags configured on MTA */
for (; *p != '\0'; p++)
{
- if (!(isascii(*p) && isspace(*p)))
+ if (!(SM_ISSPACE(*p)))
setbitn(bitidx(*p), m->mf_flags);
}
break;
case 'T': /* timeouts */
milter_parse_timeouts(p, m);
break;
#if _FFR_MILTER_CHECK
case 'a':
m->mf_mta_actions = strtoul(p, NULL, 0);
break;
case 'f':
m->mf_mta_prot_flags = strtoul(p, NULL, 0);
break;
case 'v':
m->mf_mta_prot_version = strtoul(p, NULL, 0);
break;
#endif /* _FFR_MILTER_CHECK */
default:
syserr("X%s: unknown filter equate %c=",
m->mf_name, fcode);
break;
}
p = delimptr;
}
/* early check for errors */
(void) milter_open(m, true, CurEnv);
/* enter the filter into the symbol table */
s = stab(m->mf_name, ST_MILTER, ST_ENTER);
if (s->s_milter != NULL)
syserr("X%s: duplicate filter definition", m->mf_name);
else
{
s->s_milter = m;
m->mf_idx = ++idx;
}
}
/*
** MILTER_CONFIG -- parse option list into an array and check config
**
** Called when reading configuration file.
**
** Parameters:
** spec -- the filter list.
** list -- the array to fill in.
** max -- the maximum number of entries in list.
**
** Returns:
** none
*/
void
milter_config(spec, list, max)
char *spec;
struct milter **list;
int max;
{
int numitems = 0;
char *p;
/* leave one for the NULL signifying the end of the list */
max--;
for (p = spec; p != NULL; )
{
STAB *s;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p == '\0')
break;
spec = p;
if (numitems >= max)
{
syserr("Too many filters defined, %d max", max);
if (max > 0)
list[0] = NULL;
return;
}
p = strpbrk(p, ";,");
if (p != NULL)
*p++ = '\0';
s = stab(spec, ST_MILTER, ST_FIND);
if (s == NULL)
{
syserr("InputFilter %s not defined", spec);
ExitStat = EX_CONFIG;
return;
}
list[numitems++] = s->s_milter;
}
list[numitems] = NULL;
/* if not set, set to LogLevel */
if (MilterLogLevel == -1)
MilterLogLevel = LogLevel;
}
/*
** MILTER_PARSE_TIMEOUTS -- parse timeout list
**
** Called when reading configuration file.
**
** Parameters:
** spec -- the timeout list.
** m -- milter to set.
**
** Returns:
** none
*/
static void
milter_parse_timeouts(spec, m)
char *spec;
struct milter *m;
{
char fcode;
int tcode;
char *p;
p = spec;
/* now scan through and assign info from the fields */
while (*p != '\0')
{
char *delimptr;
- while (*p != '\0' &&
- (*p == ';' || (isascii(*p) && isspace(*p))))
+ while (*p != '\0' && (*p == ';' || (SM_ISSPACE(*p))))
p++;
/* p now points to field code */
fcode = *p;
while (*p != '\0' && *p != ':')
p++;
if (*p++ != ':')
{
syserr("X%s, T=: `:' expected", m->mf_name);
return;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
/* p now points to the field body */
p = munchstring(p, &delimptr, ';');
tcode = -1;
/* install the field into the filter struct */
switch (fcode)
{
case 'C':
tcode = SMFTO_CONNECT;
break;
case 'S':
tcode = SMFTO_WRITE;
break;
case 'R':
tcode = SMFTO_READ;
break;
case 'E':
tcode = SMFTO_EOM;
break;
default:
if (tTd(64, 5))
sm_dprintf("X%s: %c unknown\n",
m->mf_name, fcode);
syserr("X%s: unknown filter timeout %c",
m->mf_name, fcode);
break;
}
if (tcode >= 0)
{
m->mf_timeout[tcode] = convtime(p, 's');
if (tTd(64, 5))
sm_dprintf("X%s: %c=%ld\n",
m->mf_name, fcode,
(u_long) m->mf_timeout[tcode]);
}
p = delimptr;
}
}
/*
** MILTER_SET_MACROS -- set milter macros
**
** Parameters:
** name -- name of milter.
** macros -- where to store macros.
** val -- the value of the option.
** nummac -- current number of macros
**
** Returns:
** new number of macros
*/
static int
milter_set_macros(name, macros, val, nummac)
char *name;
char **macros;
char *val;
int nummac;
{
char *p;
p = newstr(val);
while (*p != '\0')
{
char *macro;
/* Skip leading commas, spaces */
- while (*p != '\0' &&
- (*p == ',' || (isascii(*p) && isspace(*p))))
+ while (*p != '\0' && (*p == ',' || (SM_ISSPACE(*p))))
p++;
if (*p == '\0')
break;
/* Find end of macro */
macro = p;
while (*p != '\0' && *p != ',' &&
isascii(*p) && !isspace(*p))
p++;
if (*p != '\0')
*p++ = '\0';
if (nummac >= MAXFILTERMACROS)
{
syserr("milter_set_option: too many macros in Milter.%s (max %d)",
name, MAXFILTERMACROS);
macros[nummac] = NULL;
return -1;
}
macros[nummac++] = macro;
}
macros[nummac] = NULL;
return nummac;
}
/*
** MILTER_SET_OPTION -- set an individual milter option
**
** Parameters:
** name -- the name of the option.
** val -- the value of the option.
** sticky -- if set, don't let other setoptions override
** this value.
**
** Returns:
** none.
*/
/* set if Milter sub-option is stuck */
static BITMAP256 StickyMilterOpt;
static struct milteropt
{
char *mo_name; /* long name of milter option */
unsigned char mo_code; /* code for option */
} MilterOptTab[] =
{
{ "macros.connect", SMFIM_CONNECT },
{ "macros.helo", SMFIM_HELO },
{ "macros.envfrom", SMFIM_ENVFROM },
{ "macros.envrcpt", SMFIM_ENVRCPT },
{ "macros.data", SMFIM_DATA },
{ "macros.eom", SMFIM_EOM },
{ "macros.eoh", SMFIM_EOH },
# define MO_LOGLEVEL 0x07
{ "loglevel", MO_LOGLEVEL },
# if _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE
# define MO_MAXDATASIZE 0x08
{ "maxdatasize", MO_MAXDATASIZE },
-# endif /* _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE */
+# endif
{ NULL, (unsigned char)-1 },
};
void
milter_set_option(name, val, sticky)
char *name;
char *val;
bool sticky;
{
int nummac, r;
struct milteropt *mo;
char **macros = NULL;
nummac = 0;
if (tTd(37, 2) || tTd(64, 5))
sm_dprintf("milter_set_option(%s = %s)", name, val);
if (name == NULL)
{
syserr("milter_set_option: invalid Milter option, must specify suboption");
return;
}
for (mo = MilterOptTab; mo->mo_name != NULL; mo++)
{
if (sm_strcasecmp(mo->mo_name, name) == 0)
break;
}
if (mo->mo_name == NULL)
{
syserr("milter_set_option: invalid Milter option %s", name);
return;
}
/*
** See if this option is preset for us.
*/
if (!sticky && bitnset(mo->mo_code, StickyMilterOpt))
{
if (tTd(37, 2) || tTd(64,5))
sm_dprintf(" (ignored)\n");
return;
}
if (tTd(37, 2) || tTd(64,5))
sm_dprintf("\n");
switch (mo->mo_code)
{
case MO_LOGLEVEL:
MilterLogLevel = atoi(val);
break;
# if _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE
case MO_MAXDATASIZE:
# if _FFR_MDS_NEGOTIATE
MilterMaxDataSize = (size_t)atol(val);
if (MilterMaxDataSize != MILTER_MDS_64K &&
MilterMaxDataSize != MILTER_MDS_256K &&
MilterMaxDataSize != MILTER_MDS_1M)
{
sm_syslog(LOG_WARNING, NOQID,
"WARNING: Milter.%s=%lu, allowed are only %d, %d, and %d",
name, (unsigned long) MilterMaxDataSize,
MILTER_MDS_64K, MILTER_MDS_256K,
MILTER_MDS_1M);
if (MilterMaxDataSize < MILTER_MDS_64K)
MilterMaxDataSize = MILTER_MDS_64K;
else if (MilterMaxDataSize < MILTER_MDS_256K)
MilterMaxDataSize = MILTER_MDS_256K;
else
MilterMaxDataSize = MILTER_MDS_1M;
}
# endif /* _FFR_MDS_NEGOTIATE */
break;
# endif /* _FFR_MAXDATASIZE || _FFR_MDS_NEGOTIATE */
case SMFIM_CONNECT:
case SMFIM_HELO:
case SMFIM_ENVFROM:
case SMFIM_ENVRCPT:
case SMFIM_EOH:
case SMFIM_EOM:
case SMFIM_DATA:
macros = MilterMacros[mo->mo_code][0];
r = milter_set_macros(name, macros, val, nummac);
if (r >= 0)
nummac = r;
break;
default:
syserr("milter_set_option: invalid Milter option %s", name);
break;
}
if (sticky)
setbitn(mo->mo_code, StickyMilterOpt);
}
/*
** MILTER_REOPEN_DF -- open & truncate the data file (for replbody)
**
** Parameters:
** e -- current envelope.
**
** Returns:
-** 0 if succesful, -1 otherwise
+** 0 if successful, -1 otherwise
*/
static int
milter_reopen_df(e)
ENVELOPE *e;
{
char dfname[MAXPATHLEN];
(void) sm_strlcpy(dfname, queuename(e, DATAFL_LETTER), sizeof(dfname));
/*
** In SuperSafe == SAFE_REALLY mode, e->e_dfp is a read-only FP so
** close and reopen writable (later close and reopen
** read only again).
**
** In SuperSafe != SAFE_REALLY mode, e->e_dfp still points at the
** buffered file I/O descriptor, still open for writing so there
** isn't any work to do here (except checking for consistency).
*/
if (SuperSafe == SAFE_REALLY)
{
/* close read-only data file */
if (bitset(EF_HAS_DF, e->e_flags) && e->e_dfp != NULL)
{
(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
e->e_flags &= ~EF_HAS_DF;
}
/* open writable */
if ((e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
SM_IO_RDWR_B, NULL)) == NULL)
{
MILTER_DF_ERROR("milter_reopen_df: sm_io_open %s: %s");
return -1;
}
}
else if (e->e_dfp == NULL)
{
/* shouldn't happen */
errno = ENOENT;
MILTER_DF_ERROR("milter_reopen_df: NULL e_dfp (%s: %s)");
return -1;
}
return 0;
}
/*
** MILTER_RESET_DF -- re-open read-only the data file (for replbody)
**
** Parameters:
** e -- current envelope.
**
** Returns:
-** 0 if succesful, -1 otherwise
+** 0 if successful, -1 otherwise
*/
static int
milter_reset_df(e)
ENVELOPE *e;
{
int afd;
char dfname[MAXPATHLEN];
(void) sm_strlcpy(dfname, queuename(e, DATAFL_LETTER), sizeof(dfname));
if (sm_io_flush(e->e_dfp, SM_TIME_DEFAULT) != 0 ||
sm_io_error(e->e_dfp))
{
MILTER_DF_ERROR("milter_reset_df: error writing/flushing %s: %s");
return -1;
}
else if (SuperSafe != SAFE_REALLY)
{
/* skip next few clauses */
/* EMPTY */
}
else if ((afd = sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD, NULL)) >= 0
&& fsync(afd) < 0)
{
MILTER_DF_ERROR("milter_reset_df: error sync'ing %s: %s");
return -1;
}
else if (sm_io_close(e->e_dfp, SM_TIME_DEFAULT) < 0)
{
MILTER_DF_ERROR("milter_reset_df: error closing %s: %s");
return -1;
}
else if ((e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
SM_IO_RDONLY_B, NULL)) == NULL)
{
MILTER_DF_ERROR("milter_reset_df: error reopening %s: %s");
return -1;
}
else
e->e_flags |= EF_HAS_DF;
return 0;
}
/*
** MILTER_QUIT_FILTER -- close down a single filter
**
** Parameters:
** m -- milter structure of filter to close down.
** e -- current envelope.
**
** Returns:
** none
*/
static void
milter_quit_filter(m, e)
struct milter *m;
ENVELOPE *e;
{
if (tTd(64, 10))
sm_dprintf("milter_quit_filter(%s)\n", m->mf_name);
if (MilterLogLevel > 18)
sm_syslog(LOG_INFO, e->e_id, "Milter (%s): quit filter",
m->mf_name);
/* Never replace error state */
if (m->mf_state == SMFS_ERROR)
return;
if (m->mf_sock < 0 ||
m->mf_state == SMFS_CLOSED ||
m->mf_state == SMFS_READY)
{
m->mf_sock = -1;
m->mf_state = SMFS_CLOSED;
return;
}
(void) milter_write(m, SMFIC_QUIT, (char *) NULL, 0,
m->mf_timeout[SMFTO_WRITE], e, "quit_filter");
if (m->mf_sock >= 0)
{
(void) close(m->mf_sock);
m->mf_sock = -1;
}
if (m->mf_state != SMFS_ERROR)
m->mf_state = SMFS_CLOSED;
}
/*
** MILTER_ABORT_FILTER -- tell filter to abort current message
**
** Parameters:
** m -- milter structure of filter to abort.
** e -- current envelope.
**
** Returns:
** none
*/
static void
milter_abort_filter(m, e)
struct milter *m;
ENVELOPE *e;
{
if (tTd(64, 10))
sm_dprintf("milter_abort_filter(%s)\n", m->mf_name);
if (MilterLogLevel > 10)
sm_syslog(LOG_INFO, e->e_id, "Milter (%s): abort filter",
m->mf_name);
if (m->mf_sock < 0 ||
m->mf_state != SMFS_INMSG)
return;
(void) milter_write(m, SMFIC_ABORT, (char *) NULL, 0,
m->mf_timeout[SMFTO_WRITE], e, "abort_filter");
if (m->mf_state != SMFS_ERROR)
m->mf_state = SMFS_DONE;
}
/*
** MILTER_SEND_MACROS -- provide macros to the filters
**
** Parameters:
** m -- milter to send macros to.
** macros -- macros to send for filter smfi_getsymval().
** cmd -- which command the macros are associated with.
** e -- current envelope (for macro access).
**
** Returns:
** none
*/
static void
milter_send_macros(m, macros, cmd, e)
struct milter *m;
char **macros;
int cmd;
ENVELOPE *e;
{
int i;
int mid;
char command = (char) cmd;
char *v;
char *buf, *bp;
char exp[MAXLINE];
ssize_t s;
/* sanity check */
if (macros == NULL || macros[0] == NULL)
return;
/* put together data */
s = 1; /* for the command character */
for (i = 0; macros[i] != NULL; i++)
{
mid = macid(macros[i]);
if (mid == 0)
continue;
v = macvalue(mid, e);
if (v == NULL)
continue;
expand(v, exp, sizeof(exp), e);
s += strlen(macros[i]) + 1 + strlen(exp) + 1;
}
if (s < 0)
return;
buf = (char *) xalloc(s);
bp = buf;
*bp++ = command;
for (i = 0; macros[i] != NULL; i++)
{
mid = macid(macros[i]);
if (mid == 0)
continue;
v = macvalue(mid, e);
if (v == NULL)
continue;
expand(v, exp, sizeof(exp), e);
if (tTd(64, 10))
sm_dprintf("milter_send_macros(%s, %c): %s=%s\n",
m->mf_name, command, macros[i], exp);
(void) sm_strlcpy(bp, macros[i], s - (bp - buf));
bp += strlen(bp) + 1;
(void) sm_strlcpy(bp, exp, s - (bp - buf));
bp += strlen(bp) + 1;
}
(void) milter_write(m, SMFIC_MACRO, buf, s,
m->mf_timeout[SMFTO_WRITE], e, "send_macros");
sm_free(buf);
}
/*
** MILTER_SEND_COMMAND -- send a command and return the response for a filter
**
** Parameters:
** m -- current milter filter
** cmd -- command to send.
** data -- optional command data.
** sz -- length of buf.
** e -- current envelope (for e->e_id).
** state -- return state word.
**
** Returns:
** response string (may be NULL)
*/
static char *
milter_send_command(m, cmd, data, sz, e, state, where)
struct milter *m;
int cmd;
void *data;
ssize_t sz;
ENVELOPE *e;
char *state;
const char *where;
{
char rcmd;
ssize_t rlen;
unsigned long skipflag;
unsigned long norespflag = 0;
char command = (char) cmd;
char *action;
char *defresponse;
char *response;
if (tTd(64, 10))
sm_dprintf("milter_send_command(%s): cmd %c len %ld\n",
m->mf_name, (char) command, (long) sz);
/* find skip flag and default failure */
switch (command)
{
case SMFIC_CONNECT:
skipflag = SMFIP_NOCONNECT;
norespflag = SMFIP_NR_CONN;
action = "connect";
defresponse = "554 Command rejected";
break;
case SMFIC_HELO:
skipflag = SMFIP_NOHELO;
norespflag = SMFIP_NR_HELO;
action = "helo";
defresponse = "550 Command rejected";
break;
case SMFIC_MAIL:
skipflag = SMFIP_NOMAIL;
norespflag = SMFIP_NR_MAIL;
action = "mail";
defresponse = "550 5.7.1 Command rejected";
break;
case SMFIC_RCPT:
skipflag = SMFIP_NORCPT;
norespflag = SMFIP_NR_RCPT;
action = "rcpt";
defresponse = "550 5.7.1 Command rejected";
break;
case SMFIC_HEADER:
skipflag = SMFIP_NOHDRS;
norespflag = SMFIP_NR_HDR;
action = "header";
defresponse = "550 5.7.1 Command rejected";
break;
case SMFIC_BODY:
skipflag = SMFIP_NOBODY;
norespflag = SMFIP_NR_BODY;
action = "body";
defresponse = "554 5.7.1 Command rejected";
break;
case SMFIC_EOH:
skipflag = SMFIP_NOEOH;
norespflag = SMFIP_NR_EOH;
action = "eoh";
defresponse = "550 5.7.1 Command rejected";
break;
case SMFIC_UNKNOWN:
skipflag = SMFIP_NOUNKNOWN;
norespflag = SMFIP_NR_UNKN;
action = "unknown";
defresponse = "550 5.7.1 Command rejected";
break;
case SMFIC_DATA:
skipflag = SMFIP_NODATA;
norespflag = SMFIP_NR_DATA;
action = "data";
defresponse = "550 5.7.1 Command rejected";
break;
case SMFIC_BODYEOB:
case SMFIC_OPTNEG:
case SMFIC_MACRO:
case SMFIC_ABORT:
case SMFIC_QUIT:
/* NOTE: not handled by milter_send_command() */
/* FALLTHROUGH */
default:
skipflag = 0;
action = "default";
defresponse = "550 5.7.1 Command rejected";
break;
}
if (tTd(64, 10))
sm_dprintf("milter_send_command(%s): skip=%lx, pflags=%x\n",
m->mf_name, skipflag, m->mf_pflags);
/* check if filter wants this command */
if (skipflag != 0 && bitset(skipflag, m->mf_pflags))
return NULL;
/* send the command to the filter */
(void) milter_write(m, command, data, sz,
m->mf_timeout[SMFTO_WRITE], e, where);
if (m->mf_state == SMFS_ERROR)
{
MILTER_CHECK_ERROR(false, return NULL);
return NULL;
}
/* check if filter sends response to this command */
if (norespflag != 0 && bitset(norespflag, m->mf_pflags))
return NULL;
/* get the response from the filter */
response = milter_read(m, &rcmd, &rlen,
m->mf_timeout[SMFTO_READ], e, where);
if (m->mf_state == SMFS_ERROR)
{
MILTER_CHECK_ERROR(false, return NULL);
return NULL;
}
if (tTd(64, 10))
sm_dprintf("milter_send_command(%s): returned %c\n",
m->mf_name, (char) rcmd);
switch (rcmd)
{
case SMFIR_REPLYCODE:
MILTER_CHECK_REPLYCODE(defresponse);
if (MilterLogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"milter=%s, action=%s, reject=%s",
m->mf_name, action, response);
*state = rcmd;
break;
case SMFIR_REJECT:
if (MilterLogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"milter=%s, action=%s, reject",
m->mf_name, action);
*state = rcmd;
break;
case SMFIR_DISCARD:
if (MilterLogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"milter=%s, action=%s, discard",
m->mf_name, action);
*state = rcmd;
break;
case SMFIR_TEMPFAIL:
if (MilterLogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"milter=%s, action=%s, tempfail",
m->mf_name, action);
*state = rcmd;
break;
case SMFIR_ACCEPT:
/* this filter is done with message/connection */
if (command == SMFIC_HELO ||
command == SMFIC_CONNECT)
m->mf_state = SMFS_CLOSABLE;
else
m->mf_state = SMFS_DONE;
if (MilterLogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"milter=%s, action=%s, accepted",
m->mf_name, action);
break;
case SMFIR_CONTINUE:
/* if MAIL command is ok, filter is in message state */
if (command == SMFIC_MAIL)
m->mf_state = SMFS_INMSG;
if (MilterLogLevel > 12)
sm_syslog(LOG_INFO, e->e_id,
"milter=%s, action=%s, continue",
m->mf_name, action);
break;
case SMFIR_SKIP:
if (MilterLogLevel > 12)
sm_syslog(LOG_INFO, e->e_id,
"milter=%s, action=%s, skip",
m->mf_name, action);
m->mf_state = SMFS_SKIP;
break;
default:
/* Invalid response to command */
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"milter_send_command(%s): action=%s returned bogus response %c",
m->mf_name, action, rcmd);
milter_error(m, e); /* NO ERROR CHECK? */
break;
}
if (*state != SMFIR_REPLYCODE && response != NULL)
{
sm_free(response); /* XXX */
response = NULL;
}
return response;
}
/*
** MILTER_COMMAND -- send a command and return the response for each filter
**
** Parameters:
** cmd -- command to send.
** data -- optional command data.
** sz -- length of buf.
** stage -- index of macros to send for filter smfi_getsymval().
** e -- current envelope (for macro access).
** state -- return state word.
** where -- description of calling function (logging).
** cmd_error -- did the SMTP command cause an error?
**
** Returns:
** response string (may be NULL)
*/
static char *
milter_command(cmd, data, sz, stage, e, state, where, cmd_error)
int cmd;
void *data;
ssize_t sz;
int stage;
ENVELOPE *e;
char *state;
const char *where;
bool cmd_error;
{
int i;
char command = (char) cmd;
char *response = NULL;
time_t tn = 0;
if (tTd(64, 10))
sm_dprintf("milter_command: cmd %c len %ld\n",
command, (long) sz);
*state = SMFIR_CONTINUE;
for (i = 0; InputFilters[i] != NULL; i++)
{
struct milter *m = InputFilters[i];
/* previous problem? */
if (m->mf_state == SMFS_ERROR)
{
MILTER_CHECK_ERROR(false, continue);
break;
}
/* sanity check */
if (m->mf_sock < 0 ||
(m->mf_state != SMFS_OPEN && m->mf_state != SMFS_INMSG))
continue;
if (stage >= SMFIM_FIRST && stage <= SMFIM_LAST)
{
int idx;
char **macros;
if ((m->mf_lflags & MI_LFLAGS_SYM(stage)) != 0)
idx = m->mf_idx;
else
idx = 0;
SM_ASSERT(idx >= 0 && idx <= MAXFILTERS);
macros = MilterMacros[stage][idx];
/* send macros (regardless of whether we send cmd) */
if (macros != NULL && macros[0] != NULL)
{
milter_send_macros(m, macros, command, e);
if (m->mf_state == SMFS_ERROR)
{
MILTER_CHECK_ERROR(false, continue);
break;
}
}
}
if (MilterLogLevel > 21)
tn = curtime();
/*
** send the command if
** there is no error
** or it's RCPT and the client asked for it:
** !cmd_error ||
** where == "rcpt" && m->mf_pflags & SMFIP_RCPT_REJ != 0
** negate that condition and use continue
*/
if (cmd_error &&
(strcmp(where, "rcpt") != 0 ||
(m->mf_pflags & SMFIP_RCPT_REJ) == 0))
continue;
response = milter_send_command(m, command, data, sz, e, state,
where);
if (MilterLogLevel > 21)
{
/* log the time it took for the command per filter */
sm_syslog(LOG_INFO, e->e_id,
"Milter (%s): time command (%c), %d",
m->mf_name, command, (int) (tn - curtime()));
}
if (*state != SMFIR_CONTINUE)
break;
}
return response;
}
static int milter_getsymlist __P((struct milter *, char *, int, int));
static int
milter_getsymlist(m, buf, rlen, offset)
struct milter *m;
char *buf;
int rlen;
int offset;
{
int i, r, nummac;
mi_int32 v;
SM_ASSERT(m != NULL);
SM_ASSERT(buf != NULL);
while (offset + MILTER_LEN_BYTES < rlen)
{
size_t len;
char **macros;
nummac = 0;
(void) memcpy((char *) &v, buf + offset, MILTER_LEN_BYTES);
i = ntohl(v);
if (i < SMFIM_FIRST || i > SMFIM_LAST)
return -1;
offset += MILTER_LEN_BYTES;
macros = NULL;
#define SM_M_MACRO_NAME(i) (((i) < SM_ARRAY_SIZE(MilterOptTab) && (i) >= 0) \
? MilterOptTab[i].mo_name : "?")
switch (i)
{
case SMFIM_CONNECT:
case SMFIM_HELO:
case SMFIM_ENVFROM:
case SMFIM_ENVRCPT:
case SMFIM_EOH:
case SMFIM_EOM:
case SMFIM_DATA:
SM_ASSERT(m->mf_idx > 0 && m->mf_idx < MAXFILTERS);
macros = MilterMacros[i][m->mf_idx];
m->mf_lflags |= MI_LFLAGS_SYM(i);
len = strlen(buf + offset);
- if (len >= 0)
- {
- r = milter_set_macros(m->mf_name, macros,
- buf + offset, nummac);
- if (r >= 0)
- nummac = r;
- if (tTd(64, 5))
- sm_dprintf("milter_getsymlist(%s, %s, \"%s\")=%d\n",
- m->mf_name,
- SM_M_MACRO_NAME(i),
- buf + offset, r);
- }
+ r = milter_set_macros(m->mf_name, macros, buf + offset,
+ nummac);
+ if (r >= 0)
+ nummac = r;
+ if (tTd(64, 5))
+ sm_dprintf("milter_getsymlist(%s, %s, \"%s\")=%d\n",
+ m->mf_name, SM_M_MACRO_NAME(i),
+ buf + offset, r);
break;
default:
return -1;
}
offset += len + 1;
}
return 0;
}
/*
** MILTER_NEGOTIATE -- get version and flags from filter
**
** Parameters:
** m -- milter filter structure.
** e -- current envelope.
** milters -- milters structure.
**
** Returns:
** 0 on success, -1 otherwise
*/
static int
milter_negotiate(m, e, milters)
struct milter *m;
ENVELOPE *e;
milters_T *milters;
{
char rcmd;
mi_int32 fvers, fflags, pflags;
mi_int32 mta_prot_vers, mta_prot_flags, mta_actions;
ssize_t rlen;
char *response;
char data[MILTER_OPTLEN];
/* sanity check */
if (m->mf_sock < 0 || m->mf_state != SMFS_OPEN)
{
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): negotiate, impossible state",
m->mf_name);
milter_error(m, e);
return -1;
}
#if _FFR_MILTER_CHECK
mta_prot_vers = m->mf_mta_prot_version;
mta_prot_flags = m->mf_mta_prot_flags;
mta_actions = m->mf_mta_actions;
#else /* _FFR_MILTER_CHECK */
mta_prot_vers = SMFI_PROT_VERSION;
mta_prot_flags = SMFI_CURR_PROT;
mta_actions = SMFI_CURR_ACTS;
#endif /* _FFR_MILTER_CHECK */
#if _FFR_MDS_NEGOTIATE
if (MilterMaxDataSize == MILTER_MDS_256K)
mta_prot_flags |= SMFIP_MDS_256K;
else if (MilterMaxDataSize == MILTER_MDS_1M)
mta_prot_flags |= SMFIP_MDS_1M;
#endif /* _FFR_MDS_NEGOTIATE */
fvers = htonl(mta_prot_vers);
pflags = htonl(mta_prot_flags);
fflags = htonl(mta_actions);
(void) memcpy(data, (char *) &fvers, MILTER_LEN_BYTES);
(void) memcpy(data + MILTER_LEN_BYTES,
(char *) &fflags, MILTER_LEN_BYTES);
(void) memcpy(data + (MILTER_LEN_BYTES * 2),
(char *) &pflags, MILTER_LEN_BYTES);
(void) milter_write(m, SMFIC_OPTNEG, data, sizeof(data),
m->mf_timeout[SMFTO_WRITE], e, "negotiate");
if (m->mf_state == SMFS_ERROR)
return -1;
if (tTd(64, 5))
sm_dprintf("milter_negotiate(%s): send: version %lu, fflags 0x%lx, pflags 0x%lx\n",
m->mf_name, (unsigned long) ntohl(fvers),
(unsigned long) ntohl(fflags),
(unsigned long) ntohl(pflags));
response = milter_read(m, &rcmd, &rlen, m->mf_timeout[SMFTO_READ], e,
"negotiate");
if (m->mf_state == SMFS_ERROR)
return -1;
if (rcmd != SMFIC_OPTNEG)
{
if (tTd(64, 5))
sm_dprintf("milter_negotiate(%s): returned %c instead of %c\n",
m->mf_name, rcmd, SMFIC_OPTNEG);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): negotiate: returned %c instead of %c",
m->mf_name, rcmd, SMFIC_OPTNEG);
- if (response != NULL)
- sm_free(response); /* XXX */
+ SM_FREE(response);
milter_error(m, e);
return -1;
}
/* Make sure we have enough bytes for the version */
if (response == NULL || rlen < MILTER_LEN_BYTES)
{
if (tTd(64, 5))
sm_dprintf("milter_negotiate(%s): did not return valid info\n",
m->mf_name);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): negotiate: did not return valid info",
m->mf_name);
- if (response != NULL)
- sm_free(response); /* XXX */
+ SM_FREE(response);
milter_error(m, e);
return -1;
}
/* extract information */
(void) memcpy((char *) &fvers, response, MILTER_LEN_BYTES);
/* Now make sure we have enough for the feature bitmap */
if (rlen < MILTER_OPTLEN)
{
if (tTd(64, 5))
sm_dprintf("milter_negotiate(%s): did not return enough info\n",
m->mf_name);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): negotiate: did not return enough info",
m->mf_name);
- if (response != NULL)
- sm_free(response); /* XXX */
+ SM_FREE(response);
milter_error(m, e);
return -1;
}
(void) memcpy((char *) &fflags, response + MILTER_LEN_BYTES,
MILTER_LEN_BYTES);
(void) memcpy((char *) &pflags, response + (MILTER_LEN_BYTES * 2),
MILTER_LEN_BYTES);
m->mf_fvers = ntohl(fvers);
m->mf_fflags = ntohl(fflags);
m->mf_pflags = ntohl(pflags);
/* check for version compatibility */
if (m->mf_fvers == 1 ||
m->mf_fvers > SMFI_VERSION)
{
if (tTd(64, 5))
sm_dprintf("milter_negotiate(%s): version %d != MTA milter version %d\n",
m->mf_name, m->mf_fvers, SMFI_VERSION);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): negotiate: version %d != MTA milter version %d",
m->mf_name, m->mf_fvers, SMFI_VERSION);
milter_error(m, e);
goto error;
}
/* check for filter feature mismatch */
if ((m->mf_fflags & mta_actions) != m->mf_fflags)
{
if (tTd(64, 5))
sm_dprintf("milter_negotiate(%s): filter abilities 0x%x != MTA milter abilities 0x%lx\n",
m->mf_name, m->mf_fflags,
(unsigned long) mta_actions);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): negotiate: filter abilities 0x%x != MTA milter abilities 0x%lx",
m->mf_name, m->mf_fflags,
(unsigned long) mta_actions);
milter_error(m, e);
goto error;
}
#if _FFR_MDS_NEGOTIATE
+#define MDSWARNING(sz) \
+ do \
+ { \
+ sm_syslog(LOG_WARNING, NOQID, \
+ "WARNING: Milter.maxdatasize: configured=%lu, set by milter(%s)=%d", \
+ (unsigned long) MilterMaxDataSize, m->mf_name, sz); \
+ MilterMaxDataSize = sz; \
+ } while (0)
+
/* use a table instead of sequence? */
if (bitset(SMFIP_MDS_1M, m->mf_pflags))
{
if (MilterMaxDataSize != MILTER_MDS_1M)
- {
- /* this should not happen... */
- sm_syslog(LOG_WARNING, NOQID,
- "WARNING: Milter.maxdatasize: configured=%lu, set by libmilter=%d",
- (unsigned long) MilterMaxDataSize,
- MILTER_MDS_1M);
- MilterMaxDataSize = MILTER_MDS_1M;
- }
+ MDSWARNING(MILTER_MDS_1M);
}
else if (bitset(SMFIP_MDS_256K, m->mf_pflags))
{
if (MilterMaxDataSize != MILTER_MDS_256K)
- {
- sm_syslog(LOG_WARNING, NOQID,
- "WARNING: Milter.maxdatasize: configured=%lu, set by libmilter=%d",
- (unsigned long) MilterMaxDataSize,
- MILTER_MDS_256K);
- MilterMaxDataSize = MILTER_MDS_256K;
- }
+ MDSWARNING(MILTER_MDS_256K);
}
+
+ /*
+ ** Note: it is not possible to distinguish between
+ ** - milter requested 64K
+ ** - milter did not request anything
+ ** as there is no SMFIP_MDS_64K flag.
+ */
+
else if (MilterMaxDataSize != MILTER_MDS_64K)
- {
- sm_syslog(LOG_WARNING, NOQID,
- "WARNING: Milter.maxdatasize: configured=%lu, set by libmilter=%d",
- (unsigned long) MilterMaxDataSize,
- MILTER_MDS_64K);
- MilterMaxDataSize = MILTER_MDS_64K;
- }
+ MDSWARNING(MILTER_MDS_64K);
m->mf_pflags &= ~SMFI_INTERNAL;
#endif /* _FFR_MDS_NEGOTIATE */
/* check for protocol feature mismatch */
if ((m->mf_pflags & mta_prot_flags) != m->mf_pflags)
{
if (tTd(64, 5))
sm_dprintf("milter_negotiate(%s): protocol abilities 0x%x != MTA milter abilities 0x%lx\n",
m->mf_name, m->mf_pflags,
(unsigned long) mta_prot_flags);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): negotiate: protocol abilities 0x%x != MTA milter abilities 0x%lx",
m->mf_name, m->mf_pflags,
(unsigned long) mta_prot_flags);
milter_error(m, e);
goto error;
}
if (m->mf_fvers <= 2)
m->mf_pflags |= SMFIP_NOUNKNOWN;
if (m->mf_fvers <= 3)
m->mf_pflags |= SMFIP_NODATA;
if (rlen > MILTER_OPTLEN)
{
milter_getsymlist(m, response, rlen, MILTER_OPTLEN);
}
if (bitset(SMFIF_DELRCPT, m->mf_fflags))
milters->mis_flags |= MIS_FL_DEL_RCPT;
if (!bitset(SMFIP_NORCPT, m->mf_pflags) &&
!bitset(SMFIP_NR_RCPT, m->mf_pflags))
milters->mis_flags |= MIS_FL_REJ_RCPT;
if (tTd(64, 5))
sm_dprintf("milter_negotiate(%s): received: version %u, fflags 0x%x, pflags 0x%x\n",
m->mf_name, m->mf_fvers, m->mf_fflags, m->mf_pflags);
+ SM_FREE(response);
return 0;
error:
- if (response != NULL)
- sm_free(response); /* XXX */
+ SM_FREE(response);
return -1;
}
/*
** MILTER_PER_CONNECTION_CHECK -- checks on per-connection commands
**
** Reduce code duplication by putting these checks in one place
**
** Parameters:
** e -- current envelope.
**
** Returns:
** none
*/
static void
milter_per_connection_check(e)
ENVELOPE *e;
{
int i;
/* see if we are done with any of the filters */
for (i = 0; InputFilters[i] != NULL; i++)
{
struct milter *m = InputFilters[i];
if (m->mf_state == SMFS_CLOSABLE)
milter_quit_filter(m, e);
}
}
/*
** MILTER_ERROR -- Put a milter filter into error state
**
** Parameters:
** m -- the broken filter.
** e -- current envelope.
**
** Returns:
** none
*/
static void
milter_error(m, e)
struct milter *m;
ENVELOPE *e;
{
/*
** We could send a quit here but we may have gotten here due to
** an I/O error so we don't want to try to make things worse.
*/
if (m->mf_sock >= 0)
{
(void) close(m->mf_sock);
m->mf_sock = -1;
}
m->mf_state = SMFS_ERROR;
if (MilterLogLevel > 0)
sm_syslog(LOG_INFO, e->e_id, "Milter (%s): to error state",
m->mf_name);
}
/*
** MILTER_HEADERS -- send headers to a single milter filter
**
** Parameters:
** m -- current filter.
** e -- current envelope.
** state -- return state from response.
**
** Returns:
** response string (may be NULL)
*/
static char *
milter_headers(m, e, state)
struct milter *m;
ENVELOPE *e;
char *state;
{
char *response = NULL;
HDR *h;
if (MilterLogLevel > 17)
sm_syslog(LOG_INFO, e->e_id, "Milter (%s): headers, send",
m->mf_name);
for (h = e->e_header; h != NULL; h = h->h_link)
{
int len_n, len_v, len_t, len_f;
char *buf, *hv;
/* don't send over deleted headers */
if (h->h_value == NULL)
{
/* strip H_USER so not counted in milter_changeheader() */
h->h_flags &= ~H_USER;
continue;
}
/* skip auto-generated */
if (!bitset(H_USER, h->h_flags))
continue;
if (tTd(64, 10))
sm_dprintf("milter_headers: %s:%s\n",
h->h_field, h->h_value);
if (MilterLogLevel > 21)
sm_syslog(LOG_INFO, e->e_id, "Milter (%s): header, %s",
m->mf_name, h->h_field);
if (bitset(SMFIP_HDR_LEADSPC, m->mf_pflags)
|| *(h->h_value) != ' ')
hv = h->h_value;
else
hv = h->h_value + 1;
len_f = strlen(h->h_field) + 1;
len_t = len_f + strlen(hv) + 1;
if (len_t < 0)
continue;
buf = (char *) xalloc(len_t);
/*
** Note: currently the call to dequote_internal_chars()
** is not required as h_field is supposed to be 7-bit US-ASCII.
*/
len_n = dequote_internal_chars(h->h_field, buf, len_f);
SM_ASSERT(len_n < len_f);
len_v = dequote_internal_chars(hv, buf + len_n + 1,
len_t - len_n - 1);
SM_ASSERT(len_t >= len_n + 1 + len_v + 1);
len_t = len_n + 1 + len_v + 1;
/* send it over */
response = milter_send_command(m, SMFIC_HEADER, buf,
len_t, e, state, "header");
sm_free(buf);
if (m->mf_state == SMFS_ERROR ||
m->mf_state == SMFS_DONE ||
*state != SMFIR_CONTINUE)
break;
}
if (MilterLogLevel > 17)
sm_syslog(LOG_INFO, e->e_id, "Milter (%s): headers, sent",
m->mf_name);
return response;
}
/*
** MILTER_BODY -- send the body to a filter
**
** Parameters:
** m -- current filter.
** e -- current envelope.
** state -- return state from response.
**
** Returns:
** response string (may be NULL)
*/
static char *
milter_body(m, e, state)
struct milter *m;
ENVELOPE *e;
char *state;
{
char bufchar = '\0';
char prevchar = '\0';
int c;
char *response = NULL;
char *bp;
char buf[MILTER_CHUNK_SIZE];
if (tTd(64, 10))
sm_dprintf("milter_body\n");
if (bfrewind(e->e_dfp) < 0)
{
ExitStat = EX_IOERR;
*state = SMFIR_TEMPFAIL;
syserr("milter_body: %s/%cf%s: rewind error",
qid_printqueue(e->e_qgrp, e->e_qdir),
DATAFL_LETTER, e->e_id);
return NULL;
}
if (MilterLogLevel > 17)
sm_syslog(LOG_INFO, e->e_id, "Milter (%s): body, send",
m->mf_name);
bp = buf;
while ((c = sm_io_getc(e->e_dfp, SM_TIME_DEFAULT)) != SM_IO_EOF)
{
/* Change LF to CRLF */
if (c == '\n')
{
#if !_FFR_MILTER_CONVERT_ALL_LF_TO_CRLF
/* Not a CRLF already? */
if (prevchar != '\r')
-#endif /* !_FFR_MILTER_CONVERT_ALL_LF_TO_CRLF */
+#endif
{
/* Room for CR now? */
if (bp + 2 > &buf[sizeof(buf)])
{
/* No room, buffer LF */
bufchar = c;
/* and send CR now */
c = '\r';
}
else
{
/* Room to do it now */
*bp++ = '\r';
prevchar = '\r';
}
}
}
*bp++ = (char) c;
prevchar = c;
if (bp >= &buf[sizeof(buf)])
{
/* send chunk */
response = milter_send_command(m, SMFIC_BODY, buf,
bp - buf, e, state,
"body chunk");
bp = buf;
if (bufchar != '\0')
{
*bp++ = bufchar;
bufchar = '\0';
prevchar = bufchar;
}
}
if (m->mf_state == SMFS_ERROR ||
m->mf_state == SMFS_DONE ||
m->mf_state == SMFS_SKIP ||
*state != SMFIR_CONTINUE)
break;
}
/* check for read errors */
if (sm_io_error(e->e_dfp))
{
ExitStat = EX_IOERR;
if (*state == SMFIR_CONTINUE ||
*state == SMFIR_ACCEPT ||
m->mf_state == SMFS_SKIP)
{
*state = SMFIR_TEMPFAIL;
if (response != NULL)
{
sm_free(response); /* XXX */
response = NULL;
}
}
syserr("milter_body: %s/%cf%s: read error",
qid_printqueue(e->e_qgrp, e->e_qdir),
DATAFL_LETTER, e->e_id);
return response;
}
/* send last body chunk */
if (bp > buf &&
m->mf_state != SMFS_ERROR &&
m->mf_state != SMFS_DONE &&
m->mf_state != SMFS_SKIP &&
*state == SMFIR_CONTINUE)
{
/* send chunk */
response = milter_send_command(m, SMFIC_BODY, buf, bp - buf,
e, state, "last body chunk");
bp = buf;
}
if (MilterLogLevel > 17)
sm_syslog(LOG_INFO, e->e_id, "Milter (%s): body, sent",
m->mf_name);
if (m->mf_state == SMFS_SKIP)
{
*state = SMFIR_CONTINUE;
m->mf_state = SMFS_READY;
}
return response;
}
/*
** Actions
*/
/*
** ADDLEADINGSPACE -- Add a leading space to a string
**
** Parameters:
** str -- string
** rp -- resource pool for allocations
**
** Returns:
** pointer to new string
*/
static char *addleadingspace __P((char *, SM_RPOOL_T *));
static char *
addleadingspace(str, rp)
char *str;
SM_RPOOL_T *rp;
{
size_t l;
char *new;
SM_ASSERT(str != NULL);
l = strlen(str);
SM_ASSERT(l + 2 > l);
new = sm_rpool_malloc_x(rp, l + 2);
new[0] = ' ';
new[1] = '\0';
sm_strlcpy(new + 1, str, l + 1);
return new;
}
/*
** MILTER_ADDHEADER -- Add the supplied header to the message
**
** Parameters:
** m -- current filter.
** response -- encoded form of header/value.
** rlen -- length of response.
** e -- current envelope.
**
** Returns:
** none
*/
static void
milter_addheader(m, response, rlen, e)
struct milter *m;
char *response;
ssize_t rlen;
ENVELOPE *e;
{
int mh_v_len;
char *val, *mh_value;
HDR *h;
if (tTd(64, 10))
sm_dprintf("milter_addheader: ");
/* sanity checks */
if (response == NULL)
{
if (tTd(64, 10))
sm_dprintf("NULL response\n");
return;
}
if (rlen < 2 || strlen(response) + 1 >= (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (total len %d != rlen %d)\n",
(int) strlen(response), (int) (rlen - 1));
return;
}
/* Find separating NUL */
val = response + strlen(response) + 1;
/* another sanity check */
if (strlen(response) + strlen(val) + 2 != (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (part len)\n");
return;
}
if (*response == '\0')
{
if (tTd(64, 10))
sm_dprintf("empty field name\n");
return;
}
for (h = e->e_header; h != NULL; h = h->h_link)
{
if (sm_strcasecmp(h->h_field, response) == 0 &&
!bitset(H_USER, h->h_flags) &&
!bitset(H_TRACE, h->h_flags))
break;
}
mh_v_len = 0;
mh_value = quote_internal_chars(val, NULL, &mh_v_len);
/* add to e_msgsize */
e->e_msgsize += strlen(response) + 2 + strlen(val);
if (h != NULL)
{
if (tTd(64, 10))
sm_dprintf("Replace default header %s value with %s\n",
h->h_field, mh_value);
if (MilterLogLevel > 8)
sm_syslog(LOG_INFO, e->e_id,
- "Milter change: default header %s value with %s",
- h->h_field, mh_value);
+ "Milter (%s) change: default header %s value with %s",
+ m->mf_name, h->h_field, mh_value);
if (bitset(SMFIP_HDR_LEADSPC, m->mf_pflags))
h->h_value = mh_value;
else
{
h->h_value = addleadingspace(mh_value, e->e_rpool);
SM_FREE(mh_value);
}
h->h_flags |= H_USER;
}
else
{
if (tTd(64, 10))
sm_dprintf("Add %s: %s\n", response, mh_value);
if (MilterLogLevel > 8)
sm_syslog(LOG_INFO, e->e_id,
- "Milter add: header: %s: %s",
- response, mh_value);
+ "Milter (%s) add: header: %s: %s",
+ m->mf_name, response, mh_value);
addheader(newstr(response), mh_value, H_USER, e,
!bitset(SMFIP_HDR_LEADSPC, m->mf_pflags));
SM_FREE(mh_value);
}
}
/*
** MILTER_INSHEADER -- Insert the supplied header
**
** Parameters:
** m -- current filter.
** response -- encoded form of header/value.
** rlen -- length of response.
** e -- current envelope.
**
** Returns:
** none
**
** Notes:
** Unlike milter_addheader(), this does not attempt to determine
** if the header already exists in the envelope, even a
** deleted version. It just blindly inserts.
*/
static void
milter_insheader(m, response, rlen, e)
struct milter *m;
char *response;
ssize_t rlen;
ENVELOPE *e;
{
mi_int32 idx, i;
int mh_v_len;
char *field, *val, *mh_value;
if (tTd(64, 10))
sm_dprintf("milter_insheader: ");
/* sanity checks */
if (response == NULL)
{
if (tTd(64, 10))
sm_dprintf("NULL response\n");
return;
}
if (rlen < 2 || strlen(response) + 1 >= (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (total len)\n");
return;
}
/* decode */
(void) memcpy((char *) &i, response, MILTER_LEN_BYTES);
idx = ntohl(i);
field = response + MILTER_LEN_BYTES;
val = field + strlen(field) + 1;
/* another sanity check */
if (MILTER_LEN_BYTES + strlen(field) + 1 +
strlen(val) + 1 != (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (part len)\n");
return;
}
if (*field == '\0')
{
if (tTd(64, 10))
sm_dprintf("empty field name\n");
return;
}
/* add to e_msgsize */
e->e_msgsize += strlen(response) + 2 + strlen(val);
if (tTd(64, 10))
sm_dprintf("Insert (%d) %s: %s\n", idx, field, val);
if (MilterLogLevel > 8)
sm_syslog(LOG_INFO, e->e_id,
- "Milter insert (%d): header: %s: %s",
- idx, field, val);
+ "Milter (%s) insert (%d): header: %s: %s",
+ m->mf_name, idx, field, val);
mh_v_len = 0;
mh_value = quote_internal_chars(val, NULL, &mh_v_len);
insheader(idx, newstr(field), mh_value, H_USER, e,
!bitset(SMFIP_HDR_LEADSPC, m->mf_pflags));
SM_FREE(mh_value);
}
/*
** MILTER_CHANGEHEADER -- Change the supplied header in the message
**
** Parameters:
** m -- current filter.
** response -- encoded form of header/index/value.
** rlen -- length of response.
** e -- current envelope.
**
** Returns:
** none
*/
static void
milter_changeheader(m, response, rlen, e)
struct milter *m;
char *response;
ssize_t rlen;
ENVELOPE *e;
{
mi_int32 i, index;
int mh_v_len;
char *field, *val, *mh_value;
HDR *h, *sysheader;
if (tTd(64, 10))
sm_dprintf("milter_changeheader: ");
/* sanity checks */
if (response == NULL)
{
if (tTd(64, 10))
sm_dprintf("NULL response\n");
return;
}
if (rlen < 2 || strlen(response) + 1 >= (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (total len)\n");
return;
}
/* Find separating NUL */
(void) memcpy((char *) &i, response, MILTER_LEN_BYTES);
index = ntohl(i);
field = response + MILTER_LEN_BYTES;
val = field + strlen(field) + 1;
/* another sanity check */
if (MILTER_LEN_BYTES + strlen(field) + 1 +
strlen(val) + 1 != (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (part len)\n");
return;
}
if (*field == '\0')
{
if (tTd(64, 10))
sm_dprintf("empty field name\n");
return;
}
mh_v_len = 0;
mh_value = quote_internal_chars(val, NULL, &mh_v_len);
sysheader = NULL;
for (h = e->e_header; h != NULL; h = h->h_link)
{
if (sm_strcasecmp(h->h_field, field) == 0)
{
if (bitset(H_USER, h->h_flags) && --index <= 0)
{
sysheader = NULL;
break;
}
else if (!bitset(H_USER, h->h_flags) &&
!bitset(H_TRACE, h->h_flags))
{
/*
- ** DRUMS msg-fmt draft says can only have
- ** multiple occurences of trace fields,
+ ** RFC 2822:
+ ** 27. No multiple occurrences of fields
+ ** (except resent and received).*
** so make sure we replace any non-trace,
** non-user field.
*/
sysheader = h;
}
}
}
/* if not found as user-provided header at index, use sysheader */
if (h == NULL)
h = sysheader;
if (h == NULL)
{
if (*val == '\0')
{
if (tTd(64, 10))
sm_dprintf("Delete (noop) %s\n", field);
if (MilterLogLevel > 8)
sm_syslog(LOG_INFO, e->e_id,
- "Milter delete (noop): header: %s"
- , field);
+ "Milter (%s) delete (noop): header: %s"
+ , m->mf_name, field);
}
else
{
/* treat modify value with no existing header as add */
if (tTd(64, 10))
sm_dprintf("Add %s: %s\n", field, mh_value);
if (MilterLogLevel > 8)
sm_syslog(LOG_INFO, e->e_id,
- "Milter change (add): header: %s: %s"
- , field, mh_value);
+ "Milter (%s) change (add): header: %s: %s"
+ , m->mf_name, field, mh_value);
addheader(newstr(field), mh_value, H_USER, e,
!bitset(SMFIP_HDR_LEADSPC, m->mf_pflags));
}
+ SM_FREE(mh_value);
return;
}
if (tTd(64, 10))
{
if (*val == '\0')
{
sm_dprintf("Delete%s %s:%s\n",
h == sysheader ? " (default header)" : "",
field,
h->h_value == NULL ? "<NULL>" : h->h_value);
}
else
{
sm_dprintf("Change%s %s: from %s to %s\n",
h == sysheader ? " (default header)" : "",
field,
h->h_value == NULL ? "<NULL>" : h->h_value,
mh_value);
}
}
if (MilterLogLevel > 8)
{
if (*val == '\0')
{
sm_syslog(LOG_INFO, e->e_id,
- "Milter delete: header%s %s:%s",
+ "Milter (%s) delete: header%s %s:%s",
+ m->mf_name,
h == sysheader ? " (default header)" : "",
field,
h->h_value == NULL ? "<NULL>" : h->h_value);
}
else
{
sm_syslog(LOG_INFO, e->e_id,
- "Milter change: header%s %s: from %s to %s",
+ "Milter (%s) change: header%s %s: from %s to %s",
+ m->mf_name,
h == sysheader ? " (default header)" : "",
field,
h->h_value == NULL ? "<NULL>" : h->h_value,
mh_value);
}
}
if (h != sysheader && h->h_value != NULL)
{
size_t l;
l = strlen(h->h_value);
if (l > e->e_msgsize)
e->e_msgsize = 0;
else
e->e_msgsize -= l;
/* rpool, don't free: sm_free(h->h_value); XXX */
}
if (*val == '\0')
{
/* Remove "Field: " from message size */
if (h != sysheader)
{
size_t l;
l = strlen(h->h_field) + 2;
if (l > e->e_msgsize)
e->e_msgsize = 0;
else
e->e_msgsize -= l;
}
h->h_value = NULL;
SM_FREE(mh_value);
}
else
{
if (bitset(SMFIP_HDR_LEADSPC, m->mf_pflags))
h->h_value = mh_value;
else
{
h->h_value = addleadingspace(mh_value, e->e_rpool);
SM_FREE(mh_value);
}
h->h_flags |= H_USER;
e->e_msgsize += strlen(h->h_value);
}
}
/*
** MILTER_SPLIT_RESPONSE -- Split response into fields.
**
** Parameters:
** response -- encoded repsonse.
** rlen -- length of response.
** pargc -- number of arguments (ouput)
**
** Returns:
** array of pointers to the individual strings
*/
static char **milter_split_response __P((char *, ssize_t, int *));
static char **
milter_split_response(response, rlen, pargc)
char *response;
ssize_t rlen;
int *pargc;
{
char **s;
size_t i;
int elem, nelem;
SM_ASSERT(response != NULL);
SM_ASSERT(pargc != NULL);
*pargc = 0;
if (rlen < 2 || strlen(response) >= (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (total len %d != rlen %d)\n",
(int) strlen(response), (int) (rlen - 1));
return NULL;
}
nelem = 0;
for (i = 0; i < rlen; i++)
{
if (response[i] == '\0')
++nelem;
}
if (nelem == 0)
return NULL;
/* last entry is only for the name */
s = (char **)malloc((nelem + 1) * (sizeof(*s)));
if (s == NULL)
return NULL;
s[0] = response;
for (i = 0, elem = 0; i < rlen && elem < nelem; i++)
{
if (response[i] == '\0')
{
++elem;
if (i + 1 >= rlen)
s[elem] = NULL;
else
s[elem] = &(response[i + 1]);
}
}
*pargc = nelem;
if (tTd(64, 10))
{
for (elem = 0; elem < nelem; elem++)
sm_dprintf("argv[%d]=\"%s\"\n", elem, s[elem]);
}
/* overwrite last entry (already done above, just paranoia) */
s[elem] = NULL;
return s;
}
/*
** MILTER_CHGFROM -- Change the envelope sender address
**
** Parameters:
** response -- encoded form of recipient address.
** rlen -- length of response.
** e -- current envelope.
+** mname -- name of milter.
**
** Returns:
** none
*/
static void
-milter_chgfrom(response, rlen, e)
+milter_chgfrom(response, rlen, e, mname)
char *response;
ssize_t rlen;
ENVELOPE *e;
+ const char *mname;
{
int olderrors, argc;
char **argv;
if (tTd(64, 10))
sm_dprintf("milter_chgfrom: ");
/* sanity checks */
if (response == NULL)
{
if (tTd(64, 10))
sm_dprintf("NULL response\n");
return;
}
if (*response == '\0' ||
strlen(response) + 1 > (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (total len %d != rlen %d)\n",
(int) strlen(response), (int) (rlen - 1));
return;
}
if (tTd(64, 10))
sm_dprintf("%s\n", response);
if (MilterLogLevel > 8)
- sm_syslog(LOG_INFO, e->e_id, "Milter chgfrom: %s", response);
+ sm_syslog(LOG_INFO, e->e_id, "Milter (%s) chgfrom: %s",
+ mname, response);
argv = milter_split_response(response, rlen, &argc);
if (argc < 1 || argc > 2)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol argc=%d\n", argc);
+ if (argv != NULL)
+ free(argv);
return;
}
olderrors = Errors;
setsender(argv[0], e, NULL, '\0', false);
if (argc == 2)
{
reset_mail_esmtp_args(e);
/*
** need "features" here: how to get those? via e?
** "fake" it for now: allow everything.
*/
parse_esmtp_args(e, NULL, argv[0], argv[1], "MAIL", NULL,
mail_esmtp_args);
}
Errors = olderrors;
+ free(argv);
return;
}
/*
** MILTER_ADDRCPT_PAR -- Add the supplied recipient to the message
**
** Parameters:
** response -- encoded form of recipient address.
** rlen -- length of response.
** e -- current envelope.
+** mname -- name of milter.
**
** Returns:
** none
*/
static void
-milter_addrcpt_par(response, rlen, e)
+milter_addrcpt_par(response, rlen, e, mname)
char *response;
ssize_t rlen;
ENVELOPE *e;
+ const char *mname;
{
int olderrors, argc;
char *delimptr;
char **argv;
ADDRESS *a;
if (tTd(64, 10))
sm_dprintf("milter_addrcpt_par: ");
/* sanity checks */
if (response == NULL)
{
if (tTd(64, 10))
sm_dprintf("NULL response\n");
return;
}
if (tTd(64, 10))
sm_dprintf("%s\n", response);
if (MilterLogLevel > 8)
- sm_syslog(LOG_INFO, e->e_id, "Milter add: rcpt: %s", response);
+ sm_syslog(LOG_INFO, e->e_id, "Milter (%s) add: rcpt: %s",
+ mname, response);
argv = milter_split_response(response, rlen, &argc);
if (argc < 1 || argc > 2)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol argc=%d\n", argc);
+ if (argv != NULL)
+ free(argv);
return;
}
olderrors = Errors;
/* how to set ESMTP arguments? */
a = parseaddr(argv[0], NULLADDR, RF_COPYALL, ' ', &delimptr, e, true);
if (a != NULL && olderrors == Errors)
{
parse_esmtp_args(e, a, argv[0], argv[1], "RCPT", NULL,
rcpt_esmtp_args);
if (olderrors == Errors)
a = recipient(a, &e->e_sendqueue, 0, e);
else
sm_dprintf("olderrors=%d, Errors=%d\n",
olderrors, Errors);
}
else
{
sm_dprintf("a=%p, olderrors=%d, Errors=%d\n",
- a, olderrors, Errors);
+ (void *)a, olderrors, Errors);
}
Errors = olderrors;
+ free(argv);
return;
}
/*
** MILTER_ADDRCPT -- Add the supplied recipient to the message
**
** Parameters:
** response -- encoded form of recipient address.
** rlen -- length of response.
** e -- current envelope.
+** mname -- name of milter.
**
** Returns:
** none
*/
static void
-milter_addrcpt(response, rlen, e)
+milter_addrcpt(response, rlen, e, mname)
char *response;
ssize_t rlen;
ENVELOPE *e;
+ const char *mname;
{
int olderrors;
if (tTd(64, 10))
sm_dprintf("milter_addrcpt: ");
/* sanity checks */
if (response == NULL)
{
if (tTd(64, 10))
sm_dprintf("NULL response\n");
return;
}
if (*response == '\0' ||
strlen(response) + 1 != (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (total len %d != rlen %d)\n",
(int) strlen(response), (int) (rlen - 1));
return;
}
if (tTd(64, 10))
sm_dprintf("%s\n", response);
if (MilterLogLevel > 8)
- sm_syslog(LOG_INFO, e->e_id, "Milter add: rcpt: %s", response);
+ sm_syslog(LOG_INFO, e->e_id, "Milter (%s) add: rcpt: %s",
+ mname, response);
olderrors = Errors;
(void) sendtolist(response, NULLADDR, &e->e_sendqueue, 0, e);
Errors = olderrors;
return;
}
/*
** MILTER_DELRCPT -- Delete the supplied recipient from the message
**
** Parameters:
** response -- encoded form of recipient address.
** rlen -- length of response.
** e -- current envelope.
+** mname -- name of milter.
**
** Returns:
** none
*/
static void
-milter_delrcpt(response, rlen, e)
+milter_delrcpt(response, rlen, e, mname)
char *response;
ssize_t rlen;
ENVELOPE *e;
+ const char *mname;
{
+ int r;
+
if (tTd(64, 10))
sm_dprintf("milter_delrcpt: ");
/* sanity checks */
if (response == NULL)
{
if (tTd(64, 10))
sm_dprintf("NULL response\n");
return;
}
if (*response == '\0' ||
strlen(response) + 1 != (size_t) rlen)
{
if (tTd(64, 10))
sm_dprintf("didn't follow protocol (total len %d != rlen %d)\n",
(int) strlen(response), (int) (rlen - 1));
return;
}
if (tTd(64, 10))
sm_dprintf("%s\n", response);
+ r = removefromlist(response, &e->e_sendqueue, e);
if (MilterLogLevel > 8)
- sm_syslog(LOG_INFO, e->e_id, "Milter delete: rcpt %s",
- response);
- (void) removefromlist(response, &e->e_sendqueue, e);
+ sm_syslog(LOG_INFO, e->e_id, "Milter (%s) delete: rcpt %s, naddrs=%d",
+ mname, response, r);
return;
}
/*
** MILTER_REPLBODY -- Replace the current data file with new body
**
** Parameters:
** response -- encoded form of new body.
** rlen -- length of response.
** newfilter -- if first time called by a new filter
** e -- current envelope.
+** mname -- name of milter.
**
** Returns:
** 0 upon success, -1 upon failure
*/
static int
-milter_replbody(response, rlen, newfilter, e)
+milter_replbody(response, rlen, newfilter, e, mname)
char *response;
ssize_t rlen;
bool newfilter;
ENVELOPE *e;
+ const char *mname;
{
static char prevchar;
int i;
if (tTd(64, 10))
sm_dprintf("milter_replbody\n");
/* If a new filter, reset previous character and truncate data file */
if (newfilter)
{
off_t prevsize;
char dfname[MAXPATHLEN];
(void) sm_strlcpy(dfname, queuename(e, DATAFL_LETTER),
sizeof(dfname));
/* Reset prevchar */
prevchar = '\0';
/* Get the current data file information */
prevsize = sm_io_getinfo(e->e_dfp, SM_IO_WHAT_SIZE, NULL);
if (prevsize < 0)
prevsize = 0;
/* truncate current data file */
if (sm_io_getinfo(e->e_dfp, SM_IO_WHAT_ISTYPE, BF_FILE_TYPE))
{
if (sm_io_setinfo(e->e_dfp, SM_BF_TRUNCATE, NULL) < 0)
{
MILTER_DF_ERROR("milter_replbody: sm_io truncate %s: %s");
return -1;
}
}
else
{
int err;
err = sm_io_error(e->e_dfp);
(void) sm_io_flush(e->e_dfp, SM_TIME_DEFAULT);
/*
** Clear error if tried to fflush()
** a read-only file pointer and
** there wasn't a previous error.
*/
if (err == 0)
sm_io_clearerr(e->e_dfp);
/* errno is set implicitly by fseek() before return */
err = sm_io_seek(e->e_dfp, SM_TIME_DEFAULT,
0, SEEK_SET);
if (err < 0)
{
MILTER_DF_ERROR("milter_replbody: sm_io_seek %s: %s");
return -1;
}
# if NOFTRUNCATE
/* XXX: Not much we can do except rewind it */
errno = EINVAL;
MILTER_DF_ERROR("milter_replbody: ftruncate not available on this platform (%s:%s)");
return -1;
# else /* NOFTRUNCATE */
err = ftruncate(sm_io_getinfo(e->e_dfp,
SM_IO_WHAT_FD, NULL),
0);
if (err < 0)
{
MILTER_DF_ERROR("milter_replbody: sm_io ftruncate %s: %s");
return -1;
}
# endif /* NOFTRUNCATE */
}
if (prevsize > e->e_msgsize)
e->e_msgsize = 0;
else
e->e_msgsize -= prevsize;
}
if (newfilter && MilterLogLevel > 8)
- sm_syslog(LOG_INFO, e->e_id, "Milter message: body replaced");
+ sm_syslog(LOG_INFO, e->e_id, "Milter (%s) message: body replaced",
+ mname);
if (response == NULL)
{
/* Flush the buffered '\r' */
if (prevchar == '\r')
{
(void) sm_io_putc(e->e_dfp, SM_TIME_DEFAULT, prevchar);
e->e_msgsize++;
}
return 0;
}
for (i = 0; i < rlen; i++)
{
/* Buffered char from last chunk */
if (i == 0 && prevchar == '\r')
{
/* Not CRLF, output prevchar */
if (response[i] != '\n')
{
(void) sm_io_putc(e->e_dfp, SM_TIME_DEFAULT,
prevchar);
e->e_msgsize++;
}
prevchar = '\0';
}
/* Turn CRLF into LF */
if (response[i] == '\r')
{
/* check if at end of chunk */
if (i + 1 < rlen)
{
/* If LF, strip CR */
if (response[i + 1] == '\n')
i++;
}
else
{
/* check next chunk */
prevchar = '\r';
continue;
}
}
(void) sm_io_putc(e->e_dfp, SM_TIME_DEFAULT, response[i]);
e->e_msgsize++;
}
return 0;
}
/*
** MTA callouts
*/
/*
** MILTER_INIT -- open and negotiate with all of the filters
**
** Parameters:
** e -- current envelope.
** state -- return state from response.
** milters -- milters structure.
**
** Returns:
** true iff at least one filter is active
*/
/* ARGSUSED */
bool
milter_init(e, state, milters)
ENVELOPE *e;
char *state;
milters_T *milters;
{
int i;
if (tTd(64, 10))
sm_dprintf("milter_init\n");
memset(milters, '\0', sizeof(*milters));
*state = SMFIR_CONTINUE;
if (InputFilters[0] == NULL)
{
if (MilterLogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"Milter: no active filter");
return false;
}
for (i = 0; InputFilters[i] != NULL; i++)
{
struct milter *m = InputFilters[i];
m->mf_sock = milter_open(m, false, e);
if (m->mf_state == SMFS_ERROR)
{
MILTER_CHECK_ERROR(true, continue);
break;
}
if (m->mf_sock < 0 ||
milter_negotiate(m, e, milters) < 0 ||
m->mf_state == SMFS_ERROR)
{
if (tTd(64, 5))
sm_dprintf("milter_init(%s): failed to %s\n",
m->mf_name,
m->mf_sock < 0 ? "open" :
"negotiate");
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"Milter (%s): init failed to %s",
m->mf_name,
m->mf_sock < 0 ? "open" :
"negotiate");
/* if negotiation failure, close socket */
milter_error(m, e);
MILTER_CHECK_ERROR(true, continue);
continue;
}
if (MilterLogLevel > 9)
sm_syslog(LOG_INFO, e->e_id,
"Milter (%s): init success to %s",
m->mf_name,
m->mf_sock < 0 ? "open" : "negotiate");
}
/*
** If something temp/perm failed with one of the filters,
** we won't be using any of them, so clear any existing
** connections.
*/
if (*state != SMFIR_CONTINUE)
milter_quit(e);
return true;
}
/*
** MILTER_CONNECT -- send connection info to milter filters
**
** Parameters:
** hostname -- hostname of remote machine.
** addr -- address of remote machine.
** e -- current envelope.
** state -- return state from response.
**
** Returns:
** response string (may be NULL)
*/
char *
milter_connect(hostname, addr, e, state)
char *hostname;
SOCKADDR addr;
ENVELOPE *e;
char *state;
{
char family;
unsigned short port;
char *buf, *bp;
char *response;
char *sockinfo = NULL;
ssize_t s;
# if NETINET6
char buf6[INET6_ADDRSTRLEN];
-# endif /* NETINET6 */
+# endif
if (tTd(64, 10))
sm_dprintf("milter_connect(%s)\n", hostname);
if (MilterLogLevel > 9)
sm_syslog(LOG_INFO, e->e_id, "Milter: connect to filters");
/* gather data */
switch (addr.sa.sa_family)
{
# if NETUNIX
case AF_UNIX:
family = SMFIA_UNIX;
port = htons(0);
sockinfo = addr.sunix.sun_path;
break;
# endif /* NETUNIX */
# if NETINET
case AF_INET:
family = SMFIA_INET;
port = addr.sin.sin_port;
sockinfo = (char *) inet_ntoa(addr.sin.sin_addr);
break;
# endif /* NETINET */
# if NETINET6
case AF_INET6:
if (IN6_IS_ADDR_V4MAPPED(&addr.sin6.sin6_addr))
family = SMFIA_INET;
else
family = SMFIA_INET6;
port = addr.sin6.sin6_port;
sockinfo = anynet_ntop(&addr.sin6.sin6_addr, buf6,
sizeof(buf6));
if (sockinfo == NULL)
sockinfo = "";
break;
# endif /* NETINET6 */
default:
family = SMFIA_UNKNOWN;
break;
}
s = strlen(hostname) + 1 + sizeof(family);
if (family != SMFIA_UNKNOWN)
s += sizeof(port) + strlen(sockinfo) + 1;
buf = (char *) xalloc(s);
bp = buf;
/* put together data */
(void) memcpy(bp, hostname, strlen(hostname));
bp += strlen(hostname);
*bp++ = '\0';
(void) memcpy(bp, &family, sizeof(family));
bp += sizeof(family);
if (family != SMFIA_UNKNOWN)
{
(void) memcpy(bp, &port, sizeof(port));
bp += sizeof(port);
/* include trailing '\0' */
(void) memcpy(bp, sockinfo, strlen(sockinfo) + 1);
}
response = milter_command(SMFIC_CONNECT, buf, s, SMFIM_CONNECT,
e, state, "connect", false);
sm_free(buf); /* XXX */
/*
** If this message connection is done for,
** close the filters.
*/
if (*state != SMFIR_CONTINUE)
{
if (MilterLogLevel > 9)
sm_syslog(LOG_INFO, e->e_id, "Milter: connect, ending");
milter_quit(e);
}
else
milter_per_connection_check(e);
#if !_FFR_MILTER_CONNECT_REPLYCODE
/*
** SMFIR_REPLYCODE can't work with connect due to
** the requirements of SMTP. Therefore, ignore the
** reply code text but keep the state it would reflect.
*/
if (*state == SMFIR_REPLYCODE)
{
if (response != NULL &&
*response == '4')
{
if (strncmp(response, "421 ", 4) == 0)
*state = SMFIR_SHUTDOWN;
else
*state = SMFIR_TEMPFAIL;
}
else
*state = SMFIR_REJECT;
if (response != NULL)
{
sm_free(response); /* XXX */
response = NULL;
}
}
#endif /* !_FFR_MILTER_CONNECT_REPLYCODE */
return response;
}
/*
** MILTER_HELO -- send SMTP HELO/EHLO command info to milter filters
**
** Parameters:
** helo -- argument to SMTP HELO/EHLO command.
** e -- current envelope.
** state -- return state from response.
**
** Returns:
** response string (may be NULL)
*/
char *
milter_helo(helo, e, state)
char *helo;
ENVELOPE *e;
char *state;
{
int i;
char *response;
if (tTd(64, 10))
sm_dprintf("milter_helo(%s)\n", helo);
/* HELO/EHLO can come at any point */
for (i = 0; InputFilters[i] != NULL; i++)
{
struct milter *m = InputFilters[i];
switch (m->mf_state)
{
case SMFS_INMSG:
/* abort in message filters */
milter_abort_filter(m, e);
/* FALLTHROUGH */
case SMFS_DONE:
/* reset done filters */
m->mf_state = SMFS_OPEN;
break;
}
}
response = milter_command(SMFIC_HELO, helo, strlen(helo) + 1,
SMFIM_HELO, e, state, "helo", false);
milter_per_connection_check(e);
return response;
}
/*
** MILTER_ENVFROM -- send SMTP MAIL command info to milter filters
**
** Parameters:
** args -- SMTP MAIL command args (args[0] == sender).
** e -- current envelope.
** state -- return state from response.
**
** Returns:
** response string (may be NULL)
*/
char *
milter_envfrom(args, e, state)
char **args;
ENVELOPE *e;
char *state;
{
int i;
char *buf, *bp;
char *response;
ssize_t s;
if (tTd(64, 10))
{
sm_dprintf("milter_envfrom:");
for (i = 0; args[i] != NULL; i++)
sm_dprintf(" %s", args[i]);
sm_dprintf("\n");
}
/* sanity check */
if (args[0] == NULL)
{
*state = SMFIR_REJECT;
if (MilterLogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"Milter: reject, no sender");
return NULL;
}
/* new message, so ... */
for (i = 0; InputFilters[i] != NULL; i++)
{
struct milter *m = InputFilters[i];
switch (m->mf_state)
{
case SMFS_INMSG:
/* abort in message filters */
milter_abort_filter(m, e);
/* FALLTHROUGH */
case SMFS_DONE:
/* reset done filters */
m->mf_state = SMFS_OPEN;
break;
}
}
/* put together data */
s = 0;
for (i = 0; args[i] != NULL; i++)
s += strlen(args[i]) + 1;
if (s < 0)
{
*state = SMFIR_TEMPFAIL;
return NULL;
}
buf = (char *) xalloc(s);
bp = buf;
for (i = 0; args[i] != NULL; i++)
{
(void) sm_strlcpy(bp, args[i], s - (bp - buf));
bp += strlen(bp) + 1;
}
if (MilterLogLevel > 14)
sm_syslog(LOG_INFO, e->e_id, "Milter: sender: %s", buf);
/* send it over */
response = milter_command(SMFIC_MAIL, buf, s, SMFIM_ENVFROM,
e, state, "mail", false);
sm_free(buf); /* XXX */
/*
** If filter rejects/discards a per message command,
** abort the other filters since we are done with the
** current message.
*/
MILTER_CHECK_DONE_MSG();
if (MilterLogLevel > 10 && *state == SMFIR_REJECT)
sm_syslog(LOG_INFO, e->e_id, "Milter: reject, sender");
return response;
}
/*
** MILTER_ENVRCPT -- send SMTP RCPT command info to milter filters
**
** Parameters:
-** args -- SMTP MAIL command args (args[0] == recipient).
+** args -- SMTP RCPT command args (args[0] == recipient).
** e -- current envelope.
** state -- return state from response.
** rcpt_error -- does RCPT have an error?
**
** Returns:
** response string (may be NULL)
*/
char *
milter_envrcpt(args, e, state, rcpt_error)
char **args;
ENVELOPE *e;
char *state;
bool rcpt_error;
{
int i;
char *buf, *bp;
char *response;
ssize_t s;
if (tTd(64, 10))
{
sm_dprintf("milter_envrcpt:");
for (i = 0; args[i] != NULL; i++)
sm_dprintf(" %s", args[i]);
sm_dprintf("\n");
}
/* sanity check */
if (args[0] == NULL)
{
*state = SMFIR_REJECT;
if (MilterLogLevel > 10)
sm_syslog(LOG_INFO, e->e_id, "Milter: reject, no rcpt");
return NULL;
}
/* put together data */
s = 0;
for (i = 0; args[i] != NULL; i++)
s += strlen(args[i]) + 1;
if (s < 0)
{
*state = SMFIR_TEMPFAIL;
return NULL;
}
buf = (char *) xalloc(s);
bp = buf;
for (i = 0; args[i] != NULL; i++)
{
(void) sm_strlcpy(bp, args[i], s - (bp - buf));
bp += strlen(bp) + 1;
}
if (MilterLogLevel > 14)
sm_syslog(LOG_INFO, e->e_id, "Milter: rcpts: %s", buf);
/* send it over */
response = milter_command(SMFIC_RCPT, buf, s, SMFIM_ENVRCPT,
e, state, "rcpt", rcpt_error);
sm_free(buf); /* XXX */
return response;
}
/*
** MILTER_DATA_CMD -- send SMTP DATA command info to milter filters
**
** Parameters:
** e -- current envelope.
** state -- return state from response.
**
** Returns:
** response string (may be NULL)
*/
char *
milter_data_cmd(e, state)
ENVELOPE *e;
char *state;
{
if (tTd(64, 10))
sm_dprintf("milter_data_cmd\n");
/* send it over */
return milter_command(SMFIC_DATA, NULL, 0, SMFIM_DATA,
e, state, "data", false);
}
/*
** MILTER_DATA -- send message headers/body and gather final message results
**
** Parameters:
** e -- current envelope.
** state -- return state from response.
**
** Returns:
** response string (may be NULL)
**
** Side effects:
** - Uses e->e_dfp for access to the body
** - Can call the various milter action routines to
** modify the envelope or message.
*/
/* flow through code using continue; don't wrap in do {} while */
# define MILTER_CHECK_RESULTS() \
if (m->mf_state == SMFS_ERROR && *state == SMFIR_CONTINUE) \
{ \
MILTER_SET_STATE; \
} \
if (*state == SMFIR_ACCEPT || \
m->mf_state == SMFS_DONE || \
m->mf_state == SMFS_ERROR) \
{ \
if (m->mf_state != SMFS_ERROR) \
m->mf_state = SMFS_DONE; \
continue; /* to next filter */ \
} \
if (*state != SMFIR_CONTINUE) \
{ \
m->mf_state = SMFS_DONE; \
goto finishup; \
}
char *
milter_data(e, state)
ENVELOPE *e;
char *state;
{
bool replbody = false; /* milter_replbody() called? */
bool replfailed = false; /* milter_replbody() failed? */
bool rewind = false; /* rewind data file? */
bool dfopen = false; /* data file open for writing? */
bool newfilter; /* reset on each new filter */
char rcmd;
int i;
int save_errno;
char *response = NULL;
time_t eomsent;
ssize_t rlen;
if (tTd(64, 10))
sm_dprintf("milter_data\n");
*state = SMFIR_CONTINUE;
/*
** XXX: Should actually send body chunks to each filter
** a chunk at a time instead of sending the whole body to
** each filter in turn. However, only if the filters don't
** change the body.
*/
for (i = 0; InputFilters[i] != NULL; i++)
{
int idx;
char **macros;
struct milter *m = InputFilters[i];
if (*state != SMFIR_CONTINUE &&
*state != SMFIR_ACCEPT)
{
/*
** A previous filter has dealt with the message,
** safe to stop processing the filters.
*/
break;
}
/* Now reset state for later evaluation */
*state = SMFIR_CONTINUE;
newfilter = true;
/* previous problem? */
if (m->mf_state == SMFS_ERROR)
{
MILTER_CHECK_ERROR(false, continue);
break;
}
/* sanity checks */
if (m->mf_sock < 0 ||
(m->mf_state != SMFS_OPEN && m->mf_state != SMFS_INMSG))
continue;
m->mf_state = SMFS_INMSG;
/* check if filter wants the headers */
if (!bitset(SMFIP_NOHDRS, m->mf_pflags))
{
response = milter_headers(m, e, state);
MILTER_CHECK_RESULTS();
}
/* check if filter wants EOH */
if (!bitset(SMFIP_NOEOH, m->mf_pflags))
{
if (tTd(64, 10))
sm_dprintf("milter_data: eoh\n");
if ((m->mf_lflags & MI_LFLAGS_SYM(SMFIM_EOH)) != 0)
idx = m->mf_idx;
else
idx = 0;
SM_ASSERT(idx >= 0 && idx <= MAXFILTERS);
macros = MilterMacros[SMFIM_EOH][idx];
if (macros != NULL)
{
milter_send_macros(m, macros, SMFIC_EOH, e);
MILTER_CHECK_RESULTS();
}
/* send it over */
response = milter_send_command(m, SMFIC_EOH, NULL, 0,
e, state, "eoh");
MILTER_CHECK_RESULTS();
}
/* check if filter wants the body */
if (!bitset(SMFIP_NOBODY, m->mf_pflags) &&
e->e_dfp != NULL)
{
rewind = true;
response = milter_body(m, e, state);
MILTER_CHECK_RESULTS();
}
if ((m->mf_lflags & MI_LFLAGS_SYM(SMFIM_EOH)) != 0)
idx = m->mf_idx;
else
idx = 0;
SM_ASSERT(idx >= 0 && idx <= MAXFILTERS);
macros = MilterMacros[SMFIM_EOM][idx];
if (macros != NULL)
{
milter_send_macros(m, macros, SMFIC_BODYEOB, e);
MILTER_CHECK_RESULTS();
}
/* send the final body chunk */
(void) milter_write(m, SMFIC_BODYEOB, NULL, 0,
m->mf_timeout[SMFTO_WRITE], e, "eom");
/* Get time EOM sent for timeout */
eomsent = curtime();
/* deal with the possibility of multiple responses */
while (*state == SMFIR_CONTINUE)
{
/* Check total timeout from EOM to final ACK/NAK */
if (m->mf_timeout[SMFTO_EOM] > 0 &&
curtime() - eomsent >= m->mf_timeout[SMFTO_EOM])
{
if (tTd(64, 5))
sm_dprintf("milter_data(%s): EOM ACK/NAK timeout\n",
m->mf_name);
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"milter_data(%s): EOM ACK/NAK timeout",
m->mf_name);
milter_error(m, e);
MILTER_CHECK_ERROR(false, break);
break;
}
response = milter_read(m, &rcmd, &rlen,
m->mf_timeout[SMFTO_READ], e,
"eom");
if (m->mf_state == SMFS_ERROR)
break;
if (tTd(64, 10))
sm_dprintf("milter_data(%s): state %c\n",
m->mf_name, (char) rcmd);
switch (rcmd)
{
case SMFIR_REPLYCODE:
MILTER_CHECK_REPLYCODE("554 5.7.1 Command rejected");
if (MilterLogLevel > 12)
sm_syslog(LOG_INFO, e->e_id, "milter=%s, reject=%s",
m->mf_name, response);
*state = rcmd;
m->mf_state = SMFS_DONE;
break;
case SMFIR_REJECT: /* log msg at end of function */
if (MilterLogLevel > 12)
sm_syslog(LOG_INFO, e->e_id, "milter=%s, reject",
m->mf_name);
*state = rcmd;
m->mf_state = SMFS_DONE;
break;
case SMFIR_DISCARD:
if (MilterLogLevel > 12)
sm_syslog(LOG_INFO, e->e_id, "milter=%s, discard",
m->mf_name);
*state = rcmd;
m->mf_state = SMFS_DONE;
break;
case SMFIR_TEMPFAIL:
if (MilterLogLevel > 12)
sm_syslog(LOG_INFO, e->e_id, "milter=%s, tempfail",
m->mf_name);
*state = rcmd;
m->mf_state = SMFS_DONE;
break;
case SMFIR_CONTINUE:
case SMFIR_ACCEPT:
/* this filter is done with message */
if (replfailed)
*state = SMFIR_TEMPFAIL;
else
*state = SMFIR_ACCEPT;
m->mf_state = SMFS_DONE;
break;
case SMFIR_PROGRESS:
break;
case SMFIR_QUARANTINE:
if (!bitset(SMFIF_QUARANTINE, m->mf_fflags))
{
if (MilterLogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"milter_data(%s): lied about quarantining, honoring request anyway",
m->mf_name);
}
if (response == NULL)
response = newstr("");
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"milter=%s, quarantine=%s",
m->mf_name, response);
e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool,
response);
macdefine(&e->e_macro, A_PERM,
macid("{quarantine}"), e->e_quarmsg);
break;
case SMFIR_ADDHEADER:
if (!bitset(SMFIF_ADDHDRS, m->mf_fflags))
{
if (MilterLogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"milter_data(%s): lied about adding headers, honoring request anyway",
m->mf_name);
}
milter_addheader(m, response, rlen, e);
break;
case SMFIR_INSHEADER:
if (!bitset(SMFIF_ADDHDRS, m->mf_fflags))
{
if (MilterLogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"milter_data(%s): lied about adding headers, honoring request anyway",
m->mf_name);
}
milter_insheader(m, response, rlen, e);
break;
case SMFIR_CHGHEADER:
if (!bitset(SMFIF_CHGHDRS, m->mf_fflags))
{
if (MilterLogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"milter_data(%s): lied about changing headers, honoring request anyway",
m->mf_name);
}
milter_changeheader(m, response, rlen, e);
break;
case SMFIR_CHGFROM:
if (!bitset(SMFIF_CHGFROM, m->mf_fflags))
{
if (MilterLogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"milter_data(%s) lied about changing sender, honoring request anyway",
m->mf_name);
}
- milter_chgfrom(response, rlen, e);
+ milter_chgfrom(response, rlen, e, m->mf_name);
break;
case SMFIR_ADDRCPT:
if (!bitset(SMFIF_ADDRCPT, m->mf_fflags))
{
if (MilterLogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"milter_data(%s) lied about adding recipients, honoring request anyway",
m->mf_name);
}
- milter_addrcpt(response, rlen, e);
+ milter_addrcpt(response, rlen, e, m->mf_name);
break;
case SMFIR_ADDRCPT_PAR:
if (!bitset(SMFIF_ADDRCPT_PAR, m->mf_fflags))
{
if (MilterLogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"milter_data(%s) lied about adding recipients with parameters, honoring request anyway",
m->mf_name);
}
- milter_addrcpt_par(response, rlen, e);
+ milter_addrcpt_par(response, rlen, e, m->mf_name);
break;
case SMFIR_DELRCPT:
if (!bitset(SMFIF_DELRCPT, m->mf_fflags))
{
if (MilterLogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"milter_data(%s): lied about removing recipients, honoring request anyway",
m->mf_name);
}
- milter_delrcpt(response, rlen, e);
+ milter_delrcpt(response, rlen, e, m->mf_name);
break;
case SMFIR_REPLBODY:
if (!bitset(SMFIF_MODBODY, m->mf_fflags))
{
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"milter_data(%s): lied about replacing body, rejecting request and tempfailing message",
m->mf_name);
replfailed = true;
break;
}
/* already failed in attempt */
if (replfailed)
break;
if (!dfopen)
{
if (milter_reopen_df(e) < 0)
{
replfailed = true;
break;
}
dfopen = true;
rewind = true;
}
- if (milter_replbody(response, rlen,
- newfilter, e) < 0)
+ if (milter_replbody(response, rlen, newfilter,
+ e, m->mf_name) < 0)
replfailed = true;
newfilter = false;
replbody = true;
break;
default:
/* Invalid response to command */
if (MilterLogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"milter_data(%s): returned bogus response %c",
m->mf_name, rcmd);
milter_error(m, e);
break;
}
if (rcmd != SMFIR_REPLYCODE && response != NULL)
{
sm_free(response); /* XXX */
response = NULL;
}
if (m->mf_state == SMFS_ERROR)
break;
}
if (replbody && !replfailed)
{
/* flush possible buffered character */
- milter_replbody(NULL, 0, !replbody, e);
+ milter_replbody(NULL, 0, !replbody, e, m->mf_name);
replbody = false;
}
if (m->mf_state == SMFS_ERROR)
{
MILTER_CHECK_ERROR(false, continue);
goto finishup;
}
}
finishup:
/* leave things in the expected state if we touched it */
if (replfailed)
{
if (*state == SMFIR_CONTINUE ||
*state == SMFIR_ACCEPT)
{
*state = SMFIR_TEMPFAIL;
- SM_FREE_CLR(response);
+ SM_FREE(response);
}
if (dfopen)
{
(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
e->e_dfp = NULL;
e->e_flags &= ~EF_HAS_DF;
dfopen = false;
}
rewind = false;
}
if ((dfopen && milter_reset_df(e) < 0) ||
(rewind && bfrewind(e->e_dfp) < 0))
{
save_errno = errno;
ExitStat = EX_IOERR;
/*
** If filter told us to keep message but we had
** an error, we can't really keep it, tempfail it.
*/
- if (*state == SMFIR_CONTINUE ||
- *state == SMFIR_ACCEPT)
+ if (*state == SMFIR_CONTINUE || *state == SMFIR_ACCEPT)
{
*state = SMFIR_TEMPFAIL;
- SM_FREE_CLR(response);
+ SM_FREE(response);
}
errno = save_errno;
syserr("milter_data: %s/%cf%s: read error",
qid_printqueue(e->e_qgrp, e->e_qdir),
DATAFL_LETTER, e->e_id);
}
MILTER_CHECK_DONE_MSG();
if (MilterLogLevel > 10 && *state == SMFIR_REJECT)
sm_syslog(LOG_INFO, e->e_id, "Milter: reject, data");
return response;
}
/*
** MILTER_UNKNOWN -- send any unrecognized or unimplemented command
** string to milter filters
**
** Parameters:
** smtpcmd -- the string itself.
** e -- current envelope.
** state -- return state from response.
**
**
** Returns:
** response string (may be NULL)
*/
char *
milter_unknown(smtpcmd, e, state)
char *smtpcmd;
ENVELOPE *e;
char *state;
{
if (tTd(64, 10))
sm_dprintf("milter_unknown(%s)\n", smtpcmd);
return milter_command(SMFIC_UNKNOWN, smtpcmd, strlen(smtpcmd) + 1,
SMFIM_NOMACROS, e, state, "unknown", false);
}
/*
** MILTER_QUIT -- informs the filter(s) we are done and closes connection(s)
**
** Parameters:
** e -- current envelope.
**
** Returns:
** none
*/
void
milter_quit(e)
ENVELOPE *e;
{
int i;
if (tTd(64, 10))
sm_dprintf("milter_quit(%s)\n", e->e_id);
for (i = 0; InputFilters[i] != NULL; i++)
milter_quit_filter(InputFilters[i], e);
}
/*
** MILTER_ABORT -- informs the filter(s) that we are aborting current message
**
** Parameters:
** e -- current envelope.
**
** Returns:
** none
*/
void
milter_abort(e)
ENVELOPE *e;
{
int i;
if (tTd(64, 10))
sm_dprintf("milter_abort\n");
for (i = 0; InputFilters[i] != NULL; i++)
{
struct milter *m = InputFilters[i];
/* sanity checks */
if (m->mf_sock < 0 || m->mf_state != SMFS_INMSG)
continue;
milter_abort_filter(m, e);
}
}
#endif /* MILTER */
diff --git a/src/mime.c b/src/mime.c
index ecfc761dd2e3..48849d6a48ea 100644
--- a/src/mime.c
+++ b/src/mime.c
@@ -1,1326 +1,1326 @@
/*
* Copyright (c) 1998-2003, 2006, 2013 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1994, 1996-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1994
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#include <string.h>
SM_RCSID("@(#)$Id: mime.c,v 8.149 2013-11-22 20:51:56 ca Exp $")
/*
** MIME support.
**
** I am indebted to John Beck of Hewlett-Packard, who contributed
** his code to me for inclusion. As it turns out, I did not use
** his code since he used a "minimum change" approach that used
** several temp files, and I wanted a "minimum impact" approach
** that would avoid copying. However, looking over his code
** helped me cement my understanding of the problem.
**
** I also looked at, but did not directly use, Nathaniel
** Borenstein's "code.c" module. Again, it functioned as
** a file-to-file translator, which did not fit within my
** design bounds, but it was a useful base for understanding
** the problem.
*/
/* use "old" mime 7 to 8 algorithm by default */
#ifndef MIME7TO8_OLD
# define MIME7TO8_OLD 1
-#endif /* ! MIME7TO8_OLD */
+#endif
#if MIME8TO7
static int isboundary __P((char *, char **));
static int mimeboundary __P((char *, char **));
static int mime_getchar __P((SM_FILE_T *, char **, int *));
static int mime_getchar_crlf __P((SM_FILE_T *, char **, int *));
/* character set for hex and base64 encoding */
static char Base16Code[] = "0123456789ABCDEF";
static char Base64Code[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/* types of MIME boundaries */
# define MBT_SYNTAX 0 /* syntax error */
# define MBT_NOTSEP 1 /* not a boundary */
# define MBT_INTERMED 2 /* intermediate boundary (no trailing --) */
# define MBT_FINAL 3 /* final boundary (trailing -- included) */
static char *MimeBoundaryNames[] =
{
"SYNTAX", "NOTSEP", "INTERMED", "FINAL"
};
static bool MapNLtoCRLF;
/*
** MIME8TO7 -- output 8 bit body in 7 bit format
**
** The header has already been output -- this has to do the
** 8 to 7 bit conversion. It would be easy if we didn't have
** to deal with nested formats (multipart/xxx and message/rfc822).
**
** We won't be called if we don't have to do a conversion, and
** appropriate MIME-Version: and Content-Type: fields have been
** output. Any Content-Transfer-Encoding: field has not been
** output, and we can add it here.
**
** Parameters:
** mci -- mailer connection information.
** header -- the header for this body part.
** e -- envelope.
** boundaries -- the currently pending message boundaries.
** NULL if we are processing the outer portion.
** flags -- to tweak processing.
** level -- recursion level.
**
** Returns:
** An indicator of what terminated the message part:
** MBT_FINAL -- the final boundary
** MBT_INTERMED -- an intermediate boundary
** MBT_NOTSEP -- an end of file
** SM_IO_EOF -- I/O error occurred
*/
struct args
{
char *a_field; /* name of field */
char *a_value; /* value of that field */
};
int
mime8to7(mci, header, e, boundaries, flags, level)
register MCI *mci;
HDR *header;
register ENVELOPE *e;
char **boundaries;
int flags;
int level;
{
register char *p;
int linelen;
int blen;
int bt;
off_t offset;
size_t sectionsize, sectionhighbits;
int i;
char *type;
char *subtype;
char *cte;
char **pvp;
int argc = 0;
char *bp;
bool use_qp = false;
struct args argv[MAXMIMEARGS];
char bbuf[128];
char buf[MAXLINE];
char pvpbuf[MAXLINE];
extern unsigned char MimeTokenTab[256];
if (level > MAXMIMENESTING)
{
if (!bitset(EF_TOODEEP, e->e_flags))
{
if (tTd(43, 4))
sm_dprintf("mime8to7: too deep, level=%d\n",
level);
usrerr("mime8to7: recursion level %d exceeded",
level);
e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
}
}
if (tTd(43, 1))
{
sm_dprintf("mime8to7: flags = %x, boundaries =", flags);
if (boundaries[0] == NULL)
sm_dprintf(" <none>");
else
{
for (i = 0; boundaries[i] != NULL; i++)
sm_dprintf(" %s", boundaries[i]);
}
sm_dprintf("\n");
}
MapNLtoCRLF = true;
p = hvalue("Content-Transfer-Encoding", header);
if (p == NULL ||
(pvp = prescan(p, '\0', pvpbuf, sizeof(pvpbuf), NULL,
MimeTokenTab, false)) == NULL ||
pvp[0] == NULL)
{
cte = NULL;
}
else
{
cataddr(pvp, NULL, buf, sizeof(buf), '\0', false);
cte = sm_rpool_strdup_x(e->e_rpool, buf);
}
type = subtype = NULL;
p = hvalue("Content-Type", header);
if (p == NULL)
{
if (bitset(M87F_DIGEST, flags))
p = "message/rfc822";
else
p = "text/plain";
}
if (p != NULL &&
(pvp = prescan(p, '\0', pvpbuf, sizeof(pvpbuf), NULL,
MimeTokenTab, false)) != NULL &&
pvp[0] != NULL)
{
if (tTd(43, 40))
{
for (i = 0; pvp[i] != NULL; i++)
sm_dprintf("pvp[%d] = \"%s\"\n", i, pvp[i]);
}
type = *pvp++;
if (*pvp != NULL && strcmp(*pvp, "/") == 0 &&
*++pvp != NULL)
{
subtype = *pvp++;
}
/* break out parameters */
while (*pvp != NULL && argc < MAXMIMEARGS)
{
/* skip to semicolon separator */
while (*pvp != NULL && strcmp(*pvp, ";") != 0)
pvp++;
if (*pvp++ == NULL || *pvp == NULL)
break;
/* complain about empty values */
if (strcmp(*pvp, ";") == 0)
{
usrerr("mime8to7: Empty parameter in Content-Type header");
/* avoid bounce loops */
e->e_flags |= EF_DONT_MIME;
continue;
}
/* extract field name */
argv[argc].a_field = *pvp++;
/* see if there is a value */
if (*pvp != NULL && strcmp(*pvp, "=") == 0 &&
(*++pvp == NULL || strcmp(*pvp, ";") != 0))
{
argv[argc].a_value = *pvp;
argc++;
}
}
}
/* check for disaster cases */
if (type == NULL)
type = "-none-";
if (subtype == NULL)
subtype = "-none-";
/* don't propagate some flags more than one level into the message */
flags &= ~M87F_DIGEST;
/*
** Check for cases that can not be encoded.
**
** For example, you can't encode certain kinds of types
** or already-encoded messages. If we find this case,
** just copy it through.
*/
(void) sm_snprintf(buf, sizeof(buf), "%.100s/%.100s", type, subtype);
if (wordinclass(buf, 'n') || (cte != NULL && !wordinclass(cte, 'e')))
flags |= M87F_NO8BIT;
# ifdef USE_B_CLASS
if (wordinclass(buf, 'b') || wordinclass(type, 'b'))
MapNLtoCRLF = false;
-# endif /* USE_B_CLASS */
+# endif
if (wordinclass(buf, 'q') || wordinclass(type, 'q'))
use_qp = true;
/*
** Multipart requires special processing.
**
** Do a recursive descent into the message.
*/
if (sm_strcasecmp(type, "multipart") == 0 &&
(!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)) &&
!bitset(EF_TOODEEP, e->e_flags)
)
{
if (sm_strcasecmp(subtype, "digest") == 0)
flags |= M87F_DIGEST;
for (i = 0; i < argc; i++)
{
if (sm_strcasecmp(argv[i].a_field, "boundary") == 0)
break;
}
if (i >= argc || argv[i].a_value == NULL)
{
usrerr("mime8to7: Content-Type: \"%s\": %s boundary",
i >= argc ? "missing" : "bogus", p);
p = "---";
/* avoid bounce loops */
e->e_flags |= EF_DONT_MIME;
}
else
{
p = argv[i].a_value;
- stripquotes(p);
+ unfoldstripquotes(p);
}
if (sm_strlcpy(bbuf, p, sizeof(bbuf)) >= sizeof(bbuf))
{
usrerr("mime8to7: multipart boundary \"%s\" too long",
p);
/* avoid bounce loops */
e->e_flags |= EF_DONT_MIME;
}
if (tTd(43, 1))
sm_dprintf("mime8to7: multipart boundary \"%s\"\n",
bbuf);
for (i = 0; i < MAXMIMENESTING; i++)
{
if (boundaries[i] == NULL)
break;
}
if (i >= MAXMIMENESTING)
{
if (tTd(43, 4))
sm_dprintf("mime8to7: too deep, i=%d\n", i);
if (!bitset(EF_TOODEEP, e->e_flags))
usrerr("mime8to7: multipart nesting boundary too deep");
/* avoid bounce loops */
e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
}
else
{
boundaries[i] = bbuf;
boundaries[i + 1] = NULL;
}
mci->mci_flags |= MCIF_INMIME;
/* skip the early "comment" prologue */
if (!putline("", mci))
goto writeerr;
mci->mci_flags &= ~MCIF_INHEADER;
bt = MBT_FINAL;
while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf,
sizeof(buf))) >= 0)
{
bt = mimeboundary(buf, boundaries);
if (bt != MBT_NOTSEP)
break;
if (!putxline(buf, blen, mci,
PXLF_MAPFROM|PXLF_STRIP8BIT))
goto writeerr;
if (tTd(43, 99))
sm_dprintf(" ...%s", buf);
}
if (sm_io_eof(e->e_dfp))
bt = MBT_FINAL;
while (bt != MBT_FINAL)
{
auto HDR *hdr = NULL;
(void) sm_strlcpyn(buf, sizeof(buf), 2, "--", bbuf);
if (!putline(buf, mci))
goto writeerr;
if (tTd(43, 35))
sm_dprintf(" ...%s\n", buf);
collect(e->e_dfp, false, &hdr, e, false);
if (tTd(43, 101))
putline("+++after collect", mci);
if (!putheader(mci, hdr, e, flags))
goto writeerr;
if (tTd(43, 101))
putline("+++after putheader", mci);
bt = mime8to7(mci, hdr, e, boundaries, flags,
level + 1);
if (bt == SM_IO_EOF)
goto writeerr;
}
(void) sm_strlcpyn(buf, sizeof(buf), 3, "--", bbuf, "--");
if (!putline(buf, mci))
goto writeerr;
if (tTd(43, 35))
sm_dprintf(" ...%s\n", buf);
boundaries[i] = NULL;
mci->mci_flags &= ~MCIF_INMIME;
/* skip the late "comment" epilogue */
while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf,
sizeof(buf))) >= 0)
{
bt = mimeboundary(buf, boundaries);
if (bt != MBT_NOTSEP)
break;
if (!putxline(buf, blen, mci,
PXLF_MAPFROM|PXLF_STRIP8BIT))
goto writeerr;
if (tTd(43, 99))
sm_dprintf(" ...%s", buf);
}
if (sm_io_eof(e->e_dfp))
bt = MBT_FINAL;
if (tTd(43, 3))
sm_dprintf("\t\t\tmime8to7=>%s (multipart)\n",
MimeBoundaryNames[bt]);
return bt;
}
/*
** Message/xxx types -- recurse exactly once.
**
** Class 's' is predefined to have "rfc822" only.
*/
if (sm_strcasecmp(type, "message") == 0)
{
if (!wordinclass(subtype, 's') ||
bitset(EF_TOODEEP, e->e_flags))
{
flags |= M87F_NO8BIT;
}
else
{
auto HDR *hdr = NULL;
if (!putline("", mci))
goto writeerr;
mci->mci_flags |= MCIF_INMIME;
collect(e->e_dfp, false, &hdr, e, false);
if (tTd(43, 101))
putline("+++after collect", mci);
if (!putheader(mci, hdr, e, flags))
goto writeerr;
if (tTd(43, 101))
putline("+++after putheader", mci);
if (hvalue("MIME-Version", hdr) == NULL &&
!bitset(M87F_NO8TO7, flags) &&
!putline("MIME-Version: 1.0", mci))
goto writeerr;
bt = mime8to7(mci, hdr, e, boundaries, flags,
level + 1);
mci->mci_flags &= ~MCIF_INMIME;
return bt;
}
}
/*
** Non-compound body type
**
** Compute the ratio of seven to eight bit characters;
** use that as a heuristic to decide how to do the
** encoding.
*/
sectionsize = sectionhighbits = 0;
if (!bitset(M87F_NO8BIT|M87F_NO8TO7, flags))
{
/* remember where we were */
offset = sm_io_tell(e->e_dfp, SM_TIME_DEFAULT);
if (offset == -1)
syserr("mime8to7: cannot sm_io_tell on %cf%s",
DATAFL_LETTER, e->e_id);
/* do a scan of this body type to count character types */
while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf,
sizeof(buf))) >= 0)
{
if (mimeboundary(buf, boundaries) != MBT_NOTSEP)
break;
for (i = 0; i < blen; i++)
{
/* count bytes with the high bit set */
sectionsize++;
if (bitset(0200, buf[i]))
sectionhighbits++;
}
/*
** Heuristic: if 1/4 of the first 4K bytes are 8-bit,
** assume base64. This heuristic avoids double-reading
** large graphics or video files.
*/
if (sectionsize >= 4096 &&
sectionhighbits > sectionsize / 4)
break;
}
/* return to the original offset for processing */
/* XXX use relative seeks to handle >31 bit file sizes? */
if (sm_io_seek(e->e_dfp, SM_TIME_DEFAULT, offset, SEEK_SET) < 0)
syserr("mime8to7: cannot sm_io_fseek on %cf%s",
DATAFL_LETTER, e->e_id);
else
sm_io_clearerr(e->e_dfp);
}
/*
** Heuristically determine encoding method.
** If more than 1/8 of the total characters have the
** eighth bit set, use base64; else use quoted-printable.
** However, only encode binary encoded data as base64,
** since otherwise the NL=>CRLF mapping will be a problem.
*/
if (tTd(43, 8))
{
sm_dprintf("mime8to7: %ld high bit(s) in %ld byte(s), cte=%s, type=%s/%s\n",
(long) sectionhighbits, (long) sectionsize,
cte == NULL ? "[none]" : cte,
type == NULL ? "[none]" : type,
subtype == NULL ? "[none]" : subtype);
}
if (cte != NULL && sm_strcasecmp(cte, "binary") == 0)
sectionsize = sectionhighbits;
linelen = 0;
bp = buf;
if (sectionhighbits == 0)
{
/* no encoding necessary */
if (cte != NULL &&
bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME,
mci->mci_flags) &&
!bitset(M87F_NO8TO7, flags))
{
/*
** Skip _unless_ in MIME mode and potentially
** converting from 8 bit to 7 bit MIME. See
** putheader() for the counterpart where the
** CTE header is skipped in the opposite
** situation.
*/
(void) sm_snprintf(buf, sizeof(buf),
"Content-Transfer-Encoding: %.200s", cte);
if (!putline(buf, mci))
goto writeerr;
if (tTd(43, 36))
sm_dprintf(" ...%s\n", buf);
}
if (!putline("", mci))
goto writeerr;
mci->mci_flags &= ~MCIF_INHEADER;
while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf,
sizeof(buf))) >= 0)
{
if (!bitset(MCIF_INLONGLINE, mci->mci_flags))
{
bt = mimeboundary(buf, boundaries);
if (bt != MBT_NOTSEP)
break;
}
if (!putxline(buf, blen, mci,
PXLF_MAPFROM|PXLF_NOADDEOL))
goto writeerr;
}
if (sm_io_eof(e->e_dfp))
bt = MBT_FINAL;
}
else if (!MapNLtoCRLF ||
(sectionsize / 8 < sectionhighbits && !use_qp))
{
/* use base64 encoding */
int c1, c2;
if (tTd(43, 36))
sm_dprintf(" ...Content-Transfer-Encoding: base64\n");
if (!putline("Content-Transfer-Encoding: base64", mci))
goto writeerr;
(void) sm_snprintf(buf, sizeof(buf),
"X-MIME-Autoconverted: from 8bit to base64 by %s id %s",
MyHostName, e->e_id);
if (!putline(buf, mci) || !putline("", mci))
goto writeerr;
mci->mci_flags &= ~MCIF_INHEADER;
while ((c1 = mime_getchar_crlf(e->e_dfp, boundaries, &bt)) !=
SM_IO_EOF)
{
if (linelen > 71)
{
*bp = '\0';
if (!putline(buf, mci))
goto writeerr;
linelen = 0;
bp = buf;
}
linelen += 4;
*bp++ = Base64Code[(c1 >> 2)];
c1 = (c1 & 0x03) << 4;
c2 = mime_getchar_crlf(e->e_dfp, boundaries, &bt);
if (c2 == SM_IO_EOF)
{
*bp++ = Base64Code[c1];
*bp++ = '=';
*bp++ = '=';
break;
}
c1 |= (c2 >> 4) & 0x0f;
*bp++ = Base64Code[c1];
c1 = (c2 & 0x0f) << 2;
c2 = mime_getchar_crlf(e->e_dfp, boundaries, &bt);
if (c2 == SM_IO_EOF)
{
*bp++ = Base64Code[c1];
*bp++ = '=';
break;
}
c1 |= (c2 >> 6) & 0x03;
*bp++ = Base64Code[c1];
*bp++ = Base64Code[c2 & 0x3f];
}
*bp = '\0';
if (!putline(buf, mci))
goto writeerr;
}
else
{
/* use quoted-printable encoding */
int c1, c2;
int fromstate;
BITMAP256 badchars;
/* set up map of characters that must be mapped */
clrbitmap(badchars);
for (c1 = 0x00; c1 < 0x20; c1++)
setbitn(c1, badchars);
clrbitn('\t', badchars);
for (c1 = 0x7f; c1 < 0x100; c1++)
setbitn(c1, badchars);
setbitn('=', badchars);
if (bitnset(M_EBCDIC, mci->mci_mailer->m_flags))
for (p = "!\"#$@[\\]^`{|}~"; *p != '\0'; p++)
setbitn(*p, badchars);
if (tTd(43, 36))
sm_dprintf(" ...Content-Transfer-Encoding: quoted-printable\n");
if (!putline("Content-Transfer-Encoding: quoted-printable",
mci))
goto writeerr;
(void) sm_snprintf(buf, sizeof(buf),
"X-MIME-Autoconverted: from 8bit to quoted-printable by %s id %s",
MyHostName, e->e_id);
if (!putline(buf, mci) || !putline("", mci))
goto writeerr;
mci->mci_flags &= ~MCIF_INHEADER;
fromstate = 0;
c2 = '\n';
while ((c1 = mime_getchar(e->e_dfp, boundaries, &bt)) !=
SM_IO_EOF)
{
if (c1 == '\n')
{
if (c2 == ' ' || c2 == '\t')
{
*bp++ = '=';
*bp++ = Base16Code[(c2 >> 4) & 0x0f];
*bp++ = Base16Code[c2 & 0x0f];
}
if (buf[0] == '.' && bp == &buf[1])
{
buf[0] = '=';
*bp++ = Base16Code[('.' >> 4) & 0x0f];
*bp++ = Base16Code['.' & 0x0f];
}
*bp = '\0';
if (!putline(buf, mci))
goto writeerr;
linelen = fromstate = 0;
bp = buf;
c2 = c1;
continue;
}
if (c2 == ' ' && linelen == 4 && fromstate == 4 &&
bitnset(M_ESCFROM, mci->mci_mailer->m_flags))
{
*bp++ = '=';
*bp++ = '2';
*bp++ = '0';
linelen += 3;
}
else if (c2 == ' ' || c2 == '\t')
{
*bp++ = c2;
linelen++;
}
if (linelen > 72 &&
(linelen > 75 || c1 != '.' ||
(linelen > 73 && c2 == '.')))
{
if (linelen > 73 && c2 == '.')
bp--;
else
c2 = '\n';
*bp++ = '=';
*bp = '\0';
if (!putline(buf, mci))
goto writeerr;
linelen = fromstate = 0;
bp = buf;
if (c2 == '.')
{
*bp++ = '.';
linelen++;
}
}
if (bitnset(bitidx(c1), badchars))
{
*bp++ = '=';
*bp++ = Base16Code[(c1 >> 4) & 0x0f];
*bp++ = Base16Code[c1 & 0x0f];
linelen += 3;
}
else if (c1 != ' ' && c1 != '\t')
{
if (linelen < 4 && c1 == "From"[linelen])
fromstate++;
*bp++ = c1;
linelen++;
}
c2 = c1;
}
/* output any saved character */
if (c2 == ' ' || c2 == '\t')
{
*bp++ = '=';
*bp++ = Base16Code[(c2 >> 4) & 0x0f];
*bp++ = Base16Code[c2 & 0x0f];
linelen += 3;
}
if (linelen > 0 || boundaries[0] != NULL)
{
*bp = '\0';
if (!putline(buf, mci))
goto writeerr;
}
}
if (tTd(43, 3))
sm_dprintf("\t\t\tmime8to7=>%s (basic)\n", MimeBoundaryNames[bt]);
return bt;
writeerr:
return SM_IO_EOF;
}
/*
** MIME_GETCHAR -- get a character for MIME processing
**
** Treats boundaries as SM_IO_EOF.
**
** Parameters:
** fp -- the input file.
** boundaries -- the current MIME boundaries.
** btp -- if the return value is SM_IO_EOF, *btp is set to
** the type of the boundary.
**
** Returns:
** The next character in the input stream.
*/
static int
mime_getchar(fp, boundaries, btp)
register SM_FILE_T *fp;
char **boundaries;
int *btp;
{
int c;
static unsigned char *bp = NULL;
static int buflen = 0;
static bool atbol = true; /* at beginning of line */
static int bt = MBT_SYNTAX; /* boundary type of next SM_IO_EOF */
static unsigned char buf[128]; /* need not be a full line */
int start = 0; /* indicates position of - in buffer */
if (buflen == 1 && *bp == '\n')
{
/* last \n in buffer may be part of next MIME boundary */
c = *bp;
}
else if (buflen > 0)
{
buflen--;
return *bp++;
}
else
c = sm_io_getc(fp, SM_TIME_DEFAULT);
bp = buf;
buflen = 0;
if (c == '\n')
{
/* might be part of a MIME boundary */
*bp++ = c;
atbol = true;
c = sm_io_getc(fp, SM_TIME_DEFAULT);
if (c == '\n')
{
(void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
return c;
}
start = 1;
}
if (c != SM_IO_EOF)
*bp++ = c;
else
bt = MBT_FINAL;
if (atbol && c == '-')
{
/* check for a message boundary */
c = sm_io_getc(fp, SM_TIME_DEFAULT);
if (c != '-')
{
if (c != SM_IO_EOF)
*bp++ = c;
else
bt = MBT_FINAL;
buflen = bp - buf - 1;
bp = buf;
return *bp++;
}
/* got "--", now check for rest of separator */
*bp++ = '-';
while (bp < &buf[sizeof(buf) - 2] &&
(c = sm_io_getc(fp, SM_TIME_DEFAULT)) != SM_IO_EOF &&
c != '\n')
{
*bp++ = c;
}
*bp = '\0'; /* XXX simply cut off? */
bt = mimeboundary((char *) &buf[start], boundaries);
switch (bt)
{
case MBT_FINAL:
case MBT_INTERMED:
/* we have a message boundary */
buflen = 0;
*btp = bt;
return SM_IO_EOF;
}
if (bp < &buf[sizeof(buf) - 2] && c != SM_IO_EOF)
*bp++ = c;
}
atbol = c == '\n';
buflen = bp - buf - 1;
if (buflen < 0)
{
*btp = bt;
return SM_IO_EOF;
}
bp = buf;
return *bp++;
}
/*
** MIME_GETCHAR_CRLF -- do mime_getchar, but translate NL => CRLF
**
** Parameters:
** fp -- the input file.
** boundaries -- the current MIME boundaries.
** btp -- if the return value is SM_IO_EOF, *btp is set to
** the type of the boundary.
**
** Returns:
** The next character in the input stream.
*/
static int
mime_getchar_crlf(fp, boundaries, btp)
register SM_FILE_T *fp;
char **boundaries;
int *btp;
{
static bool sendlf = false;
int c;
if (sendlf)
{
sendlf = false;
return '\n';
}
c = mime_getchar(fp, boundaries, btp);
if (c == '\n' && MapNLtoCRLF)
{
sendlf = true;
return '\r';
}
return c;
}
/*
** MIMEBOUNDARY -- determine if this line is a MIME boundary & its type
**
** Parameters:
** line -- the input line.
** boundaries -- the set of currently pending boundaries.
**
** Returns:
** MBT_NOTSEP -- if this is not a separator line
** MBT_INTERMED -- if this is an intermediate separator
** MBT_FINAL -- if this is a final boundary
** MBT_SYNTAX -- if this is a boundary for the wrong
** enclosure -- i.e., a syntax error.
*/
static int
mimeboundary(line, boundaries)
register char *line;
char **boundaries;
{
int type = MBT_NOTSEP;
int i;
int savec;
if (line[0] != '-' || line[1] != '-' || boundaries == NULL)
return MBT_NOTSEP;
i = strlen(line);
if (i > 0 && line[i - 1] == '\n')
i--;
/* strip off trailing whitespace */
while (i > 0 && (line[i - 1] == ' ' || line[i - 1] == '\t'
#if _FFR_MIME_CR_OK
|| line[i - 1] == '\r'
-#endif /* _FFR_MIME_CR_OK */
+#endif
))
i--;
savec = line[i];
line[i] = '\0';
if (tTd(43, 5))
sm_dprintf("mimeboundary: line=\"%s\"... ", line);
/* check for this as an intermediate boundary */
if (isboundary(&line[2], boundaries) >= 0)
type = MBT_INTERMED;
else if (i > 2 && strncmp(&line[i - 2], "--", 2) == 0)
{
/* check for a final boundary */
line[i - 2] = '\0';
if (isboundary(&line[2], boundaries) >= 0)
type = MBT_FINAL;
line[i - 2] = '-';
}
line[i] = savec;
if (tTd(43, 5))
sm_dprintf("%s\n", MimeBoundaryNames[type]);
return type;
}
/*
** DEFCHARSET -- return default character set for message
**
** The first choice for character set is for the mailer
** corresponding to the envelope sender. If neither that
** nor the global configuration file has a default character
** set defined, return "unknown-8bit" as recommended by
** RFC 1428 section 3.
**
** Parameters:
** e -- the envelope for this message.
**
** Returns:
** The default character set for that mailer.
*/
char *
defcharset(e)
register ENVELOPE *e;
{
if (e != NULL && e->e_from.q_mailer != NULL &&
e->e_from.q_mailer->m_defcharset != NULL)
return e->e_from.q_mailer->m_defcharset;
if (DefaultCharSet != NULL)
return DefaultCharSet;
return "unknown-8bit";
}
/*
** ISBOUNDARY -- is a given string a currently valid boundary?
**
** Parameters:
** line -- the current input line.
** boundaries -- the list of valid boundaries.
**
** Returns:
** The index number in boundaries if the line is found.
** -1 -- otherwise.
**
*/
static int
isboundary(line, boundaries)
char *line;
char **boundaries;
{
register int i;
for (i = 0; i <= MAXMIMENESTING && boundaries[i] != NULL; i++)
{
if (strcmp(line, boundaries[i]) == 0)
return i;
}
return -1;
}
#endif /* MIME8TO7 */
#if MIME7TO8
static int mime_fromqp __P((unsigned char *, unsigned char **, int));
/*
** MIME7TO8 -- output 7 bit encoded MIME body in 8 bit format
**
** This is a hack. Supports translating the two 7-bit body-encodings
** (quoted-printable and base64) to 8-bit coded bodies.
**
** There is not much point in supporting multipart here, as the UA
** will be able to deal with encoded MIME bodies if it can parse MIME
** multipart messages.
**
** Note also that we won't be called unless it is a text/plain MIME
** message, encoded base64 or QP and mailer flag '9' has been defined
** on mailer.
**
** Contributed by Marius Olaffson <marius@rhi.hi.is>.
**
** Parameters:
** mci -- mailer connection information.
** header -- the header for this body part.
** e -- envelope.
**
** Returns:
** true iff body was written successfully
*/
static char index_64[128] =
{
-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,62, -1,-1,-1,63,
52,53,54,55, 56,57,58,59, 60,61,-1,-1, -1,-1,-1,-1,
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10, 11,12,13,14,
15,16,17,18, 19,20,21,22, 23,24,25,-1, -1,-1,-1,-1,
-1,26,27,28, 29,30,31,32, 33,34,35,36, 37,38,39,40,
41,42,43,44, 45,46,47,48, 49,50,51,-1, -1,-1,-1,-1
};
# define CHAR64(c) (((c) < 0 || (c) > 127) ? -1 : index_64[(c)])
bool
mime7to8(mci, header, e)
register MCI *mci;
HDR *header;
register ENVELOPE *e;
{
int pxflags, blen;
register char *p;
char *cte;
char **pvp;
unsigned char *fbufp;
char buf[MAXLINE];
unsigned char fbuf[MAXLINE + 1];
char pvpbuf[MAXLINE];
extern unsigned char MimeTokenTab[256];
p = hvalue("Content-Transfer-Encoding", header);
if (p == NULL ||
(pvp = prescan(p, '\0', pvpbuf, sizeof(pvpbuf), NULL,
MimeTokenTab, false)) == NULL ||
pvp[0] == NULL)
{
/* "can't happen" -- upper level should have caught this */
syserr("mime7to8: unparsable CTE %s", p == NULL ? "<NULL>" : p);
/* avoid bounce loops */
e->e_flags |= EF_DONT_MIME;
/* cheap failsafe algorithm -- should work on text/plain */
if (p != NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
"Content-Transfer-Encoding: %s", p);
if (!putline(buf, mci))
goto writeerr;
}
if (!putline("", mci))
goto writeerr;
mci->mci_flags &= ~MCIF_INHEADER;
while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf,
sizeof(buf))) >= 0)
{
if (!putxline(buf, blen, mci, PXLF_MAPFROM))
goto writeerr;
}
return true;
}
cataddr(pvp, NULL, buf, sizeof(buf), '\0', false);
cte = sm_rpool_strdup_x(e->e_rpool, buf);
mci->mci_flags |= MCIF_INHEADER;
if (!putline("Content-Transfer-Encoding: 8bit", mci))
goto writeerr;
(void) sm_snprintf(buf, sizeof(buf),
"X-MIME-Autoconverted: from %.200s to 8bit by %s id %s",
cte, MyHostName, e->e_id);
if (!putline(buf, mci) || !putline("", mci))
goto writeerr;
mci->mci_flags &= ~MCIF_INHEADER;
/*
** Translate body encoding to 8-bit. Supports two types of
** encodings; "base64" and "quoted-printable". Assume qp if
** it is not base64.
*/
pxflags = PXLF_MAPFROM;
if (sm_strcasecmp(cte, "base64") == 0)
{
int c1, c2, c3, c4;
fbufp = fbuf;
while ((c1 = sm_io_getc(e->e_dfp, SM_TIME_DEFAULT)) !=
SM_IO_EOF)
{
- if (isascii(c1) && isspace(c1))
+ if (SM_ISSPACE(c1))
continue;
do
{
c2 = sm_io_getc(e->e_dfp, SM_TIME_DEFAULT);
- } while (isascii(c2) && isspace(c2));
+ } while (SM_ISSPACE(c2));
if (c2 == SM_IO_EOF)
break;
do
{
c3 = sm_io_getc(e->e_dfp, SM_TIME_DEFAULT);
- } while (isascii(c3) && isspace(c3));
+ } while (SM_ISSPACE(c3));
if (c3 == SM_IO_EOF)
break;
do
{
c4 = sm_io_getc(e->e_dfp, SM_TIME_DEFAULT);
- } while (isascii(c4) && isspace(c4));
+ } while (SM_ISSPACE(c4));
if (c4 == SM_IO_EOF)
break;
if (c1 == '=' || c2 == '=')
continue;
c1 = CHAR64(c1);
c2 = CHAR64(c2);
#if MIME7TO8_OLD
#define CHK_EOL if (*--fbufp != '\n' || (fbufp > fbuf && *--fbufp != '\r')) \
++fbufp;
#else /* MIME7TO8_OLD */
#define CHK_EOL if (*--fbufp != '\n' || (fbufp > fbuf && *--fbufp != '\r')) \
{ \
++fbufp; \
pxflags |= PXLF_NOADDEOL; \
}
#endif /* MIME7TO8_OLD */
#define PUTLINE64 \
do \
{ \
if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) \
{ \
CHK_EOL; \
if (!putxline((char *) fbuf, fbufp - fbuf, mci, pxflags)) \
goto writeerr; \
pxflags &= ~PXLF_NOADDEOL; \
fbufp = fbuf; \
} \
} while (0)
*fbufp = (c1 << 2) | ((c2 & 0x30) >> 4);
PUTLINE64;
if (c3 == '=')
continue;
c3 = CHAR64(c3);
*fbufp = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2);
PUTLINE64;
if (c4 == '=')
continue;
c4 = CHAR64(c4);
*fbufp = ((c3 & 0x03) << 6) | c4;
PUTLINE64;
}
}
else
{
int off;
/* quoted-printable */
pxflags |= PXLF_NOADDEOL;
fbufp = fbuf;
while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf,
sizeof(buf)) >= 0)
{
off = mime_fromqp((unsigned char *) buf, &fbufp,
&fbuf[MAXLINE] - fbufp);
again:
if (off < -1)
continue;
if (fbufp - fbuf > 0)
{
if (!putxline((char *) fbuf, fbufp - fbuf - 1,
mci, pxflags))
goto writeerr;
}
fbufp = fbuf;
if (off >= 0 && buf[off] != '\0')
{
off = mime_fromqp((unsigned char *) (buf + off),
&fbufp,
&fbuf[MAXLINE] - fbufp);
goto again;
}
}
}
/* force out partial last line */
if (fbufp > fbuf)
{
*fbufp = '\0';
if (!putxline((char *) fbuf, fbufp - fbuf, mci, pxflags))
goto writeerr;
}
/*
** The decoded text may end without an EOL. Since this function
** is only called for text/plain MIME messages, it is safe to
** add an extra one at the end just in case. This is a hack,
** but so is auto-converting MIME in the first place.
*/
if (!putline("", mci))
goto writeerr;
if (tTd(43, 3))
sm_dprintf("\t\t\tmime7to8 => %s to 8bit done\n", cte);
return true;
writeerr:
return false;
}
/*
** The following is based on Borenstein's "codes.c" module, with simplifying
** changes as we do not deal with multipart, and to do the translation in-core,
** with an attempt to prevent overrun of output buffers.
**
** What is needed here are changes to defend this code better against
** bad encodings. Questionable to always return 0xFF for bad mappings.
*/
static char index_hex[128] =
{
-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1, -1,-1,-1,-1,
-1,10,11,12, 13,14,15,-1, -1,-1,-1,-1, -1,-1,-1,-1,
-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1,
-1,10,11,12, 13,14,15,-1, -1,-1,-1,-1, -1,-1,-1,-1,
-1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1
};
# define HEXCHAR(c) (((c) < 0 || (c) > 127) ? -1 : index_hex[(c)])
/*
** MIME_FROMQP -- decode quoted printable string
**
** Parameters:
** infile -- input (encoded) string
** outfile -- output string
** maxlen -- size of output buffer
**
** Returns:
** -2 if decoding failure
** -1 if infile completely decoded into outfile
** >= 0 is the position in infile decoding
** reached before maxlen was reached
*/
static int
mime_fromqp(infile, outfile, maxlen)
unsigned char *infile;
unsigned char **outfile;
int maxlen; /* Max # of chars allowed in outfile */
{
int c1, c2;
int nchar = 0;
unsigned char *b;
/* decrement by one for trailing '\0', at least one other char */
if (--maxlen < 1)
return 0;
b = infile;
while ((c1 = *infile++) != '\0' && nchar < maxlen)
{
if (c1 == '=')
{
if ((c1 = *infile++) == '\0')
break;
if (c1 == '\n' || (c1 = HEXCHAR(c1)) == -1)
{
/* ignore it and the rest of the buffer */
return -2;
}
else
{
do
{
if ((c2 = *infile++) == '\0')
{
c2 = -1;
break;
}
} while ((c2 = HEXCHAR(c2)) == -1);
if (c2 == -1)
break;
nchar++;
*(*outfile)++ = c1 << 4 | c2;
}
}
else
{
nchar++;
*(*outfile)++ = c1;
if (c1 == '\n')
break;
}
}
*(*outfile)++ = '\0';
if (nchar >= maxlen)
return (infile - b - 1);
return -1;
}
#endif /* MIME7TO8 */
diff --git a/src/newaliases.0 b/src/newaliases.0
index c77f40136ec6..49ff2b0cba3b 100644
--- a/src/newaliases.0
+++ b/src/newaliases.0
@@ -1,35 +1,35 @@
NEWALIASES(1) NEWALIASES(1)
-NNAAMMEE
+NAME
newaliases - rebuild the data base for the mail aliases file
-SSYYNNOOPPSSIISS
- nneewwaalliiaasseess
+SYNOPSIS
+ newaliases
-DDEESSCCRRIIPPTTIIOONN
- NNeewwaalliiaasseess rebuilds the random access data base for the mail aliases
+DESCRIPTION
+ Newaliases rebuilds the random access data base for the mail aliases
file /etc/mail/aliases. It must be run each time this file is changed
in order for the change to take effect.
- NNeewwaalliiaasseess is identical to ``sendmail -bi''.
+ Newaliases is identical to ``sendmail -bi''.
- The nneewwaalliiaasseess utility exits 0 on success, and >0 if an error occurs.
+ The newaliases utility exits 0 on success, and >0 if an error occurs.
- Notice: do nnoott use mmaakkeemmaapp to create the aliases data base, because
- nneewwaalliiaasseess puts a special token into the data base that is required by
- sseennddmmaaiill..
+ Notice: do not use makemap to create the aliases data base, because
+ newaliases puts a special token into the data base that is required by
+ sendmail.
-FFIILLEESS
+FILES
/etc/mail/aliases The mail aliases file
-SSEEEE AALLSSOO
+SEE ALSO
aliases(5), sendmail(8)
-HHIISSTTOORRYY
- The nneewwaalliiaasseess command appeared in 4.0BSD.
+HISTORY
+ The newaliases command appeared in 4.0BSD.
$Date: 2013-11-22 20:51:56 $ NEWALIASES(1)
diff --git a/src/parseaddr.c b/src/parseaddr.c
index 2adb39caf0c4..58dde0f92465 100644
--- a/src/parseaddr.c
+++ b/src/parseaddr.c
@@ -1,3398 +1,3418 @@
/*
* Copyright (c) 1998-2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: parseaddr.c,v 8.407 2013-11-22 20:51:56 ca Exp $")
#include <sm/sendmail.h>
#include "map.h"
static void allocaddr __P((ADDRESS *, int, char *, ENVELOPE *));
static int callsubr __P((char**, int, ENVELOPE *));
static char *map_lookup __P((STAB *, char *, char **, int *, ENVELOPE *));
static ADDRESS *buildaddr __P((char **, ADDRESS *, int, ENVELOPE *));
static bool hasctrlchar __P((register char *, bool, bool));
/* replacement for illegal characters in addresses */
#define BAD_CHAR_REPLACEMENT '?'
/*
** PARSEADDR -- Parse an address
**
** Parses an address and breaks it up into three parts: a
** net to transmit the message on, the host to transmit it
** to, and a user on that host. These are loaded into an
** ADDRESS header with the values squirreled away if necessary.
** The "user" part may not be a real user; the process may
** just reoccur on that machine. For example, on a machine
** with an arpanet connection, the address
** csvax.bill@berkeley
** will break up to a "user" of 'csvax.bill' and a host
** of 'berkeley' -- to be transmitted over the arpanet.
**
** Parameters:
** addr -- the address to parse.
** a -- a pointer to the address descriptor buffer.
** If NULL, an address will be created.
** flags -- describe detail for parsing. See RF_ definitions
** in sendmail.h.
** delim -- the character to terminate the address, passed
** to prescan.
** delimptr -- if non-NULL, set to the location of the
** delim character that was found.
** e -- the envelope that will contain this address.
** isrcpt -- true if the address denotes a recipient; false
** indicates a sender.
**
** Returns:
** A pointer to the address descriptor header (`a' if
** `a' is non-NULL).
** NULL on error.
**
** Side Effects:
** e->e_to = addr
*/
/* following delimiters are inherent to the internal algorithms */
#define DELIMCHARS "()<>,;\r\n" /* default word delimiters */
ADDRESS *
parseaddr(addr, a, flags, delim, delimptr, e, isrcpt)
char *addr;
register ADDRESS *a;
int flags;
int delim;
char **delimptr;
register ENVELOPE *e;
bool isrcpt;
{
char **pvp;
auto char *delimptrbuf;
bool qup;
char pvpbuf[PSBUFSIZE];
/*
** Initialize and prescan address.
*/
e->e_to = addr;
if (tTd(20, 1))
sm_dprintf("\n--parseaddr(%s)\n", addr);
if (delimptr == NULL)
delimptr = &delimptrbuf;
pvp = prescan(addr, delim, pvpbuf, sizeof(pvpbuf), delimptr,
ExtTokenTab, false);
if (pvp == NULL)
{
if (tTd(20, 1))
sm_dprintf("parseaddr-->NULL\n");
return NULL;
}
if (invalidaddr(addr, delim == '\0' ? NULL : *delimptr, isrcpt))
{
if (tTd(20, 1))
sm_dprintf("parseaddr-->bad address\n");
return NULL;
}
/*
** Save addr if we are going to have to.
**
** We have to do this early because there is a chance that
** the map lookups in the rewriting rules could clobber
** static memory somewhere.
*/
if (bitset(RF_COPYPADDR, flags) && addr != NULL)
{
char savec = **delimptr;
if (savec != '\0')
**delimptr = '\0';
e->e_to = addr = sm_rpool_strdup_x(e->e_rpool, addr);
if (savec != '\0')
**delimptr = savec;
}
/*
** Apply rewriting rules.
** Ruleset 0 does basic parsing. It must resolve.
*/
qup = false;
+ e->e_flags |= EF_SECURE;
if (REWRITE(pvp, 3, e) == EX_TEMPFAIL)
qup = true;
if (REWRITE(pvp, 0, e) == EX_TEMPFAIL)
qup = true;
/*
** Build canonical address from pvp.
*/
a = buildaddr(pvp, a, flags, e);
if (hasctrlchar(a->q_user, isrcpt, true))
{
if (tTd(20, 1))
sm_dprintf("parseaddr-->bad q_user\n");
/*
** Just mark the address as bad so DSNs work.
** hasctrlchar() has to make sure that the address
** has been sanitized, e.g., shortened.
*/
a->q_state = QS_BADADDR;
}
/*
** Make local copies of the host & user and then
** transport them out.
*/
allocaddr(a, flags, addr, e);
+ e->e_flags &= ~EF_SECURE;
if (QS_IS_BADADDR(a->q_state))
{
/* weed out bad characters in the printable address too */
(void) hasctrlchar(a->q_paddr, isrcpt, false);
return a;
}
/*
** Select a queue directory for recipient addresses.
** This is done here and in split_across_queue_groups(),
** but the latter applies to addresses after aliasing,
** and only if splitting is done.
*/
if ((a->q_qgrp == NOAQGRP || a->q_qgrp == ENVQGRP) &&
!bitset(RF_SENDERADDR|RF_HEADERADDR|RF_RM_ADDR, flags) &&
OpMode != MD_INITALIAS)
{
int r;
/* call ruleset which should return a queue group name */
r = rscap(RS_QUEUEGROUP, a->q_user, NULL, e, &pvp, pvpbuf,
sizeof(pvpbuf));
if (r == EX_OK &&
pvp != NULL && pvp[0] != NULL &&
(pvp[0][0] & 0377) == CANONNET &&
pvp[1] != NULL && pvp[1][0] != '\0')
{
r = name2qid(pvp[1]);
if (r == NOQGRP && LogLevel > 10)
sm_syslog(LOG_INFO, NOQID,
"can't find queue group name %s, selection ignored",
pvp[1]);
if (tTd(20, 4) && r != NOQGRP)
sm_syslog(LOG_INFO, NOQID,
"queue group name %s -> %d",
pvp[1], r);
a->q_qgrp = r == NOQGRP ? ENVQGRP : r;
}
}
/*
** If there was a parsing failure, mark it for queueing.
*/
if (qup && OpMode != MD_INITALIAS)
{
char *msg = "Transient parse error -- message queued for future delivery";
if (e->e_sendmode == SM_DEFER)
msg = "Deferring message until queue run";
if (tTd(20, 1))
sm_dprintf("parseaddr: queueing message\n");
- message(msg);
+ message("%s", msg);
if (e->e_message == NULL && e->e_sendmode != SM_DEFER)
e->e_message = sm_rpool_strdup_x(e->e_rpool, msg);
a->q_state = QS_QUEUEUP;
a->q_status = "4.4.3";
}
/*
** Compute return value.
*/
if (tTd(20, 1))
{
sm_dprintf("parseaddr-->");
printaddr(sm_debug_file(), a, false);
}
return a;
}
/*
** INVALIDADDR -- check for address containing characters used for macros
**
** Parameters:
** addr -- the address to check.
** note: this is the complete address (including display part)
** delimptr -- if non-NULL: end of address to check, i.e.,
** a pointer in the address string.
** isrcpt -- true iff the address is for a recipient.
**
** Returns:
** true -- if the address has characters that are reservered
** for macros or is too long.
** false -- otherwise.
*/
bool
invalidaddr(addr, delimptr, isrcpt)
register char *addr;
char *delimptr;
bool isrcpt;
{
bool result = false;
char savedelim = '\0';
char *b = addr;
int len = 0;
if (delimptr != NULL)
{
/* delimptr points to the end of the address to test */
savedelim = *delimptr;
if (savedelim != '\0') /* if that isn't '\0' already: */
*delimptr = '\0'; /* set it */
}
for (; *addr != '\0'; addr++)
{
+#if !_FFR_EAI
if (!EightBitAddrOK && (*addr & 0340) == 0200)
{
setstat(EX_USAGE);
result = true;
*addr = BAD_CHAR_REPLACEMENT;
}
+#endif
if (++len > MAXNAME - 1)
{
char saved = *addr;
*addr = '\0';
usrerr("553 5.1.0 Address \"%s\" too long (%d bytes max)",
b, MAXNAME - 1);
*addr = saved;
result = true;
goto delim;
}
}
if (result)
{
if (isrcpt)
usrerr("501 5.1.3 8-bit character in mailbox address \"%s\"",
b);
else
usrerr("501 5.1.7 8-bit character in mailbox address \"%s\"",
b);
}
delim:
if (delimptr != NULL && savedelim != '\0')
*delimptr = savedelim; /* restore old character at delimptr */
return result;
}
/*
** HASCTRLCHAR -- check for address containing meta-characters
**
** Checks that the address contains no meta-characters, and contains
** no "non-printable" characters unless they are quoted or escaped.
** Quoted or escaped characters are literals.
**
** Parameters:
** addr -- the address to check.
** isrcpt -- true if the address is for a recipient; false
** indicates a from.
** complain -- true if an error should issued if the address
** is invalid and should be "repaired".
**
** Returns:
** true -- if the address has any "weird" characters or
** non-printable characters or if a quote is unbalanced.
** false -- otherwise.
*/
static bool
hasctrlchar(addr, isrcpt, complain)
register char *addr;
bool isrcpt, complain;
{
bool quoted = false;
int len = 0;
char *result = NULL;
char *b = addr;
if (addr == NULL)
return false;
for (; *addr != '\0'; addr++)
{
if (++len > MAXNAME - 1)
{
if (complain)
{
(void) shorten_rfc822_string(b, MAXNAME - 1);
usrerr("553 5.1.0 Address \"%s\" too long (%d bytes max)",
b, MAXNAME - 1);
return true;
}
result = "too long";
}
- if (!EightBitAddrOK && !quoted && (*addr < 32 || *addr == 127))
+ if (!quoted && ((unsigned char)*addr < 32 || *addr == 127))
{
result = "non-printable character";
*addr = BAD_CHAR_REPLACEMENT;
continue;
}
if (*addr == '"')
quoted = !quoted;
else if (*addr == '\\')
{
/* XXX Generic problem: no '\0' in strings. */
if (*++addr == '\0')
{
result = "trailing \\ character";
*--addr = BAD_CHAR_REPLACEMENT;
break;
}
}
+#if !_FFR_EAI
if (!EightBitAddrOK && (*addr & 0340) == 0200)
{
setstat(EX_USAGE);
result = "8-bit character";
*addr = BAD_CHAR_REPLACEMENT;
continue;
}
+#endif
}
if (quoted)
result = "unbalanced quote"; /* unbalanced quote */
if (result != NULL && complain)
{
if (isrcpt)
usrerr("501 5.1.3 Syntax error in mailbox address \"%s\" (%s)",
b, result);
else
usrerr("501 5.1.7 Syntax error in mailbox address \"%s\" (%s)",
b, result);
}
return result != NULL;
}
/*
** ALLOCADDR -- do local allocations of address on demand.
**
** Also lowercases the host name if requested.
**
** Parameters:
** a -- the address to reallocate.
** flags -- the copy flag (see RF_ definitions in sendmail.h
** for a description).
** paddr -- the printname of the address.
** e -- envelope
**
** Returns:
** none.
**
** Side Effects:
** Copies portions of a into local buffers as requested.
*/
static void
allocaddr(a, flags, paddr, e)
register ADDRESS *a;
int flags;
char *paddr;
ENVELOPE *e;
{
if (tTd(24, 4))
- sm_dprintf("allocaddr(flags=%x, paddr=%s)\n", flags, paddr);
+ sm_dprintf("allocaddr(flags=%x, paddr=%s, ad=%d)\n", flags, paddr, bitset(EF_SECURE, e->e_flags));
a->q_paddr = paddr;
if (a->q_user == NULL)
a->q_user = "";
if (a->q_host == NULL)
a->q_host = "";
+ if (bitset(EF_SECURE, e->e_flags))
+ a->q_flags |= QSECURE;
+
if (bitset(RF_COPYPARSE, flags))
{
a->q_host = sm_rpool_strdup_x(e->e_rpool, a->q_host);
if (a->q_user != a->q_paddr)
a->q_user = sm_rpool_strdup_x(e->e_rpool, a->q_user);
}
if (a->q_paddr == NULL)
a->q_paddr = sm_rpool_strdup_x(e->e_rpool, a->q_user);
a->q_qgrp = NOAQGRP;
}
/*
** PRESCAN -- Prescan name and make it canonical
**
** Scans a name and turns it into a set of tokens. This process
** deletes blanks and comments (in parentheses) (if the token type
** for left paren is SPC).
**
** This routine knows about quoted strings and angle brackets.
**
** There are certain subtleties to this routine. The one that
** comes to mind now is that backslashes on the ends of names
** are silently stripped off; this is intentional. The problem
** is that some versions of sndmsg (like at LBL) set the kill
** character to something other than @ when reading addresses;
** so people type "csvax.eric\@berkeley" -- which screws up the
** berknet mailer.
**
** Parameters:
** addr -- the name to chomp.
** delim -- the delimiter for the address, normally
** '\0' or ','; \0 is accepted in any case.
** If '\t' then we are reading the .cf file.
** pvpbuf -- place to put the saved text -- note that
** the pointers are static.
** pvpbsize -- size of pvpbuf.
** delimptr -- if non-NULL, set to the location of the
** terminating delimiter.
** toktab -- if set, a token table to use for parsing.
** If NULL, use the default table.
** ignore -- if true, ignore unbalanced addresses
**
** Returns:
** A pointer to a vector of tokens.
** NULL on error.
*/
/* states and character types */
#define OPR 0 /* operator */
#define ATM 1 /* atom */
#define QST 2 /* in quoted string */
#define SPC 3 /* chewing up spaces */
#define ONE 4 /* pick up one character */
#define ILL 5 /* illegal character */
#define NSTATES 6 /* number of states */
#define TYPE 017 /* mask to select state type */
/* meta bits for table */
#define M 020 /* meta character; don't pass through */
#define B 040 /* cause a break */
#define MB M|B /* meta-break */
static short StateTab[NSTATES][NSTATES] =
{
/* oldst chtype> OPR ATM QST SPC ONE ILL */
/*OPR*/ { OPR|B, ATM|B, QST|B, SPC|MB, ONE|B, ILL|MB },
/*ATM*/ { OPR|B, ATM, QST|B, SPC|MB, ONE|B, ILL|MB },
/*QST*/ { QST, QST, OPR, QST, QST, QST },
/*SPC*/ { OPR, ATM, QST, SPC|M, ONE, ILL|MB },
/*ONE*/ { OPR, OPR, OPR, OPR, OPR, ILL|MB },
/*ILL*/ { OPR|B, ATM|B, QST|B, SPC|MB, ONE|B, ILL|M }
};
/* these all get modified with the OperatorChars */
/* token type table for external strings */
unsigned char ExtTokenTab[256] =
{
/* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,SPC,SPC,SPC,SPC,SPC,ATM,ATM,
/* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* sp ! " # $ % & ' ( ) * + , - . / */
SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, SPC,SPC,ATM,ATM,ATM,ATM,ATM,ATM,
/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* @ A B C D E F G H I J K L M N O */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* P Q R S T U V W X Y Z [ \ ] ^ _ */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* ` a b c d e f g h i j k l m n o */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* p q r s t u v w x y z { | } ~ del */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* sp ! " # $ % & ' ( ) * + , - . / */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* @ A B C D E F G H I J K L M N O */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* P Q R S T U V W X Y Z [ \ ] ^ _ */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* ` a b c d e f g h i j k l m n o */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* p q r s t u v w x y z { | } ~ del */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM
};
/* token type table for internal strings */
unsigned char IntTokenTab[256] =
{
/* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,SPC,SPC,SPC,SPC,SPC,ATM,ATM,
/* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* sp ! " # $ % & ' ( ) * + , - . / */
SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, SPC,SPC,ATM,ATM,ATM,ATM,ATM,ATM,
/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* @ A B C D E F G H I J K L M N O */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* P Q R S T U V W X Y Z [ \ ] ^ _ */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* ` a b c d e f g h i j k l m n o */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* p q r s t u v w x y z { | } ~ del */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */
OPR,OPR,ONE,OPR,OPR,OPR,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR,
/* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */
OPR,OPR,OPR,ONE,ONE,ONE,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR,
/* sp ! " # $ % & ' ( ) * + , - . / */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* @ A B C D E F G H I J K L M N O */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* P Q R S T U V W X Y Z [ \ ] ^ _ */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* ` a b c d e f g h i j k l m n o */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* p q r s t u v w x y z { | } ~ del */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ONE
};
/* token type table for MIME parsing */
unsigned char MimeTokenTab[256] =
{
/* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,SPC,SPC,SPC,SPC,SPC,ILL,ILL,
/* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
/* sp ! " # $ % & ' ( ) * + , - . / */
SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, SPC,SPC,ATM,ATM,OPR,ATM,ATM,OPR,
/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,OPR,OPR,OPR,OPR,OPR,OPR,
/* @ A B C D E F G H I J K L M N O */
OPR,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* P Q R S T U V W X Y Z [ \ ] ^ _ */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,OPR,OPR,OPR,ATM,ATM,
/* ` a b c d e f g h i j k l m n o */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* p q r s t u v w x y z { | } ~ del */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
/* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
/* sp ! " # $ % & ' ( ) * + , - . / */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
/* @ A B C D E F G H I J K L M N O */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
/* P Q R S T U V W X Y Z [ \ ] ^ _ */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
/* ` a b c d e f g h i j k l m n o */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL,
/* p q r s t u v w x y z { | } ~ del */
ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ONE
};
/* token type table: don't strip comments */
unsigned char TokTypeNoC[256] =
{
/* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,SPC,SPC,SPC,SPC,SPC,ATM,ATM,
/* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* sp ! " # $ % & ' ( ) * + , - . / */
SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, OPR,OPR,ATM,ATM,ATM,ATM,ATM,ATM,
/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* @ A B C D E F G H I J K L M N O */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* P Q R S T U V W X Y Z [ \ ] ^ _ */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* ` a b c d e f g h i j k l m n o */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* p q r s t u v w x y z { | } ~ del */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */
OPR,OPR,ONE,OPR,OPR,OPR,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR,
/* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */
OPR,OPR,OPR,ONE,ONE,ONE,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR,
/* sp ! " # $ % & ' ( ) * + , - . / */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* @ A B C D E F G H I J K L M N O */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* P Q R S T U V W X Y Z [ \ ] ^ _ */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* ` a b c d e f g h i j k l m n o */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM,
/* p q r s t u v w x y z { | } ~ del */
ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ONE
};
#define NOCHAR (-1) /* signal nothing in lookahead token */
char **
prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab, ignore)
char *addr;
int delim;
char pvpbuf[];
int pvpbsize;
char **delimptr;
unsigned char *toktab;
bool ignore;
{
register char *p;
register char *q;
register int c;
char **avp;
bool bslashmode;
bool route_syntax;
int cmntcnt;
int anglecnt;
char *tok;
int state;
int newstate;
char *saveto = CurEnv->e_to;
static char *av[MAXATOM + 1];
static bool firsttime = true;
if (firsttime)
{
/* initialize the token type table */
char obuf[50];
firsttime = false;
if (OperatorChars == NULL)
{
if (ConfigLevel < 7)
OperatorChars = macvalue('o', CurEnv);
if (OperatorChars == NULL)
OperatorChars = ".:@[]";
}
expand(OperatorChars, obuf, sizeof(obuf) - sizeof(DELIMCHARS),
CurEnv);
(void) sm_strlcat(obuf, DELIMCHARS, sizeof(obuf));
for (p = obuf; *p != '\0'; p++)
{
if (IntTokenTab[*p & 0xff] == ATM)
IntTokenTab[*p & 0xff] = OPR;
if (ExtTokenTab[*p & 0xff] == ATM)
ExtTokenTab[*p & 0xff] = OPR;
if (TokTypeNoC[*p & 0xff] == ATM)
TokTypeNoC[*p & 0xff] = OPR;
}
}
if (toktab == NULL)
toktab = ExtTokenTab;
/* make sure error messages don't have garbage on them */
errno = 0;
q = pvpbuf;
bslashmode = false;
route_syntax = false;
cmntcnt = 0;
anglecnt = 0;
avp = av;
state = ATM;
c = NOCHAR;
p = addr;
CurEnv->e_to = p;
if (tTd(22, 11))
{
sm_dprintf("prescan: ");
xputs(sm_debug_file(), p);
sm_dprintf("\n");
}
do
{
/* read a token */
tok = q;
for (;;)
{
/* store away any old lookahead character */
if (c != NOCHAR && !bslashmode)
{
/* see if there is room */
if (q >= &pvpbuf[pvpbsize - 5])
{
addrtoolong:
usrerr("553 5.1.1 Address too long");
if (strlen(addr) > MAXNAME)
addr[MAXNAME] = '\0';
returnnull:
if (delimptr != NULL)
{
if (p > addr)
--p;
*delimptr = p;
}
CurEnv->e_to = saveto;
return NULL;
}
/* squirrel it away */
#if !ALLOW_255
if ((char) c == (char) -1 && !tTd(82, 101) &&
!EightBitAddrOK)
c &= 0x7f;
#endif /* !ALLOW_255 */
*q++ = c;
}
/* read a new input character */
c = (*p++) & 0x00ff;
if (c == '\0')
{
/* diagnose and patch up bad syntax */
if (ignore)
break;
else if (state == QST)
{
usrerr("553 Unbalanced '\"'");
c = '"';
}
else if (cmntcnt > 0)
{
usrerr("553 Unbalanced '('");
c = ')';
}
else if (anglecnt > 0)
{
c = '>';
usrerr("553 Unbalanced '<'");
}
else
break;
p--;
}
else if (c == delim && cmntcnt <= 0 && state != QST)
{
if (anglecnt <= 0)
break;
/* special case for better error management */
if (delim == ',' && !route_syntax && !ignore)
{
usrerr("553 Unbalanced '<'");
c = '>';
p--;
}
}
if (tTd(22, 101))
sm_dprintf("c=%c, s=%d; ", c, state);
/* chew up special characters */
*q = '\0';
if (bslashmode)
{
bslashmode = false;
/* kludge \! for naive users */
if (cmntcnt > 0)
{
c = NOCHAR;
continue;
}
else if (c != '!' || state == QST)
{
/* see if there is room */
if (q >= &pvpbuf[pvpbsize - 5])
goto addrtoolong;
*q++ = '\\';
continue;
}
}
if (c == '\\')
{
bslashmode = true;
}
else if (state == QST)
{
/* EMPTY */
/* do nothing, just avoid next clauses */
}
else if (c == '(' && toktab['('] == SPC)
{
cmntcnt++;
c = NOCHAR;
}
else if (c == ')' && toktab['('] == SPC)
{
if (cmntcnt <= 0)
{
if (!ignore)
{
usrerr("553 Unbalanced ')'");
c = NOCHAR;
}
}
else
cmntcnt--;
}
else if (cmntcnt > 0)
{
c = NOCHAR;
}
else if (c == '<')
{
char *ptr = p;
anglecnt++;
- while (isascii(*ptr) && isspace(*ptr))
+ while (SM_ISSPACE(*ptr))
ptr++;
if (*ptr == '@')
route_syntax = true;
}
else if (c == '>')
{
if (anglecnt <= 0)
{
if (!ignore)
{
usrerr("553 Unbalanced '>'");
c = NOCHAR;
}
}
else
anglecnt--;
route_syntax = false;
}
- else if (delim == ' ' && isascii(c) && isspace(c))
+ else if (delim == ' ' && SM_ISSPACE(c))
c = ' ';
if (c == NOCHAR)
continue;
/* see if this is end of input */
if (c == delim && anglecnt <= 0 && state != QST)
break;
newstate = StateTab[state][toktab[c & 0xff]];
if (tTd(22, 101))
sm_dprintf("ns=%02o\n", newstate);
state = newstate & TYPE;
if (state == ILL)
{
if (isascii(c) && isprint(c))
usrerr("553 Illegal character %c", c);
else
usrerr("553 Illegal character 0x%02x",
c & 0x0ff);
}
if (bitset(M, newstate))
c = NOCHAR;
if (bitset(B, newstate))
break;
}
/* new token */
if (tok != q)
{
/* see if there is room */
if (q >= &pvpbuf[pvpbsize - 5])
goto addrtoolong;
*q++ = '\0';
if (tTd(22, 36))
{
sm_dprintf("tok=");
xputs(sm_debug_file(), tok);
sm_dprintf("\n");
}
if (avp >= &av[MAXATOM])
{
usrerr("553 5.1.0 prescan: too many tokens");
goto returnnull;
}
if (q - tok > MAXNAME)
{
usrerr("553 5.1.0 prescan: token too long");
goto returnnull;
}
*avp++ = tok;
}
} while (c != '\0' && (c != delim || anglecnt > 0));
*avp = NULL;
if (delimptr != NULL)
{
if (p > addr)
p--;
*delimptr = p;
}
if (tTd(22, 12))
{
sm_dprintf("prescan==>");
printav(sm_debug_file(), av);
}
CurEnv->e_to = saveto;
if (av[0] == NULL)
{
if (tTd(22, 1))
sm_dprintf("prescan: null leading token\n");
return NULL;
}
return av;
}
/*
** REWRITE -- apply rewrite rules to token vector.
**
** This routine is an ordered production system. Each rewrite
** rule has a LHS (called the pattern) and a RHS (called the
** rewrite); 'rwr' points the the current rewrite rule.
**
** For each rewrite rule, 'avp' points the address vector we
** are trying to match against, and 'pvp' points to the pattern.
** If pvp points to a special match value (MATCHZANY, MATCHANY,
** MATCHONE, MATCHCLASS, MATCHNCLASS) then the address in avp
** matched is saved away in the match vector (pointed to by 'mvp').
**
** When a match between avp & pvp does not match, we try to
** back out. If we back up over MATCHONE, MATCHCLASS, or MATCHNCLASS
** we must also back out the match in mvp. If we reach a
** MATCHANY or MATCHZANY we just extend the match and start
** over again.
**
** When we finally match, we rewrite the address vector
** and try over again.
**
** Parameters:
** pvp -- pointer to token vector.
** ruleset -- the ruleset to use for rewriting.
** reclevel -- recursion level (to catch loops).
** e -- the current envelope.
** maxatom -- maximum length of buffer (usually MAXATOM)
**
** Returns:
** A status code. If EX_TEMPFAIL, higher level code should
** attempt recovery.
**
** Side Effects:
** pvp is modified.
*/
struct match
{
char **match_first; /* first token matched */
char **match_last; /* last token matched */
char **match_pattern; /* pointer to pattern */
};
int
rewrite(pvp, ruleset, reclevel, e, maxatom)
char **pvp;
int ruleset;
int reclevel;
register ENVELOPE *e;
int maxatom;
{
register char *ap; /* address pointer */
register char *rp; /* rewrite pointer */
register char *rulename; /* ruleset name */
register char *prefix;
register char **avp; /* address vector pointer */
register char **rvp; /* rewrite vector pointer */
register struct match *mlp; /* cur ptr into mlist */
register struct rewrite *rwr; /* pointer to current rewrite rule */
int ruleno; /* current rule number */
int rstat = EX_OK; /* return status */
int loopcount;
struct match mlist[MAXMATCH]; /* stores match on LHS */
char *npvp[MAXATOM + 1]; /* temporary space for rebuild */
char buf[MAXLINE];
char name[6];
/*
** mlp will not exceed mlist[] because readcf enforces
** the upper limit of entries when reading rulesets.
*/
if (ruleset < 0 || ruleset >= MAXRWSETS)
{
syserr("554 5.3.5 rewrite: illegal ruleset number %d", ruleset);
return EX_CONFIG;
}
rulename = RuleSetNames[ruleset];
if (rulename == NULL)
{
(void) sm_snprintf(name, sizeof(name), "%d", ruleset);
rulename = name;
}
if (OpMode == MD_TEST)
prefix = "";
else
prefix = "rewrite: ruleset ";
if (OpMode == MD_TEST)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%s%-16.16s input:", prefix, rulename);
printav(smioout, pvp);
}
else if (tTd(21, 1))
{
sm_dprintf("%s%-16.16s input:", prefix, rulename);
printav(sm_debug_file(), pvp);
}
if (reclevel++ > MaxRuleRecursion)
{
syserr("rewrite: excessive recursion (max %d), ruleset %s",
MaxRuleRecursion, rulename);
return EX_CONFIG;
}
if (pvp == NULL)
return EX_USAGE;
if (maxatom <= 0)
return EX_USAGE;
/*
** Run through the list of rewrite rules, applying
** any that match.
*/
ruleno = 1;
loopcount = 0;
for (rwr = RewriteRules[ruleset]; rwr != NULL; )
{
int status;
/* if already canonical, quit now */
if (pvp[0] != NULL && (pvp[0][0] & 0377) == CANONNET)
break;
if (tTd(21, 12))
{
if (tTd(21, 15))
sm_dprintf("-----trying rule (line %d):",
rwr->r_line);
else
sm_dprintf("-----trying rule:");
printav(sm_debug_file(), rwr->r_lhs);
}
/* try to match on this rule */
mlp = mlist;
rvp = rwr->r_lhs;
avp = pvp;
if (++loopcount > 100)
{
syserr("554 5.3.5 Infinite loop in ruleset %s, rule %d",
rulename, ruleno);
if (tTd(21, 1))
{
sm_dprintf("workspace: ");
printav(sm_debug_file(), pvp);
}
break;
}
while ((ap = *avp) != NULL || *rvp != NULL)
{
rp = *rvp;
if (tTd(21, 35))
{
sm_dprintf("ADVANCE rp=");
xputs(sm_debug_file(), rp);
sm_dprintf(", ap=");
xputs(sm_debug_file(), ap);
sm_dprintf("\n");
}
if (rp == NULL)
{
/* end-of-pattern before end-of-address */
goto backup;
}
if (ap == NULL &&
(rp[0] & 0377) != MATCHZANY &&
(rp[0] & 0377) != MATCHZERO)
{
/* end-of-input with patterns left */
goto backup;
}
switch (rp[0] & 0377)
{
case MATCHCLASS:
/* match any phrase in a class */
mlp->match_pattern = rvp;
mlp->match_first = avp;
extendclass:
ap = *avp;
if (ap == NULL)
goto backup;
mlp->match_last = avp++;
cataddr(mlp->match_first, mlp->match_last,
buf, sizeof(buf), '\0', true);
if (!wordinclass(buf, rp[1]))
{
if (tTd(21, 36))
{
sm_dprintf("EXTEND rp=");
xputs(sm_debug_file(), rp);
sm_dprintf(", ap=");
xputs(sm_debug_file(), ap);
sm_dprintf("\n");
}
goto extendclass;
}
if (tTd(21, 36))
sm_dprintf("CLMATCH\n");
mlp++;
break;
case MATCHNCLASS:
/* match any token not in a class */
if (wordinclass(ap, rp[1]))
goto backup;
/* FALLTHROUGH */
case MATCHONE:
case MATCHANY:
/* match exactly one token */
mlp->match_pattern = rvp;
mlp->match_first = avp;
mlp->match_last = avp++;
mlp++;
break;
case MATCHZANY:
/* match zero or more tokens */
mlp->match_pattern = rvp;
mlp->match_first = avp;
mlp->match_last = avp - 1;
mlp++;
break;
case MATCHZERO:
/* match zero tokens */
break;
case MACRODEXPAND:
/*
** Match against run-time macro.
** This algorithm is broken for the
** general case (no recursive macros,
** improper tokenization) but should
** work for the usual cases.
*/
ap = macvalue(rp[1], e);
mlp->match_first = avp;
if (tTd(21, 2))
sm_dprintf("rewrite: LHS $&{%s} => \"%s\"\n",
macname(rp[1]),
ap == NULL ? "(NULL)" : ap);
if (ap == NULL)
break;
while (*ap != '\0')
{
if (*avp == NULL ||
sm_strncasecmp(ap, *avp,
strlen(*avp)) != 0)
{
/* no match */
avp = mlp->match_first;
goto backup;
}
ap += strlen(*avp++);
}
/* match */
break;
default:
/* must have exact match */
if (sm_strcasecmp(rp, ap))
goto backup;
avp++;
break;
}
/* successful match on this token */
rvp++;
continue;
backup:
/* match failed -- back up */
while (--mlp >= mlist)
{
rvp = mlp->match_pattern;
rp = *rvp;
avp = mlp->match_last + 1;
ap = *avp;
if (tTd(21, 36))
{
sm_dprintf("BACKUP rp=");
xputs(sm_debug_file(), rp);
sm_dprintf(", ap=");
xputs(sm_debug_file(), ap);
sm_dprintf("\n");
}
if (ap == NULL)
{
/* run off the end -- back up again */
continue;
}
if ((rp[0] & 0377) == MATCHANY ||
(rp[0] & 0377) == MATCHZANY)
{
/* extend binding and continue */
mlp->match_last = avp++;
rvp++;
mlp++;
break;
}
if ((rp[0] & 0377) == MATCHCLASS)
{
/* extend binding and try again */
mlp->match_last = avp;
goto extendclass;
}
}
if (mlp < mlist)
{
/* total failure to match */
break;
}
}
/*
** See if we successfully matched
*/
if (mlp < mlist || *rvp != NULL)
{
if (tTd(21, 10))
sm_dprintf("----- rule fails\n");
rwr = rwr->r_next;
ruleno++;
loopcount = 0;
continue;
}
rvp = rwr->r_rhs;
if (tTd(21, 12))
{
sm_dprintf("-----rule matches:");
printav(sm_debug_file(), rvp);
}
rp = *rvp;
if (rp != NULL)
{
if ((rp[0] & 0377) == CANONUSER)
{
rvp++;
rwr = rwr->r_next;
ruleno++;
loopcount = 0;
}
else if ((rp[0] & 0377) == CANONHOST)
{
rvp++;
rwr = NULL;
}
}
/* substitute */
for (avp = npvp; *rvp != NULL; rvp++)
{
register struct match *m;
register char **pp;
rp = *rvp;
if ((rp[0] & 0377) == MATCHREPL)
{
/* substitute from LHS */
m = &mlist[rp[1] - '1'];
if (m < mlist || m >= mlp)
{
syserr("554 5.3.5 rewrite: ruleset %s: replacement $%c out of bounds",
rulename, rp[1]);
return EX_CONFIG;
}
if (tTd(21, 15))
{
sm_dprintf("$%c:", rp[1]);
pp = m->match_first;
while (pp <= m->match_last)
{
- sm_dprintf(" %p=\"", *pp);
+ sm_dprintf(" %p=\"", (void *)*pp);
sm_dflush();
sm_dprintf("%s\"", *pp++);
}
sm_dprintf("\n");
}
pp = m->match_first;
while (pp <= m->match_last)
{
if (avp >= &npvp[maxatom])
goto toolong;
*avp++ = *pp++;
}
}
else
{
/* some sort of replacement */
if (avp >= &npvp[maxatom])
{
toolong:
syserr("554 5.3.0 rewrite: expansion too long");
if (LogLevel > 9)
sm_syslog(LOG_ERR, e->e_id,
"rewrite: expansion too long, ruleset=%s, ruleno=%d",
rulename, ruleno);
return EX_DATAERR;
}
if ((rp[0] & 0377) != MACRODEXPAND)
{
/* vanilla replacement from RHS */
*avp++ = rp;
}
else
{
/* $&{x} replacement */
char *mval = macvalue(rp[1], e);
char **xpvp;
size_t trsize = 0;
static size_t pvpb1_size = 0;
static char **pvpb1 = NULL;
char pvpbuf[PSBUFSIZE];
if (tTd(21, 2))
sm_dprintf("rewrite: RHS $&{%s} => \"%s\"\n",
macname(rp[1]),
mval == NULL ? "(NULL)" : mval);
if (mval == NULL || *mval == '\0')
continue;
/* save the remainder of the input */
for (xpvp = pvp; *xpvp != NULL; xpvp++)
trsize += sizeof(*xpvp);
if (trsize > pvpb1_size)
{
if (pvpb1 != NULL)
sm_free(pvpb1);
pvpb1 = (char **)
sm_pmalloc_x(trsize);
pvpb1_size = trsize;
}
memmove((char *) pvpb1,
(char *) pvp,
trsize);
/* scan the new replacement */
xpvp = prescan(mval, '\0', pvpbuf,
sizeof(pvpbuf), NULL,
NULL, false);
if (xpvp == NULL)
{
/* prescan pre-printed error */
return EX_DATAERR;
}
/* insert it into the output stream */
while (*xpvp != NULL)
{
if (tTd(21, 19))
sm_dprintf(" ... %s\n",
*xpvp);
*avp++ = sm_rpool_strdup_x(
e->e_rpool, *xpvp);
if (avp >= &npvp[maxatom])
goto toolong;
xpvp++;
}
if (tTd(21, 19))
sm_dprintf(" ... DONE\n");
/* restore the old trailing input */
memmove((char *) pvp,
(char *) pvpb1,
trsize);
}
}
}
*avp++ = NULL;
/*
** Check for any hostname/keyword lookups.
*/
for (rvp = npvp; *rvp != NULL; rvp++)
{
char **hbrvp;
char **xpvp;
size_t trsize;
char *replac;
int endtoken;
bool external;
STAB *map;
char *mapname;
char **key_rvp;
char **arg_rvp;
char **default_rvp;
char cbuf[MAXKEY];
char *pvpb1[MAXATOM + 1];
char *argvect[MAX_MAP_ARGS];
char pvpbuf[PSBUFSIZE];
char *nullpvp[1];
hbrvp = rvp;
if ((rvp[0][0] & 0377) == HOSTBEGIN)
{
endtoken = HOSTEND;
mapname = "host";
}
else if ((rvp[0][0] & 0377) == LOOKUPBEGIN)
{
endtoken = LOOKUPEND;
mapname = *++rvp;
if (mapname == NULL)
{
syserr("554 5.3.0 rewrite: missing mapname");
/* NOTREACHED */
SM_ASSERT(0);
}
}
else
continue;
/*
** Got a hostname/keyword lookup.
**
** This could be optimized fairly easily.
*/
map = stab(mapname, ST_MAP, ST_FIND);
if (map == NULL)
syserr("554 5.3.0 rewrite: map %s not found",
mapname);
/* extract the match part */
key_rvp = ++rvp;
if (key_rvp == NULL)
{
syserr("554 5.3.0 rewrite: missing key for map %s",
mapname);
/* NOTREACHED */
SM_ASSERT(0);
}
default_rvp = NULL;
arg_rvp = argvect;
xpvp = NULL;
replac = pvpbuf;
while (*rvp != NULL && ((rvp[0][0] & 0377) != endtoken))
{
int nodetype = rvp[0][0] & 0377;
if (nodetype != CANONHOST &&
nodetype != CANONUSER)
{
rvp++;
continue;
}
*rvp++ = NULL;
if (xpvp != NULL)
{
cataddr(xpvp, NULL, replac,
&pvpbuf[sizeof(pvpbuf)] - replac,
'\0', false);
if (arg_rvp <
&argvect[MAX_MAP_ARGS - 1])
*++arg_rvp = replac;
replac += strlen(replac) + 1;
xpvp = NULL;
}
switch (nodetype)
{
case CANONHOST:
xpvp = rvp;
break;
case CANONUSER:
default_rvp = rvp;
break;
}
}
if (*rvp != NULL)
*rvp++ = NULL;
if (xpvp != NULL)
{
cataddr(xpvp, NULL, replac,
&pvpbuf[sizeof(pvpbuf)] - replac,
'\0', false);
if (arg_rvp < &argvect[MAX_MAP_ARGS - 1])
*++arg_rvp = replac;
}
if (arg_rvp >= &argvect[MAX_MAP_ARGS - 1])
argvect[MAX_MAP_ARGS - 1] = NULL;
else
*++arg_rvp = NULL;
/* save the remainder of the input string */
trsize = (avp - rvp + 1) * sizeof(*rvp);
memmove((char *) pvpb1, (char *) rvp, trsize);
/* look it up */
cataddr(key_rvp, NULL, cbuf, sizeof(cbuf),
map == NULL ? '\0' : map->s_map.map_spacesub,
true);
argvect[0] = cbuf;
replac = map_lookup(map, cbuf, argvect, &rstat, e);
external = replac != NULL;
/* if no replacement, use default */
if (replac == NULL && default_rvp != NULL)
{
/* create the default */
cataddr(default_rvp, NULL, cbuf, sizeof(cbuf),
'\0', false);
replac = cbuf;
}
if (replac == NULL)
{
xpvp = key_rvp;
}
else if (*replac == '\0')
{
/* null replacement */
nullpvp[0] = NULL;
xpvp = nullpvp;
}
else
{
/* scan the new replacement */
xpvp = prescan(replac, '\0', pvpbuf,
sizeof(pvpbuf), NULL,
external ? NULL : IntTokenTab,
false);
if (xpvp == NULL)
{
/* prescan already printed error */
return EX_DATAERR;
}
}
/* append it to the token list */
for (avp = hbrvp; *xpvp != NULL; xpvp++)
{
*avp++ = sm_rpool_strdup_x(e->e_rpool, *xpvp);
if (avp >= &npvp[maxatom])
goto toolong;
}
/* restore the old trailing information */
rvp = avp - 1;
for (xpvp = pvpb1; (*avp++ = *xpvp++) != NULL; )
if (avp >= &npvp[maxatom])
goto toolong;
}
/*
** Check for subroutine calls.
*/
status = callsubr(npvp, reclevel, e);
if (rstat == EX_OK || status == EX_TEMPFAIL)
rstat = status;
/* copy vector back into original space. */
for (avp = npvp; *avp++ != NULL;)
continue;
memmove((char *) pvp, (char *) npvp,
(int) (avp - npvp) * sizeof(*avp));
if (tTd(21, 4))
{
sm_dprintf("rewritten as:");
printav(sm_debug_file(), pvp);
}
}
if (OpMode == MD_TEST)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%s%-16.16s returns:", prefix, rulename);
printav(smioout, pvp);
}
else if (tTd(21, 1))
{
sm_dprintf("%s%-16.16s returns:", prefix, rulename);
printav(sm_debug_file(), pvp);
}
return rstat;
}
/*
** CALLSUBR -- call subroutines in rewrite vector
**
** Parameters:
** pvp -- pointer to token vector.
** reclevel -- the current recursion level.
** e -- the current envelope.
**
** Returns:
** The status from the subroutine call.
**
** Side Effects:
** pvp is modified.
*/
static int
callsubr(pvp, reclevel, e)
char **pvp;
int reclevel;
ENVELOPE *e;
{
char **avp;
register int i;
int subr, j;
int nsubr;
int status;
int rstat = EX_OK;
#define MAX_SUBR 16
int subrnumber[MAX_SUBR];
int subrindex[MAX_SUBR];
nsubr = 0;
/*
** Look for subroutine calls in pvp, collect them into subr*[]
** We will perform the calls in the next loop, because we will
** call the "last" subroutine first to avoid recursive calls
** and too much copying.
*/
for (avp = pvp, j = 0; *avp != NULL; avp++, j++)
{
if ((avp[0][0] & 0377) == CALLSUBR && avp[1] != NULL)
{
stripquotes(avp[1]);
subr = strtorwset(avp[1], NULL, ST_FIND);
if (subr < 0)
{
syserr("554 5.3.5 Unknown ruleset %s", avp[1]);
return EX_CONFIG;
}
/*
** XXX instead of doing this we could optimize
** the rules after reading them: just remove
** calls to empty rulesets
*/
/* subroutine is an empty ruleset? don't call it */
if (RewriteRules[subr] == NULL)
{
if (tTd(21, 3))
sm_dprintf("-----skip subr %s (%d)\n",
avp[1], subr);
for (i = 2; avp[i] != NULL; i++)
avp[i - 2] = avp[i];
avp[i - 2] = NULL;
continue;
}
if (++nsubr >= MAX_SUBR)
{
syserr("554 5.3.0 Too many subroutine calls (%d max)",
MAX_SUBR);
return EX_CONFIG;
}
subrnumber[nsubr] = subr;
subrindex[nsubr] = j;
}
}
/*
** Perform the actual subroutines calls, "last" one first, i.e.,
** go from the right to the left through all calls,
** do the rewriting in place.
*/
for (; nsubr > 0; nsubr--)
{
subr = subrnumber[nsubr];
avp = pvp + subrindex[nsubr];
/* remove the subroutine call and name */
for (i = 2; avp[i] != NULL; i++)
avp[i - 2] = avp[i];
avp[i - 2] = NULL;
/*
** Now we need to call the ruleset specified for
** the subroutine. We can do this in place since
** we call the "last" subroutine first.
*/
status = rewrite(avp, subr, reclevel, e,
MAXATOM - subrindex[nsubr]);
if (status != EX_OK && status != EX_TEMPFAIL)
return status;
if (rstat == EX_OK || status == EX_TEMPFAIL)
rstat = status;
}
return rstat;
}
/*
** MAP_LOOKUP -- do lookup in map
**
** Parameters:
** smap -- the map to use for the lookup.
** key -- the key to look up.
** argvect -- arguments to pass to the map lookup.
** pstat -- a pointer to an integer in which to store the
** status from the lookup.
** e -- the current envelope.
**
** Returns:
** The result of the lookup.
** NULL -- if there was no data for the given key.
*/
static char *
map_lookup(smap, key, argvect, pstat, e)
STAB *smap;
char key[];
char **argvect;
int *pstat;
ENVELOPE *e;
{
auto int status = EX_OK;
MAP *map;
char *replac;
if (smap == NULL)
return NULL;
map = &smap->s_map;
DYNOPENMAP(map);
+ map->map_mflags |= MF_SECURE; /* default: secure */
if (e->e_sendmode == SM_DEFER &&
bitset(MF_DEFER, map->map_mflags))
{
/* don't do any map lookups */
if (tTd(60, 1))
sm_dprintf("map_lookup(%s, %s) => DEFERRED\n",
smap->s_name, key);
*pstat = EX_TEMPFAIL;
return NULL;
}
if (!bitset(MF_KEEPQUOTES, map->map_mflags))
stripquotes(key);
if (tTd(60, 1))
{
sm_dprintf("map_lookup(%s, ", smap->s_name);
xputs(sm_debug_file(), key);
if (tTd(60, 5))
{
int i;
for (i = 0; argvect[i] != NULL; i++)
sm_dprintf(", %%%d=%s", i, argvect[i]);
}
sm_dprintf(") => ");
}
replac = (*map->map_class->map_lookup)(map, key, argvect, &status);
+ if (bitset(MF_SECURE, map->map_mflags))
+ map->map_mflags &= ~MF_SECURE;
+ else
+ e->e_flags &= ~EF_SECURE;
+
if (tTd(60, 1))
- sm_dprintf("%s (%d)\n",
+ sm_dprintf("%s (%d), ad=%d\n",
replac != NULL ? replac : "NOT FOUND",
- status);
+ status, bitset(MF_SECURE, map->map_mflags));
/* should recover if status == EX_TEMPFAIL */
if (status == EX_TEMPFAIL && !bitset(MF_NODEFER, map->map_mflags))
{
*pstat = EX_TEMPFAIL;
if (tTd(60, 1))
sm_dprintf("map_lookup(%s, %s) tempfail: errno=%d\n",
smap->s_name, key, errno);
if (e->e_message == NULL)
{
char mbuf[320];
(void) sm_snprintf(mbuf, sizeof(mbuf),
"%.80s map: lookup (%s): deferred",
smap->s_name,
shortenstring(key, MAXSHORTSTR));
e->e_message = sm_rpool_strdup_x(e->e_rpool, mbuf);
}
}
if (status == EX_TEMPFAIL && map->map_tapp != NULL)
{
size_t i = strlen(key) + strlen(map->map_tapp) + 1;
static char *rwbuf = NULL;
static size_t rwbuflen = 0;
if (i > rwbuflen)
{
if (rwbuf != NULL)
sm_free(rwbuf);
rwbuflen = i;
rwbuf = (char *) sm_pmalloc_x(rwbuflen);
}
(void) sm_strlcpyn(rwbuf, rwbuflen, 2, key, map->map_tapp);
if (tTd(60, 4))
sm_dprintf("map_lookup tempfail: returning \"%s\"\n",
rwbuf);
return rwbuf;
}
return replac;
}
/*
** INITERRMAILERS -- initialize error and discard mailers
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** initializes error and discard mailers.
*/
static MAILER discardmailer;
static MAILER errormailer;
static char *discardargv[] = { "DISCARD", NULL };
static char *errorargv[] = { "ERROR", NULL };
void
initerrmailers()
{
if (discardmailer.m_name == NULL)
{
/* initialize the discard mailer */
discardmailer.m_name = "*discard*";
discardmailer.m_mailer = "DISCARD";
discardmailer.m_argv = discardargv;
}
if (errormailer.m_name == NULL)
{
/* initialize the bogus mailer */
errormailer.m_name = "*error*";
errormailer.m_mailer = "ERROR";
errormailer.m_argv = errorargv;
}
}
/*
** BUILDADDR -- build address from token vector.
**
** Parameters:
** tv -- token vector.
** a -- pointer to address descriptor to fill.
** If NULL, one will be allocated.
** flags -- info regarding whether this is a sender or
** a recipient.
** e -- the current envelope.
**
** Returns:
** NULL if there was an error.
** 'a' otherwise.
**
** Side Effects:
** fills in 'a'
*/
static struct errcodes
{
char *ec_name; /* name of error code */
int ec_code; /* numeric code */
} ErrorCodes[] =
{
{ "usage", EX_USAGE },
{ "nouser", EX_NOUSER },
{ "nohost", EX_NOHOST },
{ "unavailable", EX_UNAVAILABLE },
{ "software", EX_SOFTWARE },
{ "tempfail", EX_TEMPFAIL },
{ "protocol", EX_PROTOCOL },
{ "config", EX_CONFIG },
{ NULL, EX_UNAVAILABLE }
};
static ADDRESS *
buildaddr(tv, a, flags, e)
register char **tv;
register ADDRESS *a;
int flags;
register ENVELOPE *e;
{
bool tempfail = false;
int maxatom;
struct mailer **mp;
register struct mailer *m;
register char *p;
char *mname;
char **hostp;
char hbuf[MAXNAME + 1];
static char ubuf[MAXNAME + 2];
if (tTd(24, 5))
{
sm_dprintf("buildaddr, flags=%x, tv=", flags);
printav(sm_debug_file(), tv);
}
maxatom = MAXATOM;
if (a == NULL)
a = (ADDRESS *) sm_rpool_malloc_x(e->e_rpool, sizeof(*a));
memset((char *) a, '\0', sizeof(*a));
hbuf[0] = '\0';
/* set up default error return flags */
a->q_flags |= DefaultNotify;
/* figure out what net/mailer to use */
if (*tv == NULL || (**tv & 0377) != CANONNET)
{
syserr("554 5.3.5 buildaddr: no mailer in parsed address");
badaddr:
/*
** ExitStat may have been set by an earlier map open
** failure (to a permanent error (EX_OSERR) in syserr())
** so we also need to check if this particular $#error
** return wanted a 4XX failure.
**
** XXX the real fix is probably to set ExitStat correctly,
** i.e., to EX_TEMPFAIL if the map open is just a temporary
** error.
*/
if (ExitStat == EX_TEMPFAIL || tempfail)
a->q_state = QS_QUEUEUP;
else
{
a->q_state = QS_BADADDR;
a->q_mailer = &errormailer;
}
return a;
}
mname = *++tv;
--maxatom;
/* extract host and user portions */
if (*++tv != NULL && (**tv & 0377) == CANONHOST)
{
hostp = ++tv;
--maxatom;
}
else
hostp = NULL;
--maxatom;
while (*tv != NULL && (**tv & 0377) != CANONUSER)
{
tv++;
--maxatom;
}
if (*tv == NULL)
{
syserr("554 5.3.5 buildaddr: no user");
goto badaddr;
}
if (tv == hostp)
hostp = NULL;
else if (hostp != NULL)
cataddr(hostp, tv - 1, hbuf, sizeof(hbuf), '\0', false);
cataddr(++tv, NULL, ubuf, sizeof(ubuf), ' ', false);
--maxatom;
/* save away the host name */
if (sm_strcasecmp(mname, "error") == 0)
{
/* Set up triplet for use by -bv */
a->q_mailer = &errormailer;
a->q_user = sm_rpool_strdup_x(e->e_rpool, ubuf);
/* XXX wrong place? */
if (hostp != NULL)
{
register struct errcodes *ep;
a->q_host = sm_rpool_strdup_x(e->e_rpool, hbuf);
if (strchr(hbuf, '.') != NULL)
{
a->q_status = sm_rpool_strdup_x(e->e_rpool,
hbuf);
setstat(dsntoexitstat(hbuf));
}
else if (isascii(hbuf[0]) && isdigit(hbuf[0]))
{
setstat(atoi(hbuf));
}
else
{
for (ep = ErrorCodes; ep->ec_name != NULL; ep++)
if (sm_strcasecmp(ep->ec_name, hbuf) == 0)
break;
setstat(ep->ec_code);
}
}
else
{
a->q_host = NULL;
setstat(EX_UNAVAILABLE);
}
stripquotes(ubuf);
if (ISSMTPCODE(ubuf) && ubuf[3] == ' ')
{
char fmt[16];
int off;
if ((off = isenhsc(ubuf + 4, ' ')) > 0)
{
ubuf[off + 4] = '\0';
off += 5;
}
else
{
off = 4;
ubuf[3] = '\0';
}
(void) sm_strlcpyn(fmt, sizeof(fmt), 2, ubuf, " %s");
if (off > 4)
usrerr(fmt, ubuf + off);
else if (isenhsc(hbuf, '\0') > 0)
usrerrenh(hbuf, fmt, ubuf + off);
else
usrerr(fmt, ubuf + off);
/* XXX ubuf[off - 1] = ' '; */
if (ubuf[0] == '4')
tempfail = true;
}
else
{
usrerr("553 5.3.0 %s", ubuf);
}
goto badaddr;
}
for (mp = Mailer; (m = *mp++) != NULL; )
{
if (sm_strcasecmp(m->m_name, mname) == 0)
break;
}
if (m == NULL)
{
syserr("554 5.3.5 buildaddr: unknown mailer %s", mname);
goto badaddr;
}
a->q_mailer = m;
/* figure out what host (if any) */
if (hostp == NULL)
{
if (!bitnset(M_LOCALMAILER, m->m_flags))
{
syserr("554 5.3.5 buildaddr: no host");
goto badaddr;
}
a->q_host = NULL;
}
else
a->q_host = sm_rpool_strdup_x(e->e_rpool, hbuf);
/* figure out the user */
p = ubuf;
if (bitnset(M_CHECKUDB, m->m_flags) && *p == '@')
{
p++;
tv++;
--maxatom;
a->q_flags |= QNOTREMOTE;
}
/* do special mapping for local mailer */
if (*p == '"')
p++;
if (*p == '|' && bitnset(M_CHECKPROG, m->m_flags))
a->q_mailer = m = ProgMailer;
else if (*p == '/' && bitnset(M_CHECKFILE, m->m_flags))
a->q_mailer = m = FileMailer;
else if (*p == ':' && bitnset(M_CHECKINCLUDE, m->m_flags))
{
/* may be :include: */
stripquotes(ubuf);
if (sm_strncasecmp(ubuf, ":include:", 9) == 0)
{
/* if :include:, don't need further rewriting */
a->q_mailer = m = InclMailer;
a->q_user = sm_rpool_strdup_x(e->e_rpool, &ubuf[9]);
return a;
}
}
/* rewrite according recipient mailer rewriting rules */
macdefine(&e->e_macro, A_PERM, 'h', a->q_host);
if (ConfigLevel >= 10 ||
!bitset(RF_SENDERADDR|RF_HEADERADDR, flags))
{
/* sender addresses done later */
(void) rewrite(tv, 2, 0, e, maxatom);
if (m->m_re_rwset > 0)
(void) rewrite(tv, m->m_re_rwset, 0, e, maxatom);
}
(void) rewrite(tv, 4, 0, e, maxatom);
/* save the result for the command line/RCPT argument */
cataddr(tv, NULL, ubuf, sizeof(ubuf), '\0', true);
a->q_user = sm_rpool_strdup_x(e->e_rpool, ubuf);
/*
** Do mapping to lower case as requested by mailer
*/
if (a->q_host != NULL && !bitnset(M_HST_UPPER, m->m_flags))
makelower(a->q_host);
if (!bitnset(M_USR_UPPER, m->m_flags))
makelower(a->q_user);
if (tTd(24, 6))
{
sm_dprintf("buildaddr => ");
printaddr(sm_debug_file(), a, false);
}
return a;
}
/*
** CATADDR -- concatenate pieces of addresses (putting in <LWSP> subs)
**
** Parameters:
** pvp -- parameter vector to rebuild.
** evp -- last parameter to include. Can be NULL to
** use entire pvp.
** buf -- buffer to build the string into.
** sz -- size of buf.
** spacesub -- the space separator character;
** '\0': SpaceSub.
** NOSPACESEP: no separator
** external -- convert to external form?
** (no metacharacters; METAQUOTEs removed, see below)
**
** Returns:
** none.
**
** Side Effects:
** Destroys buf.
**
** Notes:
** There are two formats for strings: internal and external.
** The external format is just an eight-bit clean string (no
** null bytes, everything else OK). The internal format can
** include sendmail metacharacters. The special character
** METAQUOTE essentially quotes the character following, stripping
** it of all special semantics.
**
** The cataddr routine needs to be aware of whether it is producing
** an internal or external form as output (it only takes internal
** form as input).
**
** The parseaddr routine has a similar issue on input, but that
** is flagged on the basis of which token table is passed in.
*/
void
cataddr(pvp, evp, buf, sz, spacesub, external)
char **pvp;
char **evp;
char *buf;
register int sz;
int spacesub;
bool external;
{
bool oatomtok, natomtok;
char *p;
oatomtok = natomtok = false;
if (tTd(59, 14))
{
sm_dprintf("cataddr(%d) <==", external);
printav(sm_debug_file(), pvp);
}
if (sz <= 0)
return;
if (spacesub == '\0')
spacesub = SpaceSub;
if (pvp == NULL)
{
*buf = '\0';
return;
}
p = buf;
sz -= 2;
while (*pvp != NULL && sz > 0)
{
char *q;
natomtok = (IntTokenTab[**pvp & 0xff] == ATM);
if (oatomtok && natomtok && spacesub != NOSPACESEP)
{
*p++ = spacesub;
if (--sz <= 0)
break;
}
for (q = *pvp; *q != '\0'; )
{
int c;
if (--sz <= 0)
break;
*p++ = c = *q++;
/*
** If the current character (c) is METAQUOTE and we
** want the "external" form and the next character
** is not NUL, then overwrite METAQUOTE with that
- ** character (i.e., METAQUOTE ch is changed to
- ** ch). p[-1] is used because p is advanced (above).
+ ** character (i.e., METAQUOTE ch is changed to ch).
+ ** p[-1] is used because p is advanced (above).
*/
if ((c & 0377) == METAQUOTE && external && *q != '\0')
p[-1] = *q++;
}
if (sz <= 0)
break;
oatomtok = natomtok;
if (pvp++ == evp)
break;
}
#if 0
/*
** Silently truncate long strings: even though this doesn't
** seem like a good idea it is necessary because header checks
** send the whole header value to rscheck() and hence rewrite().
** The latter however sometimes uses a "short" buffer (e.g.,
** cbuf[MAXNAME + 1]) to call cataddr() which then triggers this
** error function. One possible fix to the problem is to pass
** flags to rscheck() and rewrite() to distinguish the various
** calls and only trigger the error if necessary. For now just
** undo the change from 8.13.0.
*/
if (sz <= 0)
usrerr("cataddr: string too long");
#endif
*p = '\0';
if (tTd(59, 14))
sm_dprintf(" cataddr => %s\n", str2prt(buf));
}
/*
** SAMEADDR -- Determine if two addresses are the same
**
** This is not just a straight comparison -- if the mailer doesn't
** care about the host we just ignore it, etc.
**
** Parameters:
** a, b -- pointers to the internal forms to compare.
**
** Returns:
** true -- they represent the same mailbox.
** false -- they don't.
**
** Side Effects:
** none.
*/
bool
sameaddr(a, b)
register ADDRESS *a;
register ADDRESS *b;
{
register ADDRESS *ca, *cb;
/* if they don't have the same mailer, forget it */
if (a->q_mailer != b->q_mailer)
return false;
/*
** Addresses resolving to error mailer
** should not be considered identical
*/
if (a->q_mailer == &errormailer)
return false;
/* if the user isn't the same, we can drop out */
if (strcmp(a->q_user, b->q_user) != 0)
return false;
/* do the required flags match? */
if (!ADDR_FLAGS_MATCH(a, b))
return false;
/* if we have good uids for both but they differ, these are different */
if (a->q_mailer == ProgMailer)
{
ca = getctladdr(a);
cb = getctladdr(b);
if (ca != NULL && cb != NULL &&
bitset(QGOODUID, ca->q_flags & cb->q_flags) &&
ca->q_uid != cb->q_uid)
return false;
}
/* otherwise compare hosts (but be careful for NULL ptrs) */
if (a->q_host == b->q_host)
{
/* probably both null pointers */
return true;
}
if (a->q_host == NULL || b->q_host == NULL)
{
/* only one is a null pointer */
return false;
}
if (strcmp(a->q_host, b->q_host) != 0)
return false;
return true;
}
/*
** PRINTADDR -- print address (for debugging)
**
** Parameters:
** a -- the address to print
** follow -- follow the q_next chain.
**
** Returns:
** none.
**
** Side Effects:
** none.
*/
struct qflags
{
char *qf_name;
unsigned long qf_bit;
};
/* :'a,.s;^#define \(Q[A-Z]*\) .*; { "\1", \1 },; */
static struct qflags AddressFlags[] =
{
{ "QGOODUID", QGOODUID },
{ "QPRIMARY", QPRIMARY },
{ "QNOTREMOTE", QNOTREMOTE },
{ "QSELFREF", QSELFREF },
{ "QBOGUSSHELL", QBOGUSSHELL },
{ "QUNSAFEADDR", QUNSAFEADDR },
{ "QPINGONSUCCESS", QPINGONSUCCESS },
{ "QPINGONFAILURE", QPINGONFAILURE },
{ "QPINGONDELAY", QPINGONDELAY },
{ "QHASNOTIFY", QHASNOTIFY },
{ "QRELAYED", QRELAYED },
{ "QEXPANDED", QEXPANDED },
{ "QDELIVERED", QDELIVERED },
{ "QDELAYED", QDELAYED },
{ "QTHISPASS", QTHISPASS },
{ "QALIAS", QALIAS },
{ "QBYTRACE", QBYTRACE },
{ "QBYNDELAY", QBYNDELAY },
{ "QBYNRELAY", QBYNRELAY },
{ "QINTBCC", QINTBCC },
{ "QDYNMAILER", QDYNMAILER },
{ "QRCPTOK", QRCPTOK },
+ { "QSECURE", QSECURE },
+ { "QTHISPASS", QTHISPASS },
+ { "QRCPTOK", QRCPTOK },
+ { "QQUEUED", QQUEUED },
{ NULL, 0 }
};
void
printaddr(fp, a, follow)
SM_FILE_T *fp;
register ADDRESS *a;
bool follow;
{
register MAILER *m;
MAILER pseudomailer;
register struct qflags *qfp;
bool firstone;
if (a == NULL)
{
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "[NULL]\n");
return;
}
while (a != NULL)
{
- (void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%p=", a);
+ (void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%p=", (void *)a);
(void) sm_io_flush(fp, SM_TIME_DEFAULT);
/* find the mailer -- carefully */
m = a->q_mailer;
if (m == NULL)
{
m = &pseudomailer;
m->m_mno = -1;
m->m_name = "NULL";
}
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"%s:\n\tmailer %d (%s), host `%s'\n",
a->q_paddr == NULL ? "<null>" : a->q_paddr,
m->m_mno, m->m_name,
a->q_host == NULL ? "<null>" : a->q_host);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"\tuser `%s', ruser `%s'\n",
a->q_user,
a->q_ruser == NULL ? "<null>" : a->q_ruser);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "\tstate=");
switch (a->q_state)
{
case QS_OK:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "OK");
break;
case QS_DONTSEND:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"DONTSEND");
break;
case QS_BADADDR:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"BADADDR");
break;
case QS_QUEUEUP:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"QUEUEUP");
break;
case QS_RETRY:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "RETRY");
break;
case QS_SENT:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "SENT");
break;
case QS_VERIFIED:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"VERIFIED");
break;
case QS_EXPANDED:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"EXPANDED");
break;
case QS_SENDER:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"SENDER");
break;
case QS_CLONED:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"CLONED");
break;
case QS_DISCARDED:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"DISCARDED");
break;
case QS_REPLACED:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"REPLACED");
break;
case QS_REMOVED:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"REMOVED");
break;
case QS_DUPLICATE:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"DUPLICATE");
break;
case QS_INCLUDED:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"INCLUDED");
break;
default:
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"%d", a->q_state);
break;
}
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
", next=%p, alias %p, uid %d, gid %d\n",
- a->q_next, a->q_alias,
+ (void *)a->q_next, (void *)a->q_alias,
(int) a->q_uid, (int) a->q_gid);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "\tflags=%lx<",
a->q_flags);
firstone = true;
for (qfp = AddressFlags; qfp->qf_name != NULL; qfp++)
{
if (!bitset(qfp->qf_bit, a->q_flags))
continue;
if (!firstone)
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
",");
firstone = false;
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s",
qfp->qf_name);
}
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, ">\n");
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"\towner=%s, home=\"%s\", fullname=\"%s\"\n",
a->q_owner == NULL ? "(none)" : a->q_owner,
a->q_home == NULL ? "(none)" : a->q_home,
a->q_fullname == NULL ? "(none)" : a->q_fullname);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"\torcpt=\"%s\", statmta=%s, status=%s\n",
a->q_orcpt == NULL ? "(none)" : a->q_orcpt,
a->q_statmta == NULL ? "(none)" : a->q_statmta,
a->q_status == NULL ? "(none)" : a->q_status);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"\tfinalrcpt=\"%s\"\n",
a->q_finalrcpt == NULL ? "(none)" : a->q_finalrcpt);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"\trstatus=\"%s\"\n",
a->q_rstatus == NULL ? "(none)" : a->q_rstatus);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"\tstatdate=%s\n",
a->q_statdate == 0 ? "(none)" : ctime(&a->q_statdate));
if (!follow)
return;
a = a->q_next;
}
}
/*
** EMPTYADDR -- return true if this address is empty (``<>'')
**
** Parameters:
** a -- pointer to the address
**
** Returns:
** true -- if this address is "empty" (i.e., no one should
** ever generate replies to it.
** false -- if it is a "regular" (read: replyable) address.
*/
bool
emptyaddr(a)
register ADDRESS *a;
{
return a->q_paddr == NULL || strcmp(a->q_paddr, "<>") == 0 ||
a->q_user == NULL || strcmp(a->q_user, "<>") == 0;
}
/*
** REMOTENAME -- return the name relative to the current mailer
**
** Parameters:
** name -- the name to translate.
** m -- the mailer that we want to do rewriting relative to.
** flags -- fine tune operations.
** pstat -- pointer to status word.
** e -- the current envelope.
**
** Returns:
** the text string representing this address relative to
** the receiving mailer.
**
** Side Effects:
** none.
**
** Warnings:
** The text string returned is tucked away locally;
** copy it if you intend to save it.
*/
char *
remotename(name, m, flags, pstat, e)
char *name;
struct mailer *m;
int flags;
int *pstat;
register ENVELOPE *e;
{
register char **pvp;
char *SM_NONVOLATILE fancy;
char *oldg;
int rwset;
static char buf[MAXNAME + 1];
char lbuf[MAXNAME + 1];
char pvpbuf[PSBUFSIZE];
char addrtype[4];
if (tTd(12, 1))
{
sm_dprintf("remotename(");
xputs(sm_debug_file(), name);
sm_dprintf(")\n");
}
/* don't do anything if we are tagging it as special */
if (bitset(RF_SENDERADDR, flags))
{
rwset = bitset(RF_HEADERADDR, flags) ? m->m_sh_rwset
: m->m_se_rwset;
addrtype[2] = 's';
}
else
{
rwset = bitset(RF_HEADERADDR, flags) ? m->m_rh_rwset
: m->m_re_rwset;
addrtype[2] = 'r';
}
if (rwset < 0)
return name;
addrtype[1] = ' ';
addrtype[3] = '\0';
addrtype[0] = bitset(RF_HEADERADDR, flags) ? 'h' : 'e';
macdefine(&e->e_macro, A_TEMP, macid("{addr_type}"), addrtype);
/*
** Do a heuristic crack of this name to extract any comment info.
** This will leave the name as a comment and a $g macro.
*/
if (bitset(RF_CANONICAL, flags) || bitnset(M_NOCOMMENT, m->m_flags))
fancy = "\201g";
else
fancy = crackaddr(name, e);
/*
** Turn the name into canonical form.
** Normally this will be RFC 822 style, i.e., "user@domain".
** If this only resolves to "user", and the "C" flag is
** specified in the sending mailer, then the sender's
** domain will be appended.
*/
pvp = prescan(name, '\0', pvpbuf, sizeof(pvpbuf), NULL, NULL, false);
if (pvp == NULL)
return name;
if (REWRITE(pvp, 3, e) == EX_TEMPFAIL)
*pstat = EX_TEMPFAIL;
if (bitset(RF_ADDDOMAIN, flags) && e->e_fromdomain != NULL)
{
/* append from domain to this address */
register char **pxp = pvp;
int l = MAXATOM; /* size of buffer for pvp */
/* see if there is an "@domain" in the current name */
while (*pxp != NULL && strcmp(*pxp, "@") != 0)
{
pxp++;
--l;
}
if (*pxp == NULL)
{
/* no.... append the "@domain" from the sender */
register char **qxq = e->e_fromdomain;
while ((*pxp++ = *qxq++) != NULL)
{
if (--l <= 0)
{
*--pxp = NULL;
usrerr("553 5.1.0 remotename: too many tokens");
*pstat = EX_UNAVAILABLE;
break;
}
}
if (REWRITE(pvp, 3, e) == EX_TEMPFAIL)
*pstat = EX_TEMPFAIL;
}
}
/*
** Do more specific rewriting.
** Rewrite using ruleset 1 or 2 depending on whether this is
** a sender address or not.
** Then run it through any receiving-mailer-specific rulesets.
*/
if (bitset(RF_SENDERADDR, flags))
{
if (REWRITE(pvp, 1, e) == EX_TEMPFAIL)
*pstat = EX_TEMPFAIL;
}
else
{
if (REWRITE(pvp, 2, e) == EX_TEMPFAIL)
*pstat = EX_TEMPFAIL;
}
if (rwset > 0)
{
if (REWRITE(pvp, rwset, e) == EX_TEMPFAIL)
*pstat = EX_TEMPFAIL;
}
/*
** Do any final sanitation the address may require.
** This will normally be used to turn internal forms
** (e.g., user@host.LOCAL) into external form. This
** may be used as a default to the above rules.
*/
if (REWRITE(pvp, 4, e) == EX_TEMPFAIL)
*pstat = EX_TEMPFAIL;
/*
** Now restore the comment information we had at the beginning.
*/
cataddr(pvp, NULL, lbuf, sizeof(lbuf), '\0', false);
oldg = macget(&e->e_macro, 'g');
macset(&e->e_macro, 'g', lbuf);
SM_TRY
/* need to make sure route-addrs have <angle brackets> */
if (bitset(RF_CANONICAL, flags) && lbuf[0] == '@')
expand("<\201g>", buf, sizeof(buf), e);
else
expand(fancy, buf, sizeof(buf), e);
SM_FINALLY
macset(&e->e_macro, 'g', oldg);
SM_END_TRY
if (tTd(12, 1))
{
sm_dprintf("remotename => `");
xputs(sm_debug_file(), buf);
sm_dprintf("', stat=%d\n", *pstat);
}
return buf;
}
/*
** MAPLOCALUSER -- run local username through ruleset 5 for final redirection
**
** Parameters:
** a -- the address to map (but just the user name part).
** sendq -- the sendq in which to install any replacement
** addresses.
** aliaslevel -- the alias nesting depth.
** e -- the envelope.
**
** Returns:
** none.
*/
#define Q_COPYFLAGS (QPRIMARY|QBOGUSSHELL|QUNSAFEADDR|\
Q_PINGFLAGS|QHASNOTIFY|\
QRELAYED|QEXPANDED|QDELIVERED|QDELAYED|\
QBYTRACE|QBYNDELAY|QBYNRELAY)
void
maplocaluser(a, sendq, aliaslevel, e)
register ADDRESS *a;
ADDRESS **sendq;
int aliaslevel;
ENVELOPE *e;
{
register char **pvp;
register ADDRESS *SM_NONVOLATILE a1 = NULL;
char pvpbuf[PSBUFSIZE];
if (tTd(29, 1))
{
sm_dprintf("maplocaluser: ");
printaddr(sm_debug_file(), a, false);
}
pvp = prescan(a->q_user, '\0', pvpbuf, sizeof(pvpbuf), NULL, NULL,
false);
if (pvp == NULL)
{
if (tTd(29, 9))
sm_dprintf("maplocaluser: cannot prescan %s\n",
a->q_user);
return;
}
macdefine(&e->e_macro, A_PERM, 'h', a->q_host);
macdefine(&e->e_macro, A_PERM, 'u', a->q_user);
macdefine(&e->e_macro, A_PERM, 'z', a->q_home);
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e r");
if (REWRITE(pvp, 5, e) == EX_TEMPFAIL)
{
if (tTd(29, 9))
sm_dprintf("maplocaluser: rewrite tempfail\n");
a->q_state = QS_QUEUEUP;
a->q_status = "4.4.3";
return;
}
if (pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET)
{
if (tTd(29, 9))
sm_dprintf("maplocaluser: doesn't resolve\n");
return;
}
SM_TRY
a1 = buildaddr(pvp, NULL, 0, e);
SM_EXCEPT(exc, "E:mta.quickabort")
/*
** mark address as bad, S5 returned an error
** and we gave that back to the SMTP client.
*/
a->q_state = QS_DONTSEND;
sm_exc_raisenew_x(&EtypeQuickAbort, 2);
SM_END_TRY
/* if non-null, mailer destination specified -- has it changed? */
if (a1 == NULL || sameaddr(a, a1))
{
if (tTd(29, 9))
sm_dprintf("maplocaluser: address unchanged\n");
return;
}
/* make new address take on flags and print attributes of old */
a1->q_flags &= ~Q_COPYFLAGS;
a1->q_flags |= a->q_flags & Q_COPYFLAGS;
a1->q_paddr = sm_rpool_strdup_x(e->e_rpool, a->q_paddr);
a1->q_finalrcpt = a->q_finalrcpt;
a1->q_orcpt = a->q_orcpt;
/* mark old address as dead; insert new address */
a->q_state = QS_REPLACED;
if (tTd(29, 5))
{
sm_dprintf("maplocaluser: QS_REPLACED ");
printaddr(sm_debug_file(), a, false);
}
a1->q_alias = a;
allocaddr(a1, RF_COPYALL, sm_rpool_strdup_x(e->e_rpool, a->q_paddr), e);
(void) recipient(a1, sendq, aliaslevel, e);
}
/*
** DEQUOTE_INIT -- initialize dequote map
**
** Parameters:
** map -- the internal map structure.
** args -- arguments.
**
** Returns:
** true.
*/
bool
dequote_init(map, args)
MAP *map;
char *args;
{
register char *p = args;
/* there is no check whether there is really an argument */
map->map_mflags |= MF_KEEPQUOTES;
for (;;)
{
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '-')
break;
switch (*++p)
{
case 'a':
map->map_app = ++p;
break;
case 'D':
map->map_mflags |= MF_DEFER;
break;
case 'S':
case 's':
map->map_spacesub = *++p;
break;
}
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p = '\0';
}
if (map->map_app != NULL)
map->map_app = newstr(map->map_app);
return true;
}
/*
** DEQUOTE_MAP -- unquote an address
**
** Parameters:
** map -- the internal map structure (ignored).
** name -- the name to dequote.
** av -- arguments (ignored).
** statp -- pointer to status out-parameter.
**
** Returns:
** NULL -- if there were no quotes, or if the resulting
** unquoted buffer would not be acceptable to prescan.
** else -- The dequoted buffer.
*/
/* ARGSUSED2 */
char *
dequote_map(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
register char *p;
register char *q;
register char c;
int anglecnt = 0;
int cmntcnt = 0;
int quotecnt = 0;
int spacecnt = 0;
bool quotemode = false;
bool bslashmode = false;
char spacesub = map->map_spacesub;
for (p = q = name; (c = *p++) != '\0'; )
{
if (bslashmode)
{
bslashmode = false;
*q++ = c;
continue;
}
if (c == ' ' && spacesub != '\0')
c = spacesub;
switch (c)
{
case '\\':
bslashmode = true;
break;
case '(':
cmntcnt++;
break;
case ')':
if (cmntcnt-- <= 0)
return NULL;
break;
case ' ':
case '\t':
spacecnt++;
break;
}
if (cmntcnt > 0)
{
*q++ = c;
continue;
}
switch (c)
{
case '"':
quotemode = !quotemode;
quotecnt++;
continue;
case '<':
anglecnt++;
break;
case '>':
if (anglecnt-- <= 0)
return NULL;
break;
}
*q++ = c;
}
if (anglecnt != 0 || cmntcnt != 0 || bslashmode ||
quotemode || quotecnt <= 0 || spacecnt != 0)
return NULL;
*q++ = '\0';
return map_rewrite(map, name, strlen(name), NULL);
}
/*
** RSCHECK -- check string(s) for validity using rewriting sets
**
** Parameters:
** rwset -- the rewriting set to use.
** p1 -- the first string to check.
-** p2 -- the second string to check -- may be null.
+** p2 -- the second string to check -- may be NULL.
** e -- the current envelope.
** flags -- control some behavior, see RSF_ in sendmail.h
** logl -- logging level.
** host -- NULL or relay host.
** logid -- id for sm_syslog.
** addr -- if not NULL and ruleset returns $#error:
** store mailer triple here.
** addrstr -- if not NULL and ruleset does not return $#:
** address string
**
** Returns:
** EX_OK -- if the rwset doesn't resolve to $#error
** else -- the failure status (message printed)
*/
int
rscheck(rwset, p1, p2, e, flags, logl, host, logid, addr, addrstr)
char *rwset;
- char *p1;
- char *p2;
+ const char *p1;
+ const char *p2;
ENVELOPE *e;
int flags;
int logl;
- char *host;
- char *logid;
+ const char *host;
+ const char *logid;
ADDRESS *addr;
char **addrstr;
{
char *volatile buf;
size_t bufsize;
int saveexitstat;
int volatile rstat = EX_OK;
char **pvp;
int rsno;
bool volatile discard = false;
bool saveQuickAbort = QuickAbort;
bool saveSuprErrs = SuprErrs;
bool quarantine = false;
char ubuf[BUFSIZ * 2];
char buf0[MAXLINE];
char pvpbuf[PSBUFSIZE];
extern char MsgBuf[];
if (tTd(48, 2))
sm_dprintf("rscheck(%s, %s, %s)\n", rwset, p1,
p2 == NULL ? "(NULL)" : p2);
rsno = strtorwset(rwset, NULL, ST_FIND);
if (rsno < 0)
return EX_OK;
if (p2 != NULL)
{
bufsize = strlen(p1) + strlen(p2) + 2;
if (bufsize > sizeof(buf0))
buf = sm_malloc_x(bufsize);
else
{
buf = buf0;
bufsize = sizeof(buf0);
}
(void) sm_snprintf(buf, bufsize, "%s%c%s", p1, CONDELSE, p2);
}
else
{
bufsize = strlen(p1) + 1;
if (bufsize > sizeof(buf0))
buf = sm_malloc_x(bufsize);
else
{
buf = buf0;
bufsize = sizeof(buf0);
}
(void) sm_strlcpy(buf, p1, bufsize);
}
SM_TRY
{
SuprErrs = true;
QuickAbort = false;
pvp = prescan(buf, '\0', pvpbuf, sizeof(pvpbuf), NULL,
bitset(RSF_RMCOMM, flags) ?
IntTokenTab : TokTypeNoC,
bitset(RSF_RMCOMM, flags) ? false : true);
SuprErrs = saveSuprErrs;
if (pvp == NULL)
{
if (tTd(48, 2))
sm_dprintf("rscheck: cannot prescan input\n");
/*
syserr("rscheck: cannot prescan input: \"%s\"",
shortenstring(buf, MAXSHORTSTR));
rstat = EX_DATAERR;
*/
goto finis;
}
if (bitset(RSF_UNSTRUCTURED, flags))
SuprErrs = true;
(void) REWRITE(pvp, rsno, e);
if (bitset(RSF_UNSTRUCTURED, flags))
SuprErrs = saveSuprErrs;
if (pvp[0] != NULL && (pvp[0][0] & 0377) != CANONNET &&
bitset(RSF_ADDR, flags) && addrstr != NULL)
{
cataddr(&(pvp[0]), NULL, ubuf, sizeof(ubuf),
bitset(RSF_STRING, flags) ? NOSPACESEP : ' ',
true);
*addrstr = sm_rpool_strdup_x(e->e_rpool, ubuf);
goto finis;
}
if (pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET ||
pvp[1] == NULL || (strcmp(pvp[1], "error") != 0 &&
strcmp(pvp[1], "discard") != 0))
{
goto finis;
}
if (strcmp(pvp[1], "discard") == 0)
{
if (tTd(48, 2))
sm_dprintf("rscheck: discard mailer selected\n");
e->e_flags |= EF_DISCARD;
discard = true;
}
else if (strcmp(pvp[1], "error") == 0 &&
pvp[2] != NULL && (pvp[2][0] & 0377) == CANONHOST &&
pvp[3] != NULL && strcmp(pvp[3], "quarantine") == 0)
{
if (pvp[4] == NULL ||
(pvp[4][0] & 0377) != CANONUSER ||
pvp[5] == NULL)
e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool,
rwset);
else
{
cataddr(&(pvp[5]), NULL, ubuf,
sizeof(ubuf), ' ', true);
e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool,
ubuf);
}
macdefine(&e->e_macro, A_PERM,
macid("{quarantine}"), e->e_quarmsg);
quarantine = true;
}
else
{
auto ADDRESS a1;
int savelogusrerrs = LogUsrErrs;
static bool logged = false;
/* got an error -- process it */
saveexitstat = ExitStat;
LogUsrErrs = false;
(void) buildaddr(pvp, &a1, 0, e);
if (addr != NULL)
{
addr->q_mailer = a1.q_mailer;
addr->q_user = a1.q_user;
addr->q_host = a1.q_host;
}
LogUsrErrs = savelogusrerrs;
rstat = ExitStat;
ExitStat = saveexitstat;
if (!logged)
{
if (bitset(RSF_COUNT, flags))
markstats(e, &a1, STATS_REJECT);
logged = true;
}
}
if (LogLevel > logl)
{
- char *relay;
+ const char *relay;
char *p;
char lbuf[MAXLINE];
p = lbuf;
if (p2 != NULL)
{
(void) sm_snprintf(p, SPACELEFT(lbuf, p),
", arg2=%s",
p2);
p += strlen(p);
}
if (host != NULL)
relay = host;
else
relay = macvalue('_', e);
if (relay != NULL)
{
(void) sm_snprintf(p, SPACELEFT(lbuf, p),
", relay=%s", relay);
p += strlen(p);
}
*p = '\0';
if (discard)
sm_syslog(LOG_NOTICE, logid,
"ruleset=%s, arg1=%s%s, discard",
rwset, p1, lbuf);
else if (quarantine)
sm_syslog(LOG_NOTICE, logid,
"ruleset=%s, arg1=%s%s, quarantine=%s",
rwset, p1, lbuf, ubuf);
else
sm_syslog(LOG_NOTICE, logid,
"ruleset=%s, arg1=%s%s, reject=%s",
rwset, p1, lbuf, MsgBuf);
}
finis: ;
}
SM_FINALLY
{
/* clean up */
if (buf != buf0)
sm_free(buf);
QuickAbort = saveQuickAbort;
}
SM_END_TRY
setstat(rstat);
/* rulesets don't set errno */
errno = 0;
if (rstat != EX_OK && QuickAbort)
sm_exc_raisenew_x(&EtypeQuickAbort, 2);
return rstat;
}
+
/*
** RSCAP -- call rewriting set to return capabilities
**
** Parameters:
** rwset -- the rewriting set to use.
** p1 -- the first string to check.
-** p2 -- the second string to check -- may be null.
+** p2 -- the second string to check -- may be NULL.
** e -- the current envelope.
** pvp -- pointer to token vector.
** pvpbuf -- buffer space.
** size -- size of buffer space.
**
** Returns:
** EX_UNAVAILABLE -- ruleset doesn't exist.
** EX_DATAERR -- prescan() failed.
** EX_OK -- rewrite() was successful.
** else -- return status from rewrite().
*/
int
rscap(rwset, p1, p2, e, pvp, pvpbuf, size)
char *rwset;
char *p1;
char *p2;
ENVELOPE *e;
char ***pvp;
char *pvpbuf;
int size;
{
char *volatile buf;
size_t bufsize;
int volatile rstat = EX_OK;
int rsno;
bool saveQuickAbort = QuickAbort;
bool saveSuprErrs = SuprErrs;
char buf0[MAXLINE];
extern char MsgBuf[];
if (tTd(48, 2))
sm_dprintf("rscap(%s, %s, %s)\n", rwset, p1,
p2 == NULL ? "(NULL)" : p2);
SM_REQUIRE(pvp != NULL);
rsno = strtorwset(rwset, NULL, ST_FIND);
if (rsno < 0)
return EX_UNAVAILABLE;
if (p2 != NULL)
{
bufsize = strlen(p1) + strlen(p2) + 2;
if (bufsize > sizeof(buf0))
buf = sm_malloc_x(bufsize);
else
{
buf = buf0;
bufsize = sizeof(buf0);
}
(void) sm_snprintf(buf, bufsize, "%s%c%s", p1, CONDELSE, p2);
}
else
{
bufsize = strlen(p1) + 1;
if (bufsize > sizeof(buf0))
buf = sm_malloc_x(bufsize);
else
{
buf = buf0;
bufsize = sizeof(buf0);
}
(void) sm_strlcpy(buf, p1, bufsize);
}
SM_TRY
{
SuprErrs = true;
QuickAbort = false;
*pvp = prescan(buf, '\0', pvpbuf, size, NULL, IntTokenTab,
false);
if (*pvp != NULL)
rstat = rewrite(*pvp, rsno, 0, e, size);
else
{
if (tTd(48, 2))
sm_dprintf("rscap: cannot prescan input\n");
rstat = EX_DATAERR;
}
}
SM_FINALLY
{
/* clean up */
if (buf != buf0)
sm_free(buf);
SuprErrs = saveSuprErrs;
QuickAbort = saveQuickAbort;
/* prevent information leak, this may contain rewrite error */
MsgBuf[0] = '\0';
}
SM_END_TRY
return rstat;
}
diff --git a/src/queue.c b/src/queue.c
index a323301fd62b..526b40469486 100644
--- a/src/queue.c
+++ b/src/queue.c
@@ -1,8957 +1,9143 @@
/*
* Copyright (c) 1998-2009, 2011, 2012, 2014 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#include <sm/sem.h>
SM_RCSID("@(#)$Id: queue.c,v 8.1000 2013-11-22 20:51:56 ca Exp $")
#include <dirent.h>
# define RELEASE_QUEUE (void) 0
# define ST_INODE(st) (st).st_ino
# define sm_file_exists(errno) ((errno) == EEXIST)
# if HASFLOCK && defined(O_EXLOCK)
# define SM_OPEN_EXLOCK 1
# define TF_OPEN_FLAGS (O_CREAT|O_WRONLY|O_EXCL|O_EXLOCK)
-# else /* HASFLOCK && defined(O_EXLOCK) */
+# else
# define TF_OPEN_FLAGS (O_CREAT|O_WRONLY|O_EXCL)
-# endif /* HASFLOCK && defined(O_EXLOCK) */
+# endif
#ifndef SM_OPEN_EXLOCK
# define SM_OPEN_EXLOCK 0
-#endif /* ! SM_OPEN_EXLOCK */
+#endif
/*
** Historical notes:
** QF_VERSION == 4 was sendmail 8.10/8.11 without _FFR_QUEUEDELAY
** QF_VERSION == 5 was sendmail 8.10/8.11 with _FFR_QUEUEDELAY
** QF_VERSION == 6 was sendmail 8.12 without _FFR_QUEUEDELAY
** QF_VERSION == 7 was sendmail 8.12 with _FFR_QUEUEDELAY
** QF_VERSION == 8 is sendmail 8.13
*/
#define QF_VERSION 8 /* version number of this queue format */
static char queue_letter __P((ENVELOPE *, int));
static bool quarantine_queue_item __P((int, int, ENVELOPE *, char *));
/* Naming convention: qgrp: index of queue group, qg: QUEUEGROUP */
/*
** Work queue.
*/
struct work
{
char *w_name; /* name of control file */
char *w_host; /* name of recipient host */
bool w_lock; /* is message locked? */
bool w_tooyoung; /* is it too young to run? */
long w_pri; /* priority of message, see below */
time_t w_ctime; /* creation time */
time_t w_mtime; /* modification time */
int w_qgrp; /* queue group located in */
int w_qdir; /* queue directory located in */
struct work *w_next; /* next in queue */
};
typedef struct work WORK;
static WORK *WorkQ; /* queue of things to be done */
static int NumWorkGroups; /* number of work groups */
static time_t Current_LA_time = 0;
/* Get new load average every 30 seconds. */
#define GET_NEW_LA_TIME 30
#define SM_GET_LA(now) \
do \
{ \
now = curtime(); \
if (Current_LA_time < now - GET_NEW_LA_TIME) \
{ \
sm_getla(); \
Current_LA_time = now; \
} \
} while (0)
/*
** DoQueueRun indicates that a queue run is needed.
** Notice: DoQueueRun is modified in a signal handler!
*/
static bool volatile DoQueueRun; /* non-interrupt time queue run needed */
/*
** Work group definition structure.
** Each work group contains one or more queue groups. This is done
** to manage the number of queue group runners active at the same time
** to be within the constraints of MaxQueueChildren (if it is set).
** The number of queue groups that can be run on the next work run
** is kept track of. The queue groups are run in a round robin.
*/
struct workgrp
{
int wg_numqgrp; /* number of queue groups in work grp */
int wg_runners; /* total runners */
int wg_curqgrp; /* current queue group */
QUEUEGRP **wg_qgs; /* array of queue groups */
int wg_maxact; /* max # of active runners */
time_t wg_lowqintvl; /* lowest queue interval */
int wg_restart; /* needs restarting? */
int wg_restartcnt; /* count of times restarted */
};
typedef struct workgrp WORKGRP;
static WORKGRP volatile WorkGrp[MAXWORKGROUPS + 1]; /* work groups */
#if SM_HEAP_CHECK
static SM_DEBUG_T DebugLeakQ = SM_DEBUG_INITIALIZER("leak_q",
"@(#)$Debug: leak_q - trace memory leaks during queue processing $");
-#endif /* SM_HEAP_CHECK */
+#endif
static void grow_wlist __P((int, int));
static int multiqueue_cache __P((char *, int, QUEUEGRP *, int, unsigned int *));
static int gatherq __P((int, int, bool, bool *, bool *, int *));
static int sortq __P((int));
static void printctladdr __P((ADDRESS *, SM_FILE_T *));
static bool readqf __P((ENVELOPE *, bool));
static void restart_work_group __P((int));
static void runner_work __P((ENVELOPE *, int, bool, int, int));
static void schedule_queue_runs __P((bool, int, bool));
static char *strrev __P((char *));
static ADDRESS *setctluser __P((char *, int, ENVELOPE *));
#if _FFR_RHS
static int sm_strshufflecmp __P((char *, char *));
static void init_shuffle_alphabet __P(());
-#endif /* _FFR_RHS */
+#endif
/*
** Note: workcmpf?() don't use a prototype because it will cause a conflict
** with the qsort() call (which expects something like
** int (*compar)(const void *, const void *), not (WORK *, WORK *))
*/
static int workcmpf0();
static int workcmpf1();
static int workcmpf2();
static int workcmpf3();
static int workcmpf4();
static int randi = 3; /* index for workcmpf5() */
static int workcmpf5();
static int workcmpf6();
#if _FFR_RHS
static int workcmpf7();
-#endif /* _FFR_RHS */
+#endif
#if RANDOMSHIFT
# define get_rand_mod(m) ((get_random() >> RANDOMSHIFT) % (m))
-#else /* RANDOMSHIFT */
+#else
# define get_rand_mod(m) (get_random() % (m))
-#endif /* RANDOMSHIFT */
+#endif
/*
** File system definition.
** Used to keep track of how much free space is available
** on a file system in which one or more queue directories reside.
*/
typedef struct filesys_shared FILESYS;
struct filesys_shared
{
dev_t fs_dev; /* unique device id */
long fs_avail; /* number of free blocks available */
long fs_blksize; /* block size, in bytes */
};
/* probably kept in shared memory */
static FILESYS FileSys[MAXFILESYS]; /* queue file systems */
static const char *FSPath[MAXFILESYS]; /* pathnames for file systems */
#if SM_CONF_SHM
+# include <ratectrl.h>
/*
** Shared memory data
**
** Current layout:
** size -- size of shared memory segment
** pid -- pid of owner, should be a unique id to avoid misinterpretations
** by other processes.
** tag -- should be a unique id to avoid misinterpretations by others.
** idea: hash over configuration data that will be stored here.
** NumFileSys -- number of file systems.
** FileSys -- (array of) structure for used file systems.
** RSATmpCnt -- counter for number of uses of ephemeral RSA key.
+** [OCC -- ...]
** QShm -- (array of) structure for information about queue directories.
+** this must be last as the size is depending on the config.
*/
/*
** Queue data in shared memory
*/
typedef struct queue_shared QUEUE_SHM_T;
struct queue_shared
{
int qs_entries; /* number of entries */
/* XXX more to follow? */
};
static void *Pshm; /* pointer to shared memory */
static FILESYS *PtrFileSys; /* pointer to queue file system array */
int ShmId = SM_SHM_NO_ID; /* shared memory id */
static QUEUE_SHM_T *QShm; /* pointer to shared queue data */
static size_t shms;
# define SHM_OFF_PID(p) (((char *) (p)) + sizeof(int))
# define SHM_OFF_TAG(p) (((char *) (p)) + sizeof(pid_t) + sizeof(int))
# define SHM_OFF_HEAD (sizeof(pid_t) + sizeof(int) * 2)
/* how to access FileSys */
# define FILE_SYS(i) (PtrFileSys[i])
/* first entry is a tag, for now just the size */
# define OFF_FILE_SYS(p) (((char *) (p)) + SHM_OFF_HEAD)
/* offset for PNumFileSys */
# define OFF_NUM_FILE_SYS(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys))
/* offset for PRSATmpCnt */
# define OFF_RSA_TMP_CNT(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int))
int *PRSATmpCnt;
+# if _FFR_OCC
+# define OFF_OCC_SHM(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2)
+# define OCC_SIZE (sizeof(CHash_T) * CPMHSIZE)
+static CHash_T *occ = NULL;
+# else
+# define OCC_SIZE 0
+# endif
+
/* offset for queue_shm */
-# define OFF_QUEUE_SHM(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2)
+# define OFF_QUEUE_SHM(p) (((char *) (p)) + SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2 + OCC_SIZE)
# define QSHM_ENTRIES(i) QShm[i].qs_entries
/* basic size of shared memory segment */
-# define SM_T_SIZE (SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2)
+# define SM_T_SIZE (SHM_OFF_HEAD + sizeof(FileSys) + sizeof(int) * 2 + OCC_SIZE)
static unsigned int hash_q __P((char *, unsigned int));
/*
** HASH_Q -- simple hash function
**
** Parameters:
** p -- string to hash.
** h -- hash start value (from previous run).
**
** Returns:
** hash value.
*/
static unsigned int
hash_q(p, h)
char *p;
unsigned int h;
{
int c, d;
while (*p != '\0')
{
d = *p++;
c = d;
c ^= c<<6;
h += (c<<11) ^ (c>>1);
h ^= (d<<14) + (d<<7) + (d<<4) + d;
}
return h;
}
-
#else /* SM_CONF_SHM */
# define FILE_SYS(i) FileSys[i]
#endif /* SM_CONF_SHM */
/* access to the various components of file system data */
#define FILE_SYS_NAME(i) FSPath[i]
#define FILE_SYS_AVAIL(i) FILE_SYS(i).fs_avail
#define FILE_SYS_BLKSIZE(i) FILE_SYS(i).fs_blksize
#define FILE_SYS_DEV(i) FILE_SYS(i).fs_dev
/*
** Current qf file field assignments:
**
** A AUTH= parameter
** B body type
** C controlling user
-** D data file name
+** D data file name (obsolete)
** d data file directory name (added in 8.12)
** E error recipient
** F flag bits
-** G free
** H header
** I data file's inode number
** K time of last delivery attempt
** L Solaris Content-Length: header (obsolete)
** M message
** N number of delivery attempts
** P message priority
** q quarantine reason
** Q original recipient (ORCPT=)
** r final recipient (Final-Recipient: DSN field)
** R recipient
** S sender
** T init time
** V queue file version
** X free (was: character set if _FFR_SAVE_CHARSET)
-** Y free
** Z original envelope id from ESMTP
** ! deliver by (added in 8.12)
** $ define macro
** . terminate file
*/
/*
** QUEUEUP -- queue a message up for future transmission.
**
** Parameters:
** e -- the envelope to queue up.
** announce -- if true, tell when you are queueing up.
** msync -- if true, then fsync() if SuperSafe interactive mode.
**
** Returns:
** none.
**
** Side Effects:
** The current request is saved in a control file.
** The queue file is left locked.
*/
void
queueup(e, announce, msync)
register ENVELOPE *e;
bool announce;
bool msync;
{
register SM_FILE_T *tfp;
register HDR *h;
register ADDRESS *q;
int tfd = -1;
int i;
bool newid;
register char *p;
MAILER nullmailer;
MCI mcibuf;
char qf[MAXPATHLEN];
char tf[MAXPATHLEN];
char df[MAXPATHLEN];
char buf[MAXLINE];
/*
** Create control file.
*/
#define OPEN_TF do \
{ \
MODE_T oldumask = 0; \
\
if (bitset(S_IWGRP, QueueFileMode)) \
oldumask = umask(002); \
tfd = open(tf, TF_OPEN_FLAGS, QueueFileMode); \
if (bitset(S_IWGRP, QueueFileMode)) \
(void) umask(oldumask); \
} while (0)
newid = (e->e_id == NULL) || !bitset(EF_INQUEUE, e->e_flags);
(void) sm_strlcpy(tf, queuename(e, NEWQFL_LETTER), sizeof(tf));
tfp = e->e_lockfp;
if (tfp == NULL && newid)
{
/*
** open qf file directly: this will give an error if the file
** already exists and hence prevent problems if a queue-id
** is reused (e.g., because the clock is set back).
*/
(void) sm_strlcpy(tf, queuename(e, ANYQFL_LETTER), sizeof(tf));
OPEN_TF;
if (tfd < 0 ||
#if !SM_OPEN_EXLOCK
!lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB) ||
-#endif /* !SM_OPEN_EXLOCK */
+#endif
(tfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &tfd, SM_IO_WRONLY,
NULL)) == NULL)
{
int save_errno = errno;
printopenfds(true);
errno = save_errno;
syserr("!queueup: cannot create queue file %s, euid=%ld, fd=%d, fp=%p",
- tf, (long) geteuid(), tfd, tfp);
+ tf, (long) geteuid(), tfd, (void *)tfp);
/* NOTREACHED */
}
e->e_lockfp = tfp;
upd_qs(e, 1, 0, "queueup");
}
/* if newid, write the queue file directly (instead of temp file) */
if (!newid)
{
/* get a locked tf file */
for (i = 0; i < 128; i++)
{
if (tfd < 0)
{
OPEN_TF;
if (tfd < 0)
{
if (errno != EEXIST)
break;
if (LogLevel > 0 && (i % 32) == 0)
sm_syslog(LOG_ALERT, e->e_id,
"queueup: cannot create %s, euid=%ld: %s",
tf, (long) geteuid(),
sm_errstring(errno));
}
#if SM_OPEN_EXLOCK
else
break;
-#endif /* SM_OPEN_EXLOCK */
+#endif
}
if (tfd >= 0)
{
#if SM_OPEN_EXLOCK
/* file is locked by open() */
break;
-#else /* SM_OPEN_EXLOCK */
+#else
if (lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB))
break;
else
-#endif /* SM_OPEN_EXLOCK */
+#endif
if (LogLevel > 0 && (i % 32) == 0)
sm_syslog(LOG_ALERT, e->e_id,
"queueup: cannot lock %s: %s",
tf, sm_errstring(errno));
if ((i % 32) == 31)
{
(void) close(tfd);
tfd = -1;
}
}
if ((i % 32) == 31)
{
/* save the old temp file away */
(void) rename(tf, queuename(e, TEMPQF_LETTER));
}
else
(void) sleep(i % 32);
}
if (tfd < 0 || (tfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &tfd, SM_IO_WRONLY_B,
NULL)) == NULL)
{
int save_errno = errno;
printopenfds(true);
errno = save_errno;
syserr("!queueup: cannot create queue temp file %s, uid=%ld",
tf, (long) geteuid());
}
}
if (tTd(40, 1))
sm_dprintf("\n>>>>> queueing %s/%s%s >>>>>\n",
qid_printqueue(e->e_qgrp, e->e_qdir),
queuename(e, ANYQFL_LETTER),
newid ? " (new id)" : "");
if (tTd(40, 3))
{
sm_dprintf(" e_flags=");
printenvflags(e);
}
if (tTd(40, 32))
{
sm_dprintf(" sendq=");
printaddr(sm_debug_file(), e->e_sendqueue, true);
}
if (tTd(40, 9))
{
sm_dprintf(" tfp=");
dumpfd(sm_io_getinfo(tfp, SM_IO_WHAT_FD, NULL), true, false);
sm_dprintf(" lockfp=");
if (e->e_lockfp == NULL)
sm_dprintf("NULL\n");
else
dumpfd(sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL),
true, false);
}
/*
** If there is no data file yet, create one.
*/
(void) sm_strlcpy(df, queuename(e, DATAFL_LETTER), sizeof(df));
if (bitset(EF_HAS_DF, e->e_flags))
{
if (e->e_dfp != NULL &&
SuperSafe != SAFE_REALLY &&
SuperSafe != SAFE_REALLY_POSTMILTER &&
sm_io_setinfo(e->e_dfp, SM_BF_COMMIT, NULL) < 0 &&
errno != EINVAL)
{
syserr("!queueup: cannot commit data file %s, uid=%ld",
queuename(e, DATAFL_LETTER), (long) geteuid());
}
if (e->e_dfp != NULL &&
SuperSafe == SAFE_INTERACTIVE && msync)
{
if (tTd(40,32))
sm_syslog(LOG_INFO, e->e_id,
"queueup: fsync(e->e_dfp)");
if (fsync(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD,
NULL)) < 0)
{
if (newid)
syserr("!552 Error writing data file %s",
df);
else
syserr("!452 Error writing data file %s",
df);
}
}
}
else
{
int dfd;
MODE_T oldumask = 0;
register SM_FILE_T *dfp = NULL;
struct stat stbuf;
if (e->e_dfp != NULL &&
sm_io_getinfo(e->e_dfp, SM_IO_WHAT_ISTYPE, BF_FILE_TYPE))
syserr("committing over bf file");
if (bitset(S_IWGRP, QueueFileMode))
oldumask = umask(002);
dfd = open(df, O_WRONLY|O_CREAT|O_TRUNC|QF_O_EXTRA,
QueueFileMode);
if (bitset(S_IWGRP, QueueFileMode))
(void) umask(oldumask);
if (dfd < 0 || (dfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &dfd, SM_IO_WRONLY_B,
NULL)) == NULL)
syserr("!queueup: cannot create data temp file %s, uid=%ld",
df, (long) geteuid());
if (fstat(dfd, &stbuf) < 0)
e->e_dfino = -1;
else
{
e->e_dfdev = stbuf.st_dev;
e->e_dfino = ST_INODE(stbuf);
}
e->e_flags |= EF_HAS_DF;
memset(&mcibuf, '\0', sizeof(mcibuf));
mcibuf.mci_out = dfp;
mcibuf.mci_mailer = FileMailer;
(*e->e_putbody)(&mcibuf, e, NULL);
if (SuperSafe == SAFE_REALLY ||
SuperSafe == SAFE_REALLY_POSTMILTER ||
(SuperSafe == SAFE_INTERACTIVE && msync))
{
if (tTd(40,32))
sm_syslog(LOG_INFO, e->e_id,
"queueup: fsync(dfp)");
if (fsync(sm_io_getinfo(dfp, SM_IO_WHAT_FD, NULL)) < 0)
{
if (newid)
syserr("!552 Error writing data file %s",
df);
else
syserr("!452 Error writing data file %s",
df);
}
}
if (sm_io_close(dfp, SM_TIME_DEFAULT) < 0)
syserr("!queueup: cannot save data temp file %s, uid=%ld",
df, (long) geteuid());
e->e_putbody = putbody;
}
/*
** Output future work requests.
** Priority and creation time should be first, since
** they are required by gatherq.
*/
/* output queue version number (must be first!) */
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "V%d\n", QF_VERSION);
/* output creation time */
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "T%ld\n", (long) e->e_ctime);
/* output last delivery time */
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "K%ld\n", (long) e->e_dtime);
/* output number of delivery attempts */
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "N%d\n", e->e_ntries);
/* output message priority */
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "P%ld\n", e->e_msgpriority);
/*
** If data file is in a different directory than the queue file,
** output a "d" record naming the directory of the data file.
*/
if (e->e_dfqgrp != e->e_qgrp)
{
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "d%s\n",
Queue[e->e_dfqgrp]->qg_qpaths[e->e_dfqdir].qp_name);
}
/* output inode number of data file */
if (e->e_dfino != -1)
{
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "I%ld/%ld/%llu\n",
(long) major(e->e_dfdev),
(long) minor(e->e_dfdev),
(ULONGLONG_T) e->e_dfino);
}
/* output body type */
if (e->e_bodytype != NULL)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "B%s\n",
denlstring(e->e_bodytype, true, false));
/* quarantine reason */
if (e->e_quarmsg != NULL)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "q%s\n",
denlstring(e->e_quarmsg, true, false));
/* message from envelope, if it exists */
if (e->e_message != NULL)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "M%s\n",
denlstring(e->e_message, true, false));
/* send various flag bits through */
p = buf;
if (bitset(EF_WARNING, e->e_flags))
*p++ = 'w';
if (bitset(EF_RESPONSE, e->e_flags))
*p++ = 'r';
if (bitset(EF_HAS8BIT, e->e_flags))
*p++ = '8';
if (bitset(EF_DELETE_BCC, e->e_flags))
*p++ = 'b';
if (bitset(EF_RET_PARAM, e->e_flags))
*p++ = 'd';
if (bitset(EF_NO_BODY_RETN, e->e_flags))
*p++ = 'n';
if (bitset(EF_SPLIT, e->e_flags))
*p++ = 's';
+#if _FFR_EAI
+ if (e->e_smtputf8)
+ *p++ = 'e';
+#endif
*p++ = '\0';
if (buf[0] != '\0')
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "F%s\n", buf);
/* save $={persistentMacros} macro values */
queueup_macros(macid("{persistentMacros}"), tfp, e);
/* output name of sender */
if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags))
p = e->e_sender;
else
p = e->e_from.q_paddr;
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "S%s\n",
denlstring(p, true, false));
/* output ESMTP-supplied "original" information */
if (e->e_envid != NULL)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "Z%s\n",
denlstring(e->e_envid, true, false));
/* output AUTH= parameter */
if (e->e_auth_param != NULL)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "A%s\n",
denlstring(e->e_auth_param, true, false));
if (e->e_dlvr_flag != 0)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "!%c %ld\n",
(char) e->e_dlvr_flag, e->e_deliver_by);
/* output list of recipient addresses */
printctladdr(NULL, NULL);
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
+ q->q_flags &= ~QQUEUED;
if (!QS_IS_UNDELIVERED(q->q_state))
continue;
/* message for this recipient, if it exists */
if (q->q_message != NULL)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "M%s\n",
denlstring(q->q_message, true,
false));
printctladdr(q, tfp);
if (q->q_orcpt != NULL)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "Q%s\n",
denlstring(q->q_orcpt, true,
false));
if (q->q_finalrcpt != NULL)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "r%s\n",
denlstring(q->q_finalrcpt, true,
false));
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'R');
if (bitset(QPRIMARY, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'P');
if (bitset(QHASNOTIFY, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'N');
if (bitset(QPINGONSUCCESS, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'S');
if (bitset(QPINGONFAILURE, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'F');
if (bitset(QPINGONDELAY, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'D');
if (bitset(QINTBCC, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'B');
if (q->q_alias != NULL &&
bitset(QALIAS, q->q_alias->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'A');
/* _FFR_RCPTFLAGS */
if (bitset(QDYNMAILER, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, QDYNMAILFLG);
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, ':');
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s\n",
denlstring(q->q_paddr, true, false));
if (announce)
{
char *tag = "queued";
if (e->e_quarmsg != NULL)
tag = "quarantined";
e->e_to = q->q_paddr;
message("%s", tag);
if (LogLevel > 8)
logdelivery(q->q_mailer, NULL, q->q_status,
tag, NULL, (time_t) 0, e, q, EX_OK);
e->e_to = NULL;
}
+
+ /*
+ ** This is only "valid" when the msg is safely in the queue,
+ ** i.e., EF_INQUEUE needs to be set.
+ */
+
+ q->q_flags |= QQUEUED;
+
if (tTd(40, 1))
{
sm_dprintf("queueing ");
printaddr(sm_debug_file(), q, false);
}
}
/*
** Output headers for this message.
** Expand macros completely here. Queue run will deal with
** everything as absolute headers.
** All headers that must be relative to the recipient
** can be cracked later.
** We set up a "null mailer" -- i.e., a mailer that will have
** no effect on the addresses as they are output.
*/
memset((char *) &nullmailer, '\0', sizeof(nullmailer));
nullmailer.m_re_rwset = nullmailer.m_rh_rwset =
nullmailer.m_se_rwset = nullmailer.m_sh_rwset = -1;
nullmailer.m_eol = "\n";
memset(&mcibuf, '\0', sizeof(mcibuf));
mcibuf.mci_mailer = &nullmailer;
mcibuf.mci_out = tfp;
macdefine(&e->e_macro, A_PERM, 'g', "\201f");
for (h = e->e_header; h != NULL; h = h->h_link)
{
if (h->h_value == NULL)
continue;
/* don't output resent headers on non-resent messages */
if (bitset(H_RESENT, h->h_flags) &&
!bitset(EF_RESENT, e->e_flags))
continue;
/* expand macros; if null, don't output header at all */
if (bitset(H_DEFAULT, h->h_flags))
{
(void) expand(h->h_value, buf, sizeof(buf), e);
if (buf[0] == '\0')
continue;
if (buf[0] == ' ' && buf[1] == '\0')
continue;
}
/* output this header */
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "H?");
/* output conditional macro if present */
if (h->h_macro != '\0')
{
if (bitset(0200, h->h_macro))
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT,
"${%s}",
macname(bitidx(h->h_macro)));
else
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT,
"$%c", h->h_macro);
}
else if (!bitzerop(h->h_mflags) &&
bitset(H_CHECK|H_ACHECK, h->h_flags))
{
int j;
/* if conditional, output the set of conditions */
for (j = '\0'; j <= '\177'; j++)
if (bitnset(j, h->h_mflags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT,
j);
}
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, '?');
/* output the header: expand macros, convert addresses */
if (bitset(H_DEFAULT, h->h_flags) &&
!bitset(H_BINDLATE, h->h_flags))
{
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s:%s\n",
h->h_field,
denlstring(buf, false, true));
}
else if (bitset(H_FROM|H_RCPT, h->h_flags) &&
!bitset(H_BINDLATE, h->h_flags))
{
bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);
SM_FILE_T *savetrace = TrafficLogFile;
TrafficLogFile = NULL;
if (bitset(H_FROM, h->h_flags))
oldstyle = false;
commaize(h, h->h_value, oldstyle, &mcibuf, e,
PXLF_HEADER);
TrafficLogFile = savetrace;
}
else
{
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s:%s\n",
h->h_field,
denlstring(h->h_value, false,
true));
}
}
/*
** Clean up.
**
** Write a terminator record -- this is to prevent
** scurrilous crackers from appending any data.
*/
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, ".\n");
if (sm_io_flush(tfp, SM_TIME_DEFAULT) != 0 ||
((SuperSafe == SAFE_REALLY ||
SuperSafe == SAFE_REALLY_POSTMILTER ||
(SuperSafe == SAFE_INTERACTIVE && msync)) &&
fsync(sm_io_getinfo(tfp, SM_IO_WHAT_FD, NULL)) < 0) ||
sm_io_error(tfp))
{
if (newid)
syserr("!552 Error writing control file %s", tf);
else
syserr("!452 Error writing control file %s", tf);
}
if (!newid)
{
char new = queue_letter(e, ANYQFL_LETTER);
/* rename (locked) tf to be (locked) [qh]f */
(void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER),
sizeof(qf));
if (rename(tf, qf) < 0)
syserr("cannot rename(%s, %s), uid=%ld",
tf, qf, (long) geteuid());
else
{
/*
** Check if type has changed and only
** remove the old item if the rename above
** succeeded.
*/
if (e->e_qfletter != '\0' &&
e->e_qfletter != new)
{
if (tTd(40, 5))
{
sm_dprintf("type changed from %c to %c\n",
e->e_qfletter, new);
}
if (unlink(queuename(e, e->e_qfletter)) < 0)
{
/* XXX: something more drastic? */
if (LogLevel > 0)
sm_syslog(LOG_ERR, e->e_id,
"queueup: unlink(%s) failed: %s",
queuename(e, e->e_qfletter),
sm_errstring(errno));
}
}
}
e->e_qfletter = new;
/*
** fsync() after renaming to make sure metadata is
** written to disk on filesystems in which renames are
** not guaranteed.
*/
if (SuperSafe != SAFE_NO)
{
/* for softupdates */
if (tfd >= 0 && fsync(tfd) < 0)
{
syserr("!queueup: cannot fsync queue temp file %s",
tf);
}
SYNC_DIR(qf, true);
}
/* close and unlock old (locked) queue file */
if (e->e_lockfp != NULL)
(void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT);
e->e_lockfp = tfp;
/* save log info */
if (LogLevel > 79)
sm_syslog(LOG_DEBUG, e->e_id, "queueup %s", qf);
}
else
{
/* save log info */
if (LogLevel > 79)
sm_syslog(LOG_DEBUG, e->e_id, "queueup %s", tf);
e->e_qfletter = queue_letter(e, ANYQFL_LETTER);
}
errno = 0;
e->e_flags |= EF_INQUEUE;
if (tTd(40, 1))
sm_dprintf("<<<<< done queueing %s <<<<<\n\n", e->e_id);
return;
}
/*
** PRINTCTLADDR -- print control address to file.
**
** Parameters:
** a -- address.
** tfp -- file pointer.
**
** Returns:
** none.
**
** Side Effects:
** The control address (if changed) is printed to the file.
** The last control address and uid are saved.
*/
static void
printctladdr(a, tfp)
register ADDRESS *a;
SM_FILE_T *tfp;
{
char *user;
register ADDRESS *q;
uid_t uid;
gid_t gid;
static ADDRESS *lastctladdr = NULL;
static uid_t lastuid;
/* initialization */
if (a == NULL || a->q_alias == NULL || tfp == NULL)
{
if (lastctladdr != NULL && tfp != NULL)
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C\n");
lastctladdr = NULL;
lastuid = 0;
return;
}
/* find the active uid */
q = getctladdr(a);
if (q == NULL)
{
user = NULL;
uid = 0;
gid = 0;
}
else
{
user = q->q_ruser != NULL ? q->q_ruser : q->q_user;
uid = q->q_uid;
gid = q->q_gid;
}
a = a->q_alias;
/* check to see if this is the same as last time */
if (lastctladdr != NULL && uid == lastuid &&
strcmp(lastctladdr->q_paddr, a->q_paddr) == 0)
return;
lastuid = uid;
lastctladdr = a;
if (uid == 0 || user == NULL || user[0] == '\0')
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C");
else
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "C%s:%ld:%ld",
denlstring(user, true, false), (long) uid,
(long) gid);
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, ":%s\n",
denlstring(a->q_paddr, true, false));
}
/*
** RUNNERS_SIGTERM -- propagate a SIGTERM to queue runner process
**
** This propagates the signal to the child processes that are queue
** runners. This is for a queue runner "cleanup". After all of the
** child queue runner processes are signaled (it should be SIGTERM
** being the sig) then the old signal handler (Oldsh) is called
** to handle any cleanup set for this process (provided it is not
** SIG_DFL or SIG_IGN). The signal may not be handled immediately
** if the BlockOldsh flag is set. If the current process doesn't
** have a parent then handle the signal immediately, regardless of
** BlockOldsh.
**
** Parameters:
** sig -- the signal number being sent
**
** Returns:
** none.
**
** Side Effects:
** Sets the NoMoreRunners boolean to true to stop more runners
** from being started in runqueue().
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
static bool volatile NoMoreRunners = false;
static sigfunc_t Oldsh_term = SIG_DFL;
static sigfunc_t Oldsh_hup = SIG_DFL;
static sigfunc_t volatile Oldsh = SIG_DFL;
static bool BlockOldsh = false;
static int volatile Oldsig = 0;
static SIGFUNC_DECL runners_sigterm __P((int));
static SIGFUNC_DECL runners_sighup __P((int));
static SIGFUNC_DECL
runners_sigterm(sig)
int sig;
{
int save_errno = errno;
FIX_SYSV_SIGNAL(sig, runners_sigterm);
errno = save_errno;
CHECK_CRITICAL(sig);
NoMoreRunners = true;
Oldsh = Oldsh_term;
Oldsig = sig;
proc_list_signal(PROC_QUEUE, sig);
if (!BlockOldsh || getppid() <= 1)
{
/* Check that a valid 'old signal handler' is callable */
if (Oldsh_term != SIG_DFL && Oldsh_term != SIG_IGN &&
Oldsh_term != runners_sigterm)
(*Oldsh_term)(sig);
}
errno = save_errno;
return SIGFUNC_RETURN;
}
/*
** RUNNERS_SIGHUP -- propagate a SIGHUP to queue runner process
**
** This propagates the signal to the child processes that are queue
** runners. This is for a queue runner "cleanup". After all of the
** child queue runner processes are signaled (it should be SIGHUP
** being the sig) then the old signal handler (Oldsh) is called to
** handle any cleanup set for this process (provided it is not SIG_DFL
** or SIG_IGN). The signal may not be handled immediately if the
** BlockOldsh flag is set. If the current process doesn't have
** a parent then handle the signal immediately, regardless of
** BlockOldsh.
**
** Parameters:
** sig -- the signal number being sent
**
** Returns:
** none.
**
** Side Effects:
** Sets the NoMoreRunners boolean to true to stop more runners
** from being started in runqueue().
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
static SIGFUNC_DECL
runners_sighup(sig)
int sig;
{
int save_errno = errno;
FIX_SYSV_SIGNAL(sig, runners_sighup);
errno = save_errno;
CHECK_CRITICAL(sig);
NoMoreRunners = true;
Oldsh = Oldsh_hup;
Oldsig = sig;
proc_list_signal(PROC_QUEUE, sig);
if (!BlockOldsh || getppid() <= 1)
{
/* Check that a valid 'old signal handler' is callable */
if (Oldsh_hup != SIG_DFL && Oldsh_hup != SIG_IGN &&
Oldsh_hup != runners_sighup)
(*Oldsh_hup)(sig);
}
errno = save_errno;
return SIGFUNC_RETURN;
}
/*
** MARK_WORK_GROUP_RESTART -- mark a work group as needing a restart
**
** Sets a workgroup for restarting.
**
** Parameters:
** wgrp -- the work group id to restart.
** reason -- why (signal?), -1 to turn off restart
**
** Returns:
** none.
**
** Side effects:
** May set global RestartWorkGroup to true.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
void
mark_work_group_restart(wgrp, reason)
int wgrp;
int reason;
{
if (wgrp < 0 || wgrp > NumWorkGroups)
return;
WorkGrp[wgrp].wg_restart = reason;
if (reason >= 0)
RestartWorkGroup = true;
}
/*
** RESTART_MARKED_WORK_GROUPS -- restart work groups marked as needing restart
**
** Restart any workgroup marked as needing a restart provided more
** runners are allowed.
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side effects:
** Sets global RestartWorkGroup to false.
*/
void
restart_marked_work_groups()
{
int i;
int wasblocked;
if (NoMoreRunners)
return;
/* Block SIGCHLD so reapchild() doesn't mess with us */
wasblocked = sm_blocksignal(SIGCHLD);
for (i = 0; i < NumWorkGroups; i++)
{
if (WorkGrp[i].wg_restart >= 0)
{
if (LogLevel > 8)
sm_syslog(LOG_ERR, NOQID,
"restart queue runner=%d due to signal 0x%x",
i, WorkGrp[i].wg_restart);
restart_work_group(i);
}
}
RestartWorkGroup = false;
if (wasblocked == 0)
(void) sm_releasesignal(SIGCHLD);
}
/*
** RESTART_WORK_GROUP -- restart a specific work group
**
** Restart a specific workgroup provided more runners are allowed.
** If the requested work group has been restarted too many times log
** this and refuse to restart.
**
** Parameters:
** wgrp -- the work group id to restart
**
** Returns:
** none.
**
** Side Effects:
** starts another process doing the work of wgrp
*/
#define MAX_PERSIST_RESTART 10 /* max allowed number of restarts */
static void
restart_work_group(wgrp)
int wgrp;
{
if (NoMoreRunners ||
wgrp < 0 || wgrp > NumWorkGroups)
return;
WorkGrp[wgrp].wg_restart = -1;
if (WorkGrp[wgrp].wg_restartcnt < MAX_PERSIST_RESTART)
{
/* avoid overflow; increment here */
WorkGrp[wgrp].wg_restartcnt++;
(void) run_work_group(wgrp, RWG_FORK|RWG_PERSISTENT|RWG_RUNALL);
}
else
{
sm_syslog(LOG_ERR, NOQID,
"ERROR: persistent queue runner=%d restarted too many times, queue runner lost",
wgrp);
}
}
/*
** SCHEDULE_QUEUE_RUNS -- schedule the next queue run for a work group.
**
** Parameters:
** runall -- schedule even if individual bit is not set.
** wgrp -- the work group id to schedule.
** didit -- the queue run was performed for this work group.
**
** Returns:
** nothing
*/
#define INCR_MOD(v, m) if (++v >= m) \
v = 0; \
else
static void
schedule_queue_runs(runall, wgrp, didit)
bool runall;
int wgrp;
bool didit;
{
int qgrp, cgrp, endgrp;
#if _FFR_QUEUE_SCHED_DBG
time_t lastsched;
bool sched;
-#endif /* _FFR_QUEUE_SCHED_DBG */
+#endif
time_t now;
time_t minqintvl;
/*
** This is a bit ugly since we have to duplicate the
** code that "walks" through a work queue group.
*/
now = curtime();
minqintvl = 0;
cgrp = endgrp = WorkGrp[wgrp].wg_curqgrp;
do
{
time_t qintvl;
#if _FFR_QUEUE_SCHED_DBG
lastsched = 0;
sched = false;
-#endif /* _FFR_QUEUE_SCHED_DBG */
+#endif
qgrp = WorkGrp[wgrp].wg_qgs[cgrp]->qg_index;
if (Queue[qgrp]->qg_queueintvl > 0)
qintvl = Queue[qgrp]->qg_queueintvl;
else if (QueueIntvl > 0)
qintvl = QueueIntvl;
else
qintvl = (time_t) 0;
#if _FFR_QUEUE_SCHED_DBG
lastsched = Queue[qgrp]->qg_nextrun;
-#endif /* _FFR_QUEUE_SCHED_DBG */
+#endif
if ((runall || Queue[qgrp]->qg_nextrun <= now) && qintvl > 0)
{
#if _FFR_QUEUE_SCHED_DBG
sched = true;
-#endif /* _FFR_QUEUE_SCHED_DBG */
+#endif
if (minqintvl == 0 || qintvl < minqintvl)
minqintvl = qintvl;
/*
** Only set a new time if a queue run was performed
** for this queue group. If the queue was not run,
** we could starve it by setting a new time on each
** call.
*/
if (didit)
Queue[qgrp]->qg_nextrun += qintvl;
}
#if _FFR_QUEUE_SCHED_DBG
if (tTd(69, 10))
sm_syslog(LOG_INFO, NOQID,
"sqr: wgrp=%d, cgrp=%d, qgrp=%d, intvl=%ld, QI=%ld, runall=%d, lastrun=%ld, nextrun=%ld, sched=%d",
- wgrp, cgrp, qgrp, Queue[qgrp]->qg_queueintvl,
- QueueIntvl, runall, lastsched,
- Queue[qgrp]->qg_nextrun, sched);
+ wgrp, cgrp, qgrp,
+ (long) Queue[qgrp]->qg_queueintvl,
+ (long) QueueIntvl, runall, (long) lastsched,
+ (long) Queue[qgrp]->qg_nextrun, sched);
#endif /* _FFR_QUEUE_SCHED_DBG */
INCR_MOD(cgrp, WorkGrp[wgrp].wg_numqgrp);
} while (endgrp != cgrp);
if (minqintvl > 0)
(void) sm_setevent(minqintvl, runqueueevent, 0);
}
#if _FFR_QUEUE_RUN_PARANOIA
/*
** CHECKQUEUERUNNER -- check whether a queue group hasn't been run.
**
** Use this if events may get lost and hence queue runners may not
** be started and mail will pile up in a queue.
**
** Parameters:
** none.
**
** Returns:
** true if a queue run is necessary.
**
** Side Effects:
** may schedule a queue run.
*/
bool
checkqueuerunner()
{
int qgrp;
time_t now, minqintvl;
now = curtime();
minqintvl = 0;
for (qgrp = 0; qgrp < NumQueue && Queue[qgrp] != NULL; qgrp++)
{
time_t qintvl;
if (Queue[qgrp]->qg_queueintvl > 0)
qintvl = Queue[qgrp]->qg_queueintvl;
else if (QueueIntvl > 0)
qintvl = QueueIntvl;
else
qintvl = (time_t) 0;
if (Queue[qgrp]->qg_nextrun <= now - qintvl)
{
if (minqintvl == 0 || qintvl < minqintvl)
minqintvl = qintvl;
if (LogLevel > 1)
sm_syslog(LOG_WARNING, NOQID,
"checkqueuerunner: queue %d should have been run at %s, queue interval %ld",
qgrp,
arpadate(ctime(&Queue[qgrp]->qg_nextrun)),
- qintvl);
+ (long) qintvl);
}
}
if (minqintvl > 0)
{
(void) sm_setevent(minqintvl, runqueueevent, 0);
return true;
}
return false;
}
#endif /* _FFR_QUEUE_RUN_PARANOIA */
/*
** RUNQUEUE -- run the jobs in the queue.
**
** Gets the stuff out of the queue in some presumably logical
** order and processes them.
**
** Parameters:
** forkflag -- true if the queue scanning should be done in
** a child process. We double-fork so it is not our
** child and we don't have to clean up after it.
** false can be ignored if we have multiple queues.
** verbose -- if true, print out status information.
** persistent -- persistent queue runner?
** runall -- run all groups or only a subset (DoQueueRun)?
**
** Returns:
** true if the queue run successfully began.
**
** Side Effects:
** runs things in the mail queue using run_work_group().
** maybe schedules next queue run.
*/
static ENVELOPE QueueEnvelope; /* the queue run envelope */
static time_t LastQueueTime = 0; /* last time a queue ID assigned */
static pid_t LastQueuePid = -1; /* last PID which had a queue ID */
/* values for qp_supdirs */
#define QP_NOSUB 0x0000 /* No subdirectories */
#define QP_SUBDF 0x0001 /* "df" subdirectory */
#define QP_SUBQF 0x0002 /* "qf" subdirectory */
#define QP_SUBXF 0x0004 /* "xf" subdirectory */
bool
runqueue(forkflag, verbose, persistent, runall)
bool forkflag;
bool verbose;
bool persistent;
bool runall;
{
int i;
bool ret = true;
static int curnum = 0;
sigfunc_t cursh;
#if SM_HEAP_CHECK
SM_NONVOLATILE int oldgroup = 0;
if (sm_debug_active(&DebugLeakQ, 1))
{
oldgroup = sm_heap_group();
sm_heap_newgroup();
sm_dprintf("runqueue() heap group #%d\n", sm_heap_group());
}
#endif /* SM_HEAP_CHECK */
/* queue run has been started, don't do any more this time */
DoQueueRun = false;
/* more than one queue or more than one directory per queue */
if (!forkflag && !verbose &&
(WorkGrp[0].wg_qgs[0]->qg_numqueues > 1 || NumWorkGroups > 1 ||
WorkGrp[0].wg_numqgrp > 1))
forkflag = true;
/*
** For controlling queue runners via signals sent to this process.
** Oldsh* will get called too by runners_sig* (if it is not SIG_IGN
** or SIG_DFL) to preserve cleanup behavior. Now that this process
** will have children (and perhaps grandchildren) this handler will
** be left in place. This is because this process, once it has
** finished spinning off queue runners, may go back to doing something
** else (like being a daemon). And we still want on a SIG{TERM,HUP} to
** clean up the child queue runners. Only install 'runners_sig*' once
** else we'll get stuck looping forever.
*/
cursh = sm_signal(SIGTERM, runners_sigterm);
if (cursh != runners_sigterm)
Oldsh_term = cursh;
cursh = sm_signal(SIGHUP, runners_sighup);
if (cursh != runners_sighup)
Oldsh_hup = cursh;
for (i = 0; i < NumWorkGroups && !NoMoreRunners; i++)
{
int rwgflags = RWG_NONE;
int wasblocked;
/*
** If MaxQueueChildren active then test whether the start
** of the next queue group's additional queue runners (maximum)
** will result in MaxQueueChildren being exceeded.
**
** Note: do not use continue; even though another workgroup
** may have fewer queue runners, this would be "unfair",
** i.e., this work group might "starve" then.
*/
#if _FFR_QUEUE_SCHED_DBG
if (tTd(69, 10))
sm_syslog(LOG_INFO, NOQID,
"rq: curnum=%d, MaxQueueChildren=%d, CurRunners=%d, WorkGrp[curnum].wg_maxact=%d",
curnum, MaxQueueChildren, CurRunners,
WorkGrp[curnum].wg_maxact);
#endif /* _FFR_QUEUE_SCHED_DBG */
if (MaxQueueChildren > 0 &&
CurRunners + WorkGrp[curnum].wg_maxact > MaxQueueChildren)
break;
/*
** Pick up where we left off (curnum), in case we
** used up all the children last time without finishing.
** This give a round-robin fairness to queue runs.
**
** Increment CurRunners before calling run_work_group()
** to avoid a "race condition" with proc_list_drop() which
** decrements CurRunners if the queue runners terminate.
** Notice: CurRunners is an upper limit, in some cases
** (too few jobs in the queue) this value is larger than
** the actual number of queue runners. The discrepancy can
** increase if some queue runners "hang" for a long time.
*/
/* don't let proc_list_drop() change CurRunners */
wasblocked = sm_blocksignal(SIGCHLD);
CurRunners += WorkGrp[curnum].wg_maxact;
if (wasblocked == 0)
(void) sm_releasesignal(SIGCHLD);
if (forkflag)
rwgflags |= RWG_FORK;
if (verbose)
rwgflags |= RWG_VERBOSE;
if (persistent)
rwgflags |= RWG_PERSISTENT;
if (runall)
rwgflags |= RWG_RUNALL;
ret = run_work_group(curnum, rwgflags);
/*
** Failure means a message was printed for ETRN
** and subsequent queues are likely to fail as well.
** Decrement CurRunners in that case because
** none have been started.
*/
if (!ret)
{
/* don't let proc_list_drop() change CurRunners */
wasblocked = sm_blocksignal(SIGCHLD);
CurRunners -= WorkGrp[curnum].wg_maxact;
CHK_CUR_RUNNERS("runqueue", curnum,
WorkGrp[curnum].wg_maxact);
if (wasblocked == 0)
(void) sm_releasesignal(SIGCHLD);
break;
}
if (!persistent)
schedule_queue_runs(runall, curnum, true);
INCR_MOD(curnum, NumWorkGroups);
}
/* schedule left over queue runs */
if (i < NumWorkGroups && !NoMoreRunners && !persistent)
{
int h;
for (h = curnum; i < NumWorkGroups; i++)
{
schedule_queue_runs(runall, h, false);
INCR_MOD(h, NumWorkGroups);
}
}
#if SM_HEAP_CHECK
if (sm_debug_active(&DebugLeakQ, 1))
sm_heap_setgroup(oldgroup);
-#endif /* SM_HEAP_CHECK */
+#endif
return ret;
}
#if _FFR_SKIP_DOMAINS
/*
** SKIP_DOMAINS -- Skip 'skip' number of domains in the WorkQ.
**
** Added by Stephen Frost <sfrost@snowman.net> to support
** having each runner process every N'th domain instead of
** every N'th message.
**
** Parameters:
** skip -- number of domains in WorkQ to skip.
**
** Returns:
** total number of messages skipped.
**
** Side Effects:
** may change WorkQ
*/
static int
skip_domains(skip)
int skip;
{
int n, seqjump;
for (n = 0, seqjump = 0; n < skip && WorkQ != NULL; seqjump++)
{
if (WorkQ->w_next != NULL)
{
if (WorkQ->w_host != NULL &&
WorkQ->w_next->w_host != NULL)
{
if (sm_strcasecmp(WorkQ->w_host,
WorkQ->w_next->w_host) != 0)
n++;
}
else
{
if ((WorkQ->w_host != NULL &&
WorkQ->w_next->w_host == NULL) ||
(WorkQ->w_host == NULL &&
WorkQ->w_next->w_host != NULL))
n++;
}
}
WorkQ = WorkQ->w_next;
}
return seqjump;
}
#endif /* _FFR_SKIP_DOMAINS */
/*
** RUNNER_WORK -- have a queue runner do its work
**
** Have a queue runner do its work a list of entries.
** When work isn't directly being done then this process can take a signal
** and terminate immediately (in a clean fashion of course).
** When work is directly being done, it's not to be interrupted
** immediately: the work should be allowed to finish at a clean point
** before termination (in a clean fashion of course).
**
** Parameters:
** e -- envelope.
** sequenceno -- 'th process to run WorkQ.
** didfork -- did the calling process fork()?
** skip -- process only each skip'th item.
** njobs -- number of jobs in WorkQ.
**
** Returns:
** none.
**
** Side Effects:
** runs things in the mail queue.
*/
static void
runner_work(e, sequenceno, didfork, skip, njobs)
register ENVELOPE *e;
int sequenceno;
bool didfork;
int skip;
int njobs;
{
int n, seqjump;
WORK *w;
time_t now;
SM_GET_LA(now);
/*
** Here we temporarily block the second calling of the handlers.
** This allows us to handle the signal without terminating in the
** middle of direct work. If a signal does come, the test for
** NoMoreRunners will find it.
*/
BlockOldsh = true;
seqjump = skip;
/* process them once at a time */
while (WorkQ != NULL)
{
#if SM_HEAP_CHECK
SM_NONVOLATILE int oldgroup = 0;
if (sm_debug_active(&DebugLeakQ, 1))
{
oldgroup = sm_heap_group();
sm_heap_newgroup();
sm_dprintf("run_queue_group() heap group #%d\n",
sm_heap_group());
}
#endif /* SM_HEAP_CHECK */
/* do no more work */
if (NoMoreRunners)
{
/* Check that a valid signal handler is callable */
if (Oldsh != SIG_DFL && Oldsh != SIG_IGN &&
Oldsh != runners_sighup &&
Oldsh != runners_sigterm)
(*Oldsh)(Oldsig);
break;
}
w = WorkQ; /* assign current work item */
/*
** Set the head of the WorkQ to the next work item.
** It is set 'skip' ahead (the number of parallel queue
** runners working on WorkQ together) since each runner
** works on every 'skip'th (N-th) item.
#if _FFR_SKIP_DOMAINS
** In the case of the BYHOST Queue Sort Order, the 'item'
** is a domain, so we work on every 'skip'th (N-th) domain.
-#endif * _FFR_SKIP_DOMAINS *
+#endif
*/
#if _FFR_SKIP_DOMAINS
if (QueueSortOrder == QSO_BYHOST)
{
seqjump = 1;
if (WorkQ->w_next != NULL)
{
if (WorkQ->w_host != NULL &&
WorkQ->w_next->w_host != NULL)
{
if (sm_strcasecmp(WorkQ->w_host,
WorkQ->w_next->w_host)
!= 0)
seqjump = skip_domains(skip);
else
WorkQ = WorkQ->w_next;
}
else
{
if ((WorkQ->w_host != NULL &&
WorkQ->w_next->w_host == NULL) ||
(WorkQ->w_host == NULL &&
WorkQ->w_next->w_host != NULL))
seqjump = skip_domains(skip);
else
WorkQ = WorkQ->w_next;
}
}
else
WorkQ = WorkQ->w_next;
}
else
#endif /* _FFR_SKIP_DOMAINS */
{
for (n = 0; n < skip && WorkQ != NULL; n++)
WorkQ = WorkQ->w_next;
}
e->e_to = NULL;
/*
** Ignore jobs that are too expensive for the moment.
**
** Get new load average every GET_NEW_LA_TIME seconds.
*/
SM_GET_LA(now);
if (shouldqueue(WkRecipFact, Current_LA_time))
{
char *msg = "Aborting queue run: load average too high";
if (Verbose)
message("%s", msg);
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg);
break;
}
if (shouldqueue(w->w_pri, w->w_ctime))
{
if (Verbose)
message("%s", "");
if (QueueSortOrder == QSO_BYPRIORITY)
{
if (Verbose)
message("Skipping %s/%s (sequence %d of %d) and flushing rest of queue",
qid_printqueue(w->w_qgrp,
w->w_qdir),
w->w_name + 2, sequenceno,
njobs);
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID,
"runqueue: Flushing queue from %s/%s (pri %ld, LA %d, %d of %d)",
qid_printqueue(w->w_qgrp,
w->w_qdir),
w->w_name + 2, w->w_pri,
CurrentLA, sequenceno,
njobs);
break;
}
else if (Verbose)
message("Skipping %s/%s (sequence %d of %d)",
qid_printqueue(w->w_qgrp, w->w_qdir),
w->w_name + 2, sequenceno, njobs);
}
else
{
if (Verbose)
{
message("%s", "");
message("Running %s/%s (sequence %d of %d)",
qid_printqueue(w->w_qgrp, w->w_qdir),
w->w_name + 2, sequenceno, njobs);
}
if (didfork && MaxQueueChildren > 0)
{
sm_blocksignal(SIGCHLD);
(void) sm_signal(SIGCHLD, reapchild);
}
if (tTd(63, 100))
sm_syslog(LOG_DEBUG, NOQID,
"runqueue %s dowork(%s)",
qid_printqueue(w->w_qgrp, w->w_qdir),
w->w_name + 2);
(void) dowork(w->w_qgrp, w->w_qdir, w->w_name + 2,
ForkQueueRuns, false, e);
errno = 0;
}
sm_free(w->w_name); /* XXX */
if (w->w_host != NULL)
sm_free(w->w_host); /* XXX */
sm_free((char *) w); /* XXX */
sequenceno += seqjump; /* next sequence number */
#if SM_HEAP_CHECK
if (sm_debug_active(&DebugLeakQ, 1))
sm_heap_setgroup(oldgroup);
-#endif /* SM_HEAP_CHECK */
+#endif
+#if _FFR_TESTS
+ if (tTd(76, 101))
+ {
+ int sl;
+
+ sl = tTdlevel(76) - 100;
+ sm_dprintf("run_work_group: sleep=%d\n", sl);
+ sleep(sl);
+ }
+#endif
}
BlockOldsh = false;
/* check the signals didn't happen during the revert */
if (NoMoreRunners)
{
/* Check that a valid signal handler is callable */
if (Oldsh != SIG_DFL && Oldsh != SIG_IGN &&
Oldsh != runners_sighup && Oldsh != runners_sigterm)
(*Oldsh)(Oldsig);
}
Oldsh = SIG_DFL; /* after the NoMoreRunners check */
}
/*
** RUN_WORK_GROUP -- run the jobs in a queue group from a work group.
**
** Gets the stuff out of the queue in some presumably logical
** order and processes them.
**
** Parameters:
** wgrp -- work group to process.
** flags -- RWG_* flags
**
** Returns:
** true if the queue run successfully began.
**
** Side Effects:
** runs things in the mail queue.
*/
/* Minimum sleep time for persistent queue runners */
#define MIN_SLEEP_TIME 5
bool
run_work_group(wgrp, flags)
int wgrp;
int flags;
{
register ENVELOPE *e;
int njobs, qdir;
int sequenceno = 1;
int qgrp, endgrp, h, i;
time_t now;
bool full, more;
SM_RPOOL_T *rpool;
extern ENVELOPE BlankEnvelope;
extern SIGFUNC_DECL reapchild __P((int));
if (wgrp < 0)
return false;
/*
** If no work will ever be selected, don't even bother reading
** the queue.
*/
SM_GET_LA(now);
if (!bitset(RWG_PERSISTENT, flags) &&
shouldqueue(WkRecipFact, Current_LA_time))
{
char *msg = "Skipping queue run -- load average too high";
if (bitset(RWG_VERBOSE, flags))
message("458 %s\n", msg);
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg);
return false;
}
/*
** See if we already have too many children.
*/
if (bitset(RWG_FORK, flags) &&
WorkGrp[wgrp].wg_lowqintvl > 0 &&
!bitset(RWG_PERSISTENT, flags) &&
MaxChildren > 0 && CurChildren >= MaxChildren)
{
char *msg = "Skipping queue run -- too many children";
if (bitset(RWG_VERBOSE, flags))
message("458 %s (%d)\n", msg, CurChildren);
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID, "runqueue: %s (%d)",
msg, CurChildren);
return false;
}
/*
** See if we want to go off and do other useful work.
*/
if (bitset(RWG_FORK, flags))
{
pid_t pid;
(void) sm_blocksignal(SIGCHLD);
(void) sm_signal(SIGCHLD, reapchild);
pid = dofork();
if (pid == -1)
{
const char *msg = "Skipping queue run -- fork() failed";
const char *err = sm_errstring(errno);
if (bitset(RWG_VERBOSE, flags))
message("458 %s: %s\n", msg, err);
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID, "runqueue: %s: %s",
msg, err);
(void) sm_releasesignal(SIGCHLD);
return false;
}
if (pid != 0)
{
/* parent -- pick up intermediate zombie */
(void) sm_blocksignal(SIGALRM);
/* wgrp only used when queue runners are persistent */
proc_list_add(pid, "Queue runner", PROC_QUEUE,
WorkGrp[wgrp].wg_maxact,
bitset(RWG_PERSISTENT, flags) ? wgrp : -1,
NULL);
(void) sm_releasesignal(SIGALRM);
(void) sm_releasesignal(SIGCHLD);
return true;
}
/* child -- clean up signals */
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
CurrentPid = getpid();
close_sendmail_pid();
/*
** Initialize exception stack and default exception
** handler for child process.
*/
sm_exc_newthread(fatal_error);
clrcontrol();
proc_list_clear();
/* Add parent process as first child item */
proc_list_add(CurrentPid, "Queue runner child process",
PROC_QUEUE_CHILD, 0, -1, NULL);
(void) sm_releasesignal(SIGCHLD);
(void) sm_signal(SIGCHLD, SIG_DFL);
(void) sm_signal(SIGHUP, SIG_DFL);
(void) sm_signal(SIGTERM, intsig);
}
/*
** Release any resources used by the daemon code.
*/
clrdaemon();
/* force it to run expensive jobs */
NoConnect = false;
/* drop privileges */
if (geteuid() == (uid_t) 0)
(void) drop_privileges(false);
/*
** Create ourselves an envelope
*/
CurEnv = &QueueEnvelope;
rpool = sm_rpool_new_x(NULL);
e = newenvelope(&QueueEnvelope, CurEnv, rpool);
e->e_flags = BlankEnvelope.e_flags;
e->e_parent = NULL;
/* make sure we have disconnected from parent */
if (bitset(RWG_FORK, flags))
{
disconnect(1, e);
QuickAbort = false;
}
/*
** If we are running part of the queue, always ignore stored
** host status.
*/
if (QueueLimitId != NULL || QueueLimitSender != NULL ||
QueueLimitQuarantine != NULL ||
QueueLimitRecipient != NULL)
{
IgnoreHostStatus = true;
MinQueueAge = 0;
MaxQueueAge = 0;
}
/*
** Here is where we choose the queue group from the work group.
** The caller of the "domorework" label must setup a new envelope.
*/
endgrp = WorkGrp[wgrp].wg_curqgrp; /* to not spin endlessly */
domorework:
/*
** Run a queue group if:
** RWG_RUNALL bit is set or the bit for this group is set.
*/
now = curtime();
for (;;)
{
/*
** Find the next queue group within the work group that
** has been marked as needing a run.
*/
qgrp = WorkGrp[wgrp].wg_qgs[WorkGrp[wgrp].wg_curqgrp]->qg_index;
WorkGrp[wgrp].wg_curqgrp++; /* advance */
WorkGrp[wgrp].wg_curqgrp %= WorkGrp[wgrp].wg_numqgrp; /* wrap */
if (bitset(RWG_RUNALL, flags) ||
(Queue[qgrp]->qg_nextrun <= now &&
Queue[qgrp]->qg_nextrun != (time_t) -1))
break;
if (endgrp == WorkGrp[wgrp].wg_curqgrp)
{
e->e_id = NULL;
if (bitset(RWG_FORK, flags))
finis(true, true, ExitStat);
return true; /* we're done */
}
}
qdir = Queue[qgrp]->qg_curnum; /* round-robin init of queue position */
#if _FFR_QUEUE_SCHED_DBG
if (tTd(69, 12))
sm_syslog(LOG_INFO, NOQID,
"rwg: wgrp=%d, qgrp=%d, qdir=%d, name=%s, curqgrp=%d, numgrps=%d",
wgrp, qgrp, qdir, qid_printqueue(qgrp, qdir),
WorkGrp[wgrp].wg_curqgrp, WorkGrp[wgrp].wg_numqgrp);
#endif /* _FFR_QUEUE_SCHED_DBG */
#if HASNICE
/* tweak niceness of queue runs */
if (Queue[qgrp]->qg_nice > 0)
(void) nice(Queue[qgrp]->qg_nice);
-#endif /* HASNICE */
+#endif
/* XXX running queue group... */
sm_setproctitle(true, CurEnv, "running queue: %s",
qid_printqueue(qgrp, qdir));
if (LogLevel > 69 || tTd(63, 99))
sm_syslog(LOG_DEBUG, NOQID,
"runqueue %s, pid=%d, forkflag=%d",
qid_printqueue(qgrp, qdir), (int) CurrentPid,
bitset(RWG_FORK, flags));
/*
** Start making passes through the queue.
** First, read and sort the entire queue.
** Then, process the work in that order.
** But if you take too long, start over.
*/
for (i = 0; i < Queue[qgrp]->qg_numqueues; i++)
{
(void) gatherq(qgrp, qdir, false, &full, &more, &h);
#if SM_CONF_SHM
if (ShmId != SM_SHM_NO_ID)
QSHM_ENTRIES(Queue[qgrp]->qg_qpaths[qdir].qp_idx) = h;
-#endif /* SM_CONF_SHM */
+#endif
/* If there are no more items in this queue advance */
if (!more)
{
/* A round-robin advance */
qdir++;
qdir %= Queue[qgrp]->qg_numqueues;
}
/* Has the WorkList reached the limit? */
if (full)
break; /* don't try to gather more */
}
/* order the existing work requests */
njobs = sortq(Queue[qgrp]->qg_maxlist);
Queue[qgrp]->qg_curnum = qdir; /* update */
if (!Verbose && bitnset(QD_FORK, Queue[qgrp]->qg_flags))
{
int loop, maxrunners;
pid_t pid;
/*
** For this WorkQ we want to fork off N children (maxrunners)
** at this point. Each child has a copy of WorkQ. Each child
** will process every N-th item. The parent will wait for all
** of the children to finish before moving on to the next
** queue group within the work group. This saves us forking
** a new runner-child for each work item.
** It's valid for qg_maxqrun == 0 since this may be an
** explicit "don't run this queue" setting.
*/
maxrunners = Queue[qgrp]->qg_maxqrun;
/*
** If no runners are configured for this group but
** the queue is "forced" then lets use 1 runner.
*/
if (maxrunners == 0 && bitset(RWG_FORCE, flags))
maxrunners = 1;
/* No need to have more runners then there are jobs */
if (maxrunners > njobs)
maxrunners = njobs;
for (loop = 0; loop < maxrunners; loop++)
{
/*
** Since the delivery may happen in a child and the
** parent does not wait, the parent may close the
** maps thereby removing any shared memory used by
** the map. Therefore, close the maps now so the
** child will dynamically open them if necessary.
*/
closemaps(false);
pid = fork();
if (pid < 0)
{
syserr("run_work_group: cannot fork");
return false;
}
else if (pid > 0)
{
/* parent -- clean out connection cache */
mci_flush(false, NULL);
#if _FFR_SKIP_DOMAINS
if (QueueSortOrder == QSO_BYHOST)
{
sequenceno += skip_domains(1);
}
else
#endif /* _FFR_SKIP_DOMAINS */
{
/* for the skip */
WorkQ = WorkQ->w_next;
sequenceno++;
}
proc_list_add(pid, "Queue child runner process",
PROC_QUEUE_CHILD, 0, -1, NULL);
/* No additional work, no additional runners */
if (WorkQ == NULL)
break;
}
else
{
/* child -- Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
CurrentPid = getpid();
close_sendmail_pid();
/*
** Initialize exception stack and default
** exception handler for child process.
** When fork()'d the child now has a private
** copy of WorkQ at its current position.
*/
sm_exc_newthread(fatal_error);
/*
** SMTP processes (whether -bd or -bs) set
** SIGCHLD to reapchild to collect
** children status. However, at delivery
** time, that status must be collected
** by sm_wait() to be dealt with properly
** (check success of delivery based
** on status code, etc). Therefore, if we
** are an SMTP process, reset SIGCHLD
** back to the default so reapchild
** doesn't collect status before
** sm_wait().
*/
if (OpMode == MD_SMTP ||
OpMode == MD_DAEMON ||
MaxQueueChildren > 0)
{
proc_list_clear();
sm_releasesignal(SIGCHLD);
(void) sm_signal(SIGCHLD, SIG_DFL);
}
/* child -- error messages to the transcript */
QuickAbort = OnlyOneError = false;
runner_work(e, sequenceno, true,
maxrunners, njobs);
/* This child is done */
finis(true, true, ExitStat);
/* NOTREACHED */
}
}
sm_releasesignal(SIGCHLD);
/*
** Wait until all of the runners have completed before
** seeing if there is another queue group in the
** work group to process.
** XXX Future enhancement: don't wait() for all children
** here, just go ahead and make sure that overall the number
** of children is not exceeded.
*/
while (CurChildren > 0)
{
int status;
pid_t ret;
while ((ret = sm_wait(&status)) <= 0)
continue;
proc_list_drop(ret, status, NULL);
}
}
else if (Queue[qgrp]->qg_maxqrun > 0 || bitset(RWG_FORCE, flags))
{
/*
** When current process will not fork children to do the work,
** it will do the work itself. The 'skip' will be 1 since
** there are no child runners to divide the work across.
*/
runner_work(e, sequenceno, false, 1, njobs);
}
/* free memory allocated by newenvelope() above */
sm_rpool_free(rpool);
QueueEnvelope.e_rpool = NULL;
/* Are there still more queues in the work group to process? */
if (endgrp != WorkGrp[wgrp].wg_curqgrp)
{
rpool = sm_rpool_new_x(NULL);
e = newenvelope(&QueueEnvelope, CurEnv, rpool);
e->e_flags = BlankEnvelope.e_flags;
goto domorework;
}
/* No more queues in work group to process. Now check persistent. */
if (bitset(RWG_PERSISTENT, flags))
{
sequenceno = 1;
sm_setproctitle(true, NULL, "running queue: %s",
qid_printqueue(qgrp, qdir));
/*
** close bogus maps, i.e., maps which caused a tempfail,
** so we get fresh map connections on the next lookup.
** closemaps() is also called when children are started.
*/
closemaps(true);
/* Close any cached connections. */
mci_flush(true, NULL);
/* Clean out expired related entries. */
rmexpstab();
#if NAMED_BIND
/* Update MX records for FallbackMX. */
if (FallbackMX != NULL)
(void) getfallbackmxrr(FallbackMX);
-#endif /* NAMED_BIND */
+#endif
#if USERDB
/* close UserDatabase */
_udbx_close();
-#endif /* USERDB */
+#endif
#if SM_HEAP_CHECK
if (sm_debug_active(&SmHeapCheck, 2)
&& access("memdump", F_OK) == 0
)
{
SM_FILE_T *out;
remove("memdump");
out = sm_io_open(SmFtStdio, SM_TIME_DEFAULT,
"memdump.out", SM_IO_APPEND, NULL);
if (out != NULL)
{
(void) sm_io_fprintf(out, SM_TIME_DEFAULT, "----------------------\n");
sm_heap_report(out,
sm_debug_level(&SmHeapCheck) - 1);
(void) sm_io_close(out, SM_TIME_DEFAULT);
}
}
#endif /* SM_HEAP_CHECK */
/* let me rest for a second to catch my breath */
if (njobs == 0 && WorkGrp[wgrp].wg_lowqintvl < MIN_SLEEP_TIME)
sleep(MIN_SLEEP_TIME);
else if (WorkGrp[wgrp].wg_lowqintvl <= 0)
sleep(QueueIntvl > 0 ? QueueIntvl : MIN_SLEEP_TIME);
else
sleep(WorkGrp[wgrp].wg_lowqintvl);
/*
** Get the LA outside the WorkQ loop if necessary.
** In a persistent queue runner the code is repeated over
** and over but gatherq() may ignore entries due to
** shouldqueue() (do we really have to do this twice?).
** Hence the queue runners would just idle around when once
** CurrentLA caused all entries in a queue to be ignored.
*/
if (njobs == 0)
SM_GET_LA(now);
rpool = sm_rpool_new_x(NULL);
e = newenvelope(&QueueEnvelope, CurEnv, rpool);
e->e_flags = BlankEnvelope.e_flags;
goto domorework;
}
/* exit without the usual cleanup */
e->e_id = NULL;
if (bitset(RWG_FORK, flags))
finis(true, true, ExitStat);
/* NOTREACHED */
return true;
}
/*
** DOQUEUERUN -- do a queue run?
*/
bool
doqueuerun()
{
return DoQueueRun;
}
/*
** RUNQUEUEEVENT -- Sets a flag to indicate that a queue run should be done.
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** The invocation of this function via an alarm may interrupt
** a set of actions. Thus errno may be set in that context.
** We need to restore errno at the end of this function to ensure
** that any work done here that sets errno doesn't return a
** misleading/false errno value. Errno may be EINTR upon entry to
** this function because of non-restartable/continuable system
** API was active. Iff this is true we will override errno as
** a timeout (as a more accurate error message).
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
void
runqueueevent(ignore)
int ignore;
{
int save_errno = errno;
/*
** Set the general bit that we want a queue run,
** tested in doqueuerun()
*/
DoQueueRun = true;
#if _FFR_QUEUE_SCHED_DBG
if (tTd(69, 10))
sm_syslog(LOG_INFO, NOQID, "rqe: done");
-#endif /* _FFR_QUEUE_SCHED_DBG */
+#endif
errno = save_errno;
if (errno == EINTR)
errno = ETIMEDOUT;
}
/*
** GATHERQ -- gather messages from the message queue(s) the work queue.
**
** Parameters:
** qgrp -- the index of the queue group.
** qdir -- the index of the queue directory.
** doall -- if set, include everything in the queue (even
** the jobs that cannot be run because the load
** average is too high, or MaxQueueRun is reached).
** Otherwise, exclude those jobs.
** full -- (optional) to be set 'true' if WorkList is full
** more -- (optional) to be set 'true' if there are still more
** messages in this queue not added to WorkList
** pnentries -- (optional) total nuber of entries in queue
**
** Returns:
** The number of request in the queue (not necessarily
** the number of requests in WorkList however).
**
** Side Effects:
** prepares available work into WorkList
*/
#define NEED_P 0001 /* 'P': priority */
#define NEED_T 0002 /* 'T': time */
#define NEED_R 0004 /* 'R': recipient */
#define NEED_S 0010 /* 'S': sender */
#define NEED_H 0020 /* host */
#define HAS_QUARANTINE 0040 /* has an unexpected 'q' line */
#define NEED_QUARANTINE 0100 /* 'q': reason */
static WORK *WorkList = NULL; /* list of unsort work */
static int WorkListSize = 0; /* current max size of WorkList */
static int WorkListCount = 0; /* # of work items in WorkList */
static int
gatherq(qgrp, qdir, doall, full, more, pnentries)
int qgrp;
int qdir;
bool doall;
bool *full;
bool *more;
int *pnentries;
{
register struct dirent *d;
register WORK *w;
register char *p;
DIR *f;
int i, num_ent, wn, nentries;
QUEUE_CHAR *check;
char qd[MAXPATHLEN];
char qf[MAXPATHLEN];
wn = WorkListCount - 1;
num_ent = 0;
nentries = 0;
if (qdir == NOQDIR)
(void) sm_strlcpy(qd, ".", sizeof(qd));
else
(void) sm_strlcpyn(qd, sizeof(qd), 2,
Queue[qgrp]->qg_qpaths[qdir].qp_name,
(bitset(QP_SUBQF,
Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
? "/qf" : ""));
if (tTd(41, 1))
{
- sm_dprintf("gatherq:\n");
+ sm_dprintf("gatherq: %s\n", qd);
check = QueueLimitId;
while (check != NULL)
{
sm_dprintf("\tQueueLimitId = %s%s\n",
check->queue_negate ? "!" : "",
check->queue_match);
check = check->queue_next;
}
check = QueueLimitSender;
while (check != NULL)
{
sm_dprintf("\tQueueLimitSender = %s%s\n",
check->queue_negate ? "!" : "",
check->queue_match);
check = check->queue_next;
}
check = QueueLimitRecipient;
while (check != NULL)
{
sm_dprintf("\tQueueLimitRecipient = %s%s\n",
check->queue_negate ? "!" : "",
check->queue_match);
check = check->queue_next;
}
if (QueueMode == QM_QUARANTINE)
{
check = QueueLimitQuarantine;
while (check != NULL)
{
sm_dprintf("\tQueueLimitQuarantine = %s%s\n",
check->queue_negate ? "!" : "",
check->queue_match);
check = check->queue_next;
}
}
}
/* open the queue directory */
f = opendir(qd);
if (f == NULL)
{
syserr("gatherq: cannot open \"%s\"",
qid_printqueue(qgrp, qdir));
if (full != NULL)
*full = WorkListCount >= MaxQueueRun && MaxQueueRun > 0;
if (more != NULL)
*more = false;
return 0;
}
/*
** Read the work directory.
*/
while ((d = readdir(f)) != NULL)
{
SM_FILE_T *cf;
int qfver = 0;
char lbuf[MAXNAME + 1];
struct stat sbuf;
if (tTd(41, 50))
sm_dprintf("gatherq: checking %s..", d->d_name);
/* is this an interesting entry? */
if (!(((QueueMode == QM_NORMAL &&
d->d_name[0] == NORMQF_LETTER) ||
(QueueMode == QM_QUARANTINE &&
d->d_name[0] == QUARQF_LETTER) ||
(QueueMode == QM_LOST &&
d->d_name[0] == LOSEQF_LETTER)) &&
d->d_name[1] == 'f'))
{
if (tTd(41, 50))
sm_dprintf(" skipping\n");
continue;
}
if (tTd(41, 50))
sm_dprintf("\n");
if (strlen(d->d_name) >= MAXQFNAME)
{
if (Verbose)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"gatherq: %s too long, %d max characters\n",
d->d_name, MAXQFNAME);
if (LogLevel > 0)
sm_syslog(LOG_ALERT, NOQID,
"gatherq: %s too long, %d max characters",
d->d_name, MAXQFNAME);
continue;
}
++nentries;
check = QueueLimitId;
while (check != NULL)
{
if (strcontainedin(false, check->queue_match,
d->d_name) != check->queue_negate)
break;
else
check = check->queue_next;
}
if (QueueLimitId != NULL && check == NULL)
continue;
/* grow work list if necessary */
if (++wn >= MaxQueueRun && MaxQueueRun > 0)
{
if (wn == MaxQueueRun && LogLevel > 0)
sm_syslog(LOG_WARNING, NOQID,
"WorkList for %s maxed out at %d",
qid_printqueue(qgrp, qdir),
MaxQueueRun);
if (doall)
continue; /* just count entries */
break;
}
if (wn >= WorkListSize)
{
grow_wlist(qgrp, qdir);
if (wn >= WorkListSize)
continue;
}
SM_ASSERT(wn >= 0);
w = &WorkList[wn];
(void) sm_strlcpyn(qf, sizeof(qf), 3, qd, "/", d->d_name);
if (stat(qf, &sbuf) < 0)
{
if (errno != ENOENT)
sm_syslog(LOG_INFO, NOQID,
"gatherq: can't stat %s/%s",
qid_printqueue(qgrp, qdir),
d->d_name);
wn--;
continue;
}
if (!bitset(S_IFREG, sbuf.st_mode))
{
/* Yikes! Skip it or we will hang on open! */
if (!((d->d_name[0] == DATAFL_LETTER ||
d->d_name[0] == NORMQF_LETTER ||
d->d_name[0] == QUARQF_LETTER ||
d->d_name[0] == LOSEQF_LETTER ||
d->d_name[0] == XSCRPT_LETTER) &&
d->d_name[1] == 'f' && d->d_name[2] == '\0'))
syserr("gatherq: %s/%s is not a regular file",
qid_printqueue(qgrp, qdir), d->d_name);
wn--;
continue;
}
/* avoid work if possible */
if ((QueueSortOrder == QSO_BYFILENAME ||
QueueSortOrder == QSO_BYMODTIME ||
QueueSortOrder == QSO_NONE ||
QueueSortOrder == QSO_RANDOM) &&
QueueLimitQuarantine == NULL &&
QueueLimitSender == NULL &&
QueueLimitRecipient == NULL)
{
w->w_qgrp = qgrp;
w->w_qdir = qdir;
w->w_name = newstr(d->d_name);
w->w_host = NULL;
w->w_lock = w->w_tooyoung = false;
w->w_pri = 0;
w->w_ctime = 0;
w->w_mtime = sbuf.st_mtime;
++num_ent;
continue;
}
/* open control file */
cf = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDONLY_B,
NULL);
if (cf == NULL && OpMode != MD_PRINT)
{
/* this may be some random person sending hir msgs */
if (tTd(41, 2))
sm_dprintf("gatherq: cannot open %s: %s\n",
d->d_name, sm_errstring(errno));
errno = 0;
wn--;
continue;
}
w->w_qgrp = qgrp;
w->w_qdir = qdir;
w->w_name = newstr(d->d_name);
w->w_host = NULL;
if (cf != NULL)
{
w->w_lock = !lockfile(sm_io_getinfo(cf, SM_IO_WHAT_FD,
NULL),
w->w_name, NULL,
LOCK_SH|LOCK_NB);
}
w->w_tooyoung = false;
/* make sure jobs in creation don't clog queue */
w->w_pri = 0x7fffffff;
w->w_ctime = 0;
w->w_mtime = sbuf.st_mtime;
/* extract useful information */
i = NEED_P|NEED_T;
if (QueueSortOrder == QSO_BYHOST
#if _FFR_RHS
|| QueueSortOrder == QSO_BYSHUFFLE
-#endif /* _FFR_RHS */
+#endif
)
{
/* need w_host set for host sort order */
i |= NEED_H;
}
if (QueueLimitSender != NULL)
i |= NEED_S;
if (QueueLimitRecipient != NULL)
i |= NEED_R;
if (QueueLimitQuarantine != NULL)
i |= NEED_QUARANTINE;
while (cf != NULL && i != 0 &&
sm_io_fgets(cf, SM_TIME_DEFAULT, lbuf,
sizeof(lbuf)) >= 0)
{
int c;
time_t age;
p = strchr(lbuf, '\n');
if (p != NULL)
*p = '\0';
else
{
/* flush rest of overly long line */
while ((c = sm_io_getc(cf, SM_TIME_DEFAULT))
!= SM_IO_EOF && c != '\n')
continue;
}
switch (lbuf[0])
{
case 'V':
qfver = atoi(&lbuf[1]);
break;
case 'P':
w->w_pri = atol(&lbuf[1]);
i &= ~NEED_P;
break;
case 'T':
w->w_ctime = atol(&lbuf[1]);
i &= ~NEED_T;
break;
case 'q':
if (QueueMode != QM_QUARANTINE &&
QueueMode != QM_LOST)
{
if (tTd(41, 49))
sm_dprintf("%s not marked as quarantined but has a 'q' line\n",
w->w_name);
i |= HAS_QUARANTINE;
}
else if (QueueMode == QM_QUARANTINE)
{
if (QueueLimitQuarantine == NULL)
{
i &= ~NEED_QUARANTINE;
break;
}
p = &lbuf[1];
check = QueueLimitQuarantine;
while (check != NULL)
{
if (strcontainedin(false,
check->queue_match,
p) !=
check->queue_negate)
break;
else
check = check->queue_next;
}
if (check != NULL)
i &= ~NEED_QUARANTINE;
}
break;
case 'R':
if (w->w_host == NULL &&
(p = strrchr(&lbuf[1], '@')) != NULL)
{
#if _FFR_RHS
if (QueueSortOrder == QSO_BYSHUFFLE)
w->w_host = newstr(&p[1]);
else
-#endif /* _FFR_RHS */
+#endif
w->w_host = strrev(&p[1]);
makelower(w->w_host);
i &= ~NEED_H;
}
if (QueueLimitRecipient == NULL)
{
i &= ~NEED_R;
break;
}
if (qfver > 0)
{
p = strchr(&lbuf[1], ':');
if (p == NULL)
p = &lbuf[1];
else
++p; /* skip over ':' */
}
else
p = &lbuf[1];
check = QueueLimitRecipient;
while (check != NULL)
{
if (strcontainedin(true,
check->queue_match,
p) !=
check->queue_negate)
break;
else
check = check->queue_next;
}
if (check != NULL)
i &= ~NEED_R;
break;
case 'S':
check = QueueLimitSender;
while (check != NULL)
{
if (strcontainedin(true,
check->queue_match,
&lbuf[1]) !=
check->queue_negate)
break;
else
check = check->queue_next;
}
if (check != NULL)
i &= ~NEED_S;
break;
case 'K':
if (MaxQueueAge > 0)
{
time_t lasttry, delay;
lasttry = (time_t) atol(&lbuf[1]);
delay = MIN(lasttry - w->w_ctime,
MaxQueueAge);
age = curtime() - lasttry;
if (age < delay)
w->w_tooyoung = true;
break;
}
age = curtime() - (time_t) atol(&lbuf[1]);
if (age >= 0 && MinQueueAge > 0 &&
age < MinQueueAge)
w->w_tooyoung = true;
break;
case 'N':
if (atol(&lbuf[1]) == 0)
w->w_tooyoung = false;
break;
}
}
if (cf != NULL)
(void) sm_io_close(cf, SM_TIME_DEFAULT);
if ((!doall && (shouldqueue(w->w_pri, w->w_ctime) ||
w->w_tooyoung)) ||
bitset(HAS_QUARANTINE, i) ||
bitset(NEED_QUARANTINE, i) ||
bitset(NEED_R|NEED_S, i))
{
/* don't even bother sorting this job in */
if (tTd(41, 49))
sm_dprintf("skipping %s (%x)\n", w->w_name, i);
sm_free(w->w_name); /* XXX */
if (w->w_host != NULL)
sm_free(w->w_host); /* XXX */
wn--;
}
else
++num_ent;
}
(void) closedir(f);
wn++;
i = wn - WorkListCount;
WorkListCount += SM_MIN(num_ent, WorkListSize);
if (more != NULL)
*more = WorkListCount < wn;
if (full != NULL)
*full = (wn >= MaxQueueRun && MaxQueueRun > 0) ||
(WorkList == NULL && wn > 0);
if (pnentries != NULL)
*pnentries = nentries;
return i;
}
/*
** SORTQ -- sort the work list
**
** First the old WorkQ is cleared away. Then the WorkList is sorted
** for all items so that important (higher sorting value) items are not
** truncated off. Then the most important items are moved from
** WorkList to WorkQ. The lower count of 'max' or MaxListCount items
** are moved.
**
** Parameters:
** max -- maximum number of items to be placed in WorkQ
**
** Returns:
** the number of items in WorkQ
**
** Side Effects:
** WorkQ gets released and filled with new work. WorkList
** gets released. Work items get sorted in order.
*/
static int
sortq(max)
int max;
{
register int i; /* local counter */
register WORK *w; /* tmp item pointer */
int wc = WorkListCount; /* trim size for WorkQ */
if (WorkQ != NULL)
{
WORK *nw;
/* Clear out old WorkQ. */
for (w = WorkQ; w != NULL; w = nw)
{
nw = w->w_next;
sm_free(w->w_name); /* XXX */
if (w->w_host != NULL)
sm_free(w->w_host); /* XXX */
sm_free((char *) w); /* XXX */
}
WorkQ = NULL;
}
if (WorkList == NULL || wc <= 0)
return 0;
/*
** The sort now takes place using all of the items in WorkList.
** The list gets trimmed to the most important items after the sort.
** If the trim were to happen before the sort then one or more
** important items might get truncated off -- not what we want.
*/
if (QueueSortOrder == QSO_BYHOST)
{
/*
** Sort the work directory for the first time,
** based on host name, lock status, and priority.
*/
qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf1);
/*
** If one message to host is locked, "lock" all messages
** to that host.
*/
i = 0;
while (i < wc)
{
if (!WorkList[i].w_lock)
{
i++;
continue;
}
w = &WorkList[i];
while (++i < wc)
{
if (WorkList[i].w_host == NULL &&
w->w_host == NULL)
WorkList[i].w_lock = true;
else if (WorkList[i].w_host != NULL &&
w->w_host != NULL &&
sm_strcasecmp(WorkList[i].w_host,
w->w_host) == 0)
WorkList[i].w_lock = true;
else
break;
}
}
/*
** Sort the work directory for the second time,
** based on lock status, host name, and priority.
*/
qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf2);
}
else if (QueueSortOrder == QSO_BYTIME)
{
/*
** Simple sort based on submission time only.
*/
qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf3);
}
else if (QueueSortOrder == QSO_BYFILENAME)
{
/*
** Sort based on queue filename.
*/
qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf4);
}
else if (QueueSortOrder == QSO_RANDOM)
{
/*
** Sort randomly. To avoid problems with an instable sort,
** use a random index into the queue file name to start
** comparison.
*/
randi = get_rand_mod(MAXQFNAME);
if (randi < 2)
randi = 3;
qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf5);
}
else if (QueueSortOrder == QSO_BYMODTIME)
{
/*
** Simple sort based on modification time of queue file.
** This puts the oldest items first.
*/
qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf6);
}
#if _FFR_RHS
else if (QueueSortOrder == QSO_BYSHUFFLE)
{
/*
** Simple sort based on shuffled host name.
*/
init_shuffle_alphabet();
qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf7);
}
#endif /* _FFR_RHS */
else if (QueueSortOrder == QSO_BYPRIORITY)
{
/*
** Simple sort based on queue priority only.
*/
qsort((char *) WorkList, wc, sizeof(*WorkList), workcmpf0);
}
/* else don't sort at all */
/* Check if the per queue group item limit will be exceeded */
if (wc > max && max > 0)
wc = max;
/*
** Convert the work list into canonical form.
** Should be turning it into a list of envelopes here perhaps.
** Only take the most important items up to the per queue group
** maximum.
*/
for (i = wc; --i >= 0; )
{
w = (WORK *) xalloc(sizeof(*w));
w->w_qgrp = WorkList[i].w_qgrp;
w->w_qdir = WorkList[i].w_qdir;
w->w_name = WorkList[i].w_name;
w->w_host = WorkList[i].w_host;
w->w_lock = WorkList[i].w_lock;
w->w_tooyoung = WorkList[i].w_tooyoung;
w->w_pri = WorkList[i].w_pri;
w->w_ctime = WorkList[i].w_ctime;
w->w_mtime = WorkList[i].w_mtime;
w->w_next = WorkQ;
WorkQ = w;
}
/* free the rest of the list */
for (i = WorkListCount; --i >= wc; )
{
sm_free(WorkList[i].w_name);
if (WorkList[i].w_host != NULL)
sm_free(WorkList[i].w_host);
}
if (WorkList != NULL)
sm_free(WorkList); /* XXX */
WorkList = NULL;
WorkListSize = 0;
WorkListCount = 0;
if (tTd(40, 1))
{
for (w = WorkQ; w != NULL; w = w->w_next)
{
if (w->w_host != NULL)
sm_dprintf("%22s: pri=%ld %s\n",
w->w_name, w->w_pri, w->w_host);
else
sm_dprintf("%32s: pri=%ld\n",
w->w_name, w->w_pri);
}
}
return wc; /* return number of WorkQ items */
}
/*
** GROW_WLIST -- make the work list larger
**
** Parameters:
** qgrp -- the index for the queue group.
** qdir -- the index for the queue directory.
**
** Returns:
** none.
**
** Side Effects:
** Adds another QUEUESEGSIZE entries to WorkList if possible.
** It can fail if there isn't enough memory, so WorkListSize
** should be checked again upon return.
*/
static void
grow_wlist(qgrp, qdir)
int qgrp;
int qdir;
{
if (tTd(41, 1))
sm_dprintf("grow_wlist: WorkListSize=%d\n", WorkListSize);
if (WorkList == NULL)
{
WorkList = (WORK *) xalloc((sizeof(*WorkList)) *
(QUEUESEGSIZE + 1));
WorkListSize = QUEUESEGSIZE;
}
else
{
int newsize = WorkListSize + QUEUESEGSIZE;
WORK *newlist = (WORK *) sm_realloc((char *) WorkList,
(unsigned) sizeof(WORK) * (newsize + 1));
if (newlist != NULL)
{
WorkListSize = newsize;
WorkList = newlist;
if (LogLevel > 1)
{
sm_syslog(LOG_INFO, NOQID,
"grew WorkList for %s to %d",
qid_printqueue(qgrp, qdir),
WorkListSize);
}
}
else if (LogLevel > 0)
{
sm_syslog(LOG_ALERT, NOQID,
"FAILED to grow WorkList for %s to %d",
qid_printqueue(qgrp, qdir), newsize);
}
}
if (tTd(41, 1))
sm_dprintf("grow_wlist: WorkListSize now %d\n", WorkListSize);
}
/*
** WORKCMPF0 -- simple priority-only compare function.
**
** Parameters:
** a -- the first argument.
** b -- the second argument.
**
** Returns:
** -1 if a < b
** 0 if a == b
** +1 if a > b
**
*/
static int
workcmpf0(a, b)
register WORK *a;
register WORK *b;
{
long pa = a->w_pri;
long pb = b->w_pri;
if (pa == pb)
return 0;
else if (pa > pb)
return 1;
else
return -1;
}
/*
** WORKCMPF1 -- first compare function for ordering work based on host name.
**
** Sorts on host name, lock status, and priority in that order.
**
** Parameters:
** a -- the first argument.
** b -- the second argument.
**
** Returns:
** <0 if a < b
** 0 if a == b
** >0 if a > b
**
*/
static int
workcmpf1(a, b)
register WORK *a;
register WORK *b;
{
int i;
/* host name */
if (a->w_host != NULL && b->w_host == NULL)
return 1;
else if (a->w_host == NULL && b->w_host != NULL)
return -1;
if (a->w_host != NULL && b->w_host != NULL &&
(i = sm_strcasecmp(a->w_host, b->w_host)) != 0)
return i;
/* lock status */
if (a->w_lock != b->w_lock)
return b->w_lock - a->w_lock;
/* job priority */
return workcmpf0(a, b);
}
/*
** WORKCMPF2 -- second compare function for ordering work based on host name.
**
** Sorts on lock status, host name, and priority in that order.
**
** Parameters:
** a -- the first argument.
** b -- the second argument.
**
** Returns:
** <0 if a < b
** 0 if a == b
** >0 if a > b
**
*/
static int
workcmpf2(a, b)
register WORK *a;
register WORK *b;
{
int i;
/* lock status */
if (a->w_lock != b->w_lock)
return a->w_lock - b->w_lock;
/* host name */
if (a->w_host != NULL && b->w_host == NULL)
return 1;
else if (a->w_host == NULL && b->w_host != NULL)
return -1;
if (a->w_host != NULL && b->w_host != NULL &&
(i = sm_strcasecmp(a->w_host, b->w_host)) != 0)
return i;
/* job priority */
return workcmpf0(a, b);
}
/*
** WORKCMPF3 -- simple submission-time-only compare function.
**
** Parameters:
** a -- the first argument.
** b -- the second argument.
**
** Returns:
** -1 if a < b
** 0 if a == b
** +1 if a > b
**
*/
static int
workcmpf3(a, b)
register WORK *a;
register WORK *b;
{
if (a->w_ctime > b->w_ctime)
return 1;
else if (a->w_ctime < b->w_ctime)
return -1;
else
return 0;
}
/*
** WORKCMPF4 -- compare based on file name
**
** Parameters:
** a -- the first argument.
** b -- the second argument.
**
** Returns:
** -1 if a < b
** 0 if a == b
** +1 if a > b
**
*/
static int
workcmpf4(a, b)
register WORK *a;
register WORK *b;
{
return strcmp(a->w_name, b->w_name);
}
/*
** WORKCMPF5 -- compare based on assigned random number
**
** Parameters:
** a -- the first argument.
** b -- the second argument.
**
** Returns:
** randomly 1/-1
*/
/* ARGSUSED0 */
static int
workcmpf5(a, b)
register WORK *a;
register WORK *b;
{
if (strlen(a->w_name) < randi || strlen(b->w_name) < randi)
return -1;
return a->w_name[randi] - b->w_name[randi];
}
/*
** WORKCMPF6 -- simple modification-time-only compare function.
**
** Parameters:
** a -- the first argument.
** b -- the second argument.
**
** Returns:
** -1 if a < b
** 0 if a == b
** +1 if a > b
**
*/
static int
workcmpf6(a, b)
register WORK *a;
register WORK *b;
{
if (a->w_mtime > b->w_mtime)
return 1;
else if (a->w_mtime < b->w_mtime)
return -1;
else
return 0;
}
#if _FFR_RHS
/*
** WORKCMPF7 -- compare function for ordering work based on shuffled host name.
**
** Sorts on lock status, host name, and priority in that order.
**
** Parameters:
** a -- the first argument.
** b -- the second argument.
**
** Returns:
** <0 if a < b
** 0 if a == b
** >0 if a > b
**
*/
static int
workcmpf7(a, b)
register WORK *a;
register WORK *b;
{
int i;
/* lock status */
if (a->w_lock != b->w_lock)
return a->w_lock - b->w_lock;
/* host name */
if (a->w_host != NULL && b->w_host == NULL)
return 1;
else if (a->w_host == NULL && b->w_host != NULL)
return -1;
if (a->w_host != NULL && b->w_host != NULL &&
(i = sm_strshufflecmp(a->w_host, b->w_host)) != 0)
return i;
/* job priority */
return workcmpf0(a, b);
}
#endif /* _FFR_RHS */
/*
** STRREV -- reverse string
**
** Returns a pointer to a new string that is the reverse of
** the string pointed to by fwd. The space for the new
** string is obtained using xalloc().
**
** Parameters:
** fwd -- the string to reverse.
**
** Returns:
** the reversed string.
*/
static char *
strrev(fwd)
char *fwd;
{
char *rev = NULL;
int len, cnt;
len = strlen(fwd);
rev = xalloc(len + 1);
for (cnt = 0; cnt < len; ++cnt)
rev[cnt] = fwd[len - cnt - 1];
rev[len] = '\0';
return rev;
}
#if _FFR_RHS
# define NASCII 128
# define NCHAR 256
static unsigned char ShuffledAlphabet[NCHAR];
void
init_shuffle_alphabet()
{
static bool init = false;
int i;
if (init)
return;
/* fill the ShuffledAlphabet */
for (i = 0; i < NASCII; i++)
ShuffledAlphabet[i] = i;
/* mix it */
for (i = 1; i < NASCII; i++)
{
register int j = get_random() % NASCII;
register int tmp;
tmp = ShuffledAlphabet[j];
ShuffledAlphabet[j] = ShuffledAlphabet[i];
ShuffledAlphabet[i] = tmp;
}
/* make it case insensitive */
for (i = 'A'; i <= 'Z'; i++)
ShuffledAlphabet[i] = ShuffledAlphabet[i + 'a' - 'A'];
/* fill the upper part */
for (i = 0; i < NASCII; i++)
ShuffledAlphabet[i + NASCII] = ShuffledAlphabet[i];
init = true;
}
static int
sm_strshufflecmp(a, b)
char *a;
char *b;
{
const unsigned char *us1 = (const unsigned char *) a;
const unsigned char *us2 = (const unsigned char *) b;
while (ShuffledAlphabet[*us1] == ShuffledAlphabet[*us2++])
{
if (*us1++ == '\0')
return 0;
}
return (ShuffledAlphabet[*us1] - ShuffledAlphabet[*--us2]);
}
#endif /* _FFR_RHS */
/*
** DOWORK -- do a work request.
**
** Parameters:
** qgrp -- the index of the queue group for the job.
** qdir -- the index of the queue directory for the job.
** id -- the ID of the job to run.
** forkflag -- if set, run this in background.
** requeueflag -- if set, reinstantiate the queue quickly.
** This is used when expanding aliases in the queue.
** If forkflag is also set, it doesn't wait for the
** child.
** e - the envelope in which to run it.
**
** Returns:
** process id of process that is running the queue job.
**
** Side Effects:
** The work request is satisfied if possible.
*/
pid_t
dowork(qgrp, qdir, id, forkflag, requeueflag, e)
int qgrp;
int qdir;
char *id;
bool forkflag;
bool requeueflag;
register ENVELOPE *e;
{
register pid_t pid;
SM_RPOOL_T *rpool;
if (tTd(40, 1))
sm_dprintf("dowork(%s/%s)\n", qid_printqueue(qgrp, qdir), id);
/*
** Fork for work.
*/
if (forkflag)
{
/*
** Since the delivery may happen in a child and the
** parent does not wait, the parent may close the
** maps thereby removing any shared memory used by
** the map. Therefore, close the maps now so the
** child will dynamically open them if necessary.
*/
closemaps(false);
pid = fork();
if (pid < 0)
{
syserr("dowork: cannot fork");
return 0;
}
else if (pid > 0)
{
/* parent -- clean out connection cache */
mci_flush(false, NULL);
}
else
{
/*
** Initialize exception stack and default exception
** handler for child process.
*/
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
CurrentPid = getpid();
sm_exc_newthread(fatal_error);
/*
** See note above about SMTP processes and SIGCHLD.
*/
if (OpMode == MD_SMTP ||
OpMode == MD_DAEMON ||
MaxQueueChildren > 0)
{
proc_list_clear();
sm_releasesignal(SIGCHLD);
(void) sm_signal(SIGCHLD, SIG_DFL);
}
/* child -- error messages to the transcript */
QuickAbort = OnlyOneError = false;
}
}
else
{
pid = 0;
}
if (pid == 0)
{
/*
** CHILD
** Lock the control file to avoid duplicate deliveries.
** Then run the file as though we had just read it.
** We save an idea of the temporary name so we
** can recover on interrupt.
*/
if (forkflag)
{
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
}
/* set basic modes, etc. */
sm_clear_events();
clearstats();
rpool = sm_rpool_new_x(NULL);
clearenvelope(e, false, rpool);
e->e_flags |= EF_QUEUERUN|EF_GLOBALERRS;
set_delivery_mode(SM_DELIVER, e);
e->e_errormode = EM_MAIL;
e->e_id = id;
e->e_qgrp = qgrp;
e->e_qdir = qdir;
GrabTo = UseErrorsTo = false;
ExitStat = EX_OK;
if (forkflag)
{
disconnect(1, e);
set_op_mode(MD_QUEUERUN);
}
sm_setproctitle(true, e, "%s from queue", qid_printname(e));
if (LogLevel > 76)
sm_syslog(LOG_DEBUG, e->e_id, "dowork, pid=%d",
(int) CurrentPid);
/* don't use the headers from sendmail.cf... */
e->e_header = NULL;
/* read the queue control file -- return if locked */
if (!readqf(e, false))
{
if (tTd(40, 4) && e->e_id != NULL)
sm_dprintf("readqf(%s) failed\n",
qid_printname(e));
e->e_id = NULL;
if (forkflag)
finis(false, true, EX_OK);
else
{
/* adding this frees 8 bytes */
clearenvelope(e, false, rpool);
/* adding this frees 12 bytes */
sm_rpool_free(rpool);
e->e_rpool = NULL;
return 0;
}
}
e->e_flags |= EF_INQUEUE;
eatheader(e, requeueflag, true);
if (requeueflag)
queueup(e, false, false);
/* do the delivery */
sendall(e, SM_DELIVER);
/* finish up and exit */
if (forkflag)
finis(true, true, ExitStat);
else
{
(void) dropenvelope(e, true, false);
sm_rpool_free(rpool);
e->e_rpool = NULL;
e->e_message = NULL;
}
}
e->e_id = NULL;
return pid;
}
/*
** DOWORKLIST -- process a list of envelopes as work requests
**
** Similar to dowork(), except that after forking, it processes an
** envelope and its siblings, treating each envelope as a work request.
**
** Parameters:
** el -- envelope to be processed including its siblings.
** forkflag -- if set, run this in background.
** requeueflag -- if set, reinstantiate the queue quickly.
** This is used when expanding aliases in the queue.
** If forkflag is also set, it doesn't wait for the
** child.
**
** Returns:
** process id of process that is running the queue job.
**
** Side Effects:
** The work request is satisfied if possible.
*/
pid_t
doworklist(el, forkflag, requeueflag)
ENVELOPE *el;
bool forkflag;
bool requeueflag;
{
register pid_t pid;
ENVELOPE *ei;
if (tTd(40, 1))
sm_dprintf("doworklist()\n");
/*
** Fork for work.
*/
if (forkflag)
{
/*
** Since the delivery may happen in a child and the
** parent does not wait, the parent may close the
** maps thereby removing any shared memory used by
** the map. Therefore, close the maps now so the
** child will dynamically open them if necessary.
*/
closemaps(false);
pid = fork();
if (pid < 0)
{
syserr("doworklist: cannot fork");
return 0;
}
else if (pid > 0)
{
/* parent -- clean out connection cache */
mci_flush(false, NULL);
}
else
{
/*
** Initialize exception stack and default exception
** handler for child process.
*/
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
CurrentPid = getpid();
sm_exc_newthread(fatal_error);
/*
** See note above about SMTP processes and SIGCHLD.
*/
if (OpMode == MD_SMTP ||
OpMode == MD_DAEMON ||
MaxQueueChildren > 0)
{
proc_list_clear();
sm_releasesignal(SIGCHLD);
(void) sm_signal(SIGCHLD, SIG_DFL);
}
/* child -- error messages to the transcript */
QuickAbort = OnlyOneError = false;
}
}
else
{
pid = 0;
}
if (pid != 0)
return pid;
/*
** IN CHILD
** Lock the control file to avoid duplicate deliveries.
** Then run the file as though we had just read it.
** We save an idea of the temporary name so we
** can recover on interrupt.
*/
if (forkflag)
{
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
}
/* set basic modes, etc. */
sm_clear_events();
clearstats();
GrabTo = UseErrorsTo = false;
ExitStat = EX_OK;
if (forkflag)
{
disconnect(1, el);
set_op_mode(MD_QUEUERUN);
}
if (LogLevel > 76)
sm_syslog(LOG_DEBUG, el->e_id, "doworklist, pid=%d",
(int) CurrentPid);
for (ei = el; ei != NULL; ei = ei->e_sibling)
{
ENVELOPE e;
SM_RPOOL_T *rpool;
if (WILL_BE_QUEUED(ei->e_sendmode))
continue;
else if (QueueMode != QM_QUARANTINE &&
ei->e_quarmsg != NULL)
continue;
rpool = sm_rpool_new_x(NULL);
clearenvelope(&e, true, rpool);
e.e_flags |= EF_QUEUERUN|EF_GLOBALERRS;
set_delivery_mode(SM_DELIVER, &e);
e.e_errormode = EM_MAIL;
e.e_id = ei->e_id;
e.e_qgrp = ei->e_qgrp;
e.e_qdir = ei->e_qdir;
openxscript(&e);
sm_setproctitle(true, &e, "%s from queue", qid_printname(&e));
/* don't use the headers from sendmail.cf... */
e.e_header = NULL;
CurEnv = &e;
/* read the queue control file -- return if locked */
if (readqf(&e, false))
{
e.e_flags |= EF_INQUEUE;
eatheader(&e, requeueflag, true);
if (requeueflag)
queueup(&e, false, false);
/* do the delivery */
sendall(&e, SM_DELIVER);
(void) dropenvelope(&e, true, false);
}
else
{
if (tTd(40, 4) && e.e_id != NULL)
sm_dprintf("readqf(%s) failed\n",
qid_printname(&e));
}
sm_rpool_free(rpool);
ei->e_id = NULL;
}
/* restore CurEnv */
CurEnv = el;
/* finish up and exit */
if (forkflag)
finis(true, true, ExitStat);
return 0;
}
/*
** READQF -- read queue file and set up environment.
**
** Parameters:
** e -- the envelope of the job to run.
** openonly -- only open the qf (returned as e_lockfp)
**
** Returns:
** true if it successfully read the queue file.
** false otherwise.
**
** Side Effects:
** The queue file is returned locked.
*/
static bool
readqf(e, openonly)
register ENVELOPE *e;
bool openonly;
{
register SM_FILE_T *qfp;
ADDRESS *ctladdr;
struct stat st, stf;
char *bp;
int qfver = 0;
long hdrsize = 0;
register char *p;
char *frcpt = NULL;
char *orcpt = NULL;
bool nomore = false;
bool bogus = false;
MODE_T qsafe;
char *err;
char qf[MAXPATHLEN];
char buf[MAXLINE];
int bufsize;
/*
** Read and process the file.
*/
SM_REQUIRE(e != NULL);
bp = NULL;
(void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER), sizeof(qf));
qfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDWR_B, NULL);
if (qfp == NULL)
{
int save_errno = errno;
if (tTd(40, 8))
sm_dprintf("readqf(%s): sm_io_open failure (%s)\n",
qf, sm_errstring(errno));
errno = save_errno;
if (errno != ENOENT
)
syserr("readqf: no control file %s", qf);
RELEASE_QUEUE;
return false;
}
if (!lockfile(sm_io_getinfo(qfp, SM_IO_WHAT_FD, NULL), qf, NULL,
LOCK_EX|LOCK_NB))
{
/* being processed by another queuer */
if (Verbose)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%s: locked\n", e->e_id);
if (tTd(40, 8))
sm_dprintf("%s: locked\n", e->e_id);
if (LogLevel > 19)
sm_syslog(LOG_DEBUG, e->e_id, "locked");
(void) sm_io_close(qfp, SM_TIME_DEFAULT);
RELEASE_QUEUE;
return false;
}
RELEASE_QUEUE;
/*
** Prevent locking race condition.
**
** Process A: readqf(): qfp = fopen(qffile)
** Process B: queueup(): rename(tf, qf)
** Process B: unlocks(tf)
** Process A: lockfile(qf);
**
** Process A (us) has the old qf file (before the rename deleted
** the directory entry) and will be delivering based on old data.
** This can lead to multiple deliveries of the same recipients.
**
** Catch this by checking if the underlying qf file has changed
** *after* acquiring our lock and if so, act as though the file
** was still locked (i.e., just return like the lockfile() case
** above.
*/
if (stat(qf, &stf) < 0 ||
fstat(sm_io_getinfo(qfp, SM_IO_WHAT_FD, NULL), &st) < 0)
{
/* must have been being processed by someone else */
if (tTd(40, 8))
sm_dprintf("readqf(%s): [f]stat failure (%s)\n",
qf, sm_errstring(errno));
(void) sm_io_close(qfp, SM_TIME_DEFAULT);
return false;
}
if (st.st_nlink != stf.st_nlink ||
st.st_dev != stf.st_dev ||
ST_INODE(st) != ST_INODE(stf) ||
#if HAS_ST_GEN && 0 /* AFS returns garbage in st_gen */
st.st_gen != stf.st_gen ||
-#endif /* HAS_ST_GEN && 0 */
+#endif
st.st_uid != stf.st_uid ||
st.st_gid != stf.st_gid ||
st.st_size != stf.st_size)
{
/* changed after opened */
if (Verbose)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%s: changed\n", e->e_id);
if (tTd(40, 8))
sm_dprintf("%s: changed\n", e->e_id);
if (LogLevel > 19)
sm_syslog(LOG_DEBUG, e->e_id, "changed");
(void) sm_io_close(qfp, SM_TIME_DEFAULT);
return false;
}
/*
** Check the queue file for plausibility to avoid attacks.
*/
qsafe = S_IWOTH|S_IWGRP;
if (bitset(S_IWGRP, QueueFileMode))
qsafe &= ~S_IWGRP;
bogus = st.st_uid != geteuid() &&
st.st_uid != TrustedUid &&
geteuid() != RealUid;
/*
** If this qf file results from a set-group-ID binary, then
** we check whether the directory is group-writable,
** the queue file mode contains the group-writable bit, and
** the groups are the same.
** Notice: this requires that the set-group-ID binary is used to
** run the queue!
*/
if (bogus && st.st_gid == getegid() && UseMSP)
{
char delim;
struct stat dst;
bp = SM_LAST_DIR_DELIM(qf);
if (bp == NULL)
delim = '\0';
else
{
delim = *bp;
*bp = '\0';
}
if (stat(delim == '\0' ? "." : qf, &dst) < 0)
syserr("readqf: cannot stat directory %s",
delim == '\0' ? "." : qf);
else
{
bogus = !(bitset(S_IWGRP, QueueFileMode) &&
bitset(S_IWGRP, dst.st_mode) &&
dst.st_gid == st.st_gid);
}
if (delim != '\0')
*bp = delim;
bp = NULL;
}
if (!bogus)
bogus = bitset(qsafe, st.st_mode);
if (bogus)
{
if (LogLevel > 0)
{
sm_syslog(LOG_ALERT, e->e_id,
"bogus queue file, uid=%ld, gid=%ld, mode=%o",
(long) st.st_uid, (long) st.st_gid,
(unsigned int) st.st_mode);
}
if (tTd(40, 8))
sm_dprintf("readqf(%s): bogus file\n", qf);
e->e_flags |= EF_INQUEUE;
if (!openonly)
loseqfile(e, "bogus file uid/gid in mqueue");
(void) sm_io_close(qfp, SM_TIME_DEFAULT);
return false;
}
if (st.st_size == 0)
{
/* must be a bogus file -- if also old, just remove it */
if (!openonly && st.st_ctime + 10 * 60 < curtime())
{
(void) xunlink(queuename(e, DATAFL_LETTER));
(void) xunlink(queuename(e, ANYQFL_LETTER));
}
(void) sm_io_close(qfp, SM_TIME_DEFAULT);
return false;
}
if (st.st_nlink == 0)
{
/*
** Race condition -- we got a file just as it was being
** unlinked. Just assume it is zero length.
*/
(void) sm_io_close(qfp, SM_TIME_DEFAULT);
return false;
}
#if _FFR_TRUSTED_QF
/*
** If we don't own the file mark it as unsafe.
** However, allow TrustedUser to own it as well
** in case TrustedUser manipulates the queue.
*/
if (st.st_uid != geteuid() && st.st_uid != TrustedUid)
e->e_flags |= EF_UNSAFE;
#else /* _FFR_TRUSTED_QF */
/* If we don't own the file mark it as unsafe */
if (st.st_uid != geteuid())
e->e_flags |= EF_UNSAFE;
#endif /* _FFR_TRUSTED_QF */
/* good file -- save this lock */
e->e_lockfp = qfp;
/* Just wanted the open file */
if (openonly)
return true;
/* do basic system initialization */
initsys(e);
macdefine(&e->e_macro, A_PERM, 'i', e->e_id);
LineNumber = 0;
e->e_flags |= EF_GLOBALERRS;
set_op_mode(MD_QUEUERUN);
ctladdr = NULL;
e->e_qfletter = queue_letter(e, ANYQFL_LETTER);
e->e_dfqgrp = e->e_qgrp;
e->e_dfqdir = e->e_qdir;
#if _FFR_QUEUE_MACRO
macdefine(&e->e_macro, A_TEMP, macid("{queue}"),
qid_printqueue(e->e_qgrp, e->e_qdir));
-#endif /* _FFR_QUEUE_MACRO */
+#endif
e->e_dfino = -1;
e->e_msgsize = -1;
while (bufsize = sizeof(buf),
(bp = fgetfolded(buf, &bufsize, qfp)) != NULL)
{
unsigned long qflags;
ADDRESS *q;
int r;
time_t now;
auto char *ep;
if (tTd(40, 4))
sm_dprintf("+++++ %s\n", bp);
if (nomore)
{
/* hack attack */
hackattack:
syserr("SECURITY ALERT: extra or bogus data in queue file: %s",
bp);
err = "bogus queue line";
goto fail;
}
switch (bp[0])
{
case 'A': /* AUTH= parameter */
if (!xtextok(&bp[1]))
goto hackattack;
e->e_auth_param = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
break;
case 'B': /* body type */
r = check_bodytype(&bp[1]);
if (!BODYTYPE_VALID(r))
goto hackattack;
e->e_bodytype = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
break;
case 'C': /* specify controlling user */
ctladdr = setctluser(&bp[1], qfver, e);
break;
case 'D': /* data file name */
/* obsolete -- ignore */
break;
case 'd': /* data file directory name */
{
int qgrp, qdir;
#if _FFR_MSP_PARANOIA
/* forbid queue groups in MSP? */
if (UseMSP)
goto hackattack;
-#endif /* _FFR_MSP_PARANOIA */
+#endif
for (qgrp = 0;
qgrp < NumQueue && Queue[qgrp] != NULL;
++qgrp)
{
for (qdir = 0;
qdir < Queue[qgrp]->qg_numqueues;
++qdir)
{
if (strcmp(&bp[1],
Queue[qgrp]->qg_qpaths[qdir].qp_name)
== 0)
{
e->e_dfqgrp = qgrp;
e->e_dfqdir = qdir;
goto done;
}
}
}
err = "bogus queue file directory";
goto fail;
done:
break;
}
case 'E': /* specify error recipient */
/* no longer used */
break;
case 'F': /* flag bits */
if (strncmp(bp, "From ", 5) == 0)
{
/* we are being spoofed! */
syserr("SECURITY ALERT: bogus qf line %s", bp);
err = "bogus queue line";
goto fail;
}
for (p = &bp[1]; *p != '\0'; p++)
{
switch (*p)
{
case '8': /* has 8 bit data */
e->e_flags |= EF_HAS8BIT;
break;
case 'b': /* delete Bcc: header */
e->e_flags |= EF_DELETE_BCC;
break;
case 'd': /* envelope has DSN RET= */
e->e_flags |= EF_RET_PARAM;
break;
case 'n': /* don't return body */
e->e_flags |= EF_NO_BODY_RETN;
break;
case 'r': /* response */
e->e_flags |= EF_RESPONSE;
break;
case 's': /* split */
e->e_flags |= EF_SPLIT;
break;
case 'w': /* warning sent */
e->e_flags |= EF_WARNING;
break;
+
+#if _FFR_EAI
+ case 'e': /* message requires EAI */
+ e->e_smtputf8 = true;
+ break;
+#endif /* _FFR_EAI */
}
}
break;
case 'q': /* quarantine reason */
e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
macdefine(&e->e_macro, A_PERM,
macid("{quarantine}"), e->e_quarmsg);
break;
case 'H': /* header */
/*
** count size before chompheader() destroys the line.
** this isn't accurate due to macro expansion, but
** better than before. "-3" to skip H?? at least.
*/
hdrsize += strlen(bp) - 3;
(void) chompheader(&bp[1], CHHDR_QUEUE, NULL, e);
break;
case 'I': /* data file's inode number */
/* regenerated below */
break;
case 'K': /* time of last delivery attempt */
e->e_dtime = atol(&buf[1]);
break;
case 'L': /* Solaris Content-Length: */
case 'M': /* message */
/* ignore this; we want a new message next time */
break;
case 'N': /* number of delivery attempts */
e->e_ntries = atoi(&buf[1]);
/* if this has been tried recently, let it be */
now = curtime();
if (e->e_ntries > 0 && e->e_dtime <= now &&
now < e->e_dtime + MinQueueAge)
{
char *howlong;
howlong = pintvl(now - e->e_dtime, true);
if (Verbose)
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"%s: too young (%s)\n",
e->e_id, howlong);
if (tTd(40, 8))
sm_dprintf("%s: too young (%s)\n",
e->e_id, howlong);
if (LogLevel > 19)
sm_syslog(LOG_DEBUG, e->e_id,
"too young (%s)",
howlong);
e->e_id = NULL;
unlockqueue(e);
if (bp != buf)
sm_free(bp);
return false;
}
macdefine(&e->e_macro, A_TEMP,
macid("{ntries}"), &buf[1]);
#if NAMED_BIND
/* adjust BIND parameters immediately */
if (e->e_ntries == 0)
{
_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
}
else
{
_res.retry = TimeOuts.res_retry[RES_TO_NORMAL];
_res.retrans = TimeOuts.res_retrans[RES_TO_NORMAL];
}
#endif /* NAMED_BIND */
break;
case 'P': /* message priority */
e->e_msgpriority = atol(&bp[1]) + WkTimeFact;
break;
case 'Q': /* original recipient */
orcpt = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
break;
case 'r': /* final recipient */
frcpt = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
break;
case 'R': /* specify recipient */
p = bp;
qflags = 0;
if (qfver >= 1)
{
/* get flag bits */
while (*++p != '\0' && *p != ':')
{
switch (*p)
{
case 'N':
qflags |= QHASNOTIFY;
break;
case 'S':
qflags |= QPINGONSUCCESS;
break;
case 'F':
qflags |= QPINGONFAILURE;
break;
case 'D':
qflags |= QPINGONDELAY;
break;
case 'P':
qflags |= QPRIMARY;
break;
case 'A':
if (ctladdr != NULL)
ctladdr->q_flags |= QALIAS;
break;
case 'B':
qflags |= QINTBCC;
break;
case QDYNMAILFLG:
qflags |= QDYNMAILER;
break;
default: /* ignore or complain? */
break;
}
}
}
else
qflags |= QPRIMARY;
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"),
((qflags & QINTBCC) != 0) ? "e b" : "e r");
if (*p != '\0')
q = parseaddr(++p, NULLADDR, RF_COPYALL, '\0',
NULL, e, true);
else
q = NULL;
if (q != NULL)
{
/* make sure we keep the current qgrp */
if (ISVALIDQGRP(e->e_qgrp))
q->q_qgrp = e->e_qgrp;
q->q_alias = ctladdr;
if (qfver >= 1)
q->q_flags &= ~Q_PINGFLAGS;
q->q_flags |= qflags;
q->q_finalrcpt = frcpt;
q->q_orcpt = orcpt;
#if _FFR_RCPTFLAGS
if (bitset(QDYNMAILER, qflags))
newmodmailer(q, QDYNMAILFLG);
#endif
(void) recipient(q, &e->e_sendqueue, 0, e);
}
frcpt = NULL;
orcpt = NULL;
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"),
NULL);
break;
case 'S': /* sender */
setsender(sm_rpool_strdup_x(e->e_rpool, &bp[1]),
e, NULL, '\0', true);
break;
case 'T': /* init time */
e->e_ctime = atol(&bp[1]);
break;
case 'V': /* queue file version number */
qfver = atoi(&bp[1]);
if (qfver <= QF_VERSION)
break;
syserr("Version number in queue file (%d) greater than max (%d)",
qfver, QF_VERSION);
err = "unsupported queue file version";
goto fail;
/* NOTREACHED */
break;
case 'Z': /* original envelope id from ESMTP */
e->e_envid = sm_rpool_strdup_x(e->e_rpool, &bp[1]);
macdefine(&e->e_macro, A_PERM,
macid("{dsn_envid}"), e->e_envid);
break;
case '!': /* deliver by */
/* format: flag (1 char) space long-integer */
e->e_dlvr_flag = buf[1];
e->e_deliver_by = strtol(&buf[3], NULL, 10);
case '$': /* define macro */
{
- char *p;
-
- /* XXX elimate p? */
r = macid_parse(&bp[1], &ep);
if (r == 0)
break;
- p = sm_rpool_strdup_x(e->e_rpool, ep);
- macdefine(&e->e_macro, A_PERM, r, p);
+ macdefine(&e->e_macro, A_PERM, r,
+ sm_rpool_strdup_x(e->e_rpool, ep));
}
break;
case '.': /* terminate file */
nomore = true;
break;
default:
syserr("readqf: %s: line %d: bad line \"%s\"",
qf, LineNumber, shortenstring(bp, MAXSHORTSTR));
err = "unrecognized line";
goto fail;
}
if (bp != buf)
SM_FREE(bp);
}
/*
** If we haven't read any lines, this queue file is empty.
** Arrange to remove it without referencing any null pointers.
*/
if (LineNumber == 0)
{
errno = 0;
e->e_flags |= EF_CLRQUEUE|EF_FATALERRS|EF_RESPONSE;
return true;
}
/* Check to make sure we have a complete queue file read */
if (!nomore)
{
syserr("readqf: %s: incomplete queue file read", qf);
(void) sm_io_close(qfp, SM_TIME_DEFAULT);
return false;
}
#if _FFR_QF_PARANOIA
/* Check to make sure key fields were read */
if (e->e_from.q_mailer == NULL)
{
syserr("readqf: %s: sender not specified in queue file", qf);
(void) sm_io_close(qfp, SM_TIME_DEFAULT);
return false;
}
/* other checks? */
#endif /* _FFR_QF_PARANOIA */
+#if _FFR_EAI
+ /*
+ ** If this message originates from something other than
+ ** srvrsmtp.c, then it might use UTF8 addresses but not be
+ ** marked. We'll just add the mark so we're sure that it
+ ** either can be delivered or will be returned.
+ */
+
+ if (!e->e_smtputf8)
+ {
+ ADDRESS *q;
+
+ for (q = e->e_sendqueue; q != NULL; q = q->q_next)
+ if (!addr_is_ascii(q->q_paddr) && !e->e_smtputf8)
+ e->e_smtputf8 = true;
+ if (!addr_is_ascii(e->e_from.q_paddr) && !e->e_smtputf8)
+ e->e_smtputf8 = true;
+ }
+#endif /* _FFR_EAI */
+
/* possibly set ${dsn_ret} macro */
if (bitset(EF_RET_PARAM, e->e_flags))
{
if (bitset(EF_NO_BODY_RETN, e->e_flags))
macdefine(&e->e_macro, A_PERM,
macid("{dsn_ret}"), "hdrs");
else
macdefine(&e->e_macro, A_PERM,
macid("{dsn_ret}"), "full");
}
/*
** Arrange to read the data file.
*/
p = queuename(e, DATAFL_LETTER);
e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, p, SM_IO_RDONLY_B,
NULL);
if (e->e_dfp == NULL)
{
syserr("readqf: cannot open %s", p);
}
else
{
e->e_flags |= EF_HAS_DF;
if (fstat(sm_io_getinfo(e->e_dfp, SM_IO_WHAT_FD, NULL), &st)
>= 0)
{
e->e_msgsize = st.st_size + hdrsize;
e->e_dfdev = st.st_dev;
e->e_dfino = ST_INODE(st);
(void) sm_snprintf(buf, sizeof(buf), "%ld",
PRT_NONNEGL(e->e_msgsize));
macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"),
buf);
}
}
return true;
fail:
/*
** There was some error reading the qf file (reason is in err var.)
** Cleanup:
** close file; clear e_lockfp since it is the same as qfp,
** hence it is invalid (as file) after qfp is closed;
** the qf file is on disk, so set the flag to avoid calling
** queueup() with bogus data.
*/
if (bp != buf)
SM_FREE(bp);
if (qfp != NULL)
(void) sm_io_close(qfp, SM_TIME_DEFAULT);
e->e_lockfp = NULL;
e->e_flags |= EF_INQUEUE;
loseqfile(e, err);
return false;
}
/*
** PRTSTR -- print a string, "unprintable" characters are shown as \oct
**
** Parameters:
** s -- string to print
** ml -- maximum length of output
**
** Returns:
** number of entries
**
** Side Effects:
** Prints a string on stdout.
*/
static void prtstr __P((char *, int));
#if _FFR_BOUNCE_QUEUE
-# define SKIP_BOUNCE_QUEUE \
- if (i == BounceQueue) \
+# define IS_BOUNCE_QUEUE(i) ((i) == BounceQueue)
+# define SKIP_BOUNCE_QUEUE(i) \
+ if (IS_BOUNCE_QUEUE(i)) \
continue;
#else
-# define SKIP_BOUNCE_QUEUE
+# define IS_BOUNCE_QUEUE(i) false
+# define SKIP_BOUNCE_QUEUE(i)
#endif
static void
prtstr(s, ml)
char *s;
int ml;
{
int c;
if (s == NULL)
return;
while (ml-- > 0 && ((c = *s++) != '\0'))
{
if (c == '\\')
{
if (ml-- > 0)
{
(void) sm_io_putc(smioout, SM_TIME_DEFAULT, c);
(void) sm_io_putc(smioout, SM_TIME_DEFAULT, c);
}
}
else if (isascii(c) && isprint(c))
(void) sm_io_putc(smioout, SM_TIME_DEFAULT, c);
else
{
if ((ml -= 3) > 0)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"\\%03o", c & 0xFF);
}
}
}
/*
** PRINTNQE -- print out number of entries in the mail queue
**
** Parameters:
** out -- output file pointer.
** prefix -- string to output in front of each line.
**
** Returns:
** none.
*/
void
printnqe(out, prefix)
SM_FILE_T *out;
char *prefix;
{
#if SM_CONF_SHM
int i, k = 0, nrequests = 0;
bool unknown = false;
if (ShmId == SM_SHM_NO_ID)
{
if (prefix == NULL)
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"Data unavailable: shared memory not updated\n");
else
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"%sNOTCONFIGURED:-1\r\n", prefix);
return;
}
for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
{
int j;
- SKIP_BOUNCE_QUEUE
+ SKIP_BOUNCE_QUEUE(i)
k++;
for (j = 0; j < Queue[i]->qg_numqueues; j++)
{
int n;
if (StopRequest)
stop_sendmail();
n = QSHM_ENTRIES(Queue[i]->qg_qpaths[j].qp_idx);
if (prefix != NULL)
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"%s%s:%d\r\n",
prefix, qid_printqueue(i, j), n);
else if (n < 0)
{
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"%s: unknown number of entries\n",
qid_printqueue(i, j));
unknown = true;
}
else if (n == 0)
{
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"%s is empty\n",
qid_printqueue(i, j));
}
else if (n > 0)
{
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"%s: entries=%d\n",
qid_printqueue(i, j), n);
nrequests += n;
k++;
}
}
}
if (prefix == NULL && k > 1)
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"\t\tTotal requests: %d%s\n",
nrequests, unknown ? " (about)" : "");
#else /* SM_CONF_SHM */
if (prefix == NULL)
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"Data unavailable without shared memory support\n");
else
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"%sNOTAVAILABLE:-1\r\n", prefix);
#endif /* SM_CONF_SHM */
}
/*
** PRINTQUEUE -- print out a representation of the mail queue
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** Prints a listing of the mail queue on the standard output.
*/
void
printqueue()
{
int i, k = 0, nrequests = 0;
for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
{
int j;
k++;
for (j = 0; j < Queue[i]->qg_numqueues; j++)
{
if (StopRequest)
stop_sendmail();
nrequests += print_single_queue(i, j);
k++;
}
}
if (k > 1)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"\t\tTotal requests: %d\n",
nrequests);
}
/*
** PRINT_SINGLE_QUEUE -- print out a representation of a single mail queue
**
** Parameters:
** qgrp -- the index of the queue group.
** qdir -- the queue directory.
**
** Returns:
** number of requests in mail queue.
**
** Side Effects:
** Prints a listing of the mail queue on the standard output.
*/
int
print_single_queue(qgrp, qdir)
int qgrp;
int qdir;
{
register WORK *w;
SM_FILE_T *f;
int nrequests;
char qd[MAXPATHLEN];
char qddf[MAXPATHLEN];
char buf[MAXLINE];
if (qdir == NOQDIR)
{
(void) sm_strlcpy(qd, ".", sizeof(qd));
(void) sm_strlcpy(qddf, ".", sizeof(qddf));
}
else
{
(void) sm_strlcpyn(qd, sizeof(qd), 2,
Queue[qgrp]->qg_qpaths[qdir].qp_name,
(bitset(QP_SUBQF,
Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
? "/qf" : ""));
(void) sm_strlcpyn(qddf, sizeof(qddf), 2,
Queue[qgrp]->qg_qpaths[qdir].qp_name,
(bitset(QP_SUBDF,
Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
? "/df" : ""));
}
/*
** Check for permission to print the queue
*/
if (bitset(PRIV_RESTRICTMAILQ, PrivacyFlags) && RealUid != 0)
{
struct stat st;
#ifdef NGROUPS_MAX
int n;
extern GIDSET_T InitialGidSet[NGROUPS_MAX];
-#endif /* NGROUPS_MAX */
+#endif
if (stat(qd, &st) < 0)
{
syserr("Cannot stat %s",
qid_printqueue(qgrp, qdir));
return 0;
}
#ifdef NGROUPS_MAX
n = NGROUPS_MAX;
while (--n >= 0)
{
if (InitialGidSet[n] == st.st_gid)
break;
}
if (n < 0 && RealGid != st.st_gid)
#else /* NGROUPS_MAX */
if (RealGid != st.st_gid)
#endif /* NGROUPS_MAX */
{
usrerr("510 You are not permitted to see the queue");
setstat(EX_NOPERM);
return 0;
}
}
/*
** Read and order the queue.
*/
nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL);
(void) sortq(Queue[qgrp]->qg_maxlist);
/*
** Print the work list that we have read.
*/
/* first see if there is anything */
if (nrequests <= 0)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%s is empty\n",
qid_printqueue(qgrp, qdir));
return 0;
}
sm_getla(); /* get load average */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\t\t%s (%d request%s",
qid_printqueue(qgrp, qdir),
nrequests, nrequests == 1 ? "" : "s");
if (MaxQueueRun > 0 && nrequests > MaxQueueRun)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
", only %d printed", MaxQueueRun);
if (Verbose)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
")\n-----Q-ID----- --Size-- -Priority- ---Q-Time--- --------Sender/Recipient--------\n");
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
")\n-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------\n");
for (w = WorkQ; w != NULL; w = w->w_next)
{
struct stat st;
auto time_t submittime = 0;
long dfsize;
int flags = 0;
int qfver;
char quarmsg[MAXLINE];
char statmsg[MAXLINE];
char bodytype[MAXNAME + 1];
char qf[MAXPATHLEN];
if (StopRequest)
stop_sendmail();
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%13s",
w->w_name + 2);
(void) sm_strlcpyn(qf, sizeof(qf), 3, qd, "/", w->w_name);
f = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDONLY_B,
NULL);
if (f == NULL)
{
if (errno == EPERM)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" (permission denied)\n");
else if (errno == ENOENT)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" (job completed)\n");
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" (%s)\n",
sm_errstring(errno));
errno = 0;
continue;
}
w->w_name[0] = DATAFL_LETTER;
(void) sm_strlcpyn(qf, sizeof(qf), 3, qddf, "/", w->w_name);
if (stat(qf, &st) >= 0)
dfsize = st.st_size;
else
{
ENVELOPE e;
/*
** Maybe the df file can't be statted because
** it is in a different directory than the qf file.
** In order to find out, we must read the qf file.
*/
newenvelope(&e, &BlankEnvelope, sm_rpool_new_x(NULL));
e.e_id = w->w_name + 2;
e.e_qgrp = qgrp;
e.e_qdir = qdir;
dfsize = -1;
if (readqf(&e, false))
{
char *df = queuename(&e, DATAFL_LETTER);
if (stat(df, &st) >= 0)
dfsize = st.st_size;
}
if (e.e_lockfp != NULL)
{
(void) sm_io_close(e.e_lockfp, SM_TIME_DEFAULT);
e.e_lockfp = NULL;
}
clearenvelope(&e, false, e.e_rpool);
sm_rpool_free(e.e_rpool);
}
if (w->w_lock)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "*");
else if (QueueMode == QM_LOST)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "?");
else if (w->w_tooyoung)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "-");
else if (shouldqueue(w->w_pri, w->w_ctime))
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "X");
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, " ");
errno = 0;
quarmsg[0] = '\0';
statmsg[0] = bodytype[0] = '\0';
qfver = 0;
while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
{
register int i;
register char *p;
if (StopRequest)
stop_sendmail();
fixcrlf(buf, true);
switch (buf[0])
{
case 'V': /* queue file version */
qfver = atoi(&buf[1]);
break;
case 'M': /* error message */
if ((i = strlen(&buf[1])) >= sizeof(statmsg))
i = sizeof(statmsg) - 1;
memmove(statmsg, &buf[1], i);
statmsg[i] = '\0';
break;
case 'q': /* quarantine reason */
if ((i = strlen(&buf[1])) >= sizeof(quarmsg))
i = sizeof(quarmsg) - 1;
memmove(quarmsg, &buf[1], i);
quarmsg[i] = '\0';
break;
case 'B': /* body type */
if ((i = strlen(&buf[1])) >= sizeof(bodytype))
i = sizeof(bodytype) - 1;
memmove(bodytype, &buf[1], i);
bodytype[i] = '\0';
break;
case 'S': /* sender name */
if (Verbose)
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"%8ld %10ld%c%.12s ",
dfsize,
w->w_pri,
bitset(EF_WARNING, flags)
? '+' : ' ',
ctime(&submittime) + 4);
prtstr(&buf[1], 78);
}
else
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"%8ld %.16s ",
dfsize,
ctime(&submittime));
prtstr(&buf[1], 39);
}
if (quarmsg[0] != '\0')
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"\n QUARANTINE: %.*s",
Verbose ? 100 : 60,
quarmsg);
quarmsg[0] = '\0';
}
if (statmsg[0] != '\0' || bodytype[0] != '\0')
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"\n %10.10s",
bodytype);
if (statmsg[0] != '\0')
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
" (%.*s)",
Verbose ? 100 : 60,
statmsg);
statmsg[0] = '\0';
}
break;
case 'C': /* controlling user */
if (Verbose)
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"\n\t\t\t\t\t\t(---%.64s---)",
&buf[1]);
break;
case 'R': /* recipient name */
p = &buf[1];
if (qfver >= 1)
{
p = strchr(p, ':');
if (p == NULL)
break;
p++;
}
if (Verbose)
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"\n\t\t\t\t\t\t");
prtstr(p, 71);
}
else
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"\n\t\t\t\t\t ");
prtstr(p, 38);
}
if (Verbose && statmsg[0] != '\0')
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"\n\t\t (%.100s)",
statmsg);
statmsg[0] = '\0';
}
break;
case 'T': /* creation time */
submittime = atol(&buf[1]);
break;
case 'F': /* flag bits */
for (p = &buf[1]; *p != '\0'; p++)
{
switch (*p)
{
case 'w':
flags |= EF_WARNING;
break;
}
}
}
}
if (submittime == (time_t) 0)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
" (no control file)");
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "\n");
(void) sm_io_close(f, SM_TIME_DEFAULT);
}
return nrequests;
}
/*
** QUEUE_LETTER -- get the proper queue letter for the current QueueMode.
**
** Parameters:
** e -- envelope to build it in/from.
** type -- the file type, used as the first character
** of the file name.
**
** Returns:
** the letter to use
*/
static char
queue_letter(e, type)
ENVELOPE *e;
int type;
{
/* Change type according to QueueMode */
if (type == ANYQFL_LETTER)
{
if (e->e_quarmsg != NULL)
type = QUARQF_LETTER;
else
{
switch (QueueMode)
{
case QM_NORMAL:
type = NORMQF_LETTER;
break;
case QM_QUARANTINE:
type = QUARQF_LETTER;
break;
case QM_LOST:
type = LOSEQF_LETTER;
break;
default:
/* should never happen */
abort();
/* NOTREACHED */
}
}
}
return type;
}
/*
** QUEUENAME -- build a file name in the queue directory for this envelope.
**
** Parameters:
** e -- envelope to build it in/from.
** type -- the file type, used as the first character
** of the file name.
**
** Returns:
** a pointer to the queue name (in a static buffer).
**
** Side Effects:
** If no id code is already assigned, queuename() will
** assign an id code with assign_queueid(). If no queue
** directory is assigned, one will be set with setnewqueue().
*/
char *
queuename(e, type)
register ENVELOPE *e;
int type;
{
int qd, qg;
char *sub = "/";
char pref[3];
static char buf[MAXPATHLEN];
/* Assign an ID if needed */
if (e->e_id == NULL)
{
if (IntSig)
return NULL;
assign_queueid(e);
}
type = queue_letter(e, type);
/* begin of filename */
pref[0] = (char) type;
pref[1] = 'f';
pref[2] = '\0';
/* Assign a queue group/directory if needed */
if (type == XSCRPT_LETTER)
{
/*
** We don't want to call setnewqueue() if we are fetching
** the pathname of the transcript file, because setnewqueue
** chooses a queue, and sometimes we need to write to the
** transcript file before we have gathered enough information
** to choose a queue.
*/
if (e->e_xfqgrp == NOQGRP || e->e_xfqdir == NOQDIR)
{
if (e->e_qgrp != NOQGRP && e->e_qdir != NOQDIR)
{
e->e_xfqgrp = e->e_qgrp;
e->e_xfqdir = e->e_qdir;
}
else
{
e->e_xfqgrp = 0;
if (Queue[e->e_xfqgrp]->qg_numqueues <= 1)
e->e_xfqdir = 0;
else
{
e->e_xfqdir = get_rand_mod(
Queue[e->e_xfqgrp]->qg_numqueues);
}
}
}
qd = e->e_xfqdir;
qg = e->e_xfqgrp;
}
else
{
if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR)
{
if (IntSig)
return NULL;
(void) setnewqueue(e);
}
if (type == DATAFL_LETTER)
{
qd = e->e_dfqdir;
qg = e->e_dfqgrp;
}
else
{
qd = e->e_qdir;
qg = e->e_qgrp;
}
}
/* xf files always have a valid qd and qg picked above */
if ((qd == NOQDIR || qg == NOQGRP) && type != XSCRPT_LETTER)
(void) sm_strlcpyn(buf, sizeof(buf), 2, pref, e->e_id);
else
{
switch (type)
{
case DATAFL_LETTER:
if (bitset(QP_SUBDF, Queue[qg]->qg_qpaths[qd].qp_subdirs))
sub = "/df/";
break;
case QUARQF_LETTER:
case TEMPQF_LETTER:
case NEWQFL_LETTER:
case LOSEQF_LETTER:
case NORMQF_LETTER:
if (bitset(QP_SUBQF, Queue[qg]->qg_qpaths[qd].qp_subdirs))
sub = "/qf/";
break;
case XSCRPT_LETTER:
if (bitset(QP_SUBXF, Queue[qg]->qg_qpaths[qd].qp_subdirs))
sub = "/xf/";
break;
default:
if (IntSig)
return NULL;
sm_abort("queuename: bad queue file type %d", type);
}
(void) sm_strlcpyn(buf, sizeof(buf), 4,
Queue[qg]->qg_qpaths[qd].qp_name,
sub, pref, e->e_id);
}
if (tTd(7, 2))
sm_dprintf("queuename: %s\n", buf);
return buf;
}
/*
** INIT_QID_ALG -- Initialize the (static) parameters that are used to
** generate a queue ID.
**
** This function is called by the daemon to reset
** LastQueueTime and LastQueuePid which are used by assign_queueid().
** Otherwise the algorithm may cause problems because
** LastQueueTime and LastQueuePid are set indirectly by main()
** before the daemon process is started, hence LastQueuePid is not
** the pid of the daemon and therefore a child of the daemon can
** actually have the same pid as LastQueuePid which means the section
** in assign_queueid():
** * see if we need to get a new base time/pid *
** is NOT triggered which will cause the same queue id to be generated.
**
** Parameters:
** none
**
** Returns:
** none.
*/
void
init_qid_alg()
{
LastQueueTime = 0;
LastQueuePid = -1;
}
/*
** ASSIGN_QUEUEID -- assign a queue ID for this envelope.
**
** Assigns an id code if one does not already exist.
** This code assumes that nothing will remain in the queue for
** longer than 60 years. It is critical that files with the given
** name do not already exist in the queue.
** [No longer initializes e_qdir to NOQDIR.]
**
** Parameters:
** e -- envelope to set it in.
**
** Returns:
** none.
*/
static const char QueueIdChars[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
# define QIC_LEN 60
# define QIC_LEN_R 62
/*
** Note: the length is "officially" 60 because minutes and seconds are
** usually only 0-59. However (Linux):
** tm_sec The number of seconds after the minute, normally in
** the range 0 to 59, but can be up to 61 to allow for
** leap seconds.
** Hence the real length of the string is 62 to take this into account.
** Alternatively % QIC_LEN can (should) be used for access everywhere.
*/
# define queuenextid() CurrentPid
#define QIC_LEN_SQR (QIC_LEN * QIC_LEN)
void
assign_queueid(e)
register ENVELOPE *e;
{
pid_t pid = queuenextid();
static unsigned int cX = 0;
static unsigned int random_offset;
struct tm *tm;
char idbuf[MAXQFNAME - 2];
unsigned int seq;
if (e->e_id != NULL)
return;
/* see if we need to get a new base time/pid */
if (cX >= QIC_LEN_SQR || LastQueueTime == 0 || LastQueuePid != pid)
{
time_t then = LastQueueTime;
/* if the first time through, pick a random offset */
if (LastQueueTime == 0)
random_offset = ((unsigned int)get_random())
% QIC_LEN_SQR;
while ((LastQueueTime = curtime()) == then &&
LastQueuePid == pid)
{
(void) sleep(1);
}
LastQueuePid = queuenextid();
cX = 0;
}
/*
** Generate a new sequence number between 0 and QIC_LEN_SQR-1.
** This lets us generate up to QIC_LEN_SQR unique queue ids
** per second, per process. With envelope splitting,
** a single message can consume many queue ids.
*/
seq = (cX + random_offset) % QIC_LEN_SQR;
++cX;
if (tTd(7, 50))
sm_dprintf("assign_queueid: random_offset=%u (%u)\n",
random_offset, seq);
tm = gmtime(&LastQueueTime);
idbuf[0] = QueueIdChars[tm->tm_year % QIC_LEN];
idbuf[1] = QueueIdChars[tm->tm_mon];
idbuf[2] = QueueIdChars[tm->tm_mday];
idbuf[3] = QueueIdChars[tm->tm_hour];
idbuf[4] = QueueIdChars[tm->tm_min % QIC_LEN_R];
idbuf[5] = QueueIdChars[tm->tm_sec % QIC_LEN_R];
idbuf[6] = QueueIdChars[seq / QIC_LEN];
idbuf[7] = QueueIdChars[seq % QIC_LEN];
(void) sm_snprintf(&idbuf[8], sizeof(idbuf) - 8, "%06d",
(int) LastQueuePid);
e->e_id = sm_rpool_strdup_x(e->e_rpool, idbuf);
macdefine(&e->e_macro, A_PERM, 'i', e->e_id);
#if 0
/* XXX: inherited from MainEnvelope */
e->e_qgrp = NOQGRP; /* too early to do anything else */
e->e_qdir = NOQDIR;
e->e_xfqgrp = NOQGRP;
#endif /* 0 */
/* New ID means it's not on disk yet */
e->e_qfletter = '\0';
if (tTd(7, 1))
sm_dprintf("assign_queueid: assigned id %s, e=%p\n",
- e->e_id, e);
+ e->e_id, (void *)e);
if (LogLevel > 93)
sm_syslog(LOG_DEBUG, e->e_id, "assigned id");
}
/*
** SYNC_QUEUE_TIME -- Assure exclusive PID in any given second
**
** Make sure one PID can't be used by two processes in any one second.
**
** If the system rotates PIDs fast enough, may get the
** same pid in the same second for two distinct processes.
** This will interfere with the queue file naming system.
**
** Parameters:
** none
**
** Returns:
** none
*/
void
sync_queue_time()
{
#if FAST_PID_RECYCLE
if (OpMode != MD_TEST &&
OpMode != MD_CHECKCONFIG &&
OpMode != MD_VERIFY &&
LastQueueTime > 0 &&
LastQueuePid == CurrentPid &&
curtime() == LastQueueTime)
(void) sleep(1);
#endif /* FAST_PID_RECYCLE */
}
/*
** UNLOCKQUEUE -- unlock the queue entry for a specified envelope
**
** Parameters:
** e -- the envelope to unlock.
**
** Returns:
** none
**
** Side Effects:
** unlocks the queue for `e'.
*/
void
unlockqueue(e)
ENVELOPE *e;
{
if (tTd(51, 4))
sm_dprintf("unlockqueue(%s)\n",
e->e_id == NULL ? "NOQUEUE" : e->e_id);
/* if there is a lock file in the envelope, close it */
if (e->e_lockfp != NULL)
(void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT);
e->e_lockfp = NULL;
/* don't create a queue id if we don't already have one */
if (e->e_id == NULL)
return;
/* remove the transcript */
if (LogLevel > 87)
sm_syslog(LOG_DEBUG, e->e_id, "unlock");
if (!tTd(51, 104))
(void) xunlink(queuename(e, XSCRPT_LETTER));
}
/*
** SETCTLUSER -- create a controlling address
**
** Create a fake "address" given only a local login name; this is
** used as a "controlling user" for future recipient addresses.
**
** Parameters:
** user -- the user name of the controlling user.
** qfver -- the version stamp of this queue file.
** e -- envelope
**
** Returns:
** An address descriptor for the controlling user,
** using storage allocated from e->e_rpool.
**
*/
static ADDRESS *
setctluser(user, qfver, e)
char *user;
int qfver;
ENVELOPE *e;
{
register ADDRESS *a;
struct passwd *pw;
char *p;
/*
** See if this clears our concept of controlling user.
*/
if (user == NULL || *user == '\0')
return NULL;
/*
** Set up addr fields for controlling user.
*/
a = (ADDRESS *) sm_rpool_malloc_x(e->e_rpool, sizeof(*a));
memset((char *) a, '\0', sizeof(*a));
if (*user == ':')
{
p = &user[1];
a->q_user = sm_rpool_strdup_x(e->e_rpool, p);
}
else
{
p = strtok(user, ":");
a->q_user = sm_rpool_strdup_x(e->e_rpool, user);
if (qfver >= 2)
{
if ((p = strtok(NULL, ":")) != NULL)
a->q_uid = atoi(p);
if ((p = strtok(NULL, ":")) != NULL)
a->q_gid = atoi(p);
if ((p = strtok(NULL, ":")) != NULL)
{
char *o;
a->q_flags |= QGOODUID;
/* if there is another ':': restore it */
if ((o = strtok(NULL, ":")) != NULL && o > p)
o[-1] = ':';
}
}
else if ((pw = sm_getpwnam(user)) != NULL)
{
if (*pw->pw_dir == '\0')
a->q_home = NULL;
else if (strcmp(pw->pw_dir, "/") == 0)
a->q_home = "";
else
a->q_home = sm_rpool_strdup_x(e->e_rpool, pw->pw_dir);
a->q_uid = pw->pw_uid;
a->q_gid = pw->pw_gid;
a->q_flags |= QGOODUID;
}
}
a->q_flags |= QPRIMARY; /* flag as a "ctladdr" */
a->q_mailer = LocalMailer;
if (p == NULL)
a->q_paddr = sm_rpool_strdup_x(e->e_rpool, a->q_user);
else
a->q_paddr = sm_rpool_strdup_x(e->e_rpool, p);
return a;
}
/*
** LOSEQFILE -- rename queue file with LOSEQF_LETTER & try to let someone know
**
** Parameters:
** e -- the envelope (e->e_id will be used).
** why -- reported to whomever can hear.
**
** Returns:
** none.
*/
void
loseqfile(e, why)
register ENVELOPE *e;
char *why;
{
bool loseit = true;
char *p;
char buf[MAXPATHLEN];
if (e == NULL || e->e_id == NULL)
return;
p = queuename(e, ANYQFL_LETTER);
if (sm_strlcpy(buf, p, sizeof(buf)) >= sizeof(buf))
return;
if (!bitset(EF_INQUEUE, e->e_flags))
queueup(e, false, true);
else if (QueueMode == QM_LOST)
loseit = false;
/* if already lost, no need to re-lose */
if (loseit)
{
p = queuename(e, LOSEQF_LETTER);
if (rename(buf, p) < 0)
syserr("cannot rename(%s, %s), uid=%ld",
buf, p, (long) geteuid());
else if (LogLevel > 0)
sm_syslog(LOG_ALERT, e->e_id,
"Losing %s: %s", buf, why);
}
if (e->e_dfp != NULL)
{
(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
e->e_dfp = NULL;
}
e->e_flags &= ~EF_HAS_DF;
}
/*
** NAME2QID -- translate a queue group name to a queue group id
**
** Parameters:
** queuename -- name of queue group.
**
** Returns:
** queue group id if found.
** NOQGRP otherwise.
*/
int
name2qid(queuename)
char *queuename;
{
register STAB *s;
s = stab(queuename, ST_QUEUE, ST_FIND);
if (s == NULL)
return NOQGRP;
return s->s_quegrp->qg_index;
}
/*
** QID_PRINTNAME -- create externally printable version of queue id
**
** Parameters:
** e -- the envelope.
**
** Returns:
** a printable version
*/
char *
qid_printname(e)
ENVELOPE *e;
{
char *id;
static char idbuf[MAXQFNAME + 34];
if (e == NULL)
return "";
if (e->e_id == NULL)
id = "";
else
id = e->e_id;
if (e->e_qdir == NOQDIR)
return id;
(void) sm_snprintf(idbuf, sizeof(idbuf), "%.32s/%s",
Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_name,
id);
return idbuf;
}
/*
** QID_PRINTQUEUE -- create full version of queue directory for data files
**
** Parameters:
** qgrp -- index in queue group.
** qdir -- the short version of the queue directory
**
** Returns:
** the full pathname to the queue (might point to a static var)
*/
char *
qid_printqueue(qgrp, qdir)
int qgrp;
int qdir;
{
char *subdir;
static char dir[MAXPATHLEN];
if (qdir == NOQDIR)
return Queue[qgrp]->qg_qdir;
if (strcmp(Queue[qgrp]->qg_qpaths[qdir].qp_name, ".") == 0)
subdir = NULL;
else
subdir = Queue[qgrp]->qg_qpaths[qdir].qp_name;
(void) sm_strlcpyn(dir, sizeof(dir), 4,
Queue[qgrp]->qg_qdir,
subdir == NULL ? "" : "/",
subdir == NULL ? "" : subdir,
(bitset(QP_SUBDF,
Queue[qgrp]->qg_qpaths[qdir].qp_subdirs)
? "/df" : ""));
return dir;
}
/*
** PICKQDIR -- Pick a queue directory from a queue group
**
** Parameters:
** qg -- queue group
** fsize -- file size in bytes
** e -- envelope, or NULL
**
** Result:
** NOQDIR if no queue directory in qg has enough free space to
** hold a file of size 'fsize', otherwise the index of
** a randomly selected queue directory which resides on a
** file system with enough disk space.
** XXX This could be extended to select a queuedir with
** a few (the fewest?) number of entries. That data
** is available if shared memory is used.
**
** Side Effects:
** If the request fails and e != NULL then sm_syslog is called.
*/
int
pickqdir(qg, fsize, e)
QUEUEGRP *qg;
long fsize;
ENVELOPE *e;
{
int qdir;
int i;
long avail = 0;
/* Pick a random directory, as a starting point. */
if (qg->qg_numqueues <= 1)
qdir = 0;
else
qdir = get_rand_mod(qg->qg_numqueues);
#if _FFR_TESTS
if (tTd(4, 101))
return NOQDIR;
-#endif /* _FFR_TESTS */
+#endif
if (MinBlocksFree <= 0 && fsize <= 0)
return qdir;
/*
** Now iterate over the queue directories,
** looking for a directory with enough space for this message.
*/
i = qdir;
do
{
QPATHS *qp = &qg->qg_qpaths[i];
long needed = 0;
long fsavail = 0;
if (fsize > 0)
needed += fsize / FILE_SYS_BLKSIZE(qp->qp_fsysidx)
+ ((fsize % FILE_SYS_BLKSIZE(qp->qp_fsysidx)
> 0) ? 1 : 0);
if (MinBlocksFree > 0)
needed += MinBlocksFree;
fsavail = FILE_SYS_AVAIL(qp->qp_fsysidx);
#if SM_CONF_SHM
if (fsavail <= 0)
{
long blksize;
/*
** might be not correctly updated,
** let's try to get the info directly.
*/
fsavail = freediskspace(FILE_SYS_NAME(qp->qp_fsysidx),
&blksize);
if (fsavail < 0)
fsavail = 0;
}
#endif /* SM_CONF_SHM */
if (needed <= fsavail)
return i;
if (avail < fsavail)
avail = fsavail;
if (qg->qg_numqueues > 0)
i = (i + 1) % qg->qg_numqueues;
} while (i != qdir);
if (e != NULL && LogLevel > 0)
sm_syslog(LOG_ALERT, e->e_id,
"low on space (%s needs %ld bytes + %ld blocks in %s), max avail: %ld",
CurHostName == NULL ? "SMTP-DAEMON" : CurHostName,
fsize, MinBlocksFree,
qg->qg_qdir, avail);
return NOQDIR;
}
/*
** SETNEWQUEUE -- Sets a new queue group and directory
**
** Assign a queue group and directory to an envelope and store the
** directory in e->e_qdir.
**
** Parameters:
** e -- envelope to assign a queue for.
**
** Returns:
** true if successful
** false otherwise
**
** Side Effects:
** On success, e->e_qgrp and e->e_qdir are non-negative.
** On failure (not enough disk space),
** e->qgrp = NOQGRP, e->e_qdir = NOQDIR
** and usrerr() is invoked (which could raise an exception).
*/
bool
setnewqueue(e)
ENVELOPE *e;
{
if (tTd(41, 20))
sm_dprintf("setnewqueue: called\n");
/* not set somewhere else */
if (e->e_qgrp == NOQGRP)
{
ADDRESS *q;
/*
** Use the queue group of the "first" recipient, as set by
** the "queuegroup" rule set. If that is not defined, then
** use the queue group of the mailer of the first recipient.
** If that is not defined either, then use the default
** queue group.
** Notice: "first" depends on the sorting of sendqueue
** in recipient().
** To avoid problems with "bad" recipients look
** for a valid address first.
*/
q = e->e_sendqueue;
while (q != NULL &&
(QS_IS_BADADDR(q->q_state) || QS_IS_DEAD(q->q_state)))
{
q = q->q_next;
}
if (q == NULL)
e->e_qgrp = 0;
else if (q->q_qgrp >= 0)
e->e_qgrp = q->q_qgrp;
else if (q->q_mailer != NULL &&
ISVALIDQGRP(q->q_mailer->m_qgrp))
e->e_qgrp = q->q_mailer->m_qgrp;
else
e->e_qgrp = 0;
e->e_dfqgrp = e->e_qgrp;
}
if (ISVALIDQDIR(e->e_qdir) && ISVALIDQDIR(e->e_dfqdir))
{
if (tTd(41, 20))
sm_dprintf("setnewqueue: e_qdir already assigned (%s)\n",
qid_printqueue(e->e_qgrp, e->e_qdir));
return true;
}
filesys_update();
e->e_qdir = pickqdir(Queue[e->e_qgrp], e->e_msgsize, e);
if (e->e_qdir == NOQDIR)
{
e->e_qgrp = NOQGRP;
if (!bitset(EF_FATALERRS, e->e_flags))
usrerr("452 4.4.5 Insufficient disk space; try again later");
e->e_flags |= EF_FATALERRS;
return false;
}
if (tTd(41, 3))
sm_dprintf("setnewqueue: Assigned queue directory %s\n",
qid_printqueue(e->e_qgrp, e->e_qdir));
if (e->e_xfqgrp == NOQGRP || e->e_xfqdir == NOQDIR)
{
e->e_xfqgrp = e->e_qgrp;
e->e_xfqdir = e->e_qdir;
}
e->e_dfqdir = e->e_qdir;
return true;
}
/*
** CHKQDIR -- check a queue directory
**
** Parameters:
** name -- name of queue directory
** sff -- flags for safefile()
**
** Returns:
** is it a queue directory?
*/
static bool chkqdir __P((char *, long));
static bool
chkqdir(name, sff)
char *name;
long sff;
{
struct stat statb;
int i;
/* skip over . and .. directories */
if (name[0] == '.' &&
(name[1] == '\0' || (name[1] == '.' && name[2] == '\0')))
return false;
#if HASLSTAT
if (lstat(name, &statb) < 0)
-#else /* HASLSTAT */
+#else
if (stat(name, &statb) < 0)
-#endif /* HASLSTAT */
+#endif
{
if (tTd(41, 2))
sm_dprintf("chkqdir: stat(\"%s\"): %s\n",
name, sm_errstring(errno));
return false;
}
#if HASLSTAT
if (S_ISLNK(statb.st_mode))
{
/*
** For a symlink we need to make sure the
** target is a directory
*/
if (stat(name, &statb) < 0)
{
if (tTd(41, 2))
sm_dprintf("chkqdir: stat(\"%s\"): %s\n",
name, sm_errstring(errno));
return false;
}
}
#endif /* HASLSTAT */
if (!S_ISDIR(statb.st_mode))
{
if (tTd(41, 2))
sm_dprintf("chkqdir: \"%s\": Not a directory\n",
name);
return false;
}
/* Print a warning if unsafe (but still use it) */
/* XXX do this only if we want the warning? */
i = safedirpath(name, RunAsUid, RunAsGid, NULL, sff, 0, 0);
if (i != 0)
{
if (tTd(41, 2))
sm_dprintf("chkqdir: \"%s\": Not safe: %s\n",
name, sm_errstring(i));
#if _FFR_CHK_QUEUE
if (LogLevel > 8)
sm_syslog(LOG_WARNING, NOQID,
"queue directory \"%s\": Not safe: %s",
name, sm_errstring(i));
#endif /* _FFR_CHK_QUEUE */
}
return true;
}
/*
** MULTIQUEUE_CACHE -- cache a list of paths to queues.
**
** Each potential queue is checked as the cache is built.
** Thereafter, each is blindly trusted.
** Note that we can be called again after a timeout to rebuild
** (although code for that is not ready yet).
**
** Parameters:
** basedir -- base of all queue directories.
** blen -- strlen(basedir).
** qg -- queue group.
** qn -- number of queue directories already cached.
** phash -- pointer to hash value over queue dirs.
#if SM_CONF_SHM
** only used if shared memory is active.
#endif * SM_CONF_SHM *
**
** Returns:
** new number of queue directories.
*/
#define INITIAL_SLOTS 20
#define ADD_SLOTS 10
static int
multiqueue_cache(basedir, blen, qg, qn, phash)
char *basedir;
int blen;
QUEUEGRP *qg;
int qn;
unsigned int *phash;
{
char *cp;
int i, len;
int slotsleft = 0;
long sff = SFF_ANYFILE;
char qpath[MAXPATHLEN];
char subdir[MAXPATHLEN];
char prefix[MAXPATHLEN]; /* dir relative to basedir */
if (tTd(41, 20))
sm_dprintf("multiqueue_cache: called\n");
/* Initialize to current directory */
prefix[0] = '.';
prefix[1] = '\0';
if (qg->qg_numqueues != 0 && qg->qg_qpaths != NULL)
{
for (i = 0; i < qg->qg_numqueues; i++)
{
if (qg->qg_qpaths[i].qp_name != NULL)
(void) sm_free(qg->qg_qpaths[i].qp_name); /* XXX */
}
(void) sm_free((char *) qg->qg_qpaths); /* XXX */
qg->qg_qpaths = NULL;
qg->qg_numqueues = 0;
}
/* If running as root, allow safedirpath() checks to use privs */
if (RunAsUid == 0)
sff |= SFF_ROOTOK;
#if _FFR_CHK_QUEUE
sff |= SFF_SAFEDIRPATH|SFF_NOWWFILES;
if (!UseMSP)
sff |= SFF_NOGWFILES;
-#endif /* _FFR_CHK_QUEUE */
+#endif
if (!SM_IS_DIR_START(qg->qg_qdir))
{
/*
** XXX we could add basedir, but then we have to realloc()
** the string... Maybe another time.
*/
syserr("QueuePath %s not absolute", qg->qg_qdir);
ExitStat = EX_CONFIG;
return qn;
}
/* qpath: directory of current workgroup */
len = sm_strlcpy(qpath, qg->qg_qdir, sizeof(qpath));
if (len >= sizeof(qpath))
{
syserr("QueuePath %.256s too long (%d max)",
qg->qg_qdir, (int) sizeof(qpath));
ExitStat = EX_CONFIG;
return qn;
}
/* begin of qpath must be same as basedir */
if (strncmp(basedir, qpath, blen) != 0 &&
(strncmp(basedir, qpath, blen - 1) != 0 || len != blen - 1))
{
syserr("QueuePath %s not subpath of QueueDirectory %s",
qpath, basedir);
ExitStat = EX_CONFIG;
return qn;
}
/* Do we have a nested subdirectory? */
if (blen < len && SM_FIRST_DIR_DELIM(qg->qg_qdir + blen) != NULL)
{
/* Copy subdirectory into prefix for later use */
if (sm_strlcpy(prefix, qg->qg_qdir + blen, sizeof(prefix)) >=
sizeof(prefix))
{
syserr("QueuePath %.256s too long (%d max)",
qg->qg_qdir, (int) sizeof(qpath));
ExitStat = EX_CONFIG;
return qn;
}
cp = SM_LAST_DIR_DELIM(prefix);
SM_ASSERT(cp != NULL);
*cp = '\0'; /* cut off trailing / */
}
/* This is guaranteed by the basedir check above */
SM_ASSERT(len >= blen - 1);
cp = &qpath[len - 1];
if (*cp == '*')
{
register DIR *dp;
register struct dirent *d;
int off;
char *delim;
char relpath[MAXPATHLEN];
*cp = '\0'; /* Overwrite wildcard */
if ((cp = SM_LAST_DIR_DELIM(qpath)) == NULL)
{
syserr("QueueDirectory: can not wildcard relative path");
if (tTd(41, 2))
sm_dprintf("multiqueue_cache: \"%s*\": Can not wildcard relative path.\n",
qpath);
ExitStat = EX_CONFIG;
return qn;
}
if (cp == qpath)
{
/*
** Special case of top level wildcard, like /foo*
** Change to //foo*
*/
(void) sm_strlcpy(qpath + 1, qpath, sizeof(qpath) - 1);
++cp;
}
delim = cp;
*(cp++) = '\0'; /* Replace / with \0 */
len = strlen(cp); /* Last component of queue directory */
/*
** Path relative to basedir, with trailing /
** It will be modified below to specify the subdirectories
** so they can be opened without chdir().
*/
off = sm_strlcpyn(relpath, sizeof(relpath), 2, prefix, "/");
SM_ASSERT(off < sizeof(relpath));
if (tTd(41, 2))
sm_dprintf("multiqueue_cache: prefix=\"%s%s\"\n",
relpath, cp);
/* It is always basedir: we don't need to store it per group */
/* XXX: optimize this! -> one more global? */
qg->qg_qdir = newstr(basedir);
qg->qg_qdir[blen - 1] = '\0'; /* cut off trailing / */
/*
** XXX Should probably wrap this whole loop in a timeout
** in case some wag decides to NFS mount the queues.
*/
/* Test path to get warning messages. */
if (qn == 0)
{
/* XXX qg_runasuid and qg_runasgid for specials? */
i = safedirpath(basedir, RunAsUid, RunAsGid, NULL,
sff, 0, 0);
if (i != 0 && tTd(41, 2))
sm_dprintf("multiqueue_cache: \"%s\": Not safe: %s\n",
basedir, sm_errstring(i));
}
if ((dp = opendir(prefix)) == NULL)
{
syserr("can not opendir(%s/%s)", qg->qg_qdir, prefix);
if (tTd(41, 2))
sm_dprintf("multiqueue_cache: opendir(\"%s/%s\"): %s\n",
qg->qg_qdir, prefix,
sm_errstring(errno));
ExitStat = EX_CONFIG;
return qn;
}
while ((d = readdir(dp)) != NULL)
{
/* Skip . and .. directories */
if (strcmp(d->d_name, ".") == 0 ||
strcmp(d->d_name, "..") == 0)
continue;
i = strlen(d->d_name);
if (i < len || strncmp(d->d_name, cp, len) != 0)
{
if (tTd(41, 5))
sm_dprintf("multiqueue_cache: \"%s\", skipped\n",
d->d_name);
continue;
}
/* Create relative pathname: prefix + local directory */
i = sizeof(relpath) - off;
if (sm_strlcpy(relpath + off, d->d_name, i) >= i)
continue; /* way too long */
if (!chkqdir(relpath, sff))
continue;
if (qg->qg_qpaths == NULL)
{
slotsleft = INITIAL_SLOTS;
qg->qg_qpaths = (QPATHS *)xalloc((sizeof(*qg->qg_qpaths)) *
slotsleft);
qg->qg_numqueues = 0;
}
else if (slotsleft < 1)
{
qg->qg_qpaths = (QPATHS *)sm_realloc((char *)qg->qg_qpaths,
(sizeof(*qg->qg_qpaths)) *
(qg->qg_numqueues +
ADD_SLOTS));
if (qg->qg_qpaths == NULL)
{
(void) closedir(dp);
return qn;
}
slotsleft += ADD_SLOTS;
}
/* check subdirs */
qg->qg_qpaths[qg->qg_numqueues].qp_subdirs = QP_NOSUB;
#define CHKRSUBDIR(name, flag) \
(void) sm_strlcpyn(subdir, sizeof(subdir), 3, relpath, "/", name); \
if (chkqdir(subdir, sff)) \
qg->qg_qpaths[qg->qg_numqueues].qp_subdirs |= flag; \
else
CHKRSUBDIR("qf", QP_SUBQF);
CHKRSUBDIR("df", QP_SUBDF);
CHKRSUBDIR("xf", QP_SUBXF);
/* assert(strlen(d->d_name) < MAXPATHLEN - 14) */
/* maybe even - 17 (subdirs) */
if (prefix[0] != '.')
qg->qg_qpaths[qg->qg_numqueues].qp_name =
newstr(relpath);
else
qg->qg_qpaths[qg->qg_numqueues].qp_name =
newstr(d->d_name);
if (tTd(41, 2))
sm_dprintf("multiqueue_cache: %d: \"%s\" cached (%x).\n",
qg->qg_numqueues, relpath,
qg->qg_qpaths[qg->qg_numqueues].qp_subdirs);
#if SM_CONF_SHM
qg->qg_qpaths[qg->qg_numqueues].qp_idx = qn;
*phash = hash_q(relpath, *phash);
-#endif /* SM_CONF_SHM */
+#endif
qg->qg_numqueues++;
++qn;
slotsleft--;
}
(void) closedir(dp);
/* undo damage */
*delim = '/';
}
if (qg->qg_numqueues == 0)
{
qg->qg_qpaths = (QPATHS *) xalloc(sizeof(*qg->qg_qpaths));
/* test path to get warning messages */
i = safedirpath(qpath, RunAsUid, RunAsGid, NULL, sff, 0, 0);
if (i == ENOENT)
{
syserr("can not opendir(%s)", qpath);
if (tTd(41, 2))
sm_dprintf("multiqueue_cache: opendir(\"%s\"): %s\n",
qpath, sm_errstring(i));
ExitStat = EX_CONFIG;
return qn;
}
qg->qg_qpaths[0].qp_subdirs = QP_NOSUB;
qg->qg_numqueues = 1;
/* check subdirs */
#define CHKSUBDIR(name, flag) \
(void) sm_strlcpyn(subdir, sizeof(subdir), 3, qg->qg_qdir, "/", name); \
if (chkqdir(subdir, sff)) \
qg->qg_qpaths[0].qp_subdirs |= flag; \
else
CHKSUBDIR("qf", QP_SUBQF);
CHKSUBDIR("df", QP_SUBDF);
CHKSUBDIR("xf", QP_SUBXF);
if (qg->qg_qdir[blen - 1] != '\0' &&
qg->qg_qdir[blen] != '\0')
{
/*
** Copy the last component into qpaths and
** cut off qdir
*/
qg->qg_qpaths[0].qp_name = newstr(qg->qg_qdir + blen);
qg->qg_qdir[blen - 1] = '\0';
}
else
qg->qg_qpaths[0].qp_name = newstr(".");
#if SM_CONF_SHM
qg->qg_qpaths[0].qp_idx = qn;
*phash = hash_q(qg->qg_qpaths[0].qp_name, *phash);
-#endif /* SM_CONF_SHM */
+#endif
++qn;
}
return qn;
}
/*
** FILESYS_FIND -- find entry in FileSys table, or add new one
**
** Given the pathname of a directory, determine the file system
** in which that directory resides, and return a pointer to the
** entry in the FileSys table that describes the file system.
** A new entry is added if necessary (and requested).
** If the directory does not exist, -1 is returned.
**
** Parameters:
** name -- name of directory (must be persistent!)
** path -- pathname of directory (name plus maybe "/df")
** add -- add to structure if not found.
**
** Returns:
** >=0: found: index in file system table
** <0: some error, i.e.,
** FSF_TOO_MANY: too many filesystems (-> syserr())
** FSF_STAT_FAIL: can't stat() filesystem (-> syserr())
** FSF_NOT_FOUND: not in list
*/
static short filesys_find __P((const char *, const char *, bool));
#define FSF_NOT_FOUND (-1)
#define FSF_STAT_FAIL (-2)
#define FSF_TOO_MANY (-3)
static short
filesys_find(name, path, add)
const char *name;
const char *path;
bool add;
{
struct stat st;
short i;
if (stat(path, &st) < 0)
{
syserr("cannot stat queue directory %s", path);
return FSF_STAT_FAIL;
}
for (i = 0; i < NumFileSys; ++i)
{
if (FILE_SYS_DEV(i) == st.st_dev)
{
/*
** Make sure the file system (FS) name is set:
** even though the source code indicates that
** FILE_SYS_DEV() is only set below, it could be
** set via shared memory, hence we need to perform
** this check/assignment here.
*/
if (NULL == FILE_SYS_NAME(i))
FILE_SYS_NAME(i) = name;
return i;
}
}
if (i >= MAXFILESYS)
{
syserr("too many queue file systems (%d max)", MAXFILESYS);
return FSF_TOO_MANY;
}
if (!add)
return FSF_NOT_FOUND;
++NumFileSys;
FILE_SYS_NAME(i) = name;
FILE_SYS_DEV(i) = st.st_dev;
FILE_SYS_AVAIL(i) = 0;
FILE_SYS_BLKSIZE(i) = 1024; /* avoid divide by zero */
return i;
}
/*
** FILESYS_SETUP -- set up mapping from queue directories to file systems
**
** This data structure is used to efficiently check the amount of
** free space available in a set of queue directories.
**
** Parameters:
** add -- initialize structure if necessary.
**
** Returns:
** 0: success
** <0: some error, i.e.,
** FSF_NOT_FOUND: not in list
** FSF_STAT_FAIL: can't stat() filesystem (-> syserr())
** FSF_TOO_MANY: too many filesystems (-> syserr())
*/
static int filesys_setup __P((bool));
static int
filesys_setup(add)
bool add;
{
int i, j;
short fs;
int ret;
ret = 0;
for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
{
for (j = 0; j < Queue[i]->qg_numqueues; ++j)
{
QPATHS *qp = &Queue[i]->qg_qpaths[j];
char qddf[MAXPATHLEN];
(void) sm_strlcpyn(qddf, sizeof(qddf), 2, qp->qp_name,
(bitset(QP_SUBDF, qp->qp_subdirs)
? "/df" : ""));
fs = filesys_find(qp->qp_name, qddf, add);
if (fs >= 0)
qp->qp_fsysidx = fs;
else
qp->qp_fsysidx = 0;
if (fs < ret)
ret = fs;
}
}
return ret;
}
/*
** FILESYS_UPDATE -- update amount of free space on all file systems
**
** The FileSys table is used to cache the amount of free space
** available on all queue directory file systems.
** This function updates the cached information if it has expired.
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** Updates FileSys table.
*/
void
filesys_update()
{
int i;
long avail, blksize;
time_t now;
static time_t nextupdate = 0;
#if SM_CONF_SHM
/*
** Only the daemon updates the shared memory, i.e.,
** if shared memory is available but the pid is not the
** one of the daemon, then don't do anything.
*/
if (ShmId != SM_SHM_NO_ID && DaemonPid != CurrentPid)
return;
#endif /* SM_CONF_SHM */
now = curtime();
if (now < nextupdate)
return;
nextupdate = now + FILESYS_UPDATE_INTERVAL;
for (i = 0; i < NumFileSys; ++i)
{
FILESYS *fs = &FILE_SYS(i);
avail = freediskspace(FILE_SYS_NAME(i), &blksize);
if (avail < 0 || blksize <= 0)
{
if (LogLevel > 5)
sm_syslog(LOG_ERR, NOQID,
"filesys_update failed: %s, fs=%s, avail=%ld, blocksize=%ld",
sm_errstring(errno),
FILE_SYS_NAME(i), avail, blksize);
fs->fs_avail = 0;
fs->fs_blksize = 1024; /* avoid divide by zero */
nextupdate = now + 2; /* let's do this soon again */
}
else
{
fs->fs_avail = avail;
fs->fs_blksize = blksize;
}
}
}
#if _FFR_ANY_FREE_FS
/*
** FILESYS_FREE -- check whether there is at least one fs with enough space.
**
** Parameters:
** fsize -- file size in bytes
**
** Returns:
** true iff there is one fs with more than fsize bytes free.
*/
bool
filesys_free(fsize)
long fsize;
{
int i;
if (fsize <= 0)
return true;
for (i = 0; i < NumFileSys; ++i)
{
long needed = 0;
if (FILE_SYS_AVAIL(i) < 0 || FILE_SYS_BLKSIZE(i) <= 0)
continue;
needed += fsize / FILE_SYS_BLKSIZE(i)
+ ((fsize % FILE_SYS_BLKSIZE(i)
> 0) ? 1 : 0)
+ MinBlocksFree;
if (needed <= FILE_SYS_AVAIL(i))
return true;
}
return false;
}
#endif /* _FFR_ANY_FREE_FS */
/*
** DISK_STATUS -- show amount of free space in queue directories
**
** Parameters:
** out -- output file pointer.
** prefix -- string to output in front of each line.
**
** Returns:
** none.
*/
void
disk_status(out, prefix)
SM_FILE_T *out;
char *prefix;
{
int i;
long avail, blksize;
long free;
for (i = 0; i < NumFileSys; ++i)
{
avail = freediskspace(FILE_SYS_NAME(i), &blksize);
if (avail >= 0 && blksize > 0)
{
free = (long)((double) avail *
((double) blksize / 1024));
}
else
free = -1;
(void) sm_io_fprintf(out, SM_TIME_DEFAULT,
"%s%d/%s/%ld\r\n",
prefix, i,
FILE_SYS_NAME(i),
free);
}
}
#if SM_CONF_SHM
/*
** INIT_SEM -- initialize semaphore system
**
** Parameters:
** owner -- is this the owner of semaphores?
**
** Returns:
** none.
*/
-#if _FFR_USE_SEM_LOCKING
-#if SM_CONF_SEM
+#if _FFR_USE_SEM_LOCKING && SM_CONF_SEM
static int SemId = -1; /* Semaphore Id */
int SemKey = SM_SEM_KEY;
-#endif /* SM_CONF_SEM */
-#endif /* _FFR_USE_SEM_LOCKING */
+# define SEM_LOCK(r) \
+ do \
+ { \
+ if (SemId >= 0) \
+ r = sm_sem_acq(SemId, 0, 1); \
+ } while (0)
+# define SEM_UNLOCK(r) \
+ do \
+ { \
+ if (SemId >= 0 && r >= 0) \
+ r = sm_sem_rel(SemId, 0, 1); \
+ } while (0)
+#else /* _FFR_USE_SEM_LOCKING && SM_CONF_SEM */
+# define SEM_LOCK(r)
+# define SEM_UNLOCK(r)
+#endif /* _FFR_USE_SEM_LOCKING && SM_CONF_SEM */
static void init_sem __P((bool));
static void
init_sem(owner)
bool owner;
{
#if _FFR_USE_SEM_LOCKING
#if SM_CONF_SEM
SemId = sm_sem_start(SemKey, 1, 0, owner);
if (SemId < 0)
{
sm_syslog(LOG_ERR, NOQID,
"func=init_sem, sem_key=%ld, sm_sem_start=%d, error=%s",
(long) SemKey, SemId, sm_errstring(-SemId));
return;
}
if (owner && RunAsUid != 0)
{
int r;
r = sm_semsetowner(SemId, RunAsUid, RunAsGid, 0660);
if (r != 0)
sm_syslog(LOG_ERR, NOQID,
"key=%ld, sm_semsetowner=%d, RunAsUid=%ld, RunAsGid=%ld",
(long) SemKey, r, (long) RunAsUid, (long) RunAsGid);
}
#endif /* SM_CONF_SEM */
#endif /* _FFR_USE_SEM_LOCKING */
return;
}
/*
** STOP_SEM -- stop semaphore system
**
** Parameters:
** owner -- is this the owner of semaphores?
**
** Returns:
** none.
*/
static void stop_sem __P((bool));
static void
stop_sem(owner)
bool owner;
{
#if _FFR_USE_SEM_LOCKING
#if SM_CONF_SEM
if (owner && SemId >= 0)
sm_sem_stop(SemId);
-#endif /* SM_CONF_SEM */
+#endif
#endif /* _FFR_USE_SEM_LOCKING */
return;
}
+# if _FFR_OCC
+/*
+** Todo: call occ_close()
+** when closing a connection to decrease #open connections (and rate!)
+** (currently done as hack in deliver())
+** must also be done if connection couldn't be opened (see daemon.c: OCC_CLOSE)
+*/
+
+/*
+** OCC_EXCEEDED -- is an outgoing connection limit exceeded?
+**
+** Parameters:
+** e -- envelope
+** mci -- mail connection information
+** host -- name of host
+** addr -- address of host
+**
+** Returns:
+** true iff an outgoing connection limit is exceeded
+*/
+
+bool
+occ_exceeded(e, mci, host, addr)
+ ENVELOPE *e;
+ MCI *mci;
+ const char *host;
+ SOCKADDR *addr;
+{
+ time_t now;
+ bool exc;
+ int r, ratelimit, conclimit;
+ char *limit; /* allocated from e_rpool by rscheck(), no need to free() */
+
+/* if necessary, some error checking for a number could be done here */
+#define STR2INT(r, limit, val) \
+ do \
+ { \
+ if ((r) == EX_OK && (limit) != NULL) \
+ (val) = atoi((limit)); \
+ } while (0);
+
+ if (occ == NULL || e == NULL)
+ return false;
+ ratelimit = conclimit = 0;
+ limit = NULL;
+ r = rscheck("oc_rate", host, anynet_ntoa(addr), e, RSF_ADDR,
+ 12, NULL, NOQID, NULL, &limit);
+ STR2INT(r, limit, ratelimit);
+ limit = NULL;
+ r = rscheck("oc_conc", host, anynet_ntoa(addr), e, RSF_ADDR,
+ 12, NULL, NOQID, NULL, &limit);
+ STR2INT(r, limit, conclimit);
+ now = curtime();
+
+ /* lock occ: lock entire shared memory segment */
+ SEM_LOCK(r);
+ exc = (bool) conn_limits(e, now, addr, SM_CLFL_EXC, occ, ratelimit,
+ conclimit);
+ SEM_UNLOCK(r);
+ if (!exc && mci != NULL)
+ mci->mci_flags |= MCIF_OCC_INCR;
+ return exc;
+}
+
+/*
+** OCC_CLOSE -- "close" an outgoing connection: up connection status
+**
+** Parameters:
+** e -- envelope
+** mci -- mail connection information
+** host -- name of host
+** addr -- address of host
+**
+** Returns:
+** true after successful update
+*/
+
+bool
+occ_close(e, mci, host, addr)
+ ENVELOPE *e;
+ MCI *mci;
+ const char *host;
+ SOCKADDR *addr;
+{
+ time_t now;
+# if _FFR_USE_SEM_LOCKING && SM_CONF_SEM
+ int r;
+# endif
+
+ if (occ == NULL || e == NULL)
+ return false;
+ if (mci == NULL || mci->mci_state == MCIS_CLOSED ||
+ bitset(MCIF_CACHED, mci->mci_flags) ||
+ !bitset(MCIF_OCC_INCR, mci->mci_flags))
+ return false;
+ mci->mci_flags &= ~MCIF_OCC_INCR;
+
+ now = curtime();
+
+ /* lock occ: lock entire shared memory segment */
+ SEM_LOCK(r);
+ (void) conn_limits(e, now, addr, SM_CLFL_EXC, occ, -1, -1);
+ SEM_UNLOCK(r);
+ return true;
+}
+# endif /* _FFR_OCC */
+
/*
** UPD_QS -- update information about queue when adding/deleting an entry
**
** Parameters:
** e -- envelope.
** count -- add/remove entry (+1/0/-1: add/no change/remove)
** space -- update the space available as well.
** (>0/0/<0: add/no change/remove)
** where -- caller (for logging)
**
** Returns:
** none.
**
** Side Effects:
** Modifies available space in filesystem.
** Changes number of entries in queue directory.
*/
void
upd_qs(e, count, space, where)
ENVELOPE *e;
int count;
int space;
char *where;
{
short fidx;
int idx;
# if _FFR_USE_SEM_LOCKING
int r;
-# endif /* _FFR_USE_SEM_LOCKING */
+# endif
long s;
if (ShmId == SM_SHM_NO_ID || e == NULL)
return;
if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR)
return;
idx = Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_idx;
if (tTd(73,2))
sm_dprintf("func=upd_qs, count=%d, space=%d, where=%s, idx=%d, entries=%d\n",
count, space, where, idx, QSHM_ENTRIES(idx));
/* XXX in theory this needs to be protected with a mutex */
if (QSHM_ENTRIES(idx) >= 0 && count != 0)
{
-# if _FFR_USE_SEM_LOCKING
- if (SemId >= 0)
- r = sm_sem_acq(SemId, 0, 1);
-# endif /* _FFR_USE_SEM_LOCKING */
+ SEM_LOCK(r);
QSHM_ENTRIES(idx) += count;
-# if _FFR_USE_SEM_LOCKING
- if (SemId >= 0 && r >= 0)
- r = sm_sem_rel(SemId, 0, 1);
-# endif /* _FFR_USE_SEM_LOCKING */
+ SEM_UNLOCK(r);
}
fidx = Queue[e->e_qgrp]->qg_qpaths[e->e_qdir].qp_fsysidx;
if (fidx < 0)
return;
/* update available space also? (might be loseqfile) */
if (space == 0)
return;
/* convert size to blocks; this causes rounding errors */
s = e->e_msgsize / FILE_SYS_BLKSIZE(fidx);
if (s == 0)
return;
/* XXX in theory this needs to be protected with a mutex */
if (space > 0)
FILE_SYS_AVAIL(fidx) += s;
else
FILE_SYS_AVAIL(fidx) -= s;
}
static bool write_key_file __P((char *, long));
static long read_key_file __P((char *, long));
/*
** WRITE_KEY_FILE -- record some key into a file.
**
** Parameters:
** keypath -- file name.
** key -- key to write.
**
** Returns:
** true iff file could be written.
**
** Side Effects:
** writes file.
*/
static bool
write_key_file(keypath, key)
char *keypath;
long key;
{
bool ok;
long sff;
SM_FILE_T *keyf;
ok = false;
if (keypath == NULL || *keypath == '\0')
return ok;
sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
if (TrustedUid != 0 && RealUid == TrustedUid)
sff |= SFF_OPENASROOT;
keyf = safefopen(keypath, O_WRONLY|O_TRUNC, FileMode, sff);
if (keyf == NULL)
{
sm_syslog(LOG_ERR, NOQID, "unable to write %s: %s",
keypath, sm_errstring(errno));
}
else
{
if (geteuid() == 0 && RunAsUid != 0)
{
# if HASFCHOWN
int fd;
fd = keyf->f_file;
if (fd >= 0 && fchown(fd, RunAsUid, -1) < 0)
{
int err = errno;
sm_syslog(LOG_ALERT, NOQID,
"ownership change on %s to %ld failed: %s",
keypath, (long) RunAsUid, sm_errstring(err));
}
# endif /* HASFCHOWN */
}
ok = sm_io_fprintf(keyf, SM_TIME_DEFAULT, "%ld\n", key) !=
SM_IO_EOF;
ok = (sm_io_close(keyf, SM_TIME_DEFAULT) != SM_IO_EOF) && ok;
}
return ok;
}
/*
** READ_KEY_FILE -- read a key from a file.
**
** Parameters:
** keypath -- file name.
** key -- default key.
**
** Returns:
** key.
*/
static long
read_key_file(keypath, key)
char *keypath;
long key;
{
int r;
long sff, n;
SM_FILE_T *keyf;
if (keypath == NULL || *keypath == '\0')
return key;
sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY;
if (RealUid == 0 || (TrustedUid != 0 && RealUid == TrustedUid))
sff |= SFF_OPENASROOT;
keyf = safefopen(keypath, O_RDONLY, FileMode, sff);
if (keyf == NULL)
{
sm_syslog(LOG_ERR, NOQID, "unable to read %s: %s",
keypath, sm_errstring(errno));
}
else
{
r = sm_io_fscanf(keyf, SM_TIME_DEFAULT, "%ld", &n);
if (r == 1)
key = n;
(void) sm_io_close(keyf, SM_TIME_DEFAULT);
}
return key;
}
/*
** INIT_SHM -- initialize shared memory structure
**
** Initialize or attach to shared memory segment.
** Currently it is not a fatal error if this doesn't work.
** However, it causes us to have a "fallback" storage location
** for everything that is supposed to be in the shared memory,
** which makes the code slightly ugly.
**
** Parameters:
** qn -- number of queue directories.
** owner -- owner of shared memory.
** hash -- identifies data that is stored in shared memory.
**
** Returns:
** none.
*/
static void init_shm __P((int, bool, unsigned int));
static void
init_shm(qn, owner, hash)
int qn;
bool owner;
unsigned int hash;
{
int i;
int count;
int save_errno;
bool keyselect;
PtrFileSys = &FileSys[0];
PNumFileSys = &Numfilesys;
/* if this "key" is specified: select one yourself */
#define SEL_SHM_KEY ((key_t) -1)
#define FIRST_SHM_KEY 25
/* This allows us to disable shared memory at runtime. */
if (ShmKey == 0)
return;
count = 0;
shms = SM_T_SIZE + qn * sizeof(QUEUE_SHM_T);
keyselect = ShmKey == SEL_SHM_KEY;
if (keyselect)
{
if (owner)
ShmKey = FIRST_SHM_KEY;
else
{
errno = 0;
ShmKey = read_key_file(ShmKeyFile, ShmKey);
keyselect = false;
if (ShmKey == SEL_SHM_KEY)
{
save_errno = (errno != 0) ? errno : EINVAL;
goto error;
}
}
}
for (;;)
{
/* allow read/write access for group? */
Pshm = sm_shmstart(ShmKey, shms,
SHM_R|SHM_W|(SHM_R>>3)|(SHM_W>>3),
&ShmId, owner);
save_errno = errno;
if (Pshm != NULL || !sm_file_exists(save_errno))
break;
if (++count >= 3)
{
if (keyselect)
{
++ShmKey;
/* back where we started? */
if (ShmKey == SEL_SHM_KEY)
break;
continue;
}
break;
}
/* only sleep if we are at the first key */
if (!keyselect || ShmKey == SEL_SHM_KEY)
sleep(count);
}
if (Pshm != NULL)
{
int *p;
if (keyselect)
(void) write_key_file(ShmKeyFile, (long) ShmKey);
if (owner && RunAsUid != 0)
{
i = sm_shmsetowner(ShmId, RunAsUid, RunAsGid, 0660);
if (i != 0)
sm_syslog(LOG_ERR, NOQID,
"key=%ld, sm_shmsetowner=%d, RunAsUid=%ld, RunAsGid=%ld",
(long) ShmKey, i, (long) RunAsUid, (long) RunAsGid);
}
p = (int *) Pshm;
if (owner)
{
*p = (int) shms;
*((pid_t *) SHM_OFF_PID(Pshm)) = CurrentPid;
p = (int *) SHM_OFF_TAG(Pshm);
*p = hash;
}
else
{
if (*p != (int) shms)
{
save_errno = EINVAL;
cleanup_shm(false);
goto error;
}
p = (int *) SHM_OFF_TAG(Pshm);
if (*p != (int) hash)
{
save_errno = EINVAL;
cleanup_shm(false);
goto error;
}
/*
** XXX how to check the pid?
** Read it from the pid-file? That does
** not need to exist.
** We could disable shm if we can't confirm
** that it is the right one.
*/
}
PtrFileSys = (FILESYS *) OFF_FILE_SYS(Pshm);
PNumFileSys = (int *) OFF_NUM_FILE_SYS(Pshm);
QShm = (QUEUE_SHM_T *) OFF_QUEUE_SHM(Pshm);
PRSATmpCnt = (int *) OFF_RSA_TMP_CNT(Pshm);
*PRSATmpCnt = 0;
+# if _FFR_OCC
+ occ = (CHash_T *) OFF_OCC_SHM(Pshm);
+# endif
if (owner)
{
/* initialize values in shared memory */
NumFileSys = 0;
for (i = 0; i < qn; i++)
QShm[i].qs_entries = -1;
+# if _FFR_OCC
+ memset(occ, 0, OCC_SIZE);
+# endif
}
init_sem(owner);
return;
}
error:
if (LogLevel > (owner ? 8 : 11))
{
sm_syslog(owner ? LOG_ERR : LOG_NOTICE, NOQID,
"can't %s shared memory, key=%ld: %s",
owner ? "initialize" : "attach to",
(long) ShmKey, sm_errstring(save_errno));
}
}
#endif /* SM_CONF_SHM */
/*
** SETUP_QUEUES -- set up all queue groups
**
** Parameters:
** owner -- owner of shared memory?
**
** Returns:
** none.
**
#if SM_CONF_SHM
** Side Effects:
** attaches shared memory.
#endif * SM_CONF_SHM *
*/
void
setup_queues(owner)
bool owner;
{
int i, qn, len;
unsigned int hashval;
time_t now;
char basedir[MAXPATHLEN];
struct stat st;
/*
** Determine basedir for all queue directories.
** All queue directories must be (first level) subdirectories
** of the basedir. The basedir is the QueueDir
** without wildcards, but with trailing /
*/
hashval = 0;
errno = 0;
len = sm_strlcpy(basedir, QueueDir, sizeof(basedir));
/* Provide space for trailing '/' */
if (len >= sizeof(basedir) - 1)
{
syserr("QueueDirectory: path too long: %d, max %d",
len, (int) sizeof(basedir) - 1);
ExitStat = EX_CONFIG;
return;
}
SM_ASSERT(len > 0);
if (basedir[len - 1] == '*')
{
char *cp;
cp = SM_LAST_DIR_DELIM(basedir);
if (cp == NULL)
{
syserr("QueueDirectory: can not wildcard relative path \"%s\"",
QueueDir);
if (tTd(41, 2))
sm_dprintf("setup_queues: \"%s\": Can not wildcard relative path.\n",
QueueDir);
ExitStat = EX_CONFIG;
return;
}
/* cut off wildcard pattern */
*++cp = '\0';
len = cp - basedir;
}
else if (!SM_IS_DIR_DELIM(basedir[len - 1]))
{
/* append trailing slash since it is a directory */
basedir[len] = '/';
basedir[++len] = '\0';
}
/* len counts up to the last directory delimiter */
SM_ASSERT(basedir[len - 1] == '/');
if (chdir(basedir) < 0)
{
int save_errno = errno;
syserr("can not chdir(%s)", basedir);
if (save_errno == EACCES)
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"Program mode requires special privileges, e.g., root or TrustedUser.\n");
if (tTd(41, 2))
sm_dprintf("setup_queues: \"%s\": %s\n",
basedir, sm_errstring(errno));
ExitStat = EX_CONFIG;
return;
}
#if SM_CONF_SHM
hashval = hash_q(basedir, hashval);
-#endif /* SM_CONF_SHM */
+#endif
/* initialize for queue runs */
DoQueueRun = false;
now = curtime();
for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
Queue[i]->qg_nextrun = now;
if (UseMSP && OpMode != MD_TEST)
{
long sff = SFF_CREAT;
if (stat(".", &st) < 0)
{
syserr("can not stat(%s)", basedir);
if (tTd(41, 2))
sm_dprintf("setup_queues: \"%s\": %s\n",
basedir, sm_errstring(errno));
ExitStat = EX_CONFIG;
return;
}
if (RunAsUid == 0)
sff |= SFF_ROOTOK;
/*
** Check queue directory permissions.
** Can we write to a group writable queue directory?
*/
if (bitset(S_IWGRP, QueueFileMode) &&
bitset(S_IWGRP, st.st_mode) &&
safefile(" ", RunAsUid, RunAsGid, RunAsUserName, sff,
QueueFileMode, NULL) != 0)
{
syserr("can not write to queue directory %s (RunAsGid=%ld, required=%ld)",
basedir, (long) RunAsGid, (long) st.st_gid);
}
if (bitset(S_IWOTH|S_IXOTH, st.st_mode))
{
#if _FFR_MSP_PARANOIA
syserr("dangerous permissions=%o on queue directory %s",
(unsigned int) st.st_mode, basedir);
-#else /* _FFR_MSP_PARANOIA */
+#else
if (LogLevel > 0)
sm_syslog(LOG_ERR, NOQID,
"dangerous permissions=%o on queue directory %s",
(unsigned int) st.st_mode, basedir);
#endif /* _FFR_MSP_PARANOIA */
}
#if _FFR_MSP_PARANOIA
if (NumQueue > 1)
syserr("can not use multiple queues for MSP");
-#endif /* _FFR_MSP_PARANOIA */
+#endif
}
/* initial number of queue directories */
qn = 0;
for (i = 0; i < NumQueue && Queue[i] != NULL; i++)
qn = multiqueue_cache(basedir, len, Queue[i], qn, &hashval);
#if SM_CONF_SHM
init_shm(qn, owner, hashval);
i = filesys_setup(owner || ShmId == SM_SHM_NO_ID);
if (i == FSF_NOT_FOUND)
{
/*
** We didn't get the right filesystem data
** This may happen if we don't have the right shared memory.
** So let's do this without shared memory.
*/
SM_ASSERT(!owner);
cleanup_shm(false); /* release shared memory */
i = filesys_setup(false);
if (i < 0)
syserr("filesys_setup failed twice, result=%d", i);
else if (LogLevel > 8)
sm_syslog(LOG_WARNING, NOQID,
"shared memory does not contain expected data, ignored");
}
#else /* SM_CONF_SHM */
i = filesys_setup(true);
#endif /* SM_CONF_SHM */
if (i < 0)
ExitStat = EX_CONFIG;
}
#if SM_CONF_SHM
/*
** CLEANUP_SHM -- do some cleanup work for shared memory etc
**
** Parameters:
** owner -- owner of shared memory?
**
** Returns:
** none.
**
** Side Effects:
** detaches shared memory.
*/
void
cleanup_shm(owner)
bool owner;
{
if (ShmId != SM_SHM_NO_ID)
{
if (sm_shmstop(Pshm, ShmId, owner) < 0 && LogLevel > 8)
sm_syslog(LOG_INFO, NOQID, "sm_shmstop failed=%s",
sm_errstring(errno));
Pshm = NULL;
ShmId = SM_SHM_NO_ID;
}
stop_sem(owner);
}
#endif /* SM_CONF_SHM */
/*
** CLEANUP_QUEUES -- do some cleanup work for queues
**
** Parameters:
** none.
**
** Returns:
** none.
**
*/
void
cleanup_queues()
{
sync_queue_time();
}
/*
** SET_DEF_QUEUEVAL -- set default values for a queue group.
**
** Parameters:
** qg -- queue group
** all -- set all values (true for default group)?
**
** Returns:
** none.
**
** Side Effects:
** sets default values for the queue group.
*/
void
set_def_queueval(qg, all)
QUEUEGRP *qg;
bool all;
{
if (bitnset(QD_DEFINED, qg->qg_flags))
return;
if (all)
qg->qg_qdir = QueueDir;
#if _FFR_QUEUE_GROUP_SORTORDER
qg->qg_sortorder = QueueSortOrder;
-#endif /* _FFR_QUEUE_GROUP_SORTORDER */
+#endif
qg->qg_maxqrun = all ? MaxRunnersPerQueue : -1;
qg->qg_nice = NiceQueueRun;
}
/*
** MAKEQUEUE -- define a new queue.
**
** Parameters:
** line -- description of queue. This is in labeled fields.
** The fields are:
** F -- the flags associated with the queue
** I -- the interval between running the queue
** J -- the maximum # of jobs in work list
** [M -- the maximum # of jobs in a queue run]
** N -- the niceness at which to run
** P -- the path to the queue
** S -- the queue sorting order
** R -- number of parallel queue runners
** r -- max recipients per envelope
** The first word is the canonical name of the queue.
** qdef -- this is a 'Q' definition from .cf
**
** Returns:
** none.
**
** Side Effects:
** enters the queue into the queue table.
*/
void
makequeue(line, qdef)
char *line;
bool qdef;
{
register char *p;
register QUEUEGRP *qg;
register STAB *s;
int i;
char fcode;
/* allocate a queue and set up defaults */
qg = (QUEUEGRP *) xalloc(sizeof(*qg));
memset((char *) qg, '\0', sizeof(*qg));
if (line[0] == '\0')
{
syserr("name required for queue");
return;
}
/* collect the queue name */
for (p = line;
- *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p));
+ *p != '\0' && *p != ',' && !(SM_ISSPACE(*p));
p++)
continue;
if (*p != '\0')
*p++ = '\0';
qg->qg_name = newstr(line);
/* set default values, can be overridden below */
set_def_queueval(qg, false);
/* now scan through and assign info from the fields */
while (*p != '\0')
{
auto char *delimptr;
- while (*p != '\0' &&
- (*p == ',' || (isascii(*p) && isspace(*p))))
+ while (*p != '\0' && (*p == ',' || (SM_ISSPACE(*p))))
p++;
/* p now points to field code */
fcode = *p;
while (*p != '\0' && *p != '=' && *p != ',')
p++;
if (*p++ != '=')
{
syserr("queue %s: `=' expected", qg->qg_name);
return;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
/* p now points to the field body */
p = munchstring(p, &delimptr, ',');
/* install the field into the queue struct */
switch (fcode)
{
case 'P': /* pathname */
if (*p == '\0')
syserr("queue %s: empty path name",
qg->qg_name);
else
qg->qg_qdir = newstr(p);
break;
case 'F': /* flags */
for (; *p != '\0'; p++)
- if (!(isascii(*p) && isspace(*p)))
+ if (!(SM_ISSPACE(*p)))
setbitn(*p, qg->qg_flags);
break;
/*
** Do we need two intervals here:
** One for persistent queue runners,
** one for "normal" queue runs?
*/
case 'I': /* interval between running the queue */
qg->qg_queueintvl = convtime(p, 'm');
break;
case 'N': /* run niceness */
qg->qg_nice = atoi(p);
break;
case 'R': /* maximum # of runners for the group */
i = atoi(p);
/* can't have more runners than allowed total */
if (MaxQueueChildren > 0 && i > MaxQueueChildren)
{
qg->qg_maxqrun = MaxQueueChildren;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Q=%s: R=%d exceeds MaxQueueChildren=%d, set to MaxQueueChildren\n",
qg->qg_name, i,
MaxQueueChildren);
}
else
qg->qg_maxqrun = i;
break;
case 'J': /* maximum # of jobs in work list */
qg->qg_maxlist = atoi(p);
break;
case 'r': /* max recipients per envelope */
qg->qg_maxrcpt = atoi(p);
break;
#if _FFR_QUEUE_GROUP_SORTORDER
case 'S': /* queue sorting order */
switch (*p)
{
case 'h': /* Host first */
case 'H':
qg->qg_sortorder = QSO_BYHOST;
break;
case 'p': /* Priority order */
case 'P':
qg->qg_sortorder = QSO_BYPRIORITY;
break;
case 't': /* Submission time */
case 'T':
qg->qg_sortorder = QSO_BYTIME;
break;
case 'f': /* File name */
case 'F':
qg->qg_sortorder = QSO_BYFILENAME;
break;
case 'm': /* Modification time */
case 'M':
qg->qg_sortorder = QSO_BYMODTIME;
break;
case 'r': /* Random */
case 'R':
qg->qg_sortorder = QSO_RANDOM;
break;
# if _FFR_RHS
case 's': /* Shuffled host name */
case 'S':
qg->qg_sortorder = QSO_BYSHUFFLE;
break;
# endif /* _FFR_RHS */
case 'n': /* none */
case 'N':
qg->qg_sortorder = QSO_NONE;
break;
default:
syserr("Invalid queue sort order \"%s\"", p);
}
break;
#endif /* _FFR_QUEUE_GROUP_SORTORDER */
default:
syserr("Q%s: unknown queue equate %c=",
qg->qg_name, fcode);
break;
}
p = delimptr;
}
#if !HASNICE
if (qg->qg_nice != NiceQueueRun)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Q%s: Warning: N= set on system that doesn't support nice()\n",
qg->qg_name);
}
#endif /* !HASNICE */
/* do some rationality checking */
if (NumQueue >= MAXQUEUEGROUPS)
{
syserr("too many queue groups defined (%d max)",
MAXQUEUEGROUPS);
return;
}
if (qg->qg_qdir == NULL)
{
if (QueueDir == NULL || *QueueDir == '\0')
{
syserr("QueueDir must be defined before queue groups");
return;
}
qg->qg_qdir = newstr(QueueDir);
}
if (qg->qg_maxqrun > 1 && !bitnset(QD_FORK, qg->qg_flags))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Q=%s: R=%d: multiple queue runners specified\n\tbut flag '%c' is not set\n",
qg->qg_name, qg->qg_maxqrun, QD_FORK);
}
/* enter the queue into the symbol table */
if (tTd(37, 8))
sm_syslog(LOG_INFO, NOQID,
"Adding %s to stab, path: %s", qg->qg_name,
qg->qg_qdir);
s = stab(qg->qg_name, ST_QUEUE, ST_ENTER);
if (s->s_quegrp != NULL)
{
i = s->s_quegrp->qg_index;
/* XXX what about the pointers inside this struct? */
sm_free(s->s_quegrp); /* XXX */
}
else
i = NumQueue++;
Queue[i] = s->s_quegrp = qg;
qg->qg_index = i;
/* set default value for max queue runners */
if (qg->qg_maxqrun < 0)
{
if (MaxRunnersPerQueue > 0)
qg->qg_maxqrun = MaxRunnersPerQueue;
else
qg->qg_maxqrun = 1;
}
if (qdef)
setbitn(QD_DEFINED, qg->qg_flags);
}
#if 0
/*
** HASHFQN -- calculate a hash value for a fully qualified host name
**
** Arguments:
** fqn -- an all lower-case host.domain string
** buckets -- the number of buckets (queue directories)
**
** Returns:
** a bucket number (signed integer)
** -1 on error
**
** Contributed by Exactis.com, Inc.
*/
int
hashfqn(fqn, buckets)
register char *fqn;
int buckets;
{
register char *p;
register int h = 0, hash, cnt;
if (fqn == NULL)
return -1;
/*
** A variation on the gdb hash
** This is the best as of Feb 19, 1996 --bcx
*/
p = fqn;
h = 0x238F13AF * strlen(p);
for (cnt = 0; *p != 0; ++p, cnt++)
{
h = (h + (*p << (cnt * 5 % 24))) & 0x7FFFFFFF;
}
h = (1103515243 * h + 12345) & 0x7FFFFFFF;
if (buckets < 2)
hash = 0;
else
hash = (h % buckets);
return hash;
}
#endif /* 0 */
/*
** A structure for sorting Queue according to maxqrun without
** screwing up Queue itself.
*/
struct sortqgrp
{
int sg_idx; /* original index */
int sg_maxqrun; /* max queue runners */
};
typedef struct sortqgrp SORTQGRP_T;
static int cmpidx __P((const void *, const void *));
static int
cmpidx(a, b)
const void *a;
const void *b;
{
/* The sort is highest to lowest, so the comparison is reversed */
if (((SORTQGRP_T *)a)->sg_maxqrun < ((SORTQGRP_T *)b)->sg_maxqrun)
return 1;
else if (((SORTQGRP_T *)a)->sg_maxqrun > ((SORTQGRP_T *)b)->sg_maxqrun)
return -1;
else
return 0;
}
/*
** MAKEWORKGROUPS -- balance queue groups into work groups per MaxQueueChildren
**
** Take the now defined queue groups and assign them to work groups.
** This is done to balance out the number of concurrently active
** queue runners such that MaxQueueChildren is not exceeded. This may
** result in more than one queue group per work group. In such a case
** the number of running queue groups in that work group will have no
** more than the work group maximum number of runners (a "fair" portion
** of MaxQueueRunners). All queue groups within a work group will get a
** chance at running.
**
** Parameters:
** none.
**
** Returns:
** nothing.
**
** Side Effects:
** Sets up WorkGrp structure.
*/
void
makeworkgroups()
{
int i, j, total_runners, dir, h;
SORTQGRP_T si[MAXQUEUEGROUPS + 1];
total_runners = 0;
if (NumQueue == 1 && strcmp(Queue[0]->qg_name, "mqueue") == 0)
{
/*
** There is only the "mqueue" queue group (a default)
** containing all of the queues. We want to provide to
** this queue group the maximum allowable queue runners.
** To match older behavior (8.10/8.11) we'll try for
** 1 runner per queue capping it at MaxQueueChildren.
** So if there are N queues, then there will be N runners
** for the "mqueue" queue group (where N is kept less than
** MaxQueueChildren).
*/
NumWorkGroups = 1;
WorkGrp[0].wg_numqgrp = 1;
WorkGrp[0].wg_qgs = (QUEUEGRP **) xalloc(sizeof(QUEUEGRP *));
WorkGrp[0].wg_qgs[0] = Queue[0];
if (MaxQueueChildren > 0 &&
Queue[0]->qg_numqueues > MaxQueueChildren)
WorkGrp[0].wg_runners = MaxQueueChildren;
else
WorkGrp[0].wg_runners = Queue[0]->qg_numqueues;
Queue[0]->qg_wgrp = 0;
/* can't have more runners than allowed total */
if (MaxQueueChildren > 0 &&
Queue[0]->qg_maxqrun > MaxQueueChildren)
Queue[0]->qg_maxqrun = MaxQueueChildren;
WorkGrp[0].wg_maxact = Queue[0]->qg_maxqrun;
WorkGrp[0].wg_lowqintvl = Queue[0]->qg_queueintvl;
return;
}
for (i = 0; i < NumQueue; i++)
{
si[i].sg_maxqrun = Queue[i]->qg_maxqrun;
si[i].sg_idx = i;
+
+ /* Hack to make sure BounceQueue ends up last */
+ if (IS_BOUNCE_QUEUE(i))
+ si[i].sg_maxqrun = INT_MIN;
}
qsort(si, NumQueue, sizeof(si[0]), cmpidx);
NumWorkGroups = 0;
for (i = 0; i < NumQueue; i++)
{
- SKIP_BOUNCE_QUEUE
+ SKIP_BOUNCE_QUEUE(i)
total_runners += si[i].sg_maxqrun;
if (MaxQueueChildren <= 0 || total_runners <= MaxQueueChildren)
NumWorkGroups++;
else
break;
}
if (NumWorkGroups < 1)
NumWorkGroups = 1; /* gotta have one at least */
else if (NumWorkGroups > MAXWORKGROUPS)
NumWorkGroups = MAXWORKGROUPS; /* the limit */
/*
** We now know the number of work groups to pack the queue groups
** into. The queue groups in 'Queue' are sorted from highest
** to lowest for the number of runners per queue group.
** We put the queue groups with the largest number of runners
** into work groups first. Then the smaller ones are fitted in
** where it looks best.
*/
j = 0;
dir = 1;
for (i = 0; i < NumQueue; i++)
{
- SKIP_BOUNCE_QUEUE
+ h = si[i].sg_idx;
+ if (tTd(41, 49))
+ sm_dprintf("sortqg: i=%d, j=%d, h=%d, skip=%d\n",
+ i, j, h, IS_BOUNCE_QUEUE(h));
+ SKIP_BOUNCE_QUEUE(h);
/* a to-and-fro packing scheme, continue from last position */
if (j >= NumWorkGroups)
{
dir = -1;
j = NumWorkGroups - 1;
}
else if (j < 0)
{
j = 0;
dir = 1;
}
if (WorkGrp[j].wg_qgs == NULL)
WorkGrp[j].wg_qgs = (QUEUEGRP **)sm_malloc(sizeof(QUEUEGRP *) *
(WorkGrp[j].wg_numqgrp + 1));
else
WorkGrp[j].wg_qgs = (QUEUEGRP **)sm_realloc(WorkGrp[j].wg_qgs,
sizeof(QUEUEGRP *) *
(WorkGrp[j].wg_numqgrp + 1));
if (WorkGrp[j].wg_qgs == NULL)
{
syserr("!cannot allocate memory for work queues, need %d bytes",
(int) (sizeof(QUEUEGRP *) *
(WorkGrp[j].wg_numqgrp + 1)));
}
- h = si[i].sg_idx;
WorkGrp[j].wg_qgs[WorkGrp[j].wg_numqgrp] = Queue[h];
WorkGrp[j].wg_numqgrp++;
WorkGrp[j].wg_runners += Queue[h]->qg_maxqrun;
Queue[h]->qg_wgrp = j;
if (WorkGrp[j].wg_maxact == 0)
{
/* can't have more runners than allowed total */
if (MaxQueueChildren > 0 &&
Queue[h]->qg_maxqrun > MaxQueueChildren)
Queue[h]->qg_maxqrun = MaxQueueChildren;
WorkGrp[j].wg_maxact = Queue[h]->qg_maxqrun;
}
/*
** XXX: must wg_lowqintvl be the GCD?
** qg1: 2m, qg2: 3m, minimum: 2m, when do queue runs for
** qg2 occur?
*/
/* keep track of the lowest interval for a persistent runner */
if (Queue[h]->qg_queueintvl > 0 &&
WorkGrp[j].wg_lowqintvl < Queue[h]->qg_queueintvl)
WorkGrp[j].wg_lowqintvl = Queue[h]->qg_queueintvl;
j += dir;
}
if (tTd(41, 9))
{
for (i = 0; i < NumWorkGroups; i++)
{
sm_dprintf("Workgroup[%d]=", i);
for (j = 0; j < WorkGrp[i].wg_numqgrp; j++)
{
sm_dprintf("%s, ",
WorkGrp[i].wg_qgs[j]->qg_name);
}
+ if (tTd(41, 12))
+ sm_dprintf("lowqintvl=%d",
+ (int) WorkGrp[i].wg_lowqintvl);
sm_dprintf("\n");
}
}
}
/*
** DUP_DF -- duplicate envelope data file
**
** Copy the data file from the 'old' envelope to the 'new' envelope
** in the most efficient way possible.
**
** Create a hard link from the 'old' data file to the 'new' data file.
** If the old and new queue directories are on different file systems,
** then the new data file link is created in the old queue directory,
** and the new queue file will contain a 'd' record pointing to the
** directory containing the new data file.
**
** Parameters:
** old -- old envelope.
** new -- new envelope.
**
** Results:
** Returns true on success, false on failure.
**
** Side Effects:
** On success, the new data file is created.
** On fatal failure, EF_FATALERRS is set in old->e_flags.
*/
static bool dup_df __P((ENVELOPE *, ENVELOPE *));
static bool
dup_df(old, new)
ENVELOPE *old;
ENVELOPE *new;
{
int ofs, nfs, r;
char opath[MAXPATHLEN];
char npath[MAXPATHLEN];
if (!bitset(EF_HAS_DF, old->e_flags))
{
/*
** this can happen if: SuperSafe != True
** and a bounce mail is sent that is split.
*/
queueup(old, false, true);
}
SM_REQUIRE(ISVALIDQGRP(old->e_qgrp) && ISVALIDQDIR(old->e_qdir));
SM_REQUIRE(ISVALIDQGRP(new->e_qgrp) && ISVALIDQDIR(new->e_qdir));
(void) sm_strlcpy(opath, queuename(old, DATAFL_LETTER), sizeof(opath));
(void) sm_strlcpy(npath, queuename(new, DATAFL_LETTER), sizeof(npath));
if (old->e_dfp != NULL)
{
r = sm_io_setinfo(old->e_dfp, SM_BF_COMMIT, NULL);
if (r < 0 && errno != EINVAL)
{
syserr("@can't commit %s", opath);
old->e_flags |= EF_FATALERRS;
return false;
}
}
/*
** Attempt to create a hard link, if we think both old and new
** are on the same file system, otherwise copy the file.
**
** Don't waste time attempting a hard link unless old and new
** are on the same file system.
*/
SM_REQUIRE(ISVALIDQGRP(old->e_dfqgrp) && ISVALIDQDIR(old->e_dfqdir));
SM_REQUIRE(ISVALIDQGRP(new->e_dfqgrp) && ISVALIDQDIR(new->e_dfqdir));
ofs = Queue[old->e_dfqgrp]->qg_qpaths[old->e_dfqdir].qp_fsysidx;
nfs = Queue[new->e_dfqgrp]->qg_qpaths[new->e_dfqdir].qp_fsysidx;
if (FILE_SYS_DEV(ofs) == FILE_SYS_DEV(nfs))
{
if (link(opath, npath) == 0)
{
new->e_flags |= EF_HAS_DF;
SYNC_DIR(npath, true);
return true;
}
goto error;
}
/*
** Can't link across queue directories, so try to create a hard
** link in the same queue directory as the old df file.
** The qf file will refer to the new df file using a 'd' record.
*/
new->e_dfqgrp = old->e_dfqgrp;
new->e_dfqdir = old->e_dfqdir;
(void) sm_strlcpy(npath, queuename(new, DATAFL_LETTER), sizeof(npath));
if (link(opath, npath) == 0)
{
new->e_flags |= EF_HAS_DF;
SYNC_DIR(npath, true);
return true;
}
error:
if (LogLevel > 0)
sm_syslog(LOG_ERR, old->e_id,
"dup_df: can't link %s to %s, error=%s, envelope splitting failed",
opath, npath, sm_errstring(errno));
return false;
}
/*
** SPLIT_ENV -- Allocate a new envelope based on a given envelope.
**
** Parameters:
** e -- envelope.
** sendqueue -- sendqueue for new envelope.
** qgrp -- index of queue group.
** qdir -- queue directory.
**
** Results:
** new envelope.
**
*/
static ENVELOPE *split_env __P((ENVELOPE *, ADDRESS *, int, int));
static ENVELOPE *
split_env(e, sendqueue, qgrp, qdir)
ENVELOPE *e;
ADDRESS *sendqueue;
int qgrp;
int qdir;
{
ENVELOPE *ee;
ee = (ENVELOPE *) sm_rpool_malloc_x(e->e_rpool, sizeof(*ee));
STRUCTCOPY(*e, *ee);
ee->e_message = NULL; /* XXX use original message? */
ee->e_id = NULL;
assign_queueid(ee);
ee->e_sendqueue = sendqueue;
ee->e_flags &= ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS
|EF_SENDRECEIPT|EF_RET_PARAM|EF_HAS_DF);
ee->e_flags |= EF_NORECEIPT; /* XXX really? */
ee->e_from.q_state = QS_SENDER;
ee->e_dfp = NULL;
ee->e_lockfp = NULL;
if (e->e_xfp != NULL)
ee->e_xfp = sm_io_dup(e->e_xfp);
/* failed to dup e->e_xfp, start a new transcript */
if (ee->e_xfp == NULL)
openxscript(ee);
ee->e_qgrp = ee->e_dfqgrp = qgrp;
ee->e_qdir = ee->e_dfqdir = qdir;
ee->e_errormode = EM_MAIL;
ee->e_statmsg = NULL;
if (e->e_quarmsg != NULL)
ee->e_quarmsg = sm_rpool_strdup_x(ee->e_rpool,
e->e_quarmsg);
/*
** XXX Not sure if this copying is necessary.
** sendall() does this copying, but I (dm) don't know if that is
** because of the storage management discipline we were using
** before rpools were introduced, or if it is because these lists
** can be modified later.
*/
ee->e_header = copyheader(e->e_header, ee->e_rpool);
ee->e_errorqueue = copyqueue(e->e_errorqueue, ee->e_rpool);
return ee;
}
/* return values from split functions, check also below! */
#define SM_SPLIT_FAIL (0)
#define SM_SPLIT_NONE (1)
#define SM_SPLIT_NEW(n) (1 + (n))
/*
** SPLIT_ACROSS_QUEUE_GROUPS
**
** This function splits an envelope across multiple queue groups
** based on the queue group of each recipient.
**
** Parameters:
** e -- envelope.
**
** Results:
** SM_SPLIT_FAIL on failure
** SM_SPLIT_NONE if no splitting occurred,
** or 1 + the number of additional envelopes created.
**
** Side Effects:
** On success, e->e_sibling points to a list of zero or more
** additional envelopes, and the associated data files exist
** on disk. But the queue files are not created.
**
** On failure, e->e_sibling is not changed.
** The order of recipients in e->e_sendqueue is permuted.
** Abandoned data files for additional envelopes that failed
** to be created may exist on disk.
*/
static int q_qgrp_compare __P((const void *, const void *));
static int e_filesys_compare __P((const void *, const void *));
static int
q_qgrp_compare(p1, p2)
const void *p1;
const void *p2;
{
ADDRESS **pq1 = (ADDRESS **) p1;
ADDRESS **pq2 = (ADDRESS **) p2;
return (*pq1)->q_qgrp - (*pq2)->q_qgrp;
}
static int
e_filesys_compare(p1, p2)
const void *p1;
const void *p2;
{
ENVELOPE **pe1 = (ENVELOPE **) p1;
ENVELOPE **pe2 = (ENVELOPE **) p2;
int fs1, fs2;
fs1 = Queue[(*pe1)->e_qgrp]->qg_qpaths[(*pe1)->e_qdir].qp_fsysidx;
fs2 = Queue[(*pe2)->e_qgrp]->qg_qpaths[(*pe2)->e_qdir].qp_fsysidx;
if (FILE_SYS_DEV(fs1) < FILE_SYS_DEV(fs2))
return -1;
if (FILE_SYS_DEV(fs1) > FILE_SYS_DEV(fs2))
return 1;
return 0;
}
static int split_across_queue_groups __P((ENVELOPE *));
static int
split_across_queue_groups(e)
ENVELOPE *e;
{
int naddrs, nsplits, i;
bool changed;
char **pvp;
ADDRESS *q, **addrs;
ENVELOPE *ee, *es;
ENVELOPE *splits[MAXQUEUEGROUPS];
char pvpbuf[PSBUFSIZE];
SM_REQUIRE(ISVALIDQGRP(e->e_qgrp));
/* Count addresses and assign queue groups. */
naddrs = 0;
changed = false;
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_DEAD(q->q_state))
continue;
++naddrs;
/* bad addresses and those already sent stay put */
if (QS_IS_BADADDR(q->q_state) ||
QS_IS_SENT(q->q_state))
q->q_qgrp = e->e_qgrp;
else if (!ISVALIDQGRP(q->q_qgrp))
{
/* call ruleset which should return a queue group */
i = rscap(RS_QUEUEGROUP, q->q_user, NULL, e, &pvp,
pvpbuf, sizeof(pvpbuf));
if (i == EX_OK &&
pvp != NULL && pvp[0] != NULL &&
(pvp[0][0] & 0377) == CANONNET &&
pvp[1] != NULL && pvp[1][0] != '\0')
{
i = name2qid(pvp[1]);
if (ISVALIDQGRP(i))
{
q->q_qgrp = i;
changed = true;
if (tTd(20, 4))
sm_syslog(LOG_INFO, NOQID,
"queue group name %s -> %d",
pvp[1], i);
continue;
}
else if (LogLevel > 10)
sm_syslog(LOG_INFO, NOQID,
"can't find queue group name %s, selection ignored",
pvp[1]);
}
if (q->q_mailer != NULL &&
ISVALIDQGRP(q->q_mailer->m_qgrp))
{
changed = true;
q->q_qgrp = q->q_mailer->m_qgrp;
}
else if (ISVALIDQGRP(e->e_qgrp))
q->q_qgrp = e->e_qgrp;
else
q->q_qgrp = 0;
}
}
/* only one address? nothing to split. */
if (naddrs <= 1 && !changed)
return SM_SPLIT_NONE;
/* sort the addresses by queue group */
addrs = sm_rpool_malloc_x(e->e_rpool, naddrs * sizeof(ADDRESS *));
for (i = 0, q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_DEAD(q->q_state))
continue;
addrs[i++] = q;
}
qsort(addrs, naddrs, sizeof(ADDRESS *), q_qgrp_compare);
/* split into multiple envelopes, by queue group */
nsplits = 0;
es = NULL;
e->e_sendqueue = NULL;
for (i = 0; i < naddrs; ++i)
{
if (i == naddrs - 1 || addrs[i]->q_qgrp != addrs[i + 1]->q_qgrp)
addrs[i]->q_next = NULL;
else
addrs[i]->q_next = addrs[i + 1];
/* same queue group as original envelope? */
if (addrs[i]->q_qgrp == e->e_qgrp)
{
if (e->e_sendqueue == NULL)
e->e_sendqueue = addrs[i];
continue;
}
/* different queue group than original envelope */
if (es == NULL || addrs[i]->q_qgrp != es->e_qgrp)
{
ee = split_env(e, addrs[i], addrs[i]->q_qgrp, NOQDIR);
es = ee;
splits[nsplits++] = ee;
}
}
/* no splits? return right now. */
if (nsplits <= 0)
return SM_SPLIT_NONE;
/* assign a queue directory to each additional envelope */
for (i = 0; i < nsplits; ++i)
{
es = splits[i];
#if 0
es->e_qdir = pickqdir(Queue[es->e_qgrp], es->e_msgsize, es);
-#endif /* 0 */
+#endif
if (!setnewqueue(es))
goto failure;
}
/* sort the additional envelopes by queue file system */
qsort(splits, nsplits, sizeof(ENVELOPE *), e_filesys_compare);
/* create data files for each additional envelope */
if (!dup_df(e, splits[0]))
{
i = 0;
goto failure;
}
for (i = 1; i < nsplits; ++i)
{
/* copy or link to the previous data file */
if (!dup_df(splits[i - 1], splits[i]))
goto failure;
}
/* success: prepend the new envelopes to the e->e_sibling list */
for (i = 0; i < nsplits; ++i)
{
es = splits[i];
es->e_sibling = e->e_sibling;
e->e_sibling = es;
}
return SM_SPLIT_NEW(nsplits);
/* failure: clean up */
failure:
if (i > 0)
{
int j;
for (j = 0; j < i; j++)
(void) unlink(queuename(splits[j], DATAFL_LETTER));
}
e->e_sendqueue = addrs[0];
for (i = 0; i < naddrs - 1; ++i)
addrs[i]->q_next = addrs[i + 1];
addrs[naddrs - 1]->q_next = NULL;
return SM_SPLIT_FAIL;
}
/*
** SPLIT_WITHIN_QUEUE
**
** Split an envelope with multiple recipients into several
** envelopes within the same queue directory, if the number of
** recipients exceeds the limit for the queue group.
**
** Parameters:
** e -- envelope.
**
** Results:
** SM_SPLIT_FAIL on failure
** SM_SPLIT_NONE if no splitting occurred,
** or 1 + the number of additional envelopes created.
*/
#define SPLIT_LOG_LEVEL 8
static int split_within_queue __P((ENVELOPE *));
static int
split_within_queue(e)
ENVELOPE *e;
{
int maxrcpt, nrcpt, ndead, nsplit, i;
int j, l;
char *lsplits;
ADDRESS *q, **addrs;
ENVELOPE *ee, *firstsibling;
if (!ISVALIDQGRP(e->e_qgrp) || bitset(EF_SPLIT, e->e_flags))
return SM_SPLIT_NONE;
/* don't bother if there is no recipient limit */
maxrcpt = Queue[e->e_qgrp]->qg_maxrcpt;
if (maxrcpt <= 0)
return SM_SPLIT_NONE;
/* count recipients */
nrcpt = 0;
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_DEAD(q->q_state))
continue;
++nrcpt;
}
if (nrcpt <= maxrcpt)
return SM_SPLIT_NONE;
/*
** Preserve the recipient list
** so that we can restore it in case of error.
** (But we discard dead addresses.)
*/
addrs = sm_rpool_malloc_x(e->e_rpool, nrcpt * sizeof(ADDRESS *));
for (i = 0, q = e->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_DEAD(q->q_state))
continue;
addrs[i++] = q;
}
/*
** Partition the recipient list so that bad and sent addresses
** come first. These will go with the original envelope, and
** do not count towards the maxrcpt limit.
** addrs[] does not contain QS_IS_DEAD() addresses.
*/
ndead = 0;
for (i = 0; i < nrcpt; ++i)
{
if (QS_IS_BADADDR(addrs[i]->q_state) ||
QS_IS_SENT(addrs[i]->q_state) ||
QS_IS_DEAD(addrs[i]->q_state)) /* for paranoia's sake */
{
if (i > ndead)
{
ADDRESS *tmp = addrs[i];
addrs[i] = addrs[ndead];
addrs[ndead] = tmp;
}
++ndead;
}
}
/* Check if no splitting required. */
if (nrcpt - ndead <= maxrcpt)
return SM_SPLIT_NONE;
/* fix links */
for (i = 0; i < nrcpt - 1; ++i)
addrs[i]->q_next = addrs[i + 1];
addrs[nrcpt - 1]->q_next = NULL;
e->e_sendqueue = addrs[0];
/* prepare buffer for logging */
if (LogLevel > SPLIT_LOG_LEVEL)
{
l = MAXLINE;
lsplits = sm_malloc(l);
if (lsplits != NULL)
*lsplits = '\0';
j = 0;
}
else
{
/* get rid of stupid compiler warnings */
lsplits = NULL;
j = l = 0;
}
/* split the envelope */
firstsibling = e->e_sibling;
i = maxrcpt + ndead;
nsplit = 0;
for (;;)
{
addrs[i - 1]->q_next = NULL;
ee = split_env(e, addrs[i], e->e_qgrp, e->e_qdir);
if (!dup_df(e, ee))
{
ee = firstsibling;
while (ee != NULL)
{
(void) unlink(queuename(ee, DATAFL_LETTER));
ee = ee->e_sibling;
}
/* Error. Restore e's sibling & recipient lists. */
e->e_sibling = firstsibling;
for (i = 0; i < nrcpt - 1; ++i)
addrs[i]->q_next = addrs[i + 1];
if (lsplits != NULL)
sm_free(lsplits);
return SM_SPLIT_FAIL;
}
/* prepend the new envelope to e->e_sibling */
ee->e_sibling = e->e_sibling;
e->e_sibling = ee;
++nsplit;
if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
{
if (j >= l - strlen(ee->e_id) - 3)
{
char *p;
l += MAXLINE;
p = sm_realloc(lsplits, l);
if (p == NULL)
{
/* let's try to get this done */
sm_free(lsplits);
lsplits = NULL;
}
else
lsplits = p;
}
if (lsplits != NULL)
{
if (j == 0)
j += sm_strlcat(lsplits + j,
ee->e_id,
l - j);
else
j += sm_strlcat2(lsplits + j,
"; ",
ee->e_id,
l - j);
SM_ASSERT(j < l);
}
}
if (nrcpt - i <= maxrcpt)
break;
i += maxrcpt;
}
if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
{
if (nsplit > 0)
{
sm_syslog(LOG_NOTICE, e->e_id,
"split: maxrcpts=%d, rcpts=%d, count=%d, id%s=%s",
maxrcpt, nrcpt - ndead, nsplit,
nsplit > 1 ? "s" : "", lsplits);
}
sm_free(lsplits);
}
return SM_SPLIT_NEW(nsplit);
}
/*
** SPLIT_BY_RECIPIENT
**
** Split an envelope with multiple recipients into multiple
** envelopes as required by the sendmail configuration.
**
** Parameters:
** e -- envelope.
**
** Results:
** Returns true on success, false on failure.
**
** Side Effects:
** see split_across_queue_groups(), split_within_queue(e)
*/
bool
split_by_recipient(e)
ENVELOPE *e;
{
int split, n, i, j, l;
char *lsplits;
ENVELOPE *ee, *next, *firstsibling;
if (OpMode == SM_VERIFY || !ISVALIDQGRP(e->e_qgrp) ||
bitset(EF_SPLIT, e->e_flags))
return true;
n = split_across_queue_groups(e);
if (n == SM_SPLIT_FAIL)
return false;
firstsibling = ee = e->e_sibling;
if (n > 1 && LogLevel > SPLIT_LOG_LEVEL)
{
l = MAXLINE;
lsplits = sm_malloc(l);
if (lsplits != NULL)
*lsplits = '\0';
j = 0;
}
else
{
/* get rid of stupid compiler warnings */
lsplits = NULL;
j = l = 0;
}
for (i = 1; i < n; ++i)
{
next = ee->e_sibling;
if (split_within_queue(ee) == SM_SPLIT_FAIL)
{
e->e_sibling = firstsibling;
+ SM_FREE(lsplits);
return false;
}
ee->e_flags |= EF_SPLIT;
if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
{
if (j >= l - strlen(ee->e_id) - 3)
{
char *p;
l += MAXLINE;
p = sm_realloc(lsplits, l);
if (p == NULL)
{
/* let's try to get this done */
- sm_free(lsplits);
- lsplits = NULL;
+ SM_FREE(lsplits);
}
else
lsplits = p;
}
if (lsplits != NULL)
{
if (j == 0)
j += sm_strlcat(lsplits + j,
ee->e_id, l - j);
else
j += sm_strlcat2(lsplits + j, "; ",
ee->e_id, l - j);
SM_ASSERT(j < l);
}
}
ee = next;
}
if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL && n > 1)
{
sm_syslog(LOG_NOTICE, e->e_id, "split: count=%d, id%s=%s",
n - 1, n > 2 ? "s" : "", lsplits);
- sm_free(lsplits);
+ SM_FREE(lsplits);
}
split = split_within_queue(e) != SM_SPLIT_FAIL;
if (split)
e->e_flags |= EF_SPLIT;
return split;
}
/*
** QUARANTINE_QUEUE_ITEM -- {un,}quarantine a single envelope
**
** Add/remove quarantine reason and requeue appropriately.
**
** Parameters:
** qgrp -- queue group for the item
** qdir -- queue directory in the given queue group
** e -- envelope information for the item
** reason -- quarantine reason, NULL means unquarantine.
**
** Results:
** true if item changed, false otherwise
**
** Side Effects:
** Changes quarantine tag in queue file and renames it.
*/
static bool
quarantine_queue_item(qgrp, qdir, e, reason)
int qgrp;
int qdir;
ENVELOPE *e;
char *reason;
{
bool dirty = false;
bool failing = false;
bool foundq = false;
bool finished = false;
int fd;
int flags;
int oldtype;
int newtype;
int save_errno;
MODE_T oldumask = 0;
SM_FILE_T *oldqfp, *tempqfp;
char *bp;
int bufsize;
char oldqf[MAXPATHLEN];
char tempqf[MAXPATHLEN];
char newqf[MAXPATHLEN];
char buf[MAXLINE];
oldtype = queue_letter(e, ANYQFL_LETTER);
(void) sm_strlcpy(oldqf, queuename(e, ANYQFL_LETTER), sizeof(oldqf));
(void) sm_strlcpy(tempqf, queuename(e, NEWQFL_LETTER), sizeof(tempqf));
/*
** Instead of duplicating all the open
** and lock code here, tell readqf() to
** do that work and return the open
** file pointer in e_lockfp. Note that
** we must release the locks properly when
** we are done.
*/
if (!readqf(e, true))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Skipping %s\n", qid_printname(e));
return false;
}
oldqfp = e->e_lockfp;
/* open the new queue file */
flags = O_CREAT|O_WRONLY|O_EXCL;
if (bitset(S_IWGRP, QueueFileMode))
oldumask = umask(002);
fd = open(tempqf, flags, QueueFileMode);
if (bitset(S_IWGRP, QueueFileMode))
(void) umask(oldumask);
RELEASE_QUEUE;
if (fd < 0)
{
save_errno = errno;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Skipping %s: Could not open %s: %s\n",
qid_printname(e), tempqf,
sm_errstring(save_errno));
(void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
return false;
}
if (!lockfile(fd, tempqf, NULL, LOCK_EX|LOCK_NB))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Skipping %s: Could not lock %s\n",
qid_printname(e), tempqf);
(void) close(fd);
(void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
return false;
}
tempqfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT, (void *) &fd,
SM_IO_WRONLY_B, NULL);
if (tempqfp == NULL)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Skipping %s: Could not lock %s\n",
qid_printname(e), tempqf);
(void) close(fd);
(void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
return false;
}
/* Copy the data over, changing the quarantine reason */
while (bufsize = sizeof(buf),
(bp = fgetfolded(buf, &bufsize, oldqfp)) != NULL)
{
if (tTd(40, 4))
sm_dprintf("+++++ %s\n", bp);
switch (bp[0])
{
case 'q': /* quarantine reason */
foundq = true;
if (reason == NULL)
{
if (Verbose)
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"%s: Removed quarantine of \"%s\"\n",
e->e_id, &bp[1]);
}
sm_syslog(LOG_INFO, e->e_id, "unquarantine");
dirty = true;
}
else if (strcmp(reason, &bp[1]) == 0)
{
if (Verbose)
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"%s: Already quarantined with \"%s\"\n",
e->e_id, reason);
}
(void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
"q%s\n", reason);
}
else
{
if (Verbose)
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"%s: Quarantine changed from \"%s\" to \"%s\"\n",
e->e_id, &bp[1],
reason);
}
(void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
"q%s\n", reason);
sm_syslog(LOG_INFO, e->e_id, "quarantine=%s",
reason);
dirty = true;
}
break;
case 'S':
/*
** If we are quarantining an unquarantined item,
** need to put in a new 'q' line before it's
** too late.
*/
if (!foundq && reason != NULL)
{
if (Verbose)
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"%s: Quarantined with \"%s\"\n",
e->e_id, reason);
}
(void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
"q%s\n", reason);
sm_syslog(LOG_INFO, e->e_id, "quarantine=%s",
reason);
foundq = true;
dirty = true;
}
/* Copy the line to the new file */
(void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
"%s\n", bp);
break;
case '.':
finished = true;
/* FALLTHROUGH */
default:
/* Copy the line to the new file */
(void) sm_io_fprintf(tempqfp, SM_TIME_DEFAULT,
"%s\n", bp);
break;
}
if (bp != buf)
sm_free(bp);
}
/* Make sure we read the whole old file */
errno = sm_io_error(tempqfp);
if (errno != 0 && errno != SM_IO_EOF)
{
save_errno = errno;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Skipping %s: Error reading %s: %s\n",
qid_printname(e), oldqf,
sm_errstring(save_errno));
failing = true;
}
if (!failing && !finished)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Skipping %s: Incomplete file: %s\n",
qid_printname(e), oldqf);
failing = true;
}
/* Check if we actually changed anything or we can just bail now */
if (!dirty)
{
/* pretend we failed, even though we technically didn't */
failing = true;
}
/* Make sure we wrote things out safely */
if (!failing &&
(sm_io_flush(tempqfp, SM_TIME_DEFAULT) != 0 ||
((SuperSafe == SAFE_REALLY ||
SuperSafe == SAFE_REALLY_POSTMILTER ||
SuperSafe == SAFE_INTERACTIVE) &&
fsync(sm_io_getinfo(tempqfp, SM_IO_WHAT_FD, NULL)) < 0) ||
((errno = sm_io_error(tempqfp)) != 0)))
{
save_errno = errno;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Skipping %s: Error writing %s: %s\n",
qid_printname(e), tempqf,
sm_errstring(save_errno));
failing = true;
}
/* Figure out the new filename */
newtype = (reason == NULL ? NORMQF_LETTER : QUARQF_LETTER);
if (oldtype == newtype)
{
/* going to rename tempqf to oldqf */
(void) sm_strlcpy(newqf, oldqf, sizeof(newqf));
}
else
{
/* going to rename tempqf to new name based on newtype */
(void) sm_strlcpy(newqf, queuename(e, newtype), sizeof(newqf));
}
save_errno = 0;
/* rename tempqf to newqf */
if (!failing &&
rename(tempqf, newqf) < 0)
save_errno = (errno == 0) ? EINVAL : errno;
/* Check rename() success */
if (!failing && save_errno != 0)
{
sm_syslog(LOG_DEBUG, e->e_id,
"quarantine_queue_item: rename(%s, %s): %s",
tempqf, newqf, sm_errstring(save_errno));
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Error renaming %s to %s: %s\n",
tempqf, newqf,
sm_errstring(save_errno));
if (oldtype == newtype)
{
/*
** Bail here since we don't know the state of
** the filesystem and may need to keep tempqf
** for the user to rescue us.
*/
RELEASE_QUEUE;
errno = save_errno;
syserr("!452 Error renaming control file %s", tempqf);
/* NOTREACHED */
}
else
{
/* remove new file (if rename() half completed) */
if (xunlink(newqf) < 0)
{
save_errno = errno;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Error removing %s: %s\n",
newqf,
sm_errstring(save_errno));
}
/* tempqf removed below */
failing = true;
}
}
/* If changing file types, need to remove old type */
if (!failing && oldtype != newtype)
{
if (xunlink(oldqf) < 0)
{
save_errno = errno;
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Error removing %s: %s\n",
oldqf, sm_errstring(save_errno));
}
}
/* see if anything above failed */
if (failing)
{
/* Something failed: remove new file, old file still there */
(void) xunlink(tempqf);
}
/*
** fsync() after file operations to make sure metadata is
** written to disk on filesystems in which renames are
** not guaranteed. It's ok if they fail, mail won't be lost.
*/
if (SuperSafe != SAFE_NO)
{
/* for soft-updates */
(void) fsync(sm_io_getinfo(tempqfp,
SM_IO_WHAT_FD, NULL));
if (!failing)
{
/* for soft-updates */
(void) fsync(sm_io_getinfo(oldqfp,
SM_IO_WHAT_FD, NULL));
}
/* for other odd filesystems */
SYNC_DIR(tempqf, false);
}
/* Close up shop */
RELEASE_QUEUE;
if (tempqfp != NULL)
(void) sm_io_close(tempqfp, SM_TIME_DEFAULT);
if (oldqfp != NULL)
(void) sm_io_close(oldqfp, SM_TIME_DEFAULT);
/* All went well */
return !failing;
}
/*
** QUARANTINE_QUEUE -- {un,}quarantine matching items in the queue
**
** Read all matching queue items, add/remove quarantine
** reason, and requeue appropriately.
**
** Parameters:
** reason -- quarantine reason, "." means unquarantine.
** qgrplimit -- limit to single queue group unless NOQGRP
**
** Results:
** none.
**
** Side Effects:
** Lots of changes to the queue.
*/
void
quarantine_queue(reason, qgrplimit)
char *reason;
int qgrplimit;
{
int changed = 0;
int qgrp;
/* Convert internal representation of unquarantine */
if (reason != NULL && reason[0] == '.' && reason[1] == '\0')
reason = NULL;
if (reason != NULL)
{
/* clean it */
reason = newstr(denlstring(reason, true, true));
}
for (qgrp = 0; qgrp < NumQueue && Queue[qgrp] != NULL; qgrp++)
{
int qdir;
if (qgrplimit != NOQGRP && qgrplimit != qgrp)
continue;
for (qdir = 0; qdir < Queue[qgrp]->qg_numqueues; qdir++)
{
int i;
int nrequests;
if (StopRequest)
stop_sendmail();
nrequests = gatherq(qgrp, qdir, true, NULL, NULL, NULL);
/* first see if there is anything */
if (nrequests <= 0)
{
if (Verbose)
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT, "%s: no matches\n",
qid_printqueue(qgrp, qdir));
}
continue;
}
if (Verbose)
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT, "Processing %s:\n",
qid_printqueue(qgrp, qdir));
}
for (i = 0; i < WorkListCount; i++)
{
ENVELOPE e;
if (StopRequest)
stop_sendmail();
/* setup envelope */
clearenvelope(&e, true, sm_rpool_new_x(NULL));
e.e_id = WorkList[i].w_name + 2;
e.e_qgrp = qgrp;
e.e_qdir = qdir;
if (tTd(70, 101))
{
sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Would do %s\n", e.e_id);
changed++;
}
else if (quarantine_queue_item(qgrp, qdir,
&e, reason))
changed++;
/* clean up */
sm_rpool_free(e.e_rpool);
e.e_rpool = NULL;
}
if (WorkList != NULL)
sm_free(WorkList); /* XXX */
WorkList = NULL;
WorkListSize = 0;
WorkListCount = 0;
}
}
if (Verbose)
{
if (changed == 0)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"No changes\n");
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"%d change%s\n",
changed,
changed == 1 ? "" : "s");
}
}
diff --git a/src/ratectrl.c b/src/ratectrl.c
index cb7dca58b539..6b9d5c4af3fa 100644
--- a/src/ratectrl.c
+++ b/src/ratectrl.c
@@ -1,484 +1,600 @@
/*
* Copyright (c) 2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* Contributed by Jose Marcio Martins da Cruz - Ecole des Mines de Paris
* Jose-Marcio.Martins@ensmp.fr
*/
/* a part of this code is based on inetd.c for which this copyright applies: */
/*
* Copyright (c) 1983, 1991, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-#include <sendmail.h>
+#include <ratectrl.h>
SM_RCSID("@(#)$Id: ratectrl.c,v 8.14 2013-11-22 20:51:56 ca Exp $")
-/*
-** stuff included - given some warnings (inet_ntoa)
-** - surely not everything is needed
-*/
-
-#if NETINET || NETINET6
-# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
-
-#include <sm/time.h>
-
-#ifndef HASH_ALG
-# define HASH_ALG 2
-#endif /* HASH_ALG */
-
-#ifndef RATECTL_DEBUG
-# define RATECTL_DEBUG 0
-#endif /* RATECTL_DEBUG */
-
-/* forward declarations */
-static int client_rate __P((time_t, SOCKADDR *, bool));
+static int client_rate __P((time_t, SOCKADDR *, int));
static int total_rate __P((time_t, bool));
+static unsigned int gen_hash __P((SOCKADDR *));
+static void rate_init __P((void));
/*
** CONNECTION_RATE_CHECK - updates connection history data
** and computes connection rate for the given host
**
-** Parameters:
-** hostaddr -- ip address of smtp client
-** e -- envelope
-**
-** Returns:
-** true (always)
+** Parameters:
+** hostaddr -- IP address of SMTP client
+** e -- envelope
**
-** Side Effects:
-** updates connection history
+** Returns:
+** none
**
-** Warnings:
-** For each connection, this call shall be
-** done only once with the value true for the
-** update parameter.
-** Typically, this call is done with the value
-** true by the father, and once again with
-** the value false by the children.
+** Side Effects:
+** updates connection history
**
+** Warnings:
+** For each connection, this call shall be
+** done only once with the value true for the
+** update parameter.
+** Typically, this call is done with the value
+** true by the father, and once again with
+** the value false by the children.
*/
-bool
+void
connection_rate_check(hostaddr, e)
SOCKADDR *hostaddr;
ENVELOPE *e;
{
time_t now;
int totalrate, clientrate;
static int clientconn = 0;
now = time(NULL);
#if RATECTL_DEBUG
sm_syslog(LOG_INFO, NOQID, "connection_rate_check entering...");
-#endif /* RATECTL_DEBUG */
+#endif
/* update server connection rate */
totalrate = total_rate(now, e == NULL);
#if RATECTL_DEBUG
sm_syslog(LOG_INFO, NOQID, "global connection rate: %d", totalrate);
-#endif /* RATECTL_DEBUG */
+#endif
/* update client connection rate */
- clientrate = client_rate(now, hostaddr, e == NULL);
+ clientrate = client_rate(now, hostaddr, e == NULL ? SM_CLFL_UPDATE : SM_CLFL_NONE);
if (e == NULL)
clientconn = count_open_connections(hostaddr);
if (e != NULL)
{
char s[16];
sm_snprintf(s, sizeof(s), "%d", clientrate);
macdefine(&e->e_macro, A_TEMP, macid("{client_rate}"), s);
sm_snprintf(s, sizeof(s), "%d", totalrate);
macdefine(&e->e_macro, A_TEMP, macid("{total_rate}"), s);
sm_snprintf(s, sizeof(s), "%d", clientconn);
macdefine(&e->e_macro, A_TEMP, macid("{client_connections}"),
s);
}
- return true;
+ return;
}
/*
** Data declarations needed to evaluate connection rate
*/
static int CollTime = 60;
-/* this should be a power of 2, otherwise CPMHMASK doesn't work well */
-#ifndef CPMHSIZE
-# define CPMHSIZE 1024
-#endif /* CPMHSIZE */
-
-#define CPMHMASK (CPMHSIZE-1)
-
-#ifndef MAX_CT_STEPS
-# define MAX_CT_STEPS 10
-#endif /* MAX_CT_STEPS */
-
/*
** time granularity: 10s (that's one "tick")
** will be initialised to ConnectionRateWindowSize/CHTSIZE
** before being used the first time
*/
static int ChtGran = -1;
+static CHash_T CHashAry[CPMHSIZE];
+static CTime_T srv_Times[CHTSIZE];
-#define CHTSIZE 6
+#ifndef MAX_CT_STEPS
+# define MAX_CT_STEPS 10
+#endif
-/* Number of connections for a certain "tick" */
-typedef struct CTime
-{
- unsigned long ct_Ticks;
- int ct_Count;
-}
-CTime_T;
+/*
+** RATE_INIT - initialize local data
+**
+** Parameters:
+** none
+**
+** Returns:
+** none
+**
+** Side effects:
+** initializes static global data
+*/
-typedef struct CHash
+static void
+rate_init()
{
-#if NETINET6 && NETINET
- union
- {
- struct in_addr c4_Addr;
- struct in6_addr c6_Addr;
- } cu_Addr;
-# define ch_Addr4 cu_Addr.c4_Addr
-# define ch_Addr6 cu_Addr.c6_Addr
-#else /* NETINET6 && NETINET */
-# if NETINET6
- struct in6_addr ch_Addr;
-# define ch_Addr6 ch_Addr
-# else /* NETINET6 */
- struct in_addr ch_Addr;
-# define ch_Addr4 ch_Addr
-# endif /* NETINET6 */
-#endif /* NETINET6 && NETINET */
-
- int ch_Family;
- time_t ch_LTime;
- unsigned long ch_colls;
-
- /* 6 buckets for ticks: 60s */
- CTime_T ch_Times[CHTSIZE];
+ if (ChtGran > 0)
+ return;
+ ChtGran = ConnectionRateWindowSize / CHTSIZE;
+ if (ChtGran <= 0)
+ ChtGran = 10;
+ memset(CHashAry, 0, sizeof(CHashAry));
+ memset(srv_Times, 0, sizeof(srv_Times));
+ return;
}
-CHash_T;
-
-static CHash_T CHashAry[CPMHSIZE];
-static bool CHashAryOK = false;
/*
-** CLIENT_RATE - Evaluate connection rate per smtp client
+** GEN_HASH - calculate a hash value
**
** Parameters:
-** now - current time in secs
** saddr - client address
-** update - update data / check only
**
** Returns:
-** connection rate (connections / ConnectionRateWindowSize)
-**
-** Side effects:
-** update static global data
-**
+** hash value
*/
-static int
-client_rate(now, saddr, update)
- time_t now;
- SOCKADDR *saddr;
- bool update;
+static unsigned int
+gen_hash(saddr)
+ SOCKADDR *saddr;
{
unsigned int hv;
int i;
- int cnt;
- bool coll;
- CHash_T *chBest = NULL;
- unsigned int ticks;
+ int addrlen;
+ char *p;
+#if HASH_ALG != 1
+ int c, d;
+#endif
- cnt = 0;
hv = 0xABC3D20F;
- if (ChtGran < 0)
- ChtGran = ConnectionRateWindowSize / CHTSIZE;
- if (ChtGran <= 0)
- ChtGran = 10;
-
- ticks = now / ChtGran;
-
- if (!CHashAryOK)
+ switch (saddr->sa.sa_family)
{
- memset(CHashAry, 0, sizeof(CHashAry));
- CHashAryOK = true;
- }
-
- {
- char *p;
- int addrlen;
-#if HASH_ALG != 1
- int c, d;
-#endif /* HASH_ALG != 1 */
-
- switch (saddr->sa.sa_family)
- {
#if NETINET
- case AF_INET:
- p = (char *)&saddr->sin.sin_addr;
- addrlen = sizeof(struct in_addr);
- break;
+ case AF_INET:
+ p = (char *)&saddr->sin.sin_addr;
+ addrlen = sizeof(struct in_addr);
+ break;
#endif /* NETINET */
#if NETINET6
- case AF_INET6:
- p = (char *)&saddr->sin6.sin6_addr;
- addrlen = sizeof(struct in6_addr);
- break;
+ case AF_INET6:
+ p = (char *)&saddr->sin6.sin6_addr;
+ addrlen = sizeof(struct in6_addr);
+ break;
#endif /* NETINET6 */
- default:
- /* should not happen */
- return -1;
- }
+ default:
+ /* should not happen */
+ return -1;
+ }
- /* compute hash value */
- for (i = 0; i < addrlen; ++i, ++p)
+ /* compute hash value */
+ for (i = 0; i < addrlen; ++i, ++p)
#if HASH_ALG == 1
- hv = (hv << 5) ^ (hv >> 23) ^ *p;
- hv = (hv ^ (hv >> 16));
+ hv = (hv << 5) ^ (hv >> 23) ^ *p;
+ hv = (hv ^ (hv >> 16));
#elif HASH_ALG == 2
- {
- d = *p;
- c = d;
- c ^= c<<6;
- hv += (c<<11) ^ (c>>1);
- hv ^= (d<<14) + (d<<7) + (d<<4) + d;
- }
+ {
+ d = *p;
+ c = d;
+ c ^= c<<6;
+ hv += (c<<11) ^ (c>>1);
+ hv ^= (d<<14) + (d<<7) + (d<<4) + d;
+ }
#elif HASH_ALG == 3
+ {
+ hv = (hv << 4) + *p;
+ d = hv & 0xf0000000;
+ if (d != 0)
{
- hv = (hv << 4) + *p;
- d = hv & 0xf0000000;
- if (d != 0)
- {
- hv ^= (d >> 24);
- hv ^= d;
- }
+ hv ^= (d >> 24);
+ hv ^= d;
}
+ }
#else /* HASH_ALG == 1 */
- hv = ((hv << 1) ^ (*p & 0377)) % cctx->cc_size;
+# ERROR: unsupported HASH_ALG
+ hv = ((hv << 1) ^ (*p & 0377)) % cctx->cc_size; ???
#endif /* HASH_ALG == 1 */
- }
+
+ return hv;
+}
+
+/*
+** CONN_LIMIT - Evaluate connection limits
+**
+** Parameters:
+** e -- envelope (_FFR_OCC, for logging only)
+** now - current time in secs
+** saddr - client address
+** clflags - update data / check only / ...
+** hashary - hash array
+** ratelimit - rate limit (_FFR_OCC only)
+** conclimit - concurrency limit (_FFR_OCC only)
+**
+** Returns:
+#if _FFR_OCC
+** outgoing: limit exceeded?
+#endif
+** incoming:
+** connection rate (connections / ConnectionRateWindowSize)
+*/
+
+int
+conn_limits(e, now, saddr, clflags, hashary, ratelimit, conclimit)
+ ENVELOPE *e;
+ time_t now;
+ SOCKADDR *saddr;
+ int clflags;
+ CHash_T hashary[];
+ int ratelimit;
+ int conclimit;
+{
+ int i;
+ int cnt;
+ bool coll;
+ CHash_T *chBest = NULL;
+ CTime_T *ct = NULL;
+ unsigned int ticks;
+ unsigned int hv;
+#if _FFR_OCC
+ bool exceeded = false;
+ int *prv, *pcv;
+#endif
+#if RATECTL_DEBUG || _FFR_OCC
+ bool logit = false;
+#endif
+
+ cnt = 0;
+ hv = gen_hash(saddr);
+ ticks = now / ChtGran;
coll = true;
for (i = 0; i < MAX_CT_STEPS; ++i)
{
- CHash_T *ch = &CHashAry[(hv + i) & CPMHMASK];
+ CHash_T *ch = &hashary[(hv + i) & CPMHMASK];
#if NETINET
if (saddr->sa.sa_family == AF_INET &&
ch->ch_Family == AF_INET &&
(saddr->sin.sin_addr.s_addr == ch->ch_Addr4.s_addr ||
ch->ch_Addr4.s_addr == 0))
{
chBest = ch;
coll = false;
break;
}
#endif /* NETINET */
#if NETINET6
if (saddr->sa.sa_family == AF_INET6 &&
ch->ch_Family == AF_INET6 &&
(IN6_ARE_ADDR_EQUAL(&saddr->sin6.sin6_addr,
&ch->ch_Addr6) != 0 ||
IN6_IS_ADDR_UNSPECIFIED(&ch->ch_Addr6)))
{
chBest = ch;
coll = false;
break;
}
#endif /* NETINET6 */
if (chBest == NULL || ch->ch_LTime == 0 ||
ch->ch_LTime < chBest->ch_LTime)
chBest = ch;
}
/* Let's update data... */
- if (update)
+ if ((clflags & (SM_CLFL_UPDATE|SM_CLFL_EXC)) != 0)
{
if (coll && (now - chBest->ch_LTime < CollTime))
{
/*
** increment the number of collisions last
** CollTime for this client
*/
chBest->ch_colls++;
/*
** Maybe shall log if collision rate is too high...
** and take measures to resize tables
** if this is the case
*/
}
/*
** If it's not a match, then replace the data.
** Note: this purges the history of a colliding entry,
** which may cause "overruns", i.e., if two entries are
** "cancelling" each other out, then they may exceed
** the limits that are set. This might be mitigated a bit
** by the above "best of 5" function however.
**
** Alternative approach: just use the old data, which may
** cause false positives however.
- ** To activate this, change deactivate following memset call.
+ ** To activate this, deactivate the memset() call.
*/
if (coll)
{
#if NETINET
if (saddr->sa.sa_family == AF_INET)
{
chBest->ch_Family = AF_INET;
chBest->ch_Addr4 = saddr->sin.sin_addr;
}
#endif /* NETINET */
#if NETINET6
if (saddr->sa.sa_family == AF_INET6)
{
chBest->ch_Family = AF_INET6;
chBest->ch_Addr6 = saddr->sin6.sin6_addr;
}
#endif /* NETINET6 */
-#if 1
memset(chBest->ch_Times, '\0',
sizeof(chBest->ch_Times));
-#endif /* 1 */
}
chBest->ch_LTime = now;
- {
- CTime_T *ct = &chBest->ch_Times[ticks % CHTSIZE];
+ ct = &chBest->ch_Times[ticks % CHTSIZE];
- if (ct->ct_Ticks != ticks)
- {
- ct->ct_Ticks = ticks;
- ct->ct_Count = 0;
- }
- ++ct->ct_Count;
+ if (ct->ct_Ticks != ticks)
+ {
+ ct->ct_Ticks = ticks;
+ ct->ct_Count = 0;
}
+ if ((clflags & SM_CLFL_UPDATE) != 0)
+ ++ct->ct_Count;
}
/* Now let's count connections on the window */
for (i = 0; i < CHTSIZE; ++i)
{
- CTime_T *ct = &chBest->ch_Times[i];
+ CTime_T *cth;
- if (ct->ct_Ticks <= ticks && ct->ct_Ticks >= ticks - CHTSIZE)
- cnt += ct->ct_Count;
+ cth = &chBest->ch_Times[i];
+ if (cth->ct_Ticks <= ticks && cth->ct_Ticks >= ticks - CHTSIZE)
+ cnt += cth->ct_Count;
+ }
+#if _FFR_OCC
+ prv = pcv = NULL;
+ if (ct != NULL && ((clflags & SM_CLFL_EXC) != 0))
+ {
+ if (ratelimit > 0)
+ {
+ if (cnt < ratelimit)
+ prv = &(ct->ct_Count);
+ else
+ exceeded = true;
+ }
+ else if (ratelimit < 0 && ct->ct_Count > 0)
+ --ct->ct_Count;
}
+ if (chBest != NULL && ((clflags & SM_CLFL_EXC) != 0))
+ {
+ if (conclimit > 0)
+ {
+ if (chBest->ch_oc < conclimit)
+ pcv = &(chBest->ch_oc);
+ else
+ exceeded = true;
+ }
+ else if (conclimit < 0 && chBest->ch_oc > 0)
+ --chBest->ch_oc;
+ }
+#endif
+
+
#if RATECTL_DEBUG
- sm_syslog(LOG_WARNING, NOQID,
- "cln: cnt=(%d), CHTSIZE=(%d), ChtGran=(%d)",
- cnt, CHTSIZE, ChtGran);
-#endif /* RATECTL_DEBUG */
+ logit = true;
+#endif
+#if RATECTL_DEBUG || _FFR_OCC
+#if _FFR_OCC
+ if (!exceeded)
+ {
+ if (prv != NULL)
+ ++*prv, ++cnt;
+ if (pcv != NULL)
+ ++*pcv;
+ }
+ logit = exceeded || LogLevel > 11;
+#endif
+ if (logit)
+ sm_syslog(LOG_DEBUG, e != NULL ? e->e_id : NOQID,
+ "conn_limits: addr=%s, flags=0x%x, rate=%d/%d, conc=%d/%d, exc=%d",
+ saddr->sa.sa_family == AF_INET
+ ? inet_ntoa(saddr->sin.sin_addr) : "???",
+ clflags, cnt, ratelimit,
+# if _FFR_OCC
+ chBest != NULL ? chBest->ch_oc : -1
+# else
+ -2
+# endif
+ , conclimit
+# if _FFR_OCC
+ , exceeded
+# else
+ , 0
+# endif
+ );
+#endif
+#if _FFR_OCC
+ if ((clflags & SM_CLFL_EXC) != 0)
+ return exceeded;
+#endif
return cnt;
}
+/*
+** CLIENT_RATE - Evaluate connection rate per SMTP client
+**
+** Parameters:
+** now - current time in secs
+** saddr - client address
+** clflags - update data / check only
+**
+** Returns:
+** connection rate (connections / ConnectionRateWindowSize)
+**
+** Side effects:
+** update static global data
+*/
+
+static int
+client_rate(now, saddr, clflags)
+ time_t now;
+ SOCKADDR *saddr;
+ int clflags;
+{
+ rate_init();
+ return conn_limits(NULL, now, saddr, clflags, CHashAry, 0, 0);
+}
+
/*
** TOTAL_RATE - Evaluate global connection rate
**
** Parameters:
** now - current time in secs
** update - update data / check only
**
** Returns:
** connection rate (connections / ConnectionRateWindowSize)
*/
-static CTime_T srv_Times[CHTSIZE];
-static bool srv_Times_OK = false;
-
static int
total_rate(now, update)
- time_t now;
- bool update;
+ time_t now;
+ bool update;
{
int i;
int cnt = 0;
CTime_T *ct;
unsigned int ticks;
- if (ChtGran < 0)
- ChtGran = ConnectionRateWindowSize / CHTSIZE;
- if (ChtGran == 0)
- ChtGran = 10;
+ rate_init();
ticks = now / ChtGran;
- if (!srv_Times_OK)
- {
- memset(srv_Times, 0, sizeof(srv_Times));
- srv_Times_OK = true;
- }
/* Let's update data */
if (update)
{
ct = &srv_Times[ticks % CHTSIZE];
if (ct->ct_Ticks != ticks)
{
ct->ct_Ticks = ticks;
ct->ct_Count = 0;
}
++ct->ct_Count;
}
/* Let's count connections on the window */
for (i = 0; i < CHTSIZE; ++i)
{
ct = &srv_Times[i];
if (ct->ct_Ticks <= ticks && ct->ct_Ticks >= ticks - CHTSIZE)
cnt += ct->ct_Count;
}
#if RATECTL_DEBUG
sm_syslog(LOG_WARNING, NOQID,
- "srv: cnt=(%d), CHTSIZE=(%d), ChtGran=(%d)",
- cnt, CHTSIZE, ChtGran);
-#endif /* RATECTL_DEBUG */
+ "total: cnt=%d, CHTSIZE=%d, ChtGran=%d",
+ cnt, CHTSIZE, ChtGran);
+#endif
return cnt;
}
+
+#if RATECTL_DEBUG || _FFR_OCC
+void
+dump_ch(fp)
+ SM_FILE_T *fp;
+{
+ int i, j, cnt;
+ unsigned int ticks;
+
+ ticks = time(NULL) / ChtGran;
+ sm_io_fprintf(fp, SM_TIME_DEFAULT, "dump_ch\n");
+ for (i = 0; i < CPMHSIZE; i++)
+ {
+ CHash_T *ch = &CHashAry[i];
+ bool valid;
+
+ valid = false;
+#if NETINET
+ valid = (ch->ch_Family == AF_INET);
+ if (valid)
+ sm_io_fprintf(fp, SM_TIME_DEFAULT, "ip=%s ",
+ inet_ntoa(ch->ch_Addr4));
+#endif /* NETINET */
+#if NETINET6
+ if (ch->ch_Family == AF_INET6)
+ {
+ char buf[64], *str;
+
+ valid = true;
+ str = anynet_ntop(&ch->ch_Addr6, buf, sizeof(buf));
+ if (str != NULL)
+ sm_io_fprintf(fp, SM_TIME_DEFAULT, "ip=%s ",
+ str);
+ }
+#endif /* NETINET6 */
+ if (!valid)
+ continue;
+
+ cnt = 0;
+ for (j = 0; j < CHTSIZE; ++j)
+ {
+ CTime_T *cth;
+
+ cth = &ch->ch_Times[j];
+ if (cth->ct_Ticks <= ticks && cth->ct_Ticks >= ticks - CHTSIZE)
+ cnt += cth->ct_Count;
+ }
+
+ sm_io_fprintf(fp, SM_TIME_DEFAULT, "time=%ld cnt=%d ",
+ (long) ch->ch_LTime, cnt);
+#if _FFR_OCC
+ sm_io_fprintf(fp, SM_TIME_DEFAULT, "oc=%d", ch->ch_oc);
+#endif
+ sm_io_fprintf(fp, SM_TIME_DEFAULT, "\n");
+ }
+ sm_io_flush(fp, SM_TIME_DEFAULT);
+}
+
+#endif /* RATECTL_DEBUG || _FFR_OCC */
diff --git a/src/ratectrl.h b/src/ratectrl.h
new file mode 100644
index 000000000000..f1946c905603
--- /dev/null
+++ b/src/ratectrl.h
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 2003 Proofpoint, Inc. and its suppliers.
+ * All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ * Contributed by Jose Marcio Martins da Cruz - Ecole des Mines de Paris
+ * Jose-Marcio.Martins@ensmp.fr
+ */
+
+/* a part of this code is based on inetd.c for which this copyright applies: */
+/*
+ * Copyright (c) 1983, 1991, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef RATECTRL_H
+#define RATECTRL_H 1
+
+#include <sendmail.h>
+
+/*
+** stuff included - given some warnings (inet_ntoa)
+** - surely not everything is needed
+*/
+
+#if NETINET || NETINET6
+# include <arpa/inet.h>
+#endif
+
+#include <sm/time.h>
+
+#ifndef HASH_ALG
+# define HASH_ALG 2
+#endif
+
+#ifndef RATECTL_DEBUG
+# define RATECTL_DEBUG 0
+#endif
+
+/* this should be a power of 2, otherwise CPMHMASK doesn't work well */
+#ifndef CPMHSIZE
+# define CPMHSIZE 1024
+#endif
+
+#define CPMHMASK (CPMHSIZE-1)
+#define CHTSIZE 6
+
+/* Number of connections for a certain "tick" */
+typedef struct CTime
+{
+ unsigned long ct_Ticks;
+ int ct_Count;
+}
+CTime_T;
+
+typedef struct CHash
+{
+#if NETINET6 && NETINET
+ union
+ {
+ struct in_addr c4_Addr;
+ struct in6_addr c6_Addr;
+ } cu_Addr;
+# define ch_Addr4 cu_Addr.c4_Addr
+# define ch_Addr6 cu_Addr.c6_Addr
+#else /* NETINET6 && NETINET */
+# if NETINET6
+ struct in6_addr ch_Addr;
+# define ch_Addr6 ch_Addr
+# else /* NETINET6 */
+ struct in_addr ch_Addr;
+# define ch_Addr4 ch_Addr
+# endif /* NETINET6 */
+#endif /* NETINET6 && NETINET */
+
+ int ch_Family;
+ time_t ch_LTime;
+ unsigned long ch_colls;
+
+ /* 6 buckets for ticks: 60s */
+ CTime_T ch_Times[CHTSIZE];
+#if _FFR_OCC
+ int ch_oc; /* open connections */
+#endif
+}
+CHash_T;
+
+#define SM_CLFL_NONE 0x00
+#define SM_CLFL_UPDATE 0x01
+#define SM_CLFL_EXC 0x02 /* check if limit is exceeded */
+
+extern void connection_rate_check __P((SOCKADDR *, ENVELOPE *));
+extern int conn_limits __P((ENVELOPE *, time_t, SOCKADDR *, int, CHash_T *, int, int));
+extern bool occ_exceeded __P((ENVELOPE *, MCI *, const char *, SOCKADDR *));
+extern bool occ_close __P((ENVELOPE *, MCI *, const char *, SOCKADDR *));
+extern void dump_ch __P((SM_FILE_T *));
+#endif /* ! RATECTRL_H */
diff --git a/src/readcf.c b/src/readcf.c
index 10eac0bc6724..e6f62961f220 100644
--- a/src/readcf.c
+++ b/src/readcf.c
@@ -1,5270 +1,5425 @@
/*
* Copyright (c) 1998-2006, 2008-2010, 2013 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#include <sm/sendmail.h>
+#if STARTTLS
+# include <tls.h>
+#endif
+#if DNSSEC_TEST
+# include <sm_resolve.h>
+#endif
SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013-11-22 20:51:56 ca Exp $")
#if NETINET || NETINET6
# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
+#endif
#define SECONDS
#define MINUTES * 60
#define HOUR * 3600
#define HOURS HOUR
static void fileclass __P((int, char *, char *, bool, bool, bool));
static char **makeargv __P((char *));
static void settimeout __P((char *, char *, bool));
static void toomany __P((int, int));
static char *extrquotstr __P((char *, char **, char *, bool *));
static void parse_class_words __P((int, char *));
#if _FFR_BOUNCE_QUEUE
static char *bouncequeue = NULL;
static void initbouncequeue __P((void));
/*
** INITBOUNCEQUEUE -- determine BounceQueue if option is set.
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** sets BounceQueue
*/
static void
initbouncequeue()
{
STAB *s;
BounceQueue = NOQGRP;
if (bouncequeue == NULL || bouncequeue[0] == '\0')
return;
s = stab(bouncequeue, ST_QUEUE, ST_FIND);
if (s == NULL)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: option BounceQueue: unknown queue group %s\n",
bouncequeue);
}
else
BounceQueue = s->s_quegrp->qg_index;
}
#endif /* _FFR_BOUNCE_QUEUE */
#if _FFR_RCPTFLAGS
void setupdynmailers __P((void));
#else
#define setupdynmailers()
#endif
/*
** READCF -- read configuration file.
**
** This routine reads the configuration file and builds the internal
** form.
**
** The file is formatted as a sequence of lines, each taken
** atomically. The first character of each line describes how
** the line is to be interpreted. The lines are:
** Dxval Define macro x to have value val.
** Cxword Put word into class x.
** Fxfile [fmt] Read file for lines to put into
** class x. Use scanf string 'fmt'
** or "%s" if not present. Fmt should
** only produce one string-valued result.
** Hname: value Define header with field-name 'name'
** and value as specified; this will be
** macro expanded immediately before
** use.
** Sn Use rewriting set n.
** Rlhs rhs Rewrite addresses that match lhs to
** be rhs.
** Mn arg=val... Define mailer. n is the internal name.
** Args specify mailer parameters.
** Oxvalue Set option x to value.
** O option value Set option (long name) to value.
** Pname=value Set precedence name to value.
** Qn arg=val... Define queue groups. n is the internal name.
** Args specify queue parameters.
** Vversioncode[/vendorcode]
** Version level/vendor name of
** configuration syntax.
** Kmapname mapclass arguments....
** Define keyed lookup of a given class.
** Arguments are class dependent.
** Eenvar=value Set the environment value to the given value.
**
** Parameters:
** cfname -- configuration file name.
** safe -- true if this is the system config file;
** false otherwise.
** e -- the main envelope.
**
** Returns:
** none.
**
** Side Effects:
** Builds several internal tables.
*/
void
readcf(cfname, safe, e)
char *cfname;
bool safe;
register ENVELOPE *e;
{
SM_FILE_T *cf;
int ruleset = -1;
char *q;
struct rewrite *rwp = NULL;
char *bp;
auto char *ep;
int nfuzzy;
char *file;
bool optional;
bool ok;
bool ismap;
int mid;
register char *p;
long sff = SFF_OPENASROOT;
struct stat statb;
char buf[MAXLINE];
int bufsize;
char exbuf[MAXLINE];
char pvpbuf[MAXLINE + MAXATOM];
static char *null_list[1] = { NULL };
extern unsigned char TokTypeNoC[];
FileName = cfname;
LineNumber = 0;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
cf = safefopen(cfname, O_RDONLY, 0444, sff);
if (cf == NULL)
{
syserr("cannot open");
finis(false, true, EX_OSFILE);
}
if (fstat(sm_io_getinfo(cf, SM_IO_WHAT_FD, NULL), &statb) < 0)
{
syserr("cannot fstat");
finis(false, true, EX_OSFILE);
}
if (!S_ISREG(statb.st_mode))
{
syserr("not a plain file");
finis(false, true, EX_OSFILE);
}
if (OpMode != MD_TEST && bitset(S_IWGRP|S_IWOTH, statb.st_mode))
{
if (OpMode == MD_DAEMON || OpMode == MD_INITALIAS || OpMode == MD_CHECKCONFIG)
(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"%s: WARNING: dangerous write permissions\n",
FileName);
if (LogLevel > 0)
sm_syslog(LOG_CRIT, NOQID,
"%s: WARNING: dangerous write permissions",
FileName);
}
#if XLA
xla_zero();
-#endif /* XLA */
+#endif
while (bufsize = sizeof(buf),
(bp = fgetfolded(buf, &bufsize, cf)) != NULL)
{
char *nbp;
if (bp[0] == '#')
{
if (bp != buf)
sm_free(bp); /* XXX */
continue;
}
/* do macro expansion mappings */
nbp = translate_dollars(bp, bp, &bufsize);
if (nbp != bp && bp != buf)
sm_free(bp);
bp = nbp;
/* interpret this line */
errno = 0;
switch (bp[0])
{
case '\0':
case '#': /* comment */
break;
case 'R': /* rewriting rule */
if (ruleset < 0)
{
syserr("missing valid ruleset for \"%s\"", bp);
break;
}
for (p = &bp[1]; *p != '\0' && *p != '\t'; p++)
continue;
if (*p == '\0')
{
syserr("invalid rewrite line \"%s\" (tab expected)", bp);
break;
}
/* allocate space for the rule header */
if (rwp == NULL)
{
RewriteRules[ruleset] = rwp =
(struct rewrite *) xalloc(sizeof(*rwp));
}
else
{
rwp->r_next = (struct rewrite *) xalloc(sizeof(*rwp));
rwp = rwp->r_next;
}
rwp->r_next = NULL;
/* expand and save the LHS */
*p = '\0';
expand(&bp[1], exbuf, sizeof(exbuf), e);
rwp->r_lhs = prescan(exbuf, '\t', pvpbuf,
sizeof(pvpbuf), NULL,
ConfigLevel >= 9 ? TokTypeNoC : IntTokenTab,
true);
nfuzzy = 0;
if (rwp->r_lhs != NULL)
{
register char **ap;
rwp->r_lhs = copyplist(rwp->r_lhs, true, NULL);
/* count the number of fuzzy matches in LHS */
for (ap = rwp->r_lhs; *ap != NULL; ap++)
{
char *botch;
botch = NULL;
switch (ap[0][0] & 0377)
{
case MATCHZANY:
case MATCHANY:
case MATCHONE:
case MATCHCLASS:
case MATCHNCLASS:
nfuzzy++;
break;
case MATCHREPL:
botch = "$1-$9";
break;
case CANONUSER:
botch = "$:";
break;
case CALLSUBR:
botch = "$>";
break;
case CONDIF:
botch = "$?";
break;
case CONDFI:
botch = "$.";
break;
case HOSTBEGIN:
botch = "$[";
break;
case HOSTEND:
botch = "$]";
break;
case LOOKUPBEGIN:
botch = "$(";
break;
case LOOKUPEND:
botch = "$)";
break;
}
if (botch != NULL)
syserr("Inappropriate use of %s on LHS",
botch);
}
rwp->r_line = LineNumber;
}
else
{
syserr("R line: null LHS");
rwp->r_lhs = null_list;
}
if (nfuzzy > MAXMATCH)
{
syserr("R line: too many wildcards");
rwp->r_lhs = null_list;
}
/* expand and save the RHS */
while (*++p == '\t')
continue;
q = p;
while (*p != '\0' && *p != '\t')
p++;
*p = '\0';
expand(q, exbuf, sizeof(exbuf), e);
rwp->r_rhs = prescan(exbuf, '\t', pvpbuf,
sizeof(pvpbuf), NULL,
ConfigLevel >= 9 ? TokTypeNoC : IntTokenTab,
true);
if (rwp->r_rhs != NULL)
{
register char **ap;
int args, endtoken;
#if _FFR_EXTRA_MAP_CHECK
int nexttoken;
-#endif /* _FFR_EXTRA_MAP_CHECK */
+#endif
bool inmap;
rwp->r_rhs = copyplist(rwp->r_rhs, true, NULL);
/* check no out-of-bounds replacements */
nfuzzy += '0';
inmap = false;
args = 0;
endtoken = 0;
for (ap = rwp->r_rhs; *ap != NULL; ap++)
{
char *botch;
botch = NULL;
switch (ap[0][0] & 0377)
{
case MATCHREPL:
if (ap[0][1] <= '0' ||
ap[0][1] > nfuzzy)
{
syserr("replacement $%c out of bounds",
ap[0][1]);
}
break;
case MATCHZANY:
botch = "$*";
break;
case MATCHANY:
botch = "$+";
break;
case MATCHONE:
botch = "$-";
break;
case MATCHCLASS:
botch = "$=";
break;
case MATCHNCLASS:
botch = "$~";
break;
case CANONHOST:
if (!inmap)
break;
if (++args >= MAX_MAP_ARGS)
syserr("too many arguments for map lookup");
break;
case HOSTBEGIN:
endtoken = HOSTEND;
/* FALLTHROUGH */
case LOOKUPBEGIN:
/* see above... */
if ((ap[0][0] & 0377) == LOOKUPBEGIN)
endtoken = LOOKUPEND;
if (inmap)
syserr("cannot nest map lookups");
inmap = true;
args = 0;
#if _FFR_EXTRA_MAP_CHECK
if (ap[1] == NULL)
{
syserr("syntax error in map lookup");
break;
}
nexttoken = ap[1][0] & 0377;
if (nexttoken == CANONHOST ||
nexttoken == CANONUSER ||
- nexttoken == endtoken))
+ nexttoken == endtoken)
{
syserr("missing map name for lookup");
break;
}
if (ap[2] == NULL)
{
syserr("syntax error in map lookup");
break;
}
- if (ap[0][0] == HOSTBEGIN)
+ if ((unsigned char) ap[0][0] == HOSTBEGIN)
break;
nexttoken = ap[2][0] & 0377;
if (nexttoken == CANONHOST ||
nexttoken == CANONUSER ||
nexttoken == endtoken)
{
syserr("missing key name for lookup");
break;
}
#endif /* _FFR_EXTRA_MAP_CHECK */
break;
case HOSTEND:
case LOOKUPEND:
if ((ap[0][0] & 0377) != endtoken)
break;
inmap = false;
endtoken = 0;
break;
#if 0
/*
** This doesn't work yet as there are maps defined *after* the cf
** is read such as host, user, and alias. So for now, it's removed.
** When it comes back, the RELEASE_NOTES entry will be:
** Emit warnings for unknown maps when reading the .cf file. Based on
** patch from Robert Harker of Harker Systems.
*/
case LOOKUPBEGIN:
/*
** Got a database lookup,
** check if map is defined.
*/
ep = ap[1];
if ((ep[0] & 0377) != MACRODEXPAND &&
stab(ep, ST_MAP, ST_FIND) == NULL)
{
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"Warning: %s: line %d: map %s not found\n",
FileName,
LineNumber,
ep);
}
break;
#endif /* 0 */
}
if (botch != NULL)
syserr("Inappropriate use of %s on RHS",
botch);
}
if (inmap)
syserr("missing map closing token");
}
else
{
syserr("R line: null RHS");
rwp->r_rhs = null_list;
}
break;
case 'S': /* select rewriting set */
expand(&bp[1], exbuf, sizeof(exbuf), e);
ruleset = strtorwset(exbuf, NULL, ST_ENTER);
if (ruleset < 0)
break;
rwp = RewriteRules[ruleset];
if (rwp != NULL)
{
if (OpMode == MD_TEST || OpMode == MD_CHECKCONFIG)
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"WARNING: Ruleset %s has multiple definitions\n",
&bp[1]);
if (tTd(37, 1))
sm_dprintf("WARNING: Ruleset %s has multiple definitions\n",
&bp[1]);
while (rwp->r_next != NULL)
rwp = rwp->r_next;
}
break;
case 'D': /* macro definition */
mid = macid_parse(&bp[1], &ep);
if (mid == 0)
break;
p = munchstring(ep, NULL, '\0');
macdefine(&e->e_macro, A_TEMP, mid, p);
break;
case 'H': /* required header line */
(void) chompheader(&bp[1], CHHDR_DEF, NULL, e);
break;
case 'C': /* word class */
case 'T': /* trusted user (set class `t') */
if (bp[0] == 'C')
{
mid = macid_parse(&bp[1], &ep);
if (mid == 0)
break;
expand(ep, exbuf, sizeof(exbuf), e);
p = exbuf;
}
else
{
mid = 't';
p = &bp[1];
}
while (*p != '\0')
{
register char *wd;
char delim;
- while (*p != '\0' && isascii(*p) && isspace(*p))
+ while (*p != '\0' && SM_ISSPACE(*p))
p++;
wd = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
delim = *p;
*p = '\0';
if (wd[0] != '\0')
setclass(mid, wd);
*p = delim;
}
break;
case 'F': /* word class from file */
mid = macid_parse(&bp[1], &ep);
if (mid == 0)
break;
- for (p = ep; isascii(*p) && isspace(*p); )
+ for (p = ep; SM_ISSPACE(*p); )
p++;
if (p[0] == '-' && p[1] == 'o')
{
optional = true;
while (*p != '\0' &&
- !(isascii(*p) && isspace(*p)))
+ !(SM_ISSPACE(*p)))
p++;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
}
else
optional = false;
/* check if [key]@map:spec */
ismap = false;
if (!SM_IS_DIR_DELIM(*p) &&
*p != '|' &&
(q = strchr(p, '@')) != NULL)
{
q++;
/* look for @LDAP or @map: in string */
if (strcmp(q, "LDAP") == 0 ||
(*q != ':' &&
strchr(q, ':') != NULL))
ismap = true;
}
if (ismap)
{
/* use entire spec */
file = p;
}
else
{
file = extrquotstr(p, &q, " ", &ok);
if (!ok)
{
syserr("illegal filename '%s'", p);
break;
}
}
if (*file == '|' || ismap)
p = "%s";
else
{
p = q;
if (*p == '\0')
p = "%s";
else
{
*p = '\0';
while (isascii(*++p) && isspace(*p))
continue;
}
}
fileclass(mid, file, p, ismap, safe, optional);
break;
#if XLA
case 'L': /* extended load average description */
xla_init(&bp[1]);
break;
-#endif /* XLA */
+#endif
#if defined(SUN_EXTENSIONS) && defined(SUN_LOOKUP_MACRO)
case 'L': /* lookup macro */
case 'G': /* lookup class */
/* reserved for Sun -- NIS+ database lookup */
if (VendorCode != VENDOR_SUN)
goto badline;
sun_lg_config_line(bp, e);
break;
#endif /* defined(SUN_EXTENSIONS) && defined(SUN_LOOKUP_MACRO) */
case 'M': /* define mailer */
makemailer(&bp[1]);
break;
case 'O': /* set option */
setoption(bp[1], &bp[2], safe, false, e);
break;
case 'P': /* set precedence */
if (NumPriorities >= MAXPRIORITIES)
{
toomany('P', MAXPRIORITIES);
break;
}
for (p = &bp[1]; *p != '\0' && *p != '='; p++)
continue;
if (*p == '\0')
goto badline;
*p = '\0';
Priorities[NumPriorities].pri_name = newstr(&bp[1]);
Priorities[NumPriorities].pri_val = atoi(++p);
NumPriorities++;
break;
case 'Q': /* define queue */
makequeue(&bp[1], true);
break;
case 'V': /* configuration syntax version */
- for (p = &bp[1]; isascii(*p) && isspace(*p); p++)
+ for (p = &bp[1]; SM_ISSPACE(*p); p++)
continue;
if (!isascii(*p) || !isdigit(*p))
{
syserr("invalid argument to V line: \"%.20s\"",
&bp[1]);
break;
}
ConfigLevel = strtol(p, &ep, 10);
/*
** Do heuristic tweaking for back compatibility.
*/
if (ConfigLevel >= 5)
{
/* level 5 configs have short name in $w */
p = macvalue('w', e);
if (p != NULL && (p = strchr(p, '.')) != NULL)
{
*p = '\0';
macdefine(&e->e_macro, A_TEMP, 'w',
macvalue('w', e));
}
}
if (ConfigLevel >= 6)
{
ColonOkInAddr = false;
}
/*
** Look for vendor code.
*/
if (*ep++ == '/')
{
/* extract vendor code */
for (p = ep; isascii(*p) && isalpha(*p); )
p++;
*p = '\0';
if (!setvendor(ep))
syserr("invalid V line vendor code: \"%s\"",
ep);
}
break;
case 'K':
expand(&bp[1], exbuf, sizeof(exbuf), e);
(void) makemapentry(exbuf);
break;
case 'E':
p = strchr(bp, '=');
if (p != NULL)
*p++ = '\0';
sm_setuserenv(&bp[1], p);
break;
case 'X': /* mail filter */
#if MILTER
milter_setup(&bp[1]);
#else /* MILTER */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Filter usage ('X') requires Milter support (-DMILTER)\n");
#endif /* MILTER */
break;
default:
badline:
syserr("unknown configuration line \"%s\"", bp);
}
if (bp != buf)
sm_free(bp); /* XXX */
}
if (sm_io_error(cf))
{
syserr("I/O read error");
finis(false, true, EX_OSFILE);
}
(void) sm_io_close(cf, SM_TIME_DEFAULT);
FileName = NULL;
#if _FFR_BOUNCE_QUEUE
initbouncequeue();
#endif
/* initialize host maps from local service tables */
inithostmaps();
/* initialize daemon (if not defined yet) */
initdaemon();
/* determine if we need to do special name-server frotz */
{
int nmaps;
char *maptype[MAXMAPSTACK];
short mapreturn[MAXMAPACTIONS];
nmaps = switch_map_find("hosts", maptype, mapreturn);
UseNameServer = false;
if (nmaps > 0 && nmaps <= MAXMAPSTACK)
{
register int mapno;
for (mapno = 0; mapno < nmaps && !UseNameServer;
mapno++)
{
if (strcmp(maptype[mapno], "dns") == 0)
UseNameServer = true;
}
}
}
setupdynmailers();
}
/*
** TRANSLATE_DOLLARS -- convert $x into internal form
**
** Actually does all appropriate pre-processing of a config line
** to turn it into internal form.
**
** Parameters:
** ibp -- the buffer to translate.
** obp -- where to put the translation; may be the same as obp
** bsp -- a pointer to the size of obp; will be updated if
** the buffer needs to be replaced.
**
** Returns:
** The buffer pointer; may differ from obp if the expansion
** is larger then *bsp, in which case this will point to
** malloc()ed memory which must be free()d by the caller.
*/
char *
translate_dollars(ibp, obp, bsp)
char *ibp;
char *obp;
int *bsp;
{
register char *p;
auto char *ep;
char *bp;
if (tTd(37, 53))
{
sm_dprintf("translate_dollars(");
xputs(sm_debug_file(), ibp);
sm_dprintf(")\n");
}
bp = quote_internal_chars(ibp, obp, bsp);
for (p = bp; *p != '\0'; p++)
{
if (*p == '#' && p > bp && ConfigLevel >= 3)
{
register char *e;
switch (*--p & 0377)
{
case MACROEXPAND:
/* it's from $# -- let it go through */
p++;
break;
case '\\':
/* it's backslash escaped */
(void) sm_strlcpy(p, p + 1, strlen(p));
break;
default:
/* delete leading white space */
- while (isascii(*p) && isspace(*p) &&
+ while (SM_ISSPACE(*p) &&
*p != '\n' && p > bp)
{
p--;
}
if ((e = strchr(++p, '\n')) != NULL)
(void) sm_strlcpy(p, e, strlen(p));
else
*p-- = '\0';
break;
}
continue;
}
if (*p != '$' || p[1] == '\0')
continue;
if (p[1] == '$')
{
/* actual dollar sign.... */
(void) sm_strlcpy(p, p + 1, strlen(p));
continue;
}
/* convert to macro expansion character */
*p++ = MACROEXPAND;
/* special handling for $=, $~, $&, and $? */
if (*p == '=' || *p == '~' || *p == '&' || *p == '?')
p++;
/* convert macro name to code */
*p = macid_parse(p, &ep);
if (ep != p + 1)
(void) sm_strlcpy(p + 1, ep, strlen(p + 1));
}
/* strip trailing white space from the line */
- while (--p > bp && isascii(*p) && isspace(*p))
+ while (--p > bp && SM_ISSPACE(*p))
*p = '\0';
if (tTd(37, 53))
{
sm_dprintf(" translate_dollars => ");
xputs(sm_debug_file(), bp);
sm_dprintf("\n");
}
return bp;
}
/*
** TOOMANY -- signal too many of some option
**
** Parameters:
** id -- the id of the error line
** maxcnt -- the maximum possible values
**
** Returns:
** none.
**
** Side Effects:
** gives a syserr.
*/
static void
toomany(id, maxcnt)
int id;
int maxcnt;
{
syserr("too many %c lines, %d max", id, maxcnt);
}
/*
** FILECLASS -- read members of a class from a file
**
** Parameters:
** class -- class to define.
** filename -- name of file to read.
** fmt -- scanf string to use for match.
** ismap -- if set, this is a map lookup.
** safe -- if set, this is a safe read.
** optional -- if set, it is not an error for the file to
** not exist.
**
** Returns:
** none
**
** Side Effects:
** puts all lines in filename that match a scanf into
** the named class.
*/
/*
** Break up the match into words and add to class.
*/
static void
parse_class_words(class, line)
int class;
char *line;
{
while (line != NULL && *line != '\0')
{
register char *q;
/* strip leading spaces */
- while (isascii(*line) && isspace(*line))
+ while (SM_ISSPACE(*line))
line++;
if (*line == '\0')
break;
/* find the end of the word */
q = line;
- while (*line != '\0' && !(isascii(*line) && isspace(*line)))
+ while (*line != '\0' && !(SM_ISSPACE(*line)))
line++;
if (*line != '\0')
*line++ = '\0';
/* enter the word in the symbol table */
setclass(class, q);
}
}
static void
fileclass(class, filename, fmt, ismap, safe, optional)
int class;
char *filename;
char *fmt;
bool ismap;
bool safe;
bool optional;
{
SM_FILE_T *f;
long sff;
pid_t pid;
register char *p;
char buf[MAXLINE];
if (tTd(37, 2))
sm_dprintf("fileclass(%s, fmt=%s)\n", filename, fmt);
if (*filename == '\0')
{
syserr("fileclass: missing file name");
return;
}
else if (ismap)
{
int status = 0;
char *key;
char *mn;
char *cl, *spec;
STAB *mapclass;
MAP map;
mn = newstr(macname(class));
key = filename;
/* skip past key */
if ((p = strchr(filename, '@')) == NULL)
{
/* should not happen */
syserr("fileclass: bogus map specification");
sm_free(mn);
return;
}
/* skip past '@' */
*p++ = '\0';
cl = p;
#if LDAPMAP
if (strcmp(cl, "LDAP") == 0)
{
int n;
char *lc;
char jbuf[MAXHOSTNAMELEN];
char lcbuf[MAXLINE];
/* Get $j */
expand("\201j", jbuf, sizeof(jbuf), &BlankEnvelope);
if (jbuf[0] == '\0')
{
(void) sm_strlcpy(jbuf, "localhost",
sizeof(jbuf));
}
/* impose the default schema */
lc = macvalue(macid("{sendmailMTACluster}"), CurEnv);
if (lc == NULL)
lc = "";
else
{
expand(lc, lcbuf, sizeof(lcbuf), CurEnv);
lc = lcbuf;
}
cl = "ldap";
n = sm_snprintf(buf, sizeof(buf),
"-k (&(objectClass=sendmailMTAClass)(sendmailMTAClassName=%s)(|(sendmailMTACluster=%s)(sendmailMTAHost=%s))) -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass",
mn, lc, jbuf);
if (n >= sizeof(buf))
{
syserr("fileclass: F{%s}: Default LDAP string too long",
mn);
sm_free(mn);
return;
}
spec = buf;
}
else
#endif /* LDAPMAP */
{
if ((spec = strchr(cl, ':')) == NULL)
{
syserr("fileclass: F{%s}: missing map class",
mn);
sm_free(mn);
return;
}
*spec++ ='\0';
}
/* set up map structure */
mapclass = stab(cl, ST_MAPCLASS, ST_FIND);
if (mapclass == NULL)
{
syserr("fileclass: F{%s}: class %s not available",
mn, cl);
sm_free(mn);
return;
}
memset(&map, '\0', sizeof(map));
map.map_class = &mapclass->s_mapclass;
map.map_mname = mn;
map.map_mflags |= MF_FILECLASS;
if (tTd(37, 5))
sm_dprintf("fileclass: F{%s}: map class %s, key %s, spec %s\n",
mn, cl, key, spec);
/* parse map spec */
if (!map.map_class->map_parse(&map, spec))
{
/* map_parse() showed the error already */
sm_free(mn);
return;
}
map.map_mflags |= MF_VALID;
/* open map */
if (map.map_class->map_open(&map, O_RDONLY))
{
map.map_mflags |= MF_OPEN;
map.map_pid = getpid();
}
else
{
if (!optional &&
!bitset(MF_OPTIONAL, map.map_mflags))
syserr("fileclass: F{%s}: map open failed",
mn);
sm_free(mn);
return;
}
/* lookup */
p = (*map.map_class->map_lookup)(&map, key, NULL, &status);
if (status != EX_OK && status != EX_NOTFOUND)
{
if (!optional)
syserr("fileclass: F{%s}: map lookup failed",
mn);
p = NULL;
}
/* use the results */
if (p != NULL)
parse_class_words(class, p);
/* close map */
map.map_mflags |= MF_CLOSING;
map.map_class->map_close(&map);
map.map_mflags &= ~(MF_OPEN|MF_WRITABLE|MF_CLOSING);
sm_free(mn);
return;
}
else if (filename[0] == '|')
{
auto int fd;
int i;
char *argv[MAXPV + 1];
i = 0;
for (p = strtok(&filename[1], " \t");
p != NULL && i < MAXPV;
p = strtok(NULL, " \t"))
argv[i++] = p;
argv[i] = NULL;
pid = prog_open(argv, &fd, CurEnv);
if (pid < 0)
f = NULL;
else
f = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &fd, SM_IO_RDONLY, NULL);
}
else
{
pid = -1;
sff = SFF_REGONLY;
if (!bitnset(DBS_CLASSFILEINUNSAFEDIRPATH, DontBlameSendmail))
sff |= SFF_SAFEDIRPATH;
if (!bitnset(DBS_LINKEDCLASSFILEINWRITABLEDIR,
DontBlameSendmail))
sff |= SFF_NOWLINK;
if (safe)
sff |= SFF_OPENASROOT;
else if (RealUid == 0)
sff |= SFF_ROOTOK;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
f = safefopen(filename, O_RDONLY, 0, sff);
}
if (f == NULL)
{
if (!optional)
syserr("fileclass: cannot open '%s'", filename);
return;
}
while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
{
#if SCANF
char wordbuf[MAXLINE + 1];
-#endif /* SCANF */
+#endif
if (buf[0] == '#')
continue;
#if SCANF
if (sm_io_sscanf(buf, fmt, wordbuf) != 1)
continue;
p = wordbuf;
#else /* SCANF */
p = buf;
#endif /* SCANF */
parse_class_words(class, p);
/*
** If anything else is added here,
** check if the '@' map case above
** needs the code as well.
*/
}
(void) sm_io_close(f, SM_TIME_DEFAULT);
if (pid > 0)
(void) waitfor(pid);
}
#if _FFR_RCPTFLAGS
/* first character for dynamically created mailers */
static char dynmailerp = ' ';
/* list of first characters for cf defined mailers */
static char frst[MAXMAILERS + 1];
/*
** SETUPDYNMAILERS -- find a char that isn't used as first element of any
** mailer name.
**
** Parameters:
** none
**
** Returns:
** none
-**
+**
** Note: space is not valid in cf defined mailers hence the function
** will always find a char. It's not nice, but this is for
** internal names only.
*/
void
setupdynmailers()
{
int i;
char pp[] = "YXZ0123456789ABCDEFGHIJKLMNOPQRSTUVWyxzabcfghijkmnoqtuvw ";
frst[MAXMAILERS] = '\0';
for (i = 0; i < strlen(pp); i++)
{
if (strchr(frst, pp[i]) == NULL)
{
dynmailerp = pp[i];
if (tTd(25, 8))
sm_dprintf("dynmailerp=%c\n", dynmailerp);
return;
}
}
/* NOTREACHED */
SM_ASSERT(0);
}
/*
** NEWMODMAILER -- Create a new mailer with modifications
**
** Parameters:
** rcpt -- current RCPT
** fl -- flag to set
**
** Returns:
** true iff successful.
**
** Note: this creates a copy of the mailer for the rcpt and
** modifies exactly one flag. It does not work
** for multiple flags!
*/
bool
newmodmailer(rcpt, fl)
ADDRESS *rcpt;
int fl;
{
int idx;
struct mailer *m;
STAB *s;
char mname[256];
SM_REQUIRE(rcpt != NULL);
if (rcpt->q_mailer == NULL)
return false;
if (tTd(25, 8))
sm_dprintf("newmodmailer: rcpt=%s\n", rcpt->q_paddr);
SM_REQUIRE(rcpt->q_mailer->m_name != NULL);
SM_REQUIRE(rcpt->q_mailer->m_name[0] != '\0');
sm_strlcpy(mname, rcpt->q_mailer->m_name, sizeof(mname));
mname[0] = dynmailerp;
if (tTd(25, 8))
sm_dprintf("newmodmailer: name=%s\n", mname);
s = stab(mname, ST_MAILER, ST_ENTER);
if (s->s_mailer != NULL)
{
idx = s->s_mailer->m_mno;
if (tTd(25, 6))
sm_dprintf("newmodmailer: found idx=%d\n", idx);
}
else
{
idx = rcpt->q_mailer->m_mno;
idx += MAXMAILERS;
if (tTd(25, 6))
sm_dprintf("newmodmailer: idx=%d\n", idx);
if (idx > SM_ARRAY_SIZE(Mailer))
return false;
}
m = Mailer[idx];
if (m == NULL)
m = (struct mailer *) xalloc(sizeof(*m));
memset((char *) m, '\0', sizeof(*m));
STRUCTCOPY(*rcpt->q_mailer, *m);
Mailer[idx] = m;
/* "modify" the mailer */
setbitn(bitidx(fl), m->m_flags);
rcpt->q_mailer = m;
m->m_mno = idx;
m->m_name = newstr(mname);
if (tTd(25, 1))
sm_dprintf("newmodmailer: mailer[%d]=%s %p\n",
idx, Mailer[idx]->m_name, Mailer[idx]);
return true;
}
#endif /* _FFR_RCPTFLAGS */
/*
** MAKEMAILER -- define a new mailer.
**
** Parameters:
** line -- description of mailer. This is in labeled
** fields. The fields are:
** A -- the argv for this mailer
** C -- the character set for MIME conversions
** D -- the directory to run in
** E -- the eol string
** F -- the flags associated with the mailer
** L -- the maximum line length
** M -- the maximum message size
** N -- the niceness at which to run
** P -- the path to the mailer
** Q -- the queue group for the mailer
** R -- the recipient rewriting set
** S -- the sender rewriting set
** T -- the mailer type (for DSNs)
** U -- the uid to run as
** W -- the time to wait at the end
** m -- maximum messages per connection
** r -- maximum number of recipients per message
** / -- new root directory
** The first word is the canonical name of the mailer.
**
** Returns:
** none.
**
** Side Effects:
** enters the mailer into the mailer table.
*/
void
makemailer(line)
char *line;
{
register char *p;
register struct mailer *m;
register STAB *s;
int i;
char fcode;
auto char *endp;
static int nextmailer = 0; /* "free" index into Mailer struct */
/* allocate a mailer and set up defaults */
m = (struct mailer *) xalloc(sizeof(*m));
memset((char *) m, '\0', sizeof(*m));
errno = 0; /* avoid bogus error text */
/* collect the mailer name */
for (p = line;
- *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p));
+ *p != '\0' && *p != ',' && !(SM_ISSPACE(*p));
p++)
continue;
if (*p != '\0')
*p++ = '\0';
if (line[0] == '\0')
{
syserr("name required for mailer");
return;
}
m->m_name = newstr(line);
#if _FFR_RCPTFLAGS
frst[nextmailer] = line[0];
#endif
m->m_qgrp = NOQGRP;
m->m_uid = NO_UID;
m->m_gid = NO_GID;
/* now scan through and assign info from the fields */
while (*p != '\0')
{
auto char *delimptr;
while (*p != '\0' &&
- (*p == ',' || (isascii(*p) && isspace(*p))))
+ (*p == ',' || (SM_ISSPACE(*p))))
p++;
/* p now points to field code */
fcode = *p;
while (*p != '\0' && *p != '=' && *p != ',')
p++;
if (*p++ != '=')
{
syserr("mailer %s: `=' expected", m->m_name);
return;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
/* p now points to the field body */
p = munchstring(p, &delimptr, ',');
/* install the field into the mailer struct */
switch (fcode)
{
case 'P': /* pathname */
if (*p != '\0') /* error is issued below */
m->m_mailer = newstr(p);
break;
case 'F': /* flags */
for (; *p != '\0'; p++)
{
- if (!(isascii(*p) && isspace(*p)))
+ if (!(SM_ISSPACE(*p)))
{
if (*p == M_INTERNAL)
sm_syslog(LOG_WARNING, NOQID,
"WARNING: mailer=%s, flag=%c deprecated",
m->m_name, *p);
setbitn(bitidx(*p), m->m_flags);
}
}
break;
case 'S': /* sender rewriting ruleset */
case 'R': /* recipient rewriting ruleset */
i = strtorwset(p, &endp, ST_ENTER);
if (i < 0)
return;
if (fcode == 'S')
m->m_sh_rwset = m->m_se_rwset = i;
else
m->m_rh_rwset = m->m_re_rwset = i;
p = endp;
if (*p++ == '/')
{
i = strtorwset(p, NULL, ST_ENTER);
if (i < 0)
return;
if (fcode == 'S')
m->m_sh_rwset = i;
else
m->m_rh_rwset = i;
}
break;
case 'E': /* end of line string */
if (*p == '\0')
syserr("mailer %s: null end-of-line string",
m->m_name);
else
m->m_eol = newstr(p);
break;
case 'A': /* argument vector */
if (*p != '\0') /* error is issued below */
m->m_argv = makeargv(p);
break;
case 'M': /* maximum message size */
m->m_maxsize = atol(p);
break;
case 'm': /* maximum messages per connection */
m->m_maxdeliveries = atoi(p);
break;
case 'r': /* max recipient per envelope */
m->m_maxrcpt = atoi(p);
break;
case 'L': /* maximum line length */
m->m_linelimit = atoi(p);
if (m->m_linelimit < 0)
m->m_linelimit = 0;
break;
case 'N': /* run niceness */
m->m_nice = atoi(p);
break;
case 'D': /* working directory */
if (*p == '\0')
syserr("mailer %s: null working directory",
m->m_name);
else
m->m_execdir = newstr(p);
break;
case 'C': /* default charset */
if (*p == '\0')
syserr("mailer %s: null charset", m->m_name);
else
m->m_defcharset = newstr(p);
break;
case 'Q': /* queue for this mailer */
if (*p == '\0')
{
syserr("mailer %s: null queue", m->m_name);
break;
}
s = stab(p, ST_QUEUE, ST_FIND);
if (s == NULL)
syserr("mailer %s: unknown queue %s",
m->m_name, p);
else
m->m_qgrp = s->s_quegrp->qg_index;
break;
case 'T': /* MTA-Name/Address/Diagnostic types */
/* extract MTA name type; default to "dns" */
m->m_mtatype = newstr(p);
p = strchr(m->m_mtatype, '/');
if (p != NULL)
{
*p++ = '\0';
if (*p == '\0')
p = NULL;
}
if (*m->m_mtatype == '\0')
m->m_mtatype = "dns";
/* extract address type; default to "rfc822" */
m->m_addrtype = p;
if (p != NULL)
p = strchr(p, '/');
if (p != NULL)
{
*p++ = '\0';
if (*p == '\0')
p = NULL;
}
if (m->m_addrtype == NULL || *m->m_addrtype == '\0')
m->m_addrtype = "rfc822";
/* extract diagnostic type; default to "smtp" */
m->m_diagtype = p;
if (m->m_diagtype == NULL || *m->m_diagtype == '\0')
m->m_diagtype = "smtp";
break;
case 'U': /* user id */
if (isascii(*p) && !isdigit(*p))
{
char *q = p;
struct passwd *pw;
while (*p != '\0' && isascii(*p) &&
# if _FFR_DOTTED_USERNAMES
(isalnum(*p) || strchr(SM_PWN_CHARS, *p) != NULL))
-# else /* _FFR_DOTTED_USERNAMES */
+# else
(isalnum(*p) || strchr("-_", *p) != NULL))
-# endif /* _FFR_DOTTED_USERNAMES */
+# endif
p++;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
*p++ = '\0';
if (*p != '\0')
*p++ = '\0';
if (*q == '\0')
{
syserr("mailer %s: null user name",
m->m_name);
break;
}
pw = sm_getpwnam(q);
if (pw == NULL)
{
syserr("readcf: mailer U= flag: unknown user %s", q);
break;
}
else
{
m->m_uid = pw->pw_uid;
m->m_gid = pw->pw_gid;
}
}
else
{
auto char *q;
m->m_uid = strtol(p, &q, 0);
p = q;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p != '\0')
p++;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (*p == '\0')
break;
if (isascii(*p) && !isdigit(*p))
{
char *q = p;
struct group *gr;
while (isascii(*p) &&
(isalnum(*p) || strchr(SM_PWN_CHARS, *p) != NULL))
p++;
*p++ = '\0';
if (*q == '\0')
{
syserr("mailer %s: null group name",
m->m_name);
break;
}
gr = getgrnam(q);
if (gr == NULL)
{
syserr("readcf: mailer U= flag: unknown group %s", q);
break;
}
else
m->m_gid = gr->gr_gid;
}
else
{
m->m_gid = strtol(p, NULL, 0);
}
break;
case 'W': /* wait timeout */
m->m_wait = convtime(p, 's');
break;
case '/': /* new root directory */
if (*p == '\0')
syserr("mailer %s: null root directory",
m->m_name);
else
m->m_rootdir = newstr(p);
break;
default:
syserr("M%s: unknown mailer equate %c=",
m->m_name, fcode);
break;
}
p = delimptr;
}
#if !HASRRESVPORT
if (bitnset(M_SECURE_PORT, m->m_flags))
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"M%s: Warning: F=%c set on system that doesn't support rresvport()\n",
m->m_name, M_SECURE_PORT);
}
#endif /* !HASRRESVPORT */
#if !HASNICE
if (m->m_nice != 0)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"M%s: Warning: N= set on system that doesn't support nice()\n",
m->m_name);
}
#endif /* !HASNICE */
/* do some rationality checking */
if (m->m_argv == NULL)
{
syserr("M%s: A= argument required", m->m_name);
return;
}
if (m->m_mailer == NULL)
{
syserr("M%s: P= argument required", m->m_name);
return;
}
if (nextmailer >= MAXMAILERS)
{
syserr("too many mailers defined (%d max)", MAXMAILERS);
return;
}
if (m->m_maxrcpt <= 0)
m->m_maxrcpt = DEFAULT_MAX_RCPT;
/* do some heuristic cleanup for back compatibility */
if (bitnset(M_LIMITS, m->m_flags))
{
if (m->m_linelimit == 0)
m->m_linelimit = SMTPLINELIM;
if (ConfigLevel < 2)
setbitn(M_7BITS, m->m_flags);
}
if (strcmp(m->m_mailer, "[TCP]") == 0)
{
syserr("M%s: P=[TCP] must be replaced by P=[IPC]", m->m_name);
return;
}
if (strcmp(m->m_mailer, "[IPC]") == 0)
{
/* Use the second argument for host or path to socket */
if (m->m_argv[0] == NULL || m->m_argv[1] == NULL ||
m->m_argv[1][0] == '\0')
{
syserr("M%s: too few parameters for %s mailer",
m->m_name, m->m_mailer);
return;
}
if (strcmp(m->m_argv[0], "TCP") != 0
#if NETUNIX
&& strcmp(m->m_argv[0], "FILE") != 0
-#endif /* NETUNIX */
+#endif
)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"M%s: Warning: first argument in %s mailer must be %s\n",
m->m_name, m->m_mailer,
#if NETUNIX
"TCP or FILE"
-#else /* NETUNIX */
+#else
"TCP"
-#endif /* NETUNIX */
+#endif
);
}
if (m->m_mtatype == NULL)
m->m_mtatype = "dns";
if (m->m_addrtype == NULL)
m->m_addrtype = "rfc822";
if (m->m_diagtype == NULL)
{
if (m->m_argv[0] != NULL &&
strcmp(m->m_argv[0], "FILE") == 0)
m->m_diagtype = "x-unix";
else
m->m_diagtype = "smtp";
}
}
else if (strcmp(m->m_mailer, "[FILE]") == 0)
{
/* Use the second argument for filename */
if (m->m_argv[0] == NULL || m->m_argv[1] == NULL ||
m->m_argv[2] != NULL)
{
syserr("M%s: too %s parameters for [FILE] mailer",
m->m_name,
(m->m_argv[0] == NULL ||
m->m_argv[1] == NULL) ? "few" : "many");
return;
}
else if (strcmp(m->m_argv[0], "FILE") != 0)
{
syserr("M%s: first argument in [FILE] mailer must be FILE",
m->m_name);
return;
}
}
if (m->m_eol == NULL)
{
char **pp;
/* default for SMTP is \r\n; use \n for local delivery */
for (pp = m->m_argv; *pp != NULL; pp++)
{
for (p = *pp; *p != '\0'; )
{
if ((*p++ & 0377) == MACROEXPAND && *p == 'u')
break;
}
if (*p != '\0')
break;
}
if (*pp == NULL)
m->m_eol = "\r\n";
else
m->m_eol = "\n";
}
/* enter the mailer into the symbol table */
s = stab(m->m_name, ST_MAILER, ST_ENTER);
if (s->s_mailer != NULL)
{
i = s->s_mailer->m_mno;
sm_free(s->s_mailer); /* XXX */
}
else
{
i = nextmailer++;
}
Mailer[i] = s->s_mailer = m;
m->m_mno = i;
}
/*
** MUNCHSTRING -- translate a string into internal form.
**
** Parameters:
** p -- the string to munch.
** delimptr -- if non-NULL, set to the pointer of the
** field delimiter character.
** delim -- the delimiter for the field.
**
** Returns:
** the munched string.
**
** Side Effects:
** the munched string is a local static buffer.
** it must be copied before the function is called again.
*/
char *
munchstring(p, delimptr, delim)
register char *p;
char **delimptr;
int delim;
{
register char *q;
bool backslash = false;
bool quotemode = false;
static char buf[MAXLINE];
for (q = buf; *p != '\0' && q < &buf[sizeof(buf) - 1]; p++)
{
if (backslash)
{
/* everything is roughly literal */
backslash = false;
switch (*p)
{
case 'r': /* carriage return */
*q++ = '\r';
continue;
case 'n': /* newline */
*q++ = '\n';
continue;
case 'f': /* form feed */
*q++ = '\f';
continue;
case 'b': /* backspace */
*q++ = '\b';
continue;
}
*q++ = *p;
}
else
{
if (*p == '\\')
backslash = true;
else if (*p == '"')
quotemode = !quotemode;
else if (quotemode || *p != delim)
*q++ = *p;
else
break;
}
}
if (delimptr != NULL)
*delimptr = p;
*q++ = '\0';
return buf;
}
/*
** EXTRQUOTSTR -- extract a (quoted) string.
**
** This routine deals with quoted (") strings and escaped
** spaces (\\ ).
**
** Parameters:
** p -- source string.
** delimptr -- if non-NULL, set to the pointer of the
** field delimiter character.
** delimbuf -- delimiters for the field.
** st -- if non-NULL, store the return value (whether the
** string was correctly quoted) here.
**
** Returns:
** the extracted string.
**
** Side Effects:
** the returned string is a local static buffer.
** it must be copied before the function is called again.
*/
static char *
extrquotstr(p, delimptr, delimbuf, st)
register char *p;
char **delimptr;
char *delimbuf;
bool *st;
{
register char *q;
bool backslash = false;
bool quotemode = false;
static char buf[MAXLINE];
for (q = buf; *p != '\0' && q < &buf[sizeof(buf) - 1]; p++)
{
if (backslash)
{
backslash = false;
if (*p != ' ')
*q++ = '\\';
}
if (*p == '\\')
backslash = true;
else if (*p == '"')
quotemode = !quotemode;
else if (quotemode ||
strchr(delimbuf, (int) *p) == NULL)
*q++ = *p;
else
break;
}
if (delimptr != NULL)
*delimptr = p;
*q++ = '\0';
if (st != NULL)
*st = !(quotemode || backslash);
return buf;
}
/*
** MAKEARGV -- break up a string into words
**
** Parameters:
** p -- the string to break up.
**
** Returns:
** a char **argv (dynamically allocated)
**
** Side Effects:
** munges p.
*/
static char **
makeargv(p)
register char *p;
{
char *q;
int i;
char **avp;
char *argv[MAXPV + 1];
/* take apart the words */
i = 0;
while (*p != '\0' && i < MAXPV)
{
q = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
*p++ = '\0';
argv[i++] = newstr(q);
}
argv[i++] = NULL;
/* now make a copy of the argv */
avp = (char **) xalloc(sizeof(*avp) * i);
memmove((char *) avp, (char *) argv, sizeof(*avp) * i);
return avp;
}
/*
** PRINTRULES -- print rewrite rules (for debugging)
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** prints rewrite rules.
*/
void
printrules()
{
register struct rewrite *rwp;
register int ruleset;
for (ruleset = 0; ruleset < 10; ruleset++)
{
if (RewriteRules[ruleset] == NULL)
continue;
sm_dprintf("\n----Rule Set %d:", ruleset);
for (rwp = RewriteRules[ruleset]; rwp != NULL; rwp = rwp->r_next)
{
sm_dprintf("\nLHS:");
printav(sm_debug_file(), rwp->r_lhs);
sm_dprintf("RHS:");
printav(sm_debug_file(), rwp->r_rhs);
}
}
}
/*
** PRINTMAILER -- print mailer structure (for debugging)
**
** Parameters:
** fp -- output file
** m -- the mailer to print
**
** Returns:
** none.
*/
void
printmailer(fp, m)
SM_FILE_T *fp;
register MAILER *m;
{
int j;
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"mailer %d (%s): P=%s S=", m->m_mno, m->m_name,
m->m_mailer);
if (RuleSetNames[m->m_se_rwset] == NULL)
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%d/",
m->m_se_rwset);
else
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s/",
RuleSetNames[m->m_se_rwset]);
if (RuleSetNames[m->m_sh_rwset] == NULL)
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%d R=",
m->m_sh_rwset);
else
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s R=",
RuleSetNames[m->m_sh_rwset]);
if (RuleSetNames[m->m_re_rwset] == NULL)
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%d/",
m->m_re_rwset);
else
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s/",
RuleSetNames[m->m_re_rwset]);
if (RuleSetNames[m->m_rh_rwset] == NULL)
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%d ",
m->m_rh_rwset);
else
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s ",
RuleSetNames[m->m_rh_rwset]);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "M=%ld U=%d:%d F=",
m->m_maxsize, (int) m->m_uid, (int) m->m_gid);
for (j = '\0'; j <= '\177'; j++)
if (bitnset(j, m->m_flags))
(void) sm_io_putc(fp, SM_TIME_DEFAULT, j);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, " L=%d E=",
m->m_linelimit);
xputs(fp, m->m_eol);
if (m->m_defcharset != NULL)
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, " C=%s",
m->m_defcharset);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, " T=%s/%s/%s",
m->m_mtatype == NULL
? "<undefined>" : m->m_mtatype,
m->m_addrtype == NULL
? "<undefined>" : m->m_addrtype,
m->m_diagtype == NULL
? "<undefined>" : m->m_diagtype);
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, " r=%d", m->m_maxrcpt);
if (m->m_argv != NULL)
{
char **a = m->m_argv;
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, " A=");
while (*a != NULL)
{
if (a != m->m_argv)
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
" ");
xputs(fp, *a++);
}
}
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "\n");
}
#if STARTTLS
static struct ssl_options
{
const char *sslopt_name; /* name of the flag */
long sslopt_bits; /* bits to set/clear */
} SSL_Option[] =
{
/* Workaround for bugs are turned on by default (as well as some others) */
#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG
{ "SSL_OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG },
#endif
#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
{ "SSL_OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG },
#endif
#ifdef SSL_OP_LEGACY_SERVER_CONNECT
{ "SSL_OP_LEGACY_SERVER_CONNECT", SSL_OP_LEGACY_SERVER_CONNECT },
#endif
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
{ "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG },
#endif
#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
{ "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG },
#endif
#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
{ "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER },
#endif
#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
{ "SSL_OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING },
#endif
#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
{ "SSL_OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG },
#endif
#ifdef SSL_OP_TLS_D5_BUG
{ "SSL_OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG },
#endif
#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG
{ "SSL_OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG },
#endif
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
{ "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS },
#endif
#ifdef SSL_OP_ALL
{ "SSL_OP_ALL", SSL_OP_ALL },
#endif
#ifdef SSL_OP_NO_QUERY_MTU
{ "SSL_OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU },
#endif
#ifdef SSL_OP_COOKIE_EXCHANGE
{ "SSL_OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE },
#endif
#ifdef SSL_OP_NO_TICKET
{ "SSL_OP_NO_TICKET", SSL_OP_NO_TICKET },
#endif
#ifdef SSL_OP_CISCO_ANYCONNECT
{ "SSL_OP_CISCO_ANYCONNECT", SSL_OP_CISCO_ANYCONNECT },
#endif
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
{ "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION },
#endif
#ifdef SSL_OP_NO_COMPRESSION
{ "SSL_OP_NO_COMPRESSION", SSL_OP_NO_COMPRESSION },
#endif
#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
{ "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION },
#endif
#ifdef SSL_OP_SINGLE_ECDH_USE
{ "SSL_OP_SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE },
#endif
#ifdef SSL_OP_SINGLE_DH_USE
{ "SSL_OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE },
#endif
#ifdef SSL_OP_EPHEMERAL_RSA
{ "SSL_OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA },
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
{ "SSL_OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE },
#endif
#ifdef SSL_OP_TLS_ROLLBACK_BUG
{ "SSL_OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG },
#endif
#ifdef SSL_OP_NO_SSLv2
{ "SSL_OP_NO_SSLv2", SSL_OP_NO_SSLv2 },
#endif
#ifdef SSL_OP_NO_SSLv3
{ "SSL_OP_NO_SSLv3", SSL_OP_NO_SSLv3 },
#endif
#ifdef SSL_OP_NO_TLSv1
{ "SSL_OP_NO_TLSv1", SSL_OP_NO_TLSv1 },
#endif
+#ifdef SSL_OP_NO_TLSv1_3
+ { "SSL_OP_NO_TLSv1_3", SSL_OP_NO_TLSv1_3 },
+#endif
#ifdef SSL_OP_NO_TLSv1_2
{ "SSL_OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2 },
#endif
#ifdef SSL_OP_NO_TLSv1_1
{ "SSL_OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1 },
#endif
#ifdef SSL_OP_PKCS1_CHECK_1
{ "SSL_OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 },
#endif
#ifdef SSL_OP_PKCS1_CHECK_2
{ "SSL_OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2 },
#endif
#ifdef SSL_OP_NETSCAPE_CA_DN_BUG
{ "SSL_OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG },
#endif
#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
{ "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG },
#endif
#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG
{ "SSL_OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG },
#endif
#ifdef SSL_OP_TLSEXT_PADDING
{ "SSL_OP_TLSEXT_PADDING", SSL_OP_TLSEXT_PADDING },
+#endif
+#ifdef SSL_OP_NO_RENEGOTIATION
+ { "SSL_OP_NO_RENEGOTIATION", SSL_OP_NO_RENEGOTIATION },
+#endif
+#ifdef SSL_OP_NO_ANTI_REPLAY
+ { "SSL_OP_NO_ANTI_REPLAY", SSL_OP_NO_ANTI_REPLAY },
+#endif
+#ifdef SSL_OP_ALLOW_NO_DHE_KEX
+ { "SSL_OP_ALLOW_NO_DHE_KEX", SSL_OP_ALLOW_NO_DHE_KEX },
+#endif
+#ifdef SSL_OP_NO_ENCRYPT_THEN_MAC
+ { "SSL_OP_NO_ENCRYPT_THEN_MAC", SSL_OP_NO_ENCRYPT_THEN_MAC },
+#endif
+#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+ { "SSL_OP_ENABLE_MIDDLEBOX_COMPAT", SSL_OP_ENABLE_MIDDLEBOX_COMPAT },
+#endif
+#ifdef SSL_OP_PRIORITIZE_CHACHA
+ { "SSL_OP_PRIORITIZE_CHACHA", SSL_OP_PRIORITIZE_CHACHA },
#endif
{ NULL, 0 }
};
/*
** READSSLOPTIONS -- read SSL_OP_* values
**
** Parameters:
** opt -- name of option (can be NULL)
** val -- string with SSL_OP_* values or hex value
** delim -- end of string (e.g., '\0' or ';')
** pssloptions -- return value (output)
**
** Returns:
** 0 on success.
*/
#define SSLOPERR_NAN 1
#define SSLOPERR_NOTFOUND 2
-#define SM_ISSPACE(c) (isascii(c) && isspace(c))
+
+static int readssloptions __P((char *, char *, unsigned long *, int ));
static int
readssloptions(opt, val, pssloptions, delim)
char *opt;
char *val;
unsigned long *pssloptions;
int delim;
{
char *p;
int ret;
ret = 0;
for (p = val; *p != '\0' && *p != delim; )
{
bool clearmode;
char *q;
unsigned long sslopt_val;
struct ssl_options *sslopts;
while (*p == ' ')
p++;
if (*p == '\0')
break;
clearmode = false;
if (*p == '-' || *p == '+')
clearmode = *p++ == '-';
q = p;
while (*p != '\0' && !(SM_ISSPACE(*p)) && *p != ',')
p++;
if (*p != '\0')
*p++ = '\0';
sslopt_val = 0;
if (isdigit(*q))
{
char *end;
sslopt_val = strtoul(q, &end, 0);
/* not a complete "syntax" check but good enough */
if (end == q)
{
errno = 0;
ret = SSLOPERR_NAN;
if (opt != NULL)
syserr("readcf: %s option value %s not a number",
opt, q);
sslopt_val = 0;
}
}
else
{
for (sslopts = SSL_Option;
sslopts->sslopt_name != NULL; sslopts++)
{
if (sm_strcasecmp(q, sslopts->sslopt_name) == 0)
{
sslopt_val = sslopts->sslopt_bits;
break;
}
}
if (sslopts->sslopt_name == NULL)
{
errno = 0;
ret = SSLOPERR_NOTFOUND;
if (opt != NULL)
syserr("readcf: %s option value %s unrecognized",
opt, q);
}
}
if (sslopt_val != 0)
{
if (clearmode)
*pssloptions &= ~sslopt_val;
else
*pssloptions |= sslopt_val;
}
}
return ret;
}
-# if _FFR_TLS_SE_OPTS
/*
** GET_TLS_SE_OPTIONS -- get TLS session options (from ruleset)
**
** Parameters:
** e -- envelope
** ssl -- TLS session context
+** tlsi_ctx -- TLS info context
** srv -- server?
**
** Returns:
** 0 on success.
*/
int
-get_tls_se_options(e, ssl, srv)
+get_tls_se_options(e, ssl, tlsi_ctx, srv)
ENVELOPE *e;
SSL *ssl;
+ tlsi_ctx_T *tlsi_ctx;
bool srv;
{
bool saveQuickAbort, saveSuprErrs, ok;
char *optionlist, *opt, *val;
char *keyfile, *certfile;
size_t len, i;
int ret;
# define who (srv ? "server" : "client")
# define NAME_C_S macvalue(macid(srv ? "{client_name}" : "{server_name}"), e)
# define ADDR_C_S macvalue(macid(srv ? "{client_addr}" : "{server_addr}"), e)
# define WHICH srv ? "srv" : "clt"
ret = 0;
keyfile = certfile = opt = val = NULL;
saveQuickAbort = QuickAbort;
saveSuprErrs = SuprErrs;
SuprErrs = true;
QuickAbort = false;
optionlist = NULL;
ok = rscheck(srv ? "tls_srv_features" : "tls_clt_features",
NAME_C_S, ADDR_C_S, e,
RSF_RMCOMM|RSF_ADDR|RSF_STRING,
5, NULL, NOQID, NULL, &optionlist) == EX_OK;
if (!ok && LogLevel > 8)
{
sm_syslog(LOG_NOTICE, NOQID,
"rscheck(tls_%s_features)=failed, relay=%s [%s], errors=%d",
WHICH, NAME_C_S, ADDR_C_S,
Errors);
}
QuickAbort = saveQuickAbort;
SuprErrs = saveSuprErrs;
if (ok && LogLevel > 9)
{
sm_syslog(LOG_INFO, NOQID,
"tls_%s_features=%s, relay=%s [%s]",
WHICH, optionlist, NAME_C_S, ADDR_C_S);
}
if (!ok || optionlist == NULL || (len = strlen(optionlist)) < 2)
{
if (LogLevel > 9)
sm_syslog(LOG_INFO, NOQID,
"tls_%s_features=empty, relay=%s [%s]",
- WHICH, NAME_C_S, ADDR_C_S);
+ WHICH, NAME_C_S, ADDR_C_S);
return ok ? 0 : 1;
}
i = 0;
if (optionlist[0] == '"' && optionlist[len - 1] == '"')
{
optionlist[0] = ' ';
optionlist[--len] = '\0';
if (len <= 2)
{
if (LogLevel > 9 && len > 1)
sm_syslog(LOG_INFO, NOQID,
"tls_%s_features=too_short, relay=%s [%s]",
- WHICH, NAME_C_S, ADDR_C_S);
+ WHICH, NAME_C_S, ADDR_C_S);
/* this is not treated as error! */
return 0;
}
i = 1;
}
# define INVALIDSYNTAX \
do { \
if (LogLevel > 7) \
sm_syslog(LOG_INFO, NOQID, \
"tls_%s_features=invalid_syntax, opt=%s, relay=%s [%s]", \
- WHICH, opt, NAME_C_S, ADDR_C_S); \
+ WHICH, opt, NAME_C_S, ADDR_C_S); \
return -1; \
} while (0)
# define CHECKLEN \
do { \
if (i >= len) \
INVALIDSYNTAX; \
} while (0)
# define SKIPWS \
do { \
while (i < len && SM_ISSPACE(optionlist[i])) \
++i; \
CHECKLEN; \
} while (0)
/* parse and handle opt=val; */
do {
char sep;
SKIPWS;
opt = optionlist + i;
sep = '=';
while (i < len && optionlist[i] != sep
&& optionlist[i] != '\0' && !SM_ISSPACE(optionlist[i]))
++i;
CHECKLEN;
while (i < len && SM_ISSPACE(optionlist[i]))
optionlist[i++] = '\0';
CHECKLEN;
if (optionlist[i] != sep)
INVALIDSYNTAX;
optionlist[i++] = '\0';
SKIPWS;
val = optionlist + i;
sep = ';';
while (i < len && optionlist[i] != sep && optionlist[i] != '\0')
++i;
if (optionlist[i] != '\0')
{
CHECKLEN;
optionlist[i++] = '\0';
}
if (LogLevel > 13)
sm_syslog(LOG_DEBUG, NOQID,
"tls_%s_features=parsed, %s=%s, relay=%s [%s]",
WHICH, opt, val, NAME_C_S, ADDR_C_S);
if (sm_strcasecmp(opt, "options") == 0)
{
unsigned long ssloptions;
ssloptions = 0;
ret = readssloptions(NULL, val, &ssloptions, ';');
if (ret == 0)
(void) SSL_set_options(ssl, (long) ssloptions);
else if (LogLevel > 8)
{
sm_syslog(LOG_WARNING, NOQID,
"tls_%s_features=%s, error=%s, relay=%s [%s]",
WHICH, val,
(ret == SSLOPERR_NAN) ? "not a number" :
((ret == SSLOPERR_NOTFOUND) ? "SSL_OP not found" :
"unknown"),
NAME_C_S, ADDR_C_S);
}
}
else if (sm_strcasecmp(opt, "cipherlist") == 0)
{
if (SSL_set_cipher_list(ssl, val) <= 0)
{
ret = 1;
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_set_cipher_list(%s) failed",
who, val);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
}
}
+ else if (sm_strcasecmp(opt, "flags") == 0)
+ {
+ char *p;
+
+ for (p = val; *p != '\0'; p++)
+ {
+ if (isascii(*p) && isalnum(*p))
+ setbitn(bitidx(*p), tlsi_ctx->tlsi_flags);
+ }
+ }
else if (sm_strcasecmp(opt, "keyfile") == 0)
keyfile = val;
else if (sm_strcasecmp(opt, "certfile") == 0)
certfile = val;
else
{
ret = 1;
if (LogLevel > 7)
{
sm_syslog(LOG_INFO, NOQID,
"tls_%s_features=unknown_option, opt=%s, relay=%s [%s]",
- WHICH, opt, NAME_C_S, ADDR_C_S);
+ WHICH, opt, NAME_C_S, ADDR_C_S);
}
}
} while (optionlist[i] != '\0' && i < len);
/* need cert and key before we can use the options */
/* does not implement the "," hack for 2nd cert/key pair */
if (keyfile != NULL && certfile != NULL)
{
load_certkey(ssl, srv, certfile, keyfile);
keyfile = certfile = NULL;
}
else if (keyfile != NULL || certfile != NULL)
{
ret = 1;
if (LogLevel > 7)
{
sm_syslog(LOG_INFO, NOQID,
"tls_%s_features=only_one_of_CertFile/KeyFile_specified, relay=%s [%s]",
- WHICH, NAME_C_S, ADDR_C_S);
+ WHICH, NAME_C_S, ADDR_C_S);
}
}
return ret;
# undef who
# undef NAME_C_S
# undef ADDR_C_S
# undef WHICH
}
-# endif /* _FFR_TLS_SE_OPTS */
#endif /* STARTTLS */
/*
** SETOPTION -- set global processing option
**
** Parameters:
** opt -- option name.
** val -- option value (as a text string).
** safe -- set if this came from a configuration file.
** Some options (if set from the command line) will
** reset the user id to avoid security problems.
** sticky -- if set, don't let other setoptions override
** this value.
** e -- the main envelope.
**
** Returns:
** none.
**
** Side Effects:
** Sets options as implied by the arguments.
*/
static BITMAP256 StickyOpt; /* set if option is stuck */
#if NAMED_BIND
static struct resolverflags
{
char *rf_name; /* name of the flag */
long rf_bits; /* bits to set/clear */
} ResolverFlags[] =
{
{ "debug", RES_DEBUG },
{ "aaonly", RES_AAONLY },
{ "usevc", RES_USEVC },
{ "primary", RES_PRIMARY },
{ "igntc", RES_IGNTC },
{ "recurse", RES_RECURSE },
{ "defnames", RES_DEFNAMES },
{ "stayopen", RES_STAYOPEN },
{ "dnsrch", RES_DNSRCH },
# ifdef RES_USE_INET6
{ "use_inet6", RES_USE_INET6 },
-# endif /* RES_USE_INET6 */
+# endif
+# ifdef RES_USE_EDNS0
+ { "use_edns0", RES_USE_EDNS0 },
+# endif
+# ifdef RES_USE_DNSSEC
+ { "use_dnssec", RES_USE_DNSSEC },
+# endif
+# if RES_TRUSTAD
+ { "trustad", RES_TRUSTAD },
+# endif
+ { "true", 0 }, /* avoid error on old syntax */
{ "true", 0 }, /* avoid error on old syntax */
{ NULL, 0 }
};
#endif /* NAMED_BIND */
#define OI_NONE 0 /* no special treatment */
#define OI_SAFE 0x0001 /* safe for random people to use */
#define OI_SUBOPT 0x0002 /* option has suboptions */
static struct optioninfo
{
char *o_name; /* long name of option */
unsigned char o_code; /* short name of option */
unsigned short o_flags; /* option flags */
} OptionTab[] =
{
#if defined(SUN_EXTENSIONS) && defined(REMOTE_MODE)
{ "RemoteMode", '>', OI_NONE },
-#endif /* defined(SUN_EXTENSIONS) && defined(REMOTE_MODE) */
+#endif
{ "SevenBitInput", '7', OI_SAFE },
{ "EightBitMode", '8', OI_SAFE },
{ "AliasFile", 'A', OI_NONE },
{ "AliasWait", 'a', OI_NONE },
{ "BlankSub", 'B', OI_NONE },
{ "MinFreeBlocks", 'b', OI_SAFE },
{ "CheckpointInterval", 'C', OI_SAFE },
{ "HoldExpensive", 'c', OI_NONE },
{ "DeliveryMode", 'd', OI_SAFE },
{ "ErrorHeader", 'E', OI_NONE },
{ "ErrorMode", 'e', OI_SAFE },
{ "TempFileMode", 'F', OI_NONE },
{ "SaveFromLine", 'f', OI_NONE },
{ "MatchGECOS", 'G', OI_NONE },
/* no long name, just here to avoid problems in setoption */
{ "", 'g', OI_NONE },
{ "HelpFile", 'H', OI_NONE },
{ "MaxHopCount", 'h', OI_NONE },
{ "ResolverOptions", 'I', OI_NONE },
{ "IgnoreDots", 'i', OI_SAFE },
{ "ForwardPath", 'J', OI_NONE },
{ "SendMimeErrors", 'j', OI_SAFE },
{ "ConnectionCacheSize", 'k', OI_NONE },
{ "ConnectionCacheTimeout", 'K', OI_NONE },
{ "UseErrorsTo", 'l', OI_NONE },
{ "LogLevel", 'L', OI_SAFE },
{ "MeToo", 'm', OI_SAFE },
/* no long name, just here to avoid problems in setoption */
{ "", 'M', OI_NONE },
{ "CheckAliases", 'n', OI_NONE },
{ "OldStyleHeaders", 'o', OI_SAFE },
{ "DaemonPortOptions", 'O', OI_NONE },
{ "PrivacyOptions", 'p', OI_SAFE },
{ "PostmasterCopy", 'P', OI_NONE },
{ "QueueFactor", 'q', OI_NONE },
{ "QueueDirectory", 'Q', OI_NONE },
{ "DontPruneRoutes", 'R', OI_NONE },
{ "Timeout", 'r', OI_SUBOPT },
{ "StatusFile", 'S', OI_NONE },
{ "SuperSafe", 's', OI_SAFE },
{ "QueueTimeout", 'T', OI_NONE },
{ "TimeZoneSpec", 't', OI_NONE },
{ "UserDatabaseSpec", 'U', OI_NONE },
{ "DefaultUser", 'u', OI_NONE },
{ "FallbackMXhost", 'V', OI_NONE },
{ "Verbose", 'v', OI_SAFE },
{ "TryNullMXList", 'w', OI_NONE },
{ "QueueLA", 'x', OI_NONE },
{ "RefuseLA", 'X', OI_NONE },
{ "RecipientFactor", 'y', OI_NONE },
{ "ForkEachJob", 'Y', OI_NONE },
{ "ClassFactor", 'z', OI_NONE },
{ "RetryFactor", 'Z', OI_NONE },
#define O_QUEUESORTORD 0x81
{ "QueueSortOrder", O_QUEUESORTORD, OI_SAFE },
#define O_HOSTSFILE 0x82
{ "HostsFile", O_HOSTSFILE, OI_NONE },
#define O_MQA 0x83
{ "MinQueueAge", O_MQA, OI_SAFE },
#define O_DEFCHARSET 0x85
{ "DefaultCharSet", O_DEFCHARSET, OI_SAFE },
#define O_SSFILE 0x86
{ "ServiceSwitchFile", O_SSFILE, OI_NONE },
#define O_DIALDELAY 0x87
{ "DialDelay", O_DIALDELAY, OI_SAFE },
#define O_NORCPTACTION 0x88
{ "NoRecipientAction", O_NORCPTACTION, OI_SAFE },
#define O_SAFEFILEENV 0x89
{ "SafeFileEnvironment", O_SAFEFILEENV, OI_NONE },
#define O_MAXMSGSIZE 0x8a
{ "MaxMessageSize", O_MAXMSGSIZE, OI_NONE },
#define O_COLONOKINADDR 0x8b
{ "ColonOkInAddr", O_COLONOKINADDR, OI_SAFE },
#define O_MAXQUEUERUN 0x8c
{ "MaxQueueRunSize", O_MAXQUEUERUN, OI_SAFE },
#define O_MAXCHILDREN 0x8d
{ "MaxDaemonChildren", O_MAXCHILDREN, OI_NONE },
#define O_KEEPCNAMES 0x8e
{ "DontExpandCnames", O_KEEPCNAMES, OI_NONE },
#define O_MUSTQUOTE 0x8f
{ "MustQuoteChars", O_MUSTQUOTE, OI_NONE },
#define O_SMTPGREETING 0x90
{ "SmtpGreetingMessage", O_SMTPGREETING, OI_NONE },
#define O_UNIXFROM 0x91
{ "UnixFromLine", O_UNIXFROM, OI_NONE },
#define O_OPCHARS 0x92
{ "OperatorChars", O_OPCHARS, OI_NONE },
#define O_DONTINITGRPS 0x93
{ "DontInitGroups", O_DONTINITGRPS, OI_NONE },
#define O_SLFH 0x94
{ "SingleLineFromHeader", O_SLFH, OI_SAFE },
#define O_ABH 0x95
{ "AllowBogusHELO", O_ABH, OI_SAFE },
#define O_CONNTHROT 0x97
{ "ConnectionRateThrottle", O_CONNTHROT, OI_NONE },
#define O_UGW 0x99
{ "UnsafeGroupWrites", O_UGW, OI_NONE },
#define O_DBLBOUNCE 0x9a
{ "DoubleBounceAddress", O_DBLBOUNCE, OI_NONE },
#define O_HSDIR 0x9b
{ "HostStatusDirectory", O_HSDIR, OI_NONE },
#define O_SINGTHREAD 0x9c
{ "SingleThreadDelivery", O_SINGTHREAD, OI_NONE },
#define O_RUNASUSER 0x9d
{ "RunAsUser", O_RUNASUSER, OI_NONE },
#define O_DSN_RRT 0x9e
{ "RrtImpliesDsn", O_DSN_RRT, OI_NONE },
#define O_PIDFILE 0x9f
{ "PidFile", O_PIDFILE, OI_NONE },
#define O_DONTBLAMESENDMAIL 0xa0
{ "DontBlameSendmail", O_DONTBLAMESENDMAIL, OI_NONE },
#define O_DPI 0xa1
{ "DontProbeInterfaces", O_DPI, OI_NONE },
#define O_MAXRCPT 0xa2
{ "MaxRecipientsPerMessage", O_MAXRCPT, OI_SAFE },
#define O_DEADLETTER 0xa3
{ "DeadLetterDrop", O_DEADLETTER, OI_NONE },
#if _FFR_DONTLOCKFILESFORREAD_OPTION
# define O_DONTLOCK 0xa4
{ "DontLockFilesForRead", O_DONTLOCK, OI_NONE },
-#endif /* _FFR_DONTLOCKFILESFORREAD_OPTION */
+#endif
#define O_MAXALIASRCSN 0xa5
{ "MaxAliasRecursion", O_MAXALIASRCSN, OI_NONE },
#define O_CNCTONLYTO 0xa6
{ "ConnectOnlyTo", O_CNCTONLYTO, OI_NONE },
#define O_TRUSTUSER 0xa7
{ "TrustedUser", O_TRUSTUSER, OI_NONE },
#define O_MAXMIMEHDRLEN 0xa8
{ "MaxMimeHeaderLength", O_MAXMIMEHDRLEN, OI_NONE },
#define O_CONTROLSOCKET 0xa9
{ "ControlSocketName", O_CONTROLSOCKET, OI_NONE },
#define O_MAXHDRSLEN 0xaa
{ "MaxHeadersLength", O_MAXHDRSLEN, OI_NONE },
#if _FFR_MAX_FORWARD_ENTRIES
# define O_MAXFORWARD 0xab
{ "MaxForwardEntries", O_MAXFORWARD, OI_NONE },
-#endif /* _FFR_MAX_FORWARD_ENTRIES */
+#endif
#define O_PROCTITLEPREFIX 0xac
{ "ProcessTitlePrefix", O_PROCTITLEPREFIX, OI_NONE },
#define O_SASLINFO 0xad
#if _FFR_ALLOW_SASLINFO
{ "DefaultAuthInfo", O_SASLINFO, OI_SAFE },
-#else /* _FFR_ALLOW_SASLINFO */
+#else
{ "DefaultAuthInfo", O_SASLINFO, OI_NONE },
-#endif /* _FFR_ALLOW_SASLINFO */
+#endif
#define O_SASLMECH 0xae
{ "AuthMechanisms", O_SASLMECH, OI_NONE },
#define O_CLIENTPORT 0xaf
{ "ClientPortOptions", O_CLIENTPORT, OI_NONE },
#define O_DF_BUFSIZE 0xb0
{ "DataFileBufferSize", O_DF_BUFSIZE, OI_NONE },
#define O_XF_BUFSIZE 0xb1
{ "XscriptFileBufferSize", O_XF_BUFSIZE, OI_NONE },
#define O_LDAPDEFAULTSPEC 0xb2
{ "LDAPDefaultSpec", O_LDAPDEFAULTSPEC, OI_NONE },
#define O_SRVCERTFILE 0xb4
{ "ServerCertFile", O_SRVCERTFILE, OI_NONE },
#define O_SRVKEYFILE 0xb5
{ "ServerKeyFile", O_SRVKEYFILE, OI_NONE },
#define O_CLTCERTFILE 0xb6
{ "ClientCertFile", O_CLTCERTFILE, OI_NONE },
#define O_CLTKEYFILE 0xb7
{ "ClientKeyFile", O_CLTKEYFILE, OI_NONE },
#define O_CACERTFILE 0xb8
{ "CACertFile", O_CACERTFILE, OI_NONE },
#define O_CACERTPATH 0xb9
{ "CACertPath", O_CACERTPATH, OI_NONE },
#define O_DHPARAMS 0xba
{ "DHParameters", O_DHPARAMS, OI_NONE },
#define O_INPUTMILTER 0xbb
{ "InputMailFilters", O_INPUTMILTER, OI_NONE },
#define O_MILTER 0xbc
{ "Milter", O_MILTER, OI_SUBOPT },
#define O_SASLOPTS 0xbd
{ "AuthOptions", O_SASLOPTS, OI_NONE },
#define O_QUEUE_FILE_MODE 0xbe
{ "QueueFileMode", O_QUEUE_FILE_MODE, OI_NONE },
#define O_DIG_ALG 0xbf
{ "CertFingerprintAlgorithm", O_DIG_ALG, OI_NONE },
#define O_CIPHERLIST 0xc0
{ "CipherList", O_CIPHERLIST, OI_NONE },
#define O_RANDFILE 0xc1
{ "RandFile", O_RANDFILE, OI_NONE },
#define O_TLS_SRV_OPTS 0xc2
{ "TLSSrvOptions", O_TLS_SRV_OPTS, OI_NONE },
#define O_RCPTTHROT 0xc3
{ "BadRcptThrottle", O_RCPTTHROT, OI_SAFE },
#define O_DLVR_MIN 0xc4
{ "DeliverByMin", O_DLVR_MIN, OI_NONE },
#define O_MAXQUEUECHILDREN 0xc5
{ "MaxQueueChildren", O_MAXQUEUECHILDREN, OI_NONE },
#define O_MAXRUNNERSPERQUEUE 0xc6
{ "MaxRunnersPerQueue", O_MAXRUNNERSPERQUEUE, OI_NONE },
#define O_DIRECTSUBMODIFIERS 0xc7
{ "DirectSubmissionModifiers", O_DIRECTSUBMODIFIERS, OI_NONE },
#define O_NICEQUEUERUN 0xc8
{ "NiceQueueRun", O_NICEQUEUERUN, OI_NONE },
#define O_SHMKEY 0xc9
{ "SharedMemoryKey", O_SHMKEY, OI_NONE },
#define O_SASLBITS 0xca
{ "AuthMaxBits", O_SASLBITS, OI_NONE },
#define O_MBDB 0xcb
{ "MailboxDatabase", O_MBDB, OI_NONE },
#define O_MSQ 0xcc
{ "UseMSP", O_MSQ, OI_NONE },
#define O_DELAY_LA 0xcd
{ "DelayLA", O_DELAY_LA, OI_NONE },
#define O_FASTSPLIT 0xce
{ "FastSplit", O_FASTSPLIT, OI_NONE },
#define O_SOFTBOUNCE 0xcf
{ "SoftBounce", O_SOFTBOUNCE, OI_NONE },
#define O_SHMKEYFILE 0xd0
{ "SharedMemoryKeyFile", O_SHMKEYFILE, OI_NONE },
#define O_REJECTLOGINTERVAL 0xd1
{ "RejectLogInterval", O_REJECTLOGINTERVAL, OI_NONE },
#define O_REQUIRES_DIR_FSYNC 0xd2
{ "RequiresDirfsync", O_REQUIRES_DIR_FSYNC, OI_NONE },
#define O_CONNECTION_RATE_WINDOW_SIZE 0xd3
{ "ConnectionRateWindowSize", O_CONNECTION_RATE_WINDOW_SIZE, OI_NONE },
#define O_CRLFILE 0xd4
{ "CRLFile", O_CRLFILE, OI_NONE },
#define O_FALLBACKSMARTHOST 0xd5
{ "FallbackSmartHost", O_FALLBACKSMARTHOST, OI_NONE },
#define O_SASLREALM 0xd6
{ "AuthRealm", O_SASLREALM, OI_NONE },
-#if _FFR_CRLPATH
-# define O_CRLPATH 0xd7
+#define O_CRLPATH 0xd7
{ "CRLPath", O_CRLPATH, OI_NONE },
-#endif /* _FFR_CRLPATH */
#define O_HELONAME 0xd8
{ "HeloName", O_HELONAME, OI_NONE },
#if _FFR_MEMSTAT
# define O_REFUSELOWMEM 0xd9
{ "RefuseLowMem", O_REFUSELOWMEM, OI_NONE },
# define O_QUEUELOWMEM 0xda
{ "QueueLowMem", O_QUEUELOWMEM, OI_NONE },
# define O_MEMRESOURCE 0xdb
{ "MemoryResource", O_MEMRESOURCE, OI_NONE },
#endif /* _FFR_MEMSTAT */
#define O_MAXNOOPCOMMANDS 0xdc
{ "MaxNOOPCommands", O_MAXNOOPCOMMANDS, OI_NONE },
#if _FFR_MSG_ACCEPT
# define O_MSG_ACCEPT 0xdd
{ "MessageAccept", O_MSG_ACCEPT, OI_NONE },
-#endif /* _FFR_MSG_ACCEPT */
+#endif
#if _FFR_QUEUE_RUN_PARANOIA
# define O_CHK_Q_RUNNERS 0xde
{ "CheckQueueRunners", O_CHK_Q_RUNNERS, OI_NONE },
-#endif /* _FFR_QUEUE_RUN_PARANOIA */
+#endif
#if _FFR_EIGHT_BIT_ADDR_OK
# if !ALLOW_255
# ERROR FFR_EIGHT_BIT_ADDR_OK requires _ALLOW_255
-# endif /* !ALLOW_255 */
+# endif
# define O_EIGHT_BIT_ADDR_OK 0xdf
{ "EightBitAddrOK", O_EIGHT_BIT_ADDR_OK, OI_NONE },
#endif /* _FFR_EIGHT_BIT_ADDR_OK */
#if _FFR_ADDR_TYPE_MODES
# define O_ADDR_TYPE_MODES 0xe0
{ "AddrTypeModes", O_ADDR_TYPE_MODES, OI_NONE },
-#endif /* _FFR_ADDR_TYPE_MODES */
+#endif
#if _FFR_BADRCPT_SHUTDOWN
# define O_RCPTSHUTD 0xe1
{ "BadRcptShutdown", O_RCPTSHUTD, OI_SAFE },
# define O_RCPTSHUTDG 0xe2
{ "BadRcptShutdownGood", O_RCPTSHUTDG, OI_SAFE },
#endif /* _FFR_BADRCPT_SHUTDOWN */
#define O_SRV_SSL_OPTIONS 0xe3
{ "ServerSSLOptions", O_SRV_SSL_OPTIONS, OI_NONE },
#define O_CLT_SSL_OPTIONS 0xe4
{ "ClientSSLOptions", O_CLT_SSL_OPTIONS, OI_NONE },
#define O_MAX_QUEUE_AGE 0xe5
{ "MaxQueueAge", O_MAX_QUEUE_AGE, OI_NONE },
#if _FFR_RCPTTHROTDELAY
# define O_RCPTTHROTDELAY 0xe6
{ "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE },
-#endif /* _FFR_RCPTTHROTDELAY */
+#endif
#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
# define O_INETQOS 0xe7 /* reserved for FFR_QOS */
{ "InetQoS", O_INETQOS, OI_NONE },
#endif
#if STARTTLS && _FFR_FIPSMODE
# define O_FIPSMODE 0xe8
{ "FIPSMode", O_FIPSMODE, OI_NONE },
-#endif /* STARTTLS && _FFR_FIPSMODE */
+#endif
#if _FFR_REJECT_NUL_BYTE
# define O_REJECTNUL 0xe9
{ "RejectNUL", O_REJECTNUL, OI_SAFE },
-#endif /* _FFR_REJECT_NUL_BYTE */
+#endif
#if _FFR_BOUNCE_QUEUE
# define O_BOUNCEQUEUE 0xea
{ "BounceQueue", O_BOUNCEQUEUE, OI_NONE },
-#endif /* _FFR_BOUNCE_QUEUE */
+#endif
#if _FFR_ADD_BCC
# define O_ADDBCC 0xeb
{ "AddBcc", O_ADDBCC, OI_NONE },
#endif
#define O_USECOMPRESSEDIPV6ADDRESSES 0xec
{ "UseCompressedIPv6Addresses", O_USECOMPRESSEDIPV6ADDRESSES, OI_NONE },
+#if STARTTLS
+# define O_SSLENGINE 0xed
+ { "SSLEngine", O_SSLENGINE, OI_NONE },
+# define O_SSLENGINEPATH 0xee
+ { "SSLEnginePath", O_SSLENGINEPATH, OI_NONE },
+# define O_TLSFB2CLEAR 0xef
+ { "TLSFallbacktoClear", O_TLSFB2CLEAR, OI_NONE },
+#endif
+#if DNSSEC_TEST
+# define O_NSPORTIP 0xf0
+ { "NameServer", O_NSPORTIP, OI_NONE },
+#endif
+#if DANE
+# define O_DANE 0xf1
+ { "DANE", O_DANE, OI_NONE },
+#endif
+#if DNSSEC_TEST
+# define O_NSSRCHLIST 0xf2
+ { "NameSearchList", O_NSSRCHLIST, OI_NONE },
+#endif
+#if _FFR_BLANKENV_MACV
+# define O_HACKS 0xf4
+ { "Hacks", O_HACKS, OI_NONE },
+#endif
+#if _FFR_KEEPBCC
+# define O_KEEPBCC 0xf3
+ { "KeepBcc", O_KEEPBCC, OI_NONE },
+#endif
+
+#if _FFR_CLIENTCA
+#define O_CLTCACERTFILE 0xf5
+ { "ClientCACertFile", O_CLTCACERTFILE, OI_NONE },
+#define O_CLTCACERTPATH 0xf6
+ { "ClientCACertPath", O_CLTCACERTPATH, OI_NONE },
+#endif
+#if _FFR_TLS_ALTNAMES
+# define O_CHECKALTNAMES 0xf7
+ { "SetCertAltnames", O_CHECKALTNAMES, OI_NONE },
+#endif
{ NULL, '\0', OI_NONE }
};
# define CANONIFY(val)
# define SET_OPT_DEFAULT(opt, val) opt = val
/* set a string option by expanding the value and assigning it */
/* WARNING this belongs ONLY into a case statement! */
#define SET_STRING_EXP(str) \
expand(val, exbuf, sizeof(exbuf), e); \
newval = sm_pstrdup_x(exbuf); \
if (str != NULL) \
sm_free(str); \
CANONIFY(newval); \
str = newval; \
break
#define OPTNAME o->o_name == NULL ? "<unknown>" : o->o_name
void
setoption(opt, val, safe, sticky, e)
int opt;
char *val;
bool safe;
bool sticky;
register ENVELOPE *e;
{
register char *p;
register struct optioninfo *o;
char *subopt;
- int mid;
+ int i;
bool can_setuid = RunAsUid == 0;
auto char *ep;
char buf[50];
extern bool Warn_Q_option;
#if _FFR_ALLOW_SASLINFO
extern unsigned int SubmitMode;
-#endif /* _FFR_ALLOW_SASLINFO */
+#endif
#if STARTTLS || SM_CONF_SHM
char *newval;
char exbuf[MAXLINE];
-#endif /* STARTTLS || SM_CONF_SHM */
+#endif
#if STARTTLS
unsigned long *pssloptions = NULL;
#endif
errno = 0;
if (opt == ' ')
{
/* full word options */
struct optioninfo *sel;
p = strchr(val, '=');
if (p == NULL)
p = &val[strlen(val)];
while (*--p == ' ')
continue;
while (*++p == ' ')
*p = '\0';
if (p == val)
{
syserr("readcf: null option name");
return;
}
if (*p == '=')
*p++ = '\0';
while (*p == ' ')
p++;
subopt = strchr(val, '.');
if (subopt != NULL)
*subopt++ = '\0';
sel = NULL;
for (o = OptionTab; o->o_name != NULL; o++)
{
if (sm_strncasecmp(o->o_name, val, strlen(val)) != 0)
continue;
if (strlen(o->o_name) == strlen(val))
{
/* completely specified -- this must be it */
sel = NULL;
break;
}
if (sel != NULL)
break;
sel = o;
}
if (sel != NULL && o->o_name == NULL)
o = sel;
else if (o->o_name == NULL)
{
syserr("readcf: unknown option name %s", val);
return;
}
else if (sel != NULL)
{
syserr("readcf: ambiguous option name %s (matches %s and %s)",
val, sel->o_name, o->o_name);
return;
}
if (strlen(val) != strlen(o->o_name))
{
int oldVerbose = Verbose;
Verbose = 1;
message("Option %s used as abbreviation for %s",
val, o->o_name);
Verbose = oldVerbose;
}
opt = o->o_code;
val = p;
}
else
{
for (o = OptionTab; o->o_name != NULL; o++)
{
if (o->o_code == opt)
break;
}
if (o->o_name == NULL)
{
syserr("readcf: unknown option name 0x%x", opt & 0xff);
return;
}
subopt = NULL;
}
if (subopt != NULL && !bitset(OI_SUBOPT, o->o_flags))
{
if (tTd(37, 1))
sm_dprintf("setoption: %s does not support suboptions, ignoring .%s\n",
OPTNAME, subopt);
subopt = NULL;
}
if (tTd(37, 1))
{
sm_dprintf(isascii(opt) && isprint(opt) ?
"setoption %s (%c)%s%s=" :
"setoption %s (0x%x)%s%s=",
OPTNAME, opt, subopt == NULL ? "" : ".",
subopt == NULL ? "" : subopt);
xputs(sm_debug_file(), val);
}
/*
** See if this option is preset for us.
*/
if (!sticky && bitnset(opt, StickyOpt))
{
if (tTd(37, 1))
sm_dprintf(" (ignored)\n");
return;
}
/*
** Check to see if this option can be specified by this user.
*/
if (!safe && RealUid == 0)
safe = true;
if (!safe && !bitset(OI_SAFE, o->o_flags))
{
if (opt != 'M' || (val[0] != 'r' && val[0] != 's'))
{
int dp;
if (tTd(37, 1))
sm_dprintf(" (unsafe)");
dp = drop_privileges(true);
setstat(dp);
}
}
if (tTd(37, 1))
sm_dprintf("\n");
switch (opt & 0xff)
{
case '7': /* force seven-bit input */
SevenBitInput = atobool(val);
break;
case '8': /* handling of 8-bit input */
#if MIME8TO7
switch (*val)
{
case 'p': /* pass 8 bit, convert MIME */
MimeMode = MM_CVTMIME|MM_PASS8BIT;
break;
case 'm': /* convert 8-bit, convert MIME */
MimeMode = MM_CVTMIME|MM_MIME8BIT;
break;
case 's': /* strict adherence */
MimeMode = MM_CVTMIME;
break;
# if 0
case 'r': /* reject 8-bit, don't convert MIME */
MimeMode = 0;
break;
case 'j': /* "just send 8" */
MimeMode = MM_PASS8BIT;
break;
case 'a': /* encode 8 bit if available */
MimeMode = MM_MIME8BIT|MM_PASS8BIT|MM_CVTMIME;
break;
case 'c': /* convert 8 bit to MIME, never 7 bit */
MimeMode = MM_MIME8BIT;
break;
# endif /* 0 */
default:
syserr("Unknown 8-bit mode %c", *val);
finis(false, true, EX_USAGE);
}
#else /* MIME8TO7 */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires MIME8TO7 support\n",
OPTNAME);
#endif /* MIME8TO7 */
break;
case 'A': /* set default alias file */
if (val[0] == '\0')
{
char *al;
SET_OPT_DEFAULT(al, "aliases");
setalias(al);
}
else
setalias(val);
break;
case 'a': /* look N minutes for "@:@" in alias file */
if (val[0] == '\0')
SafeAlias = 5 MINUTES;
else
SafeAlias = convtime(val, 'm');
break;
case 'B': /* substitution for blank character */
SpaceSub = val[0];
if (SpaceSub == '\0')
SpaceSub = ' ';
break;
case 'b': /* min blocks free on queue fs/max msg size */
p = strchr(val, '/');
if (p != NULL)
{
*p++ = '\0';
MaxMessageSize = atol(p);
}
MinBlocksFree = atol(val);
break;
case 'c': /* don't connect to "expensive" mailers */
NoConnect = atobool(val);
break;
case 'C': /* checkpoint every N addresses */
if (safe || CheckpointInterval > atoi(val))
CheckpointInterval = atoi(val);
break;
case 'd': /* delivery mode */
switch (*val)
{
case '\0':
set_delivery_mode(SM_DELIVER, e);
break;
case SM_QUEUE: /* queue only */
case SM_DEFER: /* queue only and defer map lookups */
case SM_DELIVER: /* do everything */
case SM_FORK: /* fork after verification */
#if _FFR_DM_ONE
/* deliver first TA in background, then queue */
case SM_DM_ONE:
-#endif /* _FFR_DM_ONE */
+#endif
set_delivery_mode(*val, e);
break;
#if _FFR_PROXY
case SM_PROXY_REQ:
set_delivery_mode(*val, e);
break;
#endif /* _FFR_PROXY */
default:
syserr("Unknown delivery mode %c", *val);
finis(false, true, EX_USAGE);
}
break;
case 'E': /* error message header/header file */
if (*val != '\0')
ErrMsgFile = newstr(val);
break;
case 'e': /* set error processing mode */
switch (*val)
{
case EM_QUIET: /* be silent about it */
case EM_MAIL: /* mail back */
case EM_BERKNET: /* do berknet error processing */
case EM_WRITE: /* write back (or mail) */
case EM_PRINT: /* print errors normally (default) */
e->e_errormode = *val;
break;
}
break;
case 'F': /* file mode */
FileMode = atooct(val) & 0777;
break;
case 'f': /* save Unix-style From lines on front */
SaveFrom = atobool(val);
break;
case 'G': /* match recipients against GECOS field */
MatchGecos = atobool(val);
break;
case 'g': /* default gid */
g_opt:
if (isascii(*val) && isdigit(*val))
DefGid = atoi(val);
else
{
register struct group *gr;
DefGid = -1;
gr = getgrnam(val);
if (gr == NULL)
syserr("readcf: option %c: unknown group %s",
opt, val);
else
DefGid = gr->gr_gid;
}
break;
case 'H': /* help file */
if (val[0] == '\0')
{
SET_OPT_DEFAULT(HelpFile, "helpfile");
}
else
{
CANONIFY(val);
HelpFile = newstr(val);
}
break;
case 'h': /* maximum hop count */
MaxHopCount = atoi(val);
break;
case 'I': /* use internet domain name server */
#if NAMED_BIND
for (p = val; *p != 0; )
{
bool clearmode;
char *q;
struct resolverflags *rfp;
while (*p == ' ')
p++;
if (*p == '\0')
break;
clearmode = false;
if (*p == '-')
clearmode = true;
else if (*p != '+')
p--;
p++;
q = p;
- while (*p != '\0' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && !(SM_ISSPACE(*p)))
p++;
if (*p != '\0')
*p++ = '\0';
if (sm_strcasecmp(q, "HasWildcardMX") == 0)
{
HasWildcardMX = !clearmode;
continue;
}
if (sm_strcasecmp(q, "WorkAroundBrokenAAAA") == 0)
{
WorkAroundBrokenAAAA = !clearmode;
continue;
}
for (rfp = ResolverFlags; rfp->rf_name != NULL; rfp++)
{
if (sm_strcasecmp(q, rfp->rf_name) == 0)
break;
}
if (rfp->rf_name == NULL)
syserr("readcf: I option value %s unrecognized", q);
else if (clearmode)
_res.options &= ~rfp->rf_bits;
else
_res.options |= rfp->rf_bits;
}
if (tTd(8, 2))
sm_dprintf("_res.options = %x, HasWildcardMX = %d\n",
(unsigned int) _res.options, HasWildcardMX);
#else /* NAMED_BIND */
usrerr("name server (I option) specified but BIND not compiled in");
#endif /* NAMED_BIND */
break;
case 'i': /* ignore dot lines in message */
IgnrDot = atobool(val);
break;
case 'j': /* send errors in MIME (RFC 1341) format */
SendMIMEErrors = atobool(val);
break;
case 'J': /* .forward search path */
CANONIFY(val);
ForwardPath = newstr(val);
break;
case 'k': /* connection cache size */
MaxMciCache = atoi(val);
if (MaxMciCache < 0)
MaxMciCache = 0;
break;
case 'K': /* connection cache timeout */
MciCacheTimeout = convtime(val, 'm');
break;
case 'l': /* use Errors-To: header */
UseErrorsTo = atobool(val);
break;
case 'L': /* log level */
if (safe || LogLevel < atoi(val))
LogLevel = atoi(val);
break;
case 'M': /* define macro */
sticky = false;
- mid = macid_parse(val, &ep);
- if (mid == 0)
+ i = macid_parse(val, &ep);
+ if (i == 0)
break;
p = newstr(ep);
if (!safe)
cleanstrcpy(p, p, strlen(p) + 1);
- macdefine(&CurEnv->e_macro, A_TEMP, mid, p);
+ macdefine(&CurEnv->e_macro, A_TEMP, i, p);
break;
case 'm': /* send to me too */
MeToo = atobool(val);
break;
case 'n': /* validate RHS in newaliases */
CheckAliases = atobool(val);
break;
/* 'N' available -- was "net name" */
case 'O': /* daemon options */
if (!setdaemonoptions(val))
syserr("too many daemons defined (%d max)", MAXDAEMONS);
break;
case 'o': /* assume old style headers */
if (atobool(val))
CurEnv->e_flags |= EF_OLDSTYLE;
else
CurEnv->e_flags &= ~EF_OLDSTYLE;
break;
case 'p': /* select privacy level */
p = val;
for (;;)
{
register struct prival *pv;
extern struct prival PrivacyValues[];
while (isascii(*p) && (isspace(*p) || ispunct(*p)))
p++;
if (*p == '\0')
break;
val = p;
while (isascii(*p) && isalnum(*p))
p++;
if (*p != '\0')
*p++ = '\0';
for (pv = PrivacyValues; pv->pv_name != NULL; pv++)
{
if (sm_strcasecmp(val, pv->pv_name) == 0)
break;
}
if (pv->pv_name == NULL)
syserr("readcf: Op line: %s unrecognized", val);
else
PrivacyFlags |= pv->pv_flag;
}
sticky = false;
break;
case 'P': /* postmaster copy address for returned mail */
PostMasterCopy = newstr(val);
break;
case 'q': /* slope of queue only function */
QueueFactor = atoi(val);
break;
case 'Q': /* queue directory */
if (val[0] == '\0')
{
QueueDir = "mqueue";
}
else
{
QueueDir = newstr(val);
}
if (RealUid != 0 && !safe)
Warn_Q_option = true;
break;
case 'R': /* don't prune routes */
DontPruneRoutes = atobool(val);
break;
case 'r': /* read timeout */
if (subopt == NULL)
inittimeouts(val, sticky);
else
settimeout(subopt, val, sticky);
break;
case 'S': /* status file */
if (val[0] == '\0')
{
SET_OPT_DEFAULT(StatFile, "statistics");
}
else
{
CANONIFY(val);
StatFile = newstr(val);
}
break;
case 's': /* be super safe, even if expensive */
if (tolower(*val) == 'i')
SuperSafe = SAFE_INTERACTIVE;
else if (tolower(*val) == 'p')
#if MILTER
SuperSafe = SAFE_REALLY_POSTMILTER;
#else /* MILTER */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: SuperSafe=PostMilter requires Milter support (-DMILTER)\n");
#endif /* MILTER */
else
SuperSafe = atobool(val) ? SAFE_REALLY : SAFE_NO;
break;
case 'T': /* queue timeout */
p = strchr(val, '/');
if (p != NULL)
{
*p++ = '\0';
settimeout("queuewarn", p, sticky);
}
settimeout("queuereturn", val, sticky);
break;
case 't': /* time zone name */
TimeZoneSpec = newstr(val);
break;
case 'U': /* location of user database */
UdbSpec = newstr(val);
break;
case 'u': /* set default uid */
for (p = val; *p != '\0'; p++)
{
# if _FFR_DOTTED_USERNAMES
if (*p == '/' || *p == ':')
-# else /* _FFR_DOTTED_USERNAMES */
+# else
if (*p == '.' || *p == '/' || *p == ':')
-# endif /* _FFR_DOTTED_USERNAMES */
+# endif
{
*p++ = '\0';
break;
}
}
if (isascii(*val) && isdigit(*val))
{
DefUid = atoi(val);
setdefuser();
}
else
{
register struct passwd *pw;
DefUid = -1;
pw = sm_getpwnam(val);
if (pw == NULL)
{
syserr("readcf: option u: unknown user %s", val);
break;
}
else
{
DefUid = pw->pw_uid;
DefGid = pw->pw_gid;
DefUser = newstr(pw->pw_name);
}
}
# ifdef UID_MAX
if (DefUid > UID_MAX)
{
syserr("readcf: option u: uid value (%ld) > UID_MAX (%ld); ignored",
(long)DefUid, (long)UID_MAX);
break;
}
# endif /* UID_MAX */
/* handle the group if it is there */
if (*p == '\0')
break;
val = p;
goto g_opt;
case 'V': /* fallback MX host */
if (val[0] != '\0')
FallbackMX = newstr(val);
break;
case 'v': /* run in verbose mode */
Verbose = atobool(val) ? 1 : 0;
break;
case 'w': /* if we are best MX, try host directly */
TryNullMXList = atobool(val);
break;
/* 'W' available -- was wizard password */
case 'x': /* load avg at which to auto-queue msgs */
QueueLA = atoi(val);
break;
case 'X': /* load avg at which to auto-reject connections */
RefuseLA = atoi(val);
break;
case O_DELAY_LA: /* load avg at which to delay connections */
DelayLA = atoi(val);
break;
case 'y': /* work recipient factor */
WkRecipFact = atoi(val);
break;
case 'Y': /* fork jobs during queue runs */
ForkQueueRuns = atobool(val);
break;
case 'z': /* work message class factor */
WkClassFact = atoi(val);
break;
case 'Z': /* work time factor */
WkTimeFact = atoi(val);
break;
#if _FFR_QUEUE_GROUP_SORTORDER
/* coordinate this with makequeue() */
-#endif /* _FFR_QUEUE_GROUP_SORTORDER */
+#endif
case O_QUEUESORTORD: /* queue sorting order */
switch (*val)
{
case 'f': /* File Name */
case 'F':
QueueSortOrder = QSO_BYFILENAME;
break;
case 'h': /* Host first */
case 'H':
QueueSortOrder = QSO_BYHOST;
break;
case 'm': /* Modification time */
case 'M':
QueueSortOrder = QSO_BYMODTIME;
break;
case 'p': /* Priority order */
case 'P':
QueueSortOrder = QSO_BYPRIORITY;
break;
case 't': /* Submission time */
case 'T':
QueueSortOrder = QSO_BYTIME;
break;
case 'r': /* Random */
case 'R':
QueueSortOrder = QSO_RANDOM;
break;
#if _FFR_RHS
case 's': /* Shuffled host name */
case 'S':
QueueSortOrder = QSO_BYSHUFFLE;
break;
#endif /* _FFR_RHS */
case 'n': /* none */
case 'N':
QueueSortOrder = QSO_NONE;
break;
default:
syserr("Invalid queue sort order \"%s\"", val);
}
break;
case O_HOSTSFILE: /* pathname of /etc/hosts file */
CANONIFY(val);
HostsFile = newstr(val);
break;
case O_MQA: /* minimum queue age between deliveries */
MinQueueAge = convtime(val, 'm');
break;
case O_MAX_QUEUE_AGE:
MaxQueueAge = convtime(val, 'm');
break;
case O_DEFCHARSET: /* default character set for mimefying */
DefaultCharSet = newstr(denlstring(val, true, true));
break;
case O_SSFILE: /* service switch file */
CANONIFY(val);
ServiceSwitchFile = newstr(val);
break;
case O_DIALDELAY: /* delay for dial-on-demand operation */
DialDelay = convtime(val, 's');
break;
case O_NORCPTACTION: /* what to do if no recipient */
if (sm_strcasecmp(val, "none") == 0)
NoRecipientAction = NRA_NO_ACTION;
else if (sm_strcasecmp(val, "add-to") == 0)
NoRecipientAction = NRA_ADD_TO;
else if (sm_strcasecmp(val, "add-apparently-to") == 0)
NoRecipientAction = NRA_ADD_APPARENTLY_TO;
else if (sm_strcasecmp(val, "add-bcc") == 0)
NoRecipientAction = NRA_ADD_BCC;
else if (sm_strcasecmp(val, "add-to-undisclosed") == 0)
NoRecipientAction = NRA_ADD_TO_UNDISCLOSED;
else
syserr("Invalid NoRecipientAction: %s", val);
break;
case O_SAFEFILEENV: /* chroot() environ for writing to files */
if (*val == '\0')
break;
/* strip trailing slashes */
p = val + strlen(val) - 1;
while (p >= val && *p == '/')
*p-- = '\0';
if (*val == '\0')
break;
SafeFileEnv = newstr(val);
break;
case O_MAXMSGSIZE: /* maximum message size */
MaxMessageSize = atol(val);
break;
case O_COLONOKINADDR: /* old style handling of colon addresses */
ColonOkInAddr = atobool(val);
break;
case O_MAXQUEUERUN: /* max # of jobs in a single queue run */
MaxQueueRun = atoi(val);
break;
case O_MAXCHILDREN: /* max # of children of daemon */
MaxChildren = atoi(val);
break;
case O_MAXQUEUECHILDREN: /* max # of children of daemon */
MaxQueueChildren = atoi(val);
break;
case O_MAXRUNNERSPERQUEUE: /* max # runners in a queue group */
MaxRunnersPerQueue = atoi(val);
break;
case O_NICEQUEUERUN: /* nice queue runs */
#if !HASNICE
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: NiceQueueRun set on system that doesn't support nice()\n");
-#endif /* !HASNICE */
+#endif
/* XXX do we want to check the range? > 0 ? */
NiceQueueRun = atoi(val);
break;
case O_SHMKEY: /* shared memory key */
#if SM_CONF_SHM
ShmKey = atol(val);
#else /* SM_CONF_SHM */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires shared memory support (-DSM_CONF_SHM)\n",
OPTNAME);
#endif /* SM_CONF_SHM */
break;
case O_SHMKEYFILE: /* shared memory key file */
#if SM_CONF_SHM
SET_STRING_EXP(ShmKeyFile);
#else /* SM_CONF_SHM */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires shared memory support (-DSM_CONF_SHM)\n",
OPTNAME);
break;
#endif /* SM_CONF_SHM */
#if _FFR_MAX_FORWARD_ENTRIES
case O_MAXFORWARD: /* max # of forward entries */
MaxForwardEntries = atoi(val);
break;
-#endif /* _FFR_MAX_FORWARD_ENTRIES */
+#endif
case O_KEEPCNAMES: /* don't expand CNAME records */
DontExpandCnames = atobool(val);
break;
case O_MUSTQUOTE: /* must quote these characters in phrases */
(void) sm_strlcpy(buf, "@,;:\\()[]", sizeof(buf));
if (strlen(val) < sizeof(buf) - 10)
(void) sm_strlcat(buf, val, sizeof(buf));
else
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: MustQuoteChars too long, ignored.\n");
MustQuoteChars = newstr(buf);
break;
case O_SMTPGREETING: /* SMTP greeting message (old $e macro) */
SmtpGreeting = newstr(munchstring(val, NULL, '\0'));
break;
case O_UNIXFROM: /* UNIX From_ line (old $l macro) */
UnixFromLine = newstr(munchstring(val, NULL, '\0'));
break;
case O_OPCHARS: /* operator characters (old $o macro) */
if (OperatorChars != NULL)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: OperatorChars is being redefined.\n It should only be set before ruleset definitions.\n");
OperatorChars = newstr(munchstring(val, NULL, '\0'));
break;
case O_DONTINITGRPS: /* don't call initgroups(3) */
DontInitGroups = atobool(val);
break;
case O_SLFH: /* make sure from fits on one line */
SingleLineFromHeader = atobool(val);
break;
case O_ABH: /* allow HELO commands with syntax errors */
AllowBogusHELO = atobool(val);
break;
case O_CONNTHROT: /* connection rate throttle */
ConnRateThrottle = atoi(val);
break;
case O_UGW: /* group writable files are unsafe */
if (!atobool(val))
{
setbitn(DBS_GROUPWRITABLEFORWARDFILESAFE,
DontBlameSendmail);
setbitn(DBS_GROUPWRITABLEINCLUDEFILESAFE,
DontBlameSendmail);
}
break;
case O_DBLBOUNCE: /* address to which to send double bounces */
DoubleBounceAddr = newstr(val);
break;
case O_HSDIR: /* persistent host status directory */
if (val[0] != '\0')
{
CANONIFY(val);
HostStatDir = newstr(val);
}
break;
case O_SINGTHREAD: /* single thread deliveries (requires hsdir) */
SingleThreadDelivery = atobool(val);
break;
case O_RUNASUSER: /* run bulk of code as this user */
for (p = val; *p != '\0'; p++)
{
# if _FFR_DOTTED_USERNAMES
if (*p == '/' || *p == ':')
-# else /* _FFR_DOTTED_USERNAMES */
+# else
if (*p == '.' || *p == '/' || *p == ':')
-# endif /* _FFR_DOTTED_USERNAMES */
+# endif
{
*p++ = '\0';
break;
}
}
if (isascii(*val) && isdigit(*val))
{
if (can_setuid)
RunAsUid = atoi(val);
}
else
{
register struct passwd *pw;
pw = sm_getpwnam(val);
if (pw == NULL)
{
syserr("readcf: option RunAsUser: unknown user %s", val);
break;
}
else if (can_setuid)
{
if (*p == '\0')
RunAsUserName = newstr(val);
RunAsUid = pw->pw_uid;
RunAsGid = pw->pw_gid;
}
else if (EffGid == pw->pw_gid)
RunAsGid = pw->pw_gid;
else if (UseMSP && *p == '\0')
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"WARNING: RunAsUser for MSP ignored, check group ids (egid=%ld, want=%ld)\n",
(long) EffGid,
(long) pw->pw_gid);
}
# ifdef UID_MAX
if (RunAsUid > UID_MAX)
{
syserr("readcf: option RunAsUser: uid value (%ld) > UID_MAX (%ld); ignored",
(long) RunAsUid, (long) UID_MAX);
break;
}
# endif /* UID_MAX */
if (*p != '\0')
{
if (isascii(*p) && isdigit(*p))
{
gid_t runasgid;
runasgid = (gid_t) atoi(p);
if (can_setuid || EffGid == runasgid)
RunAsGid = runasgid;
else if (UseMSP)
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"WARNING: RunAsUser for MSP ignored, check group ids (egid=%ld, want=%ld)\n",
(long) EffGid,
(long) runasgid);
}
else
{
register struct group *gr;
gr = getgrnam(p);
if (gr == NULL)
syserr("readcf: option RunAsUser: unknown group %s",
p);
else if (can_setuid || EffGid == gr->gr_gid)
RunAsGid = gr->gr_gid;
else if (UseMSP)
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"WARNING: RunAsUser for MSP ignored, check group ids (egid=%ld, want=%ld)\n",
(long) EffGid,
(long) gr->gr_gid);
}
}
if (tTd(47, 5))
sm_dprintf("readcf: RunAsUser = %d:%d\n",
(int) RunAsUid, (int) RunAsGid);
break;
case O_DSN_RRT:
RrtImpliesDsn = atobool(val);
break;
case O_PIDFILE:
PSTRSET(PidFile, val);
break;
case O_DONTBLAMESENDMAIL:
p = val;
for (;;)
{
register struct dbsval *dbs;
extern struct dbsval DontBlameSendmailValues[];
while (isascii(*p) && (isspace(*p) || ispunct(*p)))
p++;
if (*p == '\0')
break;
val = p;
while (isascii(*p) && isalnum(*p))
p++;
if (*p != '\0')
*p++ = '\0';
for (dbs = DontBlameSendmailValues;
dbs->dbs_name != NULL; dbs++)
{
if (sm_strcasecmp(val, dbs->dbs_name) == 0)
break;
}
if (dbs->dbs_name == NULL)
syserr("readcf: DontBlameSendmail option: %s unrecognized", val);
else if (dbs->dbs_flag == DBS_SAFE)
clrbitmap(DontBlameSendmail);
else
setbitn(dbs->dbs_flag, DontBlameSendmail);
}
sticky = false;
break;
case O_DPI:
if (sm_strcasecmp(val, "loopback") == 0)
DontProbeInterfaces = DPI_SKIPLOOPBACK;
else if (atobool(val))
DontProbeInterfaces = DPI_PROBENONE;
else
DontProbeInterfaces = DPI_PROBEALL;
break;
case O_MAXRCPT:
MaxRcptPerMsg = atoi(val);
break;
case O_RCPTTHROT:
BadRcptThrottle = atoi(val);
break;
#if _FFR_RCPTTHROTDELAY
case O_RCPTTHROTDELAY:
BadRcptThrottleDelay = atoi(val);
break;
-#endif /* _FFR_RCPTTHROTDELAY */
+#endif
case O_DEADLETTER:
CANONIFY(val);
PSTRSET(DeadLetterDrop, val);
break;
#if _FFR_DONTLOCKFILESFORREAD_OPTION
case O_DONTLOCK:
DontLockReadFiles = atobool(val);
break;
-#endif /* _FFR_DONTLOCKFILESFORREAD_OPTION */
+#endif
case O_MAXALIASRCSN:
MaxAliasRecursion = atoi(val);
break;
case O_CNCTONLYTO:
/* XXX should probably use gethostbyname */
#if NETINET || NETINET6
+ i = 0;
+ if ((subopt = strchr(val, '@')) != NULL)
+ {
+ *subopt = '\0';
+ i = (int) strtoul(val, NULL, 0);
+
+ /* stricter checks? probably not useful. */
+ if (i > USHRT_MAX)
+ {
+ syserr("readcf: option ConnectOnlyTo: invalid port %s",
+ val);
+ break;
+ }
+ val = subopt + 1;
+ }
ConnectOnlyTo.sa.sa_family = AF_UNSPEC;
# if NETINET6
if (anynet_pton(AF_INET6, val,
&ConnectOnlyTo.sin6.sin6_addr) == 1)
+ {
ConnectOnlyTo.sa.sa_family = AF_INET6;
+ if (i != 0)
+ ConnectOnlyTo.sin6.sin6_port = htons(i);
+ }
else
# endif /* NETINET6 */
# if NETINET
{
ConnectOnlyTo.sin.sin_addr.s_addr = inet_addr(val);
if (ConnectOnlyTo.sin.sin_addr.s_addr != INADDR_NONE)
ConnectOnlyTo.sa.sa_family = AF_INET;
+ if (i != 0)
+ ConnectOnlyTo.sin.sin_port = htons(i);
}
# endif /* NETINET */
if (ConnectOnlyTo.sa.sa_family == AF_UNSPEC)
{
syserr("readcf: option ConnectOnlyTo: invalid IP address %s",
val);
break;
}
#endif /* NETINET || NETINET6 */
break;
case O_TRUSTUSER:
# if !HASFCHOWN && !defined(_FFR_DROP_TRUSTUSER_WARNING)
if (!UseMSP)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"readcf: option TrustedUser may cause problems on systems\n which do not support fchown() if UseMSP is not set.\n");
# endif /* !HASFCHOWN && !defined(_FFR_DROP_TRUSTUSER_WARNING) */
if (isascii(*val) && isdigit(*val))
TrustedUid = atoi(val);
else
{
register struct passwd *pw;
TrustedUid = 0;
pw = sm_getpwnam(val);
if (pw == NULL)
{
syserr("readcf: option TrustedUser: unknown user %s", val);
break;
}
else
TrustedUid = pw->pw_uid;
}
# ifdef UID_MAX
if (TrustedUid > UID_MAX)
{
syserr("readcf: option TrustedUser: uid value (%ld) > UID_MAX (%ld)",
(long) TrustedUid, (long) UID_MAX);
TrustedUid = 0;
}
# endif /* UID_MAX */
break;
case O_MAXMIMEHDRLEN:
p = strchr(val, '/');
if (p != NULL)
*p++ = '\0';
MaxMimeHeaderLength = atoi(val);
if (p != NULL && *p != '\0')
MaxMimeFieldLength = atoi(p);
else
MaxMimeFieldLength = MaxMimeHeaderLength / 2;
if (MaxMimeHeaderLength <= 0)
MaxMimeHeaderLength = 0;
else if (MaxMimeHeaderLength < 128)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: MaxMimeHeaderLength: header length limit set lower than 128\n");
if (MaxMimeFieldLength <= 0)
MaxMimeFieldLength = 0;
else if (MaxMimeFieldLength < 40)
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: MaxMimeHeaderLength: field length limit set lower than 40\n");
/*
** Headers field values now include leading space, so let's
** adjust the values to be "backward compatible".
*/
if (MaxMimeHeaderLength > 0)
MaxMimeHeaderLength++;
if (MaxMimeFieldLength > 0)
MaxMimeFieldLength++;
break;
case O_CONTROLSOCKET:
PSTRSET(ControlSocketName, val);
break;
case O_MAXHDRSLEN:
MaxHeadersLength = atoi(val);
if (MaxHeadersLength > 0 &&
MaxHeadersLength < (MAXHDRSLEN / 2))
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: MaxHeadersLength: headers length limit set lower than %d\n",
(MAXHDRSLEN / 2));
break;
case O_PROCTITLEPREFIX:
PSTRSET(ProcTitlePrefix, val);
break;
#if SASL
case O_SASLINFO:
# if _FFR_ALLOW_SASLINFO
/*
** Allow users to select their own authinfo file
** under certain circumstances, otherwise just ignore
** the option. If the option isn't ignored, several
** commands don't work very well, e.g., mailq.
** However, this is not a "perfect" solution.
** If mail is queued, the authentication info
** will not be used in subsequent delivery attempts.
** If we really want to support this, then it has
** to be stored in the queue file.
*/
if (!bitset(SUBMIT_MSA, SubmitMode) && RealUid != 0 &&
RunAsUid != RealUid)
break;
# endif /* _FFR_ALLOW_SASLINFO */
PSTRSET(SASLInfo, val);
break;
case O_SASLMECH:
if (AuthMechanisms != NULL)
sm_free(AuthMechanisms); /* XXX */
if (*val != '\0')
AuthMechanisms = newstr(val);
else
AuthMechanisms = NULL;
break;
case O_SASLREALM:
if (AuthRealm != NULL)
sm_free(AuthRealm);
if (*val != '\0')
AuthRealm = newstr(val);
else
AuthRealm = NULL;
break;
case O_SASLOPTS:
while (val != NULL && *val != '\0')
{
switch (*val)
{
case 'A':
SASLOpts |= SASL_AUTH_AUTH;
break;
case 'a':
SASLOpts |= SASL_SEC_NOACTIVE;
break;
case 'c':
SASLOpts |= SASL_SEC_PASS_CREDENTIALS;
break;
case 'd':
SASLOpts |= SASL_SEC_NODICTIONARY;
break;
case 'f':
SASLOpts |= SASL_SEC_FORWARD_SECRECY;
break;
# if SASL >= 20101
case 'm':
SASLOpts |= SASL_SEC_MUTUAL_AUTH;
break;
# endif /* SASL >= 20101 */
case 'p':
SASLOpts |= SASL_SEC_NOPLAINTEXT;
break;
case 'y':
SASLOpts |= SASL_SEC_NOANONYMOUS;
break;
case ' ': /* ignore */
case '\t': /* ignore */
case ',': /* ignore */
break;
default:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s unknown parameter '%c'\n",
OPTNAME,
(isascii(*val) &&
isprint(*val))
? *val : '?');
break;
}
++val;
val = strpbrk(val, ", \t");
if (val != NULL)
++val;
}
break;
case O_SASLBITS:
MaxSLBits = atoi(val);
break;
#else /* SASL */
case O_SASLINFO:
case O_SASLMECH:
case O_SASLREALM:
case O_SASLOPTS:
case O_SASLBITS:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires SASL support (-DSASL)\n",
OPTNAME);
break;
#endif /* SASL */
#if STARTTLS
+ case O_TLSFB2CLEAR:
+ TLSFallbacktoClear = atobool(val);
+ break;
case O_SRVCERTFILE:
SET_STRING_EXP(SrvCertFile);
case O_SRVKEYFILE:
SET_STRING_EXP(SrvKeyFile);
case O_CLTCERTFILE:
SET_STRING_EXP(CltCertFile);
case O_CLTKEYFILE:
SET_STRING_EXP(CltKeyFile);
case O_CACERTFILE:
SET_STRING_EXP(CACertFile);
case O_CACERTPATH:
SET_STRING_EXP(CACertPath);
+#if _FFR_CLIENTCA
+ case O_CLTCACERTFILE:
+ SET_STRING_EXP(CltCACertFile);
+ case O_CLTCACERTPATH:
+ SET_STRING_EXP(CltCACertPath);
+#endif
case O_DHPARAMS:
SET_STRING_EXP(DHParams);
case O_CIPHERLIST:
SET_STRING_EXP(CipherList);
case O_DIG_ALG:
SET_STRING_EXP(CertFingerprintAlgorithm);
+ case O_SSLENGINEPATH:
+ SET_STRING_EXP(SSLEnginePath);
+ case O_SSLENGINE:
+ newval = sm_pstrdup_x(val);
+ if (SSLEngine != NULL)
+ sm_free(SSLEngine);
+ SSLEngine = newval;
+
+ /*
+ ** Which engines need to be initialized before fork()?
+ ** XXX hack, should be an option?
+ */
+
+ if (strcmp(SSLEngine, "chil") == 0)
+ SSLEngineprefork = true;
+ break;
case O_SRV_SSL_OPTIONS:
pssloptions = &Srv_SSL_Options;
case O_CLT_SSL_OPTIONS:
if (pssloptions == NULL)
pssloptions = &Clt_SSL_Options;
(void) readssloptions(o->o_name, val, pssloptions, '\0');
if (tTd(37, 8))
sm_dprintf("ssloptions=%#lx\n", *pssloptions);
pssloptions = NULL;
break;
case O_CRLFILE:
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
SET_STRING_EXP(CRLFile);
-# else /* OPENSSL_VERSION_NUMBER > 0x00907000L */
- (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
- "Warning: Option: %s requires at least OpenSSL 0.9.7\n",
- OPTNAME);
break;
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
-# if _FFR_CRLPATH
case O_CRLPATH:
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
SET_STRING_EXP(CRLPath);
-# else /* OPENSSL_VERSION_NUMBER > 0x00907000L */
- (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
- "Warning: Option: %s requires at least OpenSSL 0.9.7\n",
- OPTNAME);
break;
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
-# endif /* _FFR_CRLPATH */
/*
** XXX How about options per daemon/client instead of globally?
** This doesn't work well for some options, e.g., no server cert,
** but fine for others.
**
** XXX Some people may want different certs per server.
**
** See also srvfeatures()
*/
case O_TLS_SRV_OPTS:
while (val != NULL && *val != '\0')
{
switch (*val)
{
case 'V':
TLS_Srv_Opts |= TLS_I_NO_VRFY;
break;
/*
** Server without a cert? That works only if
** AnonDH is enabled as cipher, which is not in the
** default list. Hence the CipherList option must
** be available. Moreover: which clients support this
** besides sendmail with this setting?
*/
case 'C':
TLS_Srv_Opts &= ~TLS_I_SRV_CERT;
break;
case ' ': /* ignore */
case '\t': /* ignore */
case ',': /* ignore */
break;
default:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s unknown parameter '%c'\n",
OPTNAME,
(isascii(*val) &&
isprint(*val))
? *val : '?');
break;
}
++val;
val = strpbrk(val, ", \t");
if (val != NULL)
++val;
}
break;
case O_RANDFILE:
PSTRSET(RandFile, val);
break;
#else /* STARTTLS */
case O_SRVCERTFILE:
case O_SRVKEYFILE:
case O_CLTCERTFILE:
case O_CLTKEYFILE:
case O_CACERTFILE:
case O_CACERTPATH:
+#if _FFR_CLIENTCA
+ case O_CLTCACERTFILE:
+ case O_CLTCACERTPATH:
+#endif
case O_DHPARAMS:
case O_SRV_SSL_OPTIONS:
case O_CLT_SSL_OPTIONS:
case O_CIPHERLIST:
+ case O_DIG_ALG:
case O_CRLFILE:
-# if _FFR_CRLPATH
case O_CRLPATH:
-# endif /* _FFR_CRLPATH */
case O_RANDFILE:
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires TLS support\n",
OPTNAME);
break;
#endif /* STARTTLS */
#if STARTTLS && _FFR_FIPSMODE
case O_FIPSMODE:
FipsMode = atobool(val);
break;
-#endif /* STARTTLS && _FFR_FIPSMODE */
+#endif
case O_CLIENTPORT:
setclientoptions(val);
break;
case O_DF_BUFSIZE:
DataFileBufferSize = atoi(val);
break;
case O_XF_BUFSIZE:
XscriptFileBufferSize = atoi(val);
break;
case O_LDAPDEFAULTSPEC:
#if LDAPMAP
ldapmap_set_defaults(val);
#else /* LDAPMAP */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires LDAP support (-DLDAPMAP)\n",
OPTNAME);
#endif /* LDAPMAP */
break;
case O_INPUTMILTER:
#if MILTER
InputFilterList = newstr(val);
#else /* MILTER */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires Milter support (-DMILTER)\n",
OPTNAME);
#endif /* MILTER */
break;
case O_MILTER:
#if MILTER
milter_set_option(subopt, val, sticky);
#else /* MILTER */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: Option: %s requires Milter support (-DMILTER)\n",
OPTNAME);
#endif /* MILTER */
break;
case O_QUEUE_FILE_MODE: /* queue file mode */
QueueFileMode = atooct(val) & 0777;
break;
case O_DLVR_MIN: /* deliver by minimum time */
DeliverByMin = convtime(val, 's');
break;
/* modifiers {daemon_flags} for direct submissions */
case O_DIRECTSUBMODIFIERS:
{
BITMAP256 m; /* ignored */
extern ENVELOPE BlankEnvelope;
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_flags}"),
getmodifiers(val, m));
}
break;
case O_FASTSPLIT:
FastSplit = atoi(val);
break;
case O_MBDB:
Mbdb = newstr(val);
break;
case O_MSQ:
UseMSP = atobool(val);
break;
case O_SOFTBOUNCE:
SoftBounce = atobool(val);
break;
case O_REJECTLOGINTERVAL: /* time btwn log msgs while refusing */
RejectLogInterval = convtime(val, 'h');
break;
case O_REQUIRES_DIR_FSYNC:
#if REQUIRES_DIR_FSYNC
RequiresDirfsync = atobool(val);
-#else /* REQUIRES_DIR_FSYNC */
+#else
/* silently ignored... required for cf file option */
-#endif /* REQUIRES_DIR_FSYNC */
+#endif
break;
case O_CONNECTION_RATE_WINDOW_SIZE:
ConnectionRateWindowSize = convtime(val, 's');
break;
case O_FALLBACKSMARTHOST: /* fallback smart host */
if (val[0] != '\0')
FallbackSmartHost = newstr(val);
break;
case O_HELONAME:
HeloName = newstr(val);
break;
#if _FFR_MEMSTAT
case O_REFUSELOWMEM:
RefuseLowMem = atoi(val);
break;
case O_QUEUELOWMEM:
QueueLowMem = atoi(val);
break;
case O_MEMRESOURCE:
MemoryResource = newstr(val);
break;
#endif /* _FFR_MEMSTAT */
case O_MAXNOOPCOMMANDS:
MaxNOOPCommands = atoi(val);
break;
#if _FFR_MSG_ACCEPT
case O_MSG_ACCEPT:
MessageAccept = newstr(val);
break;
-#endif /* _FFR_MSG_ACCEPT */
+#endif
#if _FFR_QUEUE_RUN_PARANOIA
case O_CHK_Q_RUNNERS:
CheckQueueRunners = atoi(val);
break;
-#endif /* _FFR_QUEUE_RUN_PARANOIA */
+#endif
#if _FFR_EIGHT_BIT_ADDR_OK
case O_EIGHT_BIT_ADDR_OK:
EightBitAddrOK = atobool(val);
break;
-#endif /* _FFR_EIGHT_BIT_ADDR_OK */
+#endif
#if _FFR_ADDR_TYPE_MODES
case O_ADDR_TYPE_MODES:
AddrTypeModes = atobool(val);
break;
-#endif /* _FFR_ADDR_TYPE_MODES */
+#endif
#if _FFR_BADRCPT_SHUTDOWN
case O_RCPTSHUTD:
BadRcptShutdown = atoi(val);
break;
case O_RCPTSHUTDG:
BadRcptShutdownGood = atoi(val);
break;
#endif /* _FFR_BADRCPT_SHUTDOWN */
#if _FFR_REJECT_NUL_BYTE
case O_REJECTNUL:
RejectNUL = atobool(val);
break;
-#endif /* _FFR_REJECT_NUL_BYTE */
+#endif
#if _FFR_BOUNCE_QUEUE
case O_BOUNCEQUEUE:
bouncequeue = newstr(val);
break;
-#endif /* _FFR_BOUNCE_QUEUE */
+#endif
#if _FFR_ADD_BCC
case O_ADDBCC:
AddBcc = atobool(val);
break;
#endif
case O_USECOMPRESSEDIPV6ADDRESSES:
UseCompressedIPv6Addresses = atobool(val);
break;
+#if DNSSEC_TEST
+ case O_NSPORTIP:
+ nsportip(val);
+ break;
+ case O_NSSRCHLIST:
+ NameSearchList = sm_strdup(val);
+ break;
+#endif
+
+#if DANE
+ case O_DANE:
+ if (sm_strcasecmp(val, "always") == 0)
+ Dane = DANE_ALWAYS;
+ else
+ Dane = atobool(val) ? DANE_SECURE : DANE_NEVER;
+ break;
+#endif
+
+#if _FFR_BLANKENV_MACV
+ case O_HACKS:
+ Hacks = (int) strtol(val, NULL, 0);
+ break;
+#endif
+
+#if _FFR_KEEPBCC
+ case O_KEEPBCC:
+ KeepBcc = atobool(val);
+ break;
+#endif
+
+# if _FFR_TLS_ALTNAMES
+ case O_CHECKALTNAMES:
+ SetCertAltnames = atobool(val);
+ break;
+# endif
+
default:
if (tTd(37, 1))
{
if (isascii(opt) && isprint(opt))
sm_dprintf("Warning: option %c unknown\n", opt);
else
sm_dprintf("Warning: option 0x%x unknown\n", opt);
}
break;
}
/*
** Options with suboptions are responsible for taking care
** of sticky-ness (e.g., that a command line setting is kept
** when reading in the sendmail.cf file). This has to be done
** when the suboptions are parsed since each suboption must be
** sticky, not the root option.
*/
if (sticky && !bitset(OI_SUBOPT, o->o_flags))
setbitn(opt, StickyOpt);
}
/*
** SETCLASS -- set a string into a class
**
** Parameters:
** class -- the class to put the string in.
** str -- the string to enter
**
** Returns:
** none.
**
** Side Effects:
** puts the word into the symbol table.
*/
void
setclass(class, str)
int class;
char *str;
{
register STAB *s;
if ((str[0] & 0377) == MATCHCLASS)
{
int mid;
str++;
mid = macid(str);
if (mid == 0)
return;
if (tTd(37, 8))
sm_dprintf("setclass(%s, $=%s)\n",
macname(class), macname(mid));
copy_class(mid, class);
}
else
{
if (tTd(37, 8))
sm_dprintf("setclass(%s, %s)\n", macname(class), str);
s = stab(str, ST_CLASS, ST_ENTER);
setbitn(bitidx(class), s->s_class);
}
}
/*
** MAKEMAPENTRY -- create a map entry
**
** Parameters:
** line -- the config file line
**
** Returns:
** A pointer to the map that has been created.
** NULL if there was a syntax error.
**
** Side Effects:
** Enters the map into the dictionary.
*/
MAP *
makemapentry(line)
char *line;
{
register char *p;
char *mapname;
char *classname;
register STAB *s;
STAB *class;
- for (p = line; isascii(*p) && isspace(*p); p++)
+ for (p = line; SM_ISSPACE(*p); p++)
continue;
if (!(isascii(*p) && isalnum(*p)))
{
syserr("readcf: config K line: no map name");
return NULL;
}
mapname = p;
while ((isascii(*++p) && isalnum(*p)) || *p == '_' || *p == '.')
continue;
if (*p != '\0')
*p++ = '\0';
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (!(isascii(*p) && isalnum(*p)))
{
syserr("readcf: config K line, map %s: no map class", mapname);
return NULL;
}
classname = p;
while (isascii(*++p) && isalnum(*p))
continue;
if (*p != '\0')
*p++ = '\0';
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
/* look up the class */
class = stab(classname, ST_MAPCLASS, ST_FIND);
if (class == NULL)
{
syserr("readcf: map %s: class %s not available", mapname,
classname);
return NULL;
}
/* enter the map */
s = stab(mapname, ST_MAP, ST_ENTER);
s->s_map.map_class = &class->s_mapclass;
s->s_map.map_mname = newstr(mapname);
if (class->s_mapclass.map_parse(&s->s_map, p))
s->s_map.map_mflags |= MF_VALID;
if (tTd(37, 5))
{
sm_dprintf("map %s, class %s, flags %lx, file %s,\n",
s->s_map.map_mname, s->s_map.map_class->map_cname,
s->s_map.map_mflags, s->s_map.map_file);
sm_dprintf("\tapp %s, domain %s, rebuild %s\n",
s->s_map.map_app, s->s_map.map_domain,
s->s_map.map_rebuild);
}
return &s->s_map;
}
/*
** STRTORWSET -- convert string to rewriting set number
**
** Parameters:
** p -- the pointer to the string to decode.
** endp -- if set, store the trailing delimiter here.
** stabmode -- ST_ENTER to create this entry, ST_FIND if
** it must already exist.
**
** Returns:
** The appropriate ruleset number.
** -1 if it is not valid (error already printed)
*/
int
strtorwset(p, endp, stabmode)
char *p;
char **endp;
int stabmode;
{
int ruleset;
static int nextruleset = MAXRWSETS;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
if (!isascii(*p))
{
syserr("invalid ruleset name: \"%.20s\"", p);
return -1;
}
if (isdigit(*p))
{
ruleset = strtol(p, endp, 10);
if (ruleset >= MAXRWSETS / 2 || ruleset < 0)
{
syserr("bad ruleset %d (%d max)",
ruleset, MAXRWSETS / 2);
ruleset = -1;
}
}
else
{
STAB *s;
char delim;
char *q = NULL;
q = p;
while (*p != '\0' && isascii(*p) && (isalnum(*p) || *p == '_'))
p++;
if (q == p || !(isascii(*q) && isalpha(*q)))
{
/* no valid characters */
syserr("invalid ruleset name: \"%.20s\"", q);
return -1;
}
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
*p++ = '\0';
delim = *p;
if (delim != '\0')
*p = '\0';
s = stab(q, ST_RULESET, stabmode);
if (delim != '\0')
*p = delim;
if (s == NULL)
return -1;
if (stabmode == ST_ENTER && delim == '=')
{
while (isascii(*++p) && isspace(*p))
continue;
if (!(isascii(*p) && isdigit(*p)))
{
syserr("bad ruleset definition \"%s\" (number required after `=')", q);
ruleset = -1;
}
else
{
ruleset = strtol(p, endp, 10);
if (ruleset >= MAXRWSETS / 2 || ruleset < 0)
{
syserr("bad ruleset number %d in \"%s\" (%d max)",
ruleset, q, MAXRWSETS / 2);
ruleset = -1;
}
}
}
else
{
if (endp != NULL)
*endp = p;
if (s->s_ruleset >= 0)
ruleset = s->s_ruleset;
else if ((ruleset = --nextruleset) < MAXRWSETS / 2)
{
syserr("%s: too many named rulesets (%d max)",
q, MAXRWSETS / 2);
ruleset = -1;
}
}
if (s->s_ruleset >= 0 &&
ruleset >= 0 &&
ruleset != s->s_ruleset)
{
syserr("%s: ruleset changed value (old %d, new %d)",
q, s->s_ruleset, ruleset);
ruleset = s->s_ruleset;
}
else if (ruleset >= 0)
{
s->s_ruleset = ruleset;
}
if (stabmode == ST_ENTER && ruleset >= 0)
{
char *h = NULL;
if (RuleSetNames[ruleset] != NULL)
sm_free(RuleSetNames[ruleset]); /* XXX */
if (delim != '\0' && (h = strchr(q, delim)) != NULL)
*h = '\0';
RuleSetNames[ruleset] = newstr(q);
if (delim == '/' && h != NULL)
*h = delim; /* put back delim */
}
}
return ruleset;
}
/*
** SETTIMEOUT -- set an individual timeout
**
** Parameters:
** name -- the name of the timeout.
** val -- the value of the timeout.
** sticky -- if set, don't let other setoptions override
** this value.
**
** Returns:
** none.
*/
/* set if Timeout sub-option is stuck */
static BITMAP256 StickyTimeoutOpt;
static struct timeoutinfo
{
char *to_name; /* long name of timeout */
unsigned char to_code; /* code for option */
} TimeOutTab[] =
{
#define TO_INITIAL 0x01
{ "initial", TO_INITIAL },
#define TO_MAIL 0x02
{ "mail", TO_MAIL },
#define TO_RCPT 0x03
{ "rcpt", TO_RCPT },
#define TO_DATAINIT 0x04
{ "datainit", TO_DATAINIT },
#define TO_DATABLOCK 0x05
{ "datablock", TO_DATABLOCK },
#define TO_DATAFINAL 0x06
{ "datafinal", TO_DATAFINAL },
#define TO_COMMAND 0x07
{ "command", TO_COMMAND },
#define TO_RSET 0x08
{ "rset", TO_RSET },
#define TO_HELO 0x09
{ "helo", TO_HELO },
#define TO_QUIT 0x0A
{ "quit", TO_QUIT },
#define TO_MISC 0x0B
{ "misc", TO_MISC },
#define TO_IDENT 0x0C
{ "ident", TO_IDENT },
#define TO_FILEOPEN 0x0D
{ "fileopen", TO_FILEOPEN },
#define TO_CONNECT 0x0E
{ "connect", TO_CONNECT },
#define TO_ICONNECT 0x0F
{ "iconnect", TO_ICONNECT },
#define TO_QUEUEWARN 0x10
{ "queuewarn", TO_QUEUEWARN },
{ "queuewarn.*", TO_QUEUEWARN },
#define TO_QUEUEWARN_NORMAL 0x11
{ "queuewarn.normal", TO_QUEUEWARN_NORMAL },
#define TO_QUEUEWARN_URGENT 0x12
{ "queuewarn.urgent", TO_QUEUEWARN_URGENT },
#define TO_QUEUEWARN_NON_URGENT 0x13
{ "queuewarn.non-urgent", TO_QUEUEWARN_NON_URGENT },
#define TO_QUEUERETURN 0x14
{ "queuereturn", TO_QUEUERETURN },
{ "queuereturn.*", TO_QUEUERETURN },
#define TO_QUEUERETURN_NORMAL 0x15
{ "queuereturn.normal", TO_QUEUERETURN_NORMAL },
#define TO_QUEUERETURN_URGENT 0x16
{ "queuereturn.urgent", TO_QUEUERETURN_URGENT },
#define TO_QUEUERETURN_NON_URGENT 0x17
{ "queuereturn.non-urgent", TO_QUEUERETURN_NON_URGENT },
#define TO_HOSTSTATUS 0x18
{ "hoststatus", TO_HOSTSTATUS },
#define TO_RESOLVER_RETRANS 0x19
{ "resolver.retrans", TO_RESOLVER_RETRANS },
#define TO_RESOLVER_RETRANS_NORMAL 0x1A
{ "resolver.retrans.normal", TO_RESOLVER_RETRANS_NORMAL },
#define TO_RESOLVER_RETRANS_FIRST 0x1B
{ "resolver.retrans.first", TO_RESOLVER_RETRANS_FIRST },
#define TO_RESOLVER_RETRY 0x1C
{ "resolver.retry", TO_RESOLVER_RETRY },
#define TO_RESOLVER_RETRY_NORMAL 0x1D
{ "resolver.retry.normal", TO_RESOLVER_RETRY_NORMAL },
#define TO_RESOLVER_RETRY_FIRST 0x1E
{ "resolver.retry.first", TO_RESOLVER_RETRY_FIRST },
#define TO_CONTROL 0x1F
{ "control", TO_CONTROL },
#define TO_LHLO 0x20
{ "lhlo", TO_LHLO },
#define TO_AUTH 0x21
{ "auth", TO_AUTH },
#define TO_STARTTLS 0x22
{ "starttls", TO_STARTTLS },
#define TO_ACONNECT 0x23
{ "aconnect", TO_ACONNECT },
#define TO_QUEUEWARN_DSN 0x24
{ "queuewarn.dsn", TO_QUEUEWARN_DSN },
#define TO_QUEUERETURN_DSN 0x25
{ "queuereturn.dsn", TO_QUEUERETURN_DSN },
{ NULL, 0 },
};
static void
settimeout(name, val, sticky)
char *name;
char *val;
bool sticky;
{
register struct timeoutinfo *to;
int i, addopts;
time_t toval;
if (tTd(37, 2))
sm_dprintf("settimeout(%s = %s)", name, val);
for (to = TimeOutTab; to->to_name != NULL; to++)
{
if (sm_strcasecmp(to->to_name, name) == 0)
break;
}
if (to->to_name == NULL)
{
errno = 0; /* avoid bogus error text */
syserr("settimeout: invalid timeout %s", name);
return;
}
/*
** See if this option is preset for us.
*/
if (!sticky && bitnset(to->to_code, StickyTimeoutOpt))
{
if (tTd(37, 2))
sm_dprintf(" (ignored)\n");
return;
}
if (tTd(37, 2))
sm_dprintf("\n");
toval = convtime(val, 'm');
addopts = 0;
switch (to->to_code)
{
case TO_INITIAL:
TimeOuts.to_initial = toval;
break;
case TO_MAIL:
TimeOuts.to_mail = toval;
break;
case TO_RCPT:
TimeOuts.to_rcpt = toval;
break;
case TO_DATAINIT:
TimeOuts.to_datainit = toval;
break;
case TO_DATABLOCK:
TimeOuts.to_datablock = toval;
break;
case TO_DATAFINAL:
TimeOuts.to_datafinal = toval;
break;
case TO_COMMAND:
TimeOuts.to_nextcommand = toval;
break;
case TO_RSET:
TimeOuts.to_rset = toval;
break;
case TO_HELO:
TimeOuts.to_helo = toval;
break;
case TO_QUIT:
TimeOuts.to_quit = toval;
break;
case TO_MISC:
TimeOuts.to_miscshort = toval;
break;
case TO_IDENT:
TimeOuts.to_ident = toval;
break;
case TO_FILEOPEN:
TimeOuts.to_fileopen = toval;
break;
case TO_CONNECT:
TimeOuts.to_connect = toval;
break;
case TO_ICONNECT:
TimeOuts.to_iconnect = toval;
break;
case TO_ACONNECT:
TimeOuts.to_aconnect = toval;
break;
case TO_QUEUEWARN:
toval = convtime(val, 'h');
TimeOuts.to_q_warning[TOC_NORMAL] = toval;
TimeOuts.to_q_warning[TOC_URGENT] = toval;
TimeOuts.to_q_warning[TOC_NONURGENT] = toval;
TimeOuts.to_q_warning[TOC_DSN] = toval;
addopts = 2;
break;
case TO_QUEUEWARN_NORMAL:
toval = convtime(val, 'h');
TimeOuts.to_q_warning[TOC_NORMAL] = toval;
break;
case TO_QUEUEWARN_URGENT:
toval = convtime(val, 'h');
TimeOuts.to_q_warning[TOC_URGENT] = toval;
break;
case TO_QUEUEWARN_NON_URGENT:
toval = convtime(val, 'h');
TimeOuts.to_q_warning[TOC_NONURGENT] = toval;
break;
case TO_QUEUEWARN_DSN:
toval = convtime(val, 'h');
TimeOuts.to_q_warning[TOC_DSN] = toval;
break;
case TO_QUEUERETURN:
toval = convtime(val, 'd');
TimeOuts.to_q_return[TOC_NORMAL] = toval;
TimeOuts.to_q_return[TOC_URGENT] = toval;
TimeOuts.to_q_return[TOC_NONURGENT] = toval;
TimeOuts.to_q_return[TOC_DSN] = toval;
addopts = 2;
break;
case TO_QUEUERETURN_NORMAL:
toval = convtime(val, 'd');
TimeOuts.to_q_return[TOC_NORMAL] = toval;
break;
case TO_QUEUERETURN_URGENT:
toval = convtime(val, 'd');
TimeOuts.to_q_return[TOC_URGENT] = toval;
break;
case TO_QUEUERETURN_NON_URGENT:
toval = convtime(val, 'd');
TimeOuts.to_q_return[TOC_NONURGENT] = toval;
break;
case TO_QUEUERETURN_DSN:
toval = convtime(val, 'd');
TimeOuts.to_q_return[TOC_DSN] = toval;
break;
case TO_HOSTSTATUS:
MciInfoTimeout = toval;
break;
case TO_RESOLVER_RETRANS:
toval = convtime(val, 's');
TimeOuts.res_retrans[RES_TO_DEFAULT] = toval;
TimeOuts.res_retrans[RES_TO_FIRST] = toval;
TimeOuts.res_retrans[RES_TO_NORMAL] = toval;
addopts = 2;
break;
case TO_RESOLVER_RETRY:
i = atoi(val);
TimeOuts.res_retry[RES_TO_DEFAULT] = i;
TimeOuts.res_retry[RES_TO_FIRST] = i;
TimeOuts.res_retry[RES_TO_NORMAL] = i;
addopts = 2;
break;
case TO_RESOLVER_RETRANS_NORMAL:
TimeOuts.res_retrans[RES_TO_NORMAL] = convtime(val, 's');
break;
case TO_RESOLVER_RETRY_NORMAL:
TimeOuts.res_retry[RES_TO_NORMAL] = atoi(val);
break;
case TO_RESOLVER_RETRANS_FIRST:
TimeOuts.res_retrans[RES_TO_FIRST] = convtime(val, 's');
break;
case TO_RESOLVER_RETRY_FIRST:
TimeOuts.res_retry[RES_TO_FIRST] = atoi(val);
break;
case TO_CONTROL:
TimeOuts.to_control = toval;
break;
case TO_LHLO:
TimeOuts.to_lhlo = toval;
break;
#if SASL
case TO_AUTH:
TimeOuts.to_auth = toval;
break;
-#endif /* SASL */
+#endif
#if STARTTLS
case TO_STARTTLS:
TimeOuts.to_starttls = toval;
break;
-#endif /* STARTTLS */
+#endif
default:
syserr("settimeout: invalid timeout %s", name);
break;
}
if (sticky)
{
for (i = 0; i <= addopts; i++)
setbitn(to->to_code + i, StickyTimeoutOpt);
}
}
/*
** INITTIMEOUTS -- parse and set timeout values
**
** Parameters:
** val -- a pointer to the values. If NULL, do initial
** settings.
** sticky -- if set, don't let other setoptions override
** this suboption value.
**
** Returns:
** none.
**
** Side Effects:
** Initializes the TimeOuts structure
*/
void
inittimeouts(val, sticky)
register char *val;
bool sticky;
{
register char *p;
if (tTd(37, 2))
sm_dprintf("inittimeouts(%s)\n", val == NULL ? "<NULL>" : val);
if (val == NULL)
{
TimeOuts.to_connect = (time_t) 0 SECONDS;
TimeOuts.to_aconnect = (time_t) 0 SECONDS;
TimeOuts.to_iconnect = (time_t) 0 SECONDS;
TimeOuts.to_initial = (time_t) 5 MINUTES;
TimeOuts.to_helo = (time_t) 5 MINUTES;
TimeOuts.to_mail = (time_t) 10 MINUTES;
TimeOuts.to_rcpt = (time_t) 1 HOUR;
TimeOuts.to_datainit = (time_t) 5 MINUTES;
TimeOuts.to_datablock = (time_t) 1 HOUR;
TimeOuts.to_datafinal = (time_t) 1 HOUR;
TimeOuts.to_rset = (time_t) 5 MINUTES;
TimeOuts.to_quit = (time_t) 2 MINUTES;
TimeOuts.to_nextcommand = (time_t) 1 HOUR;
TimeOuts.to_miscshort = (time_t) 2 MINUTES;
#if IDENTPROTO
TimeOuts.to_ident = (time_t) 5 SECONDS;
-#else /* IDENTPROTO */
+#else
TimeOuts.to_ident = (time_t) 0 SECONDS;
-#endif /* IDENTPROTO */
+#endif
TimeOuts.to_fileopen = (time_t) 60 SECONDS;
TimeOuts.to_control = (time_t) 2 MINUTES;
TimeOuts.to_lhlo = (time_t) 2 MINUTES;
#if SASL
TimeOuts.to_auth = (time_t) 10 MINUTES;
-#endif /* SASL */
+#endif
#if STARTTLS
TimeOuts.to_starttls = (time_t) 1 HOUR;
-#endif /* STARTTLS */
+#endif
if (tTd(37, 5))
{
sm_dprintf("Timeouts:\n");
sm_dprintf(" connect = %ld\n",
(long) TimeOuts.to_connect);
sm_dprintf(" aconnect = %ld\n",
(long) TimeOuts.to_aconnect);
sm_dprintf(" initial = %ld\n",
(long) TimeOuts.to_initial);
sm_dprintf(" helo = %ld\n", (long) TimeOuts.to_helo);
sm_dprintf(" mail = %ld\n", (long) TimeOuts.to_mail);
sm_dprintf(" rcpt = %ld\n", (long) TimeOuts.to_rcpt);
sm_dprintf(" datainit = %ld\n",
(long) TimeOuts.to_datainit);
sm_dprintf(" datablock = %ld\n",
(long) TimeOuts.to_datablock);
sm_dprintf(" datafinal = %ld\n",
(long) TimeOuts.to_datafinal);
sm_dprintf(" rset = %ld\n", (long) TimeOuts.to_rset);
sm_dprintf(" quit = %ld\n", (long) TimeOuts.to_quit);
sm_dprintf(" nextcommand = %ld\n",
(long) TimeOuts.to_nextcommand);
sm_dprintf(" miscshort = %ld\n",
(long) TimeOuts.to_miscshort);
sm_dprintf(" ident = %ld\n", (long) TimeOuts.to_ident);
sm_dprintf(" fileopen = %ld\n",
(long) TimeOuts.to_fileopen);
sm_dprintf(" lhlo = %ld\n",
(long) TimeOuts.to_lhlo);
sm_dprintf(" control = %ld\n",
(long) TimeOuts.to_control);
}
return;
}
for (;; val = p)
{
- while (isascii(*val) && isspace(*val))
+ while (SM_ISSPACE(*val))
val++;
if (*val == '\0')
break;
for (p = val; *p != '\0' && *p != ','; p++)
continue;
if (*p != '\0')
*p++ = '\0';
if (isascii(*val) && isdigit(*val))
{
/* old syntax -- set everything */
TimeOuts.to_mail = convtime(val, 'm');
TimeOuts.to_rcpt = TimeOuts.to_mail;
TimeOuts.to_datainit = TimeOuts.to_mail;
TimeOuts.to_datablock = TimeOuts.to_mail;
TimeOuts.to_datafinal = TimeOuts.to_mail;
TimeOuts.to_nextcommand = TimeOuts.to_mail;
if (sticky)
{
setbitn(TO_MAIL, StickyTimeoutOpt);
setbitn(TO_RCPT, StickyTimeoutOpt);
setbitn(TO_DATAINIT, StickyTimeoutOpt);
setbitn(TO_DATABLOCK, StickyTimeoutOpt);
setbitn(TO_DATAFINAL, StickyTimeoutOpt);
setbitn(TO_COMMAND, StickyTimeoutOpt);
}
continue;
}
else
{
register char *q = strchr(val, ':');
if (q == NULL && (q = strchr(val, '=')) == NULL)
{
/* syntax error */
continue;
}
*q++ = '\0';
settimeout(val, q, sticky);
}
}
}
diff --git a/src/recipient.c b/src/recipient.c
index 3fad95717d6b..eb325a6de385 100644
--- a/src/recipient.c
+++ b/src/recipient.c
@@ -1,2072 +1,2077 @@
/*
* Copyright (c) 1998-2003, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: recipient.c,v 8.351 2013-11-22 20:51:56 ca Exp $")
static void includetimeout __P((int));
static ADDRESS *self_reference __P((ADDRESS *));
static int sortexpensive __P((ADDRESS *, ADDRESS *));
static int sortbysignature __P((ADDRESS *, ADDRESS *));
static int sorthost __P((ADDRESS *, ADDRESS *));
typedef int sortfn_t __P((ADDRESS *, ADDRESS *));
/*
** SORTHOST -- strcmp()-like func for host portion of an ADDRESS
**
** Parameters:
** xx -- first ADDRESS
** yy -- second ADDRESS
**
** Returns:
** <0 when xx->q_host is less than yy->q_host
** >0 when xx->q_host is greater than yy->q_host
** 0 when equal
*/
static int
sorthost(xx, yy)
register ADDRESS *xx;
register ADDRESS *yy;
{
#if _FFR_HOST_SORT_REVERSE
/* XXX maybe compare hostnames from the end? */
return sm_strrevcasecmp(xx->q_host, yy->q_host);
-#else /* _FFR_HOST_SORT_REVERSE */
+#else
return sm_strcasecmp(xx->q_host, yy->q_host);
-#endif /* _FFR_HOST_SORT_REVERSE */
+#endif
}
/*
** SORTEXPENSIVE -- strcmp()-like func for expensive mailers
**
** The mailer has been noted already as "expensive" for 'xx'. This
** will give a result relative to 'yy'. Expensive mailers get rated
** "greater than" non-expensive mailers because during the delivery phase
** it will get queued -- no use it getting in the way of less expensive
** recipients. We avoid an MX RR lookup when both 'xx' and 'yy' are
** expensive since an MX RR lookup happens when extracted from the queue
** later.
**
** Parameters:
** xx -- first ADDRESS
** yy -- second ADDRESS
**
** Returns:
** <0 when xx->q_host is less than yy->q_host and both are
** expensive
** >0 when xx->q_host is greater than yy->q_host, or when
** 'yy' is non-expensive
** 0 when equal (by expense and q_host)
*/
static int
sortexpensive(xx, yy)
ADDRESS *xx;
ADDRESS *yy;
{
if (!bitnset(M_EXPENSIVE, yy->q_mailer->m_flags))
return 1; /* xx should go later */
#if _FFR_HOST_SORT_REVERSE
/* XXX maybe compare hostnames from the end? */
return sm_strrevcasecmp(xx->q_host, yy->q_host);
-#else /* _FFR_HOST_SORT_REVERSE */
+#else
return sm_strcasecmp(xx->q_host, yy->q_host);
-#endif /* _FFR_HOST_SORT_REVERSE */
+#endif
}
/*
** SORTBYSIGNATURE -- a strcmp()-like func for q_mailer and q_host in ADDRESS
**
** Parameters:
** xx -- first ADDRESS
** yy -- second ADDRESS
**
** Returns:
** 0 when the "signature"'s are same
** <0 when xx->q_signature is less than yy->q_signature
** >0 when xx->q_signature is greater than yy->q_signature
**
** Side Effect:
** May set ADDRESS pointer for q_signature if not already set.
*/
static int
sortbysignature(xx, yy)
ADDRESS *xx;
ADDRESS *yy;
{
register int ret;
/* Let's avoid redoing the signature over and over again */
if (xx->q_signature == NULL)
- xx->q_signature = hostsignature(xx->q_mailer, xx->q_host);
+ xx->q_signature = hostsignature(xx->q_mailer, xx->q_host, xx->q_flags & QSECURE);
if (yy->q_signature == NULL)
- yy->q_signature = hostsignature(yy->q_mailer, yy->q_host);
+ yy->q_signature = hostsignature(yy->q_mailer, yy->q_host, yy->q_flags & QSECURE);
ret = strcmp(xx->q_signature, yy->q_signature);
/*
** If the two signatures are the same then we will return a sort
** value based on 'q_user'. But note that we have reversed xx and yy
** on purpose. This additional compare helps reduce the number of
** sameaddr() calls and loops in recipient() for the case when
** the rcpt list has been provided already in-order.
*/
if (ret == 0)
return strcmp(yy->q_user, xx->q_user);
else
return ret;
}
/*
** SENDTOLIST -- Designate a send list.
**
** The parameter is a comma-separated list of people to send to.
** This routine arranges to send to all of them.
**
** Parameters:
** list -- the send list.
** ctladdr -- the address template for the person to
** send to -- effective uid/gid are important.
** This is typically the alias that caused this
** expansion.
** sendq -- a pointer to the head of a queue to put
** these people into.
** aliaslevel -- the current alias nesting depth -- to
** diagnose loops.
** e -- the envelope in which to add these recipients.
**
** Returns:
** The number of addresses actually on the list.
*/
/* q_flags bits inherited from ctladdr */
#define QINHERITEDBITS (QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY|QHASNOTIFY)
int
sendtolist(list, ctladdr, sendq, aliaslevel, e)
char *list;
ADDRESS *ctladdr;
ADDRESS **sendq;
int aliaslevel;
register ENVELOPE *e;
{
register char *p;
register ADDRESS *SM_NONVOLATILE al; /* list of addresses to send to */
SM_NONVOLATILE char delimiter; /* the address delimiter */
SM_NONVOLATILE int naddrs;
SM_NONVOLATILE int i;
char *endp;
char *oldto = e->e_to;
char *SM_NONVOLATILE bufp;
char buf[MAXNAME + 1];
if (list == NULL)
{
syserr("sendtolist: null list");
return 0;
}
if (tTd(25, 1))
{
sm_dprintf("sendto: %s\n ctladdr=", list);
printaddr(sm_debug_file(), ctladdr, false);
}
/* heuristic to determine old versus new style addresses */
if (ctladdr == NULL &&
(strchr(list, ',') != NULL || strchr(list, ';') != NULL ||
strchr(list, '<') != NULL || strchr(list, '(') != NULL))
e->e_flags &= ~EF_OLDSTYLE;
delimiter = ' ';
if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL)
delimiter = ',';
al = NULL;
naddrs = 0;
/* make sure we have enough space to copy the string */
i = strlen(list) + 1;
if (i <= sizeof(buf))
{
bufp = buf;
i = sizeof(buf);
}
else
bufp = sm_malloc_x(i);
endp = bufp + i;
SM_TRY
{
(void) sm_strlcpy(bufp, denlstring(list, false, true), i);
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e r");
for (p = bufp; *p != '\0'; )
{
auto char *delimptr;
register ADDRESS *a;
SM_ASSERT(p < endp);
/* parse the address */
- while ((isascii(*p) && isspace(*p)) || *p == ',')
+ while ((SM_ISSPACE(*p)) || *p == ',')
p++;
SM_ASSERT(p < endp);
a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter,
&delimptr, e, true);
p = delimptr;
SM_ASSERT(p < endp);
if (a == NULL)
continue;
a->q_next = al;
a->q_alias = ctladdr;
/* arrange to inherit attributes from parent */
if (ctladdr != NULL)
{
ADDRESS *b;
/* self reference test */
if (sameaddr(ctladdr, a))
{
if (tTd(27, 5))
{
sm_dprintf("sendtolist: QSELFREF ");
printaddr(sm_debug_file(), ctladdr, false);
}
ctladdr->q_flags |= QSELFREF;
}
/* check for address loops */
b = self_reference(a);
if (b != NULL)
{
b->q_flags |= QSELFREF;
if (tTd(27, 5))
{
sm_dprintf("sendtolist: QSELFREF ");
printaddr(sm_debug_file(), b, false);
}
if (a != b)
{
if (tTd(27, 5))
{
sm_dprintf("sendtolist: QS_DONTSEND ");
printaddr(sm_debug_file(), a, false);
}
a->q_state = QS_DONTSEND;
b->q_flags |= a->q_flags & QNOTREMOTE;
continue;
}
}
/* full name */
if (a->q_fullname == NULL)
a->q_fullname = ctladdr->q_fullname;
/* various flag bits */
a->q_flags &= ~QINHERITEDBITS;
a->q_flags |= ctladdr->q_flags & QINHERITEDBITS;
/* DSN recipient information */
a->q_finalrcpt = ctladdr->q_finalrcpt;
a->q_orcpt = ctladdr->q_orcpt;
}
al = a;
}
/* arrange to send to everyone on the local send list */
while (al != NULL)
{
register ADDRESS *a = al;
al = a->q_next;
a = recipient(a, sendq, aliaslevel, e);
naddrs++;
}
}
SM_FINALLY
{
e->e_to = oldto;
if (bufp != buf)
sm_free(bufp);
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
}
SM_END_TRY
return naddrs;
}
#if MILTER
/*
** REMOVEFROMLIST -- Remove addresses from a send list.
**
** The parameter is a comma-separated list of recipients to remove.
** Note that it only deletes matching addresses. If those addresses
** have been expanded already in the sendq, it won't mark the
** expanded recipients as QS_REMOVED.
**
** Parameters:
** list -- the list to remove.
** sendq -- a pointer to the head of a queue to remove
** these addresses from.
** e -- the envelope in which to remove these recipients.
**
** Returns:
** The number of addresses removed from the list.
**
*/
int
removefromlist(list, sendq, e)
char *list;
ADDRESS **sendq;
ENVELOPE *e;
{
SM_NONVOLATILE char delimiter; /* the address delimiter */
SM_NONVOLATILE int naddrs;
SM_NONVOLATILE int i;
char *p;
char *oldto = e->e_to;
char *SM_NONVOLATILE bufp;
char buf[MAXNAME + 1];
if (list == NULL)
{
syserr("removefromlist: null list");
return 0;
}
if (tTd(25, 1))
sm_dprintf("removefromlist: %s\n", list);
/* heuristic to determine old versus new style addresses */
if (strchr(list, ',') != NULL || strchr(list, ';') != NULL ||
strchr(list, '<') != NULL || strchr(list, '(') != NULL)
e->e_flags &= ~EF_OLDSTYLE;
delimiter = ' ';
if (!bitset(EF_OLDSTYLE, e->e_flags))
delimiter = ',';
naddrs = 0;
/* make sure we have enough space to copy the string */
i = strlen(list) + 1;
if (i <= sizeof(buf))
{
bufp = buf;
i = sizeof(buf);
}
else
bufp = sm_malloc_x(i);
SM_TRY
{
(void) sm_strlcpy(bufp, denlstring(list, false, true), i);
#if _FFR_ADDR_TYPE_MODES
if (AddrTypeModes)
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"),
"e r d");
else
#endif /* _FFR_ADDR_TYPE_MODES */
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e r");
for (p = bufp; *p != '\0'; )
{
ADDRESS a; /* parsed address to be removed */
ADDRESS *q;
ADDRESS **pq;
char *delimptr;
/* parse the address */
- while ((isascii(*p) && isspace(*p)) || *p == ',')
+ while ((SM_ISSPACE(*p)) || *p == ',')
p++;
if (parseaddr(p, &a, RF_COPYALL|RF_RM_ADDR,
delimiter, &delimptr, e, true) == NULL)
{
p = delimptr;
continue;
}
p = delimptr;
for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
{
if (!QS_IS_DEAD(q->q_state) &&
(sameaddr(q, &a) ||
strcmp(q->q_paddr, a.q_paddr) == 0))
{
if (tTd(25, 5))
{
sm_dprintf("removefromlist: QS_REMOVED ");
printaddr(sm_debug_file(), &a, false);
}
q->q_state = QS_REMOVED;
naddrs++;
break;
}
}
}
}
SM_FINALLY
{
e->e_to = oldto;
if (bufp != buf)
sm_free(bufp);
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
}
SM_END_TRY
return naddrs;
}
#endif /* MILTER */
/*
** RECIPIENT -- Designate a message recipient
** Saves the named person for future mailing (after some checks).
**
** Parameters:
** new -- the (preparsed) address header for the recipient.
** sendq -- a pointer to the head of a queue to put the
** recipient in. Duplicate suppression is done
** in this queue.
** aliaslevel -- the current alias nesting depth.
** e -- the current envelope.
**
** Returns:
** The actual address in the queue. This will be "a" if
** the address is not a duplicate, else the original address.
**
*/
ADDRESS *
recipient(new, sendq, aliaslevel, e)
register ADDRESS *new;
register ADDRESS **sendq;
int aliaslevel;
register ENVELOPE *e;
{
register ADDRESS *q;
ADDRESS **pq;
ADDRESS **prev;
register struct mailer *m;
register char *p;
int i, buflen;
bool quoted; /* set if the addr has a quote bit */
bool insert;
int findusercount;
bool initialdontsend;
char *buf;
char buf0[MAXNAME + 1]; /* unquoted image of the user name */
sortfn_t *sortfn;
p = NULL;
quoted = false;
insert = false;
findusercount = 0;
initialdontsend = QS_IS_DEAD(new->q_state);
e->e_to = new->q_paddr;
m = new->q_mailer;
errno = 0;
if (aliaslevel == 0)
new->q_flags |= QPRIMARY;
if (tTd(26, 1))
{
sm_dprintf("\nrecipient (%d): ", aliaslevel);
printaddr(sm_debug_file(), new, false);
}
/* if this is primary, use it as original recipient */
if (new->q_alias == NULL)
{
if (e->e_origrcpt == NULL)
e->e_origrcpt = new->q_paddr;
else if (e->e_origrcpt != new->q_paddr)
e->e_origrcpt = "";
}
/* find parent recipient for finalrcpt and orcpt */
for (q = new; q->q_alias != NULL; q = q->q_alias)
continue;
/* find final recipient DSN address */
if (new->q_finalrcpt == NULL &&
e->e_from.q_mailer != NULL)
{
char frbuf[MAXLINE];
p = e->e_from.q_mailer->m_addrtype;
if (p == NULL)
p = "rfc822";
+#if _FFR_EAI
+ if (sm_strcasecmp(p, "rfc822") == 0 &&
+ !addr_is_ascii(q->q_user))
+ p = "utf-8";
+#endif
if (sm_strcasecmp(p, "rfc822") != 0)
{
(void) sm_snprintf(frbuf, sizeof(frbuf), "%s; %.800s",
q->q_mailer->m_addrtype,
q->q_user);
}
else if (strchr(q->q_user, '@') != NULL)
{
(void) sm_snprintf(frbuf, sizeof(frbuf), "%s; %.800s",
p, q->q_user);
}
else if (strchr(q->q_paddr, '@') != NULL)
{
char *qp;
bool b;
qp = q->q_paddr;
/* strip brackets from address */
b = false;
if (*qp == '<')
{
b = qp[strlen(qp) - 1] == '>';
if (b)
qp[strlen(qp) - 1] = '\0';
qp++;
}
(void) sm_snprintf(frbuf, sizeof(frbuf), "%s; %.800s",
p, qp);
/* undo damage */
if (b)
qp[strlen(qp)] = '>';
}
else
{
(void) sm_snprintf(frbuf, sizeof(frbuf),
"%s; %.700s@%.100s",
p, q->q_user, MyHostName);
}
new->q_finalrcpt = sm_rpool_strdup_x(e->e_rpool, frbuf);
}
#if _FFR_GEN_ORCPT
/* set ORCPT DSN arg if not already set */
if (new->q_orcpt == NULL)
{
/* check for an existing ORCPT */
if (q->q_orcpt != NULL)
new->q_orcpt = q->q_orcpt;
else
{
/* make our own */
bool b = false;
char *qp;
char obuf[MAXLINE];
if (e->e_from.q_mailer != NULL)
p = e->e_from.q_mailer->m_addrtype;
if (p == NULL)
p = "rfc822";
(void) sm_strlcpyn(obuf, sizeof(obuf), 2, p, ";");
qp = q->q_paddr;
/* FFR: Needs to strip comments from stdin addrs */
/* strip brackets from address */
if (*qp == '<')
{
b = qp[strlen(qp) - 1] == '>';
if (b)
qp[strlen(qp) - 1] = '\0';
qp++;
}
p = xtextify(denlstring(qp, true, false), "=");
if (sm_strlcat(obuf, p, sizeof(obuf)) >= sizeof(obuf))
{
/* if too big, don't use it */
obuf[0] = '\0';
}
/* undo damage */
if (b)
qp[strlen(qp)] = '>';
if (obuf[0] != '\0')
new->q_orcpt =
sm_rpool_strdup_x(e->e_rpool, obuf);
}
}
#endif /* _FFR_GEN_ORCPT */
/* break aliasing loops */
if (aliaslevel > MaxAliasRecursion)
{
new->q_state = QS_BADADDR;
new->q_status = "5.4.6";
if (new->q_alias != NULL)
{
new->q_alias->q_state = QS_BADADDR;
new->q_alias->q_status = "5.4.6";
}
if ((SuprErrs || !LogUsrErrs) && LogLevel > 0)
{
sm_syslog(LOG_ERR, e->e_id,
"aliasing/forwarding loop broken: %s (%d aliases deep; %d max)",
FileName != NULL ? FileName : "", aliaslevel,
MaxAliasRecursion);
}
usrerrenh(new->q_status,
"554 aliasing/forwarding loop broken (%d aliases deep; %d max)",
aliaslevel, MaxAliasRecursion);
return new;
}
/*
** Finish setting up address structure.
*/
/* get unquoted user for file, program or user.name check */
i = strlen(new->q_user);
if (i >= sizeof(buf0))
{
buflen = i + 1;
buf = xalloc(buflen);
}
else
{
buf = buf0;
buflen = sizeof(buf0);
}
(void) sm_strlcpy(buf, new->q_user, buflen);
for (p = buf; *p != '\0' && !quoted; p++)
{
if (*p == '\\')
quoted = true;
}
stripquotes(buf);
/* check for direct mailing to restricted mailers */
if (m == ProgMailer)
{
if (new->q_alias == NULL || UseMSP ||
bitset(EF_UNSAFE, e->e_flags))
{
new->q_state = QS_BADADDR;
new->q_status = "5.7.1";
usrerrenh(new->q_status,
"550 Cannot mail directly to programs");
}
else if (bitset(QBOGUSSHELL, new->q_alias->q_flags))
{
new->q_state = QS_BADADDR;
new->q_status = "5.7.1";
if (new->q_alias->q_ruser == NULL)
usrerrenh(new->q_status,
"550 UID %ld is an unknown user: cannot mail to programs",
(long) new->q_alias->q_uid);
else
usrerrenh(new->q_status,
"550 User %s@%s doesn't have a valid shell for mailing to programs",
new->q_alias->q_ruser, MyHostName);
}
else if (bitset(QUNSAFEADDR, new->q_alias->q_flags))
{
new->q_state = QS_BADADDR;
new->q_status = "5.7.1";
new->q_rstatus = "550 Unsafe for mailing to programs";
usrerrenh(new->q_status,
"550 Address %s is unsafe for mailing to programs",
new->q_alias->q_paddr);
}
}
/*
** Look up this person in the recipient list.
** If they are there already, return, otherwise continue.
** If the list is empty, just add it. Notice the cute
** hack to make from addresses suppress things correctly:
** the QS_DUPLICATE state will be set in the send list.
** [Please note: the emphasis is on "hack."]
*/
prev = NULL;
/*
** If this message is going to the queue or FastSplit is set
** and it is the first try and the envelope hasn't split, then we
** avoid doing an MX RR lookup now because one will be done when the
** message is extracted from the queue later. It can go to the queue
** because all messages are going to the queue or this mailer of
** the current recipient is marked expensive.
*/
if (UseMSP || WILL_BE_QUEUED(e->e_sendmode) ||
(!bitset(EF_SPLIT, e->e_flags) && e->e_ntries == 0 &&
FastSplit > 0))
sortfn = sorthost;
else if (NoConnect && bitnset(M_EXPENSIVE, new->q_mailer->m_flags))
sortfn = sortexpensive;
else
sortfn = sortbysignature;
for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next)
{
/*
** If address is "less than" it should be inserted now.
** If address is "greater than" current comparison it'll
** insert later in the list; so loop again (if possible).
** If address is "equal" (different equal than sameaddr()
** call) then check if sameaddr() will be true.
** Because this list is now sorted, it'll mean fewer
** comparisons and fewer loops which is important for more
** recipients.
*/
i = (*sortfn)(new, q);
if (i == 0) /* equal */
{
/*
** Sortbysignature() has said that the two have
** equal MX RR's and the same user. Calling sameaddr()
** now checks if the two hosts are as identical as the
** MX RR's are (which might not be the case)
** before saying these are the identical addresses.
*/
if (sameaddr(q, new) &&
(bitset(QRCPTOK, q->q_flags) ||
!bitset(QPRIMARY, q->q_flags)))
{
if (tTd(26, 1))
{
sm_dprintf("%s in sendq: ",
new->q_paddr);
printaddr(sm_debug_file(), q, false);
}
if (!bitset(QPRIMARY, q->q_flags))
{
if (!QS_IS_DEAD(new->q_state))
message("duplicate suppressed");
else
q->q_state = QS_DUPLICATE;
q->q_flags |= new->q_flags;
}
else if (bitset(QSELFREF, q->q_flags)
|| q->q_state == QS_REMOVED)
{
/*
** If an earlier milter removed the
** address, a later one can still add
** it back.
*/
q->q_state = new->q_state;
q->q_flags |= new->q_flags;
}
new = q;
goto done;
}
}
else if (i < 0) /* less than */
{
insert = true;
break;
}
prev = pq;
}
/* pq should point to an address, never NULL */
SM_ASSERT(pq != NULL);
/* add address on list */
if (insert)
{
/*
** insert before 'pq'. Only possible when at least 1
** ADDRESS is in the list already.
*/
new->q_next = *pq;
if (prev == NULL)
*sendq = new; /* To be the first ADDRESS */
else
(*prev)->q_next = new;
}
else
{
/*
** Place in list at current 'pq' position. Possible
** when there are 0 or more ADDRESS's in the list.
*/
new->q_next = NULL;
*pq = new;
}
/* added a new address: clear split flag */
e->e_flags &= ~EF_SPLIT;
/*
** Alias the name and handle special mailer types.
*/
trylocaluser:
if (tTd(29, 7))
{
sm_dprintf("at trylocaluser: ");
printaddr(sm_debug_file(), new, false);
}
if (!QS_IS_OK(new->q_state))
{
if (QS_IS_UNDELIVERED(new->q_state))
e->e_nrcpts++;
goto testselfdestruct;
}
if (m == InclMailer)
{
new->q_state = QS_INCLUDED;
if (new->q_alias == NULL || UseMSP ||
bitset(EF_UNSAFE, e->e_flags))
{
new->q_state = QS_BADADDR;
new->q_status = "5.7.1";
usrerrenh(new->q_status,
"550 Cannot mail directly to :include:s");
}
else
{
int ret;
message("including file %s", new->q_user);
ret = include(new->q_user, false, new,
sendq, aliaslevel, e);
if (transienterror(ret))
{
if (LogLevel > 2)
sm_syslog(LOG_ERR, e->e_id,
"include %s: transient error: %s",
shortenstring(new->q_user,
MAXSHORTSTR),
sm_errstring(ret));
new->q_state = QS_QUEUEUP;
usrerr("451 4.2.4 Cannot open %s: %s",
shortenstring(new->q_user,
MAXSHORTSTR),
sm_errstring(ret));
}
else if (ret != 0)
{
new->q_state = QS_BADADDR;
new->q_status = "5.2.4";
usrerrenh(new->q_status,
"550 Cannot open %s: %s",
shortenstring(new->q_user,
MAXSHORTSTR),
sm_errstring(ret));
}
}
}
else if (m == FileMailer)
{
/* check if allowed */
if (new->q_alias == NULL || UseMSP ||
bitset(EF_UNSAFE, e->e_flags))
{
new->q_state = QS_BADADDR;
new->q_status = "5.7.1";
usrerrenh(new->q_status,
"550 Cannot mail directly to files");
}
else if (bitset(QBOGUSSHELL, new->q_alias->q_flags))
{
new->q_state = QS_BADADDR;
new->q_status = "5.7.1";
if (new->q_alias->q_ruser == NULL)
usrerrenh(new->q_status,
"550 UID %ld is an unknown user: cannot mail to files",
(long) new->q_alias->q_uid);
else
usrerrenh(new->q_status,
"550 User %s@%s doesn't have a valid shell for mailing to files",
new->q_alias->q_ruser, MyHostName);
}
else if (bitset(QUNSAFEADDR, new->q_alias->q_flags))
{
new->q_state = QS_BADADDR;
new->q_status = "5.7.1";
new->q_rstatus = "550 Unsafe for mailing to files";
usrerrenh(new->q_status,
"550 Address %s is unsafe for mailing to files",
new->q_alias->q_paddr);
}
}
/* try aliasing */
if (!quoted && QS_IS_OK(new->q_state) &&
bitnset(M_ALIASABLE, m->m_flags))
alias(new, sendq, aliaslevel, e);
#if USERDB
/* if not aliased, look it up in the user database */
if (!bitset(QNOTREMOTE, new->q_flags) &&
QS_IS_SENDABLE(new->q_state) &&
bitnset(M_CHECKUDB, m->m_flags))
{
if (udbexpand(new, sendq, aliaslevel, e) == EX_TEMPFAIL)
{
new->q_state = QS_QUEUEUP;
if (e->e_message == NULL)
e->e_message = sm_rpool_strdup_x(e->e_rpool,
"Deferred: user database error");
if (new->q_message == NULL)
new->q_message = "Deferred: user database error";
if (LogLevel > 8)
sm_syslog(LOG_INFO, e->e_id,
"deferred: udbexpand: %s",
sm_errstring(errno));
message("queued (user database error): %s",
sm_errstring(errno));
e->e_nrcpts++;
goto testselfdestruct;
}
}
#endif /* USERDB */
/*
** If we have a level two config file, then pass the name through
** Ruleset 5 before sending it off. Ruleset 5 has the right
** to rewrite it to another mailer. This gives us a hook
** after local aliasing has been done.
*/
if (tTd(29, 5))
{
sm_dprintf("recipient: testing local? cl=%d, rr5=%p\n\t",
- ConfigLevel, RewriteRules[5]);
+ ConfigLevel, (void *)RewriteRules[5]);
printaddr(sm_debug_file(), new, false);
}
if (ConfigLevel >= 2 && RewriteRules[5] != NULL &&
bitnset(M_TRYRULESET5, m->m_flags) &&
!bitset(QNOTREMOTE, new->q_flags) &&
QS_IS_OK(new->q_state))
{
maplocaluser(new, sendq, aliaslevel + 1, e);
}
/*
** If it didn't get rewritten to another mailer, go ahead
** and deliver it.
*/
if (QS_IS_OK(new->q_state) &&
bitnset(M_HASPWENT, m->m_flags))
{
auto bool fuzzy;
SM_MBDB_T user;
int status;
/* warning -- finduser may trash buf */
status = finduser(buf, &fuzzy, &user);
switch (status)
{
case EX_TEMPFAIL:
new->q_state = QS_QUEUEUP;
new->q_status = "4.5.2";
giveresponse(EX_TEMPFAIL, new->q_status, m, NULL,
new->q_alias, (time_t) 0, e, new);
break;
default:
new->q_state = QS_BADADDR;
new->q_status = "5.1.1";
new->q_rstatus = "550 5.1.1 User unknown";
giveresponse(EX_NOUSER, new->q_status, m, NULL,
new->q_alias, (time_t) 0, e, new);
break;
case EX_OK:
if (fuzzy)
{
/* name was a fuzzy match */
new->q_user = sm_rpool_strdup_x(e->e_rpool,
user.mbdb_name);
if (findusercount++ > 3)
{
new->q_state = QS_BADADDR;
new->q_status = "5.4.6";
usrerrenh(new->q_status,
"554 aliasing/forwarding loop for %s broken",
user.mbdb_name);
goto done;
}
/* see if it aliases */
(void) sm_strlcpy(buf, user.mbdb_name, buflen);
goto trylocaluser;
}
if (*user.mbdb_homedir == '\0')
new->q_home = NULL;
else if (strcmp(user.mbdb_homedir, "/") == 0)
new->q_home = "";
else
new->q_home = sm_rpool_strdup_x(e->e_rpool,
user.mbdb_homedir);
if (user.mbdb_uid != SM_NO_UID)
{
new->q_uid = user.mbdb_uid;
new->q_gid = user.mbdb_gid;
new->q_flags |= QGOODUID;
}
new->q_ruser = sm_rpool_strdup_x(e->e_rpool,
user.mbdb_name);
if (user.mbdb_fullname[0] != '\0')
new->q_fullname = sm_rpool_strdup_x(e->e_rpool,
user.mbdb_fullname);
if (!usershellok(user.mbdb_name, user.mbdb_shell))
{
new->q_flags |= QBOGUSSHELL;
}
if (bitset(EF_VRFYONLY, e->e_flags))
{
/* don't do any more now */
new->q_state = QS_VERIFIED;
}
else if (!quoted)
forward(new, sendq, aliaslevel, e);
}
}
if (!QS_IS_DEAD(new->q_state))
e->e_nrcpts++;
testselfdestruct:
new->q_flags |= QTHISPASS;
if (tTd(26, 8))
{
sm_dprintf("testselfdestruct: ");
printaddr(sm_debug_file(), new, false);
if (tTd(26, 10))
{
sm_dprintf("SENDQ:\n");
printaddr(sm_debug_file(), *sendq, true);
sm_dprintf("----\n");
}
}
if (new->q_alias == NULL && new != &e->e_from &&
QS_IS_DEAD(new->q_state))
{
for (q = *sendq; q != NULL; q = q->q_next)
{
if (!QS_IS_DEAD(q->q_state))
break;
}
if (q == NULL)
{
new->q_state = QS_BADADDR;
new->q_status = "5.4.6";
usrerrenh(new->q_status,
"554 aliasing/forwarding loop broken");
}
}
done:
new->q_flags |= QTHISPASS;
if (buf != buf0)
sm_free(buf); /* XXX leak if above code raises exception */
/*
** If we are at the top level, check to see if this has
** expanded to exactly one address. If so, it can inherit
** the primaryness of the address.
**
** While we're at it, clear the QTHISPASS bits.
*/
if (aliaslevel == 0)
{
int nrcpts = 0;
ADDRESS *only = NULL;
for (q = *sendq; q != NULL; q = q->q_next)
{
if (bitset(QTHISPASS, q->q_flags) &&
QS_IS_SENDABLE(q->q_state))
{
nrcpts++;
only = q;
}
q->q_flags &= ~QTHISPASS;
}
if (nrcpts == 1)
{
/* check to see if this actually got a new owner */
q = only;
while ((q = q->q_alias) != NULL)
{
if (q->q_owner != NULL)
break;
}
if (q == NULL)
only->q_flags |= QPRIMARY;
}
else if (!initialdontsend && nrcpts > 0)
{
/* arrange for return receipt */
e->e_flags |= EF_SENDRECEIPT;
new->q_flags |= QEXPANDED;
if (e->e_xfp != NULL &&
bitset(QPINGONSUCCESS, new->q_flags))
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"%s... expanded to multiple addresses\n",
new->q_paddr);
}
}
new->q_flags |= QRCPTOK;
(void) sm_snprintf(buf0, sizeof(buf0), "%d", e->e_nrcpts);
macdefine(&e->e_macro, A_TEMP, macid("{nrcpts}"), buf0);
return new;
}
/*
** FINDUSER -- find the password entry for a user.
**
** This looks a lot like getpwnam, except that it may want to
** do some fancier pattern matching in /etc/passwd.
**
** This routine contains most of the time of many sendmail runs.
** It deserves to be optimized.
**
** Parameters:
** name -- the name to match against.
** fuzzyp -- an outarg that is set to true if this entry
** was found using the fuzzy matching algorithm;
** set to false otherwise.
** user -- structure to fill in if user is found
**
** Returns:
** On success, fill in *user, set *fuzzyp and return EX_OK.
** If the user was not found, return EX_NOUSER.
** On error, return EX_TEMPFAIL or EX_OSERR.
**
** Side Effects:
** may modify name.
*/
int
finduser(name, fuzzyp, user)
char *name;
bool *fuzzyp;
SM_MBDB_T *user;
{
#if MATCHGECOS
register struct passwd *pw;
-#endif /* MATCHGECOS */
+#endif
register char *p;
bool tryagain;
int status;
if (tTd(29, 4))
sm_dprintf("finduser(%s): ", name);
*fuzzyp = false;
#if HESIOD && !HESIOD_ALLOW_NUMERIC_LOGIN
/* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
for (p = name; *p != '\0'; p++)
if (!isascii(*p) || !isdigit(*p))
break;
if (*p == '\0')
{
if (tTd(29, 4))
sm_dprintf("failed (numeric input)\n");
return EX_NOUSER;
}
#endif /* HESIOD && !HESIOD_ALLOW_NUMERIC_LOGIN */
/* look up this login name using fast path */
status = sm_mbdb_lookup(name, user);
if (status != EX_NOUSER)
{
if (tTd(29, 4))
sm_dprintf("%s (non-fuzzy)\n", sm_strexit(status));
return status;
}
/* try mapping it to lower case */
tryagain = false;
for (p = name; *p != '\0'; p++)
{
if (isascii(*p) && isupper(*p))
{
*p = tolower(*p);
tryagain = true;
}
}
if (tryagain && (status = sm_mbdb_lookup(name, user)) != EX_NOUSER)
{
if (tTd(29, 4))
sm_dprintf("%s (lower case)\n", sm_strexit(status));
*fuzzyp = true;
return status;
}
#if MATCHGECOS
/* see if fuzzy matching allowed */
if (!MatchGecos)
{
if (tTd(29, 4))
sm_dprintf("not found (fuzzy disabled)\n");
return EX_NOUSER;
}
/* search for a matching full name instead */
for (p = name; *p != '\0'; p++)
{
if (*p == (SpaceSub & 0177) || *p == '_')
*p = ' ';
}
(void) setpwent();
while ((pw = getpwent()) != NULL)
{
char buf[MAXNAME + 1];
# if 0
if (sm_strcasecmp(pw->pw_name, name) == 0)
{
if (tTd(29, 4))
sm_dprintf("found (case wrapped)\n");
break;
}
# endif /* 0 */
sm_pwfullname(pw->pw_gecos, pw->pw_name, buf, sizeof(buf));
if (strchr(buf, ' ') != NULL && sm_strcasecmp(buf, name) == 0)
{
if (tTd(29, 4))
sm_dprintf("fuzzy matches %s\n", pw->pw_name);
message("sending to login name %s", pw->pw_name);
break;
}
}
if (pw != NULL)
*fuzzyp = true;
else if (tTd(29, 4))
sm_dprintf("no fuzzy match found\n");
# if DEC_OSF_BROKEN_GETPWENT /* DEC OSF/1 3.2 or earlier */
endpwent();
-# endif /* DEC_OSF_BROKEN_GETPWENT */
+# endif
if (pw == NULL)
return EX_NOUSER;
sm_mbdb_frompw(user, pw);
return EX_OK;
#else /* MATCHGECOS */
if (tTd(29, 4))
sm_dprintf("not found (fuzzy disabled)\n");
return EX_NOUSER;
#endif /* MATCHGECOS */
}
/*
** WRITABLE -- predicate returning if the file is writable.
**
** This routine must duplicate the algorithm in sys/fio.c.
** Unfortunately, we cannot use the access call since we
** won't necessarily be the real uid when we try to
** actually open the file.
**
** Notice that ANY file with ANY execute bit is automatically
** not writable. This is also enforced by mailfile.
**
** Parameters:
** filename -- the file name to check.
** ctladdr -- the controlling address for this file.
** flags -- SFF_* flags to control the function.
**
** Returns:
** true -- if we will be able to write this file.
** false -- if we cannot write this file.
**
** Side Effects:
** none.
*/
bool
writable(filename, ctladdr, flags)
char *filename;
ADDRESS *ctladdr;
long flags;
{
uid_t euid = 0;
gid_t egid = 0;
char *user = NULL;
if (tTd(44, 5))
sm_dprintf("writable(%s, 0x%lx)\n", filename, flags);
/*
** File does exist -- check that it is writable.
*/
if (geteuid() != 0)
{
euid = geteuid();
egid = getegid();
user = NULL;
}
else if (ctladdr != NULL)
{
euid = ctladdr->q_uid;
egid = ctladdr->q_gid;
user = ctladdr->q_user;
}
else if (bitset(SFF_RUNASREALUID, flags))
{
euid = RealUid;
egid = RealGid;
user = RealUserName;
}
else if (FileMailer != NULL && !bitset(SFF_ROOTOK, flags))
{
if (FileMailer->m_uid == NO_UID)
{
euid = DefUid;
user = DefUser;
}
else
{
euid = FileMailer->m_uid;
user = NULL;
}
if (FileMailer->m_gid == NO_GID)
egid = DefGid;
else
egid = FileMailer->m_gid;
}
else
{
euid = egid = 0;
user = NULL;
}
if (!bitset(SFF_ROOTOK, flags))
{
if (euid == 0)
{
euid = DefUid;
user = DefUser;
}
if (egid == 0)
egid = DefGid;
}
if (geteuid() == 0 &&
(ctladdr == NULL || !bitset(QGOODUID, ctladdr->q_flags)))
flags |= SFF_SETUIDOK;
if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail))
flags |= SFF_NOSLINK;
if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail))
flags |= SFF_NOHLINK;
errno = safefile(filename, euid, egid, user, flags, S_IWRITE, NULL);
return errno == 0;
}
/*
** INCLUDE -- handle :include: specification.
**
** Parameters:
** fname -- filename to include.
** forwarding -- if true, we are reading a .forward file.
** if false, it's a :include: file.
** ctladdr -- address template to use to fill in these
** addresses -- effective user/group id are
** the important things.
** sendq -- a pointer to the head of the send queue
** to put these addresses in.
** aliaslevel -- the alias nesting depth.
** e -- the current envelope.
**
** Returns:
** open error status
**
** Side Effects:
** reads the :include: file and sends to everyone
** listed in that file.
**
** Security Note:
** If you have restricted chown (that is, you can't
** give a file away), it is reasonable to allow programs
** and files called from this :include: file to be to be
** run as the owner of the :include: file. This is bogus
** if there is any chance of someone giving away a file.
** We assume that pre-POSIX systems can give away files.
**
** There is an additional restriction that if you
** forward to a :include: file, it will not take on
** the ownership of the :include: file. This may not
** be necessary, but shouldn't hurt.
*/
static jmp_buf CtxIncludeTimeout;
int
include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
char *fname;
bool forwarding;
ADDRESS *ctladdr;
ADDRESS **sendq;
int aliaslevel;
ENVELOPE *e;
{
SM_FILE_T *volatile fp = NULL;
char *oldto = e->e_to;
char *oldfilename = FileName;
int oldlinenumber = LineNumber;
register SM_EVENT *ev = NULL;
int nincludes;
int mode;
volatile bool maxreached = false;
register ADDRESS *ca;
volatile uid_t saveduid;
volatile gid_t savedgid;
volatile uid_t uid;
volatile gid_t gid;
char *volatile user;
int rval = 0;
volatile long sfflags = SFF_REGONLY;
register char *p;
bool safechown = false;
volatile bool safedir = false;
struct stat st;
char buf[MAXLINE];
if (tTd(27, 2))
sm_dprintf("include(%s)\n", fname);
if (tTd(27, 4))
sm_dprintf(" ruid=%ld euid=%ld\n",
(long) getuid(), (long) geteuid());
if (tTd(27, 14))
{
sm_dprintf("ctladdr ");
printaddr(sm_debug_file(), ctladdr, false);
}
if (tTd(27, 9))
sm_dprintf("include: old uid = %ld/%ld\n",
(long) getuid(), (long) geteuid());
if (forwarding)
{
sfflags |= SFF_MUSTOWN|SFF_ROOTOK;
if (!bitnset(DBS_GROUPWRITABLEFORWARDFILE, DontBlameSendmail))
sfflags |= SFF_NOGWFILES;
if (!bitnset(DBS_WORLDWRITABLEFORWARDFILE, DontBlameSendmail))
sfflags |= SFF_NOWWFILES;
}
else
{
if (!bitnset(DBS_GROUPWRITABLEINCLUDEFILE, DontBlameSendmail))
sfflags |= SFF_NOGWFILES;
if (!bitnset(DBS_WORLDWRITABLEINCLUDEFILE, DontBlameSendmail))
sfflags |= SFF_NOWWFILES;
}
/*
** If RunAsUser set, won't be able to run programs as user
** so mark them as unsafe unless the administrator knows better.
*/
if ((geteuid() != 0 || RunAsUid != 0) &&
!bitnset(DBS_NONROOTSAFEADDR, DontBlameSendmail))
{
if (tTd(27, 4))
sm_dprintf("include: not safe (euid=%ld, RunAsUid=%ld)\n",
(long) geteuid(), (long) RunAsUid);
ctladdr->q_flags |= QUNSAFEADDR;
}
ca = getctladdr(ctladdr);
if (ca == NULL ||
(ca->q_uid == DefUid && ca->q_gid == 0))
{
uid = DefUid;
gid = DefGid;
user = DefUser;
}
else
{
uid = ca->q_uid;
gid = ca->q_gid;
user = ca->q_user;
}
#if MAILER_SETUID_METHOD != USE_SETUID
saveduid = geteuid();
savedgid = getegid();
if (saveduid == 0)
{
if (!DontInitGroups)
{
if (initgroups(user, gid) == -1)
{
rval = EAGAIN;
syserr("include: initgroups(%s, %ld) failed",
user, (long) gid);
goto resetuid;
}
}
else
{
GIDSET_T gidset[1];
gidset[0] = gid;
if (setgroups(1, gidset) == -1)
{
rval = EAGAIN;
syserr("include: setgroups() failed");
goto resetuid;
}
}
if (gid != 0 && setgid(gid) < -1)
{
rval = EAGAIN;
syserr("setgid(%ld) failure", (long) gid);
goto resetuid;
}
if (uid != 0)
{
# if MAILER_SETUID_METHOD == USE_SETEUID
if (seteuid(uid) < 0)
{
rval = EAGAIN;
syserr("seteuid(%ld) failure (real=%ld, eff=%ld)",
(long) uid, (long) getuid(), (long) geteuid());
goto resetuid;
}
# endif /* MAILER_SETUID_METHOD == USE_SETEUID */
# if MAILER_SETUID_METHOD == USE_SETREUID
if (setreuid(0, uid) < 0)
{
rval = EAGAIN;
syserr("setreuid(0, %ld) failure (real=%ld, eff=%ld)",
(long) uid, (long) getuid(), (long) geteuid());
goto resetuid;
}
# endif /* MAILER_SETUID_METHOD == USE_SETREUID */
}
}
#endif /* MAILER_SETUID_METHOD != USE_SETUID */
if (tTd(27, 9))
sm_dprintf("include: new uid = %ld/%ld\n",
(long) getuid(), (long) geteuid());
/*
** If home directory is remote mounted but server is down,
** this can hang or give errors; use a timeout to avoid this
*/
if (setjmp(CtxIncludeTimeout) != 0)
{
ctladdr->q_state = QS_QUEUEUP;
errno = 0;
/* return pseudo-error code */
rval = E_SM_OPENTIMEOUT;
goto resetuid;
}
if (TimeOuts.to_fileopen > 0)
ev = sm_setevent(TimeOuts.to_fileopen, includetimeout, 0);
else
ev = NULL;
/* check for writable parent directory */
p = strrchr(fname, '/');
if (p != NULL)
{
int ret;
*p = '\0';
ret = safedirpath(fname, uid, gid, user,
sfflags|SFF_SAFEDIRPATH, 0, 0);
if (ret == 0)
{
/* in safe directory: relax chown & link rules */
safedir = true;
sfflags |= SFF_NOPATHCHECK;
}
else
{
if (bitnset((forwarding ?
DBS_FORWARDFILEINUNSAFEDIRPATH :
DBS_INCLUDEFILEINUNSAFEDIRPATH),
DontBlameSendmail))
sfflags |= SFF_NOPATHCHECK;
else if (bitnset((forwarding ?
DBS_FORWARDFILEINGROUPWRITABLEDIRPATH :
DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH),
DontBlameSendmail) &&
ret == E_SM_GWDIR)
{
setbitn(DBS_GROUPWRITABLEDIRPATHSAFE,
DontBlameSendmail);
ret = safedirpath(fname, uid, gid, user,
sfflags|SFF_SAFEDIRPATH,
0, 0);
clrbitn(DBS_GROUPWRITABLEDIRPATHSAFE,
DontBlameSendmail);
if (ret == 0)
sfflags |= SFF_NOPATHCHECK;
else
sfflags |= SFF_SAFEDIRPATH;
}
else
sfflags |= SFF_SAFEDIRPATH;
if (ret > E_PSEUDOBASE &&
!bitnset((forwarding ?
DBS_FORWARDFILEINUNSAFEDIRPATHSAFE :
DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE),
DontBlameSendmail))
{
if (LogLevel > 11)
sm_syslog(LOG_INFO, e->e_id,
"%s: unsafe directory path, marked unsafe",
shortenstring(fname, MAXSHORTSTR));
ctladdr->q_flags |= QUNSAFEADDR;
}
}
*p = '/';
}
/* allow links only in unwritable directories */
if (!safedir &&
!bitnset((forwarding ?
DBS_LINKEDFORWARDFILEINWRITABLEDIR :
DBS_LINKEDINCLUDEFILEINWRITABLEDIR),
DontBlameSendmail))
sfflags |= SFF_NOLINK;
rval = safefile(fname, uid, gid, user, sfflags, S_IREAD, &st);
if (rval != 0)
{
/* don't use this :include: file */
if (tTd(27, 4))
sm_dprintf("include: not safe (uid=%ld): %s\n",
(long) uid, sm_errstring(rval));
}
else if ((fp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, fname,
SM_IO_RDONLY, NULL)) == NULL)
{
rval = errno;
if (tTd(27, 4))
sm_dprintf("include: open: %s\n", sm_errstring(rval));
}
else if (filechanged(fname, sm_io_getinfo(fp,SM_IO_WHAT_FD, NULL), &st))
{
rval = E_SM_FILECHANGE;
if (tTd(27, 4))
sm_dprintf("include: file changed after open\n");
}
if (ev != NULL)
sm_clrevent(ev);
resetuid:
#if HASSETREUID || USESETEUID
if (saveduid == 0)
{
if (uid != 0)
{
# if USESETEUID
if (seteuid(0) < 0)
syserr("!seteuid(0) failure (real=%ld, eff=%ld)",
(long) getuid(), (long) geteuid());
# else /* USESETEUID */
if (setreuid(-1, 0) < 0)
syserr("!setreuid(-1, 0) failure (real=%ld, eff=%ld)",
(long) getuid(), (long) geteuid());
if (setreuid(RealUid, 0) < 0)
syserr("!setreuid(%ld, 0) failure (real=%ld, eff=%ld)",
(long) RealUid, (long) getuid(),
(long) geteuid());
# endif /* USESETEUID */
}
if (setgid(savedgid) < 0)
syserr("!setgid(%ld) failure (real=%ld eff=%ld)",
(long) savedgid, (long) getgid(),
(long) getegid());
}
#endif /* HASSETREUID || USESETEUID */
if (tTd(27, 9))
sm_dprintf("include: reset uid = %ld/%ld\n",
(long) getuid(), (long) geteuid());
if (rval == E_SM_OPENTIMEOUT)
usrerr("451 4.4.1 open timeout on %s", fname);
if (fp == NULL)
return rval;
if (fstat(sm_io_getinfo(fp, SM_IO_WHAT_FD, NULL), &st) < 0)
{
rval = errno;
syserr("Cannot fstat %s!", fname);
(void) sm_io_close(fp, SM_TIME_DEFAULT);
return rval;
}
/* if path was writable, check to avoid file giveaway tricks */
safechown = chownsafe(sm_io_getinfo(fp, SM_IO_WHAT_FD, NULL), safedir);
if (tTd(27, 6))
sm_dprintf("include: parent of %s is %s, chown is %ssafe\n",
fname, safedir ? "safe" : "dangerous",
safechown ? "" : "un");
/* if no controlling user or coming from an alias delivery */
if (safechown &&
(ca == NULL ||
(ca->q_uid == DefUid && ca->q_gid == 0)))
{
ctladdr->q_uid = st.st_uid;
ctladdr->q_gid = st.st_gid;
ctladdr->q_flags |= QGOODUID;
}
if (ca != NULL && ca->q_uid == st.st_uid)
{
/* optimization -- avoid getpwuid if we already have info */
ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL;
ctladdr->q_ruser = ca->q_ruser;
}
else if (!forwarding)
{
register struct passwd *pw;
pw = sm_getpwuid(st.st_uid);
if (pw == NULL)
{
ctladdr->q_uid = st.st_uid;
ctladdr->q_flags |= QBOGUSSHELL;
}
else
{
char *sh;
ctladdr->q_ruser = sm_rpool_strdup_x(e->e_rpool,
pw->pw_name);
if (safechown)
sh = pw->pw_shell;
else
sh = "/SENDMAIL/ANY/SHELL/";
if (!usershellok(pw->pw_name, sh))
{
if (LogLevel > 11)
sm_syslog(LOG_INFO, e->e_id,
"%s: user %s has bad shell %s, marked %s",
shortenstring(fname,
MAXSHORTSTR),
pw->pw_name, sh,
safechown ? "bogus" : "unsafe");
if (safechown)
ctladdr->q_flags |= QBOGUSSHELL;
else
ctladdr->q_flags |= QUNSAFEADDR;
}
}
}
if (bitset(EF_VRFYONLY, e->e_flags))
{
/* don't do any more now */
ctladdr->q_state = QS_VERIFIED;
e->e_nrcpts++;
(void) sm_io_close(fp, SM_TIME_DEFAULT);
return rval;
}
/*
** Check to see if some bad guy can write this file
**
** Group write checking could be more clever, e.g.,
** guessing as to which groups are actually safe ("sys"
** may be; "user" probably is not).
*/
mode = S_IWOTH;
if (!bitnset((forwarding ?
DBS_GROUPWRITABLEFORWARDFILESAFE :
DBS_GROUPWRITABLEINCLUDEFILESAFE),
DontBlameSendmail))
mode |= S_IWGRP;
if (bitset(mode, st.st_mode))
{
if (tTd(27, 6))
sm_dprintf("include: %s is %s writable, marked unsafe\n",
shortenstring(fname, MAXSHORTSTR),
bitset(S_IWOTH, st.st_mode) ? "world"
: "group");
if (LogLevel > 11)
sm_syslog(LOG_INFO, e->e_id,
"%s: %s writable %s file, marked unsafe",
shortenstring(fname, MAXSHORTSTR),
bitset(S_IWOTH, st.st_mode) ? "world" : "group",
forwarding ? "forward" : ":include:");
ctladdr->q_flags |= QUNSAFEADDR;
}
/* read the file -- each line is a comma-separated list. */
FileName = fname;
LineNumber = 0;
ctladdr->q_flags &= ~QSELFREF;
nincludes = 0;
while (sm_io_fgets(fp, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0 &&
!maxreached)
{
fixcrlf(buf, true);
LineNumber++;
if (buf[0] == '#' || buf[0] == '\0')
continue;
/* <sp>#@# introduces a comment anywhere */
/* for Japanese character sets */
for (p = buf; (p = strchr(++p, '#')) != NULL; )
{
if (p[1] == '@' && p[2] == '#' &&
isascii(p[-1]) && isspace(p[-1]) &&
- (p[3] == '\0' || (isascii(p[3]) && isspace(p[3]))))
+ (p[3] == '\0' || (SM_ISSPACE(p[3]))))
{
--p;
while (p > buf && isascii(p[-1]) &&
isspace(p[-1]))
--p;
p[0] = '\0';
break;
}
}
if (buf[0] == '\0')
continue;
e->e_to = NULL;
message("%s to %s",
forwarding ? "forwarding" : "sending", buf);
if (forwarding && LogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"forward %.200s => %s",
oldto, shortenstring(buf, MAXSHORTSTR));
nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e);
if (forwarding &&
MaxForwardEntries > 0 &&
nincludes >= MaxForwardEntries)
{
/* just stop reading and processing further entries */
#if 0
/* additional: (?) */
ctladdr->q_state = QS_DONTSEND;
#endif /* 0 */
syserr("Attempt to forward to more than %d addresses (in %s)!",
MaxForwardEntries, fname);
maxreached = true;
}
}
if (sm_io_error(fp) && tTd(27, 3))
sm_dprintf("include: read error: %s\n", sm_errstring(errno));
if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags))
{
if (aliaslevel <= MaxAliasRecursion ||
ctladdr->q_state != QS_BADADDR)
{
ctladdr->q_state = QS_DONTSEND;
if (tTd(27, 5))
{
sm_dprintf("include: QS_DONTSEND ");
printaddr(sm_debug_file(), ctladdr, false);
}
}
}
(void) sm_io_close(fp, SM_TIME_DEFAULT);
FileName = oldfilename;
LineNumber = oldlinenumber;
e->e_to = oldto;
return rval;
}
static void
includetimeout(ignore)
int ignore;
{
/*
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
errno = ETIMEDOUT;
longjmp(CtxIncludeTimeout, 1);
}
/*
** SENDTOARGV -- send to an argument vector.
**
** Parameters:
** argv -- argument vector to send to.
** e -- the current envelope.
**
** Returns:
** none.
**
** Side Effects:
** puts all addresses on the argument vector onto the
** send queue.
*/
void
sendtoargv(argv, e)
register char **argv;
register ENVELOPE *e;
{
register char *p;
while ((p = *argv++) != NULL)
(void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e);
}
/*
** GETCTLADDR -- get controlling address from an address header.
**
** If none, get one corresponding to the effective userid.
**
** Parameters:
** a -- the address to find the controller of.
**
** Returns:
** the controlling address.
*/
ADDRESS *
getctladdr(a)
register ADDRESS *a;
{
while (a != NULL && !bitset(QGOODUID, a->q_flags))
a = a->q_alias;
return a;
}
/*
** SELF_REFERENCE -- check to see if an address references itself
**
** The check is done through a chain of aliases. If it is part of
** a loop, break the loop at the "best" address, that is, the one
** that exists as a real user.
**
** This is to handle the case of:
** awc: Andrew.Chang
** Andrew.Chang: awc@mail.server
** which is a problem only on mail.server.
**
** Parameters:
** a -- the address to check.
**
** Returns:
** The address that should be retained.
*/
static ADDRESS *
self_reference(a)
ADDRESS *a;
{
ADDRESS *b; /* top entry in self ref loop */
ADDRESS *c; /* entry that point to a real mail box */
if (tTd(27, 1))
sm_dprintf("self_reference(%s)\n", a->q_paddr);
for (b = a->q_alias; b != NULL; b = b->q_alias)
{
if (sameaddr(a, b))
break;
}
if (b == NULL)
{
if (tTd(27, 1))
sm_dprintf("\t... no self ref\n");
return NULL;
}
/*
** Pick the first address that resolved to a real mail box
** i.e has a mbdb entry. The returned value will be marked
** QSELFREF in recipient(), which in turn will disable alias()
** from marking it as QS_IS_DEAD(), which mean it will be used
** as a deliverable address.
**
** The 2 key thing to note here are:
** 1) we are in a recursive call sequence:
** alias->sendtolist->recipient->alias
** 2) normally, when we return back to alias(), the address
** will be marked QS_EXPANDED, since alias() assumes the
** expanded form will be used instead of the current address.
** This behaviour is turned off if the address is marked
** QSELFREF. We set QSELFREF when we return to recipient().
*/
c = a;
while (c != NULL)
{
if (tTd(27, 10))
sm_dprintf(" %s", c->q_user);
if (bitnset(M_HASPWENT, c->q_mailer->m_flags))
{
SM_MBDB_T user;
if (tTd(27, 2))
sm_dprintf("\t... getpwnam(%s)... ", c->q_user);
if (sm_mbdb_lookup(c->q_user, &user) == EX_OK)
{
if (tTd(27, 2))
sm_dprintf("found\n");
/* ought to cache results here */
if (sameaddr(b, c))
return b;
else
return c;
}
if (tTd(27, 2))
sm_dprintf("failed\n");
}
else
{
/* if local delivery, compare usernames */
if (bitnset(M_LOCALMAILER, c->q_mailer->m_flags) &&
b->q_mailer == c->q_mailer)
{
if (tTd(27, 2))
sm_dprintf("\t... local match (%s)\n",
c->q_user);
if (sameaddr(b, c))
return b;
else
return c;
}
}
if (tTd(27, 10))
sm_dprintf("\n");
c = c->q_alias;
}
if (tTd(27, 1))
sm_dprintf("\t... cannot break loop for \"%s\"\n", a->q_paddr);
return NULL;
}
diff --git a/src/sasl.c b/src/sasl.c
index bd2d908a11ad..71575f8dd1af 100644
--- a/src/sasl.c
+++ b/src/sasl.c
@@ -1,293 +1,293 @@
/*
* Copyright (c) 2001-2002 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: sasl.c,v 8.24 2013-11-22 20:51:56 ca Exp $")
#if SASL
# include <stdlib.h>
# include <sendmail.h>
# include <errno.h>
/*
** In order to ensure that storage leaks are tracked, and to prevent
** conflicts between the sm_heap package and sasl, we tell sasl to
** use the following heap allocation functions. Unfortunately,
** older sasl packages incorrectly specifies the size of a block
** using unsigned long: for portability, it should be size_t.
*/
# if defined(SASL_VERSION_FULL) && SASL_VERSION_FULL >= 0x02011a
# define SM_SASL_SIZE_T size_t
-# else /* defined(SASL_VERSION_FULL) && SASL_VERSION_FULL >= 0x02011a */
+# else
# define SM_SASL_SIZE_T unsigned long
-# endif /* defined(SASL_VERSION_FULL) && SASL_VERSION_FULL >= 0x02011a */
+# endif
void *sm_sasl_malloc __P((SM_SASL_SIZE_T));
static void *sm_sasl_calloc __P((SM_SASL_SIZE_T, SM_SASL_SIZE_T));
static void *sm_sasl_realloc __P((void *, SM_SASL_SIZE_T));
void sm_sasl_free __P((void *));
/*
** SASLv1:
** We can't use an rpool for Cyrus-SASL memory management routines,
** since the encryption/decryption routines in Cyrus-SASL
** allocate/deallocate a buffer each time. Since rpool
** don't release memory until the very end, memory consumption is
** proportional to the size of an e-mail, which is unacceptable.
*/
/*
** SM_SASL_MALLOC -- malloc() for SASL
**
** Parameters:
** size -- size of requested memory.
**
** Returns:
** pointer to memory.
*/
void *
sm_sasl_malloc(size)
SM_SASL_SIZE_T size;
{
return sm_malloc((size_t) size);
}
/*
** SM_SASL_CALLOC -- calloc() for SASL
**
** Parameters:
** nelem -- number of elements.
** elemsize -- size of each element.
**
** Returns:
** pointer to memory.
**
** Notice:
** this isn't currently used by SASL.
*/
static void *
sm_sasl_calloc(nelem, elemsize)
SM_SASL_SIZE_T nelem;
SM_SASL_SIZE_T elemsize;
{
size_t size;
void *p;
size = (size_t) nelem * (size_t) elemsize;
p = sm_malloc(size);
if (p == NULL)
return NULL;
memset(p, '\0', size);
return p;
}
/*
** SM_SASL_REALLOC -- realloc() for SASL
**
** Parameters:
** p -- pointer to old memory.
** size -- size of requested memory.
**
** Returns:
** pointer to new memory.
*/
static void *
sm_sasl_realloc(o, size)
void *o;
SM_SASL_SIZE_T size;
{
return sm_realloc(o, (size_t) size);
}
/*
** SM_SASL_FREE -- free() for SASL
**
** Parameters:
** p -- pointer to free.
**
** Returns:
** none
*/
void
sm_sasl_free(p)
void *p;
{
sm_free(p);
}
/*
** SM_SASL_INIT -- sendmail specific SASL initialization
**
** Parameters:
** none.
**
** Returns:
** none
**
** Side Effects:
** installs memory management routines for SASL.
*/
void
sm_sasl_init()
{
sasl_set_alloc(sm_sasl_malloc, sm_sasl_calloc,
sm_sasl_realloc, sm_sasl_free);
}
/*
** INTERSECT -- create the intersection between two lists
**
** Parameters:
** s1, s2 -- lists of items (separated by single blanks).
** rpool -- resource pool from which result is allocated.
**
** Returns:
** the intersection of both lists.
*/
char *
intersect(s1, s2, rpool)
char *s1, *s2;
SM_RPOOL_T *rpool;
{
char *hr, *h1, *h, *res;
int l1, l2, rl;
if (s1 == NULL || s2 == NULL) /* NULL string(s) -> NULL result */
return NULL;
l1 = strlen(s1);
l2 = strlen(s2);
rl = SM_MIN(l1, l2);
res = (char *) sm_rpool_malloc(rpool, rl + 1);
if (res == NULL)
return NULL;
*res = '\0';
if (rl == 0) /* at least one string empty? */
return res;
hr = res;
h1 = s1;
h = s1;
/* walk through s1 */
while (h != NULL && *h1 != '\0')
{
/* is there something after the current word? */
if ((h = strchr(h1, ' ')) != NULL)
*h = '\0';
l1 = strlen(h1);
/* does the current word appear in s2 ? */
if (iteminlist(h1, s2, " ") != NULL)
{
/* add a blank if not first item */
if (hr != res)
*hr++ = ' ';
/* copy the item */
memcpy(hr, h1, l1);
/* advance pointer in result list */
hr += l1;
*hr = '\0';
}
if (h != NULL)
{
/* there are more items */
*h = ' ';
h1 = h + 1;
}
}
return res;
}
# if SASL >= 20000
/*
** IPTOSTRING -- create string for SASL_IP*PORT property
** (borrowed from lib/iptostring.c in Cyrus-IMAP)
**
** Parameters:
** addr -- (pointer to) socket address
** addrlen -- length of socket address
** out -- output string (result)
** outlen -- maximum length of output string
**
** Returns:
** true iff successful.
**
** Side Effects:
** creates output string if successful.
** sets errno if unsuccessful.
*/
# include <arpa/inet.h>
# ifndef NI_MAXHOST
# define NI_MAXHOST 1025
# endif
# ifndef NI_MAXSERV
# define NI_MAXSERV 32
# endif
bool
iptostring(addr, addrlen, out, outlen)
SOCKADDR *addr;
SOCKADDR_LEN_T addrlen;
char *out;
unsigned outlen;
{
char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
# if NETINET6
int niflags;
-# endif /* NETINET6 */
+# endif
if (addr == NULL || out == NULL)
{
errno = EINVAL;
return false;
}
# if NETINET6
niflags = (NI_NUMERICHOST | NI_NUMERICSERV);
# ifdef NI_WITHSCOPEID
if (addr->sa.sa_family == AF_INET6)
niflags |= NI_WITHSCOPEID;
-# endif /* NI_WITHSCOPEID */
+# endif
if (getnameinfo((struct sockaddr *) addr, addrlen,
hbuf, sizeof(hbuf), pbuf, sizeof(pbuf), niflags) != 0)
return false;
# else /* NETINET6 */
if (addr->sa.sa_family != AF_INET)
{
errno = EINVAL;
return false;
}
if (sm_strlcpy(hbuf, inet_ntoa(addr->sin.sin_addr), sizeof(hbuf))
>= sizeof(hbuf))
{
errno = ENOMEM;
return false;
}
sm_snprintf(pbuf, sizeof(pbuf), "%d", ntohs(addr->sin.sin_port));
# endif /* NETINET6 */
if (outlen < strlen(hbuf) + strlen(pbuf) + 2)
{
errno = ENOMEM;
return false;
}
sm_snprintf(out, outlen, "%s;%s", hbuf, pbuf);
return true;
}
# endif /* SASL >= 20000 */
#endif /* SASL */
diff --git a/src/savemail.c b/src/savemail.c
index 6de8f2f1957e..945bcd702e51 100644
--- a/src/savemail.c
+++ b/src/savemail.c
@@ -1,1827 +1,1902 @@
/*
* Copyright (c) 1998-2003, 2006, 2012, 2013 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: savemail.c,v 8.319 2013-11-22 20:51:56 ca Exp $")
static bool errbody __P((MCI *, ENVELOPE *, char *));
static bool pruneroute __P((char *));
/*
** SAVEMAIL -- Save mail on error
**
** If mailing back errors, mail it back to the originator
** together with an error message; otherwise, just put it in
** dead.letter in the user's home directory (if he exists on
** this machine).
**
** Parameters:
** e -- the envelope containing the message in error.
** sendbody -- if true, also send back the body of the
** message; otherwise just send the header.
**
** Returns:
** true if savemail panic'ed, (i.e., the data file should
** be preserved by dropenvelope())
**
** Side Effects:
** Saves the letter, by writing or mailing it back to the
** sender, or by putting it in dead.letter in her home
** directory.
*/
/* defines for state machine */
#define ESM_REPORT 0 /* report to sender's terminal */
#define ESM_MAIL 1 /* mail back to sender */
#define ESM_QUIET 2 /* mail has already been returned */
#define ESM_DEADLETTER 3 /* save in ~/dead.letter */
#define ESM_POSTMASTER 4 /* return to postmaster */
#define ESM_DEADLETTERDROP 5 /* save in DeadLetterDrop */
#define ESM_PANIC 6 /* call loseqfile() */
#define ESM_DONE 7 /* message is successfully delivered */
bool
savemail(e, sendbody)
register ENVELOPE *e;
bool sendbody;
{
register SM_FILE_T *fp;
bool panic = false;
int state;
auto ADDRESS *q = NULL;
register char *p;
MCI mcibuf;
int flags;
long sff;
char buf[MAXLINE + 1];
char dlbuf[MAXPATHLEN];
SM_MBDB_T user;
if (tTd(6, 1))
{
sm_dprintf("\nsavemail, errormode = %c, id = %s, ExitStat = %d\n e_from=",
e->e_errormode, e->e_id == NULL ? "NONE" : e->e_id,
ExitStat);
printaddr(sm_debug_file(), &e->e_from, false);
}
if (e->e_id == NULL)
{
/* can't return a message with no id */
return panic;
}
/*
** In the unhappy event we don't know who to return the mail
** to, make someone up.
*/
if (e->e_from.q_paddr == NULL)
{
e->e_sender = "Postmaster";
if (parseaddr(e->e_sender, &e->e_from,
RF_COPYPARSE|RF_SENDERADDR,
'\0', NULL, e, false) == NULL)
{
syserr("553 5.3.5 Cannot parse Postmaster!");
finis(true, true, EX_SOFTWARE);
}
}
e->e_to = NULL;
/*
** Basic state machine.
**
** This machine runs through the following states:
**
** ESM_QUIET Errors have already been printed iff the
** sender is local.
** ESM_REPORT Report directly to the sender's terminal.
** ESM_MAIL Mail response to the sender.
** ESM_DEADLETTER Save response in ~/dead.letter.
** ESM_POSTMASTER Mail response to the postmaster.
** ESM_DEADLETTERDROP
** If DeadLetterDrop set, save it there.
** ESM_PANIC Save response anywhere possible.
*/
/* determine starting state */
switch (e->e_errormode)
{
case EM_WRITE:
state = ESM_REPORT;
break;
case EM_BERKNET:
case EM_MAIL:
state = ESM_MAIL;
break;
case EM_PRINT:
case '\0':
state = ESM_QUIET;
break;
case EM_QUIET:
/* no need to return anything at all */
return panic;
default:
syserr("554 5.3.0 savemail: bogus errormode x%x",
e->e_errormode);
state = ESM_MAIL;
break;
}
/* if this is already an error response, send to postmaster */
if (bitset(EF_RESPONSE, e->e_flags))
{
if (e->e_parent != NULL &&
bitset(EF_RESPONSE, e->e_parent->e_flags))
{
/* got an error sending a response -- can it */
return panic;
}
state = ESM_POSTMASTER;
}
while (state != ESM_DONE)
{
if (tTd(6, 5))
sm_dprintf(" state %d\n", state);
switch (state)
{
case ESM_QUIET:
if (bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags))
state = ESM_DEADLETTER;
else
state = ESM_MAIL;
break;
case ESM_REPORT:
/*
** If the user is still logged in on the same terminal,
** then write the error messages back to hir (sic).
*/
#if USE_TTYPATH
p = ttypath();
-#else /* USE_TTYPATH */
+#else
p = NULL;
-#endif /* USE_TTYPATH */
+#endif
if (p == NULL || sm_io_reopen(SmFtStdio,
SM_TIME_DEFAULT,
p, SM_IO_WRONLY, NULL,
smioout) == NULL)
{
state = ESM_MAIL;
break;
}
expand("\201n", buf, sizeof(buf), e);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"\r\nMessage from %s...\r\n", buf);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Errors occurred while sending mail.\r\n");
if (e->e_xfp != NULL)
{
(void) bfrewind(e->e_xfp);
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Transcript follows:\r\n");
while (sm_io_fgets(e->e_xfp, SM_TIME_DEFAULT,
buf, sizeof(buf)) >= 0 &&
!sm_io_error(smioout))
(void) sm_io_fputs(smioout,
SM_TIME_DEFAULT,
buf);
}
else
{
syserr("Cannot open %s",
queuename(e, XSCRPT_LETTER));
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Transcript of session is unavailable.\r\n");
}
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Original message will be saved in dead.letter.\r\n");
state = ESM_DEADLETTER;
break;
case ESM_MAIL:
/*
** If mailing back, do it.
** Throw away all further output. Don't alias,
** since this could cause loops, e.g., if joe
** mails to joe@x, and for some reason the network
** for @x is down, then the response gets sent to
** joe@x, which gives a response, etc. Also force
** the mail to be delivered even if a version of
** it has already been sent to the sender.
**
** If this is a configuration or local software
** error, send to the local postmaster as well,
** since the originator can't do anything
** about it anyway. Note that this is a full
** copy of the message (intentionally) so that
** the Postmaster can forward things along.
*/
if (ExitStat == EX_CONFIG || ExitStat == EX_SOFTWARE)
{
(void) sendtolist("postmaster", NULLADDR,
&e->e_errorqueue, 0, e);
}
if (!emptyaddr(&e->e_from))
{
char from[TOBUFSIZE];
if (sm_strlcpy(from, e->e_from.q_paddr,
sizeof(from)) >= sizeof(from))
{
state = ESM_POSTMASTER;
break;
}
if (!DontPruneRoutes)
(void) pruneroute(from);
(void) sendtolist(from, NULLADDR,
&e->e_errorqueue, 0, e);
}
/*
** Deliver a non-delivery report to the
** Postmaster-designate (not necessarily
** Postmaster). This does not include the
** body of the message, for privacy reasons.
** You really shouldn't need this.
*/
e->e_flags |= EF_PM_NOTIFY;
/* check to see if there are any good addresses */
for (q = e->e_errorqueue; q != NULL; q = q->q_next)
{
if (QS_IS_SENDABLE(q->q_state))
break;
}
if (q == NULL)
{
/* this is an error-error */
state = ESM_POSTMASTER;
break;
}
if (returntosender(e->e_message, e->e_errorqueue,
sendbody ? RTSF_SEND_BODY
: RTSF_NO_BODY,
e) == 0)
{
state = ESM_DONE;
break;
}
/* didn't work -- return to postmaster */
state = ESM_POSTMASTER;
break;
case ESM_POSTMASTER:
/*
** Similar to previous case, but to system postmaster.
*/
q = NULL;
expand(DoubleBounceAddr, buf, sizeof(buf), e);
/*
** Just drop it on the floor if DoubleBounceAddr
** expands to an empty string.
*/
if (*buf == '\0')
{
state = ESM_DONE;
break;
}
if (sendtolist(buf, NULLADDR, &q, 0, e) <= 0)
{
syserr("553 5.3.0 cannot parse %s!", buf);
ExitStat = EX_SOFTWARE;
state = ESM_DEADLETTERDROP;
break;
}
flags = RTSF_PM_BOUNCE;
if (sendbody)
flags |= RTSF_SEND_BODY;
if (returntosender(e->e_message, q, flags, e) == 0)
{
state = ESM_DONE;
break;
}
/* didn't work -- last resort */
state = ESM_DEADLETTERDROP;
break;
case ESM_DEADLETTER:
/*
** Save the message in dead.letter.
** If we weren't mailing back, and the user is
** local, we should save the message in
** ~/dead.letter so that the poor person doesn't
** have to type it over again -- and we all know
** what poor typists UNIX users are.
*/
p = NULL;
if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags))
{
if (e->e_from.q_home != NULL)
p = e->e_from.q_home;
else if (sm_mbdb_lookup(e->e_from.q_user, &user)
== EX_OK &&
*user.mbdb_homedir != '\0')
p = user.mbdb_homedir;
}
if (p == NULL || e->e_dfp == NULL)
{
/* no local directory or no data file */
state = ESM_MAIL;
break;
}
/* we have a home directory; write dead.letter */
macdefine(&e->e_macro, A_TEMP, 'z', p);
/* get the sender for the UnixFromLine */
p = macvalue('g', e);
macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
expand("\201z/dead.letter", dlbuf, sizeof(dlbuf), e);
sff = SFF_CREAT|SFF_REGONLY|SFF_RUNASREALUID;
if (RealUid == 0)
sff |= SFF_ROOTOK;
e->e_to = dlbuf;
if (writable(dlbuf, NULL, sff) &&
mailfile(dlbuf, FileMailer, NULL, sff, e) == EX_OK)
{
int oldverb = Verbose;
if (OpMode != MD_DAEMON && OpMode != MD_SMTP)
Verbose = 1;
if (Verbose > 0)
message("Saved message in %s", dlbuf);
Verbose = oldverb;
macdefine(&e->e_macro, A_PERM, 'g', p);
state = ESM_DONE;
break;
}
macdefine(&e->e_macro, A_PERM, 'g', p);
state = ESM_MAIL;
break;
case ESM_DEADLETTERDROP:
/*
** Log the mail in DeadLetterDrop file.
*/
if (e->e_class < 0)
{
state = ESM_DONE;
break;
}
if ((SafeFileEnv != NULL && SafeFileEnv[0] != '\0') ||
DeadLetterDrop == NULL ||
DeadLetterDrop[0] == '\0')
{
state = ESM_PANIC;
break;
}
sff = SFF_CREAT|SFF_REGONLY|SFF_ROOTOK|SFF_OPENASROOT|SFF_MUSTOWN;
if (!writable(DeadLetterDrop, NULL, sff) ||
(fp = safefopen(DeadLetterDrop, O_WRONLY|O_APPEND,
FileMode, sff)) == NULL)
{
state = ESM_PANIC;
break;
}
memset(&mcibuf, '\0', sizeof(mcibuf));
mcibuf.mci_out = fp;
mcibuf.mci_mailer = FileMailer;
if (bitnset(M_7BITS, FileMailer->m_flags))
mcibuf.mci_flags |= MCIF_7BIT;
/* get the sender for the UnixFromLine */
p = macvalue('g', e);
macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
if (!putfromline(&mcibuf, e) ||
!(*e->e_puthdr)(&mcibuf, e->e_header, e,
M87F_OUTER) ||
!(*e->e_putbody)(&mcibuf, e, NULL) ||
!putline("\n", &mcibuf) ||
sm_io_flush(fp, SM_TIME_DEFAULT) == SM_IO_EOF ||
sm_io_error(fp) ||
sm_io_close(fp, SM_TIME_DEFAULT) < 0)
state = ESM_PANIC;
else
{
int oldverb = Verbose;
if (OpMode != MD_DAEMON && OpMode != MD_SMTP)
Verbose = 1;
if (Verbose > 0)
message("Saved message in %s",
DeadLetterDrop);
Verbose = oldverb;
if (LogLevel > 3)
sm_syslog(LOG_NOTICE, e->e_id,
"Saved message in %s",
DeadLetterDrop);
state = ESM_DONE;
}
macdefine(&e->e_macro, A_PERM, 'g', p);
break;
default:
syserr("554 5.3.5 savemail: unknown state %d", state);
/* FALLTHROUGH */
case ESM_PANIC:
/* leave the locked queue & transcript files around */
loseqfile(e, "savemail panic");
panic = true;
errno = 0;
syserr("554 savemail: cannot save rejected email anywhere");
state = ESM_DONE;
break;
}
}
return panic;
}
/*
** RETURNTOSENDER -- return a message to the sender with an error.
**
** Parameters:
** msg -- the explanatory message.
** returnq -- the queue of people to send the message to.
** flags -- flags tweaking the operation:
** RTSF_SENDBODY -- include body of message (otherwise
** just send the header).
** RTSF_PMBOUNCE -- this is a postmaster bounce.
** e -- the current envelope.
**
** Returns:
** zero -- if everything went ok.
** else -- some error.
**
** Side Effects:
** Returns the current message to the sender via mail.
*/
#define MAXRETURNS 6 /* max depth of returning messages */
#define ERRORFUDGE 1024 /* nominal size of error message text */
int
returntosender(msg, returnq, flags, e)
char *msg;
ADDRESS *returnq;
int flags;
register ENVELOPE *e;
{
int ret;
register ENVELOPE *ee;
ENVELOPE *oldcur = CurEnv;
ENVELOPE errenvelope;
static int returndepth = 0;
register ADDRESS *q;
char *p;
char buf[MAXNAME + 1];
if (returnq == NULL)
return -1;
if (msg == NULL)
msg = "Unable to deliver mail";
if (tTd(6, 1))
{
sm_dprintf("\n*** Return To Sender: msg=\"%s\", depth=%d, e=%p, returnq=",
- msg, returndepth, e);
+ msg, returndepth, (void *)e);
printaddr(sm_debug_file(), returnq, true);
if (tTd(6, 20))
{
sm_dprintf("Sendq=");
printaddr(sm_debug_file(), e->e_sendqueue, true);
}
}
if (++returndepth >= MAXRETURNS)
{
if (returndepth != MAXRETURNS)
syserr("554 5.3.0 returntosender: infinite recursion on %s",
returnq->q_paddr);
/* don't "unrecurse" and fake a clean exit */
/* returndepth--; */
return 0;
}
macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
macdefine(&e->e_macro, A_PERM, 'u', NULL);
/* initialize error envelope */
ee = newenvelope(&errenvelope, e, sm_rpool_new_x(NULL));
macdefine(&ee->e_macro, A_PERM, 'a', "\201b");
macdefine(&ee->e_macro, A_PERM, 'r', "");
macdefine(&ee->e_macro, A_PERM, 's', "localhost");
macdefine(&ee->e_macro, A_PERM, '_', "localhost");
clrsessenvelope(ee);
ee->e_puthdr = putheader;
ee->e_putbody = errbody;
ee->e_flags |= EF_RESPONSE|EF_METOO;
if (!bitset(EF_OLDSTYLE, e->e_flags))
ee->e_flags &= ~EF_OLDSTYLE;
if (bitset(EF_DONT_MIME, e->e_flags))
{
ee->e_flags |= EF_DONT_MIME;
/*
** If we can't convert to MIME and we don't pass
** 8-bit, we can't send the body.
*/
if (bitset(EF_HAS8BIT, e->e_flags) &&
!bitset(MM_PASS8BIT, MimeMode))
flags &= ~RTSF_SEND_BODY;
}
ee->e_sendqueue = returnq;
ee->e_msgsize = 0;
if (bitset(RTSF_SEND_BODY, flags) &&
!bitset(PRIV_NOBODYRETN, PrivacyFlags))
ee->e_msgsize = ERRORFUDGE + e->e_msgsize;
else
ee->e_flags |= EF_NO_BODY_RETN;
#if _FFR_BOUNCE_QUEUE
if (BounceQueue != NOQGRP)
ee->e_qgrp = ee->e_dfqgrp = BounceQueue;
-#endif /* _FFR_BOUNCE_QUEUE */
+#endif
if (!setnewqueue(ee))
{
syserr("554 5.3.0 returntosender: cannot select queue for %s",
returnq->q_paddr);
ExitStat = EX_UNAVAILABLE;
returndepth--;
return -1;
}
initsys(ee);
#if NAMED_BIND
_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
-#endif /* NAMED_BIND */
+#endif
for (q = returnq; q != NULL; q = q->q_next)
{
if (QS_IS_BADADDR(q->q_state))
continue;
q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
q->q_flags |= QPINGONFAILURE;
if (!QS_IS_DEAD(q->q_state))
ee->e_nrcpts++;
if (q->q_alias == NULL)
addheader("To", q->q_paddr, 0, ee, true);
}
if (LogLevel > 5)
{
if (bitset(EF_RESPONSE, e->e_flags))
p = "return to sender";
else if (bitset(EF_WARNING, e->e_flags))
p = "sender notify";
else if (bitset(RTSF_PM_BOUNCE, flags))
p = "postmaster notify";
else
p = "DSN";
sm_syslog(LOG_INFO, e->e_id, "%s: %s: %s",
ee->e_id, p, shortenstring(msg, MAXSHORTSTR));
}
if (SendMIMEErrors)
{
addheader("MIME-Version", "1.0", 0, ee, true);
(void) sm_snprintf(buf, sizeof(buf), "%s.%ld/%.100s",
ee->e_id, (long)curtime(), MyHostName);
ee->e_msgboundary = sm_rpool_strdup_x(ee->e_rpool, buf);
(void) sm_snprintf(buf, sizeof(buf),
#if DSN
"multipart/report; report-type=delivery-status;\n\tboundary=\"%s\"",
-#else /* DSN */
+#else
"multipart/mixed; boundary=\"%s\"",
-#endif /* DSN */
+#endif
ee->e_msgboundary);
addheader("Content-Type", buf, 0, ee, true);
p = hvalue("Content-Transfer-Encoding", e->e_header);
if (p != NULL && sm_strcasecmp(p, "binary") != 0)
p = NULL;
if (p == NULL && bitset(EF_HAS8BIT, e->e_flags))
p = "8bit";
if (p != NULL)
addheader("Content-Transfer-Encoding", p, 0, ee, true);
}
if (strncmp(msg, "Warning:", 8) == 0)
{
addheader("Subject", msg, 0, ee, true);
p = "warning-timeout";
}
else if (strncmp(msg, "Postmaster warning:", 19) == 0)
{
addheader("Subject", msg, 0, ee, true);
p = "postmaster-warning";
}
else if (strcmp(msg, "Return receipt") == 0)
{
addheader("Subject", msg, 0, ee, true);
p = "return-receipt";
}
else if (bitset(RTSF_PM_BOUNCE, flags))
{
(void) sm_snprintf(buf, sizeof(buf),
"Postmaster notify: see transcript for details");
addheader("Subject", buf, 0, ee, true);
p = "postmaster-notification";
}
else
{
(void) sm_snprintf(buf, sizeof(buf),
"Returned mail: see transcript for details");
addheader("Subject", buf, 0, ee, true);
p = "failure";
}
(void) sm_snprintf(buf, sizeof(buf), "auto-generated (%s)", p);
addheader("Auto-Submitted", buf, 0, ee, true);
/* fake up an address header for the from person */
expand("\201n", buf, sizeof(buf), e);
if (parseaddr(buf, &ee->e_from,
RF_COPYALL|RF_SENDERADDR, '\0', NULL, e, false) == NULL)
{
syserr("553 5.3.5 Can't parse myself!");
ExitStat = EX_SOFTWARE;
returndepth--;
return -1;
}
ee->e_from.q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
ee->e_from.q_flags |= QPINGONFAILURE;
ee->e_sender = ee->e_from.q_paddr;
/* push state into submessage */
CurEnv = ee;
macdefine(&ee->e_macro, A_PERM, 'f', "\201n");
macdefine(&ee->e_macro, A_PERM, 'x', "Mail Delivery Subsystem");
eatheader(ee, true, true);
/* mark statistics */
markstats(ee, NULLADDR, STATS_NORMAL);
#if _FFR_BOUNCE_QUEUE
if (BounceQueue == NOQGRP)
{
#endif
/* actually deliver the error message */
sendall(ee, SM_DELIVER);
#if _FFR_BOUNCE_QUEUE
}
#endif
(void) dropenvelope(ee, true, false);
/* check for delivery errors */
ret = -1;
if (ee->e_parent == NULL ||
!bitset(EF_RESPONSE, ee->e_parent->e_flags))
{
ret = 0;
}
else
{
for (q = ee->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_ATTEMPTED(q->q_state))
{
ret = 0;
break;
}
}
}
/* restore state */
sm_rpool_free(ee->e_rpool);
CurEnv = oldcur;
returndepth--;
return ret;
}
+
+/*
+** DSNTYPENAME -- Returns the DSN name of the addrtype for this address
+**
+** Sendmail's addrtypes are largely in different universes, and
+** 'fred' may be a valid address in different addrtype
+** universes.
+**
+** EAI extends the rfc822 universe rather than introduce a new
+** universe. Because of that, sendmail uses the rfc822 addrtype,
+** but names it utf-8 when the EAI DSN extension requires that.
+**
+** Parameters:
+** addrtype -- address type
+** addr -- the address
+**
+** Returns:
+** type for DSN
+**
+*/
+
+static const char *dsntypename __P((const char *, const char *));
+
+static const char *
+dsntypename(addrtype, addr)
+ const char *addrtype;
+ const char *addr;
+{
+ if (sm_strcasecmp(addrtype, "rfc822") != 0)
+ return addrtype;
+#if _FFR_EAI
+ if (!addr_is_ascii(addr))
+ return "utf-8";
+#endif
+ return "rfc822";
+}
+
+
/*
** ERRBODY -- output the body of an error message.
**
** Typically this is a copy of the transcript plus a copy of the
** original offending message.
**
** Parameters:
** mci -- the mailer connection information.
** e -- the envelope we are working in.
** separator -- any possible MIME separator (unused).
**
** Returns:
** true iff body was written successfully
**
** Side Effects:
** Outputs the body of an error message.
*/
/* ARGSUSED2 */
static bool
errbody(mci, e, separator)
register MCI *mci;
register ENVELOPE *e;
char *separator;
{
bool printheader;
bool sendbody;
bool pm_notify;
int save_errno;
register SM_FILE_T *xfile;
char *p;
register ADDRESS *q = NULL;
char actual[MAXLINE];
char buf[MAXLINE];
if (bitset(MCIF_INHEADER, mci->mci_flags))
{
if (!putline("", mci))
goto writeerr;
mci->mci_flags &= ~MCIF_INHEADER;
}
if (e->e_parent == NULL)
{
syserr("errbody: null parent");
if (!putline(" ----- Original message lost -----\n", mci))
goto writeerr;
return true;
}
/*
** Output MIME header.
*/
if (e->e_msgboundary != NULL)
{
(void) sm_strlcpyn(buf, sizeof(buf), 2, "--", e->e_msgboundary);
if (!putline("This is a MIME-encapsulated message", mci) ||
!putline("", mci) ||
!putline(buf, mci) ||
!putline("", mci))
goto writeerr;
}
/*
** Output introductory information.
*/
pm_notify = false;
p = hvalue("subject", e->e_header);
if (p != NULL && strncmp(p, "Postmaster ", 11) == 0)
pm_notify = true;
else
{
for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_BADADDR(q->q_state))
break;
}
}
if (!pm_notify && q == NULL &&
!bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags))
{
if (!putline(" **********************************************",
mci) ||
!putline(" ** THIS IS A WARNING MESSAGE ONLY **",
mci) ||
!putline(" ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **",
mci) ||
!putline(" **********************************************",
mci) ||
!putline("", mci))
goto writeerr;
}
(void) sm_snprintf(buf, sizeof(buf),
"The original message was received at %s",
arpadate(ctime(&e->e_parent->e_ctime)));
if (!putline(buf, mci))
goto writeerr;
expand("from \201_", buf, sizeof(buf), e->e_parent);
if (!putline(buf, mci))
goto writeerr;
/* include id in postmaster copies */
if (pm_notify && e->e_parent->e_id != NULL)
{
(void) sm_strlcpyn(buf, sizeof(buf), 2, "with id ",
e->e_parent->e_id);
if (!putline(buf, mci))
goto writeerr;
}
if (!putline("", mci))
goto writeerr;
/*
** Output error message header (if specified and available).
*/
if (ErrMsgFile != NULL &&
!bitset(EF_SENDRECEIPT, e->e_parent->e_flags))
{
if (*ErrMsgFile == '/')
{
long sff = SFF_ROOTOK|SFF_REGONLY;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
if (!bitnset(DBS_ERRORHEADERINUNSAFEDIRPATH,
DontBlameSendmail))
sff |= SFF_SAFEDIRPATH;
xfile = safefopen(ErrMsgFile, O_RDONLY, 0444, sff);
if (xfile != NULL)
{
while (sm_io_fgets(xfile, SM_TIME_DEFAULT, buf,
sizeof(buf)) >= 0)
{
int lbs;
bool putok;
char *lbp;
lbs = sizeof(buf);
lbp = translate_dollars(buf, buf, &lbs);
expand(lbp, lbp, lbs, e);
putok = putline(lbp, mci);
if (lbp != buf)
sm_free(lbp);
if (!putok)
goto writeerr;
}
(void) sm_io_close(xfile, SM_TIME_DEFAULT);
if (!putline("\n", mci))
goto writeerr;
}
}
else
{
expand(ErrMsgFile, buf, sizeof(buf), e);
if (!putline(buf, mci) || !putline("", mci))
goto writeerr;
}
}
/*
** Output message introduction
*/
/* permanent fatal errors */
printheader = true;
for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
{
if (!QS_IS_BADADDR(q->q_state) ||
!bitset(QPINGONFAILURE, q->q_flags))
continue;
if (printheader)
{
if (!putline(" ----- The following addresses had permanent fatal errors -----",
mci))
goto writeerr;
printheader = false;
}
(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
sizeof(buf));
if (!putline(buf, mci))
goto writeerr;
if (q->q_rstatus != NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
" (reason: %s)",
shortenstring(exitstat(q->q_rstatus),
MAXSHORTSTR));
if (!putline(buf, mci))
goto writeerr;
}
if (q->q_alias != NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
" (expanded from: %s)",
shortenstring(q->q_alias->q_paddr,
MAXSHORTSTR));
if (!putline(buf, mci))
goto writeerr;
}
}
if (!printheader && !putline("", mci))
goto writeerr;
/* transient non-fatal errors */
printheader = true;
for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_BADADDR(q->q_state) ||
!bitset(QPRIMARY, q->q_flags) ||
!bitset(QBYNDELAY, q->q_flags) ||
!bitset(QDELAYED, q->q_flags))
continue;
if (printheader)
{
if (!putline(" ----- The following addresses had transient non-fatal errors -----",
mci))
goto writeerr;
printheader = false;
}
(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
sizeof(buf));
if (!putline(buf, mci))
goto writeerr;
if (q->q_alias != NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
" (expanded from: %s)",
shortenstring(q->q_alias->q_paddr,
MAXSHORTSTR));
if (!putline(buf, mci))
goto writeerr;
}
}
if (!printheader && !putline("", mci))
goto writeerr;
/* successful delivery notifications */
printheader = true;
for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
{
if (QS_IS_BADADDR(q->q_state) ||
!bitset(QPRIMARY, q->q_flags) ||
bitset(QBYNDELAY, q->q_flags) ||
bitset(QDELAYED, q->q_flags))
continue;
else if (bitset(QBYNRELAY, q->q_flags))
p = "Deliver-By notify: relayed";
else if (bitset(QBYTRACE, q->q_flags))
p = "Deliver-By trace: relayed";
else if (!bitset(QPINGONSUCCESS, q->q_flags))
continue;
else if (bitset(QRELAYED, q->q_flags))
p = "relayed to non-DSN-aware mailer";
else if (bitset(QDELIVERED, q->q_flags))
{
if (bitset(QEXPANDED, q->q_flags))
p = "successfully delivered to mailing list";
else
p = "successfully delivered to mailbox";
}
else if (bitset(QEXPANDED, q->q_flags))
p = "expanded by alias";
else
continue;
if (printheader)
{
if (!putline(" ----- The following addresses had successful delivery notifications -----",
mci))
goto writeerr;
printheader = false;
}
(void) sm_snprintf(buf, sizeof(buf), "%s (%s)",
shortenstring(q->q_paddr, MAXSHORTSTR), p);
if (!putline(buf, mci))
goto writeerr;
if (q->q_alias != NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
" (expanded from: %s)",
shortenstring(q->q_alias->q_paddr,
MAXSHORTSTR));
if (!putline(buf, mci))
goto writeerr;
}
}
if (!printheader && !putline("", mci))
goto writeerr;
/*
** Output transcript of errors
*/
(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
if (e->e_parent->e_xfp == NULL)
{
if (!putline(" ----- Transcript of session is unavailable -----\n",
mci))
goto writeerr;
}
else
{
int blen;
printheader = true;
(void) bfrewind(e->e_parent->e_xfp);
if (e->e_xfp != NULL)
(void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);
while ((blen = sm_io_fgets(e->e_parent->e_xfp, SM_TIME_DEFAULT,
buf, sizeof(buf))) >= 0)
{
if (printheader && !putline(" ----- Transcript of session follows -----\n",
mci))
goto writeerr;
printheader = false;
if (!putxline(buf, blen, mci, PXLF_MAPFROM))
goto writeerr;
}
}
errno = 0;
#if DSN
/*
** Output machine-readable version.
*/
if (e->e_msgboundary != NULL)
{
(void) sm_strlcpyn(buf, sizeof(buf), 2, "--", e->e_msgboundary);
if (!putline("", mci) ||
!putline(buf, mci) ||
+#if _FFR_EAI
+ !putline(e->e_parent->e_smtputf8
+ ? "Content-Type: message/global-delivery-status"
+ : "Content-Type: message/delivery-status", mci) ||
+#else
!putline("Content-Type: message/delivery-status", mci) ||
+#endif
!putline("", mci))
goto writeerr;
/*
** Output per-message information.
*/
/* original envelope id from MAIL FROM: line */
if (e->e_parent->e_envid != NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
"Original-Envelope-Id: %.800s",
xuntextify(e->e_parent->e_envid));
if (!putline(buf, mci))
goto writeerr;
}
/* Reporting-MTA: is us (required) */
(void) sm_snprintf(buf, sizeof(buf),
"Reporting-MTA: dns; %.800s", MyHostName);
if (!putline(buf, mci))
goto writeerr;
/* DSN-Gateway: not relevant since we are not translating */
/* Received-From-MTA: shows where we got this message from */
if (RealHostName != NULL)
{
/* XXX use $s for type? */
if (e->e_parent->e_from.q_mailer == NULL ||
(p = e->e_parent->e_from.q_mailer->m_mtatype) == NULL)
p = "dns";
(void) sm_snprintf(buf, sizeof(buf),
"Received-From-MTA: %s; %.800s",
p, RealHostName);
if (!putline(buf, mci))
goto writeerr;
}
/* Arrival-Date: -- when it arrived here */
(void) sm_strlcpyn(buf, sizeof(buf), 2, "Arrival-Date: ",
arpadate(ctime(&e->e_parent->e_ctime)));
if (!putline(buf, mci))
goto writeerr;
/* Deliver-By-Date: -- when it should have been delivered */
if (IS_DLVR_BY(e->e_parent))
{
time_t dbyd;
dbyd = e->e_parent->e_ctime + e->e_parent->e_deliver_by;
(void) sm_strlcpyn(buf, sizeof(buf), 2,
"Deliver-By-Date: ",
arpadate(ctime(&dbyd)));
if (!putline(buf, mci))
goto writeerr;
}
/*
** Output per-address information.
*/
for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
{
char *action;
if (QS_IS_BADADDR(q->q_state))
{
/* RFC 1891, 6.2.6 (b) */
if (bitset(QHASNOTIFY, q->q_flags) &&
!bitset(QPINGONFAILURE, q->q_flags))
continue;
action = "failed";
}
else if (!bitset(QPRIMARY, q->q_flags))
continue;
else if (bitset(QDELIVERED, q->q_flags))
{
if (bitset(QEXPANDED, q->q_flags))
action = "delivered (to mailing list)";
else
action = "delivered (to mailbox)";
}
else if (bitset(QRELAYED, q->q_flags))
action = "relayed (to non-DSN-aware mailer)";
else if (bitset(QEXPANDED, q->q_flags))
action = "expanded (to multi-recipient alias)";
else if (bitset(QDELAYED, q->q_flags))
action = "delayed";
else if (bitset(QBYTRACE, q->q_flags))
action = "relayed (Deliver-By trace mode)";
else if (bitset(QBYNDELAY, q->q_flags))
action = "delayed (Deliver-By notify mode)";
else if (bitset(QBYNRELAY, q->q_flags))
action = "relayed (Deliver-By notify mode)";
else
continue;
if (!putline("", mci))
goto writeerr;
/* Original-Recipient: -- passed from on high */
if (q->q_orcpt != NULL)
{
p = strchr(q->q_orcpt, ';');
/*
** p == NULL shouldn't happen due to
** check in srvrsmtp.c
** we could log an error in this case.
*/
if (p != NULL)
{
*p = '\0';
(void) sm_snprintf(buf, sizeof(buf),
"Original-Recipient: %.100s;%.700s",
q->q_orcpt, xuntextify(p + 1));
*p = ';';
if (!putline(buf, mci))
goto writeerr;
}
}
/* Figure out actual recipient */
actual[0] = '\0';
if (q->q_user[0] != '\0')
{
if (q->q_mailer != NULL &&
q->q_mailer->m_addrtype != NULL)
p = q->q_mailer->m_addrtype;
else
p = "rfc822";
if (sm_strcasecmp(p, "rfc822") == 0 &&
strchr(q->q_user, '@') == NULL)
{
(void) sm_snprintf(actual,
sizeof(actual),
"%s; %.700s@%.100s",
- p, q->q_user,
+ dsntypename(p, q->q_user),
+ q->q_user,
MyHostName);
}
else
{
(void) sm_snprintf(actual,
sizeof(actual),
"%s; %.800s",
- p, q->q_user);
+ dsntypename(p, q->q_user),
+ q->q_user);
}
}
/* Final-Recipient: -- the name from the RCPT command */
if (q->q_finalrcpt == NULL)
{
/* should never happen */
sm_syslog(LOG_ERR, e->e_id,
"returntosender: q_finalrcpt is NULL");
/* try to fall back to the actual recipient */
if (actual[0] != '\0')
q->q_finalrcpt = sm_rpool_strdup_x(e->e_rpool,
actual);
}
+#if _FFR_EAI
+ if (sm_strncasecmp("rfc822;", q->q_finalrcpt, 7) == 0 &&
+ !addr_is_ascii(q->q_user))
+ {
+ char *a;
+ char utf8rcpt[1024];
+
+ a = strchr(q->q_finalrcpt, ';');
+ while(*a == ';' || *a == ' ')
+ a++;
+ sm_snprintf(utf8rcpt, sizeof(utf8rcpt),
+ "utf-8; %.800s", a);
+ q->q_finalrcpt = sm_rpool_strdup_x(e->e_rpool,
+ utf8rcpt);
+ }
+#endif
+
if (q->q_finalrcpt != NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
"Final-Recipient: %s",
q->q_finalrcpt);
if (!putline(buf, mci))
goto writeerr;
}
/* X-Actual-Recipient: -- the real problem address */
if (actual[0] != '\0' &&
q->q_finalrcpt != NULL &&
!bitset(PRIV_NOACTUALRECIPIENT, PrivacyFlags) &&
strcmp(actual, q->q_finalrcpt) != 0)
{
(void) sm_snprintf(buf, sizeof(buf),
"X-Actual-Recipient: %s",
actual);
if (!putline(buf, mci))
goto writeerr;
}
/* Action: -- what happened? */
(void) sm_strlcpyn(buf, sizeof(buf), 2, "Action: ",
action);
if (!putline(buf, mci))
goto writeerr;
/* Status: -- what _really_ happened? */
if (q->q_status != NULL)
p = q->q_status;
else if (QS_IS_BADADDR(q->q_state))
p = "5.0.0";
else if (QS_IS_QUEUEUP(q->q_state))
p = "4.0.0";
else
p = "2.0.0";
(void) sm_strlcpyn(buf, sizeof(buf), 2, "Status: ", p);
if (!putline(buf, mci))
goto writeerr;
/* Remote-MTA: -- who was I talking to? */
if (q->q_statmta != NULL)
{
if (q->q_mailer == NULL ||
(p = q->q_mailer->m_mtatype) == NULL)
p = "dns";
(void) sm_snprintf(buf, sizeof(buf),
"Remote-MTA: %s; %.800s",
p, q->q_statmta);
p = &buf[strlen(buf) - 1];
if (*p == '.')
*p = '\0';
if (!putline(buf, mci))
goto writeerr;
}
/* Diagnostic-Code: -- actual result from other end */
if (q->q_rstatus != NULL)
{
if (q->q_mailer == NULL ||
(p = q->q_mailer->m_diagtype) == NULL)
p = "smtp";
(void) sm_snprintf(buf, sizeof(buf),
"Diagnostic-Code: %s; %.800s",
p, q->q_rstatus);
if (!putline(buf, mci))
goto writeerr;
}
/* Last-Attempt-Date: -- fine granularity */
if (q->q_statdate == (time_t) 0L)
q->q_statdate = curtime();
(void) sm_strlcpyn(buf, sizeof(buf), 2,
"Last-Attempt-Date: ",
arpadate(ctime(&q->q_statdate)));
if (!putline(buf, mci))
goto writeerr;
/* Will-Retry-Until: -- for delayed messages only */
if (QS_IS_QUEUEUP(q->q_state))
{
time_t xdate;
xdate = e->e_parent->e_ctime +
TimeOuts.to_q_return[e->e_parent->e_timeoutclass];
(void) sm_strlcpyn(buf, sizeof(buf), 2,
"Will-Retry-Until: ",
arpadate(ctime(&xdate)));
if (!putline(buf, mci))
goto writeerr;
}
}
}
#endif /* DSN */
/*
** Output text of original message
*/
if (!putline("", mci))
goto writeerr;
if (bitset(EF_HAS_DF, e->e_parent->e_flags))
{
sendbody = !bitset(EF_NO_BODY_RETN, e->e_parent->e_flags) &&
!bitset(EF_NO_BODY_RETN, e->e_flags);
if (e->e_msgboundary == NULL)
{
if (!putline(
sendbody
? " ----- Original message follows -----\n"
: " ----- Message header follows -----\n",
mci))
{
goto writeerr;
}
}
else
{
(void) sm_strlcpyn(buf, sizeof(buf), 2, "--",
e->e_msgboundary);
if (!putline(buf, mci))
goto writeerr;
+#if _FFR_EAI
+ if (e->e_parent->e_smtputf8)
+ (void) sm_strlcpyn(buf, sizeof(buf), 2,
+ "Content-Type: message/global",
+ sendbody ? "" : "-headers");
+ else
+ (void) sm_strlcpyn(buf, sizeof(buf), 2,
+ "Content-Type: ",
+ sendbody ? "message/rfc822"
+ : "text/rfc822-headers");
+#else /* _FFR_EAI */
(void) sm_strlcpyn(buf, sizeof(buf), 2, "Content-Type: ",
sendbody ? "message/rfc822"
: "text/rfc822-headers");
+#endif /* _FFR_EAI */
if (!putline(buf, mci))
goto writeerr;
p = hvalue("Content-Transfer-Encoding",
e->e_parent->e_header);
if (p != NULL && sm_strcasecmp(p, "binary") != 0)
p = NULL;
if (p == NULL &&
bitset(EF_HAS8BIT, e->e_parent->e_flags))
p = "8bit";
if (p != NULL)
{
(void) sm_snprintf(buf, sizeof(buf),
"Content-Transfer-Encoding: %s",
p);
if (!putline(buf, mci))
goto writeerr;
}
}
if (!putline("", mci))
goto writeerr;
save_errno = errno;
if (!putheader(mci, e->e_parent->e_header, e->e_parent,
M87F_OUTER))
goto writeerr;
errno = save_errno;
if (sendbody)
{
if (!putbody(mci, e->e_parent, e->e_msgboundary))
goto writeerr;
}
else if (e->e_msgboundary == NULL)
{
if (!putline("", mci) ||
!putline(" ----- Message body suppressed -----",
mci))
{
goto writeerr;
}
}
}
else if (e->e_msgboundary == NULL)
{
if (!putline(" ----- No message was collected -----\n", mci))
goto writeerr;
}
if (e->e_msgboundary != NULL)
{
(void) sm_strlcpyn(buf, sizeof(buf), 3, "--", e->e_msgboundary,
"--");
if (!putline("", mci) || !putline(buf, mci))
goto writeerr;
}
if (!putline("", mci) ||
sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF)
goto writeerr;
/*
** Cleanup and exit
*/
if (errno != 0)
{
writeerr:
syserr("errbody: I/O error");
return false;
}
return true;
}
/*
** SMTPTODSN -- convert SMTP to DSN status code
**
** Parameters:
** smtpstat -- the smtp status code (e.g., 550).
**
** Returns:
** The DSN version of the status code.
**
** Storage Management:
** smtptodsn() returns a pointer to a character string literal,
** which will remain valid forever, and thus does not need to
** be copied. Current code relies on this property.
*/
char *
smtptodsn(smtpstat)
int smtpstat;
{
if (smtpstat < 0)
return "4.4.2";
switch (smtpstat)
{
case 450: /* Req mail action not taken: mailbox unavailable */
return "4.2.0";
case 451: /* Req action aborted: local error in processing */
return "4.3.0";
case 452: /* Req action not taken: insufficient sys storage */
return "4.3.1";
case 500: /* Syntax error, command unrecognized */
return "5.5.2";
case 501: /* Syntax error in parameters or arguments */
return "5.5.4";
case 502: /* Command not implemented */
return "5.5.1";
case 503: /* Bad sequence of commands */
return "5.5.1";
case 504: /* Command parameter not implemented */
return "5.5.4";
case 550: /* Req mail action not taken: mailbox unavailable */
return "5.2.0";
case 551: /* User not local; please try <...> */
return "5.1.6";
case 552: /* Req mail action aborted: exceeded storage alloc */
return "5.2.2";
case 553: /* Req action not taken: mailbox name not allowed */
return "5.1.0";
case 554: /* Transaction failed */
return "5.0.0";
}
if (REPLYTYPE(smtpstat) == 2)
return "2.0.0";
if (REPLYTYPE(smtpstat) == 4)
return "4.0.0";
return "5.0.0";
}
/*
** XTEXTIFY -- take regular text and turn it into DSN-style xtext
**
** Parameters:
** t -- the text to convert.
** taboo -- additional characters that must be encoded.
**
** Returns:
** The xtext-ified version of the same string.
*/
char *
xtextify(t, taboo)
register char *t;
char *taboo;
{
register char *p;
int l;
int nbogus;
static char *bp = NULL;
static int bplen = 0;
if (taboo == NULL)
taboo = "";
/* figure out how long this xtext will have to be */
nbogus = l = 0;
for (p = t; *p != '\0'; p++)
{
register int c = (*p & 0xff);
/* ASCII dependence here -- this is the way the spec words it */
if (c < '!' || c > '~' || c == '+' || c == '\\' || c == '(' ||
strchr(taboo, c) != NULL)
nbogus++;
l++;
}
if (nbogus < 0)
{
/* since nbogus is ssize_t and wrapped, 2 * size_t would wrap */
syserr("!xtextify string too long");
}
if (nbogus == 0)
return t;
l += nbogus * 2 + 1;
/* now allocate space if necessary for the new string */
if (l > bplen)
{
if (bp != NULL)
sm_free(bp); /* XXX */
bp = sm_pmalloc_x(l);
bplen = l;
}
/* ok, copy the text with byte expansion */
for (p = bp; *t != '\0'; )
{
register int c = (*t++ & 0xff);
/* ASCII dependence here -- this is the way the spec words it */
if (c < '!' || c > '~' || c == '+' || c == '\\' || c == '(' ||
strchr(taboo, c) != NULL)
{
*p++ = '+';
*p++ = "0123456789ABCDEF"[c >> 4];
*p++ = "0123456789ABCDEF"[c & 0xf];
}
else
*p++ = c;
}
*p = '\0';
return bp;
}
/*
** XUNTEXTIFY -- take xtext and turn it into plain text
**
** Parameters:
** t -- the xtextified text.
**
** Returns:
** The decoded text. No attempt is made to deal with
** null strings in the resulting text.
*/
char *
xuntextify(t)
register char *t;
{
register char *p;
int l;
static char *bp = NULL;
static int bplen = 0;
/* heuristic -- if no plus sign, just return the input */
if (strchr(t, '+') == NULL)
return t;
/* xtext is always longer than decoded text */
l = strlen(t);
if (l > bplen)
{
if (bp != NULL)
sm_free(bp); /* XXX */
bp = xalloc(l);
bplen = l;
}
/* ok, copy the text with byte compression */
for (p = bp; *t != '\0'; t++)
{
register int c = *t & 0xff;
if (c != '+')
{
*p++ = c;
continue;
}
c = *++t & 0xff;
if (!isascii(c) || !isxdigit(c))
{
/* error -- first digit is not hex */
usrerr("bogus xtext: +%c", c);
t--;
continue;
}
if (isdigit(c))
c -= '0';
else if (isupper(c))
c -= 'A' - 10;
else
c -= 'a' - 10;
*p = c << 4;
c = *++t & 0xff;
if (!isascii(c) || !isxdigit(c))
{
/* error -- second digit is not hex */
usrerr("bogus xtext: +%x%c", *p >> 4, c);
t--;
continue;
}
if (isdigit(c))
c -= '0';
else if (isupper(c))
c -= 'A' - 10;
else
c -= 'a' - 10;
*p++ |= c;
}
*p = '\0';
return bp;
}
/*
** XTEXTOK -- check if a string is legal xtext
**
** Xtext is used in Delivery Status Notifications. The spec was
** taken from RFC 1891, ``SMTP Service Extension for Delivery
** Status Notifications''.
**
** Parameters:
** s -- the string to check.
**
** Returns:
** true -- if 's' is legal xtext.
** false -- if it has any illegal characters in it.
*/
bool
xtextok(s)
char *s;
{
int c;
while ((c = *s++) != '\0')
{
if (c == '+')
{
c = *s++;
if (!isascii(c) || !isxdigit(c))
return false;
c = *s++;
if (!isascii(c) || !isxdigit(c))
return false;
}
else if (c < '!' || c > '~' || c == '=')
return false;
}
return true;
}
/*
** ISATOM -- check if a string is an "atom"
**
** Parameters:
** s -- the string to check.
**
** Returns:
** true -- iff s is an atom
*/
bool
isatom(s)
const char *s;
{
int c;
if (s == NULL || *s == '\0')
return false;
while ((c = *s++) != '\0')
{
if (strchr("()<>@,;:\\.[]\"", c) != NULL)
return false;
if (c < '!' || c > '~')
return false;
}
return true;
}
/*
** PRUNEROUTE -- prune an RFC-822 source route
**
** Trims down a source route to the last internet-registered hop.
** This is encouraged by RFC 1123 section 5.3.3.
**
** Parameters:
** addr -- the address
**
** Returns:
** true -- address was modified
** false -- address could not be pruned
**
** Side Effects:
** modifies addr in-place
*/
static bool
pruneroute(addr)
char *addr;
{
#if NAMED_BIND
char *start, *at, *comma;
char c;
int braclev;
int rcode;
int i;
char hostbuf[BUFSIZ];
char *mxhosts[MAXMXHOSTS + 1];
/* check to see if this is really a route-addr */
if (*addr != '<' || addr[1] != '@' || addr[strlen(addr) - 1] != '>')
return false;
/*
** Can't simply find the first ':' is the address might be in the
** form: "<@[IPv6:::1]:user@host>" and the first ':' in inside
** the IPv6 address.
*/
start = addr;
braclev = 0;
while (*start != '\0')
{
if (*start == ':' && braclev <= 0)
break;
else if (*start == '[')
braclev++;
else if (*start == ']' && braclev > 0)
braclev--;
start++;
}
if (braclev > 0 || *start != ':')
return false;
at = strrchr(addr, '@');
if (at == NULL || at < start)
return false;
/* slice off the angle brackets */
i = strlen(at + 1);
if (i >= sizeof(hostbuf))
return false;
(void) sm_strlcpy(hostbuf, at + 1, sizeof(hostbuf));
hostbuf[i - 1] = '\0';
while (start != NULL)
{
- if (getmxrr(hostbuf, mxhosts, NULL, false,
- &rcode, true, NULL) > 0)
+ if (getmxrr(hostbuf, mxhosts, NULL, TRYFALLBACK, &rcode, NULL, -1)
+ > 0)
{
(void) sm_strlcpy(addr + 1, start + 1,
strlen(addr) - 1);
return true;
}
c = *start;
*start = '\0';
comma = strrchr(addr, ',');
if (comma != NULL && comma[1] == '@' &&
strlen(comma + 2) < sizeof(hostbuf))
(void) sm_strlcpy(hostbuf, comma + 2, sizeof(hostbuf));
else
comma = NULL;
*start = c;
start = comma;
}
#endif /* NAMED_BIND */
return false;
}
diff --git a/src/sendmail.0 b/src/sendmail.0
index 515d5f7bd0b9..60ab1cd02314 100644
--- a/src/sendmail.0
+++ b/src/sendmail.0
@@ -1,471 +1,471 @@
SENDMAIL(8) SENDMAIL(8)
-NNAAMMEE
+NAME
sendmail - an electronic mail transport agent
-SSYYNNOOPPSSIISS
- sseennddmmaaiill [_f_l_a_g_s] [_a_d_d_r_e_s_s _._._.]
- nneewwaalliiaasseess
- mmaaiillqq [--vv]
- hhoossttssttaatt
- ppuurrggeessttaatt
- ssmmttppdd
-
-DDEESSCCRRIIPPTTIIOONN
- SSeennddmmaaiill sends a message to one or more _r_e_c_i_p_i_e_n_t_s_, routing the message
- over whatever networks are necessary. SSeennddmmaaiill does internetwork for-
+SYNOPSIS
+ sendmail [flags] [address ...]
+ newaliases
+ mailq [-v]
+ hoststat
+ purgestat
+ smtpd
+
+DESCRIPTION
+ Sendmail sends a message to one or more recipients, routing the message
+ over whatever networks are necessary. Sendmail does internetwork for-
warding as necessary to deliver the message to the correct place.
- SSeennddmmaaiill is not intended as a user interface routine; other programs
- provide user-friendly front ends; sseennddmmaaiill is used only to deliver pre-
+ Sendmail is not intended as a user interface routine; other programs
+ provide user-friendly front ends; sendmail is used only to deliver pre-
formatted messages.
- With no flags, sseennddmmaaiill reads its standard input up to an end-of-file
+ With no flags, sendmail reads its standard input up to an end-of-file
or a line consisting only of a single dot and sends a copy of the mes-
sage found there to all of the addresses listed. It determines the
network(s) to use based on the syntax and contents of the addresses.
Local addresses are looked up in a file and aliased appropriately.
Aliasing can be prevented by preceding the address with a backslash.
Beginning with 8.10, the sender is included in any alias expansions,
e.g., if `john' sends to `group', and `group' includes `john' in the
expansion, then the letter will also be delivered to `john'.
- PPaarraammeetteerrss
- --AAcc Use submit.cf even if the operation mode does not indicate an
+ Parameters
+ -Ac Use submit.cf even if the operation mode does not indicate an
initial mail submission.
- --AAmm Use sendmail.cf even if the operation mode indicates an initial
+ -Am Use sendmail.cf even if the operation mode indicates an initial
mail submission.
- --BB_t_y_p_e Set the body type to _t_y_p_e. Current legal values are 7BIT or
+ -Btype Set the body type to type. Current legal values are 7BIT or
8BITMIME.
- --bbaa Go into ARPANET mode. All input lines must end with a CR-LF,
+ -ba Go into ARPANET mode. All input lines must end with a CR-LF,
and all messages will be generated with a CR-LF at the end.
Also, the ``From:'' and ``Sender:'' fields are examined for the
name of the sender.
- --bbCC Check the configuration file.
+ -bC Check the configuration file.
- --bbdd Run as a daemon. SSeennddmmaaiill will fork and run in background lis-
+ -bd Run as a daemon. Sendmail will fork and run in background lis-
tening on socket 25 for incoming SMTP connections. This is nor-
mally run from /etc/rc.
- --bbDD Same as --bbdd except runs in foreground.
+ -bD Same as -bd except runs in foreground.
- --bbhh Print the persistent host status database.
+ -bh Print the persistent host status database.
- --bbHH Purge expired entries from the persistent host status database.
+ -bH Purge expired entries from the persistent host status database.
- --bbii Initialize the alias database.
+ -bi Initialize the alias database.
- --bbmm Deliver mail in the usual way (default).
+ -bm Deliver mail in the usual way (default).
- --bbpp Print a listing of the queue(s).
+ -bp Print a listing of the queue(s).
- --bbPP Print number of entries in the queue(s); only available with
+ -bP Print number of entries in the queue(s); only available with
shared memory support.
- --bbss Use the SMTP protocol as described in RFC821 on standard input
- and output. This flag implies all the operations of the --bbaa
+ -bs Use the SMTP protocol as described in RFC821 on standard input
+ and output. This flag implies all the operations of the -ba
flag that are compatible with SMTP.
- --bbtt Run in address test mode. This mode reads addresses and shows
+ -bt Run in address test mode. This mode reads addresses and shows
the steps in parsing; it is used for debugging configuration
tables.
- --bbvv Verify names only - do not try to collect or deliver a message.
+ -bv Verify names only - do not try to collect or deliver a message.
Verify mode is normally used for validating users or mailing
lists.
- --CC_f_i_l_e Use alternate configuration file. SSeennddmmaaiill gives up any
+ -Cfile Use alternate configuration file. Sendmail gives up any
enhanced (set-user-ID or set-group-ID) privileges if an alter-
nate configuration file is specified.
- --DD _l_o_g_f_i_l_e
+ -D logfile
Send debugging output to the indicated log file instead of std-
out.
- --dd_c_a_t_e_g_o_r_y.._l_e_v_e_l_._._.
- Set the debugging flag for _c_a_t_e_g_o_r_y to _l_e_v_e_l. _C_a_t_e_g_o_r_y is
- either an integer or a name specifying the topic, and _l_e_v_e_l an
+ -dcategory.level...
+ Set the debugging flag for category to level. Category is
+ either an integer or a name specifying the topic, and level an
integer specifying the level of debugging output desired.
Higher levels generally mean more output. More than one flag
can be specified by separating them with commas. A list of
numeric debugging categories can be found in the TRACEFLAGS file
in the sendmail source distribution.
- The option --dd00..11 prints the version of sseennddmmaaiill and the options
+ The option -d0.1 prints the version of sendmail and the options
it was compiled with.
Most other categories are only useful with, and documented in,
- sseennddmmaaiill's source code.
+ sendmail's source code.
- --FF_f_u_l_l_n_a_m_e
+ -Ffullname
Set the full name of the sender.
- --ff_n_a_m_e Sets the name of the ``from'' person (i.e., the envelope sender
+ -fname Sets the name of the ``from'' person (i.e., the envelope sender
of the mail). This address may also be used in the From: header
if that header is missing during initial submission. The enve-
lope sender address is used as the recipient for delivery status
- notifications and may also appear in a Return-Path: header. --ff
- should only be used by ``trusted'' users (normally _r_o_o_t, _d_a_e_m_o_n,
- and _n_e_t_w_o_r_k) or if the person you are trying to become is the
+ notifications and may also appear in a Return-Path: header. -f
+ should only be used by ``trusted'' users (normally root, daemon,
+ and network) or if the person you are trying to become is the
same as the person you are. Otherwise, an X-Authentication-
Warning header will be added to the message.
- --GG Relay (gateway) submission of a message, e.g., when rrmmaaiill calls
- sseennddmmaaiill ..
+ -G Relay (gateway) submission of a message, e.g., when rmail calls
+ sendmail .
- --hh_N Set the hop count to _N. The hop count is incremented every time
+ -hN Set the hop count to N. The hop count is incremented every time
the mail is processed. When it reaches a limit, the mail is
returned with an error message, the victim of an aliasing loop.
If not specified, ``Received:'' lines in the message are
counted.
- --ii Do not strip a leading dot from lines in incoming messages, and
+ -i Do not strip a leading dot from lines in incoming messages, and
do not treat a dot on a line by itself as the end of an incoming
message. This should be set if you are reading data from a
file.
- --LL _t_a_g Set the identifier used in syslog messages to the supplied _t_a_g.
+ -L tag Set the identifier used in syslog messages to the supplied tag.
- --NN _d_s_n Set delivery status notification conditions to _d_s_n, which can be
+ -N dsn Set delivery status notification conditions to dsn, which can be
`never' for no notifications or a comma separated list of the
values `failure' to be notified if delivery failed, `delay' to
be notified if delivery is delayed, and `success' to be notified
when the message is successfully delivered.
- --nn Don't do aliasing.
+ -n Don't do aliasing.
- --OO _o_p_t_i_o_n=_v_a_l_u_e
- Set option _o_p_t_i_o_n to the specified _v_a_l_u_e. This form uses long
+ -O option=value
+ Set option option to the specified value. This form uses long
names. See below for more details.
- --oo_x _v_a_l_u_e
- Set option _x to the specified _v_a_l_u_e. This form uses single
+ -ox value
+ Set option x to the specified value. This form uses single
character names only. The short names are not described in this
- manual page; see the _S_e_n_d_m_a_i_l _I_n_s_t_a_l_l_a_t_i_o_n _a_n_d _O_p_e_r_a_t_i_o_n _G_u_i_d_e
+ manual page; see the Sendmail Installation and Operation Guide
for details.
- --pp_p_r_o_t_o_c_o_l
+ -pprotocol
Set the name of the protocol used to receive the message. This
can be a simple protocol name such as ``UUCP'' or a protocol and
hostname, such as ``UUCP:ucbvax''.
- --qq[_t_i_m_e]
- Process saved messages in the queue at given intervals. If _t_i_m_e
- is omitted, process the queue once. _T_i_m_e is given as a tagged
+ -q[time]
+ Process saved messages in the queue at given intervals. If time
+ is omitted, process the queue once. Time is given as a tagged
number, with `s' being seconds, `m' being minutes (default), `h'
being hours, `d' being days, and `w' being weeks. For example,
`-q1h30m' or `-q90m' would both set the timeout to one hour
- thirty minutes. By default, sseennddmmaaiill will run in the back-
- ground. This option can be used safely with --bbdd.
+ thirty minutes. By default, sendmail will run in the back-
+ ground. This option can be used safely with -bd.
- --qqpp[_t_i_m_e]
- Similar to --qq_t_i_m_e, except that instead of periodically forking a
+ -qp[time]
+ Similar to -qtime, except that instead of periodically forking a
child to process the queue, sendmail forks a single persistent
child for each queue that alternates between processing the
queue and sleeping. The sleep time is given as the argument; it
defaults to 1 second. The process will always sleep at least 5
seconds if the queue was empty in the previous queue run.
- --qqf Process saved messages in the queue once and do not fork(), but
+ -qf Process saved messages in the queue once and do not fork(), but
run in the foreground.
- --qqG_n_a_m_e
- Process jobs in queue group called _n_a_m_e only.
+ -qGname
+ Process jobs in queue group called name only.
- --qq[_!]I_s_u_b_s_t_r
- Limit processed jobs to those containing _s_u_b_s_t_r as a substring
- of the queue id or not when _! is specified.
+ -q[!]Isubstr
+ Limit processed jobs to those containing substr as a substring
+ of the queue id or not when ! is specified.
- --qq[_!]Q_s_u_b_s_t_r
- Limit processed jobs to quarantined jobs containing _s_u_b_s_t_r as a
- substring of the quarantine reason or not when _! is specified.
+ -q[!]Qsubstr
+ Limit processed jobs to quarantined jobs containing substr as a
+ substring of the quarantine reason or not when ! is specified.
- --qq[_!]R_s_u_b_s_t_r
- Limit processed jobs to those containing _s_u_b_s_t_r as a substring
- of one of the recipients or not when _! is specified.
+ -q[!]Rsubstr
+ Limit processed jobs to those containing substr as a substring
+ of one of the recipients or not when ! is specified.
- --qq[_!]S_s_u_b_s_t_r
- Limit processed jobs to those containing _s_u_b_s_t_r as a substring
- of the sender or not when _! is specified.
+ -q[!]Ssubstr
+ Limit processed jobs to those containing substr as a substring
+ of the sender or not when ! is specified.
- --QQ[reason]
+ -Q[reason]
Quarantine a normal queue items with the given reason or unquar-
antine quarantined queue items if no reason is given. This
should only be used with some sort of item matching using as
described above.
- --RR _r_e_t_u_r_n
+ -R return
Set the amount of the message to be returned if the message
- bounces. The _r_e_t_u_r_n parameter can be `full' to return the
+ bounces. The return parameter can be `full' to return the
entire message or `hdrs' to return only the headers. In the
latter case also local bounces return only the headers.
- --rr_n_a_m_e An alternate and obsolete form of the --ff flag.
+ -rname An alternate and obsolete form of the -f flag.
- --tt Read message for recipients. To:, Cc:, and Bcc: lines will be
+ -t Read message for recipients. To:, Cc:, and Bcc: lines will be
scanned for recipient addresses. The Bcc: line will be deleted
before transmission.
- --VV _e_n_v_i_d
+ -V envid
Set the original envelope id. This is propagated across SMTP to
servers that support DSNs and is returned in DSN-compliant error
messages.
- --vv Go into verbose mode. Alias expansions will be announced, etc.
+ -v Go into verbose mode. Alias expansions will be announced, etc.
- --XX _l_o_g_f_i_l_e
+ -X logfile
Log all traffic in and out of mailers in the indicated log file.
This should only be used as a last resort for debugging mailer
bugs. It will log a lot of data very quickly.
- ---- Stop processing command flags and use the rest of the arguments
+ -- Stop processing command flags and use the rest of the arguments
as addresses.
- OOppttiioonnss
+ Options
There are also a number of processing options that may be set. Nor-
mally these will only be used by a system administrator. Options may
- be set either on the command line using the --oo flag (for short names),
- the --OO flag (for long names), or in the configuration file. This is a
+ be set either on the command line using the -o flag (for short names),
+ the -O flag (for long names), or in the configuration file. This is a
partial list limited to those options that are likely to be useful on
the command line and only shows the long names; for a complete list
- (and details), consult the _S_e_n_d_m_a_i_l _I_n_s_t_a_l_l_a_t_i_o_n _a_n_d _O_p_e_r_a_t_i_o_n _G_u_i_d_e.
+ (and details), consult the Sendmail Installation and Operation Guide.
The options are:
- AliasFile=_f_i_l_e
+ AliasFile=file
Use alternate alias file.
HoldExpensive
On mailers that are considered ``expensive'' to connect to,
don't initiate immediate connection. This requires queueing.
- CheckpointInterval=_N
- Checkpoint the queue file after every _N successful deliveries
+ CheckpointInterval=N
+ Checkpoint the queue file after every N successful deliveries
(default 10). This avoids excessive duplicate deliveries when
sending to long mailing lists interrupted by system crashes.
- DeliveryMode=_x
- Set the delivery mode to _x. Delivery modes are `i' for interac-
+ DeliveryMode=x
+ Set the delivery mode to x. Delivery modes are `i' for interac-
tive (synchronous) delivery, `b' for background (asynchronous)
delivery, `q' for queue only - i.e., actual delivery is done the
next time the queue is run, and `d' for deferred - the same as
`q' except that database lookups for maps which have set the -D
option (default for the host map) are avoided.
- ErrorMode=_x
- Set error processing to mode _x. Valid modes are `m' to mail
+ ErrorMode=x
+ Set error processing to mode x. Valid modes are `m' to mail
back the error message, `w' to ``write'' back the error message
(or mail it back if the sender is not logged in), `p' to print
the errors on the terminal (default), `q' to throw away error
messages (only exit status is returned), and `e' to do special
processing for the BerkNet. If the text of the message is not
mailed back by modes `m' or `w' and if the sender is local to
this machine, a copy of the message is appended to the file
- _d_e_a_d_._l_e_t_t_e_r in the sender's home directory.
+ dead.letter in the sender's home directory.
SaveFromLine
Save UNIX-style From lines at the front of messages.
- MaxHopCount=_N
+ MaxHopCount=N
The maximum number of times a message is allowed to ``hop''
before we decide it is in a loop.
IgnoreDots
Do not take dots on a line by themselves as a message termina-
tor.
SendMimeErrors
Send error messages in MIME format. If not set, the DSN (Deliv-
ery Status Notification) SMTP extension is disabled.
- ConnectionCacheTimeout=_t_i_m_e_o_u_t
+ ConnectionCacheTimeout=timeout
Set connection cache timeout.
- ConnectionCacheSize=_N
+ ConnectionCacheSize=N
Set connection cache size.
- LogLevel=_n
+ LogLevel=n
The log level.
- MeToo=_F_a_l_s_e
+ MeToo=False
Don't send to ``me'' (the sender) if I am in an alias expansion.
CheckAliases
Validate the right hand side of aliases during a newaliases(1)
command.
OldStyleHeaders
If set, this message may have old style headers. If not set,
this message is guaranteed to have new style headers (i.e., com-
mas instead of spaces between addresses). If set, an adaptive
algorithm is used that will correctly determine the header for-
mat in most cases.
- QueueDirectory=_q_u_e_u_e_d_i_r
+ QueueDirectory=queuedir
Select the directory in which to queue messages.
- StatusFile=_f_i_l_e
+ StatusFile=file
Save statistics in the named file.
- Timeout.queuereturn=_t_i_m_e
+ Timeout.queuereturn=time
Set the timeout on undelivered messages in the queue to the
specified time. After delivery has failed (e.g., because of a
host being down) for this amount of time, failed messages will
be returned to the sender. The default is five days.
- UserDatabaseSpec=_u_s_e_r_d_a_t_a_b_a_s_e
+ UserDatabaseSpec=userdatabase
If set, a user database is consulted to get forwarding informa-
tion. You can consider this an adjunct to the aliasing mecha-
nism, except that the database is intended to be distributed;
aliases are local to a particular host. This may not be avail-
able if your sendmail does not have the USERDB option compiled
in.
ForkEachJob
Fork each job during queue runs. May be convenient on memory-
poor machines.
SevenBitInput
Strip incoming messages to seven bits.
- EightBitMode=_m_o_d_e
+ EightBitMode=mode
Set the handling of eight bit input to seven bit destinations to
- _m_o_d_e: m (mimefy) will convert to seven-bit MIME format, p (pass)
+ mode: m (mimefy) will convert to seven-bit MIME format, p (pass)
will pass it as eight bits (but violates protocols), and s
(strict) will bounce the message.
- MinQueueAge=_t_i_m_e_o_u_t
+ MinQueueAge=timeout
Sets how long a job must ferment in the queue between attempts
to send it.
- DefaultCharSet=_c_h_a_r_s_e_t
+ DefaultCharSet=charset
Sets the default character set used to label 8-bit data that is
not otherwise labelled.
- DialDelay=_s_l_e_e_p_t_i_m_e
- If opening a connection fails, sleep for _s_l_e_e_p_t_i_m_e seconds and
+ DialDelay=sleeptime
+ If opening a connection fails, sleep for sleeptime seconds and
try again. Useful on dial-on-demand sites.
- NoRecipientAction=_a_c_t_i_o_n
+ NoRecipientAction=action
Set the behaviour when there are no recipient headers (To:, Cc:
- or Bcc:) in the message to _a_c_t_i_o_n: none leaves the message
+ or Bcc:) in the message to action: none leaves the message
unchanged, add-to adds a To: header with the envelope recipi-
ents, add-apparently-to adds an Apparently-To: header with the
envelope recipients, add-bcc adds an empty Bcc: header, and add-
to-undisclosed adds a header reading `To: undisclosed-recipi-
ents:;'.
- MaxDaemonChildren=_N
+ MaxDaemonChildren=N
Sets the maximum number of children that an incoming SMTP daemon
- will allow to spawn at any time to _N.
+ will allow to spawn at any time to N.
- ConnectionRateThrottle=_N
+ ConnectionRateThrottle=N
Sets the maximum number of connections per second to the SMTP
- port to _N.
+ port to N.
In aliases, the first character of a name may be a vertical bar to
cause interpretation of the rest of the name as a command to pipe the
- mail to. It may be necessary to quote the name to keep sseennddmmaaiill from
+ mail to. It may be necessary to quote the name to keep sendmail from
suppressing the blanks from between arguments. For example, a common
alias is:
msgs: "|/usr/bin/msgs -s"
- Aliases may also have the syntax ``:include:_f_i_l_e_n_a_m_e'' to ask sseennddmmaaiill
+ Aliases may also have the syntax ``:include:filename'' to ask sendmail
to read the named file for a list of recipients. For example, an alias
such as:
poets: ":include:/usr/local/lib/poets.list"
- would read _/_u_s_r_/_l_o_c_a_l_/_l_i_b_/_p_o_e_t_s_._l_i_s_t for the list of addresses making
+ would read /usr/local/lib/poets.list for the list of addresses making
up the group.
- SSeennddmmaaiill returns an exit status describing what it did. The codes are
- defined in <_s_y_s_e_x_i_t_s_._h>:
+ Sendmail returns an exit status describing what it did. The codes are
+ defined in <sysexits.h>:
EX_OK Successful completion on all addresses.
EX_NOUSER
User name not recognized.
EX_UNAVAILABLE
Catchall meaning necessary resources were not available.
EX_SYNTAX
Syntax error in address.
EX_SOFTWARE
Internal software error, including bad arguments.
EX_OSERR
Temporary operating system error, such as ``cannot fork''.
EX_NOHOST
Host name not recognized.
EX_TEMPFAIL
Message could not be sent immediately, but was queued.
- If invoked as nneewwaalliiaasseess, sseennddmmaaiill will rebuild the alias database. If
- invoked as mmaaiillqq, sseennddmmaaiill will print the contents of the mail queue.
- If invoked as hhoossttssttaatt, sseennddmmaaiill will print the persistent host status
- database. If invoked as ppuurrggeessttaatt, sseennddmmaaiill will purge expired entries
- from the persistent host status database. If invoked as ssmmttppdd, sseenndd--
- mmaaiill will act as a daemon, as if the --bbdd option were specified.
+ If invoked as newaliases, sendmail will rebuild the alias database. If
+ invoked as mailq, sendmail will print the contents of the mail queue.
+ If invoked as hoststat, sendmail will print the persistent host status
+ database. If invoked as purgestat, sendmail will purge expired entries
+ from the persistent host status database. If invoked as smtpd, send-
+ mail will act as a daemon, as if the -bd option were specified.
-NNOOTTEESS
- sseennddmmaaiill often gets blamed for many problems that are actually the
+NOTES
+ sendmail often gets blamed for many problems that are actually the
result of other problems, such as overly permissive modes on directo-
- ries. For this reason, sseennddmmaaiill checks the modes on system directories
+ ries. For this reason, sendmail checks the modes on system directories
and files to determine if they can be trusted. Although these checks
- can be turned off and your system security reduced by setting the DDoonntt--
- BBllaammeeSSeennddmmaaiill option, the permission problems should be fixed. For
+ can be turned off and your system security reduced by setting the Dont-
+ BlameSendmail option, the permission problems should be fixed. For
more information, see:
- _h_t_t_p_:_/_/_w_w_w_._s_e_n_d_m_a_i_l_._o_r_g_/_t_i_p_s_/_D_o_n_t_B_l_a_m_e_S_e_n_d_m_a_i_l_._h_t_m_l
+ http://www.sendmail.org/tips/DontBlameSendmail.html
-FFIILLEESS
- Except for the file _/_e_t_c_/_m_a_i_l_/_s_e_n_d_m_a_i_l_._c_f itself the following path-
- names are all specified in _/_e_t_c_/_m_a_i_l_/_s_e_n_d_m_a_i_l_._c_f. Thus, these values
+FILES
+ Except for the file /etc/mail/sendmail.cf itself the following path-
+ names are all specified in /etc/mail/sendmail.cf. Thus, these values
are only approximations.
/etc/mail/aliases
raw data for alias names
/etc/mail/aliases.db
data base of alias names
/etc/mail/sendmail.cf
configuration file
/etc/mail/helpfile
help file
/etc/mail/statistics
collected statistics
/var/spool/mqueue/*
temp files
-SSEEEE AALLSSOO
+SEE ALSO
binmail(1), mail(1), rmail(1), syslog(3), aliases(5), mailaddr(7),
rc(8)
- DARPA Internet Request For Comments _R_F_C_8_1_9, _R_F_C_8_2_1, _R_F_C_8_2_2. _S_e_n_d_m_a_i_l
- _I_n_s_t_a_l_l_a_t_i_o_n _a_n_d _O_p_e_r_a_t_i_o_n _G_u_i_d_e, No. 8, SMM.
+ DARPA Internet Request For Comments RFC819, RFC821, RFC822. Sendmail
+ Installation and Operation Guide, No. 8, SMM.
http://www.sendmail.org/
US Patent Numbers 6865671, 6986037.
-HHIISSTTOORRYY
- The sseennddmmaaiill command appeared in 4.2BSD.
+HISTORY
+ The sendmail command appeared in 4.2BSD.
$Date: 2013-11-22 20:51:56 $ SENDMAIL(8)
diff --git a/src/sendmail.h b/src/sendmail.h
index b2d0211ee0f5..e6cf45df0151 100644
--- a/src/sendmail.h
+++ b/src/sendmail.h
@@ -1,2863 +1,2898 @@
/*
* Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
/*
** SENDMAIL.H -- MTA-specific definitions for sendmail.
*/
#ifndef _SENDMAIL_H
# define _SENDMAIL_H 1
#ifndef MILTER
# define MILTER 1 /* turn on MILTER by default */
-#endif /* MILTER */
+#endif
#ifdef _DEFINE
# define EXTERN
-#else /* _DEFINE */
+#else
# define EXTERN extern
-#endif /* _DEFINE */
-
+#endif
#include <unistd.h>
#include <stddef.h>
#include <stdlib.h>
#include <stdio.h>
#include <ctype.h>
#include <setjmp.h>
#include <string.h>
#include <time.h>
-# ifdef EX_OK
-# undef EX_OK /* for SVr4.2 SMP */
-# endif /* EX_OK */
+#ifdef EX_OK
+# undef EX_OK /* for SVr4.2 SMP */
+#endif
#include "sendmail/sendmail.h"
+#if STARTTLS
+# include <openssl/ssl.h>
+# if _FFR_TLSA_DANE && !defined(DANE)
+# define DANE _FFR_TLSA_DANE
+# endif
+#endif
+
/* profiling? */
#if MONCONTROL
# define SM_PROF(x) moncontrol(x)
-#else /* MONCONTROL */
+#else
# define SM_PROF(x)
-#endif /* MONCONTROL */
+#endif
#ifdef _DEFINE
# ifndef lint
SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1104 2013-11-22 20:51:56 ca Exp $";
-# endif /* ! lint */
-#endif /* _DEFINE */
+# endif
+#endif
#include "bf.h"
#include "timers.h"
#include <sm/exc.h>
#include <sm/heap.h>
#include <sm/debug.h>
#include <sm/rpool.h>
#include <sm/io.h>
#include <sm/path.h>
#include <sm/signal.h>
#include <sm/clock.h>
#include <sm/mbdb.h>
#include <sm/errstring.h>
#include <sm/sysexits.h>
#include <sm/shm.h>
#include <sm/misc.h>
#ifdef LOG
# include <syslog.h>
-#endif /* LOG */
-
-
+#endif
-# if NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25
-# include <sys/socket.h>
-# endif /* NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 */
-# if NETUNIX
-# include <sys/un.h>
-# endif /* NETUNIX */
-# if NETINET || NETINET6
-# include <netinet/in.h>
-# endif /* NETINET || NETINET6 */
-# if NETINET6
+#if NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25
+# include <sys/socket.h>
+#endif
+#if NETUNIX
+# include <sys/un.h>
+#endif
+#if NETINET || NETINET6
+# include <netinet/in.h>
+#endif
+#if NETINET6
/*
** There is no standard yet for IPv6 includes.
** Specify OS specific implementation in conf.h
*/
-# endif /* NETINET6 */
-# if NETISO
-# include <netiso/iso.h>
-# endif /* NETISO */
-# if NETNS
-# include <netns/ns.h>
-# endif /* NETNS */
-# if NETX25
-# include <netccitt/x25.h>
-# endif /* NETX25 */
-
-# if NAMED_BIND
-# include <arpa/nameser.h>
-# ifdef NOERROR
-# undef NOERROR /* avoid <sys/streams.h> conflict */
-# endif /* NOERROR */
-# include <resolv.h>
-# else /* NAMED_BIND */
-# undef SM_SET_H_ERRNO
-# define SM_SET_H_ERRNO(err)
-# endif /* NAMED_BIND */
-
-# if HESIOD
-# include <hesiod.h>
-# if !defined(HES_ER_OK) || defined(HESIOD_INTERFACES)
-# define HESIOD_INIT /* support for the new interface */
-# endif /* !defined(HES_ER_OK) || defined(HESIOD_INTERFACES) */
-# endif /* HESIOD */
+#endif /* NETINET6 */
+#if NETISO
+# include <netiso/iso.h>
+#endif
+#if NETNS
+# include <netns/ns.h>
+#endif
+#if NETX25
+# include <netccitt/x25.h>
+#endif
+
+#if NAMED_BIND
+# include <arpa/nameser.h>
+# ifdef NOERROR
+# undef NOERROR /* avoid <sys/streams.h> conflict */
+# endif
+# include <resolv.h>
+#else /* NAMED_BIND */
+# undef SM_SET_H_ERRNO
+# define SM_SET_H_ERRNO(err)
+#endif /* NAMED_BIND */
+
+#if HESIOD
+# include <hesiod.h>
+# if !defined(HES_ER_OK) || defined(HESIOD_INTERFACES)
+# define HESIOD_INIT /* support for the new interface */
+# endif
+#endif /* HESIOD */
+
+#if _FFR_EAI && !defined(ALLOW_255)
+# define ALLOW_255 1
+#endif
#if STARTTLS
-# include <openssl/ssl.h>
-# if !TLS_NO_RSA
-# if _FFR_FIPSMODE
-# define RSA_KEYLENGTH 1024
-# else /* _FFR_FIPSMODE */
-# define RSA_KEYLENGTH 512
-# endif /* _FFR_FIPSMODE */
-# endif /* !TLS_NO_RSA */
-#endif /* STARTTLS */
+# if DANE
+struct dane_vrfy_ctx_S
+{
+ int dane_vrfy_chk;
+ int dane_vrfy_res;
+ int dane_vrfy_port;
+
+ /* look up TLSA RRs, SNI unless dane_tlsa_sni is set. */
+ char *dane_vrfy_host;
+ char *dane_vrfy_sni; /* if not NULL: use for SNI */
+
+ /* full fingerprint in printable format */
+ char dane_vrfy_fp[1024];
+};
+
+typedef struct dane_tlsa_S dane_tlsa_T, *dane_tlsa_P;
+typedef struct dane_vrfy_ctx_S dane_vrfy_ctx_T, *dane_vrfy_ctx_P;
+# endif
+
+/* TLS information context */
+struct tlsi_ctx_S
+{
+ /* use unsigned long? */
+ BITMAP256 tlsi_flags;
+# if DANE
+ dane_vrfy_ctx_T tlsi_dvc;
+# endif
+};
+typedef struct tlsi_ctx_S tlsi_ctx_T, *tlsi_ctx_P;
+
+/* TLS information context flags */
+#define TLSI_FL_CRLREQ 'R' /* CRL required */
+#define TLSI_FL_FB2CLR 'C' /* fall back to clear text is ok */
+#define TLSI_FL_NOFB2CLR 'c' /* do not fall back to clear text */
+#define TLSI_FL_NODANE 'd' /* do not use/lookup DANE */
+#define SM_TLSI_IS(tlsi_ctx, flag) \
+ (((tlsi_ctx) != NULL) && bitnset((flag), (tlsi_ctx)->tlsi_flags))
+
+/* ugly hack, is it worth using different values? */
+# if _FFR_LOG_MORE1 > 1 || _FFR_LOG_MORE2 > 1
+# define LOG_MORE_2(buf, bp) \
+ p = macvalue(macid("{tls_version}"), e); \
+ if (p == NULL || *p == '\0') \
+ p = "NONE"; \
+ (void) sm_snprintf(bp, SPACELEFT(buf, bp), ", tls_version=%.10s", p); \
+ bp += strlen(bp); \
+ p = macvalue(macid("{cipher}"), e); \
+ if (p == NULL || *p == '\0') \
+ p = "NONE"; \
+ (void) sm_snprintf(bp, SPACELEFT(buf, bp), ", cipher=%.20s", p); \
+ bp += strlen(bp);
+# else
+# define LOG_MORE_2(buf, bp)
+# endif
-#if SASL /* include the sasl include files if we have them */
+# define LOG_MORE(buf, bp) \
+ p = macvalue(macid("{verify}"), e); \
+ if (p == NULL || *p == '\0') \
+ p = "NONE"; \
+ (void) sm_snprintf(bp, SPACELEFT(buf, bp), ", tls_verify=%.20s", p); \
+ bp += strlen(bp); \
+ LOG_MORE_2(buf, bp)
+#else
+# define LOG_MORE(buf, bp)
+#endif /* STARTTLS */
+#if SASL
+/* include the sasl include files if we have them */
# if SASL == 2 || SASL >= 20000
# include <sasl/sasl.h>
# include <sasl/saslplug.h>
# include <sasl/saslutil.h>
# if SASL_VERSION_FULL < 0x020119
typedef int (*sasl_callback_ft)(void);
-# endif /* SASL_VERSION_FULL < 0x020119 */
+# endif
# else /* SASL == 2 || SASL >= 20000 */
# include <sasl.h>
# include <saslutil.h>
typedef int (*sasl_callback_ft)(void);
# endif /* SASL == 2 || SASL >= 20000 */
# if defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP)
-# define SASL_VERSION (SASL_VERSION_MAJOR * 10000) + (SASL_VERSION_MINOR * 100) + SASL_VERSION_STEP
+# define SASL_VERSION (SASL_VERSION_MAJOR * 10000) + (SASL_VERSION_MINOR * 100) + SASL_VERSION_STEP
# if SASL == 1 || SASL == 2
# undef SASL
# define SASL SASL_VERSION
# else /* SASL == 1 || SASL == 2 */
# if SASL != SASL_VERSION
ERROR README: -DSASL (SASL) does not agree with the version of the CYRUS_SASL library (SASL_VERSION)
ERROR README: see README!
# endif /* SASL != SASL_VERSION */
# endif /* SASL == 1 || SASL == 2 */
# else /* defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP) */
# if SASL == 1
ERROR README: please set -DSASL to the version of the CYRUS_SASL library
ERROR README: see README!
# endif /* SASL == 1 */
# endif /* defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP) */
#endif /* SASL */
/*
** Following are "sort of" configuration constants, but they should
** be pretty solid on most architectures today. They have to be
** defined after <arpa/nameser.h> because some versions of that
** file also define them. In all cases, we can't use sizeof because
** some systems (e.g., Crays) always treat everything as being at
** least 64 bits.
*/
#ifndef INADDRSZ
# define INADDRSZ 4 /* size of an IPv4 address in bytes */
-#endif /* ! INADDRSZ */
+#endif
#ifndef IN6ADDRSZ
# define IN6ADDRSZ 16 /* size of an IPv6 address in bytes */
-#endif /* ! IN6ADDRSZ */
+#endif
#ifndef INT16SZ
# define INT16SZ 2 /* size of a 16 bit integer in bytes */
-#endif /* ! INT16SZ */
+#endif
#ifndef INT32SZ
# define INT32SZ 4 /* size of a 32 bit integer in bytes */
-#endif /* ! INT32SZ */
+#endif
#ifndef INADDR_LOOPBACK
# define INADDR_LOOPBACK 0x7f000001 /* loopback address */
-#endif /* ! INADDR_LOOPBACK */
+#endif
/*
** Error return from inet_addr(3), in case not defined in /usr/include.
*/
#ifndef INADDR_NONE
# define INADDR_NONE 0xffffffff
-#endif /* ! INADDR_NONE */
+#endif
/* By default use uncompressed IPv6 address format (no "::") */
#ifndef IPV6_FULL
# define IPV6_FULL 1
#endif
/* (f)open() modes for queue files */
#define QF_O_EXTRA 0
-#if _FFR_PROXY || _FFR_LOGREPLY
-# define _FFR_ERRCODE 1
-#endif
-
-#define SM_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
+#define SM_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
/*
** An 'argument class' describes the storage allocation status
** of an object pointed to by an argument to a function.
*/
typedef enum
{
A_HEAP, /* the storage was allocated by malloc, and the
* ownership of the storage is ceded by the caller
* to the called function. */
A_TEMP, /* The storage is temporary, and is only guaranteed
* to be valid for the duration of the function call. */
A_PERM /* The storage is 'permanent': this might mean static
* storage, or rpool storage. */
} ARGCLASS_T;
/* forward references for prototypes */
typedef struct envelope ENVELOPE;
typedef struct mailer MAILER;
typedef struct queuegrp QUEUEGRP;
/*
** Address structure.
** Addresses are stored internally in this structure.
*/
struct address
{
char *q_paddr; /* the printname for the address */
char *q_user; /* user name */
char *q_ruser; /* real user name, or NULL if q_user */
char *q_host; /* host name */
+#if DANE
+ char *q_qname; /* original query (host) name */
+#endif
struct mailer *q_mailer; /* mailer to use */
unsigned long q_flags; /* status flags, see below */
uid_t q_uid; /* user-id of receiver (if known) */
gid_t q_gid; /* group-id of receiver (if known) */
char *q_home; /* home dir (local mailer only) */
char *q_fullname; /* full name if known */
struct address *q_next; /* chain */
struct address *q_alias; /* address this results from */
char *q_owner; /* owner of q_alias */
struct address *q_tchain; /* temporary use chain */
#if PIPELINING
struct address *q_pchain; /* chain for pipelining */
-#endif /* PIPELINING */
+#endif
char *q_finalrcpt; /* Final-Recipient: DSN header */
char *q_orcpt; /* ORCPT parameter from RCPT TO: line */
char *q_status; /* status code for DSNs */
char *q_rstatus; /* remote status message for DSNs */
time_t q_statdate; /* date of status messages */
char *q_statmta; /* MTA generating q_rstatus */
short q_state; /* address state, see below */
char *q_signature; /* MX-based sorting value */
int q_qgrp; /* index into queue groups */
- int q_qdir; /* queue directory inside group */
char *q_message; /* error message */
};
typedef struct address ADDRESS;
/* bit values for q_flags */
#define QGOODUID 0x00000001 /* the q_uid q_gid fields are good */
#define QPRIMARY 0x00000002 /* set from RCPT or argv */
#define QNOTREMOTE 0x00000004 /* address not for remote forwarding */
#define QSELFREF 0x00000008 /* this address references itself */
#define QBOGUSSHELL 0x00000010 /* user has no valid shell listed */
#define QUNSAFEADDR 0x00000020 /* address acquired via unsafe path */
#define QPINGONSUCCESS 0x00000040 /* give return on successful delivery */
#define QPINGONFAILURE 0x00000080 /* give return on failure */
#define QPINGONDELAY 0x00000100 /* give return on message delay */
#define QHASNOTIFY 0x00000200 /* propagate notify parameter */
#define QRELAYED 0x00000400 /* DSN: relayed to non-DSN aware sys */
#define QEXPANDED 0x00000800 /* DSN: undergone list expansion */
#define QDELIVERED 0x00001000 /* DSN: successful final delivery */
#define QDELAYED 0x00002000 /* DSN: message delayed */
#define QALIAS 0x00004000 /* expanded alias */
#define QBYTRACE 0x00008000 /* DeliverBy: trace */
#define QBYNDELAY 0x00010000 /* DeliverBy: notify, delay */
#define QBYNRELAY 0x00020000 /* DeliverBy: notify, relayed */
#define QINTBCC 0x00040000 /* internal Bcc */
#define QDYNMAILER 0x00080000 /* "dynamic mailer" */
+#define QSECURE 0x00100000 /* DNSSEC ok */
+#define QQUEUED 0x00200000 /* queued */
#define QTHISPASS 0x40000000 /* temp: address set this pass */
#define QRCPTOK 0x80000000 /* recipient() processed address */
#define QDYNMAILFLG 'Y'
#define Q_PINGFLAGS (QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY)
#if _FFR_RCPTFLAGS
# define QMATCHFLAGS (QINTBCC|QDYNMAILER)
# define QMATCH_FLAG(a) ((a)->q_flags & QMATCHFLAGS)
# define ADDR_FLAGS_MATCH(a, b) (QMATCH_FLAG(a) == QMATCH_FLAG(b))
#else
# define ADDR_FLAGS_MATCH(a, b) true
#endif
/* values for q_state */
#define QS_OK 0 /* address ok (for now)/not yet tried */
#define QS_SENT 1 /* good address, delivery complete */
#define QS_BADADDR 2 /* illegal address */
#define QS_QUEUEUP 3 /* save address in queue */
#define QS_RETRY 4 /* retry delivery for next MX */
#define QS_VERIFIED 5 /* verified, but not expanded */
/*
** Notice: all of the following values are variations of QS_DONTSEND.
** If new states are added, they must be inserted in the proper place!
** See the macro definition of QS_IS_DEAD() down below.
*/
#define QS_DONTSEND 6 /* don't send to this address */
#define QS_EXPANDED 7 /* expanded */
#define QS_SENDER 8 /* message sender (MeToo) */
#define QS_CLONED 9 /* addr cloned to split envelope */
#define QS_DISCARDED 10 /* rcpt discarded (EF_DISCARD) */
#define QS_REPLACED 11 /* maplocaluser()/UserDB replaced */
#define QS_REMOVED 12 /* removed (removefromlist()) */
#define QS_DUPLICATE 13 /* duplicate suppressed */
#define QS_INCLUDED 14 /* :include: delivery */
#define QS_FATALERR 15 /* fatal error, don't deliver */
/* address state testing primitives */
#define QS_IS_OK(s) ((s) == QS_OK)
#define QS_IS_SENT(s) ((s) == QS_SENT)
#define QS_IS_BADADDR(s) ((s) == QS_BADADDR)
#define QS_IS_QUEUEUP(s) ((s) == QS_QUEUEUP)
#define QS_IS_RETRY(s) ((s) == QS_RETRY)
#define QS_IS_VERIFIED(s) ((s) == QS_VERIFIED)
#define QS_IS_EXPANDED(s) ((s) == QS_EXPANDED)
#define QS_IS_REMOVED(s) ((s) == QS_REMOVED)
#define QS_IS_UNDELIVERED(s) ((s) == QS_OK || \
(s) == QS_QUEUEUP || \
(s) == QS_RETRY || \
(s) == QS_VERIFIED)
#define QS_IS_UNMARKED(s) ((s) == QS_OK || \
(s) == QS_RETRY)
#define QS_IS_SENDABLE(s) ((s) == QS_OK || \
(s) == QS_QUEUEUP || \
(s) == QS_RETRY)
#define QS_IS_ATTEMPTED(s) ((s) == QS_QUEUEUP || \
(s) == QS_RETRY || \
(s) == QS_SENT || \
(s) == QS_DISCARDED)
#define QS_IS_DEAD(s) ((s) >= QS_DONTSEND)
#define QS_IS_TEMPFAIL(s) ((s) == QS_QUEUEUP || (s) == QS_RETRY)
#define NULLADDR ((ADDRESS *) NULL)
extern ADDRESS NullAddress; /* a null (template) address [main.c] */
/* for cataddr() */
#define NOSPACESEP 256
/* functions */
extern void cataddr __P((char **, char **, char *, int, int, bool));
extern char *crackaddr __P((char *, ENVELOPE *));
extern bool emptyaddr __P((ADDRESS *));
extern ADDRESS *getctladdr __P((ADDRESS *));
extern int include __P((char *, bool, ADDRESS *, ADDRESS **, int, ENVELOPE *));
extern bool invalidaddr __P((char *, char *, bool));
extern ADDRESS *parseaddr __P((char *, ADDRESS *, int, int, char **,
ENVELOPE *, bool));
extern char **prescan __P((char *, int, char[], int, char **, unsigned char *, bool));
extern void printaddr __P((SM_FILE_T *, ADDRESS *, bool));
extern ADDRESS *recipient __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
extern char *remotename __P((char *, MAILER *, int, int *, ENVELOPE *));
extern int rewrite __P((char **, int, int, ENVELOPE *, int));
extern bool sameaddr __P((ADDRESS *, ADDRESS *));
extern int sendtolist __P((char *, ADDRESS *, ADDRESS **, int, ENVELOPE *));
#if MILTER
extern int removefromlist __P((char *, ADDRESS **, ENVELOPE *));
-#endif /* MILTER */
+#endif
extern void setsender __P((char *, ENVELOPE *, char **, int, bool));
typedef void esmtp_args_F __P((ADDRESS *, char *, char *, ENVELOPE *));
extern void parse_esmtp_args __P((ENVELOPE *, ADDRESS *, char *, char *,
char *, char *args[], esmtp_args_F));
extern esmtp_args_F mail_esmtp_args;
extern esmtp_args_F rcpt_esmtp_args;
extern void reset_mail_esmtp_args __P((ENVELOPE *));
/* macro to simplify the common call to rewrite() */
#define REWRITE(pvp, rs, env) rewrite(pvp, rs, 0, env, MAXATOM)
/*
** Token Tables for prescan
*/
extern unsigned char ExtTokenTab[256]; /* external strings */
extern unsigned char IntTokenTab[256]; /* internal strings */
/*
** Mailer definition structure.
** Every mailer known to the system is declared in this
** structure. It defines the pathname of the mailer, some
** flags associated with it, and the argument vector to
** pass to it. The flags are defined in conf.c
**
** The argument vector is expanded before actual use. All
** words except the first are passed through the macro
** processor.
*/
struct mailer
{
char *m_name; /* symbolic name of this mailer */
char *m_mailer; /* pathname of the mailer to use */
char *m_mtatype; /* type of this MTA */
char *m_addrtype; /* type for addresses */
char *m_diagtype; /* type for diagnostics */
BITMAP256 m_flags; /* status flags, see below */
short m_mno; /* mailer number internally */
short m_nice; /* niceness to run at (mostly for prog) */
char **m_argv; /* template argument vector */
short m_sh_rwset; /* rewrite set: sender header addresses */
short m_se_rwset; /* rewrite set: sender envelope addresses */
short m_rh_rwset; /* rewrite set: recipient header addresses */
short m_re_rwset; /* rewrite set: recipient envelope addresses */
char *m_eol; /* end of line string */
long m_maxsize; /* size limit on message to this mailer */
int m_linelimit; /* max # characters per line */
int m_maxdeliveries; /* max deliveries per mailer connection */
char *m_execdir; /* directory to chdir to before execv */
char *m_rootdir; /* directory to chroot to before execv */
uid_t m_uid; /* UID to run as */
gid_t m_gid; /* GID to run as */
char *m_defcharset; /* default character set */
time_t m_wait; /* timeout to wait for end */
int m_maxrcpt; /* max recipients per envelope client-side */
short m_qgrp; /* queue group for this mailer */
+#if DANE
+ unsigned short m_port; /* port (if appropriate for mailer) */
+# define M_PORT(m) ((m)->m_port)
+#else
+# define M_PORT(m) (-1)
+#endif
};
/* bits for m_flags */
#define M_xSMTP 0x01 /* internal: {ES,S,L}MTP */
#define M_ESMTP 'a' /* run Extended SMTP */
#define M_ALIASABLE 'A' /* user can be LHS of an alias */
#define M_BLANKEND 'b' /* ensure blank line at end of message */
#define M_STRIPBACKSL 'B' /* strip all leading backslashes from user */
#define M_NOCOMMENT 'c' /* don't include comment part of address */
#define M_CANONICAL 'C' /* make addresses canonical "u@dom" */
#define M_NOBRACKET 'd' /* never angle bracket envelope route-addrs */
/* 'D' CF: include Date: */
#define M_EXPENSIVE 'e' /* it costs to use this mailer.... */
#define M_ESCFROM 'E' /* escape From lines to >From */
#define M_FOPT 'f' /* mailer takes picky -f flag */
/* 'F' CF: include From: or Resent-From: */
#define M_NO_NULL_FROM 'g' /* sender of errors should be $g */
#define M_HST_UPPER 'h' /* preserve host case distinction */
#define M_PREHEAD 'H' /* MAIL11V3: preview headers */
#define M_UDBENVELOPE 'i' /* do udbsender rewriting on envelope */
#define M_INTERNAL 'I' /* SMTP to another sendmail site */
#define M_UDBRECIPIENT 'j' /* do udbsender rewriting on recipient lines */
#define M_NOLOOPCHECK 'k' /* don't check for loops in HELO command */
#define M_CHUNKING 'K' /* CHUNKING: reserved for future use */
#define M_LOCALMAILER 'l' /* delivery is to this host */
#define M_LIMITS 'L' /* must enforce SMTP line limits */
#define M_MUSER 'm' /* can handle multiple users at once */
/* 'M' CF: include Message-Id: */
#define M_NHDR 'n' /* don't insert From line */
#define M_MANYSTATUS 'N' /* MAIL11V3: DATA returns multi-status */
#define M_RUNASRCPT 'o' /* always run mailer as recipient */
/* 'O' free? */
#define M_FROMPATH 'p' /* use reverse-path in MAIL FROM: */
/* 'P' CF: include Return-Path: */
#define M_VRFY250 'q' /* VRFY command returns 250 instead of 252 */
#define M_ROPT 'r' /* mailer takes picky -r flag */
#define M_SECURE_PORT 'R' /* try to send on a reserved TCP port */
#define M_STRIPQ 's' /* strip quote chars from user/host */
#define M_SPECIFIC_UID 'S' /* run as specific uid/gid */
#define M_USR_UPPER 'u' /* preserve user case distinction */
#define M_UGLYUUCP 'U' /* this wants an ugly UUCP from line */
#define M_CONTENT_LEN 'v' /* add Content-Length: header (SVr4) */
/* 'V' UIUC: !-relativize all addresses */
#define M_HASPWENT 'w' /* check for /etc/passwd entry */
#define M_NOHOSTSTAT 'W' /* ignore long term host status information */
/* 'x' CF: include Full-Name: */
#define M_XDOT 'X' /* use hidden-dot algorithm */
/* 'y' free? */
/* 'Y' free? */
#define M_LMTP 'z' /* run Local Mail Transport Protocol */
#define M_DIALDELAY 'Z' /* apply dial delay sleeptime */
#define M_NOMX '0' /* turn off MX lookups */
#define M_NONULLS '1' /* don't send null bytes */
#define M_FSMTP '2' /* force SMTP (no ESMTP even if offered) */
/* '4' free? */
#define M_EBCDIC '3' /* extend Q-P encoding for EBCDIC */
#define M_TRYRULESET5 '5' /* use ruleset 5 after local aliasing */
#define M_7BITHDRS '6' /* strip headers to 7 bits even in 8 bit path */
#define M_7BITS '7' /* use 7-bit path */
#define M_8BITS '8' /* force "just send 8" behaviour */
#define M_MAKE8BIT '9' /* convert 7 -> 8 bit if appropriate */
#define M_CHECKINCLUDE ':' /* check for :include: files */
#define M_CHECKPROG '|' /* check for |program addresses */
#define M_CHECKFILE '/' /* check for /file addresses */
#define M_CHECKUDB '@' /* user can be user database key */
#define M_CHECKHDIR '~' /* SGI: check for valid home directory */
#define M_HOLD '%' /* Hold delivery until ETRN/-qI/-qR/-qS */
#define M_PLUS '+' /* Reserved: Used in mc for adding new flags */
#define M_MINUS '-' /* Reserved: Used in mc for removing flags */
#define M_NOMHHACK '!' /* Don't perform HM hack dropping explicit from */
/* functions */
extern void initerrmailers __P((void));
extern void makemailer __P((char *));
extern void makequeue __P((char *, bool));
extern void runqueueevent __P((int));
#if _FFR_QUEUE_RUN_PARANOIA
extern bool checkqueuerunner __P((void));
-#endif /* _FFR_QUEUE_RUN_PARANOIA */
+#endif
EXTERN MAILER *FileMailer; /* ptr to *file* mailer */
EXTERN MAILER *InclMailer; /* ptr to *include* mailer */
EXTERN MAILER *LocalMailer; /* ptr to local mailer */
EXTERN MAILER *ProgMailer; /* ptr to program mailer */
#if _FFR_RCPTFLAGS
EXTERN MAILER *Mailer[MAXMAILERS * 2 + 1];
#else
EXTERN MAILER *Mailer[MAXMAILERS + 1];
#endif
/*
** Queue group definition structure.
** Every queue group known to the system is declared in this structure.
** It defines the basic pathname of the queue group, some flags
** associated with it, and the argument vector to pass to it.
*/
struct qpaths_s
{
char *qp_name; /* name of queue dir, relative path */
short qp_subdirs; /* use subdirs? */
short qp_fsysidx; /* file system index of this directory */
-# if SM_CONF_SHM
+#if SM_CONF_SHM
int qp_idx; /* index into array for queue information */
-# endif /* SM_CONF_SHM */
+#endif
};
typedef struct qpaths_s QPATHS;
struct queuegrp
{
char *qg_name; /* symbolic name of this queue group */
/*
** For now this is the same across all queue groups.
** Otherwise we have to play around with chdir().
*/
char *qg_qdir; /* common component of queue directory */
short qg_index; /* queue number internally, index in Queue[] */
int qg_maxqrun; /* max # of jobs in 1 queuerun */
int qg_numqueues; /* number of queues in this queue */
/*
** qg_queueintvl == 0 denotes that no individual value is used.
** Whatever accesses this must deal with "<= 0" as
** "not set, use appropriate default".
*/
time_t qg_queueintvl; /* interval for queue runs */
QPATHS *qg_qpaths; /* list of queue directories */
BITMAP256 qg_flags; /* status flags, see below */
short qg_nice; /* niceness for queue run */
int qg_wgrp; /* Assigned to this work group */
- int qg_maxlist; /* max items in work queue for this group */
- int qg_curnum; /* current number of queue for queue runs */
+ int qg_maxlist; /* max items in work queue for this group */
+ int qg_curnum; /* current number of queue for queue runs */
int qg_maxrcpt; /* max recipients per envelope, 0==no limit */
time_t qg_nextrun; /* time for next queue runs */
#if _FFR_QUEUE_GROUP_SORTORDER
short qg_sortorder; /* how do we sort this queuerun */
-#endif /* _FFR_QUEUE_GROUP_SORTORDER */
+#endif
#if 0
long qg_wkrcptfact; /* multiplier for # recipients -> priority */
long qg_qfactor; /* slope of queue function */
bool qg_doqueuerun; /* XXX flag is it time to do a queuerun */
#endif /* 0 */
};
/* bits for qg_flags (XXX: unused as of now) */
#define QD_DEFINED ((char) 1) /* queue group has been defined */
#define QD_FORK 'f' /* fork queue runs */
extern void filesys_update __P((void));
#if _FFR_ANY_FREE_FS
extern bool filesys_free __P((long));
-#endif /* _FFR_ANY_FREE_FS */
+#endif
#if SASL
/*
** SASL
*/
/* lines in authinfo file or index into SASL_AI_T */
# define SASL_WRONG (-1)
# define SASL_USER 0 /* authorization id (user) */
# define SASL_AUTHID 1 /* authentication id */
# define SASL_PASSWORD 2 /* password fuer authid */
# define SASL_DEFREALM 3 /* realm to use */
# define SASL_MECHLIST 4 /* list of mechanisms to try */
# define SASL_ID_REALM 5 /* authid@defrealm */
/*
** Current mechanism; this is just used to convey information between
** invocation of SASL callback functions.
** It must be last in the list, because it's not allocated by us
** and hence we don't free() it.
*/
# define SASL_MECH 6
# define SASL_ENTRIES 7 /* number of entries in array */
# define SASL_USER_BIT (1 << SASL_USER)
# define SASL_AUTHID_BIT (1 << SASL_AUTHID)
# define SASL_PASSWORD_BIT (1 << SASL_PASSWORD)
# define SASL_DEFREALM_BIT (1 << SASL_DEFREALM)
# define SASL_MECHLIST_BIT (1 << SASL_MECHLIST)
/* authenticated? */
# define SASL_NOT_AUTH 0 /* not authenticated */
# define SASL_PROC_AUTH 1 /* in process of authenticating */
# define SASL_IS_AUTH 2 /* authenticated */
/* SASL options */
# define SASL_AUTH_AUTH 0x1000 /* use auth= only if authenticated */
# if SASL >= 20101
# define SASL_SEC_MASK SASL_SEC_MAXIMUM /* mask for SASL_SEC_* values: sasl.h */
# else /* SASL >= 20101 */
# define SASL_SEC_MASK 0x0fff /* mask for SASL_SEC_* values: sasl.h */
# if (SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 || \
(SASL_SEC_NOACTIVE & SASL_SEC_MASK) == 0 || \
(SASL_SEC_NODICTIONARY & SASL_SEC_MASK) == 0 || \
(SASL_SEC_FORWARD_SECRECY & SASL_SEC_MASK) == 0 || \
(SASL_SEC_NOANONYMOUS & SASL_SEC_MASK) == 0 || \
(SASL_SEC_PASS_CREDENTIALS & SASL_SEC_MASK) == 0
ERROR: change SASL_SEC_MASK_ notify sendmail.org!
# endif /* SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 ... */
# endif /* SASL >= 20101 */
# define MAXOUTLEN 8192 /* length of output buffer, should be 2^n */
/* functions */
extern char *intersect __P((char *, char *, SM_RPOOL_T *));
extern char *iteminlist __P((char *, char *, char *));
# if SASL >= 20000
extern int proxy_policy __P((sasl_conn_t *, void *, const char *, unsigned, const char *, unsigned, const char *, unsigned, struct propctx *));
extern int safesaslfile __P((void *, const char *, sasl_verify_type_t));
# else /* SASL >= 20000 */
extern int proxy_policy __P((void *, const char *, const char *, const char **, const char **));
# if SASL > 10515
extern int safesaslfile __P((void *, char *, int));
# else /* SASL > 10515 */
extern int safesaslfile __P((void *, char *));
# endif /* SASL > 10515 */
# endif /* SASL >= 20000 */
extern void stop_sasl_client __P((void));
/* structure to store authinfo */
typedef char *SASL_AI_T[SASL_ENTRIES];
EXTERN char *AuthMechanisms; /* AUTH mechanisms */
EXTERN char *AuthRealm; /* AUTH realm */
EXTERN char *SASLInfo; /* file with AUTH info */
EXTERN int SASLOpts; /* options for SASL */
EXTERN int MaxSLBits; /* max. encryption bits for SASL */
#endif /* SASL */
/*
** Structure to store macros.
*/
typedef struct
{
SM_RPOOL_T *mac_rpool; /* resource pool */
BITMAP256 mac_allocated; /* storage has been alloc()? */
char *mac_table[MAXMACROID + 1]; /* macros */
} MACROS_T;
EXTERN MACROS_T GlobalMacros;
/*
** Information about currently open connections to mailers, or to
** hosts that we have looked up recently.
*/
#define MCI struct mailer_con_info
MCI
{
unsigned long mci_flags; /* flag bits, see below */
short mci_errno; /* error number on last connection */
short mci_herrno; /* h_errno from last DNS lookup */
short mci_exitstat; /* exit status from last connection */
short mci_state; /* SMTP state */
int mci_deliveries; /* delivery attempts for connection */
long mci_maxsize; /* max size this server will accept */
SM_FILE_T *mci_in; /* input side of connection */
SM_FILE_T *mci_out; /* output side of connection */
pid_t mci_pid; /* process id of subordinate proc */
char *mci_phase; /* SMTP phase string */
struct mailer *mci_mailer; /* ptr to the mailer for this conn */
char *mci_host; /* host name */
char *mci_status; /* DSN status to be copied to addrs */
char *mci_rstatus; /* SMTP status to be copied to addrs */
time_t mci_lastuse; /* last usage time */
SM_FILE_T *mci_statfile; /* long term status file */
char *mci_heloname; /* name to use as HELO arg */
long mci_min_by; /* minimum DELIVERBY */
bool mci_retryrcpt; /* tempfail for at least one rcpt */
char *mci_tolist; /* list of valid recipients */
SM_RPOOL_T *mci_rpool; /* resource pool */
#if PIPELINING
int mci_okrcpts; /* number of valid recipients */
ADDRESS *mci_nextaddr; /* next address for pipelined status */
-#endif /* PIPELINING */
+#endif
#if SASL
SASL_AI_T mci_sai; /* authentication info */
bool mci_sasl_auth; /* authenticated? */
int mci_sasl_string_len;
char *mci_sasl_string; /* sasl reply string */
char *mci_saslcap; /* SASL list of mechanisms */
sasl_conn_t *mci_conn; /* SASL connection */
#endif /* SASL */
#if STARTTLS
SSL *mci_ssl; /* SSL connection */
-#endif /* STARTTLS */
+ tlsi_ctx_T mci_tlsi;
+#endif
MACROS_T mci_macro; /* macro definitions */
};
-/* flag bits */
-#define MCIF_VALID 0x00000001 /* this entry is valid */
-/* 0x00000002 unused, was MCIF_TEMP */
+/* MCI flag bits */
+/* XREF: mci.c: MciFlags[]: needs to be kept in sync! */
+/* 0x00000001 unused, was MCIF_VALID: this entry is valid */
+#define MCIF_OCC_INCR 0x00000002 /* occ values increased */
#define MCIF_CACHED 0x00000004 /* currently in open cache */
#define MCIF_ESMTP 0x00000008 /* this host speaks ESMTP */
#define MCIF_EXPN 0x00000010 /* EXPN command supported */
#define MCIF_SIZE 0x00000020 /* SIZE option supported */
#define MCIF_8BITMIME 0x00000040 /* BODY=8BITMIME supported */
#define MCIF_7BIT 0x00000080 /* strip this message to 7 bits */
/* 0x00000100 unused, was MCIF_MULTSTAT: MAIL11V3: handles MULT status */
#define MCIF_INHEADER 0x00000200 /* currently outputing header */
#define MCIF_CVT8TO7 0x00000400 /* convert from 8 to 7 bits */
#define MCIF_DSN 0x00000800 /* DSN extension supported */
#define MCIF_8BITOK 0x00001000 /* OK to send 8 bit characters */
#define MCIF_CVT7TO8 0x00002000 /* convert from 7 to 8 bits */
#define MCIF_INMIME 0x00004000 /* currently reading MIME header */
#define MCIF_AUTH 0x00008000 /* AUTH= supported */
#define MCIF_AUTHACT 0x00010000 /* SASL (AUTH) active */
#define MCIF_ENHSTAT 0x00020000 /* ENHANCEDSTATUSCODES supported */
#define MCIF_PIPELINED 0x00040000 /* PIPELINING supported */
#define MCIF_VERB 0x00080000 /* VERB supported */
#if STARTTLS
#define MCIF_TLS 0x00100000 /* STARTTLS supported */
#define MCIF_TLSACT 0x00200000 /* STARTTLS active */
#else /* STARTTLS */
#define MCIF_TLS 0
#define MCIF_TLSACT 0
#endif /* STARTTLS */
#define MCIF_DLVR_BY 0x00400000 /* DELIVERBY */
#if _FFR_IGNORE_EXT_ON_HELO
# define MCIF_HELO 0x00800000 /* we used HELO: ignore extensions */
-#endif /* _FFR_IGNORE_EXT_ON_HELO */
+#endif
#define MCIF_INLONGLINE 0x01000000 /* in the middle of a long line */
#define MCIF_AUTH2 0x02000000 /* got 2 AUTH lines */
#define MCIF_ONLY_EHLO 0x10000000 /* use only EHLO in smtpinit */
#if _FFR_HANDLE_HDR_RW_TEMPFAIL
/* an error is not sticky (if put{header,body}() etc fail) */
# define MCIF_NOTSTICKY 0x20000000
#else
# define MCIF_NOTSTICKY 0
#endif
+#if _FFR_EAI
+# define MCIF_EAI 0x40000000 /* SMTPUTF8 supported */
+#else
+# define MCIF_EAI 0x00000000 /* for MCIF_EXTENS */
+#endif
-#define MCIF_EXTENS (MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT | MCIF_TLS | MCIF_AUTH2)
+#define MCIF_EXTENS (MCIF_EXPN|MCIF_SIZE|MCIF_8BITMIME|MCIF_DSN|MCIF_8BITOK|MCIF_AUTH|MCIF_ENHSTAT|MCIF_PIPELINED|MCIF_VERB|MCIF_TLS|MCIF_DLVR_BY|MCIF_AUTH2|MCIF_EAI)
/* states */
#define MCIS_CLOSED 0 /* no traffic on this connection */
#define MCIS_OPENING 1 /* sending initial protocol */
#define MCIS_OPEN 2 /* open, initial protocol sent */
#define MCIS_MAIL 3 /* MAIL command sent */
#define MCIS_RCPT 4 /* RCPT commands being sent */
#define MCIS_DATA 5 /* DATA command sent */
#define MCIS_QUITING 6 /* running quit protocol */
#define MCIS_SSD 7 /* service shutting down */
#define MCIS_ERROR 8 /* I/O error on connection */
/* functions */
extern void mci_cache __P((MCI *));
extern void mci_close __P((MCI *, char *where));
extern void mci_dump __P((SM_FILE_T *, MCI *, bool));
extern void mci_dump_all __P((SM_FILE_T *, bool));
extern void mci_flush __P((bool, MCI *));
extern void mci_clr_extensions __P((MCI *));
extern MCI *mci_get __P((char *, MAILER *));
extern int mci_lock_host __P((MCI *));
extern bool mci_match __P((char *, MAILER *));
extern int mci_print_persistent __P((char *, char *));
extern int mci_purge_persistent __P((char *, char *));
extern MCI **mci_scan __P((MCI *));
extern void mci_setstat __P((MCI *, int, char *, char *));
extern void mci_store_persistent __P((MCI *));
extern int mci_traverse_persistent __P((int (*)(char *, char *), char *));
extern void mci_unlock_host __P((MCI *));
EXTERN int MaxMciCache; /* maximum entries in MCI cache */
EXTERN time_t MciCacheTimeout; /* maximum idle time on connections */
EXTERN time_t MciInfoTimeout; /* how long 'til we retry down hosts */
/*
** Header structure.
** This structure is used internally to store header items.
*/
struct header
{
char *h_field; /* the name of the field */
char *h_value; /* the value of that field */
struct header *h_link; /* the next header */
unsigned char h_macro; /* include header if macro defined */
unsigned long h_flags; /* status bits, see below */
BITMAP256 h_mflags; /* m_flags bits needed */
};
typedef struct header HDR;
/*
** Header information structure.
** Defined in conf.c, this struct declares the header fields
** that have some magic meaning.
*/
struct hdrinfo
{
char *hi_field; /* the name of the field */
unsigned long hi_flags; /* status bits, see below */
char *hi_ruleset; /* validity check ruleset */
};
extern struct hdrinfo HdrInfo[];
/* bits for h_flags and hi_flags */
#define H_EOH 0x00000001 /* field terminates header */
#define H_RCPT 0x00000002 /* contains recipient addresses */
#define H_DEFAULT 0x00000004 /* if another value is found, drop this */
#define H_RESENT 0x00000008 /* this address is a "Resent-..." address */
#define H_CHECK 0x00000010 /* check h_mflags against m_flags */
#define H_ACHECK 0x00000020 /* ditto, but always (not just default) */
#define H_FORCE 0x00000040 /* force this field, even if default */
#define H_TRACE 0x00000080 /* this field contains trace information */
#define H_FROM 0x00000100 /* this is a from-type field */
#define H_VALID 0x00000200 /* this field has a validated value */
#define H_RECEIPTTO 0x00000400 /* field has return receipt info */
#define H_ERRORSTO 0x00000800 /* field has error address info */
#define H_CTE 0x00001000 /* field is a content-transfer-encoding */
#define H_CTYPE 0x00002000 /* this is a content-type field */
#define H_BCC 0x00004000 /* Bcc: header: strip value or delete */
#define H_ENCODABLE 0x00008000 /* field can be RFC 1522 encoded */
#define H_STRIPCOMM 0x00010000 /* header check: strip comments */
#define H_BINDLATE 0x00020000 /* only expand macros at deliver */
#define H_USER 0x00040000 /* header came from the user/SMTP */
/* bits for chompheader() */
#define CHHDR_DEF 0x0001 /* default header */
#define CHHDR_CHECK 0x0002 /* call ruleset for header */
#define CHHDR_USER 0x0004 /* header from user */
#define CHHDR_QUEUE 0x0008 /* header from queue file */
/* functions */
extern void addheader __P((char *, char *, int, ENVELOPE *, bool));
extern unsigned long chompheader __P((char *, int, HDR **, ENVELOPE *));
extern bool commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *, int));
extern HDR *copyheader __P((HDR *, SM_RPOOL_T *));
extern void eatheader __P((ENVELOPE *, bool, bool));
extern char *hvalue __P((char *, HDR *));
extern void insheader __P((int, char *, char *, int, ENVELOPE *, bool));
extern bool isheader __P((char *));
extern bool putfromline __P((MCI *, ENVELOPE *));
extern void setupheaders __P((void));
/*
** Performance monitoring
*/
#define TIMERS struct sm_timers
TIMERS
{
TIMER ti_overall; /* the whole process */
};
#define PUSHTIMER(l, t) { if (tTd(98, l)) pushtimer(&t); }
#define POPTIMER(l, t) { if (tTd(98, l)) poptimer(&t); }
/*
** Envelope structure.
** This structure defines the message itself. There is usually
** only one of these -- for the message that we originally read
** and which is our primary interest -- but other envelopes can
** be generated during processing. For example, error messages
** will have their own envelope.
*/
struct envelope
{
HDR *e_header; /* head of header list */
long e_msgpriority; /* adjusted priority of this message */
time_t e_ctime; /* time message appeared in the queue */
char *e_to; /* (list of) target person(s) */
ADDRESS e_from; /* the person it is from */
char *e_sender; /* e_from.q_paddr w comments stripped */
char **e_fromdomain; /* the domain part of the sender */
+#if _FFR_EAI
+ bool e_smtputf8; /* whether the sender demanded SMTPUTF8 */
+#endif
ADDRESS *e_sendqueue; /* list of message recipients */
ADDRESS *e_errorqueue; /* the queue for error responses */
/*
** Overflow detection is based on < 0, so don't change this
** to unsigned. We don't use unsigned and == ULONG_MAX because
** some libc's don't have strtoul(), see mail_esmtp_args().
*/
long e_msgsize; /* size of the message in bytes */
char *e_msgid; /* message id (for logging) */
unsigned long e_flags; /* flags, see below */
int e_nrcpts; /* number of recipients */
short e_class; /* msg class (priority, junk, etc.) */
short e_hopcount; /* number of times processed */
short e_nsent; /* number of sends since checkpoint */
short e_sendmode; /* message send mode */
short e_errormode; /* error return mode */
short e_timeoutclass; /* message timeout class */
bool (*e_puthdr)__P((MCI *, HDR *, ENVELOPE *, int));
/* function to put header of message */
bool (*e_putbody)__P((MCI *, ENVELOPE *, char *));
/* function to put body of message */
ENVELOPE *e_parent; /* the message this one encloses */
ENVELOPE *e_sibling; /* the next envelope of interest */
char *e_bodytype; /* type of message body */
SM_FILE_T *e_dfp; /* data file */
char *e_id; /* code for this entry in queue */
#if _FFR_SESSID
char *e_sessid; /* session ID for this envelope */
-#endif /* _FFR_SESSID */
+#endif
int e_qgrp; /* queue group (index into queues) */
int e_qdir; /* index into queue directories */
int e_dfqgrp; /* data file queue group index */
int e_dfqdir; /* data file queue directory index */
int e_xfqgrp; /* queue group (index into queues) */
int e_xfqdir; /* index into queue directories (xf) */
SM_FILE_T *e_xfp; /* transcript file */
SM_FILE_T *e_lockfp; /* the lock file for this message */
char *e_message; /* error message; readonly; NULL,
* or allocated from e_rpool */
char *e_statmsg; /* stat msg (changes per delivery).
* readonly. NULL or allocated from
* e_rpool. */
char *e_quarmsg; /* why envelope is quarantined */
char e_qfletter; /* queue file letter on disk */
char *e_msgboundary; /* MIME-style message part boundary */
char *e_origrcpt; /* original recipient (one only) */
char *e_envid; /* envelope id from MAIL FROM: line */
char *e_status; /* DSN status for this message */
time_t e_dtime; /* time of last delivery attempt */
int e_ntries; /* number of delivery attempts */
dev_t e_dfdev; /* data file device (crash recovery) */
ino_t e_dfino; /* data file inode (crash recovery) */
MACROS_T e_macro; /* macro definitions */
MCI *e_mci; /* connection info */
char *e_auth_param; /* readonly; NULL or static storage or
* allocated from e_rpool */
TIMERS e_timers; /* per job timers */
long e_deliver_by; /* deliver by */
int e_dlvr_flag; /* deliver by flag */
SM_RPOOL_T *e_rpool; /* resource pool for this envelope */
unsigned int e_features; /* server features */
#define ENHSC_LEN 11
#if _FFR_MILTER_ENHSC
char e_enhsc[ENHSC_LEN]; /* enhanced status code */
-#endif /* _FFR_MILTER_ENHSC */
-#if _FFR_ERRCODE
+#endif
/* smtp error codes during delivery */
int e_rcode; /* reply code */
char e_renhsc[ENHSC_LEN]; /* enhanced status code */
char *e_text; /* reply text */
-#endif /* _FFR_ERRCODE */
};
#define PRT_NONNEGL(v) ((v) < 0 ? LONG_MAX : (v))
/* values for e_flags */
#define EF_OLDSTYLE 0x00000001L /* use spaces (not commas) in hdrs */
#define EF_INQUEUE 0x00000002L /* this message is fully queued */
#define EF_NO_BODY_RETN 0x00000004L /* omit message body on error */
#define EF_CLRQUEUE 0x00000008L /* disk copy is no longer needed */
#define EF_SENDRECEIPT 0x00000010L /* send a return receipt */
#define EF_FATALERRS 0x00000020L /* fatal errors occurred */
#define EF_DELETE_BCC 0x00000040L /* delete Bcc: headers entirely */
#define EF_RESPONSE 0x00000080L /* this is an error or return receipt */
#define EF_RESENT 0x00000100L /* this message is being forwarded */
#define EF_VRFYONLY 0x00000200L /* verify only (don't expand aliases) */
#define EF_WARNING 0x00000400L /* warning message has been sent */
#define EF_QUEUERUN 0x00000800L /* this envelope is from queue */
#define EF_GLOBALERRS 0x00001000L /* treat errors as global */
#define EF_PM_NOTIFY 0x00002000L /* send return mail to postmaster */
#define EF_METOO 0x00004000L /* send to me too */
#define EF_LOGSENDER 0x00008000L /* need to log the sender */
#define EF_NORECEIPT 0x00010000L /* suppress all return-receipts */
#define EF_HAS8BIT 0x00020000L /* at least one 8-bit char in body */
-#define EF_NL_NOT_EOL 0x00040000L /* don't accept raw NL as EOLine */
-#define EF_CRLF_NOT_EOL 0x00080000L /* don't accept CR-LF as EOLine */
+/* was: EF_NL_NOT_EOL 0x00040000L * don't accept raw NL as EOLine */
+/* was: EF_CRLF_NOT_EOL 0x00080000L * don't accept CR-LF as EOLine */
#define EF_RET_PARAM 0x00100000L /* RCPT command had RET argument */
#define EF_HAS_DF 0x00200000L /* set when data file is instantiated */
#define EF_IS_MIME 0x00400000L /* really is a MIME message */
#define EF_DONT_MIME 0x00800000L /* never MIME this message */
#define EF_DISCARD 0x01000000L /* discard the message */
#define EF_TOOBIG 0x02000000L /* message is too big */
#define EF_SPLIT 0x04000000L /* envelope has been split */
#define EF_UNSAFE 0x08000000L /* unsafe: read from untrusted source */
#define EF_TOODEEP 0x10000000L /* message is nested too deep */
+#define EF_SECURE 0x20000000L /* DNSSEC for currently parsed addr */
#define DLVR_NOTIFY 0x01
#define DLVR_RETURN 0x02
#define DLVR_TRACE 0x10
#define IS_DLVR_NOTIFY(e) (((e)->e_dlvr_flag & DLVR_NOTIFY) != 0)
#define IS_DLVR_RETURN(e) (((e)->e_dlvr_flag & DLVR_RETURN) != 0)
#define IS_DLVR_TRACE(e) (((e)->e_dlvr_flag & DLVR_TRACE) != 0)
#define IS_DLVR_BY(e) ((e)->e_dlvr_flag != 0)
#define BODYTYPE_NONE (0)
#define BODYTYPE_7BIT (1)
#define BODYTYPE_8BITMIME (2)
#define BODYTYPE_ILLEGAL (-1)
#define BODYTYPE_VALID(b) ((b) == BODYTYPE_7BIT || (b) == BODYTYPE_8BITMIME)
extern ENVELOPE BlankEnvelope;
/* functions */
extern void clearenvelope __P((ENVELOPE *, bool, SM_RPOOL_T *));
extern int dropenvelope __P((ENVELOPE *, bool, bool));
extern ENVELOPE *newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *));
extern void clrsessenvelope __P((ENVELOPE *));
extern void printenvflags __P((ENVELOPE *));
extern bool putbody __P((MCI *, ENVELOPE *, char *));
extern bool putheader __P((MCI *, HDR *, ENVELOPE *, int));
/*
** Message priority classes.
**
** The message class is read directly from the Priority: header
** field in the message.
**
** CurEnv->e_msgpriority is the number of bytes in the message plus
** the creation time (so that jobs ``tend'' to be ordered correctly),
** adjusted by the message class, the number of recipients, and the
** amount of time the message has been sitting around. This number
** is used to order the queue. Higher values mean LOWER priority.
**
** Each priority class point is worth WkClassFact priority points;
** each recipient is worth WkRecipFact priority points. Each time
** we reprocess a message the priority is adjusted by WkTimeFact.
** WkTimeFact should normally decrease the priority so that jobs
** that have historically failed will be run later; thanks go to
** Jay Lepreau at Utah for pointing out the error in my thinking.
**
** The "class" is this number, unadjusted by the age or size of
** this message. Classes with negative representations will have
** error messages thrown away if they are not local.
*/
struct priority
{
char *pri_name; /* external name of priority */
int pri_val; /* internal value for same */
};
EXTERN int NumPriorities; /* pointer into Priorities */
EXTERN struct priority Priorities[MAXPRIORITIES];
/*
** Rewrite rules.
*/
struct rewrite
{
char **r_lhs; /* pattern match */
char **r_rhs; /* substitution value */
struct rewrite *r_next;/* next in chain */
int r_line; /* rule line in sendmail.cf */
};
/*
** Special characters in rewriting rules.
** These are used internally only.
** The COND* rules are actually used in macros rather than in
** rewriting rules, but are given here because they
** cannot conflict.
*/
/* "out of band" indicator */
/* sm/sendmail.h #define METAQUOTE ((unsigned char)0377) quotes the next octet */
/* left hand side items */
#define MATCHZANY ((unsigned char)0220) /* match zero or more tokens */
#define MATCHANY ((unsigned char)0221) /* match one or more tokens */
#define MATCHONE ((unsigned char)0222) /* match exactly one token */
#define MATCHCLASS ((unsigned char)0223) /* match one token in a class */
#define MATCHNCLASS ((unsigned char)0224) /* match tokens not in class */
/* right hand side items */
#define MATCHREPL ((unsigned char)0225) /* RHS replacement for above */
#define CANONNET ((unsigned char)0226) /* canonical net, next token */
#define CANONHOST ((unsigned char)0227) /* canonical host, next token */
#define CANONUSER ((unsigned char)0230) /* canonical user, next N tokens */
#define CALLSUBR ((unsigned char)0231) /* call another rewriting set */
/* conditionals in macros (anywhere) */
#define CONDIF ((unsigned char)0232) /* conditional if-then */
#define CONDELSE ((unsigned char)0233) /* conditional else */
#define CONDFI ((unsigned char)0234) /* conditional fi */
/* bracket characters for RHS host name lookup */
#define HOSTBEGIN ((unsigned char)0235) /* hostname lookup begin */
#define HOSTEND ((unsigned char)0236) /* hostname lookup end */
/* bracket characters for RHS generalized lookup */
#define LOOKUPBEGIN ((unsigned char)0205) /* generalized lookup begin */
#define LOOKUPEND ((unsigned char)0206) /* generalized lookup end */
/* macro substitution characters (anywhere) */
#define MACROEXPAND ((unsigned char)0201) /* macro expansion */
#define MACRODEXPAND ((unsigned char)0202) /* deferred macro expansion */
/* to make the code clearer */
#define MATCHZERO CANONHOST
#define MAXMATCH 9 /* max params per rewrite */
#define MAX_MAP_ARGS 10 /* max arguments for map */
/* external <==> internal mapping table */
struct metamac
{
char metaname; /* external code (after $) */
unsigned char metaval; /* internal code (as above) */
};
/* values for macros with external names only */
#define MID_OPMODE 0202 /* operation mode */
/* functions */
#if SM_HEAP_CHECK
extern void
macdefine_tagged __P((
MACROS_T *_mac,
ARGCLASS_T _vclass,
int _id,
char *_value,
char *_file,
int _line,
int _group));
# define macdefine(mac,c,id,v) \
macdefine_tagged(mac,c,id,v,__FILE__,__LINE__,sm_heap_group())
#else /* SM_HEAP_CHECK */
extern void
macdefine __P((
MACROS_T *_mac,
ARGCLASS_T _vclass,
int _id,
char *_value));
# define macdefine_tagged(mac,c,id,v,file,line,grp) macdefine(mac,c,id,v)
#endif /* SM_HEAP_CHECK */
extern void macset __P((MACROS_T *, int, char *));
#define macget(mac, i) (mac)->mac_table[i]
extern void expand __P((char *, char *, size_t, ENVELOPE *));
extern int macid_parse __P((char *, char **));
-#define macid(name) macid_parse(name, NULL)
+#define macid(name) macid_parse(name, NULL)
extern char *macname __P((int));
extern char *macvalue __P((int, ENVELOPE *));
-extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **));
+extern void mactabclear __P((MACROS_T *));
+extern int rscheck __P((char *, const char *, const char *, ENVELOPE *, int, int, const char *, const char *, ADDRESS *, char **));
extern int rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int));
extern void setclass __P((int, char *));
extern int strtorwset __P((char *, char **, int));
extern char *translate_dollars __P((char *, char *, int *));
extern bool wordinclass __P((char *, int));
/*
** Name canonification short circuit.
**
** If the name server for a host is down, the process of trying to
** canonify the name can hang. This is similar to (but alas, not
** identical to) looking up the name for delivery. This stab type
** caches the result of the name server lookup so we don't hang
** multiple times.
*/
#define NAMECANON struct _namecanon
NAMECANON
{
short nc_errno; /* cached errno */
short nc_herrno; /* cached h_errno */
short nc_stat; /* cached exit status code */
short nc_flags; /* flag bits */
char *nc_cname; /* the canonical name */
time_t nc_exp; /* entry expires at */
};
/* values for nc_flags */
#define NCF_VALID 0x0001 /* entry valid */
+#define NCF_VALID 0x0001 /* entry valid */
+#define NCF_SECURE 0x0002 /* entry secure (DNSSEC) */
/* hostsignature structure */
struct hostsig_t
{
char *hs_sig; /* hostsignature */
time_t hs_exp; /* entry expires at */
};
typedef struct hostsig_t HOSTSIG_T;
/*
** The standard udp packet size PACKETSZ (512) is not sufficient for some
** nameserver answers containing very many resource records. The resolver
** may switch to tcp and retry if it detects udp packet overflow.
** Also note that the resolver routines res_query and res_search return
** the size of the *un*truncated answer in case the supplied answer buffer
** it not big enough to accommodate the entire answer.
*/
-# ifndef MAXPACKET
-# define MAXPACKET 8192 /* max packet size used internally by BIND */
-# endif /* ! MAXPACKET */
+#ifndef MAXPACKET
+# define MAXPACKET 8192 /* max packet size used internally by BIND */
+#endif
/*
** The resolver functions res_{send,query,querydomain} expect the
** answer buffer to be aligned, but some versions of gcc4 reverse
** 25 years of history and no longer align char buffers on the
** stack, resulting in crashes on strict-alignment platforms. Use
** this union when putting the buffer on the stack to force the
** alignment, then cast to (HEADER *) or (unsigned char *) as needed.
*/
typedef union
{
HEADER qb1;
unsigned char qb2[MAXPACKET];
} querybuf;
+
+/* result values for getcanonname() etc */
+#define HOST_NOTFOUND 0
+#define HOST_OK 1
+#define HOST_SECURE 2
+
+/* flags for getmxrr() */
+#define DROPLOCALHOST 0x01
+#define TRYFALLBACK 0x02
+#define ISAD 0x04
+
+/* RFC7505: Null MX */
+#define NULLMX (-2)
+
/* functions */
-extern bool getcanonname __P((char *, int, bool, int *));
-extern int getmxrr __P((char *, char **, unsigned short *, bool, int *, bool, int *));
-extern char *hostsignature __P((MAILER *, char *));
+extern int getcanonname __P((char *, int, bool, int *));
+extern int getmxrr __P((char *, char **, unsigned short *, unsigned int, int *, int *, int));
+extern char *hostsignature __P((MAILER *, char *, bool));
extern int getfallbackmxrr __P((char *));
/*
** Mapping functions
**
** These allow arbitrary mappings in the config file. The idea
** (albeit not the implementation) comes from IDA sendmail.
*/
#define MAPCLASS struct _mapclass
#define MAP struct _map
#define MAXMAPACTIONS 5 /* size of map_actions array */
/*
** An actual map.
*/
MAP
{
MAPCLASS *map_class; /* the class of this map */
MAPCLASS *map_orgclass; /* the original class of this map */
char *map_mname; /* name of this map */
long map_mflags; /* flags, see below */
char *map_file; /* the (nominal) filename */
ARBPTR_T map_db1; /* the open database ptr */
ARBPTR_T map_db2; /* an "extra" database pointer */
char *map_keycolnm; /* key column name */
char *map_valcolnm; /* value column name */
unsigned char map_keycolno; /* key column number */
unsigned char map_valcolno; /* value column number */
char map_coldelim; /* column delimiter */
char map_spacesub; /* spacesub */
char *map_app; /* to append to successful matches */
char *map_tapp; /* to append to "tempfail" matches */
char *map_domain; /* the (nominal) NIS domain */
char *map_rebuild; /* program to run to do auto-rebuild */
time_t map_mtime; /* last database modification time */
time_t map_timeout; /* timeout for map accesses */
int map_retry; /* # of retries for map accesses */
pid_t map_pid; /* PID of process which opened map */
int map_lockfd; /* auxiliary lock file descriptor */
- short map_specificity; /* specificity of aliases */
MAP *map_stack[MAXMAPSTACK]; /* list for stacked maps */
short map_return[MAXMAPACTIONS]; /* return bitmaps for stacked maps */
};
/* bit values for map_mflags */
#define MF_VALID 0x00000001 /* this entry is valid */
#define MF_INCLNULL 0x00000002 /* include null byte in key */
#define MF_OPTIONAL 0x00000004 /* don't complain if map not found */
#define MF_NOFOLDCASE 0x00000008 /* don't fold case in keys */
#define MF_MATCHONLY 0x00000010 /* don't use the map value */
#define MF_OPEN 0x00000020 /* this entry is open */
#define MF_WRITABLE 0x00000040 /* open for writing */
#define MF_ALIAS 0x00000080 /* this is an alias file */
#define MF_TRY0NULL 0x00000100 /* try with no null byte */
#define MF_TRY1NULL 0x00000200 /* try with the null byte */
#define MF_LOCKED 0x00000400 /* this map is currently locked */
#define MF_ALIASWAIT 0x00000800 /* alias map in aliaswait state */
#define MF_IMPL_HASH 0x00001000 /* implicit: underlying hash database */
#define MF_IMPL_NDBM 0x00002000 /* implicit: underlying NDBM database */
-/* 0x00004000 */
+#define MF_IMPL_CDB 0x00004000 /* implicit: underlying CDB database */
#define MF_APPEND 0x00008000 /* append new entry on rebuild */
#define MF_KEEPQUOTES 0x00010000 /* don't dequote key before lookup */
#define MF_NODEFER 0x00020000 /* don't defer if map lookup fails */
#define MF_REGEX_NOT 0x00040000 /* regular expression negation */
#define MF_DEFER 0x00080000 /* don't lookup map in defer mode */
#define MF_SINGLEMATCH 0x00100000 /* successful only if match one key */
#define MF_SINGLEDN 0x00200000 /* only one match, but multi values */
#define MF_FILECLASS 0x00400000 /* this is a file class map */
#define MF_OPENBOGUS 0x00800000 /* open failed, don't call map_close */
#define MF_CLOSING 0x01000000 /* map is being closed */
+#define MF_SECURE 0x02000000 /* DNSSEC result is "secure" */
#define DYNOPENMAP(map) \
do \
{ \
if (!bitset(MF_OPEN, (map)->map_mflags)) \
{ \
if (!openmap(map)) \
return NULL; \
} \
} while (0)
/* indices for map_actions */
#define MA_NOTFOUND 0 /* member map returned "not found" */
#define MA_UNAVAIL 1 /* member map is not available */
#define MA_TRYAGAIN 2 /* member map returns temp failure */
/*
** The class of a map -- essentially the functions to call
*/
MAPCLASS
{
char *map_cname; /* name of this map class */
char *map_ext; /* extension for database file */
short map_cflags; /* flag bits, see below */
bool (*map_parse)__P((MAP *, char *));
/* argument parsing function */
char *(*map_lookup)__P((MAP *, char *, char **, int *));
/* lookup function */
void (*map_store)__P((MAP *, char *, char *));
/* store function */
bool (*map_open)__P((MAP *, int));
/* open function */
void (*map_close)__P((MAP *));
/* close function */
};
/* bit values for map_cflags */
#define MCF_ALIASOK 0x0001 /* can be used for aliases */
-#define MCF_ALIASONLY 0x0002 /* usable only for aliases */
+/* #define MCF_ALIASONLY 0x0002 * usable only for aliases */
#define MCF_REBUILDABLE 0x0004 /* can rebuild alias files */
#define MCF_OPTFILE 0x0008 /* file name is optional */
#define MCF_NOTPERSIST 0x0010 /* don't keep map open all the time */
/* functions */
extern void closemaps __P((bool));
extern bool impl_map_open __P((MAP *, int));
extern void initmaps __P((void));
extern MAP *makemapentry __P((char *));
extern void maplocaluser __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
extern char *map_rewrite __P((MAP *, const char *, size_t, char **));
#if NETINFO
extern char *ni_propval __P((char *, char *, char *, char *, int));
-#endif /* NETINFO */
+#endif
extern bool openmap __P((MAP *));
extern int udbexpand __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
#if USERDB
extern void _udbx_close __P((void));
extern char *udbsender __P((char *, SM_RPOOL_T *));
-#endif /* USERDB */
+#endif
/*
** LDAP related items
*/
#if LDAPMAP
/* struct defining LDAP Auth Methods */
struct lamvalues
{
char *lam_name; /* name of LDAP auth method */
int lam_code; /* numeric code */
};
/* struct defining LDAP Alias Dereferencing */
struct ladvalues
{
char *lad_name; /* name of LDAP alias dereferencing method */
int lad_code; /* numeric code */
};
/* struct defining LDAP Search Scope */
struct lssvalues
{
char *lss_name; /* name of LDAP search scope */
int lss_code; /* numeric code */
};
/* functions */
extern bool ldapmap_parseargs __P((MAP *, char *));
extern void ldapmap_set_defaults __P((char *));
#endif /* LDAPMAP */
/*
** PH related items
*/
#if PH_MAP
# include <phclient.h>
struct ph_map_struct
{
char *ph_servers; /* list of ph servers */
char *ph_field_list; /* list of fields to search for match */
PH *ph; /* PH server handle */
int ph_fastclose; /* send "quit" command on close */
time_t ph_timeout; /* timeout interval */
};
typedef struct ph_map_struct PH_MAP_STRUCT;
#endif /* PH_MAP */
/*
** Regular UNIX sockaddrs are too small to handle ISO addresses, so
** we are forced to declare a supertype here.
*/
#if NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25
union bigsockaddr
{
struct sockaddr sa; /* general version */
# if NETUNIX
struct sockaddr_un sunix; /* UNIX family */
-# endif /* NETUNIX */
+# endif
# if NETINET
struct sockaddr_in sin; /* INET family */
-# endif /* NETINET */
+# endif
# if NETINET6
struct sockaddr_in6 sin6; /* INET/IPv6 */
-# endif /* NETINET6 */
+# endif
# if NETISO
struct sockaddr_iso siso; /* ISO family */
-# endif /* NETISO */
+# endif
# if NETNS
struct sockaddr_ns sns; /* XNS family */
-# endif /* NETNS */
+# endif
# if NETX25
struct sockaddr_x25 sx25; /* X.25 family */
-# endif /* NETX25 */
+# endif
};
# define SOCKADDR union bigsockaddr
/* functions */
extern char *anynet_ntoa __P((SOCKADDR *));
# if NETINET6
extern char *anynet_ntop __P((struct in6_addr *, char *, size_t));
extern int anynet_pton __P((int, const char *, void *));
-# endif /* NETINET6 */
+# endif
extern char *hostnamebyanyaddr __P((SOCKADDR *));
extern char *validate_connection __P((SOCKADDR *, char *, ENVELOPE *));
# if SASL >= 20000
extern bool iptostring __P((SOCKADDR *, SOCKADDR_LEN_T, char *, unsigned));
-# endif /* SASL >= 20000 */
+# endif
#endif /* NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 */
/*
** Process List (proclist)
*/
#define NO_PID ((pid_t) 0)
#ifndef PROC_LIST_SEG
# define PROC_LIST_SEG 32 /* number of pids to alloc at a time */
-#endif /* ! PROC_LIST_SEG */
+#endif
/* process types */
#define PROC_NONE 0
#define PROC_DAEMON 1
#define PROC_DAEMON_CHILD 2
#define PROC_QUEUE 3
#define PROC_QUEUE_CHILD 3
#define PROC_CONTROL 4
#define PROC_CONTROL_CHILD 5
/* functions */
extern void proc_list_add __P((pid_t, char *, int, int, int, SOCKADDR *));
extern void proc_list_clear __P((void));
extern void proc_list_display __P((SM_FILE_T *, char *));
extern void proc_list_drop __P((pid_t, int, int *));
extern void proc_list_probe __P((void));
extern void proc_list_set __P((pid_t, char *));
extern void proc_list_signal __P((int, int));
/*
** Symbol table definitions
*/
struct symtab
{
char *s_name; /* name to be entered */
short s_symtype; /* general type (see below) */
struct symtab *s_next; /* pointer to next in chain */
union
{
BITMAP256 sv_class; /* bit-map of word classes */
MAILER *sv_mailer; /* pointer to mailer */
char *sv_alias; /* alias */
MAPCLASS sv_mapclass; /* mapping function class */
MAP sv_map; /* mapping function */
HOSTSIG_T sv_hostsig; /* host signature */
MCI sv_mci; /* mailer connection info */
NAMECANON sv_namecanon; /* canonical name cache */
int sv_macro; /* macro name => id mapping */
int sv_ruleset; /* ruleset index */
struct hdrinfo sv_header; /* header metainfo */
char *sv_service[MAXMAPSTACK]; /* service switch */
#if LDAPMAP
MAP *sv_lmap; /* Maps for LDAP connection */
-#endif /* LDAPMAP */
+#endif
#if SOCKETMAP
MAP *sv_socketmap; /* Maps for SOCKET connection */
-#endif /* SOCKETMAP */
+#endif
#if MILTER
struct milter *sv_milter; /* milter filter name */
-#endif /* MILTER */
+#endif
QUEUEGRP *sv_queue; /* pointer to queue */
+#if DANE
+ dane_tlsa_P sv_tlsa; /* pointer to TLSA RRs */
+#endif
} s_value;
};
typedef struct symtab STAB;
/* symbol types */
#define ST_UNDEF 0 /* undefined type */
#define ST_CLASS 1 /* class map */
/* #define ST_unused 2 UNUSED */
#define ST_MAILER 3 /* a mailer header */
#define ST_ALIAS 4 /* an alias */
#define ST_MAPCLASS 5 /* mapping function class */
#define ST_MAP 6 /* mapping function */
#define ST_HOSTSIG 7 /* host signature */
#define ST_NAMECANON 8 /* cached canonical name */
#define ST_MACRO 9 /* macro name to id mapping */
#define ST_RULESET 10 /* ruleset index */
#define ST_SERVICE 11 /* service switch entry */
#define ST_HEADER 12 /* special header flags */
#if LDAPMAP
# define ST_LMAP 13 /* List head of maps for LDAP connection */
-#endif /* LDAPMAP */
+#endif
#if MILTER
# define ST_MILTER 14 /* milter filter */
-#endif /* MILTER */
+#endif
#define ST_QUEUE 15 /* a queue entry */
#if SOCKETMAP
-# define ST_SOCKETMAP 16 /* List head of maps for SOCKET connection */
-#endif /* SOCKETMAP */
+# define ST_SOCKETMAP 16 /* List head of maps for SOCKET connection */
+#endif
+
+#if DANE
+# define ST_TLSA_RR 17 /* cached TLSA RRs */
+#endif
/* This entry must be last */
-#define ST_MCI 17 /* mailer connection info (offset) */
+#define ST_MCI 18 /* mailer connection info (offset) */
#define s_class s_value.sv_class
#define s_mailer s_value.sv_mailer
#define s_alias s_value.sv_alias
#define s_mci s_value.sv_mci
#define s_mapclass s_value.sv_mapclass
#define s_hostsig s_value.sv_hostsig
#define s_map s_value.sv_map
#define s_namecanon s_value.sv_namecanon
#define s_macro s_value.sv_macro
#define s_ruleset s_value.sv_ruleset
#define s_service s_value.sv_service
#define s_header s_value.sv_header
#if LDAPMAP
# define s_lmap s_value.sv_lmap
-#endif /* LDAPMAP */
+#endif
#if SOCKETMAP
-# define s_socketmap s_value.sv_socketmap
-#endif /* SOCKETMAP */
+# define s_socketmap s_value.sv_socketmap
+#endif
#if MILTER
# define s_milter s_value.sv_milter
-#endif /* MILTER */
+#endif
#define s_quegrp s_value.sv_queue
+#if DANE
+# define s_tlsa s_value.sv_tlsa
+#endif
/* opcodes to stab */
#define ST_FIND 0 /* find entry */
#define ST_ENTER 1 /* enter if not there */
/* functions */
extern STAB *stab __P((char *, int, int));
extern void stabapply __P((void (*)(STAB *, int), int));
/*
** Operation, send, error, and MIME modes
**
** The operation mode describes the basic operation of sendmail.
** This can be set from the command line, and is "send mail" by
** default.
**
** The send mode tells how to send mail. It can be set in the
** configuration file. Its setting determines how quickly the
** mail will be delivered versus the load on your system. If the
** -v (verbose) flag is given, it will be forced to SM_DELIVER
** mode.
**
** The error mode tells how to return errors.
*/
#define MD_DELIVER 'm' /* be a mail sender */
#define MD_SMTP 's' /* run SMTP on standard input */
#define MD_ARPAFTP 'a' /* obsolete ARPANET mode (Grey Book) */
#define MD_DAEMON 'd' /* run as a daemon */
#define MD_FGDAEMON 'D' /* run daemon in foreground */
#define MD_LOCAL 'l' /* like daemon, but localhost only */
#define MD_VERIFY 'v' /* verify: don't collect or deliver */
#define MD_TEST 't' /* test mode: resolve addrs only */
#define MD_INITALIAS 'i' /* initialize alias database */
#define MD_PRINT 'p' /* print the queue */
#define MD_PRINTNQE 'P' /* print number of entries in queue */
#define MD_FREEZE 'z' /* freeze the configuration file */
#define MD_HOSTSTAT 'h' /* print persistent host stat info */
#define MD_PURGESTAT 'H' /* purge persistent host stat info */
#define MD_QUEUERUN 'q' /* queue run */
#define MD_CHECKCONFIG 'C' /* check configuration file */
#if _FFR_LOCAL_DAEMON
EXTERN bool LocalDaemon;
# if NETINET6
EXTERN bool V6LoopbackAddrFound; /* found an IPv6 loopback address */
# define SETV6LOOPBACKADDRFOUND(sa) \
do \
{ \
if (isloopback(sa)) \
V6LoopbackAddrFound = true; \
} while (0)
# endif /* NETINET6 */
#else /* _FFR_LOCAL_DAEMON */
# define LocalDaemon false
# define V6LoopbackAddrFound false
# define SETV6LOOPBACKADDRFOUND(sa)
#endif /* _FFR_LOCAL_DAEMON */
/* Note: see also include/sendmail/pathnames.h: GET_CLIENT_CF */
/* values for e_sendmode -- send modes */
#define SM_DELIVER 'i' /* interactive delivery */
#if _FFR_PROXY
#define SM_PROXY_REQ 's' /* synchronous mode requested */
#define SM_PROXY 'S' /* synchronous mode activated */
-#endif /* _FFR_PROXY */
+#endif
#define SM_FORK 'b' /* deliver in background */
#if _FFR_DM_ONE
#define SM_DM_ONE 'o' /* deliver first TA in background, then queue */
-#endif /* _FFR_DM_ONE */
+#endif
#define SM_QUEUE 'q' /* queue, don't deliver */
#define SM_DEFER 'd' /* defer map lookups as well as queue */
#define SM_VERIFY 'v' /* verify only (used internally) */
#define DM_NOTSET (-1) /* DeliveryMode (per daemon) option not set */
#if _FFR_PROXY
# define SM_IS_INTERACTIVE(m) ((m) == SM_DELIVER || (m) == SM_PROXY_REQ || (m) == SM_PROXY)
-#else /* _FFR_PROXY */
+#else
# define SM_IS_INTERACTIVE(m) ((m) == SM_DELIVER)
-#endif /* _FFR_PROXY */
+#endif
#define WILL_BE_QUEUED(m) ((m) == SM_QUEUE || (m) == SM_DEFER)
/* used only as a parameter to sendall */
#define SM_DEFAULT '\0' /* unspecified, use SendMode */
/* functions */
extern void set_delivery_mode __P((int, ENVELOPE *));
/* values for e_errormode -- error handling modes */
#define EM_PRINT 'p' /* print errors */
#define EM_MAIL 'm' /* mail back errors */
#define EM_WRITE 'w' /* write back errors */
#define EM_BERKNET 'e' /* special berknet processing */
#define EM_QUIET 'q' /* don't print messages (stat only) */
/* bit values for MimeMode */
#define MM_CVTMIME 0x0001 /* convert 8 to 7 bit MIME */
#define MM_PASS8BIT 0x0002 /* just send 8 bit data blind */
#define MM_MIME8BIT 0x0004 /* convert 8-bit data to MIME */
/* how to handle messages without any recipient addresses */
#define NRA_NO_ACTION 0 /* just leave it as is */
#define NRA_ADD_TO 1 /* add To: header */
#define NRA_ADD_APPARENTLY_TO 2 /* add Apparently-To: header */
#define NRA_ADD_BCC 3 /* add empty Bcc: header */
#define NRA_ADD_TO_UNDISCLOSED 4 /* add To: undisclosed:; header */
/* flags to putxline */
#define PXLF_NOTHINGSPECIAL 0 /* no special mapping */
#define PXLF_MAPFROM 0x0001 /* map From_ to >From_ */
#define PXLF_STRIP8BIT 0x0002 /* strip 8th bit */
#define PXLF_HEADER 0x0004 /* map newlines in headers */
#define PXLF_NOADDEOL 0x0008 /* if EOL not present, don't add one */
#define PXLF_STRIPMQUOTE 0x0010 /* strip METAQUOTEs */
/*
** Privacy flags
** These are bit values for the PrivacyFlags word.
*/
#define PRIV_PUBLIC 0 /* what have I got to hide? */
#define PRIV_NEEDMAILHELO 0x00000001 /* insist on HELO for MAIL */
#define PRIV_NEEDEXPNHELO 0x00000002 /* insist on HELO for EXPN */
#define PRIV_NEEDVRFYHELO 0x00000004 /* insist on HELO for VRFY */
#define PRIV_NOEXPN 0x00000008 /* disallow EXPN command */
#define PRIV_NOVRFY 0x00000010 /* disallow VRFY command */
#define PRIV_AUTHWARNINGS 0x00000020 /* flag possible auth probs */
#define PRIV_NOVERB 0x00000040 /* disallow VERB command */
#define PRIV_RESTRICTMAILQ 0x00010000 /* restrict mailq command */
#define PRIV_RESTRICTQRUN 0x00020000 /* restrict queue run */
#define PRIV_RESTRICTEXPAND 0x00040000 /* restrict alias/forward expansion */
#define PRIV_NOETRN 0x00080000 /* disallow ETRN command */
#define PRIV_NOBODYRETN 0x00100000 /* do not return bodies on bounces */
#define PRIV_NORECEIPTS 0x00200000 /* disallow return receipts */
#define PRIV_NOACTUALRECIPIENT 0x00400000 /* no X-Actual-Recipient in DSNs */
/* don't give no info, anyway, anyhow (in the main SMTP transaction) */
#define PRIV_GOAWAY 0x0000ffff
/* struct defining such things */
struct prival
{
char *pv_name; /* name of privacy flag */
unsigned long pv_flag; /* numeric level */
};
EXTERN unsigned long PrivacyFlags; /* privacy flags */
/*
** Flags passed to remotename, parseaddr, allocaddr, and buildaddr.
*/
#define RF_SENDERADDR 0x001 /* this is a sender address */
#define RF_HEADERADDR 0x002 /* this is a header address */
#define RF_CANONICAL 0x004 /* strip comment information */
#define RF_ADDDOMAIN 0x008 /* OK to do domain extension */
#define RF_COPYPARSE 0x010 /* copy parsed user & host */
#define RF_COPYPADDR 0x020 /* copy print address */
#define RF_COPYALL (RF_COPYPARSE|RF_COPYPADDR)
#define RF_COPYNONE 0
#define RF_RM_ADDR 0x040 /* address to be removed */
/*
** Flags passed to rscheck
*/
#define RSF_RMCOMM 0x0001 /* strip comments */
#define RSF_UNSTRUCTURED 0x0002 /* unstructured, ignore syntax errors */
#define RSF_COUNT 0x0004 /* count rejections (statistics)? */
#define RSF_ADDR 0x0008 /* reassemble address */
#define RSF_STRING 0x0010 /* reassemble address as string */
/*
** Flags passed to mime8to7 and putheader.
*/
#define M87F_OUTER 0 /* outer context */
#define M87F_NO8BIT 0x0001 /* can't have 8-bit in this section */
#define M87F_DIGEST 0x0002 /* processing multipart/digest */
#define M87F_NO8TO7 0x0004 /* don't do 8->7 bit conversions */
/* functions */
extern bool mime7to8 __P((MCI *, HDR *, ENVELOPE *));
extern int mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int, int));
/*
** Flags passed to returntosender.
*/
#define RTSF_NO_BODY 0 /* send headers only */
#define RTSF_SEND_BODY 0x0001 /* include body of message in return */
#define RTSF_PM_BOUNCE 0x0002 /* this is a postmaster bounce */
/* functions */
extern int returntosender __P((char *, ADDRESS *, int, ENVELOPE *));
/*
** Mail Filters (milter)
*/
/*
** 32-bit type used by milter
** (needed by libmilter even if MILTER isn't defined)
*/
typedef SM_INT32 mi_int32;
#if MILTER
# define SMFTO_WRITE 0 /* Timeout for sending information */
# define SMFTO_READ 1 /* Timeout waiting for a response */
# define SMFTO_EOM 2 /* Timeout for ACK/NAK to EOM */
# define SMFTO_CONNECT 3 /* Timeout for connect() */
# define SMFTO_NUM_TO 4 /* Total number of timeouts */
struct milter
{
char *mf_name; /* filter name */
BITMAP256 mf_flags; /* MTA flags */
mi_int32 mf_fvers; /* filter version */
mi_int32 mf_fflags; /* filter flags */
mi_int32 mf_pflags; /* protocol flags */
char *mf_conn; /* connection info */
int mf_sock; /* connected socket */
char mf_state; /* state of filter */
char mf_lflags; /* "local" flags */
int mf_idx; /* milter number (index) */
time_t mf_timeout[SMFTO_NUM_TO]; /* timeouts */
-#if _FFR_MILTER_CHECK
+# if _FFR_MILTER_CHECK
/* for testing only */
mi_int32 mf_mta_prot_version;
mi_int32 mf_mta_prot_flags;
mi_int32 mf_mta_actions;
-#endif /* _FFR_MILTER_CHECK */
+# endif /* _FFR_MILTER_CHECK */
};
-#define MI_LFL_NONE 0x00000000
-#define MI_LFLAGS_SYM(st) (1 << (st)) /* has its own symlist for stage st */
+# define MI_LFL_NONE 0x00000000
+# define MI_LFLAGS_SYM(st) (1 << (st)) /* has its own symlist for stage st */
struct milters
{
mi_int32 mis_flags; /* filter flags */
};
typedef struct milters milters_T;
-#define MIS_FL_NONE 0x00000000 /* no requirements... */
-#define MIS_FL_DEL_RCPT 0x00000001 /* can delete rcpt */
-#define MIS_FL_REJ_RCPT 0x00000002 /* can reject rcpt */
+# define MIS_FL_NONE 0x00000000 /* no requirements... */
+# define MIS_FL_DEL_RCPT 0x00000001 /* can delete rcpt */
+# define MIS_FL_REJ_RCPT 0x00000002 /* can reject rcpt */
/* MTA flags */
# define SMF_REJECT 'R' /* Reject connection on filter fail */
# define SMF_TEMPFAIL 'T' /* tempfail connection on failure */
# define SMF_TEMPDROP '4' /* 421 connection on failure */
EXTERN struct milter *InputFilters[MAXFILTERS];
EXTERN char *InputFilterList;
EXTERN int MilterLogLevel;
/* functions */
extern void setup_daemon_milters __P((void));
#endif /* MILTER */
/*
** Vendor codes
**
** Vendors can customize sendmail to add special behaviour,
** generally for back compatibility. Ideally, this should
** be set up in the .cf file using the "V" command. However,
** it's quite reasonable for some vendors to want the default
** be their old version; this can be set using
** -DVENDOR_DEFAULT=VENDOR_xxx
** in the Makefile.
**
-** Vendors should apply to sendmail@sendmail.org for
-** unique vendor codes.
+** Vendors should apply to sendmail-YYYY@support.sendmail.org
+** (replace YYYY with the current year)
+** for unique vendor codes.
*/
#define VENDOR_BERKELEY 1 /* Berkeley-native configuration file */
#define VENDOR_SUN 2 /* Sun-native configuration file */
#define VENDOR_HP 3 /* Hewlett-Packard specific config syntax */
#define VENDOR_IBM 4 /* IBM specific config syntax */
#define VENDOR_SENDMAIL 5 /* Proofpoint, Inc. specific config syntax */
#define VENDOR_DEC 6 /* Compaq, DEC, Digital */
/* prototypes for vendor-specific hook routines */
extern void vendor_daemon_setup __P((ENVELOPE *));
extern void vendor_set_uid __P((UID_T));
/*
** Terminal escape codes.
**
** To make debugging output clearer.
*/
struct termescape
{
char *te_rv_on; /* turn reverse-video on */
char *te_under_on; /* turn underlining on */
char *te_normal; /* revert to normal output */
};
/*
** Additional definitions
*/
/*
** d_flags, see daemon.c
** general rule: lower case: required, upper case: No
*/
#define D_AUTHREQ 'a' /* authentication required */
#define D_BINDIF 'b' /* use if_addr for outgoing connection */
#define D_CANONREQ 'c' /* canonification required (cf) */
#define D_IFNHELO 'h' /* use if name for HELO */
#define D_FQMAIL 'f' /* fq sender address required (cf) */
+#if _FFR_EAI
+#define D_EAI 'I' /* EAI supported */
+#endif
#define D_FQRCPT 'r' /* fq recipient address required (cf) */
#define D_SMTPS 's' /* SMTP over SSL (smtps) */
#define D_UNQUALOK 'u' /* unqualified address is ok (cf) */
#define D_NOAUTH 'A' /* no AUTH */
#define D_NOCANON 'C' /* no canonification (cf) */
#define D_NOETRN 'E' /* no ETRN (MSA) */
#define D_NOTLS 'S' /* don't use STARTTLS */
#define D_ETRNONLY ((char)0x01) /* allow only ETRN (disk low) */
#define D_OPTIONAL 'O' /* optional socket */
#define D_DISABLE ((char)0x02) /* optional socket disabled */
#define D_ISSET ((char)0x03) /* this client struct is set */
#if _FFR_XCNCT
#define D_XCNCT ((char)0x04) /* X-Connect was used */
#define D_XCNCT_M ((char)0x05) /* X-Connect was used + "forged" */
-#endif /* _FFR_XCNCT */
-
-#if STARTTLS
-/*
-** TLS
-*/
-
-/* what to do in the TLS initialization */
-#define TLS_I_NONE 0x00000000 /* no requirements... */
-#define TLS_I_CERT_EX 0x00000001 /* cert must exist */
-#define TLS_I_CERT_UNR 0x00000002 /* cert must be g/o unreadable */
-#define TLS_I_KEY_EX 0x00000004 /* key must exist */
-#define TLS_I_KEY_UNR 0x00000008 /* key must be g/o unreadable */
-#define TLS_I_CERTP_EX 0x00000010 /* CA cert path must exist */
-#define TLS_I_CERTP_UNR 0x00000020 /* CA cert path must be g/o unreadable */
-#define TLS_I_CERTF_EX 0x00000040 /* CA cert file must exist */
-#define TLS_I_CERTF_UNR 0x00000080 /* CA cert file must be g/o unreadable */
-#define TLS_I_RSA_TMP 0x00000100 /* RSA TMP must be generated */
-#define TLS_I_USE_KEY 0x00000200 /* private key must usable */
-#define TLS_I_USE_CERT 0x00000400 /* certificate must be usable */
-#define TLS_I_VRFY_PATH 0x00000800 /* load verify path must succeed */
-#define TLS_I_VRFY_LOC 0x00001000 /* load verify default must succeed */
-#define TLS_I_CACHE 0x00002000 /* require cache */
-#define TLS_I_TRY_DH 0x00004000 /* try DH certificate */
-#define TLS_I_REQ_DH 0x00008000 /* require DH certificate */
-#define TLS_I_DHPAR_EX 0x00010000 /* require DH parameters */
-#define TLS_I_DHPAR_UNR 0x00020000 /* DH param. must be g/o unreadable */
-#define TLS_I_DH512 0x00040000 /* generate 512bit DH param */
-#define TLS_I_DH1024 0x00080000 /* generate 1024bit DH param */
-#define TLS_I_DH2048 0x00100000 /* generate 2048bit DH param */
-#define TLS_I_NO_VRFY 0x00200000 /* do not require authentication */
-#define TLS_I_KEY_OUNR 0x00400000 /* Key must be other unreadable */
-#define TLS_I_CRLF_EX 0x00800000 /* CRL file must exist */
-#define TLS_I_CRLF_UNR 0x01000000 /* CRL file must be g/o unreadable */
-#define TLS_I_DHFIXED 0x02000000 /* use fixed DH param */
-
-/* require server cert */
-#define TLS_I_SRV_CERT (TLS_I_CERT_EX | TLS_I_KEY_EX | \
- TLS_I_KEY_UNR | TLS_I_KEY_OUNR | \
- TLS_I_CERTP_EX | TLS_I_CERTF_EX | \
- TLS_I_USE_KEY | TLS_I_USE_CERT | TLS_I_CACHE)
-
-/* server requirements */
-#define TLS_I_SRV (TLS_I_SRV_CERT | TLS_I_RSA_TMP | TLS_I_VRFY_PATH | \
- TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_CACHE)
-
-/* client requirements */
-#define TLS_I_CLT (TLS_I_KEY_UNR | TLS_I_KEY_OUNR)
-
-#define TLS_AUTH_OK 0
-#define TLS_AUTH_NO 1
-#define TLS_AUTH_FAIL (-1)
+#endif
-/* functions */
-extern bool init_tls_library __P((bool _fipsmode));
-extern bool inittls __P((SSL_CTX **, unsigned long, unsigned long, bool, char *, char *, char *, char *, char *));
-extern bool initclttls __P((bool));
-extern void setclttls __P((bool));
-extern bool initsrvtls __P((bool));
-extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool));
-extern int endtls __P((SSL *, char *));
-extern void tlslogerr __P((int, const char *));
-
-
-EXTERN char *CACertPath; /* path to CA certificates (dir. with hashes) */
-EXTERN char *CACertFile; /* file with CA certificate */
-EXTERN char *CltCertFile; /* file with client certificate */
-EXTERN char *CltKeyFile; /* file with client private key */
-EXTERN char *CipherList; /* list of ciphers */
-EXTERN char *CertFingerprintAlgorithm; /* name of fingerprint alg */
-EXTERN const EVP_MD *EVP_digest; /* digest for cert fp */
-EXTERN char *DHParams; /* file with DH parameters */
-EXTERN char *RandFile; /* source of random data */
-EXTERN char *SrvCertFile; /* file with server certificate */
-EXTERN char *SrvKeyFile; /* file with server private key */
-EXTERN char *CRLFile; /* file CRLs */
-#if _FFR_CRLPATH
-EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */
-#endif /* _FFR_CRLPATH */
-EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */
-EXTERN unsigned long Srv_SSL_Options, Clt_SSL_Options; /* SSL options */
-#endif /* STARTTLS */
/*
** Queue related items
*/
/* queue file names */
#define ANYQFL_LETTER '?'
#define QUARQF_LETTER 'h'
#define DATAFL_LETTER 'd'
#define XSCRPT_LETTER 'x'
#define NORMQF_LETTER 'q'
#define NEWQFL_LETTER 't'
# define TEMPQF_LETTER 'T'
# define LOSEQF_LETTER 'Q'
/* queue sort order */
#define QSO_BYPRIORITY 0 /* sort by message priority */
#define QSO_BYHOST 1 /* sort by first host name */
#define QSO_BYTIME 2 /* sort by submission time */
#define QSO_BYFILENAME 3 /* sort by file name only */
#define QSO_RANDOM 4 /* sort in random order */
#define QSO_BYMODTIME 5 /* sort by modification time */
#define QSO_NONE 6 /* do not sort */
#if _FFR_RHS
# define QSO_BYSHUFFLE 7 /* sort by shuffled host name */
-#endif /* _FFR_RHS */
+#endif
#define NOQGRP (-1) /* no queue group (yet) */
#define ENVQGRP (-2) /* use queue group of envelope */
#define NOAQGRP (-3) /* no queue group in addr (yet) */
#define ISVALIDQGRP(x) ((x) >= 0) /* valid queue group? */
#define NOQDIR (-1) /* no queue directory (yet) */
#define ENVQDIR (-2) /* use queue directory of envelope */
#define NOAQDIR (-3) /* no queue directory in addr (yet) */
#define ISVALIDQDIR(x) ((x) >= 0) /* valid queue directory? */
#define RS_QUEUEGROUP "queuegroup" /* ruleset for queue group selection */
#define NOW ((time_t) (-1)) /* queue return: now */
/* SuperSafe values */
#define SAFE_NO 0 /* no fsync(): don't use... */
#define SAFE_INTERACTIVE 1 /* limit fsync() in -odi */
#define SAFE_REALLY 2 /* always fsync() */
#define SAFE_REALLY_POSTMILTER 3 /* fsync() if milter says OK */
/* QueueMode bits */
#define QM_NORMAL ' '
#define QM_QUARANTINE 'Q'
#define QM_LOST 'L'
/* Queue Run Limitations */
struct queue_char
{
char *queue_match; /* string to match */
bool queue_negate; /* or not match, if set */
struct queue_char *queue_next;
};
/* run_work_group() flags */
#define RWG_NONE 0x0000
#define RWG_FORK 0x0001
#define RWG_VERBOSE 0x0002
#define RWG_PERSISTENT 0x0004
#define RWG_FORCE 0x0008
#define RWG_RUNALL 0x0010
typedef struct queue_char QUEUE_CHAR;
EXTERN int volatile CurRunners; /* current number of runner children */
EXTERN int MaxQueueRun; /* maximum number of jobs in one queue run */
EXTERN int MaxQueueChildren; /* max # of forked queue children */
EXTERN int MaxRunnersPerQueue; /* max # proc's active in queue group */
EXTERN int NiceQueueRun; /* nice queue runs to this value */
EXTERN int NumQueue; /* number of queue groups */
EXTERN int QueueFileMode; /* mode on files in mail queue */
EXTERN int QueueMode; /* which queue items to act upon */
EXTERN int QueueSortOrder; /* queue sorting order algorithm */
EXTERN time_t MinQueueAge; /* min delivery interval */
EXTERN time_t MaxQueueAge; /* max delivery interval */
EXTERN time_t QueueIntvl; /* intervals between running the queue */
EXTERN char *QueueDir; /* location of queue directory */
EXTERN QUEUE_CHAR *QueueLimitId; /* limit queue run to id */
EXTERN QUEUE_CHAR *QueueLimitQuarantine; /* limit queue run to quarantine reason */
EXTERN QUEUE_CHAR *QueueLimitRecipient; /* limit queue run to rcpt */
EXTERN QUEUE_CHAR *QueueLimitSender; /* limit queue run to sender */
EXTERN QUEUEGRP *Queue[MAXQUEUEGROUPS + 1]; /* queue groups */
#if _FFR_BOUNCE_QUEUE
EXTERN int BounceQueue;
#endif
/* functions */
extern void assign_queueid __P((ENVELOPE *));
extern ADDRESS *copyqueue __P((ADDRESS *, SM_RPOOL_T *));
extern void cleanup_queues __P((void));
extern bool doqueuerun __P((void));
extern void initsys __P((ENVELOPE *));
extern void loseqfile __P((ENVELOPE *, char *));
extern int name2qid __P((char *));
extern char *qid_printname __P((ENVELOPE *));
extern char *qid_printqueue __P((int, int));
extern void quarantine_queue __P((char *, int));
extern char *queuename __P((ENVELOPE *, int));
extern void queueup __P((ENVELOPE *, bool, bool));
extern bool runqueue __P((bool, bool, bool, bool));
extern bool run_work_group __P((int, int));
extern void set_def_queueval __P((QUEUEGRP *, bool));
extern void setup_queues __P((bool));
extern bool setnewqueue __P((ENVELOPE *));
extern bool shouldqueue __P((long, time_t));
extern void sync_queue_time __P((void));
extern void init_qid_alg __P((void));
extern int print_single_queue __P((int, int));
#if REQUIRES_DIR_FSYNC
# define SYNC_DIR(path, panic) sync_dir(path, panic)
extern void sync_dir __P((char *, bool));
-#else /* REQUIRES_DIR_FSYNC */
+#else
# define SYNC_DIR(path, panic) ((void) 0)
-#endif /* REQUIRES_DIR_FSYNC */
+#endif
/*
** Timeouts
**
** Indicated values are the MINIMUM per RFC 1123 section 5.3.2.
*/
EXTERN struct
{
/* RFC 1123-specified timeouts [minimum value] */
time_t to_initial; /* initial greeting timeout [5m] */
time_t to_mail; /* MAIL command [5m] */
time_t to_rcpt; /* RCPT command [5m] */
time_t to_datainit; /* DATA initiation [2m] */
time_t to_datablock; /* DATA block [3m] */
time_t to_datafinal; /* DATA completion [10m] */
time_t to_nextcommand; /* next command [5m] */
/* following timeouts are not mentioned in RFC 1123 */
time_t to_iconnect; /* initial connection timeout (first try) */
time_t to_connect; /* initial connection timeout (later tries) */
time_t to_aconnect; /* all connections timeout (MX and A records) */
time_t to_rset; /* RSET command */
time_t to_helo; /* HELO command */
time_t to_quit; /* QUIT command */
time_t to_miscshort; /* misc short commands (NOOP, VERB, etc) */
time_t to_ident; /* IDENT protocol requests */
time_t to_fileopen; /* opening :include: and .forward files */
time_t to_control; /* process a control socket command */
time_t to_lhlo; /* LMTP: LHLO command */
#if SASL
time_t to_auth; /* AUTH dialogue [10m] */
-#endif /* SASL */
+#endif
#if STARTTLS
time_t to_starttls; /* STARTTLS dialogue [10m] */
-#endif /* STARTTLS */
+#endif
/* following are per message */
time_t to_q_return[MAXTOCLASS]; /* queue return timeouts */
time_t to_q_warning[MAXTOCLASS]; /* queue warning timeouts */
time_t res_retrans[MAXRESTOTYPES]; /* resolver retransmit */
int res_retry[MAXRESTOTYPES]; /* resolver retry */
} TimeOuts;
/* timeout classes for return and warning timeouts */
#define TOC_NORMAL 0 /* normal delivery */
#define TOC_URGENT 1 /* urgent delivery */
#define TOC_NONURGENT 2 /* non-urgent delivery */
#define TOC_DSN 3 /* DSN delivery */
/* resolver timeout specifiers */
#define RES_TO_FIRST 0 /* first attempt */
#define RES_TO_NORMAL 1 /* subsequent attempts */
#define RES_TO_DEFAULT 2 /* default value */
/* functions */
extern void inittimeouts __P((char *, bool));
/*
** Interface probing
*/
#define DPI_PROBENONE 0 /* Don't probe any interfaces */
#define DPI_PROBEALL 1 /* Probe all interfaces */
#define DPI_SKIPLOOPBACK 2 /* Don't probe loopback interfaces */
/*
** Trace information
*/
/* macros for debugging flags */
#if NOT_SENDMAIL
# define tTd(flag, level) (tTdvect[flag] >= (unsigned char)level)
#else
# define tTd(flag, level) (tTdvect[flag] >= (unsigned char)level && !IntSig)
#endif
#define tTdlevel(flag) (tTdvect[flag])
/* variables */
extern unsigned char tTdvect[100]; /* trace vector */
/*
** Miscellaneous information.
*/
/*
** The "no queue id" queue id for sm_syslog
*/
#define NOQID ""
#define CURHOSTNAME (CurHostName == NULL ? "local" : CurHostName)
/*
** Some in-line functions
*/
/* set exit status */
#define setstat(s) \
do \
{ \
if (ExitStat == EX_OK || ExitStat == EX_TEMPFAIL) \
ExitStat = s; \
} while (0)
#define STRUCTCOPY(s, d) d = s
-/* free a pointer if it isn't NULL and set it to NULL */
-#define SM_FREE_CLR(p) \
- do \
- { \
- if ((p) != NULL) \
- { \
- sm_free(p); \
- (p) = NULL; \
- } \
- } while (0)
-
/*
** Update a permanent string variable with a new value.
** The old value is freed, the new value is strdup'ed.
**
** We use sm_pstrdup_x to duplicate the string because it raises
** an exception on error, and because it allocates "permanent storage"
** which is not expected to be freed before process exit.
** The latter is important for memory leak analysis.
**
** If an exception occurs while strdup'ing the new value,
** then the variable remains set to the old value.
** That's why the strdup must occur before we free the old value.
-**
-** The macro uses a do loop so that this idiom will work:
-** if (...)
-** PSTRSET(var, val1);
-** else
-** PSTRSET(var, val2);
*/
#define PSTRSET(var, val) \
do \
{ \
char *_newval = sm_pstrdup_x(val); \
if (var != NULL) \
sm_free(var); \
var = _newval; \
} while (0)
#define _CHECK_RESTART \
do \
{ \
if (ShutdownRequest != NULL) \
shutdown_daemon(); \
else if (RestartRequest != NULL) \
restart_daemon(); \
else if (RestartWorkGroup) \
restart_marked_work_groups(); \
} while (0)
# define CHECK_RESTART _CHECK_RESTART
#define CHK_CUR_RUNNERS(fct, idx, count) \
do \
{ \
if (CurRunners < 0) \
{ \
if (LogLevel > 3) \
sm_syslog(LOG_ERR, NOQID, \
"%s: CurRunners=%d, i=%d, count=%d, status=should not happen", \
fct, CurRunners, idx, count); \
CurRunners = 0; \
} \
} while (0)
/* reply types (text in SmtpMsgBuffer) */
#define XS_DEFAULT 0 /* other commands, e.g., RSET */
#define XS_STARTTLS 1
#define XS_AUTH 2
#define XS_GREET 3
#define XS_EHLO 4
#define XS_MAIL 5
#define XS_RCPT 6
#define XS_DATA 7
#define XS_EOM 8
#define XS_DATA2 9 /* LMTP */
#define XS_QUIT 10
/*
** Global variables.
*/
#if _FFR_ADD_BCC
EXTERN bool AddBcc;
#endif
#if _FFR_ADDR_TYPE_MODES
EXTERN bool AddrTypeModes; /* addr_type: extra "mode" information */
-#endif /* _FFR_ADDR_TYPE_MODES */
+#endif
EXTERN bool AllowBogusHELO; /* allow syntax errors on HELO command */
EXTERN bool CheckAliases; /* parse addresses during newaliases */
#if _FFR_QUEUE_RUN_PARANOIA
EXTERN int CheckQueueRunners; /* check whether queue runners are OK */
-#endif /* _FFR_QUEUE_RUN_PARANOIA */
+#endif
EXTERN bool ColonOkInAddr; /* single colon legal in address */
#if !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_)
EXTERN bool ConfigFileRead; /* configuration file has been read */
-#endif /* !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_) */
+#endif
EXTERN bool DisConnected; /* running with OutChannel redirect to transcript file */
EXTERN bool DontExpandCnames; /* do not $[...$] expand CNAMEs */
EXTERN bool DontInitGroups; /* avoid initgroups() because of NIS cost */
EXTERN bool DontLockReadFiles; /* don't read lock support files */
EXTERN bool DontPruneRoutes; /* don't prune source routes */
EXTERN bool ForkQueueRuns; /* fork for each job when running the queue */
EXTERN bool FromFlag; /* if set, "From" person is explicit */
EXTERN bool FipsMode;
EXTERN bool GrabTo; /* if set, get recipients from msg */
+#if _FFR_EIGHT_BIT_ADDR_OK
EXTERN bool EightBitAddrOK; /* we'll let 8-bit addresses through */
+#else
+# define EightBitAddrOK false
+#endif
EXTERN bool HasEightBits; /* has at least one eight bit input byte */
EXTERN bool HasWildcardMX; /* don't use MX records when canonifying */
EXTERN bool HoldErrs; /* only output errors to transcript */
EXTERN bool IgnoreHostStatus; /* ignore long term host status files */
EXTERN bool IgnrDot; /* don't let dot end messages */
+#if _FFR_KEEPBCC
+EXTERN bool KeepBcc;
+#else
+# define KeepBcc false
+#endif
EXTERN bool LogUsrErrs; /* syslog user errors (e.g., SMTP RCPT cmd) */
EXTERN bool MatchGecos; /* look for user names in gecos field */
EXTERN bool MeToo; /* send to the sender also */
EXTERN bool NoAlias; /* suppress aliasing */
EXTERN bool NoConnect; /* don't connect to non-local mailers */
EXTERN bool OnlyOneError; /* .... or only want to give one SMTP reply */
EXTERN bool QuickAbort; /* .... but only if we want a quick abort */
#if _FFR_REJECT_NUL_BYTE
EXTERN bool RejectNUL; /* reject NUL input byte? */
-#endif /* _FFR_REJECT_NUL_BYTE */
+#endif
#if REQUIRES_DIR_FSYNC
EXTERN bool RequiresDirfsync; /* requires fsync() for directory */
-#endif /* REQUIRES_DIR_FSYNC */
+#endif
EXTERN bool volatile RestartWorkGroup; /* daemon needs to restart some work groups */
EXTERN bool RrtImpliesDsn; /* turn Return-Receipt-To: into DSN */
EXTERN bool SaveFrom; /* save leading "From" lines */
EXTERN bool SendMIMEErrors; /* send error messages in MIME format */
EXTERN bool SevenBitInput; /* force 7-bit data on input */
EXTERN bool SingleLineFromHeader; /* force From: header to be one line */
EXTERN bool SingleThreadDelivery; /* single thread hosts on delivery */
EXTERN bool SoftBounce; /* replace 5xy by 4xy (for testing) */
EXTERN bool volatile StopRequest; /* stop sending output */
EXTERN bool SuprErrs; /* set if we are suppressing errors */
EXTERN bool TryNullMXList; /* if we are the best MX, try host directly */
EXTERN bool UseMSP; /* mail submission: group writable queue ok? */
EXTERN bool WorkAroundBrokenAAAA; /* some nameservers return SERVFAIL on AAAA queries */
EXTERN bool UseErrorsTo; /* use Errors-To: header (back compat) */
EXTERN bool UseNameServer; /* using DNS -- interpret h_errno & MX RRs */
EXTERN bool UseCompressedIPv6Addresses; /* for more specific zero-subnet matches */
EXTERN char InetMode; /* default network for daemon mode */
EXTERN char OpMode; /* operation mode, see below */
EXTERN char SpaceSub; /* substitution for <lwsp> */
#if _FFR_BADRCPT_SHUTDOWN
EXTERN int BadRcptShutdown; /* Shutdown connection for rejected RCPTs */
EXTERN int BadRcptShutdownGood; /* above even when there are good RCPTs */
-#endif /* _FFR_BADRCPT_SHUTDOWN */
+#endif
EXTERN int BadRcptThrottle; /* Throttle rejected RCPTs per SMTP message */
#if _FFR_RCPTTHROTDELAY
EXTERN unsigned int BadRcptThrottleDelay; /* delay for BadRcptThrottle */
#else
# define BadRcptThrottleDelay 1
-#endif /* _FFR_RCPTTHROTDELAY */
+#endif
+#if _FFR_TLS_ALTNAMES
+EXTERN bool SetCertAltnames;
+#endif
EXTERN int CheckpointInterval; /* queue file checkpoint interval */
EXTERN int ConfigLevel; /* config file level */
EXTERN int ConnRateThrottle; /* throttle for SMTP connection rate */
EXTERN int volatile CurChildren; /* current number of daemonic children */
EXTERN int CurrentLA; /* current load average */
+#if DANE
+EXTERN int Dane; /* DANE */
+#endif
EXTERN int DefaultNotify; /* default DSN notification flags */
EXTERN int DelayLA; /* load average to delay connections */
EXTERN int DontProbeInterfaces; /* don't probe interfaces for names */
EXTERN int Errors; /* set if errors (local to single pass) */
EXTERN int ExitStat; /* exit status code */
EXTERN int FastSplit; /* fast initial splitting of envelopes */
EXTERN int FileMode; /* mode on files */
EXTERN int LineNumber; /* line number in current input */
EXTERN int LogLevel; /* level of logging to perform */
EXTERN int MaxAliasRecursion; /* maximum depth of alias recursion */
EXTERN int MaxChildren; /* maximum number of daemonic children */
EXTERN int MaxForwardEntries; /* maximum number of forward entries */
EXTERN int MaxHeadersLength; /* max length of headers */
EXTERN int MaxHopCount; /* max # of hops until bounce */
EXTERN int MaxMacroRecursion; /* maximum depth of macro recursion */
EXTERN int MaxMimeFieldLength; /* maximum MIME field length */
EXTERN int MaxMimeHeaderLength; /* maximum MIME header length */
EXTERN int MaxNOOPCommands; /* max "noise" commands before slowdown */
EXTERN int MaxRcptPerMsg; /* max recipients per SMTP message */
EXTERN int MaxRuleRecursion; /* maximum depth of ruleset recursion */
#if _FFR_MSG_ACCEPT
EXTERN char *MessageAccept; /* "Message accepted for delivery" reply text */
-#endif /* _FFR_MSG_ACCEPT */
+#endif
EXTERN int MimeMode; /* MIME processing mode */
EXTERN int NoRecipientAction;
#if SM_CONF_SHM
EXTERN int Numfilesys; /* number of queue file systems */
EXTERN int *PNumFileSys;
# define NumFileSys (*PNumFileSys)
-# else /* SM_CONF_SHM */
+#else /* SM_CONF_SHM */
EXTERN int NumFileSys; /* number of queue file systems */
-# endif /* SM_CONF_SHM */
+#endif /* SM_CONF_SHM */
EXTERN int QueueLA; /* load average starting forced queueing */
EXTERN int RefuseLA; /* load average refusing connections */
EXTERN time_t RejectLogInterval; /* time btwn log msgs while refusing */
#if _FFR_MEMSTAT
EXTERN long QueueLowMem; /* low memory starting forced queueing */
EXTERN long RefuseLowMem; /* low memory refusing connections */
EXTERN char *MemoryResource;/* memory resource to look up */
#endif /* _FFR_MEMSTAT */
EXTERN int SuperSafe; /* be extra careful, even if expensive */
EXTERN int VendorCode; /* vendor-specific operation enhancements */
EXTERN int Verbose; /* set if blow-by-blow desired */
EXTERN gid_t DefGid; /* default gid to run as */
EXTERN gid_t RealGid; /* real gid of caller */
EXTERN gid_t RunAsGid; /* GID to become for bulk of run */
EXTERN gid_t EffGid; /* effective gid */
#if SM_CONF_SHM
EXTERN key_t ShmKey; /* shared memory key */
EXTERN char *ShmKeyFile; /* shared memory key file */
-#endif /* SM_CONF_SHM */
+#endif
EXTERN pid_t CurrentPid; /* current process id */
EXTERN pid_t DaemonPid; /* process id of daemon */
EXTERN pid_t PidFilePid; /* daemon/queue runner who wrote pid file */
EXTERN uid_t DefUid; /* default uid to run as */
EXTERN uid_t RealUid; /* real uid of caller */
EXTERN uid_t RunAsUid; /* UID to become for bulk of run */
EXTERN uid_t TrustedUid; /* uid of trusted user for files and startup */
EXTERN size_t DataFileBufferSize; /* size of buf for in-core data file */
EXTERN time_t DeliverByMin; /* deliver by minimum time */
EXTERN time_t DialDelay; /* delay between dial-on-demand tries */
EXTERN time_t SafeAlias; /* interval to wait until @:@ in alias file */
EXTERN time_t ServiceCacheMaxAge; /* refresh interval for cache */
EXTERN size_t XscriptFileBufferSize; /* size of buf for in-core transcript file */
EXTERN MODE_T OldUmask; /* umask when sendmail starts up */
EXTERN long MaxMessageSize; /* advertised max size we will accept */
EXTERN long MinBlocksFree; /* min # of blocks free on queue fs */
EXTERN long QueueFactor; /* slope of queue function */
EXTERN long WkClassFact; /* multiplier for message class -> priority */
EXTERN long WkRecipFact; /* multiplier for # of recipients -> priority */
EXTERN long WkTimeFact; /* priority offset each time this job is run */
EXTERN char *ControlSocketName; /* control socket filename [control.c] */
EXTERN char *CurHostName; /* current host we are dealing with */
EXTERN char *DeadLetterDrop; /* path to dead letter office */
EXTERN char *DefUser; /* default user to run as (from DefUid) */
EXTERN char *DefaultCharSet; /* default character set for MIME */
EXTERN char *DoubleBounceAddr; /* where to send double bounces */
EXTERN char *ErrMsgFile; /* file to prepend to all error messages */
EXTERN char *FallbackMX; /* fall back MX host */
EXTERN char *FallbackSmartHost; /* fall back smart host */
EXTERN char *FileName; /* name to print on error messages */
EXTERN char *ForwardPath; /* path to search for .forward files */
EXTERN char *HeloName; /* hostname to announce in HELO */
EXTERN char *HelpFile; /* location of SMTP help file */
EXTERN char *HostStatDir; /* location of host status information */
EXTERN char *HostsFile; /* path to /etc/hosts file */
extern char *Mbdb; /* mailbox database type */
EXTERN char *MustQuoteChars; /* quote these characters in phrases */
EXTERN char *MyHostName; /* name of this host for SMTP messages */
EXTERN char *OperatorChars; /* operators (old $o macro) */
EXTERN char *PidFile; /* location of proc id file [conf.c] */
EXTERN char *PostMasterCopy; /* address to get errs cc's */
EXTERN char *ProcTitlePrefix; /* process title prefix */
EXTERN char *RealHostName; /* name of host we are talking to */
EXTERN char *RealUserName; /* real user name of caller */
EXTERN char *volatile RestartRequest;/* a sendmail restart has been requested */
EXTERN char *RunAsUserName; /* user to become for bulk of run */
EXTERN char *SafeFileEnv; /* chroot location for file delivery */
EXTERN char *ServiceSwitchFile; /* backup service switch */
EXTERN char *volatile ShutdownRequest;/* a sendmail shutdown has been requested */
EXTERN bool volatile IntSig;
EXTERN char *SmtpGreeting; /* SMTP greeting message (old $e macro) */
EXTERN char *SmtpPhase; /* current phase in SMTP processing */
EXTERN char SmtpError[MAXLINE]; /* save failure error messages */
EXTERN char *StatFile; /* location of statistics summary */
EXTERN char *TimeZoneSpec; /* override time zone specification */
EXTERN char *UdbSpec; /* user database source spec */
EXTERN char *UnixFromLine; /* UNIX From_ line (old $l macro) */
EXTERN char **ExternalEnviron; /* saved user (input) environment */
EXTERN char **SaveArgv; /* argument vector for re-execing */
EXTERN BITMAP256 DontBlameSendmail; /* DontBlameSendmail bits */
EXTERN SM_FILE_T *InChannel; /* input connection */
EXTERN SM_FILE_T *OutChannel; /* output connection */
EXTERN SM_FILE_T *TrafficLogFile; /* file in which to log all traffic */
#if HESIOD
EXTERN void *HesiodContext;
-#endif /* HESIOD */
+#endif
EXTERN ENVELOPE *CurEnv; /* envelope currently being processed */
EXTERN char *RuleSetNames[MAXRWSETS]; /* ruleset number to name */
EXTERN char *UserEnviron[MAXUSERENVIRON + 1];
EXTERN struct rewrite *RewriteRules[MAXRWSETS];
EXTERN struct termescape TermEscape; /* terminal escape codes */
EXTERN SOCKADDR ConnectOnlyTo; /* override connection address (for testing) */
EXTERN SOCKADDR RealHostAddr; /* address of host we are talking to */
extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */
+#if _FFR_BLANKENV_MACV
+EXTERN int Hacks; /* bit field of run-time enabled "hacks" */
+# define H_LOOKUP_MACRO_IN_BLANKENV 0x0001
+# define LOOKUP_MACRO_IN_BLANKENV (Hacks & H_LOOKUP_MACRO_IN_BLANKENV)
+#else
+# define LOOKUP_MACRO_IN_BLANKENV false
+#endif
EXTERN int ConnectionRateWindowSize;
-#if STARTTLS && USE_OPENSSL_ENGINE
-EXTERN bool SSLEngineInitialized;
-#endif /* STARTTLS && USE_OPENSSL_ENGINE */
/*
** Declarations of useful functions
*/
/* Transcript file */
extern void closexscript __P((ENVELOPE *));
extern void openxscript __P((ENVELOPE *));
+#if SM_DEVELOPER
+#define NR_PRINTFLIKE(a, b) PRINTFLIKE(a, b)
+#else
+#define NR_PRINTFLIKE(a, b)
+#endif
+
/* error related */
extern void buffer_errors __P((void));
extern void flush_errors __P((bool));
-extern void PRINTFLIKE(1, 2) message __P((const char *, ...));
-extern void PRINTFLIKE(1, 2) nmessage __P((const char *, ...));
+extern void NR_PRINTFLIKE(1, 2) message __P((const char *, ...));
+extern void NR_PRINTFLIKE(1, 2) nmessage __P((const char *, ...));
#if _FFR_PROXY
-extern void PRINTFLIKE(3, 4) emessage __P((const char *, const char *, const char *, ...));
+extern void NR_PRINTFLIKE(3, 4) emessage __P((const char *, const char *, const char *, ...));
extern int extsc __P((const char *, int, char *, char *));
-#endif /* _FFR_PROXY */
-extern void PRINTFLIKE(1, 2) syserr __P((const char *, ...));
-extern void PRINTFLIKE(2, 3) usrerrenh __P((char *, const char *, ...));
-extern void PRINTFLIKE(1, 2) usrerr __P((const char *, ...));
+#endif
+extern void NR_PRINTFLIKE(1, 2) syserr __P((const char *, ...));
+extern void NR_PRINTFLIKE(2, 3) usrerrenh __P((char *, const char *, ...));
+extern void NR_PRINTFLIKE(1, 2) usrerr __P((const char *, ...));
extern int isenhsc __P((const char *, int));
extern int extenhsc __P((const char *, int, char *));
/* alias file */
extern void alias __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
extern bool aliaswait __P((MAP *, char *, bool));
extern void forward __P((ADDRESS *, ADDRESS **, int, ENVELOPE *));
extern void readaliases __P((MAP *, SM_FILE_T *, bool, bool));
extern bool rebuildaliases __P((MAP *, bool));
extern void setalias __P((char *));
/* logging */
extern void logdelivery __P((MAILER *, MCI *, char *, const char *, ADDRESS *, time_t, ENVELOPE *, ADDRESS *, int));
extern void logsender __P((ENVELOPE *, char *));
extern void PRINTFLIKE(3, 4) sm_syslog __P((int, const char *, const char *, ...));
/* SMTP */
extern void giveresponse __P((int, char *, MAILER *, MCI *, ADDRESS *, time_t, ENVELOPE *, ADDRESS *));
extern int reply __P((MAILER *, MCI *, ENVELOPE *, time_t, void (*)__P((char *, bool, MAILER *, MCI *, ENVELOPE *)), char **, int));
extern void smtp __P((char *volatile, BITMAP256, ENVELOPE *volatile));
#if SASL
extern int smtpauth __P((MAILER *, MCI *, ENVELOPE *));
-#endif /* SASL */
+#endif
extern int smtpdata __P((MAILER *, MCI *, ENVELOPE *, ADDRESS *, time_t));
extern int smtpgetstat __P((MAILER *, MCI *, ENVELOPE *));
extern int smtpmailfrom __P((MAILER *, MCI *, ENVELOPE *));
extern void smtpmessage __P((char *, MAILER *, MCI *, ...));
extern void smtpinit __P((MAILER *, MCI *, ENVELOPE *, bool));
extern char *smtptodsn __P((int));
extern int smtpprobe __P((MCI *));
extern void smtpquit __P((MAILER *, MCI *, ENVELOPE *));
extern int smtprcpt __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *, ADDRESS *, time_t));
extern void smtprset __P((MAILER *, MCI *, ENVELOPE *));
#define REPLYTYPE(r) ((r) / 100) /* first digit of reply code */
#define REPLYCLASS(r) (((r) / 10) % 10) /* second digit of reply code */
#define REPLYMINOR(r) ((r) % 10) /* last digit of reply code */
#define ISSMTPCODE(c) (isascii(c[0]) && isdigit(c[0]) && \
- isascii(c[1]) && isdigit(c[1]) && \
- isascii(c[2]) && isdigit(c[2]))
+ isascii(c[1]) && isdigit(c[1]) && \
+ isascii(c[2]) && isdigit(c[2]))
#define ISSMTPREPLY(c) (ISSMTPCODE(c) && \
- (c[3] == ' ' || c[3] == '-' || c[3] == '\0'))
+ (c[3] == ' ' || c[3] == '-' || c[3] == '\0'))
+#define SM_ISSPACE(c) (isascii(c) && isspace(c))
/* delivery */
extern pid_t dowork __P((int, int, char *, bool, bool, ENVELOPE *));
extern pid_t doworklist __P((ENVELOPE *, bool, bool));
extern int endmailer __P((MCI *, ENVELOPE *, char **));
extern int mailfile __P((char *volatile, MAILER *volatile, ADDRESS *, volatile long, ENVELOPE *));
extern void sendall __P((ENVELOPE *, int));
/* stats */
#define STATS_NORMAL 'n'
#define STATS_QUARANTINE 'q'
#define STATS_REJECT 'r'
#define STATS_CONNECT 'c'
extern void markstats __P((ENVELOPE *, ADDRESS *, int));
extern void clearstats __P((void));
extern void poststats __P((char *));
/* control socket */
-extern void closecontrolsocket __P((bool));
-extern void clrcontrol __P((void));
+extern void closecontrolsocket __P((bool));
+extern void clrcontrol __P((void));
extern void control_command __P((int, ENVELOPE *));
extern int opencontrolsocket __P((void));
#if MILTER
/* milter functions */
extern void milter_config __P((char *, struct milter **, int));
extern void milter_setup __P((char *));
extern void milter_set_option __P((char *, char *, bool));
extern bool milter_init __P((ENVELOPE *, char *, milters_T *));
extern void milter_quit __P((ENVELOPE *));
extern void milter_abort __P((ENVELOPE *));
extern char *milter_connect __P((char *, SOCKADDR, ENVELOPE *, char *));
extern char *milter_helo __P((char *, ENVELOPE *, char *));
extern char *milter_envfrom __P((char **, ENVELOPE *, char *));
extern char *milter_data_cmd __P((ENVELOPE *, char *));
extern char *milter_envrcpt __P((char **, ENVELOPE *, char *, bool));
extern char *milter_data __P((ENVELOPE *, char *));
extern char *milter_unknown __P((char *, ENVELOPE *, char *));
#endif /* MILTER */
extern char *addquotes __P((char *, SM_RPOOL_T *));
extern char *arpadate __P((char *));
extern bool atobool __P((char *));
extern int atooct __P((char *));
extern void auth_warning __P((ENVELOPE *, const char *, ...));
extern int blocksignal __P((int));
extern bool bitintersect __P((BITMAP256, BITMAP256));
extern bool bitzerop __P((BITMAP256));
extern int check_bodytype __P((char *));
extern void buildfname __P((char *, char *, char *, int));
extern bool chkclientmodifiers __P((int));
extern bool chkdaemonmodifiers __P((int));
extern int checkcompat __P((ADDRESS *, ENVELOPE *));
#ifdef XDEBUG
extern void checkfd012 __P((char *));
extern void checkfdopen __P((int, char *));
-#endif /* XDEBUG */
+#endif
extern void checkfds __P((char *));
extern bool chownsafe __P((int, bool));
extern void cleanstrcpy __P((char *, char *, int));
#if SM_CONF_SHM
extern void cleanup_shm __P((bool));
-#endif /* SM_CONF_SHM */
+#endif
extern void close_sendmail_pid __P((void));
extern void clrdaemon __P((void));
extern void collect __P((SM_FILE_T *, bool, HDR **, ENVELOPE *, bool));
-extern bool connection_rate_check __P((SOCKADDR *, ENVELOPE *));
extern time_t convtime __P((char *, int));
extern char **copyplist __P((char **, bool, SM_RPOOL_T *));
extern void copy_class __P((int, int));
extern int count_open_connections __P((SOCKADDR *));
extern time_t curtime __P((void));
extern char *defcharset __P((ENVELOPE *));
extern char *denlstring __P((char *, bool, bool));
extern void dferror __P((SM_FILE_T *volatile, char *, ENVELOPE *));
extern void disconnect __P((int, ENVELOPE *));
extern void disk_status __P((SM_FILE_T *, char *));
-extern bool dns_getcanonname __P((char *, int, bool, int *, int *));
+extern int dns_getcanonname __P((char *, int, bool, int *, int *));
extern pid_t dofork __P((void));
extern int drop_privileges __P((bool));
extern int dsntoexitstat __P((char *));
extern void dumpfd __P((int, bool, bool));
#if SM_HEAP_CHECK
extern void dumpstab __P((void));
-#endif /* SM_HEAP_CHECK */
+#endif
extern void dumpstate __P((char *));
extern bool enoughdiskspace __P((long, ENVELOPE *));
extern char *exitstat __P((char *));
extern void fatal_error __P((SM_EXC_T *));
extern char *fgetfolded __P((char *, int *, SM_FILE_T *));
extern void fill_fd __P((int, char *));
extern char *find_character __P((char *, int));
extern int finduser __P((char *, bool *, SM_MBDB_T *));
extern void finis __P((bool, bool, volatile int));
extern void fixcrlf __P((char *, bool));
extern long freediskspace __P((const char *, long *));
#if NETINET6 && NEEDSGETIPNODE
extern void freehostent __P((struct hostent *));
-#endif /* NETINET6 && NEEDSGETIPNODE */
+#endif
extern char *get_column __P((char *, int, int, char *, int));
extern char *getauthinfo __P((int, bool *));
extern int getdtsize __P((void));
extern int getla __P((void));
extern char *getmodifiers __P((char *, BITMAP256));
extern BITMAP256 *getrequests __P((ENVELOPE *));
extern char *getvendor __P((int));
-#if _FFR_TLS_SE_OPTS && STARTTLS
-# ifndef TLS_VRFY_PER_CTX
-# define TLS_VRFY_PER_CTX 1
-# endif
-extern int get_tls_se_options __P((ENVELOPE *, SSL *, bool));
-#else
-# define get_tls_se_options(e, s, w) 0
-#endif
extern void help __P((char *, ENVELOPE *));
extern void init_md __P((int, char **));
extern void initdaemon __P((void));
extern void inithostmaps __P((void));
extern void initmacros __P((ENVELOPE *));
extern void initsetproctitle __P((int, char **, char **));
extern void init_vendor_macros __P((ENVELOPE *));
extern SIGFUNC_DECL intsig __P((int));
extern bool isatom __P((const char *));
extern bool isloopback __P((SOCKADDR sa));
-#if _FFR_TLS_SE_OPTS && STARTTLS
-extern bool load_certkey __P((SSL *, bool, char *, char *));
-#endif
extern void load_if_names __P((void));
extern bool lockfile __P((int, char *, char *, int));
extern void log_sendmail_pid __P((ENVELOPE *));
extern void logundelrcpts __P((ENVELOPE *, char *, int, bool));
extern char lower __P((int));
extern void makelower __P((char *));
extern int makeconnection_ds __P((char *, MCI *));
+#if DANE
+extern int makeconnection __P((char *, volatile unsigned int, MCI *, ENVELOPE *, time_t, unsigned long *));
+#else
extern int makeconnection __P((char *, volatile unsigned int, MCI *, ENVELOPE *, time_t));
+#endif
extern void makeworkgroups __P((void));
extern void markfailure __P((ENVELOPE *, ADDRESS *, MCI *, int, bool));
extern void mark_work_group_restart __P((int, int));
extern MCI *mci_new __P((SM_RPOOL_T *));
extern char *munchstring __P((char *, char **, int));
extern struct hostent *myhostname __P((char *, int));
extern char *newstr __P((const char *));
#if NISPLUS
extern char *nisplus_default_domain __P((void)); /* extern for Sun */
-#endif /* NISPLUS */
+#endif
extern bool path_is_dir __P((char *, bool));
extern int pickqdir __P((QUEUEGRP *qg, long fsize, ENVELOPE *e));
extern char *pintvl __P((time_t, bool));
extern void printav __P((SM_FILE_T *, char **));
extern void printmailer __P((SM_FILE_T *, MAILER *));
extern void printnqe __P((SM_FILE_T *, char *));
extern void printopenfds __P((bool));
extern void printqueue __P((void));
extern void printrules __P((void));
extern pid_t prog_open __P((char **, int *, ENVELOPE *));
extern bool putline __P((char *, MCI *));
extern bool putxline __P((char *, size_t, MCI *, int));
extern void queueup_macros __P((int, SM_FILE_T *, ENVELOPE *));
extern void readcf __P((char *, bool, ENVELOPE *));
extern SIGFUNC_DECL reapchild __P((int));
extern int releasesignal __P((int));
extern void resetlimits __P((void));
extern void restart_daemon __P((void));
extern void restart_marked_work_groups __P((void));
extern bool rfc822_string __P((char *));
extern void rmexpstab __P((void));
extern bool savemail __P((ENVELOPE *, bool));
extern void seed_random __P((void));
extern void sendtoargv __P((char **, ENVELOPE *));
extern void setclientoptions __P((char *));
extern bool setdaemonoptions __P((char *));
extern void setdefaults __P((ENVELOPE *));
extern void setdefuser __P((void));
extern bool setvendor __P((char *));
extern void set_op_mode __P((int));
extern void setoption __P((int, char *, bool, bool, ENVELOPE *));
extern sigfunc_t setsignal __P((int, sigfunc_t));
extern void sm_setuserenv __P((const char *, const char *));
extern void settime __P((ENVELOPE *));
#if STARTTLS
extern int set_tls_rd_tmo __P((int));
#else
# define set_tls_rd_tmo(rd_tmo) 0
#endif
extern char *sfgets __P((char *, int, SM_FILE_T *, time_t, char *));
extern char *shortenstring __P((const char *, size_t));
extern char *shorten_hostname __P((char []));
extern bool shorten_rfc822_string __P((char *, size_t));
extern void shutdown_daemon __P((void));
extern void sm_closefrom __P((int lowest, int highest));
extern void sm_close_on_exec __P((int lowest, int highest));
extern struct hostent *sm_gethostbyname __P((char *, int));
extern struct hostent *sm_gethostbyaddr __P((char *, int, int));
extern void sm_getla __P((void));
extern struct passwd *sm_getpwnam __P((char *));
extern struct passwd *sm_getpwuid __P((UID_T));
extern void sm_setproctitle __P((bool, ENVELOPE *, const char *, ...));
extern pid_t sm_wait __P((int *));
extern bool split_by_recipient __P((ENVELOPE *e));
extern void stop_sendmail __P((void));
extern void stripbackslash __P((char *));
extern bool strreplnonprt __P((char *, int));
extern bool strcontainedin __P((bool, char *, char *));
extern int switch_map_find __P((char *, char *[], short []));
#if STARTTLS
extern void tls_set_verify __P((SSL_CTX *, SSL *, bool));
-#endif /* STARTTLS */
+#endif
extern bool transienterror __P((int));
extern void truncate_at_delim __P((char *, size_t, int));
extern void tTflag __P((char *));
extern void tTsetup __P((unsigned char *, unsigned int, char *));
extern SIGFUNC_DECL tick __P((int));
extern char *ttypath __P((void));
extern void unlockqueue __P((ENVELOPE *));
#if !HASUNSETENV
extern void unsetenv __P((char *));
-#endif /* !HASUNSETENV */
+#endif
/* update file system information: +/- some blocks */
#if SM_CONF_SHM
extern void upd_qs __P((ENVELOPE *, int, int, char *));
# define updfs(e, count, space, where) upd_qs(e, count, space, where)
#else /* SM_CONF_SHM */
# define updfs(e, count, space, where)
# define upd_qs(e, count, space, where)
#endif /* SM_CONF_SHM */
extern char *username __P((void));
extern bool usershellok __P((char *, char *));
extern void vendor_post_defaults __P((ENVELOPE *));
extern void vendor_pre_defaults __P((ENVELOPE *));
extern int waitfor __P((pid_t));
extern bool writable __P((char *, ADDRESS *, long));
#if SM_HEAP_CHECK
# define xalloc(size) xalloc_tagged(size, __FILE__, __LINE__)
extern char *xalloc_tagged __P((int, char *, int));
-#else /* SM_HEAP_CHECK */
+#else
extern char *xalloc __P((int));
#endif /* SM_HEAP_CHECK */
#if _FFR_XCNCT
extern int xconnect __P((SM_FILE_T *));
-#endif /* _FFR_XCNCT */
+#endif
extern void xputs __P((SM_FILE_T *, const char *));
extern char *xtextify __P((char *, char *));
extern bool xtextok __P((char *));
extern int xunlink __P((char *));
extern char *xuntextify __P((char *));
+#if _FFR_EAI
+extern bool addr_is_ascii __P((const char *));
+#endif
+
#if _FFR_RCPTFLAGS
extern bool newmodmailer __P((ADDRESS *, int));
#endif
#undef EXTERN
#endif /* ! _SENDMAIL_H */
diff --git a/src/sfsasl.c b/src/sfsasl.c
index 5209dfa1c3b2..3335608e450c 100644
--- a/src/sfsasl.c
+++ b/src/sfsasl.c
@@ -1,999 +1,992 @@
/*
* Copyright (c) 1999-2006, 2008 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: sfsasl.c,v 8.121 2013-11-22 20:51:56 ca Exp $")
#include <stdlib.h>
#include <sendmail.h>
#include <sm/time.h>
#include <sm/fdset.h>
#include <errno.h>
/* allow to disable error handling code just in case... */
#ifndef DEAL_WITH_ERROR_SSL
# define DEAL_WITH_ERROR_SSL 1
-#endif /* ! DEAL_WITH_ERROR_SSL */
+#endif
#if SASL
# include "sfsasl.h"
/* Structure used by the "sasl" file type */
struct sasl_obj
{
SM_FILE_T *fp;
sasl_conn_t *conn;
};
struct sasl_info
{
SM_FILE_T *fp;
sasl_conn_t *conn;
};
/*
** SASL_GETINFO - returns requested information about a "sasl" file
** descriptor.
**
** Parameters:
** fp -- the file descriptor
** what -- the type of information requested
** valp -- the thang to return the information in
**
** Returns:
** -1 for unknown requests
** >=0 on success with valp filled in (if possible).
*/
static int sasl_getinfo __P((SM_FILE_T *, int, void *));
static int
sasl_getinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
struct sasl_obj *so = (struct sasl_obj *) fp->f_cookie;
switch (what)
{
case SM_IO_WHAT_FD:
if (so->fp == NULL)
return -1;
- return so->fp->f_file; /* for stdio fileno() compatability */
+ return so->fp->f_file; /* for stdio fileno() compatibility */
case SM_IO_IS_READABLE:
if (so->fp == NULL)
return 0;
/* get info from underlying file */
return sm_io_getinfo(so->fp, what, valp);
default:
return -1;
}
}
/*
** SASL_OPEN -- creates the sasl specific information for opening a
** file of the sasl type.
**
** Parameters:
** fp -- the file pointer associated with the new open
** info -- contains the sasl connection information pointer and
** the original SM_FILE_T that holds the open
** flags -- ignored
** rpool -- ignored
**
** Returns:
** 0 on success
*/
static int sasl_open __P((SM_FILE_T *, const void *, int, const void *));
/* ARGSUSED2 */
static int
sasl_open(fp, info, flags, rpool)
SM_FILE_T *fp;
const void *info;
int flags;
const void *rpool;
{
struct sasl_obj *so;
struct sasl_info *si = (struct sasl_info *) info;
so = (struct sasl_obj *) sm_malloc(sizeof(struct sasl_obj));
if (so == NULL)
{
errno = ENOMEM;
return -1;
}
so->fp = si->fp;
so->conn = si->conn;
/*
** The underlying 'fp' is set to SM_IO_NOW so that the entire
** encoded string is written in one chunk. Otherwise there is
** the possibility that it may appear illegal, bogus or
** mangled to the other side of the connection.
** We will read or write through 'fp' since it is the opaque
** connection for the communications. We need to treat it this
** way in case the encoded string is to be sent down a TLS
** connection rather than, say, sm_io's stdio.
*/
(void) sm_io_setvbuf(so->fp, SM_TIME_DEFAULT, NULL, SM_IO_NOW, 0);
fp->f_cookie = so;
return 0;
}
/*
** SASL_CLOSE -- close the sasl specific parts of the sasl file pointer
**
** Parameters:
** fp -- the file pointer to close
**
** Returns:
** 0 on success
*/
static int sasl_close __P((SM_FILE_T *));
static int
sasl_close(fp)
SM_FILE_T *fp;
{
struct sasl_obj *so;
so = (struct sasl_obj *) fp->f_cookie;
if (so == NULL)
return 0;
if (so->fp != NULL)
{
sm_io_close(so->fp, SM_TIME_DEFAULT);
so->fp = NULL;
}
sm_free(so);
so = NULL;
return 0;
}
/* how to deallocate a buffer allocated by SASL */
extern void sm_sasl_free __P((void *));
# define SASL_DEALLOC(b) sm_sasl_free(b)
/*
** SASL_READ -- read encrypted information and decrypt it for the caller
**
** Parameters:
** fp -- the file pointer
** buf -- the location to place the decrypted information
** size -- the number of bytes to read after decryption
**
** Results:
** -1 on error
** otherwise the number of bytes read
*/
static ssize_t sasl_read __P((SM_FILE_T *, char *, size_t));
static ssize_t
sasl_read(fp, buf, size)
SM_FILE_T *fp;
char *buf;
size_t size;
{
int result;
ssize_t len;
# if SASL >= 20000
static const char *outbuf = NULL;
-# else /* SASL >= 20000 */
+# else
static char *outbuf = NULL;
-# endif /* SASL >= 20000 */
+# endif
static unsigned int outlen = 0;
static unsigned int offset = 0;
struct sasl_obj *so = (struct sasl_obj *) fp->f_cookie;
/*
** sasl_decode() may require more data than a single read() returns.
** Hence we have to put a loop around the decoding.
** This also requires that we may have to split up the returned
** data since it might be larger than the allowed size.
** Therefore we use a static pointer and return portions of it
** if necessary.
** XXX Note: This function is not thread-safe nor can it be used
** on more than one file. A correct implementation would store
** this data in fp->f_cookie.
*/
# if SASL >= 20000
while (outlen == 0)
-# else /* SASL >= 20000 */
+# else
while (outbuf == NULL && outlen == 0)
-# endif /* SASL >= 20000 */
+# endif
{
len = sm_io_read(so->fp, SM_TIME_DEFAULT, buf, size);
if (len <= 0)
return len;
result = sasl_decode(so->conn, buf,
(unsigned int) len, &outbuf, &outlen);
if (result != SASL_OK)
{
if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"AUTH: sasl_decode error=%d", result);
outbuf = NULL;
offset = 0;
outlen = 0;
return -1;
}
}
if (outbuf == NULL)
{
/* be paranoid: outbuf == NULL but outlen != 0 */
syserr("@sasl_read failure: outbuf == NULL but outlen != 0");
/* NOTREACHED */
}
if (outlen - offset > size)
{
/* return another part of the buffer */
(void) memcpy(buf, outbuf + offset, size);
offset += size;
len = size;
}
else
{
/* return the rest of the buffer */
len = outlen - offset;
(void) memcpy(buf, outbuf + offset, (size_t) len);
# if SASL < 20000
SASL_DEALLOC(outbuf);
-# endif /* SASL < 20000 */
+# endif
outbuf = NULL;
offset = 0;
outlen = 0;
}
return len;
}
/*
** SASL_WRITE -- write information out after encrypting it
**
** Parameters:
** fp -- the file pointer
** buf -- holds the data to be encrypted and written
** size -- the number of bytes to have encrypted and written
**
** Returns:
** -1 on error
** otherwise number of bytes written
*/
static ssize_t sasl_write __P((SM_FILE_T *, const char *, size_t));
static ssize_t
sasl_write(fp, buf, size)
SM_FILE_T *fp;
const char *buf;
size_t size;
{
int result;
# if SASL >= 20000
const char *outbuf;
-# else /* SASL >= 20000 */
+# else
char *outbuf;
-# endif /* SASL >= 20000 */
+# endif
unsigned int outlen, *maxencode;
size_t ret = 0, total = 0;
struct sasl_obj *so = (struct sasl_obj *) fp->f_cookie;
/*
** Fetch the maximum input buffer size for sasl_encode().
** This can be less than the size set in attemptauth()
** due to a negotiation with the other side, e.g.,
** Cyrus IMAP lmtp program sets maxbuf=4096,
- ** digestmd5 substracts 25 and hence we'll get 4071
+ ** digestmd5 subtracts 25 and hence we'll get 4071
** instead of 8192 (MAXOUTLEN).
** Hack (for now): simply reduce the size, callers are (must be)
** able to deal with that and invoke sasl_write() again with
** the rest of the data.
** Note: it would be better to store this value in the context
** after the negotiation.
*/
result = sasl_getprop(so->conn, SASL_MAXOUTBUF,
(const void **) &maxencode);
if (result == SASL_OK && size > *maxencode && *maxencode > 0)
size = *maxencode;
result = sasl_encode(so->conn, buf,
(unsigned int) size, &outbuf, &outlen);
if (result != SASL_OK)
{
if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"AUTH: sasl_encode error=%d", result);
return -1;
}
if (outbuf != NULL)
{
while (outlen > 0)
{
errno = 0;
/* XXX result == 0? */
ret = sm_io_write(so->fp, SM_TIME_DEFAULT,
&outbuf[total], outlen);
if (ret <= 0)
return ret;
outlen -= ret;
total += ret;
}
# if SASL < 20000
SASL_DEALLOC(outbuf);
-# endif /* SASL < 20000 */
+# endif
}
return size;
}
/*
** SFDCSASL -- create sasl file type and open in and out file pointers
** for sendmail to read from and write to.
**
** Parameters:
** fin -- the sm_io file encrypted data to be read from
** fout -- the sm_io file encrypted data to be written to
** conn -- the sasl connection pointer
** tmo -- timeout
**
** Returns:
** -1 on error
** 0 on success
**
** Side effects:
** The arguments "fin" and "fout" are replaced with the new
** SM_FILE_T pointers.
*/
int
sfdcsasl(fin, fout, conn, tmo)
SM_FILE_T **fin;
SM_FILE_T **fout;
sasl_conn_t *conn;
int tmo;
{
SM_FILE_T *newin, *newout;
SM_FILE_T SM_IO_SET_TYPE(sasl_vector, "sasl", sasl_open, sasl_close,
sasl_read, sasl_write, NULL, sasl_getinfo, NULL,
SM_TIME_DEFAULT);
struct sasl_info info;
if (conn == NULL)
{
/* no need to do anything */
return 0;
}
SM_IO_INIT_TYPE(sasl_vector, "sasl", sasl_open, sasl_close,
sasl_read, sasl_write, NULL, sasl_getinfo, NULL,
SM_TIME_DEFAULT);
info.fp = *fin;
info.conn = conn;
newin = sm_io_open(&sasl_vector, SM_TIME_DEFAULT, &info,
SM_IO_RDONLY_B, NULL);
if (newin == NULL)
return -1;
info.fp = *fout;
info.conn = conn;
newout = sm_io_open(&sasl_vector, SM_TIME_DEFAULT, &info,
SM_IO_WRONLY_B, NULL);
if (newout == NULL)
{
(void) sm_io_close(newin, SM_TIME_DEFAULT);
return -1;
}
sm_io_automode(newin, newout);
sm_io_setinfo(*fin, SM_IO_WHAT_TIMEOUT, &tmo);
sm_io_setinfo(*fout, SM_IO_WHAT_TIMEOUT, &tmo);
*fin = newin;
*fout = newout;
return 0;
}
#endif /* SASL */
#if STARTTLS
# include "sfsasl.h"
+# include <tls.h>
# include <openssl/err.h>
/* Structure used by the "tls" file type */
struct tls_obj
{
SM_FILE_T *fp;
SSL *con;
};
struct tls_info
{
SM_FILE_T *fp;
SSL *con;
};
/*
** TLS_GETINFO - returns requested information about a "tls" file
** descriptor.
**
** Parameters:
** fp -- the file descriptor
** what -- the type of information requested
** valp -- the thang to return the information in (unused)
**
** Returns:
** -1 for unknown requests
** >=0 on success with valp filled in (if possible).
*/
static int tls_getinfo __P((SM_FILE_T *, int, void *));
/* ARGSUSED2 */
static int
tls_getinfo(fp, what, valp)
SM_FILE_T *fp;
int what;
void *valp;
{
struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
switch (what)
{
case SM_IO_WHAT_FD:
if (so->fp == NULL)
return -1;
- return so->fp->f_file; /* for stdio fileno() compatability */
+ return so->fp->f_file; /* for stdio fileno() compatibility */
case SM_IO_IS_READABLE:
return SSL_pending(so->con) > 0;
default:
return -1;
}
}
/*
** TLS_OPEN -- creates the tls specific information for opening a
** file of the tls type.
**
** Parameters:
** fp -- the file pointer associated with the new open
** info -- the sm_io file pointer holding the open and the
** TLS encryption connection to be read from or written to
** flags -- ignored
** rpool -- ignored
**
** Returns:
** 0 on success
*/
static int tls_open __P((SM_FILE_T *, const void *, int, const void *));
/* ARGSUSED2 */
static int
tls_open(fp, info, flags, rpool)
SM_FILE_T *fp;
const void *info;
int flags;
const void *rpool;
{
struct tls_obj *so;
struct tls_info *ti = (struct tls_info *) info;
so = (struct tls_obj *) sm_malloc(sizeof(struct tls_obj));
if (so == NULL)
{
errno = ENOMEM;
return -1;
}
so->fp = ti->fp;
so->con = ti->con;
/*
** We try to get the "raw" file descriptor that TLS uses to
** do the actual read/write with. This is to allow us control
** over the file descriptor being a blocking or non-blocking type.
** Under the covers TLS handles the change and this allows us
** to do timeouts with sm_io.
*/
fp->f_file = sm_io_getinfo(so->fp, SM_IO_WHAT_FD, NULL);
(void) sm_io_setvbuf(so->fp, SM_TIME_DEFAULT, NULL, SM_IO_NOW, 0);
fp->f_cookie = so;
return 0;
}
/*
** TLS_CLOSE -- close the tls specific parts of the tls file pointer
**
** Parameters:
** fp -- the file pointer to close
**
** Returns:
** 0 on success
*/
static int tls_close __P((SM_FILE_T *));
static int
tls_close(fp)
SM_FILE_T *fp;
{
struct tls_obj *so;
so = (struct tls_obj *) fp->f_cookie;
if (so == NULL)
return 0;
if (so->fp != NULL)
{
sm_io_close(so->fp, SM_TIME_DEFAULT);
so->fp = NULL;
}
sm_free(so);
so = NULL;
return 0;
}
/* maximum number of retries for TLS related I/O due to handshakes */
# define MAX_TLS_IOS 4
/*
** TLS_RETRY -- check whether a failed SSL operation can be retried
**
** Parameters:
** ssl -- TLS structure
** rfd -- read fd
** wfd -- write fd
** tlsstart -- start time of TLS operation
** timeout -- timeout for TLS operation
** err -- SSL error
** where -- description of operation
**
** Results:
** >0 on success
** 0 on timeout
** <0 on error
*/
int
tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where)
SSL *ssl;
int rfd;
int wfd;
time_t tlsstart;
int timeout;
int err;
const char *where;
{
int ret;
time_t left;
time_t now = curtime();
struct timeval tv;
ret = -1;
/*
** For SSL_ERROR_WANT_{READ,WRITE}:
** There is not a complete SSL record available yet
** or there is only a partial SSL record removed from
** the network (socket) buffer into the SSL buffer.
** The SSL_connect will only succeed when a full
** SSL record is available (assuming a "real" error
** doesn't happen). To handle when a "real" error
** does happen the select is set for exceptions too.
** The connection may be re-negotiated during this time
** so both read and write "want errors" need to be handled.
** A select() exception loops back so that a proper SSL
** error message can be gotten.
*/
left = timeout - (now - tlsstart);
if (left <= 0)
return 0; /* timeout */
tv.tv_sec = left;
tv.tv_usec = 0;
if (LogLevel > 14)
{
sm_syslog(LOG_INFO, NOQID,
"STARTTLS=%s, info: fds=%d/%d, err=%d",
where, rfd, wfd, err);
}
if ((err == SSL_ERROR_WANT_READ && !SM_FD_OK_SELECT(rfd)) ||
(err == SSL_ERROR_WANT_WRITE && !SM_FD_OK_SELECT(wfd)))
{
if (LogLevel > 5)
{
sm_syslog(LOG_ERR, NOQID,
"STARTTLS=%s, error: fd %d/%d too large",
where, rfd, wfd);
- if (LogLevel > 8)
- tlslogerr(LOG_WARNING, where);
+ tlslogerr(LOG_WARNING, 8, where);
}
errno = EINVAL;
}
else if (err == SSL_ERROR_WANT_READ)
{
fd_set ssl_maskr, ssl_maskx;
int save_errno = errno;
FD_ZERO(&ssl_maskr);
FD_SET(rfd, &ssl_maskr);
FD_ZERO(&ssl_maskx);
FD_SET(rfd, &ssl_maskx);
do
{
ret = select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx,
&tv);
} while (ret < 0 && errno == EINTR);
if (ret < 0 && errno > 0)
ret = -errno;
errno = save_errno;
}
else if (err == SSL_ERROR_WANT_WRITE)
{
fd_set ssl_maskw, ssl_maskx;
int save_errno = errno;
FD_ZERO(&ssl_maskw);
FD_SET(wfd, &ssl_maskw);
FD_ZERO(&ssl_maskx);
FD_SET(rfd, &ssl_maskx);
do
{
ret = select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx,
&tv);
} while (ret < 0 && errno == EINTR);
if (ret < 0 && errno > 0)
ret = -errno;
errno = save_errno;
}
return ret;
}
/* errno to force refill() etc to stop (see IS_IO_ERROR()) */
#ifdef ETIMEDOUT
# define SM_ERR_TIMEOUT ETIMEDOUT
-#else /* ETIMEDOUT */
+#else
# define SM_ERR_TIMEOUT EIO
-#endif /* ETIMEDOUT */
+#endif
/*
** SET_TLS_RD_TMO -- read secured information for the caller
**
** Parameters:
** rd_tmo -- read timeout
**
** Results:
** previous read timeout
** This is a hack: there is no way to pass it in
*/
static int tls_rd_tmo = -1;
int
set_tls_rd_tmo(rd_tmo)
int rd_tmo;
{
int old_rd_tmo;
old_rd_tmo = tls_rd_tmo;
tls_rd_tmo = rd_tmo;
return old_rd_tmo;
}
/*
** TLS_READ -- read secured information for the caller
**
** Parameters:
** fp -- the file pointer
** buf -- the location to place the data
** size -- the number of bytes to read from connection
**
** Results:
** -1 on error
** otherwise the number of bytes read
*/
static ssize_t tls_read __P((SM_FILE_T *, char *, size_t));
static ssize_t
tls_read(fp, buf, size)
SM_FILE_T *fp;
char *buf;
size_t size;
{
int r, rfd, wfd, try, ssl_err;
struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
time_t tlsstart;
char *err;
try = 99;
err = NULL;
tlsstart = curtime();
retry:
r = SSL_read(so->con, (char *) buf, size);
if (r > 0)
return r;
err = NULL;
switch (ssl_err = SSL_get_error(so->con, r))
{
case SSL_ERROR_NONE:
case SSL_ERROR_ZERO_RETURN:
break;
case SSL_ERROR_WANT_WRITE:
err = "read W BLOCK";
/* FALLTHROUGH */
case SSL_ERROR_WANT_READ:
if (err == NULL)
err = "read R BLOCK";
rfd = SSL_get_rfd(so->con);
wfd = SSL_get_wfd(so->con);
try = tls_retry(so->con, rfd, wfd, tlsstart,
(tls_rd_tmo < 0) ? TimeOuts.to_datablock
: tls_rd_tmo,
ssl_err, "read");
if (try > 0)
goto retry;
errno = SM_ERR_TIMEOUT;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
err = "write X BLOCK";
break;
case SSL_ERROR_SYSCALL:
if (r == 0 && errno == 0) /* out of protocol EOF found */
break;
err = "syscall error";
-/*
- get_last_socket_error());
-*/
break;
case SSL_ERROR_SSL:
#if DEAL_WITH_ERROR_SSL
if (r == 0 && errno == 0) /* out of protocol EOF found */
break;
-#endif /* DEAL_WITH_ERROR_SSL */
+#endif
err = "generic SSL error";
if (LogLevel > 9)
{
int pri;
if (errno == EAGAIN && try > 0)
pri = LOG_DEBUG;
else
pri = LOG_WARNING;
- tlslogerr(pri, "read");
+ tlslogerr(pri, 9, "read");
}
#if DEAL_WITH_ERROR_SSL
/* avoid repeated calls? */
if (r == 0)
r = -1;
-#endif /* DEAL_WITH_ERROR_SSL */
+#endif
break;
}
if (err != NULL)
{
int save_errno;
save_errno = (errno == 0) ? EIO : errno;
if (try == 0 && save_errno == SM_ERR_TIMEOUT)
{
if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: read error=timeout");
}
else if (LogLevel > 8)
{
int pri;
if (save_errno == EAGAIN && try > 0)
pri = LOG_DEBUG;
else
pri = LOG_WARNING;
sm_syslog(pri, NOQID,
"STARTTLS: read error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
err, r, errno,
ERR_error_string(ERR_get_error(), NULL), try,
ssl_err);
}
else if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: read error=%s (%d), errno=%d, retry=%d, ssl_err=%d",
err, r, errno, try, ssl_err);
errno = save_errno;
}
return r;
}
/*
** TLS_WRITE -- write information out through secure connection
**
** Parameters:
** fp -- the file pointer
** buf -- holds the data to be securely written
** size -- the number of bytes to write
**
** Returns:
** -1 on error
** otherwise number of bytes written
*/
static ssize_t tls_write __P((SM_FILE_T *, const char *, size_t));
static ssize_t
tls_write(fp, buf, size)
SM_FILE_T *fp;
const char *buf;
size_t size;
{
int r, rfd, wfd, try, ssl_err;
struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
time_t tlsstart;
char *err;
try = 99;
err = NULL;
tlsstart = curtime();
retry:
r = SSL_write(so->con, (char *) buf, size);
if (r > 0)
return r;
err = NULL;
switch (ssl_err = SSL_get_error(so->con, r))
{
case SSL_ERROR_NONE:
case SSL_ERROR_ZERO_RETURN:
break;
case SSL_ERROR_WANT_WRITE:
err = "read W BLOCK";
/* FALLTHROUGH */
case SSL_ERROR_WANT_READ:
if (err == NULL)
err = "read R BLOCK";
rfd = SSL_get_rfd(so->con);
wfd = SSL_get_wfd(so->con);
try = tls_retry(so->con, rfd, wfd, tlsstart,
DATA_PROGRESS_TIMEOUT, ssl_err, "write");
if (try > 0)
goto retry;
errno = SM_ERR_TIMEOUT;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
err = "write X BLOCK";
break;
case SSL_ERROR_SYSCALL:
if (r == 0 && errno == 0) /* out of protocol EOF found */
break;
err = "syscall error";
-/*
- get_last_socket_error());
-*/
break;
case SSL_ERROR_SSL:
err = "generic SSL error";
/*
ERR_GET_REASON(ERR_peek_error()));
*/
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, "write");
+ tlslogerr(LOG_WARNING, 9, "write");
#if DEAL_WITH_ERROR_SSL
/* avoid repeated calls? */
if (r == 0)
r = -1;
-#endif /* DEAL_WITH_ERROR_SSL */
+#endif
break;
}
if (err != NULL)
{
int save_errno;
save_errno = (errno == 0) ? EIO : errno;
if (try == 0 && save_errno == SM_ERR_TIMEOUT)
{
if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: write error=timeout");
}
else if (LogLevel > 8)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: write error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
err, r, errno,
ERR_error_string(ERR_get_error(), NULL), try,
ssl_err);
else if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: write error=%s (%d), errno=%d, retry=%d, ssl_err=%d",
err, r, errno, try, ssl_err);
errno = save_errno;
}
return r;
}
/*
** SFDCTLS -- create tls file type and open in and out file pointers
** for sendmail to read from and write to.
**
** Parameters:
** fin -- data input source being replaced
** fout -- data output source being replaced
** con -- the tls connection pointer
**
** Returns:
** -1 on error
** 0 on success
**
** Side effects:
** The arguments "fin" and "fout" are replaced with the new
** SM_FILE_T pointers.
** The original "fin" and "fout" are preserved in the tls file
** type but are not actually used because of the design of TLS.
*/
int
sfdctls(fin, fout, con)
SM_FILE_T **fin;
SM_FILE_T **fout;
SSL *con;
{
SM_FILE_T *tlsin, *tlsout;
SM_FILE_T SM_IO_SET_TYPE(tls_vector, "tls", tls_open, tls_close,
tls_read, tls_write, NULL, tls_getinfo, NULL,
SM_TIME_FOREVER);
struct tls_info info;
SM_ASSERT(con != NULL);
SM_IO_INIT_TYPE(tls_vector, "tls", tls_open, tls_close,
tls_read, tls_write, NULL, tls_getinfo, NULL,
SM_TIME_FOREVER);
info.fp = *fin;
info.con = con;
tlsin = sm_io_open(&tls_vector, SM_TIME_DEFAULT, &info, SM_IO_RDONLY_B,
NULL);
if (tlsin == NULL)
return -1;
info.fp = *fout;
tlsout = sm_io_open(&tls_vector, SM_TIME_DEFAULT, &info, SM_IO_WRONLY_B,
NULL);
if (tlsout == NULL)
{
(void) sm_io_close(tlsin, SM_TIME_DEFAULT);
return -1;
}
sm_io_automode(tlsin, tlsout);
*fin = tlsin;
*fout = tlsout;
return 0;
}
#endif /* STARTTLS */
diff --git a/src/sfsasl.h b/src/sfsasl.h
index a53ed9d69f38..51e59647b0b8 100644
--- a/src/sfsasl.h
+++ b/src/sfsasl.h
@@ -1,25 +1,25 @@
/*
* Copyright (c) 1999, 2000, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: sfsasl.h,v 8.21 2013-11-22 20:51:56 ca Exp $"
*/
#ifndef SFSASL_H
# define SFSASL_H
# if SASL
extern int sfdcsasl __P((SM_FILE_T **, SM_FILE_T **, sasl_conn_t *, int));
-# endif /* SASL */
+# endif
# if STARTTLS
extern int tls_retry __P((SSL *, int, int, time_t, int, int,
const char *));
extern int sfdctls __P((SM_FILE_T **, SM_FILE_T **, SSL *));
-# endif /* STARTTLS */
+# endif
#endif /* ! SFSASL_H */
diff --git a/src/sm_resolve.c b/src/sm_resolve.c
index 8ec2cb68e6bf..79e4168715a3 100644
--- a/src/sm_resolve.c
+++ b/src/sm_resolve.c
@@ -1,495 +1,1603 @@
/*
- * Copyright (c) 2000-2004, 2010 Proofpoint, Inc. and its suppliers.
+ * Copyright (c) 2000-2004, 2010, 2015, 2020 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sendmail.h>
-#if DNSMAP
+#if DNSMAP || DANE
# if NAMED_BIND
# if NETINET
# include <netinet/in_systm.h>
# include <netinet/ip.h>
-# endif /* NETINET */
+# endif
+# define _DEFINE_SMR_GLOBALS 1
# include "sm_resolve.h"
+#include <arpa/inet.h>
+
SM_RCSID("$Id: sm_resolve.c,v 8.40 2013-11-22 20:51:56 ca Exp $")
static struct stot
{
const char *st_name;
int st_type;
} stot[] =
{
# if NETINET
{ "A", T_A },
-# endif /* NETINET */
+# endif
# if NETINET6
{ "AAAA", T_AAAA },
-# endif /* NETINET6 */
+# endif
{ "NS", T_NS },
{ "CNAME", T_CNAME },
{ "PTR", T_PTR },
{ "MX", T_MX },
{ "TXT", T_TXT },
{ "AFSDB", T_AFSDB },
{ "SRV", T_SRV },
+# ifdef T_DS
+ { "DS", T_DS },
+# endif
+ { "RRSIG", T_RRSIG },
+# ifdef T_NSEC
+ { "NSEC", T_NSEC },
+# endif
+# ifdef T_DNSKEY
+ { "DNSKEY", T_DNSKEY },
+# endif
+ { "TLSA", T_TLSA },
{ NULL, 0 }
};
-static DNS_REPLY_T *parse_dns_reply __P((unsigned char *, int));
+static DNS_REPLY_T *parse_dns_reply __P((unsigned char *, int, unsigned int));
+# if DNSSEC_TEST && defined(T_TLSA)
+static char *hex2bin __P((const char *, int));
+# endif
/*
** DNS_STRING_TO_TYPE -- convert resource record name into type
**
** Parameters:
** name -- name of resource record type
**
** Returns:
** type if succeeded.
** -1 otherwise.
*/
int
dns_string_to_type(name)
const char *name;
{
struct stot *p = stot;
for (p = stot; p->st_name != NULL; p++)
if (sm_strcasecmp(name, p->st_name) == 0)
return p->st_type;
return -1;
}
/*
** DNS_TYPE_TO_STRING -- convert resource record type into name
**
** Parameters:
** type -- resource record type
**
** Returns:
** name if succeeded.
** NULL otherwise.
*/
const char *
dns_type_to_string(type)
int type;
{
struct stot *p = stot;
for (p = stot; p->st_name != NULL; p++)
if (type == p->st_type)
return p->st_name;
return NULL;
}
/*
** DNS_FREE_DATA -- free all components of a DNS_REPLY_T
**
** Parameters:
-** r -- pointer to DNS_REPLY_T
+** dr -- pointer to DNS_REPLY_T
**
** Returns:
** none.
*/
void
-dns_free_data(r)
- DNS_REPLY_T *r;
+dns_free_data(dr)
+ DNS_REPLY_T *dr;
{
RESOURCE_RECORD_T *rr;
- if (r->dns_r_q.dns_q_domain != NULL)
- sm_free(r->dns_r_q.dns_q_domain);
- for (rr = r->dns_r_head; rr != NULL; )
+ if (dr == NULL)
+ return;
+ if (dr->dns_r_q.dns_q_domain != NULL)
+ sm_free(dr->dns_r_q.dns_q_domain);
+ for (rr = dr->dns_r_head; rr != NULL; )
{
RESOURCE_RECORD_T *tmp = rr;
if (rr->rr_domain != NULL)
sm_free(rr->rr_domain);
if (rr->rr_u.rr_data != NULL)
sm_free(rr->rr_u.rr_data);
rr = rr->rr_next;
sm_free(tmp);
}
- sm_free(r);
+ sm_free(dr);
+}
+
+/*
+** BIN2HEX -- convert binary TLSA RR to hex string
+**
+** Parameters:
+** tlsa -- pointer to result (allocated here)
+** p -- binary data (TLSA RR)
+** size -- length of p
+** min_size -- minimum expected size
+**
+** Returns:
+** >0: length of string (*tlsa)
+** -1: error
+*/
+
+static int bin2hex __P((char **, unsigned char *, int, int));
+
+static int
+bin2hex(tlsa, p, size, min_size)
+ char **tlsa;
+ unsigned char *p;
+ int size;
+ int min_size;
+{
+ int i, pos, txtlen;
+
+ txtlen = size * 3;
+ if (txtlen <= size || size < min_size)
+ {
+ if (LogLevel > 5)
+ sm_syslog(LOG_WARNING, NOQID,
+ "ERROR: bin2hex: size %d wrong", size);
+ return -1;
+ }
+ *tlsa = (char *) sm_malloc(txtlen);
+ if (*tlsa == NULL)
+ {
+ if (tTd(8, 17))
+ sm_dprintf("len=%d, rr_data=NULL\n", txtlen);
+ return -1;
+ }
+ snprintf(*tlsa, txtlen,
+ "%02X %02X %02X", p[0], p[1], p[2]);
+ pos = strlen(*tlsa);
+
+ /* why isn't there a print function like strlcat? */
+ for (i = 3; i < size && pos < txtlen; i++, pos += 3)
+ snprintf(*tlsa + pos, txtlen - pos, "%c%02X",
+ (i == 3) ? ' ' : ':', p[i]);
+
+ return i;
}
/*
** PARSE_DNS_REPLY -- parse DNS reply data.
**
** Parameters:
** data -- pointer to dns data
** len -- len of data
+** flags -- flags (RR_*)
**
** Returns:
** pointer to DNS_REPLY_T if succeeded.
** NULL otherwise.
+**
+** Note:
+** use dns_free_data() to free() the result when no longer needed.
*/
static DNS_REPLY_T *
-parse_dns_reply(data, len)
+parse_dns_reply(data, len, flags)
unsigned char *data;
int len;
+ unsigned int flags;
{
unsigned char *p;
unsigned short ans_cnt, ui;
int status;
size_t l;
char host[MAXHOSTNAMELEN];
- DNS_REPLY_T *r;
+ DNS_REPLY_T *dr;
RESOURCE_RECORD_T **rr;
- r = (DNS_REPLY_T *) sm_malloc(sizeof(*r));
- if (r == NULL)
+ if (tTd(8, 90))
+ {
+ FILE *fp;
+
+ fp = fopen("dns.buffer", "w");
+ if (fp != NULL)
+ {
+ fwrite(data, 1, len, fp);
+ fclose(fp);
+ fp = NULL;
+ }
+ else
+ sm_dprintf("parse_dns_reply: fp=%p, e=%d\n",
+ (void *)fp, errno);
+ }
+
+ dr = (DNS_REPLY_T *) sm_malloc(sizeof(*dr));
+ if (dr == NULL)
return NULL;
- memset(r, 0, sizeof(*r));
+ memset(dr, 0, sizeof(*dr));
p = data;
/* doesn't work on Crays? */
- memcpy(&r->dns_r_h, p, sizeof(r->dns_r_h));
- p += sizeof(r->dns_r_h);
+ memcpy(&dr->dns_r_h, p, sizeof(dr->dns_r_h));
+ p += sizeof(dr->dns_r_h);
status = dn_expand(data, data + len, p, host, sizeof(host));
if (status < 0)
- {
- dns_free_data(r);
- return NULL;
- }
- r->dns_r_q.dns_q_domain = sm_strdup(host);
- if (r->dns_r_q.dns_q_domain == NULL)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
+ dr->dns_r_q.dns_q_domain = sm_strdup(host);
+ if (dr->dns_r_q.dns_q_domain == NULL)
+ goto error;
- ans_cnt = ntohs((unsigned short) r->dns_r_h.ancount);
+ ans_cnt = ntohs((unsigned short) dr->dns_r_h.ancount);
+ if (tTd(8, 17))
+ sm_dprintf("parse_dns_reply: ac=%d, ad=%d\n", ans_cnt,
+ dr->dns_r_h.ad);
p += status;
- GETSHORT(r->dns_r_q.dns_q_type, p);
- GETSHORT(r->dns_r_q.dns_q_class, p);
- rr = &r->dns_r_head;
+ GETSHORT(dr->dns_r_q.dns_q_type, p);
+ GETSHORT(dr->dns_r_q.dns_q_class, p);
+ rr = &dr->dns_r_head;
ui = 0;
while (p < data + len && ui < ans_cnt)
{
int type, class, ttl, size, txtlen;
status = dn_expand(data, data + len, p, host, sizeof(host));
if (status < 0)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
++ui;
p += status;
GETSHORT(type, p);
GETSHORT(class, p);
GETLONG(ttl, p);
GETSHORT(size, p);
if (p + size > data + len)
{
/*
** announced size of data exceeds length of
** data paket: someone is cheating.
*/
if (LogLevel > 5)
sm_syslog(LOG_WARNING, NOQID,
"ERROR: DNS RDLENGTH=%d > data len=%d",
size, len - (int)(p - data));
- dns_free_data(r);
- return NULL;
+ goto error;
}
*rr = (RESOURCE_RECORD_T *) sm_malloc(sizeof(**rr));
if (*rr == NULL)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
memset(*rr, 0, sizeof(**rr));
(*rr)->rr_domain = sm_strdup(host);
if ((*rr)->rr_domain == NULL)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
(*rr)->rr_type = type;
(*rr)->rr_class = class;
(*rr)->rr_ttl = ttl;
(*rr)->rr_size = size;
switch (type)
{
case T_NS:
case T_CNAME:
case T_PTR:
status = dn_expand(data, data + len, p, host,
sizeof(host));
if (status < 0)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
+ if (tTd(8, 50))
+ sm_dprintf("parse_dns_reply: type=%s, host=%s\n",
+ dns_type_to_string(type), host);
(*rr)->rr_u.rr_txt = sm_strdup(host);
if ((*rr)->rr_u.rr_txt == NULL)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
break;
case T_MX:
case T_AFSDB:
status = dn_expand(data, data + len, p + 2, host,
sizeof(host));
if (status < 0)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
l = strlen(host) + 1;
(*rr)->rr_u.rr_mx = (MX_RECORD_T *)
sm_malloc(sizeof(*((*rr)->rr_u.rr_mx)) + l);
if ((*rr)->rr_u.rr_mx == NULL)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
(*rr)->rr_u.rr_mx->mx_r_preference = (p[0] << 8) | p[1];
(void) sm_strlcpy((*rr)->rr_u.rr_mx->mx_r_domain,
host, l);
+ if (tTd(8, 50))
+ sm_dprintf("mx=%s, pref=%d\n", host,
+ (*rr)->rr_u.rr_mx->mx_r_preference);
break;
case T_SRV:
status = dn_expand(data, data + len, p + 6, host,
sizeof(host));
if (status < 0)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
l = strlen(host) + 1;
(*rr)->rr_u.rr_srv = (SRV_RECORDT_T*)
sm_malloc(sizeof(*((*rr)->rr_u.rr_srv)) + l);
if ((*rr)->rr_u.rr_srv == NULL)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
(*rr)->rr_u.rr_srv->srv_r_priority = (p[0] << 8) | p[1];
(*rr)->rr_u.rr_srv->srv_r_weight = (p[2] << 8) | p[3];
(*rr)->rr_u.rr_srv->srv_r_port = (p[4] << 8) | p[5];
(void) sm_strlcpy((*rr)->rr_u.rr_srv->srv_r_target,
host, l);
break;
case T_TXT:
/*
** The TXT record contains the length as
** leading byte, hence the value is restricted
** to 255, which is less than the maximum value
** of RDLENGTH (size). Nevertheless, txtlen
** must be less than size because the latter
** specifies the length of the entire TXT
** record.
*/
txtlen = *p;
if (txtlen >= size)
{
if (LogLevel > 5)
sm_syslog(LOG_WARNING, NOQID,
"ERROR: DNS TXT record size=%d <= text len=%d",
size, txtlen);
- dns_free_data(r);
- return NULL;
+ goto error;
}
(*rr)->rr_u.rr_txt = (char *) sm_malloc(txtlen + 1);
if ((*rr)->rr_u.rr_txt == NULL)
- {
- dns_free_data(r);
- return NULL;
- }
+ goto error;
(void) sm_strlcpy((*rr)->rr_u.rr_txt, (char*) p + 1,
txtlen + 1);
break;
+# ifdef T_TLSA
+ case T_TLSA:
+ if (tTd(8, 61))
+ sm_dprintf("parse_dns_reply: TLSA, size=%d, flags=%X\n",
+ size, flags);
+ if ((flags & RR_AS_TEXT) != 0)
+ {
+ txtlen = bin2hex((char **)&((*rr)->rr_u.rr_data),
+ p, size, 4);
+ if (txtlen <= 0)
+ goto error;
+ break;
+ }
+ /* FALLTHROUGH */
+ /* return "raw" data for caller to use as it pleases */
+# endif /* T_TLSA */
+
default:
(*rr)->rr_u.rr_data = (unsigned char*) sm_malloc(size);
if ((*rr)->rr_u.rr_data == NULL)
+ goto error;
+ (void) memcpy((*rr)->rr_u.rr_data, p, size);
+ if (tTd(8, 61) && type == T_A)
{
- dns_free_data(r);
- return NULL;
+ SOCKADDR addr;
+
+ (void) memcpy((void *)&addr.sin.sin_addr.s_addr, p, size);
+ sm_dprintf("parse_dns_reply: IPv4=%s\n",
+ inet_ntoa(addr.sin.sin_addr));
}
- (void) memcpy((*rr)->rr_u.rr_data, p, size);
break;
}
p += size;
rr = &(*rr)->rr_next;
}
*rr = NULL;
- return r;
+ return dr;
+
+ error:
+ dns_free_data(dr);
+ return NULL;
+}
+
+# if DNSSEC_TEST
+
+#include <arpa/nameser.h>
+
+static int gen_dns_reply __P((unsigned char *, int, unsigned char *,
+ const char *, int, const char *, int, int, int, int,
+ const char *, int, int, int));
+static int dnscrtrr __P((const char *, const char *, int, char *, int,
+ unsigned int, int *, int *, unsigned char *, int, unsigned char *));
+
+/*
+** HERRNO2TXT -- return error text for h_errno
+**
+** Parameters:
+** e -- h_errno
+**
+** Returns:
+** DNS error text if available
+*/
+
+const char *
+herrno2txt(e)
+ int e;
+{
+ switch (e)
+ {
+ case NETDB_INTERNAL:
+ return "see errno";
+ case NETDB_SUCCESS:
+ return "OK";
+ case HOST_NOT_FOUND:
+ return "HOST_NOT_FOUND";
+ case TRY_AGAIN:
+ return "TRY_AGAIN";
+ case NO_RECOVERY:
+ return "NO_RECOVERY";
+ case NO_DATA:
+ return "NO_DATA";
+ }
+ return "bogus h_errno";
}
/*
-** DNS_LOOKUP_INT -- perform dns map lookup (internal helper routine)
+** GEN_DNS_REPLY -- generate DNS reply data.
+**
+** Parameters:
+** buf -- buffer to which DNS data is written
+** buflen -- length of buffer
+** bufpos -- position in buffer where DNS RRs are appended
+** query -- name of query
+** qtype -- resource record type of query
+** domain -- name of domain which has been "found"
+** class -- resource record class
+** type -- resource record type
+** ttl -- TTL
+** size -- size of data
+** data -- data
+** txtlen -- length of text
+** pref -- MX preference
+** ad -- ad flag
+**
+** Returns:
+** >0 length of buffer that has been used.
+** <0 error
+*/
+
+static int
+gen_dns_reply(buf, buflen, bufpos, query, qtype, domain, class, type, ttl, size, data, txtlen, pref, ad)
+ unsigned char *buf;
+ int buflen;
+ unsigned char *bufpos;
+ const char *query;
+ int qtype;
+ const char *domain;
+ int class;
+ int type;
+ int ttl;
+ int size;
+ const char *data;
+ int txtlen;
+ int pref;
+ int ad;
+{
+ unsigned short ans_cnt;
+ HEADER *hp;
+ unsigned char *cp, *ep;
+ int n;
+ static unsigned char *dnptrs[20], **dpp, **lastdnptr;
+
+ SM_REQUIRE(NULL != buf);
+ SM_REQUIRE(buflen >= HFIXEDSZ);
+ SM_REQUIRE(query != NULL);
+ hp = (HEADER *) buf;
+ ep = buf + buflen;
+ cp = buf + HFIXEDSZ;
+
+ if (bufpos != NULL)
+ cp = bufpos;
+ else
+ {
+ sm_dprintf("gen_dns_reply: query=%s, domain=%s, type=%s, size=%d, ad=%d\n",
+ query, domain, dns_type_to_string(type), size, ad);
+ dpp = dnptrs;
+ *dpp++ = buf;
+ *dpp++ = NULL;
+ lastdnptr = dnptrs + sizeof dnptrs / sizeof dnptrs[0];
+
+ memset(buf, 0, HFIXEDSZ);
+ hp->id = 0xdead; /* HACK */
+ hp->qr = 1;
+ hp->opcode = QUERY;
+ hp->rd = 0; /* recursion desired? */
+ hp->rcode = 0; /* !!! */
+ /* hp->aa = ?; * !!! */
+ /* hp->tc = ?; * !!! */
+ /* hp->ra = ?; * !!! */
+ hp->qdcount = htons(1);
+ hp->ancount = 0;
+
+ n = dn_comp(query, cp, ep - cp - QFIXEDSZ, dnptrs, lastdnptr);
+ if (n < 0)
+ return n;
+ cp += n;
+ PUTSHORT(qtype, cp);
+ PUTSHORT(class, cp);
+ }
+ hp->ad = ad;
+
+ if (ep - cp < QFIXEDSZ)
+ return (-1);
+ n = dn_comp(domain, cp, ep - cp - QFIXEDSZ, dnptrs, lastdnptr);
+ if (n < 0)
+ return n;
+ cp += n;
+ PUTSHORT(type, cp);
+ PUTSHORT(class, cp);
+ PUTLONG(ttl, cp);
+
+ ans_cnt = ntohs((unsigned short) hp->ancount);
+ ++ans_cnt;
+ hp->ancount = htons((unsigned short) ans_cnt);
+
+ switch (type)
+ {
+ case T_MX:
+ n = dn_comp(data, cp + 4, ep - cp - QFIXEDSZ, dnptrs, lastdnptr);
+ if (n < 0)
+ return n;
+ PUTSHORT(n + 2, cp);
+ PUTSHORT(pref, cp);
+ cp += n;
+ break;
+
+ case T_TXT:
+ if (txtlen >= size)
+ return -1;
+ PUTSHORT(txtlen, cp);
+ (void) sm_strlcpy((char *)cp, data, txtlen + 1);
+ cp += txtlen;
+ break;
+
+ case T_CNAME:
+ n = dn_comp(data, cp + 2, ep - cp - QFIXEDSZ, dnptrs, lastdnptr);
+ if (n < 0)
+ return n;
+ PUTSHORT(n, cp);
+ cp += n;
+ break;
+
+# if defined(T_TLSA)
+ case T_TLSA:
+ {
+ char *tlsa;
+
+ tlsa = hex2bin(data, size);
+ if (tlsa == NULL)
+ return (-1);
+ n = size / 2;
+ PUTSHORT(n, cp);
+ (void) memcpy(cp, tlsa, n);
+ cp += n;
+ }
+ break;
+# endif /* T_TLSA */
+
+ default:
+ PUTSHORT(size, cp);
+ (void) memcpy(cp, data, size);
+ cp += size;
+ break;
+ }
+
+ return (cp - buf);
+}
+
+/*
+** SETHERRNOFROMSTRING -- set h_errno based on text
+**
+** Parameters:
+** str -- string which might contain h_errno text
+** prc -- pointer to rcode (EX_*)
+**
+** Returns:
+** h_errno if found
+** 0 otherwise
+*/
+
+int
+setherrnofromstring(str, prc)
+ const char *str;
+ int *prc;
+{
+ SM_SET_H_ERRNO(0);
+ if (str == NULL || *str == '\0')
+ return 0;
+ if (strstr(str, "herrno:") == NULL)
+ return 0;
+ if (prc != NULL)
+ *prc = EX_NOHOST;
+ if (strstr(str, "host_not_found"))
+ SM_SET_H_ERRNO(HOST_NOT_FOUND);
+ else if (strstr(str, "try_again"))
+ {
+ SM_SET_H_ERRNO(TRY_AGAIN);
+ if (prc != NULL)
+ *prc = EX_TEMPFAIL;
+ }
+ else if (strstr(str, "no_recovery"))
+ SM_SET_H_ERRNO(NO_RECOVERY);
+ else if (strstr(str, "no_data"))
+ SM_SET_H_ERRNO(NO_DATA);
+ else
+ SM_SET_H_ERRNO(NETDB_INTERNAL);
+ return h_errno;
+}
+
+/*
+** GETTTLFROMSTRING -- extract ttl from a string
+**
+** Parameters:
+** str -- string which might contain ttl
+**
+** Returns:
+** ttl if found
+** 0 otherwise
+*/
+
+int
+getttlfromstring(str)
+ const char *str;
+{
+ if (str == NULL || *str == '\0')
+ return 0;
+#define TTL_PRE "ttl="
+ if (strstr(str, TTL_PRE) == NULL)
+ return 0;
+ return strtoul(str + strlen(TTL_PRE), NULL, 10);
+}
+
+/*
+** NSPORTIP -- parse port@IPv4 and set NS accordingly
+**
+** Parameters:
+** p -- port@Ipv4
+**
+** Returns:
+** <0: error
+** >0: ok
+**
+** Side Effects:
+** sets NS for DNS lookups
+*/
+
+/*
+** There should be a generic function for this...
+** milter_open(), socket_map_open(), others?
+*/
+
+int
+nsportip(p)
+ char *p;
+{
+ char *h;
+ int r;
+ unsigned short port;
+ struct in_addr nsip;
+
+ if (p == NULL || *p == '\0')
+ return -1;
+
+ port = 0;
+ while (SM_ISSPACE(*p))
+ p++;
+ if (*p == '\0')
+ return -1;
+ h = strchr(p, '@');
+ if (h != NULL)
+ {
+ *h = '\0';
+ if (isascii(*p) && isdigit(*p))
+ port = atoi(p);
+ *h = '@';
+ p = h + 1;
+ }
+ h = strchr(p, ' ');
+ if (h != NULL)
+ *h = '\0';
+ r = inet_pton(AF_INET, p, &nsip);
+ if (r > 0)
+ {
+ if ((_res.options & RES_INIT) == 0)
+ (void) res_init();
+ dns_setns(&nsip, port);
+ }
+ if (h != NULL)
+ *h = ' ';
+ return r > 0 ? 0 : -1;
+}
+
+/*
+** DNS_SETNS -- set one NS in resolver context
+**
+** Parameters:
+** ns -- (IPv4 address of) nameserver
+** port -- nameserver port
+**
+** Returns:
+** None.
+*/
+
+void
+dns_setns(ns, port)
+ struct in_addr *ns;
+ unsigned int port;
+{
+ _res.nsaddr_list[0].sin_family = AF_INET;
+ _res.nsaddr_list[0].sin_addr = *ns;
+ if (port != 0)
+ _res.nsaddr_list[0].sin_port = htons(port);
+ _res.nscount = 1;
+ if (tTd(8, 61))
+ sm_dprintf("dns_setns(%s,%u)\n", inet_ntoa(*ns), port);
+}
+
+# if defined(T_TLSA)
+/*
+** HEX2BIN -- convert hex string to binary TLSA RR
+**
+** Parameters:
+** p -- hex representation of TLSA RR
+** size -- length of p
+**
+** Returns:
+** pointer to binary TLSA RR
+** NULL: error
+*/
+
+static char *
+hex2bin(p, size)
+ const char *p;
+ int size;
+{
+ int i, pos, txtlen;
+ char *tlsa;
+
+ txtlen = size / 2;
+ if (txtlen * 2 == size)
+ {
+ if (LogLevel > 5)
+ sm_syslog(LOG_WARNING, NOQID,
+ "ERROR: hex2bin: size %d wrong", size);
+ return NULL;
+ }
+ tlsa = sm_malloc(txtlen + 1);
+ if (tlsa == NULL)
+ {
+ if (tTd(8, 17))
+ sm_dprintf("len=%d, tlsa=NULL\n", txtlen);
+ return NULL;
+ }
+
+#define CHAR2INT(c) (((c) <= '9') ? ((c) - '0') : (toupper(c) - 'A' + 10))
+ for (i = 0, pos = 0; i + 1 < size && pos < txtlen; i += 2, pos++)
+ tlsa[pos] = CHAR2INT(p[i]) * 16 + CHAR2INT(p[i+1]);
+
+ return tlsa;
+}
+# endif /* T_TLSA */
+
+const char *
+rr_type2tag(rr_type)
+ int rr_type;
+{
+ switch (rr_type)
+ {
+ case T_A:
+ return "ipv4";
+# if NETINET6
+ case T_AAAA:
+ return "ipv6";
+# endif
+ case T_CNAME:
+ return "cname";
+ case T_MX:
+ return "mx";
+# ifdef T_TLSA
+ case T_TLSA:
+ return "tlsa";
+# endif
+ }
+ return NULL;
+}
+
+/*
+** DNSCRTRR -- create DNS RR
+**
+** Parameters:
+** domain -- original query domain
+** query -- name of query
+** qtype -- resource record type of query
+** value -- (list of) data to set
+** rr_type -- resource record type
+** flags -- flags how to handle various lookups
+** herr -- (pointer to) h_errno (output if non-NULL)
+** adp -- (pointer to) ad flag
+** answer -- buffer for RRs
+** anslen -- size of answer
+** anspos -- current position in answer
+**
+** Returns:
+** >0: length of data in answer
+** <0: error, check *herr
+*/
+
+static int
+dnscrtrr(domain, query, qtype, value, rr_type, flags, herr, adp, answer, anslen, anspos)
+ const char *domain;
+ const char *query;
+ int qtype;
+ char *value;
+ int rr_type;
+ unsigned int flags;
+ int *herr;
+ int *adp;
+ unsigned char *answer;
+ int anslen;
+ unsigned char *anspos;
+{
+ SOCKADDR addr;
+ int ttl, ad, rlen;
+ char *p, *token;
+ char data[IN6ADDRSZ];
+ char rhs[MAXLINE];
+
+ rlen = -1;
+ if (NULL == value || '\0' == *value)
+ return rlen;
+ SM_REQUIRE(adp != NULL);
+ (void) sm_strlcpy(rhs, value, sizeof(rhs));
+ p = rhs;
+ if (setherrnofromstring(p, NULL) != 0)
+ {
+ if (herr != NULL)
+ *herr = h_errno;
+ if (tTd(8, 16))
+ sm_dprintf("dnscrtrr rhs=%s h_errno=%d (%s)\n",
+ p, h_errno, herrno2txt(h_errno));
+ return rlen;
+ }
+
+ ttl = 0;
+ ad = 0;
+ for (token = p; token != NULL && *token != '\0'; token = p)
+ {
+ rlen = 0;
+ while (p != NULL && *p != '\0' && !SM_ISSPACE(*p))
+ ++p;
+ if (SM_ISSPACE(*p))
+ *p++ = '\0';
+ sm_dprintf("dnscrtrr: token=%s\n", token);
+ if (strcmp(token, "ad") == 0)
+ {
+ bool adflag;
+
+ adflag = (_res.options & RES_USE_DNSSEC) != 0;
+
+ /* maybe print this only for the final RR? */
+ if (tTd(8, 61))
+ sm_dprintf("dnscrtrr: ad=1, adp=%d, adflag=%d\n",
+ *adp, adflag);
+ if (*adp != 0 && adflag)
+ {
+ *adp = 1;
+ ad = 1;
+ }
+ continue;
+ }
+ if (ttl == 0 && (ttl = getttlfromstring(token)) > 0)
+ {
+ if (tTd(8, 61))
+ sm_dprintf("dnscrtrr: ttl=%d\n", ttl);
+ continue;
+ }
+
+ if (rr_type == T_A)
+ {
+ addr.sin.sin_addr.s_addr = inet_addr(token);
+ (void) memmove(data, (void *)&addr.sin.sin_addr.s_addr,
+ INADDRSZ);
+ rlen = gen_dns_reply(answer, anslen, anspos,
+ query, qtype, domain, C_IN, rr_type, ttl,
+ INADDRSZ, data, 0, 0, ad);
+ }
+
+# if NETINET6
+ if (rr_type == T_AAAA)
+ {
+ anynet_pton(AF_INET6, token, &addr.sin6.sin6_addr);
+ memmove(data, (void *)&addr.sin6.sin6_addr, IN6ADDRSZ);
+ rlen = gen_dns_reply(answer, anslen, anspos,
+ query, qtype, domain, C_IN, rr_type, ttl,
+ IN6ADDRSZ, data, 0, 0, ad);
+ }
+# endif /* NETINET6 */
+
+ if (rr_type == T_MX)
+ {
+ char *endptr;
+ int pref;
+
+ pref = (int) strtoul(token, &endptr, 10);
+ if (endptr == NULL || *endptr != ':')
+ goto error;
+ token = endptr + 1;
+ rlen = gen_dns_reply(answer, anslen, anspos,
+ query, qtype, domain, C_IN, rr_type, ttl,
+ strlen(token) + 1, token, 0, pref, ad);
+ if (tTd(8, 50))
+ sm_dprintf("dnscrtrr: mx=%s, pref=%d\n",
+ token, pref);
+ }
+
+# ifdef T_TLSA
+ if (rr_type == T_TLSA)
+ rlen = gen_dns_reply(answer, anslen, anspos,
+ query, qtype, domain, C_IN, rr_type, ttl,
+ strlen(token) + 1, token, 0, 0, ad);
+# endif
+
+ if (rr_type == T_CNAME)
+ rlen = gen_dns_reply(answer, anslen, anspos,
+ query, qtype, domain, C_IN, rr_type, ttl,
+ strlen(token), token, 0, 0, ad);
+ if (rlen < 0)
+ goto error;
+ if (rlen > 0)
+ anspos = answer + rlen;
+ }
+
+ if (ad != 1)
+ *adp = 0;
+
+ return rlen;
+
+ error:
+ if (herr != NULL && 0 == *herr)
+ *herr = NO_RECOVERY;
+ return -1;
+}
+
+/*
+** TSTDNS_SEARCH -- replacement for res_search() for testing
+**
+** Parameters:
+** domain -- query domain
+** class -- class
+** type -- resource record type
+** answer -- buffer for RRs
+** anslen -- size of answer
+**
+** Returns:
+** >0: length of data in answer
+** <0: error, check h_errno
+*/
+
+int
+tstdns_search(domain, class, type, answer, anslen)
+ const char *domain;
+ int class;
+ int type;
+ unsigned char *answer;
+ int anslen;
+{
+ int rlen, ad, maprcode, cnt, flags, herr;
+ bool found_cname;
+ const char *query;
+ char *p;
+ const char *tag;
+ char *av[2];
+ STAB *map;
+ char key[MAXNAME + 16];
+ char rhs[MAXLINE];
+ unsigned char *anspos;
+
+ rlen = -1;
+ herr = 0;
+ if (class != C_IN)
+ goto error;
+ if (NULL == domain || '\0' == *domain)
+ goto error;
+ tag = rr_type2tag(type);
+ if (tag == NULL)
+ goto error;
+ maprcode = EX_OK;
+ ad = -1;
+ flags = 0;
+ query = domain;
+ anspos = NULL;
+
+ map = stab("access", ST_MAP, ST_FIND);
+ if (NULL == map)
+ {
+ sm_dprintf("access map not found\n");
+ goto error;
+ }
+ if (!bitset(MF_OPEN, map->s_map.map_mflags) &&
+ !openmap(&(map->s_map)))
+ {
+ sm_dprintf("access map open failed\n");
+ goto error;
+ }
+
+/*
+** Look up tag:domain, if not found and domain does not end with a dot
+** (and the proper debug level is selected), also try with trailing dot.
+*/
+
+#define SM_LOOKUP2(tag) \
+ do { \
+ int len; \
+ \
+ len = strlen(domain); \
+ av[0] = key; \
+ av[1] = NULL; \
+ snprintf(key, sizeof(key), "%s:%s", tag, domain); \
+ p = (*map->s_map.map_class->map_lookup)(&map->s_map, key, av, \
+ &maprcode); \
+ if (p != NULL) \
+ break; \
+ if (!tTd(8, 112) || (len > 0 && '.' == domain[len - 1])) \
+ break; \
+ snprintf(key, sizeof(key), "%s:%s.", tag, domain); \
+ p = (*map->s_map.map_class->map_lookup)(&map->s_map, key, av, \
+ &maprcode); \
+ } while (0)
+
+ cnt = 0;
+ found_cname = false;
+ while (cnt < 6)
+ {
+ char *last;
+
+ /* Should this try with/without trailing dot? */
+ SM_LOOKUP2(tag);
+ if (p != NULL)
+ {
+ sm_dprintf("access map lookup key=%s, value=%s\n", key,
+ p);
+ break;
+ }
+ if (NULL == p && (flags & RR_NO_CNAME) == 0)
+ {
+ sm_dprintf("access map lookup failed key=%s, try cname\n",
+ key);
+ SM_LOOKUP2("cname");
+ if (p != NULL)
+ {
+ sm_dprintf("cname lookup key=%s, value=%s, ad=%d\n",
+ key, p, ad);
+ rlen = dnscrtrr(domain, query, type, p, T_CNAME,
+ flags, &herr, &ad, answer,
+ anslen, anspos);
+ if (rlen < 0)
+ goto error;
+ if (rlen > 0)
+ anspos = answer + rlen;
+ found_cname = true;
+ }
+ }
+ if (NULL == p)
+ break;
+
+ (void) sm_strlcpy(rhs, p, sizeof(rhs));
+ p = rhs;
+
+ /* skip (leading) ad/ttl: look for last ' ' */
+ if ((last = strrchr(p, ' ')) != NULL && last[1] != '\0')
+ domain = last + 1;
+ else
+ domain = p;
+ ++cnt;
+ }
+ if (NULL == p)
+ {
+ int t;
+ char *tags[] = { "ipv4", "mx", "tlsa",
+# if NETINET6
+ "ipv6",
+# endif
+ NULL
+ };
+
+ for (t = 0; tags[t] != NULL; t++)
+ {
+ if (strcmp(tag, tags[t]) == 0)
+ continue;
+ SM_LOOKUP2(tags[t]);
+ if (p != NULL)
+ {
+ sm_dprintf("access map lookup failed key=%s:%s, but found key=%s\n",
+ tag, domain, key);
+ herr = NO_DATA;
+ goto error;
+ }
+ }
+ sm_dprintf("access map lookup failed key=%s\n", key);
+ herr = HOST_NOT_FOUND;
+ goto error;
+ }
+ if (found_cname && (flags & RR_ONLY_CNAME) != 0)
+ return rlen;
+ rlen = dnscrtrr(domain, query, type, p, type, flags, &herr, &ad,
+ answer, anslen, anspos);
+ if (rlen < 0)
+ goto error;
+ return rlen;
+
+ error:
+ if (0 == herr)
+ herr = NO_RECOVERY;
+ SM_SET_H_ERRNO(herr);
+ sm_dprintf("rlen=%d, herr=%d\n", rlen, herr);
+ return -1;
+}
+
+/*
+** TSTDNS_QUERYDOMAIN -- replacement for res_querydomain() for testing
+**
+** Parameters:
+** name -- query name
+** domain -- query domain
+** class -- class
+** type -- resource record type
+** answer -- buffer for RRs
+** anslen -- size of answer
+**
+** Returns:
+** >0: length of data in answer
+** <0: error, check h_errno
+*/
+
+int
+tstdns_querydomain(name, domain, class, type, answer, anslen)
+ const char *name;
+ const char *domain;
+ int class;
+ int type;
+ unsigned char *answer;
+ int anslen;
+{
+ char query[MAXNAME];
+ int len;
+
+ if (NULL == name)
+ goto error;
+ if (NULL == domain || '\0' == *domain)
+ return tstdns_search(name, class, type, answer, anslen);
+
+ len = snprintf(query, sizeof(query), "%s.%s", name, domain);
+ if (len >= (int)sizeof(query))
+ goto error;
+ return tstdns_search(query, class, type, answer, anslen);
+
+ error:
+ SM_SET_H_ERRNO(NO_RECOVERY);
+ return -1;
+}
+
+# endif /* DNSSEC_TEST */
+
+/*
+** DNS_LOOKUP_INT -- perform DNS lookup
**
** Parameters:
** domain -- name to lookup
** rr_class -- resource record class
** rr_type -- resource record type
** retrans -- retransmission timeout
** retry -- number of retries
+** options -- DNS resolver options
+** flags -- currently only passed to parse_dns_reply()
+** err -- (pointer to) errno (output if non-NULL)
+** herr -- (pointer to) h_errno (output if non-NULL)
**
** Returns:
** result of lookup if succeeded.
** NULL otherwise.
*/
DNS_REPLY_T *
-dns_lookup_int(domain, rr_class, rr_type, retrans, retry)
+dns_lookup_int(domain, rr_class, rr_type, retrans, retry, options, flags, err, herr)
const char *domain;
int rr_class;
int rr_type;
time_t retrans;
int retry;
+ unsigned int options;
+ unsigned int flags;
+ int *err;
+ int *herr;
{
int len;
unsigned long old_options = 0;
time_t save_retrans = 0;
int save_retry = 0;
- DNS_REPLY_T *r = NULL;
+ DNS_REPLY_T *dr = NULL;
querybuf reply_buf;
unsigned char *reply;
+ int (*resfunc) __P((const char *, int, int, u_char *, int));
-#define SMRBSIZE sizeof(reply_buf)
-#ifndef IP_MAXPACKET
-# define IP_MAXPACKET 65535
-#endif
+# define SMRBSIZE ((int) sizeof(reply_buf))
+# ifndef IP_MAXPACKET
+# define IP_MAXPACKET 65535
+# endif
+ resfunc = res_search;
+# if DNSSEC_TEST
+ if (tTd(8, 110))
+ resfunc = tstdns_search;
+# endif
+
+ old_options = _res.options;
+ _res.options |= options;
+ if (err != NULL)
+ *err = 0;
+ if (herr != NULL)
+ *herr = 0;
if (tTd(8, 16))
{
- old_options = _res.options;
_res.options |= RES_DEBUG;
- sm_dprintf("dns_lookup(%s, %d, %s)\n", domain,
- rr_class, dns_type_to_string(rr_type));
+ sm_dprintf("dns_lookup_int(%s, %d, %s, %x)\n", domain,
+ rr_class, dns_type_to_string(rr_type), options);
}
+# if DNSSEC_TEST
+ if (tTd(8, 15))
+ sm_dprintf("NS=%s, port=%d\n",
+ inet_ntoa(_res.nsaddr_list[0].sin_addr),
+ ntohs(_res.nsaddr_list[0].sin_port));
+# endif
if (retrans > 0)
{
save_retrans = _res.retrans;
_res.retrans = retrans;
}
if (retry > 0)
{
save_retry = _res.retry;
_res.retry = retry;
}
errno = 0;
SM_SET_H_ERRNO(0);
reply = (unsigned char *)&reply_buf;
- len = res_search(domain, rr_class, rr_type, reply, SMRBSIZE);
+ len = (*resfunc)(domain, rr_class, rr_type, reply, SMRBSIZE);
if (len >= SMRBSIZE)
{
if (len >= IP_MAXPACKET)
{
if (tTd(8, 4))
sm_dprintf("dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response too long\n",
- domain, len, (int) SMRBSIZE,
- IP_MAXPACKET);
+ domain, len, SMRBSIZE, IP_MAXPACKET);
}
else
{
if (tTd(8, 6))
sm_dprintf("dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response longer than default size, resizing\n",
- domain, len, (int) SMRBSIZE,
- IP_MAXPACKET);
+ domain, len, SMRBSIZE, IP_MAXPACKET);
reply = (unsigned char *)sm_malloc(IP_MAXPACKET);
if (reply == NULL)
SM_SET_H_ERRNO(TRY_AGAIN);
else
- len = res_search(domain, rr_class, rr_type,
+ {
+ SM_SET_H_ERRNO(0);
+ len = (*resfunc)(domain, rr_class, rr_type,
reply, IP_MAXPACKET);
+ }
}
}
- if (tTd(8, 16))
+ _res.options = old_options;
+ if (len < 0)
+ {
+ if (err != NULL)
+ *err = errno;
+ if (herr != NULL)
+ *herr = h_errno;
+ if (tTd(8, 16))
+ {
+ sm_dprintf("dns_lookup_int(%s, %d, %s, %x)=%d, errno=%d, h_errno=%d"
+# if DNSSEC_TEST
+ " (%s)"
+# endif
+ "\n",
+ domain, rr_class, dns_type_to_string(rr_type),
+ options, len, errno, h_errno
+# if DNSSEC_TEST
+ , herrno2txt(h_errno)
+# endif
+ );
+ }
+ }
+ else if (tTd(8, 16))
{
- _res.options = old_options;
- sm_dprintf("dns_lookup(%s, %d, %s) --> %d\n",
- domain, rr_class, dns_type_to_string(rr_type), len);
+ sm_dprintf("dns_lookup_int(%s, %d, %s, %x)=%d\n",
+ domain, rr_class, dns_type_to_string(rr_type),
+ options, len);
}
if (len >= 0 && len < IP_MAXPACKET && reply != NULL)
- r = parse_dns_reply(reply, len);
+ dr = parse_dns_reply(reply, len, flags);
if (reply != (unsigned char *)&reply_buf && reply != NULL)
{
sm_free(reply);
reply = NULL;
}
if (retrans > 0)
_res.retrans = save_retrans;
if (retry > 0)
_res.retry = save_retry;
- return r;
+ return dr;
}
-# if 0
+/*
+** DNS_LOOKUP_MAP -- perform DNS map lookup
+**
+** Parameters:
+** domain -- name to lookup
+** rr_class -- resource record class
+** rr_type -- resource record type
+** retrans -- retransmission timeout
+** retry -- number of retries
+** options -- DNS resolver options
+**
+** Returns:
+** result of lookup if succeeded.
+** NULL otherwise.
+*/
+
DNS_REPLY_T *
-dns_lookup(domain, type_name, retrans, retry)
+dns_lookup_map(domain, rr_class, rr_type, retrans, retry, options)
const char *domain;
- const char *type_name;
+ int rr_class;
+ int rr_type;
time_t retrans;
int retry;
+ unsigned int options;
{
- int type;
+ return dns_lookup_int(domain, rr_class, rr_type, retrans, retry,
+ options, RR_AS_TEXT, NULL, NULL);
+}
- type = dns_string_to_type(type_name);
- if (type == -1)
+# if DANE
+/*
+** DNS2HE -- convert DNS_REPLY_T list to hostent struct
+**
+** Parameters:
+** dr -- DNS lookup result
+** family -- address family
+**
+** Returns:
+** hostent struct if succeeded.
+** NULL otherwise.
+**
+** Note:
+** this returns a pointer to a static struct!
+*/
+
+struct hostent *
+dns2he(dr, family)
+ DNS_REPLY_T *dr;
+ int family;
+{
+# define SM_MAX_ADDRS 256
+ static struct hostent he;
+ static char *he_aliases[1];
+ static char *he_addr_list[SM_MAX_ADDRS];
+# ifdef IN6ADDRSZ
+# define IN_ADDRSZ IN6ADDRSZ
+# else
+# define IN_ADDRSZ INADDRSZ
+# endif
+ static char he_addrs[SM_MAX_ADDRS * IN_ADDRSZ];
+ static char he_name[MAXNAME];
+ static bool he_init = false;
+ struct hostent *h;
+ struct in_addr ia;
+ int i;
+ size_t sz;
+# if NETINET6 && DNSSEC_TEST
+ struct in6_addr ia6;
+ char buf6[INET6_ADDRSTRLEN];
+# endif
+ RESOURCE_RECORD_T *rr;
+
+ if (dr == NULL)
+ return NULL;
+
+ h = &he;
+ if (!he_init)
{
- if (tTd(8, 16))
- sm_dprintf("dns_lookup: unknown resource type: `%s'\n",
- type_name);
+ he_aliases[0] = NULL;
+ he.h_aliases = he_aliases;
+ he.h_addr_list = he_addr_list;
+ he.h_name = he_name;
+ he_init = true;
+ }
+ h->h_addrtype = family;
+
+ if (tTd(8, 17))
+ sm_dprintf("dns2he: ad=%d\n", dr->dns_r_h.ad);
+
+ /* do we want/need to copy the name? */
+ rr = dr->dns_r_head;
+ if (rr != NULL && rr->rr_domain != NULL)
+ sm_strlcpy(h->h_name, rr->rr_domain, sizeof(he_name));
+ else
+ h->h_name[0] = '\0';
+
+ sz = 0;
+# if NETINET
+ if (family == AF_INET)
+ sz = INADDRSZ;
+# endif
+# if NETINET6
+ if (family == AF_INET6)
+ sz = IN6ADDRSZ;
+# endif
+ if (sz == 0)
return NULL;
+ h->h_length = sz;
+
+ for (rr = dr->dns_r_head, i = 0; rr != NULL && i < SM_MAX_ADDRS - 1;
+ rr = rr->rr_next)
+ {
+ h->h_addr_list[i] = he_addrs + i * h->h_length;
+ switch (rr->rr_type)
+ {
+# if NETINET
+ case T_A:
+ if (family != AF_INET)
+ continue;
+ memmove(h->h_addr_list[i], rr->rr_u.rr_a, INADDRSZ);
+ ++i;
+ break;
+# endif /* NETINET */
+# if NETINET6
+ case T_AAAA:
+ if (family != AF_INET6)
+ continue;
+ memmove(h->h_addr_list[i], rr->rr_u.rr_aaaa, IN6ADDRSZ);
+ ++i;
+ break;
+# endif /* NETINET6 */
+ case T_CNAME:
+# if DNSSEC_TEST
+ if (tTd(8, 16))
+ sm_dprintf("dns2he: cname: %s ttl=%d\n",
+ rr->rr_u.rr_txt, rr->rr_ttl);
+# endif
+ break;
+ case T_MX:
+# if DNSSEC_TEST
+ if (tTd(8, 16))
+ sm_dprintf("dns2he: mx: %d %s ttl=%d\n",
+ rr->rr_u.rr_mx->mx_r_preference,
+ rr->rr_u.rr_mx->mx_r_domain,
+ rr->rr_ttl);
+# endif
+ break;
+
+# if defined(T_TLSA)
+ case T_TLSA:
+# if DNSSEC_TEST
+ if (tTd(8, 16))
+ {
+ char *tlsa;
+ int len;
+
+ len = bin2hex(&tlsa, rr->rr_u.rr_data,
+ rr->rr_size, 4);
+ if (len > 0)
+ sm_dprintf("dns2he: tlsa: %s ttl=%d\n",
+ tlsa, rr->rr_ttl);
+ }
+# endif
+ break;
+# endif /* T_TLSA */
+ }
+ }
+
+ /* complain if list is too long! */
+ SM_ASSERT(i < SM_MAX_ADDRS);
+ h->h_addr_list[i] = NULL;
+
+# if DNSSEC_TEST
+ if (tTd(8, 16))
+ {
+ for (i = 0; h->h_addr_list[i] != NULL && i < SM_MAX_ADDRS; i++)
+ {
+ char *addr;
+
+ addr = NULL;
+# if NETINET6
+ if (h->h_addrtype == AF_INET6)
+ {
+ memmove(&ia6, h->h_addr_list[i], IN6ADDRSZ);
+ addr = anynet_ntop(&ia6, buf6, sizeof(buf6));
+ }
+ else
+# endif /* NETINET6 */
+ /* "else" in #if code above */
+ {
+ memmove(&ia, h->h_addr_list[i], INADDRSZ);
+ addr = (char *) inet_ntoa(ia);
+ }
+ if (addr != NULL)
+ sm_dprintf("dns2he: addr[%d]: %s\n", i, addr);
+ }
}
- return dns_lookup_int(domain, C_IN, type, retrans, retry);
+# endif /* DNSSEC_TEST */
+ return h;
}
-# endif /* 0 */
+# endif /* DANE */
# endif /* NAMED_BIND */
-#endif /* DNSMAP */
+#endif /* DNSMAP || DANE */
diff --git a/src/sm_resolve.h b/src/sm_resolve.h
index 5f3fe21005b7..ffff41168944 100644
--- a/src/sm_resolve.h
+++ b/src/sm_resolve.h
@@ -1,142 +1,186 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: sm_resolve.h,v 8.9 2013-11-22 20:51:56 ca Exp $ */
-#if DNSMAP
+#if DNSMAP || DANE
# ifndef __ROKEN_RESOLVE_H__
# define __ROKEN_RESOLVE_H__
/* We use these, but they are not always present in <arpa/nameser.h> */
# ifndef T_TXT
# define T_TXT 16
-# endif /* ! T_TXT */
+# endif
# ifndef T_AFSDB
# define T_AFSDB 18
-# endif /* ! T_AFSDB */
+# endif
# ifndef T_SRV
# define T_SRV 33
-# endif /* ! T_SRV */
+# endif
# ifndef T_NAPTR
# define T_NAPTR 35
-# endif /* ! T_NAPTR */
+# endif
+# ifndef T_RRSIG
+# define T_RRSIG 46
+# endif
+# ifndef T_TLSA
+# define T_TLSA 52
+# endif
typedef struct
{
char *dns_q_domain;
unsigned int dns_q_type;
unsigned int dns_q_class;
} DNS_QUERY_T;
typedef struct
{
unsigned int mx_r_preference;
char mx_r_domain[1];
} MX_RECORD_T;
typedef struct
{
unsigned int srv_r_priority;
unsigned int srv_r_weight;
unsigned int srv_r_port;
char srv_r_target[1];
} SRV_RECORDT_T;
typedef struct resource_record RESOURCE_RECORD_T;
struct resource_record
{
char *rr_domain;
unsigned int rr_type;
unsigned int rr_class;
unsigned int rr_ttl;
unsigned int rr_size;
union
{
void *rr_data;
MX_RECORD_T *rr_mx;
MX_RECORD_T *rr_afsdb; /* mx and afsdb are identical */
SRV_RECORDT_T *rr_srv;
# if NETINET
struct in_addr *rr_a;
-# endif /* NETINET */
+# endif
# if NETINET6
struct in6_addr *rr_aaaa;
-# endif /* NETINET6 */
+# endif
char *rr_txt;
} rr_u;
RESOURCE_RECORD_T *rr_next;
};
# if !defined(T_A) && !defined(T_AAAA)
/* XXX if <arpa/nameser.h> isn't included */
typedef int HEADER; /* will never be used */
-# endif /* !defined(T_A) && !defined(T_AAAA) */
+# endif
typedef struct
{
HEADER dns_r_h;
DNS_QUERY_T dns_r_q;
RESOURCE_RECORD_T *dns_r_head;
} DNS_REPLY_T;
+#define SM_DNS_FL_EDNS0 0x01
+#define SM_DNS_FL_DNSSEC 0x02
+
+/* flags for parse_dns_reply() et.al. */
+#define RR_AS_TEXT 0x01 /* convert some RRs to text, e.g., TLSA */
+#define RR_RAW 0x02 /* return some RRs as "raw" data */
+ /* currently not used (set, but not read) */
+#define RR_NO_CNAME 0x04 /* do not try CNAME lookup */
+#define RR_ONLY_CNAME 0x08 /* if !RR_NO_CNAME" return only CNAME */
extern void dns_free_data __P((DNS_REPLY_T *));
extern int dns_string_to_type __P((const char *));
extern const char *dns_type_to_string __P((int));
-extern DNS_REPLY_T *dns_lookup_int __P((const char *,
- int,
- int,
- time_t,
- int));
+extern DNS_REPLY_T *dns_lookup_map __P((const char *, int, int, time_t,
+ int, unsigned int));
+extern DNS_REPLY_T *dns_lookup_int __P((const char *, int, int, time_t,
+ int, unsigned int, unsigned int, int *, int *));
# if 0
extern DNS_REPLY_T *dns_lookup __P((const char *domain,
const char *type_name,
time_t retrans,
int retry));
# endif /* 0 */
+# if DANE
+struct hostent *dns2he __P((DNS_REPLY_T *, int));
+# endif
+
+/* what to do if family is not supported? add SM_ASSERT()? */
+#define FAM2T_(family) (((family) == AF_INET) ? T_A : T_AAAA)
+
+# if DNSSEC_TEST
+const char *herrno2txt __P((int));
+int setherrnofromstring __P((const char *, int *));
+int getttlfromstring __P((const char *));
+int tstdns_search __P((const char *, int, int, u_char *, int));
+int tstdns_querydomain __P((const char *, const char *, int, int, unsigned char *, int));
+
+# ifdef _DEFINE_SMR_GLOBALS
+# define SMR_EXTERN
+# else
+# define SMR_EXTERN extern
+# endif
+SMR_EXTERN char *NameSearchList;
+# undef SMR_EXTERN
+extern void dns_setns __P((struct in_addr *, unsigned int));
+extern int nsportip __P((char *));
+# endif /* DNSSEC_TEST*/
+
+#ifndef RES_TRUSTAD
+# define RES_TRUSTAD 0
+#endif
+#define SM_RES_DNSSEC (RES_USE_EDNS0|RES_USE_DNSSEC|RES_TRUSTAD)
+
# endif /* ! __ROKEN_RESOLVE_H__ */
-#endif /* DNSMAP */
+#endif /* DNSMAP || DANE */
diff --git a/src/srvrsmtp.c b/src/srvrsmtp.c
index b05348d4b2e2..b6263079a90e 100644
--- a/src/srvrsmtp.c
+++ b/src/srvrsmtp.c
@@ -1,5456 +1,5750 @@
/*
* Copyright (c) 1998-2010, 2012-2014 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#if MILTER
# include <libmilter/mfapi.h>
# include <libmilter/mfdef.h>
-#endif /* MILTER */
+#endif
SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.1016 2013-11-22 20:51:56 ca Exp $")
#include <sm/time.h>
#include <sm/fdset.h>
#if SASL || STARTTLS
+# include <tls.h>
# include "sfsasl.h"
-#endif /* SASL || STARTTLS */
+#endif
#if SASL
# define ENC64LEN(l) (((l) + 2) * 4 / 3 + 1)
static int saslmechs __P((sasl_conn_t *, char **));
-#endif /* SASL */
+#endif
#if STARTTLS
# include <openssl/err.h>
# include <sysexits.h>
static SSL_CTX *srv_ctx = NULL; /* TLS server context */
static SSL *srv_ssl = NULL; /* per connection context */
+static tlsi_ctx_T tlsi_ctx; /* TLS information context */
static bool tls_ok_srv = false;
# define TLS_VERIFY_CLIENT() tls_set_verify(srv_ctx, srv_ssl, \
bitset(SRV_VRFY_CLT, features))
#endif /* STARTTLS */
#if _FFR_DM_ONE
static bool NotFirstDelivery = false;
-#endif /* _FFR_DM_ONE */
+#endif
/* server features */
#define SRV_NONE 0x0000 /* none... */
#define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */
#define SRV_VRFY_CLT 0x0002 /* request a cert */
#define SRV_OFFER_AUTH 0x0004 /* offer AUTH */
#define SRV_OFFER_ETRN 0x0008 /* offer ETRN */
#define SRV_OFFER_VRFY 0x0010 /* offer VRFY (not yet used) */
#define SRV_OFFER_EXPN 0x0020 /* offer EXPN */
#define SRV_OFFER_VERB 0x0040 /* offer VERB */
#define SRV_OFFER_DSN 0x0080 /* offer DSN */
#if PIPELINING
# define SRV_OFFER_PIPE 0x0100 /* offer PIPELINING */
# if _FFR_NO_PIPE
# define SRV_NO_PIPE 0x0200 /* disable PIPELINING, sleep if used */
-# endif /* _FFR_NO_PIPE */
+# endif
#endif /* PIPELINING */
#define SRV_REQ_AUTH 0x0400 /* require AUTH */
#define SRV_REQ_SEC 0x0800 /* require security - equiv to AuthOptions=p */
#define SRV_TMP_FAIL 0x1000 /* ruleset caused a temporary failure */
+#if _FFR_EAI
+# define SRV_OFFER_EAI 0x2000 /* offer SMTPUTF* */
+#endif
static unsigned int srvfeatures __P((ENVELOPE *, char *, unsigned int));
#define STOP_ATTACK ((time_t) -1)
static time_t checksmtpattack __P((volatile unsigned int *, unsigned int,
bool, char *, ENVELOPE *));
static void printvrfyaddr __P((ADDRESS *, bool, bool));
static char *skipword __P((char *volatile, char *));
static void setup_smtpd_io __P((void));
#if SASL
+# ifndef MAX_AUTH_USER_LEN
+# define MAX_AUTH_USER_LEN 256
+# endif
+# ifndef MAX_AUTH_LOG_LEN
+# define MAX_AUTH_LOG_LEN 64
+# endif
+static void get_sasl_user __P((char *, unsigned int, const char *, char *out, size_t));
+# define RESET_AUTH_FAIL_LOG_USER \
+ do \
+ { \
+ (void) memset(auth_user, 0, sizeof(auth_user)); \
+ (void) memset(auth_user_tmp, 0, sizeof(auth_user_tmp)); \
+ auth_user_len = 0; \
+ } while (0)
+# define SET_AUTH_USER_TMP(s, len) \
+ do \
+ { \
+ auth_user_len = SM_MIN(len, MAX_AUTH_USER_LEN-1); \
+ (void) memcpy(auth_user_tmp, s, auth_user_len); \
+ } while (0)
+# define SET_AUTH_USER \
+ get_sasl_user(auth_user_tmp, auth_user_len, auth_type, auth_user, sizeof(auth_user))
+# define SET_AUTH_USER_CONDITIONALLY \
+ if ('\0' == auth_user[0]) \
+ SET_AUTH_USER;
+# define LOG_AUTH_FAIL_USER ", user=", (int)MAX_AUTH_LOG_LEN, auth_user
# if SASL >= 20000
static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname,
char *_remoteip, char *_localip,
char *_auth_id, sasl_ssf_t *_ext_ssf));
# define RESET_SASLCONN \
do \
{ \
+ RESET_AUTH_FAIL_LOG_USER; \
result = reset_saslconn(&conn, AuthRealm, remoteip, \
localip, auth_id, &ext_ssf); \
if (result != SASL_OK) \
sasl_ok = false; \
} while (0)
# else /* SASL >= 20000 */
static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname,
struct sockaddr_in *_saddr_r,
struct sockaddr_in *_saddr_l,
sasl_external_properties_t *_ext_ssf));
# define RESET_SASLCONN \
do \
{ \
+ RESET_AUTH_FAIL_LOG_USER; \
result = reset_saslconn(&conn, AuthRealm, &saddr_r, \
&saddr_l, &ext_ssf); \
if (result != SASL_OK) \
sasl_ok = false; \
} while (0)
# endif /* SASL >= 20000 */
#endif /* SASL */
+#if !defined(RESET_AUTH_FAIL_LOG_USER)
+# define RESET_AUTH_FAIL_LOG_USER
+#endif
+
extern ENVELOPE BlankEnvelope;
#define NBADRCPTS \
do \
{ \
char buf[16]; \
(void) sm_snprintf(buf, sizeof(buf), "%d", \
BadRcptThrottle > 0 && n_badrcpts > BadRcptThrottle \
? n_badrcpts - 1 : n_badrcpts); \
macdefine(&e->e_macro, A_TEMP, macid("{nbadrcpts}"), buf); \
} while (0)
-#define SKIP_SPACE(s) while (isascii(*s) && isspace(*s)) \
+#define SKIP_SPACE(s) while (SM_ISSPACE(*s)) \
(s)++
+#if _FFR_EAI
+/*
+** ADDR_IS_ASCII -- check whether an address is 100% printable ASCII
+**
+** Parameters:
+** a -- an address (or other string)
+**
+** Returns:
+** TRUE if a is non-NULL and points to only printable ASCII
+** FALSE if a is NULL and points to printable ASCII
+** FALSE if a is non-NULL and points to something containing 8-bittery
+*/
+
+bool
+addr_is_ascii(a)
+ const char * a;
+{
+ while (a != NULL && *a != '\0' && *a >= ' ' && (unsigned char)*a < 127)
+ a++;
+ return (a != NULL && *a == '\0');
+}
+#endif
+
/*
-** PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT)
+** PARSE_ESMTP_ARGS -- parse ESMTP arguments (for MAIL, RCPT)
**
** Parameters:
** e -- the envelope
** addr_st -- address (RCPT only)
** p -- read buffer
** delimptr -- current position in read buffer
** which -- MAIL/RCPT
** args -- arguments (output)
** esmtp_args -- function to process a single ESMTP argument
**
** Returns:
** none
*/
void
parse_esmtp_args(e, addr_st, p, delimptr, which, args, esmtp_args)
ENVELOPE *e;
ADDRESS *addr_st;
char *p;
char *delimptr;
char *which;
char *args[];
esmtp_args_F esmtp_args;
{
int argno;
argno = 0;
if (args != NULL)
args[argno++] = p;
p = delimptr;
while (p != NULL && *p != '\0')
{
char *kp;
char *vp = NULL;
char *equal = NULL;
/* locate the beginning of the keyword */
SKIP_SPACE(p);
if (*p == '\0')
break;
kp = p;
/* skip to the value portion */
while ((isascii(*p) && isalnum(*p)) || *p == '-')
p++;
if (*p == '=')
{
equal = p;
*p++ = '\0';
vp = p;
/* skip to the end of the value */
while (*p != '\0' && *p != ' ' &&
!(isascii(*p) && iscntrl(*p)) &&
*p != '=')
p++;
}
if (*p != '\0')
*p++ = '\0';
if (tTd(19, 1))
sm_dprintf("%s: got arg %s=\"%s\"\n", which, kp,
vp == NULL ? "<null>" : vp);
esmtp_args(addr_st, kp, vp, e);
if (equal != NULL)
*equal = '=';
if (args != NULL)
args[argno] = kp;
argno++;
if (argno >= MAXSMTPARGS - 1)
usrerr("501 5.5.4 Too many parameters");
if (Errors > 0)
break;
}
if (args != NULL)
args[argno] = NULL;
}
#if _FFR_ADD_BCC
/*
** ADDRCPT -- Add a rcpt to sendq list
**
** Parameters:
** rcpt -- rcpt
** sendq -- a pointer to the head of a queue to put
** these people into.
** e -- the envelope in which to add these recipients.
**
** Returns:
** The number of addresses added to the list.
*/
static int
addrcpt(rcpt, sendq, e)
char *rcpt;
ADDRESS **sendq;
ENVELOPE *e;
{
int r;
char *oldto;
ADDRESS *a;
SM_REQUIRE(rcpt != NULL);
SM_REQUIRE(sendq != NULL);
SM_REQUIRE(e != NULL);
oldto = e->e_to;
if (tTd(25, 1))
sm_dprintf("addrcpt: rcpt=%s\n", rcpt);
r = Errors;
a = NULL;
SM_TRY
{
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e b");
a = parseaddr(rcpt, NULLADDR, RF_COPYALL, ' ', NULL, e, true);
if (a == NULL)
return 0;
a->q_flags &= ~Q_PINGFLAGS;
a->q_flags |= QINTBCC;
a->q_owner = "<>";
/* disable alias expansion? */
a = recipient(a, sendq, 0, e);
}
SM_FINALLY
{
e->e_to = oldto;
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
}
SM_END_TRY
if (tTd(25, 1))
sm_dprintf("addrcpt: rcpt=%s, flags=%#lx\n", rcpt,
a != NULL ? a->q_flags : 0);
Errors = r;
return 1;
}
/*
** ADDBCC -- Maybe create a copy of an e-mail
**
** Parameters:
** a -- current RCPT
** e -- the envelope.
**
** Returns:
** nothing
**
** Side Effects:
** rscheck() can trigger an "exception"
*/
static void
addbcc(a, e)
ADDRESS *a;
ENVELOPE *e;
{
int nobcc;
char *newrcpt, empty[1];
if (!AddBcc)
return;
nobcc = false;
empty[0] = '\0';
newrcpt = empty;
nobcc = rscheck("bcc", a->q_paddr, NULL, e, RSF_ADDR, 12, NULL, NOQID,
NULL, &newrcpt);
if (tTd(25, 1))
sm_dprintf("addbcc: nobcc=%d, Errors=%d, newrcpt=<%s>\n", nobcc, Errors, newrcpt);
if (nobcc != EX_OK || Errors > 0 || *newrcpt == '\0')
return;
(void) addrcpt(newrcpt, &e->e_sendqueue, e);
return;
}
#else /* _FFR_ADD_BCC */
# define addbcc(a, e)
#endif /* _FFR_ADD_BCC */
#if _FFR_RCPTFLAGS
/*
** RCPTMODS -- Perform rcpt modifications if requested
**
** Parameters:
** rcpt -- current RCPT
** e -- the envelope.
**
** Returns:
** nothing.
*/
void
rcptmods(rcpt, e)
ADDRESS *rcpt;
ENVELOPE *e;
{
char *fl;
SM_REQUIRE(rcpt != NULL);
SM_REQUIRE(e != NULL);
fl = macvalue(macid("{rcpt_flags}"), e);
if (fl == NULL || *fl == '\0')
return;
if (tTd(25, 1))
sm_dprintf("rcptmods: rcpt=%s, flags=%s\n", rcpt->q_paddr, fl);
/* parse flags */
for ( ; *fl != '\0'; ++fl)
{
switch (*fl)
{
case 'n':
rcpt->q_flags &= ~Q_PINGFLAGS;
rcpt->q_flags |= QINTBCC;
rcpt->q_owner = "<>";
break;
case 'N':
rcpt->q_flags &= ~Q_PINGFLAGS;
rcpt->q_owner = "<>";
break;
case QDYNMAILFLG:
rcpt->q_flags |= QDYNMAILER;
newmodmailer(rcpt, *fl);
break;
default:
sm_syslog(LOG_INFO, e->e_id,
"rcpt=%s, rcpt_flags=%s, status=unknown",
rcpt->q_paddr, fl);
break;
}
}
/* reset macro to avoid confusion later on */
macdefine(&e->e_macro, A_PERM, macid("{rcpt_flags}"), NULL);
}
#else /* _FFR_RCPTFLAGS */
# define rcptmods(a, e)
#endif /* _FFR_RCPTFLAGS */
/*
** SMTP -- run the SMTP protocol.
**
** Parameters:
** nullserver -- if non-NULL, rejection message for
** (almost) all SMTP commands.
** d_flags -- daemon flags
** e -- the envelope.
**
** Returns:
** never.
**
** Side Effects:
** Reads commands from the input channel and processes them.
*/
/*
** Notice: The smtp server doesn't have a session context like the client
** side has (mci). Therefore some data (session oriented) is allocated
** or assigned to the "wrong" structure (esp. STARTTLS, AUTH).
** This should be fixed in a successor version.
*/
struct cmd
{
char *cmd_name; /* command name */
int cmd_code; /* internal code, see below */
};
/* values for cmd_code */
#define CMDERROR 0 /* bad command */
#define CMDMAIL 1 /* mail -- designate sender */
#define CMDRCPT 2 /* rcpt -- designate recipient */
#define CMDDATA 3 /* data -- send message text */
#define CMDRSET 4 /* rset -- reset state */
#define CMDVRFY 5 /* vrfy -- verify address */
#define CMDEXPN 6 /* expn -- expand address */
#define CMDNOOP 7 /* noop -- do nothing */
#define CMDQUIT 8 /* quit -- close connection and die */
#define CMDHELO 9 /* helo -- be polite */
#define CMDHELP 10 /* help -- give usage info */
#define CMDEHLO 11 /* ehlo -- extended helo (RFC 1425) */
#define CMDETRN 12 /* etrn -- flush queue */
#if SASL
# define CMDAUTH 13 /* auth -- SASL authenticate */
-#endif /* SASL */
+#endif
#if STARTTLS
# define CMDSTLS 14 /* STARTTLS -- start TLS session */
-#endif /* STARTTLS */
+#endif
/* non-standard commands */
#define CMDVERB 17 /* verb -- go into verbose mode */
/* unimplemented commands from RFC 821 */
#define CMDUNIMPL 19 /* unimplemented rfc821 commands */
/* use this to catch and log "door handle" attempts on your system */
#define CMDLOGBOGUS 23 /* bogus command that should be logged */
/* debugging-only commands, only enabled if SMTPDEBUG is defined */
#define CMDDBGQSHOW 24 /* showq -- show send queue */
#define CMDDBGDEBUG 25 /* debug -- set debug mode */
/*
** Note: If you change this list, remember to update 'helpfile'
*/
static struct cmd CmdTab[] =
{
{ "mail", CMDMAIL },
{ "rcpt", CMDRCPT },
{ "data", CMDDATA },
{ "rset", CMDRSET },
{ "vrfy", CMDVRFY },
{ "expn", CMDEXPN },
{ "help", CMDHELP },
{ "noop", CMDNOOP },
{ "quit", CMDQUIT },
{ "helo", CMDHELO },
{ "ehlo", CMDEHLO },
{ "etrn", CMDETRN },
{ "verb", CMDVERB },
{ "send", CMDUNIMPL },
{ "saml", CMDUNIMPL },
{ "soml", CMDUNIMPL },
{ "turn", CMDUNIMPL },
#if SASL
{ "auth", CMDAUTH, },
-#endif /* SASL */
+#endif
#if STARTTLS
{ "starttls", CMDSTLS, },
-#endif /* STARTTLS */
+#endif
/* remaining commands are here only to trap and log attempts to use them */
{ "showq", CMDDBGQSHOW },
{ "debug", CMDDBGDEBUG },
{ "wiz", CMDLOGBOGUS },
{ NULL, CMDERROR }
};
static char *CurSmtpClient; /* who's at the other end of channel */
#ifndef MAXBADCOMMANDS
# define MAXBADCOMMANDS 25 /* maximum number of bad commands */
-#endif /* ! MAXBADCOMMANDS */
+#endif
#ifndef MAXHELOCOMMANDS
# define MAXHELOCOMMANDS 3 /* max HELO/EHLO commands before slowdown */
-#endif /* ! MAXHELOCOMMANDS */
+#endif
#ifndef MAXVRFYCOMMANDS
# define MAXVRFYCOMMANDS 6 /* max VRFY/EXPN commands before slowdown */
-#endif /* ! MAXVRFYCOMMANDS */
+#endif
#ifndef MAXETRNCOMMANDS
# define MAXETRNCOMMANDS 8 /* max ETRN commands before slowdown */
-#endif /* ! MAXETRNCOMMANDS */
+#endif
#ifndef MAXTIMEOUT
# define MAXTIMEOUT (4 * 60) /* max timeout for bad commands */
-#endif /* ! MAXTIMEOUT */
+#endif
/*
** Maximum shift value to compute timeout for bad commands.
** This introduces an upper limit of 2^MAXSHIFT for the timeout.
*/
#ifndef MAXSHIFT
# define MAXSHIFT 8
-#endif /* ! MAXSHIFT */
+#endif
#if MAXSHIFT > 31
ERROR _MAXSHIFT > 31 is invalid
-#endif /* MAXSHIFT */
+#endif
#if MAXBADCOMMANDS > 0
# define STOP_IF_ATTACK(r) do \
{ \
if ((r) == STOP_ATTACK) \
goto stopattack; \
} while (0)
#else /* MAXBADCOMMANDS > 0 */
# define STOP_IF_ATTACK(r) r
#endif /* MAXBADCOMMANDS > 0 */
#if SM_HEAP_CHECK
static SM_DEBUG_T DebugLeakSmtp = SM_DEBUG_INITIALIZER("leak_smtp",
"@(#)$Debug: leak_smtp - trace memory leaks during SMTP processing $");
-#endif /* SM_HEAP_CHECK */
+#endif
typedef struct
{
bool sm_gotmail; /* mail command received */
unsigned int sm_nrcpts; /* number of successful RCPT commands */
bool sm_discard;
#if MILTER
bool sm_milterize;
bool sm_milterlist; /* any filters in the list? */
milters_T sm_milters;
/* e_nrcpts from envelope before recipient() call */
unsigned int sm_e_nrcpts_orig;
#endif /* MILTER */
char *sm_quarmsg; /* carry quarantining across messages */
} SMTP_T;
static bool smtp_data __P((SMTP_T *, ENVELOPE *));
#define MSG_TEMPFAIL "451 4.3.2 Please try again later"
#if MILTER
# define MILTER_ABORT(e) milter_abort((e))
# define MILTER_REPLY(str) \
{ \
int savelogusrerrs = LogUsrErrs; \
\
milter_cmd_fail = true; \
switch (state) \
{ \
case SMFIR_SHUTDOWN: \
if (MilterLogLevel > 3) \
{ \
sm_syslog(LOG_INFO, e->e_id, \
"Milter: %s=%s, reject=421, errormode=4", \
str, addr); \
LogUsrErrs = false; \
} \
{ \
bool tsave = QuickAbort; \
\
QuickAbort = false; \
usrerr("421 4.3.0 closing connection"); \
QuickAbort = tsave; \
e->e_sendqueue = NULL; \
goto doquit; \
} \
break; \
case SMFIR_REPLYCODE: \
if (MilterLogLevel > 3) \
{ \
sm_syslog(LOG_INFO, e->e_id, \
"Milter: %s=%s, reject=%s", \
str, addr, response); \
LogUsrErrs = false; \
} \
if (strncmp(response, "421 ", 4) == 0 \
|| strncmp(response, "421-", 4) == 0) \
{ \
bool tsave = QuickAbort; \
\
QuickAbort = false; \
usrerr(response); \
QuickAbort = tsave; \
e->e_sendqueue = NULL; \
goto doquit; \
} \
else \
usrerr(response); \
break; \
\
case SMFIR_REJECT: \
if (MilterLogLevel > 3) \
{ \
sm_syslog(LOG_INFO, e->e_id, \
"Milter: %s=%s, reject=550 5.7.1 Command rejected", \
str, addr); \
LogUsrErrs = false; \
} \
usrerr("550 5.7.1 Command rejected"); \
break; \
\
case SMFIR_DISCARD: \
if (MilterLogLevel > 3) \
sm_syslog(LOG_INFO, e->e_id, \
"Milter: %s=%s, discard", \
str, addr); \
e->e_flags |= EF_DISCARD; \
milter_cmd_fail = false; \
break; \
\
case SMFIR_TEMPFAIL: \
if (MilterLogLevel > 3) \
{ \
sm_syslog(LOG_INFO, e->e_id, \
"Milter: %s=%s, reject=%s", \
str, addr, MSG_TEMPFAIL); \
LogUsrErrs = false; \
} \
usrerr(MSG_TEMPFAIL); \
break; \
default: \
milter_cmd_fail = false; \
break; \
} \
LogUsrErrs = savelogusrerrs; \
if (response != NULL) \
sm_free(response); /* XXX */ \
}
#else /* MILTER */
# define MILTER_ABORT(e)
#endif /* MILTER */
/* clear all SMTP state (for HELO/EHLO/RSET) */
#define CLEAR_STATE(cmd) \
do \
{ \
/* abort milter filters */ \
MILTER_ABORT(e); \
\
if (smtp.sm_nrcpts > 0) \
{ \
logundelrcpts(e, cmd, 10, false); \
smtp.sm_nrcpts = 0; \
macdefine(&e->e_macro, A_PERM, \
macid("{nrcpts}"), "0"); \
} \
\
e->e_sendqueue = NULL; \
e->e_flags |= EF_CLRQUEUE; \
\
if (tTd(92, 2)) \
sm_dprintf("CLEAR_STATE: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",\
e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);\
if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) \
logsender(e, NULL); \
e->e_flags &= ~EF_LOGSENDER; \
\
/* clean up a bit */ \
smtp.sm_gotmail = false; \
SuprErrs = true; \
(void) dropenvelope(e, true, false); \
sm_rpool_free(e->e_rpool); \
e = newenvelope(e, CurEnv, sm_rpool_new_x(NULL)); \
CurEnv = e; \
e->e_features = features; \
\
/* put back discard bit */ \
if (smtp.sm_discard) \
e->e_flags |= EF_DISCARD; \
\
/* restore connection quarantining */ \
if (smtp.sm_quarmsg == NULL) \
{ \
e->e_quarmsg = NULL; \
macdefine(&e->e_macro, A_PERM, \
macid("{quarantine}"), ""); \
} \
else \
{ \
e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \
smtp.sm_quarmsg); \
macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \
e->e_quarmsg); \
} \
} while (0)
/* sleep to flatten out connection load */
#define MIN_DELAY_LOG 15 /* wait before logging this again */
/* is it worth setting the process title for 1s? */
#define DELAY_CONN(cmd) \
if (DelayLA > 0 && (CurrentLA = getla()) >= DelayLA) \
{ \
time_t dnow; \
\
sm_setproctitle(true, e, \
"%s: %s: delaying %s: load average: %d", \
qid_printname(e), CurSmtpClient, \
cmd, DelayLA); \
if (LogLevel > 8 && (dnow = curtime()) > log_delay) \
{ \
sm_syslog(LOG_INFO, e->e_id, \
"delaying=%s, load average=%d >= %d", \
cmd, CurrentLA, DelayLA); \
log_delay = dnow + MIN_DELAY_LOG; \
} \
(void) sleep(1); \
sm_setproctitle(true, e, "%s %s: %.80s", \
qid_printname(e), CurSmtpClient, inp); \
}
/*
** Determine the correct protocol keyword to use in the
** Received: header, following RFC 3848.
*/
#if !STARTTLS
# define tls_active false
#endif
#if SASL
# define auth_active (authenticating == SASL_IS_AUTH)
#else
# define auth_active false
#endif
+#if _FFR_EAI
+#define GET_PROTOCOL() \
+ (e->e_smtputf8 \
+ ? (auth_active \
+ ? (tls_active ? "UTF8SMTPSA" : "UTF8SMTPA") \
+ : (tls_active ? "UTF8SMTPS" : "UTF8SMTP")) \
+ : (auth_active \
+ ? (tls_active ? "ESMTPSA" : "ESMTPA") \
+ : (tls_active ? "ESMTPS" : "ESMTP")))
+#else /* _FFR_EAI */
#define GET_PROTOCOL() \
(auth_active \
? (tls_active ? "ESMTPSA" : "ESMTPA") \
: (tls_active ? "ESMTPS" : "ESMTP"))
+#endif /* _FFR_EAI */
static bool SevenBitInput_Saved; /* saved version of SevenBitInput */
void
smtp(nullserver, d_flags, e)
char *volatile nullserver;
BITMAP256 d_flags;
register ENVELOPE *volatile e;
{
register char *volatile p;
register struct cmd *volatile c = NULL;
char *cmd;
auto ADDRESS *vrfyqueue;
ADDRESS *a;
volatile bool gothello; /* helo command received */
bool vrfy; /* set if this is a vrfy command */
char *volatile protocol; /* sending protocol */
char *volatile sendinghost; /* sending hostname */
char *volatile peerhostname; /* name of SMTP peer or "localhost" */
auto char *delimptr;
char *id;
volatile unsigned int n_badcmds = 0; /* count of bad commands */
volatile unsigned int n_badrcpts = 0; /* number of rejected RCPT */
volatile unsigned int n_verifies = 0; /* count of VRFY/EXPN */
volatile unsigned int n_etrn = 0; /* count of ETRN */
volatile unsigned int n_noop = 0; /* count of NOOP/VERB/etc */
volatile unsigned int n_helo = 0; /* count of HELO/EHLO */
bool ok;
volatile bool first;
volatile bool tempfail = false;
volatile time_t wt; /* timeout after too many commands */
volatile time_t previous; /* time after checksmtpattack() */
volatile bool lognullconnection = true;
register char *q;
SMTP_T smtp;
char *addr;
char *greetcode = "220";
const char *greetmsg = "not accepting messages";
char *hostname; /* my hostname ($j) */
QUEUE_CHAR *new;
char *args[MAXSMTPARGS];
char inp[MAXINPLINE];
#if MAXINPLINE < MAXLINE
ERROR _MAXINPLINE must NOT be less than _MAXLINE: MAXINPLINE < MAXLINE
-#endif /* MAXINPLINE < MAXLINE */
+#endif
char cmdbuf[MAXLINE];
#if SASL
sasl_conn_t *conn;
volatile bool sasl_ok;
volatile unsigned int n_auth = 0; /* count of AUTH commands */
bool ismore;
int result;
volatile int authenticating;
char *user;
char *in, *out2;
+ char auth_user[MAX_AUTH_USER_LEN], auth_user_tmp[MAX_AUTH_USER_LEN];
+ unsigned int auth_user_len;
# if SASL >= 20000
char *auth_id = NULL;
const char *out;
sasl_ssf_t ext_ssf;
char localip[60], remoteip[60];
# else /* SASL >= 20000 */
char *out;
const char *errstr;
sasl_external_properties_t ext_ssf;
struct sockaddr_in saddr_l;
struct sockaddr_in saddr_r;
# endif /* SASL >= 20000 */
sasl_security_properties_t ssp;
sasl_ssf_t *ssf;
unsigned int inlen, out2len;
unsigned int outlen;
char *volatile auth_type;
char *mechlist;
volatile unsigned int n_mechs;
unsigned int len;
-#else /* SASL */
#endif /* SASL */
int r;
#if STARTTLS
int rfd, wfd;
volatile bool tls_active = false;
volatile bool smtps = bitnset(D_SMTPS, d_flags);
bool saveQuickAbort;
bool saveSuprErrs;
time_t tlsstart;
+ int ssl_err, tlsret;
+ int save_errno;
+ extern int TLSsslidx;
#endif /* STARTTLS */
volatile unsigned int features;
#if PIPELINING
# if _FFR_NO_PIPE
int np_log = 0;
-# endif /* _FFR_NO_PIPE */
+# endif
#endif /* PIPELINING */
volatile time_t log_delay = (time_t) 0;
#if MILTER
volatile bool milter_cmd_done, milter_cmd_safe;
volatile bool milter_rcpt_added, milter_cmd_fail;
ADDRESS addr_st;
# define p_addr_st &addr_st
#else /* MILTER */
# define p_addr_st NULL
#endif /* MILTER */
size_t inplen;
#if _FFR_BADRCPT_SHUTDOWN
int n_badrcpts_adj;
-#endif /* _FFR_BADRCPT_SHUTDOWN */
+#endif
+ RESET_AUTH_FAIL_LOG_USER;
SevenBitInput_Saved = SevenBitInput;
smtp.sm_nrcpts = 0;
#if MILTER
smtp.sm_milterize = (nullserver == NULL);
smtp.sm_milterlist = false;
addr = NULL;
-#endif /* MILTER */
+#endif
/* setup I/O fd correctly for the SMTP server */
setup_smtpd_io();
#if SM_HEAP_CHECK
if (sm_debug_active(&DebugLeakSmtp, 1))
{
sm_heap_newgroup();
sm_dprintf("smtp() heap group #%d\n", sm_heap_group());
}
#endif /* SM_HEAP_CHECK */
/* XXX the rpool should be set when e is initialized in main() */
e->e_rpool = sm_rpool_new_x(NULL);
e->e_macro.mac_rpool = e->e_rpool;
settime(e);
sm_getla();
peerhostname = RealHostName;
if (peerhostname == NULL)
peerhostname = "localhost";
CurHostName = peerhostname;
CurSmtpClient = macvalue('_', e);
if (CurSmtpClient == NULL)
CurSmtpClient = CurHostName;
/* check_relay may have set discard bit, save for later */
smtp.sm_discard = bitset(EF_DISCARD, e->e_flags);
#if PIPELINING
/* auto-flush output when reading input */
(void) sm_io_autoflush(InChannel, OutChannel);
#endif /* PIPELINING */
sm_setproctitle(true, e, "server %s startup", CurSmtpClient);
/* Set default features for server. */
features = ((bitset(PRIV_NOETRN, PrivacyFlags) ||
bitnset(D_NOETRN, d_flags)) ? SRV_NONE : SRV_OFFER_ETRN)
| (bitnset(D_AUTHREQ, d_flags) ? SRV_REQ_AUTH : SRV_NONE)
| (bitset(PRIV_NOEXPN, PrivacyFlags) ? SRV_NONE
: (SRV_OFFER_EXPN
| (bitset(PRIV_NOVERB, PrivacyFlags)
? SRV_NONE : SRV_OFFER_VERB)))
| ((bitset(PRIV_NORECEIPTS, PrivacyFlags) || !SendMIMEErrors)
? SRV_NONE : SRV_OFFER_DSN)
#if SASL
| (bitnset(D_NOAUTH, d_flags) ? SRV_NONE : SRV_OFFER_AUTH)
| (bitset(SASL_SEC_NOPLAINTEXT, SASLOpts) ? SRV_REQ_SEC
: SRV_NONE)
#endif /* SASL */
#if PIPELINING
| SRV_OFFER_PIPE
-#endif /* PIPELINING */
+#endif
#if STARTTLS
| (bitnset(D_NOTLS, d_flags) ? SRV_NONE : SRV_OFFER_TLS)
| (bitset(TLS_I_NO_VRFY, TLS_Srv_Opts) ? SRV_NONE
: SRV_VRFY_CLT)
-#endif /* STARTTLS */
+#endif
+#if _FFR_EAI
+ | SRV_OFFER_EAI
+#endif /* _FFR_EAI */
;
if (nullserver == NULL)
{
features = srvfeatures(e, CurSmtpClient, features);
if (bitset(SRV_TMP_FAIL, features))
{
if (LogLevel > 4)
sm_syslog(LOG_ERR, NOQID,
"ERROR: srv_features=tempfail, relay=%.100s, access temporarily disabled",
CurSmtpClient);
nullserver = "450 4.3.0 Please try again later.";
}
else
{
#if PIPELINING
# if _FFR_NO_PIPE
if (bitset(SRV_NO_PIPE, features))
{
/* for consistency */
features &= ~SRV_OFFER_PIPE;
}
# endif /* _FFR_NO_PIPE */
#endif /* PIPELINING */
#if SASL
if (bitset(SRV_REQ_SEC, features))
SASLOpts |= SASL_SEC_NOPLAINTEXT;
else
SASLOpts &= ~SASL_SEC_NOPLAINTEXT;
#endif /* SASL */
}
}
else if (strncmp(nullserver, "421 ", 4) == 0)
{
+ /* Can't use ("%s", ...) due to message() requirements */
message(nullserver);
goto doquit;
}
e->e_features = features;
hostname = macvalue('j', e);
#if SASL
if (AuthRealm == NULL)
AuthRealm = hostname;
sasl_ok = bitset(SRV_OFFER_AUTH, features);
n_mechs = 0;
authenticating = SASL_NOT_AUTH;
/* SASL server new connection */
if (sasl_ok)
{
# if SASL >= 20000
result = sasl_server_new("smtp", AuthRealm, NULL, NULL, NULL,
NULL, 0, &conn);
# elif SASL > 10505
/* use empty realm: only works in SASL > 1.5.5 */
result = sasl_server_new("smtp", AuthRealm, "", NULL, 0, &conn);
# else /* SASL >= 20000 */
/* use no realm -> realm is set to hostname by SASL lib */
result = sasl_server_new("smtp", AuthRealm, NULL, NULL, 0,
&conn);
# endif /* SASL >= 20000 */
sasl_ok = result == SASL_OK;
if (!sasl_ok)
{
if (LogLevel > 9)
sm_syslog(LOG_WARNING, NOQID,
"AUTH error: sasl_server_new failed=%d",
result);
}
}
if (sasl_ok)
{
/*
** SASL set properties for sasl
** set local/remote IP
** XXX Cyrus SASL v1 only supports IPv4
**
** XXX where exactly are these used/required?
** Kerberos_v4
*/
# if SASL >= 20000
localip[0] = remoteip[0] = '\0';
# if NETINET || NETINET6
in = macvalue(macid("{daemon_family}"), e);
if (in != NULL && (
# if NETINET6
strcmp(in, "inet6") == 0 ||
-# endif /* NETINET6 */
+# endif
strcmp(in, "inet") == 0))
{
SOCKADDR_LEN_T addrsize;
SOCKADDR saddr_l;
SOCKADDR saddr_r;
addrsize = sizeof(saddr_r);
if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
NULL),
(struct sockaddr *) &saddr_r,
&addrsize) == 0)
{
if (iptostring(&saddr_r, addrsize,
remoteip, sizeof(remoteip)))
{
sasl_setprop(conn, SASL_IPREMOTEPORT,
remoteip);
}
addrsize = sizeof(saddr_l);
if (getsockname(sm_io_getinfo(InChannel,
SM_IO_WHAT_FD,
NULL),
(struct sockaddr *) &saddr_l,
&addrsize) == 0)
{
if (iptostring(&saddr_l, addrsize,
localip,
sizeof(localip)))
{
sasl_setprop(conn,
SASL_IPLOCALPORT,
localip);
}
}
}
}
# endif /* NETINET || NETINET6 */
# else /* SASL >= 20000 */
# if NETINET
in = macvalue(macid("{daemon_family}"), e);
if (in != NULL && strcmp(in, "inet") == 0)
{
SOCKADDR_LEN_T addrsize;
addrsize = sizeof(struct sockaddr_in);
if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
NULL),
(struct sockaddr *)&saddr_r,
&addrsize) == 0)
{
sasl_setprop(conn, SASL_IP_REMOTE, &saddr_r);
addrsize = sizeof(struct sockaddr_in);
if (getsockname(sm_io_getinfo(InChannel,
SM_IO_WHAT_FD,
NULL),
(struct sockaddr *)&saddr_l,
&addrsize) == 0)
sasl_setprop(conn, SASL_IP_LOCAL,
&saddr_l);
}
}
# endif /* NETINET */
# endif /* SASL >= 20000 */
auth_type = NULL;
mechlist = NULL;
user = NULL;
# if 0
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{auth_author}"), NULL);
-# endif /* 0 */
+# endif
/* set properties */
(void) memset(&ssp, '\0', sizeof(ssp));
/* XXX should these be options settable via .cf ? */
/* ssp.min_ssf = 0; is default due to memset() */
ssp.max_ssf = MaxSLBits;
ssp.maxbufsize = MAXOUTLEN;
ssp.security_flags = SASLOpts & SASL_SEC_MASK;
sasl_ok = sasl_setprop(conn, SASL_SEC_PROPS, &ssp) == SASL_OK;
if (sasl_ok)
{
/*
** external security strength factor;
** currently we have none so zero
*/
# if SASL >= 20000
ext_ssf = 0;
auth_id = NULL;
sasl_ok = ((sasl_setprop(conn, SASL_SSF_EXTERNAL,
&ext_ssf) == SASL_OK) &&
(sasl_setprop(conn, SASL_AUTH_EXTERNAL,
auth_id) == SASL_OK));
# else /* SASL >= 20000 */
ext_ssf.ssf = 0;
ext_ssf.auth_id = NULL;
sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL,
&ext_ssf) == SASL_OK;
# endif /* SASL >= 20000 */
}
if (sasl_ok)
n_mechs = saslmechs(conn, &mechlist);
}
#endif /* SASL */
(void) set_tls_rd_tmo(TimeOuts.to_nextcommand);
#if MILTER
if (smtp.sm_milterize)
{
char state;
/* initialize mail filter connection */
smtp.sm_milterlist = milter_init(e, &state, &smtp.sm_milters);
switch (state)
{
case SMFIR_REJECT:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: initialization failed, rejecting commands");
greetcode = "554";
nullserver = "Command rejected";
smtp.sm_milterize = false;
break;
case SMFIR_TEMPFAIL:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: initialization failed, temp failing commands");
tempfail = true;
smtp.sm_milterize = false;
break;
case SMFIR_SHUTDOWN:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: initialization failed, closing connection");
tempfail = true;
smtp.sm_milterize = false;
message("421 4.7.0 %s closing connection",
MyHostName);
/* arrange to ignore send list */
e->e_sendqueue = NULL;
lognullconnection = false;
goto doquit;
}
}
if (smtp.sm_milterlist && smtp.sm_milterize &&
!bitset(EF_DISCARD, e->e_flags))
{
char state;
char *response;
q = macvalue(macid("{client_name}"), e);
SM_ASSERT(q != NULL || OpMode == MD_SMTP);
if (q == NULL)
q = "localhost";
response = milter_connect(q, RealHostAddr, e, &state);
switch (state)
{
#if _FFR_MILTER_CONNECT_REPLYCODE
case SMFIR_REPLYCODE:
if (*response == '5')
{
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: connect: host=%s, addr=%s, reject=%s",
peerhostname,
anynet_ntoa(&RealHostAddr),
response);
greetcode = "554"; /* Required by 2821 3.1 */
nullserver = newstr(response);
if (strlen(nullserver) > 4)
{
int skip;
greetmsg = nullserver + 4;
/* skip over enhanced status code */
skip = isenhsc(greetmsg, ' ');
if (skip > 0)
greetmsg += skip + 1;
}
smtp.sm_milterize = false;
break;
}
else if (strncmp(response, "421 ", 4) == 0)
{
int skip;
const char *msg = response + 4;
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: connect: host=%s, addr=%s, shutdown=%s",
peerhostname,
anynet_ntoa(&RealHostAddr),
response);
tempfail = true;
smtp.sm_milterize = false;
/* skip over enhanced status code */
skip = isenhsc(msg, ' ');
if (skip > 0)
msg += skip + 1;
message("421 %s %s", MyHostName, msg);
/* arrange to ignore send list */
e->e_sendqueue = NULL;
goto doquit;
}
else
{
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: connect: host=%s, addr=%s, temp failing commands=%s",
peerhostname,
anynet_ntoa(&RealHostAddr),
response);
/*tempfail = true;*/
smtp.sm_milterize = false;
nullserver = newstr(response);
break;
}
#else /* _FFR_MILTER_CONNECT_REPLYCODE */
case SMFIR_REPLYCODE: /* REPLYCODE shouldn't happen */
#endif /* _FFR_MILTER_CONNECT_REPLYCODE */
case SMFIR_REJECT:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: connect: host=%s, addr=%s, rejecting commands",
peerhostname,
anynet_ntoa(&RealHostAddr));
greetcode = "554";
nullserver = "Command rejected";
smtp.sm_milterize = false;
break;
case SMFIR_TEMPFAIL:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: connect: host=%s, addr=%s, temp failing commands",
peerhostname,
anynet_ntoa(&RealHostAddr));
tempfail = true;
smtp.sm_milterize = false;
break;
case SMFIR_SHUTDOWN:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: connect: host=%s, addr=%s, shutdown",
peerhostname,
anynet_ntoa(&RealHostAddr));
tempfail = true;
smtp.sm_milterize = false;
message("421 4.7.0 %s closing connection",
MyHostName);
/* arrange to ignore send list */
e->e_sendqueue = NULL;
goto doquit;
}
if (response != NULL)
sm_free(response);
}
#endif /* MILTER */
/*
** Broken proxies and SMTP slammers
** push data without waiting, catch them
*/
if (
#if STARTTLS
!smtps &&
-#endif /* STARTTLS */
+#endif
*greetcode == '2' && nullserver == NULL)
{
time_t msecs = 0;
char **pvp;
char pvpbuf[PSBUFSIZE];
/* Ask the rulesets how long to pause */
pvp = NULL;
r = rscap("greet_pause", peerhostname,
anynet_ntoa(&RealHostAddr), e,
&pvp, pvpbuf, sizeof(pvpbuf));
if (r == EX_OK && pvp != NULL && pvp[0] != NULL &&
(pvp[0][0] & 0377) == CANONNET && pvp[1] != NULL)
{
msecs = strtol(pvp[1], NULL, 10);
}
if (msecs > 0)
{
int fd;
fd_set readfds;
struct timeval timeout;
struct timeval bp, ep, tp; /* {begin,end,total}pause */
int eoftest;
/* pause for a moment */
timeout.tv_sec = msecs / 1000;
timeout.tv_usec = (msecs % 1000) * 1000;
/* Obey RFC 2821: 4.3.5.2: 220 timeout of 5 minutes */
if (timeout.tv_sec >= 300)
{
timeout.tv_sec = 300;
timeout.tv_usec = 0;
}
/* check if data is on the socket during the pause */
fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
FD_ZERO(&readfds);
SM_FD_SET(fd, &readfds);
gettimeofday(&bp, NULL);
if (select(fd + 1, FDSET_CAST &readfds,
NULL, NULL, &timeout) > 0 &&
FD_ISSET(fd, &readfds) &&
(eoftest = sm_io_getc(InChannel, SM_TIME_DEFAULT))
!= SM_IO_EOF)
{
sm_io_ungetc(InChannel, SM_TIME_DEFAULT,
eoftest);
gettimeofday(&ep, NULL);
timersub(&ep, &bp, &tp);
greetcode = "554";
nullserver = "Command rejected";
sm_syslog(LOG_INFO, e->e_id,
"rejecting commands from %s [%s] due to pre-greeting traffic after %d seconds",
peerhostname,
anynet_ntoa(&RealHostAddr),
(int) tp.tv_sec +
(tp.tv_usec >= 500000 ? 1 : 0)
);
}
}
}
#if STARTTLS
/* If this an smtps connection, start TLS now */
if (smtps)
{
+ if (!tls_ok_srv || srv_ctx == NULL)
+ {
+ sm_syslog(LOG_ERR, e->e_id,
+ "smtps: TLS not available, exiting");
+ exit(EX_CONFIG);
+ }
Errors = 0;
+ first = true;
+ gothello = false;
+ smtp.sm_gotmail = false;
goto starttls;
}
greeting:
#endif /* STARTTLS */
/* output the first line, inserting "ESMTP" as second word */
if (*greetcode == '5')
(void) sm_snprintf(inp, sizeof(inp), "%s %s", hostname,
greetmsg);
else
expand(SmtpGreeting, inp, sizeof(inp), e);
p = strchr(inp, '\n');
if (p != NULL)
*p++ = '\0';
id = strchr(inp, ' ');
if (id == NULL)
id = &inp[strlen(inp)];
if (p == NULL)
(void) sm_snprintf(cmdbuf, sizeof(cmdbuf),
"%s %%.*s ESMTP%%s", greetcode);
else
(void) sm_snprintf(cmdbuf, sizeof(cmdbuf),
"%s-%%.*s ESMTP%%s", greetcode);
message(cmdbuf, (int) (id - inp), inp, id);
/* output remaining lines */
while ((id = p) != NULL && (p = strchr(id, '\n')) != NULL)
{
*p++ = '\0';
- if (isascii(*id) && isspace(*id))
+ if (SM_ISSPACE(*id))
id++;
(void) sm_strlcpyn(cmdbuf, sizeof(cmdbuf), 2, greetcode, "-%s");
message(cmdbuf, id);
}
if (id != NULL)
{
- if (isascii(*id) && isspace(*id))
+ if (SM_ISSPACE(*id))
id++;
(void) sm_strlcpyn(cmdbuf, sizeof(cmdbuf), 2, greetcode, " %s");
message(cmdbuf, id);
}
protocol = NULL;
sendinghost = macvalue('s', e);
/* If quarantining by a connect/ehlo action, save between messages */
if (e->e_quarmsg == NULL)
smtp.sm_quarmsg = NULL;
else
smtp.sm_quarmsg = newstr(e->e_quarmsg);
/* sendinghost's storage must outlive the current envelope */
if (sendinghost != NULL)
sendinghost = sm_strdup_x(sendinghost);
first = true;
gothello = false;
smtp.sm_gotmail = false;
for (;;)
{
SM_TRY
{
QuickAbort = false;
HoldErrs = false;
SuprErrs = false;
LogUsrErrs = false;
OnlyOneError = true;
e->e_flags &= ~(EF_VRFYONLY|EF_GLOBALERRS);
#if MILTER
milter_cmd_fail = false;
-#endif /* MILTER */
+#endif
/* setup for the read */
e->e_to = NULL;
Errors = 0;
FileName = NULL;
(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
/* read the input line */
SmtpPhase = "server cmd read";
sm_setproctitle(true, e, "server %s cmd read", CurSmtpClient);
/* handle errors */
if (sm_io_error(OutChannel) ||
(p = sfgets(inp, sizeof(inp), InChannel,
TimeOuts.to_nextcommand, SmtpPhase)) == NULL)
{
char *d;
d = macvalue(macid("{daemon_name}"), e);
if (d == NULL)
d = "stdin";
/* end of file, just die */
disconnect(1, e);
#if MILTER
/* close out milter filters */
milter_quit(e);
-#endif /* MILTER */
+#endif
message("421 4.4.1 %s Lost input channel from %s",
MyHostName, CurSmtpClient);
if (LogLevel > (smtp.sm_gotmail ? 1 : 19))
sm_syslog(LOG_NOTICE, e->e_id,
"lost input channel from %s to %s after %s",
CurSmtpClient, d,
(c == NULL || c->cmd_name == NULL) ? "startup" : c->cmd_name);
/*
** If have not accepted mail (DATA), do not bounce
** bad addresses back to sender.
*/
if (bitset(EF_CLRQUEUE, e->e_flags))
e->e_sendqueue = NULL;
goto doquit;
}
/* also used by "proxy" check below */
inplen = strlen(inp);
#if SASL
/*
** SMTP AUTH requires accepting any length,
** at least for challenge/response. However, not imposing
** a limit is a bad idea (denial of service).
*/
if (authenticating != SASL_PROC_AUTH
&& sm_strncasecmp(inp, "AUTH ", 5) != 0
&& inplen > MAXLINE)
{
message("421 4.7.0 %s Command too long, possible attack %s",
MyHostName, CurSmtpClient);
sm_syslog(LOG_INFO, e->e_id,
"%s: SMTP violation, input too long: %lu",
CurSmtpClient, (unsigned long) inplen);
goto doquit;
}
#endif /* SASL */
if (first)
{
size_t cmdlen;
int idx;
char *http_cmd;
static char *http_cmds[] = { "GET", "POST",
"CONNECT", "USER", NULL };
for (idx = 0; (http_cmd = http_cmds[idx]) != NULL;
idx++)
{
cmdlen = strlen(http_cmd);
if (cmdlen < inplen &&
sm_strncasecmp(inp, http_cmd, cmdlen) == 0 &&
- isascii(inp[cmdlen]) && isspace(inp[cmdlen]))
+ SM_ISSPACE(inp[cmdlen]))
{
/* Open proxy, drop it */
message("421 4.7.0 %s Rejecting open proxy %s",
MyHostName, CurSmtpClient);
sm_syslog(LOG_INFO, e->e_id,
"%s: probable open proxy: command=%.40s",
CurSmtpClient, inp);
goto doquit;
}
}
first = false;
}
/* clean up end of line */
fixcrlf(inp, true);
#if PIPELINING
# if _FFR_NO_PIPE
/*
** if there is more input and pipelining is disabled:
** delay ... (and maybe discard the input?)
** XXX this doesn't really work, at least in tests using
** telnet SM_IO_IS_READABLE only returns 1 if there were
** more than 2 input lines available.
*/
if (bitset(SRV_NO_PIPE, features) &&
sm_io_getinfo(InChannel, SM_IO_IS_READABLE, NULL) > 0)
{
if (++np_log < 3)
sm_syslog(LOG_INFO, NOQID,
"unauthorized PIPELINING, sleeping, relay=%.100s",
CurSmtpClient);
sleep(1);
}
# endif /* _FFR_NO_PIPE */
#endif /* PIPELINING */
#if SASL
if (authenticating == SASL_PROC_AUTH)
{
# if 0
if (*inp == '\0')
{
authenticating = SASL_NOT_AUTH;
message("501 5.5.2 missing input");
RESET_SASLCONN;
continue;
}
# endif /* 0 */
if (*inp == '*' && *(inp + 1) == '\0')
{
authenticating = SASL_NOT_AUTH;
/* RFC 2554 4. */
message("501 5.0.0 AUTH aborted");
RESET_SASLCONN;
continue;
}
/* could this be shorter? XXX */
# if SASL >= 20000
in = xalloc(strlen(inp) + 1);
result = sasl_decode64(inp, strlen(inp), in,
strlen(inp), &inlen);
# else /* SASL >= 20000 */
out = xalloc(strlen(inp));
result = sasl_decode64(inp, strlen(inp), out, &outlen);
# endif /* SASL >= 20000 */
if (result != SASL_OK)
{
authenticating = SASL_NOT_AUTH;
/* RFC 2554 4. */
message("501 5.5.4 cannot decode AUTH parameter %s",
inp);
# if SASL >= 20000
sm_free(in);
-# endif /* SASL >= 20000 */
+# endif
RESET_SASLCONN;
continue;
}
# if SASL >= 20000
+ SET_AUTH_USER_TMP(in, inlen);
result = sasl_server_step(conn, in, inlen,
&out, &outlen);
sm_free(in);
# else /* SASL >= 20000 */
+ SET_AUTH_USER_TMP(out, outlen);
result = sasl_server_step(conn, out, outlen,
&out, &outlen, &errstr);
# endif /* SASL >= 20000 */
/* get an OK if we're done */
if (result == SASL_OK)
{
authenticated:
message("235 2.0.0 OK Authenticated");
authenticating = SASL_IS_AUTH;
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{auth_type}"), auth_type);
# if SASL >= 20000
user = macvalue(macid("{auth_authen}"), e);
/* get security strength (features) */
result = sasl_getprop(conn, SASL_SSF,
(const void **) &ssf);
# else /* SASL >= 20000 */
result = sasl_getprop(conn, SASL_USERNAME,
(void **)&user);
if (result != SASL_OK)
{
user = "";
macdefine(&BlankEnvelope.e_macro,
A_PERM,
macid("{auth_authen}"), NULL);
}
else
{
macdefine(&BlankEnvelope.e_macro,
A_TEMP,
macid("{auth_authen}"),
xtextify(user, "<>\")"));
}
# if 0
/* get realm? */
sasl_getprop(conn, SASL_REALM, (void **) &data);
-# endif /* 0 */
+# endif
/* get security strength (features) */
result = sasl_getprop(conn, SASL_SSF,
(void **) &ssf);
# endif /* SASL >= 20000 */
if (result != SASL_OK)
{
macdefine(&BlankEnvelope.e_macro,
A_PERM,
macid("{auth_ssf}"), "0");
ssf = NULL;
}
else
{
char pbuf[8];
(void) sm_snprintf(pbuf, sizeof(pbuf),
"%u", *ssf);
macdefine(&BlankEnvelope.e_macro,
A_TEMP,
macid("{auth_ssf}"), pbuf);
if (tTd(95, 8))
sm_dprintf("AUTH auth_ssf: %u\n",
*ssf);
}
protocol = GET_PROTOCOL();
/*
** Only switch to encrypted connection
** if a security layer has been negotiated
*/
if (ssf != NULL && *ssf > 0)
{
int tmo;
/*
** Convert I/O layer to use SASL.
** If the call fails, the connection
** is aborted.
*/
tmo = TimeOuts.to_datablock * 1000;
if (sfdcsasl(&InChannel, &OutChannel,
conn, tmo) == 0)
{
/* restart dialogue */
n_helo = 0;
# if PIPELINING
(void) sm_io_autoflush(InChannel,
OutChannel);
# endif /* PIPELINING */
}
else
syserr("503 5.3.3 SASL TLS failed");
}
/* NULL pointer ok since it's our function */
if (LogLevel > 8)
sm_syslog(LOG_INFO, NOQID,
"AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d",
CurSmtpClient,
shortenstring(user, 128),
auth_type, *ssf);
}
else if (result == SASL_CONTINUE)
{
+ SET_AUTH_USER;
+
len = ENC64LEN(outlen);
out2 = xalloc(len);
result = sasl_encode64(out, outlen, out2, len,
&out2len);
if (result != SASL_OK)
{
/* correct code? XXX */
/* 454 Temp. authentication failure */
message("454 4.5.4 Internal error: unable to encode64");
if (LogLevel > 5)
sm_syslog(LOG_WARNING, e->e_id,
"AUTH encode64 error [%d for \"%s\"], relay=%.100s",
result, out,
CurSmtpClient);
/* start over? */
authenticating = SASL_NOT_AUTH;
}
else
{
message("334 %s", out2);
if (tTd(95, 2))
sm_dprintf("AUTH continue: msg='%s' len=%u\n",
out2, out2len);
}
# if SASL >= 20000
sm_free(out2);
-# endif /* SASL >= 20000 */
+# endif
}
else
{
- /* not SASL_OK or SASL_CONT */
- message("535 5.7.0 authentication failed");
- if (LogLevel > 9)
- sm_syslog(LOG_WARNING, e->e_id,
- "AUTH failure (%s): %s (%d) %s, relay=%.100s",
- auth_type,
- sasl_errstring(result, NULL,
- NULL),
- result,
+
# if SASL >= 20000
- sasl_errdetail(conn),
-# else /* SASL >= 20000 */
- errstr == NULL ? "" : errstr,
-# endif /* SASL >= 20000 */
- CurSmtpClient);
- RESET_SASLCONN;
+# define SASLERR sasl_errdetail(conn)
+# else
+# define SASLERR errstr == NULL ? "" : errstr
+# endif
+#define LOGAUTHFAIL \
+ do \
+ { \
+ SET_AUTH_USER_CONDITIONALLY \
+ message("535 5.7.0 authentication failed"); \
+ if (LogLevel >= 9) \
+ sm_syslog(LOG_WARNING, e->e_id, \
+ "AUTH failure (%s): %s (%d) %s%s%.*s, relay=%.100s", \
+ (auth_type != NULL) ? auth_type : "unknown", \
+ sasl_errstring(result, NULL, NULL), \
+ result, \
+ SASLERR, \
+ LOG_AUTH_FAIL_USER, \
+ CurSmtpClient); \
+ RESET_SASLCONN; \
+ } while (0)
+
+
+ LOGAUTHFAIL;
authenticating = SASL_NOT_AUTH;
}
}
else
{
/* don't want to do any of this if authenticating */
#endif /* SASL */
/* echo command to transcript */
if (e->e_xfp != NULL)
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"<<< %s\n", inp);
if (LogLevel > 14)
sm_syslog(LOG_INFO, e->e_id, "<-- %s", inp);
/* break off command */
- for (p = inp; isascii(*p) && isspace(*p); p++)
+ for (p = inp; SM_ISSPACE(*p); p++)
continue;
cmd = cmdbuf;
while (*p != '\0' &&
- !(isascii(*p) && isspace(*p)) &&
+ !(SM_ISSPACE(*p)) &&
cmd < &cmdbuf[sizeof(cmdbuf) - 2])
*cmd++ = *p++;
*cmd = '\0';
/* throw away leading whitespace */
SKIP_SPACE(p);
/* decode command */
for (c = CmdTab; c->cmd_name != NULL; c++)
{
if (sm_strcasecmp(c->cmd_name, cmdbuf) == 0)
break;
}
/* reset errors */
errno = 0;
/* check whether a "non-null" command has been used */
switch (c->cmd_code)
{
#if SASL
case CMDAUTH:
/* avoid information leak; take first two words? */
q = "AUTH";
break;
#endif /* SASL */
case CMDMAIL:
case CMDEXPN:
case CMDVRFY:
case CMDETRN:
lognullconnection = false;
/* FALLTHROUGH */
default:
q = inp;
break;
}
if (e->e_id == NULL)
sm_setproctitle(true, e, "%s: %.80s",
CurSmtpClient, q);
else
sm_setproctitle(true, e, "%s %s: %.80s",
qid_printname(e),
CurSmtpClient, q);
/*
** Process command.
**
** If we are running as a null server, return 550
** to almost everything.
*/
if (nullserver != NULL || bitnset(D_ETRNONLY, d_flags))
{
switch (c->cmd_code)
{
case CMDQUIT:
case CMDHELO:
case CMDEHLO:
case CMDNOOP:
case CMDRSET:
case CMDERROR:
/* process normally */
break;
case CMDETRN:
if (bitnset(D_ETRNONLY, d_flags) &&
nullserver == NULL)
break;
DELAY_CONN("ETRN");
/* FALLTHROUGH */
default:
#if MAXBADCOMMANDS > 0
/* theoretically this could overflow */
if (nullserver != NULL &&
++n_badcmds > MAXBADCOMMANDS)
{
message("421 4.7.0 %s Too many bad commands; closing connection",
MyHostName);
/* arrange to ignore send list */
e->e_sendqueue = NULL;
goto doquit;
}
#endif /* MAXBADCOMMANDS > 0 */
if (nullserver != NULL)
{
if (ISSMTPREPLY(nullserver))
+ {
+ /* Can't use ("%s", ...) due to usrerr() requirements */
usrerr(nullserver);
+ }
else
+ {
usrerr("550 5.0.0 %s",
nullserver);
+ }
}
else
usrerr("452 4.4.5 Insufficient disk space; try again later");
continue;
}
}
switch (c->cmd_code)
{
#if SASL
case CMDAUTH: /* sasl */
DELAY_CONN("AUTH");
if (!sasl_ok || n_mechs <= 0)
{
message("503 5.3.3 AUTH not available");
break;
}
if (authenticating == SASL_IS_AUTH)
{
message("503 5.5.0 Already Authenticated");
break;
}
if (smtp.sm_gotmail)
{
message("503 5.5.0 AUTH not permitted during a mail transaction");
break;
}
if (tempfail)
{
if (LogLevel > 9)
sm_syslog(LOG_INFO, e->e_id,
"SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)",
p, CurSmtpClient);
usrerr("454 4.3.0 Please try again later");
break;
}
ismore = false;
/* crude way to avoid crack attempts */
STOP_IF_ATTACK(checksmtpattack(&n_auth, n_mechs + 1,
true, "AUTH", e));
/* make sure mechanism (p) is a valid string */
for (q = p; *q != '\0' && isascii(*q); q++)
{
if (isspace(*q))
{
*q = '\0';
- while (*++q != '\0' &&
- isascii(*q) && isspace(*q))
+ while (*++q != '\0' && SM_ISSPACE(*q))
continue;
*(q - 1) = '\0';
ismore = (*q != '\0');
break;
}
}
if (*p == '\0')
{
message("501 5.5.2 AUTH mechanism must be specified");
break;
}
/* check whether mechanism is available */
if (iteminlist(p, mechlist, " ") == NULL)
{
message("504 5.3.3 AUTH mechanism %.32s not available",
p);
break;
}
/*
** RFC 2554 4.
** Unlike a zero-length client answer to a
** 334 reply, a zero- length initial response
** is sent as a single equals sign ("=").
*/
if (ismore && *q == '=' && *(q + 1) == '\0')
{
/* will be free()d, don't use in=""; */
in = xalloc(1);
*in = '\0';
inlen = 0;
}
else if (ismore)
{
/* could this be shorter? XXX */
# if SASL >= 20000
in = xalloc(strlen(q) + 1);
result = sasl_decode64(q, strlen(q), in,
strlen(q), &inlen);
# else /* SASL >= 20000 */
in = sm_rpool_malloc(e->e_rpool, strlen(q));
result = sasl_decode64(q, strlen(q), in,
&inlen);
# endif /* SASL >= 20000 */
+
if (result != SASL_OK)
{
message("501 5.5.4 cannot BASE64 decode '%s'",
q);
if (LogLevel > 5)
sm_syslog(LOG_WARNING, e->e_id,
"AUTH decode64 error [%d for \"%s\"], relay=%.100s",
result, q,
CurSmtpClient);
/* start over? */
authenticating = SASL_NOT_AUTH;
# if SASL >= 20000
sm_free(in);
-# endif /* SASL >= 20000 */
+# endif
in = NULL;
inlen = 0;
break;
}
+ SET_AUTH_USER_TMP(in, inlen);
}
else
{
in = NULL;
inlen = 0;
}
/* see if that auth type exists */
# if SASL >= 20000
result = sasl_server_start(conn, p, in, inlen,
&out, &outlen);
- if (in != NULL)
- sm_free(in);
+ SM_FREE(in);
# else /* SASL >= 20000 */
result = sasl_server_start(conn, p, in, inlen,
&out, &outlen, &errstr);
# endif /* SASL >= 20000 */
+ if (p != NULL)
+ auth_type = newstr(p);
if (result != SASL_OK && result != SASL_CONTINUE)
{
- message("535 5.7.0 authentication failed");
- if (LogLevel > 9)
- sm_syslog(LOG_ERR, e->e_id,
- "AUTH failure (%s): %s (%d) %s, relay=%.100s",
- p,
- sasl_errstring(result, NULL,
- NULL),
- result,
-# if SASL >= 20000
- sasl_errdetail(conn),
-# else /* SASL >= 20000 */
- errstr,
-# endif /* SASL >= 20000 */
- CurSmtpClient);
- RESET_SASLCONN;
+ LOGAUTHFAIL;
break;
}
- auth_type = newstr(p);
if (result == SASL_OK)
{
/* ugly, but same code */
goto authenticated;
/* authenticated by the initial response */
}
+ SET_AUTH_USER;
+
/* len is at least 2 */
len = ENC64LEN(outlen);
out2 = xalloc(len);
result = sasl_encode64(out, outlen, out2, len,
&out2len);
if (result != SASL_OK)
{
message("454 4.5.4 Temporary authentication failure");
if (LogLevel > 5)
sm_syslog(LOG_WARNING, e->e_id,
"AUTH encode64 error [%d for \"%s\"]",
result, out);
/* start over? */
authenticating = SASL_NOT_AUTH;
RESET_SASLCONN;
}
else
{
message("334 %s", out2);
authenticating = SASL_PROC_AUTH;
}
# if SASL >= 20000
sm_free(out2);
-# endif /* SASL >= 20000 */
+# endif
break;
#endif /* SASL */
#if STARTTLS
case CMDSTLS: /* starttls */
DELAY_CONN("STARTTLS");
if (*p != '\0')
{
message("501 5.5.2 Syntax error (no parameters allowed)");
break;
}
if (!bitset(SRV_OFFER_TLS, features))
{
message("503 5.5.0 TLS not available");
break;
}
+ starttls:
if (!tls_ok_srv)
{
message("454 4.3.3 TLS not available after start");
break;
}
if (smtp.sm_gotmail)
{
message("503 5.5.0 TLS not permitted during a mail transaction");
break;
}
if (tempfail)
{
if (LogLevel > 9)
sm_syslog(LOG_INFO, e->e_id,
"SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)",
p, CurSmtpClient);
usrerr("454 4.7.0 Please try again later");
break;
}
- starttls:
-# if USE_OPENSSL_ENGINE
- if (!SSLEngineInitialized)
+ if (!TLS_set_engine(SSLEngine, false))
{
- if (!SSL_set_engine(NULL))
- {
- sm_syslog(LOG_ERR, NOQID,
- "STARTTLS=server, SSL_set_engine=failed");
- tls_ok_srv = false;
- message("454 4.3.3 TLS not available right now");
- break;
- }
- else
- SSLEngineInitialized = true;
+ sm_syslog(LOG_ERR, NOQID,
+ "STARTTLS=server, engine=%s, TLS_set_engine=failed",
+ SSLEngine);
+ tls_ok_srv = false;
+ message("454 4.3.3 TLS not available right now");
+ break;
}
-# endif /* USE_OPENSSL_ENGINE */
# if TLS_NO_RSA
/*
** XXX do we need a temp key ?
*/
-# else /* TLS_NO_RSA */
-# endif /* TLS_NO_RSA */
+# endif
# if TLS_VRFY_PER_CTX
/*
** Note: this sets the verification globally
** (per SSL_CTX)
** it's ok since it applies only to one transaction
*/
TLS_VERIFY_CLIENT();
# endif /* TLS_VRFY_PER_CTX */
+#define SMTLSFAILED \
+ do { \
+ SM_SSL_FREE(srv_ssl); \
+ goto tls_done; \
+ } while (0)
+
if (srv_ssl != NULL)
SSL_clear(srv_ssl);
else if ((srv_ssl = SSL_new(srv_ctx)) == NULL)
{
message("454 4.3.3 TLS not available: error generating SSL handle");
- if (LogLevel > 8)
- tlslogerr(LOG_WARNING, "server");
+ tlslogerr(LOG_WARNING, 8, "server");
goto tls_done;
}
-
- if (get_tls_se_options(e, srv_ssl, true) != 0)
+ if (get_tls_se_options(e, srv_ssl, &tlsi_ctx, true)
+ != 0)
{
message("454 4.3.3 TLS not available: error setting options");
- SSL_free(srv_ssl);
- srv_ssl = NULL;
- goto tls_done;
+ SMTLSFAILED;
+ }
+ r = SSL_set_ex_data(srv_ssl, TLSsslidx, &tlsi_ctx);
+ if (0 == r)
+ {
+ if (LogLevel > 5)
+ {
+ sm_syslog(LOG_ERR, NOQID,
+ "STARTTLS=server, error: SSL_set_ex_data failed=%d",
+ r);
+ tlslogerr(LOG_WARNING, 9, "server");
+ }
+ SMTLSFAILED;
}
# if !TLS_VRFY_PER_CTX
/*
** this could be used if it were possible to set
** verification per SSL (connection)
** not just per SSL_CTX (global)
*/
TLS_VERIFY_CLIENT();
# endif /* !TLS_VRFY_PER_CTX */
rfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
wfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL);
if (rfd < 0 || wfd < 0 ||
SSL_set_rfd(srv_ssl, rfd) <= 0 ||
SSL_set_wfd(srv_ssl, wfd) <= 0)
{
message("454 4.3.3 TLS not available: error set fd");
- SSL_free(srv_ssl);
- srv_ssl = NULL;
- goto tls_done;
+ SMTLSFAILED;
}
if (!smtps)
message("220 2.0.0 Ready to start TLS");
# if PIPELINING
(void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
-# endif /* PIPELINING */
+# endif
SSL_set_accept_state(srv_ssl);
tlsstart = curtime();
- ssl_retry:
- if ((r = SSL_accept(srv_ssl)) <= 0)
- {
- int i, ssl_err;
- int save_errno = errno;
- ssl_err = SSL_get_error(srv_ssl, r);
- i = tls_retry(srv_ssl, rfd, wfd, tlsstart,
+ ssl_err = SSL_ERROR_WANT_READ;
+ save_errno = 0;
+ do
+ {
+ tlsret = tls_retry(srv_ssl, rfd, wfd, tlsstart,
TimeOuts.to_starttls, ssl_err,
"server");
- if (i > 0)
- goto ssl_retry;
-
- if (LogLevel > 5)
+ if (tlsret <= 0)
{
- unsigned long l;
- const char *sr;
-
- l = ERR_peek_error();
- sr = ERR_reason_error_string(l);
- sm_syslog(LOG_WARNING, NOQID,
- "STARTTLS=server, error: accept failed=%d, reason=%s, SSL_error=%d, errno=%d, retry=%d, relay=%.100s",
- r, sr == NULL ? "unknown"
- : sr,
- ssl_err, save_errno, i,
- CurSmtpClient);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, "server");
- }
- tls_ok_srv = false;
- SSL_free(srv_ssl);
- srv_ssl = NULL;
+ if (LogLevel > 5)
+ {
+ unsigned long l;
+ const char *sr;
+
+ l = ERR_peek_error();
+ sr = ERR_reason_error_string(l);
+
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=server, error: accept failed=%d, reason=%s, SSL_error=%d, errno=%d, retry=%d, relay=%.100s",
+ r, sr == NULL ? "unknown"
+ : sr,
+ ssl_err, save_errno,
+ tlsret, CurSmtpClient);
+ tlslogerr(LOG_WARNING, 9, "server");
+ }
+ tls_ok_srv = false;
+ SM_SSL_FREE(srv_ssl);
- /*
- ** according to the next draft of
- ** RFC 2487 the connection should be dropped
- */
+ /*
+ ** according to the next draft of
+ ** RFC 2487 the connection should
+ ** be dropped
+ **
+ ** arrange to ignore any current
+ ** send list
+ */
- /* arrange to ignore any current send list */
- e->e_sendqueue = NULL;
- goto doquit;
- }
+ e->e_sendqueue = NULL;
+ goto doquit;
+ }
+
+ r = SSL_accept(srv_ssl);
+ save_errno = 0;
+ if (r <= 0)
+ ssl_err = SSL_get_error(srv_ssl, r);
+ } while (r <= 0);
/* ignore return code for now, it's in {verify} */
(void) tls_get_info(srv_ssl, true,
CurSmtpClient,
&BlankEnvelope.e_macro,
bitset(SRV_VRFY_CLT, features));
/*
** call Stls_client to find out whether
** to accept the connection from the client
*/
saveQuickAbort = QuickAbort;
saveSuprErrs = SuprErrs;
SuprErrs = true;
QuickAbort = false;
if (rscheck("tls_client",
macvalue(macid("{verify}"), e),
"STARTTLS", e,
RSF_RMCOMM|RSF_COUNT,
5, NULL, NOQID, NULL, NULL) != EX_OK ||
Errors > 0)
{
extern char MsgBuf[];
if (MsgBuf[0] != '\0' && ISSMTPREPLY(MsgBuf))
nullserver = newstr(MsgBuf);
else
nullserver = "503 5.7.0 Authentication required.";
}
QuickAbort = saveQuickAbort;
SuprErrs = saveSuprErrs;
tls_ok_srv = false; /* don't offer STARTTLS again */
n_helo = 0;
# if SASL
if (sasl_ok)
{
int cipher_bits;
bool verified;
char *s, *v, *c;
s = macvalue(macid("{cipher_bits}"), e);
v = macvalue(macid("{verify}"), e);
c = macvalue(macid("{cert_subject}"), e);
verified = (v != NULL && strcmp(v, "OK") == 0);
if (s != NULL && (cipher_bits = atoi(s)) > 0)
{
# if SASL >= 20000
ext_ssf = cipher_bits;
auth_id = verified ? c : NULL;
sasl_ok = ((sasl_setprop(conn,
SASL_SSF_EXTERNAL,
&ext_ssf) == SASL_OK) &&
(sasl_setprop(conn,
SASL_AUTH_EXTERNAL,
auth_id) == SASL_OK));
# else /* SASL >= 20000 */
ext_ssf.ssf = cipher_bits;
ext_ssf.auth_id = verified ? c : NULL;
sasl_ok = sasl_setprop(conn,
SASL_SSF_EXTERNAL,
&ext_ssf) == SASL_OK;
# endif /* SASL >= 20000 */
mechlist = NULL;
if (sasl_ok)
n_mechs = saslmechs(conn,
&mechlist);
}
}
# endif /* SASL */
/* switch to secure connection */
if (sfdctls(&InChannel, &OutChannel, srv_ssl) == 0)
{
tls_active = true;
# if PIPELINING
(void) sm_io_autoflush(InChannel, OutChannel);
-# endif /* PIPELINING */
+# endif
}
else
{
/*
** XXX this is an internal error
** how to deal with it?
** we can't generate an error message
** since the other side switched to an
** encrypted layer, but we could not...
** just "hang up"?
*/
nullserver = "454 4.3.3 TLS not available: can't switch to encrypted layer";
syserr("STARTTLS: can't switch to encrypted layer");
}
tls_done:
if (smtps)
{
if (tls_active)
goto greeting;
else
goto doquit;
}
break;
#endif /* STARTTLS */
case CMDHELO: /* hello -- introduce yourself */
case CMDEHLO: /* extended hello */
DELAY_CONN("EHLO");
if (c->cmd_code == CMDEHLO)
{
protocol = GET_PROTOCOL();
SmtpPhase = "server EHLO";
}
else
{
protocol = "SMTP";
SmtpPhase = "server HELO";
}
/* avoid denial-of-service */
STOP_IF_ATTACK(checksmtpattack(&n_helo, MAXHELOCOMMANDS,
true, "HELO/EHLO", e));
#if 0
/* RFC2821 4.1.4 allows duplicate HELO/EHLO */
/* check for duplicate HELO/EHLO per RFC 1651 4.2 */
if (gothello)
{
usrerr("503 %s Duplicate HELO/EHLO",
MyHostName);
break;
}
#endif /* 0 */
/* check for valid domain name (re 1123 5.2.5) */
if (*p == '\0' && !AllowBogusHELO)
{
usrerr("501 %s requires domain address",
cmdbuf);
break;
}
/* check for long domain name (hides Received: info) */
if (strlen(p) > MAXNAME)
{
usrerr("501 Invalid domain name");
if (LogLevel > 9)
sm_syslog(LOG_INFO, CurEnv->e_id,
"invalid domain name (too long) from %s",
CurSmtpClient);
break;
}
ok = true;
for (q = p; *q != '\0'; q++)
{
if (!isascii(*q))
break;
if (isalnum(*q))
continue;
if (isspace(*q))
{
*q = '\0';
/* only complain if strict check */
ok = AllowBogusHELO;
/* allow trailing whitespace */
while (!ok && *++q != '\0' &&
isspace(*q))
;
if (*q == '\0')
ok = true;
break;
}
if (strchr("[].-_#:", *q) == NULL)
break;
}
if (*q == '\0' && ok)
{
q = "pleased to meet you";
sendinghost = sm_strdup_x(p);
}
else if (!AllowBogusHELO)
{
usrerr("501 Invalid domain name");
if (LogLevel > 9)
sm_syslog(LOG_INFO, CurEnv->e_id,
"invalid domain name (%s) from %.100s",
p, CurSmtpClient);
break;
}
else
{
q = "accepting invalid domain name";
}
if (gothello || smtp.sm_gotmail)
CLEAR_STATE(cmdbuf);
#if MILTER
if (smtp.sm_milterlist && smtp.sm_milterize &&
!bitset(EF_DISCARD, e->e_flags))
{
char state;
char *response;
response = milter_helo(p, e, &state);
switch (state)
{
case SMFIR_REJECT:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: helo=%s, reject=Command rejected",
p);
nullserver = "Command rejected";
smtp.sm_milterize = false;
break;
case SMFIR_TEMPFAIL:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: helo=%s, reject=%s",
p, MSG_TEMPFAIL);
tempfail = true;
smtp.sm_milterize = false;
break;
case SMFIR_REPLYCODE:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: helo=%s, reject=%s",
p, response);
if (strncmp(response, "421 ", 4) != 0
&& strncmp(response, "421-", 4) != 0)
{
nullserver = newstr(response);
smtp.sm_milterize = false;
break;
}
/* FALLTHROUGH */
case SMFIR_SHUTDOWN:
if (MilterLogLevel > 3 &&
response == NULL)
sm_syslog(LOG_INFO, e->e_id,
"Milter: helo=%s, reject=421 4.7.0 %s closing connection",
p, MyHostName);
tempfail = true;
smtp.sm_milterize = false;
if (response != NULL)
+ {
+ /* Can't use ("%s", ...) due to usrerr() requirements */
usrerr(response);
+ }
else
+ {
message("421 4.7.0 %s closing connection",
MyHostName);
+ }
/* arrange to ignore send list */
e->e_sendqueue = NULL;
lognullconnection = false;
goto doquit;
}
if (response != NULL)
sm_free(response);
/*
** If quarantining by a connect/ehlo action,
** save between messages
*/
if (smtp.sm_quarmsg == NULL &&
e->e_quarmsg != NULL)
smtp.sm_quarmsg = newstr(e->e_quarmsg);
}
#endif /* MILTER */
gothello = true;
/* print HELO response message */
if (c->cmd_code != CMDEHLO)
{
message("250 %s Hello %s, %s",
MyHostName, CurSmtpClient, q);
break;
}
message("250-%s Hello %s, %s",
MyHostName, CurSmtpClient, q);
/* offer ENHSC even for nullserver */
if (nullserver != NULL)
{
message("250 ENHANCEDSTATUSCODES");
break;
}
/*
** print EHLO features list
**
** Note: If you change this list,
** remember to update 'helpfile'
*/
message("250-ENHANCEDSTATUSCODES");
#if PIPELINING
if (bitset(SRV_OFFER_PIPE, features))
message("250-PIPELINING");
-#endif /* PIPELINING */
+#endif
if (bitset(SRV_OFFER_EXPN, features))
{
message("250-EXPN");
if (bitset(SRV_OFFER_VERB, features))
message("250-VERB");
}
#if MIME8TO7
message("250-8BITMIME");
-#endif /* MIME8TO7 */
+#endif
if (MaxMessageSize > 0)
message("250-SIZE %ld", MaxMessageSize);
else
message("250-SIZE");
#if DSN
if (SendMIMEErrors && bitset(SRV_OFFER_DSN, features))
message("250-DSN");
-#endif /* DSN */
+#endif
+#if _FFR_EAI
+ if (bitset(SRV_OFFER_EAI, features))
+ message("250-SMTPUTF8");
+#endif /* _FFR_EAI */
if (bitset(SRV_OFFER_ETRN, features))
message("250-ETRN");
#if SASL
if (sasl_ok && mechlist != NULL && *mechlist != '\0')
message("250-AUTH %s", mechlist);
-#endif /* SASL */
+#endif
#if STARTTLS
if (tls_ok_srv && bitset(SRV_OFFER_TLS, features))
message("250-STARTTLS");
-#endif /* STARTTLS */
+#endif
if (DeliverByMin > 0)
message("250-DELIVERBY %ld",
(long) DeliverByMin);
else if (DeliverByMin == 0)
message("250-DELIVERBY");
/* < 0: no deliver-by */
message("250 HELP");
break;
case CMDMAIL: /* mail -- designate sender */
SmtpPhase = "server MAIL";
DELAY_CONN("MAIL");
/* check for validity of this command */
if (!gothello && bitset(PRIV_NEEDMAILHELO, PrivacyFlags))
{
usrerr("503 5.0.0 Polite people say HELO first");
break;
}
if (smtp.sm_gotmail)
{
usrerr("503 5.5.0 Sender already specified");
break;
}
#if SASL
if (bitset(SRV_REQ_AUTH, features) &&
authenticating != SASL_IS_AUTH)
{
usrerr("530 5.7.0 Authentication required");
break;
}
#endif /* SASL */
p = skipword(p, "from");
if (p == NULL)
break;
if (tempfail)
{
if (LogLevel > 9)
sm_syslog(LOG_INFO, e->e_id,
"SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)",
p, CurSmtpClient);
+ /* Can't use ("%s", ...) due to usrerr() requirements */
usrerr(MSG_TEMPFAIL);
break;
}
/* make sure we know who the sending host is */
if (sendinghost == NULL)
sendinghost = peerhostname;
#if SM_HEAP_CHECK
if (sm_debug_active(&DebugLeakSmtp, 1))
{
sm_heap_newgroup();
sm_dprintf("smtp() heap group #%d\n",
sm_heap_group());
}
#endif /* SM_HEAP_CHECK */
if (Errors > 0)
goto undo_no_pm;
if (!gothello)
{
auth_warning(e, "%s didn't use HELO protocol",
CurSmtpClient);
}
#ifdef PICKY_HELO_CHECK
if (sm_strcasecmp(sendinghost, peerhostname) != 0 &&
(sm_strcasecmp(peerhostname, "localhost") != 0 ||
sm_strcasecmp(sendinghost, MyHostName) != 0))
{
auth_warning(e, "Host %s claimed to be %s",
CurSmtpClient, sendinghost);
}
#endif /* PICKY_HELO_CHECK */
if (protocol == NULL)
protocol = "SMTP";
macdefine(&e->e_macro, A_PERM, 'r', protocol);
macdefine(&e->e_macro, A_PERM, 's', sendinghost);
if (Errors > 0)
goto undo_no_pm;
smtp.sm_nrcpts = 0;
n_badrcpts = 0;
macdefine(&e->e_macro, A_PERM, macid("{ntries}"), "0");
macdefine(&e->e_macro, A_PERM, macid("{nrcpts}"), "0");
macdefine(&e->e_macro, A_PERM, macid("{nbadrcpts}"),
"0");
e->e_flags |= EF_CLRQUEUE;
sm_setproctitle(true, e, "%s %s: %.80s",
qid_printname(e),
CurSmtpClient, inp);
/* do the processing */
SM_TRY
{
extern char *FullName;
QuickAbort = true;
- SM_FREE_CLR(FullName);
+ SM_FREE(FullName);
/* must parse sender first */
delimptr = NULL;
setsender(p, e, &delimptr, ' ', false);
if (delimptr != NULL && *delimptr != '\0')
*delimptr++ = '\0';
if (Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
/* Successfully set e_from, allow logging */
e->e_flags |= EF_LOGSENDER;
/* put resulting triple from parseaddr() into macros */
if (e->e_from.q_mailer != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{mail_mailer}"),
e->e_from.q_mailer->m_name);
else
macdefine(&e->e_macro, A_PERM,
macid("{mail_mailer}"), NULL);
if (e->e_from.q_host != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{mail_host}"),
e->e_from.q_host);
else
macdefine(&e->e_macro, A_PERM,
macid("{mail_host}"), "localhost");
if (e->e_from.q_user != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{mail_addr}"),
e->e_from.q_user);
else
macdefine(&e->e_macro, A_PERM,
macid("{mail_addr}"), NULL);
if (Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
/* check for possible spoofing */
if (RealUid != 0 && OpMode == MD_SMTP &&
!wordinclass(RealUserName, 't') &&
(!bitnset(M_LOCALMAILER,
e->e_from.q_mailer->m_flags) ||
strcmp(e->e_from.q_user, RealUserName) != 0))
{
auth_warning(e, "%s owned process doing -bs",
RealUserName);
}
/* reset to default value */
SevenBitInput = SevenBitInput_Saved;
/* now parse ESMTP arguments */
e->e_msgsize = 0;
addr = p;
parse_esmtp_args(e, NULL, p, delimptr, "MAIL", args,
mail_esmtp_args);
if (Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
+#if _FFR_EAI
+ if (e->e_smtputf8)
+ {
+ protocol = GET_PROTOCOL();
+ macdefine(&e->e_macro, A_PERM, 'r', protocol);
+ }
+
+ /* UTF8 addresses are only legal with SMTPUTF8 */
+ if (!e->e_smtputf8 && !addr_is_ascii(e->e_from.q_paddr))
+ {
+ usrerr("553 5.6.7 That address requires SMTPUTF8");
+ sm_exc_raisenew_x(&EtypeQuickAbort, 1);
+ }
+#endif
+
#if SASL
# if _FFR_AUTH_PASSING
/* set the default AUTH= if the sender didn't */
if (e->e_auth_param == NULL)
{
/* XXX only do this for an MSA? */
e->e_auth_param = macvalue(macid("{auth_authen}"),
e);
if (e->e_auth_param == NULL)
e->e_auth_param = "<>";
/*
** XXX should we invoke Strust_auth now?
** authorizing as the client that just
** authenticated, so we'll trust implicitly
*/
}
# endif /* _FFR_AUTH_PASSING */
#endif /* SASL */
/* do config file checking of the sender */
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), "e s");
#if _FFR_MAIL_MACRO
/* make the "real" sender address available */
macdefine(&e->e_macro, A_TEMP, macid("{mail_from}"),
e->e_from.q_paddr);
-#endif /* _FFR_MAIL_MACRO */
+#endif
if (rscheck("check_mail", addr,
NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
NULL, e->e_id, NULL, NULL) != EX_OK ||
Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), NULL);
if (MaxMessageSize > 0 &&
(e->e_msgsize > MaxMessageSize ||
e->e_msgsize < 0))
{
usrerr("552 5.2.3 Message size exceeds fixed maximum message size (%ld)",
MaxMessageSize);
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
}
/*
** XXX always check whether there is at least one fs
** with enough space?
** However, this may not help much: the queue group
** selection may later on select a FS that hasn't
** enough space.
*/
if ((NumFileSys == 1 || NumQueue == 1) &&
!enoughdiskspace(e->e_msgsize, e)
#if _FFR_ANY_FREE_FS
&& !filesys_free(e->e_msgsize)
-#endif /* _FFR_ANY_FREE_FS */
+#endif
)
{
/*
** We perform this test again when the
** queue directory is selected, in collect.
*/
usrerr("452 4.4.5 Insufficient disk space; try again later");
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
}
if (Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
LogUsrErrs = true;
#if MILTER
if (smtp.sm_milterlist && smtp.sm_milterize &&
!bitset(EF_DISCARD, e->e_flags))
{
char state;
char *response;
response = milter_envfrom(args, e, &state);
MILTER_REPLY("from");
}
#endif /* MILTER */
if (Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
message("250 2.1.0 Sender ok");
smtp.sm_gotmail = true;
}
SM_EXCEPT(exc, "[!F]*")
{
/*
** An error occurred while processing a MAIL command.
** Jump to the common error handling code.
*/
sm_exc_free(exc);
goto undo_no_pm;
}
SM_END_TRY
break;
undo_no_pm:
e->e_flags &= ~EF_PM_NOTIFY;
undo:
break;
case CMDRCPT: /* rcpt -- designate recipient */
DELAY_CONN("RCPT");
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_mailer}"), NULL);
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_host}"), NULL);
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_addr}"), NULL);
#if MILTER
(void) memset(&addr_st, '\0', sizeof(addr_st));
a = NULL;
milter_rcpt_added = false;
smtp.sm_e_nrcpts_orig = e->e_nrcpts;
#endif
#if _FFR_BADRCPT_SHUTDOWN
/*
** hack to deal with hack, see below:
** n_badrcpts is increased if limit is reached.
*/
n_badrcpts_adj = (BadRcptThrottle > 0 &&
n_badrcpts > BadRcptThrottle &&
LogLevel > 5)
? n_badrcpts - 1 : n_badrcpts;
if (BadRcptShutdown > 0 &&
n_badrcpts_adj >= BadRcptShutdown &&
(BadRcptShutdownGood == 0 ||
smtp.sm_nrcpts == 0 ||
(n_badrcpts_adj * 100 /
(smtp.sm_nrcpts + n_badrcpts) >=
BadRcptShutdownGood)))
{
if (LogLevel > 5)
sm_syslog(LOG_INFO, e->e_id,
"%s: Possible SMTP RCPT flood, shutting down connection.",
CurSmtpClient);
message("421 4.7.0 %s Too many bad recipients; closing connection",
MyHostName);
/* arrange to ignore any current send list */
e->e_sendqueue = NULL;
goto doquit;
}
#endif /* _FFR_BADRCPT_SHUTDOWN */
if (BadRcptThrottle > 0 &&
n_badrcpts >= BadRcptThrottle)
{
if (LogLevel > 5 &&
n_badrcpts == BadRcptThrottle)
{
sm_syslog(LOG_INFO, e->e_id,
"%s: Possible SMTP RCPT flood, throttling.",
CurSmtpClient);
/* To avoid duplicated message */
n_badrcpts++;
}
NBADRCPTS;
/*
** Don't use exponential backoff for now.
** Some systems will open more connections
** and actually overload the receiver even
** more.
*/
(void) sleep(BadRcptThrottleDelay);
}
if (!smtp.sm_gotmail)
{
usrerr("503 5.0.0 Need MAIL before RCPT");
break;
}
SmtpPhase = "server RCPT";
SM_TRY
{
QuickAbort = true;
LogUsrErrs = true;
/* limit flooding of our machine */
if (MaxRcptPerMsg > 0 &&
smtp.sm_nrcpts >= MaxRcptPerMsg)
{
/* sleep(1); / * slow down? */
usrerr("452 4.5.3 Too many recipients");
goto rcpt_done;
}
if (!SM_IS_INTERACTIVE(e->e_sendmode)
#if _FFR_DM_ONE
&& (NotFirstDelivery || SM_DM_ONE != e->e_sendmode)
-#endif /* _FFR_DM_ONE */
+#endif
)
e->e_flags |= EF_VRFYONLY;
#if MILTER
/*
** Do not expand recipients at RCPT time (in the call
** to recipient()) if a milter can delete or reject
** a RCPT. If they are expanded, it is impossible
** for removefromlist() to figure out the expanded
** members of the original recipient and mark them
** as QS_DONTSEND.
*/
- if (!(smtp.sm_milterlist && smtp.sm_milterize &&
- !bitset(EF_DISCARD, e->e_flags)) &&
+ if (smtp.sm_milterlist && smtp.sm_milterize &&
+ !bitset(EF_DISCARD, e->e_flags) &&
(smtp.sm_milters.mis_flags &
(MIS_FL_DEL_RCPT|MIS_FL_REJ_RCPT)) != 0)
e->e_flags |= EF_VRFYONLY;
milter_cmd_done = false;
milter_cmd_safe = false;
#endif /* MILTER */
p = skipword(p, "to");
if (p == NULL)
goto rcpt_done;
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), "e r");
a = parseaddr(p, NULLADDR, RF_COPYALL, ' ', &delimptr,
e, true);
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), NULL);
if (Errors > 0)
goto rcpt_done;
if (a == NULL)
{
usrerr("501 5.0.0 Missing recipient");
goto rcpt_done;
}
+#if _FFR_EAI
+ if (!e->e_smtputf8 && !addr_is_ascii(a->q_paddr))
+ {
+ usrerr("553 5.6.7 Address requires SMTPUTF8");
+ goto rcpt_done;
+ }
+#endif
if (delimptr != NULL && *delimptr != '\0')
*delimptr++ = '\0';
/* put resulting triple from parseaddr() into macros */
if (a->q_mailer != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_mailer}"),
a->q_mailer->m_name);
else
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_mailer}"), NULL);
if (a->q_host != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_host}"), a->q_host);
else
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_host}"), "localhost");
if (a->q_user != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_addr}"), a->q_user);
else
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_addr}"), NULL);
if (Errors > 0)
goto rcpt_done;
/* now parse ESMTP arguments */
addr = p;
parse_esmtp_args(e, a, p, delimptr, "RCPT", args,
rcpt_esmtp_args);
if (Errors > 0)
goto rcpt_done;
#if MILTER
/*
** rscheck() can trigger an "exception"
** in which case the execution continues at
** SM_EXCEPT(exc, "[!F]*")
** This means milter_cmd_safe is not set
** and hence milter is not invoked.
** Would it be "safe" to change that, i.e., use
** milter_cmd_safe = true;
** here so a milter is informed (if requested)
** about RCPTs that are rejected by check_rcpt?
*/
# if _FFR_MILTER_CHECK_REJECTIONS_TOO
milter_cmd_safe = true;
# endif
#endif
/* do config file checking of the recipient */
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), "e r");
if (rscheck("check_rcpt", addr,
NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
NULL, e->e_id, p_addr_st, NULL) != EX_OK ||
Errors > 0)
goto rcpt_done;
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), NULL);
/* If discarding, don't bother to verify user */
if (bitset(EF_DISCARD, e->e_flags))
a->q_state = QS_VERIFIED;
#if MILTER
milter_cmd_safe = true;
#endif
addbcc(a, e);
rcptmods(a, e);
/* save in recipient list after ESMTP mods */
a = recipient(a, &e->e_sendqueue, 0, e);
/* may trigger exception... */
#if MILTER
milter_rcpt_added = true;
#endif
if(!(Errors > 0) && QS_IS_BADADDR(a->q_state))
{
/* punt -- should keep message in ADDRESS.... */
usrerr("550 5.1.1 Addressee unknown");
}
#if MILTER
rcpt_done:
if (smtp.sm_milterlist && smtp.sm_milterize &&
!bitset(EF_DISCARD, e->e_flags))
{
char state;
char *response;
/* how to get the error codes? */
if (Errors > 0)
{
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_mailer}"),
"error");
if (a != NULL &&
a->q_status != NULL &&
a->q_rstatus != NULL)
{
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_host}"),
a->q_status);
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_addr}"),
a->q_rstatus);
}
else
{
if (addr_st.q_host != NULL)
macdefine(&e->e_macro,
A_PERM,
macid("{rcpt_host}"),
addr_st.q_host);
if (addr_st.q_user != NULL)
macdefine(&e->e_macro,
A_PERM,
macid("{rcpt_addr}"),
addr_st.q_user);
}
}
response = milter_envrcpt(args, e, &state,
Errors > 0);
milter_cmd_done = true;
MILTER_REPLY("to");
}
#endif /* MILTER */
/* no errors during parsing, but might be a duplicate */
e->e_to = a->q_paddr;
if (!(Errors > 0) && !QS_IS_BADADDR(a->q_state))
{
if (smtp.sm_nrcpts == 0)
initsys(e);
message("250 2.1.5 Recipient ok%s",
QS_IS_QUEUEUP(a->q_state) ?
" (will queue)" : "");
smtp.sm_nrcpts++;
}
/* Is this needed? */
#if !MILTER
rcpt_done:
-#endif /* !MILTER */
-
+#endif
+
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_mailer}"), NULL);
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_host}"), NULL);
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_addr}"), NULL);
macdefine(&e->e_macro, A_PERM,
macid("{dsn_notify}"), NULL);
if (Errors > 0)
{
++n_badrcpts;
NBADRCPTS;
}
}
SM_EXCEPT(exc, "[!F]*")
{
/* An exception occurred while processing RCPT */
e->e_flags &= ~(EF_FATALERRS|EF_PM_NOTIFY);
++n_badrcpts;
NBADRCPTS;
#if MILTER
if (smtp.sm_milterlist && smtp.sm_milterize &&
!bitset(EF_DISCARD, e->e_flags) &&
!milter_cmd_done && milter_cmd_safe)
{
char state;
char *response;
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_mailer}"), "error");
/* how to get the error codes? */
if (addr_st.q_host != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_host}"),
addr_st.q_host);
else if (a != NULL && a->q_status != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_host}"),
a->q_status);
if (addr_st.q_user != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_addr}"),
addr_st.q_user);
else if (a != NULL && a->q_rstatus != NULL)
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_addr}"),
a->q_rstatus);
response = milter_envrcpt(args, e, &state,
true);
milter_cmd_done = true;
MILTER_REPLY("to");
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_mailer}"), NULL);
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_host}"), NULL);
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_addr}"), NULL);
}
if (smtp.sm_milterlist && smtp.sm_milterize &&
milter_rcpt_added && milter_cmd_done &&
milter_cmd_fail)
{
(void) removefromlist(addr, &e->e_sendqueue, e);
milter_cmd_fail = false;
if (smtp.sm_e_nrcpts_orig < e->e_nrcpts)
e->e_nrcpts = smtp.sm_e_nrcpts_orig;
}
#endif /* MILTER */
}
SM_END_TRY
break;
case CMDDATA: /* data -- text of mail */
DELAY_CONN("DATA");
if (!smtp_data(&smtp, e))
goto doquit;
break;
case CMDRSET: /* rset -- reset state */
if (tTd(94, 100))
message("451 4.0.0 Test failure");
else
message("250 2.0.0 Reset state");
CLEAR_STATE(cmdbuf);
break;
case CMDVRFY: /* vrfy -- verify address */
case CMDEXPN: /* expn -- expand address */
vrfy = c->cmd_code == CMDVRFY;
DELAY_CONN(vrfy ? "VRFY" : "EXPN");
if (tempfail)
{
if (LogLevel > 9)
sm_syslog(LOG_INFO, e->e_id,
"SMTP %s command (%.100s) from %s tempfailed (due to previous checks)",
vrfy ? "VRFY" : "EXPN",
p, CurSmtpClient);
/* RFC 821 doesn't allow 4xy reply code */
usrerr("550 5.7.1 Please try again later");
break;
}
wt = checksmtpattack(&n_verifies, MAXVRFYCOMMANDS,
false, vrfy ? "VRFY" : "EXPN", e);
STOP_IF_ATTACK(wt);
previous = curtime();
if ((vrfy && bitset(PRIV_NOVRFY, PrivacyFlags)) ||
(!vrfy && !bitset(SRV_OFFER_EXPN, features)))
{
if (vrfy)
message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)");
else
message("502 5.7.0 Sorry, we do not allow this operation");
if (LogLevel > 5)
sm_syslog(LOG_INFO, e->e_id,
"%s: %s [rejected]",
CurSmtpClient,
shortenstring(inp, MAXSHORTSTR));
break;
}
else if (!gothello &&
bitset(vrfy ? PRIV_NEEDVRFYHELO : PRIV_NEEDEXPNHELO,
PrivacyFlags))
{
usrerr("503 5.0.0 I demand that you introduce yourself first");
break;
}
if (Errors > 0)
break;
if (LogLevel > 5)
sm_syslog(LOG_INFO, e->e_id, "%s: %s",
CurSmtpClient,
shortenstring(inp, MAXSHORTSTR));
SM_TRY
{
QuickAbort = true;
vrfyqueue = NULL;
if (vrfy)
e->e_flags |= EF_VRFYONLY;
- while (*p != '\0' && isascii(*p) && isspace(*p))
+ while (*p != '\0' && SM_ISSPACE(*p))
p++;
if (*p == '\0')
{
usrerr("501 5.5.2 Argument required");
}
else
{
/* do config file checking of the address */
if (rscheck(vrfy ? "check_vrfy" : "check_expn",
p, NULL, e, RSF_RMCOMM, 3, NULL,
NOQID, NULL, NULL) != EX_OK ||
Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
(void) sendtolist(p, NULLADDR, &vrfyqueue, 0, e);
}
if (wt > 0)
{
time_t t;
t = wt - (curtime() - previous);
if (t > 0)
(void) sleep(t);
}
if (Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
if (vrfyqueue == NULL)
{
usrerr("554 5.5.2 Nothing to %s", vrfy ? "VRFY" : "EXPN");
}
while (vrfyqueue != NULL)
{
if (!QS_IS_UNDELIVERED(vrfyqueue->q_state))
{
vrfyqueue = vrfyqueue->q_next;
continue;
}
/* see if there is more in the vrfy list */
a = vrfyqueue;
while ((a = a->q_next) != NULL &&
(!QS_IS_UNDELIVERED(a->q_state)))
continue;
printvrfyaddr(vrfyqueue, a == NULL, vrfy);
vrfyqueue = a;
}
}
SM_EXCEPT(exc, "[!F]*")
{
/*
** An exception occurred while processing VRFY/EXPN
*/
sm_exc_free(exc);
goto undo;
}
SM_END_TRY
break;
case CMDETRN: /* etrn -- force queue flush */
DELAY_CONN("ETRN");
/* Don't leak queue information via debug flags */
if (!bitset(SRV_OFFER_ETRN, features) || UseMSP ||
(RealUid != 0 && RealUid != TrustedUid &&
OpMode == MD_SMTP))
{
/* different message for MSA ? */
message("502 5.7.0 Sorry, we do not allow this operation");
if (LogLevel > 5)
sm_syslog(LOG_INFO, e->e_id,
"%s: %s [rejected]",
CurSmtpClient,
shortenstring(inp, MAXSHORTSTR));
break;
}
if (tempfail)
{
if (LogLevel > 9)
sm_syslog(LOG_INFO, e->e_id,
"SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)",
p, CurSmtpClient);
+ /* Can't use ("%s", ...) due to usrerr() requirements */
usrerr(MSG_TEMPFAIL);
break;
}
if (strlen(p) <= 0)
{
usrerr("500 5.5.2 Parameter required");
break;
}
/* crude way to avoid denial-of-service attacks */
STOP_IF_ATTACK(checksmtpattack(&n_etrn, MAXETRNCOMMANDS,
true, "ETRN", e));
/*
** Do config file checking of the parameter.
** Even though we have srv_features now, we still
** need this ruleset because the former is called
** when the connection has been established, while
** this ruleset is called when the command is
** actually issued and therefore has all information
** available to make a decision.
*/
if (rscheck("check_etrn", p, NULL, e, RSF_RMCOMM, 3,
NULL, NOQID, NULL, NULL) != EX_OK ||
Errors > 0)
break;
if (LogLevel > 5)
sm_syslog(LOG_INFO, e->e_id,
"%s: ETRN %s", CurSmtpClient,
shortenstring(p, MAXSHORTSTR));
id = p;
if (*id == '#')
{
int i, qgrp;
id++;
qgrp = name2qid(id);
if (!ISVALIDQGRP(qgrp))
{
usrerr("459 4.5.4 Queue %s unknown",
id);
break;
}
for (i = 0; i < NumQueue && Queue[i] != NULL;
i++)
Queue[i]->qg_nextrun = (time_t) -1;
Queue[qgrp]->qg_nextrun = 0;
ok = run_work_group(Queue[qgrp]->qg_wgrp,
RWG_FORK|RWG_FORCE);
if (ok && Errors == 0)
message("250 2.0.0 Queuing for queue group %s started", id);
break;
}
if (*id == '@')
id++;
else
*--id = '@';
new = (QUEUE_CHAR *) sm_malloc(sizeof(QUEUE_CHAR));
if (new == NULL)
{
syserr("500 5.5.0 ETRN out of memory");
break;
}
new->queue_match = id;
new->queue_negate = false;
new->queue_next = NULL;
QueueLimitRecipient = new;
ok = runqueue(true, false, false, true);
sm_free(QueueLimitRecipient); /* XXX */
QueueLimitRecipient = NULL;
if (ok && Errors == 0)
message("250 2.0.0 Queuing for node %s started", p);
break;
case CMDHELP: /* help -- give user info */
DELAY_CONN("HELP");
help(p, e);
break;
case CMDNOOP: /* noop -- do nothing */
DELAY_CONN("NOOP");
STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands,
true, "NOOP", e));
message("250 2.0.0 OK");
break;
case CMDQUIT: /* quit -- leave mail */
message("221 2.0.0 %s closing connection", MyHostName);
#if PIPELINING
(void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
-#endif /* PIPELINING */
+#endif
if (smtp.sm_nrcpts > 0)
logundelrcpts(e, "aborted by sender", 9, false);
/* arrange to ignore any current send list */
e->e_sendqueue = NULL;
#if STARTTLS
/* shutdown TLS connection */
if (tls_active)
{
- (void) endtls(srv_ssl, "server");
+ (void) endtls(&srv_ssl, "server");
tls_active = false;
}
#endif /* STARTTLS */
#if SASL
if (authenticating == SASL_IS_AUTH)
{
sasl_dispose(&conn);
authenticating = SASL_NOT_AUTH;
/* XXX sasl_done(); this is a child */
}
#endif /* SASL */
doquit:
/* avoid future 050 messages */
disconnect(1, e);
#if MILTER
/* close out milter filters */
milter_quit(e);
-#endif /* MILTER */
+#endif
if (tTd(92, 2))
sm_dprintf("QUIT: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
e->e_id,
bitset(EF_LOGSENDER, e->e_flags),
LogLevel);
if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
logsender(e, NULL);
e->e_flags &= ~EF_LOGSENDER;
if (lognullconnection && LogLevel > 5 &&
nullserver == NULL)
{
char *d;
d = macvalue(macid("{daemon_name}"), e);
if (d == NULL)
d = "stdin";
/*
** even though this id is "bogus", it makes
** it simpler to "grep" related events, e.g.,
** timeouts for the same connection.
*/
sm_syslog(LOG_INFO, e->e_id,
"%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s",
CurSmtpClient, d);
}
if (tTd(93, 100))
{
/* return to handle next connection */
return;
}
finis(true, true, ExitStat);
/* NOTREACHED */
/* just to avoid bogus warning from some compilers */
exit(EX_OSERR);
case CMDVERB: /* set verbose mode */
DELAY_CONN("VERB");
if (!bitset(SRV_OFFER_EXPN, features) ||
!bitset(SRV_OFFER_VERB, features))
{
/* this would give out the same info */
message("502 5.7.0 Verbose unavailable");
break;
}
STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands,
true, "VERB", e));
Verbose = 1;
set_delivery_mode(SM_DELIVER, e);
message("250 2.0.0 Verbose mode");
break;
#if SMTPDEBUG
case CMDDBGQSHOW: /* show queues */
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Send Queue=");
printaddr(smioout, e->e_sendqueue, true);
break;
case CMDDBGDEBUG: /* set debug mode */
tTsetup(tTdvect, sizeof(tTdvect), "0-99.1");
tTflag(p);
message("200 2.0.0 Debug set");
break;
#else /* SMTPDEBUG */
case CMDDBGQSHOW: /* show queues */
case CMDDBGDEBUG: /* set debug mode */
#endif /* SMTPDEBUG */
case CMDLOGBOGUS: /* bogus command */
DELAY_CONN("Bogus");
if (LogLevel > 0)
sm_syslog(LOG_CRIT, e->e_id,
"\"%s\" command from %s (%.100s)",
c->cmd_name, CurSmtpClient,
anynet_ntoa(&RealHostAddr));
/* FALLTHROUGH */
case CMDERROR: /* unknown command */
#if MAXBADCOMMANDS > 0
if (++n_badcmds > MAXBADCOMMANDS)
{
stopattack:
message("421 4.7.0 %s Too many bad commands; closing connection",
MyHostName);
/* arrange to ignore any current send list */
e->e_sendqueue = NULL;
goto doquit;
}
#endif /* MAXBADCOMMANDS > 0 */
#if MILTER && SMFI_VERSION > 2
if (smtp.sm_milterlist && smtp.sm_milterize &&
!bitset(EF_DISCARD, e->e_flags))
{
char state;
char *response;
if (MilterLogLevel > 9)
sm_syslog(LOG_INFO, e->e_id,
"Sending \"%s\" to Milter", inp);
response = milter_unknown(inp, e, &state);
MILTER_REPLY("unknown");
if (state == SMFIR_REPLYCODE ||
state == SMFIR_REJECT ||
state == SMFIR_TEMPFAIL ||
state == SMFIR_SHUTDOWN)
{
/* MILTER_REPLY already gave an error */
break;
}
}
#endif /* MILTER && SMFI_VERSION > 2 */
usrerr("500 5.5.1 Command unrecognized: \"%s\"",
shortenstring(inp, MAXSHORTSTR));
break;
case CMDUNIMPL:
DELAY_CONN("Unimpl");
usrerr("502 5.5.1 Command not implemented: \"%s\"",
shortenstring(inp, MAXSHORTSTR));
break;
default:
DELAY_CONN("default");
errno = 0;
syserr("500 5.5.0 smtp: unknown code %d", c->cmd_code);
break;
}
#if SASL
}
-#endif /* SASL */
+#endif
}
SM_EXCEPT(exc, "[!F]*")
{
/*
** The only possible exception is "E:mta.quickabort".
** There is nothing to do except fall through and loop.
*/
}
SM_END_TRY
}
}
/*
** SMTP_DATA -- implement the SMTP DATA command.
**
** Parameters:
** smtp -- status of SMTP connection.
** e -- envelope.
**
** Returns:
** true iff SMTP session can continue.
**
** Side Effects:
** possibly sends message.
*/
static bool
smtp_data(smtp, e)
SMTP_T *smtp;
ENVELOPE *e;
{
#if MILTER
bool milteraccept;
-#endif /* MILTER */
+#endif
bool aborting;
bool doublequeue;
bool rv = true;
ADDRESS *a;
ENVELOPE *ee;
char *id;
char *oldid;
unsigned int features;
char buf[32];
SmtpPhase = "server DATA";
if (!smtp->sm_gotmail)
{
usrerr("503 5.0.0 Need MAIL command");
return true;
}
else if (smtp->sm_nrcpts <= 0)
{
usrerr("503 5.0.0 Need RCPT (recipient)");
return true;
}
(void) sm_snprintf(buf, sizeof(buf), "%u", smtp->sm_nrcpts);
if (rscheck("check_data", buf, NULL, e,
RSF_RMCOMM|RSF_UNSTRUCTURED|RSF_COUNT, 3, NULL,
e->e_id, NULL, NULL) != EX_OK)
return true;
#if MILTER && SMFI_VERSION > 3
if (smtp->sm_milterlist && smtp->sm_milterize &&
!bitset(EF_DISCARD, e->e_flags))
{
char state;
char *response;
int savelogusrerrs = LogUsrErrs;
response = milter_data_cmd(e, &state);
switch (state)
{
case SMFIR_REPLYCODE:
if (MilterLogLevel > 3)
{
sm_syslog(LOG_INFO, e->e_id,
"Milter: cmd=data, reject=%s",
response);
LogUsrErrs = false;
}
#if _FFR_MILTER_ENHSC
if (ISSMTPCODE(response))
(void) extenhsc(response + 4, ' ', e->e_enhsc);
-#endif /* _FFR_MILTER_ENHSC */
+#endif
+ /* Can't use ("%s", ...) due to usrerr() requirements */
usrerr(response);
if (strncmp(response, "421 ", 4) == 0
|| strncmp(response, "421-", 4) == 0)
{
e->e_sendqueue = NULL;
return false;
}
return true;
case SMFIR_REJECT:
if (MilterLogLevel > 3)
{
sm_syslog(LOG_INFO, e->e_id,
"Milter: cmd=data, reject=550 5.7.1 Command rejected");
LogUsrErrs = false;
}
#if _FFR_MILTER_ENHSC
(void) sm_strlcpy(e->e_enhsc, "5.7.1",
sizeof(e->e_enhsc));
-#endif /* _FFR_MILTER_ENHSC */
+#endif
usrerr("550 5.7.1 Command rejected");
return true;
case SMFIR_DISCARD:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: cmd=data, discard");
e->e_flags |= EF_DISCARD;
break;
case SMFIR_TEMPFAIL:
if (MilterLogLevel > 3)
{
sm_syslog(LOG_INFO, e->e_id,
"Milter: cmd=data, reject=%s",
MSG_TEMPFAIL);
LogUsrErrs = false;
}
#if _FFR_MILTER_ENHSC
(void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc);
-#endif /* _FFR_MILTER_ENHSC */
+#endif
+ /* Can't use ("%s", ...) due to usrerr() requirements */
usrerr(MSG_TEMPFAIL);
return true;
case SMFIR_SHUTDOWN:
if (MilterLogLevel > 3)
{
sm_syslog(LOG_INFO, e->e_id,
"Milter: cmd=data, reject=421 4.7.0 %s closing connection",
MyHostName);
LogUsrErrs = false;
}
usrerr("421 4.7.0 %s closing connection", MyHostName);
e->e_sendqueue = NULL;
return false;
}
LogUsrErrs = savelogusrerrs;
if (response != NULL)
sm_free(response); /* XXX */
}
#endif /* MILTER && SMFI_VERSION > 3 */
/* put back discard bit */
if (smtp->sm_discard)
e->e_flags |= EF_DISCARD;
/* check to see if we need to re-expand aliases */
/* also reset QS_BADADDR on already-diagnosted addrs */
doublequeue = false;
for (a = e->e_sendqueue; a != NULL; a = a->q_next)
{
if (QS_IS_VERIFIED(a->q_state) &&
!bitset(EF_DISCARD, e->e_flags))
{
/* need to re-expand aliases */
doublequeue = true;
}
if (QS_IS_BADADDR(a->q_state))
{
/* make this "go away" */
a->q_state = QS_DONTSEND;
}
}
/* collect the text of the message */
SmtpPhase = "collect";
buffer_errors();
collect(InChannel, true, NULL, e, true);
/* redefine message size */
(void) sm_snprintf(buf, sizeof(buf), "%ld", PRT_NONNEGL(e->e_msgsize));
macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf);
/* rscheck() will set Errors or EF_DISCARD if it trips */
(void) rscheck("check_eom", buf, NULL, e, RSF_UNSTRUCTURED|RSF_COUNT,
3, NULL, e->e_id, NULL, NULL);
#if MILTER
milteraccept = true;
if (smtp->sm_milterlist && smtp->sm_milterize &&
Errors <= 0 &&
!bitset(EF_DISCARD, e->e_flags))
{
char state;
char *response;
response = milter_data(e, &state);
switch (state)
{
case SMFIR_REPLYCODE:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: data, reject=%s",
response);
milteraccept = false;
#if _FFR_MILTER_ENHSC
if (ISSMTPCODE(response))
(void) extenhsc(response + 4, ' ', e->e_enhsc);
-#endif /* _FFR_MILTER_ENHSC */
+#endif
+ /* Can't use ("%s", ...) due to usrerr() requirements */
usrerr(response);
if (strncmp(response, "421 ", 4) == 0
|| strncmp(response, "421-", 4) == 0)
rv = false;
break;
case SMFIR_REJECT:
milteraccept = false;
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: data, reject=554 5.7.1 Command rejected");
usrerr("554 5.7.1 Command rejected");
break;
case SMFIR_DISCARD:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: data, discard");
milteraccept = false;
e->e_flags |= EF_DISCARD;
break;
case SMFIR_TEMPFAIL:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: data, reject=%s",
MSG_TEMPFAIL);
milteraccept = false;
#if _FFR_MILTER_ENHSC
(void) extenhsc(MSG_TEMPFAIL + 4, ' ', e->e_enhsc);
-#endif /* _FFR_MILTER_ENHSC */
+#endif
+ /* Can't use ("%s", ...) due to usrerr() requirements */
usrerr(MSG_TEMPFAIL);
break;
case SMFIR_SHUTDOWN:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: data, reject=421 4.7.0 %s closing connection",
MyHostName);
milteraccept = false;
usrerr("421 4.7.0 %s closing connection", MyHostName);
rv = false;
break;
}
if (response != NULL)
sm_free(response);
}
/* Milter may have changed message size */
(void) sm_snprintf(buf, sizeof(buf), "%ld", PRT_NONNEGL(e->e_msgsize));
macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf);
/* abort message filters that didn't get the body & log msg is OK */
if (smtp->sm_milterlist && smtp->sm_milterize)
{
milter_abort(e);
if (milteraccept && MilterLogLevel > 9)
sm_syslog(LOG_INFO, e->e_id, "Milter accept: message");
}
/*
** If SuperSafe is SAFE_REALLY_POSTMILTER, and we don't have milter or
** milter accepted message, sync it now
**
** XXX This is almost a copy of the code in collect(): put it into
** a function that is called from both places?
*/
if (milteraccept && SuperSafe == SAFE_REALLY_POSTMILTER)
{
int afd;
SM_FILE_T *volatile df;
char *dfname;
df = e->e_dfp;
dfname = queuename(e, DATAFL_LETTER);
if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0
&& errno != EINVAL)
{
int save_errno;
save_errno = errno;
if (save_errno == EEXIST)
{
struct stat st;
int dfd;
if (stat(dfname, &st) < 0)
st.st_size = -1;
errno = EEXIST;
syserr("@collect: bfcommit(%s): already on disk, size=%ld",
dfname, (long) st.st_size);
dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
if (dfd >= 0)
dumpfd(dfd, true, true);
}
errno = save_errno;
dferror(df, "bfcommit", e);
flush_errors(true);
finis(save_errno != EEXIST, true, ExitStat);
}
else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
{
dferror(df, "sm_io_getinfo", e);
flush_errors(true);
finis(true, true, ExitStat);
/* NOTREACHED */
}
else if (fsync(afd) < 0)
{
dferror(df, "fsync", e);
flush_errors(true);
finis(true, true, ExitStat);
/* NOTREACHED */
}
else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
{
dferror(df, "sm_io_close", e);
flush_errors(true);
finis(true, true, ExitStat);
/* NOTREACHED */
}
/* Now reopen the df file */
e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
SM_IO_RDONLY, NULL);
if (e->e_dfp == NULL)
{
/* we haven't acked receipt yet, so just chuck this */
syserr("@Cannot reopen %s", dfname);
finis(true, true, ExitStat);
/* NOTREACHED */
}
}
#endif /* MILTER */
/* Check if quarantining stats should be updated */
if (e->e_quarmsg != NULL)
markstats(e, NULL, STATS_QUARANTINE);
/*
** If a header/body check (header checks or milter)
** set EF_DISCARD, don't queueup the message --
** that would lose the EF_DISCARD bit and deliver
** the message.
*/
if (bitset(EF_DISCARD, e->e_flags))
doublequeue = false;
aborting = Errors > 0;
if (!(aborting || bitset(EF_DISCARD, e->e_flags)) &&
(QueueMode == QM_QUARANTINE || e->e_quarmsg == NULL) &&
!split_by_recipient(e))
aborting = bitset(EF_FATALERRS, e->e_flags);
if (aborting)
{
ADDRESS *q;
/* Log who the mail would have gone to */
logundelrcpts(e, e->e_message, 8, false);
/*
** If something above refused the message, we still haven't
** accepted responsibility for it. Don't send DSNs.
*/
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
q->q_flags &= ~Q_PINGFLAGS;
flush_errors(true);
buffer_errors();
goto abortmessage;
}
/* from now on, we have to operate silently */
buffer_errors();
#if 0
/*
** Clear message, it may contain an error from the SMTP dialogue.
** This error must not show up in the queue.
** Some error message should show up, e.g., alias database
** not available, but others shouldn't, e.g., from check_rcpt.
*/
e->e_message = NULL;
#endif /* 0 */
/*
** Arrange to send to everyone.
** If sending to multiple people, mail back
** errors rather than reporting directly.
** In any case, don't mail back errors for
** anything that has happened up to
** now (the other end will do this).
** Truncate our transcript -- the mail has gotten
** to us successfully, and if we have
** to mail this back, it will be easier
** on the reader.
** Then send to everyone.
** Finally give a reply code. If an error has
** already been given, don't mail a
** message back.
** We goose error returns by clearing error bit.
*/
SmtpPhase = "delivery";
(void) sm_io_setinfo(e->e_xfp, SM_BF_TRUNCATE, NULL);
id = e->e_id;
#if NAMED_BIND
_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
-#endif /* NAMED_BIND */
+#endif
#if _FFR_PROXY
if (SM_PROXY_REQ == e->e_sendmode)
{
/* is proxy mode possible? */
if (e->e_sibling == NULL && e->e_nrcpts == 1
&& smtp->sm_nrcpts == 1
&& (a = e->e_sendqueue) != NULL && a->q_next == NULL)
{
a->q_flags &= ~(QPINGONFAILURE|QPINGONSUCCESS|
QPINGONDELAY);
e->e_errormode = EM_QUIET;
e->e_sendmode = SM_PROXY;
}
else
{
if (tTd(87, 2))
{
a = e->e_sendqueue;
sm_dprintf("srv: mode=%c, e=%p, sibling=%p, nrcpts=%d, sm_nrcpts=%d, sendqueue=%p, next=%p\n",
e->e_sendmode, e, e->e_sibling, e->e_nrcpts,
smtp->sm_nrcpts, a,
(a == NULL) ? (void *)0 : a->q_next);
}
/* switch to interactive mode */
e->e_sendmode = SM_DELIVER;
if (LogLevel > 9)
sm_syslog(LOG_DEBUG, e->e_id,
"proxy mode requested but not possible");
}
}
#endif /* _FFR_PROXY */
for (ee = e; ee != NULL; ee = ee->e_sibling)
{
/* make sure we actually do delivery */
ee->e_flags &= ~EF_CLRQUEUE;
/* from now on, operate silently */
ee->e_errormode = EM_MAIL;
if (doublequeue)
{
/* make sure it is in the queue */
queueup(ee, false, true);
}
else
{
int mode;
/* send to all recipients */
mode = SM_DEFAULT;
#if _FFR_DM_ONE
if (SM_DM_ONE == e->e_sendmode)
{
if (NotFirstDelivery)
{
mode = SM_QUEUE;
e->e_sendmode = SM_QUEUE;
}
else
{
mode = SM_FORK;
NotFirstDelivery = true;
}
}
#endif /* _FFR_DM_ONE */
sendall(ee, mode);
}
ee->e_to = NULL;
}
/* put back id for SMTP logging in putoutmsg() */
oldid = CurEnv->e_id;
CurEnv->e_id = id;
#if _FFR_PROXY
a = e->e_sendqueue;
if (tTd(87, 1))
{
sm_dprintf("srv: mode=%c, e=%p, sibling=%p, nrcpts=%d, msg=%s, sendqueue=%p, next=%p, state=%d, SmtpError=%s, rcode=%d, renhsc=%s, text=%s\n",
e->e_sendmode, e, e->e_sibling, e->e_nrcpts, e->e_message, a,
(a == NULL) ? (void *)0 : a->q_next,
(a == NULL) ? -1 : a->q_state, SmtpError, e->e_rcode,
e->e_renhsc, e->e_text);
}
if (SM_PROXY == e->e_sendmode && a->q_state != QS_SENT &&
a->q_state != QS_VERIFIED) /* discarded! */
{
char *m, *errtext;
char replycode[4];
char enhsc[10];
int offset;
#define NN_MSG(e) (((e)->e_message != NULL) ? (e)->e_message : "")
m = e->e_message;
#define SM_MSG_DEFERRED "Deferred: "
if (m != NULL && strncmp(SM_MSG_DEFERRED, m,
sizeof(SM_MSG_DEFERRED) - 1) == 0)
m += sizeof(SM_MSG_DEFERRED) - 1;
offset = extsc(m, ' ', replycode, enhsc);
if (tTd(87, 2))
{
sm_dprintf("srv: SmtpError=%s, rcode=%d, renhsc=%s, replycode=%s, enhsc=%s, offset=%d\n",
SmtpError, e->e_rcode, e->e_renhsc,
replycode, enhsc, offset);
}
#define DIG2CHAR(d) ((d) + '0')
if (e->e_rcode != 0 && (replycode[0] == '\0' ||
replycode[0] == DIG2CHAR(REPLYTYPE(e->e_rcode))))
{
replycode[0] = DIG2CHAR(REPLYTYPE(e->e_rcode));
replycode[1] = DIG2CHAR(REPLYCLASS(e->e_rcode));
replycode[2] = DIG2CHAR(REPLYMINOR(e->e_rcode));
replycode[3] = '\0';
if (e->e_renhsc[0] == replycode[0])
sm_strlcpy(enhsc, e->e_renhsc, sizeof(enhsc));
if (offset < 0)
offset = 0;
}
if (e->e_text != NULL)
{
(void) strreplnonprt(e->e_text, '_');
errtext = e->e_text;
}
else
errtext = m + offset;
if (replycode[0] != '\0' && enhsc[0] != '\0')
emessage(replycode, enhsc, "%s", errtext);
else if (replycode[0] != '\0')
emessage(replycode, smtptodsn(atoi(replycode)),
"%s", errtext);
else if (QS_IS_TEMPFAIL(a->q_state))
{
if (m != NULL)
message("450 4.5.1 %s", m);
else
message("450 4.5.1 Temporary error");
}
else
{
if (m != NULL)
message("550 5.5.1 %s", m);
else
message("550 5.0.0 Permanent error");
}
}
else
{
#endif /* _FFR_PROXY */
/* issue success message */
#if _FFR_MSG_ACCEPT
if (MessageAccept != NULL && *MessageAccept != '\0')
{
char msg[MAXLINE];
expand(MessageAccept, msg, sizeof(msg), e);
message("250 2.0.0 %s", msg);
}
else
#endif /* _FFR_MSG_ACCEPT */
message("250 2.0.0 %s Message accepted for delivery", id);
#if _FFR_PROXY
}
-#endif /* _FFR_PROXY */
+#endif
CurEnv->e_id = oldid;
/* if we just queued, poke it */
if (doublequeue)
{
bool anything_to_send = false;
sm_getla();
for (ee = e; ee != NULL; ee = ee->e_sibling)
{
if (WILL_BE_QUEUED(ee->e_sendmode))
continue;
if (shouldqueue(ee->e_msgpriority, ee->e_ctime))
{
ee->e_sendmode = SM_QUEUE;
continue;
}
else if (QueueMode != QM_QUARANTINE &&
ee->e_quarmsg != NULL)
{
ee->e_sendmode = SM_QUEUE;
continue;
}
anything_to_send = true;
/* close all the queue files */
closexscript(ee);
if (ee->e_dfp != NULL)
{
(void) sm_io_close(ee->e_dfp, SM_TIME_DEFAULT);
ee->e_dfp = NULL;
}
unlockqueue(ee);
}
if (anything_to_send)
{
#if PIPELINING
/*
** XXX if we don't do this, we get 250 twice
** because it is also flushed in the child.
*/
(void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
#endif /* PIPELINING */
(void) doworklist(e, true, true);
}
}
abortmessage:
if (tTd(92, 2))
sm_dprintf("abortmessage: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
logsender(e, NULL);
e->e_flags &= ~EF_LOGSENDER;
/* clean up a bit */
smtp->sm_gotmail = false;
/*
** Call dropenvelope if and only if the envelope is *not*
** being processed by the child process forked by doworklist().
*/
if (aborting || bitset(EF_DISCARD, e->e_flags))
(void) dropenvelope(e, true, false);
else
{
for (ee = e; ee != NULL; ee = ee->e_sibling)
{
if (!doublequeue &&
QueueMode != QM_QUARANTINE &&
ee->e_quarmsg != NULL)
{
(void) dropenvelope(ee, true, false);
continue;
}
if (WILL_BE_QUEUED(ee->e_sendmode))
(void) dropenvelope(ee, true, false);
}
}
CurEnv = e;
features = e->e_features;
sm_rpool_free(e->e_rpool);
newenvelope(e, e, sm_rpool_new_x(NULL));
e->e_flags = BlankEnvelope.e_flags;
e->e_features = features;
/* restore connection quarantining */
if (smtp->sm_quarmsg == NULL)
{
e->e_quarmsg = NULL;
macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
}
else
{
e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, smtp->sm_quarmsg);
macdefine(&e->e_macro, A_PERM,
macid("{quarantine}"), e->e_quarmsg);
}
return rv;
}
/*
** LOGUNDELRCPTS -- log undelivered (or all) recipients.
**
** Parameters:
** e -- envelope.
** msg -- message for Stat=
** level -- log level.
** all -- log all recipients.
**
** Returns:
** none.
**
** Side Effects:
** logs undelivered (or all) recipients
*/
void
logundelrcpts(e, msg, level, all)
ENVELOPE *e;
char *msg;
int level;
bool all;
{
ADDRESS *a;
if (LogLevel <= level || msg == NULL || *msg == '\0')
return;
/* Clear $h so relay= doesn't get mislogged by logdelivery() */
macdefine(&e->e_macro, A_PERM, 'h', NULL);
/* Log who the mail would have gone to */
for (a = e->e_sendqueue; a != NULL; a = a->q_next)
{
if (!QS_IS_UNDELIVERED(a->q_state) && !all)
continue;
e->e_to = a->q_paddr;
logdelivery(NULL, NULL,
#if _FFR_MILTER_ENHSC
(a->q_status == NULL && e->e_enhsc[0] != '\0')
? e->e_enhsc :
-#endif /* _FFR_MILTER_ENHSC */
+#endif
a->q_status,
msg, NULL, (time_t) 0, e, a, EX_OK /* ??? */);
}
e->e_to = NULL;
}
/*
** CHECKSMTPATTACK -- check for denial-of-service attack by repetition
**
** Parameters:
** pcounter -- pointer to a counter for this command.
** maxcount -- maximum value for this counter before we
** slow down.
** waitnow -- sleep now (in this routine)?
** cname -- command name for logging.
** e -- the current envelope.
**
** Returns:
** time to wait,
** STOP_ATTACK if twice as many commands as allowed and
** MaxChildren > 0.
**
** Side Effects:
** Slows down if we seem to be under attack.
*/
static time_t
checksmtpattack(pcounter, maxcount, waitnow, cname, e)
volatile unsigned int *pcounter;
unsigned int maxcount;
bool waitnow;
char *cname;
ENVELOPE *e;
{
if (maxcount <= 0) /* no limit */
return (time_t) 0;
if (++(*pcounter) >= maxcount)
{
unsigned int shift;
time_t s;
if (*pcounter == maxcount && LogLevel > 5)
{
sm_syslog(LOG_INFO, e->e_id,
"%s: possible SMTP attack: command=%.40s, count=%u",
CurSmtpClient, cname, *pcounter);
}
shift = *pcounter - maxcount;
s = 1 << shift;
if (shift > MAXSHIFT || s >= MAXTIMEOUT || s <= 0)
s = MAXTIMEOUT;
#define IS_ATTACK(s) ((MaxChildren > 0 && *pcounter >= maxcount * 2) \
? STOP_ATTACK : (time_t) s)
/* sleep at least 1 second before returning */
(void) sleep(*pcounter / maxcount);
s -= *pcounter / maxcount;
if (s >= MAXTIMEOUT || s < 0)
s = MAXTIMEOUT;
if (waitnow && s > 0)
{
(void) sleep(s);
return IS_ATTACK(0);
}
return IS_ATTACK(s);
}
return (time_t) 0;
}
/*
** SETUP_SMTPD_IO -- setup I/O fd correctly for the SMTP server
**
** Parameters:
** none.
**
** Returns:
** nothing.
**
** Side Effects:
** may change I/O fd.
*/
static void
setup_smtpd_io()
{
int inchfd, outchfd, outfd;
inchfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
outchfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL);
outfd = sm_io_getinfo(smioout, SM_IO_WHAT_FD, NULL);
if (outchfd != outfd)
{
/* arrange for debugging output to go to remote host */
(void) dup2(outchfd, outfd);
}
/*
** if InChannel and OutChannel are stdin/stdout
** and connected to ttys
** and fcntl(STDIN, F_SETFL, O_NONBLOCKING) also changes STDOUT,
** then "chain" them together.
*/
if (inchfd == STDIN_FILENO && outchfd == STDOUT_FILENO &&
isatty(inchfd) && isatty(outchfd))
{
int inmode, outmode;
inmode = fcntl(inchfd, F_GETFL, 0);
if (inmode == -1)
{
if (LogLevel > 11)
sm_syslog(LOG_INFO, NOQID,
"fcntl(inchfd, F_GETFL) failed: %s",
sm_errstring(errno));
return;
}
outmode = fcntl(outchfd, F_GETFL, 0);
if (outmode == -1)
{
if (LogLevel > 11)
sm_syslog(LOG_INFO, NOQID,
"fcntl(outchfd, F_GETFL) failed: %s",
sm_errstring(errno));
return;
}
if (bitset(O_NONBLOCK, inmode) ||
bitset(O_NONBLOCK, outmode) ||
fcntl(inchfd, F_SETFL, inmode | O_NONBLOCK) == -1)
return;
outmode = fcntl(outchfd, F_GETFL, 0);
if (outmode != -1 && bitset(O_NONBLOCK, outmode))
{
/* changing InChannel also changes OutChannel */
sm_io_automode(OutChannel, InChannel);
if (tTd(97, 4) && LogLevel > 9)
sm_syslog(LOG_INFO, NOQID,
"set automode for I (%d)/O (%d) in SMTP server",
inchfd, outchfd);
}
/* undo change of inchfd */
(void) fcntl(inchfd, F_SETFL, inmode);
}
}
/*
** SKIPWORD -- skip a fixed word.
**
** Parameters:
** p -- place to start looking.
** w -- word to skip.
**
** Returns:
** p following w.
** NULL on error.
**
** Side Effects:
** clobbers the p data area.
*/
static char *
skipword(p, w)
register char *volatile p;
char *w;
{
register char *q;
char *firstp = p;
/* find beginning of word */
SKIP_SPACE(p);
q = p;
/* find end of word */
- while (*p != '\0' && *p != ':' && !(isascii(*p) && isspace(*p)))
+ while (*p != '\0' && *p != ':' && !(SM_ISSPACE(*p)))
p++;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
*p++ = '\0';
if (*p != ':')
{
syntax:
usrerr("501 5.5.2 Syntax error in parameters scanning \"%s\"",
shortenstring(firstp, MAXSHORTSTR));
return NULL;
}
*p++ = '\0';
SKIP_SPACE(p);
if (*p == '\0')
goto syntax;
/* see if the input word matches desired word */
if (sm_strcasecmp(q, w))
goto syntax;
return p;
}
/*
** RESET_MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
**
** Parameters:
** e -- the envelope.
**
** Returns:
** none.
*/
void
reset_mail_esmtp_args(e)
ENVELOPE *e;
{
/* "size": no reset */
/* "body" */
SevenBitInput = SevenBitInput_Saved;
e->e_bodytype = NULL;
/* "envid" */
e->e_envid = NULL;
macdefine(&e->e_macro, A_PERM, macid("{dsn_envid}"), NULL);
/* "ret" */
e->e_flags &= ~(EF_RET_PARAM|EF_NO_BODY_RETN);
macdefine(&e->e_macro, A_TEMP, macid("{dsn_ret}"), NULL);
#if SASL
/* "auth" */
macdefine(&e->e_macro, A_TEMP, macid("{auth_author}"), NULL);
e->e_auth_param = "";
# if _FFR_AUTH_PASSING
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{auth_author}"), NULL);
-# endif /* _FFR_AUTH_PASSING */
+# endif
#endif /* SASL */
/* "by" */
e->e_deliver_by = 0;
e->e_dlvr_flag = 0;
}
/*
** MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
**
** Parameters:
** a -- address (unused, for compatibility with rcpt_esmtp_args)
** kp -- the parameter key.
** vp -- the value of that parameter.
** e -- the envelope.
**
** Returns:
** none.
*/
void
mail_esmtp_args(a, kp, vp, e)
ADDRESS *a;
char *kp;
char *vp;
ENVELOPE *e;
{
if (sm_strcasecmp(kp, "size") == 0)
{
if (vp == NULL)
{
usrerr("501 5.5.2 SIZE requires a value");
/* NOTREACHED */
}
macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), vp);
errno = 0;
e->e_msgsize = strtol(vp, (char **) NULL, 10);
if (e->e_msgsize == LONG_MAX && errno == ERANGE)
{
usrerr("552 5.2.3 Message size exceeds maximum value");
/* NOTREACHED */
}
if (e->e_msgsize < 0)
{
usrerr("552 5.2.3 Message size invalid");
/* NOTREACHED */
}
}
else if (sm_strcasecmp(kp, "body") == 0)
{
if (vp == NULL)
{
usrerr("501 5.5.2 BODY requires a value");
/* NOTREACHED */
}
else if (sm_strcasecmp(vp, "8bitmime") == 0)
{
SevenBitInput = false;
}
else if (sm_strcasecmp(vp, "7bit") == 0)
{
SevenBitInput = true;
}
else
{
usrerr("501 5.5.4 Unknown BODY type %s", vp);
/* NOTREACHED */
}
e->e_bodytype = sm_rpool_strdup_x(e->e_rpool, vp);
}
else if (sm_strcasecmp(kp, "envid") == 0)
{
if (!bitset(SRV_OFFER_DSN, e->e_features))
{
usrerr("504 5.7.0 Sorry, ENVID not supported, we do not allow DSN");
/* NOTREACHED */
}
if (vp == NULL)
{
usrerr("501 5.5.2 ENVID requires a value");
/* NOTREACHED */
}
if (!xtextok(vp))
{
usrerr("501 5.5.4 Syntax error in ENVID parameter value");
/* NOTREACHED */
}
if (e->e_envid != NULL)
{
usrerr("501 5.5.0 Duplicate ENVID parameter");
/* NOTREACHED */
}
e->e_envid = sm_rpool_strdup_x(e->e_rpool, vp);
macdefine(&e->e_macro, A_PERM,
macid("{dsn_envid}"), e->e_envid);
}
else if (sm_strcasecmp(kp, "ret") == 0)
{
if (!bitset(SRV_OFFER_DSN, e->e_features))
{
usrerr("504 5.7.0 Sorry, RET not supported, we do not allow DSN");
/* NOTREACHED */
}
if (vp == NULL)
{
usrerr("501 5.5.2 RET requires a value");
/* NOTREACHED */
}
if (bitset(EF_RET_PARAM, e->e_flags))
{
usrerr("501 5.5.0 Duplicate RET parameter");
/* NOTREACHED */
}
e->e_flags |= EF_RET_PARAM;
if (sm_strcasecmp(vp, "hdrs") == 0)
e->e_flags |= EF_NO_BODY_RETN;
else if (sm_strcasecmp(vp, "full") != 0)
{
usrerr("501 5.5.2 Bad argument \"%s\" to RET", vp);
/* NOTREACHED */
}
macdefine(&e->e_macro, A_TEMP, macid("{dsn_ret}"), vp);
}
#if SASL
else if (sm_strcasecmp(kp, "auth") == 0)
{
int len;
char *q;
char *auth_param; /* the value of the AUTH=x */
bool saveQuickAbort = QuickAbort;
bool saveSuprErrs = SuprErrs;
bool saveExitStat = ExitStat;
if (vp == NULL)
{
usrerr("501 5.5.2 AUTH= requires a value");
/* NOTREACHED */
}
if (e->e_auth_param != NULL)
{
usrerr("501 5.5.0 Duplicate AUTH parameter");
/* NOTREACHED */
}
if ((q = strchr(vp, ' ')) != NULL)
len = q - vp + 1;
else
len = strlen(vp) + 1;
auth_param = xalloc(len);
(void) sm_strlcpy(auth_param, vp, len);
if (!xtextok(auth_param))
{
usrerr("501 5.5.4 Syntax error in AUTH parameter value");
/* just a warning? */
/* NOTREACHED */
}
/* XXX define this always or only if trusted? */
macdefine(&e->e_macro, A_TEMP, macid("{auth_author}"),
auth_param);
/*
** call Strust_auth to find out whether
** auth_param is acceptable (trusted)
** we shouldn't trust it if not authenticated
** (required by RFC, leave it to ruleset?)
*/
SuprErrs = true;
QuickAbort = false;
if (strcmp(auth_param, "<>") != 0 &&
(rscheck("trust_auth", auth_param, NULL, e, RSF_RMCOMM, 9,
NULL, NOQID, NULL, NULL) != EX_OK || Errors > 0))
{
if (tTd(95, 8))
{
q = e->e_auth_param;
sm_dprintf("auth=\"%.100s\" not trusted user=\"%.100s\"\n",
auth_param, (q == NULL) ? "" : q);
}
/* not trusted */
e->e_auth_param = "<>";
# if _FFR_AUTH_PASSING
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{auth_author}"), NULL);
-# endif /* _FFR_AUTH_PASSING */
+# endif
}
else
{
if (tTd(95, 8))
sm_dprintf("auth=\"%.100s\" trusted\n", auth_param);
e->e_auth_param = sm_rpool_strdup_x(e->e_rpool,
auth_param);
}
sm_free(auth_param); /* XXX */
/* reset values */
Errors = 0;
QuickAbort = saveQuickAbort;
SuprErrs = saveSuprErrs;
ExitStat = saveExitStat;
}
#endif /* SASL */
#define PRTCHAR(c) ((isascii(c) && isprint(c)) ? (c) : '?')
/*
** "by" is only accepted if DeliverByMin >= 0.
** We maybe could add this to the list of server_features.
*/
else if (sm_strcasecmp(kp, "by") == 0 && DeliverByMin >= 0)
{
char *s;
if (vp == NULL)
{
usrerr("501 5.5.2 BY= requires a value");
/* NOTREACHED */
}
errno = 0;
e->e_deliver_by = strtol(vp, &s, 10);
if (e->e_deliver_by == LONG_MIN ||
e->e_deliver_by == LONG_MAX ||
e->e_deliver_by > 999999999l ||
e->e_deliver_by < -999999999l)
{
usrerr("501 5.5.2 BY=%s out of range", vp);
/* NOTREACHED */
}
if (s == NULL || *s != ';')
{
usrerr("501 5.5.2 BY= missing ';'");
/* NOTREACHED */
}
e->e_dlvr_flag = 0;
++s; /* XXX: spaces allowed? */
SKIP_SPACE(s);
switch (tolower(*s))
{
case 'n':
e->e_dlvr_flag = DLVR_NOTIFY;
break;
case 'r':
e->e_dlvr_flag = DLVR_RETURN;
if (e->e_deliver_by <= 0)
{
usrerr("501 5.5.4 mode R requires BY time > 0");
/* NOTREACHED */
}
if (DeliverByMin > 0 && e->e_deliver_by > 0 &&
e->e_deliver_by < DeliverByMin)
{
usrerr("555 5.5.2 time %ld less than %ld",
e->e_deliver_by, (long) DeliverByMin);
/* NOTREACHED */
}
break;
default:
usrerr("501 5.5.2 illegal by-mode '%c'", PRTCHAR(*s));
/* NOTREACHED */
}
++s; /* XXX: spaces allowed? */
SKIP_SPACE(s);
switch (tolower(*s))
{
case 't':
e->e_dlvr_flag |= DLVR_TRACE;
break;
case '\0':
break;
default:
usrerr("501 5.5.2 illegal by-trace '%c'", PRTCHAR(*s));
/* NOTREACHED */
}
/* XXX: check whether more characters follow? */
}
+#if _FFR_EAI
+ else if (sm_strcasecmp(kp, "smtputf8") == 0)
+ {
+ if (!bitset(SRV_OFFER_EAI, e->e_features))
+ {
+ usrerr("504 5.7.0 Sorry, SMTPUTF8 not supported/enabled");
+ /* NOTREACHED */
+ }
+ e->e_smtputf8 = true;
+ }
+#endif
else
{
usrerr("555 5.5.4 %s parameter unrecognized", kp);
/* NOTREACHED */
}
}
/*
** RCPT_ESMTP_ARGS -- process ESMTP arguments from RCPT line
**
** Parameters:
** a -- the address corresponding to the To: parameter.
** kp -- the parameter key.
** vp -- the value of that parameter.
** e -- the envelope.
**
** Returns:
** none.
*/
void
rcpt_esmtp_args(a, kp, vp, e)
ADDRESS *a;
char *kp;
char *vp;
ENVELOPE *e;
{
if (sm_strcasecmp(kp, "notify") == 0)
{
char *p;
if (!bitset(SRV_OFFER_DSN, e->e_features))
{
usrerr("504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN");
/* NOTREACHED */
}
if (vp == NULL)
{
usrerr("501 5.5.2 NOTIFY requires a value");
/* NOTREACHED */
}
a->q_flags &= ~(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY);
a->q_flags |= QHASNOTIFY;
macdefine(&e->e_macro, A_TEMP, macid("{dsn_notify}"), vp);
if (sm_strcasecmp(vp, "never") == 0)
return;
for (p = vp; p != NULL; vp = p)
{
char *s;
s = p = strchr(p, ',');
if (p != NULL)
*p++ = '\0';
if (sm_strcasecmp(vp, "success") == 0)
a->q_flags |= QPINGONSUCCESS;
else if (sm_strcasecmp(vp, "failure") == 0)
a->q_flags |= QPINGONFAILURE;
else if (sm_strcasecmp(vp, "delay") == 0)
a->q_flags |= QPINGONDELAY;
else
{
usrerr("501 5.5.4 Bad argument \"%s\" to NOTIFY",
vp);
/* NOTREACHED */
}
if (s != NULL)
*s = ',';
}
}
else if (sm_strcasecmp(kp, "orcpt") == 0)
{
char *p;
if (!bitset(SRV_OFFER_DSN, e->e_features))
{
usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN");
/* NOTREACHED */
}
if (vp == NULL)
{
usrerr("501 5.5.2 ORCPT requires a value");
/* NOTREACHED */
}
if (a->q_orcpt != NULL)
{
usrerr("501 5.5.0 Duplicate ORCPT parameter");
/* NOTREACHED */
}
p = strchr(vp, ';');
if (p == NULL)
{
usrerr("501 5.5.4 Syntax error in ORCPT parameter value");
/* NOTREACHED */
}
*p = '\0';
if (!isatom(vp) || !xtextok(p + 1))
{
*p = ';';
usrerr("501 5.5.4 Syntax error in ORCPT parameter value");
/* NOTREACHED */
}
*p = ';';
a->q_orcpt = sm_rpool_strdup_x(e->e_rpool, vp);
}
else
{
usrerr("555 5.5.4 %s parameter unrecognized", kp);
/* NOTREACHED */
}
}
/*
** PRINTVRFYADDR -- print an entry in the verify queue
**
** Parameters:
** a -- the address to print.
** last -- set if this is the last one.
** vrfy -- set if this is a VRFY command.
**
** Returns:
** none.
**
** Side Effects:
** Prints the appropriate 250 codes.
*/
#define OFFF (3 + 1 + 5 + 1) /* offset in fmt: SMTP reply + enh. code */
static void
printvrfyaddr(a, last, vrfy)
register ADDRESS *a;
bool last;
bool vrfy;
{
char fmtbuf[30];
if (vrfy && a->q_mailer != NULL &&
!bitnset(M_VRFY250, a->q_mailer->m_flags))
(void) sm_strlcpy(fmtbuf, "252", sizeof(fmtbuf));
else
(void) sm_strlcpy(fmtbuf, "250", sizeof(fmtbuf));
fmtbuf[3] = last ? ' ' : '-';
(void) sm_strlcpy(&fmtbuf[4], "2.1.5 ", sizeof(fmtbuf) - 4);
if (a->q_fullname == NULL)
{
if ((a->q_mailer == NULL ||
a->q_mailer->m_addrtype == NULL ||
sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
strchr(a->q_user, '@') == NULL)
(void) sm_strlcpy(&fmtbuf[OFFF], "<%s@%s>",
sizeof(fmtbuf) - OFFF);
else
(void) sm_strlcpy(&fmtbuf[OFFF], "<%s>",
sizeof(fmtbuf) - OFFF);
message(fmtbuf, a->q_user, MyHostName);
}
else
{
if ((a->q_mailer == NULL ||
a->q_mailer->m_addrtype == NULL ||
sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
strchr(a->q_user, '@') == NULL)
(void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s@%s>",
sizeof(fmtbuf) - OFFF);
else
(void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s>",
sizeof(fmtbuf) - OFFF);
message(fmtbuf, a->q_fullname, a->q_user, MyHostName);
}
}
#if SASL
/*
** SASLMECHS -- get list of possible AUTH mechanisms
**
** Parameters:
** conn -- SASL connection info.
** mechlist -- output parameter for list of mechanisms.
**
** Returns:
** number of mechs.
*/
static int
saslmechs(conn, mechlist)
sasl_conn_t *conn;
char **mechlist;
{
int len, num, result;
/* "user" is currently unused */
# if SASL >= 20000
result = sasl_listmech(conn, NULL,
"", " ", "", (const char **) mechlist,
(unsigned int *)&len, &num);
# else /* SASL >= 20000 */
result = sasl_listmech(conn, "user", /* XXX */
"", " ", "", mechlist,
(unsigned int *)&len, (unsigned int *)&num);
# endif /* SASL >= 20000 */
if (result != SASL_OK)
{
if (LogLevel > 9)
sm_syslog(LOG_WARNING, NOQID,
"AUTH error: listmech=%d, num=%d",
result, num);
num = 0;
}
if (num > 0)
{
if (LogLevel > 11)
sm_syslog(LOG_INFO, NOQID,
"AUTH: available mech=%s, allowed mech=%s",
*mechlist, AuthMechanisms);
*mechlist = intersect(AuthMechanisms, *mechlist, NULL);
}
else
{
*mechlist = NULL; /* be paranoid... */
if (result == SASL_OK && LogLevel > 9)
sm_syslog(LOG_WARNING, NOQID,
"AUTH warning: no mechanisms");
}
return num;
}
# if SASL >= 20000
/*
** PROXY_POLICY -- define proxy policy for AUTH
**
** Parameters:
** conn -- unused.
** context -- unused.
** requested_user -- authorization identity.
** rlen -- authorization identity length.
** auth_identity -- authentication identity.
** alen -- authentication identity length.
** def_realm -- default user realm.
** urlen -- user realm length.
** propctx -- unused.
**
** Returns:
** ok?
**
** Side Effects:
** sets {auth_authen} macro.
*/
int
proxy_policy(conn, context, requested_user, rlen, auth_identity, alen,
def_realm, urlen, propctx)
sasl_conn_t *conn;
void *context;
const char *requested_user;
unsigned rlen;
const char *auth_identity;
unsigned alen;
const char *def_realm;
unsigned urlen;
struct propctx *propctx;
{
if (auth_identity == NULL)
return SASL_FAIL;
macdefine(&BlankEnvelope.e_macro, A_TEMP,
macid("{auth_authen}"),
xtextify((char *) auth_identity, "=<>\")"));
return SASL_OK;
}
# else /* SASL >= 20000 */
/*
** PROXY_POLICY -- define proxy policy for AUTH
**
** Parameters:
** context -- unused.
** auth_identity -- authentication identity.
** requested_user -- authorization identity.
** user -- allowed user (output).
** errstr -- possible error string (output).
**
** Returns:
** ok?
*/
int
proxy_policy(context, auth_identity, requested_user, user, errstr)
void *context;
const char *auth_identity;
const char *requested_user;
const char **user;
const char **errstr;
{
if (user == NULL || auth_identity == NULL)
return SASL_FAIL;
*user = newstr(auth_identity);
return SASL_OK;
}
# endif /* SASL >= 20000 */
#endif /* SASL */
#if STARTTLS
/*
** INITSRVTLS -- initialize server side TLS
**
** Parameters:
** tls_ok -- should tls initialization be done?
**
** Returns:
** succeeded?
**
** Side Effects:
** sets tls_ok_srv which is a static variable in this module.
** Do NOT remove assignments to it!
*/
bool
initsrvtls(tls_ok)
bool tls_ok;
{
if (!tls_ok)
return false;
/* do NOT remove assignment */
tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, Srv_SSL_Options, true,
SrvCertFile, SrvKeyFile,
CACertPath, CACertFile, DHParams);
return tls_ok_srv;
}
#endif /* STARTTLS */
/*
** SRVFEATURES -- get features for SMTP server
**
** Parameters:
** e -- envelope (should be session context).
** clientname -- name of client.
** features -- default features for this invocation.
**
** Returns:
** server features.
*/
/* table with options: it uses just one character, how about strings? */
static struct
{
char srvf_opt;
unsigned int srvf_flag;
} srv_feat_table[] =
{
{ 'A', SRV_OFFER_AUTH },
{ 'B', SRV_OFFER_VERB },
{ 'C', SRV_REQ_SEC },
{ 'D', SRV_OFFER_DSN },
{ 'E', SRV_OFFER_ETRN },
+#if _FFR_EAI
+ { 'I', SRV_OFFER_EAI },
+#endif
{ 'L', SRV_REQ_AUTH },
#if PIPELINING
# if _FFR_NO_PIPE
{ 'N', SRV_NO_PIPE },
-# endif /* _FFR_NO_PIPE */
+# endif
{ 'P', SRV_OFFER_PIPE },
#endif /* PIPELINING */
{ 'R', SRV_VRFY_CLT }, /* same as V; not documented */
{ 'S', SRV_OFFER_TLS },
/* { 'T', SRV_TMP_FAIL }, */
{ 'V', SRV_VRFY_CLT },
{ 'X', SRV_OFFER_EXPN },
/* { 'Y', SRV_OFFER_VRFY }, */
{ '\0', SRV_NONE }
};
static unsigned int
srvfeatures(e, clientname, features)
ENVELOPE *e;
char *clientname;
unsigned int features;
{
int r, i, j;
char **pvp, c, opt;
char pvpbuf[PSBUFSIZE];
pvp = NULL;
r = rscap("srv_features", clientname, "", e, &pvp, pvpbuf,
sizeof(pvpbuf));
if (r != EX_OK)
return features;
if (pvp == NULL || pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET)
return features;
if (pvp[1] != NULL && sm_strncasecmp(pvp[1], "temp", 4) == 0)
return SRV_TMP_FAIL;
/*
** General rule (see sendmail.h, d_flags):
** lower case: required/offered, upper case: Not required/available
**
** Since we can change some features per daemon, we have both
** cases here: turn on/off a feature.
*/
for (i = 1; pvp[i] != NULL; i++)
{
c = pvp[i][0];
j = 0;
for (;;)
{
if ((opt = srv_feat_table[j].srvf_opt) == '\0')
{
if (LogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"srvfeatures: unknown feature %s",
pvp[i]);
break;
}
if (c == opt)
{
features &= ~(srv_feat_table[j].srvf_flag);
break;
}
if (c == tolower(opt))
{
features |= srv_feat_table[j].srvf_flag;
break;
}
++j;
}
}
return features;
}
/*
** HELP -- implement the HELP command.
**
** Parameters:
** topic -- the topic we want help for.
** e -- envelope.
**
** Returns:
** none.
**
** Side Effects:
** outputs the help file to message output.
*/
#define HELPVSTR "#vers "
#define HELPVERSION 2
void
help(topic, e)
char *topic;
ENVELOPE *e;
{
register SM_FILE_T *hf;
register char *p;
int len;
bool noinfo;
bool first = true;
long sff = SFF_OPENASROOT|SFF_REGONLY;
char buf[MAXLINE];
char inp[MAXLINE];
static int foundvers = -1;
extern char Version[];
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
if (!bitnset(DBS_HELPFILEINUNSAFEDIRPATH, DontBlameSendmail))
sff |= SFF_SAFEDIRPATH;
if (HelpFile == NULL ||
(hf = safefopen(HelpFile, O_RDONLY, 0444, sff)) == NULL)
{
/* no help */
errno = 0;
message("502 5.3.0 Sendmail %s -- HELP not implemented",
Version);
return;
}
if (topic == NULL || *topic == '\0')
{
topic = "smtp";
noinfo = false;
}
else
{
makelower(topic);
noinfo = true;
}
len = strlen(topic);
while (sm_io_fgets(hf, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
{
if (buf[0] == '#')
{
if (foundvers < 0 &&
strncmp(buf, HELPVSTR, strlen(HELPVSTR)) == 0)
{
int h;
if (sm_io_sscanf(buf + strlen(HELPVSTR), "%d",
&h) == 1)
foundvers = h;
}
continue;
}
if (strncmp(buf, topic, len) == 0)
{
if (first)
{
first = false;
/* print version if no/old vers# in file */
if (foundvers < 2 && !noinfo)
message("214-2.0.0 This is Sendmail version %s", Version);
}
p = strpbrk(buf, " \t");
if (p == NULL)
p = buf + strlen(buf) - 1;
else
p++;
fixcrlf(p, true);
if (foundvers >= 2)
{
char *lbp;
int lbs = sizeof(buf) - (p - buf);
lbp = translate_dollars(p, p, &lbs);
expand(lbp, inp, sizeof(inp), e);
if (p != lbp)
sm_free(lbp);
p = inp;
}
message("214-2.0.0 %s", p);
noinfo = false;
}
}
if (noinfo)
message("504 5.3.0 HELP topic \"%.10s\" unknown", topic);
else
message("214 2.0.0 End of HELP info");
if (foundvers != 0 && foundvers < HELPVERSION)
{
if (LogLevel > 1)
sm_syslog(LOG_WARNING, e->e_id,
"%s too old (require version %d)",
HelpFile, HELPVERSION);
/* avoid log next time */
foundvers = 0;
}
(void) sm_io_close(hf, SM_TIME_DEFAULT);
}
#if SASL
/*
** RESET_SASLCONN -- reset SASL connection data
**
** Parameters:
** conn -- SASL connection context
** hostname -- host name
** various connection data
**
** Returns:
** SASL result
*/
static int
reset_saslconn(sasl_conn_t **conn, char *hostname,
# if SASL >= 20000
char *remoteip, char *localip,
char *auth_id, sasl_ssf_t * ext_ssf)
# else /* SASL >= 20000 */
struct sockaddr_in *saddr_r, struct sockaddr_in *saddr_l,
sasl_external_properties_t * ext_ssf)
# endif /* SASL >= 20000 */
{
int result;
sasl_dispose(conn);
# if SASL >= 20000
result = sasl_server_new("smtp", hostname, NULL, NULL, NULL,
NULL, 0, conn);
# elif SASL > 10505
/* use empty realm: only works in SASL > 1.5.5 */
result = sasl_server_new("smtp", hostname, "", NULL, 0, conn);
# else /* SASL >= 20000 */
/* use no realm -> realm is set to hostname by SASL lib */
result = sasl_server_new("smtp", hostname, NULL, NULL, 0,
conn);
# endif /* SASL >= 20000 */
if (result != SASL_OK)
return result;
# if SASL >= 20000
# if NETINET || NETINET6
if (remoteip != NULL && *remoteip != '\0')
result = sasl_setprop(*conn, SASL_IPREMOTEPORT, remoteip);
if (result != SASL_OK)
return result;
if (localip != NULL && *localip != '\0')
result = sasl_setprop(*conn, SASL_IPLOCALPORT, localip);
if (result != SASL_OK)
return result;
# endif /* NETINET || NETINET6 */
result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf);
if (result != SASL_OK)
return result;
result = sasl_setprop(*conn, SASL_AUTH_EXTERNAL, auth_id);
if (result != SASL_OK)
return result;
# else /* SASL >= 20000 */
# if NETINET
if (saddr_r != NULL)
result = sasl_setprop(*conn, SASL_IP_REMOTE, saddr_r);
if (result != SASL_OK)
return result;
if (saddr_l != NULL)
result = sasl_setprop(*conn, SASL_IP_LOCAL, saddr_l);
if (result != SASL_OK)
return result;
# endif /* NETINET */
result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf);
if (result != SASL_OK)
return result;
# endif /* SASL >= 20000 */
return SASL_OK;
}
+
+/*
+** GET_SASL_USER -- extract user part from SASL reply
+**
+** Parameters:
+** val -- sasl reply (may contain NUL)
+** len -- length of val
+** auth_type -- auth_type (can be NULL)
+** user -- output buffer for extract user
+** user_len -- length of output buffer (user)
+**
+** Returns:
+** none.
+**
+** Note: val is supplied by the client and hence may contain "bad"
+** (non-printable) characters, but the returned value (user)
+** is only used for logging which converts those characters.
+*/
+
+static void
+get_sasl_user(val, len, auth_type, user, user_len)
+ char *val;
+ unsigned int len;
+ const char *auth_type;
+ char *user;
+ size_t user_len;
+{
+ unsigned int u;
+
+ SM_ASSERT(val != NULL);
+ SM_ASSERT(user != NULL);
+ SM_ASSERT(user_len > 0);
+
+ *user = '\0';
+ if (NULL == auth_type || '\0' == *auth_type)
+ return;
+ if (0 == len)
+ return;
+
+# define DIGMD5U "username=\""
+# define DIGMD5U_L (sizeof(DIGMD5U) - 1)
+ if (sm_strcasecmp(auth_type, "digest-md5") == 0 &&
+ strncmp(val, DIGMD5U, DIGMD5U_L) == 0)
+ {
+ char *s;
+
+ val += DIGMD5U_L;
+ if (len <= DIGMD5U_L)
+ return;
+ len -= DIGMD5U_L;
+
+ /* format? could there be a quoted '"'? */
+ for (s = val, u = 0; *s != '\0' && u < len; s++)
+ {
+ if ('"' == *s)
+ {
+ *s = '\0';
+ break;
+ }
+ if ('\\' == *s)
+ {
+ ++s;
+ if ('\0' == *s)
+ break;
+ }
+ }
+ }
+ else if (sm_strcasecmp(auth_type, "cram-md5") == 0)
+ {
+ char *s;
+
+ for (s = val, u = 0; *s != '\0' && u < len; s++)
+ {
+ if (' ' == *s)
+ {
+ *s = '\0';
+ break;
+ }
+ }
+ }
+
+ else if (sm_strcasecmp(auth_type, "plain") == 0 ||
+ sm_strcasecmp(auth_type, "login") == 0)
+ {
+ /*
+ ** RFC 4616: The PLAIN Simple Authentication and
+ ** Security Layer (SASL) Mechanism
+ ** message = [authzid] UTF8NUL authcid UTF8NUL passwd
+ ** each part: 1*SAFE ; MUST accept up to 255 octets
+ ** UTF8NUL = %x00 ; UTF-8 encoded NUL character
+ **
+ ** draft-murchison-sasl-login: it's just username by its own
+ */
+
+ for (u = 0; u < len; u++)
+ {
+ if (val[u] == '\0')
+ {
+ val[u] = '/';
+ (void) sm_strlcpy(user,
+ val + ((0 == u) ? 1 : 0),
+ user_len);
+ return;
+ }
+ }
+ }
+ else
+ {
+ /*
+ ** Extracting the "user" from other mechanisms
+ ** is currently not supported.
+ */
+
+ return;
+ }
+
+ /*
+ ** Does the input buffer has an NUL in it so it can be treated
+ ** as a C string?
+ */
+
+ /* SM_ASSERT(len > 0); see above */
+ u = len - 1;
+ if (val[u] != '\0')
+ {
+ for (u = 0; u < len; u++)
+ {
+ if (val[u] == '\0')
+ break;
+ }
+ }
+ if (val[u] != '\0')
+ user_len = SM_MIN(len, user_len);
+
+ (void) sm_strlcpy(user, val, user_len);
+}
#endif /* SASL */
diff --git a/src/stab.c b/src/stab.c
index bf8651113b73..6835662ae855 100644
--- a/src/stab.c
+++ b/src/stab.c
@@ -1,471 +1,490 @@
/*
* Copyright (c) 1998-2001, 2003 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: stab.c,v 8.92 2013-11-22 20:51:56 ca Exp $")
+#if DANE
+# include <tls.h>
+#endif
+
/*
** STAB -- manage the symbol table
**
** Parameters:
** name -- the name to be looked up or inserted.
** type -- the type of symbol.
** op -- what to do:
** ST_ENTER -- enter the name if not already present.
** ST_FIND -- find it only.
**
** Returns:
** pointer to a STAB entry for this name.
** NULL if not found and not entered.
**
** Side Effects:
** can update the symbol table.
*/
#define STABSIZE 2003
#define SM_LOWER(c) ((isascii(c) && isupper(c)) ? tolower(c) : (c))
static STAB *SymTab[STABSIZE];
STAB *
stab(name, type, op)
char *name;
int type;
int op;
{
register STAB *s;
register STAB **ps;
register int hfunc;
register char *p;
int len;
if (tTd(36, 5))
sm_dprintf("STAB: %s %d ", name, type);
/*
** Compute the hashing function
*/
hfunc = type;
for (p = name; *p != '\0'; p++)
hfunc = ((hfunc << 1) ^ (SM_LOWER(*p) & 0377)) % STABSIZE;
if (tTd(36, 9))
sm_dprintf("(hfunc=%d) ", hfunc);
ps = &SymTab[hfunc];
if (type == ST_MACRO || type == ST_RULESET || type == ST_NAMECANON)
{
while ((s = *ps) != NULL &&
(s->s_symtype != type || strcmp(name, s->s_name)))
ps = &s->s_next;
}
else
{
while ((s = *ps) != NULL &&
(s->s_symtype != type || sm_strcasecmp(name, s->s_name)))
ps = &s->s_next;
}
/*
** Dispose of the entry.
*/
if (s != NULL || op == ST_FIND)
{
if (tTd(36, 5))
{
if (s == NULL)
sm_dprintf("not found\n");
else
{
long *lp = (long *) s->s_class;
sm_dprintf("type %d val %lx %lx %lx %lx\n",
s->s_symtype, lp[0], lp[1], lp[2], lp[3]);
}
}
return s;
}
/*
** Make a new entry and link it in.
*/
if (tTd(36, 5))
sm_dprintf("entered\n");
/* determine size of new entry */
switch (type)
{
case ST_CLASS:
len = sizeof(s->s_class);
break;
case ST_MAILER:
len = sizeof(s->s_mailer);
break;
case ST_ALIAS:
len = sizeof(s->s_alias);
break;
case ST_MAPCLASS:
len = sizeof(s->s_mapclass);
break;
case ST_MAP:
len = sizeof(s->s_map);
break;
case ST_HOSTSIG:
len = sizeof(s->s_hostsig);
break;
case ST_NAMECANON:
len = sizeof(s->s_namecanon);
break;
case ST_MACRO:
len = sizeof(s->s_macro);
break;
case ST_RULESET:
len = sizeof(s->s_ruleset);
break;
case ST_HEADER:
len = sizeof(s->s_header);
break;
case ST_SERVICE:
len = sizeof(s->s_service);
break;
#if LDAPMAP
case ST_LMAP:
len = sizeof(s->s_lmap);
break;
-#endif /* LDAPMAP */
+#endif
#if MILTER
case ST_MILTER:
len = sizeof(s->s_milter);
break;
-#endif /* MILTER */
+#endif
case ST_QUEUE:
len = sizeof(s->s_quegrp);
break;
#if SOCKETMAP
case ST_SOCKETMAP:
len = sizeof(s->s_socketmap);
break;
-#endif /* SOCKETMAP */
+#endif
+
+#if DANE
+ case ST_TLSA_RR:
+ len = sizeof(s->s_tlsa);
+ break;
+#endif
default:
/*
** Each mailer has its own MCI stab entry:
**
** s = stab(host, ST_MCI + m->m_mno, ST_ENTER);
**
** Therefore, anything ST_MCI or larger is an s_mci.
*/
if (type >= ST_MCI)
len = sizeof(s->s_mci);
else
{
syserr("stab: unknown symbol type %d", type);
len = sizeof(s->s_value);
}
break;
}
len += sizeof(*s) - sizeof(s->s_value);
if (tTd(36, 15))
sm_dprintf("size of stab entry: %d\n", len);
/* make new entry */
s = (STAB *) sm_pmalloc_x(len);
memset((char *) s, '\0', len);
s->s_name = sm_pstrdup_x(name);
s->s_symtype = type;
/* link it in */
*ps = s;
/* set a default value for rulesets */
if (type == ST_RULESET)
s->s_ruleset = -1;
return s;
}
/*
** STABAPPLY -- apply function to all stab entries
**
** Parameters:
** func -- the function to apply. It will be given two
** parameters (the stab entry and the arg).
** arg -- an arbitrary argument, passed to func.
**
** Returns:
** none.
*/
void
stabapply(func, arg)
void (*func)__P((STAB *, int));
int arg;
{
register STAB **shead;
register STAB *s;
for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++)
{
for (s = *shead; s != NULL; s = s->s_next)
{
if (tTd(36, 90))
sm_dprintf("stabapply: trying %d/%s\n",
s->s_symtype, s->s_name);
func(s, arg);
}
}
}
/*
** QUEUEUP_MACROS -- queueup the macros in a class
**
** Write the macros listed in the specified class into the
** file referenced by qfp.
**
** Parameters:
** class -- class ID.
** qfp -- file pointer to the queue file.
** e -- the envelope.
**
** Returns:
** none.
*/
void
queueup_macros(class, qfp, e)
int class;
SM_FILE_T *qfp;
ENVELOPE *e;
{
register STAB **shead;
register STAB *s;
if (e == NULL)
return;
class = bitidx(class);
for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++)
{
for (s = *shead; s != NULL; s = s->s_next)
{
int m;
char *p;
if (s->s_symtype == ST_CLASS &&
bitnset(bitidx(class), s->s_class) &&
(m = macid(s->s_name)) != 0 &&
(p = macvalue(m, e)) != NULL)
{
(void) sm_io_fprintf(qfp, SM_TIME_DEFAULT,
"$%s%s\n",
s->s_name,
denlstring(p, true,
false));
}
}
}
}
/*
** COPY_CLASS -- copy class members from one class to another
**
** Parameters:
** src -- source class.
** dst -- destination class.
**
** Returns:
** none.
*/
void
copy_class(src, dst)
int src;
int dst;
{
register STAB **shead;
register STAB *s;
src = bitidx(src);
dst = bitidx(dst);
for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++)
{
for (s = *shead; s != NULL; s = s->s_next)
{
if (s->s_symtype == ST_CLASS &&
bitnset(src, s->s_class))
setbitn(dst, s->s_class);
}
}
}
/*
** RMEXPSTAB -- remove expired entries from SymTab.
**
** These entries need to be removed in long-running processes,
** e.g., persistent queue runners, to avoid consuming memory.
**
** XXX It might be useful to restrict the maximum TTL to avoid
** caching data very long.
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** can remove entries from the symbol table.
*/
#define SM_STAB_FREE(x) \
do \
{ \
char *o = (x); \
(x) = NULL; \
if (o != NULL) \
sm_free(o); \
} while (0)
void
rmexpstab()
{
int i;
STAB *s, *p, *f;
time_t now;
now = curtime();
for (i = 0; i < STABSIZE; i++)
{
p = NULL;
s = SymTab[i];
while (s != NULL)
{
switch (s->s_symtype)
{
case ST_HOSTSIG:
if (s->s_hostsig.hs_exp >= now)
goto next; /* not expired */
SM_STAB_FREE(s->s_hostsig.hs_sig); /* XXX */
break;
case ST_NAMECANON:
if (s->s_namecanon.nc_exp >= now)
goto next; /* not expired */
SM_STAB_FREE(s->s_namecanon.nc_cname); /* XXX */
break;
+#if DANE
+ case ST_TLSA_RR:
+ if (s->s_tlsa->dane_tlsa_exp >= now)
+ goto next; /* not expired */
+ (void) dane_tlsa_free(s->s_tlsa);
+ s->s_tlsa = NULL;
+ break;
+#endif /* DANE */
+
default:
if (s->s_symtype >= ST_MCI)
{
/* call mci_uncache? */
SM_STAB_FREE(s->s_mci.mci_status);
SM_STAB_FREE(s->s_mci.mci_rstatus);
SM_STAB_FREE(s->s_mci.mci_heloname);
#if 0
/* not dynamically allocated */
SM_STAB_FREE(s->s_mci.mci_host);
SM_STAB_FREE(s->s_mci.mci_tolist);
#endif /* 0 */
#if SASL
/* should always by NULL */
SM_STAB_FREE(s->s_mci.mci_sasl_string);
-#endif /* SASL */
+#endif
if (s->s_mci.mci_rpool != NULL)
{
sm_rpool_free(s->s_mci.mci_rpool);
s->s_mci.mci_macro.mac_rpool = NULL;
s->s_mci.mci_rpool = NULL;
}
break;
}
next:
p = s;
s = s->s_next;
continue;
}
/* remove entry */
SM_STAB_FREE(s->s_name); /* XXX */
f = s;
s = s->s_next;
sm_free(f); /* XXX */
if (p == NULL)
SymTab[i] = s;
else
p->s_next = s;
}
}
}
#if SM_HEAP_CHECK
/*
** DUMPSTAB -- dump symbol table.
**
** For debugging.
*/
#define MAXSTTYPES (ST_MCI + 1)
void
dumpstab()
{
int i, t, total, types[MAXSTTYPES];
STAB *s;
static int prevt[MAXSTTYPES], prev = 0;
total = 0;
for (i = 0; i < MAXSTTYPES; i++)
types[i] = 0;
for (i = 0; i < STABSIZE; i++)
{
s = SymTab[i];
while (s != NULL)
{
++total;
t = s->s_symtype;
if (t > MAXSTTYPES - 1)
t = MAXSTTYPES - 1;
types[t]++;
s = s->s_next;
}
}
sm_syslog(LOG_INFO, NOQID, "stab: total=%d (%d)", total, total - prev);
prev = total;
for (i = 0; i < MAXSTTYPES; i++)
{
if (types[i] != 0)
{
sm_syslog(LOG_INFO, NOQID, "stab: type[%2d]=%2d (%d)",
i, types[i], types[i] - prevt[i]);
}
prevt[i] = types[i];
}
}
#endif /* SM_HEAP_CHECK */
diff --git a/src/timers.c b/src/timers.c
index 9ceb3a714f7b..5c7e2c7c71ab 100644
--- a/src/timers.c
+++ b/src/timers.c
@@ -1,231 +1,231 @@
/*
* Copyright (c) 1999-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* Contributed by Exactis.com, Inc.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: timers.c,v 8.27 2013-11-22 20:51:57 ca Exp $")
#if _FFR_TIMERS
# include <sys/types.h>
# include <sm/time.h>
# include "sendmail.h"
# include <sys/resource.h> /* Must be after sendmail.h for NCR MP-RAS */
static TIMER BaseTimer; /* current baseline */
static int NTimers; /* current pointer into stack */
static TIMER *TimerStack[MAXTIMERSTACK];
static void
# ifdef __STDC__
warntimer(const char *msg, ...)
# else /* __STDC__ */
warntimer(msg, va_alist)
const char *msg;
va_dcl
# endif /* __STDC__ */
{
char buf[MAXLINE];
SM_VA_LOCAL_DECL
# if 0
if (!tTd(98, 30))
return;
-# endif /* 0 */
+# endif
SM_VA_START(ap, msg);
(void) sm_vsnprintf(buf, sizeof(buf), msg, ap);
SM_VA_END(ap);
sm_syslog(LOG_NOTICE, CurEnv->e_id, "%s; e_timers=0x%lx",
buf, (unsigned long) &CurEnv->e_timers);
}
static void
zerotimer(ptimer)
TIMER *ptimer;
{
memset(ptimer, '\0', sizeof(*ptimer));
}
static void
addtimer(ta, tb)
TIMER *ta;
TIMER *tb;
{
tb->ti_wall_sec += ta->ti_wall_sec;
tb->ti_wall_usec += ta->ti_wall_usec;
if (tb->ti_wall_usec > 1000000)
{
tb->ti_wall_sec++;
tb->ti_wall_usec -= 1000000;
}
tb->ti_cpu_sec += ta->ti_cpu_sec;
tb->ti_cpu_usec += ta->ti_cpu_usec;
if (tb->ti_cpu_usec > 1000000)
{
tb->ti_cpu_sec++;
tb->ti_cpu_usec -= 1000000;
}
}
static void
subtimer(ta, tb)
TIMER *ta;
TIMER *tb;
{
tb->ti_wall_sec -= ta->ti_wall_sec;
tb->ti_wall_usec -= ta->ti_wall_usec;
if (tb->ti_wall_usec < 0)
{
tb->ti_wall_sec--;
tb->ti_wall_usec += 1000000;
}
tb->ti_cpu_sec -= ta->ti_cpu_sec;
tb->ti_cpu_usec -= ta->ti_cpu_usec;
if (tb->ti_cpu_usec < 0)
{
tb->ti_cpu_sec--;
tb->ti_cpu_usec += 1000000;
}
}
static int
getcurtimer(ptimer)
TIMER *ptimer;
{
struct rusage ru;
struct timeval now;
if (getrusage(RUSAGE_SELF, &ru) < 0 || gettimeofday(&now, NULL) < 0)
return -1;
ptimer->ti_wall_sec = now.tv_sec;
ptimer->ti_wall_usec = now.tv_usec;
ptimer->ti_cpu_sec = ru.ru_utime.tv_sec + ru.ru_stime.tv_sec;
ptimer->ti_cpu_usec = ru.ru_utime.tv_usec + ru.ru_stime.tv_usec;
if (ptimer->ti_cpu_usec > 1000000)
{
ptimer->ti_cpu_sec++;
ptimer->ti_cpu_usec -= 1000000;
}
return 0;
}
static void
getinctimer(ptimer)
TIMER *ptimer;
{
TIMER cur;
if (getcurtimer(&cur) < 0)
{
zerotimer(ptimer);
return;
}
if (BaseTimer.ti_wall_sec == 0)
{
/* first call */
memset(ptimer, '\0', sizeof(*ptimer));
}
else
{
*ptimer = cur;
subtimer(&BaseTimer, ptimer);
}
BaseTimer = cur;
}
void
flushtimers()
{
NTimers = 0;
(void) getcurtimer(&BaseTimer);
}
void
pushtimer(ptimer)
TIMER *ptimer;
{
int i;
int save_errno = errno;
TIMER incr;
/* find how much time has changed since last call */
getinctimer(&incr);
/* add that into the old timers */
i = NTimers;
if (i > MAXTIMERSTACK)
i = MAXTIMERSTACK;
while (--i >= 0)
{
addtimer(&incr, TimerStack[i]);
if (TimerStack[i] == ptimer)
{
warntimer("Timer@0x%lx already on stack, index=%d, NTimers=%d",
(unsigned long) ptimer, i, NTimers);
errno = save_errno;
return;
}
}
errno = save_errno;
/* handle stack overflow */
if (NTimers >= MAXTIMERSTACK)
return;
/* now add the timer to the stack */
TimerStack[NTimers++] = ptimer;
}
void
poptimer(ptimer)
TIMER *ptimer;
{
int i;
int save_errno = errno;
TIMER incr;
/* find how much time has changed since last call */
getinctimer(&incr);
/* add that into the old timers */
i = NTimers;
if (i > MAXTIMERSTACK)
i = MAXTIMERSTACK;
while (--i >= 0)
addtimer(&incr, TimerStack[i]);
/* pop back to this timer */
for (i = 0; i < NTimers; i++)
{
if (TimerStack[i] == ptimer)
break;
}
if (i != NTimers - 1)
warntimer("poptimer: odd pop (timer=0x%lx, index=%d, NTimers=%d)",
(unsigned long) ptimer, i, NTimers);
NTimers = i;
/* clean up and return */
errno = save_errno;
}
char *
strtimer(ptimer)
TIMER *ptimer;
{
static char buf[40];
(void) sm_snprintf(buf, sizeof(buf), "%ld.%06ldr/%ld.%06ldc",
ptimer->ti_wall_sec, ptimer->ti_wall_usec,
ptimer->ti_cpu_sec, ptimer->ti_cpu_usec);
return buf;
}
#endif /* _FFR_TIMERS */
diff --git a/src/tls.c b/src/tls.c
index 6b0ea25da255..696d32fbb6df 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1,1983 +1,2658 @@
/*
- * Copyright (c) 2000-2006, 2008, 2009, 2011, 2013 Proofpoint, Inc. and its suppliers.
+ * Copyright (c) 2000-2006, 2008, 2009, 2011, 2013-2016 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11-27 02:51:11 gshapiro Exp $")
#if STARTTLS
+# include <tls.h>
# include <openssl/err.h>
# include <openssl/bio.h>
# include <openssl/pem.h>
# ifndef HASURANDOMDEV
# include <openssl/rand.h>
-# endif /* ! HASURANDOMDEV */
-# if !TLS_NO_RSA
+# endif
+# include <openssl/engine.h>
+# if _FFR_TLS_ALTNAMES
+# include <openssl/x509v3.h>
+# endif
+
+# if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x00907000L
+# ERROR: OpenSSL version OPENSSL_VERSION_NUMBER is unsupported.
+# endif
+
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x20000000L
+# define MTA_HAVE_DH_set0_pqg 1
+# define MTA_HAVE_DSA_GENERATE_EX 1
+
+# define MTA_HAVE_OPENSSL_init_ssl 1
+# define MTA_ASN1_STRING_data ASN1_STRING_get0_data
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# else
+# define X509_STORE_CTX_get0_cert(ctx) (ctx)->cert
+# define MTA_RSA_TMP_CB 1
+# define MTA_ASN1_STRING_data ASN1_STRING_data
+# endif
+
+# if !TLS_NO_RSA && MTA_RSA_TMP_CB
static RSA *rsa_tmp = NULL; /* temporary RSA key */
static RSA *tmp_rsa_key __P((SSL *, int, int));
-# endif /* !TLS_NO_RSA */
-# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L
-static int tls_verify_cb __P((X509_STORE_CTX *));
-# else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
+# endif
static int tls_verify_cb __P((X509_STORE_CTX *, void *));
-# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
static int x509_verify_cb __P((int, X509_STORE_CTX *));
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
-
-# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L
-# define CONST097
-# else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
-# define CONST097 const
-# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
-static void apps_ssl_info_cb __P((CONST097 SSL *, int , int));
+
+static void apps_ssl_info_cb __P((const SSL *, int , int));
static bool tls_ok_f __P((char *, char *, int));
static bool tls_safe_f __P((char *, long, bool));
static int tls_verify_log __P((int, X509_STORE_CTX *, const char *));
+int TLSsslidx = -1;
+
# if !NO_DH
+# include <openssl/dh.h>
static DH *get_dh512 __P((void));
static unsigned char dh512_p[] =
{
0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
0x47,0x74,0xE8,0x33
};
static unsigned char dh512_g[] =
{
0x02
};
static DH *
get_dh512()
{
DH *dh = NULL;
+# if MTA_HAVE_DH_set0_pqg
+ BIGNUM *dhp_bn, *dhg_bn;
+# endif
if ((dh = DH_new()) == NULL)
return NULL;
+# if MTA_HAVE_DH_set0_pqg
+ dhp_bn = BN_bin2bn(dh512_p, sizeof (dh512_p), NULL);
+ dhg_bn = BN_bin2bn(dh512_g, sizeof (dh512_g), NULL);
+ if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+ DH_free(dh);
+ BN_free(dhp_bn);
+ BN_free(dhg_bn);
+ return NULL;
+ }
+# else
dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL))
+ {
+ DH_free(dh);
return NULL;
+ }
+# endif
return dh;
}
# if 0
This is the data from which the C code has been generated:
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEArDcgcLpxEksQHPlolRKCUJ2szKRziseWV9cUSQNZGxoGw7KkROz4
HF9QSbg5axyNIG+QbZYtx0jp3l6/GWq1dLOj27yZkgYgaYgFrvKPiZ2jJ5xETQVH
UpZwbjRcyjyWkWYJVsx1aF4F/iY4kT0n/+iGEoimI3C9V3KXTJ2S6jIkyJ6M/CrN
EtrDynMlUMGlc7S1ouXVOTrtKeqy3S2L9eBLxVI+sChEijGIfELupdVeXihK006p
MgnABPDbkTx6OOtYmSZaGQX+OLW2FPmwvcrzgCz9t9cAsuUcBZv1LeHEqZZttyLU
oK0jjSXgFyeU4/NfyA+zuNeWzUL6bHmigwIBAg==
-----END DH PARAMETERS-----
# endif /* 0 */
static DH *
get_dh2048()
{
static unsigned char dh2048_p[]={
0xAC,0x37,0x20,0x70,0xBA,0x71,0x12,0x4B,0x10,0x1C,0xF9,0x68,
0x95,0x12,0x82,0x50,0x9D,0xAC,0xCC,0xA4,0x73,0x8A,0xC7,0x96,
0x57,0xD7,0x14,0x49,0x03,0x59,0x1B,0x1A,0x06,0xC3,0xB2,0xA4,
0x44,0xEC,0xF8,0x1C,0x5F,0x50,0x49,0xB8,0x39,0x6B,0x1C,0x8D,
0x20,0x6F,0x90,0x6D,0x96,0x2D,0xC7,0x48,0xE9,0xDE,0x5E,0xBF,
0x19,0x6A,0xB5,0x74,0xB3,0xA3,0xDB,0xBC,0x99,0x92,0x06,0x20,
0x69,0x88,0x05,0xAE,0xF2,0x8F,0x89,0x9D,0xA3,0x27,0x9C,0x44,
0x4D,0x05,0x47,0x52,0x96,0x70,0x6E,0x34,0x5C,0xCA,0x3C,0x96,
0x91,0x66,0x09,0x56,0xCC,0x75,0x68,0x5E,0x05,0xFE,0x26,0x38,
0x91,0x3D,0x27,0xFF,0xE8,0x86,0x12,0x88,0xA6,0x23,0x70,0xBD,
0x57,0x72,0x97,0x4C,0x9D,0x92,0xEA,0x32,0x24,0xC8,0x9E,0x8C,
0xFC,0x2A,0xCD,0x12,0xDA,0xC3,0xCA,0x73,0x25,0x50,0xC1,0xA5,
0x73,0xB4,0xB5,0xA2,0xE5,0xD5,0x39,0x3A,0xED,0x29,0xEA,0xB2,
0xDD,0x2D,0x8B,0xF5,0xE0,0x4B,0xC5,0x52,0x3E,0xB0,0x28,0x44,
0x8A,0x31,0x88,0x7C,0x42,0xEE,0xA5,0xD5,0x5E,0x5E,0x28,0x4A,
0xD3,0x4E,0xA9,0x32,0x09,0xC0,0x04,0xF0,0xDB,0x91,0x3C,0x7A,
0x38,0xEB,0x58,0x99,0x26,0x5A,0x19,0x05,0xFE,0x38,0xB5,0xB6,
0x14,0xF9,0xB0,0xBD,0xCA,0xF3,0x80,0x2C,0xFD,0xB7,0xD7,0x00,
0xB2,0xE5,0x1C,0x05,0x9B,0xF5,0x2D,0xE1,0xC4,0xA9,0x96,0x6D,
0xB7,0x22,0xD4,0xA0,0xAD,0x23,0x8D,0x25,0xE0,0x17,0x27,0x94,
0xE3,0xF3,0x5F,0xC8,0x0F,0xB3,0xB8,0xD7,0x96,0xCD,0x42,0xFA,
0x6C,0x79,0xA2,0x83,
};
static unsigned char dh2048_g[]={ 0x02, };
DH *dh;
+# if MTA_HAVE_DH_set0_pqg
+ BIGNUM *dhp_bn, *dhg_bn;
+# endif
if ((dh=DH_new()) == NULL)
return(NULL);
+# if MTA_HAVE_DH_set0_pqg
+ dhp_bn = BN_bin2bn(dh2048_p, sizeof (dh2048_p), NULL);
+ dhg_bn = BN_bin2bn(dh2048_g, sizeof (dh2048_g), NULL);
+ if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+ DH_free(dh);
+ BN_free(dhp_bn);
+ BN_free(dhg_bn);
+ return NULL;
+ }
+# else
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
if ((dh->p == NULL) || (dh->g == NULL))
{
DH_free(dh);
return(NULL);
}
+# endif
return(dh);
}
# endif /* !NO_DH */
/*
** TLS_RAND_INIT -- initialize STARTTLS random generator
**
** Parameters:
** randfile -- name of file with random data
** logl -- loglevel
**
** Returns:
** success/failure
**
** Side Effects:
** initializes PRNG for tls library.
*/
# define MIN_RAND_BYTES 128 /* 1024 bits */
# define RF_OK 0 /* randfile OK */
# define RF_MISS 1 /* randfile == NULL || *randfile == '\0' */
# define RF_UNKNOWN 2 /* unknown prefix for randfile */
# define RI_NONE 0 /* no init yet */
# define RI_SUCCESS 1 /* init was successful */
# define RI_FAIL 2 /* init failed */
static bool tls_rand_init __P((char *, int));
static bool
tls_rand_init(randfile, logl)
char *randfile;
int logl;
{
# ifndef HASURANDOMDEV
/* not required if /dev/urandom exists, OpenSSL does it internally */
bool ok;
int randdef;
static int done = RI_NONE;
/*
** initialize PRNG
*/
/* did we try this before? if yes: return old value */
if (done != RI_NONE)
return done == RI_SUCCESS;
/* set default values */
ok = false;
done = RI_FAIL;
randdef = (randfile == NULL || *randfile == '\0') ? RF_MISS : RF_OK;
-# if EGD
+# if EGD
if (randdef == RF_OK && sm_strncasecmp(randfile, "egd:", 4) == 0)
{
randfile += 4;
if (RAND_egd(randfile) < 0)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: RAND_egd(%s) failed: random number generator not seeded",
randfile);
}
else
ok = true;
}
else
-# endif /* EGD */
+# endif /* EGD */
if (randdef == RF_OK && sm_strncasecmp(randfile, "file:", 5) == 0)
{
int fd;
long sff;
struct stat st;
randfile += 5;
sff = SFF_SAFEDIRPATH | SFF_NOWLINK
| SFF_NOGWFILES | SFF_NOWWFILES
| SFF_NOGRFILES | SFF_NOWRFILES
| SFF_MUSTOWN | SFF_ROOTOK | SFF_OPENASROOT;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
if ((fd = safeopen(randfile, O_RDONLY, 0, sff)) >= 0)
{
if (fstat(fd, &st) < 0)
{
if (LogLevel > logl)
sm_syslog(LOG_ERR, NOQID,
"STARTTLS: can't fstat(%s)",
randfile);
}
else
{
bool use, problem;
use = true;
problem = false;
/* max. age of file: 10 minutes */
if (st.st_mtime + 600 < curtime())
{
use = bitnset(DBS_INSUFFICIENTENTROPY,
DontBlameSendmail);
problem = true;
if (LogLevel > logl)
sm_syslog(LOG_ERR, NOQID,
"STARTTLS: RandFile %s too old: %s",
randfile,
use ? "unsafe" :
"unusable");
}
if (use && st.st_size < MIN_RAND_BYTES)
{
use = bitnset(DBS_INSUFFICIENTENTROPY,
DontBlameSendmail);
problem = true;
if (LogLevel > logl)
sm_syslog(LOG_ERR, NOQID,
"STARTTLS: size(%s) < %d: %s",
randfile,
MIN_RAND_BYTES,
use ? "unsafe" :
"unusable");
}
if (use)
ok = RAND_load_file(randfile, -1) >=
MIN_RAND_BYTES;
if (use && !ok)
{
if (LogLevel > logl)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: RAND_load_file(%s) failed: random number generator not seeded",
randfile);
}
if (problem)
ok = false;
}
if (ok || bitnset(DBS_INSUFFICIENTENTROPY,
DontBlameSendmail))
{
/* add this even if fstat() failed */
RAND_seed((void *) &st, sizeof(st));
}
(void) close(fd);
}
else
{
if (LogLevel > logl)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: Warning: safeopen(%s) failed",
randfile);
}
}
else if (randdef == RF_OK)
{
if (LogLevel > logl)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: Error: no proper random file definition %s",
randfile);
randdef = RF_UNKNOWN;
}
if (randdef == RF_MISS)
{
if (LogLevel > logl)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: Error: missing random file definition");
}
if (!ok && bitnset(DBS_INSUFFICIENTENTROPY, DontBlameSendmail))
{
int i;
long r;
unsigned char buf[MIN_RAND_BYTES];
/* assert((MIN_RAND_BYTES % sizeof(long)) == 0); */
for (i = 0; i <= sizeof(buf) - sizeof(long); i += sizeof(long))
{
r = get_random();
(void) memcpy(buf + i, (void *) &r, sizeof(long));
}
RAND_seed(buf, sizeof(buf));
if (LogLevel > logl)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: Warning: random number generator not properly seeded");
ok = true;
}
done = ok ? RI_SUCCESS : RI_FAIL;
return ok;
# else /* ! HASURANDOMDEV */
return true;
# endif /* ! HASURANDOMDEV */
}
/*
** INIT_TLS_LIBRARY -- Calls functions which setup TLS library for global use.
**
** Parameters:
** fipsmode -- use FIPS?
**
** Returns:
-** succeeded?
+** 0: OK
+** <0: perm.fail
+** >0: fail but can continue
*/
-bool
+int
init_tls_library(fipsmode)
bool fipsmode;
{
bool bv;
+ /*
+ ** OPENSSL_init_ssl(3): "As of version 1.1.0 OpenSSL will
+ ** automatically allocate all resources that it needs
+ ** so no explicit initialisation is required."
+ */
+
+# if !MTA_HAVE_OPENSSL_init_ssl
/* basic TLS initialization, ignore result for now */
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
-# if 0
- /* this is currently a macro for SSL_library_init */
- SSLeay_add_ssl_algorithms();
-# endif /* 0 */
+# endif
- bv = tls_rand_init(RandFile, 7);
+ bv = true;
+ if (TLSsslidx < 0)
+ {
+ TLSsslidx = SSL_get_ex_new_index(0, 0, 0, 0, 0);
+ if (TLSsslidx < 0)
+ {
+ if (LogLevel > 0)
+ sm_syslog(LOG_ERR, NOQID,
+ "STARTTLS=init, SSL_get_ex_new_index=%d",
+ TLSsslidx);
+ bv = false;
+ }
+ }
+
+ if (bv)
+ bv = tls_rand_init(RandFile, 7);
# if _FFR_FIPSMODE
if (bv && fipsmode)
{
if (!FIPS_mode_set(1))
{
unsigned long err;
err = ERR_get_error();
if (LogLevel > 0)
sm_syslog(LOG_ERR, NOQID,
"STARTTLS=init, FIPSMode=%s",
ERR_error_string(err, NULL));
- return false;
+ return -1;
}
else
{
if (LogLevel > 9)
sm_syslog(LOG_INFO, NOQID,
"STARTTLS=init, FIPSMode=ok");
}
+ if (CertFingerprintAlgorithm == NULL)
+ CertFingerprintAlgorithm = "sha1";
+ }
+# endif /* _FFR_FIPSMODE */
+
+ if (!TLS_set_engine(SSLEngine, true))
+ {
+ if (LogLevel > 0)
+ sm_syslog(LOG_ERR, NOQID,
+ "STARTTLS=init, engine=%s, TLS_set_engine=failed",
+ SSLEngine);
+ return -1;
}
-#endif /* _FFR_FIPSMODE */
+
if (bv && CertFingerprintAlgorithm != NULL)
{
const EVP_MD *md;
md = EVP_get_digestbyname(CertFingerprintAlgorithm);
if (NULL == md)
{
bv = false;
if (LogLevel > 0)
sm_syslog(LOG_ERR, NOQID,
"STARTTLS=init, CertFingerprintAlgorithm=%s, status=invalid"
, CertFingerprintAlgorithm);
}
else
EVP_digest = md;
}
- return bv;
+ return bv ? 0 : 1;
}
/*
** TLS_SET_VERIFY -- request client certificate?
**
** Parameters:
** ctx -- TLS context
-** ssl -- TLS structure
+** ssl -- TLS session context
** vrfy -- request certificate?
**
** Returns:
** none.
**
** Side Effects:
** Sets verification state for TLS
**
# if TLS_VRFY_PER_CTX
** Notice:
** This is per TLS context, not per TLS structure;
** the former is global, the latter per connection.
** It would be nice to do this per connection, but this
** doesn't work in the current TLS libraries :-(
# endif * TLS_VRFY_PER_CTX *
*/
void
tls_set_verify(ctx, ssl, vrfy)
SSL_CTX *ctx;
SSL *ssl;
bool vrfy;
{
# if !TLS_VRFY_PER_CTX
SSL_set_verify(ssl, vrfy ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
-# else /* !TLS_VRFY_PER_CTX */
+# else
SSL_CTX_set_verify(ctx, vrfy ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
NULL);
-# endif /* !TLS_VRFY_PER_CTX */
+# endif
}
/*
** status in initialization
** these flags keep track of the status of the initialization
** i.e., whether a file exists (_EX) and whether it can be used (_OK)
** [due to permissions]
*/
# define TLS_S_NONE 0x00000000 /* none yet */
# define TLS_S_CERT_EX 0x00000001 /* cert file exists */
# define TLS_S_CERT_OK 0x00000002 /* cert file is ok */
# define TLS_S_KEY_EX 0x00000004 /* key file exists */
# define TLS_S_KEY_OK 0x00000008 /* key file is ok */
# define TLS_S_CERTP_EX 0x00000010 /* CA cert path exists */
# define TLS_S_CERTP_OK 0x00000020 /* CA cert path is ok */
# define TLS_S_CERTF_EX 0x00000040 /* CA cert file exists */
# define TLS_S_CERTF_OK 0x00000080 /* CA cert file is ok */
# define TLS_S_CRLF_EX 0x00000100 /* CRL file exists */
# define TLS_S_CRLF_OK 0x00000200 /* CRL file is ok */
# define TLS_S_CERT2_EX 0x00001000 /* 2nd cert file exists */
# define TLS_S_CERT2_OK 0x00002000 /* 2nd cert file is ok */
# define TLS_S_KEY2_EX 0x00004000 /* 2nd key file exists */
# define TLS_S_KEY2_OK 0x00008000 /* 2nd key file is ok */
# define TLS_S_DH_OK 0x00200000 /* DH cert is ok */
# define TLS_S_DHPAR_EX 0x00400000 /* DH param file exists */
# define TLS_S_DHPAR_OK 0x00800000 /* DH param file is ok to use */
/* Type of variable */
# define TLS_T_OTHER 0
# define TLS_T_SRV 1
# define TLS_T_CLT 2
/*
** TLS_OK_F -- can var be an absolute filename?
**
** Parameters:
** var -- filename
** fn -- what is the filename used for?
** type -- type of variable
**
** Returns:
** ok?
*/
static bool
tls_ok_f(var, fn, type)
char *var;
char *fn;
int type;
{
/* must be absolute pathname */
if (var != NULL && *var == '/')
return true;
if (LogLevel > 12)
sm_syslog(LOG_WARNING, NOQID, "STARTTLS: %s%s missing",
type == TLS_T_SRV ? "Server" :
(type == TLS_T_CLT ? "Client" : ""), fn);
return false;
}
/*
** TLS_SAFE_F -- is a file safe to use?
**
** Parameters:
** var -- filename
** sff -- flags for safefile()
** srv -- server side?
**
** Returns:
** ok?
*/
static bool
tls_safe_f(var, sff, srv)
char *var;
long sff;
bool srv;
{
int ret;
if ((ret = safefile(var, RunAsUid, RunAsGid, RunAsUserName, sff,
S_IRUSR, NULL)) == 0)
return true;
if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID, "STARTTLS=%s: file %s unsafe: %s",
srv ? "server" : "client", var, sm_errstring(ret));
return false;
}
/*
** TLS_OK_F -- macro to simplify calls to tls_ok_f
**
** Parameters:
** var -- filename
** fn -- what is the filename used for?
** req -- is the file required?
** st -- status bit to set if ok
** type -- type of variable
**
** Side Effects:
** uses r, ok; may change ok and status.
**
*/
# define TLS_OK_F(var, fn, req, st, type) if (ok) \
{ \
r = tls_ok_f(var, fn, type); \
if (r) \
status |= st; \
else if (req) \
ok = false; \
}
/*
** TLS_UNR -- macro to return whether a file should be unreadable
**
** Parameters:
** bit -- flag to test
** req -- flags
**
** Returns:
** 0/SFF_NORFILES
*/
+
# define TLS_UNR(bit, req) (bitset(bit, req) ? SFF_NORFILES : 0)
# define TLS_OUNR(bit, req) (bitset(bit, req) ? SFF_NOWRFILES : 0)
# define TLS_KEYSFF(req) \
(bitnset(DBS_GROUPREADABLEKEYFILE, DontBlameSendmail) ? \
TLS_OUNR(TLS_I_KEY_OUNR, req) : \
TLS_UNR(TLS_I_KEY_UNR, req))
/*
** TLS_SAFE_F -- macro to simplify calls to tls_safe_f
**
** Parameters:
** var -- filename
** sff -- flags for safefile()
** req -- is the file required?
** ex -- does the file exist?
** st -- status bit to set if ok
** srv -- server side?
**
** Side Effects:
** uses r, ok, ex; may change ok and status.
**
*/
# define TLS_SAFE_F(var, sff, req, ex, st, srv) if (ex && ok) \
{ \
r = tls_safe_f(var, sff, srv); \
if (r) \
status |= st; \
else if (req) \
ok = false; \
}
-# if _FFR_TLS_SE_OPTS
/*
** LOAD_CERTKEY -- load cert/key for TLS session
**
** Parameters:
** ssl -- TLS session context
+** srv -- server side?
** certfile -- filename of certificate
** keyfile -- filename of private key
**
** Returns:
** succeeded?
*/
bool
load_certkey(ssl, srv, certfile, keyfile)
SSL *ssl;
bool srv;
char *certfile;
char *keyfile;
{
bool ok;
int r;
long sff, status;
unsigned long req;
char *who;
ok = true;
who = srv ? "server" : "client";
status = TLS_S_NONE;
req = TLS_I_CERT_EX|TLS_I_KEY_EX;
TLS_OK_F(certfile, "CertFile", bitset(TLS_I_CERT_EX, req),
TLS_S_CERT_EX, srv ? TLS_T_SRV : TLS_T_CLT);
TLS_OK_F(keyfile, "KeyFile", bitset(TLS_I_KEY_EX, req),
TLS_S_KEY_EX, srv ? TLS_T_SRV : TLS_T_CLT);
/* certfile etc. must be "safe". */
sff = SFF_REGONLY | SFF_SAFEDIRPATH | SFF_NOWLINK
| SFF_NOGWFILES | SFF_NOWWFILES
| SFF_MUSTOWN | SFF_ROOTOK | SFF_OPENASROOT;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
TLS_SAFE_F(certfile, sff | TLS_UNR(TLS_I_CERT_UNR, req),
bitset(TLS_I_CERT_EX, req),
bitset(TLS_S_CERT_EX, status), TLS_S_CERT_OK, srv);
TLS_SAFE_F(keyfile, sff | TLS_KEYSFF(req),
bitset(TLS_I_KEY_EX, req),
bitset(TLS_S_KEY_EX, status), TLS_S_KEY_OK, srv);
# define SSL_use_cert(ssl, certfile) \
SSL_use_certificate_file(ssl, certfile, SSL_FILETYPE_PEM)
# define SSL_USE_CERT "SSL_use_certificate_file"
if (bitset(TLS_S_CERT_OK, status) &&
SSL_use_cert(ssl, certfile) <= 0)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: %s(%s) failed",
who, SSL_USE_CERT, certfile);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
if (bitset(TLS_I_USE_CERT, req))
return false;
}
if (bitset(TLS_S_KEY_OK, status) &&
SSL_use_PrivateKey_file(ssl, keyfile, SSL_FILETYPE_PEM) <= 0)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_use_PrivateKey_file(%s) failed",
who, keyfile);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
if (bitset(TLS_I_USE_KEY, req))
return false;
}
/* check the private key */
if (bitset(TLS_S_KEY_OK, status) &&
(r = SSL_check_private_key(ssl)) <= 0)
{
/* Private key does not match the certificate public key */
if (LogLevel > 5)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_check_private_key failed(%s): %d",
who, keyfile, r);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
if (bitset(TLS_I_USE_KEY, req))
return false;
}
return true;
}
-# endif /* _FFR_TLS_SE_OPTS */
+
+/*
+** LOAD_CRLFILE -- load a file holding a CRL into the TLS context
+**
+** Parameters:
+** ctx -- TLS context
+** srv -- server side?
+** filename -- filename of CRL
+**
+** Returns:
+** succeeded?
+*/
+
+static bool load_crlfile __P((SSL_CTX *, bool, char *));
+
+static bool
+load_crlfile(ctx, srv, filename)
+ SSL_CTX *ctx;
+ bool srv;
+ char *filename;
+{
+ char *who;
+ BIO *crl_file;
+ X509_CRL *crl;
+ X509_STORE *store;
+
+ who = srv ? "server" : "client";
+ crl_file = BIO_new(BIO_s_file());
+ if (crl_file == NULL)
+ {
+ if (LogLevel > 9)
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, error: BIO_new=failed", who);
+ return false;
+ }
+
+ if (BIO_read_filename(crl_file, filename) < 0)
+ {
+ if (LogLevel > 9)
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, error: BIO_read_filename(%s)=failed",
+ who, filename);
+
+ /* avoid memory leaks */
+ BIO_free(crl_file);
+ return false;
+ }
+
+ crl = PEM_read_bio_X509_CRL(crl_file, NULL, NULL, NULL);
+ if (crl == NULL)
+ {
+ if (LogLevel > 9)
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, error: PEM_read_bio_X509_CRL(%s)=failed",
+ who, filename);
+ BIO_free(crl_file);
+ return true; /* XXX should probably be 'false' */
+ }
+
+ BIO_free(crl_file);
+
+ /* get a pointer to the current certificate validation store */
+ store = SSL_CTX_get_cert_store(ctx); /* does not fail */
+
+ if (X509_STORE_add_crl(store, crl) == 0)
+ {
+ if (LogLevel > 9)
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, error: X509_STORE_add_crl=failed",
+ who);
+ X509_CRL_free(crl);
+ return false;
+ }
+
+ X509_CRL_free(crl);
+
+ X509_STORE_set_flags(store,
+ X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+ X509_STORE_set_verify_cb_func(store, x509_verify_cb);
+
+ return true;
+}
+
+/*
+** LOAD_CRLPATH -- configure the TLS context to lookup CRLs in a directory
+**
+** Parameters:
+** ctx -- TLS context
+** srv -- server side?
+** path -- path of hashed directory of CRLs
+**
+** Returns:
+** succeeded?
+*/
+
+static bool load_crlpath __P((SSL_CTX *, bool, char *));
+
+static bool
+load_crlpath(ctx, srv, path)
+ SSL_CTX *ctx;
+ bool srv;
+ char *path;
+{
+ char *who;
+ X509_STORE *store;
+ X509_LOOKUP *lookup;
+
+ who = srv ? "server" : "client";
+
+ /* get a pointer to the current certificate validation store */
+ store = SSL_CTX_get_cert_store(ctx); /* does not fail */
+
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ {
+ if (LogLevel > 9)
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, error: X509_STORE_add_lookup(hash)=failed",
+ who);
+ return false;
+ }
+
+ if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) == 0)
+ {
+ if (LogLevel > 9)
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, error: X509_LOOKUP_add_dir(%s)=failed",
+ who, path);
+ return false;
+ }
+
+ X509_STORE_set_flags(store,
+ X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+ X509_STORE_set_verify_cb_func(store, x509_verify_cb);
+
+ return true;
+}
/*
** INITTLS -- initialize TLS
**
** Parameters:
** ctx -- pointer to context
** req -- requirements for initialization (see sendmail.h)
** options -- options
** srv -- server side?
** certfile -- filename of certificate
** keyfile -- filename of private key
** cacertpath -- path to CAs
** cacertfile -- file with CA(s)
** dhparam -- parameters for DH
**
** Returns:
** succeeded?
*/
/*
** The session_id_context identifies the service that created a session.
** This information is used to distinguish between multiple TLS-based
** servers running on the same server. We use the name of the mail system.
** Note: the session cache is not persistent.
*/
static char server_session_id_context[] = "sendmail8";
/* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
-# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 1
-#else
-# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0
-#endif
+# if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
+# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 1
+# else
+# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0
+# endif
bool
inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
SSL_CTX **ctx;
unsigned long req;
unsigned long options;
bool srv;
char *certfile, *keyfile, *cacertpath, *cacertfile, *dhparam;
{
# if !NO_DH
static DH *dh = NULL;
-# endif /* !NO_DH */
+# endif
int r;
bool ok;
long sff, status;
char *who;
char *cf2, *kf2;
-# if SM_CONF_SHM
+# if SM_CONF_SHM && !TLS_NO_RSA && MTA_RSA_TMP_CB
extern int ShmId;
-# endif /* SM_CONF_SHM */
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
- BIO *crl_file;
- X509_CRL *crl;
- X509_STORE *store;
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
-#if SM_SSL_OP_TLS_BLOCK_PADDING_BUG
+# endif
+# if SM_SSL_OP_TLS_BLOCK_PADDING_BUG
long rt_version;
STACK_OF(SSL_COMP) *comp_methods;
-#endif
+# endif
status = TLS_S_NONE;
who = srv ? "server" : "client";
if (ctx == NULL)
{
syserr("STARTTLS=%s, inittls: ctx == NULL", who);
/* NOTREACHED */
SM_ASSERT(ctx != NULL);
}
/* already initialized? (we could re-init...) */
if (*ctx != NULL)
return true;
ok = true;
/*
** look for a second filename: it must be separated by a ','
** no blanks allowed (they won't be skipped).
** we change a global variable here! this change will be undone
** before return from the function but only if it returns true.
** this isn't a problem since in a failure case this function
** won't be called again with the same (overwritten) values.
** otherwise each return must be replaced with a goto endinittls.
*/
cf2 = NULL;
kf2 = NULL;
if (certfile != NULL && (cf2 = strchr(certfile, ',')) != NULL)
{
*cf2++ = '\0';
if (keyfile != NULL && (kf2 = strchr(keyfile, ',')) != NULL)
*kf2++ = '\0';
}
/*
** Check whether files/paths are defined
*/
TLS_OK_F(certfile, "CertFile", bitset(TLS_I_CERT_EX, req),
TLS_S_CERT_EX, srv ? TLS_T_SRV : TLS_T_CLT);
TLS_OK_F(keyfile, "KeyFile", bitset(TLS_I_KEY_EX, req),
TLS_S_KEY_EX, srv ? TLS_T_SRV : TLS_T_CLT);
TLS_OK_F(cacertpath, "CACertPath", bitset(TLS_I_CERTP_EX, req),
TLS_S_CERTP_EX, TLS_T_OTHER);
TLS_OK_F(cacertfile, "CACertFile", bitset(TLS_I_CERTF_EX, req),
TLS_S_CERTF_EX, TLS_T_OTHER);
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
TLS_OK_F(CRLFile, "CRLFile", bitset(TLS_I_CRLF_EX, req),
TLS_S_CRLF_EX, TLS_T_OTHER);
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
/*
** if the second file is specified it must exist
** XXX: it is possible here to define only one of those files
*/
if (cf2 != NULL)
{
TLS_OK_F(cf2, "CertFile", bitset(TLS_I_CERT_EX, req),
TLS_S_CERT2_EX, srv ? TLS_T_SRV : TLS_T_CLT);
}
if (kf2 != NULL)
{
TLS_OK_F(kf2, "KeyFile", bitset(TLS_I_KEY_EX, req),
TLS_S_KEY2_EX, srv ? TLS_T_SRV : TLS_T_CLT);
}
/*
** valid values for dhparam are (only the first char is checked)
** none no parameters: don't use DH
** i use precomputed 2048 bit parameters
** 512 use precomputed 512 bit parameters
** 1024 generate 1024 bit parameters
** 2048 generate 2048 bit parameters
** /file/name read parameters from /file/name
*/
-#define SET_DH_DFL \
+# define SET_DH_DFL \
do { \
dhparam = "I"; \
req |= TLS_I_DHFIXED; \
} while (0)
if (bitset(TLS_I_TRY_DH, req))
{
if (dhparam != NULL)
{
char c = *dhparam;
if (c == '1')
req |= TLS_I_DH1024;
else if (c == 'I' || c == 'i')
req |= TLS_I_DHFIXED;
else if (c == '2')
req |= TLS_I_DH2048;
else if (c == '5')
req |= TLS_I_DH512;
else if (c == 'n' || c == 'N')
req &= ~TLS_I_TRY_DH;
else if (c != '/')
{
if (LogLevel > 12)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: illegal value '%s' for DHParameters",
who, dhparam);
dhparam = NULL;
}
}
if (dhparam == NULL)
SET_DH_DFL;
else if (*dhparam == '/')
{
TLS_OK_F(dhparam, "DHParameters",
bitset(TLS_I_DHPAR_EX, req),
TLS_S_DHPAR_EX, TLS_T_OTHER);
}
}
if (!ok)
return ok;
/* certfile etc. must be "safe". */
sff = SFF_REGONLY | SFF_SAFEDIRPATH | SFF_NOWLINK
| SFF_NOGWFILES | SFF_NOWWFILES
| SFF_MUSTOWN | SFF_ROOTOK | SFF_OPENASROOT;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
TLS_SAFE_F(certfile, sff | TLS_UNR(TLS_I_CERT_UNR, req),
bitset(TLS_I_CERT_EX, req),
bitset(TLS_S_CERT_EX, status), TLS_S_CERT_OK, srv);
TLS_SAFE_F(keyfile, sff | TLS_KEYSFF(req),
bitset(TLS_I_KEY_EX, req),
bitset(TLS_S_KEY_EX, status), TLS_S_KEY_OK, srv);
TLS_SAFE_F(cacertfile, sff | TLS_UNR(TLS_I_CERTF_UNR, req),
bitset(TLS_I_CERTF_EX, req),
bitset(TLS_S_CERTF_EX, status), TLS_S_CERTF_OK, srv);
if (dhparam != NULL && *dhparam == '/')
{
TLS_SAFE_F(dhparam, sff | TLS_UNR(TLS_I_DHPAR_UNR, req),
bitset(TLS_I_DHPAR_EX, req),
bitset(TLS_S_DHPAR_EX, status), TLS_S_DHPAR_OK, srv);
if (!bitset(TLS_S_DHPAR_OK, status))
SET_DH_DFL;
}
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
TLS_SAFE_F(CRLFile, sff | TLS_UNR(TLS_I_CRLF_UNR, req),
bitset(TLS_I_CRLF_EX, req),
bitset(TLS_S_CRLF_EX, status), TLS_S_CRLF_OK, srv);
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
if (!ok)
return ok;
if (cf2 != NULL)
{
TLS_SAFE_F(cf2, sff | TLS_UNR(TLS_I_CERT_UNR, req),
bitset(TLS_I_CERT_EX, req),
bitset(TLS_S_CERT2_EX, status), TLS_S_CERT2_OK, srv);
}
if (kf2 != NULL)
{
TLS_SAFE_F(kf2, sff | TLS_KEYSFF(req),
bitset(TLS_I_KEY_EX, req),
bitset(TLS_S_KEY2_EX, status), TLS_S_KEY2_OK, srv);
}
/* create a method and a new context */
if ((*ctx = SSL_CTX_new(srv ? SSLv23_server_method() :
SSLv23_client_method())) == NULL)
{
if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_CTX_new(SSLv23_%s_method()) failed",
who, who);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
return false;
}
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
- if (CRLFile != NULL)
+# if _FFR_VRFY_TRUSTED_FIRST
+ if (!tTd(88, 101))
{
+ X509_STORE *store;
+
/* get a pointer to the current certificate validation store */
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */
- crl_file = BIO_new(BIO_s_file_internal());
- if (crl_file != NULL)
- {
- if (BIO_read_filename(crl_file, CRLFile) >= 0)
- {
- crl = PEM_read_bio_X509_CRL(crl_file, NULL,
- NULL, NULL);
- BIO_free(crl_file);
- X509_STORE_add_crl(store, crl);
- X509_CRL_free(crl);
- X509_STORE_set_flags(store,
- X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
- X509_STORE_set_verify_cb_func(store,
- x509_verify_cb);
- }
- else
- {
- if (LogLevel > 9)
- {
- sm_syslog(LOG_WARNING, NOQID,
- "STARTTLS=%s, error: PEM_read_bio_X509_CRL(%s)=failed",
- who, CRLFile);
- }
+ SM_ASSERT(store != NULL);
+ X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST);
+ }
+# endif
- /* avoid memory leaks */
- BIO_free(crl_file);
- return false;
- }
+ if (CRLFile != NULL && !load_crlfile(*ctx, srv, CRLFile))
+ return false;
+ if (CRLPath != NULL && !load_crlpath(*ctx, srv, CRLPath))
+ return false;
- }
- else if (LogLevel > 9)
+# if defined(SSL_MODE_AUTO_RETRY) && OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x20000000L
+ /*
+ * Turn off blocking I/O handling in OpenSSL: someone turned
+ * this on by default in 1.1? should we check first?
+ */
+# if _FFR_TESTS
+ if (LogLevel > 9) {
+ sff = SSL_CTX_get_mode(*ctx);
+ if (sff & SSL_MODE_AUTO_RETRY)
sm_syslog(LOG_WARNING, NOQID,
- "STARTTLS=%s, error: BIO_new=failed", who);
+ "STARTTLS=%s, SSL_MODE_AUTO_RETRY=set, mode=%#lx",
+ who, sff);
}
+
+ /* hack for testing! */
+ if (tTd(96, 101) || getenv("SSL_MODE_AUTO_RETRY") != NULL)
+ SSL_CTX_set_mode(*ctx, SSL_MODE_AUTO_RETRY);
else
- store = NULL;
-# if _FFR_CRLPATH
- if (CRLPath != NULL && store != NULL)
- {
- X509_LOOKUP *lookup;
+# endif
+ SSL_CTX_clear_mode(*ctx, SSL_MODE_AUTO_RETRY);
+# endif /* defined(SSL_MODE_AUTO_RETRY) && OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x20000000L */
- lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
- if (lookup == NULL)
- {
- if (LogLevel > 9)
- {
- sm_syslog(LOG_WARNING, NOQID,
- "STARTTLS=%s, error: X509_STORE_add_lookup(hash)=failed",
- who, CRLFile);
- }
- return false;
- }
- X509_LOOKUP_add_dir(lookup, CRLPath, X509_FILETYPE_PEM);
- X509_STORE_set_flags(store,
- X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
- }
-# endif /* _FFR_CRLPATH */
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
# if TLS_NO_RSA
/* turn off backward compatibility, required for no-rsa */
SSL_CTX_set_options(*ctx, SSL_OP_NO_SSLv2);
-# endif /* TLS_NO_RSA */
+# endif
-# if !TLS_NO_RSA
+# if !TLS_NO_RSA && MTA_RSA_TMP_CB
/*
** Create a temporary RSA key
** XXX Maybe we shouldn't create this always (even though it
** is only at startup).
** It is a time-consuming operation and it is not always necessary.
** maybe we should do it only on demand...
*/
if (bitset(TLS_I_RSA_TMP, req)
# if SM_CONF_SHM
&& ShmId != SM_SHM_NO_ID &&
(rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
NULL)) == NULL
# else /* SM_CONF_SHM */
&& 0 /* no shared memory: no need to generate key now */
# endif /* SM_CONF_SHM */
)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: RSA_generate_key failed",
who);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
return false;
}
-# endif /* !TLS_NO_RSA */
+# endif /* !TLS_NO_RSA && MTA_RSA_TMP_CB */
/*
** load private key
** XXX change this for DSA-only version
*/
if (bitset(TLS_S_KEY_OK, status) &&
SSL_CTX_use_PrivateKey_file(*ctx, keyfile,
SSL_FILETYPE_PEM) <= 0)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed",
who, keyfile);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
if (bitset(TLS_I_USE_KEY, req))
return false;
}
-#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
-# define SSL_CTX_use_cert(ssl_ctx, certfile) \
+# if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
+# define SSL_CTX_use_cert(ssl_ctx, certfile) \
SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile)
-# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_chain_file"
-#else
-# define SSL_CTX_use_cert(ssl_ctx, certfile) \
+# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_chain_file"
+# else
+# define SSL_CTX_use_cert(ssl_ctx, certfile) \
SSL_CTX_use_certificate_file(ssl_ctx, certfile, SSL_FILETYPE_PEM)
-# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_file"
-#endif
+# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_file"
+# endif
/* get the certificate file */
if (bitset(TLS_S_CERT_OK, status) &&
SSL_CTX_use_cert(*ctx, certfile) <= 0)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: %s(%s) failed",
who, SSL_CTX_USE_CERT, certfile);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
if (bitset(TLS_I_USE_CERT, req))
return false;
}
/* check the private key */
if (bitset(TLS_S_KEY_OK, status) &&
(r = SSL_CTX_check_private_key(*ctx)) <= 0)
{
/* Private key does not match the certificate public key */
if (LogLevel > 5)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_CTX_check_private_key failed(%s): %d",
who, keyfile, r);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
if (bitset(TLS_I_USE_KEY, req))
return false;
}
/* XXX this code is pretty much duplicated from above! */
/* load private key */
if (bitset(TLS_S_KEY2_OK, status) &&
SSL_CTX_use_PrivateKey_file(*ctx, kf2, SSL_FILETYPE_PEM) <= 0)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed",
who, kf2);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
}
/* get the certificate file */
if (bitset(TLS_S_CERT2_OK, status) &&
SSL_CTX_use_cert(*ctx, cf2) <= 0)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: %s(%s) failed",
who, SSL_CTX_USE_CERT, cf2);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
}
/* also check the private key */
if (bitset(TLS_S_KEY2_OK, status) &&
(r = SSL_CTX_check_private_key(*ctx)) <= 0)
{
/* Private key does not match the certificate public key */
if (LogLevel > 5)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_CTX_check_private_key 2 failed: %d",
who, r);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
}
/* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */
-#if SM_SSL_OP_TLS_BLOCK_PADDING_BUG
+# if SM_SSL_OP_TLS_BLOCK_PADDING_BUG
/*
** In OpenSSL 0.9.8[ab], enabling zlib compression breaks the
** padding bug work-around, leading to false positives and
** failed connections. We may not interoperate with systems
** with the bug, but this is better than breaking on all 0.9.8[ab]
** systems that have zlib support enabled.
** Note: this checks the runtime version of the library, not
** just the compile time version.
*/
- rt_version = SSLeay();
+ rt_version = TLS_version_num();
if (rt_version >= 0x00908000L && rt_version <= 0x0090802fL)
{
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods != NULL && sk_SSL_COMP_num(comp_methods) > 0)
options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
}
-#endif
+# endif
SSL_CTX_set_options(*ctx, (long) options);
# if !NO_DH
/* Diffie-Hellman initialization */
if (bitset(TLS_I_TRY_DH, req))
{
-#if _FFR_TLS_EC
+# if TLS_EC == 1
EC_KEY *ecdh;
-#endif /* _FFR_TLS_EC */
+# endif
if (tTd(96, 8))
sm_dprintf("inittls: req=%#lx, status=%#lx\n",
req, status);
if (bitset(TLS_S_DHPAR_OK, status))
{
BIO *bio;
if ((bio = BIO_new_file(dhparam, "r")) != NULL)
{
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if (dh == NULL && LogLevel > 7)
{
unsigned long err;
err = ERR_get_error();
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: cannot read DH parameters(%s): %s",
who, dhparam,
ERR_error_string(err, NULL));
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
SET_DH_DFL;
}
}
else
{
if (LogLevel > 5)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: BIO_new_file(%s) failed",
who, dhparam);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
}
}
if (dh == NULL && bitset(TLS_I_DH1024|TLS_I_DH2048, req))
{
int bits;
DSA *dsa;
bits = bitset(TLS_I_DH2048, req) ? 2048 : 1024;
if (tTd(96, 2))
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
+# if MTA_HAVE_DSA_GENERATE_EX
+ dsa = DSA_new();
+ if (dsa != NULL)
+ {
+ r = DSA_generate_parameters_ex(dsa, bits, NULL,
+ 0, NULL, NULL, NULL);
+ if (r != 0)
+ dh = DSA_dup_DH(dsa);
+ }
+# else
/* this takes a while! */
dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
NULL, 0, NULL);
dh = DSA_dup_DH(dsa);
+# endif
DSA_free(dsa);
}
else if (dh == NULL && bitset(TLS_I_DHFIXED, req))
{
if (tTd(96, 2))
sm_dprintf("inittls: Using precomputed 2048 bit DH parameters\n");
dh = get_dh2048();
}
else if (dh == NULL && bitset(TLS_I_DH512, req))
{
if (tTd(96, 2))
sm_dprintf("inittls: Using precomputed 512 bit DH parameters\n");
dh = get_dh512();
}
if (dh == NULL)
{
if (LogLevel > 9)
{
unsigned long err;
err = ERR_get_error();
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: cannot read or set DH parameters(%s): %s",
who, dhparam,
ERR_error_string(err, NULL));
}
if (bitset(TLS_I_REQ_DH, req))
return false;
}
else
{
/* important to avoid small subgroup attacks */
SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_tmp_dh(*ctx, dh);
if (LogLevel > 13)
sm_syslog(LOG_INFO, NOQID,
"STARTTLS=%s, Diffie-Hellman init, key=%d bit (%c)",
who, 8 * DH_size(dh), *dhparam);
DH_free(dh);
}
-#if _FFR_TLS_EC
+# if TLS_EC == 2
+ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
+ SSL_CTX_set_ecdh_auto(*ctx, 1);
+# elif TLS_EC == 1
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ecdh != NULL)
{
SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
EC_KEY_free(ecdh);
}
-#endif /* _FFR_TLS_EC */
+ else if (LogLevel > 9)
+ {
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)=failed, error=%s",
+ who, ERR_error_string(ERR_get_error(), NULL));
+ }
+# endif /* TLS_EC */
}
# endif /* !NO_DH */
/* XXX do we need this cache here? */
if (bitset(TLS_I_CACHE, req))
{
SSL_CTX_sess_set_cache_size(*ctx, 1);
SSL_CTX_set_timeout(*ctx, 1);
SSL_CTX_set_session_id_context(*ctx,
(void *) &server_session_id_context,
sizeof(server_session_id_context));
(void) SSL_CTX_set_session_cache_mode(*ctx,
SSL_SESS_CACHE_SERVER);
}
else
{
(void) SSL_CTX_set_session_cache_mode(*ctx,
SSL_SESS_CACHE_OFF);
}
/* load certificate locations and default CA paths */
if (bitset(TLS_S_CERTP_EX, status) && bitset(TLS_S_CERTF_EX, status))
{
if ((r = SSL_CTX_load_verify_locations(*ctx, cacertfile,
cacertpath)) == 1)
{
-# if !TLS_NO_RSA
+# if !TLS_NO_RSA && MTA_RSA_TMP_CB
if (bitset(TLS_I_RSA_TMP, req))
SSL_CTX_set_tmp_rsa_callback(*ctx, tmp_rsa_key);
-# endif /* !TLS_NO_RSA */
+# endif
/*
** We have to install our own verify callback:
** SSL_VERIFY_PEER requests a client cert but even
** though *FAIL_IF* isn't set, the connection
** will be aborted if the client presents a cert
** that is not "liked" (can't be verified?) by
** the TLS library :-(
*/
/*
** XXX currently we could call tls_set_verify()
** but we hope that that function will later on
** only set the mode per connection.
*/
+
SSL_CTX_set_verify(*ctx,
bitset(TLS_I_NO_VRFY, req) ? SSL_VERIFY_NONE
: SSL_VERIFY_PEER,
NULL);
- /* install verify callback */
+ if (srv)
+ {
+ SSL_CTX_set_client_CA_list(*ctx,
+ SSL_load_client_CA_file(cacertfile));
+ }
SSL_CTX_set_cert_verify_callback(*ctx, tls_verify_cb,
- NULL);
- SSL_CTX_set_client_CA_list(*ctx,
- SSL_load_client_CA_file(cacertfile));
+ NULL);
}
else
{
/*
** can't load CA data; do we care?
** the data is necessary to authenticate the client,
** which in turn would be necessary
** if we want to allow relaying based on it.
*/
+
if (LogLevel > 5)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: load verify locs %s, %s failed: %d",
who, cacertpath, cacertfile, r);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING,
+ bitset(TLS_I_VRFY_LOC, req) ? 8 : 9,
+ who);
}
if (bitset(TLS_I_VRFY_LOC, req))
return false;
}
}
/* XXX: make this dependent on an option? */
if (tTd(96, 9))
SSL_CTX_set_info_callback(*ctx, apps_ssl_info_cb);
/* install our own cipher list */
if (CipherList != NULL && *CipherList != '\0')
{
if (SSL_CTX_set_cipher_list(*ctx, CipherList) <= 0)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_CTX_set_cipher_list(%s) failed, list ignored",
who, CipherList);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ tlslogerr(LOG_WARNING, 9, who);
}
/* failure if setting to this list is required? */
}
}
if (LogLevel > 12)
sm_syslog(LOG_INFO, NOQID, "STARTTLS=%s, init=%d", who, ok);
# if 0
/*
** this label is required if we want to have a "clean" exit
** see the comments above at the initialization of cf2
*/
endinittls:
# endif /* 0 */
/* undo damage to global variables */
if (cf2 != NULL)
*--cf2 = ',';
if (kf2 != NULL)
*--kf2 = ',';
return ok;
}
/*
** CERT_FP -- get cert fingerprint
**
** Parameters:
** cert -- TLS cert
+** evp_digest -- digest algorithm
** mac -- macro storage
** macro -- where to store cert fp
**
** Returns:
** <=0: cert fp calculation failed
** >0: cert fp calculation ok
*/
static int
cert_fp(cert, evp_digest, mac, macro)
X509 *cert;
const EVP_MD *evp_digest;
MACROS_T *mac;
char *macro;
{
unsigned int n;
int r;
unsigned char md[EVP_MAX_MD_SIZE];
char md5h[EVP_MAX_MD_SIZE * 3];
static const char hexcodes[] = "0123456789ABCDEF";
n = 0;
if (X509_digest(cert, EVP_digest, md, &n) == 0 || n <= 0)
{
macdefine(mac, A_TEMP, macid(macro), "");
return 0;
}
SM_ASSERT((n * 3) + 2 < sizeof(md5h));
for (r = 0; r < (int) n; r++)
{
md5h[r * 3] = hexcodes[(md[r] & 0xf0) >> 4];
md5h[(r * 3) + 1] = hexcodes[(md[r] & 0x0f)];
md5h[(r * 3) + 2] = ':';
}
md5h[(n * 3) - 1] = '\0';
macdefine(mac, A_TEMP, macid(macro), md5h);
return 1;
}
+/* host for logging */
+#define whichhost host == NULL ? "local" : host
+
+# if _FFR_TLS_ALTNAMES
+
+/*
+** CLEARCLASS -- clear the specified class (called from stabapply)
+**
+** Parameters:
+** s -- STAB
+** id -- class id
+**
+** Returns:
+** none.
+*/
+
+static void
+clearclass(s, id)
+ STAB *s;
+ int id;
+{
+ if (s->s_symtype != ST_CLASS)
+ return;
+ if (bitnset(bitidx(id), s->s_class))
+ clrbitn(bitidx(id), s->s_class);
+}
+
+/*
+** GETALTNAMES -- set subject_alt_name
+**
+** Parameters:
+** cert -- cert
+** srv -- server side?
+** host -- hostname of other side
+**
+** Returns:
+** none.
+*/
+
+static void
+getaltnames(cert, srv, host)
+ X509 *cert;
+ bool srv;
+ const char *host;
+{
+ STACK_OF(GENERAL_NAME) *gens;
+ int i, j, len, r;
+ const GENERAL_NAME *gn;
+ char *dnsname, *who;
+
+ if (!SetCertAltnames)
+ return;
+ who = srv ? "server" : "client";
+ gens = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0);
+ if (gens == NULL)
+ return;
+
+ r = sk_GENERAL_NAME_num(gens);
+ for (i = 0; i < r; i++)
+ {
+ gn = sk_GENERAL_NAME_value(gens, i);
+ if (gn == NULL || gn->type != GEN_DNS)
+ continue;
+
+ /* Ensure data is IA5 */
+ if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING)
+ {
+ if (LogLevel > 6)
+ sm_syslog(LOG_INFO, NOQID,
+ "STARTTLS=%s, relay=%.100s, field=AltName, status=value contains non IA5",
+ who, whichhost);
+ continue;
+ }
+ dnsname = (char *) MTA_ASN1_STRING_data(gn->d.ia5);
+ if (dnsname == NULL)
+ continue;
+ len = ASN1_STRING_length(gn->d.ia5);
+
+ /*
+ ** "remove" trailing NULs (except for one of course),
+ ** those can happen and are OK (not a sign of an attack)
+ */
+
+ while (len > 0 && '\0' == dnsname[len - 1])
+ len--;
+
+#define ISPRINT(c) (isascii(c) && isprint(c))
+
+ /* just check for printable char for now */
+ for (j = 0; j < len && ISPRINT(dnsname[j]); j++)
+ ;
+ if (dnsname[j] != '\0' || len != j)
+ continue;
+
+ setclass(macid("{cert_altnames}"), xtextify(dnsname, "<>\")"));
+ if (LogLevel > 14)
+ sm_syslog(LOG_DEBUG, NOQID,
+ "STARTTLS=%s, relay=%.100s, AltName=%s",
+ who, whichhost, xtextify(dnsname, "<>\")"));
+ }
+}
+# else
+# define getaltnames(cert, srv, host)
+# endif /* _FFR_TLS_ALTNAMES */
+
/*
** TLS_GET_INFO -- get information about TLS connection
**
** Parameters:
-** ssl -- TLS connection structure
-** srv -- server or client
+** ssl -- TLS session context
+** srv -- server side?
** host -- hostname of other side
** mac -- macro storage
** certreq -- did we ask for a cert?
**
** Returns:
** result of authentication.
**
** Side Effects:
** sets various TLS related macros.
*/
int
tls_get_info(ssl, srv, host, mac, certreq)
SSL *ssl;
bool srv;
char *host;
MACROS_T *mac;
bool certreq;
{
const SSL_CIPHER *c;
int b, r;
long verifyok;
char *s, *who;
char bitstr[16];
X509 *cert;
+# if DANE
+ dane_vrfy_ctx_P dane_vrfy_ctx;
+# endif
c = SSL_get_current_cipher(ssl);
/* cast is just workaround for compiler warning */
macdefine(mac, A_TEMP, macid("{cipher}"),
(char *) SSL_CIPHER_get_name(c));
b = SSL_CIPHER_get_bits(c, &r);
(void) sm_snprintf(bitstr, sizeof(bitstr), "%d", b);
macdefine(mac, A_TEMP, macid("{cipher_bits}"), bitstr);
(void) sm_snprintf(bitstr, sizeof(bitstr), "%d", r);
macdefine(mac, A_TEMP, macid("{alg_bits}"), bitstr);
s = (char *) SSL_get_version(ssl);
if (s == NULL)
s = "UNKNOWN";
macdefine(mac, A_TEMP, macid("{tls_version}"), s);
who = srv ? "server" : "client";
cert = SSL_get_peer_certificate(ssl);
verifyok = SSL_get_verify_result(ssl);
if (LogLevel > 14)
sm_syslog(LOG_INFO, NOQID,
"STARTTLS=%s, get_verify: %ld get_peer: 0x%lx",
who, verifyok, (unsigned long) cert);
+# if _FFR_TLS_ALTNAMES
+ stabapply(clearclass, macid("{cert_altnames}"));
+# endif
if (cert != NULL)
{
X509_NAME *subj, *issuer;
char buf[MAXNAME];
subj = X509_get_subject_name(cert);
issuer = X509_get_issuer_name(cert);
X509_NAME_oneline(subj, buf, sizeof(buf));
macdefine(mac, A_TEMP, macid("{cert_subject}"),
xtextify(buf, "<>\")"));
X509_NAME_oneline(issuer, buf, sizeof(buf));
macdefine(mac, A_TEMP, macid("{cert_issuer}"),
xtextify(buf, "<>\")"));
-# define LL_BADCERT 8
+# define LL_BADCERT 8
#define CERTFPMACRO (CertFingerprintAlgorithm != NULL ? "{cert_fp}" : "{cert_md5}")
#define CHECK_X509_NAME(which) \
do { \
if (r == -1) \
{ \
sm_strlcpy(buf, "BadCertificateUnknown", sizeof(buf)); \
if (LogLevel > LL_BADCERT) \
sm_syslog(LOG_INFO, NOQID, \
"STARTTLS=%s, relay=%.100s, field=%s, status=failed to extract CN", \
- who, \
- host == NULL ? "local" : host, \
- which); \
+ who, whichhost, which); \
} \
else if ((size_t)r >= sizeof(buf) - 1) \
{ \
sm_strlcpy(buf, "BadCertificateTooLong", sizeof(buf)); \
if (LogLevel > 7) \
sm_syslog(LOG_INFO, NOQID, \
"STARTTLS=%s, relay=%.100s, field=%s, status=CN too long", \
- who, \
- host == NULL ? "local" : host, \
- which); \
+ who, whichhost, which); \
} \
else if ((size_t)r > strlen(buf)) \
{ \
sm_strlcpy(buf, "BadCertificateContainsNUL", \
sizeof(buf)); \
if (LogLevel > 7) \
sm_syslog(LOG_INFO, NOQID, \
"STARTTLS=%s, relay=%.100s, field=%s, status=CN contains NUL", \
- who, \
- host == NULL ? "local" : host, \
- which); \
+ who, whichhost, which); \
} \
} while (0)
r = X509_NAME_get_text_by_NID(subj, NID_commonName, buf,
sizeof buf);
CHECK_X509_NAME("cn_subject");
macdefine(mac, A_TEMP, macid("{cn_subject}"),
xtextify(buf, "<>\")"));
r = X509_NAME_get_text_by_NID(issuer, NID_commonName, buf,
sizeof buf);
CHECK_X509_NAME("cn_issuer");
macdefine(mac, A_TEMP, macid("{cn_issuer}"),
xtextify(buf, "<>\")"));
(void) cert_fp(cert, EVP_digest, mac, CERTFPMACRO);
+ getaltnames(cert, srv, host);
}
else
{
macdefine(mac, A_PERM, macid("{cert_subject}"), "");
macdefine(mac, A_PERM, macid("{cert_issuer}"), "");
macdefine(mac, A_PERM, macid("{cn_subject}"), "");
macdefine(mac, A_PERM, macid("{cn_issuer}"), "");
macdefine(mac, A_TEMP, macid(CERTFPMACRO), "");
}
+# if DANE
+ dane_vrfy_ctx = NULL;
+ if (TLSsslidx >= 0)
+ {
+ tlsi_ctx_T *tlsi_ctx;
+
+ tlsi_ctx = (tlsi_ctx_P) SSL_get_ex_data(ssl, TLSsslidx);
+ if (tlsi_ctx != NULL)
+ dane_vrfy_ctx = &(tlsi_ctx->tlsi_dvc);
+ }
+# define DANE_VRFY_RES_IS(r) \
+ ((dane_vrfy_ctx != NULL) && dane_vrfy_ctx->dane_vrfy_res == (r))
+ if (DANE_VRFY_RES_IS(DANE_VRFY_OK))
+ {
+ s = "TRUSTED";
+ r = TLS_AUTH_OK;
+ }
+ else if (DANE_VRFY_RES_IS(DANE_VRFY_FAIL))
+ {
+ s = "DANE_FAIL";
+ r = TLS_AUTH_FAIL;
+ }
+ else
+# endif /* if DANE */
switch (verifyok)
{
case X509_V_OK:
if (cert != NULL)
{
s = "OK";
r = TLS_AUTH_OK;
}
else
{
s = certreq ? "NO" : "NOT",
r = TLS_AUTH_NO;
}
break;
default:
s = "FAIL";
r = TLS_AUTH_FAIL;
break;
}
macdefine(mac, A_PERM, macid("{verify}"), s);
if (cert != NULL)
X509_free(cert);
/* do some logging */
if (LogLevel > 8)
{
char *vers, *s1, *s2, *cbits, *algbits;
vers = macget(mac, macid("{tls_version}"));
cbits = macget(mac, macid("{cipher_bits}"));
algbits = macget(mac, macid("{alg_bits}"));
s1 = macget(mac, macid("{verify}"));
s2 = macget(mac, macid("{cipher}"));
+# if DANE
+# define LOG_DANE_FP \
+ ('\0' != dane_vrfy_ctx->dane_vrfy_fp[0] && DANE_VRFY_RES_IS(DANE_VRFY_FAIL))
+# endif
/* XXX: maybe cut off ident info? */
sm_syslog(LOG_INFO, NOQID,
- "STARTTLS=%s, relay=%.100s, version=%.16s, verify=%.16s, cipher=%.64s, bits=%.6s/%.6s",
+ "STARTTLS=%s, relay=%.100s, version=%.16s, verify=%.16s, cipher=%.64s, bits=%.6s/%.6s%s%s",
who,
host == NULL ? "local" : host,
vers, s1, s2, /* sm_snprintf() can deal with NULL */
algbits == NULL ? "0" : algbits,
- cbits == NULL ? "0" : cbits);
+ cbits == NULL ? "0" : cbits
+# if DANE
+ , LOG_DANE_FP ? ", pubkey_fp=" : ""
+ , LOG_DANE_FP ? dane_vrfy_ctx->dane_vrfy_fp : ""
+# else
+ , "", ""
+# endif
+ );
if (LogLevel > 11)
{
/*
** Maybe run xuntextify on the strings?
** That is easier to read but makes it maybe a bit
** more complicated to figure out the right values
** for the access map...
*/
s1 = macget(mac, macid("{cert_subject}"));
s2 = macget(mac, macid("{cert_issuer}"));
sm_syslog(LOG_INFO, NOQID,
"STARTTLS=%s, cert-subject=%.256s, cert-issuer=%.256s, verifymsg=%s",
who, s1, s2,
X509_verify_cert_error_string(verifyok));
}
}
return r;
}
+
/*
** ENDTLS -- shutdown secure connection
**
** Parameters:
-** ssl -- SSL connection information.
-** side -- server/client (for logging).
+** pssl -- pointer to TLS session context
+** who -- server/client (for logging).
**
** Returns:
** success? (EX_* code)
*/
int
-endtls(ssl, side)
- SSL *ssl;
- char *side;
+endtls(pssl, who)
+ SSL **pssl;
+ const char *who;
{
- int ret = EX_OK;
+ SSL *ssl;
+ int ret, r;
- if (ssl != NULL)
- {
- int r;
+ SM_REQUIRE(pssl != NULL);
+ ret = EX_OK;
+ ssl = *pssl;
+ if (ssl == NULL)
+ return ret;
- if ((r = SSL_shutdown(ssl)) < 0)
+ if ((r = SSL_shutdown(ssl)) < 0)
+ {
+ if (LogLevel > 11)
{
- if (LogLevel > 11)
- {
- sm_syslog(LOG_WARNING, NOQID,
- "STARTTLS=%s, SSL_shutdown failed: %d",
- side, r);
- tlslogerr(LOG_WARNING, side);
- }
- ret = EX_SOFTWARE;
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, SSL_shutdown failed: %d",
+ who, r);
+ tlslogerr(LOG_WARNING, 11, who);
}
-# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL
+ ret = EX_SOFTWARE;
+ }
- /*
- ** Bug in OpenSSL (at least up to 0.9.6b):
- ** From: Lutz.Jaenicke@aet.TU-Cottbus.DE
- ** Message-ID: <20010723152244.A13122@serv01.aet.tu-cottbus.de>
- ** To: openssl-users@openssl.org
- ** Subject: Re: SSL_shutdown() woes (fwd)
- **
- ** The side sending the shutdown alert first will
- ** not care about the answer of the peer but will
- ** immediately return with a return value of "0"
- ** (ssl/s3_lib.c:ssl3_shutdown()). SSL_get_error will evaluate
- ** the value of "0" and as the shutdown alert of the peer was
- ** not received (actually, the program did not even wait for
- ** the answer), an SSL_ERROR_SYSCALL is flagged, because this
- ** is the default rule in case everything else does not apply.
- **
- ** For your server the problem is different, because it
- ** receives the shutdown first (setting SSL_RECEIVED_SHUTDOWN),
- ** then sends its response (SSL_SENT_SHUTDOWN), so for the
- ** server the shutdown was successfull.
- **
- ** As is by know, you would have to call SSL_shutdown() once
- ** and ignore an SSL_ERROR_SYSCALL returned. Then call
- ** SSL_shutdown() again to actually get the server's response.
- **
- ** In the last discussion, Bodo Moeller concluded that a
- ** rewrite of the shutdown code would be necessary, but
- ** probably with another API, as the change would not be
- ** compatible to the way it is now. Things do not become
- ** easier as other programs do not follow the shutdown
- ** guidelines anyway, so that a lot error conditions and
- ** compitibility issues would have to be caught.
- **
- ** For now the recommondation is to ignore the error message.
- */
+ /*
+ ** Bug in OpenSSL (at least up to 0.9.6b):
+ ** From: Lutz.Jaenicke@aet.TU-Cottbus.DE
+ ** Message-ID: <20010723152244.A13122@serv01.aet.tu-cottbus.de>
+ ** To: openssl-users@openssl.org
+ ** Subject: Re: SSL_shutdown() woes (fwd)
+ **
+ ** The side sending the shutdown alert first will
+ ** not care about the answer of the peer but will
+ ** immediately return with a return value of "0"
+ ** (ssl/s3_lib.c:ssl3_shutdown()). SSL_get_error will evaluate
+ ** the value of "0" and as the shutdown alert of the peer was
+ ** not received (actually, the program did not even wait for
+ ** the answer), an SSL_ERROR_SYSCALL is flagged, because this
+ ** is the default rule in case everything else does not apply.
+ **
+ ** For your server the problem is different, because it
+ ** receives the shutdown first (setting SSL_RECEIVED_SHUTDOWN),
+ ** then sends its response (SSL_SENT_SHUTDOWN), so for the
+ ** server the shutdown was successful.
+ **
+ ** As is by know, you would have to call SSL_shutdown() once
+ ** and ignore an SSL_ERROR_SYSCALL returned. Then call
+ ** SSL_shutdown() again to actually get the server's response.
+ **
+ ** In the last discussion, Bodo Moeller concluded that a
+ ** rewrite of the shutdown code would be necessary, but
+ ** probably with another API, as the change would not be
+ ** compatible to the way it is now. Things do not become
+ ** easier as other programs do not follow the shutdown
+ ** guidelines anyway, so that a lot error conditions and
+ ** compitibility issues would have to be caught.
+ **
+ ** For now the recommondation is to ignore the error message.
+ */
- else if (r == 0)
+ else if (r == 0)
+ {
+ if (LogLevel > 15)
{
- if (LogLevel > 15)
- {
- sm_syslog(LOG_WARNING, NOQID,
- "STARTTLS=%s, SSL_shutdown not done",
- side);
- tlslogerr(LOG_WARNING, side);
- }
- ret = EX_SOFTWARE;
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, SSL_shutdown not done",
+ who);
+ tlslogerr(LOG_WARNING, 15, who);
}
-# endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */
- SSL_free(ssl);
- ssl = NULL;
+ ret = EX_SOFTWARE;
}
+ SM_SSL_FREE(*pssl);
return ret;
}
-# if !TLS_NO_RSA
+# if !TLS_NO_RSA && MTA_RSA_TMP_CB
/*
** TMP_RSA_KEY -- return temporary RSA key
**
** Parameters:
-** s -- TLS connection structure
+** ssl -- TLS session context
** export --
** keylength --
**
** Returns:
** temporary RSA key.
*/
-# ifndef MAX_RSA_TMP_CNT
-# define MAX_RSA_TMP_CNT 1000 /* XXX better value? */
-# endif /* ! MAX_RSA_TMP_CNT */
+# ifndef MAX_RSA_TMP_CNT
+# define MAX_RSA_TMP_CNT 1000 /* XXX better value? */
+# endif
/* ARGUSED0 */
static RSA *
tmp_rsa_key(s, export, keylength)
SSL *s;
int export;
int keylength;
{
-# if SM_CONF_SHM
+# if SM_CONF_SHM
extern int ShmId;
extern int *PRSATmpCnt;
if (ShmId != SM_SHM_NO_ID && rsa_tmp != NULL &&
++(*PRSATmpCnt) < MAX_RSA_TMP_CNT)
return rsa_tmp;
-# endif /* SM_CONF_SHM */
+# endif /* SM_CONF_SHM */
if (rsa_tmp != NULL)
RSA_free(rsa_tmp);
rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
if (rsa_tmp == NULL)
{
if (LogLevel > 0)
sm_syslog(LOG_ERR, NOQID,
"STARTTLS=server, tmp_rsa_key: RSA_generate_key failed!");
}
else
{
-# if SM_CONF_SHM
-# if 0
+# if SM_CONF_SHM
+# if 0
/*
** XXX we can't (yet) share the new key...
** The RSA structure contains pointers hence it can't be
** easily kept in shared memory. It must be transformed
- ** into a continous memory region first, then stored,
+ ** into a continuous memory region first, then stored,
** and later read out again (each time re-transformed).
*/
if (ShmId != SM_SHM_NO_ID)
*PRSATmpCnt = 0;
-# endif /* 0 */
-# endif /* SM_CONF_SHM */
+# endif /* 0 */
+# endif /* SM_CONF_SHM */
if (LogLevel > 9)
sm_syslog(LOG_ERR, NOQID,
"STARTTLS=server, tmp_rsa_key: new temp RSA key");
}
return rsa_tmp;
}
-# endif /* !TLS_NO_RSA */
+# endif /* !TLS_NO_RSA && MTA_RSA_TMP_CB */
+
/*
** APPS_SSL_INFO_CB -- info callback for TLS connections
**
** Parameters:
-** s -- TLS connection structure
+** ssl -- TLS session context
** where -- state in handshake
** ret -- return code of last operation
**
** Returns:
** none.
*/
static void
-apps_ssl_info_cb(s, where, ret)
- CONST097 SSL *s;
+apps_ssl_info_cb(ssl, where, ret)
+ const SSL *ssl;
int where;
int ret;
{
int w;
char *str;
BIO *bio_err = NULL;
if (LogLevel > 14)
sm_syslog(LOG_INFO, NOQID,
"STARTTLS: info_callback where=0x%x, ret=%d",
where, ret);
w = where & ~SSL_ST_MASK;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (bitset(SSL_ST_CONNECT, w))
str = "SSL_connect";
else if (bitset(SSL_ST_ACCEPT, w))
str = "SSL_accept";
else
str = "undefined";
if (bitset(SSL_CB_LOOP, where))
{
if (LogLevel > 12)
sm_syslog(LOG_NOTICE, NOQID,
"STARTTLS: %s:%s",
- str, SSL_state_string_long(s));
+ str, SSL_state_string_long(ssl));
}
else if (bitset(SSL_CB_ALERT, where))
{
str = bitset(SSL_CB_READ, where) ? "read" : "write";
if (LogLevel > 12)
sm_syslog(LOG_NOTICE, NOQID,
"STARTTLS: SSL3 alert %s:%s:%s",
str, SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret));
}
else if (bitset(SSL_CB_EXIT, where))
{
if (ret == 0)
{
if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: %s:failed in %s",
- str, SSL_state_string_long(s));
+ str, SSL_state_string_long(ssl));
}
else if (ret < 0)
{
if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: %s:error in %s",
- str, SSL_state_string_long(s));
+ str, SSL_state_string_long(ssl));
}
}
}
+
/*
** TLS_VERIFY_LOG -- log verify error for TLS certificates
**
** Parameters:
** ok -- verify ok?
-** ctx -- x509 context
+** ctx -- X509 context
** name -- from where is this called?
**
** Returns:
** 1 -- ok
*/
static int
tls_verify_log(ok, ctx, name)
int ok;
X509_STORE_CTX *ctx;
const char *name;
{
X509 *cert;
int reason, depth;
char buf[512];
cert = X509_STORE_CTX_get_current_cert(ctx);
reason = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
sm_syslog(LOG_INFO, NOQID,
"STARTTLS: %s cert verify: depth=%d %s, state=%d, reason=%s",
name, depth, buf, ok, X509_verify_cert_error_string(reason));
return 1;
}
+/*
+** Declaration and access to tlsi_ctx in callbacks.
+** Currently only used in one of them.
+*/
+
+#define SM_DECTLSI \
+ tlsi_ctx_T *tlsi_ctx; \
+ SSL *ssl
+#define SM_GETTLSI \
+ do { \
+ tlsi_ctx = NULL; \
+ if (TLSsslidx >= 0) \
+ { \
+ ssl = (SSL *) X509_STORE_CTX_get_ex_data(ctx, \
+ SSL_get_ex_data_X509_STORE_CTX_idx()); \
+ if (ssl != NULL) \
+ tlsi_ctx = (tlsi_ctx_P) SSL_get_ex_data(ssl, TLSsslidx); \
+ } \
+ } \
+ while (0)
+
+
+# if DANE
+
+/*
+** DANE_GET_TLSA -- Retrieve TLSA RR for DANE
+**
+** Parameters:
+** dane -- dane verify context
+**
+** Returns:
+** dane_tlsa if TLSA RR is available
+** NULL otherwise
+*/
+
+dane_tlsa_P
+dane_get_tlsa(dane_vrfy_ctx)
+ dane_vrfy_ctx_P dane_vrfy_ctx;
+{
+ STAB *s;
+ dane_tlsa_P dane_tlsa;
+
+ dane_tlsa = NULL;
+ if (NULL == dane_vrfy_ctx)
+ return NULL;
+ if (dane_vrfy_ctx->dane_vrfy_chk == DANE_NEVER ||
+ dane_vrfy_ctx->dane_vrfy_host == NULL)
+ return NULL;
+
+ GETTLSANOX(dane_vrfy_ctx->dane_vrfy_host, &s,
+ dane_vrfy_ctx->dane_vrfy_port);
+ if (NULL == s)
+ goto notfound;
+ dane_tlsa = s->s_tlsa;
+ if (NULL == dane_tlsa)
+ goto notfound;
+ if (0 == dane_tlsa->dane_tlsa_n)
+ goto notfound;
+ if (tTd(96, 4))
+ sm_dprintf("dane_get_tlsa, chk=%d, host=%s, n=%d, stat=entry found\n",
+ dane_vrfy_ctx->dane_vrfy_chk,
+ dane_vrfy_ctx->dane_vrfy_host, dane_tlsa->dane_tlsa_n);
+ return dane_tlsa;
+
+ notfound:
+ if (tTd(96, 4))
+ sm_dprintf("dane_get_tlsa, chk=%d, host=%s, stat=no valid entry found\n",
+ dane_vrfy_ctx->dane_vrfy_chk,
+ dane_vrfy_ctx->dane_vrfy_host);
+ return NULL;
+}
+
+/*
+** DANE_VERIFY -- verify callback for TLS certificates
+**
+** Parameters:
+** ctx -- X509 context
+** dane_vrfy_ctx -- callback context
+**
+** Returns:
+** DANE_VRFY_{OK,NONE,FAIL}
+*/
+
+/* NOTE: this only works because the "matching type" is 0, 1, 2 for these! */
+static const char *dane_mdalgs[] = { "", "sha256", "sha512" };
+
+static int
+dane_verify(ctx, dane_vrfy_ctx)
+ X509_STORE_CTX *ctx;
+ dane_vrfy_ctx_P dane_vrfy_ctx;
+{
+ int r, i, ok, mdalg;
+ X509 *cert;
+ dane_tlsa_P dane_tlsa;
+ char *fp;
+
+ dane_tlsa = dane_get_tlsa(dane_vrfy_ctx);
+ if (dane_tlsa == NULL)
+ return DANE_VRFY_NONE;
+
+ dane_vrfy_ctx->dane_vrfy_fp[0] = '\0';
+ cert = X509_STORE_CTX_get0_cert(ctx);
+ if (tTd(96, 8))
+ sm_dprintf("dane_verify, cert=%p\n", (void *)cert);
+ if (cert == NULL)
+ return DANE_VRFY_FAIL;
+
+ ok = DANE_VRFY_NONE;
+ fp = NULL;
+
+ /*
+ ** If the TLSA RRs would be sorted the two loops below could
+ ** be merged into one and simply change mdalg when it changes
+ ** in dane_tlsa->dane_tlsa_rr.
+ */
+
+ /* use a different order? */
+ for (mdalg = 0; mdalg < SM_ARRAY_SIZE(dane_mdalgs); mdalg++)
+ {
+ SM_FREE(fp);
+ r = 0;
+ for (i = 0; i < dane_tlsa->dane_tlsa_n; i++)
+ {
+ char *p;
+ int alg;
+
+ p = dane_tlsa->dane_tlsa_rr[i];
+
+ /* ignore bogus/unsupported TLSA RRs */
+ alg = dane_tlsa_chk(p, dane_tlsa->dane_tlsa_len[i],
+ dane_vrfy_ctx->dane_vrfy_host, false);
+ if (tTd(96, 8))
+ sm_dprintf("dane_verify, alg=%d, mdalg=%d\n",
+ alg, mdalg);
+ if (alg != mdalg)
+ continue;
+
+ if (NULL == fp)
+ {
+ r = pubkey_fp(cert, dane_mdalgs[mdalg], &fp);
+ if (NULL == fp)
+ return DANE_VRFY_FAIL;
+ /* or continue? */
+ }
+
+ /* just for logging */
+ if (r > 0 && fp != NULL)
+ {
+ (void) data2hex((unsigned char *)fp, r,
+ (unsigned char *)dane_vrfy_ctx->dane_vrfy_fp,
+ sizeof(dane_vrfy_ctx->dane_vrfy_fp));
+ }
+
+ if (tTd(96, 4))
+ sm_dprintf("dane_verify, alg=%d, r=%d, len=%d\n",
+ alg, r, dane_tlsa->dane_tlsa_len[i]);
+ if (r != dane_tlsa->dane_tlsa_len[i] - 3)
+ continue;
+ ok = DANE_VRFY_FAIL;
+
+ /*
+ ** Note: Type is NOT checked because only 3-1-x
+ ** is supported.
+ */
+
+ if (memcmp(p + 3, fp, r) == 0)
+ {
+ if (tTd(96, 2))
+ sm_dprintf("dane_verify, status=match\n");
+ if (tTd(96, 8))
+ {
+ unsigned char hex[256];
+
+ data2hex((unsigned char *)p,
+ dane_tlsa->dane_tlsa_len[i],
+ hex, sizeof(hex));
+ sm_dprintf("dane_verify, pubkey_fp=%s\n"
+ , hex);
+ }
+ dane_vrfy_ctx->dane_vrfy_res = DANE_VRFY_OK;
+ SM_FREE(fp);
+ return DANE_VRFY_OK;
+ }
+ }
+ }
+
+ SM_FREE(fp);
+ dane_vrfy_ctx->dane_vrfy_res = ok;
+ return ok;
+}
+# endif /* DANE */
+
/*
** TLS_VERIFY_CB -- verify callback for TLS certificates
**
** Parameters:
-** ctx -- x509 context
+** ctx -- X509 context
+** cb_ctx -- callback context
**
** Returns:
** accept connection?
** currently: always yes.
*/
static int
-# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L
-tls_verify_cb(ctx)
+tls_verify_cb(ctx, cb_ctx)
X509_STORE_CTX *ctx;
-# else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
-tls_verify_cb(ctx, unused)
- X509_STORE_CTX *ctx;
- void *unused;
-# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
+ void *cb_ctx;
{
int ok;
+# if DANE
+ SM_DECTLSI;
+# endif
/*
- ** man SSL_CTX_set_cert_verify_callback():
+ ** SSL_CTX_set_cert_verify_callback(3):
** callback should return 1 to indicate verification success
** and 0 to indicate verification failure.
*/
+# if DANE
+ SM_GETTLSI;
+ if (tlsi_ctx != NULL)
+ {
+ dane_vrfy_ctx_P dane_vrfy_ctx;
+
+ dane_vrfy_ctx = &(tlsi_ctx->tlsi_dvc);
+ ok = dane_verify(ctx, dane_vrfy_ctx);
+ if (tTd(96, 2))
+ sm_dprintf("dane_verify=%d, res=%d\n", ok,
+ dane_vrfy_ctx->dane_vrfy_res);
+ if (ok != DANE_VRFY_NONE)
+ return 1;
+ }
+# endif /* DANE */
+
ok = X509_verify_cert(ctx);
if (ok <= 0)
{
if (LogLevel > 13)
return tls_verify_log(ok, ctx, "TLS");
}
+ else if (LogLevel > 14)
+ (void) tls_verify_log(ok, ctx, "TLS");
return 1;
}
+
/*
** TLSLOGERR -- log the errors from the TLS error stack
**
** Parameters:
-** level -- syslog level
+** priority -- syslog priority
+** ll -- loglevel
** who -- server/client (for logging).
**
** Returns:
** none.
*/
void
-tlslogerr(level, who)
- int level;
+tlslogerr(priority, ll, who)
+ int priority;
+ int ll;
const char *who;
{
unsigned long l;
int line, flags;
- unsigned long es;
char *file, *data;
char buf[256];
- es = CRYPTO_thread_id();
+ if (LogLevel <= ll)
+ return;
while ((l = ERR_get_error_line_data((const char **) &file, &line,
(const char **) &data, &flags))
!= 0)
{
- sm_syslog(level, NOQID,
- "STARTTLS=%s: %lu:%s:%s:%d:%s", who, es,
+ sm_syslog(priority, NOQID,
+ "STARTTLS=%s: %s:%s:%d:%s", who,
ERR_error_string(l, buf),
file, line,
bitset(ERR_TXT_STRING, flags) ? data : "");
}
}
-# if OPENSSL_VERSION_NUMBER > 0x00907000L
/*
** X509_VERIFY_CB -- verify callback
**
** Parameters:
-** ctx -- x509 context
+** ok -- current result
+** ctx -- X509 context
**
** Returns:
** accept connection?
** currently: always yes.
*/
static int
x509_verify_cb(ok, ctx)
int ok;
X509_STORE_CTX *ctx;
{
- if (ok == 0)
+ SM_DECTLSI;
+
+ if (ok != 0)
+ return ok;
+
+ SM_GETTLSI;
+ if (LogLevel > 13)
+ tls_verify_log(ok, ctx, "X509");
+ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL &&
+ !SM_TLSI_IS(tlsi_ctx, TLSI_FL_CRLREQ))
{
- if (LogLevel > 13)
- tls_verify_log(ok, ctx, "x509");
- if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
+ X509_STORE_CTX_set_error(ctx, 0);
+ return 1; /* override it */
+ }
+ return ok;
+}
+
+# if !USE_OPENSSL_ENGINE
+/*
+** TLS_SET_ENGINE -- set up ENGINE if needed
+**
+** Parameters:
+** id -- id for ENGINE
+** isprefork -- called before fork()?
+**
+** Returns: (OpenSSL "semantics", reverse it to allow returning error codes)
+** 0: failure
+** !=0: ok
+*/
+
+int
+TLS_set_engine(id, isprefork)
+ const char *id;
+ bool isprefork;
+{
+ static bool TLSEngineInitialized = false;
+ ENGINE *e;
+ char enginepath[MAXPATHLEN];
+
+ /*
+ ** Todo: put error for logging into a string and log it in error:
+ */
+
+ if (LogLevel > 13)
+ sm_syslog(LOG_DEBUG, NOQID,
+ "engine=%s, path=%s, ispre=%d, pre=%d, initialized=%d",
+ id, SSLEnginePath, isprefork, SSLEngineprefork,
+ TLSEngineInitialized);
+ if (TLSEngineInitialized)
+ return 1;
+ if (id == NULL || *id == '\0')
+ return 1;
+
+ /* is this the "right time" to initialize the engine? */
+ if (isprefork != SSLEngineprefork)
+ return 1;
+
+ e = NULL;
+ ENGINE_load_builtin_engines();
+
+ if (SSLEnginePath != NULL && *SSLEnginePath != '\0')
+ {
+ if ((e = ENGINE_by_id("dynamic")) == NULL)
+ {
+ if (LogLevel > 1)
+ sm_syslog(LOG_ERR, NOQID,
+ "engine=%s, by_id=failed", "dynamic");
+ goto error;
+ }
+ (void) sm_snprintf(enginepath, sizeof(enginepath),
+ "%s/lib%s.so", SSLEnginePath, id);
+
+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", enginepath, 0))
+ {
+ if (LogLevel > 1)
+ sm_syslog(LOG_ERR, NOQID,
+ "engine=%s, SO_PATH=%s, status=failed",
+ id, enginepath);
+ goto error;
+ }
+
+ if (!ENGINE_ctrl_cmd_string(e, "ID", id, 0))
+ {
+ if (LogLevel > 1)
+ sm_syslog(LOG_ERR, NOQID,
+ "engine=%s, ID=failed", id);
+ goto error;
+ }
+
+ if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
{
- ctx->error = 0;
- return 1; /* override it */
+ if (LogLevel > 1)
+ sm_syslog(LOG_ERR, NOQID,
+ "engine=%s, LOAD=failed", id);
+ goto error;
}
}
- return ok;
+ else if ((e = ENGINE_by_id(id)) == NULL)
+ {
+ if (LogLevel > 1)
+ sm_syslog(LOG_ERR, NOQID, "engine=%s, by_id=failed",
+ id);
+ return 0;
+ }
+
+ if (!ENGINE_init(e))
+ {
+ if (LogLevel > 1)
+ sm_syslog(LOG_ERR, NOQID, "engine=%s, init=failed", id);
+ goto error;
+ }
+ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ if (LogLevel > 1)
+ sm_syslog(LOG_ERR, NOQID,
+ "engine=%s, set_default=failed", id);
+ goto error;
+ }
+# ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
+ if (strcmp(id, "chil") == 0)
+ ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+# endif
+
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ if (LogLevel > 10)
+ sm_syslog(LOG_INFO, NOQID, "engine=%s, loaded=ok", id);
+ TLSEngineInitialized = true;
+ return 1;
+
+ error:
+ tlslogerr(LOG_WARNING, 7, "init");
+ if (e != NULL)
+ ENGINE_free(e);
+ return 0;
}
-# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
+# endif /* !USE_OPENSSL_ENGINE */
#endif /* STARTTLS */
diff --git a/src/tls.h b/src/tls.h
new file mode 100644
index 000000000000..0e03b81933a9
--- /dev/null
+++ b/src/tls.h
@@ -0,0 +1,237 @@
+/*
+ * Copyright (c) 2015 Proofpoint, Inc. and its suppliers.
+ * All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ */
+
+
+#ifndef _TLS_H
+# define _TLS_H 1
+
+
+#if STARTTLS
+# include <openssl/ssl.h>
+# if !TLS_NO_RSA
+# if _FFR_FIPSMODE
+# define RSA_KEYLENGTH 1024
+# else
+# define RSA_KEYLENGTH 512
+# endif
+# endif /* !TLS_NO_RSA */
+
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x20000000L
+# define TLS_version_num OpenSSL_version_num
+# else
+# define TLS_version_num SSLeay
+# endif
+
+#ifdef _DEFINE
+# define EXTERN
+#else
+# define EXTERN extern
+#endif
+
+#if _FFR_TLS_EC && !defined(TLS_EC)
+# define TLS_EC _FFR_TLS_EC
+#endif
+
+#if DANE
+extern int gettlsa __P((char *, char *, STAB **, unsigned long, unsigned int, unsigned int));
+# define MAX_TLSA_RR 8
+
+# define DANE_VRFY_NONE 0 /* no TLSAs */
+# define DANE_VRFY_OK 1 /* TLSA check was ok */
+# define DANE_VRFY_FAIL (-1) /* TLSA check failed */
+
+/* return values for dane_tlsa_chk() */
+# define TLSA_BOGUS (-10)
+# define TLSA_UNSUPP (-1)
+/* note: anything >= 0 is ok and refers to the hash algorithm */
+# define TLSA_IS_KNOWN(r) ((r) >= 0)
+# define TLSA_IS_VALID(r) ((r) >= TLSA_UNSUPP)
+
+struct dane_tlsa_S
+{
+ time_t dane_tlsa_exp;
+ int dane_tlsa_n;
+ int dane_tlsa_dnsrc;
+ unsigned long dane_tlsa_flags;
+ unsigned char dane_tlsa_usage[MAX_TLSA_RR];
+ unsigned char dane_tlsa_selector[MAX_TLSA_RR];
+ unsigned char dane_tlsa_digest[MAX_TLSA_RR];
+ void *dane_tlsa_rr[MAX_TLSA_RR];
+ int dane_tlsa_len[MAX_TLSA_RR];
+ char *dane_tlsa_sni;
+};
+
+# define TLSAFLNONE 0x00000000 /* currently unused */
+/* Dane Mode */
+# define TLSAFLALWAYS 0x00000001
+# define TLSAFLSECURE 0x00000002
+# define DANEMODE(fl) ((fl) & 0x3)
+# define TLSAFLNOEXP 0x00000010 /* do not check expiration */
+
+# define TLSAFLADMX 0x00000100
+# define TLSAFLADTLSA 0x00000200 /* currently unused */
+
+/* could be used to replace DNSRC */
+# define TLSAFLTEMP 0x00001000
+/* no TLSA? -- _n == 0 */
+# define TLSAFLNOTLSA 0x00002000 /* currently unused */
+
+/*
+** Do not use this record, and do not look up new TLSA RRs because
+** the MX/host lookup was not secure.
+** XXX: to determine: interaction with DANE=always
+*/
+
+# define TLSAFLNOADMX 0x00010000
+# define TLSAFLNOADTLSA 0x00020000 /* TLSA: no AD - for DANE=always? */
+
+# define TLSA_SET_FL(dane_tlsa, fl) (dane_tlsa)->dane_tlsa_flags |= (fl)
+# define TLSA_CLR_FL(dane_tlsa, fl) (dane_tlsa)->dane_tlsa_flags &= ~(fl)
+# define TLSA_IS_FL(dane_tlsa, fl) ((dane_tlsa)->dane_tlsa_flags & (fl))
+# define TLSA_STORE_FL(fl) ((fl) >= TLSAFLTEMP)
+
+# define GETTLSA(host, pste, port) gettlsa(host, NULL, pste, TLSAFLNONE, 0, port)
+# define GETTLSANOX(host, pste, port) gettlsa(host, NULL, pste, TLSAFLNOEXP, 0, port)
+
+/* values for DANE option and dane_vrfy_chk */
+# define DANE_NEVER TLSAFLNONE
+# define DANE_ALWAYS TLSAFLALWAYS /* NOT documented, testing... */
+# define DANE_SECURE TLSAFLSECURE
+# define CHK_DANE(dane) ((dane) != DANE_NEVER)
+
+/* temp fails? others? */
+# define TLSA_RR_TEMPFAIL(dane_tlsa) (((dane_tlsa) != NULL) && (dane_tlsa)->dane_tlsa_dnsrc == TRY_AGAIN)
+
+#endif /* DANE */
+
+/*
+** TLS
+*/
+
+/* what to do in the TLS initialization */
+#define TLS_I_NONE 0x00000000 /* no requirements... */
+#define TLS_I_CERT_EX 0x00000001 /* cert must exist */
+#define TLS_I_CERT_UNR 0x00000002 /* cert must be g/o unreadable */
+#define TLS_I_KEY_EX 0x00000004 /* key must exist */
+#define TLS_I_KEY_UNR 0x00000008 /* key must be g/o unreadable */
+#define TLS_I_CERTP_EX 0x00000010 /* CA cert path must exist */
+#define TLS_I_CERTP_UNR 0x00000020 /* CA cert path must be g/o unreadable */
+#define TLS_I_CERTF_EX 0x00000040 /* CA cert file must exist */
+#define TLS_I_CERTF_UNR 0x00000080 /* CA cert file must be g/o unreadable */
+#define TLS_I_RSA_TMP 0x00000100 /* RSA TMP must be generated */
+#define TLS_I_USE_KEY 0x00000200 /* private key must usable */
+#define TLS_I_USE_CERT 0x00000400 /* certificate must be usable */
+#define TLS_I_VRFY_PATH 0x00000800 /* load verify path must succeed */
+#define TLS_I_VRFY_LOC 0x00001000 /* load verify default must succeed */
+#define TLS_I_CACHE 0x00002000 /* require cache */
+#define TLS_I_TRY_DH 0x00004000 /* try DH certificate */
+#define TLS_I_REQ_DH 0x00008000 /* require DH certificate */
+#define TLS_I_DHPAR_EX 0x00010000 /* require DH parameters */
+#define TLS_I_DHPAR_UNR 0x00020000 /* DH param. must be g/o unreadable */
+#define TLS_I_DH512 0x00040000 /* generate 512bit DH param */
+#define TLS_I_DH1024 0x00080000 /* generate 1024bit DH param */
+#define TLS_I_DH2048 0x00100000 /* generate 2048bit DH param */
+#define TLS_I_NO_VRFY 0x00200000 /* do not require authentication */
+#define TLS_I_KEY_OUNR 0x00400000 /* Key must be other unreadable */
+#define TLS_I_CRLF_EX 0x00800000 /* CRL file must exist */
+#define TLS_I_CRLF_UNR 0x01000000 /* CRL file must be g/o unreadable */
+#define TLS_I_DHFIXED 0x02000000 /* use fixed DH param */
+
+/* require server cert */
+#define TLS_I_SRV_CERT (TLS_I_CERT_EX | TLS_I_KEY_EX | \
+ TLS_I_KEY_UNR | TLS_I_KEY_OUNR | \
+ TLS_I_CERTP_EX | TLS_I_CERTF_EX | \
+ TLS_I_USE_KEY | TLS_I_USE_CERT | TLS_I_CACHE)
+
+/* server requirements */
+#define TLS_I_SRV (TLS_I_SRV_CERT | TLS_I_RSA_TMP | TLS_I_VRFY_PATH | \
+ TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_CACHE)
+
+/* client requirements */
+#define TLS_I_CLT (TLS_I_KEY_UNR | TLS_I_KEY_OUNR)
+
+#define TLS_AUTH_OK 0
+#define TLS_AUTH_NO 1
+#define TLS_AUTH_FAIL (-1)
+
+# ifndef TLS_VRFY_PER_CTX
+# define TLS_VRFY_PER_CTX 1
+# endif
+
+#define SM_SSL_FREE(ssl) \
+ do { \
+ if (ssl != NULL) \
+ { \
+ SSL_free(ssl); \
+ ssl = NULL; \
+ } \
+ } while (0)
+
+/* functions */
+extern int endtls __P((SSL **, const char *));
+extern int get_tls_se_options __P((ENVELOPE *, SSL *, tlsi_ctx_T *, bool));
+extern int init_tls_library __P((bool _fipsmode));
+extern bool inittls __P((SSL_CTX **, unsigned long, unsigned long, bool, char *, char *, char *, char *, char *));
+extern bool initclttls __P((bool));
+extern bool initsrvtls __P((bool));
+extern bool load_certkey __P((SSL *, bool, char *, char *));
+/* extern bool load_crlpath __P((SSL_CTX *, bool , char *)); */
+extern void setclttls __P((bool));
+extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool));
+extern void tlslogerr __P((int, int, const char *));
+extern void tls_set_verify __P((SSL_CTX *, SSL *, bool));
+# if DANE
+extern int dane_tlsa_chk __P((const char *, int, const char *, bool));
+extern int dane_tlsa_clr __P((dane_tlsa_P));
+extern int dane_tlsa_free __P((dane_tlsa_P));
+# endif
+
+EXTERN char *CACertPath; /* path to CA certificates (dir. with hashes) */
+EXTERN char *CACertFile; /* file with CA certificate */
+#if _FFR_CLIENTCA
+EXTERN char *CltCACertPath; /* path to CA certificates (dir. with hashes) */
+EXTERN char *CltCACertFile; /* file with CA certificate */
+#endif
+EXTERN char *CltCertFile; /* file with client certificate */
+EXTERN char *CltKeyFile; /* file with client private key */
+EXTERN char *CipherList; /* list of ciphers */
+EXTERN char *CertFingerprintAlgorithm; /* name of fingerprint alg */
+EXTERN const EVP_MD *EVP_digest; /* digest for cert fp */
+EXTERN char *DHParams; /* file with DH parameters */
+EXTERN char *RandFile; /* source of random data */
+EXTERN char *SrvCertFile; /* file with server certificate */
+EXTERN char *SrvKeyFile; /* file with server private key */
+EXTERN char *CRLFile; /* file CRLs */
+EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */
+EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */
+EXTERN unsigned long Srv_SSL_Options, Clt_SSL_Options; /* SSL options */
+EXTERN bool TLSFallbacktoClear;
+
+EXTERN char *SSLEngine;
+EXTERN char *SSLEnginePath;
+EXTERN bool SSLEngineprefork;
+
+# if USE_OPENSSL_ENGINE
+#define TLS_set_engine(id, prefork) SSL_set_engine(id)
+# else
+int TLS_set_engine __P((const char *, bool));
+# endif
+
+extern int set_tls_rd_tmo __P((int));
+extern int data2hex __P((unsigned char *, int, unsigned char *, int));
+# if DANE
+extern int pubkey_fp __P((X509 *, const char*, char **));
+extern dane_tlsa_P dane_get_tlsa __P((dane_vrfy_ctx_P));
+# endif
+
+#else /* STARTTLS */
+# define set_tls_rd_tmo(rd_tmo) 0
+#endif /* STARTTLS */
+#undef EXTERN
+#endif /* ! _TLS_H */
diff --git a/src/tlsh.c b/src/tlsh.c
new file mode 100644
index 000000000000..4b968268cca0
--- /dev/null
+++ b/src/tlsh.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright (c) 2015 Proofpoint, Inc. and its suppliers.
+ * All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ */
+
+#include <sendmail.h>
+
+SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11-27 02:51:11 gshapiro Exp $")
+
+#if STARTTLS
+# include <tls.h>
+
+/*
+** DATA2HEX -- create a printable hex string from binary data ("%02X:")
+**
+** Parameters:
+** buf -- data
+** len -- length of data
+** hex -- output buffer
+** hlen -- length of output buffer
+**
+** Returns:
+** <0: errno
+** >0: length of data in hex
+*/
+
+int
+data2hex(buf, blen, hex, hlen)
+ unsigned char *buf;
+ int blen;
+ unsigned char *hex;
+ int hlen;
+{
+ int r, h;
+ static const char hexcodes[] = "0123456789ABCDEF";
+
+ SM_REQUIRE(buf != NULL);
+ SM_REQUIRE(hex != NULL);
+ if (blen * 3 + 2 > hlen)
+ return -ERANGE;
+
+ for (r = 0, h = 0; r < blen && h + 3 < hlen; r++)
+ {
+ hex[h++] = hexcodes[(buf[r] & 0xf0) >> 4];
+ hex[h++] = hexcodes[(buf[r] & 0x0f)];
+ if (r + 1 < blen)
+ hex[h++] = ':';
+ }
+ if (h >= hlen)
+ return -ERANGE;
+ hex[h] = '\0';
+ return h;
+}
+
+/*
+** TLS_DATA_MD -- calculate MD for data
+**
+** Parameters:
+** buf -- data (in and out!)
+** len -- length of data
+** md -- digest algorithm
+**
+** Returns:
+** <=0: cert fp calculation failed
+** >0: len of fp
+**
+** Side Effects:
+** writes digest to buf
+*/
+
+static int
+tls_data_md(buf, len, md)
+ unsigned char *buf;
+ int len;
+ const EVP_MD *md;
+{
+ unsigned int md_len;
+ EVP_MD_CTX *mdctx;
+ unsigned char md_buf[EVP_MAX_MD_SIZE];
+
+ SM_REQUIRE(buf != NULL);
+ SM_REQUIRE(md != NULL);
+ SM_REQUIRE(len >= EVP_MAX_MD_SIZE);
+
+ mdctx = EVP_MD_CTX_create();
+ if (EVP_DigestInit_ex(mdctx, md, NULL) != 1)
+ return -EINVAL;
+ if (EVP_DigestUpdate(mdctx, (void *)buf, len) != 1)
+ return -EINVAL;
+ if (EVP_DigestFinal_ex(mdctx, md_buf, &md_len) != 1)
+ return -EINVAL;
+ EVP_MD_CTX_destroy(mdctx);
+
+ if (md_len > len)
+ return -ERANGE;
+ (void) memcpy(buf, md_buf, md_len);
+ return (int)md_len;
+}
+
+#if DANE
+
+/*
+** PUBKEY_FP -- get public key fingerprint
+**
+** Parameters:
+** cert -- TLS cert
+** mdalg -- name of digest algorithm
+** fp -- (pointer to) fingerprint buffer
+**
+** Returns:
+** <=0: cert fp calculation failed
+** >0: len of fp
+*/
+
+int
+pubkey_fp(cert, mdalg, fp)
+ X509 *cert;
+ const char *mdalg;
+ char **fp;
+{
+ int len, r;
+ unsigned char *buf, *end;
+ const EVP_MD *md;
+
+ SM_ASSERT(cert != NULL);
+ SM_ASSERT(fp != NULL);
+ SM_ASSERT(mdalg != NULL);
+
+ len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
+
+ /* what's an acceptable upper limit? */
+ if (len <= 0 || len >= 8192)
+ return -EINVAL;
+ if (len < EVP_MAX_MD_SIZE)
+ len = EVP_MAX_MD_SIZE;
+ end = buf = sm_malloc(len);
+ if (NULL == buf)
+ return -ENOMEM;
+
+ if ('\0' == mdalg[0])
+ {
+ r = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &end);
+ if (r <= 0 || r != len)
+ return -EINVAL;
+ *fp = (char *)buf;
+ return len;
+ }
+
+ md = EVP_get_digestbyname(mdalg);
+ if (NULL == md)
+ return DANE_VRFY_FAIL;
+ len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &end);
+ r = tls_data_md(buf, len, md);
+ if (r < 0)
+ sm_free(buf);
+ else
+ *fp = (char *)buf;
+ return r;
+}
+
+/*
+** DANE_TLSA_CHK -- check whether a TLSA RR is ok to use
+**
+** Parameters:
+** rr -- RR
+** len -- length of RR
+** host -- name of host for RR (only for logging)
+** log -- whether to log problems
+**
+** Returns:
+** TLSA_*, see tls.h
+*/
+
+int
+dane_tlsa_chk(rr, len, host, log)
+ const char *rr;
+ int len;
+ const char *host;
+ bool log;
+{
+ int alg;
+
+ if (len < 4)
+ {
+ if (log && LogLevel > 8)
+ sm_syslog(LOG_WARNING, NOQID,
+ "TLSA=%s, len=%d, status=bogus",
+ host, len);
+ return TLSA_BOGUS;
+ }
+ SM_ASSERT(rr != NULL);
+
+ alg = (int)rr[2];
+ if ((int)rr[0] == 3 && (int)rr[1] == 1 && (alg >= 0 || alg <= 2))
+ return alg;
+ if (log && LogLevel > 9)
+ sm_syslog(LOG_NOTICE, NOQID,
+ "TLSA=%s, type=%d-%d-%d:%02x, status=unsupported",
+ host, (int)rr[0], (int)rr[1], (int)rr[2],
+ (int)rr[3]);
+ return TLSA_UNSUPP;
+}
+
+/*
+** DANE_TLSA_CLR -- clear data in a dane_tlsa structure (for use)
+**
+** Parameters:
+** dane_tlsa -- dane_tlsa to clear
+**
+** Returns:
+** 1 if NULL
+** 0 if ok
+*/
+
+int
+dane_tlsa_clr(dane_tlsa)
+ dane_tlsa_P dane_tlsa;
+{
+ int i;
+
+ if (dane_tlsa == NULL)
+ return 1;
+ for (i = 0; i < dane_tlsa->dane_tlsa_n; i++)
+ {
+ SM_FREE(dane_tlsa->dane_tlsa_rr[i]);
+ dane_tlsa->dane_tlsa_len[i] = 0;
+ }
+ SM_FREE(dane_tlsa->dane_tlsa_sni);
+ memset(dane_tlsa, '\0', sizeof(*dane_tlsa));
+ return 0;
+
+}
+
+/*
+** DANE_TLSA_FREE -- free a dane_tlsa structure
+**
+** Parameters:
+** dane_tlsa -- dane_tlsa to free
+**
+** Returns:
+** 0 if ok
+** 1 if NULL
+*/
+
+int
+dane_tlsa_free(dane_tlsa)
+ dane_tlsa_P dane_tlsa;
+{
+ if (dane_tlsa == NULL)
+ return 1;
+ dane_tlsa_clr(dane_tlsa);
+ SM_FREE(dane_tlsa);
+ return 0;
+
+}
+#endif /* DANE */
+
+#endif /* STARTTLS */
diff --git a/src/udb.c b/src/udb.c
index b2372b766169..00ee857ffe40 100644
--- a/src/udb.c
+++ b/src/udb.c
@@ -1,1314 +1,1319 @@
/*
* Copyright (c) 1998-2003, 2006 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
#include "map.h"
#if USERDB
SM_RCSID("@(#)$Id: udb.c,v 8.166 2013-11-22 20:51:57 ca Exp $ (with USERDB)")
-#else /* USERDB */
+#else
SM_RCSID("@(#)$Id: udb.c,v 8.166 2013-11-22 20:51:57 ca Exp $ (without USERDB)")
-#endif /* USERDB */
+#endif
#if USERDB
#include <sm/sendmail.h>
# if NEWDB
# include "sm/bdb.h"
# else /* NEWDB */
# define DBT struct _data_base_thang_
DBT
{
void *data; /* pointer to data */
size_t size; /* length of data */
};
# endif /* NEWDB */
/*
** UDB.C -- interface between sendmail and Berkeley User Data Base.
**
** This depends on the 4.4BSD db package.
*/
struct udbent
{
char *udb_spec; /* string version of spec */
int udb_type; /* type of entry */
pid_t udb_pid; /* PID of process which opened db */
char *udb_default; /* default host for outgoing mail */
union
{
# if NETINET || NETINET6
/* type UE_REMOTE -- do remote call for lookup */
struct
{
SOCKADDR _udb_addr; /* address */
int _udb_timeout; /* timeout */
} udb_remote;
# define udb_addr udb_u.udb_remote._udb_addr
# define udb_timeout udb_u.udb_remote._udb_timeout
# endif /* NETINET || NETINET6 */
/* type UE_FORWARD -- forward message to remote */
struct
{
char *_udb_fwdhost; /* name of forward host */
} udb_forward;
# define udb_fwdhost udb_u.udb_forward._udb_fwdhost
# if NEWDB
/* type UE_FETCH -- lookup in local database */
struct
{
char *_udb_dbname; /* pathname of database */
DB *_udb_dbp; /* open database ptr */
} udb_lookup;
# define udb_dbname udb_u.udb_lookup._udb_dbname
# define udb_dbp udb_u.udb_lookup._udb_dbp
# endif /* NEWDB */
} udb_u;
};
# define UDB_EOLIST 0 /* end of list */
# define UDB_SKIP 1 /* skip this entry */
# define UDB_REMOTE 2 /* look up in remote database */
# define UDB_DBFETCH 3 /* look up in local database */
# define UDB_FORWARD 4 /* forward to remote host */
# define UDB_HESIOD 5 /* look up via hesiod */
# define MAXUDBENT 10 /* maximum number of UDB entries */
struct udb_option
{
char *udbo_name;
char *udbo_val;
};
# if HESIOD
static int hes_udb_get __P((DBT *, DBT *));
-# endif /* HESIOD */
+# endif
static char *udbmatch __P((char *, char *, SM_RPOOL_T *));
static int _udbx_init __P((ENVELOPE *));
static int _udb_parsespec __P((char *, struct udb_option [], int));
/*
** UDBEXPAND -- look up user in database and expand
**
** Parameters:
** a -- address to expand.
** sendq -- pointer to head of sendq to put the expansions in.
** aliaslevel -- the current alias nesting depth.
** e -- the current envelope.
**
** Returns:
** EX_TEMPFAIL -- if something "odd" happened -- probably due
** to accessing a file on an NFS server that is down.
** EX_OK -- otherwise.
**
** Side Effects:
** Modifies sendq.
*/
static struct udbent UdbEnts[MAXUDBENT + 1];
static bool UdbInitialized = false;
int
udbexpand(a, sendq, aliaslevel, e)
register ADDRESS *a;
ADDRESS **sendq;
int aliaslevel;
register ENVELOPE *e;
{
int i;
DBT key;
DBT info;
bool breakout;
register struct udbent *up;
int keylen;
int naddrs;
char *user;
char keybuf[MAXUDBKEY];
memset(&key, '\0', sizeof(key));
memset(&info, '\0', sizeof(info));
if (tTd(28, 1))
sm_dprintf("udbexpand(%s)\n", a->q_paddr);
/* make certain we are supposed to send to this address */
if (!QS_IS_SENDABLE(a->q_state))
return EX_OK;
e->e_to = a->q_paddr;
/* on first call, locate the database */
if (!UdbInitialized)
{
if (_udbx_init(e) == EX_TEMPFAIL)
return EX_TEMPFAIL;
}
/* short circuit the process if no chance of a match */
if (UdbSpec == NULL || UdbSpec[0] == '\0')
return EX_OK;
/* extract user to do userdb matching on */
user = a->q_user;
/* short circuit name begins with '\\' since it can't possibly match */
/* (might want to treat this as unquoted instead) */
if (user[0] == '\\')
return EX_OK;
/* if name begins with a colon, it indicates our metadata */
if (user[0] == ':')
return EX_OK;
keylen = sm_strlcpyn(keybuf, sizeof(keybuf), 2, user, ":maildrop");
/* if name is too long, assume it won't match */
if (keylen >= sizeof(keybuf))
return EX_OK;
/* build actual database key */
breakout = false;
for (up = UdbEnts; !breakout; up++)
{
int usersize;
+# if NEWDB
int userleft;
+# endif
char userbuf[MEMCHUNKSIZE];
# if HESIOD && HES_GETMAILHOST
char pobuf[MAXNAME];
-# endif /* HESIOD && HES_GETMAILHOST */
+# endif
# if defined(NEWDB) && DB_VERSION_MAJOR > 1
DBC *dbc = NULL;
-# endif /* defined(NEWDB) && DB_VERSION_MAJOR > 1 */
+# endif
user = userbuf;
userbuf[0] = '\0';
usersize = sizeof(userbuf);
+# if NEWDB
userleft = sizeof(userbuf) - 1;
+# endif
/*
** Select action based on entry type.
**
** On dropping out of this switch, "class" should
** explain the type of the data, and "user" should
** contain the user information.
*/
switch (up->udb_type)
{
# if NEWDB
case UDB_DBFETCH:
key.data = keybuf;
key.size = keylen;
if (tTd(28, 80))
sm_dprintf("udbexpand: trying %s (%d) via db\n",
keybuf, keylen);
# if DB_VERSION_MAJOR < 2
i = (*up->udb_dbp->seq)(up->udb_dbp, &key, &info, R_CURSOR);
# else /* DB_VERSION_MAJOR < 2 */
i = 0;
if (dbc == NULL &&
# if DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6
(errno = (*up->udb_dbp->cursor)(up->udb_dbp,
NULL, &dbc, 0)) != 0)
# else /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */
(errno = (*up->udb_dbp->cursor)(up->udb_dbp,
NULL, &dbc)) != 0)
# endif /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */
i = -1;
if (i != 0 || dbc == NULL ||
(errno = dbc->c_get(dbc, &key,
&info, DB_SET)) != 0)
i = 1;
# endif /* DB_VERSION_MAJOR < 2 */
if (i > 0 || info.size <= 0)
{
if (tTd(28, 2))
sm_dprintf("udbexpand: no match on %s (%d)\n",
keybuf, keylen);
# if DB_VERSION_MAJOR > 1
if (dbc != NULL)
{
(void) dbc->c_close(dbc);
dbc = NULL;
}
# endif /* DB_VERSION_MAJOR > 1 */
break;
}
if (tTd(28, 80))
sm_dprintf("udbexpand: match %.*s: %.*s\n",
(int) key.size, (char *) key.data,
(int) info.size, (char *) info.data);
a->q_flags &= ~QSELFREF;
while (i == 0 && key.size == keylen &&
memcmp(key.data, keybuf, keylen) == 0)
{
char *p;
if (bitset(EF_VRFYONLY, e->e_flags))
{
a->q_state = QS_VERIFIED;
# if DB_VERSION_MAJOR > 1
if (dbc != NULL)
{
(void) dbc->c_close(dbc);
dbc = NULL;
}
# endif /* DB_VERSION_MAJOR > 1 */
return EX_OK;
}
breakout = true;
if (info.size >= userleft - 1)
{
char *nuser;
int size = MEMCHUNKSIZE;
if (info.size > MEMCHUNKSIZE)
size = info.size;
nuser = sm_malloc_x(usersize + size);
memmove(nuser, user, usersize);
if (user != userbuf)
sm_free(user); /* XXX */
user = nuser;
usersize += size;
userleft += size;
}
p = &user[strlen(user)];
if (p != user)
{
*p++ = ',';
userleft--;
}
memmove(p, info.data, info.size);
p[info.size] = '\0';
userleft -= info.size;
/* get the next record */
# if DB_VERSION_MAJOR < 2
i = (*up->udb_dbp->seq)(up->udb_dbp, &key, &info, R_NEXT);
# else /* DB_VERSION_MAJOR < 2 */
i = 0;
if ((errno = dbc->c_get(dbc, &key,
&info, DB_NEXT)) != 0)
i = 1;
# endif /* DB_VERSION_MAJOR < 2 */
}
# if DB_VERSION_MAJOR > 1
if (dbc != NULL)
{
(void) dbc->c_close(dbc);
dbc = NULL;
}
# endif /* DB_VERSION_MAJOR > 1 */
/* if nothing ever matched, try next database */
if (!breakout)
break;
message("expanded to %s", user);
if (LogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"expand %.100s => %s",
e->e_to,
shortenstring(user, MAXSHORTSTR));
naddrs = sendtolist(user, a, sendq, aliaslevel + 1, e);
if (naddrs > 0 && !bitset(QSELFREF, a->q_flags))
{
if (tTd(28, 5))
{
sm_dprintf("udbexpand: QS_EXPANDED ");
printaddr(sm_debug_file(), a, false);
}
a->q_state = QS_EXPANDED;
}
if (i < 0)
{
syserr("udbexpand: db-get %.*s stat %d",
(int) key.size, (char *) key.data, i);
return EX_TEMPFAIL;
}
/*
** If this address has a -request address, reflect
** it into the envelope.
*/
memset(&key, '\0', sizeof(key));
memset(&info, '\0', sizeof(info));
(void) sm_strlcpyn(keybuf, sizeof(keybuf), 2, a->q_user,
":mailsender");
keylen = strlen(keybuf);
key.data = keybuf;
key.size = keylen;
# if DB_VERSION_MAJOR < 2
i = (*up->udb_dbp->get)(up->udb_dbp, &key, &info, 0);
-# else /* DB_VERSION_MAJOR < 2 */
+# else
i = errno = (*up->udb_dbp->get)(up->udb_dbp, NULL,
&key, &info, 0);
-# endif /* DB_VERSION_MAJOR < 2 */
+# endif
if (i != 0 || info.size <= 0)
break;
a->q_owner = sm_rpool_malloc_x(e->e_rpool,
info.size + 1);
memmove(a->q_owner, info.data, info.size);
a->q_owner[info.size] = '\0';
/* announce delivery; NORECEIPT bit set later */
if (e->e_xfp != NULL)
{
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"Message delivered to mailing list %s\n",
a->q_paddr);
}
e->e_flags |= EF_SENDRECEIPT;
a->q_flags |= QDELIVERED|QEXPANDED;
break;
# endif /* NEWDB */
# if HESIOD
case UDB_HESIOD:
key.data = keybuf;
key.size = keylen;
if (tTd(28, 80))
sm_dprintf("udbexpand: trying %s (%d) via hesiod\n",
keybuf, keylen);
/* look up the key via hesiod */
i = hes_udb_get(&key, &info);
if (i < 0)
{
syserr("udbexpand: hesiod-get %.*s stat %d",
(int) key.size, (char *) key.data, i);
return EX_TEMPFAIL;
}
else if (i > 0 || info.size <= 0)
{
# if HES_GETMAILHOST
struct hes_postoffice *hp;
-# endif /* HES_GETMAILHOST */
+# endif
if (tTd(28, 2))
sm_dprintf("udbexpand: no match on %s (%d)\n",
(char *) keybuf, (int) keylen);
# if HES_GETMAILHOST
if (tTd(28, 8))
sm_dprintf(" ... trying hes_getmailhost(%s)\n",
a->q_user);
hp = hes_getmailhost(a->q_user);
if (hp == NULL)
{
if (hes_error() == HES_ER_NET)
{
syserr("udbexpand: hesiod-getmail %s stat %d",
a->q_user, hes_error());
return EX_TEMPFAIL;
}
if (tTd(28, 2))
sm_dprintf("hes_getmailhost(%s): %d\n",
a->q_user, hes_error());
break;
}
if (strlen(hp->po_name) + strlen(hp->po_host) >
sizeof(pobuf) - 2)
{
if (tTd(28, 2))
sm_dprintf("hes_getmailhost(%s): expansion too long: %.30s@%.30s\n",
a->q_user,
hp->po_name,
hp->po_host);
break;
}
info.data = pobuf;
(void) sm_snprintf(pobuf, sizeof(pobuf),
"%s@%s", hp->po_name, hp->po_host);
info.size = strlen(info.data);
# else /* HES_GETMAILHOST */
break;
# endif /* HES_GETMAILHOST */
}
if (tTd(28, 80))
sm_dprintf("udbexpand: match %.*s: %.*s\n",
(int) key.size, (char *) key.data,
(int) info.size, (char *) info.data);
a->q_flags &= ~QSELFREF;
if (bitset(EF_VRFYONLY, e->e_flags))
{
a->q_state = QS_VERIFIED;
return EX_OK;
}
breakout = true;
if (info.size >= usersize)
user = sm_malloc_x(info.size + 1);
memmove(user, info.data, info.size);
user[info.size] = '\0';
message("hesioded to %s", user);
if (LogLevel > 10)
sm_syslog(LOG_INFO, e->e_id,
"hesiod %.100s => %s",
e->e_to,
shortenstring(user, MAXSHORTSTR));
naddrs = sendtolist(user, a, sendq, aliaslevel + 1, e);
if (naddrs > 0 && !bitset(QSELFREF, a->q_flags))
{
if (tTd(28, 5))
{
sm_dprintf("udbexpand: QS_EXPANDED ");
printaddr(sm_debug_file(), a, false);
}
a->q_state = QS_EXPANDED;
}
/*
** If this address has a -request address, reflect
** it into the envelope.
*/
(void) sm_strlcpyn(keybuf, sizeof(keybuf), 2, a->q_user,
":mailsender");
keylen = strlen(keybuf);
key.data = keybuf;
key.size = keylen;
i = hes_udb_get(&key, &info);
if (i != 0 || info.size <= 0)
break;
a->q_owner = sm_rpool_malloc_x(e->e_rpool,
info.size + 1);
memmove(a->q_owner, info.data, info.size);
a->q_owner[info.size] = '\0';
break;
# endif /* HESIOD */
case UDB_REMOTE:
/* not yet implemented */
break;
case UDB_FORWARD:
if (bitset(EF_VRFYONLY, e->e_flags))
{
a->q_state = QS_VERIFIED;
return EX_OK;
}
i = strlen(up->udb_fwdhost) + strlen(a->q_user) + 1;
if (i >= usersize)
{
usersize = i + 1;
user = sm_malloc_x(usersize);
}
(void) sm_strlcpyn(user, usersize, 3,
a->q_user, "@", up->udb_fwdhost);
message("expanded to %s", user);
a->q_flags &= ~QSELFREF;
naddrs = sendtolist(user, a, sendq, aliaslevel + 1, e);
if (naddrs > 0 && !bitset(QSELFREF, a->q_flags))
{
if (tTd(28, 5))
{
sm_dprintf("udbexpand: QS_EXPANDED ");
printaddr(sm_debug_file(), a, false);
}
a->q_state = QS_EXPANDED;
}
breakout = true;
break;
case UDB_EOLIST:
breakout = true;
break;
default:
/* unknown entry type */
break;
}
/* XXX if an exception occurs, there is a storage leak */
if (user != userbuf)
sm_free(user); /* XXX */
}
return EX_OK;
}
/*
** UDBSENDER -- return canonical external name of sender, given local name
**
** Parameters:
** sender -- the name of the sender on the local machine.
** rpool -- resource pool from which to allocate result
**
** Returns:
** The external name for this sender, if derivable from the
** database. Storage allocated from rpool.
** NULL -- if nothing is changed from the database.
**
** Side Effects:
** none.
*/
char *
udbsender(sender, rpool)
char *sender;
SM_RPOOL_T *rpool;
{
return udbmatch(sender, "mailname", rpool);
}
/*
** UDBMATCH -- match user in field, return result of lookup.
**
** Parameters:
** user -- the name of the user.
** field -- the field to lookup.
** rpool -- resource pool from which to allocate result
**
** Returns:
** The external name for this sender, if derivable from the
** database. Storage allocated from rpool.
** NULL -- if nothing is changed from the database.
**
** Side Effects:
** none.
*/
static char *
udbmatch(user, field, rpool)
char *user;
char *field;
SM_RPOOL_T *rpool;
{
register char *p;
register struct udbent *up;
int i;
int keylen;
DBT key, info;
char keybuf[MAXUDBKEY];
if (tTd(28, 1))
sm_dprintf("udbmatch(%s, %s)\n", user, field);
if (!UdbInitialized)
{
if (_udbx_init(CurEnv) == EX_TEMPFAIL)
return NULL;
}
/* short circuit if no spec */
if (UdbSpec == NULL || UdbSpec[0] == '\0')
return NULL;
/* short circuit name begins with '\\' since it can't possibly match */
if (user[0] == '\\')
return NULL;
/* long names can never match and are a pain to deal with */
i = strlen(field);
if (i < sizeof("maildrop"))
i = sizeof("maildrop");
if ((strlen(user) + i) > sizeof(keybuf) - 4)
return NULL;
/* names beginning with colons indicate metadata */
if (user[0] == ':')
return NULL;
/* build database key */
(void) sm_strlcpyn(keybuf, sizeof(keybuf), 3, user, ":", field);
keylen = strlen(keybuf);
for (up = UdbEnts; up->udb_type != UDB_EOLIST; up++)
{
/*
** Select action based on entry type.
*/
switch (up->udb_type)
{
# if NEWDB
case UDB_DBFETCH:
memset(&key, '\0', sizeof(key));
memset(&info, '\0', sizeof(info));
key.data = keybuf;
key.size = keylen;
# if DB_VERSION_MAJOR < 2
i = (*up->udb_dbp->get)(up->udb_dbp, &key, &info, 0);
-# else /* DB_VERSION_MAJOR < 2 */
+# else
i = errno = (*up->udb_dbp->get)(up->udb_dbp, NULL,
&key, &info, 0);
-# endif /* DB_VERSION_MAJOR < 2 */
+# endif
if (i != 0 || info.size <= 0)
{
if (tTd(28, 2))
sm_dprintf("udbmatch: no match on %s (%d) via db\n",
keybuf, keylen);
continue;
}
p = sm_rpool_malloc_x(rpool, info.size + 1);
memmove(p, info.data, info.size);
p[info.size] = '\0';
if (tTd(28, 1))
sm_dprintf("udbmatch ==> %s\n", p);
return p;
# endif /* NEWDB */
# if HESIOD
case UDB_HESIOD:
key.data = keybuf;
key.size = keylen;
i = hes_udb_get(&key, &info);
if (i != 0 || info.size <= 0)
{
if (tTd(28, 2))
sm_dprintf("udbmatch: no match on %s (%d) via hesiod\n",
keybuf, keylen);
continue;
}
p = sm_rpool_malloc_x(rpool, info.size + 1);
memmove(p, info.data, info.size);
p[info.size] = '\0';
if (tTd(28, 1))
sm_dprintf("udbmatch ==> %s\n", p);
return p;
# endif /* HESIOD */
}
}
if (strcmp(field, "mailname") != 0)
return NULL;
/*
** Nothing yet. Search again for a default case. But only
** use it if we also have a forward (:maildrop) pointer already
** in the database.
*/
/* build database key */
(void) sm_strlcpyn(keybuf, sizeof(keybuf), 2, user, ":maildrop");
keylen = strlen(keybuf);
for (up = UdbEnts; up->udb_type != UDB_EOLIST; up++)
{
switch (up->udb_type)
{
# if NEWDB
case UDB_DBFETCH:
/* get the default case for this database */
if (up->udb_default == NULL)
{
memset(&key, '\0', sizeof(key));
memset(&info, '\0', sizeof(info));
key.data = ":default:mailname";
key.size = strlen(key.data);
# if DB_VERSION_MAJOR < 2
i = (*up->udb_dbp->get)(up->udb_dbp,
&key, &info, 0);
# else /* DB_VERSION_MAJOR < 2 */
i = errno = (*up->udb_dbp->get)(up->udb_dbp,
NULL, &key,
&info, 0);
# endif /* DB_VERSION_MAJOR < 2 */
if (i != 0 || info.size <= 0)
{
/* no default case */
up->udb_default = "";
continue;
}
/* save the default case */
up->udb_default = sm_pmalloc_x(info.size + 1);
memmove(up->udb_default, info.data, info.size);
up->udb_default[info.size] = '\0';
}
else if (up->udb_default[0] == '\0')
continue;
/* we have a default case -- verify user:maildrop */
memset(&key, '\0', sizeof(key));
memset(&info, '\0', sizeof(info));
key.data = keybuf;
key.size = keylen;
# if DB_VERSION_MAJOR < 2
i = (*up->udb_dbp->get)(up->udb_dbp, &key, &info, 0);
-# else /* DB_VERSION_MAJOR < 2 */
+# else
i = errno = (*up->udb_dbp->get)(up->udb_dbp, NULL,
&key, &info, 0);
-# endif /* DB_VERSION_MAJOR < 2 */
+# endif
if (i != 0 || info.size <= 0)
{
/* nope -- no aliasing for this user */
continue;
}
/* they exist -- build the actual address */
i = strlen(user) + strlen(up->udb_default) + 2;
p = sm_rpool_malloc_x(rpool, i);
(void) sm_strlcpyn(p, i, 3, user, "@", up->udb_default);
if (tTd(28, 1))
sm_dprintf("udbmatch ==> %s\n", p);
return p;
# endif /* NEWDB */
# if HESIOD
case UDB_HESIOD:
/* get the default case for this database */
if (up->udb_default == NULL)
{
key.data = ":default:mailname";
key.size = strlen(key.data);
i = hes_udb_get(&key, &info);
if (i != 0 || info.size <= 0)
{
/* no default case */
up->udb_default = "";
continue;
}
/* save the default case */
up->udb_default = sm_pmalloc_x(info.size + 1);
memmove(up->udb_default, info.data, info.size);
up->udb_default[info.size] = '\0';
}
else if (up->udb_default[0] == '\0')
continue;
/* we have a default case -- verify user:maildrop */
key.data = keybuf;
key.size = keylen;
i = hes_udb_get(&key, &info);
if (i != 0 || info.size <= 0)
{
/* nope -- no aliasing for this user */
continue;
}
/* they exist -- build the actual address */
i = strlen(user) + strlen(up->udb_default) + 2;
p = sm_rpool_malloc_x(rpool, i);
(void) sm_strlcpyn(p, i, 3, user, "@", up->udb_default);
if (tTd(28, 1))
sm_dprintf("udbmatch ==> %s\n", p);
return p;
break;
# endif /* HESIOD */
}
}
/* still nothing.... too bad */
return NULL;
}
/*
** UDB_MAP_LOOKUP -- look up arbitrary entry in user database map
**
** Parameters:
** map -- the map being queried.
** name -- the name to look up.
** av -- arguments to the map lookup.
** statp -- to get any error status.
**
** Returns:
** NULL if name not found in map.
** The rewritten name otherwise.
*/
/* ARGSUSED3 */
char *
udb_map_lookup(map, name, av, statp)
MAP *map;
char *name;
char **av;
int *statp;
{
char *val;
char *key;
char *SM_NONVOLATILE result = NULL;
char keybuf[MAXNAME + 1];
if (tTd(28, 20) || tTd(38, 20))
sm_dprintf("udb_map_lookup(%s, %s)\n", map->map_mname, name);
if (bitset(MF_NOFOLDCASE, map->map_mflags))
{
key = name;
}
else
{
int keysize = strlen(name);
if (keysize > sizeof(keybuf) - 1)
keysize = sizeof(keybuf) - 1;
memmove(keybuf, name, keysize);
keybuf[keysize] = '\0';
makelower(keybuf);
key = keybuf;
}
val = udbmatch(key, map->map_file, NULL);
if (val == NULL)
return NULL;
SM_TRY
if (bitset(MF_MATCHONLY, map->map_mflags))
result = map_rewrite(map, name, strlen(name), NULL);
else
result = map_rewrite(map, val, strlen(val), av);
SM_FINALLY
sm_free(val);
SM_END_TRY
return result;
}
/*
** _UDBX_INIT -- parse the UDB specification, opening any valid entries.
**
** Parameters:
** e -- the current envelope.
**
** Returns:
** EX_TEMPFAIL -- if it appeared it couldn't get hold of a
** database due to a host being down or some similar
** (recoverable) situation.
** EX_OK -- otherwise.
**
** Side Effects:
** Fills in the UdbEnts structure from UdbSpec.
*/
# define MAXUDBOPTS 27
static int
_udbx_init(e)
ENVELOPE *e;
{
int ents = 0;
register char *p;
register struct udbent *up;
if (UdbInitialized)
return EX_OK;
# ifdef UDB_DEFAULT_SPEC
if (UdbSpec == NULL)
UdbSpec = UDB_DEFAULT_SPEC;
-# endif /* UDB_DEFAULT_SPEC */
+# endif
p = UdbSpec;
up = UdbEnts;
while (p != NULL)
{
char *spec;
+# if NEWDB
int l;
+# endif
struct udb_option opts[MAXUDBOPTS + 1];
while (*p == ' ' || *p == '\t' || *p == ',')
p++;
if (*p == '\0')
break;
spec = p;
p = strchr(p, ',');
if (p != NULL)
*p++ = '\0';
if (ents >= MAXUDBENT)
{
syserr("Maximum number of UDB entries exceeded");
break;
}
/* extract options */
(void) _udb_parsespec(spec, opts, MAXUDBOPTS);
/*
** Decode database specification.
**
** In the sendmail tradition, the leading character
** defines the semantics of the rest of the entry.
**
** @hostname -- forward email to the indicated host.
** This should be the last in the list,
** since it always matches the input.
** /dbname -- search the named database on the local
** host using the Berkeley db package.
** Hesiod -- search the named database with BIND
** using the MIT Hesiod package.
*/
switch (*spec)
{
case '@': /* forward to remote host */
up->udb_type = UDB_FORWARD;
up->udb_pid = CurrentPid;
up->udb_fwdhost = spec + 1;
ents++;
up++;
break;
# if HESIOD
case 'h': /* use hesiod */
case 'H':
if (sm_strcasecmp(spec, "hesiod") != 0)
goto badspec;
up->udb_type = UDB_HESIOD;
up->udb_pid = CurrentPid;
ents++;
up++;
break;
# endif /* HESIOD */
# if NEWDB
case '/': /* look up remote name */
l = strlen(spec);
if (l > 3 && strcmp(&spec[l - 3], ".db") == 0)
{
up->udb_dbname = spec;
}
else
{
up->udb_dbname = sm_pmalloc_x(l + 4);
(void) sm_strlcpyn(up->udb_dbname, l + 4, 2,
spec, ".db");
}
errno = 0;
# if DB_VERSION_MAJOR < 2
up->udb_dbp = dbopen(up->udb_dbname, O_RDONLY,
0644, DB_BTREE, NULL);
# else /* DB_VERSION_MAJOR < 2 */
{
int flags = DB_RDONLY;
# if DB_VERSION_MAJOR > 2
int ret;
# endif /* DB_VERSION_MAJOR > 2 */
SM_DB_FLAG_ADD(flags);
up->udb_dbp = NULL;
# if DB_VERSION_MAJOR > 2
ret = db_create(&up->udb_dbp, NULL, 0);
if (ret != 0)
{
(void) up->udb_dbp->close(up->udb_dbp,
0);
up->udb_dbp = NULL;
}
else
{
ret = up->udb_dbp->open(up->udb_dbp,
DBTXN
up->udb_dbname,
NULL,
DB_BTREE,
flags,
0644);
if (ret != 0)
{
#ifdef DB_OLD_VERSION
if (ret == DB_OLD_VERSION)
ret = EINVAL;
-#endif /* DB_OLD_VERSION */
+#endif
(void) up->udb_dbp->close(up->udb_dbp, 0);
up->udb_dbp = NULL;
}
}
errno = ret;
# else /* DB_VERSION_MAJOR > 2 */
errno = db_open(up->udb_dbname, DB_BTREE,
flags, 0644, NULL,
NULL, &up->udb_dbp);
# endif /* DB_VERSION_MAJOR > 2 */
}
# endif /* DB_VERSION_MAJOR < 2 */
if (up->udb_dbp == NULL)
{
if (tTd(28, 1))
{
int save_errno = errno;
# if DB_VERSION_MAJOR < 2
sm_dprintf("dbopen(%s): %s\n",
# else /* DB_VERSION_MAJOR < 2 */
sm_dprintf("db_open(%s): %s\n",
# endif /* DB_VERSION_MAJOR < 2 */
up->udb_dbname,
sm_errstring(errno));
errno = save_errno;
}
if (errno != ENOENT && errno != EACCES)
{
if (LogLevel > 2)
sm_syslog(LOG_ERR, e->e_id,
# if DB_VERSION_MAJOR < 2
"dbopen(%s): %s",
# else /* DB_VERSION_MAJOR < 2 */
"db_open(%s): %s",
# endif /* DB_VERSION_MAJOR < 2 */
up->udb_dbname,
sm_errstring(errno));
up->udb_type = UDB_EOLIST;
if (up->udb_dbname != spec)
sm_free(up->udb_dbname); /* XXX */
goto tempfail;
}
if (up->udb_dbname != spec)
sm_free(up->udb_dbname); /* XXX */
break;
}
if (tTd(28, 1))
{
# if DB_VERSION_MAJOR < 2
sm_dprintf("_udbx_init: dbopen(%s)\n",
# else /* DB_VERSION_MAJOR < 2 */
sm_dprintf("_udbx_init: db_open(%s)\n",
# endif /* DB_VERSION_MAJOR < 2 */
up->udb_dbname);
}
up->udb_type = UDB_DBFETCH;
up->udb_pid = CurrentPid;
ents++;
up++;
break;
# endif /* NEWDB */
default:
# if HESIOD
badspec:
-# endif /* HESIOD */
+# endif
syserr("Unknown UDB spec %s", spec);
break;
}
}
up->udb_type = UDB_EOLIST;
if (tTd(28, 4))
{
for (up = UdbEnts; up->udb_type != UDB_EOLIST; up++)
{
switch (up->udb_type)
{
case UDB_REMOTE:
sm_dprintf("REMOTE: addr %s, timeo %d\n",
anynet_ntoa((SOCKADDR *) &up->udb_addr),
up->udb_timeout);
break;
case UDB_DBFETCH:
# if NEWDB
- sm_dprintf("FETCH: file %s\n",
- up->udb_dbname);
-# else /* NEWDB */
+ sm_dprintf("FETCH: file %s\n", up->udb_dbname);
+# else
sm_dprintf("FETCH\n");
-# endif /* NEWDB */
+# endif
break;
case UDB_FORWARD:
sm_dprintf("FORWARD: host %s\n",
up->udb_fwdhost);
break;
case UDB_HESIOD:
sm_dprintf("HESIOD\n");
break;
default:
sm_dprintf("UNKNOWN\n");
break;
}
}
}
UdbInitialized = true;
errno = 0;
return EX_OK;
/*
** On temporary failure, back out anything we've already done
*/
- tempfail:
# if NEWDB
+ tempfail:
for (up = UdbEnts; up->udb_type != UDB_EOLIST; up++)
{
if (up->udb_type == UDB_DBFETCH)
{
# if DB_VERSION_MAJOR < 2
(*up->udb_dbp->close)(up->udb_dbp);
-# else /* DB_VERSION_MAJOR < 2 */
+# else
errno = (*up->udb_dbp->close)(up->udb_dbp, 0);
-# endif /* DB_VERSION_MAJOR < 2 */
+# endif
if (tTd(28, 1))
sm_dprintf("_udbx_init: db->close(%s)\n",
up->udb_dbname);
}
}
# endif /* NEWDB */
return EX_TEMPFAIL;
}
static int
_udb_parsespec(udbspec, opt, maxopts)
char *udbspec;
struct udb_option opt[];
int maxopts;
{
register char *spec;
register char *spec_end;
register int optnum;
spec_end = strchr(udbspec, ':');
for (optnum = 0; optnum < maxopts && (spec = spec_end) != NULL; optnum++)
{
register char *p;
- while (isascii(*spec) && isspace(*spec))
+ while (SM_ISSPACE(*spec))
spec++;
spec_end = strchr(spec, ':');
if (spec_end != NULL)
*spec_end++ = '\0';
opt[optnum].udbo_name = spec;
opt[optnum].udbo_val = NULL;
p = strchr(spec, '=');
if (p != NULL)
opt[optnum].udbo_val = ++p;
}
return optnum;
}
/*
** _UDBX_CLOSE -- close all file based UDB entries.
**
** Parameters:
** none
**
** Returns:
** none
*/
void
_udbx_close()
{
struct udbent *up;
if (!UdbInitialized)
return;
for (up = UdbEnts; up->udb_type != UDB_EOLIST; up++)
{
if (up->udb_pid != CurrentPid)
continue;
# if NEWDB
if (up->udb_type == UDB_DBFETCH)
{
# if DB_VERSION_MAJOR < 2
(*up->udb_dbp->close)(up->udb_dbp);
-# else /* DB_VERSION_MAJOR < 2 */
+# else
errno = (*up->udb_dbp->close)(up->udb_dbp, 0);
-# endif /* DB_VERSION_MAJOR < 2 */
+# endif
}
if (tTd(28, 1))
sm_dprintf("_udbx_close: db->close(%s)\n",
up->udb_dbname);
# endif /* NEWDB */
}
}
# if HESIOD
static int
hes_udb_get(key, info)
DBT *key;
DBT *info;
{
char *name, *type;
char **hp;
char kbuf[MAXUDBKEY + 1];
if (sm_strlcpy(kbuf, key->data, sizeof(kbuf)) >= sizeof(kbuf))
return 0;
name = kbuf;
type = strrchr(name, ':');
if (type == NULL)
return 1;
*type++ = '\0';
if (strchr(name, '@') != NULL)
return 1;
if (tTd(28, 1))
sm_dprintf("hes_udb_get(%s, %s)\n", name, type);
/* make the hesiod query */
# ifdef HESIOD_INIT
if (HesiodContext == NULL && hesiod_init(&HesiodContext) != 0)
return -1;
hp = hesiod_resolve(HesiodContext, name, type);
-# else /* HESIOD_INIT */
+# else
hp = hes_resolve(name, type);
-# endif /* HESIOD_INIT */
+# endif
*--type = ':';
# ifdef HESIOD_INIT
if (hp == NULL)
return 1;
if (*hp == NULL)
{
hesiod_free_list(HesiodContext, hp);
if (errno == ECONNREFUSED || errno == EMSGSIZE)
return -1;
return 1;
}
# else /* HESIOD_INIT */
if (hp == NULL || hp[0] == NULL)
{
/* network problem or timeout */
if (hes_error() == HES_ER_NET)
return -1;
return 1;
}
# endif /* HESIOD_INIT */
else
{
/*
** If there are multiple matches, just return the
** first one.
**
** XXX These should really be returned; for example,
** XXX it is legal for :maildrop to be multi-valued.
*/
info->data = hp[0];
info->size = (size_t) strlen(info->data);
}
if (tTd(28, 80))
sm_dprintf("hes_udb_get => %s\n", *hp);
return 0;
}
# endif /* HESIOD */
#else /* USERDB */
int
udbexpand(a, sendq, aliaslevel, e)
ADDRESS *a;
ADDRESS **sendq;
int aliaslevel;
ENVELOPE *e;
{
return EX_OK;
}
#endif /* USERDB */
diff --git a/src/usersmtp.c b/src/usersmtp.c
index 24d38ee4f945..b4ff5ccbc80a 100644
--- a/src/usersmtp.c
+++ b/src/usersmtp.c
@@ -1,3375 +1,3435 @@
/*
* Copyright (c) 1998-2006, 2008-2010, 2014 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: usersmtp.c,v 8.488 2013-11-22 20:51:57 ca Exp $")
#include <sysexits.h>
static void esmtp_check __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
static void helo_options __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
static int smtprcptstat __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *));
#if SASL
extern void *sm_sasl_malloc __P((unsigned long));
extern void sm_sasl_free __P((void *));
-#endif /* SASL */
+#endif
/*
** USERSMTP -- run SMTP protocol from the user end.
**
** This protocol is described in RFC821.
*/
#define SMTPCLOSING 421 /* "Service Shutting Down" */
#define ENHSCN(e, d) ((e) == NULL ? (d) : (e))
#define ENHSCN_RPOOL(e, d, rpool) \
((e) == NULL ? (d) : sm_rpool_strdup_x(rpool, e))
static char SmtpMsgBuffer[MAXLINE]; /* buffer for commands */
static char SmtpReplyBuffer[MAXLINE]; /* buffer for replies */
static bool SmtpNeedIntro; /* need "while talking" in transcript */
/*
** SMTPINIT -- initialize SMTP.
**
** Opens the connection and sends the initial protocol.
**
** Parameters:
** m -- mailer to create connection to.
** mci -- the mailer connection info.
** e -- the envelope.
** onlyhelo -- send only helo command?
**
** Returns:
** none.
**
** Side Effects:
** creates connection and sends initial protocol.
*/
void
smtpinit(m, mci, e, onlyhelo)
MAILER *m;
register MCI *mci;
ENVELOPE *e;
bool onlyhelo;
{
register int r;
int state;
register char *p;
register char *hn;
+#if _FFR_EXPAND_HELONAME
+ char hnbuf[MAXNAME + 1];
+#endif
char *enhsc;
enhsc = NULL;
if (tTd(18, 1))
{
sm_dprintf("smtpinit ");
mci_dump(sm_debug_file(), mci, false);
}
/*
** Open the connection to the mailer.
*/
SmtpError[0] = '\0';
SmtpMsgBuffer[0] = '\0';
CurHostName = mci->mci_host; /* XXX UGLY XXX */
if (CurHostName == NULL)
CurHostName = MyHostName;
SmtpNeedIntro = true;
state = mci->mci_state;
-#if _FFR_ERRCODE
e->e_rcode = 0;
e->e_renhsc[0] = '\0';
e->e_text = NULL;
-#endif /* _FFR_ERRCODE */
switch (state)
{
case MCIS_MAIL:
case MCIS_RCPT:
case MCIS_DATA:
/* need to clear old information */
smtprset(m, mci, e);
/* FALLTHROUGH */
case MCIS_OPEN:
if (!onlyhelo)
return;
break;
case MCIS_ERROR:
case MCIS_QUITING:
case MCIS_SSD:
/* shouldn't happen */
smtpquit(m, mci, e);
/* FALLTHROUGH */
case MCIS_CLOSED:
syserr("451 4.4.0 smtpinit: state CLOSED (was %d)", state);
return;
case MCIS_OPENING:
break;
}
if (onlyhelo)
goto helo;
mci->mci_state = MCIS_OPENING;
clrsessenvelope(e);
/*
** Get the greeting message.
** This should appear spontaneously. Give it five minutes to
** happen.
*/
SmtpPhase = mci->mci_phase = "client greeting";
sm_setproctitle(true, e, "%s %s: %s",
qid_printname(e), CurHostName, mci->mci_phase);
r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check, NULL, XS_GREET);
if (r < 0)
goto tempfail1;
if (REPLYTYPE(r) == 4)
goto tempfail2;
if (REPLYTYPE(r) != 2)
goto unavailable;
/*
** Send the HELO command.
** My mother taught me to always introduce myself.
*/
helo:
if (bitnset(M_ESMTP, m->m_flags) || bitnset(M_LMTP, m->m_flags))
mci->mci_flags |= MCIF_ESMTP;
- hn = mci->mci_heloname ? mci->mci_heloname : MyHostName;
+ if (mci->mci_heloname != NULL)
+ {
+#if _FFR_EXPAND_HELONAME
+ expand(mci->mci_heloname, hnbuf, sizeof(hnbuf), e);
+ hn = hnbuf;
+#else
+ hn = mci->mci_heloname;
+#endif
+ }
+ else
+ hn = MyHostName;
tryhelo:
#if _FFR_IGNORE_EXT_ON_HELO
mci->mci_flags &= ~MCIF_HELO;
-#endif /* _FFR_IGNORE_EXT_ON_HELO */
+#endif
if (bitnset(M_LMTP, m->m_flags))
{
smtpmessage("LHLO %s", m, mci, hn);
SmtpPhase = mci->mci_phase = "client LHLO";
}
else if (bitset(MCIF_ESMTP, mci->mci_flags) &&
!bitnset(M_FSMTP, m->m_flags))
{
smtpmessage("EHLO %s", m, mci, hn);
SmtpPhase = mci->mci_phase = "client EHLO";
}
else
{
smtpmessage("HELO %s", m, mci, hn);
SmtpPhase = mci->mci_phase = "client HELO";
#if _FFR_IGNORE_EXT_ON_HELO
mci->mci_flags |= MCIF_HELO;
-#endif /* _FFR_IGNORE_EXT_ON_HELO */
+#endif
}
sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
CurHostName, mci->mci_phase);
r = reply(m, mci, e,
bitnset(M_LMTP, m->m_flags) ? TimeOuts.to_lhlo
: TimeOuts.to_helo,
helo_options, NULL, XS_EHLO);
if (r < 0)
goto tempfail1;
else if (REPLYTYPE(r) == 5)
{
if (bitset(MCIF_ESMTP, mci->mci_flags) &&
!bitnset(M_LMTP, m->m_flags))
{
/* try old SMTP instead */
mci->mci_flags &= ~MCIF_ESMTP;
goto tryhelo;
}
goto unavailable;
}
else if (REPLYTYPE(r) != 2)
goto tempfail2;
/*
** Check to see if we actually ended up talking to ourself.
** This means we didn't know about an alias or MX, or we managed
** to connect to an echo server.
*/
p = strchr(&SmtpReplyBuffer[4], ' ');
if (p != NULL)
*p = '\0';
if (!bitnset(M_NOLOOPCHECK, m->m_flags) &&
!bitnset(M_LMTP, m->m_flags) &&
sm_strcasecmp(&SmtpReplyBuffer[4], MyHostName) == 0)
{
syserr("553 5.3.5 %s config error: mail loops back to me (MX problem?)",
CurHostName);
mci_setstat(mci, EX_CONFIG, "5.3.5",
"553 5.3.5 system config error");
mci->mci_errno = 0;
smtpquit(m, mci, e);
return;
}
/*
** If this is expected to be another sendmail, send some internal
** commands.
** If we're running as MSP, "propagate" -v flag if possible.
*/
if ((UseMSP && Verbose && bitset(MCIF_VERB, mci->mci_flags))
|| bitnset(M_INTERNAL, m->m_flags))
{
/* tell it to be verbose */
smtpmessage("VERB", m, mci);
r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, &enhsc,
XS_DEFAULT);
if (r < 0)
goto tempfail1;
}
if (mci->mci_state != MCIS_CLOSED)
{
mci->mci_state = MCIS_OPEN;
return;
}
/* got a 421 error code during startup */
tempfail1:
mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.4.2"), NULL);
if (mci->mci_state != MCIS_CLOSED)
smtpquit(m, mci, e);
return;
tempfail2:
/* XXX should use code from other end iff ENHANCEDSTATUSCODES */
mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.5.0"),
SmtpReplyBuffer);
if (mci->mci_state != MCIS_CLOSED)
smtpquit(m, mci, e);
return;
unavailable:
mci_setstat(mci, EX_UNAVAILABLE, "5.5.0", SmtpReplyBuffer);
smtpquit(m, mci, e);
return;
}
/*
** ESMTP_CHECK -- check to see if this implementation likes ESMTP protocol
**
** Parameters:
** line -- the response line.
** firstline -- set if this is the first line of the reply.
** m -- the mailer.
** mci -- the mailer connection info.
** e -- the envelope.
**
** Returns:
** none.
*/
static void
esmtp_check(line, firstline, m, mci, e)
char *line;
bool firstline;
MAILER *m;
register MCI *mci;
ENVELOPE *e;
{
if (strstr(line, "ESMTP") != NULL)
mci->mci_flags |= MCIF_ESMTP;
/*
** Dirty hack below. Quoting the author:
** This was a response to people who wanted SMTP transmission to be
** just-send-8 by default. Essentially, you could put this tag into
** your greeting message to behave as though the F=8 flag was set on
** the mailer.
*/
if (strstr(line, "8BIT-OK") != NULL)
mci->mci_flags |= MCIF_8BITOK;
}
#if SASL
/* specify prototype so compiler can check calls */
static char *str_union __P((char *, char *, SM_RPOOL_T *));
/*
** STR_UNION -- create the union of two lists
**
** Parameters:
** s1, s2 -- lists of items (separated by single blanks).
** rpool -- resource pool from which result is allocated.
**
** Returns:
** the union of both lists.
*/
static char *
str_union(s1, s2, rpool)
char *s1, *s2;
SM_RPOOL_T *rpool;
{
char *hr, *h1, *h, *res;
int l1, l2, rl;
if (s1 == NULL || *s1 == '\0')
return s2;
if (s2 == NULL || *s2 == '\0')
return s1;
l1 = strlen(s1);
l2 = strlen(s2);
rl = l1 + l2;
if (rl <= 0)
{
sm_syslog(LOG_WARNING, NOQID,
"str_union: stringlen1=%d, stringlen2=%d, sum=%d, status=overflow",
l1, l2, rl);
res = NULL;
}
else
res = (char *) sm_rpool_malloc(rpool, rl + 2);
if (res == NULL)
{
if (l1 > l2)
return s1;
return s2;
}
(void) sm_strlcpy(res, s1, rl);
hr = res + l1;
h1 = s2;
h = s2;
/* walk through s2 */
while (h != NULL && *h1 != '\0')
{
/* is there something after the current word? */
if ((h = strchr(h1, ' ')) != NULL)
*h = '\0';
l1 = strlen(h1);
/* does the current word appear in s1 ? */
if (iteminlist(h1, s1, " ") == NULL)
{
/* add space as delimiter */
*hr++ = ' ';
/* copy the item */
memcpy(hr, h1, l1);
/* advance pointer in result list */
hr += l1;
*hr = '\0';
}
if (h != NULL)
{
/* there are more items */
*h = ' ';
h1 = h + 1;
}
}
return res;
}
#endif /* SASL */
/*
** HELO_OPTIONS -- process the options on a HELO line.
**
** Parameters:
** line -- the response line.
** firstline -- set if this is the first line of the reply.
** m -- the mailer.
** mci -- the mailer connection info.
** e -- the envelope (unused).
**
** Returns:
** none.
*/
static void
helo_options(line, firstline, m, mci, e)
char *line;
bool firstline;
MAILER *m;
register MCI *mci;
ENVELOPE *e;
{
register char *p;
#if _FFR_IGNORE_EXT_ON_HELO
static bool logged = false;
-#endif /* _FFR_IGNORE_EXT_ON_HELO */
+#endif
if (firstline)
{
mci_clr_extensions(mci);
#if _FFR_IGNORE_EXT_ON_HELO
logged = false;
-#endif /* _FFR_IGNORE_EXT_ON_HELO */
+#endif
return;
}
#if _FFR_IGNORE_EXT_ON_HELO
else if (bitset(MCIF_HELO, mci->mci_flags))
{
if (LogLevel > 8 && !logged)
{
sm_syslog(LOG_WARNING, NOQID,
"server=%s [%s] returned extensions despite HELO command",
macvalue(macid("{server_name}"), e),
macvalue(macid("{server_addr}"), e));
logged = true;
}
return;
}
#endif /* _FFR_IGNORE_EXT_ON_HELO */
if (strlen(line) < 5)
return;
line += 4;
p = strpbrk(line, " =");
if (p != NULL)
*p++ = '\0';
if (sm_strcasecmp(line, "size") == 0)
{
mci->mci_flags |= MCIF_SIZE;
if (p != NULL)
mci->mci_maxsize = atol(p);
}
else if (sm_strcasecmp(line, "8bitmime") == 0)
{
mci->mci_flags |= MCIF_8BITMIME;
mci->mci_flags &= ~MCIF_7BIT;
}
else if (sm_strcasecmp(line, "expn") == 0)
mci->mci_flags |= MCIF_EXPN;
else if (sm_strcasecmp(line, "dsn") == 0)
mci->mci_flags |= MCIF_DSN;
else if (sm_strcasecmp(line, "enhancedstatuscodes") == 0)
mci->mci_flags |= MCIF_ENHSTAT;
else if (sm_strcasecmp(line, "pipelining") == 0)
mci->mci_flags |= MCIF_PIPELINED;
else if (sm_strcasecmp(line, "verb") == 0)
mci->mci_flags |= MCIF_VERB;
+#if _FFR_EAI
+ else if (sm_strcasecmp(line, "smtputf8") == 0)
+ mci->mci_flags |= MCIF_EAI;
+#endif /* _FFR_EAI */
#if STARTTLS
else if (sm_strcasecmp(line, "starttls") == 0)
mci->mci_flags |= MCIF_TLS;
-#endif /* STARTTLS */
+#endif
else if (sm_strcasecmp(line, "deliverby") == 0)
{
mci->mci_flags |= MCIF_DLVR_BY;
if (p != NULL)
mci->mci_min_by = atol(p);
}
#if SASL
else if (sm_strcasecmp(line, "auth") == 0)
{
if (p != NULL && *p != '\0' &&
!bitset(MCIF_AUTH2, mci->mci_flags))
{
if (mci->mci_saslcap != NULL)
{
/*
** Create the union with previous auth
** offerings because we recognize "auth "
** and "auth=" (old format).
*/
mci->mci_saslcap = str_union(mci->mci_saslcap,
p, mci->mci_rpool);
mci->mci_flags |= MCIF_AUTH2;
}
else
{
int l;
l = strlen(p) + 1;
mci->mci_saslcap = (char *)
sm_rpool_malloc(mci->mci_rpool, l);
if (mci->mci_saslcap != NULL)
{
(void) sm_strlcpy(mci->mci_saslcap, p,
l);
mci->mci_flags |= MCIF_AUTH;
}
}
}
if (tTd(95, 5))
sm_syslog(LOG_DEBUG, NOQID, "AUTH flags=%lx, mechs=%s",
mci->mci_flags, mci->mci_saslcap);
}
#endif /* SASL */
}
#if SASL
static int getsimple __P((void *, int, const char **, unsigned *));
static int getsecret __P((sasl_conn_t *, void *, int, sasl_secret_t **));
static int saslgetrealm __P((void *, int, const char **, const char **));
static int readauth __P((char *, bool, SASL_AI_T *m, SM_RPOOL_T *));
static int getauth __P((MCI *, ENVELOPE *, SASL_AI_T *));
static char *removemech __P((char *, char *, SM_RPOOL_T *));
static int attemptauth __P((MAILER *, MCI *, ENVELOPE *, SASL_AI_T *));
static sasl_callback_t callbacks[] =
{
{ SASL_CB_GETREALM, (sasl_callback_ft)&saslgetrealm, NULL },
#define CB_GETREALM_IDX 0
{ SASL_CB_PASS, (sasl_callback_ft)&getsecret, NULL },
#define CB_PASS_IDX 1
{ SASL_CB_USER, (sasl_callback_ft)&getsimple, NULL },
#define CB_USER_IDX 2
{ SASL_CB_AUTHNAME, (sasl_callback_ft)&getsimple, NULL },
#define CB_AUTHNAME_IDX 3
{ SASL_CB_VERIFYFILE, (sasl_callback_ft)&safesaslfile, NULL },
#define CB_SAFESASL_IDX 4
{ SASL_CB_LIST_END, NULL, NULL }
};
/*
** INIT_SASL_CLIENT -- initialize client side of Cyrus-SASL
**
** Parameters:
** none.
**
** Returns:
** SASL_OK -- if successful.
** SASL error code -- otherwise.
**
** Side Effects:
** checks/sets sasl_clt_init.
**
** Note:
** Callbacks are ignored if sasl_client_init() has
** been called before (by a library such as libnss_ldap)
*/
static bool sasl_clt_init = false;
static int
init_sasl_client()
{
int result;
if (sasl_clt_init)
return SASL_OK;
result = sasl_client_init(callbacks);
/* should we retry later again or just remember that it failed? */
if (result == SASL_OK)
sasl_clt_init = true;
return result;
}
/*
** STOP_SASL_CLIENT -- shutdown client side of Cyrus-SASL
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** checks/sets sasl_clt_init.
*/
void
stop_sasl_client()
{
if (!sasl_clt_init)
return;
sasl_clt_init = false;
sasl_done();
}
/*
** GETSASLDATA -- process the challenges from the SASL protocol
**
** This gets the relevant sasl response data out of the reply
** from the server.
**
** Parameters:
** line -- the response line.
** firstline -- set if this is the first line of the reply.
** m -- the mailer.
** mci -- the mailer connection info.
** e -- the envelope (unused).
**
** Returns:
** none.
*/
static void getsasldata __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
static void
getsasldata(line, firstline, m, mci, e)
char *line;
bool firstline;
MAILER *m;
register MCI *mci;
ENVELOPE *e;
{
int len;
int result;
# if SASL < 20000
char *out;
-# endif /* SASL < 20000 */
+# endif
/* if not a continue we don't care about it */
len = strlen(line);
if ((len <= 4) ||
(line[0] != '3') ||
!isascii(line[1]) || !isdigit(line[1]) ||
!isascii(line[2]) || !isdigit(line[2]))
{
- SM_FREE_CLR(mci->mci_sasl_string);
+ SM_FREE(mci->mci_sasl_string);
return;
}
/* forget about "334 " */
line += 4;
len -= 4;
# if SASL >= 20000
/* XXX put this into a macro/function? It's duplicated below */
if (mci->mci_sasl_string != NULL)
{
if (mci->mci_sasl_string_len <= len)
{
sm_free(mci->mci_sasl_string); /* XXX */
mci->mci_sasl_string = xalloc(len + 1);
}
}
else
mci->mci_sasl_string = xalloc(len + 1);
result = sasl_decode64(line, len, mci->mci_sasl_string, len + 1,
(unsigned int *) &mci->mci_sasl_string_len);
if (result != SASL_OK)
{
mci->mci_sasl_string_len = 0;
*mci->mci_sasl_string = '\0';
}
# else /* SASL >= 20000 */
out = (char *) sm_rpool_malloc_x(mci->mci_rpool, len + 1);
result = sasl_decode64(line, len, out, (unsigned int *) &len);
if (result != SASL_OK)
{
len = 0;
*out = '\0';
}
/*
** mci_sasl_string is "shared" with Cyrus-SASL library; hence
** it can't be in an rpool unless we use the same memory
** management mechanism (with same rpool!) for Cyrus SASL.
*/
if (mci->mci_sasl_string != NULL)
{
if (mci->mci_sasl_string_len <= len)
{
sm_free(mci->mci_sasl_string); /* XXX */
mci->mci_sasl_string = xalloc(len + 1);
}
}
else
mci->mci_sasl_string = xalloc(len + 1);
memcpy(mci->mci_sasl_string, out, len);
mci->mci_sasl_string[len] = '\0';
mci->mci_sasl_string_len = len;
# endif /* SASL >= 20000 */
return;
}
/*
** READAUTH -- read auth values from a file
**
** Parameters:
** filename -- name of file to read.
** safe -- if set, this is a safe read.
** sai -- where to store auth_info.
** rpool -- resource pool for sai.
**
** Returns:
-** EX_OK -- data succesfully read.
+** EX_OK -- data successfully read.
** EX_UNAVAILABLE -- no valid filename.
** EX_TEMPFAIL -- temporary failure.
*/
static char *sasl_info_name[] =
{
"user id",
"authentication id",
"password",
"realm",
"mechlist"
};
static int
readauth(filename, safe, sai, rpool)
char *filename;
bool safe;
SASL_AI_T *sai;
SM_RPOOL_T *rpool;
{
SM_FILE_T *f;
long sff;
pid_t pid;
int lc;
char *s;
char buf[MAXLINE];
if (filename == NULL || filename[0] == '\0')
return EX_UNAVAILABLE;
#if !_FFR_ALLOW_SASLINFO
/*
** make sure we don't use a program that is not
- ** accesible to the user who specified a different authinfo file.
+ ** accessible to the user who specified a different authinfo file.
** However, currently we don't pass this info (authinfo file
** specified by user) around, so we just turn off program access.
*/
if (filename[0] == '|')
{
auto int fd;
int i;
char *p;
char *argv[MAXPV + 1];
i = 0;
for (p = strtok(&filename[1], " \t"); p != NULL;
p = strtok(NULL, " \t"))
{
if (i >= MAXPV)
break;
argv[i++] = p;
}
argv[i] = NULL;
pid = prog_open(argv, &fd, CurEnv);
if (pid < 0)
f = NULL;
else
f = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &fd, SM_IO_RDONLY, NULL);
}
else
#endif /* !_FFR_ALLOW_SASLINFO */
{
pid = -1;
sff = SFF_REGONLY|SFF_SAFEDIRPATH|SFF_NOWLINK
|SFF_NOGWFILES|SFF_NOWWFILES|SFF_NOWRFILES;
if (!bitnset(DBS_GROUPREADABLEAUTHINFOFILE, DontBlameSendmail))
sff |= SFF_NOGRFILES;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
#if _FFR_ALLOW_SASLINFO
/*
** XXX: make sure we don't read or open files that are not
- ** accesible to the user who specified a different authinfo
+ ** accessible to the user who specified a different authinfo
** file.
*/
sff |= SFF_MUSTOWN;
#else /* _FFR_ALLOW_SASLINFO */
if (safe)
sff |= SFF_OPENASROOT;
#endif /* _FFR_ALLOW_SASLINFO */
f = safefopen(filename, O_RDONLY, 0, sff);
}
if (f == NULL)
{
if (LogLevel > 5)
sm_syslog(LOG_ERR, NOQID,
"AUTH=client, error: can't open %s: %s",
filename, sm_errstring(errno));
return EX_TEMPFAIL;
}
lc = 0;
while (lc <= SASL_MECHLIST &&
sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0)
{
if (buf[0] != '#')
{
(*sai)[lc] = sm_rpool_strdup_x(rpool, buf);
if ((s = strchr((*sai)[lc], '\n')) != NULL)
*s = '\0';
lc++;
}
}
(void) sm_io_close(f, SM_TIME_DEFAULT);
if (pid > 0)
(void) waitfor(pid);
if (lc < SASL_PASSWORD)
{
if (LogLevel > 8)
sm_syslog(LOG_ERR, NOQID,
"AUTH=client, error: can't read %s from %s",
sasl_info_name[lc + 1], filename);
return EX_TEMPFAIL;
}
return EX_OK;
}
/*
** GETAUTH -- get authinfo from ruleset call
**
** {server_name}, {server_addr} must be set
**
** Parameters:
** mci -- the mailer connection structure.
** e -- the envelope (including the sender to specify).
** sai -- pointer to authinfo (result).
**
** Returns:
-** EX_OK -- ruleset was succesfully called, data may not
+** EX_OK -- ruleset was successfully called, data may not
** be available, sai must be checked.
** EX_UNAVAILABLE -- ruleset unavailable (or failed).
** EX_TEMPFAIL -- temporary failure (from ruleset).
**
** Side Effects:
** Fills in sai if successful.
*/
static int
getauth(mci, e, sai)
MCI *mci;
ENVELOPE *e;
SASL_AI_T *sai;
{
int i, r, l, got, ret;
char **pvp;
char pvpbuf[PSBUFSIZE];
r = rscap("authinfo", macvalue(macid("{server_name}"), e),
macvalue(macid("{server_addr}"), e), e,
&pvp, pvpbuf, sizeof(pvpbuf));
if (r != EX_OK)
return EX_UNAVAILABLE;
/* other than expected return value: ok (i.e., no auth) */
if (pvp == NULL || pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET)
return EX_OK;
if (pvp[1] != NULL && sm_strncasecmp(pvp[1], "temp", 4) == 0)
return EX_TEMPFAIL;
/*
** parse the data, put it into sai
** format: "TDstring" (including the '"' !)
** where T is a tag: 'U', ...
** D is a delimiter: ':' or '='
*/
ret = EX_OK; /* default return value */
i = 0;
got = 0;
while (i < SASL_ENTRIES)
{
if (pvp[i + 1] == NULL)
break;
if (pvp[i + 1][0] != '"')
break;
switch (pvp[i + 1][1])
{
case 'U':
case 'u':
r = SASL_USER;
break;
case 'I':
case 'i':
r = SASL_AUTHID;
break;
case 'P':
case 'p':
r = SASL_PASSWORD;
break;
case 'R':
case 'r':
r = SASL_DEFREALM;
break;
case 'M':
case 'm':
r = SASL_MECHLIST;
break;
default:
goto fail;
}
l = strlen(pvp[i + 1]);
/* check syntax */
if (l <= 3 || pvp[i + 1][l - 1] != '"')
goto fail;
/* remove closing quote */
pvp[i + 1][l - 1] = '\0';
/* remove "TD and " */
l -= 4;
(*sai)[r] = (char *) sm_rpool_malloc(mci->mci_rpool, l + 1);
if ((*sai)[r] == NULL)
goto tempfail;
if (pvp[i + 1][2] == ':')
{
/* ':text' (just copy) */
(void) sm_strlcpy((*sai)[r], pvp[i + 1] + 3, l + 1);
got |= 1 << r;
}
else if (pvp[i + 1][2] == '=')
{
unsigned int len;
/* '=base64' (decode) */
# if SASL >= 20000
ret = sasl_decode64(pvp[i + 1] + 3,
(unsigned int) l, (*sai)[r],
(unsigned int) l + 1, &len);
# else /* SASL >= 20000 */
ret = sasl_decode64(pvp[i + 1] + 3,
(unsigned int) l, (*sai)[r], &len);
# endif /* SASL >= 20000 */
if (ret != SASL_OK)
goto fail;
got |= 1 << r;
}
else
goto fail;
if (tTd(95, 5))
sm_syslog(LOG_DEBUG, NOQID, "getauth %s=%s",
sasl_info_name[r], (*sai)[r]);
++i;
}
/* did we get the expected data? */
/* XXX: EXTERNAL mechanism only requires (and only uses) SASL_USER */
if (!(bitset(SASL_USER_BIT|SASL_AUTHID_BIT, got) &&
bitset(SASL_PASSWORD_BIT, got)))
goto fail;
/* no authid? copy uid */
if (!bitset(SASL_AUTHID_BIT, got))
{
l = strlen((*sai)[SASL_USER]) + 1;
(*sai)[SASL_AUTHID] = (char *) sm_rpool_malloc(mci->mci_rpool,
l + 1);
if ((*sai)[SASL_AUTHID] == NULL)
goto tempfail;
(void) sm_strlcpy((*sai)[SASL_AUTHID], (*sai)[SASL_USER], l);
}
/* no uid? copy authid */
if (!bitset(SASL_USER_BIT, got))
{
l = strlen((*sai)[SASL_AUTHID]) + 1;
(*sai)[SASL_USER] = (char *) sm_rpool_malloc(mci->mci_rpool,
l + 1);
if ((*sai)[SASL_USER] == NULL)
goto tempfail;
(void) sm_strlcpy((*sai)[SASL_USER], (*sai)[SASL_AUTHID], l);
}
return EX_OK;
tempfail:
ret = EX_TEMPFAIL;
fail:
if (LogLevel > 8)
sm_syslog(LOG_WARNING, NOQID,
"AUTH=client, relay=%.64s [%.16s], authinfo %sfailed",
macvalue(macid("{server_name}"), e),
macvalue(macid("{server_addr}"), e),
ret == EX_TEMPFAIL ? "temp" : "");
for (i = 0; i <= SASL_MECHLIST; i++)
(*sai)[i] = NULL; /* just clear; rpool */
return ret;
}
# if SASL >= 20000
/*
** GETSIMPLE -- callback to get userid or authid
**
** Parameters:
** context -- sai
** id -- what to do
** result -- (pointer to) result
** len -- (pointer to) length of result
**
** Returns:
** OK/failure values
*/
static int
getsimple(context, id, result, len)
void *context;
int id;
const char **result;
unsigned *len;
{
SASL_AI_T *sai;
if (result == NULL || context == NULL)
return SASL_BADPARAM;
sai = (SASL_AI_T *) context;
switch (id)
{
case SASL_CB_USER:
*result = (*sai)[SASL_USER];
if (tTd(95, 5))
sm_syslog(LOG_DEBUG, NOQID, "AUTH username '%s'",
*result);
if (len != NULL)
*len = *result != NULL ? strlen(*result) : 0;
break;
case SASL_CB_AUTHNAME:
*result = (*sai)[SASL_AUTHID];
if (tTd(95, 5))
sm_syslog(LOG_DEBUG, NOQID, "AUTH authid '%s'",
*result);
if (len != NULL)
*len = *result != NULL ? strlen(*result) : 0;
break;
case SASL_CB_LANGUAGE:
*result = NULL;
if (len != NULL)
*len = 0;
break;
default:
return SASL_BADPARAM;
}
return SASL_OK;
}
/*
** GETSECRET -- callback to get password
**
** Parameters:
** conn -- connection information
** context -- sai
** id -- what to do
** psecret -- (pointer to) result
**
** Returns:
** OK/failure values
*/
static int
getsecret(conn, context, id, psecret)
sasl_conn_t *conn;
SM_UNUSED(void *context);
int id;
sasl_secret_t **psecret;
{
int len;
char *authpass;
MCI *mci;
if (conn == NULL || psecret == NULL || id != SASL_CB_PASS)
return SASL_BADPARAM;
mci = (MCI *) context;
authpass = mci->mci_sai[SASL_PASSWORD];
len = strlen(authpass);
/*
** use an rpool because we are responsible for free()ing the secret,
** but we can't free() it until after the auth completes
*/
*psecret = (sasl_secret_t *) sm_rpool_malloc(mci->mci_rpool,
sizeof(sasl_secret_t) +
len + 1);
if (*psecret == NULL)
return SASL_FAIL;
(void) sm_strlcpy((char *) (*psecret)->data, authpass, len + 1);
(*psecret)->len = (unsigned long) len;
return SASL_OK;
}
# else /* SASL >= 20000 */
/*
** GETSIMPLE -- callback to get userid or authid
**
** Parameters:
** context -- sai
** id -- what to do
** result -- (pointer to) result
** len -- (pointer to) length of result
**
** Returns:
** OK/failure values
*/
static int
getsimple(context, id, result, len)
void *context;
int id;
const char **result;
unsigned *len;
{
char *h, *s;
# if SASL > 10509
bool addrealm;
-# endif /* SASL > 10509 */
+# endif
size_t l;
SASL_AI_T *sai;
char *authid = NULL;
if (result == NULL || context == NULL)
return SASL_BADPARAM;
sai = (SASL_AI_T *) context;
/*
** Unfortunately it is not clear whether this routine should
** return a copy of a string or just a pointer to a string.
** The Cyrus-SASL plugins treat these return values differently, e.g.,
** plugins/cram.c free()s authid, plugings/digestmd5.c does not.
** The best solution to this problem is to fix Cyrus-SASL, but it
** seems there is nobody who creates patches... Hello CMU!?
** The second best solution is to have flags that tell this routine
** whether to return an malloc()ed copy.
** The next best solution is to always return an malloc()ed copy,
** and suffer from some memory leak, which is ugly for persistent
** queue runners.
** For now we go with the last solution...
** We can't use rpools (which would avoid this particular problem)
** as explained in sasl.c.
*/
switch (id)
{
case SASL_CB_USER:
l = strlen((*sai)[SASL_USER]) + 1;
s = sm_sasl_malloc(l);
if (s == NULL)
{
if (len != NULL)
*len = 0;
*result = NULL;
return SASL_NOMEM;
}
(void) sm_strlcpy(s, (*sai)[SASL_USER], l);
*result = s;
if (tTd(95, 5))
sm_syslog(LOG_DEBUG, NOQID, "AUTH username '%s'",
*result);
if (len != NULL)
*len = *result != NULL ? strlen(*result) : 0;
break;
case SASL_CB_AUTHNAME:
h = (*sai)[SASL_AUTHID];
# if SASL > 10509
/* XXX maybe other mechanisms too?! */
addrealm = (*sai)[SASL_MECH] != NULL &&
sm_strcasecmp((*sai)[SASL_MECH], "CRAM-MD5") == 0;
/*
** Add realm to authentication id unless authid contains
** '@' (i.e., a realm) or the default realm is empty.
*/
if (addrealm && h != NULL && strchr(h, '@') == NULL)
{
/* has this been done before? */
if ((*sai)[SASL_ID_REALM] == NULL)
{
char *realm;
realm = (*sai)[SASL_DEFREALM];
/* do not add an empty realm */
if (*realm == '\0')
{
authid = h;
(*sai)[SASL_ID_REALM] = NULL;
}
else
{
l = strlen(h) + strlen(realm) + 2;
/* should use rpool, but from where? */
authid = sm_sasl_malloc(l);
if (authid != NULL)
{
(void) sm_snprintf(authid, l,
"%s@%s",
h, realm);
(*sai)[SASL_ID_REALM] = authid;
}
else
{
authid = h;
(*sai)[SASL_ID_REALM] = NULL;
}
}
}
else
authid = (*sai)[SASL_ID_REALM];
}
else
# endif /* SASL > 10509 */
authid = h;
l = strlen(authid) + 1;
s = sm_sasl_malloc(l);
if (s == NULL)
{
if (len != NULL)
*len = 0;
*result = NULL;
return SASL_NOMEM;
}
(void) sm_strlcpy(s, authid, l);
*result = s;
if (tTd(95, 5))
sm_syslog(LOG_DEBUG, NOQID, "AUTH authid '%s'",
*result);
if (len != NULL)
*len = authid ? strlen(authid) : 0;
break;
case SASL_CB_LANGUAGE:
*result = NULL;
if (len != NULL)
*len = 0;
break;
default:
return SASL_BADPARAM;
}
return SASL_OK;
}
/*
** GETSECRET -- callback to get password
**
** Parameters:
** conn -- connection information
** context -- sai
** id -- what to do
** psecret -- (pointer to) result
**
** Returns:
** OK/failure values
*/
static int
getsecret(conn, context, id, psecret)
sasl_conn_t *conn;
SM_UNUSED(void *context);
int id;
sasl_secret_t **psecret;
{
int len;
char *authpass;
SASL_AI_T *sai;
if (conn == NULL || psecret == NULL || id != SASL_CB_PASS)
return SASL_BADPARAM;
sai = (SASL_AI_T *) context;
authpass = (*sai)[SASL_PASSWORD];
len = strlen(authpass);
*psecret = (sasl_secret_t *) sm_sasl_malloc(sizeof(sasl_secret_t) +
len + 1);
if (*psecret == NULL)
return SASL_FAIL;
(void) sm_strlcpy((*psecret)->data, authpass, len + 1);
(*psecret)->len = (unsigned long) len;
return SASL_OK;
}
# endif /* SASL >= 20000 */
/*
** SAFESASLFILE -- callback for sasl: is file safe?
**
** Parameters:
** context -- pointer to context between invocations (unused)
** file -- name of file to check
** type -- type of file to check
**
** Returns:
** SASL_OK -- file can be used
** SASL_CONTINUE -- don't use file
** SASL_FAIL -- failure (not used here)
**
*/
int
#if SASL > 10515
safesaslfile(context, file, type)
-#else /* SASL > 10515 */
+#else
safesaslfile(context, file)
-#endif /* SASL > 10515 */
+#endif
void *context;
# if SASL >= 20000
const char *file;
-# else /* SASL >= 20000 */
+# else
char *file;
-# endif /* SASL >= 20000 */
+# endif
#if SASL > 10515
# if SASL >= 20000
sasl_verify_type_t type;
-# else /* SASL >= 20000 */
+# else
int type;
-# endif /* SASL >= 20000 */
-#endif /* SASL > 10515 */
+# endif
+#endif
{
long sff;
int r;
#if SASL <= 10515
size_t len;
-#endif /* SASL <= 10515 */
+#endif
char *p;
if (file == NULL || *file == '\0')
return SASL_OK;
+ if (tTd(95, 16))
+ sm_dprintf("safesaslfile=%s\n", file);
sff = SFF_SAFEDIRPATH|SFF_NOWLINK|SFF_NOWWFILES|SFF_ROOTOK;
#if SASL <= 10515
if ((p = strrchr(file, '/')) == NULL)
p = file;
else
++p;
/* everything beside libs and .conf files must not be readable */
len = strlen(p);
if ((len <= 3 || strncmp(p, "lib", 3) != 0) &&
(len <= 5 || strncmp(p + len - 5, ".conf", 5) != 0))
{
if (!bitnset(DBS_GROUPREADABLESASLDBFILE, DontBlameSendmail))
sff |= SFF_NORFILES;
if (!bitnset(DBS_GROUPWRITABLESASLDBFILE, DontBlameSendmail))
sff |= SFF_NOGWFILES;
}
#else /* SASL <= 10515 */
/* files containing passwords should be not readable */
if (type == SASL_VRFY_PASSWD)
{
if (bitnset(DBS_GROUPREADABLESASLDBFILE, DontBlameSendmail))
sff |= SFF_NOWRFILES;
else
sff |= SFF_NORFILES;
if (!bitnset(DBS_GROUPWRITABLESASLDBFILE, DontBlameSendmail))
sff |= SFF_NOGWFILES;
}
#endif /* SASL <= 10515 */
p = (char *) file;
if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff,
S_IRUSR, NULL)) == 0)
return SASL_OK;
if (LogLevel > (r != ENOENT ? 8 : 10))
sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s",
p, sm_errstring(r));
return SASL_CONTINUE;
}
/*
** SASLGETREALM -- return the realm for SASL
**
** return the realm for the client
**
** Parameters:
** context -- context shared between invocations
** availrealms -- list of available realms
** {realm, realm, ...}
** result -- pointer to result
**
** Returns:
** failure/success
*/
static int
saslgetrealm(context, id, availrealms, result)
void *context;
int id;
const char **availrealms;
const char **result;
{
char *r;
SASL_AI_T *sai;
sai = (SASL_AI_T *) context;
if (sai == NULL)
return SASL_FAIL;
r = (*sai)[SASL_DEFREALM];
if (LogLevel > 12)
sm_syslog(LOG_INFO, NOQID,
"AUTH=client, realm=%s, available realms=%s",
r == NULL ? "<No Realm>" : r,
(availrealms == NULL || *availrealms == NULL)
? "<No Realms>" : *availrealms);
/* check whether context is in list */
if (availrealms != NULL && *availrealms != NULL)
{
if (iteminlist(context, (char *)(*availrealms + 1), " ,}") ==
NULL)
{
if (LogLevel > 8)
sm_syslog(LOG_ERR, NOQID,
"AUTH=client, realm=%s not in list=%s",
r, *availrealms);
return SASL_FAIL;
}
}
*result = r;
return SASL_OK;
}
/*
** ITEMINLIST -- does item appear in list?
**
** Check whether item appears in list (which must be separated by a
** character in delim) as a "word", i.e. it must appear at the begin
** of the list or after a space, and it must end with a space or the
** end of the list.
**
** Parameters:
** item -- item to search.
** list -- list of items.
** delim -- list of delimiters.
**
** Returns:
** pointer to occurrence (NULL if not found).
*/
char *
iteminlist(item, list, delim)
char *item;
char *list;
char *delim;
{
char *s;
int len;
if (list == NULL || *list == '\0')
return NULL;
if (item == NULL || *item == '\0')
return NULL;
s = list;
len = strlen(item);
while (s != NULL && *s != '\0')
{
if (sm_strncasecmp(s, item, len) == 0 &&
(s[len] == '\0' || strchr(delim, s[len]) != NULL))
return s;
s = strpbrk(s, delim);
if (s != NULL)
while (*++s == ' ')
continue;
}
return NULL;
}
/*
** REMOVEMECH -- remove item [rem] from list [list]
**
** Parameters:
** rem -- item to remove
** list -- list of items
** rpool -- resource pool from which result is allocated.
**
** Returns:
** pointer to new list (NULL in case of error).
*/
static char *
removemech(rem, list, rpool)
char *rem;
char *list;
SM_RPOOL_T *rpool;
{
char *ret;
char *needle;
int len;
if (list == NULL)
return NULL;
if (rem == NULL || *rem == '\0')
{
/* take out what? */
return NULL;
}
/* find the item in the list */
if ((needle = iteminlist(rem, list, " ")) == NULL)
{
/* not in there: return original */
return list;
}
/* length of string without rem */
len = strlen(list) - strlen(rem);
if (len <= 0)
{
ret = (char *) sm_rpool_malloc_x(rpool, 1);
*ret = '\0';
return ret;
}
ret = (char *) sm_rpool_malloc_x(rpool, len);
memset(ret, '\0', len);
/* copy from start to removed item */
memcpy(ret, list, needle - list);
/* length of rest of string past removed item */
len = strlen(needle) - strlen(rem) - 1;
if (len > 0)
{
/* not last item -- copy into string */
memcpy(ret + (needle - list),
list + (needle - list) + strlen(rem) + 1,
len);
}
else
ret[(needle - list) - 1] = '\0';
return ret;
}
/*
** ATTEMPTAUTH -- try to AUTHenticate using one mechanism
**
** Parameters:
** m -- the mailer.
** mci -- the mailer connection structure.
** e -- the envelope (including the sender to specify).
** sai - sasl authinfo
**
** Returns:
** EX_OK -- authentication was successful.
** EX_NOPERM -- authentication failed.
** EX_IOERR -- authentication dialogue failed (I/O problem?).
** EX_TEMPFAIL -- temporary failure.
**
*/
static int
attemptauth(m, mci, e, sai)
MAILER *m;
MCI *mci;
ENVELOPE *e;
SASL_AI_T *sai;
{
int saslresult, smtpresult;
# if SASL >= 20000
sasl_ssf_t ssf;
const char *auth_id;
const char *out;
# else /* SASL >= 20000 */
sasl_external_properties_t ssf;
char *out;
# endif /* SASL >= 20000 */
unsigned int outlen;
sasl_interact_t *client_interact = NULL;
char *mechusing;
sasl_security_properties_t ssp;
/* MUST NOT be a multiple of 4: bug in some sasl_encode64() versions */
char in64[MAXOUTLEN + 1];
#if NETINET || (NETINET6 && SASL >= 20000)
extern SOCKADDR CurHostAddr;
-#endif /* NETINET || (NETINET6 && SASL >= 20000) */
+#endif
/* no mechanism selected (yet) */
(*sai)[SASL_MECH] = NULL;
/* dispose old connection */
if (mci->mci_conn != NULL)
sasl_dispose(&(mci->mci_conn));
/* make a new client sasl connection */
# if SASL >= 20000
/*
** We provide the callbacks again because global callbacks in
** sasl_client_init() are ignored if SASL has been initialized
** before, for example, by a library such as libnss-ldap.
*/
saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp"
: "smtp",
CurHostName, NULL, NULL, callbacks, 0,
&mci->mci_conn);
# else /* SASL >= 20000 */
saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp"
: "smtp",
CurHostName, NULL, 0, &mci->mci_conn);
# endif /* SASL >= 20000 */
if (saslresult != SASL_OK)
return EX_TEMPFAIL;
/* set properties */
(void) memset(&ssp, '\0', sizeof(ssp));
/* XXX should these be options settable via .cf ? */
ssp.max_ssf = MaxSLBits;
ssp.maxbufsize = MAXOUTLEN;
# if 0
ssp.security_flags = SASL_SEC_NOPLAINTEXT;
-# endif /* 0 */
+# endif
saslresult = sasl_setprop(mci->mci_conn, SASL_SEC_PROPS, &ssp);
if (saslresult != SASL_OK)
return EX_TEMPFAIL;
# if SASL >= 20000
/* external security strength factor, authentication id */
ssf = 0;
auth_id = NULL;
# if STARTTLS
out = macvalue(macid("{cert_subject}"), e);
if (out != NULL && *out != '\0')
auth_id = out;
out = macvalue(macid("{cipher_bits}"), e);
if (out != NULL && *out != '\0')
ssf = atoi(out);
# endif /* STARTTLS */
saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf);
if (saslresult != SASL_OK)
return EX_TEMPFAIL;
saslresult = sasl_setprop(mci->mci_conn, SASL_AUTH_EXTERNAL, auth_id);
if (saslresult != SASL_OK)
return EX_TEMPFAIL;
# if NETINET || NETINET6
/* set local/remote ipv4 addresses */
if (mci->mci_out != NULL && (
# if NETINET6
CurHostAddr.sa.sa_family == AF_INET6 ||
-# endif /* NETINET6 */
+# endif
CurHostAddr.sa.sa_family == AF_INET))
{
SOCKADDR_LEN_T addrsize;
SOCKADDR saddr_l;
char localip[60], remoteip[60];
switch (CurHostAddr.sa.sa_family)
{
case AF_INET:
addrsize = sizeof(struct sockaddr_in);
break;
# if NETINET6
case AF_INET6:
addrsize = sizeof(struct sockaddr_in6);
break;
-# endif /* NETINET6 */
+# endif
default:
break;
}
if (iptostring(&CurHostAddr, addrsize,
remoteip, sizeof(remoteip)))
{
if (sasl_setprop(mci->mci_conn, SASL_IPREMOTEPORT,
remoteip) != SASL_OK)
return EX_TEMPFAIL;
}
addrsize = sizeof(saddr_l);
if (getsockname(sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD,
NULL),
(struct sockaddr *) &saddr_l, &addrsize) == 0)
{
if (iptostring(&saddr_l, addrsize,
localip, sizeof(localip)))
{
if (sasl_setprop(mci->mci_conn,
SASL_IPLOCALPORT,
localip) != SASL_OK)
return EX_TEMPFAIL;
}
}
}
# endif /* NETINET || NETINET6 */
/* start client side of sasl */
saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap,
&client_interact,
&out, &outlen,
(const char **) &mechusing);
# else /* SASL >= 20000 */
/* external security strength factor, authentication id */
ssf.ssf = 0;
ssf.auth_id = NULL;
# if STARTTLS
out = macvalue(macid("{cert_subject}"), e);
if (out != NULL && *out != '\0')
ssf.auth_id = out;
out = macvalue(macid("{cipher_bits}"), e);
if (out != NULL && *out != '\0')
ssf.ssf = atoi(out);
# endif /* STARTTLS */
saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf);
if (saslresult != SASL_OK)
return EX_TEMPFAIL;
# if NETINET
/* set local/remote ipv4 addresses */
if (mci->mci_out != NULL && CurHostAddr.sa.sa_family == AF_INET)
{
SOCKADDR_LEN_T addrsize;
struct sockaddr_in saddr_l;
if (sasl_setprop(mci->mci_conn, SASL_IP_REMOTE,
(struct sockaddr_in *) &CurHostAddr)
!= SASL_OK)
return EX_TEMPFAIL;
addrsize = sizeof(struct sockaddr_in);
if (getsockname(sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD,
NULL),
(struct sockaddr *) &saddr_l, &addrsize) == 0)
{
if (sasl_setprop(mci->mci_conn, SASL_IP_LOCAL,
&saddr_l) != SASL_OK)
return EX_TEMPFAIL;
}
}
# endif /* NETINET */
/* start client side of sasl */
saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap,
NULL, &client_interact,
&out, &outlen,
(const char **) &mechusing);
# endif /* SASL >= 20000 */
if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
{
if (saslresult == SASL_NOMECH && LogLevel > 8)
{
sm_syslog(LOG_NOTICE, e->e_id,
- "AUTH=client, available mechanisms do not fulfill requirements");
+ "AUTH=client, available mechanisms=%s do not fulfill requirements", mci->mci_saslcap);
}
return EX_TEMPFAIL;
}
/* just point current mechanism to the data in the sasl library */
(*sai)[SASL_MECH] = mechusing;
/* send the info across the wire */
if (out == NULL
/* login and digest-md5 up to 1.5.28 set out="" */
|| (outlen == 0 &&
(sm_strcasecmp(mechusing, "LOGIN") == 0 ||
sm_strcasecmp(mechusing, "DIGEST-MD5") == 0))
)
{
/* no initial response */
smtpmessage("AUTH %s", m, mci, mechusing);
}
else if (outlen == 0)
{
/*
** zero-length initial response, per RFC 2554 4.:
** "Unlike a zero-length client answer to a 334 reply, a zero-
** length initial response is sent as a single equals sign"
*/
smtpmessage("AUTH %s =", m, mci, mechusing);
}
else
{
saslresult = sasl_encode64(out, outlen, in64, sizeof(in64),
NULL);
if (saslresult != SASL_OK) /* internal error */
{
if (LogLevel > 8)
sm_syslog(LOG_ERR, e->e_id,
"encode64 for AUTH failed");
return EX_TEMPFAIL;
}
smtpmessage("AUTH %s %s", m, mci, mechusing, in64);
}
# if SASL < 20000
sm_sasl_free(out); /* XXX only if no rpool is used */
-# endif /* SASL < 20000 */
+# endif
/* get the reply */
smtpresult = reply(m, mci, e, TimeOuts.to_auth, getsasldata, NULL,
XS_AUTH);
for (;;)
{
/* check return code from server */
if (smtpresult == 235)
{
macdefine(&mci->mci_macro, A_TEMP, macid("{auth_type}"),
mechusing);
return EX_OK;
}
if (smtpresult == -1)
return EX_IOERR;
if (REPLYTYPE(smtpresult) == 5)
return EX_NOPERM; /* ugly, but ... */
if (REPLYTYPE(smtpresult) != 3)
{
/* should we fail deliberately, see RFC 2554 4. ? */
/* smtpmessage("*", m, mci); */
return EX_TEMPFAIL;
}
saslresult = sasl_client_step(mci->mci_conn,
mci->mci_sasl_string,
mci->mci_sasl_string_len,
&client_interact,
&out, &outlen);
if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
{
if (tTd(95, 5))
sm_dprintf("AUTH FAIL=%s (%d)\n",
sasl_errstring(saslresult, NULL, NULL),
saslresult);
/* fail deliberately, see RFC 2554 4. */
smtpmessage("*", m, mci);
/*
** but we should only fail for this authentication
** mechanism; how to do that?
*/
smtpresult = reply(m, mci, e, TimeOuts.to_auth,
getsasldata, NULL, XS_AUTH);
return EX_NOPERM;
}
if (outlen > 0)
{
saslresult = sasl_encode64(out, outlen, in64,
sizeof(in64), NULL);
if (saslresult != SASL_OK)
{
/* give an error reply to the other side! */
smtpmessage("*", m, mci);
return EX_TEMPFAIL;
}
}
else
in64[0] = '\0';
# if SASL < 20000
sm_sasl_free(out); /* XXX only if no rpool is used */
-# endif /* SASL < 20000 */
+# endif
smtpmessage("%s", m, mci, in64);
smtpresult = reply(m, mci, e, TimeOuts.to_auth,
getsasldata, NULL, XS_AUTH);
}
/* NOTREACHED */
}
/*
** SMTPAUTH -- try to AUTHenticate
**
** This will try mechanisms in the order the sasl library decided until:
** - there are no more mechanisms
** - a mechanism succeeds
** - the sasl library fails initializing
**
** Parameters:
** m -- the mailer.
** mci -- the mailer connection info.
** e -- the envelope.
**
** Returns:
** EX_OK -- authentication was successful
** EX_UNAVAILABLE -- authentication not possible, e.g.,
** no data available.
** EX_NOPERM -- authentication failed.
** EX_TEMPFAIL -- temporary failure.
**
** Notice: AuthInfo is used for all connections, hence we must
** return EX_TEMPFAIL only if we really want to retry, i.e.,
** iff getauth() tempfailed or getauth() was used and
** authentication tempfailed.
*/
int
smtpauth(m, mci, e)
MAILER *m;
MCI *mci;
ENVELOPE *e;
{
int result;
int i;
bool usedgetauth;
mci->mci_sasl_auth = false;
for (i = 0; i < SASL_MECH ; i++)
mci->mci_sai[i] = NULL;
result = getauth(mci, e, &(mci->mci_sai));
if (result == EX_TEMPFAIL)
return result;
usedgetauth = true;
/* no data available: don't try to authenticate */
if (result == EX_OK && mci->mci_sai[SASL_AUTHID] == NULL)
return result;
if (result != EX_OK)
{
if (SASLInfo == NULL)
return EX_UNAVAILABLE;
/* read authinfo from file */
result = readauth(SASLInfo, true, &(mci->mci_sai),
mci->mci_rpool);
if (result != EX_OK)
return result;
usedgetauth = false;
}
/* check whether sufficient data is available */
if (mci->mci_sai[SASL_PASSWORD] == NULL ||
*(mci->mci_sai)[SASL_PASSWORD] == '\0')
return EX_UNAVAILABLE;
if ((mci->mci_sai[SASL_AUTHID] == NULL ||
*(mci->mci_sai)[SASL_AUTHID] == '\0') &&
(mci->mci_sai[SASL_USER] == NULL ||
*(mci->mci_sai)[SASL_USER] == '\0'))
return EX_UNAVAILABLE;
/* set the context for the callback function to sai */
# if SASL >= 20000
callbacks[CB_PASS_IDX].context = (void *) mci;
-# else /* SASL >= 20000 */
+# else
callbacks[CB_PASS_IDX].context = (void *) &mci->mci_sai;
-# endif /* SASL >= 20000 */
+# endif
callbacks[CB_USER_IDX].context = (void *) &mci->mci_sai;
callbacks[CB_AUTHNAME_IDX].context = (void *) &mci->mci_sai;
callbacks[CB_GETREALM_IDX].context = (void *) &mci->mci_sai;
#if 0
callbacks[CB_SAFESASL_IDX].context = (void *) &mci->mci_sai;
-#endif /* 0 */
+#endif
/* set default value for realm */
if ((mci->mci_sai)[SASL_DEFREALM] == NULL)
(mci->mci_sai)[SASL_DEFREALM] = sm_rpool_strdup_x(e->e_rpool,
macvalue('j', CurEnv));
/* set default value for list of mechanism to use */
if ((mci->mci_sai)[SASL_MECHLIST] == NULL ||
*(mci->mci_sai)[SASL_MECHLIST] == '\0')
(mci->mci_sai)[SASL_MECHLIST] = AuthMechanisms;
/* create list of mechanisms to try */
mci->mci_saslcap = intersect((mci->mci_sai)[SASL_MECHLIST],
mci->mci_saslcap, mci->mci_rpool);
/* initialize sasl client library */
result = init_sasl_client();
if (result != SASL_OK)
return usedgetauth ? EX_TEMPFAIL : EX_UNAVAILABLE;
do
{
result = attemptauth(m, mci, e, &(mci->mci_sai));
if (result == EX_OK)
mci->mci_sasl_auth = true;
else if (result == EX_TEMPFAIL || result == EX_NOPERM)
{
mci->mci_saslcap = removemech((mci->mci_sai)[SASL_MECH],
mci->mci_saslcap,
mci->mci_rpool);
if (mci->mci_saslcap == NULL ||
*(mci->mci_saslcap) == '\0')
return usedgetauth ? result
: EX_UNAVAILABLE;
}
else
return result;
} while (result != EX_OK);
return result;
}
#endif /* SASL */
/*
** SMTPMAILFROM -- send MAIL command
**
** Parameters:
** m -- the mailer.
** mci -- the mailer connection structure.
** e -- the envelope (including the sender to specify).
*/
int
smtpmailfrom(m, mci, e)
MAILER *m;
MCI *mci;
ENVELOPE *e;
{
int r;
char *bufp;
char *bodytype;
char *enhsc;
char buf[MAXNAME + 1];
char optbuf[MAXLINE];
if (tTd(18, 2))
sm_dprintf("smtpmailfrom: CurHost=%s\n", CurHostName);
enhsc = NULL;
/*
** Check if connection is gone, if so
** it's a tempfail and we use mci_errno
** for the reason.
*/
if (mci->mci_state == MCIS_CLOSED)
{
errno = mci->mci_errno;
return EX_TEMPFAIL;
}
+#if _FFR_EAI
+ /*
+ ** Abort right away if the message needs SMTPUTF8 and the
+ ** server does not advertise SMTPUTF8.
+ */
+
+ if (e->e_smtputf8 && !bitset(MCIF_EAI, mci->mci_flags)) {
+ usrerrenh("5.6.7", "%s does not support SMTPUTF8", CurHostName);
+ mci_setstat(mci, EX_NOTSTICKY, "5.6.7", NULL);
+ return EX_DATAERR;
+ }
+#endif /* _FFR_EAI */
+
/* set up appropriate options to include */
if (bitset(MCIF_SIZE, mci->mci_flags) && e->e_msgsize > 0)
{
(void) sm_snprintf(optbuf, sizeof(optbuf), " SIZE=%ld",
e->e_msgsize);
bufp = &optbuf[strlen(optbuf)];
}
else
{
optbuf[0] = '\0';
bufp = optbuf;
}
+#if _FFR_EAI
+ if (e->e_smtputf8) {
+ (void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
+ " SMTPUTF8");
+ bufp += strlen(bufp);
+ }
+#endif /* _FFR_EAI */
+
bodytype = e->e_bodytype;
if (bitset(MCIF_8BITMIME, mci->mci_flags))
{
if (bodytype == NULL &&
bitset(MM_MIME8BIT, MimeMode) &&
bitset(EF_HAS8BIT, e->e_flags) &&
!bitset(EF_DONT_MIME, e->e_flags) &&
!bitnset(M_8BITS, m->m_flags))
bodytype = "8BITMIME";
if (bodytype != NULL &&
SPACELEFT(optbuf, bufp) > strlen(bodytype) + 7)
{
(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
" BODY=%s", bodytype);
bufp += strlen(bufp);
}
}
else if (bitnset(M_8BITS, m->m_flags) ||
!bitset(EF_HAS8BIT, e->e_flags) ||
bitset(MCIF_8BITOK, mci->mci_flags))
{
/* EMPTY */
/* just pass it through */
}
#if MIME8TO7
else if (bitset(MM_CVTMIME, MimeMode) &&
!bitset(EF_DONT_MIME, e->e_flags) &&
(!bitset(MM_PASS8BIT, MimeMode) ||
bitset(EF_IS_MIME, e->e_flags)))
{
/* must convert from 8bit MIME format to 7bit encoded */
mci->mci_flags |= MCIF_CVT8TO7;
}
#endif /* MIME8TO7 */
else if (!bitset(MM_PASS8BIT, MimeMode))
{
/* cannot just send a 8-bit version */
extern char MsgBuf[];
usrerrenh("5.6.3", "%s does not support 8BITMIME", CurHostName);
mci_setstat(mci, EX_NOTSTICKY, "5.6.3", MsgBuf);
return EX_DATAERR;
}
if (bitset(MCIF_DSN, mci->mci_flags))
{
if (e->e_envid != NULL &&
SPACELEFT(optbuf, bufp) > strlen(e->e_envid) + 7)
{
(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
" ENVID=%s", e->e_envid);
bufp += strlen(bufp);
}
/* RET= parameter */
if (bitset(EF_RET_PARAM, e->e_flags) &&
SPACELEFT(optbuf, bufp) > 9)
{
(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
" RET=%s",
bitset(EF_NO_BODY_RETN, e->e_flags) ?
"HDRS" : "FULL");
bufp += strlen(bufp);
}
}
if (bitset(MCIF_AUTH, mci->mci_flags) && e->e_auth_param != NULL &&
SPACELEFT(optbuf, bufp) > strlen(e->e_auth_param) + 7
#if SASL
&& (!bitset(SASL_AUTH_AUTH, SASLOpts) || mci->mci_sasl_auth)
-#endif /* SASL */
+#endif
)
{
(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
" AUTH=%s", e->e_auth_param);
bufp += strlen(bufp);
}
/*
** 17 is the max length required, we could use log() to compute
** the exact length (and check IS_DLVR_TRACE())
*/
if (bitset(MCIF_DLVR_BY, mci->mci_flags) &&
IS_DLVR_BY(e) && SPACELEFT(optbuf, bufp) > 17)
{
long dby;
/*
** Avoid problems with delays (for R) since the check
** in deliver() whether min-deliver-time is sufficient.
** Alternatively we could pass the computed time to this
** function.
*/
dby = e->e_deliver_by - (curtime() - e->e_ctime);
if (dby <= 0 && IS_DLVR_RETURN(e))
dby = mci->mci_min_by <= 0 ? 1 : mci->mci_min_by;
(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
" BY=%ld;%c%s",
dby,
IS_DLVR_RETURN(e) ? 'R' : 'N',
IS_DLVR_TRACE(e) ? "T" : "");
bufp += strlen(bufp);
}
/*
** Send the MAIL command.
** Designates the sender.
*/
mci->mci_state = MCIS_MAIL;
if (bitset(EF_RESPONSE, e->e_flags) &&
!bitnset(M_NO_NULL_FROM, m->m_flags))
buf[0] = '\0';
else
expand("\201g", buf, sizeof(buf), e);
if (buf[0] == '<')
{
/* strip off <angle brackets> (put back on below) */
bufp = &buf[strlen(buf) - 1];
if (*bufp == '>')
*bufp = '\0';
bufp = &buf[1];
}
else
bufp = buf;
if (bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) ||
!bitnset(M_FROMPATH, m->m_flags))
{
smtpmessage("MAIL From:<%s>%s", m, mci, bufp, optbuf);
}
else
{
smtpmessage("MAIL From:<@%s%c%s>%s", m, mci, MyHostName,
*bufp == '@' ? ',' : ':', bufp, optbuf);
}
SmtpPhase = mci->mci_phase = "client MAIL";
sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
CurHostName, mci->mci_phase);
r = reply(m, mci, e, TimeOuts.to_mail, NULL, &enhsc, XS_MAIL);
if (r < 0)
{
/* communications failure */
mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
return EX_TEMPFAIL;
}
else if (r == SMTPCLOSING)
{
/* service shutting down: handled by reply() */
return EX_TEMPFAIL;
}
else if (REPLYTYPE(r) == 4)
{
mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, smtptodsn(r)),
SmtpReplyBuffer);
return EX_TEMPFAIL;
}
else if (REPLYTYPE(r) == 2)
{
return EX_OK;
}
else if (r == 501)
{
/* syntax error in arguments */
mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.5.2"),
SmtpReplyBuffer);
return EX_DATAERR;
}
else if (r == 553)
{
/* mailbox name not allowed */
mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.1.3"),
SmtpReplyBuffer);
return EX_DATAERR;
}
else if (r == 552)
{
/* exceeded storage allocation */
mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.3.4"),
SmtpReplyBuffer);
if (bitset(MCIF_SIZE, mci->mci_flags))
e->e_flags |= EF_NO_BODY_RETN;
return EX_UNAVAILABLE;
}
else if (REPLYTYPE(r) == 5)
{
/* unknown error */
mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.0.0"),
SmtpReplyBuffer);
return EX_UNAVAILABLE;
}
if (LogLevel > 1)
{
sm_syslog(LOG_CRIT, e->e_id,
"%.100s: SMTP MAIL protocol error: %s",
CurHostName,
shortenstring(SmtpReplyBuffer, 403));
}
/* protocol error -- close up */
mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
SmtpReplyBuffer);
smtpquit(m, mci, e);
return EX_PROTOCOL;
}
/*
** SMTPRCPT -- designate recipient.
**
** Parameters:
** to -- address of recipient.
** m -- the mailer we are sending to.
** mci -- the connection info for this transaction.
** e -- the envelope for this transaction.
**
** Returns:
** exit status corresponding to recipient status.
**
** Side Effects:
** Sends the mail via SMTP.
*/
int
smtprcpt(to, m, mci, e, ctladdr, xstart)
ADDRESS *to;
register MAILER *m;
MCI *mci;
ENVELOPE *e;
ADDRESS *ctladdr;
time_t xstart;
{
char *bufp;
char optbuf[MAXLINE];
#if PIPELINING
/*
** If there is status waiting from the other end, read it.
** This should normally happen because of SMTP pipelining.
*/
while (mci->mci_nextaddr != NULL &&
sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0)
{
int r;
r = smtprcptstat(mci->mci_nextaddr, m, mci, e);
if (r != EX_OK)
{
markfailure(e, mci->mci_nextaddr, mci, r, false);
giveresponse(r, mci->mci_nextaddr->q_status, m, mci,
ctladdr, xstart, e, to);
}
mci->mci_nextaddr = mci->mci_nextaddr->q_pchain;
}
#endif /* PIPELINING */
/*
** Check if connection is gone, if so
** it's a tempfail and we use mci_errno
** for the reason.
*/
if (mci->mci_state == MCIS_CLOSED)
{
errno = mci->mci_errno;
return EX_TEMPFAIL;
}
optbuf[0] = '\0';
bufp = optbuf;
/*
** Warning: in the following it is assumed that the free space
** in bufp is sizeof(optbuf)
*/
if (bitset(MCIF_DSN, mci->mci_flags))
{
if (IS_DLVR_NOTIFY(e) &&
!bitset(MCIF_DLVR_BY, mci->mci_flags))
{
/* RFC 2852: 4.1.4.2 */
if (!bitset(QHASNOTIFY, to->q_flags))
to->q_flags |= QPINGONFAILURE|QPINGONDELAY|QHASNOTIFY;
else if (bitset(QPINGONSUCCESS, to->q_flags) ||
bitset(QPINGONFAILURE, to->q_flags) ||
bitset(QPINGONDELAY, to->q_flags))
to->q_flags |= QPINGONDELAY;
}
/* NOTIFY= parameter */
if (bitset(QHASNOTIFY, to->q_flags) &&
bitset(QPRIMARY, to->q_flags) &&
!bitnset(M_LOCALMAILER, m->m_flags))
{
bool firstone = true;
(void) sm_strlcat(bufp, " NOTIFY=", sizeof(optbuf));
if (bitset(QPINGONSUCCESS, to->q_flags))
{
(void) sm_strlcat(bufp, "SUCCESS", sizeof(optbuf));
firstone = false;
}
if (bitset(QPINGONFAILURE, to->q_flags))
{
if (!firstone)
(void) sm_strlcat(bufp, ",",
sizeof(optbuf));
(void) sm_strlcat(bufp, "FAILURE", sizeof(optbuf));
firstone = false;
}
if (bitset(QPINGONDELAY, to->q_flags))
{
if (!firstone)
(void) sm_strlcat(bufp, ",",
sizeof(optbuf));
(void) sm_strlcat(bufp, "DELAY", sizeof(optbuf));
firstone = false;
}
if (firstone)
(void) sm_strlcat(bufp, "NEVER", sizeof(optbuf));
bufp += strlen(bufp);
}
/* ORCPT= parameter */
if (to->q_orcpt != NULL &&
SPACELEFT(optbuf, bufp) > strlen(to->q_orcpt) + 7)
{
(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
" ORCPT=%s", to->q_orcpt);
bufp += strlen(bufp);
}
}
smtpmessage("RCPT To:<%s>%s", m, mci, to->q_user, optbuf);
mci->mci_state = MCIS_RCPT;
SmtpPhase = mci->mci_phase = "client RCPT";
sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
CurHostName, mci->mci_phase);
#if PIPELINING
/*
** If running SMTP pipelining, we will pick up status later
*/
if (bitset(MCIF_PIPELINED, mci->mci_flags))
return EX_OK;
#endif /* PIPELINING */
return smtprcptstat(to, m, mci, e);
}
/*
** SMTPRCPTSTAT -- get recipient status
**
** This is only called during SMTP pipelining
**
** Parameters:
** to -- address of recipient.
** m -- mailer being sent to.
** mci -- the mailer connection information.
** e -- the envelope for this message.
**
** Returns:
** EX_* -- protocol status
*/
static int
smtprcptstat(to, m, mci, e)
ADDRESS *to;
MAILER *m;
register MCI *mci;
register ENVELOPE *e;
{
int r;
int save_errno;
char *enhsc;
/*
** Check if connection is gone, if so
** it's a tempfail and we use mci_errno
** for the reason.
*/
if (mci->mci_state == MCIS_CLOSED)
{
errno = mci->mci_errno;
return EX_TEMPFAIL;
}
enhsc = NULL;
r = reply(m, mci, e, TimeOuts.to_rcpt, NULL, &enhsc, XS_RCPT);
save_errno = errno;
to->q_rstatus = sm_rpool_strdup_x(e->e_rpool, SmtpReplyBuffer);
to->q_status = ENHSCN_RPOOL(enhsc, smtptodsn(r), e->e_rpool);
if (!bitnset(M_LMTP, m->m_flags))
to->q_statmta = mci->mci_host;
if (r < 0 || REPLYTYPE(r) == 4)
{
mci->mci_retryrcpt = true;
errno = save_errno;
return EX_TEMPFAIL;
}
else if (REPLYTYPE(r) == 2)
{
char *t;
if ((t = mci->mci_tolist) != NULL)
{
char *p;
*t++ = ',';
for (p = to->q_paddr; *p != '\0'; *t++ = *p++)
continue;
*t = '\0';
mci->mci_tolist = t;
}
#if PIPELINING
mci->mci_okrcpts++;
-#endif /* PIPELINING */
+#endif
return EX_OK;
}
else if (r == 550)
{
to->q_status = ENHSCN_RPOOL(enhsc, "5.1.1", e->e_rpool);
return EX_NOUSER;
}
else if (r == 551)
{
to->q_status = ENHSCN_RPOOL(enhsc, "5.1.6", e->e_rpool);
return EX_NOUSER;
}
else if (r == 553)
{
to->q_status = ENHSCN_RPOOL(enhsc, "5.1.3", e->e_rpool);
return EX_NOUSER;
}
else if (REPLYTYPE(r) == 5)
{
return EX_UNAVAILABLE;
}
if (LogLevel > 1)
{
sm_syslog(LOG_CRIT, e->e_id,
"%.100s: SMTP RCPT protocol error: %s",
CurHostName,
shortenstring(SmtpReplyBuffer, 403));
}
mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
SmtpReplyBuffer);
return EX_PROTOCOL;
}
/*
** SMTPDATA -- send the data and clean up the transaction.
**
** Parameters:
** m -- mailer being sent to.
** mci -- the mailer connection information.
** e -- the envelope for this message.
**
** Returns:
** exit status corresponding to DATA command.
*/
int
smtpdata(m, mci, e, ctladdr, xstart)
MAILER *m;
register MCI *mci;
register ENVELOPE *e;
ADDRESS *ctladdr;
time_t xstart;
{
register int r;
int rstat;
int xstat;
int timeout;
char *enhsc;
/*
** Check if connection is gone, if so
** it's a tempfail and we use mci_errno
** for the reason.
*/
if (mci->mci_state == MCIS_CLOSED)
{
errno = mci->mci_errno;
return EX_TEMPFAIL;
}
enhsc = NULL;
/*
** Send the data.
** First send the command and check that it is ok.
** Then send the data (if there are valid recipients).
** Follow it up with a dot to terminate.
** Finally get the results of the transaction.
*/
/* send the command and check ok to proceed */
smtpmessage("DATA", m, mci);
#if PIPELINING
if (mci->mci_nextaddr != NULL)
{
char *oldto = e->e_to;
/* pick up any pending RCPT responses for SMTP pipelining */
while (mci->mci_nextaddr != NULL)
{
- int r;
-
e->e_to = mci->mci_nextaddr->q_paddr;
r = smtprcptstat(mci->mci_nextaddr, m, mci, e);
if (r != EX_OK)
{
markfailure(e, mci->mci_nextaddr, mci, r,
false);
giveresponse(r, mci->mci_nextaddr->q_status, m,
mci, ctladdr, xstart, e,
mci->mci_nextaddr);
if (r == EX_TEMPFAIL)
mci->mci_nextaddr->q_state = QS_RETRY;
}
mci->mci_nextaddr = mci->mci_nextaddr->q_pchain;
}
e->e_to = oldto;
/*
** Connection might be closed in response to a RCPT command,
** i.e., the server responded with 421. In that case (at
** least) one RCPT has a temporary failure, hence we don't
** need to check mci_okrcpts (as it is done below) to figure
** out which error to return.
*/
if (mci->mci_state == MCIS_CLOSED)
{
errno = mci->mci_errno;
return EX_TEMPFAIL;
}
}
#endif /* PIPELINING */
/* now proceed with DATA phase */
SmtpPhase = mci->mci_phase = "client DATA 354";
mci->mci_state = MCIS_DATA;
sm_setproctitle(true, e, "%s %s: %s",
qid_printname(e), CurHostName, mci->mci_phase);
r = reply(m, mci, e, TimeOuts.to_datainit, NULL, &enhsc, XS_DATA);
if (r < 0 || REPLYTYPE(r) == 4)
{
if (r >= 0)
smtpquit(m, mci, e);
errno = mci->mci_errno;
return EX_TEMPFAIL;
}
else if (REPLYTYPE(r) == 5)
{
smtprset(m, mci, e);
#if PIPELINING
if (mci->mci_okrcpts <= 0)
return mci->mci_retryrcpt ? EX_TEMPFAIL
: EX_UNAVAILABLE;
-#endif /* PIPELINING */
+#endif
return EX_UNAVAILABLE;
}
else if (REPLYTYPE(r) != 3)
{
if (LogLevel > 1)
{
sm_syslog(LOG_CRIT, e->e_id,
"%.100s: SMTP DATA-1 protocol error: %s",
CurHostName,
shortenstring(SmtpReplyBuffer, 403));
}
smtprset(m, mci, e);
mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
SmtpReplyBuffer);
#if PIPELINING
if (mci->mci_okrcpts <= 0)
return mci->mci_retryrcpt ? EX_TEMPFAIL
: EX_PROTOCOL;
-#endif /* PIPELINING */
+#endif
return EX_PROTOCOL;
}
#if PIPELINING
if (mci->mci_okrcpts > 0)
{
-#endif /* PIPELINING */
+#endif
/*
** Set timeout around data writes. Make it at least large
** enough for DNS timeouts on all recipients plus some fudge
** factor. The main thing is that it should not be infinite.
*/
if (tTd(18, 101))
{
/* simulate a DATA timeout */
timeout = 10;
}
else
timeout = DATA_PROGRESS_TIMEOUT * 1000;
sm_io_setinfo(mci->mci_out, SM_IO_WHAT_TIMEOUT, &timeout);
/*
** Output the actual message.
*/
if (!(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER))
goto writeerr;
if (tTd(18, 101))
{
/* simulate a DATA timeout */
(void) sleep(2);
}
if (!(*e->e_putbody)(mci, e, NULL))
goto writeerr;
/*
** Cleanup after sending message.
*/
#if PIPELINING
}
-#endif /* PIPELINING */
+#endif
#if _FFR_CATCH_BROKEN_MTAS
if (sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0)
{
/* terminate the message */
(void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s",
m->m_eol);
if (TrafficLogFile != NULL)
(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
"%05d >>> .\n", (int) CurrentPid);
if (Verbose)
nmessage(">>> .");
sm_syslog(LOG_CRIT, e->e_id,
"%.100s: SMTP DATA-1 protocol error: remote server returned response before final dot",
CurHostName);
mci->mci_errno = EIO;
mci->mci_state = MCIS_ERROR;
mci_setstat(mci, EX_PROTOCOL, "5.5.0", NULL);
smtpquit(m, mci, e);
return EX_PROTOCOL;
}
#endif /* _FFR_CATCH_BROKEN_MTAS */
if (sm_io_error(mci->mci_out))
{
/* error during processing -- don't send the dot */
mci->mci_errno = EIO;
mci->mci_state = MCIS_ERROR;
mci_setstat(mci, EX_IOERR, "4.4.2", NULL);
smtpquit(m, mci, e);
return EX_IOERR;
}
/* terminate the message */
if (sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, "%s.%s",
bitset(MCIF_INLONGLINE, mci->mci_flags) ? m->m_eol : "",
m->m_eol) == SM_IO_EOF)
goto writeerr;
if (TrafficLogFile != NULL)
(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
"%05d >>> .\n", (int) CurrentPid);
if (Verbose)
nmessage(">>> .");
/* check for the results of the transaction */
SmtpPhase = mci->mci_phase = "client DATA status";
sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
CurHostName, mci->mci_phase);
if (bitnset(M_LMTP, m->m_flags))
return EX_OK;
r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_EOM);
if (r < 0)
return EX_TEMPFAIL;
if (mci->mci_state == MCIS_DATA)
mci->mci_state = MCIS_OPEN;
xstat = EX_NOTSTICKY;
if (r == 452)
rstat = EX_TEMPFAIL;
else if (REPLYTYPE(r) == 4)
rstat = xstat = EX_TEMPFAIL;
else if (REPLYTYPE(r) == 2)
rstat = xstat = EX_OK;
else if (REPLYCLASS(r) != 5)
rstat = xstat = EX_PROTOCOL;
else if (REPLYTYPE(r) == 5)
rstat = EX_UNAVAILABLE;
else
rstat = EX_PROTOCOL;
mci_setstat(mci, xstat, ENHSCN(enhsc, smtptodsn(r)),
SmtpReplyBuffer);
if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
(r = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0)
r += 5;
else
r = 4;
e->e_statmsg = sm_rpool_strdup_x(e->e_rpool, &SmtpReplyBuffer[r]);
SmtpPhase = mci->mci_phase = "idle";
sm_setproctitle(true, e, "%s: %s", CurHostName, mci->mci_phase);
if (rstat != EX_PROTOCOL)
return rstat;
if (LogLevel > 1)
{
sm_syslog(LOG_CRIT, e->e_id,
"%.100s: SMTP DATA-2 protocol error: %s",
CurHostName,
shortenstring(SmtpReplyBuffer, 403));
}
return rstat;
writeerr:
mci->mci_errno = errno;
mci->mci_state = MCIS_ERROR;
mci_setstat(mci, bitset(MCIF_NOTSTICKY, mci->mci_flags)
? EX_NOTSTICKY: EX_TEMPFAIL,
"4.4.2", NULL);
mci->mci_flags &= ~MCIF_NOTSTICKY;
/*
** If putbody() couldn't finish due to a timeout,
** rewind it here in the timeout handler. See
** comments at the end of putbody() for reasoning.
*/
if (e->e_dfp != NULL)
(void) bfrewind(e->e_dfp);
errno = mci->mci_errno;
syserr("+451 4.4.1 timeout writing message to %s", CurHostName);
smtpquit(m, mci, e);
return EX_TEMPFAIL;
}
/*
** SMTPGETSTAT -- get status code from DATA in LMTP
**
** Parameters:
** m -- the mailer to which we are sending the message.
** mci -- the mailer connection structure.
** e -- the current envelope.
**
** Returns:
** The exit status corresponding to the reply code.
*/
int
smtpgetstat(m, mci, e)
MAILER *m;
MCI *mci;
ENVELOPE *e;
{
int r;
int off;
int status, xstat;
char *enhsc;
enhsc = NULL;
/* check for the results of the transaction */
r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DATA2);
if (r < 0)
return EX_TEMPFAIL;
xstat = EX_NOTSTICKY;
if (REPLYTYPE(r) == 4)
status = EX_TEMPFAIL;
else if (REPLYTYPE(r) == 2)
status = xstat = EX_OK;
else if (REPLYCLASS(r) != 5)
status = xstat = EX_PROTOCOL;
else if (REPLYTYPE(r) == 5)
status = EX_UNAVAILABLE;
else
status = EX_PROTOCOL;
if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
(off = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0)
off += 5;
else
off = 4;
e->e_statmsg = sm_rpool_strdup_x(e->e_rpool, &SmtpReplyBuffer[off]);
mci_setstat(mci, xstat, ENHSCN(enhsc, smtptodsn(r)), SmtpReplyBuffer);
if (LogLevel > 1 && status == EX_PROTOCOL)
{
sm_syslog(LOG_CRIT, e->e_id,
"%.100s: SMTP DATA-3 protocol error: %s",
CurHostName,
shortenstring(SmtpReplyBuffer, 403));
}
return status;
}
/*
** SMTPQUIT -- close the SMTP connection.
**
** Parameters:
** m -- a pointer to the mailer.
** mci -- the mailer connection information.
** e -- the current envelope.
**
** Returns:
** none.
**
** Side Effects:
** sends the final protocol and closes the connection.
*/
void
smtpquit(m, mci, e)
register MAILER *m;
register MCI *mci;
ENVELOPE *e;
{
bool oldSuprErrs = SuprErrs;
int rcode;
char *oldcurhost;
if (mci->mci_state == MCIS_CLOSED)
{
mci_close(mci, "smtpquit:1");
return;
}
oldcurhost = CurHostName;
CurHostName = mci->mci_host; /* XXX UGLY XXX */
if (CurHostName == NULL)
CurHostName = MyHostName;
#if PIPELINING
mci->mci_okrcpts = 0;
-#endif /* PIPELINING */
+#endif
/*
** Suppress errors here -- we may be processing a different
** job when we do the quit connection, and we don't want the
** new job to be penalized for something that isn't it's
** problem.
*/
SuprErrs = true;
/* send the quit message if we haven't gotten I/O error */
if (mci->mci_state != MCIS_ERROR &&
mci->mci_state != MCIS_QUITING)
{
SmtpPhase = "client QUIT";
mci->mci_state = MCIS_QUITING;
smtpmessage("QUIT", m, mci);
(void) reply(m, mci, e, TimeOuts.to_quit, NULL, NULL, XS_QUIT);
SuprErrs = oldSuprErrs;
if (mci->mci_state == MCIS_CLOSED)
goto end;
}
/* now actually close the connection and pick up the zombie */
rcode = endmailer(mci, e, NULL);
if (rcode != EX_OK)
{
char *mailer = NULL;
if (mci->mci_mailer != NULL &&
mci->mci_mailer->m_name != NULL)
mailer = mci->mci_mailer->m_name;
/* look for naughty mailers */
sm_syslog(LOG_ERR, e->e_id,
"smtpquit: mailer%s%s exited with exit value %d",
mailer == NULL ? "" : " ",
mailer == NULL ? "" : mailer,
rcode);
}
SuprErrs = oldSuprErrs;
end:
CurHostName = oldcurhost;
return;
}
/*
** SMTPRSET -- send a RSET (reset) command
**
** Parameters:
** m -- a pointer to the mailer.
** mci -- the mailer connection information.
** e -- the current envelope.
**
** Returns:
** none.
**
** Side Effects:
** closes the connection if there is no reply to RSET.
*/
void
smtprset(m, mci, e)
register MAILER *m;
register MCI *mci;
ENVELOPE *e;
{
int r;
CurHostName = mci->mci_host; /* XXX UGLY XXX */
if (CurHostName == NULL)
CurHostName = MyHostName;
#if PIPELINING
mci->mci_okrcpts = 0;
-#endif /* PIPELINING */
+#endif
/*
** Check if connection is gone, if so
** it's a tempfail and we use mci_errno
** for the reason.
*/
if (mci->mci_state == MCIS_CLOSED)
{
errno = mci->mci_errno;
return;
}
SmtpPhase = "client RSET";
smtpmessage("RSET", m, mci);
r = reply(m, mci, e, TimeOuts.to_rset, NULL, NULL, XS_DEFAULT);
if (r < 0)
return;
/*
** Any response is deemed to be acceptable.
** The standard does not state the proper action
** to take when a value other than 250 is received.
**
** However, if 421 is returned for the RSET, leave
** mci_state alone (MCIS_SSD can be set in reply()
** and MCIS_CLOSED can be set in smtpquit() if
** reply() gets a 421 and calls smtpquit()).
*/
if (mci->mci_state != MCIS_SSD && mci->mci_state != MCIS_CLOSED)
mci->mci_state = MCIS_OPEN;
else if (mci->mci_exitstat == EX_OK)
mci_setstat(mci, EX_TEMPFAIL, "4.5.0", NULL);
}
/*
** SMTPPROBE -- check the connection state
**
** Parameters:
** mci -- the mailer connection information.
**
** Returns:
** none.
**
** Side Effects:
** closes the connection if there is no reply to RSET.
*/
int
smtpprobe(mci)
register MCI *mci;
{
int r;
MAILER *m = mci->mci_mailer;
ENVELOPE *e;
extern ENVELOPE BlankEnvelope;
CurHostName = mci->mci_host; /* XXX UGLY XXX */
if (CurHostName == NULL)
CurHostName = MyHostName;
e = &BlankEnvelope;
SmtpPhase = "client probe";
smtpmessage("RSET", m, mci);
r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, NULL, XS_DEFAULT);
if (REPLYTYPE(r) != 2)
smtpquit(m, mci, e);
return r;
}
/*
** REPLY -- read arpanet reply
**
** Parameters:
** m -- the mailer we are reading the reply from.
** mci -- the mailer connection info structure.
** e -- the current envelope.
** timeout -- the timeout for reads.
** pfunc -- processing function called on each line of response.
** If null, no special processing is done.
** enhstat -- optional, returns enhanced error code string (if set)
** rtype -- type of SmtpMsgBuffer: does it contains secret data?
**
** Returns:
** reply code it reads.
**
** Side Effects:
** flushes the mail file.
*/
int
reply(m, mci, e, timeout, pfunc, enhstat, rtype)
MAILER *m;
MCI *mci;
ENVELOPE *e;
time_t timeout;
void (*pfunc) __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
char **enhstat;
int rtype;
{
register char *bufp;
register int r;
bool firstline = true;
char junkbuf[MAXLINE];
static char enhstatcode[ENHSCLEN];
int save_errno;
/*
** Flush the output before reading response.
**
** For SMTP pipelining, it would be better if we didn't do
** this if there was already data waiting to be read. But
** to do it properly means pushing it to the I/O library,
** since it really needs to be done below the buffer layer.
*/
if (mci->mci_out != NULL)
(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);
if (tTd(18, 1))
- sm_dprintf("reply\n");
+ {
+ char *what;
+
+ if (SmtpMsgBuffer[0] != '\0')
+ what = SmtpMsgBuffer;
+ else if (SmtpPhase != NULL && SmtpPhase[0] != '\0')
+ what = SmtpPhase;
+ else if (XS_GREET == rtype)
+ what = "greeting";
+ else
+ what = "unknown";
+ sm_dprintf("reply to %s\n", what);
+ }
/*
** Read the input line, being careful not to hang.
*/
bufp = SmtpReplyBuffer;
(void) set_tls_rd_tmo(timeout);
for (;;)
{
register char *p;
/* actually do the read */
if (e->e_xfp != NULL) /* for debugging */
(void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);
/* if we are in the process of closing just give the code */
if (mci->mci_state == MCIS_CLOSED)
return SMTPCLOSING;
/* don't try to read from a non-existent fd */
if (mci->mci_in == NULL)
{
if (mci->mci_errno == 0)
mci->mci_errno = EBADF;
/* errors on QUIT should be ignored */
if (strncmp(SmtpMsgBuffer, "QUIT", 4) == 0)
{
errno = mci->mci_errno;
mci_close(mci, "reply:1");
return -1;
}
mci->mci_state = MCIS_ERROR;
smtpquit(m, mci, e);
errno = mci->mci_errno;
return -1;
}
if (mci->mci_out != NULL)
(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);
/* get the line from the other side */
p = sfgets(bufp, MAXLINE, mci->mci_in, timeout, SmtpPhase);
save_errno = errno;
mci->mci_lastuse = curtime();
if (p == NULL)
{
bool oldholderrs;
extern char MsgBuf[];
/* errors on QUIT should be ignored */
if (strncmp(SmtpMsgBuffer, "QUIT", 4) == 0)
{
mci_close(mci, "reply:2");
return -1;
}
/* if the remote end closed early, fake an error */
errno = save_errno;
if (errno == 0)
{
(void) sm_snprintf(SmtpReplyBuffer,
sizeof(SmtpReplyBuffer),
"421 4.4.1 Connection reset by %s",
CURHOSTNAME);
#ifdef ECONNRESET
errno = ECONNRESET;
-#else /* ECONNRESET */
+#else
errno = EPIPE;
-#endif /* ECONNRESET */
+#endif
}
mci->mci_errno = errno;
oldholderrs = HoldErrs;
HoldErrs = true;
usrerr("451 4.4.1 reply: read error from %s",
CURHOSTNAME);
mci_setstat(mci, EX_TEMPFAIL, "4.4.2", MsgBuf);
/* if debugging, pause so we can see state */
if (tTd(18, 100))
(void) pause();
mci->mci_state = MCIS_ERROR;
smtpquit(m, mci, e);
#if XDEBUG
{
char wbuf[MAXLINE];
p = wbuf;
if (e->e_to != NULL)
{
(void) sm_snprintf(p,
SPACELEFT(wbuf, p),
"%s... ",
shortenstring(e->e_to, MAXSHORTSTR));
p += strlen(p);
}
(void) sm_snprintf(p, SPACELEFT(wbuf, p),
"reply(%.100s) during %s",
CURHOSTNAME, SmtpPhase);
checkfd012(wbuf);
}
#endif /* XDEBUG */
HoldErrs = oldholderrs;
errno = save_errno;
return -1;
}
fixcrlf(bufp, true);
/* EHLO failure is not a real error */
if (e->e_xfp != NULL && (bufp[0] == '4' ||
(bufp[0] == '5' && strncmp(SmtpMsgBuffer, "EHLO", 4) != 0)))
{
/* serious error -- log the previous command */
if (SmtpNeedIntro)
{
/* inform user who we are chatting with */
(void) sm_io_fprintf(CurEnv->e_xfp,
SM_TIME_DEFAULT,
"... while talking to %s:\n",
CURHOSTNAME);
SmtpNeedIntro = false;
}
if (SmtpMsgBuffer[0] != '\0')
{
(void) sm_io_fprintf(e->e_xfp,
SM_TIME_DEFAULT,
">>> %s\n",
(rtype == XS_STARTTLS)
? "STARTTLS dialogue"
: ((rtype == XS_AUTH)
? "AUTH dialogue"
: SmtpMsgBuffer));
SmtpMsgBuffer[0] = '\0';
}
/* now log the message as from the other side */
(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
"<<< %s\n", bufp);
}
/* display the input for verbose mode */
if (Verbose)
nmessage("050 %s", bufp);
/* ignore improperly formatted input */
if (!ISSMTPREPLY(bufp))
continue;
if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
enhstat != NULL &&
extenhsc(bufp + 4, ' ', enhstatcode) > 0)
*enhstat = enhstatcode;
/* process the line */
if (pfunc != NULL)
(*pfunc)(bufp, firstline, m, mci, e);
/* decode the reply code */
r = atoi(bufp);
/* extra semantics: 0xx codes are "informational" */
if (r < 100)
{
firstline = false;
continue;
}
-#if _FFR_ERRCODE
+ if (REPLYTYPE(r) > 3 && firstline
# if _FFR_PROXY
- if ((e->e_rcode == 0 || REPLYTYPE(e->e_rcode) < 5)
- && REPLYTYPE(r) > 3 && firstline)
-# endif
-# if _FFR_LOGREPLY
- if (REPLYTYPE(r) > 3 && firstline)
+ &&
+ (e->e_sendmode != SM_PROXY
+ || (e->e_sendmode == SM_PROXY
+ && (e->e_rcode == 0 || REPLYTYPE(e->e_rcode) < 5))
+ )
# endif
+ )
{
int o = -1;
# if PIPELINING
/*
** ignore error iff: DATA, 5xy error, but we had
** "retryable" recipients. XREF: smtpdata()
*/
if (!(rtype == XS_DATA && REPLYTYPE(r) == 5 &&
mci->mci_okrcpts <= 0 && mci->mci_retryrcpt))
# endif /* PIPELINING */
{
o = extenhsc(bufp + 4, ' ', enhstatcode);
if (o > 0)
{
sm_strlcpy(e->e_renhsc, enhstatcode,
sizeof(e->e_renhsc));
/* skip SMTP reply code, delimiters */
o += 5;
}
else
o = 4;
- e->e_rcode = r;
- e->e_text = sm_rpool_strdup_x(e->e_rpool,
- bufp + o);
+
+ /*
+ ** Don't use this for reply= logging
+ ** if it was for QUIT.
+ ** (Note: use the debug option to
+ ** reproduce the original error.)
+ */
+
+ if (rtype != XS_QUIT || tTd(87, 101))
+ {
+ e->e_rcode = r;
+ e->e_text = sm_rpool_strdup_x(
+ e->e_rpool, bufp + o);
+ }
}
if (tTd(87, 2))
{
- sm_dprintf("user: offset=%d, bufp=%s, rcode=%d, enhstat=%s, text=%s\n",
- o, bufp, r, e->e_renhsc, e->e_text);
+ sm_dprintf("user: e=%p, offset=%d, bufp=%s, rcode=%d, enhstat=%s, rtype=%d, text=%s\n"
+ , (void *)e, o, bufp, r, e->e_renhsc
+ , rtype, e->e_text);
}
}
-#endif /* _FFR_ERRCODE */
firstline = false;
/* if no continuation lines, return this line */
if (bufp[3] != '-')
break;
/* first line of real reply -- ignore rest */
bufp = junkbuf;
}
/*
** Now look at SmtpReplyBuffer -- only care about the first
** line of the response from here on out.
*/
/* save temporary failure messages for posterity */
if (SmtpReplyBuffer[0] == '4')
(void) sm_strlcpy(SmtpError, SmtpReplyBuffer, sizeof(SmtpError));
/* reply code 421 is "Service Shutting Down" */
if (r == SMTPCLOSING && mci->mci_state != MCIS_SSD &&
mci->mci_state != MCIS_QUITING)
{
/* send the quit protocol */
mci->mci_state = MCIS_SSD;
smtpquit(m, mci, e);
}
return r;
}
/*
** SMTPMESSAGE -- send message to server
**
** Parameters:
** f -- format
** m -- the mailer to control formatting.
** a, b, c -- parameters
**
** Returns:
** none.
**
** Side Effects:
** writes message to mci->mci_out.
*/
/*VARARGS1*/
void
#ifdef __STDC__
smtpmessage(char *f, MAILER *m, MCI *mci, ...)
#else /* __STDC__ */
smtpmessage(f, m, mci, va_alist)
char *f;
MAILER *m;
MCI *mci;
va_dcl
#endif /* __STDC__ */
{
SM_VA_LOCAL_DECL
SM_VA_START(ap, mci);
(void) sm_vsnprintf(SmtpMsgBuffer, sizeof(SmtpMsgBuffer), f, ap);
SM_VA_END(ap);
if (tTd(18, 1) || Verbose)
nmessage(">>> %s", SmtpMsgBuffer);
if (TrafficLogFile != NULL)
(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
"%05d >>> %s\n", (int) CurrentPid,
SmtpMsgBuffer);
if (mci->mci_out != NULL)
{
(void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, "%s%s",
SmtpMsgBuffer, m == NULL ? "\r\n"
: m->m_eol);
}
else if (tTd(18, 1))
{
sm_dprintf("smtpmessage: NULL mci_out\n");
}
}
diff --git a/src/util.c b/src/util.c
index 9775915d6260..1cf6ddd811e7 100644
--- a/src/util.c
+++ b/src/util.c
@@ -1,3004 +1,3018 @@
/*
* Copyright (c) 1998-2007, 2009 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: util.c,v 8.427 2013-11-22 20:51:57 ca Exp $")
#include <sm/sendmail.h>
#include <sysexits.h>
#include <sm/xtrap.h>
/*
** NEWSTR -- Create a copy of a C string
**
** Parameters:
** s -- the string to copy.
**
** Returns:
** pointer to newly allocated string.
*/
char *
newstr(s)
const char *s;
{
size_t l;
char *n;
l = strlen(s);
SM_ASSERT(l + 1 > l);
n = xalloc(l + 1);
sm_strlcpy(n, s, l + 1);
return n;
}
/*
** ADDQUOTES -- Adds quotes & quote bits to a string.
**
** Runs through a string and adds backslashes and quote bits.
**
** Parameters:
** s -- the string to modify.
** rpool -- resource pool from which to allocate result
**
** Returns:
** pointer to quoted string.
*/
char *
addquotes(s, rpool)
char *s;
SM_RPOOL_T *rpool;
{
int len = 0;
char c;
char *p = s, *q, *r;
if (s == NULL)
return NULL;
/* Find length of quoted string */
while ((c = *p++) != '\0')
{
len++;
if (c == '\\' || c == '"')
len++;
}
q = r = sm_rpool_malloc_x(rpool, len + 3);
p = s;
/* add leading quote */
*q++ = '"';
while ((c = *p++) != '\0')
{
/* quote \ or " */
if (c == '\\' || c == '"')
*q++ = '\\';
*q++ = c;
}
*q++ = '"';
*q = '\0';
return r;
}
/*
** STRIPBACKSLASH -- Strip all leading backslashes from a string, provided
** the following character is alpha-numerical.
**
** This is done in place.
**
** Parameters:
** s -- the string to strip.
**
** Returns:
** none.
*/
void
stripbackslash(s)
char *s;
{
char *p, *q, c;
if (s == NULL || *s == '\0')
return;
p = q = s;
while (*p == '\\' && (p[1] == '\\' || (isascii(p[1]) && isalnum(p[1]))))
p++;
do
{
c = *q++ = *p++;
} while (c != '\0');
}
/*
** RFC822_STRING -- Checks string for proper RFC822 string quoting.
**
** Runs through a string and verifies RFC822 special characters
** are only found inside comments, quoted strings, or backslash
** escaped. Also verified balanced quotes and parenthesis.
**
** Parameters:
** s -- the string to modify.
**
** Returns:
** true iff the string is RFC822 compliant, false otherwise.
*/
bool
rfc822_string(s)
char *s;
{
bool quoted = false;
int commentlev = 0;
char *c = s;
if (s == NULL)
return false;
while (*c != '\0')
{
/* escaped character */
if (*c == '\\')
{
c++;
if (*c == '\0')
return false;
}
else if (commentlev == 0 && *c == '"')
quoted = !quoted;
else if (!quoted)
{
if (*c == ')')
{
/* unbalanced ')' */
if (commentlev == 0)
return false;
else
commentlev--;
}
else if (*c == '(')
commentlev++;
else if (commentlev == 0 &&
strchr(MustQuoteChars, *c) != NULL)
return false;
}
c++;
}
/* unbalanced '"' or '(' */
return !quoted && commentlev == 0;
}
/*
** SHORTEN_RFC822_STRING -- Truncate and rebalance an RFC822 string
**
** Arbitrarily shorten (in place) an RFC822 string and rebalance
** comments and quotes.
**
** Parameters:
** string -- the string to shorten
** length -- the maximum size, 0 if no maximum
**
** Returns:
** true if string is changed, false otherwise
**
** Side Effects:
** Changes string in place, possibly resulting
** in a shorter string.
*/
bool
shorten_rfc822_string(string, length)
char *string;
size_t length;
{
bool backslash = false;
bool modified = false;
bool quoted = false;
size_t slen;
int parencount = 0;
char *ptr = string;
/*
** If have to rebalance an already short enough string,
** need to do it within allocated space.
*/
slen = strlen(string);
if (length == 0 || slen < length)
length = slen;
while (*ptr != '\0')
{
if (backslash)
{
backslash = false;
goto increment;
}
if (*ptr == '\\')
backslash = true;
else if (*ptr == '(')
{
if (!quoted)
parencount++;
}
else if (*ptr == ')')
{
if (--parencount < 0)
parencount = 0;
}
/* Inside a comment, quotes don't matter */
if (parencount <= 0 && *ptr == '"')
quoted = !quoted;
increment:
/* Check for sufficient space for next character */
if (length - (ptr - string) <= (size_t) ((backslash ? 1 : 0) +
parencount +
(quoted ? 1 : 0)))
{
/* Not enough, backtrack */
if (*ptr == '\\')
backslash = false;
else if (*ptr == '(' && !quoted)
parencount--;
else if (*ptr == '"' && parencount == 0)
quoted = false;
break;
}
ptr++;
}
/* Rebalance */
while (parencount-- > 0)
{
if (*ptr != ')')
{
modified = true;
*ptr = ')';
}
ptr++;
}
if (quoted)
{
if (*ptr != '"')
{
modified = true;
*ptr = '"';
}
ptr++;
}
if (*ptr != '\0')
{
modified = true;
*ptr = '\0';
}
return modified;
}
/*
** FIND_CHARACTER -- find an unquoted character in an RFC822 string
**
** Find an unquoted, non-commented character in an RFC822
** string and return a pointer to its location in the
** string.
**
** Parameters:
** string -- the string to search
** character -- the character to find
**
** Returns:
** pointer to the character, or
** a pointer to the end of the line if character is not found
*/
char *
find_character(string, character)
char *string;
int character;
{
bool backslash = false;
bool quoted = false;
int parencount = 0;
while (string != NULL && *string != '\0')
{
if (backslash)
{
backslash = false;
if (!quoted && character == '\\' && *string == '\\')
break;
string++;
continue;
}
switch (*string)
{
case '\\':
backslash = true;
break;
case '(':
if (!quoted)
parencount++;
break;
case ')':
if (--parencount < 0)
parencount = 0;
break;
}
/* Inside a comment, nothing matters */
if (parencount > 0)
{
string++;
continue;
}
if (*string == '"')
quoted = !quoted;
else if (*string == character && !quoted)
break;
string++;
}
/* Return pointer to the character */
return string;
}
/*
** CHECK_BODYTYPE -- check bodytype parameter
**
** Parameters:
** bodytype -- bodytype parameter
**
** Returns:
** BODYTYPE_* according to parameter
**
*/
int
check_bodytype(bodytype)
char *bodytype;
{
/* check body type for legality */
if (bodytype == NULL)
return BODYTYPE_NONE;
if (sm_strcasecmp(bodytype, "7BIT") == 0)
return BODYTYPE_7BIT;
if (sm_strcasecmp(bodytype, "8BITMIME") == 0)
return BODYTYPE_8BITMIME;
return BODYTYPE_ILLEGAL;
}
/*
** TRUNCATE_AT_DELIM -- truncate string at a delimiter and append "..."
**
** Parameters:
** str -- string to truncate
** len -- maximum length (including '\0') (0 for unlimited)
** delim -- delimiter character
**
** Returns:
** None.
*/
void
truncate_at_delim(str, len, delim)
char *str;
size_t len;
int delim;
{
char *p;
if (str == NULL || len == 0 || strlen(str) < len)
return;
*(str + len - 1) = '\0';
while ((p = strrchr(str, delim)) != NULL)
{
*p = '\0';
if (p - str + 4 < len)
{
*p++ = (char) delim;
*p = '\0';
(void) sm_strlcat(str, "...", len);
return;
}
}
/* Couldn't find a place to append "..." */
if (len > 3)
(void) sm_strlcpy(str, "...", len);
else
str[0] = '\0';
}
/*
** XALLOC -- Allocate memory, raise an exception on error
**
** Parameters:
** sz -- size of area to allocate.
**
** Returns:
** pointer to data region.
**
** Exceptions:
** SmHeapOutOfMemory (F:sm.heap) -- cannot allocate memory
**
** Side Effects:
** Memory is allocated.
*/
char *
#if SM_HEAP_CHECK
xalloc_tagged(sz, file, line)
register int sz;
char *file;
int line;
#else /* SM_HEAP_CHECK */
xalloc(sz)
register int sz;
#endif /* SM_HEAP_CHECK */
{
register char *p;
SM_REQUIRE(sz >= 0);
/* some systems can't handle size zero mallocs */
if (sz <= 0)
sz = 1;
/* scaffolding for testing error handling code */
sm_xtrap_raise_x(&SmHeapOutOfMemory);
p = sm_malloc_tagged((unsigned) sz, file, line, sm_heap_group());
if (p == NULL)
{
sm_exc_raise_x(&SmHeapOutOfMemory);
}
return p;
}
/*
** COPYPLIST -- copy list of pointers.
**
** This routine is the equivalent of strdup for lists of
** pointers.
**
** Parameters:
** list -- list of pointers to copy.
** Must be NULL terminated.
** copycont -- if true, copy the contents of the vector
** (which must be a string) also.
** rpool -- resource pool from which to allocate storage,
** or NULL
**
** Returns:
** a copy of 'list'.
*/
char **
copyplist(list, copycont, rpool)
char **list;
bool copycont;
SM_RPOOL_T *rpool;
{
register char **vp;
register char **newvp;
for (vp = list; *vp != NULL; vp++)
continue;
vp++;
newvp = (char **) sm_rpool_malloc_x(rpool, (vp - list) * sizeof(*vp));
memmove((char *) newvp, (char *) list, (int) (vp - list) * sizeof(*vp));
if (copycont)
{
for (vp = newvp; *vp != NULL; vp++)
*vp = sm_rpool_strdup_x(rpool, *vp);
}
return newvp;
}
/*
** COPYQUEUE -- copy address queue.
**
** This routine is the equivalent of strdup for address queues;
** addresses marked as QS_IS_DEAD() aren't copied
**
** Parameters:
** addr -- list of address structures to copy.
** rpool -- resource pool from which to allocate storage
**
** Returns:
** a copy of 'addr'.
*/
ADDRESS *
copyqueue(addr, rpool)
ADDRESS *addr;
SM_RPOOL_T *rpool;
{
register ADDRESS *newaddr;
ADDRESS *ret;
register ADDRESS **tail = &ret;
while (addr != NULL)
{
if (!QS_IS_DEAD(addr->q_state))
{
newaddr = (ADDRESS *) sm_rpool_malloc_x(rpool,
sizeof(*newaddr));
STRUCTCOPY(*addr, *newaddr);
*tail = newaddr;
tail = &newaddr->q_next;
}
addr = addr->q_next;
}
*tail = NULL;
return ret;
}
/*
** LOG_SENDMAIL_PID -- record sendmail pid and command line.
**
** Parameters:
** e -- the current envelope.
**
** Returns:
** none.
**
** Side Effects:
** writes pidfile, logs command line.
** keeps file open and locked to prevent overwrite of active file
*/
static SM_FILE_T *Pidf = NULL;
void
log_sendmail_pid(e)
ENVELOPE *e;
{
long sff;
char pidpath[MAXPATHLEN];
extern char *CommandLineArgs;
/* write the pid to the log file for posterity */
sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT|SFF_NBLOCK;
if (TrustedUid != 0 && RealUid == TrustedUid)
sff |= SFF_OPENASROOT;
expand(PidFile, pidpath, sizeof(pidpath), e);
Pidf = safefopen(pidpath, O_WRONLY|O_TRUNC, FileMode, sff);
if (Pidf == NULL)
{
if (errno == EWOULDBLOCK)
sm_syslog(LOG_ERR, NOQID,
"unable to write pid to %s: file in use by another process",
pidpath);
else
sm_syslog(LOG_ERR, NOQID,
"unable to write pid to %s: %s",
pidpath, sm_errstring(errno));
}
else
{
PidFilePid = getpid();
/* write the process id on line 1 */
(void) sm_io_fprintf(Pidf, SM_TIME_DEFAULT, "%ld\n",
(long) PidFilePid);
/* line 2 contains all command line flags */
(void) sm_io_fprintf(Pidf, SM_TIME_DEFAULT, "%s\n",
CommandLineArgs);
/* flush */
(void) sm_io_flush(Pidf, SM_TIME_DEFAULT);
/*
** Leave pid file open until process ends
** so it's not overwritten by another
** process.
*/
}
if (LogLevel > 9)
sm_syslog(LOG_INFO, NOQID, "started as: %s", CommandLineArgs);
}
/*
** CLOSE_SENDMAIL_PID -- close sendmail pid file
**
** Parameters:
** none.
**
** Returns:
** none.
*/
void
close_sendmail_pid()
{
if (Pidf == NULL)
return;
(void) sm_io_close(Pidf, SM_TIME_DEFAULT);
Pidf = NULL;
}
/*
** SET_DELIVERY_MODE -- set and record the delivery mode
**
** Parameters:
** mode -- delivery mode
** e -- the current envelope.
**
** Returns:
** none.
**
** Side Effects:
** sets {deliveryMode} macro
*/
void
set_delivery_mode(mode, e)
int mode;
ENVELOPE *e;
{
char buf[2];
e->e_sendmode = (char) mode;
buf[0] = (char) mode;
buf[1] = '\0';
macdefine(&e->e_macro, A_TEMP, macid("{deliveryMode}"), buf);
}
/*
** SET_OP_MODE -- set and record the op mode
**
** Parameters:
** mode -- op mode
** e -- the current envelope.
**
** Returns:
** none.
**
** Side Effects:
** sets {opMode} macro
*/
void
set_op_mode(mode)
int mode;
{
char buf[2];
extern ENVELOPE BlankEnvelope;
OpMode = (char) mode;
buf[0] = (char) mode;
buf[1] = '\0';
macdefine(&BlankEnvelope.e_macro, A_TEMP, MID_OPMODE, buf);
}
/*
** PRINTAV -- print argument vector.
**
** Parameters:
** fp -- output file pointer.
** av -- argument vector.
**
** Returns:
** none.
**
** Side Effects:
** prints av.
*/
void
printav(fp, av)
SM_FILE_T *fp;
char **av;
{
while (*av != NULL)
{
if (tTd(0, 44))
sm_dprintf("\n\t%08lx=", (unsigned long) *av);
else
(void) sm_io_putc(fp, SM_TIME_DEFAULT, ' ');
if (tTd(0, 99))
sm_dprintf("%s", str2prt(*av++));
else
xputs(fp, *av++);
}
(void) sm_io_putc(fp, SM_TIME_DEFAULT, '\n');
}
/*
** XPUTS -- put string doing control escapes.
**
** Parameters:
** fp -- output file pointer.
** s -- string to put.
**
** Returns:
** none.
**
** Side Effects:
** output to stdout
*/
void
xputs(fp, s)
SM_FILE_T *fp;
const char *s;
{
int c;
struct metamac *mp;
bool shiftout = false;
extern struct metamac MetaMacros[];
static SM_DEBUG_T DebugANSI = SM_DEBUG_INITIALIZER("ANSI",
"@(#)$Debug: ANSI - enable reverse video in debug output $");
/*
** TermEscape is set here, rather than in main(),
** because ANSI mode can be turned on or off at any time
** if we are in -bt rule testing mode.
*/
if (sm_debug_unknown(&DebugANSI))
{
if (sm_debug_active(&DebugANSI, 1))
{
TermEscape.te_rv_on = "\033[7m";
TermEscape.te_normal = "\033[0m";
}
else
{
TermEscape.te_rv_on = "";
TermEscape.te_normal = "";
}
}
if (s == NULL)
{
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s<null>%s",
TermEscape.te_rv_on, TermEscape.te_normal);
return;
}
while ((c = (*s++ & 0377)) != '\0')
{
if (shiftout)
{
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s",
TermEscape.te_normal);
shiftout = false;
}
if (!isascii(c) && !tTd(84, 1))
{
if (c == MATCHREPL)
{
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"%s$",
TermEscape.te_rv_on);
shiftout = true;
if (*s == '\0')
continue;
c = *s++ & 0377;
goto printchar;
}
if (c == MACROEXPAND || c == MACRODEXPAND)
{
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT,
"%s$",
TermEscape.te_rv_on);
if (c == MACRODEXPAND)
(void) sm_io_putc(fp,
SM_TIME_DEFAULT, '&');
shiftout = true;
if (*s == '\0')
continue;
if (strchr("=~&?", *s) != NULL)
(void) sm_io_putc(fp,
SM_TIME_DEFAULT,
*s++);
if (bitset(0200, *s))
(void) sm_io_fprintf(fp,
SM_TIME_DEFAULT,
"{%s}",
macname(bitidx(*s++)));
else
(void) sm_io_fprintf(fp,
SM_TIME_DEFAULT,
"%c",
*s++);
continue;
}
for (mp = MetaMacros; mp->metaname != '\0'; mp++)
{
if (bitidx(mp->metaval) == c)
{
(void) sm_io_fprintf(fp,
SM_TIME_DEFAULT,
"%s$%c",
TermEscape.te_rv_on,
mp->metaname);
shiftout = true;
break;
}
}
if (c == MATCHCLASS || c == MATCHNCLASS)
{
if (bitset(0200, *s))
(void) sm_io_fprintf(fp,
SM_TIME_DEFAULT,
"{%s}",
macname(bitidx(*s++)));
else if (*s != '\0')
(void) sm_io_fprintf(fp,
SM_TIME_DEFAULT,
"%c",
*s++);
}
if (mp->metaname != '\0')
continue;
/* unrecognized meta character */
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%sM-",
TermEscape.te_rv_on);
shiftout = true;
c &= 0177;
}
printchar:
if (isascii(c) && isprint(c))
{
(void) sm_io_putc(fp, SM_TIME_DEFAULT, c);
continue;
}
/* wasn't a meta-macro -- find another way to print it */
switch (c)
{
case '\n':
c = 'n';
break;
case '\r':
c = 'r';
break;
case '\t':
c = 't';
break;
}
if (!shiftout)
{
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s",
TermEscape.te_rv_on);
shiftout = true;
}
if (isascii(c) && isprint(c))
{
(void) sm_io_putc(fp, SM_TIME_DEFAULT, '\\');
(void) sm_io_putc(fp, SM_TIME_DEFAULT, c);
}
else if (tTd(84, 2))
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, " %o ", c);
else if (tTd(84, 1))
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, " %#x ", c);
else if (!isascii(c) && !tTd(84, 1))
{
(void) sm_io_putc(fp, SM_TIME_DEFAULT, '^');
(void) sm_io_putc(fp, SM_TIME_DEFAULT, c ^ 0100);
}
}
if (shiftout)
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "%s",
TermEscape.te_normal);
(void) sm_io_flush(fp, SM_TIME_DEFAULT);
}
/*
** MAKELOWER -- Translate a line into lower case
**
** Parameters:
** p -- the string to translate. If NULL, return is
** immediate.
**
** Returns:
** none.
**
** Side Effects:
** String pointed to by p is translated to lower case.
*/
void
makelower(p)
register char *p;
{
register char c;
if (p == NULL)
return;
for (; (c = *p) != '\0'; p++)
if (isascii(c) && isupper(c))
*p = tolower(c);
}
/*
** FIXCRLF -- fix <CR><LF> in line.
**
** Looks for the <CR><LF> combination and turns it into the
** UNIX canonical <NL> character. It only takes one line,
** i.e., it is assumed that the first <NL> found is the end
** of the line.
**
** Parameters:
** line -- the line to fix.
** stripnl -- if true, strip the newline also.
**
** Returns:
** none.
**
** Side Effects:
** line is changed in place.
*/
void
fixcrlf(line, stripnl)
char *line;
bool stripnl;
{
register char *p;
p = strchr(line, '\n');
if (p == NULL)
return;
if (p > line && p[-1] == '\r')
p--;
if (!stripnl)
*p++ = '\n';
*p = '\0';
}
/*
** PUTLINE -- put a line like fputs obeying SMTP conventions
**
** This routine always guarantees outputing a newline (or CRLF,
** as appropriate) at the end of the string.
**
** Parameters:
** l -- line to put.
** mci -- the mailer connection information.
**
** Returns:
** true iff line was written successfully
**
** Side Effects:
** output of l to mci->mci_out.
*/
bool
putline(l, mci)
register char *l;
register MCI *mci;
{
return putxline(l, strlen(l), mci, PXLF_MAPFROM);
}
/*
** PUTXLINE -- putline with flags bits.
**
** This routine always guarantees outputing a newline (or CRLF,
** as appropriate) at the end of the string.
**
** Parameters:
** l -- line to put.
** len -- the length of the line.
** mci -- the mailer connection information.
** pxflags -- flag bits:
** PXLF_MAPFROM -- map From_ to >From_.
** PXLF_STRIP8BIT -- strip 8th bit.
** PXLF_HEADER -- map bare newline in header to newline space.
** PXLF_NOADDEOL -- don't add an EOL if one wasn't present.
** PXLF_STRIPMQUOTE -- strip METAQUOTE bytes.
**
** Returns:
** true iff line was written successfully
**
** Side Effects:
** output of l to mci->mci_out.
*/
#define PUTX(limit) \
do \
{ \
quotenext = false; \
while (l < limit) \
{ \
unsigned char c = (unsigned char) *l++; \
\
if (bitset(PXLF_STRIPMQUOTE, pxflags) && \
!quotenext && c == METAQUOTE) \
{ \
quotenext = true; \
continue; \
} \
quotenext = false; \
if (strip8bit) \
c &= 0177; \
if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, \
c) == SM_IO_EOF) \
{ \
dead = true; \
break; \
} \
if (TrafficLogFile != NULL) \
(void) sm_io_putc(TrafficLogFile, \
SM_TIME_DEFAULT, \
c); \
} \
} while (0)
bool
putxline(l, len, mci, pxflags)
register char *l;
size_t len;
register MCI *mci;
int pxflags;
{
register char *p, *end;
int slop;
bool dead, quotenext, strip8bit;
/* strip out 0200 bits -- these can look like TELNET protocol */
strip8bit = bitset(MCIF_7BIT, mci->mci_flags) ||
bitset(PXLF_STRIP8BIT, pxflags);
dead = false;
slop = 0;
end = l + len;
do
{
bool noeol = false;
/* find the end of the line */
p = memchr(l, '\n', end - l);
if (p == NULL)
{
p = end;
noeol = true;
}
if (TrafficLogFile != NULL)
(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
"%05d >>> ", (int) CurrentPid);
/* check for line overflow */
while (mci->mci_mailer->m_linelimit > 0 &&
(p - l + slop) > mci->mci_mailer->m_linelimit)
{
register char *q = &l[mci->mci_mailer->m_linelimit - slop - 1];
if (l[0] == '.' && slop == 0 &&
bitnset(M_XDOT, mci->mci_mailer->m_flags))
{
if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
'.') == SM_IO_EOF)
dead = true;
if (TrafficLogFile != NULL)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT, '.');
}
else if (l[0] == 'F' && slop == 0 &&
bitset(PXLF_MAPFROM, pxflags) &&
strncmp(l, "From ", 5) == 0 &&
bitnset(M_ESCFROM, mci->mci_mailer->m_flags))
{
if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
'>') == SM_IO_EOF)
dead = true;
if (TrafficLogFile != NULL)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT,
'>');
}
if (dead)
break;
PUTX(q);
if (dead)
break;
if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
'!') == SM_IO_EOF ||
sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
mci->mci_mailer->m_eol) == SM_IO_EOF ||
sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
' ') == SM_IO_EOF)
{
dead = true;
break;
}
if (TrafficLogFile != NULL)
{
(void) sm_io_fprintf(TrafficLogFile,
SM_TIME_DEFAULT,
"!\n%05d >>> ",
(int) CurrentPid);
}
slop = 1;
}
if (dead)
break;
/* output last part */
if (l[0] == '.' && slop == 0 &&
bitnset(M_XDOT, mci->mci_mailer->m_flags) &&
!bitset(MCIF_INLONGLINE, mci->mci_flags))
{
if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '.') ==
SM_IO_EOF)
{
dead = true;
break;
}
if (TrafficLogFile != NULL)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT, '.');
}
else if (l[0] == 'F' && slop == 0 &&
bitset(PXLF_MAPFROM, pxflags) &&
strncmp(l, "From ", 5) == 0 &&
bitnset(M_ESCFROM, mci->mci_mailer->m_flags) &&
!bitset(MCIF_INLONGLINE, mci->mci_flags))
{
if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '>') ==
SM_IO_EOF)
{
dead = true;
break;
}
if (TrafficLogFile != NULL)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT, '>');
}
PUTX(p);
if (dead)
break;
if (TrafficLogFile != NULL)
(void) sm_io_putc(TrafficLogFile, SM_TIME_DEFAULT,
'\n');
if ((!bitset(PXLF_NOADDEOL, pxflags) || !noeol))
{
mci->mci_flags &= ~MCIF_INLONGLINE;
if (sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
mci->mci_mailer->m_eol) == SM_IO_EOF)
{
dead = true;
break;
}
}
else
mci->mci_flags |= MCIF_INLONGLINE;
if (l < end && *l == '\n')
{
if (*++l != ' ' && *l != '\t' && *l != '\0' &&
bitset(PXLF_HEADER, pxflags))
{
if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
' ') == SM_IO_EOF)
{
dead = true;
break;
}
if (TrafficLogFile != NULL)
(void) sm_io_putc(TrafficLogFile,
SM_TIME_DEFAULT, ' ');
}
}
} while (l < end);
return !dead;
}
/*
** XUNLINK -- unlink a file, doing logging as appropriate.
**
** Parameters:
** f -- name of file to unlink.
**
** Returns:
** return value of unlink()
**
** Side Effects:
** f is unlinked.
*/
int
xunlink(f)
char *f;
{
register int i;
int save_errno;
if (LogLevel > 98)
sm_syslog(LOG_DEBUG, CurEnv->e_id, "unlink %s", f);
i = unlink(f);
save_errno = errno;
if (i < 0 && LogLevel > 97)
sm_syslog(LOG_DEBUG, CurEnv->e_id, "%s: unlink-fail %d",
f, errno);
if (i >= 0)
SYNC_DIR(f, false);
errno = save_errno;
return i;
}
/*
** SFGETS -- "safe" fgets -- times out and ignores random interrupts.
**
** Parameters:
** buf -- place to put the input line.
** siz -- size of buf.
** fp -- file to read from.
** timeout -- the timeout before error occurs.
** during -- what we are trying to read (for error messages).
**
** Returns:
** NULL on error (including timeout). This may also leave
** buf containing a null string.
** buf otherwise.
*/
char *
sfgets(buf, siz, fp, timeout, during)
char *buf;
int siz;
SM_FILE_T *fp;
time_t timeout;
char *during;
{
register char *p;
int save_errno, io_timeout, l;
SM_REQUIRE(siz > 0);
SM_REQUIRE(buf != NULL);
if (fp == NULL)
{
buf[0] = '\0';
errno = EBADF;
return NULL;
}
/* try to read */
l = -1;
errno = 0;
/* convert the timeout to sm_io notation */
io_timeout = (timeout <= 0) ? SM_TIME_DEFAULT : timeout * 1000;
while (!sm_io_eof(fp) && !sm_io_error(fp))
{
errno = 0;
l = sm_io_fgets(fp, io_timeout, buf, siz);
if (l < 0 && errno == EAGAIN)
{
/* The sm_io_fgets() call timedout */
if (LogLevel > 1)
sm_syslog(LOG_NOTICE, CurEnv->e_id,
"timeout waiting for input from %.100s during %s",
CURHOSTNAME,
during);
buf[0] = '\0';
#if XDEBUG
checkfd012(during);
-#endif /* XDEBUG */
+#endif
if (TrafficLogFile != NULL)
(void) sm_io_fprintf(TrafficLogFile,
SM_TIME_DEFAULT,
"%05d <<< [TIMEOUT]\n",
(int) CurrentPid);
errno = ETIMEDOUT;
return NULL;
}
if (l >= 0 || errno != EINTR)
break;
(void) sm_io_clearerr(fp);
}
save_errno = errno;
/* clean up the books and exit */
LineNumber++;
if (l < 0)
{
buf[0] = '\0';
if (TrafficLogFile != NULL)
(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
"%05d <<< [EOF]\n",
(int) CurrentPid);
errno = save_errno;
return NULL;
}
if (TrafficLogFile != NULL)
(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
"%05d <<< %s", (int) CurrentPid, buf);
if (SevenBitInput)
{
for (p = buf; *p != '\0'; p++)
*p &= ~0200;
}
else if (!HasEightBits)
{
for (p = buf; *p != '\0'; p++)
{
if (bitset(0200, *p))
{
HasEightBits = true;
break;
}
}
}
return buf;
}
/*
** FGETFOLDED -- like fgets, but knows about folded lines.
**
** Parameters:
** buf -- place to put result.
** np -- pointer to bytes available; will be updated with
** the actual buffer size (not number of bytes filled)
** on return.
** f -- file to read from.
**
** Returns:
** input line(s) on success, NULL on error or SM_IO_EOF.
** This will normally be buf -- unless the line is too
** long, when it will be sm_malloc_x()ed.
**
** Side Effects:
** buf gets lines from f, with continuation lines (lines
** with leading white space) appended. CRLF's are mapped
** into single newlines. Any trailing NL is stripped.
+** Increases LineNumber for each line.
*/
char *
fgetfolded(buf, np, f)
char *buf;
int *np;
SM_FILE_T *f;
{
register char *p = buf;
char *bp = buf;
register int i;
int n;
SM_REQUIRE(np != NULL);
n = *np;
SM_REQUIRE(n > 0);
SM_REQUIRE(buf != NULL);
if (f == NULL)
{
buf[0] = '\0';
errno = EBADF;
return NULL;
}
n--;
while ((i = sm_io_getc(f, SM_TIME_DEFAULT)) != SM_IO_EOF)
{
if (i == '\r')
{
i = sm_io_getc(f, SM_TIME_DEFAULT);
if (i != '\n')
{
if (i != SM_IO_EOF)
(void) sm_io_ungetc(f, SM_TIME_DEFAULT,
i);
i = '\r';
}
}
if (--n <= 0)
{
/* allocate new space */
char *nbp;
int nn;
nn = (p - bp);
if (nn < MEMCHUNKSIZE)
nn *= 2;
else
nn += MEMCHUNKSIZE;
nbp = sm_malloc_x(nn);
memmove(nbp, bp, p - bp);
p = &nbp[p - bp];
if (bp != buf)
sm_free(bp);
bp = nbp;
n = nn - (p - bp);
*np = nn;
}
*p++ = i;
if (i == '\n')
{
LineNumber++;
i = sm_io_getc(f, SM_TIME_DEFAULT);
if (i != SM_IO_EOF)
(void) sm_io_ungetc(f, SM_TIME_DEFAULT, i);
if (i != ' ' && i != '\t')
break;
}
}
if (p == bp)
return NULL;
if (p[-1] == '\n')
p--;
*p = '\0';
return bp;
}
/*
** CURTIME -- return current time.
**
** Parameters:
** none.
**
** Returns:
** the current time.
*/
time_t
curtime()
{
auto time_t t;
(void) time(&t);
return t;
}
/*
** ATOBOOL -- convert a string representation to boolean.
**
** Defaults to false
**
** Parameters:
** s -- string to convert. Takes "tTyY", empty, and NULL as true,
** others as false.
**
** Returns:
** A boolean representation of the string.
*/
bool
atobool(s)
register char *s;
{
if (s == NULL || *s == '\0' || strchr("tTyY", *s) != NULL)
return true;
return false;
}
/*
** ATOOCT -- convert a string representation to octal.
**
** Parameters:
** s -- string to convert.
**
** Returns:
** An integer representing the string interpreted as an
** octal number.
*/
int
atooct(s)
register char *s;
{
register int i = 0;
while (*s >= '0' && *s <= '7')
i = (i << 3) | (*s++ - '0');
return i;
}
/*
** BITINTERSECT -- tell if two bitmaps intersect
**
** Parameters:
** a, b -- the bitmaps in question
**
** Returns:
** true if they have a non-null intersection
** false otherwise
*/
bool
bitintersect(a, b)
BITMAP256 a;
BITMAP256 b;
{
int i;
for (i = BITMAPBYTES / sizeof(int); --i >= 0; )
{
if ((a[i] & b[i]) != 0)
return true;
}
return false;
}
/*
** BITZEROP -- tell if a bitmap is all zero
**
** Parameters:
** map -- the bit map to check
**
** Returns:
** true if map is all zero.
** false if there are any bits set in map.
*/
bool
bitzerop(map)
BITMAP256 map;
{
int i;
for (i = BITMAPBYTES / sizeof(int); --i >= 0; )
{
if (map[i] != 0)
return false;
}
return true;
}
/*
** STRCONTAINEDIN -- tell if one string is contained in another
**
** Parameters:
** icase -- ignore case?
** a -- possible substring.
** b -- possible superstring.
**
** Returns:
** true if a is contained in b (case insensitive).
** false otherwise.
*/
bool
strcontainedin(icase, a, b)
bool icase;
register char *a;
register char *b;
{
int la;
int lb;
int c;
la = strlen(a);
lb = strlen(b);
c = *a;
if (icase && isascii(c) && isupper(c))
c = tolower(c);
for (; lb-- >= la; b++)
{
if (icase)
{
if (*b != c &&
isascii(*b) && isupper(*b) && tolower(*b) != c)
continue;
if (sm_strncasecmp(a, b, la) == 0)
return true;
}
else
{
if (*b != c)
continue;
if (strncmp(a, b, la) == 0)
return true;
}
}
return false;
}
/*
** CHECKFD012 -- check low numbered file descriptors
**
** File descriptors 0, 1, and 2 should be open at all times.
** This routine verifies that, and fixes it if not true.
**
** Parameters:
** where -- a tag printed if the assertion failed
**
** Returns:
** none
*/
void
checkfd012(where)
char *where;
{
#if XDEBUG
register int i;
for (i = 0; i < 3; i++)
fill_fd(i, where);
#endif /* XDEBUG */
}
/*
** CHECKFDOPEN -- make sure file descriptor is open -- for extended debugging
**
** Parameters:
** fd -- file descriptor to check.
** where -- tag to print on failure.
**
** Returns:
** none.
*/
void
checkfdopen(fd, where)
int fd;
char *where;
{
#if XDEBUG
struct stat st;
if (fstat(fd, &st) < 0 && errno == EBADF)
{
syserr("checkfdopen(%d): %s not open as expected!", fd, where);
printopenfds(true);
}
#endif /* XDEBUG */
}
/*
** CHECKFDS -- check for new or missing file descriptors
**
** Parameters:
** where -- tag for printing. If null, take a base line.
**
** Returns:
** none
**
** Side Effects:
** If where is set, shows changes since the last call.
*/
void
checkfds(where)
char *where;
{
int maxfd;
register int fd;
bool printhdr = true;
int save_errno = errno;
static BITMAP256 baseline;
extern int DtableSize;
if (DtableSize > BITMAPBITS)
maxfd = BITMAPBITS;
else
maxfd = DtableSize;
if (where == NULL)
clrbitmap(baseline);
for (fd = 0; fd < maxfd; fd++)
{
struct stat stbuf;
if (fstat(fd, &stbuf) < 0 && errno != EOPNOTSUPP)
{
if (!bitnset(fd, baseline))
continue;
clrbitn(fd, baseline);
}
else if (!bitnset(fd, baseline))
setbitn(fd, baseline);
else
continue;
/* file state has changed */
if (where == NULL)
continue;
if (printhdr)
{
sm_syslog(LOG_DEBUG, CurEnv->e_id,
"%s: changed fds:",
where);
printhdr = false;
}
dumpfd(fd, true, true);
}
errno = save_errno;
}
/*
** PRINTOPENFDS -- print the open file descriptors (for debugging)
**
** Parameters:
** logit -- if set, send output to syslog; otherwise
** print for debugging.
**
** Returns:
** none.
*/
#if NETINET || NETINET6
# include <arpa/inet.h>
-#endif /* NETINET || NETINET6 */
+#endif
void
printopenfds(logit)
bool logit;
{
register int fd;
extern int DtableSize;
for (fd = 0; fd < DtableSize; fd++)
dumpfd(fd, false, logit);
}
/*
** DUMPFD -- dump a file descriptor
**
** Parameters:
** fd -- the file descriptor to dump.
** printclosed -- if set, print a notification even if
** it is closed; otherwise print nothing.
** logit -- if set, use sm_syslog instead of sm_dprintf()
**
** Returns:
** none.
*/
void
dumpfd(fd, printclosed, logit)
int fd;
bool printclosed;
bool logit;
{
register char *p;
char *hp;
#ifdef S_IFSOCK
SOCKADDR sa;
-#endif /* S_IFSOCK */
+#endif
auto SOCKADDR_LEN_T slen;
int i;
#if STAT64 > 0
struct stat64 st;
-#else /* STAT64 > 0 */
+#else
struct stat st;
-#endif /* STAT64 > 0 */
+#endif
char buf[200];
p = buf;
(void) sm_snprintf(p, SPACELEFT(buf, p), "%3d: ", fd);
p += strlen(p);
if (
#if STAT64 > 0
fstat64(fd, &st)
-#else /* STAT64 > 0 */
+#else
fstat(fd, &st)
-#endif /* STAT64 > 0 */
+#endif
< 0)
{
if (errno != EBADF)
{
(void) sm_snprintf(p, SPACELEFT(buf, p),
"CANNOT STAT (%s)",
sm_errstring(errno));
goto printit;
}
else if (printclosed)
{
(void) sm_snprintf(p, SPACELEFT(buf, p), "CLOSED");
goto printit;
}
return;
}
i = fcntl(fd, F_GETFL, 0);
if (i != -1)
{
(void) sm_snprintf(p, SPACELEFT(buf, p), "fl=0x%x, ", i);
p += strlen(p);
}
(void) sm_snprintf(p, SPACELEFT(buf, p), "mode=%o: ",
(unsigned int) st.st_mode);
p += strlen(p);
switch (st.st_mode & S_IFMT)
{
#ifdef S_IFSOCK
case S_IFSOCK:
(void) sm_snprintf(p, SPACELEFT(buf, p), "SOCK ");
p += strlen(p);
memset(&sa, '\0', sizeof(sa));
slen = sizeof(sa);
if (getsockname(fd, &sa.sa, &slen) < 0)
(void) sm_snprintf(p, SPACELEFT(buf, p), "(%s)",
sm_errstring(errno));
else
{
hp = hostnamebyanyaddr(&sa);
if (hp == NULL)
{
/* EMPTY */
/* do nothing */
}
# if NETINET
else if (sa.sa.sa_family == AF_INET)
(void) sm_snprintf(p, SPACELEFT(buf, p),
"%s/%d", hp, ntohs(sa.sin.sin_port));
-# endif /* NETINET */
+# endif
# if NETINET6
else if (sa.sa.sa_family == AF_INET6)
(void) sm_snprintf(p, SPACELEFT(buf, p),
"%s/%d", hp, ntohs(sa.sin6.sin6_port));
-# endif /* NETINET6 */
+# endif
else
(void) sm_snprintf(p, SPACELEFT(buf, p),
"%s", hp);
}
p += strlen(p);
(void) sm_snprintf(p, SPACELEFT(buf, p), "->");
p += strlen(p);
slen = sizeof(sa);
if (getpeername(fd, &sa.sa, &slen) < 0)
(void) sm_snprintf(p, SPACELEFT(buf, p), "(%s)",
sm_errstring(errno));
else
{
hp = hostnamebyanyaddr(&sa);
if (hp == NULL)
{
/* EMPTY */
/* do nothing */
}
# if NETINET
else if (sa.sa.sa_family == AF_INET)
(void) sm_snprintf(p, SPACELEFT(buf, p),
"%s/%d", hp, ntohs(sa.sin.sin_port));
-# endif /* NETINET */
+# endif
# if NETINET6
else if (sa.sa.sa_family == AF_INET6)
(void) sm_snprintf(p, SPACELEFT(buf, p),
"%s/%d", hp, ntohs(sa.sin6.sin6_port));
-# endif /* NETINET6 */
+# endif
else
(void) sm_snprintf(p, SPACELEFT(buf, p),
"%s", hp);
}
break;
#endif /* S_IFSOCK */
case S_IFCHR:
(void) sm_snprintf(p, SPACELEFT(buf, p), "CHR: ");
p += strlen(p);
goto defprint;
#ifdef S_IFBLK
case S_IFBLK:
(void) sm_snprintf(p, SPACELEFT(buf, p), "BLK: ");
p += strlen(p);
goto defprint;
-#endif /* S_IFBLK */
+#endif
#if defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK)
case S_IFIFO:
(void) sm_snprintf(p, SPACELEFT(buf, p), "FIFO: ");
p += strlen(p);
goto defprint;
-#endif /* defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK) */
+#endif
#ifdef S_IFDIR
case S_IFDIR:
(void) sm_snprintf(p, SPACELEFT(buf, p), "DIR: ");
p += strlen(p);
goto defprint;
-#endif /* S_IFDIR */
+#endif
#ifdef S_IFLNK
case S_IFLNK:
(void) sm_snprintf(p, SPACELEFT(buf, p), "LNK: ");
p += strlen(p);
goto defprint;
-#endif /* S_IFLNK */
+#endif
default:
defprint:
(void) sm_snprintf(p, SPACELEFT(buf, p),
"dev=%ld/%ld, ino=%llu, nlink=%d, u/gid=%ld/%ld, ",
(long) major(st.st_dev), (long) minor(st.st_dev),
(ULONGLONG_T) st.st_ino,
(int) st.st_nlink, (long) st.st_uid,
(long) st.st_gid);
p += strlen(p);
(void) sm_snprintf(p, SPACELEFT(buf, p), "size=%llu",
(ULONGLONG_T) st.st_size);
break;
}
printit:
if (logit)
sm_syslog(LOG_DEBUG, CurEnv ? CurEnv->e_id : NULL,
"%.800s", buf);
else
sm_dprintf("%s\n", buf);
}
/*
** SHORTEN_HOSTNAME -- strip local domain information off of hostname.
**
** Parameters:
** host -- the host to shorten (stripped in place).
**
** Returns:
** place where string was truncated, NULL if not truncated.
*/
char *
shorten_hostname(host)
char host[];
{
register char *p;
char *mydom;
int i;
bool canon = false;
/* strip off final dot */
i = strlen(host);
p = &host[(i == 0) ? 0 : i - 1];
if (*p == '.')
{
*p = '\0';
canon = true;
}
/* see if there is any domain at all -- if not, we are done */
p = strchr(host, '.');
if (p == NULL)
return NULL;
/* yes, we have a domain -- see if it looks like us */
mydom = macvalue('m', CurEnv);
if (mydom == NULL)
mydom = "";
i = strlen(++p);
if ((canon ? sm_strcasecmp(p, mydom)
: sm_strncasecmp(p, mydom, i)) == 0 &&
(mydom[i] == '.' || mydom[i] == '\0'))
{
*--p = '\0';
return p;
}
return NULL;
}
/*
** PROG_OPEN -- open a program for reading
**
** Parameters:
** argv -- the argument list.
** pfd -- pointer to a place to store the file descriptor.
** e -- the current envelope.
**
** Returns:
** pid of the process -- -1 if it failed.
*/
pid_t
prog_open(argv, pfd, e)
char **argv;
int *pfd;
ENVELOPE *e;
{
pid_t pid;
int save_errno;
int sff;
int ret;
int fdv[2];
char *p, *q;
char buf[MAXPATHLEN];
extern int DtableSize;
if (pipe(fdv) < 0)
{
syserr("%s: cannot create pipe for stdout", argv[0]);
return -1;
}
pid = fork();
if (pid < 0)
{
syserr("%s: cannot fork", argv[0]);
(void) close(fdv[0]);
(void) close(fdv[1]);
return -1;
}
if (pid > 0)
{
/* parent */
(void) close(fdv[1]);
*pfd = fdv[0];
return pid;
}
/* Reset global flags */
RestartRequest = NULL;
RestartWorkGroup = false;
ShutdownRequest = NULL;
PendingSignal = 0;
CurrentPid = getpid();
/*
** Initialize exception stack and default exception
** handler for child process.
*/
sm_exc_newthread(fatal_error);
/* child -- close stdin */
(void) close(0);
/* stdout goes back to parent */
(void) close(fdv[0]);
if (dup2(fdv[1], 1) < 0)
{
syserr("%s: cannot dup2 for stdout", argv[0]);
_exit(EX_OSERR);
}
(void) close(fdv[1]);
/* stderr goes to transcript if available */
if (e->e_xfp != NULL)
{
int xfd;
xfd = sm_io_getinfo(e->e_xfp, SM_IO_WHAT_FD, NULL);
if (xfd >= 0 && dup2(xfd, 2) < 0)
{
syserr("%s: cannot dup2 for stderr", argv[0]);
_exit(EX_OSERR);
}
}
/* this process has no right to the queue file */
if (e->e_lockfp != NULL)
{
int fd;
fd = sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL);
if (fd >= 0)
(void) close(fd);
else
syserr("%s: lockfp does not have a fd", argv[0]);
}
/* chroot to the program mailer directory, if defined */
if (ProgMailer != NULL && ProgMailer->m_rootdir != NULL)
{
expand(ProgMailer->m_rootdir, buf, sizeof(buf), e);
if (chroot(buf) < 0)
{
syserr("prog_open: cannot chroot(%s)", buf);
exit(EX_TEMPFAIL);
}
if (chdir("/") < 0)
{
syserr("prog_open: cannot chdir(/)");
exit(EX_TEMPFAIL);
}
}
/* run as default user */
endpwent();
sm_mbdb_terminate();
#if _FFR_MEMSTAT
(void) sm_memstat_close();
-#endif /* _FFR_MEMSTAT */
+#endif
if (setgid(DefGid) < 0 && geteuid() == 0)
{
syserr("prog_open: setgid(%ld) failed", (long) DefGid);
exit(EX_TEMPFAIL);
}
if (setuid(DefUid) < 0 && geteuid() == 0)
{
syserr("prog_open: setuid(%ld) failed", (long) DefUid);
exit(EX_TEMPFAIL);
}
/* run in some directory */
if (ProgMailer != NULL)
p = ProgMailer->m_execdir;
else
p = NULL;
for (; p != NULL; p = q)
{
q = strchr(p, ':');
if (q != NULL)
*q = '\0';
expand(p, buf, sizeof(buf), e);
if (q != NULL)
*q++ = ':';
if (buf[0] != '\0' && chdir(buf) >= 0)
break;
}
if (p == NULL)
{
/* backup directories */
if (chdir("/tmp") < 0)
(void) chdir("/");
}
/* Check safety of program to be run */
sff = SFF_ROOTOK|SFF_EXECOK;
if (!bitnset(DBS_RUNWRITABLEPROGRAM, DontBlameSendmail))
sff |= SFF_NOGWFILES|SFF_NOWWFILES;
if (bitnset(DBS_RUNPROGRAMINUNSAFEDIRPATH, DontBlameSendmail))
sff |= SFF_NOPATHCHECK;
else
sff |= SFF_SAFEDIRPATH;
ret = safefile(argv[0], DefUid, DefGid, DefUser, sff, 0, NULL);
if (ret != 0)
sm_syslog(LOG_INFO, e->e_id,
"Warning: prog_open: program %s unsafe: %s",
argv[0], sm_errstring(ret));
/* arrange for all the files to be closed */
sm_close_on_exec(STDERR_FILENO + 1, DtableSize);
/* now exec the process */
(void) execve(argv[0], (ARGV_T) argv, (ARGV_T) UserEnviron);
/* woops! failed */
save_errno = errno;
syserr("%s: cannot exec", argv[0]);
if (transienterror(save_errno))
_exit(EX_OSERR);
_exit(EX_CONFIG);
return -1; /* avoid compiler warning on IRIX */
}
/*
** GET_COLUMN -- look up a Column in a line buffer
**
** Parameters:
** line -- the raw text line to search.
** col -- the column number to fetch.
** delim -- the delimiter between columns. If null,
** use white space.
** buf -- the output buffer.
** buflen -- the length of buf.
**
** Returns:
** buf if successful.
** NULL otherwise.
*/
char *
get_column(line, col, delim, buf, buflen)
char line[];
int col;
int delim;
char buf[];
int buflen;
{
char *p;
char *begin, *end;
int i;
char delimbuf[4];
if ((char) delim == '\0')
(void) sm_strlcpy(delimbuf, "\n\t ", sizeof(delimbuf));
else
{
delimbuf[0] = (char) delim;
delimbuf[1] = '\0';
}
p = line;
if (*p == '\0')
return NULL; /* line empty */
if (*p == (char) delim && col == 0)
return NULL; /* first column empty */
begin = line;
if (col == 0 && (char) delim == '\0')
{
- while (*begin != '\0' && isascii(*begin) && isspace(*begin))
+ while (*begin != '\0' && SM_ISSPACE(*begin))
begin++;
}
for (i = 0; i < col; i++)
{
if ((begin = strpbrk(begin, delimbuf)) == NULL)
return NULL; /* no such column */
begin++;
if ((char) delim == '\0')
{
- while (*begin != '\0' && isascii(*begin) && isspace(*begin))
+ while (*begin != '\0' && SM_ISSPACE(*begin))
begin++;
}
}
end = strpbrk(begin, delimbuf);
if (end == NULL)
i = strlen(begin);
else
i = end - begin;
if (i >= buflen)
i = buflen - 1;
(void) sm_strlcpy(buf, begin, i + 1);
return buf;
}
/*
** CLEANSTRCPY -- copy string keeping out bogus characters
**
** Parameters:
** t -- "to" string.
** f -- "from" string.
** l -- length of space available in "to" string.
**
** Returns:
** none.
*/
void
cleanstrcpy(t, f, l)
register char *t;
register char *f;
int l;
{
/* check for newlines and log if necessary */
(void) denlstring(f, true, true);
if (l <= 0)
syserr("!cleanstrcpy: length == 0");
l--;
while (l > 0 && *f != '\0')
{
if (isascii(*f) &&
(isalnum(*f) || strchr("!#$%&'*+-./^_`{|}~", *f) != NULL))
{
l--;
*t++ = *f;
}
f++;
}
*t = '\0';
}
/*
** DENLSTRING -- convert newlines in a string to spaces
**
** Parameters:
** s -- the input string
** strict -- if set, don't permit continuation lines.
** logattacks -- if set, log attempted attacks.
**
** Returns:
** A pointer to a version of the string with newlines
** mapped to spaces. This should be copied.
*/
char *
denlstring(s, strict, logattacks)
char *s;
bool strict;
bool logattacks;
{
register char *p;
int l;
static char *bp = NULL;
static int bl = 0;
p = s;
while ((p = strchr(p, '\n')) != NULL)
if (strict || (*++p != ' ' && *p != '\t'))
break;
if (p == NULL)
return s;
l = strlen(s) + 1;
if (bl < l)
{
/* allocate more space */
char *nbp = sm_pmalloc_x(l);
if (bp != NULL)
sm_free(bp);
bp = nbp;
bl = l;
}
(void) sm_strlcpy(bp, s, l);
for (p = bp; (p = strchr(p, '\n')) != NULL; )
*p++ = ' ';
if (logattacks)
{
sm_syslog(LOG_NOTICE, CurEnv ? CurEnv->e_id : NULL,
"POSSIBLE ATTACK from %.100s: newline in string \"%s\"",
RealHostName == NULL ? "[UNKNOWN]" : RealHostName,
shortenstring(bp, MAXSHORTSTR));
}
return bp;
}
/*
** STRREPLNONPRT -- replace "unprintable" characters in a string with subst
**
** Parameters:
** s -- string to manipulate (in place)
** subst -- character to use as replacement
**
** Returns:
** true iff string did not contain "unprintable" characters
*/
bool
strreplnonprt(s, c)
char *s;
int c;
{
bool ok;
ok = true;
if (s == NULL)
return ok;
while (*s != '\0')
{
if (!(isascii(*s) && isprint(*s)))
{
*s = c;
ok = false;
}
++s;
}
return ok;
}
/*
** PATH_IS_DIR -- check to see if file exists and is a directory.
**
** There are some additional checks for security violations in
** here. This routine is intended to be used for the host status
** support.
**
** Parameters:
** pathname -- pathname to check for directory-ness.
** createflag -- if set, create directory if needed.
**
** Returns:
** true -- if the indicated pathname is a directory
** false -- otherwise
*/
bool
path_is_dir(pathname, createflag)
char *pathname;
bool createflag;
{
struct stat statbuf;
#if HASLSTAT
if (lstat(pathname, &statbuf) < 0)
-#else /* HASLSTAT */
+#else
if (stat(pathname, &statbuf) < 0)
-#endif /* HASLSTAT */
+#endif
{
if (errno != ENOENT || !createflag)
return false;
if (mkdir(pathname, 0755) < 0)
return false;
return true;
}
if (!S_ISDIR(statbuf.st_mode))
{
errno = ENOTDIR;
return false;
}
/* security: don't allow writable directories */
if (bitset(S_IWGRP|S_IWOTH, statbuf.st_mode))
{
errno = EACCES;
return false;
}
return true;
}
/*
** PROC_LIST_ADD -- add process id to list of our children
**
** Parameters:
** pid -- pid to add to list.
** task -- task of pid.
** type -- type of process.
** count -- number of processes.
** other -- other information for this type.
**
** Returns:
** none
**
** Side Effects:
** May increase CurChildren. May grow ProcList.
*/
typedef struct procs PROCS_T;
struct procs
{
pid_t proc_pid;
char *proc_task;
int proc_type;
int proc_count;
int proc_other;
SOCKADDR proc_hostaddr;
};
static PROCS_T *volatile ProcListVec = NULL;
static int ProcListSize = 0;
void
proc_list_add(pid, task, type, count, other, hostaddr)
pid_t pid;
char *task;
int type;
int count;
int other;
SOCKADDR *hostaddr;
{
int i;
for (i = 0; i < ProcListSize; i++)
{
if (ProcListVec[i].proc_pid == NO_PID)
break;
}
if (i >= ProcListSize)
{
/* probe the existing vector to avoid growing infinitely */
proc_list_probe();
/* now scan again */
for (i = 0; i < ProcListSize; i++)
{
if (ProcListVec[i].proc_pid == NO_PID)
break;
}
}
if (i >= ProcListSize)
{
/* grow process list */
int chldwasblocked;
PROCS_T *npv;
SM_ASSERT(ProcListSize < INT_MAX - PROC_LIST_SEG);
npv = (PROCS_T *) sm_pmalloc_x((sizeof(*npv)) *
(ProcListSize + PROC_LIST_SEG));
/* Block SIGCHLD so reapchild() doesn't mess with us */
chldwasblocked = sm_blocksignal(SIGCHLD);
if (ProcListSize > 0)
{
memmove(npv, ProcListVec,
ProcListSize * sizeof(PROCS_T));
sm_free(ProcListVec);
}
/* XXX just use memset() to initialize this part? */
for (i = ProcListSize; i < ProcListSize + PROC_LIST_SEG; i++)
{
npv[i].proc_pid = NO_PID;
npv[i].proc_task = NULL;
npv[i].proc_type = PROC_NONE;
}
i = ProcListSize;
ProcListSize += PROC_LIST_SEG;
ProcListVec = npv;
if (chldwasblocked == 0)
(void) sm_releasesignal(SIGCHLD);
}
ProcListVec[i].proc_pid = pid;
PSTRSET(ProcListVec[i].proc_task, task);
ProcListVec[i].proc_type = type;
ProcListVec[i].proc_count = count;
ProcListVec[i].proc_other = other;
if (hostaddr != NULL)
ProcListVec[i].proc_hostaddr = *hostaddr;
else
memset(&ProcListVec[i].proc_hostaddr, 0,
sizeof(ProcListVec[i].proc_hostaddr));
/* if process adding itself, it's not a child */
if (pid != CurrentPid)
{
SM_ASSERT(CurChildren < INT_MAX);
CurChildren++;
}
}
/*
** PROC_LIST_SET -- set pid task in process list
**
** Parameters:
** pid -- pid to set
** task -- task of pid
**
** Returns:
** none.
*/
void
proc_list_set(pid, task)
pid_t pid;
char *task;
{
int i;
for (i = 0; i < ProcListSize; i++)
{
if (ProcListVec[i].proc_pid == pid)
{
PSTRSET(ProcListVec[i].proc_task, task);
break;
}
}
}
/*
** PROC_LIST_DROP -- drop pid from process list
**
** Parameters:
** pid -- pid to drop
** st -- process status
** other -- storage for proc_other (return).
**
** Returns:
** none.
**
** Side Effects:
** May decrease CurChildren, CurRunners, or
** set RestartRequest or ShutdownRequest.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
void
proc_list_drop(pid, st, other)
pid_t pid;
int st;
int *other;
{
int i;
int type = PROC_NONE;
for (i = 0; i < ProcListSize; i++)
{
if (ProcListVec[i].proc_pid == pid)
{
ProcListVec[i].proc_pid = NO_PID;
type = ProcListVec[i].proc_type;
if (other != NULL)
*other = ProcListVec[i].proc_other;
if (CurChildren > 0)
CurChildren--;
break;
}
}
if (type == PROC_CONTROL && WIFEXITED(st))
{
/* if so, see if we need to restart or shutdown */
if (WEXITSTATUS(st) == EX_RESTART)
RestartRequest = "control socket";
else if (WEXITSTATUS(st) == EX_SHUTDOWN)
ShutdownRequest = "control socket";
}
else if (type == PROC_QUEUE_CHILD && !WIFSTOPPED(st) &&
ProcListVec[i].proc_other > -1)
{
/* restart this persistent runner */
mark_work_group_restart(ProcListVec[i].proc_other, st);
}
else if (type == PROC_QUEUE)
{
CurRunners -= ProcListVec[i].proc_count;
/* CHK_CUR_RUNNERS() can't be used here: uses syslog() */
if (CurRunners < 0)
CurRunners = 0;
}
}
/*
** PROC_LIST_CLEAR -- clear the process list
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** Sets CurChildren to zero.
*/
void
proc_list_clear()
{
int i;
/* start from 1 since 0 is the daemon itself */
for (i = 1; i < ProcListSize; i++)
ProcListVec[i].proc_pid = NO_PID;
CurChildren = 0;
}
/*
** PROC_LIST_PROBE -- probe processes in the list to see if they still exist
**
** Parameters:
** none
**
** Returns:
** none
**
** Side Effects:
** May decrease CurChildren.
*/
void
proc_list_probe()
{
int i, children;
int chldwasblocked;
pid_t pid;
children = 0;
chldwasblocked = sm_blocksignal(SIGCHLD);
/* start from 1 since 0 is the daemon itself */
for (i = 1; i < ProcListSize; i++)
{
pid = ProcListVec[i].proc_pid;
if (pid == NO_PID || pid == CurrentPid)
continue;
if (kill(pid, 0) < 0)
{
if (LogLevel > 3)
sm_syslog(LOG_DEBUG, CurEnv->e_id,
"proc_list_probe: lost pid %d",
(int) ProcListVec[i].proc_pid);
ProcListVec[i].proc_pid = NO_PID;
- SM_FREE_CLR(ProcListVec[i].proc_task);
+ SM_FREE(ProcListVec[i].proc_task);
if (ProcListVec[i].proc_type == PROC_QUEUE)
{
CurRunners -= ProcListVec[i].proc_count;
CHK_CUR_RUNNERS("proc_list_probe", i,
ProcListVec[i].proc_count);
}
CurChildren--;
}
else
{
++children;
}
}
if (CurChildren < 0)
CurChildren = 0;
if (chldwasblocked == 0)
(void) sm_releasesignal(SIGCHLD);
if (LogLevel > 10 && children != CurChildren && CurrentPid == DaemonPid)
{
sm_syslog(LOG_ERR, NOQID,
"proc_list_probe: found %d children, expected %d",
children, CurChildren);
}
}
/*
** PROC_LIST_DISPLAY -- display the process list
**
** Parameters:
** out -- output file pointer
** prefix -- string to output in front of each line.
**
** Returns:
** none.
*/
void
proc_list_display(out, prefix)
SM_FILE_T *out;
char *prefix;
{
int i;
for (i = 0; i < ProcListSize; i++)
{
if (ProcListVec[i].proc_pid == NO_PID)
continue;
(void) sm_io_fprintf(out, SM_TIME_DEFAULT, "%s%d %s%s\n",
prefix,
(int) ProcListVec[i].proc_pid,
ProcListVec[i].proc_task != NULL ?
ProcListVec[i].proc_task : "(unknown)",
(OpMode == MD_SMTP ||
OpMode == MD_DAEMON ||
OpMode == MD_ARPAFTP) ? "\r" : "");
}
}
/*
** PROC_LIST_SIGNAL -- send a signal to a type of process in the list
**
** Parameters:
** type -- type of process to signal
** signal -- the type of signal to send
**
** Results:
** none.
**
** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
** DOING.
*/
void
proc_list_signal(type, signal)
int type;
int signal;
{
int chldwasblocked;
int alrmwasblocked;
int i;
pid_t mypid = getpid();
/* block these signals so that we may signal cleanly */
chldwasblocked = sm_blocksignal(SIGCHLD);
alrmwasblocked = sm_blocksignal(SIGALRM);
/* Find all processes of type and send signal */
for (i = 0; i < ProcListSize; i++)
{
if (ProcListVec[i].proc_pid == NO_PID ||
ProcListVec[i].proc_pid == mypid)
continue;
if (ProcListVec[i].proc_type != type)
continue;
(void) kill(ProcListVec[i].proc_pid, signal);
}
/* restore the signals */
if (alrmwasblocked == 0)
(void) sm_releasesignal(SIGALRM);
if (chldwasblocked == 0)
(void) sm_releasesignal(SIGCHLD);
}
/*
** COUNT_OPEN_CONNECTIONS
**
** Parameters:
** hostaddr - ClientAddress
**
** Returns:
** the number of open connections for this client
**
*/
int
count_open_connections(hostaddr)
SOCKADDR *hostaddr;
{
int i, n;
if (hostaddr == NULL)
return 0;
/*
** This code gets called before proc_list_add() gets called,
** so we (the daemon child for this connection) have not yet
** counted ourselves. Hence initialize the counter to 1
** instead of 0 to compensate.
*/
n = 1;
for (i = 0; i < ProcListSize; i++)
{
if (ProcListVec[i].proc_pid == NO_PID)
continue;
if (hostaddr->sa.sa_family !=
ProcListVec[i].proc_hostaddr.sa.sa_family)
continue;
#if NETINET
if (hostaddr->sa.sa_family == AF_INET &&
(hostaddr->sin.sin_addr.s_addr ==
ProcListVec[i].proc_hostaddr.sin.sin_addr.s_addr))
n++;
-#endif /* NETINET */
+#endif
#if NETINET6
if (hostaddr->sa.sa_family == AF_INET6 &&
IN6_ARE_ADDR_EQUAL(&(hostaddr->sin6.sin6_addr),
&(ProcListVec[i].proc_hostaddr.sin6.sin6_addr)))
n++;
-#endif /* NETINET6 */
+#endif
}
return n;
}
#if _FFR_XCNCT
/*
** XCONNECT -- get X-CONNECT info
**
** Parameters:
** inchannel -- FILE to check
**
** Returns:
** -1 on error
** 0 if X-CONNECT was not given
** >0 if X-CONNECT was used successfully (D_XCNCT*)
*/
int
xconnect(inchannel)
SM_FILE_T *inchannel;
{
int r, i;
char *p, *b, delim, inp[MAXINPLINE];
SOCKADDR addr;
char **pvp;
char pvpbuf[PSBUFSIZE];
char *peerhostname; /* name of SMTP peer or "localhost" */
extern ENVELOPE BlankEnvelope;
#define XCONNECT "X-CONNECT "
#define XCNNCTLEN (sizeof(XCONNECT) - 1)
/* Ask the ruleset whether to use x-connect */
pvp = NULL;
peerhostname = RealHostName;
if (peerhostname == NULL)
peerhostname = "localhost";
r = rscap("x_connect", peerhostname,
anynet_ntoa(&RealHostAddr), &BlankEnvelope,
&pvp, pvpbuf, sizeof(pvpbuf));
if (tTd(75, 8))
sm_syslog(LOG_INFO, NOQID, "x-connect: rscap=%d", r);
if (r == EX_UNAVAILABLE)
return 0;
if (r != EX_OK)
{
/* ruleset error */
sm_syslog(LOG_INFO, NOQID, "x-connect: rscap=%d", r);
return 0;
}
if (pvp != NULL && pvp[0] != NULL && (pvp[0][0] & 0377) == CANONNET)
{
/* $#: no x-connect */
if (tTd(75, 7))
sm_syslog(LOG_INFO, NOQID, "x-connect: nope");
return 0;
}
+# if _FFR_XCNCT > 1
+ if (pvp != NULL && pvp[0] != NULL &&
+ pvp[0][0] == '2' && pvp[0][1] == '2' && pvp[0][2] == '0')
+ {
+ char *hostname; /* my hostname ($j) */
+
+ hostname = macvalue('j', &BlankEnvelope);
+ if (tTd(75, 7))
+ sm_syslog(LOG_INFO, NOQID, "x-connect=%s", pvp[0]);
+ message("220-%s %s", hostname != NULL ? hostname : "xconnect",
+ pvp[1] != NULL ? pvp[1] : "waiting for xconnect");
+ sm_io_flush(OutChannel, SM_TIME_DEFAULT);
+ }
+# endif
+
p = sfgets(inp, sizeof(inp), InChannel, TimeOuts.to_nextcommand, "pre");
if (tTd(75, 6))
sm_syslog(LOG_INFO, NOQID, "x-connect: input=%s", p);
if (p == NULL || strncasecmp(p, XCONNECT, XCNNCTLEN) != 0)
return -1;
p += XCNNCTLEN;
- while (isascii(*p) && isspace(*p))
+ while (SM_ISSPACE(*p))
p++;
/* parameters: IPAddress [Hostname[ M]] */
b = p;
while (*p != '\0' && isascii(*p) &&
(isalnum(*p) || *p == '.' || *p== ':'))
p++;
delim = *p;
*p = '\0';
memset(&addr, '\0', sizeof(addr));
addr.sin.sin_addr.s_addr = inet_addr(b);
if (addr.sin.sin_addr.s_addr != INADDR_NONE)
{
addr.sa.sa_family = AF_INET;
memcpy(&RealHostAddr, &addr, sizeof(addr));
if (tTd(75, 2))
sm_syslog(LOG_INFO, NOQID, "x-connect: addr=%s",
anynet_ntoa(&RealHostAddr));
}
# if NETINET6
else if ((r = inet_pton(AF_INET6, b, &addr.sin6.sin6_addr)) == 1)
{
addr.sa.sa_family = AF_INET6;
memcpy(&RealHostAddr, &addr, sizeof(addr));
}
-# endif /* NETINET6 */
+# endif
else
return -1;
/* more parameters? */
if (delim != ' ')
return D_XCNCT;
- while (*p != '\0' && isascii(*p) && isspace(*p))
- p++;
for (b = ++p, i = 0;
*p != '\0' && isascii(*p) && (isalnum(*p) || *p == '.' || *p == '-');
p++, i++)
;
if (i == 0)
return D_XCNCT;
delim = *p;
if (i > MAXNAME)
b[MAXNAME] = '\0';
else
b[i] = '\0';
- SM_FREE_CLR(RealHostName);
+ SM_FREE(RealHostName);
RealHostName = newstr(b);
if (tTd(75, 2))
sm_syslog(LOG_INFO, NOQID, "x-connect: host=%s", b);
*p = delim;
b = p;
if (*p != ' ')
return D_XCNCT;
- while (*p != '\0' && isascii(*p) && isspace(*p))
+ while (*p != '\0' && SM_ISSPACE(*p))
p++;
if (tTd(75, 4))
{
char *e;
e = strpbrk(p, "\r\n");
if (e != NULL)
*e = '\0';
sm_syslog(LOG_INFO, NOQID, "x-connect: rest=%s", p);
}
if (*p == 'M')
return D_XCNCT_M;
return D_XCNCT;
}
#endif /* _FFR_XCNCT */
diff --git a/src/version.c b/src/version.c
index 7145ce219840..1cb5140b0521 100644
--- a/src/version.c
+++ b/src/version.c
@@ -1,18 +1,18 @@
/*
- * Copyright (c) 1998-2015 Proofpoint, Inc. and its suppliers.
+ * Copyright (c) 1998-2016 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: version.c,v 8.250 2014-01-27 12:55:16 ca Exp $")
-char Version[] = "8.15.2";
+char Version[] = "8.16.1";
diff --git a/test/Results b/test/Results
index 508427b3708c..b1ad0050a9c2 100644
--- a/test/Results
+++ b/test/Results
@@ -1,198 +1,198 @@
+------------+
| t_setreuid |
+------------+
The following are results of running t_setreuid on various architectures.
OPSYS VERSION STATUS DATE TESTER/NOTES
===== ======= ====== ==== ============
SunOS 4.1 OK 93.07.19 eric
SunOS 4.1.2 OK 93.07.19 eric
SunOS 4.1.3 OK 93.09.25 Robert Elz
-BSD 4.4 OK 93.07.19 eric (wierd results, but functional)
+BSD 4.4 OK 93.07.19 eric (weird results, but functional)
BSD 4.3Utah OK 93.07.19 eric
FreeBSD 2.1-sta OK 96.04.14 Jaye Mathisen <mrcpu@cdsnet.net>
Ultrix 4.2A OK 93.07.19 eric
Ultrix 4.3A OK 93.07.19 Allan Johannesen
Ultrix 4.5 OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu>
HP-UX 8.07 OK 93.07.19 eric (on 7xx series)
HP-UX 8.02 OK 93.07.19 Michael Corrigan (on 8xx series)
HP-UX 8.00 OK 93.07.21 Michael Corrigan (on 3xx/4xx series)
HP-UX 9.01 OK 93.11.19 Cassidy (on 7xx series)
Solaris 2.1
Solaris 2.2 FAIL 93.07.19 Bill Wisner
Solaris 2.3 FAIL 95.11.22 Scott J. Kramer <sjk@lux.com>
Solaris 2.5 OK 96.02.29 Carson Gaspar <carson@lehman.com>
Solaris 2.5.1 OK 96.11.29 Gregory Neil Shapiro <gshapiro@wpi.edu>
OSF/1 T1.3-4 OK 93.07.19 eric (on DEC Alpha)
OSF/1 1.3 OK 94.12.10 Jeff A. Earickson (on Intel Paragon)
OSF/1 3.2D OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu>
OSF/1 4.0 OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu>
CxOS 11.5 OK 96.07.08 Eric Schnoebelen <eric@cirr.com>
CxOS 11.0 OK 93.01.21 Eric Schnoebelen (CxOS 11.0 beta 1)
CxOS 10.x OK 93.01.21 Eric Schnoebelen
AIX 3.1.5 FAIL 93.08.07 David J. N. Begley
AIX 3.2.3e FAIL 93.07.26 Steve Bauer <sbauer@silver.sdsmt.edu>
AIX 3.2.4 FAIL 93.10.07 David J. N. Begley
AIX 3.2.5 FAIL 94.05.17 Steve Bauer <sbauer@hpcmmib.hpc.sdsmt.edu>
AIX 4.1 FAIL 96.10.21 Hakan Lindholm <hakan@af.lu.se>
AIX 4.2 OK 96.10.16 Steve Bauer <sbauer@krypton.hpc.sdsmt.edu>
IRIX 4.0.4 OK 93.09.25 Robert Elz
IRIX 5.2 OK 94.12.06 Mark Andrews <mandrews@alias.com>
IRIX 5.3 OK 94.12.06 Mark Andrews <mandrews@alias.com>
IRIX 6.2 OK 96.09.16 Kari E. Hurtta <Kari.Hurtta@ozone.FMI.FI>
IRIX 6.3 OK 97.02.10 Mark Andrews <mandrews@aw.sgi.com>
SCO 3.2v4.0 OK 93.10.02 Peter Wemm (with -lsocket from 3.2v4 devsys)
NeXT 2.1 OK 93.07.28 eric
NeXT 3.0 OK 34.05.05 Kevin John Wang <kwang@lore.acs.calpoly.edu>
Linux 0.99p10 OK 93.08.08 Karl London
Linux 0.99p13 OK 93.09.27 Christian Kuhtz
Linux 0.99p14 OK 93.11.30 Christian Kuhtz <chk@data-hh.Hanse.DE>
Linux 1.0 OK 94.03.19 Shayne Smith <snsmith@rastus.brisnet.org.au>
Linux 1.2.13 OK 95.11.02 Sven Neuhaus <sven@ping.de>
Linux 2.0.17 OK 96.09.03 Horst von Brand <vonbrand@sleipnir.valparaiso.cl>
Linux 2.1.109 OK 98.07.21 John Kennedy <jk@csuchico.edu>
BSD/386 1.0 OK 93.11.13 Tony Sanders
DELL 2.2 OK 93.11.15 Peter Wemm (using -DSETEUID)
Pyramid 5.0d OK 95.01.14 David Miller <davem@nadzieja.rutgers.edu>
+-----------+
| t_seteuid |
+-----------+
The following are results of running t_seteuid on various architectures.
OPSYS VERSION STATUS DATE TESTER/NOTES
===== ======= ====== ==== ============
Solaris 2.3 OK 95.11.22 Scott J. Kramer <sjk@lux.com>
Solaris 2.4 OK 95.09.22 Thomas 'Mike' Michlmayr <mike@cosy.sbg.ac.at>
Solaris 2.5 OK 96.02.29 Carson Gaspar <carson@lehman.com>
Solaris 2.5.1 OK 96.11.29 Gregory Neil Shapiro <gshapiro@wpi.edu>
Linux 1.2.13 FAIL 95.11.02 Sven Neuhaus <sven@ping.de>
Linux 2.0.17 FAIL 96.09.03 Horst von Brand <vonbrand@sleipnir.valparaiso.cl>
Linux 2.1.109 FAIL 98.07.21 John Kennedy <jk@csuchico.edu>
AIX 4.1 OK 96.10.21 Hakan Lindholm <hakan@af.lu.se>
IRIX 5.2 OK 95.12.01 Mark Andrews <mandrews@aw.sgi.com>
IRIX 5.3 OK 95.12.01 Mark Andrews <mandrews@aw.sgi.com>
IRIX 6.2 OK 96.09.16 Kari E. Hurtta <Kari.Hurtta@ozone.FMI.FI>
IRIX 6.3 OK 97.02.10 Mark Andrews <mandrews@aw.sgi.com>
FreeBSD 2.1-sta OK 96.04.14 Jaye Mathisen <mrcpu@cdsnet.net>
Ultrix 4.5 FAIL 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu>
OSF/1 3.2D OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu>
OSF/1 4.0 OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu>
CxOS 11.5 FAIL 96.07.08 Eric Schnoebelen <eric@cirr.com>
+------------+
| t_pathconf |
+------------+
The following are the results of running t_pathconf.c. Safe means that
the underlying filesystem (in NFS, the filesystem on the server) does not
permit regular (non-root) users to chown their files to another user.
Unsafe means that they can. Typically, BSD-based systems do not permit
giveaway and System V-based systems do. However, some systems (e.g.,
Solaris) can set this on a per-system or per-filesystem basis. Entries
are the return value of pathconf, the errno value, and a * if chown
disagreed with the result of the pathconf call, and a ? if the test has
not been run. A mark of [R] means that the local filesystem has
chown set to be restricted, [U] means that it is set to be unrestricted.
Safe Filesystem Unsafe Filesystem
SYSTEM LOCAL NFS-V2 NFS-V3 NFS-V2 NFS-V3
SunOS 4.1.3_U1 1/0 -1/EINVAL* n/a -1/EINVAL? n/a
SunOS 4.1.4 1/0 -1/EINVAL* n/a -1/EINVAL n/a
AIX 3.2 0/0 0/0
Solaris 2.4 1/0 -1/EINVAL*
Solaris 2.5 1/0 -1/EINVAL* 1/0 0/0?
Solaris 2.5.1 1/0 -1/EINVAL* 0/0
DEC OSF1 3.0 0/0 0/0
DEC OSF1 3.2D-2 0/0 0/0 0/0
DEC OSF1 4.0A 0/0 0/0 0/0
DEC OSF 4.0B 0/0 0/0 0/0
Ultrix 4.3 0/0 0/0 n/a n/a
Ultrix 4.5 1/0 1/0
HP-UX 9.05 -1/0 -1/EOPNOTSUPP* -1/EOPNOTSUPP
HP-UX 9.05[R] 1/0 -1/EOPNOTSUPP* -1/EOPNOTSUPP*
HP-UX 10.10 -1/0 -1/EOPNOTSUPP* -1/EOPNOTSUPP
HP-UX 10.20 -1/EOPNOTSUPP? -1/EOPNOTSUPP?
HP-UX 10.30 -1/0 -1/EOPNOTSUPP -1/EOPNOTSUPP
BSD/OS 2.1 1/0
FreeBSD 2.1.7 1/0 -1/EINVAL* -1/EINVAL
Irix 5.3 -1/0* -1/0
Irix 6.2 1/0 -1/0 0/0*
Irix 6.2 -1/0 -1/0
Irix 6.3 R10000 -1/0 -1/0 0/0*
A/UX 3.1.1 1/0
DomainOS [R] -1/0*
DomainOS [U] -1/0
NCR MP-RAS 2 -1/0
NCR MP-RAS 3 -1/0
Linux 2.0.27 1/0 1/0
+-----------+
| t_dropgid |
+-----------+
The following are results of running t_dropgid on various architectures.
OPSYS VERSION STATUS DATE TESTER/NOTES
===== ======= ====== ==== ============
AIX 4.3.3 FAILS 2001-09-22 Valdis Kletnieks
BSD/OS 4.2 OK 2001-09-22 Vernon Schryver
FreeBSD 3.2 OK 2001-09-22 ca
FreeBSD 4.4 OK 2001-09-29 ca
HP-UX 11.00 HASSETRESGID 2001-09-22 ca
IRIX 6.5 FAILS 2001-09-22 Mark D. Roth
Linux 2.0.35 HASSETREGID 2001-09-22 Neil W Rickert
Linux 2.2.12 HASSETREGID 2001-09-22 ca
Linux 2.2.16 HASSETREGID 2001-09-22 Neil W Rickert
Linux 2.4.9 HASSETREGID 2001-09-22 Derek Balling
NetBSD 1.5 OK 2001-09-22 Kimmo Suominen
OpenBSD 2.8 HASSETEGID 2001-09-22 ca
SCO 5.0.5 FAILS 2001-09-22 Phillip Porch
SunOS 5.7 HASSETREGID 2001-09-22 Neil W Rickert
SunOS 5.8 HASSETREGID 2001-09-22 ca
SunOS 5.9 HASSETREGID 2001-09-22 Neil W Rickert
$Revision: 8.3 $, Last updated $Date: 2001-09-30 01:32:33 $
diff --git a/vacation/Makefile b/vacation/Makefile
index 68f48c394f8b..b670f863b537 100644
--- a/vacation/Makefile
+++ b/vacation/Makefile
@@ -1,17 +1,19 @@
# $Id: Makefile,v 8.5 1999-09-23 22:36:45 ca Exp $
SHELL= /bin/sh
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
+check: FRC
+ $(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
fresh: FRC
$(SHELL) $(BUILD) $(OPTIONS) -c
FRC:
diff --git a/vacation/vacation.0 b/vacation/vacation.0
index 64f98f4b6665..c3138e6b69d2 100644
--- a/vacation/vacation.0
+++ b/vacation/vacation.0
@@ -1,149 +1,149 @@
VACATION(1) VACATION(1)
-NNAAMMEE
+NAME
vacation - E-mail auto-responder
-SSYYNNOOPPSSIISS
- vvaaccaattiioonn [--aa _a_l_i_a_s] [--CC _c_f_f_i_l_e] [--dd] [--ff _d_a_t_a_b_a_s_e] [--ii] [--II] [--jj] [--ll]
- [--mm _m_e_s_s_a_g_e] [--RR _r_e_t_u_r_n_a_d_d_r] [--rr _i_n_t_e_r_v_a_l] [--ss _a_d_d_r_e_s_s] [--tt _t_i_m_e] [--UU]
- [--xx] [--zz] _l_o_g_i_n
+SYNOPSIS
+ vacation [-a alias] [-C cffile] [-d] [-f database] [-i] [-I] [-j] [-l]
+ [-m message] [-R returnaddr] [-r interval] [-s address] [-t time] [-U]
+ [-x] [-z] login
-DDEESSCCRRIIPPTTIIOONN
- VVaaccaattiioonn returns a message, _~_/_._v_a_c_a_t_i_o_n_._m_s_g by default, to the sender
+DESCRIPTION
+ Vacation returns a message, ~/.vacation.msg by default, to the sender
informing them that you are currently not reading your mail. The mes-
- sage is only sent to each sender once per reply interval (see --rr
- below). The intended use is in a _._f_o_r_w_a_r_d file. For example, your
- _._f_o_r_w_a_r_d file might have:
+ sage is only sent to each sender once per reply interval (see -r
+ below). The intended use is in a .forward file. For example, your
+ .forward file might have:
\eric, "|/usr/bin/vacation -a allman eric"
which would send messages to you (assuming your login name was eric)
and reply to any messages for ``eric'' or ``allman''.
Available options:
- --aa _a_l_i_a_s
- Handle messages for _a_l_i_a_s in the same manner as those received
+ -a alias
+ Handle messages for alias in the same manner as those received
for the user's login name.
- --CC _c_f_p_a_t_h
+ -C cfpath
Specify pathname of the sendmail configuration file. This
- option is ignored if --UU is specified. This option defaults to
+ option is ignored if -U is specified. This option defaults to
the standard sendmail configuration file, located at
/etc/mail/sendmail.cf on most systems.
- --dd Send error/debug messages to stderr instead of syslog. Other-
- wise, fatal errors, such as calling vvaaccaattiioonn with incorrect
- arguments, or with non-existent _l_o_g_i_ns, are logged in the system
+ -d Send error/debug messages to stderr instead of syslog. Other-
+ wise, fatal errors, such as calling vacation with incorrect
+ arguments, or with non-existent logins, are logged in the system
log file, using syslog(8). This should only be used on the com-
- mand line, not in your _._f_o_r_w_a_r_d file.
+ mand line, not in your .forward file.
- --ff _f_i_l_e_n_a_m_e
- Use _f_i_l_e_n_a_m_e as name of the database instead of _~_/_._v_a_c_a_t_i_o_n_._d_b
- or _~_/_._v_a_c_a_t_i_o_n_._{_d_i_r_,_p_a_g_}. Unless the _f_i_l_e_n_a_m_e starts with / it
+ -f filename
+ Use filename as name of the database instead of ~/.vacation.db
+ or ~/.vacation.{dir,pag}. Unless the filename starts with / it
is relative to ~.
- --ii Initialize the vacation database files. It should be used
- before you modify your _._f_o_r_w_a_r_d file. This should only be used
- on the command line, not in your _._f_o_r_w_a_r_d file.
+ -i Initialize the vacation database files. It should be used
+ before you modify your .forward file. This should only be used
+ on the command line, not in your .forward file.
- --II Same as --ii (for backwards compatibility). This should only be
- used on the command line, not in your _._f_o_r_w_a_r_d file.
+ -I Same as -i (for backwards compatibility). This should only be
+ used on the command line, not in your .forward file.
- --jj Respond to the message regardless of whether the login is listed
+ -j Respond to the message regardless of whether the login is listed
as a recipient for the message. Do not use this flag unless you
are sure of the consequences. For example, this will cause to
reply to mailing list messages which may result in removing you
from the list.
- --ll List the content of the vacation database file including the
+ -l List the content of the vacation database file including the
address and the associated time of the last auto-response to
that address. This should only be used on the command line, not
- in your _._f_o_r_w_a_r_d file.
+ in your .forward file.
- --mm _f_i_l_e_n_a_m_e
- Use _f_i_l_e_n_a_m_e as name of the file containing the message to send
- instead of _~_/_._v_a_c_a_t_i_o_n_._m_s_g. Unless the _f_i_l_e_n_a_m_e starts with /
+ -m filename
+ Use filename as name of the file containing the message to send
+ instead of ~/.vacation.msg. Unless the filename starts with /
it is relative to ~.
- --RR _r_e_t_u_r_n_a_d_d_r
+ -R returnaddr
Set the reply envelope sender address
- --rr _i_n_t_e_r_v_a_l
- Set the reply interval to _i_n_t_e_r_v_a_l days. The default is one
+ -r interval
+ Set the reply interval to interval days. The default is one
week. An interval of ``0'' or ``infinite'' (actually, any non-
- numeric character) will never send more than one reply. The --rr
+ numeric character) will never send more than one reply. The -r
option should only be used when the vacation database is ini-
- tialized (see --ii above).
+ tialized (see -i above).
- --ss _a_d_d_r_e_s_s
- Use _a_d_d_r_e_s_s instead of the incoming message sender address on
- the _F_r_o_m line as the recipient for the vacation message.
+ -s address
+ Use address instead of the incoming message sender address on
+ the From line as the recipient for the vacation message.
- --tt _t_i_m_e
+ -t time
Ignored, available only for compatibility with Sun's vacation
program.
- --UU Do not attempt to lookup _l_o_g_i_n in the password file. The -f and
+ -U Do not attempt to lookup login in the password file. The -f and
-m options must be used to specify the database and message file
since there is no home directory for the default settings for
these options.
- --xx Reads an exclusion list from stdin (one address per line).
+ -x Reads an exclusion list from stdin (one address per line).
Mails coming from an address in this exclusion list won't get a
- reply by vvaaccaattiioonn. It is possible to exclude complete domains
+ reply by vacation. It is possible to exclude complete domains
by specifying ``@domain'' as element of the exclusion list.
- This should only be used on the command line, not in your _._f_o_r_-
- _w_a_r_d file.
+ This should only be used on the command line, not in your .for-
+ ward file.
- --zz Set the sender of the vacation message to ``<>'' instead of the
+ -z Set the sender of the vacation message to ``<>'' instead of the
user. This probably violates the RFCs since vacation messages
are not required by a standards-track RFC to have a null
reverse-path.
- VVaaccaattiioonn reads the first line from the standard input for a UNIX
+ Vacation reads the first line from the standard input for a UNIX
``From'' line to determine the sender. Sendmail(8) includes this
``From'' line automatically.
- No message will be sent unless _l_o_g_i_n (or an _a_l_i_a_s supplied using the --aa
+ No message will be sent unless login (or an alias supplied using the -a
option) is part of either the ``To:'' or ``Cc:'' headers of the mail.
No messages from ``???-REQUEST'', ``???-RELAY'', ``???-OWNER'',
``OWNER-???'', ``Postmaster'', ``UUCP'', ``MAILER'', or ``MAILER-DAE-
MON'' will be replied to (where these strings are case insensitive) nor
is a notification sent if a ``Precedence: bulk'' or ``Precedence:
junk'' line is included in the mail headers. The people who have sent
you messages are maintained as a db(3) or dbm(3) database in the file
- _._v_a_c_a_t_i_o_n_._d_b or _._v_a_c_a_t_i_o_n_._{_d_i_r_,_p_a_g_} in your home directory.
+ .vacation.db or .vacation.{dir,pag} in your home directory.
- VVaaccaattiioonn expects a file _._v_a_c_a_t_i_o_n_._m_s_g, in your home directory, contain-
+ Vacation expects a file .vacation.msg, in your home directory, contain-
ing a message to be sent back to each sender. It should be an entire
message (including headers). For example, it might contain:
From: eric@CS.Berkeley.EDU (Eric Allman)
Subject: I am on vacation
Delivered-By-The-Graces-Of: The Vacation program
Precedence: bulk
I am on vacation until July 22. If you have something urgent,
please contact Keith Bostic <bostic@CS.Berkeley.EDU>.
--eric
-FFIILLEESS
+FILES
~/.vacation.db default database file for db(3)
~/.vacation.{dir,pag}
default database file for dbm(3)
~/.vacation.msg default message to send
-SSEEEE AALLSSOO
+SEE ALSO
sendmail(8), syslog(8)
-HHIISSTTOORRYY
- The vvaaccaattiioonn command appeared in 4.3BSD.
+HISTORY
+ The vacation command appeared in 4.3BSD.
$Date: 2013-11-22 20:52:02 $ VACATION(1)
diff --git a/vacation/vacation.c b/vacation/vacation.c
index 1196464e72d2..72032748d624 100644
--- a/vacation/vacation.c
+++ b/vacation/vacation.c
@@ -1,1197 +1,1197 @@
/*
* Copyright (c) 1999-2002, 2009 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1987, 1993
* The Regents of the University of California. All rights reserved.
* Copyright (c) 1983 Eric P. Allman. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sm/gen.h>
SM_IDSTR(copyright,
"@(#) Copyright (c) 1999-2002, 2009 Proofpoint, Inc. and its suppliers.\n\
All rights reserved.\n\
Copyright (c) 1983, 1987, 1993\n\
The Regents of the University of California. All rights reserved.\n\
Copyright (c) 1983 Eric P. Allman. All rights reserved.\n")
SM_IDSTR(id, "@(#)$Id: vacation.c,v 8.148 2013-11-22 20:52:02 ca Exp $")
#include <ctype.h>
#include <stdlib.h>
#include <syslog.h>
#include <time.h>
#include <unistd.h>
#ifdef EX_OK
# undef EX_OK /* unistd.h may have another use for this */
-#endif /* EX_OK */
+#endif
#include <sm/sysexits.h>
#include <sm/cf.h>
#include <sm/mbdb.h>
#include "sendmail/sendmail.h"
#include <sendmail/pathnames.h>
#include "libsmdb/smdb.h"
#define ONLY_ONCE ((time_t) 0) /* send at most one reply */
#define INTERVAL_UNDEF ((time_t) (-1)) /* no value given */
uid_t RealUid;
gid_t RealGid;
char *RealUserName;
uid_t RunAsUid;
gid_t RunAsGid;
char *RunAsUserName;
int Verbose = 2;
bool DontInitGroups = false;
uid_t TrustedUid = 0;
BITMAP256 DontBlameSendmail;
static int readheaders __P((bool));
static bool junkmail __P((char *));
static bool nsearch __P((char *, char *));
static void usage __P((void));
static void setinterval __P((time_t));
static bool recent __P((void));
static void setreply __P((char *, time_t));
static void sendmessage __P((char *, char *, char *));
static void xclude __P((SM_FILE_T *));
/*
** VACATION -- return a message to the sender when on vacation.
**
** This program is invoked as a message receiver. It returns a
** message specified by the user to whomever sent the mail, taking
** care not to return a message too often to prevent "I am on
** vacation" loops.
*/
#define VDB ".vacation" /* vacation database */
#define VMSG ".vacation.msg" /* vacation message */
#define SECSPERDAY (60 * 60 * 24)
#define DAYSPERWEEK 7
typedef struct alias
{
char *name;
struct alias *next;
} ALIAS;
ALIAS *Names = NULL;
SMDB_DATABASE *Db;
char From[MAXLINE];
bool CloseMBDB = false;
#if defined(__hpux) || defined(__osf__)
# ifndef SM_CONF_SYSLOG_INT
# define SM_CONF_SYSLOG_INT 1
-# endif /* SM_CONF_SYSLOG_INT */
+# endif
#endif /* defined(__hpux) || defined(__osf__) */
#if SM_CONF_SYSLOG_INT
# define SYSLOG_RET_T int
# define SYSLOG_RET return 0
-#else /* SM_CONF_SYSLOG_INT */
+#else
# define SYSLOG_RET_T void
# define SYSLOG_RET
-#endif /* SM_CONF_SYSLOG_INT */
+#endif
typedef SYSLOG_RET_T SYSLOG_T __P((int, const char *, ...));
SYSLOG_T *msglog = syslog;
static SYSLOG_RET_T debuglog __P((int, const char *, ...));
static void eatmsg __P((void));
static void listdb __P((void));
/* exit after reading input */
#define EXITIT(excode) \
{ \
eatmsg(); \
if (CloseMBDB) \
{ \
sm_mbdb_terminate(); \
CloseMBDB = false; \
} \
return excode; \
}
#define EXITM(excode) \
{ \
if (!initdb && !list) \
eatmsg(); \
if (CloseMBDB) \
{ \
sm_mbdb_terminate(); \
CloseMBDB = false; \
} \
exit(excode); \
}
int
main(argc, argv)
int argc;
char **argv;
{
bool alwaysrespond = false;
bool initdb, exclude;
bool runasuser = false;
bool list = false;
int mfail = 0, ufail = 0;
int ch;
int result;
long sff;
time_t interval;
struct passwd *pw;
ALIAS *cur;
char *dbfilename = NULL;
char *msgfilename = NULL;
char *cfpath = NULL;
char *name = NULL;
char *returnaddr = NULL;
SMDB_USER_INFO user_info;
static char rnamebuf[MAXNAME];
extern int optind, opterr;
extern char *optarg;
/* Vars needed to link with smutil */
clrbitmap(DontBlameSendmail);
RunAsUid = RealUid = getuid();
RunAsGid = RealGid = getgid();
pw = getpwuid(RealUid);
if (pw != NULL)
{
if (strlen(pw->pw_name) > MAXNAME - 1)
pw->pw_name[MAXNAME] = '\0';
sm_snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name);
}
else
sm_snprintf(rnamebuf, sizeof rnamebuf,
"Unknown UID %d", (int) RealUid);
RunAsUserName = RealUserName = rnamebuf;
# ifdef LOG_MAIL
openlog("vacation", LOG_PID, LOG_MAIL);
-# else /* LOG_MAIL */
+# else
openlog("vacation", LOG_PID);
-# endif /* LOG_MAIL */
+# endif
opterr = 0;
initdb = false;
exclude = false;
interval = INTERVAL_UNDEF;
*From = '\0';
#define OPTIONS "a:C:df:Iijlm:R:r:s:t:Uxz"
while (mfail == 0 && ufail == 0 &&
(ch = getopt(argc, argv, OPTIONS)) != -1)
{
switch((char)ch)
{
case 'a': /* alias */
cur = (ALIAS *) malloc((unsigned int) sizeof(ALIAS));
if (cur == NULL)
{
mfail++;
break;
}
cur->name = optarg;
cur->next = Names;
Names = cur;
break;
case 'C':
cfpath = optarg;
break;
case 'd': /* debug mode */
msglog = debuglog;
break;
case 'f': /* alternate database */
dbfilename = optarg;
break;
case 'I': /* backward compatible */
case 'i': /* init the database */
initdb = true;
break;
case 'j':
alwaysrespond = true;
break;
case 'l':
list = true; /* list the database */
break;
case 'm': /* alternate message file */
msgfilename = optarg;
break;
case 'R':
returnaddr = optarg;
break;
case 'r':
if (isascii(*optarg) && isdigit(*optarg))
{
interval = atol(optarg) * SECSPERDAY;
if (interval < 0)
ufail++;
}
else
interval = ONLY_ONCE;
break;
case 's': /* alternate sender name */
(void) sm_strlcpy(From, optarg, sizeof From);
break;
case 't': /* SunOS: -t1d (default expire) */
break;
case 'U': /* run as single user mode */
runasuser = true;
break;
case 'x':
exclude = true;
break;
case 'z':
returnaddr = "<>";
break;
case '?':
default:
ufail++;
break;
}
}
argc -= optind;
argv += optind;
if (mfail != 0)
{
msglog(LOG_NOTICE,
"vacation: can't allocate memory for alias.\n");
EXITM(EX_TEMPFAIL);
}
if (ufail != 0)
usage();
if (argc != 1)
{
if (!initdb && !list && !exclude)
usage();
if ((pw = getpwuid(getuid())) == NULL)
{
msglog(LOG_ERR,
"vacation: no such user uid %u.\n", getuid());
EXITM(EX_NOUSER);
}
name = strdup(pw->pw_name);
user_info.smdbu_id = pw->pw_uid;
user_info.smdbu_group_id = pw->pw_gid;
(void) sm_strlcpy(user_info.smdbu_name, pw->pw_name,
SMDB_MAX_USER_NAME_LEN);
if (chdir(pw->pw_dir) != 0)
{
msglog(LOG_NOTICE,
"vacation: no such directory %s.\n",
pw->pw_dir);
EXITM(EX_NOINPUT);
}
}
else if (runasuser)
{
name = strdup(*argv);
if (dbfilename == NULL || msgfilename == NULL)
{
msglog(LOG_NOTICE,
"vacation: -U requires setting both -f and -m\n");
EXITM(EX_NOINPUT);
}
user_info.smdbu_id = pw->pw_uid;
user_info.smdbu_group_id = pw->pw_gid;
(void) sm_strlcpy(user_info.smdbu_name, pw->pw_name,
SMDB_MAX_USER_NAME_LEN);
}
else
{
int err;
SM_CF_OPT_T mbdbname;
SM_MBDB_T user;
cfpath = getcfname(0, 0, SM_GET_SENDMAIL_CF, cfpath);
mbdbname.opt_name = "MailboxDatabase";
mbdbname.opt_val = "pw";
(void) sm_cf_getopt(cfpath, 1, &mbdbname);
err = sm_mbdb_initialize(mbdbname.opt_val);
if (err != EX_OK)
{
msglog(LOG_ERR,
"vacation: can't open mailbox database: %s.\n",
sm_strexit(err));
EXITM(err);
}
CloseMBDB = true;
err = sm_mbdb_lookup(*argv, &user);
if (err == EX_NOUSER)
{
msglog(LOG_ERR, "vacation: no such user %s.\n", *argv);
EXITM(EX_NOUSER);
}
if (err != EX_OK)
{
msglog(LOG_ERR,
"vacation: can't read mailbox database: %s.\n",
sm_strexit(err));
EXITM(err);
}
name = strdup(user.mbdb_name);
if (chdir(user.mbdb_homedir) != 0)
{
msglog(LOG_NOTICE,
"vacation: no such directory %s.\n",
user.mbdb_homedir);
EXITM(EX_NOINPUT);
}
user_info.smdbu_id = user.mbdb_uid;
user_info.smdbu_group_id = user.mbdb_gid;
(void) sm_strlcpy(user_info.smdbu_name, user.mbdb_name,
SMDB_MAX_USER_NAME_LEN);
}
if (name == NULL)
{
msglog(LOG_ERR,
"vacation: can't allocate memory for username.\n");
EXITM(EX_OSERR);
}
if (dbfilename == NULL)
dbfilename = VDB;
if (msgfilename == NULL)
msgfilename = VMSG;
sff = SFF_CREAT;
if (getegid() != getgid())
{
/* Allow a set-group-ID vacation binary */
RunAsGid = user_info.smdbu_group_id = getegid();
sff |= SFF_OPENASROOT;
}
if (getuid() == 0)
{
/* Allow root to initialize user's vacation databases */
sff |= SFF_OPENASROOT|SFF_ROOTOK;
/* ... safely */
sff |= SFF_NOSLINK|SFF_NOHLINK|SFF_REGONLY;
}
result = smdb_open_database(&Db, dbfilename,
O_CREAT|O_RDWR | (initdb ? O_TRUNC : 0),
S_IRUSR|S_IWUSR, sff,
SMDB_TYPE_DEFAULT, &user_info, NULL);
if (result != SMDBE_OK)
{
msglog(LOG_NOTICE, "vacation: %s: %s\n", dbfilename,
sm_errstring(result));
EXITM(EX_DATAERR);
}
if (list)
{
listdb();
(void) Db->smdb_close(Db);
exit(EX_OK);
}
if (interval != INTERVAL_UNDEF)
setinterval(interval);
if (initdb && !exclude)
{
(void) Db->smdb_close(Db);
exit(EX_OK);
}
if (exclude)
{
xclude(smioin);
(void) Db->smdb_close(Db);
EXITM(EX_OK);
}
if ((cur = (ALIAS *) malloc((unsigned int) sizeof(ALIAS))) == NULL)
{
msglog(LOG_NOTICE,
"vacation: can't allocate memory for username.\n");
(void) Db->smdb_close(Db);
EXITM(EX_OSERR);
}
cur->name = name;
cur->next = Names;
Names = cur;
result = readheaders(alwaysrespond);
if (result == EX_OK && !recent())
{
time_t now;
(void) time(&now);
setreply(From, now);
(void) Db->smdb_close(Db);
sendmessage(name, msgfilename, returnaddr);
}
else
(void) Db->smdb_close(Db);
if (result == EX_NOUSER)
result = EX_OK;
exit(result);
}
/*
** EATMSG -- read stdin till EOF
**
** Parameters:
** none.
**
** Returns:
** nothing.
**
*/
static void
eatmsg()
{
/*
** read the rest of the e-mail and ignore it to avoid problems
** with EPIPE in sendmail
*/
while (getc(stdin) != EOF)
continue;
}
/*
** READHEADERS -- read mail headers
**
** Parameters:
** alwaysrespond -- respond regardless of whether msg is to me
**
** Returns:
** a exit code: NOUSER if no reply, OK if reply, * if error
**
** Side Effects:
** may exit().
**
*/
static int
readheaders(alwaysrespond)
bool alwaysrespond;
{
bool tome, cont;
register char *p;
register ALIAS *cur;
char buf[MAXLINE];
cont = false;
tome = alwaysrespond;
while (sm_io_fgets(smioin, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0 &&
*buf != '\n')
{
switch(*buf)
{
case 'F': /* "From " */
cont = false;
if (strncmp(buf, "From ", 5) == 0)
{
bool quoted = false;
p = buf + 5;
while (*p != '\0')
{
/* escaped character */
if (*p == '\\')
{
p++;
if (*p == '\0')
{
msglog(LOG_NOTICE,
"vacation: badly formatted \"From \" line.\n");
EXITIT(EX_DATAERR);
}
}
else if (*p == '"')
quoted = !quoted;
else if (*p == '\r' || *p == '\n')
break;
else if (*p == ' ' && !quoted)
break;
p++;
}
if (quoted)
{
msglog(LOG_NOTICE,
"vacation: badly formatted \"From \" line.\n");
EXITIT(EX_DATAERR);
}
*p = '\0';
/* ok since both strings have MAXLINE length */
if (*From == '\0')
(void) sm_strlcpy(From, buf + 5,
sizeof From);
if ((p = strchr(buf + 5, '\n')) != NULL)
*p = '\0';
if (junkmail(buf + 5))
EXITIT(EX_NOUSER);
}
break;
case 'P': /* "Precedence:" */
case 'p':
cont = false;
if (strlen(buf) <= 10 ||
strncasecmp(buf, "Precedence", 10) != 0 ||
(buf[10] != ':' && buf[10] != ' ' &&
buf[10] != '\t'))
break;
if ((p = strchr(buf, ':')) == NULL)
break;
while (*++p != '\0' && isascii(*p) && isspace(*p));
if (*p == '\0')
break;
if (strncasecmp(p, "junk", 4) == 0 ||
strncasecmp(p, "bulk", 4) == 0 ||
strncasecmp(p, "list", 4) == 0)
EXITIT(EX_NOUSER);
break;
case 'C': /* "Cc:" */
case 'c':
if (strncasecmp(buf, "Cc:", 3) != 0)
break;
cont = true;
goto findme;
case 'T': /* "To:" */
case 't':
if (strncasecmp(buf, "To:", 3) != 0)
break;
cont = true;
goto findme;
default:
if (!isascii(*buf) || !isspace(*buf) || !cont || tome)
{
cont = false;
break;
}
findme:
for (cur = Names;
!tome && cur != NULL;
cur = cur->next)
tome = nsearch(cur->name, buf);
}
}
if (!tome)
EXITIT(EX_NOUSER);
if (*From == '\0')
{
msglog(LOG_NOTICE, "vacation: no initial \"From \" line.\n");
EXITIT(EX_DATAERR);
}
EXITIT(EX_OK);
}
/*
** NSEARCH --
** do a nice, slow, search of a string for a substring.
**
** Parameters:
** name -- name to search.
** str -- string in which to search.
**
** Returns:
** is name a substring of str?
**
*/
static bool
nsearch(name, str)
register char *name, *str;
{
register size_t len;
register char *s;
len = strlen(name);
for (s = str; *s != '\0'; ++s)
{
/*
** Check to make sure that the string matches and
** the previous character is not an alphanumeric and
** the next character after the match is not an alphanumeric.
**
** This prevents matching "eric" to "derick" while still
** matching "eric" to "<eric+detail>".
*/
if (tolower(*s) == tolower(*name) &&
strncasecmp(name, s, len) == 0 &&
(s == str || !isascii(*(s - 1)) || !isalnum(*(s - 1))) &&
(!isascii(*(s + len)) || !isalnum(*(s + len))))
return true;
}
return false;
}
/*
** JUNKMAIL --
** read the header and return if automagic/junk/bulk/list mail
**
** Parameters:
** from -- sender address.
**
** Returns:
** is this some automated/junk/bulk/list mail?
**
*/
struct ignore
{
char *name;
size_t len;
};
typedef struct ignore IGNORE_T;
#define MAX_USER_LEN 256 /* maximum length of local part (sender) */
/* delimiters for the local part of an address */
#define isdelim(c) ((c) == '%' || (c) == '@' || (c) == '+')
static bool
junkmail(from)
char *from;
{
bool quot;
char *e;
size_t len;
IGNORE_T *cur;
char sender[MAX_USER_LEN];
static IGNORE_T ignore[] =
{
{ "postmaster", 10 },
{ "uucp", 4 },
{ "mailer-daemon", 13 },
{ "mailer", 6 },
{ NULL, 0 }
};
static IGNORE_T ignorepost[] =
{
{ "-request", 8 },
{ "-relay", 6 },
{ "-owner", 6 },
{ NULL, 0 }
};
static IGNORE_T ignorepre[] =
{
{ "owner-", 6 },
{ NULL, 0 }
};
/*
** This is mildly amusing, and I'm not positive it's right; trying
** to find the "real" name of the sender, assuming that addresses
** will be some variant of:
**
** From site!site!SENDER%site.domain%site.domain@site.domain
*/
quot = false;
e = from;
len = 0;
while (*e != '\0' && (quot || !isdelim(*e)))
{
if (*e == '"')
{
quot = !quot;
++e;
continue;
}
if (*e == '\\')
{
if (*(++e) == '\0')
{
/* '\\' at end of string? */
break;
}
if (len < MAX_USER_LEN)
sender[len++] = *e;
++e;
continue;
}
if (*e == '!' && !quot)
{
len = 0;
sender[len] = '\0';
}
else
if (len < MAX_USER_LEN)
sender[len++] = *e;
++e;
}
if (len < MAX_USER_LEN)
sender[len] = '\0';
else
sender[MAX_USER_LEN - 1] = '\0';
if (len <= 0)
return false;
#if 0
if (quot)
return false; /* syntax error... */
-#endif /* 0 */
+#endif
/* test prefixes */
for (cur = ignorepre; cur->name != NULL; ++cur)
{
if (len >= cur->len &&
strncasecmp(cur->name, sender, cur->len) == 0)
return true;
}
/*
** If the name is truncated, don't test the rest.
** We could extract the "tail" of the sender address and
** compare it it ignorepost, however, it seems not worth
** the effort.
** The address surely can't match any entry in ignore[]
** (as long as all of them are shorter than MAX_USER_LEN).
*/
if (len > MAX_USER_LEN)
return false;
/* test full local parts */
for (cur = ignore; cur->name != NULL; ++cur)
{
if (len == cur->len &&
strncasecmp(cur->name, sender, cur->len) == 0)
return true;
}
/* test postfixes */
for (cur = ignorepost; cur->name != NULL; ++cur)
{
if (len >= cur->len &&
strncasecmp(cur->name, e - cur->len - 1,
cur->len) == 0)
return true;
}
return false;
}
#define VIT "__VACATION__INTERVAL__TIMER__"
/*
** RECENT --
** find out if user has gotten a vacation message recently.
**
** Parameters:
** none.
**
** Returns:
** true iff user has gotten a vacation message recently.
**
*/
static bool
recent()
{
SMDB_DBENT key, data;
time_t then, next;
bool trydomain = false;
int st;
char *domain;
memset(&key, '\0', sizeof key);
memset(&data, '\0', sizeof data);
/* get interval time */
key.data = VIT;
key.size = sizeof(VIT);
st = Db->smdb_get(Db, &key, &data, 0);
if (st != SMDBE_OK)
next = SECSPERDAY * DAYSPERWEEK;
else
memmove(&next, data.data, sizeof(next));
memset(&data, '\0', sizeof data);
/* get record for this address */
key.data = From;
key.size = strlen(From);
do
{
st = Db->smdb_get(Db, &key, &data, 0);
if (st == SMDBE_OK)
{
memmove(&then, data.data, sizeof(then));
if (next == ONLY_ONCE || then == ONLY_ONCE ||
then + next > time(NULL))
return true;
}
if ((trydomain = !trydomain) &&
(domain = strchr(From, '@')) != NULL)
{
key.data = domain;
key.size = strlen(domain);
}
} while (trydomain);
return false;
}
/*
** SETINTERVAL --
** store the reply interval
**
** Parameters:
** interval -- time interval for replies.
**
** Returns:
** nothing.
**
** Side Effects:
** stores the reply interval in database.
*/
static void
setinterval(interval)
time_t interval;
{
SMDB_DBENT key, data;
memset(&key, '\0', sizeof key);
memset(&data, '\0', sizeof data);
key.data = VIT;
key.size = sizeof(VIT);
data.data = (char*) &interval;
data.size = sizeof(interval);
(void) (Db->smdb_put)(Db, &key, &data, 0);
}
/*
** SETREPLY --
** store that this user knows about the vacation.
**
** Parameters:
** from -- sender address.
** when -- last reply time.
**
** Returns:
** nothing.
**
** Side Effects:
** stores user/time in database.
*/
static void
setreply(from, when)
char *from;
time_t when;
{
SMDB_DBENT key, data;
memset(&key, '\0', sizeof key);
memset(&data, '\0', sizeof data);
key.data = from;
key.size = strlen(from);
data.data = (char*) &when;
data.size = sizeof(when);
(void) (Db->smdb_put)(Db, &key, &data, 0);
}
/*
** XCLUDE --
** add users to vacation db so they don't get a reply.
**
** Parameters:
** f -- file pointer with list of address to exclude
**
** Returns:
** nothing.
**
** Side Effects:
** stores users in database.
*/
static void
xclude(f)
SM_FILE_T *f;
{
char buf[MAXLINE], *p;
if (f == NULL)
return;
while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof buf) >= 0)
{
if ((p = strchr(buf, '\n')) != NULL)
*p = '\0';
setreply(buf, ONLY_ONCE);
}
}
/*
** SENDMESSAGE --
** exec sendmail to send the vacation file to sender
**
** Parameters:
** myname -- user name.
** msgfn -- name of file with vacation message.
** sender -- use as sender address
**
** Returns:
** nothing.
**
** Side Effects:
** sends vacation reply.
*/
static void
sendmessage(myname, msgfn, sender)
char *myname;
char *msgfn;
char *sender;
{
SM_FILE_T *mfp, *sfp;
int i;
int pvect[2];
char *pv[8];
char buf[MAXLINE];
mfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, msgfn, SM_IO_RDONLY, NULL);
if (mfp == NULL)
{
if (msgfn[0] == '/')
msglog(LOG_NOTICE, "vacation: no %s file.\n", msgfn);
else
msglog(LOG_NOTICE, "vacation: no ~%s/%s file.\n",
myname, msgfn);
exit(EX_NOINPUT);
}
if (pipe(pvect) < 0)
{
msglog(LOG_ERR, "vacation: pipe: %s", sm_errstring(errno));
exit(EX_OSERR);
}
pv[0] = "sendmail";
pv[1] = "-oi";
pv[2] = "-f";
if (sender != NULL)
pv[3] = sender;
else
pv[3] = myname;
pv[4] = "--";
pv[5] = From;
pv[6] = NULL;
i = fork();
if (i < 0)
{
msglog(LOG_ERR, "vacation: fork: %s", sm_errstring(errno));
exit(EX_OSERR);
}
if (i == 0)
{
(void) dup2(pvect[0], 0);
(void) close(pvect[0]);
(void) close(pvect[1]);
(void) sm_io_close(mfp, SM_TIME_DEFAULT);
(void) execv(_PATH_SENDMAIL, pv);
msglog(LOG_ERR, "vacation: can't exec %s: %s",
_PATH_SENDMAIL, sm_errstring(errno));
exit(EX_UNAVAILABLE);
}
/* check return status of the following calls? XXX */
(void) close(pvect[0]);
if ((sfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &(pvect[1]),
SM_IO_WRONLY, NULL)) != NULL)
{
#if _FFR_VAC_WAIT4SM
# ifdef WAITUNION
union wait st;
-# else /* WAITUNION */
+# else
auto int st;
-# endif /* WAITUNION */
+# endif
#endif /* _FFR_VAC_WAIT4SM */
(void) sm_io_fprintf(sfp, SM_TIME_DEFAULT, "To: %s\n", From);
(void) sm_io_fprintf(sfp, SM_TIME_DEFAULT,
"Auto-Submitted: auto-replied\n");
while (sm_io_fgets(mfp, SM_TIME_DEFAULT, buf, sizeof buf) >= 0)
(void) sm_io_fputs(sfp, SM_TIME_DEFAULT, buf);
(void) sm_io_close(mfp, SM_TIME_DEFAULT);
(void) sm_io_close(sfp, SM_TIME_DEFAULT);
#if _FFR_VAC_WAIT4SM
(void) wait(&st);
-#endif /* _FFR_VAC_WAIT4SM */
+#endif
}
else
{
(void) sm_io_close(mfp, SM_TIME_DEFAULT);
msglog(LOG_ERR, "vacation: can't open pipe to sendmail");
exit(EX_UNAVAILABLE);
}
}
static void
usage()
{
msglog(LOG_NOTICE,
"uid %u: usage: vacation [-a alias] [-C cfpath] [-d] [-f db] [-i] [-j] [-l] [-m msg] [-R returnaddr] [-r interval] [-s sender] [-t time] [-U] [-x] [-z] login\n",
getuid());
exit(EX_USAGE);
}
/*
** LISTDB -- list the contents of the vacation database
**
** Parameters:
** none.
**
** Returns:
** nothing.
*/
static void
listdb()
{
int result;
time_t t;
SMDB_CURSOR *cursor = NULL;
SMDB_DBENT db_key, db_value;
memset(&db_key, '\0', sizeof db_key);
memset(&db_value, '\0', sizeof db_value);
result = Db->smdb_cursor(Db, &cursor, 0);
if (result != SMDBE_OK)
{
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"vacation: set cursor: %s\n",
sm_errstring(result));
return;
}
while ((result = cursor->smdbc_get(cursor, &db_key, &db_value,
SMDB_CURSOR_GET_NEXT)) == SMDBE_OK)
{
char *timestamp;
/* skip magic VIT entry */
if (db_key.size == strlen(VIT) + 1 &&
strncmp((char *)db_key.data, VIT,
(int)db_key.size - 1) == 0)
continue;
/* skip bogus values */
if (db_value.size != sizeof t)
{
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"vacation: %.*s invalid time stamp\n",
(int) db_key.size, (char *) db_key.data);
continue;
}
memcpy(&t, db_value.data, sizeof t);
if (db_key.size > 40)
db_key.size = 40;
if (t <= 0)
{
/* must be an exclude */
timestamp = "(exclusion)\n";
}
else
{
timestamp = ctime(&t);
}
sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%-40.*s %-10s",
(int) db_key.size, (char *) db_key.data,
timestamp);
memset(&db_key, '\0', sizeof db_key);
memset(&db_value, '\0', sizeof db_value);
}
if (result != SMDBE_OK && result != SMDBE_LAST_ENTRY)
{
sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
"vacation: get value at cursor: %s\n",
sm_errstring(result));
if (cursor != NULL)
{
(void) cursor->smdbc_close(cursor);
cursor = NULL;
}
return;
}
(void) cursor->smdbc_close(cursor);
cursor = NULL;
}
/*
** DEBUGLOG -- write message to standard error
**
** Append a message to the standard error for the convenience of
** end-users debugging without access to the syslog messages.
**
** Parameters:
** i -- syslog log level
** fmt -- string format
**
** Returns:
** nothing.
*/
/*VARARGS2*/
static SYSLOG_RET_T
#ifdef __STDC__
debuglog(int i, const char *fmt, ...)
#else /* __STDC__ */
debuglog(i, fmt, va_alist)
int i;
const char *fmt;
va_dcl
#endif /* __STDC__ */
{
SM_VA_LOCAL_DECL
SM_VA_START(ap, fmt);
sm_io_vfprintf(smioerr, SM_TIME_DEFAULT, fmt, ap);
SM_VA_END(ap);
SYSLOG_RET;
}

File Metadata

Mime Type
application/octet-stream
Expires
Tue, Jul 2, 6:51 PM (1 d, 23 h)
Storage Engine
chunks
Storage Format
Chunks
Storage Handle
IY.DrmXiCeXG
Default Alt Text
(7 MB)

Event Timeline